From trever at middleearth.sapphiresunday.org Thu May 1 00:18:59 2014 From: trever at middleearth.sapphiresunday.org (Trever L. Adams) Date: Wed, 30 Apr 2014 18:18:59 -0600 Subject: [Dovecot] Problems with login_log_format (possible bug?) Message-ID: <536192F3.4090600@middleearth.sapphiresunday.org> login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}> These are the defaults, at least on a Fedora system. According to http://wiki2.dovecot.org/Variables, this should record for user at REALM when seeing the following Apr 30 18:08:40 TeaSet dovecot: auth: Debug: auth(user,...,): username changed user -> user at REALM. If I wanted just user, user=<%u> should be changed to user=<%orig_user>. However, I only get user not user at REALME in imap-login log lines. I wouldn't mind this, but auth_username_format cannot be used in passed{} and I haven't been able to get pam_krb5 to uppercase the realm for it alone. (Everything else depends on it being lowercase.) I can make this work by just passing the user name part of username in the client, but then imap-login still doesn't have the required information for the same reason. Anyone have any suggestions? Thank you, Trever -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 884 bytes Desc: OpenPGP digital signature URL: From tanaka at designet.co.jp Thu May 1 04:53:03 2014 From: tanaka at designet.co.jp (Atsuko Tanaka) Date: Thu, 01 May 2014 13:53:03 +0900 Subject: [Dovecot] When you send an email with specific characters are included, dovecot.sieve is aborted. Message-ID: <5361D32F.3080105@designet.co.jp> Hello. I found a problem of dovecot.sieve. When you send an email with specific characters are included, dovecot.sieve is aborted. Are you sure I report details to this mailing list? Please reply. Thank you. -- ---------------------------------------- Atsuko Tanaka DesigNET Inc. e-mail?tanaka at designet.co.jp ---------------------------------------- From stephan at rename-it.nl Thu May 1 06:56:14 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 01 May 2014 08:56:14 +0200 Subject: [Dovecot] When you send an email with specific characters are included, dovecot.sieve is aborted. In-Reply-To: <5361D32F.3080105@designet.co.jp> References: <5361D32F.3080105@designet.co.jp> Message-ID: <5361F00E.9080803@rename-it.nl> On 5/1/2014 6:53 AM, Atsuko Tanaka wrote: > Hello. > > I found a problem of dovecot.sieve. > When you send an email with specific characters are included, > dovecot.sieve is aborted. > Are you sure I report details to this mailing list? Yes, definitely. Please provide the following: 1) Any relevant error you find in the log files. 2) Your configuration: execute `dovecot -n` and provide the output. 3) An example message that causes the failure. 4) The sieve script that is executing while the failure occurs. Regards, Stephan. From gfinch at ldmltd.ca Thu May 1 15:10:17 2014 From: gfinch at ldmltd.ca (Gregory Finch) Date: Thu, 01 May 2014 08:10:17 -0700 Subject: [Dovecot] fts-lucene configuration Message-ID: <536263D9.8000301@ldmltd.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Is there a configuration option to set where fts-lucene stores its indexes? I know it defaults to lucene-indexes in the mail root directory. I'm looking to store it in the home directory. Thank you, Greg -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTYmPZAAoJECD7Htp+IT9epBIQAKnR+cBtMZ8kkpvTefI/oVG6 ANu/gB/VGamrommOl0w+9/E0YwowdfqB3IqQuavR47KtPHE6X8gxyRf4p26p3dfC X13KCrdBvDQ0AArqi1RH4Blig2zFcLvC85QyBOvGKnYKg90wBKRODYdw9it8cU0P 1eJMkURCR5llIKUEnFQH1OBUr1rJ4c+tkke0fuxeikcoaS3DtW7LdPCQaJyYpUdS NmFehIG+n3jDQqx1jDJNBBQMlfSEz+svXFuHzAR/YCeQS8ETBQdQ7cC5ES5gBijy Z0f1bTRWhLOC9rcg3VzcbGm1ky+rAJeEVL1HGXluPOJjqLhjWvaDE+ola2cDHtNk IiVXtL4WdIAvSJ51kR8X3ubSWtHd+2mo93ryQqCE+AdhWh0lMNzxMB/r8LmVHMKY eMjFmu1QvC+W1Z20xUT5SZKFIIOnXzHZbzugkz2zKZEQbJw9AtdTrIwJ+CyxY+YN yREwPFJ2dGzglWtzk/lxAgRZUizAJEvmcLQ8n5ZPi4aX6SfZyYcD0t7nkAOVD3ff VsJdvYJeiPcoWLrQnemI4wAaClINw+7vLg4D+uiGLswyTtR4ccTg0wOUG6Bp8Jkv dMFRWLwJsK3dLYubLud9T2nlyMBG63hEyoDjgE8WxXXuIAYaYTTMUuGAf89fdwLN bgpfg40wgCfheu18qD9d =EDIQ -----END PGP SIGNATURE----- From itgeek31 at googlemail.com Thu May 1 16:35:10 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Thu, 1 May 2014 18:35:10 +0200 Subject: [Dovecot] LMTP error Message-ID: Hi, I've recently switched to LMTP as I'm now using mdbox. However since switching, mails sent to the root account do not get delivered due to the following error: May 1 18:20:17 Server1 postfix/lmtp[13019]: CAEE91F851: to=, relay=mail.test.com[private/dovecot-lmtp], delay=1097, delays=1096/0.45/0.43/0.46, dsn=4.3.0, status=deferred (host mail.test.com[private/dovecot-lmtp] said: 451 4.3.0 Invalid user settings. Refer to server log for more information. (in reply to RCPT TO command)) This obviously fills up my mail queue. All other mails to all other mailboxes deliver fine. I'm obviously missing something in my config... any ideas? I'm using Dovecot 2.2.12 on NetBSD 5.2.2. Many thanks, -Mark dovecot -n # 2.2.12: /usr/pkg/etc/dovecot/dovecot.conf # OS: NetBSD 5.2.2 cobalt auth_username_format = %Ln doveadm_password = secret doveadm_port = 12345 first_valid_uid = 1010 last_valid_uid = 1020 listen = 192.168.1.1 login_greeting = test.com mail_location = mdbox:~/mdbox mail_plugins = " notify replication" namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = passwd } passdb { driver = passwd } plugin { mail_replica = tcp:Server2.test.com } protocols = imap lmtp service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0600 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0777 } } ssl_cert = References: Message-ID: <20140501165620.GA26937@nihlus.leuxner.net> * IT geek 31 2014.05.01 18:35: > May 1 18:20:17 Server1 postfix/lmtp[13019]: CAEE91F851: to=, > relay=mail.test.com[private/dovecot-lmtp], delay=1097, > delays=1096/0.45/0.43/0.46, dsn=4.3.0, status=deferred (host > mail.test.com[private/dovecot-lmtp] > said: 451 4.3.0 Invalid user settings. Refer to server log > for more information. (in reply to RCPT TO command)) What about the Dovecot log? The error in the _Postfix_ log is pretty self-explanatory, have a look what Dovecot says. > userdb { > driver = passwd > } > userdb { > driver = passwd -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From itgeek31 at googlemail.com Thu May 1 17:21:12 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Thu, 1 May 2014 19:21:12 +0200 Subject: [Dovecot] LMTP error In-Reply-To: <20140501165620.GA26937@nihlus.leuxner.net> References: <20140501165620.GA26937@nihlus.leuxner.net> Message-ID: On 1 May 2014 18:56, Thomas Leuxner wrote: > > What about the Dovecot log? The error in the _Postfix_ log is pretty > self-explanatory, have a look what Dovecot says. > Um, I was under the impression Dovecot logged to /var/log/maillog like Postfix. I'm not aware of any other log for Dovecot? I also forgot to add the relevant command in my Postfix main.cf: mailbox_transport = lmtp:unix:private/dovecot-lmtp -Mark From tlx at leuxner.net Thu May 1 17:27:01 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Thu, 1 May 2014 19:27:01 +0200 Subject: [Dovecot] LMTP error In-Reply-To: References: <20140501165620.GA26937@nihlus.leuxner.net> Message-ID: <20140501172701.GA27110@nihlus.leuxner.net> * IT geek 31 2014.05.01 19:21: > Um, I was under the impression Dovecot logged to /var/log/maillog like > Postfix. I'm not aware of any other log for Dovecot? Obviously not, or you missed the detail in maillog. When the syslog line starts with _postfix_ it's postfix. $ doveadm log find -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From h.reindl at thelounge.net Thu May 1 17:28:09 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 01 May 2014 19:28:09 +0200 Subject: [Dovecot] LMTP error In-Reply-To: References: <20140501165620.GA26937@nihlus.leuxner.net> Message-ID: <53628429.7010803@thelounge.net> Am 01.05.2014 19:21, schrieb IT geek 31: > On 1 May 2014 18:56, Thomas Leuxner wrote: > >> What about the Dovecot log? The error in the _Postfix_ log is pretty >> self-explanatory, have a look what Dovecot says. > > Um, I was under the impression Dovecot logged to /var/log/maillog like > Postfix. I'm not aware of any other log for Dovecot? depends on your configuration but even if - you need to read that since you only provided the postfix line which refers clearly to the dovecot log because postfix can't know anything more than the response of the destination which tells you where to look -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From itgeek31 at googlemail.com Thu May 1 17:36:12 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Thu, 1 May 2014 19:36:12 +0200 Subject: [Dovecot] LMTP error In-Reply-To: <20140501172701.GA27110@nihlus.leuxner.net> References: <20140501165620.GA26937@nihlus.leuxner.net> <20140501172701.GA27110@nihlus.leuxner.net> Message-ID: On 1 May 2014 19:27, Thomas Leuxner wrote: > Obviously not, or you missed the detail in maillog. When the syslog line > starts with _postfix_ it's postfix. > > $ doveadm log find > Everything logs to /var/log/maillog. The line I think I missed was: May 1 19:31:50 Server1 dovecot: lmtp(13770): Error: user root: Invalid settings in userdb: userdb returned 0 as uid Any idea what this means? -Mark From h.reindl at thelounge.net Thu May 1 17:41:24 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 01 May 2014 19:41:24 +0200 Subject: [Dovecot] LMTP error In-Reply-To: References: <20140501165620.GA26937@nihlus.leuxner.net> <20140501172701.GA27110@nihlus.leuxner.net> Message-ID: <53628744.3050405@thelounge.net> Am 01.05.2014 19:36, schrieb IT geek 31: > On 1 May 2014 19:27, Thomas Leuxner wrote: > >> Obviously not, or you missed the detail in maillog. When the syslog line >> starts with _postfix_ it's postfix. >> >> $ doveadm log find >> > > Everything logs to /var/log/maillog. > > The line I think I missed was: > > May 1 19:31:50 Server1 dovecot: lmtp(13770): Error: user root: Invalid > settings in userdb: userdb returned 0 as uid > > Any idea what this means? that you are working with unix-accounts and the root uid 0 is prohibited for (good) saftey reasons -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From tlx at leuxner.net Thu May 1 17:47:41 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Thu, 1 May 2014 19:47:41 +0200 Subject: [Dovecot] LMTP error In-Reply-To: <53628744.3050405@thelounge.net> References: <20140501165620.GA26937@nihlus.leuxner.net> <20140501172701.GA27110@nihlus.leuxner.net> <53628744.3050405@thelounge.net> Message-ID: <20140501174741.GA27232@nihlus.leuxner.net> * Reindl Harald 2014.05.01 19:41: > > May 1 19:31:50 Server1 dovecot: lmtp(13770): Error: user root: Invalid > > settings in userdb: userdb returned 0 as uid > > > > Any idea what this means? > > that you are working with unix-accounts and the root uid 0 > is prohibited for (good) saftey reasons If that has worked before then now is a good time to rewrite it to one of your IMAP users (best done on the Postfix end). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From h.reindl at thelounge.net Thu May 1 17:48:22 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 01 May 2014 19:48:22 +0200 Subject: [Dovecot] LMTP error In-Reply-To: References: <20140501165620.GA26937@nihlus.leuxner.net> <20140501172701.GA27110@nihlus.leuxner.net> <53628744.3050405@thelounge.net> Message-ID: <536288E6.6080901@thelounge.net> Am 01.05.2014 19:43, schrieb IT geek 31: > On 1 May 2014 19:41, Reindl Harald: > > that you are working with unix-accounts and the root uid 0 > is prohibited for (good) saftey reasons > > Okay, that sounds good. How do I deliver mail to the root account then, and stop this error/warning/message? As > mails are now backing up in the queue and cannot be delivered... keep your responses on the list! * set a alias on the postfix side to another mail-address * that way dovecot never see the root-address as destination * use "postsuper -d queue_id" to kill the messages from the queue ______________________________ cat /etc/aliases | grep root # Person who should get root's mail root: h.reindl at thelounge.net ______________________________ don't forget calling "newaliases" after changes in that file if you have implemented aliases on postfix in a different way follow the documentation -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From itgeek31 at googlemail.com Thu May 1 17:52:52 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Thu, 1 May 2014 19:52:52 +0200 Subject: [Dovecot] LMTP error In-Reply-To: <536288E6.6080901@thelounge.net> References: <20140501165620.GA26937@nihlus.leuxner.net> <20140501172701.GA27110@nihlus.leuxner.net> <53628744.3050405@thelounge.net> <536288E6.6080901@thelounge.net> Message-ID: On 1 May 2014 19:48, Reindl Harald wrote: > * set a alias on the postfix side to another mail-address > * that way dovecot never see the root-address as destination > * use "postsuper -d queue_id" to kill the messages from the queue > ______________________________ > > cat /etc/aliases | grep root > # Person who should get root's mail > root: h.reindl at thelounge.net > ______________________________ > > don't forget calling "newaliases" after changes in that file > if you have implemented aliases on postfix in a different way > follow the documentation > Okay, so that's two people who have recommended the same solution. That's good enough for me. I shall go and implement that now. Many thanks for all your help guys! -Mark From jtam.home at gmail.com Thu May 1 23:17:28 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 1 May 2014 16:17:28 -0700 (PDT) Subject: [Dovecot] LMTP error In-Reply-To: References: Message-ID: IT geek 31 writes: > I've recently switched to LMTP as I'm now using mdbox. However since > switching, mails sent to the root account do not get delivered due to the > following error: > > May 1 18:20:17 Server1 postfix/lmtp[13019]: CAEE91F851: to=, > relay=mail.test.com[private/dovecot-lmtp], delay=1097, > delays=1096/0.45/0.43/0.46, dsn=4.3.0, status=deferred (host > mail.test.com[private/dovecot-lmtp] > said: 451 4.3.0 Invalid user settings. Refer to server log > for more information. (in reply to RCPT TO command)) This setting: > first_valid_uid = 1010 will need to be changed to "0", or better yet, as others have suggested, alias root to some user with UID within 1010..1020. The dovecot logs that you ought to see will be something like May 1 16:12:11 viol dovecot: lda: Error: user root: Mail access for users with UID 0 not permitted (see first_valid_uid in config file, uid from userdb lookup). Joseph Tam From itgeek31 at googlemail.com Thu May 1 23:32:59 2014 From: itgeek31 at googlemail.com (IT geek 31) Date: Fri, 2 May 2014 01:32:59 +0200 Subject: [Dovecot] LMTP error In-Reply-To: References: Message-ID: On 2 May 2014 01:17, Joseph Tam wrote: > This setting: > > first_valid_uid = 1010 >> > > will need to be changed to "0", or better yet, as others have suggested, > alias root to some user with UID within 1010..1020. > Ah-ha! That's what caused it. I wouldn't have seen that error before changing to LMTP, as using mbox Postfix would have just delivered it without issue. Unfortunately I need the first and last valid UID as this is how I control which accounts are replicated. I've setup an alias for root now that uses an account in the 1010-1020 range and I'm all happy :-) -Mark From andrew.stuart at supercoders.com.au Fri May 2 02:00:41 2014 From: andrew.stuart at supercoders.com.au (Andrew Stuart) Date: Fri, 2 May 2014 12:00:41 +1000 Subject: [Dovecot] Dovecot permission denied error in logs Message-ID: <54EA05BE-2440-4485-8FB0-74C3F6B66A4E@supercoders.com.au> dovecot --version 2.1.7 I am getting he following errors in the logs eve though there is no 'apply' user in /etc/dovecot/users I'm not sure wat to do next to diagnose. Can anyone advise please? It says 'refer to server log for more information' but I thought this was the server log? May 1 22:40:44 ip-xx-xxx-xx-xx postfix/local[18901]: 1B17763738: to=, orig_to=, relay=local, delay=147501, delays=147501/0.54/0/0.06, dsn=4.3.0, status=deferred (temporary failure) May 1 22:40:44 ip-xx-xxx-xx-xx dovecot: lda(apply): Error: user apply: Initialization failed: Namespace '': mkdir(/home/vmail//apply) failed: Permission denied (euid=1001(apply) egid=1001(apply) missing +w perm: /home/vmail/, dir owned by 5000:5000 mode=0755) May 1 22:40:44 ip-xx-xxx-xx-xx dovecot: lda(apply): Error: user apply: Initialization failed: Namespace '': mkdir(/home/vmail//apply) failed: Permission denied (euid=1001(apply) egid=1001(apply) missing +w perm: /home/vmail/, dir owned by 5000:5000 mode=0755) May 1 22:40:44 ip-xx-xxx-xx-xx dovecot: lda(apply): Fatal: Invalid user settings. Refer to server log for more information. May 1 22:40:44 ip-xx-xxx-xx-xx dovecot: lda(apply): Fatal: Invalid user settings. Refer to server log for more information. May 1 22:40:44 ip-xx-xxx-xx-xx postfix/local[18926]: 9E5376357A: to=, orig_to=, relay=local, delay=235638, delays=235637/0.6/0/0.06, dsn=4.3.0, status=deferred (temporary failure) May 1 22:40:44 ip-xx-xxx-xx-xx postfix/local[18908]: 252106364B: to=, orig_to=, relay=local, delay=218930, delays=218929/0.6/0/0.06, dsn=4.3.0, status=deferred (temporary failure) May 1 22:40:44 ip-xx-xxx-xx-xx dovecot: lda(apply): Error: user apply: Initialization failed: Namespace '': mkdir(/home/vmail//apply) failed: Permission denied (euid=1001(apply) egid=1001(apply) missing +w perm: /home/vmail/, dir owned by 5000:5000 mode=0755) May 1 22:40:44 ip-xx-xxx-xx-xx dovecot: lda(apply): Fatal: Invalid user settings. Refer to server log for more information. May 1 22:40:44 ip-xx-xxx-xx-xx postfix/local[18900]: 9A94063274: to=, orig_to=, relay=local, delay=306900, delays=306900/0.66/0/0.03, dsn=4.3.0, status=deferred (temporary failure) May 1 22:41:23 ip-xx-xxx-xx-xx dovecot: pop3-login: Login: user=, method=PLAIN, rip=101.103.174.186, lip=10.172.21.51, mpid=18952, session= May 1 22:41:24 ip-xx-xxx-xx-xx dovecot: pop3(my.name at example.org): Disconnected: Logged out top=0/0, retr=0/0, del=0/424, size=57179196 [/var/log] dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.11.0-19-generic x86_64 Ubuntu 13.10 ext4 auth_mechanisms = plain login disable_plaintext_auth = no mail_location = maildir:/home/vmail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded- character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/passdb driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } ssl_cert = was automatically rejected: %n%r } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } [/etc/dovecot] From tss at iki.fi Fri May 2 06:29:46 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 09:29:46 +0300 Subject: [Dovecot] Assert Crash with HG 49e9d9743f6e In-Reply-To: <20140426055022.GA31422@nihlus.leuxner.net> References: <20140426055022.GA31422@nihlus.leuxner.net> Message-ID: <2DCE20EF-31D4-434E-A1DA-66F2D636D33B@iki.fi> On 26.4.2014, at 8.50, Thomas Leuxner wrote: > New crash most likely related to Virtual plugin again: > > Apr 26 07:40:40 spectre dovecot: imap(tlx at leuxner.net): Panic: file mail-storage.c: line 1836 (mailbox_transaction_begin): assertion failed: (box->opened) Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/501a19fc2747 Hopefully the last one! From tlx at leuxner.net Fri May 2 07:07:26 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 2 May 2014 09:07:26 +0200 Subject: [Dovecot] Assert Crash with HG 49e9d9743f6e In-Reply-To: <2DCE20EF-31D4-434E-A1DA-66F2D636D33B@iki.fi> References: <20140426055022.GA31422@nihlus.leuxner.net> <2DCE20EF-31D4-434E-A1DA-66F2D636D33B@iki.fi> Message-ID: <20140502070726.GA14056@nihlus.leuxner.net> * Timo Sirainen 2014.05.02 08:29: > > Apr 26 07:40:40 spectre dovecot: imap(tlx at leuxner.net): Panic: file mail-storage.c: line 1836 (mailbox_transaction_begin): assertion failed: (box->opened) > > Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/501a19fc2747 > > Hopefully the last one! Seems fixed (fingers crossed). Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From tss at iki.fi Fri May 2 07:13:06 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 10:13:06 +0300 Subject: [Dovecot] crash while fts searching a virtual folder In-Reply-To: <9c91cfb839aa254c4d5096ab843f2f0a@ssl.scheff32.de> References: <9c91cfb839aa254c4d5096ab843f2f0a@ssl.scheff32.de> Message-ID: <91119890-1566-4265-BE4E-ED8056F6893E@iki.fi> On 25.4.2014, at 15.24, Matthias Rieber wrote: > searching a virtual folder crashes dovecot quite often. I'm using dovecot 2.2.12. Here's the backtrace: > > #5 0x00007fc1d6774ed9 in level_scores_add_vuids (br=0x2413ab8, level=0x1c0c2e0, vbox=0x170c950) at fts-search.c:81 http://hg.dovecot.org/dovecot-2.2/rev/d63b209737be should fix this. From tss at iki.fi Fri May 2 07:40:19 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 10:40:19 +0300 Subject: [Dovecot] nfs flush/fsync config settings problem In-Reply-To: <534FF522.8000505@utsc.utoronto.ca> References: <201401080923.35386.yebo@psg.sk> <533D1A53.6050109@skye.it> <533D5E44.80002@utsc.utoronto.ca> <533D6109.1030409@skye.it> <5348295C.2010308@utsc.utoronto.ca> <534FF522.8000505@utsc.utoronto.ca> Message-ID: Fixed: http://hg.dovecot.org/dovecot-2.2/rev/9b53f6bf0427 But you shouldn't use mail_nfs_*=yes settings in any case. If you use multiple Dovecot servers, you should use Dovecot director and then you can keep using mail_nfs_*=no. If you use only a single Dovecot server then mail_nfs_*=no works fine also. On 17.4.2014, at 18.37, Wesley Huang wrote: > Hi All, > > I was able to find some time and investigate further. The culprit has been found: "mailbox_list_index=yes". We'd like to use the IMAP NOTIFY extension and this option is a must. But turning on mailbox_list_index with index stored on NFS mounts caused the the error I reported. > > Is it a designed/known behaviour or it is a bug? Hopefully my email will be caught maintainers' eyes. > > > Cheers, > > Wesley > > > On 14-04-11 01:41 PM, Wesley Huang wrote: >> Hi Alessio, >> >> After days sorting the Heartbleed mess, I managed to set up Debian Squeeze amd64 for the test and I'm seeing the same error message: >> >> Fatal: nfs flush requires mail_fsync=always >> >> # doveconf -n | egrep 'fsync|nfs' >> mail_fsync = always >> mail_nfs_index = yes >> mail_nfs_storage = yes >> >> Cheers, >> >> Wesley >> >> On 14-04-03 09:24 AM, Alessio Cecchi wrote: >>> Hi, >>> >>> I'm using Maildir on Debian 6 64bit, try to "grep" for "fsync" on all configuration files. >>> >>> Try also to install the same dovecot+configuration on Debian 6. >>> >>> Let me know! >>> Ciao >>> >>> Il 03/04/2014 15:12, Wesley Huang ha scritto: >>>> Hi Alessio, >>>> >>>> I have 2.2.12 installed in Debian Wheezy amd64 server. mail_fsync is >>>> specified and detected. Are you using mbox or maildir or dbox? We're >>>> using mbox and seeing the error. >>>> >>>> # dovecot --version >>>> 2.2.12 >>>> >>>> # dovecot -n | grep -E 'sync|nfs' >>>> mail_fsync = always >>>> mail_nfs_index = yes >>>> mail_nfs_storage = yes >>>> >>>> >>>> # egrep 'nfs|fsync' 10-mail.conf | egrep -v '#' >>>> mail_fsync=always >>>> mail_nfs_storage = yes >>>> mail_nfs_index = yes >>>> >>>> # uname -r >>>> 3.2.0-4-amd64 >>>> >>>> Cheers, >>>> >>>> Wesley >>>> >>>> On 14-04-03 04:22 AM, Alessio Cecchi wrote: >>>>> Il 08/01/2014 09:23, Troton_admin ha scritto: >>>>>> Hi, >>>>>> >>>>>> I need to place a maildir storage on a NFS filesystem, so I set up >>>>>> the config like this: >>>>>> >>>>>> mmap_disable = yes >>>>>> mail_nfs_storage = yes >>>>>> mail_nfs_index = yes >>>>>> mail_fsync = always >>>>>> lock_method = dotlock (also tried fcntl - local lockd is running, no >>>>>> success, now using dotlock, to be sure while debugging) >>>>>> >>>>>> The problem is that Dovecot (2.2.9/2.2.10 - the relevant code in >>>>>> mail-index.c is the same) logs a fatal error and quits the session >>>>>> (no daemon crash/coredump). >>>>> >>>>> Hi, >>>>> >>>>> I have a similar configuration but with dovecot 2.2.12 and NFS for me >>>>> works fine. Have you insert the "mail_fsync = always" in the right >>>>> place? Is there only one "mail_fsync" setting in your config? First >>>>> check this: >>>>> >>>>> root at mx:/etc/dovecot# grep mail_fsync /etc/dovecot/ -R >>>>> conf.d/10-mail.conf:mail_fsync = always >>>>> >>>>> root at mx:/etc/dovecot# dovecot -n | grep -E 'sync|nfs' >>>>> mail_fsync = always >>>>> mail_nfs_index = yes >>>>> mail_nfs_storage = yes >>>>> maildir_very_dirty_syncs = yes >>>>> >>>>> # 2.2.12: /etc/dovecot/dovecot.conf >>>>> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.9 >>>>> >>>>> Let me know. >>>>> Ciao >>>> >>> >>> From tss at iki.fi Fri May 2 08:16:54 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 11:16:54 +0300 Subject: [Dovecot] BINARY FETCH conversion issue In-Reply-To: <20140429152759.Horde.VyzmEbbxP7BDaMNPnBzXww2@bigworm.curecanti.org> References: <20140429152759.Horde.VyzmEbbxP7BDaMNPnBzXww2@bigworm.curecanti.org> Message-ID: On 30.4.2014, at 0.27, Michael M Slusarz wrote: > Given this test message, with admittedly incorrect QP encoding: .. > Dovecot 2.2 returns this: > > C: 5 UID FETCH 4464 (BINARY.PEEK[1]) > S: * 1 FETCH (UID 4464 BINARY[1] NIL) > S: 5 OK Fetch completed. > > Contrast with, e.g., Cyrus 2.4: > > C: 6 UID FETCH 1 (BINARY.PEEK[1]) > S: * 1 FETCH (UID 1 BINARY[1] {57} > S: [LITERAL DATA: 57 bytes] > S: ) > S: 6 OK Completed (0.000 sec) > > (Cyrus FETCH output strips out the spurious non-encoding '=', IIRC). > > Not sure if this is an example of Cyrus' QP decoder being more robust (or lenient) than Dovecot's. Or whether this is intentional to return NIL for this kind of bad data. It was kind of intentional. Dovecot's istream-qp-decoder aborts when it finds anything broken. I guess it could simply skip errors, but I'm not sure how good idea that is either.. > Although if intentional, output should probably be a NO response with UNKNOWN-CTE response code, since this appears to be an instance of "the server does not know how to decode the section's CTE". (RFC 3516 [4.3]). Yeah, I think that's better. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/197f77f6ef0d Also this fix more or less requires this: http://hg.dovecot.org/dovecot-2.2/rev/99f59d6fce05 From tanaka at designet.co.jp Fri May 2 08:27:30 2014 From: tanaka at designet.co.jp (Atsuko Tanaka) Date: Fri, 02 May 2014 17:27:30 +0900 Subject: [Dovecot] When the subject portion of an e-mail contains a control character, dovecot.sieve terminates unexpectatedly. Message-ID: <536356F2.2050903@designet.co.jp> Hello. We have currently set dovecot.sieve to insert the text "[SPAM]" at the beginning of an e-mail's subject when it's X-Spam-Score is above 80%. After we set our system as stated the following errors occur: 1) When an e-mail's subject contains control characters like [Ctrl+V|^V], dovecot.sieve terminates with an error and an e-mail is not able to be sent. When a MIME encoded Subject like [????^V????] is sent we're not able to edit the subject and dovecot ends with an error. This is a sample of the data that was used in testing. Subject: =?ISO-2022-JP?B?GyRCI1QjRSNTI1QbKEIWGyRCI00jQSNJI0wbKEI=?= X-Spam-Score: 100.00% ? Subject: =?ISO-2022-JP?B?GyRCI1QjRSNTI1QbKEIWGyRCI00jQSNJI0wbKEI=?= X-Spam-Score: 100.00% This is the log generated by the data above. ---------------------------------------------------------------------- sieve: info: started log at May 02 10:46:22. main script: line 14: error: addheader action: specified value `[SPAM] ???????' is invalid. ---------------------------------------------------------------------- Aside from [Ctrl + V] the following control charcters also cause errors: backspace Ctrl + A Ctrl + C Ctrl + [ Ctrl + X Ctrl + Y 2) When an e-mail's subject line contains a "\0" character, everything following the null character is deleted. When a MIME encoded Subject is sent, for example "????\0????", the subject becomes "[SPAM]????", the characters after the NULL character are deleted and dovecot.sieve ends normally. This is a sample of the data that we collected. Subject: =?ISO-2022-JP?B?GyRCI1QjRSNTI1QbKEIAGyRCI00jQSNJI0wbKEI=?= X-Spam-Score: 100.00% ? Subject: [SPAM] =?utf-8?b?77y077yl77yz77y0?= X-Spam-Score: 100.00% -Environment ?OS CentOS release 6.5 (Final) x86_64 ?Software Version dovecot-2.2.12 dovecot-2.2-pigeonhole-0.4.2 ?Results from the "dovecot -n" command. ---------------------------------------------------------------------- # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release 6.5 (Final) disable_plaintext_auth = no lock_method = dotlock mail_fsync = always mail_gid = vmail mail_location = maildir:~/Maildir mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = quota mail_temp_dir = /var/tmp mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave spamtest spamtestplus editheader mbox_write_locks = dotlock mmap_disable = yes passdb { driver = passwd } plugin { quota = maildir:User quota sieve = ~/Maildir/dovecot.sieve sieve_dir = ~/Maildir/sieve sieve_editheader_max_header_size = 1k sieve_editheader_protected = X-Verified sieve_extensions = +editheader +spamtest +spamtestplus sieve_max_actions = 250 sieve_max_redirects = 100 sieve_spamtest_max_value = 100.00 sieve_spamtest_status_header = X-Spam-Score: ([[:digit:]]+\.[[:digit:]]+)% sieve_spamtest_status_type = score sieve_user_log = /var/log/dovecot.sieve/%d/%u.log } postmaster_address = postmaster at example.jp protocols = pop3 imap service auth { unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } ssl_ca = References: <20140425145334.GA11807@darac.org.uk> Message-ID: <29CC434A-87B2-4EE7-8D73-CDDA33A0F1D4@iki.fi> On 25.4.2014, at 17.53, Darac Marjal wrote: > I'm seeing a segfault in dovecot 2.2.12 (debian package 1:2.2.12-2). I > can log into dovecot fine with mutt, but the segfaults seem to occur > when postfix (2.11.0, debian package 2.11.0-1+b1) tries to deliver a > message. .. > #0 auth_fields_find_idx (fields=fields at entry=0x0, key=key at entry=0xb84ae448 "uid", > idx_r=idx_r at entry=0xbfc07d0c) at auth-fields.c:44 > i = > count = > #1 0xb77bed33 in auth_fields_add (fields=0x0, key=key at entry=0xb84ae448 "uid", > value=value at entry=0xb84a6312 "1120", flags=flags at entry=(unknown: 0)) at auth-fields.c:68 > field = > idx = 3091882770 > __FUNCTION__ = "auth_fields_add" > #2 0xb77bb03b in auth_request_set_userdb_field (request=request at entry=0xb84b9218, > name=0xb84ae448 "uid", value=0xb84a6312 "1120") at auth-request.c:1605 > uid = > gid = > #3 0xb77d2fb5 in userdb_template_export (tmpl=0xb84ae410, > auth_request=auth_request at entry=0xb84b9218) at userdb-template.c:83 Fixed: http://hg.dovecot.org/dovecot-2.2/rev/e84555e6eb59 From tss at iki.fi Fri May 2 08:59:32 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 11:59:32 +0300 Subject: [Dovecot] segfault with shared namespace version > 2.1.16 In-Reply-To: <534F1AD1.3030906@engr.orst.edu> References: <534F1AD1.3030906@engr.orst.edu> Message-ID: <30F92EB6-39D4-4BAF-8BA4-5AB4C323C3F2@iki.fi> On 17.4.2014, at 3.05, Tom Lieuallen wrote: > We're currently running 2.1.16. I've been wanting to update to a 2.2.X version, but have been running into problems, even with the latest (2.2.12). I'm not sure at what version this issue appeared, but I believe I've tried 2.2.10, 2.2.11, and now 2.2.12. > > We have a shared maildir setup. With that configuration in place and with a user in the dovecot-acl file, I can do the following to make it segfault every time. Note if I comment out the shared namespace config, it does not segfault. > > #0 mailbox_settings_find (user=0x6866c0, > vname=0x670800 "sharedimap/support-reports") at mail-storage.c:624 > box_set = > ns = > #1 0x00007f1cb0323fd0 in mailbox_list_get_storage (list=0x7fff73b39088, > vname=, storage_r=0x7fff73b39080) > at mailbox-list.c:821 > set = > #2 0x00007f1cb03164a7 in mail_namespace_find_shared ( > namespaces=, > mailbox=0x670800 "sharedimap/support-reports") at mail-namespace.c:651 > list = 0x68ea30 > storage = 0x0 > #3 mail_namespace_find (namespaces=, > mailbox=0x670800 "sharedimap/support-reports") at mail-namespace.c:669 > ns = 0x68ad70 > __FUNCTION__ = "mail_namespace_find" > .... > .... Fixed: http://hg.dovecot.org/dovecot-2.2/rev/930b6b1346bd From tss at iki.fi Fri May 2 09:13:05 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 12:13:05 +0300 Subject: [Dovecot] core dump in mail_cache_header_fields_read() In-Reply-To: <535809EE.4040607@utsc.utoronto.ca> References: <535809EE.4040607@utsc.utoronto.ca> Message-ID: <3F5EC988-C955-4D0C-9593-40EE015A1638@iki.fi> On 23.4.2014, at 21.43, Wesley Huang wrote: > We're seeing a core dump for a user connecting from IPHONE. The user mail are in NFS mount. > > Program terminated with signal 11, Segmentation fault. > #0 0x00007fca22f0ca85 in mail_cache_header_fields_read (cache=cache at entry=0x7fca24a04f70) at mail-cache-fields.c:369 > 369 for (p = names; p != end && *p != '\0'; p++) ; Looks like a corrupted dovecot.index.cache file. This should replace the crash with just an error message and cache recreation: http://hg.dovecot.org/dovecot-2.2/rev/1f2c83d6dd2e From tss at iki.fi Fri May 2 09:21:41 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 12:21:41 +0300 Subject: [Dovecot] BUG: Authentication client sent unknown handshake command In-Reply-To: <18393786-9A73-4DF5-B9DE-9ADD8109EBC4@baaz.fr> References: <18393786-9A73-4DF5-B9DE-9ADD8109EBC4@baaz.fr> Message-ID: <840852BF-702E-4394-89EF-CF2F3E16C217@iki.fi> On 16.4.2014, at 17.48, Jean-Yves Moulin wrote: > After a kernel upgrade, while using the same dovecot binaries (they were working perfectly until today), I'm experiencing this error (more log at the end of my email): > > BUG: Authentication client sent unknown handshake command: REQUEST?227672066?18807?2?c717631d60216b2e9ec57a2fa69674b8?session_pid=16343?... > > I tried to build a newer version of dovecot (2.2.12) but same issue. > > I know this should come from my system and not dovecot, but how can I debug this kind of problem ? I already enabled various debug (auth_verbose, auth_debug, mail_debug) but I need more information. I think Dovecot's net_getunixname() no longer works correctly, meaning NetBSD's getsockname() no longer returns the socket name correctly for UNIX sockets. Should be fixed on NetBSD's side. From tss at iki.fi Fri May 2 09:33:42 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 12:33:42 +0300 Subject: [Dovecot] Dovecot Director and MasterUsers In-Reply-To: <5343FF88.6010507@metaways.de> References: <5343FF88.6010507@metaways.de> Message-ID: <92173055-7DB6-4B0A-A971-8FEEDEFAF13C@iki.fi> On 8.4.2014, at 16.54, Daniel Parthey wrote: > the Dovecot Director determines the backend host in some way by hashing the username: > > http://wiki2.dovecot.org/Director > > For normal logins username at example.org, the director always gets the same hash > for the same username and ensures that the login is always proxied to the same backend. > > But what about MasterUsers in combination with Dovecot Director? > > http://wiki2.dovecot.org/Authentication/MasterUsers > > Which configuration directives should be used to make sure that logins > > username at example.org*masteruser1 at example.org > username at example.org*masteruser2 at example.org > username at example.org*masteruser3 at example.org > > go to the same mailbox backend, in order to avoid NFS caching > conflicts for mailbox username at example.org which should always > reside on the same NFS client? > > Is the master user cut off from behind the master_user_separator? Yes, assuming your director (not backend) is configured with auth_master_user_separator=*. It's translated into SASL PLAIN authentication for backends where director hashes only the username. > How is the director hash exactly calculated? > Can the director hashing algorithm be configured in some way? director_username_hash can be used for configuring. BTW. There are also some kludgy things you can do with this if you need some weird setup, such as using user at domain1@domain2 style usernames where director_username_hash = %{username}@%{domain_first} and then you can use the %{domain_last} variable in the backend to do some extra stuff. For example if you want to have @readonly user with readonly ACLs. From tss at iki.fi Fri May 2 09:35:21 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 12:35:21 +0300 Subject: [Dovecot] Rebuilding message guid in sdbox In-Reply-To: <5343EF38.4030509@allard.it> References: <5343EF38.4030509@allard.it> Message-ID: On 8.4.2014, at 15.44, Renaud Allard wrote: > I am running dovecot 2.2.12 > Current mail storage is sdbox and I am trying to compress all emails, which works fine, except for a few old mailboxes. > > If I run the following dsync command > "dsync -u flea -o "mail_plugins=zlib" mirror maildir:~/ndbox" > > It fails with: > dsync(flea): Error: Exporting mailbox INBOX failed: Backend doesn't support GUIDs, sync with header hashes instead > > Doing "doveadm dump flea/dbox/mailboxes/INBOX/dbox-Mails/dovecot.index" reveals that there are very old mails (about 5 years ago) without any guid like that one: > RECORD: seq=1, uid=1560, flags=0x00 > - ext 1 modseq : 16043 (ab3e000000000000) > - ext 3 cache : 396 (8c010000) > - cache offset=396 size=20, prev_offset = 0 > - guid: > > So, my question is: is there a way to force dovecot to assign a guid to those messages? Not directly. You could use dsync via imapc to access those mailboxes and convert them. http://wiki2.dovecot.org/Migration/Dsync From tss at iki.fi Fri May 2 09:46:33 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 12:46:33 +0300 Subject: [Dovecot] BUG dovecot and nginx In-Reply-To: References: Message-ID: <50FA0F4A-E839-4841-AF47-072685CD163B@iki.fi> Not sure without seeing the actual traffic logs, but there are some broken IMAP servers (including some version of Zimbra, or maybe it's nginx) that don't respond to Dovecot when it pipelines multiple commands. See if returning proxy_nopipelining=y in passdb fixes this. On 1.4.2014, at 13.09, Tobias Oetiker wrote: > we have setup a two level proxy configuration for our zimbra server: > > [ dovecot 2.2.12 (imap proxy mode) ] > V > [ nginx (imap proxy mode) ] > V > [ zimbra imap server] > > and it does not work ... after tying a login, the connection just > hangs and ends after 30 seconds with a timeout. > > - if I try again rightaway in the same dovecot connection, the login > goes though without trouble. > > - looking at this with tshark I can see that on the second attempt, > there is no capabilities query, dovecot just goes ahead and > connects. > > if we drop nginx from the setup all is well also (login works > directly as expected) > > - investigating the traffic differences between the setups with and > without nginx, we find that for some reason dovecot does not > react to the capabily answer from nginx. while it seems to > happily accept the same answer when it is coming from zimbra > directly. > > - the only difference I can see on the wire is that nginx is much > quicker (2.5ms) in responding than the zimbra (25ms) server and > that the position of the STARTTLS and SASL=PLAIN capabilities in > the capability answer differs between the two. > > any ideas ? > > cheers > tobi > > -- > Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland > www.oetiker.ch tobi at oetiker.ch +41 62 775 9902 > *** We are hiring IT staff: www.oetiker.ch/jobs *** From tss at iki.fi Fri May 2 09:51:33 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 12:51:33 +0300 Subject: [Dovecot] Not backing up cache files In-Reply-To: <53328A35.4000907@jcea.es> References: <53328A35.4000907@jcea.es> Message-ID: On 26.3.2014, at 10.05, Jesus Cea wrote: > I am using mdbox for dovecot storage. > > I wonder if I could skip "dovecot.index.cache" files and, in general, > "*.cache" files when doing mail backup. Those files are big and change > frequently. What I feel from reading documentation [1][2] is that they > could be dropped in the backups, to be recreated on the fly if needed. Yeah. dovecot.index.cache files never contain anything that can't be regenerated (except maildir messages' save-timestamps, but those are pretty much irrelevant). From tss at iki.fi Fri May 2 09:59:32 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 12:59:32 +0300 Subject: [Dovecot] Imap user via proxy with starttls - how to rawlogs on proxy ? In-Reply-To: References: Message-ID: <4ACF12A9-B1AA-4C3F-A07B-4FAFA3CEA9E5@iki.fi> On 17.3.2014, at 10.57, askforstatus wrote: > Is there any way to log user imap dialog with starttls when going via > dovecot acting as imap proxy ? > My intention is to log each and every user command similar to rawlogs > feature. > As per my current imap proxy config pre-login working like a charm but > post-login is not possible due as i think the nature of proxy feature. A bit late reply, but it is actually possible, see "Pre-login rawlog" in http://wiki2.dovecot.org/Debugging/Rawlog From CMarcus at Media-Brokers.com Fri May 2 10:02:15 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 02 May 2014 06:02:15 -0400 Subject: [Dovecot] LMTP error In-Reply-To: References: Message-ID: <53636D27.9010705@Media-Brokers.com> On 5/1/2014 7:17 PM, Joseph Tam wrote: > This setting: > >> first_valid_uid = 1010 > > will need to be changed to "0", Worst ... advice ... ever. Please do NOT EVER suggest to anyone else to EVER do that. > or better yet, as others have suggested, > alias root to some user with UID within 1010..1020. This is one of the very *first* things that you should do on pretty much *any* new server setup. I guess maybe there are one or more valid corner cases where you wouldn't want to do this, but I can't think of any (good) ones... Charles From tss at iki.fi Fri May 2 10:06:58 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 13:06:58 +0300 Subject: [Dovecot] Finding memory leaks In-Reply-To: <5320617B.4090804@simiatech.com> References: <5320617B.4090804@simiatech.com> Message-ID: On 12.3.2014, at 15.30, Philipp Br?ll wrote: > I try to find a memory leak in a dovecot plugin that I develop. In > order to find it, it would be helpful to print the total amount of > memory that is currently allocated. This print could than spread over > the source code and the memory consumption can be tracked. > > I've tried > > i_debug("pool size %u", > (unsigned int)pool_alloconly_get_total_alloc_size(system_pool)); > > But that failed. Does someone has a good advice? Dovecot doesn't track total memory usage. > I would like to avoid complex solutions like valgrind. I always use valgrind, for example with imap: service imap { executable = /usr/bin/valgrind -q --leak-check=full /usr/local/libexec/dovecot/imap } From tss at iki.fi Fri May 2 10:22:28 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 13:22:28 +0300 Subject: [Dovecot] 2.2.12: Panic: file mail-index.c: line 380 (mail_index_keywords_unref): assertion failed: (keywords->refcount > 0) In-Reply-To: <530A1A34.4090206@kraav.com> References: <530A1A34.4090206@kraav.com> Message-ID: On 23.2.2014, at 17.56, Leho Kraav wrote: > I upgraded 2.1 -> 2.2 something like a week ago because I needed INDEXPVT. Not sure if this crash started immediately or not, noticed it today looking at journalctl. > > Backtrace http://bpaste.net/raw/181944/ and pasted below. .. > #4 0x00007f64dab30d4e in i_panic (format=format at entry=0x7f64dae79848 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:267 > ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} > args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffb9d88df0, reg_save_area = 0x7fffb9d88d30}} > #5 0x00007f64dae59fbc in mail_index_keywords_unref (_keywords=) at mail-index.c:380 > keywords = > __FUNCTION__ = "mail_index_keywords_unref" > #6 0x00007f64dae22657 in mailbox_copy (_ctx=, mail=mail at entry=0xbcf260) at mail-storage.c:2140 This should be fixed by http://hg.dovecot.org/dovecot-2.2/rev/db216ddbb5c2 From tss at iki.fi Fri May 2 10:37:09 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 13:37:09 +0300 Subject: [Dovecot] zlib maildir reindex broken In-Reply-To: <3CE707A9-5DA4-4B34-9F70-79FBEE11B118@tucows.com> References: <3CE707A9-5DA4-4B34-9F70-79FBEE11B118@tucows.com> Message-ID: <530491FE-0E95-4FCA-9B6C-B2175DC52513@iki.fi> On 24.4.2014, at 0.51, Richard Platel wrote: > I posted to the list about this a while ago but never got a response, I have a bit more information now. > > Dovecot 2.2.12 and other 2.2 versions are broken when using zlib and maildir. If messages are re-indexed, the INTERNALDATE of all messages is set to the time the re-index is done. > > The problem seems to be in src/plugins/zlib/zlib-plugin.c in the function zlib_mail_cache_open. > > During a reindex maildir_mail_get_received_date() does an i_stream_stat on the the i_stream_seekable stream created in zlib_mail_cache_open, but this istream does not know about the original maildir message file and always returns the current time for the file's stat times. > > This is also broken on initial index, but if mail is indexed when it's received (ours isn't) it coincidentally gets the right time. Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/9f1460682295 From tss at iki.fi Fri May 2 10:49:12 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 13:49:12 +0300 Subject: [Dovecot] maildir compressed message fix patch In-Reply-To: <830C2513-C735-4E1B-9EAD-6E865571A8EA@tucows.com> References: <830C2513-C735-4E1B-9EAD-6E865571A8EA@tucows.com> Message-ID: On 24.4.2014, at 23.54, Richard Platel wrote: > When a compressed maildir message has a bad S= size in its filename it puts the user in an unrecoverable state, since maildir's do_fix_size function just does a stat() on the maildir file and saves the compressed size in the filename. These are also relevant: http://hg.dovecot.org/dovecot-2.2/rev/1adbd576f320 http://hg.dovecot.org/dovecot-2.2/rev/3b9935fe9cb7 > This (quick, rough, barely tested) patch addresses this issue, it's inefficient, but we're already in a hopefully rare emergency situation. Well, I implemented this finally now properly: http://hg.dovecot.org/dovecot-2.2/rev/a1831c9896d4 From tss at iki.fi Fri May 2 12:47:21 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 15:47:21 +0300 Subject: [Dovecot] ID command and dovecot In-Reply-To: <5304AE83.8060100@arnes.si> References: <5304AE83.8060100@arnes.si> Message-ID: <708FF392-48CD-47E5-8BCA-36CE997CAF1C@iki.fi> On 19.2.2014, at 15.15, Jernej Porenta wrote: > we are seeing some strange issues with IMAP ID command using latest Roundcube builds on dovecot 2.2.10 responding "Input buffer full, aborting". > > Roundcube webmail connects to IMAP server and issues ID command first with some long arguments to ID command, however shorter than 1024 octets, which are specified in RFC2971 for ID IMAP extension. > > The situation is easily reproducible (see http://pastebin.com/q4HX4wqb): > # telnet hostname 143 > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Server ready. > . ID ("name" "Roundcube" "version" "1.0-git" "php" "5.3.3" "os" "Linux" "command" "<$long_less_than_1024_octets_string>") > * BYE Input buffer full, aborting > > However, this problem does not occur when user is already logged in. Before logging in Dovecot uses pretty strict limits on memory usage to avoid DoSing it. > RFC2971 is saying "Field strings MUST NOT be longer than 30 octets. Value strings MUST NOT be longer than 1024 octets. Implementations MUST NOT send more than 30 field-value pairs." > > IMHO, dovecot is handling ID command before successful login successfully only if the length of the whole command is less than 1024 octets (exactly 861 octets is working fine, over that "Input buffer full" occurs). > > I tried finding the reference in the source code, however I am unable to find where this limit actually occurs (maybe IMAP_ARG_STRING imap_arg->type?) lib-master/master-auth.h MASTER_AUTH_MAX_DATA_SIZE affects it. Anyway, after thinking about this for a while I guess it's good to be RFC compliant, so I added some extra code to handle this better: http://hg.dovecot.org/dovecot-2.2/rev/3ecb2b831402 Although it's still probably not 100% RFC compliant, as it allows the maximum IMAP string parameter to be 1024 bytes before dropping the '\' escaping from \" quotes. From tss at iki.fi Fri May 2 12:59:12 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 15:59:12 +0300 Subject: [Dovecot] output of doveconf in conflict with order of settings in conf.d/*-*.conf files In-Reply-To: References: Message-ID: On 17.2.2014, at 10.58, Steffen Kaiser wrote: > I wanted to enable stats, so I added the settings from http://wiki2.dovecot.org/Statistics into conf.d/99-stats.conf: > > mail_plugins = $mail_plugins stats > protocol imap { > mail_plugins = $mail_plugins imap_stats > } > plugin { > # how often to session statistics > stats_refresh = 30 secs > # track per-IMAP command statistics > stats_track_cmds = yes > } > > reloaded dovecot, see output of doveconf -n below, but I got the error: > > imap: Error: Can't load plugin imap_stats_plugin: Plugin stats must be loaded also (you must set: mail_plugins=$mail_plugins stats) > > If I move the line "mail_plugins = $mail_plugins stats" from 99-stats.conf into 15-stats.conf, the output of doveconf -n looks the same, but the stats is working. > > I tried finding information about the significance of the order of settings - I mean which number should a conf-file has - , but failed in the Wiki and mailing list. Is this a bug or should there be a documentation? The problem is basically this: mail_plugins = quota protocol imap { mail_plugin = $mail_plugins imap_quota } mail_plugins = $mail_plugins stats The last global mail_plugins doesn't update the protocol imap { mail_plugins }. It wouldn't be easy to fix this, and I'm also not sure if it's even a good idea. From crohmann at netcologne.de Fri May 2 12:59:59 2014 From: crohmann at netcologne.de (Christian Rohmann) Date: Fri, 02 May 2014 14:59:59 +0200 Subject: [Dovecot] maildir compressed message fix patch In-Reply-To: References: <830C2513-C735-4E1B-9EAD-6E865571A8EA@tucows.com> Message-ID: <536396CF.7050709@netcologne.de> On 02.05.2014 12:49, Timo Sirainen wrote: > On 24.4.2014, at 23.54, Richard Platel wrote: >> When a compressed maildir message has a bad S= size in its filename it puts the user in an unrecoverable state, since maildir's do_fix_size function just does a stat() on the maildir file and saves the compressed size in the filename. > > These are also relevant: > > http://hg.dovecot.org/dovecot-2.2/rev/1adbd576f320 > http://hg.dovecot.org/dovecot-2.2/rev/3b9935fe9cb7 > >> This (quick, rough, barely tested) patch addresses this issue, it's inefficient, but we're already in a hopefully rare emergency situation. > > Well, I implemented this finally now properly: http://hg.dovecot.org/dovecot-2.2/rev/a1831c9896d4 Yeah, thanks Timo! Dovecot's automagic fixing of broken things is back: "Now fixing your messed up S-value with pleasure." I definitely owe you a beer next time we meet :-) Regards Christian From tss at iki.fi Fri May 2 13:00:51 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 2 May 2014 16:00:51 +0300 Subject: [Dovecot] output of doveconf in conflict with order of settings in conf.d/*-*.conf files In-Reply-To: References: Message-ID: <124E900E-ECD1-4342-9632-24EF669D1224@iki.fi> On 2.5.2014, at 15.59, Timo Sirainen wrote: >> imap: Error: Can't load plugin imap_stats_plugin: Plugin stats must be loaded also (you must set: mail_plugins=$mail_plugins stats) >> >> If I move the line "mail_plugins = $mail_plugins stats" from 99-stats.conf into 15-stats.conf, the output of doveconf -n looks the same, but the stats is working. Oh, and I don't think this is true. By doing that change the protocol imap { mail_plugins } will gain the stats plugin. From mailinglist at darac.org.uk Fri May 2 13:41:15 2014 From: mailinglist at darac.org.uk (Darac Marjal) Date: Fri, 2 May 2014 14:41:15 +0100 Subject: [Dovecot] Segfault in auth (when talked to by postfix lda) In-Reply-To: <29CC434A-87B2-4EE7-8D73-CDDA33A0F1D4@iki.fi> References: <20140425145334.GA11807@darac.org.uk> <29CC434A-87B2-4EE7-8D73-CDDA33A0F1D4@iki.fi> Message-ID: <20140502134114.GA11319@darac.org.uk> On Fri, May 02, 2014 at 11:40:58AM +0300, Timo Sirainen wrote: > On 25.4.2014, at 17.53, Darac Marjal wrote: > > > I'm seeing a segfault in dovecot 2.2.12 (debian package 1:2.2.12-2). I > > can log into dovecot fine with mutt, but the segfaults seem to occur > > when postfix (2.11.0, debian package 2.11.0-1+b1) tries to deliver a > > message. > .. > > #0 auth_fields_find_idx (fields=fields at entry=0x0, key=key at entry=0xb84ae448 "uid", > > idx_r=idx_r at entry=0xbfc07d0c) at auth-fields.c:44 > > i = > > count = > > #1 0xb77bed33 in auth_fields_add (fields=0x0, key=key at entry=0xb84ae448 "uid", > > value=value at entry=0xb84a6312 "1120", flags=flags at entry=(unknown: 0)) at auth-fields.c:68 > > field = > > idx = 3091882770 > > __FUNCTION__ = "auth_fields_add" > > #2 0xb77bb03b in auth_request_set_userdb_field (request=request at entry=0xb84b9218, > > name=0xb84ae448 "uid", value=0xb84a6312 "1120") at auth-request.c:1605 > > uid = > > gid = > > #3 0xb77d2fb5 in userdb_template_export (tmpl=0xb84ae410, > > auth_request=auth_request at entry=0xb84b9218) at userdb-template.c:83 > > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/e84555e6eb59 That works a treat. Thanks, Timo. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From huang at utsc.utoronto.ca Fri May 2 16:03:23 2014 From: huang at utsc.utoronto.ca (Wesley Huang) Date: Fri, 02 May 2014 12:03:23 -0400 Subject: [Dovecot] core dump in mail_cache_header_fields_read() In-Reply-To: <3F5EC988-C955-4D0C-9593-40EE015A1638@iki.fi> References: <535809EE.4040607@utsc.utoronto.ca> <3F5EC988-C955-4D0C-9593-40EE015A1638@iki.fi> Message-ID: <5363C1CB.5020105@utsc.utoronto.ca> Hi Timo, Thanks. Let me port in the bug fix and test it. FYI, previously when the problem occurred, I deleted the dovecot index and let dovecot regenerate the index, but it didn't help. Cheers, Wesley On 14-05-02 05:13 AM, Timo Sirainen wrote: > On 23.4.2014, at 21.43, Wesley Huang wrote: > >> We're seeing a core dump for a user connecting from IPHONE. The user mail are in NFS mount. >> >> Program terminated with signal 11, Segmentation fault. >> #0 0x00007fca22f0ca85 in mail_cache_header_fields_read (cache=cache at entry=0x7fca24a04f70) at mail-cache-fields.c:369 >> 369 for (p = names; p != end && *p != '\0'; p++) ; > Looks like a corrupted dovecot.index.cache file. This should replace the crash with just an error message and cache recreation: > > http://hg.dovecot.org/dovecot-2.2/rev/1f2c83d6dd2e From john at idsfa.net Fri May 2 16:25:34 2014 From: john at idsfa.net (John J. Stimson III) Date: Fri, 2 May 2014 09:25:34 -0700 Subject: [Dovecot] User not found when using shadow for passdb Message-ID: <20140502162534.GA22148@harlie.idsfa.net> I am getting "user unknown" when trying to connect to the dovecot server using IMAP. The client gets an authentication failed message and does not download mail. The host system uses shadow passwords in /etc/shadow. I would like to use the same passwords for IMAP sessions, so I have set the passdb driver to shadow. The system is Slackware, which does not use PAM. Here is the dovecot version and configuration output: # dovecot -n # 2.1.17: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.6.5 i686 Slackware 13.1.0 auth_debug_passwords = yes auth_verbose = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = blocking=no driver = shadow } service auth { unix_listener auth-userdb { user = root } } ssl_cert = ): lookup May 2 09:05:07 harlie dovecot: auth: shadow(john,10.0.0.181,): unknown user May 2 09:05:09 harlie dovecot: auth: Debug: client passdb out: FAIL^I1^Iuser=john May 2 09:05:09 harlie dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=10.0.0.181, lip=96.229.223.7, TLS, session= The user john is a real account on the host machine and has entries in both /etc/passwd and /etc/shadow. Help? -- john at idsfa.net John Stimson http://www.idsfa.net/~john/ HMC Physics '94 From huang at utsc.utoronto.ca Fri May 2 18:19:32 2014 From: huang at utsc.utoronto.ca (Wesley Huang) Date: Fri, 02 May 2014 14:19:32 -0400 Subject: [Dovecot] core dump in mail_cache_header_fields_read() In-Reply-To: <5363C1CB.5020105@utsc.utoronto.ca> References: <535809EE.4040607@utsc.utoronto.ca> <3F5EC988-C955-4D0C-9593-40EE015A1638@iki.fi> <5363C1CB.5020105@utsc.utoronto.ca> Message-ID: <5363E1B4.6040108@utsc.utoronto.ca> Hi Timo, The patch works. With the error log we identified a corrupted cache file for the Trash folder (not the cache file for the inbox we previously suspected). After having this cache removed, we don't see the error any more. Thanks again! Cheers, Wesley On 14-05-02 12:03 PM, Wesley Huang wrote: > Hi Timo, > > Thanks. Let me port in the bug fix and test it. FYI, previously when > the problem occurred, I deleted the dovecot index and let dovecot > regenerate the index, but it didn't help. > > > Cheers, > > Wesley > > On 14-05-02 05:13 AM, Timo Sirainen wrote: >> On 23.4.2014, at 21.43, Wesley Huang wrote: >> >>> We're seeing a core dump for a user connecting from IPHONE. The user >>> mail are in NFS mount. >>> >>> Program terminated with signal 11, Segmentation fault. >>> #0 0x00007fca22f0ca85 in mail_cache_header_fields_read >>> (cache=cache at entry=0x7fca24a04f70) at mail-cache-fields.c:369 >>> 369 for (p = names; p != end && *p != '\0'; p++) ; >> Looks like a corrupted dovecot.index.cache file. This should replace >> the crash with just an error message and cache recreation: >> >> http://hg.dovecot.org/dovecot-2.2/rev/1f2c83d6dd2e From slusarz at curecanti.org Sat May 3 05:19:59 2014 From: slusarz at curecanti.org (Michael M Slusarz) Date: Fri, 02 May 2014 23:19:59 -0600 Subject: [Dovecot] BINARY FETCH conversion issue In-Reply-To: References: <20140429152759.Horde.VyzmEbbxP7BDaMNPnBzXww2@bigworm.curecanti.org> Message-ID: <20140502231959.Horde.TzRqcN5ujkkdjriOszAemQ9@bigworm.curecanti.org> Quoting Timo Sirainen : > On 30.4.2014, at 0.27, Michael M Slusarz wrote: > >> Not sure if this is an example of Cyrus' QP decoder being more >> robust (or lenient) than Dovecot's. Or whether this is intentional >> to return NIL for this kind of bad data. > > It was kind of intentional. Dovecot's istream-qp-decoder aborts when > it finds anything broken. I guess it could simply skip errors, but > I'm not sure how good idea that is either.. I don't find it all that useful for a server to try to guess the best decoding results. Instead, I'd rather be told that the part is broken thus giving me the option to download via a normal BODY FETCH ... since that allows me to resolve the decoding issue locally however I want. >> Although if intentional, output should probably be a NO response >> with UNKNOWN-CTE response code, since this appears to be an >> instance of "the server does not know how to decode the section's >> CTE". (RFC 3516 [4.3]). > > Yeah, I think that's better. Fixed: > http://hg.dovecot.org/dovecot-2.2/rev/197f77f6ef0d Thanks. I agree that this is the best solution. michael From slusarz at curecanti.org Sat May 3 05:27:54 2014 From: slusarz at curecanti.org (Michael M Slusarz) Date: Fri, 02 May 2014 23:27:54 -0600 Subject: [Dovecot] CONTEXT=SORT Message-ID: <20140502232754.Horde.BfG6ZiPgnvJEDNx1x7hRvA1@bigworm.curecanti.org> Any reason this is not listed in the CAPABILITY string? I see it listed as a TODO here: http://wiki2.dovecot.org/Roadmap But it seems to work fine (as of 2.2.12): 1 UID SORT RETURN (CONTEXT COUNT) (SUBJECT) UTF-8 UNDELETED * ESEARCH (TAG "1") UID COUNT 12 1 OK Sort completed (0.000 secs). 2 UID SORT RETURN (UPDATE COUNT) (SUBJECT) UTF-8 UNDELETED * ESEARCH (TAG "2") UID COUNT 12 2 OK Sort completed (0.000 secs). [Add message to mailbox] 3 NOOP * 13 EXISTS * 1 RECENT * ESEARCH (TAG "2") UID ADDTO (0 62475) 3 OK NOOP completed. 4 CANCELUPDATE "2" 4 OK Updates cancelled. 5 UID SORT RETURN (PARTIAL 1:10) (SUBJECT) UTF-8 UNDELETED * ESEARCH (TAG "5") UID PARTIAL (1:10 NIL) 5 OK Sort completed (0.000 secs). michael From slusarz at curecanti.org Sat May 3 05:51:50 2014 From: slusarz at curecanti.org (Michael M Slusarz) Date: Fri, 02 May 2014 23:51:50 -0600 Subject: [Dovecot] CONTEXT=SORT In-Reply-To: <20140502232754.Horde.BfG6ZiPgnvJEDNx1x7hRvA1@bigworm.curecanti.org> Message-ID: <20140502235150.Horde.kfE9-8vKaEOBL3fv-OCLhw7@bigworm.curecanti.org> Quoting Michael M Slusarz : > 5 UID SORT RETURN (PARTIAL 1:10) (SUBJECT) UTF-8 UNDELETED > * ESEARCH (TAG "5") UID PARTIAL (1:10 NIL) > 5 OK Sort completed (0.000 secs). Well duh. Maybe I should actually look at the results. This is obviously wrong (this mailbox has 13 undeleted messages, so NIL is not a proper return). ...although PARTIAL limiting for SEARCH doesn't work either: 4 UID SEARCH RETURN (PARTIAL 1:10) UNDELETED * ESEARCH (TAG "4") UID PARTIAL (1:10 NIL) 4 OK Search completed (0.000 secs). Undeleted messages do exist: 5 UID SEARCH UNDELETED * SEARCH 58302 59466 61309 61311 62430 62431 62432 62450 62452 62454 62456 62458 5 OK Search completed (0.000 secs). so maybe there is a general issue with PARTIAL matching rather than a CONTEXT=SORT specific issue? (Running the Arch Linux Dovecot 2.2.12 package right now so I'm not able to debug). michael From m.badeau at ikkyotech.com Sat May 3 05:49:35 2014 From: m.badeau at ikkyotech.com (Matthew Badeau) Date: Sat, 03 May 2014 14:49:35 +0900 Subject: [Dovecot] IMAP clients can't connect while dovecot 2.0.9 is configured for LDAP Message-ID: Good evening, Currently, it?s using mySQL for the passdb and userdb. This works fine but when I switch to LDAP it starts having problems. I?m trying to set up dovecot to use LDAP as its userdb and passdb. I?ve read the docs but I think I may be missing something obvious or I didn?t understand something right. The clients can?t connect through IMAP using MD5-Challenge Response. They also don?t work with plain auth.. When I run the command ` doveadm auth user at domain.com ` , it works! When I run ` doveadm auth -x service=imap user at domain.com ` that also works! What am I doing wrong??? I get the following error: Error: Apr 29 02:04:02 servername dovecot: auth: Fatal: CRAM-MD5 mechanism can't be supported with given passdbs Here is my config: # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release 6.5 (Final) ext4 auth_debug = yes auth_verbose = yes mail_location = maildir:/home/mailuser/%u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { sieve_dir = ~/sieve sieve_global_dir = /var/lib/dovecot/sieve/ sieve_global_path = /var/lib/dovecot/sieve/default.sieve } protocols = pop3 imap sieve lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = mailuser mode = 0640 user = mailuser } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = Dear dovecot maintainers: I'm using SSL client certificates together with a checkpassword scripts to authenticate our users. My problem is: In the checkpassword script the AUTH_USER environment variable will either contain the username that was configured in the mailclient (if auth_ssl_username_from_cert=false) or the username from the certificate (if auth_ssl_username_from_cert=true). I would like to compare both values, i.e. the %{user} Dovecot-variable and the %{orig_user} Dovecot-variable. But the environment of a checkpassword-script has only one of them. I tried myself and found the following: - the environment of a checkpassword script is setup by checkpassword_setup_env() in db-checkpassword.c - checkpassword_setup_env() calls env_put_auth_vars() - env_put_auth_vars() creates AUTH_xxx environment variables for all entries of the auth_request_get_var_expand_table() - the auth_request_get_var_expand_table_full() routine does not contain the original user, but the auth_request-struct does. So I changed the dovecot sourcecode (version 2.2.12) as follows In src/auth/auth-request.h line 152 I replaced #define AUTH_REQUEST_VAR_TAB_COUNT 27 by #define AUTH_REQUEST_VAR_TAB_COUNT 30 In src/auth/auth-request.c around line 2027 I replaced the following lines at the end of auth_request_var_expand_static_tab { '\0', NULL, "session_pid" }, /* be sure to update AUTH_REQUEST_VAR_TAB_COUNT */ { '\0', NULL, NULL } }; by { '\0', NULL, "session_pid" }, { '\0', NULL, "orig_user" }, { '\0', NULL, "orig_username" }, { '\0', NULL, "orig_domain" }, /* be sure to update AUTH_REQUEST_VAR_TAB_COUNT */ { '\0', NULL, NULL } }; In src/auth/auth-request.c around line 2116 I replaced the following lines at the end of function auth_request_get_var_expand_table_full() tab[26].value = auth_request->session_pid == (pid_t)-1 ? NULL : dec2str(auth_request->session_pid); return ret_tab; by tab[26].value = auth_request->session_pid == (pid_t)-1 ? NULL : dec2str(auth_request->session_pid); if (auth_request->original_username != NULL) { tab[27].value = escape_func(auth_request->original_username, auth_request); tab[28].value = escape_func(t_strcut(auth_request->original_username, '@'), auth_request); tab[29].value = strchr(auth_request->original_username, '@'); if (tab[29].value != NULL) { tab[29].value = escape_func(tab[29].value+1, auth_request); } } return ret_tab; This will add AUTH_ORIG_USER, AUTH_ORIG_USERNAME and AUTH_ORIG_DOMAIN environment variables to the environment of every checkpassword script. If this is the correct way to extend the environment of a chackpassword-script then you might consider adding these minor changes to the dovecot-source. Kind regards and thanks very much for this wonderful project Peter Koch From bov at bsdpanic.com Sun May 4 16:15:05 2014 From: bov at bsdpanic.com (SIW) Date: Sun, 04 May 2014 17:15:05 +0100 Subject: [Dovecot] Unknown user when sending internal email Message-ID: <53666789.10303@bsdpanic.com> I use MySQL to store my virtual users, domains and aliases. My database is setup as follows: |CREATE| |TABLE| |`dovecot_passwords` (| |||`username` ||varchar||(100) ||NOT| |NULL||,| |||`appname` ||varchar||(50) ||NOT| |NULL||,| |||`||password||` varbinary(256) ||NOT| |NULL||,| |||PRIMARY| |KEY| |(`username`,`appname`)| |) I then add a users: | |INSERT| |INTO| |dovecot_passwords (username, appname, ||password||) ||VALUES||( ||'test at domain.com'||, ||'desktop'||, MD5(||'password'||) ); My /usr/local/etc/dovecot/dovecot-sql.conf.ext has: | |driver = mysql | |connect = host=127.0.0.1 dbname=mailserver user=mailuser password=blahblah| |default_pass_scheme = PLAIN password_query = SELECT NULL AS password,'Y' as nopassword, username AS user||||FROM dovecot_passwords||||WHERE username = '%u' AND password=MD5(REPLACE('%w',' ','')) Logging in works great and I can use a desktop email client or webmail just fine to check email. The problem occurs when I try to email another user in MY domain. When I send an email from user1 at domain.com to user2 at domain.com I get the following error in the logs: to=, relay=mail.domain.com[private/dovecot-lmtp], delay=0.08, delays=0.05/0.01/0/0.02, dsn=5.1.1, status=bounced (host mail.domain.com[private/dovecot-lmtp] said: 550 5.1.1 User doesn't exist: user1 at domain.com (in reply to RCPT TO command)) | I thought it may have something to do with this: http://wiki2.dovecot.org/DomainLost To quote: SQL password_query gets often misconfigured to drop the domain if username and domain are stored separately. For example: # BROKEN: password_query = SELECT username AS user, password FROM users WHERE username = '%n' AND domain = '%d' The "username AS user" changes the username permanently and the domain is dropped. You can instead use: # MySQL: password_query = SELECT concat(username, '@', domain) AS user, password FROM users WHERE username = '%n' AND domain = '%d' Despite the above I didn't have any luck. From what I can tell in the logs it is using the username AND domain for the user (and not dropping off the domain). Does anyone know how I can get local mail delivery to work again? I have changed the way my users are stored in MySQL so that I can make use of "Application Specific Passwords". If I revert back to using the previous user database internal mail works fine again. I can't seem to figure this out so appreciate any help! Any questions please ask. The details: Dovecot version: |2.2.12 # OS: FreeBSD 10.0-STABLE amd64 zfs auth_debug = yes auth_mechanisms = plain login auth_verbose = yes imap_id_log = * imap_id_send = * log_path = /var/log/dovecot.log login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Junk { auto = subscribe special_use = \Junk } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = /var/mail/dovecotsieve/%d/%n/.dovecot.sieve sieve_default = /var/mail/sieve/default.sieve sieve_dir = /var/mail/dovecotsieve/%d/%n/sieve sieve_global_dir = /var/mail/sieve/ } protocols = imap lmtp sieve service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 } } ssl = required ssl_cert = Hi Guys, I'm trying to auth Dovecot agains FreeIPA using this tut: http://www.freeipa.org/page/Dovecot_IMAPS_Integration_with_FreeIPA_using_Single_Sign_On (and also Postfix using this: https://www.dalemacartney.com/2013/03/14/deploying-postfix-with-ldap-freeipa-virtual-aliases-and-kerberos-authentication/(as it should be working with dovecot at the end I believe) I'm having some issues here and get the following errors no matter what I do: May 4 23:13:18 mail-01 dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one May 4 23:13:18 mail-01 postfix/smtpd[2949]: error: open database /etc/aliases.db: No such file or directory May 4 23:13:18 mail-01 postfix/smtpd[2949]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled May 4 23:13:18 mail-01 dovecot: master: Error: service(auth): command startup failed, throttling May 4 23:13:18 mail-01 postfix/smtpd[2949]: connect from unknown[xxx.xxx.xxx.xxx] May 4 23:13:28 mail-01 dovecot: imap-login: Disconnected (no auth attempts): rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx May 4 23:13:28 mail-01 postfix/smtpd[2949]: fatal: no SASL authentication mechanisms May 4 23:13:29 mail-01 postfix/master[1627]: warning: process /usr/lib/postfix/smtpd pid 2949 exit status 1 May 4 23:13:29 mail-01 postfix/master[1627]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 4 23:14:18 mail-01 dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one May 4 23:14:18 mail-01 dovecot: master: Error: service(auth): command startup failed, throttling May 4 23:15:09 mail-01 postfix/anvil[2952]: statistics: max connection rate 1/60s for (smtp:xxx.xxx.xxx.xxx) at May 4 23:13:18 May 4 23:15:09 mail-01 postfix/anvil[2952]: statistics: max connection count 1 for (smtp:xxx.xxx.xxx.xxx) at May 4 23:13:18 May 4 23:15:09 mail-01 postfix/anvil[2952]: statistics: max cache size 1 at May 4 23:13:18 Outside the issue that it cannot find the aliasses db, I'm kinda stuck here... the tut should be working "out of the box", but I have the feeling I'm missing something here. I hope someone can help me out! Thanks! Matt From mtrainer at cloud-free.com Mon May 5 05:01:34 2014 From: mtrainer at cloud-free.com (Murray Trainer) Date: Mon, 5 May 2014 13:01:34 +0800 Subject: [Dovecot] Dsyncing mail in director setup Message-ID: <00f101cf681f$16b6fe40$4424fac0$@cloud-free.com> Hi All, I have a pair of dovecot director proxies and six dovecot backend mailstores using NFS v4.1 to access five filesystems on EMC VNX NFS storage. This is all working fine until I try and dsync new email mailboxes via one of the mailstores onto the NFS storage. I get major NFS lockups at random on one or more of the mailstores with none of the NFS mounts accessible on one or more of the mailstores. I am getting our storage guy to look into it to see if it is just a performance issue. I can understand there may be locking issues but I wouldn't have thought it would have this effect. I also wonderif there is a better way to run dsync so it handle writing to NFS? Maybe passing it some of the nfs related dovecot options? Thanks Murray From alex at receptiveit.com.au Mon May 5 05:57:30 2014 From: alex at receptiveit.com.au (Alex Ferrara) Date: Mon, 5 May 2014 15:57:30 +1000 Subject: [Dovecot] Dovecot proxy Message-ID: Hi everyone, I have a problem that hopefully has an easy solution. I am setting up an IMAP proxy in a DMZ network. It will connect to the real IMAP server and authenticate using "driver = imap", and this I have working really nicely. What I want to do is have it look up a list of users that are allowed to connect through the proxy before proxying the connection, as not all users with an account are permitted to access their email from the internet. I thought that using a post-login script would get me out of trouble, but it isn't possible in a relay configuration. dovecot.conf ## Dovecot configuration file mail_uid = dovecot mail_gid = dovecot protocols = imap listen = *, :: passdb { driver = imap # IMAP server to authenticate against args = host=192.168.1.1 # IMAP server to connect to for mailbox default_fields = proxy=yes host=192.168.1.1 } userdb { driver = prefetch } auth_mechanisms = plain login # This is the auth service used by Postfix to do dovecot auth. service auth { unix_listener auth-userdb { } inet_listener { port = 12345 } } ## ## SSL settings ## # These will need to ba adjusted to point to *your* certificates, not mine 8-) # The ssl_ca line refers to the intermediate certificate bundle which may or may not be required by your SSL provider ssl_cert = References: Message-ID: <53672EB0.1080401@thinline.cz> Is it possible to use backend's passdb on the relay server in your setup? If you are - for example - using SQL database as passdb on the backend, you can access it from relay server as well. Let's say you have "relay_enabled" column in the table of users, then you can use something like: select ... from users where user = ... and relay_enabled = true Users, who are not permitted access from internet, will get authentication failure If your passdb can't be shared this way (unix accounts, passwd-file etc.), this won't work of course. Maybe you can try to play around allow_nets (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets), possibly combined with login_trusted_networks on backend The idea here is that your relay provides user's real IP and you use allow_nets extra field to restrict access to your internal network only. Not sure if this can work though, never tried. Alex Ferrara wrote: > Hi everyone, > > I have a problem that hopefully has an easy solution. > > I am setting up an IMAP proxy in a DMZ network. It will connect to > the real IMAP server and authenticate using "driver = imap", and this > I have working really nicely. > > What I want to do is have it look up a list of users that are allowed > to connect through the proxy before proxying the connection, as not > all users with an account are permitted to access their email from > the internet. I thought that using a post-login script would get me > out of trouble, but it isn't possible in a relay configuration. > > > > dovecot.conf > > ## Dovecot configuration file > > mail_uid = dovecot mail_gid = dovecot > > protocols = imap > > listen = *, :: > > passdb { driver = imap # IMAP server to authenticate against args = > host=192.168.1.1 # IMAP server to connect to for mailbox > default_fields = proxy=yes host=192.168.1.1 } userdb { driver = > prefetch } > > auth_mechanisms = plain login > > # This is the auth service used by Postfix to do dovecot auth. > service auth { unix_listener auth-userdb { } inet_listener { port = > 12345 } } > > ## ## SSL settings ## > > # These will need to ba adjusted to point to *your* certificates, not > mine 8-) # The ssl_ca line refers to the intermediate certificate > bundle which may or may not be required by your SSL provider > > ssl_cert = = = ALL:!LOW:!SSLv2:!EXP:!aNULL From alex at receptiveit.com.au Mon May 5 06:58:57 2014 From: alex at receptiveit.com.au (Alex Ferrara) Date: Mon, 5 May 2014 16:58:57 +1000 Subject: [Dovecot] Dovecot proxy In-Reply-To: <53672EB0.1080401@thinline.cz> References: <53672EB0.1080401@thinline.cz> Message-ID: Unfortunately, the requirement for this network is that the only pinhole through the firewall between the main relay and the mail server is IMAP. My thought was to ship a list of valid usernames to the imap relay that are allowed to connect, and that list would be constructed from inside the LAN and shipped to the DMZ via rsync. I could set the default value of allow_nets and override it, but I am unsure how best to do that in my situation. Maybe if I use a passwd-file on the userdb, but keep the imap driver on the passdb? aF On 05/05/2014, at 4:24 PM, Jiri Bourek wrote: > Is it possible to use backend's passdb on the relay server in your setup? > > If you are - for example - using SQL database as passdb on the backend, you can access it from relay server as well. Let's say you have "relay_enabled" column in the table of users, then you can use something like: > > select ... from users where user = ... and relay_enabled = true > > Users, who are not permitted access from internet, will get authentication failure > > If your passdb can't be shared this way (unix accounts, passwd-file etc.), this won't work of course. Maybe you can try to play around allow_nets (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets), possibly combined with login_trusted_networks on backend > > The idea here is that your relay provides user's real IP and you use allow_nets extra field to restrict access to your internal network only. Not sure if this can work though, never tried. > > > Alex Ferrara wrote: >> Hi everyone, >> >> I have a problem that hopefully has an easy solution. >> >> I am setting up an IMAP proxy in a DMZ network. It will connect to >> the real IMAP server and authenticate using "driver = imap", and this >> I have working really nicely. >> >> What I want to do is have it look up a list of users that are allowed >> to connect through the proxy before proxying the connection, as not >> all users with an account are permitted to access their email from >> the internet. I thought that using a post-login script would get me >> out of trouble, but it isn't possible in a relay configuration. >> >> >> >> dovecot.conf >> >> ## Dovecot configuration file >> >> mail_uid = dovecot mail_gid = dovecot >> >> protocols = imap >> >> listen = *, :: >> >> passdb { driver = imap # IMAP server to authenticate against args = >> host=192.168.1.1 # IMAP server to connect to for mailbox >> default_fields = proxy=yes host=192.168.1.1 } userdb { driver = >> prefetch } >> >> auth_mechanisms = plain login >> >> # This is the auth service used by Postfix to do dovecot auth. >> service auth { unix_listener auth-userdb { } inet_listener { port = >> 12345 } } >> >> ## ## SSL settings ## >> >> # These will need to ba adjusted to point to *your* certificates, not >> mine 8-) # The ssl_ca line refers to the intermediate certificate >> bundle which may or may not be required by your SSL provider >> >> ssl_cert => => => ALL:!LOW:!SSLv2:!EXP:!aNULL From tss at iki.fi Mon May 5 11:21:03 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 May 2014 14:21:03 +0300 Subject: [Dovecot] CONTEXT=SORT In-Reply-To: <20140502235150.Horde.kfE9-8vKaEOBL3fv-OCLhw7@bigworm.curecanti.org> References: <20140502235150.Horde.kfE9-8vKaEOBL3fv-OCLhw7@bigworm.curecanti.org> Message-ID: <642D6695-320D-4369-8504-B03384E33B1F@iki.fi> On 3.5.2014, at 8.51, Michael M Slusarz wrote: > Quoting Michael M Slusarz : > >> 5 UID SORT RETURN (PARTIAL 1:10) (SUBJECT) UTF-8 UNDELETED >> * ESEARCH (TAG "5") UID PARTIAL (1:10 NIL) >> 5 OK Sort completed (0.000 secs). > > Well duh. Maybe I should actually look at the results. This is obviously wrong (this mailbox has 13 undeleted messages, so NIL is not a proper return). > > ...although PARTIAL limiting for SEARCH doesn't work either: > > 4 UID SEARCH RETURN (PARTIAL 1:10) UNDELETED > * ESEARCH (TAG "4") UID PARTIAL (1:10 NIL) > 4 OK Search completed (0.000 secs). Ugh. This was slightly broken in earlier versions, but in v2.2.11 I broke it completely by misunderstanding what it was supposed to do. And after now fixing it nicely for SEARCH PARTIAL I realize that it's again broken for SORT PARTIAL. So, back to the original code with the correct minor fix..: http://hg.dovecot.org/dovecot-2.2/rev/32b6a95c95cc I also updated imaptest to check for the SEARCH PARTIAL. Oh and the reason why CONTEXT=SORT isn't advertised is because SORT RETURN (UPDATE) doesn't work. From tss at iki.fi Mon May 5 11:29:19 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 May 2014 14:29:19 +0300 Subject: [Dovecot] %{orig_user} missing in checkpassword-Script In-Reply-To: References: Message-ID: <2BA8A9EA-4F92-4B9C-9766-FA685E9CBE1C@iki.fi> OK, added: http://hg.dovecot.org/dovecot-2.2/rev/1e099feb1dea On 3.5.2014, at 15.32, dovecot.pkoch at dfgh.net wrote: > Dear dovecot maintainers: > > I'm using SSL client certificates together with a checkpassword scripts > to authenticate our users. > > My problem is: In the checkpassword script the AUTH_USER environment > variable will either contain the username that was configured in the > mailclient (if auth_ssl_username_from_cert=false) or the username > from the certificate (if auth_ssl_username_from_cert=true). > > I would like to compare both values, i.e. the %{user} Dovecot-variable > and the %{orig_user} Dovecot-variable. But the environment of a > checkpassword-script has only one of them. > > I tried myself and found the following: > - the environment of a checkpassword script is setup by > checkpassword_setup_env() in db-checkpassword.c > - checkpassword_setup_env() calls env_put_auth_vars() > - env_put_auth_vars() creates AUTH_xxx environment variables for all > entries of the auth_request_get_var_expand_table() > - the auth_request_get_var_expand_table_full() routine does not contain the > original user, but the auth_request-struct does. > > So I changed the dovecot sourcecode (version 2.2.12) as follows > > In src/auth/auth-request.h line 152 I replaced > #define AUTH_REQUEST_VAR_TAB_COUNT 27 > by > #define AUTH_REQUEST_VAR_TAB_COUNT 30 > > In src/auth/auth-request.c around line 2027 I replaced the > following lines at the end of auth_request_var_expand_static_tab > > { '\0', NULL, "session_pid" }, > /* be sure to update AUTH_REQUEST_VAR_TAB_COUNT */ > { '\0', NULL, NULL } > }; > > by > > { '\0', NULL, "session_pid" }, > { '\0', NULL, "orig_user" }, > { '\0', NULL, "orig_username" }, > { '\0', NULL, "orig_domain" }, > /* be sure to update AUTH_REQUEST_VAR_TAB_COUNT */ > { '\0', NULL, NULL } > }; > > In src/auth/auth-request.c around line 2116 I replaced the > following lines at the end of function > auth_request_get_var_expand_table_full() > > tab[26].value = auth_request->session_pid == (pid_t)-1 ? NULL : > dec2str(auth_request->session_pid); > return ret_tab; > > by > > tab[26].value = auth_request->session_pid == (pid_t)-1 ? NULL : > dec2str(auth_request->session_pid); > if (auth_request->original_username != NULL) { > tab[27].value = > escape_func(auth_request->original_username, auth_request); > tab[28].value = > escape_func(t_strcut(auth_request->original_username, '@'), auth_request); > tab[29].value = strchr(auth_request->original_username, > '@'); > if (tab[29].value != NULL) { > tab[29].value = escape_func(tab[29].value+1, > auth_request); > } > } > return ret_tab; > > This will add AUTH_ORIG_USER, AUTH_ORIG_USERNAME and AUTH_ORIG_DOMAIN > environment variables to the environment of every checkpassword script. > > If this is the correct way to extend the environment of a > chackpassword-script > then you might consider adding these minor changes to the dovecot-source. > > Kind regards and thanks very much for this wonderful project > > Peter Koch From tss at iki.fi Mon May 5 12:24:44 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 May 2014 15:24:44 +0300 Subject: [Dovecot] When the subject portion of an e-mail contains a control character, dovecot.sieve terminates unexpectatedly. In-Reply-To: <536356F2.2050903@designet.co.jp> References: <536356F2.2050903@designet.co.jp> Message-ID: <1C04DA02-D04A-4EC0-A44C-7C4EA1F5D762@iki.fi> On 2.5.2014, at 11.27, Atsuko Tanaka wrote: > We have currently set dovecot.sieve to insert the text "[SPAM]" at the > beginning of an e-mail's subject when it's X-Spam-Score is above 80%. > After we set our system as stated the following errors occur: > > 1) When an e-mail's subject contains control characters like > [Ctrl+V|^V], dovecot.sieve terminates with an error and an e-mail is not > able to be sent. When a MIME encoded Subject like [????^V????] is sent > we're not able to edit the subject and dovecot ends with an error. .. > Aside from [Ctrl + V] the following control charcters also cause errors: > backspace > Ctrl + A > Ctrl + C > Ctrl + [ > Ctrl + X > Ctrl + Y > > 2) When an e-mail's subject line contains a "\0" character, everything > following the null character is deleted. Is there a reason why mails contain these kind of control characters? Is it commonly used? And is it OK if Dovecot translates them to UTF-8 for the rewritten header, or would the subject have to stay ISO-2022-JP encoded? From tss at iki.fi Mon May 5 13:14:59 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 May 2014 16:14:59 +0300 Subject: [Dovecot] Segfault in dovecot-lda when resolver is unavailable In-Reply-To: <53582D85.8080000@mejor.pl> References: <53582D85.8080000@mejor.pl> Message-ID: <1406B655-F5A9-47CF-AED9-F17E18BFD625@iki.fi> On 24.4.2014, at 0.15, Marcin Miros?aw wrote: > Recently I noticed that dovecot-lda throws segfault when resolver is > unavailable and with imapc configured. I can't easily reproduce this. > #0 0x000002b612afaf72 in _int_free (av=0x2b612e215c0 , > p=0x1b23bfabe0, have_lock=0) at malloc.c:3903 > #1 0x000002b612e96a4e in buffer_free (_buf=_buf at entry=0x1b23bfa948) at > buffer.c:144 > #2 0x000002b612ebeca8 in array_free_i (array=0x1b23bfa948) at array.h:108 > #3 priorityq_deinit (_pq=_pq at entry=0x1b23bfabb0) at priorityq.c:38 > #4 0x000002b612eafa57 in io_loop_destroy > (_ioloop=_ioloop at entry=0x395a4da91d0) at ioloop.c:495 This also looks like some kind of memory corruption, which isn't good. Can you try this with valgrind? valgrind /usr/libexec/dovecot/deliver -d marcin at mejor.pl From tss at iki.fi Mon May 5 13:25:44 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 5 May 2014 16:25:44 +0300 Subject: [Dovecot] doveadm auth and the "nologin" extra field In-Reply-To: <592C9BCA-7063-4441-B523-A15BE011967F@skynet.be> References: <592C9BCA-7063-4441-B523-A15BE011967F@skynet.be> Message-ID: <6BD4FFAB-9BCE-432F-8B8B-1B86BF22DCEF@iki.fi> Not intentional, and since it can cause confusion I removed it: http://hg.dovecot.org/dovecot-2.2/rev/3a5304b63f88 On 18.4.2014, at 10.54, Axel Luttgens wrote: > Hello, > > Still busy with details... > > Considering, as in my previous example, a password_query returning '!' or NULL for the "nologin" column, depending on an account's status (suspended or not). > > Let's consider a suspended user "some.user". > > In the case of a successful authentication, one has: > > sh-3.2# doveadm auth test some.user goodpassword; echo $? > passdb: some.user auth succeeded > extra fields: > user=some.user > nologin > 0 > > On the other hand, in the case of an authentication failure: > > sh-3.2# doveadm auth test some.user badpassword; echo $? > passdb: some.user auth failed > extra fields: > user=some.user > nologin=! > 77 > > So, this is similar to what happens in a connection (pop3, imap...): when present, the nologin info is always taken into account, even in the case of an authentication failure. > > Again, this may raise some concerns about the consistency of such a behavior. > Is this guaranteed to always behave that way, because of some rationale I'm currently missing, or does it go about some overlooked combination, liable to be inadvertently "corrected" in the future? > I haven't been able to find a definitive answer in the wiki or in the code about such matters. > > This is particularly important in the case of doveadm, since its output requires parsing for extracting such informations (the exit code alone isn't sufficient); should above behavior be changed without notice, and a script could suddenly take the worst decisions... > > BTW, why: > nologin > in the first output, and: > nologin=! > in the second output? > > > TIA, > Axel From marcin at mejor.pl Mon May 5 13:49:11 2014 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Mon, 05 May 2014 15:49:11 +0200 Subject: [Dovecot] Segfault in dovecot-lda when resolver is unavailable In-Reply-To: <1406B655-F5A9-47CF-AED9-F17E18BFD625@iki.fi> References: <53582D85.8080000@mejor.pl> <1406B655-F5A9-47CF-AED9-F17E18BFD625@iki.fi> Message-ID: <536796D7.4010103@mejor.pl> W dniu 05.05.2014 15:14, Timo Sirainen pisze: Hi Timo, hi all! > On 24.4.2014, at 0.15, Marcin Miros?aw wrote: > >> Recently I noticed that dovecot-lda throws segfault when resolver is >> unavailable and with imapc configured. > > I can't easily reproduce this. > >> #0 0x000002b612afaf72 in _int_free (av=0x2b612e215c0 , >> p=0x1b23bfabe0, have_lock=0) at malloc.c:3903 >> #1 0x000002b612e96a4e in buffer_free (_buf=_buf at entry=0x1b23bfa948) at >> buffer.c:144 >> #2 0x000002b612ebeca8 in array_free_i (array=0x1b23bfa948) at array.h:108 >> #3 priorityq_deinit (_pq=_pq at entry=0x1b23bfabb0) at priorityq.c:38 >> #4 0x000002b612eafa57 in io_loop_destroy >> (_ioloop=_ioloop at entry=0x395a4da91d0) at ioloop.c:495 > > This also looks like some kind of memory corruption, which isn't good. Can you try this with valgrind? > > valgrind /usr/libexec/dovecot/deliver -d marcin at mejor.pl # valgrind /usr/libexec/dovecot/deliver -d marcin at mejor.pl References: <5326987F.3060403@gmx.de> Message-ID: <53679BDE.3060207@gmx.de> Is there really no one with this problem? From h.reindl at thelounge.net Mon May 5 14:16:19 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 05 May 2014 16:16:19 +0200 Subject: [Dovecot] mdbox-files over 2 MB In-Reply-To: <53679BDE.3060207@gmx.de> References: <5326987F.3060403@gmx.de> <53679BDE.3060207@gmx.de> Message-ID: <53679D33.1070808@thelounge.net> Am 05.05.2014 16:10, schrieb Hardy Flor: > Is there really no one with this problem? next time quote the problem instead demand others to seek for you in the archives -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From axel.luttgens at skynet.be Mon May 5 16:02:48 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Mon, 5 May 2014 18:02:48 +0200 Subject: [Dovecot] doveadm auth and the "nologin" extra field In-Reply-To: <6BD4FFAB-9BCE-432F-8B8B-1B86BF22DCEF@iki.fi> References: <592C9BCA-7063-4441-B523-A15BE011967F@skynet.be> <6BD4FFAB-9BCE-432F-8B8B-1B86BF22DCEF@iki.fi> Message-ID: <57097BC8-040D-48EA-A7D6-5FDB93A8BE2B@skynet.be> Le 5 mai 2014 ? 15:25, Timo Sirainen a ?crit : > Not intentional, and since it can cause confusion I removed it: http://hg.dovecot.org/dovecot-2.2/rev/3a5304b63f88 Hmmm... this was a too easy one. ;-) Once again, many thanks Timo, Axel From bov at bsdpanic.com Mon May 5 16:39:42 2014 From: bov at bsdpanic.com (SIW) Date: Mon, 05 May 2014 17:39:42 +0100 Subject: [Dovecot] Disable IMAP for ONE user only Message-ID: <5367BECE.9090401@bsdpanic.com> I use MySQL to store my virtual users passwords and I am running the latest version of Dovecot. What I need to do is have one particular user have ONLY access to their email via Roundcube (webmail) and no IMAP/SMTP access. Therefore, how do I disable IMAP/SMTP access for just one user? From marcin at mejor.pl Mon May 5 17:21:28 2014 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Mon, 05 May 2014 19:21:28 +0200 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5367BECE.9090401@bsdpanic.com> References: <5367BECE.9090401@bsdpanic.com> Message-ID: <5367C898.9020708@mejor.pl> W dniu 2014-05-05 18:39, SIW pisze: > I use MySQL to store my virtual users passwords and I am running the > latest version of Dovecot. > > What I need to do is have one particular user have ONLY access to their > email via Roundcube (webmail) and no IMAP/SMTP access. > > Therefore, how do I disable IMAP/SMTP access for just one user? > Hi! Use variable %s in query (http://wiki2.dovecot.org/Variables ). E.g. you can use new column in table or use CASE in SELECT statement if you don't need to change schema of table. Regards, Marcin From marcin at mejor.pl Mon May 5 17:56:23 2014 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Mon, 05 May 2014 19:56:23 +0200 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5367C898.9020708@mejor.pl> References: <5367BECE.9090401@bsdpanic.com> <5367C898.9020708@mejor.pl> Message-ID: <5367D0C7.5000809@mejor.pl> W dniu 2014-05-05 19:21, Marcin Miros?aw pisze: > W dniu 2014-05-05 18:39, SIW pisze: >> I use MySQL to store my virtual users passwords and I am running the >> latest version of Dovecot. >> >> What I need to do is have one particular user have ONLY access to their >> email via Roundcube (webmail) and no IMAP/SMTP access. >> >> Therefore, how do I disable IMAP/SMTP access for just one user? >> > Hi! > Use variable %s in query (http://wiki2.dovecot.org/Variables ). E.g. you > can use new column in table or use CASE in SELECT statement if you don't > need to change schema of table. Simpler query could look SELECT foo FROM bar WHERE ... AND (%u !='blocked at user' AND %s != 'imap') From rick at havokmon.com Mon May 5 18:00:34 2014 From: rick at havokmon.com (Rick Romero) Date: Mon, 05 May 2014 13:00:34 -0500 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5367D0C7.5000809@mejor.pl> References: <5367BECE.9090401@bsdpanic.com> <5367C898.9020708@mejor.pl> <5367D0C7.5000809@mejor.pl> Message-ID: <20140505130034.Horde.AFj9ad8LvUGRftbwlhegbw4@www.vfemail.net> Quoting Marcin Miros?aw : > W dniu 2014-05-05 19:21, Marcin Miros?aw pisze: >> W dniu 2014-05-05 18:39, SIW pisze: >>> I use MySQL to store my virtual users passwords and I am running the >>> latest version of Dovecot. >>> >>> What I need to do is have one particular user have ONLY access to their >>> email via Roundcube (webmail) and no IMAP/SMTP access. >>> >>> Therefore, how do I disable IMAP/SMTP access for just one user? >> >> Hi! >> Use variable %s in query (http://wiki2.dovecot.org/Variables ). E.g. you >> can use new column in table or use CASE in SELECT statement if you don't >> need to change schema of table. > > Simpler query could look SELECT foo FROM bar WHERE ... AND > (%u!='blocked at user' AND %s != 'imap') You can also use Bit Operators directly via SQL - like in vpopmail.? http://wiki2.dovecot.org/AuthDatabase/VPopMail From dar at darklajid.de Mon May 5 18:05:40 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Mon, 05 May 2014 20:05:40 +0200 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5367BECE.9090401@bsdpanic.com> References: <5367BECE.9090401@bsdpanic.com> Message-ID: <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> I'm confused. Roundcube's using imap, so how are the %s queries helping? Isn't the real question "How can I limit imap to specific clients/localhost, depending on the user"? On May 5, 2014 6:39:42 PM CEST, SIW wrote: >I use MySQL to store my virtual users passwords and I am running the >latest version of Dovecot. > >What I need to do is have one particular user have ONLY access to their > >email via Roundcube (webmail) and no IMAP/SMTP access. > >Therefore, how do I disable IMAP/SMTP access for just one user? -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From gedalya at gedalya.net Mon May 5 18:11:03 2014 From: gedalya at gedalya.net (Gedalya) Date: Mon, 05 May 2014 14:11:03 -0400 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> Message-ID: <5367D437.7030605@gedalya.net> http://wiki2.dovecot.org/Variables see: %r / rip On 05/05/2014 02:05 PM, Benjamin Podszun wrote: > I'm confused. Roundcube's using imap, so how are the %s queries helping? > Isn't the real question "How can I limit imap to specific clients/localhost, depending on the user"? > > On May 5, 2014 6:39:42 PM CEST, SIW wrote: >> I use MySQL to store my virtual users passwords and I am running the >> latest version of Dovecot. >> >> What I need to do is have one particular user have ONLY access to their >> >> email via Roundcube (webmail) and no IMAP/SMTP access. >> >> Therefore, how do I disable IMAP/SMTP access for just one user? From gedalya at gedalya.net Mon May 5 18:14:02 2014 From: gedalya at gedalya.net (Gedalya) Date: Mon, 05 May 2014 14:14:02 -0400 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> Message-ID: <5367D4EA.2030505@gedalya.net> From dovecont.conf : # Most (but not all) settings can be overridden by different protocols and/or # source/destination IPs by placing the settings inside sections, for example: # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } So maybe you can even set up an overriding passdb {} inside of a remote x.x.x.x/x {} On 05/05/2014 02:05 PM, Benjamin Podszun wrote: > I'm confused. Roundcube's using imap, so how are the %s queries helping? > Isn't the real question "How can I limit imap to specific clients/localhost, depending on the user"? > > On May 5, 2014 6:39:42 PM CEST, SIW wrote: >> I use MySQL to store my virtual users passwords and I am running the >> latest version of Dovecot. >> >> What I need to do is have one particular user have ONLY access to their >> >> email via Roundcube (webmail) and no IMAP/SMTP access. >> >> Therefore, how do I disable IMAP/SMTP access for just one user? From patrickdk at patrickdk.com Mon May 5 19:23:05 2014 From: patrickdk at patrickdk.com (Patrick Domack) Date: Mon, 05 May 2014 15:23:05 -0400 Subject: [Dovecot] mdbox-files over 2 MB In-Reply-To: <53679D33.1070808@thelounge.net> References: <5326987F.3060403@gmx.de> <53679BDE.3060207@gmx.de> <53679D33.1070808@thelounge.net> Message-ID: <20140505152305.Horde.RPh72252cnResSssDZVBSw1@mail.patrickdk.com> Quoting Reindl Harald : > Am 05.05.2014 16:10, schrieb Hardy Flor: >> Is there really no one with this problem? > > next time quote the problem instead demand > others to seek for you in the archives Even searching for him in the archives, I have no idea what he thinks is a problem. I know I have no issues using mdbox, with 2mb or 50mb rotate sizes. From stephan at rename-it.nl Mon May 5 19:30:29 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 05 May 2014 21:30:29 +0200 Subject: [Dovecot] Status of sieve-extdata? In-Reply-To: <535F6A66.7010504@thinline.cz> References: <535F6A66.7010504@thinline.cz> Message-ID: <5367E6D5.2030307@rename-it.nl> On 4/29/2014 11:01 AM, Jiri Bourek wrote: > Hi, > > I'd like to ask about status of extdata plugin for sieve. The wiki > page (http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extdata) > mentions versions for PigeonHole 0.2 and 0.3, but there seems to be no > version for 0.4 and Dovecot 2.2. > > Is the plugin dead or is it planned to make version for Dovecot 2.2 > (when time allows I guess)? It is not dead, but I haven't seen much interest for it either. Anyway, I quickly made a v0.4 version: http://hg.rename-it.nl/pigeonhole-0.4-sieve-extdata/ Regards, Stephan. From bov at bsdpanic.com Mon May 5 20:05:52 2014 From: bov at bsdpanic.com (SIW) Date: Mon, 05 May 2014 21:05:52 +0100 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> Message-ID: <5367EF20.50407@bsdpanic.com> Thats a good point. If I block IMAP/SMTP access to ONE user does that mean that particular user can't use Roundcube anymore? I basically want one user to ONLY be able to send/receive/view their email in Roundcube and not be able to send/receive/view email from any other client (ie: Thunderbird, K9 email on Andriod, Outlook etc). On 05/05/2014 19:05, Benjamin Podszun wrote: > I'm confused. Roundcube's using imap, so how are the %s queries helping? > Isn't the real question "How can I limit imap to specific clients/localhost, depending on the user"? > > On May 5, 2014 6:39:42 PM CEST, SIW wrote: >> I use MySQL to store my virtual users passwords and I am running the >> latest version of Dovecot. >> >> What I need to do is have one particular user have ONLY access to their >> >> email via Roundcube (webmail) and no IMAP/SMTP access. >> >> Therefore, how do I disable IMAP/SMTP access for just one user? From professa at dementianati.com Mon May 5 20:13:16 2014 From: professa at dementianati.com (Professa Dementia) Date: Mon, 05 May 2014 13:13:16 -0700 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5367EF20.50407@bsdpanic.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> Message-ID: <5367F0DC.4010502@dementianati.com> On 5/5/2014 1:05 PM, SIW wrote: > Thats a good point. > > If I block IMAP/SMTP access to ONE user does that mean that particular > user can't use Roundcube anymore? That is correct. If you block IMAP, then webmail will not work. Webmail clients are just IMAP proxies. If the roundcube you want the user to utilize is running on a specific server, then you can allow IMAP only from the IP address of that server. However, usually when I hear an admin wanting to restrict only one user to some limited access option, it is usually a policy issue and not a technical one. Trying to employ a technical solution is usually the wrong way of doing it. Why are you trying to limit just this one user? Dem From Jochen.Bern at LINworks.de Mon May 5 20:13:58 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Mon, 05 May 2014 22:13:58 +0200 Subject: [Dovecot] Broken IMAPS Connects Create Lingering imap-login Processes Message-ID: <5367F106.9040800@LINworks.de> Hello everyone, we are running a central server (CentOS 6.5, dovecot-2.0.9-7.el6 with a small patch to disable the IMAP CREATE command, and openssl-1.0.1e-16.el6_5.7) and distribute standard client software to customer( site)s. The clients do IMAPS connects in regular intervals (no IDLE, no lingering logins) and authenticate with certs issued by a dedicated PKI ("auth_ssl_username_from_cert = yes" and a static global password). One of the customers has a major networking problem that hasn't been fully analyzed yet. Sniffing his IMAPS connects on the server side, I see no (necessarily fragmented) TLSv1 Client Cert + Key Exchange happen; instead, after ~60s, we receive a single packet with "TLSv1 Certificate Verify, Change Cipher Spec, Encrypted Handshake Message" *and* the TCP FIN+PSH+ACK flags set. The problem I'ld like to ask for help with here is that dovecot's imap-login process doesn't terminate when the FIN is received, or when the IMAP protocol's inactivity timeout is reached, it takes *more than two hours* for it to go away. Because of that, this single client racks up 1100+ processes (counting against dovecot's configured limits), TCP connections, and the associated RAM usage. (Since the client cert is obviously never received, the default mail_max_userip_connections of 10 doesn't come into play, either.) Is there any way - short of hexing a negative feedback loop straight into the iptables - to prevent this kind of buildup? Kind regards, J. Bern > [root ~]# date ; ps auwwwx --forest | grep -A 12 '/dove[c]ot' > Mo 5. Mai 21:45:39 CEST 2014 > root 25297 0.8 0.0 19568 824 ? Ss Apr30 64:44 /usr/sbin/dovecot > dovecot 25299 0.1 0.1 17996 5828 ? S Apr30 11:52 \_ dovecot/anvil [1147 connections] > root 25300 0.1 0.0 13388 1220 ? S Apr30 8:07 \_ dovecot/log > root 25301 0.0 0.0 39596 1564 ? S Apr30 2:21 \_ dovecot/ssl-params > dovecot 25304 0.3 0.0 78384 3552 ? S Apr30 22:13 \_ dovecot/auth [0 wait, 0 passdb, 0 userdb] > root 13161 0.3 0.3 25236 13352 ? S May04 7:11 \_ dovecot/config > root 18384 0.2 0.2 20080 8200 ? S 08:20 1:37 \_ dovecot/config [... long-running IMAP login by the operators ...] > dovenull 12064 0.0 0.0 42440 3656 ? S 19:32 0:00 \_ dovecot/imap-login [1 connections (1 TLS)] > dovenull 12441 0.0 0.0 42440 3656 ? S 19:32 0:00 \_ dovecot/imap-login [1 connections (1 TLS)] > dovenull 12495 0.0 0.0 42440 3656 ? S 19:32 0:00 \_ dovecot/imap-login [1 connections (1 TLS)] > dovenull 12496 0.0 0.0 42440 3652 ? S 19:32 0:00 \_ dovecot/imap-login [1 connections (1 TLS)] > [root ~]# doveconf -n > # 2.0.9: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-431.3.1.el6.x86_64 x86_64 CentOS release 6.5 (Final) > auth_ssl_require_client_cert = yes > auth_ssl_username_from_cert = yes > listen = [...] > login_greeting = [...] > mail_location = maildir:~ > mail_log_prefix = "%s(%u)[%p]: " > mbox_write_locks = fcntl > passdb { > args = password=[...] > driver = static > } > plugin { > mail_log_events = delete undelete expunge > mail_log_fields = uid msgid size vsize flags > } > protocols = imap > service anvil { > client_limit = 3605 > } > service auth { > client_limit = 7000 > } > service imap-login { > process_limit = 3500 > } > service imap { > process_limit = 3500 > } > ssl = required > ssl_ca = ssl_cert = ssl_key = ssl_verify_client_cert = yes > userdb { > args = uid=mandanten gid=mandanten home=/[...]/%Ld_[...]/%Ln > driver = static > } > verbose_proctitle = yes > protocol imap { > mail_plugins = " mail_log notify" > } -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From h.reindl at thelounge.net Mon May 5 20:17:36 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 05 May 2014 22:17:36 +0200 Subject: [Dovecot] Broken IMAPS Connects Create Lingering imap-login Processes In-Reply-To: <5367F106.9040800@LINworks.de> References: <5367F106.9040800@LINworks.de> Message-ID: <5367F1E0.1040503@thelounge.net> Am 05.05.2014 22:13, schrieb Jochen Bern: > One of the customers has a major networking problem that hasn't been > fully analyzed yet. Sniffing his IMAPS connects on the server side, I > see no (necessarily fragmented) TLSv1 Client Cert + Key Exchange happen; > instead, after ~60s, we receive a single packet with "TLSv1 Certificate > Verify, Change Cipher Spec, Encrypted Handshake Message" *and* the TCP > FIN+PSH+ACK flags set ask that user to restart his network-devices i faced it way too often in the last few years that encrypted connections where broken on customers side and after restart his crap of router all went fine again -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From bov at bsdpanic.com Mon May 5 20:24:02 2014 From: bov at bsdpanic.com (SIW) Date: Mon, 05 May 2014 21:24:02 +0100 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5367F0DC.4010502@dementianati.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> Message-ID: <5367F362.1070007@bsdpanic.com> I'm glad you asked. Heres the challenge: When I travel overseas I sometimes need to use a computer at an internet cafe to access my email via a browser. I use Googles Authenticator to generate a OTP that I use with Roundcube so I have two factor authentication. All seems secure right? Wrong. If someone records my login credentials on the untrusted internet computer then they can use those login credentials to access my email via IMAP (ie: Thunderbird). (its happened before) Yes, I know I should use my own trusted device but in some cases that just is NOT an option. Therefore, how can I access my email via a browser that is safe from keyloggers at internet cafes? I'm open to all ideas at this point! What I was originally thinking was having a second copy of my mailbox that was updated every hour (from my live mailbox) and that I had a separate login to it that ONLY had rights to read/send via Roundcube (ie: No access with IMAP clients such as Thunderbird, K9 etc). I was thinking of using Application Specific Passwords but this doesn't solve the issue either as once sometime records my login credentials that can use it to access IMAP. Roundcube is secure in all of this...its IMAP that I am battling with securing... On 05/05/2014 21:13, Professa Dementia wrote: > On 5/5/2014 1:05 PM, SIW wrote: >> Thats a good point. >> >> If I block IMAP/SMTP access to ONE user does that mean that particular >> user can't use Roundcube anymore? > That is correct. If you block IMAP, then webmail will not work. > > Webmail clients are just IMAP proxies. If the roundcube you want the > user to utilize is running on a specific server, then you can allow IMAP > only from the IP address of that server. > > However, usually when I hear an admin wanting to restrict only one user > to some limited access option, it is usually a policy issue and not a > technical one. Trying to employ a technical solution is usually the > wrong way of doing it. > > Why are you trying to limit just this one user? > > Dem From rick at havokmon.com Mon May 5 20:32:14 2014 From: rick at havokmon.com (Rick Romero) Date: Mon, 05 May 2014 15:32:14 -0500 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5367F0DC.4010502@dementianati.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> Message-ID: <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> Quoting Professa Dementia : > On 5/5/2014 1:05 PM, SIW wrote: >> Thats a good point. >> >> If I block IMAP/SMTP access to ONE user does that mean that particular >> user can't use Roundcube anymore? > > That is correct.? If you block IMAP, then webmail will not work. > ? Not necessarily.? From: http://wiki2.dovecot.org/AuthDatabase/VPopMail "logically this means: show password for user=%n at domain=%d when imap on the account is not disabled and connection is not comming from localhost when webmail access on the account is not disabled and if imap for the domain is not disabled and (connection is not comming from localhost when webmail access for the domain is not disabled) when vlimits are not overriden on the account " # password_query = select pw_passwd as password FROM vpopmail LEFT JOIN limits ON vpopmail.pw_domain=limits.domain WHERE pw_name='%n' and pw_domain='%d' and !(pw_gid & 8) and ('%r'!='127.0.0.1' or !(pw_gid & 4)) and ( ('%r'!='127.0.0.1' or COALESCE(disable_webmail,0)!=1) and COALESCE(disable_imap,0)!=1 or (pw_gid & 8192) ); So construct your SQL query in a way that your bit field in MySQL disables all access for a single user except when the source IP is your webmail server. If you want multiple passwords, you can modify the password_query with iif statements based on the source IP or protocol.? Like: select iif(%r == '127.0.0.1' & pw_name== 'yourname' & pw_domain='yourdomain',pw_webmailpasswrd,pw_passwd) as pw_passwd from vpopmail ..... Of course that's specific to the vpopmail table... modify as needed for your own table structure... Rick From bov at bsdpanic.com Mon May 5 20:44:23 2014 From: bov at bsdpanic.com (SIW) Date: Mon, 05 May 2014 21:44:23 +0100 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> Message-ID: <5367F827.1000401@bsdpanic.com> Hi Rick I really appreciate your response! Unfortunately my SQL is, how can we say, very basic. I built my server using the Linode guide at: https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql Currently my password query looks as follows: password_query = SELECT email as user, password FROM virtual_users WHERE email='%u'; I'm not familiar with VPopMail, would I need it in this situation? Currently I use Postfix/Dovecot/MySQL/Apache/Roundcube. On 05/05/2014 21:32, Rick Romero wrote: > Quoting Professa Dementia : > >> On 5/5/2014 1:05 PM, SIW wrote: >>> Thats a good point. >>> >>> If I block IMAP/SMTP access to ONE user does that mean that particular >>> user can't use Roundcube anymore? >> >> That is correct. If you block IMAP, then webmail will not work. >> > > Not necessarily. > > From: > http://wiki2.dovecot.org/AuthDatabase/VPopMail > > "logically this means: show password for user=%n at domain=%d when > imap on > the account is not disabled and connection is not comming from localhost > when webmail access on the account is not disabled and if imap for the > domain is not disabled and (connection is not comming from localhost when > webmail access for the domain is not disabled) when vlimits are not > overriden on the account " > # > password_query = select pw_passwd as password FROM vpopmail LEFT JOIN > limits ON vpopmail.pw_domain=limits.domain WHERE pw_name='%n' and > pw_domain='%d' and !(pw_gid & 8) and ('%r'!='127.0.0.1' or !(pw_gid & 4)) > and ( ('%r'!='127.0.0.1' or COALESCE(disable_webmail,0)!=1) and > COALESCE(disable_imap,0)!=1 or (pw_gid & 8192) ); > > So construct your SQL query in a way that your bit field in MySQL > disables > all access for a single user except when the source IP is your webmail > server. > > If you want multiple passwords, you can modify the password_query with > iif > statements based on the source IP or protocol. > > Like: > select iif(%r == '127.0.0.1' & pw_name== 'yourname' & > pw_domain='yourdomain',pw_webmailpasswrd,pw_passwd) as pw_passwd from > vpopmail ..... > Of course that's specific to the vpopmail table... modify as needed for > your own table structure... > > Rick From rick at havokmon.com Mon May 5 21:13:54 2014 From: rick at havokmon.com (Rick Romero) Date: Mon, 05 May 2014 16:13:54 -0500 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5367F827.1000401@bsdpanic.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> <5367F827.1000401@bsdpanic.com> Message-ID: <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> You don't need vpopmail - that's just an example.? It has it's own table structure. ?? Are you the only user - I missed that part of the question.? If so, ignore the 'Bit Operator' part, you won't need it.? That's to allow different types of access per user (and makes the query that much more complex). Change your user table structure and add a 2nd password field named 'imap_password', then change your Dovecot query SQL to the below: SELECT email as user, if(%r == '127.0.0.1', password,imap_password) as password FROM virtual_users WHERE email='%u'; That will return the contents of 'password' when you use webmail (assuming it's all installed on one box), and 'imap_password' when you connect from any other system.? If you're unfamiliar with modifing MySQL tables, install phpmyadmin (and lock it down) or another visual MySQL client. If there are multiple users, you'll need to either change the query to just match your username or add another field to do a bit check and make the query more complex... :) Rick Quoting SIW : > Hi Rick > > I really appreciate your response! > > Unfortunately my SQL is, how can we say, very basic. I built my server > using the Linode guide at: > > https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql > > Currently my password query looks as follows: > > password_query = SELECT email as user, password FROM virtual_users WHERE > email='%u'; > > I'm not familiar with VPopMail, would I need it in this situation? > Currently I use Postfix/Dovecot/MySQL/Apache/Roundcube. > > On 05/05/2014 21:32, Rick Romero wrote: >> Quoting Professa Dementia : >> >>> On 5/5/2014 1:05 PM, SIW wrote: >>>> Thats a good point. >>>> >>>> If I block IMAP/SMTP access to ONE user does that mean that particular >>>> user can't use Roundcube anymore? >>> >>> That is correct.? If you block IMAP, then webmail will not work. >> >> Not necessarily. >> >> From: >> http://wiki2.dovecot.org/AuthDatabase/VPopMail >> >> "logically this means: show password for user=%n at domain=%d when imap >> on >> the account is not disabled and connection is not comming from localhost >> when webmail access on the account is not disabled and if imap for the >> domain is not disabled and (connection is not comming from localhost when >> webmail access for the domain is not disabled) when vlimits are not >> overriden on the account " >> # >> password_query = select pw_passwd as password FROM vpopmail LEFT JOIN >> limits ON vpopmail.pw_domain=limits.domain WHERE pw_name='%n' and >> pw_domain='%d' and !(pw_gid & 8) and ('%r'!='127.0.0.1' or !(pw_gid & 4)) >> and ( ('%r'!='127.0.0.1' or COALESCE(disable_webmail,0)!=1) and >> COALESCE(disable_imap,0)!=1 or (pw_gid & 8192) ); >> >> So construct your SQL query in a way that your bit field in MySQL >> disables >> all access for a single user except when the source IP is your webmail >> server. >> >> If you want multiple passwords, you can modify the password_query with >> iif >> statements based on the source IP or protocol. >> >> Like: >> select iif(%r == '127.0.0.1' & pw_name== 'yourname' & >> pw_domain='yourdomain',pw_webmailpasswrd,pw_passwd) as pw_passwd from >> vpopmail ..... >> Of course that's specific to the vpopmail table... modify as needed for >> your own table structure... >> Rick > > ? From bov at bsdpanic.com Mon May 5 21:26:07 2014 From: bov at bsdpanic.com (SIW) Date: Mon, 05 May 2014 22:26:07 +0100 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> <5367F827.1000401@bsdpanic.com> <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> Message-ID: <536801EF.1040109@bsdpanic.com> Thanks Rick! I have a handful of users on the server but I am the only one requiring secure access to my mail while travelling. Everything is installed on one box. I will give you recommendation a try so thank you for that. One option I was thinking about is as well, is it possible to use "throw away one time passwords" with my setup? As described here: http://blog.kevinvandervlist.nl/projects/roundcube-static-otp/ It would be *perfect* if I could access my mail "normally" from an IMAP client (Thunderbord/K9) using a strong password and then use a OTP (using Googles Authenticator) with a "throw away password" that can ONLY be used once! This would allow me to login at an internet cafe with a throw away password and not care if its being recorded as it could only be used once anyway and couldn't be used with IMAP. is this a possibility? I'm just trying to consider all the ideas :-) On 05/05/2014 22:13, Rick Romero wrote: > You don't need vpopmail - that's just an example. It has it's own table > structure. > > Are you the only user - I missed that part of the question. If so, > ignore > the 'Bit Operator' part, you won't need it. That's to allow different > types of access per user (and makes the query that much more complex). > > Change your user table structure and add a 2nd password field named > 'imap_password', then change your Dovecot query SQL to the below: > > SELECT email as user, if(%r == '127.0.0.1', password,imap_password) as > password FROM virtual_users WHERE email='%u'; > > That will return the contents of 'password' when you use webmail > (assuming > it's all installed on one box), and 'imap_password' when you connect from > any other system. > > If you're unfamiliar with modifing MySQL tables, install phpmyadmin (and > lock it down) or another visual MySQL client. > > If there are multiple users, you'll need to either change the query to > just > match your username or add another field to do a bit check and make the > query more complex... :) > > Rick > > Quoting SIW : > >> Hi Rick >> >> I really appreciate your response! >> >> Unfortunately my SQL is, how can we say, very basic. I built my server >> using the Linode guide at: >> >> https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql >> >> >> Currently my password query looks as follows: >> >> password_query = SELECT email as user, password FROM virtual_users WHERE >> email='%u'; >> >> I'm not familiar with VPopMail, would I need it in this situation? >> Currently I use Postfix/Dovecot/MySQL/Apache/Roundcube. >> >> On 05/05/2014 21:32, Rick Romero wrote: >>> Quoting Professa Dementia : >>> >>>> On 5/5/2014 1:05 PM, SIW wrote: >>>>> Thats a good point. >>>>> >>>>> If I block IMAP/SMTP access to ONE user does that mean that >>>>> particular >>>>> user can't use Roundcube anymore? >>>> >>>> That is correct. If you block IMAP, then webmail will not work. >>> >>> Not necessarily. >>> >>> From: >>> http://wiki2.dovecot.org/AuthDatabase/VPopMail >>> >>> "logically this means: show password for user=%n at domain=%d when imap >>> on >>> the account is not disabled and connection is not comming from >>> localhost >>> when webmail access on the account is not disabled and if imap for the >>> domain is not disabled and (connection is not comming from localhost > when >>> webmail access for the domain is not disabled) when vlimits are not >>> overriden on the account " >>> # >>> password_query = select pw_passwd as password FROM vpopmail LEFT JOIN >>> limits ON vpopmail.pw_domain=limits.domain WHERE pw_name='%n' and >>> pw_domain='%d' and !(pw_gid & 8) and ('%r'!='127.0.0.1' or !(pw_gid & > 4)) >>> and ( ('%r'!='127.0.0.1' or COALESCE(disable_webmail,0)!=1) and >>> COALESCE(disable_imap,0)!=1 or (pw_gid & 8192) ); >>> >>> So construct your SQL query in a way that your bit field in MySQL >>> disables >>> all access for a single user except when the source IP is your webmail >>> server. >>> >>> If you want multiple passwords, you can modify the password_query with >>> iif >>> statements based on the source IP or protocol. >>> >>> Like: >>> select iif(%r == '127.0.0.1' & pw_name== 'yourname' & >>> pw_domain='yourdomain',pw_webmailpasswrd,pw_passwd) as pw_passwd from >>> vpopmail ..... >>> Of course that's specific to the vpopmail table... modify as needed for >>> your own table structure... >>> Rick >> >> From rick at havokmon.com Mon May 5 21:33:55 2014 From: rick at havokmon.com (Rick Romero) Date: Mon, 05 May 2014 16:33:55 -0500 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> <5367F827.1000401@bsdpanic.com> <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> Message-ID: <20140505163355.Horde.dAii15amo91janPgTCfgTA1@www.vfemail.net> Duh.? 'ONE user only' would be the clue.? So your query would be like: SELECT email as user, if(%r = '127.0.0.1' & user = 'yourloginname', password,imap_password) as password FROM virtual_users WHERE email='%u'; Also, test ! and Google!?? I'm throwing this out off the top of my head..? I think the double == was wrong. The best way test this is just replace the %u with your username and %r with either 127.0.0.1 or anything else on the MySQL command line and make sure what's returned is the password you're expecting. Rick Quoting Rick Romero : > You don't need vpopmail - that's just an example.? It has it's own table > structure. ?? > > Are you the only user - I missed that part of the question.? If so, ignore > the 'Bit Operator' part, you won't need it.? That's to allow different > types of access per user (and makes the query that much more complex). > > Change your user table structure and add a 2nd password field named > 'imap_password', then change your Dovecot query SQL to the below: > > SELECT email as user, if(%r == '127.0.0.1', password,imap_password) as > password FROM virtual_users WHERE email='%u'; > > That will return the contents of 'password' when you use webmail (assuming > it's all installed on one box), and 'imap_password' when you connect from > any other system.? > > If you're unfamiliar with modifing MySQL tables, install phpmyadmin (and > lock it down) or another visual MySQL client. > > If there are multiple users, you'll need to either change the query to > just > match your username or add another field to do a bit check and make the > query more complex... :) > > Rick > > Quoting SIW : > >> Hi Rick >> >> I really appreciate your response! >> >> Unfortunately my SQL is, how can we say, very basic. I built my server >> using the Linode guide at: >> >> https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql >> >> Currently my password query looks as follows: >> >> password_query = SELECT email as user, password FROM virtual_users WHERE >> email='%u'; >> >> I'm not familiar with VPopMail, would I need it in this situation? >> Currently I use Postfix/Dovecot/MySQL/Apache/Roundcube. >> >> On 05/05/2014 21:32, Rick Romero wrote: >>> Quoting Professa Dementia : >>> >>>> On 5/5/2014 1:05 PM, SIW wrote: >>>>> Thats a good point. >>>>> >>>>> If I block IMAP/SMTP access to ONE user does that mean that particular >>>>> user can't use Roundcube anymore? >>>> >>>> That is correct.? If you block IMAP, then webmail will not work. >>> >>> Not necessarily. >>> >>> From: >>> http://wiki2.dovecot.org/AuthDatabase/VPopMail >>> >>> "logically this means: show password for user=%n at domain=%d when imap >>> on >>> the account is not disabled and connection is not comming from localhost >>> when webmail access on the account is not disabled and if imap for the >>> domain is not disabled and (connection is not comming from localhost > > when >>> webmail access for the domain is not disabled) when vlimits are not >>> overriden on the account " >>> # >>> password_query = select pw_passwd as password FROM vpopmail LEFT JOIN >>> limits ON vpopmail.pw_domain=limits.domain WHERE pw_name='%n' and >>> pw_domain='%d' and !(pw_gid & 8) and ('%r'!='127.0.0.1' or !(pw_gid & > > 4)) >>> and ( ('%r'!='127.0.0.1' or COALESCE(disable_webmail,0)!=1) and >>> COALESCE(disable_imap,0)!=1 or (pw_gid & 8192) ); >>> >>> So construct your SQL query in a way that your bit field in MySQL >>> disables >>> all access for a single user except when the source IP is your webmail >>> server. >>> >>> If you want multiple passwords, you can modify the password_query with >>> iif >>> statements based on the source IP or protocol. >>> >>> Like: >>> select iif(%r == '127.0.0.1' & pw_name== 'yourname' & >>> pw_domain='yourdomain',pw_webmailpasswrd,pw_passwd) as pw_passwd from >>> vpopmail ..... >>> Of course that's specific to the vpopmail table... modify as needed for >>> your own table structure... >>> Rick > > ? From bov at bsdpanic.com Mon May 5 21:49:52 2014 From: bov at bsdpanic.com (SIW) Date: Mon, 05 May 2014 22:49:52 +0100 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <20140505163355.Horde.dAii15amo91janPgTCfgTA1@www.vfemail.net> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> <5367F827.1000401@bsdpanic.com> <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> <20140505163355.Horde.dAii15amo91janPgTCfgTA1@www.vfemail.net> Message-ID: <53680780.4090609@bsdpanic.com> I'm beginning to wonder if I am going about this all wrong :-) Would it not be easier/better to leave all IMAP/SMTP access in place (for all users) and then just use "one time throw away passwords" for logging in from an internet cafe with Roundcube? Can this be done? So after you login it just deletes the password you have logged in with. Can you have one username with many (throw away) passwords? But keep one password that is used for IMAP/Thunderbird as you don't want that password being deleted/removed from the system! On 05/05/2014 22:33, Rick Romero wrote: > Duh. 'ONE user only' would be the clue. So your query would be like: > SELECT email as user, if(%r = '127.0.0.1' & user = 'yourloginname', > password,imap_password) as password FROM virtual_users WHERE email='%u'; > > Also, test ! and Google! I'm throwing this out off the top of my > head.. I think the double == was wrong. > > The best way test this is just replace the %u with your username and %r > with either 127.0.0.1 or anything else on the MySQL command line and make > sure what's returned is the password you're expecting. > > Rick > From dar at darklajid.de Mon May 5 22:30:15 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Tue, 06 May 2014 00:30:15 +0200 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <53680780.4090609@bsdpanic.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> <5367F827.1000401@bsdpanic.com> <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> <20140505163355.Horde.dAii15amo91janPgTCfgTA1@www.vfemail.net> <53680780.4090609@bsdpanic.com> Message-ID: <01d6c571-29b1-409e-96a6-3b8e6d643d48@darklajid.de> On Monday, May 5, 2014 11:49:52 PM CEST, SIW wrote: > I'm beginning to wonder if I am going about this all wrong :-) No offense: I'm thinking the same thing. ;-) > Would it not be easier/better to leave all IMAP/SMTP access in > place (for all users) and then just use "one time throw away > passwords" for logging in from an internet cafe with Roundcube? YES! Yes, that should be possible. It seems that [1] says that dovecot supports OTP and S/Key by default, using PAM would allow you to use more than that (i.e. plug in a yubikey or whatever). Obviously moving to PAM might not be an option with your virtual users. > Can this be done? So after you login it just deletes the > password you have logged in with. Can you have one username with > many (throw away) passwords? But keep one password that is used > for IMAP/Thunderbird as you don't want that password being > deleted/removed from the system! Well, you certainly can have multiple passwords per user as far as I can tell: [2] lists ways to do the 'password verification by sql server' and that should allow you to have a way to switch between different passwords for the same user. That said, that still sounds .. not that nice. The best way would be to support two-factor/OTP in dovecot itself and while the latter is documented as 'supported' (again, see [1]), the documentation HOW that is going to work seems to be missing. [3] At the moment I'd say your best bet would be to wait for some dovecot developers to chime in and help with the OTP or S/Key stuff. Messing with the SQL Query is a hack, ugly and .. well: You still leak your password, if password/otp is 'Roundcube only'. On a sidenote: This guy [4] isn't you, is it? Seems like someone's evaluating the same thing (with the same threat model) just now. Ben 1: http://wiki2.dovecot.org/Authentication/Mechanisms 2: http://wiki2.dovecot.org/AuthDatabase/SQL 3: And boy is searching the wiki evil and .. unintuitive.. 4: https://forums.freebsd.org/viewtopic.php?f=43&t=45341 From me at junc.eu Mon May 5 22:38:12 2014 From: me at junc.eu (Benny Pedersen) Date: Tue, 06 May 2014 00:38:12 +0200 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5367BECE.9090401@bsdpanic.com> References: <5367BECE.9090401@bsdpanic.com> Message-ID: <9a8247f987ba404bc5621ca7c8ef23ec@junc.eu> SIW skrev den 2014-05-05 18:39: > I use MySQL to store my virtual users passwords and I am running the > latest version of Dovecot. > > What I need to do is have one particular user have ONLY access to > their email via Roundcube (webmail) and no IMAP/SMTP access. > > Therefore, how do I disable IMAP/SMTP access for just one user? its not a roundcube question but: http://wiki2.dovecot.org/Authentication/RestrictAccess http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets setup that user to have allow_nets 127.0.0.1 with is roundcube imho solved ?` From professa at dementianati.com Mon May 5 23:06:53 2014 From: professa at dementianati.com (Professa Dementia) Date: Mon, 05 May 2014 16:06:53 -0700 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <01d6c571-29b1-409e-96a6-3b8e6d643d48@darklajid.de> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> <5367F827.1000401@bsdpanic.com> <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> <20140505163355.Horde.dAii15amo91janPgTCfgTA1@www.vfemail.net> <53680780.4090609@bsdpanic.com> <01d6c571-29b1-409e-96a6-3b8e6d643d48@darklajid.de> Message-ID: <5368198D.5050006@dementianati.com> On 5/5/2014 3:30 PM, Benjamin Podszun wrote: > On Monday, May 5, 2014 11:49:52 PM CEST, SIW wrote: >> I'm beginning to wonder if I am going about this all wrong :-) > > No offense: I'm thinking the same thing. ;-) > >> Would it not be easier/better to leave all IMAP/SMTP access in place >> (for all users) and then just use "one time throw away passwords" for >> logging in from an internet cafe with Roundcube? Have you considered Yubikey? https://www.yubico.com/products/yubikey-hardware/yubikey/ The USB device looks like a keyboard when plugged in. Plug it in, type in your login, highlight the password field, then press the button on the Yubikey. It "types" in the OTP. Click the login button. It run on many OS's, including Linux where it interfaces with PAM. A simple PAM config change installs it. https://www.yubico.com/applications/computer-login/linux/ You can even (and I do recommend that you) use it with two factor, so you enter a normal password, plus the OTP (something that you know, plus something that you have). This would take a small change to Roundcube, which is beyond scope for this list. Dem From Jochen.Bern at LINworks.de Mon May 5 23:11:11 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Tue, 06 May 2014 01:11:11 +0200 Subject: [Dovecot] Broken IMAPS Connects Create Lingering imap-login Processes In-Reply-To: <5367F1E0.1040503@thelounge.net> References: <5367F106.9040800@LINworks.de> <5367F1E0.1040503@thelounge.net> Message-ID: <53681A8F.8090407@LINworks.de> On -10.01.-28163 20:59, Reindl Harald wrote: > Am 05.05.2014 22:13, schrieb Jochen Bern: >> One of the customers has a major networking problem that hasn't been >> fully analyzed yet. Sniffing his IMAPS connects on the server side, I >> see [...] > > ask that user to restart his network-devices > > i faced it way too often in the last few years that encrypted > connections where broken on customers side and after restart > his crap of router all went fine again Let me put it like this: This one customer's issues have simmered in the trouble ticket system for quite some time now. It's the possible use of the same mechanism by someone else *cough*DDoS botnet*cough* that I'm supposed to find an answer to. Kind regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From stan at hardwarefreak.com Tue May 6 01:05:07 2014 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Mon, 05 May 2014 20:05:07 -0500 Subject: [Dovecot] mdbox-files over 2 MB In-Reply-To: <20140505152305.Horde.RPh72252cnResSssDZVBSw1@mail.patrickdk.com> References: <5326987F.3060403@gmx.de> <53679BDE.3060207@gmx.de> <53679D33.1070808@thelounge.net> <20140505152305.Horde.RPh72252cnResSssDZVBSw1@mail.patrickdk.com> Message-ID: <53683543.6050404@hardwarefreak.com> On 5/5/2014 2:23 PM, Patrick Domack wrote: > Quoting Reindl Harald : > >> Am 05.05.2014 16:10, schrieb Hardy Flor: >>> Is there really no one with this problem? >> >> next time quote the problem instead demand >> others to seek for you in the archives > > Even searching for him in the archives, I have no idea what he thinks is > a problem. > > I know I have no issues using mdbox, with 2mb or 50mb rotate sizes. He's wondering why many of his mdbox files are much smaller than 2 MB. His original post: On 3/17/2014 1:29 AM, Hardy Flor wrote: > Hello, > > there are copies with different size in 3 mailboxes of the user > sequentially about 3800 emails. > why not something 2MB files? > > After the big file "m.00000034" with 14MB follow very many small ... > > ------------------------------------- doveconf: > > # 2.2.12: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 ext4 > mail_attachment_dir = /var/mail/attachments > mail_attachment_hash = %{md5} > mail_attachment_min_size = 16 k > mail_location = mdbox:/var/mail/user/%n > mdbox_rotate_interval = 1 weeks > mdbox_rotate_size = 2 M > > ------------------------------------- directory: > > root at xxx:/var/mail/user/xxx/storage# ls -al > insgesamt 76532 > drwx--S--- 2 vmail mail 4096 M?r 16 13:52 . > drwx--S--- 6 vmail mail 4096 M?r 16 12:10 .. > -rw------- 1 vmail mail 74360 M?r 16 12:39 dovecot.map.index > -rw------- 1 vmail mail 25204 M?r 16 13:52 dovecot.map.index.log > -rw------- 1 vmail mail 63544 M?r 16 12:39 dovecot.map.index.log.2 > -rw------- 1 vmail mail 2092921 M?r 16 12:15 m.00000001 > -rw------- 1 vmail mail 2086746 M?r 16 12:15 m.00000002 > -rw------- 1 vmail mail 2084182 M?r 16 12:15 m.00000003 > -rw------- 1 vmail mail 2096826 M?r 16 12:15 m.00000004 > -rw------- 1 vmail mail 1882666 M?r 16 12:15 m.00000005 > -rw------- 1 vmail mail 1903965 M?r 16 12:15 m.00000006 > -rw------- 1 vmail mail 2091169 M?r 16 12:15 m.00000007 > -rw------- 1 vmail mail 2086396 M?r 16 12:15 m.00000008 > -rw------- 1 vmail mail 507205 M?r 16 12:16 m.00000009 > -rw------- 1 vmail mail 2031456 M?r 16 12:17 m.00000010 > -rw------- 1 vmail mail 2095697 M?r 16 12:17 m.00000011 > -rw------- 1 vmail mail 1689071 M?r 16 12:17 m.00000012 > -rw------- 1 vmail mail 2092124 M?r 16 12:17 m.00000013 > -rw------- 1 vmail mail 1950602 M?r 16 12:17 m.00000014 > -rw------- 1 vmail mail 2092215 M?r 16 12:17 m.00000015 > -rw------- 1 vmail mail 2087463 M?r 16 12:17 m.00000016 > -rw------- 1 vmail mail 2079795 M?r 16 12:17 m.00000017 > -rw------- 1 vmail mail 2014121 M?r 16 12:17 m.00000018 > -rw------- 1 vmail mail 2081893 M?r 16 12:17 m.00000019 > -rw------- 1 vmail mail 2092088 M?r 16 12:17 m.00000020 > -rw------- 1 vmail mail 2090508 M?r 16 12:17 m.00000021 > -rw------- 1 vmail mail 1929296 M?r 16 12:17 m.00000022 > -rw------- 1 vmail mail 2067685 M?r 16 12:17 m.00000023 > -rw------- 1 vmail mail 1745743 M?r 16 12:20 m.00000024 > -rw------- 1 vmail mail 866452 M?r 16 12:20 m.00000025 > -rw------- 1 vmail mail 296379 M?r 16 12:20 m.00000026 > -rw------- 1 vmail mail 433541 M?r 16 12:39 m.00000027 > -rw------- 1 vmail mail 92526 M?r 16 12:39 m.00000028 > -rw------- 1 vmail mail 19094 M?r 16 12:39 m.00000029 > -rw------- 1 vmail mail 106837 M?r 16 12:39 m.00000030 > -rw------- 1 vmail mail 162012 M?r 16 12:39 m.00000031 > -rw------- 1 vmail mail 412080 M?r 16 13:51 m.00000032 > -rw------- 1 vmail mail 1715868 M?r 16 13:51 m.00000033 > -rw------- 1 vmail mail 14433784 M?r 16 13:51 m.00000034 > -rw------- 1 vmail mail 3280 M?r 16 13:51 m.00000035 > -rw------- 1 vmail mail 6308 M?r 16 13:51 m.00000036 > -rw------- 1 vmail mail 534274 M?r 16 13:51 m.00000037 > -rw------- 1 vmail mail 378719 M?r 16 13:51 m.00000038 > -rw------- 1 vmail mail 458528 M?r 16 13:51 m.00000039 > -rw------- 1 vmail mail 192504 M?r 16 13:51 m.00000040 > -rw------- 1 vmail mail 1277766 M?r 16 13:51 m.00000041 > -rw------- 1 vmail mail 33417 M?r 16 13:51 m.00000042 > -rw------- 1 vmail mail 142866 M?r 16 13:51 m.00000043 > -rw------- 1 vmail mail 113529 M?r 16 13:51 m.00000044 > -rw------- 1 vmail mail 55888 M?r 16 13:51 m.00000045 > -rw------- 1 vmail mail 673504 M?r 16 13:51 m.00000046 > -rw------- 1 vmail mail 430738 M?r 16 13:51 m.00000047 > -rw------- 1 vmail mail 218494 M?r 16 13:51 m.00000048 > -rw------- 1 vmail mail 96165 M?r 16 13:51 m.00000049 > -rw------- 1 vmail mail 8370 M?r 16 13:51 m.00000050 > -rw------- 1 vmail mail 29251 M?r 16 13:51 m.00000051 > -rw------- 1 vmail mail 394680 M?r 16 13:51 m.00000052 > -rw------- 1 vmail mail 674892 M?r 16 13:51 m.00000053 > -rw------- 1 vmail mail 1076919 M?r 16 13:51 m.00000054 > -rw------- 1 vmail mail 258806 M?r 16 13:51 m.00000055 > -rw------- 1 vmail mail 60069 M?r 16 13:51 m.00000056 > -rw------- 1 vmail mail 297891 M?r 16 13:51 m.00000057 > -rw------- 1 vmail mail 92772 M?r 16 13:51 m.00000058 > -rw------- 1 vmail mail 129272 M?r 16 13:51 m.00000059 > -rw------- 1 vmail mail 56073 M?r 16 13:51 m.00000060 > -rw------- 1 vmail mail 528260 M?r 16 13:51 m.00000061 > -rw------- 1 vmail mail 29468 M?r 16 13:51 m.00000062 > -rw------- 1 vmail mail 3250 M?r 16 13:51 m.00000063 > -rw------- 1 vmail mail 96445 M?r 16 13:51 m.00000064 > -rw------- 1 vmail mail 337663 M?r 16 13:51 m.00000065 > -rw------- 1 vmail mail 187505 M?r 16 13:51 m.00000066 > -rw------- 1 vmail mail 98839 M?r 16 13:51 m.00000067 > -rw------- 1 vmail mail 5294 M?r 16 13:51 m.00000068 > -rw------- 1 vmail mail 28276 M?r 16 13:51 m.00000069 > -rw------- 1 vmail mail 67950 M?r 16 13:52 m.00000070 > -rw------- 1 vmail mail 704457 M?r 16 13:52 m.00000071 > -rw------- 1 vmail mail 1410205 M?r 16 13:52 m.00000072 > -rw------- 1 vmail mail 736330 M?r 16 13:52 m.00000073 > -rw------- 1 vmail mail 616992 M?r 16 13:52 m.00000074 From bov at bsdpanic.com Tue May 6 07:26:54 2014 From: bov at bsdpanic.com (SIW) Date: Tue, 06 May 2014 08:26:54 +0100 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5368198D.5050006@dementianati.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> <5367F827.1000401@bsdpanic.com> <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> <20140505163355.Horde.dAii15amo91janPgTCfgTA1@www.vfemail.net> <53680780.4090609@bsdpanic.com> <01d6c571-29b1-409e-96a6-3b8e6d643d48@darklajid.de> <5368198D.5050006@dementianati.com> Message-ID: <53688EBE.9010400@bsdpanic.com> I haven't considered Yubikey but I was considering this: http://www.s-crib.com/ I'm not sure if these USB virtual keyboards are the best option as some internet cafes won't let you plug in USB devices or you don't have the rights to install it (I know they say it doesn't require drivers but some machines are locked down good) From what I have read it sounds like I need to have two passwords for one login...one for Roundcube (with OTP) and one for IMAP access. I think the key to this is to ONLY allow the IMAP password to be used with IMAP and for the Roundcube password (with OTP) to ONLY have access to Roundcube. That way if the Roundcube password gets recorded/keylogged then they can't use it with IMAP. Is this possible? (ie: bind/enforce a particular password to one type of service) Another option, is it possible to have my main account and use it with IMAP but have a SECOND set of login credentials that I only use for Roundcube but can access my mailbox of the the other account? I'm still battling with this! On 06/05/2014 00:06, Professa Dementia wrote: > On 5/5/2014 3:30 PM, Benjamin Podszun wrote: >> On Monday, May 5, 2014 11:49:52 PM CEST, SIW wrote: >>> I'm beginning to wonder if I am going about this all wrong :-) >> No offense: I'm thinking the same thing. ;-) >> >>> Would it not be easier/better to leave all IMAP/SMTP access in place >>> (for all users) and then just use "one time throw away passwords" for >>> logging in from an internet cafe with Roundcube? > Have you considered Yubikey? > > https://www.yubico.com/products/yubikey-hardware/yubikey/ > > The USB device looks like a keyboard when plugged in. Plug it in, type > in your login, highlight the password field, then press the button on > the Yubikey. It "types" in the OTP. Click the login button. > > It run on many OS's, including Linux where it interfaces with PAM. A > simple PAM config change installs it. > > https://www.yubico.com/applications/computer-login/linux/ > > You can even (and I do recommend that you) use it with two factor, so > you enter a normal password, plus the OTP (something that you know, plus > something that you have). This would take a small change to Roundcube, > which is beyond scope for this list. > > > Dem From dar at darklajid.de Tue May 6 07:44:33 2014 From: dar at darklajid.de (Benjamin Podszun) Date: Tue, 06 May 2014 09:44:33 +0200 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <53688EBE.9010400@bsdpanic.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> <5367F827.1000401@bsdpanic.com> <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> <20140505163355.Horde.dAii15amo91janPgTCfgTA1@www.vfemail.net> <53680780.4090609@bsdpanic.com> <01d6c571-29b1-409e-96a6-3b8e6d643d48@darklajid.de> <5368198D.5050006@dementianati.com> <53688EBE.9010400@bsdpanic.com> Message-ID: <87109e48-ca37-418d-a505-9e6d560cd9a3@darklajid.de> On Tuesday, May 6, 2014 9:26:54 AM CEST, SIW wrote: > I haven't considered Yubikey but I was considering this: > > http://www.s-crib.com/ > > I'm not sure if these USB virtual keyboards are the best option > as some internet cafes won't let you plug in USB devices or you > don't have the rights to install it (I know they say it doesn't > require drivers but some machines are locked down good) I'd be surprised if these machines wouldn't support plain USB keyboards. Probably the keyboard you'll use at these machines isn't PS/2 anymore.. > From what I have read it sounds like I need to have two > passwords for one login...one for Roundcube (with OTP) and one > for IMAP access. I think the key to this is to ONLY allow the > IMAP password to be used with IMAP and for the Roundcube > password (with OTP) to ONLY have access to Roundcube. That way > if the Roundcube password gets recorded/keylogged then they > can't use it with IMAP. Is this possible? (ie: bind/enforce a > particular password to one type of service) I think you're confused. Take a step back. You came with a ~strange~ requirement (see subject, by now you understand that 'disable imap for one user' isn't what you want). You provided not enough details to proceed and I think you are still not quite sure what you want to do here. The thought process you outline above isn't clear. I _assume_ (note: Please confirm/deny) you looked at OTP solutions that are roundcube only, i.e. that are implemented in PHP. That'd mean that there's no OTP support in your dovecot setup and plain/direct imap connections use nothing but your regular password. Furthermore it seems that you confuse/mix OTPs with two-factor authentication and assume the latter with the Roundcube-only setup I believe to understand above. That is, you log in to your Roundcube site with - your regular password AND - something else (call it OTP) Only under these circumstances it makes sense that you consider OTPs to be broken for your threat model: A keylogger has now your regular password and a useless OTP, but needs only the regular password for dovecot because the OTP support is bolted on/a hack in the wrong place. I still think you want OTP support in dovecot itself. It might be possible to hack the Roundcube thing (still leaning heavily on my assumptions above) to require _just_ a OTP, but that'd require Roundcube to be able to login without you transmitting your real password. That'd fix the hack for 'someone logged my keys', but isn't much of an improvement overall. > Another option, is it possible to have my main account and use > it with IMAP but have a SECOND set of login credentials that I > only use for Roundcube but can access my mailbox of the the > other account? Yes, that would be possible and I pointed to a specific part of the documentation for that. You could, without too much effort, support accounts with multiple passwords, whatever that would be good for. > I'm still battling with this! See above: Please reflect a moment, check the facts you provided and fill in the missing details. > On 06/05/2014 00:06, Professa Dementia wrote: >> On 5/5/2014 3:30 PM, Benjamin Podszun wrote: > ... > > From HFlor at gmx.de Tue May 6 10:17:45 2014 From: HFlor at gmx.de (Hardy Flor) Date: Tue, 06 May 2014 12:17:45 +0200 Subject: [Dovecot] mdbox-files over 2 MB In-Reply-To: <53679D33.1070808@thelounge.net> References: <5326987F.3060403@gmx.de> <53679BDE.3060207@gmx.de> <53679D33.1070808@thelounge.net> Message-ID: <5368B6C9.5000007@gmx.de> Sorry, I thought the tree display of threads is sufficient. I did not want to quote much. Am 05.05.2014 16:16, schrieb Reindl Harald: > Am 05.05.2014 16:10, schrieb Hardy Flor: >> Is there really no one with this problem? > next time quote the problem instead demand > others to seek for you in the archives > From rnowotny at rotek.at Tue May 6 10:29:43 2014 From: rnowotny at rotek.at (Robert Nowotny) Date: Tue, 6 May 2014 12:29:43 +0200 Subject: [Dovecot] on High Load using IMAPSYNC : Panic: file ostream-lzma.c: line 147: unreached. Dovecot 2.2.12 with zlib/XZ compression Message-ID: when syncing Mailboxes with IMAPSYNC, using xz compression the dbox file gets corrupted. the same configuration was working ok on low load with xz compression. Dovecot Version 2.2.12 Linux Mint 16 EXT4 Filesystem another dovecot user already reported the same problem on the mailinglist, using dsync. That user switched to bz2 compression what worked for him. the answer was : > are you on latest patchlevel ? > there are some dsync fixes since 2.2.12 but it is not a problem of dsync. when looking at the code, we get here an unexpected returnvalue when flushing. I propose it would be good practice to write some logging in the default switch cases, to see the unexpected returnvalues in the errorlog. something like : ostream-lzma.c : -- Line 147 : i_unreached(); ++ Line 147 : i_fatal("unexpected lzma errorcode when flushing : %s", ret); I will try to change it and let You know. maybe You can also investigate and let me know when fixed. Here the log : May 5 14:53:10 vm-imap dovecot: imap(rrernboeck): Panic: file ostream-lzma.c: line 147: unreached May 5 14:53:10 vm-imap dovecot: imap(rrernboeck): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x67450) [0x7ff99d8ce450] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x6752e) [0x7ff99d8ce52e] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7ff99d88955e] -> /usr/local/lib/dovecot/lib20_zlib_plugin.so(+0x4f0a) [0x7ff99ce87f0a] -> /usr/local/lib/dovecot/libdovecot.so.0(o_stream_flush+0x3e) [0x7ff99d8e6dbe] -> /usr/local/lib/dovecot/libdovecot.so.0(o_stream_nflush+0xf) [0x7ff99d8e71df] -> /usr/local/lib/dovecot/libdovecot.so.0(o_stream_nfinish+0x9) [0x7ff99d8e7229] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(dbox_save_end+0x29) [0x7ff99db7cfa9] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mdbox_save_finish+0x39) [0x7ff99db76619] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_save_finish+0x4d) [0x7ff99dbb6a4d] -> dovecot/imap [rrernboeck 127.0.0.1 APPEND]() [0x40be09] -> dovecot/imap [rrernboeck 127.0.0.1 APPEND](command_exec+0x3c) [0x416cfc] -> dovecot/imap [rrernboeck 127.0.0.1 APPEND]() [0x40b491] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7ff99d8de527] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7ff99d8df2b7] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7ff99d8de0c8] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7ff99d88e753] -> dovecot/imap [rrernboeck 127.0.0.1 APPEND](main+0x2af) [0x40b06f] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7ff99d4c0de5] -> dovecot/imap [rrernboeck 127.0.0.1 APPEND]() [0x40b1cc] May 5 14:53:10 vm-imap dovecot: imap(rrernboeck): Fatal: master: service(imap): child 47957 killed with signal 6 (core dumped) May 5 14:53:10 vm-imap dovecot: imap(rrernboeck): Error: Corrupted dbox file /home/vmail/virtualmailboxes/rrernboeck/storage/m.1 (around offset=1302): msg header has bad magic value From t.b.mailinglists at igeno-fat.de Tue May 6 10:43:31 2014 From: t.b.mailinglists at igeno-fat.de (T.B.) Date: Tue, 06 May 2014 12:43:31 +0200 Subject: [Dovecot] Pigeonhole sieve re-filter extension? Message-ID: <5368BCD3.8080604@igeno-fat.de> Dear Stephan Bosch, dear Dovecot community, "sieve-filter" re-filtering of existing mails is already a great progress for everyone using sieve! But as far as I know this functionality is just accessible by the server administrator. In the meanwhile everyone knows the comfort of re-executing filter scripts on his own existing mailboxes - triggered by himself! This service is already very widespread. Examples are MUA's like Outlook or Thunderbird which provide this service just on the client side. Or almost every web-mail provider offers this. Is there already an managesieve protocol extension that allows client triggered server side re-filtering? If not, maybe you could design a RFC for this? What do you think? Best regards. T.B. From bourek at thinline.cz Tue May 6 11:01:05 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Tue, 06 May 2014 13:01:05 +0200 Subject: [Dovecot] Status of sieve-extdata? In-Reply-To: <5367E6D5.2030307@rename-it.nl> References: <535F6A66.7010504@thinline.cz> <5367E6D5.2030307@rename-it.nl> Message-ID: <5368C0F1.4020900@thinline.cz> > > It is not dead, but I haven't seen much interest for it either. Well I was thinking about switching from dovecot-lda to LMTP and use the extdata plugin to check whether the message should go through spamc (via extprograms filter extension). All that in sieve_before script That proved problematic though. Sieve is unable to use pgsql as data source, so I needed to go for proxy which in turn needed to make dict socket world writable (out of curiosity, is there a way to run second dict service with different dictionaries?) After some more testing I found out that I'm unable to come up with working dictionary definition - username_field passes username as one value (whereas I have user and domain parts in different tables.) Tried using the fields {} section but that seems unusable as well, because extdata uses priv/something pattern and fields section requires you to use $variable which is - I assume - taken from pattern like this: priv/something/$variable (I may be mistaken here, as hard as I tried, I was unable to find any documentation on how that map {} definition should look like) Anyway, I already have some scripts that convert sieve settings stored in database into .dovecot.sieve file so I'll take care of running spamc this way > > Anyway, I quickly made a v0.4 version: > > http://hg.rename-it.nl/pigeonhole-0.4-sieve-extdata/ Thank you very much, sorry I won't use it in the end. From stephan at rename-it.nl Tue May 6 11:05:47 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 06 May 2014 13:05:47 +0200 Subject: [Dovecot] Pigeonhole sieve re-filter extension? In-Reply-To: <5368BCD3.8080604@igeno-fat.de> References: <5368BCD3.8080604@igeno-fat.de> Message-ID: <5368C20B.6090909@rename-it.nl> On 5/6/2014 12:43 PM, T.B. wrote: > Dear Stephan Bosch, dear Dovecot community, > > "sieve-filter" re-filtering of existing mails is already a great > progress for everyone using sieve! > But as far as I know this functionality is just accessible by the > server administrator. > > In the meanwhile everyone knows the comfort of re-executing filter > scripts on his own existing mailboxes - triggered by himself! > > This service is already very widespread. Examples are MUA's like > Outlook or Thunderbird which provide this service just on the client > side. Or almost every web-mail provider offers this. > > Is there already an managesieve protocol extension that allows client > triggered server side re-filtering? > > If not, maybe you could design a RFC for this? I proposed something like this in the past, but it didn't catch much attention. For now, there's this: https://tools.ietf.org/html/rfc6785 It could be used to create a magic folder that does the re-filtering when a message is moved to it. In any case, functionality like this is a prerequisite for implementing what you desire. Once this is implemented (there are plans, albeit not very concrete), we can propose a new extension. Regards, Stephan. From stephan at rename-it.nl Tue May 6 11:07:56 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 06 May 2014 13:07:56 +0200 Subject: [Dovecot] Status of sieve-extdata? In-Reply-To: <5368C0F1.4020900@thinline.cz> References: <535F6A66.7010504@thinline.cz> <5367E6D5.2030307@rename-it.nl> <5368C0F1.4020900@thinline.cz> Message-ID: <5368C28C.9090603@rename-it.nl> On 5/6/2014 1:01 PM, Jiri Bourek wrote: >> >> It is not dead, but I haven't seen much interest for it either. > > Well I was thinking about switching from dovecot-lda to LMTP and use > the extdata plugin to check whether the message should go through > spamc (via extprograms filter extension). All that in sieve_before script > > That proved problematic though. Sieve is unable to use pgsql as data > source, so I needed to go for proxy which in turn needed to make dict > socket world writable (out of curiosity, is there a way to run second > dict service with different dictionaries?) > > After some more testing I found out that I'm unable to come up with > working dictionary definition - username_field passes username as one > value (whereas I have user and domain parts in different tables.) > Tried using the fields {} section but that seems unusable as well, > because extdata uses priv/something pattern and fields section > requires you to use $variable which is - I assume - taken from pattern > like this: priv/something/$variable > > (I may be mistaken here, as hard as I tried, I was unable to find any > documentation on how that map {} definition should look like) > > Anyway, I already have some scripts that convert sieve settings stored > in database into .dovecot.sieve file so I'll take care of running > spamc this way This is another, much more powerful option: http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms Regards, Stephan. From alec at alec.pl Tue May 6 11:29:18 2014 From: alec at alec.pl (A.L.E.C) Date: Tue, 06 May 2014 13:29:18 +0200 Subject: [Dovecot] Pigeonhole sieve re-filter extension? In-Reply-To: <5368C20B.6090909@rename-it.nl> References: <5368BCD3.8080604@igeno-fat.de> <5368C20B.6090909@rename-it.nl> Message-ID: <5368C78E.9000107@alec.pl> On 05/06/2014 01:05 PM, Stephan Bosch wrote: > For now, there's this: > > https://tools.ietf.org/html/rfc6785 > > It could be used to create a magic folder that does the re-filtering > when a message is moved to it. There are some similarities, but I think this is not what we want here. We don't need imap events, we don't need new sieve extensions, we don't need metadata. All we need is one simple imap (or managesieve) command that executes current (or specified) script on specified folder (or maybe later a set of messages, like in IMAP SEARCH). The implementation then would be much simpler. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From lstone19 at stonejongleux.com Tue May 6 11:29:18 2014 From: lstone19 at stonejongleux.com (Larry Stone) Date: Tue, 6 May 2014 06:29:18 -0500 Subject: [Dovecot] mdbox-files over 2 MB In-Reply-To: <5368B6C9.5000007@gmx.de> References: <5326987F.3060403@gmx.de> <53679BDE.3060207@gmx.de> <53679D33.1070808@thelounge.net> <5368B6C9.5000007@gmx.de> Message-ID: On May 6, 2014, at 5:17 AM, Hardy Flor wrote: > Sorry, I thought the tree display of threads is sufficient. I did not want to quote much. Believe it or not, not all of us save every message or have the same MUA capabilities. Don?t assume how you read is the same way everyone does. Sometimes, what starts as something uninteresting and deleted immediately turns interesting. Therefore, quoting the relevant text from previous message is needed. -- Larry Stone lstone19 at stonejongleux.com http://www.stonejongleux.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4160 bytes Desc: not available URL: From bourek at thinline.cz Tue May 6 11:29:25 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Tue, 06 May 2014 13:29:25 +0200 Subject: [Dovecot] Status of sieve-extdata? In-Reply-To: <5368C28C.9090603@rename-it.nl> References: <535F6A66.7010504@thinline.cz> <5367E6D5.2030307@rename-it.nl> <5368C0F1.4020900@thinline.cz> <5368C28C.9090603@rename-it.nl> Message-ID: <5368C795.8020204@thinline.cz> >>> >>> It is not dead, but I haven't seen much interest for it either. >> >> Well I was thinking about switching from dovecot-lda to LMTP and use >> the extdata plugin to check whether the message should go through >> spamc (via extprograms filter extension). All that in sieve_before script >> >> That proved problematic though. Sieve is unable to use pgsql as data >> source, so I needed to go for proxy which in turn needed to make dict >> socket world writable (out of curiosity, is there a way to run second >> dict service with different dictionaries?) >> >> After some more testing I found out that I'm unable to come up with >> working dictionary definition - username_field passes username as one >> value (whereas I have user and domain parts in different tables.) >> Tried using the fields {} section but that seems unusable as well, >> because extdata uses priv/something pattern and fields section >> requires you to use $variable which is - I assume - taken from pattern >> like this: priv/something/$variable >> >> (I may be mistaken here, as hard as I tried, I was unable to find any >> documentation on how that map {} definition should look like) >> >> Anyway, I already have some scripts that convert sieve settings stored >> in database into .dovecot.sieve file so I'll take care of running >> spamc this way > > This is another, much more powerful option: > > http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms I know, I was about to use this plugin in any case - specifically the vnd.dovecot.filter. The difference is that with extdata I could put the filter call into separate script and call that script as sieve_before (thus setting it globally for every user on the server with extdata deciding if the filter call should be done) Without extdata I'll need to check user's settings and generate .dovecot.sieve with filter call in case user requests it. That's not difficult of course, I just thought extdata might be a bit more elegant way of doing this. > > Regards, > > Stephan. From stephan at rename-it.nl Tue May 6 12:13:01 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 06 May 2014 14:13:01 +0200 Subject: [Dovecot] Status of sieve-extdata? In-Reply-To: <5368C795.8020204@thinline.cz> References: <535F6A66.7010504@thinline.cz> <5367E6D5.2030307@rename-it.nl> <5368C0F1.4020900@thinline.cz> <5368C28C.9090603@rename-it.nl> <5368C795.8020204@thinline.cz> Message-ID: <5368D1CD.8030608@rename-it.nl> Jiri Bourek schreef op 6-5-2014 13:29: >> >> This is another, much more powerful option: >> >> http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms > > I know, I was about to use this plugin in any case - specifically the > vnd.dovecot.filter. The difference is that with extdata I could put > the filter call into separate script and call that script as > sieve_before (thus setting it globally for every user on the server > with extdata deciding if the filter call should be done) You can use the vnd.dovecot.execute extension to achieve pretty much the same as extdata, e.g. calling a shell script that use command line database query tools such as pgsql, msql or ldapsearch. Be careful with passing parameters though. Also, the extprograms plugin can be used in global context without problems. Regards, Stephan. From tss at iki.fi Tue May 6 12:14:38 2014 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 May 2014 15:14:38 +0300 Subject: [Dovecot] Broken IMAPS Connects Create Lingering imap-login Processes In-Reply-To: <5367F106.9040800@LINworks.de> References: <5367F106.9040800@LINworks.de> Message-ID: <24CA5A07-86C7-4435-B482-6CF7E5FEFC7F@iki.fi> On 5.5.2014, at 23.13, Jochen Bern wrote: > we are running a central server (CentOS 6.5, dovecot-2.0.9-7.el6 with a > small patch to disable the IMAP CREATE command, and > openssl-1.0.1e-16.el6_5.7) and distribute standard client software to > customer( site)s. > > One of the customers has a major networking problem that hasn't been > fully analyzed yet. Sniffing his IMAPS connects on the server side, I > see no (necessarily fragmented) TLSv1 Client Cert + Key Exchange happen; > instead, after ~60s, we receive a single packet with "TLSv1 Certificate > Verify, Change Cipher Spec, Encrypted Handshake Message" *and* the TCP > FIN+PSH+ACK flags set. > > The problem I'ld like to ask for help with here is that dovecot's > imap-login process doesn't terminate when the FIN is received, or when > the IMAP protocol's inactivity timeout is reached, it takes *more than > two hours* for it to go away. Because of that, this single client racks > up 1100+ processes (counting against dovecot's configured limits), TCP > connections, and the associated RAM usage. .. > dovenull 12064 0.0 0.0 42440 3656 ? S 19:32 0:00 \_ dovecot/imap-login [1 connections (1 TLS)] The process is taking 0% CPU? There was bug where a broken handshake could have caused 100% CPU usage. Maybe the same problem could happen in a slightly different way and also not cause CPU usage. http://hg.dovecot.org/dovecot-2.2/rev/c0236d1c4a04 fixes this. Although even then .. I'm not sure why the process wouldn't die sooner. And Dovecot especially should kill old imap-login processes that haven't logged in if it reaches the imap-login process limit. > # 2.0.9: /etc/dovecot/dovecot.conf I'd anyway try v2.2 first.. From bind at enas.net Tue May 6 12:23:42 2014 From: bind at enas.net (Urban Loesch) Date: Tue, 06 May 2014 14:23:42 +0200 Subject: [Dovecot] Again: pop3: Panic: Trying to allocate 0 bytes Message-ID: <5368D44E.8050308@enas.net> Hi, in April I wrote an e-mail to the list, that with dovecot 2.2.12 on debian squeeze some pop3-sessions were killed sometimes. But I got no anwser from the list. At this was not a urgend problem and it happend very rarely it was not a big problem. But today it happend again more several times and I have no idea why. I have the following in my errorlog: ... May 6 13:26:52 mailstore dovecot: pop3(user at domain.com pid:48986 session:): Panic: Trying to allocate 0 bytes May 6 13:26:52 mailstore dovecot: pop3(user at domain.com pid:48986 session:): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x6c38a) [0x7f8ed4c7538a] -> /usr/lib/dovecot/libdovecot.so.0(+0x6c406) [0x7f8ed4c75406] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f8ed4c2e1af] -> /usr/lib/dovecot/libdovecot.so.0(+0x81e1b) [0x7f8ed4c8ae1b] -> dovecot/pop3() [0x4077f0] -> dovecot/pop3(client_command_execute+0x9d) [0x407d0d] -> dovecot/pop3(client_handle_input+0x80) [0x405810] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x4e) [0x7f8ed4c856ae] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xaf) [0x7f8ed4c8682f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7f8ed4c85739] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f8ed4c857c8] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f8ed4c32f63] -> dovecot/pop3(main+0x257) [0x404a67] -> /lib/libc.so.6(__libc_start_main+0xfd) [0x7f8ed48c5c8d] -> dovecot/pop3() [0x4045b9] May 6 13:26:52 mailstore dovecot: pop3(user at domain.com pid:48986 session:): Fatal: master: service(pop3): child 48986 killed with signal 6 (core dumped) ... I got a coredump. Here comes the backtrace: ... (gdb) bt full #0 0x00007f8ed48d91b5 in raise () from /lib/libc.so.6 No symbol table info available. #1 0x00007f8ed48dbfc0 in abort () from /lib/libc.so.6 No symbol table info available. #2 0x00007f8ed4c75380 in default_fatal_finish (type=, status=0) at failures.c:193 backtrace = 0x1c180c8 "/usr/lib/dovecot/libdovecot.so.0(+0x6c38a) [0x7f8ed4c7538a] -> /usr/lib/dovecot/libdovecot.so.0(+0x6c406) [0x7f8ed4c75406] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f8ed4c2e1af] -> /usr/lib/d"... #3 0x00007f8ed4c75406 in i_internal_fatal_handler (ctx=0x7fff547b5940, format=, args=) at failures.c:657 status = 0 #4 0x00007f8ed4c2e1af in i_panic (format=0xbf5a
) at failures.c:267 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fff547b5a10, reg_save_area = 0x7fff547b5950}} #5 0x00007f8ed4c8ae1b in pool_system_malloc (pool=, size=0) at mempool-system.c:81 No locals. #6 0x00000000004077f0 in client_uidls_save (client=0x1c42990, seq=0) at pop3-commands.c:798 str = permanent_uidl = search_ctx = 0x1c230d0 mail = prev_uidls = {_table = 0x1c23330, _key = 0x1c23330 "\300o\355?\177", _keyp = 0x1c23330, _const_key = 0x1c23330 "\300o\355?\177", _value = 0x1c23330, _valuep = 0x1c23330} search_args = 0x0 seq_uidls = 0x60a4d8 uidl = wanted_fields = #7 cmd_uidl_init (client=0x1c42990, seq=0) at pop3-commands.c:842 ctx = search_args = wanted_fields = #8 0x0000000000407d0d in cmd_uidl (client=0x1c42990, name=, args=0x408820 "") at pop3-commands.c:873 ctx = seq = #9 client_command_execute (client=0x1c42990, name=, args=0x408820 "") at pop3-commands.c:938 No locals. #10 0x0000000000405810 in client_handle_input (client=0x1c42990) at pop3-client.c:739 _data_stack_cur_id = 3 line = args = 0x408820 "" ret = #11 0x00007f8ed4c856ae in io_loop_call_io (io=0x1c414a0) at ioloop.c:441 ioloop = 0x1c20740 t_id = 2 __FUNCTION__ = "io_loop_call_io" #12 0x00007f8ed4c8682f in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 ctx = 0x1c20aa0 event = 0x1c21910 list = 0x1c22500 io = 0xbf5a tv = {tv_sec = 9, tv_usec = 999120} msecs = ret = 1 i = 0 call = false __FUNCTION__ = "io_loop_handler_run_internal" #13 0x00007f8ed4c85739 in io_loop_handler_run (ioloop=0xbf5a) at ioloop.c:488 No locals. #14 0x00007f8ed4c857c8 in io_loop_run (ioloop=0x1c20740) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #15 0x00007f8ed4c32f63 in master_service_run (service=0x1c205d0, callback=0xbf5a) at master-service.c:566 No locals. #16 0x0000000000404a67 in main (argc=1, argv=0x1c20390) at main.c:277 set_roots = {0x409480, 0x0} login_set = {auth_socket_path = 0x1c18050 "/var/run/dovecot/auth-master", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x404c40 , failure_callback = 0x404bf0 , request_auth_token = 0} service_flags = storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT username = 0x0 ---Type to continue, or q to quit--- c = ... Can you help to resolve this issue? many Thanks Urban Loesch --------------------- doveconf -n --------------------- # 2.2.12 (16212e6d4fd4): /etc/dovecot/dovecot.conf # OS: Linux 3.4.67-vs2.3.3.9-rol-em64t-efigpt x86_64 Debian 6.0.9 ext4 auth_cache_negative_ttl = 0 auth_cache_size = 40 M auth_cache_ttl = 1 weeks auth_mechanisms = plain login deliver_log_format = msgid=%m: %$ %p %w disable_plaintext_auth = no info_log_path = syslog login_trusted_networks = $INTERNAL_IPS mail_gid = mailstore mail_location = mdbox:/home/vmail/%d/%n mail_log_prefix = "%s(%u pid:%p session:<%{session}>): " mail_plugins = " quota mail_log notify acl zlib stats virtual" mail_uid = mailstore managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate imapflags notify mdbox_rotate_size = 10 M namespace { list = children location = mdbox:/home/vmail/%%d/%%n prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { hidden = no inbox = no list = children location = virtual:/home/virtual:INDEX=~/virtual prefix = [rolmail]/ separator = / subscriptions = yes type = private } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Items" { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } mailbox [mail]/All { auto = no special_use = \All } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql-account.conf driver = sql } plugin { acl = vfile acl_shared_dict = file:/home/vmail/%d/shared-mailboxes mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size from mail_log_group_events = no quota = dict:Storage used::file:%h/dovecot-quota quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_max_redirects = 10 stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 30 secs stats_session_min_time = 15 mins stats_track_cmds = no stats_user_min_time = 1 hours zlib_save = gz zlib_save_level = 9 } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { group = mailstore mode = 0660 user = root } } service imap-login { inet_listener imap { port = 143 } process_limit = 48 process_min_avail = 3 service_count = 1 } service imap { process_limit = 48 process_min_avail = 2 service_count = 1 } service lmtp { inet_listener lmtp { port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } process_limit = 16 process_min_avail = 2 service_count = 1 } service pop3 { process_limit = 16 process_min_avail = 2 service_count = 1 } service quota-warning { executable = script /usr/local/rol/dovecot/quota-warning.sh unix_listener quota-warning { user = mailstore } user = mailstore } service stats { fifo_listener stats-mail { mode = 0600 user = mailstore } } ssl = no ssl_cert = mail_max_userip_connections = 20 mail_plugins = " quota mail_log notify acl zlib stats virtual imap_quota imap_acl imap_zlib imap_stats" } protocol pop3 { mail_plugins = " quota mail_log notify acl zlib stats virtual" pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_lock_session = yes pop3_logout_format = bytes_sent=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s uidl_hash=%u session=<%{session}> pop3_reuse_xuidl = yes } From tss at iki.fi Tue May 6 12:30:24 2014 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 May 2014 15:30:24 +0300 Subject: [Dovecot] Again: pop3: Panic: Trying to allocate 0 bytes In-Reply-To: <5368D44E.8050308@enas.net> References: <5368D44E.8050308@enas.net> Message-ID: <3751A453-0BF8-45EF-AF5C-59253C130249@iki.fi> On 6.5.2014, at 15.23, Urban Loesch wrote: > in April I wrote an e-mail to the list, that with dovecot 2.2.12 on debian squeeze some pop3-sessions were killed sometimes. But I got no anwser from > the list. At this was not a urgend problem and it happend very rarely it was not a big problem. > > But today it happend again more several times and I have no idea why. > > I have the following in my errorlog: > > ... > May 6 13:26:52 mailstore dovecot: pop3(user at domain.com pid:48986 session:): Panic: Trying to allocate 0 bytes http://hg.dovecot.org/dovecot-2.2/rev/b0359910ec96 should fix that. I'm hoping to make v2.2.13 release this week. From tss at iki.fi Tue May 6 12:34:41 2014 From: tss at iki.fi (Timo Sirainen) Date: Tue, 6 May 2014 15:34:41 +0300 Subject: [Dovecot] Again: pop3: Panic: Trying to allocate 0 bytes In-Reply-To: <3751A453-0BF8-45EF-AF5C-59253C130249@iki.fi> References: <5368D44E.8050308@enas.net> <3751A453-0BF8-45EF-AF5C-59253C130249@iki.fi> Message-ID: <9A027117-7198-4DB0-AA8F-835AEECC47C0@iki.fi> On 6.5.2014, at 15.30, Timo Sirainen wrote: > On 6.5.2014, at 15.23, Urban Loesch wrote: > >> in April I wrote an e-mail to the list, that with dovecot 2.2.12 on debian squeeze some pop3-sessions were killed sometimes. But I got no anwser from >> the list. At this was not a urgend problem and it happend very rarely it was not a big problem. >> >> But today it happend again more several times and I have no idea why. >> >> I have the following in my errorlog: >> >> ... >> May 6 13:26:52 mailstore dovecot: pop3(user at domain.com pid:48986 session:): Panic: Trying to allocate 0 bytes > > http://hg.dovecot.org/dovecot-2.2/rev/b0359910ec96 should fix that. I'm hoping to make v2.2.13 release this week. Actually, there's another bug, which is now fixed with: http://hg.dovecot.org/dovecot-2.2/rev/4493e070c47e As a workaround you can also remove %u from pop3_logout_format. From bov at bsdpanic.com Tue May 6 12:38:02 2014 From: bov at bsdpanic.com (SIW) Date: Tue, 06 May 2014 13:38:02 +0100 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <87109e48-ca37-418d-a505-9e6d560cd9a3@darklajid.de> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> <5367F827.1000401@bsdpanic.com> <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> <20140505163355.Horde.dAii15amo91janPgTCfgTA1@www.vfemail.net> <53680780.4090609@bsdpanic.com> <01d6c571-29b1-409e-96a6-3b8e6d643d48@darklajid.de> <5368198D.5050006@dementianati.com> <53688EBE.9010400@bsdpanic.com> <87109e48-ca37-418d-a505-9e6d560cd9a3@darklajid.de> Message-ID: <5368D7AA.1040203@bsdpanic.com> Hi Benjamin Thanks for your input. I guess I need to take a step back and define some requirements. Currently I have too many options running through my head which has overwhelmed me and is not helping! You are correct in saying that the subject of this post is now incorrect. Maybe is should now be: Two factor for Dovecot and Roundcube for secure remote access First of all I don't want any of the authentication options to change for all current users. I am the *only* user that requires secure access to webmail while travelling overseas. So the requirements are: 1) For all users (except myself) allow them to continue using the system as it is 2) For me (and possibly some new users in the future), allow a secure way of authenticating with Roundcube so that if the password is recorded with a keylogger, access to my mailbox via IMAP is not possible. (NB: When I say IMAP, I mean non-Roundcibe/HTTP access to my mailbox) 3) Email clients include: Thunderbird, Outlook, K9 on Android and Roundcube 4) Yes, I have looked at OTP for Roundcube and currently use Googles Authenticator which works nicely in securing Roundcube ONLY. The OTP AND password is required to login. The OTP is generate on my Android phone. From what I have gathered, the options for securing logging in from an untrusted machine are: 1) Use throw away passwords - ie: passwords that can only be used once and can ONLY be used for logging into Roundcube 2) Use OTP for Dovecot AND Roundcube - I have no idea how to do this 3) Have a copy of my mailbox (that gets synced with a cron job) and have a completely separate login to access this mailbox. This login will ONLY be used when using Roundcube from an untrusted machine and will NOT be allowed IMAP access (this can be done in the password_query I think). Or use two login accounts to the same mailbox maybe but one account is used for travelling and can't access IMAP? The important thing here is that if/when the password gets recorded while logging into Roundcube that it can NOT be used to access my mailbox from (say) Thunderbird. Also OTP should not be enforced for the other users (ie: it should be optional). Does that clarify? Sorry if I'm all over the place but there doesn't seem to be a clear/simple way to achieve what I want. Feel free to ask me more questions and I will try my best to answer so that it clarifies things. Thank you. PS: Regarding USB virtual keyboards (like Yubikey), I'd like to avoid them if possible as you can't always connect a USB device to a machine in an internet cafe (sometimes they physically lock the USB ports so they can't be used). On 06/05/2014 08:44, Benjamin Podszun wrote: > On Tuesday, May 6, 2014 9:26:54 AM CEST, SIW wrote: >> I haven't considered Yubikey but I was considering this: >> >> http://www.s-crib.com/ >> >> I'm not sure if these USB virtual keyboards are the best option as >> some internet cafes won't let you plug in USB devices or you don't >> have the rights to install it (I know they say it doesn't require >> drivers but some machines are locked down good) > > I'd be surprised if these machines wouldn't support plain USB > keyboards. Probably the keyboard you'll use at these machines isn't > PS/2 anymore.. > >> From what I have read it sounds like I need to have two passwords >> for one login...one for Roundcube (with OTP) and one for IMAP access. >> I think the key to this is to ONLY allow the IMAP password to be used >> with IMAP and for the Roundcube password (with OTP) to ONLY have >> access to Roundcube. That way if the Roundcube password gets >> recorded/keylogged then they can't use it with IMAP. Is this >> possible? (ie: bind/enforce a particular password to one type of >> service) > > I think you're confused. Take a step back. You came with a ~strange~ > requirement (see subject, by now you understand that 'disable imap for > one user' isn't what you want). You provided not enough details to > proceed and I think you are still not quite sure what you want to do > here. > > The thought process you outline above isn't clear. I _assume_ (note: > Please confirm/deny) you looked at OTP solutions that are roundcube > only, i.e. that are implemented in PHP. That'd mean that there's no > OTP support in your dovecot setup and plain/direct imap connections > use nothing but your regular password. Furthermore it seems that you > confuse/mix OTPs with two-factor authentication and assume the latter > with the Roundcube-only setup I believe to understand above. That is, > you log in to your Roundcube site with > - your regular password AND > - something else (call it OTP) > > Only under these circumstances it makes sense that you consider OTPs > to be broken for your threat model: A keylogger has now your regular > password and a useless OTP, but needs only the regular password for > dovecot because the OTP support is bolted on/a hack in the wrong place. > > I still think you want OTP support in dovecot itself. It might be > possible to hack the Roundcube thing (still leaning heavily on my > assumptions above) to require _just_ a OTP, but that'd require > Roundcube to be able to login without you transmitting your real > password. That'd fix the hack for 'someone logged my keys', but isn't > much of an improvement overall. > >> Another option, is it possible to have my main account and use it >> with IMAP but have a SECOND set of login credentials that I only use >> for Roundcube but can access my mailbox of the the other account? > > Yes, that would be possible and I pointed to a specific part of the > documentation for that. You could, without too much effort, support > accounts with multiple passwords, whatever that would be good for. > >> I'm still battling with this! > > See above: Please reflect a moment, check the facts you provided and > fill in the missing details. > From rnowotny at rotek.at Tue May 6 13:39:16 2014 From: rnowotny at rotek.at (Robert Nowotny) Date: Tue, 6 May 2014 15:39:16 +0200 Subject: [Dovecot] WG: on High Load using IMAPSYNC : Panic: file ostream-lzma.c: line 147: unreached. Dovecot 2.2.12 with zlib/XZ compression Message-ID: when syncing Mailboxes with IMAPSYNC, using xz compression the dbox file gets corrupted. the same configuration was working ok on low load with xz compression. Dovecot Version 2.2.12 Linux Mint 16 EXT4 Filesystem another dovecot user already reported the same problem on the mailinglist, using dsync. That user switched to bz2 compression what worked for him. the answer was : > are you on latest patchlevel ? > there are some dsync fixes since 2.2.12 but it is not a problem of dsync. when looking at the code, we get here an unexpected returnvalue when flushing. I propose it would be good practice to write some logging in the default switch cases, to see the unexpected returnvalues in the errorlog. something like : ostream-lzma.c : -- Line 147 : i_unreached(); ++ Line 147 : i_fatal("unexpected lzma errorcode when flushing : %s", ret); after that modification the errorlog shows : May 6 14:03:05 vm-imap dovecot: imap(test): Fatal: lzma errorcode when flushing : (null) maybe You can also investigate and let me know when fixed. Here the log : May 5 14:53:10 vm-imap dovecot: imap(rrernboeck): Panic: file ostream-lzma.c: line 147: unreached May 5 14:53:10 vm-imap dovecot: imap(rrernboeck): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x67450) [0x7ff99d8ce450] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x6752e) [0x7ff99d8ce52e] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7ff99d88955e] -> /usr/local/lib/dovecot/lib20_zlib_plugin.so(+0x4f0a) [0x7ff99ce87f0a] -> /usr/local/lib/dovecot/libdovecot.so.0(o_stream_flush+0x3e) [0x7ff99d8e6dbe] -> /usr/local/lib/dovecot/libdovecot.so.0(o_stream_nflush+0xf) [0x7ff99d8e71df] -> /usr/local/lib/dovecot/libdovecot.so.0(o_stream_nfinish+0x9) [0x7ff99d8e7229] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(dbox_save_end+0x29) [0x7ff99db7cfa9] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mdbox_save_finish+0x39) [0x7ff99db76619] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_save_finish+0x4d) [0x7ff99dbb6a4d] -> dovecot/imap [rrernboeck 127.0.0.1 APPEND]() [0x40be09] -> dovecot/imap [rrernboeck 127.0.0.1 APPEND](command_exec+0x3c) [0x416cfc] -> dovecot/imap [rrernboeck 127.0.0.1 APPEND]() [0x40b491] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7ff99d8de527] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7ff99d8df2b7] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7ff99d8de0c8] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7ff99d88e753] -> dovecot/imap [rrernboeck 127.0.0.1 APPEND](main+0x2af) [0x40b06f] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7ff99d4c0de5] -> dovecot/imap [rrernboeck 127.0.0.1 APPEND]() [0x40b1cc] May 5 14:53:10 vm-imap dovecot: imap(rrernboeck): Fatal: master: service(imap): child 47957 killed with signal 6 (core dumped) May 5 14:53:10 vm-imap dovecot: imap(rrernboeck): Error: Corrupted dbox file /home/vmail/virtualmailboxes/rrernboeck/storage/m.1 (around offset=1302): msg header has bad magic value From teemu.huovila at dovecot.fi Tue May 6 13:46:52 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Tue, 06 May 2014 16:46:52 +0300 Subject: [Dovecot] WG: on High Load using IMAPSYNC : Panic: file ostream-lzma.c: line 147: unreached. Dovecot 2.2.12 with zlib/XZ compression In-Reply-To: References: Message-ID: <5368E7CC.3080601@dovecot.fi> On 05/06/2014 04:39 PM, Robert Nowotny wrote: > I propose it would be good practice to write some logging in the default > switch cases, to see the unexpected returnvalues in the errorlog. > > something like : > > ostream-lzma.c : > -- Line 147 : i_unreached(); > ++ Line 147 : i_fatal("unexpected lzma errorcode when flushing : %s", > ret); > > after that modification the errorlog shows : > > May 6 14:03:05 vm-imap dovecot: imap(test): Fatal: lzma errorcode when > flushing : (null) The code change should be i_fatal("unexpected lzma errorcode when flushing : %d", ret); since ret is an integer. A logging change like that is a good idea and we have been meaning to do something similar. It would help debugging, if you could continue running it in your setup, where the error seems to occur quite frequently. Also tell me if you figure out what data or action triggers it. br, Teemu Huovila From rnowotny at rotek.at Tue May 6 16:00:32 2014 From: rnowotny at rotek.at (Robert Nowotny) Date: Tue, 6 May 2014 18:00:32 +0200 Subject: [Dovecot] Antwort: Re: WG: on High Load using IMAPSYNC : Panic: file ostream-lzma.c: line 147: unreached. Dovecot 2.2.12 with zlib/XZ compression In-Reply-To: <5368E7CC.3080601@dovecot.fi> References: <5368E7CC.3080601@dovecot.fi> Message-ID: On 05/06/2014 04:39 PM, Robert Nowotny wrote: > I propose it would be good practice to write some logging in the default > switch cases, to see the unexpected returnvalues in the errorlog. > > something like : > > ostream-lzma.c : > -- Line 147 : i_unreached(); > ++ Line 147 : i_fatal("unexpected lzma errorcode when flushing : %s", > ret); > > after that modification the errorlog shows : > > May 6 14:03:05 vm-imap dovecot: imap(test): Fatal: lzma errorcode when > flushing : (null) > The code change should be i_fatal("unexpected lzma errorcode when flushing : %d", ret); > since ret is an integer. sure - You are Right. After changing the code, the Error Log shows : lzma errorcode when flushing : 0 0 means LZMA_OK from the description in the LMZA base.h : LZMA_FINISH = 3 /**< * \brief Finish the coding operation * * All the input data must have been given to the encoder * (the last bytes can still be pending in next_in). * Call lzma_code() with LZMA_FINISH until it returns * LZMA_STREAM_END. Once LZMA_FINISH has been used, * the amount of input must no longer be changed by * the application. * * When decoding, using LZMA_FINISH is optional unless the * LZMA_CONCATENATED flag was used when the decoder was * initialized. When LZMA_CONCATENATED was not used, the only * effect of LZMA_FINISH is that the amount of input must not * be changed just like in the encoder. */ > A logging change like that is a good idea and we have been meaning to do something similar. It would help debugging, if you > could continue running it in your setup, where the error seems to occur quite frequently. Also tell me if you figure out what > data or action triggers it. The error only occurs if I sync a lot (thousands) of emails through IMAPSYNC to a new mailbox. It seems calling lzma_code(zs, LZMA_FINISH); returns LZMA_OK - but is still not ready. I guess the call gives back LZMA_OK (meaning - ok I will do that) but needs some more time to LZMA_FINISH On low load it seems to be able to finish in time - so that error never occurs. But on high (write to SSD Drive) load, it returns LZMA_OK instead of LZMA_FINISH. I changed the code now as follows and it seems to work now. I will convert some other huge boxes and lat You know if we will have some otrher negative effects on that ... This seems to work: ostream-lzma.c : Line 137 fff : ret = lzma_code(zs, LZMA_FINISH); switch (ret) { case LZMA_STREAM_END: done = TRUE; break; + /* LZMA_FINISH should be called until LZMA_STREAM_END */ + case LZMA_OK: + break; case LZMA_MEM_ERROR: i_fatal_status(FATAL_OUTOFMEM, "lzma.write(%s): Out of memory", o_stream_get_name(&zstream->ostream.ostream)); default: + /* got error on high load syncing through imap */ + i_fatal("lzma errorcode when flushing : %d", ret); i_unreached(); } } while (zs->avail_out != sizeof(zstream->outbuf)); since I am not into lmza programming - is the while clause correct, or do we need another loop until lzma_code(zs, LZMA_FINISH) returns LZMA_STREAM_END ??? br Ing. Robert Nowotny Vienna From Jochen.Bern at LINworks.de Tue May 6 17:06:21 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Tue, 06 May 2014 19:06:21 +0200 Subject: [Dovecot] Broken IMAPS Connects Create Lingering imap-login Processes In-Reply-To: <24CA5A07-86C7-4435-B482-6CF7E5FEFC7F@iki.fi> References: <5367F106.9040800@LINworks.de> <24CA5A07-86C7-4435-B482-6CF7E5FEFC7F@iki.fi> Message-ID: <5369168D.5030201@LINworks.de> On 06.05.2014 14:14, Timo Sirainen wrote: > On 5.5.2014, at 23.13, Jochen Bern wrote: >> The problem I'ld like to ask for help with here is that dovecot's >> imap-login process doesn't terminate when the FIN is received, or when >> the IMAP protocol's inactivity timeout is reached, it takes *more than >> two hours* for it to go away. Because of that, this single client racks >> up 1100+ processes (counting against dovecot's configured limits), TCP >> connections, and the associated RAM usage. > .. >> dovenull 12064 0.0 0.0 42440 3656 ? S 19:32 0:00 \_ dovecot/imap-login [1 connections (1 TLS)] > > The process is taking 0% CPU? Less than 0.002%, in any case. > There was bug where a broken handshake could have caused 100% CPU > usage. Maybe the same problem could happen in a slightly different > way and also not cause CPU usage. > http://hg.dovecot.org/dovecot-2.2/rev/c0236d1c4a04 fixes this. > > Although even then .. I'm not sure why the process wouldn't die > sooner. And Dovecot especially should kill old imap-login processes > that haven't logged in if it reaches the imap-login process limit. > > I'd anyway try v2.2 first.. Thanks for the pointers. We're having a change management and an official-repos-if-at-all-possible policy going on, so I'll likely start with adding just this patch and (belt and suspenders ;-) a bit of "iptables -m connlimit" in the upcoming maintenance windows. Watching the production server run up to the limits hoping that they'll prove to be padded walls *this* time (rather than raising malfunction alerts in hundreds of client sites as usual) takes a braver man than myself, I'm afraid ... :-} Kind regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From njriley at illinois.edu Mon May 5 22:35:20 2014 From: njriley at illinois.edu (Nicholas Riley) Date: Mon, 05 May 2014 17:35:20 -0500 Subject: [Dovecot] imapc with Outlook.com transfers max 22-23 messages per mailbox!? Message-ID: Hi, I'm trying to migrate a user from Outlook.com IMAP to Dovecot. I'm using a setup similar to that on http://wiki2.dovecot.org/Migration/Dsync: imapc_host = imap-mail.outlook.com imapc_user = [...]@hotmail.com imapc_password = [...] imapc_features = rfc822.size fetch-headers mail_prefetch_count = 20 imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = yes ssl_client_ca_dir = /etc/ssl # this needs fixing on the wiki page Here's how I sync a single mailbox, which should have a few hundred messages in it: % doveadm -D -v -c [...] sync -1 -R -u [...] -m Avalon imapc: Output is at http://sabi.net/temp/sync.txt But every mailbox contains at most 22-23 messages. % for i in Maildir/**/cur; do echo $i $(ls -1 $i | wc -l) done Maildir/Alaska/cur 23 Maildir/Avalon/cur 22 Maildir/Christine Scott/cur 22 Maildir/Cornell/cur 22 Maildir/Coupons/cur 10 Maildir/Deleted/cur 22 [...] I was using 2.2.9 but I also tried with the dovecot-2.2 hg tip and did not see any difference. Is there a rawlog equivalent for imapc? I'm hoping that there is a simple protocol usage change that could let me get entire mailboxes. -- Nicholas Riley From s.sabatier at pobox.com Tue May 6 19:44:41 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Tue, 6 May 2014 21:44:41 +0200 Subject: [Dovecot] LMTP, TLS/SSL, authentication, proxy Message-ID: Hello, unfortunatly, TLS doesn't seem to work on LMTP, anyway, not by simply put ssl=yet to the lmtp inet_listener. I've tried and when I *openssl s_client -connect* to the lmtp listener I've got the following response : CONNECTED(00000003) 34379118248:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:766: My postfix server can't neither establish a TLS connection on LMTP listener. On 22.10.2013, at 14.37, Jogi Hofm?ller wrote: Can dovecot use TLS/SSL on LTMP inet socket? Oct 26, 2013 8:11:19 am ?, Timo Sirainen replied:? Probably. Try adding ssl=yes to the inet_listener {}. --------------------------------------------------------------- Stanislas SABATIER s.sabatier at pobox.com --------------------------------------------------------------- From milan.cvetkovic at mpathix.com Tue May 6 19:46:53 2014 From: milan.cvetkovic at mpathix.com (Milan Cvetkovic) Date: Tue, 06 May 2014 15:46:53 -0400 Subject: [Dovecot] When the subject portion of an e-mail contains a control character, dovecot.sieve terminates unexpectatedly. In-Reply-To: <1C04DA02-D04A-4EC0-A44C-7C4EA1F5D762@iki.fi> References: <536356F2.2050903@designet.co.jp> <1C04DA02-D04A-4EC0-A44C-7C4EA1F5D762@iki.fi> Message-ID: <53693C2D.9020701@mpathix.com> Timo Sirainen wrote: > Is there a reason why mails contain these kind of control characters? Is it commonly used? And is it OK if Dovecot translates them to UTF-8 for the rewritten header, or would the subject have to stay ISO-2022-JP encoded? Some spammers may like to core dump our servers :-) From rnowotny at rotek.at Tue May 6 20:24:30 2014 From: rnowotny at rotek.at (Robert Nowotny) Date: Tue, 6 May 2014 22:24:30 +0200 Subject: [Dovecot] Antwort: Antwort: Re: WG: on High Load using IMAPSYNC : Panic: file ostream-lzma.c: line 147: unreached. Dovecot 2.2.12 with zlib/XZ compression --> solved ! In-Reply-To: References: <5368E7CC.3080601@dovecot.fi> Message-ID: when using xz compression, on high load (syncing thousands of emails) dovecot panics with : Panic: file ostream-lzma.c: line 147: unreached after some investigation I found out that the call ret = lzma_code(zs, LZMA_FINISH); returns LZMA_OK (what is enumerated integer 0) sometimes. again - this error will only show up under heavy load, for instance when syncing a lot of emails to a new mailbox with imapsync or dsync. After patching the file ostream-lzma.c as follows, it seems to work now correctly. Someone with more knowledge about the lzma library and that codepart should probably look over it, before merging it into the code. I did extensive testing with huge mailboxes successfully- just insert the lines marked with '++' and recompile. -- code snipped of ostream-lzma.c, around line 124 -- do { len = sizeof(zstream->outbuf) - zs->avail_out; if (len != 0) { zs->next_out = zstream->outbuf; zs->avail_out = sizeof(zstream->outbuf); zstream->outbuf_used = len; if ((ret = o_stream_zlib_send_outbuf(zstream)) <= 0) return ret; if (done) break; } ret = lzma_code(zs, LZMA_FINISH); switch (ret) { case LZMA_STREAM_END: done = TRUE; break; ++ /* LZMA_FINISH should be called until LZMA_STREAM_END */ ++ /* got LZMA_OK on high server load when syncing through imap */ ++ case LZMA_OK: ++ break; case LZMA_MEM_ERROR: i_fatal_status(FATAL_OUTOFMEM, "lzma.write(%s): Out of memory", o_stream_get_name(&zstream->ostream.ostream)); default: ++ /* log the unexpected error code if any */ ++ i_fatal("lzma returncode when flushing : %d", ret); i_unreached(); } } while (zs->avail_out != sizeof(zstream->outbuf)); -- /code snipped -- yours sincerely Ing. Robert Nowotny Rotek GmbH Vienna, Austria From t.b.mailinglists at igeno-fat.de Tue May 6 20:49:15 2014 From: t.b.mailinglists at igeno-fat.de (T.B.) Date: Tue, 06 May 2014 22:49:15 +0200 Subject: [Dovecot] Pigeonhole sieve re-filter extension? In-Reply-To: <5368C78E.9000107@alec.pl> References: <5368BCD3.8080604@igeno-fat.de> <5368C20B.6090909@rename-it.nl> <5368C78E.9000107@alec.pl> Message-ID: <53694ACB.5070806@igeno-fat.de> > On 05/06/2014 01:05 PM, Stephan Bosch wrote: > > I proposed something like this in the past, but it didn't catch much attention. The only reason I can imagine is the classic chicken-and-egg problem. IMHO the demand is there! Sieve is still hard to use ... the integration in many MUA's is not end-user friendly. No normal user wants to learn a new complex language just to sort some mails to sub-folders. Many interfaces just allow preconfigured Sieve scripts, e.g. for vacation absence. So at the moment- sieve is mainly used by administrators and enthusiasts. Few Managesieve clients already have some user-friendly kind of point and click or drag and drop GUI - But they are coming! The wish to move or filter mail comes from EXISTING mails - usually you have a big INBOX and want to do something with it because you lost the overwiew - you want to delete mails or restructure them in sub-folders. But there is NO solution atm. The normal user now has two possibilities: Run to the administrator an beg him to start re-filtering [ -> unacceptable] - or he uses some other client side filtering which you can find in Outlook or Thunderbird. To do client side filtering he has to re-create filter rules with the MUA's own filter GUI. Both is not an acceptable workflow - not at all. No normal user will do that. A third manual alternative would be to use the search function to do something with the mails - but also in addition to the sieve rules, which is also an additional step. An Managesieve protocol extension to trigger refiltering is THE "missing piece" for an consistent and acceptable workflow in the modern world where multiple devices use the same IMAP account. IMHO the implementation would be relatively easy: The functionality is already implemented ("sieve-filter"). And call parameters of "sieve-filter" like -e and -W need an equivalent in the Managesieve protocol. Of course everything should be cast in a RFC :) What do you think? Am 06.05.2014 13:29, schrieb A.L.E.C: > There are some similarities, but I think this is not what we want here. > We don't need imap events, we don't need new sieve extensions, we don't > need metadata. All we need is one simple imap (or managesieve) command > that executes current (or specified) script on specified folder (or > maybe later a set of messages, like in IMAP SEARCH). The implementation > then would be much simpler. Exactly - nothing left to be added. Kind Regards, T.B. From njriley at illinois.edu Tue May 6 21:52:05 2014 From: njriley at illinois.edu (Nicholas Riley) Date: Tue, 06 May 2014 16:52:05 -0500 Subject: [Dovecot] imapc with Outlook.com transfers max 22-23 messages per mailbox!? References: Message-ID: For future reference, I ended up using OfflineIMAP instead (doesn't give me indexing/LDA functionality, but I'll just do that separately). This seems clearly like a server bug as mbsync/isync also had an issue finding all the messages in each mailbox. In article , Nicholas Riley wrote: > Hi, > > I'm trying to migrate a user from Outlook.com IMAP to Dovecot. I'm > using a setup similar to that on > http://wiki2.dovecot.org/Migration/Dsync: > > imapc_host = imap-mail.outlook.com > imapc_user = [...]@hotmail.com > imapc_password = [...] > imapc_features = rfc822.size fetch-headers > mail_prefetch_count = 20 > > imapc_port = 993 > imapc_ssl = imaps > imapc_ssl_verify = yes > ssl_client_ca_dir = /etc/ssl # this needs fixing on the wiki page > > Here's how I sync a single mailbox, which should have a few hundred > messages in it: > > % doveadm -D -v -c [...] sync -1 -R -u [...] -m Avalon imapc: > > Output is at http://sabi.net/temp/sync.txt > > But every mailbox contains at most 22-23 messages. > > % for i in Maildir/**/cur; do > echo $i $(ls -1 $i | wc -l) > done > Maildir/Alaska/cur 23 > Maildir/Avalon/cur 22 > Maildir/Christine Scott/cur 22 > Maildir/Cornell/cur 22 > Maildir/Coupons/cur 10 > Maildir/Deleted/cur 22 > [...] > > I was using 2.2.9 but I also tried with the dovecot-2.2 hg tip and did > not see any difference. > > Is there a rawlog equivalent for imapc? I'm hoping that there is a > simple protocol usage change that could let me get entire mailboxes. -- Nicholas Riley From rnowotny at rotek.at Tue May 6 21:58:59 2014 From: rnowotny at rotek.at (Robert Nowotny) Date: Tue, 6 May 2014 23:58:59 +0200 Subject: [Dovecot] Antwort: Re: imapc with Outlook.com transfers max 22-23 messages per mailbox!? In-Reply-To: References: Message-ID: I can recommend imapsync for that job see : https://github.com/imapsync/imapsync yours sincerely Robert Von: Nicholas Riley An: dovecot at dovecot.org Datum: 06.05.2014 23:52 Betreff: Re: [Dovecot] imapc with Outlook.com transfers max 22-23 messages per mailbox!? Gesendet von: "dovecot" For future reference, I ended up using OfflineIMAP instead (doesn't give me indexing/LDA functionality, but I'll just do that separately). This seems clearly like a server bug as mbsync/isync also had an issue finding all the messages in each mailbox. In article , Nicholas Riley wrote: > Hi, > > I'm trying to migrate a user from Outlook.com IMAP to Dovecot. I'm > using a setup similar to that on > http://wiki2.dovecot.org/Migration/Dsync: > > imapc_host = imap-mail.outlook.com > imapc_user = [...]@hotmail.com > imapc_password = [...] > imapc_features = rfc822.size fetch-headers > mail_prefetch_count = 20 > > imapc_port = 993 > imapc_ssl = imaps > imapc_ssl_verify = yes > ssl_client_ca_dir = /etc/ssl # this needs fixing on the wiki page > > Here's how I sync a single mailbox, which should have a few hundred > messages in it: > > % doveadm -D -v -c [...] sync -1 -R -u [...] -m Avalon imapc: > > Output is at http://sabi.net/temp/sync.txt > > But every mailbox contains at most 22-23 messages. > > % for i in Maildir/**/cur; do > echo $i $(ls -1 $i | wc -l) > done > Maildir/Alaska/cur 23 > Maildir/Avalon/cur 22 > Maildir/Christine Scott/cur 22 > Maildir/Cornell/cur 22 > Maildir/Coupons/cur 10 > Maildir/Deleted/cur 22 > [...] > > I was using 2.2.9 but I also tried with the dovecot-2.2 hg tip and did > not see any difference. > > Is there a rawlog equivalent for imapc? I'm hoping that there is a > simple protocol usage change that could let me get entire mailboxes. -- Nicholas Riley From rnowotny at rotek.at Tue May 6 22:05:48 2014 From: rnowotny at rotek.at (Robert Nowotny) Date: Wed, 7 May 2014 00:05:48 +0200 Subject: [Dovecot] Some Information about compression rates to expect using zlib/xz compression Message-ID: compression : xz, Level 6 here some compression rates I experienced : Diskspace usage : user1: uncompressed : 2.3GB --> compressed 1 GB user2: uncompressed : 6.2GB --> compressed 3.9 GB just for your reference Ing. Robert Nowotny Rotek GmbH Vienna/Austria From tanaka at designet.co.jp Wed May 7 01:18:07 2014 From: tanaka at designet.co.jp (Atsuko Tanaka) Date: Wed, 07 May 2014 10:18:07 +0900 Subject: [Dovecot] When the subject portion of an e-mail contains a control character, dovecot.sieve terminates unexpectatedly. In-Reply-To: <1C04DA02-D04A-4EC0-A44C-7C4EA1F5D762@iki.fi> References: <536356F2.2050903@designet.co.jp> <1C04DA02-D04A-4EC0-A44C-7C4EA1F5D762@iki.fi> Message-ID: <536989CF.8060200@designet.co.jp> Thank you for reply. (2014/05/05 21:24), Timo Sirainen wrote: > Is there a reason why mails contain these kind of control characters? > Is it commonly used? And is it OK if Dovecot translates them to UTF-8 > for the rewritten header, or would the subject have to stay > ISO-2022-JP encoded? Not common, but it is present. Spammers may send. I'm in trouble in fact. Atsuko Tanaka From tanaka at designet.co.jp Wed May 7 02:42:23 2014 From: tanaka at designet.co.jp (Atsuko Tanaka) Date: Wed, 07 May 2014 11:42:23 +0900 Subject: [Dovecot] When you send an email with specific characters are included, dovecot.sieve is aborted. In-Reply-To: <5361F00E.9080803@rename-it.nl> References: <5361D32F.3080105@designet.co.jp> <5361F00E.9080803@rename-it.nl> Message-ID: <53699D8F.1070602@designet.co.jp> (2014/05/01 15:56), Stephan Bosch wrote: > Yes, definitely. Please provide the following: > > 1) Any relevant error you find in the log files. > > 2) Your configuration: execute `dovecot -n` and provide the output. > > 3) An example message that causes the failure. > > 4) The sieve script that is executing while the failure occurs. > > Regards, > > Stephan. Thank you for reply. I reported the problem. subject: When the subject portion of an e-mail contains a control character, dovecot.sieve terminates unexpectatedly. Atsuko Tanaka From tj at terramar.net Wed May 7 03:30:28 2014 From: tj at terramar.net (Thomas Johnson) Date: Tue, 6 May 2014 20:30:28 -0700 Subject: [Dovecot] Can Auth dict proxy protocol be used to validate a password? Message-ID: I'm interested in using authentication via a UNIX socket as documented at http://wiki2.dovecot.org/AuthDatabase/Dict. (We are currently using a checkpassword script to enable us to authenticate against a django app that stores passwords in pbkdf2 format, but I'm concerned about scalability as we grow - specifically the comment about performance on http://wiki2.dovecot.org/AuthDatabase/CheckPassword). The example clearly shows retrieving a password, but is there some way to validate a password that was provided the way a checkpassword script does? Otherwise, for performance reasons, perhaps we should implement a new password scheme directly for dovecot? Thanks- Tom From skdovecot at smail.inf.fh-brs.de Wed May 7 06:35:50 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 7 May 2014 08:35:50 +0200 (CEST) Subject: [Dovecot] Pigeonhole sieve re-filter extension? In-Reply-To: <53694ACB.5070806@igeno-fat.de> References: <5368BCD3.8080604@igeno-fat.de> <5368C20B.6090909@rename-it.nl> <5368C78E.9000107@alec.pl> <53694ACB.5070806@igeno-fat.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 6 May 2014, T.B. wrote: > Am 06.05.2014 13:29, schrieb A.L.E.C: >> There are some similarities, but I think this is not what we want here. >> We don't need imap events, we don't need new sieve extensions, we don't >> need metadata. All we need is one simple imap (or managesieve) command >> that executes current (or specified) script on specified folder (or >> maybe later a set of messages, like in IMAP SEARCH). The implementation >> then would be much simpler. > > Exactly - nothing left to be added. Just musing: the antispam-plugin triggers e.g. an external command, if you fork it, give it another name and another setting's prefix, you can configure it to spawn sieve-filter on the special "Re-filter" folder, maybe delaying its run to gather all messages from a bulk move operation or something like that. That said, on small systems even a cron may work. I never used the sieve-filter tool, though. And the man page warns about its useage. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU2nUR3z1H7kL/d9rAQLkNgf/V7/nTTG5AMeoltnXIPAds7c/o11p/puh 9MRe57lXQLDaINJFcE9cdRVrDwtAXSrVAmj1LIpHC9qpVrG6FyguHCn2+cpIUvup TGGcNxtuX1RM6GbEJbGXXgt4KT5r761cPixupDebOypfYLKm18ENxohEF8U+TUHU kes7n8Nyk67wYZhxHt31ubDB+fpIOPTXQKqfjuSxCXSNri2YXvRaciD3+g1UA9XJ hl6fjrDqt3MK+/V/i1LI5kqXh4DUsZysy+DA6eYaF+htSeovCF2fVVVB+pLJxWHw 5jaIz8SZNn7fiW4bLo7buAsyGLmqRIkIhA6VoyioyR9jaKps3Pa1ZQ== =jmvo -----END PGP SIGNATURE----- From bind at enas.net Wed May 7 06:35:26 2014 From: bind at enas.net (Urban Loesch) Date: Wed, 07 May 2014 08:35:26 +0200 Subject: [Dovecot] Again: pop3: Panic: Trying to allocate 0 bytes In-Reply-To: <9A027117-7198-4DB0-AA8F-835AEECC47C0@iki.fi> References: <5368D44E.8050308@enas.net> <3751A453-0BF8-45EF-AF5C-59253C130249@iki.fi> <9A027117-7198-4DB0-AA8F-835AEECC47C0@iki.fi> Message-ID: <5369D42E.7070003@enas.net> Hi Timo, > Actually, there's another bug, which is now fixed with: http://hg.dovecot.org/dovecot-2.2/rev/4493e070c47e > > As a workaround you can also remove %u from pop3_logout_format. > This fixed the bug. I installed it yesterday evening. No more errors like before. Many thanks Urban From ml-dovecot at zu-con.org Wed May 7 06:59:37 2014 From: ml-dovecot at zu-con.org (Matthias Rieber) Date: Wed, 7 May 2014 08:59:37 +0200 (CEST) Subject: [Dovecot] crash while fts searching a virtual folder In-Reply-To: <91119890-1566-4265-BE4E-ED8056F6893E@iki.fi> References: <9c91cfb839aa254c4d5096ab843f2f0a@ssl.scheff32.de> <91119890-1566-4265-BE4E-ED8056F6893E@iki.fi> Message-ID: On Fri, 2 May 2014, Timo Sirainen wrote: > On 25.4.2014, at 15.24, Matthias Rieber wrote: > >> searching a virtual folder crashes dovecot quite often. I'm using dovecot 2.2.12. Here's the backtrace: >> >> #5 0x00007fc1d6774ed9 in level_scores_add_vuids (br=0x2413ab8, level=0x1c0c2e0, vbox=0x170c950) at fts-search.c:81 > > http://hg.dovecot.org/dovecot-2.2/rev/d63b209737be should fix this. seems to work. Thank you. Matthias From tss at iki.fi Wed May 7 07:51:20 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 May 2014 10:51:20 +0300 Subject: [Dovecot] Can Auth dict proxy protocol be used to validate a password? In-Reply-To: References: Message-ID: <121CC46E-F13A-4209-99C3-EE7F265F37CD@iki.fi> On 7.5.2014, at 6.30, Thomas Johnson wrote: > I'm interested in using authentication via a UNIX socket as documented at http://wiki2.dovecot.org/AuthDatabase/Dict. > > (We are currently using a checkpassword script to enable us to authenticate against a django app that stores passwords in pbkdf2 format, but I'm concerned about scalability as we grow - specifically the comment about performance on http://wiki2.dovecot.org/AuthDatabase/CheckPassword). > > The example clearly shows retrieving a password, but is there some way to validate a password that was provided the way a checkpassword script does? You can make it work the same as with e.g. SQL. Don't return a password and return nopassword=y and return success only if the authentication succeeded. From sean at bsdpanic.com Mon May 5 21:01:24 2014 From: sean at bsdpanic.com (Sean Wilson) Date: Mon, 05 May 2014 22:01:24 +0100 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> Message-ID: <5367FC24.3060309@bsdpanic.com> Another option I was thinking about is: Can you have "throw away one time passwords" that you use for logging into Roundcube only? From ml-dovecot at zu-con.org Wed May 7 08:14:08 2014 From: ml-dovecot at zu-con.org (Matthias Rieber) Date: Wed, 7 May 2014 10:14:08 +0200 (CEST) Subject: [Dovecot] crash while fts searching a virtual folder In-Reply-To: <91119890-1566-4265-BE4E-ED8056F6893E@iki.fi> References: <9c91cfb839aa254c4d5096ab843f2f0a@ssl.scheff32.de> <91119890-1566-4265-BE4E-ED8056F6893E@iki.fi> Message-ID: On Fri, 2 May 2014, Timo Sirainen wrote: > On 25.4.2014, at 15.24, Matthias Rieber wrote: > >> searching a virtual folder crashes dovecot quite often. I'm using dovecot 2.2.12. Here's the backtrace: >> >> #5 0x00007fc1d6774ed9 in level_scores_add_vuids (br=0x2413ab8, level=0x1c0c2e0, vbox=0x170c950) at fts-search.c:81 > > http://hg.dovecot.org/dovecot-2.2/rev/d63b209737be should fix this. after a few searches I get the following crash: [New LWP 4218] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/imap'. Program terminated with signal 6, Aborted. #0 0x00007fbfff6d9425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #0 0x00007fbfff6d9425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #1 0x00007fbfff6dcb8b in abort () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #2 0x00007fbfffacc935 in default_fatal_finish (type=, status=0) at failures.c:193 backtrace = 0x1240598 "/usr/local/lib/dovecot/libdovecot.so.0(+0x6993f) [0x7fbfffacc93f] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x6999e) [0x7fbfffacc99e] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fbfffa85"... #3 0x00007fbfffacc99e in i_internal_fatal_handler (ctx=0x7fffe578e2f0, format=, args=) at failures.c:657 status = 0 #4 0x00007fbfffa85969 in i_panic (format=) at failures.c:267 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffe578e3c0, reg_save_area = 0x7fffe578e300}} #5 0x00007fbffea5a007 in fts_search_deserialize_add_idx (args=, buf=, idx=, matches=) at fts-search-serialize.c:63 No locals. #6 fts_search_deserialize_add_idx (args=0x1622db0, buf=0x16a5ac8, idx=0x7fffe578e40c, matches=false) at fts-search-serialize.c:56 data = 0x16a5b00 "" #7 0x00007fbffea5a15c in fts_search_deserialize_add_nonmatches (args=, buf=0x16a5ac8) at fts-search-serialize.c:97 idx = 0 __FUNCTION__ = "fts_search_deserialize_add_nonmatches" #8 0x00007fbffea5ab7f in fts_search_apply_results_level (ctx=0x134e850, args=0x1622db0, idx=0x7fffe578e46c) at fts-storage.c:277 fctx = level = 0x16257e0 #9 0x00007fbffea5ad12 in fts_mailbox_search_next_update_seq (ctx=0x134e850) at fts-storage.c:314 fbox = 0x12769a0 fctx = 0x16256a0 idx = 0 #10 0x00007fbfffddbb1c in search_more_with_mail (mail=0x16b62b0, ctx=0x134e850) at index-search.c:1509 _ctx = 0x134e850 box = 0x12759a0 match = 0 ret = -1 imail = 0x16b62b0 cost1 = 0 #11 search_more_with_prefetching (mail_r=, ctx=) at index-search.c:1582 _data_stack_cur_id = 4 ret = mail = 0x16b62b0 #12 search_more (ctx=0x134e850, mail_r=0x7fffe578e500) at index-search.c:1653 imail = ret = 0 #13 0x00007fbfffddc1b8 in index_storage_search_next_nonblock (_ctx=0x134e850, mail_r=0x7fffe578e600, tryagain_r=0x7fffe578e60f) at index-search.c:1689 ctx = 0x134e850 mail = 0x62e8f0 seq = ret = #14 0x00007fbffe846106 in virtual_search_next_nonblock (ctx=0x134e850, mail_r=0x7fffe578e600, tryagain_r=0x7fffe578e60f) at virtual-search.c:150 vctx = 0x16253c0 ictx = 0x134e850 seq = __FUNCTION__ = "virtual_search_next_nonblock" #15 0x00007fbffe84601e in virtual_search_next_nonblock (ctx=0x134e850, mail_r=0x7fffe578e600, tryagain_r=0x7fffe578e60f) at virtual-search.c:148 vctx = 0x16253c0 ictx = 0x134e850 seq = __FUNCTION__ = "virtual_search_next_nonblock" #16 0x00007fbfffdb5ac7 in mailbox_search_next_nonblock (ctx=0x134e850, mail_r=0x7fffe578e600, tryagain_r=) at mail-storage.c:1796 box = #17 0x000000000041c6e7 in cmd_search_more (cmd=0x1273180) at imap-search.c:443 ctx = 0x12732a0 opts = SEARCH_RETURN_ALL mail = 0x0 sync_flags = end_time = {tv_sec = 23813664, tv_usec = 1024} range = 0x6 count = id = id_min = 0 id_max = 0 ok_reply = time_msecs = tryagain = lost_data = __FUNCTION__ = "cmd_search_more" #18 0x000000000041cb69 in imap_search_start (ctx=0x12732a0, sargs=, sort_program=) at imap-search.c:610 cmd = 0x1273180 __FUNCTION__ = "imap_search_start" #19 0x0000000000412f49 in cmd_sort (cmd=0x1273180) at cmd-sort.c:141 ctx = 0x12732a0 sargs = 0x1622ce0 sort_program = {MAIL_SORT_DATE, MAIL_SORT_END, 4289657586, 32703, 17, MAIL_SORT_END, MAIL_SORT_SUBJECT, 48, 3849906112, 32767, 3849905904, 32767} args = 0x124bad8 list_args = 0x124bc18 charset = 0x124bd70 "US-ASCII" ret = #20 0x000000000041732d in command_exec (cmd=0x1273180) at imap-commands.c:158 hook = 0x12490f0 ret = #21 0x00000000004163c0 in client_command_input (cmd=0x1273180) at imap-client.c:778 client = 0x1272620 command = __FUNCTION__ = "client_command_input" #22 0x00000000004164a5 in client_command_input (cmd=0x1273180) at imap-client.c:839 client = 0x1272620 command = __FUNCTION__ = "client_command_input" #23 0x000000000041674d in client_handle_next_command (remove_io_r=, client=0x1272620) at imap-client.c:877 No locals. #24 client_handle_input (client=0x1272620) at imap-client.c:889 _data_stack_cur_id = 3 ret = 64 remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #25 0x0000000000416ac2 in client_input (client=0x1272620) at imap-client.c:931 cmd = output = 0x1273040 bytes = 51 __FUNCTION__ = "client_input" #26 0x00007fbfffadd93e in io_loop_call_io (io=0x12701e0) at ioloop.c:441 ioloop = 0x1248730 t_id = 2 __FUNCTION__ = "io_loop_call_io" #27 0x00007fbfffade95f in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 ctx = 0x12493d0 events = 0x0 event = 0x124a240 list = 0x124ae30 io = tv = {tv_sec = 1799, tv_usec = 998979} events_count = msecs = ret = 1 i = call = __FUNCTION__ = "io_loop_handler_run_internal" #28 0x00007fbfffadd9c9 in io_loop_handler_run (ioloop=0x1248730) at ioloop.c:488 No locals. #29 0x00007fbfffadda48 in io_loop_run (ioloop=0x1248730) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #30 0x00007fbfffa8ad83 in master_service_run (service=0x12485c0, callback=) at master-service.c:566 No locals. #31 0x000000000040af58 in main (argc=1, argv=0x1248390) at main.c:400 set_roots = {0x4278a0, 0x0} login_set = {auth_socket_path = 0x1240058 "", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x41fb50 , failure_callback = 0x41f860 , request_auth_token = 1} service_flags = storage_service_flags = username = c = When I delete the dovecot.index* files I can search again for a few times. Matthias From t.b.mailinglists at igeno-fat.de Wed May 7 08:40:17 2014 From: t.b.mailinglists at igeno-fat.de (T.B.) Date: Wed, 07 May 2014 10:40:17 +0200 Subject: [Dovecot] Pigeonhole sieve re-filter extension? In-Reply-To: References: <5368BCD3.8080604@igeno-fat.de> <5368C20B.6090909@rename-it.nl> <5368C78E.9000107@alec.pl> <53694ACB.5070806@igeno-fat.de> Message-ID: <5369F171.2000709@igeno-fat.de> Am 07.05.2014 08:35, schrieb Steffen Kaiser: > Just musing: > > the antispam-plugin triggers e.g. an external command, if you fork it, > give it another name and another setting's prefix, you can configure > it to spawn sieve-filter on the special "Re-filter" folder, maybe > delaying its run to gather all messages from a bulk move operation or > something like that. That said, on small systems even a cron may work. > > I never used the sieve-filter tool, though. And the man page warns > about its useage. > > - -- Steffen Kaiser I think it would not be a problem to develop a solution to remotely trigger re-filtering for me, myself and I. But that is not the point here. Clients like the Thunderbird Sieve Extension (https://github.com/thsmi/sieve, https://addons.mozilla.org/de/thunderbird/addon/sieve/) or the diverse webmail MUA's will only start implementing such a feature if there is a official draft or specification. The whole point of my initiative here is that Managesieve finally becomes the capability to replicate the features the users know from their local client side filtering (Thunderbird, Outlook) which provide the feature of re-filtering. Even big webmail providers like the Global Mail Exchange / GMX here in Germany provide re-filtering in their webgui. I use the sieve-filter tool very often for myself - everytime when I create a new subfolder and create a new fileinto rule, I refilter my Inbox to clean it up and have a consistent subfolder with all old and new mails that are matching the rule. The man page of the sieve-filter tool is 2 and a half years old ;) (http://pigeonhole.dovecot.org/doc/man1/sieve-filter.1.html) Sadly even the Wiki page doesn't mention it directly: http://wiki2.dovecot.org/HowTo/RefilterMail The tool works like a charm, but if your sieve script does not do what you actually intended, you can delete all your mails. But that's the same with Thunderbirds or Outlooks client side techniques. The only difference is that both MUA's provide a good GUI which explains and summarizes what the filter rules will do and thereby prevent not intended behavior of the rules. Since the new german Dovecot book (http://www.dovecot-buch.de/) recommends the sieve-filter tool for refiltering, it will get much more attention in the future. Best regards, T.B. From tss at iki.fi Wed May 7 10:05:42 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 May 2014 13:05:42 +0300 Subject: [Dovecot] Antwort: Antwort: Re: WG: on High Load using IMAPSYNC : Panic: file ostream-lzma.c: line 147: unreached. Dovecot 2.2.12 with zlib/XZ compression --> solved ! In-Reply-To: References: <5368E7CC.3080601@dovecot.fi> Message-ID: <2E2FAB29-C116-4CD1-A4CB-CE005680260D@iki.fi> On 6.5.2014, at 23.24, Robert Nowotny wrote: > when using xz compression, on high load (syncing thousands of emails) > dovecot panics with : Panic: file ostream-lzma.c: line 147: unreached > > after some investigation I found out that the call > > ret = lzma_code(zs, LZMA_FINISH); > > returns LZMA_OK (what is enumerated integer 0) sometimes. > > again - this error will only show up under heavy load, for instance when > syncing a lot of emails to a new mailbox with imapsync or dsync. > > After patching the file ostream-lzma.c as follows, it seems to work now > correctly. > > Someone with more knowledge about the lzma library and that codepart > should probably look over it, before merging it into the code. I think your change is ok, but I did a bit more changes to make it work exactly the same as the example included in xz-utils, just in case something else might be still wrong. http://hg.dovecot.org/dovecot-2.2/rev/8e6d98d34dbf From hmoreno at gmv.com Wed May 7 10:26:11 2014 From: hmoreno at gmv.com (=?iso-8859-1?Q?H=E9ctor_Moreno_Blanco?=) Date: Wed, 7 May 2014 10:26:11 +0000 Subject: [Dovecot] sieve - different sieve scripts Message-ID: Hello everybody, We have Dovecot 2.1.6 and PigeonHole 0.3.0. Is possible to have two different sieve scripts working at the same time? My sieve configuration in dovecot.conf: ... managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify ... sieve = %h/.dovecot.sieve sieve_dir = %h/sieve sieve_extensions = +imapflags +notify } protocols = imap pop3 sieve ... service managesieve-login { executable = /usr/local/dovecot/libexec/dovecot/managesieve-login inet_listener sieve { address = * port = 4190 } inet_listener sieve_deprecated { address = * port = 12000 } user = vmail } service managesieve { executable = /usr/local/dovecot/libexec/dovecot/managesieve } ... protocol sieve { managesieve_implementation_string = dovecot Pigeonhole managesieve_logout_format = bytes ( in=%i : out=%o ) managesieve_max_line_length = 65536 } Thank you very much in advanced. Kind regards. H?ctor Moreno Blanco. P Please consider the environment before printing this e-mail. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ From h.reindl at thelounge.net Wed May 7 10:30:15 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 07 May 2014 12:30:15 +0200 Subject: [Dovecot] sieve - different sieve scripts In-Reply-To: References: Message-ID: <536A0B37.6040107@thelounge.net> Am 07.05.2014 12:26, schrieb H?ctor Moreno Blanco: > We have Dovecot 2.1.6 and PigeonHole 0.3.0. > Is possible to have two different sieve scripts working at the same time? no, independent of the software that is not possible http://tools.ietf.org/html/rfc5804 1.4. Active Script A user may have multiple Sieve scripts on the server, yet only one script may be used for filtering of incoming messages. This is the active script. Users may have zero or one active script and MUST use the SETACTIVE command described below for changing the active script or disabling Sieve processing. For example, users may have an everyday script they normally use and a special script they use when they go on vacation. Users can change which script is being used without having to download and upload a script stored somewhere else. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From alec at alec.pl Wed May 7 10:36:18 2014 From: alec at alec.pl (A.L.E.C) Date: Wed, 07 May 2014 12:36:18 +0200 Subject: [Dovecot] sieve - different sieve scripts In-Reply-To: <536A0B37.6040107@thelounge.net> References: <536A0B37.6040107@thelounge.net> Message-ID: <536A0CA2.2020509@alec.pl> On 05/07/2014 12:30 PM, Reindl Harald wrote: > Am 07.05.2014 12:26, schrieb H?ctor Moreno Blanco: >> We have Dovecot 2.1.6 and PigeonHole 0.3.0. >> Is possible to have two different sieve scripts working at the same time? > > no, independent of the software that is not possible But you can include many scripts into one (active) script if server supports 'include' extension. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From t.b.mailinglists at igeno-fat.de Wed May 7 10:39:54 2014 From: t.b.mailinglists at igeno-fat.de (T.B.) Date: Wed, 07 May 2014 12:39:54 +0200 Subject: [Dovecot] sieve - different sieve scripts In-Reply-To: <536A0CA2.2020509@alec.pl> References: <536A0B37.6040107@thelounge.net> <536A0CA2.2020509@alec.pl> Message-ID: <536A0D7A.6090607@igeno-fat.de> Am 07.05.2014 12:36, schrieb A.L.E.C: > On 05/07/2014 12:30 PM, Reindl Harald wrote: >> Am 07.05.2014 12:26, schrieb H?ctor Moreno Blanco: >>> We have Dovecot 2.1.6 and PigeonHole 0.3.0. >>> Is possible to have two different sieve scripts working at the same time? >> no, independent of the software that is not possible > But you can include many scripts into one (active) script if server > supports 'include' extension. > According to http://pigeonhole.dovecot.org/ it is possible to execute multiple scripts. But just one personal script is possible: The Pigeonhole Sieve implementation supports executing multiple Sieve scripts sequentially. Using this feature it is possible to execute administrator-controlled Sieve scripts before and after the user's personal Sieve script, guaranteeing that responses and message deliveries are never duplicated. This implementation is based on a draft specification (http://tools.ietf.org/html/draft-degener-sieve-multiscript-00), which defines the Sieve behavior when multiple scripts are executed sequentially on the same message. From skdovecot at smail.inf.fh-brs.de Wed May 7 10:41:40 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 7 May 2014 12:41:40 +0200 (CEST) Subject: [Dovecot] sieve - different sieve scripts In-Reply-To: <536A0CA2.2020509@alec.pl> References: <536A0B37.6040107@thelounge.net> <536A0CA2.2020509@alec.pl> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 7 May 2014, A.L.E.C wrote: > On 05/07/2014 12:30 PM, Reindl Harald wrote: >> Am 07.05.2014 12:26, schrieb H?ctor Moreno Blanco: >>> We have Dovecot 2.1.6 and PigeonHole 0.3.0. >>> Is possible to have two different sieve scripts working at the same time? >> >> no, independent of the software that is not possible > > But you can include many scripts into one (active) script if server > supports 'include' extension. Depending on how to interprete the question, this might help, too: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration Executing Multiple Scripts Sequentially - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU2oN5Xz1H7kL/d9rAQJmWggAxFRbK3Y3/bTtR8wOrUpfN69yXM6WZT9g yUPgLstj2xo0I/Pt8d5114gtO0+rDJ1YjIJpOjg2xeFFLMnOS8My27fMXzm4Kx32 4R1tPYS1QJyoVTBQrfhSXGX0Irz7i0k7Vux6VITNEpS47C01ZRA3RobyUg3CTN05 BhMLEWSlwMYN3JFuKlEg6EBY3ZxgFnxu2pKF0wGbKvbbKZMsWTScAgGLVZ641zph erLHya9wrS9Ebf6b5KnnlLXhON4970VgYiEP3vn+lFQ0vIeFkiE4KxQ+RRNPlU9V MPVsft9rC87JbfSGfrCzfn2kbYekJsLuFQ8Xwc8moet1ThlZH6lO0Q== =KF2P -----END PGP SIGNATURE----- From hmoreno at gmv.com Wed May 7 10:49:16 2014 From: hmoreno at gmv.com (=?iso-8859-1?Q?H=E9ctor_Moreno_Blanco?=) Date: Wed, 7 May 2014 10:49:16 +0000 Subject: [Dovecot] sieve - different sieve scripts In-Reply-To: References: <536A0B37.6040107@thelounge.net> <536A0CA2.2020509@alec.pl> Message-ID: Hello everyone, I think that what Steffan suggests will work ("Executing Multiple Scripts Sequentially"). My case is that two different webmail applications running on the same Dovecot backend save their script with different name. I'm going to give it a try. Thank you very much. Kind regards. H?ctor Moreno Blanco. -----Mensaje original----- De: dovecot [mailto:dovecot-bounces at dovecot.org] En nombre de Steffen Kaiser Enviado el: mi?rcoles, 07 de mayo de 2014 12:42 Para: dovecot at dovecot.org Asunto: Re: [Dovecot] sieve - different sieve scripts -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 7 May 2014, A.L.E.C wrote: > On 05/07/2014 12:30 PM, Reindl Harald wrote: >> Am 07.05.2014 12:26, schrieb H?ctor Moreno Blanco: >>> We have Dovecot 2.1.6 and PigeonHole 0.3.0. >>> Is possible to have two different sieve scripts working at the same time? >> >> no, independent of the software that is not possible > > But you can include many scripts into one (active) script if server > supports 'include' extension. Depending on how to interprete the question, this might help, too: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration Executing Multiple Scripts Sequentially - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU2oN5Xz1H7kL/d9rAQJmWggAxFRbK3Y3/bTtR8wOrUpfN69yXM6WZT9g yUPgLstj2xo0I/Pt8d5114gtO0+rDJ1YjIJpOjg2xeFFLMnOS8My27fMXzm4Kx32 4R1tPYS1QJyoVTBQrfhSXGX0Irz7i0k7Vux6VITNEpS47C01ZRA3RobyUg3CTN05 BhMLEWSlwMYN3JFuKlEg6EBY3ZxgFnxu2pKF0wGbKvbbKZMsWTScAgGLVZ641zph erLHya9wrS9Ebf6b5KnnlLXhON4970VgYiEP3vn+lFQ0vIeFkiE4KxQ+RRNPlU9V MPVsft9rC87JbfSGfrCzfn2kbYekJsLuFQ8Xwc8moet1ThlZH6lO0Q== =KF2P -----END PGP SIGNATURE----- P Please consider the environment before printing this e-mail. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ From Ralf.Hildebrandt at charite.de Wed May 7 13:36:56 2014 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Wed, 7 May 2014 15:36:56 +0200 Subject: [Dovecot] Corrupted mailbox, how to fix? Message-ID: <20140507133656.GC29870@charite.de> >From my log: May 06 16:26:49 imap(loginname): Error: zlib.read(/var/mail/loginname/mdbox/storage/m.94): gz trailer has wrong CRC value at 2412347 May 06 16:26:49 imap(loginname): Error: read() failed: Invalid argument (FETCH for mailbox INBOX UID 3434) How do I fix that? -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From tss at iki.fi Wed May 7 13:37:37 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 May 2014 16:37:37 +0300 Subject: [Dovecot] imap process and indexer-worker crash while creating folders In-Reply-To: <0Lwoiq-1X6if81Ki8-016QZC@mail.gmx.com> References: <0Lwoiq-1X6if81Ki8-016QZC@mail.gmx.com> Message-ID: On 1.4.2014, at 21.34, Michael Kliewe wrote: > our dovecot processes sometimes crash when we create new folders. The "imap" process and the "indexer worker" process is crashing. We can reproduce this, we have a java program with multiple threads, and sometimes 2 threads try to create the same folder for the same user, and if both collide, dovecot processes crash. > > We don't see this happening in the real world if "normal" imap clients are connected, but our special java program trying to create folders in parallel is producing these crashes. .. > Apr 1 19:58:28 dovecot01 dovecot: imap(user at domain.de): Panic: file mail-index-transaction-export.c: line 117 (log_append_ext_intro): assertion failed: (intro->ext_id == idx || idx == (uint32_t)-1) Fixed: http://hg.dovecot.org/dovecot-2.2/rev/ed6e472cab0e From tss at iki.fi Wed May 7 13:42:24 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 May 2014 16:42:24 +0300 Subject: [Dovecot] Panic: file mail-index-map.c: line 547 (mail_index_map_lookup_seq_range): assertion failed: (first_uid > 0) In-Reply-To: <531F6B46.3090407@gmx.de> References: <531F6B46.3090407@gmx.de> Message-ID: On 11.3.2014, at 22.00, Hardy Flor wrote: > 2014 Mar 11 20:06:53 ptb-test imap(flor_hardy): Panic: file mail-index-map.c: line 547 (mail_index_map_lookup_seq_range): assertion failed: (first_uid > 0) > 2014 Mar 11 20:06:53 ptb-test imap(flor_hardy): Fatal: master: service(imap): child 2760 killed with signal 6 (core dumped) .. > #6 0x00007f32d2fa856d in tview_lookup_seq_range (view=0x18a6850, first_uid=0, last_uid=0, first_seq_r=0x18a79e0, last_seq_r=0x18a79e0) > at mail-index-transaction-view.c:178 > tview = 0x18a6850 > rec = > seq = > __FUNCTION__ = "tview_lookup_seq_range" > #7 0x00007f32d2fb17c2 in mail_index_lookup_seq (view=, uid=, seq_r=seq_r at entry=0x18a79e0) > at mail-index-view.c:522 > No locals. > #8 0x00007f32d2f809b4 in index_mail_get_pvt (_mail=_mail at entry=0x18a78a0) at index-mail.c:158 This should fix it: http://hg.dovecot.org/dovecot-2.2/rev/774e486a94ab From tss at iki.fi Wed May 7 14:12:50 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 May 2014 17:12:50 +0300 Subject: [Dovecot] New global ACL mailbox pattern feature in HG In-Reply-To: <20140215201344.GA4401@nihlus.leuxner.net> References: <20140128072932.GA27627@nihlus.leuxner.net> <20140130102315.GA21185@nihlus.leuxner.net> <20140207222150.GA14954@nihlus.leuxner.net> <20140210075152.GA6923@nihlus.leuxner.net> <20140215201344.GA4401@nihlus.leuxner.net> Message-ID: <5FFF0E5A-8FC4-4232-815C-054722B7E187@iki.fi> On 15.2.2014, at 22.13, Thomas Leuxner wrote: > * Thomas Leuxner 2014.02.10 08:51: > >>>> Public/* group=PublicMailboxAdmins lrwsik >>>> >>>> yields an error (Public/ Namespace) while 'Public*' works: >>>> $ doveadm mailbox create -u tlx at leuxner.net "Public/Test" >>>> $ doveadm(tlx at leuxner.net): Error: Can't create mailbox Public/Test: Permission denied >>> >>> I think that's correct behavior? The "k" right needs to be for the parent "Public", while Public/* only matches its children. >> >> I see. Wouldn't "Public" also let's say undesirably apply to mailboxes in the user context then, e.g. someone creates a "Public" folder in his INBOX? I'm asking as I only want to apply the ACL to a namespace. > > Following the http://wiki2.dovecot.org/ACL example of wildcard patters it appears 'Public/*' is completely ignored. I tested with a new mailbox and the only entry applied is the 'Public*' one: > > $ cat global-acl > INBOX owner lrwstiekxap > Public* group=PublicMailboxAdmins lrwsik > Public/* anyone lr > Public/* authenticated lrws http://hg.dovecot.org/dovecot-2.2/rev/7a08a481c133 should help here? From tss at iki.fi Wed May 7 14:27:04 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 May 2014 17:27:04 +0300 Subject: [Dovecot] SSL/TLS handshake stays forever without timeout In-Reply-To: <20140114225437.GA25663@solar.andreasschulze.de> References: <7c8088f4.182fc.14391a248eb.Coremail.morrisonli@126.com> <52D58F66.5030008@localhost.localdomain.org> <52D59218.6010208@ente.limmat.ch> <20140114225437.GA25663@solar.andreasschulze.de> Message-ID: <79971EF8-55D7-4F07-805B-0B87C8C68D9E@iki.fi> On 15.1.2014, at 0.54, Andreas Schulze wrote: > Am 14.01.2014 20:38 schrieb Adrian Zaugg: >> This is not the test morrison has suggested. Doing his test with telnet >> and thus not complete the SSL handshake, the connection stays open much >> longer than 3 Minutes. I closed the connection now manually after a >> little more than 2 hours. This is on Dovecot 2.1.7. > same here with dovecot-2.2.10 Fixed: http://hg.dovecot.org/dovecot-2.2/rev/41622541a7a3 From tss at iki.fi Wed May 7 14:33:30 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 07 May 2014 17:33:30 +0300 Subject: [Dovecot] Corrupted mailbox, how to fix? In-Reply-To: <20140507133656.GC29870@charite.de> References: <20140507133656.GC29870@charite.de> Message-ID: <1399473210.11569.4.camel@hurina> On Wed, 2014-05-07 at 15:36 +0200, Ralf Hildebrandt wrote: > From my log: > > May 06 16:26:49 imap(loginname): Error: zlib.read(/var/mail/loginname/mdbox/storage/m.94): gz trailer has wrong CRC value at 2412347 > May 06 16:26:49 imap(loginname): Error: read() failed: Invalid argument (FETCH for mailbox INBOX UID 3434) > > How do I fix that? With some difficulties. I'm not sure how Dovecot could even handle corrupted compression in any good way. Currently it treats it the same way as temporary disk I/O error, which I guess isn't that great if there really is corruption that doesn't fix itself. Anyway, for now you'd basically need to get rid of the broken mail in some way. First find out which mail it is, then try to make a copy of it that hopefully is mostly correct (e.g. doveadm fetch > file), upload the working copy back (dovecot-lda) and delete the original broken one. From tlx at leuxner.net Wed May 7 15:05:31 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Wed, 7 May 2014 17:05:31 +0200 Subject: [Dovecot] New global ACL mailbox pattern feature in HG In-Reply-To: <5FFF0E5A-8FC4-4232-815C-054722B7E187@iki.fi> References: <20140128072932.GA27627@nihlus.leuxner.net> <20140130102315.GA21185@nihlus.leuxner.net> <20140207222150.GA14954@nihlus.leuxner.net> <20140210075152.GA6923@nihlus.leuxner.net> <20140215201344.GA4401@nihlus.leuxner.net> <5FFF0E5A-8FC4-4232-815C-054722B7E187@iki.fi> Message-ID: <20140507150531.GA11409@nihlus.leuxner.net> * Timo Sirainen 2014.05.07 16:12: > http://hg.dovecot.org/dovecot-2.2/rev/7a08a481c133 should help here? That seems to do the trick: $ doveadm acl get -u tlx at leuxner.net Public/Mailing-Lists/Dovecot ID Global Rights anyone lookup read authenticated lookup read write write-seen group=PublicMailboxAdmins create insert lookup read write write-seen Thanks! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From emmanuel.fuste at thalesgroup.com Wed May 7 15:38:41 2014 From: emmanuel.fuste at thalesgroup.com (FUSTE Emmanuel) Date: Wed, 7 May 2014 17:38:41 +0200 Subject: [Dovecot] TCP Cluster replication headache Message-ID: <24292_1399477125_536A5384_24292_11477_1_536A5381.6000004@thalesgroup.com> Hello, After going crazy building a dovecot cluster, I finally see the light ;-)) But some things are "strange" and could probably be fixed/enhanced. First : I follow the wiki doc, setting global doveadm_port. Things did not work, I've got: dovecot: doveadm(X1234567): Error: sync: /var/run/dovecot/auth-userdb: Configured passdbs don't support crentials lookups (to see if user is proxied, because doveadm_port is set) Same kind of error too when trying to use doveadm on the command line to get the replica status. My user/auth db is LDAP with "auth_bind = yes", but I don't understand the message in these context and did'nt know how to fix this. I tried to hardcode proxy/proxy_maybe property in the passdb declaration etc... Finally, I remove the global "doveadm_port 12345" and add ":12345" at the end of my "mail_replica =" line and all began to work ! Is it a wanted and expected error/fix ? Secondly: Now all is working and "doveadm replicator status '*' " correctly list all my users and the status, but after a few seconds (after replication kick in), I see all user listed twice. One time, as declared in the userdb with letters in uppercase : "X1234567" One time, in lowercase : "x1234567" On disk, all is OK, with only one replica in an uppercase directory. I initially think that it was a mismatch between userdb and passdb users return, but it was in fact the default value of auth_username_format that was the culprit. After going from the default %Lu to %u doveadm replicator status show only one entry per user as expected. Is it wanted and expected too? why auth_username_format is used/interact with/in the replication process and/or the replicator status command ? Not all is functionally tested, I go back to work. My is conf at the end of this message. Thanks Simo for this great piece of software. Emmanuel # 2.2.12.7 (f7731356530e+): /etc/dovecot/dovecot.conf # OS: Linux 3.11.0-19-generic x86_64 Ubuntu 12.04.4 LTS auth_master_user_separator = * auth_username_format = %u doveadm_password = xxxxxxxxxxx lda_mailbox_autocreate = yes listen = * mail_gid = vmail mail_location = maildir:~/Maildir mail_plugins = quota notify replication mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { hidden = no inbox = yes list = yes location = prefix = separator = / subscriptions = yes type = private } namespace { hidden = no inbox = no list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_anyone = allow acl_shared_dict =file:/appli/vmail/shared-mailboxes mail_replica = tcp:thsmytmbx02p.online.corp.thales:12345 quota = dict:userquota::file:/appli/vmail/local_userquota/%%h/dovecot-quota quota_rule = *:storage=100M quota_rule2 = INBOX:storage=+20%% quota_rule3 = Trash:storage=+10%% sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap sieve service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener auth-userdb { group = vmail mode = 0660 } } service doveadm { inet_listener { port = 12345 } user = vmail } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = no userdb { args = /etc/dovecot/dovecot-users-ldap.conf.ext driver = ldap } protocol lda { mail_plugins = quota sieve } protocol imap { mail_plugins = quota imap_quota } dovecot-users-ldap.conf.ext: dovecot-ldap.conf.ext: uris = ldapi:/// dn = uid=dovecot,dc=mydomain,dc=com dnpass = xxxxxxxxxxxx auth_bind = yes ldap_version = 3 base = ou=users,dc=mydomain,dc=com user_attrs = =home=/appli/vmail/%{ldap:uid} user_filter = (&(objectClass=inetOrgPerson)(|(uid=%u)(mail=%u))) pass_attrs = =user=%{ldap:uid} pass_filter = (&(objectClass=inetOrgPerson)(uid=%u)(!(pwdReset=TRUE))) iterate_attrs = uid=user iterate_filter = (objectClass=inetOrgPerson) From tss at iki.fi Wed May 7 16:39:03 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 May 2014 19:39:03 +0300 Subject: [Dovecot] BUG report: doveadm HEADER when concatenating with another Search key In-Reply-To: References: Message-ID: <3ACB4182-D2AB-459C-B41C-F7E5925059A5@iki.fi> On 7.1.2014, at 20.49, megodin at inboxalias.com wrote: > I'm pretty sure I've found a bug with doveadm when concatenating with > another search key. > > While doveadm HEADER works fine when not using additional > search keys, it doesn't work properly when concatenating with other > serarch keys - it then simply seems to ignore the additional HEADER pattern> search key. > > It's reproduceable, also with different user accounts on 2 different > productive systems. Testing it on latest dovecot-ee 2.2.9.2 and 2.2.5.5. Finally fixed, happened only with fts-lucene: http://hg.dovecot.org/dovecot-2.2/rev/4b67da0b86a3 From tss at iki.fi Wed May 7 16:56:19 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 7 May 2014 19:56:19 +0300 Subject: [Dovecot] Dovecot quoting problem? In-Reply-To: <52CB22C8.1020002@wiesinger.com> References: <52CB22C8.1020002@wiesinger.com> Message-ID: <344BDD63-F4B2-41FE-A286-43627BDAF448@iki.fi> On 6.1.2014, at 23.40, Gerhard Wiesinger wrote: > I think the following commit makes problems: > http://hg.dovecot.org/dovecot-2.2/rev/68a8b650578e > > A01 LIST "" ~/Mail/Gesendet > A01 BAD Error in IMAP command LIST: literal8 not allowed here Thanks, fixed finally: http://hg.dovecot.org/dovecot-2.2/rev/8568cacb0d03 imaptest also now tests for this and several other atom-chars. From emmanuel.fuste at thalesgroup.com Wed May 7 17:23:16 2014 From: emmanuel.fuste at thalesgroup.com (FUSTE Emmanuel) Date: Wed, 7 May 2014 19:23:16 +0200 Subject: [Dovecot] TCP Cluster replication headache In-Reply-To: <24292_1399477125_536A5384_24292_11477_1_536A5381.6000004@thalesgroup.com> References: <24292_1399477125_536A5384_24292_11477_1_536A5381.6000004@thalesgroup.com> Message-ID: <30560_1399483399_536A6C07_30560_6381_1_536A6C04.508@thalesgroup.com> Le 07/05/2014 17:38, FUSTE Emmanuel a ?crit : > Hello, ... > > Thanks Simo Ouupsss, sorry Timo... Best regards, Emmanuel. From x3_ppc at bk.ru Wed May 7 18:44:22 2014 From: x3_ppc at bk.ru (Hit4er) Date: Wed, 7 May 2014 11:44:22 -0700 (PDT) Subject: [Dovecot] LDA can't read dovecot.conf Message-ID: <1399488262009-47853.post@n4.nabble.com> Hi, i have a problem with lda with this error what i doing wrong? -- View this message in context: http://dovecot.2317879.n4.nabble.com/LDA-can-t-read-dovecot-conf-tp47853.html Sent from the Dovecot mailing list archive at Nabble.com. From h.reindl at thelounge.net Wed May 7 18:52:35 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 07 May 2014 20:52:35 +0200 Subject: [Dovecot] LDA can't read dovecot.conf In-Reply-To: <1399488262009-47853.post@n4.nabble.com> References: <1399488262009-47853.post@n4.nabble.com> Message-ID: <536A80F3.2050702@thelounge.net> Am 07.05.2014 20:44, schrieb Hit4er: > Hi, i have a problem with lda with this error > what i doing wrong? basically don't post unstripped log-records is your first mistake the next one based on crystal balls is wrong permissions finally avoid LDA and use LTMP -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From sebastian at goodrick.ch Wed May 7 19:15:24 2014 From: sebastian at goodrick.ch (Sebastian Goodrick) Date: Wed, 07 May 2014 21:15:24 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook Message-ID: <536A864C.7010500@goodrick.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello I recently upgraded to dovecot 2.1.7 (as supplied with Debian Weezy). All clients work as expected except for Outlook (2013 &2010) on Win8 with a SSL/TLS connection. (Thunderbird on Win8 and Outlook 2013 on Win 7 works fine. On my previous dovecot version 1.2.13 all clients worked.) As far as I understand, one difference is the support for TLS1.2 and SSL3. And on the client side Win8 is now connecting through the Microsoft Unified Security Protocol Provider. My logs show these issues: Dovecot: May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [78.42.x.x] May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [78.42.x.x] May 06 21:05:43 imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [78.42.x.x] May 06 21:05:43 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=78.42.x.x, lip=144.76.x.x, TLS handshaking: Disconnect Outlook 2013 (contains German, translation in []): IMAP: 12:30:02 [db] Mit 'mail.xxx.de' wird eine Verbindung an Port 143 hergestellt. [A connection to port 143 is established with 'mail.xxx.de'] [snip] IMAP: 12:30:02 [rx] * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Welcome at mail.xxx.de [snip] IMAP: 12:30:02 [rx] hmpc OK Pre-login capabilities listed, post-login capabilities have more.IMAP: 12:30:02 [tx] ekum STARTTLS IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 5, ae = 3 IMAP: 12:30:02 [rx] ekum OK Begin TLS negotiation now. IMAP: 12:30:02 [db] Mit 'Microsoft Unified Security Protocol Provider' wird eine sichere Verbindung ausgehandelt. [A secure connection is negotiated with 'Microsoft Unified Security Protocol Provider'] IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 6, ae = 2 IMAP: 12:30:03 [db] Die Verbindung mit 'mail.xxx.de' wurde geschlossen. [Connection to 'mail.xxx.de' has been closed.] IMAP: 12:30:03 [db] OnNotify: asOld = 6, asNew = 0, ae = 5 IMAP: 12:30:03 [db] ERROR: "Es kann keine sichere Verbindung mit dem Server hergestellt werden.", hr=2148322330 [Can't establish a secure connection with the server.] My settings for ssl_protocols and ssl_cipher_list are empty. Since it works with most clients, I assume no broken certificates or my dovecot configuration. The connection fails at the TLS/SSL handshake. Has anyone seen this behaviour, too? Is there a setting (for ssl_protocols and ssl_cipher_list) to support Outlook on Win8? Thanks, Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNqhkwACgkQR7+YB0QzbnqEFQCdHBPPpFB/pqgZ9FR81h/vcGy5 hkoAn2iuq+AUwQCN3yEtGIWuPAfpm2bs =WrvL -----END PGP SIGNATURE----- From lists at wiesinger.com Wed May 7 19:45:06 2014 From: lists at wiesinger.com (Gerhard Wiesinger) Date: Wed, 07 May 2014 21:45:06 +0200 Subject: [Dovecot] Dovecot quoting problem? In-Reply-To: <344BDD63-F4B2-41FE-A286-43627BDAF448@iki.fi> References: <52CB22C8.1020002@wiesinger.com> <344BDD63-F4B2-41FE-A286-43627BDAF448@iki.fi> Message-ID: <536A8D42.4040403@wiesinger.com> On 07.05.2014 18:56, Timo Sirainen wrote: > On 6.1.2014, at 23.40, Gerhard Wiesinger wrote: > >> I think the following commit makes problems: >> http://hg.dovecot.org/dovecot-2.2/rev/68a8b650578e >> >> A01 LIST "" ~/Mail/Gesendet >> A01 BAD Error in IMAP command LIST: literal8 not allowed here > Thanks, fixed finally: http://hg.dovecot.org/dovecot-2.2/rev/8568cacb0d03 > > imaptest also now tests for this and several other atom-chars. > Thanks. Ciao, Gerhard From rs at sys4.de Wed May 7 19:59:57 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 07 May 2014 21:59:57 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536A864C.7010500@goodrick.ch> References: <536A864C.7010500@goodrick.ch> Message-ID: <536A90BD.1060502@sys4.de> Am 07.05.2014 21:15, schrieb Sebastian Goodrick: > Hello > > I recently upgraded to dovecot 2.1.7 (as supplied with Debian Weezy). > All clients work as expected except for Outlook (2013 &2010) on Win8 > with a SSL/TLS connection. (Thunderbird on Win8 and Outlook 2013 on > Win 7 works fine. On my previous dovecot version 1.2.13 all clients > worked.) > As far as I understand, one difference is the support for TLS1.2 and > SSL3. And on the client side Win8 is now connecting through the > Microsoft Unified Security Protocol Provider. > > My logs show these issues: > > Dovecot: > May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 > read client certificate A [78.42.x.x] > May 06 21:05:43 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 > read client certificate A [78.42.x.x] > May 06 21:05:43 imap-login: Warning: SSL failed: where=0x2002: SSLv3 > read client certificate A [78.42.x.x] > May 06 21:05:43 imap-login: Info: Disconnected (no auth attempts in 0 > secs): user=<>, rip=78.42.x.x, lip=144.76.x.x, TLS handshaking: Disconnect > > Outlook 2013 (contains German, translation in []): > IMAP: 12:30:02 [db] Mit 'mail.xxx.de' wird eine Verbindung an Port 143 > hergestellt. [A connection to port 143 is established with 'mail.xxx.de'] > [snip] > IMAP: 12:30:02 [rx] * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR > LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN > AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Welcome at mail.xxx.de > [snip] > IMAP: 12:30:02 [rx] hmpc OK Pre-login capabilities listed, post-login > capabilities have more.IMAP: 12:30:02 [tx] ekum STARTTLS > IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 5, ae = 3 > IMAP: 12:30:02 [rx] ekum OK Begin TLS negotiation now. > IMAP: 12:30:02 [db] Mit 'Microsoft Unified Security Protocol Provider' > wird eine sichere Verbindung ausgehandelt. [A secure connection is > negotiated with 'Microsoft Unified Security Protocol Provider'] > IMAP: 12:30:02 [db] OnNotify: asOld = 5, asNew = 6, ae = 2 > IMAP: 12:30:03 [db] Die Verbindung mit 'mail.xxx.de' wurde > geschlossen. [Connection to 'mail.xxx.de' has been closed.] > IMAP: 12:30:03 [db] OnNotify: asOld = 6, asNew = 0, ae = 5 > IMAP: 12:30:03 [db] ERROR: "Es kann keine sichere Verbindung mit dem > Server hergestellt werden.", hr=2148322330 [Can't establish a secure > connection with the server.] > > My settings for ssl_protocols and ssl_cipher_list are empty. Since it > works with most clients, I assume no broken certificates or my dovecot > configuration. The connection fails at the TLS/SSL handshake. > Has anyone seen this behaviour, too? Is there a setting (for > ssl_protocols and ssl_cipher_list) to support Outlook on Win8? > > Thanks, Sebastian > Before do more analysis, trible check there are no auth problems with your setup your log does not look like this, but dont ever trust microsoft logs and its mysticals, check dove log too for auth problems, as ever shut down any antivirus imap proxies firewalls too for testing set dove debug ssl max verbose perhaps use wireshark etc too from http://forum.mailtraq.com/viewtopic.php?f=7&t=1913 ... I have been diagnosing the problem with Windows 8 and we think it has been identified, although we are still waiting for confirmation from Microsoft. It appears that Microsoft have changed the TLS security protocol requirements in the Unified Security Protocol Provider that ships with Windows 8. ... some other stuff http://technet.microsoft.com/de-de/office/aa374757%28v=vs.71%29 http://technet.microsoft.com/de-de/office/bb870930%28v=vs.71%29 http://support.microsoft.com/kb/245030 perhaps i will run my own tests tommorow and report again Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Wed May 7 20:26:17 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 07 May 2014 22:26:17 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536A90BD.1060502@sys4.de> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> Message-ID: <536A96E9.3040102@sys4.de> Am 07.05.2014 21:59, schrieb Robert Schetterer: > perhaps i will run my own tests tommorow and report again meanwhile check this too http://www.lynclog.com/2013_04_01_archive.html ... At this point, just for fun, I decided to disable TLS v1.2 on Windows OS level ... for dove also test settings from https://bettercrypto.org/static/applied-crypto-hardening.pdf ssl_cipher_list = ' EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+ aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL: !LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMEL LIA128-SHA:AES128-SHA ' note dove 2.1.7 is old, you should use latest 2.1.17/2.2.12 Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From leo at strike.wu.ac.at Wed May 7 20:38:12 2014 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Wed, 07 May 2014 22:38:12 +0200 Subject: [Dovecot] Index cache errors worse with 2.2.x Message-ID: <536A99B4.1010109@strike.wu.ac.at> Hi! I am getting "Cached message size smaller than expected" errors since dovecot-2.1.x. Until now, I thought that those errors don't do any harm, I assumed that the cache will just be rebuilt after the error had been detected. However, since dovecot 2.2.x (I tried 2.2.7 and 2.2.10), the errors sometimes seem to actually cause mail access to fail. With dovecot-2.1.1, only the first two messages were logged, since using 2.2.7 and 2.2.10, the "read ... failed: Invalid argument" sometimes appear: -------------------- 8< -------------------- May 7 17:03:52 samba dovecot: imap(xyz): Error: Cached message size smaller than expected (2246 < 2247) May 7 17:03:52 samba dovecot: imap(xyz): Error: Corrupted index cache file /home/xyz/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 11277 May 7 17:03:52 samba dovecot: imap(xyz): Error: read(/var/mail/xyz) failed: Invalid argument May 7 17:03:52 samba dovecot: imap(xyz): Error: read(/var/mail/xyz) failed: Invalid argument (uid=11277) -------------------- 8< -------------------- I am using dovecot on RHEL6 with mbox mailboxes. Message size differences are always 1 byte. Any hints would be appreciated! Cheers, --leo P.S.: Those errors occur some times a day and affect different users.. (Upgrade 2.1.1 -> 2.2.7 was on 2013-11-22, 2.2.10 was installed on 2014-01-20.) # for f in maillog* ; do echo -n "$f: "; grep "dovecot:.*Error: read.*failed.*Invalid arg" $f | wc -l; done maillog: 31 maillog-20130801: 0 maillog-20130901: 1 maillog-20131001: 0 maillog-20131101: 0 maillog-20131201: 30 maillog-20140101: 92 maillog-20140201: 110 maillog-20140301: 99 maillog-20140401: 133 maillog-20140501: 100 # for f in maillog* ; do echo -n "$f: "; grep "dovecot:.*Error: Cached message size smaller than expected" $f | wc -l; done maillog: 99 maillog-20130801: 465 maillog-20130901: 484 maillog-20131001: 512 maillog-20131101: 460 maillog-20131201: 520 maillog-20140101: 402 maillog-20140201: 400 maillog-20140301: 355 maillog-20140401: 481 maillog-20140501: 434 -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From sebastian at goodrick.ch Wed May 7 20:44:58 2014 From: sebastian at goodrick.ch (Sebastian Goodrick) Date: Wed, 07 May 2014 22:44:58 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536A96E9.3040102@sys4.de> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> Message-ID: <536A9B4A.1050105@goodrick.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Robert The logs I supplied were derived from "verbose_ssl = yes". I supplied the lines where it differs from regular requests and suppressed a ton of SSL output. I don't trust the Outlook logs, too, but supplied them for completeness. There are no auth issues in the dovecot log, since the TLS/SSL handshake isn't successful. (Auth works without TLS/SSL which is also an indication.) The Win8 machine was a fresh install, no firewall or antivirus, just Win8.1 from scratch + Outlook 2013. I've seen the mailtraq forum post, too. Unfortunately the registry patch isn't available for download. I haven't seen the other (lynclog) link and will try the registry patch as soon as I have access to my win8 test machine tomorrow. Thanks for this link. I will also give the ssl_cipher_list a try, thanks. I will post my results here. (2.1.7 is old, however since it ships with Debian Weezy I guess I'm in good company :) ) Thanks for your input Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNqm0oACgkQR7+YB0QzbnrpCQCgiUG78h45R3QLAvunDCSPRoky xnUAnAoBODkG7slE+Sk8BCV8xb86J7XV =sdmY -----END PGP SIGNATURE----- From davide.marchi at mail.cgilfe.it Thu May 8 06:06:51 2014 From: davide.marchi at mail.cgilfe.it (Davide) Date: Thu, 08 May 2014 08:06:51 +0200 Subject: [Dovecot] Migrate from LDA to LMTP Message-ID: <536B1EFB.1070703@mail.cgilfe.it> Hi to all, i have qmail installed on my system with dot-qmail files format to deliver to mailbox (maildir format with dovecot 2.2.12); currently i use LDA to delivery agent but we would migrate to LMTP is it possible? and if yes someone could bring me to the right direction to implement this? thanks. -- *Davide Marchi* *T*eorema *F*errara *Srl* Via Spronello, 7 - Ferrara - 44121 Tel. *0532783161* Fax. *0532783368* E-m at il: *davide.marchi at mail.cgilfe.it* Skype: *davide.marchi73* Web: *http://www.cgilfe.it* *CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* From rs at sys4.de Thu May 8 06:39:47 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 08 May 2014 08:39:47 +0200 Subject: [Dovecot] Migrate from LDA to LMTP In-Reply-To: <536B1EFB.1070703@mail.cgilfe.it> References: <536B1EFB.1070703@mail.cgilfe.it> Message-ID: <536B26B3.9070808@sys4.de> Am 08.05.2014 08:06, schrieb Davide: > Hi to all, i have qmail installed on my system with dot-qmail files > format to deliver to mailbox (maildir format with dovecot 2.2.12); > currently i use LDA to delivery agent but we would migrate to LMTP is it > possible? should work and if yes someone could bring me to the right direction to > implement this? thanks. http://wiki2.dovecot.org/LMTP sorry no idea with qmail Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From axel.luttgens at skynet.be Thu May 8 09:29:56 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Thu, 8 May 2014 11:29:56 +0200 Subject: [Dovecot] Lifetime of redirect info stored by Sieve in .dovecot.lda-dupes Message-ID: <2107F795-5380-40E4-9458-6E29424AFD9D@skynet.be> Hello, A quick question. How long are the Message-ID and recipient of forwarded messages (thru the redirect action) kept in .dovecot.lda-dupes? According to the code, it could be 24 hours; am I right? TIA, Axel From tss at iki.fi Thu May 8 09:44:02 2014 From: tss at iki.fi (Timo Sirainen) Date: Thu, 8 May 2014 12:44:02 +0300 Subject: [Dovecot] imapc with Outlook.com transfers max 22-23 messages per mailbox!? In-Reply-To: References: Message-ID: <049D36AA-81FF-4201-93F3-5BEEE1663D82@iki.fi> On 6.5.2014, at 1.35, Nicholas Riley wrote: > Here's how I sync a single mailbox, which should have a few hundred > messages in it: > > % doveadm -D -v -c [...] sync -1 -R -u [...] -m Avalon imapc: > > Output is at http://sabi.net/temp/sync.txt > > But every mailbox contains at most 22-23 messages. Dunno. > Is there a rawlog equivalent for imapc? I'm hoping that there is a > simple protocol usage change that could let me get entire mailboxes. imapc_rawlog_dir = /path From CMarcus at Media-Brokers.com Thu May 8 09:44:41 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 08 May 2014 05:44:41 -0400 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <536A99B4.1010109@strike.wu.ac.at> References: <536A99B4.1010109@strike.wu.ac.at> Message-ID: <536B5209.5020309@Media-Brokers.com> On 5/7/2014 4:38 PM, Alexander 'Leo' Bergolth wrote: > I am getting "Cached message size smaller than expected" errors since dovecot-2.1.x. Please provide enough info for someone to actually be able to attempt to help you. At a bare minimum, you should *always* (not just for dovecot) provide at least the OS/ver and dovecot config (doveconf -n output). Also, the further from 'default' settings your setup is, the more important it is to provide a description of your environment (ie, is this a single server or a member of a cluster? are you using NFS? etc)... -- Best regards, Charles From leo at strike.wu.ac.at Thu May 8 09:59:04 2014 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Thu, 08 May 2014 11:59:04 +0200 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <536B5209.5020309@Media-Brokers.com> References: <536A99B4.1010109@strike.wu.ac.at> <536B5209.5020309@Media-Brokers.com> Message-ID: <536B5568.80108@strike.wu.ac.at> On 05/08/2014 11:44 AM, Charles Marcus wrote: > On 5/7/2014 4:38 PM, Alexander 'Leo' Bergolth wrote: >> I am getting "Cached message size smaller than expected" errors since >> dovecot-2.1.x. > > Please provide enough info for someone to actually be able to attempt to > help you. > > At a bare minimum, you should *always* (not just for dovecot) provide at > least the OS/ver and dovecot config (doveconf -n output). See the doveconf output below. > Also, the further from 'default' settings your setup is, the more > important it is to provide a description of your environment (ie, is > this a single server or a member of a cluster? are you using NFS? etc)... I am using a single server, mbox, local disks (/home and /var is XFS on HP SmartArray). I tried dovecot 2.2.7, 2.2.10 and 2.2.12. All of them produce tha same errors. ("Cached message size smaller than expected", sometimes followed by "read... Invalid argument".) 2.1.1 seems to only produce "Cached message size smaller than expected" without the read errors. Cheers, --leo -------------------- 8< -------------------- # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.3.1.el6.x86_64 x86_64 CentOS release 6.5 (Final) auth_mechanisms = plain login auth_verbose = yes default_vsz_limit = 512 M first_valid_uid = 100 imap_client_workarounds = tb-extra-mailbox-sep login_trusted_networks = 172.23.60.0/24 mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_plugins = " mail_log notify" mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = mbox:~/mail:INBOX=/var/mail/%u mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-postlogin { executable = script-login -d /usr/local/sbin/dovecot-post-login.pl } service imap { executable = imap imap-postlogin } ssl = required ssl_cert = References: <534E30C0.6070909@noa.gr> Message-ID: <0769898A-905C-4D5F-8D5A-F3B7D892979C@iki.fi> On 16.4.2014, at 10.26, Nikolaos Milas wrote: > I decided I should create a new one dedicated on it because that thread includes other issues as well, and the issue in question still remains unresolved although it is an important one (and I am hoping to attract Timo's attention on it, too ;-) ). > > The problem is that when dsync is configured between two servers (master/master), messages do get replicated, but newly created subfolders do not get replicated; as a result, when messages are moved by users from existing folders to newly created ones, replication results in chaos. Manually running a dsync command does not resolve the issue. See details of debug log on the above thread. I can't reproduce this at least now with latest hg. There have been many replication fixes in hg since v2.2.12. From selcuk.yazar at gmail.com Thu May 8 10:54:18 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Thu, 8 May 2014 13:54:18 +0300 Subject: [Dovecot] =?utf-8?q?=C4=B0nstall_dovecot-piegonhone?= Message-ID: Hi, We have Postfix-Dovecot MTA at Redhat EL 5 system. Also we are using this system activelly. Now i wantto install pigeonhole managesive server on this sys. Do i have any risk or anything ? thanks in advance -- Sel?uk YAZAR From stephan at rename-it.nl Thu May 8 11:14:36 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 08 May 2014 13:14:36 +0200 Subject: [Dovecot] Lifetime of redirect info stored by Sieve in .dovecot.lda-dupes In-Reply-To: <2107F795-5380-40E4-9458-6E29424AFD9D@skynet.be> References: <2107F795-5380-40E4-9458-6E29424AFD9D@skynet.be> Message-ID: <536B671C.3060602@rename-it.nl> Axel Luttgens schreef op 8-5-2014 11:29: > Hello, > > A quick question. > > How long are the Message-ID and recipient of forwarded messages (thru the redirect action) kept in .dovecot.lda-dupes? > > According to the code, it could be 24 hours; am I right? Yes. Why are you asking? Regards, Stephan. From CMarcus at Media-Brokers.com Thu May 8 11:36:51 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 08 May 2014 07:36:51 -0400 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <536B5568.80108@strike.wu.ac.at> References: <536A99B4.1010109@strike.wu.ac.at> <536B5209.5020309@Media-Brokers.com> <536B5568.80108@strike.wu.ac.at> Message-ID: <536B6C53.6020603@Media-Brokers.com> On 5/8/2014 5:59 AM, Alexander 'Leo' Bergolth wrote: > I am using a single server, mbox, local disks (/home and /var is XFS on > HP SmartArray). Hmmm... could be an mbox specific issue (I seem to recall issues in the past that ended up being mbox related, and I think Timo doesn't give mbox as much attention as maildir and dbox). Also, possibly a kernel issue - you are on a very old one (I know the argument, but I disagree with and have never 'gotten' it). 2.6.32 is 6.5 years old. Also, did you change default_vsz_limit for a good reason (one should never change defaults unless there is a very specific reason for your setup)? Not that I think that could be causing this particular issue though... -- Best regards, Charles From patrick at spamreducer.eu Thu May 8 11:43:31 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Thu, 08 May 2014 13:43:31 +0200 Subject: [Dovecot] Strange behavior on with "listescape" and "lda_mailbox_autocreate" - double entries Message-ID: <536B6DE3.80808@spamreducer.eu> Hello Guys, we are using Dovecot since years; all working flawless but one strange behavior: Let me explain.. - we have enabled the "listescape" plugin in "15-lda.conf", "10-mail.conf" and "20-imap.conf". - we use the following default namespace in "10-mail.conf": --------------- 10-mail.conf ----------------------------------------- namespace { type = private prefix = separator = / inbox = yes subscriptions = yes } ---------------------------------------------------------------------------------------- - we use a sieve script that automatically generates folders in the following form (example): ---------------------------------------------------------------------------------------- ".INBOX.2014.05.patrick.incoming" for user "patrick at xx.com" ".INBOX.2014.05.patrick.outgoing" for user "patrick at xx.com" ".INBOX.2014.05.p\2edezordo.incoming" for user "p.dezordo at xx.com" ---------------------------------------------------------------------------------------- This is ok, but the automatically generated "subscriptions"-file of the user contains double lines (the second line is something strange?!); the second one should not be created, its totally wrong..! --------------- subscriptions ----------------------------------------- Trash Sent INBOX.2014.05.patrick.incoming INBOX.2014.05.patrick.outgoing INBOX.2014.05.p\2edezordo.incoming INBOX\2e2014\2e05\2ep\5c2edezordo\2eincoming <----- this line!?!?!? ---------------------------------------------------------------------------------------- Have you any ideas whats going on? Could this be a bug, or misconfiguration? Thanks in advance!! Greeting from Italy! Patrick. From mtrainer at cloud-free.com Thu May 8 12:02:51 2014 From: mtrainer at cloud-free.com (mtrainer at cloud-free.com) Date: Thu, 08 May 2014 20:02:51 +0800 Subject: [Dovecot] Dsync via dovecot proxy Message-ID: Hi All, I need to import mailboxes into my Director NFS setup via one of my director proxy's as doing a direct dsync to the backend mailstores appears to giving me NFS locking issues. It looks like it may be possible to do this using doveadm listeners. I have setup doveadm listeners on a test proxy and backend mailstore. I am not sure how to make the dsync proxy through to the backend mailstore - it doesn't appear to be doing so below. My dovecot configs follow further below. Any help would be greatly appreciated. Murray dsync -v -D -u test1 at example777.com mirror ssh root at mailproxy-test01 dsync -c /etc/dovecot/dovecot.conf -u test1 at example777.com doveadm(test1 at example777.com): Debug: Added userdb setting: mail=maildir:/home/user1/mail/example777.com/test1 doveadm(test1 at example777.com): Debug: Added userdb setting: plugin/quota=maildir:storage=0 doveadm(test1 at example777.com): Debug: Effective uid=501, gid=502, home=/home/user1/mail/example777.com/test1 doveadm(test1 at example777.com): Debug: Namespace : type=private, prefix=INBOX., sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/home/user1/mail/example777.com/test1 doveadm(test1 at example777.com): Debug: maildir++: root=/home/user1/mail/example777.com/test1, index=, indexpvt=, control=, inbox=/home/user1/mail/example777.com/test1, alt= doveadm(test1 at example777.com): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none doveadm(test1 at example777.com): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= doveadm(test1 at example777.com): Debug: Namespace INBOX.: Using permissions from /home/user1/mail/example777.com/test1: mode=0751 gid=default root at mailproxy-test01's password: doveadm(test1 at example777.com): Error: user test1 at example777.com: Initialization failed: Initializing mail storage from environment MAIL failed: Ambiguous mail location setting, don't know what to do with it: /var/mail/root (try prefixing it with mbox: or maildir:) doveadm(test1 at example777.com): Fatal: User init failed dsync-local(test1 at example777.com): Debug: brain M: in state=master_recv_handshake dsync-local(test1 at example777.com): Error: read(remote) failed: EOF (version not received) dsync-local(test1 at example777.com): Debug: brain M: out state=master_recv_handshake changed=0 # 2.2.9: /etc/dovecot/dovecot-director.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 auth_cache_size = 32 M auth_cache_ttl = 2 hours auth_debug = yes auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ director_mail_servers = 27.54.95.50 director_servers = 27.54.95.36 disable_plaintext_auth = no doveadm_allowed_commands = all doveadm_password = xxxxxxxxxxx lmtp_proxy = yes log_path = /var/log/dovecot.log mail_debug = yes passdb { args = nopassword=y proxy=y driver = static } protocols = " imap lmtp pop3" service auth-worker { user = dovecot } service auth { client_limit = 4096 unix_listener auth-userdb { group = mail mode = 0666 user = dovecot } } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { address = 27.54.95.36 port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service doveadm { executable = doveadm-server director inet_listener doveadm-server { port = 24245 } } service imap-login { chroot = login executable = imap-login director inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 2048 process_min_avail = 32 service_count = 1 user = dovecot vsz_limit = 256 M } service imap { process_limit = 4096 vsz_limit = 256 M } service ipc { unix_listener ipc { mode = 0666 user = dovecot } } service lmtp { inet_listener lmtp { address = 27.54.95.36 port = 24 } process_limit = 2048 process_min_avail = 32 } service pop3-login { chroot = login executable = pop3-login director inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } process_limit = 2048 process_min_avail = 32 service_count = 1 user = dovecot vsz_limit = 256 M } service pop3 { process_limit = 4096 vsz_limit = 256 M } ssl_cert = ssl_key = userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocol lmtp { auth_socket_path = director-userdb lmtp_save_to_detail_mailbox = yes recipient_delimiter = + } protocol doveadm { auth_socket_path = director-userdb } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep imap_logout_format = bytes=%i/%o imap_max_line_length = 128 k mail_max_userip_connections = 50 mail_plugins = quota imap_quota } protocol pop3 { mail_max_userip_connections = 50 mail_plugins = quota pop3_client_workarounds = outlook-no-nuls pop3_fast_size_lookups = yes pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_uidl_format = %08Xu%08Xv } # 2.2.9: /etc/dovecot/dovecot-mailstore.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 auth_cache_size = 64 M auth_cache_ttl = 2 hours auth_debug = yes auth_debug_passwords = yes auth_failure_delay = 0 auth_mechanisms = plain login auth_verbose = yes auth_worker_max_count = 256 base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_gid = 1001 first_valid_uid = 1001 mail_debug = yes mail_fsync = always mail_location = maildir:~/ mmap_disable = yes namespace { inbox = yes location = mailbox Drafts { special_use = Drafts } mailbox Junk { special_use = Junk } mailbox Sent { special_use = Sent } mailbox "Sent Messages" { special_use = Sent } mailbox Trash { special_use = Trash } prefix = subscriptions = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { mail_log_fields = uid box msgid size quota = maildir:User quota sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap lmtp pop3" service anvil { client_limit = 4106 } service auth-worker { user = dovecot } service auth { client_limit = 4096 unix_listener auth-userdb { group = mail mode = 0666 user = dovecot } } service doveadm { inet_listener doveadm-server { port = 24245 } user = root } service imap-login { chroot = login inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 2048 process_min_avail = 32 service_count = 1 user = dovecot vsz_limit = 256 M } service imap { process_limit = 4096 vsz_limit = 256 M } service lmtp { inet_listener lmtp { address = 27.54.95.50 port = 24 } process_min_avail = 32 } service pop3-login { chroot = login inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } process_limit = 2048 process_min_avail = 32 service_count = 1 user = dovecot vsz_limit = 256 M } service pop3 { process_limit = 4096 vsz_limit = 256 M } ssl_cert = ssl_key = userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_proctitle = yes verbose_ssl = yes protocol imap { imap_client_workarounds = tb-extra-mailbox-sep imap_logout_format = bytes=%i/%o imap_max_line_length = 128 k mail_max_userip_connections = 50 mail_plugins = quota imap_quota } protocol pop3 { mail_max_userip_connections = 50 mail_plugins = quota pop3_client_workarounds = outlook-no-nuls pop3_fast_size_lookups = yes pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_uidl_format = %08Xu%08Xv } local 27.54.95.32/27/27 { doveadm_password = xxxxxxxxxx } From rs at sys4.de Thu May 8 12:03:30 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 08 May 2014 14:03:30 +0200 Subject: [Dovecot] Strange behavior on with "listescape" and "lda_mailbox_autocreate" - double entries In-Reply-To: <536B6DE3.80808@spamreducer.eu> References: <536B6DE3.80808@spamreducer.eu> Message-ID: <536B7292.6000508@sys4.de> Am 08.05.2014 13:43, schrieb Patrick De Zordo: > Hello Guys, > we are using Dovecot since years; all working flawless but one strange > behavior: > > Let me explain.. > > - we have enabled the "listescape" plugin in "15-lda.conf", > "10-mail.conf" and "20-imap.conf". > - we use the following default namespace in "10-mail.conf": > --------------- 10-mail.conf ----------------------------------------- > namespace { > type = private > prefix = > separator = / > inbox = yes > subscriptions = yes > } > ---------------------------------------------------------------------------------------- > > > - we use a sieve script that automatically generates folders in the > following form (example): > ---------------------------------------------------------------------------------------- > > ".INBOX.2014.05.patrick.incoming" for user "patrick at xx.com" > ".INBOX.2014.05.patrick.outgoing" for user "patrick at xx.com" > ".INBOX.2014.05.p\2edezordo.incoming" for user "p.dezordo at xx.com" > ---------------------------------------------------------------------------------------- > > > This is ok, but the automatically generated "subscriptions"-file of the > user contains double lines (the second line is something strange?!); > the second one should not be created, its totally wrong..! > > --------------- subscriptions ----------------------------------------- > Trash > Sent > INBOX.2014.05.patrick.incoming > INBOX.2014.05.patrick.outgoing > INBOX.2014.05.p\2edezordo.incoming > INBOX\2e2014\2e05\2ep\5c2edezordo\2eincoming <----- this line!?!?!? > ---------------------------------------------------------------------------------------- > > > Have you any ideas whats going on? > Could this be a bug, or misconfiguration? > > Thanks in advance!! > > Greeting from Italy! > Patrick. which version of dove listescape had bugs in the past i.e http://hg.dovecot.org/dovecot-2.1/rev/63af3274fb6f http://hg.dovecot.org/dovecot-2.2/rev/63af3274fb6f http://hg.dovecot.org/dovecot-2.2/rev/fce84463f508 perhaps reread http://wiki2.dovecot.org/Plugins/Listescape post complete dove conf Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tss at iki.fi Thu May 8 12:07:32 2014 From: tss at iki.fi (Timo Sirainen) Date: Thu, 8 May 2014 15:07:32 +0300 Subject: [Dovecot] Dsync via dovecot proxy In-Reply-To: References: Message-ID: <0FB602CE-072D-47AB-9371-F6F88AE0DE0D@iki.fi> On 8.5.2014, at 15.02, mtrainer at cloud-free.com wrote: > I need to import mailboxes into my Director NFS setup via > one of my director proxy's as doing a direct dsync to the backend > mailstores appears to giving me NFS locking issues. It looks like it may > be possible to do this using doveadm listeners. I have setup doveadm > listeners on a test proxy and backend mailstore. I am not sure how to > make the dsync proxy through to the backend mailstore - it doesn't > appear to be doing so below. My dovecot configs follow further below. dsync doesn't currently work through doveadm proxying. It's definitely something that should be fixed though. Anyway, dsyncing from wrong server might cause some index errors, but NFS locking errors are probably something completely different. You could try lock_method=dotlock. From axel.luttgens at skynet.be Thu May 8 12:22:18 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Thu, 8 May 2014 14:22:18 +0200 Subject: [Dovecot] Lifetime of redirect info stored by Sieve in .dovecot.lda-dupes In-Reply-To: <536B671C.3060602@rename-it.nl> References: <2107F795-5380-40E4-9458-6E29424AFD9D@skynet.be> <536B671C.3060602@rename-it.nl> Message-ID: Le 8 mai 2014 ? 13:14, Stephan Bosch a ?crit : > Axel Luttgens schreef op 8-5-2014 11:29: >> Hello, >> >> A quick question. >> >> How long are the Message-ID and recipient of forwarded messages (thru the redirect action) kept in .dovecot.lda-dupes? >> >> According to the code, it could be 24 hours; am I right? > > Yes. Why are you asking? Many thanks for your reply, Stephan. I'm asking because I've been questioned this morning about following scenario. Let's say one has a "redirect only" mailbox, having address "triplet at example.com" and a sieve script similar to this one: redirect "user1 at example.com"; redirect "user2 at example.com"; redirect "user3 at example.com"; discard; When retrieving his messages with his MUA, user1 notices a message that should have been sent to user99. He thus decides to forward that message to user99, and puts triplet at example.com in the Cc: field so as to inform the other users (user2 and user3) that they don't need to bother about that message anymore. So, you sure guess what happened (for my part, I had to look in the log): no redirect action succeeded for the informative message, since its Message-ID was the same as the original one ("discarded duplicate forward to ..."). One thing leading to another, I then came with that lifetime-related question. ;-) Axel From stephan at rename-it.nl Thu May 8 12:37:22 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 08 May 2014 14:37:22 +0200 Subject: [Dovecot] Pigeonhole sieve re-filter extension? In-Reply-To: <5369F171.2000709@igeno-fat.de> References: <5368BCD3.8080604@igeno-fat.de> <5368C20B.6090909@rename-it.nl> <5368C78E.9000107@alec.pl> <53694ACB.5070806@igeno-fat.de> <5369F171.2000709@igeno-fat.de> Message-ID: <536B7A82.5070602@rename-it.nl> T.B. schreef op 7-5-2014 10:40: > I think it would not be a problem to develop a solution to remotely > trigger re-filtering for me, myself and I. But that is not the point > here. Clients like the Thunderbird Sieve Extension > (https://github.com/thsmi/sieve, > https://addons.mozilla.org/de/thunderbird/addon/sieve/) or the diverse > webmail MUA's will only start implementing such a feature if there is > a official draft or specification. Yes, I agree. > The whole point of my initiative here is that Managesieve finally > becomes the capability to replicate the features the users know from > their local client side filtering (Thunderbird, Outlook) which provide > the feature of re-filtering. Even big webmail providers like the > Global Mail Exchange / GMX here in Germany provide re-filtering in > their webgui. I don't think this should be a ManageSieve feature. ManageSieve currently does not need/have access to the user's mailbox. It therefore also doesn't have the syntax elements and mechanisms in place to select mailboxes and ranges of messages. I think the only sensible place for this feature is IMAP. > I use the sieve-filter tool very often for myself - everytime when I > create a new subfolder and create a new fileinto rule, I refilter my > Inbox to clean it up and have a consistent subfolder with all old and > new mails that are matching the rule. > > The man page of the sieve-filter tool is 2 and a half years old ;) > (http://pigeonhole.dovecot.org/doc/man1/sieve-filter.1.html) > Sadly even the Wiki page doesn't mention it directly: > http://wiki2.dovecot.org/HowTo/RefilterMail I haven't received much feedback about this command line tool. So either everyone is happy with it, or it is rarely used. :) > Since the new german Dovecot book (http://www.dovecot-buch.de/) > recommends the sieve-filter tool for refiltering, it will get much > more attention in the future. Only from Germans at first, although it will be translated soon I guess. Anyway, I will give this idea a closer look somewhat soon. The main problem with IMAPSieve is not the METADATA support or the other Sieve extensions needed for it, it is the atomic nature of the IMAP commands for which it is used: either the whole command succeeds or the whole command fails. This makes things difficult for the Sieve interpreter, as it needs to keep record of what it has done for when a rollback is needed. Especially for "redirect" this is a huge pain. However, as you rightly say, this new feature can be simpler than that. It can reduce the atomicity to include only the processing of individual messages and e.g. return a response indicating which messages were successfully processed. This way, the state at client and server can still remain consistent without too much trouble. I think I'll make a proof-of-concept first and then condense my experience into a proper specification. This can take a while though; there is much Dovecot stuff on my list at the moment. Regards, Stephan. From stephan at rename-it.nl Thu May 8 12:51:27 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 08 May 2014 14:51:27 +0200 Subject: [Dovecot] Lifetime of redirect info stored by Sieve in .dovecot.lda-dupes In-Reply-To: References: <2107F795-5380-40E4-9458-6E29424AFD9D@skynet.be> <536B671C.3060602@rename-it.nl> Message-ID: <536B7DCF.2060007@rename-it.nl> Axel Luttgens schreef op 8-5-2014 14:22: > Le 8 mai 2014 ? 13:14, Stephan Bosch a ?crit : >> Axel Luttgens schreef op 8-5-2014 11:29: >>> How long are the Message-ID and recipient of forwarded messages (thru the redirect action) kept in .dovecot.lda-dupes? >>> >>> According to the code, it could be 24 hours; am I right? >> Yes. Why are you asking? > I'm asking because I've been questioned this morning about following scenario. > > Let's say one has a "redirect only" mailbox, having address "triplet at example.com" and a sieve script similar to this one: > > redirect "user1 at example.com"; > redirect "user2 at example.com"; > redirect "user3 at example.com"; > discard; > > When retrieving his messages with his MUA, user1 notices a message that should have been sent to user99. > He thus decides to forward that message to user99, and puts triplet at example.com in the Cc: field so as to inform the other users (user2 and user3) that they don't need to bother about that message anymore. > > So, you sure guess what happened (for my part, I had to look in the log): no redirect action succeeded for the informative message, since its Message-ID was the same as the original one ("discarded duplicate forward to ..."). Ehmm, what mail client is doing this? :) Afaik, forwarding messages should have a new Message-ID. I've tested this with Thunderbird and it does that properly. Regards, Stephan. From davide.marchi at mail.cgilfe.it Thu May 8 14:03:32 2014 From: davide.marchi at mail.cgilfe.it (Davide) Date: Thu, 08 May 2014 16:03:32 +0200 Subject: [Dovecot] Error Panic: file mail-storage.c Message-ID: <536B8EB4.8050909@mail.cgilfe.it> Hi to all, i have dovecot 2.2.12 compiled from source on debian 6 i find this errors on errorlog ...... 2014-05-08 12:44:21 imap(XXXXXXXXX): Panic: file mail-storage.c: line 2141 (mailbox_copy): assertion failed: (!ctx->unfinished) 2014-05-08 12:44:21 imap(XXXXXXXXX): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x6f47a) [0x7f54671e847a] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x6f4f6) [0x7f54671e84f6] -> /usr/local/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f546719d9ef] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x899f8) [0x7f54674d79f8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_move+0x1d) [0x7f54674d7a2d] -> dovecot/imap() [0x40d797] -> dovecot/imap(command_exec+0x3d) [0x419c0d] -> dovecot/imap() [0x418c00] -> dovecot/imap() [0x418d15] -> dovecot/imap(client_handle_input+0x125) [0x4191a5] -> dovecot/imap(client_input+0x6f) [0x419a5f] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f54671f8fc6] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x95) [0x7f54671fa345] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f54671f8f38] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f54671a2ed3] -> dovecot/imap(main+0x2a7) [0x423907] -> /lib/libc.so.6(__libc_start_main+0xfd) [0x7f5466e35c8d] -> dovecot/imap() [0x40bcc9] 2014-05-08 12:44:21 imap(XXXXXXXXX): Fatal: master: service(imap): child 23777 killed with signal 6 (core dumps disabled) 2014-05-08 12:44:21 imap(XXXXXXXXX): Panic: file mail-storage.c: line 2141 (mailbox_copy): assertion failed: (!ctx->unfinished) 2014-05-08 12:44:21 imap(XXXXXXXXX): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x6f47a) [0x7f31fc2ae47a] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x6f4f6) [0x7f31fc2ae4f6] -> /usr/local/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f31fc2639ef] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x899f8) [0x7f31fc59d9f8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_move+0x1d) [0x7f31fc59da2d] -> dovecot/imap() [0x40d797] -> dovecot/imap(command_exec+0x3d) [0x419c0d] -> dovecot/imap() [0x418c00] -> dovecot/imap() [0x418d15] -> dovecot/imap(client_handle_input+0x125) [0x4191a5] -> dovecot/imap(client_input+0x6f) [0x419a5f] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f31fc2befc6] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x95) [0x7f31fc2c0345] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f31fc2bef38] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f31fc268ed3] -> dovecot/imap(main+0x2a7) [0x423907] -> /lib/libc.so.6(__libc_start_main+0xfd) [0x7f31fbefbc8d] -> dovecot/imap() [0x40bcc9] 2014-05-08 12:44:21 imap(XXXXXXXXX): Fatal: master: service(imap): child 23779 killed with signal 6 (core dumps disabled) ..... Some advice to resolve the problem? -- *Davide Marchi* *T*eorema *F*errara *Srl* Via Spronello, 7 - Ferrara - 44121 Tel. *0532783161* Fax. *0532783368* E-m at il: *davide.marchi at mail.cgilfe.it* Skype: *davide.marchi73* Web: *http://www.cgilfe.it* *CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* From alessio at skye.it Thu May 8 14:56:56 2014 From: alessio at skye.it (Alessio Cecchi) Date: Thu, 08 May 2014 16:56:56 +0200 Subject: [Dovecot] Migrate from LDA to LMTP In-Reply-To: <536B1EFB.1070703@mail.cgilfe.it> References: <536B1EFB.1070703@mail.cgilfe.it> Message-ID: <536B9B38.3050600@skye.it> Il 08/05/2014 08:06, Davide ha scritto: > Hi to all, i have qmail installed on my system with dot-qmail files > format to deliver to mailbox (maildir format with dovecot 2.2.12); > currently i use LDA to delivery agent but we would migrate to LMTP is it > possible? and if yes someone could bring me to the right direction to > implement this? thanks. Hi Davide, is not possibile to use Dovecot/LMTP with Qmail. LDA works fine for me (with qmail), why you need LMTP? Ciao -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From h.reindl at thelounge.net Thu May 8 15:03:38 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 08 May 2014 17:03:38 +0200 Subject: [Dovecot] Migrate from LDA to LMTP In-Reply-To: <536B9B38.3050600@skye.it> References: <536B1EFB.1070703@mail.cgilfe.it> <536B9B38.3050600@skye.it> Message-ID: <536B9CCA.1070301@thelounge.net> Am 08.05.2014 16:56, schrieb Alessio Cecchi: > Il 08/05/2014 08:06, Davide ha scritto: >> Hi to all, i have qmail installed on my system with dot-qmail files >> format to deliver to mailbox (maildir format with dovecot 2.2.12); >> currently i use LDA to delivery agent but we would migrate to LMTP is it >> possible? and if yes someone could bring me to the right direction to >> implement this? thanks. > > is not possibile to use Dovecot/LMTP with Qmail. LDA works fine > for me (with qmail), why you need LMTP? why do you need qmail? the latest release is 1.0.3 from 1998 who right in his mind installs a 16 years unmaintained software? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From rick at havokmon.com Thu May 8 15:13:35 2014 From: rick at havokmon.com (Rick Romero) Date: Thu, 08 May 2014 10:13:35 -0500 Subject: [Dovecot] Migrate from LDA to LMTP In-Reply-To: <536B9CCA.1070301@thelounge.net> References: <536B1EFB.1070703@mail.cgilfe.it> <536B9B38.3050600@skye.it> <536B9CCA.1070301@thelounge.net> Message-ID: <20140508101335.Horde.8hIwWHCDH-h1Ls_bcEQO9g8@www.vfemail.net> Quoting Reindl Harald : > Am 08.05.2014 16:56, schrieb Alessio Cecchi: >> Il 08/05/2014 08:06, Davide ha scritto: >>> Hi to all, i have qmail installed on my system with dot-qmail files >>> format to deliver to mailbox (maildir format with dovecot 2.2.12); >>> currently i use LDA to delivery agent but we would migrate to LMTP is it >>> possible? and if yes someone could bring me to the right direction to >>> implement this? thanks. >> >> is not possibile to use Dovecot/LMTP with Qmail. LDA works fine >> for me (with qmail), why you need LMTP? > > why do you need qmail? > > the latest release is 1.0.3 from 1998who right in his mind installs a 16 > years unmaintained software? Because (other than you having absolutely no idea what the latest release is) it's better than whatever you're using, so there. From h.reindl at thelounge.net Thu May 8 15:20:01 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 08 May 2014 17:20:01 +0200 Subject: [Dovecot] Migrate from LDA to LMTP In-Reply-To: <20140508101335.Horde.8hIwWHCDH-h1Ls_bcEQO9g8@www.vfemail.net> References: <536B1EFB.1070703@mail.cgilfe.it> <536B9B38.3050600@skye.it> <536B9CCA.1070301@thelounge.net> <20140508101335.Horde.8hIwWHCDH-h1Ls_bcEQO9g8@www.vfemail.net> Message-ID: <536BA0A1.4070601@thelounge.net> Am 08.05.2014 17:13, schrieb Rick Romero: > Quoting Reindl Harald : > >> Am 08.05.2014 16:56, schrieb Alessio Cecchi: >>> Il 08/05/2014 08:06, Davide ha scritto: >>>> Hi to all, i have qmail installed on my system with dot-qmail files >>>> format to deliver to mailbox (maildir format with dovecot 2.2.12); >>>> currently i use LDA to delivery agent but we would migrate to LMTP is > it >>>> possible? and if yes someone could bring me to the right direction to >>>> implement this? thanks. >>> >>> is not possibile to use Dovecot/LMTP with Qmail. LDA works fine >>> for me (with qmail), why you need LMTP? >> >> why do you need qmail? >> >> the latest release is 1.0.3 from 1998 who right in his mind installs a 16 >> years unmaintained software? > > Because (other than you having absolutely no idea what the latest release > is) it's better than whatever you're using, so there > you having absolutely no idea what the latest release is http://en.wikipedia.org/wiki/Qmail Stable release 1.03 / June 15, 1998 Preview release netqmail 1.06 / November 11, 2007 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From axel.luttgens at skynet.be Thu May 8 15:26:54 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Thu, 8 May 2014 17:26:54 +0200 Subject: [Dovecot] Lifetime of redirect info stored by Sieve in .dovecot.lda-dupes In-Reply-To: <536B7DCF.2060007@rename-it.nl> References: <2107F795-5380-40E4-9458-6E29424AFD9D@skynet.be> <536B671C.3060602@rename-it.nl> <536B7DCF.2060007@rename-it.nl> Message-ID: <37D35650-C863-456B-A21B-FAC653BBAD40@skynet.be> Le 8 mai 2014 ? 14:51, Stephan Bosch a ?crit : > [...] > Ehmm, what mail client is doing this? :) Apple's Mail.app. > Afaik, forwarding messages should have a new Message-ID. I've tested this with Thunderbird and it does that properly. I should perhaps have written "resend that message" instead of "forward that message"? You know, that action of "reintroducing a message into the transport system", as described in section 3.6.6 of RFC 5322. In that case, Mail.app adds "Resent-From:", "Resent-Date:" and "Resent-To:" fields to the resent message (but it doesn't add a "Resent-Message-ID:" field, even if it SHOULD do so). On the other hand, forwarding a message indeed builds a message with a new Message-ID. Best regards, Axel From bourek at thinline.cz Thu May 8 15:29:19 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Thu, 08 May 2014 17:29:19 +0200 Subject: [Dovecot] Migrate from LDA to LMTP In-Reply-To: <536B9CCA.1070301@thelounge.net> References: <536B1EFB.1070703@mail.cgilfe.it> <536B9B38.3050600@skye.it> <536B9CCA.1070301@thelounge.net> Message-ID: <536BA2CF.2090102@thinline.cz> On 8.5.2014 17:03, Reindl Harald wrote: > > > Am 08.05.2014 16:56, schrieb Alessio Cecchi: >> Il 08/05/2014 08:06, Davide ha scritto: >>> Hi to all, i have qmail installed on my system with dot-qmail files >>> format to deliver to mailbox (maildir format with dovecot 2.2.12); >>> currently i use LDA to delivery agent but we would migrate to LMTP is it >>> possible? and if yes someone could bring me to the right direction to >>> implement this? thanks. >> >> is not possibile to use Dovecot/LMTP with Qmail. LDA works fine >> for me (with qmail), why you need LMTP? > > why do you need qmail? > > the latest release is 1.0.3 from 1998 > who right in his mind installs a 16 years unmaintained software? > Umaintained doesn't neccessarily mean problematic. Qmail does what it's supposed to do (accept mails and either relay them or deliver into mailbox) and it does it well enough. AFAIK there's have been no security holes in these 16 years. It's missing features, yes, but you don't always need them. (Plus a lot can be added with unoffical patches.) On the other hand, personally I don't know any patch to add LMTP support into qmail, neither on transmitting, nor on receiving side. From tss at iki.fi Thu May 8 15:29:27 2014 From: tss at iki.fi (Timo Sirainen) Date: Thu, 8 May 2014 18:29:27 +0300 Subject: [Dovecot] Denial of Service attacks against Dovecot v1.1+ Message-ID: <5FBF2986-1080-4205-82D7-67781BC70F8C@iki.fi> There's an upper limit to how many IMAP/POP3 connections can exist that haven't logged in (and separate limits for post-login). Normally when this limit is reached, the oldest connection gets disconnected. There is of course some potential to try to DoS Dovecot by doing a lot of IMAP/POP3 connections, but because the oldest connection always gets destroyed this requires quite a lot of activity from the attacker. This "destroy oldest connection" however hasn't been working in v1.1+ releases for connections that have started SSL/TLS handshake, but haven't finished it. So an attacker could just do a bunch of TCP connections to port 993 and leave them hanging around and Dovecot would pretty quickly reach the upper limit without being able to disconnect any of the oldest connections. Here are patches to fix this: http://hg.dovecot.org/dovecot-2.2/rev/41622541a7a3 http://hg.dovecot.org/dovecot-2.1/rev/b7ac23b4d339 http://hg.dovecot.org/dovecot-2.0/rev/48f90e7e92dc http://hg.dovecot.org/dovecot-1.2/rev/8ba4253adc9b http://hg.dovecot.org/dovecot-1.1/rev/fe0e6550585c The fix will be in v2.2.13. Maybe also in v2.1.18 if I decide to release it. For older releases you need to patch it yourself. For people who are using dovecot-ee releases the fix is also in v2.2.12.12 and v2.1.7.7 releases. From rick at havokmon.com Thu May 8 15:27:46 2014 From: rick at havokmon.com (Rick Romero) Date: Thu, 08 May 2014 10:27:46 -0500 Subject: [Dovecot] Migrate from LDA to LMTP In-Reply-To: <536BA0A1.4070601@thelounge.net> References: <536B1EFB.1070703@mail.cgilfe.it> <536B9B38.3050600@skye.it> <536B9CCA.1070301@thelounge.net> <20140508101335.Horde.8hIwWHCDH-h1Ls_bcEQO9g8@www.vfemail.net> <536BA0A1.4070601@thelounge.net> Message-ID: <20140508102746.Horde.Lo3EXGxvy1_6zabo5efddA1@www.vfemail.net> Quoting Reindl Harald : > Am 08.05.2014 17:13, schrieb Rick Romero: >> Quoting Reindl Harald : >> >>> Am 08.05.2014 16:56, schrieb Alessio Cecchi: >>>> Il 08/05/2014 08:06, Davide ha scritto: >>>>> Hi to all, i have qmail installed on my system with dot-qmail files >>>>> format to deliver to mailbox (maildir format with dovecot 2.2.12); >>>>> currently i use LDA to delivery agent but we would migrate to LMTP is >> >> it >>>>> possible? and if yes someone could bring me to the right direction to >>>>> implement this? thanks. >>>> >>>> is not possibile to use Dovecot/LMTP with Qmail. LDA works fine >>>> for me (with qmail), why you need LMTP? >>> >>> why do you need qmail? >>> >>> the latest release is 1.0.3 from 1998 who right in his mind installs a >>> 16 >>> years unmaintained software? >> >> Because (other than you having absolutely no idea what the latest release >> is) it's better than whatever you're using, so there > >> you having absolutely no idea what the latest release is > > http://en.wikipedia.org/wiki/Qmail > > Stable release ? ? ? ? 1.03 / June 15, 1998Preview release netqmail 1.06 > / November 11, 2007 Obviously you didn't see my "So There".? Your argument is invalid. From patrick at spamreducer.eu Thu May 8 15:32:26 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Thu, 08 May 2014 17:32:26 +0200 Subject: [Dovecot] Strange behavior on with "listescape" and "lda_mailbox_autocreate" - double entries In-Reply-To: <536B7292.6000508@sys4.de> References: <536B6DE3.80808@spamreducer.eu> <536B7292.6000508@sys4.de> Message-ID: <536BA38A.3030301@spamreducer.eu> Dear Robert, hallo Robert (ich spreche Deutsch), --- dovecot --version --- 2.0.19 -------------------------------- System: Ubuntu 12.04.4 --- dovecot -n ------------- # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.8.0-29-generic x86_64 Ubuntu 12.04.4 LTS ext4 auth_mechanisms = plain login dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_uid = 150 last_valid_uid = 150 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_gid = mail mail_location = maildir:/var/vmail/%d/%n mail_plugins = " quota listescape" mail_uid = vmail namespace { inbox = yes location = prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { autocreate = Trash autocreate2 = Sent autocreate3 = Drafts autosubscribe = Trash autosubscribe2 = Sent autosubscribe3 = Drafts quota = dict:user::proxy::quota quota_rule = *:storage=10MB quota_rule2 = Trash:storage=+10%% quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster at xx.com protocols = " imap pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = mail mode = 0600 user = vmail } } service dict { unix_listener dict { group = mail mode = 0660 user = vmail } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl_cert = Am 08.05.2014 13:43, schrieb Patrick De Zordo: >> Hello Guys, >> we are using Dovecot since years; all working flawless but one strange >> behavior: >> >> Let me explain.. >> >> - we have enabled the "listescape" plugin in "15-lda.conf", >> "10-mail.conf" and "20-imap.conf". >> - we use the following default namespace in "10-mail.conf": >> --------------- 10-mail.conf ----------------------------------------- >> namespace { >> type = private >> prefix = >> separator = / >> inbox = yes >> subscriptions = yes >> } >> ---------------------------------------------------------------------------------------- >> >> >> - we use a sieve script that automatically generates folders in the >> following form (example): >> ---------------------------------------------------------------------------------------- >> >> ".INBOX.2014.05.patrick.incoming" for user "patrick at xx.com" >> ".INBOX.2014.05.patrick.outgoing" for user "patrick at xx.com" >> ".INBOX.2014.05.p\2edezordo.incoming" for user "p.dezordo at xx.com" >> ---------------------------------------------------------------------------------------- >> >> >> This is ok, but the automatically generated "subscriptions"-file of the >> user contains double lines (the second line is something strange?!); >> the second one should not be created, its totally wrong..! >> >> --------------- subscriptions ----------------------------------------- >> Trash >> Sent >> INBOX.2014.05.patrick.incoming >> INBOX.2014.05.patrick.outgoing >> INBOX.2014.05.p\2edezordo.incoming >> INBOX\2e2014\2e05\2ep\5c2edezordo\2eincoming <----- this line!?!?!? >> ---------------------------------------------------------------------------------------- >> >> >> Have you any ideas whats going on? >> Could this be a bug, or misconfiguration? >> >> Thanks in advance!! >> >> Greeting from Italy! >> Patrick. > which version of dove > listescape had bugs in the past > > i.e > > http://hg.dovecot.org/dovecot-2.1/rev/63af3274fb6f > http://hg.dovecot.org/dovecot-2.2/rev/63af3274fb6f > http://hg.dovecot.org/dovecot-2.2/rev/fce84463f508 > > perhaps reread > > http://wiki2.dovecot.org/Plugins/Listescape > > post complete dove conf > > Best Regards > MfG Robert Schetterer > From tss at iki.fi Thu May 8 15:37:20 2014 From: tss at iki.fi (Timo Sirainen) Date: Thu, 8 May 2014 18:37:20 +0300 Subject: [Dovecot] v2.2.13.rc1 released Message-ID: http://dovecot.org/releases/2.2/rc/dovecot-2.2.13.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.13.rc1.tar.gz.sig There have been a ton of smaller and some larger changes since v2.2.12, so I thought I'd first make a RC release and the final v2.2.13 tomorrow. Please try it out! BTW. I've read most of the mails again in Dovecot mailing list, but there are still a few reported bugs I decided to leave until later. Anyway feel free to re-send any bug reports for things that haven't been fixed in v2.2.13 yet. * Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging arond for a long time. (Affected Dovecot v1.1+) + mdbox: Added mdbox_purge_preserve_alt setting to keep the file within alt storage during purge. (Should become enforced in v2.3.0?) + fts: Added support for parsing attachments via Apache Tika. Enable with: plugin { fts_tika = http://tikahost:9998/tika/ } + virtual plugin: Delay opening backend mailboxes until it's necessary. This requires mailbox_list_index=yes to work. (Currently IMAP IDLE command still causes all backend mailboxes to be opened.) + mail_never_cache_fields=* means now to disable all caching. This may be a useful optimization as doveadm/dsync parameter for some admin tasks which shouldn't really update the cache file. + IMAP: Return SPECIAL-USE flags always for LSUB command. - pop3 server was still crashing in v2.2.12 with some settings - maildir: Various fixes and improvements to handling compressed mails, especially when they have broken/missing S=sizes in filenames. - fts-lucene, fts-solr: Fixed crash on search when the index contained duplicate entries. - Many fixes and performance improvements to dsync and replication - director was somewhat broken when there were exactly two directors in the ring. It caused errors about "weak users" getting stuck. - mail_attachment_dir: Attachments with the last base64-encoded line longer than the rest wasn't handled correctly. - IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+ - acl: Global ACL file handling was broken when multiple entries matched the mailbox name. (Only the first entry was used.) From toml at engr.orst.edu Thu May 8 16:51:20 2014 From: toml at engr.orst.edu (Tom Lieuallen) Date: Thu, 08 May 2014 09:51:20 -0700 Subject: [Dovecot] segfault with shared namespace version > 2.1.16 In-Reply-To: <30F92EB6-39D4-4BAF-8BA4-5AB4C323C3F2@iki.fi> References: <534F1AD1.3030906@engr.orst.edu> <30F92EB6-39D4-4BAF-8BA4-5AB4C323C3F2@iki.fi> Message-ID: <536BB608.4010207@engr.orst.edu> Timo, I finally got around to testing this; actually with 2.2.13rc1, which I was quite sure had the fix included. It *did* solve my problem. thank you for the resolution Tom Lieuallen On 5/2/14, 1:59 AM, Timo Sirainen wrote: > On 17.4.2014, at 3.05, Tom Lieuallen wrote: > >> We're currently running 2.1.16. I've been wanting to update to a 2.2.X version, but have been running into problems, even with the latest (2.2.12). I'm not sure at what version this issue appeared, but I believe I've tried 2.2.10, 2.2.11, and now 2.2.12. >> >> We have a shared maildir setup. With that configuration in place and with a user in the dovecot-acl file, I can do the following to make it segfault every time. Note if I comment out the shared namespace config, it does not segfault. >> >> #0 mailbox_settings_find (user=0x6866c0, >> vname=0x670800 "sharedimap/support-reports") at mail-storage.c:624 >> box_set = >> ns = >> #1 0x00007f1cb0323fd0 in mailbox_list_get_storage (list=0x7fff73b39088, >> vname=, storage_r=0x7fff73b39080) >> at mailbox-list.c:821 >> set = >> #2 0x00007f1cb03164a7 in mail_namespace_find_shared ( >> namespaces=, >> mailbox=0x670800 "sharedimap/support-reports") at mail-namespace.c:651 >> list = 0x68ea30 >> storage = 0x0 >> #3 mail_namespace_find (namespaces=, >> mailbox=0x670800 "sharedimap/support-reports") at mail-namespace.c:669 >> ns = 0x68ad70 >> __FUNCTION__ = "mail_namespace_find" >> .... >> .... > > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/930b6b1346bd > From sebastian at goodrick.ch Thu May 8 16:59:57 2014 From: sebastian at goodrick.ch (Sebastian Goodrick) Date: Thu, 08 May 2014 18:59:57 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536A9B4A.1050105@goodrick.ch> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> Message-ID: <536BB80D.7090105@goodrick.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Disabling TLS1.2 in Win8 provides a workaround for the issue. This is done with this registry entry. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 Setting the ssl_cipher_list to what Robert suggested didn't change the behaviour. I've tried disabling TLS1.2 in dovecot, however I've had no success. Is there a way to disable TLS1.2? Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNruA0ACgkQR7+YB0QzbnqjowCeJih/Dak6y42SpqvoKT6hiZUj qRkAn0k9TrnZZjW9m0zQPX5EwNRO7Opi =7d6z -----END PGP SIGNATURE----- From leo at strike.wu.ac.at Thu May 8 17:01:28 2014 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Thu, 08 May 2014 19:01:28 +0200 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <536B6C53.6020603@Media-Brokers.com> References: <536A99B4.1010109@strike.wu.ac.at> <536B5209.5020309@Media-Brokers.com> <536B5568.80108@strike.wu.ac.at> <536B6C53.6020603@Media-Brokers.com> Message-ID: <536BB868.4030404@strike.wu.ac.at> Am 08.05.2014 13:36, schrieb Charles Marcus: > On 5/8/2014 5:59 AM, Alexander 'Leo' Bergolth wrote: >> I am using a single server, mbox, local disks (/home and /var is XFS on >> HP SmartArray). > > Hmmm... could be an mbox specific issue (I seem to recall issues in the > past that ended up being mbox related, I think it might probably be the same issue that had already been described one year ago for 2.2.0: http://thread.gmane.org/gmane.mail.imap.dovecot/71636 (Although in my case, the "Cached message size smaller than expected" difference is always 1 byte.) > and I think Timo doesn't give > mbox as much attention as maildir and dbox). Too bad. Unfortunately it's not easy to switch for me. :-( Is mbox really such an uncommon scenario with dovecot? AFAIK it's the default config shipped with most linux distros.. > Also, possibly a kernel issue - you are on a very old one (I know the > argument, but I disagree with and have never 'gotten' it). 2.6.32 is 6.5 > years old. Hmm - I think that's very unlikely a kernel issue. It's a Redhat EL 6 kernel so that kernel is actively maintained and very widely used. > Also, did you change default_vsz_limit for a good reason Yes. I suppose. ;-) However, I don't remember that reason now. :-) Maybe I read some recommendation about that? Maybe about large mailboxes? Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From rs at sys4.de Thu May 8 17:13:47 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 08 May 2014 19:13:47 +0200 Subject: [Dovecot] Denial of Service attacks against Dovecot v1.1+ In-Reply-To: <5FBF2986-1080-4205-82D7-67781BC70F8C@iki.fi> References: <5FBF2986-1080-4205-82D7-67781BC70F8C@iki.fi> Message-ID: <536BBB4B.6030407@sys4.de> Am 08.05.2014 17:29, schrieb Timo Sirainen: > There's an upper limit to how many IMAP/POP3 connections can exist that haven't logged in (and separate limits for post-login). Normally when this limit is reached, the oldest connection gets disconnected. There is of course some potential to try to DoS Dovecot by doing a lot of IMAP/POP3 connections, but because the oldest connection always gets destroyed this requires quite a lot of activity from the attacker. > > This "destroy oldest connection" however hasn't been working in v1.1+ releases for connections that have started SSL/TLS handshake, but haven't finished it. So an attacker could just do a bunch of TCP connections to port 993 and leave them hanging around and Dovecot would pretty quickly reach the upper limit without being able to disconnect any of the oldest connections. > > Here are patches to fix this: > > http://hg.dovecot.org/dovecot-2.2/rev/41622541a7a3 > http://hg.dovecot.org/dovecot-2.1/rev/b7ac23b4d339 > http://hg.dovecot.org/dovecot-2.0/rev/48f90e7e92dc > http://hg.dovecot.org/dovecot-1.2/rev/8ba4253adc9b > http://hg.dovecot.org/dovecot-1.1/rev/fe0e6550585c > > The fix will be in v2.2.13. Maybe also in v2.1.18 if I decide to release it. my vote for 2.1.18 , 2.1.x is still widly used For older releases you need to patch it yourself. > > For people who are using dovecot-ee releases the fix is also in v2.2.12.12 and v2.1.7.7 releases. > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Thu May 8 17:21:16 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 08 May 2014 19:21:16 +0200 Subject: [Dovecot] Strange behavior on with "listescape" and "lda_mailbox_autocreate" - double entries In-Reply-To: <536BA38A.3030301@spamreducer.eu> References: <536B6DE3.80808@spamreducer.eu> <536B7292.6000508@sys4.de> <536BA38A.3030301@spamreducer.eu> Message-ID: <536BBD0C.7090906@sys4.de> Am 08.05.2014 17:32, schrieb Patrick De Zordo: > Dear Robert, hallo Robert (ich spreche Deutsch), > > --- dovecot --version --- > 2.0.19 thats old, you should upgrade minimum 2.1.17 or go trusty, if possible, it has 2.2.9 or use repo http://xi.rename-it.nl/debian/dists/testing-auto/ sorry i just have no time to compare your setting to my listescape setup, but perhaps others may do > -------------------------------- > > System: Ubuntu 12.04.4 > > --- dovecot -n ------------- > # 2.0.19: /etc/dovecot/dovecot.conf > # OS: Linux 3.8.0-29-generic x86_64 Ubuntu 12.04.4 LTS ext4 > auth_mechanisms = plain login > dict { > quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext > } > first_valid_uid = 150 > last_valid_uid = 150 > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > mail_gid = mail > mail_location = maildir:/var/vmail/%d/%n > mail_plugins = " quota listescape" > mail_uid = vmail > namespace { > inbox = yes > location = > prefix = > separator = / > subscriptions = yes > type = private > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > autocreate = Trash > autocreate2 = Sent > autocreate3 = Drafts > autosubscribe = Trash > autosubscribe2 = Sent > autosubscribe3 = Drafts > quota = dict:user::proxy::quota > quota_rule = *:storage=10MB > quota_rule2 = Trash:storage=+10%% > quota_warning = storage=95%% quota-warning 95 %u > quota_warning2 = storage=80%% quota-warning 80 %u > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > postmaster_address = postmaster at xx.com > protocols = " imap pop3" > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = mail > mode = 0600 > user = vmail > } > } > service dict { > unix_listener dict { > group = mail > mode = 0660 > user = vmail > } > } > service quota-warning { > executable = script /usr/local/bin/quota-warning.sh > unix_listener quota-warning { > user = vmail > } > user = vmail > } > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol lda { > mail_plugins = " quota listescape quota sieve listescape" > } > protocol imap { > mail_plugins = " quota listescape imap_quota listescape" > } > -------------------------------- > > Viele Gr??e und vielen Dank! > Patrick. > > Am 08.05.2014 14:03, schrieb Robert Schetterer: >> Am 08.05.2014 13:43, schrieb Patrick De Zordo: >>> Hello Guys, >>> we are using Dovecot since years; all working flawless but one strange >>> behavior: >>> >>> Let me explain.. >>> >>> - we have enabled the "listescape" plugin in "15-lda.conf", >>> "10-mail.conf" and "20-imap.conf". >>> - we use the following default namespace in "10-mail.conf": >>> --------------- 10-mail.conf ----------------------------------------- >>> namespace { >>> type = private >>> prefix = >>> separator = / >>> inbox = yes >>> subscriptions = yes >>> } >>> ---------------------------------------------------------------------------------------- >>> >>> >>> >>> - we use a sieve script that automatically generates folders in the >>> following form (example): >>> ---------------------------------------------------------------------------------------- >>> >>> >>> ".INBOX.2014.05.patrick.incoming" for user "patrick at xx.com" >>> ".INBOX.2014.05.patrick.outgoing" for user "patrick at xx.com" >>> ".INBOX.2014.05.p\2edezordo.incoming" for user "p.dezordo at xx.com" >>> ---------------------------------------------------------------------------------------- >>> >>> >>> >>> This is ok, but the automatically generated "subscriptions"-file of the >>> user contains double lines (the second line is something strange?!); >>> the second one should not be created, its totally wrong..! >>> >>> --------------- subscriptions ----------------------------------------- >>> Trash >>> Sent >>> INBOX.2014.05.patrick.incoming >>> INBOX.2014.05.patrick.outgoing >>> INBOX.2014.05.p\2edezordo.incoming >>> INBOX\2e2014\2e05\2ep\5c2edezordo\2eincoming <----- this line!?!?!? >>> ---------------------------------------------------------------------------------------- >>> >>> >>> >>> Have you any ideas whats going on? >>> Could this be a bug, or misconfiguration? >>> >>> Thanks in advance!! >>> >>> Greeting from Italy! >>> Patrick. >> which version of dove >> listescape had bugs in the past >> >> i.e >> >> http://hg.dovecot.org/dovecot-2.1/rev/63af3274fb6f >> http://hg.dovecot.org/dovecot-2.2/rev/63af3274fb6f >> http://hg.dovecot.org/dovecot-2.2/rev/fce84463f508 >> >> perhaps reread >> >> http://wiki2.dovecot.org/Plugins/Listescape >> >> post complete dove conf >> >> Best Regards >> MfG Robert Schetterer >> Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From patrick at spamreducer.eu Thu May 8 17:23:54 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Thu, 08 May 2014 19:23:54 +0200 Subject: [Dovecot] Strange behavior on with "listescape" and "lda_mailbox_autocreate" - double entries In-Reply-To: <536BBD0C.7090906@sys4.de> References: <536B6DE3.80808@spamreducer.eu> <536B7292.6000508@sys4.de> <536BA38A.3030301@spamreducer.eu> <536BBD0C.7090906@sys4.de> Message-ID: <536BBDAA.40200@spamreducer.eu> I'll try this night to get trusty and repeat the setup.. ;-) Am 08.05.2014 19:21, schrieb Robert Schetterer: > Am 08.05.2014 17:32, schrieb Patrick De Zordo: >> Dear Robert, hallo Robert (ich spreche Deutsch), >> >> --- dovecot --version --- >> 2.0.19 > thats old, you should upgrade minimum 2.1.17 > > or go trusty, if possible, it has > > 2.2.9 > > or use repo > > http://xi.rename-it.nl/debian/dists/testing-auto/ > > sorry i just have no time to compare your setting to my listescape > setup, but perhaps others may do > > >> -------------------------------- >> >> System: Ubuntu 12.04.4 >> >> --- dovecot -n ------------- >> # 2.0.19: /etc/dovecot/dovecot.conf >> # OS: Linux 3.8.0-29-generic x86_64 Ubuntu 12.04.4 LTS ext4 >> auth_mechanisms = plain login >> dict { >> quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext >> } >> first_valid_uid = 150 >> last_valid_uid = 150 >> lda_mailbox_autocreate = yes >> lda_mailbox_autosubscribe = yes >> mail_gid = mail >> mail_location = maildir:/var/vmail/%d/%n >> mail_plugins = " quota listescape" >> mail_uid = vmail >> namespace { >> inbox = yes >> location = >> prefix = >> separator = / >> subscriptions = yes >> type = private >> } >> passdb { >> args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> } >> plugin { >> autocreate = Trash >> autocreate2 = Sent >> autocreate3 = Drafts >> autosubscribe = Trash >> autosubscribe2 = Sent >> autosubscribe3 = Drafts >> quota = dict:user::proxy::quota >> quota_rule = *:storage=10MB >> quota_rule2 = Trash:storage=+10%% >> quota_warning = storage=95%% quota-warning 95 %u >> quota_warning2 = storage=80%% quota-warning 80 %u >> sieve = ~/.dovecot.sieve >> sieve_dir = ~/sieve >> } >> postmaster_address = postmaster at xx.com >> protocols = " imap pop3" >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener auth-userdb { >> group = mail >> mode = 0600 >> user = vmail >> } >> } >> service dict { >> unix_listener dict { >> group = mail >> mode = 0660 >> user = vmail >> } >> } >> service quota-warning { >> executable = script /usr/local/bin/quota-warning.sh >> unix_listener quota-warning { >> user = vmail >> } >> user = vmail >> } >> ssl_cert = > ssl_key = > userdb { >> args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> } >> protocol lda { >> mail_plugins = " quota listescape quota sieve listescape" >> } >> protocol imap { >> mail_plugins = " quota listescape imap_quota listescape" >> } >> -------------------------------- >> >> Viele Gr??e und vielen Dank! >> Patrick. >> >> Am 08.05.2014 14:03, schrieb Robert Schetterer: >>> Am 08.05.2014 13:43, schrieb Patrick De Zordo: >>>> Hello Guys, >>>> we are using Dovecot since years; all working flawless but one strange >>>> behavior: >>>> >>>> Let me explain.. >>>> >>>> - we have enabled the "listescape" plugin in "15-lda.conf", >>>> "10-mail.conf" and "20-imap.conf". >>>> - we use the following default namespace in "10-mail.conf": >>>> --------------- 10-mail.conf ----------------------------------------- >>>> namespace { >>>> type = private >>>> prefix = >>>> separator = / >>>> inbox = yes >>>> subscriptions = yes >>>> } >>>> ---------------------------------------------------------------------------------------- >>>> >>>> >>>> >>>> - we use a sieve script that automatically generates folders in the >>>> following form (example): >>>> ---------------------------------------------------------------------------------------- >>>> >>>> >>>> ".INBOX.2014.05.patrick.incoming" for user "patrick at xx.com" >>>> ".INBOX.2014.05.patrick.outgoing" for user "patrick at xx.com" >>>> ".INBOX.2014.05.p\2edezordo.incoming" for user "p.dezordo at xx.com" >>>> ---------------------------------------------------------------------------------------- >>>> >>>> >>>> >>>> This is ok, but the automatically generated "subscriptions"-file of the >>>> user contains double lines (the second line is something strange?!); >>>> the second one should not be created, its totally wrong..! >>>> >>>> --------------- subscriptions ----------------------------------------- >>>> Trash >>>> Sent >>>> INBOX.2014.05.patrick.incoming >>>> INBOX.2014.05.patrick.outgoing >>>> INBOX.2014.05.p\2edezordo.incoming >>>> INBOX\2e2014\2e05\2ep\5c2edezordo\2eincoming <----- this line!?!?!? >>>> ---------------------------------------------------------------------------------------- >>>> >>>> >>>> >>>> Have you any ideas whats going on? >>>> Could this be a bug, or misconfiguration? >>>> >>>> Thanks in advance!! >>>> >>>> Greeting from Italy! >>>> Patrick. >>> which version of dove >>> listescape had bugs in the past >>> >>> i.e >>> >>> http://hg.dovecot.org/dovecot-2.1/rev/63af3274fb6f >>> http://hg.dovecot.org/dovecot-2.2/rev/63af3274fb6f >>> http://hg.dovecot.org/dovecot-2.2/rev/fce84463f508 >>> >>> perhaps reread >>> >>> http://wiki2.dovecot.org/Plugins/Listescape >>> >>> post complete dove conf >>> >>> Best Regards >>> MfG Robert Schetterer >>> > > > Best Regards > MfG Robert Schetterer > From rs at sys4.de Thu May 8 17:28:04 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 08 May 2014 19:28:04 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536BB80D.7090105@goodrick.ch> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> Message-ID: <536BBEA4.4010300@sys4.de> Am 08.05.2014 18:59, schrieb Sebastian Goodrick: > Disabling TLS1.2 in Win8 provides a workaround for the issue. This is > done with this registry entry. > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS > 1.2\Client] > "DisabledByDefault"=dword:00000001 > "Enabled"=dword:00000000 thx for report, so its a workaround > > Setting the ssl_cipher_list to what Robert suggested didn't change the > behaviour. hm.... > > I've tried disabling TLS1.2 in dovecot, however I've had no success. > Is there a way to disable TLS1.2? isolate the real nature of the problem should be the way to go > > Sebastian > > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From sebastian at goodrick.ch Thu May 8 17:50:09 2014 From: sebastian at goodrick.ch (Sebastian Goodrick) Date: Thu, 08 May 2014 19:50:09 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536BBEA4.4010300@sys4.de> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> Message-ID: <536BC3D1.4060202@goodrick.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> I've tried disabling TLS1.2 in dovecot, however I've had no >> success. Is there a way to disable TLS1.2? > > isolate the real nature of the problem should be the way to go Yes, you're right. Disabling TLS1.2 is a workaround, not a solution. Postfix is affected by the same issue which indicates an issue with OpenSSL. There is a certain chance that this behaviour might be triggered from a closed source library. If someone from Microsoft volunteers to work on this issue, I'd be happy to join in. Regards, Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNrw9AACgkQR7+YB0QzbnqwVwCeOq8IpZ4PF5fPu/PehZ7ifuPl VKoAoItRIY8RvAWx535kUVooogawNICm =/Ayz -----END PGP SIGNATURE----- From mark at msapiro.net Thu May 8 17:51:54 2014 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 08 May 2014 10:51:54 -0700 Subject: [Dovecot] v2.2.13.rc1 released In-Reply-To: References: Message-ID: <536BC43A.3060104@msapiro.net> On 05/08/2014 08:37 AM, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/rc/dovecot-2.2.13.rc1.tar.gz > http://dovecot.org/releases/2.2/rc/dovecot-2.2.13.rc1.tar.gz.sig > > There have been a ton of smaller and some larger changes since v2.2.12, so I thought I'd first make a RC release and the final v2.2.13 tomorrow. Please try it out! Installed here. OK so far ... -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From x3_ppc at bk.ru Thu May 8 17:59:50 2014 From: x3_ppc at bk.ru (Hit4er) Date: Thu, 8 May 2014 10:59:50 -0700 (PDT) Subject: [Dovecot] LDA can't read dovecot.conf In-Reply-To: <536A80F3.2050702@thelounge.net> References: <1399488262009-47853.post@n4.nabble.com> <536A80F3.2050702@thelounge.net> Message-ID: <1399571990082-47898.post@n4.nabble.com> Thanks for reply, still want to understand with LDA. Correct my error, here is my config dovecot Config Postfix right /etc/dovecot right /etc/postfix Any help/pointers gratefully received. -- View this message in context: http://dovecot.2317879.n4.nabble.com/LDA-can-t-read-dovecot-conf-tp47853p47898.html Sent from the Dovecot mailing list archive at Nabble.com. From bind at enas.net Thu May 8 18:22:49 2014 From: bind at enas.net (Urban Loesch) Date: Thu, 08 May 2014 20:22:49 +0200 Subject: [Dovecot] LDA can't read dovecot.conf In-Reply-To: <1399571990082-47898.post@n4.nabble.com> References: <1399488262009-47853.post@n4.nabble.com> <536A80F3.2050702@thelounge.net> <1399571990082-47898.post@n4.nabble.com> Message-ID: <536BCB79.8070403@enas.net> What does "ls -lh /etc |grep dovecot" show? Am 08.05.2014 19:59, schrieb Hit4er: > Thanks for reply, still want to understand with LDA. Correct my error, here > is my config dovecot > > > Config Postfix > > > > right /etc/dovecot > > > right /etc/postfix > > > > Any help/pointers gratefully received. > > > > -- > View this message in context: http://dovecot.2317879.n4.nabble.com/LDA-can-t-read-dovecot-conf-tp47853p47898.html > Sent from the Dovecot mailing list archive at Nabble.com. > From rs at sys4.de Thu May 8 19:12:49 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 08 May 2014 21:12:49 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536BC3D1.4060202@goodrick.ch> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> Message-ID: <536BD731.1010902@sys4.de> Am 08.05.2014 19:50, schrieb Sebastian Goodrick: >>> I've tried disabling TLS1.2 in dovecot, however I've had no >>> success. Is there a way to disable TLS1.2? > >> isolate the real nature of the problem should be the way to go > > Yes, you're right. Disabling TLS1.2 is a workaround, not a solution. > Postfix is affected by the same issue which indicates an issue with > OpenSSL. > There is a certain chance that this behaviour might be triggered from > a closed source library. If someone from Microsoft volunteers to work > on this issue, I'd be happy to join in. > > Regards, > Sebastian > perhaps this has impact...just an idea http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx so my specutlation, on win 8 fips mode enabled ,is default currently, ( please verify this ) , but it should be disabled be causing too much trouble... Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From sebastian at goodrick.ch Thu May 8 19:29:14 2014 From: sebastian at goodrick.ch (Sebastian Goodrick) Date: Thu, 08 May 2014 21:29:14 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536BD731.1010902@sys4.de> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> Message-ID: <536BDB0A.8010000@goodrick.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > perhaps this has impact...just an idea > > > http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx > > so my specutlation, on win 8 fips mode enabled ,is default > currently, ( please verify this ) , but it should be disabled be > causing too much trouble... On my fresh install of Win8.1: HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy Enabled=0 Indicating that FIPS mode is disabled. As far as I understand FIPS it disables certain ciphers / protocols. However, my new dovecot/OpenSSL version provides more and stronger ciphers, so FIPS shouldn't be an issue (well, in theory). Regards Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNr2woACgkQR7+YB0QzbnrCYQCfUu6p5/koM9bAP7P65/ih1PDu 02oAnjmM9NpbEGpz1lnPlXNskAGtY1tU =TJag -----END PGP SIGNATURE----- From berni at birkenwald.de Thu May 8 19:49:43 2014 From: berni at birkenwald.de (Bernhard Schmidt) Date: Thu, 8 May 2014 19:49:43 +0000 (UTC) Subject: [Dovecot] lmtp_rcpt_check_quota not working References: Message-ID: Bernhard Schmidt wrote: Hi Timo, in case you missed that... > Hi, > > Dovecot 2.2.9 (Debian package from backports) does not seem to respect > lmtp_rcpt_check_quota > > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 > deliver_log_format = from=<%e>, size=%p, message-id=<%m>, status=%$ > disable_plaintext_auth = no > lmtp_rcpt_check_quota = yes > mail_debug = yes > mail_gid = mstore > mail_location = maildir:~/Maildir:INDEX=/var/cache/dovecot/index/%-1.1u/%u > mail_plugins = quota > mail_uid = mstore > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > mmap_disable = yes > namespace inbox { > inbox = yes > location = > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = INBOX. > separator = . > type = private > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf > driver = ldap > } > plugin { > quota = maildir > quota_rule = ?:storage=512M > quota_rule2 = INBOX.Trash:ignore > quota_status_nouser = DUNNO > quota_status_overquota = 452 4.2.2 Mailbox is full > quota_status_success = DUNNO > quota_warning = storage=95%% quota-warning 95 %u > quota_warning2 = storage=85%% quota-warning 85 %u > sieve = ~/currently-active-script.sieve > sieve_dir = ~/sieve > } > pop3_uidl_format = %08Xv%08Xu > protocols = imap lmtp sieve pop3 > quota_full_tempfail = yes > service anvil { > client_limit = 3000 > unix_listener anvil { > group = sudo > mode = 0660 > } > } > service auth { > client_limit = 3000 > unix_listener auth-userdb { > group = mstore > mode = 0660 > user = mstore > } > } > service imap-login { > client_limit = 1024 > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > process_limit = 2500 > process_min_avail = 4 > service_count = 0 > } > service lmtp { > inet_listener lmtp { > address = xxx > port = 24 > } > } > service managesieve-login { > inet_listener sieve { > port = 2000 > } > service_count = 1 > } > service managesieve { > process_limit = 1024 > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > service quota-status { > client_limit = 5 > executable = quota-status -p postfix > inet_listener { > address = xxx > port = 12340 > } > } > service quota-warning { > executable = script /etc/dovecot/quotawarnmsg.sh > unix_listener quota-warning { > user = mstore > } > user = mstore > } > ssl_cert = ssl_key = userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-ldap.conf > driver = ldap > } > verbose_proctitle = yes > protocol imap { > mail_plugins = quota imap_quota imap_zlib > } > protocol lda { > mail_plugins = quota sieve > } > protocol lmtp { > mail_plugins = quota sieve > } > > so Dovecot should reject in RCPT TO phase, but according to the logs of the > upstream Postfix it does so after END-OF-DATA > > (host xxx[2001:xxx] said: 452 4.2.2 > Quota exceeded (mailbox for user is > full) (in reply to end of DATA command)) > > I haven't seen any commits regarding to this in 2.2.10 or tip. > > Regards, > Bernhard > From rs at sys4.de Thu May 8 20:25:19 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 08 May 2014 22:25:19 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536BDB0A.8010000@goodrick.ch> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> Message-ID: <536BE82F.6020900@sys4.de> Am 08.05.2014 21:29, schrieb Sebastian Goodrick: >> perhaps this has impact...just an idea > > >> http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx > >> so my specutlation, on win 8 fips mode enabled ,is default >> currently, ( please verify this ) , but it should be disabled be >> causing too much trouble... > > On my fresh install of Win8.1: > > HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy > Enabled=0 hm.. > > Indicating that FIPS mode is disabled. As far as I understand FIPS it > disables certain ciphers / protocols. However, my new dovecot/OpenSSL > version provides more and stronger ciphers, so FIPS shouldn't be an > issue (well, in theory). definiton of "strong" maybe variable my speculate was, it leaves too less ciphers left > > Regards > Sebastian > i will test this now with my win8 and new dove installation, but it will take time doing endless win upgrades in the vm first Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From njriley at illinois.edu Thu May 8 20:29:48 2014 From: njriley at illinois.edu (Nicholas Riley) Date: Thu, 08 May 2014 15:29:48 -0500 Subject: [Dovecot] imapc with Outlook.com transfers max 22-23 messages per mailbox!? References: <049D36AA-81FF-4201-93F3-5BEEE1663D82@iki.fi> Message-ID: In article <049D36AA-81FF-4201-93F3-5BEEE1663D82 at iki.fi>, Timo Sirainen wrote: > On 6.5.2014, at 1.35, Nicholas Riley wrote: > > > Here's how I sync a single mailbox, which should have a few hundred > > messages in it: > > > > % doveadm -D -v -c [...] sync -1 -R -u [...] -m Avalon imapc: > > > > Output is at http://sabi.net/temp/sync.txt > > > > But every mailbox contains at most 22-23 messages. > > Dunno. > > > Is there a rawlog equivalent for imapc? I'm hoping that there is a > > simple protocol usage change that could let me get entire mailboxes. > > imapc_rawlog_dir = /path Thanks, that's very helpful. I created a test mailbox with 30 messages in it. Dovecot seems to successfully enumerate all 30 messages but only retrieves 4 of them. Here is the rawlog output: http://sabi.net/temp/dovecot-rawlog/in.log http://sabi.net/temp/dovecot-rawlog/out.log -- Nicholas Riley From rs at sys4.de Thu May 8 20:54:18 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 08 May 2014 22:54:18 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536BE82F.6020900@sys4.de> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> Message-ID: <536BEEFA.3090708@sys4.de> Am 08.05.2014 22:25, schrieb Robert Schetterer: > Am 08.05.2014 21:29, schrieb Sebastian Goodrick: >>> perhaps this has impact...just an idea >> >> >>> http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx >> >>> so my specutlation, on win 8 fips mode enabled ,is default >>> currently, ( please verify this ) , but it should be disabled be >>> causing too much trouble... >> >> On my fresh install of Win8.1: >> >> HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy >> Enabled=0 > > hm.. > >> >> Indicating that FIPS mode is disabled. As far as I understand FIPS it >> disables certain ciphers / protocols. However, my new dovecot/OpenSSL >> version provides more and stronger ciphers, so FIPS shouldn't be an >> issue (well, in theory). > > definiton of "strong" maybe variable > my speculate was, it leaves too less ciphers left > >> >> Regards >> Sebastian >> > > i will test this now with my win8 and new dove installation, but it will > take time doing endless win upgrades in the vm first > > > Best Regards > MfG Robert Schetterer > meanwhile from http://social.technet.microsoft.com/Forums/office/en-US/5a8df31b-ef3a-4f42-9776-8ca3200574c7/error-when-using-smtp-with-tls-windows-8-outlook-2013?forum=outlook ... System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" as found in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options which as per description does This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. that needs to be disabled for Outlook.com's SMTP TLS to work. or, looking at the registry: FIPSAlgorithmPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy/Enabled ... any thoughts about that ? Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From bourek at thinline.cz Thu May 8 21:35:52 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Thu, 08 May 2014 23:35:52 +0200 Subject: [Dovecot] Migrate from LDA to LMTP In-Reply-To: <20140508102746.Horde.Lo3EXGxvy1_6zabo5efddA1@www.vfemail.net> References: <536B1EFB.1070703@mail.cgilfe.it> <536B9B38.3050600@skye.it> <536B9CCA.1070301@thelounge.net> <20140508101335.Horde.8hIwWHCDH-h1Ls_bcEQO9g8@www.vfemail.net> <536BA0A1.4070601@thelounge.net> <20140508102746.Horde.Lo3EXGxvy1_6zabo5efddA1@www.vfemail.net> Message-ID: <536BF8B8.2070802@thinline.cz> On 8.5.2014 17:27, Rick Romero wrote: > Quoting Reindl Harald : > >> Am 08.05.2014 17:13, schrieb Rick Romero: >>> Quoting Reindl Harald : >>> >>>> Am 08.05.2014 16:56, schrieb Alessio Cecchi: >>>>> Il 08/05/2014 08:06, Davide ha scritto: >>>>>> Hi to all, i have qmail installed on my system with dot-qmail files >>>>>> format to deliver to mailbox (maildir format with dovecot 2.2.12); >>>>>> currently i use LDA to delivery agent but we would migrate to LMTP is >>> >>> it >>>>>> possible? and if yes someone could bring me to the right direction to >>>>>> implement this? thanks. >>>>> >>>>> is not possibile to use Dovecot/LMTP with Qmail. LDA works fine >>>>> for me (with qmail), why you need LMTP? >>>> >>>> why do you need qmail? >>>> >>>> the latest release is 1.0.3 from 1998 who right in his mind installs a >>>> 16 >>>> years unmaintained software? >>> >>> Because (other than you having absolutely no idea what the latest > release >>> is) it's better than whatever you're using, so there >> >>> you having absolutely no idea what the latest release is >> >> http://en.wikipedia.org/wiki/Qmail >> >> Stable release 1.03 / June 15, 1998Preview release netqmail > 1.06 >> / November 11, 2007 > > Obviously you didn't see my "So There". Your argument is invalid. Well the "better than whatever you're using" part is somewhat doubtful. I had the opportunity to compare qmail and Postfix on a server with identical functionality and user base. Standard qmail setup (tcpserver - rblsmtpd - qmail-smtpd - qmail-qfilter) choked badly on million+ incoming connections per day (most of that being spam outbreak rejected by rblsmtpd, i.e. qmail-smtpd was never invoked) That situation forced deployment of second server with same MX priority and even with that some clients weren't able to connect, because it choked as the first one. After migration to Postfix one box handles even worse spam outbreaks (10M connections per day) with ease and with stock source base you can do things that required creating your own software and/or patching qmail with your own patches. So you might want to tone it down with statements like that. Same goes for telling people they have no idea about something. From stephan at rename-it.nl Thu May 8 23:37:02 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 09 May 2014 01:37:02 +0200 Subject: [Dovecot] Lifetime of redirect info stored by Sieve in .dovecot.lda-dupes In-Reply-To: <37D35650-C863-456B-A21B-FAC653BBAD40@skynet.be> References: <2107F795-5380-40E4-9458-6E29424AFD9D@skynet.be> <536B671C.3060602@rename-it.nl> <536B7DCF.2060007@rename-it.nl> <37D35650-C863-456B-A21B-FAC653BBAD40@skynet.be> Message-ID: <536C151E.7060309@rename-it.nl> On 5/8/2014 5:26 PM, Axel Luttgens wrote: > Le 8 mai 2014 ? 14:51, Stephan Bosch a ?crit : > >> [...] >> Ehmm, what mail client is doing this? :) > Apple's Mail.app. > > >> Afaik, forwarding messages should have a new Message-ID. I've tested this with Thunderbird and it does that properly. > I should perhaps have written "resend that message" instead of "forward that message"? > You know, that action of "reintroducing a message into the transport system", as described in section 3.6.6 of RFC 5322. > > In that case, Mail.app adds "Resent-From:", "Resent-Date:" and "Resent-To:" fields to the resent message (but it doesn't add a "Resent-Message-ID:" field, even if it SHOULD do so). Right. This should help: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/3b6917a4807c Regards, Stephan. From dovecot-list at mohtex.net Fri May 9 03:20:18 2014 From: dovecot-list at mohtex.net (Tamsy) Date: Fri, 09 May 2014 10:20:18 +0700 Subject: [Dovecot] v2.2.13.rc1 vs. Pigeonhole Message-ID: <536C4972.2010107@mohtex.net> Server: Ubuntu 10.04 LTS 32bit There seems to be an incompatibility when compiling Pigeonhole against Dovecot v2.2.13.rc1. # make check with Pigeonhole throws up the following error message: Test case: ./tests/extensions/editheader/addheader.svtest: 1: Test 'Addheader - first' SUCCEEDED 2: Test 'Addheader - last' SUCCEEDED 3: Test 'Addheader - framed' SUCCEEDED 4: Test 'Addheader - folded' SUCCEEDED 5: Test 'Addheader - newlines' FAILED: wrong first header content in redirected mail 6: Test 'Addheader - implicit keep' SUCCEEDED 7: Test 'Addheader - UTF 8' SUCCEEDED 8: Test 'Addheader - devious characters' SUCCEEDED FAIL: 1 of 8 tests failed. I tried this with the latest Pigeonhole from Mercurial: - dovecot-2-2-pigeonhole-3b6917a4807c and also with the older: - dovecot-2-2-pigeonhole-e111a2393a92 Both versions are quitting during "make check" with the same error when compiling against dovecot-2.2.13.rc1. Compiling those versions against dovecot-2.2.12 is going without errors though. Cheers, Tamsy From sebastian at goodrick.ch Fri May 9 06:29:38 2014 From: sebastian at goodrick.ch (Sebastian Goodrick) Date: Fri, 09 May 2014 08:29:38 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536BEEFA.3090708@sys4.de> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> Message-ID: <536C75D2.4030109@goodrick.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> my speculate was, it leaves too less ciphers left OK, but does the old dovecot/openssl version provide less ciphers than the new install? I'm not too familiar with what ciphers ship with OpenSSL in what version. My naive assumption is, a new version ships with more ciphers, hence this shouldn't be an issue. (Unless there is a new bug in a cipher.) > Computer Configuration\Windows Settings\Security Settings\Local > Policies\Security Options I just learned, there is a tool called gpedit.msc on win8 :) "Use FIPS compliant algorithms for encryption, hashing, and signing" is disabled on my machine. From what I understand this indicates, that it can use more/all available ciphers. > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows > NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy/Enabled I can find this key (it is set to DisplayType=0 and ValueType=4) but I don't understand what I can change there and what this setting indicates. Needless to say that my windows administration knowledge is limited. Regards, Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNsddIACgkQR7+YB0QzbnohewCeN3SA2or/T60AGhBBcrGXRsFQ kW4An2xxuHdhnUIY9xVfD43LiFo0yJkq =63Av -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri May 9 06:39:59 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 9 May 2014 08:39:59 +0200 (CEST) Subject: [Dovecot] LDA can't read dovecot.conf In-Reply-To: <1399571990082-47898.post@n4.nabble.com> References: <1399488262009-47853.post@n4.nabble.com> <536A80F3.2050702@thelounge.net> <1399571990082-47898.post@n4.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 8 May 2014, Hit4er wrote: Er, your message looks quite stipped down (see below) in contrast to the nabble-link, > Thanks for reply, still want to understand with LDA. Correct my error, here > is my config dovecot > > > Config Postfix > > > > right /etc/dovecot > > > right /etc/postfix > > > > Any help/pointers gratefully received. Nabble says this: > virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf, mysql:/etc/postfix/mysql/virtual_alias_domain_maps.cf > virtual_gid_maps = static:5000 > virtual_mailbox_base = /var/vmail > virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf > virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf > virtual_transport = dovecot > virtual_uid_maps = static:5000 > > right /etc/dovecot > > drwx------ 2 root root 4096 ???. 22 21:10 conf.d > -rw-r--r-- 1 root root 4448 ??? 8 01:04 dovecot.conf I guess postfix calls Dovecot LDA as user 5000/5000 as per quoted config above, right? ** That user has no access to the config in /etc/dovecot. Do: chmod a+x /etc/dovecot /etc/dovecot/conf.d chmod a+r /etc/dovecot/*.conf* /etc/dovecot/conf.d/*.conf* /etc/dovecot/conf.d ** If you don't know, replace the call to the LDA in postfix with a wrapper script: ===== BEGIN #!/bin/bash ( date id echo "$@" original_LDA "$@" rc=$? echo rc=$rc exit $rc ) >>/tmp/lda.log 2>&1 =====END If you don't have a test machine, better use >>/tmp/log/lda-$$.log 2>&1 in order to put all log files into one subdir of /tmp and make sure their logging does not overlap. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU2x4QHz1H7kL/d9rAQJ4jggAuktMwHJpjQSoRdohj4ro2XW8NfSUr14X uX4+45uMSkTtEZIwJULrrtNQ/Ej8jInikKlxboXSWQd/URHFXTyCrjREHeCYazD5 d6P8Gl6coUbbJfPXiSfYc5oZOUQ4Mbr9yxWu20fnIlCtQATdVccA9R9JQYtFUNLO qSgv1gOivCfo5WhE4tH1y69ArcvR8dpeRRmJoS8QVaYaGDtHjV3O4T/juCm4VAuZ W1nRwjw1OzGyWwkbGvA2rcvby0fVOMmuO3qcdhOfOs4B3wfKnzs1SPdWxDc6wqbu TVcmOlTI3Y4N6L0Oa/bnF+m7jUlzdEO+Bf/16bat6mq0Km/6vsiFbg== =ozvg -----END PGP SIGNATURE----- From stephan at rename-it.nl Fri May 9 06:56:01 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 09 May 2014 08:56:01 +0200 Subject: [Dovecot] v2.2.13.rc1 vs. Pigeonhole In-Reply-To: <536C4972.2010107@mohtex.net> References: <536C4972.2010107@mohtex.net> Message-ID: <536C7C01.8030100@rename-it.nl> On 5/9/2014 5:20 AM, Tamsy wrote: > Server: Ubuntu 10.04 LTS 32bit > > There seems to be an incompatibility when compiling Pigeonhole against > Dovecot v2.2.13.rc1. > # make check > with Pigeonhole throws up the following error message: > > > Test case: ./tests/extensions/editheader/addheader.svtest: > > 1: Test 'Addheader - first' SUCCEEDED > 2: Test 'Addheader - last' SUCCEEDED > 3: Test 'Addheader - framed' SUCCEEDED > 4: Test 'Addheader - folded' SUCCEEDED > 5: Test 'Addheader - newlines' FAILED: wrong first header content in > redirected mail > 6: Test 'Addheader - implicit keep' SUCCEEDED > 7: Test 'Addheader - UTF 8' SUCCEEDED > 8: Test 'Addheader - devious characters' SUCCEEDED > > FAIL: 1 of 8 tests failed. > > I tried this with the latest Pigeonhole from Mercurial: > - dovecot-2-2-pigeonhole-3b6917a4807c > and also with the older: > - dovecot-2-2-pigeonhole-e111a2393a92 > > Both versions are quitting during "make check" with the same error when > compiling against dovecot-2.2.13.rc1. > Compiling those versions against dovecot-2.2.12 is going without errors > though. Hmm, it doesn't fail here. I made the failure message a bit more verbose. What does it say now? What output do you get if you edit the svtest file and add a test_message_print command before that failure? Regards, Stephan. From alessio at skye.it Fri May 9 06:59:54 2014 From: alessio at skye.it (Alessio Cecchi) Date: Fri, 09 May 2014 08:59:54 +0200 Subject: [Dovecot] Migrate from LDA to LMTP In-Reply-To: <536BF8B8.2070802@thinline.cz> References: <536B1EFB.1070703@mail.cgilfe.it> <536B9B38.3050600@skye.it> <536B9CCA.1070301@thelounge.net> <20140508101335.Horde.8hIwWHCDH-h1Ls_bcEQO9g8@www.vfemail.net> <536BA0A1.4070601@thelounge.net> <20140508102746.Horde.Lo3EXGxvy1_6zabo5efddA1@www.vfemail.net> <536BF8B8.2070802@thinline.cz> Message-ID: <536C7CEA.1000805@skye.it> Il 08/05/2014 23:35, Jiri Bourek ha scritto: > On 8.5.2014 17:27, Rick Romero wrote: >> Quoting Reindl Harald : >> >>> Am 08.05.2014 17:13, schrieb Rick Romero: >>>> Quoting Reindl Harald : >>>> >>>>> Am 08.05.2014 16:56, schrieb Alessio Cecchi: >>>>>> Il 08/05/2014 08:06, Davide ha scritto: >>>>>>> Hi to all, i have qmail installed on my system with dot-qmail files >>>>>>> format to deliver to mailbox (maildir format with dovecot 2.2.12); >>>>>>> currently i use LDA to delivery agent but we would migrate to >>>>>>> LMTP is >>>> >>>> it >>>>>>> possible? and if yes someone could bring me to the right >>>>>>> direction to >>>>>>> implement this? thanks. >>>>>> >>>>>> is not possibile to use Dovecot/LMTP with Qmail. LDA works fine >>>>>> for me (with qmail), why you need LMTP? >>>>> >>>>> why do you need qmail? >>>>> >>>>> the latest release is 1.0.3 from 1998 who right in his mind installs a >>>>> 16 >>>>> years unmaintained software? >>>> >>>> Because (other than you having absolutely no idea what the latest >> release >>>> is) it's better than whatever you're using, so there >>> >>>> you having absolutely no idea what the latest release is >>> >>> http://en.wikipedia.org/wiki/Qmail >>> >>> Stable release 1.03 / June 15, 1998Preview release netqmail >> 1.06 >>> / November 11, 2007 >> >> Obviously you didn't see my "So There". Your argument is invalid. > > Well the "better than whatever you're using" part is somewhat doubtful. > I had the opportunity to compare qmail and Postfix on a server with > identical functionality and user base. Standard qmail setup (tcpserver - > rblsmtpd - qmail-smtpd - qmail-qfilter) choked badly on million+ > incoming connections per day (most of that being spam outbreak rejected > by rblsmtpd, i.e. qmail-smtpd was never invoked) I'm running an installation with the inverse situation, qmail works fine under pressure and postfix not. I think that is only a "tuning/configuration" problem. I'm very familiar with qmail and not with postfix, so for me is more simple to work with qmail. If you are familiar with postfix, postfix will works better for you, if you are familiar with qmail you will install qmail. Ciao -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From alessio at skye.it Fri May 9 07:21:02 2014 From: alessio at skye.it (Alessio Cecchi) Date: Fri, 09 May 2014 09:21:02 +0200 Subject: [Dovecot] Doveadm sometimes failed "to iterate through some users" after upgrade to 2.2 Message-ID: <536C81DE.9080707@skye.it> Hi, I'm running every week in cron "doveadm expunge -A mailbox Spam before 30d" and monthly "doveadm quota recalc -A". After the upgrade to dovecot 2.2.12 (from 2.1.17), "doveadm -A" sometimes exit with this error: doveadm(user at domain.com): Error: User listing returned failure doveadm: Error: Failed to iterate through some users # echo $? 75 If I re-run the same command the user where doveadm stops changeing (always in alphabetical order): info@ mario@ pippo@ zazza@ and finally, after 3 or 4 run, ends with success. I have enable debug (via doveadm -D and auth/mail debub in 10-logging.con) but there are no errors or difference in the log when doveadm exit with the error (error code is 75). If I run # doveadm expunge -A mailbox Spam savedbefore 30d doveadm works fine Can somebody help me? Here is my configuration: # dovecot -n # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.9 auth_debug = yes auth_master_user_separator = * auth_verbose = yes deliver_log_format = msgid=%m, from=%f, subject="%s": %$ dict { expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no dotlock_use_excl = no first_valid_gid = 89 first_valid_uid = 89 imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags imap_idle_notify_interval = 29 mins imap_logout_format = in=%i out=%o session=<%{session}> last_valid_gid = 89 last_valid_uid = 89 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * mail_debug = yes mail_fsync = always mail_location = maildir:~/Maildir mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = quota expire maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave vnd.dovecot.duplicate mmap_disable = yes namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%n/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { args = username_format=%Ld /etc/dovecot/extra/alias-domains-denylogin.txt deny = yes driver = passwd-file } passdb { args = /etc/dovecot/extra/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { expire = Trash expire2 = Spam expire_dict = proxy::expire quota = maildir:UserQuota quota2 = dict:Quota Usage::noenforcing:proxy::sqlquota quota_grace = 10M quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_before = /etc/dovecot/sieve/before.sieve sieve_dir = ~/sieve sieve_extensions = +vnd.dovecot.duplicate -vacation } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o, session=<%{session}> protocols = imap pop3 sieve service auth-worker { process_limit = 1000 } service auth { client_limit = 5500 unix_listener auth-userdb { group = vchkpw mode = 0660 user = vpopmail } } service dict { process_limit = 300 unix_listener dict { group = vchkpw mode = 0660 user = vpopmail } } service imap-login { process_min_avail = 4 service_count = 0 } service imap { process_limit = 4000 service_count = 100 } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { service_count = 0 } service pop3 { process_limit = 1023 service_count = 100 } service quota-warning { executable = script /etc/dovecot/scripts/quota-warning.sh unix_listener quota-warning { user = vpopmail } user = vpopmail } ssl_cert = http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From rs at sys4.de Fri May 9 08:33:36 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 09 May 2014 10:33:36 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536C75D2.4030109@goodrick.ch> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> Message-ID: <536C92E0.8040107@sys4.de> Am 09.05.2014 08:29, schrieb Sebastian Goodrick: >>> my speculate was, it leaves too less ciphers left > OK, but does the old dovecot/openssl version provide less ciphers than > the new install? sorry i am short in time dovecot hast setup options for ciphers related to your openssl version please read http://www.michaelboman.org/books/sslscan http://www.unixwitch.de/de/sysadmin/tools/imap-mit-ssl-testen https://sys4.de/de/blog/2013/08/15/dovecot-tls-perfect-forward-secrecy/ http://wiki2.dovecot.org/SSL/DovecotConfiguration http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html I'm not too familiar with what ciphers ship with > OpenSSL in what version. type openssl ciphers to see ciphers on your server with your openssl version and openssl s_client -connect imap.example.com:143 -starttls imap for general testing My naive assumption is, a new version ships > with more ciphers, hence this shouldn't be an issue. (Unless there is > a new bug in a cipher.) there must be matching ciphers > >> Computer Configuration\Windows Settings\Security Settings\Local >> Policies\Security Options > I just learned, there is a tool called gpedit.msc on win8 :) > "Use FIPS compliant algorithms for encryption, hashing, and signing" > is disabled on my machine. From what I understand this indicates, that > it can use more/all available ciphers. > >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows >> NT\CurrentVersion\SecEdit\Reg > Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy/Enabled > I can find this key (it is set to DisplayType=0 and ValueType=4) but I > don't understand what I can change there and what this setting > indicates. Needless to say that my windows administration knowledge is > limited. as written i will test it, but it will take time > > Regards, > Sebastian > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From maciej.uhlig at us.edu.pl Fri May 9 08:59:48 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Fri, 09 May 2014 10:59:48 +0200 Subject: [Dovecot] v2.2.13.rc1 released - Panic: file buffer.c: line 307 (buffer_set_used_size): assertion failed: (used_size <= buf->alloc) In-Reply-To: References: Message-ID: <536C9904.4010904@us.edu.pl> Timo Sirainen - 2014-05-08 17:37: > BTW. I've read most of the mails again in Dovecot mailing list, but there are still a few reported bugs I decided to leave until later. Anyway feel free to re-send any bug reports for things that haven't been fixed in v2.2.13 yet. First report on 2014-01-11 with 2.2.10; bug still present: 2014-05-09T10:18:18+02:00 server/ip dovecot: imap(user at domain): Error: Corrupted transaction log file ./domain/user/mail/.Drafts/dovecot.index.log seq 16777216: log file shrank (540 < 6144) (sync_offset=6144) 2014-05-09T10:18:18+02:00 server/ip dovecot: imap(user at domain): Panic: file buffer.c: line 307 (buffer_set_used_size): assertion failed: (used_size <= buf->alloc) 2014-05-09T10:18:24+02:00 server/ip dovecot: imap(user at domain): Fatal: master: service(imap): child 4098 killed with signal 6 (core dumped) Program terminated with signal 6, Aborted. #0 0x00000033c9a32925 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x00000033c9a32925 in raise () from /lib64/libc.so.6 #1 0x00000033c9a34105 in abort () from /lib64/libc.so.6 #2 0x00007f50fd3302b0 in default_fatal_finish () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #3 0x00007f50fd330326 in i_internal_fatal_handler () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #4 0x00007f50fd2e560f in i_panic () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #5 0x00007f50fd32b219 in buffer_set_used_size () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #6 0x00007f50fd67ccb0 in mail_transaction_log_file_open () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #7 0x00007f50fd679548 in mail_transaction_log_open () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #8 0x00007f50fd65f0c4 in mail_index_open_files () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #9 0x00007f50fd65f400 in mail_index_open () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #10 0x00007f50fd65089c in index_storage_mailbox_open () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #11 0x00007f50fd5ea8fa in maildir_mailbox_open_existing () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #12 0x00007f50fd5ea9cf in maildir_mailbox_open () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #13 0x00007f50fd6215b4 in mailbox_open_full () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #14 0x00007f50fd62176f in mailbox_open () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #15 0x0000000000419d10 in client_open_save_dest_box () #16 0x000000000040bf67 in cmd_append () #17 0x0000000000418b0d in command_exec () #18 0x0000000000417ae4 in client_command_input () #19 0x0000000000417c25 in client_command_input () #20 0x0000000000418095 in client_handle_input () #21 0x000000000041896f in client_input () #22 0x00007f50fd3414bd in io_loop_call_io () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #23 0x00007f50fd342885 in io_loop_handler_run_internal () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #24 0x00007f50fd341549 in io_loop_handler_run () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #25 0x00007f50fd3415d8 in io_loop_run () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #26 0x00007f50fd2eaa63 in master_service_run () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #27 0x00000000004227e7 in main () (gdb) Thanks. -- MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From tss at iki.fi Fri May 9 09:50:46 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 9 May 2014 12:50:46 +0300 Subject: [Dovecot] Doveadm sometimes failed "to iterate through some users" after upgrade to 2.2 In-Reply-To: <536C81DE.9080707@skye.it> References: <536C81DE.9080707@skye.it> Message-ID: <56D07777-7592-4354-91B1-A43C7BFD6F6B@iki.fi> On 9.5.2014, at 10.21, Alessio Cecchi wrote: > I'm running every week in cron "doveadm expunge -A mailbox Spam before 30d" and monthly "doveadm quota recalc -A". > > After the upgrade to dovecot 2.2.12 (from 2.1.17), "doveadm -A" sometimes exit with this error: > > doveadm(user at domain.com): Error: User listing returned failure > doveadm: Error: Failed to iterate through some users > # echo $? > 75 This should be fixed in v2.2.13. From axel.luttgens at skynet.be Fri May 9 10:28:17 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Fri, 9 May 2014 12:28:17 +0200 Subject: [Dovecot] Lifetime of redirect info stored by Sieve in .dovecot.lda-dupes In-Reply-To: <536C151E.7060309@rename-it.nl> References: <2107F795-5380-40E4-9458-6E29424AFD9D@skynet.be> <536B671C.3060602@rename-it.nl> <536B7DCF.2060007@rename-it.nl> <37D35650-C863-456B-A21B-FAC653BBAD40@skynet.be> <536C151E.7060309@rename-it.nl> Message-ID: Le 9 mai 2014 ? 01:37, Stephan Bosch a ?crit : > [...] > Right. > > This should help: > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/3b6917a4807c Fine! I'll now try to find another edge case. ;-) Thanks again, Axel From maciej.uhlig at us.edu.pl Fri May 9 10:35:49 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Fri, 09 May 2014 12:35:49 +0200 Subject: [Dovecot] v2.2.13.rc1 released - signal 11, Segmentation fault. in mail_cache_header_fields_read () In-Reply-To: References: Message-ID: <536CAF85.4030806@us.edu.pl> Timo Sirainen - 2014-05-08 17:37: > There have been a ton of smaller and some larger changes since v2.2.12, so I thought I'd first make a RC release and the final v2.2.13 tomorrow. Please try it out! Actually there were seven identical segfaults for the same user in three minutes: Program terminated with signal 11, Segmentation fault. #0 0x00007f54dc1da4c5 in mail_cache_header_fields_read () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 (gdb) bt #0 0x00007f54dc1da4c5 in mail_cache_header_fields_read () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #1 0x00007f54dc1d821a in mail_cache_open_and_verify () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #2 0x00007f54dc1d9e9d in mail_cache_register_get_list () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #3 0x00007f54dc1cec24 in index_mailbox_get_metadata () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #4 0x00007f54dc16a520 in maildir_mailbox_get_metadata () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #5 0x00007f54dc1a133e in mailbox_get_metadata () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #6 0x00007f54dc1cf7d7 in index_copy_cache_fields () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #7 0x00007f54dc168daa in maildir_save_add () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #8 0x00007f54dc16512e in maildir_copy () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #9 0x00007f54db81b521 in notify_copy () from /usr/local/dovecot/lib/dovecot/lib15_notify_plugin.so #10 0x00007f54dbc2b363 in quota_copy () from /usr/local/dovecot/lib/dovecot/lib10_quota_plugin.so #11 0x00007f54dc1a2a5d in mailbox_copy () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #12 0x00007f54dc1a2bcd in mailbox_move () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 #13 0x000000000040c667 in cmd_copy_full () #14 0x0000000000418b0d in command_exec () #15 0x0000000000417ae4 in client_command_input () #16 0x0000000000417c25 in client_command_input () #17 0x0000000000418095 in client_handle_input () #18 0x000000000041896f in client_input () #19 0x00007f54dbec14bd in io_loop_call_io () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #20 0x00007f54dbec2885 in io_loop_handler_run_internal () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #21 0x00007f54dbec1549 in io_loop_handler_run () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #22 0x00007f54dbec15d8 in io_loop_run () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #23 0x00007f54dbe6aa63 in master_service_run () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot.so.0 #24 0x00000000004227e7 in main () (gdb) Thanks. -- MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From teemu.huovila at dovecot.fi Fri May 9 10:51:22 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Fri, 09 May 2014 13:51:22 +0300 Subject: [Dovecot] v2.2.13.rc1 released - signal 11, Segmentation fault. in mail_cache_header_fields_read () In-Reply-To: <536CAF85.4030806@us.edu.pl> References: <536CAF85.4030806@us.edu.pl> Message-ID: <536CB32A.1080705@dovecot.fi> Hello On 05/09/2014 01:35 PM, Maciej Uhlig wrote: > (gdb) bt Could you post the output of "bt full", though judging by your post in january, you do not have the symbols to go with it. Please also post your doveconf -n br, Teemu Huovila From sca at andreasschulze.de Fri May 9 11:15:37 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Fri, 9 May 2014 13:15:37 +0200 Subject: [Dovecot] v2.2.13.rc1 vs. Pigeonhole In-Reply-To: <536C4972.2010107@mohtex.net> References: <536C4972.2010107@mohtex.net> Message-ID: <20140509111537.GB28892@solar.andreasschulze.de> Tamsy: > There seems to be an incompatibility when compiling Pigeonhole against > Dovecot v2.2.13.rc1. same here: debian squeeze, pigeonhole.0.4.2, dovecot-2.2.13.rc1 ---------------- Test case: ./tests/extensions/editheader/addheader.svtest: 1: Test 'Addheader - first' SUCCEEDED 2: Test 'Addheader - last' SUCCEEDED 3: Test 'Addheader - framed' SUCCEEDED 4: Test 'Addheader - folded' SUCCEEDED 5: Test 'Addheader - newlines' FAILED: wrong first header content in redirected mail 6: Test 'Addheader - implicit keep' SUCCEEDED FAIL: 1 of 6 tests failed. make[1]: *** [tests/extensions/editheader/addheader.svtest] Error 1 ---------------- should I provide full buildlogs? Andreas From maciej.uhlig at us.edu.pl Fri May 9 11:31:55 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Fri, 09 May 2014 13:31:55 +0200 Subject: [Dovecot] v2.2.13.rc1 released - signal 11, Segmentation fault. in mail_cache_header_fields_read () In-Reply-To: <536CB32A.1080705@dovecot.fi> References: <536CAF85.4030806@us.edu.pl> <536CB32A.1080705@dovecot.fi> Message-ID: <536CBCAB.2040001@us.edu.pl> Teemu Huovila - 2014-05-09 12:51: > Could you post the output of "bt full", though judging by your post in january, you do not have the symbols to go with it. Right. > > Please also post your doveconf -n # 2.2.13.rc1: /dir1/dir3/dovecot/dovecot.conf # OS: Linux 2.6.32-431.1.2.0.1.el6.x86_64 x86_64 CentOS release 6.5 (Final) auth_mechanisms = plain login auth_socket_path = /dir1/dir2/dovecot/auth-userdb base_dir = /dir1/dir2/dovecot/ default_client_limit = 2000 default_process_limit = 500 default_vsz_limit = 1 G deliver_log_format = msgid=%m size=%p: %$ disable_plaintext_auth = no lda_mailbox_autocreate = yes mail_gid = 5000 mail_home = /dir4/%d/%n mail_location = maildir:~/mail mail_plugin_dir = /usr/local/dovecot/lib/dovecot mail_plugins = quota notify mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags passdb { args = failure_show_msg=yes imap driver = pam } passdb { args = /dir1/dir3/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { mail_log_events = append delete undelete expunge copy mailbox_delete mailbox_rename quota = maildir:User quota quota_rule = *:storage=500M quota_rule2 = Trash:storage=+10%% quota_rule3 = Spam:storage=+10%% quota_warning = storage=90%% quota-warning 90 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /dir4/sieve/%u.sieve sieve_after = /dir4/sieve/after/ sieve_before = /dir4/sieve/before/ sieve_extensions = +imapflags sieve_global_dir = /dir4/sieve/global/ sieve_global_path = /dir4/sieve/0default.sieve } postmaster_address = postmaster at domain protocols = imap pop3 lmtp sieve quota_full_tempfail = yes sendmail_path = /usr/lib/sendmail service anvil { client_limit = 2005 } service auth { client_limit = 2500 } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 8 service_count = 512 vsz_limit = 256 M } service imap { executable = imap postlogin vsz_limit = 256 M } service lmtp { drop_priv_before_exec = yes inet_listener lmtp { address = ip1 port = 24 } process_min_avail = 8 vsz_limit = 1 G } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 } service_count = 512 } service pop3 { executable = pop3 postlogin } service postlogin { executable = script-login /dir1/dir3/dovecot/postlogin.sh } service quota-warning { executable = script /dir1/dir3/dovecot/quota-warn.sh unix_listener quota-warning { user = vmail } user = vmail } ssl_cert = From sebastian at goodrick.ch Fri May 9 12:28:12 2014 From: sebastian at goodrick.ch (Sebastian Goodrick) Date: Fri, 09 May 2014 14:28:12 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536C92E0.8040107@sys4.de> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> Message-ID: <536CC9DC.1020800@goodrick.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I will go through the links later today, thanks. > openssl ciphers The new OpenSSL supports many additional ciphers. Three ciphers are not supported anymore: DES-CBC-MD5, DES-CBC3-MD5, RC2-CBC-MD5 For any reason I don't understand, there are ciphers listed twice in the old OpenSSL version but also once in the new version: EXP-RC2-CBC-MD5, EXP-RC4-MD5, RC4-MD5 > openssl s_client -connect imap.example.com:143 -starttls imap dovecot 2.1.7, OpenSSL 1.0.1 e (both as shipped with Debian Weezy): New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 dovecot 1.2.13, OpenSSL 0.9.8 g (call me outdated, I say heartbleed!): New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA However, that's talking OpenSSL to OpenSSL. > there must be matching ciphers Indeed. According to this http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx there should be matching ciphers if I'm not completely mistaken. (I don't know what P256 indicates in TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256. Is there a similar way to OpenSSL to check on the box, what is really supported? Or to perform a handshake like the -connect -starttls imap option of OpenSSL? > as written i will test it, but it will take time Thanks, Robert. I really appreciate it. Your comments have been really helpful to me so far. Regards Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNsydwACgkQR7+YB0QzbnovDQCgk21gkre2/NQ9k8mGLgWmbHyD 1goAoKSEmOvu+3IbVjt5MWCO8XQt3Hu6 =my5T -----END PGP SIGNATURE----- From h.reindl at thelounge.net Fri May 9 12:40:35 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 09 May 2014 14:40:35 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536CC9DC.1020800@goodrick.ch> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <536CC9DC.1020800@goodrick.ch> Message-ID: <536CCCC3.4070409@thelounge.net> Am 09.05.2014 14:28, schrieb Sebastian Goodrick: > For any reason I don't understand, there are ciphers listed twice in > the old OpenSSL version but also once in the new version: > EXP-RC2-CBC-MD5, EXP-RC4-MD5, RC4-MD5 EXP-RC4-MD5 != RC4-MD5 however, with a recent dovecot setup and openssl >= 1.0.1 you can and should order the ciphers on the serverside the configuration belows disables as most important thing the broken RC4 and supports even Outlook 2003 on WinXP which uses DES-CBC3-SHA proven by dovecot logs because it does not list any crap it is short enough that compatible ciphers are always in the first 64 ones, you may use google to find out why that is important if it comes to handshakes with older software especially from Microsoft these 21 ciphers are ordered by best possible encryption and are passing serious security audits ssl_prefer_server_ciphers = yes ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From bov at bsdpanic.com Fri May 9 12:58:20 2014 From: bov at bsdpanic.com (SIW) Date: Fri, 09 May 2014 13:58:20 +0100 Subject: [Dovecot] Disable IMAP for ONE user only In-Reply-To: <5368D7AA.1040203@bsdpanic.com> References: <5367BECE.9090401@bsdpanic.com> <3aaac575-860e-485a-bc8b-7493ce75bd03@email.android.com> <5367EF20.50407@bsdpanic.com> <5367F0DC.4010502@dementianati.com> <20140505153214.Horde.0WfoYh36llotac3svpgjPQ1@www.vfemail.net> <5367F827.1000401@bsdpanic.com> <20140505161354.Horde.p4He27ZWOfClYXJuRaj6gA1@www.vfemail.net> <20140505163355.Horde.dAii15amo91janPgTCfgTA1@www.vfemail.net> <53680780.4090609@bsdpanic.com> <01d6c571-29b1-409e-96a6-3b8e6d643d48@darklajid.de> <5368198D.5050006@dementianati.com> <53688EBE.9010400@bsdpanic.com> <87109e48-ca37-418d-a505-9e6d560cd9a3@darklajid.de> <5368D7AA.1040203@bsdpanic.com> Message-ID: <536CD0EC.2070408@bsdpanic.com> After giving this some thought and taking a step back I followed Rick Romeros advice and I think I have a working proof of concept on my test server :-) Here are the steps I have followed, I am interested in hearing peoples thoughts on this or some feedback: 1) Created an extra column in my users tables that does authentication and added a second password. The table looks like this now after running the SQL statements to create the column and add a second password for my account: ALTER TABLE virtual_users ADD travel_password VARCHAR(106); UPDATE mailserver.virtual_users SET travel_password=ENCRYPT('newpassword',concat('$6$',substring(sha(rand()), -16))) WHERE email='user at domain.com'; +----+-----------------+--------------------------------------------------------------------------+---------------------------------+-------------------------+ | id | domain_id | password | email | travel_password | <------- This end column is new +----+------------------+------------------------------------------------------------------------------------------------------------+-------------------------+ | 6 | 1 | $6$8e5d84a4ee689211$f | user at domain.com | $6$56095ed3867| +----+-----------------+--------------------------------------------------------------------------+----------------------------------+-------------------------+ NB: I have shortened the passwords for readability 2) I then edited the password_query in /usr/local/etc/dovecot/dovecot-sql.conf.ext for Dovecot to: password_query = SELECT email as user, if('%r' = '127.0.0.1' AND email ='user at domain.com', travel_password,password) as password FROM virtual_users WHERE email='%u'; and restarted Dovecot This seems to be working as I would expect it to :-) If I login to Roundcube as user at domain.com with my travel_password it logs me in. If I login as the same user but use the "normal" password it doesn't log me in. If I use Thunderbird I can only use the "normal" password (using the travel_password fails as I would expect it to). So now I can login from an untrusted internet cafe machine, and they can record my login credentials and my mailbox will be safe! When I use Roundcube, the OTP AND the travel_password are required for login. Since the hacker can't reuse the OTP, the login details are safe. They also can't use the travel_password for IMAP access. I realise this is a bit of a hack and only works for a handful of users but for my setup it (seems) perfect! Comments and feedback are welcome! Thanks Rick and to everyone for their valuable input. On 06/05/2014 13:38, SIW wrote: > Hi Benjamin > > Thanks for your input. > > I guess I need to take a step back and define some requirements. > Currently I have too many options running through my head which has > overwhelmed me and is not helping! You are correct in saying that the > subject of this post is now incorrect. Maybe is should now be: Two > factor for Dovecot and Roundcube for secure remote access > > First of all I don't want any of the authentication options to change > for all current users. I am the *only* user that requires secure > access to webmail while travelling overseas. > > So the requirements are: > > 1) For all users (except myself) allow them to continue using the > system as it is > > 2) For me (and possibly some new users in the future), allow a secure > way of authenticating with Roundcube so that if the password is > recorded with a keylogger, access to my mailbox via IMAP is not > possible. (NB: When I say IMAP, I mean non-Roundcibe/HTTP access to my > mailbox) > > 3) Email clients include: Thunderbird, Outlook, K9 on Android and > Roundcube > > 4) Yes, I have looked at OTP for Roundcube and currently use Googles > Authenticator which works nicely in securing Roundcube ONLY. The OTP > AND password is required to login. The OTP is generate on my Android > phone. > > From what I have gathered, the options for securing logging in from an > untrusted machine are: > > 1) Use throw away passwords - ie: passwords that can only be used once > and can ONLY be used for logging into Roundcube > > 2) Use OTP for Dovecot AND Roundcube - I have no idea how to do this > > 3) Have a copy of my mailbox (that gets synced with a cron job) and > have a completely separate login to access this mailbox. This login > will ONLY be used when using Roundcube from an untrusted machine and > will NOT be allowed IMAP access (this can be done in the > password_query I think). Or use two login accounts to the same mailbox > maybe but one account is used for travelling and can't access IMAP? > > The important thing here is that if/when the password gets recorded > while logging into Roundcube that it can NOT be used to access my > mailbox from (say) Thunderbird. Also OTP should not be enforced for > the other users (ie: it should be optional). > > Does that clarify? Sorry if I'm all over the place but there doesn't > seem to be a clear/simple way to achieve what I want. Feel free to ask > me more questions and I will try my best to answer so that it > clarifies things. > > Thank you. > > PS: Regarding USB virtual keyboards (like Yubikey), I'd like to avoid > them if possible as you can't always connect a USB device to a machine > in an internet cafe (sometimes they physically lock the USB ports so > they can't be used). > > > On 06/05/2014 08:44, Benjamin Podszun wrote: >> On Tuesday, May 6, 2014 9:26:54 AM CEST, SIW wrote: >>> I haven't considered Yubikey but I was considering this: >>> >>> http://www.s-crib.com/ >>> >>> I'm not sure if these USB virtual keyboards are the best option as >>> some internet cafes won't let you plug in USB devices or you don't >>> have the rights to install it (I know they say it doesn't require >>> drivers but some machines are locked down good) >> >> I'd be surprised if these machines wouldn't support plain USB >> keyboards. Probably the keyboard you'll use at these machines isn't >> PS/2 anymore.. >> >>> From what I have read it sounds like I need to have two passwords >>> for one login...one for Roundcube (with OTP) and one for IMAP >>> access. I think the key to this is to ONLY allow the IMAP password >>> to be used with IMAP and for the Roundcube password (with OTP) to >>> ONLY have access to Roundcube. That way if the Roundcube password >>> gets recorded/keylogged then they can't use it with IMAP. Is this >>> possible? (ie: bind/enforce a particular password to one type of >>> service) >> >> I think you're confused. Take a step back. You came with a ~strange~ >> requirement (see subject, by now you understand that 'disable imap >> for one user' isn't what you want). You provided not enough details >> to proceed and I think you are still not quite sure what you want to >> do here. >> >> The thought process you outline above isn't clear. I _assume_ (note: >> Please confirm/deny) you looked at OTP solutions that are roundcube >> only, i.e. that are implemented in PHP. That'd mean that there's no >> OTP support in your dovecot setup and plain/direct imap connections >> use nothing but your regular password. Furthermore it seems that you >> confuse/mix OTPs with two-factor authentication and assume the latter >> with the Roundcube-only setup I believe to understand above. That is, >> you log in to your Roundcube site with >> - your regular password AND >> - something else (call it OTP) >> >> Only under these circumstances it makes sense that you consider OTPs >> to be broken for your threat model: A keylogger has now your regular >> password and a useless OTP, but needs only the regular password for >> dovecot because the OTP support is bolted on/a hack in the wrong place. >> >> I still think you want OTP support in dovecot itself. It might be >> possible to hack the Roundcube thing (still leaning heavily on my >> assumptions above) to require _just_ a OTP, but that'd require >> Roundcube to be able to login without you transmitting your real >> password. That'd fix the hack for 'someone logged my keys', but isn't >> much of an improvement overall. >> >>> Another option, is it possible to have my main account and use it >>> with IMAP but have a SECOND set of login credentials that I only use >>> for Roundcube but can access my mailbox of the the other account? >> >> Yes, that would be possible and I pointed to a specific part of the >> documentation for that. You could, without too much effort, support >> accounts with multiple passwords, whatever that would be good for. >> >>> I'm still battling with this! >> >> See above: Please reflect a moment, check the facts you provided and >> fill in the missing details. >> From alessio at skye.it Fri May 9 13:02:12 2014 From: alessio at skye.it (Alessio Cecchi) Date: Fri, 09 May 2014 15:02:12 +0200 Subject: [Dovecot] Doveadm sometimes failed "to iterate through some users" after upgrade to 2.2 In-Reply-To: <56D07777-7592-4354-91B1-A43C7BFD6F6B@iki.fi> References: <536C81DE.9080707@skye.it> <56D07777-7592-4354-91B1-A43C7BFD6F6B@iki.fi> Message-ID: <536CD1D4.2060207@skye.it> Il 09/05/2014 11:50, Timo Sirainen ha scritto: > On 9.5.2014, at 10.21, Alessio Cecchi wrote: > >> I'm running every week in cron "doveadm expunge -A mailbox Spam before 30d" and monthly "doveadm quota recalc -A". >> >> After the upgrade to dovecot 2.2.12 (from 2.1.17), "doveadm -A" sometimes exit with this error: >> >> doveadm(user at domain.com): Error: User listing returned failure >> doveadm: Error: Failed to iterate through some users >> # echo $? >> 75 > > This should be fixed in v2.2.13. > Yes, after an upgrade works fine. -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From tss at iki.fi Fri May 9 13:27:26 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 9 May 2014 16:27:26 +0300 Subject: [Dovecot] v2.2.13.rc1 released - signal 11, Segmentation fault. in mail_cache_header_fields_read () In-Reply-To: <536CAF85.4030806@us.edu.pl> References: <536CAF85.4030806@us.edu.pl> Message-ID: On 9.5.2014, at 13.35, Maciej Uhlig wrote: > Timo Sirainen - 2014-05-08 17:37: >> There have been a ton of smaller and some larger changes since v2.2.12, so I thought I'd first make a RC release and the final v2.2.13 tomorrow. Please try it out! > > Actually there were seven identical segfaults for the same user in three minutes: > > Program terminated with signal 11, Segmentation fault. > #0 0x00007f54dc1da4c5 in mail_cache_header_fields_read () from /usr/local/dovecot-2.2.13.rc1/lib/dovecot/libdovecot-storage.so.0 I thought this was fixed already, but I guess not. It would be helpful if you could either a) Enable debug symbols so the backtrace would show exactly where it crashes and/or b) Send me the user's dovecot.index* files so I can try to reproduce the crash. (The .cache file may contain some cached headers and such, so might be problematic.) This probably isn't INBOX but some other folder that crashes. Anyway, the problem is that the dovecot.index.cache file is somewhat broken. Deleting it will fix the crashes. From njriley at illinois.edu Fri May 9 16:20:32 2014 From: njriley at illinois.edu (Nicholas Riley) Date: Fri, 09 May 2014 11:20:32 -0500 Subject: [Dovecot] fts_lucene - hiding lucene-indexes folder? Message-ID: Hi, Is there any way to hide this folder from IMAP clients? I can see it is not runtime configurable and just #defined as LUCENE_INDEX_DIR_NAME in fts-backend-lucene.c. -- Nicholas Riley From patrick at spamreducer.eu Fri May 9 16:55:01 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Fri, 09 May 2014 18:55:01 +0200 Subject: [Dovecot] Strange behavior on with "listescape" and "lda_mailbox_autocreate" - double entries In-Reply-To: <536BBD0C.7090906@sys4.de> References: <536B6DE3.80808@spamreducer.eu> <536B7292.6000508@sys4.de> <536BA38A.3030301@spamreducer.eu> <536BBD0C.7090906@sys4.de> Message-ID: <536D0865.2020508@spamreducer.eu> OK, now I've installed trusty and 2.2.9; problem was resolved! Thank you very much! Vielen Dank! Am 08.05.2014 19:21, schrieb Robert Schetterer: > Am 08.05.2014 17:32, schrieb Patrick De Zordo: >> Dear Robert, hallo Robert (ich spreche Deutsch), >> >> --- dovecot --version --- >> 2.0.19 > thats old, you should upgrade minimum 2.1.17 > > or go trusty, if possible, it has > > 2.2.9 > > or use repo > > http://xi.rename-it.nl/debian/dists/testing-auto/ > > sorry i just have no time to compare your setting to my listescape > setup, but perhaps others may do > > >> -------------------------------- >> >> System: Ubuntu 12.04.4 >> >> --- dovecot -n ------------- >> # 2.0.19: /etc/dovecot/dovecot.conf >> # OS: Linux 3.8.0-29-generic x86_64 Ubuntu 12.04.4 LTS ext4 >> auth_mechanisms = plain login >> dict { >> quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext >> } >> first_valid_uid = 150 >> last_valid_uid = 150 >> lda_mailbox_autocreate = yes >> lda_mailbox_autosubscribe = yes >> mail_gid = mail >> mail_location = maildir:/var/vmail/%d/%n >> mail_plugins = " quota listescape" >> mail_uid = vmail >> namespace { >> inbox = yes >> location = >> prefix = >> separator = / >> subscriptions = yes >> type = private >> } >> passdb { >> args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> } >> plugin { >> autocreate = Trash >> autocreate2 = Sent >> autocreate3 = Drafts >> autosubscribe = Trash >> autosubscribe2 = Sent >> autosubscribe3 = Drafts >> quota = dict:user::proxy::quota >> quota_rule = *:storage=10MB >> quota_rule2 = Trash:storage=+10%% >> quota_warning = storage=95%% quota-warning 95 %u >> quota_warning2 = storage=80%% quota-warning 80 %u >> sieve = ~/.dovecot.sieve >> sieve_dir = ~/sieve >> } >> postmaster_address = postmaster at xx.com >> protocols = " imap pop3" >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener auth-userdb { >> group = mail >> mode = 0600 >> user = vmail >> } >> } >> service dict { >> unix_listener dict { >> group = mail >> mode = 0660 >> user = vmail >> } >> } >> service quota-warning { >> executable = script /usr/local/bin/quota-warning.sh >> unix_listener quota-warning { >> user = vmail >> } >> user = vmail >> } >> ssl_cert = > ssl_key = > userdb { >> args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> } >> protocol lda { >> mail_plugins = " quota listescape quota sieve listescape" >> } >> protocol imap { >> mail_plugins = " quota listescape imap_quota listescape" >> } >> -------------------------------- >> >> Viele Gr??e und vielen Dank! >> Patrick. >> >> Am 08.05.2014 14:03, schrieb Robert Schetterer: >>> Am 08.05.2014 13:43, schrieb Patrick De Zordo: >>>> Hello Guys, >>>> we are using Dovecot since years; all working flawless but one strange >>>> behavior: >>>> >>>> Let me explain.. >>>> >>>> - we have enabled the "listescape" plugin in "15-lda.conf", >>>> "10-mail.conf" and "20-imap.conf". >>>> - we use the following default namespace in "10-mail.conf": >>>> --------------- 10-mail.conf ----------------------------------------- >>>> namespace { >>>> type = private >>>> prefix = >>>> separator = / >>>> inbox = yes >>>> subscriptions = yes >>>> } >>>> ---------------------------------------------------------------------------------------- >>>> >>>> >>>> >>>> - we use a sieve script that automatically generates folders in the >>>> following form (example): >>>> ---------------------------------------------------------------------------------------- >>>> >>>> >>>> ".INBOX.2014.05.patrick.incoming" for user "patrick at xx.com" >>>> ".INBOX.2014.05.patrick.outgoing" for user "patrick at xx.com" >>>> ".INBOX.2014.05.p\2edezordo.incoming" for user "p.dezordo at xx.com" >>>> ---------------------------------------------------------------------------------------- >>>> >>>> >>>> >>>> This is ok, but the automatically generated "subscriptions"-file of the >>>> user contains double lines (the second line is something strange?!); >>>> the second one should not be created, its totally wrong..! >>>> >>>> --------------- subscriptions ----------------------------------------- >>>> Trash >>>> Sent >>>> INBOX.2014.05.patrick.incoming >>>> INBOX.2014.05.patrick.outgoing >>>> INBOX.2014.05.p\2edezordo.incoming >>>> INBOX\2e2014\2e05\2ep\5c2edezordo\2eincoming <----- this line!?!?!? >>>> ---------------------------------------------------------------------------------------- >>>> >>>> >>>> >>>> Have you any ideas whats going on? >>>> Could this be a bug, or misconfiguration? >>>> >>>> Thanks in advance!! >>>> >>>> Greeting from Italy! >>>> Patrick. >>> which version of dove >>> listescape had bugs in the past >>> >>> i.e >>> >>> http://hg.dovecot.org/dovecot-2.1/rev/63af3274fb6f >>> http://hg.dovecot.org/dovecot-2.2/rev/63af3274fb6f >>> http://hg.dovecot.org/dovecot-2.2/rev/fce84463f508 >>> >>> perhaps reread >>> >>> http://wiki2.dovecot.org/Plugins/Listescape >>> >>> post complete dove conf >>> >>> Best Regards >>> MfG Robert Schetterer >>> > > > Best Regards > MfG Robert Schetterer > From rs at sys4.de Fri May 9 17:24:38 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 09 May 2014 19:24:38 +0200 Subject: [Dovecot] fts_lucene - hiding lucene-indexes folder? In-Reply-To: References: Message-ID: <536D0F56.20205@sys4.de> Am 09.05.2014 18:20, schrieb Nicholas Riley: > Hi, > > Is there any way to hide this folder from IMAP clients? I can see it is > not runtime configurable and just #defined as LUCENE_INDEX_DIR_NAME in > fts-backend-lucene.c. > you shouldnt see it, guess you configured something wrong like i.e maildir_stat_dirs=no (default): Assume that all the files beginning with a dot in the maildir are maildirs. You shouldn't have any non-directory files beginning with a dot in the maildirs, but if you do you may need to set this to "yes", in which case Dovecot needs to stat() each directory entry, which degrades the performance. Some filesystems provide the directory/non-directory status for free without having to stat(). In those filesystems this setting is ignored. etc post your full dove conf to give chance for analysis Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From larryrtx at gmail.com Fri May 9 17:27:29 2014 From: larryrtx at gmail.com (Larry Rosenman) Date: Fri, 9 May 2014 12:27:29 -0500 Subject: [Dovecot] fts_lucene - hiding lucene-indexes folder? In-Reply-To: <536D0F56.20205@sys4.de> References: <536D0F56.20205@sys4.de> Message-ID: I'm using mbox, so it DOES show up. thebighonker.lerctr.org /home/ler $ more /tmp/doveconf.n.out # 2.2.12: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-STABLE amd64 auth_default_realm = lerctr.org auth_mechanisms = plain login auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org auth_username_format = %Ln disable_plaintext_auth = no lda_mailbox_autocreate = yes lmtp_save_to_detail_mailbox = yes login_access_sockets = tcpwrap mail_debug = yes mail_location = mbox:~/mail:INBOX=~/mail/INBOX mail_plugins = snarf fts fts_lucene stats mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace Snarf { hidden = yes list = no location = mbox:~/mail:INBOX=/var/mail/%u:INDEX=MEMORY prefix = ~~Snarfbox/ separator = / } namespace archive { hidden = no inbox = no list = no location = mbox:~/MAILARCHIVE prefix = "#ARCHIVE/" separator = / } namespace default { hidden = yes list = no location = prefix = ~~default/ separator = / } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox INBOX { auto = create } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = failure_show_msg=yes session=yes max_requests=20 driver = pam } plugin { fts = lucene fts_lucene = whitespace_chars=@. normalize no_snowball mbox_snarf = ~/mail/INBOX sieve = ~/.dovecot.sieve sieve_dir = ~/sieve snarf = ~~Snarfbox/INBOX stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 5s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } service auth { unix_listener auth-client { mode = 0666 } unix_listener auth-master { mode = 0666 } } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0666 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } ssl_cert = wrote: > Am 09.05.2014 18:20, schrieb Nicholas Riley: > > Hi, > > > > Is there any way to hide this folder from IMAP clients? I can see it is > > not runtime configurable and just #defined as LUCENE_INDEX_DIR_NAME in > > fts-backend-lucene.c. > > > > you shouldnt see it, guess you configured something wrong like > > i.e > > maildir_stat_dirs=no (default): Assume that all the files beginning with > a dot in the maildir are maildirs. You shouldn't have any non-directory > files beginning with a dot in the maildirs, but if you do you may need > to set this to "yes", in which case Dovecot needs to stat() each > directory entry, which degrades the performance. Some filesystems > provide the directory/non-directory status for free without having to > stat(). In those filesystems this setting is ignored. > > etc > > post your full dove conf to give chance for analysis > > > > Best Regards > MfG Robert Schetterer > > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstra?e 15, 81669 M?nchen > > Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 From rs at sys4.de Fri May 9 17:28:11 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 09 May 2014 19:28:11 +0200 Subject: [Dovecot] Strange behavior on with "listescape" and "lda_mailbox_autocreate" - double entries In-Reply-To: <536D0865.2020508@spamreducer.eu> References: <536B6DE3.80808@spamreducer.eu> <536B7292.6000508@sys4.de> <536BA38A.3030301@spamreducer.eu> <536BBD0C.7090906@sys4.de> <536D0865.2020508@spamreducer.eu> Message-ID: <536D102B.9060208@sys4.de> Am 09.05.2014 18:55, schrieb Patrick De Zordo: > OK, > now I've installed trusty and 2.2.9; problem was resolved! > > Thank you very much! > Vielen Dank! good to hear ,its resolved for you so i was right , listescape was broken in some releases, but i forgot exact version numbers Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Fri May 9 17:38:05 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 09 May 2014 19:38:05 +0200 Subject: [Dovecot] fts_lucene - hiding lucene-indexes folder? In-Reply-To: References: <536D0F56.20205@sys4.de> Message-ID: <536D127D.7060706@sys4.de> Am 09.05.2014 19:27, schrieb Larry Rosenman: > I'm using mbox, so it DOES show up. > > thebighonker.lerctr.org /home/ler $ > more /tmp/doveconf.n.out > > # 2.2.12: /usr/local/etc/dovecot/dovecot.conf > > # OS: FreeBSD 10.0-STABLE amd64 > > auth_default_realm = lerctr.org > > auth_mechanisms = plain login > > auth_realms = lerctr.org thebighonker.lerctr.org > tbh.lerctr.org > > auth_username_format = %Ln > > disable_plaintext_auth = no > > lda_mailbox_autocreate = yes > > lmtp_save_to_detail_mailbox = yes > > login_access_sockets = tcpwrap > > mail_debug = yes > > mail_location = mbox:~/mail:INBOX=~/mail/INBOX > > mail_plugins = snarf fts fts_lucene stats > > mail_privileged_group = mail > > managesieve_notify_capability = mailto > > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date ihave > > namespace Snarf { > > hidden = yes > > list = no > > location = mbox:~/mail:INBOX=/var/mail/%u:INDEX=MEMORY > > prefix = ~~Snarfbox/ > > separator = / > > } > > namespace archive { > > hidden = no > > inbox = no > > list = no > > location = mbox:~/MAILARCHIVE > > prefix = "#ARCHIVE/" > > separator = / > > } > > namespace default { > > hidden = yes > > list = no > > location = > > prefix = ~~default/ > > separator = / > > } > > namespace inbox { > > inbox = yes > > location = > > mailbox Drafts { > > special_use = \Drafts > > } > > mailbox INBOX { > > auto = create > > } > > mailbox Junk { > > special_use = \Junk > > } > > mailbox Sent { > > special_use = \Sent > > } > > mailbox "Sent Messages" { > > special_use = \Sent > > } > > mailbox Trash { > > special_use = \Trash > > } > > prefix = > > } > > passdb { > > args = failure_show_msg=yes session=yes max_requests=20 > > driver = pam > > } > > plugin { > > fts = lucene > > fts_lucene = whitespace_chars=@. normalize no_snowball > > mbox_snarf = ~/mail/INBOX > > sieve = ~/.dovecot.sieve > > sieve_dir = ~/sieve > > snarf = ~~Snarfbox/INBOX > > stats_command_min_time = 1 mins > > stats_domain_min_time = 12 hours > > stats_ip_min_time = 12 hours > > stats_memory_limit = 16 M > > stats_refresh = 5s > > stats_session_min_time = 15 mins > > stats_track_cmds = yes > > stats_user_min_time = 1 hours > > } > > service auth { > > unix_listener auth-client { > > mode = 0666 > > } > > unix_listener auth-master { > > mode = 0666 > > } > > } > > service stats { > > chroot = empty > > client_limit = 0 > > drop_priv_before_exec = no > > executable = stats > > extra_groups = > > fifo_listener stats-mail { > > group = > > mode = 0666 > > user = > > } > > group = > > idle_kill = 4294967295 secs > > privileged_group = > > process_limit = 1 > > process_min_avail = 0 > > protocol = > > service_count = 0 > > type = > > unix_listener stats { > > group = > > mode = 0666 > > user = > > } > > user = $default_internal_user > > vsz_limit = 18446744073709551615 B > > } > > service tcpwrap { > > unix_listener login/tcpwrap { > > group = $default_login_user > > mode = 0600 > > user = $default_login_user > > } > > } > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > protocol imap { > > imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags > > mail_max_userip_connections = 50 > > mail_plugins = snarf fts fts_lucene stats imap_stats > > } i am not using mbox , didnt analyse your conf very deeply but my bet is ,your namespace and/or directory layout setup is the problem perhaps reread http://wiki2.dovecot.org/MboxChildFolders?highlight=%28index%29 http://wiki2.dovecot.org/Plugins/FTS/Lucene Requires Dovecot v2.1+ to work properly. The CLucene version must be v2.3 (not v0.9). Dovecot builds only a single Lucene index for all mailboxes. The Lucene indexes are stored in lucene-indexes/ directory under the mail root index directory (e.g. ~/Maildir/lucene-indexes/). so perhaps you need configure index directory seperate/extra setting etc > > thebighonker.lerctr.org /home/ler $ > > > > On Fri, May 9, 2014 at 12:24 PM, Robert Schetterer > wrote: > > Am 09.05.2014 18:20, schrieb Nicholas Riley: > > Hi, > > > > Is there any way to hide this folder from IMAP clients? I can see > it is > > not runtime configurable and just #defined as LUCENE_INDEX_DIR_NAME in > > fts-backend-lucene.c. > > > > you shouldnt see it, guess you configured something wrong like > > i.e > > maildir_stat_dirs=no (default): Assume that all the files beginning with > a dot in the maildir are maildirs. You shouldn't have any non-directory > files beginning with a dot in the maildirs, but if you do you may need > to set this to "yes", in which case Dovecot needs to stat() each > directory entry, which degrades the performance. Some filesystems > provide the directory/non-directory status for free without having to > stat(). In those filesystems this setting is ignored. > > etc > > post your full dove conf to give chance for analysis > > > > Best Regards > MfG Robert Schetterer > > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > > Franziskanerstra?e 15, 81669 M?nchen > > Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein > > > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > > US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From gfinch at ldmltd.ca Fri May 9 18:30:34 2014 From: gfinch at ldmltd.ca (Gregory Finch) Date: Fri, 09 May 2014 11:30:34 -0700 Subject: [Dovecot] fts_lucene - hiding lucene-indexes folder? - or make it configurable In-Reply-To: <536D127D.7060706@sys4.de> References: <536D0F56.20205@sys4.de> <536D127D.7060706@sys4.de> Message-ID: <536D1ECA.8030503@ldmltd.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-05-09 10:38 AM, Robert Schetterer wrote: > Am 09.05.2014 19:27, schrieb Larry Rosenman: >> I'm using mbox, so it DOES show up. >> - --snip-- >> } > > i am not using mbox , didnt analyse your conf very deeply > but my bet is ,your namespace and/or directory layout setup is the problem > > > perhaps reread > > http://wiki2.dovecot.org/MboxChildFolders?highlight=%28index%29 > > http://wiki2.dovecot.org/Plugins/FTS/Lucene > > Requires Dovecot v2.1+ to work properly. The CLucene version must be > v2.3 (not v0.9). Dovecot builds only a single Lucene index for all > mailboxes. The Lucene indexes are stored in lucene-indexes/ directory > under the mail root index directory (e.g. ~/Maildir/lucene-indexes/). > > so perhaps you need configure index directory seperate/extra setting etc > >> >> thebighonker.lerctr.org /home/ler $ >> >> >> >> On Fri, May 9, 2014 at 12:24 PM, Robert Schetterer > > wrote: >> >> Am 09.05.2014 18:20, schrieb Nicholas Riley: >> > Hi, >> > >> > Is there any way to hide this folder from IMAP clients? I can see >> it is >> > not runtime configurable and just #defined as LUCENE_INDEX_DIR_NAME in >> > fts-backend-lucene.c. >> > >> >> you shouldnt see it, guess you configured something wrong like >> >> i.e >> >> maildir_stat_dirs=no (default): Assume that all the files beginning with >> a dot in the maildir are maildirs. You shouldn't have any non-directory >> files beginning with a dot in the maildirs, but if you do you may need >> to set this to "yes", in which case Dovecot needs to stat() each >> directory entry, which degrades the performance. Some filesystems >> provide the directory/non-directory status for free without having to >> stat(). In those filesystems this setting is ignored. >> >> etc >> >> post your full dove conf to give chance for analysis >> >> >> >> Best Regards >> MfG Robert Schetterer >> >> -- >> [*] sys4 AG >> >> http://sys4.de, +49 (89) 30 90 46 64 >> >> Franziskanerstra?e 15, 81669 M?nchen >> >> Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 >> Vorstand: Patrick Ben Koetter, Marc Schiffbauer >> Aufsichtsratsvorsitzender: Florian Kirstein >> >> >> >> >> -- >> Larry Rosenman http://www.lerctr.org/~ler >> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >> >> US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 > > > > Best Regards > MfG Robert Schetterer > This is the same question I asked the list last week. There is no configuration directive listed on either of the two wiki pages you linked to above. My system is using Maildir with LAYOUT=fs, and my clients see the lucene-indexes folder as well, although it is not selectable. My ideal case would be to move it to the home directory instead of the mail root directory, but I think the best option would be for it to be configurable similar to INDEXes, etc. I can make an attempt at a patch, but it will take me a while to get up to speed on dovecot sources... Thank you, Greg -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTbR7KAAoJECD7Htp+IT9e07cQALtJ8IHANrjWS54p1dpY/zfC GOKVS0gJuODcusJJXwOxwQxrCq74VRuxL07dp7myVfP+ZZybrHKYzb5nT12HGc5v fdb72aeBXdXXNfAIWdm82Jcbz8nbpwZQm3IK1G2+dUqkDRygb0muVrvCjbx5HV8G ub7kxMHTyMifbfq88eiAHfg1qINQBRxeECtDMgyyOpCrc4yu8yPZ7E7fDNLuheY4 WROBLMAeHyfcf+nIIcVVpIYKM0C69J6wWh14uz3zKayK2TNoGu6J0TYtAT+ImCdx dEUWiMbWqjfBMOCpW0Dyv8fy7wRMM4q/XTjc7AuWYNiM+hjzZfJ1ysdD+VTlIG8i r3m68YQPhfbnwr8608H2ZlvI1rzo6duxvSusi5OlmaF6FA/twz+w8EG7DhqqSodf 8eSVk2E426E2sXCBt7h0QaE9jBLUUgk1C0pHGvulpLJ3hGAOuMybqWx7d6LCNUFj LHpzP5aLXBaPtphiniBe3jt8foyVuTNxAYXAKr/g03Y3HRTcLLLwrIY/BW3yROIH u/XcqsPGzSc2xsiLAdVjJZbfv62EkTtj/VkwL6Z/JXXEsXy4IEYlYOM/AaUW3A6+ zKsZT27DTZ71SxmkIVtUq9jRnBGCJ1nMymkMEvzc3wkWeQ63VcnMEJK/DuQ18iGX MiJ3OdwCGpjk8Vus4H4m =NwOy -----END PGP SIGNATURE----- From stephan at rename-it.nl Fri May 9 19:14:30 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Fri, 09 May 2014 21:14:30 +0200 Subject: [Dovecot] v2.2.13.rc1 vs. Pigeonhole In-Reply-To: <536C4972.2010107@mohtex.net> References: <536C4972.2010107@mohtex.net> Message-ID: <536D2916.3040504@rename-it.nl> On 5/9/2014 5:20 AM, Tamsy wrote: > Server: Ubuntu 10.04 LTS 32bit > > There seems to be an incompatibility when compiling Pigeonhole against > Dovecot v2.2.13.rc1. > # make check > with Pigeonhole throws up the following error message: > > > Test case: ./tests/extensions/editheader/addheader.svtest: > > 1: Test 'Addheader - first' SUCCEEDED > 2: Test 'Addheader - last' SUCCEEDED > 3: Test 'Addheader - framed' SUCCEEDED > 4: Test 'Addheader - folded' SUCCEEDED > 5: Test 'Addheader - newlines' FAILED: wrong first header content in > redirected mail > 6: Test 'Addheader - implicit keep' SUCCEEDED > 7: Test 'Addheader - UTF 8' SUCCEEDED > 8: Test 'Addheader - devious characters' SUCCEEDED > > FAIL: 1 of 8 tests failed. > > I tried this with the latest Pigeonhole from Mercurial: > - dovecot-2-2-pigeonhole-3b6917a4807c > and also with the older: > - dovecot-2-2-pigeonhole-e111a2393a92 > > Both versions are quitting during "make check" with the same error when > compiling against dovecot-2.2.13.rc1. > Compiling those versions against dovecot-2.2.12 is going without errors > though. The cause of the problem is found. Will be fixed tomorrow probably. Regards, Stephan. From sebastian at goodrick.ch Fri May 9 19:57:06 2014 From: sebastian at goodrick.ch (Sebastian Goodrick) Date: Fri, 09 May 2014 21:57:06 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536CCCC3.4070409@thelounge.net> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <536CC9DC.1020800@goodrick.ch> <536CCCC3.4070409@thelounge.net> Message-ID: <536D3312.3020603@goodrick.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09.05.2014 14:40, Reindl Harald wrote: >> For any reason I don't understand, there are ciphers listed twice >> in the old OpenSSL version but also once in the new version: >> EXP-RC2-CBC-MD5, EXP-RC4-MD5, RC4-MD5 > EXP-RC4-MD5 != RC4-MD5 Obviously. But what is the point of listing both of them twice in OpenSSL 0.9.8g? > ssl_prefer_server_ciphers = yes This setting is not supported in 2.1.7 (as shipped with Debian Weezy) > ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2 I > just gave this cipher list a try, but it didn't change the behaviour for Win8/Outlook 2013. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNtMxIACgkQR7+YB0QzbnpkIgCgm2ci41+tcRtihFP8053gM9Tw WKoAn1DB8stwnqZpZnZqAuQTgZ3Uoaua =e8uB -----END PGP SIGNATURE----- From rs at sys4.de Fri May 9 20:13:18 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 09 May 2014 22:13:18 +0200 Subject: [Dovecot] fts_lucene - hiding lucene-indexes folder? - or make it configurable In-Reply-To: <536D1ECA.8030503@ldmltd.ca> References: <536D0F56.20205@sys4.de> <536D127D.7060706@sys4.de> <536D1ECA.8030503@ldmltd.ca> Message-ID: <536D36DE.5070809@sys4.de> Am 09.05.2014 20:30, schrieb Gregory Finch: > On 2014-05-09 10:38 AM, Robert Schetterer wrote: >> Am 09.05.2014 19:27, schrieb Larry Rosenman: >>> I'm using mbox, so it DOES show up. >>> > > --snip-- > >>> } > >> i am not using mbox , didnt analyse your conf very deeply >> but my bet is ,your namespace and/or directory layout setup is the problem > > >> perhaps reread > >> http://wiki2.dovecot.org/MboxChildFolders?highlight=%28index%29 > >> http://wiki2.dovecot.org/Plugins/FTS/Lucene > >> Requires Dovecot v2.1+ to work properly. The CLucene version must be >> v2.3 (not v0.9). Dovecot builds only a single Lucene index for all >> mailboxes. The Lucene indexes are stored in lucene-indexes/ directory >> under the mail root index directory (e.g. ~/Maildir/lucene-indexes/). > >> so perhaps you need configure index directory seperate/extra setting etc > >>> >>> thebighonker.lerctr.org /home/ler $ >>> >>> >>> >>> On Fri, May 9, 2014 at 12:24 PM, Robert Schetterer >> > wrote: >>> >>> Am 09.05.2014 18:20, schrieb Nicholas Riley: >>> > Hi, >>> > >>> > Is there any way to hide this folder from IMAP clients? I can see >>> it is >>> > not runtime configurable and just #defined as LUCENE_INDEX_DIR_NAME in >>> > fts-backend-lucene.c. >>> > >>> >>> you shouldnt see it, guess you configured something wrong like >>> >>> i.e >>> >>> maildir_stat_dirs=no (default): Assume that all the files beginning with >>> a dot in the maildir are maildirs. You shouldn't have any non-directory >>> files beginning with a dot in the maildirs, but if you do you may need >>> to set this to "yes", in which case Dovecot needs to stat() each >>> directory entry, which degrades the performance. Some filesystems >>> provide the directory/non-directory status for free without having to >>> stat(). In those filesystems this setting is ignored. >>> >>> etc >>> >>> post your full dove conf to give chance for analysis >>> >>> >>> >>> Best Regards >>> MfG Robert Schetterer >>> >>> -- >>> [*] sys4 AG >>> >>> http://sys4.de, +49 (89) 30 90 46 64 >>> >>> Franziskanerstra?e 15, 81669 M?nchen >>> >>> Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 >>> Vorstand: Patrick Ben Koetter, Marc Schiffbauer >>> Aufsichtsratsvorsitzender: Florian Kirstein >>> >>> >>> >>> >>> -- >>> Larry Rosenman http://www.lerctr.org/~ler >>> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >>> >>> US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 > > > >> Best Regards >> MfG Robert Schetterer > > > > This is the same question I asked the list last week. There is no > configuration directive listed on either of the two wiki pages you > linked to above. My system is using Maildir with LAYOUT=fs, and my > clients see the lucene-indexes folder as well, although it is not > selectable. > > My ideal case would be to move it to the home directory instead of the > mail root directory, but I think the best option would be for it to be > configurable similar to INDEXes, etc. > > I can make an attempt at a patch, but it will take me a while to get up > to speed on dovecot sources... > > Thank you, Hi Greg ,sounds plausible to me, you should contact Timo about this > > Greg > > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Fri May 9 20:49:59 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 09 May 2014 22:49:59 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536D3312.3020603@goodrick.ch> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <536CC9DC.1020800@goodrick.ch> <536CCCC3.4070409@thelounge.net> <536D3312.3020603@goodrick.ch> Message-ID: <536D3F77.7020707@thelounge.net> Am 09.05.2014 21:57, schrieb Sebastian Goodrick: > On 09.05.2014 14:40, Reindl Harald wrote: >>> For any reason I don't understand, there are ciphers listed twice >>> in the old OpenSSL version but also once in the new version: >>> EXP-RC2-CBC-MD5, EXP-RC4-MD5, RC4-MD5 >> EXP-RC4-MD5 != RC4-MD5 > Obviously. But what is the point of listing both of them twice in > OpenSSL 0.9.8g? > >> ssl_prefer_server_ciphers = yes > This setting is not supported in 2.1.7 (as shipped with Debian Weezy) > >> ssl_cipher_list = >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2 > I > > just gave this cipher list a try, but it didn't change the behaviour > for Win8/Outlook 2013. > > -- Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofm?hlgasse 17 CTO / CISO / Software-Development m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From henri at nerv.fi Fri May 9 21:04:47 2014 From: henri at nerv.fi (Henri Salo) Date: Sat, 10 May 2014 00:04:47 +0300 Subject: [Dovecot] [Dovecot-news] Denial of Service attacks against Dovecot v1.1+ In-Reply-To: <5FBF2986-1080-4205-82D7-67781BC70F8C@iki.fi> References: <5FBF2986-1080-4205-82D7-67781BC70F8C@iki.fi> Message-ID: <20140509210447.GA18513@kludge.henri.nerv.fi> On Thu, May 08, 2014 at 06:29:27PM +0300, Timo Sirainen wrote: > There's an upper limit to how many IMAP/POP3 connections can exist that haven't logged in (and separate limits for post-login). Normally when this limit is reached, the oldest connection gets disconnected. There is of course some potential to try to DoS Dovecot by doing a lot of IMAP/POP3 connections, but because the oldest connection always gets destroyed this requires quite a lot of activity from the attacker. > > This "destroy oldest connection" however hasn't been working in v1.1+ releases for connections that have started SSL/TLS handshake, but haven't finished it. So an attacker could just do a bunch of TCP connections to port 993 and leave them hanging around and Dovecot would pretty quickly reach the upper limit without being able to disconnect any of the oldest connections. > > Here are patches to fix this: > > http://hg.dovecot.org/dovecot-2.2/rev/41622541a7a3 > http://hg.dovecot.org/dovecot-2.1/rev/b7ac23b4d339 > http://hg.dovecot.org/dovecot-2.0/rev/48f90e7e92dc > http://hg.dovecot.org/dovecot-1.2/rev/8ba4253adc9b > http://hg.dovecot.org/dovecot-1.1/rev/fe0e6550585c > > The fix will be in v2.2.13. Maybe also in v2.1.18 if I decide to release it. For older releases you need to patch it yourself. > > For people who are using dovecot-ee releases the fix is also in v2.2.12.12 and v2.1.7.7 releases. Please use CVE-2014-3430 for this issue. --- Henri Salo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From sebastian.schlingmann at web.de Fri May 9 22:44:41 2014 From: sebastian.schlingmann at web.de (Sebastian Schlingmann) Date: Sat, 10 May 2014 00:44:41 +0200 Subject: [Dovecot] Only part of sieve script works Message-ID: <20140510004441.30287b51@web.de> Hi, I am using Dovecot 2.2.11 with Pigeonhole on Arch Linux. I have a partly working sieve script (pasted to the end of this mail) which sorts mail into various imap folders. The first, third and fourth if blocks work just fine. The second and fifth block do not sort any mails. However, if I apply the script with sieve-test to mails the second and fifth block seem to work. How is the manual check with sieve-test different from the sieve filtering during mail delivery? I am thankful for any hints. Sebastian this is the sieve script I am talking about require "fileinto"; # Musik wegsortieren if anyof ( header :comparator "i;ascii-casemap" :contains "Subject" "Mixing.DJ", header :comparator "i;ascii-casemap" :contains "Subject" "John B", header :comparator "i;ascii-casemap" :contains "Subject" "FLOSS Weekly", header :comparator "i;ascii-casemap" :contains "Subject" "BrainStuff", header :comparator "i;ascii-casemap" :contains "Subject" "Nerdy Show", header :comparator "i;ascii-casemap" :contains "Subject" ["My Brother", " My Brother And Me"], header :comparator "i;ascii-casemap" :contains "Subject" "MoJoMenace", header :comparator "i;ascii-casemap" :contains "Subject" "GWJ Conference Call", header :comparator "i;ascii-casemap" :contains "Subject" "Welcome to Night Vale", header :comparator "i;ascii-casemap" :contains "Subject" "International Waters" ) { fileinto "Feeds.music"; stop; } # Youtube wegsortieren if address :all :comparator "i;ascii-casemap" :contains "From" "noreply at youtube.com" { fileinto "Feeds.Youtube"; stop; } # Awesomer wegsortieren if header :comparator "i;octet" :contains "Subject" "[The Awesomer]" { fileinto "Feeds.Awesomer"; stop; } # Feeds sortieren if address :all :comparator "i;octet" :contains "From" "sebi+feedmailer at mighty.selfhost.bz" { fileinto "Feeds"; stop; } # AIStA wegsortieren if header :comparator "i;ascii-casemap" :contains "Received" "webmail.awista.net" { fileinto "AIStA"; stop; } From nick.z.edwards at gmail.com Sat May 10 09:49:12 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Sat, 10 May 2014 19:49:12 +1000 Subject: [Dovecot] Only part of sieve script works In-Reply-To: <20140510004441.30287b51@web.de> References: <20140510004441.30287b51@web.de> Message-ID: Whats all the :comparator stuff for? is it because of German-English character translations? In other words do you really need it? Because I can't see why 2 and 5 wont work otherwise (even though I think 5 is pretty broad, matching on any received line) As for 2, locally I use if allof (header :contains "From" "noreply at youtube.com") { fileinto "Youtube"; stop; } On 5/10/14, Sebastian Schlingmann wrote: > Hi, > > I am using Dovecot 2.2.11 with Pigeonhole on Arch Linux. I have a > partly working sieve script (pasted to the end of this mail) which > sorts mail into various imap folders. > The first, third and fourth if blocks work just fine. The second and > fifth block do not sort any mails. > > However, if I apply the script with sieve-test to mails the second and > fifth block seem to work. > > How is the manual check with sieve-test different from the sieve > filtering during mail delivery? > > I am thankful for any hints. > > Sebastian > > this is the sieve script I am talking about > > require "fileinto"; > # Musik wegsortieren > if anyof ( header :comparator "i;ascii-casemap" :contains "Subject" > "Mixing.DJ", header :comparator "i;ascii-casemap" :contains "Subject" > "John B", header :comparator "i;ascii-casemap" :contains "Subject" > "FLOSS Weekly", header :comparator "i;ascii-casemap" :contains > "Subject" "BrainStuff", header :comparator "i;ascii-casemap" :contains > "Subject" "Nerdy Show", header :comparator "i;ascii-casemap" :contains > "Subject" ["My Brother", " My Brother And Me"], header :comparator > "i;ascii-casemap" :contains "Subject" "MoJoMenace", header :comparator > "i;ascii-casemap" :contains "Subject" "GWJ Conference Call", > header :comparator "i;ascii-casemap" :contains "Subject" "Welcome to > Night Vale", header :comparator "i;ascii-casemap" :contains "Subject" > "International Waters" ) { fileinto "Feeds.music"; stop; } > # Youtube wegsortieren > if address :all :comparator > "i;ascii-casemap" :contains "From" "noreply at youtube.com" { fileinto > "Feeds.Youtube"; stop; } > # Awesomer wegsortieren > if header :comparator > "i;octet" :contains "Subject" "[The Awesomer]" { fileinto > "Feeds.Awesomer"; stop; } > # Feeds sortieren > if address :all :comparator > "i;octet" :contains "From" > "sebi+feedmailer at mighty.selfhost.bz" { fileinto "Feeds"; stop; } > # AIStA wegsortieren > if header :comparator "i;ascii-casemap" :contains "Received" > "webmail.awista.net" { fileinto "AIStA"; > stop; > } > From p.heinlein at heinlein-support.de Sat May 10 10:23:49 2014 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sat, 10 May 2014 12:23:49 +0200 Subject: [Dovecot] "doveadm penalty -a" doesn't work? Message-ID: <536DFE35.7010501@heinlein-support.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We're running multiple instances on the same server. While doveadm penalty works: root at host:/etc/dovecot# doveadm penalty IP penalty last_penalty last_update 93.180.xxx.xxx 4 2014-05-10 12:21:08 12:21:08 80.153.xxx.xxx 0 2014-05-10 12:21:12 12:21:12 a seperate anvil-Socket doesn't work at all: root at host:/etc/dovecot# doveadm penalty -a /var/run/dovecot-example/anvil doveadm penalty [-a ] [] It just shows up the help message. (Dovecot 2.2.12) Peer - -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTbf41AAoJEAOLLpq5E82H/h4H/2VpFfrqG+dcW73dS8CAWXVM thWcj5/GKUDaE/MYKsATDmNenlPuKIHsC8+hM7pyB3kfA0d7EDP/aNcaOWdw16XE fq7PSoLWiPJcsTG6ArzyuJMYiCwb2TuFIimFjjlZWVqnB+iAVv0y7ESJ9De/dmzM eE3ct/JmuY+0MrRAKSNdDX/Dbaakh03/JQ3/GvAwYeTFgviCfa3D5hsYCfhDZbPC 2vE3A9D46SqhmrediuWdtnj6rAhYwfjS+77jXaK6NyYru0WtYf9ozgtt5pbb89Hd EKzdNyKdKsZEnQ1ubv7cj5671OwL1ikp/d8tJr3/l4tgRHWf2+BmuGJIoo8AFwE= =2gZD -----END PGP SIGNATURE----- From alb at alnio.ro Sun May 11 08:16:40 2014 From: alb at alnio.ro (Alexandru Bostina) Date: Sun, 11 May 2014 11:16:40 +0300 Subject: [Dovecot] dovecot 2.2.9 - ssl_cert and ssl_key ignored Message-ID: <536F31E8.3060607@alnio.ro> Hello, It seems that Dovecot ignores the new /ssl_cert and ssl_key /settings. Using them in the dovecot configuration results in the error: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY] Using the old /ssl_//cert//_file/ and /ssl_key_file/ results in their being obsolete warning but no fatal error. -------------- next part -------------- # 2.2.9: /etc/dovecot/dovecot.conf doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:107: ssl_cert_file has been replaced by ssl_cert = References: <536F31E8.3060607@alnio.ro> Message-ID: <536F3B9F.7070700@myzel.net> Am 2014-05-11 10:16, schrieb Alexandru Bostina: > Hello, > > It seems that Dovecot ignores the new /ssl_cert and ssl_key /settings. > > Using them in the dovecot configuration results in the error: > Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM > routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY] > Does the file read something like this in the first line? > -----BEGIN RSA PRIVATE KEY----- -- peter From alb at alnio.ro Sun May 11 09:04:16 2014 From: alb at alnio.ro (Alexandru Bostina) Date: Sun, 11 May 2014 12:04:16 +0300 Subject: [Dovecot] dovecot 2.2.9 - ssl_cert and ssl_key ignored In-Reply-To: <536F3B9F.7070700@myzel.net> References: <536F31E8.3060607@alnio.ro> <536F3B9F.7070700@myzel.net> Message-ID: <536F3D10.1060609@alnio.ro> Yes, it does. But I mentioned that just using the old settings (ssl_key_file) works (with the same certificate and key). *From:* Peter Chiochetti *Sent:* Sunday, May 11, 2014 11:58AM *To:* Alexandru Bostina , Dovecot *Subject:* Re: [Dovecot] dovecot 2.2.9 - ssl_cert and ssl_key ignored > Am 2014-05-11 10:16, schrieb Alexandru Bostina: > > Hello, > > > > It seems that Dovecot ignores the new /ssl_cert and ssl_key /settings. > > > > Using them in the dovecot configuration results in the error: > > Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM > > routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY] > > > > Does the file read something like this in the first line? > > > -----BEGIN RSA PRIVATE KEY----- > From alb at alnio.ro Sun May 11 09:14:33 2014 From: alb at alnio.ro (Alexandru Bostina) Date: Sun, 11 May 2014 12:14:33 +0300 Subject: [Dovecot] dovecot 2.2.9 - ssl_cert and ssl_key ignored In-Reply-To: <536F3D10.1060609@alnio.ro> References: <536F31E8.3060607@alnio.ro> <536F3B9F.7070700@myzel.net> <536F3D10.1060609@alnio.ro> Message-ID: <536F3F79.9090504@alnio.ro> Nevermind, I think I found the problem. It seems that Ubuntu's default settings for Dovecot are wrong, they lack the "<" character before the certificate/key path. So either of the following works: ssl_cert_file = /dat/etc/ssl/certs/server.crt ssl_key_file = /dat/etc/ssl/private/server.key or ssl_cert = *Sent:* Sunday, May 11, 2014 12:04PM *To:* Peter Chiochetti , Dovecot *Subject:* Re: [Dovecot] dovecot 2.2.9 - ssl_cert and ssl_key ignored > Yes, it does. > But I mentioned that just using the old settings (ssl_key_file) works > (with the same certificate and key). > *From:* Peter Chiochetti > *Sent:* Sunday, May 11, 2014 11:58AM > *To:* Alexandru Bostina, Dovecot > > *Subject:* Re: [Dovecot] dovecot 2.2.9 - ssl_cert and ssl_key ignored > > Am 2014-05-11 10:16, schrieb Alexandru Bostina: > > > Hello, > > > > > > It seems that Dovecot ignores the new /ssl_cert and ssl_key /settings. > > > > > > Using them in the dovecot configuration results in the error: > > > Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM > > > routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY] > > > > > > > Does the file read something like this in the first line? > > > > > -----BEGIN RSA PRIVATE KEY----- > > From CMarcus at Media-Brokers.com Sun May 11 12:59:54 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sun, 11 May 2014 08:59:54 -0400 Subject: [Dovecot] dovecot 2.2.9 - ssl_cert and ssl_key ignored In-Reply-To: <536F3F79.9090504@alnio.ro> References: <536F31E8.3060607@alnio.ro> <536F3B9F.7070700@myzel.net> <536F3D10.1060609@alnio.ro> <536F3F79.9090504@alnio.ro> Message-ID: <536F744A.9060007@Media-Brokers.com> On 5/11/2014 5:14 AM, Alexandru Bostina wrote: > Nevermind, I think I found the problem. > > It seems that Ubuntu's default settings for Dovecot are wrong, they > lack the "<" character before the certificate/key path. > So either of the following works: > ssl_cert_file = /dat/etc/ssl/certs/server.crt > ssl_key_file = /dat/etc/ssl/private/server.key > or > ssl_cert = ssl_key = References: <1399488262009-47853.post@n4.nabble.com> <536A80F3.2050702@thelounge.net> <1399571990082-47898.post@n4.nabble.com> <536BCB79.8070403@enas.net> Message-ID: <1399823773208-47948.post@n4.nabble.com> Solve. Realy "ls -lh /etc |grep dovecot" show I do not understand how to put such rights, set it works, thanks for all -- View this message in context: http://dovecot.2317879.n4.nabble.com/LDA-can-t-read-dovecot-conf-tp47853p47948.html Sent from the Dovecot mailing list archive at Nabble.com. From bov at bsdpanic.com Sun May 11 15:57:32 2014 From: bov at bsdpanic.com (SIW) Date: Sun, 11 May 2014 16:57:32 +0100 Subject: [Dovecot] ECDSA certificate support Message-ID: <536F9DEC.3070600@bsdpanic.com> Does the latest version of Dovecot support ECDSA certificates? I had a look in: http://wiki2.dovecot.org/SSL but it didn't answer my question. Can someone please help or point me in the right direction? I'd also like to know if I can run an RSA cert AND an ECDSA certificate at the same time in Dovecot (like you can in Postfix). Many thanks. From andreasm at anup.de Sun May 11 17:07:52 2014 From: andreasm at anup.de (Andreas Meyer) Date: Sun, 11 May 2014 19:07:52 +0200 Subject: [Dovecot] questions about process_limit Message-ID: <20140511190752.35558ff3@itxbox.bitcorner.intern> Hello all! # dovecot --version 2.1.17 Sometimes I have this in the logfile: May 11 16:55:52 master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped May 11 17:35:03 master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped May 11 17:36:27 master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped I then put this in the dovecot.conf service imap-login { service_count = 1 process_min_avail = 50 #process_limit = $default_process_limit process_limit = 10000 vsz_limit = 64M } and get this: May 11 18:19:36 master: Info: Dovecot v2.1.17 starting up (core dumps disabled) May 11 18:19:36 config: Warning: service auth { client_limit=1000 } is lower than required under max. load (10300) May 11 18:19:36 config: Warning: service anvil { client_limit=1000 } is lower than required under max. load (10203) Puting this in: service auth { client_limit = 10300 unix_listener auth-userdb { mode = 0666 user = vmail group = vmail } } service anvil { client_limit = 10300 } I get this: May 11 18:27:37 delta.bitcorner.eu dovecot[3989]: Warning: fd limit (ulimit -n) is lower than required under max. load (1024 < 10300), because of service auth { client_limit } I have also seen this today: May 11 13:14:05 log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) May 11 13:14:05 auth: Error: read(anvil-auth-penalty) failed: EOF May 11 13:14:05 auth: Error: net_connect_unix(anvil-auth-penalty) failed: Permission denied What is the best way to avoid this process_limit errors and configure dovecot the best way? Greetings Andreas From tss at iki.fi Sun May 11 19:19:44 2014 From: tss at iki.fi (Timo Sirainen) Date: Sun, 11 May 2014 22:19:44 +0300 Subject: [Dovecot] "doveadm penalty -a" doesn't work? In-Reply-To: <536DFE35.7010501@heinlein-support.de> References: <536DFE35.7010501@heinlein-support.de> Message-ID: <863A9078-992F-4EF9-8E6D-71594BC63EC9@iki.fi> On 10.5.2014, at 13.23, Peer Heinlein wrote: > We're running multiple instances on the same server. > > While doveadm penalty works: > > root at host:/etc/dovecot# doveadm penalty > IP penalty last_penalty last_update > 93.180.xxx.xxx 4 2014-05-10 12:21:08 12:21:08 > 80.153.xxx.xxx 0 2014-05-10 12:21:12 12:21:12 > > a seperate anvil-Socket doesn't work at all: > > > root at host:/etc/dovecot# doveadm penalty -a /var/run/dovecot-example/anvil > doveadm penalty [-a ] [] > > It just shows up the help message. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/2ea729128dbe From tss at iki.fi Sun May 11 19:37:38 2014 From: tss at iki.fi (Timo Sirainen) Date: Sun, 11 May 2014 22:37:38 +0300 Subject: [Dovecot] v2.2.13 released Message-ID: http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz.sig A few minor changes since v2.2.13.rc1, mainly making the Pigeonhole tests pass. * Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging arond for a long time. (Affected Dovecot v1.1+) + mdbox: Added mdbox_purge_preserve_alt setting to keep the file within alt storage during purge. (Should become enforced in v2.3.0?) + fts: Added support for parsing attachments via Apache Tika. Enable with: plugin { fts_tika = http://tikahost:9998/tika/ } + virtual plugin: Delay opening backend mailboxes until it's necessary. This requires mailbox_list_index=yes to work. (Currently IMAP IDLE command still causes all backend mailboxes to be opened.) + mail_never_cache_fields=* means now to disable all caching. This may be a useful optimization as doveadm/dsync parameter for some admin tasks which shouldn't really update the cache file. + IMAP: Return SPECIAL-USE flags always for LSUB command. - pop3 server was still crashing in v2.2.12 with some settings - maildir: Various fixes and improvements to handling compressed mails, especially when they have broken/missing S=sizes in filenames. - fts-lucene, fts-solr: Fixed crash on search when the index contained duplicate entries. - Many fixes and performance improvements to dsync and replication - director was somewhat broken when there were exactly two directors in the ring. It caused errors about "weak users" getting stuck. - mail_attachment_dir: Attachments with the last base64-encoded line longer than the rest wasn't handled correctly. - IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+ - acl: Global ACL file handling was broken when multiple entries matched the mailbox name. (Only the first entry was used.) From jkonczak at astronet.pl Sun May 11 14:56:26 2014 From: jkonczak at astronet.pl (Jan =?utf-8?B?S2/FhGN6YWs=?=) Date: Sun, 11 May 2014 16:56:26 +0200 Subject: [Dovecot] Segfault with passwd as a second userdb at auth_fields_rollback Message-ID: <4108500.akylJ3BK2M@imladris> Hello, I've been trying to set up dovecot to support passwd-file + passwd/PAM auth. I made an unusual config (passwd-file as userdb failed to work for me), which uses static as userdb: =============== passdb { driver = passwd-file args = username_format=%u scheme=CRYPT /etc/dovecot/users } userdb { driver = static default_fields = uid=vmail gid=vmail home=/var/spool/mail/%d/%n } passdb { driver = pam } userdb { driver = passwd } =============== While passwd-file+static worked well, passwd/PAM caused trouble: $ doveadm user xxx doveadm(root): Error: userdb lookup(xxx): Disconnected unexpectedly field value If passwd-file had the user, check went fine; otherwise it segfaulted. The crash has been accompanied by a syslog message: kernel: auth[9788]: segfault at 18 ip 0000000000416391 sp 00007fffd11a3d90 error 4 in auth[400000+44000] Translating address lead me to: 0000000000416390 : 416390: 53 push %rbx 416391: 48 83 7f 18 00 cmpq $0x0,0x18(%rdi) I was using packages from http://packages.atrpms.net/dist/el6/dovecot/ To be precise, dovecot-2.2.10-1_14.el6.x86_64.rpm I tampered with the src.rpm, upgraded spec&sources to match 2.2.12. It didn't help, so I tries to "workaround" this. The bug has gone when in src/auth/auth-fields.c:210 I added check if the field ptr is not null. As it's a userdb query, it seems that for some reason (static?) in src/auth/auth-request.c:1058 the function auth_fields_rollback is called with null request->userdb_reply Now it works fine: $ doveadm user xxx field value uid 1000 gid 100 home /home/xxx mail maildir:~/.maildir system_groups_user xxx $ doveadm user jkonczak at ast... field value uid 103 gid 103 home /var/spool/mail/ast.../jkonczak mail maildir:~/.maildir So now virtual users get vmail uid/gid, system users get their uid/gid, home is fine etc. Below I attach the patch + full config. Regards, Jan Ko?czak =============================================== $ cat SOURCES/dovecot-2.2.12-auth_fields_rollback-nullptr_check.patch --- src/auth/auth-fields.c.orig 2014-05-11 16:17:49.755258666 +0200 +++ src/auth/auth-fields.c 2014-05-11 16:18:24.704946586 +0200 @@ -207,6 +207,7 @@ void auth_fields_rollback(struct auth_fields *fields) { + if (fields==NULL) return; if (array_is_created(&fields->snapshot_fields)) { array_clear(&fields->fields); array_append_array(&fields->fields, &fields->snapshot_fields); =============================================== $ dovecot --version 2.2.12 $ doveconf # passdb/userdb/auth related passdb { args = username_format=%u scheme=CRYPT /etc/dovecot/users default_fields = deny = no driver = passwd-file master = no override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never } passdb { args = default_fields = deny = no driver = pam master = no override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never } service auth { chroot = client_limit = 0 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-client { group = mode = 0600 user = $default_internal_user } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0666 user = $default_internal_user } unix_listener login/login { group = mode = 0666 user = } unix_listener token-login/tokenlogin { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } userdb { args = default_fields = uid=vmail gid=vmail home=/var/spool/mail/%d/%n driver = static override_fields = result_failure = continue result_internalfail = continue result_success = return-ok skip = never } userdb { args = default_fields = driver = passwd override_fields = result_failure = continue result_internalfail = continue result_success = return-ok skip = never } =============================================== From tss at iki.fi Sun May 11 20:25:26 2014 From: tss at iki.fi (Timo Sirainen) Date: Sun, 11 May 2014 23:25:26 +0300 Subject: [Dovecot] Segfault with passwd as a second userdb at auth_fields_rollback In-Reply-To: <4108500.akylJ3BK2M@imladris> References: <4108500.akylJ3BK2M@imladris> Message-ID: <2250989C-86F9-4B0F-B107-F478F3E4FF9A@iki.fi> On 11.5.2014, at 17.56, Jan Ko?czak wrote: > The bug has gone when in src/auth/auth-fields.c:210 I added check if the field > ptr is not null. As it's a userdb query, it seems that for some reason > (static?) in src/auth/auth-request.c:1058 the function auth_fields_rollback is > called with null request->userdb_reply This should be fixed in v2.2.13. From Jochen.Bern at LINworks.de Sun May 11 20:54:18 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Sun, 11 May 2014 22:54:18 +0200 Subject: [Dovecot] questions about process_limit In-Reply-To: <20140511190752.35558ff3@itxbox.bitcorner.intern> References: <20140511190752.35558ff3@itxbox.bitcorner.intern> Message-ID: <536FE37A.2080701@LINworks.de> On -10.01.-28163 20:59, Andreas Meyer wrote: > What is the best way to avoid this process_limit errors and configure > dovecot the best way? Which limits exactly your users' activities count against depends on what protocols they're using. (Example: N parallel IMAPS connections with (default setting) *individual* imap-login processes require the process_limit of the imap and imap-login services to be at least N, occupy 2xN in the client_limit of the auth service, and need the client_limit of the anvil service to be at least about N+100.) Your "fd limit (ulimit -n)" warning is about an adjustment you must make in the OS' config (the exact place/method, in turn, being distrib dependent). Note that a single client may well hold *several* IMAP(S) connections open in parallel, too. And that your server will need to have the CPU and RAM to run that many processes ... How much overhead you're willing to provide beyond the current (or expected, or theoretical-max) needs of your users is up to you to decide, but since there's always the possibility of some malfunction or attack tearing into your limited ressources, you should *monitor* the usage, anyway. Kind regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From d.parthey at metaways.de Sun May 11 22:24:07 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Mon, 12 May 2014 00:24:07 +0200 Subject: [Dovecot] =?utf-8?q?=C4=B0nstall_dovecot-piegonhone?= In-Reply-To: References: Message-ID: <536FF887.6010809@metaways.de> Am 08.05.2014 12:54, schrieb Selcuk Yazar: > We have Postfix-Dovecot MTA at Redhat EL 5 system. Also we are using this > system activelly. Now i wantto install pigeonhole managesive server on this > sys. Do i have any risk or anything ? There is *always* a risk of doing something wrong, so it is always good to have a backup in place, before changing the system configuration. In my experience, the risk for SIEVE the risk is low, since the pidgeonhole implementation is rather stable, but it surely depends on your dovecot and sieve version you want to use, since there have been some MANAGESIEVE bugs in the past. What about setting up a virtual test machine with sieve and managesieve enabled and doing some stress tests there? Regards Daniel From renaud at allard.it Mon May 12 05:29:32 2014 From: renaud at allard.it (Renaud Allard) Date: Mon, 12 May 2014 07:29:32 +0200 Subject: [Dovecot] [Dovecot-news] v2.2.13 released In-Reply-To: References: Message-ID: <53705C3C.6090809@allard.it> Hello, It seems that configure doesn't work anymore on OpenBSD 5.5 It was working on 2.2.12, and the test about fd passing seem the same. checking whether fd passing works... no configure: error: fd passing is required for Dovecot to work Best Regards On 05/11/2014 09:37 PM, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz.sig > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4303 bytes Desc: S/MIME Cryptographic Signature URL: From tss at iki.fi Mon May 12 07:02:46 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 May 2014 10:02:46 +0300 Subject: [Dovecot] [Dovecot-news] v2.2.13 released In-Reply-To: <53705C3C.6090809@allard.it> References: <53705C3C.6090809@allard.it> Message-ID: <84440934-701D-436E-AA00-D2516084DCBA@iki.fi> On 12.5.2014, at 8.29, Renaud Allard wrote: > It seems that configure doesn't work anymore on OpenBSD 5.5 > > It was working on 2.2.12, and the test about fd passing seem the same. > > checking whether fd passing works... no > configure: error: fd passing is required for Dovecot to work What does config.log say about it? From renaud at allard.it Mon May 12 07:07:59 2014 From: renaud at allard.it (Renaud Allard) Date: Mon, 12 May 2014 09:07:59 +0200 Subject: [Dovecot] [Dovecot-news] v2.2.13 released In-Reply-To: <84440934-701D-436E-AA00-D2516084DCBA@iki.fi> References: <53705C3C.6090809@allard.it> <84440934-701D-436E-AA00-D2516084DCBA@iki.fi> Message-ID: <5370734F.3060602@allard.it> On 05/12/2014 09:02 AM, Timo Sirainen wrote: > On 12.5.2014, at 8.29, Renaud Allard wrote: > >> It seems that configure doesn't work anymore on OpenBSD 5.5 >> >> It was working on 2.2.12, and the test about fd passing seem the same. >> >> checking whether fd passing works... no >> configure: error: fd passing is required for Dovecot to work > > What does config.log say about it? > configure:21046: checking whether fd passing works configure:21120: gcc -o conftest -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I./src/lib ./src/lib/fdpass.c -I/usr/local/include conftest.c >&5 conftest.c:122: warning: no previous prototype for 'nopen' configure:21120: $? = 0 configure:21120: ./conftest configure:21120: $? = 2 configure: program exited with status 2 It seems that if I put src/lib/fdpass.c from 2.2.12, the test succeeds. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4303 bytes Desc: S/MIME Cryptographic Signature URL: From fpeter at hexonet.net Mon May 12 07:16:40 2014 From: fpeter at hexonet.net (Fabian Peter) Date: Mon, 12 May 2014 09:16:40 +0200 Subject: [Dovecot] ManageSieve OOM with Huge Folders Message-ID: <53707558.4000703@hexonet.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi all, we're experiencing "Out of Memory" Problems caused by Sieve-Filters delivering mail to huge IMAP folders. From the logs, I'm beginning to think the problem is that the sieve/lmtp process loads the "dovecot.index.cache" file apparently twice into memory to do something with it. We've set our memory limit per process to 256MB - the cache file of the folders we're having issues with is exactly 128MB. Mails coming in that should be filtered to these folders are being denied, an error is being logged. Apparently, there would be two easy solutions to this: increasing memory OR decreasing folder size. Both are not possible. Increasing memory just means we will have this issue again in some weeks. Deacreasing mailbox size isn't possible since the folders contain archived system mails from our backend software which need to be kept for a while. Currently, we're creating a new folder each time we reach this limit, but that isn't exactly the best way to go for the future. In the end, the folders are for archiving purposes and therefore should not be managed at all since all this is automated. I hope there's some obvious switch I've just not seen in the config. I actually can't imagine that this is default or wanted behaviour since there must be people with large inboxes and sieve filters that either also have this problem or don't have it since they fixed it. The problem clearly is reproducable. Each time the cache file hits 128MB - which happens at around 200k mails in the folder - (with our current setting of 256MB memory limit per process), things go down and our mailqueues reach 10k undelivered mails within a few hours. I hope you can help me Sincerly Fabian OS - -- Linux 2.6.32-16-pve #1 SMP Mon Oct 22 08:38:13 CEST 2012 i686 GNU/Linux (The IMAP server is running within a debian squeeze openVZ container on the Proxmox Virtual Environment Kernel; filesystem for the containers is ext3) VERSION - ------- 2.1.14 (bf80034a547d) CONFIG - ------ # 2.1.14 (bf80034a547d): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-16-pve i686 Debian 6.0.7 simfs auth_cache_size = 10 M mail_debug = yes mail_location = maildir:/var/mail/%u:LAYOUT=fs mail_max_userip_connections = 10000 maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Archive { auto = no special_use = \Archive } mailbox Archives { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = /var/mail/%u/.dovecot.sieve sieve_dir = /var/mail/%u/sieve } protocols = imap lmtp sieve service imap-login { client_limit = 5 process_limit = 0 process_min_avail = 4 service_count = 0 } service imap { client_limit = 10 process_limit = 1024 process_min_avail = 4 } service lmtp { client_limit = 20 inet_listener lmtp { address = *, [::] port = 24 } process_limit = 0 process_min_avail = 10 vsz_limit = 256 M } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { client_limit = 10 process_limit = 0 process_min_avail = 4 } ssl = required ssl_ca = /usr/lib/dovecot/libdovecot.so.0(+0x459bf) [0x2199bf] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x1e8dc5] -> /usr/lib/dovecot/libdovecot.so.0(+0x5806e) [0x22c06e] -> /usr/lib/dovecot/libdovecot.so.0(+0x40ec8) [0x214ec8] -> /usr/lib/dovecot/libdovecot.so.0(buffer_get_space_unsafe+0x85) [0x2153b5] -> /usr/lib/dovecot/libdovecot.so.0(buffer_append_space_unsafe+0x2b) [0x2154cb] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_cache_map+0x219) [0x506cf9] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_cache_open_and_verify+0x75) [0x507245] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_cache_register_get_list+0x50) [0x5092a0] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_mail_parse_header_init+0x15f) [0x4f6def] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_mail_cache_parse_init+0x7c) [0x4f73fc] -> /usr/lib/dovecot/libdovecot-storage.so.0(maildir_save_add+0x1d7) [0x4a0a87] -> /usr/lib/dovecot/libdovecot-storage.so.0(maildir_save_begin+0x1d3) [0x4a0dd3] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_save_begin+0x58) [0x4d7988] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_storage_copy+0xba) [0x4d163a] -> /usr/lib/dovecot/libdovecot-storage.so.0(maildir_copy+0x4b) [0x49bacb] - -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_copy+0x54) [0x4d78b4] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x35f5f) [0xc52f5f] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_result_execute+0x16b) [0xc49efb] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_execute+0x69) [0xc5b139] - -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x2892) [0x75e892] - -> /usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0x4f) [0x19641f] - -> dovecot/lmtp() [0x804c812] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x42) [0x227822] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd3) [0x2289e3] - -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x2277b0] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x2d) [0x21050d] May 12 06:36:41: Fatal: master: service(lmtp): child 27515 returned error 83 (Out of memory (service lmtp { vsz_limit=256 MB }, you may need to increase it)) - -- Fabian Peter Systemadministrator HEXONET GmbH T: +49 6841 69 84 308 F: +49 6841 69 84 199 E: fpeter at hexonet.net W: http://www.hexonet.net HEXONET GmbH, Talstrasse 27, 66424 Homburg, Germany. CEO & General Manager: Jens Wagner, HRB 2839 (HOM), Amtsgericht Saarbr?cken, VAT-ID: DE-138316882 HEXONET Services Inc., 104 - 7455 132nd Street, Surrey, B.C., V3W 1J8, Canada. CSO & General Manager: Robert Birkner This email and any files transmitted are confidential and intended only or the person(s) directly addressed. If you are not the intended recipient, any use, copying, transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this email with any files that may be attached. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJTcHVYAAoJEPIZChNlZ+or5VQIAKegO6HwORlpEmP3YBkJnHXY sYsR1sP89Vm1Uzv4cVL30KF1P37NI9sZwHrO5H2aC5sqNSadaZ0lOUFncwlZwphh JsSS2Jye+56UW7XR92rUuwC8FPYRk6nOxTA0hHtAGW1IxCROz8P32V24cRlDE32k rcq2GT0V4laFlD5YNcqFWAClTqAholnHZCm/7VpBCevUTx0F+KVZxEth/xOf0ajY EmWoXat4Fihnly1YtdPqN5FqIyFdzBF8tyuWaUZN3BfO8QDso+tci/NRbe2yYkIK lhulr4PAvccsIqJ+u/9j+XN7SL9ZXDtU0w4xWQe+5SrGfFXJlXsuJoRgBdThn9I= =YP4k -----END PGP SIGNATURE----- From bourek at thinline.cz Mon May 12 07:20:26 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Mon, 12 May 2014 09:20:26 +0200 Subject: [Dovecot] questions about process_limit In-Reply-To: <20140511190752.35558ff3@itxbox.bitcorner.intern> References: <20140511190752.35558ff3@itxbox.bitcorner.intern> Message-ID: <5370763A.8090206@thinline.cz> Andreas Meyer wrote: > Hello all! > > # dovecot --version > 2.1.17 > > Sometimes I have this in the logfile: > > May 11 16:55:52 master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped > May 11 17:35:03 master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped > May 11 17:36:27 master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped > > I then put this in the dovecot.conf > > service imap-login { > service_count = 1 > process_min_avail = 50 > #process_limit = $default_process_limit > process_limit = 10000 > vsz_limit = 64M > } > > and get this: > > May 11 18:19:36 master: Info: Dovecot v2.1.17 starting up (core dumps disabled) > May 11 18:19:36 config: Warning: service auth { client_limit=1000 } is lower than required under max. load (10300) > May 11 18:19:36 config: Warning: service anvil { client_limit=1000 } is lower than required under max. load (10203) > > Puting this in: > > service auth { > client_limit = 10300 > unix_listener auth-userdb { > mode = 0666 > user = vmail > group = vmail > } > } > > service anvil { > client_limit = 10300 > } > > I get this: > > May 11 18:27:37 delta.bitcorner.eu dovecot[3989]: Warning: fd limit (ulimit -n) is lower than required under max. load (1024< 10300), because of service auth { client_limit } I says that if Dovecot auth process tries to service all 10300 clients, it'll open too many file descriptors and run into a limit. In other words, you configured 10300 but it's not able to service more than 1000. Try adding ulimit -n 32768 somewhere before Dovecot is executed (I put it into /etc/default/dovecot on Debian), that should clear the warning. > > I have also seen this today: > > May 11 13:14:05 log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) > May 11 13:14:05 auth: Error: read(anvil-auth-penalty) failed: EOF > May 11 13:14:05 auth: Error: net_connect_unix(anvil-auth-penalty) failed: Permission denied > Signal 15 is TERM, it's used by init scripts to stop Dovecot. Those errors seem to me like a result of one process (auth) trying to communicate with another (anvil), which was already shutting down. Doesn't strike me as a problem (but I may be wrong ofc) From tss at iki.fi Mon May 12 07:26:57 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 May 2014 10:26:57 +0300 Subject: [Dovecot] [Dovecot-news] v2.2.13 released In-Reply-To: <5370734F.3060602@allard.it> References: <53705C3C.6090809@allard.it> <84440934-701D-436E-AA00-D2516084DCBA@iki.fi> <5370734F.3060602@allard.it> Message-ID: <474B8132-98FC-4B5A-B23D-B45DBD6F9866@iki.fi> On 12.5.2014, at 10.07, Renaud Allard wrote: >>> checking whether fd passing works... no >>> configure: error: fd passing is required for Dovecot to work >> >> What does config.log say about it? >> > > configure:21046: checking whether fd passing works > configure:21120: gcc -o conftest -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I./src/lib ./src/lib/fdpass.c -I/usr/local/include conftest.c >&5 > conftest.c:122: warning: no previous prototype for 'nopen' > configure:21120: $? = 0 > configure:21120: ./conftest > configure:21120: $? = 2 > configure: program exited with status 2 > > > It seems that if I put src/lib/fdpass.c from 2.2.12, the test succeeds. Oh. I finally fixed a broken sanity check there: http://hg.dovecot.org/dovecot-2.2/rev/bedecd5b6bab I wonder if the check is still somewhat broken or if OpenBSD (and BSD in general?) even attempts to set it correctly.. From r.wolf.conf at gmail.com Mon May 12 07:30:36 2014 From: r.wolf.conf at gmail.com (Robert Wolf) Date: Mon, 12 May 2014 09:30:36 +0200 (CEST) Subject: [Dovecot] message-decoder bug for attachments with charset=binary attribute in content-type? Message-ID: Hello, I have configure dovecot with solr and I wanted to let solr index content of attachments. For testing I have used biabam command line tool to generate emails with attachments. I have found that dovecot with fts_decoder incorrectly decodes these attachments from biabam and therefore pdftotext has reported corrupted PDF. The problem is that biabam generates header with charset=binary and dovecot message decoder tries to process it as UTF8 or non-UTF8 data. ============================================================ --biabam.ZxWVLybiabam.ZxWVLy Content-Type: application/pdf; charset=binary Content-Disposition: attachment; filename="bacula-jobs.pdf" Content-Transfer-Encoding: base64 JVBERi0xLjQKJcfsj6IKNSAwIG9iago8PC9MZW5ndGggNiAwIFIvRmlsdGVy IC9GbGF0ZURlY29kZT4+CnN0cmVhbQp4nF2PT0+EMBDF7/0U7yYYWdqFXdbe 1vgnMXpQezMeClSoQNltweh+egvLyczhN3kz703mCLpioFMtLDoSv2aoHKGo ..... ============================================================ This PDF begins orginal with ============================================================ 0000000: 2550 4446 2d31 2e34 0a25 c7ec 8fa2 0a35 %PDF-1.4.%.....5 0000010: 2030 206f 626a 0a3c 3c2f 4c65 6e67 7468 0 obj.<>.str ============================================================ But the dovecot pass following data to fts_decoder script: ============================================================ 0000000: 2550 4446 2d31 2e34 0a25 c3a4 c3bc c3b6 %PDF-1.4.%...... 0000010: c39f 0a32 2030 206f 626a 0a3c 3c2f 4c65 ...2 0 obj.<>. ============================================================ As you can see binary data are mangled. Alpine and Thunderbird do not write charset=binary to content-type header and searching works perfect. I have searched in source code and I have found one place. If I replace the following code in file dovecot-2.1.7/src/lib-mail/message-decoder.c on line 241 with new one, the dovecots message decoder decodes message correctly and pdftotext can convert attached PDF. Original code: ============================================================ 241: ctx->binary_input = ctx->content_charset == NULL && 242: (ctx->flags & MESSAGE_DECODER_FLAG_RETURN_BINARY) != 0 && 243: (part->flags & (MESSAGE_PART_FLAG_TEXT | 244: MESSAGE_PART_FLAG_MESSAGE_RFC822)) == 0; ============================================================ My update: ============================================================ 241 ctx->binary_input = ((ctx->content_charset != NULL) && (strcasecmp(ctx->content_charset, "binary") == 0)) || (ctx->content_charset == NULL && 242 (ctx->flags & MESSAGE_DECODER_FLAG_RETURN_BINARY) != 0 && 243 (part->flags & (MESSAGE_PART_FLAG_TEXT | 244 MESSAGE_PART_FLAG_MESSAGE_RFC822)) == 0); ============================================================ This will set ctx->binary_input for the attachment with charset set to "binary". I don't know if this is correct update, but the searching works with this update for biabam binary attachments too. Could you please verify this problem and maybe update the code? Thank you very much. # dovecot --version 2.1.7 Config: plugin { fts = solr fts_solr = url=http://localhost:8080/solr/ fts_decoder = decode2text } service decode2text { executable = script /etc/dovecot/scripts/decode2text.sh user = dovecot unix_listener decode2text { mode = 0666 } } Regards, Robert Wolf. From dovecot-list at mohtex.net Mon May 12 08:03:28 2014 From: dovecot-list at mohtex.net (Tamsy) Date: Mon, 12 May 2014 15:03:28 +0700 Subject: [Dovecot] v2.2.13.rc1 vs. Pigeonhole In-Reply-To: <536D2916.3040504@rename-it.nl> References: <536C4972.2010107@mohtex.net> <536D2916.3040504@rename-it.nl> Message-ID: <53708050.5070200@mohtex.net> Stephan Bosch wrote the following on 10.05.2014 02:14: > On 5/9/2014 5:20 AM, Tamsy wrote: >> Server: Ubuntu 10.04 LTS 32bit >> >> There seems to be an incompatibility when compiling Pigeonhole against >> Dovecot v2.2.13.rc1. >> # make check >> with Pigeonhole throws up the following error message: >> >> >> Test case: ./tests/extensions/editheader/addheader.svtest: >> >> 1: Test 'Addheader - first' SUCCEEDED >> 2: Test 'Addheader - last' SUCCEEDED >> 3: Test 'Addheader - framed' SUCCEEDED >> 4: Test 'Addheader - folded' SUCCEEDED >> 5: Test 'Addheader - newlines' FAILED: wrong first header content in >> redirected mail >> 6: Test 'Addheader - implicit keep' SUCCEEDED >> 7: Test 'Addheader - UTF 8' SUCCEEDED >> 8: Test 'Addheader - devious characters' SUCCEEDED >> >> FAIL: 1 of 8 tests failed. >> >> I tried this with the latest Pigeonhole from Mercurial: >> - dovecot-2-2-pigeonhole-3b6917a4807c >> and also with the older: >> - dovecot-2-2-pigeonhole-e111a2393a92 >> >> Both versions are quitting during "make check" with the same error when >> compiling against dovecot-2.2.13.rc1. >> Compiling those versions against dovecot-2.2.12 is going without errors >> though. > The cause of the problem is found. Will be fixed tomorrow probably. > > Regards, > > Stephan. To report back on this matter: Dovecot 2.2.13 with the latest Pigeonhole compiles and installs nicely without any errors. Thank you Timo & Stephan, Tamsy -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x5DC8E7D9.asc Type: application/pgp-keys Size: 1733 bytes Desc: not available URL: From tss at iki.fi Mon May 12 08:24:26 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 12 May 2014 11:24:26 +0300 Subject: [Dovecot] ManageSieve OOM with Huge Folders In-Reply-To: <53707558.4000703@hexonet.net> References: <53707558.4000703@hexonet.net> Message-ID: On 12.5.2014, at 10.16, Fabian Peter wrote: > we're experiencing "Out of Memory" Problems caused by Sieve-Filters > delivering mail to huge IMAP folders. From the logs, I'm beginning to > think the problem is that the sieve/lmtp process loads the > "dovecot.index.cache" file apparently twice into memory to do > something with it. .. > 2.1.14 (bf80034a547d) Upgrade to v2.2. It doesn't map the whole dovecot.index.cache when delivering new mails. The reading part could still be problematic of course. From nmilas at noa.gr Mon May 12 09:21:42 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Mon, 12 May 2014 12:21:42 +0300 Subject: [Dovecot] v2.2.13 released In-Reply-To: References: Message-ID: <537092A6.2090206@noa.gr> On 11/5/2014 10:37 ??, Timo Sirainen wrote: > A few minor changes since v2.2.13.rc1, mainly making the Pigeonhole tests pass. 2.2.13 compiles, installs and works fine (until now) on CentOS 5 and 6 x86_64 with pigeonhole 0.4.2. Thanks, Nick From ml-dovecot at zu-con.org Mon May 12 09:28:13 2014 From: ml-dovecot at zu-con.org (Matthias Rieber) Date: Mon, 12 May 2014 11:28:13 +0200 (CEST) Subject: [Dovecot] v2.2.13 released In-Reply-To: References: Message-ID: Hi, On Sun, 11 May 2014, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz.sig fts and normal search in virtual folders still seems to be broken: [New LWP 19298] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/imap'. Program terminated with signal 6, Aborted. #0 0x00007f0a63b64425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #0 0x00007f0a63b64425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #1 0x00007f0a63b67b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #2 0x00007f0a63f57b15 in default_fatal_finish (type=, status=0) at failures.c:193 backtrace = 0x1611500 "/usr/local/lib/dovecot/libdovecot.so.0(+0x69b1f) [0x7f0a63f57b1f] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x69b7e) [0x7f0a63f57b7e] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f0a63f10"... #3 0x00007f0a63f57b7e in i_internal_fatal_handler (ctx=0x7fff737c1a90, format=, args=) at failures.c:657 status = 0 #4 0x00007f0a63f108f9 in i_panic (format=) at failures.c:267 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff737c1b60, reg_save_area = 0x7fff737c1aa0}} #5 0x00007f0a62ee4f97 in fts_search_deserialize_add_idx (args=, buf=, idx=, matches=) at fts-search-serialize.c:63 No locals. #6 fts_search_deserialize_add_idx (args=0x29fb3d0, buf=0x2a803b8, idx=0x7fff737c1bac, matches=false) at fts-search-serialize.c:56 data = 0x2a803f0 "" #7 0x00007f0a62ee50ec in fts_search_deserialize_add_nonmatches (args=, buf=0x2a803b8) at fts-search-serialize.c:97 idx = 0 __FUNCTION__ = "fts_search_deserialize_add_nonmatches" #8 0x00007f0a62ee5b0f in fts_search_apply_results_level (ctx=0x29a7fe0, args=0x29fb3d0, idx=0x7fff737c1c0c) at fts-storage.c:277 fctx = level = 0x29a8c00 #9 0x00007f0a62ee5ca2 in fts_mailbox_search_next_update_seq (ctx=0x29a7fe0) at fts-storage.c:314 fbox = 0x16479b0 fctx = 0x29d5370 idx = 0 #10 0x00007f0a64266b1c in search_more_with_mail (mail=0x171d650, ctx=0x29a7fe0) at index-search.c:1509 _ctx = 0x29a7fe0 box = 0x16469b0 match = 0 ret = -1 imail = 0x171d650 cost1 = 0 #11 search_more_with_prefetching (mail_r=, ctx=) at index-search.c:1582 _data_stack_cur_id = 4 ret = mail = 0x171d650 #12 search_more (ctx=0x29a7fe0, mail_r=0x7fff737c1ca0) at index-search.c:1653 imail = ret = 0 #13 0x00007f0a64267246 in index_storage_search_next_nonblock (_ctx=0x29a7fe0, mail_r=0x7fff737c1da0, tryagain_r=0x7fff737c1daf) at index-search.c:1677 ctx = 0x29a7fe0 mail = seq = ret = #14 0x00007f0a62cd108c in virtual_search_next_nonblock (ctx=0x29a7fe0, mail_r=0x7fff737c1da0, tryagain_r=0x7fff737c1daf) at virtual-search.c:154 vctx = 0x29a8220 ictx = 0x29a7fe0 seq = __FUNCTION__ = "virtual_search_next_nonblock" #15 0x00007f0a62cd101e in virtual_search_next_nonblock (ctx=0x29a7fe0, mail_r=0x7fff737c1da0, tryagain_r=0x7fff737c1daf) at virtual-search.c:148 vctx = 0x29a8220 ictx = 0x29a7fe0 seq = __FUNCTION__ = "virtual_search_next_nonblock" #16 0x00007f0a64240aa7 in mailbox_search_next_nonblock (ctx=0x29a7fe0, mail_r=0x7fff737c1da0, tryagain_r=) at mail-storage.c:1796 box = #17 0x000000000041c6e7 in cmd_search_more (cmd=0x1644190) at imap-search.c:443 ctx = 0x1644298 opts = SEARCH_RETURN_ALL mail = 0x0 sync_flags = end_time = {tv_sec = 43862832, tv_usec = 1024} range = 0x6 count = id = id_min = 0 id_max = 0 ok_reply = time_msecs = tryagain = lost_data = __FUNCTION__ = "cmd_search_more" #18 0x000000000041cb69 in imap_search_start (ctx=0x1644298, sargs=, sort_program=) at imap-search.c:610 cmd = 0x1644190 __FUNCTION__ = "imap_search_start" #19 0x0000000000411786 in cmd_search (cmd=0x1644190) at cmd-search.c:48 ctx = 0x1644298 sargs = 0x29fb310 args = 0x161ca78 charset = 0x424d6b "UTF-8" ret = #20 0x000000000041732d in command_exec (cmd=0x1644190) at imap-commands.c:158 hook = 0x161a0f0 ret = #21 0x00000000004163c0 in client_command_input (cmd=0x1644190) at imap-client.c:778 client = 0x1643630 command = __FUNCTION__ = "client_command_input" #22 0x00000000004164a5 in client_command_input (cmd=0x1644190) at imap-client.c:839 client = 0x1643630 command = __FUNCTION__ = "client_command_input" #23 0x000000000041674d in client_handle_next_command (remove_io_r=, client=0x1643630) at imap-client.c:877 No locals. #24 client_handle_input (client=0x1643630) at imap-client.c:889 _data_stack_cur_id = 3 ret = 64 remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #25 0x0000000000416ac2 in client_input (client=0x1643630) at imap-client.c:931 cmd = output = 0x1644050 bytes = 29 __FUNCTION__ = "client_input" #26 0x00007f0a63f68b1e in io_loop_call_io (io=0x16411f0) at ioloop.c:441 ioloop = 0x1619730 t_id = 2 __FUNCTION__ = "io_loop_call_io" #27 0x00007f0a63f69b3f in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 ctx = 0x161a3d0 events = 0x0 event = 0x161b240 list = 0x161be30 io = tv = {tv_sec = 1799, tv_usec = 999421} events_count = msecs = ret = 1 i = call = __FUNCTION__ = "io_loop_handler_run_internal" #28 0x00007f0a63f68ba9 in io_loop_handler_run (ioloop=0x1619730) at ioloop.c:488 No locals. #29 0x00007f0a63f68c28 in io_loop_run (ioloop=0x1619730) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #30 0x00007f0a63f15d13 in master_service_run (service=0x16195c0, callback=) at master-service.c:566 No locals. #31 0x000000000040af58 in main (argc=1, argv=0x1619390) at main.c:400 set_roots = {0x4278a0, 0x0} login_set = {auth_socket_path = 0x1611058 "", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x41fb50 , failure_callback = 0x41f860 , request_auth_token = 1} service_flags = storage_service_flags = username = c = From michael at bigmichi1.de Mon May 12 09:30:10 2014 From: michael at bigmichi1.de (Michael Cramer) Date: Mon, 12 May 2014 11:30:10 +0200 Subject: [Dovecot] v2.2.13 released In-Reply-To: References: Message-ID: <20140512113010.Horde.u4nrBpjrdYLG2lPdgJ2QrQ5@horde.bigmichi1.de> Zitat von Timo Sirainen : > http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz.sig > > A few minor changes since v2.2.13.rc1, mainly making the Pigeonhole > tests pass. > > * Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS > handshake was started but wasn't finished, the login process > attempted to eventually forcibly disconnect the client, but failed > to do it correctly. This could have left the connections hanging > arond for a long time. (Affected Dovecot v1.1+) > > + mdbox: Added mdbox_purge_preserve_alt setting to keep the file > within alt storage during purge. (Should become enforced in v2.3.0?) > + fts: Added support for parsing attachments via Apache Tika. Enable > with: plugin { fts_tika = http://tikahost:9998/tika/ } > + virtual plugin: Delay opening backend mailboxes until it's necessary. > This requires mailbox_list_index=yes to work. (Currently IMAP IDLE > command still causes all backend mailboxes to be opened.) > + mail_never_cache_fields=* means now to disable all caching. This may > be a useful optimization as doveadm/dsync parameter for some admin > tasks which shouldn't really update the cache file. > + IMAP: Return SPECIAL-USE flags always for LSUB command. > - pop3 server was still crashing in v2.2.12 with some settings > - maildir: Various fixes and improvements to handling compressed mails, > especially when they have broken/missing S=sizes in filenames. > - fts-lucene, fts-solr: Fixed crash on search when the index contained > duplicate entries. > - Many fixes and performance improvements to dsync and replication > - director was somewhat broken when there were exactly two directors > in the ring. It caused errors about "weak users" getting stuck. > - mail_attachment_dir: Attachments with the last base64-encoded line > longer than the rest wasn't handled correctly. > - IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+ > - acl: Global ACL file handling was broken when multiple entries > matched the mailbox name. (Only the first entry was used.) ubuntu ppa build for 12.04, 12.10, 13.10, 14.04 are available here: https://launchpad.net/~bigmichi1/+archive/dovecot From Ralf.Hildebrandt at charite.de Mon May 12 11:56:31 2014 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 12 May 2014 13:56:31 +0200 Subject: [Dovecot] LMTP SSL? Message-ID: <20140512115631.GI30748@charite.de> Can I enable STARTTLS/SSL on the LMTP listener in Dovecot 2.1.x? service lmtp { unix_listener lmtp { } inet_listener lmtp { address = * port = 24 --> ssl=yes } } -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From django at nausch.org Mon May 12 13:34:34 2014 From: django at nausch.org (Django) Date: Mon, 12 May 2014 15:34:34 +0200 Subject: [Dovecot] LMTP SSL? In-Reply-To: <20140512115631.GI30748@charite.de> References: <20140512115631.GI30748@charite.de> Message-ID: <5370CDEA.1060609@nausch.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HI Ralf, Am 12.05.2014 13:56, schrieb Ralf Hildebrandt: > Can I enable STARTTLS/SSL on the LMTP listener in Dovecot 2.1.x? I think: NOPE > service lmtp { unix_listener lmtp { } inet_listener lmtp { address > = * port = 24 --> ssl=yes } } I tried this few month agoe (after my dovecot training in Berlin) and this won't work. So I decided to us a VPN-tunnel from my SMTP-host to my IMAP-host. sers Django -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTcM3hAAoJEAdOz2FQpr/tsZIP/A8oHYpvnTp0v31zsfJKWzof DfIX+wScYr791IarU9neq45jkBVWO6tHpj+zptCaVKFn7GW3HcvCYiEv7Z4o3AtJ VpkVo/W4cDm+ae5rTyTEdLV20SpF3oEr3HhI7rc4pZ8Eg1+jvO2ldMX3Uz0DY72/ o5BWi7x06LcV3BO9SZjdfzL0gM2UOmdzsBqK4/b3oUEwxSBSyEqsY9k1cKc0pxpx acHLy1DZ0woK9XfjjusA1uThtZmSH7rqkptgzEG6zK+FyQlPKxPoOVZtucaH9d+T XFuTufPT+EdC7U0lm54PXtbfRBI+8hEhOO1y9WgOPy5pN30moj4mVTn6xiaaiqF4 KOBpSPUkFVWkFCfoUXL17NHzM2MsgplZCtc9FxcUKGqu0vpiOqrxEIRgV9BIje6P cpLLQq/N5M3rBX+krF3Qg8LfnP2C/KQCX3iDM3LgToeurHm0ZgU9VOlLkH/7A08B pN4/VSW34v+Jvc9DoP43xg/Y5wTq1DqGtRN35Yn630OjMK58Kn+MBNOrMIbeCPio K/AKuELZ8S/fjry8jTAiNgnsQqi/4cA0qQ9zvfH7mjGyZf0xqfwAvurIhnI56pmS tKRnfttAPRrWXoJIUsaxsJBPQ3lnz7bHcoolTrg4IS/iczZ7PJheXJ6HHGReW9Bv hZv8TA+dwBnPOXuS54ks =WO0y -----END PGP SIGNATURE----- From leva at ecentrum.hu Mon May 12 18:59:35 2014 From: leva at ecentrum.hu (LEVAI Daniel) Date: Mon, 12 May 2014 20:59:35 +0200 Subject: [Dovecot] [Dovecot-news] v2.2.13 released In-Reply-To: <474B8132-98FC-4B5A-B23D-B45DBD6F9866@iki.fi> References: <53705C3C.6090809@allard.it> <84440934-701D-436E-AA00-D2516084DCBA@iki.fi> <5370734F.3060602@allard.it> <474B8132-98FC-4B5A-B23D-B45DBD6F9866@iki.fi> Message-ID: <20140512185935.GA16428@serenity.local> On h, m?j 12, 2014 at 10:26:57 +0300, Timo Sirainen wrote: > On 12.5.2014, at 10.07, Renaud Allard wrote: > > >>> checking whether fd passing works... no > >>> configure: error: fd passing is required for Dovecot to work > >> > >> What does config.log say about it? > >> > > > > configure:21046: checking whether fd passing works > > configure:21120: gcc -o conftest -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I./src/lib ./src/lib/fdpass.c -I/usr/local/include conftest.c >&5 > > conftest.c:122: warning: no previous prototype for 'nopen' > > configure:21120: $? = 0 > > configure:21120: ./conftest > > configure:21120: $? = 2 > > configure: program exited with status 2 > > > > > > It seems that if I put src/lib/fdpass.c from 2.2.12, the test succeeds. > > Oh. I finally fixed a broken sanity check there: > http://hg.dovecot.org/dovecot-2.2/rev/bedecd5b6bab > > I wonder if the check is still somewhat broken or if OpenBSD (and BSD > in general?) even attempts to set it correctly.. FWIW, it configures and compiles fine here on OpenBSD 5.5. What are the configure options you are using Renaud? Daniel -- L?VAI D?niel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F From goetz.reinicke at filmakademie.de Mon May 12 19:07:39 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Mon, 12 May 2014 21:07:39 +0200 Subject: [Dovecot] 2.2.12: Panic: file mail-index.c: line 380 (mail_index_keywords_unref): assertion failed: (keywords->refcount > 0) In-Reply-To: References: <530A1A34.4090206@kraav.com> Message-ID: <53711BFB.7040205@filmakademie.de> Am 02.05.14 12:22, schrieb Timo Sirainen: > On 23.2.2014, at 17.56, Leho Kraav wrote: > >> I upgraded 2.1 -> 2.2 something like a week ago because I needed INDEXPVT. Not sure if this crash started immediately or not, noticed it today looking at journalctl. >> >> Backtrace http://bpaste.net/raw/181944/ and pasted below. > .. >> #4 0x00007f64dab30d4e in i_panic (format=format at entry=0x7f64dae79848 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:267 >> ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} >> args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffb9d88df0, reg_save_area = 0x7fffb9d88d30}} >> #5 0x00007f64dae59fbc in mail_index_keywords_unref (_keywords=) at mail-index.c:380 >> keywords = >> __FUNCTION__ = "mail_index_keywords_unref" >> #6 0x00007f64dae22657 in mailbox_copy (_ctx=, mail=mail at entry=0xbcf260) at mail-storage.c:2140 > > This should be fixed by http://hg.dovecot.org/dovecot-2.2/rev/db216ddbb5c2 Oh I see, so I should get hands on a newer version. BTW: I tried to compile my own rpm - failed yet as I never did that before. On the other hand I contacted the dovecot sales team, may be it's time to give a bit back to you for your great work on dovecot! Thx . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt From stephan at rename-it.nl Mon May 12 19:25:56 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 12 May 2014 21:25:56 +0200 Subject: [Dovecot] Released Pigeonhole v0.4.3 for Dovecot v2.2.13. Message-ID: <53712044.8050001@rename-it.nl> Hello Dovecot users, Now that Dovecot v2.2.13 is released, I can release a new Pigeonhole. Due to changes in Dovecot, this Pigeonhole release will not compile cleanly against older Dovecot releases. This release is mainly about bugfixes. One notable addition is that I have updated the "vnd.dovecot.duplicate" extension to the new IETF draft "duplicate" extension. Changelog v0.4.3: * Editheader extension: Made control characters allowed for editheader, except NUL. Before, this would cause a runtime error. + Upgraded Dovecot-specific Sieve "vnd.dovecot.duplicate" extension to match the new draft "duplicate" extension. - Fixed sieve_result_global_log_error to log only as i_info in administrator log (syslog) if executed from multiscript context. - Sieve redirect extension: Adjusted loop detection to show leniency to resent messages. - Sieve include extension: Fixed problem with handling of duplicate includes with different parameters :once or :optional. - Sieve spamtest/virustest extensions: Tests were erroneously performed against the original message. When used together with extprograms filter to add the spam headers, the changes were not being used by the spamtest and virustest extensions. - Deprecated Sieve notify extension: Fixed segfault problems in message string substitution. - ManageSieve: Fixed active link verification to handle redundant path slashes correctly. - Sieve vacation extension: - Fixed interaction of sieve_vacation_dont_check_recipient with sieve_vacation_send_from_recipient setting. - Fixed log message for discarded response. - Sieve extprograms plugin: - Forgot to disable the alarm() timeouts set for script execution. - Fixed fd leak and handling of output shutdown. - Fixed 'Bad filedescriptor' error occurring when disconnecting script client. - Made sure that programs are never forked with root privileges. The release is available as follows: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.3.tar.gz http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.3.tar.gz.sig Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for more information. Have fun testing this new release and don't hesitate to notify me when there are any problems. Regards, -- Stephan Bosch stephan at rename-it.nl From goetz.reinicke at filmakademie.de Mon May 12 19:51:13 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Mon, 12 May 2014 21:51:13 +0200 Subject: [Dovecot] dsync - Panic: file mail-index-transaction-update.c: line 19 Message-ID: <53712631.4020905@filmakademie.de> Hi, we have started to switch our users mails from mbox to maildir and see for some users panics. May be someone has a hint on whats causing that and how to fix it? It's dovecot 2.2.10 on Redhat. dsync(s109487): Error: Corrupted index cache file /srv/vmail/s109487/mail/.imap/GS Drehbuch 1/dovecot.index.cache: Broken physical size for mail UID 42 dsync(s109487): Error: mail parser: read(/srv/vmail/s109487/mail/GS Drehbuch 1, box=GS Drehbuch 1) failed: Invalid argument dsync(s109487): Panic: file mail-index-transaction-update.c: line 19 (mail_index_transaction_lookup): assertion failed: (seq >= t->first_new_seq && seq <= t->last_new_seq) dsync(s109487): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x332ea6722a] -> /usr/lib64/dovecot/ Thanks and regards . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt From goetz.reinicke at filmakademie.de Mon May 12 20:05:25 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Mon, 12 May 2014 22:05:25 +0200 Subject: [Dovecot] 2.2.12 RPM Needed In-Reply-To: <535964C0.6020000@thelounge.net> References: <53594BD0.7010508@globalchangemusic.org> <535964C0.6020000@thelounge.net> Message-ID: <53712985.4050508@filmakademie.de> Hi, Am 24.04.14 21:23, schrieb Reindl Harald: > > > Am 24.04.2014 19:37, schrieb Asai: >> I'm not very experienced in building Source RPMs and we're in need of a Dovecot RPM for version 2.2.12 for CentOS >> 5. It seems that the ATRPMs repo maintained by Axel Thimm hasn't seen much activity lately and the task of >> updating a source RPM is more than I have time for as a busy developer who does systems admin on the side. >> >> Could anybody recommend another repo where there would be the latest Dovecot binaries? Or perhaps tell me of any >> gotchas and catches which might arise if I go ahead and build 2.2.12 from source over the RPM I currently have >> installed (2.2.10)? > > you only need to replace the tarball and the version in the SPEC > and rebuild the package - for monir updates you don't need anything > else if upstream has no broken release strategy, dovecot's is fine > > i am building dovecot the last two years without any SPEC change > except version and changelog - but you won't be happy with my > stripped down SPEC following our infrastructure (no configs etc.) I downloaded the ATRPM specfile (http://dl.atrpms.net/all/dovecot.spec) and the recent dovecot file and get a Fehler: Ung?ltige Quelle: /root/rpmbuild/SOURCES/dovecot-2.1-defaultconfig.patch: Datei oder Verzeichnis nicht gefunden when I do rpmbuild -ba dovecot.spec May be I'm heading into the total wrong direction, as I never did build a rpm before... May be someone can point me into the right direction? Regards . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt From sumsumag at gmx.de Mon May 12 20:13:07 2014 From: sumsumag at gmx.de (sumsumag at gmx.de) Date: Mon, 12 May 2014 22:13:07 +0200 Subject: [Dovecot] Dovecot Special_Use and K9 (and other Clients) Message-ID: An embedded and charset-unspecified text was scrubbed... Name: dovecot.txt URL: From h.reindl at thelounge.net Mon May 12 20:16:39 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 12 May 2014 22:16:39 +0200 Subject: [Dovecot] 2.2.12 RPM Needed In-Reply-To: <53712985.4050508@filmakademie.de> References: <53594BD0.7010508@globalchangemusic.org> <535964C0.6020000@thelounge.net> <53712985.4050508@filmakademie.de> Message-ID: <53712C27.10806@thelounge.net> Am 12.05.2014 22:05, schrieb G?tz Reinicke - IT Koordinator: > Hi, > Am 24.04.14 21:23, schrieb Reindl Harald: >> >> >> Am 24.04.2014 19:37, schrieb Asai: >>> I'm not very experienced in building Source RPMs and we're in need of a Dovecot RPM for version 2.2.12 for CentOS >>> 5. It seems that the ATRPMs repo maintained by Axel Thimm hasn't seen much activity lately and the task of >>> updating a source RPM is more than I have time for as a busy developer who does systems admin on the side. >>> >>> Could anybody recommend another repo where there would be the latest Dovecot binaries? Or perhaps tell me of any >>> gotchas and catches which might arise if I go ahead and build 2.2.12 from source over the RPM I currently have >>> installed (2.2.10)? >> >> you only need to replace the tarball and the version in the SPEC >> and rebuild the package - for monir updates you don't need anything >> else if upstream has no broken release strategy, dovecot's is fine >> >> i am building dovecot the last two years without any SPEC change >> except version and changelog - but you won't be happy with my >> stripped down SPEC following our infrastructure (no configs etc.) > > I downloaded the ATRPM specfile (http://dl.atrpms.net/all/dovecot.spec) > and the recent dovecot file and get a > > Fehler: Ung?ltige Quelle: > /root/rpmbuild/SOURCES/dovecot-2.1-defaultconfig.patch: Datei oder > Verzeichnis nicht gefunden > > when I do rpmbuild -ba dovecot.spec > > May be I'm heading into the total wrong direction, as I never did build > a rpm before... > > May be someone can point me into the right direction? where is that file? you should not only download the SPEC * download the src.rpm * rpm -ivh package.src.rpm *as user* * this will unpack the tarball, SPEC and patches to the correct locations * normally you have ~/rpmbuild with subfolders SOURCES, SPECS, RPMS here you go: http://wiki.centos.org/HowTos/SetupRpmBuildEnvironment some patches may be needed and re-define distribution specific things some pacthes *may be* obsolete and no longer match -> remove them from the SPEC and you can build your own src.rpm with "rpmbuild -bs ~/rpmbuild/SPECS/dovecot.spec" which contains all the patches and spec-file changes you recently used -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From maciej.uhlig at us.edu.pl Mon May 12 20:22:29 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Mon, 12 May 2014 22:22:29 +0200 Subject: [Dovecot] v2.2.13.rc1 released - Panic: file buffer.c: line 307 (buffer_set_used_size): assertion failed: (used_size <= buf->alloc) In-Reply-To: <536C9904.4010904@us.edu.pl> References: <536C9904.4010904@us.edu.pl> Message-ID: <53712D85.6090802@us.edu.pl> Sorry for replying to myself but now I'm able to show gdb backtrace with debugging symbols for dovecot 2.2.13 crash. See below. Thanks. MU Maciej Uhlig - 2014-05-09 10:59: > Timo Sirainen - 2014-05-08 17:37: >> BTW. I've read most of the mails again in Dovecot mailing list, but there are still a few reported bugs I decided to leave until later. Anyway feel free to re-send any bug reports for things that haven't been fixed in v2.2.13 yet. > First report on 2014-01-11 with 2.2.10; bug still present: > > 2014-05-09T10:18:18+02:00 server/ip dovecot: imap(user at domain): Error: > Corrupted transaction log file > ./domain/user/mail/.Drafts/dovecot.index.log seq 16777216: log file > shrank (540 < 6144) (sync_offset=6144) > 2014-05-09T10:18:18+02:00 server/ip dovecot: imap(user at domain): Panic: > file buffer.c: line 307 (buffer_set_used_size): assertion failed: > (used_size <= buf->alloc) > 2014-05-09T10:18:24+02:00 server/ip dovecot: imap(user at domain): Fatal: > master: service(imap): child 4098 killed with signal 6 (core dumped) > > Program terminated with signal 6, Aborted. > #0 0x00000033c9a32925 in raise () from /lib64/libc.so.6 > (gdb) bt full #0 0x00000033c9a32925 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00000033c9a34105 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x00007fe4bc744540 in default_fatal_finish (type=, status=0) at failures.c:193 backtrace = 0xcd84c8 "/usr/local/dovecot-2.2.13/lib/dovecot/libdovecot.so.0(+0x6d54a) [0x7fe4bc74454a] -> /usr/local/dovecot-2.2.13/lib/dovecot/libdovecot.so.0(+0x6d5b6) [0x7fe4bc7445b6] -> /usr/local/dovecot-2.2.13/lib/do"... #3 0x00007fe4bc7445b6 in i_internal_fatal_handler (ctx=0x7fff2897c1a0, format=, args=) at failures.c:657 status = 0 #4 0x00007fe4bc6f960f in i_panic ( format=0x19ea
) at failures.c:267 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff2897c270, reg_save_area = 0x7fff2897c1b0}} #5 0x00007fe4bc73f4a9 in buffer_set_used_size (_buf=, used_size=) at buffer.c:307 buf = __FUNCTION__ = "buffer_set_used_size" #6 0x00007fe4bca90cb0 in mail_transaction_log_file_open (file=0xcfc9b0) ---Type to continue, or q to quit--- at mail-transaction-log-file.c:930 index = 0xcfb740 i = 0 ignore_estale = true ret = #7 0x00007fe4bca8d548 in mail_transaction_log_open (log=0xcfc760) at mail-transaction-log.c:86 file = 0xcfc9b0 ret = #8 0x00007fe4bca730c4 in mail_index_open_files (index=0xcfb740, flags=17) at mail-index.c:477 ret = created = false #9 0x00007fe4bca73400 in mail_index_open (index=0xcfb740, flags=17) at mail-index.c:593 ret = __FUNCTION__ = "mail_index_open" #10 0x00007fe4bca6489c in index_storage_mailbox_open (box=0xcf9f00, move_to_memory=false) at index-storage.c:255 ibox = 0xcfa348 index_flags = 17 ret = __FUNCTION__ = "index_storage_mailbox_open" ---Type to continue, or q to quit--- #11 0x00007fe4bc9fe8fa in maildir_mailbox_open_existing (box=0xcf9f00) at maildir-storage.c:305 mbox = 0xcf9f00 #12 0x00007fe4bc9fe9cf in maildir_mailbox_open (box=0xcf9f00) at maildir-storage.c:349 box_path = root_dir = st = {st_dev = 25165824, st_ino = 140620396844928, st_nlink = 325, st_mode = 3164929696, st_uid = 32740, st_gid = 13468392, __pad0 = 0, st_rdev = 13606656, st_size = 13608984, st_blksize = 140620391160351, st_blocks = 13606656, st_atim = { tv_sec = 2, tv_nsec = 13606656}, st_mtim = { tv_sec = 140733874423128, tv_nsec = 1}, st_ctim = { tv_sec = 140620394087488, tv_nsec = 13606656}, __unused = { 13606656, 140733874423128, 0}} #13 0x00007fe4bca355b4 in mailbox_open_full (box=0xcf9f00, input=) at mail-storage.c:1045 _data_stack_cur_id = 4 ret = #14 0x00007fe4bca3576f in mailbox_open (box=0xcf9f00) at mail-storage.c:1087 No locals. #15 0x0000000000412478 in select_open (ctx=0xcf77e0, mailbox=, readonly=false) at cmd-select.c:302 ---Type to continue, or q to quit--- client = 0xcf6ed0 status = {messages = 681035384, recent = 32767, unseen = 3374401317, uidvalidity = 51, uidnext = 0, first_unseen_seq = 0, first_recent_uid = 0, last_cached_seq = 0, highest_modseq = 140733874423388, highest_pvt_modseq = 140733874423424, keywords = 0xce3af8, permanent_flags = 13515816, permanent_keywords = 0, allow_new_keywords = 0, nonpermanent_modseqs = 0, no_modseq_tracking = 0, have_guids = 0, have_save_guids = 0, have_only_guid128 = 0} flags = ret = 0 #16 0x0000000000412a83 in cmd_select_full (cmd=0xcf76e0) at cmd-select.c:435 ctx = 0xcf77e0 ret = client = 0xcf6ed0 args = 0xce3ac8 list_args = 0x33c9d8fe80 mailbox = 0xcd82a8 "sent-mail" error = #17 cmd_select (cmd=0xcf76e0) at cmd-select.c:444 No locals. #18 0x0000000000418b0d in command_exec (cmd=0xcf76e0) at imap-commands.c:158 ---Type to continue, or q to quit--- hook = 0xce1110 ret = #19 0x0000000000417ae4 in client_command_input (cmd=0xcf76e0) at imap-client.c:778 client = 0xcf6ed0 command = __FUNCTION__ = "client_command_input" #20 0x0000000000417c25 in client_command_input (cmd=0xcf76e0) at imap-client.c:839 client = 0xcf6ed0 command = __FUNCTION__ = "client_command_input" #21 0x0000000000418095 in client_handle_next_command (client=0xcf6ed0) at imap-client.c:877 No locals. #22 client_handle_input (client=0xcf6ed0) at imap-client.c:889 _data_stack_cur_id = 3 ret = false remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #23 0x000000000041896f in client_input (client=0xcf6ed0) at imap-client.c:931 cmd = ---Type to continue, or q to quit--- output = 0xcf0aa0 bytes = 20 __FUNCTION__ = "client_input" #24 0x00007fe4bc75574d in io_loop_call_io (io=0xcf0b70) at ioloop.c:441 ioloop = 0xce0750 t_id = 2 __FUNCTION__ = "io_loop_call_io" #25 0x00007fe4bc756b15 in io_loop_handler_run_internal ( ioloop=) at ioloop-epoll.c:220 ctx = 0xce13f0 events = event = 0xce2260 list = 0xcf0bd0 io = tv = {tv_sec = 1799, tv_usec = 999593} msecs = ret = 1 i = j = 0 call = __FUNCTION__ = "io_loop_handler_run_internal" #26 0x00007fe4bc7557d9 in io_loop_handler_run (ioloop=0xce0750) at ioloop.c:488 No locals. ---Type to continue, or q to quit--- #27 0x00007fe4bc755868 in io_loop_run (ioloop=0xce0750) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #28 0x00007fe4bc6fea63 in master_service_run (service=0xce05e0, callback=) at master-service.c:566 No locals. #29 0x00000000004227e7 in main (argc=2, argv=0xce0390) at main.c:400 set_roots = {0x42b300, 0x0} login_set = { auth_socket_path = 0xcd8050 "\210\200", , postlogin_socket_path = 0xcd8088 "", postlogin_timeout_secs = 60, callback = 0x422980 , failure_callback = 0x422cf0 , request_auth_token = 1} service_flags = storage_service_flags = username = c = (gdb) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From benoit.panizzon at imp.ch Mon May 12 17:55:38 2014 From: benoit.panizzon at imp.ch (Benoit Panizzon) Date: Mon, 12 May 2014 19:55:38 +0200 Subject: [Dovecot] IMAP disconnect before greeting / banner Message-ID: <201405121955.38806.benoit.panizzon@imp.ch> Hello We have a server on which we run multiple instances of dovecot. Each instance serving a domain and binding to a specific IP. The whole thing on three servers using the proxy ability and replication of dovecot. Now one domain has more users and we start seeing very strange behaviour. As soon as about 45 users have connected to the imap service ip of that instance, the server accepts the connections and then disconnects without showing the IMAP banner. This happens on all of our three servers and only for that specific domain (which has most connections). While this occurs, there is no problem with the other instances for other domains on the same physical machine. So the database backend etc. are not the issue. While this occurs, there is no hint of what goes wrong in the logfiles. I did even set mail_debug=yes but that still does not produce any output of why clients get disconnected prior to the server displaying the banner. Any hints on where I could start looking for the error, or get more debug output as with mail_debug=yes ? -Benoit- From brad at comstyle.com Tue May 13 02:35:50 2014 From: brad at comstyle.com (Brad Smith) Date: Mon, 12 May 2014 22:35:50 -0400 Subject: [Dovecot] [Dovecot-news] v2.2.13 released In-Reply-To: <20140512185935.GA16428@serenity.local> References: <53705C3C.6090809@allard.it> <84440934-701D-436E-AA00-D2516084DCBA@iki.fi> <5370734F.3060602@allard.it> <474B8132-98FC-4B5A-B23D-B45DBD6F9866@iki.fi> <20140512185935.GA16428@serenity.local> Message-ID: <53718506.1030907@comstyle.com> On 12/05/14 2:59 PM, LEVAI Daniel wrote: > On h, m?j 12, 2014 at 10:26:57 +0300, Timo Sirainen wrote: >> On 12.5.2014, at 10.07, Renaud Allard wrote: >> >>>>> checking whether fd passing works... no >>>>> configure: error: fd passing is required for Dovecot to work >>>> >>>> What does config.log say about it? >>>> >>> >>> configure:21046: checking whether fd passing works >>> configure:21120: gcc -o conftest -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I./src/lib ./src/lib/fdpass.c -I/usr/local/include conftest.c >&5 >>> conftest.c:122: warning: no previous prototype for 'nopen' >>> configure:21120: $? = 0 >>> configure:21120: ./conftest >>> configure:21120: $? = 2 >>> configure: program exited with status 2 >>> >>> >>> It seems that if I put src/lib/fdpass.c from 2.2.12, the test succeeds. >> >> Oh. I finally fixed a broken sanity check there: >> http://hg.dovecot.org/dovecot-2.2/rev/bedecd5b6bab >> >> I wonder if the check is still somewhat broken or if OpenBSD (and BSD >> in general?) even attempts to set it correctly.. > > FWIW, it configures and compiles fine here on OpenBSD 5.5. What are the > configure options you are using Renaud? It fails for me with 5.5 and -current both just dropping .13 in for the port and simply running the autoconf script without any command line parameters. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mtrainer at cloud-free.com Tue May 13 04:34:22 2014 From: mtrainer at cloud-free.com (mtrainer at cloud-free.com) Date: Tue, 13 May 2014 12:34:22 +0800 Subject: [Dovecot] Error on doveadm director map Message-ID: <7b268a0dcdede8dd4c9335134992e978@cloud-free.com> Hi All, I am running Dovecot 1:2.2.9-1~bpo70+1 on Debian Wheezy. I have just started getting the error below when I do a do a list of proxied users. The list of users appears OK afterwards. # doveadm director map doveadm(root): Error: User listing returned failure doveadm(root): Error: user listing failed user mail server ip expire time . . . My director config is below. Thanks Murray # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 auth_cache_size = 32 M auth_cache_ttl = 2 hours auth_debug = yes auth_mechanisms = plain login auth_username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$-=?^_{}~./@+%" auth_username_translation = +@ auth_verbose = yes base_dir = /var/run/dovecot/ director_mail_servers = 27.54.95.41 27.54.95.42 27.54.95.43 27.54.95.44 27.54.95.45 27.54.95.46 director_servers = 27.54.95.37 27.54.95.38 disable_plaintext_auth = no doveadm_port = 24245 lmtp_proxy = yes mail_debug = yes namespace { inbox = yes location = prefix = INBOX. type = private } passdb { args = nopassword=y proxy=y driver = static } protocols = " imap lmtp pop3" service auth-worker { user = dovecot } service auth { client_limit = 4096 unix_listener auth-userdb { group = mail mode = 0666 user = dovecot } } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { address = 27.54.95.37 port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service doveadm { inet_listener { port = 24245 } } service imap-login { chroot = login executable = imap-login director inet_listener imap { address = *, [::] port = 143 } inet_listener imaps { address = * port = 993 ssl = yes } process_limit = 2048 process_min_avail = 32 service_count = 1 user = dovecot vsz_limit = 256 M } service imap { process_limit = 4096 vsz_limit = 256 M } service ipc { unix_listener ipc { mode = 0666 user = dovecot } } service lmtp { inet_listener lmtp { address = 27.54.95.37 port = 24 } process_limit = 2048 process_min_avail = 32 } service pop3-login { chroot = login executable = pop3-login director inet_listener pop3 { address = *, [::] port = 110 } inet_listener pop3s { address = *, [::] port = 995 ssl = yes } process_limit = 2048 process_min_avail = 32 service_count = 1 user = dovecot vsz_limit = 256 M } service pop3 { process_limit = 4096 vsz_limit = 256 M } ssl_cert = From skdovecot at smail.inf.fh-brs.de Tue May 13 06:40:03 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 13 May 2014 08:40:03 +0200 (CEST) Subject: [Dovecot] Dovecot Special_Use and K9 (and other Clients) In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 12 May 2014, sumsumag at gmx.de wrote: What's the question? > # 2.1.7: /etc/dovecot/dovecot.conf > # OS: Linux 3.10.25+ armv6l Debian 7.2 > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > mail_location = maildir:~/Maildir > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace { > inbox = yes > location = > mailbox { > auto = subscribe > special_use = \Archive > name = Archives > } > mailbox { > auto = subscribe > special_use = \Drafts > name = Entw&APw-rfe > } > mailbox { > auto = subscribe > special_use = \Trash > name = Gel&APY-schte Elemente > } > mailbox { > auto = subscribe > special_use = \Sent > name = Gesendete Elemente > } > mailbox { > auto = subscribe > special_use = \Junk > name = Junk-E-Mail > } > prefix = > name = inbox > } > passdb { > driver = pam > } > plugin { > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > postmaster_address = postmaster at localhost > protocols = " imap sieve pop3" > service replication-notify-fifo { > name = aggregator > } > service anvil-auth-penalty { > name = anvil > } > service auth-worker { > name = auth-worker > } > service { > unix_listener { > mode = 0666 > path = /var/spool/postfix/private/auth > } > unix_listener { > group = postfix > mode = 0660 > user = postfix > path = auth-userdb > } > user = $default_internal_user > name = auth > } > service config { > name = config > } > service dict { > name = dict > } > service login/proxy-notify { > name = director > } > service dns-client { > name = dns_client > } > service doveadm-server { > name = doveadm > } > service imap { > name = imap-login > } > service login/imap { > name = imap > } > service indexer-worker { > name = indexer-worker > } > service indexer { > name = indexer > } > service ipc { > name = ipc > } > service lmtp { > name = lmtp > } > service log-errors { > name = log > } > service sieve { > name = managesieve-login > } > service login/sieve { > name = managesieve > } > service pop3 { > name = pop3-login > } > service login/pop3 { > name = pop3 > } > service replicator { > name = replicator > } > service login/ssl-params { > name = ssl-params > } > service stats-mail { > name = stats > } > ssl = required > ssl_cert = ssl_key = userdb { > driver = passwd > } > protocol lmtp { > service replication-notify-fifo { > name = aggregator > } > service anvil-auth-penalty { > name = anvil > } > service auth-worker { > name = auth-worker > } > service auth-client { > name = auth > } > service config { > name = config > } > service dict { > name = dict > } > service login/proxy-notify { > name = director > } > service dns-client { > name = dns_client > } > service doveadm-server { > name = doveadm > } > service imap { > name = imap-login > } > service login/imap { > name = imap > } > service indexer-worker { > name = indexer-worker > } > service indexer { > name = indexer > } > service ipc { > name = ipc > } > service lmtp { > name = lmtp > } > service log-errors { > name = log > } > service sieve { > name = managesieve-login > } > service login/sieve { > name = managesieve > } > service pop3 { > name = pop3-login > } > service login/pop3 { > name = pop3 > } > service replicator { > name = replicator > } > service login/ssl-params { > name = ssl-params > } > service stats-mail { > name = stats > } > } > protocol lda { > mail_plugins = > service replication-notify-fifo { > name = aggregator > } > service anvil-auth-penalty { > name = anvil > } > service auth-worker { > name = auth-worker > } > service auth-client { > name = auth > } > service config { > name = config > } > service dict { > name = dict > } > service login/proxy-notify { > name = director > } > service dns-client { > name = dns_client > } > service doveadm-server { > name = doveadm > } > service imap { > name = imap-login > } > service login/imap { > name = imap > } > service indexer-worker { > name = indexer-worker > } > service indexer { > name = indexer > } > service ipc { > name = ipc > } > service lmtp { > name = lmtp > } > service log-errors { > name = log > } > service sieve { > name = managesieve-login > } > service login/sieve { > name = managesieve > } > service pop3 { > name = pop3-login > } > service login/pop3 { > name = pop3 > } > service replicator { > name = replicator > } > service login/ssl-params { > name = ssl-params > } > service stats-mail { > name = stats > } > } > protocol imap { > imap_capability = +XLIST > service replication-notify-fifo { > name = aggregator > } > service anvil-auth-penalty { > name = anvil > } > service auth-worker { > name = auth-worker > } > service auth-client { > name = auth > } > service config { > name = config > } > service dict { > name = dict > } > service login/proxy-notify { > name = director > } > service dns-client { > name = dns_client > } > service doveadm-server { > name = doveadm > } > service imap { > name = imap-login > } > service login/imap { > name = imap > } > service indexer-worker { > name = indexer-worker > } > service indexer { > name = indexer > } > service ipc { > name = ipc > } > service lmtp { > name = lmtp > } > service log-errors { > name = log > } > service sieve { > name = managesieve-login > } > service login/sieve { > name = managesieve > } > service pop3 { > name = pop3-login > } > service login/pop3 { > name = pop3 > } > service replicator { > name = replicator > } > service login/ssl-params { > name = ssl-params > } > service stats-mail { > name = stats > } > } > protocol pop3 { > service replication-notify-fifo { > name = aggregator > } > service anvil-auth-penalty { > name = anvil > } > service auth-worker { > name = auth-worker > } > service auth-client { > name = auth > } > service config { > name = config > } > service dict { > name = dict > } > service login/proxy-notify { > name = director > } > service dns-client { > name = dns_client > } > service doveadm-server { > name = doveadm > } > service imap { > name = imap-login > } > service login/imap { > name = imap > } > service indexer-worker { > name = indexer-worker > } > service indexer { > name = indexer > } > service ipc { > name = ipc > } > service lmtp { > name = lmtp > } > service log-errors { > name = log > } > service sieve { > name = managesieve-login > } > service login/sieve { > name = managesieve > } > service pop3 { > name = pop3-login > } > service login/pop3 { > name = pop3 > } > service replicator { > name = replicator > } > service login/ssl-params { > name = ssl-params > } > service stats-mail { > name = stats > } > } > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3G+RHz1H7kL/d9rAQJx9Af/WnPXZGvaCegGU/NK0XkMvT50hKaYRTum 5RqEweyiAPhR3K0rydviMToiTYMsuYlF4gzZTekWbRvJ08KTfgYtt5uf+kIDCpC9 jOxKuihz2tELJtUrt3EMN+DWEFmrWsfpuQJZxfELJjzI06I+A24atyUlZp4vG66e JMypehhiP4ehGXGufMWV4lYybD7ZL4SdnRxlLnVgOGAxgjszdA/J67jfiNt7EYwr Vc8SXj7cMoPDH3i+Hxd+pdu0EI60l2eWTk101Igoja3/6Z9hRsS5r1r9ZRxXWYjW nWKUCRwDYAu1BFc1Mq0n7HJ5VmovZjodsT3iPYsKlnjL5uB6aKJhzQ== =8XVC -----END PGP SIGNATURE----- From selcuk.yazar at gmail.com Tue May 13 07:00:37 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Tue, 13 May 2014 10:00:37 +0300 Subject: [Dovecot] =?utf-8?q?=C4=B0nstall_dovecot-piegonhone?= In-Reply-To: <536FF887.6010809@metaways.de> References: <536FF887.6010809@metaways.de> Message-ID: Hi, Ok , i apply your advice install pigeonhole on a test system , everything looks good. We have default settings for pigeonhole. but when i restaRT the dovecot it gives Starting Dovecot Imap: doveconf: Error: managesieve-login: dump-capability process killed with signal 11 error. also Telnet localhost 4190 gives Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "" "SASL" "PLAIN LOGIN" "VERSION" "1.0" OK "Dovecot ready." but i have no idea for first error , any solution ? thanks in advance. On Mon, May 12, 2014 at 1:24 AM, Daniel Parthey wrote: > Am 08.05.2014 12:54, schrieb Selcuk Yazar: > > > We have Postfix-Dovecot MTA at Redhat EL 5 system. Also we are using this >> system activelly. Now i wantto install pigeonhole managesive server on >> this >> sys. Do i have any risk or anything ? >> > > There is *always* a risk of doing something wrong, > so it is always good to have a backup in place, before > changing the system configuration. > > In my experience, the risk for SIEVE the risk is low, since > the pidgeonhole implementation is rather stable, but it surely depends on > your dovecot and sieve version you want to use, since there have been some > MANAGESIEVE bugs in the past. > > What about setting up a virtual test machine with sieve > and managesieve enabled and doing some stress tests there? > > Regards > Daniel > -- Sel?uk YAZAR http://www.selcukyazar.blogspot.com From rs at sys4.de Tue May 13 07:02:18 2014 From: rs at sys4.de (Robert Schetterer) Date: Tue, 13 May 2014 09:02:18 +0200 Subject: [Dovecot] Dovecot Special_Use and K9 (and other Clients) In-Reply-To: References: Message-ID: <5371C37A.3020509@sys4.de> Am 13.05.2014 08:40, schrieb Steffen Kaiser: > On Mon, 12 May 2014, sumsumag at gmx.de wrote: > > What's the question? perhaps have a look at https://sys4.de/de/blog/2013/03/25/outlook-2013-special-use-mit-dovecot/ sorry german K9 uses imap special-use but clients sometimes use there own special stuff with some special folders > >> # 2.1.7: /etc/dovecot/dovecot.conf >> # OS: Linux 3.10.25+ armv6l Debian 7.2 >> lda_mailbox_autocreate = yes >> lda_mailbox_autosubscribe = yes >> mail_location = maildir:~/Maildir >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope >> encoded-character vacation subaddress comparator-i;ascii-numeric >> relational regex imap4flags copy include variables body enotify >> environment mailbox date ihave >> namespace { >> inbox = yes >> location = >> mailbox { >> auto = subscribe >> special_use = \Archive >> name = Archives >> } >> mailbox { >> auto = subscribe >> special_use = \Drafts >> name = Entw&APw-rfe >> } >> mailbox { >> auto = subscribe >> special_use = \Trash >> name = Gel&APY-schte Elemente >> } >> mailbox { >> auto = subscribe >> special_use = \Sent >> name = Gesendete Elemente >> } >> mailbox { >> auto = subscribe >> special_use = \Junk >> name = Junk-E-Mail >> } >> prefix = >> name = inbox >> } >> passdb { >> driver = pam >> } >> plugin { >> sieve = ~/.dovecot.sieve >> sieve_dir = ~/sieve >> } >> postmaster_address = postmaster at localhost >> protocols = " imap sieve pop3" >> service replication-notify-fifo { >> name = aggregator >> } >> service anvil-auth-penalty { >> name = anvil >> } >> service auth-worker { >> name = auth-worker >> } >> service { >> unix_listener { >> mode = 0666 >> path = /var/spool/postfix/private/auth >> } >> unix_listener { >> group = postfix >> mode = 0660 >> user = postfix >> path = auth-userdb >> } >> user = $default_internal_user >> name = auth >> } >> service config { >> name = config >> } >> service dict { >> name = dict >> } >> service login/proxy-notify { >> name = director >> } >> service dns-client { >> name = dns_client >> } >> service doveadm-server { >> name = doveadm >> } >> service imap { >> name = imap-login >> } >> service login/imap { >> name = imap >> } >> service indexer-worker { >> name = indexer-worker >> } >> service indexer { >> name = indexer >> } >> service ipc { >> name = ipc >> } >> service lmtp { >> name = lmtp >> } >> service log-errors { >> name = log >> } >> service sieve { >> name = managesieve-login >> } >> service login/sieve { >> name = managesieve >> } >> service pop3 { >> name = pop3-login >> } >> service login/pop3 { >> name = pop3 >> } >> service replicator { >> name = replicator >> } >> service login/ssl-params { >> name = ssl-params >> } >> service stats-mail { >> name = stats >> } >> ssl = required >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> protocol lmtp { >> service replication-notify-fifo { >> name = aggregator >> } >> service anvil-auth-penalty { >> name = anvil >> } >> service auth-worker { >> name = auth-worker >> } >> service auth-client { >> name = auth >> } >> service config { >> name = config >> } >> service dict { >> name = dict >> } >> service login/proxy-notify { >> name = director >> } >> service dns-client { >> name = dns_client >> } >> service doveadm-server { >> name = doveadm >> } >> service imap { >> name = imap-login >> } >> service login/imap { >> name = imap >> } >> service indexer-worker { >> name = indexer-worker >> } >> service indexer { >> name = indexer >> } >> service ipc { >> name = ipc >> } >> service lmtp { >> name = lmtp >> } >> service log-errors { >> name = log >> } >> service sieve { >> name = managesieve-login >> } >> service login/sieve { >> name = managesieve >> } >> service pop3 { >> name = pop3-login >> } >> service login/pop3 { >> name = pop3 >> } >> service replicator { >> name = replicator >> } >> service login/ssl-params { >> name = ssl-params >> } >> service stats-mail { >> name = stats >> } >> } >> protocol lda { >> mail_plugins = >> service replication-notify-fifo { >> name = aggregator >> } >> service anvil-auth-penalty { >> name = anvil >> } >> service auth-worker { >> name = auth-worker >> } >> service auth-client { >> name = auth >> } >> service config { >> name = config >> } >> service dict { >> name = dict >> } >> service login/proxy-notify { >> name = director >> } >> service dns-client { >> name = dns_client >> } >> service doveadm-server { >> name = doveadm >> } >> service imap { >> name = imap-login >> } >> service login/imap { >> name = imap >> } >> service indexer-worker { >> name = indexer-worker >> } >> service indexer { >> name = indexer >> } >> service ipc { >> name = ipc >> } >> service lmtp { >> name = lmtp >> } >> service log-errors { >> name = log >> } >> service sieve { >> name = managesieve-login >> } >> service login/sieve { >> name = managesieve >> } >> service pop3 { >> name = pop3-login >> } >> service login/pop3 { >> name = pop3 >> } >> service replicator { >> name = replicator >> } >> service login/ssl-params { >> name = ssl-params >> } >> service stats-mail { >> name = stats >> } >> } >> protocol imap { >> imap_capability = +XLIST >> service replication-notify-fifo { >> name = aggregator >> } >> service anvil-auth-penalty { >> name = anvil >> } >> service auth-worker { >> name = auth-worker >> } >> service auth-client { >> name = auth >> } >> service config { >> name = config >> } >> service dict { >> name = dict >> } >> service login/proxy-notify { >> name = director >> } >> service dns-client { >> name = dns_client >> } >> service doveadm-server { >> name = doveadm >> } >> service imap { >> name = imap-login >> } >> service login/imap { >> name = imap >> } >> service indexer-worker { >> name = indexer-worker >> } >> service indexer { >> name = indexer >> } >> service ipc { >> name = ipc >> } >> service lmtp { >> name = lmtp >> } >> service log-errors { >> name = log >> } >> service sieve { >> name = managesieve-login >> } >> service login/sieve { >> name = managesieve >> } >> service pop3 { >> name = pop3-login >> } >> service login/pop3 { >> name = pop3 >> } >> service replicator { >> name = replicator >> } >> service login/ssl-params { >> name = ssl-params >> } >> service stats-mail { >> name = stats >> } >> } >> protocol pop3 { >> service replication-notify-fifo { >> name = aggregator >> } >> service anvil-auth-penalty { >> name = anvil >> } >> service auth-worker { >> name = auth-worker >> } >> service auth-client { >> name = auth >> } >> service config { >> name = config >> } >> service dict { >> name = dict >> } >> service login/proxy-notify { >> name = director >> } >> service dns-client { >> name = dns_client >> } >> service doveadm-server { >> name = doveadm >> } >> service imap { >> name = imap-login >> } >> service login/imap { >> name = imap >> } >> service indexer-worker { >> name = indexer-worker >> } >> service indexer { >> name = indexer >> } >> service ipc { >> name = ipc >> } >> service lmtp { >> name = lmtp >> } >> service log-errors { >> name = log >> } >> service sieve { >> name = managesieve-login >> } >> service login/sieve { >> name = managesieve >> } >> service pop3 { >> name = pop3-login >> } >> service login/pop3 { >> name = pop3 >> } >> service replicator { >> name = replicator >> } >> service login/ssl-params { >> name = ssl-params >> } >> service stats-mail { >> name = stats >> } >> } > > > -- Steffen Kaiser Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From slusarz at curecanti.org Tue May 13 07:22:07 2014 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 13 May 2014 01:22:07 -0600 Subject: [Dovecot] Dovecot Special_Use and K9 (and other Clients) In-Reply-To: <5371C37A.3020509@sys4.de> References: <5371C37A.3020509@sys4.de> Message-ID: <20140513012207.Horde.nRu5iov51PkNAzLR_8TL7w1@bigworm.curecanti.org> Quoting Robert Schetterer : > Am 13.05.2014 08:40, schrieb Steffen Kaiser: >> On Mon, 12 May 2014, sumsumag at gmx.de wrote: >> >> What's the question? > > perhaps have a look at > > https://sys4.de/de/blog/2013/03/25/outlook-2013-special-use-mit-dovecot/ > > sorry german > > K9 uses imap special-use > > but clients sometimes use there own special stuff with some special folders As they should. Special use flags are informational to a client. As the RFC indicates, they almost certainly should not be used automatically as-is without at least some kind of verification from the user (i.e. during the initial configuration). michael From mihai at badici.ro Tue May 13 08:21:30 2014 From: mihai at badici.ro (Mihai Badici) Date: Tue, 13 May 2014 11:21:30 +0300 Subject: [Dovecot] dovecot shared folder Message-ID: <3919733.59fUNqSxLb@arhivio> I try to create a shared directory in dovecot. When accessing ( from roundcube) i can't subscribe or list the namespace. It looks like I don't have rights. This is an extract from debug log: When I try to create a new folder in "Public" (i don't have rights, but i can try) loooks like the process crash: May 12 23:10:07 imap: Debug: Module loaded: /usr/lib/dovecot/lib01_acl_plugin.so May 12 23:10:07 imap: Debug: Module loaded: /usr/lib/dovecot/lib02_imap_acl_plugin.so May 12 23:10:07 imap: Debug: Added userdb setting: plugin/ mail=Mihai.Badici May 12 23:10:07 imap(Mihai.Badici): Debug: Effective uid=10000, gid=10000, home=/home/dovecot/private/Mihai.Badici May 12 23:10:07 imap(Mihai.Badici): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/MAILDIR May 12 23:10:07 imap(Mihai.Badici): Debug: maildir++: root=/home/dovecot/private/Mihai.Badici/MAILDIR, index=, indexpvt=, control=, inbox=/home/dovecot/private/Mihai.Badici/MAILDIR, alt= May 12 23:10:07 imap(Mihai.Badici): Debug: acl: initializing backend with data: vfile:/etc/dovecot/dovecot-acl May 12 23:10:07 imap(Mihai.Badici): Debug: acl: acl username = Mihai.Badici May 12 23:10:07 imap(Mihai.Badici): Debug: acl: owner = 1 May 12 23:10:07 imap(Mihai.Badici): Debug: acl vfile: Global ACL legacy directory: /etc/dovecot/dovecot-acl May 12 23:10:07 imap(Mihai.Badici): Debug: Namespace : type=shared, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=maildir:/home/dovecot/public May 12 23:10:07 imap(Mihai.Badici): Debug: maildir++: root=/home/dovecot/public, index=, indexpvt=, control=, inbox=, alt= May 12 23:10:07 imap(Mihai.Badici): Debug: acl: initializing backend with data: vfile:/etc/dovecot/dovecot-acl May 12 23:10:07 imap(Mihai.Badici): Debug: acl: acl username = Mihai.Badici May 12 23:10:07 imap(Mihai.Badici): Debug: acl: owner = 0 May 12 23:10:07 imap(Mihai.Badici): Debug: acl vfile: Global ACL legacy directory: /etc/dovecot/dovecot-acl May 12 23:10:07 imap(Mihai.Badici): Debug: acl vfile: file /etc/dovecot/dovecot- acl//.DEFAULT not found May 12 23:10:07 imap(Mihai.Badici): Debug: acl vfile: file /etc/dovecot/dovecot- acl//.DEFAULT not found May 12 23:10:07 imap(Mihai.Badici): Debug: acl vfile: reading file /home/dovecot/public/dovecot-acl May 12 23:10:07 imap(Mihai.Badici): Fatal: master: service(imap): child 5013 killed with signal 11 (core dumps disabled) doveconf -n 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.10.17-smp i686 Slackware 14.1 auth_debug = yes default_login_user = dovecot disable_plaintext_auth = no imap_metadata = yes log_path = /var/log/dovecot mail_attribute_dict = file:~/shared_metadata mail_debug = yes mail_gid = 10000 mail_location = maildir:~/MAILDIR mail_plugins = acl mail_uid = 10000 namespace { location = maildir:/home/dovecot/public prefix = Public/ separator = / subscriptions = yes type = shared } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/dovecot-acl acl_anyone = allow acl_shared_dict = file:/home/dovecot/shared-mailboxes.db } postmaster_address = root at mail.olm.ro protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postdrop mode = 0666 user = postfix } unix_listener auth-userdb { group = mailbox mode = 0666 user = mailbox } user = dovecot } service dict { unix_listener dict { group = mailbox mode = 0600 user = mailbox } } service lmtp { unix_listener /var/spool/postfix/private/lmtp-dovecot { group = postfix mode = 0600 user = postfix } } ssl = no userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } imap_metadata = yes protocol lmtp { mail_plugins = acl } protocol lda { mail_plugins = acl } protocol imap { mail_plugins = acl acl imap_acl } -- Mihai B?dici http://mihai.badici.ro From leo at strike.wu.ac.at Tue May 13 09:46:48 2014 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Tue, 13 May 2014 11:46:48 +0200 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <536A99B4.1010109@strike.wu.ac.at> References: <536A99B4.1010109@strike.wu.ac.at> Message-ID: <5371EA08.3050402@strike.wu.ac.at> On 05/07/2014 10:38 PM, Alexander 'Leo' Bergolth wrote: > I am getting "Cached message size smaller than expected" errors since dovecot-2.1.x. > Until now, I thought that those errors don't do any harm, I assumed that the cache will just be rebuilt after the error had been detected. > > However, since dovecot 2.2.x (I tried 2.2.7 and 2.2.10), the errors sometimes seem to actually cause mail access to fail. dovecot 2.2.12 and 2.2.13 also show the same errors: -------------------- 8< -------------------- May 13 10:38:07 samba dovecot: imap-login: Login: user=, method=PLAIN, rip=172.23.60.1, lip=172.23.60.3, mpid=12503, secured, session= May 13 10:38:08 samba dovecot: imap(xxx): Error: Cached message size smaller than expected (68196 < 68197) May 13 10:38:08 samba dovecot: imap(xxx): Error: Corrupted index cache file /home/xxx/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 1835 May 13 10:38:08 samba dovecot: imap(xxx): Error: read(/var/mail/xxx) failed: Invalid argument (uid=1835) May 13 10:38:08 samba dovecot: imap(xxx): Disconnected: Internal error occurred. Refer to server log for more information. [2014-05-13 10:38:07] in=794 out=264037 -------------------- 8< -------------------- As before, message size difference is always 1 byte. Is there any debug mode that could be used to collect more information without flooding the server? Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From rs at sys4.de Tue May 13 09:53:49 2014 From: rs at sys4.de (Robert Schetterer) Date: Tue, 13 May 2014 11:53:49 +0200 Subject: [Dovecot] Dovecot Special_Use and K9 (and other Clients) In-Reply-To: <20140513012207.Horde.nRu5iov51PkNAzLR_8TL7w1@bigworm.curecanti.org> References: <5371C37A.3020509@sys4.de> <20140513012207.Horde.nRu5iov51PkNAzLR_8TL7w1@bigworm.curecanti.org> Message-ID: <5371EBAD.4040107@sys4.de> Am 13.05.2014 09:22, schrieb Michael M Slusarz: > Quoting Robert Schetterer : > >> Am 13.05.2014 08:40, schrieb Steffen Kaiser: >>> On Mon, 12 May 2014, sumsumag at gmx.de wrote: >>> >>> What's the question? >> >> perhaps have a look at >> >> https://sys4.de/de/blog/2013/03/25/outlook-2013-special-use-mit-dovecot/ >> >> sorry german >> >> K9 uses imap special-use >> >> but clients sometimes use there own special stuff with some special >> folders > > As they should. Special use flags are informational to a client. As > the RFC indicates, they almost certainly should not be used > automatically as-is without at least some kind of verification from the > user (i.e. during the initial configuration). yes ,tec people know, but "normal" users may wonder sometimes > > michael Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From javierdemiguel-ext at us.es Tue May 13 10:12:55 2014 From: javierdemiguel-ext at us.es (=?ISO-8859-1?Q?Javier_Miguel_Rodr=EDguez?=) Date: Tue, 13 May 2014 12:12:55 +0200 Subject: [Dovecot] v2.2.13 released In-Reply-To: References: Message-ID: <5371F027.1060109@us.es> I think the new settings */mdbox_purge_preserve_alt /*setting should be enforced by default in 2.3.0+/. / Regards Javier/ // / > > > > > + mdbox: Added mdbox_purge_preserve_alt setting to keep the file > within alt storage during purge. (Should become enforced in v2.3.0?) > -- Apoyo a la Docencia e Investigaci?n Servicio de Inform?tica y Comunicaciones Gesti?n de Incidencias: https://sicremedy.us.es/arsys From axel.luttgens at skynet.be Tue May 13 10:43:03 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Tue, 13 May 2014 12:43:03 +0200 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <536B5568.80108@strike.wu.ac.at> References: <536A99B4.1010109@strike.wu.ac.at> <536B5209.5020309@Media-Brokers.com> <536B5568.80108@strike.wu.ac.at> Message-ID: Le 8 mai 2014 ? 11:59, Alexander 'Leo' Bergolth a ?crit : > [...] > I am using a single server, mbox, local disks (/home and /var is XFS on > HP SmartArray). > > I tried dovecot 2.2.7, 2.2.10 and 2.2.12. All of them produce tha same > errors. ("Cached message size smaller than expected", sometimes followed > by "read... Invalid argument".) > > 2.1.1 seems to only produce "Cached message size smaller than expected" > without the read errors. > > Cheers, > --leo > > [...] > mbox_write_locks = fcntl > [...] Hello Alexander, Your error messages seem to be related to the user's INBOX. On the other hand, your config doesn't make appear lda nor lmtp (or I missed it, in which case, well... sorry). Who puts the incoming messages into the mboxes? Axel From davide.marchi at mail.cgilfe.it Tue May 13 10:43:54 2014 From: davide.marchi at mail.cgilfe.it (Davide) Date: Tue, 13 May 2014 12:43:54 +0200 Subject: [Dovecot] Quota dict with redis Message-ID: <5371F76A.5070803@mail.cgilfe.it> I have installed redis backend for quota and my dovecot.conf is as follow: quota = dict:User quota:ignoreunlimited:redis:host=127.0.0.1:prefix=%u/ but for all of my users doveadm quota get return always same quota (of the last user) Someone could help me in the right direction? -- *Davide Marchi* *T*eorema *F*errara *Srl* Via Spronello, 7 - Ferrara - 44121 Tel. *0532783161* Fax. *0532783368* E-m at il: *davide.marchi at mail.cgilfe.it* Skype: *davide.marchi73* Web: *http://www.cgilfe.it* *CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* From selcuk.yazar at gmail.com Tue May 13 10:58:01 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Tue, 13 May 2014 13:58:01 +0300 Subject: [Dovecot] pigeonhole installation postfix+dovecot+openldap Message-ID: Hi, we have running system postfix+dovecot+openldap. i have installed pigeon hole, and afterlogic webmail php my test system. when i try to connect with telnet [root at ....mail postfix]# telnet 0 4190 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. "IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags notify" "NOTIFY" "mailto" "SASL" "PLAIN LOGIN" "VERSION" "1.0" OK "Dovecot ready." my dovecot configuration lijke this [root at trakyamail ~]# dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-131.6.1.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.0 (Santiago) ext4 auth_debug = yes auth_debug_passwords = yes auth_default_realm = ..................edu.tr auth_mechanisms = plain login auth_verbose = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no first_valid_uid = 97 info_log_path = /var/log/dovecot.info last_valid_uid = 5000 mail_debug = yes mail_gid = 1001 mail_location = mbox:/home/vmail/domains/%d/%u mail_uid = 1001 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags notify mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/dovecot-ldap.conf.ext driver = ldap } plugin { sieve = /home/vmail/domains/.......edu.tr/%n/.dovecot.sieve sieve_dir = /home/vmail/domains/................edu.tr/%n/sieve sieve_extensions = +notify +imapflags sieve_user_log = /home/vmail/domains/................... edu.tr/%n/.dovecot.sieve.log } protocols = imap pop3 lmtp sieve service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } ssl = no ssl_cert = References: Message-ID: <5371FC14.1070308@Media-Brokers.com> On 5/13/2014 6:58 AM, Selcuk Yazar wrote: > [root at trakyamail ~]# dovecot -n > # 2.0.9: /etc/dovecot/dovecot.conf 2.0.9 is too old and unsupported. You need to upgrade first (be sure to read the upgrade info on the wiki)... -- Best regards, Charles From CMarcus at Media-Brokers.com Tue May 13 11:03:56 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 13 May 2014 07:03:56 -0400 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <5371EA08.3050402@strike.wu.ac.at> References: <536A99B4.1010109@strike.wu.ac.at> <5371EA08.3050402@strike.wu.ac.at> Message-ID: <5371FC1C.7020405@Media-Brokers.com> On 5/13/2014 5:46 AM, Alexander 'Leo' Bergolth wrote: > May 13 10:38:08 samba dovecot: imap(xxx): Disconnected: Internal error occurred. Refer to server log for more information. [2014-05-13 10:38:07] in=794 out=264037 So... what does server log show? -- Best regards, Charles From stephan at rename-it.nl Tue May 13 11:06:52 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 13 May 2014 13:06:52 +0200 Subject: [Dovecot] pigeonhole installation postfix+dovecot+openldap In-Reply-To: References: Message-ID: <5371FCCC.2020702@rename-it.nl> Selcuk Yazar schreef op 13-5-2014 12:58: > Hi, > > we have running system postfix+dovecot+openldap. i have installed pigeon > hole, and afterlogic webmail php my test system. http://wiki2.dovecot.org/Pigeonhole/Sieve/Troubleshooting Regards, Stephan. From selcuk.yazar at gmail.com Tue May 13 11:23:59 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Tue, 13 May 2014 14:23:59 +0300 Subject: [Dovecot] pigeonhole installation postfix+dovecot+openldap In-Reply-To: <5371FCCC.2020702@rename-it.nl> References: <5371FCCC.2020702@rename-it.nl> Message-ID: Hi, >>2.0.9 is too old and unsupported. You need to upgrade first (be sure to read the upgrade info on the wiki)... our system is Redhat EL 6, and rin redhat portal thereis no update for 2.0.9 . On Tue, May 13, 2014 at 2:06 PM, Stephan Bosch wrote: > Selcuk Yazar schreef op 13-5-2014 12:58: > > Hi, >> >> we have running system postfix+dovecot+openldap. i have installed pigeon >> hole, and afterlogic webmail php my test system. >> > > http://wiki2.dovecot.org/Pigeonhole/Sieve/Troubleshooting > > Regards, > > Stephan. > -- Sel?uk YAZAR http://www.selcukyazar.blogspot.com From h.reindl at thelounge.net Tue May 13 11:26:00 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 13 May 2014 13:26:00 +0200 Subject: [Dovecot] pigeonhole installation postfix+dovecot+openldap In-Reply-To: References: <5371FCCC.2020702@rename-it.nl> Message-ID: <53720148.4040602@thelounge.net> Am 13.05.2014 13:23, schrieb Selcuk Yazar: >>> 2.0.9 is too old and unsupported. You need to upgrade first (be sure to > read the upgrade info on the wiki)... > > our system is Redhat EL 6, and rin redhat portal thereis no update for 2.0.9 than Redhat is your support contact, that's why you use and pay it -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From maciej.uhlig at us.edu.pl Tue May 13 11:26:00 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Tue, 13 May 2014 13:26:00 +0200 Subject: [Dovecot] RFE: please add mail queue id to 'sent vacation response' log line Message-ID: <53720148.2060407@us.edu.pl> May I ask to add receiving smtp server mail queue id to sieve 'sent vacation response' log line? Now: 2014-05-09T15:04:32+02:00 name/ip dovecot: lmtp(8164, user1 at domain): YvJFLVbSbFPkHwAASpgOhg: sieve: msgid=<000301cf6b87$36be4570$a43ad050$@us.edu.pl> size=46850: sent vacation response to Asked for something like this: 2014-05-09T15:04:32+02:00 name/ip dovecot: lmtp(8164, user1 at domain): YvJFLVbSbFPkHwAASpgOhg: sieve: msgid=<000301cf6b87$36be4570$a43ad050$@us.edu.pl> size=46850: sent vacation response to (smtp:[ip]:port): 250 2.0.0 Ok: queued as mailqueueid) <<< In case there are more than one vacation response recipients there is no way to identify who had received the response and who hadn't. Thanks. MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From h.reindl at thelounge.net Tue May 13 11:30:13 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 13 May 2014 13:30:13 +0200 Subject: [Dovecot] RFE: please add mail queue id to 'sent vacation response' log line In-Reply-To: <53720148.2060407@us.edu.pl> References: <53720148.2060407@us.edu.pl> Message-ID: <53720245.2050902@thelounge.net> Am 13.05.2014 13:26, schrieb Maciej Uhlig: > May I ask to add receiving smtp server mail queue id to sieve 'sent > vacation response' log line? > > Now: > > 2014-05-09T15:04:32+02:00 name/ip dovecot: lmtp(8164, user1 at domain): > YvJFLVbSbFPkHwAASpgOhg: sieve: > msgid=<000301cf6b87$36be4570$a43ad050$@us.edu.pl> size=46850: sent > vacation response to > > Asked for something like this: > > 2014-05-09T15:04:32+02:00 name/ip dovecot: lmtp(8164, user1 at domain): > YvJFLVbSbFPkHwAASpgOhg: sieve: > msgid=<000301cf6b87$36be4570$a43ad050$@us.edu.pl> size=46850: sent > vacation response to (smtp:[ip]:port): 250 2.0.0 Ok: > queued as mailqueueid) <<< > > In case there are more than one vacation response recipients there is no > way to identify who had received the response and who hadn't think again about the real mail-flow: * the MTA receives and queues the message * then the message is sent via LMTP from the MTA to dovecot LMTP * from where do you think dovecot-lmtpd shoukd get the MTA's queue id? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From maciej.uhlig at us.edu.pl Tue May 13 11:55:14 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Tue, 13 May 2014 13:55:14 +0200 Subject: [Dovecot] RFE: please add mail queue id to 'sent vacation response' log line In-Reply-To: <53720245.2050902@thelounge.net> References: <53720148.2060407@us.edu.pl> <53720245.2050902@thelounge.net> Message-ID: <53720822.2000900@us.edu.pl> Reindl Harald - 2014-05-13 13:30: > * from where do you think dovecot-lmtpd shoukd get the MTA's queue id? AFAICS dovecot sieve plugin is able to send mail (vacation response, forward mail) via SMTP MTA. Thanks. MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From h.reindl at thelounge.net Tue May 13 12:01:44 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 13 May 2014 14:01:44 +0200 Subject: [Dovecot] RFE: please add mail queue id to 'sent vacation response' log line In-Reply-To: <53720822.2000900@us.edu.pl> References: <53720148.2060407@us.edu.pl> <53720245.2050902@thelounge.net> <53720822.2000900@us.edu.pl> Message-ID: <537209A8.7020501@thelounge.net> Am 13.05.2014 13:55, schrieb Maciej Uhlig: > Reindl Harald - 2014-05-13 13:30: >> * from where do you think dovecot-lmtpd shoukd get the MTA's queue id? > > AFAICS dovecot sieve plugin is able to send mail (vacation response, > forward mail) via SMTP MTA you stripped the relevant part of my response yes, it sends a *NEW* message via the MTA but that don't change the fact the dovecot don't know the queue id of the *original* message received by the MTA ________________________________ think again about the real mail-flow: * the MTA receives and queues the message * then the message is sent via LMTP from the MTA to dovecot LMTP * from where do you think dovecot-lmtpd shoukd get the MTA's queue id? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From maciej.uhlig at us.edu.pl Tue May 13 12:12:09 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Tue, 13 May 2014 14:12:09 +0200 Subject: [Dovecot] RFE: please add mail queue id to 'sent vacation response' log line In-Reply-To: <537209A8.7020501@thelounge.net> References: <53720148.2060407@us.edu.pl> <53720245.2050902@thelounge.net> <53720822.2000900@us.edu.pl> <537209A8.7020501@thelounge.net> Message-ID: <53720C19.6090407@us.edu.pl> Reindl Harald - 2014-05-13 14:01: > yes, it sends a *NEW* message via the MTA OK, I need just this *NEW* mail queue id. > but that don't change the fact the dovecot don't know > the queue id of the *original* message received by > the MTA You're right - but this is something I don't need: this information can be found looking at sieve queue id on sending LMTP server. Thanks. MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From leo at strike.wu.ac.at Tue May 13 12:18:20 2014 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Tue, 13 May 2014 14:18:20 +0200 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <5371FC1C.7020405@Media-Brokers.com> References: <536A99B4.1010109@strike.wu.ac.at> <5371EA08.3050402@strike.wu.ac.at> <5371FC1C.7020405@Media-Brokers.com> Message-ID: <53720D8C.9080500@strike.wu.ac.at> On 05/13/2014 01:03 PM, Charles Marcus wrote: > On 5/13/2014 5:46 AM, Alexander 'Leo' Bergolth wrote: >> May 13 10:38:08 samba dovecot: imap(xxx): Disconnected: Internal error >> occurred. Refer to server log for more information. [2014-05-13 >> 10:38:07] in=794 out=264037 > > So... what does server log show? That's it. (The previous lines are all that gets logged.) --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From leo at strike.wu.ac.at Tue May 13 12:19:40 2014 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Tue, 13 May 2014 14:19:40 +0200 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: References: <536A99B4.1010109@strike.wu.ac.at> <536B5209.5020309@Media-Brokers.com> <536B5568.80108@strike.wu.ac.at> Message-ID: <53720DDC.2000302@strike.wu.ac.at> On 05/13/2014 12:43 PM, Axel Luttgens wrote: > Le 8 mai 2014 ? 11:59, Alexander 'Leo' Bergolth a ?crit : >> [...] >> I am using a single server, mbox, local disks (/home and /var is XFS on >> HP SmartArray). >> >> I tried dovecot 2.2.7, 2.2.10 and 2.2.12. All of them produce tha same >> errors. ("Cached message size smaller than expected", sometimes followed >> by "read... Invalid argument".) >> >> 2.1.1 seems to only produce "Cached message size smaller than expected" >> without the read errors. >> >> Cheers, >> --leo >> >> [...] >> mbox_write_locks = fcntl >> [...] > > Hello Alexander, > > Your error messages seem to be related to the user's INBOX. They appear with different users and are not always related to inboxes. I've also encountered those messages with other mailboxes, like /home/$USER/mail/Trash. "doveadm force-resync" doesn't fix them. > On the other hand, your config doesn't make appear lda nor lmtp (or I missed it, in which case, well... sorry). > Who puts the incoming messages into the mboxes? Mail is delivered via maildrop (maildrop-2.5.0-13.el6.x86_64). I don't think that it is a mailbox lock problem between LDA and dovecot, since - the errors occur with mailboxes other than INBOX - there is no mail delivery logged between the last imap logout and the error: -------------------- 8< -------------------- May 13 10:16:46 samba dovecot: imap-login: Login: user=, method=PLAIN, rip=172.23.60.1, lip=172.23.60.3, mpid=6875, secured, session= May 13 10:18:06 samba dovecot: imap(USERX): Disconnected: Logged out in=507 out=4607 May 13 10:19:56 samba dovecot: imap-login: Login: user=, method=PLAIN, rip=172.23.60.1, lip=172.23.60.3, mpid=7686, secured, session= May 13 10:37:05 samba dovecot: imap-login: Login: user=, method=PLAIN, rip=172.23.60.1, lip=172.23.60.3, mpid=12234, secured, session= May 13 10:38:04 samba dovecot: imap-login: Login: user=, method=PLAIN, rip=172.23.60.1, lip=172.23.60.3, mpid=12483, secured, session= May 13 10:38:05 samba dovecot: imap-login: Login: user=, method=PLAIN, rip=172.23.60.1, lip=172.23.60.3, mpid=12495, secured, session= May 13 10:38:06 samba dovecot: imap-login: Login: user=, method=PLAIN, rip=172.23.60.1, lip=172.23.60.3, mpid=12498, secured, session= May 13 10:38:06 samba dovecot: imap(USERX): Connection closed in=16 out=405 May 13 10:38:07 samba dovecot: imap-login: Login: user=, method=PLAIN, rip=172.23.60.1, lip=172.23.60.3, mpid=12503, secured, session= May 13 10:38:08 samba dovecot: imap(USERX): Error: Cached message size smaller than expected (68196 < 68197) May 13 10:38:08 samba dovecot: imap(USERX): Error: Corrupted index cache file /home/USERX/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 1835 May 13 10:38:08 samba dovecot: imap(USERX): Error: read(/var/mail/USERX) failed: Invalid argument (uid=1835) May 13 10:38:08 samba dovecot: imap(USERX): Disconnected: Internal error occurred. Refer to server log for more information. [2014-05-13 10:38:07] in=794 out=264037 May 13 10:38:08 samba dovecot: imap-login: Login: user=, method=PLAIN, rip=172.23.60.1, lip=172.23.60.3, mpid=12513, secured, session= -------------------- 8< -------------------- However I do often see multiple imap logins before the errors. Maybe it's a dovecot internal cache locking issue? Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From tom at whyscream.net Tue May 13 12:27:28 2014 From: tom at whyscream.net (Tom Hendrikx) Date: Tue, 13 May 2014 14:27:28 +0200 Subject: [Dovecot] RFE: please add mail queue id to 'sent vacation response' log line In-Reply-To: <537209A8.7020501@thelounge.net> References: <53720148.2060407@us.edu.pl> <53720245.2050902@thelounge.net> <53720822.2000900@us.edu.pl> <537209A8.7020501@thelounge.net> Message-ID: <53720FB0.7070306@whyscream.net> On 05/13/2014 02:01 PM, Reindl Harald wrote: > > > Am 13.05.2014 13:55, schrieb Maciej Uhlig: >> Reindl Harald - 2014-05-13 13:30: >>> * from where do you think dovecot-lmtpd shoukd get the MTA's queue id? >> >> AFAICS dovecot sieve plugin is able to send mail (vacation response, >> forward mail) via SMTP MTA > > you stripped the relevant part of my response > > yes, it sends a *NEW* message via the MTA > > but that don't change the fact the dovecot don't know > the queue id of the *original* message received by > the MTA Reindl, you're answering the wrong question. The OP asked to add the MTA response while sending the *new* message. This has nothing to do with the original message. Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 884 bytes Desc: OpenPGP digital signature URL: From andy at andybev.com Tue May 13 13:53:47 2014 From: andy at andybev.com (Andrew Beverley) Date: Tue, 13 May 2014 14:53:47 +0100 Subject: [Dovecot] Performing an action on mail receipt Message-ID: <1399989227.23156.32.camel@andy-laptop> Dear all, I would like to perform an action for certain users each time a mail arrives via LMTP. I would like to send an email notification to an external email address when new mail has arrived for certain users (note: not a forward). I am assuming that creating my own plugin using the existing "notify" plugin is the way to go. However, before I go down that route, I'd like to check that is the best approach? Or would it be better to perform this sort of thing before the mail reaches Dovecot? Assuming writing a plugin is answer, do they have to be written in C? Dovecot version: 2.1.7 Thanks, Andy From tss at iki.fi Tue May 13 13:53:55 2014 From: tss at iki.fi (Timo Sirainen) Date: Tue, 13 May 2014 15:53:55 +0200 Subject: [Dovecot] dovecot shared folder In-Reply-To: <3919733.59fUNqSxLb@arhivio> References: <3919733.59fUNqSxLb@arhivio> Message-ID: On 13.5.2014, at 10.21, Mihai Badici wrote: > I try to create a shared directory in dovecot. > When accessing ( from roundcube) i can't subscribe or list the namespace. > It looks like I don't have rights. > > This is an extract from debug log: > When I try to create a new folder in "Public" (i don't have rights, but i can > try) loooks like the process crash: .. > May 12 23:10:07 imap(Mihai.Badici): Fatal: master: service(imap): child 5013 > killed with signal 11 (core dumps disabled) Yep. Can you get gdb backtrace? http://dovecot.org/bugreport.html From stephan at rename-it.nl Tue May 13 14:21:37 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 13 May 2014 16:21:37 +0200 Subject: [Dovecot] Performing an action on mail receipt In-Reply-To: <1399989227.23156.32.camel@andy-laptop> References: <1399989227.23156.32.camel@andy-laptop> Message-ID: <53722A71.70201@rename-it.nl> Andrew Beverley schreef op 13-5-2014 15:53: > Dear all, > > I would like to perform an action for certain users each time a mail > arrives via LMTP. I would like to send an email notification to an > external email address when new mail has arrived for certain users > (note: not a forward). > > I am assuming that creating my own plugin using the existing "notify" > plugin is the way to go. However, before I go down that route, I'd like > to check that is the best approach? This should provide what you need: http://sieve.info/ http://tools.ietf.org/html/rfc5435 http://tools.ietf.org/html/rfc5436 http://wiki2.dovecot.org/Pigeonhole Regards, Stephan. From emmanuel.fuste at thalesgroup.com Tue May 13 17:28:25 2014 From: emmanuel.fuste at thalesgroup.com (FUSTE Emmanuel) Date: Tue, 13 May 2014 19:28:25 +0200 Subject: [Dovecot] imapc problem Message-ID: <24021_1400002107_5372563B_24021_4356_1_53725639.3000704@thalesgroup.com> hello, I have some trouble when trying to migrate from another imap server to dovecot with imapc/dsync/doveadm. when running "doveadm -o imapc_user=foo -o imapc_password=bar backup -R -u localuser imapc:" all is ok. But when running "doveadm -o imapc_user=foo -o imapc_password=bar sync -R -u localuser imapc:", all local mods are overwritten. For example deleting a message or moving it to trash and it reappear in INBOX (and disappear from trash if moved there). If I try without the reverse flag "-R", local delete reappear two times after two or more sync. If I try without the reverse flag "-R", a message moved to trash is propagated to trash too, but reappear as many times as you "sync" on the two sides in the INBOX. With other users, first "backup -R" is ok but on next sync or backup try, I get : dsync(other_user): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted. Other IMAP server is CriticalPath 8.5.137. Any clue ?? Emmanuel. Dovecot conf : 2.2.12.12 (03196f188677+): /etc/dovecot/dovecot.conf # OS: Linux 3.11.0-19-generic x86_64 Ubuntu 12.04.4 LTS auth_master_user_separator = * auth_username_format = %u disable_plaintext_auth = no doveadm_password = **************** imapc_features = rfc822.size fetch-headers imapc_host = my_old_imap_server imapc_user = %u lda_mailbox_autocreate = yes listen = * mail_gid = vmail mail_location = maildir:~/Maildir mail_plugins = quota notify replication mail_prefetch_count = 20 mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { hidden = no inbox = yes list = yes location = prefix = separator = / subscriptions = yes type = private } namespace { hidden = no inbox = no list = children location = maildir:%%h/Maildir:INDEXPVT=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-master-ldap.conf.ext driver = ldap master = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_anyone = allow acl_shared_dict =file:/appli/vmail/shared-mailboxes quota = dict:userquota::file:/appli/vmail/local_userquota/%u/dovecot-quota quota_rule = *:storage=100M quota_rule2 = INBOX:storage=+20%% quota_rule3 = Trash:storage=+10%% sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap sieve service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener auth-userdb { group = vmail mode = 0660 } } service doveadm { inet_listener { port = 12345 } user = vmail } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = no userdb { args = /etc/dovecot/dovecot-users-ldap.conf.ext driver = ldap } protocol lda { mail_plugins = quota sieve } protocol imap { mail_plugins = quota imap_quota } From maciej.uhlig at us.edu.pl Tue May 13 17:58:29 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Tue, 13 May 2014 19:58:29 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers Message-ID: <53725D45.4090506@us.edu.pl> May I ask to add Return-Path: some meaningful header line to sieve sent mail headers in vacation message? Now the header line isn't generated at all and the effect is as follows: on receiving MTA: 2014-05-09T15:04:32+02:00 host/ip postfix/qmgr[2408]: 41F2F6024E: from=<>, size=900, nrcpt=1 (queue active) in received mail body: Return-Path: <> Would be nice to get: Return-Path: Copy of From: header line could be sufficient. Thanks. MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From CMarcus at Media-Brokers.com Tue May 13 18:20:51 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 13 May 2014 14:20:51 -0400 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53725D45.4090506@us.edu.pl> References: <53725D45.4090506@us.edu.pl> Message-ID: <53726283.5070200@Media-Brokers.com> On 5/13/2014 1:58 PM, Maciej Uhlig wrote: > Return-Path: <> > > Would be nice to get: > > Return-Path: No, no, no, null sender is *required* for these kinds of messages. -- Best regards, Charles From maciej.uhlig at us.edu.pl Tue May 13 18:27:12 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Tue, 13 May 2014 20:27:12 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53726283.5070200@Media-Brokers.com> References: <53725D45.4090506@us.edu.pl> <53726283.5070200@Media-Brokers.com> Message-ID: <53726400.5090401@us.edu.pl> Charles Marcus - 2014-05-13 20:20: > > No, no, no, null sender is *required* for these kinds of messages. > Why? It's _my_ message after all. IMHO I'm sending "I'm on vacation", not MTA. Thanks. MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From h.reindl at thelounge.net Tue May 13 19:00:44 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 13 May 2014 21:00:44 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53725D45.4090506@us.edu.pl> References: <53725D45.4090506@us.edu.pl> Message-ID: <53726BDC.30609@thelounge.net> Am 13.05.2014 19:58, schrieb Maciej Uhlig: > May I ask to add Return-Path: some meaningful header line to sieve sent > mail headers in vacation message? Now the header line isn't generated at > all and the effect is as follows: > > on receiving MTA: > > 2014-05-09T15:04:32+02:00 host/ip postfix/qmgr[2408]: 41F2F6024E: > from=<>, size=900, nrcpt=1 (queue active) > > in received mail body: > > Return-Path: <> which is correct > Would be nice to get: > > Return-Path: > > Copy of From: header line could be sufficient which is completly insane in case you don't log every single vacation and stop after the first one to the same address guess what happens if two persons have a vacation resonder at the same time and one of them sends a mail - the faster server with more storage will win that battle may i ask to read some RFC's and consider the impact of sloppy proposals if one would make them real? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From stephan at rename-it.nl Tue May 13 19:02:31 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 13 May 2014 21:02:31 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53725D45.4090506@us.edu.pl> References: <53725D45.4090506@us.edu.pl> Message-ID: <53726C47.4030603@rename-it.nl> On 5/13/2014 7:58 PM, Maciej Uhlig wrote: > May I ask to add Return-Path: some meaningful header line to sieve sent > mail headers in vacation message? Now the header line isn't generated at > all and the effect is as follows: > > on receiving MTA: > > 2014-05-09T15:04:32+02:00 host/ip postfix/qmgr[2408]: 41F2F6024E: > from=<>, size=900, nrcpt=1 (queue active) > > in received mail body: > > Return-Path: <> > > Would be nice to get: > > Return-Path: > > Copy of From: header line could be sufficient. Use of NULL envelope sender is generally recommended to prevent mail loops: http://tools.ietf.org/html/rfc5230#section-5.1 http://tools.ietf.org/html/rfc3834#section-3.3 Keep in mind that the From: header is set to something useful (http://tools.ietf.org/html/rfc5230#section-5.4). That is what the recipient will normally see. If you know what you are doing (think twice about that!), you can override this behavior using the sieve_vacation_send_from_recipient setting (if your Pigeonhole is recent enough): http://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/Vacation#Configuration Regards, Stephan. From h.reindl at thelounge.net Tue May 13 19:04:17 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 13 May 2014 21:04:17 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53726400.5090401@us.edu.pl> References: <53725D45.4090506@us.edu.pl> <53726283.5070200@Media-Brokers.com> <53726400.5090401@us.edu.pl> Message-ID: <53726CB1.60104@thelounge.net> Am 13.05.2014 20:27, schrieb Maciej Uhlig: > Charles Marcus - 2014-05-13 20:20: >> >> No, no, no, null sender is *required* for these kinds of messages. >> > > Why? It's _my_ message after all. IMHO I'm sending "I'm on vacation", > not MTA. you are *not sending* "I'm on vacation" because you as human would not be that dumb to send it 1000000 times to the vacation responsder on the other end http://en.wikipedia.org/wiki/Bounce_message a vaction is *exactly* the same you need to understand mail basics like the difference of the From-header and the envelope sender hint: you are talking about the envelope which no human person ever get displayed in his MUA -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From leva at ecentrum.hu Tue May 13 19:26:29 2014 From: leva at ecentrum.hu (LEVAI Daniel) Date: Tue, 13 May 2014 21:26:29 +0200 Subject: [Dovecot] [Dovecot-news] v2.2.13 released In-Reply-To: <53718506.1030907@comstyle.com> References: <53705C3C.6090809@allard.it> <84440934-701D-436E-AA00-D2516084DCBA@iki.fi> <5370734F.3060602@allard.it> <474B8132-98FC-4B5A-B23D-B45DBD6F9866@iki.fi> <20140512185935.GA16428@serenity.local> <53718506.1030907@comstyle.com> Message-ID: <20140513192629.GB16428@serenity.local> On h, m?j 12, 2014 at 22:35:50 -0400, Brad Smith wrote: > On 12/05/14 2:59 PM, LEVAI Daniel wrote: > >On h, m?j 12, 2014 at 10:26:57 +0300, Timo Sirainen wrote: > >>On 12.5.2014, at 10.07, Renaud Allard wrote: > >> > >>>>>checking whether fd passing works... no > >>>>>configure: error: fd passing is required for Dovecot to work > >>>> > >>>>What does config.log say about it? > >>>> > >>> > >>>configure:21046: checking whether fd passing works > >>>configure:21120: gcc -o conftest -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I./src/lib ./src/lib/fdpass.c -I/usr/local/include conftest.c >&5 > >>>conftest.c:122: warning: no previous prototype for 'nopen' > >>>configure:21120: $? = 0 > >>>configure:21120: ./conftest > >>>configure:21120: $? = 2 > >>>configure: program exited with status 2 > >>> > >>> > >>>It seems that if I put src/lib/fdpass.c from 2.2.12, the test succeeds. > >> > >>Oh. I finally fixed a broken sanity check there: > >>http://hg.dovecot.org/dovecot-2.2/rev/bedecd5b6bab > >> > >>I wonder if the check is still somewhat broken or if OpenBSD (and BSD > >>in general?) even attempts to set it correctly.. > > > >FWIW, it configures and compiles fine here on OpenBSD 5.5. What are the > >configure options you are using Renaud? > > It fails for me with 5.5 and -current both just dropping .13 in for > the port and simply running the autoconf script without any command line > parameters. Ah; details, details... The OP failed to mention that it failed on amd64. On i386, it works perfectly. Danie -- L?VAI D?niel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F From maciej.uhlig at us.edu.pl Tue May 13 20:49:45 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Tue, 13 May 2014 22:49:45 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53726BDC.30609@thelounge.net> References: <53725D45.4090506@us.edu.pl> <53726BDC.30609@thelounge.net> Message-ID: <53728569.4000106@us.edu.pl> Reindl Harald - 2014-05-13 21:00: > guess what happens if two persons have a vacation > resonder at the same time and one of them sends > a mail - the faster server with more storage will > win that battle Not necessarily. 'sieve_vacation_default_period' would be taken into account. > may i ask to read some RFC's and consider the > impact of sloppy proposals if one would make > them real? Sure. Thanks. MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From maciej.uhlig at us.edu.pl Tue May 13 20:50:33 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Tue, 13 May 2014 22:50:33 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53726C47.4030603@rename-it.nl> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> Message-ID: <53728599.8010203@us.edu.pl> Stephan Bosch - 2014-05-13 21:02: > Keep in mind that the From: header is set to something useful > (http://tools.ietf.org/html/rfc5230#section-5.4). That is what the > recipient will normally see. Right. I was looking from the mail admin point of view (there was only "from=<>" in receiving MTA log line while I wanted to be sure who was the message from). > If you know what you are doing (think twice about that!), I'll do :-) > you can override this behavior using the > sieve_vacation_send_from_recipient setting Thank you. That's what I was asking for. Best regards, MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From alessio at skye.it Tue May 13 22:31:30 2014 From: alessio at skye.it (Alessio Cecchi) Date: Wed, 14 May 2014 00:31:30 +0200 Subject: [Dovecot] Dovecot 2.2.13 core dumped with shared folder/acl Message-ID: Hi, after the upgrade to dovecot 2.2.13 (on Deb 6) for users that have enabled shared folder I found "core dumped" error in the log: imap(webmaster at pippo.com): Fatal: master: service(imap): child 26828 killed with signal 11 (core dumped) [...] imap[26828]: segfault at 160 ip 00007f76a18bca32 sp 00007fff5ecc13b0 error 4 in lib01_acl_plugin.so[7f76a18af000+13000] These error happens "random", when users configure subscription for shared folders or browse shared folders. Here "bt full": #0 0x00007f76a18bca32 in acl_mailbox_get_aclobj (box=) at acl-mailbox.c:29 No locals. #1 0x00007f76a16ad1e3 in cmd_myrights (cmd=0x1211cd0) at imap-acl-plugin.c:331 ns = box = 0x12051f0 mailbox = 0x11732a8 "shared" orig_mailbox = 0x1214690 "shared" rights = str = #2 0x000000000041813d in command_exec (cmd=0x1211cd0) at imap-commands.c:158 hook = 0x117c0e0 ret = #3 0x0000000000417240 in client_command_input (cmd=0x1211cd0) at imap-client.c:778 client = 0x12110d0 command = __FUNCTION__ = "client_command_input" #4 0x000000000041732d in client_command_input (cmd=0x1211cd0) at imap-client.c:839 client = 0x12110d0 command = 0x0 __FUNCTION__ = "client_command_input" #5 0x00000000004175ad in client_handle_next_command (client=0x12110d0) at imap-client.c:877 No locals. #6 client_handle_input (client=0x12110d0) at imap-client.c:889 _data_stack_cur_id = 3 ret = 96 remove_io = handled_commands = false __FUNCTION__ = "client_handle_input" #7 0x000000000041792f in client_input (client=0x12110d0) at imap-client.c:931 cmd = output = 0x1211b10 bytes = __FUNCTION__ = "client_input" #8 0x00007f76a24c98ce in io_loop_call_io (io=0x1211be0) at ioloop.c:441 ioloop = 0x117b730 t_id = 2 __FUNCTION__ = "io_loop_call_io" #9 0x00007f76a24caa4f in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 ctx = 0x117c3c0 event = 0x117d230 list = 0x1197a60 io = 0x10 ---Type to continue, or q to quit--- tv = {tv_sec = 59, tv_usec = 999046} msecs = ret = 1 i = 0 call = false __FUNCTION__ = "io_loop_handler_run_internal" #10 0x00007f76a24c9959 in io_loop_handler_run (ioloop=0x10) at ioloop.c:488 No locals. #11 0x00007f76a24c99e8 in io_loop_run (ioloop=0x117b730) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #12 0x00007f76a2476ef3 in master_service_run (service=0x117b5c0, callback=0x28) at master-service.c:566 No locals. #13 0x0000000000420eb7 in main (argc=1, argv=0x117b390) at main.c:400 set_roots = {0x428e20, 0x0} login_set = {auth_socket_path = 0x1173050 "\210\060\027\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x4210b0 , failure_callback = 0x421050 , request_auth_token = 1} service_flags = storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT username = 0x0 c = Here is my configuration: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.9 auth_cache_negative_ttl = 10 mins auth_cache_size = 8 M auth_cache_ttl = 20 mins deliver_log_format = msgid=%m, from=%f, subject="%s": %$ dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no dotlock_use_excl = no first_valid_gid = 89 first_valid_uid = 89 imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags imap_idle_notify_interval = 29 mins imap_logout_format = in=%i out=%o session=<%{session}> last_valid_gid = 89 last_valid_uid = 89 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * mail_fsync = always mail_location = maildir:~/Maildir mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = quota acl expire maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate vnd.dovecot.duplicate mmap_disable = yes namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%n/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { args = username_format=%Ld /etc/dovecot/extra/alias-domains-denylogin.txt deny = yes driver = passwd-file } passdb { args = cache_key=%s%u webmail=192.168.3.15 driver = vpopmail } plugin { acl = vfile acl_shared_dict = proxy::acl expire = Trash expire2 = Spam expire_dict = proxy::expire quota = maildir:UserQuota quota2 = dict:Quota Usage::noenforcing:proxy::sqlquota quota_grace = 10M quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_before = /etc/dovecot/sieve/before.sieve sieve_dir = ~/sieve sieve_extensions = +vnd.dovecot.duplicate -vacation } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o, session=<%{session}> protocols = imap pop3 sieve service auth { client_limit = 5500 unix_listener auth-userdb { group = vchkpw mode = 0660 user = vpopmail } } service dict { process_limit = 500 unix_listener dict { group = vchkpw mode = 0660 user = vpopmail } } service imap-login { process_min_avail = 4 service_count = 0 } service imap { process_limit = 4000 service_count = 100 } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { service_count = 0 } service pop3 { process_limit = 1023 service_count = 100 } service quota-warning { executable = script /etc/dovecot/scripts/quota-warning.sh unix_listener quota-warning { user = vpopmail } user = vpopmail } ssl_cert = References: <53705C3C.6090809@allard.it> <84440934-701D-436E-AA00-D2516084DCBA@iki.fi> <5370734F.3060602@allard.it> <474B8132-98FC-4B5A-B23D-B45DBD6F9866@iki.fi> <20140512185935.GA16428@serenity.local> <53718506.1030907@comstyle.com> <20140513192629.GB16428@serenity.local> Message-ID: <5372B323.8000908@comstyle.com> On 13/05/14 3:26 PM, LEVAI Daniel wrote: > On h, m?j 12, 2014 at 22:35:50 -0400, Brad Smith wrote: >> On 12/05/14 2:59 PM, LEVAI Daniel wrote: >>> On h, m?j 12, 2014 at 10:26:57 +0300, Timo Sirainen wrote: >>>> On 12.5.2014, at 10.07, Renaud Allard wrote: >>>> >>>>>>> checking whether fd passing works... no >>>>>>> configure: error: fd passing is required for Dovecot to work >>>>>> >>>>>> What does config.log say about it? >>>>>> >>>>> >>>>> configure:21046: checking whether fd passing works >>>>> configure:21120: gcc -o conftest -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I./src/lib ./src/lib/fdpass.c -I/usr/local/include conftest.c >&5 >>>>> conftest.c:122: warning: no previous prototype for 'nopen' >>>>> configure:21120: $? = 0 >>>>> configure:21120: ./conftest >>>>> configure:21120: $? = 2 >>>>> configure: program exited with status 2 >>>>> >>>>> >>>>> It seems that if I put src/lib/fdpass.c from 2.2.12, the test succeeds. >>>> >>>> Oh. I finally fixed a broken sanity check there: >>>> http://hg.dovecot.org/dovecot-2.2/rev/bedecd5b6bab >>>> >>>> I wonder if the check is still somewhat broken or if OpenBSD (and BSD >>>> in general?) even attempts to set it correctly.. >>> >>> FWIW, it configures and compiles fine here on OpenBSD 5.5. What are the >>> configure options you are using Renaud? >> >> It fails for me with 5.5 and -current both just dropping .13 in for >> the port and simply running the autoconf script without any command line >> parameters. > > Ah; details, details... The OP failed to mention that it failed on > amd64. > On i386, it works perfectly. Ah, true. I stopped running obsolete arch a few years ago ;) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From andy at andybev.com Wed May 14 00:15:46 2014 From: andy at andybev.com (Andrew Beverley) Date: Wed, 14 May 2014 01:15:46 +0100 Subject: [Dovecot] Performing an action on mail receipt In-Reply-To: <53722A71.70201@rename-it.nl> References: <1399989227.23156.32.camel@andy-laptop> <53722A71.70201@rename-it.nl> Message-ID: <1400026546.23156.109.camel@andy-laptop> On Tue, 2014-05-13 at 16:21 +0200, Stephan Bosch wrote: > This should provide what you need: > > http://sieve.info/ > http://tools.ietf.org/html/rfc5435 > http://tools.ietf.org/html/rfc5436 > > http://wiki2.dovecot.org/Pigeonhole Fantastic, thanks, exactly what I need. I've got the basics working, with a static file Sieve script. However, I'm trying to keep as much of my config in a MySQL database, and this is where I'm starting to struggle. By user, I'd like to retrieve from a SQL database firstly which Sieve script to run (if applicable) and secondly the parameters for that particular user, in this case the external email address to notify. As I understand it, I'll need to use the Extdata plugin to retrieve data values per-user. I've successfully compiled and installed this plugin, but I'm not sure how to connect it to a dict. I've created a dict configuration file, with the following contents: map { pattern = priv/extdata/notify_email table = virtual_users username_field = email value_field = notify_email } And added it to dovecot.conf: dict { notify = mysql:/etc/dovecot/pigeonhole-sieve.dict } I've added the following to my Sieve configuration: sieve_plugins = sieve_extdata sieve_extdata_dict_uri = extdata::notify_email However, I'm not sure of the naming syntax of the above, and I'm just getting "sieve extdata: failed to initialize dict extdata::notify_email" I guess I've got the naming wrong, but I couldn't find documentation to specify how it should be. What am I doing wrong? Thanks, Andy From me at junc.eu Wed May 14 01:00:39 2014 From: me at junc.eu (Benny Pedersen) Date: Wed, 14 May 2014 03:00:39 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53726400.5090401@us.edu.pl> References: <53725D45.4090506@us.edu.pl> <53726283.5070200@Media-Brokers.com> <53726400.5090401@us.edu.pl> Message-ID: <646918fd-a90d-46d4-a724-640b9bfe9d97@email.android.com> Does not make sense vacation msgs is seldom sent to known users where you like to get another msg back asking when you come home again, this why its best to keep sender envelope empty on vaction msgs -- Sendt fra min Android telefon med K-9 Mail. Undskyld hvis jeg er lidt kortfattet. From erickom at kom.za.net Wed May 14 03:56:44 2014 From: erickom at kom.za.net (Eric Kom) Date: Wed, 14 May 2014 05:56:44 +0200 Subject: [Dovecot] Dovecot repo for CentOS Message-ID: <5372E97C.3070904@kom.za.net> Hi all, Please am looking for a repo for dovecot on CentOS where I can installed the latest never. Thanks From tolga at ozses.net Wed May 14 04:25:48 2014 From: tolga at ozses.net (Muzaffer Tolga Ozses) Date: Wed, 14 May 2014 07:25:48 +0300 Subject: [Dovecot] Dovecot repo for CentOS In-Reply-To: <5372E97C.3070904@kom.za.net> References: <5372E97C.3070904@kom.za.net> Message-ID: That would be ATRPMS On 14 May 2014 06:59, "Eric Kom" wrote: > Hi all, > Please am looking for a repo for dovecot on CentOS where I can installed > the latest never. > Thanks > From goetz.reinicke at filmakademie.de Wed May 14 06:35:10 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Wed, 14 May 2014 08:35:10 +0200 Subject: [Dovecot] Dovecot repo for CentOS In-Reply-To: <5372E97C.3070904@kom.za.net> References: <5372E97C.3070904@kom.za.net> Message-ID: <53730E9E.5000609@filmakademie.de> Am 14.05.14 05:56, schrieb Eric Kom: > Hi all, > Please am looking for a repo for dovecot on CentOS where I can installed > the latest never. Search for city-fan dovecot rpm in google is what I was suggested. Or: Get a payed subscription from http://www.dovecot.fi 99$/year AFAIK. /G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5306 bytes Desc: S/MIME Cryptographic Signature URL: From goetz.reinicke at filmakademie.de Wed May 14 08:41:19 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Wed, 14 May 2014 10:41:19 +0200 Subject: [Dovecot] Error open(/var/lib/dovecot/db/shared-mailboxes) after update 2.2.10 -> 2.2.13 Message-ID: <53732C2F.8080508@filmakademie.de> Hi, I did an update from dovecot 2.2.10 -> 2.2.13 and now I'm getting errors: May 14 10:40:00 imap(hansdampf): Error: open(/var/lib/dovecot/db/shared-mailboxes) failed: Permission denied Currently the permissions on shared-mailboxes rw-rw-rw but teh error still exists. Any hints? Thansk and Regards. G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5306 bytes Desc: S/MIME Cryptographic Signature URL: From skdovecot at smail.inf.fh-brs.de Wed May 14 09:12:23 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 14 May 2014 11:12:23 +0200 (CEST) Subject: [Dovecot] Error open(/var/lib/dovecot/db/shared-mailboxes) after update 2.2.10 -> 2.2.13 In-Reply-To: <53732C2F.8080508@filmakademie.de> References: <53732C2F.8080508@filmakademie.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 14 May 2014, G?tz Reinicke - IT Koordinator wrote: > I did an update from dovecot 2.2.10 -> 2.2.13 and now I'm getting errors: > > May 14 10:40:00 imap(hansdampf): Error: > open(/var/lib/dovecot/db/shared-mailboxes) failed: Permission denied > > Currently the permissions on shared-mailboxes rw-rw-rw but teh error > still exists. Did you checked the x - permission of all directories in the tree, /var/lib/dovecot/db, ... ? Do you use system users or virtual ones? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3MzeHz1H7kL/d9rAQL6OAf+MrVSict3diewPcfIeBlRKd2iA2jQFoQE vyEV++U8+dSN+AxXR0GgAFoU6VWo4ObQzvZkcCmiudcgnrrqSRqzrDlB4VvOJQKm nXIe/42wU6raVRiwjxeQe94SwjWC1nYcYYC7oQMm6iwKxrmOdVfZ63IiGOGhgf+n x4XDZlJzSCCbJhBNlMTVAGJehmV4ZaMhc2LNsk6QkNa/qwevsVRdARBO/verBkUz 9eu9/f4wUnuWDOlNyA2EBT/VaLW8oXEyMU3o/p4bANfv9NokFk9obReEv7QeFfJ5 lmMgKLWA543NrKXCMLAieM9USGrnGUxqB4yRS/1p+sgqGc1CjTdMUA== =klYq -----END PGP SIGNATURE----- From goetz.reinicke at filmakademie.de Wed May 14 09:19:22 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Wed, 14 May 2014 11:19:22 +0200 Subject: [Dovecot] Error open(/var/lib/dovecot/db/shared-mailboxes) after update 2.2.10 -> 2.2.13 In-Reply-To: References: <53732C2F.8080508@filmakademie.de> Message-ID: <5373351A.5030807@filmakademie.de> Am 14.05.14 11:12, schrieb Steffen Kaiser: > On Wed, 14 May 2014, G?tz Reinicke - IT Koordinator wrote: > >> I did an update from dovecot 2.2.10 -> 2.2.13 and now I'm getting errors: > >> May 14 10:40:00 imap(hansdampf): Error: >> open(/var/lib/dovecot/db/shared-mailboxes) failed: Permission denied > >> Currently the permissions on shared-mailboxes rw-rw-rw but teh error >> still exists. > > Did you checked the x - permission of all directories in the tree, > /var/lib/dovecot/db, ... ? Do you use system users or virtual ones? Hi, /var/lib/dovecot 750 <- changed it for test to 755 Error is gone. O.K. thx for the hin; I'll check the groups/permissions down that path. /G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5306 bytes Desc: S/MIME Cryptographic Signature URL: From tlx at leuxner.net Wed May 14 09:24:50 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Wed, 14 May 2014 11:24:50 +0200 Subject: [Dovecot] Error open(/var/lib/dovecot/db/shared-mailboxes) after update 2.2.10 -> 2.2.13 In-Reply-To: <53732C2F.8080508@filmakademie.de> References: <53732C2F.8080508@filmakademie.de> Message-ID: <20140514092450.GA60817@nihlus.leuxner.net> * G?tz Reinicke - IT Koordinator 2014.05.14 10:41: > May 14 10:40:00 imap(hansdampf): Error: > open(/var/lib/dovecot/db/shared-mailboxes) failed: Permission denied Usually the error logs are quite verbose (listing uid,gid), so I wonder if this is the full log message. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From bourek at thinline.cz Wed May 14 09:41:12 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Wed, 14 May 2014 11:41:12 +0200 Subject: [Dovecot] Performing an action on mail receipt In-Reply-To: <1400026546.23156.109.camel@andy-laptop> References: <1399989227.23156.32.camel@andy-laptop> <53722A71.70201@rename-it.nl> <1400026546.23156.109.camel@andy-laptop> Message-ID: <53733A38.6010501@thinline.cz> On 14.5.2014 02:15, Andrew Beverley wrote: > On Tue, 2014-05-13 at 16:21 +0200, Stephan Bosch wrote: >> This should provide what you need: >> >> http://sieve.info/ >> http://tools.ietf.org/html/rfc5435 >> http://tools.ietf.org/html/rfc5436 >> >> http://wiki2.dovecot.org/Pigeonhole > > Fantastic, thanks, exactly what I need. > > I've got the basics working, with a static file Sieve script. However, > I'm trying to keep as much of my config in a MySQL database, and this is > where I'm starting to struggle. Welcome to the club ;-) > > By user, I'd like to retrieve from a SQL database firstly which Sieve > script to run (if applicable) and secondly the parameters for that > particular user, in this case the external email address to notify. AFAIK PigeonHole can read scripts only from file. Being able to use SQL database as data source would sure be nice and I recall there was some short discussion about it, but - again, AFAIK - it was never added as a feature. > > As I understand it, I'll need to use the Extdata plugin to retrieve data > values per-user. I've successfully compiled and installed this plugin, > but I'm not sure how to connect it to a dict. Tried that too for optional spamassassin test and failed, see https://www.mail-archive.com/dovecot at dovecot.org/msg57539.html . IMO documentation for this map and dict thing is a nightmare to say the least (or if there is something, Google doesn't know about it.) Anyway, this is what I came up with: 91-sieve-extdata.conf: plugin { sieve_extensions = +vnd.dovecot.extdata sieve_extdata_dict_uri = proxy::testing } dict { testing = pgsql:/etc/dovecot/pigeonhole-extdata.dict } /etc/dovecot/pigeonhole-extdata.dict: connect = host=127.0.0.1 dbname=maildatabase user=mailuser password=secret map { pattern = priv/antispam_setting table = mailschema.antispam_view value_field = vtransport username_field = full_username } I use PostgreSQL but I guess there won't be any major differences. In sieve script it was used like this: if extdata :is "antispam_setting" "enabled" I think this worked in the end. Well, sort of worked, I needed to create view with user names in user at domain format (I use separate tables for domains and users), and the view looked like this: create view antispam_view as \ select username || '@' || domain as full_username, vtransport \ from mailboxes \ left join domains on mailboxes.domains_id = domains.id ; The || means string concatenation in PostgreSQL. This is of course stupid and ugly, because lookup by username forces sequential scan of the users table. Moreover I have separate UID for every user, which in turn forced 0777 permissions on dict socket (sieve interpreter runs under mailbox owner's uid), which doesn't seem very secure. At this point I abandoned the idea. Stephan Bosch suggested using the extprograms plugin - execute some program non-conditionally, let it do all SQL lookups and take neccessary actions. I didn't use that approach because it'd require me to create some client-server application (to keep database credentials hidden from users and to maintain database connection pool instead of doing connect - lookup - close cycle for every request.) That looked a bit too complicated compared with generating the sieve script (with or without the test) according to database data. (I had the code to do that.) But maybe some solution with extprograms will be more suitable for you. > > I've created a dict configuration file, with the following contents: > > map { > pattern = priv/extdata/notify_email > table = virtual_users > username_field = email > value_field = notify_email > } > > And added it to dovecot.conf: > > dict { > notify = mysql:/etc/dovecot/pigeonhole-sieve.dict > } > > I've added the following to my Sieve configuration: > > sieve_plugins = sieve_extdata > sieve_extdata_dict_uri = extdata::notify_email > > However, I'm not sure of the naming syntax of the above, and I'm just > getting "sieve extdata: failed to initialize dict extdata::notify_email" > > I guess I've got the naming wrong, but I couldn't find documentation to > specify how it should be. What am I doing wrong? IIRC you're third person in past 4 weeks saying finding stuff in Dovecot documention is hard, so don't feel bad ;-) J. From goetz.reinicke at filmakademie.de Wed May 14 09:42:04 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Wed, 14 May 2014 11:42:04 +0200 Subject: [Dovecot] Error open(/var/lib/dovecot/db/shared-mailboxes) after update 2.2.10 -> 2.2.13 In-Reply-To: <20140514092450.GA60817@nihlus.leuxner.net> References: <53732C2F.8080508@filmakademie.de> <20140514092450.GA60817@nihlus.leuxner.net> Message-ID: <53733A6C.9020401@filmakademie.de> Am 14.05.14 11:24, schrieb Thomas Leuxner: > * G?tz Reinicke - IT Koordinator 2014.05.14 10:41: > >> May 14 10:40:00 imap(hansdampf): Error: >> open(/var/lib/dovecot/db/shared-mailboxes) failed: Permission denied > > Usually the error logs are quite verbose (listing uid,gid), so I wonder if this is the full log message. > Its the full error line. and I cant see anything before or after related to that. hmm . /G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5306 bytes Desc: S/MIME Cryptographic Signature URL: From CMarcus at Media-Brokers.com Wed May 14 10:27:19 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 14 May 2014 06:27:19 -0400 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53726C47.4030603@rename-it.nl> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> Message-ID: <53734507.5030504@Media-Brokers.com> On 5/13/2014 3:02 PM, Stephan Bosch wrote: > If you know what you are doing (think twice about that!), you can > override this behavior using the sieve_vacation_send_from_recipient > setting (if your Pigeonhole is recent enough): > http://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/Vacation#Configuration > Regards, Stephan. Just be sure you understand why... I recommend you read the pertinent RFC which explains the reasoning as to why the null sender is recommended, and if you are going to use another/real address, only use one that will never auto-respond to *anything*: http://tools.ietf.org/html/rfc3834#section-3.3 Specifically: The primary purpose of the MAIL FROM address is to serve as the destination for delivery status messages and other automatic responses. Since in most cases it is not appropriate to respond to an automatic response, and the responder is not interested in delivery status messages, a MAIL FROM address of <> MAY be used for this purpose. A MAIL FROM address which is specifically chosen for the purpose of sending automatic responses, and which will not automatically respond to any message sent to it, MAY be used instead of <>. -- Best regards, Charles From axel.luttgens at skynet.be Wed May 14 11:29:53 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Wed, 14 May 2014 13:29:53 +0200 Subject: [Dovecot] Performing an action on mail receipt In-Reply-To: <53733A38.6010501@thinline.cz> References: <1399989227.23156.32.camel@andy-laptop> <53722A71.70201@rename-it.nl> <1400026546.23156.109.camel@andy-laptop> <53733A38.6010501@thinline.cz> Message-ID: Le 14 mai 2014 ? 11:41, Jiri Bourek a ?crit : > [...] > AFAIK PigeonHole can read scripts only from file. Being able to use SQL database as data source would sure be nice and I recall there was some short discussion about it, but - again, AFAIK - it was never added as a feature. Hello Jiri, Just in case, since I've never tried myself... This file: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/file/689db87e26f2/doc/script-location-dict.txt is systematically installed here as: share/doc/dovecot/sieve/script-location-dict.txt May perhaps be of interest? Axel From sca at andreasschulze.de Wed May 14 12:12:44 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Wed, 14 May 2014 14:12:44 +0200 Subject: [Dovecot] RFE: please add mail queue id to 'sent vacation response' log line In-Reply-To: <53720148.2060407@us.edu.pl> References: <53720148.2060407@us.edu.pl> Message-ID: <20140514141244.Horde.3GoFQ5KLkeLpdYEdD6bOFg4@horde.andreasschulze.de> Maciej Uhlig: > May I ask to add receiving smtp server mail queue id to sieve 'sent > vacation response' log line? Hello, I like to support that request. It would allow me to exactly follow the mailflow in case any user claim "I did not get a vacation response." With a complete QueueID chain I could turn that into "You did not *read* the vacation response" Does not happen often but would be help full... Need to mention: it rely on "submission_host = $SMTP-SERVER" in dovecot.conf. No idea how it looks on submission via /usr/sbin/sendmail... Andreas From sca at andreasschulze.de Wed May 14 12:48:03 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Wed, 14 May 2014 14:48:03 +0200 Subject: [Dovecot] LMTP SSL? In-Reply-To: <20140512115631.GI30748@charite.de> References: <20140512115631.GI30748@charite.de> Message-ID: <20140514144803.Horde.FgaW5XqRjAKc9AeVJ-HaDw9@horde.andreasschulze.de> Ralf Hildebrandt: > Can I enable STARTTLS/SSL on the LMTP listener in Dovecot 2.1.x? > > service lmtp { > unix_listener lmtp { > } > inet_listener lmtp { > address = * > port = 24 > --> ssl=yes > } > } Hi Ralf, I just tried it for fun on 2.2.12: still does not work... Is stunnel an option? MTA -> crypto to remote stunnel endpoint -> plaintext to localhost:lmtp Andreas From emmanuel.fuste at thalesgroup.com Wed May 14 12:54:06 2014 From: emmanuel.fuste at thalesgroup.com (FUSTE Emmanuel) Date: Wed, 14 May 2014 14:54:06 +0200 Subject: [Dovecot] imapc problem In-Reply-To: <24021_1400002107_5372563B_24021_4356_1_53725639.3000704@thalesgroup.com> References: <24021_1400002107_5372563B_24021_4356_1_53725639.3000704@thalesgroup.com> Message-ID: <8943_1400072047_5373676F_8943_683_1_5373676E.40802@thalesgroup.com> Le 13/05/2014 19:28, FUSTE Emmanuel a ?crit : > hello, > > I have some trouble when trying to migrate from another imap server to > dovecot with imapc/dsync/doveadm. > > when running "doveadm -o imapc_user=foo -o imapc_password=bar backup -R > -u localuser imapc:" all is ok. > > But when running "doveadm -o imapc_user=foo -o imapc_password=bar sync > -R -u localuser imapc:", all local mods are overwritten. For example > deleting a message or moving it to trash and it reappear in INBOX (and > disappear from trash if moved there). > If I try without the reverse flag "-R", local delete reappear two times > after two or more sync. > If I try without the reverse flag "-R", a message moved to trash is > propagated to trash too, but reappear as many times as you "sync" on the > two sides in the INBOX. > With other users, first "backup -R" is ok but on next sync or backup > try, I get : > > dsync(other_user): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted. > > > Other IMAP server is CriticalPath 8.5.137. > > Any clue ?? > > Emmanuel. > > Dovecot conf : > > 2.2.12.12 (03196f188677+): /etc/dovecot/dovecot.conf > # OS: Linux 3.11.0-19-generic x86_64 Ubuntu 12.04.4 LTS > auth_master_user_separator = * > auth_username_format = %u > disable_plaintext_auth = no > doveadm_password = **************** > imapc_features = rfc822.size fetch-headers > imapc_host = my_old_imap_server > imapc_user = %u > lda_mailbox_autocreate = yes > listen = * > mail_gid = vmail > mail_location = maildir:~/Maildir > mail_plugins = quota notify replication > mail_prefetch_count = 20 > mail_uid = vmail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace { > hidden = no > inbox = yes > list = yes > location = > prefix = > separator = / > subscriptions = yes > type = private > } > namespace { > hidden = no > inbox = no > list = children > location = maildir:%%h/Maildir:INDEXPVT=~/Maildir/shared/%%u > prefix = shared/%%u/ > separator = / > subscriptions = no > type = shared > } > passdb { > args = /etc/dovecot/dovecot-master-ldap.conf.ext > driver = ldap > master = yes > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > acl = vfile > acl_anyone = allow > acl_shared_dict =file:/appli/vmail/shared-mailboxes > quota = dict:userquota::file:/appli/vmail/local_userquota/%u/dovecot-quota > quota_rule = *:storage=100M > quota_rule2 = INBOX:storage=+20%% > quota_rule3 = Trash:storage=+10%% > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > protocols = imap sieve > service aggregator { > fifo_listener replication-notify-fifo { > user = vmail > } > unix_listener replication-notify { > user = vmail > } > } > service auth { > unix_listener auth-userdb { > group = vmail > mode = 0660 > } > } > service doveadm { > inet_listener { > port = 12345 > } > user = vmail > } > service replicator { > process_min_avail = 1 > unix_listener replicator-doveadm { > mode = 0666 > } > } > ssl = no > userdb { > args = /etc/dovecot/dovecot-users-ldap.conf.ext > driver = ldap > } > protocol lda { > mail_plugins = quota sieve > } > protocol imap { > mail_plugins = quota imap_quota > } Some news: I tried many things, switching to sdbox, not using "imapc_features = rfc822.size fetch-headers", disabling useless options for a simple test setup etc... with no luck. I switched to isync/mbsync with success in imap to imap mode, syncing all mailboxes/expunge/mailbox creation for each user. It would be great if dovecot/imapc could be fixed to do it natively. Please tell me if I could help: logs, tests, etc... Emmanuel. From mail at zirkumflex.net Wed May 14 12:17:58 2014 From: mail at zirkumflex.net (Daniel Thielemann) Date: Wed, 14 May 2014 14:17:58 +0200 Subject: [Dovecot] =?utf-8?q?Enterprise_repository_for_free_now=3F_=3B-=29?= =?utf-8?b?IChCdWc/KQ==?= Message-ID: Hi, I bought repo access for 0,00$ one minute ago. If its free now then I wanna say thank you very much, otherwise somebody should fix it :) Take a look here: http://shop.dovecot.fi/home/8-dovecot-ee-repository-access.html Screen: http://www.directupload.net/file/d/3622/oxyo89zm_png.htm Regards From mail at zirkumflex.net Wed May 14 13:38:13 2014 From: mail at zirkumflex.net (Daniel Thielemann) Date: Wed, 14 May 2014 15:38:13 +0200 Subject: [Dovecot] =?utf-8?q?Enterprise_repository_for_free_now=3F_=3B-=29?= =?utf-8?b?IChCdWc/KQ==?= In-Reply-To: References: Message-ID: Timo answered me already: > Intentional. We haven't had time to update the web. Enjoy your repo access :D Am 14.05.2014 14:17, schrieb Daniel Thielemann: > Hi, > > I bought repo access for 0,00$ one minute ago. If its free now then I > wanna say thank you very much, otherwise somebody should fix it :) > > Take a look here: > http://shop.dovecot.fi/home/8-dovecot-ee-repository-access.html > Screen: http://www.directupload.net/file/d/3622/oxyo89zm_png.htm > > Regards From goetz.reinicke at filmakademie.de Wed May 14 14:02:28 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Wed, 14 May 2014 16:02:28 +0200 Subject: [Dovecot] Enterprise repository for free now? ;-) (Bug?) In-Reply-To: References: Message-ID: <53737774.1060708@filmakademie.de> Am 14.05.14 15:38, schrieb Daniel Thielemann: > Timo answered me already: > >> Intentional. We haven't had time to update the web. > > Enjoy your repo access :D > > Am 14.05.2014 14:17, schrieb Daniel Thielemann: >> Hi, >> >> I bought repo access for 0,00$ one minute ago. If its free now then I >> wanna say thank you very much, otherwise somebody should fix it :) >> >> Take a look here: >> http://shop.dovecot.fi/home/8-dovecot-ee-repository-access.html >> Screen: http://www.directupload.net/file/d/3622/oxyo89zm_png.htm Kowtou.... and I was doing some research for an rpm for centos/rh 5.... :) /G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5306 bytes Desc: S/MIME Cryptographic Signature URL: From Ralf.Hildebrandt at charite.de Wed May 14 14:04:00 2014 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Wed, 14 May 2014 16:04:00 +0200 Subject: [Dovecot] LMTP SSL? In-Reply-To: <20140514144803.Horde.FgaW5XqRjAKc9AeVJ-HaDw9@horde.andreasschulze.de> References: <20140512115631.GI30748@charite.de> <20140514144803.Horde.FgaW5XqRjAKc9AeVJ-HaDw9@horde.andreasschulze.de> Message-ID: <20140514140400.GP11674@charite.de> * Andreas Schulze : > Is stunnel an option? > MTA -> crypto to remote stunnel endpoint -> plaintext to localhost:lmtp Yes, works like a charm -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From goetz.reinicke at filmakademie.de Wed May 14 14:09:08 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Wed, 14 May 2014 16:09:08 +0200 Subject: [Dovecot] Pigeonhole Sieve: Vacation Extension answer to every E-Mail Message-ID: <53737904.4000009@filmakademie.de> Hi, dont ask :) but I have two accounts for which I have to configure an auto reply for any e-mail send to it. As far as I understand Sieve yet, I do have to set sieve_vacation_min_period = 0 in the dovecot config and set the days value in the sieve rule. But as there is a limit of 1 day, I think this is not working. Right? Is there any other way to accomplish that? regards . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5306 bytes Desc: S/MIME Cryptographic Signature URL: From rs at sys4.de Wed May 14 14:20:55 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 14 May 2014 16:20:55 +0200 Subject: [Dovecot] Pigeonhole Sieve: Vacation Extension answer to every E-Mail In-Reply-To: <53737904.4000009@filmakademie.de> References: <53737904.4000009@filmakademie.de> Message-ID: <53737BC7.6050903@sys4.de> Am 14.05.2014 16:09, schrieb G?tz Reinicke - IT Koordinator: > Hi, > > dont ask :) but I have two accounts for which I have to configure an > auto reply for any e-mail send to it. you shouldnt do that , you risk endless mail ping pong Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From skdovecot at smail.inf.fh-brs.de Wed May 14 14:44:30 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 14 May 2014 16:44:30 +0200 (CEST) Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53734507.5030504@Media-Brokers.com> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <53734507.5030504@Media-Brokers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 14 May 2014, Charles Marcus wrote: > On 5/13/2014 3:02 PM, Stephan Bosch wrote: >> If you know what you are doing (think twice about that!), you can override >> this behavior using the sieve_vacation_send_from_recipient setting (if your >> Pigeonhole is recent enough): >> http://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/Vacation#Configuration >> Regards, Stephan. > > Just be sure you understand why... > > I recommend you read the pertinent RFC which explains the reasoning as to why > the null sender is recommended, and if you are going to use another/real > address, only use one that will never auto-respond to *anything*: Yep, those using different <> null senders should be aware, that there envelope sender rewritings, such as BATV and SRS0, that make the address unique each time by adding hashed timestamps or something like that. Those rewritings undermine the vacation database. I hope that those implementations generate an unique address per day and not per message. :-) > http://tools.ietf.org/html/rfc3834#section-3.3 > > Specifically: > > The primary purpose of the MAIL FROM address is to serve as the > destination for delivery status messages and other automatic > responses. Since in most cases it is not appropriate to respond to > an automatic response, and the responder is not interested in > delivery status messages, a MAIL FROM address of <> MAY be used for > this purpose. A MAIL FROM address which is specifically chosen for > the purpose of sending automatic responses, and which will not > automatically respond to any message sent to it, MAY be used instead > of <>. > > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3OBT3z1H7kL/d9rAQKGhggAxXOPt5UGUeSiZk/mc+2CvcKkmO5oIrDD Z/mTligp6LOzJC3WnkXgra+mBwBlr/6WBE0Qze/7/z6arbG/3kQLaRhGexLJ630J Z/f1uDNh6ntziw5yiix9QiW241UaDf9kVWrhKjPSchiLMF8GS874jSW7Ox/siMOu +QcFIiTGXeFdUmqNb6F0rDKJLdGShLULh+EfOh26JRMkPiPpdzWXdgIHA8xqB5iN pvD23uB/Hm+gSrj6hwFZjGBI0jxqyIdo3prtqO7Iw6zs7dvvGR45GmVAiVe1KsSl mDNmxXpTtLPO4g3AlgVg98VinTC8BGACStS5zQvvhnwHjqd/0CgtQA== =e7tc -----END PGP SIGNATURE----- From Jochen.Bern at LINworks.de Wed May 14 14:44:28 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Wed, 14 May 2014 16:44:28 +0200 Subject: [Dovecot] Broken IMAPS Connects Create Lingering imap-login Processes In-Reply-To: <5369168D.5030201@LINworks.de> References: <5367F106.9040800@LINworks.de> <24CA5A07-86C7-4435-B482-6CF7E5FEFC7F@iki.fi> <5369168D.5030201@LINworks.de> Message-ID: <5373814C.3080602@LINworks.de> On 06.05.2014 19:06, Jochen Bern wrote: > On 06.05.2014 14:14, Timo Sirainen wrote: >> There was bug where a broken handshake could have caused 100% CPU >> usage. Maybe the same problem could happen in a slightly different >> way and also not cause CPU usage. >> http://hg.dovecot.org/dovecot-2.2/rev/c0236d1c4a04 fixes this. >> >> Although even then .. I'm not sure why the process wouldn't die >> sooner. > > Thanks for the pointers. We're having a change management and an > official-repos-if-at-all-possible policy going on, so I'll likely start > with adding just this patch To follow up: I added the mentioned patch (and the one from CVE-2014-3430) and the imap-login processes now go away after ~3 minutes. Unfortunately, the client('s network) in question changed its behavior *before* the update, and I never succeeded in reproducing the problem. The tcpdumps of the client mis-connections *now* *look* similar to the ones I took during the original problem, though, so I'm Rather Certain (tm) that the original problem's fixed. :-} Thanks again, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From stephan at rename-it.nl Wed May 14 14:45:13 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 14 May 2014 16:45:13 +0200 Subject: [Dovecot] Pigeonhole Sieve: Vacation Extension answer to every E-Mail In-Reply-To: <53737904.4000009@filmakademie.de> References: <53737904.4000009@filmakademie.de> Message-ID: <53738179.3090709@rename-it.nl> G?tz Reinicke - IT Koordinator schreef op 14-5-2014 16:09: > Hi, > > dont ask :) ok... > but I have two accounts for which I have to configure an > auto reply for any e-mail send to it. > > As far as I understand Sieve yet, I do have to set > sieve_vacation_min_period = 0 in the dovecot config and set the days > value in the sieve rule. > > But as there is a limit of 1 day, I think this is not working. Right? > > Is there any other way to accomplish that? http://tools.ietf.org/html/rfc6131 Regards, Stephan. From CMarcus at Media-Brokers.com Wed May 14 14:56:59 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 14 May 2014 10:56:59 -0400 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <53734507.5030504@Media-Brokers.com> Message-ID: <5373843B.9000900@Media-Brokers.com> On 5/14/2014 10:44 AM, Steffen Kaiser wrote: > Yep, those using different <> null senders should be aware, that there > envelope sender rewritings, such as BATV and SRS0, that make the > address unique each time by adding hashed timestamps or something like > that. Those rewritings undermine the vacation database. > I hope that those implementations generate an unique address per day > and not per message. Best would be if there was a way to code sieve such that it could ignore the BATV/SRS0 junk, as well as plussed addresses... Is there enough rhyme/reason to these schemes that would make that feasible? -- Best regards, Charles From h.reindl at thelounge.net Wed May 14 15:04:31 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 14 May 2014 17:04:31 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <5373843B.9000900@Media-Brokers.com> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <53734507.5030504@Media-Brokers.com> <5373843B.9000900@Media-Brokers.com> Message-ID: <537385FF.1040006@thelounge.net> Am 14.05.2014 16:56, schrieb Charles Marcus: > On 5/14/2014 10:44 AM, Steffen Kaiser wrote: >> Yep, those using different <> null senders should be aware, that there envelope sender rewritings, such as BATV >> and SRS0, that make the address unique each time by adding hashed timestamps or something like that. Those >> rewritings undermine the vacation database. >> I hope that those implementations generate an unique address per day and not per message. > > Best would be if there was a way to code sieve such that it could ignore the BATV/SRS0 junk, as well as plussed > addresses... wrong way - there are standards for not-to-repsond messages * null sender * Precedence: bulk * Precedence: list * Auto-Submitted: auto-generated these are typically ignored there is really no reason to code around because someone insists on rejecting all warnings and pretending that he knows what he is doing by add a Return-Path to auto-repsonders no, he does *not* know what he is doing and i even go so far to say it's missing competence for mailserver administration the mail cient on the receiver shows the FROM-HEADER and not the Return-Path and even reply works from a mail-client only other responders and mailing-lists are acting with the Return-Path and they all know how to handle a null-sender -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From goetz.reinicke at filmakademie.de Wed May 14 15:18:07 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Wed, 14 May 2014 17:18:07 +0200 Subject: [Dovecot] Pigeonhole Sieve: Vacation Extension answer to every E-Mail In-Reply-To: <53737BC7.6050903@sys4.de> References: <53737904.4000009@filmakademie.de> <53737BC7.6050903@sys4.de> Message-ID: <5373892F.8000603@filmakademie.de> Am 14.05.14 16:20, schrieb Robert Schetterer: > Am 14.05.2014 16:09, schrieb G?tz Reinicke - IT Koordinator: >> Hi, >> >> dont ask :) but I have two accounts for which I have to configure an >> auto reply for any e-mail send to it. > > you shouldnt do that , you risk endless mail ping pong Hi, that's what my don't ask refers to ... I know that, but currently I dont have any solid rock arguments/technical solutions how the two users could achieve what they want in an other way. Answering any mail by hand with a default sentence is what they want to avoid. Suggestion? Regards . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5306 bytes Desc: S/MIME Cryptographic Signature URL: From rs at sys4.de Wed May 14 15:39:45 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 14 May 2014 17:39:45 +0200 Subject: [Dovecot] Pigeonhole Sieve: Vacation Extension answer to every E-Mail In-Reply-To: <5373892F.8000603@filmakademie.de> References: <53737904.4000009@filmakademie.de> <53737BC7.6050903@sys4.de> <5373892F.8000603@filmakademie.de> Message-ID: <53738E41.5030500@sys4.de> Am 14.05.2014 17:18, schrieb G?tz Reinicke - IT Koordinator: > Am 14.05.14 16:20, schrieb Robert Schetterer: >> Am 14.05.2014 16:09, schrieb G?tz Reinicke - IT Koordinator: >>> Hi, >>> >>> dont ask :) but I have two accounts for which I have to configure an >>> auto reply for any e-mail send to it. >> >> you shouldnt do that , you risk endless mail ping pong > > Hi, > > that's what my don't ask refers to ... I know that, but currently I dont > have any solid rock arguments/technical solutions how the two users > could achieve what they want in an other way. > > Answering any mail by hand with a default sentence is what they want to > avoid. > > Suggestion? Regards . G?tz > http://tools.ietf.org/html/rfc6131 If ":seconds 0" is specified and used, it means that all auto-replies are sent, and no attempt is made to suppress consecutive replies. This differs from the base vacation specification, which does not allow a time period of zero (":days 0" is forbidden); the change is necessary to allow operation of an auto-responder (see [RFC6133], and note especially example 4 in section 3 of that document). If ":seconds" and ":days" are both omitted, a site-defined interval is used (see [RFC5230]). Usage: vacation [":days" number | ":seconds" number] [":subject" string] [":from" string] [":addresses" string-list] [":mime"] [":handle" string] Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From maciej.uhlig at us.edu.pl Wed May 14 16:29:59 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Wed, 14 May 2014 18:29:59 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <537385FF.1040006@thelounge.net> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <53734507.5030504@Media-Brokers.com> <5373843B.9000900@Media-Brokers.com> <537385FF.1040006@thelounge.net> Message-ID: <53739A07.2020904@us.edu.pl> Reindl Harald - 2014-05-14 17:04: > the mail cient on the receiver shows the FROM-HEADER and not > the Return-Path I'm actually looking at your mail using the newest Thunderbird and guess what I see? I see your mistake: Return-Path: Thanks. MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From heupink at merit.unu.edu Wed May 14 17:21:52 2014 From: heupink at merit.unu.edu (mourik jan heupink - merit) Date: Wed, 14 May 2014 19:21:52 +0200 Subject: [Dovecot] Enterprise repository for free now? ;-) (Bug?) In-Reply-To: References: Message-ID: <5373A630.30309@merit.unu.edu> Hi, On 5/14/2014 15:38, Daniel Thielemann wrote: > Timo answered me already: > >> Intentional. We haven't had time to update the web. > > Enjoy your repo access :D Intentional? :-) Wow, that's great news! Thank you Timo! From CMarcus at Media-Brokers.com Wed May 14 17:26:15 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 14 May 2014 13:26:15 -0400 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53739A07.2020904@us.edu.pl> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <53734507.5030504@Media-Brokers.com> <5373843B.9000900@Media-Brokers.com> <537385FF.1040006@thelounge.net> <53739A07.2020904@us.edu.pl> Message-ID: <5373A737.90107@Media-Brokers.com> On 5/14/2014 12:29 PM, Maciej Uhlig wrote: > Reindl Harald - 2014-05-14 17:04: >> the mail cient on the receiver shows the FROM-HEADER and not >> the Return-Path > I'm actually looking at your mail using the newest Thunderbird and guess > what I see? I see your mistake: > > Return-Path: ??? He didn't say you couldn't see the return path, he said that the mail client (I'll append 'usually') only shows the From header. -- Best regards, Charles From maciej.uhlig at us.edu.pl Wed May 14 17:49:32 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Wed, 14 May 2014 19:49:32 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <5373A737.90107@Media-Brokers.com> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <53734507.5030504@Media-Brokers.com> <5373843B.9000900@Media-Brokers.com> <537385FF.1040006@thelounge.net> <53739A07.2020904@us.edu.pl> <5373A737.90107@Media-Brokers.com> Message-ID: <5373ACAC.9000706@us.edu.pl> Charles Marcus - 2014-05-14 19:26: > On 5/14/2014 12:29 PM, Maciej Uhlig wrote: >> Reindl Harald - 2014-05-14 17:04: >>> the mail cient on the receiver shows the FROM-HEADER and not >>> the Return-Path >> I'm actually looking at your mail using the newest Thunderbird and guess >> what I see? I see your mistake: >> >> Return-Path: > > ??? He didn't say you couldn't see the return path, he said that the > mail client (I'll append 'usually') only shows the From header. > He said the mail client doesn't show the Return-Path and I said it's not true because Thunderbird shows not only the From header line but also it _does_ show Return-Path line. This is simple logic coming from everyday observation. Thanks. MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From Jochen.Bern at LINworks.de Wed May 14 19:05:41 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Wed, 14 May 2014 21:05:41 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <5373ACAC.9000706@us.edu.pl> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <53734507.5030504@Media-Brokers.com> <5373843B.9000900@Media-Brokers.com> <537385FF.1040006@thelounge.net> <53739A07.2020904@us.edu.pl> <5373A737.90107@Media-Brokers.com> <5373ACAC.9000706@us.edu.pl> Message-ID: <5373BE85.1000704@LINworks.de> On -10.01.-28163 20:59, Maciej Uhlig wrote: > Charles Marcus - 2014-05-14 19:26: >> On 5/14/2014 12:29 PM, Maciej Uhlig wrote: >>> Reindl Harald - 2014-05-14 17:04: >>>> the mail cient on the receiver shows the FROM-HEADER and not >>>> the Return-Path > > He said the mail client doesn't show the Return-Path and I said it's not > true because Thunderbird shows not only the From header line but also it > _does_ show Return-Path line. This is simple logic coming from everyday > observation. Allow me to both correct Haralds sentence, and provide you with a suitably picky answer to your initial question ("May I ask to add Return-Path: some meaningful header line"): a) MUAs will use the Header-From: (and a variety of other headers, like Reply-To: or, if "Reply to all", To: and Cc:) to determine the address(es) to send replies to, not the Envelope-From_ like automated processing should. b) Your (sender-side) software CANNOT generate a Return-Path: header, because it is generated (if at all, as that functionality is optional) upon final delivery on the receiver's side (MDA). Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From CMarcus at Media-Brokers.com Wed May 14 19:08:31 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 14 May 2014 15:08:31 -0400 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <5373ACAC.9000706@us.edu.pl> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <53734507.5030504@Media-Brokers.com> <5373843B.9000900@Media-Brokers.com> <537385FF.1040006@thelounge.net> <53739A07.2020904@us.edu.pl> <5373A737.90107@Media-Brokers.com> <5373ACAC.9000706@us.edu.pl> Message-ID: <5373BF2F.2090805@Media-Brokers.com> On 5/14/2014 1:49 PM, Maciej Uhlig wrote: > He said the mail client doesn't show the Return-Path and I said it's not > true because Thunderbird shows not only the From header line but also it > _does_ show Return-Path line. It shows the return path buried deep in the headers, yes, but virtually every email client I've ever used (Thunderbird included) will not show that header unless you tell it to, all you'll ever see is the From header. Are you done picking nits? -- Best regards, Charles From me at junc.eu Wed May 14 20:57:41 2014 From: me at junc.eu (Benny Pedersen) Date: Wed, 14 May 2014 22:57:41 +0200 Subject: [Dovecot] 2.2.12 RPM Needed In-Reply-To: <53712985.4050508@filmakademie.de> References: <53594BD0.7010508@globalchangemusic.org> <535964C0.6020000@thelounge.net> <53712985.4050508@filmakademie.de> Message-ID: <0c01bb389c73225f0f5db4bc58c571e6@junc.eu> G?tz Reinicke - IT Koordinator skrev den 2014-05-12 22:05: > > I downloaded the ATRPM specfile (http://dl.atrpms.net/all/dovecot.spec) > and the recent dovecot file and get a > > Fehler: Ung?ltige Quelle: > /root/rpmbuild/SOURCES/dovecot-2.1-defaultconfig.patch: Datei oder > Verzeichnis nicht gefunden > > when I do rpmbuild -ba dovecot.spec do not build rpms as root user, create a non priviledged user that run rpmbuild and remove the patch from spec file since it properly not needed in later versions of dovecot From me at junc.eu Wed May 14 22:44:40 2014 From: me at junc.eu (Benny Pedersen) Date: Thu, 15 May 2014 00:44:40 +0200 Subject: [Dovecot] LMTP SSL? In-Reply-To: <20140514144803.Horde.FgaW5XqRjAKc9AeVJ-HaDw9@horde.andreasschulze.de> References: <20140512115631.GI30748@charite.de> <20140514144803.Horde.FgaW5XqRjAKc9AeVJ-HaDw9@horde.andreasschulze.de> Message-ID: Postfix can listen on port 24 with lmtp content filter does not solve it? Then its entirely a postfix solution :) -- Sendt fra min Android telefon med K-9 Mail. Undskyld hvis jeg er lidt kortfattet. From goetz.reinicke at filmakademie.de Thu May 15 08:36:58 2014 From: goetz.reinicke at filmakademie.de (=?UTF-8?B?R8O2dHogUmVpbmlja2UgLSBJVCBLb29yZGluYXRvcg==?=) Date: Thu, 15 May 2014 10:36:58 +0200 Subject: [Dovecot] 2.2.12 RPM Needed - SOLVED In-Reply-To: <0c01bb389c73225f0f5db4bc58c571e6@junc.eu> References: <53594BD0.7010508@globalchangemusic.org> <535964C0.6020000@thelounge.net> <53712985.4050508@filmakademie.de> <0c01bb389c73225f0f5db4bc58c571e6@junc.eu> Message-ID: <53747CAA.2050702@filmakademie.de> Am 14.05.14 22:57, schrieb Benny Pedersen: > G?tz Reinicke - IT Koordinator skrev den 2014-05-12 22:05: >> >> I downloaded the ATRPM specfile (http://dl.atrpms.net/all/dovecot.spec) >> and the recent dovecot file and get a >> >> Fehler: Ung?ltige Quelle: >> /root/rpmbuild/SOURCES/dovecot-2.1-defaultconfig.patch: Datei oder >> Verzeichnis nicht gefunden >> >> when I do rpmbuild -ba dovecot.spec > > do not build rpms as root user, create a non priviledged user that run > rpmbuild > > and remove the patch from spec file since it properly not needed in > later versions of dovecot Thanks for your feedback, but a) I found a repository for the recent dovecot rpm and b) Timo opened the enterprise repository to recently, so there is no need any more for us currently to rebuild with e.g. special or less options/features. regards . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5306 bytes Desc: S/MIME Cryptographic Signature URL: From maciej.uhlig at us.edu.pl Thu May 15 08:59:38 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Thu, 15 May 2014 10:59:38 +0200 Subject: [Dovecot] v2.2.13.rc1 released - signal 11, Segmentation fault. in mail_cache_header_fields_read () In-Reply-To: References: <536CAF85.4030806@us.edu.pl> Message-ID: <537481FA.2060306@us.edu.pl> Timo Sirainen - 2014-05-09 15:27: > > I thought this was fixed already, but I guess not. It would be helpful if you could either > > a) Enable debug symbols so the backtrace would show exactly where it crashes Here you are: Core was generated by `dovecot/imap postlogin'. Program terminated with signal 11, Segmentation fault. #0 0x00007f636c1e44c5 in mail_cache_header_fields_read (cache=0x65fb00) at mail-cache-fields.c:370 370 for (p = names; p != end && *p != '\0'; p++) ; Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.132.el6.x86_64 (gdb) bt full #0 0x00007f636c1e44c5 in mail_cache_header_fields_read (cache=0x65fb00) at mail-cache-fields.c:370 field_hdr = 0x67c680 field = {name = 0x0, idx = 0, type = MAIL_CACHE_FIELD_FIXED_SIZE, field_size = 0, decision = MAIL_CACHE_DECISION_NO, last_used = 0} last_used = 0x67c68c sizes = 0xc67c68c types = 0x1867c68c
decisions = 0x1b67c68c
p = 0x1e67c68c
names = end = 0x5267c680
orig_key = 0x65a5d0 "mime.parts" fidx = new_fields_count = dec = max_drop_time = 1396994400 offset = 336 i = __FUNCTION__ = "mail_cache_header_fields_read" #1 0x00007f636c1e221a in mail_cache_open_and_verify (cache=0x65fb00) at mail-cache.c:497 ret = 1 #2 0x00007f636c1e3e9d in mail_cache_register_get_list (cache=0x65fb00, pool=0x673890, count_r=0x7fff745e1818) at mail-cache-fields.c:194 list = i = #3 0x00007f636c1d8c24 in get_metadata_cache_fields (box=0x65cf10, items=MAILBOX_METADATA_CACHE_FIELDS, ---Type to continue, or q to quit--- metadata_r=0x7fff745e18d0) at index-status.c:206 cache_fields = i = count = fields = dec = cf = #4 index_mailbox_get_metadata (box=0x65cf10, items=MAILBOX_METADATA_CACHE_FIELDS, metadata_r=0x7fff745e18d0) at index-status.c:392 No locals. #5 0x00007f636c174520 in maildir_mailbox_get_metadata (box=, items=MAILBOX_METADATA_CACHE_FIELDS, metadata_r=0x7fff745e18d0) at maildir-storage.c:548 mbox = 0x65cf10 #6 0x00007f636c1ab33e in mailbox_get_metadata (box=0x65cf10, items=MAILBOX_METADATA_CACHE_FIELDS, metadata_r=0x7fff745e18d0) at mail-storage.c:1553 __FUNCTION__ = "mailbox_get_metadata" #7 0x00007f636c1d97d7 in index_copy_cache_fields (ctx=0x66d470, src_mail=0x668c50, dest_seq=4) at index-storage.c:859 src_metadata = {guid = '\000' , virtual_size = 0, cache_fields = 0x6732f8, precache_fields = 0, backend_ns_prefix = 0x0, backend_ns_type = 0} dest_metadata = {guid = '\000' , virtual_size = 0, cache_fields = 0x0, precache_fields = 0, backend_ns_prefix = 0x0, backend_ns_type = 0} field = buf = _data_stack_cur_id = 5 #8 0x00007f636c172daa in maildir_save_add (_ctx=0x66d470, ---Type to continue, or q to quit--- tmp_fname=0x6334b0 "1400137850.M128554P51577.dzeta.us.edu.pl", src_mail=0x668c50) at maildir-save.c:222 ctx = 0x66d470 mdata = 0x66d480 mf = 0x66d6a8 input = keyword_count = 0 __FUNCTION__ = "maildir_save_add" #9 0x00007f636c16f12e in maildir_copy_hardlink (ctx=0x66d470, mail=0x668c50) at maildir-copy.c:108 dest_mbox = 0x65cf10 dest_fname = 0x6334b0 "1400137850.M128554P51577.dzeta.us.edu.pl" size = old_abort = mf = do_ctx = { dest_path = 0x6334e0 "/pracmail/us.edu.pl/malgorzata.gornik-durose/mail/.Podr&APMBfA-e/tmp/1400137850.M128554P51577.dzeta.us.edu.pl", success = 1} guid = src_mbox = path = 0x66e480 "\020\317e" vsize = #10 maildir_copy (ctx=0x66d470, mail=0x668c50) at maildir-copy.c:137 _data_stack_cur_id = 4 _t = mbox = __FUNCTION__ = "maildir_copy" #11 0x00007f636b825521 in notify_copy (ctx=0x66d470, mail=0x668c50) at notify-storage.c:107 ---Type to continue, or q to quit--- lt = 0x660020 lbox = 0x65d6c8 ret = #12 0x00007f636bc35363 in quota_copy (ctx=0x66d470, mail=0x668c50) at quota-storage.c:220 t = 0x665e60 qt = 0x667350 qbox = 0x65d530 #13 0x00007f636c1aca5d in mailbox_copy (_ctx=, mail=0x668c50) at mail-storage.c:2149 ctx = 0x66d470 t = 0x665e60 keywords = 0x0 pvt_flags = 0 backend_mail = 0x668c50 ret = __FUNCTION__ = "mailbox_copy" #14 0x00007f636c1acbcd in mailbox_move (_ctx=, mail=0x668c50) at mail-storage.c:2170 ctx = 0x66d470 #15 0x000000000040c667 in fetch_and_copy (cmd=0x6526f0, move=true) at cmd-copy.c:67 search_ctx = 0x6689b0 src_trans = 0x6673c0 srcset_ctx = {str = 0x633348, first_uid = 0, last_uid = 4294967295} ret = 1 save_ctx = 0x0 mail = 0x668c50 copy_count = 1 src_uidset = 0x633348 ---Type to continue, or q to quit--- #16 cmd_copy_full (cmd=0x6526f0, move=true) at cmd-copy.c:123 client = 0x651ee0 dest_storage = destbox = 0x65cf10 t = 0x665e60 src_trans = search_args = 0x65bf00 messageset = 0x63ec30 "21478" mailbox = 0x63ec38 "Podr&APMBfA-e" src_uidset = sync_flags = 0 imap_flags = 0 changes = {pool = 0x0, uid_validity = 1810758898, saved_uids = {arr = {buffer = 0x4, element_size = 222429762624}, v = 0x4, v_modifiable = 0x4}, ignored_modseq_changes = 0, changed = false, no_read_perm = false} copy_count = msg = ret = __FUNCTION__ = "cmd_copy_full" #17 0x0000000000418b0d in command_exec (cmd=0x6526f0) at imap-commands.c:158 hook = 0x63c110 ret = #18 0x0000000000417ae4 in client_command_input (cmd=0x6526f0) at imap-client.c:778 client = 0x651ee0 command = __FUNCTION__ = "client_command_input" ---Type to continue, or q to quit--- #19 0x0000000000417c25 in client_command_input (cmd=0x6526f0) at imap-client.c:839 client = 0x651ee0 command = __FUNCTION__ = "client_command_input" #20 0x0000000000418095 in client_handle_next_command (client=0x651ee0) at imap-client.c:877 No locals. #21 client_handle_input (client=0x651ee0) at imap-client.c:889 _data_stack_cur_id = 3 ret = false remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" #22 0x000000000041896f in client_input (client=0x651ee0) at imap-client.c:931 cmd = output = 0x64bad0 bytes = 32 __FUNCTION__ = "client_input" #23 0x00007f636becb74d in io_loop_call_io (io=0x64bba0) at ioloop.c:441 ioloop = 0x63b750 t_id = 2 __FUNCTION__ = "io_loop_call_io" #24 0x00007f636beccb15 in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 ctx = 0x63c3f0 events = event = 0x63d260 list = 0x64bc00 ---Type to continue, or q to quit--- io = tv = {tv_sec = 1799, tv_usec = 999456} msecs = ret = 1 i = j = 0 call = __FUNCTION__ = "io_loop_handler_run_internal" #25 0x00007f636becb7d9 in io_loop_handler_run (ioloop=0x63b750) at ioloop.c:488 No locals. #26 0x00007f636becb868 in io_loop_run (ioloop=0x63b750) at ioloop.c:465 __FUNCTION__ = "io_loop_run" #27 0x00007f636be74a63 in master_service_run (service=0x63b5e0, callback=) at master-service.c:566 No locals. #28 0x00000000004227e7 in main (argc=2, argv=0x63b390) at main.c:400 set_roots = {0x42b300, 0x0} login_set = {auth_socket_path = 0x633050 "\210\060c", postlogin_socket_path = 0x633088 "", postlogin_timeout_secs = 60, callback = 0x422980 , failure_callback = 0x422cf0 , request_auth_token = 1} service_flags = storage_service_flags = username = c = (gdb) Thanks. MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From h.reindl at thelounge.net Thu May 15 09:22:50 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 15 May 2014 11:22:50 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53739A07.2020904@us.edu.pl> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <53734507.5030504@Media-Brokers.com> <5373843B.9000900@Media-Brokers.com> <537385FF.1040006@thelounge.net> <53739A07.2020904@us.edu.pl> Message-ID: <5374876A.10502@thelounge.net> Am 14.05.2014 18:29, schrieb Maciej Uhlig: > Reindl Harald - 2014-05-14 17:04: >> the mail cient on the receiver shows the FROM-HEADER and not >> the Return-Path > > I'm actually looking at your mail using the newest Thunderbird and guess > what I see? I see your mistake: > > Return-Path: not in a default setup no MUA i ever seen shows that in a default setup thunderbird-24.5.0-1.fc20.x86_64 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From skdovecot at smail.inf.fh-brs.de Thu May 15 09:30:49 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 15 May 2014 11:30:49 +0200 (CEST) Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <537385FF.1040006@thelounge.net> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <53734507.5030504@Media-Brokers.com> <5373843B.9000900@Media-Brokers.com> <537385FF.1040006@thelounge.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 14 May 2014, Reindl Harald wrote: > Am 14.05.2014 16:56, schrieb Charles Marcus: >> On 5/14/2014 10:44 AM, Steffen Kaiser wrote: >>> Yep, those using different <> null senders should be aware, that there envelope sender rewritings, such as BATV >>> and SRS0, that make the address unique each time by adding hashed timestamps or something like that. Those >>> rewritings undermine the vacation database. >>> I hope that those implementations generate an unique address per day and not per message. >> >> Best would be if there was a way to code sieve such that it could ignore the BATV/SRS0 junk, as well as plussed >> addresses... > > wrong way - there are standards for not-to-repsond messages > > * null sender > * Precedence: bulk > * Precedence: list > * Auto-Submitted: auto-generated > > these are typically ignored Then there are standards, implemented by one big software creator: http://msdn.microsoft.com/en-us/library/ee219609%28v=EXCHG.80%29.aspx I've seen messages with X-Auto-Response-Suppress only, but neither Auto-Submitted nor Precedence. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3SJSXz1H7kL/d9rAQLAKAf/ZqaOLNEejUcG9nXXY1D7JHCZSmL/R/Ux ygy7L31PBQ5DdxniS6yJvuDyRkL+aum0yFy0GlusOgJhG331s+frw7tMHPZLPPru LqDRGVlJN54ot71f6gDPixJo42WrAt9tKAhXm6ySon3S32+rp2Z2GKGQ18aQ7TR9 B+2F+asHsyNIM5TiJvOkOxagmfI3sKdfE4hEr2O4uaSixGMOYqSVovQr4swFedSR mFRhfkEszTbpDMEegbaLBpMZ9UTAPNggzkq4LYjVE2qISrTiHE0uTIEXiw+2gKPL PYanoP4gnAbgrXkP5eNSB44FphotLNMf/0Ebz2Ea25SPQAOJ2o/MTQ== =I82K -----END PGP SIGNATURE----- From tss at iki.fi Thu May 15 10:45:55 2014 From: tss at iki.fi (Timo Sirainen) Date: Thu, 15 May 2014 13:45:55 +0300 Subject: [Dovecot] v2.2.13 released In-Reply-To: References: Message-ID: <2D55EEDB-F952-462D-9B38-7792D846C7FC@iki.fi> On 12.5.2014, at 12.28, Matthias Rieber wrote: > On Sun, 11 May 2014, Timo Sirainen wrote: > >> http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz >> http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz.sig > > fts and normal search in virtual folders still seems to be broken: http://hg.dovecot.org/dovecot-2.2/rev/e99cd21e1f92 hopefully fixes this. From bourek at thinline.cz Thu May 15 12:07:50 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Thu, 15 May 2014 14:07:50 +0200 Subject: [Dovecot] Performing an action on mail receipt In-Reply-To: References: <1399989227.23156.32.camel@andy-laptop> <53722A71.70201@rename-it.nl> <1400026546.23156.109.camel@andy-laptop> <53733A38.6010501@thinline.cz> Message-ID: <5374AE16.8020901@thinline.cz> On 14.5.2014 13:29, Axel Luttgens wrote: > Le 14 mai 2014 ? 11:41, Jiri Bourek a ?crit : > >> [...] >> AFAIK PigeonHole can read scripts only from file. Being able to use SQL database as data source would sure be nice and I recall there was some short discussion about it, but - again, AFAIK - it was never added as a feature. > > Hello Jiri, > > Just in case, since I've never tried myself... > > This file: > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/file/689db87e26f2/doc/script-location-dict.txt > > is systematically installed here as: > > share/doc/dovecot/sieve/script-location-dict.txt > > May perhaps be of interest? > > Axel > Guess I'm not used to looking into that "doc" directory anymore, Google usually knows everything. So thanks, but it's too late for me, already have the generator in place. Btw. gave it a try anyway on test system and found out a bit unexpected behaviour: sieve script described with everything on one line (below) works require ["fileinto"]; fileinto "testfolder"; However when you split it to multiple lines (so it looks nice in the DB), the interpreter does nothing (I guess it only uses first line and ignores everything else) I.e. this: require ["fileinto"]; fileinto "testfolder"; doesn't work Mentioning just in case someone as confused as I was stumbles into this thread. From ml-dovecot at zu-con.org Thu May 15 12:24:37 2014 From: ml-dovecot at zu-con.org (Matthias Rieber) Date: Thu, 15 May 2014 14:24:37 +0200 (CEST) Subject: [Dovecot] v2.2.13 released In-Reply-To: <2D55EEDB-F952-462D-9B38-7792D846C7FC@iki.fi> References: <2D55EEDB-F952-462D-9B38-7792D846C7FC@iki.fi> Message-ID: Hi, On Thu, 15 May 2014, Timo Sirainen wrote: > On 12.5.2014, at 12.28, Matthias Rieber wrote: > >> On Sun, 11 May 2014, Timo Sirainen wrote: >> >>> http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz >>> http://dovecot.org/releases/2.2/dovecot-2.2.13.tar.gz.sig >> >> fts and normal search in virtual folders still seems to be broken: > > http://hg.dovecot.org/dovecot-2.2/rev/e99cd21e1f92 hopefully fixes this. Looks good. No crashes after several searches. Thanks. Matthias From r at sys4.de Thu May 15 13:50:18 2014 From: r at sys4.de (Ralf Hildebrandt) Date: Thu, 15 May 2014 15:50:18 +0200 Subject: [Dovecot] Disconnected from database, retrying commit? Message-ID: <20140515135018.GH16041@sys4.de> In my log I have a lot of log entries like this one (covering one hour of logs here): May 15 09:00:49 dict: Info: maildatabase: Disconnected from database, retrying commit May 15 09:17:10 dict: Info: maildatabase: Disconnected from database, retrying commit May 15 09:22:30 dict: Info: maildatabase: Disconnected from database, retrying commit May 15 09:31:07 dict: Info: maildatabase: Disconnected from database, retrying commit May 15 09:37:15 dict: Info: maildatabase: Disconnected from database, retrying commit May 15 09:39:36 dict: Info: maildatabase: Disconnected from database, retrying commit May 15 09:50:49 dict: Info: maildatabase: Disconnected from database, retrying commit 7 times per hour, that's quite a bit. Dovecot 2.1.17 Related logs look like: ======================= May 15 00:16:44 imap(username): Info: save: box=Sent, uid=1196, msgid=<5373EB4A.90306 at sys4.de>, size=11152 May 15 00:16:44 dict: Info: maildatabase: Disconnected from database, retrying commit or: May 14 16:10:34 lmtp(7225, username at domain): Info: NTuhEvF1c1M5HAAAcnFQ7Q: msgid=<20090714161800.121200 at gmx.net>: saved mail to INBOX May 14 16:10:34 dict: Info: maildatabase: Disconnected from database, retrying commit May 14 16:10:34 dict: Info: mysql(sql.sys4.de): Connected to database maildatabase So it's reconnecting, but why is it disconnecting/being disconnected in the first place? Does it matter? should I worry? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From marc at perkel.com Fri May 16 01:09:08 2014 From: marc at perkel.com (Marc Perkel) Date: Thu, 15 May 2014 18:09:08 -0700 Subject: [Dovecot] Static Passdb Message-ID: <53756534.6060107@perkel.com> Tried this but it doesn't work. Says Unknown setting: password passdb { driver = static pass word = secret } The real file doesn't have a space in pass word. What am I doing wrong? Thanks in advance. From goetz.reinicke at filmakademie.de Fri May 16 07:50:18 2014 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke_-_IT_Koordinator?=) Date: Fri, 16 May 2014 09:50:18 +0200 Subject: [Dovecot] syncing problems Dovecot 2.2.13 Message-ID: <5375C33A.1030901@filmakademie.de> Hi, we still migrate a couple of users from mbox to maildir. Most of them are fine without any problem. Some crash and dont get all mails synced. first I sync backup the mbox to a maildir-NEW, than copy mbox to a new name, mv maildir-NEW to maildir. Now some problematic mailusers miss some mails from the old mbox, so I start a dsync mirror and BAM crash. e.g.: dsync(s108019): Panic: file mbox-lock.c: line 799 (mbox_lock): assertion failed: (lock_type == F_RDLCK || mbox->mbox_lock_type != F_RDLCK) dsync(s108019): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x333fe67f2a] -> /usr/lib64/dovecot/libdovecot.so.0(default_fatal_handler+0x35) [0x333fe68025] -> /usr/lib64/dovecot/libdovecot.so.0 [0x333fe67073] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mbox_lock+0x11c) [0x334025826c] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mbox_save_begin+0x98d) [0x334025a5ad] -> /usr/lib64/dovecot/lib10_quota_plugin.so [0x2b5b619183c2] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_save_begin+0x51) [0x334027b3f1] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_storage_copy+0x66) [0x3340275716] -> /usr/lib64/dovecot/lib15_notify_plugin.so [0x2b5b61b1f215] -> /usr/lib64/dovecot/lib10_quota_plugin.so [0x2b5b6191852d] -> /usr/lib64/dovecot/lib01_acl_plugin.so [0x2b5b61707b37] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_copy+0x72) [0x334027b282] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_move+0x1d) [0x334027b36d] -> dsyn [0x42f7a5] -> dsyn [0x43351a] -> dsyn(dsync_mailbox_import_changes_finish+0x165) [0x4339b5] -> dsyn(dsync_brain_sync_mails+0x58c) [0x42ed6c] -> dsyn(dsync_brain_run+0x594) [0x42af94] -> dsyn [0x429550] -> dsyn [0x411eef] -> dsyn(doveadm_mail_try_run+0x25c) [0x41231c] -> dsyn(main+0x32e) [0x41a92e] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3d3161d9c4] -> dsyn [0x411699] ANY help and suggestion is very welcome on how to procede. Regards . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5306 bytes Desc: S/MIME Cryptographic Signature URL: From selcuk.yazar at gmail.com Fri May 16 08:36:01 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Fri, 16 May 2014 11:36:01 +0300 Subject: [Dovecot] Pigeonhole and Dovecot deliver Message-ID: Hi, i still try to sieve system. ok first our deliver command procmail. our user accounts stored in openldap, mail files are in Maildir folders in 15-lda.conf recommented protocol lda { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins sieve log_path = info_log_path = } after that, in master.cf i added dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -a ${recipient} -d ${user}@${nexthop} in main.cf mailbox_command = /usr/libexec/dovecot/dovecot-lda -a "$RECIPIENT" dovecot_destination_recipient_limit = 1 virtual_transport = dovecot virtual_mailbox_domains = ldap:domains ?N 90-sieve.conf sieve = /home/vmail/domains/..................edu.tr/%n/.dovecot.sieve sieve_dir = /home/vmail/domains/.........................edu.tr/%n/.sieve and also i successfuly add my filters, shown in attachment. but mail don't deliver, waitin hold queue 77CBB22736! 2667 Fri May 16 11:15:54 selcuk.yazar at gmail.com selcukyazar at ................... edu.tr 76228227F9! 3028 Fri May 16 10:19:12 selcuk.yazar at gmail.com selcukyazar at .................... edu.tr any advice or solution thanks in advance -- Sel?uk YAZAR http://www.selcukyazar.blogspot.com -------------- next part -------------- A non-text attachment was scrubbed... Name: dv1.png Type: image/png Size: 17791 bytes Desc: not available URL: From teemu.huovila at dovecot.fi Fri May 16 08:39:00 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Fri, 16 May 2014 11:39:00 +0300 Subject: [Dovecot] Static Passdb In-Reply-To: <53756534.6060107@perkel.com> References: <53756534.6060107@perkel.com> Message-ID: <5375CEA4.3070309@dovecot.fi> On 05/16/2014 04:09 AM, Marc Perkel wrote: > Tried this but it doesn't work. Says Unknown setting: password > > passdb { > driver = static > pass word = secret > } http://wiki2.dovecot.org/PasswordDatabase/Static passdb { driver = static args = password=secret } br, Teemu Huovila From skdovecot at smail.inf.fh-brs.de Fri May 16 08:49:56 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 16 May 2014 10:49:56 +0200 (CEST) Subject: [Dovecot] Pigeonhole and Dovecot deliver In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 16 May 2014, Selcuk Yazar wrote: > ok first our deliver command procmail. you mean that your current MDA is procmail, which you want to replace by Dovecot deliver? > in master.cf i added > dovecot unix - n n - - pipe > flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f > ${sender} -a ${recipient} -d ${user}@${nexthop} > > in main.cf > mailbox_command = /usr/libexec/dovecot/dovecot-lda -a "$RECIPIENT" > dovecot_destination_recipient_limit = 1 > virtual_transport = dovecot > virtual_mailbox_domains = ldap:domains > but mail don't deliver, waitin hold queue > > 77CBB22736! 2667 Fri May 16 11:15:54 selcuk.yazar at gmail.com > selcukyazar at ................... > edu.tr > > 76228227F9! 3028 Fri May 16 10:19:12 selcuk.yazar at gmail.com > selcukyazar at .................... > edu.tr > > any advice or solution postfix and/or Dovecot are to log something, post the log lines of Dovecot and postfix. Did you've read http://wiki2.dovecot.org/LDA/Postfix ? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3XRNXz1H7kL/d9rAQKuUwgAk1bBYiPAgH+dXe70KXSnYZoSCkgQdI73 AjUCj7zCs3L5BF09QGD7oamjvzSAltEvFBvN2HTsh4k7+9tiDz1//5QfPtgc9yVy ditUUf2Tppa+ls3cZKxJ5IehKJxlSrTIDssqThR3Q4Wp5b1o1y/cEZXGT2mq93ge Rhjnm5fo2LdysqtDMtY4Wbt4UeoZr/ICi73yxzvB6OrT6OqY3pvpWrU4LlVTRnES 5GyQkAQjN65BxggEAYKbGiY/5scuNu03YkQBAzBMeDnqtXL3ApjwK4P+c/OyTW/r 9udykdk93s6zMtV1bbNJ8qEgTcGxaCwxcvNzfwvXkwX86Fue02WX6g== =wiMy -----END PGP SIGNATURE----- From selcuk.yazar at gmail.com Fri May 16 08:51:52 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Fri, 16 May 2014 11:51:52 +0300 Subject: [Dovecot] Pigeonhole and Dovecot deliver In-Reply-To: <5375d10e.61bd420a.390d.ffffc323SMTPIN_ADDED_BROKEN@mx.google.com> References: <5375d10e.61bd420a.390d.ffffc323SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: Hi, stefan, yes i try to change deliver to dovecot. thanks. On Fri, May 16, 2014 at 11:49 AM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Fri, 16 May 2014, Selcuk Yazar wrote: > > ok first our deliver command procmail. >> > > you mean that your current MDA is procmail, which you want to replace by > Dovecot deliver? > > > in master.cf i added >> dovecot unix - n n - - pipe >> flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f >> ${sender} -a ${recipient} -d ${user}@${nexthop} >> >> in main.cf >> mailbox_command = /usr/libexec/dovecot/dovecot-lda -a "$RECIPIENT" >> dovecot_destination_recipient_limit = 1 >> virtual_transport = dovecot >> virtual_mailbox_domains = ldap:domains >> > > but mail don't deliver, waitin hold queue >> >> 77CBB22736! 2667 Fri May 16 11:15:54 selcuk.yazar at gmail.com >> selcukyazar at ................... >> edu.tr >> >> 76228227F9! 3028 Fri May 16 10:19:12 selcuk.yazar at gmail.com >> selcukyazar at .................... >> edu.tr >> >> any advice or solution >> > > postfix and/or Dovecot are to log something, post the log lines of Dovecot > and postfix. Did you've read http://wiki2.dovecot.org/LDA/Postfix ? > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBU3XRNXz1H7kL/d9rAQKuUwgAk1bBYiPAgH+dXe70KXSnYZoSCkgQdI73 > AjUCj7zCs3L5BF09QGD7oamjvzSAltEvFBvN2HTsh4k7+9tiDz1//5QfPtgc9yVy > ditUUf2Tppa+ls3cZKxJ5IehKJxlSrTIDssqThR3Q4Wp5b1o1y/cEZXGT2mq93ge > Rhjnm5fo2LdysqtDMtY4Wbt4UeoZr/ICi73yxzvB6OrT6OqY3pvpWrU4LlVTRnES > 5GyQkAQjN65BxggEAYKbGiY/5scuNu03YkQBAzBMeDnqtXL3ApjwK4P+c/OyTW/r > 9udykdk93s6zMtV1bbNJ8qEgTcGxaCwxcvNzfwvXkwX86Fue02WX6g== > =wiMy > -----END PGP SIGNATURE----- > -- Sel?uk YAZAR http://www.selcukyazar.blogspot.com From skdovecot at smail.inf.fh-brs.de Fri May 16 09:12:26 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 16 May 2014 11:12:26 +0200 (CEST) Subject: [Dovecot] Pigeonhole and Dovecot deliver In-Reply-To: References: <5375d10e.61bd420a.390d.ffffc323SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 16 May 2014, Selcuk Yazar wrote: > yes i try to change deliver to dovecot. Please don't top post. What about the logs (last sentences in my previous mail)? > > On Fri, May 16, 2014 at 11:49 AM, Steffen Kaiser < > skdovecot at smail.inf.fh-brs.de> wrote: >> On Fri, 16 May 2014, Selcuk Yazar wrote: >> >> ok first our deliver command procmail. >>> >> >> you mean that your current MDA is procmail, which you want to replace by >> Dovecot deliver? >> >> in master.cf i added >>> dovecot unix - n n - - pipe >>> flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f >>> ${sender} -a ${recipient} -d ${user}@${nexthop} >>> >>> in main.cf >>> mailbox_command = /usr/libexec/dovecot/dovecot-lda -a "$RECIPIENT" >>> dovecot_destination_recipient_limit = 1 >>> virtual_transport = dovecot >>> virtual_mailbox_domains = ldap:domains >>> >> >> but mail don't deliver, waitin hold queue >>> >>> 77CBB22736! 2667 Fri May 16 11:15:54 selcuk.yazar at gmail.com >>> selcukyazar at ................... >>> edu.tr >>> >>> 76228227F9! 3028 Fri May 16 10:19:12 selcuk.yazar at gmail.com >>> selcukyazar at .................... >>> edu.tr >>> >>> any advice or solution >>> >> >> postfix and/or Dovecot are to log something, post the log lines of Dovecot >> and postfix. Did you've read http://wiki2.dovecot.org/LDA/Postfix ? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3XWe3z1H7kL/d9rAQI/bwf+P4tSirb7b1KpGFuDPJkHwnlKdYp/x1+z /4Ea5FmuXZDr2qcodOaV0u6Vk416d6T6uNwEsN0bUjVQegxb6LdIemtIsh14TGpN dAtYToSrlZPK0OTMR0OxjXYRq/1dyM+jGntmDI3gzMPgBNf/paUENAZs4fsn27hs bqwJDt1T1kmcC5FguNSSGIBJ6YSXpYbu1h63dv7OtBftF46Syi4WSUyjTHuA1NxE SkpcgYTt+sPKLty8vg1wfvn2EVgETctd+GpfDnEbrxFje/PKmnRp13dr93rJzLMB 8xWJ2+dtFmSjRnF0gYCHmku1zS5+vsl1Jmeap3EchS1ZSOlVKYfcXA== =r4AG -----END PGP SIGNATURE----- From Ralf.Hildebrandt at charite.de Fri May 16 09:35:21 2014 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Fri, 16 May 2014 11:35:21 +0200 Subject: [Dovecot] imapc Proxy to IMAPS Exchangeserver? Message-ID: <20140516093521.GC15834@charite.de> I'm trying to adapt http://wiki2.dovecot.org/HowTo/ImapcProxy to our Exchange Server, which has LOGINDISABLED on Port 143, and I offering LOGIN on Port 993. How do I go about this? Simply changing imapc_port to: imapc_port = 993 doesnt work: Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. . LOGIN hildeb password . NO [UNAVAILABLE] Temporary authentication failure. [mproxy:2014-05-16 09:33:23] . LOGOUT * BYE Logging out . OK Logout completed. Connection closed by foreign host. Logs: May 16 11:33:04 mproxy dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled) May 16 11:33:21 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:143): Command '2 LOGIN "hildeb" "password"' failed with BAD: 2 Command received in Invalid state. May 16 11:33:21 mproxy dovecot: auth: Error: imap(hildeb,::1,): Disconnected from server May 16 11:33:21 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:143): Authentication failed: Command received in Invalid state. May 16 11:33:26 mproxy dovecot: imap-login: Aborted login (auth failed, 1 attempts in 8 secs): user=, method=PLAIN, rip=::1, lip=::1, secured, session= But why is it still using port 143? -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From selcuk.yazar at gmail.com Fri May 16 09:39:00 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Fri, 16 May 2014 12:39:00 +0300 Subject: [Dovecot] Pigeonhole and Dovecot deliver In-Reply-To: <5375d662.86300f0a.3e27.7781SMTPIN_ADDED_BROKEN@mx.google.com> References: <5375d10e.61bd420a.390d.ffffc323SMTPIN_ADDED_BROKEN@mx.google.com> <5375d662.86300f0a.3e27.7781SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: Hi, i've read LDA/Postfix Virtual users section , and i added dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient} my master.cf, also I added dovecot_destination_recipient_limit = 1 virtual_transport = dovecot but I didnt find anything mailbox_command for virtual users then i removed it. also when i set sieve and sieve dir for per user i added 20-managesieve and 90-sieve sieve = /home/vmail/domains/........................edu.tr/%n/.dovecot.sieve sieve_dir = /home/vmail/domains/....................edu.tr/%n/.sieve values. unfortunately in maillog just see postfix hold information. thanks in advance. On Fri, May 16, 2014 at 12:12 PM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 16 May 2014, Selcuk Yazar wrote: > > yes i try to change deliver to dovecot. >> > > Please don't top post. > > What about the logs (last sentences in my previous mail)? > > >> On Fri, May 16, 2014 at 11:49 AM, Steffen Kaiser < >> skdovecot at smail.inf.fh-brs.de> wrote: >> >>> On Fri, 16 May 2014, Selcuk Yazar wrote: >>> >>> ok first our deliver command procmail. >>> >>>> >>>> >>> you mean that your current MDA is procmail, which you want to replace by >>> Dovecot deliver? >>> >>> in master.cf i added >>> >>>> dovecot unix - n n - - pipe >>>> flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f >>>> ${sender} -a ${recipient} -d ${user}@${nexthop} >>>> >>>> in main.cf >>>> mailbox_command = /usr/libexec/dovecot/dovecot-lda -a "$RECIPIENT" >>>> dovecot_destination_recipient_limit = 1 >>>> virtual_transport = dovecot >>>> virtual_mailbox_domains = ldap:domains >>>> >>>> >>> but mail don't deliver, waitin hold queue >>> >>>> >>>> 77CBB22736! 2667 Fri May 16 11:15:54 selcuk.yazar at gmail.com >>>> selcukyazar at ................... >>>> edu.tr >>>> >>>> 76228227F9! 3028 Fri May 16 10:19:12 selcuk.yazar at gmail.com >>>> selcukyazar at .................. >>>> .. >>>> edu.tr >>>> >>>> any advice or solution >>>> >>>> >>> postfix and/or Dovecot are to log something, post the log lines of >>> Dovecot >>> and postfix. Did you've read http://wiki2.dovecot.org/LDA/Postfix ? >>> >> > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBU3XWe3z1H7kL/d9rAQI/bwf+P4tSirb7b1KpGFuDPJkHwnlKdYp/x1+z > /4Ea5FmuXZDr2qcodOaV0u6Vk416d6T6uNwEsN0bUjVQegxb6LdIemtIsh14TGpN > dAtYToSrlZPK0OTMR0OxjXYRq/1dyM+jGntmDI3gzMPgBNf/paUENAZs4fsn27hs > bqwJDt1T1kmcC5FguNSSGIBJ6YSXpYbu1h63dv7OtBftF46Syi4WSUyjTHuA1NxE > SkpcgYTt+sPKLty8vg1wfvn2EVgETctd+GpfDnEbrxFje/PKmnRp13dr93rJzLMB > 8xWJ2+dtFmSjRnF0gYCHmku1zS5+vsl1Jmeap3EchS1ZSOlVKYfcXA== > =r4AG > -----END PGP SIGNATURE----- > -- Sel?uk YAZAR http://www.selcukyazar.blogspot.com From marc at perkel.com Fri May 16 10:01:22 2014 From: marc at perkel.com (Marc Perkel) Date: Fri, 16 May 2014 03:01:22 -0700 Subject: [Dovecot] Static Passdb In-Reply-To: <5375CEA4.3070309@dovecot.fi> References: <53756534.6060107@perkel.com> <5375CEA4.3070309@dovecot.fi> Message-ID: <5375E1F2.3080604@perkel.com> Works! Thanks! On 5/16/2014 1:39 AM, Teemu Huovila wrote: > On 05/16/2014 04:09 AM, Marc Perkel wrote: >> Tried this but it doesn't work. Says Unknown setting: password >> >> passdb { >> driver = static >> pass word = secret >> } > http://wiki2.dovecot.org/PasswordDatabase/Static > > passdb { > driver = static > args = password=secret > } > > br, > Teemu Huovila > > > From Ralf.Hildebrandt at charite.de Fri May 16 10:09:13 2014 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Fri, 16 May 2014 12:09:13 +0200 Subject: [Dovecot] imapc Proxy to IMAPS Exchangeserver? In-Reply-To: <20140516093521.GC15834@charite.de> References: <20140516093521.GC15834@charite.de> Message-ID: <20140516100913.GD15834@charite.de> * Ralf Hildebrandt : > I'm trying to adapt http://wiki2.dovecot.org/HowTo/ImapcProxy > to our Exchange Server, which has LOGINDISABLED on Port 143, and I > offering LOGIN on Port 993. > > How do I go about this? > > Simply changing imapc_port to: > imapc_port = 993 > doesnt work: I got a bit further by usingthe info found in http://dovecot.org/list/dovecot/2012-September/138334.html Now I'm getting: # telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. . LOGIN hildeb WRONGPASSWORD . NO [AUTHENTICATIONFAILED] Authentication failed. . LOGIN hildeb CORRECTPASSWORD * BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. The log says: May 16 12:07:05 mproxy dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled) May 16 12:07:29 mproxy dovecot: imap-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=23662, secured, session= May 16 12:07:29 mproxy dovecot: imap(hildeb): Error: user hildeb: Initialization failed: Namespace '': Mailbox list driver imapc: missing imapc_password May 16 12:07:29 mproxy dovecot: imap(hildeb): Error: Invalid user settings. Refer to server log for more information. Mailbox list driver imapc: missing imapc_password ??? -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From winnie at der-winnie.de Fri May 16 17:02:39 2014 From: winnie at der-winnie.de (Patrick Winnertz) Date: Fri, 16 May 2014 19:02:39 +0200 Subject: [Dovecot] Problems setting up extprograms in combination with crm114 Message-ID: <537644AF.3020509@der-winnie.de> Hello, I've troubles to configure sieve correctly to call the mailreaver script in order to parse mails for spam. I've the task to migrate a existing procmail setup to a sieve setup, and to keep the mail filtering step within sieve. I've added in /usr/lib/dovecot/sieve-filters/ a script called "mailreaver", which contains basically only one line - calling the right mailreaver.crm script: exec /usr/share/crm114/mailreaver.crm -u ~/.crm114 This script is then called in the sieve file using "filter "mailreaver". Indeed the script is invoked for every mail, however the signature is appended at the very end of the mail, not at the end of the header. Invoking the /usr/lib/dovecot/sieve-filters/mailreaver manually this way: cat test-email | /usr/lib/dovecot/sieve-filters/mailreaver or this way: /usr/lib/dovecot/sieve-filters/mailreaver < test-email results in both cases in a correct formatted way, so I don't know what is going wrong here. Adding a | tee /tmp/test-output resulted in the complete mail in /tmp/test-output, as I first thought that maybe the headers are not piped into the script - but this seems to be not the case obviously. Does anybody has a clue, as this seems not to be related to crm114 (as it obviously works on cmd), but to the way sieve calls this script. Or it would help to understand how the external filtering program is called - maybe my assumptions are wrong here (or I've simply missunderstood the documentation available online). Greetings Winnie -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 880 bytes Desc: OpenPGP digital signature URL: From wgrcunha at gmail.com Fri May 16 17:26:21 2014 From: wgrcunha at gmail.com (Francisco Wagner C. Freire) Date: Fri, 16 May 2014 14:26:21 -0300 Subject: [Dovecot] dovecot.map.index corrupted: missing map extension Message-ID: Hello, I have a dovecot setup on top of NFS server, and i get this error on some accounts: Warning: fscking index file ..../cache/storage/dovecot.map.index Warning: mdbox .../mdbox/storage: rebuilding indexes Error: mdbox map.../cache/storage/dovecot.map.index corrupted: missing map extension I tried force-resync, index and cant rebuild the indexes, any idea how to repair then? Thanks Dovecot version: 2.1.17 From delrio at mie.utoronto.ca Fri May 16 19:03:25 2014 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Fri, 16 May 2014 15:03:25 -0400 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53726C47.4030603@rename-it.nl> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> Message-ID: <537660FD.8080508@mie.utoronto.ca> On 05/13/14 03:02 PM, Stephan Bosch wrote: > > Use of NULL envelope sender is generally recommended to prevent mail loops Unfortunately, many servers out there reject emails with NULL sender. Some recent examples (real server names edited) : ... while talking to antispam1.*.ca.: >>> DATA <<< 550 Empty envelope senders not allowed ... while talking to smtp.*.net.: >>> MAIL From:<> SIZE=1096 <<< 550 5.1.0 <> Blank From: addresses are not allowed. Please provide a valid From: IB501 ... while talking to spam.*.edu.cn.: >>> DATA <<< 553 Requested action not taken: NULL sender is not allowed ... while talking to mail.*.co.kr.: >>> MAIL From:<> <<< 501 bad sender address expression. ... while talking to antispam.*.com.: >>> MAIL From:<> <<< 501 Syntax error in address From rs at sys4.de Fri May 16 19:13:13 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 16 May 2014 21:13:13 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <537660FD.8080508@mie.utoronto.ca> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <537660FD.8080508@mie.utoronto.ca> Message-ID: <53766349.2070502@sys4.de> Am 16.05.2014 21:03, schrieb Oscar del Rio: > On 05/13/14 03:02 PM, Stephan Bosch wrote: >> >> Use of NULL envelope sender is generally recommended to prevent mail >> loops > > Unfortunately, many servers out there reject emails with NULL sender. > Some recent examples (real server names edited) : > > ... while talking to antispam1.*.ca.: > >>> DATA > <<< 550 Empty envelope senders not allowed > > ... while talking to smtp.*.net.: > >>> MAIL From:<> SIZE=1096 > <<< 550 5.1.0 <> Blank From: addresses are not allowed. Please provide > a valid From: IB501 > > ... while talking to spam.*.edu.cn.: > >>> DATA > <<< 553 Requested action not taken: NULL sender is not allowed > > ... while talking to mail.*.co.kr.: > >>> MAIL From:<> > <<< 501 bad sender address expression. > > ... while talking to antispam.*.com.: > >>> MAIL From:<> > <<< 501 Syntax error in address you will find any kind of bad config in www if you search for it http://www.postfix.org/postconf.5.html ... Beware, some sites reject mail from <>, even though RFCs require that such addresses be accepted. ... Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rick at havokmon.com Fri May 16 19:24:00 2014 From: rick at havokmon.com (Rick Romero) Date: Fri, 16 May 2014 14:24:00 -0500 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <537660FD.8080508@mie.utoronto.ca> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <537660FD.8080508@mie.utoronto.ca> Message-ID: <20140516142400.Horde.s9XYXXX9c4-Q5oTnMuXl4Q1@www.vfemail.net> Quoting Oscar del Rio : > On 05/13/14 03:02 PM, Stephan Bosch wrote: >> Use of NULL envelope sender is generally recommended to prevent mail >> loops > > Unfortunately, many servers out there reject emails with NULL sender. > Some recent examples (real server names edited) : Any domain hosted by RackSpace will reject a NULL sender for 'backscatter'.? Bascially, 'backscatter' blockers assume all edge SMTP servers will have complete knowledge of the final delivery status - during the SMTP conversation - thus labeling all NULL senders as forged spam redirected to them via a bounce message.? http://www.backscatterer.org/ Rick From rs at sys4.de Fri May 16 19:36:28 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 16 May 2014 21:36:28 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <20140516142400.Horde.s9XYXXX9c4-Q5oTnMuXl4Q1@www.vfemail.net> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <537660FD.8080508@mie.utoronto.ca> <20140516142400.Horde.s9XYXXX9c4-Q5oTnMuXl4Q1@www.vfemail.net> Message-ID: <537668BC.2040700@sys4.de> Am 16.05.2014 21:24, schrieb Rick Romero: > Quoting Oscar del Rio : > >> On 05/13/14 03:02 PM, Stephan Bosch wrote: >>> Use of NULL envelope sender is generally recommended to prevent mail >>> loops >> >> Unfortunately, many servers out there reject emails with NULL sender. >> Some recent examples (real server names edited) : > > Any domain hosted by RackSpace will reject a NULL sender for > 'backscatter'. > > Bascially, 'backscatter' blockers assume all edge SMTP servers will have > complete knowledge of the final delivery status - during the SMTP > conversation - thus labeling all NULL senders as forged spam redirected to > them via a bounce message. > > http://www.backscatterer.org/ this use of this rbl is widly broken, dont do it, unless you have fully understand what you do > > Rick however if you want to change Return-Path use http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms http://hg.rename-it.nl/pigeonhole-0.3-sieve-extprograms/raw-file/tip/doc/rfc/spec-bosch-sieve-extprograms.txt with procmail/formail this also might give you the chance to prefilter only do changes to broken mail domain setups you might also write some milter/policy server for submission host etc and/or poke around with some SRS Solution http://www.openspf.org/SRS dont expect coders focus to broken setups Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Fri May 16 21:18:04 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 16 May 2014 23:18:04 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <537660FD.8080508@mie.utoronto.ca> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <537660FD.8080508@mie.utoronto.ca> Message-ID: <5376808C.2050504@thelounge.net> Am 16.05.2014 21:03, schrieb Oscar del Rio: > On 05/13/14 03:02 PM, Stephan Bosch wrote: >> >> Use of NULL envelope sender is generally recommended to prevent mail loops > > Unfortunately, many servers out there reject emails with NULL sender. > Some recent examples (real server names edited) *that* are not compliant mailservers - period they also break sender verification and what not else -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From d.parthey at metaways.de Sat May 17 05:55:11 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Sat, 17 May 2014 07:55:11 +0200 Subject: [Dovecot] pigeonhole installation postfix+dovecot+openldap In-Reply-To: References: Message-ID: Hi are you delivering your mails through dovecot lmtp/lda or does your postfix write directly to your mail folders? Maybe show your postconf -n or kindly ask on the postfix mailing list. If dovecot LDA and LMTP are both not involved in delivery, SIEVE filtering via dovecot pigeonhole will most probably not work. Regards Daniel From d.parthey at metaways.de Sat May 17 06:59:37 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Sat, 17 May 2014 08:59:37 +0200 Subject: [Dovecot] RFE: please add mail queue id to 'sent vacation response' log line In-Reply-To: <20140514141244.Horde.3GoFQ5KLkeLpdYEdD6bOFg4@horde.andreasschulze.de> References: <53720148.2060407@us.edu.pl> <20140514141244.Horde.3GoFQ5KLkeLpdYEdD6bOFg4@horde.andreasschulze.de> Message-ID: <31127e18-51d2-4ac4-a9fd-0445bf1744e8@email.android.com> On 14. Mai 2014 14:12:44 MESZ, Andreas Schulze wrote: > >Maciej Uhlig: > >Need to mention: >it relies on "submission_host = $SMTP-SERVER" in dovecot.conf. Yeah, would be a cool new debug feature to log the MTA response. >No idea how it looks on submission via /usr/sbin/sendmail... The outgoing vacation message is logged in the local MTA then. No need for dovecot debug output then, except the return code of the sendmail executable where the mail is piped into. Regards Daniel From CMarcus at Media-Brokers.com Sat May 17 11:14:17 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sat, 17 May 2014 07:14:17 -0400 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <537660FD.8080508@mie.utoronto.ca> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <537660FD.8080508@mie.utoronto.ca> Message-ID: <53774489.4020704@Media-Brokers.com> On 5/16/2014 3:03 PM, Oscar del Rio wrote: > Unfortunately, many servers out there reject emails with NULL sender. Unfortunately, there are many clueless mail admins and/or badly/mis configured mail servers out there. The reality is that the RFCs mandate that the null sender envelope address is one that must be accepted, as there are many tthings smtp that depend on it. That said, I really don't care if their server rejects our user occasional vacation message or not, so it isn't something I even care about knowing about, other than to tell a user that the reason their valuable vacation response wasn't received by their VIP customer is because their VIP customers genius mail admin decided that they didn't want to receive any of those kinds of emails, so go complain to them if they want to complain to someone. Best regards, Charles From da-dovecotlist-15 at abelonline.de Sat May 17 15:07:31 2014 From: da-dovecotlist-15 at abelonline.de (Boris) Date: Sat, 17 May 2014 17:07:31 +0200 Subject: [Dovecot] / vs. The default configuration file for Dovecot in Debian uses: ssl_cert = References: <2005472.BZJ66MbKek@skynet2> Message-ID: <53777D67.2010505@thelounge.net> Am 17.05.2014 17:07, schrieb Boris: > The default configuration file for Dovecot in Debian uses: > ssl_cert = > I checked my current configuration and I use: > ssl_cert =/path/to/cert > > What is the difference? (pipe?) And is the former better somehow? a complete pointless question * Debian follows the documentation * you don't - why? * if you don't and something breaks it's just your fault http://wiki2.dovecot.org/SSL/DovecotConfiguration http://www.dovecot.org/list/dovecot-cvs/2009-May/013419.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From da-dovecotlist-15 at abelonline.de Sat May 17 15:31:14 2014 From: da-dovecotlist-15 at abelonline.de (Boris) Date: Sat, 17 May 2014 17:31:14 +0200 Subject: [Dovecot] / vs. References: <2005472.BZJ66MbKek@skynet2> <53777D67.2010505@thelounge.net> Message-ID: <8699894.YKYJXMvJtc@skynet2> Why so aggressive? I just noticed that I missed the "<" and wondered whether if makes a difference because it seems to work without it. I know where to find the documentation but searching for this question is a bit hard since I can't search for "<". And the wiki doesn't explain the syntax anyway. After reading the patch am I right in assuming that with " References: <2005472.BZJ66MbKek@skynet2> <53777D67.2010505@thelounge.net> <8699894.YKYJXMvJtc@skynet2> Message-ID: <53778311.8080809@thelounge.net> Am 17.05.2014 17:31, schrieb Boris: > Why so aggressive? because there is a documentation and the only correct answer not following that is "you are in the area of undefined bahvior" > I just noticed that I missed the "<" and wondered whether > if makes a difference because it seems to work without it most likely because some follow up commit to work around woring configurations > I know where to find the documentation but searching for this question > is a bit hard since I can't search for "<". And the wiki doesn't > explain the syntax anyway. that's not a dovecot syntax that's just unix [harry at srv-rhsoft:~]$ echo "bla" > test [harry at srv-rhsoft:~]$ cat < test bla > After reading the patch am I right in assuming that with " the dovecot code contains the certificate itself instead of the link to the > file? And if that is correct: Was dovecot reading the file every time it needed > it before the change? no - < reads a file and without you are supposed to directly paste your certificate in the configuration instead point to a file -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From da-dovecotlist-15 at abelonline.de Sat May 17 15:57:03 2014 From: da-dovecotlist-15 at abelonline.de (Boris) Date: Sat, 17 May 2014 17:57:03 +0200 Subject: [Dovecot] / vs. References: <2005472.BZJ66MbKek@skynet2> <8699894.YKYJXMvJtc@skynet2> <53778311.8080809@thelounge.net> Message-ID: <2700280.nm6eTIEnJZ@skynet2> On Saturday 17 May 2014 17:41:05 Reindl Harald wrote: > because there is a documentation and the only correct answer > not following that is "you are in the area of undefined bahvior" The documentation does not(!) state this. It could be another way of including the file. > that's not a dovecot syntax > that's just unix I am talking about a configuration file and this syntax could have complete different meaning in this context. I have no way of knowing whether the dovecot config file parser follows this convention. Please don't assume people don't know the basics just because they ask questions. > no - < reads a file and without you are supposed to directly > paste your certificate in the configuration instead point > to a file I see. In all other places I know dovecot references files simply with "/" so I still wonder what is so different in this case. From john at idsfa.net Sat May 17 16:05:49 2014 From: john at idsfa.net (John J. Stimson III) Date: Sat, 17 May 2014 09:05:49 -0700 Subject: [Dovecot] User not found when using shadow for passdb In-Reply-To: <20140502162534.GA22148@harlie.idsfa.net> References: <20140502162534.GA22148@harlie.idsfa.net> Message-ID: <20140517160549.GA27921@harlie.idsfa.net> I poked through the source code for dovecot's auth module, and it looks like the right username is getting passed to the linux system getspnam() function, but for some reason it's interpreting the return value as user not found. I thought that it could be a permissions problem with the auth process, so I edited 10-master.conf to try to make the lookups as permissive as possible (I hope I did it correctly): service auth { unix_listener auth-userdb { mode = 0777 user = root #group = } I also tried the above, with user=root and the mode line commented out, and again with mode = 0777 and the user line commented out. The results are all identical in the logs. Is there anywhere else that I can elevate the permission of the auto process's shadow password lookups? I am assuming that there is no way to set the shadow file location because the lookups are done through a system call. I am getting the unknown user error message for every user that tries to connect to the server using IMAP, which is four different users. On Fri, May 02, 2014 at 09:25:34AM -0700, John J. Stimson III wrote: > I am getting "user unknown" when trying to connect to the dovecot > server using IMAP. The client gets an authentication failed message > and does not download mail. > > The host system uses shadow passwords in /etc/shadow. I would like to > use the same passwords for IMAP sessions, so I have set the passdb > driver to shadow. > > The system is Slackware, which does not use PAM. > > Here is the dovecot version and configuration output: > > # dovecot -n > # 2.1.17: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 3.6.5 i686 Slackware 13.1.0 > auth_debug_passwords = yes > auth_verbose = yes > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = blocking=no > driver = shadow > } > service auth { > unix_listener auth-userdb { > user = root > } > } > ssl_cert = ssl_key = userdb { > args = blocking=no > driver = passwd > } > > Here are the dovecot auth_passwd_debug level log messages when the > client tries to connect: > > May 2 09:05:07 harlie dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth > May 2 09:05:07 harlie dovecot: auth: Debug: auth client connected (pid=22181) > May 2 09:05:07 harlie dovecot: auth: Debug: client in: AUTH^I1^IPLAIN^Iservice=imap^Isecured^Isession=ABCDEFGHIJKLMNOP^Ilip=96.229.223.7^Irip=10.0.0.181^Ilport=993^Irport=51898^Iresp=zxywvutsrqponmlkji== > May 2 09:05:07 harlie dovecot: auth: Debug: shadow(john,10.0.0.181,): lookup > May 2 09:05:07 harlie dovecot: auth: shadow(john,10.0.0.181,): unknown user > May 2 09:05:09 harlie dovecot: auth: Debug: client passdb out: FAIL^I1^Iuser=john > May 2 09:05:09 harlie dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=10.0.0.181, lip=96.229.223.7, TLS, session= > > The user john is a real account on the host machine and has entries in > both /etc/passwd and /etc/shadow. > > Help? -- john at idsfa.net John Stimson http://www.idsfa.net/~john/ HMC Physics '94 From rs at sys4.de Sat May 17 17:39:39 2014 From: rs at sys4.de (Robert Schetterer) Date: Sat, 17 May 2014 19:39:39 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <536C92E0.8040107@sys4.de> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> Message-ID: <53779EDB.9050908@sys4.de> Am 09.05.2014 10:33, schrieb Robert Schetterer: > Am 09.05.2014 08:29, schrieb Sebastian Goodrick: >>>> my speculate was, it leaves too less ciphers left >> OK, but does the old dovecot/openssl version provide less ciphers than >> the new install? > > sorry i am short in time > > > dovecot hast setup options for ciphers related to your openssl version > > > please read > > http://www.michaelboman.org/books/sslscan > > http://www.unixwitch.de/de/sysadmin/tools/imap-mit-ssl-testen > > https://sys4.de/de/blog/2013/08/15/dovecot-tls-perfect-forward-secrecy/ > > http://wiki2.dovecot.org/SSL/DovecotConfiguration > > http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html > > > > > I'm not too familiar with what ciphers ship with >> OpenSSL in what version. > > type > > openssl ciphers > > to see ciphers on your server with your openssl version > > and > > openssl s_client -connect imap.example.com:143 -starttls imap > > for general testing > > > > My naive assumption is, a new version ships >> with more ciphers, hence this shouldn't be an issue. (Unless there is >> a new bug in a cipher.) > > there must be matching ciphers > > >> >>> Computer Configuration\Windows Settings\Security Settings\Local >>> Policies\Security Options >> I just learned, there is a tool called gpedit.msc on win8 :) >> "Use FIPS compliant algorithms for encryption, hashing, and signing" >> is disabled on my machine. From what I understand this indicates, that >> it can use more/all available ciphers. >> >>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows >>> NT\CurrentVersion\SecEdit\Reg >> Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy/Enabled >> I can find this key (it is set to DisplayType=0 and ValueType=4) but I >> don't understand what I can change there and what this setting >> indicates. Needless to say that my windows administration knowledge is >> limited. > > as written i will test it, but it will take time > > >> >> Regards, >> Sebastian >> > > Best Regards > MfG Robert Schetterer > Hi Sebastian, sorry for the delay ,i could not reproduce your problem, speculate you have wrong settings in your server/client setup and/or you have firewall loadbalancers, proxies between server and client which fail with some ciphers ----- as written i did a test setup brand new win 8.1 pro german 32 install all updates brand new outlook 2013 german 32 all updates as vm in vmware player no other special settings done beside install classicshell and firefox server ubuntu trusty latest dovecot 2.2.13 patchlevel yesterday test openssl server OpenSSL 1.0.1f 6 Jan 2014 openssl s_client -starttls imap -cipher 'ECDH:DH' -connect localhost:143 ... New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 .... ssl crt from rapidssl login method ( for testing ) plain login 2014-05-17T19:22:20.901285+02:00 mail dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges 2014-05-17T19:22:20.901800+02:00 mail dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges 2014-05-17T19:22:20.907542+02:00 mail dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth 2014-05-17T19:22:20.908615+02:00 mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so 2014-05-17T19:22:20.913605+02:00 mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_pgsql.so 2014-05-17T19:22:20.913635+02:00 mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_sqlite.so 2014-05-17T19:22:20.913770+02:00 mail dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat 2014-05-17T19:22:20.914136+02:00 mail dovecot: auth: Debug: passwd-file /etc/dovecot/users: Read 1 users in 0 secs 2014-05-17T19:22:20.914161+02:00 mail dovecot: auth: Debug: auth client connected (pid=30359) 2014-05-17T19:22:20.997162+02:00 mail dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [1.2.3.4] 2014-05-17T19:22:20.997190+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [1.2.3.4] 2014-05-17T19:22:20.997210+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: unknown state [1.2.3.4] 2014-05-17T19:22:21.037845+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [1.2.3.4] 2014-05-17T19:22:21.037873+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [1.2.3.4] 2014-05-17T19:22:21.038062+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [1.2.3.4] 2014-05-17T19:22:21.043376+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [1.2.3.4] 2014-05-17T19:22:21.043395+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [1.2.3.4] 2014-05-17T19:22:21.043416+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [1.2.3.4] 2014-05-17T19:22:21.043436+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [1.2.3.4] 2014-05-17T19:22:21.043447+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [1.2.3.4] 2014-05-17T19:22:21.400072+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [1.2.3.4] 2014-05-17T19:22:21.400274+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [1.2.3.4] 2014-05-17T19:22:21.400363+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [1.2.3.4] 2014-05-17T19:22:21.400388+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [1.2.3.4] 2014-05-17T19:22:21.400451+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [1.2.3.4] 2014-05-17T19:22:21.400477+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [1.2.3.4] 2014-05-17T19:22:21.400497+02:00 mail dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [1.2.3.4] 2014-05-17T19:22:21.400513+02:00 mail dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [1.2.3.4] 2014-05-17T19:22:21.530462+02:00 mail dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=vqTaxZv5+QBY2Ym1#011lip=88.198.69.105#011rip=1.2.3.4#011lport=143#011rport=34041#011resp=AHVzZXIxAHBhc3M= (previous base64 data may contain sensitive data) 2014-05-17T19:22:21.530657+02:00 mail dovecot: auth: Debug: passwd-file(user1,1.2.3.4,): lookup: user=user1 file=/etc/dovecot/users 2014-05-17T19:22:21.530691+02:00 mail dovecot: auth: Debug: client passdb out: OK#0111#011user=user1 2014-05-17T19:22:21.532921+02:00 mail dovecot: auth: Debug: master in: REQUEST#0112559311873#01130359#0111#01105dec904a2d70034ed3208c9f0b9030e#011session_pid=30362#011request_auth_token 2014-05-17T19:22:21.532939+02:00 mail dovecot: auth: Debug: passwd-file(user1,1.2.3.4,): lookup: user=user1 file=/etc/dovecot/users 2014-05-17T19:22:21.532954+02:00 mail dovecot: auth: Debug: master userdb out: USER#0112559311873#011user1#011mail=maildir:~/maildir#011uid=1001#011gid=1001#011home=/mnt/user1#011auth_token=d2209447f66ca5732086c5dac94732cd613a538d 2014-05-17T19:22:21.533157+02:00 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=1.2.3.4, lip=2.3.4.5, mpid=30362, TLS, session= settings mostly default 10-ssl.conf # DH parameters length to use. ssl_dh_parameters_length = 1024 # SSL protocols to use ssl_protocols = !SSLv2 # SSL ciphers to use ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL # Prefer the server's order of ciphers over client's. ssl_prefer_server_ciphers = yes Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From stan at hardwarefreak.com Sat May 17 22:22:08 2014 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Sat, 17 May 2014 17:22:08 -0500 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <53774489.4020704@Media-Brokers.com> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <537660FD.8080508@mie.utoronto.ca> <53774489.4020704@Media-Brokers.com> Message-ID: <5377E110.9020205@hardwarefreak.com> On 5/17/2014 6:14 AM, Charles Marcus wrote: ... > The reality is that the RFCs mandate that the null sender envelope > address is one that must be accepted, as there are many things smtp > that depend on it. ... Spammers tried to take advantage of null sender handling en masse many years ago and had little success with it. Receivers rejected the messages by standard anti-spam mechanisms such as non existent PTR, dnsbls, content filters, etc. And in fact some spammers still try to use null sender today. Recent examples from Chinese IP space sending spam to messages IDs scraped from mailing list archives, clearly a spam bot infected PC: > Apr 29 22:32:52 greer postfix/smtpd[4968]: NOQUEUE: reject: RCPT from unknown[14.148.130.120]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [14.148.130.120]; from=<> to=<4D18F665.6090709 at hardwarefreak.com> proto=ESMTP helo= > Apr 29 22:32:52 greer postfix/smtpd[4967]: NOQUEUE: reject: RCPT from unknown[14.148.130.120]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [14.148.130.120]; from=<> to=<4D18F04D.3040604 at hardwarefreak.com> proto=ESMTP helo= Check your mail logs and you'll likely find such rejections of null sender as well. Certainly one should never reject mail based on the presence of the null sender address, but by no means should anyone have a blanket accept policy based on the mere existence of the null sender address, regardless of what the relevant SMTP RFCs might say on the matter. That would simply result in more spam in inboxen and/or more load on one's content filters. Cheers, Stan From h.reindl at thelounge.net Sat May 17 22:26:22 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 18 May 2014 00:26:22 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <5377E110.9020205@hardwarefreak.com> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <537660FD.8080508@mie.utoronto.ca> <53774489.4020704@Media-Brokers.com> <5377E110.9020205@hardwarefreak.com> Message-ID: <5377E20E.6030501@thelounge.net> Am 18.05.2014 00:22, schrieb Stan Hoeppner: > On 5/17/2014 6:14 AM, Charles Marcus wrote: > ... >> The reality is that the RFCs mandate that the null sender envelope >> address is one that must be accepted, as there are many things smtp >> that depend on it. > ... > > Spammers tried to take advantage of null sender handling en masse many > years ago and had little success with it. Receivers rejected the > messages by standard anti-spam mechanisms such as non existent PTR, > dnsbls, content filters, etc. And in fact some spammers still try to > use null sender today. Recent examples from Chinese IP space sending > spam to messages IDs scraped from mailing list archives, clearly a spam > bot infected PC: > >> Apr 29 22:32:52 greer postfix/smtpd[4968]: NOQUEUE: reject: RCPT from unknown[14.148.130.120]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [14.148.130.120]; from=<> to=<4D18F665.6090709 at hardwarefreak.com> proto=ESMTP helo= >> Apr 29 22:32:52 greer postfix/smtpd[4967]: NOQUEUE: reject: RCPT from unknown[14.148.130.120]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [14.148.130.120]; from=<> to=<4D18F04D.3040604 at hardwarefreak.com> proto=ESMTP helo= > > Check your mail logs and you'll likely find such rejections of null > sender as well. > > Certainly one should never reject mail based on the presence of the null > sender address, but by no means should anyone have a blanket accept > policy based on the mere existence of the null sender address nobody said that - even not what you quoted above it only says you must not reject all messages based on the fact there is a null-sender in use and that is why using anything else than a null-sender for autoreplies and try to excuse that by clueless fools blocking all null-senders is only silly -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From tlx at leuxner.net Sun May 18 08:27:17 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Sun, 18 May 2014 10:27:17 +0200 Subject: [Dovecot] Feature Request doveadm acl command Message-ID: <20140518082717.GA10381@nihlus.leuxner.net> I have switched to global ACLs for public namespaces which eases their administration greately. Now while running housekeeping scripts (e.g. expunge old mails/archive mails etc.) this requires temporary overriding the global ACLs with mailbox specifix ACLs to expunge mails. The scripts would then revoke the temporary changes (delete flags) and the global ACL would take precedence again. Ideally I would want to get rid of the 'dovecot-acl' file after the scripts ran so the global ACL kicks in. There seems to be no interface command to purge 'dovecot-acl' files so this is handled by the scripts for now: [...] # Get actual path of dovecot-acl file and remove it as it is handled by global ACL acl_path=$(doveadm acl debug -u $mailbox_owner "$source_mailbox_base/$1" 2>&1 | sed -n "s/\(.*\)$debug_acl_mailbox_path//p") [ -f $acl_path/dovecot-acl ] && rm $acl_path/dovecot-acl It would be nice if purging a specific dovecot-acl would be handled by doveadm to avoid custom-scripting. Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From h.reindl at thelounge.net Sun May 18 09:28:52 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 18 May 2014 11:28:52 +0200 Subject: [Dovecot] logging of failed SASL usernames Message-ID: <53787D54.5020403@thelounge.net> as far as i understand postfix has no way to know the username of such failed logins like below, IMHO dovecot internally does because it verifies against the sql-userdatabase is there a way that dovecot logs the username? after ask the users to change their passwords for safety caused by Heartbleed it was easy to write a tool find forgotten devices in case of IMAP/POP3 but especially Apple clients force to enter the new password seperated for incoming and outgoing server and don't tell the user if things don't work so there is really a need support them and fuzzy logic based on the last successful IMAP/POP3 login from a IP and failed send attempts from the same IP shortly after receive mail leaves a bad taste of only a guess May 18 11:19:09 mail postfix/smtpd[5173]: warning: unknown[177.139.182.86]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 18 11:19:15 mail postfix/smtpd[5173]: warning: unknown[177.139.182.86]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From thenut at bytemonkey.net Sun May 18 12:13:17 2014 From: thenut at bytemonkey.net (Paul DiSciascio) Date: Sun, 18 May 2014 08:13:17 -0400 Subject: [Dovecot] antispam plugin doesn't recognize spam folder Message-ID: <5378A3DD.3090701@bytemonkey.net> After a recent upgrade to dovecot 2.2.9 (caused by an ubuntu upgrade to 14.04), the antispam plugin has stopped recognizing my spam folders as spam. I see the plugin initializes properly, but when moving a message, the mailbox_is_spam() function always returns 0. The version of dovecot-antispam that ships with ubuntu is 2.0+20130822-2build1. I also compiled the latest version in the git repository (last update 9/12/2013) and had the same results. This worked fine prior to the upgrade, with dovecot version 2.0.19 and dovecot-antispam version 2.0+20120225-2. Here are the logs from initialization: May 18 07:48:45 lebeau imap: antispam: plugin initialising (2.0-7-gabdad24) May 18 07:48:45 lebeau imap: antispam: verbose debug enabled May 18 07:48:45 lebeau imap: antispam: "SPAM" is exact match spam folder May 18 07:48:45 lebeau imap: antispam: "Spam" is exact match spam folder May 18 07:48:45 lebeau imap: antispam: "Junk" is exact match spam folder May 18 07:48:45 lebeau imap: antispam: no unsure folders May 18 07:48:45 lebeau imap: antispam: "trash" is exact match trash folder May 18 07:48:45 lebeau imap: antispam: "Trash" is exact match trash folder May 18 07:48:45 lebeau imap: antispam: "Deleted Items" is exact match trash folder May 18 07:48:45 lebeau imap: antispam: "Deleted Messages" is exact match trash folder May 18 07:48:45 lebeau imap: antispam: dspam binary set to /usr/bin/dspam May 18 07:48:45 lebeau imap: antispam: dspam extra arg --user May 18 07:48:45 lebeau imap: antispam: dspam extra arg thenut at bytemonkey.net May 18 07:48:45 lebeau imap: antispam: signature header line is "X-DSPAM-Signature" And then from the message move: May 18 07:50:06 lebeau imap: antispam: mailbox_is_unsure(SPAM): 0 May 18 07:50:06 lebeau imap: antispam: mailbox_is_trash(INBOX): 0 May 18 07:50:06 lebeau imap: antispam: mailbox_is_trash(SPAM): 0 May 18 07:50:06 lebeau imap: antispam: mail copy: from trash: 0, to trash: 0 May 18 07:50:06 lebeau imap: antispam: mailbox_is_spam(INBOX): 0 May 18 07:50:06 lebeau imap: antispam: mailbox_is_spam(SPAM): 0 May 18 07:50:06 lebeau imap: antispam: mailbox_is_unsure(INBOX): 0 May 18 07:50:06 lebeau imap: antispam: mail copy: src spam: 0, dst spam: 0, src unsure: 0 Clearly mailbox_is_spam(SPAM) should return 1. The other folders I have designated as spam (Junk and Spam) produce the same results. ~Paul From Jochen.Bern at LINworks.de Sun May 18 12:48:50 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Sun, 18 May 2014 14:48:50 +0200 Subject: [Dovecot] RFE: please add Return-Path: to sieve sent mail headers In-Reply-To: <537660FD.8080508@mie.utoronto.ca> References: <53725D45.4090506@us.edu.pl> <53726C47.4030603@rename-it.nl> <537660FD.8080508@mie.utoronto.ca> Message-ID: <5378AC32.7050400@LINworks.de> On -10.01.-28163 20:59, Oscar del Rio wrote: > Unfortunately, many servers out there reject emails with NULL sender. > Some recent examples (real server names edited) : *Sigh* A mere two years ago, I would've known *the* place for you to put that data ... https://web.archive.org/web/20120717010658/http://rfc-ignorant.org/policy-dsn.php Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From sebastian at goodrick.ch Sun May 18 18:04:00 2014 From: sebastian at goodrick.ch (Sebastian Goodrick) Date: Sun, 18 May 2014 20:04:00 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <53779EDB.9050908@sys4.de> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> Message-ID: <5378F610.6040102@goodrick.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Hi Sebastian, sorry for the delay ,i could not reproduce your > problem, speculate you have wrong settings in your server/client > setup and/or you have firewall loadbalancers, proxies between > server and client which fail with some ciphers Thank you once more, Robert. I can exclude firewalls, loadbalancers and proxies. The client is set up from scratch plus there are seven existing Win8 installations, so I should say, it's not the client. I upgraded to dovecot 2.2.12 and openssl 1.0.1h (as shipped with Debian Jessie but installed on Wheezy). I'm using your settings for the ssl config. Openssl connect shows the same output as on your system. Still the same problem with Win8 though. I have just bought a rapidssl cert and will report back once I have received and installed it. Regards, Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlN49hAACgkQR7+YB0QzbnrMFwCgl7wSXAhaKaO3/K+Rh35yCHuP 1GIAn1jBdorBJxh9iL/1LK6EX6+feqW3 =kTuo -----END PGP SIGNATURE----- From rs at sys4.de Sun May 18 18:46:39 2014 From: rs at sys4.de (Robert Schetterer) Date: Sun, 18 May 2014 20:46:39 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <5378F610.6040102@goodrick.ch> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> <5378F610.6040102@goodrick.ch> Message-ID: <5379000F.1050503@sys4.de> Am 18.05.2014 20:04, schrieb Sebastian Goodrick: >> Hi Sebastian, sorry for the delay ,i could not reproduce your >> problem, speculate you have wrong settings in your server/client >> setup and/or you have firewall loadbalancers, proxies between >> server and client which fail with some ciphers > > Thank you once more, Robert. > I can exclude firewalls, loadbalancers and proxies. The client is set > up from scratch plus there are seven existing Win8 installations, so I > should say, it's not the client. please double check this i.e your dove server is hosted elsewhere and the hoster hast some firewall/loadbalancer you dont know, use wireshark etc to trace traffic, or just use only virtual client and server on the same virtual private network for testing > > I upgraded to dovecot 2.2.12 and openssl 1.0.1h (as shipped with > Debian Jessie but installed on Wheezy). I'm using your settings for > the ssl config. Openssl connect shows the same output as on your system. > Still the same problem with Win8 though. as written no problem here, i dont know if debian does something else with openssl then ubuntu, but i guess not only for testing i advice using plain mech at login dove, double check your outlook settings > > I have just bought a rapidssl cert and will report back once I have > received and installed it. every "official" up2date ssl crt should work, also dont forget to include intermediate crt/pem in your ssl dove chain > > Regards, Sebastian > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From colin at theknoxes.co.uk Fri May 16 13:33:45 2014 From: colin at theknoxes.co.uk (Colin Knox) Date: Fri, 16 May 2014 14:33:45 +0100 Subject: [Dovecot] Segfault when deselecting virtual folder 2.2.13+ HG TIP Message-ID: <3e2262e6b94cbd0b6e452eb51d7447b0@theknoxes.co.uk> Hello, I'm seeing a segfault in the imap process with the current mercurial tip (including changeset 17382 e99cd21e1f92) when selecting a particular virtual mail folder (but no other virtual mailboxes) and then selecting a different mail folder as in the IMAP transcript below. The same segfaults are triggered with IMAP clients. The situation is worse with the 2.2.13 which segfaults when any virtual mailbox is deselected so the recent patch helps partially. Configuration summary, IMAP session in gbd including backtrace and virtual mailbox spec follow. Any ideas what's causing this? Thank you Colin ======= GDB SESSION INCLUDING BACKTRACE ======= colin at xxxx [ ~ ]$ MAIL=maildir:/var/mail/colin gdb /usr/local/libexec/dovecot/imap GNU gdb (GDB) 7.6.1 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/local/libexec/dovecot/imap...done. (gdb) r Starting program: /usr/local/libexec/dovecot/imap warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? process 21455 is executing new program: /usr/local/bin/doveconf warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? process 21455 is executing new program: /usr/local/libexec/dovecot/imap warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE SEARCH=FUZZY NOTIFY METADATA] Logged in as colin a SELECT PERSONAL.Home * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 23 EXISTS * 0 RECENT * OK [UIDVALIDITY 1261140830] UIDs valid * OK [UIDNEXT 24] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest a OK [READ-WRITE] Select completed (0.001 secs). a SELECT virtual.Conversations * OK [CLOSED] Previous mailbox closed. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 5 EXISTS * 0 RECENT * OK [UNSEEN 3] First unseen. * OK [UIDVALIDITY 1400091139] UIDs valid * OK [UIDNEXT 18] Predicted next UID a OK [READ-WRITE] Select completed (0.017 secs). a SELECT PERSONAL.Home Program received signal SIGSEGV, Segmentation fault. 0x00007ffff75f1c6c in mail_search_args_deinit_sub.30037.5970 () from /usr/local/lib/dovecot/libdovecot-storage.so.0 (gdb) bt full #0 0x00007ffff75f1c6c in mail_search_args_deinit_sub.30037.5970 () from /usr/local/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #1 0x00007ffff75f1d41 in mail_search_args_deinit () from /usr/local/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #2 0x00007ffff6ca3adb in virtual_mailbox_close_internal.9208 () from /usr/local/lib/dovecot/lib20_virtual_plugin.so No symbol table info available. #3 0x00007ffff6ca3b39 in virtual_mailbox_close.9256 () from /usr/local/lib/dovecot/lib20_virtual_plugin.so No symbol table info available. #4 0x00007ffff761daac in mailbox_close () from /usr/local/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #5 0x00007ffff75ff283 in mailbox_free () from /usr/local/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #6 0x0000000000410a2e in close_selected_mailbox.part.1 (client=client at entry=0x6577c0) at cmd-select.c:383 box = 0x0 #7 0x0000000000410b59 in close_selected_mailbox (client=0x6577c0) at cmd-select.c:376 client = 0x6577c0 #8 cmd_select_full (cmd=0x6583e0, readonly=) at cmd-select.c:427 client = 0x6577c0 ctx = 0x6584e0 args = 0x65ccd8 list_args = 0x632038 mailbox = 0x6322a8 "PERSONAL.Home" error = 0x648748 "" __FUNCTION__ = "cmd_select_full" __FUNCTION__ = "cmd_select_full" #9 0x00000000004129ac in command_exec (cmd=0x6583e0) at imap-commands.c:158 hook = 0x63b5c0 ret = #10 0x00000000004178ef in client_command_input (cmd=0x6583e0) at imap-client.c:778 client = 0x6577c0 command = __FUNCTION__ = "client_command_input" __FUNCTION__ = "client_command_input" #11 0x00000000004179a5 in client_command_input (cmd=0x6583e0) at imap-client.c:839 client = 0x6577c0 command = __FUNCTION__ = "client_command_input" __FUNCTION__ = "client_command_input" #12 0x0000000000417c65 in client_handle_next_command (remove_io_r=, client=0x6577c0) at imap-client.c:877 No locals. #13 client_handle_input (client=client at entry=0x6577c0) at imap-client.c:889 _data_stack_cur_id = 3 remove_io = false handled_commands = false __FUNCTION__ = "client_handle_input" __FUNCTION__ = "client_handle_input" #14 0x0000000000417e8f in client_input (client=0x6577c0) at imap-client.c:931 cmd = 0x7ffff732abce output = 0x658200 bytes = 23 __FUNCTION__ = "client_input" __FUNCTION__ = "client_input" #15 0x00007ffff732d3ff in io_loop_call_io () from /usr/local/lib/dovecot/libdovecot.so.0 No symbol table info available. #16 0x00007ffff731f407 in io_loop_handler_run_internal () from /usr/local/lib/dovecot/libdovecot.so.0 No symbol table info available. #17 0x00007ffff731f4d9 in io_loop_handler_run () from /usr/local/lib/dovecot/libdovecot.so.0 No symbol table info available. #18 0x00007ffff731f558 in io_loop_run () from /usr/local/lib/dovecot/libdovecot.so.0 No symbol table info available. #19 0x00007ffff731f5c3 in master_service_run () from /usr/local/lib/dovecot/libdovecot.so.0 No symbol table info available. #20 0x000000000040bfa0 in main (argc=1, argv=0x63a390) at main.c:400 set_roots = {0x4274e0 , 0x0} login_set = {auth_socket_path = 0x0, postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x0, failure_callback = 0x0, request_auth_token = 1} service_flags = storage_service_flags = username = 0x0 c = set_roots = {0x4274e0 , 0x0} ===================== DOVECONF -n ===================== colin at xxxx [ /var/mail/colin/virtual ]$ doveconf -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14.4 x86_64 Linux From Scratch ext4 auth_socket_path = /var/run/dovecot/auth-userdb auth_username_format = %Ln first_valid_gid = 1000 first_valid_uid = 1000 hostname = mail.theknoxes.co.uk imap_metadata = yes last_valid_gid = 1100 last_valid_uid = 1100 listen = * login_trusted_networks = 127.0.0.1 mail_attribute_dict = file:/var/mail/%n/shared_metadata mail_location = maildir:/var/mail/%n mail_plugins = " fts fts_solr virtual" mail_temp_dir = /tmp/mail mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace { location = virtual:/var/mail/%n/virtual prefix = virtual. separator = . subscriptions = no } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox "Junk E-mail" { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } mailbox virtual/All { special_use = \All } prefix = separator = . } passdb { driver = pam } plugin { fts = solr fts_autoindex = yes fts_decoder = decode2text fts_solr = url=http://localhost:8080/solr/dovecot/ break-imap-search sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp sieve sendmail_path = /usr/local/sbin/sendmail service auth { unix_listener auth-client { group = exim mode = 0660 } } service decode2text { executable = script /usr/local/libexec/dovecot/decode2text.sh unix_listener decode2text { mode = 0666 } user = dovecot } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 0 } } service lmtp { unix_listener lmtp { mode = 0666 } } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { process_limit = 1024 } ssl = required ssl_cert = I am trying to get dovecot 2.0.19 authenticate users via LDAP (OpenLDAP 2.4.28) and using Wireshark to debug the process. It looks like the basic configuration of dovecot is fine, but it doesn't pull it off to send the right request to the LDAP server. First of all, this is how my LDAP-entries look: # ht dn: dc=ht objectClass: top objectClass: dcObject objectClass: organization o: ip dc: ht # admin, ht dn: cn=admin,dc=ht objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9cFY1b0ZZVUhack1aRTVvaUg1T3c2cytVWHV4aUNvaHI= # people, ht dn: ou=people,dc=ht objectClass: organizationalUnit objectClass: top ou: people # groups, ht dn: ou=groups,dc=ht objectClass: organizationalUnit objectClass: top ou: groups # ipusers, groups, ht dn: cn=ipusers,ou=groups,dc=ht gidNumber: 500 cn: ipusers objectClass: posixGroup objectClass: top # Max Mustermann, people, ht dn: cn=Max Mustermann,ou=people,dc=ht cn: Max Mustermann givenName: Max gidNumber: 500 homeDirectory: /home/users/mmustormann sn: Mustermann objectClass: inetOrgPerson objectClass: posixAccount objectClass: top uidNumber: 1000 uid: mmustermann userPassword:: e01ENX1ETUYxdWNEeHRxZ3h3NW5pYVhjbVlRPT0= loginShell: /bin/bash mail: mustorm at test.com Now, I use the following configuration for dovecot (/etc/dovecot/dovecot-ldap.conf.ext) hosts = 10.1.2.1 dn = cn=admin,dc=ht dnpass = a auth_bind = yes auth_bind_userdn = uid=%u,ou=people,dc=ht ldap_version = 3 scope = subtree base = ou=people,dc=ht user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) This is what I see in Wireshark: http://i.stack.imgur.com/ICzDe.png Dovecot cannot authenticate itself for some reason... If i change the configuration as follows: auth_bind = no #auth_bind_userdn = uid=%u,ou=people,dc=ht Then I get following picture: http://i.stack.imgur.com/tb5vo.png It doesn't pick up the setting base = ou=people,dc=ht. But what is more crucial is that even looking at the whole tree "" wholeSubTree it can't find the required entry. I am really desperate and don't know how to make it work. Can somebody please give me a clue how to solve this problem? From michael at orlitzky.com Sun May 18 22:21:23 2014 From: michael at orlitzky.com (Michael Orlitzky) Date: Sun, 18 May 2014 18:21:23 -0400 Subject: [Dovecot] / vs. References: <2005472.BZJ66MbKek@skynet2> <8699894.YKYJXMvJtc@skynet2> <53778311.8080809@thelounge.net> <2700280.nm6eTIEnJZ@skynet2> Message-ID: <53793263.4060505@orlitzky.com> On 05/17/2014 11:57 AM, Boris wrote: > >> no - < reads a file and without you are supposed to directly >> paste your certificate in the configuration instead point >> to a file > I see. In all other places I know dovecot references files simply with "/" so I > still wonder what is so different in this case. > In the other cases, the configurable parameter is supposed to be a path to a file. So you give it a path, beginning with "/". The certificate parameter takes string, so you would have had to copy/paste your certificate in there. But nobody wants to do that, so there's an alternate way to read the certificate from a file. Fictional example: it's the difference between: valid_users = user1 at example.com, user2 at example.com,... and valid_users = dovecot version: 2.2.13 NetBSD 5.1 on an amd64 architecture Based on the log file, I think this problem first manifested itself when I upgrade from 2.2.9 to 2.2.12. I tried to go back to 2.2.9, but I would have had to rollback some of the other dependencies. I built 2.2.13 and the problem still exists. Mail gets successfully delivered, but the sender get a non-delivery message. I've hacked a temporary workaround to prevent the non-delivery from being sent by having the bounce service run discard instead of bounce. Logfile excerpt: May 18 04:37:07 chaos postfix/smtp[27935]: 39F8B2134F: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=21, delays=1.9/0.13/0.69/18, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0538621350) May 18 04:37:07 chaos postfix/qmgr[19537]: 39F8B2134F: removed May 18 04:37:07 chaos dovecot: lda(XXXX at YYYY.ZZZ): msgid=: saved mail to INBOX May 18 04:37:07 chaos postfix/pipe[12775]: 0538621350: to=, relay=dovecot, delay=0.54, delays=0.07/0.3/0/0.18, dsn=5.3.0, status=bounced (Command died with signal 11: "/usr/pkg/libexec/dovecot/dovecot-lda") May 18 04:37:07 chaos postfix/cleanup[2233]: 88C0221353: message-id=<20140518043707.88C0221353 at chaos.dishaw.org> May 18 04:37:07 chaos postfix/bounce[18857]: 0538621350: sender non-delivery notification: 88C0221353 May 18 04:37:07 chaos postfix/qmgr[19537]: 88C0221353: from=<>, size=14448, nrcpt=1 (queue active) May 18 04:37:07 chaos postfix/qmgr[19537]: 0538621350: removed May 18 04:37:08 chaos postfix/smtp[20299]: 88C0221353: to=,relay=site.careerbuilder.com[208.82.4.130]:25, delay=0.89, delays=0.03/0.03/0.25/0.58, dsn=2.6.0, status=sent (250 2.6.0 message received) May 18 04:37:08 chaos postfix/qmgr[19537]: 88C0221353: removed Backtrace: #0 0x00007f7ffc907270 in ?? () #1 0x00007f7ffd778498 in lib_signals_deinit () from /usr/pkg/lib/dovecot/libdovecot.so.0 #2 0x00007f7ffd725739 in master_service_deinit () from /usr/pkg/lib/dovecot/libdovecot.so.0 #3 0x0000000000403021 in main () From skdovecot at smail.inf.fh-brs.de Mon May 19 06:56:56 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 19 May 2014 08:56:56 +0200 (CEST) Subject: [Dovecot] Configuration of dovecot 2.0.19 to authenticate users via LDAP In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 18 May 2014, Danylo Esterman wrote: > # Max Mustermann, people, ht > dn: cn=Max Mustermann,ou=people,dc=ht > cn: Max Mustermann > givenName: Max > gidNumber: 500 > homeDirectory: /home/users/mmustormann > sn: Mustermann > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > uidNumber: 1000 > uid: mmustermann > userPassword:: e01ENX1ETUYxdWNEeHRxZ3h3NW5pYVhjbVlRPT0= > loginShell: /bin/bash > mail: mustorm at test.com > > Now, I use the following configuration for dovecot > (/etc/dovecot/dovecot-ldap.conf.ext) > > hosts = 10.1.2.1 > dn = cn=admin,dc=ht > dnpass = a > auth_bind = yes > auth_bind_userdn = uid=%u,ou=people,dc=ht > ldap_version = 3 > scope = subtree > base = ou=people,dc=ht > user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid > user_filter = (&(objectClass=posixAccount)(uid=%u)) > pass_attrs = uid=user,userPassword=password > pass_filter = (&(objectClass=posixAccount)(uid=%u)) > > This is what I see in Wireshark: http://i.stack.imgur.com/ICzDe.png > > Dovecot cannot authenticate itself for some reason... The Wireshark trace shows that you've tried to authentificate an user "uid=mmustermann,ou=people,dc=ht", but no such LDAP item exists. It is named "cn=Max Mustermann,ou=people,dc=ht". > If i change the configuration as follows: > > auth_bind = no > #auth_bind_userdn = uid=%u,ou=people,dc=ht > > Then I get following picture: http://i.stack.imgur.com/tb5vo.png Well, why auth_bind = no? If you read the comment for that setting: # Use authentication binding for verifying password's validity. This works by # logging into LDAP server using the username and password given by client. # The pass_filter is used to find the DN for the user. Note that the pass_attrs # is still used, only the password field is ignored in it. Before doing any # search, the binding is switched back to the default DN. #auth_bind = no auth_bind = yes > I am really desperate and don't know how to make it work. Can somebody > please give me a clue how to solve this problem? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3mrOHz1H7kL/d9rAQJP3Qf/S4FMF1R1ZSvs1vpul3S2pN1stNlEKvjU 9O5hemGYbjfXJjZzY0Htp1rfDHz35GkYkfIxNOmf9pH7WVS9BXK+3wx0jNXVOMVh 3OPnbe7UNZmj5MMx/xtCs6MrC010aOvZ0semBEaoyosUaZA11nyi+Ju2rYtxmZqG 4GNWxMjlXl98qzt8LPqSdnYzLJ+uzkmdh8CNQLOS5e86bwcxV5Fd5V3CbuT40/A0 odEtyvoe8czpnfOBM1CImwwoOnyK0lBi4Pk5SGwLA3qyDlac7bsNnNahUx22Nozd VYQ3ixZODp3f3/VIloqdVmTFHly8S2vLFDZOmWo4Tc0FEYsLHqR+iA== =fy/V -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Mon May 19 07:09:45 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 19 May 2014 09:09:45 +0200 (CEST) Subject: [Dovecot] logging of failed SASL usernames In-Reply-To: <53787D54.5020403@thelounge.net> References: <53787D54.5020403@thelounge.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 18 May 2014, Reindl Harald wrote: > is there a way that dovecot logs the username? Did you've tried: # Log unsuccessful authentication attempts and the reasons why they failed. #auth_verbose = no maybe auth_debug? I would suppose that this setting applies to all auth attempts. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3muOXz1H7kL/d9rAQJzTAf/R7FWiGcO98/u8SlVZhb+82pMLggs/+tx C7ZSPM7u8b1JA3pmSf4YC750ufxnWjlrgVHwtnEuBfgE6kLd18zvyV97Edy4oF8Z n5oRX9e9bAJnY/Q8Y85tIdDJ5RYBAYwM/qybGhUwg+BEI6hOdGbAtV3u7BpV6t1/ H4qouUWvONaKuZX8dWJy0Xd7zTHbXzyOjmzr3dqQsHZE+27hJ+OmBemToxhB+6Wz ZEFDDXEQmsG9md/wusBCXkeqZBiplgYBb531WjtMY+PInrrVta8nylFGahkE99r3 u3YvfkUxmLflb29xbKQdQkIfGHgbJQcB8PXx9+/XYM6RHN92kjWKoQ== =8XnD -----END PGP SIGNATURE----- From h.reindl at thelounge.net Mon May 19 08:10:23 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 19 May 2014 10:10:23 +0200 Subject: [Dovecot] logging of failed SASL usernames In-Reply-To: References: <53787D54.5020403@thelounge.net> Message-ID: <5379BC6F.4040604@thelounge.net> Am 19.05.2014 09:09, schrieb Steffen Kaiser: > On Sun, 18 May 2014, Reindl Harald wrote: >> is there a way that dovecot logs the username? > > Did you've tried: > > # Log unsuccessful authentication attempts and the reasons why they failed. > #auth_verbose = no > > maybe auth_debug? > > I would suppose that this setting applies to all auth attempts i talk about standard logging in a production environment not for a short period of debugging but always and forever, the current postfix "login failed" log is unhelpful if it logs failed POP3/IMAP logins without debug mode why not SASL auth? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From kontakt at seebergit.dk Mon May 19 11:07:42 2014 From: kontakt at seebergit.dk (Joakim Seeberg) Date: Mon, 19 May 2014 13:07:42 +0200 Subject: [Dovecot] Notifications from dovecot Message-ID: <5379E5FE.5070701@seebergit.dk> Hi list, im trying to build a web based system for secure communication build with standard linux software, instead of using CMS based systems. One of the requirements is to send notifications to users when receiving mail. Can a script find information about the mail address of received mails in dovecot logs or is there a better way. -seeberg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature URL: From h.reindl at thelounge.net Mon May 19 11:11:13 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 19 May 2014 13:11:13 +0200 Subject: [Dovecot] Notifications from dovecot In-Reply-To: <5379E5FE.5070701@seebergit.dk> References: <5379E5FE.5070701@seebergit.dk> Message-ID: <5379E6D1.6010800@thelounge.net> Am 19.05.2014 13:07, schrieb Joakim Seeberg: > Hi list, im trying to build a web based system for secure communication > build with standard linux software, instead of using CMS based systems. > > One of the requirements is to send notifications to users when receiving > mail. > > Can a script find information about the mail address of received mails > in dovecot logs or is there a better way. which sort of notifications? a e-mail "you got new e-mail" hardly makes sense -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From d.parthey at metaways.de Mon May 19 12:47:53 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Mon, 19 May 2014 14:47:53 +0200 Subject: [Dovecot] imapc Proxy to IMAPS Exchangeserver? In-Reply-To: <20140516100913.GD15834@charite.de> References: <20140516093521.GC15834@charite.de> <20140516100913.GD15834@charite.de> Message-ID: <5379FD79.4090409@metaways.de> Am 16.05.2014 12:09, schrieb Ralf Hildebrandt: > May 16 12:07:05 mproxy dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled) > May 16 12:07:29 mproxy dovecot: imap-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=23662, secured, session= > May 16 12:07:29 mproxy dovecot: imap(hildeb): Error: user hildeb: Initialization failed: Namespace '': Mailbox list driver imapc: missing imapc_password > May 16 12:07:29 mproxy dovecot: imap(hildeb): Error: Invalid user settings. Refer to server log for more information. > > Mailbox list driver imapc: missing imapc_password ??? The IMAP Client (imapc) needs a username, hostname, port and password to login. According to http://wiki2.dovecot.org/Variables you can just pass through the plaintext password %w to the imapc backend by setting imapc_password=%w Regards Daniel -- Dipl.-Inf. Daniel Parthey System Engineer Metaways Infosystems GmbH Pickhuben 2, D-20457 Hamburg E-Mail: d.parthey at metaways.de Web: http://www.metaways.de Metaways Infosystems GmbH - Sitz: D-22967 Tremsb?ttel Handelsregister: Amtsgericht L?beck HRB 4508 AH Gesch?ftsf?hrung: Hermann Thaele, L?der-H.Thaele From r at sys4.de Mon May 19 12:53:37 2014 From: r at sys4.de (Ralf Hildebrandt) Date: Mon, 19 May 2014 14:53:37 +0200 Subject: [Dovecot] imapc Proxy to IMAPS Exchangeserver? In-Reply-To: <5379FD79.4090409@metaways.de> References: <20140516093521.GC15834@charite.de> <20140516100913.GD15834@charite.de> <5379FD79.4090409@metaways.de> Message-ID: <20140519125336.GD32570@sys4.de> * Daniel Parthey : > Am 16.05.2014 12:09, schrieb Ralf Hildebrandt: > >May 16 12:07:05 mproxy dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled) > >May 16 12:07:29 mproxy dovecot: imap-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=23662, secured, session= > >May 16 12:07:29 mproxy dovecot: imap(hildeb): Error: user hildeb: Initialization failed: Namespace '': Mailbox list driver imapc: missing imapc_password > >May 16 12:07:29 mproxy dovecot: imap(hildeb): Error: Invalid user settings. Refer to server log for more information. > > > >Mailbox list driver imapc: missing imapc_password ??? > > The IMAP Client (imapc) needs a username, hostname, port and password to login. > > According to http://wiki2.dovecot.org/Variables you can just pass through > the plaintext password %w to the imapc backend by setting imapc_password=%w That's what I did! (prefixed with userdb_, since I'm using driver = prefetch) passdb { driver = imap # Change the line below to reflect the IP address of your Exchange Server. args = host=exchange-imap.charite.de port=993 ssl=imaps default_fields = userdb_imapc_user=%u userdb_imapc_password=%w userdb_imapc_host=exchange-imap.charite.de userdb_imapc_ssl=imaps userdb_imapc_port=993 } userdb { driver = prefetch } -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From d.parthey at metaways.de Mon May 19 13:10:37 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Mon, 19 May 2014 15:10:37 +0200 Subject: [Dovecot] imapc Proxy to IMAPS Exchangeserver? In-Reply-To: <20140519125336.GD32570@sys4.de> References: <20140516093521.GC15834@charite.de> <20140516100913.GD15834@charite.de> <5379FD79.4090409@metaways.de> <20140519125336.GD32570@sys4.de> Message-ID: <537A02CD.5020402@metaways.de> Am 19.05.2014 14:53, schrieb Ralf Hildebrandt: > * Daniel Parthey : >> Am 16.05.2014 12:09, schrieb Ralf Hildebrandt: >>> May 16 12:07:05 mproxy dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled) >>> May 16 12:07:29 mproxy dovecot: imap-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=23662, secured, session= >>> May 16 12:07:29 mproxy dovecot: imap(hildeb): Error: user hildeb: Initialization failed: Namespace '': Mailbox list driver imapc: missing imapc_password >>> May 16 12:07:29 mproxy dovecot: imap(hildeb): Error: Invalid user settings. Refer to server log for more information. >>> >>> Mailbox list driver imapc: missing imapc_password ??? >> >> The IMAP Client (imapc) needs a username, hostname, port and password to login. >> >> According to http://wiki2.dovecot.org/Variables you can just pass through >> the plaintext password %w to the imapc backend by setting imapc_password=%w > > That's what I did! (prefixed with userdb_, since I'm using driver = prefetch) You're trying to enable SSL in imapc, right? Maybe some of the options from http://wiki2.dovecot.org/Migration/Dsync will be useful: # for SSL: #imapc_port = 993 #imapc_ssl = imaps #imapc_ssl_ca_dir = /etc/ssl #imapc_ssl_verify = yes Regards Daniel -- Dipl.-Inf. Daniel Parthey System Engineer Metaways Infosystems GmbH Pickhuben 2, D-20457 Hamburg E-Mail: d.parthey at metaways.de Web: http://www.metaways.de Metaways Infosystems GmbH - Sitz: D-22967 Tremsb?ttel Handelsregister: Amtsgericht L?beck HRB 4508 AH Gesch?ftsf?hrung: Hermann Thaele, L?der-H.Thaele From r at sys4.de Mon May 19 13:17:56 2014 From: r at sys4.de (Ralf Hildebrandt) Date: Mon, 19 May 2014 15:17:56 +0200 Subject: [Dovecot] imapc Proxy to IMAPS Exchangeserver? In-Reply-To: <537A02CD.5020402@metaways.de> References: <20140516093521.GC15834@charite.de> <20140516100913.GD15834@charite.de> <5379FD79.4090409@metaways.de> <20140519125336.GD32570@sys4.de> <537A02CD.5020402@metaways.de> Message-ID: <20140519131755.GE32570@sys4.de> * Daniel Parthey : > >>The IMAP Client (imapc) needs a username, hostname, port and password to login. > >> > >>According to http://wiki2.dovecot.org/Variables you can just pass through > >>the plaintext password %w to the imapc backend by setting imapc_password=%w > > > >That's what I did! (prefixed with userdb_, since I'm using driver = prefetch) > > You're trying to enable SSL in imapc, right? Only in order to reach the Exchangeserver > Maybe some of the options from http://wiki2.dovecot.org/Migration/Dsync will be useful: > > # for SSL: > #imapc_port = 993 > #imapc_ssl = imaps > #imapc_ssl_ca_dir = /etc/ssl > #imapc_ssl_verify = yes Got these. I found the error. It was a leftover config someplace. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From da-dovecotlist-15 at abelonline.de Mon May 19 15:10:58 2014 From: da-dovecotlist-15 at abelonline.de (Boris) Date: Mon, 19 May 2014 17:10:58 +0200 Subject: [Dovecot] / vs. References: <2005472.BZJ66MbKek@skynet2> <2700280.nm6eTIEnJZ@skynet2> <53793263.4060505@orlitzky.com> Message-ID: <2769956.HWncNiXX6z@skynet2> On Sunday 18 May 2014 18:21:23 Michael Orlitzky wrote: > In the other cases, the configurable parameter is supposed to be a path > to a file. So you give it a path, beginning with "/". > > The certificate parameter takes string, so you would have had to > copy/paste your certificate in there. But nobody wants to do that, so > there's an alternate way to read the certificate from a file. > > Fictional example: it's the difference between: > > valid_users = user1 at example.com, user2 at example.com,... > > and > > valid_users = > The leading "<" means "pretend I typed the contents of this file right > here." If instead you had, > > valid_users = /path/to/valid/users > > then dovecot might think you have one valid user named > "/path/to/valid/users." Thank you for the explanation Michael. I think I understand it now. Boris From marc at perkel.com Tue May 20 06:37:05 2014 From: marc at perkel.com (Marc Perkel) Date: Mon, 19 May 2014 23:37:05 -0700 Subject: [Dovecot] Setting mail location in SQL? Message-ID: <537AF811.2090808@perkel.com> Trying to figure out the syntax to set a mail_location for SQL. This doesn't work: userdb { driver = sql args = /etc/dovecot/master-combined-sql.conf override_fields = mail_location=maildir:/fakedir/%d/%n:INBOX=/fakedir:LAYOUT=fs } Does anyone know the proper syntax? Thanks in advance From skdovecot at smail.inf.fh-brs.de Tue May 20 06:44:54 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 20 May 2014 08:44:54 +0200 (CEST) Subject: [Dovecot] Setting mail location in SQL? In-Reply-To: <537AF811.2090808@perkel.com> References: <537AF811.2090808@perkel.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 19 May 2014, Marc Perkel wrote: > Trying to figure out the syntax to set a mail_location for SQL. This doesn't > work: > > userdb { > driver = sql > args = /etc/dovecot/master-combined-sql.conf > override_fields = > mail_location=maildir:/fakedir/%d/%n:INBOX=/fakedir:LAYOUT=fs > } > > Does anyone know the proper syntax? http://wiki2.dovecot.org/AuthDatabase/SQL#User_database_lookups It's the "mail" field. You configured the reverse case: http://wiki2.dovecot.org/UserDatabase?highlight=%28override_fields%29 - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3r553z1H7kL/d9rAQL87gf/b7+5vsp3eHcmqbqwrpSQXn8OElg3rpb+ wa/ym3NOBv3neiDFIW+VuOuYvuS8pddjvmpf+SLSDfuqPbDnLZ6WD1dJ9e6RMLT+ FCqw720HUrKJ2gra0i9yQZcskXEOIL23pz8p+9jf4vibHsTUJ47VKFPjV15mSB7Z TKmXG960cKdXcdeP1SndxwF735ZC6QVlJ2fQWdwsLOA0gQUFsfO+UQY/cfJiWLKZ omt0nIj2RduXZUDJoG9s+5UtXRJck4SC0oqXdmAebPYnJB+1H+vpdY1tscItD7GN EuQCouev2L0m4LIGpvrhyOoZy2/Xsh/U+wQDB6tJYrBZlZom1L3pOA== =oXX4 -----END PGP SIGNATURE----- From kontakt at seebergit.dk Tue May 20 08:56:30 2014 From: kontakt at seebergit.dk (Joakim Seeberg) Date: Tue, 20 May 2014 10:56:30 +0200 Subject: [Dovecot] Notifications from dovecot In-Reply-To: <5379E6D1.6010800@thelounge.net> References: <5379E5FE.5070701@seebergit.dk> <5379E6D1.6010800@thelounge.net> Message-ID: <537B18BE.3050802@seebergit.dk> Den 19-05-2014 13:11, Reindl Harald skrev: > > Am 19.05.2014 13:07, schrieb Joakim Seeberg: >> Hi list, im trying to build a web based system for secure communication >> build with standard linux software, instead of using CMS based systems. >> >> One of the requirements is to send notifications to users when receiving >> mail. >> >> Can a script find information about the mail address of received mails >> in dovecot logs or is there a better way. > > which sort of notifications? > > a e-mail "you got new e-mail" hardly makes sense > Yes it does if the notification is sent to an external mail address that is checked regularly by the user. I'm thinking the script uses the mail address to look up the external mail address in ldap. Alternatively a SMS but the process would be the same. -- Mvh. Joakim Seeberg IT 9510 Arden seebergit.dk -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature URL: From jcblanco at fi.upm.es Tue May 20 09:18:48 2014 From: jcblanco at fi.upm.es (Juan C. Blanco) Date: Tue, 20 May 2014 11:18:48 +0200 Subject: [Dovecot] Dovecot 2.2.13+ and master user db Message-ID: <537B1DF8.4060101@fi.upm.es> Hello, I'm upgrading one of our servers to the last HG 2.2.13 versi?n and I've found some problems with our configuration which has been working fine with previous versions. We have a LDAP userdb for the users and a master userdb for user assistance, Until now the definition of usersdb in 10-auth.conf was: !include auth-master.conf.ext !include auth-system.conf.ext !include auth-ldap.conf.ext With the 2.2.12 version this worked fine but with 2.2.13+ version the LDAP users can't login in dovecot (IMAP), however the master users can login fine. However, if I comment out the master userdb or change the order, i.e. !include auth-system.conf.ext !include auth-ldap.conf.ext !include auth-master.conf.ext In this case LDAP and master users can login normally. Is this configuration change required for the new version or it's a bug? Follows the log sections for both configurations Regards Juan C. Blanco There is the log for the first case (master before ldap) with debugging activated: May 20 08:57:43 master: Info: Dovecot v2.2.13 starting up for imap, pop3, lmtp, sieve (core dumps disabled) May 20 08:57:51 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth May 20 08:57:51 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so May 20 08:57:51 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth May 20 08:57:51 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so May 20 08:57:51 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat May 20 08:57:51 auth: Debug: passwd-file /nas/mail/etc/passwd.master: Read 1 users in 0 secs May 20 08:57:51 auth: Debug: auth client connected (pid=22482) May 20 08:57:56 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=T/5QZs/54gB/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=56290 resp= May 20 08:57:56 auth: Debug: ldap(user1,127.0.0.1,): cache miss May 20 08:57:56 auth: Debug: ldap(user1,127.0.0.1,): bind search: base=dc=some,dc=domain,dc=es filter=(uid=user1) May 20 08:57:56 auth: Debug: ldap(user1,127.0.0.1,): result: Mailbox=/mail/user1 MailQuotaSize=10240; Mailbox,MailQuotaSize unused May 20 08:57:56 auth: Debug: ldap(user1,127.0.0.1,): result: Mailbox=/mail/user1 MailQuotaSize=10240 May 20 08:57:56 auth: Debug: client passdb out: OK 1 user=user1 May 20 08:57:56 auth: Debug: master in: REQUEST 4005167105 22482 1 f14d67dfcbfd5fdffe206fba32ef320b session_pid=22485 request_auth_token May 20 08:57:56 auth: Debug: passwd-file(user1,127.0.0.1,): userdb cache miss May 20 08:57:56 auth: Debug: passwd-file(user1,127.0.0.1,): lookup: user=user1 file=/nas/mail/etc/passwd.master May 20 08:57:56 auth: Info: passwd-file(user1,127.0.0.1,): unknown user May 20 08:57:56 auth: Debug: prefetch(user1,127.0.0.1,): success May 20 08:57:56 auth: Debug: master userdb out: USER 4005167105 user1 auth_token=51719362e64e34996d44dfbde00993c989be6580 May 20 08:57:56 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=22485, secured, session= May 20 08:57:56 imap: Debug: Loading modules from directory: /usr/lib64/dovecot May 20 08:57:56 imap: Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so May 20 08:57:56 imap: Debug: Module loaded: /usr/lib64/dovecot/lib02_imap_acl_plugin.so May 20 08:57:56 imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so May 20 08:57:56 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so May 20 08:57:56 imap: Debug: Added userdb setting: plugin/=yes May 20 08:57:56 imap(user1): Debug: Effective uid=98, gid=12, home= May 20 08:57:56 imap(user1): Debug: Quota root: name=User quota backend=maildir args= May 20 08:57:56 imap(user1): Debug: Quota rule: root=User quota mailbox=* bytes=10485760 messages=0 May 20 08:57:56 imap(user1): Debug: Quota rule: root=User quota mailbox=Trash bytes=+1048576 (10%) messages=0 May 20 08:57:56 imap(user1): Debug: Quota warning: bytes=9961472 (95%) messages=0 reverse=no command=quota-warning 95 user1 May 20 08:57:56 imap(user1): Debug: Quota warning: bytes=8388608 (80%) messages=0 reverse=no command=quota-warning 80 user1 May 20 08:57:56 imap(user1): Debug: Quota grace: root=User quota bytes=1048576 (10%) May 20 08:57:56 imap(user1): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir May 20 08:57:56 imap(user1): Error: user user1: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir May 20 08:57:56 imap(user1): Error: Invalid user settings. Refer to server log for more information. Log for second case (master after LDAP) May 20 09:06:38 master: Info: Dovecot v2.2.13 starting up for imap, pop3, lmtp, sieve (core dumps disabled) May 20 09:06:43 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth May 20 09:06:43 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so May 20 09:06:43 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth May 20 09:06:43 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so May 20 09:06:43 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat May 20 09:06:43 auth: Debug: passwd-file /nas/mail/etc/passwd.master: Read 1 users in 0 secs May 20 09:06:43 auth: Debug: auth client connected (pid=22533) May 20 09:06:50 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=RRYchs/55AB/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=56292 resp= May 20 09:06:50 auth: Debug: ldap(user1,127.0.0.1,): cache miss May 20 09:06:50 auth: Debug: ldap(user1,127.0.0.1,): bind search: base=dc=some,dc=domain,dc=es filter=(uid=user1) May 20 09:06:50 auth: Debug: ldap(user1,127.0.0.1,): result: Mailbox=/mail/user1 MailQuotaSize=10240; Mailbox,MailQuotaSize unused May 20 09:06:50 auth: Debug: ldap(user1,127.0.0.1,): result: Mailbox=/mail/user1 MailQuotaSize=10240 May 20 09:06:50 auth: Debug: client passdb out: OK 1 user=user1 May 20 09:06:50 auth: Debug: master in: REQUEST 899284993 22533 1 5497b866fa520f52f65b72b700b3e460 session_pid=22535 request_auth_token May 20 09:06:50 auth: Debug: prefetch(user1,127.0.0.1,): success May 20 09:06:50 auth: Debug: master userdb out: USER 899284993 user1 home=/mail/user1 quota_rule=*:storage=10240 acl_groups=ccmail auth_token=672454c1a2671c22f334923aa11916aab58ed954 May 20 09:06:50 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=22535, secured, session= May 20 09:06:50 imap: Debug: Loading modules from directory: /usr/lib64/dovecot May 20 09:06:50 imap: Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so May 20 09:06:50 imap: Debug: Module loaded: /usr/lib64/dovecot/lib02_imap_acl_plugin.so May 20 09:06:50 imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so May 20 09:06:50 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so May 20 09:06:50 imap: Debug: Added userdb setting: plugin/acl_groups=ccmail May 20 09:06:50 imap: Debug: Added userdb setting: plugin/quota_rule=*:storage=10240 May 20 09:06:50 imap(user1): Debug: Effective uid=98, gid=12, home=/mail/user1 May 20 09:06:50 imap(user1): Debug: Quota root: name=User quota backend=maildir args= May 20 09:06:50 imap(user1): Debug: Quota rule: root=User quota mailbox=* bytes=10485760 messages=0 May 20 09:06:50 imap(user1): Debug: Quota rule: root=User quota mailbox=Trash bytes=+1048576 (10%) messages=0 May 20 09:06:50 imap(user1): Debug: Quota warning: bytes=9961472 (95%) messages=0 reverse=no command=quota-warning 95 user1 May 20 09:06:50 imap(user1): Debug: Quota warning: bytes=8388608 (80%) messages=0 reverse=no command=quota-warning 80 user1 May 20 09:06:50 imap(user1): Debug: Quota grace: root=User quota bytes=1048576 (10%) May 20 09:06:50 imap(user1): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir May 20 09:06:50 imap(user1): Debug: maildir++: root=/mail/user1/Maildir, index=, indexpvt=, control=, inbox=/mail/user1/Maildir, alt= May 20 09:06:50 imap(user1): Debug: acl: initializing backend with data: vfile May 20 09:06:50 imap(user1): Debug: acl: acl username = user1 May 20 09:06:50 imap(user1): Debug: acl: owner = 1 May 20 09:06:50 imap(user1): Debug: acl vfile: Global ACLs disabled May 20 09:06:50 imap(user1): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=maildir:%h/Maildir:INDEX=~/Maildir/shared/%u May 20 09:06:50 imap(user1): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= May 20 09:06:50 imap(user1): Debug: acl: initializing backend with data: vfile May 20 09:06:50 imap(user1): Debug: acl: acl username = user1 May 20 09:06:50 imap(user1): Debug: acl: owner = 0 May 20 09:06:50 imap(user1): Debug: acl vfile: Global ACLs disabled May 20 09:06:53 imap(user1): Info: Disconnected: Logged out in=8 out=417 -- +----------------------------------------------------------------+ | Juan C. Blanco | | | | Centro de Calculo | | | Facultad de Informatica U.P.M. | E-mail: jcblanco at fi.upm.es | | Campus de Montegancedo | | | Boadilla del Monte | Tel.: (+34) 91 336 7466 | | 28660 MADRID (Spain) | Fax : (+34) 91 336 6913 | +----------------------------------------------------------------+ From stephan at rename-it.nl Tue May 20 09:30:03 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 20 May 2014 11:30:03 +0200 Subject: [Dovecot] Notifications from dovecot In-Reply-To: <537B18BE.3050802@seebergit.dk> References: <5379E5FE.5070701@seebergit.dk> <5379E6D1.6010800@thelounge.net> <537B18BE.3050802@seebergit.dk> Message-ID: <537B209B.3050400@rename-it.nl> On 5/20/2014 10:56 AM, Joakim Seeberg wrote: > Den 19-05-2014 13:11, Reindl Harald skrev: >> Am 19.05.2014 13:07, schrieb Joakim Seeberg: >>> Hi list, im trying to build a web based system for secure communication >>> build with standard linux software, instead of using CMS based systems. >>> >>> One of the requirements is to send notifications to users when receiving >>> mail. >>> >>> Can a script find information about the mail address of received mails >>> in dovecot logs or is there a better way. >> which sort of notifications? >> >> a e-mail "you got new e-mail" hardly makes sense >> > Yes it does if the notification is sent to an external mail address that > is checked regularly by the user. I'm thinking the script uses the mail > address to look up the external mail address in ldap. > > Alternatively a SMS but the process would be the same. This should provide what you need: http://sieve.info/ http://tools.ietf.org/html/rfc5435 http://tools.ietf.org/html/rfc5436 http://wiki2.dovecot.org/Pigeonhole Regards, Stephan. From andy at andybev.com Tue May 20 09:34:16 2014 From: andy at andybev.com (Andrew Beverley) Date: Tue, 20 May 2014 10:34:16 +0100 Subject: [Dovecot] Notifications from dovecot In-Reply-To: <5379E5FE.5070701@seebergit.dk> References: <5379E5FE.5070701@seebergit.dk> Message-ID: <1400578456.14369.93.camel@andy-laptop> On Mon, 2014-05-19 at 13:07 +0200, Joakim Seeberg wrote: > Hi list, im trying to build a web based system for secure communication > build with standard linux software, instead of using CMS based systems. > > One of the requirements is to send notifications to users when receiving > mail. > > Can a script find information about the mail address of received mails > in dovecot logs or is there a better way. It depends on your set up and what you're using for your local delivery agent. If you're using LMTP, then I asked a similar question a few days ago: http://dovecot.org/pipermail/dovecot/2014-May/096144.html Another alternative might be to create some sort of procmail script. Andy From acrow at integrafin.co.uk Tue May 20 11:39:10 2014 From: acrow at integrafin.co.uk (Alex Crow) Date: Tue, 20 May 2014 12:39:10 +0100 Subject: [Dovecot] Solr/Tika Message-ID: <537B3EDE.8000004@integrafin.co.uk> |Hi list, If I've added the tika stuff to my tomcat/solr setup, ie copied: | ||solr-4.7.2/dist/solr-cell-*| solr-4.7.2/contrib/extraction/lib/* to ||/var/lib/tomcat6/webapps/solr/WEB-INF/lib/ how do I get dovecot to index attachments? Do I just need to add| fts-solr =/index-attachments url=http://localhost:8080/solr-4.7.2/ /to the 90-plugin.conf? Or do I need to so something like fts_tika =/http://localhost:8080/solr-4.7.2// IE the same uri I have for the solr? Thanks Alex From listflo at ricam.oeaw.ac.at Tue May 20 12:00:11 2014 From: listflo at ricam.oeaw.ac.at (Florian) Date: Tue, 20 May 2014 14:00:11 +0200 Subject: [Dovecot] lazy_expunge and shared folders Message-ID: <1655855.hMDViD39ls@vulcan.ricint.oeaw.ac.at> Hi, since migration to Dovecot 2.2 I have troubles with lazy_expunge as soon as a user shares a folder. The user the folder is shared to cannot login anymore, dovecot logs Fatal: lazy_expunge: Unknown namespace: '.EXPUNGED/' - When no folder is shared lazy_expunge is working fine, deleted mails are moved to the expunged namespace and can be recovered without any problems. - Sharing folders works as long as I disable lazy_expunge. I have used the config (with minor changes) with dovecot 2.0 for years without any problem. Switching to dovecot 2.2.10 (atrps repository) or 2.2.12 (dovecot enterprise repo) lazy_expunge and acl do not work together anymore. Is it a bug, a known limitation or is something wrong with my config? Any hints are welcome. Thanks in advance, Florian dovecot -n # 2.2.12.12 (03196f188677): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-042stab085.20 x86_64 CentOS release 6.5 (Final) auth_cache_negative_ttl = 10 mins auth_cache_size = 10 M auth_cache_ttl = 2 hours auth_failure_delay = 10 secs auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_gid = 105 first_valid_uid = 105 hostname = ... imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags imap_idle_notify_interval = 10 mins last_valid_uid = 105 listen = ... lmtp_save_to_detail_mailbox = yes login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_gid = vimap mail_home = /var/imap/spool/%1n/%n mail_location = mdbox:~/mdbox mail_plugins = " fts fts_lucene acl" mail_temp_dir = /var/imap/tmp mail_uid = vimap managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl mdbox_rotate_interval = 1 days namespace { list = children location = mdbox:/var/imap/spool/%%1n/%%n/mdbox:INDEXPVT=/var/imap/spool/%1n/%n/mdbox/shared/%%u prefix = User/%%u/ separator = / subscriptions = no type = shared } namespace expunged { hidden = yes list = no location = mdbox:/var/imap/spool/%1n/%n/mdbox:MAILBOXDIR=expunged prefix = .EXPUNGED/ separator = / subscriptions = no type = private } namespace inbox { inbox = yes location = mdbox:/var/imap/spool/%1n/%n/mdbox mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Learn { auto = subscribe } mailbox Learn/Ham { auto = subscribe } mailbox Learn/Spam { auto = subscribe } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } mailbox virtual/All { special_use = \All } mailbox virtual/Flagged { special_use = \Flagged } prefix = separator = / type = private } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { args = /etc/dovecot/extra-users driver = passwd-file } plugin { acl = vfile:/var/imap/global-acls:cache_secs=300 acl_shared_dict = file:/var/imap/shared-mailboxes/shared-mailboxes fts = lucene fts_autoindex = yes fts_lucene = whitespace_chars=@. lazy_expunge = .EXPUNGED/ lazy_expunge_only_last_instance = yes recipient_delimiter = + sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 1M } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh postmaster_address = postmaster at ... protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vimap mode = 0600 user = vimap } user = $default_internal_user } service imap-login { process_min_avail = 4 service_count = 0 } service imap { process_limit = 1024 vsz_limit = 256 M } service lmtp { inet_listener lmtp { address = ... port = 24 } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } process_min_avail = 4 service_count = 0 } service pop3 { process_limit = 512 } ssl_cert = References: <1655855.hMDViD39ls@vulcan.ricint.oeaw.ac.at> Message-ID: <537B4619.9070203@sys4.de> Am 20.05.2014 14:00, schrieb Florian: > Hi, > > since migration to Dovecot 2.2 I have troubles with lazy_expunge as soon as > a user shares a folder. The user the folder is shared to cannot login > anymore, dovecot logs Fatal: lazy_expunge: Unknown namespace: '.EXPUNGED/' > > - When no folder is shared lazy_expunge is working fine, deleted mails are > moved to the expunged namespace and can be recovered without any problems. > - Sharing folders works as long as I disable lazy_expunge. > > I have used the config (with minor changes) with dovecot 2.0 for years > without any problem. Switching to dovecot 2.2.10 (atrps repository) or > 2.2.12 (dovecot enterprise repo) lazy_expunge and acl do not work together > anymore. > > Is it a bug, a known limitation or is something wrong with my config? > Any hints are welcome. > > Thanks in advance, > Florian > > dovecot -n > > # 2.2.12.12 (03196f188677): /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-042stab085.20 x86_64 CentOS release 6.5 (Final) > auth_cache_negative_ttl = 10 mins > auth_cache_size = 10 M > auth_cache_ttl = 2 hours > auth_failure_delay = 10 secs > auth_mechanisms = plain login > auth_socket_path = /var/run/dovecot/auth-userdb > base_dir = /var/run/dovecot/ > disable_plaintext_auth = no > first_valid_gid = 105 > first_valid_uid = 105 > hostname = ... > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags > imap_idle_notify_interval = 10 mins > last_valid_uid = 105 > listen = ... > lmtp_save_to_detail_mailbox = yes > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c > mail_gid = vimap > mail_home = /var/imap/spool/%1n/%n > mail_location = mdbox:~/mdbox > mail_plugins = " fts fts_lucene acl" > mail_temp_dir = /var/imap/tmp > mail_uid = vimap > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave > mbox_write_locks = fcntl > mdbox_rotate_interval = 1 days > namespace { > list = children > location = > mdbox:/var/imap/spool/%%1n/%%n/mdbox:INDEXPVT=/var/imap/spool/%1n/%n/mdbox/shared/%%u > prefix = User/%%u/ > separator = / > subscriptions = no > type = shared > } > namespace expunged { > hidden = yes > list = no > location = mdbox:/var/imap/spool/%1n/%n/mdbox:MAILBOXDIR=expunged > prefix = .EXPUNGED/ > separator = / > subscriptions = no > type = private > } > namespace inbox { > inbox = yes > location = mdbox:/var/imap/spool/%1n/%n/mdbox > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Learn { > auto = subscribe > } > mailbox Learn/Ham { > auto = subscribe > } > mailbox Learn/Spam { > auto = subscribe > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Spam { > auto = subscribe > special_use = \Junk > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > mailbox virtual/All { > special_use = \All > } > mailbox virtual/Flagged { > special_use = \Flagged > } > prefix = > separator = / > type = private > } > passdb { > args = /etc/dovecot/master-users > driver = passwd-file > master = yes > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > passdb { > args = /etc/dovecot/extra-users > driver = passwd-file > } > plugin { > acl = vfile:/var/imap/global-acls:cache_secs=300 > acl_shared_dict = file:/var/imap/shared-mailboxes/shared-mailboxes > fts = lucene > fts_autoindex = yes > fts_lucene = whitespace_chars=@. > lazy_expunge = .EXPUNGED/ > lazy_expunge_only_last_instance = yes > recipient_delimiter = + > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_max_actions = 32 > sieve_max_redirects = 4 > sieve_max_script_size = 1M > } > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > postmaster_address = postmaster at ... > protocols = imap pop3 lmtp sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vimap > mode = 0600 > user = vimap > } > user = $default_internal_user > } > service imap-login { > process_min_avail = 4 > service_count = 0 > } > service imap { > process_limit = 1024 > vsz_limit = 256 M > } > service lmtp { > inet_listener lmtp { > address = ... > port = 24 > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > inet_listener sieve_deprecated { > port = 2000 > } > service_count = 1 > vsz_limit = 64 M > } > service pop3-login { > inet_listener pop3s { > port = 995 > ssl = yes > } > process_min_avail = 4 > service_count = 0 > } > service pop3 { > process_limit = 512 > } > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > userdb { > args = uid=vimap gid=vimap home=/var/imap/spool/%1n/%n > driver = static > } > protocol lda { > mail_plugins = " fts fts_lucene acl sieve" > } > protocol imap { > mail_max_userip_connections = 20 > mail_plugins = " fts fts_lucene acl imap_acl" > } > protocol lmtp { > mail_plugins = " fts fts_lucene acl sieve" > } > protocol sieve { > mail_max_userip_connections = 10 > managesieve_implementation_string = Dovecot Pigeonhole > managesieve_logout_format = bytes=%i/%o > managesieve_max_line_length = 65536 > } > protocol pop3 { > mail_max_userip_connections = 20 > } > "perhaps" related to this http://wiki2.dovecot.org/Plugins/Lazyexpunge ... Copy only the last instance (v2.2+) If mail has multiple copies (via IMAP COPY), each copy is normally moved to lazy expunge namespace when it's expunged. With v2.2+ you can set plugin { lazy_expunge_only_last_instance = yes } to copy only the last instance and immediately expunge the others. This may be useful if you want to provide a flat list of all expunged mails without duplicates in your webmail. With many clients this means that the last instance is always in the Trash mailbox. ... Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From listflo at ricam.oeaw.ac.at Tue May 20 12:44:24 2014 From: listflo at ricam.oeaw.ac.at (Florian) Date: Tue, 20 May 2014 14:44:24 +0200 Subject: [Dovecot] lazy_expunge and shared folders In-Reply-To: <537B4619.9070203@sys4.de> References: <1655855.hMDViD39ls@vulcan.ricint.oeaw.ac.at> <537B4619.9070203@sys4.de> Message-ID: <10250109.elI8FHB6oE@vulcan.ricint.oeaw.ac.at> Am Dienstag, 20. Mai 2014, 14:10:01 schrieben Sie: > Am 20.05.2014 14:00, schrieb Florian: > > Hi, > > > > since migration to Dovecot 2.2 I have troubles with lazy_expunge as soon > > as a user shares a folder. The user the folder is shared to cannot > > login anymore, dovecot logs Fatal: lazy_expunge: Unknown namespace: > > '.EXPUNGED/' > > > > - When no folder is shared lazy_expunge is working fine, deleted mails > > are moved to the expunged namespace and can be recovered without any > > problems. - Sharing folders works as long as I disable lazy_expunge. > > > > I have used the config (with minor changes) with dovecot 2.0 for years > > without any problem. Switching to dovecot 2.2.10 (atrps repository) or > > 2.2.12 (dovecot enterprise repo) lazy_expunge and acl do not work > > together anymore. > > > > Is it a bug, a known limitation or is something wrong with my config? > > Any hints are welcome. > > > > Thanks in advance, > > Florian > > > > dovecot -n > > > > # 2.2.12.12 (03196f188677): /etc/dovecot/dovecot.conf > > # OS: Linux 2.6.32-042stab085.20 x86_64 CentOS release 6.5 (Final) > > auth_cache_negative_ttl = 10 mins > > auth_cache_size = 10 M > > auth_cache_ttl = 2 hours > > auth_failure_delay = 10 secs > > auth_mechanisms = plain login > > auth_socket_path = /var/run/dovecot/auth-userdb > > base_dir = /var/run/dovecot/ > > disable_plaintext_auth = no > > first_valid_gid = 105 > > first_valid_uid = 105 > > hostname = ... > > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > > tb-lsub-flags imap_idle_notify_interval = 10 mins > > last_valid_uid = 105 > > listen = ... > > lmtp_save_to_detail_mailbox = yes > > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c > > mail_gid = vimap > > mail_home = /var/imap/spool/%1n/%n > > mail_location = mdbox:~/mdbox > > mail_plugins = " fts fts_lucene acl" > > mail_temp_dir = /var/imap/tmp > > mail_uid = vimap > > managesieve_notify_capability = mailto > > managesieve_sieve_capability = fileinto reject envelope > > encoded-character > > vacation subaddress comparator-i;ascii-numeric relational regex > > imap4flags copy include variables body enotify environment mailbox date > > ihave mbox_write_locks = fcntl > > mdbox_rotate_interval = 1 days > > namespace { > > > > list = children > > location = > > > > mdbox:/var/imap/spool/%%1n/%%n/mdbox:INDEXPVT=/var/imap/spool/%1n/%n/mdb > > ox/shared/%%u> > > prefix = User/%%u/ > > separator = / > > subscriptions = no > > type = shared > > > > } > > namespace expunged { > > > > hidden = yes > > list = no > > location = mdbox:/var/imap/spool/%1n/%n/mdbox:MAILBOXDIR=expunged > > prefix = .EXPUNGED/ > > separator = / > > subscriptions = no > > type = private > > > > } > > namespace inbox { > > > > inbox = yes > > location = mdbox:/var/imap/spool/%1n/%n/mdbox > > mailbox Drafts { > > > > auto = subscribe > > special_use = \Drafts > > > > } > > mailbox Learn { > > > > auto = subscribe > > > > } > > mailbox Learn/Ham { > > > > auto = subscribe > > > > } > > mailbox Learn/Spam { > > > > auto = subscribe > > > > } > > mailbox Sent { > > > > auto = subscribe > > special_use = \Sent > > > > } > > mailbox Spam { > > > > auto = subscribe > > special_use = \Junk > > > > } > > mailbox Trash { > > > > auto = subscribe > > special_use = \Trash > > > > } > > mailbox virtual/All { > > > > special_use = \All > > > > } > > mailbox virtual/Flagged { > > > > special_use = \Flagged > > > > } > > prefix = > > separator = / > > type = private > > > > } > > passdb { > > > > args = /etc/dovecot/master-users > > driver = passwd-file > > master = yes > > > > } > > passdb { > > > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > > > } > > passdb { > > > > args = /etc/dovecot/extra-users > > driver = passwd-file > > > > } > > plugin { > > > > acl = vfile:/var/imap/global-acls:cache_secs=300 > > acl_shared_dict = file:/var/imap/shared-mailboxes/shared-mailboxes > > fts = lucene > > fts_autoindex = yes > > fts_lucene = whitespace_chars=@. > > lazy_expunge = .EXPUNGED/ > > lazy_expunge_only_last_instance = yes > > recipient_delimiter = + > > sieve = ~/.dovecot.sieve > > sieve_dir = ~/sieve > > sieve_max_actions = 32 > > sieve_max_redirects = 4 > > sieve_max_script_size = 1M > > > > } > > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > > postmaster_address = postmaster at ... > > protocols = imap pop3 lmtp sieve > > service auth { > > > > unix_listener /var/spool/postfix/private/auth { > > > > group = postfix > > mode = 0660 > > user = postfix > > > > } > > unix_listener auth-userdb { > > > > group = vimap > > mode = 0600 > > user = vimap > > > > } > > user = $default_internal_user > > > > } > > service imap-login { > > > > process_min_avail = 4 > > service_count = 0 > > > > } > > service imap { > > > > process_limit = 1024 > > vsz_limit = 256 M > > > > } > > service lmtp { > > > > inet_listener lmtp { > > > > address = ... > > port = 24 > > > > } > > > > } > > service managesieve-login { > > > > inet_listener sieve { > > > > port = 4190 > > > > } > > inet_listener sieve_deprecated { > > > > port = 2000 > > > > } > > service_count = 1 > > vsz_limit = 64 M > > > > } > > service pop3-login { > > > > inet_listener pop3s { > > > > port = 995 > > ssl = yes > > > > } > > process_min_avail = 4 > > service_count = 0 > > > > } > > service pop3 { > > > > process_limit = 512 > > > > } > > ssl_cert = > ssl_key = > userdb { > > > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > > > } > > userdb { > > > > args = uid=vimap gid=vimap home=/var/imap/spool/%1n/%n > > driver = static > > > > } > > protocol lda { > > > > mail_plugins = " fts fts_lucene acl sieve" > > > > } > > protocol imap { > > > > mail_max_userip_connections = 20 > > mail_plugins = " fts fts_lucene acl imap_acl" > > > > } > > protocol lmtp { > > > > mail_plugins = " fts fts_lucene acl sieve" > > > > } > > protocol sieve { > > > > mail_max_userip_connections = 10 > > managesieve_implementation_string = Dovecot Pigeonhole > > managesieve_logout_format = bytes=%i/%o > > managesieve_max_line_length = 65536 > > > > } > > protocol pop3 { > > > > mail_max_userip_connections = 20 > > > > } > > "perhaps" related to this > > http://wiki2.dovecot.org/Plugins/Lazyexpunge > > ... > Copy only the last instance (v2.2+) > > If mail has multiple copies (via IMAP COPY), each copy is normally moved > to lazy expunge namespace when it's expunged. With v2.2+ you can set > plugin { lazy_expunge_only_last_instance = yes } to copy only the last > instance and immediately expunge the others. This may be useful if you > want to provide a flat list of all expunged mails without duplicates in > your webmail. With many clients this means that the last instance is > always in the Trash mailbox. > ... Hi, thanks, already tried with and without lazy_expunge_only_last_instance. (Even with explicitely set to no) unfortunately no difference, both fail with dovecot: imap(username): Fatal: lazy_expunge: Unknown namespace: '.EXPUNGED/' as soon as a folder is shared. Btw, my dovecot -n output was with lazy_expunge disabled. It?s enabled as global plugin, output with lazy_expunge is: mail_plugins = " fts fts_lucene acl lazy_expunge" Florian > > > > Best Regards > MfG Robert Schetterer From marc at perkel.com Tue May 20 14:19:47 2014 From: marc at perkel.com (Marc Perkel) Date: Tue, 20 May 2014 07:19:47 -0700 Subject: [Dovecot] Setting mail location in SQL? In-Reply-To: References: <537AF811.2090808@perkel.com> Message-ID: <537B6483.2020502@perkel.com> Is there any way to do it without modifying the MySQL database? I want to force it it maildir:/fakedir/%d/%n for this userdb only. Other userdb has a different value. On 5/19/2014 11:44 PM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 19 May 2014, Marc Perkel wrote: > >> Trying to figure out the syntax to set a mail_location for SQL. This >> doesn't work: >> >> userdb { >> driver = sql >> args = /etc/dovecot/master-combined-sql.conf >> override_fields = >> mail_location=maildir:/fakedir/%d/%n:INBOX=/fakedir:LAYOUT=fs >> } >> >> Does anyone know the proper syntax? > > http://wiki2.dovecot.org/AuthDatabase/SQL#User_database_lookups > It's the "mail" field. You configured the reverse case: > http://wiki2.dovecot.org/UserDatabase?highlight=%28override_fields%29 > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBU3r553z1H7kL/d9rAQL87gf/b7+5vsp3eHcmqbqwrpSQXn8OElg3rpb+ > wa/ym3NOBv3neiDFIW+VuOuYvuS8pddjvmpf+SLSDfuqPbDnLZ6WD1dJ9e6RMLT+ > FCqw720HUrKJ2gra0i9yQZcskXEOIL23pz8p+9jf4vibHsTUJ47VKFPjV15mSB7Z > TKmXG960cKdXcdeP1SndxwF735ZC6QVlJ2fQWdwsLOA0gQUFsfO+UQY/cfJiWLKZ > omt0nIj2RduXZUDJoG9s+5UtXRJck4SC0oqXdmAebPYnJB+1H+vpdY1tscItD7GN > EuQCouev2L0m4LIGpvrhyOoZy2/Xsh/U+wQDB6tJYrBZlZom1L3pOA== > =oXX4 > -----END PGP SIGNATURE----- > > > From andy at andybev.com Tue May 20 18:09:19 2014 From: andy at andybev.com (Andrew Beverley) Date: Tue, 20 May 2014 19:09:19 +0100 Subject: [Dovecot] Performing an action on mail receipt In-Reply-To: <53733A38.6010501@thinline.cz> References: <1399989227.23156.32.camel@andy-laptop> <53722A71.70201@rename-it.nl> <1400026546.23156.109.camel@andy-laptop> <53733A38.6010501@thinline.cz> Message-ID: <1400609359.14369.159.camel@andy-laptop> On Wed, 2014-05-14 at 11:41 +0200, Jiri Bourek wrote: > > By user, I'd like to retrieve from a SQL database firstly which Sieve > > script to run (if applicable) and secondly the parameters for that > > particular user, in this case the external email address to notify. > > AFAIK PigeonHole can read scripts only from file. Being able to use SQL > database as data source would sure be nice and I recall there was some > short discussion about it, but - again, AFAIK - it was never added as a > feature. Okay, I managed to get this working without too much of a problem. I've updated the wiki: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration/Dict > > As I understand it, I'll need to use the Extdata plugin to retrieve data > > values per-user. I've successfully compiled and installed this plugin, > > but I'm not sure how to connect it to a dict. > > Tried that too for optional spamassassin test and failed, see > https://www.mail-archive.com/dovecot at dovecot.org/msg57539.html . IMO > documentation for this map and dict thing is a nightmare to say the > least (or if there is something, Google doesn't know about it.) > > Anyway, this is what I came up with: [...] Thanks for that. I've just about got it working, and have also updated the wiki: http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extdata I have run into one problem though: extdata is looking for the dict proxy at the locate "/dict" (in the root directory). I've had to create a symlink to the actual location in /var/run/dovecot. I'm guessing that maybe I've missed a config option when compiling. Anybody know what I'm doing wrong? Also, are there any plans to formally release the extdata plugin as part of Sieve? Thanks, Andy From andy at andybev.com Tue May 20 19:15:40 2014 From: andy at andybev.com (Andrew Beverley) Date: Tue, 20 May 2014 20:15:40 +0100 Subject: [Dovecot] Dict SQL lookups without username_field Message-ID: <1400613340.14369.163.camel@andy-laptop> Dear all, Is it possible to perform dict lookups with a SQL backend, without specifying the username_field in the SQL query? I am using the dict to retrieve a Sieve script. My dict configuration looks like this: map { pattern = priv/sieve/data/$id table = sieve_scripts username_field = email value_field = data fields { id = $id } } I don't want to specify the username though, as the sieve scripts are valid for all users. However, when I remove "username_field" I get the error "data with id `1' for script `main script' not found at path priv/sieve/data/1" Thanks, Andy From sca at andreasschulze.de Tue May 20 19:41:34 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Tue, 20 May 2014 21:41:34 +0200 Subject: [Dovecot] allow_nets + default + ldap In-Reply-To: <20140125204223.GA14875@solar.andreasschulze.de> References: <20140125204223.GA14875@solar.andreasschulze.de> Message-ID: <20140520194134.GA15438@solar.andreasschulze.de> Andreas Schulze: in January: http://dovecot.org/list/dovecot/2014-January/094606.html Hello, looks like there is only little interest on allow_nets + ldap :-/ I step forward to put this feature in our production environment. So I like to ask again if the patch may be included in dovecot and reviewed be an expert programmer. Thanks, Andreas From sca at andreasschulze.de Tue May 20 19:49:06 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Tue, 20 May 2014 21:49:06 +0200 Subject: [Dovecot] dovecot: disable ssl compression In-Reply-To: <5358AF76.5090409@thinline.cz> References: <20140410150440.Horde.Gbn7XHx4blr0ZfiXKEbaAA1@horde.andreasschulze.de> <5346ADA2.7000203@thelounge.net> <20140423235219.Horde.PR-DrnYWXvVrgZ8sQM1XxQ2@horde.andreasschulze.de> <53583B70.5010507@thelounge.net> <20140424064127.Horde.PmGX52ciDTWb1ia6iZDURA1@horde.andreasschulze.de> <5358AF76.5090409@thinline.cz> Message-ID: <20140520194906.GB15438@solar.andreasschulze.de> Jiri Bourek: > Well they seem to know what they are talking about. The description > of the threat in linked screenshot says "attacker needs to have > ability to submit any plain text" I wrote the attached patch to add SSL_OP_NO_COMPRESSION to dovecot. Looks not perfect but definitly works. Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: disable_tls_compression.patch Type: text/x-diff Size: 2039 bytes Desc: not available URL: From tss at iki.fi Wed May 21 02:22:38 2014 From: tss at iki.fi (Timo Sirainen) Date: Tue, 20 May 2014 19:22:38 -0700 Subject: [Dovecot] allow_nets + default + ldap In-Reply-To: <20140520194134.GA15438@solar.andreasschulze.de> References: <20140125204223.GA14875@solar.andreasschulze.de> <20140520194134.GA15438@solar.andreasschulze.de> Message-ID: <115CE636-D976-48DE-9E4F-295EAFFA93E0@iki.fi> On 20.5.2014, at 12.41, Andreas Schulze wrote: > Andreas Schulze: > in January: http://dovecot.org/list/dovecot/2014-January/094606.html > > Hello, > > looks like there is only little interest on allow_nets + ldap :-/ > > I step forward to put this feature in our production environment. > So I like to ask again if the patch may be included in dovecot > and reviewed be an expert programmer. This looks scary, wouldn't it work without it? : request->failed = FALSE; Also, don't these work already? any = 0.0.0.0/0 none = 0.0.0.0/32 Or I'm not sure if the 0.0.0.0/0 matches IPv6, maybe that's a problem.. Also I don't really like to use uppercase values, strcasecmp() would be better I think. From skdovecot at smail.inf.fh-brs.de Wed May 21 06:19:11 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 21 May 2014 08:19:11 +0200 (CEST) Subject: [Dovecot] Setting mail location in SQL? In-Reply-To: <537B6483.2020502@perkel.com> References: <537AF811.2090808@perkel.com> <537B6483.2020502@perkel.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 20 May 2014, Marc Perkel wrote: Please do not top post. > On 5/19/2014 11:44 PM, Steffen Kaiser wrote: >> On Mon, 19 May 2014, Marc Perkel wrote: >> >>> Trying to figure out the syntax to set a mail_location for SQL. This >>> doesn't work: >>> >>> userdb { >>> driver = sql >>> args = /etc/dovecot/master-combined-sql.conf >>> override_fields = >>> mail_location=maildir:/fakedir/%d/%n:INBOX=/fakedir:LAYOUT=fs >>> } >>> >>> Does anyone know the proper syntax? >> >> http://wiki2.dovecot.org/AuthDatabase/SQL#User_database_lookups >> It's the "mail" field. You configured the reverse case: >> http://wiki2.dovecot.org/UserDatabase?highlight=%28override_fields%29 >> > Is there any way to do it without modifying the MySQL database? > > I want to force it it maildir:/fakedir/%d/%n for this userdb only. Other > userdb has a different value. The field is named "mail", not "mail_location". - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3xFX3z1H7kL/d9rAQLqNQf/WMVSkyGbpZRrOWsgDUkdX6rcQVQCbfwN roOlUygF8p30nYpDGqKSbvFxnYHH/Exar0vda5TFkxktgkgSPQuTgVmlxZl07ne3 oXN+B40U0+X62lqnB5NWZzlCxk3p81RUXzZpIKJNjBtGbm/5mmctbTn19ndcNDa3 PkQI5a7OoUJ0MmytYTrVZWWqGAgxS07M4Uwg2kYT5W81dT5aam1OhqRjgZkfrHfc +QOODcbw1j7EUNRSs3H6semtGb5Bylp5XqwY5O4pHhVH+v4DZehRNKhIg8Obqu6x Ia1CljCDkQaTmYlZXr5JE5JVggvlbmJD6g7A5Uo06SR6nAWf11bLPA== =2P4F -----END PGP SIGNATURE----- From maciej.uhlig at us.edu.pl Wed May 21 07:20:57 2014 From: maciej.uhlig at us.edu.pl (Maciej Uhlig) Date: Wed, 21 May 2014 09:20:57 +0200 Subject: [Dovecot] dovecot auth ldap attributes - unused? Message-ID: <537C53D9.2070308@us.edu.pl> Please explain the following dovecot (2.2.13) behaviour: I run dovecot in ldap auth debug mode and log file excerpt follows: 2014-05-21T08:22:01+02:00 dovecot/ip dovecot: auth: Debug: ldap(user at domain,pcip,): bind search: base=o=tree,dc=do,dc=ma,dc=in filter=(&(objectClass=MailAccount)(accountActive=TRUE)(mail=user at domain)) 2014-05-21T08:22:01+02:00 dovecot/ip dovecot: auth: Debug: ldap(user at domain,pcip,): result: mail=user at domain; mail unused 2014-05-21T08:22:01+02:00 dovecot/ip dovecot: auth: Debug: ldap(user at domain,pcip,): result: mail=user at domain 2014-05-21T08:22:01+02:00 dovecot/ip dovecot: auth: Debug: client passdb out: OK 24 user=user at domain 2014-05-21T08:22:01+02:00 dovecot/ip dovecot: auth: Debug: ldap(user at domain,pcip,): user search: base=o=tree,dc=do,dc=ma,dc=in scope=subtree filter=(&(objectClass=MailAccount)(accountActive=TRUE)(mail=user at domain)) fields=mail,quota,mailbox 2014-05-21T08:22:01+02:00 dovecot/ip dovecot: auth: Debug: ldap(user at domain,pcip,): result: mailbox=maildir:/mail/domain/user/mail/ quota=1G mail=user at domain; mail,mailbox,quota unused 2014-05-21T08:22:01+02:00 dovecot/ip dovecot: auth: Debug: ldap(user at domain,pcip,): result: mailbox=maildir:/mail/domain/user/mail/ quota=1G mail=user at domain 2014-05-21T08:22:01+02:00 dovecot/ip dovecot: auth: Debug: master userdb out: USER 3606315009 user at domain quota_rule=*:bytes=1G mail=maildir:/mail/domain/user/mail/ home=/mail/domain/user Question: why are there two ldap result log lines while the first line shows unused attributes and the second doesn't. Does the first occurence show some code being excessive somehow? Thanks. MU -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3354 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From selcuk.yazar at gmail.com Wed May 21 08:36:19 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Wed, 21 May 2014 11:36:19 +0300 Subject: [Dovecot] Per-user Sieve script location question Message-ID: Hi, after some problems, i successfuly ran my dovecot delivery and pigeonhole service in redhat EL 6. our users stored OpenLdap and users home folder like below: /home/vmail/domains/domainname.edu.tr/username/... now when i used default settings for dovecot sieve sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve script write and work globaly and stored, /home/vmail/domains/sieve i looked up Dovecot docs for per user but i don't understand clearly can i replace sieve parameters like sieve = /home/vmail/domains/..................edu.tr/%n/.dovecot.sieve sieve_dir = /home/vmail/domains/.........................edu.tr/%n/.sieve for per user scirpt. thanks in advance. -- Sel?uk YAZAR From eliezer at ngtech.co.il Wed May 21 08:37:39 2014 From: eliezer at ngtech.co.il (Eliezer Croitoru) Date: Wed, 21 May 2014 11:37:39 +0300 Subject: [Dovecot] Dovecot ontop of glusterfs issue. Message-ID: <537C65D3.90008@ngtech.co.il> Hey, I am testing Glusterfs as a storage backend for dovecot as a LDA and imap server. I have seen similar lines in the logs to these: May 21 10:46:01 mailgw dovecot: imap(eliezer at ngtech.co.il): Warning: Created dotlock file's timestamp is different than current time (1400658105 vs 1400658361): /home/vmail/ngtech.co.il/eliezer/Maildir/.Mailing_lists.ceph_users/dovecot-uidlist May 21 10:46:01 mailgw dovecot: imap(eliezer at ngtech.co.il): Error: Transaction log /home/vmail/ngtech.co.il/eliezer/Maildir/dovecot.index.log: duplicate transaction log sequence (2713) The volume is mounted only by one server with ubutntu 14.04. I have seen threads and posts about similar issue with nfs. I want to try to debug the issue but note that with the same settings of the server nfs worked fine but slower. dovecot -n output: http://pastebin.centos.org/9626/ The glusterfs is a replicated volume constructed of two bricks which is mounted only on one dovecot server. All three servers are using the same ntp pool and are synced. Any direction is better then the state I am now. Thanks, Eliezer From skdovecot at smail.inf.fh-brs.de Wed May 21 08:43:28 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 21 May 2014 10:43:28 +0200 (CEST) Subject: [Dovecot] Per-user Sieve script location question In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 21 May 2014, Selcuk Yazar wrote: > our users stored OpenLdap and users home folder like below: without seeing your current doveconf -n output and the ldap configuration file, I would guess that your users have no home directory: http://wiki2.dovecot.org/VirtualUsers/Home > > /home/vmail/domains/domainname.edu.tr/username/... > > now when i used default settings for dovecot sieve > > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > > sieve script write and work globaly and stored, /home/vmail/domains/sieve > > i looked up Dovecot docs for per user but i don't understand clearly > > can i replace sieve parameters like > > sieve = /home/vmail/domains/..................edu.tr/%n/.dovecot.sieve > sieve_dir = /home/vmail/domains/.........................edu.tr/%n/.sieve > > for per user scirpt. Read the link above about why not store Sieve files below an user's mail location. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3xnMHz1H7kL/d9rAQIiRAgAmZYxZo1fn/5Iw0WHB2v3FpF1snq1VH4t tvyhS/ISj3snMB7dbViUkjvYhzaIsWQKP9eXM3YtOmwpSdlwozqwq/5PvckQgAkU cI8UIyXCErsdsvp7/aod/n+Qd+tnjf91b3PY9R7xYd6Qjf/8H7lSmX/xBMBltu7N AVqwgHTivR9dwsDyTkIqQIfULWvwcWf5eXbKzP1YxamYzF+lMk6ippK7RebMrspe CTg1BLCCLiHMTdSQrOrnfmNjgS/rAZctOEyc3/M98U8HxmEhT6ZFpTjQ4i0T0/17 +9DQovMUi2/bZ1IhgBpS9u+YkPeuu+y4vAhMqCAT+fcEW1+MgfK2Lg== =Sc/m -----END PGP SIGNATURE----- From selcuk.yazar at gmail.com Wed May 21 08:58:50 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Wed, 21 May 2014 11:58:50 +0300 Subject: [Dovecot] Per-user Sieve script location question Message-ID: Hi my dovecot conf is doveconf -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-131.6.1.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.0 (Santiago) ext4 auth_debug = yes auth_debug_passwords = yes auth_default_realm = hostname.domainname.edu.tr auth_mechanisms = plain login auth_verbose = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no first_valid_uid = 97 info_log_path = /var/log/dovecot.info last_valid_uid = 5000 mail_debug = yes mail_gid = 1001 mail_location = mbox:/home/vmail/domains/%d/%u mail_uid = 1001 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/dovecot-ldap.conf.ext driver = ldap } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { mode = 0600 user = vmail } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } ssl = no ssl_cert = wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Wed, 21 May 2014, Selcuk Yazar wrote: > > our users stored OpenLdap and users home folder like below: >> > > without seeing your current doveconf -n output and the ldap configuration > file, I would guess that your users have no home directory: > http://wiki2.dovecot.org/VirtualUsers/Home > > > >> /home/vmail/domains/domainname.edu.tr/username/... >> >> now when i used default settings for dovecot sieve >> >> sieve = ~/.dovecot.sieve >> sieve_dir = ~/sieve >> >> sieve script write and work globaly and stored, /home/vmail/domains/sieve >> >> i looked up Dovecot docs for per user but i don't understand clearly >> >> can i replace sieve parameters like >> >> sieve = /home/vmail/domains/..................edu.tr/%n/.dovecot.sieve >> sieve_dir = /home/vmail/domains/.........................edu.tr/%n/.sieve >> >> for per user scirpt. >> > > Read the link above about why not store Sieve files below an user's mail > location. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBU3xnMHz1H7kL/d9rAQIiRAgAmZYxZo1fn/5Iw0WHB2v3FpF1snq1VH4t > tvyhS/ISj3snMB7dbViUkjvYhzaIsWQKP9eXM3YtOmwpSdlwozqwq/5PvckQgAkU > cI8UIyXCErsdsvp7/aod/n+Qd+tnjf91b3PY9R7xYd6Qjf/8H7lSmX/xBMBltu7N > AVqwgHTivR9dwsDyTkIqQIfULWvwcWf5eXbKzP1YxamYzF+lMk6ippK7RebMrspe > CTg1BLCCLiHMTdSQrOrnfmNjgS/rAZctOEyc3/M98U8HxmEhT6ZFpTjQ4i0T0/17 > +9DQovMUi2/bZ1IhgBpS9u+YkPeuu+y4vAhMqCAT+fcEW1+MgfK2Lg== > =Sc/m > -----END PGP SIGNATURE----- > -- Sel?uk YAZAR http://www.selcukyazar.blogspot.com From skdovecot at smail.inf.fh-brs.de Wed May 21 09:10:55 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 21 May 2014 11:10:55 +0200 (CEST) Subject: [Dovecot] Per-user Sieve script location question In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 21 May 2014, Selcuk Yazar wrote: > my dovecot conf is > > doveconf -n > # 2.0.9: /etc/dovecot/dovecot.conf [...] > mail_location = mbox:/home/vmail/domains/%d/%u [...] > userdb { > args = /etc/dovecot/conf.d/dovecot-ldap.conf.ext > driver = ldap > } > > you're right we have mail_location , > > should i add mail_home value That depends on if your LDAP configuration contains a (for the mailserver usable) home for the individual user. > mail_home = /home/vmail/domains/%d/%u The value shows that you did not followed my advice from the last response: "Read the link above about why not store Sieve files below an user's mail location." maybe because you missed it because you toppost. > to 10-mail.conf file ? never use the same dir for mail location and user's home. > On Wed, May 21, 2014 at 11:43 AM, Steffen Kaiser < > skdovecot at smail.inf.fh-brs.de> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> On Wed, 21 May 2014, Selcuk Yazar wrote: >> >> our users stored OpenLdap and users home folder like below: >>> >> >> without seeing your current doveconf -n output and the ldap configuration >> file, I would guess that your users have no home directory: >> http://wiki2.dovecot.org/VirtualUsers/Home >> >> >> >>> /home/vmail/domains/domainname.edu.tr/username/... >>> >>> now when i used default settings for dovecot sieve >>> >>> sieve = ~/.dovecot.sieve >>> sieve_dir = ~/sieve >>> >>> sieve script write and work globaly and stored, /home/vmail/domains/sieve >>> >>> i looked up Dovecot docs for per user but i don't understand clearly >>> >>> can i replace sieve parameters like >>> >>> sieve = /home/vmail/domains/..................edu.tr/%n/.dovecot.sieve >>> sieve_dir = /home/vmail/domains/.........................edu.tr/%n/.sieve >>> >>> for per user scirpt. >>> >> >> Read the link above about why not store Sieve files below an user's mail >> location. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3xtn3z1H7kL/d9rAQIu1wf/XMXuEC1O1PQssoU1uHfTM5jOHpH1KHis yUL1z2/WV8c7engx+CNtGPxnRewC1UFKBZcHaAyXHNxQM+jsYf+NkUo4PDlKkzfi /JIn+SGOlwZKJUYarnAJbt0CdZG7f8auvMLsoovR8iNitSAdyH5AkRt9i25YFndW Nm0lYO1CPJzKp3CVhDS0Lxs6sSD21xsMvuauzMmS4ZpYhXXEdOf4jqNkIYdJbSHz nBHx8sjlJaKNKO3OWs1S5T7DxlRz+VYGw1IZ1BUgpBBD3LxDIOwTLG7NNjWRG2lB nTB+WK02fvh0T+oJORVuKmgoXG5WKvZjFOa4oVqdbbzM6V4ZJSx9Sw== =bLQp -----END PGP SIGNATURE----- From sca at andreasschulze.de Wed May 21 10:18:41 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Wed, 21 May 2014 12:18:41 +0200 Subject: [Dovecot] allow_nets + default + ldap In-Reply-To: <115CE636-D976-48DE-9E4F-295EAFFA93E0@iki.fi> References: <20140125204223.GA14875@solar.andreasschulze.de> <20140520194134.GA15438@solar.andreasschulze.de> <115CE636-D976-48DE-9E4F-295EAFFA93E0@iki.fi> Message-ID: <20140521121841.Horde.mMQAQnOe-jO-rklq9mNR1Q1@horde.andreasschulze.de> Timo, thanks for having a look at my message... > This looks scary, wouldn't it work without it? : request->failed = FALSE; I simply copied the logic from existing code in the same function. > Also, don't these work already? > any = 0.0.0.0/0 > none = 0.0.0.0/32 > > Or I'm not sure if the 0.0.0.0/0 matches IPv6, maybe that's a problem.. Right, thats one problem as I remember. This is in my ldap.conf: pass_filter = (uid=%Lu) pass_attrs = =user=%{ldap:uid}, \ =allow_nets=%{ldap:allownets:ALL}, \ =userdb_uid=%{ldap:uidNumber:1000}, \ =userdb_gid=%{ldap:gidNumber:1000}, \ =userdb_home=%{ldap:homeDirectory:/mail/%Ln} I have to declare a default value for "allow_nets" for accounts without specifies LDAP attribute "allownets". 0.0.0.0/0 will work, but the comma fail. Also only an IPv6 is impossible ":" For this reasons I came up with my patch solution. The other possibility is to explicit allaw all requests if the variable networks in src/auth/auth-request.c/auth_request_validate_networks is empty. > Also I don't really like to use uppercase values, strcasecmp() would > be better I think. there is no strong need for uppercase. As I said, the solution may be not optimal. Andreas From sca at andreasschulze.de Wed May 21 10:27:34 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Wed, 21 May 2014 12:27:34 +0200 Subject: [Dovecot] dovecot auth ldap attributes - unused? In-Reply-To: <537C53D9.2070308@us.edu.pl> References: <537C53D9.2070308@us.edu.pl> Message-ID: <20140521122734.Horde.TpbikfbhdCLcKfjN4nNbBw1@horde.andreasschulze.de> Maciej Uhlig: > Please explain the following dovecot (2.2.13) behaviour: I run dovecot > in ldap auth debug mode and log file excerpt follows: > > filter=(&(objectClass=MailAccount)(accountActive=TRUE)(mail=user at domain)) > fields=mail,quota,mailbox Hello, no solution but a comment: ldap.conf define two ldap queries. pass_filter and user_filter when debugging authentication I use to change my ldap filter: pass_filter = (whatever) vs. pass_filter = (|(PASSDB=1)(whatever)) user_filter = (whatever) vs. user_filter = (|(USERDB=1)(whatever)) The result is the same, but the debug log is easier to understand. Andreas From selcuk.yazar at gmail.com Wed May 21 10:39:54 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Wed, 21 May 2014 13:39:54 +0300 Subject: [Dovecot] Per-user Sieve script location question In-Reply-To: <537c6d87.413d0f0a.5bb7.014dSMTPIN_ADDED_BROKEN@mx.google.com> References: <537c6d87.413d0f0a.5bb7.014dSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: Hi, Steffen i changed my 90-sieve.conf to sieve = /var/sieve-scripts/%u.sieve sieve_dir = /home/vmail/domains/sieve/%n/.sieve and it works. thank you. On Wed, May 21, 2014 at 12:10 PM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 21 May 2014, Selcuk Yazar wrote: > > my dovecot conf is >> >> doveconf -n >> # 2.0.9: /etc/dovecot/dovecot.conf >> > [...] > >> mail_location = mbox:/home/vmail/domains/%d/%u >> > [...] > >> userdb { >> args = /etc/dovecot/conf.d/dovecot-ldap.conf.ext >> driver = ldap >> } >> >> you're right we have mail_location , >> >> should i add mail_home value >> > > That depends on if your LDAP configuration contains a (for the mailserver > usable) home for the individual user. > > mail_home = /home/vmail/domains/%d/%u >> > > The value shows that you did not followed my advice from the last > response: "Read the link above about why not store Sieve files below an > user's mail location." maybe because you missed it because you toppost. > > to 10-mail.conf file ? >> > > never use the same dir for mail location and user's home. > > > On Wed, May 21, 2014 at 11:43 AM, Steffen Kaiser < >> skdovecot at smail.inf.fh-brs.de> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> >> > On Wed, 21 May 2014, Selcuk Yazar wrote: >>> >>> our users stored OpenLdap and users home folder like below: >>> >>>> >>>> >>> without seeing your current doveconf -n output and the ldap configuration >>> file, I would guess that your users have no home directory: >>> http://wiki2.dovecot.org/VirtualUsers/Home >>> >>> >>> >>> /home/vmail/domains/domainname.edu.tr/username/... >>>> >>>> now when i used default settings for dovecot sieve >>>> >>>> sieve = ~/.dovecot.sieve >>>> sieve_dir = ~/sieve >>>> >>>> sieve script write and work globaly and stored, >>>> /home/vmail/domains/sieve >>>> >>>> i looked up Dovecot docs for per user but i don't understand clearly >>>> >>>> can i replace sieve parameters like >>>> >>>> sieve = /home/vmail/domains/..................edu.tr/%n/.dovecot.sieve >>>> sieve_dir = /home/vmail/domains/.........................edu.tr/%n/. >>>> sieve >>>> >>>> for per user scirpt. >>>> >>>> >>> Read the link above about why not store Sieve files below an user's mail >>> location. >>> >> > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBU3xtn3z1H7kL/d9rAQIu1wf/XMXuEC1O1PQssoU1uHfTM5jOHpH1KHis > yUL1z2/WV8c7engx+CNtGPxnRewC1UFKBZcHaAyXHNxQM+jsYf+NkUo4PDlKkzfi > /JIn+SGOlwZKJUYarnAJbt0CdZG7f8auvMLsoovR8iNitSAdyH5AkRt9i25YFndW > Nm0lYO1CPJzKp3CVhDS0Lxs6sSD21xsMvuauzMmS4ZpYhXXEdOf4jqNkIYdJbSHz > nBHx8sjlJaKNKO3OWs1S5T7DxlRz+VYGw1IZ1BUgpBBD3LxDIOwTLG7NNjWRG2lB > nTB+WK02fvh0T+oJORVuKmgoXG5WKvZjFOa4oVqdbbzM6V4ZJSx9Sw== > =bLQp > -----END PGP SIGNATURE----- > -- Sel?uk YAZAR http://www.selcukyazar.blogspot.com From skdovecot at smail.inf.fh-brs.de Wed May 21 12:15:47 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 21 May 2014 14:15:47 +0200 (CEST) Subject: [Dovecot] Per-user Sieve script location question In-Reply-To: References: <537c6d87.413d0f0a.5bb7.014dSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 21 May 2014, Selcuk Yazar wrote: Hi Selcuk, > i changed my 90-sieve.conf > > to > > sieve = /var/sieve-scripts/%u.sieve > sieve_dir = /home/vmail/domains/sieve/%n/.sieve Yeah, looks good. However, do you host multiple domains? In your config you differ domains: mail_location = mbox:/home/vmail/domains/%d/%u with sieve = /var/sieve-scripts/%u.sieve , too, but with sieve_dir = /home/vmail/domains/sieve/%n/.sieve you do not. http://wiki2.dovecot.org/Variables %u user full username (e.g. user at domain) %n username user part in user at domain, same as %u if there's no domain %d domain domain part in user at domain, empty if user with no domain I suppose, you should use: sieve_dir = /home/vmail/domains/sieve/%u/.sieve otherwise info at example.org and info at localhost share the same Sieve dir. BTW: Because you have an unique directory per user now anyway, why not use is that as home directory? I'm not sure, what other things use the home for. E.g. use mail_home = /home/vmail/domains/home/%d/%u and keep the home-relative paths for Sieve: ~/... > On Wed, May 21, 2014 at 12:10 PM, Steffen Kaiser < > skdovecot at smail.inf.fh-brs.de> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Wed, 21 May 2014, Selcuk Yazar wrote: >> >> my dovecot conf is >>> >>> doveconf -n >>> # 2.0.9: /etc/dovecot/dovecot.conf >>> >> [...] >> >>> mail_location = mbox:/home/vmail/domains/%d/%u >>> >> [...] >> >>> userdb { >>> args = /etc/dovecot/conf.d/dovecot-ldap.conf.ext >>> driver = ldap >>> } >>> >>> you're right we have mail_location , >>> >>> should i add mail_home value >>> >> >> That depends on if your LDAP configuration contains a (for the mailserver >> usable) home for the individual user. >> >> mail_home = /home/vmail/domains/%d/%u >>> >> >> The value shows that you did not followed my advice from the last >> response: "Read the link above about why not store Sieve files below an >> user's mail location." maybe because you missed it because you toppost. >> >> to 10-mail.conf file ? >>> >> >> never use the same dir for mail location and user's home. >> >> >> On Wed, May 21, 2014 at 11:43 AM, Steffen Kaiser < >>> skdovecot at smail.inf.fh-brs.de> wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>> >> On Wed, 21 May 2014, Selcuk Yazar wrote: >>>> >>>> our users stored OpenLdap and users home folder like below: >>>> >>>>> >>>>> >>>> without seeing your current doveconf -n output and the ldap configuration >>>> file, I would guess that your users have no home directory: >>>> http://wiki2.dovecot.org/VirtualUsers/Home >>>> >>>> >>>> >>>> /home/vmail/domains/domainname.edu.tr/username/... >>>>> >>>>> now when i used default settings for dovecot sieve >>>>> >>>>> sieve = ~/.dovecot.sieve >>>>> sieve_dir = ~/sieve >>>>> >>>>> sieve script write and work globaly and stored, >>>>> /home/vmail/domains/sieve >>>>> >>>>> i looked up Dovecot docs for per user but i don't understand clearly >>>>> >>>>> can i replace sieve parameters like >>>>> >>>>> sieve = /home/vmail/domains/..................edu.tr/%n/.dovecot.sieve >>>>> sieve_dir = /home/vmail/domains/.........................edu.tr/%n/. >>>>> sieve >>>>> >>>>> for per user scirpt. >>>>> >>>>> >>>> Read the link above about why not store Sieve files below an user's mail >>>> location. >>>> >>> >> - -- Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> >> iQEVAwUBU3xtn3z1H7kL/d9rAQIu1wf/XMXuEC1O1PQssoU1uHfTM5jOHpH1KHis >> yUL1z2/WV8c7engx+CNtGPxnRewC1UFKBZcHaAyXHNxQM+jsYf+NkUo4PDlKkzfi >> /JIn+SGOlwZKJUYarnAJbt0CdZG7f8auvMLsoovR8iNitSAdyH5AkRt9i25YFndW >> Nm0lYO1CPJzKp3CVhDS0Lxs6sSD21xsMvuauzMmS4ZpYhXXEdOf4jqNkIYdJbSHz >> nBHx8sjlJaKNKO3OWs1S5T7DxlRz+VYGw1IZ1BUgpBBD3LxDIOwTLG7NNjWRG2lB >> nTB+WK02fvh0T+oJORVuKmgoXG5WKvZjFOa4oVqdbbzM6V4ZJSx9Sw== >> =bLQp >> -----END PGP SIGNATURE----- >> > > > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3yY9Hz1H7kL/d9rAQIIpwf/bfNNbI3zCEuJs3xYq5Nl+Td2QGX0uUzk 8PA4taMNrq00W3jBtTi8J4/ZlqT+l15r5nDr6O/VSgffymi9l0JmRMRIfUyzfjBy IThSQTrbjx9t+gCJa15Q2JISYEhXC0WYDpseEZle5vFyIKxWT01FYH5cJe45n9ci LcY3QmCdrQ4JYuYPiECfOx5rFw7dvZBnS4YDLg/A/O3dUzx7BV6V+cSepAecpoom 4U5udqoWRF1pDgKywn0elB0WorEbgnyOHLSrd5uPOuQuP9aW2bcWJGSpr1/j5tQk tOYd/czhNhpPEKbzH/MJyn6mbhu4F3DGMAfuD9tweIAD25A41HgVpQ== =6w4r -----END PGP SIGNATURE----- From selcuk.yazar at gmail.com Wed May 21 13:38:00 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Wed, 21 May 2014 16:38:00 +0300 Subject: [Dovecot] Per-user Sieve script location question In-Reply-To: <537c98cc.02d20e0a.2802.45bcSMTPIN_ADDED_BROKEN@mx.google.com> References: <537c6d87.413d0f0a.5bb7.014dSMTPIN_ADDED_BROKEN@mx.google.com> <537c98cc.02d20e0a.2802.45bcSMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: Hi Again, we have one domain, i suppose we don't have any problem with %n parameter. our mail server has mapped LUN Storage disk , we have some empty space problems, so i think it's better keep user things in storage for backup etc. we have totally 40K users(most of students) but i think at most 50 of them use this filter, autorespond etc. :) thank you for your reply. Sel?uk On Wed, May 21, 2014 at 3:15 PM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 21 May 2014, Selcuk Yazar wrote: > > Hi Selcuk, > > > i changed my 90-sieve.conf >> >> to >> >> sieve = /var/sieve-scripts/%u.sieve >> sieve_dir = /home/vmail/domains/sieve/%n/.sieve >> > > Yeah, looks good. However, do you host multiple domains? In your config > you differ domains: > > mail_location = mbox:/home/vmail/domains/%d/%u > > with sieve = /var/sieve-scripts/%u.sieve , too, but > with sieve_dir = /home/vmail/domains/sieve/%n/.sieve you do not. > > http://wiki2.dovecot.org/Variables > %u user full username (e.g. user at domain) > %n username user part in user at domain, same as %u if there's no domain > %d domain domain part in user at domain, empty if user with no domain > > I suppose, you should use: > > sieve_dir = /home/vmail/domains/sieve/%u/.sieve > > otherwise info at example.org and info at localhost share the same Sieve dir. > > BTW: Because you have an unique directory per user now anyway, why not use > is that as home directory? I'm not sure, what other things use the home > for. E.g. use > > mail_home = /home/vmail/domains/home/%d/%u > > and keep the home-relative paths for Sieve: ~/... > > > On Wed, May 21, 2014 at 12:10 PM, Steffen Kaiser < >> skdovecot at smail.inf.fh-brs.de> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On Wed, 21 May 2014, Selcuk Yazar wrote: >>> >>> my dovecot conf is >>> >>>> >>>> doveconf -n >>>> # 2.0.9: /etc/dovecot/dovecot.conf >>>> >>>> [...] >>> >>> mail_location = mbox:/home/vmail/domains/%d/%u >>>> >>>> [...] >>> >>> userdb { >>>> args = /etc/dovecot/conf.d/dovecot-ldap.conf.ext >>>> driver = ldap >>>> } >>>> >>>> you're right we have mail_location , >>>> >>>> should i add mail_home value >>>> >>>> >>> That depends on if your LDAP configuration contains a (for the mailserver >>> usable) home for the individual user. >>> >>> mail_home = /home/vmail/domains/%d/%u >>> >>>> >>>> >>> The value shows that you did not followed my advice from the last >>> response: "Read the link above about why not store Sieve files below an >>> user's mail location." maybe because you missed it because you toppost. >>> >>> to 10-mail.conf file ? >>> >>>> >>>> >>> never use the same dir for mail location and user's home. >>> >>> >>> On Wed, May 21, 2014 at 11:43 AM, Steffen Kaiser < >>> >>>> skdovecot at smail.inf.fh-brs.de> wrote: >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>>> >>>>> >>>> On Wed, 21 May 2014, Selcuk Yazar wrote: >>> >>>> >>>>> our users stored OpenLdap and users home folder like below: >>>>> >>>>> >>>>>> >>>>>> without seeing your current doveconf -n output and the ldap >>>>> configuration >>>>> file, I would guess that your users have no home directory: >>>>> http://wiki2.dovecot.org/VirtualUsers/Home >>>>> >>>>> >>>>> >>>>> /home/vmail/domains/domainname.edu.tr/username/... >>>>> >>>>>> >>>>>> now when i used default settings for dovecot sieve >>>>>> >>>>>> sieve = ~/.dovecot.sieve >>>>>> sieve_dir = ~/sieve >>>>>> >>>>>> sieve script write and work globaly and stored, >>>>>> /home/vmail/domains/sieve >>>>>> >>>>>> i looked up Dovecot docs for per user but i don't understand clearly >>>>>> >>>>>> can i replace sieve parameters like >>>>>> >>>>>> sieve = /home/vmail/domains/..................edu.tr/%n/.dovecot. >>>>>> sieve >>>>>> sieve_dir = /home/vmail/domains/.........................edu.tr/%n/. >>>>>> sieve >>>>>> >>>>>> for per user scirpt. >>>>>> >>>>>> >>>>>> Read the link above about why not store Sieve files below an user's >>>>> mail >>>>> location. >>>>> >>>>> >>>> - -- Steffen Kaiser >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.11 (GNU/Linux) >>> >>> iQEVAwUBU3xtn3z1H7kL/d9rAQIu1wf/XMXuEC1O1PQssoU1uHfTM5jOHpH1KHis >>> yUL1z2/WV8c7engx+CNtGPxnRewC1UFKBZcHaAyXHNxQM+jsYf+NkUo4PDlKkzfi >>> /JIn+SGOlwZKJUYarnAJbt0CdZG7f8auvMLsoovR8iNitSAdyH5AkRt9i25YFndW >>> Nm0lYO1CPJzKp3CVhDS0Lxs6sSD21xsMvuauzMmS4ZpYhXXEdOf4jqNkIYdJbSHz >>> nBHx8sjlJaKNKO3OWs1S5T7DxlRz+VYGw1IZ1BUgpBBD3LxDIOwTLG7NNjWRG2lB >>> nTB+WK02fvh0T+oJORVuKmgoXG5WKvZjFOa4oVqdbbzM6V4ZJSx9Sw== >>> =bLQp >>> -----END PGP SIGNATURE----- >>> >>> >> >> >> >> > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBU3yY9Hz1H7kL/d9rAQIIpwf/bfNNbI3zCEuJs3xYq5Nl+Td2QGX0uUzk > 8PA4taMNrq00W3jBtTi8J4/ZlqT+l15r5nDr6O/VSgffymi9l0JmRMRIfUyzfjBy > IThSQTrbjx9t+gCJa15Q2JISYEhXC0WYDpseEZle5vFyIKxWT01FYH5cJe45n9ci > LcY3QmCdrQ4JYuYPiECfOx5rFw7dvZBnS4YDLg/A/O3dUzx7BV6V+cSepAecpoom > 4U5udqoWRF1pDgKywn0elB0WorEbgnyOHLSrd5uPOuQuP9aW2bcWJGSpr1/j5tQk > tOYd/czhNhpPEKbzH/MJyn6mbhu4F3DGMAfuD9tweIAD25A41HgVpQ== > =6w4r > -----END PGP SIGNATURE----- > -- Sel?uk YAZAR http://www.selcukyazar.blogspot.com From emmanuel.fuste at thalesgroup.com Wed May 21 14:04:21 2014 From: emmanuel.fuste at thalesgroup.com (FUSTE Emmanuel) Date: Wed, 21 May 2014 16:04:21 +0200 Subject: [Dovecot] Sieve fileinto extension and redirect action Message-ID: <27284_1400681063_537CB267_27284_2057_1_537CB265.9010505@thalesgroup.com> Hello, Is there any way to limit the use of the "redirect" action (local user only or silent ignore) as provisioned by the RFC in the Pigeonhole implementation ? The only way I found for the moment is to completely disable the fileinto extension which hardly beat the users experience. "redirect" is forbidden by my organization policy. Regards, Emmanuel. From uothrawn at yahoo.com Wed May 21 15:02:51 2014 From: uothrawn at yahoo.com (G H) Date: Wed, 21 May 2014 08:02:51 -0700 (PDT) Subject: [Dovecot] LMTP hostname ignoring ENV variables Message-ID: <1400684571.74330.YahooMailNeo@web161405.mail.bf1.yahoo.com> I am having an issue with LMTP appending the local hostname to received mail from Postfix. I either want to append localhost, a custom string, or nothing at all. Looking through the source code, I believe I should be able to set "export DOVECOT_HOSTNAME" and "export DOVECOT_HOSTDOMAIN" in my initscript to override the hostname set in lmtp/commands.c, client_get_added_headers() I'm using Centos 5; my hostname is mailtest1.atest.qq -- it is not defined in /etc/hosts. The added header is below: ??? Received: from mail.mailorxyz.de ?????? ??? by mailtest1.atest.qq (Dovecot) with LMTP id sreUK1+sfFOseQAAPYI4hw ?????? ??? for ; Wed, 21 May 2014 13:39:03 +0000 ??? Received: by mail.mailorxyz.de (Postfix, from userid 97) ?????? ??? id CC743116AB5; Wed, 21 May 2014 13:39:03 +0000 (UTC) I have the following defined in /etc/init.d/dovecot: export DOVECOT_HOSTDOMAIN=dovecot.mailorxyz.de export DOVECOT_HOSTNAME=dovecot.mailorxyz.de Am I missing something or did I misunderstand the source code? Thanks. From tlx at leuxner.net Wed May 21 15:46:39 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Wed, 21 May 2014 17:46:39 +0200 Subject: [Dovecot] LMTP hostname ignoring ENV variables In-Reply-To: <1400684571.74330.YahooMailNeo@web161405.mail.bf1.yahoo.com> References: <1400684571.74330.YahooMailNeo@web161405.mail.bf1.yahoo.com> Message-ID: <20140521154639.GA28221@nihlus.leuxner.net> * G H 2014.05.21 17:02: > ??? Received: from mail.mailorxyz.de > ?????? ??? by mailtest1.atest.qq (Dovecot) with LMTP id sreUK1+sfFOseQAAPYI4hw > ?????? ??? for ; Wed, 21 May 2014 13:39:03 +0000 > ??? Received: by mail.mailorxyz.de (Postfix, from userid 97) > ?????? ??? id CC743116AB5; Wed, 21 May 2014 13:39:03 +0000 (UTC) It can be set in 15-lda.conf: # Hostname to use in various parts of sent mails (e.g. in Message-Id) and # in LMTP replies. Default is the system's real hostname at domain. #hostname = Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From d.parthey at metaways.de Wed May 21 15:49:27 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Wed, 21 May 2014 17:49:27 +0200 Subject: [Dovecot] Sieve fileinto extension and redirect action In-Reply-To: <27284_1400681063_537CB267_27284_2057_1_537CB265.9010505@thalesgroup.com> References: <27284_1400681063_537CB267_27284_2057_1_537CB265.9010505@thalesgroup.com> Message-ID: <537CCB07.80103@metaways.de> Hi Emmanuel Am 21.05.2014 16:04, schrieb FUSTE Emmanuel: > Is there any way to limit the use of the "redirect" action (local user > only or silent ignore) as provisioned by the RFC in the Pigeonhole > implementation? > The only way I found for the moment is to completely disable the > fileinto extension which hardly beat the users experience. > "redirect" is forbidden by my organization policy. Dovecot injects redirected messages through sendmail or smtp (depending on your config). You might change the dovecot option "sendmail_path" to something different than sendmail: before: sendmail_path = /usr/sbin/sendmail after: sendmail_path = /usr/local/sbin/your-mail-handler If you are using SMTP, then have a look at dovecot option "submission_host". Kind regards Daniel -- Dipl.-Inf. Daniel Parthey System Engineer Metaways Infosystems GmbH Pickhuben 2, D-20457 Hamburg E-Mail: d.parthey at metaways.de Web: http://www.metaways.de Metaways Infosystems GmbH - Sitz: D-22967 Tremsb?ttel Handelsregister: Amtsgericht L?beck HRB 4508 AH Gesch?ftsf?hrung: Hermann Thaele, L?der-H.Thaele From emmanuel.fuste at thalesgroup.com Wed May 21 16:25:30 2014 From: emmanuel.fuste at thalesgroup.com (FUSTE Emmanuel) Date: Wed, 21 May 2014 18:25:30 +0200 Subject: [Dovecot] Sieve fileinto extension and redirect action In-Reply-To: <537CCB07.80103@metaways.de> References: <27284_1400681063_537CB267_27284_2057_1_537CB265.9010505@thalesgroup.com> <537CCB07.80103@metaways.de> Message-ID: <27284_1400689532_537CD37C_27284_7345_1_537CD37A.20807@thalesgroup.com> Le 21/05/2014 17:49, Daniel Parthey a ?crit : > Hi Emmanuel > > Am 21.05.2014 16:04, schrieb FUSTE Emmanuel: >> Is there any way to limit the use of the "redirect" action (local user >> only or silent ignore) as provisioned by the RFC in the Pigeonhole >> implementation? >> The only way I found for the moment is to completely disable the >> fileinto extension which hardly beat the users experience. >> "redirect" is forbidden by my organization policy. > Dovecot injects redirected messages through sendmail or smtp (depending on your config). > > You might change the dovecot option "sendmail_path" to something different than sendmail: > > before: > sendmail_path = /usr/sbin/sendmail > > after: > sendmail_path = /usr/local/sbin/your-mail-handler > > If you are using SMTP, then have a look at dovecot option "submission_host". > > Kind regards > Daniel Thank you Daniel. Looking at the code, it seems that it could be addressed with a config parametter: sieve_max_redirects = 0 And now looking at the config examples files, it is there ..... Regards, Emmanuel. From rs at sys4.de Wed May 21 17:00:26 2014 From: rs at sys4.de (Robert Schetterer) Date: Wed, 21 May 2014 19:00:26 +0200 Subject: [Dovecot] Sieve fileinto extension and redirect action In-Reply-To: <27284_1400681063_537CB267_27284_2057_1_537CB265.9010505@thalesgroup.com> References: <27284_1400681063_537CB267_27284_2057_1_537CB265.9010505@thalesgroup.com> Message-ID: <537CDBAA.6070708@sys4.de> Am 21.05.2014 16:04, schrieb FUSTE Emmanuel: > "redirect" is forbidden by my organization policy. if your users do edit sieve via webmail plugin only ,like in horde , squirrelmail , roundcube etc you may modify their setup or code to make it impossible to create redirect with/in sieve Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From sebastian at goodrick.ch Wed May 21 17:47:55 2014 From: sebastian at goodrick.ch (Sebastian Goodrick) Date: Wed, 21 May 2014 19:47:55 +0200 Subject: [Dovecot] TLS/SSL for Win8 & Outlook In-Reply-To: <5379000F.1050503@sys4.de> References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> <5378F610.6040102@goodrick.ch> <5379000F.1050503@sys4.de> Message-ID: <537CE6CB.6070908@goodrick.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > every "official" up2date ssl crt should work, also dont forget to > include intermediate crt/pem in your ssl dove chain I just installed the (rapid-ssl) certificate and it works now. Needless to say that I don't understand it. The old certificate worked with all other clients but win8/outlook, plus the old dovecot install worked with win8/outlook as well. Regards, Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlN85ssACgkQR7+YB0Qzbnpp7QCfWajiArksReRecfnBO+9++/pe SmkAn3W4UWmGYrVmAE4gSvEZimf5vWon =u6AH -----END PGP SIGNATURE----- From tommy at fam-berglund.eu Wed May 21 18:35:24 2014 From: tommy at fam-berglund.eu (Tommy Berglund) Date: Wed, 21 May 2014 20:35:24 +0200 Subject: [Dovecot] Dovecot pam Message-ID: <537CF1EC.7070900@fam-berglund.eu> Hello! How can I disable passdb { driver = pam } in /etc/dovecot/conf.d/auth-system.conf.ext from file /etc/dovecot/local.conf. I have postfix and dovecot set up to only use virtual users. I'd rather do all the configuration in local.conf if possible. My doveconf-n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS auth_failure_delay = 5 secs auth_mechanisms = plain login cram-md5 listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " mail_home = /var/vmail/%d/%n mail_location = mdbox:~/ managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = scheme=cram-md5 /etc/dovecot/passwd driver = passwd-file } plugin { sieve = /vmail/%d/%n/.dovecot.sieve sieve_dir = /vmail/%d/%n/sieve sieve_global_path = /vmail/dovecot/sieve/default.sieve } protocols = imap lmtp sieve service auth { executable = /usr/lib/dovecot/auth unix_listener /var/spool/postfix/private/auth-client { group = postfix mode = 0660 user = postfix } user = root } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = vmail } ssl_cert = References: <536A864C.7010500@goodrick.ch> <536A90BD.1060502@sys4.de> <536A96E9.3040102@sys4.de> <536A9B4A.1050105@goodrick.ch> <536BB80D.7090105@goodrick.ch> <536BBEA4.4010300@sys4.de> <536BC3D1.4060202@goodrick.ch> <536BD731.1010902@sys4.de> <536BDB0A.8010000@goodrick.ch> <536BE82F.6020900@sys4.de> <536BEEFA.3090708@sys4.de> <536C75D2.4030109@goodrick.ch> <536C92E0.8040107@sys4.de> <53779EDB.9050908@sys4.de> <5378F610.6040102@goodrick.ch> <5379000F.1050503@sys4.de> <537CE6CB.6070908@goodrick.ch> Message-ID: <537CFB12.5070009@sys4.de> Am 21.05.2014 19:47, schrieb Sebastian Goodrick: > >> every "official" up2date ssl crt should work, also dont forget to >> include intermediate crt/pem in your ssl dove chain > > I just installed the (rapid-ssl) certificate and it works now. > Needless to say that I don't understand it. The old certificate worked > with all other clients but win8/outlook, plus the old dovecot install > worked with win8/outlook as well. > > Regards, Sebastian > endless speculation is now possible there where some bugfixes with certificates ( windows ) but that should not impact brand new installs with full recent patch level however good to hear you got it work Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From mtrainer at cloud-free.com Thu May 22 04:09:09 2014 From: mtrainer at cloud-free.com (Murray Trainer) Date: Thu, 22 May 2014 12:09:09 +0800 Subject: [Dovecot] Dovecot ontop of glusterfs issue. In-Reply-To: <537C65D3.90008@ngtech.co.il> References: <537C65D3.90008@ngtech.co.il> Message-ID: <040901cf7573$97dd8640$c79892c0$@cloud-free.com> Hi Eliezer, We had the same errors a few weeks ago. Turned out the time on our NFS server was out by over 30 secs as NTP wasn't setup correctly . Looks like the time on one of yours is out by about 250 secs (361-105). Murray -----Original Message----- From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Eliezer Croitoru Sent: Wednesday, 21 May 2014 4:38 PM To: dovecot at dovecot.org Subject: [Dovecot] Dovecot ontop of glusterfs issue. Hey, I am testing Glusterfs as a storage backend for dovecot as a LDA and imap server. I have seen similar lines in the logs to these: May 21 10:46:01 mailgw dovecot: imap(eliezer at ngtech.co.il): Warning: Created dotlock file's timestamp is different than current time (1400658105 vs 1400658361): /home/vmail/ngtech.co.il/eliezer/Maildir/.Mailing_lists.ceph_users/dovecot-u idlist May 21 10:46:01 mailgw dovecot: imap(eliezer at ngtech.co.il): Error: Transaction log /home/vmail/ngtech.co.il/eliezer/Maildir/dovecot.index.log: duplicate transaction log sequence (2713) The volume is mounted only by one server with ubutntu 14.04. I have seen threads and posts about similar issue with nfs. I want to try to debug the issue but note that with the same settings of the server nfs worked fine but slower. dovecot -n output: http://pastebin.centos.org/9626/ The glusterfs is a replicated volume constructed of two bricks which is mounted only on one dovecot server. All three servers are using the same ntp pool and are synced. Any direction is better then the state I am now. Thanks, Eliezer From tanaka at designet.co.jp Thu May 22 05:28:25 2014 From: tanaka at designet.co.jp (Atsuko Tanaka) Date: Thu, 22 May 2014 14:28:25 +0900 Subject: [Dovecot] When the subject portion of an e-mail contains a control character, dovecot.sieve terminates unexpectatedly. In-Reply-To: <536356F2.2050903@designet.co.jp> References: <536356F2.2050903@designet.co.jp> Message-ID: <537D8AF9.5040100@designet.co.jp> We were able to solve the problem, "When a control character is included in the subject of an e-mail, dovecot exits with a fatal error" using the following information: 1. We added the following field to the sieve setting file: /etc/dovecot/conf.d/90-sieve.conf --------------------------------------------------------------------- sieve_editheader_rfc2822_check = yes --------------------------------------------------------------------- This is a switch for whether or not to check if a file is RFC2822 or not. When it's set to yes, it works the exact same as before changes were made. The default is yes. 2. When the sieve_editheader_rfc2822_check setting is set to no, we make sure not to check for RFC2822. Version: dovecot-2.2-pigeonhole-0.4.2 The patch is listed as below: --------------------------------------------------------------------- diff -Nur dovecot-2.2-pigeonhole-0.4.2_org/src/lib-sieve/plugins/editheader/cmd-addheader.c dovecot-2.2-pigeonhole-0.4.2/src/lib-sieve/plugins/editheader/cmd-addheader.c --- dovecot-2.2-pigeonhole-0.4.2_org/src/lib-sieve/plugins/editheader/cmd-addheader.c 2014-05-14 15:17:52.586774630 +0900 +++ dovecot-2.2-pigeonhole-0.4.2/src/lib-sieve/plugins/editheader/cmd-addheader.c 2014-05-14 15:22:12.536780572 +0900 @@ -281,7 +281,8 @@ return SIEVE_EXEC_OK; } - if ( !rfc2822_header_field_body_verify + if ( this_ext->svinst->chk_rfc2822 == TRUE && + !rfc2822_header_field_body_verify (str_c(value), str_len(value), TRUE, TRUE) ) { sieve_runtime_error(renv, NULL, "addheader action: " "specified value `%s' is invalid", diff -Nur dovecot-2.2-pigeonhole-0.4.2_org/src/lib-sieve/sieve-common.h dovecot-2.2-pigeonhole-0.4.2/src/lib-sieve/sieve-common.h --- dovecot-2.2-pigeonhole-0.4.2_org/src/lib-sieve/sieve-common.h 2014-05-14 15:17:52.593774606 +0900 +++ dovecot-2.2-pigeonhole-0.4.2/src/lib-sieve/sieve-common.h 2014-05-14 15:23:57.584775286 +0900 @@ -189,6 +189,9 @@ size_t max_script_size; unsigned int max_actions; unsigned int max_redirects; + + /* Check */ + bool chk_rfc2822; }; #endif /* __SIEVE_COMMON_H */ diff -Nur dovecot-2.2-pigeonhole-0.4.2_org/src/lib-sieve/sieve.c dovecot-2.2-pigeonhole-0.4.2/src/lib-sieve/sieve.c --- dovecot-2.2-pigeonhole-0.4.2_org/src/lib-sieve/sieve.c 2014-05-14 15:17:52.583774672 +0900 +++ dovecot-2.2-pigeonhole-0.4.2/src/lib-sieve/sieve.c 2014-05-14 15:19:39.628771207 +0900 @@ -51,6 +51,7 @@ size_t size_setting; const char *domain; pool_t pool; + bool bool_setting; /* Create Sieve engine instance */ pool = pool_alloconly_create("sieve", 8192); @@ -118,6 +119,15 @@ svinst->max_redirects = (unsigned int) uint_setting; } + /* Check RFC2822 from configuration */ + + svinst->chk_rfc2822 = TRUE; + + if (sieve_setting_get_bool_value + (svinst, "sieve_editheader_rfc2822_check", &bool_setting) ) { + svinst->chk_rfc2822 = bool_setting; + } + /* Initialize extensions */ if ( !sieve_extensions_init(svinst) ) { sieve_deinit(&svinst); --------------------------------------------------------------------- > 1) When an e-mail's subject contains control characters like > [Ctrl+V|^V], dovecot.sieve terminates with an error and an e-mail is not > able to be sent. When a MIME encoded Subject like [????^V????] is sent > we're not able to edit the subject and dovecot ends with an error. > > This is a sample of the data that was used in testing. > Subject: =?ISO-2022-JP?B?GyRCI1QjRSNTI1QbKEIWGyRCI00jQSNJI0wbKEI=?= > X-Spam-Score: 100.00% > ? > Subject: =?ISO-2022-JP?B?GyRCI1QjRSNTI1QbKEIWGyRCI00jQSNJI0wbKEI=?= > X-Spam-Score: 100.00% > > This is the log generated by the data above. > ---------------------------------------------------------------------- > sieve: info: started log at May 02 10:46:22. > main script: line 14: error: addheader action: specified value `[SPAM] > ???????' is invalid. > ---------------------------------------------------------------------- > > Aside from [Ctrl + V] the following control charcters also cause errors: > backspace > Ctrl + A > Ctrl + C > Ctrl + [ > Ctrl + X > Ctrl + Y Atsuko Tanaka From dmitry at rutelecom.company Thu May 22 06:45:10 2014 From: dmitry at rutelecom.company (Dmitry Podkovyrkin) Date: Thu, 22 May 2014 12:45:10 +0600 Subject: [Dovecot] Copies of outgoing emails in the Sent folder Message-ID: <537D9CF6.5060907@rutelecom.company> Hi! My mail server works in tandem: Dovecot (IMAP) + Postfix. How can I configure in Gmail: Outgoing email copied to the Sent folder using postfix without mail client? This question is for the mailing list for Postfix? Mail client itself copies outgoing messages in the folder Sent, but the messages are large, and the server is far away. And to transmit email twice for sending and copying is not effective. Sorry for my English ). -- Regards Dmitry Podkovyrkin mobile: +7 922 20 56 756 email: dmirty at rutelecom.company skype: dmitryrw From stephan at rename-it.nl Thu May 22 06:49:18 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 22 May 2014 08:49:18 +0200 Subject: [Dovecot] When the subject portion of an e-mail contains a control character, dovecot.sieve terminates unexpectatedly. In-Reply-To: <537D8AF9.5040100@designet.co.jp> References: <536356F2.2050903@designet.co.jp> <537D8AF9.5040100@designet.co.jp> Message-ID: <537D9DEE.60805@rename-it.nl> On 5/22/2014 7:28 AM, Atsuko Tanaka wrote: > We were able to solve the problem, > "When a control character is included in the subject of an e-mail, > dovecot exits with a fatal error" using the following information: Did you try the latest versions? We made a few changes that should resolve this already. Regards, Stephan. From skdovecot at smail.inf.fh-brs.de Thu May 22 07:12:24 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 22 May 2014 09:12:24 +0200 (CEST) Subject: [Dovecot] Dovecot pam In-Reply-To: <537CF1EC.7070900@fam-berglund.eu> References: <537CF1EC.7070900@fam-berglund.eu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 21 May 2014, Tommy Berglund wrote: > How can I disable passdb { driver = pam } > in /etc/dovecot/conf.d/auth-system.conf.ext > from file /etc/dovecot/local.conf. > > I have postfix and dovecot set up to only use virtual users. > I'd rather do all the configuration in local.conf if possible. > > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS [...] > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > } > passdb { > args = scheme=cram-md5 /etc/dovecot/passwd > driver = passwd-file > } > plugin { > sieve = /vmail/%d/%n/.dovecot.sieve > sieve_dir = /vmail/%d/%n/sieve > sieve_global_path = /vmail/dovecot/sieve/default.sieve > } I don't see any passdb { pam } there. Did you reloaded Dovecot? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU32jWHz1H7kL/d9rAQJ7VQf+I3y2s4OYncXeKYpXDfjqdCUHQOZ6bcR1 WTPNpExxyQpLyvOpGFO74pNFJNEVNn/cfV7BmuFl6+68CHauvgoQZt5Ghngl6Lgk m6XyPj2JOUkA8Sfhk/DK/o4Y3jzY5SHoHDrh7+SJ5cYawJVTYnSzWMtZD2RFW+5q tMvAwvBPu7F5TtBr5NIc8cOgr218HNXWLN7Ta/e64Uru/mVJr/+2JYtabcVTFfsG Nvp+Ii6/kcYmw3IDRyaoTJd0bzB8MAQkjodpMGqZpvlgvltpbmTj5R67v9SUgfGk nV6jQ/To9wQT+02fWejlPTMI7Az3zbd1ncFb5vQA7P/Hm1iKMCbKOw== =Rvkv -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Thu May 22 07:18:04 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 22 May 2014 09:18:04 +0200 (CEST) Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <537D9CF6.5060907@rutelecom.company> References: <537D9CF6.5060907@rutelecom.company> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 22 May 2014, Dmitry Podkovyrkin wrote: > My mail server works in tandem: Dovecot (IMAP) + Postfix. > How can I configure in Gmail: Outgoing email copied to the Sent folder using > postfix without mail client? This question is for the mailing list for > Postfix? > Mail client itself copies outgoing messages in the folder Sent, but the > messages are large, and the server is far away. And to transmit email twice > for sending and copying is not effective. Either add a BCC to each message in the mail client or in postfix. Then have that BCC mail address delivered into the user's Sent mailbox. For this, you could use sub- or plus-addressing, e.g. user+Sent at example.org, or add yet another mail alias, that Sieve is "fileinto Sent" , or ... . - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU32krHz1H7kL/d9rAQLcGQgAyuFXbMrkn8/UNpX2MtX2AL8ZVNmVRHEf O179saZLicxKROah5Wimh4n704+3YTHJelULNGu2kf9+rbA1xu6fFpTtKqH/d+5J NXl5L7Pa/avNRllM9o3a/U5bnhOC15GpgqLt6swKddDJwwx5/Bbs+O2VVM5jq2tP hhBAVf9ngwETVBonMvbPQ2uRU3Mc3R5KX48vJrJwAbJ1LvWtaEAppNfGvhYknaxW N2chOVdlgl2FUD7JUq75RFxl77QxcxLfrkSk1E/shmdWO7J/q/uYPjtDmtCWeZkW 6VbUeYKmrO9kSFOfBc5KCjFZ72tvQqWB/GOJqrvyBl0jRPMSjyhs/g== =uHQf -----END PGP SIGNATURE----- From dmitry at rutelecom.company Thu May 22 07:21:28 2014 From: dmitry at rutelecom.company (Dmitry Podkovyrkin) Date: Thu, 22 May 2014 13:21:28 +0600 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: References: <537D9CF6.5060907@rutelecom.company> Message-ID: <537DA578.60900@rutelecom.company> Yes, it is a solution to this problem. But for a single user. And how can you do it for the entire server? 22.05.2014 13:18, Steffen Kaiser ?????: > > On Thu, 22 May 2014, Dmitry Podkovyrkin wrote: > >> My mail server works in tandem: Dovecot (IMAP) + Postfix. >> How can I configure in Gmail: Outgoing email copied to the Sent >> folder using postfix without mail client? This question is for the >> mailing list for Postfix? >> Mail client itself copies outgoing messages in the folder Sent, but >> the messages are large, and the server is far away. And to transmit >> email twice for sending and copying is not effective. > > Either add a BCC to each message in the mail client or in postfix. > > Then have that BCC mail address delivered into the user's Sent > mailbox. For this, you could use sub- or plus-addressing, e.g. > user+Sent at example.org, or add yet another mail alias, that Sieve is > "fileinto Sent" , or ... . > -- Regards Dmitry Podkovyrkin mobile: +7 922 20 56 756 email: dmirty at rutelecom.company skype: dmitryrw From stephan at rename-it.nl Thu May 22 07:22:35 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 22 May 2014 09:22:35 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <537D9CF6.5060907@rutelecom.company> References: <537D9CF6.5060907@rutelecom.company> Message-ID: <537DA5BB.7010207@rename-it.nl> On 5/22/2014 8:45 AM, Dmitry Podkovyrkin wrote: > Hi! > > My mail server works in tandem: Dovecot (IMAP) + Postfix. > How can I configure in Gmail: Outgoing email copied to the Sent folder > using postfix without mail client? This question is for the mailing > list for Postfix? > Mail client itself copies outgoing messages in the folder Sent, but > the messages are large, and the server is far away. And to transmit > email twice for sending and copying is not effective. Some earlier discussions: http://postfix.1071664.n5.nabble.com/Saving-to-Sent-folder-td38182.html http://www.dovecot.org/list/dovecot/2010-March/047272.html http://www.dovecot.org/list/dovecot/2013-May/090288.html Regards, Stephan. From eliezer at ngtech.co.il Thu May 22 10:48:23 2014 From: eliezer at ngtech.co.il (Eliezer Croitoru) Date: Thu, 22 May 2014 13:48:23 +0300 Subject: [Dovecot] Dovecot ontop of glusterfs issue. In-Reply-To: <040901cf7573$97dd8640$c79892c0$@cloud-free.com> References: <537C65D3.90008@ngtech.co.il> <040901cf7573$97dd8640$c79892c0$@cloud-free.com> Message-ID: <537DD5F7.3080202@ngtech.co.il> Well manually using a crontab with ntpdate to a pool of servers should be good enough right? Eliezer On 05/22/2014 07:09 AM, Murray Trainer wrote: > Hi Eliezer, > > We had the same errors a few weeks ago. Turned out the time on our NFS > server was out by over 30 secs as NTP wasn't setup correctly . Looks like > the time on one of yours is out by about 250 secs (361-105). > > Murray From harlan at pfcs.com Thu May 22 10:56:34 2014 From: harlan at pfcs.com (Harlan Stenn) Date: Thu, 22 May 2014 03:56:34 -0700 Subject: [Dovecot] Dovecot ontop of glusterfs issue. In-Reply-To: <537DD5F7.3080202@ngtech.co.il> References: <537C65D3.90008@ngtech.co.il> <040901cf7573$97dd8640$c79892c0$@cloud-free.com> <537DD5F7.3080202@ngtech.co.il> Message-ID: <537DD7E2.4090608@pfcs.com> On 5/22/14 3:48 AM, Eliezer Croitoru wrote: > Well manually using a crontab with ntpdate to a pool of servers should > be good enough right? Is there a good reason you're not just running ntpd? Ntpdate has had a number of bugs in it for a long time, they will never be fixed, and ntpdate really isn't designed for what you seem to be doing. -- Harlan Stenn http://nwtime.org - Be a member! From tommy at fam-berglund.eu Thu May 22 11:08:24 2014 From: tommy at fam-berglund.eu (Tommy Berglund) Date: Thu, 22 May 2014 13:08:24 +0200 Subject: [Dovecot] Dovecot pam In-Reply-To: References: <537CF1EC.7070900@fam-berglund.eu> Message-ID: <537DDAA8.3000105@fam-berglund.eu> On Wed, 21 May 2014, Tommy Berglund wrote: > >> How can I disable passdb { driver = pam } >> in /etc/dovecot/conf.d/auth-system.conf.ext >> from file /etc/dovecot/local.conf. >> >> I have postfix and dovecot set up to only use virtual users. >> I'd rather do all the configuration in local.conf if possible. >> >> # 2.2.9: /etc/dovecot/dovecot.conf >> # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS > [...] >> mailbox Trash { >> auto = subscribe >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> args = scheme=cram-md5 /etc/dovecot/passwd >> driver = passwd-file >> } >> plugin { >> sieve = /vmail/%d/%n/.dovecot.sieve >> sieve_dir = /vmail/%d/%n/sieve >> sieve_global_path = /vmail/dovecot/sieve/default.sieve >> } > > I don't see any passdb { pam } there. > Did you reloaded Dovecot? > No, because I have commented out "passdb {driver = pam} " in the file "/etc/dovecot/conf.d/auth-system.conf.ext" What I want is to avoid having to make changes to dovecot original files, just have all the self-configuration in local.config. I have no real users only virtual users, I do not need to check users against pam. Best regards Tommy From mailinglist at darac.org.uk Thu May 22 11:30:27 2014 From: mailinglist at darac.org.uk (Darac Marjal) Date: Thu, 22 May 2014 12:30:27 +0100 Subject: [Dovecot] Dovecot ontop of glusterfs issue. In-Reply-To: <537DD5F7.3080202@ngtech.co.il> References: <537C65D3.90008@ngtech.co.il> <040901cf7573$97dd8640$c79892c0$@cloud-free.com> <537DD5F7.3080202@ngtech.co.il> Message-ID: <20140522113027.GA8520@darac.org.uk> On Thu, May 22, 2014 at 01:48:23PM +0300, Eliezer Croitoru wrote: > Well manually using a crontab with ntpdate to a pool of servers should be > good enough right? Not really. NTPdate steps the clock forward or backwards instantaneously. Depending on how bad your system clock is, that could be a jump of several seconds. Now, which came first? This midnight or that midnight? NTPd, on the other hand, delicately adjusts the clock frequency so that the clock drifts back into synchronisation. So your seconds might be 0.01% shorter than real, but they still all happen in the right sequence. ntpdate is really only any good being run once (at boot), for example if you have a clock that can't keep time while the system is off. > > Eliezer > > On 05/22/2014 07:09 AM, Murray Trainer wrote: > >Hi Eliezer, > > > >We had the same errors a few weeks ago. Turned out the time on our NFS > >server was out by over 30 secs as NTP wasn't setup correctly . Looks like > >the time on one of yours is out by about 250 secs (361-105). > > > >Murray -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From harlan at pfcs.com Thu May 22 11:36:11 2014 From: harlan at pfcs.com (Harlan Stenn) Date: Thu, 22 May 2014 04:36:11 -0700 Subject: [Dovecot] Dovecot ontop of glusterfs issue. In-Reply-To: <20140522113027.GA8520@darac.org.uk> References: <537C65D3.90008@ngtech.co.il> <040901cf7573$97dd8640$c79892c0$@cloud-free.com> <537DD5F7.3080202@ngtech.co.il> <20140522113027.GA8520@darac.org.uk> Message-ID: <537DE12B.2020203@pfcs.com> On 5/22/14 4:30 AM, Darac Marjal wrote: > ntpdate is really only any good being run once (at boot), for example if > you have a clock that can't keep time while the system is off. I'm not aware of any cases where one needs to run ntpdate at startup before running ntpd, because one can run 'ntpd -g' at startup which will correct a very large offset. If I'm wrong I'd love to hear about it. This should be true for ntp-stable (4.2.6) and behaves even better for ntp-dev (4.2.7). H From dovecot.org at veggiechinese.net Thu May 22 21:56:28 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Thu, 22 May 2014 14:56:28 -0700 Subject: [Dovecot] director with same director / backend servers Message-ID: <20140522215628.GB59525@aura.veggiechinese.net> I know this has been covered somewhat, but I'm still not totally clear. I'm trying to setup a 3 node cluster with 3 directors and 3 backend systems. This post (from 2012) suggests that proxy_maybe should work with director: http://www.dovecot.org/list/dovecot/2012-December/069806.html However, these two posts (from 2013) seem to say that it will not: http://dovecot.org/pipermail/dovecot/2013-November/093776.html http://dovecot.org/pipermail/dovecot/2013-November/093809.html When I try to just set =proxy_maybe=y in my LDAP config's pass_attrs, and not have an explicit 'director' listener for pop3-login / imap-login, it complains about lack of a host. May 22 14:28:08 XXXX dovecot: pop3-login: Error: proxy: host not given: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Guessing the answer is "no", but is there any way (with v 2.x) to have one regular "listener" for imap / pop3, and one "director" listener for each as well, using the same instance of Dovecot? Has anyone gotten this to work successfully? I'm using LDAP, and do not want to explicitly specify a host for each username, I just want director to balance users across the 3 hosts. Obviously, I can just create two instances, but not only does this make the config more convoluted (especially following the convention of having the config files broken out into a bunch of files), but means I have to modify the default init script to really do it cleanly (something we were doing on the older iteration of this system that I had really been hoping to avoid). I'm assuming it's not possible to simply have the listeners for 'foo-login' execute something different depending on the port? I tried a couple different ways of configuring this, but it didn't seem to work. Dovecot is version 2.0.9 from RHEL 6. w From eliezer at ngtech.co.il Fri May 23 08:31:17 2014 From: eliezer at ngtech.co.il (Eliezer Croitoru) Date: Fri, 23 May 2014 11:31:17 +0300 Subject: [Dovecot] Dovecot ontop of glusterfs issue. In-Reply-To: <537DD7E2.4090608@pfcs.com> References: <537C65D3.90008@ngtech.co.il> <040901cf7573$97dd8640$c79892c0$@cloud-free.com> <537DD5F7.3080202@ngtech.co.il> <537DD7E2.4090608@pfcs.com> Message-ID: <537F0755.8050101@ngtech.co.il> On 05/22/2014 01:56 PM, Harlan Stenn wrote: > Is there a good reason you're not just running ntpd? > > Ntpdate has had a number of bugs in it for a long time, they will never OK so after searching the issue it seems like: I have installed the ntp on all of the servers and due to a faliure in one of the servers it seems like the ntp was not present. This caused only one node of the glusterfs to be out of sync and only some file access transactions which came from the not-synced server were delivered with the wrong timestamp. So it was a fault but only on one node only made it weird to find and identify. In the ls it was showing one clock time and while the file was fetched it got another timestamp. Thanks, Eliezer From gilles.chauvin at univ-rouen.fr Fri May 23 08:47:18 2014 From: gilles.chauvin at univ-rouen.fr (Gilles Chauvin) Date: Fri, 23 May 2014 10:47:18 +0200 Subject: [Dovecot] Mail logger plugin, improvement request Message-ID: <537F0B16.1010209@univ-rouen.fr> Hi Timo, Would it be possible for the mail logger plugin to also log the imap MOVE events (RFC6851) ? Thanks. Regards, Gilles. From alanm at sics.se Fri May 23 08:48:13 2014 From: alanm at sics.se (Alan McGinlay) Date: Fri, 23 May 2014 10:48:13 +0200 Subject: [Dovecot] dsync incredibly slow Message-ID: <940019d495783159b444afbd9580af36@sics.se> Hi! While performing a dsync from cyrus imap to dovecot 2.2.12, dsync seems to stop for perhaps a minute without disk / cpu / memory activity (that I can see). This happens several times per sync per user so it takes an enormous amount of time to sync just a couple of gigs of mail. dsync -D -v -o mail_fsync=never mirror -f -R -u user at example.com imapc: What could possibly be the cause of this slowness? Is it protocol dependent or just dsync it's self? Thanks! From marcin at mejor.pl Fri May 23 09:24:44 2014 From: marcin at mejor.pl (=?UTF-8?B?TWFyY2luIE1pcm9zxYJhdw==?=) Date: Fri, 23 May 2014 11:24:44 +0200 Subject: [Dovecot] dsync incredibly slow In-Reply-To: <940019d495783159b444afbd9580af36@sics.se> References: <940019d495783159b444afbd9580af36@sics.se> Message-ID: <537F13DC.4000805@mejor.pl> W dniu 23.05.2014 10:48, Alan McGinlay pisze: > Hi! > > While performing a dsync from cyrus imap to dovecot 2.2.12, dsync seems > to stop for perhaps a minute without disk / cpu / memory activity (that > I can see). This happens several times per sync per user so it takes an > enormous amount of time to sync just a couple of gigs of mail. > > dsync -D -v -o mail_fsync=never mirror -f -R -u user at example.com imapc: > > What could possibly be the cause of this slowness? Is it protocol > dependent or just dsync it's self? Hi! "Use the strace, Luke";) Use `strace -f -tt -T -s 512 dsync ...." and look what dsync does (when does nothing;)) From leo at strike.wu.ac.at Fri May 23 09:54:32 2014 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Fri, 23 May 2014 11:54:32 +0200 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <536B5568.80108@strike.wu.ac.at> References: <536A99B4.1010109@strike.wu.ac.at> <536B5209.5020309@Media-Brokers.com> <536B5568.80108@strike.wu.ac.at> Message-ID: <537F1AD8.7080608@strike.wu.ac.at> On 05/08/2014 11:59 AM, Alexander 'Leo' Bergolth wrote: > On 05/08/2014 11:44 AM, Charles Marcus wrote: >> On 5/7/2014 4:38 PM, Alexander 'Leo' Bergolth wrote: >>> I am getting "Cached message size smaller than expected" errors since >>> dovecot-2.1.x. >> > I tried dovecot 2.2.7, 2.2.10 and 2.2.12. All of them produce tha same > errors. ("Cached message size smaller than expected", sometimes followed > by "read... Invalid argument".) This really drives me to despair! :-( Timo please help! I also tried dovecot-2.2.13 and even downgraded to dovecot-2.1.17 now. (Did a doveadm -v force-resync -u $user "*" for all users after changing versions.) I can also see somehow similar problems on another box that uses (the rather old) dovecot 2.1.1. I tried to add dotlock to mbox_write_locks since according to the source, the LDA (maildrop) seems to try dotlock before fcntl. I also changed fcntl to dotlock for locking index files. (lock_method = dotlock) The only processes that access a users mailboxes are dovecot (imap and pop) and maildrop (LDA). The only non-standard setup I can identify is that I am using an imap-postlogin script that dynamically adds some additional namespaces via environment variables for some users that have access to shared mailboxes. But I doubt wether this can have an influence on the index.cache errors. I'd greatly appreciate your help! Thanks, --leo maillogs,dovecot config and additional information can be found at: http://leo.kloburg.at/tmp/dovecot-index/ 2.2.13 Errors: -------------------- 8< -------------------- May 19 05:51:15 samba dovecot: imap(USER1): Error: Cached message size smaller than expected (75357 < 75358) May 19 05:51:15 samba dovecot: imap(USER1): Error: Corrupted index cache file /home/USER1/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 70929 May 19 05:51:15 samba dovecot: imap(USER1): Error: copy: i_stream_read() failed: Invalid argument May 19 05:51:15 samba dovecot: imap(USER1): Error: mail parser: read(/var/mail/USER1, box=Trash) failed: Invalid argument May 19 07:23:59 samba dovecot: imap(USER2): Error: Cached message size smaller than expected (75357 < 75358) May 19 07:23:59 samba dovecot: imap(USER2): Error: Corrupted index cache file /home/USER2/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 18322 May 19 07:23:59 samba dovecot: imap(USER2): Error: read(/var/mail/USER2) failed: Cached message size smaller than expected (75357 < 75358) (FETCH BODY[] for mailbox INBOX UID 18322) May 19 07:48:11 samba dovecot: imap(USER3): Error: Cached message size smaller than expected (13510 < 13511) May 19 07:48:11 samba dovecot: imap(USER3): Error: Corrupted index cache file /home/USER3/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 952 May 19 07:48:11 samba dovecot: imap(USER3): Error: read(/var/mail/USER3) failed: Cached message size smaller than expected (13510 < 13511) (FETCH BODY[2] for mailbox INBOX UID 952) May 19 07:58:45 samba dovecot: imap(USER4): Error: Cached message size smaller than expected (1892192 < 1892193) May 19 07:58:45 samba dovecot: imap(USER4): Error: Corrupted index cache file /home/USER4/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 20561 May 19 07:58:45 samba dovecot: imap(USER4): Error: copy: i_stream_read() failed: Invalid argument May 19 07:58:45 samba dovecot: imap(USER4): Error: mail parser: read(/var/mail/USER4, box=Stab) failed: Invalid argument May 19 08:58:44 samba dovecot: imap(USER1): Error: Cached message size smaller than expected (185239 < 185240) May 19 08:58:44 samba dovecot: imap(USER1): Error: Corrupted index cache file /home/USER1/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 70934 May 19 08:58:44 samba dovecot: imap(USER1): Error: read(/var/mail/USER1) failed: Cached message size smaller than expected (185239 < 185240) (FETCH BODY[] for mailbox INBOX UID 70934) May 19 09:00:00 samba dovecot: imap(USER2): Error: Cached message size smaller than expected (185239 < 185240) May 19 09:00:00 samba dovecot: imap(USER2): Error: Corrupted index cache file /home/USER2/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 18324 May 19 09:00:00 samba dovecot: imap(USER2): Error: copy: i_stream_read() failed: Invalid argument May 19 09:00:00 samba dovecot: imap(USER2): Error: mail parser: read(/var/mail/USER2, box=Trash) failed: Invalid argument May 19 09:56:47 samba dovecot: imap(USER1): Error: Cached message size smaller than expected (1829385 < 1829386) May 19 09:56:47 samba dovecot: imap(USER1): Error: Corrupted index cache file /home/USER1/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 70938 May 19 09:56:47 samba dovecot: imap(USER1): Error: copy: i_stream_read() failed: Invalid argument May 19 09:56:47 samba dovecot: imap(USER1): Error: mail parser: read(/var/mail/USER1, box=Trash) failed: Invalid argument May 19 10:11:48 samba dovecot: imap(USER5): Error: Cached message size smaller than expected (75357 < 75358) May 19 10:11:48 samba dovecot: imap(USER5): Error: Corrupted index cache file /home/USER5/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 24136 May 19 10:11:48 samba dovecot: imap(USER5): Error: read(/var/mail/USER5) failed: Cached message size smaller than expected (75357 < 75358) (FETCH BODY[] for mailbox INBOX UID 24136) -------------------- 8< -------------------- 2.1.17 Errors: -------------------- 8< -------------------- May 22 12:36:29 samba dovecot: imap(USER1): Error: Cached message size smaller than expected (63266 < 63267) May 22 12:36:29 samba dovecot: imap(USER1): Error: Corrupted index cache file /home/USER1/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 71075 May 22 12:38:01 samba dovecot: imap(USER2): Error: Cached message size smaller than expected (221845 < 221846) May 22 12:38:01 samba dovecot: imap(USER2): Error: Corrupted index cache file /home/USER2/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 2871 May 22 12:38:01 samba dovecot: imap(USER2): Error: read(/var/mail/USER2) failed: Input/output error (FETCH for mailbox INBOX UID 2871) May 22 12:38:02 samba dovecot: imap(USER2): Error: Cached message size smaller than expected (221845 < 221846) May 22 12:38:02 samba dovecot: imap(USER2): Error: Corrupted index cache file /home/USER2/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 2871 May 22 12:56:02 samba dovecot: imap(USER3): Error: Cached message size smaller than expected (57091 < 57092) May 22 12:56:02 samba dovecot: imap(USER3): Error: Corrupted index cache file /home/USER3/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 18358 May 22 12:56:02 samba dovecot: imap(USER3): Error: read(/var/mail/USER3) failed: Input/output error (FETCH for mailbox INBOX UID 18358) May 22 12:56:11 samba dovecot: imap(USER3): Error: Cached message size smaller than expected (57091 < 57092) May 22 12:56:11 samba dovecot: imap(USER3): Error: Corrupted index cache file /home/USER3/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 18358 May 22 12:56:11 samba dovecot: imap(USER3): Error: read(/var/mail/USER3) failed: Input/output error (FETCH for mailbox INBOX UID 18358) May 22 13:21:26 samba dovecot: imap(USER4): Error: Cached message size smaller than expected (57091 < 57092) May 22 13:21:26 samba dovecot: imap(USER4): Error: Corrupted index cache file /home/USER4/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 11275 May 22 13:21:26 samba dovecot: imap(USER4): Error: read(/var/mail/USER4) failed: Input/output error (FETCH for mailbox INBOX UID 11275) May 22 14:03:02 samba dovecot: imap(USER5): Error: Cached message size smaller than expected (16034 < 16035) May 22 14:03:02 samba dovecot: imap(USER5): Error: Corrupted index cache file /home/USER5/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 11394 May 22 14:03:02 samba dovecot: imap(USER5): Error: read(/var/mail/USER5) failed: Input/output error (uid=11394) May 22 14:35:49 samba dovecot: imap(USER6): Error: Cached message size smaller than expected (10925 < 10926) May 22 14:35:49 samba dovecot: imap(USER6): Error: Corrupted index cache file /home/USER6/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 23149 May 22 14:43:08 samba dovecot: imap(USER1): Error: Cached message size smaller than expected (616708 < 616709) May 22 14:43:08 samba dovecot: imap(USER1): Error: Corrupted index cache file /home/USER1/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 71078 May 22 14:43:08 samba dovecot: imap(USER1): Error: read(/var/mail/USER1) failed: Input/output error (FETCH for mailbox INBOX UID 71078) May 22 14:51:52 samba dovecot: imap(USER5): Error: Cached message size smaller than expected (10924 < 10925) May 22 14:51:52 samba dovecot: imap(USER5): Error: Corrupted index cache file /home/USER5/mail/.imap/INBOX/dovecot.index.cache: Broken physical size for mail UID 11499 May 22 14:51:52 samba dovecot: imap(USER5): Error: read(/var/mail/USER5) failed: Input/output error (uid=11499) -------------------- 8< -------------------- 2.1.1 on another box: -------------------- 8< -------------------- Mar 4 20:32:44 strike dovecot: imap(USER1): Error: Log synchronization error at seq=1,offset=2656 for /home/USER1/mail/.imap/Drafts/dovecot.index: Extension header update points outside header size Mar 4 20:32:44 strike dovecot: imap(USER1): Error: Log synchronization error at seq=1,offset=2744 for /home/USER1/mail/.imap/Drafts/dovecot.index: Extension header update points outside header size Mar 4 20:32:44 strike dovecot: imap(USER1): Error: Log synchronization error at seq=1,offset=2832 for /home/USER1/mail/.imap/Drafts/dovecot.index: Extension header update points outside header size Mar 10 07:27:00 strike dovecot: imap(USER2): Error: Cached message size larger than expected (10369 > 10337) Mar 10 07:27:00 strike dovecot: imap(USER2): Error: Corrupted index cache file /home/USER2/mail/.imap/Sent/dovecot.index.cache: Broken physical size for mail UID 606 Mar 10 07:27:00 strike dovecot: imap(USER2): Error: read(/home/USER2/mail/Sent) failed: Input/output error (FETCH for mailbox Sent UID 606) Mar 11 10:45:21 strike dovecot: imap(USER3): Error: Cached message size larger than expected (1066719 > 1065140) Mar 11 10:45:21 strike dovecot: imap(USER3): Error: Corrupted index cache file /home/USER3/mail/.imap/Drafts/dovecot.index.cache: Broken physical size for mail UID 458 Mar 11 10:45:21 strike dovecot: imap(USER3): Error: Cached message size larger than expected (1066719 > 1065140) Mar 11 10:45:21 strike dovecot: imap(USER3): Error: Corrupted index cache file /home/USER3/mail/.imap/Drafts/dovecot.index.cache: Broken physical size for mail UID 458 Mar 11 10:45:21 strike dovecot: imap(USER3): Error: copy: i_stream_read() failed: Input/output error Mar 17 19:47:29 strike dovecot: imap(USER4): Error: Cached message size larger than expected (4093 > 3364) Mar 17 19:47:29 strike dovecot: imap(USER4): Error: Corrupted index cache file /home/USER4/mail/.imap/Drafts/dovecot.index.cache: Broken physical size for mail UID 20089 Mar 17 19:47:29 strike dovecot: imap(USER4): Error: Cached message size larger than expected (4093 > 3364) Mar 17 19:47:29 strike dovecot: imap(USER4): Error: Corrupted index cache file /home/USER4/mail/.imap/Drafts/dovecot.index.cache: Broken physical size for mail UID 20089 Mar 17 19:47:29 strike dovecot: imap(USER4): Error: copy: i_stream_read() failed: Input/output error Apr 2 18:06:39 strike dovecot: imap(USER5): Error: Log synchronization error at seq=1,offset=30176 for /home/USER5/mail/.imap/virus/dovecot.index: Extension header update points outside header size Apr 16 18:49:26 strike dovecot: imap(USER4): Error: FETCH [] for mailbox Drafts UID 20428 got too little data: 9936 vs 10490 Apr 16 18:49:26 strike dovecot: imap(USER4): Error: Corrupted index cache file /home/USER4/mail/.imap/Drafts/dovecot.index.cache: Broken virtual size for mail UID 20428 Apr 28 16:04:56 strike dovecot: imap(USER6): Error: Log synchronization error at seq=1,offset=3900 for /home/USER6/mail/.imap/Berni/dovecot.index: Extension header update points outside header size Apr 28 16:04:56 strike dovecot: imap(USER6): Error: Log synchronization error at seq=1,offset=3988 for /home/USER6/mail/.imap/Berni/dovecot.index: Extension header update points outside header size Apr 28 16:04:56 strike dovecot: imap(USER6): Error: Log synchronization error at seq=1,offset=4076 for /home/USER6/mail/.imap/Berni/dovecot.index: Extension header update points outside header size Apr 28 16:04:59 strike dovecot: imap(USER6): Error: Log synchronization error at seq=1,offset=4164 for /home/USER6/mail/.imap/Berni/dovecot.index: Extension header update points outside header size Apr 28 16:05:34 strike dovecot: imap(USER6): Error: Log synchronization error at seq=1,offset=4340 for /home/USER6/mail/.imap/Berni/dovecot.index: Extension header update points outside header size May 12 13:34:52 strike dovecot: imap(USER4): Error: Log synchronization error at seq=2,offset=240 for /home/USER4/mail/.imap/Junk/dovecot.index: Extension header update points outside header size May 12 21:59:29 strike dovecot: imap(USER5): Error: Log synchronization error at seq=1,offset=30264 for /home/USER5/mail/.imap/virus/dovecot.index: Extension header update points outside header size -------------------- 8< -------------------- > -------------------- 8< -------------------- > # 2.2.12: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-431.3.1.el6.x86_64 x86_64 CentOS release 6.5 (Final) > auth_mechanisms = plain login > auth_verbose = yes > default_vsz_limit = 512 M > first_valid_uid = 100 > imap_client_workarounds = tb-extra-mailbox-sep > login_trusted_networks = 172.23.60.0/24 > mail_location = mbox:~/mail:INBOX=/var/mail/%u > mail_plugins = " mail_log notify" > mail_privileged_group = mail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date ihave > mbox_write_locks = fcntl > namespace inbox { > inbox = yes > location = mbox:~/mail:INBOX=/var/mail/%u > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > separator = / > type = private > } > passdb { > driver = pam > } > plugin { > mail_log_events = delete undelete expunge copy mailbox_delete > mailbox_rename > mail_log_fields = uid box msgid size > } > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > } > service imap-postlogin { > executable = script-login -d /usr/local/sbin/dovecot-post-login.pl > } > service imap { > executable = imap imap-postlogin > } > ssl = required > ssl_cert = ssl_key = userdb { > driver = passwd > } > -------------------- 8< -------------------- > > > -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From Jochen.Bern at LINworks.de Fri May 23 11:25:03 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Fri, 23 May 2014 13:25:03 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <537DA578.60900@rutelecom.company> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> Message-ID: <537F300F.3010707@LINworks.de> On -10.01.-28163 20:59, Dmitry Podkovyrkin wrote: > Yes, it is a solution to this problem. But for a single user. And how > can you do it for the entire server? If I may answer your question with a question: How well does "*our* entire (outgoing-)mailserver" translate to "for all e-mails our *users* send, including those working at remote locations or with mobile devices", assuming that that latter is your actual goal? Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From h.reindl at thelounge.net Fri May 23 11:54:02 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 23 May 2014 13:54:02 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <537F300F.3010707@LINworks.de> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> <537F300F.3010707@LINworks.de> Message-ID: <537F36DA.3090107@thelounge.net> Am 23.05.2014 13:25, schrieb Jochen Bern: > On -10.01.-28163 20:59, Dmitry Podkovyrkin wrote: >> Yes, it is a solution to this problem. But for a single user. And how >> can you do it for the entire server? > > If I may answer your question with a question: How well does "*our* > entire (outgoing-)mailserver" translate to "for all e-mails our *users* > send, including those working at remote locations or with mobile > devices", assuming that that latter is your actual goal? how does it matter where the user is and what device he uses? the user *always must* use the one and only SMTP server responsible for his domain, especially in times of SPF, DKIM and DMARC and spoofing protections for incoming mail anything else is an idiot ignoring the configuration data his mailprovider gave him supported by a second idiot running a MTA which allows random envelope-senders and in that case nobody but the user is responsible for rejected, dropped and lost mails -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From skdovecot at smail.inf.fh-brs.de Fri May 23 12:26:37 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 23 May 2014 14:26:37 +0200 (CEST) Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <537DA578.60900@rutelecom.company> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 22 May 2014, Dmitry Podkovyrkin wrote: > Yes, it is a solution to this problem. But for a single user. Well, no. Every user can add a BCC in his client. Maybe you use a central client configuration setup. I don't know your situation. > And how can you > do it for the entire server? Well, as I said, "in postfix". It's your MTA all your users are going through. How to do it with postfix, I don't know, because I do not run no postfix. > > 22.05.2014 13:18, Steffen Kaiser ?????: >> >> On Thu, 22 May 2014, Dmitry Podkovyrkin wrote: >> >>> My mail server works in tandem: Dovecot (IMAP) + Postfix. >>> How can I configure in Gmail: Outgoing email copied to the Sent folder >>> using postfix without mail client? This question is for the mailing list >>> for Postfix? >>> Mail client itself copies outgoing messages in the folder Sent, but the >>> messages are large, and the server is far away. And to transmit email >>> twice for sending and copying is not effective. >> >> Either add a BCC to each message in the mail client or in postfix. >> >> Then have that BCC mail address delivered into the user's Sent mailbox. For >> this, you could use sub- or plus-addressing, e.g. user+Sent at example.org, or >> add yet another mail alias, that Sieve is "fileinto Sent" , or ... . >> > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU38+fXz1H7kL/d9rAQILHQf+PzwtfbY3n2kox6zFUSv+6GfyMLSSGOG1 1yVrHgKLMqybPAo/IShSc8nb0mdSuLciwNfFAf6fzEaetE0tme84/IeLm8uZ1Nyx xP29BXPconcJ+3FZPurytum8Ubov0POzyyFel+fCv2JzoAC6Qks9SwjazPt1zuEv jey+edtQFOB9DMKMfCT4a3sDYdDd3Ntm0QIKGjQbnZT8kyoaT0BVoi4aCUzC6FSn qc+wjpbZjsQpgNdyhhfqdA53JOq1cq+lQHKaasun0DGYDhCBNzhz8z/FCMvstJGS 6WRjsfzwnjO9oxJohwcK1F5vV7DqQZajIWxSlbh56tLemfi7wfYefA== =bBfP -----END PGP SIGNATURE----- From Jochen.Bern at LINworks.de Fri May 23 12:29:07 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Fri, 23 May 2014 14:29:07 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <537F36DA.3090107@thelounge.net> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> <537F300F.3010707@LINworks.de> <537F36DA.3090107@thelounge.net> Message-ID: <537F3F13.6070703@LINworks.de> On -10.01.-28163 20:59, Reindl Harald wrote: > the user *always must* use the one and only SMTP server > responsible for his domain, especially in times of SPF, > DKIM and DMARC and spoofing protections for incoming mail And who ever said that users cannot go and use a different domain *if* using another infrastructure is what they want to do? (I have seen management and sales types who think that buying an account at some-fancy-executives-meeting-place.com is a valid technical solution for the "problem" of their own company's remote-work infrastructure not being on the level of the Fortune 500 enterprise they dream of working at. The national legislator, mandating that companies maintain an archive of all business relevant communications, begs to differ.) Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From dlie76 at yahoo.com.au Fri May 23 13:05:07 2014 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Fri, 23 May 2014 06:05:07 -0700 (PDT) Subject: [Dovecot] Conditional jump or move depends on uninitialised value Message-ID: <1400850307.34143.YahooMailNeo@web122606.mail.ne1.yahoo.com> Hi, My Server runs on Ubuntu Server 12.04 LTS 32 bits. I'm getting the following error messages when I run "make check" during the compilation of dovecot-2.2.13. ==2058== Conditional jump or move depends on uninitialised value(s) ==2058==??? at 0x4049DD8: inflateReset2 (in /lib/i386-linux-gnu/libz.so.1.2.3.4) ==2058==??? by 0x4049EC7: inflateInit2_ (in /lib/i386-linux-gnu/libz.so.1.2.3.4) ==2058==??? by 0x804AFEF: i_stream_zlib_init (istream-zlib.c:320) ==2058==??? by 0x804B122: i_stream_create_zlib (istream-zlib.c:475) ==2058==??? by 0x804AA18: test_compression_handler (test-compression.c:72) ==2058==??? by 0xEFCDAB88: ??? ==2058== make[2]: *** [check-test] Error 1 make[2]: Leaving directory `/usr/src/dovecot-2.2.13/src/lib-compression' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/usr/src/dovecot-2.2.13/src' make: *** [check-recursive] Error 1 Any help would be greatly appreciated. Thank you From teemu.huovila at dovecot.fi Fri May 23 13:17:28 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Fri, 23 May 2014 16:17:28 +0300 Subject: [Dovecot] Conditional jump or move depends on uninitialised value In-Reply-To: <1400850307.34143.YahooMailNeo@web122606.mail.ne1.yahoo.com> References: <1400850307.34143.YahooMailNeo@web122606.mail.ne1.yahoo.com> Message-ID: <537F4A68.6050702@dovecot.fi> On 05/23/2014 04:05 PM, Daminto Lie wrote: > Hi, > > My Server runs on Ubuntu Server 12.04 LTS 32 bits. > > I'm getting the following error messages when I run "make check" during the compilation of dovecot-2.2.13. This is a known issue with an external library (zlib). We opted not to include the valgrind suppressions in the dovecot source. To silence the error, execute the following in the top direcotory of dovecot source: cat << EOF > ./run-test-valgrind.supp { Memcheck:Cond fun:inflateReset2 fun:inflateInit2_ fun:i_stream_zlib_init fun:i_stream_create_zlib fun:test_compression_handler fun:test_compression fun:test_run_funcs fun:test_run fun:main } EOF We use this on squeezy, but i think the call stack should be the same. br, Teemu Huovila > > > > ==2058== Conditional jump or move depends on uninitialised > value(s) > ==2058== at 0x4049DD8: inflateReset2 (in > /lib/i386-linux-gnu/libz.so.1.2.3.4) > ==2058== by 0x4049EC7: inflateInit2_ (in > /lib/i386-linux-gnu/libz.so.1.2.3.4) > ==2058== by 0x804AFEF: i_stream_zlib_init > (istream-zlib.c:320) > ==2058== by 0x804B122: > i_stream_create_zlib (istream-zlib.c:475) > ==2058== by 0x804AA18: > test_compression_handler (test-compression.c:72) > ==2058== by 0xEFCDAB88: ??? > ==2058== > make[2]: *** [check-test] Error 1 > make[2]: Leaving directory > `/usr/src/dovecot-2.2.13/src/lib-compression' > make[1]: *** [check-recursive] Error 1 > make[1]: Leaving directory `/usr/src/dovecot-2.2.13/src' > make: *** [check-recursive] Error 1 > Any help would be greatly appreciated. > > Thank you > From h.reindl at thelounge.net Fri May 23 13:18:04 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 23 May 2014 15:18:04 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <537F3F13.6070703@LINworks.de> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> <537F300F.3010707@LINworks.de> <537F36DA.3090107@thelounge.net> <537F3F13.6070703@LINworks.de> Message-ID: <537F4A8C.1090903@thelounge.net> Am 23.05.2014 14:29, schrieb Jochen Bern: > On -10.01.-28163 20:59, Reindl Harald wrote: >> the user *always must* use the one and only SMTP server >> responsible for his domain, especially in times of SPF, >> DKIM and DMARC and spoofing protections for incoming mail > > And who ever said that users cannot go and use a different domain *if* > using another infrastructure is what they want to do? and how is that my problem as i am responsible for *my* servers and the domains i maintain and *nothing* else? sent mails are on the server responsible for that different domains - so what...... they can create accounts and domains as much as they like but i am not responsible for mails with @gmail.com, not allow my servers them as evenople as the same vice versa from gmail and domains i host so what did you want to explain me? that the user has a problem if he is using random sender addresses from random and don't manage to handle it over the long? who cares? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From Jochen.Bern at LINworks.de Fri May 23 15:51:47 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Fri, 23 May 2014 17:51:47 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <537F4A8C.1090903@thelounge.net> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> <537F300F.3010707@LINworks.de> <537F36DA.3090107@thelounge.net> <537F3F13.6070703@LINworks.de> <537F4A8C.1090903@thelounge.net> Message-ID: <537F6E93.3020304@LINworks.de> On 23.05.2014 15:18, Reindl Harald wrote: > Am 23.05.2014 14:29, schrieb Jochen Bern: >> On -10.01.-28163 20:59, Reindl Harald wrote: >>> the user *always must* use the one and only SMTP server >>> responsible for his domain, especially in times of SPF, >>> DKIM and DMARC and spoofing protections for incoming mail >> >> And who ever said that users cannot go and use a different domain *if* >> using another infrastructure is what they want to do? > > and how is that my problem as i am responsible for *my* > servers and the domains i maintain and *nothing* else? So the specific *LEGAL REQUIREMENTS* I gave as an example don't apply to your servers/organization/country/whatever? Good for you. Now how about we wait for Dmitry to tell us whether or not *he* needs the solution to *his* problem to address such scenarios? Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From tss at iki.fi Fri May 23 20:03:01 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 23 May 2014 13:03:01 -0700 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <537F1AD8.7080608@strike.wu.ac.at> References: <536A99B4.1010109@strike.wu.ac.at> <536B5209.5020309@Media-Brokers.com> <536B5568.80108@strike.wu.ac.at> <537F1AD8.7080608@strike.wu.ac.at> Message-ID: On 23.5.2014, at 2.54, Alexander 'Leo' Bergolth wrote: > On 05/08/2014 11:59 AM, Alexander 'Leo' Bergolth wrote: >> On 05/08/2014 11:44 AM, Charles Marcus wrote: >>> On 5/7/2014 4:38 PM, Alexander 'Leo' Bergolth wrote: >>>> I am getting "Cached message size smaller than expected" errors since >>>> dovecot-2.1.x. >>> >> I tried dovecot 2.2.7, 2.2.10 and 2.2.12. All of them produce tha same >> errors. ("Cached message size smaller than expected", sometimes followed >> by "read... Invalid argument".) > > This really drives me to despair! :-( > Timo please help! I highly recommend switching away from mbox format. This of course should be fixed, but mbox code is currently pretty low priority on my list of things to fix. From h.reindl at thelounge.net Fri May 23 23:54:33 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 24 May 2014 01:54:33 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <537F6E93.3020304@LINworks.de> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> <537F300F.3010707@LINworks.de> <537F36DA.3090107@thelounge.net> <537F3F13.6070703@LINworks.de> <537F4A8C.1090903@thelounge.net> <537F6E93.3020304@LINworks.de> Message-ID: <537FDFB9.3030705@thelounge.net> Am 23.05.2014 17:51, schrieb Jochen Bern: > On 23.05.2014 15:18, Reindl Harald wrote: >> Am 23.05.2014 14:29, schrieb Jochen Bern: >>> On -10.01.-28163 20:59, Reindl Harald wrote: >>>> the user *always must* use the one and only SMTP server >>>> responsible for his domain, especially in times of SPF, >>>> DKIM and DMARC and spoofing protections for incoming mail >>> >>> And who ever said that users cannot go and use a different domain *if* >>> using another infrastructure is what they want to do? >> >> and how is that my problem as i am responsible for *my* >> servers and the domains i maintain and *nothing* else? > > So the specific *LEGAL REQUIREMENTS* I gave as an example don't apply to > your servers/organization/country/whatever? Good for you. Now how about > we wait for Dmitry to tell us whether or not *he* needs the solution to > *his* problem to address such scenarios? which legal requirements? * domain1.exmaple.com has his incoming and outgoing server * domain2.example.com has his incoming and outgoing server domain1.example.com must not accept sombeody at domain2.example.com as sender and is using SPF domain2.example.com must not accept sombeody at domain1.example.com as sender and is using SPF user of domain1.example.com must not use the MTA of domain2.example.com for sending mails with his domain1.example.com user of domain2.example.com must not use the MTA of domain1.example.com for sending mails with his domain2.example.com there is nothing between - period -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From llsubscr at zudiewiener.com Sat May 24 09:56:14 2014 From: llsubscr at zudiewiener.com (lister171254) Date: Sat, 24 May 2014 02:56:14 -0700 (PDT) Subject: [Dovecot] socket /var/spool/postfix/private/auth not created Message-ID: <1400925374776-48182.post@n4.nabble.com> I'm on Ubuntu 13.10 and followed these instructions http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL to configure Dovecot for Postfix. No matter what I try, the listener is not created. dovecot -n does not show the listener (I guess that's why its not created) This is the extract from the /etc/dovecot/conf.d/10-master.conf --------------- service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have # full permissions to this socket are able to get a list of all usernames and # get the results of everyone's userdb lookups. # # The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure. # # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb { #mode = 0666 #user = #group = } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0600 user = postfix group = postfix } # Auth process is run as this user. #user = $default_internal_user } ---------------- Postfix is not involved in this right now as I expect the socket to be created when I restart dovecot. Can't find any meaningfull errors in the logs either. I hope I'm missing something obvious Thanks, Leo -- View this message in context: http://dovecot.2317879.n4.nabble.com/socket-var-spool-postfix-private-auth-not-created-tp48182.html Sent from the Dovecot mailing list archive at Nabble.com. From tlx at leuxner.net Sat May 24 10:48:11 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 24 May 2014 12:48:11 +0200 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <1400925374776-48182.post@n4.nabble.com> References: <1400925374776-48182.post@n4.nabble.com> Message-ID: <20140524104811.GA27246@nihlus.leuxner.net> * lister171254 2014.05.24 11:56: > No matter what I try, the listener is not created. > > Text does the trick as well and survives pictures in the archives ;) > # Postfix smtp-auth > unix_listener /var/spool/postfix/private/auth { > mode = 0600 > user = postfix > group = postfix The wiki quoted and my running config both use 'mode = 0660'. Give that a try: service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = doveauth } You may leave out the extra doveauth user which is a specific flavor of my configuration. If that still fails, you should post some log excerpts from dovecot after a reload which probably show the problem. Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From llsubscr at zudiewiener.com Sat May 24 12:00:17 2014 From: llsubscr at zudiewiener.com (Subscriptions) Date: Sat, 24 May 2014 12:00:17 +0000 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <20140524104811.GA27246@nihlus.leuxner.net> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> Message-ID: <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> Made the changes, so entries in 10-master.conf are now: ------ service auth { unix_listener auth-userdb { #mode = 0666 #user = #group = } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } # Auth process is run as this user. #user = $default_internal_user } Entries in 10-auth.conf are as follows (ass suggested by another post I found. ------------ ... auth_mechanisms = plain login ... ----------- Output from dovecot -n -------------- # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 auth_mechanisms = plain cram-md5 auth_verbose = yes base_dir = /var/run/dovecot/ info_log_path = /var/log/dovecot.info log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/vmail/%d/%n namespace { inbox = yes location = prefix = INBOX. separator = . } passdb { args = /etc/dovecot/passwd driver = passwd-file } protocols = imap pop3 service auth { executable = /usr/lib/dovecot/auth user = root } service imap-login { chroot = login executable = /usr/lib/dovecot/imap-login user = dovecot } service imap { executable = /usr/lib/dovecot/imap } service pop3-login { chroot = login executable = /usr/lib/dovecot/pop3-login user = dovecot } --------------------------- Did a reload. Tail of Logs files is as follows ------------dovecot.info ----- 2014-05-24 21:53:49 imap-login: Info: Login: user=, method=CRAM-MD5, rip=110.20.34.128, lip=103.4.235.252, mpid=3469, TLS, session=<9m7L/yP6xgBuFCKA> 2014-05-24 21:53:55 imap-login: Info: Login: user=, method=CRAM-MD5, rip=110.20.34.128, lip=103.4.235.252, mpid=3471, TLS, session= 2014-05-24 21:54:00 imap-login: Info: Login: user=, method=CRAM-MD5, rip=110.20.34.128, lip=103.4.235.252, mpid=3473, TLS, session= ------------------------------- -------- dovecot ------------- 2014-05-24 21:29:49 config: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) 2014-05-24 21:29:49 log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) 2014-05-24 21:29:49 master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) 2014-05-24 21:30:13 master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) 2014-05-24 21:30:13 log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) 2014-05-24 21:41:41 master: Warning: SIGHUP received - reloading configuration --------------------------------- Thanks, Leo On 24/05/14 20:48, Thomas Leuxner wrote: > * lister171254 2014.05.24 11:56: > >> No matter what I try, the listener is not created. >> >> > > Text does the trick as well and survives pictures in the archives > ;) > >> # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth >> { mode = 0600 user = postfix group = postfix > > The wiki quoted and my running config both use 'mode = 0660'. Give > that a try: > > service auth { unix_listener /var/spool/postfix/private/auth { > group = postfix mode = 0660 user = postfix } user = doveauth } > > You may leave out the extra doveauth user which is a specific > flavor of my configuration. If that still fails, you should post > some log excerpts from dovecot after a reload which probably show > the problem. > > Regards Thomas > From s.sabatier at pobox.com Sat May 24 16:14:38 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Sat, 24 May 2014 18:14:38 +0200 Subject: [Dovecot] Plugin mail-filter tangles Message-ID: <5380C56E.9080806@pobox.com> System installed : Dovecot 2.2.12 as IMAP server and Postfix as MTA. Dovecot and Postfix connected via LMTP + Dovecot mail plugin 'mail-filter' to encrypt/decrypt emails on the fly with public/private users' RSA keys. Case study : You have 3 (virtuals) users belonging to 3 different domains, all managed by your Dovecot server. One of these users is connected to Dovecot with MUA Thunderbird, and he's writing an email to someone outside of yours domains, but he puts the two others users' email addresses in CC : mail from user1 at domain1.dovecot --> to: someone at outside, CC: user2 at domain2.dovecot, user3 at domaine3.dovecot What happens (as far as I can understand) : The email is submitted to Postfix : one copy is delivered outside, the other is passed to Dovecot via LMTP for user2 & user3 @dovecot Dovecot is handling the final delivery, through mail-filter plugin as follow : 1. both users contexts are created from user_db queries 2. mail-filter plugin is init for user2 3. /mail_user_created/ for user2 4. mai-filter plugin arguments are parsed for user2 5. ???/mail_allocated/ then /mail_save_begin/ for user2 (at this stage, the email is encrypted with users2 params) 6. Dovecot tells to LMTP that mail for user2 is delivered 7. then, ??? we are still in user2 context ???, an other /mail_allocated/ is run, followed by a /istream_opened/ 8. mail user context is swithed to user3 --> /mail_user_created/ --> plugin's args parsed --> ??? /mail_allocated/ 9. and??? Dovecot tells to LMTP that mail for user3 is delivered So, it appears that Dovecot is re-using user2's email to pass it to user3 by opening an istream in user2's context. In my configuration, Dovecot can't do that because it has not the user2's private rsa key to reopen the email it has just encrypted, so it passes the email to user3 with user2 encryption params. Final result : user3 is receiving the email encrypted with user2's rsa key ! Problem : how to force Dovecot to deinit then reinit mail-filter plugin for each user to be sure that each email is encrypted with the right key before it is saved to users' mailboxes ? Thank you in advance for your help. Stan. From leo at strike.wu.ac.at Sat May 24 17:17:06 2014 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Sat, 24 May 2014 19:17:06 +0200 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: References: <536A99B4.1010109@strike.wu.ac.at> <536B5209.5020309@Media-Brokers.com> <536B5568.80108@strike.wu.ac.at> <537F1AD8.7080608@strike.wu.ac.at> Message-ID: <5380D412.4040400@strike.wu.ac.at> On 23.05.2014 22:03, Timo Sirainen wrote: >>>> On 5/7/2014 4:38 PM, Alexander 'Leo' Bergolth wrote: >>>>> I am getting "Cached message size smaller than expected" errors since >>>>> dovecot-2.1.x. >>>> >>> I tried dovecot 2.2.7, 2.2.10 and 2.2.12. All of them produce tha same >>> errors. ("Cached message size smaller than expected", sometimes followed >>> by "read... Invalid argument".) >> >> This really drives me to despair! :-( >> Timo please help! > > I highly recommend switching away from mbox format. This of course > should be fixed, but mbox code is currently pretty low priority on my > list of things to fix. I'd understand and support that if we were talking about some esoteric unusual mailbox format. However, mbox is still standard for many distributions and is used in a huge number of small-scale mailserver installations. Dovecots documentation doesn't mention that mbox support is broken. Quite contrary even the homepage states: "while still supporting the standard mbox and Maildir formats". The mbox Wiki page says that mbox is standard on usual Unix systems and praises dovecots indexing: "the mbox format is typically thought of as a slow format. However with Dovecot's indexing this isn't true." Timo, I really appreciate your work on dovecot. I am successfully using dovecot (and mbox) for more then 10 years now and I still believe that it is the number one choice. However, I think this misleading information should really be replaced with big fat warnings about broken mbox support. Moreover the linux distributions should be warned to not ship mbox mail delivery configurations by default. I'll consider switching to another mailbox format but such a migration is not a snap decision, it has to be well considered. I cannot switch overnight and thus it's really frustrating having to accept a broken mail system for the meantime. Deprecation warnings would have helped here. Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From llsubscr at zudiewiener.com Sat May 24 22:21:26 2014 From: llsubscr at zudiewiener.com (Subscriptions) Date: Sat, 24 May 2014 22:21:26 +0000 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> Message-ID: <00000146305309af-41fe901b-18ce-47ab-a79b-4feaa3397904-000000@email.amazonses.com> This may be a stupid question, but which process is supposed to create the socket. All other (existing) sockets in /var/spool/postfix/private are owned by Postfix, so am assuming they were created when Postfix was installed. Thanks On 24/05/14 22:00, Subscriptions wrote: > Made the changes, so entries in 10-master.conf are now: > > ------ > service auth { > unix_listener auth-userdb { > #mode = 0666 > #user = > #group = > } > > # Postfix smtp-auth > unix_listener /var/spool/postfix/private/auth { > mode = 0660 > user = postfix > group = postfix > } > # Auth process is run as this user. > #user = $default_internal_user > > } > > Entries in 10-auth.conf are as follows (ass suggested by another post > I found. > > ------------ > ... > auth_mechanisms = plain login > ... > > ----------- > > > Output from dovecot -n > > -------------- > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 > auth_mechanisms = plain cram-md5 > auth_verbose = yes > base_dir = /var/run/dovecot/ > info_log_path = /var/log/dovecot.info > log_path = /var/log/dovecot > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_location = maildir:/home/vmail/%d/%n > namespace { > inbox = yes > location = > prefix = INBOX. > separator = . > } > passdb { > args = /etc/dovecot/passwd > driver = passwd-file > } > protocols = imap pop3 > service auth { > executable = /usr/lib/dovecot/auth > user = root > } > service imap-login { > chroot = login > executable = /usr/lib/dovecot/imap-login > user = dovecot > } > service imap { > executable = /usr/lib/dovecot/imap > } > service pop3-login { > chroot = login > executable = /usr/lib/dovecot/pop3-login > user = dovecot > } > > --------------------------- > > Did a reload. > > Tail of Logs files is as follows > ------------dovecot.info ----- > 2014-05-24 21:53:49 imap-login: Info: Login: > user=, method=CRAM-MD5, rip=110.20.34.128, > lip=103.4.235.252, mpid=3469, TLS, session=<9m7L/yP6xgBuFCKA> > 2014-05-24 21:53:55 imap-login: Info: Login: > user=, method=CRAM-MD5, rip=110.20.34.128, > lip=103.4.235.252, mpid=3471, TLS, session= > 2014-05-24 21:54:00 imap-login: Info: Login: > user=, method=CRAM-MD5, rip=110.20.34.128, > lip=103.4.235.252, mpid=3473, TLS, session= > ------------------------------- > > -------- dovecot ------------- > 2014-05-24 21:29:49 config: Warning: Killed with signal 15 (by pid=1 > uid=0 code=kill) > 2014-05-24 21:29:49 log: Warning: Killed with signal 15 (by pid=1 > uid=0 code=kill) > 2014-05-24 21:29:49 master: Warning: Killed with signal 15 (by pid=1 > uid=0 code=kill) > 2014-05-24 21:30:13 master: Warning: Killed with signal 15 (by pid=1 > uid=0 code=kill) > 2014-05-24 21:30:13 log: Warning: Killed with signal 15 (by pid=1 > uid=0 code=kill) > 2014-05-24 21:41:41 master: Warning: SIGHUP received - reloading > configuration > --------------------------------- > > > Thanks, > > Leo > > > > On 24/05/14 20:48, Thomas Leuxner wrote: >> * lister171254 2014.05.24 11:56: >> >>> No matter what I try, the listener is not created. >>> >>> >> >> Text does the trick as well and survives pictures in the archives >> ;) >> >>> # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth >>> { mode = 0600 user = postfix group = postfix >> >> The wiki quoted and my running config both use 'mode = 0660'. Give >> that a try: >> >> service auth { unix_listener /var/spool/postfix/private/auth { >> group = postfix mode = 0660 user = postfix } user = doveauth } >> >> You may leave out the extra doveauth user which is a specific >> flavor of my configuration. If that still fails, you should post >> some log excerpts from dovecot after a reload which probably show >> the problem. >> >> Regards Thomas >> From h.reindl at thelounge.net Sat May 24 22:28:26 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 25 May 2014 00:28:26 +0200 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <00000146305309af-41fe901b-18ce-47ab-a79b-4feaa3397904-000000@email.amazonses.com> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> <00000146305309af-41fe901b-18ce-47ab-a79b-4feaa3397904-000000@email.amazonses.com> Message-ID: <53811D0A.5010204@thelounge.net> postfix can hardly create the socket because it is the *consumer* of it - so dovecot is responsible as well as other sockets are *not* created at install but at start time - a socket is not a regular file and you can compare it to a listening TCP port Am 25.05.2014 00:21, schrieb Subscriptions: > This may be a stupid question, but which process is supposed to create > the socket. All other (existing) sockets in /var/spool/postfix/private > are owned by Postfix, so am assuming they were created when Postfix was > installed. > > On 24/05/14 22:00, Subscriptions wrote: >> Made the changes, so entries in 10-master.conf are now: >> >> ------ >> service auth { >> unix_listener auth-userdb { >> #mode = 0666 >> #user = >> #group = >> } >> >> # Postfix smtp-auth >> unix_listener /var/spool/postfix/private/auth { >> mode = 0660 >> user = postfix >> group = postfix >> } >> # Auth process is run as this user. >> #user = $default_internal_user >> >> } >> >> Entries in 10-auth.conf are as follows (ass suggested by another post >> I found. >> >> ------------ >> ... >> auth_mechanisms = plain login >> ... >> >> ----------- >> >> >> Output from dovecot -n >> >> -------------- >> # 2.2.9: /etc/dovecot/dovecot.conf >> # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 >> auth_mechanisms = plain cram-md5 >> auth_verbose = yes >> base_dir = /var/run/dovecot/ >> info_log_path = /var/log/dovecot.info >> log_path = /var/log/dovecot >> log_timestamp = "%Y-%m-%d %H:%M:%S " >> mail_location = maildir:/home/vmail/%d/%n >> namespace { >> inbox = yes >> location = >> prefix = INBOX. >> separator = . >> } >> passdb { >> args = /etc/dovecot/passwd >> driver = passwd-file >> } >> protocols = imap pop3 >> service auth { >> executable = /usr/lib/dovecot/auth >> user = root >> } >> service imap-login { >> chroot = login >> executable = /usr/lib/dovecot/imap-login >> user = dovecot >> } >> service imap { >> executable = /usr/lib/dovecot/imap >> } >> service pop3-login { >> chroot = login >> executable = /usr/lib/dovecot/pop3-login >> user = dovecot >> } >> >> --------------------------- >> >> Did a reload. >> >> Tail of Logs files is as follows >> ------------dovecot.info ----- >> 2014-05-24 21:53:49 imap-login: Info: Login: >> user=, method=CRAM-MD5, rip=110.20.34.128, >> lip=103.4.235.252, mpid=3469, TLS, session=<9m7L/yP6xgBuFCKA> >> 2014-05-24 21:53:55 imap-login: Info: Login: >> user=, method=CRAM-MD5, rip=110.20.34.128, >> lip=103.4.235.252, mpid=3471, TLS, session= >> 2014-05-24 21:54:00 imap-login: Info: Login: >> user=, method=CRAM-MD5, rip=110.20.34.128, >> lip=103.4.235.252, mpid=3473, TLS, session= >> ------------------------------- >> >> -------- dovecot ------------- >> 2014-05-24 21:29:49 config: Warning: Killed with signal 15 (by pid=1 >> uid=0 code=kill) >> 2014-05-24 21:29:49 log: Warning: Killed with signal 15 (by pid=1 >> uid=0 code=kill) >> 2014-05-24 21:29:49 master: Warning: Killed with signal 15 (by pid=1 >> uid=0 code=kill) >> 2014-05-24 21:30:13 master: Warning: Killed with signal 15 (by pid=1 >> uid=0 code=kill) >> 2014-05-24 21:30:13 log: Warning: Killed with signal 15 (by pid=1 >> uid=0 code=kill) >> 2014-05-24 21:41:41 master: Warning: SIGHUP received - reloading >> configuration >> --------------------------------- >> >> >> Thanks, >> >> Leo >> >> >> >> On 24/05/14 20:48, Thomas Leuxner wrote: >>> * lister171254 2014.05.24 11:56: >>> >>>> No matter what I try, the listener is not created. >>>> >>>> >>> >>> Text does the trick as well and survives pictures in the archives >>> ;) >>> >>>> # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth >>>> { mode = 0600 user = postfix group = postfix >>> >>> The wiki quoted and my running config both use 'mode = 0660'. Give >>> that a try: >>> >>> service auth { unix_listener /var/spool/postfix/private/auth { >>> group = postfix mode = 0660 user = postfix } user = doveauth } >>> >>> You may leave out the extra doveauth user which is a specific >>> flavor of my configuration. If that still fails, you should post >>> some log excerpts from dovecot after a reload which probably show >>> the problem. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From Jochen.Bern at LINworks.de Sat May 24 23:18:59 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Sun, 25 May 2014 01:18:59 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <537FDFB9.3030705@thelounge.net> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> <537F300F.3010707@LINworks.de> <537F36DA.3090107@thelounge.net> <537F3F13.6070703@LINworks.de> <537F4A8C.1090903@thelounge.net> <537F6E93.3020304@LINworks.de> <537FDFB9.3030705@thelounge.net> Message-ID: <538128E3.3080909@LINworks.de> On -10.01.-28163 20:59, Reindl Harald wrote: > Am 23.05.2014 17:51, schrieb Jochen Bern: >> So the specific *LEGAL REQUIREMENTS* I gave as an example don't apply to >> your servers/organization/country/whatever? Good for you. Now how about >> we wait for Dmitry to tell us whether or not *he* needs the solution to >> *his* problem to address such scenarios? > > which legal requirements? Legal requirements like, for example, these German ones: http://www.recht-im-internet.de/themen/archivierung.htm Note that the legalese addresses users acting in the name of a company, *regardless* of what infrastructure they're using to do so. > user of domain1.example.com must not use the MTA of domain2.example.com > for sending mails with his domain1.example.com > > user of domain2.example.com must not use the MTA of domain1.example.com > for sending mails with his domain2.example.com > > there is nothing between - period I asked Dmitry whether users of his domain1 picking up the habit of sending e-mail (on domain1 matters) through some domain2 - in a way that's perfectly acceptable on the *technical* plane you're so obsessed about - and thus bypassing the automatic copy he's trying to set up on domain1's servers is a development he can accept. For me, it would *not* be, for reasons that are non-technical but nonetheless binding. Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From h.reindl at thelounge.net Sat May 24 23:24:27 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 25 May 2014 01:24:27 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <538128E3.3080909@LINworks.de> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> <537F300F.3010707@LINworks.de> <537F36DA.3090107@thelounge.net> <537F3F13.6070703@LINworks.de> <537F4A8C.1090903@thelounge.net> <537F6E93.3020304@LINworks.de> <537FDFB9.3030705@thelounge.net> <538128E3.3080909@LINworks.de> Message-ID: <53812A2B.8070806@thelounge.net> Am 25.05.2014 01:18, schrieb Jochen Bern: > On -10.01.-28163 20:59, Reindl Harald wrote: >> Am 23.05.2014 17:51, schrieb Jochen Bern: >>> So the specific *LEGAL REQUIREMENTS* I gave as an example don't apply to >>> your servers/organization/country/whatever? Good for you. Now how about >>> we wait for Dmitry to tell us whether or not *he* needs the solution to >>> *his* problem to address such scenarios? >> >> which legal requirements? > > Legal requirements like, for example, these German ones: > http://www.recht-im-internet.de/themen/archivierung.htm > Note that the legalese addresses users acting in the name of a company, > *regardless* of what infrastructure they're using to do so and *that is* why if you are sending with @domain1.example.com you have to use the MTA responsible for @domain1.example.com strange that you try to contradict what i originally said while you acknowldege it at the same time >> the user *always must* use the one and only SMTP server >> responsible for his domain, especially in times of SPF, >> DKIM and DMARC and spoofing protections for incoming mail -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From llsubscr at zudiewiener.com Sun May 25 00:33:23 2014 From: llsubscr at zudiewiener.com (Subscriptions) Date: Sun, 25 May 2014 00:33:23 +0000 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <53811D0A.5010204@thelounge.net> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> <00000146305309af-41fe901b-18ce-47ab-a79b-4feaa3397904-000000@email.amazonses.com> <53811D0A.5010204@thelounge.net> Message-ID: <0000014630cbd4e6-b41cb017-3a1b-4e78-8a7e-f20e4790bec3-000000@email.amazonses.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ok. Obviously I'm no guru here, I'm just trying to figure out why this socket is missing. If I shut down postfix, the sockets in private are still there. They are also all owned by postfix. If postfix is only the consumer then I assume dovecot must have write access to private, which it doesn't Thanks On 25/05/14 08:28, Reindl Harald wrote: > postfix can hardly create the socket because it is the *consumer* > of it - so dovecot is responsible > > as well as other sockets are *not* created at install but at start > time - a socket is not a regular file and you can compare it to a > listening TCP port > > Am 25.05.2014 00:21, schrieb Subscriptions: >> This may be a stupid question, but which process is supposed to >> create the socket. All other (existing) sockets in >> /var/spool/postfix/private are owned by Postfix, so am assuming >> they were created when Postfix was installed. >> >> On 24/05/14 22:00, Subscriptions wrote: >>> Made the changes, so entries in 10-master.conf are now: >>> >>> ------ service auth { unix_listener auth-userdb { #mode = 0666 >>> #user = #group = } >>> >>> # Postfix smtp-auth unix_listener >>> /var/spool/postfix/private/auth { mode = 0660 user = postfix >>> group = postfix } # Auth process is run as this user. #user = >>> $default_internal_user >>> >>> } >>> >>> Entries in 10-auth.conf are as follows (ass suggested by >>> another post I found. >>> >>> ------------ ... auth_mechanisms = plain login ... >>> >>> ----------- >>> >>> >>> Output from dovecot -n >>> >>> -------------- # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux >>> 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 auth_mechanisms >>> = plain cram-md5 auth_verbose = yes base_dir = >>> /var/run/dovecot/ info_log_path = /var/log/dovecot.info >>> log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S >>> " mail_location = maildir:/home/vmail/%d/%n namespace { inbox = >>> yes location = prefix = INBOX. separator = . } passdb { args = >>> /etc/dovecot/passwd driver = passwd-file } protocols = imap >>> pop3 service auth { executable = /usr/lib/dovecot/auth user = >>> root } service imap-login { chroot = login executable = >>> /usr/lib/dovecot/imap-login user = dovecot } service imap { >>> executable = /usr/lib/dovecot/imap } service pop3-login { >>> chroot = login executable = /usr/lib/dovecot/pop3-login user = >>> dovecot } >>> >>> --------------------------- >>> >>> Did a reload. >>> >>> Tail of Logs files is as follows ------------dovecot.info >>> ----- 2014-05-24 21:53:49 imap-login: Info: Login: >>> user=, method=CRAM-MD5, >>> rip=110.20.34.128, lip=103.4.235.252, mpid=3469, TLS, >>> session=<9m7L/yP6xgBuFCKA> 2014-05-24 21:53:55 imap-login: >>> Info: Login: user=, method=CRAM-MD5, >>> rip=110.20.34.128, lip=103.4.235.252, mpid=3471, TLS, >>> session= 2014-05-24 21:54:00 imap-login: >>> Info: Login: user=, method=CRAM-MD5, >>> rip=110.20.34.128, lip=103.4.235.252, mpid=3473, TLS, >>> session= ------------------------------- >>> >>> -------- dovecot ------------- 2014-05-24 21:29:49 config: >>> Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) >>> 2014-05-24 21:29:49 log: Warning: Killed with signal 15 (by >>> pid=1 uid=0 code=kill) 2014-05-24 21:29:49 master: Warning: >>> Killed with signal 15 (by pid=1 uid=0 code=kill) 2014-05-24 >>> 21:30:13 master: Warning: Killed with signal 15 (by pid=1 uid=0 >>> code=kill) 2014-05-24 21:30:13 log: Warning: Killed with signal >>> 15 (by pid=1 uid=0 code=kill) 2014-05-24 21:41:41 master: >>> Warning: SIGHUP received - reloading configuration >>> --------------------------------- >>> >>> >>> Thanks, >>> >>> Leo >>> >>> >>> >>> On 24/05/14 20:48, Thomas Leuxner wrote: >>>> * lister171254 2014.05.24 11:56: >>>> >>>>> No matter what I try, the listener is not created. >>>>> >>>>> >>>> >>>> Text does the trick as well and survives pictures in the >>>> archives ;) >>>> >>>>> # Postfix smtp-auth unix_listener >>>>> /var/spool/postfix/private/auth { mode = 0600 user = >>>>> postfix group = postfix >>>> >>>> The wiki quoted and my running config both use 'mode = 0660'. >>>> Give that a try: >>>> >>>> service auth { unix_listener /var/spool/postfix/private/auth >>>> { group = postfix mode = 0660 user = postfix } user = >>>> doveauth } >>>> >>>> You may leave out the extra doveauth user which is a >>>> specific flavor of my configuration. If that still fails, you >>>> should post some log excerpts from dovecot after a reload >>>> which probably show the problem. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJTgTo2AAoJEOXdNUiyB06kx/sP/27yQ1M0QpOkKomnibGh82H6 yLeGzJaofLVfIhClzXxUVRcyeWGvjKgVItKxrkuVTzz5ZPSku7Qs1h523BJzwvb0 FsZsqWDrvxQzZZW2HjTEdI6CfZeHiHBTyWdxORe0aadPz/BnuhbsQdH4Ob5d55XC ZMYhDev0R4idtuCDcsAbIlvcW9ZZO6Zi/+zxS9M1kr3E9I/I+Tzyu0BGyjtY+XQ7 rfAxjhM6BLgJlK9qohXXgyQEqSzkBA3sAzeF2HMaG5wWi0fGkLgfTW/hW1bzO9rk JIFa2+PB60Xy9nFM5zU4fTQMWsKlExEcV6HQLwr4mZE5lLRvpqyjrSA4Z1h9mN3x zUMpJy5/qq35gpu3bdpQ9Q8PB3hVKy4E+8s2hjXUohhEVsEuUkUoP00GER0Ibr3J feRPnDn8+Q3Y3ojHg8ExQp4Dk65+S5f5m31v48Qhaw0edErM+8WwIagP7ZSAgKpZ JXwVjGiRFJ/V1fswv+Rn0piavGFYVZM/ryvZpzpp2Ojo9xTeLfR0vzXeHOdnLo8F 5NOACiZs8YElx+e4SeyvPrC+KP5dHyQcVYtm150EeRpSPwPbJp+u8rQD/cL158KE ZuGXHCU6rgH+oQn2HQwOcXXam6fwdqM9Tzz1Mu8Wif7/2d0bbKfJfI0CiWM0Yz6R Jf3qrMwUcw2ksaYF9NkH =30bO -----END PGP SIGNATURE----- From nick.z.edwards at gmail.com Sun May 25 07:58:37 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Sun, 25 May 2014 17:58:37 +1000 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> Message-ID: On 5/24/14, Subscriptions wrote: > Made the changes, so entries in 10-master.conf are now: > > ------ > service auth { > unix_listener auth-userdb { > #mode = 0666 > #user = > #group = > } > this should have user/group that should match how postfix master.cf see's it eg: master.cf: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -e -d ${user}@${nexthop} dovecot: service auth { client_limit = 2248 unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail group = vmail } } > # Postfix smtp-auth > unix_listener /var/spool/postfix/private/auth { > mode = 0660 > user = postfix > group = postfix > } > # Auth process is run as this user. > #user = $default_internal_user > > } > > Entries in 10-auth.conf are as follows (ass suggested by another post > I found. > > ------------ > ... > auth_mechanisms = plain login > ... > > ----------- > > > Output from dovecot -n > > -------------- > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 > auth_mechanisms = plain cram-md5 > auth_verbose = yes > base_dir = /var/run/dovecot/ > info_log_path = /var/log/dovecot.info > log_path = /var/log/dovecot > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_location = maildir:/home/vmail/%d/%n > namespace { > inbox = yes > location = > prefix = INBOX. > separator = . > } > passdb { > args = /etc/dovecot/passwd > driver = passwd-file > } > protocols = imap pop3 > service auth { > executable = /usr/lib/dovecot/auth > user = root > } > service imap-login { > chroot = login > executable = /usr/lib/dovecot/imap-login > user = dovecot > } > service imap { > executable = /usr/lib/dovecot/imap > } > service pop3-login { > chroot = login > executable = /usr/lib/dovecot/pop3-login > user = dovecot > } > > --------------------------- > > Did a reload. > > Tail of Logs files is as follows > ------------dovecot.info ----- > 2014-05-24 21:53:49 imap-login: Info: Login: > user=, method=CRAM-MD5, rip=110.20.34.128, > lip=103.4.235.252, mpid=3469, TLS, session=<9m7L/yP6xgBuFCKA> > 2014-05-24 21:53:55 imap-login: Info: Login: > user=, method=CRAM-MD5, rip=110.20.34.128, > lip=103.4.235.252, mpid=3471, TLS, session= > 2014-05-24 21:54:00 imap-login: Info: Login: > user=, method=CRAM-MD5, rip=110.20.34.128, > lip=103.4.235.252, mpid=3473, TLS, session= > ------------------------------- > > -------- dovecot ------------- > 2014-05-24 21:29:49 config: Warning: Killed with signal 15 (by pid=1 > uid=0 code=kill) > 2014-05-24 21:29:49 log: Warning: Killed with signal 15 (by pid=1 > uid=0 code=kill) > 2014-05-24 21:29:49 master: Warning: Killed with signal 15 (by pid=1 > uid=0 code=kill) > 2014-05-24 21:30:13 master: Warning: Killed with signal 15 (by pid=1 > uid=0 code=kill) > 2014-05-24 21:30:13 log: Warning: Killed with signal 15 (by pid=1 > uid=0 code=kill) > 2014-05-24 21:41:41 master: Warning: SIGHUP received - reloading > configuration > --------------------------------- > > > Thanks, > > Leo > > > > On 24/05/14 20:48, Thomas Leuxner wrote: >> * lister171254 2014.05.24 11:56: >> >>> No matter what I try, the listener is not created. >>> >>> >> >> Text does the trick as well and survives pictures in the archives >> ;) >> >>> # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth >>> { mode = 0600 user = postfix group = postfix >> >> The wiki quoted and my running config both use 'mode = 0660'. Give >> that a try: >> >> service auth { unix_listener /var/spool/postfix/private/auth { >> group = postfix mode = 0660 user = postfix } user = doveauth } >> >> You may leave out the extra doveauth user which is a specific >> flavor of my configuration. If that still fails, you should post >> some log excerpts from dovecot after a reload which probably show >> the problem. >> >> Regards Thomas >> > From tlx at leuxner.net Sun May 25 08:18:02 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Sun, 25 May 2014 10:18:02 +0200 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <0000014630cbd4e6-b41cb017-3a1b-4e78-8a7e-f20e4790bec3-000000@email.amazonses.com> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> <00000146305309af-41fe901b-18ce-47ab-a79b-4feaa3397904-000000@email.amazonses.com> <53811D0A.5010204@thelounge.net> <0000014630cbd4e6-b41cb017-3a1b-4e78-8a7e-f20e4790bec3-000000@email.amazonses.com> Message-ID: <20140525081802.GA31399@nihlus.leuxner.net> * Subscriptions 2014.05.25 02:33: Have you checked that no security extension comes in play preventing creation of sockets? https://wiki.ubuntu.com/Security/Features Should manifest itself in syslog somewhere if you grep for the path in question... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From axel.luttgens at skynet.be Sun May 25 12:08:06 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Sun, 25 May 2014 14:08:06 +0200 Subject: [Dovecot] Index cache errors worse with 2.2.x In-Reply-To: <537F1AD8.7080608@strike.wu.ac.at> References: <536A99B4.1010109@strike.wu.ac.at> <536B5209.5020309@Media-Brokers.com> <536B5568.80108@strike.wu.ac.at> <537F1AD8.7080608@strike.wu.ac.at> Message-ID: <66EEA748-6B9C-4860-90A2-E3A5A42DD560@skynet.be> Le 23 mai 2014 ? 11:54, Alexander 'Leo' Bergolth a ?crit : > [...] > > I tried to add dotlock to mbox_write_locks since according to the source, > the LDA (maildrop) seems to try dotlock before fcntl. Hello Alexander, I don't know very much about maildrop, but isn't this configurable, perhaps thru maildroprc or such? I'm asking, because guessing about such matters may be somewhat audacious... > I also changed fcntl to dotlock for locking index files. (lock_method = dotlock) Such a change shouldn't be needed (and could even lead to inefficiencies), since only Dovecot software is supposed to handle those index files. Or could it be that you have some concerns with XFS's locking capabilities? > The only processes that access a users mailboxes are dovecot (imap and pop) and maildrop (LDA). It could be interesting to see a raw message as delivered by maildrop under your mail system. Could you try something along these lines? 1. prepare a user's environment: - create a test user - send him some messages, access his mboxes thru pop, imap..., move, delete some messages... 2. do not access that user's account anymore 3. send a short message to that user, perhaps one with some frills (i.e. a bit more complicated than just plain ASCII) 4. do a cat on that user's inbox (or, probably better, a hexdump -C) > The only non-standard setup I can identify is that I am using an imap-postlogin script that dynamically adds some additional namespaces via environment variables for some users that have access to shared mailboxes. > But I doubt wether this can have an influence on the index.cache errors. Who knows? ;-) Now, those errors seem to occur only with IMAP, never with POP. More precisely, within imap processes. Is this really the case? If yes, this could provide a hint. Again, as far as I can tell, the cache-related error messages seem to occur only with INBOX, never with another mailbox. On the other hand, the error messages related to "invalid arguments" either do not specify a mailbox, or specify a non-INBOX mailbox (e.g., "Trash", "A_TO_DO", "A_ZV-Zahlungsvorschlag"...). And the most precise of those message mention "mail parser: read(" or "copy: i_stream_read() failed". Putting all these pieces together might perhaps lead someone more knowledgeable to an explanation... HTH, Axel From axel.luttgens at skynet.be Sun May 25 13:46:30 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Sun, 25 May 2014 15:46:30 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <5380C56E.9080806@pobox.com> References: <5380C56E.9080806@pobox.com> Message-ID: Le 24 mai 2014 ? 18:14, Stanislas SABATIER a ?crit : > System installed : Dovecot 2.2.12 as IMAP server and Postfix as MTA. > Dovecot and Postfix connected via LMTP > + Dovecot mail plugin 'mail-filter' to encrypt/decrypt emails on the fly > with public/private users' RSA keys. > > [...] > Final result : user3 is receiving the email encrypted with user2's rsa key ! Hello Stanislas, All of this sounds a bit "bizarre", not to say frightening... To avoid any ambiguity, could you post the output of doveconf -n? As well your encryption and decryption scripts? And tell us how postfix is configured wrt LMTP? > Problem : how to force Dovecot to deinit then reinit mail-filter plugin > for each user to be sure that each email is encrypted with the right key > before it is saved to users' mailboxes ? There could perhaps be a (temporary) workaround at Postfix's level, by limiting the number of recipients? Axel From llsubscr at zudiewiener.com Sun May 25 23:01:00 2014 From: llsubscr at zudiewiener.com (Subscriptions) Date: Sun, 25 May 2014 23:01:00 +0000 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <20140525081802.GA31399@nihlus.leuxner.net> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> <00000146305309af-41fe901b-18ce-47ab-a79b-4feaa3397904-000000@email.amazonses.com> <53811D0A.5010204@thelounge.net> <0000014630cbd4e6-b41cb017-3a1b-4e78-8a7e-f20e4790bec3-000000@email.amazonses.com> <20140525081802.GA31399@nihlus.leuxner.net> Message-ID: <00000146359d9f4c-3d259026-9091-41ff-817f-1f0a99f31d70-000000@email.amazonses.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, have checked the logs, but cannot find any issues/errors in relation to dovecot anywhere Just to clarify, when I restart dovecot, I expect the socket to be created. Is this correct? Thanks, Leo On 25/05/14 18:18, Thomas Leuxner wrote: > * Subscriptions 2014.05.25 02:33: > > Have you checked that no security extension comes in play > preventing creation of sockets? > https://wiki.ubuntu.com/Security/Features > > Should manifest itself in syslog somewhere if you grep for the path > in question... > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJTgnYrAAoJEOXdNUiyB06kSzUP/jR7iXkZ/iiQTBdoI9P5kAqZ +BD62baJ10Tk4isdz+tn0gosTvTqRCOd9hnxnUsi5hJ3Ayjpe1rU4AQ/4gPVWee1 Y2uZRW8bS1lYotrWDvuzf4ruy/ASkEVZ4iHVzsOoL0/KgjJ2fCg+O2GOYfSX7Uf2 2RZKtRukg9wvOQ+ARTfl6oEKzgJNOVuro+QW3QKVD70eZqEvjLBVz9uPw5h/eGo8 4O2LwnFGsnhwwk6phfbdv5B1EOZ3x36zfeD6i8vOgBWIao2ZAbP43P26qPP/s3kR mFflGzUxBblnwwZccXIEHuK8ZfPMpNjB+TQLgis1/THyrMnWITHA9JIVwoXwAnWz 11tmWVlii6uXDLUKdv2lIU4GaipWdOZb6d/k+tM5CCr09L0G3JJS0/HgefOUb+np 3OVKAfrJj8/TbHvdTYYM7nKAduEve4K1A7xGE7drWwS085rWEr4/qeSxM5oLR18G TeDTmGaOMEf/IecGLEprpBIr4iy2qEOJWE+1mQ9R8F0Z/2GptOSPtaRBh/R3xu9g 71oNiHQvtgGLeiiXiOgeQX6GKJh7+enzAVZ+pMnGeyVAt02pIqWUMGdlg9bQ3gUL F/Orz7+NqRqplhEBWMqP3hXNterBv4vMF/X5njOmvANZL+NmvbbJMiZpiuCeq01Q F/GiRchCMGDDZJ7hqKTr =YCkv -----END PGP SIGNATURE----- From h.reindl at thelounge.net Sun May 25 23:09:15 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 26 May 2014 01:09:15 +0200 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <00000146359d9f4c-3d259026-9091-41ff-817f-1f0a99f31d70-000000@email.amazonses.com> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> <00000146305309af-41fe901b-18ce-47ab-a79b-4feaa3397904-000000@email.amazonses.com> <53811D0A.5010204@thelounge.net> <0000014630cbd4e6-b41cb017-3a1b-4e78-8a7e-f20e4790bec3-000000@email.amazonses.com> <20140525081802.GA31399@nihlus.leuxner.net> <00000146359d9f4c-3d259026-9091-41ff-817f-1f0a99f31d70-000000@email.amazonses.com> Message-ID: <5382781B.6090702@thelounge.net> Am 26.05.2014 01:01, schrieb Subscriptions: > Yes, have checked the logs, but cannot find any issues/errors in > relation to dovecot anywhere > > Just to clarify, when I restart dovecot, I expect the socket to be > created. Is this correct? surely as you can see below and that works on 6 machines here for years ________________________________________________________________________________ service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } } ________________________________________________________________________________ [root at testserver:~]$ stat /var/spool/postfix/private/auth stat: cannot stat '/var/spool/postfix/private/auth': No such file or directory [root at testserver:~]$ systemctl status dovecot dovecot.service - Dovecot IMAP/POP3 Proxy Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled) Active: inactive (dead) since Mon 2014-05-26 01:05:21 CEST; 38s ago Process: 860 ExecStart=/usr/sbin/dovecot -F (code=exited, status=0/SUCCESS) Main PID: 860 (code=exited, status=0/SUCCESS) [root at testserver:~]$ systemctl start dovecot.service [root at testserver:~]$ stat /var/spool/postfix/private/auth File: '/var/spool/postfix/private/auth' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 811h/2065d Inode: 253971 Links: 1 Access: (0660/srw-rw----) Uid: ( 89/ postfix) Gid: ( 89/ postfix) Access: 2014-05-26 01:06:13.288893380 +0200 Modify: 2014-05-26 01:06:13.288893380 +0200 Change: 2014-05-26 01:06:13.288893380 +0200 Birth: - > On 25/05/14 18:18, Thomas Leuxner wrote: >> * Subscriptions 2014.05.25 02:33: > >> Have you checked that no security extension comes in play >> preventing creation of sockets? >> https://wiki.ubuntu.com/Security/Features > >> Should manifest itself in syslog somewhere if you grep for the path >> in question... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From llsubscr at zudiewiener.com Sun May 25 23:19:22 2014 From: llsubscr at zudiewiener.com (Subscriptions) Date: Sun, 25 May 2014 23:19:22 +0000 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> Message-ID: <0000014635ae6f64-73508574-358c-43d0-b80a-7f8175ed9a66-000000@email.amazonses.com> ok. My 10-master.conf now looks like this: ----------- service auth { client_limit = 2248 unix_listener auth-userdb { mode = 0600 user = virtual group = virtual } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } # Auth process is run as this user. #user = $default_internal_user } ----------- Have added the following to master.cf ------ dovecot unix - n n - - pipe flags=DRhu user=virtual:virtual argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -e -d ${user}@${nexthop} ------ Restarted both dovecot and postfix; still no socket. BTW, When would yo expect the socket to be created; after restarting dovecot or postfix? Thanks, Leo On 25/05/14 17:58, Nick Edwards wrote: > On 5/24/14, Subscriptions wrote: >> Made the changes, so entries in 10-master.conf are now: >> >> ------ >> service auth { >> unix_listener auth-userdb { >> #mode = 0666 >> #user = >> #group = >> } >> > > this should have user/group that should match how postfix master.cf see's it > > eg: > > master.cf: > dovecot unix - n n - - pipe > flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda > -f ${sender} -e -d ${user}@${nexthop} > > > dovecot: > > service auth { > client_limit = 2248 > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > mode = 0600 > user = vmail > group = vmail > } > } > > > > > >> # Postfix smtp-auth >> unix_listener /var/spool/postfix/private/auth { >> mode = 0660 >> user = postfix >> group = postfix >> } >> # Auth process is run as this user. >> #user = $default_internal_user >> >> } >> >> Entries in 10-auth.conf are as follows (ass suggested by another post >> I found. >> >> ------------ >> ... >> auth_mechanisms = plain login >> ... >> >> ----------- >> >> >> Output from dovecot -n >> >> -------------- >> # 2.2.9: /etc/dovecot/dovecot.conf >> # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 >> auth_mechanisms = plain cram-md5 >> auth_verbose = yes >> base_dir = /var/run/dovecot/ >> info_log_path = /var/log/dovecot.info >> log_path = /var/log/dovecot >> log_timestamp = "%Y-%m-%d %H:%M:%S " >> mail_location = maildir:/home/vmail/%d/%n >> namespace { >> inbox = yes >> location = >> prefix = INBOX. >> separator = . >> } >> passdb { >> args = /etc/dovecot/passwd >> driver = passwd-file >> } >> protocols = imap pop3 >> service auth { >> executable = /usr/lib/dovecot/auth >> user = root >> } >> service imap-login { >> chroot = login >> executable = /usr/lib/dovecot/imap-login >> user = dovecot >> } >> service imap { >> executable = /usr/lib/dovecot/imap >> } >> service pop3-login { >> chroot = login >> executable = /usr/lib/dovecot/pop3-login >> user = dovecot >> } >> >> --------------------------- >> >> Did a reload. >> >> Tail of Logs files is as follows >> ------------dovecot.info ----- >> 2014-05-24 21:53:49 imap-login: Info: Login: >> user=, method=CRAM-MD5, rip=110.20.34.128, >> lip=103.4.235.252, mpid=3469, TLS, session=<9m7L/yP6xgBuFCKA> >> 2014-05-24 21:53:55 imap-login: Info: Login: >> user=, method=CRAM-MD5, rip=110.20.34.128, >> lip=103.4.235.252, mpid=3471, TLS, session= >> 2014-05-24 21:54:00 imap-login: Info: Login: >> user=, method=CRAM-MD5, rip=110.20.34.128, >> lip=103.4.235.252, mpid=3473, TLS, session= >> ------------------------------- >> >> -------- dovecot ------------- >> 2014-05-24 21:29:49 config: Warning: Killed with signal 15 (by pid=1 >> uid=0 code=kill) >> 2014-05-24 21:29:49 log: Warning: Killed with signal 15 (by pid=1 >> uid=0 code=kill) >> 2014-05-24 21:29:49 master: Warning: Killed with signal 15 (by pid=1 >> uid=0 code=kill) >> 2014-05-24 21:30:13 master: Warning: Killed with signal 15 (by pid=1 >> uid=0 code=kill) >> 2014-05-24 21:30:13 log: Warning: Killed with signal 15 (by pid=1 >> uid=0 code=kill) >> 2014-05-24 21:41:41 master: Warning: SIGHUP received - reloading >> configuration >> --------------------------------- >> >> >> Thanks, >> >> Leo >> >> >> >> On 24/05/14 20:48, Thomas Leuxner wrote: >>> * lister171254 2014.05.24 11:56: >>> >>>> No matter what I try, the listener is not created. >>>> >>>> >>> >>> Text does the trick as well and survives pictures in the archives >>> ;) >>> >>>> # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth >>>> { mode = 0600 user = postfix group = postfix >>> >>> The wiki quoted and my running config both use 'mode = 0660'. Give >>> that a try: >>> >>> service auth { unix_listener /var/spool/postfix/private/auth { >>> group = postfix mode = 0660 user = postfix } user = doveauth } >>> >>> You may leave out the extra doveauth user which is a specific >>> flavor of my configuration. If that still fails, you should post >>> some log excerpts from dovecot after a reload which probably show >>> the problem. >>> >>> Regards Thomas >>> >> From h.reindl at thelounge.net Sun May 25 23:25:56 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 26 May 2014 01:25:56 +0200 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <0000014635ae6f64-73508574-358c-43d0-b80a-7f8175ed9a66-000000@email.amazonses.com> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> <0000014635ae6f64-73508574-358c-43d0-b80a-7f8175ed9a66-000000@email.amazonses.com> Message-ID: <53827C04.4090306@thelounge.net> Am 26.05.2014 01:19, schrieb Subscriptions: > ok. My 10-master.conf now looks like this: > ----------- > service auth { > client_limit = 2248 > unix_listener auth-userdb { > mode = 0600 > user = virtual > group = virtual > } > > # Postfix smtp-auth > unix_listener /var/spool/postfix/private/auth { > mode = 0660 > user = postfix > group = postfix > } > # Auth process is run as this user. > #user = $default_internal_user > } > ----------- > > Have added the following to master.cf > ------ > dovecot unix - n n - - pipe > flags=DRhu user=virtual:virtual argv=/usr/libexec/dovecot/dovecot-lda > -f ${sender} -e -d ${user}@${nexthop} > ------ > > Restarted both dovecot and postfix; still no socket. > > BTW, > > When would yo expect the socket to be created; after restarting dovecot > or postfix? DOVECOT as explained multiple times postfix is just the customer what about looking at your systemlogs as already asked? what operating system? are you running SELinux or another MAC system? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From llsubscr at zudiewiener.com Mon May 26 00:11:19 2014 From: llsubscr at zudiewiener.com (Subscriptions) Date: Mon, 26 May 2014 00:11:19 +0000 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <5382781B.6090702@thelounge.net> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> <00000146305309af-41fe901b-18ce-47ab-a79b-4feaa3397904-000000@email.amazonses.com> <53811D0A.5010204@thelounge.net> <0000014630cbd4e6-b41cb017-3a1b-4e78-8a7e-f20e4790bec3-000000@email.amazonses.com> <20140525081802.GA31399@nihlus.leuxner.net> <00000146359d9f4c-3d259026-9091-41ff-817f-1f0a99f31d70-000000@email.amazonses.com> <5382781B.6090702@thelounge.net> Message-ID: <0000014635ddfdcb-e784a524-b3ee-4e14-b551-b4a440138336-000000@email.amazonses.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ok. I guess that narrows it down a bit. I'm on Ubuntu 14.10 64 bit server. my settings and ownership for /private are drwx------ 2 postfix root 4096 May 26 09:04 private There is nothing in the system (or devocot) logs that would indicate why the socket isn't created. Finally, I would expect "dovecot -n" to show some indication of this listener, which for me it doesn't. Thanks, Leo On 26/05/14 09:09, Reindl Harald wrote: > > Am 26.05.2014 01:01, schrieb Subscriptions: >> Yes, have checked the logs, but cannot find any issues/errors in >> relation to dovecot anywhere >> >> Just to clarify, when I restart dovecot, I expect the socket to >> be created. Is this correct? > > surely as you can see below and that works on 6 machines here for > years > ________________________________________________________________________________ > > service auth { unix_listener /var/spool/postfix/private/auth { > mode = 0660 user = > postfix group = postfix } } > ________________________________________________________________________________ > > [root at testserver:~]$ stat /var/spool/postfix/private/auth stat: > cannot stat '/var/spool/postfix/private/auth': No such file or > directory > > [root at testserver:~]$ systemctl status dovecot dovecot.service - > Dovecot IMAP/POP3 Proxy Loaded: loaded > (/usr/lib/systemd/system/dovecot.service; enabled) Active: inactive > (dead) since Mon 2014-05-26 01:05:21 CEST; 38s ago Process: 860 > ExecStart=/usr/sbin/dovecot -F (code=exited, status=0/SUCCESS) Main > PID: 860 (code=exited, status=0/SUCCESS) > > [root at testserver:~]$ systemctl start dovecot.service > > [root at testserver:~]$ stat /var/spool/postfix/private/auth File: > '/var/spool/postfix/private/auth' Size: 0 Blocks: 0 > IO Block: 4096 socket Device: 811h/2065d Inode: 253971 > Links: 1 Access: (0660/srw-rw----) Uid: ( 89/ postfix) Gid: ( > 89/ postfix) Access: 2014-05-26 01:06:13.288893380 +0200 Modify: > 2014-05-26 01:06:13.288893380 +0200 Change: 2014-05-26 > 01:06:13.288893380 +0200 Birth: - > >> On 25/05/14 18:18, Thomas Leuxner wrote: >>> * Subscriptions 2014.05.25 02:33: >> >>> Have you checked that no security extension comes in play >>> preventing creation of sockets? >>> https://wiki.ubuntu.com/Security/Features >> >>> Should manifest itself in syslog somewhere if you grep for the >>> path in question... > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJTgoalAAoJEOXdNUiyB06ksKwP/1/QoDuoY7VEPKbFSfUVYLxp LuR3ZmI4GqaOTDe+P3d/g7wkMbpQ3k7hQFNh60NyN2G0WgEApjzZmNq3TYsW38sJ f+j873k7XDdekqjQy7G9Cx60/mMXCmLHOelpn0W+jtQ0xypYVSW8o8DgtiuY4f6Y 7KHq0VaFj5fzZoo3y8eS39At9H4huwypKPZGpR30gfT5n/V2LoE8EoBDtUHf3LXl YFouPpG/63SEC1279YIY5T7zumUcxhzx4P6wdIqmf5+EkDF3XrxLgtwqGjzC3NvF nnCssm3pt8srVva1gUyapDdkB46owfq8cK/tOHqmNlyCJCqfbkYcAvLQh5A+YOet 7Ky9EpTt4e3C/ZgH83ffoxNLeKkNxbFMCbpiCLD0SFSy0rSKMYgk/1qhCmEmMXH3 Qv3Pz2FPuWebByP+RFUPEMzuK4aw+ykDAACAgKlmCFpbVNknOxMShRWyzhstKMF5 c4CCyF0YYDQIqYi0KVDKbF3qag7qEIvlpPybX2u13NlVXAAbjcc0s4DmB3Xqo42/ P5FaZf9RZ6s6kUOdyNKWa4qnKiYrTIY0UUF4hPHuQLonC0Qr1krlHJKH3gSLOKH6 b2P2gI1ONmRbZBM06jMJAZM6l/kKbg7S44xhy9L+wyrYAZNrfzaNWEcmGvi4Ufjl PKYYATbXfHDDlfInzcGA =c8YW -----END PGP SIGNATURE----- From tss at iki.fi Mon May 26 01:26:33 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 26 May 2014 04:26:33 +0300 Subject: [Dovecot] Segfault when deselecting virtual folder 2.2.13+ HG TIP In-Reply-To: <3e2262e6b94cbd0b6e452eb51d7447b0@theknoxes.co.uk> References: <3e2262e6b94cbd0b6e452eb51d7447b0@theknoxes.co.uk> Message-ID: On 16.5.2014, at 16.33, Colin Knox wrote: > I'm seeing a segfault in the imap process with the current mercurial tip (including changeset 17382 e99cd21e1f92) when selecting a particular virtual mail folder (but no other virtual mailboxes) and then selecting a different mail folder as in the IMAP transcript below. The same segfaults are triggered with IMAP clients. The situation is worse with the 2.2.13 which segfaults when any virtual mailbox is deselected so the recent patch helps partially. http://hg.dovecot.org/dovecot-2.2/rev/5c6f49e2d8d9 should fix this. From llsubscr at zudiewiener.com Mon May 26 04:08:56 2014 From: llsubscr at zudiewiener.com (Subscriptions) Date: Mon, 26 May 2014 04:08:56 +0000 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <0000014630cbd4e6-b41cb017-3a1b-4e78-8a7e-f20e4790bec3-000000@email.amazonses.com> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> <00000146305309af-41fe901b-18ce-47ab-a79b-4feaa3397904-000000@email.amazonses.com> <53811D0A.5010204@thelounge.net> <0000014630cbd4e6-b41cb017-3a1b-4e78-8a7e-f20e4790bec3-000000@email.amazonses.com> Message-ID: <0000014636b78877-0256a459-5768-48b5-b7e7-f31d0aed247f-000000@email.amazonses.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ok. Problem found and resolved. !include conf.d/*.conf was missing from my dovecot.conf. Don't know how or why, but putting the line in fixed the problem. Thanks, Leo On 25/05/14 10:33, Subscriptions wrote: > ok. Obviously I'm no guru here, I'm just trying to figure out why > this socket is missing. > > If I shut down postfix, the sockets in private are still there. > They are also all owned by postfix. If postfix is only the consumer > then I assume dovecot must have write access to private, which it > doesn't > > Thanks > > > > On 25/05/14 08:28, Reindl Harald wrote: >> postfix can hardly create the socket because it is the >> *consumer* of it - so dovecot is responsible > >> as well as other sockets are *not* created at install but at >> start time - a socket is not a regular file and you can compare >> it to a listening TCP port > >> Am 25.05.2014 00:21, schrieb Subscriptions: >>> This may be a stupid question, but which process is supposed >>> to create the socket. All other (existing) sockets in >>> /var/spool/postfix/private are owned by Postfix, so am >>> assuming they were created when Postfix was installed. >>> >>> On 24/05/14 22:00, Subscriptions wrote: >>>> Made the changes, so entries in 10-master.conf are now: >>>> >>>> ------ service auth { unix_listener auth-userdb { #mode = >>>> 0666 #user = #group = } >>>> >>>> # Postfix smtp-auth unix_listener >>>> /var/spool/postfix/private/auth { mode = 0660 user = postfix >>>> group = postfix } # Auth process is run as this user. #user >>>> = $default_internal_user >>>> >>>> } >>>> >>>> Entries in 10-auth.conf are as follows (ass suggested by >>>> another post I found. >>>> >>>> ------------ ... auth_mechanisms = plain login ... >>>> >>>> ----------- >>>> >>>> >>>> Output from dovecot -n >>>> >>>> -------------- # 2.2.9: /etc/dovecot/dovecot.conf # OS: >>>> Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 >>>> auth_mechanisms = plain cram-md5 auth_verbose = yes base_dir >>>> = /var/run/dovecot/ info_log_path = /var/log/dovecot.info >>>> log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d >>>> %H:%M:%S " mail_location = maildir:/home/vmail/%d/%n >>>> namespace { inbox = yes location = prefix = INBOX. separator >>>> = . } passdb { args = /etc/dovecot/passwd driver = >>>> passwd-file } protocols = imap pop3 service auth { executable >>>> = /usr/lib/dovecot/auth user = root } service imap-login { >>>> chroot = login executable = /usr/lib/dovecot/imap-login user >>>> = dovecot } service imap { executable = /usr/lib/dovecot/imap >>>> } service pop3-login { chroot = login executable = >>>> /usr/lib/dovecot/pop3-login user = dovecot } >>>> >>>> --------------------------- >>>> >>>> Did a reload. >>>> >>>> Tail of Logs files is as follows ------------dovecot.info >>>> ----- 2014-05-24 21:53:49 imap-login: Info: Login: >>>> user=, method=CRAM-MD5, >>>> rip=110.20.34.128, lip=103.4.235.252, mpid=3469, TLS, >>>> session=<9m7L/yP6xgBuFCKA> 2014-05-24 21:53:55 imap-login: >>>> Info: Login: user=, method=CRAM-MD5, >>>> rip=110.20.34.128, lip=103.4.235.252, mpid=3471, TLS, >>>> session= 2014-05-24 21:54:00 imap-login: >>>> Info: Login: user=, >>>> method=CRAM-MD5, rip=110.20.34.128, lip=103.4.235.252, >>>> mpid=3473, TLS, session= >>>> ------------------------------- >>>> >>>> -------- dovecot ------------- 2014-05-24 21:29:49 config: >>>> Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) >>>> 2014-05-24 21:29:49 log: Warning: Killed with signal 15 (by >>>> pid=1 uid=0 code=kill) 2014-05-24 21:29:49 master: Warning: >>>> Killed with signal 15 (by pid=1 uid=0 code=kill) 2014-05-24 >>>> 21:30:13 master: Warning: Killed with signal 15 (by pid=1 >>>> uid=0 code=kill) 2014-05-24 21:30:13 log: Warning: Killed >>>> with signal 15 (by pid=1 uid=0 code=kill) 2014-05-24 21:41:41 >>>> master: Warning: SIGHUP received - reloading configuration >>>> --------------------------------- >>>> >>>> >>>> Thanks, >>>> >>>> Leo >>>> >>>> >>>> >>>> On 24/05/14 20:48, Thomas Leuxner wrote: >>>>> * lister171254 2014.05.24 >>>>> 11:56: >>>>> >>>>>> No matter what I try, the listener is not created. >>>>>> >>>>>> >>>>> >>>>> >>>>>> Text does the trick as well and survives pictures in the >>>>> archives ;) >>>>> >>>>>> # Postfix smtp-auth unix_listener >>>>>> /var/spool/postfix/private/auth { mode = 0600 user = >>>>>> postfix group = postfix >>>>> >>>>> The wiki quoted and my running config both use 'mode = >>>>> 0660'. Give that a try: >>>>> >>>>> service auth { unix_listener >>>>> /var/spool/postfix/private/auth { group = postfix mode = >>>>> 0660 user = postfix } user = doveauth } >>>>> >>>>> You may leave out the extra doveauth user which is a >>>>> specific flavor of my configuration. If that still fails, >>>>> you should post some log excerpts from dovecot after a >>>>> reload which probably show the problem. > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJTgr5WAAoJEOXdNUiyB06kdSQP/R/kd+CXyuBbTtGhh5YnRES4 bmSM3rOJmGWrr9iB4Z7T6VMOeunvLvXSNfcGA6Vx2U49PkyGhk1+15QNiJN5zrk7 cCU0P7xKpSiqvCCLARbu+vtLu3vY8DWLqIMK61NC5b178dpN3Zw26F05Koc33+zE OPE1sHF5cMzl4uueU3+yKPWURPDd/cop2SkugEKHlZbTV8RowKGRbVuDyhNfsqRz vNxhg7u63/89BPH5T4N8iegEw4bunqVo823kGAzIwyYTBW0f+U9IVtOTkVfY5eDl xDQxHMVBNF6f+iqwN6wRENFFW6k3OYTmgGWjB4qrJP/n+zNkcQPfZTUTWKxmKZnU OAT2EQbkAFVo9mtM+yNmjkaVAlrTX4gGf84lJJfJzPbPrI1SEmsbZ8RRqiw5dCdw 1+yX36hK2n5Mg3HYAk/fmcQPKNNq7CJ51wUVdKoXD9Dz8+5uEqFtWb/U9eSp1Jvf mHyMjmqbTLRnom//yrY62C//M3Cs12DAbs4BzfDEs7JFgEYrpCmA5o77+HVXvOQI RL0oTpojIyRPG/4CU/xwG//hz0v4ptHH9kOHU7NdEpUcUoXXat3OJ5qgRchF2LYP 8dQRrxlFmzAqxKcZnT/xqMHRe/r/PhaB9CkVSYyvT0PWF0yBaDpXiZFZpXxi6JTh DDs8LHG+xvuCtNS7Qqed =PX9h -----END PGP SIGNATURE----- From dovecot.org at veggiechinese.net Mon May 26 05:51:36 2014 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Sun, 25 May 2014 22:51:36 -0700 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> Message-ID: <20140526055135.GA81093@aura.veggiechinese.net> On Fri, May 23, 2014 at 02:26:37PM +0200, Steffen Kaiser wrote: > > > And how can you do it for the entire server? > > Well, as I said, "in postfix". It's your MTA all your users are going > through. How to do it with postfix, I don't know, because I do not run > no postfix. OT for this list, but didn't see the answer to this yet; the parameter in Postfix is called '$always_bcc'. w From s.sabatier at pobox.com Mon May 26 08:01:28 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Mon, 26 May 2014 10:01:28 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: References: Message-ID: <5382F4D8.50903@pobox.com> To extend my previous message : I added the option '-o lmtp_destination_recipient_limit=1' to Postfix and try again to send a message to someone outside my domains, but adding two people in CC. It seems that Dovecot is still handling the delivery incorrectly. Here is the transcript of what happened : May 26 09:39:00 lmtp(47593): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= May 26 09:39:00 lmtp(47593): Info: Connect from 9.6.71.10 May 26 09:39:00 lmtp(47593): Debug: Loading modules from directory: /usr/local/lib/dovecot May 26 09:39:00 lmtp(47593): Debug: Module loaded: /usr/local/lib/dovecot/lib10_mailden_filter_plugin.so May 26 09:39:00 lmtp(47593): Debug: auth input: contact at mailden.pro home=/mailboxes/mailden.pro/contact/ uid=200 gid=6 email=contact at mailden.pro May 26 09:39:00 lmtp(47593): Debug: Added userdb setting: plugin/email=contact at mailden.pro May 26 09:39:00 lmtp(47593): Debug: auth input: stan at sapienssapide.fr home=/mailboxes/sapienssapide.fr/stan/ uid=200 gid=6 email=stan at sapienssapide.fr May 26 09:39:00 lmtp(47593): Debug: Added userdb setting: plugin/email=stan at sapienssapide.fr May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: mailden_filter_plugin_init May 26 09:39:00 lmtp(47593, contact at mailden.pro): Debug: Effective uid=200, gid=6, home=/mailboxes/mailden.pro/contact/ May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: mailden_filter_mail_user_created May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: mailden_filter_parse_setting May 26 09:39:00 lmtp(47593, contact at mailden.pro): Debug: mailden_filter: Filtering mailden_filter via socket /var/run/dovecot//decrypt-filter May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: mailden_filter_parse_setting May 26 09:39:00 lmtp(47593, contact at mailden.pro): Debug: mailden_filter: Filtering mailden_filter_out via socket /var/run/dovecot//encrypt-filter May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: plain_pass is null May 26 09:39:00 lmtp(47593, contact at mailden.pro): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=dbox:/mailboxes/mailden.pro/contact/ May 26 09:39:00 lmtp(47593, contact at mailden.pro): Debug: fs: root=/mailboxes/mailden.pro/contact, index=, indexpvt=, control=, inbox=, alt= May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: mailden_filter_mailbox_allocated May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: mailden_filter_mail_allocated May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: mailden_filter_mail_save_begin May 26 09:39:00 box encrypt_mail: -> Encrypt arg : contact at mailden.pro May 26 09:39:00 lmtp(47593, contact at mailden.pro): Debug: Namespace : Using permissions from /mailboxes/mailden.pro/contact: mode=0700 gid=default May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: sjhnApTvglPpuQAAz9GZsw: msgid=<5382EFA2.7020202 at mailden.fr>: saved mail to INBOX May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: mailden_filter_mail_allocated May 26 09:39:00 lmtp(47593, contact at mailden.pro): Info: mailden_filter_istream_opened May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Debug: Effective uid=200, gid=6, home=/mailboxes/sapienssapide.fr/stan/ May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Info: mailden_filter_mail_user_created May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Info: mailden_filter_parse_setting May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Debug: mailden_filter: Filtering mailden_filter via socket /var/run/dovecot//decrypt-filter May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Info: mailden_filter_parse_setting May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Debug: mailden_filter: Filtering mailden_filter_out via socket /var/run/dovecot//encrypt-filter May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Info: plain_pass is null May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=dbox:/mailboxes/sapienssapide.fr/stan/ May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Debug: fs: root=/mailboxes/sapienssapide.fr/stan, index=, indexpvt=, control=, inbox=, alt= May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Info: mailden_filter_mailbox_allocated May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Info: mailden_filter_mail_allocated May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Debug: Namespace : Using permissions from /mailboxes/sapienssapide.fr/stan: mode=0700 gid=default May 26 09:39:00 lmtp(47593, stan at sapienssapide.fr): Info: sjhnApTvglPpuQAAz9GZsw: msgid=<5382EFA2.7020202 at mailden.fr>: saved mail to INBOX May 26 09:39:00 lmtp(47593): Info: Disconnect from 9.6.71.10: Successful quit May 26 09:39:00 box decrypt_mail: -> Decrypt arg : contact at mailden.pro,n The last line above shows that, again, Dovecot is trying to read the email from mailboxe and it launched the 'decypt_mail' program with user1's params (user1 = 'contact at mailden.pro'). At this stage, neither user1 (contact at mailden.pro) nor user2 (stan at sapienssapide.fr) are connected and authenticated. Therefore, decrypt_mail is launched without user1's password (decrypc args are email and user password. In the above case, user password is set to 'n' because is missing). Stan. From jimmy.thrasibule at gmail.com Mon May 26 08:25:12 2014 From: jimmy.thrasibule at gmail.com (Jimmy Thrasibule) Date: Mon, 26 May 2014 10:25:12 +0200 Subject: [Dovecot] Multilayer mail handling Message-ID: Hi, I'm wondering what is the correct architecture and configuration to setup a multilayer mail handling? What I have in mind is something more like what we can found in Web platform architectures. 1. First layer does first checks: user authentication and SSL offloading. If all checks are OK request is proxied to layer 2. 2. Second layer, will actually handle the IMAP/POP3 connection proxied by layer 1, no major checks should be done as already made by layer 1. 3. Finally, layer 3 to do some virus checks on the emails and maybe some other things I can't think about. Do you have some pointers on how to set up such a mail stack where each layer can be on multiple other hosts? Best regards, Jimmy From axel.luttgens at skynet.be Mon May 26 08:48:32 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Mon, 26 May 2014 10:48:32 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <5382F4D8.50903@pobox.com> References: <5382F4D8.50903@pobox.com> Message-ID: <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> Le 26 mai 2014 ? 10:01, Stanislas SABATIER a ?crit : > To extend my previous message : > > I added the option '-o lmtp_destination_recipient_limit=1' to Postfix > and try again to send a message to someone outside my domains, but > adding two people in CC. > It seems that Dovecot is still handling the delivery incorrectly. Here > is the transcript of what happened : > > [...] Hello Stanislas, Still busy with your previous message, but I fear the above hasn't been concluding, as if the '-o lmtp_destination_recipient_limit=1' hadn't been taken into account: one lmtp process, same message id (sjhnApTvglPpuQAAz9GZsw). So, it looks like you still had a single message with two recipients. Axel From s.sabatier at pobox.com Mon May 26 08:54:34 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Mon, 26 May 2014 10:54:34 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> References: <5382F4D8.50903@pobox.com> <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> Message-ID: <5383014A.5090502@pobox.com> You're right, Postfix is still passing the two CC recipients in one LMTP process. I didn't find how to force Postfix to send emails one by one? Still digging? Anyway, I believe the way Dovecot is handling this case is not the right way. Le Mon May 26 10:48:32 2014, Axel Luttgens a ?crit : > > Le 26 mai 2014 ? 10:01, Stanislas SABATIER a ?crit : > >> To extend my previous message : >> >> I added the option '-o lmtp_destination_recipient_limit=1' to Postfix >> and try again to send a message to someone outside my domains, but >> adding two people in CC. >> It seems that Dovecot is still handling the delivery incorrectly. Here >> is the transcript of what happened : >> >> [...] > > Hello Stanislas, > > Still busy with your previous message, but I fear the above hasn't been concluding, as if the '-o lmtp_destination_recipient_limit=1' hadn't been taken into account: one lmtp process, same message id (sjhnApTvglPpuQAAz9GZsw). > > So, it looks like you still had a single message with two recipients. > > Axel > From h.reindl at thelounge.net Mon May 26 08:58:06 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 26 May 2014 10:58:06 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <5383014A.5090502@pobox.com> References: <5382F4D8.50903@pobox.com> <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> <5383014A.5090502@pobox.com> Message-ID: <5383021E.9080802@thelounge.net> Am 26.05.2014 10:54, schrieb Stanislas SABATIER: > You're right, Postfix is still passing the two CC recipients in one > LMTP process. I didn't find how to force Postfix to send emails one by > one lmtp_destination_recipient_limit = 1 lmtp_destination_concurrency_limit = 1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From axel.luttgens at skynet.be Mon May 26 10:19:27 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Mon, 26 May 2014 12:19:27 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <5383014A.5090502@pobox.com> References: <5382F4D8.50903@pobox.com> <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> <5383014A.5090502@pobox.com> Message-ID: <9E1DD88D-2736-400F-937A-E213B1754D23@skynet.be> Le 26 mai 2014 ? 10:54, Stanislas SABATIER a ?crit : > You're right, Postfix is still passing the two CC recipients in one > LMTP process. I didn't find how to force Postfix to send emails one by > one? Still digging? > Anyway, I believe the way Dovecot is handling this case is not the > right way. Indeed, there's something wrong somewhere... But you have to admit you came with quite a convoluted case, and it currently can't be said for sure that Dovecot alone is the culprit. Hence the exploratory idea to try with "one recipient per message". Now, from you Postfix setup description, you define dovecotfeed as a unix service: > dovecotfeed unix - - n - 2 lmtp > -o lmtp_send_xforward_command=yes > -o lmtp_tls_security_level=may but the virtual_transport seems to be overriden by a transport_maps query returning an inet thing: > dovecotfeed:[9.9.9.9]:26 Wouldn't you have another definition for dovecotfeed somewhere else (in which case this could explain the ineffectiveness of '-o lmtp_destination_recipient_limit=1')? That said, if you currently have a single transport, perhaps could you try to just put lmtp_destination_recipient_limit=1 into main.cf for testing purposes (works here as expected on my test machine). While I'm busy with those config matters, I also noticed: > service lmtp { > inet_listener dovecot_lmtp { > address = 10.10.10.10 > port = 26 > ssl = yes > } > process_min_avail = 5 > } Unless I'm wrong, various recent threads on the Dovecot list tended to indicate that ssl currently doesn't really work with lmtp. Perhaps might it be worth to remove on both sides (Dovecot and Postfix) any setting related to ssl in conjunction with lmtp? Ok, now going to look further at those filter matters... Axel From Jochen.Bern at LINworks.de Mon May 26 11:01:24 2014 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Mon, 26 May 2014 13:01:24 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <53812A2B.8070806@thelounge.net> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> <537F300F.3010707@LINworks.de> <537F36DA.3090107@thelounge.net> <537F3F13.6070703@LINworks.de> <537F4A8C.1090903@thelounge.net> <537F6E93.3020304@LINworks.de> <537FDFB9.3030705@thelounge.net> <538128E3.3080909@LINworks.de> <53812A2B.8070806@thelounge.net> Message-ID: <53831F04.5090100@LINworks.de> On -10.01.-28163 20:59, Reindl Harald wrote: > Am 25.05.2014 01:18, schrieb Jochen Bern: >> Legal requirements like, for example, these German ones: >> http://www.recht-im-internet.de/themen/archivierung.htm >> Note that the legalese addresses users acting in the name of a company, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> *regardless* of what infrastructure they're using to do so ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > and *that is* why if you are sending with @domain1.example.com ^^ ^^^^^^ > you have to use the MTA responsible for @domain1.example.com ^^^ And with the above highlighting, I shall rest my case of you never understanding word one of what I wrote. Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From h.reindl at thelounge.net Mon May 26 11:13:17 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 26 May 2014 13:13:17 +0200 Subject: [Dovecot] Copies of outgoing emails in the Sent folder In-Reply-To: <53831F04.5090100@LINworks.de> References: <537D9CF6.5060907@rutelecom.company> <537DA578.60900@rutelecom.company> <537F300F.3010707@LINworks.de> <537F36DA.3090107@thelounge.net> <537F3F13.6070703@LINworks.de> <537F4A8C.1090903@thelounge.net> <537F6E93.3020304@LINworks.de> <537FDFB9.3030705@thelounge.net> <538128E3.3080909@LINworks.de> <53812A2B.8070806@thelounge.net> <53831F04.5090100@LINworks.de> Message-ID: <538321CD.6080204@thelounge.net> Am 26.05.2014 13:01, schrieb Jochen Bern: > On -10.01.-28163 20:59, Reindl Harald wrote: >> Am 25.05.2014 01:18, schrieb Jochen Bern: >>> Legal requirements like, for example, these German ones: >>> http://www.recht-im-internet.de/themen/archivierung.htm >>> Note that the legalese addresses users acting in the name of a company, > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >>> *regardless* of what infrastructure they're using to do so > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> >> and *that is* why if you are sending with @domain1.example.com > ^^ ^^^^^^ >> you have to use the MTA responsible for @domain1.example.com > ^^^ > > And with the above highlighting, I shall rest my case of you never > understanding word one of what I wrote. WTF - how do you imagine to solve if someone is using his gmail account and gmail-address for sending a message? damned in that case *you are not resposible for anything* because you can't and the only one responsible for his mistake is the user doing so - social problems can't be solved on a technical level you started with: >> If I may answer your question with a question: How well does "*our* >> entire (outgoing-)mailserver" translate to "for all e-mails our *users* >> send, including those working at remote locations or with mobile >> devices", assuming that that latter is your actual goal? it *does not matter* the mobile device has to use the same mailserver as any other device and if the user using his ISP's MTA because he is too stupid to enter the correct configuration or willingly ignores it not your problem so please stop talking bullshit -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: From s.sabatier at pobox.com Mon May 26 11:53:36 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Mon, 26 May 2014 13:53:36 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <9E1DD88D-2736-400F-937A-E213B1754D23@skynet.be> References: <5382F4D8.50903@pobox.com> <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> <5383014A.5090502@pobox.com> <9E1DD88D-2736-400F-937A-E213B1754D23@skynet.be> Message-ID: <53832B40.30002@pobox.com> Le 26/05/2014 12:29, Reindl Harald a ?crit : > lmtp_destination_recipient_limit = 1 > lmtp_destination_concurrency_limit = 1 I tried to put both settings to main.cf and within master.cf under my 'dovecotfeed' service, but Postfix is still using one process to CC the email to my recipients? Even when I add the setting 'lmtp_discard_lhlo_keywords = PIPELINING' in Postfix's main.cf Stan. From rs at sys4.de Mon May 26 12:02:25 2014 From: rs at sys4.de (Robert Schetterer) Date: Mon, 26 May 2014 14:02:25 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <53832B40.30002@pobox.com> References: <5382F4D8.50903@pobox.com> <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> <5383014A.5090502@pobox.com> <9E1DD88D-2736-400F-937A-E213B1754D23@skynet.be> <53832B40.30002@pobox.com> Message-ID: <53832D51.8030404@sys4.de> Am 26.05.2014 13:53, schrieb Stanislas SABATIER: > Le 26/05/2014 12:29, Reindl Harald a ?crit : >> lmtp_destination_recipient_limit = 1 >> lmtp_destination_concurrency_limit = 1 > I tried to put both settings to main.cf and within master.cf under my > 'dovecotfeed' service, but Postfix is still using one process to CC the > email to my recipients? Even when I add the setting > 'lmtp_discard_lhlo_keywords = PIPELINING' in Postfix's main.cf > > Stan. > perhaps off topic, but for gpg with dovecot this may help too https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve https://code.google.com/p/gpg-mailgate/ Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From s.sabatier at pobox.com Mon May 26 12:12:43 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Mon, 26 May 2014 14:12:43 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <9E1DD88D-2736-400F-937A-E213B1754D23@skynet.be> References: <5382F4D8.50903@pobox.com> <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> <5383014A.5090502@pobox.com> <9E1DD88D-2736-400F-937A-E213B1754D23@skynet.be> Message-ID: <53832FBB.70804@pobox.com> Le 26/05/2014 12:19, Axel Luttgens a ?crit : > Now, from you Postfix setup description, you define dovecotfeed as a > unix service: >> dovecotfeed unix - - n - 2 lmtp >> -o lmtp_send_xforward_command=yes >> -o lmtp_tls_security_level=may > > but the virtual_transport seems to be overriden by a transport_maps query returning an inet thing: > >> dovecotfeed:[9.9.9.9]:26 > Wouldn't you have another definition for dovecotfeed somewhere else (in which case this could explain the ineffectiveness of '-o lmtp_destination_recipient_limit=1')? dovecotfeed unix is the normal configuration to define a lmtp client that will forward emails to [9.9.9.9]:26 > > That said, if you currently have a single transport, perhaps could you try to just put > > lmtp_destination_recipient_limit=1 > > into main.cf for testing purposes (works here as expected on my test machine). I've already done that but it did change the behavior. You said it works as expected on your test machine, but did you try to exactly reproduce my case ? ie : having 3 different users within 3 different domains all managed by Dovecot. User1 sends an email to someone outside and CC user2 and user3. Because, if I send an email from an outside account to someone and CC user2 and user3, everything is working perfectly at Dovecot's side, even if Postfix is launching a single process to deliver the email ! > > While I'm busy with those config matters, I also noticed: > >> service lmtp { >> inet_listener dovecot_lmtp { >> address = 10.10.10.10 >> port = 26 >> ssl = yes >> } >> process_min_avail = 5 >> } You're right, SSL is not working on Dovecot's LMTP. I need to remove this setting. Regards, Stan. From sca at andreasschulze.de Mon May 26 11:24:35 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Mon, 26 May 2014 13:24:35 +0200 Subject: [Dovecot] LDAP: allow pop3, restrict imap Message-ID: <20140526132435.Horde.sc_yFyuyNxZoVGeFFWtFlA1@horde.andreasschulze.de> Hello, I have all userdata in a ldapserver. Every user has the right to use pop3. There is no explicit attribute allowing that. It's simply possible. Now I like to add imap. For a starting period I like to restrict, who may use imap. http://wiki2.dovecot.org/Authentication/RestrictAccess mention a solution where I could modify ldap pass_filter. But that require an attribute "service=pop3" to be present in the ldap servers. In my case I have to add it for every existing user :-/ No way... Are there other options? Thanks, Andreas From listflo at ricam.oeaw.ac.at Mon May 26 13:27:48 2014 From: listflo at ricam.oeaw.ac.at (Florian) Date: Mon, 26 May 2014 15:27:48 +0200 Subject: [Dovecot] LDAP: allow pop3, restrict imap In-Reply-To: <20140526132435.Horde.sc_yFyuyNxZoVGeFFWtFlA1@horde.andreasschulze.de> References: <20140526132435.Horde.sc_yFyuyNxZoVGeFFWtFlA1@horde.andreasschulze.de> Message-ID: <4710378.WY7jLo4rbX@vulcan.ricint.oeaw.ac.at> Am Montag, 26. Mai 2014, 13:24:35 schrieben Sie: > Hello, > > I have all userdata in a ldapserver. Every user has the right to use pop3. > There is no explicit attribute allowing that. It's simply possible. > > Now I like to add imap. For a starting period I like to restrict, who > may use imap. > > http://wiki2.dovecot.org/Authentication/RestrictAccess mention a solution > where I could modify ldap pass_filter. But that require an attribute > "service=pop3" > to be present in the ldap servers. In my case I have to add it for > every existing user :-/ No way... Why not add the attribute to all your users? Simple bash magic, search with ldapsearch, use the results to create a ldif file with the suitable ldapadd commands, add it. 5 minutes of work, regardless how many users you have in your directory. Florian > Are there other options? > > Thanks, > Andreas -- Florian Tischler System Administrator *Johann Radon Institute for Computational and Applied Mathematics (RICAM) http://www.ricam.oeaw.ac.at/ florian.tischler at oeaw.ac.at *Industrial Mathematics Institute http://www.indmath.uni-linz.ac.at/ tischler at indmath.uni-linz.ac.at http://www.ricam.oeaw.ac.at/people/page.cgi?firstn=Florian;lastn=Tischler GPG-Key: http://www.ricam.oeaw.ac.at/gpg/florian_tischler.asc tel: +43 732 2468 5250 fax: +43 732 2468 5212 From florian.tischler at oeaw.ac.at Mon May 26 14:12:51 2014 From: florian.tischler at oeaw.ac.at (Florian Tischler) Date: Mon, 26 May 2014 16:12:51 +0200 Subject: [Dovecot] lazy_expunge and shared folders In-Reply-To: <1655855.hMDViD39ls@vulcan.ricint.oeaw.ac.at> References: <1655855.hMDViD39ls@vulcan.ricint.oeaw.ac.at> Message-ID: <3960101.rXVyUmmHoz@vulcan.ricint.oeaw.ac.at> Am Dienstag, 20. Mai 2014, 14:00:11 schrieben Sie: > Hi, > > since migration to Dovecot 2.2 I have troubles with lazy_expunge as soon > as a user shares a folder. The user the folder is shared to cannot login > anymore, dovecot logs Fatal: lazy_expunge: Unknown namespace: > '.EXPUNGED/' > > - When no folder is shared lazy_expunge is working fine, deleted mails are > moved to the expunged namespace and can be recovered without any > problems. - Sharing folders works as long as I disable lazy_expunge. > > I have used the config (with minor changes) with dovecot 2.0 for years > without any problem. Switching to dovecot 2.2.10 (atrps repository) or > 2.2.12 (dovecot enterprise repo) lazy_expunge and acl do not work together > anymore. Hi, unfortunately I got no response to the acl breaks lazy_expunge problem. Maybe the developers can give me some feedback? Is it supposed (not) to work? Will it be fixed? Currently it prevents me from sucessfully migration from 2.0 to 2.2 without losing features. Thanks, Florian > Is it a bug, a known limitation or is something wrong with my config? > Any hints are welcome. > > Thanks in advance, > Florian > > dovecot -n > > # 2.2.12.12 (03196f188677): /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-042stab085.20 x86_64 CentOS release 6.5 (Final) > auth_cache_negative_ttl = 10 mins > auth_cache_size = 10 M > auth_cache_ttl = 2 hours > auth_failure_delay = 10 secs > auth_mechanisms = plain login > auth_socket_path = /var/run/dovecot/auth-userdb > base_dir = /var/run/dovecot/ > disable_plaintext_auth = no > first_valid_gid = 105 > first_valid_uid = 105 > hostname = ... > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags > imap_idle_notify_interval = 10 mins > last_valid_uid = 105 > listen = ... > lmtp_save_to_detail_mailbox = yes > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c > mail_gid = vimap > mail_home = /var/imap/spool/%1n/%n > mail_location = mdbox:~/mdbox > mail_plugins = " fts fts_lucene acl" > mail_temp_dir = /var/imap/tmp > mail_uid = vimap > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave > mbox_write_locks = fcntl > mdbox_rotate_interval = 1 days > namespace { > list = children > location = > mdbox:/var/imap/spool/%%1n/%%n/mdbox:INDEXPVT=/var/imap/spool/%1n/%n/mdbox > /shared/%%u prefix = User/%%u/ > separator = / > subscriptions = no > type = shared > } > namespace expunged { > hidden = yes > list = no > location = mdbox:/var/imap/spool/%1n/%n/mdbox:MAILBOXDIR=expunged > prefix = .EXPUNGED/ > separator = / > subscriptions = no > type = private > } > namespace inbox { > inbox = yes > location = mdbox:/var/imap/spool/%1n/%n/mdbox > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Learn { > auto = subscribe > } > mailbox Learn/Ham { > auto = subscribe > } > mailbox Learn/Spam { > auto = subscribe > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Spam { > auto = subscribe > special_use = \Junk > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > mailbox virtual/All { > special_use = \All > } > mailbox virtual/Flagged { > special_use = \Flagged > } > prefix = > separator = / > type = private > } > passdb { > args = /etc/dovecot/master-users > driver = passwd-file > master = yes > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > passdb { > args = /etc/dovecot/extra-users > driver = passwd-file > } > plugin { > acl = vfile:/var/imap/global-acls:cache_secs=300 > acl_shared_dict = file:/var/imap/shared-mailboxes/shared-mailboxes > fts = lucene > fts_autoindex = yes > fts_lucene = whitespace_chars=@. > lazy_expunge = .EXPUNGED/ > lazy_expunge_only_last_instance = yes > recipient_delimiter = + > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_max_actions = 32 > sieve_max_redirects = 4 > sieve_max_script_size = 1M > } > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > postmaster_address = postmaster at ... > protocols = imap pop3 lmtp sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vimap > mode = 0600 > user = vimap > } > user = $default_internal_user > } > service imap-login { > process_min_avail = 4 > service_count = 0 > } > service imap { > process_limit = 1024 > vsz_limit = 256 M > } > service lmtp { > inet_listener lmtp { > address = ... > port = 24 > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > inet_listener sieve_deprecated { > port = 2000 > } > service_count = 1 > vsz_limit = 64 M > } > service pop3-login { > inet_listener pop3s { > port = 995 > ssl = yes > } > process_min_avail = 4 > service_count = 0 > } > service pop3 { > process_limit = 512 > } > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > userdb { > args = uid=vimap gid=vimap home=/var/imap/spool/%1n/%n > driver = static > } > protocol lda { > mail_plugins = " fts fts_lucene acl sieve" > } > protocol imap { > mail_max_userip_connections = 20 > mail_plugins = " fts fts_lucene acl imap_acl" > } > protocol lmtp { > mail_plugins = " fts fts_lucene acl sieve" > } > protocol sieve { > mail_max_userip_connections = 10 > managesieve_implementation_string = Dovecot Pigeonhole > managesieve_logout_format = bytes=%i/%o > managesieve_max_line_length = 65536 > } > protocol pop3 { > mail_max_userip_connections = 20 > } -- Florian Tischler System Administrator *Johann Radon Institute for Computational and Applied Mathematics (RICAM) http://www.ricam.oeaw.ac.at/ florian.tischler at oeaw.ac.at *Industrial Mathematics Institute http://www.indmath.uni-linz.ac.at/ tischler at indmath.uni-linz.ac.at http://www.ricam.oeaw.ac.at/people/page.cgi?firstn=Florian;lastn=Tischler GPG-Key: http://www.ricam.oeaw.ac.at/gpg/florian_tischler.asc tel: +43 732 2468 5250 fax: +43 732 2468 5212 From CMarcus at Media-Brokers.com Mon May 26 14:21:30 2014 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 26 May 2014 10:21:30 -0400 Subject: [Dovecot] socket /var/spool/postfix/private/auth not created In-Reply-To: <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> References: <1400925374776-48182.post@n4.nabble.com> <20140524104811.GA27246@nihlus.leuxner.net> <000001462e1a5b44-e0fc238c-652d-4469-9f87-e2bd915426b5-000000@email.amazonses.com> Message-ID: <53834DEA.6040406@Media-Brokers.com> On 5/24/2014 8:00 AM, Subscriptions wrote: > Made the changes, so entries in 10-master.conf are now: > > ------ > service auth { > unix_listener auth-userdb { > #mode = 0666 > #user = > #group = > } > > # Postfix smtp-auth > unix_listener /var/spool/postfix/private/auth { > mode = 0660 > user = postfix > group = postfix > } > # Auth process is run as this user. > #user = $default_internal_user > > } > > Entries in 10-auth.conf are as follows (ass suggested by another post > I found. > > ------------ > ... > auth_mechanisms = plain login > ... > > ----------- > > > Output from dovecot -n > > -------------- > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS ext4 > auth_mechanisms = plain cram-md5 > > protocols = imap pop3 > service auth { > executable = /usr/lib/dovecot/auth > user = root > } > service imap-login { > chroot = login > executable = /usr/lib/dovecot/imap-login > user = dovecot > } Sorry, but if you make changes to a dovecot config file, and those changes are not reflected in the doveconf -n output, then you are quite simply editing the wrong file. I don't see any evidence of the service auth change you made in that output, so you are editing the wrong config file(s). Best regards, Charles From sca at andreasschulze.de Mon May 26 14:39:50 2014 From: sca at andreasschulze.de (Andreas Schulze) Date: Mon, 26 May 2014 16:39:50 +0200 Subject: [Dovecot] LDAP: allow pop3, restrict imap In-Reply-To: <4710378.WY7jLo4rbX@vulcan.ricint.oeaw.ac.at> References: <20140526132435.Horde.sc_yFyuyNxZoVGeFFWtFlA1@horde.andreasschulze.de> <4710378.WY7jLo4rbX@vulcan.ricint.oeaw.ac.at> Message-ID: <20140526143932.GA7134@solar.andreasschulze.de> Florian: > Why not add the attribute to all your users? yeah, that would be really the simplest solution. Unfortunately the world is sometimes more complex. That's why I search for other ways... - multiple dovecot installations - different ldap filters based on imap or pop3 - other magic Andreas From alanm at sics.se Mon May 26 15:35:24 2014 From: alanm at sics.se (Alan McGinlay) Date: Mon, 26 May 2014 17:35:24 +0200 Subject: [Dovecot] LDAP: allow pop3, restrict imap In-Reply-To: <20140526143932.GA7134@solar.andreasschulze.de> References: <20140526132435.Horde.sc_yFyuyNxZoVGeFFWtFlA1@horde.andreasschulze.de> <4710378.WY7jLo4rbX@vulcan.ricint.oeaw.ac.at> <20140526143932.GA7134@solar.andreasschulze.de> Message-ID: On 2014-05-26 16:39, Andreas Schulze wrote: > Florian: > Why not add the attribute to all your users? > > yeah, that would be really the simplest solution. Unfortunately the > world > is sometimes more complex. That's why I search for other ways... > > - multiple dovecot installations > - different ldap filters based on imap or pop3 > - other magic > > Andreas You could probably do something with Perdition imap proxy (imap, pop and managesieve proxy). It is very flexible: http://horms.net/projects/perdition/ It can handle large numbers of users, very smooth and no performance issues. From dclist.hook at hook.net.nz Tue May 27 01:06:26 2014 From: dclist.hook at hook.net.nz (dclist.hook at hook.net.nz) Date: Tue, 27 May 2014 13:06:26 +1200 Subject: [Dovecot] Odd ownership of the dovecot-uidlist file Message-ID: <5383E512.4050506@hook.net.nz> Hi, We have just recently switched from Courier to Dovecot for both IMAAP and POP access for our shared hosting platform, and while the issues we have been seeing with Courier have gone away a new one has popped up. Unfortunately googling for an answer is difficult as it falls into the ownership and permissions category which people seem to have all the time. But in those cases it always happens, whereas what we are seeing is a random ownership change on the dovecot-uidlist file. Basically what we see is the user is able to login fine for days and then all of a sudden the file has changed ownership to a user under a different domain, what's worse is the other user has not even logged in during that time. Here's a snippet from a case from a month ago which was escalated to us, there are plenty of other examples but its so random we only know its happened when the customer complains or we happen to watch the logs, the current help desk procedure when the customer calls is to just fix the ownership of the file. -- 8<-- Mar 25 11:18:05 brio dovecot: pop3-login: Login: user=, method=PLAIN, rip=IP, lip=IP, mpid=21739, TLS, session= Mar 25 11:18:08 brio dovecot: pop3(accounts at DOMAIN1): Disconnected: Logged out top=0 (0 b), retr=4 (274142 b), messages=27 (10797760 b), del=0 Mar 25 11:19:24 brio dovecot: pop3(accounts at DOMAIN1): Error: open(/mnt/spool/keepers/t/DOMAIN1/accounts/Maildir/dovecot-uidlist) failed: Permission denied Mar 25 11:19:24 brio dovecot: pop3(accounts at DOAMIN1): Error: open(/mnt/spool/keepers/t/DOMAIN1/accounts/Maildir/dovecot-uidlist) failed: Permission denied -- 8<-- In this case the ownership of the file was: -rw------- 1 jacqui-30747 DOMAIN2 48839 Mar 25 10:31 dovecot-uidlist when it should be: -rw------- 1 accounts-25105 DOMAIN1 48839 Mar 25 10:32 dovecot-uidlist As you can see both the user and the group have changed to a different user as if that user had recreated the file. Its worth noting that the parent directory does not change: drwx------ 8 accounts-25105 DOMAIN1 4096 Mar 25 10:31 . so this user should not even be able to access this file. It would be great if someone can give us some hints where the problem maybe as this has us stumped. Some more detail if it helps: root at brio:~# dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 auth_mechanisms = plain login cram-md5 apop auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@& default_process_limit = 3000 disable_plaintext_auth = no lock_method = dotlock mail_fsync = always mail_location = maildir:~/Maildir:INDEX=/home/indexes/%1d/%n@%d mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " quota" maildir_stat_dirs = yes mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . subscriptions = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/dovecot-sql-cram.conf.ext driver = sql } plugin { quota = maildir:User quota } protocols = " imap pop3" service imap-login { inet_listener imap25 { port = 25143 } } service imap-postlogin { executable = script-login -d /usr/local/bin/postlogin.sh } service imap { executable = imap imap-postlogin } service pop3-login { inet_listener pop325 { port = 25110 } } service pop3 { executable = pop3 imap-postlogin } ssl_cert = We recently upgraded from Dovecot 1.2.15 (on Debian squeeze) to Dovecot 2.1.7 (on Debian wheezy/stable). For now, we continue to use FTS with Squat indexes. We'd like to eventually switch to Lucene but it's not yet supported in Debian stable. Since upgrading to 2.1.7, we've seen some problems with IMAP search results when an FTS Squat index is present (i.e., when the "dovecot.index.search" and "dovecot.index.search.uids" files are present). If it's present, even header searches sometimes give incorrect results (such as searches on FROM or SUBJECT headers). I'm wondering if this is a known issue with 2.1.7 and whether upgrading to a later version of Dovecot with Squat is likely to fix this (due to, say, ), or if Squat in all versions is a lost cause and I need to switch to Lucene. I can demonstrate the problem by showing the results of three searches on my mailbox. First, here are the correct results for header FTS searches when no "dovecot.index.search[.uids]" file is present: ---- . UID SEARCH FROM "Nick" * SEARCH 9 66 100 116 179 212 274 338 347 386 494 519 579 603 643 766 781 788 827 1107 1280 1626 1641 1667 1688 1702 1703 2184 2187 3202 3519 3716 3798 3885 3886 4024 4166 4345 4400 4401 4436 4491 4561 4595 4618 4676 4711 4712 4746 4788 4883 5217 5253 5577 5602 5722 . OK Search completed (0.059 secs). . UID SEARCH ALL FROM "Nick" * SEARCH 9 66 100 116 179 212 274 338 347 386 494 519 579 603 643 766 781 788 827 1107 1280 1626 1641 1667 1688 1702 1703 2184 2187 3202 3519 3716 3798 3885 3886 4024 4166 4345 4400 4401 4436 4491 4561 4595 4618 4676 4711 4712 4746 4788 4883 5217 5253 5577 5602 5722 . OK Search completed (0.058 secs). . UID SEARCH SUBJECT "Nick" * SEARCH 3466 3467 3507 . OK Search completed (0.054 secs). ---- These results are consistent (and correct) whether "mail_plugins = fts fts_squat" is enabled or not, as long as no "dovecot.index.search[.uids]" file is present. Now I generate an FTS index: ---- . UID SEARCH TEXT "Nick" * OK Indexed 98% of the mailbox, ETA 0:00 * OK Mailbox indexing finished * SEARCH 9 32 66 100 111 112 113 116 179 199 212 228 229 240 274 303 338 347 386 393 448 478 491 494 519 579 591 603 614 618 624 643 649 742 766 781 788 827 837 839 841 1095 1106 1107 1174 1188 1225 1227 1228 1240 1254 1261 1278 1280 1452 1482 1519 1520 1595 1626 1641 1656 1667 1688 1702 1703 1724 1758 2184 2187 2798 2883 2932 3034 3198 3202 3206 3230 3371 3432 3454 3457 3466 3467 3507 3519 3631 3637 3685 3702 3703 3716 3765 3798 3799 3803 3853 3854 3855 3857 3873 3885 3886 3962 3969 4024 4033 4050 4051 4058 4161 4166 4173 4176 4224 4273 4345 4400 4401 4436 4461 4490 4491 4498 4561 4595 4618 4651 4676 4711 4712 4713 4729 4731 4736 4737 4738 4739 4746 4786 4787 4788 4813 4816 4822 4847 4883 4885 4933 4941 4942 4957 4958 5029 5052 5097 5135 5136 5182 5217 5253 5271 5357 5543 5551 5565 5577 5589 5602 5612 5643 5692 5722 . OK Search completed (11.078 secs). ---- Now I run the same original three searches, but they return completely different results(!): ---- . UID SEARCH FROM "Nick" * SEARCH 9 66 100 116 179 212 228 240 274 338 347 386 448 494 519 579 603 643 766 781 788 827 1095 1107 1174 1240 1254 1261 1280 1595 1626 1641 1667 1688 1702 1703 1724 2184 2187 2883 2932 3202 3371 3432 3457 3466 3467 3507 3519 3631 3637 3685 3716 3765 3798 3803 3853 3854 3855 3885 3886 3969 4024 4050 4166 4176 4224 4345 4400 4401 4436 4461 4490 4491 4498 4561 4595 4618 4676 4711 4712 4729 4731 4746 4788 4883 5029 5135 5136 5182 5217 5253 5577 5602 5722 . OK Search completed (0.001 secs). . UID SEARCH ALL FROM "Nick" * SEARCH . OK Search completed (0.001 secs). . UID SEARCH SUBJECT "Nick" * SEARCH 9 66 100 116 179 212 228 240 274 338 347 386 448 494 519 579 603 643 766 781 788 827 1095 1107 1174 1240 1254 1261 1280 1595 1626 1641 1667 1688 1702 1703 1724 2184 2187 2883 2932 3202 3371 3432 3457 3466 3467 3507 3519 3631 3637 3685 3716 3765 3798 3803 3853 3854 3855 3885 3886 3969 4024 4050 4166 4176 4224 4345 4400 4401 4436 4461 4490 4491 4498 4561 4595 4618 4676 4711 4712 4729 4731 4746 4788 4883 5029 5135 5136 5182 5217 5253 5577 5602 5722 . OK Search completed (0.001 secs). ---- The "ALL" one returns nothing at all, even though an "AND" search on "ALL" should make no difference, and the "FROM" and "SUBJECT" ones now return identical incorrect results, many of which do not actually match the header requested when examined -- it's returning messages with "Nick" in *any* header. For example, message 9 does not contain "Nick" in the subject, despite the results shown above: ---- . FETCH 9 UID * 9 FETCH (UID 9) . OK Fetch completed. FETCH 9 BODY.PEEK[HEADER.FIELDS (SUBJECT)] * 9 FETCH (BODY[HEADER.FIELDS (SUBJECT)] {47} Subject: Re: Finishing Gallery support page ) . OK Fetch completed. ---- If I delete the "dovecot.index.search" and "dovecot.index.search.uids" files, or if I disable fts in the configuration entirely, the results immediately become correct again. As I mentioned above, I'm wondering if anyone knows the cause of (and fix for) this. Here's my doveconf -n: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 auth_master_user_separator = * auth_mechanisms = plain login auth_username_format = default_vsz_limit = 1 G disable_plaintext_auth = no lda_mailbox_autosubscribe = yes listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " login_log_format_elements = pid=[%p] user=<%u> method=%m rip=%r lip=%l %c mail_fsync = never mail_location = maildir:~/ mail_max_userip_connections = 100 mail_plugins = fts fts_squat mail_log notify managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave spamtest spamtestplus namespace { inbox = yes location = prefix = INBOX. separator = . type = private } namespace { hidden = yes inbox = no list = no location = prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot.users driver = passwd-file } passdb { args = /etc/dovecot/master-passwords driver = passwd-file master = yes pass = yes } plugin { fts = squat mail_log_events = copy expunge mail_log_fields = box msgid size from sieve = %h/mailbox.sieve sieve_after = %h/../../domain-after.sieve sieve_before = %h/../../domain-before.sieve sieve_dir = %h/sieve sieve_extensions = -reject +spamtest +spamtestplus sieve_global_dir = %h/../../sieve-global-include-scripts sieve_spamtest_max_value = 7 sieve_spamtest_status_header = X-Spam-Level sieve_spamtest_status_type = strlen } protocols = pop3 imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { process_min_avail = 8 service_count = 0 } service imap { process_limit = 2000 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service pop3-login { process_min_avail = 8 service_count = 0 } service pop3 { process_limit = 2000 } ssl = no userdb { args = /etc/dovecot/dovecot.users driver = passwd-file } verbose_proctitle = yes protocol imap { imap_client_workarounds = delay-newmail imap_logout_format = %i bytes in, %o bytes out } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_logout_format = ; %i bytes in, %o bytes out, %t top (%p bytes), %r retr (%b bytes), %d of %m deleted, mailbox size %s bytes pop3_uidl_format = UID%u-%v } protocol lda { mail_fsync = optimized mail_plugins = sieve postmaster_address = postmaster at tigertech.net sendmail_path = /usr/local/bin/dovecot-sendmail-wrapper } protocol lmtp { mail_fsync = optimized mail_plugins = sieve postmaster_address = postmaster at tigertech.net sendmail_path = /usr/local/bin/dovecot-sendmail-wrapper } -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/ From lists at tigertech.com Tue May 27 02:50:01 2014 From: lists at tigertech.com (Robert L Mathews) Date: Mon, 26 May 2014 19:50:01 -0700 Subject: [Dovecot] Odd ownership of the dovecot-uidlist file In-Reply-To: <5383E512.4050506@hook.net.nz> References: <5383E512.4050506@hook.net.nz> Message-ID: <5383FD59.9050809@tigertech.com> On 5/26/14, 6:06 PM, dclist.hook at hook.net.nz wrote: > It would be great if someone can give us some hints where the problem > maybe as this has us stumped. Have you tried "stat dovecot-uidlist" after it's changed to look at all three times of the file? The "Change" time is probably more interesting than the modification time. It should show the time that the ownership was altered or the file recreated, and maybe you can look at the logs to see what happened then. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/ From bajnokk at niif.hu Tue May 27 05:27:32 2014 From: bajnokk at niif.hu (Kristof Bajnok) Date: Tue, 27 May 2014 07:27:32 +0200 Subject: [Dovecot] SQL passdb, LDAP userdb Message-ID: <53842244.8030806@niif.hu> Hi, in my current setup, LDAP authentication + userdb works fine. I'd like to integrate Dovecot with Shibboleth. I have a custom module at the IdP (*) that inserts short-time tokens to an SQL table at user authentication, and I want Dovecot to use the token table for passdb but keep LDAP for storing the userdb (uid, quota, etc) I thought it was simple as omitting the sql user_query, but I got: Warning: mysql: Query failed, retrying: Table 'webmail.users' doesn't exist Error: sql(user at domain,ipaddr): User query failed: Table 'webmail.users' doesn't exist (using built-in default user_query: SELECT home, uid, gid FROM users WHERE username = '%n' AND domain = '%d') Do you have any hints how to do this? Thanks, Kristof (*): in SAML there is an Identity Provider that does user authentication, which is separated from the services From colin at theknoxes.co.uk Tue May 27 09:16:28 2014 From: colin at theknoxes.co.uk (Colin Knox) Date: Tue, 27 May 2014 10:16:28 +0100 Subject: [Dovecot] Segfault when deselecting virtual folder 2.2.13+ HG TIP In-Reply-To: References: <3e2262e6b94cbd0b6e452eb51d7447b0@theknoxes.co.uk> Message-ID: On 26/05/2014 02:26, Timo Sirainen wrote: > On 16.5.2014, at 16.33, Colin Knox wrote: > >> I'm seeing a segfault in the imap process with the current mercurial >> tip (including changeset 17382 e99cd21e1f92) when selecting a >> particular virtual mail folder (but no other virtual mailboxes) and >> then selecting a different mail folder as in the IMAP transcript >> below. The same segfaults are triggered with IMAP clients. The >> situation is worse with the 2.2.13 which segfaults when any virtual >> mailbox is deselected so the recent patch helps partially. > > http://hg.dovecot.org/dovecot-2.2/rev/5c6f49e2d8d9 should fix this. Fixed. Thank you. From klaus at tachtler.net Tue May 27 11:04:12 2014 From: klaus at tachtler.net (Klaus Tachtler) Date: Tue, 27 May 2014 13:04:12 +0200 Subject: [Dovecot] Problem with quota calculation... Message-ID: <20140527130412.Horde.9hnJRi6UwyYiRawTcxMCuQ1@buero.tachtler.net> Hello, since I changed the quota backend from maildir (maildir:User quota) to dictionary (dict:User quota::proxy::quota), I have problems with tha calculated size and messages count. --- Input/Output --- # du -hs 23M . # doveadm quota get -u ich at tachtler.net Quota name Type Value Limit % User quota STORAGE 46602 1024000 4 User quota MESSAGE 166 - 0 # doveadm quota recalc -u ich at tachtler.net # doveadm quota get -u ich at tachtler.net Quota name Type Value Limit % User quota STORAGE 23301 1024000 2 User quota MESSAGE 83 - 0 --- Input/Output ---- It seems, that all was counted twice? ----- doveconf -n ----- # dovecot -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.17.1.el6.x86_64 x86_64 CentOS release 6.5 (Final) auth_master_user_separator = * auth_mechanisms = plain digest-md5 cram-md5 login auth_verbose = yes dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } hostname = dovecot.tachtler.net listen = * mail_location = maildir:~/Maildir mail_plugins = " quota acl zlib mail_log notify" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace { list = children location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%%u prefix = shared/%%u/ separator = / subscriptions = yes type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX/ separator = / } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db mail_log_fields = uid box msgid size from quota = dict:User quota::proxy::quota quota_grace = 10%% quota_rule = INBOX/Trash:storage=+100M quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is over quota quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve zlib_save = gz zlib_save_level = 6 } postmaster_address = postmaster at tachtler.net protocols = imap lmtp sieve service auth { unix_listener auth-userdb { group = vmail user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { process_min_avail = 1 service_count = 0 } service lmtp { inet_listener lmtp { address = 192.168.0.80 port = 24 } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { address = 192.168.0.80 port = 12340 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh user = vmail } ssl_cert = Hi, in dovecot documentation i try to implement quota per users. i added dovecot-ldap.conf file user_attrs = homeDirectory=home, uidNumber=uid, gidNumber=gid, mailbox=mail, quota=quota_rule=*:bytes=%$ and i see in logs quota(quota_rule=*:bytes=%$)=*:bytes=241800 Debug: Added userdb setting: plugin/quota_rule=*:bytes=241800 but still mail is delivering , i'not sure other settings about 20-imap.conf and 20-pop3.conf from documentation. what is the correct steps for this? thanks in advance -- Sel?uk YAZAR From arthurdent.london at gmail.com Tue May 27 12:56:40 2014 From: arthurdent.london at gmail.com (Arthur Dent) Date: Tue, 27 May 2014 13:56:40 +0100 Subject: [Dovecot] Corrupted Mail? Message-ID: <1401195400.14196.11.camel@localhost> Hello All, I have a Dovecot v2.2.12 installation running on a Fedora 20 box which is the mailserver for my family. This means that it is serving only 4 accounts. I use fetchmail->procmail to feed Dovecot and I read my mail on clients such as Evolution on (another) Fedora 20 machine, iPad/iPhone or squirrelmail on the web (running on the same Fedora 20 server). The average mail throughput for the whole family is around a couple of hundred messages per day, but each (and every) day I get between 3 and 10 of the following messages: dovecot: imap(mark): Error: Next message unexpectedly corrupted in mbox file /home/mark/mail/MLists/Fail2Ban at 3407473: 1 Time(s) I have googled, but with little success. What I have found seemed to suggest that removing the .index files and allowing Dovecot to rebuild them will solve this. I did: find /home -type f -name "dovecot.index.*" -exec rm -f {} \; but it has made no difference. Can anyone help me solve this please? Thanks in advance Mark From apm at one.com Tue May 27 13:03:49 2014 From: apm at one.com (Peter Mogensen) Date: Tue, 27 May 2014 15:03:49 +0200 Subject: [Dovecot] dsync changing source permission to "root" in backup mode Message-ID: <53848D35.8070808@one.com> Hi, We have dsync failing once in a while when running in "backup" mode. What's strange is that the result is that the file permissions on the *source* machine ends up with the wrong permissions (set to uid 0). Even though the dsync manual clearly says: "Backup mails from default mail location to location2 (or vice versa, if -R parameter is given). No changes are ever done to the source location. Any changes done in destination are discarded." Running: 'dsync -R -o mail_home=/users/maildir backup ssh -c arcfour src-host "dsync -o mail_home=/users/maildir"' I know it's running as root, but even then ... it shouldn't modify the source in "backup" mode ?? The error message from dsync when failing is: dsync-remote(root): Error: Cached message size larger than expected (5292 > 5289) dsync-remote(root): Error: Maildir filename has wrong S value, renamed the file from /users/maildir/.Sent/cur/1381224782.M959810P3574.mail,S=5292,W=5411:2,S to /users/maildir/.Sent/cur/1381224782.M959810P3574.mail,S=5289:2,S dsync-remote(root): Error: Corrupted index cache file /users/maildir/.Sent/dovecot.index.cache: Broken physical size for mail UID 1040 dsync-remote(root): Error: dsync(dst-host): read(/users/maildir/.Sent/cur/1381224782.M959810P3574.mail,S=5292,W=5411:2,S) failed: Cached message size larger than expected (5292 > 5289) /Peter From apm at one.com Tue May 27 13:39:51 2014 From: apm at one.com (Peter Mogensen) Date: Tue, 27 May 2014 15:39:51 +0200 Subject: [Dovecot] dsync changing source permission to "root" in backup mode In-Reply-To: <53848D35.8070808@one.com> References: <53848D35.8070808@one.com> Message-ID: <538495A7.2040604@one.com> Oh ... sorry... I forgot the last log-line. (see below) btw... tested with versions: Between 2.2.12 in both ends, and between dst=2.2.12, src=2.2.13 On 2014-05-27 15:03, Peter Mogensen wrote: > The error message from dsync when failing is: > > dsync-remote(root): Error: Cached message size larger than expected > (5292 > 5289) > dsync-remote(root): Error: Maildir filename has wrong S value, renamed > the file from > /users/maildir/.Sent/cur/1381224782.M959810P3574.mail,S=5292,W=5411:2,S > to /users/maildir/.Sent/cur/1381224782.M959810P3574.mail,S=5289:2,S > dsync-remote(root): Error: Corrupted index cache file > /users/maildir/.Sent/dovecot.index.cache: Broken physical size for mail > UID 1040 > dsync-remote(root): Error: dsync(dst-host): > read(/users/maildir/.Sent/cur/1381224782.M959810P3574.mail,S=5292,W=5411:2,S) > failed: Cached message size larger than expected (5292 > 5289) dsync-local(root): Error: dsync(src-host): read() failed: read((fd)) failed: dot-input stream ends without '.' line From rs at sys4.de Tue May 27 13:44:21 2014 From: rs at sys4.de (Robert Schetterer) Date: Tue, 27 May 2014 15:44:21 +0200 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <1401195400.14196.11.camel@localhost> References: <1401195400.14196.11.camel@localhost> Message-ID: <538496B5.5040206@sys4.de> Am 27.05.2014 14:56, schrieb Arthur Dent: > Hello All, > > I have a Dovecot v2.2.12 installation running on a Fedora 20 box which > is the mailserver for my family. This means that it is serving only 4 > accounts. > > I use fetchmail->procmail to feed Dovecot and I read my mail on clients > such as Evolution on (another) Fedora 20 machine, iPad/iPhone or > squirrelmail on the web (running on the same Fedora 20 server). > > The average mail throughput for the whole family is around a couple of > hundred messages per day, but each (and every) day I get between 3 and > 10 of the following messages: > > dovecot: imap(mark): Error: Next message unexpectedly corrupted in mbox > file /home/mark/mail/MLists/Fail2Ban at 3407473: 1 Time(s) > > I have googled, but with little success. What I have found seemed to > suggest that removing the .index files and allowing Dovecot to rebuild > them will solve this. I did: > find /home -type f -name "dovecot.index.*" -exec rm -f {} \; > but it has made no difference. > > Can anyone help me solve this please? at this small setup simply use maildir as format and use getmail to fetch, sieve may do sorting see https://sys4.de/de/blog/2013/04/12/abholdienst-fur-mail/ sorry german but setup should speak for its own getmail does also deliver into maildir directly ( without dovecot deliver ) if you dont need to sort through sieve > > Thanks in advance > > Mark > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From arthurdent.london at gmail.com Tue May 27 14:04:14 2014 From: arthurdent.london at gmail.com (Arthur Dent) Date: Tue, 27 May 2014 15:04:14 +0100 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <538496B5.5040206@sys4.de> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> Message-ID: <1401199454.14196.14.camel@localhost> On Tue, 2014-05-27 at 15:44 +0200, Robert Schetterer wrote: > Am 27.05.2014 14:56, schrieb Arthur Dent: > > Hello All, > > > > I have a Dovecot v2.2.12 installation running on a Fedora 20 box which > > is the mailserver for my family. This means that it is serving only 4 > > accounts. > > > > I use fetchmail->procmail to feed Dovecot and I read my mail on clients > > such as Evolution on (another) Fedora 20 machine, iPad/iPhone or > > squirrelmail on the web (running on the same Fedora 20 server). > > > > The average mail throughput for the whole family is around a couple of > > hundred messages per day, but each (and every) day I get between 3 and > > 10 of the following messages: > > > > dovecot: imap(mark): Error: Next message unexpectedly corrupted in mbox > > file /home/mark/mail/MLists/Fail2Ban at 3407473: 1 Time(s) > > > > I have googled, but with little success. What I have found seemed to > > suggest that removing the .index files and allowing Dovecot to rebuild > > them will solve this. I did: > > find /home -type f -name "dovecot.index.*" -exec rm -f {} \; > > but it has made no difference. > > > > Can anyone help me solve this please? > > at this small setup simply use maildir as format > and use getmail to fetch, sieve may do sorting > > see > https://sys4.de/de/blog/2013/04/12/abholdienst-fur-mail/ > > sorry german but setup should speak for its own > > getmail does also deliver into maildir directly ( without dovecot deliver ) > if you dont need to sort through sieve Well thanks - but I have been using an mbox setup for about 10 years. It is only since I upgraded to F20 that I have been experiencing this problem. I may look at switching to maildir for the future, but for now that's too big a job... Any other ideas? Thanks Mark From rs at sys4.de Tue May 27 14:09:09 2014 From: rs at sys4.de (Robert Schetterer) Date: Tue, 27 May 2014 16:09:09 +0200 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <1401199454.14196.14.camel@localhost> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> <1401199454.14196.14.camel@localhost> Message-ID: <53849C85.7010802@sys4.de> Am 27.05.2014 16:04, schrieb Arthur Dent: > On Tue, 2014-05-27 at 15:44 +0200, Robert Schetterer wrote: >> Am 27.05.2014 14:56, schrieb Arthur Dent: >>> Hello All, >>> >>> I have a Dovecot v2.2.12 installation running on a Fedora 20 box which >>> is the mailserver for my family. This means that it is serving only 4 >>> accounts. >>> >>> I use fetchmail->procmail to feed Dovecot and I read my mail on clients >>> such as Evolution on (another) Fedora 20 machine, iPad/iPhone or >>> squirrelmail on the web (running on the same Fedora 20 server). >>> >>> The average mail throughput for the whole family is around a couple of >>> hundred messages per day, but each (and every) day I get between 3 and >>> 10 of the following messages: >>> >>> dovecot: imap(mark): Error: Next message unexpectedly corrupted in mbox >>> file /home/mark/mail/MLists/Fail2Ban at 3407473: 1 Time(s) >>> >>> I have googled, but with little success. What I have found seemed to >>> suggest that removing the .index files and allowing Dovecot to rebuild >>> them will solve this. I did: >>> find /home -type f -name "dovecot.index.*" -exec rm -f {} \; >>> but it has made no difference. >>> >>> Can anyone help me solve this please? >> >> at this small setup simply use maildir as format >> and use getmail to fetch, sieve may do sorting >> >> see >> https://sys4.de/de/blog/2013/04/12/abholdienst-fur-mail/ >> >> sorry german but setup should speak for its own >> >> getmail does also deliver into maildir directly ( without dovecot deliver ) >> if you dont need to sort through sieve > > Well thanks - but I have been using an mbox setup for about 10 years. It > is only since I upgraded to F20 that I have been experiencing this > problem. I may look at switching to maildir for the future, but for now > that's too big a job... > > Any other ideas? > > Thanks > > Mark > http://wiki2.dovecot.org/MboxProblems Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From arthurdent.london at gmail.com Tue May 27 14:28:31 2014 From: arthurdent.london at gmail.com (Arthur Dent) Date: Tue, 27 May 2014 15:28:31 +0100 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <53849C85.7010802@sys4.de> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> <1401199454.14196.14.camel@localhost> <53849C85.7010802@sys4.de> Message-ID: <1401200911.14196.17.camel@localhost> On Tue, 2014-05-27 at 16:09 +0200, Robert Schetterer wrote: > Am 27.05.2014 16:04, schrieb Arthur Dent: > > On Tue, 2014-05-27 at 15:44 +0200, Robert Schetterer wrote: > >> Am 27.05.2014 14:56, schrieb Arthur Dent: > >>> Hello All, > >>> > >>> I have a Dovecot v2.2.12 installation running on a Fedora 20 box which > >>> is the mailserver for my family. This means that it is serving only 4 > >>> accounts. > >>> > >>> I use fetchmail->procmail to feed Dovecot and I read my mail on clients > >>> such as Evolution on (another) Fedora 20 machine, iPad/iPhone or > >>> squirrelmail on the web (running on the same Fedora 20 server). > >>> > >>> The average mail throughput for the whole family is around a couple of > >>> hundred messages per day, but each (and every) day I get between 3 and > >>> 10 of the following messages: > >>> > >>> dovecot: imap(mark): Error: Next message unexpectedly corrupted in mbox > >>> file /home/mark/mail/MLists/Fail2Ban at 3407473: 1 Time(s) > >>> > >>> I have googled, but with little success. What I have found seemed to > >>> suggest that removing the .index files and allowing Dovecot to rebuild > >>> them will solve this. I did: > >>> find /home -type f -name "dovecot.index.*" -exec rm -f {} \; > >>> but it has made no difference. > >>> > >>> Can anyone help me solve this please? > >> > >> at this small setup simply use maildir as format > >> and use getmail to fetch, sieve may do sorting > >> > >> see > >> https://sys4.de/de/blog/2013/04/12/abholdienst-fur-mail/ > >> > >> sorry german but setup should speak for its own > >> > >> getmail does also deliver into maildir directly ( without dovecot deliver ) > >> if you dont need to sort through sieve > > > > Well thanks - but I have been using an mbox setup for about 10 years. It > > is only since I upgraded to F20 that I have been experiencing this > > problem. I may look at switching to maildir for the future, but for now > > that's too big a job... > > > > Any other ideas? > > > > Thanks > > > > Mark > > > > http://wiki2.dovecot.org/MboxProblems OK - Unless I'm missing something, all that page (which I'd already read) tells me is that I may have to delete the dovecot.index file(s) - which I've don (several times). I still have the same problem. Every single day. Anything else? From patrick at spamreducer.eu Tue May 27 14:45:50 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Tue, 27 May 2014 16:45:50 +0200 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <1401200911.14196.17.camel@localhost> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> <1401199454.14196.14.camel@localhost> <53849C85.7010802@sys4.de> <1401200911.14196.17.camel@localhost> Message-ID: <002d01cf79ba$5a9ed3b0$0fdc7b10$@spamreducer.eu> > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Arthur > Dent > Gesendet: Dienstag, 27. Mai 2014 16:29 > An: dovecot at dovecot.org > Betreff: Re: [Dovecot] Corrupted Mail? > > On Tue, 2014-05-27 at 16:09 +0200, Robert Schetterer wrote: > > Am 27.05.2014 16:04, schrieb Arthur Dent: > > > On Tue, 2014-05-27 at 15:44 +0200, Robert Schetterer wrote: > > >> Am 27.05.2014 14:56, schrieb Arthur Dent: > > >>> Hello All, > > >>> > > >>> I have a Dovecot v2.2.12 installation running on a Fedora 20 box > > >>> which is the mailserver for my family. This means that it is > > >>> serving only 4 accounts. > > >>> > > >>> I use fetchmail->procmail to feed Dovecot and I read my mail on > > >>> clients such as Evolution on (another) Fedora 20 machine, > > >>> iPad/iPhone or squirrelmail on the web (running on the same Fedora > 20 server). > > >>> > > >>> The average mail throughput for the whole family is around a > > >>> couple of hundred messages per day, but each (and every) day I get > > >>> between 3 and > > >>> 10 of the following messages: > > >>> > > >>> dovecot: imap(mark): Error: Next message unexpectedly corrupted in > > >>> mbox file /home/mark/mail/MLists/Fail2Ban at 3407473: 1 Time(s) > > >>> > > >>> I have googled, but with little success. What I have found seemed > > >>> to suggest that removing the .index files and allowing Dovecot to > > >>> rebuild them will solve this. I did: > > >>> find /home -type f -name "dovecot.index.*" -exec rm -f {} \; but > > >>> it has made no difference. > > >>> > > >>> Can anyone help me solve this please? > > >> > > >> at this small setup simply use maildir as format and use getmail to > > >> fetch, sieve may do sorting > > >> > > >> see > > >> https://sys4.de/de/blog/2013/04/12/abholdienst-fur-mail/ > > >> > > >> sorry german but setup should speak for its own > > >> > > >> getmail does also deliver into maildir directly ( without dovecot > > >> deliver ) if you dont need to sort through sieve > > > > > > Well thanks - but I have been using an mbox setup for about 10 > > > years. It is only since I upgraded to F20 that I have been > > > experiencing this problem. I may look at switching to maildir for > > > the future, but for now that's too big a job... > > > > > > Any other ideas? > > > > > > Thanks > > > > > > Mark > > > > > > > http://wiki2.dovecot.org/MboxProblems > > OK - Unless I'm missing something, all that page (which I'd already > read) tells me is that I may have to delete the dovecot.index file(s) - which > I've don (several times). I still have the same problem. Every single day. > > Anything else? You would *really* not change do Maildir format? It's not so difficult to switch over.. and you will have working and simple mailfolders.. (also backup and restore would be a simple task).. So, why won't you change at all? From rs at sys4.de Tue May 27 14:53:53 2014 From: rs at sys4.de (Robert Schetterer) Date: Tue, 27 May 2014 16:53:53 +0200 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <1401200911.14196.17.camel@localhost> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> <1401199454.14196.14.camel@localhost> <53849C85.7010802@sys4.de> <1401200911.14196.17.camel@localhost> Message-ID: <5384A701.4000102@sys4.de> Am 27.05.2014 16:28, schrieb Arthur Dent: > On Tue, 2014-05-27 at 16:09 +0200, Robert Schetterer wrote: >> Am 27.05.2014 16:04, schrieb Arthur Dent: >>> On Tue, 2014-05-27 at 15:44 +0200, Robert Schetterer wrote: >>>> Am 27.05.2014 14:56, schrieb Arthur Dent: >>>>> Hello All, >>>>> >>>>> I have a Dovecot v2.2.12 installation running on a Fedora 20 box which >>>>> is the mailserver for my family. This means that it is serving only 4 >>>>> accounts. >>>>> >>>>> I use fetchmail->procmail to feed Dovecot and I read my mail on clients >>>>> such as Evolution on (another) Fedora 20 machine, iPad/iPhone or >>>>> squirrelmail on the web (running on the same Fedora 20 server). >>>>> >>>>> The average mail throughput for the whole family is around a couple of >>>>> hundred messages per day, but each (and every) day I get between 3 and >>>>> 10 of the following messages: >>>>> >>>>> dovecot: imap(mark): Error: Next message unexpectedly corrupted in mbox >>>>> file /home/mark/mail/MLists/Fail2Ban at 3407473: 1 Time(s) >>>>> >>>>> I have googled, but with little success. What I have found seemed to >>>>> suggest that removing the .index files and allowing Dovecot to rebuild >>>>> them will solve this. I did: >>>>> find /home -type f -name "dovecot.index.*" -exec rm -f {} \; >>>>> but it has made no difference. >>>>> >>>>> Can anyone help me solve this please? >>>> >>>> at this small setup simply use maildir as format >>>> and use getmail to fetch, sieve may do sorting >>>> >>>> see >>>> https://sys4.de/de/blog/2013/04/12/abholdienst-fur-mail/ >>>> >>>> sorry german but setup should speak for its own >>>> >>>> getmail does also deliver into maildir directly ( without dovecot deliver ) >>>> if you dont need to sort through sieve >>> >>> Well thanks - but I have been using an mbox setup for about 10 years. It >>> is only since I upgraded to F20 that I have been experiencing this >>> problem. I may look at switching to maildir for the future, but for now >>> that's too big a job... >>> >>> Any other ideas? >>> >>> Thanks >>> >>> Mark >>> >> >> http://wiki2.dovecot.org/MboxProblems > > OK - Unless I'm missing something, all that page (which I'd already > read) tells me is that I may have to delete the dovecot.index file(s) - > which I've don (several times). I still have the same problem. Every > single day. > > Anything else? > ... Avoiding crashes and errors Since the problems usually have been related to broken headers, you should be able to avoid them by filtering out all the Dovecot's internal metadata headers. This is a good idea to do in any case. If you use Dovecot LDA it does this filtering automatically do you use dovecot lda ? Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From arthurdent.london at gmail.com Tue May 27 17:27:09 2014 From: arthurdent.london at gmail.com (Arthur Dent) Date: Tue, 27 May 2014 18:27:09 +0100 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <002d01cf79ba$5a9ed3b0$0fdc7b10$@spamreducer.eu> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> <1401199454.14196.14.camel@localhost> <53849C85.7010802@sys4.de> <1401200911.14196.17.camel@localhost> <002d01cf79ba$5a9ed3b0$0fdc7b10$@spamreducer.eu> Message-ID: <1401211629.16783.13.camel@localhost> On Tue, 2014-05-27 at 16:45 +0200, Patrick De Zordo wrote: > > You would *really* not change do Maildir format? > It's not so difficult to switch over.. and you will have working and simple mailfolders.. (also backup and restore would be a simple task).. > > So, why won't you change at all? Well - the more I read about this, the more I think you're right. Perhaps I should convert to Maildir - but I'm terrified... I have seen that there is a script - mb2md - that I can use, but what changes do I need to make elsewhere? I get my mail from a variety of ISP and online email accounts using fetchmail. I guess there's no change needed there? That feeds into procmail. I think I will have to change the mail procmail configuration file and ALL my procmail recipe rc files (I have many) - which filter into several different mboxs? Within one of the procmail recipes I call spamassassin and clamscan. Will they be a problem? Then Dovecot. What changes do i need to make within Dovecot? What about the clients? Do I need to configure squirrelmail, Evolution or iPad/iPhone email clients? I archive old mail using archivemail. I think this can cope with maildir format, but it archives to a mbox - which I guess is not a problem except when I want to retrieve something from the archive - but I think I can use Mutt for that? Is there anything else I should consider? I have the day off tomorrow. I might have a go - what do you think? Thanks Mark From larryrtx at gmail.com Tue May 27 17:30:45 2014 From: larryrtx at gmail.com (Larry Rosenman) Date: Tue, 27 May 2014 12:30:45 -0500 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <1401211629.16783.13.camel@localhost> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> <1401199454.14196.14.camel@localhost> <53849C85.7010802@sys4.de> <1401200911.14196.17.camel@localhost> <002d01cf79ba$5a9ed3b0$0fdc7b10$@spamreducer.eu> <1401211629.16783.13.camel@localhost> Message-ID: If you can have as much of the read/write via Dovecot(IMAP Daemon), most of the pain is on the initial conversion. If, on the other hand, you have programs/scripts that access the mboxes/maildir's directly, there will be pain/work for each program/script that touches the file(s)/directories. On Tue, May 27, 2014 at 12:27 PM, Arthur Dent wrote: > On Tue, 2014-05-27 at 16:45 +0200, Patrick De Zordo wrote: > > > > > You would *really* not change do Maildir format? > > It's not so difficult to switch over.. and you will have working and > simple mailfolders.. (also backup and restore would be a simple task).. > > > > So, why won't you change at all? > > Well - the more I read about this, the more I think you're right. > Perhaps I should convert to Maildir - but I'm terrified... > > I have seen that there is a script - mb2md - that I can use, but what > changes do I need to make elsewhere? > > I get my mail from a variety of ISP and online email accounts using > fetchmail. I guess there's no change needed there? > > That feeds into procmail. I think I will have to change the mail > procmail configuration file and ALL my procmail recipe rc files (I have > many) - which filter into several different mboxs? > > Within one of the procmail recipes I call spamassassin and clamscan. > Will they be a problem? > > Then Dovecot. What changes do i need to make within Dovecot? > > What about the clients? Do I need to configure squirrelmail, Evolution > or iPad/iPhone email clients? > > I archive old mail using archivemail. I think this can cope with maildir > format, but it archives to a mbox - which I guess is not a problem > except when I want to retrieve something from the archive - but I think > I can use Mutt for that? > > Is there anything else I should consider? > > I have the day off tomorrow. I might have a go - what do you think? > > Thanks > > Mark > > > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 From patrick at spamreducer.eu Tue May 27 17:41:34 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Tue, 27 May 2014 19:41:34 +0200 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <1401211629.16783.13.camel@localhost> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> <1401199454.14196.14.camel@localhost> <53849C85.7010802@sys4.de> <1401200911.14196.17.camel@localhost> <002d01cf79ba$5a9ed3b0$0fdc7b10$@spamreducer.eu> <1401211629.16783.13.camel@localhost> Message-ID: <003101cf79d2$e6ebf470$b4c3dd50$@spamreducer.eu> > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Arthur > Dent > Gesendet: Dienstag, 27. Mai 2014 19:27 > An: dovecot at dovecot.org > Betreff: Re: [Dovecot] Corrupted Mail? > > On Tue, 2014-05-27 at 16:45 +0200, Patrick De Zordo wrote: > > > > > You would *really* not change do Maildir format? > > It's not so difficult to switch over.. and you will have working and simple > mailfolders.. (also backup and restore would be a simple task).. > > > > So, why won't you change at all? > > Well - the more I read about this, the more I think you're right. > Perhaps I should convert to Maildir - but I'm terrified... > > I have seen that there is a script - mb2md - that I can use, but what changes > do I need to make elsewhere? > I would prefer work with dsync (maybe in 2 steps), it preserves message UIDs.. and that's what you really want. > I get my mail from a variety of ISP and online email accounts using fetchmail. I > guess there's no change needed there? > Think it wouldn't change anything, it just gets mail from remote server and gives it to the local one.. Are all the messages available as a copy on the ISP side or are they purged on every fetch and so they are just available on your server locally? > That feeds into procmail. I think I will have to change the mail procmail > configuration file and ALL my procmail recipe rc files (I have > many) - which filter into several different mboxs? > Personally never use procmail.. working with sieve scripts. > Within one of the procmail recipes I call spamassassin and clamscan. > Will they be a problem? > You could use amavis; it "glues" alltogether.. Are you using postfix as MTA? > Then Dovecot. What changes do i need to make within Dovecot? > > What about the clients? Do I need to configure squirrelmail, Evolution or > iPad/iPhone email clients? > > I archive old mail using archivemail. I think this can cope with maildir format, > but it archives to a mbox - which I guess is not a problem except when I want > to retrieve something from the archive - but I think I can use Mutt for that? > Are you working with virtualized server or bare metal? > Is there anything else I should consider? > > I have the day off tomorrow. I might have a go - what do you think? > > Thanks > > Mark > > From Albert.Whale at IT-Security-inc.com Tue May 27 18:33:53 2014 From: Albert.Whale at IT-Security-inc.com (Albert Whale) Date: Tue, 27 May 2014 14:33:53 -0400 Subject: [Dovecot] dovecot 2.1.15 hangs while connecting. Message-ID: <5384DA91.4000902@IT-Security-inc.com> I am using Dovecot in two Server environments. My Legacy (5 years+ old) servers are running dovecot 1.1.20, and are responding as expected. These servers are using an NFS based storage for the /home directory structure, and are working beautifully. However, I need to replace these inefficient servers, and get more current. That brings me to the problem, where I am implementing Dovecot 2.1.15, which does not complete the authentication cycle. I have converted the 1.1.20 configuration using the documentation available, and I have the following for my running configuration (which is not working): # 2.1.15: /etc/dovecot/dovecot.conf # OS: Linux 3.8.13.4-server-1.mga3 i686 Mageia 3 auth_debug = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no lock_method = dotlock login_greeting = SpamZapper Email ready. login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c mail_debug = yes mail_fsync = always mail_location = maildir:~/Maildir mail_nfs_index = yes mail_nfs_storage = yes mail_privileged_group = mail mmap_disable = yes passdb { driver = pam } protocols = imap pop3 service auth { user = root } service imap-login { chroot = login client_limit = 256 user = dovecot } service pop3-login { chroot = login client_limit = 256 user = dovecot } ssl = no userdb { driver = passwd } verbose_proctitle = yes protocol pop3 { mail_max_userip_connections = 50 pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_uidl_format = %08Xv%08Xu } protocol lda { postmaster_address = postmaster at example.com } I have captured the Debug output of the dovecot process while attempting to connect: May 27 13:02:10 ns dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=pop3#011session=IzAYqGT6pgBCz4Xk#011lip=66.207.133.227#011rip=66.207.133.228#011lport=110#011rport=38566#011resp= May 27 13:02:10 ns dovecot: auth-worker(551): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth May 27 13:02:10 ns dovecot: auth-worker(551): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so May 27 13:02:10 ns dovecot: auth-worker(551): Debug: pam(aewhale,66.207.133.228): lookup service=dovecot May 27 13:02:10 ns dovecot: auth-worker(551): Debug: pam(aewhale,66.207.133.228): #1/1 style=1 msg=Password: May 27 13:02:10 ns dovecot: auth: Debug: client passdb out: OK#0111#011user=aewhale May 27 13:02:10 ns dovecot: auth: Debug: master in: REQUEST#0112671116289#011453#0111#01174d85bf0d878139a83e682a869786da9 May 27 13:02:10 ns dovecot: auth-worker(551): Debug: passwd(aewhale,66.207.133.228): lookup May 27 13:02:10 ns dovecot: auth: Debug: master userdb out: USER#0112671116289#011aewhale#011system_groups_user=aewhale#011uid=501#011gid=501#011home=/home/aewhale May 27 13:02:10 ns dovecot: pop3-login: Login: user=, method=PLAIN, rip=66.207.133.228, lip=66.207.133.227 May 27 13:02:10 ns dovecot: pop3(aewhale): Debug: Effective uid=501, gid=501, home=/home/aewhale May 27 13:02:10 ns dovecot: pop3(aewhale): Debug: maildir++: root=/home/aewhale/Maildir, index=, control=, inbox=/home/aewhale/Maildir, alt= All processing stops here. This is an NFS Storage Mail Spool, which works on 1.1.20 but not 2.1.15? What other pink elephants have I missed? Thank you for your assistance. -- Albert E. Whale, CEH CHS CISA CISSP *President - Chief Security Officer* http://www.IT-Security-inc.com - IT Security, Inc. Phone: 412-515-3010 | Email: Albert.Whale at IT-Security-inc.com Cell: 412-889-6870 From kremels at kreme.com Tue May 27 20:01:51 2014 From: kremels at kreme.com (LuKreme) Date: Tue, 27 May 2014 14:01:51 -0600 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <1401211629.16783.13.camel@localhost> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> <1401199454.14196.14.camel@localhost> <53849C85.7010802@sys4.de> <1401200911.14196.17.camel@localhost> <002d01cf79ba$5a9ed3b0$0fdc7b10$@spamreducer.eu> <1401211629.16783.13.camel@localhost> Message-ID: <08EB725C-3BEC-450D-A7F4-4E40CC0B8D9A@kreme.com> On 27 May 2014, at 11:27 , Arthur Dent wrote: > That feeds into procmail. I think I will have to change the mail > procmail configuration file and ALL my procmail recipe rc files (I have > many) - which filter into several different mboxs? Depends on how you've setup your procmailrc. For example, I filter to establish where the mail is going to be filed. This falls through to the last recipe which is simply :0 .$DLVR/ where $DLVR has been set in previous recipes. (mostly, I do cheap a few times and deliver mail early, but then again, the vast majority of my mail is handled by one recipe, so by count of messages I'm very efficient.) -- There is a road, no simple highway, between the dawn and the dark of night From larryrtx at gmail.com Tue May 27 20:03:43 2014 From: larryrtx at gmail.com (Larry Rosenman) Date: Tue, 27 May 2014 15:03:43 -0500 Subject: [Dovecot] doveadm fts: mbox/lucene-indexes, and other errors Message-ID: I turned on fts_autoindex today, and wanted to rescan all my mailboxes.... Ran doveadm -Dv fts rescan, and garnered: thebighonker.lerctr.org /home/ler/mail $ doveadm -Dv fts rescan doveadm(ler): Debug: Loading modules from directory: /usr/local/lib/dovecot doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/lib20_fts_plugin.so doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/lib21_fts_lucene_plugin.so doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/lib90_stats_plugin.so doveadm(ler): Debug: Loading modules from directory: /usr/local/lib/dovecot/doveadm doveadm(ler): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: Undefined symbol "acl_user_module" (this is usually intentional, so just ignore this message) doveadm(ler): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: Undefined symbol "expire_set_lookup" (this is usually intentional, so just ignore this message) doveadm(ler): Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so: Undefined symbol "quota_user_module" (this is usually intentional, so just ignore this message) doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so doveadm(ler): Debug: Effective uid=1002, gid=1002, home=/home/ler doveadm(ler): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:~/mail:INBOX=~/mail/INBOX doveadm(ler): Debug: fs: root=/home/ler/mail, index=, indexpvt=, control=, inbox=/home/ler/mail/INBOX, alt= doveadm(ler): Debug: Namespace archive: type=private, prefix=#ARCHIVE/, sep=/, inbox=no, hidden=no, list=no, subscriptions=yes location=mbox:~/MAILARCHIVE doveadm(ler): Debug: mbox: INBOX defaulted to /home/ler/MAILARCHIVE/inbox doveadm(ler): Debug: fs: root=/home/ler/MAILARCHIVE, index=, indexpvt=, control=, inbox=/home/ler/MAILARCHIVE/inbox, alt= doveadm(ler): Error: Couldn't get mailbox lucene-indexes/dovecot-expunges.log GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_a1.cfs GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_9t.cfs GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_9z.cfs GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_9t_1.del GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/segments.gen GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_9u.cfs GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_a0.cfs GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_9x.cfs GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_9v.cfs GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/segments_ke GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_9w.cfs GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_9y.cfs GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_5w.cfs GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: Couldn't get mailbox lucene-indexes/_5w_1.del GUID: Mailbox isn't a valid mbox file doveadm(ler): Error: lucene: Couldn't open mailbox (error in mailbox with GUID=21ba3234186a115376580000bbe98eac): Internal error occurred. Refer to server log for more information. [2014-05-27 14:59:45] doveadm(ler): Error: lucene: Couldn't open mailbox (error in mailbox with GUID=77614b1bb0383a530fb30000bbe98eac): Internal error occurred. Refer to server log for more information. [2014-05-27 14:59:45] doveadm(ler): Error: lucene: Couldn't open mailbox (error in mailbox with GUID=c77d8c12ac6b115348590000bbe98eac): Internal error occurred. Refer to server log for more information. [2014-05-27 14:59:45] doveadm(ler): Error: lucene: Couldn't open mailbox (error in mailbox with GUID=d07d8c12ac6b115348590000bbe98eac): Internal error occurred. Refer to server log for more information. [2014-05-27 14:59:45] doveadm(ler): Error: fts rescan failed thebighonker.lerctr.org /home/ler/mail $ 1) why doesn't Dovecot make the lucene-indexes directory \NoSelect or invisible? 2) how can I find the error(s) for the internal errors? (I looked in my debug.maillog and find NOTHING). Dovecot 2.2.13 FreeBSD 10.0 dovecot -n: thebighonker.lerctr.org /home/ler/mail $ dovecot -n # 2.2.13: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-STABLE amd64 auth_default_realm = lerctr.org auth_mechanisms = plain login auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org auth_username_format = %Ln disable_plaintext_auth = no lda_mailbox_autocreate = yes lmtp_save_to_detail_mailbox = yes login_access_sockets = tcpwrap mail_debug = yes mail_location = mbox:~/mail:INBOX=~/mail/INBOX mail_plugins = fts fts_lucene stats mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace archive { hidden = no inbox = no list = no location = mbox:~/MAILARCHIVE prefix = "#ARCHIVE/" separator = / } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox INBOX { auto = create } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = failure_show_msg=yes session=yes max_requests=20 driver = pam } plugin { fts = lucene fts_autoindex = yes fts_lucene = whitespace_chars=@. normalize no_snowball sieve = ~/.dovecot.sieve sieve_dir = ~/sieve stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 5s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } service auth { unix_listener auth-client { mode = 0666 } unix_listener auth-master { mode = 0666 } } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0666 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } ssl_cert = References: Message-ID: Arthur Dent writes: > I get my mail from a variety of ISP and online email accounts using > fetchmail. I guess there's no change needed there? > > That feeds into procmail. I think I will have to change the mail > procmail configuration file and ALL my procmail recipe rc files (I have > many) - which filter into several different mboxs? As others have intimated, the use of procmail as your LDA is causing your mailbox to become inconsistent with respect to your indices. Procmail is appending your messages to mailboxes, but is ignorant of the existence of dovecot indices, and does not update them. When your IMAP service access those mailboxes, it detects this condition, and that's the log messages you are seeing. I think those messages are benign -- you can probably ignore it. Dovecot will automatically rebuild them. The alternative is to let dovecot's be responsible for message delivery: it can then update the indices, and IMAP/POP will find consistent indices. Try this at the end of procmailrc for regular delivery to the INBOX ################################################################################ # Replace default action using dovecot-lda to maintains caches. ################################################################################ :0 w | /location/of/dovecot-lda -d $USER For for non-INBOX filtering, try something like :0 Hw *^Subject: TEST |/location/of/dovecot-lda -d $USER -m testbox Joseph Tam From amateo at um.es Wed May 28 06:04:42 2014 From: amateo at um.es (Angel L. Mateo) Date: Wed, 28 May 2014 08:04:42 +0200 Subject: [Dovecot] [dovecot]Quota per user from openldap In-Reply-To: References: Message-ID: <53857C7A.7020907@um.es> El 27/05/14 13:05, Selcuk Yazar escribi?: > Hi, > > in dovecot documentation i try to implement quota per users. > > > i added dovecot-ldap.conf file > user_attrs = homeDirectory=home, uidNumber=uid, gidNumber=gid, > mailbox=mail, quota=quota_rule=*:bytes=%$ > > > > and i see in logs > quota(quota_rule=*:bytes=%$)=*:bytes=241800 > > Debug: Added userdb setting: plugin/quota_rule=*:bytes=241800 > > but still mail is delivering , i'not sure other settings about 20-imap.conf > and 20-pop3.conf from documentation. what is the correct steps for this? > My working configuration is: pass_attrs = ...,quota=userdb_quota_rule user_attrs = ...,quota=quota_rule And entries in ldap have attribute as: quota: *:storage=20G -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337 From arthurdent.london at gmail.com Wed May 28 07:03:46 2014 From: arthurdent.london at gmail.com (Arthur Dent) Date: Wed, 28 May 2014 08:03:46 +0100 Subject: [Dovecot] Corrupted Mail? In-Reply-To: References: Message-ID: <1401260626.2251.9.camel@localhost> On Tue, 2014-05-27 at 16:31 -0700, Joseph Tam wrote: > Arthur Dent writes: > > > I get my mail from a variety of ISP and online email accounts using > > fetchmail. I guess there's no change needed there? > > > > That feeds into procmail. I think I will have to change the mail > > procmail configuration file and ALL my procmail recipe rc files (I have > > many) - which filter into several different mboxs? > > As others have intimated, the use of procmail as your LDA is causing your > mailbox to become inconsistent with respect to your indices. Procmail is > appending your messages to mailboxes, but is ignorant of the existence > of dovecot indices, and does not update them. When your IMAP service > access those mailboxes, it detects this condition, and that's the log > messages you are seeing. > > I think those messages are benign -- you can probably ignore it. > Dovecot will automatically rebuild them. > > The alternative is to let dovecot's be responsible for message delivery: > it can then update the indices, and IMAP/POP will find consistent indices. > > Try this at the end of procmailrc for regular delivery to the INBOX > > ################################################################################ > # Replace default action using dovecot-lda to maintains caches. > ################################################################################ > :0 w > | /location/of/dovecot-lda -d $USER > > For for non-INBOX filtering, try something like > > :0 Hw > *^Subject: TEST > |/location/of/dovecot-lda -d $USER -m testbox Thanks Joseph - this is really useful. By coincidence (whilst researching all of this) last night I cam across this page: http://wiki2.dovecot.org/procmail which says exactly what you suggested. I tried it as an experiment on just one of my mailing list recipes. It didn't work and dropped through to my default inbox. This is what I have: :0 w * ^List-Id:.*users.lists.fedoraproject.org | $DELIVER -m $DESTDIR/MLists/Fedora where: DELIVER=/usr/libexec/dovecot/deliver DESTDIR=/home/mark/mail/ are defined in a the main procmailrc This is what I found in the procmail log: lda: Fatal: destination user parameter (-d user) not given procmail: Program failure (64) of "/usr/libexec/dovecot/deliver" procmail: Couldn't determine implicit lockfile from "spamc" >From users-bounces at lists.fedoraproject.org Wed May 28 01:39:03 2014 Subject: Five Things in Fedora This Week (2014-05-27) Why did this mail not get delivered to /home/mark/mail/MLists/Fedora? Thanks again Mark From selcuk.yazar at gmail.com Wed May 28 09:01:49 2014 From: selcuk.yazar at gmail.com (Selcuk Yazar) Date: Wed, 28 May 2014 12:01:49 +0300 Subject: [Dovecot] both perosnal and global sieve scripts Message-ID: Hi we have redhat 6 EL and dovecot 2.0.9 personel scripts running with no problem, but now i try to add global scripts for sieve i added parameters sieve_global_path = /var/lib/dovecot/sieve/default.sieve sieve_global_dir = /var/lib/dovecot/sieve/ and create folder with owned vmail and creat script default.sieve require ["fileinto"]; # rule:[Move Spam to Junk Folder] if header :is "X-Spam-Flag" "YES" { fileinto "Spam"; stop; } if header :contains ["Subject"] "**global**" { fileinto "Spam" ; stop ; } keep; after that when try to compile this script it says mbox: INBOX defaulted to /home/vmail/domains//root/inbox fs: root=/home/vmail/domains//root, index=, control=, inbox=/home/vmail/domains//root/inbox i think sievec doesnt recognazi mail_location or anothers things, when i try to sent e-mail, it didn't deliver also i saw root folder after domains folder. any idea our conf is dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-131.6.1.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.0 (Santiago) ext4 auth_debug = yes auth_debug_passwords = yes auth_default_realm = ........................edu.tr auth_mechanisms = plain login auth_verbose = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no first_valid_uid = 97 info_log_path = /var/log/dovecot.info last_valid_uid = 5000 mail_debug = yes mail_gid = 1001 mail_location = mbox:/home/vmail/domains/%d/%u mail_uid = 1001 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/dovecot-ldap.conf.ext driver = ldap } plugin { quota = maildir:User quota quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /var/sieve-scripts/%u.sieve sieve_dir = /home/vmail/domains/sieve/%n/.sieve } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { mode = 0600 user = vmail } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } ssl = no ssl_cert = References: <5382F4D8.50903@pobox.com> <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> <5383014A.5090502@pobox.com> <9E1DD88D-2736-400F-937A-E213B1754D23@skynet.be> <53832FBB.70804@pobox.com> Message-ID: <994F7763-1272-4A7C-B375-109C8E41EADE@skynet.be> Le 26 mai 2014 ? 14:12, Stanislas SABATIER a ?crit : > [...] > I've already done that but it did change the behavior. > You said it works as expected on your test machine, but did you try to > exactly reproduce my case ? ie : having 3 different users within 3 > different domains all managed by Dovecot. User1 sends an email to > someone outside and CC user2 and user3. Hello Stanislas, I just meant that putting: lmtp_destination_recipient_limit=1 in main.cf yields here the expected result: one message per recipient. The idea was to have a quick check for a possible overlap of user settings (whether because of your code or Dovecot's one, or your configs). I was hoping to perform some tests on my side, but I'm currently stuck: I'm unable to trigger the filters here (makes me remind of another yet unresolved problem, possibly related to a somewhat peculiar passdb/userdb I'm using here). Still investigating... > Because, if I send an email from an outside account to someone and CC > user2 and user3, everything is working perfectly at Dovecot's side, even > if Postfix is launching a single process to deliver the email ! > [...] Hmmm... I don't fully understand, but it seems you're adding new info to this thread. Could you elaborate (inside vs "outside account", "working perfectly"...)? Axel From arthurdent.london at gmail.com Wed May 28 09:43:12 2014 From: arthurdent.london at gmail.com (Arthur Dent) Date: Wed, 28 May 2014 10:43:12 +0100 Subject: [Dovecot] Change to Maildir format (Was:Corrupted Mail?) In-Reply-To: <1401211629.16783.13.camel@localhost> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> <1401199454.14196.14.camel@localhost> <53849C85.7010802@sys4.de> <1401200911.14196.17.camel@localhost> <002d01cf79ba$5a9ed3b0$0fdc7b10$@spamreducer.eu> <1401211629.16783.13.camel@localhost> Message-ID: <1401270192.2251.11.camel@localhost> I am seriously considering the change to Maildir format. I am however more than a little concerned that this could all go horribly wrong. This is what I am planning. Does it look sane? Checklist 1) Stop the mail queue (essentially stop fetchmail) 2) Stop Dovecot 3) Backup all mbox files 4) Edit all procmail recipes (actually I will probably do this first - working with copies - because this will be time-consuming) See below. 5) Convert mbox files to maildir using either mb2md or dsync (to be decided) 6) Change Dovecot config Actually - As far as I can tell no configuration change is required. Dovecot should just recognise the directories as maildirs. Is this right? 7) Restart Dovecot 8) Restart Fetchmail Have I missed anything? Procmail scripts: ================= I am quite concerned about this. I have a directory structure such as: Home Inbox <-mbox Work Inbox <-mbox HobbyFile <-mbox Malware <-directory L> Spam <-mbox L> Virus <-mbox MLists <-directory L> Fedora <-mbox L> Dovecot <-mbox L> Spamassassin <-mbox L> ...etc... My current procmail recipe for one example look like this: :0: * ^List-Id:.*users.lists.fedoraproject.org $DESTDIR/MLists/Fedora I'm guessing it would need to change to: :0 * ^List-Id:.*users.lists.fedoraproject.org $DESTDIR/.MLists.Fedora/ Is that right??? (Note: remove locking colon ":" and use of "." and trailing "/" in path) Please advise - I am rather nervous of making a rather big mess here! Thanks Mark From lstone19 at stonejongleux.com Wed May 28 11:13:41 2014 From: lstone19 at stonejongleux.com (Larry Stone) Date: Wed, 28 May 2014 06:13:41 -0500 Subject: [Dovecot] Corrupted Mail? In-Reply-To: <1401260626.2251.9.camel@localhost> References: <1401260626.2251.9.camel@localhost> Message-ID: On May 28, 2014, at 2:03 AM, Arthur Dent wrote: >> Try this at the end of procmailrc for regular delivery to the INBOX >> >> ################################################################################ >> # Replace default action using dovecot-lda to maintains caches. >> ################################################################################ >> :0 w >> | /location/of/dovecot-lda -d $USER >> >> For for non-INBOX filtering, try something like >> >> :0 Hw >> *^Subject: TEST >> |/location/of/dovecot-lda -d $USER -m testbox > > Thanks Joseph - this is really useful. > > By coincidence (whilst researching all of this) last night I cam across > this page: > http://wiki2.dovecot.org/procmail > which says exactly what you suggested. I tried it as an experiment on > just one of my mailing list recipes. It didn't work and dropped through > to my default inbox. This is what I have: > > :0 w > * ^List-Id:.*users.lists.fedoraproject.org > | $DELIVER -m $DESTDIR/MLists/Fedora > But that?s not exactly what was suggested above. It?s missing the ?-d $USER?. > where: > DELIVER=/usr/libexec/dovecot/deliver > DESTDIR=/home/mark/mail/ > are defined in a the main procmailrc > > This is what I found in the procmail log: > lda: Fatal: destination user parameter (-d user) not given > procmail: Program failure (64) of "/usr/libexec/dovecot/deliver" > procmail: Couldn't determine implicit lockfile from "spamc" > From users-bounces at lists.fedoraproject.org Wed May 28 01:39:03 2014 > Subject: Five Things in Fedora This Week (2014-05-27) > > Why did this mail not get delivered to /home/mark/mail/MLists/Fedora? As the error above says, it?s missing the ?-d $USER? from the example above. -- Larry Stone lstone19 at stonejongleux.com http://www.stonejongleux.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4160 bytes Desc: not available URL: From sven at svenhartge.de Wed May 28 12:27:16 2014 From: sven at svenhartge.de (Sven Hartge) Date: Wed, 28 May 2014 14:27:16 +0200 Subject: [Dovecot] Corrupted Mail? References: <1401260626.2251.9.camel@localhost> Message-ID: <7an79bsp0rv8@mids.svenhartge.de> Larry Stone wrote: > On May 28, 2014, at 2:03 AM, Arthur Dent wrote: >> DELIVER=/usr/libexec/dovecot/deliver >> DESTDIR=/home/mark/mail/ >> :0 w >> * ^List-Id:.*users.lists.fedoraproject.org >> | $DELIVER -m $DESTDIR/MLists/Fedora > But that?s not exactly what was suggested above. It?s missing the ?-d $USER?. And I guess the mailbox name at -m is wrong. This gets expanded to: | /usr/libexec/dovecot/deliver -d mark -m /home/mark/mail/MLists/Fedora But with "-m" you have to use the mailbox name dovecot uses, which could be for example "INBOX.MLists.Fedora" or "INBOX/MLists/Fedora" or "MLists.Fedora" or even "MLists/Fedora" depending on your namespace configuration. I suggest to use "doveadm mailbox list" to find out what the dovecot name of the target mailbox is. Gr??e, Sven. -- Sigmentation fault. Core dumped. From patrick at spamreducer.eu Wed May 28 13:04:56 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Wed, 28 May 2014 15:04:56 +0200 Subject: [Dovecot] Change to Maildir format (Was:Corrupted Mail?) In-Reply-To: <1401270192.2251.11.camel@localhost> References: <1401195400.14196.11.camel@localhost> <538496B5.5040206@sys4.de> <1401199454.14196.14.camel@localhost> <53849C85.7010802@sys4.de> <1401200911.14196.17.camel@localhost> <002d01cf79ba$5a9ed3b0$0fdc7b10$@spamreducer.eu> <1401211629.16783.13.camel@localhost> <1401270192.2251.11.camel@localhost> Message-ID: <010d01cf7a75$6c333010$44999030$@spamreducer.eu> > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Arthur > Dent > Gesendet: Mittwoch, 28. Mai 2014 11:43 > An: dovecot at dovecot.org > Betreff: [Dovecot] Change to Maildir format (Was:Corrupted Mail?) > > I am seriously considering the change to Maildir format. I am however more > than a little concerned that this could all go horribly wrong. This is what I am > planning. Does it look sane? > > Checklist > > 1) Stop the mail queue (essentially stop fetchmail) > 2) Stop Dovecot > 3) Backup all mbox files > 4) Edit all procmail recipes (actually I will probably do this first - working with > copies - because this will be time-consuming) See below. > 5) Convert mbox files to maildir using either mb2md or dsync (to be > decided) > 6) Change Dovecot config > Actually - As far as I can tell no configuration change is required. > Dovecot should just recognise the directories as maildirs. Is this right? > 7) Restart Dovecot > 8) Restart Fetchmail > This would be nice, yes, BUT never ever go to script this and let it run without manual assisting! Since you are doing this the first time, I would prefer to test this steps a) on a different server or at least b) with a testaccount. Then you have to test all scripts and other special settings with this mailbox, till you can be sure it all went well. Then "one-by-one" could be migrated.. (again, just 2-3 users..) Recheck again.. > Have I missed anything? > > Procmail scripts: > ================= > > I am quite concerned about this. I have a directory structure such as: > > Home Inbox <-mbox > Work Inbox <-mbox > HobbyFile <-mbox > Malware <-directory > L> Spam <-mbox > L> Virus <-mbox > MLists <-directory > L> Fedora <-mbox > L> Dovecot <-mbox > L> Spamassassin <-mbox > L> ...etc... > > My current procmail recipe for one example look like this: > :0: > * ^List-Id:.*users.lists.fedoraproject.org > $DESTDIR/MLists/Fedora > > I'm guessing it would need to change to: > :0 > * ^List-Id:.*users.lists.fedoraproject.org > $DESTDIR/.MLists.Fedora/ > > Is that right??? > (Note: remove locking colon ":" and use of "." and trailing "/" in path) I'm not using procmail, but it seems that procmail is pasting the messages directly in to the maildirectory; this is *VERY* bad, since every message should (or better have to) be delivered by dovecot himself into the maildirectory. (for example for indexing purpose, caching, ..) Something like: ---8<----------------------------------------------------------------------- :0 w | /location/of/dovecot-lda -d $USER ---8<----------------------------------------------------------------------- > > Please advise - I am rather nervous of making a rather big mess here! > > Thanks > > Mark From s.sabatier at pobox.com Wed May 28 14:41:02 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Wed, 28 May 2014 16:41:02 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <994F7763-1272-4A7C-B375-109C8E41EADE@skynet.be> References: <5382F4D8.50903@pobox.com> <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> <5383014A.5090502@pobox.com> <9E1DD88D-2736-400F-937A-E213B1754D23@skynet.be> <53832FBB.70804@pobox.com> <994F7763-1272-4A7C-B375-109C8E41EADE@skynet.be> Message-ID: <5385F57E.8020208@pobox.com> Le 28/05/2014 11:12, Axel Luttgens a ?crit : >> Because, if I send an email from an outside account to someone and CC >> user2 and user3, everything is working perfectly at Dovecot's side, even >> if Postfix is launching a single process to deliver the email ! >> [...] > Hmmm... I don't fully understand, but it seems you're adding new info to this thread. > Could you elaborate (inside vs "outside account", "working perfectly"...)? > > Axel Hello, I tried to explain my specific case in my first post to the list (first mail of this thread, may 24) : I have 3 (virtuals) users belonging to 3 different domains, all managed by my Dovecot server. One of these users (user1) is connected to my Dovecot with MUA Thunderbird, and he's writing an email to someone outside of my domains (ie someone at yahoo.com for example), but he puts two others users' email addresses belonging to my domains in CC. To sum up, here are the headers : (CASE 1) *from : user1 at mydomain1* to: someone at yahoo.com CC: user2 at mydomain2, user3 at mydomaine3 In this specific situation, Dovecot receives one email from Postfix for user2 and user3. Dovecot is creating two user contexts, load mail-filter plugin with user2 params, it saves the email, then it loads mail-filter plugin with user3 params BUT, instead of reading the original email from Postfix, Dovecot is trying to read the email from user2 (I see an istream opening in logs) and pass it to user3. That fails because, in this context, Dovecot can't access user2's email that has been encrypt by my mail-filter. On the other hand, if someone outside of my domains (therefore not connected to my Dovecot) is sending the same email, with user2 and user3 in CC, Dovecot is not handling the email the same way, while receiving the same email from Postfix. To sum up, here are the headers : (CASE 2) *from : someone at gmail.com* to : someone at yahoo.com CC: user2 at mydomain2, user3 at mydomaine3 In this situation, Dovecot receives one email from Postfix for user2 and user3 (same situation than case 1). Dovecot is creating two user contexts, load mail-filter plugin with user2 params, it saves the email, then it loads mail-filter plugin with user3 params and save the email with user3 params. And I can say ? working perfectly ? ! All the same, in case 1 and case 2, Dovecot is receiving ONE email over LMTP from Postfix. Regards, Stan. From Albert.Whale at IT-Security-inc.com Wed May 28 14:59:35 2014 From: Albert.Whale at IT-Security-inc.com (Albert Whale) Date: Wed, 28 May 2014 10:59:35 -0400 Subject: [Dovecot] dovecot 2.1.15 hangs while connecting. In-Reply-To: <5384DA91.4000902@IT-Security-inc.com> References: <5384DA91.4000902@IT-Security-inc.com> Message-ID: <5385F9D7.1090403@IT-Security-inc.com> Can anyone tell me if this is a permission issue? IF so, what are the expected permissions for 2.1.15? (because the 1.1.20 version works fine). Thank you. P.S. I will consider working with someone to resolve this condition. On 5/27/2014 2:33 PM, Albert Whale wrote: > I am using Dovecot in two Server environments. My Legacy (5 years+ > old) servers are running dovecot 1.1.20, and are responding as > expected. These servers are using an NFS based storage for the /home > directory structure, and are working beautifully. However, I need to > replace these inefficient servers, and get more current. > > That brings me to the problem, where I am implementing Dovecot 2.1.15, > which does not complete the authentication cycle. I have converted > the 1.1.20 configuration using the documentation available, and I have > the following for my running configuration (which is not working): > > # 2.1.15: /etc/dovecot/dovecot.conf > # OS: Linux 3.8.13.4-server-1.mga3 i686 Mageia 3 > auth_debug = yes > base_dir = /var/run/dovecot/ > disable_plaintext_auth = no > lock_method = dotlock > login_greeting = SpamZapper Email ready. > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c > mail_debug = yes > mail_fsync = always > mail_location = maildir:~/Maildir > mail_nfs_index = yes > mail_nfs_storage = yes > mail_privileged_group = mail > mmap_disable = yes > passdb { > driver = pam > } > protocols = imap pop3 > service auth { > user = root > } > service imap-login { > chroot = login > client_limit = 256 > user = dovecot > } > service pop3-login { > chroot = login > client_limit = 256 > user = dovecot > } > ssl = no > userdb { > driver = passwd > } > verbose_proctitle = yes > protocol pop3 { > mail_max_userip_connections = 50 > pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s > pop3_uidl_format = %08Xv%08Xu > } > protocol lda { > postmaster_address = postmaster at example.com > } > > I have captured the Debug output of the dovecot process while > attempting to connect: > > May 27 13:02:10 ns dovecot: auth: Debug: client in: > AUTH#0111#011PLAIN#011service=pop3#011session=IzAYqGT6pgBCz4Xk#011lip=66.207.133.227#011rip=66.207.133.228#011lport=110#011rport=38566#011resp= > May 27 13:02:10 ns dovecot: auth-worker(551): Debug: Loading modules > from directory: /usr/lib/dovecot/modules/auth > May 27 13:02:10 ns dovecot: auth-worker(551): Debug: Module loaded: > /usr/lib/dovecot/modules/auth/libdriver_mysql.so > May 27 13:02:10 ns dovecot: auth-worker(551): Debug: > pam(aewhale,66.207.133.228): lookup service=dovecot > May 27 13:02:10 ns dovecot: auth-worker(551): Debug: > pam(aewhale,66.207.133.228): #1/1 style=1 msg=Password: > May 27 13:02:10 ns dovecot: auth: Debug: client passdb out: > OK#0111#011user=aewhale > May 27 13:02:10 ns dovecot: auth: Debug: master in: > REQUEST#0112671116289#011453#0111#01174d85bf0d878139a83e682a869786da9 > May 27 13:02:10 ns dovecot: auth-worker(551): Debug: > passwd(aewhale,66.207.133.228): lookup > May 27 13:02:10 ns dovecot: auth: Debug: master userdb out: > USER#0112671116289#011aewhale#011system_groups_user=aewhale#011uid=501#011gid=501#011home=/home/aewhale > May 27 13:02:10 ns dovecot: pop3-login: Login: user=, > method=PLAIN, rip=66.207.133.228, lip=66.207.133.227 > May 27 13:02:10 ns dovecot: pop3(aewhale): Debug: Effective uid=501, > gid=501, home=/home/aewhale > May 27 13:02:10 ns dovecot: pop3(aewhale): Debug: maildir++: > root=/home/aewhale/Maildir, index=, control=, > inbox=/home/aewhale/Maildir, alt= > > All processing stops here. > > This is an NFS Storage Mail Spool, which works on 1.1.20 but not > 2.1.15? What other pink elephants have I missed? > > Thank you for your assistance. > > > > -- Albert E. Whale, CEH CHS CISA CISSP *President - Chief Security Officer* http://www.IT-Security-inc.com - IT Security, Inc. Phone: 412-515-3010 | Email: Albert.Whale at IT-Security-inc.com Cell: 412-889-6870 From django at nausch.org Wed May 28 17:33:21 2014 From: django at nausch.org (Django [BOfH]) Date: Wed, 28 May 2014 19:33:21 +0200 Subject: [Dovecot] Problem with quota calculation... In-Reply-To: <20140527130412.Horde.9hnJRi6UwyYiRawTcxMCuQ1@buero.tachtler.net> References: <20140527130412.Horde.9hnJRi6UwyYiRawTcxMCuQ1@buero.tachtler.net> Message-ID: <53861DE1.7070704@nausch.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HI Klaus, Am 27.05.2014 13:04, schrieb Klaus Tachtler: > since I changed the quota backend from maildir, I have problems > with tha calculated size and messages count. BTW, quota for two accounts? ;) A little bit oversized, isn't it? ROFTL cu on Friday! Django - -- "Bonnie & Clyde der Postmaster-Szene!" approved by Postfix-God http://wetterstation-pliening.info http://dokuwiki.nausch.org http://wiki.piratenpartei.de/Benutzer:Django -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJThh3gAAoJEAdOz2FQpr/t9LYQAIGzjTNYWJqUSY/VlDqHtnY7 Mxtf4bkzqsyanbAfH2GV8c9SjnJTdE0tmmfCTbvkzE6gQ2Uv2nsVTQhXzOqjo1D8 ujGhQF+bxAolcYeMIWK4RPDGnGSRpdSwZogfSBXutS6GJspKzNUbDJBnOyw9yyWr gKWbrmjSTnMf8wphxUsKEbY2OMxticPdUsJmRYMEeuL7e8wgQcQkb7IbsMVeukxl zmyVyR8jwwKV9fOKNqVvAjASA6yJlMXGzUceerI1qFBPWqP2IvGIjM6opULef5nr YDd9vj6sLJL6Q2qe8je+EtTreiFVX6+0mOSaqc5/4gAwwrKXTGNr7KOzgwsf+L1G Y+p3Yo1J4bgPUFe6KPYcg6CU2AwM0PwZ107j2hMHqg//3alNnX3sNuXEtZUGaO7S lxu5+LkpMWKw69+v2XvcRTCBaxJrjcXc8YGm5o9rzEm3gI1DslSOfa3SzE8RtmUL LmgAHNxYKzhxJr6Qw0XIbqUT+e5mPzV/AQoMIhhGwJXApoCoBTGjE7Q2/DFFb0Y9 gziO9dN8NvgBLyerQUbpj3a3C43vMlXSKI2BaKRuRJGTDcl0CeIE+ag3jtMpIyLW 59CYeYwy2k9qlqn+DfHwP3hRrBbSZ6K5Lw+KE3F1jYDwEnLpc//HPqoCFFMgG39b WJU89J/WZ9KwhrmTXCST =Veq9 -----END PGP SIGNATURE----- From chrisvaas at gmail.com Wed May 28 22:06:47 2014 From: chrisvaas at gmail.com (Chris Vaas) Date: Thu, 29 May 2014 00:06:47 +0200 Subject: [Dovecot] Filed to write auth token secret file Message-ID: Hey guys, I am getting the following error. It seems not be be severe, since my setup works without any signs of drawbacks. But I'd rather rely on a professional opinion. May 28 23:02:54 example dovecot: auth: Error: open(/var/run/dovecot/auth-token-secret.dat.tmp) failed: Permission denied May 28 23:02:54 example dovecot: auth: Error: Failed to write auth token secret file; returned tokens will be invalid once auth restarts Thanks in advance Chris From jtam.home at gmail.com Wed May 28 22:26:20 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 28 May 2014 15:26:20 -0700 (PDT) Subject: [Dovecot] Corrupted Mail? In-Reply-To: References: Message-ID: > * ^List-Id:.*users.lists.fedoraproject.org > | $DELIVER -m $DESTDIR/MLists/Fedora You removed the '-d' parameter -- it may or may not work without it, but you'll need it in a virtual user setup. I'm not sure whether procmail sets $USER by itself or it gets passed as an environment variable, so if $USER is not working, use $LOGNAME, or better yet, just hardcode the value if this is your own script. Also, the -m parameter is the name of a mailbox, not a pathname, so I think "MLists/Fedora" is what you want. > This is what I found in the procmail log: > lda: Fatal: destination user parameter (-d user) not given Well, this error couldn't be more explicit, can it? Joseph Tam From larryrtx at gmail.com Wed May 28 22:49:35 2014 From: larryrtx at gmail.com (Larry Rosenman) Date: Wed, 28 May 2014 17:49:35 -0500 Subject: [Dovecot] Filed to write auth token secret file In-Reply-To: References: Message-ID: Check the permissions on the directory referenced. On May 28, 2014 5:06 PM, "Chris Vaas" wrote: > Hey guys, > I am getting the following error. It seems not be be severe, since my setup > works without any signs of drawbacks. But I'd rather rely on a professional > opinion. > > May 28 23:02:54 example dovecot: auth: Error: > open(/var/run/dovecot/auth-token-secret.dat.tmp) failed: Permission denied > May 28 23:02:54 example dovecot: auth: Error: Failed to write auth token > secret file; returned tokens will be invalid once auth restarts > > Thanks in advance > Chris > From chrisvaas at gmail.com Wed May 28 22:52:18 2014 From: chrisvaas at gmail.com (Chris Vaas) Date: Thu, 29 May 2014 00:52:18 +0200 Subject: [Dovecot] Filed to write auth token secret file In-Reply-To: References: Message-ID: What permissions should I have on the folder /var/run/dovecot ? The owner is root and the group dovecot in my case. The access bits are drwxr-xr-x. On Thu, May 29, 2014 at 12:49 AM, Larry Rosenman wrote: > Check the permissions on the directory referenced. > On May 28, 2014 5:06 PM, "Chris Vaas" wrote: > >> Hey guys, >> I am getting the following error. It seems not be be severe, since my >> setup >> works without any signs of drawbacks. But I'd rather rely on a >> professional >> opinion. >> >> May 28 23:02:54 example dovecot: auth: Error: >> open(/var/run/dovecot/auth-token-secret.dat.tmp) failed: Permission denied >> May 28 23:02:54 example dovecot: auth: Error: Failed to write auth token >> secret file; returned tokens will be invalid once auth restarts >> >> Thanks in advance >> Chris >> > From larryrtx at gmail.com Wed May 28 23:07:21 2014 From: larryrtx at gmail.com (Larry Rosenman) Date: Wed, 28 May 2014 18:07:21 -0500 Subject: [Dovecot] Filed to write auth token secret file In-Reply-To: References: Message-ID: Here is the entire contents of mine. drwxr-xr-x 5 root wheel 35 May 27 21:01 . drwxr-xr-x 14 root wheel 35 May 28 03:01 .. srw------- 1 root wheel 0 May 24 14:12 anvil srw------- 1 root wheel 0 May 24 14:12 anvil-auth-penalty srw-rw-rw- 1 dovecot wheel 0 May 27 21:01 auth-client srw------- 1 dovecot wheel 0 May 27 21:01 auth-login srw-rw-rw- 1 root wheel 0 May 27 21:01 auth-master -rw------- 1 root wheel 32 May 24 14:12 auth-token-secret.dat srw-rw-rw- 1 dovecot wheel 0 May 27 21:01 auth-userdb srw------- 1 dovecot wheel 0 May 27 21:01 auth-worker srw------- 1 root wheel 0 May 27 21:01 config srw------- 1 root wheel 0 May 27 21:01 dict srw------- 1 root wheel 0 May 27 21:01 director-admin srw------- 1 root wheel 0 May 27 21:01 director-userdb srw-rw-rw- 1 root wheel 0 May 27 21:01 dns-client srw------- 1 root wheel 0 May 27 21:01 doveadm-server lrwx------ 1 root wheel 35 May 24 14:12 dovecot.conf -> /usr/local/etc/dovecot/dovecot.conf drwxr-xr-x 2 root wheel 2 May 24 14:12 empty srw-rw-rw- 1 root wheel 0 May 27 21:01 imap-urlauth srw------- 1 dovecot wheel 0 May 27 21:01 imap-urlauth-worker srw-rw-rw- 1 root wheel 0 May 27 21:01 indexer srw------- 1 dovecot wheel 0 May 27 21:01 indexer-worker srw------- 1 root wheel 0 May 27 21:01 ipc srw-rw-rw- 1 root wheel 0 May 27 21:01 lmtp srw------- 1 root wheel 0 May 27 21:01 log-errors drwxr-x--- 2 root dovenull 9 May 27 21:01 login -rw------- 1 root wheel 4 May 24 14:12 master.pid -rw-r--r-- 1 root wheel 86 May 24 14:12 mounts srw------- 1 root wheel 0 May 27 21:01 replication-notify prw------- 1 root wheel 0 May 27 21:01 replication-notify-fifo srw------- 1 dovecot wheel 0 May 27 21:01 replicator srw-rw-rw- 1 root wheel 0 May 27 21:01 ssl-params srw-rw-rw- 1 root wheel 0 May 27 21:01 stats prw-rw-rw- 1 root wheel 0 May 27 21:01 stats-mail drwxr-x--- 2 root dovenull 4 May 27 21:01 token-login thebighonker.lerctr.org /var/run/dovecot $ Now, the fact that it was whining about a .tmp file is interesting. Was there any other whines? Seems like something(tm) wasn't running as root that should be. On Wed, May 28, 2014 at 5:52 PM, Chris Vaas wrote: > What permissions should I have on the folder /var/run/dovecot ? The owner > is root and the group dovecot in my case. The access bits are drwxr-xr-x. > > On Thu, May 29, 2014 at 12:49 AM, Larry Rosenman > wrote: > > > Check the permissions on the directory referenced. > > On May 28, 2014 5:06 PM, "Chris Vaas" wrote: > > > >> Hey guys, > >> I am getting the following error. It seems not be be severe, since my > >> setup > >> works without any signs of drawbacks. But I'd rather rely on a > >> professional > >> opinion. > >> > >> May 28 23:02:54 example dovecot: auth: Error: > >> open(/var/run/dovecot/auth-token-secret.dat.tmp) failed: Permission > denied > >> May 28 23:02:54 example dovecot: auth: Error: Failed to write auth token > >> secret file; returned tokens will be invalid once auth restarts > >> > >> Thanks in advance > >> Chris > >> > > > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 From chrisvaas at gmail.com Wed May 28 23:09:47 2014 From: chrisvaas at gmail.com (Chris Vaas) Date: Thu, 29 May 2014 01:09:47 +0200 Subject: [Dovecot] Filed to write auth token secret file In-Reply-To: References: Message-ID: May I also ask you for the permissions on the parent folder? /var/run/dovecot Thanks! On Thu, May 29, 2014 at 1:07 AM, Larry Rosenman wrote: > Here is the entire contents of mine. > > drwxr-xr-x 5 root wheel 35 May 27 21:01 . > drwxr-xr-x 14 root wheel 35 May 28 03:01 .. > srw------- 1 root wheel 0 May 24 14:12 anvil > srw------- 1 root wheel 0 May 24 14:12 anvil-auth-penalty > srw-rw-rw- 1 dovecot wheel 0 May 27 21:01 auth-client > srw------- 1 dovecot wheel 0 May 27 21:01 auth-login > srw-rw-rw- 1 root wheel 0 May 27 21:01 auth-master > -rw------- 1 root wheel 32 May 24 14:12 auth-token-secret.dat > srw-rw-rw- 1 dovecot wheel 0 May 27 21:01 auth-userdb > srw------- 1 dovecot wheel 0 May 27 21:01 auth-worker > srw------- 1 root wheel 0 May 27 21:01 config > srw------- 1 root wheel 0 May 27 21:01 dict > srw------- 1 root wheel 0 May 27 21:01 director-admin > srw------- 1 root wheel 0 May 27 21:01 director-userdb > srw-rw-rw- 1 root wheel 0 May 27 21:01 dns-client > srw------- 1 root wheel 0 May 27 21:01 doveadm-server > lrwx------ 1 root wheel 35 May 24 14:12 dovecot.conf -> > /usr/local/etc/dovecot/dovecot.conf > drwxr-xr-x 2 root wheel 2 May 24 14:12 empty > srw-rw-rw- 1 root wheel 0 May 27 21:01 imap-urlauth > srw------- 1 dovecot wheel 0 May 27 21:01 imap-urlauth-worker > srw-rw-rw- 1 root wheel 0 May 27 21:01 indexer > srw------- 1 dovecot wheel 0 May 27 21:01 indexer-worker > srw------- 1 root wheel 0 May 27 21:01 ipc > srw-rw-rw- 1 root wheel 0 May 27 21:01 lmtp > srw------- 1 root wheel 0 May 27 21:01 log-errors > drwxr-x--- 2 root dovenull 9 May 27 21:01 login > -rw------- 1 root wheel 4 May 24 14:12 master.pid > -rw-r--r-- 1 root wheel 86 May 24 14:12 mounts > srw------- 1 root wheel 0 May 27 21:01 replication-notify > prw------- 1 root wheel 0 May 27 21:01 replication-notify-fifo > srw------- 1 dovecot wheel 0 May 27 21:01 replicator > srw-rw-rw- 1 root wheel 0 May 27 21:01 ssl-params > srw-rw-rw- 1 root wheel 0 May 27 21:01 stats > prw-rw-rw- 1 root wheel 0 May 27 21:01 stats-mail > drwxr-x--- 2 root dovenull 4 May 27 21:01 token-login > thebighonker.lerctr.org /var/run/dovecot $ > > > Now, the fact that it was whining about a .tmp file is interesting. > > Was there any other whines? > > Seems like something(tm) wasn't running as root that should be. > > > On Wed, May 28, 2014 at 5:52 PM, Chris Vaas wrote: > >> What permissions should I have on the folder /var/run/dovecot ? The owner >> is root and the group dovecot in my case. The access bits are drwxr-xr-x. >> >> On Thu, May 29, 2014 at 12:49 AM, Larry Rosenman >> wrote: >> >> > Check the permissions on the directory referenced. >> > On May 28, 2014 5:06 PM, "Chris Vaas" wrote: >> > >> >> Hey guys, >> >> I am getting the following error. It seems not be be severe, since my >> >> setup >> >> works without any signs of drawbacks. But I'd rather rely on a >> >> professional >> >> opinion. >> >> >> >> May 28 23:02:54 example dovecot: auth: Error: >> >> open(/var/run/dovecot/auth-token-secret.dat.tmp) failed: Permission >> denied >> >> May 28 23:02:54 example dovecot: auth: Error: Failed to write auth >> token >> >> secret file; returned tokens will be invalid once auth restarts >> >> >> >> Thanks in advance >> >> Chris >> >> >> > >> > > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 > From arthurdent.london at gmail.com Thu May 29 11:35:29 2014 From: arthurdent.london at gmail.com (Arthur Dent) Date: Thu, 29 May 2014 12:35:29 +0100 Subject: [Dovecot] Change to Maildir format (Was:Corrupted Mail?) In-Reply-To: <7an79bsp0rv8@mids.svenhartge.de> References: <1401260626.2251.9.camel@localhost> <7an79bsp0rv8@mids.svenhartge.de> Message-ID: <1401363329.2377.25.camel@localhost> On Wed, 2014-05-28 at 14:27 +0200, Sven Hartge wrote: > Larry Stone wrote: > > On May 28, 2014, at 2:03 AM, Arthur Dent wrote: > > >> DELIVER=/usr/libexec/dovecot/deliver > >> DESTDIR=/home/mark/mail/ > >> :0 w > >> * ^List-Id:.*users.lists.fedoraproject.org > >> | $DELIVER -m $DESTDIR/MLists/Fedora > > > But that?s not exactly what was suggested above. It?s missing the ?-d $USER?. > > And I guess the mailbox name at -m is wrong. > > This gets expanded to: > > | /usr/libexec/dovecot/deliver -d mark -m /home/mark/mail/MLists/Fedora > > But with "-m" you have to use the mailbox name dovecot uses, which could > be for example > > "INBOX.MLists.Fedora" or "INBOX/MLists/Fedora" or "MLists.Fedora" or > even "MLists/Fedora" depending on your namespace configuration. > > I suggest to use "doveadm mailbox list" to find out what the dovecot > name of the target mailbox is. Thanks to everyone who helped me sort this out. This was the most helpful reply - I had been trying both with and without the -d switch without success. Using "doveadm mailbox list" showed me that the problem was with the delivery address. This is what I now have - and it works - Thanks to all: :0 w * ^List-Id:.*users.lists.fedoraproject.org | /usr/libexec/dovecot/deliver -d mark -m MLists/Fedora Another two questions now please if I may: 1) I have tried both /usr/libexec/dovecot/deliver and /usr/libexec/dovecot/dovecot-lda and they both work. Are they equivalent? If not which should I use? 2) Switching to maildir, should the new delivery line now read: | /usr/libexec/dovecot/deliver -d mark -m .MLists.Fedora/ (i.e. a dot before and after MLists and a trailing slash)? Thanks again for all the help and support. Much appreciated... Mark From sven at svenhartge.de Thu May 29 11:48:48 2014 From: sven at svenhartge.de (Sven Hartge) Date: Thu, 29 May 2014 13:48:48 +0200 Subject: [Dovecot] Change to Maildir format References: <1401260626.2251.9.camel@localhost> <7an79bsp0rv8@mids.svenhartge.de> <1401363329.2377.25.camel@localhost> Message-ID: <8an9rgop0rv8@mids.svenhartge.de> Arthur Dent wrote: > 2) Switching to maildir, should the new delivery line now read: > | /usr/libexec/dovecot/deliver -d mark -m .MLists.Fedora/ > (i.e. a dot before and after MLists and a trailing slash)? That depends on the namespace configuration in dovecot. An excerpt from the output of "doveadm mailbox list" on my server looks like this: [...] Admin.DVZ Admin.DVZ.server Admin.DVZ.server.events Admin.DVZ.server.events.nagios Admin.DVZ.server.events.nagios.FM Admin.DVZ.server.events.nagios.dkm Admin.DVZ.server.events.nagios.verw Admin.DVZ.server.events.nagios.net Admin.DVZ.server.events.nagios.sonstiges [...] And my namespace configuration: namespace inbox { hidden = no inbox = yes list = yes location = maildir:~/Maildir prefix = separator = . subscriptions = yes type = private } Depending on your "prefix" and "separator" settings the names of the mailboxes change. Again: use "doveadm mailbox list" to find out, what the names should be. Gr??e, S? -- Sigmentation fault. Core dumped. From lstone19 at stonejongleux.com Thu May 29 11:53:06 2014 From: lstone19 at stonejongleux.com (Larry Stone) Date: Thu, 29 May 2014 06:53:06 -0500 Subject: [Dovecot] Change to Maildir format (Was:Corrupted Mail?) In-Reply-To: <1401363329.2377.25.camel@localhost> References: <1401260626.2251.9.camel@localhost> <7an79bsp0rv8@mids.svenhartge.de> <1401363329.2377.25.camel@localhost> Message-ID: <81E5F346-7A2A-480F-B19A-B127DBDE67A6@stonejongleux.com> On May 29, 2014, at 6:35 AM, Arthur Dent wrote: > 1) I have tried both /usr/libexec/dovecot/deliver > and /usr/libexec/dovecot/dovecot-lda and they both work. Are they > equivalent? If not which should I use? A ls -l /usr/libexec/dovecot will (or at least it does on my system) show you that deliver is a link to dovecot-lda. lrwxr-xr-x 1 root wheel 11 May 15 22:16 deliver -> dovecot-lda -- Larry Stone lstone19 at stonejongleux.com http://www.stonejongleux.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4160 bytes Desc: not available URL: From arthurdent.london at gmail.com Thu May 29 12:03:12 2014 From: arthurdent.london at gmail.com (Arthur Dent) Date: Thu, 29 May 2014 13:03:12 +0100 Subject: [Dovecot] Change to Maildir format (Was:Corrupted Mail?) In-Reply-To: <81E5F346-7A2A-480F-B19A-B127DBDE67A6@stonejongleux.com> References: <1401260626.2251.9.camel@localhost> <7an79bsp0rv8@mids.svenhartge.de> <1401363329.2377.25.camel@localhost> <81E5F346-7A2A-480F-B19A-B127DBDE67A6@stonejongleux.com> Message-ID: <1401364992.2377.26.camel@localhost> On Thu, 2014-05-29 at 06:53 -0500, Larry Stone wrote: > On May 29, 2014, at 6:35 AM, Arthur Dent wrote: > > > 1) I have tried both /usr/libexec/dovecot/deliver > > and /usr/libexec/dovecot/dovecot-lda and they both work. Are they > > equivalent? If not which should I use? > > A ls -l /usr/libexec/dovecot will (or at least it does on my system) show you that deliver is a link to dovecot-lda. > lrwxr-xr-x 1 root wheel 11 May 15 22:16 deliver -> dovecot-lda Oh yes. Mine too. Thanks for clearing that up! From voytek at sbt.net.au Fri May 30 06:28:15 2014 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Fri, 30 May 2014 16:28:15 +1000 Subject: [Dovecot] ot: identifying TB IMAP issues Message-ID: <2b2d482ad1cc8f2421043e629b78167a.squirrel@emu.sbt.net.au> I have a user with with W7/TBird/IMAP to my dovecot 2.1.17 server, the user complains whilst he is composing lengthy emails (with multiple fowrds/replies quoted in the message) he gets 'hour glass' over compose windows with some message about not being able to save drafts, he then powers off ADSL modem, which enables him to continue composing email, powers on ADSL, and sends email what if anything can I assess at server end to identify any issues? any TB tips, what to enable or disable on TB ? looking at dovecot now (past the issue) with 'doveadm who' I don't see the user listed I think the user keeps many messages open concurrently in TB tabs, could that exhaust connection limit ? I expect this to be a TB issue? but, hope for some pointers From alessio at skye.it Fri May 30 06:45:06 2014 From: alessio at skye.it (Alessio Cecchi) Date: Fri, 30 May 2014 08:45:06 +0200 Subject: [Dovecot] Problem with quota calculation... In-Reply-To: <20140527130412.Horde.9hnJRi6UwyYiRawTcxMCuQ1@buero.tachtler.net> References: <20140527130412.Horde.9hnJRi6UwyYiRawTcxMCuQ1@buero.tachtler.net> Message-ID: <538828F2.8010401@skye.it> Il 27/05/2014 13:04, Klaus Tachtler ha scritto: > Hello, > > since I changed the quota backend from maildir (maildir:User quota) > to dictionary (dict:User quota::proxy::quota), I have problems with > tha calculated size and messages count. > > --- Input/Output --- > > # du -hs > 23M . > > # doveadm quota get -u ich at tachtler.net > Quota name Type Value Limit > % > User quota STORAGE 46602 1024000 > 4 > User quota MESSAGE 166 - > 0 > > # doveadm quota recalc -u ich at tachtler.net > > # doveadm quota get -u ich at tachtler.net > Quota name Type Value Limit > % > User quota STORAGE 23301 1024000 > 2 > User quota MESSAGE 83 - > 0 > > --- Input/Output ---- > > It seems, that all was counted twice? Hi, try to understand if quota is updated when you delete a messagge (via POP/IMAP) and when a new messagge is delivered. Are you using Dovecot for LDA? THis is necessary if you use dict for quota. Ciao -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it From chrisvaas at gmail.com Fri May 30 07:10:10 2014 From: chrisvaas at gmail.com (Chris Vaas) Date: Fri, 30 May 2014 09:10:10 +0200 Subject: [Dovecot] Filed to write auth token secret file In-Reply-To: References: Message-ID: Just to give it a shot, I took a look into my SELinux log. Problem solved, SELinux blocked it. I added a rule to allow the access and that's it. Thanks for your help Chris On Fri, May 30, 2014 at 2:46 AM, Larry Rosenman wrote: > Can you check all the auth-* process(es) running and make sure they are > all running as root? > > Also, a doveconf -n MIGHT help. > > > On Thu, May 29, 2014 at 1:25 AM, Chris Vaas wrote: > >> So it seems that the permissions are the same like yours. Hm. Suggestions >> about the next step? >> On May 29, 2014 1:12 AM, "Larry Rosenman" wrote: >> >>> the . directory in that list is /var/run/dovecot. >>> >>> that was a ls -la, after a cd /var/run/dovecot. >>> >>> >>> On 5/28/14, Chris Vaas wrote: >>> > May I also ask you for the permissions on the parent folder? >>> > /var/run/dovecot >>> > >>> > Thanks! >>> > >>> > >>> > On Thu, May 29, 2014 at 1:07 AM, Larry Rosenman >>> wrote: >>> > >>> >> Here is the entire contents of mine. >>> >> >>> >> drwxr-xr-x 5 root wheel 35 May 27 21:01 . >>> >> drwxr-xr-x 14 root wheel 35 May 28 03:01 .. >>> >> srw------- 1 root wheel 0 May 24 14:12 anvil >>> >> srw------- 1 root wheel 0 May 24 14:12 anvil-auth-penalty >>> >> srw-rw-rw- 1 dovecot wheel 0 May 27 21:01 auth-client >>> >> srw------- 1 dovecot wheel 0 May 27 21:01 auth-login >>> >> srw-rw-rw- 1 root wheel 0 May 27 21:01 auth-master >>> >> -rw------- 1 root wheel 32 May 24 14:12 >>> auth-token-secret.dat >>> >> srw-rw-rw- 1 dovecot wheel 0 May 27 21:01 auth-userdb >>> >> srw------- 1 dovecot wheel 0 May 27 21:01 auth-worker >>> >> srw------- 1 root wheel 0 May 27 21:01 config >>> >> srw------- 1 root wheel 0 May 27 21:01 dict >>> >> srw------- 1 root wheel 0 May 27 21:01 director-admin >>> >> srw------- 1 root wheel 0 May 27 21:01 director-userdb >>> >> srw-rw-rw- 1 root wheel 0 May 27 21:01 dns-client >>> >> srw------- 1 root wheel 0 May 27 21:01 doveadm-server >>> >> lrwx------ 1 root wheel 35 May 24 14:12 dovecot.conf -> >>> >> /usr/local/etc/dovecot/dovecot.conf >>> >> drwxr-xr-x 2 root wheel 2 May 24 14:12 empty >>> >> srw-rw-rw- 1 root wheel 0 May 27 21:01 imap-urlauth >>> >> srw------- 1 dovecot wheel 0 May 27 21:01 imap-urlauth-worker >>> >> srw-rw-rw- 1 root wheel 0 May 27 21:01 indexer >>> >> srw------- 1 dovecot wheel 0 May 27 21:01 indexer-worker >>> >> srw------- 1 root wheel 0 May 27 21:01 ipc >>> >> srw-rw-rw- 1 root wheel 0 May 27 21:01 lmtp >>> >> srw------- 1 root wheel 0 May 27 21:01 log-errors >>> >> drwxr-x--- 2 root dovenull 9 May 27 21:01 login >>> >> -rw------- 1 root wheel 4 May 24 14:12 master.pid >>> >> -rw-r--r-- 1 root wheel 86 May 24 14:12 mounts >>> >> srw------- 1 root wheel 0 May 27 21:01 replication-notify >>> >> prw------- 1 root wheel 0 May 27 21:01 >>> replication-notify-fifo >>> >> srw------- 1 dovecot wheel 0 May 27 21:01 replicator >>> >> srw-rw-rw- 1 root wheel 0 May 27 21:01 ssl-params >>> >> srw-rw-rw- 1 root wheel 0 May 27 21:01 stats >>> >> prw-rw-rw- 1 root wheel 0 May 27 21:01 stats-mail >>> >> drwxr-x--- 2 root dovenull 4 May 27 21:01 token-login >>> >> thebighonker.lerctr.org /var/run/dovecot $ >>> >> >>> >> >>> >> Now, the fact that it was whining about a .tmp file is interesting. >>> >> >>> >> Was there any other whines? >>> >> >>> >> Seems like something(tm) wasn't running as root that should be. >>> >> >>> >> >>> >> On Wed, May 28, 2014 at 5:52 PM, Chris Vaas >>> wrote: >>> >> >>> >>> What permissions should I have on the folder /var/run/dovecot ? The >>> >>> owner >>> >>> is root and the group dovecot in my case. The access bits are >>> >>> drwxr-xr-x. >>> >>> >>> >>> On Thu, May 29, 2014 at 12:49 AM, Larry Rosenman >> > >>> >>> wrote: >>> >>> >>> >>> > Check the permissions on the directory referenced. >>> >>> > On May 28, 2014 5:06 PM, "Chris Vaas" wrote: >>> >>> > >>> >>> >> Hey guys, >>> >>> >> I am getting the following error. It seems not be be severe, >>> since my >>> >>> >> setup >>> >>> >> works without any signs of drawbacks. But I'd rather rely on a >>> >>> >> professional >>> >>> >> opinion. >>> >>> >> >>> >>> >> May 28 23:02:54 example dovecot: auth: Error: >>> >>> >> open(/var/run/dovecot/auth-token-secret.dat.tmp) failed: >>> Permission >>> >>> denied >>> >>> >> May 28 23:02:54 example dovecot: auth: Error: Failed to write auth >>> >>> token >>> >>> >> secret file; returned tokens will be invalid once auth restarts >>> >>> >> >>> >>> >> Thanks in advance >>> >>> >> Chris >>> >>> >> >>> >>> > >>> >>> >>> >> >>> >> >>> >> >>> >> -- >>> >> Larry Rosenman http://www.lerctr.org/~ler >>> >> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >>> >> US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 >>> >> >>> > >>> >>> >>> -- >>> Larry Rosenman http://www.lerctr.org/~ler >>> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >>> US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 >>> >> > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 > From arthurdent.london at gmail.com Fri May 30 09:25:28 2014 From: arthurdent.london at gmail.com (Arthur Dent) Date: Fri, 30 May 2014 10:25:28 +0100 Subject: [Dovecot] Change to Maildir format (Was:Corrupted Mail?) In-Reply-To: <1401363329.2377.25.camel@localhost> References: <1401260626.2251.9.camel@localhost> <7an79bsp0rv8@mids.svenhartge.de> <1401363329.2377.25.camel@localhost> Message-ID: <1401441928.3514.13.camel@localhost> Well, with thanks to everyone on this list I have now successfully (I hope) switched from mbox to Maildir format. Moreover I am now using dovecot-lda to deliver. I went step by step, and tested it with just one account before opening up the whole system. I had to rewrite my procmail recipes twice because I first changed them to: | /usr/libexec/dovecot/deliver -d mark -m .MLists.Fedora/ but after testing with the Maildir format up and running I found that they had to be: | /usr/libexec/dovecot/deliver -d mark -m MLists.Fedora I will now leave it running for a couple of days. I will keep an eye on the logs, but I hope that I have now seen the last of the "Error: Next message unexpectedly corrupted ..." messages! Thanks again for all the help. Much appreciated! Mark From patrick at spamreducer.eu Fri May 30 09:33:42 2014 From: patrick at spamreducer.eu (Patrick De Zordo) Date: Fri, 30 May 2014 11:33:42 +0200 Subject: [Dovecot] Change to Maildir format (Was:Corrupted Mail?) In-Reply-To: <1401441928.3514.13.camel@localhost> References: <1401260626.2251.9.camel@localhost> <7an79bsp0rv8@mids.svenhartge.de> <1401363329.2377.25.camel@localhost> <1401441928.3514.13.camel@localhost> Message-ID: <009501cf7bea$3edf0280$bc9d0780$@spamreducer.eu> > -----Urspr?ngliche Nachricht----- > Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Arthur > Dent > Gesendet: Freitag, 30. Mai 2014 11:25 > An: dovecot at dovecot.org > Betreff: Re: [Dovecot] Change to Maildir format (Was:Corrupted Mail?) > > Well, with thanks to everyone on this list I have now successfully (I > hope) switched from mbox to Maildir format. Moreover I am now using > dovecot-lda to deliver. > > I went step by step, and tested it with just one account before opening up > the whole system. > Great! > I had to rewrite my procmail recipes twice because I first changed them > to: > | /usr/libexec/dovecot/deliver -d mark -m .MLists.Fedora/ > > but after testing with the Maildir format up and running I found that they had > to be: > | /usr/libexec/dovecot/deliver -d mark -m MLists.Fedora > > I will now leave it running for a couple of days. I will keep an eye on the logs, > but I hope that I have now seen the last of the "Error: Next message > unexpectedly corrupted ..." messages! > Sure! > Thanks again for all the help. Much appreciated! > > Mark From joseba.torre at ehu.es Fri May 30 10:20:59 2014 From: joseba.torre at ehu.es (Joseba Torre) Date: Fri, 30 May 2014 12:20:59 +0200 Subject: [Dovecot] ot: identifying TB IMAP issues In-Reply-To: <2b2d482ad1cc8f2421043e629b78167a.squirrel@emu.sbt.net.au> References: <2b2d482ad1cc8f2421043e629b78167a.squirrel@emu.sbt.net.au> Message-ID: <53885B8B.902@ehu.es> El 30/05/14 08:28, voytek at sbt.net.au escribi?: > I have a user with with W7/TBird/IMAP to my dovecot 2.1.17 server, the > user complains whilst he is composing lengthy emails (with multiple > fowrds/replies quoted in the message) he gets 'hour glass' over compose > windows with some message about not being able to save drafts, Has he tried choosing a local folder for drafts? From benoit.panizzon at imp.ch Fri May 30 14:27:22 2014 From: benoit.panizzon at imp.ch (Benoit Panizzon) Date: Fri, 30 May 2014 16:27:22 +0200 Subject: [Dovecot] Disabling plus sign extension delimiter in lmtp listener (or userdb) Message-ID: <201405301627.23393.benoit.panizzon@imp.ch> Hello We have migrated our email services from a server, which did not support IMAP and folders, therefore threated the plus sign + as a normal character in a part of an email address. Our new server delivers the emails via lmtp to dovecot. the few users which got a + character in the username first could not log-in (fixed by adding + to auth_username_chars). Now the next problem turn out to be, that the lmtp listener stripps everything after the + sign. The MTA correctly sends the whole email address, so it's not the MTA's fault. It can easily be tested by connecting to the dovecot LMTP listener IP address by telnet: 220 grautvornix.imp.ch Dovecot ready. mail from: 250 2.1.0 OK rcpt to: 550 5.1.1 User doesn't exist: b at iscan.ch I could not find any configuration parameters for the lmtp listener or userdb service to tell it what to do with the + sign. Did I miss something, or is it impossible to have the + sign accepted as a normal character in an email address? Kind regards -Benoit- From stano at websupport.sk Fri May 30 15:02:47 2014 From: stano at websupport.sk (Pavel Stano) Date: Fri, 30 May 2014 17:02:47 +0200 Subject: [Dovecot] attachment sis + EMLINK (too many links) = segfault bug (2.2.12) Message-ID: <20140530170247.67941b1a@ass> Hi, we use attachment dedup with lots of emails (still migrating to it from maildir). We use netapp storage with wafl filesystem over nfs. Problem is that netapp has hard limit of 100k hardlinks to one file. And we encountered it. Problem is that dovecot start do segfault (lmtp,dsync,pop3 etc) when it happend when tried to deliver new emails with that attachment. Here is strace of dsync: 6740 link("/nfsmnt/mailatch1/f9/10/hashes/f9108ddaa156ac15738e41ed3bedec1eda50175d", "/nfsmnt/mailatch1/f9/10/f9108ddaa156ac15738e41ed3bedec1eda50175d-7bb7a20ddb598853541a000028db4a9f") = -1 EMLINK (Too many links) 6740 --- SIGSEGV (Segmentation fault) @ 0 (0) --- ls -lh: -rw------- 100000 vmail vmail 4.7K Apr 28 16:54 /nfsmnt/mailatch1/f9/10/hashes/f9108ddaa156ac15738e41ed3bedec1eda50175d We were using mail_attachment_min_size=4kb, we solve it by increasing it to 8kb. It would be nice to somehow fix this problem. Like not crash when EMLINK happend and maybe do not deduplicate attachments but deliver email without dedup. Or create second file in hashes/ and start hardlinking it instead of original. AFAIK ext4 has also hard-link limit 64k (http://en.wikipedia.org/wiki/Hard_link#Limitations_of_hard_links) So this can happen to anyone with lots of emails. Thanks -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From larryrtx at gmail.com Fri May 30 16:03:38 2014 From: larryrtx at gmail.com (Larry Rosenman) Date: Fri, 30 May 2014 11:03:38 -0500 Subject: [Dovecot] doveadm fts optimize CRASH Message-ID: thebighonker.lerctr.org /home/ler $ gdb -c doveadm.core `which doveadm` GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)... Core was generated by `doveadm'. Program terminated with signal 6, Aborted. Reading symbols from /lib/libz.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libz.so.6 Reading symbols from /lib/libcrypt.so.5...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypt.so.5 Reading symbols from /usr/local/lib/dovecot/libdovecot-storage.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/libdovecot-storage.so.0 Reading symbols from /usr/local/lib/dovecot/libdovecot.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/libdovecot.so.0 Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.7 Reading symbols from /usr/local/lib/dovecot/lib20_fts_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/lib20_fts_plugin.so Reading symbols from /usr/local/lib/dovecot/lib21_fts_lucene_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/lib21_fts_lucene_plugin.so Reading symbols from /usr/local/lib/libclucene-core.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/libclucene-core.so.1 Reading symbols from /usr/local/lib/libclucene-shared.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/libclucene-shared.so.1 Reading symbols from /usr/lib/libc++.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libc++.so.1 Reading symbols from /lib/libcxxrt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libcxxrt.so.1 Reading symbols from /lib/libm.so.5...(no debugging symbols found)...done. Loaded symbols for /lib/libm.so.5 Reading symbols from /lib/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libgcc_s.so.1 Reading symbols from /lib/libthr.so.3...(no debugging symbols found)...done. Loaded symbols for /lib/libthr.so.3 Reading symbols from /usr/local/lib/dovecot/lib90_stats_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/lib90_stats_plugin.so Reading symbols from /usr/local/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so Reading symbols from /usr/local/lib/dovecot-2.2-pigeonhole/libdovecot-sieve.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot-2.2-pigeonhole/libdovecot-sieve.so.0 Reading symbols from /usr/local/lib/dovecot/libdovecot-lda.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/libdovecot-lda.so.0 Reading symbols from /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so Reading symbols from /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x00000008013cc0da in kill () from /lib/libc.so.7 [New Thread 801c2b800 (LWP 101632/doveadm)] (gdb) bt #0 0x00000008013cc0da in kill () from /lib/libc.so.7 #1 0x00000008013ca809 in abort () from /lib/libc.so.7 #2 0x0000000802cf7b39 in __cxa_pure_virtual () from /lib/libcxxrt.so.1 #3 0x00000008025159dc in lucene::store::BufferedIndexOutput::~BufferedIndexOutput () from /usr/local/lib/libclucene-core.so.1 #4 0x000000080251717a in lucene::store::FSDirectory::FSIndexOutput::FSIndexOutput () from /usr/local/lib/libclucene-core.so.1 #5 0x0000000802518983 in lucene::store::FSDirectory::createOutput () from /usr/local/lib/libclucene-core.so.1 #6 0x0000000802544c9d in lucene::index::CompoundFileWriter::close () from /usr/local/lib/libclucene-core.so.1 #7 0x0000000802558b32 in lucene::index::SegmentMerger::createCompoundFile () from /usr/local/lib/libclucene-core.so.1 #8 0x0000000802566b2d in lucene::index::IndexWriter::mergeMiddle () from /usr/local/lib/libclucene-core.so.1 #9 0x00000008025620f8 in lucene::index::IndexWriter::merge () from /usr/local/lib/libclucene-core.so.1 #10 0x0000000802527738 in lucene::index::SerialMergeScheduler::merge () from /usr/local/lib/libclucene-core.so.1 #11 0x000000080255ff45 in lucene::index::IndexWriter::optimize () from /usr/local/lib/libclucene-core.so.1 #12 0x000000080221bfd9 in lucene_index_optimize () from /usr/local/lib/dovecot/lib21_fts_lucene_plugin.so ---Type to continue, or q to quit--- #13 0x000000080400a2b0 in doveadm_fts_plugin_deinit () from /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so #14 0x0000000000413617 in doveadm_mail_single_user () #15 0x0000000000413c60 in doveadm_mail_try_run () #16 0x000000000041c897 in main () (gdb) -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 From andy at xecu.net Fri May 30 19:34:14 2014 From: andy at xecu.net (Andy Dills) Date: Fri, 30 May 2014 15:34:14 -0400 Subject: [Dovecot] =?utf-8?q?Panic=3A_file_mail-index-transaction-export?= =?utf-8?b?LmM6IGxpbmUgMjAzIChsb2dfYXBwZW5kX2V4dF9oZHJfdXBkYXRlKTogYXNz?= =?utf-8?q?ertion_failed=3A_=28u32=2Eoffset_+_u32=2Esize_=3C=3D_ext=5Fhdr?= =?utf-8?b?X3NpemUp?= Message-ID: Hi there, We recently upgraded to 2.2.12 (the current version in FreeBSD's port tree), and are seeing these errors in our logs (not super frequently, but it happens): May 30 13:20:57 mail1 kernel: pid 15752 (imap), uid 1005: exited on signal 6 May 30 13:20:57 mail1 dovecot: imap(xxx): Fatal: master: service(imap): child 15752 killed with signal 6 (core not dumped - set service imap { drop_priv_before_exec=yes }) I tried manually upgrading to 2.2.13, on the off chance that was fixed, but I couldn't get the new pigeonhole (0.4.3) to compile once I did (perhaps why the FreeBSD port maintainer hasn't updated yet?). Suggestions? Right now we just check every couple of hours for affected users, and then delete all of the dovecot files for the affected user, which ends the error. Thanks, Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- From andy at xecu.net Fri May 30 20:01:20 2014 From: andy at xecu.net (Andy Dills) Date: Fri, 30 May 2014 16:01:20 -0400 Subject: [Dovecot] =?utf-8?q?Panic=3A_file_mail-index-transaction-export?= =?utf-8?b?LmM6IGxpbmUgMjAzIChsb2dfYXBwZW5kX2V4dF9oZHJfdXBkYXRlKTogYXNz?= =?utf-8?q?ertion_failed=3A_=28u32=2Eoffset_+_u32=2Esize_=3C=3D_ext=5Fhdr?= =?utf-8?b?X3NpemUp?= In-Reply-To: References: Message-ID: <7e1cec65773a047c3f51386f9835bfee@xecu.net> Thanks to the suggestion by Larry off-list, I snagged an official patch from the FreeBSD PR and now the ports are compiling cleanly. I'll report back if I get the errors again. Thanks, Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- On 05/30/2014 15:34, Andy Dills wrote: > Hi there, > > We recently upgraded to 2.2.12 (the current version in FreeBSD's port > tree), and are seeing these errors in our logs (not super frequently, > but it happens): > > May 30 13:20:57 mail1 kernel: pid 15752 (imap), uid 1005: exited on > signal 6 > May 30 13:20:57 mail1 dovecot: imap(xxx): Fatal: master: service(imap): > child 15752 killed with signal 6 (core not dumped - set service imap { > drop_priv_before_exec=yes }) > > I tried manually upgrading to 2.2.13, on the off chance that was fixed, > but I couldn't get the new pigeonhole (0.4.3) to compile once I did > (perhaps why the FreeBSD port maintainer hasn't updated yet?). > > Suggestions? Right now we just check every couple of hours for affected > users, and then delete all of the dovecot files for the affected user, > which ends the error. > > Thanks, > Andy > > --- > > Andy Dills > Xecunet, Inc. > www.xecu.net > 301-682-9972 > --- From larryrtx at gmail.com Fri May 30 20:02:36 2014 From: larryrtx at gmail.com (Larry Rosenman) Date: Fri, 30 May 2014 15:02:36 -0500 Subject: [Dovecot] Panic: file mail-index-transaction-export.c: line 203 (log_append_ext_hdr_update): assertion failed: (u32.offset + u32.size <= ext_hdr_size) In-Reply-To: <7e1cec65773a047c3f51386f9835bfee@xecu.net> References: <7e1cec65773a047c3f51386f9835bfee@xecu.net> Message-ID: I actually submitted the PR's. I'm waiting for the real maintainer to approve or for the 2 week timeout. As I said, it's doing great for me :) On Fri, May 30, 2014 at 3:01 PM, Andy Dills wrote: > Thanks to the suggestion by Larry off-list, I snagged an official patch > from the FreeBSD PR and now the ports are compiling cleanly. > > I'll report back if I get the errors again. > > > Thanks, > Andy > > --- > Andy Dills > Xecunet, Inc. > www.xecu.net > 301-682-9972 > --- > > On 05/30/2014 15:34, Andy Dills wrote: > >> Hi there, >> >> We recently upgraded to 2.2.12 (the current version in FreeBSD's port >> tree), and are seeing these errors in our logs (not super frequently, >> but it happens): >> >> May 30 13:20:57 mail1 kernel: pid 15752 (imap), uid 1005: exited on >> signal 6 >> May 30 13:20:57 mail1 dovecot: imap(xxx): Fatal: master: service(imap): >> child 15752 killed with signal 6 (core not dumped - set service imap { >> drop_priv_before_exec=yes }) >> >> I tried manually upgrading to 2.2.13, on the off chance that was fixed, >> but I couldn't get the new pigeonhole (0.4.3) to compile once I did >> (perhaps why the FreeBSD port maintainer hasn't updated yet?). >> >> Suggestions? Right now we just check every couple of hours for affected >> users, and then delete all of the dovecot files for the affected user, >> which ends the error. >> >> Thanks, >> Andy >> >> --- >> >> Andy Dills >> Xecunet, Inc. >> www.xecu.net >> 301-682-9972 >> --- >> > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 108 Turvey Cove, Hutto, TX 78634-5688 From andy at xecu.net Fri May 30 21:19:44 2014 From: andy at xecu.net (Andy Dills) Date: Fri, 30 May 2014 17:19:44 -0400 Subject: [Dovecot] =?utf-8?q?Panic=3A_file_mail-index-transaction-export?= =?utf-8?b?LmM6IGxpbmUgMjAzIChsb2dfYXBwZW5kX2V4dF9oZHJfdXBkYXRlKTogYXNz?= =?utf-8?q?ertion_failed=3A_=28u32=2Eoffset_+_u32=2Esize_=3C=3D_ext=5Fhdr?= =?utf-8?b?X3NpemUp?= In-Reply-To: References: <7e1cec65773a047c3f51386f9835bfee@xecu.net> Message-ID: <1eb16f8eda0ac5d19e3ba8afc5e19bea@xecu.net> Unfortunately, I'm still getting the same errors post upgrade to 2.2.13. I'm coming from 2.1.12, so perhaps there is some slight incompatibility in some circumstances with the index files? I'm continuing to delete them as this arises, and so far I've no repeat problem accounts. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- On 05/30/2014 16:02, Larry Rosenman wrote: > I actually submitted the PR's. I'm waiting for the real maintainer to > approve or for the 2 week timeout. > > As I said, it's doing great for me :) > > > > On Fri, May 30, 2014 at 3:01 PM, Andy Dills wrote: > >> Thanks to the suggestion by Larry off-list, I snagged an official >> patch >> from the FreeBSD PR and now the ports are compiling cleanly. >> >> I'll report back if I get the errors again. >> >> >> Thanks, >> Andy >> >> --- >> Andy Dills >> Xecunet, Inc. >> www.xecu.net >> 301-682-9972 >> --- >> >> On 05/30/2014 15:34, Andy Dills wrote: >> >>> Hi there, >>> >>> We recently upgraded to 2.2.12 (the current version in FreeBSD's port >>> tree), and are seeing these errors in our logs (not super frequently, >>> but it happens): >>> >>> May 30 13:20:57 mail1 kernel: pid 15752 (imap), uid 1005: exited on >>> signal 6 >>> May 30 13:20:57 mail1 dovecot: imap(xxx): Fatal: master: >>> service(imap): >>> child 15752 killed with signal 6 (core not dumped - set service imap >>> { >>> drop_priv_before_exec=yes }) >>> >>> I tried manually upgrading to 2.2.13, on the off chance that was >>> fixed, >>> but I couldn't get the new pigeonhole (0.4.3) to compile once I did >>> (perhaps why the FreeBSD port maintainer hasn't updated yet?). >>> >>> Suggestions? Right now we just check every couple of hours for >>> affected >>> users, and then delete all of the dovecot files for the affected >>> user, >>> which ends the error. >>> >>> Thanks, >>> Andy >>> >>> --- >>> >>> Andy Dills >>> Xecunet, Inc. >>> www.xecu.net >>> 301-682-9972 >>> --- >>> >> From axel.luttgens at skynet.be Fri May 30 21:30:04 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Fri, 30 May 2014 23:30:04 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <5385F57E.8020208@pobox.com> References: <5382F4D8.50903@pobox.com> <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> <5383014A.5090502@pobox.com> <9E1DD88D-2736-400F-937A-E213B1754D23@skynet.be> <53832FBB.70804@pobox.com> <994F7763-1272-4A7C-B375-109C8E41EADE@skynet.be> <5385F57E.8020208@pobox.com> Message-ID: <59F0A919-7A72-464A-9B48-0B45771B942A@skynet.be> Le 28 mai 2014 ? 16:41, Stanislas SABATIER a ?crit : > [...] > I tried to explain my specific case in my first post to the list (first > mail of this thread, may 24) : > [...] > To sum up, here are the headers : (CASE 1) > > *from : user1 at mydomain1* > to: someone at yahoo.com > CC: user2 at mydomain2, user3 at mydomaine3 > > > In this specific situation, Dovecot receives one email from Postfix for > user2 and user3. Dovecot is creating two user contexts, load mail-filter > plugin with user2 params, it saves the email, then it loads mail-filter > plugin with user3 params BUT, instead of reading the original email from > Postfix, Dovecot is trying to read the email from user2 (I see an > istream opening in logs) and pass it to user3. That fails because, in > this context, Dovecot can't access user2's email that has been encrypt > by my mail-filter. Hello Stanislas, Indeed, the above describes your intial post. A case I described as being a bit frightening, since it could raise some privacy concerns. > [...] > To sum up, here are the headers : (CASE 2) > > *from : someone at gmail.com* > to : someone at yahoo.com > CC: user2 at mydomain2, user3 at mydomaine3 > > > In this situation, Dovecot receives one email from Postfix for user2 and > user3 (same situation than case 1). Dovecot is creating two user > contexts, load mail-filter plugin with user2 params, it saves the email, > then it loads mail-filter plugin with user3 params and save the email > with user3 params. And I can say ? working perfectly ? ! > > [...] And here, you confirm the new info throughout this thread. So, the nature of the envelope sender would have an impact on how an email is delivered by Dovecot's LMTP to local recipients. Up to now, the only path I could find for bringing some confusion among recipients would be in the handling provided by client_input_data_write_local() of src/lmtp/commands.c. Even if the link with the envelope sender still remains obscure to me... Anyway, managing to have Postfix sending one message per recipient might prove useful for diagnosing the problem. HTH, Axel From d.parthey at metaways.de Fri May 30 22:09:05 2014 From: d.parthey at metaways.de (Daniel Parthey) Date: Sat, 31 May 2014 00:09:05 +0200 Subject: [Dovecot] ot: identifying TB IMAP issues In-Reply-To: <2b2d482ad1cc8f2421043e629b78167a.squirrel@emu.sbt.net.au> References: <2b2d482ad1cc8f2421043e629b78167a.squirrel@emu.sbt.net.au> Message-ID: <9948f577-dea7-43f3-a1e7-db8c0a40c32d@email.android.com> Hij Voytek, if the connection becomes stale, it might well be a network-related or client-side issue. Have you ever heard of the ADSL MTU problem? If some router/firewall inbetween drops ICMP messages related to path-MTU-discovery, then the maximum transfer unit (MTU) might be wrong and larger packets might get dropped on their way which makes the TCP connection become stale. The user's TCP segments need to be small enough so that a PPPoE header (8 Bytes) can be added to the packets without exceeding the default network MTU of 1500 Bytes, so the maximum recommnded TCP segment size for ADSL users is 1492 Bytes. Read more about the maximum segment size (MSS) clamping issue here: http://lartc.org/howto/lartc.cookbook.mtu-mss.html Regards Daniel From s.sabatier at pobox.com Sat May 31 14:24:22 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Sat, 31 May 2014 16:24:22 +0200 Subject: [Dovecot] Plugin mail-filter tangles In-Reply-To: <59F0A919-7A72-464A-9B48-0B45771B942A@skynet.be> References: <5382F4D8.50903@pobox.com> <5D6FF14A-0204-4076-9B68-34354C5A1496@skynet.be> <5383014A.5090502@pobox.com> <9E1DD88D-2736-400F-937A-E213B1754D23@skynet.be> <53832FBB.70804@pobox.com> <994F7763-1272-4A7C-B375-109C8E41EADE@skynet.be> <5385F57E.8020208@pobox.com> <59F0A919-7A72-464A-9B48-0B45771B942A@skynet.be> Message-ID: <5389E616.1090401@pobox.com> Le 30/05/2014 23:30, Axel Luttgens a ?crit : > A case I described as being a bit frightening, since it could raise > some privacy concerns. I agree ! > Anyway, managing to have Postfix sending one message per recipient > might prove useful for diagnosing the problem. HTH, Axel I managed to force Postfix to send one message per recipient, and it seams to fix the issue at Dovecot's side. So, we need to dig into Dovecot's LMTP handler. I would be delighted to help you ! Regards, Stan. From christian at lehrer-hoffmann.de Sat May 31 15:04:49 2014 From: christian at lehrer-hoffmann.de (Christian Hoffmann) Date: Sat, 31 May 2014 17:04:49 +0200 Subject: [Dovecot] dovecot: lda(foo): Error: User foo doesn't have home dir set, disabling duplicate database Message-ID: <5389EF91.5040606@lehrer-hoffmann.de> Hello everyone, I have a small problem with dovecot installed on ubuntu-13.10. I use dovcot as LDA with a LDAP-passdb and a pam-passdb. The userdb is static. A mail to LDAP-user 'foo' is delivered with the error-message dovecot: lda(foo): Error: User foo doesn't have home dir set, disabling duplicate database A mail to the pam-user 'bar' will deliverd without this error. But both users should work with the static-userdb. Where is my mistake? Greetings Christian dovecot --version 2.1.7 ############################################ my dovecot.conf # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.11.0-22-generic i686 Ubuntu 13.10 ext4 disable_plaintext_auth = no first_valid_uid = 107 last_valid_uid = 109 listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " mail_home = /var/mail/%u mail_location = maildir:/var/mail/%u/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } passdb { driver = pam } plugin { sieve = /var/mail/%u/dovecot.sieve sieve_before = /etc/dovecot/sieve.global/spamfilter.sieve } protocols = imap pop3 sieve service auth { user = root } service managesieve-login { inet_listener sieve { port = 2000 } } ssl_cert = References: <5389EF91.5040606@lehrer-hoffmann.de> Message-ID: <538A0D72.3080809@localhost.localdomain.org> On 05/31/2014 03:04 PM Christian Hoffmann wrote: > Hello everyone, > > I have a small problem with dovecot installed on ubuntu-13.10. I use > dovcot as LDA with a LDAP-passdb and a pam-passdb. The userdb is static. > A mail to LDAP-user 'foo' is delivered with the error-message > > dovecot: lda(foo): Error: User foo doesn't have home dir set, disabling > duplicate database Your LDAP based userdb doesn't return the home directory for user foo. The LDAP lookup should return the home directory. See http://wiki2.dovecot.org/UserDatabase And even for virtual users you should have a home directory for each virtual user. See http://wiki2.dovecot.org/VirtualUsers/Home > A mail to the pam-user 'bar' will deliverd without this error. But both > users should work with the static-userdb. Where is my mistake? Because the userdb returns the home directory of the system user bar. Regards, Pascal -- The trapper recommends today: c01dcofe.1415119 at localdomain.org From christian at lehrer-hoffmann.de Sat May 31 17:35:22 2014 From: christian at lehrer-hoffmann.de (Christian Hoffmann) Date: Sat, 31 May 2014 19:35:22 +0200 Subject: [Dovecot] dovecot: lda(foo): Error: User foo doesn't have home dir set, disabling duplicate database In-Reply-To: <538A0D72.3080809@localhost.localdomain.org> References: <5389EF91.5040606@lehrer-hoffmann.de> <538A0D72.3080809@localhost.localdomain.org> Message-ID: <538A12DA.9060700@lehrer-hoffmann.de> Hello Pascal, but I didn't configure a userdb with driver=ldap. There is only one userdb with driver=static and I assumed, that every user gets the same uid, gid and a valid home directory. Are there some circumstances, that different passdb-drivers treated in special relation to userdb-drivers? Like, one have to configure a userdb-driver=ldap if one uses a passdb-driver=ldap. But the passdb-driver=pam looks into userdb-driver=static. That is the part, I do not understand. Greetings Christian Am 31.05.2014 19:12, schrieb Pascal Volk: > On 05/31/2014 03:04 PM Christian Hoffmann wrote: >> Hello everyone, >> >> I have a small problem with dovecot installed on ubuntu-13.10. I use >> dovcot as LDA with a LDAP-passdb and a pam-passdb. The userdb is static. >> A mail to LDAP-user 'foo' is delivered with the error-message >> >> dovecot: lda(foo): Error: User foo doesn't have home dir set, disabling >> duplicate database > Your LDAP based userdb doesn't return the home directory for user foo. > The LDAP lookup should return the home directory. See > http://wiki2.dovecot.org/UserDatabase > > And even for virtual users you should have a home directory for each > virtual user. See http://wiki2.dovecot.org/VirtualUsers/Home > >> A mail to the pam-user 'bar' will deliverd without this error. But both >> users should work with the static-userdb. Where is my mistake? > Because the userdb returns the home directory of the system user bar. > > > Regards, > Pascal From user+dovecot at localhost.localdomain.org Sat May 31 17:50:55 2014 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Sat, 31 May 2014 17:50:55 +0000 Subject: [Dovecot] dovecot: lda(foo): Error: User foo doesn't have home dir set, disabling duplicate database In-Reply-To: <538A12DA.9060700@lehrer-hoffmann.de> References: <5389EF91.5040606@lehrer-hoffmann.de> <538A0D72.3080809@localhost.localdomain.org> <538A12DA.9060700@lehrer-hoffmann.de> Message-ID: <538A167F.8020206@localhost.localdomain.org> On 05/31/2014 05:35 PM Christian Hoffmann wrote: > Hello Pascal, > > but I didn't configure a userdb with driver=ldap. There is only one > userdb with driver=static and I assumed, that every user gets the same > uid, gid and a valid home directory. > > Are there some circumstances, that different passdb-drivers treated in > special relation to userdb-drivers? Like, one have to configure a > userdb-driver=ldap if one uses a passdb-driver=ldap. But the > passdb-driver=pam looks into userdb-driver=static. That is the part, I > do not understand. > >> [*ToFu*] What is the output of commands `doveadm user -f home foo` and `doveadm user -f home bar`? Regards, Pascal -- The trapper recommends today: c01dcofe.1415119 at localdomain.org From christian at lehrer-hoffmann.de Sat May 31 17:57:11 2014 From: christian at lehrer-hoffmann.de (Christian Hoffmann) Date: Sat, 31 May 2014 19:57:11 +0200 Subject: [Dovecot] dovecot: lda(foo): Error: User foo doesn't have home dir set, disabling duplicate database In-Reply-To: <538A167F.8020206@localhost.localdomain.org> References: <5389EF91.5040606@lehrer-hoffmann.de> <538A0D72.3080809@localhost.localdomain.org> <538A12DA.9060700@lehrer-hoffmann.de> <538A167F.8020206@localhost.localdomain.org> Message-ID: <538A17F7.1080305@lehrer-hoffmann.de> Am 31.05.2014 19:50, schrieb Pascal Volk: > On 05/31/2014 05:35 PM Christian Hoffmann wrote: >> Hello Pascal, >> >> but I didn't configure a userdb with driver=ldap. There is only one >> userdb with driver=static and I assumed, that every user gets the same >> uid, gid and a valid home directory. >> >> Are there some circumstances, that different passdb-drivers treated in >> special relation to userdb-drivers? Like, one have to configure a >> userdb-driver=ldap if one uses a passdb-driver=ldap. But the >> passdb-driver=pam looks into userdb-driver=static. That is the part, I >> do not understand. >> >>> [*ToFu*] > What is the output of commands `doveadm user -f home foo` and `doveadm > user -f home bar`? > > > Regards, > Pascal Here it is: root at ods2:~# doveadm user -f home foo doveadm(root): Error: user foo: Auth USER lookup failed doveadm(root): Error: userdb lookup failed for foo root at ods2:~# doveadm user -f home bar doveadm(root): Error: user bar: Auth USER lookup failed doveadm(root): Error: userdb lookup failed for bar Greetings Christian From dovecot at knutejohnson.com Sat May 31 18:09:48 2014 From: dovecot at knutejohnson.com (Knute Johnson) Date: Sat, 31 May 2014 11:09:48 -0700 Subject: [Dovecot] Upgraded my dovecot? Message-ID: <538A1AEC.2090902@knutejohnson.com> I upgraded my server from Ubuntu 12.04LTS to 14.04LTS and it upgrade my dovecot too. Probably should have thought about that a little more before I pushed the button but oh well. So it didn't work when it came back up and I had to add a "inbox=yes" line to my namespace in 15-mailboxes.conf and that fixed it. So is there anything else I should update in my config files for this newer version of dovecot? # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-30-generic x86_64 Ubuntu 14.04 LTS auth_mechanisms = plain login mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = " imap" service imap-login { inet_listener imaps { port = 0 } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 } } ssl_cert = References: <5389EF91.5040606@lehrer-hoffmann.de> <538A0D72.3080809@localhost.localdomain.org> <538A12DA.9060700@lehrer-hoffmann.de> <538A167F.8020206@localhost.localdomain.org> <538A17F7.1080305@lehrer-hoffmann.de> Message-ID: <538A31AD.9080405@lehrer-hoffmann.de> Am 31.05.2014 19:57, schrieb Christian Hoffmann: > Am 31.05.2014 19:50, schrieb Pascal Volk: >> On 05/31/2014 05:35 PM Christian Hoffmann wrote: >>> Hello Pascal, >>> >>> but I didn't configure a userdb with driver=ldap. There is only one >>> userdb with driver=static and I assumed, that every user gets the same >>> uid, gid and a valid home directory. >>> >>> Are there some circumstances, that different passdb-drivers treated in >>> special relation to userdb-drivers? Like, one have to configure a >>> userdb-driver=ldap if one uses a passdb-driver=ldap. But the >>> passdb-driver=pam looks into userdb-driver=static. That is the part, I >>> do not understand. >>> >>>> [*ToFu*] >> What is the output of commands `doveadm user -f home foo` and `doveadm >> user -f home bar`? >> >> >> Regards, >> Pascal > Here it is: > > root at ods2:~# doveadm user -f home foo > doveadm(root): Error: user foo: Auth USER lookup failed > doveadm(root): Error: userdb lookup failed for foo > root at ods2:~# doveadm user -f home bar > doveadm(root): Error: user bar: Auth USER lookup failed > doveadm(root): Error: userdb lookup failed for bar > > Greetings > Christian A look in the dovecot.log: These two lines appeared during the commands: dovecot: auth: Error: static(foo): passdb doesn't support lookups, can't verify user's existence dovecot: auth: Error: static(bar): passdb doesn't support lookups, can't verify user's existence Which passdb is ment? Greetings Christian From axel.luttgens at skynet.be Sat May 31 21:56:13 2014 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Sat, 31 May 2014 23:56:13 +0200 Subject: [Dovecot] Disabling plus sign extension delimiter in lmtp listener (or userdb) In-Reply-To: <201405301627.23393.benoit.panizzon@imp.ch> References: <201405301627.23393.benoit.panizzon@imp.ch> Message-ID: <6410034F-7D07-4329-964D-DBA262C62830@skynet.be> Le 30 mai 2014 ? 16:27, Benoit Panizzon a ?crit : > Hello > > [...] > > 220 grautvornix.imp.ch Dovecot ready. > mail from: > 250 2.1.0 OK > rcpt to: > 550 5.1.1 User doesn't exist: b at iscan.ch > > I could not find any configuration parameters for the lmtp listener or userdb > service to tell it what to do with the + sign. > Did I miss something, or is it impossible to have the + sign accepted as a > normal character in an email address? Hello Benoit, This is probably related to the recipient_delimiter setting, which defaults to '+'. HTH, Axel