From tss at iki.fi Sat Nov 1 01:12:29 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 31 Oct 2014 18:12:29 -0700 Subject: Corrupted SSL parameters file in state_dir with HG 267bca7a62fb In-Reply-To: <20141031101329.GA35348@nihlus.leuxner.net> References: <20141031101329.GA35348@nihlus.leuxner.net> Message-ID: <12ACF858-7351-489E-BF82-081DB543D342@iki.fi> On 31 Oct 2014, at 03:13, Thomas Leuxner wrote: > with the latest HG 267bca7a62fb the following error started to appear in the logs: > > Oct 31 09:39:07 nihlus dovecot: master: Dovecot v2.2.15 (267bca7a62fb) starting up for imap, lmtp > [...] > Oct 31 10:10:52 nihlus dovecot: lmtp(20876): Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 > Oct 31 10:10:52 nihlus dovecot: lmtp(20876): Error: Couldn't initialize SSL parameters, disabling SSL > Oct 31 10:10:52 nihlus dovecot: lmtp(20876): Connect from local > > This most likely has been introduced with a commit after the previous build installed (aa5dde56424f). I did not find options to disable SSL for LMTP either, as in my setup I'm using a UNIX socket. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/6efd7ab25b71 From pada at posteo.de Sat Nov 1 08:34:53 2014 From: pada at posteo.de (Daniel Parthey) Date: Sat, 01 Nov 2014 09:34:53 +0100 Subject: authentication issues with ipad / mac email client In-Reply-To: <3789F647E7E347C8B7BC96055B46FF6A.MAI@24x7server.net> References: <3789F647E7E347C8B7BC96055B46FF6A.MAI@24x7server.net> Message-ID: <9A7B2D4F-BCEB-41CB-943B-4B0997F63B04@posteo.de> Hi, please post * output of "doveconf -n" * error log messages from dovecot for failed vs. succeeded login Regards Daniel From tlx at leuxner.net Sat Nov 1 09:50:42 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 1 Nov 2014 10:50:42 +0100 Subject: Corrupted SSL parameters file in state_dir with HG 267bca7a62fb In-Reply-To: <12ACF858-7351-489E-BF82-081DB543D342@iki.fi> References: <20141031101329.GA35348@nihlus.leuxner.net> <12ACF858-7351-489E-BF82-081DB543D342@iki.fi> Message-ID: <20141101095042.GA15390@nihlus.leuxner.net> * Timo Sirainen 2014.11.01 02:12: > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/6efd7ab25b71 Looks good now. Thanks -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From tim at bastelfreak.de Sat Nov 1 12:15:40 2014 From: tim at bastelfreak.de (Tim) Date: Sat, 01 Nov 2014 13:15:40 +0100 Subject: Corrupted index cache after migrating from maildir to mdbox In-Reply-To: <1414756698.6545.3@slate> References: <1414756698.6545.3@slate> Message-ID: <5454CEEC.1040103@bastelfreak.de> Hi Karl On 31.10.2014 12:58, Karl O. Pinc wrote: > I was poking around in the code and I think there's > only 1 last_indexed_uid in the data structure. > I have no clue if this value is used outside of fts > but you could poke it with a stick and what exactly do you mean? > try the doveadm fts rescan command to reset this to 0. > I did "doveadm fts rescan -u myaccount" but after that I still see the errors in the log :( > (Sorry if you tried this already. I recently signed up > on the list.) > > I'm seeing last_indexed_uid set to the wrong value (v2.2.9, > Subject: Bug in fts (solr?, Maildir?) incorrect last_indexed_uid) > in some cases. Your error feels like the same kind of thing. > > On 10/31/2014 05:47:51 AM, Tim wrote: >> Hey guys, >> >> I'm still getting theses errors while fetching mails via imap: >> Error: read(/home/vmail/.../mdbox/storage/m.7): FETCH BODY[] for >> mailbox >> INBOX UID 1823 got too little data: 284572 vs 47173 >> Error: Corrupted index cache file >> /home/vmail/.../mdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.cache: >> Broken virtual size for mail UID 1823 >> >> I tried to export them with doveadm fetch. this works fine and doesnt >> create any errors at all at the loge file. Any further toughts here? >> Timo maybe? >> >> On 13.10.2014 10:20, Tim wrote: >>> all mails are stored on an xfs filesystem and only the local >> dovecot >>> accesses it. Possible to fix the index.cache files? I havn't found >>> anything suitable in the docs. The doveadm-index commands are only >> for >>> the fts plugin I think. >>> >>> >>> On 13.10.2014 02:37, Daniel Parthey wrote: >>>> Maybe the index is corrupted too and the index.cache is a cached >> version of the corrupted index? >>>> >>>> Are you using NFS with mdbox and accessing one nfs mailbox >> directory concurrently from several dovecot hosts? >>>> >> >> > > > > > Karl > Free Software: "You don't pay back, you pay forward." > -- Robert A. Heinlein > From skyice at openmailbox.org Sat Nov 1 14:38:48 2014 From: skyice at openmailbox.org (Pierre Barre) Date: Sat, 01 Nov 2014 15:38:48 +0100 Subject: Sa-learn-pipe.sh script modification Message-ID: <5454F078.2050500@openmailbox.org> Hello, I've seen on this wiki page: http://wiki2.dovecot.org/Plugins/Antispam A script called "sa-learn-pipe.sh". I've tested it but it slow things down because dovecot wait for the script termination. So, I've made a modification. Now, the task is running in the background and dovecot move the mail without waiting for the script termination: #!/bin/bash echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt echo "$$-start ($*)" >> /tmp/sa-learn-pipe.log #echo $* > /tmp/sendmail-parms.txt cat<&0 >> /tmp/sendmail-msg-$$.txt /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt && rm -f /tmp/sendmail-msg-$$.txt & echo "$$-end" >> /tmp/sa-learn-pipe.log exit 0 I want know if this can cause any problem ? Thanks. -- Best regards, Pierre Barre. From jernej.porenta at arnes.si Sat Nov 1 15:02:08 2014 From: jernej.porenta at arnes.si (Jernej Porenta) Date: Sat, 01 Nov 2014 16:02:08 +0100 Subject: 2.2.15 Panic in mbox_sync_read_next_mail() In-Reply-To: <54524EC7.5010402@ee.ethz.ch> References: <20141029130348.GA1682@alf.uib.no> <5450F0B7.2050602@ee.ethz.ch> <54524EC7.5010402@ee.ethz.ch> Message-ID: <5454F5F0.3060803@arnes.si> On 30/10/14 15:44, Matthias Egger wrote: > On 10/29/2014 02:50 PM, Matthias Egger wrote: >> >As soon as i can catch a coredump i will send a gdb output. > Okay, here is the gdb ouput i could catch and some more information > about the system. > > > System Infos: > SunOS HOSTNAME 5.10 Generic_150400-10 sun4u sparc SUNW,Sun-Fire-V440 We are experiencing the same issues on CentOS 5: Linux 2.6.18-371.12.1.el5 x86_64 At first, we were reindexing all users with this issue (doveadm index), now we are just forcing mailbox resync (doveadm force-mailbox-resync), however it is not fixing it :( We still don't have the pattern, when does this occur (multiple IMAP sessions?, IMAP/POP)... We might revert to 2.2.13, where such problems were way less frequent. cheers, Jernej From gedalya at gedalya.net Sat Nov 1 21:59:35 2014 From: gedalya at gedalya.net (Gedalya) Date: Sat, 01 Nov 2014 17:59:35 -0400 Subject: Released Pigeonhole v0.4.5 for Dovecot v2.2.15. In-Reply-To: <5452E639.80307@rename-it.nl> References: <5452BEEA.8000105@rename-it.nl> <5452CB93.8000003@localhost.localdomain.org> <5452E639.80307@rename-it.nl> Message-ID: <545557C7.60504@gedalya.net> On 10/30/2014 09:30 PM, Stephan Bosch wrote: > On 10/31/2014 12:36 AM, Pascal Volk wrote: >> On 10/30/2014 10:42 PM, Stephan Bosch wrote: >>> ? >>> The release is available as follows: >>> >>> http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.5.tar.gz >>> http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.5.tar.gz.sig >>> >>> Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for >>> more information. Have fun testing this new release and don't hesitate >>> to notify me when there are any problems. >> Hi Stephan, >> >> I guess there is a problem: > This solves it: > > http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/3e924b1b6c5c > > Wonder if this is bad enough for yet another release. Not a good day. :/ > > Regards, > > Stephan. Does seem to prevent the debian package from building.. From rs at sys4.de Sat Nov 1 23:10:09 2014 From: rs at sys4.de (Robert Schetterer) Date: Sun, 02 Nov 2014 00:10:09 +0100 Subject: Released Pigeonhole v0.4.5 for Dovecot v2.2.15. In-Reply-To: <545557C7.60504@gedalya.net> References: <5452BEEA.8000105@rename-it.nl> <5452CB93.8000003@localhost.localdomain.org> <5452E639.80307@rename-it.nl> <545557C7.60504@gedalya.net> Message-ID: <54556851.7000104@sys4.de> Am 01.11.2014 um 22:59 schrieb Gedalya: > On 10/30/2014 09:30 PM, Stephan Bosch wrote: >> On 10/31/2014 12:36 AM, Pascal Volk wrote: >>> On 10/30/2014 10:42 PM, Stephan Bosch wrote: >>>> ? >>>> The release is available as follows: >>>> >>>> http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.5.tar.gz >>>> >>>> http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.5.tar.gz.sig >>>> >>>> >>>> Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for >>>> more information. Have fun testing this new release and don't hesitate >>>> to notify me when there are any problems. >>> Hi Stephan, >>> >>> I guess there is a problem: >> This solves it: >> >> http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/3e924b1b6c5c >> >> Wonder if this is bad enough for yet another release. Not a good day. :/ >> >> Regards, >> >> Stephan. > Does seem to prevent the debian package from building.. recompile deb from http://xi.rename-it.nl/debian/ latest there http://xi.rename-it.nl/debian/pool/testing-auto/dovecot-2.2/?C=M;O=A dovecot_2.2.15-1~auto+30 works Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From stephan at rename-it.nl Sun Nov 2 17:48:27 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Sun, 02 Nov 2014 18:48:27 +0100 Subject: Released Pigeonhole v0.4.6 for Dovecot v2.2.15. Message-ID: <54566E6B.9020604@rename-it.nl> Hello Dovecot users, Version 0.4.5 introduced one new 'feature', but it caused build problems. This release fixes that. If you've successfully installed 0.4.5, you do not need to upgrade. Changelog v0.4.6: - After make distclean, the distributed tarball would fail to recompile. This causes problems for some distribution builds. The release is available as follows: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.6.tar.gz http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.6.tar.gz.sig Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for more information. Have fun testing this new release and don't hesitate to notify me when there are any problems. Regards, -- Stephan Bosch stephan at rename-it.nl From list at airstreamcomm.net Mon Nov 3 20:06:15 2014 From: list at airstreamcomm.net (List) Date: Mon, 03 Nov 2014 14:06:15 -0600 Subject: Postlogin script in v1 Message-ID: <5457E037.8060001@airstreamcomm.net> Does dovecot-1.0.7-7.el5 support postlogin scripting? From user+dovecot at localhost.localdomain.org Mon Nov 3 21:35:09 2014 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Mon, 03 Nov 2014 21:35:09 +0000 Subject: Postlogin script in v1 In-Reply-To: <5457E037.8060001@airstreamcomm.net> References: <5457E037.8060001@airstreamcomm.net> Message-ID: <5457F50D.9060401@localhost.localdomain.org> On 11/03/2014 08:06 PM, List wrote: > Does dovecot-1.0.7-7.el5 support postlogin scripting? Hi List, there is the Post-login documentation for your outdated/unsupported installation: http://wiki1.dovecot.org/PostLoginScripting Regards, Pascal -- The trapper recommends today: fabaceae.1430722 at localdomain.org From mysql.jorge at decimal.pt Mon Nov 3 22:29:47 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Mon, 3 Nov 2014 22:29:47 -0000 Subject: Example records for SQL AUTH Message-ID: <00a201cff7b5$acd4c440$067e4cc0$@jorge@decimal.pt> Hi, Where can I get examples for the records for the "users" table? For SHA512-CRYPT, I tried: replace into users values ('a at a.com','a.com',ENCRYPT('b', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))),'',0,0,'true'); schema is: CREATE TABLE `users` ( `username` varchar(255) NOT NULL, `domain` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, `home` varchar(255) NOT NULL, `uid` int(11) NOT NULL, `gid` int(11) NOT NULL, `active` enum('true','false') NOT NULL DEFAULT 'true', PRIMARY KEY (`username`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 Password_query: password_query = select username, domain,password from users where username='%u' and domain='%d' and active='true' What could I be missing? but logs says user is not found in userdb: Nov 3 22:17:24 fastmail dovecot: auth: Error: sql(a at a.com,127.0.0.1,): user not found from userdb Nov 3 22:17:24 fastmail dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=3938844673 (client-pid=10240 client-id=1) Nov 3 22:17:24 fastmail dovecot: pop3-login: Internal login failure (pid=10240 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=10247, secured, session= From dovecot.pkoch at dfgh.net Mon Nov 3 22:46:20 2014 From: dovecot.pkoch at dfgh.net (dovecot.pkoch at dfgh.net) Date: Mon, 3 Nov 2014 23:46:20 +0100 Subject: SSL Client authentication with trustcenter-certificate Message-ID: Dear reader, we are using dovecot 2.2.7 and like it very much. Authentication is done via a checkpassword program that does two things: 1) check wether the client has connected via SSL using a client certificate 2) check wether the client is using a one time password generator Most of our users are using certificates that we have created ourself. These certificates contain a x500uniqueidentifier. But some users are using certificates from a german trust center and these certificates do not contain a x500uniqueIdentifier nor something similar. I would like to map these certificates to user accounts and my first idea was to do so from my checkpassword programm. But how do I find out the client-certificate from within a checkpassword script. I tried to add an additional entry to auth_request_var_expand_static_tab and fill in that environment variable in auth_request_get_var_expand_table_full() (both in src/auth/auth-request.c). But where do I find the SSL-context from which I can extract the client certificate? Kind regards Peter Koch From sakaki at oftech.co.jp Tue Nov 4 11:04:02 2014 From: sakaki at oftech.co.jp (=?ISO-2022-JP?B?GyRCJSohPCUoJVUhJiVGJUMlLyEhOmcbKEI=?=) Date: Tue, 04 Nov 2014 20:04:02 +0900 Subject: Some of the mail on the server to duplicate. Message-ID: <5458B2A2.4040701@oftech.co.jp> I am using dovecot in mbox format. I'm going to set to leave the 30-day mail to the server with the mail client. The other day, some of email was received duplicate When receive mail. Mail does not arrive between Nov 4 11:09:03 and Nov 4 11:13:25. There should be the 259 (274-15) messages at the time of Nov 4 11:09:03 on the server from the log. But there were the 280 messages at the time of Nov 4 11:13:25 and 21 messages was a duplicate. Do you know the cause? /var/log/maillog -------------------------------------------------- Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): Loading modules from directory: /usr/lib/dovecot/pop3 Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): Module loaded: /usr/lib/dovecot/pop3/drac.so Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): Effective uid=1000, gid=1000 Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): [drac]: login by xxxx from 153.219.140.xxx Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): mbox: data=/home/xxx/mail:INBOX=/var/spool/mail/xxx Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): mbox: root=/home/xxx/mail, index=/home/xxx/mail, inbox=/var/spool/mail/xxx Nov 4 11:09:03 xxxxxxxx dovecot: POP3(xxxx): Disconnected: Logged out top=0/0, retr=32/209178, del=15/274, size=3554823 Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): Loading modules from directory: /usr/lib/dovecot/pop3 Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): Module loaded: /usr/lib/dovecot/pop3/drac.so Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): Effective uid=1000, gid=1000 Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): [drac]: login by xxxx from 153.219.140.xxx Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): mbox: data=/home/xxx/mail:INBOX=/var/spool/mail/xxx Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): mbox: root=/home/xxx/mail, index=/home/xxx/mail, inbox=/var/spool/mail/xxx Nov 4 11:13:27 xxxxxxxx dovecot: POP3(xxxx): Disconnected: Logged out top=0/0, retr=42/279598, del=0/280, size=3346231 -------------------------------------------------- dovecot -n -------------------------------------------------- # 1.0.7: /etc/dovecot.conf protocols: imaps pop3s ssl_ca_file: /etc/mail/certs/mail.xxxxxxxx.co.jp.cacert.pem ssl_cert_file: /etc/mail/certs/mail.xxxxxxxx.co.jp.crt ssl_key_file: /etc/mail/certs/mail.xxxxxxxx.co.jp.key ssl_cipher_list: ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_greeting: ready. mail_access_groups: mail mail_privileged_group: mail mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u mail_debug: yes mbox_write_locks: dotlock fcntl mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/pop3 mail_plugins(default): drac mail_log mail_plugins(imap): drac mail_log mail_plugins(pop3): drac mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 mail_log_max_lines_per_sec: 0 pop3_reuse_xuidl(default): no pop3_reuse_xuidl(imap): no pop3_reuse_xuidl(pop3): yes pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes auth default: passdb: driver: pam userdb: driver: passwd plugin: drac_host: xxx.xxx.xxx.xxx -------------------------------------------------- uname -a -------------------------------------------------- Linux xxxxxxxx.co.jp 2.6.18-371.9.1.el5PAE #1 SMP Tue Jun 10 19:05:56 EDT 2014 i686 i686 i386 GNU/Linux -------------------------------------------------- From jbehrend at mpifr-bonn.mpg.de Tue Nov 4 11:33:13 2014 From: jbehrend at mpifr-bonn.mpg.de (Jan Behrend) Date: Tue, 04 Nov 2014 12:33:13 +0100 Subject: sieve replication and .dovecot.lda-dupes Message-ID: <1415100793.7231.83.camel@jb1.mpifr-bonn.mpg.de> Hello list, I have a replicated dovecot with two servers. People seem to get vacation responses more often then it is specified in "days: XX", depending on which dovecot instance they receive the incoming mail. Is ".dovecot.lda-dupes" replicated? The other problem is that the vacation response is coming from the wrong address depending on which field the recipient was listed: "to:" or "cc:" Here is my test example: g9-rz has the vacation rule set up: date | mail -s test -r jbehrend at mpifr-bonn.mpg.de -c g9-rz at mpifr-bonn.mpg.de jan at flatpick.de and this returns this vacation response: ### snip ### Return-Path: <> Delivered-To: Received: from mail2.mpifr-bonn.mpg.de ([134.104.18.60]) by mailbox2.mpifr-bonn.mpg.de (Dovecot) with LMTP id +pgPDzm1WFSn9wAAvl5QjA for ; Tue, 04 Nov 2014 12:16:13 +0100 X-Sieve: Pigeonhole Sieve 0.4.2 Message-ID: Date: Tue, 04 Nov 2014 12:16:13 +0100 From: jan at flatpick.de To: Subject: Vacation In-Reply-To: References: Auto-Submitted: auto-replied (vacation) Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Evolution-Source: 1385020682.6450.3 at jb1 Ain't here! Go away or something ... Cheers ### snip ### I would expect "g9-rz at mpifr-bonn.mpg.de" in the from: field. Is this correct? Cheers Jan -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum ---------------------------------------- Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 jbehrend at mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de -------------- next part -------------- # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7 xfs auth_gssapi_hostname = imap.mpifr-bonn.mpg.de auth_krb5_keytab = /etc/krb5-ha.keytab auth_mechanisms = plain login gssapi auth_verbose = yes default_process_limit = 1024 default_vsz_limit = 512 M dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } doveadm_password = xxx doveadm_port = 50222 listen = 134.104.18.77 lmtp_save_to_detail_mailbox = yes mail_location = mdbox:/var/mail/%Ln/maildrop mail_plugins = acl zlib notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mdbox_rotate_size = 10 M namespace mpifr_private { inbox = yes location = prefix = separator = . } namespace mpifr_shared { inbox = no list = children location = mdbox:/var/mail/%%n/maildrop prefix = shared.%%n. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } plugin { acl = vfile acl_defaults_from_inbox = yes acl_shared_dict = proxy::acl mail_replica = tcp:192.168.42.173:50222 sieve = ~/.dovecot.sieve sieve_after = /var/mail/global-after.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_global_dir = /var/mail zlib_save = gz zlib_save_level = 6 } protocols = " imap lmtp sieve pop3" replication_dsync_parameters = -d -l 30 -U -n mpifr_private -n mpifr_shared replication_max_conns = 6 service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service anvil { client_limit = 8192 } service auth { client_limit = 8192 unix_listener auth-userdb { group = vmail user = vmail } } service dict { unix_listener dict { group = vmail user = vmail } } service doveadm { inet_listener { address = 192.168.42.105 port = 50222 } } service imap-login { process_min_avail = 5 service_count = 1 } service imap { vsz_limit = 512 M } service indexer-worker { client_limit = 1 process_limit = 10 user = root } service lmtp { inet_listener lmtp { address = 134.104.18.105 port = 24 } } service managesieve-login { inet_listener sieve { address = 134.104.18.77 port = 4190 } service_count = 1 } service pop3-login { process_min_avail = 5 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = required ssl_cert = From maegger at ee.ethz.ch Tue Nov 4 11:38:02 2014 From: maegger at ee.ethz.ch (Matthias Egger) Date: Tue, 04 Nov 2014 12:38:02 +0100 Subject: 2.2.15 Panic in mbox_sync_read_next_mail() In-Reply-To: <20141029130348.GA1682@alf.uib.no> References: <20141029130348.GA1682@alf.uib.no> Message-ID: <5458BA9A.7060401@ee.ethz.ch> Has someone of you just found any kind of solution to this problem? We first had only one user with this problem. But now there are two more users expecting the same problems. And as Jernej said, doveadm "index" and "force-resync" do not solve the problem at all. After a few hours these users have the same kind of errors and crashes. We have now reverted back to 2.2.13 but that could not be a permanent solution. Timo Sirainen, have you maybe given a look to this or any hint? Best regards Matthias -- Matthias Egger ETH Zurich Department of Information Technology maegger at ee.ethz.ch and Electrical Engineering IT Support Group (ISG.EE), ETL/F/24.1 Phone +41 (0)44 632 03 90 Physikstrasse 3, CH-8092 Zurich Fax +41 (0)44 632 11 95 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4099 bytes Desc: S/MIME Cryptographic Signature URL: From teemu.huovila at dovecot.fi Tue Nov 4 12:20:48 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Tue, 04 Nov 2014 14:20:48 +0200 Subject: 2.2.15 Panic in mbox_sync_read_next_mail() In-Reply-To: <5458BA9A.7060401@ee.ethz.ch> References: <20141029130348.GA1682@alf.uib.no> <5458BA9A.7060401@ee.ethz.ch> Message-ID: <5458C4A0.4010501@dovecot.fi> On 11/04/2014 01:38 PM, Matthias Egger wrote: > > Has someone of you just found any kind of solution to this problem? Could the people experiencing this please send at least a) output of doveconf -n b) anonymized mbox content for an affected mbox ( http://www.dovecot.org/tools/mbox-anonymize.pl ). Other details can not hurt either. br, Teemu Huovila From dovecot-mailing-list at whyaskwhy.org Tue Nov 4 15:57:07 2014 From: dovecot-mailing-list at whyaskwhy.org (deoren) Date: Tue, 04 Nov 2014 09:57:07 -0600 Subject: Example records for SQL AUTH In-Reply-To: <00a201cff7b5$acd4c440$067e4cc0$@jorge@decimal.pt> References: <00a201cff7b5$acd4c440$067e4cc0$@jorge@decimal.pt> Message-ID: <5458F753.4060201@whyaskwhy.org> On 11/3/2014 4:29 PM, Jorge Bastos wrote: > Hi, > > > > Where can I get examples for the records for the "users" table? If I understand your question properly and you're looking for examples of creating new virtual users, then this guide covers that: https://www.linode.com/docs/email/email-with-postfix-dovecot-and-mysql You would have to adjust to fit your chosen schema of course as theirs is a much simpler setup that excludes the uid, gid, and home values. > > For SHA512-CRYPT, I tried: > > > > replace into users values ('a at a.com','a.com',ENCRYPT('b', CONCAT('$6$', > SUBSTRING(SHA(RAND()), -16))),'',0,0,'true'); > > > > schema is: > > CREATE TABLE `users` ( > > `username` varchar(255) NOT NULL, > > `domain` varchar(255) NOT NULL, > > `password` varchar(255) NOT NULL, > > `home` varchar(255) NOT NULL, > > `uid` int(11) NOT NULL, > > `gid` int(11) NOT NULL, > > `active` enum('true','false') NOT NULL DEFAULT 'true', > > PRIMARY KEY (`username`) > > ) ENGINE=InnoDB DEFAULT CHARSET=utf8 > > > > Password_query: > > password_query = select username, domain,password from users where > username='%u' and domain='%d' and active='true' What does your auth-sql-conf.ext file look like? With as much information as you already have in your database schema you may want to look at using the Prefetch userdb. http://wiki2.dovecot.org/UserDatabase/Prefetch P.S. Apologies for the duplication. I forgot to reply to the list with my last response. From 24x7server at 24x7server.net Tue Nov 4 17:57:57 2014 From: 24x7server at 24x7server.net (Rajesh M.) Date: Tue, 4 Nov 2014 23:27:57 +0530 Subject: authentication issues with ipad / mac email client Message-ID: hi i am using dovecot version2.2.7 provided by qmailtoaster - 64 bit on centos 6.5 64 bit system - 16 gb ram with a hex core processor. i was using qmail pop3 on a 32 bit system for the past over 7 years and had absolutely no issues. with dovecot pop3 i have started receiving a variety of problems mac machines and ipads -- port 110 does not work at all. i have to use port 995 only. i have allowed plain text auth. thunderbird works perfectly -- both imap and pop3 with port 110 and port 995 outlook 2010 also works but incase of one customer the mail download is very slow. i have a windows servers with mailenable mail server and the same customer could download perfectly from those windows servers. i am using the default "service pop3" settings Do i need to increase the memory settings / for pop3 login similar to imap login which i am missing out like what is configured for imap. (pl see config file below) My mail server is busy with around 4000 mailboxes and transacting over 200k emails per day. atleast around 250 simultaneous pop3 connections during peak hours. # dovecot -a | grep pop3_uidl_format pop3_uidl_format = %08Xu%08Xv [root at ns1 spamassassin]# dovecot -n # 2.2.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.29.2.el6.x86_64 x86_64 CentOS release 6.5 (Final) auth_cache_negative_ttl = 0 auth_cache_size = 32 M auth_cache_ttl = 30 mins auth_mechanisms = plain login digest-md5 cram-md5 default_login_user = vpopmail disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 log_path = /var/log/dovecot.log login_greeting = ready. mail_max_userip_connections = 50 mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = prefix = separator = . type = private } passdb { args = cache_key=%u webmail=127.0.0.1 driver = vpopmail } plugin { quota = maildir:ignore=Trash quota_rule = ?:storage=0 } protocols = imap pop3 service imap-login { client_limit = 256 process_limit = 400 process_min_avail = 4 service_count = 0 vsz_limit = 384 M } ssl_cert = Hi, I've setup FTS using lucene and it should be working, the lucene index is updated when mail arrives. I also managed to reindex my INBOX: doveadm index -u foo -q INBOX However, when I try to index an Archives folder: doveadm index -u foo -q Archives, the index-work crashed with this log message: dovecot: indexer-worker(foo): Panic: file message-decoder.c: line 363 (message_decode_body): assertion failed: (ctx->translation_size <= sizeof(ctx->translation_buf)) dovecot: indexer: Error: Indexer worker disconnected, discarding 1 requests for foo dovecot: indexer-worker(foo): Fatal: master: service(indexer-worker): child 28730 killed with signal 6 (core dumps disabled) The Archives folder has 22317 messages. Please help. dovecot --version 2.2.15 dovecot -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-STABLE i386 auth_username_format = %Ln first_valid_gid = 1000 first_valid_uid = 1000 login_trusted_networks = xxx.xxx.xxx.x/24 mail_location = maildir:~/Maildir mail_plugins = " fts fts_lucene" mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { antispam_backend = spool2dir antispam_spam = Junk antispam_spool2dir_notspam = /var/spool/dovecot-antispam/queue/ham-%%020lu-%u-%%05lu antispam_spool2dir_spam = /var/spool/dovecot-antispam/queue/spam-%%020lu-%u-%%05lu antispam_trash = Trash fts = lucene fts_autoindex = yes fts_lucene = whitespace_chars=@. } protocols = imap lmtp sieve service imap-login { inet_listener imap { address = xxx.xxx.xxx.x } inet_listener imaps { address = xxx.xx.xx.xx } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { address = xxx.xx.xx.xx xxx.xxx.xx.x port = 4190 } } ssl_cert = (from tim@bastelfreak.de on Sat Nov 1 07:15:40 2014) References: <1414756698.6545.3@slate> <5454CEEC.1040103@bastelfreak.de> Message-ID: <1415131631.20990.6@slate> On 11/01/2014 07:15:40 AM, Tim wrote: > Hi Karl > > On 31.10.2014 12:58, Karl O. Pinc wrote: > > I was poking around in the code and I think there's > > only 1 last_indexed_uid in the data structure. > > I have no clue if this value is used outside of fts > > but you could poke it with a stick and > > what exactly do you mean? > > > try the doveadm fts rescan command to reset this to 0. > > > > I did "doveadm fts rescan -u myaccount" but after that I still see > the > errors in the log :( What you did is what I thought might be worth trying. Karl Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein From infoomatic at gmx.at Tue Nov 4 21:22:22 2014 From: infoomatic at gmx.at (Infoomatic) Date: Tue, 4 Nov 2014 22:22:22 +0100 Subject: error using fts/tika Message-ID: Hi, I played around a bit and tried to get tika to run with dovecot. In the end I was at least a bit successful. However, when I tried to index my inbox with "doveadm index -A '*'" I get: doveadm(infoomatic): Error: fts_tika: PUT http://localhost:8081/tika failed: 500 Server Error doveadm(infoomatic): Warning: I/O leak: 0x7f4f697bb170 (line 127, fd 24) doveadm(infoomatic): Panic: file ioloop-iolist.c: line 22: unreached doveadm(infoomatic): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x67f30) [0x7f4f697e8f30] -> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7f4f697e8f9a] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4f6979c515] -> /usr/lib/dovecot/libdovecot.so.0(+0x79b0d) [0x7f4f697fab0d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handle_add+0x3b) [0x7f4f697fb2ab] -> /usr/lib/dovecot/libdovecot.so.0(+0x78cf1) [0x7f4f697f9cf1] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_move_io+0x3e) [0x7f4f697fa93e] -> /usr/lib/dovecot/libdovecot.so.0(connection_switch_ioloop+0x14) [0x7f4f697e6df4] -> /usr/lib/dovecot/libdovecot.so.0(http_client_switch_ioloop+0x28) [0x7f4f697bf8e8] -> /usr/lib/dovecot/libdovecot.so.0(+0x36a86) [0x7f4f697b7a86] -> /usr/lib/dovecot/modules/lib21_fts_solr_plugin.so(solr_connection_post_more+0x29) [0x7f4f68d9f069] -> /usr/lib/dovecot/modules/lib21_fts_solr_plugin.so(+0x3547) [0x7f4f68d9b547] -> /usr/lib/dovecot/modules/lib20_fts_plugin.so(fts_build_mail+0x35c) [0x7f4f68faaffc] -> /usr/lib/dovecot/modules/lib20_fts_plugin.so(+0xd3ee) [0x7f4f68fb03ee] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x19) [0x7f4f69ac3c39] -> doveadm() [0x419501] -> doveadm() [0x4153c3] -> doveadm(doveadm_mail_try_run+0x48c) [0x4162ac] -> doveadm(main+0x3d8) [0x412588] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f4f693dcec5] -> doveadm() [0x4127a4] Aborted (core dumped) The last messages of the tika-server: Nov 04, 2014 10:18:17 PM org.apache.tika.server.TikaResource logRequest INFO: tika (video/x-ms-wmv) Nov 04, 2014 10:18:17 PM org.apache.tika.server.TikaResource$3 write WARNING: tika: Text extraction failed org.apache.tika.exception.TikaException: Unexpected RuntimeException from org.apache.tika.server.TikaResource$1 at 44742f73 Nov 04, 2014 10:18:17 PM org.apache.cxf.jaxrs.utils.JAXRSUtils logMessageHandlerProblem SEVERE: Problem with writing the data, class org.apache.tika.server.TikaResource$3, ContentType: text/plain Nov 04, 2014 10:18:17 PM org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper toResponse WARNING: javax.ws.rs.WebApplicationException: HTTP 415 Unsupported Media Type dovecot -n: # 2.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-39-generic x86_64 Ubuntu 14.04.1 LTS ext4 auth_username_format = %n disable_plaintext_auth = no mail_gid = vmail mail_home = /var/lib/vmail/home/%u mail_location = mdbox:/var/lib/vmail/mail/%u mail_plugins = fts fts_solr mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate imapflags mdbox_rotate_size = 32 M namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://localhost:8080/solr/ break-imap-search fts_tika = http://localhost:8081/tika sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +imapflags } protocols = " imap sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail user = vmail } } service managesieve-login { inet_listener sieve_deprecated { port = 2000 } } ssl_cert = Hello list, I have a need for someone to point me in the right direction. Our old email system (system A) had an account that acted as a mailing list accumulator/archiver. This account was a member of every list and mail would be sent to it's address. The strange part is that email was not delivered to system A because there was a . (dot) forward alias to another machine (system B) that runs sendmail. System B's sendmail then slurped up the incoming mail and processed it in some fashion which I do not care about. On our new mail server (system C (OS is RHEL6.5, dovecot-2.0.9-7.el6_5.1.x86_64, postfix-2.6.6-6.el6_5.x86_64)), I performed a bulk Linux account and mailbox migration from system A to system C using postfix/dovecot/imapsync. But I forgot to put the alias in place on system C to send all incoming that special account's mail on system B. So mail started to get delivered to local user ar_list on system C. So now I have a Maildir format mailbox on system C that has mail in it and I want to be able to manipulate and/or re-send those emails as new mail to system B. Once it is received by sendmail on system B, then I don't care about it any more. Is there a way to take mail sitting on disk in a mailbox and deliver it as if it was new mail to some other machine? Thanks, James -bash-4.1$ ls -l total 566 drwx------ 2 ar_list users 2048 Aug 7 21:29 cur -rw------- 1 ar_list users 12556 Oct 8 17:09 dovecot.index -rw------- 1 ar_list users 378880 Oct 9 14:41 dovecot.index.cache -rw------- 1 ar_list users 2580 Oct 9 14:41 dovecot.index.log -rw------- 1 ar_list users 65549 Oct 9 14:41 dovecot-uidlist -rw------- 1 ar_list users 8 Aug 7 19:38 dovecot-uidvalidity -r--r--r-- 1 ar_list users 0 Aug 7 19:38 dovecot-uidvalidity.53e40ddc drwx------ 2 ar_list users 100352 Oct 9 14:41 new drwx------ 2 ar_list users 2048 Oct 9 14:41 tmp -bash-4.1$ ls new/ | wc -l 1020 -bash-4.1$ ls cur | wc -l 25 From hiromi at tac.tsukuba.ac.jp Wed Nov 5 00:14:38 2014 From: hiromi at tac.tsukuba.ac.jp (Hiromi Kimura) Date: Wed, 05 Nov 2014 09:14:38 +0900 Subject: doveadm index message-decoder assertion failed In-Reply-To: <54591747.2010503@ctzen.com> Message-ID: <20141105091438.Horde.ElRmZIPaZA-646PWLZG2oA1@mail.tac.tsukuba.ac.jp> cs+dovecot at ctzen.com wrote? > Hi, > > I've setup FTS using lucene and it should be working, the lucene > index is updated when mail arrives. > > I also managed to reindex my INBOX: doveadm index -u foo -q INBOX > > However, when I try to index an Archives folder: doveadm index -u > foo -q Archives, the index-work crashed with this log message: > > dovecot: indexer-worker(foo): Panic: file message-decoder.c: line > 363 (message_decode_body): assertion failed: (ctx->translation_size > <= sizeof(ctx->translation_buf)) > dovecot: indexer: Error: Indexer worker disconnected, discarding 1 > requests for foo > dovecot: indexer-worker(foo): Fatal: master: > service(indexer-worker): child 28730 killed with signal 6 (core > dumps disabled) > > The Archives folder has 22317 messages. > > Please help. > > > dovecot --version > 2.2.15 > > > dovecot -n > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 10.0-STABLE i386 Last week, I faced same error on FreeBSD10.0 with solr index setup. This is a FreeBSD10 specific problem due to iconv library (in libc). So, solution is install the converters/libiconv package and recompile dovecot package. Edit mail/dovecot2/Makefile, from USES= cpe iconv libtool to USES= cpe iconv:translit libtool Hope this helps you. -=-=-=-=- Hiromi KIMURA http://www.tac.tsukuba.ac.jp/~hiromi/ From skdovecot at smail.inf.fh-brs.de Wed Nov 5 06:48:34 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 5 Nov 2014 07:48:34 +0100 (CET) Subject: Can I take mail from Maildir mailbox and deliver it as new? In-Reply-To: <54594F53.5060603@bnl.gov> References: <54594F53.5060603@bnl.gov> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 4 Nov 2014, James Pryor wrote: > Is there a way to take mail sitting on disk in a mailbox and deliver it as if > it was new mail to some other machine? If you don't care about the Recieved and probable Delivered-To lines the delivery on system C has added, you can "resent" it via: for f in new/* cur/*; do sendmail "final_recipient_on_system_B" < "$f" done However, first test if a message sent from command line takes the route you want it to take :-) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVFnIQ3z1H7kL/d9rAQJX/AgAwyooFEWpVbc5g2mjcgSGnTgRQrnIlnag v0Hxr0ZHunYCQc9mXhGEOPsr3zCPEUxANDWf03H1jvUFxj37iCAp0X6MpMk13+x0 2U8pFx4bqEy82+71gh8r/UB/9KPUsgG32WLcE8xKqF8avtr4yJBazOScmtnbF/f/ cPzIFxf90eP/8VAlh3epRR1bwLVxnm1f+V0PqYry9zJ+ruVUL0DoJJiYOYxUg4Mz 684NDhz2DA8eDcf+Edrfy+UiRROR85idBWnj173lO0KL/K6bsyzfHtkqfaXgObO7 BjZdMelKTrVTTXmjSZaO0fOtbgQ6irZU5B1IxCbMAN12/l4RMFlxLw== =O7Rc -----END PGP SIGNATURE----- From stephan at rename-it.nl Wed Nov 5 08:09:15 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 05 Nov 2014 09:09:15 +0100 Subject: sieve replication and .dovecot.lda-dupes In-Reply-To: <1415100793.7231.83.camel@jb1.mpifr-bonn.mpg.de> References: <1415100793.7231.83.camel@jb1.mpifr-bonn.mpg.de> Message-ID: <5459DB2B.7010602@rename-it.nl> On 11/4/2014 12:33 PM, Jan Behrend wrote: > The other problem is that the vacation response is coming from the wrong > address depending on which field the recipient was listed: "to:" or > "cc:" > > Here is my test example: That very is strange. Can you show me your Sieve script? Regards, Stephan. From lists at xunil.at Wed Nov 5 08:54:26 2014 From: lists at xunil.at (Stefan G. Weichinger) Date: Wed, 05 Nov 2014 09:54:26 +0100 Subject: Public mailbox confusion In-Reply-To: <54477FF3.20803@xunil.at> References: <54477A50.3040405@xunil.at> <54477D44.5020506@xunil.at> <54477FF3.20803@xunil.at> Message-ID: <5459E5C2.3090905@xunil.at> Am 22.10.2014 um 11:59 schrieb Stefan G. Weichinger: > synced some folders, yes, now they show up. > > I am unsure about the "subscriptions" parameter and how to achieve > that all the subfolders are visible/subscribed from the start. I solved my problem with syncing the "Public Folders" from the exchange server, that looks good and I also got the new public namespace visible for all dovecot-users. What I still don't know and therefore would like to bring up again here: We want that the whole tree below this new public namespace is always visible for all the users. As if it were folders in a samba share, if someone creates subfolders in there they should be automatically visible to the other users. Or explained in another way: the users shouldn't have to manually subscribe to each new folder ... the server should do that somehow ;-) I expect that other companies/users have similar requirements so maybe someone could point me to a solution. Thanks! Stefan From lista at xdrv.co.uk Wed Nov 5 09:27:50 2014 From: lista at xdrv.co.uk (James) Date: Wed, 05 Nov 2014 09:27:50 +0000 Subject: Example records for SQL AUTH In-Reply-To: <00a201cff7b5$acd4c440$067e4cc0$@jorge@decimal.pt> References: <00a201cff7b5$acd4c440$067e4cc0$@jorge@decimal.pt> Message-ID: <5459ED96.6020600@xdrv.co.uk> On 03/11/2014 22:29, Jorge Bastos wrote: > Password_query: > > password_query = select username, domain,password from users where > username='%u' and domain='%d' and active='true' > Try "... username='%n' ..." not %u From doc/dovecot/example-config/dovecot-sql.conf # Commonly used available substitutions (see http://wiki.dovecot.org/Variables # for full list): # %u = entire user at domain # %n = user part of user at domain # %d = domain part of user at domain James. From rkryger at gate.net Tue Nov 4 16:46:51 2014 From: rkryger at gate.net (Robert Kryger) Date: Tue, 4 Nov 2014 11:46:51 -0500 Subject: Dovecot-lda permission errors or maybe authentication errors? Message-ID: <00a501cff84e$ef160910$cd421b30$@net> I am a new dovecot user who recently transitioned my old mailserver to a new CentOS/Postfix/Dovecot system. I am running a simple configuration with about a dozen system users and Maildir folders. The e-mail setup seems to be running fine when I use the default local-delivery-agent in Postfix. However, I am trying to use the dovecot-lda instead so I can take advantage of the sieve functionality. I have tried to specify the dovecot-lda in two ways. First, in the /etc/postfix/main.cf file: mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" or alternatively, I leave the mailbox_command blank and specify the following in the .forward file of a test user: | "/usr/libexec/dovecot/dovecot-lda" Either approach gives me the same error(s). When a mail message is sent to the test user USER1, the following errors appear in the dovecot-lda error file: Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: Permission denied (euid=524(user1) egid=524(user1) stat() failed: No such file or directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): Error: user user1: Initialization failed: Namespace 'INBOX.': stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) egid=524(user1) stat() failed: No such file or directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer to server log for more information. Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: Permission denied (euid=524(user1) egid=524(user1) stat() failed: No such file or directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): Error: user user1: Initialization failed: Namespace 'INBOX.': stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) egid=524(user1) stat() failed: No such file or directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer to server log for more information. At first, I interpreted this to mean the file permissions were not set correctly on the home directory or the Maildir folder. However, I have opened these up to full rwx access for everyone and I still get the same errors. Alternatively, perhaps this is related somehow to the dovecot-lda authentication process via the password or user databases, but I can't make any sense of the documentation. Can anyone suggest what might be wrong or how to better diagnose? For reference, I am running dovecot version 2.0.9. The dovecot-lda process also outputs the following messages (not errors) when a test message is sent to the USER1 account: Nov 04 08:47:29 lda: Debug: Loading modules from directory: /usr/lib64/dovecot Nov 04 08:47:29 lda: Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so Nov 04 08:47:29 lda(user1): Debug: Effective uid=524, gid=524, home=/home/user1 Nov 04 08:47:29 lda(user1): Debug: Namespace : type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 04 08:47:29 lda(user1): Debug: maildir++: root=/home/user1/Maildir, index=, control=, inbox=/home/user1/Maildir Nov 04 08:47:29 lda: Debug: Loading modules from directory: /usr/lib64/dovecot Nov 04 08:47:29 lda: Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so Nov 04 08:47:29 lda(user1): Debug: Effective uid=524, gid=524, home=/home/user1 Nov 04 08:47:29 lda(user1): Debug: Namespace : type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 04 08:47:29 lda(user1): Debug: maildir++: root=/home/user1/Maildir, index=, control=, inbox=/home/user1/Maildir The output of dovecot -n is: # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.29.2.el6.x86_64 x86_64 CentOS release 6.5 (Final) auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login disable_plaintext_auth = no login_trusted_networks = 71.xx.xx.xx 71.xx.xx.xy 71.xx.xx.xz 71.xx.xx.yx mail_debug = yes mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl namespace { inbox = yes location = prefix = INBOX. separator = . } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = home/sieve sieve_max_script_size = 1M } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = References: <54594F53.5060603@bnl.gov> Message-ID: <5459F783.70504@myzel.net> Am 2014-11-04 um 23:12 schrieb James Pryor: > Is there a way to take mail sitting on disk in a mailbox and deliver it > as if it was new mail to some other machine? There is a one liner command in this fairly detailed HOWTO on refiltering mail: https://mebsd.com/configure-freebsd-servers/dovecot-pigeonhole-sieve-filter-refilter-delivered-email.html You just have to create the sieve that redirects anything. -- peter From skdovecot at smail.inf.fh-brs.de Wed Nov 5 10:26:03 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 5 Nov 2014 11:26:03 +0100 (CET) Subject: Dovecot-lda permission errors or maybe authentication errors? In-Reply-To: <00a501cff84e$ef160910$cd421b30$@net> References: <00a501cff84e$ef160910$cd421b30$@net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 4 Nov 2014, Robert Kryger wrote: > I have tried to specify the dovecot-lda in two ways. First, in the > /etc/postfix/main.cf file: > > mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a > "$RECIPIENT" > > or alternatively, I leave the mailbox_command blank and specify the > following in the .forward file of a test user: > > | "/usr/libexec/dovecot/dovecot-lda" > > Either approach gives me the same error(s). When a mail message is sent to > the test user USER1, the following errors appear in the dovecot-lda error > file: > > Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: Permission > denied (euid=524(user1) egid=524(user1) stat() failed: No such file or > directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Error: > chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): > Error: user user1: Initialization failed: Namespace 'INBOX.': > stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) > egid=524(user1) stat() failed: No such file or directory, euid is not dir > owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer to > server log for more information. > > Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: Permission > denied (euid=524(user1) egid=524(user1) stat() failed: No such file or > directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Error: > chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): > Error: user user1: Initialization failed: Namespace 'INBOX.': > stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) > egid=524(user1) stat() failed: No such file or directory, euid is not dir > owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer to > server log for more information. > > At first, I interpreted this to mean the file permissions were not set > correctly on the home directory or the Maildir folder. However, I have > opened these up to full rwx access for everyone and I still get the same > errors. Alternatively, perhaps this is related somehow to the dovecot-lda > authentication process via the password or user databases, but I can't make > any sense of the documentation. What's the output of: ls -nal /home/user1 - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVFn7O3z1H7kL/d9rAQLIkQf+NsVmLoWS4smKMBXs5auUQHEc7HNMucxa rT9quBZ/0Xn2Gn4UQRTp/X3XO4UoHYHDigcYLRG0+v7qENfOIShbb4a747LX/BTE JA+N4OfOWfSJGk+bz2qsxjXwMf0IGFqac1eZME41Qk6yn1CeWv4DTdY/tXmB+Cj+ qk/pUXcHCK/2ay6cYo9pXW3b3/VxPsLq3Q+vD9zJyFUZ5JMwAmk1zdEEPDVZGZ83 rmALm066qtuBePdsxrCuTEw2WyM/Zcgk6M4C40lWCWA/79PFv9FuFxAPIfjOpZaO jMvzYCzCE4IdWm8dJJQ9+oe0/aO6muu5gvVgoZygsst99PUswjqFcg== =YsBN -----END PGP SIGNATURE----- From hmoreno at gmv.com Wed Nov 5 11:35:22 2014 From: hmoreno at gmv.com (=?iso-8859-1?Q?H=E9ctor_Moreno_Blanco?=) Date: Wed, 5 Nov 2014 11:35:22 +0000 Subject: calling post-login script with doveadm Message-ID: Hello everyone, I'm trying to execute some commands with doveadm but I need some information loaded in a post-login script before running these commands. Is possible to run the post-login script while executing doveadm? I've found how to do something similar with -o key=value to override settings, but I want to change a namespace location, as done in the post-login script: ... export USERDB_KEYS="$USERDB_KEYS namespace/archivo/location" exec env "NAMESPACE/ARCHIVO/LOCATION=$location" "$@" ... Thank you very much in advanced. Kind regards. H?ctor Moreno P Please consider the environment before printing this e-mail. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ From hmoreno at gmv.com Wed Nov 5 12:18:29 2014 From: hmoreno at gmv.com (=?iso-8859-1?Q?H=E9ctor_Moreno_Blanco?=) Date: Wed, 5 Nov 2014 12:18:29 +0000 Subject: calling post-login script with doveadm In-Reply-To: References: Message-ID: Nevermind, I found the solution :) -o namespace/NAMESPACE_NAME/location=/new/namespace/mail/location Thank you anyway. Kind regards. H?ctor Moreno. -----Mensaje original----- De: dovecot [mailto:dovecot-bounces at dovecot.org] En nombre de H?ctor Moreno Blanco Enviado el: mi?rcoles, 05 de noviembre de 2014 12:35 Para: dovecot at dovecot.org Asunto: calling post-login script with doveadm Hello everyone, I'm trying to execute some commands with doveadm but I need some information loaded in a post-login script before running these commands. Is possible to run the post-login script while executing doveadm? I've found how to do something similar with -o key=value to override settings, but I want to change a namespace location, as done in the post-login script: ... export USERDB_KEYS="$USERDB_KEYS namespace/archivo/location" exec env "NAMESPACE/ARCHIVO/LOCATION=$location" "$@" ... Thank you very much in advanced. Kind regards. H?ctor Moreno P Please consider the environment before printing this e-mail. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ P Please consider the environment before printing this e-mail. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ From rkryger at gate.net Wed Nov 5 13:37:53 2014 From: rkryger at gate.net (Robert Kryger) Date: Wed, 5 Nov 2014 08:37:53 -0500 Subject: Dovecot-lda permission errors or maybe authentication errors? In-Reply-To: References: <00a501cff84e$ef160910$cd421b30$@net> Message-ID: <000e01cff8fd$b3a05fc0$1ae11f40$@net> Output of ls -nal /home/user1: total 156 drwx------. 6 524 524 4096 Nov 5 08:27 . drwxr-xr-x. 34 0 0 4096 Oct 4 14:06 .. -rw-------. 1 524 524 1148 Oct 15 13:44 .bash_history -rw-r--r--. 1 524 524 18 Sep 25 22:13 .bash_logout -rw-r--r--. 1 524 524 176 Sep 25 22:13 .bash_profile -rw-r--r--. 1 524 524 124 Sep 25 22:13 .bashrc -rw-r--r--. 1 0 0 1362 Nov 4 08:45 config.txt -rw-r--r--. 1 524 524 75 Oct 6 11:39 .forward_old -rw-r--r--. 1 0 0 37 Oct 26 19:09 .forward_test_lda -rw-------. 1 524 524 55 Oct 12 20:12 .lesshst -rw-r--r--. 1 0 0 1062 Nov 4 08:50 log1.log -rw-r--r--. 1 0 0 1246 Nov 4 08:49 log2.log drwxrw----. 35 524 524 4096 Nov 5 08:24 Maildir drwxr-----. 35 0 0 4096 Oct 29 09:03 Maildirsave drwxr-xr-x. 4 524 524 4096 May 6 2014 .mozilla -rw-r--r--. 1 524 524 92 Oct 12 20:20 .procmailrc -rw-r--r--. 1 524 524 1213 Oct 5 19:56 .procmailrc_old -rw-r--r--. 1 524 524 92 Oct 6 10:27 .procmailrc_old2 -rw-r--r--. 1 0 0 0 Nov 5 08:27 question1.txt drwx------. 2 524 524 4096 Oct 14 16:02 .ssh -rw-rw-r--. 1 524 524 152 Oct 6 10:25 testmessage.txt -rwxr-xr-x. 1 524 524 87 Oct 6 13:59 testscript -rw-rw-r--. 1 524 524 60810 Oct 27 16:57 top.log -rw-r--r--. 1 0 0 6 Nov 4 08:45 version.txt -rw-------. 1 524 524 3973 Oct 27 16:58 .viminfo -----Original Message----- From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] Sent: Wednesday, November 05, 2014 5:26 AM To: Robert Kryger Cc: dovecot at dovecot.org Subject: Re: Dovecot-lda permission errors or maybe authentication errors? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 4 Nov 2014, Robert Kryger wrote: > I have tried to specify the dovecot-lda in two ways. First, in the > /etc/postfix/main.cf file: > > mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a > "$RECIPIENT" > > or alternatively, I leave the mailbox_command blank and specify the > following in the .forward file of a test user: > > | "/usr/libexec/dovecot/dovecot-lda" > > Either approach gives me the same error(s). When a mail message is > sent to the test user USER1, the following errors appear in the > dovecot-lda error > file: > > Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: > Permission denied (euid=524(user1) egid=524(user1) stat() failed: No > such file or directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Error: > chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): > Error: user user1: Initialization failed: Namespace 'INBOX.': > stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) > egid=524(user1) stat() failed: No such file or directory, euid is not > dir > owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer > to server log for more information. > > Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: > Permission denied (euid=524(user1) egid=524(user1) stat() failed: No > such file or directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Error: > chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): > Error: user user1: Initialization failed: Namespace 'INBOX.': > stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) > egid=524(user1) stat() failed: No such file or directory, euid is not > dir > owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer > to server log for more information. > > At first, I interpreted this to mean the file permissions were not set > correctly on the home directory or the Maildir folder. However, I > have opened these up to full rwx access for everyone and I still get > the same errors. Alternatively, perhaps this is related somehow to > the dovecot-lda authentication process via the password or user > databases, but I can't make any sense of the documentation. What's the output of: ls -nal /home/user1 - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVFn7O3z1H7kL/d9rAQLIkQf+NsVmLoWS4smKMBXs5auUQHEc7HNMucxa rT9quBZ/0Xn2Gn4UQRTp/X3XO4UoHYHDigcYLRG0+v7qENfOIShbb4a747LX/BTE JA+N4OfOWfSJGk+bz2qsxjXwMf0IGFqac1eZME41Qk6yn1CeWv4DTdY/tXmB+Cj+ qk/pUXcHCK/2ay6cYo9pXW3b3/VxPsLq3Q+vD9zJyFUZ5JMwAmk1zdEEPDVZGZ83 rmALm066qtuBePdsxrCuTEw2WyM/Zcgk6M4C40lWCWA/79PFv9FuFxAPIfjOpZaO jMvzYCzCE4IdWm8dJJQ9+oe0/aO6muu5gvVgoZygsst99PUswjqFcg== =YsBN -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Nov 5 14:24:00 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 5 Nov 2014 15:24:00 +0100 (CET) Subject: Dovecot-lda permission errors or maybe authentication errors? In-Reply-To: <000e01cff8fd$b3a05fc0$1ae11f40$@net> References: <00a501cff84e$ef160910$cd421b30$@net> <000e01cff8fd$b3a05fc0$1ae11f40$@net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 5 Nov 2014, Robert Kryger wrote: > Output of ls -nal /home/user1: > >> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >> such file or directory, euid is not dir owner) > total 156 > drwx------. 6 524 524 4096 Nov 5 08:27 . This list doesn't seem to fit the error message, because user 524 is owning this dir and has full access permissions. Maybe, are you running some protection software, like SELinux, AppArmor, ..., which prevents access to this directory? Just to raise the obvious: "/" and "/home" do allow "x"-permission for user #524, don't they? > drwxr-xr-x. 34 0 0 4096 Oct 4 14:06 .. > -rw-------. 1 524 524 1148 Oct 15 13:44 .bash_history > -rw-r--r--. 1 524 524 18 Sep 25 22:13 .bash_logout > -rw-r--r--. 1 524 524 176 Sep 25 22:13 .bash_profile > -rw-r--r--. 1 524 524 124 Sep 25 22:13 .bashrc > -rw-r--r--. 1 0 0 1362 Nov 4 08:45 config.txt > -rw-r--r--. 1 524 524 75 Oct 6 11:39 .forward_old > -rw-r--r--. 1 0 0 37 Oct 26 19:09 .forward_test_lda > -rw-------. 1 524 524 55 Oct 12 20:12 .lesshst > -rw-r--r--. 1 0 0 1062 Nov 4 08:50 log1.log > -rw-r--r--. 1 0 0 1246 Nov 4 08:49 log2.log > drwxrw----. 35 524 524 4096 Nov 5 08:24 Maildir > drwxr-----. 35 0 0 4096 Oct 29 09:03 Maildirsave > drwxr-xr-x. 4 524 524 4096 May 6 2014 .mozilla > -rw-r--r--. 1 524 524 92 Oct 12 20:20 .procmailrc > -rw-r--r--. 1 524 524 1213 Oct 5 19:56 .procmailrc_old > -rw-r--r--. 1 524 524 92 Oct 6 10:27 .procmailrc_old2 > -rw-r--r--. 1 0 0 0 Nov 5 08:27 question1.txt > drwx------. 2 524 524 4096 Oct 14 16:02 .ssh > -rw-rw-r--. 1 524 524 152 Oct 6 10:25 testmessage.txt > -rwxr-xr-x. 1 524 524 87 Oct 6 13:59 testscript > -rw-rw-r--. 1 524 524 60810 Oct 27 16:57 top.log > -rw-r--r--. 1 0 0 6 Nov 4 08:45 version.txt > -rw-------. 1 524 524 3973 Oct 27 16:58 .viminfo > > -----Original Message----- > From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] > Sent: Wednesday, November 05, 2014 5:26 AM > To: Robert Kryger > Cc: dovecot at dovecot.org > Subject: Re: Dovecot-lda permission errors or maybe authentication errors? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 4 Nov 2014, Robert Kryger wrote: > >> I have tried to specify the dovecot-lda in two ways. First, in the >> /etc/postfix/main.cf file: >> >> mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a >> "$RECIPIENT" >> >> or alternatively, I leave the mailbox_command blank and specify the >> following in the .forward file of a test user: >> >> | "/usr/libexec/dovecot/dovecot-lda" >> >> Either approach gives me the same error(s). When a mail message is >> sent to the test user USER1, the following errors appear in the >> dovecot-lda error >> file: >> >> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >> such file or directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): > Error: >> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): >> Error: user user1: Initialization failed: Namespace 'INBOX.': >> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) >> egid=524(user1) stat() failed: No such file or directory, euid is not >> dir >> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer >> to server log for more information. >> >> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >> such file or directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): > Error: >> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): >> Error: user user1: Initialization failed: Namespace 'INBOX.': >> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) >> egid=524(user1) stat() failed: No such file or directory, euid is not >> dir >> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer >> to server log for more information. >> >> At first, I interpreted this to mean the file permissions were not set >> correctly on the home directory or the Maildir folder. However, I >> have opened these up to full rwx access for everyone and I still get >> the same errors. Alternatively, perhaps this is related somehow to >> the dovecot-lda authentication process via the password or user >> databases, but I can't make any sense of the documentation. > > What's the output of: > > ls -nal /home/user1 > > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVFn7O3z1H7kL/d9rAQLIkQf+NsVmLoWS4smKMBXs5auUQHEc7HNMucxa > rT9quBZ/0Xn2Gn4UQRTp/X3XO4UoHYHDigcYLRG0+v7qENfOIShbb4a747LX/BTE > JA+N4OfOWfSJGk+bz2qsxjXwMf0IGFqac1eZME41Qk6yn1CeWv4DTdY/tXmB+Cj+ > qk/pUXcHCK/2ay6cYo9pXW3b3/VxPsLq3Q+vD9zJyFUZ5JMwAmk1zdEEPDVZGZ83 > rmALm066qtuBePdsxrCuTEw2WyM/Zcgk6M4C40lWCWA/79PFv9FuFxAPIfjOpZaO > jMvzYCzCE4IdWm8dJJQ9+oe0/aO6muu5gvVgoZygsst99PUswjqFcg== > =YsBN > -----END PGP SIGNATURE----- > ---------------Output of GPG------------------ > Decryption of block failed > gpg: Signature made Wed 05 Nov 2014 11:26:03 AM CET using RSA key ID 0BFDDF6B > gpg: BAD signature from "Steffen Kaiser " > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVFozAHz1H7kL/d9rAQLcYggAnP86Mvdnn4sKI4/t1j22/jAetIGuA6hW r+BFoLtugkp/829TtNnh2FvqF6uWBo38qcni4Qa7FLKGvNOnyaW11YbzVxcvH+lS +58Ln5SJbAWOhbVTdLusvJZNqJIFUTQPJdx924ohDWndqcUPWdeDUDilegPm9kFS z6XPTE3gsrqeggGRkD0FyYcDcvO8JuDieLmZnINvJ6bAiOCJ6dgJdNt64DLSbKtk EMsj5Ix49m219NhkzNTrMXmlT6s/dZqO+/8B1MZ9S/w0KDGwZzYmV86hFlL3ImRp G5cilKZbsNuGkL0PBHFbUqPrZeAnI93hMI2SszH5cV2dbQkYUqMIew== =ggMr -----END PGP SIGNATURE----- From cs+dovecot at ctzen.com Wed Nov 5 14:38:39 2014 From: cs+dovecot at ctzen.com (cs+dovecot at ctzen.com) Date: Wed, 05 Nov 2014 09:38:39 -0500 Subject: doveadm index message-decoder assertion failed In-Reply-To: <20141105091438.Horde.ElRmZIPaZA-646PWLZG2oA1@mail.tac.tsukuba.ac.jp> References: <20141105091438.Horde.ElRmZIPaZA-646PWLZG2oA1@mail.tac.tsukuba.ac.jp> Message-ID: <545A366F.8080803@ctzen.com> Hiromi-san, Domo arigato gozaimasu. Indexing right now and have not hit the error. -cs On 11/4/2014 7:14 PM, Hiromi Kimura wrote: > cs+dovecot at ctzen.com wrote? > >> Hi, >> >> I've setup FTS using lucene and it should be working, the lucene >> index is updated when mail arrives. >> >> I also managed to reindex my INBOX: doveadm index -u foo -q INBOX >> >> However, when I try to index an Archives folder: doveadm index -u foo >> -q Archives, the index-work crashed with this log message: >> >> dovecot: indexer-worker(foo): Panic: file message-decoder.c: line 363 >> (message_decode_body): assertion failed: (ctx->translation_size <= >> sizeof(ctx->translation_buf)) >> dovecot: indexer: Error: Indexer worker disconnected, discarding 1 >> requests for foo >> dovecot: indexer-worker(foo): Fatal: master: service(indexer-worker): >> child 28730 killed with signal 6 (core dumps disabled) >> >> The Archives folder has 22317 messages. >> >> Please help. >> >> >> dovecot --version >> 2.2.15 >> >> >> dovecot -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: FreeBSD 10.0-STABLE i386 > > Last week, I faced same error on FreeBSD10.0 with solr index setup. > This is a FreeBSD10 specific problem due to iconv library (in libc). > So, solution is install the converters/libiconv package and > recompile dovecot package. > Edit mail/dovecot2/Makefile, > from > USES= cpe iconv libtool > to > USES= cpe iconv:translit libtool > > Hope this helps you. > > -=-=-=-=- > Hiromi KIMURA http://www.tac.tsukuba.ac.jp/~hiromi/ From absolutely_free at libero.it Wed Nov 5 15:07:39 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Wed, 5 Nov 2014 16:07:39 +0100 (CET) Subject: Performance issue Message-ID: <14423535.2159391415200059037.JavaMail.httpd@webmail-15.iol.local> Hi, Since few days I noticed very high load on my mailserver (Centos 6.6 64bit, 8 GB RAM, 2 x CPU 3.00GHz I am using Dovecot + Postfix + Roundcube + Nginx. I have about 10000 users. Spool is on network attached storage (Coraid). File system is ext4 (mounted with noatime). Problem appears almost every morning (while load is normal during afternoon). I suspect that this can be related to some user that have so many messages in his mailbox. How can I troubleshoot this? Here some messages that I got in maillog: Warning: Maildir: Scanning /var/spool/pop/domains/xxxx.it/YYYYYYYYY/Maildir/new took 71 seconds (1 readdir()s, 1 rename()s to cur/) Warning: Maildir /var/spool/pop/domains/zzzz/WWWWWWWWWWWW/Maildir/.Trash: Synchronization took 74 seconds (5 new msgs, 0 flag change attempts, 0 expunge attempts) dovecot: imap(xxxx at zzzz.it): Warning: Inotify instance limit for user 89 (UID postfix) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances tail: inotify cannot be used, reverting to polling: Too many open files My relevant dovecot conf: mail_location = maildir:/coraid-s2l2/domains namespace { type = private separator = . prefix = INBOX. inbox = yes } mail_uid = 89 mail_gid = 89 mail_fsync = never first_valid_uid = 89 first_valid_gid = 89 maildir_very_dirty_syncs = yes mbox_write_locks = fcntl thank you very much! From dovecot at omnilan.de Wed Nov 5 15:22:12 2014 From: dovecot at omnilan.de (Harry Schmalzbauer) Date: Wed, 05 Nov 2014 16:22:12 +0100 Subject: gssapi considered as PLAIN? Message-ID: <545A40A4.2010903@omnilan.de> Hello, as soon as I set "disable_plaintext_auth = yes", AUTH=GSSAPI vanishes from capabilities. ([CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN] vs [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED]) Why? I'm wondering especially because at http://wiki2.dovecot.org/Authentication/Mechanisms, GSSAPI is correctly listed under ?Non-plaintext authentication?. Thanks, -Harry From rkryger at gate.net Wed Nov 5 15:42:23 2014 From: rkryger at gate.net (Robert Kryger) Date: Wed, 5 Nov 2014 10:42:23 -0500 Subject: Dovecot-lda permission errors or maybe authentication errors? In-Reply-To: References: <00a501cff84e$ef160910$cd421b30$@net> <000e01cff8fd$b3a05fc0$1ae11f40$@net> Message-ID: <006701cff90f$17c92e80$475b8b80$@net> Steffen, I agree the error message is confusing. As mentioned, I initially thought the Maildir folder permissions were set wrong (since I transferred them over from an older mail server) so I have tried many combinations including setting full "rwx" permissions for everyone on the /home/user1 and /home/user1/Maildir folders. It doesn't seem to help which leads me to suspect I might be mis-understanding the dovecot-lda error messages. To confirm as currently set: User1 has full "rwx" permissions on the /home/user1 folder. I am running a "plain" CentOS 6.5 installation. No intentional protection software like Apparmor, no SElinux features. If you google the dovecot errors I am seeing you get quite a few hits on people trying to send mail to the root user without aliasing the root to another user. But I can't find any hits for a similar problem with non-root user. Robert -----Original Message----- From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] Sent: Wednesday, November 05, 2014 9:24 AM To: Robert Kryger Cc: dovecot at dovecot.org Subject: RE: Dovecot-lda permission errors or maybe authentication errors? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 5 Nov 2014, Robert Kryger wrote: > Output of ls -nal /home/user1: > >> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >> such file or directory, euid is not dir owner) > total 156 > drwx------. 6 524 524 4096 Nov 5 08:27 . This list doesn't seem to fit the error message, because user 524 is owning this dir and has full access permissions. Maybe, are you running some protection software, like SELinux, AppArmor, ..., which prevents access to this directory? Just to raise the obvious: "/" and "/home" do allow "x"-permission for user #524, don't they? > drwxr-xr-x. 34 0 0 4096 Oct 4 14:06 .. > -rw-------. 1 524 524 1148 Oct 15 13:44 .bash_history > -rw-r--r--. 1 524 524 18 Sep 25 22:13 .bash_logout > -rw-r--r--. 1 524 524 176 Sep 25 22:13 .bash_profile > -rw-r--r--. 1 524 524 124 Sep 25 22:13 .bashrc > -rw-r--r--. 1 0 0 1362 Nov 4 08:45 config.txt > -rw-r--r--. 1 524 524 75 Oct 6 11:39 .forward_old > -rw-r--r--. 1 0 0 37 Oct 26 19:09 .forward_test_lda > -rw-------. 1 524 524 55 Oct 12 20:12 .lesshst > -rw-r--r--. 1 0 0 1062 Nov 4 08:50 log1.log > -rw-r--r--. 1 0 0 1246 Nov 4 08:49 log2.log > drwxrw----. 35 524 524 4096 Nov 5 08:24 Maildir > drwxr-----. 35 0 0 4096 Oct 29 09:03 Maildirsave > drwxr-xr-x. 4 524 524 4096 May 6 2014 .mozilla > -rw-r--r--. 1 524 524 92 Oct 12 20:20 .procmailrc > -rw-r--r--. 1 524 524 1213 Oct 5 19:56 .procmailrc_old > -rw-r--r--. 1 524 524 92 Oct 6 10:27 .procmailrc_old2 > -rw-r--r--. 1 0 0 0 Nov 5 08:27 question1.txt > drwx------. 2 524 524 4096 Oct 14 16:02 .ssh > -rw-rw-r--. 1 524 524 152 Oct 6 10:25 testmessage.txt > -rwxr-xr-x. 1 524 524 87 Oct 6 13:59 testscript > -rw-rw-r--. 1 524 524 60810 Oct 27 16:57 top.log > -rw-r--r--. 1 0 0 6 Nov 4 08:45 version.txt > -rw-------. 1 524 524 3973 Oct 27 16:58 .viminfo > > -----Original Message----- > From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] > Sent: Wednesday, November 05, 2014 5:26 AM > To: Robert Kryger > Cc: dovecot at dovecot.org > Subject: Re: Dovecot-lda permission errors or maybe authentication errors? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 4 Nov 2014, Robert Kryger wrote: > >> I have tried to specify the dovecot-lda in two ways. First, in the >> /etc/postfix/main.cf file: >> >> mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a >> "$RECIPIENT" >> >> or alternatively, I leave the mailbox_command blank and specify the >> following in the .forward file of a test user: >> >> | "/usr/libexec/dovecot/dovecot-lda" >> >> Either approach gives me the same error(s). When a mail message is >> sent to the test user USER1, the following errors appear in the >> dovecot-lda error >> file: >> >> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >> such file or directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): > Error: >> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): >> Error: user user1: Initialization failed: Namespace 'INBOX.': >> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) >> egid=524(user1) stat() failed: No such file or directory, euid is not >> dir >> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. >> Refer to server log for more information. >> >> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >> such file or directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): > Error: >> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): >> Error: user user1: Initialization failed: Namespace 'INBOX.': >> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) >> egid=524(user1) stat() failed: No such file or directory, euid is not >> dir >> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. >> Refer to server log for more information. >> >> At first, I interpreted this to mean the file permissions were not >> set correctly on the home directory or the Maildir folder. However, >> I have opened these up to full rwx access for everyone and I still >> get the same errors. Alternatively, perhaps this is related somehow >> to the dovecot-lda authentication process via the password or user >> databases, but I can't make any sense of the documentation. > > What's the output of: > > ls -nal /home/user1 > > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVFn7O3z1H7kL/d9rAQLIkQf+NsVmLoWS4smKMBXs5auUQHEc7HNMucxa > rT9quBZ/0Xn2Gn4UQRTp/X3XO4UoHYHDigcYLRG0+v7qENfOIShbb4a747LX/BTE > JA+N4OfOWfSJGk+bz2qsxjXwMf0IGFqac1eZME41Qk6yn1CeWv4DTdY/tXmB+Cj+ > qk/pUXcHCK/2ay6cYo9pXW3b3/VxPsLq3Q+vD9zJyFUZ5JMwAmk1zdEEPDVZGZ83 > rmALm066qtuBePdsxrCuTEw2WyM/Zcgk6M4C40lWCWA/79PFv9FuFxAPIfjOpZaO > jMvzYCzCE4IdWm8dJJQ9+oe0/aO6muu5gvVgoZygsst99PUswjqFcg== > =YsBN > -----END PGP SIGNATURE----- > ---------------Output of GPG------------------ Decryption of block > failed > gpg: Signature made Wed 05 Nov 2014 11:26:03 AM CET using RSA key ID > 0BFDDF6B > gpg: BAD signature from "Steffen Kaiser " > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVFozAHz1H7kL/d9rAQLcYggAnP86Mvdnn4sKI4/t1j22/jAetIGuA6hW r+BFoLtugkp/829TtNnh2FvqF6uWBo38qcni4Qa7FLKGvNOnyaW11YbzVxcvH+lS +58Ln5SJbAWOhbVTdLusvJZNqJIFUTQPJdx924ohDWndqcUPWdeDUDilegPm9kFS z6XPTE3gsrqeggGRkD0FyYcDcvO8JuDieLmZnINvJ6bAiOCJ6dgJdNt64DLSbKtk EMsj5Ix49m219NhkzNTrMXmlT6s/dZqO+/8B1MZ9S/w0KDGwZzYmV86hFlL3ImRp G5cilKZbsNuGkL0PBHFbUqPrZeAnI93hMI2SszH5cV2dbQkYUqMIew== =ggMr -----END PGP SIGNATURE----- From Kind at adm.uib.no Wed Nov 5 15:48:13 2014 From: Kind at adm.uib.no (Hans Morten Kind) Date: Wed, 5 Nov 2014 16:48:13 +0100 Subject: gssapi considered as PLAIN? In-Reply-To: <545A40A4.2010903@omnilan.de> References: <545A40A4.2010903@omnilan.de> Message-ID: <20141105154813.GC5664@alf.uib.no> On Wed, Nov 05, 2014 at 04:22:12PM +0100, Harry Schmalzbauer wrote: > as soon as I set "disable_plaintext_auth = yes", AUTH=GSSAPI vanishes > from capabilities. Try setting login_trusted_networks to something you trust. hmk From dovecot at omnilan.de Wed Nov 5 15:50:58 2014 From: dovecot at omnilan.de (Harry Schmalzbauer) Date: Wed, 05 Nov 2014 16:50:58 +0100 Subject: ntlm_auth seems ok, initial auth failure with dovecot2 (and winbind 4.1.13) Message-ID: <545A4762.4080507@omnilan.de> Hello, I've read quite often that there are problems with ntlm_auth helper (last one here http://www.dovecot.org/list/dovecot/2014-June/096561.html). But haven't found any confirmation, neither it's working for anybody else nor that it's known taht this issue needs debuging. Like for ohers, my authentication tests from the commandline with ntlm_auth exactly give expected results. But initial authentication (with Outlook) fail at first, but after entering the user's password, nevertheless succeeds with mech=NTLM. See the attached ntlm-log.txt Can't exactly tell when this regression occured, one year ago nobody had to enter his password, it worked like intended with Outlook (which still is version 2010). Any idea how to debug? It could be also a regression in samba, both highly appreciated applications were upgraded at the same time? Thanks, -Harry -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ntlm-log.txt URL: From dovecot at omnilan.de Wed Nov 5 15:52:46 2014 From: dovecot at omnilan.de (Harry Schmalzbauer) Date: Wed, 05 Nov 2014 16:52:46 +0100 Subject: gssapi considered as PLAIN? In-Reply-To: <20141105154813.GC5664@alf.uib.no> References: <545A40A4.2010903@omnilan.de> <20141105154813.GC5664@alf.uib.no> Message-ID: <545A47CE.4060206@omnilan.de> Bez?glich Hans Morten Kind's Nachricht vom 05.11.2014 16:48 (localtime): > On Wed, Nov 05, 2014 at 04:22:12PM +0100, Harry Schmalzbauer wrote: >> as soon as I set "disable_plaintext_auth = yes", AUTH=GSSAPI vanishes >> from capabilities. > Try setting login_trusted_networks to something you trust. Thanks for the hint, but I don't want to offer PLAIN to my whole LAN. while I do want to offer GSSAPI to my whole LAN. Unfortunately that's not a workarround for me. Thanks, -Harry From jbehrend at mpifr-bonn.mpg.de Wed Nov 5 16:01:16 2014 From: jbehrend at mpifr-bonn.mpg.de (Jan Behrend) Date: Wed, 05 Nov 2014 17:01:16 +0100 Subject: gssapi considered as PLAIN? In-Reply-To: <545A47CE.4060206@omnilan.de> References: <545A40A4.2010903@omnilan.de> <20141105154813.GC5664@alf.uib.no> <545A47CE.4060206@omnilan.de> Message-ID: <1415203276.21488.20.camel@jb1.mpifr-bonn.mpg.de> On Wed, 2014-11-05 at 16:52 +0100, Harry Schmalzbauer wrote: > Bez?glich Hans Morten Kind's Nachricht vom 05.11.2014 16:48 (localtime): > > On Wed, Nov 05, 2014 at 04:22:12PM +0100, Harry Schmalzbauer wrote: > >> as soon as I set "disable_plaintext_auth = yes", AUTH=GSSAPI vanishes > >> from capabilities. > > Try setting login_trusted_networks to something you trust. > root at mailbox1:/etc/dovecot/conf.d# doveconf auth_mechanisms auth_mechanisms = plain login gssapi root at mailbox1:/etc/dovecot/conf.d# doveconf disable_plaintext_auth disable_plaintext_auth = yes root at mailbox1:/etc/dovecot/conf.d# doveconf login_trusted_networks login_trusted_networks = a CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI Must be something else ... Check my attached config for differences. Cheer Jan -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum ---------------------------------------- Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 jbehrend at mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de -------------- next part -------------- # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7 xfs auth_gssapi_hostname = imap.mpifr-bonn.mpg.de auth_krb5_keytab = /etc/krb5-ha.keytab auth_mechanisms = plain login gssapi auth_verbose = yes default_process_limit = 1024 default_vsz_limit = 512 M dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } doveadm_password = xxx doveadm_port = 50222 listen = 134.104.18.77 lmtp_save_to_detail_mailbox = yes mail_location = mdbox:/var/mail/%Ln/maildrop mail_plugins = acl zlib notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mdbox_rotate_size = 10 M namespace mpifr_private { inbox = yes location = prefix = separator = . } namespace mpifr_shared { inbox = no list = children location = mdbox:/var/mail/%%n/maildrop prefix = shared.%%n. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } plugin { acl = vfile acl_defaults_from_inbox = yes acl_shared_dict = proxy::acl mail_replica = tcp:192.168.42.173:50222 sieve = ~/.dovecot.sieve sieve_after = /var/mail/global-after.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_global_dir = /var/mail zlib_save = gz zlib_save_level = 6 } protocols = " imap lmtp sieve pop3" replication_dsync_parameters = -d -l 30 -U -n mpifr_private -n mpifr_shared replication_max_conns = 6 service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service anvil { client_limit = 8192 } service auth { client_limit = 8192 unix_listener auth-userdb { group = vmail user = vmail } } service dict { unix_listener dict { group = vmail user = vmail } } service doveadm { inet_listener { address = 192.168.42.105 port = 50222 } } service imap-login { process_min_avail = 5 service_count = 1 } service imap { vsz_limit = 512 M } service indexer-worker { client_limit = 1 process_limit = 10 user = root } service lmtp { inet_listener lmtp { address = 134.104.18.105 port = 24 } } service managesieve-login { inet_listener sieve { address = 134.104.18.77 port = 4190 } service_count = 1 } service pop3-login { process_min_avail = 5 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = required ssl_cert = From dovecot at omnilan.de Wed Nov 5 16:04:07 2014 From: dovecot at omnilan.de (Harry Schmalzbauer) Date: Wed, 05 Nov 2014 17:04:07 +0100 Subject: gssapi considered as PLAIN? In-Reply-To: <1415203276.21488.20.camel@jb1.mpifr-bonn.mpg.de> References: <545A40A4.2010903@omnilan.de> <20141105154813.GC5664@alf.uib.no> <545A47CE.4060206@omnilan.de> <1415203276.21488.20.camel@jb1.mpifr-bonn.mpg.de> Message-ID: <545A4A77.8000506@omnilan.de> Bez?glich Jan Behrend's Nachricht vom 05.11.2014 17:01 (localtime): > On Wed, 2014-11-05 at 16:52 +0100, Harry Schmalzbauer wrote: >> Bez?glich Hans Morten Kind's Nachricht vom 05.11.2014 16:48 (localtime): >>> On Wed, Nov 05, 2014 at 04:22:12PM +0100, Harry Schmalzbauer wrote: >>>> as soon as I set "disable_plaintext_auth = yes", AUTH=GSSAPI vanishes >>>> from capabilities. >>> Try setting login_trusted_networks to something you trust. > root at mailbox1:/etc/dovecot/conf.d# doveconf auth_mechanisms > auth_mechanisms = plain login gssapi > root at mailbox1:/etc/dovecot/conf.d# doveconf disable_plaintext_auth > disable_plaintext_auth = yes > root at mailbox1:/etc/dovecot/conf.d# doveconf login_trusted_networks > login_trusted_networks = > > > a CAPABILITY > * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI You don't see LOGINDISABLED, so I guess rip==lip (you tested @localhost), right? Thanks, -Harry From jbehrend at mpifr-bonn.mpg.de Wed Nov 5 16:15:42 2014 From: jbehrend at mpifr-bonn.mpg.de (Jan Behrend) Date: Wed, 05 Nov 2014 17:15:42 +0100 Subject: gssapi considered as PLAIN? In-Reply-To: <545A4A77.8000506@omnilan.de> References: <545A40A4.2010903@omnilan.de> <20141105154813.GC5664@alf.uib.no> <545A47CE.4060206@omnilan.de> <1415203276.21488.20.camel@jb1.mpifr-bonn.mpg.de> <545A4A77.8000506@omnilan.de> Message-ID: <1415204142.21488.23.camel@jb1.mpifr-bonn.mpg.de> On Wed, 2014-11-05 at 17:04 +0100, Harry Schmalzbauer wrote: > Bez?glich Jan Behrend's Nachricht vom 05.11.2014 17:01 (localtime): > > On Wed, 2014-11-05 at 16:52 +0100, Harry Schmalzbauer wrote: > >> Bez?glich Hans Morten Kind's Nachricht vom 05.11.2014 16:48 (localtime): > >>> On Wed, Nov 05, 2014 at 04:22:12PM +0100, Harry Schmalzbauer wrote: > >>>> as soon as I set "disable_plaintext_auth = yes", AUTH=GSSAPI vanishes > >>>> from capabilities. > >>> Try setting login_trusted_networks to something you trust. > > root at mailbox1:/etc/dovecot/conf.d# doveconf auth_mechanisms > > auth_mechanisms = plain login gssapi > > root at mailbox1:/etc/dovecot/conf.d# doveconf disable_plaintext_auth > > disable_plaintext_auth = yes > > root at mailbox1:/etc/dovecot/conf.d# doveconf login_trusted_networks > > login_trusted_networks = > > > > > > a CAPABILITY > > * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > > AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI > > You don't see LOGINDISABLED, so I guess rip==lip (you tested > @localhost), right? No, but I didn't show all of it ;-). Here it is: jbehrend at jb1:~$ gnutls-cli --starttls --x509cafile /etc/ssl/certs/Max-Planck-Gesellschaft.pem -p 143 imap.mpifr-bonn.mpg.de Processed 1 CA certificate(s). Resolving 'imap.mpifr-bonn.mpg.de'... Connecting to '134.104.18.77:143'... - Simple Client Mode: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready. a starttls a OK Begin TLS negotiation now. *** Starting TLS handshake - Ephemeral Diffie-Hellman parameters - Using prime: 1024 bits - Secret key: 1023 bits - Peer's public key: 1023 bits - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=DE,ST=Nordrhein-Westfalen,L=Bonn,O=Max-Planck-Gesellschaft,OU=Max-Planck-Institut fuer Radioastronomie,CN=imap.mpifr-bonn.mpg.de', issuer `C=DE,O=Max-Planck-Gesellschaft,CN=MPG CA,EMAIL=mpg-ca at mpg.de', RSA key 4096 bits, signed using RSA-SHA1, activated `2014-05-06 11:17:21 UTC', expires `2019-05-05 11:17:21 UTC', SHA-1 fingerprint `c0b4fb497ac212f0e05de24f2c097a0b712435cc' - The hostname in the certificate matches 'imap.mpifr-bonn.mpg.de'. - Peer's certificate is trusted - Version: TLS1.2 - Key Exchange: DHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL a CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI a OK Pre-login capabilities listed, post-login capabilities have more. Cheers Jan -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum ---------------------------------------- Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 jbehrend at mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6071 bytes Desc: not available URL: From dovecot at omnilan.de Wed Nov 5 17:04:47 2014 From: dovecot at omnilan.de (Harry Schmalzbauer) Date: Wed, 05 Nov 2014 18:04:47 +0100 Subject: gssapi considered as PLAIN? In-Reply-To: <1415204142.21488.23.camel@jb1.mpifr-bonn.mpg.de> References: <545A40A4.2010903@omnilan.de> <20141105154813.GC5664@alf.uib.no> <545A47CE.4060206@omnilan.de> <1415203276.21488.20.camel@jb1.mpifr-bonn.mpg.de> <545A4A77.8000506@omnilan.de> <1415204142.21488.23.camel@jb1.mpifr-bonn.mpg.de> Message-ID: <545A58AF.9040604@omnilan.de> Bez?glich Jan Behrend's Nachricht vom 05.11.2014 17:15 (localtime): > On Wed, 2014-11-05 at 17:04 +0100, Harry Schmalzbauer wrote: >> Bez?glich Jan Behrend's Nachricht vom 05.11.2014 17:01 (localtime): >>> On Wed, 2014-11-05 at 16:52 +0100, Harry Schmalzbauer wrote: >>>> Bez?glich Hans Morten Kind's Nachricht vom 05.11.2014 16:48 (localtime): >>>>> On Wed, Nov 05, 2014 at 04:22:12PM +0100, Harry Schmalzbauer wrote: >>>>>> as soon as I set "disable_plaintext_auth = yes", AUTH=GSSAPI vanishes >>>>>> from capabilities. >>>>> Try setting login_trusted_networks to something you trust. >>> root at mailbox1:/etc/dovecot/conf.d# doveconf auth_mechanisms >>> auth_mechanisms = plain login gssapi >>> root at mailbox1:/etc/dovecot/conf.d# doveconf disable_plaintext_auth >>> disable_plaintext_auth = yes >>> root at mailbox1:/etc/dovecot/conf.d# doveconf login_trusted_networks >>> login_trusted_networks = >>> >>> >>> a CAPABILITY >>> * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE >>> AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI >> You don't see LOGINDISABLED, so I guess rip==lip (you tested >> @localhost), right? > No, but I didn't show all of it ;-). Here it is: > > jbehrend at jb1:~$ gnutls-cli --starttls > --x509cafile /etc/ssl/certs/Max-Planck-Gesellschaft.pem -p 143 > imap.mpifr-bonn.mpg.de > Processed 1 CA certificate(s). > Resolving 'imap.mpifr-bonn.mpg.de'... > Connecting to '134.104.18.77:143'... > > - Simple Client Mode: > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS LOGINDISABLED] Dovecot ready. > a starttls > a OK Begin TLS negotiation now. > *** Starting TLS handshake > - Ephemeral Diffie-Hellman parameters > - Using prime: 1024 bits > - Secret key: 1023 bits > - Peer's public key: 1023 bits > - Certificate type: X.509 > - Got a certificate list of 1 certificates. > - Certificate[0] info: > - subject > `C=DE,ST=Nordrhein-Westfalen,L=Bonn,O=Max-Planck-Gesellschaft,OU=Max-Planck-Institut fuer Radioastronomie,CN=imap.mpifr-bonn.mpg.de', issuer `C=DE,O=Max-Planck-Gesellschaft,CN=MPG CA,EMAIL=mpg-ca at mpg.de', RSA key 4096 bits, signed using RSA-SHA1, activated `2014-05-06 11:17:21 UTC', expires `2019-05-05 11:17:21 UTC', SHA-1 fingerprint `c0b4fb497ac212f0e05de24f2c097a0b712435cc' > - The hostname in the certificate matches 'imap.mpifr-bonn.mpg.de'. > - Peer's certificate is trusted > - Version: TLS1.2 > - Key Exchange: DHE-RSA > - Cipher: AES-128-CBC > - MAC: SHA1 > - Compression: NULL > a CAPABILITY > * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI > a OK Pre-login capabilities listed, post-login capabilities have more. Sorry, I might have been unclear. Of course, AUTH=GSSAPI is offered if connection passes STARTTLS, along WITH PLAIN (and LOGIN), but the intention of "disable_plaintext_auth" is to prevent PLAIN if _no_ encryption level was negotiated. So you see LOGINDISABLED before TLS session and also _no_ GSSAPI! At that point (no encryption negotiated) I want to be able to get my kerberos ticket validated :-) disable_plaintext_auth = yes works as expected for PLAIN (and LOGIN); it doesn't offer until encryption successfully took place. But I don't expect GSSAPI also beeing disabled (regardless if encryption is available or not). I have no idea why this could be the intended behaviour, and hope somebody can enlighten me :-) Thanks, -Harry From lists at xunil.at Wed Nov 5 17:50:07 2014 From: lists at xunil.at (Stefan G. Weichinger) Date: Wed, 05 Nov 2014 18:50:07 +0100 Subject: Best practise for deleting with Thunderbird Message-ID: <545A634F.2040106@xunil.at> As I mentioned in another thread I set up these 2 namespaces for a couple of users: namespace { inbox = yes location = prefix = separator = / type = private } namespace { location = maildir:/home/vmail/oeffentlich:INDEXPVT=/home/vmail/public/index/%d/%u/index prefix = Oeffentlich/ separator = / subscriptions = yes type = public } It is planned that they all will use Thunderbird (on MS Windows) to access their mailboxes. Now when I create a folder in the public space and try to delete it via thunderbird I get something like: "Renaming not supported across non-private namespaces" As far as I found out by browsing the web this is related to Thunderbird trying to move (=rename) the mail from the public to the private namespace, correct? Setting TB to immediately remove mails (tested that, this works) seems a bit scary to me: this removes a safety layer for the users because this would also apply to their personal maildirs. Is there any more elegant way of solving this? Do I have to set up some kind of ACLs? Some kind of "public paperbin folder" ?? Pls help me to understand this better ;-) Regards, Stefan From dovecot at omnilan.de Wed Nov 5 17:51:20 2014 From: dovecot at omnilan.de (Harry Schmalzbauer) Date: Wed, 05 Nov 2014 18:51:20 +0100 Subject: [solved] Re:gssapi considered as PLAIN? In-Reply-To: <545A58AF.9040604@omnilan.de> References: <545A40A4.2010903@omnilan.de> <20141105154813.GC5664@alf.uib.no> <545A47CE.4060206@omnilan.de> <1415203276.21488.20.camel@jb1.mpifr-bonn.mpg.de> <545A4A77.8000506@omnilan.de> <1415204142.21488.23.camel@jb1.mpifr-bonn.mpg.de> <545A58AF.9040604@omnilan.de> Message-ID: <545A6398.8040506@omnilan.de> Bez?glich Harry Schmalzbauer's Nachricht vom 05.11.2014 18:04 (localtime): ? > Sorry, I might have been unclear. > Of course, AUTH=GSSAPI is offered if connection passes STARTTLS, along > WITH PLAIN (and LOGIN), but the intention of "disable_plaintext_auth" is > to prevent PLAIN if _no_ encryption level was negotiated. > So you see LOGINDISABLED before TLS session and also _no_ GSSAPI! > At that point (no encryption negotiated) I want to be able to get my > kerberos ticket validated :-) > > disable_plaintext_auth = yes works as expected for PLAIN (and LOGIN); it > doesn't offer until encryption successfully took place. > But I don't expect GSSAPI also beeing disabled (regardless if encryption > is available or not). > I have no idea why this could be the intended behaviour, and hope > somebody can enlighten me :-) Sorry for the noise. For those with the same intention and the same problem: I had "ssl = required" set. That of course doesn't return any AUTH method unless encryptino was negotiated. Setting it to "ssl = yes" instead leads to expected results in all variants :-) Thanks, -Harry From ad+lists at uni-x.org Wed Nov 5 17:54:52 2014 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Wed, 05 Nov 2014 18:54:52 +0100 Subject: Dovecot-lda permission errors or maybe authentication errors? In-Reply-To: <006701cff90f$17c92e80$475b8b80$@net> References: <00a501cff84e$ef160910$cd421b30$@net> <000e01cff8fd$b3a05fc0$1ae11f40$@net> <006701cff90f$17c92e80$475b8b80$@net> Message-ID: <545A646C.70304@uni-x.org> Am 05.11.2014 um 16:42 schrieb Robert Kryger:> Steffen, [ ... ] > I am running a "plain" CentOS 6.5 installation. No intentional protection > software like Apparmor, no SElinux features. That's obviously not true as your directory listing demonstrates. Run "sestatus" and you'll see. Run "grep -i AVC /var/log/audit/audit.log" to identify SELinux caused denials. And btw. CentOS 6.6 plus current updates is the to be updated version you should run. [ ... ] > Robert Alexander From rkryger at gate.net Wed Nov 5 22:11:50 2014 From: rkryger at gate.net (Robert Kryger) Date: Wed, 5 Nov 2014 17:11:50 -0500 Subject: Dovecot-lda permission errors or maybe authentication errors? Message-ID: <013401cff945$8019d530$804d7f90$@net> Alexander, You are absolutely right - I apologize for my confusion regarding SElinux. In fact, when I turn off SElinux in /etc/selinux/config (setting SELINUX=disabled, instead of =enforcing) then dovecot-lda starts working. Thanks for the advice - I have been fighting with this for several weeks without making headway! Robert From pryor at bnl.gov Wed Nov 5 22:33:49 2014 From: pryor at bnl.gov (James Pryor) Date: Wed, 05 Nov 2014 17:33:49 -0500 Subject: Can I take mail from Maildir mailbox and deliver it as new? In-Reply-To: <5459F783.70504@myzel.net> References: <54594F53.5060603@bnl.gov> <5459F783.70504@myzel.net> Message-ID: <545AA5CD.305@bnl.gov> Thank you Dave, Peter, & Steffen for the replies. I will try the methods you mentioned and will post a follow up later. Thanks, James On 11/05/2014 05:10 AM, Peter Chiochetti wrote: > Am 2014-11-04 um 23:12 schrieb James Pryor: >> Is there a way to take mail sitting on disk in a mailbox and deliver it >> as if it was new mail to some other machine? > > There is a one liner command in this fairly detailed HOWTO on > refiltering mail: > > https://mebsd.com/configure-freebsd-servers/dovecot-pigeonhole-sieve-filter-refilter-delivered-email.html > > > You just have to create the sieve that redirects anything. > -- James Pryor - pryor at bnl.gov RHIC/USATLAS Computing Facility Brookhaven National Laboratory Physics Dept. - Bldg. 510M Upton, New York 11973 Tel. : +1 (631) 344 2288 Fax. : +1 (631) 344 7616 https://www.racf.bnl.gov From skdovecot at smail.inf.fh-brs.de Thu Nov 6 07:35:22 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 6 Nov 2014 08:35:22 +0100 (CET) Subject: Dovecot-lda permission errors or maybe authentication errors? In-Reply-To: <006701cff90f$17c92e80$475b8b80$@net> References: <00a501cff84e$ef160910$cd421b30$@net> <000e01cff8fd$b3a05fc0$1ae11f40$@net> <006701cff90f$17c92e80$475b8b80$@net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 5 Nov 2014, Robert Kryger wrote: > I agree the error message is confusing. As mentioned, I initially thought > the Maildir folder permissions were set wrong (since I transferred them over > from an older mail server) so I have tried many combinations including > setting full "rwx" permissions for everyone on the /home/user1 and > /home/user1/Maildir folders. It doesn't seem to help which leads me to > suspect I might be mis-understanding the dovecot-lda error messages. They are usually very clear and helpful. > To confirm as currently set: > User1 has full "rwx" permissions on the /home/user1 folder. What filesystem /home/user1 is located on? E.g. AFS has yet another permission management. What happens if you try to access the folder as the system user: su - user1 id -a su - user1 ls -ald /home/user1 The 1st command verifies, that su - user1 is using the same uid as Dovecot, the 2nd one probes the accessability. > I am running a "plain" CentOS 6.5 installation. No intentional protection > software like Apparmor, no SElinux features. OK, first question answered. ;-) What about the 2nd one about the permissions of / and /home? > -----Original Message----- > From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] > Sent: Wednesday, November 05, 2014 9:24 AM > To: Robert Kryger > Cc: dovecot at dovecot.org > Subject: RE: Dovecot-lda permission errors or maybe authentication errors? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 5 Nov 2014, Robert Kryger wrote: > >> Output of ls -nal /home/user1: >> >>> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >>> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >>> such file or directory, euid is not dir owner) > >> total 156 >> drwx------. 6 524 524 4096 Nov 5 08:27 . > > This list doesn't seem to fit the error message, because user 524 is owning > this dir and has full access permissions. Maybe, are you running some > protection software, like SELinux, AppArmor, ..., which prevents access to > this directory? > > Just to raise the obvious: "/" and "/home" do allow "x"-permission for user > #524, don't they? > >> drwxr-xr-x. 34 0 0 4096 Oct 4 14:06 .. >> -rw-------. 1 524 524 1148 Oct 15 13:44 .bash_history >> -rw-r--r--. 1 524 524 18 Sep 25 22:13 .bash_logout >> -rw-r--r--. 1 524 524 176 Sep 25 22:13 .bash_profile >> -rw-r--r--. 1 524 524 124 Sep 25 22:13 .bashrc >> -rw-r--r--. 1 0 0 1362 Nov 4 08:45 config.txt >> -rw-r--r--. 1 524 524 75 Oct 6 11:39 .forward_old >> -rw-r--r--. 1 0 0 37 Oct 26 19:09 .forward_test_lda >> -rw-------. 1 524 524 55 Oct 12 20:12 .lesshst >> -rw-r--r--. 1 0 0 1062 Nov 4 08:50 log1.log >> -rw-r--r--. 1 0 0 1246 Nov 4 08:49 log2.log >> drwxrw----. 35 524 524 4096 Nov 5 08:24 Maildir >> drwxr-----. 35 0 0 4096 Oct 29 09:03 Maildirsave >> drwxr-xr-x. 4 524 524 4096 May 6 2014 .mozilla >> -rw-r--r--. 1 524 524 92 Oct 12 20:20 .procmailrc >> -rw-r--r--. 1 524 524 1213 Oct 5 19:56 .procmailrc_old >> -rw-r--r--. 1 524 524 92 Oct 6 10:27 .procmailrc_old2 >> -rw-r--r--. 1 0 0 0 Nov 5 08:27 question1.txt >> drwx------. 2 524 524 4096 Oct 14 16:02 .ssh >> -rw-rw-r--. 1 524 524 152 Oct 6 10:25 testmessage.txt >> -rwxr-xr-x. 1 524 524 87 Oct 6 13:59 testscript >> -rw-rw-r--. 1 524 524 60810 Oct 27 16:57 top.log >> -rw-r--r--. 1 0 0 6 Nov 4 08:45 version.txt >> -rw-------. 1 524 524 3973 Oct 27 16:58 .viminfo >> >> -----Original Message----- >> From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] >> Sent: Wednesday, November 05, 2014 5:26 AM >> To: Robert Kryger >> Cc: dovecot at dovecot.org >> Subject: Re: Dovecot-lda permission errors or maybe authentication errors? >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Tue, 4 Nov 2014, Robert Kryger wrote: >> >>> I have tried to specify the dovecot-lda in two ways. First, in the >>> /etc/postfix/main.cf file: >>> >>> mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a >>> "$RECIPIENT" >>> >>> or alternatively, I leave the mailbox_command blank and specify the >>> following in the .forward file of a test user: >>> >>> | "/usr/libexec/dovecot/dovecot-lda" >>> >>> Either approach gives me the same error(s). When a mail message is >>> sent to the test user USER1, the following errors appear in the >>> dovecot-lda error >>> file: >>> >>> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >>> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >>> such file or directory, euid is not dir owner) Nov 04 08:47:29 > lda(user1): >> Error: >>> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): >>> Error: user user1: Initialization failed: Namespace 'INBOX.': >>> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) >>> egid=524(user1) stat() failed: No such file or directory, euid is not >>> dir >>> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. >>> Refer to server log for more information. >>> >>> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >>> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >>> such file or directory, euid is not dir owner) Nov 04 08:47:29 > lda(user1): >> Error: >>> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): >>> Error: user user1: Initialization failed: Namespace 'INBOX.': >>> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) >>> egid=524(user1) stat() failed: No such file or directory, euid is not >>> dir >>> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. >>> Refer to server log for more information. >>> >>> At first, I interpreted this to mean the file permissions were not >>> set correctly on the home directory or the Maildir folder. However, >>> I have opened these up to full rwx access for everyone and I still >>> get the same errors. Alternatively, perhaps this is related somehow >>> to the dovecot-lda authentication process via the password or user >>> databases, but I can't make any sense of the documentation. >> >> What's the output of: >> >> ls -nal /home/user1 >> >> - -- >> Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> >> iQEVAwUBVFn7O3z1H7kL/d9rAQLIkQf+NsVmLoWS4smKMBXs5auUQHEc7HNMucxa >> rT9quBZ/0Xn2Gn4UQRTp/X3XO4UoHYHDigcYLRG0+v7qENfOIShbb4a747LX/BTE >> JA+N4OfOWfSJGk+bz2qsxjXwMf0IGFqac1eZME41Qk6yn1CeWv4DTdY/tXmB+Cj+ >> qk/pUXcHCK/2ay6cYo9pXW3b3/VxPsLq3Q+vD9zJyFUZ5JMwAmk1zdEEPDVZGZ83 >> rmALm066qtuBePdsxrCuTEw2WyM/Zcgk6M4C40lWCWA/79PFv9FuFxAPIfjOpZaO >> jMvzYCzCE4IdWm8dJJQ9+oe0/aO6muu5gvVgoZygsst99PUswjqFcg== >> =YsBN >> -----END PGP SIGNATURE----- >> ---------------Output of GPG------------------ Decryption of block >> failed >> gpg: Signature made Wed 05 Nov 2014 11:26:03 AM CET using RSA key ID >> 0BFDDF6B >> gpg: BAD signature from "Steffen Kaiser " >> > > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVFozAHz1H7kL/d9rAQLcYggAnP86Mvdnn4sKI4/t1j22/jAetIGuA6hW > r+BFoLtugkp/829TtNnh2FvqF6uWBo38qcni4Qa7FLKGvNOnyaW11YbzVxcvH+lS > +58Ln5SJbAWOhbVTdLusvJZNqJIFUTQPJdx924ohDWndqcUPWdeDUDilegPm9kFS > z6XPTE3gsrqeggGRkD0FyYcDcvO8JuDieLmZnINvJ6bAiOCJ6dgJdNt64DLSbKtk > EMsj5Ix49m219NhkzNTrMXmlT6s/dZqO+/8B1MZ9S/w0KDGwZzYmV86hFlL3ImRp > G5cilKZbsNuGkL0PBHFbUqPrZeAnI93hMI2SszH5cV2dbQkYUqMIew== > =ggMr > -----END PGP SIGNATURE----- > ---------------Output of GPG------------------ > Decryption of block failed > gpg: Signature made Wed 05 Nov 2014 03:24:00 PM CET using RSA key ID 0BFDDF6B > gpg: BAD signature from "Steffen Kaiser " > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVFsku3z1H7kL/d9rAQLz6wf+OHrqvMkrdU2Pkq6pZsa4qI0zx4tVM/+i 1BlbxZ1Nk530edO46CKcpRkW8qtU657cYxWNaqpGkYpFUUnKcGtxKhna+tI+pxCe xdkAtah0Ept1BAGfc3HAgXILkH2akJPxR5R5opqtYFmMAYA65+cDSZ2UfWy/g68n C9zI6QejLFZ5xhPctL9twrpNZJ2lLScQq/GFr72sXqvIr9oQtNKGxCiHFMAG8IyK bYsQDju+FZXLgdvndm7VqgxC1/88chYkUcxnbHcr4a49ueXSrytyTrVOlgL5LjZU Tk+TaD2bBg+YGfF4dQ2IweC7v4oH4XxZA+CaihKeAq/AXfMgmAnQLg== =fhZe -----END PGP SIGNATURE----- From ad+lists at uni-x.org Thu Nov 6 08:59:11 2014 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Thu, 06 Nov 2014 09:59:11 +0100 Subject: Dovecot-lda permission errors or maybe authentication errors? In-Reply-To: References: <00a501cff84e$ef160910$cd421b30$@net> <000e01cff8fd$b3a05fc0$1ae11f40$@net> <006701cff90f$17c92e80$475b8b80$@net> <545A646C.70304@uni-x.org> Message-ID: <545B385F.7020407@uni-x.org> Am 06.11.2014 um 09:01 schrieb Steffen Kaiser: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 5 Nov 2014, Alexander Dalloz wrote: > > Dear Alexander, > >> Run "sestatus" and you'll see. >> >> Run "grep -i AVC /var/log/audit/audit.log" to identify SELinux caused >> denials. > > because I saw this type of question quite too often, I added this info > to the Wiki2 (to be revised by Timo): > http://master.wiki2.dovecot.org/WhyDoesItNotWork > > I copy'n'pasted your sentences, if you don't mind. > > Kind regards, > > - -- Steffen Kaiser Hello Steffen, sure I am fine with that. Even better it would be to have a recipe for a custom SELinux policy to not be mislead switching off SELinux at all. Such a custom policy is necessary when storing mail in the user's homedir because files created there get a wrong SELinux context for that usecase by default. An general overview about this topic can be found on http://wiki.centos.org/HowTos/SELinux Kind regards Alexander From rkryger at gate.net Thu Nov 6 13:40:15 2014 From: rkryger at gate.net (Robert Kryger) Date: Thu, 6 Nov 2014 08:40:15 -0500 Subject: Dovecot-lda permission errors or maybe authentication errors? In-Reply-To: References: <00a501cff84e$ef160910$cd421b30$@net> <000e01cff8fd$b3a05fc0$1ae11f40$@net> <006701cff90f$17c92e80$475b8b80$@net> Message-ID: <016301cff9c7$32a13eb0$97e3bc10$@net> Steffen, Problem was solved by Alexander. I was running SElinux in enforcing mode without realizing it. When I disabled SElinux, dovecot-lda started working. Thanks for all your help! Robert -----Original Message----- From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] Sent: Thursday, November 06, 2014 2:35 AM To: Robert Kryger Cc: dovecot at dovecot.org Subject: RE: Dovecot-lda permission errors or maybe authentication errors? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 5 Nov 2014, Robert Kryger wrote: > I agree the error message is confusing. As mentioned, I initially > thought the Maildir folder permissions were set wrong (since I > transferred them over from an older mail server) so I have tried many > combinations including setting full "rwx" permissions for everyone on > the /home/user1 and /home/user1/Maildir folders. It doesn't seem to > help which leads me to suspect I might be mis-understanding the dovecot-lda error messages. They are usually very clear and helpful. > To confirm as currently set: > User1 has full "rwx" permissions on the /home/user1 folder. What filesystem /home/user1 is located on? E.g. AFS has yet another permission management. What happens if you try to access the folder as the system user: su - user1 id -a su - user1 ls -ald /home/user1 The 1st command verifies, that su - user1 is using the same uid as Dovecot, the 2nd one probes the accessability. > I am running a "plain" CentOS 6.5 installation. No intentional > protection software like Apparmor, no SElinux features. OK, first question answered. ;-) What about the 2nd one about the permissions of / and /home? > -----Original Message----- > From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] > Sent: Wednesday, November 05, 2014 9:24 AM > To: Robert Kryger > Cc: dovecot at dovecot.org > Subject: RE: Dovecot-lda permission errors or maybe authentication errors? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 5 Nov 2014, Robert Kryger wrote: > >> Output of ls -nal /home/user1: >> >>> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >>> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >>> such file or directory, euid is not dir owner) > >> total 156 >> drwx------. 6 524 524 4096 Nov 5 08:27 . > > This list doesn't seem to fit the error message, because user 524 is > owning this dir and has full access permissions. Maybe, are you > running some protection software, like SELinux, AppArmor, ..., which > prevents access to this directory? > > Just to raise the obvious: "/" and "/home" do allow "x"-permission for > user #524, don't they? > >> drwxr-xr-x. 34 0 0 4096 Oct 4 14:06 .. >> -rw-------. 1 524 524 1148 Oct 15 13:44 .bash_history >> -rw-r--r--. 1 524 524 18 Sep 25 22:13 .bash_logout >> -rw-r--r--. 1 524 524 176 Sep 25 22:13 .bash_profile >> -rw-r--r--. 1 524 524 124 Sep 25 22:13 .bashrc >> -rw-r--r--. 1 0 0 1362 Nov 4 08:45 config.txt >> -rw-r--r--. 1 524 524 75 Oct 6 11:39 .forward_old >> -rw-r--r--. 1 0 0 37 Oct 26 19:09 .forward_test_lda >> -rw-------. 1 524 524 55 Oct 12 20:12 .lesshst >> -rw-r--r--. 1 0 0 1062 Nov 4 08:50 log1.log >> -rw-r--r--. 1 0 0 1246 Nov 4 08:49 log2.log >> drwxrw----. 35 524 524 4096 Nov 5 08:24 Maildir >> drwxr-----. 35 0 0 4096 Oct 29 09:03 Maildirsave >> drwxr-xr-x. 4 524 524 4096 May 6 2014 .mozilla >> -rw-r--r--. 1 524 524 92 Oct 12 20:20 .procmailrc >> -rw-r--r--. 1 524 524 1213 Oct 5 19:56 .procmailrc_old >> -rw-r--r--. 1 524 524 92 Oct 6 10:27 .procmailrc_old2 >> -rw-r--r--. 1 0 0 0 Nov 5 08:27 question1.txt >> drwx------. 2 524 524 4096 Oct 14 16:02 .ssh >> -rw-rw-r--. 1 524 524 152 Oct 6 10:25 testmessage.txt >> -rwxr-xr-x. 1 524 524 87 Oct 6 13:59 testscript >> -rw-rw-r--. 1 524 524 60810 Oct 27 16:57 top.log >> -rw-r--r--. 1 0 0 6 Nov 4 08:45 version.txt >> -rw-------. 1 524 524 3973 Oct 27 16:58 .viminfo >> >> -----Original Message----- >> From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de] >> Sent: Wednesday, November 05, 2014 5:26 AM >> To: Robert Kryger >> Cc: dovecot at dovecot.org >> Subject: Re: Dovecot-lda permission errors or maybe authentication errors? >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Tue, 4 Nov 2014, Robert Kryger wrote: >> >>> I have tried to specify the dovecot-lda in two ways. First, in the >>> /etc/postfix/main.cf file: >>> >>> mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a >>> "$RECIPIENT" >>> >>> or alternatively, I leave the mailbox_command blank and specify the >>> following in the .forward file of a test user: >>> >>> | "/usr/libexec/dovecot/dovecot-lda" >>> >>> Either approach gives me the same error(s). When a mail message is >>> sent to the test user USER1, the following errors appear in the >>> dovecot-lda error >>> file: >>> >>> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >>> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >>> such file or directory, euid is not dir owner) Nov 04 08:47:29 > lda(user1): >> Error: >>> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): >>> Error: user user1: Initialization failed: Namespace 'INBOX.': >>> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) >>> egid=524(user1) stat() failed: No such file or directory, euid is >>> not dir >>> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. >>> Refer to server log for more information. >>> >>> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: >>> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No >>> such file or directory, euid is not dir owner) Nov 04 08:47:29 > lda(user1): >> Error: >>> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1): >>> Error: user user1: Initialization failed: Namespace 'INBOX.': >>> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1) >>> egid=524(user1) stat() failed: No such file or directory, euid is >>> not dir >>> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. >>> Refer to server log for more information. >>> >>> At first, I interpreted this to mean the file permissions were not >>> set correctly on the home directory or the Maildir folder. However, >>> I have opened these up to full rwx access for everyone and I still >>> get the same errors. Alternatively, perhaps this is related somehow >>> to the dovecot-lda authentication process via the password or user >>> databases, but I can't make any sense of the documentation. >> >> What's the output of: >> >> ls -nal /home/user1 >> >> - -- >> Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> >> iQEVAwUBVFn7O3z1H7kL/d9rAQLIkQf+NsVmLoWS4smKMBXs5auUQHEc7HNMucxa >> rT9quBZ/0Xn2Gn4UQRTp/X3XO4UoHYHDigcYLRG0+v7qENfOIShbb4a747LX/BTE >> JA+N4OfOWfSJGk+bz2qsxjXwMf0IGFqac1eZME41Qk6yn1CeWv4DTdY/tXmB+Cj+ >> qk/pUXcHCK/2ay6cYo9pXW3b3/VxPsLq3Q+vD9zJyFUZ5JMwAmk1zdEEPDVZGZ83 >> rmALm066qtuBePdsxrCuTEw2WyM/Zcgk6M4C40lWCWA/79PFv9FuFxAPIfjOpZaO >> jMvzYCzCE4IdWm8dJJQ9+oe0/aO6muu5gvVgoZygsst99PUswjqFcg== >> =YsBN >> -----END PGP SIGNATURE----- >> ---------------Output of GPG------------------ Decryption of block >> failed >> gpg: Signature made Wed 05 Nov 2014 11:26:03 AM CET using RSA key ID >> 0BFDDF6B >> gpg: BAD signature from "Steffen Kaiser " >> > > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVFozAHz1H7kL/d9rAQLcYggAnP86Mvdnn4sKI4/t1j22/jAetIGuA6hW > r+BFoLtugkp/829TtNnh2FvqF6uWBo38qcni4Qa7FLKGvNOnyaW11YbzVxcvH+lS > +58Ln5SJbAWOhbVTdLusvJZNqJIFUTQPJdx924ohDWndqcUPWdeDUDilegPm9kFS > z6XPTE3gsrqeggGRkD0FyYcDcvO8JuDieLmZnINvJ6bAiOCJ6dgJdNt64DLSbKtk > EMsj5Ix49m219NhkzNTrMXmlT6s/dZqO+/8B1MZ9S/w0KDGwZzYmV86hFlL3ImRp > G5cilKZbsNuGkL0PBHFbUqPrZeAnI93hMI2SszH5cV2dbQkYUqMIew== > =ggMr > -----END PGP SIGNATURE----- > ---------------Output of GPG------------------ Decryption of block > failed > gpg: Signature made Wed 05 Nov 2014 03:24:00 PM CET using RSA key ID > 0BFDDF6B > gpg: BAD signature from "Steffen Kaiser " > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVFsku3z1H7kL/d9rAQLz6wf+OHrqvMkrdU2Pkq6pZsa4qI0zx4tVM/+i 1BlbxZ1Nk530edO46CKcpRkW8qtU657cYxWNaqpGkYpFUUnKcGtxKhna+tI+pxCe xdkAtah0Ept1BAGfc3HAgXILkH2akJPxR5R5opqtYFmMAYA65+cDSZ2UfWy/g68n C9zI6QejLFZ5xhPctL9twrpNZJ2lLScQq/GFr72sXqvIr9oQtNKGxCiHFMAG8IyK bYsQDju+FZXLgdvndm7VqgxC1/88chYkUcxnbHcr4a49ueXSrytyTrVOlgL5LjZU Tk+TaD2bBg+YGfF4dQ2IweC7v4oH4XxZA+CaihKeAq/AXfMgmAnQLg== =fhZe -----END PGP SIGNATURE----- From asai at globalchangemusic.org Thu Nov 6 16:32:03 2014 From: asai at globalchangemusic.org (Asai) Date: Thu, 06 Nov 2014 09:32:03 -0700 Subject: Dovecot replication causing deleted emails to reappear Message-ID: <545BA283.1090406@globalchangemusic.org> Greetings, I've set up replication successfully on two Dovecot servers. I had fully synced the servers but then took one offline for 2 weeks. When I restored it, the servers synced but ended up replacing deleted emails in random people's inboxes. I'm using maildir. Does anyone have any insights as to correcting this issue? Asai -- --Asai From ecasarero at gmail.com Thu Nov 6 22:48:31 2014 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu, 6 Nov 2014 19:48:31 -0300 Subject: building latest stable for ubuntu 14.04 Message-ID: Hi list, Does anybody have some notes/blog post/etc about building dovecot deb packages? From reynolds at biology.utah.edu Fri Nov 7 00:26:54 2014 From: reynolds at biology.utah.edu (James Reynolds) Date: Thu, 6 Nov 2014 17:26:54 -0700 Subject: Dovecot auth process repeatedly crashes on OS X Server 10.9 Message-ID: My dovecot/auth process crashes several times a minute, sometimes at the same second, sometimes randomly. I?ve turned on auth_debug and been pouring over everything trying to see if I can see what is going on but I can?t find anything. I?m running OS X Server 10.9 and dovecot 2.2.5. I can?t say for sure, but it looks to me like the crashed process doesn?t even save anything to mail-debug.log before it crashes. It takes about 2 seconds for it to come up. Once it crashed about 10 times in 2 seconds. Can anyone give me any ideas where I should look? Here are relevant portions from logs: mail-info.log Nov 06 17:19:10 pop3-login: Info: Aborted login (auth process communication failure): user=<>, method=DIGEST-MD5, rip=155.101.106.229, lip=10.0.0.128, TLS mail-err.log Nov 06 17:19:10 pop3-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=66114, EOF) Nov 06 17:19:10 auth: Fatal: master: service(auth): child 66100 killed with signal 11 (core dumps disabled) It looks exactly like what is discussed here: https://discussions.apple.com/thread/6482632?start=0&tstart=0 I do have clients using Outlook. I haven?t run wireshark or tried to verify it is Outlook by testing different clients. postconf -n # 2.2.5: /Library/Server/Mail/Config/dovecot/dovecot.conf # OS: Darwin 13.3.0 x86_64 hfs auth_mechanisms = cram-md5 digest-md5 plain login auth_realms = biomail.biology.utah.edu auth_socket_path = /var/run/dovecot/auth-userdb auth_username_format = %n debug_log_path = /Library/Logs/Mail/mail-debug.log default_internal_user = _dovecot default_login_user = _dovenull first_valid_gid = 6 first_valid_uid = 6 imap_id_log = * imap_id_send = "name" * "version" * imap_urlauth_submit_user = submit info_log_path = /Library/Logs/Mail/mail-info.log log_path = /Library/Logs/Mail/mail-err.log login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_access_groups = mail mail_attribute_dict = file:/Library/Server/Mail/Data/attributes/attributes.dict mail_location = maildir:/Library/Server/Mail/Data/mail/%u mail_log_prefix = "%s(pid %p user %u): " mail_plugins = quota zlib acl fts fts_sk managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mdbox_rotate_size = 200 M namespace acl-mailboxes { list = children location = maildir:/Library/Server/Mail/Data/mail/users/%%u:INDEX=/Library/Server/Mail/Data/mail/shared/%%u prefix = shared.%%u. separator = . subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } namespace list-archives { list = children location = maildir:/Library/Server/Mail/Data/listserver/messages/archive/lists/%%u:INDEX=/Library/Server/Mail/Data/listserver/messages/archive/shared/%%u prefix = archives.%%u. separator = . subscriptions = no type = shared } passdb { driver = od } passdb { args = /Library/Server/Mail/Config/dovecot/submit.passdb driver = passwd-file } plugin { acl = vfile:/Library/Server/Mail/Config/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/Library/Server/Mail/Data/shared/shared-mailboxes fts = sk quota = maildir:User quota quota_warning = storage=100%% quota-exceeded %u sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u stats_refresh = 30 secs stats_track_cmds = yes } postmaster_address = postmaster at biology.utah.edu protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { idle_kill = 15 mins unix_listener auth-userdb { user = _dovecot } } service dns_client { unix_listener dns-client { mode = 0600 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap { client_limit = 5 process_limit = 200 service_count = 0 } service indexer-worker { user = _dovecot } service lmtp { unix_listener lmtp { mode = 0600 } } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { client_limit = 5 process_limit = 200 service_count = 0 } service quota-exceeded { executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded.sh unix_listener quota-exceeded { group = mail mode = 0660 user = _dovecot } user = _dovecot } service quota-warning { executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning.sh unix_listener quota-warning { group = mail mode = 0660 user = _dovecot } user = _dovecot } service stats { fifo_listener stats-mail { mode = 0600 user = _dovecot } } ssl_ca = __TEXT 0000000103b39000-0000000103b6a000 [ 196K] r-x/rwx SM=COW /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/auth Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_c.dylib 0x00007fff8a181732 strlen + 18 1 libdovecot.0.dylib 0x0000000103bdc2b8 vstrconcat + 72 Thread 1: 0 libsystem_kernel.dylib 0x00007fff858f9e6a __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x00007fff89901f08 _pthread_wqthread + 330 2 libsystem_pthread.dylib 0x00007fff89904fb9 start_wqthread + 13 Thread 2:: Dispatch queue: com.apple.libdispatch-manager 0 libsystem_kernel.dylib 0x00007fff858fa662 kevent64 + 10 1 libdispatch.dylib 0x00007fff8808f421 _dispatch_mgr_invoke + 239 2 libdispatch.dylib 0x00007fff8808f136 _dispatch_mgr_thread + 52 Thread 3: 0 libsystem_kernel.dylib 0x00007fff858f9e6a __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x00007fff89901f08 _pthread_wqthread + 330 2 libsystem_pthread.dylib 0x00007fff89904fb9 start_wqthread + 13 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x00007fff5c0c6878 rbx: 0x0000000000000001 rcx: 0x0000000000000001 rdx: 0x0000000000000001 rdi: 0x0000000000000000 rsi: 0x0000000103b6354d rbp: 0x00007fff5c0c6800 rsp: 0x00007fff5c0c6800 r8: 0x0000000103b6354e r9: 0x0000000000000000 r10: 0x00007fff8a1c92a8 r11: 0x00007fb60dca54c3 r12: 0x0000000000000028 r13: 0x00007fff5c0c6920 r14: 0x0000000000000028 r15: 0x0000000000000009 rip: 0x00007fff8a181732 rfl: 0x0000000000010246 cr2: 0x0000000000000000 Logical CPU: 0 Error Code: 0x00000004 Trap Number: 14 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1761 bytes Desc: not available URL: From dovecot-list at mohtex.net Fri Nov 7 04:08:06 2014 From: dovecot-list at mohtex.net (Tamsy) Date: Fri, 07 Nov 2014 11:08:06 +0700 Subject: building latest stable for ubuntu 14.04 In-Reply-To: References: Message-ID: <545C45A6.10200@mohtex.net> Eduardo Casarero wrote on 07.11.2014 05:48: > Hi list, Does anybody have some notes/blog post/etc about building dovecot > deb packages? If this is ment to be used on your box you can easily accomplish this by using "checkinstall". Take a look at https://help.ubuntu.com/community/CheckInstall and http://packages.ubuntu.com/en/trusty/checkinstall for more information. From chayes at afo.net Fri Nov 7 06:06:04 2014 From: chayes at afo.net (Cliff Hayes) Date: Fri, 07 Nov 2014 00:06:04 -0600 Subject: mail location change generates various errors Message-ID: <545C614C.6090205@afo.net> I have a sendmail/dovecot imap/pop3 system that has been running with the following mail_location: mail_location = mbox:/var/empty:INBOX=/var/spool/mail/%u:INDEX=/var/indexes/%u In order to reduce errors and simplify operation I removed imap and am now only responding to pop3. I'd like to also simplify the mail_location to get rid of index errors since I don't need indexes: mail_location = mbox:/var/spool/mail:INBOX=/var/spool/mail/%n But when I applied the new mail_location I began to get the following five errors: Nov 6 23:17:24 sendmail dovecot: pop3(chayes): Warning: UIDVALIDITY changed (1132434125 -> 1205169149) in mbox file /var/spool/mail/chayes Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Panic: Message unexpectedly expunged from index Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0() [0x3340045e2a] -> /usr/lib64/dovecot/libdovecot.so.0() [0x3340045e6e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x3340019eb3] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef62567ed] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef6256e75] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef62928ed] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_mail_set_seq+0x76) [0x3ef6294ae6] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef625698c] -> dovecot/pop3() [0x405ec7] -> dovecot/pop3(client_command_execute+0x6d7) [0x4071c7] -> dovecot/pop3(client_handle_input+0x78) [0x405618] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x3340052c36] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x3340053a57] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x3340052778] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x334003e3c3] -> dovecot/pop3(main+0x283) [0x403cc3] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x359f821a05] -> dovecot/pop3() [0x403e2d] Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Fatal: master: service(pop3): child 3358 killed with signal 6 (core dumps disabled) Nov 6 23:18:00 sendmail dovecot: pop3(jbkirk): Error: open(/var/spool/mail/.imap/INBOX/dovecot.index.log) failed: Permission denied (euid=2151(jbkirk) egid=12(mail) missing +r perm: /var/spool/mail/.imap/INBOX/dovecot.index.log, dir owned by 3575:12 mode=0770) dovecot -n output # 2.1.16: /etc/dovecot/dovecot.conf # OS: Linux 3.9.2-200.fc18.x86_64 x86_64 Fedora release 18 (Spherical Cow) ext4 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no mail_location = mbox:/var/empty:INBOX=/var/spool/mail/%u:INDEX=/var/indexes/%u mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = pop3 ssl = no ssl_cert = References: <545C614C.6090205@afo.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 7 Nov 2014, Cliff Hayes wrote: > I have a sendmail/dovecot imap/pop3 system that has been running with the > following mail_location: > > mail_location = > mbox:/var/empty:INBOX=/var/spool/mail/%u:INDEX=/var/indexes/%u > > In order to reduce errors and simplify operation I removed imap and am now > only responding to pop3. I'd like to also simplify the mail_location to get > rid of index errors since I don't need indexes: > > mail_location = mbox:/var/spool/mail:INBOX=/var/spool/mail/%n http://wiki2.dovecot.org/MailLocation#Index_files see :INDEX=MEMORY. > Nov 6 23:17:24 sendmail dovecot: pop3(chayes): Warning: UIDVALIDITY changed > (1132434125 -> 1205169149) in mbox file /var/spool/mail/chayes UIDVALIDITY is kept in index files by default, because you've the changed index files, the UIDVALIDITY changed. > > Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Panic: Message unexpectedly > expunged from index > > Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Error: Raw backtrace: > /usr/lib64/dovecot/libdovecot.so.0() [0x3340045e2a] -> > /usr/lib64/dovecot/libdovecot.so.0() [0x3340045e6e] -> > /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x3340019eb3] -> > /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef62567ed] -> > /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef6256e75] -> > /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef62928ed] -> > /usr/lib64/dovecot/libdovecot-storage.so.0(index_mail_set_seq+0x76) > [0x3ef6294ae6] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef625698c] > -> dovecot/pop3() [0x405ec7] -> dovecot/pop3(client_command_execute+0x6d7) > [0x4071c7] -> dovecot/pop3(client_handle_input+0x78) [0x405618] -> > /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x3340052c36] -> > /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x3340053a57] > -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x3340052778] -> > /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x334003e3c3] -> > dovecot/pop3(main+0x283) [0x403cc3] -> > /lib64/libc.so.6(__libc_start_main+0xf5) [0x359f821a05] -> dovecot/pop3() > [0x403e2d] > Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Fatal: master: service(pop3): > child 3358 killed with signal 6 (core dumps disabled) That's a bug. > Nov 6 23:18:00 sendmail dovecot: pop3(jbkirk): Error: > open(/var/spool/mail/.imap/INBOX/dovecot.index.log) failed: Permission denied > (euid=2151(jbkirk) egid=12(mail) missing +r perm: > /var/spool/mail/.imap/INBOX/dovecot.index.log, dir owned by 3575:12 > mode=0770) Index files are not disabled. > dovecot -n output > > # 2.1.16: /etc/dovecot/dovecot.conf > # OS: Linux 3.9.2-200.fc18.x86_64 x86_64 Fedora release 18 (Spherical Cow) > ext4 > auth_mechanisms = plain login > auth_verbose = yes > auth_verbose_passwords = plain > disable_plaintext_auth = no > mail_location = > mbox:/var/empty:INBOX=/var/spool/mail/%u:INDEX=/var/indexes/%u > mbox_write_locks = fcntl > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > protocols = pop3 > ssl = no > ssl_cert = ssl_key = userdb { > driver = passwd > } > > What do I need to do to transition to the new mail_location without the > errors? > > Thanks in advance. > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVFxxt3z1H7kL/d9rAQI+ygf+JPAsjIhoLPnPPznEkgQ955sw+tLDYlba qr9tWR1s0h0aAKK+2Gg6zf6/0l+Pw2987goSqdXebqdEG85ZqUTdnUkoqWV2zVY6 kdkZQ3KhMGNoRim/aEJqB/SzGn11Pvn8xwbmnGf73ZzM8Nd9Xh+klGTaTaxWgDgM p0PtCuNetID/AE3Ip51R9t4/V/Tz9EETfKsaYCvMUKgGX1yvO1eN018N2KJrZ/6Z THOjcVB6LPalHsawdc2iGYYcjvHjVsVCUBiL1hW8v5FaM7HTgTV5rubljUSlizY9 AJDqyTRR92E/glspHwVgtHLbgI6/LacrTqyTHibD9dwfkkQ88tHgrA== =wd2Y -----END PGP SIGNATURE----- From spyros.tsiolis at hotmail.com Fri Nov 7 09:10:09 2014 From: spyros.tsiolis at hotmail.com (Spyros Tsiolis) Date: Fri, 7 Nov 2014 09:10:09 +0000 Subject: building latest stable for ubuntu 14.04 In-Reply-To: <545C45A6.10200@mohtex.net> References: , <545C45A6.10200@mohtex.net> Message-ID: ---------------------------------------- > Date: Fri, 7 Nov 2014 11:08:06 +0700 > From: dovecot-list at mohtex.net > To: ecasarero at gmail.com; dovecot at dovecot.org > Subject: Re: building latest stable for ubuntu 14.04 > > Eduardo Casarero wrote on 07.11.2014 05:48: >> Hi list, Does anybody have some notes/blog post/etc about building dovecot >> deb packages? > > If this is ment to be used on your box you can easily accomplish this by > using "checkinstall". Take a look at > https://help.ubuntu.com/community/CheckInstall and > http://packages.ubuntu.com/en/trusty/checkinstall for more information. ---------------------------------------- In regards to this post. This is something that has been troubling me for a looong time. List / Timo , have you checked this out ? : https://nixos.org/nix/ They claim that is portable between distros and doesn't touch each distros' package manager and can also roll-back versions. I've been struggling with CentOS 7 and Ubuntu versions for the last eight years and it seems really tempting. At the moment, I don't have the time or stamina to pursue this. Some feedback on this would be really, really nice :-) Regards, spyros From chayes at afo.net Fri Nov 7 14:53:00 2014 From: chayes at afo.net (Cliff Hayes) Date: Fri, 07 Nov 2014 08:53:00 -0600 Subject: mail location change results in various errors Message-ID: <545CDCCC.1070808@afo.net> I have a sendmail/dovecot imap/pop3 system that has been running with the following mail_location: mail_location = mbox:/var/empty:INBOX=/var/spool/mail/%u:INDEX=/var/indexes/%u In order to reduce errors and simplify operation I removed imap and am now only responding to pop3. I'd like to also simplify the mail_location to get rid of index errors since I don't need indexes: mail_location = mbox:/var/spool/mail:INBOX=/var/spool/mail/%n But when I applied the new mail_location I began to get the following five errors: Nov 6 23:17:24 sendmail dovecot: pop3(chayes): Warning: UIDVALIDITY changed (1132434125 -> 1205169149) in mbox file /var/spool/mail/chayes Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Panic: Message unexpectedly expunged from index Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0() [0x3340045e2a] -> /usr/lib64/dovecot/libdovecot.so.0() [0x3340045e6e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x3340019eb3] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef62567ed] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef6256e75] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef62928ed] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_mail_set_seq+0x76) [0x3ef6294ae6] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef625698c] -> dovecot/pop3() [0x405ec7] -> dovecot/pop3(client_command_execute+0x6d7) [0x4071c7] -> dovecot/pop3(client_handle_input+0x78) [0x405618] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x3340052c36] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x3340053a57] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x3340052778] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x334003e3c3] -> dovecot/pop3(main+0x283) [0x403cc3] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x359f821a05] -> dovecot/pop3() [0x403e2d] Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Fatal: master: service(pop3): child 3358 killed with signal 6 (core dumps disabled) Nov 6 23:18:00 sendmail dovecot: pop3(jbkirk): Error: open(/var/spool/mail/.imap/INBOX/dovecot.index.log) failed: Permission denied (euid=2151(jbkirk) egid=12(mail) missing +r perm: /var/spool/mail/.imap/INBOX/dovecot.index.log, dir owned by 3575:12 mode=0770) dovecot -n output # 2.1.16: /etc/dovecot/dovecot.conf # OS: Linux 3.9.2-200.fc18.x86_64 x86_64 Fedora release 18 (Spherical Cow) ext4 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no mail_location = mbox:/var/empty:INBOX=/var/spool/mail/%u:INDEX=/var/indexes/%u mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = pop3 ssl = no ssl_cert = Hi, I've setup virtual alias/users/domains with postfix and dovecot, so far so good. In the alias table I set the information of the source and destination address, but then I try to send an email to the alias, dovecot complains about it. What am I doing wrong? Nov 7 23:04:13 fastmail dovecot: lmtp(4687): Connect from local Nov 7 23:04:13 fastmail postfix/lmtp[6556]: 1D2AC100E0A: to=, relay=fastmail.domain.pt[private/dovecot-lmtp], delay=6.3, delays=6.2/0/0/0.06, dsn=5.1.1, status=bounced (host fastmail.domain.pt[private/dovecot-lmtp] said: 550 5.1.1 User doesn't exist: b at a.com (in reply to RCPT TO command)) Nov 7 23:04:13 fastmail dovecot: lmtp(4687): Disconnect from local: Successful quit Postfix alias conf: virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf cat mysql-virtual-alias-maps.cf user = posuser password = popass hosts = 127.0.0.1 dbname = postfix query = SELECT deliver_to FROM dovecot_aliases WHERE alias='%s' where the table structure is: CREATE TABLE `dovecot_aliases` ( `id` int(11) NOT NULL, `alias` varchar(255) NOT NULL, `deliver_to` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC; Records are, considering that the main address is a at a.com: Insert into dovecot_alias values (1,'b at a.com','a at a.com'); Should be postfix that should had send this to the main address right? What could be wrong? SQL Logs for this, show's that dovecot considered the alias to check if the users exists instead of the real address: 141107 23:18:12 45 Connect postfix_usr at localhost on postfix 45 Query SELECT deliver_to FROM dovecot_aliases WHERE alias='ola.pt' 46 Connect postfix_usr at localhost on postfix 46 Query SELECT 1 FROM dovecot_domains WHERE domain='ola.pt' and status='true' 141107 23:18:16 45 Query SELECT deliver_to FROM dovecot_aliases WHERE alias='a.com' 46 Query SELECT 1 FROM dovecot_domains WHERE domain='a.com' and status='true' 47 Connect postfix_usr at localhost on postfix 47 Query SELECT deliver_to FROM dovecot_aliases WHERE alias='b at a.com' 141107 23:18:22 45 Query SELECT deliver_to FROM dovecot_aliases WHERE alias='a.com' 46 Query SELECT 1 FROM dovecot_domains WHERE domain='a.com' and status='true' 48 Connect postfix_usr at 192.168.69.223 on postfix 48 Query select uid,gid from dovecot_users where username='b at a.com' 49 Connect postfix_usr at localhost on postfix 49 Query SELECT deliver_to FROM dovecot_aliases WHERE alias='ola at ola.pt' 49 Query SELECT deliver_to FROM dovecot_aliases WHERE alias='@ola.pt' 45 Query SELECT deliver_to FROM dovecot_aliases WHERE alias='ola.pt' 46 Query SELECT 1 FROM dovecot_domains WHERE domain='ola.pt' and status='true' PS: offtopic, don't understand why postfix queries the sender domain in the domains table and the sender email in the alias table. Thanks in advanced, Jorge, From bernd.kuhls at t-online.de Sat Nov 8 09:18:30 2014 From: bernd.kuhls at t-online.de (Bernd Kuhls) Date: Sat, 08 Nov 2014 10:18:30 +0100 Subject: SQLite does not depend on zlib, was: Re: [PATCH] Split sql drivers from lib-sql to plugins Message-ID: Tomas Janousek wrote in news:20070413132731.GA8281 @redhat.com: > - SQL_LIBS="$SQL_LIBS -lsqlite3 -lz" > + SQLITE_LIBS="$SQLITE_LIBS -lsqlite3 -lz" Hi, this patch fixes a build error during cross compilation to a system without the libz target package: --- dovecot-2.2.15.org/configure.ac 2014-10-25 05:57:08.000000000 +0200 +++ dovecot-2.2.15/configure.ac 2014-11-08 10:06:23.015570150 +0100 @@ -2293,7 +2293,7 @@ if test $want_sqlite != no; then AC_CHECK_LIB(sqlite3, sqlite3_open, [ AC_CHECK_HEADER(sqlite3.h, [ - SQLITE_LIBS="$SQLITE_LIBS -lsqlite3 -lz" + SQLITE_LIBS="$SQLITE_LIBS -lsqlite3" AC_DEFINE(HAVE_SQLITE,, Build with SQLite3 support) found_sql_drivers="$found_sql_drivers sqlite" Regards, Bernd From mysql.jorge at decimal.pt Sat Nov 8 14:22:09 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Sat, 8 Nov 2014 14:22:09 -0000 Subject: Help on dict with QUOTA / perms Message-ID: <008401cffb5f$6205dcd0$26119670$@jorge@decimal.pt> I'm setting up quota for my users, my users have a UID starting on >5000 and GID = 5000, and when I query the quota, for example in IMAP, I get: Nov 8 14:13:28 fastmail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=18660, secured, session= Nov 8 14:13:37 fastmail dovecot: imap(a at a.com): Error: net_connect_unix(/var/run/dovecot/dict) failed: Permission denied (euid=5000() egid=5000() missing +r perm: /var/run/dovecot/dict, dir owned by 0:0 mode=0755) Question is, should I have the GID on the users set to 0, or is there another way to workaround it? Thanks, From mysql.jorge at decimal.pt Sat Nov 8 15:55:04 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Sat, 8 Nov 2014 15:55:04 -0000 Subject: Help on dict with QUOTA / perms In-Reply-To: <008401cffb5f$6205dcd0$26119670$@jorge@decimal.pt> References: <008401cffb5f$6205dcd0$26119670$@jorge@decimal.pt> Message-ID: <00a001cffb6c$5cffee30$16ffca90$@jorge@decimal.pt> Hi, Ok managed to solve this with the permissions on the socket. One related question, the quota units are only Kb,M,G ? not possible to define it in bytes? > -----Original Message----- > From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Jorge > Bastos > Sent: s?bado, 8 de Novembro de 2014 14:22 > To: 'Dovecot Mailing List' > Subject: Help on dict with QUOTA / perms > > I'm setting up quota for my users, my users have a UID starting on > >5000 and GID = 5000, and when I query the quota, for example in IMAP, > I get: > > > > Nov 8 14:13:28 fastmail dovecot: imap-login: Login: user=, > method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=18660, secured, > session= > > Nov 8 14:13:37 fastmail dovecot: imap(a at a.com): Error: > net_connect_unix(/var/run/dovecot/dict) failed: Permission denied > (euid=5000() egid=5000() missing +r perm: > /var/run/dovecot/dict, dir owned by 0:0 mode=0755) > > > > Question is, should I have the GID on the users set to 0, or is there > another way to workaround it? > > > > Thanks, From filbar at centrum.cz Sat Nov 8 16:45:15 2014 From: filbar at centrum.cz (=?utf-8?q?Filip_Bartmann?=) Date: Sat, 08 Nov 2014 17:45:15 +0100 Subject: =?utf-8?q?Dovecot_quota_via_custom_column?= Message-ID: <20141108174515.EAA8CE21@centrum.cz> Hello, we have multiple domains connected to single user account and we want to have quota counted via this column - called account_id. Users are stored in mysql database. --------------------------------------------------------------------------------- iterate_query = SELECT email AS user FROM mailboxes user_query=SELECT email, 501 AS uid, 501 AS gid, CONCAT('*:storage=',quota,'M') AS quota_rule FROM mailboxes AS m WHERE email='%u' password_query=SELECT email AS user, pw_hash AS password, CONCAT('*:storage=',quota,'M') AS userdb_quota_rule FROM mailboxes AS e WHERE email='%u' --------------------------------------------------------------------------------- We have quota stored in dovecot dictionary and as usable variables we found only - http://wiki2.dovecot.org/Variables. Is there any way to do use account_id as quota username? Thanks, Filip Bartmann From lists at xunil.at Sat Nov 8 18:12:47 2014 From: lists at xunil.at (Stefan G. Weichinger) Date: Sat, 08 Nov 2014 19:12:47 +0100 Subject: Best practise for deleting with Thunderbird In-Reply-To: <545A634F.2040106@xunil.at> References: <545A634F.2040106@xunil.at> Message-ID: <545E5D1F.1070208@xunil.at> Am 05.11.2014 um 18:50 schrieb Stefan G. Weichinger: > > As I mentioned in another thread I set up these 2 namespaces for a > couple of users: > > namespace { > inbox = yes > location = > prefix = > separator = / > type = private > } > namespace { > location = > maildir:/home/vmail/oeffentlich:INDEXPVT=/home/vmail/public/index/%d/%u/index > prefix = Oeffentlich/ > separator = / > subscriptions = yes > type = public > } > > It is planned that they all will use Thunderbird (on MS Windows) to > access their mailboxes. > > Now when I create a folder in the public space and try to delete it via > thunderbird I get something like: > > "Renaming not supported across non-private namespaces" > > As far as I found out by browsing the web this is related to Thunderbird > trying to move (=rename) the mail from the public to the private > namespace, correct? > > Setting TB to immediately remove mails (tested that, this works) seems a > bit scary to me: this removes a safety layer for the users because this > would also apply to their personal maildirs. > > Is there any more elegant way of solving this? > > Do I have to set up some kind of ACLs? > > Some kind of "public paperbin folder" ?? > > Pls help me to understand this better ;-) Am I in the wrong place with my questions? From h.reindl at thelounge.net Sat Nov 8 18:15:35 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 08 Nov 2014 19:15:35 +0100 Subject: Best practise for deleting with Thunderbird In-Reply-To: <545E5D1F.1070208@xunil.at> References: <545A634F.2040106@xunil.at> <545E5D1F.1070208@xunil.at> Message-ID: <545E5DC7.9040607@thelounge.net> Am 08.11.2014 um 19:12 schrieb Stefan G. Weichinger: >> Now when I create a folder in the public space and try to delete it via >> thunderbird I get something like: >> >> "Renaming not supported across non-private namespaces" >> >> As far as I found out by browsing the web this is related to Thunderbird >> trying to move (=rename) the mail from the public to the private >> namespace, correct? >> >> Setting TB to immediately remove mails (tested that, this works) seems a >> bit scary to me: this removes a safety layer for the users because this >> would also apply to their personal maildirs. >> >> Is there any more elegant way of solving this? >> >> Do I have to set up some kind of ACLs? >> >> Some kind of "public paperbin folder" ?? >> >> Pls help me to understand this better ;-) > > Am I in the wrong place with my questions? yes - this is a server list you just have two options in a mail-client * delete immediately * move it to trash folder move in case of thunderbird is always copy+delete that's how it works -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From lists at xunil.at Sat Nov 8 18:18:42 2014 From: lists at xunil.at (Stefan G. Weichinger) Date: Sat, 08 Nov 2014 19:18:42 +0100 Subject: Best practise for deleting with Thunderbird In-Reply-To: <545E5DC7.9040607@thelounge.net> References: <545A634F.2040106@xunil.at> <545E5D1F.1070208@xunil.at> <545E5DC7.9040607@thelounge.net> Message-ID: <545E5E82.1040103@xunil.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 08.11.2014 um 19:15 schrieb Reindl Harald: >> Am I in the wrong place with my questions? > > yes - this is a server list I asked for a possible config change on the server side as well ;-) > you just have two options in a mail-client > > * delete immediately * move it to trash folder > > move in case of thunderbird is always copy+delete > > > that's how it works Yep, thanks. Stefan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUXl6CAAoJEClcuD1V0PzmY/UP/RTw9cj5Jsa9jQWDnbA0Dts4 QKLWcAmU8f5qN/ip+PFiWn7bVHjFPMkzXGvBoR2msiR6uNEEd6+gokeNJCObM8xG MBAcsinHqKma67spWT5IaOmmUuaiZTbhvta40I3CoQpaXYRxXVze0RKlILYZPkk3 3rh1ceALckvU37s4mLa0QehmOs6R0LMB6Ldr9hnqvf252Abfg8GMoFTtpDJSlyS8 3vUkoy4Us06N5ac422A77Tb0VFqE3V1lFs40t9C0CeFOX/l+kEj2mzG0mexr2ylT zioy68Wb8CqhKEw/GP5O55KPCoZ7yJ3gVUeAGCezMZ+lfZ2UDZXXsgimsZ1tMFOw qAESPtqYd5T19+qKDIcu5HVqu9Hmw9W1XIhYvzvmkyEf3aTSBC7mfefSTFH2yE/W qzz12ZjcR/s0jdtgEWN1AWWCTNbEMxl/UBOSVEfZEdg/DlkE6vInrntyjLwviCIY EGl1a//v7bRIruWqZmfm6bdT2vC5VUaKj6VFmiPuRjcHSyzK6grLZAEmzXetVSEa rwRSfl8TMJlsqAaNZaNEAzr57DBldL7T6EKAJZb0xlLLgOqgy/PG7zFPMZki2Xp2 a0yYh1uwqef5/5RBM3EDuXKQOJ2yG2hrtFP1tIXutgD7yfwjY85uNhn72YLqy9ho nat6nUK4H5WU9sTcte5V =i3GA -----END PGP SIGNATURE----- From h.reindl at thelounge.net Sat Nov 8 18:33:36 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 08 Nov 2014 19:33:36 +0100 Subject: Best practise for deleting with Thunderbird In-Reply-To: <545E5E82.1040103@xunil.at> References: <545A634F.2040106@xunil.at> <545E5D1F.1070208@xunil.at> <545E5DC7.9040607@thelounge.net> <545E5E82.1040103@xunil.at> Message-ID: <545E6200.8070203@thelounge.net> Am 08.11.2014 um 19:18 schrieb Stefan G. Weichinger: > Am 08.11.2014 um 19:15 schrieb Reindl Harald: > >>> Am I in the wrong place with my questions? >> >> yes - this is a server list > > I asked for a possible config change on the server side as well ;-) not use different namespaces - but that likely is no solution >> you just have two options in a mail-client >> >> * delete immediately * move it to trash folder >> >> move in case of thunderbird is always copy+delete >> >> that's how it works > > Yep, thanks looks like TB tries a atomic rename (depending on the server capabilities) which could do a fallback to copy/rename in case of a message - doing that for a whole folder i dangerous - in case the folder may contain 5000 messages mayboe you could configure TB trash to a local folder instead keep it on the server (as long you control all clients) - may also help against users deleting junk but never empty trash :-) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From lists at xunil.at Sat Nov 8 18:38:25 2014 From: lists at xunil.at (Stefan G. Weichinger) Date: Sat, 08 Nov 2014 19:38:25 +0100 Subject: Best practise for deleting with Thunderbird In-Reply-To: <545E6200.8070203@thelounge.net> References: <545A634F.2040106@xunil.at> <545E5D1F.1070208@xunil.at> <545E5DC7.9040607@thelounge.net> <545E5E82.1040103@xunil.at> <545E6200.8070203@thelounge.net> Message-ID: <545E6321.3040904@xunil.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 08.11.2014 um 19:33 schrieb Reindl Harald: > looks like TB tries a atomic rename (depending on the server > capabilities) which could do a fallback to copy/rename in case of > a message - doing that for a whole folder i dangerous - in case the > folder may contain 5000 messages > > mayboe you could configure TB trash to a local folder instead keep > it on the server (as long you control all clients) - may also help > against users deleting junk but never empty trash :-) worth a thought, yes ... I will suggest that to the customer next week. Thanks, Stefan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUXmMhAAoJEClcuD1V0Pzm7SQP/2IOyWhA3+rdeWbUqPddE4zH mSOEu5xbsWrSg3M+n+4dqxfpXoxTwGOFXr2GJyP0yZAG33j2W+xt5wSFRwTNdYXz d5GQyCwYPtY+H5ssPsVLqr5rxpKKVAp6SkZBDy4Cqi0bf1zqOxbBXvXGpU5WGO1M FuCJduEW0xa2iQOoJfNlr8kGc6ZwbIK1FluFNCwjDsPLQJ2lLyVTCZMRamF6y6zg chy5lqRIdRuENife/Kd2Yj+P5W75P2mrCSUhwqAyvM1L6Y8aHIxc74DuojOh1UFG 9IS9aQxGJGudvz9IotFylodeIjvexWqIr+24mTWYqsL831YS6PwW2A9x4ZhXejHa yg2VigihvJygG7o3fD0IEHpBBHeHUCgCyGCIzGQhRh0vJ6OSSoBlzq9xPG7Bn+K0 VkkSDKfjBuZRHx4BrtSI/Z9N7HjOxnh1Tg6LYrpJpM2aPtMUpPXe36HDXsT2gbtX ot4NyKNlxjK2KoNmvVgJcsoRjfS3Sz6h8SKVoRX8ukwJ+U/wp1UKTkuT/TSWNEtd fOA3lqMc10r9Lf7dqYFzxZEiLnN9+Z17SGOgepcKu+6MphweLrYiYzzvkx/mA9l8 8p59f2Y3JfimHFrMkp0aYCzQNr1mlzqYrfNO89BgbDgJn4rDxa+nYrEH+uWhc2IT 6Xxr71jt3y67rpV5nwpI =etZg -----END PGP SIGNATURE----- From gedalya at gedalya.net Sat Nov 8 23:14:38 2014 From: gedalya at gedalya.net (Gedalya) Date: Sat, 08 Nov 2014 18:14:38 -0500 Subject: Help on dict with QUOTA / perms In-Reply-To: <00a001cffb6c$5cffee30$16ffca90$@jorge@decimal.pt> References: <008401cffb5f$6205dcd0$26119670$@jorge@decimal.pt> <00a001cffb6c$5cffee30$16ffca90$@jorge@decimal.pt> Message-ID: <545EA3DE.90705@gedalya.net> On 11/08/2014 10:55 AM, Jorge Bastos wrote: > Hi, > > Ok managed to solve this with the permissions on the socket. > > One related question, the quota units are only Kb,M,G ? not possible to > define it in bytes? You can http://wiki2.dovecot.org/Quota/Configuration#Limit_configuration From mysql.jorge at decimal.pt Sat Nov 8 23:23:45 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Sat, 8 Nov 2014 23:23:45 -0000 Subject: Help on dict with QUOTA / perms In-Reply-To: <545EA3DE.90705@gedalya.net> References: <008401cffb5f$6205dcd0$26119670$@jorge> <545EA3DE.90705@gedalya.net> Message-ID: <005f01cffbab$0b155300$213ff900$@jorge@decimal.pt> > On 11/08/2014 10:55 AM, Jorge Bastos wrote: > > Hi, > > > > Ok managed to solve this with the permissions on the socket. > > > > One related question, the quota units are only Kb,M,G ? not possible > > to define it in bytes? > > You can > http://wiki2.dovecot.org/Quota/Configuration#Limit_configuration Ah, got it, replacing storage with bytes. Cool, thanks. From mysql.jorge at decimal.pt Sun Nov 9 00:30:55 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Sun, 9 Nov 2014 00:30:55 -0000 Subject: Improvement proposal Message-ID: <006901cffbb4$6cfd5320$46f7f960$@jorge@decimal.pt> Hi, I'd like to purpose a small improvement. When a user has a quota set in message limit instead of bytes, the returning message it's the same as in bytes limit quota (Quota exceeded (mailbox for user is full)) If possible, when the user has the message limit, it could return something different like: Quota exceeded (max messages reached for user) Thanks, Jorge, From hakon at alstadheim.priv.no Sun Nov 9 00:45:07 2014 From: hakon at alstadheim.priv.no (=?windows-1252?Q?H=E5kon_Alstadheim?=) Date: Sun, 09 Nov 2014 01:45:07 +0100 Subject: Best practise for deleting with Thunderbird In-Reply-To: <545E5DC7.9040607@thelounge.net> References: <545A634F.2040106@xunil.at> <545E5D1F.1070208@xunil.at> <545E5DC7.9040607@thelounge.net> Message-ID: <545EB913.1080404@alstadheim.priv.no> On 08. nov. 2014 19:15, Reindl Harald wrote: > > move in case of thunderbird is always copy+delete > > > that's how it works > Really? Sure? Icedove gives me THREE choices, move, mark as deleted, or delete immediately. I thought the codebase was the same for thunderbird and icedove? With the middle choice (Just mark as deleted) I get a red cross over deleted messages, and they stay around until I "compact" the mailbox. The "just mark as deleted" might depend on dovecot announcing that capability, I have not checked. It IS available with dovecot using Maildir storage, under all icedove versions since I can remember. Check your mail-client and see. Under "account settings" -> "server settings". From jelmer at debian.org Sun Nov 9 16:22:36 2014 From: jelmer at debian.org (Jelmer Vernooij) Date: Sun, 9 Nov 2014 17:22:36 +0100 Subject: Disabling SSLv3 protocol In-Reply-To: <35F49C5B-94AD-43C2-88B5-ECA68D216254@iki.fi> References: <35F49C5B-94AD-43C2-88B5-ECA68D216254@iki.fi> Message-ID: <20141109162236.GA31172@jelmer.uk> On Tue, Oct 14, 2014 at 12:25:32PM -0700, Timo Sirainen wrote: > Since people are now talking about the SSLv3 security hole and how to disable it, here's a thread where you can talk about that. In Dovecot v2.1+ you can disable SSLv3 by setting: > > ssl_protocols = !SSLv2 !SSLv3 > > In older versions you'd have to patch the source code. Attached a patch against v2.0. Do you have any plans to make this (SSLv3 disabled) the new default for ssl_protocols? I'm considering doing this in the Debian package. Cheers, Jelmer From dieterknopf at gmail.com Sun Nov 9 17:24:11 2014 From: dieterknopf at gmail.com (Dieter Knopf) Date: Sun, 9 Nov 2014 18:24:11 +0100 Subject: inbox parameter is ignored within location config for public namespaces? Message-ID: Hello, i already asked a similiar question some month ago but still have no fix for my problem :-( This is my global location option in 10-mail.conf: mail_location = maildir:/home/vmail/%d/%n/MAILDIR:INBOX=/home/vmail/%d/%n/MAILDIR/.INBOX:INDEX=/home/vmail/%d/%n/INDEX/ This works fine, until i'm using a public namespace. The following namespace is a normal user too, every mail to bos at foo.eu is stored in /home/vmail/foo.eu/bos/MAILDIR (within the INBOX-folder) and this directory is used for the location of the namespace. Config: namespace { type = public separator = / prefix = BOS/ location = maildir:/home/vmail/foo.eu/bos/MAILDIR:INBOX=/home/vmail/foo.eu/bos/MAILDIR/.INBOX:INDEX=/home/vmail/foo.eu/bos/S_INDEX:INDEXPVT=/home/vmail/foo.eu/bos/S_INDEXPVT/%u subscriptions = yes } The namespace itself works fine and without a problem, but the INBOX folder is the main problem. Mail users agents like Thunderbird now shows a folder structure like: BOS (grey, not useable) - INBOX (the .INBOX folder) - Other folder 1 - Other folder 2 - Other folder 3 The INBOX-config works fine for every single user, but it don't work on namespaces? Is this a bug? Thanks Dieter From mahdi88mahdi at yahoo.com Mon Nov 10 06:11:58 2014 From: mahdi88mahdi at yahoo.com (Mahdi Mahdi) Date: Mon, 10 Nov 2014 06:11:58 +0000 (UTC) Subject: deliver an email to a large number of local users directly via doveadm Message-ID: <224242321.221564.1415599918481.JavaMail.yahoo@jws10661.mail.bf1.yahoo.com> Hello,We have a mail service that uses postfix and dovecot. We would like to send an email to a large number of users(about 100K). However, it takes too long to send the email through smtp. Is there any solution to deliver the email locally to all user mailboxes directly.dovecot uses lmtp for transfering local emails. the worst solutoin is that copy the email to all mailboxes via linux file system. But we would prefer to use some tools provided by dovecot like doveadm. is there any way to do this job? From alessio at skye.it Mon Nov 10 13:23:46 2014 From: alessio at skye.it (Alessio Cecchi) Date: Mon, 10 Nov 2014 14:23:46 +0100 Subject: Performance issue In-Reply-To: <14423535.2159391415200059037.JavaMail.httpd@webmail-15.iol.local> References: <14423535.2159391415200059037.JavaMail.httpd@webmail-15.iol.local> Message-ID: <5460BC62.1060402@skye.it> Hi, try to start dovecot with "ulimits -u 10240 -n 40000" and increase the value in /proc/sys/fs/inotify/max_user_instances around to 1024. I also suggest to use XFS instead of ext4, for example after a crash XFS is immediately available. Ciao Il 05/11/2014 16:07, absolutely_free at libero.it ha scritto: > Hi, > Since few days I noticed very high load on my mailserver (Centos 6.6 64bit, 8 GB RAM, 2 x CPU 3.00GHz > I am using Dovecot + Postfix + Roundcube + Nginx. > > I have about 10000 users. > Spool is on network attached storage (Coraid). > > File system is ext4 (mounted with noatime). > > Problem appears almost every morning (while load is normal during afternoon). > > I suspect that this can be related to some user that have so many messages in his mailbox. > How can I troubleshoot this? > > Here some messages that I got in maillog: > > Warning: Maildir: Scanning /var/spool/pop/domains/xxxx.it/YYYYYYYYY/Maildir/new took 71 seconds (1 readdir()s, 1 rename()s to cur/) > > Warning: Maildir /var/spool/pop/domains/zzzz/WWWWWWWWWWWW/Maildir/.Trash: Synchronization took 74 seconds (5 new msgs, 0 flag change attempts, 0 expunge attempts) > > dovecot: imap(xxxx at zzzz.it): Warning: Inotify instance limit for user 89 (UID postfix) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances > > > tail: inotify cannot be used, reverting to polling: Too many open files > > My relevant dovecot conf: > > mail_location = maildir:/coraid-s2l2/domains > namespace { > type = private > separator = . > prefix = INBOX. > inbox = yes > } > mail_uid = 89 > mail_gid = 89 > mail_fsync = never > first_valid_uid = 89 > first_valid_gid = 89 > maildir_very_dirty_syncs = yes > mbox_write_locks = fcntl > > > > thank you very much! From chayes at afo.net Mon Nov 10 16:57:52 2014 From: chayes at afo.net (Cliff Hayes) Date: Mon, 10 Nov 2014 10:57:52 -0600 Subject: mail location change results in various errors Message-ID: <5460EE90.1050404@afo.net> I have a sendmail/dovecot imap/pop3 system that has been running with the following mail_location: mail_location = mbox:/var/empty:INBOX=/var/spool/mail/%u:INDEX=/var/indexes/%u In order to reduce errors and simplify operation I removed imap and am now only responding to pop3. I'd like to also simplify the mail_location to get rid of index errors since I don't need indexes: mail_location = mbox:/var/spool/mail:INBOX=/var/spool/mail/%n But when I applied the new mail_location I began to get the following five errors: Nov 6 23:17:24 sendmail dovecot: pop3(chayes): Warning: UIDVALIDITY changed (1132434125 -> 1205169149) in mbox file /var/spool/mail/chayes Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Panic: Message unexpectedly expunged from index Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0() [0x3340045e2a] -> /usr/lib64/dovecot/libdovecot.so.0() [0x3340045e6e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x3340019eb3] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef62567ed] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef6256e75] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef62928ed] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_mail_set_seq+0x76) [0x3ef6294ae6] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3ef625698c] -> dovecot/pop3() [0x405ec7] -> dovecot/pop3(client_command_execute+0x6d7) [0x4071c7] -> dovecot/pop3(client_handle_input+0x78) [0x405618] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x3340052c36] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x3340053a57] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x3340052778] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x334003e3c3] -> dovecot/pop3(main+0x283) [0x403cc3] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x359f821a05] -> dovecot/pop3() [0x403e2d] Nov 6 23:17:26 sendmail dovecot: pop3(chayes): Fatal: master: service(pop3): child 3358 killed with signal 6 (core dumps disabled) Nov 6 23:18:00 sendmail dovecot: pop3(jbkirk): Error: open(/var/spool/mail/.imap/INBOX/dovecot.index.log) failed: Permission denied (euid=2151(jbkirk) egid=12(mail) missing +r perm: /var/spool/mail/.imap/INBOX/dovecot.index.log, dir owned by 3575:12 mode=0770) dovecot -n output # 2.1.16: /etc/dovecot/dovecot.conf # OS: Linux 3.9.2-200.fc18.x86_64 x86_64 Fedora release 18 (Spherical Cow) ext4 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no mail_location = mbox:/var/empty:INBOX=/var/spool/mail/%u:INDEX=/var/indexes/%u mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = pop3 ssl = no ssl_cert = unfinished) Message-ID: <20141110205722.GC5776@salidar.dom.custoft.eu> Hi, I see a lot of crashes in my syslog lately. Specifically a sequence of errors exactly like this (only the timestamp differs). > Nov 10 21:29:53 khitomer dovecot: imap-login: Login: user=, method=PLAIN, rip=XXXX, lip=YYYY, mpid=ZZZZ, TLS, session= > Nov 10 21:29:53 khitomer dovecot: imap(user at hostname): Panic: file mail-storage.c: line 2222 (mailbox_copy): assertion failed: (!ctx->unfinished) > Nov 10 21:29:53 khitomer dovecot: imap(user at hostname): Fatal: master: service(imap): child 35108 killed with signal 6 (core not dumped) I have the mail storage on ZFS, one separate filesystem per user and another for the lucene indexes. I.e. these are separate ZFS filesystems (not pools): > /var/mail/vhosts/%d/%n > /var/mail/vhosts/%d/%n/lucene-indexes Any idea what could be going wrong? partial config (without LDA, SSL and auth portions): > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 10.0-RELEASE-p12 amd64 > mail_gid = mail > mail_location = maildir:~/Maildir/ > mail_plugins = acl mailbox_alias quota virtual > mail_privileged_group = mail > mail_uid = vmail > namespace { > list = yes > location = maildir:/var/mail/public:INDEXPVT=~/Maildir/public > prefix = Public. > separator = . > subscriptions = no > type = public > } > namespace { > list = children > location = maildir:%%h/Maildir/:INDEX=~/Maildir/shared/%%n > prefix = shared.%%n. > separator = . > subscriptions = no > type = shared > } > namespace { > location = virtual:~/Maildir/virtual > prefix = virtual. > separator = . > type = private > } > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > auto = create > special_use = \Junk > } > mailbox Sent { > auto = create > special_use = \Sent > } > mailbox Trash { > auto = create > special_use = \Trash > } > mailbox virtual.All { > special_use = \All > } > prefix = > separator = . > } > plugin { > acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=10 > acl_anyone = allow > acl_shared_dict = file:/var/mail/vhosts/%d/shared-mailboxes.db > antispam_backend = mailtrain > antispam_mail_notspam = -g > antispam_mail_sendmail = /usr/bin/nice > antispam_mail_sendmail_args = /usr/local/bin/python2;-W;ignore;/usr/local/bin/sb_filter.py;-d;%h/.hammiedb;-f > antispam_mail_spam = -s > antispam_spam = SPAM;Spam;Junk > antispam_trash = Trash > antispam_unsure = Filtered-Spam;Possible-Spam > fetchmail_pidfile = %h/.fetchmail.pid > fts = lucene > fts_autoindex = yes > fts_autoindex_max_recent_msgs = 30 > fts_decoder = decode2text > fts_index_timeout = 60 > fts_lucene = whitespace_chars=@. mime_parts > mailbox_alias_new = Sent Messages > mailbox_alias_new2 = Sent Items > mailbox_alias_old = Sent > mailbox_alias_old2 = Sent > quota = maildir:User quota > quota_grace = 10%% > quota_rule = *:storage=1G > quota_rule2 = Trash:storage=+100M > quota_rule3 = Junk:ignore > quota_rule4 = Possible-Spam:ignore > quota_rule5 = Filtered-Spam:ignore > recipient_delimiter = + > } > postmaster_address = postmaster@$hostname > protocols = imap lmtp sieve > quota_full_tempfail = yes > service auth-worker { > user = $default_internal_user > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > } > service imap { > drop_priv_before_exec = yes > } > userdb { > args = username_format=%u /usr/local/etc/dovecot/users > default_fields = home=/var/mail/vhosts/%d/%n > driver = passwd-file > } > protocol imap { > mail_max_userip_connections = 25 > mail_plugins = acl mailbox_alias quota virtual imap_acl zlib imap_zlib imap_quota expire fetchmail_wakeup antispam > } -- Met vriendelijke groet, With kind regards, Giel van Schijndel -- "It would seem that perfection is attained not when no more can be added, but when no more can be removed." -- Antoine de Saint Exup?ry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From goetz.reinicke at filmakademie.de Tue Nov 11 08:53:22 2014 From: goetz.reinicke at filmakademie.de (=?UTF-8?B?R8O2dHogUmVpbmlja2UgLSBJVCBLb29yZGluYXRvcg==?=) Date: Tue, 11 Nov 2014 09:53:22 +0100 Subject: help by recovering a mailbox - maildir and dovecot 2.2.13 Message-ID: <5461CE82.20604@filmakademie.de> Hi, an user screwd up his mailbox in such a way, that I dont see how to get it back in the right order. E.g. in the subcriptions file there is a folder Studienjahr 2014 - 2015.Pitchings in the filesystem there this folder is in trash and without spaces between the years: .Trash.Studienjahr 2014-2015.Pitchings in the Filesystem ther is no folder Studienjahr 2014-2015 Currently he uses our sogo as email client ant there are some folders to showing up but some are empty, some cant be deleted ... So any help and suggestion in recovering this structure is welcome! Regards . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5481 bytes Desc: S/MIME Cryptographic Signature URL: From skdovecot at smail.inf.fh-brs.de Tue Nov 11 09:23:23 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 11 Nov 2014 10:23:23 +0100 (CET) Subject: help by recovering a mailbox - maildir and dovecot 2.2.13 In-Reply-To: <5461CE82.20604@filmakademie.de> References: <5461CE82.20604@filmakademie.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 11 Nov 2014, G?tz Reinicke - IT Koordinator wrote: > an user screwd up his mailbox in such a way, that I dont see how to get > it back in the right order. > > E.g. in the subcriptions file there is a folder > > Studienjahr 2014 - 2015.Pitchings > > in the filesystem there this folder is in trash and without spaces > between the years: > > .Trash.Studienjahr 2014-2015.Pitchings > > in the Filesystem ther is no folder > > Studienjahr 2014-2015 > > Currently he uses our sogo as email client ant there are some folders to > showing up but some are empty, some cant be deleted ... A client does not seem to synchronize subscription and folder operation. I would remove the subcriptions file und let the user subscribe anew. If for instance subcriptions contains a mailbox, which does not exist physically, some versions of Thunderbird shows this mailbox, but as soon as you do something with it, you get a "mailbox does not exist" error. You can unsubscribe from the mailbox and the ghost mailboxes are gone. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGHVi3z1H7kL/d9rAQL3igf/acBloikzZxTdDtGS0dELadx5of/7Ei5a hOjKn55XpJ7GY2gG0DAsyy4AgY8RPakcHozlPlfHSILke8iqg3gOJ8wYpbwiydXr 24mClQBd+WJMhwTBlFRgsL3/DYIMVZwJeCMPLt7Ho+u5/wjFZtsvj+Mx4j8IU3R6 ppKeYXe5E7wvW2BcJCxBAcpIL7hwQ5OCvkMC387C/5LG/BfRFgbR2yKwlFOpikOn sH3CDcC2iZcqTcO2HWXt7Yu5nRRgklqVTiKzKZwDvfZYsHWWK1Ul7lufcsBPg9s+ EdDQni44H45+0G3P2dhtQsffm7/vYZqoQQ4N94MfpoPlIMOrU1bQPw== =nqOd -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Nov 11 09:30:24 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 11 Nov 2014 10:30:24 +0100 (CET) Subject: deliver an email to a large number of local users directly via doveadm In-Reply-To: <224242321.221564.1415599918481.JavaMail.yahoo@jws10661.mail.bf1.yahoo.com> References: <224242321.221564.1415599918481.JavaMail.yahoo@jws10661.mail.bf1.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 10 Nov 2014, Mahdi Mahdi wrote: > Hello,We have a mail service that uses postfix and dovecot. We would > like to send an email to a large number of users(about 100K). However, > it takes too long to send the email through smtp. Is there any solution > to deliver the email locally to all user mailboxes directly.dovecot uses > lmtp for transfering local emails. the worst solutoin is that copy the > email to all mailboxes via linux file system. But we would prefer to use > some tools provided by dovecot like doveadm. is there any way to do this > job? if your mail storage is Maildir and you use virtual users with the same uid/gid for all users, the filesystem level is easy going and circumvent Sieve: 1) sent the message to yourself, 2) move the message file somewhere, no user can access, 3) remove delivery headers, 4) rename the file, in order to not contain the ":2,"... stuff, 5) for u in *; do ln message_file /home/"$u"/Maildir/new; done The for loop has to be altered to match your local requirements (path, users, ...) though. ===== Alternativly check out if Dovecot LDA works as expected and use it. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGHXMHz1H7kL/d9rAQKW8gf/Zslvd7JLfiWVtTQYqjoo4gWIY5KVYy3P cxZCRswcFYoCtS0wmzi6kFqfYYZlvOz+Mak9FNM7SqbRNeGDhW9xHaWKc4SxTRE9 Rq8BGCltBNSgW/O4KPImF4S6jvlhVp433oOL70Q9zK7Pk5KOpA47YsHdosSwaZ+6 +buRPIoKOB/ktU4pnsCSrnGNuFw7EgME+pAJy98qjjJ2XKejZ0/fKxma4eaxxj5J rfI71Gs4o3VIpJMdcYH3uBGkkn4/qCI4AqaHiZwnjoE7PwB8oipFbnQUdoHjFoMZ eqsg/92eby97/w2+PwiR0mnQbU5H4Zt5Fx9cp7okeSWMBGRNb2dDUA== =CFTS -----END PGP SIGNATURE----- From jerry at seibercom.net Tue Nov 11 13:01:51 2014 From: jerry at seibercom.net (Jerry) Date: Tue, 11 Nov 2014 08:01:51 -0500 Subject: Virtual User Authentication Message-ID: <20141111080151.668c66f5@scorpio> I have only "virtual users" on the system that I maintain. I am using Postfix which is configured to use Devecot for authentication. I get several attempts everyday to hack into the system, both via Postfix and directly via Dovecot. The following is from the dovecot log: Nov 11 04:14:48 auth-worker(21005): Error: pam(monica,69.193.88.146): pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?) Now, I do not use "pam" on this system. Is there a way I can eliminate Dovecot from trying to use it? -- Jerry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From skdovecot at smail.inf.fh-brs.de Tue Nov 11 13:21:58 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 11 Nov 2014 14:21:58 +0100 (CET) Subject: Virtual User Authentication In-Reply-To: <20141111080151.668c66f5@scorpio> References: <20141111080151.668c66f5@scorpio> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 11 Nov 2014, Jerry wrote: > Nov 11 04:14:48 auth-worker(21005): Error: pam(monica,69.193.88.146): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?) > > Now, I do not use "pam" on this system. Is there a way I can eliminate > Dovecot from trying to use it? post your doveconf -n - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGINdnz1H7kL/d9rAQIMRAf/Z6P6J0HLfhivcaEg6Y1RJI8s6TW735L7 5tRHv+XDNuwGVfMa0yge8XnTII4GoMeXkP99DJIOULF3lPfZ9sd2mr8JZmVjINQQ togbwmoPkvEQ3b1SnNYNWXOwA35+Z4UeLgNIGxkZ+PJwbuoi4dZVl0QiQB0S8b1G t32Z1bR2Hml/5r7S8rN9mZI2EpYPUhkG6cTxNK/zZw90NW0AtJ+RoKz8Mo+GhMff NdVgGT9YD7m+79XE6WUwm2KFGBcmd6K4LFWBn5XorEI5YrPoktCUp1c+StM0TJNE PRv8ATWN2zUPRIxrRtqRp7WCsEGQLRWxfW7sE+zrU5MggPXSKE2m4Q== =JnBO -----END PGP SIGNATURE----- From jerry at seibercom.net Tue Nov 11 14:41:24 2014 From: jerry at seibercom.net (Jerry) Date: Tue, 11 Nov 2014 09:41:24 -0500 Subject: Virtual User Authentication In-Reply-To: References: <20141111080151.668c66f5@scorpio> Message-ID: <20141111094124.246e5d34@scorpio> On Tue, 11 Nov 2014 14:21:58 +0100 (CET), Steffen Kaiser stated: >On Tue, 11 Nov 2014, Jerry wrote: > >> Nov 11 04:14:48 auth-worker(21005): Error: pam(monica,69.193.88.146): >> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot >> missing?) >> >> Now, I do not use "pam" on this system. Is there a way I can eliminate >> Dovecot from trying to use it? > >post your doveconf -n $ dovecot -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE-p12 amd64 ufs auth_mechanisms = plain login cram-md5 digest-md5 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes log_path = /var/log/dovecot mail_location = maildir:/var/mail/vmail/%d/gerard managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = username_format=%u /usr/local/etc/dovecot/user/passwd driver = passwd-file } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/user/passwd driver = passwd-file } passdb { driver = pam } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/user/passwd driver = passwd-file } plugin { sieve_global_dir = /usr/local/etc/dovecot/sieve/ sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve } postmaster_address = postmaster at seibercom.net service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = From h.reindl at thelounge.net Tue Nov 11 14:44:31 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 11 Nov 2014 15:44:31 +0100 Subject: Virtual User Authentication In-Reply-To: <20141111094124.246e5d34@scorpio> References: <20141111080151.668c66f5@scorpio> <20141111094124.246e5d34@scorpio> Message-ID: <546220CF.2000906@thelounge.net> Am 11.11.2014 um 15:41 schrieb Jerry: > On Tue, 11 Nov 2014 14:21:58 +0100 (CET), Steffen Kaiser stated: > >> On Tue, 11 Nov 2014, Jerry wrote: >> >>> Nov 11 04:14:48 auth-worker(21005): Error: pam(monica,69.193.88.146): >>> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot >>> missing?) >>> >>> Now, I do not use "pam" on this system. Is there a way I can eliminate >>> Dovecot from trying to use it? >> >> post your doveconf -n > > passdb { > driver = pam > } well, did you read the output? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From jerry at seibercom.net Tue Nov 11 15:13:58 2014 From: jerry at seibercom.net (Jerry) Date: Tue, 11 Nov 2014 10:13:58 -0500 Subject: Virtual User Authentication In-Reply-To: <546220CF.2000906@thelounge.net> References: <20141111080151.668c66f5@scorpio> <20141111094124.246e5d34@scorpio> <546220CF.2000906@thelounge.net> Message-ID: <20141111101358.33f9c173@scorpio> On Tue, 11 Nov 2014 15:44:31 +0100, Reindl Harald stated: > > >Am 11.11.2014 um 15:41 schrieb Jerry: >> On Tue, 11 Nov 2014 14:21:58 +0100 (CET), Steffen Kaiser stated: >> >>> On Tue, 11 Nov 2014, Jerry wrote: >>> >>>> Nov 11 04:14:48 auth-worker(21005): Error: pam(monica,69.193.88.146): >>>> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot >>>> missing?) >>>> >>>> Now, I do not use "pam" on this system. Is there a way I can eliminate >>>> Dovecot from trying to use it? >>> >>> post your doveconf -n >> >> passdb { >> driver = pam >> } > >well, did you read the output? Yes I did. I created a dovecot.conf file and placed this in it: #passdb { # driver = pam #} It didn't work. Dovecot has so many individual conf files that it is difficult to figure out where everything is. I really like the Postfix method where the last rule wins. I have not figured out in what file the "pam" setting resides that is being picked up by Dovecot. Personally, I am not a fan of this multiple file configuration scenario. -- Jerry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From asai at globalchangemusic.org Tue Nov 11 15:21:24 2014 From: asai at globalchangemusic.org (Asai) Date: Tue, 11 Nov 2014 08:21:24 -0700 Subject: Replication Advice Needed Message-ID: <54622974.20709@globalchangemusic.org> I successfully set up Dovecot replication, having 2 servers syncing with each other. While I had both servers in the same room on a Gigabit network, they were syncing fine. But I took one to another location, and syncing was turned off for about 2 weeks. Now I've turned both back on, they're sort of syncing, but not really. The one remote server is not populating emails into various folders and it really should be cranking to sync those emails. Do anyone have any insights on how we could troubleshoot this? -- --Asai From Christian.Schmidt at chemie.uni-hamburg.de Tue Nov 11 15:29:01 2014 From: Christian.Schmidt at chemie.uni-hamburg.de (Christian Schmidt) Date: Tue, 11 Nov 2014 16:29:01 +0100 Subject: Virtual User Authentication In-Reply-To: <20141111101358.33f9c173@scorpio> References: <20141111080151.668c66f5@scorpio> <20141111094124.246e5d34@scorpio> <546220CF.2000906@thelounge.net> <20141111101358.33f9c173@scorpio> Message-ID: <54622B3D.5000705@chemie.uni-hamburg.de> On 11.11.2014 16:13, Jerry wrote: > Dovecot has so many individual conf files that it is > difficult to figure out where everything is. I really like the Postfix method > where the last rule wins. It's just the same with dovecot. > I have not figured out in what file the "pam" > setting resides that is being picked up by Dovecot. Give grep a chance. Regards, Christian -- No signature available. From ms at dnagt.de Tue Nov 11 19:13:07 2014 From: ms at dnagt.de (=?UTF-8?B?TWFyYyBTdMO8cm1lcg==?=) Date: Tue, 11 Nov 2014 20:13:07 +0100 Subject: FTS-Solr: indexer-worker does not find mailbox Message-ID: <54625FC3.1010006@dnagt.de> Greetings, I am running Dovecot v. 2.2.13 on a Gentoo Box. Mail users are virtual, data for them is stored in a MySQL-DB, Sieve is enabled and deliver is the LDA in conjunction with Postfix. This setup has been running for a few years now without problems, the configuration works. Some weeks ago the setup was still on a Ubuntu 12.04 LTS box, and Dovecot was v. 2.0.9. I've installed a Tomcat there with Solr and configured the FTS-Solr plugin from Dovecot. Worked like a charm without any problems at all. Now the same setup on the Gentoo box does not work at all; either indexer-worker does not find the directory or is just indexing 0 messages. Solr is also installed again (v. 3.6.0) on Tomcat, and Solr is running properly. I checked it with my browser and the logs, they are showing no errors. gentoo ~ # dovecot --version 2.2.13 dovecot -n: http://pastebin.com/NqLfrbp8 dovecot-sql.conf: http://pastebin.com/KLf4pjJZ Debug log. Nov 11 20:12:14 kraftzwerg dovecot: indexer-worker: Debug: auth input: mail at marc-stuermer.de home=/var/kunden/mail/ mail=maildir:marc/mail at marc-stuermer.de/ uid=9997 gid=9997 Nov 11 20:12:14 kraftzwerg dovecot: indexer-worker: Debug: Added userdb setting: mail=maildir:marc/mail at marc-stuermer.de/ Nov 11 20:12:14 kraftzwerg dovecot: indexer-worker(mail at marc-stuermer.de): Debug: Effective uid=9997, gid=9997, home=/var/kunden/mail/ Nov 11 20:12:14 kraftzwerg dovecot: indexer-worker(mail at marc-stuermer.de): Debug: Namespace : type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:marc/mail at marc-stuermer.de/ Nov 11 20:12:14 kraftzwerg dovecot: indexer-worker(mail at marc-stuermer.de): Debug: maildir++: root=marc/mail at marc-stuermer.de, index=, indexpvt=, control=, inbox=marc/mail at marc-stuermer.de, alt= Nov 11 20:12:14 kraftzwerg dovecot: indexer-worker(mail at marc-stuermer.de): Debug: Namespace INBOX.: marc/mail at marc-stuermer.de doesn't exist yet, using default permissions Nov 11 20:12:14 kraftzwerg dovecot: indexer-worker(mail at marc-stuermer.de): Debug: Namespace INBOX.: Using permissions from marc/mail at marc-stuermer.de: mode=0700 gid=default Nov 11 20:12:14 kraftzwerg dovecot: indexer-worker(mail at marc-stuermer.de): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none Nov 11 20:12:14 kraftzwerg dovecot: indexer-worker(mail at marc-stuermer.de): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Nov 11 20:12:14 kraftzwerg dovecot: indexer-worker(mail at marc-stuermer.de): Debug: Syncing mailbox INBOX.gentoo failed: Mailbox doesn't exist: INBOX.gentoo Nov 11 20:12:14 kraftzwerg dovecot: imap(mail at marc-stuermer.de): Error: indexer failed to index mailbox INBOX.gentoo So the question is: where's the error and how to fix it? I am kinda clueless right now. Thanks in advance, Marc From mysql.jorge at decimal.pt Tue Nov 11 20:55:42 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Tue, 11 Nov 2014 20:55:42 -0000 Subject: Help with last_login plugin Message-ID: <005501cffdf1$db4595b0$91d0c110$@jorge@decimal.pt> Hi, I want to have a datetime column in my users table, to have the value updated every time my users login via POP3/IMAP. Last_login is new but I don't see any query example, or field names or so. Does anyone can give an help on this? Thanks, From user+dovecot at localhost.localdomain.org Tue Nov 11 21:18:36 2014 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 11 Nov 2014 21:18:36 +0000 Subject: Help with last_login plugin In-Reply-To: <005501cffdf1$db4595b0$91d0c110$@jorge@decimal.pt> References: <005501cffdf1$db4595b0$91d0c110$@jorge@decimal.pt> Message-ID: <54627D2C.90609@localhost.localdomain.org> On 11/11/2014 08:55 PM, Jorge Bastos wrote: > Hi, > > > > I want to have a datetime column in my users table, to have the value > updated every time my users login via POP3/IMAP. > > Last_login is new but I don't see any query example, or field names or so. > > > > Does anyone can give an help on this? > This topic was discussed a few days ago. See http://dovecot.org/list/dovecot/2014-October/098300.html Regards, Pascal -- The trapper recommends today: cafefeed.1431522 at localdomain.org From jtam.home at gmail.com Wed Nov 12 02:33:22 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Tue, 11 Nov 2014 18:33:22 -0800 (PST) Subject: Virtual User Authentication In-Reply-To: References: Message-ID: Jerry writes: > Personally, I am not a fan of this multiple file configuration scenario. Then don't use it. Concatenate all the included files together and throw out the settings you don't need. My (single) config file is ~340 lines, 2/3 of which are comments. Joseph am From dovecot at the-leveys.us Wed Nov 12 03:19:08 2014 From: dovecot at the-leveys.us (Don Levey) Date: Wed, 12 Nov 2014 03:19:08 -0000 Subject: Query: SELECT "INBOX" permission denied Message-ID: <27a1d92ae534be0c673366db8a7d8974.squirrel@www.the-leveys.us> Yesterday I was forced to migrate servers due to a hardware failure. I have been able to bring up my mail server, and set up Squirrelmail and Dovecot. I am able to access (via Squirrelmail) all users' mail except one - which happens to be my wife's, so it would be really helpful if I could get that working too. I am able to log in, but see the following message in the main pane: ERROR: Could not complete request. Query: SELECT "INBOX" Reason Given: [NOPERM] Permission denied I have see similar errors in my searches, but they all relate to *creating* files (inbox, sent, etc). The files do already exist here, they used to work in the same directory structure on the old server configuration, and I can see no relative difference between this user's files/permissions and working users' files/permissions. Suggestions are welcome; thanks in advance, -Don Here are the vitals: Version: 2.2.10 OS: CentOS 7 # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.9.3.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Core) ext3 auth_mechanisms = plain login disable_plaintext_auth = no log_path = /var/log/dovecot.log mail_location = mbox:/home/%u/~mail:INBOX=/var/spool/mail/%u mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } ssl = required ssl_cert = I implemented a couple of larger director changes today. These could still be changed a bit if somebody has any ideas. http://hg.dovecot.org/dovecot-2.2/rev/b9df3d654710 Support for director "tags", which allow creating multiple Dovecot backend groups using a single director ring. So you can mark different backend hosts with @tag names and then have passdb lookup return the wanted tag for each user. Note that because director works using user hashes, two users with the same hash can't be in different backend groups. Use "doveadm director map -u user at domain" to see which hash is used by the user at domain. http://hg.dovecot.org/dovecot-2.2/rev/b9df3d654710 Added director_consistent_hashing=yes setting so users don't move around much when backend servers are added/removed. Ideally at some point this setting will be removed and directors will automatically switch to it when all the directors in the ring support it. From tss at iki.fi Wed Nov 12 05:20:43 2014 From: tss at iki.fi (Timo Sirainen) Date: Tue, 11 Nov 2014 21:20:43 -0800 Subject: Disabling SSLv3 protocol In-Reply-To: <20141109162236.GA31172@jelmer.uk> References: <35F49C5B-94AD-43C2-88B5-ECA68D216254@iki.fi> <20141109162236.GA31172@jelmer.uk> Message-ID: <96A62F72-5267-44A1-BC0C-0A33683F9156@iki.fi> On 09 Nov 2014, at 08:22, Jelmer Vernooij wrote: > On Tue, Oct 14, 2014 at 12:25:32PM -0700, Timo Sirainen wrote: >> Since people are now talking about the SSLv3 security hole and how to disable it, here's a thread where you can talk about that. In Dovecot v2.1+ you can disable SSLv3 by setting: >> >> ssl_protocols = !SSLv2 !SSLv3 >> >> In older versions you'd have to patch the source code. Attached a patch against v2.0. > Do you have any plans to make this (SSLv3 disabled) the new default for > ssl_protocols? I'm considering doing this in the Debian package. Yeah, I'm planning to do it for Dovecot v2.3 at least. I'm not sure if I should change it to v2.2.x. I guess I could, because apparently there aren't any commonly used clients that support only SSLv3. But then again I don't think SSLv3 is especially exploitable with IMAP/POP3 protocols. From skdovecot at smail.inf.fh-brs.de Wed Nov 12 06:20:15 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 12 Nov 2014 07:20:15 +0100 (CET) Subject: Query: SELECT "INBOX" permission denied In-Reply-To: <27a1d92ae534be0c673366db8a7d8974.squirrel@www.the-leveys.us> References: <27a1d92ae534be0c673366db8a7d8974.squirrel@www.the-leveys.us> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 12 Nov 2014, Don Levey wrote: > Yesterday I was forced to migrate servers due to a hardware failure. I > have been able to bring up my mail server, and set up Squirrelmail and > Dovecot. I am able to access (via Squirrelmail) all users' mail except > one - which happens to be my wife's, so it would be really helpful if I > could get that working too. I am able to log in, but see the following > message in the main pane: > > ERROR: Could not complete request. > Query: SELECT "INBOX" > Reason Given: [NOPERM] Permission denied Post the logs from Dovecot, too. > I have see similar errors in my searches, but they all relate to > *creating* files (inbox, sent, etc). The files do already exist here, > they used to work in the same directory structure on the old server > configuration, and I can see no relative difference between this user's > files/permissions and working users' files/permissions. > > Suggestions are welcome; thanks in advance, > -Don > > Here are the vitals: > > Version: 2.2.10 > OS: CentOS 7 > > # 2.2.10: /etc/dovecot/dovecot.conf > # OS: Linux 3.10.0-123.9.3.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 > (Core) ext3 > auth_mechanisms = plain login > disable_plaintext_auth = no > log_path = /var/log/dovecot.log > mail_location = mbox:/home/%u/~mail:INBOX=/var/spool/mail/%u > mbox_write_locks = fcntl > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > ssl = required > ssl_cert = ssl_key = userdb { > driver = passwd > } > > > [root at dungeon sandra]# ls -la /var/spool/mail > total 2097152 > drwxrwxr-x. 2 root mail 4096 Nov 11 22:10 . > drwxr-xr-x. 16 root root 4096 Nov 11 14:21 .. > -rw-rw----. 1 sandra mail 625547161 Nov 11 21:32 sandra > -rw-rw----. 1 spamtrap_000 mail 26773946 Nov 11 20:53 spamtrap_000 > -rw-rw----. 1 spamtrap_001 mail 3092961 Nov 11 22:10 spamtrap_001 > -rw-rw----. 1 spamtrap_002 mail 8778257 Nov 11 00:03 spamtrap_002 > -rw-rw----. 1 spamtrap_003 mail 63579856 Nov 11 21:21 spamtrap_003 > > Her directory: > [root at dungeon .imap]# ls -la > total 100 > drw-------. 25 sandra sandra 4096 Jul 1 2008 . > drwx------. 4 sandra sandra 4096 Nov 10 10:48 .. > drwx------. 2 sandra sandra 4096 Jul 1 2008 bday > drwx------. 2 sandra sandra 4096 Jul 1 2008 beads > drwx------. 2 sandra sandra 4096 Jul 1 2008 books > drwx------. 2 sandra sandra 4096 Jul 1 2008 Drafts > drwx------. 2 sandra sandra 4096 Jul 1 2008 ham > drwx------. 2 sandra sandra 4096 Nov 11 21:39 INBOX > drwx------. 2 sandra sandra 4096 Jul 1 2008 Sent > drwx------. 2 sandra sandra 4096 Jul 1 2008 spam > drwx------. 2 sandra sandra 4096 Jul 1 2008 Trash > drwx------. 2 sandra sandra 4096 Jul 1 2008 Work > > A working directory: > [root at dungeon .imap]# ls -la > total 56 > drwx------. 14 spamtrap_003 spamtrap_003 4096 Oct 23 19:22 . > drwx------. 3 spamtrap_003 spamtrap_003 4096 Nov 10 09:15 .. > drwx------. 2 spamtrap_003 spamtrap_003 4096 Jun 8 08:40 Deleted Messages > drwx------. 2 spamtrap_003 spamtrap_003 4096 Aug 11 2011 Drafts > drwx------. 2 spamtrap_003 spamtrap_003 4096 Mar 18 2011 ham > drwx------. 2 spamtrap_003 spamtrap_003 4096 Nov 11 21:21 INBOX > drwx------. 2 spamtrap_003 spamtrap_003 4096 Oct 18 2013 Sent > drwx------. 2 spamtrap_003 spamtrap_003 4096 Aug 28 09:55 Sent Messages > drwx------. 2 spamtrap_003 spamtrap_003 4096 Oct 6 20:11 spam > drwx------. 2 spamtrap_003 spamtrap_003 4096 Nov 11 21:21 Trash > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGL8H3z1H7kL/d9rAQLVSggAsAzg0Qsiyw1Y97gIw3FyGrLLn2PYQd30 9yzHBw60r5CYbUKrWDm4GwMy5HTfFqfGlz0OQ+QaXIm960a8NNGUmkUlHCXoQdTf R1k1BX8RVSlFGcm1pQkUuZEOvjUy0kIjOh4vU48iWiZJD0fRSLE8zIPbRQcff9x+ MU/+NvgJ2iGXSPlAnT5XKiT++l7k6i4LpDvcGFPXd4Q/fXXMyabpTuZTLjGnqtCu vXqAGsBsSgXt5jsgJsB5bfO/fZh8llcNMAlrFFdcLtJAYrY6FvQIEPU5tUFqXQTS O54/K9KcyjelFU1zGoIiqRylojZrtV/GHi1ZKRyFBRpwOI9Cr0XAeQ== =TP5S -----END PGP SIGNATURE----- From sca at andreasschulze.de Wed Nov 12 07:54:19 2014 From: sca at andreasschulze.de (A. Schulze) Date: Wed, 12 Nov 2014 08:54:19 +0100 Subject: Disabling SSLv3 protocol In-Reply-To: <96A62F72-5267-44A1-BC0C-0A33683F9156@iki.fi> References: <35F49C5B-94AD-43C2-88B5-ECA68D216254@iki.fi> <20141109162236.GA31172@jelmer.uk> <96A62F72-5267-44A1-BC0C-0A33683F9156@iki.fi> Message-ID: <20141112085419.Horde.awEFVIWTUB5myVOdx87X9Q6@horde.andreasschulze.de> Timo Sirainen: > ... I don't think SSLv3 is especially exploitable with IMAP/POP3 protocols. It's well known SSLv3 *is* a problem for HTTP, we assume, it isn't for SMTP/POP/IMAP Administrators, also responsible for putting new paper in the printer, may not have the skill to distinguish in that detail. They see the panic in HTTP and see no action on other Application. What do they learn? On the other side: If we consequently disable the broken protocol they /may/ see "Ah, SSLv3 REALLY seem to be broken, the experts disable it here and there and over there, too" The attention is much higher. Andreas From p.bollen at vimec.nl Wed Nov 12 08:25:27 2014 From: p.bollen at vimec.nl (Pim Bollen) Date: Wed, 12 Nov 2014 09:25:27 +0100 Subject: Query: SELECT "INBOX" permission denied In-Reply-To: <27a1d92ae534be0c673366db8a7d8974.squirrel@www.the-leveys.us> References: <27a1d92ae534be0c673366db8a7d8974.squirrel@www.the-leveys.us> Message-ID: <1897314.J8kl7rRhIS@pcpim2.vimec.nl> On Wednesday 12 November 2014 03:19:08 Don Levey wrote: > > Her directory: > [root at dungeon .imap]# ls -la > total 100 > drw-------. 25 sandra sandra 4096 Jul 1 2008 . I guess you are missing the executable bit on her directory. -- Pim Bollen From dovecot at the-leveys.us Wed Nov 12 11:44:47 2014 From: dovecot at the-leveys.us (Don Levey) Date: Wed, 12 Nov 2014 06:44:47 -0500 Subject: Query: SELECT "INBOX" permission denied In-Reply-To: References: <27a1d92ae534be0c673366db8a7d8974.squirrel@www.the-leveys.us> Message-ID: <9999a682b8656a3209af9997b76463b1.squirrel@www.the-leveys.us> On Wed, November 12, 2014 1:20 am, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 12 Nov 2014, Don Levey wrote: > >> Yesterday I was forced to migrate servers due to a hardware failure. I >> have been able to bring up my mail server, and set up Squirrelmail and >> Dovecot. I am able to access (via Squirrelmail) all users' mail except >> one - which happens to be my wife's, so it would be really helpful if I >> could get that working too. I am able to log in, but see the following >> message in the main pane: >> >> ERROR: Could not complete request. >> Query: SELECT "INBOX" >> Reason Given: [NOPERM] Permission denied > > Post the logs from Dovecot, too. > Here it is - I restarted the daemon and then immediately tried to log in under her name: Nov 12 06:42:36 master: Info: Dovecot v2.2.10 starting up for imap, pop3, lmtp (core dumps disabled) Nov 12 06:42:44 imap-login: Info: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=31188, secured, session= Nov 12 06:42:44 imap(sandra): Info: Disconnected: Logged out in=44 out=831 Nov 12 06:42:44 imap-login: Info: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=31199, secured, session= Nov 12 06:42:44 imap(sandra): Info: Disconnected: Logged out in=2541 out=9856 Nov 12 06:42:44 imap-login: Info: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=31204, secured, session= Nov 12 06:42:44 imap(sandra): Info: Connection closed in=21 out=391 I'm clearly not an expert, but I'm not seeing anything that would be immediately suspicious. Thanks! -Don From sakaki at oftech.co.jp Wed Nov 12 12:03:14 2014 From: sakaki at oftech.co.jp (=?Shift_JIS?B?g0mBW4NHg3SBRYNlg2KDToFAjeU=?=) Date: Wed, 12 Nov 2014 21:03:14 +0900 Subject: Some of the mail on the server to duplicate. In-Reply-To: <5458B2A2.4040701@oftech.co.jp> References: <5458B2A2.4040701@oftech.co.jp> Message-ID: <54634C82.9040906@oftech.co.jp> Hi Do you this situation can be solved by changing the settings? On 2014/11/04 20:04, $B%*!<%(%U!&%F%C%/!!:g(B wrote: > I am using dovecot in mbox format. > I'm going to set to leave the 30-day mail to the server with the mail > client. > > The other day, some of email was received duplicate When receive mail. > Mail does not arrive between Nov 4 11:09:03 and Nov 4 11:13:25. > There should be the 259 (274-15) messages at the time of Nov 4 11:09:03 > on the server from the log. > But there were the 280 messages at the time of Nov 4 11:13:25 and 21 > messages was a duplicate. > > Do you know the cause? > > /var/log/maillog > -------------------------------------------------- > Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): Loading modules from > directory: /usr/lib/dovecot/pop3 > Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): Module loaded: > /usr/lib/dovecot/pop3/drac.so > Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): Effective uid=1000, gid=1000 > Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): [drac]: login by xxxx from > 153.219.140.xxx > Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): mbox: > data=/home/xxx/mail:INBOX=/var/spool/mail/xxx > Nov 4 11:08:14 xxxxxxxx dovecot: POP3(xxxx): mbox: root=/home/xxx/mail, > index=/home/xxx/mail, inbox=/var/spool/mail/xxx > Nov 4 11:09:03 xxxxxxxx dovecot: POP3(xxxx): Disconnected: Logged out > top=0/0, retr=32/209178, del=15/274, size=3554823 > Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): Loading modules from > directory: /usr/lib/dovecot/pop3 > Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): Module loaded: > /usr/lib/dovecot/pop3/drac.so > Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): Effective uid=1000, gid=1000 > Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): [drac]: login by xxxx from > 153.219.140.xxx > Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): mbox: > data=/home/xxx/mail:INBOX=/var/spool/mail/xxx > Nov 4 11:13:25 xxxxxxxx dovecot: POP3(xxxx): mbox: root=/home/xxx/mail, > index=/home/xxx/mail, inbox=/var/spool/mail/xxx > Nov 4 11:13:27 xxxxxxxx dovecot: POP3(xxxx): Disconnected: Logged out > top=0/0, retr=42/279598, del=0/280, size=3346231 > -------------------------------------------------- > > dovecot -n > -------------------------------------------------- > # 1.0.7: /etc/dovecot.conf > protocols: imaps pop3s > ssl_ca_file: /etc/mail/certs/mail.xxxxxxxx.co.jp.cacert.pem > ssl_cert_file: /etc/mail/certs/mail.xxxxxxxx.co.jp.crt > ssl_key_file: /etc/mail/certs/mail.xxxxxxxx.co.jp.key > ssl_cipher_list: ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW > login_dir: /var/run/dovecot/login > login_executable(default): /usr/libexec/dovecot/imap-login > login_executable(imap): /usr/libexec/dovecot/imap-login > login_executable(pop3): /usr/libexec/dovecot/pop3-login > login_greeting: ready. > mail_access_groups: mail > mail_privileged_group: mail > mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u > mail_debug: yes > mbox_write_locks: dotlock fcntl > mail_executable(default): /usr/libexec/dovecot/imap > mail_executable(imap): /usr/libexec/dovecot/imap > mail_executable(pop3): /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/pop3 > mail_plugins(default): drac mail_log > mail_plugins(imap): drac mail_log > mail_plugins(pop3): drac > mail_plugin_dir(default): /usr/lib/dovecot/imap > mail_plugin_dir(imap): /usr/lib/dovecot/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 > mail_log_max_lines_per_sec: 0 > pop3_reuse_xuidl(default): no > pop3_reuse_xuidl(imap): no > pop3_reuse_xuidl(pop3): yes > pop3_lock_session(default): no > pop3_lock_session(imap): no > pop3_lock_session(pop3): yes > auth default: > passdb: > driver: pam > userdb: > driver: passwd > plugin: > drac_host: xxx.xxx.xxx.xxx > -------------------------------------------------- > > uname -a > -------------------------------------------------- > Linux xxxxxxxx.co.jp 2.6.18-371.9.1.el5PAE #1 SMP Tue Jun 10 19:05:56 > EDT 2014 i686 i686 i386 GNU/Linux > -------------------------------------------------- > From dovecot at the-leveys.us Wed Nov 12 12:24:11 2014 From: dovecot at the-leveys.us (Don Levey) Date: Wed, 12 Nov 2014 07:24:11 -0500 Subject: Query: SELECT "INBOX" permission denied In-Reply-To: <1897314.J8kl7rRhIS@pcpim2.vimec.nl> References: <27a1d92ae534be0c673366db8a7d8974.squirrel@www.the-leveys.us> <1897314.J8kl7rRhIS@pcpim2.vimec.nl> Message-ID: <64770d0ae43bbb31d185cb4a9c734782.squirrel@www.the-leveys.us> On Wed, November 12, 2014 3:25 am, Pim Bollen wrote: > On Wednesday 12 November 2014 03:19:08 Don Levey wrote: >> >> Her directory: >> [root at dungeon .imap]# ls -la >> total 100 >> drw-------. 25 sandra sandra 4096 Jul 1 2008 . > > I guess you are missing the executable bit on her directory. > Pim, I didn't catch that. That appears to have done it - thank you! -Don From alessio at skye.it Wed Nov 12 13:32:56 2014 From: alessio at skye.it (Alessio Cecchi) Date: Wed, 12 Nov 2014 14:32:56 +0100 Subject: Dovecot 2.2.15 imap crash/panic (with core dumped) Message-ID: <54636188.9000805@skye.it> Hi, after upgrade to Dovecot >= 2.2.14rc1 sometimes I found this error/crash in the log (never happened with 2.2.13), I'm the only one? Can be fix? Nov 11 17:44:26 imap(info at myemail.com): Error: Corrupted transaction log file /home/domains/myemail.com/info/Maildir/dovecot.index.log seq 190: Invalid transaction log size (32756 vs 32772): /home/domains/myemail.com/info/Maildir/dovecot.index.log (sync_offset=32756) Nov 11 17:44:26 imap(info at myemail.com): Error: Log synchronization error at seq=0,offset=0 for /home/domains/myemail.com/info/Maildir/dovecot.index: Append with UID 10777, but next_uid = 10778 Nov 11 17:44:26 imap(info at myemail.com): Error: /home/domains/myemail.com/info/Maildir/dovecot.index view syncing failed to apply changes Nov 11 17:44:26 imap(info at myemail.com): Panic: file index-sync.c: line 265 (index_mailbox_sync_next_expunge): assertion failed: (range->seq2 <= ctx->messages_count) Nov 11 17:44:26 imap(info at myemail.com): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x75e1a) [0x7fbbd213ae1a] -> /usr/lib/dovecot/libdovecot.so.0(+0x75e96) [0x7fbbd213ae96] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7fbbd20ec2bf] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xb219c) [0x7fbbd245719c] -> dovecot/imap(imap_sync_more+0xc3) [0x41fd13] -> dovecot/imap() [0x420437] -> dovecot/imap(cmd_sync_delayed+0x209) [0x4208f9] -> dovecot/imap(client_handle_input+0x1ed) [0x4178dd] -> dovecot/imap(client_input+0x6f) [0x417b9f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x5b) [0x7fbbd214c0db] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xaf) [0x7fbbd214d27f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7fbbd214c169] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fbbd214c1f8] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fbbd20f1193] -> dovecot/imap(main+0x2b0) [0x4210d0] -> /lib/libc.so.6(__libc_start_main+0xfd) [0x7fbbd1d81cad] -> dovecot/imap() [0x40bea9] Nov 11 17:44:26 imap(info at myemail.com): Fatal: master: service(imap): child 13586 killed with signal 6 (core dumped) # gdb /usr/libexec/dovecot/imap /home/domains/myemail.com/info/core Reading symbols from /usr/libexec/dovecot/imap...done. warning: Can't read pathname for load map: Input/output error. Reading symbols from /usr/lib/dovecot/libdovecot-storage.so.0...done. Loaded symbols for /usr/lib/dovecot/libdovecot-storage.so.0 Reading symbols from /usr/lib/dovecot/libdovecot.so.0...done. Loaded symbols for /usr/lib/dovecot/libdovecot.so.0 Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /usr/lib/dovecot/lib01_acl_plugin.so...done. Loaded symbols for /usr/lib/dovecot/lib01_acl_plugin.so Reading symbols from /usr/lib/dovecot/lib02_imap_acl_plugin.so...done. Loaded symbols for /usr/lib/dovecot/lib02_imap_acl_plugin.so Reading symbols from /usr/lib/dovecot/lib10_quota_plugin.so...done. Loaded symbols for /usr/lib/dovecot/lib10_quota_plugin.so Reading symbols from /usr/lib/dovecot/lib11_imap_quota_plugin.so...done. Loaded symbols for /usr/lib/dovecot/lib11_imap_quota_plugin.so Reading symbols from /usr/lib/dovecot/lib20_expire_plugin.so...done. Loaded symbols for /usr/lib/dovecot/lib20_expire_plugin.so Reading symbols from /lib/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libgcc_s.so.1 Core was generated by `dovecot/imap'. Program terminated with signal 6, Aborted. #0 0x00007fbbd1d94ed5 in raise () from /lib/libc.so.6 (gdb) bt full #0 0x00007fbbd1d94ed5 in raise () from /lib/libc.so.6 No symbol table info available. #1 0x00007fbbd1d97ce0 in abort () from /lib/libc.so.6 No symbol table info available. #2 0x00007fbbd213ae10 in default_fatal_finish (type=, status=0) at failures.c:202 backtrace = 0x13a71d8 "/usr/lib/dovecot/libdovecot.so.0(+0x75e1a) [0x7fbbd213ae1a] -> /usr/lib/dovecot/libdovecot.so.0(+0x75e96) [0x7fbbd213ae96] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7fbbd20ec2bf] -> /usr/lib/d"... #3 0x00007fbbd213ae96 in i_internal_fatal_handler (ctx=0x7fff8637e780, format=, args=) at failures.c:666 status = 0 #4 0x00007fbbd20ec2bf in i_panic (format=0x3512
) at failures.c:276 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0, timestamp_usecs = 0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff8637e860, reg_save_area = 0x7fff8637e7a0}} #5 0x00007fbbd245719c in index_mailbox_sync_next_expunge (ctx=0x142b410, sync_rec_r=) at index-sync.c:265 range = 0x13cdfd0 __FUNCTION__ = "index_mailbox_sync_next_expunge" #6 0x000000000041fd13 in imap_sync_more (ctx=0x13c3d80) at imap-sync.c:536 str = 0x13a7050 ret = __FUNCTION__ = "imap_sync_more" #7 0x0000000000420437 in cmd_sync_continue (sync_cmd=0x1431700) at imap-sync.c:658 cmd = prev = client = 0x1430b00 ctx = 0x13c3d80 ret = __FUNCTION__ = "cmd_sync_continue" #8 0x00000000004208f9 in cmd_sync_client (client=) at imap-sync.c:748 ctx = 0x0 flags = client = 0x1430b00 imap_flags = no_newmail = #9 cmd_sync_delayed_real (client=) at imap-sync.c:878 cmd = #10 cmd_sync_delayed (client=) at imap-sync.c:886 _data_stack_cur_id = 3 ret = #11 0x00000000004178dd in client_handle_input (client=0x1430b00) at imap-client.c:908 ret = true remove_io = false handled_commands = true __FUNCTION__ = "client_handle_input" #12 0x0000000000417b9f in client_input (client=0x1430b00) at imap-client.c:935 cmd = output = 0x1431540 bytes = __FUNCTION__ = "client_input" #13 0x00007fbbd214c0db in io_loop_call_io (io=0x1431610) at ioloop.c:498 ioloop = 0x13af730 t_id = 2 __FUNCTION__ = "io_loop_call_io" ---Type to continue, or q to quit--- #14 0x00007fbbd214d27f in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 ctx = 0x13b03c0 event = 0x13b1230 list = 0x13d3630 io = 0x3512 tv = {tv_sec = 1799, tv_usec = 999656} msecs = ret = i = 0 call = false __FUNCTION__ = "io_loop_handler_run_internal" #15 0x00007fbbd214c169 in io_loop_handler_run (ioloop=0x3512) at ioloop.c:545 No locals. #16 0x00007fbbd214c1f8 in io_loop_run (ioloop=0x13af730) at ioloop.c:522 __FUNCTION__ = "io_loop_run" #17 0x00007fbbd20f1193 in master_service_run (service=0x13af5c0, callback=0x3512) at master-service.c:566 No locals. #18 0x00000000004210d0 in main (argc=1, argv=0x13af390) at main.c:412 set_roots = {0x429200, 0x0} login_set = {auth_socket_path = 0x13a7050 "\210p:\001", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x4212d0 , failure_callback = 0x421270 , request_auth_token = 1} service_flags = storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT username = 0x0 c = (gdb) # 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.10 auth_cache_negative_ttl = 10 mins auth_cache_size = 8 M auth_cache_ttl = 20 mins auth_worker_max_count = 50 deliver_log_format = msgid=%m, from=%f, subject="%s": %$ dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no dotlock_use_excl = no first_valid_gid = 89 first_valid_uid = 89 imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags imap_idle_notify_interval = 29 mins imap_logout_format = in=%i out=%o session=<%{session}> last_valid_gid = 89 last_valid_uid = 89 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * mail_fsync = always mail_location = maildir:~/Maildir mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = quota acl expire mailbox_list_index = yes maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate vnd.dovecot.duplicate mmap_disable = yes namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%n/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { args = username_format=%Ld /etc/dovecot/denylogin.txt deny = yes driver = passwd-file } passdb { args = cache_key=%s%u webmail=192.168.1.2 driver = vpopmail } plugin { acl = vfile acl_shared_dict = proxy::acl expire = Trash expire2 = Spam expire_dict = proxy::expire quota = maildir:UserQuota quota2 = dict:Quota Usage::noenforcing:proxy::sqlquota quota_grace = 10M quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_before = /etc/dovecot/sieve/before.sieve sieve_dir = ~/sieve sieve_extensions = +vnd.dovecot.duplicate -vacation } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_fast_size_lookups = yes pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o, session=<%{session}> protocols = imap pop3 sieve sendmail_path = /var/qmail/bin/sendmail service auth { client_limit = 6500 unix_listener auth-userdb { group = vchkpw mode = 0660 user = vpopmail } } service dict { process_limit = 500 unix_listener dict { group = vchkpw mode = 0660 user = vpopmail } } service imap-login { process_min_avail = 4 service_count = 0 } service imap { process_limit = 5000 service_count = 100 } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { service_count = 0 } service pop3 { process_limit = 1023 service_count = 100 } service quota-warning { executable = script /etc/dovecot/quota-warning.sh unix_listener quota-warning { user = vpopmail } user = vpopmail } ssl_cert = -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 See the end of the message for a possible delete of a closed fd from epoll() problem. Every now and then I get a Panic after a successfull LMTP delivery: 2014-11-12 13:25:31 lmtp(20890): Info: Connect from local 2014-11-12 13:25:32 lmtp(20890): Info: Disconnect from local: Connection closed (in reset) 2014-11-12 13:25:34 lmtp(20890): Info: Connect from local 2014-11-12 13:25:35 lmtp(20890): Info: Disconnect from local: Connection closed (in reset) 2014-11-12 13:26:11 lmtp(20890): Info: Connect from local 2014-11-12 13:26:12 lmtp(20890): Info: Disconnect from local: Connection closed (in reset) 2014-11-12 13:26:12 lmtp(20890): Info: Connect from local 2014-11-12 13:26:13 lmtp(20890): Info: Disconnect from local: Connection closed (in reset) 2014-11-12 13:26:13 lmtp(20890): Info: Connect from local 2014-11-12 13:26:14 lmtp(20890): Info: Disconnect from local: Connection closed (in reset) 2014-11-12 13:26:15 lmtp(20890): Info: Connect from local 2014-11-12 13:26:15 lmtp(20890): Info: Disconnect from local: Connection closed (in reset) 2014-11-12 13:27:05 lmtp(20890): Info: Connect from local 2014-11-12 13:27:06 lmtp(20890): Info: Disconnect from local: Connection closed (in reset) 2014-11-12 13:27:07 lmtp(20890): Info: Connect from local 2014-11-12 13:27:07 lmtp(20890): Info: Disconnect from local: Connection closed (in reset) 2014-11-12 13:27:08 lmtp(20890): Info: Connect from local 2014-11-12 13:27:08 lmtp(20890): Info: Disconnect from local: Connection closed (in reset) 2014-11-12 13:27:18 lmtp(20890): Info: Connect from local 2014-11-12 13:27:18 lmtp(20890): Info: Disconnect from local: Successful quit 2014-11-12 13:27:25 lmtp(20890): Info: Connect from local 2014-11-12 13:27:25 lmtp(20890): Info: Disconnect from local: Successful quit lmtp(18385): Panic: epoll_ctl(del, 11) failed: Bad file descriptor Error: Raw backtrace: /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(+0x934c6) [0x7fafdc2c04c6] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(+0x949d0) [0x7fafdc2c19d0] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fafdc2c0879] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(io_loop_handle_remove+0x129) [0x7fafdc2dcc85] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(+0xacf16) [0x7fafdc2d9f16] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(io_remove+0x1d) [0x7fafdc2d9f5d] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(+0xbcd5c) [0x7fafdc2e9d5c] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(+0xbce13) [0x7fafdc2e9e13] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(io_stream_unref+0x7d) [0x7fafdc2cb30d] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(o_stream_unref+0x82) [0x7fafdc2e86ae] -> /usr/local/dovecot-2.2.15/lib/dovecot/libssl_iostream_openssl.so(+0x5b93) [0! x7fafdb69cb93] -> /usr/local/dovecot-2.2.15/lib/dovecot/libssl_iostream_openssl.so(+0x5ce9) [0x7fafdb69cce9] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(ssl_iostream_unref+0x36) [0x7fafdc2b8bb9] -> /usr/local/dovecot-2.2.15/lib/dovecot/libssl_iostream_openssl.so(+0x911a) [0x7fafdb6a011a] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(io_stream_unref+0x8e) [0x7fafdc2cb31e] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(o_stream_unref+0x82) [0x7fafdc2e86ae] -> dovecot2.2/lmtp [idling](client_input_handle+0x9d) [0x40560d] -> dovecot2.2/lmtp [idling]() [0x405637] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(io_loop_call_io+0xcd) [0x7fafdc2dae5b] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x1e4) [0x7fafdc2dcec0] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x18) [0x7fafdc2daff6] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(io_loop_run+0xaf) [0x7fafd! c2daf4f] -> /usr/local/dovecot-2.2.15/lib/dovecot/libdovecot.so.0(master_service_run+0x2e) [0x7fafdc25b1ad] -> dovecot2.2/lmtp [idling](main+0x146) [0x4050d6] -> /lib/libc.so.6(__libc_start_main+0xfd) [0x7fafdbee9c8d] -> dovecot2.2/lmtp [idling]() [0x404db9] 2014-11-12 12:46:34 lmtp(18385): Fatal: master: service(lmtp): child 18385 killed with signal 6 (core dumped) Core was generated by `dovecot2.2/lmtp'. Program terminated with signal 6, Aborted. #0 0x00007fafdbefd1b5 in raise () from /lib/libc.so.6 (gdb) bt #0 0x00007fafdbefd1b5 in raise () from /lib/libc.so.6 #1 0x00007fafdbefffc0 in abort () from /lib/libc.so.6 #2 0x00007fafdc2c0515 in default_fatal_finish (type=LOG_TYPE_PANIC, status=0) at failures.c:202 #3 0x00007fafdc2c19d0 in i_internal_fatal_handler (ctx=0x7fff64e1b960, format=0x7fafdc3109fc "%s", args=0x7fff64e1b940) at failures.c:666 #4 0x00007fafdc2c0879 in i_panic (format=0x7fafdc3109fc "%s") at failures.c:276 #5 0x00007fafdc2dcc85 in io_loop_handle_remove (io=0x2093920, closed=false) at ioloop-epoll.c:150 #6 0x00007fafdc2d9f16 in io_remove_full (_io=0x205f078, closed=false) at ioloop.c:143 #7 0x00007fafdc2d9f5d in io_remove (io=0x205f078) at ioloop.c:157 #8 0x00007fafdc2e9d5c in stream_closed (fstream=0x205ef90) at ostream-file.c:57 #9 0x00007fafdc2e9e13 in o_stream_file_close (stream=0x205ef90, close_parent=false) at ostream-file.c:78 #10 0x00007fafdc2cb30d in io_stream_unref (stream=0x205ef90) at iostream.c:41 #11 0x00007fafdc2e86ae in o_stream_unref (_stream=0x2079308) at ostream.c:88 #12 0x00007fafdb69cb93 in openssl_iostream_free (ssl_io=0x20792e0) at iostream-openssl.c:273 #13 0x00007fafdb69cce9 in openssl_iostream_unref (ssl_io=0x20792e0) at iostream-openssl.c:289 #14 0x00007fafdc2b8bb9 in ssl_iostream_unref (_ssl_io=0x2079670) at iostream-ssl.c:126 #15 0x00007fafdb6a011a in o_stream_ssl_destroy (stream=0x2079590) at ostream-openssl.c:28 #16 0x00007fafdc2cb31e in io_stream_unref (stream=0x2079590) at iostream.c:42 #17 0x00007fafdc2e86ae in o_stream_unref (_stream=0x7fff64e1bcd8) at ostream.c:88 #18 0x000000000040560d in client_input_handle (client=0x205e160) at client.c:139 #19 0x0000000000405637 in client_input (client=0x205e160) at client.c:146 #20 0x00007fafdc2dae5b in io_loop_call_io (io=0x20c3c50) at ioloop.c:501 #21 0x00007fafdc2dcec0 in io_loop_handler_run_internal (ioloop=0x2039720) at ioloop-epoll.c:220 #22 0x00007fafdc2daff6 in io_loop_handler_run (ioloop=0x2039720) at ioloop.c:548 #23 0x00007fafdc2daf4f in io_loop_run (ioloop=0x2039720) at ioloop.c:525 #24 0x00007fafdc25b1ad in master_service_run (service=0x20395b0, callback=0x404e74 ) at master-service.c:566 #25 0x00000000004050d6 in main (argc=1, argv=0x2039390) at main.c:123 strace shows this: read(11, "\27\3\1\0 q\r\252\3551\21\237l\33\330\33\303\340\306l\334k\0360p\303)HF\331\234g"..., 1261) = 37 read(11, 0xf09908, 1224) = -1 EAGAIN (Resource temporarily unavailable) epoll_ctl(10, EPOLL_CTL_MOD, 11, {EPOLLIN|EPOLLPRI|EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=15754432, u64=15754432}}) = 0 epoll_ctl(10, EPOLL_CTL_MOD, 11, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=15754432, u64=15754432}}) = 0 write(11, "\27\3\1\0 \204\375\373!\253\263n\204\274duj/\n\202\236\373\342\303[\22\17\264\10\23\346\225"..., 90) = 90 epoll_ctl(10, EPOLL_CTL_MOD, 11, {EPOLLIN|EPOLLPRI|EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=15754432, u64=15754432}}) = 0 write(2, "\1\01028256 prefix=lmtp(28256): \n", 29) = 29 write(2, "\1\00228256 Disconnect from local: S"..., 47) = 47 epoll_ctl(10, EPOLL_CTL_MOD, 11, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=15754432, u64=15754432}}) = 0 epoll_ctl(10, EPOLL_CTL_MOD, 11, {EPOLLIN|EPOLLPRI|EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=15754432, u64=15754432}}) = 0 epoll_ctl(10, EPOLL_CTL_MOD, 11, {EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=15754432, u64=15754432}}) = 0 epoll_ctl(10, EPOLL_CTL_DEL, 11, {0, {u32=15754432, u64=15754432}}) = 0 write(11, "\25\3\1\0 \232h\200\203\3\350\34\265\1\305\6\302\276\272BD \236\353\267 \1\24\16\327\16I"..., 37) = 37 epoll_ctl(10, EPOLL_CTL_ADD, 11, {EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=15754432, u64=15754432}}) = 0 close(11) = 0 write(5, "`n\0\0M\0\0\0\1\0\0\0", 12) = 12 epoll_ctl(10, EPOLL_CTL_DEL, 11, {0, {u32=15754432, u64=15754432}}) = -1 EBADF (Bad file descriptor) write(2, "\1\00628256 epoll_ctl(del, 11) faile"..., 55) = 55 lsof shows for fd's 10 and 11: lmtp 28256 root 10u 0000 0,9 0 548 anon_inode lmtp 28256 root 11u unix 0xffff880039336100 0t0 633297 /var/run/dovecot2.2/lmtp my man epoll says: Q6 Will closing a file descriptor cause it to be removed from all epoll sets automatically? A6 Yes, but be aware of the following point. A file descriptor is a reference to an open file description (see open(2)). Whenever a descriptor is duplicated via dup(2), dup2(2), fcntl(2) F_DUPFD, or fork(2), a new file descriptor referring to the same open file description is created. An open file description continues to exist until all file descriptors referring to it have been closed. A file descriptor is removed from an epoll set only after all the file descriptors referring to the underlying open file description have been closed (or before if the descriptor is explicitly removed using epoll_ctl() EPOLL_CTL_DEL). This means that even after a file descriptor that is part of an epoll set has been closed, events may be reported for that file descriptor if other file descriptors referring to the same under? lying file description remain open. So the close(11) should be enough to remove the fd 11 from epoll(10) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGNvlHz1H7kL/d9rAQKYcAf/dJKQGFqi8wZBwG1GevEc+DYJeZYGSUxB YOtMV+szUrVyl+vD0GZNyXKotO6/xn0gipeV1tLTZ1xIg7NIsVcJ2/DC1WENenrE YePmuuX/TQNpj7nOcQiATFtOtenqV9itwm5zrhTN1vzjyVbEnPwhVjsaOAnaUk9u HN/BdxTazDd7QTEQmJNMKJBFyg/Im0ktJpo/eAKuysv/mcZ9HOorTQhtocK7Goro YqOWacuEZVA0TUtD1hqDn9OfvEymp0oPoM8gEYON7lK4OQ9d6+hWMpkH5BG5x+7Z ZPmq9xUJW17tcbe2imKkXw+RBRNofgf5GyhMwNVoLhbOKa29tYWqXw== =yIiy -----END PGP SIGNATURE----- From nrittner at atlas-brb.net Wed Nov 12 17:01:11 2014 From: nrittner at atlas-brb.net (Nico Rittner) Date: Wed, 12 Nov 2014 18:01:11 +0100 Subject: imap-login segfaults when using post-login Message-ID: <54639257.7050001@atlas-brb.net> hello, i get these lines in syslog when using post-login within imap-login: imap-login: Fatal: master: service(imap-login): child 574 killed with signal 11 (core dumps disabled) imap[5523]: segfault at 14 ip b7556276 sp bfc1c940 error 4 in libdovecot.so.0.0.0[b7529000+d4000] these are the relevant sections i added: service imap-login { executable = imap post-login } service post-login { executable = script-login /path/to/exec } i also used /bin/true as /path/to/exec to exclude the used exec itself as the reason. same result. version is 2.2.13 on gentoo-linux. i wonder if this error is gentoo-specific (cflags/etc...) or a bug in dovecot. this behaviour can be reproduced on two other of my gentoo-machines. same configuration worked in previous versions, don't know the exact version number. thanks a lot for your suggestions. i'll also cc to the gentoo-people. nico -------------- next part -------------- # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.12.21-jason-bare-i686-1403781919 i686 # NOTE: Send doveconf -n output instead when asking for help. auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain login auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 30 secs default_internal_user = dovecot default_login_user = dovecot default_process_limit = 16 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins director_username_hash = %u disable_plaintext_auth = no dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 1000 first_valid_uid = 1000 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = name * imap_idle_notify_interval = 2 mins imap_logout_format = in=%i out=%o imap_max_line_length = 64 k imap_metadata = no imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_ssl = no imapc_ssl_verify = yes imapc_user = import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS info_log_path = instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/libexec/dovecot listen = * lmtp_address_translate = lmtp_proxy = no lmtp_rcpt_check_quota = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = syslog log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k login_trusted_networks = mail_access_groups = mail_always_cache_fields = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_attribute_dict = mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = yes mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = maildir:%h/mail:INBOX=%h/mail/incoming/.mail:LAYOUT=fs:DIRNAME=.mail mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib/dovecot mail_plugins = mail_prefetch_count = 0 mail_privileged_group = mail mail_save_crlf = no mail_shared_explicit_inbox = no mail_temp_dir = /tmp mail_temp_scan_interval = 1 weeks mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index = no maildir_broken_filename_sizes = no maildir_copy_with_hardlinks = yes maildir_empty_new = no maildir_stat_dirs = no maildir_very_dirty_syncs = no master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_md5 = apop3d mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_purge_preserve_alt = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = no namespace { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox archive { auto = subscribe driver = special_use = \Archive } mailbox drafts { auto = subscribe driver = special_use = \Drafts } mailbox junk { auto = subscribe driver = special_use = \Junk } mailbox sent { auto = subscribe driver = special_use = \Sent } mailbox trash { auto = subscribe driver = special_use = \Trash } prefix = separator = / subscriptions = yes type = private } namespace { disabled = no hidden = no ignore_on_failure = no inbox = no list = yes location = maildir:%h/mail/incoming:LAYOUT=fs:DIRNAME=.mail prefix = INBOX/ separator = / subscriptions = yes type = private } passdb { args = default_fields = deny = no driver = pam master = no name = override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never } pop3_client_workarounds = pop3_deleted_flag = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_duplicates = allow pop3_uidl_format = %08Xu%08Xv pop3c_host = pop3c_master_user = pop3c_password = pop3c_port = 110 pop3c_quick_received_date = no pop3c_rawlog_dir = pop3c_ssl = no pop3c_ssl_verify = yes pop3c_user = %u postmaster_address = protocols = imap quota_full_tempfail = no recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s replication_dsync_parameters = -d -N -l 30 -U replication_full_sync_interval = 1 days replication_max_conns = 10 replicator_host = replicator replicator_port = 0 sendmail_path = /usr/sbin/sendmail service aggregator { chroot = . client_limit = 0 drop_priv_before_exec = no executable = aggregator extra_groups = fifo_listener replication-notify-fifo { group = mode = 0600 user = } group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replication-notify { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 0 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = $default_internal_user } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0666 user = $default_internal_user } unix_listener login/login { group = mode = 0666 user = } unix_listener token-login/tokenlogin { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = . client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap post-login extra_groups = group = idle_kill = 0 inet_listener imap { address = port = 143 reuse_port = no ssl = no } inet_listener imaps { address = port = 993 reuse_port = no ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-login { chroot = token-login client_limit = 0 drop_priv_before_exec = no executable = imap-urlauth-login extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login unix_listener imap-urlauth { group = mode = 0666 user = } user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth-worker extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener imap-urlauth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service imap-urlauth { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener token-login/imap-urlauth { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service imap { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service indexer-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = indexer-worker extra_groups = group = idle_kill = 0 privileged_group = process_limit = 10 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service indexer { chroot = client_limit = 0 drop_priv_before_exec = no executable = indexer extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service ipc { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = ipc extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener ipc { group = mode = 0600 user = } unix_listener login/ipc-proxy { group = mode = 0600 user = $default_login_user } user = $default_internal_user vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 1 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log unix_listener log-errors { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 reuse_port = no ssl = no } inet_listener pop3s { address = port = 995 reuse_port = no ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = no executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service post-login { chroot = client_limit = 0 drop_priv_before_exec = no executable = script-login /bin/true extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = user = vsz_limit = 18446744073709551615 B } service replicator { chroot = client_limit = 0 drop_priv_before_exec = no executable = replicator extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replicator-doveadm { group = mode = 00 user = $default_internal_user } unix_listener replicator { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } unix_listener ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0600 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service tcpwrap { chroot = client_limit = 1 drop_priv_before_exec = no executable = tcpwrap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = user = $default_internal_user vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = ssl_cert = From absolutely_free at libero.it Wed Nov 12 21:37:55 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Wed, 12 Nov 2014 22:37:55 +0100 (CET) Subject: pop3/imap hanging processes Message-ID: <214654460.1720921415828275323.JavaMail.httpd@webmail-24.iol.local> Hi, I am using Dovecot 2.0.9 on CentOS server.I noticed that when I type: service dovecot stop, there are several imap / pop3 dovecot processes that remain active.Which parameter controls this?How can I have dovecot closing these processes more quickly?Thank you From eduardo at freedominterface.org Thu Nov 13 01:18:56 2014 From: eduardo at freedominterface.org (Eduardo Ramos) Date: Wed, 12 Nov 2014 23:18:56 -0200 Subject: pop3/imap hanging processes In-Reply-To: <214654460.1720921415828275323.JavaMail.httpd@webmail-24.iol.local> References: <214654460.1720921415828275323.JavaMail.httpd@webmail-24.iol.local> Message-ID: <54640700.40305@freedominterface.org> Take a look at ' shutdown_clients' parameter. http://wiki2.dovecot.org/RunningDovecot On 11/12/2014 07:37 PM, absolutely_free at libero.it wrote: > Hi, I am using Dovecot 2.0.9 on CentOS server.I noticed that when I type: service dovecot stop, there are several imap / pop3 dovecot processes that remain active.Which parameter controls this?How can I have dovecot closing these processes more quickly?Thank you From tss at iki.fi Thu Nov 13 07:19:32 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 12 Nov 2014 23:19:32 -0800 Subject: closed fd causes: lmtp(18385): Panic: epoll_ctl(del, 11) failed: Bad file descriptor In-Reply-To: References: Message-ID: On 12 Nov 2014, at 06:32, Steffen Kaiser wrote: > lmtp(18385): Panic: epoll_ctl(del, 11) failed: Bad file descriptor .. > #4 0x00007fafdc2c0879 in i_panic (format=0x7fafdc3109fc "%s") at failures.c:276 > #5 0x00007fafdc2dcc85 in io_loop_handle_remove (io=0x2093920, closed=false) at ioloop-epoll.c:150 > #6 0x00007fafdc2d9f16 in io_remove_full (_io=0x205f078, closed=false) at ioloop.c:143 > #7 0x00007fafdc2d9f5d in io_remove (io=0x205f078) at ioloop.c:157 > #8 0x00007fafdc2e9d5c in stream_closed (fstream=0x205ef90) at ostream-file.c:57 > #9 0x00007fafdc2e9e13 in o_stream_file_close (stream=0x205ef90, close_parent=false) at ostream-file.c:78 > #10 0x00007fafdc2cb30d in io_stream_unref (stream=0x205ef90) at iostream.c:41 > #11 0x00007fafdc2e86ae in o_stream_unref (_stream=0x2079308) at ostream.c:88 > #12 0x00007fafdb69cb93 in openssl_iostream_free (ssl_io=0x20792e0) at iostream-openssl.c:273 > #13 0x00007fafdb69cce9 in openssl_iostream_unref (ssl_io=0x20792e0) at iostream-openssl.c:289 > #14 0x00007fafdc2b8bb9 in ssl_iostream_unref (_ssl_io=0x2079670) at iostream-ssl.c:126 > #15 0x00007fafdb6a011a in o_stream_ssl_destroy (stream=0x2079590) at ostream-openssl.c:28 Probably fixed by http://hg.dovecot.org/dovecot-2.2/rev/1632ae08c986 ? From tss at iki.fi Thu Nov 13 07:25:27 2014 From: tss at iki.fi (Timo Sirainen) Date: Wed, 12 Nov 2014 23:25:27 -0800 Subject: Dovecot 2.2.15 imap crash/panic (with core dumped) In-Reply-To: <54636188.9000805@skye.it> References: <54636188.9000805@skye.it> Message-ID: <5E08BF2A-AC09-4407-A17A-57DF979AB5E6@iki.fi> On 12 Nov 2014, at 05:32, Alessio Cecchi wrote: > after upgrade to Dovecot >= 2.2.14rc1 sometimes I found this error/crash in the log (never happened with 2.2.13), > > I'm the only one? Can be fix? > > Nov 11 17:44:26 imap(info at myemail.com): Error: Corrupted transaction log file /home/domains/myemail.com/info/Maildir/dovecot.index.log seq 190: Invalid transaction log size (32756 vs 32772): /home/domains/myemail.com/info/Maildir/dovecot.index.log (sync_offset=32756) > Nov 11 17:44:26 imap(info at myemail.com): Error: Log synchronization error at seq=0,offset=0 for /home/domains/myemail.com/info/Maildir/dovecot.index: Append with UID 10777, but next_uid = 10778 > Nov 11 17:44:26 imap(info at myemail.com): Error: /home/domains/myemail.com/info/Maildir/dovecot.index view syncing failed to apply changes > Nov 11 17:44:26 imap(info at myemail.com): Panic: file index-sync.c: line 265 (index_mailbox_sync_next_expunge): assertion failed: (range->seq2 <= ctx->messages_count) I can't really think of what would have started causing these. There aren't that big changes done to index handling code. I've also been running a ton of stress testing for Dovecot without these errors, so it's not a common problem at least. Although..: > mail_nfs_index = yes > mail_nfs_storage = yes What kind of a setup is this? Are there multiple Dovecot backend servers and are you using director? These two settings never worked 100% and they're not supported anymore. In a single dovecot server / or multi-dovecot+director setup these can be "no". From tlx at leuxner.net Thu Nov 13 08:03:02 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Thu, 13 Nov 2014 09:03:02 +0100 Subject: Execution of sieve script failed HG 3db5fbb216d3 Message-ID: <20141113080302.GA983@nihlus.leuxner.net> # 2.2.15 (3db5fbb216d3): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 [...] The latest HG commits produce the following sieve execution error. There is no error log created though... Nov 13 08:54:11 nihlus dovecot: lmtp(tlx at leuxner.net): kFEQG6JjZFQZBAAAgUOSbA: sieve: msgid=: stored mail into mailbox 'INBOX' Nov 13 08:54:11 nihlus dovecot: lmtp(tlx at leuxner.net): kFEQG6JjZFQZBAAAgUOSbA: sieve: Execution of script /var/vmail/domains/leuxner.net/tlx/.dovecot.sieve;name=dovecot failed, but implicit keep was successful (user logfile /var/vmail/domains/leuxner.net/tlx/.dovecot.sieve.log may reveal additional details) Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From skdovecot at smail.inf.fh-brs.de Thu Nov 13 08:11:24 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 13 Nov 2014 09:11:24 +0100 (CET) Subject: closed fd causes: lmtp(18385): Panic: epoll_ctl(del, 11) failed: Bad file descriptor In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 12 Nov 2014, Timo Sirainen wrote: > On 12 Nov 2014, at 06:32, Steffen Kaiser wrote: > >> lmtp(18385): Panic: epoll_ctl(del, 11) failed: Bad file descriptor > .. >> #4 0x00007fafdc2c0879 in i_panic (format=0x7fafdc3109fc "%s") at failures.c:276 >> #5 0x00007fafdc2dcc85 in io_loop_handle_remove (io=0x2093920, closed=false) at ioloop-epoll.c:150 >> #6 0x00007fafdc2d9f16 in io_remove_full (_io=0x205f078, closed=false) at ioloop.c:143 >> #7 0x00007fafdc2d9f5d in io_remove (io=0x205f078) at ioloop.c:157 >> #8 0x00007fafdc2e9d5c in stream_closed (fstream=0x205ef90) at ostream-file.c:57 >> #9 0x00007fafdc2e9e13 in o_stream_file_close (stream=0x205ef90, close_parent=false) at ostream-file.c:78 >> #10 0x00007fafdc2cb30d in io_stream_unref (stream=0x205ef90) at iostream.c:41 >> #11 0x00007fafdc2e86ae in o_stream_unref (_stream=0x2079308) at ostream.c:88 >> #12 0x00007fafdb69cb93 in openssl_iostream_free (ssl_io=0x20792e0) at iostream-openssl.c:273 >> #13 0x00007fafdb69cce9 in openssl_iostream_unref (ssl_io=0x20792e0) at iostream-openssl.c:289 >> #14 0x00007fafdc2b8bb9 in ssl_iostream_unref (_ssl_io=0x2079670) at iostream-ssl.c:126 >> #15 0x00007fafdb6a011a in o_stream_ssl_destroy (stream=0x2079590) at ostream-openssl.c:28 > > Probably fixed by http://hg.dovecot.org/dovecot-2.2/rev/1632ae08c986 ? I forgot my hg version, sorry: Dovecot v2.2.15 (062230bdbc4d+) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGRnrHz1H7kL/d9rAQISDAgAvFI6xEurZtPl4oY8OTLvnF44Waz4WdYI 0E47uKFEvgXCsguktomIaFlDqUAjkPgUgxAp4PUAhObsYBFWyUNDqwVhWMwE0q4X eI0IpJUQjmOmuzWcXGf7YXxgtuJJDgWOL1S735VSMESVQWle24a9fESezmEOirr2 pB69/OrlrlcrJ+xrcZ2KRN3XU7UhFW0T479GiLbU+0PK8mZksNSGRfC8wY0z5UBN n/Gw9YBKbxbKzEzcEy+CLfosBbY5n9rYg8KANCvqILtfCm4nkPu9zcoFIFHbEbym gpoWTBqJTPf3ITZdS0D6PykudCfO/uGRbgBCqeas9J60Iw1KviaXOw== =nw3b -----END PGP SIGNATURE----- From ndpthanh at gmail.com Wed Nov 12 08:23:53 2014 From: ndpthanh at gmail.com (Nguyen Dinh Phuoc Thanh) Date: Wed, 12 Nov 2014 08:23:53 +0000 (UTC) Subject: Dovecot Cur and New Directories are empty Message-ID: Hi, Recently, we faced an issue with dovecot. Mail delivered to New directory, but after we used Outlook to connect with POP3 protocol, there was no email delivered to Outlook and New/Cur directory was empty. If we don't use Outlook to connect, after a few minutes, it is empty also. Would you please help me to solve this issue? Below is the result from "dovecot -n" --------------------------------------------------------------------- # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final) ext4 auth_mechanisms = plain login debug_log_path = /var/log/dovecot-debug.log dict { quotadict = mysql:/etc/zpanel/configs/dovecot2/dovecot-dict-quota.conf } disable_plaintext_auth = no first_valid_gid = 12 first_valid_uid = 101 info_log_path = /var/log/dovecot-info.log lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * lmtp_save_to_detail_mailbox = yes log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:/var/zpanel/vmail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded- character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags notify passdb { args = /etc/zpanel/configs/dovecot2/dovecot-mysql.conf driver = sql } plugin { acl = vfile:/etc/dovecot/acls quota = maildir:User quota sieve = ~/dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_global_dir = /var/zpanel/sieve/ sieve_global_path = /var/zpanel/sieve/globalfilter.sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 1M trash = /etc/zpanel/configs/dovecot2/dovecot-trash.conf } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = mail mode = 0666 user = vmail } } service dict { unix_listener dict { group = mail mode = 0666 user = vmail } } service imap-login { inet_listener imap { port = 143 } } service imap { vsz_limit = 256 M } service lmtp { unix_listener lmtp { mode = 0666 } } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } } ssl = no userdb { args = /etc/zpanel/configs/dovecot2/dovecot-mysql.conf driver = sql } protocol lda { mail_plugins = quota sieve postmaster_address = postmaster@###.com } protocol imap { imap_client_workarounds = delay-newmail mail_plugins = quota imap_quota trash } protocol lmtp { mail_plugins = quota sieve } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol sieve { managesieve_implementation_string = Dovecot Pigeonhole managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 } ---------------------------------------------------------------- Thanks, Thanh From tss at iki.fi Thu Nov 13 08:46:06 2014 From: tss at iki.fi (Timo Sirainen) Date: Thu, 13 Nov 2014 00:46:06 -0800 Subject: Execution of sieve script failed HG 3db5fbb216d3 In-Reply-To: <20141113080302.GA983@nihlus.leuxner.net> References: <20141113080302.GA983@nihlus.leuxner.net> Message-ID: <9E00728D-3C4E-4C64-9CB7-7CC966BC926C@iki.fi> On 13 Nov 2014, at 00:03, Thomas Leuxner wrote: > # 2.2.15 (3db5fbb216d3): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.6 > [...] > > The latest HG commits produce the following sieve execution error. There is no error log created though... Did you (fully) recompile Sieve also? Some structs changed. I can't really think of anything else and it works ok in my tests. From davide.marchi at mail.cgilfe.it Thu Nov 13 08:49:18 2014 From: davide.marchi at mail.cgilfe.it (Davide) Date: Thu, 13 Nov 2014 09:49:18 +0100 Subject: Error using Tika as meta extractor with solr Message-ID: <5464708E.7040506@mail.cgilfe.it> Hi to all, i have a dovecot 2.2.15 installation which uses tika and solr for indexing and meta extraction from messages: this is my doveconf -n output # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.10 auth_cache_negative_ttl = 10 mins auth_cache_size = 8 M auth_cache_ttl = 20 mins debug_log_path = /var/log/dovecot/dovecot-debug.log first_valid_gid = 89 first_valid_uid = 89 info_log_path = /var/log/dovecot/dovecot.log last_valid_gid = 89 last_valid_uid = 89 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 127.0.0.1 log_path = /var/log/dovecot/dovecot-err.log log_timestamp = "%Y-%m-%d %H:%M:%S " mail_fsync = never mail_gid = 89 mail_location = maildir:~/Maildir:INDEX=/mnt/ramdisk/%u mail_plugins = " notify zlib quota fts fts_solr" mail_uid = 89 mailbox_list_index = yes maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate mmap_disable = yes namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/var/mail/public prefix = Public/ separator = / subscriptions = no type = public } passdb { args = webmail=127.0.0.1 cache_key=%u%s driver = vpopmail } plugin { antispam_backend = crm114 antispam_crm_args = -u;/opt/crm114;--fileprefix=/opt/crm114/;--config=/usr/share/crm114/mailfilter.cf antispam_crm_binary = /usr/share/crm114/mailreaver.crm antispam_crm_notspam_arg = --good antispam_crm_spam_arg = --spam antispam_signature = X-CRM114-CacheID antispam_spam_pattern_ignorecase = crm-spam* antispam_trash_pattern_ignorecase = Trash* antispam_unsure_pattern_ignorecase = crm-unsure* fts = solr fts_solr = url=http://192.168.119.5:8983/solr/ break-imap-search fts_tika = http://192.168.119.5:9998/tika/ mail_log_events = delete undelete expunge copy mail_log_fields = uid box msgid size mail_log_group_events = quota = dict:::redis:host=127.0.0.1:prefix=user/ quota_rule2 = Trash:storage=+20%% quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_before = /usr/local/lib/dovecot/sieve/default.sieve sieve_default = /usr/local/lib/dovecot/sieve/default.sieve sieve_dir = ~/sieve sieve_global_dir = /usr/local/lib/dovecot/sieve/ zlib_save = gz zlib_save_level = 9 } protocols = imap sieve service auth { unix_listener auth-master { group = vchkpw mode = 0600 user = vpopmail } unix_listener auth-userdb { group = vchkpw mode = 0600 user = vpopmail } } service decode2text { executable = script /usr/local/libexec/dovecot/decode2text.sh unix_listener decode2text { mode = 0666 user = dovecot } } service imap-login { executable = /usr/local/libexec/dovecot/imap-login inet_listener imaps { address = 192.168.10.50 } process_limit = 500 process_min_avail = 2 service_count = 0 } service imap { executable = /usr/local/libexec/dovecot/imap } service managesieve-login { executable = managesieve-login inet_listener sieve { address = 127.0.0.1 port = 4190 } process_min_avail = 2 service_count = 0 } service managesieve { process_limit = 10 } service quota-warning { executable = script /usr/local/libexec/dovecot/quota-warning unix_listener quota-warning { mode = 0660 user = vpopmail } user = vpopmail } ssl_cert = -<%s>-%m: %$ hostname = mail.cgilfe.it info_log_path = /var/log/dovecot/dovecot-deliver.log log_path = /var/log/dovecot/dovecot-deliver.log mail_fsync = optimized mail_plugin_dir = /usr/local/lib/dovecot mail_plugins = " notify zlib quota fts fts_solr mail_log sieve" postmaster_address = postmaster at mail.cgilfe.it rejection_reason = Il messaggio destinato a <%t> ? stato automaticamente rifiutato:%n%r rejection_subject = Messaggio Rifiutato: %s submission_host = 127.0.0.1 } If i throw a command like this doveadm -Dv index -u davide.marchi at mail.cgilfe.it INBOX i receive the error that i attach to this message Any idea about the reason of error and how can i resolve it? -- *Davide Marchi Teorema Ferrara Srl** **Via Spronello, 7 - Ferrara - 44121 05327831610532783368 davide.marchi at mail.cgilfe.it davide.marchi73 Web: http://www.cgilfe.it* * CONFIDENZIALITA'* *Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario/dei destinatari. Qualora il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione.* *Per favore, pensa all'ambiente. Stampa questa email solo se necessario.* -------------- next part -------------- A non-text attachment was scrubbed... Name: footer_location_12_tran.png Type: image/png Size: 492 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: footer_phone_12_tran.png Type: image/png Size: 409 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: fax.png Type: image/png Size: 872 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: footer_mail_12_tran.png Type: image/png Size: 375 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: footer_skype_12_tran.png Type: image/png Size: 407 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: error_tika.7z Type: application/octet-stream Size: 2756 bytes Desc: not available URL: From tlx at leuxner.net Thu Nov 13 09:17:41 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Thu, 13 Nov 2014 10:17:41 +0100 Subject: Execution of sieve script failed HG 3db5fbb216d3 In-Reply-To: <9E00728D-3C4E-4C64-9CB7-7CC966BC926C@iki.fi> References: <20141113080302.GA983@nihlus.leuxner.net> <9E00728D-3C4E-4C64-9CB7-7CC966BC926C@iki.fi> Message-ID: <20141113091740.GA3522@nihlus.leuxner.net> * Timo Sirainen 2014.11.13 09:46: > Did you (fully) recompile Sieve also? Some structs changed. I can't really think of anything else and it works ok in my tests. Yes I did. By a hunch I now deleted the binary script and that does seem to do the trick... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From stephan at rename-it.nl Thu Nov 13 09:19:00 2014 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 13 Nov 2014 10:19:00 +0100 Subject: Execution of sieve script failed HG 3db5fbb216d3 In-Reply-To: <20141113091740.GA3522@nihlus.leuxner.net> References: <20141113080302.GA983@nihlus.leuxner.net> <9E00728D-3C4E-4C64-9CB7-7CC966BC926C@iki.fi> <20141113091740.GA3522@nihlus.leuxner.net> Message-ID: <54647784.3000305@rename-it.nl> On 11/13/2014 10:17 AM, Thomas Leuxner wrote: > * Timo Sirainen 2014.11.13 09:46: > >> Did you (fully) recompile Sieve also? Some structs changed. I can't really think of anything else and it works ok in my tests. > Yes I did. By a hunch I now deleted the binary script and that does seem to do the trick... Yes, it does. Fixed by last two commits. Regards, Stephan. From tlx at leuxner.net Thu Nov 13 09:53:50 2014 From: tlx at leuxner.net (Thomas Leuxner) Date: Thu, 13 Nov 2014 10:53:50 +0100 Subject: Execution of sieve script failed HG 3db5fbb216d3 In-Reply-To: <54647784.3000305@rename-it.nl> References: <20141113080302.GA983@nihlus.leuxner.net> <9E00728D-3C4E-4C64-9CB7-7CC966BC926C@iki.fi> <20141113091740.GA3522@nihlus.leuxner.net> <54647784.3000305@rename-it.nl> Message-ID: <20141113095350.GC3522@nihlus.leuxner.net> * Stephan Bosch 2014.11.13 10:19: > Yes, it does. Fixed by last two commits. Thanks, Stephan and Timo :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From absolutely_free at libero.it Thu Nov 13 11:45:39 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Thu, 13 Nov 2014 12:45:39 +0100 (CET) Subject: R: Re: pop3/imap hanging processes Message-ID: <689021348.5157341415879139083.JavaMail.httpd@webmail-15.iol.local> Thank you very much! >----Messaggio originale---- >Da: eduardo at freedominterface.org >Data: 13/11/2014 2.18 >A: >Ogg: Re: pop3/imap hanging processes > >Take a look at ' shutdown_clients' parameter. > >http://wiki2.dovecot.org/RunningDovecot > >On 11/12/2014 07:37 PM, absolutely_free at libero.it wrote: >> Hi, I am using Dovecot 2.0.9 on CentOS server.I noticed that when I type: service dovecot stop, there are several imap / pop3 dovecot processes that remain active.Which parameter controls this?How can I have dovecot closing these processes more quickly?Thank you > From absolutely_free at libero.it Thu Nov 13 11:48:07 2014 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Thu, 13 Nov 2014 12:48:07 +0100 (CET) Subject: R: Re: pop3/imap hanging processes Message-ID: <93661834.5158551415879287271.JavaMail.httpd@webmail-15.iol.local> Sorry, I checked and it's already ok: # dovecot -a |grep shutdown shutdown_clients = yes >----Messaggio originale---- >Da: eduardo at freedominterface.org >Data: 13/11/2014 2.18 >A: >Ogg: Re: pop3/imap hanging processes > >Take a look at ' shutdown_clients' parameter. > >http://wiki2.dovecot.org/RunningDovecot > >On 11/12/2014 07:37 PM, absolutely_free at libero.it wrote: >> Hi, I am using Dovecot 2.0.9 on CentOS server.I noticed that when I type: service dovecot stop, there are several imap / pop3 dovecot processes that remain active.Which parameter controls this?How can I have dovecot closing these processes more quickly?Thank you > From soumplis at ekt.gr Thu Nov 13 12:07:10 2014 From: soumplis at ekt.gr (Alexandros Soumplis) Date: Thu, 13 Nov 2014 14:07:10 +0200 Subject: Bug (?) while listing imap folder Message-ID: <54649EEE.6040507@ekt.gr> Dear All, I think I've hit a bug after migrating our mail server to the newest version of dovecot (version 2.2.15). When I try to list all imap folders for one user the imap process crashes. The listing to a specific folder (ex. INBOX) works fine, only the "*" crashes. Client side: --------------------- [root at mb log]# telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] __mb__ ready a login soumplis MYPASS a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE NOTIFY] Logged in a list "" "*" Connection closed by foreign host. Server Log: --------------------- Nov 13 13:53:57 mb00 dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=60544, secured, session= Nov 13 13:53:59 mb00 dovecot: imap(soumplis): Panic: file buffer.c: line 309 (buffer_set_used_size): assertion failed: (used_size <= buf->alloc) Nov 13 13:53:59 mb00 dovecot: imap(soumplis): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x7466e) [0x7f06237f466e] -> /usr/lib64/dovecot/libdovecot.so.0(+0x7474e) [0x7f06237f474e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f06237a4aa6] -> /usr/lib64/dovecot/libdovecot.so.0(+0x71172) [0x7f06237f1172] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_index_iter_next+0x16c) [0x7f0623afca0c] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x987df) [0x7f0623b007df] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_iter_next+0x2a0) [0x7f0623b01460] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x99fb1) [0x7f0623b01fb1] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x987df) [0x7f0623b007df] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_iter_next+0x40e) [0x7f0623b015ce] -> dovecot/imap [soumplis 127.0.0.1 list](+0x10d59) [0x7f0623fbed59] -> dovecot/imap [soumplis 127.0.0.1 list](cmd_list_full+0x528) [0x7f0623fbf5e8] -> dovecot/imap [soumplis 127.0.0.1 list](command_exec+0x3c) [0x7f0623fc724c] -> dovecot/imap [soumplis 127.0.0.1 list](+0x180ff) [0x7f0623fc60ff] -> dovecot/imap [soumplis 127.0.0.1 list](+0x18191) [0x7f0623fc6191] -> dovecot/imap [soumplis 127.0.0.1 list](client_handle_input+0x14d) [0x7f0623fc64ed] -> dovecot/imap [soumplis 127.0.0.1 list](client_input+0x85) [0x7f0623fc68b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) [0x7f06238067fc] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xcb) [0x7f062380782b] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7f0623806869] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f06238068e8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f06237aa0a3] -> dovecot/imap [soumplis 127.0.0.1 list](main+0x2d4) [0x7f0623fba4f4] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f06233e0af5] -> dovecot/imap [soumplis 127.0.0.1 list](+0xc661) [0x7f0623fba661] Nov 13 13:53:59 mb00 dovecot: imap(soumplis): Fatal: master: service(imap): child 60544 killed with signal 6 (core dumps disabled) Our current configuration: ---------------------------------------------------------- # 2.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.8.1.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Core) xfs auth_cache_negative_ttl = 0 auth_cache_size = 128 M auth_username_chars = auth_username_format = %Ln deliver_log_format = msgid=%m: Subject=%s, From=%f, Physical Size=%p, Virtual Size=%w, %$ disable_plaintext_auth = no imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags login_greeting = __mb__ ready mail_attachment_dir = /SILO/attachments mail_attachment_fs = sis posix:mode=660 mail_cache_min_mail_count = 10 mail_gid = mailuser mail_home = /SILO/homes/%Ln mail_location = mdbox:/SILO/mailboxes/%Ln/mdbox:INDEX=/SILO/indexes/%Ln mail_plugins = " zlib" mail_uid = mailuser mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate mbox_write_locks = fcntl mdbox_preallocate_space = yes mdbox_rotate_interval = 1 days mdbox_rotate_size = 64 M namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox "Report NO Spam" { auto = subscribe } mailbox "Report Spam" { auto = subscribe } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = /etc/dovecot/conf.d/dovecot-ldap.conf.ext driver = ldap } passdb { driver = pam } plugin { acl_anyone = allow acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes sieve = /SILO/sieves/%Ln/dovecot.sieve sieve_dir = /SILO/sieves/%Ln/ sieve_global_dir = /SILO/sieves } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_enable_last = yes pop3_fast_size_lookups = yes pop3_lock_session = yes pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s %u pop3_reuse_xuidl = yes pop3_save_uidl = yes protocols = imap pop3 lmtp sieve service imap { process_limit = 4192 vsz_limit = 1 G } service lmtp { inet_listener lmtp { port = 24 } process_min_avail = 5 } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } service_count = 1 } ssl_ca = /etc/pki/tls/certs/chain-pem ssl_cert = alloc)\n", 100) = 100 Any help will be greatly appreciated! -- Alexandros Soumplis Systems Engineer (M.Sc, RHCE, VCP, SCSA) National Documentation Center / N.H.R.F. Information Systems Department 48, Vas. Constantinou Av. 116 35 Athens, Greece phone: +30 210 7273984 fax: +30 210 7252223 email:soumplis at ekt.gr http://www.ekt.gr From baruch at tkos.co.il Thu Nov 13 17:45:54 2014 From: baruch at tkos.co.il (Baruch Siach) Date: Thu, 13 Nov 2014 19:45:54 +0200 Subject: Static build failure Message-ID: <20141113174554.GN10379@tarshish> Hi dovecot list, Static build of dovecot fails because src/lib/module-dir.c refers to MODULE_SUFFIX that is undefined when building statically. This least to the following build failure: module-dir.c: In function 'module_file_get_name': module-dir.c:624:20: error: 'MODULE_SUFFIX' undeclared (first use in this function) p = strstr(fname, MODULE_SUFFIX); ^ The following somewhat inelegant patch fixes the problem. diff -Nuar dovecot-2.2.15-orig/src/lib/module-dir.c dovecot-2.2.15/src/lib/module-dir.c --- dovecot-2.2.15-orig/src/lib/module-dir.c 2014-10-18 00:10:15.000000000 +0300 +++ dovecot-2.2.15/src/lib/module-dir.c 2014-11-13 19:27:29.417786313 +0200 @@ -621,7 +621,11 @@ if (*p == '_') fname = p + 1; +#ifdef MODULE_SUFFIX p = strstr(fname, MODULE_SUFFIX); +#else + p = NULL; +#endif if (p == NULL) return fname; baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}------------------------------------------------ooO--U--Ooo------------{= - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - From ronleach at tesco.net Thu Nov 13 18:29:42 2014 From: ronleach at tesco.net (Ron Leach) Date: Thu, 13 Nov 2014 18:29:42 +0000 Subject: Migrate system users to virtual users Message-ID: <5464F896.4040804@tesco.net> List, good afternoon, We are at the planning stage of wanting to migrate from an existing installation onto a new machine, and also to change from system users to virtual users. May I check that our ideas for user id are correct? I am not sure whether we will encounter a 'permissions' and 'user id' problem when moving from a system-user scheme to a virtual scheme. We use Maildir, and the maildirs at the moment are in their users' linux /home directories. After reading the wiki, we think that the 'single system user for vmail' arrangement, ie just one system user to manage all the mail for all virtual users, will work for us. I think that means that the permissions on all our existing 'system-user-oriented' maildirs will have to be changed (in the new machine) so that they are owned by the 'single-system-user', such as 'vmail'. One thought was to first copy the existing maildirs into the new virtual user file system tree, and then, second, change the owners and permissions on the maildirs and directories and messages to permit control by 'vmail'. From the point of view of transferring all the mail files, is that all we would have to do? (Of course, we would also have to create the virtual users and their passwords, and arrange the appropriate password lookups etc, but that's not the direct topic of this post. And that arrangement has to be compatible with the MTA, as well.) If we do copy the maildirs and change the permissions, does all the metadata that the clients, or Dovecot, use to detect new, existing, or downloaded mail remain valid? Or should we use a different approach? Grateful for any comment regards, Ron From chris at apex-internet.com Thu Nov 13 18:44:16 2014 From: chris at apex-internet.com (Chris Szilagyi) Date: Thu, 13 Nov 2014 13:44:16 -0500 (EST) Subject: Understanding filesystem quotas Message-ID: <32271.204.144.118.17.1415904256.squirrel@mail.apex-internet.com> Hello: I've been trying to set up filesystem quotas for IMAP, and cannot seem to get it to work. In IMAP clients it either shows quota unavailable or unknown. I've read the documentation several times. I've enabled the quota plugins and to my knowledge that part is good. I've edited the file 90-quota.conf and uncommented these lines and set them as follows: plugin { quota_rule = *:storage=1G } plugin { quota = fs:User quota:user } To my knowledge, this should enable filesystem quotas by user. However when I run "doveadm quota get -u username", it shows: Quota name Type Value Limit % User quota STORAGE 0 - 0 So basically all zeros. I've also tried running "doveadm -Dv quota get -u username" and don't see anything that stands out or that would indicate an issue. It shows the correct block device and such. I know filesystem quotas are working as I can run "quota username" and it shows the usage. The reason I picked filesystem quotas is because we have /var/spool/mail/username (spool file), and /home/username/mail on the same partition, and because it sounds like it's fast and doesn't require disk I/O. But I'm trying to also figure out by setting the "storage=" command in Dovecot, do I even need to set a hard and soft limit on the filesystem quota then? I would prefer to let Dovecot enforce quotas rather than rely on the filesystem quota mechanism, but keep disk I/O down. Any help would be greatly appreciated on this. Thank you. -- Chris From Dovecot-mailing-list at whyaskwhy.org Thu Nov 13 19:34:29 2014 From: Dovecot-mailing-list at whyaskwhy.org (deoren) Date: Thu, 13 Nov 2014 13:34:29 -0600 Subject: Migrate system users to virtual users In-Reply-To: <5464F896.4040804@tesco.net> References: <5464F896.4040804@tesco.net> Message-ID: <3702642e1db7cbdf604af846b30154e0@dawnofhope.org> On 2014-11-13 12:29, Ron Leach wrote: > List, good afternoon, > > We are at the planning stage of wanting to migrate from an existing > installation onto a new machine, and also to change from system users > to virtual users. May I check that our ideas for user id are correct? > > I am not sure whether we will encounter a 'permissions' and 'user id' > problem when moving from a system-user scheme to a virtual scheme. We > use Maildir, and the maildirs at the moment are in their users' linux > /home directories. > > After reading the wiki, we think that the 'single system user for > vmail' arrangement, ie just one system user to manage all the mail for > all virtual users, will work for us. I think that means that the > permissions on all our existing 'system-user-oriented' maildirs will > have to be changed (in the new machine) so that they are owned by the > 'single-system-user', such as 'vmail'. > > One thought was to first copy the existing maildirs into the new > virtual user file system tree, and then, second, change the owners and > permissions on the maildirs and directories and messages to permit > control by 'vmail'. From the point of view of transferring all the > mail files, is that all we would have to do? (Of course, we would > also have to create the virtual users and their passwords, and arrange > the appropriate password lookups etc, but that's not the direct topic > of this post. And that arrangement has to be compatible with the MTA, > as well.) That is what I did with a system account that I migrated a few months back and it worked out well. > If we do copy the maildirs and change the permissions, does all the > metadata that the clients, or Dovecot, use to detect new, existing, or > downloaded mail remain valid? Or should we use a different approach? Hopefully someone with more experience will chime in and answer the particulars re metadata, but I did just what you're talking about and didn't have any problems; granted I was working with a test account with minimal data. I went from a setup like you described where I had /home/user/Maildir and migrated that content to /var/vmail/domain/user/Maildir and set the new system account as the user:group recursively. That setup has been working fine since. I initially made the mistake of leaving out the 'Maildir' subdirectory for the content, but after receiving some advice here on the list I corrected that mistake. From gedalya at gedalya.net Thu Nov 13 21:01:26 2014 From: gedalya at gedalya.net (Gedalya) Date: Thu, 13 Nov 2014 16:01:26 -0500 Subject: Migrate system users to virtual users In-Reply-To: <5464F896.4040804@tesco.net> References: <5464F896.4040804@tesco.net> Message-ID: <54651C26.1010900@gedalya.net> On 11/13/2014 01:29 PM, Ron Leach wrote: > If we do copy the maildirs and change the permissions, does all the > metadata that the clients, or Dovecot, use to detect new, existing, or > downloaded mail remain valid? Or should we use a different approach? /srv/mail/domains/example.com/exampleuser << This would be your 'home' in dovecot terms. Typically sieve files/directory/symlinks would be stored below this point. /srv/mail/domains/example.com/exampleuser/Maildir << This would be your Maildir. You have two items: home, and maildir. If you copy the maildir, you have everything, except for anything else that dovecot might be storing outside the Maildir, in the home directory. This would typically be sieve stuff, as mentioned. Take a look and see. Review your config etc. But in terms of what you specifically asked - just keeping track of messages and their flags, it's all within the Maildir, positive. The Maildir does not need to be a subdirectory of the home directory, this is just my example. One other thing that is possible in dovecot is separate storage for indexes, but if you're doing that, I would think that you should know you are :-) From chayes at afo.net Thu Nov 13 23:01:26 2014 From: chayes at afo.net (Cliff Hayes) Date: Thu, 13 Nov 2014 17:01:26 -0600 Subject: automatically create Spam mailbox Message-ID: <54653846.6090004@afo.net> I am trying to set up dovecot to automatically create a Spam mailbox for every user. http://wiki2.dovecot.org/MailboxSettings shows how to do this but not what config file to put it in so I assume 10-mail.conf. When I put it in there as follows... namespace inbox { mailbox Spam { auto = create special_use = \Junk } } ... I get the following error ... doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-mail.conf line 107: Unknown setting: mailbox How do I create the mailbox? From dovecot-list at mohtex.net Fri Nov 14 00:34:10 2014 From: dovecot-list at mohtex.net (Tamsy) Date: Fri, 14 Nov 2014 07:34:10 +0700 Subject: automatically create Spam mailbox In-Reply-To: <54653846.6090004@afo.net> References: <54653846.6090004@afo.net> Message-ID: <54654E02.1000903@mohtex.net> Cliff Hayes wrote on 14.11.2014 06:01: > I am trying to set up dovecot to automatically create a Spam mailbox > for every user. > > http://wiki2.dovecot.org/MailboxSettings shows how to do this but not > what config file to put it in so I assume 10-mail.conf. > When I put it in there as follows... > > namespace inbox { > mailbox Spam { > auto = create > special_use = \Junk > } > } > > ... I get the following error ... > > doveconf: Fatal: Error in configuration file > /etc/dovecot/conf.d/10-mail.conf line 107: Unknown setting: mailbox > > How do I create the mailbox? Try: namespace inbox { mailbox "Spam" { auto = subscribe special_use = \Junk } } From jtam.home at gmail.com Fri Nov 14 00:44:36 2014 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 13 Nov 2014 16:44:36 -0800 (PST) Subject: Dovecot Cur and New Directories are empty In-Reply-To: References: Message-ID: Nguyen Dinh Phuoc Thanh writes: > Recently, we faced an issue with dovecot. Mail delivered to New > directory, but after we used Outlook to connect with POP3 protocol, > there was no email delivered to Outlook and New/Cur directory was empty. > If we don't use Outlook to connect, after a few minutes, it is empty > also. > Would you please help me to solve this issue? Another POP3 client accessing the same account but not configured to keep message on server? Check logs to rule that out. Joseph Tam From dovecot at the-leveys.us Fri Nov 14 00:59:23 2014 From: dovecot at the-leveys.us (Don Levey) Date: Thu, 13 Nov 2014 19:59:23 -0500 Subject: Core Dump upon startup (SEGV) - v2.2.10 Message-ID: <20141114005923.GB500@dungeon.the-leveys.us> 123456789012345678901234567890123456789012345678901234567890123456789012 I appear to have taken a mostly-working installation and mucked it up. In my recent messages I mentioned how I was having difficuilty in making my wife's email readable in Squirrelmail; this was solved with directory permissions. However, my usual email client is Thunderbird; I was holding off on using that as there appeared to be authentication issues. Today was my opportunity to start debugging those; it occurred to me that I might have issues with PKI and tried to make/install working certificates. When this didn't work, I though to just scrub the installation and start over. On my CentOS 7 system I erased and reinstalled from RPM. With what should have been working certificates, I ran through the config files, and then restarted to the following error: [root at dungeon dovecot]# systemctl -l status dovecot.service dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled) Active: failed (Result: core-dump) since Thu 2014-11-13 19:05:52 EST; 30min ago Process: 23700 ExecStart=/usr/sbin/dovecot -F (code=dumped, signal=SEGV) Process: 23695 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 23700 (code=dumped, signal=SEGV) Nov 13 19:05:52 dungeon.the-leveys.us systemd[1]: Started Dovecot IMAP/POP3 email server. Nov 13 19:05:52 dungeon.the-leveys.us systemd[1]: dovecot.service: main process exited, code=dumped, status=11/SEGV Nov 13 19:05:52 dungeon.the-leveys.us systemd[1]: Unit dovecot.service entered failed state. I can't run dovecot -n: [root at dungeon dovecot]# dovecot -n # 2.2.10: /etc/dovecot/dovecot.conf Segmentation fault (core dumped) The log file shows: Nov 13 18:48:46 anvil: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) Nov 13 18:48:46 master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) Nov 13 18:48:46 log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) Here's what I get from the gdb command specified: [root at dungeon log]# gdb /usr/libexec/dovecot/imap /var/core/6538 GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-51.el7 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/libexec/dovecot/imap...Reading symbols from /usr/lib/debug/usr/libexec/dovecot/imap.debug...done. done. warning: core file may not match specified executable file. [New LWP 6538] Core was generated by `/usr/bin/doveconf -f service=master -c /etc/dovecot/dovecot.conf -m master -p -'. Program terminated with signal 11, Segmentation fault. #0 0x00007f1f3dd1db5b in ?? () (gdb) I tried talking to IMAP directly as per the website, but was unable to make it crash (and I don't know enough IMAP to do anything more than the exmaple commands). I don't know what else to include... Thank you, -Don From kremels at kreme.com Fri Nov 14 01:01:24 2014 From: kremels at kreme.com (LuKreme) Date: Thu, 13 Nov 2014 18:01:24 -0700 Subject: automatically create Spam mailbox In-Reply-To: <54654E02.1000903@mohtex.net> References: <54653846.6090004@afo.net> <54654E02.1000903@mohtex.net> Message-ID: > On Nov 13, 2014, at 5:34 PM, Tamsy wrote: > > Cliff Hayes wrote on 14.11.2014 06:01: >> I am trying to set up dovecot to automatically create a Spam mailbox for every user. >> >> http://wiki2.dovecot.org/MailboxSettings shows how to do this but not what config file to put it in so I assume 10-mail.conf. >> When I put it in there as follows... >> >> namespace inbox { >> mailbox Spam { >> auto = create >> special_use = \Junk >> } >> } >> >> ... I get the following error ... >> >> doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-mail.conf line 107: Unknown setting: mailbox >> >> How do I create the mailbox? > > Try: > > namespace inbox { > mailbox "Spam" { > auto = subscribe > special_use = \Junk > } > } I have: namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } Which I think is working as expected. I mean, other than the obvious that no one will ever put any email into NotJunk for auto training, instead they complain about false positives in their Junk and do nothing to alleviate the problem? but I sense I?m careening off the rails into a rant? -- I have a love child who sends me hate mail From skdovecot at smail.inf.fh-brs.de Fri Nov 14 07:32:10 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 14 Nov 2014 08:32:10 +0100 (CET) Subject: Understanding filesystem quotas In-Reply-To: <32271.204.144.118.17.1415904256.squirrel@mail.apex-internet.com> References: <32271.204.144.118.17.1415904256.squirrel@mail.apex-internet.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 13 Nov 2014, Chris Szilagyi wrote: > I've enabled the quota plugins and to my knowledge that part is good. > I've edited the file 90-quota.conf and uncommented these lines and set them > as follows: > > plugin { > quota_rule = *:storage=1G > } > > plugin { > quota = fs:User quota:user > } > > To my knowledge, this should enable filesystem quotas by user. However when > I run "doveadm quota get -u username", it shows: > > Quota name Type Value Limit % > User quota STORAGE 0 - 0 > > So basically all zeros. I've also tried running "doveadm -Dv quota get -u > username" and don't see anything that stands out or that would indicate an > issue. It shows the correct block device and such. I know filesystem > quotas are working as I can run "quota username" and it shows the usage. Are you sure, that you: 1) have enabled quotas on /home/username/mail, 2) have reloaded Dovecot after config change, 3) have read dovecot logs, if there are errors, and 4) maybe you need to configure a limit, in order to enable quotas in Dovecot at all. 5) maybe try the mount= option, http://wiki2.dovecot.org/Quota/FS > then? I would prefer to let Dovecot enforce quotas rather than rely on the > filesystem quota mechanism, but keep disk I/O down. Dunno if "rely" sounds like you don't trust it ;-) But you should place INDEXes somewhere else, if you enforce quota via file system. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGWv+nz1H7kL/d9rAQItSAf/X0kPLMAFkr0u6FxN7UqVpV2HB7OGLGUE kD4d9Q8a26lR4xxOy1QpTyOC6NzVO+uX+Hutsn4inZN61EIBy0r/Y2b0sS9YNbir XG76V0mTB8+zfY0Av7nX3jCYNaxnfiZeqltd4D7u+es71QXvLyCbYfIVB/ZuzsTj P/KxurHflvbDeqVT89hFZnRpUQdFZXLFQeMAjAtBl9uvmtrItemlY7rsXhoqNPg8 0tEvvjYKt1diNGDRqczstB3wCUb7ixkhPvy3O8Mff8HzMW5n9sVbjTu4NIsAjWRS lNejGaPQtMLZutvOLxVuMz5Xa6U4Ct14iStlncwg6YQiL9sOGcDKYA== =isFV -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Nov 14 07:38:13 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 14 Nov 2014 08:38:13 +0100 (CET) Subject: automatically create Spam mailbox In-Reply-To: <54653846.6090004@afo.net> References: <54653846.6090004@afo.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 13 Nov 2014, Cliff Hayes wrote: > http://wiki2.dovecot.org/MailboxSettings shows how to do this but not what > config file to put it in so I assume 10-mail.conf. In my default config files the template for this resides in 15-mailboxes.conf, 10-mail contains the definition of the namespaces. > > doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-mail.conf > line 107: Unknown setting: mailbox > > How do I create the mailbox? please post your config without that error. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGWxZXz1H7kL/d9rAQJs6ggAhq+/KSLJOrEYg6Gp7erPmV6lSS5gUD6V rxbXzz/CUrFlKjmi1G18zz/LREcpv9DDuPchJ3o7v2AR8hDy4OT2V1KY/8Wtvt7g boxyQJH+6bxlMFd++2xI5VX0WocOFhL6pf626DMIAGdpstmL2f4KowT2PvVsEs9z WL4VfzOBkeGQPn3OJpRjOkPmCGj+X3JDtbKOTRZGLfjS0lN9/XXYAR0uL5XfBZQX b1zwsssAGjfqGGRq5p8q8RR0B8AoyATsBckVQejYSqiSc4vReAN3824Av4F6kFHS kdU2ZPJEgGhFuJ81Jrp9kxJjyQihnGvBy+VqOZKT76pX8beMdXkp+w== =bm7g -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Nov 14 07:48:03 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 14 Nov 2014 08:48:03 +0100 (CET) Subject: Dovecot Cur and New Directories are empty In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 12 Nov 2014, Nguyen Dinh Phuoc Thanh wrote: > Recently, we faced an issue with dovecot. Mail delivered to New > directory, but after we used Outlook to connect with POP3 protocol, > there was no email delivered to Outlook and New/Cur directory was empty. > If we don't use Outlook to connect, after a few minutes, it is empty > also. See Joseph's message. If the log files do not show something useful, try to enable: http://wiki2.dovecot.org/Plugins/MailLog?highlight=%28mail_log%29 configure it to log at least the events: delete and expunge - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGWzs3z1H7kL/d9rAQJdVAgAkpCdP7qSaCfTBQEIqJUzZdWrcBflPfza YWKmWYbmyA20cZiPfqnUR4ZTPBbzM7+K09RM7oSO8QiFsoNOj/wzJqiLvyQw3ACU pS1/V84mle/7gUnPStfDGSbEpWOFte5OB1tfh2dc8Sti30mFxBwGbbOVN6sh9jvb Gx0lE6xRmUu6y/qRVOypDfmjbLdlr1MiyzBpcX/k4c6nqO5ms6GCjNuu+Kl6ylij zrkmBKlTt9ddEZVxoyFlWeNmaU3v5iGVeqphf+rykXf7pPg6uj1t9+ByBAbJVjuL JLb5budTILOZ0L4hvTePQ/HypOrwJQspAthVDKIBaUvufVlv8WHZ5Q== =6NPM -----END PGP SIGNATURE----- From arekm at maven.pl Fri Nov 14 08:02:06 2014 From: arekm at maven.pl (Arkadiusz =?utf-8?q?Mi=C5=9Bkiewicz?=) Date: Fri, 14 Nov 2014 09:02:06 +0100 Subject: [PATCH]: libexttextcat from libreoffice Message-ID: <201411140902.06768.arekm@maven.pl> Hello. There is libexttextcat version provided by libreoffice team http://www.freedesktop.org/wiki/Software/libexttextcat http://dev-www.libreoffice.org/src/libexttextcat/ which uses pkgconfig. Library name is different: libexttextcat-2.0.so so dovecot configure doesn't find it. Something like this is needed: --- dovecot-2.2.15/configure.ac~ 2014-10-25 05:57:08.000000000 +0200 +++ dovecot-2.2.15/configure.ac 2014-11-14 08:49:02.888452270 +0100 @@ -2747,10 +2747,16 @@ have_lucene_textcat=yes AC_DEFINE(HAVE_LUCENE_TEXTCAT,, Define if you want textcat support for CLucene) ], [ - AC_CHECK_LIB(exttextcat, special_textcat_Init, [ - have_lucene_exttextcat=yes - AC_DEFINE(HAVE_LUCENE_EXTTEXTCAT,, Define if you want textcat (Debian version) support for CLucene) - ]) + if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists libexttextcat 2>/dev/null; then + PKG_CHECK_MODULES(LIBEXTTEXTCAT, libexttextcat) + LIBS="$LIBS $LIBEXTTEXTCAT_LIBS" + AC_DEFINE(HAVE_LUCENE_EXTTEXTCAT,, Define if you want textcat (LibreOffice version) support for CLucene) + else + AC_CHECK_LIB(exttextcat, special_textcat_Init, [ + have_lucene_exttextcat=yes + AC_DEFINE(HAVE_LUCENE_EXTTEXTCAT,, Define if you want textcat (Debian version) support for CLucene) + ]) + fi ]) ], [ if test $want_stemmer = yes; then -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org ) From dieterknopf at gmail.com Fri Nov 14 09:21:04 2014 From: dieterknopf at gmail.com (Dieter Knopf) Date: Fri, 14 Nov 2014 10:21:04 +0100 Subject: inbox parameter is ignored within location config for public namespaces? In-Reply-To: References: Message-ID: Hello, Debug logfile: dovecot: imap(m.user at foo.eu): Debug: Namespace : type=public, prefix=BOS/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=maildir:/home/vmail/foo.eu/bos/MAILDIR:INBOX=/home/vmail/foo.eu/bos/MAILDIR/.INBOX:INDEX=/home/vmail/foo.eu/bos/S_INDEX:INDEXPVT=/home/vmail/foo.eu/bos/S_INDEXPVT/m.user at foo.eu dovecot: imap(m.user at foo.eu): Debug: maildir++: root=/home/vmail/foo.eu/bos/MAILDIR, index=/home/vmail/foo.eu/bos/S_INDEX, indexpvt=/home/vmail/foo.eu/bos/S_INDEXPVT/m.user at foo.eu, control=, inbox=/home/vmail/foo.eu/bos/MAILDIR/.INBOX, alt= dovecot: imap(m.user at foo.eu): Debug: acl: initializing backend with data: vfile dovecot: imap(m.user at foo.eu): Debug: acl: acl username = m.user at foo.eu dovecot: imap(m.user at foo.eu): Debug: acl: owner = 0 dovecot: imap(m.user at foo.eu): Debug: acl vfile: Global ACL directory: (none) Everything looks fine, not sure why INBOX is not working correctly :-( 2014-11-09 18:24 GMT+01:00 Dieter Knopf : > Hello, > > i already asked a similiar question some month ago but still have no > fix for my problem :-( > > This is my global location option in 10-mail.conf: > mail_location = > maildir:/home/vmail/%d/%n/MAILDIR:INBOX=/home/vmail/%d/%n/MAILDIR/.INBOX:INDEX=/home/vmail/%d/%n/INDEX/ > > This works fine, until i'm using a public namespace. > > The following namespace is a normal user too, every mail to bos at foo.eu > is stored in /home/vmail/foo.eu/bos/MAILDIR (within the INBOX-folder) > and this directory is used for the location of the namespace. > > Config: > namespace { > type = public > separator = / > prefix = BOS/ > location = maildir:/home/vmail/foo.eu/bos/MAILDIR:INBOX=/home/vmail/foo.eu/bos/MAILDIR/.INBOX:INDEX=/home/vmail/foo.eu/bos/S_INDEX:INDEXPVT=/home/vmail/foo.eu/bos/S_INDEXPVT/%u > subscriptions = yes > } > > The namespace itself works fine and without a problem, but the INBOX > folder is the main problem. Mail users agents like Thunderbird now > shows a folder structure like: > > BOS (grey, not useable) > - INBOX (the .INBOX folder) > - Other folder 1 > - Other folder 2 > - Other folder 3 > > The INBOX-config works fine for every single user, but it don't work > on namespaces? Is this a bug? > > Thanks > > Dieter From skdovecot at smail.inf.fh-brs.de Fri Nov 14 10:12:05 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 14 Nov 2014 11:12:05 +0100 (CET) Subject: inbox parameter is ignored within location config for public namespaces? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Nov 2014, Dieter Knopf wrote: > Debug logfile: > dovecot: imap(m.user at foo.eu): Debug: Namespace : type=public, > prefix=BOS/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes > location=maildir:/home/vmail/foo.eu/bos/MAILDIR:INBOX=/home/vmail/foo.eu/bos/MAILDIR/.INBOX:INDEX=/home/vmail/foo.eu/bos/S_INDEX:INDEXPVT=/home/vmail/foo.eu/bos/S_INDEXPVT/m.user at foo.eu > dovecot: imap(m.user at foo.eu): Debug: maildir++: > root=/home/vmail/foo.eu/bos/MAILDIR, > index=/home/vmail/foo.eu/bos/S_INDEX, > indexpvt=/home/vmail/foo.eu/bos/S_INDEXPVT/m.user at foo.eu, control=, > inbox=/home/vmail/foo.eu/bos/MAILDIR/.INBOX, alt= > dovecot: imap(m.user at foo.eu): Debug: acl: initializing backend with data: vfile > dovecot: imap(m.user at foo.eu): Debug: acl: acl username = m.user at foo.eu > dovecot: imap(m.user at foo.eu): Debug: acl: owner = 0 > dovecot: imap(m.user at foo.eu): Debug: acl vfile: Global ACL directory: (none) > > Everything looks fine, not sure why INBOX is not working correctly :-( I'm sort of thinking that each account has just one INBOX, which is the one from the namespace with inbox=yes. Also, IMHO, public Maildir's never have the "root" useable, it is always "grey" regardless of the INBOX-setting. I think, I've read it several times on this list. You can see the public INBOX as sub-folder, but cannot "merge" it as root. > 2014-11-09 18:24 GMT+01:00 Dieter Knopf : >> Hello, >> >> i already asked a similiar question some month ago but still have no >> fix for my problem :-( >> >> This is my global location option in 10-mail.conf: >> mail_location = >> maildir:/home/vmail/%d/%n/MAILDIR:INBOX=/home/vmail/%d/%n/MAILDIR/.INBOX:INDEX=/home/vmail/%d/%n/INDEX/ >> >> This works fine, until i'm using a public namespace. >> >> The following namespace is a normal user too, every mail to bos at foo.eu >> is stored in /home/vmail/foo.eu/bos/MAILDIR (within the INBOX-folder) >> and this directory is used for the location of the namespace. >> >> Config: >> namespace { >> type = public >> separator = / >> prefix = BOS/ >> location = maildir:/home/vmail/foo.eu/bos/MAILDIR:INBOX=/home/vmail/foo.eu/bos/MAILDIR/.INBOX:INDEX=/home/vmail/foo.eu/bos/S_INDEX:INDEXPVT=/home/vmail/foo.eu/bos/S_INDEXPVT/%u >> subscriptions = yes >> } >> >> The namespace itself works fine and without a problem, but the INBOX >> folder is the main problem. Mail users agents like Thunderbird now >> shows a folder structure like: >> >> BOS (grey, not useable) >> - INBOX (the .INBOX folder) >> - Other folder 1 >> - Other folder 2 >> - Other folder 3 >> >> The INBOX-config works fine for every single user, but it don't work >> on namespaces? Is this a bug? >> >> Thanks >> >> Dieter > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGXVdXz1H7kL/d9rAQLyogf/T/Jf/uZrI2Y4Q9ypyLywcOdaZnVXTpJq lwABkbSzHKf0Q08vePF981cqjPKKZ9RsX50wKjO7ilKtHH/8afQ6EQzzHEiZ8aJb DcUhWZffpggYswPkmAN6clUVhf4Ay8RGKTyjlAyY8HFrWDvTqDsDOejywjXflw1d nQs5BM2h8+b9judy9waaAGApw80dLS7ahq1NCKFlyd6NQ4HBotWZ+2kqDtt+4WDC /efEa4RWwBaVjqQIvaZ96ZHkf40gFaHFGRw/nGzRLPKzaVYMZHgRF5///tEpOcIt A2FXzkfr4ONLJy0OI1jaGh0rA/IhVOKCzNrwxnEIzM5/R5JPQZ2EIg== =8eN6 -----END PGP SIGNATURE----- From bourek at thinline.cz Fri Nov 14 10:47:13 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Fri, 14 Nov 2014 11:47:13 +0100 Subject: Understanding filesystem quotas In-Reply-To: References: <32271.204.144.118.17.1415904256.squirrel@mail.apex-internet.com> Message-ID: <5465DDB1.9090105@thinline.cz> > > 1) have enabled quotas on /home/username/mail, > 2) have reloaded Dovecot after config change, > 3) have read dovecot logs, if there are errors, and > 4) maybe you need to configure a limit, in order to enable quotas in > Dovecot at all. Tried on my server, seems like you're right - Dovecot is ignoring quota_rule userdb field and grabs the soft limit from the filesystem. > 5) maybe try the mount= option, http://wiki2.dovecot.org/Quota/FS > >> then? I would prefer to let Dovecot enforce quotas rather than rely on >> the >> filesystem quota mechanism, but keep disk I/O down. > > Dunno if "rely" sounds like you don't trust it ;-) But you should place > INDEXes somewhere else, if you enforce quota via file system. > Agree to that - if you count control/index directories towards user's quota and enforce it on filesystem level, users most likely won't be able to login and delete mail when they reach it. From ronleach at tesco.net Fri Nov 14 14:15:04 2014 From: ronleach at tesco.net (Ron Leach) Date: Fri, 14 Nov 2014 14:15:04 +0000 Subject: Dovecot wiki LMTP description Message-ID: <54660E68.9080503@tesco.net> List, we are planning a new configuration to which we'll migrate an existing installation shortly. We are hoping to use Dovecot LMTP and have a query about the wiki entry for LMTP http://wiki2.dovecot.org/LMTP where it suggests this config: service lmtp { inet_listener lmtp { address = 192.168.0.24 127.0.0.1 ::1 port = 24 } Does this example mean that LMTP will only listen for input messages from the interface with IP address 192.168.0.24 (plus localhost)? If so, I probably haven't understood how LMTP is intended to work. Is there a reason why we want to limit LMTP to listening for messages from a specific IP on the network? I need to understand that so that I replace ...24 with a suitable host interface that exists on our LAN (we don't have a host at 192.168.0.24). Apologies for what must seem, to people using LMTP, a very basic question. Nevertheless, I would be grateful for any clarification. regards, Ron From h.reindl at thelounge.net Fri Nov 14 14:23:43 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 14 Nov 2014 15:23:43 +0100 Subject: Dovecot wiki LMTP description In-Reply-To: <54660E68.9080503@tesco.net> References: <54660E68.9080503@tesco.net> Message-ID: <5466106F.9090809@thelounge.net> Am 14.11.2014 um 15:15 schrieb Ron Leach: > List, we are planning a new configuration to which we'll migrate an > existing installation shortly. We are hoping to use Dovecot LMTP and > have a query about the wiki entry for LMTP > > http://wiki2.dovecot.org/LMTP > > where it suggests this config: > > service lmtp { > inet_listener lmtp { > address = 192.168.0.24 127.0.0.1 ::1 > port = 24 > } > > Does this example mean that LMTP will only listen for input messages > from the interface with IP address 192.168.0.24 (plus localhost)? If > so, I probably haven't understood how LMTP is intended to work. Is > there a reason why we want to limit LMTP to listening for messages from > a specific IP on the network? no - it *listens* on that IP's the "address" exists for all other services too a server likely has more than one interface / IP you don't need to have lmtpd listen on any IP in most cases or better said in most cases 127.0.0.1 is just enough because the MTA is running on the same machine if it comes to security you have two choices: * reject a port from anything but localhost * just have the service not listening so it don't need to be protected which is they way to go on a machine with more than one NIC (public interface and LAN) you have hardly a reason lmtpd listening on the WAN interface but on the to the LAN connected one where 1, 2, 20 MTA's deliver their messages ________________________________________________________ other practical example: * dovecot is acting as proxy * on the same machine dbmail is listening on 127.0.0.1:143 and 127.0.0.1:110 - so both can use the standard port service imap-login { inet_listener imap { address = 192.168.196.2 port = 143 } service pop3-login { inet_listener imap { address = 192.168.196.2 port = 110 } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From chris at apex-internet.com Fri Nov 14 14:24:42 2014 From: chris at apex-internet.com (Chris Szilagyi) Date: Fri, 14 Nov 2014 09:24:42 -0500 (EST) Subject: Understanding filesystem quotas In-Reply-To: References: <32271.204.144.118.17.1415904256.squirrel@mail.apex-internet.com> Message-ID: <54747.204.144.118.17.1415975082.squirrel@mail.apex-internet.com> > > Are you sure, that you: > > 1) have enabled quotas on /home/username/mail, If you mean filesystem quotas, then yes. In our environment, /home is symlinked to another local disk /volume/home, and the quotas are set on /volume > 2) have reloaded Dovecot after config change, Definitely have done that. > 3) have read dovecot logs, if there are errors, and Quite a while after testing and posting this, these errors started showing up in /var/log/maillog ... I'm currently investigating. This may be part of the issue. dovecot: imap(username): Error: quotactl(Q_GETQUOTA, /dev/sdb1) failed: Permission denied > 4) maybe you need to configure a limit, in order to enable quotas in > Dovecot at all. By this do you mean a user limit? I've set the default limit with "quota_rule = *:storage=1G". We aren't using a userdb so I tried using the passwd file method by appending the text "userdb_quota_rule=*:bytes=100M" to the end of the entries in /etc/passwd. So far this hasn't made any difference either, and even when doing that, doveadm still doesn't see what the user's limit is set to, it just shows zero (0). This puzzles me as I would think that it would at least show what the default limit is. > 5) maybe try the mount= option, http://wiki2.dovecot.org/Quota/FS I have tried that as well, so far no luck. >> then? I would prefer to let Dovecot enforce quotas rather than rely on the >> filesystem quota mechanism, but keep disk I/O down. > > Dunno if "rely" sounds like you don't trust it ;-) But you should place > INDEXes somewhere else, if you enforce quota via file system. Yes I did catch that in the documentation. I am currently looking at doing that after I get quotas working. I am still unclear as to how Dovecot actually enforces quotas when using the filesystem. I understand it must use the filesystem quotas for looking at the current disk usage for a user, but can Dovecot enforce the quotas on its own (for example, if I set the hard and soft limits of the user to 0 for filesystem quotas) or does Dovecot rely on the filesystem quotas to do the enforcement? Thank you again for the help. I will post back any additional information if I am able to get further on this. -- Chris From chris at apex-internet.com Fri Nov 14 14:29:35 2014 From: chris at apex-internet.com (Chris Szilagyi) Date: Fri, 14 Nov 2014 09:29:35 -0500 (EST) Subject: Understanding filesystem quotas In-Reply-To: <5465DDB1.9090105@thinline.cz> References: <32271.204.144.118.17.1415904256.squirrel@mail.apex-internet.com> <5465DDB1.9090105@thinline.cz> Message-ID: <22693.204.144.118.17.1415975375.squirrel@mail.apex-internet.com> >> >> 1) have enabled quotas on /home/username/mail, >> 2) have reloaded Dovecot after config change, >> 3) have read dovecot logs, if there are errors, and >> 4) maybe you need to configure a limit, in order to enable quotas in >> Dovecot at all. > > Tried on my server, seems like you're right - Dovecot is ignoring > quota_rule userdb field and grabs the soft limit from the filesystem. > OK good to know. So it sounds like Dovecot is relying on the filesystem quota system to do the enforcement. This makes sense, and explains why the Dovecot index files should be in an area outside of quotas. Thanks for your help. -- Chris From fernando.maule at c3k.it Fri Nov 14 14:31:00 2014 From: fernando.maule at c3k.it (Fernando Maule) Date: Fri, 14 Nov 2014 15:31:00 +0100 Subject: Dovecot wiki LMTP description In-Reply-To: <54660E68.9080503@tesco.net> References: <54660E68.9080503@tesco.net> Message-ID: <54661224.1010109@c3k.it> Hello Ron, On 14/11/2014 15:15, Ron Leach wrote: > > Does this example mean that LMTP will only listen for input messages > from the interface with IP address 192.168.0.24 (plus localhost)? If > so, I probably haven't understood how LMTP is intended to work. Is > there a reason why we want to limit LMTP to listening for messages > from a specific IP on the network? I need to understand that so that > I replace ...24 with a suitable host interface that exists on our LAN > (we don't have a host at 192.168.0.24). > No, it *listens* on that addresses (port 24) LMTP is intended for local mail transfer. The best way to use it, if dovecot LDA and MTA are on the same machine, is to use a unix socket like this (example for postfix): service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } if you prefer to use an inet listener, do it only for the needed addresses (not public / internet faced ones) or reject unauthorized networks. -FM From bourek at thinline.cz Fri Nov 14 14:52:02 2014 From: bourek at thinline.cz (Jiri Bourek) Date: Fri, 14 Nov 2014 15:52:02 +0100 Subject: Understanding filesystem quotas In-Reply-To: <22693.204.144.118.17.1415975375.squirrel@mail.apex-internet.com> References: <32271.204.144.118.17.1415904256.squirrel@mail.apex-internet.com> <5465DDB1.9090105@thinline.cz> <22693.204.144.118.17.1415975375.squirrel@mail.apex-internet.com> Message-ID: <54661712.5070508@thinline.cz> On 14.11.2014 15:29, Chris Szilagyi wrote: > >>> >>> 1) have enabled quotas on /home/username/mail, >>> 2) have reloaded Dovecot after config change, >>> 3) have read dovecot logs, if there are errors, and >>> 4) maybe you need to configure a limit, in order to enable quotas in >>> Dovecot at all. >> >> Tried on my server, seems like you're right - Dovecot is ignoring >> quota_rule userdb field and grabs the soft limit from the filesystem. >> > > OK good to know. So it sounds like Dovecot is relying on the filesystem > quota system to do the enforcement. Don't think so. From my experience when you have different soft and hard filesystem quota, Dovecot enforces the quota even when filesystem would allow writing more data (ie. when you are above soft quota but under hard quota.) From ronleach at tesco.net Fri Nov 14 15:39:06 2014 From: ronleach at tesco.net (Ron Leach) Date: Fri, 14 Nov 2014 15:39:06 +0000 Subject: Dovecot wiki LMTP description In-Reply-To: <5466106F.9090809@thelounge.net> References: <54660E68.9080503@tesco.net> <5466106F.9090809@thelounge.net> Message-ID: <5466221A.8010205@tesco.net> On 14/11/2014 14:23, Reindl Harald wrote: > > Am 14.11.2014 um 15:15 schrieb Ron Leach: > >> >> service lmtp { >> inet_listener lmtp { >> address = 192.168.0.24 127.0.0.1 ::1 >> port = 24 >> } >> >> Does this example mean that LMTP will only listen for input messages >> from the interface with IP address 192.168.0.24 (plus localhost)? If >> so, I probably haven't understood how LMTP is intended to work. Is >> there a reason why we want to limit LMTP to listening for messages from >> a specific IP on the network? > > no - it *listens* on that IP's > > the "address" exists for all other services too > a server likely has more than one interface / IP > Got it. Thanks, Harald, and Fernando. I had wondered whether the ...24 was just the example machine for the LMTP host but the wiki was silent on that so, rather than guess, I though it best to check. We will be running LMTP and Exim on the same machine so may leave the machine's external port 24 unserved. Grateful, Ron From skdovecot at smail.inf.fh-brs.de Fri Nov 14 15:43:01 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 14 Nov 2014 16:43:01 +0100 (CET) Subject: Understanding filesystem quotas In-Reply-To: <54747.204.144.118.17.1415975082.squirrel@mail.apex-internet.com> References: <32271.204.144.118.17.1415904256.squirrel@mail.apex-internet.com> <54747.204.144.118.17.1415975082.squirrel@mail.apex-internet.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Nov 2014, Chris Szilagyi wrote: >> 3) have read dovecot logs, if there are errors, and > > Quite a while after testing and posting this, these errors started showing > up in /var/log/maillog ... I'm currently investigating. This may be part of > the issue. > > dovecot: imap(username): Error: quotactl(Q_GETQUOTA, /dev/sdb1) failed: > Permission denied This is the reason, you do not get any "current" information about the quota Do you have SELinux in action? Run "sestatus" and "grep -i AVC /var/log/audit/audit.log" to identify SELinux caused denials, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGYjBXz1H7kL/d9rAQImVggAyEsEWYaTW0jP0LXdgV4s6zLKp1TkY+PW 7XukkU8YVvqqTenMrfZXKXGIdMj/DuKIs/AEe3YWcUH7R9x9gm8RJkcltdh2vgwY aeOrrNMAP4qn62EaHhlCccaKBVMEZbTRdsrz7kyBCn3t7DtHbJ9V4yWemtGZ1eg4 zWey9J4VONZZXU707xIkiXNaZox2MF3RPCJKVvSnLn5cY2NgqwHvjtil94g4qG1S K5q4BQdLURkgbAmDbo0Vs/GJQM4zD0E23zGMpFVqeVofROiwftA81MTf4t32MZ9+ UgoGJko/2hVsA14U/Ic5/iH91jgoHI6L8YzuxUpdn2uZft5T+WgeUw== =L2Jy -----END PGP SIGNATURE----- From chris at apex-internet.com Fri Nov 14 16:57:27 2014 From: chris at apex-internet.com (Chris Szilagyi) Date: Fri, 14 Nov 2014 11:57:27 -0500 (EST) Subject: Understanding filesystem quotas In-Reply-To: References: <32271.204.144.118.17.1415904256.squirrel@mail.apex-internet.com> <54747.204.144.118.17.1415975082.squirrel@mail.apex-internet.com> Message-ID: <12899.204.144.118.17.1415984247.squirrel@mail.apex-internet.com> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 14 Nov 2014, Chris Szilagyi wrote: > >>> 3) have read dovecot logs, if there are errors, and >> >> Quite a while after testing and posting this, these errors started showing >> up in /var/log/maillog ... I'm currently investigating. This may be part >> of >> the issue. >> >> dovecot: imap(username): Error: quotactl(Q_GETQUOTA, /dev/sdb1) failed: >> Permission denied > > This is the reason, you do not get any "current" information about the > quota > > Do you have SELinux in action? > Run "sestatus" and "grep -i AVC /var/log/audit/audit.log" to identify > SELinux caused denials, > Yes, I do use SELinux. I have tried setting "setenforce 0" however just as you mentioned these show up in the audit.log which I just found as well: type=AVC msg=audit(1415935621.946:8005): avc: denied { quotaget } for pid=27701 comm="imap" scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem I ended up following instructions in a SELinux FAQ to allow dovecot to use quotaget. Seems that Dovecot is still not reporting any quota usage though: Quota name Type Value Limit % User quota STORAGE 0 - 0 I also did a check by running "quota username" and it shows the hard/soft values set correctly. These are the steps I went through to correct the SELinux issue: audit2allow -m local -l -i /var/log/audit/audit.log > dovecotquotaget.te Edit and take out other lines in this file not pertaining to the quotaget issue. checkmodule -M -m -o dovecotquotaget.mod dovecotquotaget.te semodule_package -o dovecotquotaget.pp -m dovecotquotaget.mod semodule -i dovecotquotaget.pp I noticed this before but it doesn't seem that it queries quota usage every time the user connects via IMAP. I know this because I wasn't always getting the "Permission denied" errors until a while after I enabled quotas. If you have any further ideas please let me know. Thank you very much once again. -- Chris From doctor at doctor.nl2k.ab.ca Fri Nov 14 18:46:35 2014 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Fri, 14 Nov 2014 11:46:35 -0700 Subject: Evolution clientware and Dovecot Message-ID: <20141114184635.GA1064@doctor.nl2k.ab.ca> Got a customer using Evolution 2.12.3 and was using SSL and could not retrieve e-mail in the last week. Got the custome to turn off SSL and he was able to retrieve e-mail. Recently I compiled SSL so that any comprimise was removed and then all apps using SSL including dovecot was recompiled. Could this be an app/Evolution issue? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Lest we forget 2014 From bob at computerisms.ca Fri Nov 14 19:54:37 2014 From: bob at computerisms.ca (Bob Miller) Date: Fri, 14 Nov 2014 11:54:37 -0800 Subject: Evolution clientware and Dovecot In-Reply-To: <20141114184635.GA1064@doctor.nl2k.ab.ca> References: <20141114184635.GA1064@doctor.nl2k.ab.ca> Message-ID: <1415994877.27114.325.camel@worklian> Hi, On Fri, 2014-11-14 at 11:46 -0700, The Doctor wrote: > Got a customer using Evolution 2.12.3 and was using SSL and could not > retrieve e-mail in the last week. Got the custome to turn off > SSL and he was able to retrieve e-mail. > > Recently I compiled SSL so that any comprimise was removed > and then all apps using SSL including dovecot was recompiled. > > Could this be an app/Evolution issue? Yes, but could be other things too. did you confirm that you can connect to dovecot using openssl s_client? If you are using a self-signed cert, did your evolution user accept the certificate as opposed to denying it? From tss at iki.fi Fri Nov 14 22:33:15 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 14 Nov 2014 14:33:15 -0800 Subject: closed fd causes: lmtp(18385): Panic: epoll_ctl(del, 11) failed: Bad file descriptor In-Reply-To: References: Message-ID: On 13 Nov 2014, at 00:11, Steffen Kaiser wrote: >>> #4 0x00007fafdc2c0879 in i_panic (format=0x7fafdc3109fc "%s") at failures.c:276 >>> #5 0x00007fafdc2dcc85 in io_loop_handle_remove (io=0x2093920, closed=false) at ioloop-epoll.c:150 >>> #6 0x00007fafdc2d9f16 in io_remove_full (_io=0x205f078, closed=false) at ioloop.c:143 >>> #7 0x00007fafdc2d9f5d in io_remove (io=0x205f078) at ioloop.c:157 >>> #8 0x00007fafdc2e9d5c in stream_closed (fstream=0x205ef90) at ostream-file.c:57 >>> #9 0x00007fafdc2e9e13 in o_stream_file_close (stream=0x205ef90, close_parent=false) at ostream-file.c:78 >>> #10 0x00007fafdc2cb30d in io_stream_unref (stream=0x205ef90) at iostream.c:41 >>> #11 0x00007fafdc2e86ae in o_stream_unref (_stream=0x2079308) at ostream.c:88 >>> #12 0x00007fafdb69cb93 in openssl_iostream_free (ssl_io=0x20792e0) at iostream-openssl.c:273 >>> #13 0x00007fafdb69cce9 in openssl_iostream_unref (ssl_io=0x20792e0) at iostream-openssl.c:289 >>> #14 0x00007fafdc2b8bb9 in ssl_iostream_unref (_ssl_io=0x2079670) at iostream-ssl.c:126 >>> #15 0x00007fafdb6a011a in o_stream_ssl_destroy (stream=0x2079590) at ostream-openssl.c:28 >> >> Probably fixed by http://hg.dovecot.org/dovecot-2.2/rev/1632ae08c986 ? > > I forgot my hg version, sorry: > > Dovecot v2.2.15 (062230bdbc4d+) This then? http://hg.dovecot.org/dovecot-2.2/rev/2d87ec863b76 From chris at apex-internet.com Fri Nov 14 23:00:13 2014 From: chris at apex-internet.com (Chris Szilagyi) Date: Fri, 14 Nov 2014 18:00:13 -0500 Subject: Using dovecot-lda with sendmail Message-ID: <5466897D.9040708@apex-internet.com> Hello: I'm trying to get dovecot-lda to work with sendmail on a CentOS 7 server. I've tried following the instructions at the wiki, http://wiki2.dovecot.org/LDA/Sendmail, by adding the lines to /etc/mail/sendmail.mc, recompiling to /etc/mail/sendmail.cf and restarting sendmail -- the process for any sendmail config change. However it is still not working and in the maillog, it shows: sendmail[31949]: sAEM4GTt031742: to=, ctladdr= (1000/1000), delay=00:08:31, xdelay=00:00:00, mailer=local, pri=210942, dsn=4.0.0, stat=Deferred: local mailer (/usr/libexec/dovecot/dovecot-lda) exited with EX_TEMPFAIL I verified that SELinux is not interfering in this case. I see talk of having sendmail run /usr/libexec/dovecot/dovecot-lda as other users, but I see that the file on my system is uid/gid as: root/root. Is there a way to get this working? Thanks much! -- Chris From ndpthanh at gmail.com Sat Nov 15 00:46:27 2014 From: ndpthanh at gmail.com (Nguyen Dinh Phuoc Thanh) Date: Sat, 15 Nov 2014 00:46:27 +0000 (UTC) Subject: Dovecot Cur and New Directories are empty References: Message-ID: Joseph Tam gmail.com> writes: > > > Nguyen Dinh Phuoc Thanh writes: > > > Recently, we faced an issue with dovecot. Mail delivered to New > > directory, but after we used Outlook to connect with POP3 protocol, > > there was no email delivered to Outlook and New/Cur directory was empty. > > If we don't use Outlook to connect, after a few minutes, it is empty > > also. > > Would you please help me to solve this issue? > > Another POP3 client accessing the same account but not configured > to keep message on server? Check logs to rule that out. > > Joseph Tam gmail.com> > > Thank you for your support, Joseph Tam. There is no other POP3 client connect to the server. In addition, when checking the log file, there is no "delete" or "expunge" action. It is very strange that after: Nov 14 16:23:50 mail postfix/pipe[6257]: 143F1C0C60:to=ndpthanh at xxx.com> , relay=dovecot, delay=0.23, delays=0.01/0/0/0.22, dsn=2.0.0, status=sent (delivered via dovecot service) the message disappear from New/Cur dir. Hope to receive the advices from you. Thanh From ndpthanh at gmail.com Sat Nov 15 04:00:32 2014 From: ndpthanh at gmail.com (Nguyen Dinh Phuoc Thanh) Date: Sat, 15 Nov 2014 04:00:32 +0000 (UTC) Subject: Dovecot Cur and New Directories are empty References: Message-ID: Hi, I changed the password for that account, it solved the issue. Thank you for your support! Thanh From tom at whyscream.net Sat Nov 15 13:18:42 2014 From: tom at whyscream.net (Tom Hendrikx) Date: Sat, 15 Nov 2014 14:18:42 +0100 Subject: Using dovecot-lda with sendmail In-Reply-To: <5466897D.9040708@apex-internet.com> References: <5466897D.9040708@apex-internet.com> Message-ID: <546752B2.70400@whyscream.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 15-11-14 00:00, Chris Szilagyi wrote: > Hello: > > I'm trying to get dovecot-lda to work with sendmail on a CentOS 7 > server. I've tried following the instructions at the wiki, > http://wiki2.dovecot.org/LDA/Sendmail, by adding the lines to > /etc/mail/sendmail.mc, recompiling to /etc/mail/sendmail.cf and > restarting sendmail -- the process for any sendmail config change. > However it is still not working and in the maillog, it shows: > > sendmail[31949]: sAEM4GTt031742: to=, > ctladdr= (1000/1000), delay=00:08:31, > xdelay=00:00:00, mailer=local, pri=210942, dsn=4.0.0, > stat=Deferred: local mailer (/usr/libexec/dovecot/dovecot-lda) > exited with EX_TEMPFAIL > > I verified that SELinux is not interfering in this case. > > I see talk of having sendmail run /usr/libexec/dovecot/dovecot-lda > as other users, but I see that the file on my system is uid/gid as: > root/root. > > Is there a way to get this working? Thanks much! > It seems that sendamil is running the lda, but the lda has problems that are reported by by exiting with tempfail. You should check the logging that is emitted by dovecot-lda to find what the problem is. Ownership of the binary should not be one of them, I think, but show us logging from dovecot-lda and we can tell you more. 'dovecot -n' output would also help a lot. Regards, Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUZ1KuAAoJEJPfMZ19VO/1iPIP/jMZsmCEvPpcTgLoIdU0/Nig lTPk1NlXYfxyQhYQan1pvpNRvGuVjRvYQMJyTtYKuXlHKqVhlw3R1+ma5uvUNiUr 81vh+cX8r5beKwD0+l+LJCu8/pDr30xggauMndCJ4hIGdtjAwp19DB+eBPpOz46Y zxPc0B4fx7MPTwJJkmt9xKomuz6/EB96L8NFaurgDxpP9xZjPuo2Sr5i9gbwYBr7 x6EtoksBe/9pUo8M/NMNE4miIMyn0bBtgEc6sZ6PFMIPj9+qPIhTShDMAQnXdKSl gPCxCN5GhQF1sYDgu7GQ0pCmTxbaIOGfn4/o9lLuUTk0uj20bQ/pOJCipz0A/Zig rJHxFDp1kS2/JWKqQtqWZvGfsBz8ubAJUcOOtuu0I2hbU/215eY7rTbBojFtRQxD 7TCyOnSDOcjQ7AAlUPDhbAxmhEReiZMHNP4IsdqEFuw0MG3v5PFHdVzLh3P1kV6e yHyibVakQWUCTrqpxPuPnCJE0IJ2jmvYqOz6aAV1mKrdkjLddt4DsuvJ1093M9vw O49pPt+PhDQoPlDhVW6gZBaUiUc1O6ZKsGSAGkvIQyk2YqKqQvMjnegQlHgr6HQ9 oFtSmrTjcE38gJGyi4YgmweWH/R1x6YcU8jxbAz1tdFbhN7zD0kEsmXe8xqHcGVj jGD5h9UrFrbFIERAZQKQ =/fSL -----END PGP SIGNATURE----- From chris at apex-internet.com Sat Nov 15 14:26:46 2014 From: chris at apex-internet.com (Chris Szilagyi) Date: Sat, 15 Nov 2014 09:26:46 -0500 (EST) Subject: Using dovecot-lda with sendmail In-Reply-To: <546752B2.70400@whyscream.net> References: <5466897D.9040708@apex-internet.com> <546752B2.70400@whyscream.net> Message-ID: <41229.192.168.3.2.1416061606.squirrel@mail.apex-internet.com> > > It seems that sendamil is running the lda, but the lda has problems > that are reported by by exiting with tempfail. You should check the > logging that is emitted by dovecot-lda to find what the problem is. > > Ownership of the binary should not be one of them, I think, but show > us logging from dovecot-lda and we can tell you more. 'dovecot -n' > output would also help a lot. > > Regards, > Tom I've enabled dovecot-lda logging with: protocol lda { log_path = info_log_path = syslog_facility = mail } However it's not producing any entries in the mail syslog. I'm wondering if it's not even executing dovecot-lda then. As a test I tried running "/usr/libexec/dovecot/dovecot-lda -d username" directly as root to see what happens, and I got a blank email delivered to "username" OK. So based on this I think lda is OK? I am not seeing any errors logged when sendmail tries to use dovecot-lda though. Here's what "dovecot -n" shows: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.9.2.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Core) ext4 mail_location = mbox:/mail/home/%u/mail:INBOX=/mail/spool/%u mail_plugins = " quota" mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = prefix = } passdb { driver = pam } plugin { quota = fs:User quota:user quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster at localhost protocols = imap pop3 sieve service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = References: <5466897D.9040708@apex-internet.com> <546752B2.70400@whyscream.net> <41229.192.168.3.2.1416061606.squirrel@mail.apex-internet.com> Message-ID: <41515.192.168.3.2.1416064622.squirrel@mail.apex-internet.com> > >> >> It seems that sendamil is running the lda, but the lda has problems >> that are reported by by exiting with tempfail. You should check the >> logging that is emitted by dovecot-lda to find what the problem is. >> >> Ownership of the binary should not be one of them, I think, but show >> us logging from dovecot-lda and we can tell you more. 'dovecot -n' >> output would also help a lot. >> >> Regards, >> Tom > > I've enabled dovecot-lda logging with: > > protocol lda { > log_path = > info_log_path = > syslog_facility = mail > } > > However it's not producing any entries in the mail syslog. I'm wondering if > it's not even executing dovecot-lda then. As a test I tried running > "/usr/libexec/dovecot/dovecot-lda -d username" directly as root to see what > happens, and I got a blank email delivered to "username" OK. So based on > this I think lda is OK? I am not seeing any errors logged when sendmail > tries to use dovecot-lda though. > > Here's what "dovecot -n" shows: > > # 2.2.10: /etc/dovecot/dovecot.conf > # OS: Linux 3.10.0-123.9.2.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 > (Core) ext4 > mail_location = mbox:/mail/home/%u/mail:INBOX=/mail/spool/%u > mail_plugins = " quota" > mail_privileged_group = mail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave > mbox_write_locks = fcntl > namespace inbox { > inbox = yes > location = > prefix = > } > passdb { > driver = pam > } > plugin { > quota = fs:User quota:user > quota_rule = *:storage=1G > quota_rule2 = Trash:storage=+100M > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > postmaster_address = postmaster at localhost > protocols = imap pop3 sieve > service managesieve-login { > inet_listener sieve { > port = 4190 > } > } > ssl_cert = ssl_key = userdb { > driver = passwd > } > protocol lda { > info_log_path = > log_path = > syslog_facility = mail > } > protocol imap { > mail_plugins = " quota imap_quota" > } > > > Thank you very much for any further thoughts on this. > -- > Chris > These errors just started showing up in the mail syslog, FINALLY. Not sure why it took this long. dovecot: lda(username): Fatal: setresgid(1000(username),1000(username),12(mail)) failed with euid=0(root): Operation not permitted After turning off SELinux, mail was finally being delivered! So, I adjusted SELinux to allow a few denied errors for dovecot-lda (including filesystem quotas): audit2allow -m local -l -i /var/log/audit/audit.log > dovecotlda.te Then, verified the contents of "dovecotlda.te": module local 1.0; require { type fs_t; type mqueue_spool_t; type dovecot_deliver_t; class capability { setuid setgid }; class file write; class filesystem quotaget; } #============= dovecot_deliver_t ============== allow dovecot_deliver_t fs_t:filesystem quotaget; allow dovecot_deliver_t mqueue_spool_t:file write; allow dovecot_deliver_t self:capability { setuid setgid }; Then create the policy file and activate it: checkmodule -M -m -o dovecotlda.mod dovecotlda.te semodule_package -o dovecotlda.pp -m dovecotlda.mod semodule -i dovecotlda.pp Now with SELinux enforcing, I'm getting mail delivered OK. Also just to confirm, this is the line I'm using in /etc/mail/sendmail.mc: FEATURE(`local_procmail', `/usr/libexec/dovecot/dovecot-lda',`/usr/libexec/dovecot/dovecot-lda -d $u')dnl Thanks again for the help, hopefully this helps others in the future with sendmail. -- Chris From chris at apex-internet.com Sat Nov 15 18:05:22 2014 From: chris at apex-internet.com (Chris Szilagyi) Date: Sat, 15 Nov 2014 13:05:22 -0500 Subject: Understanding filesystem quotas In-Reply-To: <12899.204.144.118.17.1415984247.squirrel@mail.apex-internet.com> References: <32271.204.144.118.17.1415904256.squirrel@mail.apex-internet.com> <54747.204.144.118.17.1415975082.squirrel@mail.apex-internet.com> <12899.204.144.118.17.1415984247.squirrel@mail.apex-internet.com> Message-ID: <546795E2.4020007@apex-internet.com> On 11/14/2014 11:57 AM, Chris Szilagyi wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Fri, 14 Nov 2014, Chris Szilagyi wrote: >> >>>> 3) have read dovecot logs, if there are errors, and >>> Quite a while after testing and posting this, these errors started showing >>> up in /var/log/maillog ... I'm currently investigating. This may be part >>> of >>> the issue. >>> >>> dovecot: imap(username): Error: quotactl(Q_GETQUOTA, /dev/sdb1) failed: >>> Permission denied >> This is the reason, you do not get any "current" information about the >> quota >> >> Do you have SELinux in action? >> Run "sestatus" and "grep -i AVC /var/log/audit/audit.log" to identify >> SELinux caused denials, >> I've resolved the SELinux issues but still it refuses to read filesystem quotas. As a test I switched the quota plugin to use the "dirsize" backend instead of "fs", and quotas are now working great! I mis-read this before about using "dirsize" thinking that it would be slow for mbox format, but it seems to only be slow for the maildir format. I'm assuming this is because mbox only has one file per folder. We use mbox so we're good to go. Thanks again for everyone's help. -- Chris From lucabert at lucabert.de Sat Nov 15 19:00:13 2014 From: lucabert at lucabert.de (Luca Bertoncello) Date: Sat, 15 Nov 2014 20:00:13 +0100 Subject: Understanding why Dovecot unexpectedly died Message-ID: <20141115200013.7ca5d008@frodo.lucabert.intra> Hi list! I use Dovecot 1.2.17 (I can't upgrade right now, due to many reasons), controlled by Pacemaker (I have an HA-Cluster). Now I see that Pacemaker restarts often Dovecot. I wrote my own script to manage Dovecot, since Pacemaker does not have his own. My script, by the "monitor" section has this: monitor) if [ ! -e $OCF_RESKEY_pid ]; then echo "stopped (no pidfile)" echo "DOVECOT STOPPED - NO PIDFILE" | /usr/bin/logger -p local0.info -t DOVECOT-MONITOR -i exit $OCF_NOT_RUNNING else /bin/ps axuwf | /bin/grep `/bin/cat $OCF_RESKEY_pid` | /bin/grep -v grep > /dev/null 2>&1 if [ $? -ne 0 ]; then echo "stopped" echo "DOVECOT STOPPED - NO PROCESS" | /usr/bin/logger -p local0.info -t DOVECOT-MONITOR -i exit $OCF_NOT_RUNNING else if [ "`/bin/netstat -tupan | /bin/grep dovecot | /bin/grep $OCF_RESKEY_bindaddr | /usr/bin/wc -l`" -ne 0 ]; then exit $OCF_SUCCESS else echo "DOVECOT STOPPED - NO LISTEN [`/bin/netstat -tupan | /bin/grep dovecot`]" | /usr/bin/logger -p local0.info -t DOVECOT-MONITOR -i exit $OCF_ERR_GENERIC fi fi fi exit $OCF_SUCCESS ;; The "loggers" was added now to try to understand why it dies... Well, I can see in my syslog, when Pacemaker restarts Dovecot, these lines: ov 15 18:59:09 mail01 DOVECOT-MONITOR[530]: DOVECOT STOPPED - NO LISTEN [tcp 0 0 192.168.33.1:37545 192.168.33.3:3306 ESTABLISHED 637/dovecot-auth Nov 15 18:59:09 mail01 DOVECOT-MONITOR[530]: tcp 0 0 192.168.33.1:37537 192.168.33.3:3306 ESTABLISHED 529/dovecot-auth] So, there is no "dovecot"-Process listening anymore... Normally I have these: tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 634/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 634/dovecot tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 634/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 634/dovecot tcp 0 0 192.168.33.1:40994 192.168.33.3:3306 VERBUNDEN 891/dovecot-auth tcp 0 0 192.168.33.1:40984 192.168.33.3:3306 VERBUNDEN 638/dovecot-auth tcp6 0 0 :::110 :::* LISTEN 634/dovecot tcp6 0 0 :::143 :::* LISTEN 634/dovecot tcp6 0 0 :::993 :::* LISTEN 634/dovecot tcp6 0 0 :::995 :::* LISTEN 634/dovecot In the mail.log and mail.err I can't see anything but: Nov 15 18:59:13 mail01 dovecot: Dovecot v1.2.17 starting up Nov 15 18:59:13 mail01 dovecot: auth-worker(default): mysql: Connected to 192.168.33.3 (exim) And in the syslos there is nothing about Dovecot... Any idea? Thanks a lot! Luca Bertoncello (lucabert at lucabert.de) From ronleach at tesco.net Sat Nov 15 23:03:47 2014 From: ronleach at tesco.net (Ron Leach) Date: Sat, 15 Nov 2014 23:03:47 +0000 Subject: 2.2.15: SMTP submission server? Message-ID: <5467DBD3.6020400@tesco.net> List, we're migrating to 2.2 from a 1.x version. There has been mention from time to time of a dovecot SMTP submission server. Last I saw was Timo suggesting this would be a 2.3 feature, but that there was already a 'basic' capability in 2.2 that, more or less, merely provided a secured/authorised SMTP submission. I haven't found anything about this in the wiki, but the feature is of interest to us. I would like to *not* have our MTA capable of being exploited as a relay (it isn't, at the moment) whereas users are logging into our dovecot from offsite using imaps with passwords. While moving to 2.2, I'd like to try to use a secure SMTP submission *separate* from the MTA so that that software, with whatever vulnerabilities or weaknesses it might have, remained locked down and could not relay, if at all possible. (Imaps with passwords means the login details are not transmitted in cleartext and, so, leak no security to an observer of the communications channel. Doubtless there are other weaknesses somewhere but, at least, when using hotel wifi, for example, there is little chance of revealing login details to a packet sniffer. It won't be perfect, there are probably other vulnerabilities, not least in the underlying OSs at each end, but the connection - which is a serious vulnerability in many places - will be as good as is practical to make it.) So, is there some kind of SMTP submission service for a logged in dovecot user, and how would a client make use of that? Is it possible to setup 2.2.15 for this? And, crucially, would the connections between the client (eg at a hotel in some unreliable location) be encrypted right from the start, not using STARTTLS, as is the case in imaps? And, just to be really demanding, could we configure its use on a non-standard port? regards, Ron From h.reindl at thelounge.net Sun Nov 16 01:24:39 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 16 Nov 2014 02:24:39 +0100 Subject: 2.2.15: SMTP submission server? In-Reply-To: <5467DBD3.6020400@tesco.net> References: <5467DBD3.6020400@tesco.net> Message-ID: <5467FCD7.1010208@thelounge.net> to make it short * dovecot is no MTA submission server * if you find a security issue in postfix running on 587 over TLS cry out loud * dovecot offers a SASL provider for postfix submission that's it and if you think that combination is not secure enough pull the network cables Am 16.11.2014 um 00:03 schrieb Ron Leach: > List, we're migrating to 2.2 from a 1.x version. There has been mention > from time to time of a dovecot SMTP submission server. Last I saw was > Timo suggesting this would be a 2.3 feature, but that there was already > a 'basic' capability in 2.2 that, more or less, merely provided a > secured/authorised SMTP submission. I haven't found anything about this > in the wiki, but the feature is of interest to us. I would like to > *not* have our MTA capable of being exploited as a relay (it isn't, at > the moment) whereas users are logging into our dovecot from offsite > using imaps with passwords. While moving to 2.2, I'd like to try to use > a secure SMTP submission *separate* from the MTA so that that software, > with whatever vulnerabilities or weaknesses it might have, remained > locked down and could not relay, if at all possible. > > (Imaps with passwords means the login details are not transmitted in > cleartext and, so, leak no security to an observer of the communications > channel. Doubtless there are other weaknesses somewhere but, at least, > when using hotel wifi, for example, there is little chance of revealing > login details to a packet sniffer. It won't be perfect, there are > probably other vulnerabilities, not least in the underlying OSs at each > end, but the connection - which is a serious vulnerability in many > places - will be as good as is practical to make it.) > > So, is there some kind of SMTP submission service for a logged in > dovecot user, and how would a client make use of that? Is it possible > to setup 2.2.15 for this? And, crucially, would the connections between > the client (eg at a hotel in some unreliable location) be encrypted > right from the start, not using STARTTLS, as is the case in imaps? And, > just to be really demanding, could we configure its use on a > non-standard port? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Sun Nov 16 07:24:42 2014 From: rs at sys4.de (Robert Schetterer) Date: Sun, 16 Nov 2014 08:24:42 +0100 Subject: 2.2.15: SMTP submission server? In-Reply-To: <5467FCD7.1010208@thelounge.net> References: <5467DBD3.6020400@tesco.net> <5467FCD7.1010208@thelounge.net> Message-ID: <5468513A.7010109@sys4.de> Am 16.11.2014 um 02:24 schrieb Reindl Harald: > to make it short > > * dovecot is no MTA submission server submission server in dovecot is on its way ( my last info ) > * if you find a security issue in postfix running > on 587 over TLS cry out loud > * dovecot offers a SASL provider for postfix submission yeah > > that's it and if you think that combination is not secure enough pull > the network cables > > Am 16.11.2014 um 00:03 schrieb Ron Leach: >> List, we're migrating to 2.2 from a 1.x version. There has been mention >> from time to time of a dovecot SMTP submission server. Last I saw was >> Timo suggesting this would be a 2.3 feature, but that there was already >> a 'basic' capability in 2.2 that, more or less, merely provided a >> secured/authorised SMTP submission. I haven't found anything about this >> in the wiki, but the feature is of interest to us. I would like to >> *not* have our MTA capable of being exploited as a relay (it isn't, at >> the moment) whereas users are logging into our dovecot from offsite >> using imaps with passwords. While moving to 2.2, I'd like to try to use >> a secure SMTP submission *separate* from the MTA so that that software, >> with whatever vulnerabilities or weaknesses it might have, remained >> locked down and could not relay, if at all possible. >> >> (Imaps with passwords means the login details are not transmitted in >> cleartext and, so, leak no security to an observer of the communications >> channel. Doubtless there are other weaknesses somewhere but, at least, >> when using hotel wifi, for example, there is little chance of revealing >> login details to a packet sniffer. It won't be perfect, there are >> probably other vulnerabilities, not least in the underlying OSs at each >> end, but the connection - which is a serious vulnerability in many >> places - will be as good as is practical to make it.) >> >> So, is there some kind of SMTP submission service for a logged in >> dovecot user, and how would a client make use of that? Is it possible >> to setup 2.2.15 for this? And, crucially, would the connections between >> the client (eg at a hotel in some unreliable location) be encrypted >> right from the start, not using STARTTLS, as is the case in imaps? And, >> just to be really demanding, could we configure its use on a >> non-standard port? > i dont see your point... Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From grm.ales at gmail.com Sun Nov 16 13:05:52 2014 From: grm.ales at gmail.com (=?UTF-8?B?QWxlxaEgR3Jt?=) Date: Sun, 16 Nov 2014 14:05:52 +0100 Subject: Dovecot POP3 STARTTLS works on Thunderbird but not on Gmail Message-ID: Hello, I have configured Dovecot to work perfectly on Thundrebird using SSL certificates with STARTTLS on port 110. When I try to add this account on Gmail I get the error: Nov 16 14:04:17 mail dovecot: auth: Debug: auth client connected (pid=31587) Nov 16 14:04:17 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=209.85.160.136, lip=192.168.100.94, session= In Gmail my settings include port 110 and the use of SSL is checked. Dovecot configuration: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no hostname = kopitarna.eu mail_debug = yes mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } postmaster_address = postmaster at kopitarna.eu protocols = " imap pop3" ssl_cert = References: Message-ID: <5468A44C.4030300@thelounge.net> Am 16.11.2014 um 14:05 schrieb Ale? Grm: > I have configured Dovecot to work perfectly on Thundrebird using SSL > certificates with STARTTLS on port 110. When I try to add this account on > Gmail I get the error: > > In Gmail my settings include port 110 and the use of SSL is checked. > Dovecot configuration: > > Any idea why does it work with Thunderbird and not with Gmail? surely - gmail wants 995 instead 110 (means not STARTTLS) and don't accept self signed certificates BTW -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From grm.ales at gmail.com Sun Nov 16 14:27:49 2014 From: grm.ales at gmail.com (=?UTF-8?B?QWxlxaEgR3Jt?=) Date: Sun, 16 Nov 2014 15:27:49 +0100 Subject: Dovecot POP3 STARTTLS works on Thunderbird but not on Gmail In-Reply-To: <5468A44C.4030300@thelounge.net> References: <5468A44C.4030300@thelounge.net> Message-ID: Ok, I tried on port 995, and on Gmail I get "SSL error: unable to verify the first certificate". Certificate is not self-signed (using StartCOM). The log now shows: Nov 16 14:37:52 mail dovecot: auth: Debug: auth client connected (pid=31923) Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [209.85.213.23] Nov 16 14:37:53 mail dovecot: pop3-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [209.85.213.23] Nov 16 14:37:53 mail dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=209.85.213.23, lip=192.168.100.94, TLS: Disconnected, session= ^C Could the form of public part of certificate be wrong? I'm using only .CRT. On 16 Nov 2014 14:19, "Reindl Harald" wrote: > > Am 16.11.2014 um 14:05 schrieb Ale? Grm: > >> I have configured Dovecot to work perfectly on Thundrebird using SSL >> certificates with STARTTLS on port 110. When I try to add this account on >> Gmail I get the error: >> >> In Gmail my settings include port 110 and the use of SSL is checked. >> Dovecot configuration: >> >> Any idea why does it work with Thunderbird and not with Gmail? >> > > surely - gmail wants 995 instead 110 (means not STARTTLS) and don't accept > self signed certificates BTW > > From h.reindl at thelounge.net Sun Nov 16 14:34:01 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 16 Nov 2014 15:34:01 +0100 Subject: Dovecot POP3 STARTTLS works on Thunderbird but not on Gmail In-Reply-To: References: <5468A44C.4030300@thelounge.net> Message-ID: <5468B5D9.8020408@thelounge.net> Am 16.11.2014 um 15:27 schrieb Ale? Grm: > Ok, I tried on port 995, and on Gmail I get "SSL error: unable to verify > the first certificate". Certificate is not self-signed (using StartCOM) > > Could the form of public part of certificate be wrong? I'm using only .CRT on *any* server you need to setup the chain correctly https://www.google.at/#q=startssl+intermediate+certificate that's not dovecot specific and not doing so means you rely on the grace of the client which may or may not have the full chain in his trust store P.S.: for clients like MS Outlook you need port 993/995 anyways > On 16 Nov 2014 14:19, "Reindl Harald" wrote: > >> >> Am 16.11.2014 um 14:05 schrieb Ale? Grm: >> >>> I have configured Dovecot to work perfectly on Thundrebird using SSL >>> certificates with STARTTLS on port 110. When I try to add this account on >>> Gmail I get the error: >>> >>> In Gmail my settings include port 110 and the use of SSL is checked. >>> Dovecot configuration: >>> >>> Any idea why does it work with Thunderbird and not with Gmail? >>> >> >> surely - gmail wants 995 instead 110 (means not STARTTLS) and don't accept >> self signed certificates BTW -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From grm.ales at gmail.com Sun Nov 16 14:59:50 2014 From: grm.ales at gmail.com (=?UTF-8?B?QWxlxaEgR3Jt?=) Date: Sun, 16 Nov 2014 15:59:50 +0100 Subject: Dovecot POP3 STARTTLS works on Thunderbird but not on Gmail In-Reply-To: <5468B5D9.8020408@thelounge.net> References: <5468A44C.4030300@thelounge.net> <5468B5D9.8020408@thelounge.net> Message-ID: That was it, thank you very much. I forgot about it when I read the docs. On 16 November 2014 15:34, Reindl Harald wrote: > > > Am 16.11.2014 um 15:27 schrieb Ale? Grm: > >> Ok, I tried on port 995, and on Gmail I get "SSL error: unable to verify >> the first certificate". Certificate is not self-signed (using StartCOM) >> >> Could the form of public part of certificate be wrong? I'm using only .CRT >> > > on *any* server you need to setup the chain correctly > https://www.google.at/#q=startssl+intermediate+certificate > > that's not dovecot specific and not doing so means you rely on the grace > of the client which may or may not have the full chain in his trust store > > P.S.: for clients like MS Outlook you need port 993/995 anyways > > > On 16 Nov 2014 14:19, "Reindl Harald" wrote: >> >> >>> Am 16.11.2014 um 14:05 schrieb Ale? Grm: >>> >>> I have configured Dovecot to work perfectly on Thundrebird using SSL >>>> certificates with STARTTLS on port 110. When I try to add this account >>>> on >>>> Gmail I get the error: >>>> >>>> In Gmail my settings include port 110 and the use of SSL is checked. >>>> Dovecot configuration: >>>> >>>> Any idea why does it work with Thunderbird and not with Gmail? >>>> >>>> >>> surely - gmail wants 995 instead 110 (means not STARTTLS) and don't >>> accept >>> self signed certificates BTW >>> >> > From brad at comstyle.com Mon Nov 17 02:18:57 2014 From: brad at comstyle.com (Brad Smith) Date: Sun, 16 Nov 2014 21:18:57 -0500 Subject: 2.2.15: SMTP submission server? In-Reply-To: <5468513A.7010109@sys4.de> References: <5467DBD3.6020400@tesco.net> <5467FCD7.1010208@thelounge.net> <5468513A.7010109@sys4.de> Message-ID: <54695B11.8090201@comstyle.com> On 11/16/14 02:24, Robert Schetterer wrote: > Am 16.11.2014 um 02:24 schrieb Reindl Harald: >> to make it short >> >> * dovecot is no MTA submission server > > submission server in dovecot is on its way ( my last info ) > >> * if you find a security issue in postfix running >> on 587 over TLS cry out loud >> * dovecot offers a SASL provider for postfix submission > > yeah > >> >> that's it and if you think that combination is not secure enough pull >> the network cables >> >> Am 16.11.2014 um 00:03 schrieb Ron Leach: >>> List, we're migrating to 2.2 from a 1.x version. There has been mention >>> from time to time of a dovecot SMTP submission server. Last I saw was >>> Timo suggesting this would be a 2.3 feature, but that there was already >>> a 'basic' capability in 2.2 that, more or less, merely provided a >>> secured/authorised SMTP submission. I haven't found anything about this >>> in the wiki, but the feature is of interest to us. I would like to >>> *not* have our MTA capable of being exploited as a relay (it isn't, at >>> the moment) whereas users are logging into our dovecot from offsite >>> using imaps with passwords. While moving to 2.2, I'd like to try to use >>> a secure SMTP submission *separate* from the MTA so that that software, >>> with whatever vulnerabilities or weaknesses it might have, remained >>> locked down and could not relay, if at all possible. >>> >>> (Imaps with passwords means the login details are not transmitted in >>> cleartext and, so, leak no security to an observer of the communications >>> channel. Doubtless there are other weaknesses somewhere but, at least, >>> when using hotel wifi, for example, there is little chance of revealing >>> login details to a packet sniffer. It won't be perfect, there are >>> probably other vulnerabilities, not least in the underlying OSs at each >>> end, but the connection - which is a serious vulnerability in many >>> places - will be as good as is practical to make it.) >>> >>> So, is there some kind of SMTP submission service for a logged in >>> dovecot user, and how would a client make use of that? Is it possible >>> to setup 2.2.15 for this? And, crucially, would the connections between >>> the client (eg at a hotel in some unreliable location) be encrypted >>> right from the start, not using STARTTLS, as is the case in imaps? And, >>> just to be really demanding, could we configure its use on a >>> non-standard port? >> > > i dont see your point... There isn't. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ronleach at tesco.net Mon Nov 17 07:23:48 2014 From: ronleach at tesco.net (Ron Leach) Date: Mon, 17 Nov 2014 07:23:48 +0000 Subject: 2.2.15: SMTP submission server? In-Reply-To: <5468513A.7010109@sys4.de> References: <5467DBD3.6020400@tesco.net> <5467FCD7.1010208@thelounge.net> <5468513A.7010109@sys4.de> Message-ID: <5469A284.2020704@tesco.net> On 16/11/2014 07:24, Robert Schetterer wrote (re-ordered): > Am 16.11.2014 um 02:24 schrieb Reindl Harald: > >> * if you find a security issue in postfix running >> on 587 over TLS cry out loud I'm thinking beyond that; I want to get to the position that when there is an issue in the MTA, our systems are less exposed than they might otherwise be. It's not about the MTA. >> >> that's it and if you think that combination is not secure enough pull >> the network cables >> That's pretty much what we have at the moment, but we need to be able to submit from offsite, and I'm keen to implement that together with our migration to 2.2. Of course offsite submission is easy, but in our experience that is also vulnerable. >> Am 16.11.2014 um 00:03 schrieb Ron Leach: >>> There has been mention >>> from time to time of a dovecot SMTP submission server. Last I saw was >>> Timo suggesting this would be a 2.3 feature, but that there was already >>> a 'basic' capability in 2.2 that, more or less, merely provided a >>> secured/authorised SMTP submission. I would like to >>> *not* have our MTA capable of being exploited as a relay (it isn't, at >>> the moment) whereas users are logging into our dovecot from offsite >>> using imaps with passwords. >>> [snip most of background] >>> >>> So, is there some kind of SMTP submission service for a logged in >>> dovecot user, and how would a client make use of that? Is it possible >>> to setup 2.2.15 for this? And, crucially, would the connections between >>> the client (eg at a hotel in some unreliable location) be encrypted >>> right from the start, not using STARTTLS, as is the case in imaps? And, >>> just to be really demanding, could we configure its use on a >>> non-standard port? >> > > i dont see your point... > I wondered whether the background might hinder an answer but it normally helps, I'm sorry it was unclear, and especially so since you took the time to read it. Let me list the approach we'd prefer: (i) MTA open on port 25 for inbound email. (ii) MTA not open on any other port, because (for example, our) MTAs are constantly faced on port 25 with password attacks, malformed packets, malformed messages that contain scripts, and malformed protocol sequences; all these show up in the logs. In the past, at least one of those succeeded. We have a saying: 'once bitten, twice shy'. So, now I would prefer that any MTA we use (that is capable of outbound messaging) be *not* capable of relaying from any inbound SMTP protocol. (Because inbound SMTP is the focus of so much attack. Though current versions of MTAs are conscientiously engineered to be as secure as is practical, they will be broken. They may even be broken through no action or omission of their own designers; you may have seen recent discussions on a cryptography list [1] where the optimising option in a popular tool chain resulted in some protection algorithm being rendered ineffective. But that's just one example of a long line of subsequently revealed security weaknesses, so architectures based on assumptions that the implementations are now perfect and that they will remain perfect even though the toolchains, the OSs, the crypto routines and the attacks evolve would be ill-founded. And attacks don't become weaker, they constantly improve.) (iii) Users who are logged in to Dovecot (ie, authorised by Dovecot, so not authorised by any software which is subject of attack and which will be compromised from time to time) able to submit outbound messages through Dovecot on the internal network to an MTA which will only relay from the internal network. (iv) No use of STARTTLS; all client messaging to be secure at and from the point of protocol initiation. SSL=required, in terms of the Dovecot conf. This type of approach goes some way towards limiting the exposure from a compromised MTA (attacks will succeed, from time to time), irrespective of the cause of that compromise. (Let me be clear, I am sure any compromise will be unexpected and undeserved by the highly respected and careful and committed designers of the leading MTAs; the compromises that occur will be despite their efforts.) Simply, I'm trying to create a mail environment where remote submission of outbound mail is practical, whilst ensuring that any MTA compromise can be undamaging. > > submission server in dovecot is on its way ( my last info ) > So I guess the basic SMTP submission feature is not in 2.2. Off topic for Dovecot list, but I might think instead about separate inbound and outbound MTAs to achieve containment of inbound MTA compromise. Robert (and Harald), thanks, Ron [1] Among very many threads, on GCC bug 30475, in April this year: http://www.metzdowd.com/pipermail/cryptography/2014-April/021074.html From rs at sys4.de Mon Nov 17 07:45:39 2014 From: rs at sys4.de (Robert Schetterer) Date: Mon, 17 Nov 2014 08:45:39 +0100 Subject: 2.2.15: SMTP submission server? In-Reply-To: <5469A284.2020704@tesco.net> References: <5467DBD3.6020400@tesco.net> <5467FCD7.1010208@thelounge.net> <5468513A.7010109@sys4.de> <5469A284.2020704@tesco.net> Message-ID: <5469A7A3.2020707@sys4.de> Am 17.11.2014 um 08:23 schrieb Ron Leach: >> >> submission server in dovecot is on its way ( my last info ) >> > > So I guess the basic SMTP submission feature is not in 2.2. i guess it will released, when it is ready meanwhile use i.e postfix, follow best practice advices, decide what security fits best to your needs. I agree this might be difficult sometimes but you always have have the chance asking on lists and/or hire somebody helping you. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From skdovecot at smail.inf.fh-brs.de Mon Nov 17 08:04:33 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 17 Nov 2014 09:04:33 +0100 (CET) Subject: 2.2.15: SMTP submission server? In-Reply-To: <5469A284.2020704@tesco.net> References: <5467DBD3.6020400@tesco.net> <5467FCD7.1010208@thelounge.net> <5468513A.7010109@sys4.de> <5469A284.2020704@tesco.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 17 Nov 2014, Ron Leach wrote: > Let me list the approach we'd prefer: > > (i) MTA open on port 25 for inbound email. > > (ii) MTA not open on any other port, because (for example, our) MTAs are > constantly faced on port 25 with password attacks, malformed packets, OK: You've been hacked through SMTP once, ... > (iii) Users who are logged in to Dovecot (ie, authorised by Dovecot, so not > authorised by any software which is subject of attack and which will be > compromised from time to time) able to submit outbound messages through > Dovecot on the internal network to an MTA which will only relay from the > internal network. ... now you try yet another product with exactly the same problem; your IMAP/POP servers are attacked as well. And most systems do not separate IMAP and SMTP passwords. > (iv) No use of STARTTLS; all client messaging to be secure at and from the > point of protocol initiation. SSL=required, in terms of the Dovecot conf. Personally, I do not think that is more secure. > Off topic for Dovecot list, but I might think instead about separate inbound > and outbound MTAs to achieve containment of inbound MTA compromise. I believe this approach is the best way for you concerns anyway. Make this separate server inbound only on port 587, no other services. You could combine it with an almost instantly sync of users which are logged in via IMAP/POP in Dovecot incl. IP and allow any requests for those user/IP combinations. Sort of: SMPT-after-POP but with SMTP auth and all. Or open IPs only after IMAP/POP-Login succeeded. Or ... - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGmsEnz1H7kL/d9rAQI/6ggAizgKj3eSpMlBLLV15B5oConMD8aLxLTM vVn94UmqPNGd8ZqBRM3t07pHT/JCiH4UYvzF5kIXAUQpWebIEit3KH0l/ZlMGd2B aulwvcuAnJpMoKI6zxiwXxedMec9CDjqImOOIHuOWlJtQcdgR3lOETjWsxtBHdKy Y6DJRlCP+VRlh/gS7+9msCDzvnfmINphhRDZT2wvUmHt7oK87ElpxpeWFvpBfxyY 46zOShXd04NEujlp/W1nEIXw7qPL9V1RUglzZfpSnxpdsLqPzCUSjCHD8MNQolDn Nii4p96/Vyxb0RptnMlHAH/tGUA2ead0+pWigCQS7eHok2NV0A6AHw== =BDPM -----END PGP SIGNATURE----- From dieterknopf at gmail.com Mon Nov 17 08:27:15 2014 From: dieterknopf at gmail.com (Dieter Knopf) Date: Mon, 17 Nov 2014 09:27:15 +0100 Subject: inbox parameter is ignored within location config for public namespaces? In-Reply-To: References: Message-ID: Ohh :-( Is there really no way with a symlink or something like that? Not sure if i can configure the root path in clients like Thunderbird... 2014-11-14 11:12 GMT+01:00 Steffen Kaiser : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 14 Nov 2014, Dieter Knopf wrote: > >> Debug logfile: >> dovecot: imap(m.user at foo.eu): Debug: Namespace : type=public, >> prefix=BOS/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes >> >> location=maildir:/home/vmail/foo.eu/bos/MAILDIR:INBOX=/home/vmail/foo.eu/bos/MAILDIR/.INBOX:INDEX=/home/vmail/foo.eu/bos/S_INDEX:INDEXPVT=/home/vmail/foo.eu/bos/S_INDEXPVT/m.user at foo.eu >> dovecot: imap(m.user at foo.eu): Debug: maildir++: >> root=/home/vmail/foo.eu/bos/MAILDIR, >> index=/home/vmail/foo.eu/bos/S_INDEX, >> indexpvt=/home/vmail/foo.eu/bos/S_INDEXPVT/m.user at foo.eu, control=, >> inbox=/home/vmail/foo.eu/bos/MAILDIR/.INBOX, alt= >> dovecot: imap(m.user at foo.eu): Debug: acl: initializing backend with data: >> vfile >> dovecot: imap(m.user at foo.eu): Debug: acl: acl username = m.user at foo.eu >> dovecot: imap(m.user at foo.eu): Debug: acl: owner = 0 >> dovecot: imap(m.user at foo.eu): Debug: acl vfile: Global ACL directory: >> (none) >> >> Everything looks fine, not sure why INBOX is not working correctly :-( > > > I'm sort of thinking that each account has just one INBOX, which is the one > from the namespace with inbox=yes. > Also, IMHO, public Maildir's never have the "root" useable, it is always > "grey" regardless of the INBOX-setting. I think, I've read it several times > on this list. You can see the public INBOX as sub-folder, but cannot "merge" > it as root. > > >> 2014-11-09 18:24 GMT+01:00 Dieter Knopf : >>> >>> Hello, >>> >>> i already asked a similiar question some month ago but still have no >>> fix for my problem :-( >>> >>> This is my global location option in 10-mail.conf: >>> mail_location = >>> >>> maildir:/home/vmail/%d/%n/MAILDIR:INBOX=/home/vmail/%d/%n/MAILDIR/.INBOX:INDEX=/home/vmail/%d/%n/INDEX/ >>> >>> This works fine, until i'm using a public namespace. >>> >>> The following namespace is a normal user too, every mail to bos at foo.eu >>> is stored in /home/vmail/foo.eu/bos/MAILDIR (within the INBOX-folder) >>> and this directory is used for the location of the namespace. >>> >>> Config: >>> namespace { >>> type = public >>> separator = / >>> prefix = BOS/ >>> location = >>> maildir:/home/vmail/foo.eu/bos/MAILDIR:INBOX=/home/vmail/foo.eu/bos/MAILDIR/.INBOX:INDEX=/home/vmail/foo.eu/bos/S_INDEX:INDEXPVT=/home/vmail/foo.eu/bos/S_INDEXPVT/%u >>> subscriptions = yes >>> } >>> >>> The namespace itself works fine and without a problem, but the INBOX >>> folder is the main problem. Mail users agents like Thunderbird now >>> shows a folder structure like: >>> >>> BOS (grey, not useable) >>> - INBOX (the .INBOX folder) >>> - Other folder 1 >>> - Other folder 2 >>> - Other folder 3 >>> >>> The INBOX-config works fine for every single user, but it don't work >>> on namespaces? Is this a bug? >>> >>> Thanks >>> >>> Dieter >> >> > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVGXVdXz1H7kL/d9rAQLyogf/T/Jf/uZrI2Y4Q9ypyLywcOdaZnVXTpJq > lwABkbSzHKf0Q08vePF981cqjPKKZ9RsX50wKjO7ilKtHH/8afQ6EQzzHEiZ8aJb > DcUhWZffpggYswPkmAN6clUVhf4Ay8RGKTyjlAyY8HFrWDvTqDsDOejywjXflw1d > nQs5BM2h8+b9judy9waaAGApw80dLS7ahq1NCKFlyd6NQ4HBotWZ+2kqDtt+4WDC > /efEa4RWwBaVjqQIvaZ96ZHkf40gFaHFGRw/nGzRLPKzaVYMZHgRF5///tEpOcIt > A2FXzkfr4ONLJy0OI1jaGh0rA/IhVOKCzNrwxnEIzM5/R5JPQZ2EIg== > =8eN6 > -----END PGP SIGNATURE----- From h.reindl at thelounge.net Mon Nov 17 09:37:31 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 17 Nov 2014 10:37:31 +0100 Subject: 2.2.15: SMTP submission server? In-Reply-To: <5469A284.2020704@tesco.net> References: <5467DBD3.6020400@tesco.net> <5467FCD7.1010208@thelounge.net> <5468513A.7010109@sys4.de> <5469A284.2020704@tesco.net> Message-ID: <5469C1DB.5040007@thelounge.net> Am 17.11.2014 um 08:23 schrieb Ron Leach: > On 16/11/2014 07:24, Robert Schetterer wrote (re-ordered): >> Am 16.11.2014 um 02:24 schrieb Reindl Harald: >> >>> * if you find a security issue in postfix running >>> on 587 over TLS cry out loud > > I'm thinking beyond that; I want to get to the position that when there > is an issue in the MTA, our systems are less exposed than they might > otherwise be. It's not about the MTA. and why do you then want the MTA inside dovecot? if there is an issue in postfix, well, that's it and not more because by using dovecots SASL provider it has even no access to the user database at all >>> that's it and if you think that combination is not secure enough pull >>> the network cables >>> > That's pretty much what we have at the moment, but we need to be able to > submit from offsite, and I'm keen to implement that together with our > migration to 2.2. Of course offsite submission is easy, but in our > experience that is also vulnerable. what expierience? > Let me list the approach we'd prefer: > > (i) MTA open on port 25 for inbound email. > > (ii) MTA not open on any other port, because (for example, our) MTAs are > constantly faced on port 25 with password attacks, malformed packets, > malformed messages that contain scripts, and malformed protocol > sequences; all these show up in the logs. so what > In the past, at least one of > those succeeded. We have a saying: 'once bitten, twice shy'. So, now I > would prefer that any MTA we use (that is capable of outbound messaging) > be *not* capable of relaying from any inbound SMTP protocol. (Because > inbound SMTP is the focus of so much attack jesus christ than disable sasl on port 25 and you are done -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From s.sabatier at pobox.com Mon Nov 17 09:58:05 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Mon, 17 Nov 2014 10:58:05 +0100 Subject: LMTPS : TLS over LMTP not working Message-ID: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> Hello, I tried to activate SSL on LMTP service, to secure connections between Postfix and Dovecot on my LAN, but Dovecot is not negociating a TLS session with Postfix. If I enforce TLS for LMTP at Postfix's side, communication between Postfix and Dovecot is not working. I put ssl = yes ssl_cert = References: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> Message-ID: <5469C7FA.5030300@thelounge.net> Am 17.11.2014 um 10:58 schrieb Stanislas SABATIER: > Hello, > I tried to activate SSL on LMTP service, to secure connections between Postfix and Dovecot on my LAN, but Dovecot is not negociating a TLS session with Postfix. > If I enforce TLS for LMTP at Postfix's side, communication between Postfix and Dovecot is not working. > > I put > ssl = yes > ssl_cert = ssl_key = in section protocol LMTP within 20-lmtp.conf > > and > service lmtp { > inet_listener lmtp { > name = dovecot_lmtp > address = xx.xx.xx.xx > port = 26 > ssl = yes > } > process_min_avail = 5 > } > within 10-master.conf > > Did I miss something? did you configure postfix? postconf -d | grep tls not sure if postfix prefers STARTTLS only (likely since the smtop-client also don't support wrapper mode and lmtp is more or less the same as smtp) lmtp_enforce_tls = no lmtp_sasl_tls_security_options = $lmtp_sasl_security_options lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options lmtp_starttls_timeout = 300s lmtp_tls_CAfile = lmtp_tls_CApath = lmtp_tls_block_early_mail_reply = no lmtp_tls_cert_file = lmtp_tls_ciphers = export lmtp_tls_dcert_file = lmtp_tls_dkey_file = $lmtp_tls_dcert_file lmtp_tls_eccert_file = lmtp_tls_eckey_file = $lmtp_tls_eccert_file lmtp_tls_enforce_peername = yes lmtp_tls_exclude_ciphers = lmtp_tls_fingerprint_cert_match = lmtp_tls_fingerprint_digest = md5 lmtp_tls_force_insecure_host_tlsa_lookup = no lmtp_tls_key_file = $lmtp_tls_cert_file lmtp_tls_loglevel = 0 lmtp_tls_mandatory_ciphers = medium lmtp_tls_mandatory_exclude_ciphers = lmtp_tls_mandatory_protocols = !SSLv2 lmtp_tls_note_starttls_offer = no lmtp_tls_per_site = lmtp_tls_policy_maps = lmtp_tls_protocols = !SSLv2 lmtp_tls_scert_verifydepth = 9 lmtp_tls_secure_cert_match = nexthop lmtp_tls_security_level = lmtp_tls_session_cache_database = lmtp_tls_session_cache_timeout = 3600s lmtp_tls_trust_anchor_file = lmtp_tls_verify_cert_match = hostname -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Mon Nov 17 10:19:06 2014 From: rs at sys4.de (Robert Schetterer) Date: Mon, 17 Nov 2014 11:19:06 +0100 Subject: LMTPS : TLS over LMTP not working In-Reply-To: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> References: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> Message-ID: <5469CB9A.2040905@sys4.de> Am 17.11.2014 um 10:58 schrieb Stanislas SABATIER: > Hello, > I tried to activate SSL on LMTP service, to secure connections between Postfix and Dovecot on my LAN, but Dovecot is not negociating a TLS session with Postfix. > If I enforce TLS for LMTP at Postfix's side, communication between Postfix and Dovecot is not working. > > I put > ssl = yes > ssl_cert = ssl_key = in section protocol LMTP within 20-lmtp.conf > > and > service lmtp { > inet_listener lmtp { > name = dovecot_lmtp > address = xx.xx.xx.xx > port = 26 > ssl = yes > } > process_min_avail = 5 > } > within 10-master.conf > > Did I miss something ? > > Thank you for your help. > > Regards, > Stan > as far in know this isnt implemented in dovecot yet, but will come Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From s.sabatier at pobox.com Mon Nov 17 10:24:40 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Mon, 17 Nov 2014 11:24:40 +0100 Subject: LMTPS : TLS over LMTP not working In-Reply-To: <5469C7FA.5030300@thelounge.net> References: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> <5469C7FA.5030300@thelounge.net> Message-ID: <61AF526E-254C-470C-AF21-36C243939BE8@pobox.com> I setup a service in master.conf like this : dovecotsandbox unix - - n - 10 lmtp -o lmtp_send_xforward_command=yes -o lmtp_tls_security_level=encrypt Then I tried to add starttls option : -o lmtp_tls_note_starttls_offer=yes But Postfix still can't deliver the email. Postfix log : (?) status=deferred (TLS is required, but was not offered by host xx.xx.xx.xx[xx.xx.xx.xx]) Le 17 nov. 2014 ? 11:03, Reindl Harald a ?crit : > > Am 17.11.2014 um 10:58 schrieb Stanislas SABATIER: >> Hello, >> I tried to activate SSL on LMTP service, to secure connections between Postfix and Dovecot on my LAN, but Dovecot is not negociating a TLS session with Postfix. >> If I enforce TLS for LMTP at Postfix's side, communication between Postfix and Dovecot is not working. >> >> I put >> ssl = yes >> ssl_cert = > ssl_key = > in section protocol LMTP within 20-lmtp.conf >> >> and >> service lmtp { >> inet_listener lmtp { >> name = dovecot_lmtp >> address = xx.xx.xx.xx >> port = 26 >> ssl = yes >> } >> process_min_avail = 5 >> } >> within 10-master.conf >> >> Did I miss something? > > did you configure postfix? > postconf -d | grep tls > > not sure if postfix prefers STARTTLS only (likely since the smtop-client also don't support wrapper mode and lmtp is more or less the same as smtp) > > lmtp_enforce_tls = no > lmtp_sasl_tls_security_options = $lmtp_sasl_security_options > lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options > lmtp_starttls_timeout = 300s > lmtp_tls_CAfile = > lmtp_tls_CApath = > lmtp_tls_block_early_mail_reply = no > lmtp_tls_cert_file = > lmtp_tls_ciphers = export > lmtp_tls_dcert_file = > lmtp_tls_dkey_file = $lmtp_tls_dcert_file > lmtp_tls_eccert_file = > lmtp_tls_eckey_file = $lmtp_tls_eccert_file > lmtp_tls_enforce_peername = yes > lmtp_tls_exclude_ciphers = > lmtp_tls_fingerprint_cert_match = > lmtp_tls_fingerprint_digest = md5 > lmtp_tls_force_insecure_host_tlsa_lookup = no > lmtp_tls_key_file = $lmtp_tls_cert_file > lmtp_tls_loglevel = 0 > lmtp_tls_mandatory_ciphers = medium > lmtp_tls_mandatory_exclude_ciphers = > lmtp_tls_mandatory_protocols = !SSLv2 > lmtp_tls_note_starttls_offer = no > lmtp_tls_per_site = > lmtp_tls_policy_maps = > lmtp_tls_protocols = !SSLv2 > lmtp_tls_scert_verifydepth = 9 > lmtp_tls_secure_cert_match = nexthop > lmtp_tls_security_level = > lmtp_tls_session_cache_database = > lmtp_tls_session_cache_timeout = 3600s > lmtp_tls_trust_anchor_file = > lmtp_tls_verify_cert_match = hostname From h.reindl at thelounge.net Mon Nov 17 10:27:36 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 17 Nov 2014 11:27:36 +0100 Subject: LMTPS : TLS over LMTP not working In-Reply-To: <61AF526E-254C-470C-AF21-36C243939BE8@pobox.com> References: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> <5469C7FA.5030300@thelounge.net> <61AF526E-254C-470C-AF21-36C243939BE8@pobox.com> Message-ID: <5469CD98.6090608@thelounge.net> Am 17.11.2014 um 11:24 schrieb Stanislas SABATIER: > I setup a service in master.conf like this : > > dovecotsandbox unix - - n - 10 lmtp > -o lmtp_send_xforward_command=yes > -o lmtp_tls_security_level=encrypt > > Then I tried to add starttls option : > -o lmtp_tls_note_starttls_offer=yes > > But Postfix still can't deliver the email. Postfix log : > (?) status=deferred (TLS is required, but was not offered by host xx.xx.xx.xx[xx.xx.xx.xx]) that you should have included in your first post as somebody else said: seems not to be supported now just setup a SSH tunnel and let postfix deliver to 127.0.0.1:port > Le 17 nov. 2014 ? 11:03, Reindl Harald a ?crit : > >> >> Am 17.11.2014 um 10:58 schrieb Stanislas SABATIER: >>> Hello, >>> I tried to activate SSL on LMTP service, to secure connections between Postfix and Dovecot on my LAN, but Dovecot is not negociating a TLS session with Postfix. >>> If I enforce TLS for LMTP at Postfix's side, communication between Postfix and Dovecot is not working. >>> >>> I put >>> ssl = yes >>> ssl_cert = >> ssl_key = >> in section protocol LMTP within 20-lmtp.conf >>> >>> and >>> service lmtp { >>> inet_listener lmtp { >>> name = dovecot_lmtp >>> address = xx.xx.xx.xx >>> port = 26 >>> ssl = yes >>> } >>> process_min_avail = 5 >>> } >>> within 10-master.conf >>> >>> Did I miss something? >> >> did you configure postfix? >> postconf -d | grep tls >> >> not sure if postfix prefers STARTTLS only (likely since the smtop-client also don't support wrapper mode and lmtp is more or less the same as smtp) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Mon Nov 17 10:34:57 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 17 Nov 2014 02:34:57 -0800 Subject: LMTPS : TLS over LMTP not working In-Reply-To: <5469CD98.6090608@thelounge.net> References: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> <5469C7FA.5030300@thelounge.net> <61AF526E-254C-470C-AF21-36C243939BE8@pobox.com> <5469CD98.6090608@thelounge.net> Message-ID: <24B755D0-B872-4AFF-BAFE-5B5CD4A46E28@iki.fi> On 17 Nov 2014, at 02:27, Reindl Harald wrote: > Am 17.11.2014 um 11:24 schrieb Stanislas SABATIER: >> I setup a service in master.conf like this : >> >> dovecotsandbox unix - - n - 10 lmtp >> -o lmtp_send_xforward_command=yes >> -o lmtp_tls_security_level=encrypt >> >> Then I tried to add starttls option : >> -o lmtp_tls_note_starttls_offer=yes >> >> But Postfix still can't deliver the email. Postfix log : >> (?) status=deferred (TLS is required, but was not offered by host xx.xx.xx.xx[xx.xx.xx.xx]) > > that you should have included in your first post > as somebody else said: seems not to be supported now > > just setup a SSH tunnel and let postfix deliver to 127.0.0.1:port I thought the problem was with the new LMTP STARTTLS command that was added after v2.2.15 release. But if not, try the latest hg version and see if it works. From s.sabatier at pobox.com Mon Nov 17 10:38:57 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Mon, 17 Nov 2014 11:38:57 +0100 Subject: LMTPS : TLS over LMTP not working In-Reply-To: <24B755D0-B872-4AFF-BAFE-5B5CD4A46E28@iki.fi> References: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> <5469C7FA.5030300@thelounge.net> <61AF526E-254C-470C-AF21-36C243939BE8@pobox.com> <5469CD98.6090608@thelounge.net> <24B755D0-B872-4AFF-BAFE-5B5CD4A46E28@iki.fi> Message-ID: <0412CE8B-7FBE-4C4E-B3C7-E0E28A9E5036@pobox.com> It did not work with 2.2.13 nor with 2.2.15 Le 17 nov. 2014 ? 11:34, Timo Sirainen a ?crit : > On 17 Nov 2014, at 02:27, Reindl Harald wrote: > >> Am 17.11.2014 um 11:24 schrieb Stanislas SABATIER: >>> I setup a service in master.conf like this : >>> >>> dovecotsandbox unix - - n - 10 lmtp >>> -o lmtp_send_xforward_command=yes >>> -o lmtp_tls_security_level=encrypt >>> >>> Then I tried to add starttls option : >>> -o lmtp_tls_note_starttls_offer=yes >>> >>> But Postfix still can't deliver the email. Postfix log : >>> (?) status=deferred (TLS is required, but was not offered by host xx.xx.xx.xx[xx.xx.xx.xx]) >> >> that you should have included in your first post >> as somebody else said: seems not to be supported now >> >> just setup a SSH tunnel and let postfix deliver to 127.0.0.1:port > > I thought the problem was with the new LMTP STARTTLS command that was added after v2.2.15 release. But if not, try the latest hg version and see if it works. From wdgarc88 at gmail.com Mon Nov 17 10:44:24 2014 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Mon, 17 Nov 2014 20:44:24 +1000 Subject: stop deletion of mails Message-ID: Is possible with dovecot? Legal department have told us we need to stop anyone from delete email on corporate mail server, so nobody, even managers can not anymore delete any mail? From tss at iki.fi Mon Nov 17 10:46:25 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 17 Nov 2014 02:46:25 -0800 Subject: LMTPS : TLS over LMTP not working In-Reply-To: <0412CE8B-7FBE-4C4E-B3C7-E0E28A9E5036@pobox.com> References: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> <5469C7FA.5030300@thelounge.net> <61AF526E-254C-470C-AF21-36C243939BE8@pobox.com> <5469CD98.6090608@thelounge.net> <24B755D0-B872-4AFF-BAFE-5B5CD4A46E28@iki.fi> <0412CE8B-7FBE-4C4E-B3C7-E0E28A9E5036@pobox.com> Message-ID: <8C91BEB9-2192-4FFF-8C40-626ED1B07FFC@iki.fi> It was implemented AFTER 2.2.15 release. Requires a recent hg version / recent nightly snapshot. See http://hg.dovecot.org/dovecot-2.2 or http://dovecot.org/nightly/ On 17 Nov 2014, at 02:38, Stanislas SABATIER wrote: > It did not work with 2.2.13 nor with 2.2.15 > > Le 17 nov. 2014 ? 11:34, Timo Sirainen a ?crit : > >> On 17 Nov 2014, at 02:27, Reindl Harald wrote: >> >>> Am 17.11.2014 um 11:24 schrieb Stanislas SABATIER: >>>> I setup a service in master.conf like this : >>>> >>>> dovecotsandbox unix - - n - 10 lmtp >>>> -o lmtp_send_xforward_command=yes >>>> -o lmtp_tls_security_level=encrypt >>>> >>>> Then I tried to add starttls option : >>>> -o lmtp_tls_note_starttls_offer=yes >>>> >>>> But Postfix still can't deliver the email. Postfix log : >>>> (?) status=deferred (TLS is required, but was not offered by host xx.xx.xx.xx[xx.xx.xx.xx]) >>> >>> that you should have included in your first post >>> as somebody else said: seems not to be supported now >>> >>> just setup a SSH tunnel and let postfix deliver to 127.0.0.1:port >> >> I thought the problem was with the new LMTP STARTTLS command that was added after v2.2.15 release. But if not, try the latest hg version and see if it works. From tss at iki.fi Mon Nov 17 10:48:40 2014 From: tss at iki.fi (Timo Sirainen) Date: Mon, 17 Nov 2014 02:48:40 -0800 Subject: stop deletion of mails In-Reply-To: References: Message-ID: <33BE4F0B-F9E9-48FA-9B24-274863AC7742@iki.fi> On 17 Nov 2014, at 02:44, Edwardo Garcia wrote: > Is possible with dovecot? > > Legal department have told us we need to stop anyone from delete email > on corporate mail server, so nobody, even managers can not anymore > delete any mail? Implement email archiving. Allow the users to delete emails that are visible to themselves, but have another place where all the emails always exist and they can be accessed by people who need to have access to them. There are various different ways to do this. The easiest way is to have your MTA just Bcc them to some specific mailbox. From wdgarc88 at gmail.com Mon Nov 17 10:51:48 2014 From: wdgarc88 at gmail.com (Edwardo Garcia) Date: Mon, 17 Nov 2014 20:51:48 +1000 Subject: stop deletion of mails In-Reply-To: <33BE4F0B-F9E9-48FA-9B24-274863AC7742@iki.fi> References: <33BE4F0B-F9E9-48FA-9B24-274863AC7742@iki.fi> Message-ID: OK thank you On 11/17/14, Timo Sirainen wrote: > On 17 Nov 2014, at 02:44, Edwardo Garcia wrote: > >> Is possible with dovecot? >> >> Legal department have told us we need to stop anyone from delete email >> on corporate mail server, so nobody, even managers can not anymore >> delete any mail? > > Implement email archiving. Allow the users to delete emails that are visible > to themselves, but have another place where all the emails always exist and > they can be accessed by people who need to have access to them. There are > various different ways to do this. The easiest way is to have your MTA just > Bcc them to some specific mailbox. > > From raubvogel at gmail.com Mon Nov 17 10:53:44 2014 From: raubvogel at gmail.com (Mauricio Tavares) Date: Mon, 17 Nov 2014 05:53:44 -0500 Subject: stop deletion of mails In-Reply-To: <33BE4F0B-F9E9-48FA-9B24-274863AC7742@iki.fi> References: <33BE4F0B-F9E9-48FA-9B24-274863AC7742@iki.fi> Message-ID: On Nov 17, 2014 5:48 AM, "Timo Sirainen" wrote: > > On 17 Nov 2014, at 02:44, Edwardo Garcia wrote: > > > Is possible with dovecot? > > > > Legal department have told us we need to stop anyone from delete email > > on corporate mail server, so nobody, even managers can not anymore > > delete any mail? > > Implement email archiving. Allow the users to delete emails that are visible to themselves, but have another place where all the emails always exist and they can be accessed by people who need to have access to them. There are various different ways to do this. The easiest way is to have your MTA just Bcc them to some specific mailbox. We do that using a sieve script. This way it is transparent to user. Since all of our email is owned by the user "virtual" in the mail server (email users do not have accounts in mail server), that works rather nicely. From s.sabatier at pobox.com Mon Nov 17 11:18:34 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Mon, 17 Nov 2014 12:18:34 +0100 Subject: LMTPS : TLS over LMTP not working In-Reply-To: <8C91BEB9-2192-4FFF-8C40-626ED1B07FFC@iki.fi> References: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> <5469C7FA.5030300@thelounge.net> <61AF526E-254C-470C-AF21-36C243939BE8@pobox.com> <5469CD98.6090608@thelounge.net> <24B755D0-B872-4AFF-BAFE-5B5CD4A46E28@iki.fi> <0412CE8B-7FBE-4C4E-B3C7-E0E28A9E5036@pobox.com> <8C91BEB9-2192-4FFF-8C40-626ED1B07FFC@iki.fi> Message-ID: <2BEB25A1-11A2-45CA-B119-8A781E0EFE7D@pobox.com> Thanks. I'll install latest release on my sandbox to test LMTPS with Postfix. As soon as I tested, I'll report in this forum. Regards, Stan. Le 17 nov. 2014 ? 11:46, Timo Sirainen a ?crit : > It was implemented AFTER 2.2.15 release. Requires a recent hg version / recent nightly snapshot. See http://hg.dovecot.org/dovecot-2.2 or http://dovecot.org/nightly/ > > On 17 Nov 2014, at 02:38, Stanislas SABATIER wrote: > >> It did not work with 2.2.13 nor with 2.2.15 >> >> Le 17 nov. 2014 ? 11:34, Timo Sirainen a ?crit : >> >>> On 17 Nov 2014, at 02:27, Reindl Harald wrote: >>> >>>> Am 17.11.2014 um 11:24 schrieb Stanislas SABATIER: >>>>> I setup a service in master.conf like this : >>>>> >>>>> dovecotsandbox unix - - n - 10 lmtp >>>>> -o lmtp_send_xforward_command=yes >>>>> -o lmtp_tls_security_level=encrypt >>>>> >>>>> Then I tried to add starttls option : >>>>> -o lmtp_tls_note_starttls_offer=yes >>>>> >>>>> But Postfix still can't deliver the email. Postfix log : >>>>> (?) status=deferred (TLS is required, but was not offered by host xx.xx.xx.xx[xx.xx.xx.xx]) >>>> >>>> that you should have included in your first post >>>> as somebody else said: seems not to be supported now >>>> >>>> just setup a SSH tunnel and let postfix deliver to 127.0.0.1:port >>> >>> I thought the problem was with the new LMTP STARTTLS command that was added after v2.2.15 release. But if not, try the latest hg version and see if it works. From soumplis at ekt.gr Mon Nov 17 12:51:25 2014 From: soumplis at ekt.gr (Alexandros Soumplis) Date: Mon, 17 Nov 2014 14:51:25 +0200 Subject: Optional mail attribute in ldap Message-ID: <5469EF4D.3020309@ekt.gr> Hello, I am using an ldap database (active directory) for dovecot authentication and I am trying to change the mail location for some users only, thus any mail should be delivered to the default location unless the ldap query returns a successful result which defines the mail variable. I have chosen the AD atttribute "otherMailbox" and added for the required user the value "=mail=mdbox:/newmailboxes/%Lu/". It seems not to work and mails still get delivered to the default location. Any suggestions ? a. From skdovecot at smail.inf.fh-brs.de Mon Nov 17 13:26:08 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 17 Nov 2014 14:26:08 +0100 (CET) Subject: closed fd causes: lmtp(18385): Panic: epoll_ctl(del, 11) failed: Bad file descriptor In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Nov 2014, Timo Sirainen wrote: >> >> I forgot my hg version, sorry: >> >> Dovecot v2.2.15 (062230bdbc4d+) > > This then? http://hg.dovecot.org/dovecot-2.2/rev/2d87ec863b76 Yes, this patch seems to prevent the Panic, I was unable to get a core now. Thanks, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGn3cXz1H7kL/d9rAQIS2Qf/VSTKfARHOzXGgfiP+0Ig5SdQAnN21zOe uPZH/jkeB7h9CDTtzMi3ODPDIY8qyKd18RPIFprysAr41+XswuhWP7C608BpsKU6 N6dEMBqa57iha4cC8UEl2SDh3A/TFSqxwjV325gu8VwmO+6QdIda3A9y/p89B0vk QXYDhSGnyq1NFybSQ0+a3/jdgCu8oheZplymt4xe7et9GiXCM8Fn9YLlAi6FLzVE ekLpaXBZ+bDvn5FUltlPjeSshXxAkxB83G1Gkk5FlsUEnj7slw2sZup3Fk0Jp7s0 8mV4YWVcS3HNMPqRedExIOiryebxDcZV3UUzuZo6T9E5mJ8mdBHCDw== =klqP -----END PGP SIGNATURE----- From s.sabatier at pobox.com Mon Nov 17 13:30:19 2014 From: s.sabatier at pobox.com (Stanislas SABATIER) Date: Mon, 17 Nov 2014 14:30:19 +0100 Subject: LMTPS into 20141115 In-Reply-To: <2BEB25A1-11A2-45CA-B119-8A781E0EFE7D@pobox.com> References: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> <5469C7FA.5030300@thelounge.net> <61AF526E-254C-470C-AF21-36C243939BE8@pobox.com> <5469CD98.6090608@thelounge.net> <24B755D0-B872-4AFF-BAFE-5B5CD4A46E28@iki.fi> <0412CE8B-7FBE-4C4E-B3C7-E0E28A9E5036@pobox.com> <8C91BEB9-2192-4FFF-8C40-626ED1B07FFC@iki.fi> <2BEB25A1-11A2-45CA-B119-8A781E0EFE7D@pobox.com> Message-ID: <4335E78E-5EB9-445A-8F7A-A43AD3FB5F28@pobox.com> I build the 20141115 nigthly release and succeeded to enforce TLS over LMTP between Postfix and Dovecot. But, I see the following error in maillog after each incoming message : Nov 17 14:12:20 lmtp(291): Info: Connect from xx.xx.xx.xx Nov 17 14:12:20 lmtp(xxxx at yyyyy.zzz): Info: bdlxGjT0aVQjAQAAd7W7Aw: msgid=: saved mail to INBOX Nov 17 14:12:20 lmtp(291): Info: Disconnect from xx.xx.xx.xx: Successful quit Nov 17 14:12:20 lmtp(291): Error: kevent(EV_DELETE, 12) failed: Bad file descriptor Le 17 nov. 2014 ? 12:18, Stanislas SABATIER a ?crit : > Thanks. I'll install latest release on my sandbox to test LMTPS with Postfix. As soon as I tested, I'll report in this forum. > > Regards, > Stan. > Le 17 nov. 2014 ? 11:46, Timo Sirainen a ?crit : > >> It was implemented AFTER 2.2.15 release. Requires a recent hg version / recent nightly snapshot. See http://hg.dovecot.org/dovecot-2.2 or http://dovecot.org/nightly/ >> >> On 17 Nov 2014, at 02:38, Stanislas SABATIER wrote: >> >>> It did not work with 2.2.13 nor with 2.2.15 >>> >>> Le 17 nov. 2014 ? 11:34, Timo Sirainen a ?crit : >>> >>>> On 17 Nov 2014, at 02:27, Reindl Harald wrote: >>>> >>>>> Am 17.11.2014 um 11:24 schrieb Stanislas SABATIER: >>>>>> I setup a service in master.conf like this : >>>>>> >>>>>> dovecotsandbox unix - - n - 10 lmtp >>>>>> -o lmtp_send_xforward_command=yes >>>>>> -o lmtp_tls_security_level=encrypt >>>>>> >>>>>> Then I tried to add starttls option : >>>>>> -o lmtp_tls_note_starttls_offer=yes >>>>>> >>>>>> But Postfix still can't deliver the email. Postfix log : >>>>>> (?) status=deferred (TLS is required, but was not offered by host xx.xx.xx.xx[xx.xx.xx.xx]) >>>>> >>>>> that you should have included in your first post >>>>> as somebody else said: seems not to be supported now >>>>> >>>>> just setup a SSH tunnel and let postfix deliver to 127.0.0.1:port >>>> >>>> I thought the problem was with the new LMTP STARTTLS command that was added after v2.2.15 release. But if not, try the latest hg version and see if it works. From skdovecot at smail.inf.fh-brs.de Mon Nov 17 14:22:40 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 17 Nov 2014 15:22:40 +0100 (CET) Subject: inbox parameter is ignored within location config for public namespaces? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 17 Nov 2014, Dieter Knopf wrote: > Is there really no way with a symlink or something like that? Not sure > if i can configure the root path in clients like Thunderbird... > > 2014-11-14 11:12 GMT+01:00 Steffen Kaiser : >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Fri, 14 Nov 2014, Dieter Knopf wrote: >>>> Config: >>>> namespace { >>>> type = public >>>> separator = / >>>> prefix = BOS/ >>>> location = >>>> maildir:/home/vmail/foo.eu/bos/MAILDIR:INBOX=/home/vmail/foo.eu/bos/MAILDIR/.INBOX:INDEX=/home/vmail/foo.eu/bos/S_INDEX:INDEXPVT=/home/vmail/foo.eu/bos/S_INDEXPVT/%u >>>> subscriptions = yes >>>> } >>>> >>>> The namespace itself works fine and without a problem, but the INBOX >>>> folder is the main problem. Mail users agents like Thunderbird now >>>> shows a folder structure like: >>>> >>>> BOS (grey, not useable) >>>> - INBOX (the .INBOX folder) >>>> - Other folder 1 >>>> - Other folder 2 >>>> - Other folder 3 >>>> >>>> The INBOX-config works fine for every single user, but it don't work >>>> on namespaces? Is this a bug? I tested the following: cd /home/vmail/foo.eu/bos/MAILDIR ln -s .INBOX/* . - -> BOS becomes selectable, actually the LIST response changes from: * LIST (\Noselect \HasChildren) "." BOS - -to- * LIST (\HasChildren) "." BOS You have "INBOX" still, but my version of Thunderbird does not select "BOS", because it tries to select "BOS.BOS". mkdir .BOS chown ... .BOS cd .BOS ln -s ../{do*,new,cur,tmp} . makes BOS selectable for Thunderbird, but now you have 3 INBOXes ... . - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGoEsHz1H7kL/d9rAQJIoAgAgTur3BZYqBVXz5s0+xbWhPHtrurstGGH SuzliEfeicLzU37Eaor8xdF3b9pxxlQr4AxJp8F3XF9ktlDTXLS7RahId2EHD0MA xMh80iHH/DZuYkvBTnMNe+OMRdvKolA7owiausBGXFCtUuTF+rmKWHNKZeMQnhOJ rlrF5osbO0s0gWQpAwnvKwU/WToBGvIg8L4ZCogSc/CW0pTZypizmhMZ322/FPt5 VMQbvG+gn9morzURLBD+5RxnVRcC42aQgZp2yuMUzhd35PV0mdbCS+peklW5mlRJ hKzXgBt4bBjKZw1ZF0M24ZaTfYoIswBZY8iiUYznCnpAk4OAMFhpGw== =IsU7 -----END PGP SIGNATURE----- From rs at sys4.de Mon Nov 17 15:05:15 2014 From: rs at sys4.de (Robert Schetterer) Date: Mon, 17 Nov 2014 16:05:15 +0100 Subject: LMTPS into 20141115 In-Reply-To: <4335E78E-5EB9-445A-8F7A-A43AD3FB5F28@pobox.com> References: <767ABAE2-21A1-4938-932C-0DC05B9BBEB1@pobox.com> <5469C7FA.5030300@thelounge.net> <61AF526E-254C-470C-AF21-36C243939BE8@pobox.com> <5469CD98.6090608@thelounge.net> <24B755D0-B872-4AFF-BAFE-5B5CD4A46E28@iki.fi> <0412CE8B-7FBE-4C4E-B3C7-E0E28A9E5036@pobox.com> <8C91BEB9-2192-4FFF-8C40-626ED1B07FFC@iki.fi> <2BEB25A1-11A2-45CA-B119-8A781E0EFE7D@pobox.com> <4335E78E-5EB9-445A-8F7A-A43AD3FB5F28@pobox.com> Message-ID: <546A0EAB.3060504@sys4.de> Am 17.11.2014 um 14:30 schrieb Stanislas SABATIER: > I build the 20141115 nigthly release and succeeded to enforce TLS over LMTP between Postfix and Dovecot. > But, I see the following error in maillog after each incoming message : > > Nov 17 14:12:20 lmtp(291): Info: Connect from xx.xx.xx.xx > Nov 17 14:12:20 lmtp(xxxx at yyyyy.zzz): Info: bdlxGjT0aVQjAQAAd7W7Aw: msgid=: saved mail to INBOX > Nov 17 14:12:20 lmtp(291): Info: Disconnect from xx.xx.xx.xx: Successful quit > Nov 17 14:12:20 lmtp(291): Error: kevent(EV_DELETE, 12) failed: Bad file descriptor works here too, dont have any errors for small testings but looks like i need to reread all lmtp tls stuff now *g 2014-11-17T15:58:19.516398+01:00 mail dovecot: lmtp(19281): Connect from 127.0.0.1 2014-11-17T15:58:19.516798+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x10, ret=1: before/accept initialization 2014-11-17T15:58:19.516808+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: before/accept initialization 2014-11-17T15:58:19.516817+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2002, ret=-1: unknown state 2014-11-17T15:58:19.517092+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2002, ret=-1: unknown state 2014-11-17T15:58:19.517119+01:00 mail dovecot: lmtp(19281): Debug: SSL_get_servername() failed 2014-11-17T15:58:19.517134+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A 2014-11-17T15:58:19.517147+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A 2014-11-17T15:58:19.517251+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A 2014-11-17T15:58:19.522535+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A 2014-11-17T15:58:19.522553+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A 2014-11-17T15:58:19.522562+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 flush data 2014-11-17T15:58:19.522579+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A 2014-11-17T15:58:19.525910+01:00 mail dovecot: message repeated 2 times: [ lmtp(19281): Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A] 2014-11-17T15:58:19.527497+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A 2014-11-17T15:58:19.527572+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A 2014-11-17T15:58:19.527596+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A 2014-11-17T15:58:19.527614+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A 2014-11-17T15:58:19.527625+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2001, ret=1: SSLv3 flush data 2014-11-17T15:58:19.527631+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully 2014-11-17T15:58:19.527648+01:00 mail dovecot: lmtp(19281): Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully > > > Le 17 nov. 2014 ? 12:18, Stanislas SABATIER a ?crit : > >> Thanks. I'll install latest release on my sandbox to test LMTPS with Postfix. As soon as I tested, I'll report in this forum. >> >> Regards, >> Stan. >> Le 17 nov. 2014 ? 11:46, Timo Sirainen a ?crit : >> >>> It was implemented AFTER 2.2.15 release. Requires a recent hg version / recent nightly snapshot. See http://hg.dovecot.org/dovecot-2.2 or http://dovecot.org/nightly/ >>> >>> On 17 Nov 2014, at 02:38, Stanislas SABATIER wrote: >>> >>>> It did not work with 2.2.13 nor with 2.2.15 >>>> >>>> Le 17 nov. 2014 ? 11:34, Timo Sirainen a ?crit : >>>> >>>>> On 17 Nov 2014, at 02:27, Reindl Harald wrote: >>>>> >>>>>> Am 17.11.2014 um 11:24 schrieb Stanislas SABATIER: >>>>>>> I setup a service in master.conf like this : >>>>>>> >>>>>>> dovecotsandbox unix - - n - 10 lmtp >>>>>>> -o lmtp_send_xforward_command=yes >>>>>>> -o lmtp_tls_security_level=encrypt >>>>>>> >>>>>>> Then I tried to add starttls option : >>>>>>> -o lmtp_tls_note_starttls_offer=yes >>>>>>> >>>>>>> But Postfix still can't deliver the email. Postfix log : >>>>>>> (?) status=deferred (TLS is required, but was not offered by host xx.xx.xx.xx[xx.xx.xx.xx]) >>>>>> >>>>>> that you should have included in your first post >>>>>> as somebody else said: seems not to be supported now >>>>>> >>>>>> just setup a SSH tunnel and let postfix deliver to 127.0.0.1:port >>>>> >>>>> I thought the problem was with the new LMTP STARTTLS command that was added after v2.2.15 release. But if not, try the latest hg version and see if it works. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tree at dreamstand.com Mon Nov 17 15:20:24 2014 From: tree at dreamstand.com (tree) Date: Mon, 17 Nov 2014 16:20:24 +0100 Subject: Different SSL certificates per IP and protocol Message-ID: <546A1238.5060400@dreamstand.com> Hi Dovecot Users and Developers, I am hosting the server with multiple domains. I have setup the dovecot with the instructions from http://wiki2.dovecot.org/SSL/DovecotConfiguration Each domain has it's own ip address. However, when I connect via Thunderbird or any other mail clients, the client is ONLY picking up the top-level "default" ssl_key and ssl_cert and the certificat in /etc/ssl/dovecot.pem Is this a bug? This is on Debian Wheezy. Any help pointing in the right direction would be appreciated thanks. Here is the ssl section: ----------- ssl_cert = Hi all, First sorry i really couldn't find it back been searching everywhere even the docs and its bit confusing. I am using # doveadm -D sync -u *@mydomain.net remote:myserver.net # which works perfect however for security reasons we now need to change the sshd port on the remote server. How do i tell doveadm to use a custom SSH port (would love to continue to use just the ssh connection), if anyone could explain that would be great, because all i found is custom tcp or tcp ssl which is not what we want to use, as i wish to stick with custom ssh port. Regards, r. -- This email was Virus checked by UTM 9. http://www.astaro.org From gedalya at gedalya.net Tue Nov 18 08:32:30 2014 From: gedalya at gedalya.net (Gedalya) Date: Tue, 18 Nov 2014 03:32:30 -0500 Subject: custom ssh port doveadm sync In-Reply-To: References: Message-ID: <546B041E.4070902@gedalya.net> On 11/18/2014 03:23 AM, dvm at rdyn.net wrote: > > Hi all, > > First sorry i really couldn't find it back been searching everywhere > even the docs and its bit confusing. > I am using # doveadm -D sync -u *@mydomain.net remote:myserver.net # > which works perfect however for security reasons we now need to change > the sshd port on the remote server. > How do i tell doveadm to use a custom SSH port (would love to > continue to use just the ssh connection), if anyone could explain that > would be great, because all i found is custom tcp or tcp ssl which is > not what we want to use, as i wish to stick with custom ssh port. From the dsync man page EXAMPLE SYNCHRONIZATION Synchronize mailboxes with a remote server. Any errors are written to stderr. doveadm sync -u username at example.com remote:server-replica.example.com If you need more complex parameters to ssh, you can use e.g.: doveadm sync -u username at example.com ssh -i id_dsa.dovecot \ mailuser at example.com doveadm dsync-server -u username at example.com From skdovecot at smail.inf.fh-brs.de Tue Nov 18 08:40:31 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 18 Nov 2014 09:40:31 +0100 (CET) Subject: Understanding why Dovecot unexpectedly died In-Reply-To: <20141115200013.7ca5d008@frodo.lucabert.intra> References: <20141115200013.7ca5d008@frodo.lucabert.intra> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 15 Nov 2014, Luca Bertoncello wrote: > I use Dovecot 1.2.17 (I can't upgrade right now, due to many reasons), > controlled by Pacemaker (I have an HA-Cluster). > Now I see that Pacemaker restarts often Dovecot. I wrote my own script to Please define "often". If it is rather very often, try start dovecot with a script an catch its output, e.g.: #!/bin/bash logf=/tmp/dovecot.start.log ( /../sbin/dovecot -F rc=$? echo $(date) rc=$rc exit $rc ) >>"$logf" 2>&1 > manage Dovecot, since Pacemaker does not have his own. > > My script, by the "monitor" section has this: > > monitor) > if [ ! -e $OCF_RESKEY_pid ]; then > echo "stopped (no pidfile)" > echo "DOVECOT STOPPED - NO PIDFILE" | /usr/bin/logger -p local0.info -t DOVECOT-MONITOR -i > exit $OCF_NOT_RUNNING > else > /bin/ps axuwf | /bin/grep `/bin/cat $OCF_RESKEY_pid` | /bin/grep -v grep > /dev/null 2>&1 this is vague and catches many false positives if the pid is low, don't your system accepts: if ! ps `/bin/cat $OCF_RESKEY_pid` >/dev/null 2>&1; then to query one particular process id? > if [ $? -ne 0 ]; then > echo "stopped" > echo "DOVECOT STOPPED - NO PROCESS" | /usr/bin/logger -p local0.info -t DOVECOT-MONITOR -i > exit $OCF_NOT_RUNNING > else How about to log: lsof -p `/bin/cat $OCF_RESKEY_pid` lsof -c dovecot netstat -tupan into a temporary file, say /tmp/dovecot.monitor.log > if [ "`/bin/netstat -tupan | /bin/grep dovecot | /bin/grep $OCF_RESKEY_bindaddr | /usr/bin/wc -l`" -ne 0 ]; then > exit $OCF_SUCCESS > else > echo "DOVECOT STOPPED - NO LISTEN [`/bin/netstat -tupan | /bin/grep dovecot`]" | /usr/bin/logger -p local0.info -t DOVECOT-MONITOR -i > exit $OCF_ERR_GENERIC > fi > fi > fi > exit $OCF_SUCCESS > ;; > > The "loggers" was added now to try to understand why it dies... > Well, I can see in my syslog, when Pacemaker restarts Dovecot, these lines: > > ov 15 18:59:09 mail01 DOVECOT-MONITOR[530]: DOVECOT STOPPED - NO LISTEN [tcp 0 0 192.168.33.1:37545 192.168.33.3:3306 ESTABLISHED 637/dovecot-auth > Nov 15 18:59:09 mail01 DOVECOT-MONITOR[530]: tcp 0 0 > 192.168.33.1:37537 192.168.33.3:3306 ESTABLISHED 529/dovecot-auth] > > So, there is no "dovecot"-Process listening anymore... Normally I have these: > > tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 634/dovecot > tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 634/dovecot > tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 634/dovecot > tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 634/dovecot > tcp 0 0 192.168.33.1:40994 192.168.33.3:3306 VERBUNDEN 891/dovecot-auth > tcp 0 0 192.168.33.1:40984 192.168.33.3:3306 VERBUNDEN 638/dovecot-auth > tcp6 0 0 :::110 :::* LISTEN 634/dovecot > tcp6 0 0 :::143 :::* LISTEN 634/dovecot > tcp6 0 0 :::993 :::* LISTEN 634/dovecot > tcp6 0 0 :::995 :::* LISTEN 634/dovecot > > In the mail.log and mail.err I can't see anything but: > > Nov 15 18:59:13 mail01 dovecot: Dovecot v1.2.17 starting up > Nov 15 18:59:13 mail01 dovecot: auth-worker(default): mysql: Connected to 192.168.33.3 (exim) > > And in the syslos there is nothing about Dovecot... > > Any idea? > > Thanks a lot! > Luca Bertoncello > (lucabert at lucabert.de) > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVGsF/3z1H7kL/d9rAQLpJwf/TkKJ6pLDGH434gTuZ6kyvUfDbuuONNHm NJpLktdHjsTMj6DU5hmygWnVJfa2aJseT6FGn3GQCyIVHoQQIF5YmBo6UPyYjW9U JEjDortE20LobEEhUOHegBuIu05pfyHQbjdcRM2OXh99G4o3BtDiHqAnPskFyY2X VMEwH3j9a00EgTDeh37NECgI4iITCt2WYZAGcOweCTiEj+8ll4Og/bAA0Q3Lk+aP A0i4DnGzyPPayvKEzLmtfgJ0J6mKXNyD+14VPRcaGj4y+KrMc628JVAXpmyvO7N1 9J9drp5qUdeuyMXWQejI4rkvP0ZsuUKaMPJ94uJ2vCBtviLJJ8uoIA== =tBd9 -----END PGP SIGNATURE----- From dovecot at tengu.ch Tue Nov 18 08:49:44 2014 From: dovecot at tengu.ch (=?UTF-8?B?Q8OpZHJpYyBKZWFubmVyZXQ=?=) Date: Tue, 18 Nov 2014 09:49:44 +0100 Subject: Mail sync at filesystem level Message-ID: <546B0828.5040000@tengu.ch> Hello, I'm currently building a mail infra using some decentralized filesystem for the storage. As I'm wanting to get multiple "entry-points" (servers running dovecot + postfix + other mail-related stuff), all of them sharing the same storage (most probably xtreemfs), how will dovecot cope in this case? As I see things: server1 gets a mail for User1; it pushes it to the xtreemfs directory. server2 shares the same xtreemfs directory, thus it can access the same mail listing User1 connects to server2: will he see the new mail? Will dovecot on server2 know about it? Thanks! Cheers, C. From alessio at skye.it Tue Nov 18 09:06:52 2014 From: alessio at skye.it (Alessio Cecchi) Date: Tue, 18 Nov 2014 10:06:52 +0100 Subject: Different SSL certificates per IP and protocol In-Reply-To: <546A1238.5060400@dreamstand.com> References: <546A1238.5060400@dreamstand.com> Message-ID: <546B0C2C.9090100@skye.it> Il 17/11/2014 16:20, tree ha scritto: > Hi Dovecot Users and Developers, > > I am hosting the server with multiple domains. > > I have setup the dovecot with the instructions from > http://wiki2.dovecot.org/SSL/DovecotConfiguration > > > Each domain has it's own ip address. However, when I connect via > Thunderbird or any other mail clients, the client is ONLY picking up > the top-level "default" ssl_key and ssl_cert and the certificat in > /etc/ssl/dovecot.pem > > Is this a bug? > > This is on Debian Wheezy. Any help pointing in the right direction > would be appreciated thanks. Hi, what "hostname" is set in the client "pop/imap" remote server? Try also with SNI that in more simple to use (no Ip dedicated is needed) and I can confirm that works fine with Debian server and Thunderbird as email client. From dvm at rdyn.net Tue Nov 18 09:09:38 2014 From: dvm at rdyn.net (dvm at rdyn.net) Date: Tue, 18 Nov 2014 10:09:38 +0100 Subject: custom ssh port doveadm sync In-Reply-To: <546B041E.4070902@gedalya.net> References: <546B041E.4070902@gedalya.net> Message-ID: Hi, Thanks. Like i said i read it all and somehow i have some trouble interpreting it and that is why i mentioned that i kinly asked for some help not re-quoting the manual as that didn't lead to a successful attempt so after reading everything and trying everything out i tried the mailing-list. the page is actually confusing and a kind user (thank you so much) emailed me and helped me out. (the man page is actually not correct in my opinion or i totally interpret it wrong :) This did work : # doveadm sync -u mailboxuser at mydomain.com ssh -p 15223 SSHLOGINUSER at mydomain.com doveadm dsync-server -u mailboxuser at mydomain.com The main difference is the -p parameter (not present in sample and doc neither is the -i parameter so please next time don't quote blindly) and that it is the SSHLOGINuser that's important which in the sample is called mail-user (not the same in my opinion). Again i might have read it all wrong but else a small update to the wiki could be useful ? thanks mailing-list and the user that helped me out. regards, On 2014-11-18 09:32, Gedalya wrote: > On 11/18/2014 03:23 AM, dvm at rdyn.net wrote: > >> Hi all, >> >> First sorry i really couldn't find it back been searching everywhere even the docs and its bit confusing. >> I am using # doveadm -D sync -u *@mydomain.net remote:myserver.net # which works perfect however for security reasons we now need to change the sshd port on the remote server. >> How do i tell doveadm to use a custom SSH port (would love to continue to use just the ssh connection), if anyone could explain that would be great, because all i found is custom tcp or tcp ssl which is not what we want to use, as i wish to stick with custom ssh port. > From the dsync man page > > EXAMPLE > SYNCHRONIZATION > Synchronize mailboxes with a remote server. Any errors are > written to stderr. > > doveadm sync -u username at example.com > remote:server-replica.example.com > > If you need more complex parameters to ssh, you can use e.g.: > > doveadm sync -u username at example.com ssh -i id_dsa.dovecot \ > mailuser at example.com doveadm dsync-server -u username at example.com From gedalya at gedalya.net Tue Nov 18 09:26:49 2014 From: gedalya at gedalya.net (Gedalya) Date: Tue, 18 Nov 2014 04:26:49 -0500 Subject: custom ssh port doveadm sync In-Reply-To: References: <546B041E.4070902@gedalya.net> Message-ID: <546B10D9.2010805@gedalya.net> On 11/18/2014 04:09 AM, dvm at rdyn.net wrote: > > Hi, > > Thanks. Like i said i read it all and somehow i have some trouble > interpreting it and that is why i mentioned that i kinly asked for some > help not re-quoting the manual as that didn't lead to a successful > attempt so after reading everything and trying everything out i tried > the mailing-list. > > the page is actually confusing and a kind user (thank you so much) > emailed me and helped me out. (the man page is actually not correct in > my opinion or i totally interpret it wrong :) You did. The man page is not confusing. It's also not there to tell you how to use a custom SSH port. it does way better. It tells you how to use *any* custom ssh options. For more information about that, see man ssh. The -i is an ssh option to use a private key file, -p to specify a remote port. Like I said, see man ssh. > > This did work : > > # doveadm sync -u mailboxuser at mydomain.com ssh -p 15223 > SSHLOGINUSER at mydomain.com doveadm dsync-server -u > mailboxuser at mydomain.com > > The main difference is the -p parameter (not present in sample and doc > neither is the -i parameter so please next time don't quote blindly) They are present. See man ssh. > If you need more complex parameters to ssh, you can use e.g.: That's not blind. Notice the "parameters to ssh" and the "e.g." parts. > and > that it is the SSHLOGINuser that's important which in the sample is > called mail-user (not the same in my opinion). > Again i might have read it all wrong but else a small update to the wiki > could be useful ? > thanks mailing-list and the user that helped me out. > > Admittedly, I didn't help you, and someone else did. That's apparent. I nevertheless took the trouble to attempt to clarify what I did do. Let's do even more: doveadm sync -u mailboxuser at mydomain.com ssh -p 15223 SSHLOGINUSER at mydomain.com doveadm dsync-server -u mailboxuser at mydomain.com part 1: doveadm sync -u mailboxuser at mydomain.com explanation: invoke dsync locally as mailboxuser at mydomain.com rest of the line (part 2 and 3): what command dsync should run in order to reach the other side part 2: ssh -p 15223 SSHLOGINUSER at mydomain.com a very ordinary invokation of ssh, with the -p parameter part 3, to be read as the rest of the *ssh command*, which is, what command to run on the remote server. SSH(1) BSD General Commands Manual SSH(1) NAME ssh ? OpenSSH SSH client (remote login program) SYNOPSIS ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q cipher | cipher-auth | mac | kex | key] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command] note the final "[command]" bit. From sasikumar.k at locuz.com Tue Nov 18 12:31:05 2014 From: sasikumar.k at locuz.com (SasiKumar.K) Date: Tue, 18 Nov 2014 18:01:05 +0530 Subject: Storage IOPs Calculation for Qmail Server Message-ID: <002901d0032b$85d8a830$9189f890$@locuz.com> Dear DovecotORG, In my organization, we are about to implement Qmail Server. * The number of current users will be 800, in future it may increase upto 1200. * The number of concurrent users will be 300. I am the engineer to deploy the Qmail in Linux server. I need to tell the storage team on the IOPs requirement. I requested 8TB usable space for the mail storage (can scale up in future). Kindly provide your suggestion on this. Thanks & Regards, K.SasiKumar Systems Engineer, Locuz Enterprise Solutions Limited, Bangalore From tabolin at speechpro.com Tue Nov 18 14:42:45 2014 From: tabolin at speechpro.com (Yuriy Tabolin) Date: Tue, 18 Nov 2014 17:42:45 +0300 Subject: userdb-nss crash Message-ID: <546B5AE5.3000002@speechpro.com> Hi All. I have a some problem with dovecot, when I try to use nss in auth userdb. nss was setup to resolve users and group by winbind. nss and winbind works well, command "id user" shows remote user's info. I would like to use nss userdb, but dovecot crashes on start. Is this a bug or incorrect settings? Thank you for any help. dovecot log Nov 18 14:58:36 mail dovecot: auth: Panic: file userdb-nss.c: line 110 (userdb_nss_preinit): assertion failed: (bufsize > 0) Nov 18 14:58:36 mail dovecot: auth: Fatal: master: service(auth): child 19387 killed with signal 6 (core dumped) Nov 18 14:58:36 mail dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs # doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE-p12 amd64 ufs auth_cache_size = 256 M auth_failure_delay = 3 secs auth_username_format = %n auth_verbose = yes auth_winbind_helper_path = /usr/local/bin/ntlm_auth base_dir = /var/run/dovecot/ disable_plaintext_auth = no listen = * mail_location = maildir:/home/%u/Maildir passdb { args = dovecot driver = pam } protocols = imap service anvil { client_limit = 2051 } service auth { client_limit = 3000 } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 1000 process_min_avail = 5 service_count = 1 vsz_limit = 64 M } service imap { process_limit = 2048 vsz_limit = 256 M } ssl = no userdb { args = service=winbind driver = nss } verbose_proctitle = yes protocol imap { mail_max_userip_connections = 20 } # gdb /usr/local/libexec/dovecot/auth /home/tabolin/auth.core GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)... Core was generated by `auth'. Program terminated with signal 6, Aborted. Reading symbols from /usr/local/lib/dovecot/libdovecot.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/libdovecot.so.0 Reading symbols from /lib/libcrypt.so.5...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypt.so.5 Reading symbols from /usr/lib/libpam.so.5...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libpam.so.5 Reading symbols from /usr/local/lib/libldap-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/libldap-2.4.so.2 Reading symbols from /usr/local/lib/liblber-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/liblber-2.4.so.2 Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.7 Reading symbols from /usr/lib/libssl.so.7...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libssl.so.7 Reading symbols from /lib/libcrypto.so.7...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypto.so.7 Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x00000000114ece1a in kill () from /lib/libc.so.7 (gdb) # cat /etc/nsswitch.conf group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files # cat /etc/pam.d/dovecot auth required /usr/local/lib/pam_winbind.so account required /usr/local/lib/pam_winbind.so -- ? ?????????, *??????? ???? ????????* ????????? ????????????? ????? ??????? ?????????? Best regards, Tabolin Yuriy System administrator Speech Technology Center ???/Tel: +7 (812) 325-8848, ???/ext 6225 ????/Fax: +7 (812) 327-92-97 ???/Mob: +7 (981) 130-23-03 -------------- next part -------------- A non-text attachment was scrubbed... Name: stc2.jpg Type: image/jpeg Size: 3397 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: in-b.png Type: image/png Size: 1221 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: tw-b.png Type: image/png Size: 1161 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: vk-b.png Type: image/png Size: 1169 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: fb-b.png Type: image/png Size: 3749 bytes Desc: not available URL: From ales.grm at kopitarna.eu Sun Nov 16 13:39:36 2014 From: ales.grm at kopitarna.eu (=?UTF-8?B?QWxlxaEgR3Jt?=) Date: Sun, 16 Nov 2014 14:39:36 +0100 Subject: Dovecot POP3 STARTTLS works on Thunderbird but not on Gmail In-Reply-To: <5468A44C.4030300@thelounge.net> References: <5468A44C.4030300@thelounge.net> Message-ID: Ok, I tried on port 995, and on Gmail I get "SSL error: unable to verify the first certificate". Certificate is not self-signed (using StartCOM). The log now shows: Nov 16 14:37:52 mail dovecot: auth: Debug: auth client connected (pid=31923) Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [209.85.213.23] Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [209.85.213.23] Nov 16 14:37:53 mail dovecot: pop3-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [209.85.213.23] Nov 16 14:37:53 mail dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=209.85.213.23, lip=192.168.100.94, TLS: Disconnected, session= ^C Could the form of public part of certificate be wrong? I'm using only .CRT. Kopitarna Sevnica d. d. Prvomajska ulica 8 8290 SEVNICA SLOVENIA www.kopitarna.eu Cell: +386 31 899 993 Land: +386 7 81 63 440 On 16 November 2014 14:19, Reindl Harald wrote: > > Am 16.11.2014 um 14:05 schrieb Ale? Grm: > >> I have configured Dovecot to work perfectly on Thundrebird using SSL >> certificates with STARTTLS on port 110. When I try to add this account on >> Gmail I get the error: >> >> In Gmail my settings include port 110 and the use of SSL is checked. >> Dovecot configuration: >> >> Any idea why does it work with Thunderbird and not with Gmail? >> > > surely - gmail wants 995 instead 110 (means not STARTTLS) and don't accept > self signed certificates BTW > > From gedalya at gedalya.net Wed Nov 19 07:15:05 2014 From: gedalya at gedalya.net (Gedalya) Date: Wed, 19 Nov 2014 02:15:05 -0500 Subject: Storage IOPs Calculation for Qmail Server In-Reply-To: <002901d0032b$85d8a830$9189f890$@locuz.com> References: <002901d0032b$85d8a830$9189f890$@locuz.com> Message-ID: <546C4379.6040400@gedalya.net> On 11/18/2014 07:31 AM, SasiKumar.K wrote: > Dear DovecotORG, > > In my organization, we are about to implement Qmail Server. > > * The number of current users will be 800, in future it may increase upto > 1200. > > * The number of concurrent users will be 300. > > > > I am the engineer to deploy the Qmail in Linux server. I need to tell the > storage team on the IOPs requirement. > This is the dovecot mailing list, and your question has nothing to do with dovecot. I assume perhaps you're asking here just because there are people here who know email. The thing is that the amount of IOPS depends a lot on the implementation - you can save IO by using e.g. dovecot's mdbox etc. What do you mean by qmail? Will you use just pop3? No imap? Concurrent meaning..? If pop3, connections are very short lived. How will you have 300 out of 800 connected simultaneously? It's impossible to actually give you any number, but here are some guidelines. IOPS is primarily a number of writes. If you use tons of RAM you can make IO read operations a rare event (like once per minute, on your scale, is quite possible). As for writes, they happen when a new email is delivered, and when it is flagged or deleted. That's about it. It's not a direct function of how many users you have, but rather how many messages pass through your server per day. My rough guess is that 6 3.5" drives might be sufficient for you if you process, say <= 100,000 messages per day. From mysql.jorge at decimal.pt Wed Nov 19 18:23:08 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Wed, 19 Nov 2014 18:23:08 -0000 Subject: "subscription" file/folder for IMAP Message-ID: <019e01d00425$df2947f0$9d7bd7d0$@jorge@decimal.pt> Hi, For IMAP users, there's the subscription file in the user's home, and if I try to subscribe more imap folders that are invisible, there's that one, but as it is an file, nothing is supposed to happen. Is there an way to, allow users to create the "subscriptions" folder without any collision, or just deny or don't show this file as an possible folder (which Is not) to subscribe. What does people normally do? Thanks in advanced, From mysql.jorge at decimal.pt Wed Nov 19 21:04:20 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Wed, 19 Nov 2014 21:04:20 -0000 Subject: Handle of "subscription" file/folder for IMAP Message-ID: <001b01d0043c$63d3fb10$2b7bf130$@jorge@decimal.pt> Hi, For IMAP users, there's the subscription file in the user's home, and if I try to subscribe more imap folders that are invisible, there's that one, but as it is a file, nothing is supposed to happen. Is there an way to, allow users to create the "subscriptions" folder without any collision, or just deny or don't show this file as an possible folder (which Is not) to subscribe. What does people normally do? Thanks in advanced, From reynolds at biology.utah.edu Wed Nov 19 23:53:11 2014 From: reynolds at biology.utah.edu (James Reynolds) Date: Wed, 19 Nov 2014 16:53:11 -0700 Subject: Dovecot auth process repeatedly crashes on OS X Server 10.9 In-Reply-To: References: Message-ID: <4F003B65-8BF4-44D1-9413-A3E0BB062914@biology.utah.edu> I?ve isolated the crashes to clients running OS X 10.10 Yosemite and Mail.app. I?ve looked through the source code a little to get familiar with how auth works, but I?m wondering if there is a faster way to figure this out, maybe disabling encryption (tls and force plain text password) and running tcpdump and see how 10.10 is different than 10.9. I?ve asked someone running dovecot 2.0.x (on Linux) if they have seen this problem with 10.10 clients and he didn?t. The crash log states it is a EXC_BAD_ACCESS (SIGSEGV) and the 2 functions calls in the backtrace are vstrconcat (libdovecot) and strlen (libsystem_c.dylib). I?m wondering if maybe the username or strings sent by 10.10 are missing nulls at the end (which shouldn?t even be possible afiak) or off by 1 or something. Just a wild guess. James On Nov 6, 2014, at 5:26 PM, James Reynolds wrote: > My dovecot/auth process crashes several times a minute, sometimes at the same second, sometimes randomly. I?ve turned on auth_debug and been pouring over everything trying to see if I can see what is going on but I can?t find anything. I?m running OS X Server 10.9 and dovecot 2.2.5. I can?t say for sure, but it looks to me like the crashed process doesn?t even save anything to mail-debug.log before it crashes. It takes about 2 seconds for it to come up. Once it crashed about 10 times in 2 seconds. > > Can anyone give me any ideas where I should look? > > Here are relevant portions from logs: > > mail-info.log > > Nov 06 17:19:10 pop3-login: Info: Aborted login (auth process communication failure): user=<>, method=DIGEST-MD5, rip=155.101.106.229, lip=10.0.0.128, TLS > > mail-err.log > > Nov 06 17:19:10 pop3-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=66114, EOF) > Nov 06 17:19:10 auth: Fatal: master: service(auth): child 66100 killed with signal 11 (core dumps disabled) > > It looks exactly like what is discussed here: > > https://discussions.apple.com/thread/6482632?start=0&tstart=0 > > I do have clients using Outlook. I haven?t run wireshark or tried to verify it is Outlook by testing different clients. > > postconf -n > > # 2.2.5: /Library/Server/Mail/Config/dovecot/dovecot.conf > # OS: Darwin 13.3.0 x86_64 hfs > auth_mechanisms = cram-md5 digest-md5 plain login > auth_realms = biomail.biology.utah.edu > auth_socket_path = /var/run/dovecot/auth-userdb > auth_username_format = %n > debug_log_path = /Library/Logs/Mail/mail-debug.log > default_internal_user = _dovecot > default_login_user = _dovenull > first_valid_gid = 6 > first_valid_uid = 6 > imap_id_log = * > imap_id_send = "name" * "version" * > imap_urlauth_submit_user = submit > info_log_path = /Library/Logs/Mail/mail-info.log > log_path = /Library/Logs/Mail/mail-err.log > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c > mail_access_groups = mail > mail_attribute_dict = file:/Library/Server/Mail/Data/attributes/attributes.dict > mail_location = maildir:/Library/Server/Mail/Data/mail/%u > mail_log_prefix = "%s(pid %p user %u): " > mail_plugins = quota zlib acl fts fts_sk > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > mdbox_rotate_size = 200 M > namespace acl-mailboxes { > list = children > location = maildir:/Library/Server/Mail/Data/mail/users/%%u:INDEX=/Library/Server/Mail/Data/mail/shared/%%u > prefix = shared.%%u. > separator = . > subscriptions = no > type = shared > } > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > namespace list-archives { > list = children > location = maildir:/Library/Server/Mail/Data/listserver/messages/archive/lists/%%u:INDEX=/Library/Server/Mail/Data/listserver/messages/archive/shared/%%u > prefix = archives.%%u. > separator = . > subscriptions = no > type = shared > } > passdb { > driver = od > } > passdb { > args = /Library/Server/Mail/Config/dovecot/submit.passdb > driver = passwd-file > } > plugin { > acl = vfile:/Library/Server/Mail/Config/dovecot/global-acls:cache_secs=300 > acl_shared_dict = file:/Library/Server/Mail/Data/shared/shared-mailboxes > fts = sk > quota = maildir:User quota > quota_warning = storage=100%% quota-exceeded %u > sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve > sieve_dir = /Library/Server/Mail/Data/rules/%u > stats_refresh = 30 secs > stats_track_cmds = yes > } > postmaster_address = postmaster at biology.utah.edu > protocols = imap pop3 lmtp sieve > quota_full_tempfail = yes > service auth { > idle_kill = 15 mins > unix_listener auth-userdb { > user = _dovecot > } > } > service dns_client { > unix_listener dns-client { > mode = 0600 > } > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > service_count = 0 > } > service imap { > client_limit = 5 > process_limit = 200 > service_count = 0 > } > service indexer-worker { > user = _dovecot > } > service lmtp { > unix_listener lmtp { > mode = 0600 > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > service pop3 { > client_limit = 5 > process_limit = 200 > service_count = 0 > } > service quota-exceeded { > executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded.sh > unix_listener quota-exceeded { > group = mail > mode = 0660 > user = _dovecot > } > user = _dovecot > } > service quota-warning { > executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning.sh > unix_listener quota-warning { > group = mail > mode = 0660 > user = _dovecot > } > user = _dovecot > } > service stats { > fifo_listener stats-mail { > mode = 0600 > user = _dovecot > } > } > ssl_ca = ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!ADH:!eNULL > ssl_key = ssl_key_path = /etc/certificates/biomail.biology.utah.edu.CE3811751089890AEEC60B91DF2C083EE1BAD5EB.key.pem > userdb { > args = partition=/Library/Server/Mail/Config/dovecot/partition_map.conf enforce_quotas=no > driver = od > } > userdb { > args = /Library/Server/Mail/Config/dovecot/submit.passdb > driver = passwd-file > } > verbose_proctitle = yes > protocol lmtp { > mail_plugins = quota zlib acl fts fts_sk sieve > } > protocol lda { > mail_plugins = quota zlib acl fts fts_sk sieve > } > protocol imap { > mail_max_userip_connections = 20 > mail_plugins = quota zlib acl fts fts_sk imap_acl imap_quota imap_zlib > } > protocol pop3 { > mail_max_userip_connections = 6 > } > > > > Here?s part of a crash report: > > > Process: auth [60325] > Path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/auth > Identifier: auth > Version: 294 > Code Type: X86-64 (Native) > Parent Process: dovecotd [149] > Responsible: dovecotd [149] > User ID: 214 > > Date/Time: 2014-11-06 16:34:20.777 -0700 > OS Version: Mac OS X 10.9.4 (13E28) > Report Version: 11 > Anonymous UUID: 9EB07E95-1536-96FA-A8C7-3784045DCDDE > > > Crashed Thread: 0 Dispatch queue: com.apple.main-thread > > Exception Type: EXC_BAD_ACCESS (SIGSEGV) > Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 > > VM Regions Near 0: > --> > __TEXT 0000000103b39000-0000000103b6a000 [ 196K] r-x/rwx SM=COW /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/auth > > Thread 0 Crashed:: Dispatch queue: com.apple.main-thread > 0 libsystem_c.dylib 0x00007fff8a181732 strlen + 18 > 1 libdovecot.0.dylib 0x0000000103bdc2b8 vstrconcat + 72 > > Thread 1: > 0 libsystem_kernel.dylib 0x00007fff858f9e6a __workq_kernreturn + 10 > 1 libsystem_pthread.dylib 0x00007fff89901f08 _pthread_wqthread + 330 > 2 libsystem_pthread.dylib 0x00007fff89904fb9 start_wqthread + 13 > > Thread 2:: Dispatch queue: com.apple.libdispatch-manager > 0 libsystem_kernel.dylib 0x00007fff858fa662 kevent64 + 10 > 1 libdispatch.dylib 0x00007fff8808f421 _dispatch_mgr_invoke + 239 > 2 libdispatch.dylib 0x00007fff8808f136 _dispatch_mgr_thread + 52 > > Thread 3: > 0 libsystem_kernel.dylib 0x00007fff858f9e6a __workq_kernreturn + 10 > 1 libsystem_pthread.dylib 0x00007fff89901f08 _pthread_wqthread + 330 > 2 libsystem_pthread.dylib 0x00007fff89904fb9 start_wqthread + 13 > > Thread 0 crashed with X86 Thread State (64-bit): > rax: 0x00007fff5c0c6878 rbx: 0x0000000000000001 rcx: 0x0000000000000001 rdx: 0x0000000000000001 > rdi: 0x0000000000000000 rsi: 0x0000000103b6354d rbp: 0x00007fff5c0c6800 rsp: 0x00007fff5c0c6800 > r8: 0x0000000103b6354e r9: 0x0000000000000000 r10: 0x00007fff8a1c92a8 r11: 0x00007fb60dca54c3 > r12: 0x0000000000000028 r13: 0x00007fff5c0c6920 r14: 0x0000000000000028 r15: 0x0000000000000009 > rip: 0x00007fff8a181732 rfl: 0x0000000000010246 cr2: 0x0000000000000000 > > Logical CPU: 0 > Error Code: 0x00000004 > Trap Number: 14 > From goetz.reinicke at filmakademie.de Thu Nov 20 08:33:35 2014 From: goetz.reinicke at filmakademie.de (=?UTF-8?B?R8O2dHogUmVpbmlja2UgLSBJVCBLb29yZGluYXRvcg==?=) Date: Thu, 20 Nov 2014 09:33:35 +0100 Subject: how to recover mails - dovecot 2.2.13 Message-ID: <546DA75F.9070307@filmakademie.de> Hi, I still have a messed up user account, with no mail client (appl mail, thunderbird, sogo) mails show up as expected. Folders look empty, some have something in it, but cant access the mails. My idea is, to move the users mal folder, let him regenerate the folderstructure from scratch and than reimport the old mails. Question: We use maildir. Can I just copy the "old" mails from e.g. user-backup/Maildir/curl/* to user/Maildir/curl/* Or which steps are needed? rebuilding any index or something etc ....? Thanks very much for any suggestion! Regards . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5481 bytes Desc: S/MIME Cryptographic Signature URL: From barraudu at tiscali.it Thu Nov 20 09:38:53 2014 From: barraudu at tiscali.it (brd) Date: Thu, 20 Nov 2014 10:38:53 +0100 Subject: redis dict auth and default_fields Message-ID: <20141120093853.GP687@tiscali.com> Hi all, i'm trying to configure default_fields with redis dict (allow_nets, proxy, ...) but it seems that the properties defined are not used even if they appear on output of doveconf. It is a known behaviour? Does default_fields works only for ldap db? I have a director+NFS environment and with dict passdb i'have to put proxy=y for every entry in pass/userdb; to limit the redis memory footprint it should be cool if the proxy=y can be configured as a default_field. It is a limit of using dict for pass/userdb cause using SQL you can manage it as a SELECT fixed field, using LDAP you can manage with default_fields but with dict you are forced to put all inside the db entries. doveconf output: [...] passdb { args = /etc/dovecot/dovecot-dict-auth.conf.ext default_fields = proxy=y driver = dict } [...] Regards -brd From fridi at dds.nl Thu Nov 20 11:59:30 2014 From: fridi at dds.nl (Frido Otten) Date: Thu, 20 Nov 2014 12:59:30 +0100 Subject: High I/O wait with Dovecot POP3 In-Reply-To: References: <5447ADE2.2070108@dds.nl> Message-ID: <546DD7A2.6000902@dds.nl> Op 25-10-14 om 02:21 schreef Timo Sirainen: > On 22 Oct 2014, at 06:15, Frido Otten wrote: > >> In the past we've had 4 loadbalanced servers configured with courier >> pop3 and dovecot handling respectively POP3 and IMAP connections. These >> 4 servers have a shared NFS storage on a Netapp FAS3220 controller with >> SAS disks. This setup is handling 50 POP3 sessions per second without >> any problems. >> >> Now we're installing 6 new loadbalanced servers to do the same job on >> the same storage, but using Dovecot to handle the POP3 sessions instead >> of Courier. The IMAP sessions are already handled by those 6 new >> servers, but we're encountering high iowait issues when using POP3 on >> those servers. >> >> I've applied the hints from http://wiki2.dovecot.org/NFS but this had no >> improvement. > See also http://wiki2.dovecot.org/POP3Server - especially pop3_fast_size_lookups may be useful. I've applied the hints on this page and also set pop3_fast_size_lookups to yes. The same for pop3_no_flag_updates. >> mail_nfs_index = yes >> mail_nfs_storage = yes > These slow things down a bit, ideally get rid of these and use Dovecot directors instead. Can these make such a big difference? I've commented these out. When switching to the Dovecot as POP3 server the iowait immediately skyrockets to 80-90% as well as the overall load of the machine. >> protocol pop3 { >> pop3_uidl_format = %v.%u >> } > I don't think your Courier installation was using this UIDL format? If you switched to Dovecot the UIDLs would likely differ and clients would redownload mails. Try to preserve the UIDLs as described in http://wiki2.dovecot.org/Migration/Courier - and even then I'd recommend setting pop3_uidl_format to something else, for example %f This was indeed an issue. I've changed this to %f and checked with our current running courier and now the output of UIDL are the same on Courier and Dovecot. This change unfortunately had no effect on the high iowait. From eduardo at freedominterface.org Thu Nov 20 13:35:49 2014 From: eduardo at freedominterface.org (Eduardo Ramos) Date: Thu, 20 Nov 2014 11:35:49 -0200 Subject: indexes with ocfs2 Message-ID: <546DEE35.5050205@freedominterface.org> Hi guys! I'm having performance issues with my dovecot+ocfs2 environment, so I'm thinking about some changes. Now, I have mail store and indexes stored in a iscsi-ocfs2 volume with that options: mmap_disable = yes dotlock_use_excl = yes mail_fsync = always mail_nfs_storage = yes mail_nfs_index = yes lock_method = dotlock I want to change indexes to local volume ext4 and do this: mmap_disable = no mail_nfs_index = no Could it cause some problem? Thanks. From mysql.jorge at decimal.pt Thu Nov 20 13:53:18 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Thu, 20 Nov 2014 13:53:18 -0000 Subject: Test Message-ID: <021901d004c9$56d7df70$04879e50$@jorge@decimal.pt> Test msg, nock nock dovecot list? From rgm at htt-consult.com Thu Nov 20 13:41:30 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 20 Nov 2014 08:41:30 -0500 Subject: logwatch reporting Message-ID: <546DEF8A.1080709@htt-consult.com> I just launched a new mailserver that is using dovecot. My previous mailserver used courier-mail. I am expecting better things with this new server, but I was use to some login information in logwatch that I am not seeing now. For example I would get: [IMAPd] Logout stats: ==================== User | Logouts | Downloaded | Mbox Size --------------------------------------- | ------- | ---------- | ---------- user1 at htt-consult.com | 55 | 219571 | 0 user2 at htt-consult.com | 285 | 221681 | 0 user3 at labs.htt-consult.com | 32 | 15183 | 0 --------------------------------------------------------------------------- 372 | 456435 | 0 **Unmatched Entries** Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2 Time(s) ---------------------- IMAP End ------------------------- --------------------- POP-3 Begin ------------------------ [POP3] Logout stats (in MB): ============================ User | Logouts | Downloaded | Mbox Size --------------------------------------- | ------- | ---------- | ---------- user1 at htt-consult.com | 78 | 5.96 | 0 user2 at communaljob.com | 215 | 9.24 | 0 user3 at htt-consult.com | 1 | 7.47 | 0 user4 at htt-consult.com | 1 | 2.34 | 0 user5 at htt-consult.com | 301 | 31.08 | 0 user6 at labs.htt-consult.com | 201 | 4.98 | 0 --------------------------------------------------------------------------- 797 | 61.06 | 0.00 **Unmatched Entries** Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s) Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s) Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s) LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s) LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s) LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) .... LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s) Maximum connection limit reached for ::ffff:172.245.45.20: 509 Time(s) ---------------------- POP-3 End ------------------------- Whereas dovecot is only reporting: --------------------- Dovecot Begin ------------------------ Dovecot disconnects: Inactivity: 1 Time(s) Logged out: 379 Time(s) no auth attempts: 5 Time(s) no reason: 1 Time(s) tried to use disabled plaintext auth: 1 Time(s) **Unmatched Entries** dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) ---------------------- Dovecot End ------------------------- How can I get more detailed user activity reporting to logwatch? And why is connection to mysql under Unmatched Entries? From bernd.kuhls at t-online.de Thu Nov 20 18:54:25 2014 From: bernd.kuhls at t-online.de (Bernd Kuhls) Date: Thu, 20 Nov 2014 19:54:25 +0100 Subject: Static build failure Message-ID: Hi, this patch fixes a symbol conflict in static build with MySQL enabled Compile error log: http://autobuild.buildroot.net/results/9b5/9b536926b3b2bf82c683b48e9697a220 f1b4bf33/build-end.log Signed-off-by: Bernd Kuhls diff -uNr dovecot-2.2.15.org/src/doveadm/doveadm-log.c dovecot- 2.2.15/src/doveadm/doveadm-log.c --- dovecot-2.2.15.org/src/doveadm/doveadm-log.c 2014-06-13 01:02:23.000000000 +0200 +++ dovecot-2.2.15/src/doveadm/doveadm-log.c 2014-11-20 19:46:49.000000000 +0100 @@ -293,7 +293,7 @@ } } - if (str_to_time(args[1], &t) < 0) { + if (dove_str_to_time(args[1], &t) < 0) { i_error("Invalid timestamp: %s", args[1]); t = 0; } @@ -313,7 +313,7 @@ while ((c = getopt(argc, argv, "s:")) > 0) { switch (c) { case 's': - if (str_to_time(optarg, &min_timestamp) < 0) + if (dove_str_to_time(optarg, &min_timestamp) < 0) i_fatal("Invalid timestamp: %s", optarg); break; default: diff -uNr dovecot-2.2.15.org/src/doveadm/doveadm-replicator.c dovecot- 2.2.15/src/doveadm/doveadm-replicator.c --- dovecot-2.2.15.org/src/doveadm/doveadm-replicator.c 2014-06-13 01:02:50.000000000 +0200 +++ dovecot-2.2.15/src/doveadm/doveadm-replicator.c 2014-11-20 19:46:40.000000000 +0100 @@ -166,8 +166,8 @@ T_BEGIN { args = t_strsplit_tab(line); if (str_array_length(args) >= 5 && - str_to_time(args[2], &last_fast) == 0 && - str_to_time(args[3], &last_full) == 0) { + dove_str_to_time(args[2], &last_fast) == 0 && + dove_str_to_time(args[3], &last_full) == 0) { doveadm_print(args[0]); doveadm_print(args[1]); doveadm_print(time_ago(last_fast)); diff -uNr dovecot-2.2.15.org/src/doveadm/dsync/dsync-ibc-stream.c dovecot- 2.2.15/src/doveadm/dsync/dsync-ibc-stream.c --- dovecot-2.2.15.org/src/doveadm/dsync/dsync-ibc-stream.c 2014-09-29 13:07:07.000000000 +0200 +++ dovecot-2.2.15/src/doveadm/dsync/dsync-ibc-stream.c 2014-11-20 19:47:16.000000000 +0100 @@ -979,12 +979,12 @@ return DSYNC_IBC_RECV_RET_TRYAGAIN; } if (dsync_deserializer_decode_try(decoder, "last_renamed_or_created", &value) && - str_to_time(value, &node->last_renamed_or_created) < 0) { + dove_str_to_time(value, &node->last_renamed_or_created) < 0) { dsync_ibc_input_error(ibc, decoder, "Invalid last_renamed_or_created"); return DSYNC_IBC_RECV_RET_TRYAGAIN; } if (dsync_deserializer_decode_try(decoder, "last_subscription_change", &value) && - str_to_time(value, &node->last_subscription_change) < 0) { + dove_str_to_time(value, &node->last_subscription_change) < 0) { dsync_ibc_input_error(ibc, decoder, "Invalid last_subscription_change"); return DSYNC_IBC_RECV_RET_TRYAGAIN; } @@ -1064,7 +1064,7 @@ if (guid_128_from_string(tmp[i], del->guid) < 0) return -1; if (tmp[i+1] == NULL || - str_to_time(tmp[i+1], &del->timestamp) < 0) + dove_str_to_time(tmp[i+1], &del->timestamp) < 0) return -1; } return 0; @@ -1251,7 +1251,7 @@ field.decision |= MAIL_CACHE_DECISION_FORCED; if (dsync_deserializer_decode_try(decoder, "last_used", &value) && - str_to_time(value, &field.last_used) < 0) { + dove_str_to_time(value, &field.last_used) < 0) { dsync_ibc_input_error(ibc, decoder, "Invalid last_used"); ret = -1; } @@ -1454,7 +1454,7 @@ if (dsync_deserializer_decode_try(decoder, "deleted", &value)) attr->deleted = TRUE; if (dsync_deserializer_decode_try(decoder, "last_change", &value) && - str_to_time(value, &attr->last_change) < 0) { + dove_str_to_time(value, &attr->last_change) < 0) { dsync_ibc_input_error(ibc, decoder, "Invalid last_change"); return DSYNC_IBC_RECV_RET_TRYAGAIN; } @@ -1763,12 +1763,12 @@ return DSYNC_IBC_RECV_RET_TRYAGAIN; } if (dsync_deserializer_decode_try(decoder, "received_date", &value) && - str_to_time(value, &mail->received_date) < 0) { + dove_str_to_time(value, &mail->received_date) < 0) { dsync_ibc_input_error(ibc, decoder, "Invalid received_date"); return DSYNC_IBC_RECV_RET_TRYAGAIN; } if (dsync_deserializer_decode_try(decoder, "saved_date", &value) && - str_to_time(value, &mail->saved_date) < 0) { + dove_str_to_time(value, &mail->saved_date) < 0) { dsync_ibc_input_error(ibc, decoder, "Invalid saved_date"); return DSYNC_IBC_RECV_RET_TRYAGAIN; } diff -uNr dovecot-2.2.15.org/src/lib/strnum.c dovecot- 2.2.15/src/lib/strnum.c --- dovecot-2.2.15.org/src/lib/strnum.c 2014-09-24 21:34:27.000000000 + 0200 +++ dovecot-2.2.15/src/lib/strnum.c 2014-11-20 19:46:54.000000000 +0100 @@ -256,7 +256,7 @@ return 0; } -int str_to_time(const char *str, time_t *num_r) +int dove_str_to_time(const char *str, time_t *num_r) { intmax_t l; diff -uNr dovecot-2.2.15.org/src/lib-http/http-response-parser.c dovecot- 2.2.15/src/lib-http/http-response-parser.c --- dovecot-2.2.15.org/src/lib-http/http-response-parser.c 2014-07-01 23:10:16.000000000 +0200 +++ dovecot-2.2.15/src/lib-http/http-response-parser.c 2014-11-20 19:47:01.000000000 +0100 @@ -252,7 +252,7 @@ delta-seconds = 1*DIGIT */ - if (str_to_time(hdrval, &delta) >= 0) { + if (dove_str_to_time(hdrval, &delta) >= 0) { if (resp_time == (time_t)-1) { return -1; } diff -uNr dovecot-2.2.15.org/src/lib-master/master-instance.c dovecot- 2.2.15/src/lib-master/master-instance.c --- dovecot-2.2.15.org/src/lib-master/master-instance.c 2014-09-25 11:49:24.000000000 +0200 +++ dovecot-2.2.15/src/lib-master/master-instance.c 2014-11-20 19:46:57.000000000 +0100 @@ -82,7 +82,7 @@ args = t_strsplit_tabescaped(line); if (str_array_length(args) < 3) return -1; - if (str_to_time(args[0], &last_used) < 0) + if (dove_str_to_time(args[0], &last_used) < 0) return -1; inst = array_append_space(&list->instances); diff -uNr dovecot-2.2.15.org/src/replication/replicator/replicator-queue.c dovecot-2.2.15/src/replication/replicator/replicator-queue.c --- dovecot-2.2.15.org/src/replication/replicator/replicator-queue.c 2014-06-13 01:08:08.000000000 +0200 +++ dovecot-2.2.15/src/replication/replicator/replicator-queue.c 2014-11- 20 19:47:23.000000000 +0100 @@ -315,9 +315,9 @@ state = t_strdup_noconst(args[6]); if (username[0] == '\0' || str_to_uint(args[1], &priority) < 0 || - str_to_time(args[2], &tmp_user.last_update) < 0 || - str_to_time(args[3], &tmp_user.last_fast_sync) < 0 || - str_to_time(args[4], &tmp_user.last_full_sync) < 0) + dove_str_to_time(args[2], &tmp_user.last_update) < 0 || + dove_str_to_time(args[3], &tmp_user.last_fast_sync) < 0 || + dove_str_to_time(args[4], &tmp_user.last_full_sync) < 0) return -1; tmp_user.priority = priority; tmp_user.last_sync_failed = args[5][0] != '0'; From tss at iki.fi Thu Nov 20 21:34:00 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 21 Nov 2014 06:34:00 +0900 Subject: Mailing list test Message-ID: <77627C41-4630-4A05-96B6-223899E0F975@iki.fi> Apparently this list has somehow broken.. Not really sure what the problem is, lets see what happens to this mail. From tss at iki.fi Thu Nov 20 21:50:33 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 21 Nov 2014 06:50:33 +0900 Subject: Mailing list test In-Reply-To: <77627C41-4630-4A05-96B6-223899E0F975@iki.fi> References: <77627C41-4630-4A05-96B6-223899E0F975@iki.fi> Message-ID: <2B81C4A7-684D-46A7-A947-E75BC999915A@iki.fi> On 21 Nov 2014, at 06:34, Timo Sirainen wrote: > Apparently this list has somehow broken.. Not really sure what the problem is, lets see what happens to this mail. Easy enough :) Looks like mailman hadn't automatically started after server reboot for some reason. From tss at iki.fi Thu Nov 20 21:53:23 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 21 Nov 2014 06:53:23 +0900 Subject: Static build failure In-Reply-To: References: Message-ID: <4E4FCBED-7FFC-4583-B075-5A65632EF48D@iki.fi> On 21 Nov 2014, at 03:54, Bernd Kuhls wrote: > this patch fixes a symbol conflict in static build with MySQL enabled > > Compile error log: > http://autobuild.buildroot.net/results/9b5/9b536926b3b2bf82c683b48e9697a220 > f1b4bf33/build-end.log Similar to code already in sha1.h, an easier fix is to add to strnum.h #define str_to_time str_to_time_libmysqlclient_craps_all_over Although both of these should be added inside #ifdef BUILD_MYSQL I think.. From fng.lambik at gmail.com Sun Nov 16 20:45:40 2014 From: fng.lambik at gmail.com ([FnG] Lambik) Date: Sun, 16 Nov 2014 21:45:40 +0100 Subject: UNIX perms appear ok (ACL/MAC wrong?) Message-ID: Hi, I am struggling with Postfix/SASL/Dovecot-IMAP setup with ~/Maildir/ setup. Receiving the mail works fine, but viewing the mail(+listing) is failing. The setup I use is simple unix users from etc/passwd, (pam thru SASL) as I only host for a few people. The ~/Maildir folder has the ownership of the user, not mail or vmail, as I would have expected from the master.cf from Postfix, the permissions are drwx.- - - .- - - user group Maildir the {USER} and {GROUP} are the user/group of the person logging in on IMAP Can someone help me explain what is going wrong, or how I can increase debugging ? (I did the auth debugging, that was all fine) If you require more information please let me know. Thank you in advance, Lambik Versions : Dovecot 2.2.15 Postfix 2.11.0 saslauthd 2.1.26 linux : opensuse 13.1 factory -[error.log]------------------------------------------------------------------------------------------------------- dovecot: imap-login: Login: user=<{USER}>, method=PLAIN, rip=123.123.123.123, lip=12.34.56.78, mpid=18385, TLS, session=<0OEra/8HNADUuyG9> dovecot: imap({USER}): Debug: Effective uid=1014, gid=1003, home=/home/{user} dovecot: imap({USER}): Debug: Namespace inbox: type=private, prefix=~/Maildir/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir dovecot: imap({USER}): Debug: maildir++: root=/home/{user}/Maildir, index=, indexpvt=, control=, inbox=/home/{user}/Maildir, alt= dovecot: imap({USER}): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none dovecot: imap({USER}): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= dovecot: imap({USER}): Error: open(/home/{user}/Maildir/dovecot.index.log) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}) UNIX perms appear ok (ACL/MAC wrong?)) dovecot: imap({USER}): Error: file_dotlock_create(/home/{user}/Maildir/dovecot-uidlist) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}) UNIX perms appear ok (ACL/MAC wrong?)) dovecot: imap({USER}): Error: open(/home/{user}/Maildir/dovecot-uidlist) failed: Permission denied dovecot: imap({USER}): Error: file_dotlock_open(/home/{user}/Maildir/.Sent/dovecot.index.log) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}), access(/home/{user}/Maildir/.Sent/dovecot.index.log, 4) failed: No such file or directory) dovecot: imap({USER}): Error: file_dotlock_create(/home/{user}/Maildir/.Sent/dovecot-uidlist) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}), access(/home/{user}/Maildir/.Sent/dovecot-uidlist, 4) failed: No such file or directory) dovecot: imap({USER}): Error: file_dotlock_create(/home/{user}/Maildir/.Sent/dovecot-uidlist) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}), access(/home/{user}/Maildir/.Sent/dovecot-uidlist, 4) failed: No such file or directory) dovecot: imap({USER}): Error: opendir(/home/{user}/Maildir/.Sent/new) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}) UNIX perms appear ok (ACL/MAC wrong?)) dovecot: imap({USER}): Error: file_dotlock_create(/home/{user}/Maildir/.Sent/dovecot-uidlist) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}), access(/home/{user}/Maildir/.Sent/dovecot-uidlist, 4) failed: No such file or directory) dovecot: imap({USER}): Error: file_dotlock_open(/home/{user}/Maildir/.Sent/dovecot.index.log) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}), access(/home/{user}/Maildir/.Sent/dovecot.index.log, 4) failed: No such file or directory) dovecot: imap({USER}): Error: file_dotlock_create(/home/{user}/Maildir/.Sent/dovecot-uidlist) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}), access(/home/{user}/Maildir/.Sent/dovecot-uidlist, 4) failed: No such file or directory) dovecot: imap({USER}): Error: file_dotlock_create(/home/{user}/Maildir/.Sent/dovecot-uidlist) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}), access(/home/{user}/Maildir/.Sent/dovecot-uidlist, 4) failed: No such file or directory) dovecot: imap({USER}): Error: opendir(/home/{user}/Maildir/.Sent/new) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}) UNIX perms appear ok (ACL/MAC wrong?)) dovecot: imap({USER}): Error: file_dotlock_create(/home/{user}/Maildir/.Sent/dovecot-uidlist) failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}), access(/home/{user}/Maildir/.Sent/dovecot-uidlist, 4) failed: No such file or directory) --------------------------------------------------------------------------------------------------- --[master.cf ]---------------------------------------------------------------------------------------------- smtp inet n - n - - smtpd smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} ----------------------------------------------------------------------------------------------------------- --[doveconf]----------------------------------------------------------------------------------------------- # 2.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.16.4-1.g7a8842b-default x86_64 openSUSE 20141011 (x86_64) # NOTE: Send doveconf -n output instead when asking for help. auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain login auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = yes auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 1 mins default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins director_username_hash = %u disable_plaintext_auth = yes dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 1 first_valid_uid = 500 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = name * imap_idle_notify_interval = 2 mins imap_logout_format = in=%i out=%o imap_max_line_length = 64 k imap_metadata = no imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_ssl = no imapc_ssl_verify = yes imapc_user = import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS info_log_path = instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/lib/dovecot listen = 12.34.56.78 lmtp_address_translate = lmtp_proxy = no lmtp_rcpt_check_quota = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = syslog log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}> login_source_ips = login_trusted_networks = mail_access_groups = mail_always_cache_fields = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_attribute_dict = mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = yes mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = maildir:~/Maildir mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib64/dovecot/modules mail_plugins = mail_prefetch_count = 0 mail_privileged_group = mail mail_save_crlf = no mail_shared_explicit_inbox = no mail_temp_dir = /tmp mail_temp_scan_interval = 1 weeks mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index = no mailbox_list_index_very_dirty_syncs = no maildir_broken_filename_sizes = no maildir_copy_with_hardlinks = yes maildir_empty_new = no maildir_stat_dirs = no maildir_very_dirty_syncs = no managesieve_client_workarounds = managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_md5 = apop3d mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_purge_preserve_alt = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = no namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe driver = special_use = \Drafts } mailbox Junk { auto = subscribe driver = special_use = \Junk } mailbox Sent { auto = subscribe driver = special_use = \Sent } mailbox "Sent Messages" { auto = no driver = special_use = \Sent } mailbox Trash { auto = no driver = special_use = \Trash } prefix = ~/Maildir/ separator = / subscriptions = yes type = private } passdb { args = default_fields = deny = no driver = pam master = no name = override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } pop3_client_workarounds = pop3_deleted_flag = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_duplicates = allow pop3_uidl_format = %08Xu%08Xv pop3c_host = pop3c_master_user = pop3c_password = pop3c_port = 110 pop3c_quick_received_date = no pop3c_rawlog_dir = pop3c_ssl = no pop3c_ssl_verify = yes pop3c_user = %u postmaster_address = protocols = imap pop3 quota_full_tempfail = no recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s replication_dsync_parameters = -d -N -l 30 -U replication_full_sync_interval = 1 days replication_max_conns = 10 replicator_host = replicator replicator_port = 0 sendmail_path = /usr/sbin/sendmail service aggregator { chroot = . client_limit = 0 drop_priv_before_exec = no executable = aggregator extra_groups = fifo_listener replication-notify-fifo { group = mode = 0600 user = } group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replication-notify { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 0 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-client { group = mode = 0600 user = $default_internal_user } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0666 user = $default_internal_user } unix_listener login/login { group = mode = 0666 user = } unix_listener token-login/tokenlogin { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = vmail mode = 0700 user = vmail } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = . client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs inet_listener { address = port = 0 reuse_port = no ssl = no } privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener director-userdb { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = port = 143 reuse_port = no ssl = no } inet_listener imaps { address = 12.34.56.78 port = 993 reuse_port = no ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-login { chroot = token-login client_limit = 0 drop_priv_before_exec = no executable = imap-urlauth-login extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login unix_listener imap-urlauth { group = mode = 0666 user = } user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth-worker extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener imap-urlauth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service imap-urlauth { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener token-login/imap-urlauth { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service imap { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener imap { group = mode = 0700 user = } unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service indexer-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = indexer-worker extra_groups = group = idle_kill = 0 privileged_group = process_limit = 10 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service indexer { chroot = client_limit = 0 drop_priv_before_exec = no executable = indexer extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service ipc { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = ipc extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener ipc { group = mode = 0600 user = } unix_listener login/ipc-proxy { group = mode = 0600 user = $default_login_user } user = $default_internal_user vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 1 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log unix_listener log-errors { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service managesieve-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = managesieve-login extra_groups = group = idle_kill = 0 inet_listener sieve { address = port = 4190 reuse_port = no ssl = no } privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service managesieve { chroot = client_limit = 1 drop_priv_before_exec = no executable = managesieve extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = unix_listener login/sieve { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 reuse_port = no ssl = no } inet_listener pop3s { address = 12.34.56.78 port = 995 reuse_port = no ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = no executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service replicator { chroot = client_limit = 0 drop_priv_before_exec = no executable = replicator extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replicator-doveadm { group = mode = 00 user = $default_internal_user } unix_listener replicator { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } unix_listener ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0600 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service tcpwrap { chroot = client_limit = 1 drop_priv_before_exec = no executable = tcpwrap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = user = $default_internal_user vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = ssl_cert = empty_address_recipient = MAILER-DAEMON empty_address_relayhost_maps_lookup_key = <> enable_long_queue_ids = no enable_original_recipient = yes error_delivery_slot_cost = $default_delivery_slot_cost error_delivery_slot_discount = $default_delivery_slot_discount error_delivery_slot_loan = $default_delivery_slot_loan error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit error_destination_concurrency_limit = $default_destination_concurrency_limit error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback error_destination_rate_delay = $default_destination_rate_delay error_destination_recipient_limit = $default_destination_recipient_limit error_extra_recipient_limit = $default_extra_recipient_limit error_initial_destination_concurrency = $initial_destination_concurrency error_minimum_delivery_slots = $default_minimum_delivery_slots error_notice_recipient = postmaster error_recipient_limit = $default_recipient_limit error_recipient_refill_delay = $default_recipient_refill_delay error_recipient_refill_limit = $default_recipient_refill_limit error_service_name = error execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ expand_owner_alias = no export_environment = TZ MAIL_CONFIG LANG fallback_transport = fallback_transport_maps = fast_flush_domains = $relay_domains fast_flush_purge_time = 7d fast_flush_refresh_time = 12h fault_injection_code = 0 flush_service_name = flush fork_attempts = 5 fork_delay = 1s forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward frozen_delivered_to = yes hash_queue_depth = 1 hash_queue_names = deferred, defer header_address_token_limit = 10240 header_checks = header_size_limit = 102400 helpful_warnings = yes home_mailbox = Maildir/ hopcount_limit = 50 html_directory = /usr/share/doc/packages/postfix-doc/html ignore_mx_lookup_error = no import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C in_flow_delay = 1s inet_interfaces = 46.4.58.151 inet_protocols = ipv4 initial_destination_concurrency = 5 internal_mail_filter_classes = invalid_hostname_reject_code = 501 ipc_idle = 5s ipc_timeout = 3600s ipc_ttl = 1000s line_length_limit = 2048 lmdb_map_size = 16777216 lmtp_address_preference = any lmtp_assume_final = no lmtp_bind_address = lmtp_bind_address6 = lmtp_body_checks = lmtp_cname_overrides_servername = no lmtp_connect_timeout = 0s lmtp_connection_cache_destinations = lmtp_connection_cache_on_demand = yes lmtp_connection_cache_time_limit = 2s lmtp_connection_reuse_count_limit = 0 lmtp_connection_reuse_time_limit = 300s lmtp_data_done_timeout = 600s lmtp_data_init_timeout = 120s lmtp_data_xfer_timeout = 180s lmtp_defer_if_no_mx_address_found = no lmtp_delivery_slot_cost = $default_delivery_slot_cost lmtp_delivery_slot_discount = $default_delivery_slot_discount lmtp_delivery_slot_loan = $default_delivery_slot_loan lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit lmtp_destination_concurrency_limit = $default_destination_concurrency_limit lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback lmtp_destination_rate_delay = $default_destination_rate_delay lmtp_destination_recipient_limit = $default_destination_recipient_limit lmtp_discard_lhlo_keyword_address_maps = lmtp_discard_lhlo_keywords = lmtp_dns_resolver_options = lmtp_dns_support_level = lmtp_enforce_tls = no lmtp_extra_recipient_limit = $default_extra_recipient_limit lmtp_generic_maps = lmtp_header_checks = lmtp_host_lookup = dns lmtp_initial_destination_concurrency = $initial_destination_concurrency lmtp_lhlo_name = $myhostname lmtp_lhlo_timeout = 300s lmtp_line_length_limit = 998 lmtp_mail_timeout = 300s lmtp_mime_header_checks = lmtp_minimum_delivery_slots = $default_minimum_delivery_slots lmtp_mx_address_limit = 5 lmtp_mx_session_limit = 2 lmtp_nested_header_checks = lmtp_per_record_deadline = no lmtp_pix_workaround_delay_time = 10s lmtp_pix_workaround_maps = lmtp_pix_workaround_threshold_time = 500s lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf lmtp_quit_timeout = 300s lmtp_quote_rfc821_envelope = yes lmtp_randomize_addresses = yes lmtp_rcpt_timeout = 300s lmtp_recipient_limit = $default_recipient_limit lmtp_recipient_refill_delay = $default_recipient_refill_delay lmtp_recipient_refill_limit = $default_recipient_refill_limit lmtp_reply_filter = lmtp_rset_timeout = 20s lmtp_sasl_auth_cache_name = lmtp_sasl_auth_cache_time = 90d lmtp_sasl_auth_enable = no lmtp_sasl_auth_soft_bounce = yes lmtp_sasl_mechanism_filter = lmtp_sasl_password_maps = lmtp_sasl_path = lmtp_sasl_security_options = noplaintext, noanonymous lmtp_sasl_tls_security_options = $lmtp_sasl_security_options lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options lmtp_sasl_type = cyrus lmtp_send_dummy_mail_auth = no lmtp_send_xforward_command = no lmtp_sender_dependent_authentication = no lmtp_skip_5xx_greeting = yes lmtp_skip_quit_response = no lmtp_starttls_timeout = 300s lmtp_tcp_port = 24 lmtp_tls_CAfile = lmtp_tls_CApath = lmtp_tls_block_early_mail_reply = no lmtp_tls_cert_file = lmtp_tls_ciphers = export lmtp_tls_dcert_file = lmtp_tls_dkey_file = $lmtp_tls_dcert_file lmtp_tls_eccert_file = lmtp_tls_eckey_file = $lmtp_tls_eccert_file lmtp_tls_enforce_peername = yes lmtp_tls_exclude_ciphers = lmtp_tls_fingerprint_cert_match = lmtp_tls_fingerprint_digest = md5 lmtp_tls_force_insecure_host_tlsa_lookup = no lmtp_tls_key_file = $lmtp_tls_cert_file lmtp_tls_loglevel = 0 lmtp_tls_mandatory_ciphers = medium lmtp_tls_mandatory_exclude_ciphers = lmtp_tls_mandatory_protocols = !SSLv2 lmtp_tls_note_starttls_offer = no lmtp_tls_per_site = lmtp_tls_policy_maps = lmtp_tls_protocols = !SSLv2 lmtp_tls_scert_verifydepth = 9 lmtp_tls_secure_cert_match = nexthop lmtp_tls_security_level = lmtp_tls_session_cache_database = lmtp_tls_session_cache_timeout = 3600s lmtp_tls_trust_anchor_file = lmtp_tls_verify_cert_match = hostname lmtp_use_tls = no lmtp_xforward_timeout = 300s local_command_shell = local_delivery_slot_cost = $default_delivery_slot_cost local_delivery_slot_discount = $default_delivery_slot_discount local_delivery_slot_loan = $default_delivery_slot_loan local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit local_destination_concurrency_limit = 2 local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback local_destination_rate_delay = $default_destination_rate_delay local_destination_recipient_limit = 1 local_extra_recipient_limit = $default_extra_recipient_limit local_header_rewrite_clients = permit_inet_interfaces local_initial_destination_concurrency = $initial_destination_concurrency local_minimum_delivery_slots = $default_minimum_delivery_slots local_recipient_limit = $default_recipient_limit local_recipient_maps = proxy:unix:passwd.byname $alias_maps local_recipient_refill_delay = $default_recipient_refill_delay local_recipient_refill_limit = $default_recipient_refill_limit local_transport = local:$myhostname luser_relay = mail_name = Postfix mail_owner = postfix mail_release_date = 20140115 mail_spool_directory = /var/mail mail_version = 2.11.0 mailbox_command = mailbox_command_maps = mailbox_delivery_lock = fcntl, dotlock mailbox_size_limit = 0 mailbox_transport = mailbox_transport_maps = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maps_rbl_domains = maps_rbl_reject_code = 554 masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = master_service_disable = max_idle = 100s max_use = 100 maximal_backoff_time = 4000s maximal_queue_lifetime = 5d message_reject_characters = message_size_limit = 0 message_strip_characters = milter_command_timeout = 30s milter_connect_macros = j {daemon_name} v milter_connect_timeout = 30s milter_content_timeout = 300s milter_data_macros = i milter_default_action = tempfail milter_end_of_data_macros = i milter_end_of_header_macros = i milter_header_checks = milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} milter_macro_daemon_name = $myhostname milter_macro_v = $mail_name $mail_version milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} milter_protocol = 6 milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} milter_unknown_command_macros = mime_boundary_length_limit = 2048 mime_header_checks = $header_checks mime_nesting_limit = 100 minimal_backoff_time = 300s multi_instance_directories = multi_instance_enable = no multi_instance_group = multi_instance_name = multi_instance_wrapper = multi_recipient_bounce_reject_code = 550 mydestination = domain.org, domain.eu, $myhostname, localhost.$mydomain mydomain = domain.org myhostname = server.domain.org mynetworks = 12.34.56.70/27 mynetworks_style = subnet myorigin = domain.org nested_header_checks = $header_checks newaliases_path = /usr/bin/newaliases non_fqdn_reject_code = 504 non_smtpd_milters = notify_classes = resource, software owner_request_special = yes parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps permit_mx_backup_networks = pickup_service_name = pickup plaintext_reject_code = 450 postmulti_control_commands = reload flush postmulti_start_commands = start postmulti_stop_commands = stop abort drain quick-stop postscreen_access_list = permit_mynetworks postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = no postscreen_bare_newline_ttl = 30d postscreen_blacklist_action = ignore postscreen_cache_cleanup_interval = 12h postscreen_cache_map = btree:$data_directory/postscreen_cache postscreen_cache_retention_time = 7d postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit postscreen_command_count_limit = 20 postscreen_command_filter = postscreen_command_time_limit = ${stress?10}${stress:300}s postscreen_disable_vrfy_command = $disable_vrfy_command postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords postscreen_dnsbl_action = ignore postscreen_dnsbl_reply_map = postscreen_dnsbl_sites = postscreen_dnsbl_threshold = 1 postscreen_dnsbl_ttl = 1h postscreen_dnsbl_whitelist_threshold = 0 postscreen_enforce_tls = $smtpd_enforce_tls postscreen_expansion_filter = $smtpd_expansion_filter postscreen_forbidden_commands = $smtpd_forbidden_commands postscreen_greet_action = ignore postscreen_greet_banner = $smtpd_banner postscreen_greet_ttl = 1d postscreen_greet_wait = ${stress?2}${stress:6}s postscreen_helo_required = $smtpd_helo_required postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = no postscreen_non_smtp_command_ttl = 30d postscreen_pipelining_action = enforce postscreen_pipelining_enable = no postscreen_pipelining_ttl = 30d postscreen_post_queue_limit = $default_process_limit postscreen_pre_queue_limit = $default_process_limit postscreen_reject_footer = $smtpd_reject_footer postscreen_tls_security_level = $smtpd_tls_security_level postscreen_upstream_proxy_protocol = postscreen_upstream_proxy_timeout = 5s postscreen_use_tls = $smtpd_use_tls postscreen_watchdog_timeout = 10s postscreen_whitelist_interfaces = static:all prepend_delivered_header = command, file, forward process_id = 14480 process_id_directory = pid process_name = postconf propagate_unmatched_extensions = canonical, virtual proxy_interfaces = proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map proxymap_service_name = proxymap proxywrite_service_name = proxywrite qmgr_clog_warn_time = 300s qmgr_daemon_timeout = 1000s qmgr_fudge_factor = 100 qmgr_ipc_timeout = 60s qmgr_message_active_limit = 20000 qmgr_message_recipient_limit = 20000 qmgr_message_recipient_minimum = 10 qmqpd_authorized_clients = qmqpd_client_port_logging = no qmqpd_error_delay = 1s qmqpd_timeout = 300s queue_directory = /var/spool/postfix queue_file_attribute_count_limit = 100 queue_minfree = 0 queue_run_delay = 300s queue_service_name = qmgr rbl_reply_maps = readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES receive_override_options = recipient_bcc_maps = recipient_canonical_classes = envelope_recipient, header_recipient recipient_canonical_maps = recipient_delimiter = reject_code = 554 reject_tempfail_action = defer_if_permit relay_clientcerts = relay_delivery_slot_cost = $default_delivery_slot_cost relay_delivery_slot_discount = $default_delivery_slot_discount relay_delivery_slot_loan = $default_delivery_slot_loan relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit relay_destination_concurrency_limit = $default_destination_concurrency_limit relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback relay_destination_rate_delay = $default_destination_rate_delay relay_destination_recipient_limit = $default_destination_recipient_limit relay_domains = $mydestination, hash:/etc/postfix/relay relay_domains_reject_code = 554 relay_extra_recipient_limit = $default_extra_recipient_limit relay_initial_destination_concurrency = $initial_destination_concurrency relay_minimum_delivery_slots = $default_minimum_delivery_slots relay_recipient_limit = $default_recipient_limit relay_recipient_maps = relay_recipient_refill_delay = $default_recipient_refill_delay relay_recipient_refill_limit = $default_recipient_refill_limit relay_transport = relay relayhost = relocated_maps = remote_header_rewrite_domain = require_home_directory = no reset_owner_alias = no resolve_dequoted_address = yes resolve_null_domain = no resolve_numeric_domain = no retry_delivery_slot_cost = $default_delivery_slot_cost retry_delivery_slot_discount = $default_delivery_slot_discount retry_delivery_slot_loan = $default_delivery_slot_loan retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit retry_destination_concurrency_limit = $default_destination_concurrency_limit retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback retry_destination_rate_delay = $default_destination_rate_delay retry_destination_recipient_limit = $default_destination_recipient_limit retry_extra_recipient_limit = $default_extra_recipient_limit retry_initial_destination_concurrency = $initial_destination_concurrency retry_minimum_delivery_slots = $default_minimum_delivery_slots retry_recipient_limit = $default_recipient_limit retry_recipient_refill_delay = $default_recipient_refill_delay retry_recipient_refill_limit = $default_recipient_refill_limit rewrite_service_name = rewrite sample_directory = /usr/share/doc/packages/postfix-doc/samples send_cyrus_sasl_authzid = no sender_bcc_maps = sender_canonical_classes = envelope_sender, header_sender sender_canonical_maps = sender_dependent_default_transport_maps = sender_dependent_relayhost_maps = sendmail_fix_line_endings = always sendmail_path = /usr/sbin/sendmail service_throttle_time = 60s setgid_group = maildrop show_user_unknown_table_name = yes showq_service_name = showq smtp_address_preference = any smtp_always_send_ehlo = yes smtp_bind_address = smtp_bind_address6 = smtp_body_checks = smtp_cname_overrides_servername = no smtp_connect_timeout = 30s smtp_connection_cache_destinations = smtp_connection_cache_on_demand = yes smtp_connection_cache_time_limit = 2s smtp_connection_reuse_count_limit = 0 smtp_connection_reuse_time_limit = 300s smtp_data_done_timeout = 600s smtp_data_init_timeout = 120s smtp_data_xfer_timeout = 180s smtp_defer_if_no_mx_address_found = no smtp_delivery_slot_cost = $default_delivery_slot_cost smtp_delivery_slot_discount = $default_delivery_slot_discount smtp_delivery_slot_loan = $default_delivery_slot_loan smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit smtp_destination_concurrency_limit = $default_destination_concurrency_limit smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback smtp_destination_rate_delay = $default_destination_rate_delay smtp_destination_recipient_limit = $default_destination_recipient_limit smtp_discard_ehlo_keyword_address_maps = smtp_discard_ehlo_keywords = smtp_dns_resolver_options = smtp_dns_support_level = smtp_enforce_tls = no smtp_extra_recipient_limit = $default_extra_recipient_limit smtp_fallback_relay = $fallback_relay smtp_generic_maps = smtp_header_checks = smtp_helo_name = $myhostname smtp_helo_timeout = 300s smtp_host_lookup = dns smtp_initial_destination_concurrency = $initial_destination_concurrency smtp_line_length_limit = 998 smtp_mail_timeout = 300s smtp_mime_header_checks = smtp_minimum_delivery_slots = $default_minimum_delivery_slots smtp_mx_address_limit = 5 smtp_mx_session_limit = 2 smtp_nested_header_checks = smtp_never_send_ehlo = no smtp_per_record_deadline = no smtp_pix_workaround_delay_time = 10s smtp_pix_workaround_maps = smtp_pix_workaround_threshold_time = 500s smtp_pix_workarounds = disable_esmtp,delay_dotcrlf smtp_quit_timeout = 300s smtp_quote_rfc821_envelope = yes smtp_randomize_addresses = yes smtp_rcpt_timeout = 300s smtp_recipient_limit = $default_recipient_limit smtp_recipient_refill_delay = $default_recipient_refill_delay smtp_recipient_refill_limit = $default_recipient_refill_limit smtp_reply_filter = smtp_rset_timeout = 20s smtp_sasl_auth_cache_name = smtp_sasl_auth_cache_time = 90d smtp_sasl_auth_enable = no smtp_sasl_auth_soft_bounce = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = smtp_sasl_path = smtp_sasl_security_options = smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options smtp_sasl_type = cyrus smtp_send_dummy_mail_auth = no smtp_send_xforward_command = no smtp_sender_dependent_authentication = no smtp_skip_5xx_greeting = yes smtp_skip_quit_response = yes smtp_starttls_timeout = 300s smtp_tls_CAfile = smtp_tls_CApath = smtp_tls_block_early_mail_reply = no smtp_tls_cert_file = smtp_tls_ciphers = export smtp_tls_dcert_file = smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_tls_eccert_file = smtp_tls_eckey_file = $smtp_tls_eccert_file smtp_tls_enforce_peername = yes smtp_tls_exclude_ciphers = smtp_tls_fingerprint_cert_match = smtp_tls_fingerprint_digest = md5 smtp_tls_force_insecure_host_tlsa_lookup = no smtp_tls_key_file = smtp_tls_loglevel = 0 smtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_exclude_ciphers = smtp_tls_mandatory_protocols = !SSLv2 smtp_tls_note_starttls_offer = no smtp_tls_per_site = smtp_tls_policy_maps = smtp_tls_protocols = !SSLv2 smtp_tls_scert_verifydepth = 9 smtp_tls_secure_cert_match = nexthop, dot-nexthop smtp_tls_security_level = smtp_tls_session_cache_database = smtp_tls_session_cache_timeout = 3600s smtp_tls_trust_anchor_file = smtp_tls_verify_cert_match = hostname smtp_use_tls = no smtp_xforward_timeout = 300s smtpd_authorized_verp_clients = $authorized_verp_clients smtpd_authorized_xclient_hosts = smtpd_authorized_xforward_hosts = smtpd_banner = $myhostname ESMTP smtpd_client_connection_count_limit = 50 smtpd_client_connection_rate_limit = 0 smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} smtpd_client_message_rate_limit = 0 smtpd_client_new_tls_session_rate_limit = 0 smtpd_client_port_logging = no smtpd_client_recipient_rate_limit = 0 smtpd_client_restrictions = smtpd_command_filter = smtpd_data_restrictions = smtpd_delay_open_until_valid_rcpt = yes smtpd_delay_reject = yes smtpd_discard_ehlo_keyword_address_maps = smtpd_discard_ehlo_keywords = smtpd_end_of_data_restrictions = smtpd_enforce_tls = no smtpd_error_sleep_time = 1s smtpd_etrn_restrictions = smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ smtpd_forbidden_commands = CONNECT GET POST smtpd_hard_error_limit = ${stress?1}${stress:20} smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_history_flush_threshold = 100 smtpd_junk_command_limit = ${stress?1}${stress:100} smtpd_log_access_permit_actions = smtpd_milters = smtpd_noop_commands = smtpd_null_access_lookup_key = <> smtpd_peername_lookup = yes smtpd_per_record_deadline = ${stress?yes}${stress:no} smtpd_policy_service_max_idle = 300s smtpd_policy_service_max_ttl = 1000s smtpd_policy_service_timeout = 100s smtpd_proxy_ehlo = $myhostname smtpd_proxy_filter = smtpd_proxy_options = smtpd_proxy_timeout = 100s smtpd_recipient_limit = 1000 smtpd_recipient_overshoot_limit = 1000 smtpd_recipient_restrictions = permit_inet_interfaces,permit_sasl_authenticated smtpd_reject_footer = smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = no smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination smtpd_restriction_classes = smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_exceptions_networks = smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_service = smtp smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_sender_login_maps = smtpd_sender_restrictions = permit_sasl_authenticated,permit_mynetworks, smtpd_service_name = smtpd smtpd_soft_error_limit = 10 smtpd_starttls_timeout = ${stress?10}${stress:300}s smtpd_timeout = ${stress?10}${stress:300}s smtpd_tls_CAfile = smtpd_tls_CApath = smtpd_tls_always_issue_session_ids = yes smtpd_tls_ask_ccert = no smtpd_tls_auth_only = no smtpd_tls_ccert_verifydepth = 9 smtpd_tls_cert_file = /etc/ssl/certs/server.crt smtpd_tls_ciphers = export smtpd_tls_dcert_file = smtpd_tls_dh1024_param_file = smtpd_tls_dh512_param_file = smtpd_tls_dkey_file = $smtpd_tls_dcert_file smtpd_tls_eccert_file = smtpd_tls_eckey_file = $smtpd_tls_eccert_file smtpd_tls_eecdh_grade = strong smtpd_tls_exclude_ciphers = smtpd_tls_fingerprint_digest = md5 smtpd_tls_key_file = /etc/ssl/private/server.pem smtpd_tls_loglevel = 0 smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_exclude_ciphers = smtpd_tls_mandatory_protocols = !SSLv2 smtpd_tls_protocols = smtpd_tls_received_header = no smtpd_tls_req_ccert = no smtpd_tls_security_level = smtpd_tls_session_cache_database = smtpd_tls_session_cache_timeout = 3600s smtpd_tls_wrappermode = no smtpd_upstream_proxy_protocol = smtpd_upstream_proxy_timeout = 5s smtpd_use_tls = yes soft_bounce = no stale_lock_time = 500s stress = strict_7bit_headers = no strict_8bitmime = no strict_8bitmime_body = no strict_mailbox_ownership = yes strict_mime_encoding_domain = no strict_rfc821_envelopes = no sun_mailtool_compatibility = no swap_bangpath = yes syslog_facility = mail syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name} tcp_windowsize = 0 tls_append_default_CA = no tls_daemon_random_bytes = 32 tls_dane_digest_agility = on tls_dane_digests = sha512 sha256 tls_dane_trust_anchor_digest_enable = yes tls_disable_workarounds = tls_eecdh_strong_curve = prime256v1 tls_eecdh_ultra_curve = secp384r1 tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH tls_legacy_public_key_fingerprints = no tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH tls_null_cipherlist = eNULL:!aNULL tls_preempt_cipherlist = no tls_random_bytes = 32 tls_random_exchange_name = ${data_directory}/prng_exch tls_random_prng_update_period = 3600s tls_random_reseed_period = 3600s tls_random_source = dev:/dev/urandom tls_ssl_options = tls_wildcard_matches_multiple_labels = yes tlsmgr_service_name = tlsmgr tlsproxy_enforce_tls = $smtpd_enforce_tls tlsproxy_service_name = tlsproxy tlsproxy_tls_CAfile = $smtpd_tls_CAfile tlsproxy_tls_CApath = $smtpd_tls_CApath tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth tlsproxy_tls_cert_file = $smtpd_tls_cert_file tlsproxy_tls_ciphers = $smtpd_tls_ciphers tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest tlsproxy_tls_key_file = $smtpd_tls_key_file tlsproxy_tls_loglevel = $smtpd_tls_loglevel tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols tlsproxy_tls_protocols = $smtpd_tls_protocols tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert tlsproxy_tls_security_level = $smtpd_tls_security_level tlsproxy_use_tls = $smtpd_use_tls tlsproxy_watchdog_timeout = 10s trace_service_name = trace transport_maps = transport_retry_time = 60s trigger_timeout = 10s undisclosed_recipients_header = unknown_address_reject_code = 450 unknown_address_tempfail_action = $reject_tempfail_action unknown_client_reject_code = 450 unknown_helo_hostname_tempfail_action = $reject_tempfail_action unknown_hostname_reject_code = 450 unknown_local_recipient_reject_code = 550 unknown_relay_recipient_reject_code = 550 unknown_virtual_alias_reject_code = 550 unknown_virtual_mailbox_reject_code = 550 unverified_recipient_defer_code = 450 unverified_recipient_reject_code = 450 unverified_recipient_reject_reason = unverified_recipient_tempfail_action = $reject_tempfail_action unverified_sender_defer_code = 450 unverified_sender_reject_code = 450 unverified_sender_reject_reason = unverified_sender_tempfail_action = $reject_tempfail_action verp_delimiter_filter = -=+ virtual_alias_domains = virtual_alias_expansion_limit = 1000 virtual_alias_maps = hash:/etc/postfix/virtualdb virtual_alias_recursion_limit = 1000 virtual_delivery_slot_cost = $default_delivery_slot_cost virtual_delivery_slot_discount = $default_delivery_slot_discount virtual_delivery_slot_loan = $default_delivery_slot_loan virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit virtual_destination_concurrency_limit = $default_destination_concurrency_limit virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback virtual_destination_rate_delay = $default_destination_rate_delay virtual_destination_recipient_limit = $default_destination_recipient_limit virtual_extra_recipient_limit = $default_extra_recipient_limit virtual_gid_maps = virtual_initial_destination_concurrency = $initial_destination_concurrency virtual_mailbox_base = virtual_mailbox_domains = $virtual_mailbox_maps virtual_mailbox_limit = 51200000 virtual_mailbox_limit_inbox = no virtual_mailbox_limit_maps = virtual_mailbox_limit_override = no virtual_mailbox_lock = fcntl, dotlock virtual_mailbox_maps = virtual_maildir_extended = no virtual_maildir_filter = no virtual_maildir_filter_maps = virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. virtual_maildir_limit_message_maps = virtual_maildir_suffix = virtual_minimum_delivery_slots = $default_minimum_delivery_slots virtual_minimum_uid = 100 virtual_overquota_bounce = no virtual_recipient_limit = $default_recipient_limit virtual_recipient_refill_delay = $default_recipient_refill_delay virtual_recipient_refill_limit = $default_recipient_refill_limit virtual_transport = dovecot virtual_trash_count = no virtual_trash_name = .Trash virtual_uid_maps = ----------------------------------------------------------------------------------------------------------------------- From mail at marc-stuermer.de Tue Nov 18 07:39:48 2014 From: mail at marc-stuermer.de (Marc =?utf-8?b?U3TDvHJtZXI=?=) Date: Tue, 18 Nov 2014 07:39:48 +0000 Subject: stop deletion of mails In-Reply-To: Message-ID: <20141118073948.Horde.QJbeB9KRjJ_X1lxRUMBwtg5@webmail.no-carrier.info> Zitat von Edwardo Garcia : > Is possible with dovecot? > > Legal department have told us we need to stop anyone from delete email > on corporate mail server, so nobody, even managers can not anymore > delete any mail? You want to use something like e.g. Mailpiler for that task (http://www.mailpiler.org/en/index.html), Mailstore (http://www.mailstore.com/) or Benno (http://www.openbenno.org/). This is the stuff your legal departmant is looking for. From pyz at brama.com Thu Nov 20 22:06:48 2014 From: pyz at brama.com (Max Pyziur) Date: Thu, 20 Nov 2014 17:06:48 -0500 (EST) Subject: Mailing list test In-Reply-To: <77627C41-4630-4A05-96B6-223899E0F975@iki.fi> References: <77627C41-4630-4A05-96B6-223899E0F975@iki.fi> Message-ID: On Fri, 21 Nov 2014, Timo Sirainen wrote: > Apparently this list has somehow broken.. Not really sure what the problem is, lets see what happens to this mail. Any chance of putting "[dovecot]" back in the subject line? Thanks. Max Pyziur pyz at brama.com From rgm at htt-consult.com Thu Nov 20 22:22:14 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 20 Nov 2014 17:22:14 -0500 Subject: Mailing list test In-Reply-To: <77627C41-4630-4A05-96B6-223899E0F975@iki.fi> References: <77627C41-4630-4A05-96B6-223899E0F975@iki.fi> Message-ID: <546E6996.8010502@htt-consult.com> On 11/20/2014 04:34 PM, Timo Sirainen wrote: > Apparently this list has somehow broken.. Not really sure what the problem is, lets see what happens to this mail. > thanks for fixing it. I thought the problem was on my end with my new server and got yelled at on the postfix list on some of my assumptions! New to actually running dovecot. Old server was courier-mail. Though I worked off and on developing this server for a year! From h.reindl at thelounge.net Thu Nov 20 22:23:04 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 20 Nov 2014 23:23:04 +0100 Subject: Mailing list test In-Reply-To: References: <77627C41-4630-4A05-96B6-223899E0F975@iki.fi> Message-ID: <546E69C8.8080205@thelounge.net> Am 20.11.2014 um 23:06 schrieb Max Pyziur: > On Fri, 21 Nov 2014, Timo Sirainen wrote: > >> Apparently this list has somehow broken.. Not really sure what the >> problem is, lets see what happens to this mail. > > Any chance of putting "[dovecot]" back in the subject line? how did the words DKIM and DMARC not reach you? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From rgm at htt-consult.com Thu Nov 20 22:29:05 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 20 Nov 2014 17:29:05 -0500 Subject: spam folder and POP users Message-ID: <546E6B31.4080602@htt-consult.com> I am new to actually running dovecot. I actually still use POP as I have for YEARS and thunderbird does not make it easy to convert to IMAP... My server is moving all tagged spam into the IMAP spam folder. Very nice for the IMAP users, but not for the POP users. Of course the server don't know, and the mysql database for users does not have any flags for this. Don't want my server to fill up with spam from POP users that don't know to check via IMAP. I am using roundcubemail for the webmail IMAP client. Is there any way for POP users to indicate that they do not want spam so nicely auto moved to the IMAP spam folder? From h.reindl at thelounge.net Thu Nov 20 22:35:35 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 20 Nov 2014 23:35:35 +0100 Subject: spam folder and POP users In-Reply-To: <546E6B31.4080602@htt-consult.com> References: <546E6B31.4080602@htt-consult.com> Message-ID: <546E6CB7.8000404@thelounge.net> Am 20.11.2014 um 23:29 schrieb Robert Moskowitz: > I am new to actually running dovecot. I actually still use POP as I > have for YEARS and thunderbird does not make it easy to convert to IMAP... > > My server is moving all tagged spam into the IMAP spam folder. Very > nice for the IMAP users, but not for the POP users. Of course the > server don't know, and the mysql database for users does not have any > flags for this. Don't want my server to fill up with spam from POP > users that don't know to check via IMAP. > > I am using roundcubemail for the webmail IMAP client. Is there any way > for POP users to indicate that they do not want spam so nicely auto > moved to the IMAP spam folder? dovecot just don't know if it is a "POP3 user" it is just a user what about setup a better spam filter so you can deliver the 5-10 spam messages just to INBOX with [SPAM] added to the subject? to give you some numbers: 1200 users, 150 flagged messages per day -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From gedalya at gedalya.net Thu Nov 20 22:37:02 2014 From: gedalya at gedalya.net (Gedalya) Date: Thu, 20 Nov 2014 17:37:02 -0500 Subject: spam folder and POP users In-Reply-To: <546E6B31.4080602@htt-consult.com> References: <546E6B31.4080602@htt-consult.com> Message-ID: <546E6D0E.50901@gedalya.net> On 11/20/2014 05:29 PM, Robert Moskowitz wrote: > I am new to actually running dovecot. I actually still use POP as I > have for YEARS and thunderbird does not make it easy to convert to > IMAP... > > > My server is moving all tagged spam into the IMAP spam folder. Very > nice for the IMAP users, but not for the POP users. Of course the > server don't know, and the mysql database for users does not have any > flags for this. Don't want my server to fill up with spam from POP > users that don't know to check via IMAP. > > I am using roundcubemail for the webmail IMAP client. Is there any > way for POP users to indicate that they do not want spam so nicely > auto moved to the IMAP spam folder? How do you even define a "pop user" - it's not an easy thing to determine. Someone who hasn't logged in via IMAP in x days? Perhaps implement a lastlogin_imap field? You really should just have a flag in your database. Otherwise, just purge from the spam folder messages older than X days (preferably after notifying the users, of course). Another (rather annoying) feature some people have is to have a "spam report" delivered to Inbox daily, listing messages delivered to Spam in the past 24 hours, you can script that around doveadm fetch. From rgm at htt-consult.com Thu Nov 20 22:43:36 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 20 Nov 2014 17:43:36 -0500 Subject: spam folder and POP users In-Reply-To: <546E6CB7.8000404@thelounge.net> References: <546E6B31.4080602@htt-consult.com> <546E6CB7.8000404@thelounge.net> Message-ID: <546E6E98.1000207@htt-consult.com> On 11/20/2014 05:35 PM, Reindl Harald wrote: > > Am 20.11.2014 um 23:29 schrieb Robert Moskowitz: >> I am new to actually running dovecot. I actually still use POP as I >> have for YEARS and thunderbird does not make it easy to convert to >> IMAP... >> >> My server is moving all tagged spam into the IMAP spam folder. Very >> nice for the IMAP users, but not for the POP users. Of course the >> server don't know, and the mysql database for users does not have any >> flags for this. Don't want my server to fill up with spam from POP >> users that don't know to check via IMAP. >> >> I am using roundcubemail for the webmail IMAP client. Is there any way >> for POP users to indicate that they do not want spam so nicely auto >> moved to the IMAP spam folder? > > dovecot just don't know if it is a "POP3 user" That I know. Though since it is using a mysql database of users, I COULD add a column designating this. But it would be difficult to maintain. Better perhaps for dovecot NOT to be so nice to move the messages and leave that to the client. > it is just a user > > what about setup a better spam filter so you can deliver the 5-10 spam > messages just to INBOX with [SPAM] added to the subject? Well ***SPAM*** is added to the subject. And it seems that dovecot is being really nice to act on that and move it. Now I have to remember what I did to configure this and unconfigure this. I did much of the work long ago, set it aside, built a new box,,, So now I am learning what I did. > > to give you some numbers: 1200 users, 150 flagged messages per day > I only have 12 users. Small time, I know. And some have 1000 flagged messages per day. From rgm at htt-consult.com Thu Nov 20 22:51:20 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 20 Nov 2014 17:51:20 -0500 Subject: Found It - Re: spam folder and POP users In-Reply-To: <546E6B31.4080602@htt-consult.com> References: <546E6B31.4080602@htt-consult.com> Message-ID: <546E7068.5090100@htt-consult.com> On 11/20/2014 05:29 PM, Robert Moskowitz wrote: > I am new to actually running dovecot. I actually still use POP as I > have for YEARS and thunderbird does not make it easy to convert to > IMAP... > > > My server is moving all tagged spam into the IMAP spam folder. Very > nice for the IMAP users, but not for the POP users. Of course the > server don't know, and the mysql database for users does not have any > flags for this. Don't want my server to fill up with spam from POP > users that don't know to check via IMAP. > > I am using roundcubemail for the webmail IMAP client. Is there any > way for POP users to indicate that they do not want spam so nicely > auto moved to the IMAP spam folder? > Obviously I picked this up and did not think through the results. Seemed good at the time... mkdir /home/sieve cat </home/sieve/globalfilter.sieve || exit 1 require "fileinto"; if exists "X-Spam-Flag" { if header :contains "X-Spam-Flag" "NO" { } else { fileinto "Spam"; stop; } } if header :contains "subject" ["***SPAM***"] { fileinto "Spam"; stop; } EOF chown -R vmail:mail /home/sieve ============================================ So one option is just to disable this. Another is to work out how each user can do this if they want... From rgm at htt-consult.com Thu Nov 20 22:56:41 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 20 Nov 2014 17:56:41 -0500 Subject: spam folder and POP users In-Reply-To: <546E6D0E.50901@gedalya.net> References: <546E6B31.4080602@htt-consult.com> <546E6D0E.50901@gedalya.net> Message-ID: <546E71A9.4090703@htt-consult.com> On 11/20/2014 05:37 PM, Gedalya wrote: > On 11/20/2014 05:29 PM, Robert Moskowitz wrote: >> I am new to actually running dovecot. I actually still use POP as I >> have for YEARS and thunderbird does not make it easy to convert to >> IMAP... >> >> >> My server is moving all tagged spam into the IMAP spam folder. Very >> nice for the IMAP users, but not for the POP users. Of course the >> server don't know, and the mysql database for users does not have any >> flags for this. Don't want my server to fill up with spam from POP >> users that don't know to check via IMAP. >> >> I am using roundcubemail for the webmail IMAP client. Is there any >> way for POP users to indicate that they do not want spam so nicely >> auto moved to the IMAP spam folder? > > How do you even define a "pop user" - it's not an easy thing to determine. Some that connects to port 110 using a POP3 client. Remember those? Back to the days of Eudora, perhaps? Pete Resnick still attends IETF. Of course one time they attach with POP3, another with IMAP so I did find out what I did and now I have to decide what to do about it. Problem with taking such a big move in one, and then seeing how it works. Or not. > Someone who hasn't logged in via IMAP in x days? Perhaps implement a > lastlogin_imap field? > You really should just have a flag in your database. > Otherwise, just purge from the spam folder messages older than X days > (preferably after notifying the users, of course). Something to think about. Might be good for those that are not IMAP users. > Another (rather annoying) feature some people have is to have a "spam > report" delivered to Inbox daily, listing messages delivered to Spam > in the past 24 hours, you can script that around doveadm fetch. but basically the above purge would result in a daily message: "I am going to purge old spam if you don't do it yourself". From gedalya at gedalya.net Thu Nov 20 22:57:17 2014 From: gedalya at gedalya.net (Gedalya) Date: Thu, 20 Nov 2014 17:57:17 -0500 Subject: Found It - Re: spam folder and POP users In-Reply-To: <546E7068.5090100@htt-consult.com> References: <546E6B31.4080602@htt-consult.com> <546E7068.5090100@htt-consult.com> Message-ID: <546E71CD.7010107@gedalya.net> On 11/20/2014 05:51 PM, Robert Moskowitz wrote: > > On 11/20/2014 05:29 PM, Robert Moskowitz wrote: >> I am new to actually running dovecot. I actually still use POP as I >> have for YEARS and thunderbird does not make it easy to convert to >> IMAP... >> >> >> My server is moving all tagged spam into the IMAP spam folder. Very >> nice for the IMAP users, but not for the POP users. Of course the >> server don't know, and the mysql database for users does not have any >> flags for this. Don't want my server to fill up with spam from POP >> users that don't know to check via IMAP. >> >> I am using roundcubemail for the webmail IMAP client. Is there any >> way for POP users to indicate that they do not want spam so nicely >> auto moved to the IMAP spam folder? >> > Obviously I picked this up and did not think through the results. > Seemed good at the time... > > mkdir /home/sieve > cat </home/sieve/globalfilter.sieve || exit 1 > require "fileinto"; > if exists "X-Spam-Flag" { > if header :contains "X-Spam-Flag" "NO" { > } else { > fileinto "Spam"; > stop; > } > } > if header :contains "subject" ["***SPAM***"] { > fileinto "Spam"; > stop; > } > EOF > > chown -R vmail:mail /home/sieve > > ============================================ > > So one option is just to disable this. Another is to work out how > each user can do this if they want... You're already using roundcube, so just enable managesieve and the roundcube managesieve plugin, and let every user configure for themselves how to react to the X-Spam-Flag header. You can drop in a few sieve scripts as suggestions and they can enable the one they like, or none, if they prefer to use their local mail client for sorting this out. From slawrence at adknowledge.com Thu Nov 20 23:49:12 2014 From: slawrence at adknowledge.com (Simon Lawrence) Date: Thu, 20 Nov 2014 23:49:12 +0000 Subject: IMAP child killed with signal 11 Message-ID: <85692D13-5434-4F51-826E-99CFE830BD2F@adknowledge.com> Hello, We?re running a cluster of dovecot servers for a large amount of users. It?s been working pretty well except we are seeing occasional fatal error messages. Here is a sample error message that we are seeing: Nov 20 19:51:29 ip-10-238-11-11 dovecot: imap(): Fatal: master: service(imap): child 796 killed with signal 11 (core dumped) We are running dovecot 2.2.9 installed from apt-get on Ubuntu 14.04. I?ve checked out the core dump and here is the stack trace: Core was generated by `dovecot/imap [e22a36135b5f40'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f83d63aa757 in mail_transaction_log_view_mark (view=0x7f83d804f8c0) at mail-transaction-log-view.c:794 794 mail-transaction-log-view.c: No such file or directory. (gdb) bt #0 0x00007f83d63aa757 in mail_transaction_log_view_mark (view=0x7f83d804f8c0) at mail-transaction-log-view.c:794 #1 0x00007f83d63a3796 in view_sync_have_expunges (view=0x7f83d804f7e0) at mail-index-view-sync.c:223 #2 mail_index_view_sync_begin (view=0x7f83d804f7e0, flags=flags at entry=MAIL_INDEX_VIEW_SYNC_FLAG_NOEXPUNGES) at mail-index-view-sync.c:583 #3 0x00007f83d6382168 in index_mailbox_sync_init (box=box at entry=0x7f83d8049f80, flags=flags at entry=(MAILBOX_SYNC_FLAG_FAST | MAILBOX_SYNC_FLAG_NO_EXPUNGES), failed=) at index-sync.c:226 #4 0x00007f83d632983b in maildir_storage_sync_init (box=0x7f83d8049f80, flags=(MAILBOX_SYNC_FLAG_FAST | MAILBOX_SYNC_FLAG_NO_EXPUNGES)) at maildir-sync.c:1120 #5 0x00007f83d6356cf9 in mailbox_sync_init (box=box at entry=0x7f83d8049f80, flags=flags at entry=(MAILBOX_SYNC_FLAG_FAST | MAILBOX_SYNC_FLAG_NO_EXPUNGES)) at mail-storage.c:1668 #6 0x00007f83d6835e5e in imap_sync_init (client=client at entry=0x7f83d8046b60, box=, imap_flags=(unknown: 0), flags=(MAILBOX_SYNC_FLAG_FAST | MAILBOX_SYNC_FLAG_NO_EXPUNGES)) at imap-sync.c:230 #7 0x00007f83d6836af0 in cmd_sync_client (sync_cmd=0x7f83d8047760) at imap-sync.c:739 #8 cmd_sync_delayed_real (client=0x7f83d8046b60) at imap-sync.c:877 #9 cmd_sync_delayed (client=client at entry=0x7f83d8046b60) at imap-sync.c:885 #10 0x00007f83d682db61 in client_handle_input (client=client at entry=0x7f83d8046b60) at imap-client.c:906 #11 0x00007f83d682de35 in client_input (client=0x7f83d8046b60) at imap-client.c:933 #12 0x00007f83d608c247 in io_loop_call_io (io=0x7f83d8047660) at ioloop.c:388 #13 0x00007f83d608cfd7 in io_loop_handler_run (ioloop=ioloop at entry=0x7f83d8030760) at ioloop-epoll.c:220 #14 0x00007f83d608bde8 in io_loop_run (ioloop=0x7f83d8030760) at ioloop.c:412 #15 0x00007f83d603cc93 in master_service_run (service=0x7f83d80305f0, callback=) at master-service.c:566 #16 0x00007f83d68222f4 in main (argc=2, argv=0x7f83d8030390) at main.c:400 Here are the settings we?re running (I?ve removed our domain and path information): # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04.1 LTS auth_mechanisms = plain login base_dir = /var/run/dovecot/ default_client_limit = 1024 default_process_limit = 256 default_vsz_limit = 1 G disable_plaintext_auth = no mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocols = " imap lmtp pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } process_min_avail = 4 service_count = 0 vsz_limit = 128 M } service imap-postlogin { executable = script-login /real/location/to/the/script.sh user = vmail } service imap { client_limit = 1 executable = imap imap-postlogin process_limit = 65536 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } service_count = 0 } ssl = no userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } verbose_proctitle = yes protocol lmtp { hostname = real.domain.here postmaster_address = postmaster at real.domain.here } This seems like some sort of bug within dovecot since we?re seeing a seg fault, but any help would be appreciated. Thanks! From rgm at htt-consult.com Fri Nov 21 00:20:01 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 20 Nov 2014 19:20:01 -0500 Subject: Found It - Re: spam folder and POP users In-Reply-To: <546E71CD.7010107@gedalya.net> References: <546E6B31.4080602@htt-consult.com> <546E7068.5090100@htt-consult.com> <546E71CD.7010107@gedalya.net> Message-ID: <546E8531.5080201@htt-consult.com> On 11/20/2014 05:57 PM, Gedalya wrote: > > On 11/20/2014 05:51 PM, Robert Moskowitz wrote: >> >> On 11/20/2014 05:29 PM, Robert Moskowitz wrote: >>> I am new to actually running dovecot. I actually still use POP as I >>> have for YEARS and thunderbird does not make it easy to convert to >>> IMAP... >>> >>> >>> My server is moving all tagged spam into the IMAP spam folder. Very >>> nice for the IMAP users, but not for the POP users. Of course the >>> server don't know, and the mysql database for users does not have >>> any flags for this. Don't want my server to fill up with spam from >>> POP users that don't know to check via IMAP. >>> >>> I am using roundcubemail for the webmail IMAP client. Is there any >>> way for POP users to indicate that they do not want spam so nicely >>> auto moved to the IMAP spam folder? >>> >> Obviously I picked this up and did not think through the results. >> Seemed good at the time... >> >> mkdir /home/sieve >> cat </home/sieve/globalfilter.sieve || exit 1 >> require "fileinto"; >> if exists "X-Spam-Flag" { >> if header :contains "X-Spam-Flag" "NO" { >> } else { >> fileinto "Spam"; >> stop; >> } >> } >> if header :contains "subject" ["***SPAM***"] { >> fileinto "Spam"; >> stop; >> } >> EOF >> >> chown -R vmail:mail /home/sieve >> >> ============================================ >> >> So one option is just to disable this. Another is to work out how >> each user can do this if they want... > > You're already using roundcube, so just enable managesieve and the > roundcube managesieve plugin, and let every user configure for > themselves how to react to the X-Spam-Flag header. > You can drop in a few sieve scripts as suggestions and they can enable > the one they like, or none, if they prefer to use their local mail > client for sorting this out. > > I was just figuring that out. Kind of tossed everything into the sink and now I have to sort it out. Let the IMAP users (most likely Roundcube) deal with it themselves and let the POP3 users continue to get their spam to eat. From dovecot at randy.pensive.org Fri Nov 21 00:44:44 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Thu, 20 Nov 2014 16:44:44 -0800 Subject: Unable to see virtual users Message-ID: I have a new Dovecot v2.2.9 installation and am having trouble getting virtual users recognized. Also, the example configuration listed on the Wiki generates config errors. Note that I haven't tried running dovecot yet, I wanted to verify that the config looked good first. First, my configuration. I'm trying to use /etc/dovecot/users as my combined userdb and passdb file, with all users having a UID/GID of vmail, and a home directory of /local/mnt/home/ ---------- $ sudo doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-39-generic x86_64 Ubuntu 14.04.1 LTS ext4 auth_verbose = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = mdbox:/local/mnt/mail/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = username_format=%n /etc/dovecot/users driver = passwd-file } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = randy at qti.qualcomm.com protocols = " imap sieve pop3" ssl_cert = References: Message-ID: Robert Moskowitz writes: > My server is moving all tagged spam into the IMAP spam folder. Very > nice for the IMAP users, but not for the POP users. Of course the > server don't know, and the mysql database for users does not have any > flags for this. Don't want my server to fill up with spam from POP > users that don't know to check via IMAP. You can contort the virtual plugin to fuse your user's INBOX and spam box together into a virtual INBOX: http://wiki2.dovecot.org/Plugins/Virtual (See section "Virtual POP3 INBOX") This turns the problem from a delivery problem into a reading (or presentation) problem. Seems sort of klunky though. In my opinion, your energy is better invested in converting your POP3 holdouts to IMAP. Joseph Tam From rgm at htt-consult.com Fri Nov 21 01:21:34 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 20 Nov 2014 20:21:34 -0500 Subject: spam folder and POP users In-Reply-To: References: Message-ID: <546E939E.2060204@htt-consult.com> On 11/20/2014 07:55 PM, Joseph Tam wrote: > Robert Moskowitz writes: > >> My server is moving all tagged spam into the IMAP spam folder. Very >> nice for the IMAP users, but not for the POP users. Of course the >> server don't know, and the mysql database for users does not have any >> flags for this. Don't want my server to fill up with spam from POP >> users that don't know to check via IMAP. > > You can contort the virtual plugin to fuse your user's INBOX and > spam box together into a virtual INBOX: > > http://wiki2.dovecot.org/Plugins/Virtual > (See section "Virtual POP3 INBOX") > > This turns the problem from a delivery problem into a reading (or > presentation) problem. > > Seems sort of klunky though. In my opinion, your energy is better > invested in converting your POP3 holdouts to IMAP. Agreed. I am looking at what it takes to do this with Thunderbird, as I am the biggest holdout! The recommended way is HARD. I have 20 years and gigabytes of emails in local pop folders that I do not want to loose or have replicated on the server. Somewhere is the magic goo for this. Once I figure it out for myself, it will be easy for the other users. From kamath at moltingpenguin.com Fri Nov 21 05:58:03 2014 From: kamath at moltingpenguin.com (Sean Kamath) Date: Thu, 20 Nov 2014 21:58:03 -0800 Subject: Dovecot POP3 STARTTLS works on Thunderbird but not on Gmail In-Reply-To: References: <5468A44C.4030300@thelounge.net> Message-ID: <10819E1C-DCA7-4892-9DB9-EDFD3B96CF1B@moltingpenguin.com> http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html ?? Sean On Nov 16, 2014, at 5:39 AM, Ale? Grm wrote: > Ok, I tried on port 995, and on Gmail I get "SSL error: unable to verify > the first certificate". Certificate is not self-signed (using StartCOM). > The log now shows: > > Nov 16 14:37:52 mail dovecot: auth: Debug: auth client connected (pid=31923) > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x10, ret=1: > before/accept initialization [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: before/accept initialization [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 read client hello A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 write server hello A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 write certificate A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 write server done A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 flush data [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002, > ret=-1: SSLv3 read client certificate A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002, > ret=-1: SSLv3 read client certificate A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 read client key exchange A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 read finished A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 write session ticket A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 write change cipher spec A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 write finished A [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 flush data [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x20, ret=1: > SSL negotiation finished successfully [209.85.213.23] > Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002, > ret=1: SSL negotiation finished successfully [209.85.213.23] > Nov 16 14:37:53 mail dovecot: pop3-login: Warning: SSL alert: where=0x4008, > ret=256: warning close notify [209.85.213.23] > Nov 16 14:37:53 mail dovecot: pop3-login: Disconnected (no auth attempts in > 1 secs): user=<>, rip=209.85.213.23, lip=192.168.100.94, TLS: Disconnected, > session= > ^C > > Could the form of public part of certificate be wrong? I'm using only .CRT. > > Kopitarna Sevnica d. d. > > Prvomajska ulica 8 > 8290 SEVNICA > SLOVENIA > www.kopitarna.eu > Cell: +386 31 899 993 > Land: +386 7 81 63 440 > > On 16 November 2014 14:19, Reindl Harald wrote: > >> >> Am 16.11.2014 um 14:05 schrieb Ale? Grm: >> >>> I have configured Dovecot to work perfectly on Thundrebird using SSL >>> certificates with STARTTLS on port 110. When I try to add this account on >>> Gmail I get the error: >>> >>> In Gmail my settings include port 110 and the use of SSL is checked. >>> Dovecot configuration: >>> >>> Any idea why does it work with Thunderbird and not with Gmail? >>> >> >> surely - gmail wants 995 instead 110 (means not STARTTLS) and don't accept >> self signed certificates BTW >> >> > From alessio at skye.it Fri Nov 21 07:46:35 2014 From: alessio at skye.it (Alessio Cecchi) Date: Fri, 21 Nov 2014 08:46:35 +0100 Subject: how to recover mails - dovecot 2.2.13 In-Reply-To: <546DA75F.9070307@filmakademie.de> References: <546DA75F.9070307@filmakademie.de> Message-ID: <546EEDDB.7050206@skye.it> Il 20/11/2014 09:33, G?tz Reinicke - IT Koordinator ha scritto: > Question: We use maildir. Can I just copy the "old" mails from e.g. > > user-backup/Maildir/curl/* > > to > > user/Maildir/curl/* > > Or which steps are needed? rebuilding any index or something etc ....? Yes, you can move Maildir/cur/ and new/ to other account and delete all dovecot.* cache/log files in Maildir/. At the frst login dovecot rebuild its cache and show your emails. From frank at moltke28.b.shuttle.de Fri Nov 21 07:50:51 2014 From: frank at moltke28.b.shuttle.de (Frank Elsner) Date: Fri, 21 Nov 2014 08:50:51 +0100 Subject: spam folder and POP users In-Reply-To: <546E6B31.4080602@htt-consult.com> References: <546E6B31.4080602@htt-consult.com> Message-ID: <20141121085051.65f5311fe2667cbf14c13dc6@moltke28.b.shuttle.de> On Thu, 20 Nov 2014 17:29:05 -0500 Robert Moskowitz wrote: [ ... ] > I am using roundcubemail for the webmail IMAP client. Is there any way > for POP users to indicate that they do not want spam so nicely auto > moved to the IMAP spam folder? Mixing POP and IMAP is really bad due to many reasons. Peopla always complain "where is my mail" when using a web interface after they have POPped at home. You should consider to switch off POP. POP is for people living in caves. Greeting, Frank From skdovecot at smail.inf.fh-brs.de Fri Nov 21 08:14:33 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 21 Nov 2014 09:14:33 +0100 (CET) Subject: UNIX perms appear ok (ACL/MAC wrong?) In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 16 Nov 2014, [FnG] Lambik wrote: > dovecot: imap-login: Login: user=<{USER}>, method=PLAIN, > rip=123.123.123.123, lip=12.34.56.78, mpid=18385, TLS, > session=<0OEra/8HNADUuyG9> > dovecot: imap({USER}): Debug: Effective uid=1014, gid=1003, > home=/home/{user} > dovecot: imap({USER}): Debug: Namespace inbox: type=private, > prefix=~/Maildir/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes > location=maildir:~/Maildir > dovecot: imap({USER}): Debug: maildir++: root=/home/{user}/Maildir, index=, > indexpvt=, control=, inbox=/home/{user}/Maildir, alt= > dovecot: imap({USER}): Debug: Namespace : type=private, prefix=, sep=, > inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none > dovecot: imap({USER}): Debug: none: root=, index=, indexpvt=, control=, > inbox=, alt= > dovecot: imap({USER}): Error: open(/home/{user}/Maildir/dovecot.index.log) > failed: Permission denied (euid=1014({USER}) egid=1003({GROUP}) UNIX perms > appear ok (ACL/MAC wrong?)) looks like Dovecot thinks the Unix permissions are OK, but it gets "Permission denied" nonetheless. a) Is SELinux blocking the access? http://wiki2.dovecot.org/WhyDoesItNotWork?highlight=%28selinux%29 b) Does your filesystem has other ACLs besides the Unix perms, such as POSIX ACLs, AFS, ... . - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVG70anz1H7kL/d9rAQK74wf/bwY1Aari+7bpShr+3rztKX+dTXDPYjt5 nHJ+1p/T7/c01Wcpo6RDmf1Zny2q/ObNZeB+wUTgsWmrxofHFENG6q5IFCm0zBis wMOqQZvB91puKZsuJkE9PIu1nrSobr39MHKLB3ZhHJcXNbQpAp/aarjFnZy4xq9s GKL/zhsZAM8TvsRk4fFVqqw6fvXxkf9X+ZbWef27QJl5c7i4gS5+QF93ZzmklVhj jbGYQO2YkGIv7Eiz71xIzkWZKR+o6o/TDhDwRJIp8mjYx3FcIQ+T4b4Pm4t/1BjS Wosps3pm6ahmHy5ricyVEgLgBXtlyhB3cATNakYXSsVcvNVl7Efyqw== =Ffdm -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Nov 21 08:22:39 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 21 Nov 2014 09:22:39 +0100 (CET) Subject: "subscription" file/folder for IMAP In-Reply-To: <019e01d00425$df2947f0$9d7bd7d0$@jorge@decimal.pt> References: <019e01d00425$df2947f0$9d7bd7d0$@jorge@decimal.pt> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 19 Nov 2014, Jorge Bastos wrote: > For IMAP users, there's the subscription file in the user's home, and if I > try to subscribe more imap folders that are invisible, there's that one, but > as it is an file, nothing is supposed to happen. Did I understood you correctly: your users see "subscriptions" as mailbox? > Is there an way to, allow users to create the "subscriptions" folder without > any collision, or just deny or don't show this file as an possible folder > (which Is not) to subscribe. > > What does people normally do? Do your users have a separated home and mail location? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVG72T3z1H7kL/d9rAQKx1wgAlHmMXhWvaivB9lbSGzzz5esrrT/ZX5f1 MJqnXwS1K9pPUpZozHSneBcU4ABjp+cB2JE3wMMru0avpDU2/tDGl0pXp5feSata tRJg7aku8xu99yFKOmyEwVkKe+XzAj4cucD+DA04wym/x8YVBc3+3X6ln1b+8/0o e26r+RFz8Fa1krnv5HCo4F7VAwu+Dve1UmQYH0yhk5iX4ISaH/DuPcOis6Siel/u /25UkNA36RD+BgLSFuZc08czC5/AsyFB+WJgsblwUtbYlp0wEcZWh4K58zQPkFsc OYg60VgolN8/RaA6Jg+tKI56v5W5ae/Pv+a4Ch3sW6MtxIMjZ755XQ== =b3XE -----END PGP SIGNATURE----- From h.reindl at thelounge.net Fri Nov 21 08:27:59 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 21 Nov 2014 09:27:59 +0100 Subject: spam folder and POP users In-Reply-To: <546E6E98.1000207@htt-consult.com> References: <546E6B31.4080602@htt-consult.com> <546E6CB7.8000404@thelounge.net> <546E6E98.1000207@htt-consult.com> Message-ID: <546EF78F.2060400@thelounge.net> Am 20.11.2014 um 23:43 schrieb Robert Moskowitz: > On 11/20/2014 05:35 PM, Reindl Harald wrote: >> >> Am 20.11.2014 um 23:29 schrieb Robert Moskowitz: >>> I am new to actually running dovecot. I actually still use POP as I >>> have for YEARS and thunderbird does not make it easy to convert to >>> IMAP... >>> >>> My server is moving all tagged spam into the IMAP spam folder. Very >>> nice for the IMAP users, but not for the POP users. Of course the >>> server don't know, and the mysql database for users does not have any >>> flags for this. Don't want my server to fill up with spam from POP >>> users that don't know to check via IMAP. >>> >>> I am using roundcubemail for the webmail IMAP client. Is there any way >>> for POP users to indicate that they do not want spam so nicely auto >>> moved to the IMAP spam folder? >> >> dovecot just don't know if it is a "POP3 user" > > That I know. Though since it is using a mysql database of users, I > COULD add a column designating this. But it would be difficult to > maintain. Better perhaps for dovecot NOT to be so nice to move the > messages and leave that to the client. exactly - it's not maintainable and from the moment on you offer webmail it's done at all >> it is just a user >> >> what about setup a better spam filter so you can deliver the 5-10 spam >> messages just to INBOX with [SPAM] added to the subject? > > Well ***SPAM*** is added to the subject it's worthless just add a prefix to a high-score spam with a score of 47 instead *reject* it via *milter* X-Spam-Status: No, score=-7.8, tag-level=5.5, block-level=8.0 > And it seems that dovecot is > being really nice to act on that and move it. Now I have to remember > what I did to configure this and unconfigure this just remove the sieve rule you have active, dovecot never ever moves anything around until someone said so -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From skdovecot at smail.inf.fh-brs.de Fri Nov 21 08:31:11 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 21 Nov 2014 09:31:11 +0100 (CET) Subject: logwatch reporting In-Reply-To: <546DEF8A.1080709@htt-consult.com> References: <546DEF8A.1080709@htt-consult.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Nov 2014, Robert Moskowitz wrote: > Whereas dovecot is only reporting: > > --------------------- Dovecot Begin ------------------------ > > Dovecot disconnects: > Inactivity: 1 Time(s) > Logged out: 379 Time(s) > no auth attempts: 5 Time(s) > no reason: 1 Time(s) > tried to use disabled plaintext auth: 1 Time(s) > **Unmatched Entries** > dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) > ---------------------- Dovecot End ------------------------- > > > How can I get more detailed user activity reporting to logwatch? > > And why is connection to mysql under Unmatched Entries? nobody cared to create a logwatch script for Dovecot that aggregates the information as you used to see for Courier. If you check out Dovecots logfile, you'll see that it does log the username and, thus, logwatch could aggregate that information. You could update logwatch or switch to http://wiki2.dovecot.org/Statistics - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVG74T3z1H7kL/d9rAQIicAgApa1DVNBXnRqT4ahUZlywtfT102g+okff VgseS923LjtqNT4hXlJLNiLuBo4zXXztR/+0Q23PQPUkfrPjLoAsfZn4tEjLikjS 9a42IN3T9VBWFUOLCNjx+EUAws8RYc4Jl44Km5DGjE3TvuIi284toMGtenIa+GD/ qv7ZXPc54UM9sXqAlSYqenZZsIaHbMSrHCiZwfipkRFunL8G1VghK5enHsPJpPSn Gfm/r1w0cL3G8TDmoKX97c6zhZ0g3NOs+qCwvNKhq3K8XJ+Jc9tzZB4x5wd+pF2d SCOra3ElM+8ptsJotH24UI7sqYB0u/Q4iegN+1FQQEvLOzxQxI5Qbw== =F6xC -----END PGP SIGNATURE----- From h.reindl at thelounge.net Fri Nov 21 08:34:20 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 21 Nov 2014 09:34:20 +0100 Subject: spam folder and POP users In-Reply-To: <20141121085051.65f5311fe2667cbf14c13dc6@moltke28.b.shuttle.de> References: <546E6B31.4080602@htt-consult.com> <20141121085051.65f5311fe2667cbf14c13dc6@moltke28.b.shuttle.de> Message-ID: <546EF90C.3000001@thelounge.net> Am 21.11.2014 um 08:50 schrieb Frank Elsner: > On Thu, 20 Nov 2014 17:29:05 -0500 Robert Moskowitz wrote: > >> I am using roundcubemail for the webmail IMAP client. Is there any way >> for POP users to indicate that they do not want spam so nicely auto >> moved to the IMAP spam folder? > > Mixing POP and IMAP is really bad due to many reasons. > Peopla always complain "where is my mail" when using a web interface > after they have POPped at home. > > You should consider to switch off POP. POP is for people living in caves no - it's for non-technical people not understanding that the trash folder also lives on the server and just delete messages aka move them in a different folder don't solve the quota warning we sometimes consider to switch IMAP off if there would not be a few accounts where it really makes sense and not only work and problems that said from somebody with currently 40 shared IMAP folders using it heavily -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Fri Nov 21 09:06:42 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 21 Nov 2014 18:06:42 +0900 Subject: Unable to see virtual users In-Reply-To: References: Message-ID: <36D3FB12-DC31-4BA5-912B-C5815D031456@iki.fi> On 21 Nov 2014, at 09:44, Randall Gellens wrote: > I have a new Dovecot v2.2.9 installation and am having trouble > getting virtual users recognized. I don't see anything obviously wrong in your config. Set auth_debug=yes and see what the logs say. Also while testing try also disabling pam+passwd before you get the passwd-file working, just in case that makes debugging easier. > As an aside, when I copied the sample config entries from > http://wiki2.dovecot.org/UserDatabase it got config errors: > > userdb { > driver = passwd-file > args = username_format=%n /etc/dovecot/users > > default_fields = uid=vmail gid=vmail > override_fields = > > skip = never > > result_failure = continue > result_internalfail = continue > result_success = return-ok > } > > The 'skip', 'result_failure', etc. entries all generated config > errors as being unknown. Since these were just explicitly setting > config variables to their default values, I deleted them. It does > seem odd that the config sample from the Wiki generated errors though. The wiki mentions also a bit below that they exist only in v2.2.10 and newer versions. I added now a comment line about that also. From dovecot-list at mohtex.net Fri Nov 21 09:13:27 2014 From: dovecot-list at mohtex.net (Tamsy) Date: Fri, 21 Nov 2014 16:13:27 +0700 Subject: logwatch reporting In-Reply-To: <546DEF8A.1080709@htt-consult.com> References: <546DEF8A.1080709@htt-consult.com> Message-ID: <546F0237.60102@mohtex.net> Robert Moskowitz wrote on 20.11.2014 20:41: > I just launched a new mailserver that is using dovecot. My previous > mailserver used courier-mail. I am expecting better things with this > new server, but I was use to some login information in logwatch that I > am not seeing now. For example I would get: > > > > [IMAPd] Logout stats: > ==================== > User | Logouts | Downloaded | Mbox > Size > --------------------------------------- | ------- | ---------- | > ---------- > user1 at htt-consult.com | 55 | 219571 > | 0 > user2 at htt-consult.com | 285 | 221681 > | 0 > user3 at labs.htt-consult.com | 32 | 15183 > | 0 > --------------------------------------------------------------------------- > > 372 | 456435 > | 0 > > > > **Unmatched Entries** > Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2 > Time(s) > > ---------------------- IMAP End ------------------------- > > > --------------------- POP-3 Begin ------------------------ > > > [POP3] Logout stats (in MB): > ============================ > User | Logouts | Downloaded | Mbox > Size > --------------------------------------- | ------- | ---------- | > ---------- > user1 at htt-consult.com | 78 | 5.96 > | 0 > user2 at communaljob.com | 215 | 9.24 > | 0 > user3 at htt-consult.com | 1 | 7.47 > | 0 > user4 at htt-consult.com | 1 | 2.34 > | 0 > user5 at htt-consult.com | 301 | 31.08 > | 0 > user6 at labs.htt-consult.com | 201 | 4.98 > | 0 > --------------------------------------------------------------------------- > > 797 | 61.06 > | 0.00 > > > > **Unmatched Entries** > Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s) > Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s) > Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s) > LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s) > LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s) > LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) > .... > LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) > LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s) > Maximum connection limit reached for ::ffff:172.245.45.20: 509 > Time(s) > > ---------------------- POP-3 End ------------------------- > > > Whereas dovecot is only reporting: > > --------------------- Dovecot Begin ------------------------ > > > > Dovecot disconnects: > Inactivity: 1 Time(s) > Logged out: 379 Time(s) > no auth attempts: 5 Time(s) > no reason: 1 Time(s) > tried to use disabled plaintext auth: 1 Time(s) > > **Unmatched Entries** > dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) > > ---------------------- Dovecot End ------------------------- > > > How can I get more detailed user activity reporting to logwatch? > > And why is connection to mysql under Unmatched Entries? What version of Logwatch is installed on the server and on which distro? We are using Logwatch here too and the summary for Dovecot is very detailed; even more detailed compared to what you got with courier-mail. From tss at iki.fi Fri Nov 21 09:22:20 2014 From: tss at iki.fi (Timo Sirainen) Date: Fri, 21 Nov 2014 18:22:20 +0900 Subject: spam folder and POP users In-Reply-To: <546E6E98.1000207@htt-consult.com> References: <546E6B31.4080602@htt-consult.com> <546E6CB7.8000404@thelounge.net> <546E6E98.1000207@htt-consult.com> Message-ID: <74B0C6CB-24BB-4668-A3DA-3F27E0980F99@iki.fi> On 21 Nov 2014, at 07:43, Robert Moskowitz wrote: > Better perhaps for dovecot NOT to be so nice to move the messages and leave that to the client. Dovecot doesn't move anything anywhere, unless either the IMAP client requests that or the admin has configured that (e.g. with Sieve). From tim at bastelfreak.de Fri Nov 21 09:40:00 2014 From: tim at bastelfreak.de (Tim) Date: Fri, 21 Nov 2014 10:40:00 +0100 Subject: Corrupted index cache after migrating from maildir to mdbox In-Reply-To: <1415131631.20990.6@slate> References: <1414756698.6545.3@slate> <5454CEEC.1040103@bastelfreak.de> <1415131631.20990.6@slate> Message-ID: <546F0870.9040500@bastelfreak.de> Hi guys, anybody else with an idea? timo maybe? On 04.11.2014 21:07, Karl O. Pinc wrote: > On 11/01/2014 07:15:40 AM, Tim wrote: >> Hi Karl >> >> On 31.10.2014 12:58, Karl O. Pinc wrote: >>> I was poking around in the code and I think there's >>> only 1 last_indexed_uid in the data structure. >>> I have no clue if this value is used outside of fts >>> but you could poke it with a stick and >> what exactly do you mean? >> >>> try the doveadm fts rescan command to reset this to 0. >>> >> I did "doveadm fts rescan -u myaccount" but after that I still see >> the >> errors in the log :( > What you did is what I thought might be worth trying. > > > > Karl > Free Software: "You don't pay back, you pay forward." > -- Robert A. Heinlein From rs at sys4.de Fri Nov 21 09:49:18 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 21 Nov 2014 10:49:18 +0100 Subject: spam folder and POP users In-Reply-To: <546EF90C.3000001@thelounge.net> References: <546E6B31.4080602@htt-consult.com> <20141121085051.65f5311fe2667cbf14c13dc6@moltke28.b.shuttle.de> <546EF90C.3000001@thelounge.net> Message-ID: <546F0A9E.6000602@sys4.de> Am 21.11.2014 um 09:34 schrieb Reindl Harald: > > Am 21.11.2014 um 08:50 schrieb Frank Elsner: >> On Thu, 20 Nov 2014 17:29:05 -0500 Robert Moskowitz wrote: >> >>> I am using roundcubemail for the webmail IMAP client. Is there any way >>> for POP users to indicate that they do not want spam so nicely auto >>> moved to the IMAP spam folder? >> >> Mixing POP and IMAP is really bad due to many reasons. >> Peopla always complain "where is my mail" when using a web interface >> after they have POPped at home. >> >> You should consider to switch off POP. POP is for people living in caves > > no - it's for non-technical people not understanding that the trash > folder also lives on the server and just delete messages aka move them > in a different folder don't solve the quota warning > > we sometimes consider to switch IMAP off if there would not be a few > accounts where it really makes sense and not only work and problems > > that said from somebody with currently 40 shared IMAP folders using it > heavily > however, use virtual folder setup with pop3 and global sieve rule for filtering see https://sys4.de/de/blog/2013/02/11/dovecot-virtual-setup-mit-globaler-sieve-spamfilter-regel-fur-pop3-nutzer/ sorry german but config should speak for its own Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tim at bastelfreak.de Fri Nov 21 09:59:44 2014 From: tim at bastelfreak.de (Tim) Date: Fri, 21 Nov 2014 10:59:44 +0100 Subject: Corrupted index cache after migrating from maildir to mdbox In-Reply-To: <408E7528-3DA5-4469-ADB8-0278679DC3A7@iki.fi> References: <54275AD9.2080900@bastelfreak.de> <408E7528-3DA5-4469-ADB8-0278679DC3A7@iki.fi> Message-ID: <546F0D10.5060909@bastelfreak.de> Hi Timo, sorry for the late reply, missed this mail. On 15.10.2014 05:05, Timo Sirainen wrote: > On 27 Sep 2014, at 17:48, Tim wrote: > >> unfortunately I'm getting the following two kinds of error messages for >> all mail boxes in my mail.log: >> >> Error: Corrupted index cache file >> /home/vmail/%domain/%user/mdbox/mailboxes/%maildir/dbox-Mails/dovecot.index.cache: >> Broken virtual size for mail UID 2564 >> >> and: >> >> Error: read(/home/vmail/%domain/%user/mdbox/storage/m.108 >> ): FETCH BODY[] for mailbox %maildir UID 2564 got too little data: 2417 >> vs 6319 > If that happens to all the mails, something went wrong. Did you maybe use zlib plugin while writing the messages (compressed), but now you're trying to read the mails without zlib plugin? the migration from maildir to mdbox is a few weeks in the past so I don't remember correctly. IMHO I migrated from maildir with disabled zlib to mdbox. with mdbox, zlib was active the hole time and it is still active. Here is my doveconf -n output: http://p.bastelfreak.de/l2wq/ . Do you need anything else for debugging? > > The error messages may be somewhat confusing. The problem isn't dovecot.index.cache file, but that the message sizes in the m.* files don't match the contents. There's no easy way to fix those, because they should just about never be wrong. From pch at myzel.net Fri Nov 21 10:40:15 2014 From: pch at myzel.net (Peter Chiochetti) Date: Fri, 21 Nov 2014 11:40:15 +0100 Subject: spam folder and POP users In-Reply-To: <546E939E.2060204@htt-consult.com> References: <546E939E.2060204@htt-consult.com> Message-ID: <546F168F.1010004@myzel.net> Am 2014-11-21 um 02:21 schrieb Robert Moskowitz: > On 11/20/2014 07:55 PM, Joseph Tam wrote: >> >> Seems sort of klunky though. In my opinion, your energy is better >> invested in converting your POP3 holdouts to IMAP. > > Agreed. I am looking at what it takes to do this with Thunderbird, as I > am the biggest holdout! The recommended way is HARD. I have 20 years > and gigabytes of emails in local pop folders that I do not want to loose > or have replicated on the server. Somewhere is the magic goo for this. > Once I figure it out for myself, it will be easy for the other users. It might not be that hard with Thunderbird. You have though to recreate all accounts as IMAP ones, which leaves the POP ones alone. This is most of the work. Then, in the Profiles/...../Mail folder in the local filesystem move all POP folders below the "Local Folders" there. Then delete the POP accounts. Likely you can even point the "archive" Folder in IMAP account settings to this new path, tick keep structure and from now on, move mails from IMAP to local with a single tap on the "a" key. I did this years ago, so take advise with caution. -- peter From toni at solu.fi Fri Nov 21 10:58:16 2014 From: toni at solu.fi (Toni Mattila) Date: Fri, 21 Nov 2014 12:58:16 +0200 Subject: Corrupted index cache after migrating from maildir to mdbox In-Reply-To: <546F0D10.5060909@bastelfreak.de> References: <54275AD9.2080900@bastelfreak.de> <408E7528-3DA5-4469-ADB8-0278679DC3A7@iki.fi> <546F0D10.5060909@bastelfreak.de> Message-ID: <546F1AC8.8020800@solu.fi> Hi, I think your issue is due to your corrupted maildir sizes in filenames so you got corrupted index that way to your mdbox. That is not something you can easily fix afterwords other than fixing the maildir first and then migrate to mdbox. Best Regards, Toni On 21.11.2014 11:59, Tim wrote: > Hi Timo, > sorry for the late reply, missed this mail. > On 15.10.2014 05:05, Timo Sirainen wrote: >> On 27 Sep 2014, at 17:48, Tim wrote: >> >>> unfortunately I'm getting the following two kinds of error messages for >>> all mail boxes in my mail.log: >>> >>> Error: Corrupted index cache file >>> /home/vmail/%domain/%user/mdbox/mailboxes/%maildir/dbox-Mails/dovecot.index.cache: >>> Broken virtual size for mail UID 2564 >>> >>> and: >>> >>> Error: read(/home/vmail/%domain/%user/mdbox/storage/m.108 >>> ): FETCH BODY[] for mailbox %maildir UID 2564 got too little data: 2417 >>> vs 6319 >> If that happens to all the mails, something went wrong. Did you maybe use zlib plugin while writing the messages (compressed), but now you're trying to read the mails without zlib plugin? > > the migration from maildir to mdbox is a few weeks in the past so I > don't remember correctly. IMHO I migrated from maildir with disabled > zlib to mdbox. with mdbox, zlib was active the hole time and it is still > active. Here is my doveconf -n output: http://p.bastelfreak.de/l2wq/ . > Do you need anything else for debugging? >> >> The error messages may be somewhat confusing. The problem isn't dovecot.index.cache file, but that the message sizes in the m.* files don't match the contents. There's no easy way to fix those, because they should just about never be wrong. From bruno.galindro at gmail.com Fri Nov 21 13:00:19 2014 From: bruno.galindro at gmail.com (Bruno Galindro da Costa) Date: Fri, 21 Nov 2014 11:00:19 -0200 Subject: Prevent a message from be deleted but not from be moved Message-ID: Is it possible to prevent a message from be deleted but not from be moved to another mailbox via ACL? I need this because I'm using antispam plugin with the mailtrain backend. It calls a script every time a message is moved to/from a monitored spam mailbox. But, if the user deletes a message from the spam folder, the script is executed with the option to train the antispam to consider that excluded message as a non spam. So, what I need is to prevent the user from delete a message from the spam mailbox, but I want to permit the user to move a menssage from the spam mailbox to another mailbox. -- Att. Bruno Galindro da Costa From tim at bastelfreak.de Fri Nov 21 13:04:19 2014 From: tim at bastelfreak.de (Tim) Date: Fri, 21 Nov 2014 14:04:19 +0100 Subject: Corrupted index cache after migrating from maildir to mdbox In-Reply-To: <546F1AC8.8020800@solu.fi> References: <54275AD9.2080900@bastelfreak.de> <408E7528-3DA5-4469-ADB8-0278679DC3A7@iki.fi> <546F0D10.5060909@bastelfreak.de> <546F1AC8.8020800@solu.fi> Message-ID: <546F3853.2030001@bastelfreak.de> On 21.11.2014 11:58, Toni Mattila wrote: > Hi, > > I think your issue is due to your corrupted maildir sizes in filenames > so you got corrupted index that way to your mdbox. That is not > something you can easily fix afterwords other than fixing the maildir > first and then migrate to mdbox. > well, I don't have the maildir files anymore or they are way out of date. I can try to mirror the directory structure with doveadm to create another mdbox instance. maybe this will it also fix. > Best Regards, > Toni > > On 21.11.2014 11:59, Tim wrote: >> Hi Timo, >> sorry for the late reply, missed this mail. >> On 15.10.2014 05:05, Timo Sirainen wrote: >>> On 27 Sep 2014, at 17:48, Tim wrote: >>> >>>> unfortunately I'm getting the following two kinds of error messages >>>> for >>>> all mail boxes in my mail.log: >>>> >>>> Error: Corrupted index cache file >>>> /home/vmail/%domain/%user/mdbox/mailboxes/%maildir/dbox-Mails/dovecot.index.cache: >>>> >>>> Broken virtual size for mail UID 2564 >>>> >>>> and: >>>> >>>> Error: read(/home/vmail/%domain/%user/mdbox/storage/m.108 >>>> ): FETCH BODY[] for mailbox %maildir UID 2564 got too little data: >>>> 2417 >>>> vs 6319 >>> If that happens to all the mails, something went wrong. Did you >>> maybe use zlib plugin while writing the messages (compressed), but >>> now you're trying to read the mails without zlib plugin? >> >> the migration from maildir to mdbox is a few weeks in the past so I >> don't remember correctly. IMHO I migrated from maildir with disabled >> zlib to mdbox. with mdbox, zlib was active the hole time and it is still >> active. Here is my doveconf -n output: http://p.bastelfreak.de/l2wq/ . >> Do you need anything else for debugging? >>> >>> The error messages may be somewhat confusing. The problem isn't >>> dovecot.index.cache file, but that the message sizes in the m.* >>> files don't match the contents. There's no easy way to fix those, >>> because they should just about never be wrong. From h.reindl at thelounge.net Fri Nov 21 13:14:56 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 21 Nov 2014 14:14:56 +0100 Subject: Prevent a message from be deleted but not from be moved In-Reply-To: References: Message-ID: <546F3AD0.7060109@thelounge.net> Am 21.11.2014 um 14:00 schrieb Bruno Galindro da Costa: > Is it possible to prevent a message from be deleted but not from be moved > to another mailbox via ACL? > > I need this because I'm using antispam plugin with the mailtrain backend. > It calls a script every time a message is moved to/from a monitored spam > mailbox. But, if the user deletes a message from the spam folder, the > script is executed with the option to train the antispam to consider that > excluded message as a non spam. > > So, what I need is to prevent the user from delete a message from the spam > mailbox, but I want to permit the user to move a menssage from the spam > mailbox to another mailbox simply: no many if not most mail-clients in case of move issue two commands: * copy to new folder * delete from old folder -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From rgm at htt-consult.com Fri Nov 21 13:48:45 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 21 Nov 2014 08:48:45 -0500 Subject: logwatch reporting In-Reply-To: <546F0237.60102@mohtex.net> References: <546DEF8A.1080709@htt-consult.com> <546F0237.60102@mohtex.net> Message-ID: <546F42BD.7080006@htt-consult.com> On 11/21/2014 04:13 AM, Tamsy wrote: > Robert Moskowitz wrote on 20.11.2014 20:41: >> I just launched a new mailserver that is using dovecot. My previous >> mailserver used courier-mail. I am expecting better things with this >> new server, but I was use to some login information in logwatch that >> I am not seeing now. For example I would get: >> >> >> >> [IMAPd] Logout stats: >> ==================== >> User | Logouts | Downloaded | >> Mbox Size >> --------------------------------------- | ------- | ---------- | >> ---------- >> user1 at htt-consult.com | 55 | 219571 >> | 0 >> user2 at htt-consult.com | 285 | 221681 >> | 0 >> user3 at labs.htt-consult.com | 32 | 15183 >> | 0 >> --------------------------------------------------------------------------- >> >> 372 | 456435 >> | 0 >> >> >> >> **Unmatched Entries** >> Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2 >> Time(s) >> >> ---------------------- IMAP End ------------------------- >> >> >> --------------------- POP-3 Begin ------------------------ >> >> >> [POP3] Logout stats (in MB): >> ============================ >> User | Logouts | Downloaded | >> Mbox Size >> --------------------------------------- | ------- | ---------- | >> ---------- >> user1 at htt-consult.com | 78 | 5.96 >> | 0 >> user2 at communaljob.com | 215 | 9.24 >> | 0 >> user3 at htt-consult.com | 1 | 7.47 >> | 0 >> user4 at htt-consult.com | 1 | 2.34 >> | 0 >> user5 at htt-consult.com | 301 | 31.08 >> | 0 >> user6 at labs.htt-consult.com | 201 | 4.98 >> | 0 >> --------------------------------------------------------------------------- >> >> 797 | 61.06 >> | 0.00 >> >> >> >> **Unmatched Entries** >> Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s) >> Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s) >> Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s) >> LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s) >> LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s) >> LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) >> .... >> LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) >> LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s) >> Maximum connection limit reached for ::ffff:172.245.45.20: 509 >> Time(s) >> >> ---------------------- POP-3 End ------------------------- >> >> >> Whereas dovecot is only reporting: >> >> --------------------- Dovecot Begin ------------------------ >> >> >> >> Dovecot disconnects: >> Inactivity: 1 Time(s) >> Logged out: 379 Time(s) >> no auth attempts: 5 Time(s) >> no reason: 1 Time(s) >> tried to use disabled plaintext auth: 1 Time(s) >> >> **Unmatched Entries** >> dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) >> >> ---------------------- Dovecot End ------------------------- >> >> >> How can I get more detailed user activity reporting to logwatch? >> >> And why is connection to mysql under Unmatched Entries? > > > > What version of Logwatch is installed on the server and on which distro? > We are using Logwatch here too and the summary for Dovecot is very > detailed; even more detailed compared to what you got with courier-mail. > I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its logwatch is: logwatch-7.3.6-52.el6.noarch Oh, and dovecot is: dovecot-2.0.9-7.el6.armv5tel From blevi.linux at gmail.com Fri Nov 21 14:01:46 2014 From: blevi.linux at gmail.com (Birta Levente) Date: Fri, 21 Nov 2014 16:01:46 +0200 Subject: logwatch reporting In-Reply-To: <546F42BD.7080006@htt-consult.com> References: <546DEF8A.1080709@htt-consult.com> <546F0237.60102@mohtex.net> <546F42BD.7080006@htt-consult.com> Message-ID: <546F45CA.5000206@gmail.com> On 21/11/2014 15:48, Robert Moskowitz wrote: > > On 11/21/2014 04:13 AM, Tamsy wrote: >> Robert Moskowitz wrote on 20.11.2014 20:41: >>> I just launched a new mailserver that is using dovecot. My previous >>> mailserver used courier-mail. I am expecting better things with >>> this new server, but I was use to some login information in logwatch >>> that I am not seeing now. For example I would get: >>> >>> >>> >>> [IMAPd] Logout stats: >>> ==================== >>> User | Logouts | Downloaded | >>> Mbox Size >>> --------------------------------------- | ------- | ---------- | >>> ---------- >>> user1 at htt-consult.com | 55 | 219571 >>> | 0 >>> user2 at htt-consult.com | 285 | 221681 >>> | 0 >>> user3 at labs.htt-consult.com | 32 | 15183 >>> | 0 >>> --------------------------------------------------------------------------- >>> >>> 372 | 456435 >>> | 0 >>> >>> >>> >>> **Unmatched Entries** >>> Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2 >>> Time(s) >>> >>> ---------------------- IMAP End ------------------------- >>> >>> >>> --------------------- POP-3 Begin ------------------------ >>> >>> >>> [POP3] Logout stats (in MB): >>> ============================ >>> User | Logouts | Downloaded | >>> Mbox Size >>> --------------------------------------- | ------- | ---------- | >>> ---------- >>> user1 at htt-consult.com | 78 | 5.96 | 0 >>> user2 at communaljob.com | 215 | 9.24 | 0 >>> user3 at htt-consult.com | 1 | 7.47 | 0 >>> user4 at htt-consult.com | 1 | 2.34 | 0 >>> user5 at htt-consult.com | 301 | 31.08 >>> | 0 >>> user6 at labs.htt-consult.com | 201 | 4.98 | 0 >>> --------------------------------------------------------------------------- >>> >>> 797 | 61.06 | 0.00 >>> >>> >>> >>> **Unmatched Entries** >>> Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s) >>> Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s) >>> Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s) >>> LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s) >>> LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s) >>> LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) >>> .... >>> LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) >>> LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s) >>> Maximum connection limit reached for ::ffff:172.245.45.20: 509 >>> Time(s) >>> >>> ---------------------- POP-3 End ------------------------- >>> >>> >>> Whereas dovecot is only reporting: >>> >>> --------------------- Dovecot Begin ------------------------ >>> >>> >>> >>> Dovecot disconnects: >>> Inactivity: 1 Time(s) >>> Logged out: 379 Time(s) >>> no auth attempts: 5 Time(s) >>> no reason: 1 Time(s) >>> tried to use disabled plaintext auth: 1 Time(s) >>> >>> **Unmatched Entries** >>> dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) >>> >>> ---------------------- Dovecot End ------------------------- >>> >>> >>> How can I get more detailed user activity reporting to logwatch? >>> >>> And why is connection to mysql under Unmatched Entries? >> >> >> >> What version of Logwatch is installed on the server and on which distro? >> We are using Logwatch here too and the summary for Dovecot is very >> detailed; even more detailed compared to what you got with courier-mail. >> > I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its > logwatch is: > > logwatch-7.3.6-52.el6.noarch > > Oh, and dovecot is: > > dovecot-2.0.9-7.el6.armv5tel There is Detail and *OnlyService parameters in logwatch's dovecot.conf (in centos by default /usr/share/logwatch/default.conf/services/dovecot.conf) Probably you can override these parameters in /etc/logwatch/conf/services ... but I personally never used this. Look at the meaning of these parameters ... maybe this is the problem -- Levi From rgm at htt-consult.com Fri Nov 21 14:31:17 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 21 Nov 2014 09:31:17 -0500 Subject: logwatch reporting In-Reply-To: <546F45CA.5000206@gmail.com> References: <546DEF8A.1080709@htt-consult.com> <546F0237.60102@mohtex.net> <546F42BD.7080006@htt-consult.com> <546F45CA.5000206@gmail.com> Message-ID: <546F4CB5.50105@htt-consult.com> On 11/21/2014 09:01 AM, Birta Levente wrote: > On 21/11/2014 15:48, Robert Moskowitz wrote: >> >> On 11/21/2014 04:13 AM, Tamsy wrote: >>> Robert Moskowitz wrote on 20.11.2014 20:41: >>>> I just launched a new mailserver that is using dovecot. My >>>> previous mailserver used courier-mail. I am expecting better >>>> things with this new server, but I was use to some login >>>> information in logwatch that I am not seeing now. For example I >>>> would get: >>>> >>>> >>>> >>>> [IMAPd] Logout stats: >>>> ==================== >>>> User | Logouts | Downloaded | >>>> Mbox Size >>>> --------------------------------------- | ------- | ---------- | >>>> ---------- >>>> user1 at htt-consult.com | 55 | 219571 >>>> | 0 >>>> user2 at htt-consult.com | 285 | 221681 >>>> | 0 >>>> user3 at labs.htt-consult.com | 32 | 15183 >>>> | 0 >>>> --------------------------------------------------------------------------- >>>> >>>> 372 | 456435 >>>> | 0 >>>> >>>> >>>> >>>> **Unmatched Entries** >>>> Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2 >>>> Time(s) >>>> >>>> ---------------------- IMAP End ------------------------- >>>> >>>> >>>> --------------------- POP-3 Begin ------------------------ >>>> >>>> >>>> [POP3] Logout stats (in MB): >>>> ============================ >>>> User | Logouts | Downloaded | >>>> Mbox Size >>>> --------------------------------------- | ------- | ---------- | >>>> ---------- >>>> user1 at htt-consult.com | 78 | 5.96 >>>> | 0 >>>> user2 at communaljob.com | 215 | 9.24 >>>> | 0 >>>> user3 at htt-consult.com | 1 | 7.47 >>>> | 0 >>>> user4 at htt-consult.com | 1 | 2.34 >>>> | 0 >>>> user5 at htt-consult.com | 301 | 31.08 >>>> | 0 >>>> user6 at labs.htt-consult.com | 201 | 4.98 >>>> | 0 >>>> --------------------------------------------------------------------------- >>>> >>>> 797 | 61.06 | >>>> 0.00 >>>> >>>> >>>> >>>> **Unmatched Entries** >>>> Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s) >>>> Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s) >>>> Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s) >>>> LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s) >>>> LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s) >>>> LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 >>>> Time(s) >>>> .... >>>> LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) >>>> LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s) >>>> Maximum connection limit reached for ::ffff:172.245.45.20: 509 >>>> Time(s) >>>> >>>> ---------------------- POP-3 End ------------------------- >>>> >>>> >>>> Whereas dovecot is only reporting: >>>> >>>> --------------------- Dovecot Begin ------------------------ >>>> >>>> >>>> >>>> Dovecot disconnects: >>>> Inactivity: 1 Time(s) >>>> Logged out: 379 Time(s) >>>> no auth attempts: 5 Time(s) >>>> no reason: 1 Time(s) >>>> tried to use disabled plaintext auth: 1 Time(s) >>>> >>>> **Unmatched Entries** >>>> dovecot: dict: mysql: Connected to localhost (postfix): 351 >>>> Time(s) >>>> >>>> ---------------------- Dovecot End ------------------------- >>>> >>>> >>>> How can I get more detailed user activity reporting to logwatch? >>>> >>>> And why is connection to mysql under Unmatched Entries? >>> >>> >>> >>> What version of Logwatch is installed on the server and on which >>> distro? >>> We are using Logwatch here too and the summary for Dovecot is very >>> detailed; even more detailed compared to what you got with >>> courier-mail. >>> >> I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its >> logwatch is: >> >> logwatch-7.3.6-52.el6.noarch >> >> Oh, and dovecot is: >> >> dovecot-2.0.9-7.el6.armv5tel > Thanks for this pointer but... > There is Detail and *OnlyService parameters in logwatch's dovecot.conf > (in centos by default > /usr/share/logwatch/default.conf/services/dovecot.conf) No detail parameter in mine which seems rather old: # $Log: dovecot.conf,v $ # Revision 1.3 2006/08/13 21:05:03 bjorn # Changed OnlyService to include dovecot for compatibility with Dovecot 1.0 # based on patches by Mark Nienberg; modification by Patrick Vande Walle. *OnlyService = (imap-login|pop3-login|dovecot) What would I add to that? > Probably you can override these parameters in > /etc/logwatch/conf/services ... but I personally never used this. > Look at the meaning of these parameters ... maybe this is the problem > > Where do I look for their meaning? My google searching is coming up empty. thanks From rgm at htt-consult.com Fri Nov 21 14:51:30 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 21 Nov 2014 09:51:30 -0500 Subject: spam folder and POP users In-Reply-To: <546F168F.1010004@myzel.net> References: <546E939E.2060204@htt-consult.com> <546F168F.1010004@myzel.net> Message-ID: <546F5172.8050302@htt-consult.com> On 11/21/2014 05:40 AM, Peter Chiochetti wrote: > Am 2014-11-21 um 02:21 schrieb Robert Moskowitz: >> On 11/20/2014 07:55 PM, Joseph Tam wrote: >>> >>> Seems sort of klunky though. In my opinion, your energy is better >>> invested in converting your POP3 holdouts to IMAP. >> >> Agreed. I am looking at what it takes to do this with Thunderbird, as I >> am the biggest holdout! The recommended way is HARD. I have 20 years >> and gigabytes of emails in local pop folders that I do not want to loose >> or have replicated on the server. Somewhere is the magic goo for this. >> Once I figure it out for myself, it will be easy for the other users. > > It might not be that hard with Thunderbird. You have though to > recreate all accounts as IMAP ones, which leaves the POP ones alone. > This is most of the work. > > Then, in the Profiles/...../Mail folder in the local filesystem move > all POP folders below the "Local Folders" there. Then delete the POP > accounts. I got a response on Mozilla for help on this. Better understand 'local', 'pop user' and 'imap user' folders. After some thought, there is no reason to actually move all those folders from the pop user directory to the local directory structure. I can just disable the account. The challenge will be creating the filters. They did give me instructions on how to move the filters, and I expect if I did that, they will still point to the folders over in the old account directory structure! > > Likely you can even point the "archive" Folder in IMAP account > settings to this new path, tick keep structure and from now on, move > mails from IMAP to local with a single tap on the "a" key. > > I did this years ago, so take advise with caution. > I looked at this back when I launched my courier-mail server 4 years ago, but did not figure it out then. Plus squirelmail was not all that great compared to roundcubemail. Much better off now with the server, just need to get a 'few' nits working right. amavis-new is not properly handling the virtual domains defined by postfixadmin; I have asked for help on this in both groups, as I have tried all the examples I have found googling and none of them are working. Then I have the DNS DMARC to tackle so that google mail will be happy. Not much left. And getting more detailed logwatch reports. I think over all, I am doing OK with this move. From tom at whyscream.net Fri Nov 21 15:24:58 2014 From: tom at whyscream.net (Tom Hendrikx) Date: Fri, 21 Nov 2014 16:24:58 +0100 Subject: Prevent a message from be deleted but not from be moved In-Reply-To: References: Message-ID: <546F594A.9090901@whyscream.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 21-11-14 14:00, Bruno Galindro da Costa wrote: > Is it possible to prevent a message from be deleted but not from be > moved to another mailbox via ACL? > > I need this because I'm using antispam plugin with the mailtrain > backend. It calls a script every time a message is moved to/from a > monitored spam mailbox. But, if the user deletes a message from the > spam folder, the script is executed with the option to train the > antispam to consider that excluded message as a non spam. > Isn't the antispam plugin setting that defines the Trash folder exactly there to mitigate this behaviour? I.e.: - - move from anywhere to spam folder => train as spam - - move from spam to trash => don't train - - move from spam to anywhere else => train as ham Regards, Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUb1lHAAoJEJPfMZ19VO/1FaQQAJqD7rFVVPjtlVQ0OQ5mG+lQ HpE1z3JAq+h7rkcFSSlMemRDGmy3GWZy98dYDn6swvQFGkdZs4BHHylgpWKBw92N ACX0HTxUA8dHmz6gEBr7enA0SRlpFa6ulW+eaLzDU5CPZzIhFM9g4BbC/XPQPtea P0c4Hxw2sj8eOFohDO9HaKmdXTVMNJjNEAm7CiYuMTVGSvbmu6c0Dz2E3Qe97e93 jY6lqsNfXpcRzHA6l1d9rVVOFHYUZsnE6o+NkkjcR1gGJ56bDy4cS+7Bm1yM12j+ xzDbLXyMvNceWIVFq6w4ZZd3RjVh17d6aUh2lyzA5oghL3crm4V8sl1KgJqk8EPy QN+zyFwd4Wn3Sr3Ysw9TVavrOJA9FcQII7sv7Er144YS8oSQ9pV6z8tjpfNfjoBJ uAe8QHx/xkQ5+n49Lyq4BKlCx8in9aMyKyE5mOuq+U+4vUwNUHnh0jDPKGbMliI2 VT3dspM0F4miQOwdywPppwX6moJqq2+c9Xob5m/aOSF6iCyACTukvPvnDsgMOZpQ q5BwGOyhww7e4wQdMl7KnMrMAwP41zrHxRAdZ5REsXlswQyuijMyuFAHWU2hjNcn IPUUBYWgpp+F8e5UdTtHb74th268UWCsEQSp44DxC8A4VmwG1gbFLtLHjKoL9RdS ZAcFJAjOxwEu+DNj0PsU =PzJo -----END PGP SIGNATURE----- From blevi.linux at gmail.com Fri Nov 21 17:27:46 2014 From: blevi.linux at gmail.com (Birta Levente) Date: Fri, 21 Nov 2014 19:27:46 +0200 Subject: logwatch reporting In-Reply-To: <546F4CB5.50105@htt-consult.com> References: <546DEF8A.1080709@htt-consult.com> <546F0237.60102@mohtex.net> <546F42BD.7080006@htt-consult.com> <546F45CA.5000206@gmail.com> <546F4CB5.50105@htt-consult.com> Message-ID: <546F7612.7060408@gmail.com> On 21/11/2014 16:31, Robert Moskowitz wrote: > > On 11/21/2014 09:01 AM, Birta Levente wrote: >> On 21/11/2014 15:48, Robert Moskowitz wrote: >>> >>> On 11/21/2014 04:13 AM, Tamsy wrote: >>>> Robert Moskowitz wrote on 20.11.2014 20:41: >>>>> I just launched a new mailserver that is using dovecot. My >>>>> previous mailserver used courier-mail. I am expecting better >>>>> things with this new server, but I was use to some login >>>>> information in logwatch that I am not seeing now. For example I >>>>> would get: >>>>> >>>>> >>>>> >>>>> [IMAPd] Logout stats: >>>>> ==================== >>>>> User | Logouts | Downloaded | >>>>> Mbox Size >>>>> --------------------------------------- | ------- | ---------- | >>>>> ---------- >>>>> user1 at htt-consult.com | 55 | 219571 >>>>> | 0 >>>>> user2 at htt-consult.com | 285 | 221681 >>>>> | 0 >>>>> user3 at labs.htt-consult.com | 32 | 15183 >>>>> | 0 >>>>> --------------------------------------------------------------------------- >>>>> >>>>> 372 | 456435 >>>>> | 0 >>>>> >>>>> >>>>> >>>>> **Unmatched Entries** >>>>> Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2 >>>>> Time(s) >>>>> >>>>> ---------------------- IMAP End ------------------------- >>>>> >>>>> >>>>> --------------------- POP-3 Begin ------------------------ >>>>> >>>>> >>>>> [POP3] Logout stats (in MB): >>>>> ============================ >>>>> User | Logouts | Downloaded | >>>>> Mbox Size >>>>> --------------------------------------- | ------- | ---------- | >>>>> ---------- >>>>> user1 at htt-consult.com | 78 | 5.96 >>>>> | 0 >>>>> user2 at communaljob.com | 215 | 9.24 >>>>> | 0 >>>>> user3 at htt-consult.com | 1 | 7.47 >>>>> | 0 >>>>> user4 at htt-consult.com | 1 | 2.34 >>>>> | 0 >>>>> user5 at htt-consult.com | 301 | 31.08 >>>>> | 0 >>>>> user6 at labs.htt-consult.com | 201 | 4.98 >>>>> | 0 >>>>> --------------------------------------------------------------------------- >>>>> >>>>> 797 | 61.06 | >>>>> 0.00 >>>>> >>>>> >>>>> >>>>> **Unmatched Entries** >>>>> Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s) >>>>> Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s) >>>>> Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s) >>>>> LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s) >>>>> LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s) >>>>> LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 >>>>> Time(s) >>>>> .... >>>>> LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 >>>>> Time(s) >>>>> LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s) >>>>> Maximum connection limit reached for ::ffff:172.245.45.20: 509 >>>>> Time(s) >>>>> >>>>> ---------------------- POP-3 End ------------------------- >>>>> >>>>> >>>>> Whereas dovecot is only reporting: >>>>> >>>>> --------------------- Dovecot Begin ------------------------ >>>>> >>>>> >>>>> >>>>> Dovecot disconnects: >>>>> Inactivity: 1 Time(s) >>>>> Logged out: 379 Time(s) >>>>> no auth attempts: 5 Time(s) >>>>> no reason: 1 Time(s) >>>>> tried to use disabled plaintext auth: 1 Time(s) >>>>> >>>>> **Unmatched Entries** >>>>> dovecot: dict: mysql: Connected to localhost (postfix): 351 >>>>> Time(s) >>>>> >>>>> ---------------------- Dovecot End ------------------------- >>>>> >>>>> >>>>> How can I get more detailed user activity reporting to logwatch? >>>>> >>>>> And why is connection to mysql under Unmatched Entries? >>>> >>>> >>>> >>>> What version of Logwatch is installed on the server and on which >>>> distro? >>>> We are using Logwatch here too and the summary for Dovecot is very >>>> detailed; even more detailed compared to what you got with >>>> courier-mail. >>>> >>> I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its >>> logwatch is: >>> >>> logwatch-7.3.6-52.el6.noarch >>> >>> Oh, and dovecot is: >>> >>> dovecot-2.0.9-7.el6.armv5tel >> > > Thanks for this pointer but... > >> There is Detail and *OnlyService parameters in logwatch's >> dovecot.conf (in centos by default >> /usr/share/logwatch/default.conf/services/dovecot.conf) > > No detail parameter in mine which seems rather old: > > # $Log: dovecot.conf,v $ > # Revision 1.3 2006/08/13 21:05:03 bjorn > # Changed OnlyService to include dovecot for compatibility with > Dovecot 1.0 > # based on patches by Mark Nienberg; modification by Patrick Vande Walle. > > > *OnlyService = (imap-login|pop3-login|dovecot) > > What would I add to that? OnlyService refer to the log prefix or service name in your maillog. If you need more detailed report just add to the mentioned config file: Detail=10 # 10 is the maximum detail But for me looks like you have no imap or pop logins nor deliveries in logfile at all. Can you confirm having like this in your maillog? Oct 28 08:36:34 srv2 dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.1.2, lip=192.168.1.1, mpid=11188, TLS, TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) What is your dovecot version? Levi From rgm at htt-consult.com Fri Nov 21 17:53:11 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 21 Nov 2014 12:53:11 -0500 Subject: logwatch reporting In-Reply-To: <546F7612.7060408@gmail.com> References: <546DEF8A.1080709@htt-consult.com> <546F0237.60102@mohtex.net> <546F42BD.7080006@htt-consult.com> <546F45CA.5000206@gmail.com> <546F4CB5.50105@htt-consult.com> <546F7612.7060408@gmail.com> Message-ID: <546F7C07.3060308@htt-consult.com> On 11/21/2014 12:27 PM, Birta Levente wrote: > > On 21/11/2014 16:31, Robert Moskowitz wrote: >> >> On 11/21/2014 09:01 AM, Birta Levente wrote: >>> On 21/11/2014 15:48, Robert Moskowitz wrote: >>>> >>>> On 11/21/2014 04:13 AM, Tamsy wrote: >>>>> Robert Moskowitz wrote on 20.11.2014 20:41: >>>>>> I just launched a new mailserver that is using dovecot. My >>>>>> previous mailserver used courier-mail. I am expecting better >>>>>> things with this new server, but I was use to some login >>>>>> information in logwatch that I am not seeing now. For example I >>>>>> would get: >>>>>> >>>>>> >>>>>> >>>>>> [IMAPd] Logout stats: >>>>>> ==================== >>>>>> User | Logouts | Downloaded | >>>>>> Mbox Size >>>>>> --------------------------------------- | ------- | ---------- | >>>>>> ---------- >>>>>> user1 at htt-consult.com | 55 | 219571 >>>>>> | 0 >>>>>> user2 at htt-consult.com | 285 | 221681 >>>>>> | 0 >>>>>> user3 at labs.htt-consult.com | 32 | 15183 >>>>>> | 0 >>>>>> --------------------------------------------------------------------------- >>>>>> >>>>>> 372 | 456435 >>>>>> | 0 >>>>>> >>>>>> >>>>>> >>>>>> **Unmatched Entries** >>>>>> Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: >>>>>> 2 Time(s) >>>>>> >>>>>> ---------------------- IMAP End ------------------------- >>>>>> >>>>>> >>>>>> --------------------- POP-3 Begin ------------------------ >>>>>> >>>>>> >>>>>> [POP3] Logout stats (in MB): >>>>>> ============================ >>>>>> User | Logouts | Downloaded | >>>>>> Mbox Size >>>>>> --------------------------------------- | ------- | ---------- | >>>>>> ---------- >>>>>> user1 at htt-consult.com | 78 | 5.96 >>>>>> | 0 >>>>>> user2 at communaljob.com | 215 | 9.24 >>>>>> | 0 >>>>>> user3 at htt-consult.com | 1 | 7.47 >>>>>> | 0 >>>>>> user4 at htt-consult.com | 1 | 2.34 >>>>>> | 0 >>>>>> user5 at htt-consult.com | 301 | 31.08 >>>>>> | 0 >>>>>> user6 at labs.htt-consult.com | 201 | 4.98 >>>>>> | 0 >>>>>> --------------------------------------------------------------------------- >>>>>> >>>>>> 797 | 61.06 >>>>>> | 0.00 >>>>>> >>>>>> >>>>>> >>>>>> **Unmatched Entries** >>>>>> Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s) >>>>>> Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s) >>>>>> Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s) >>>>>> LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s) >>>>>> LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s) >>>>>> LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 >>>>>> Time(s) >>>>>> .... >>>>>> LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 >>>>>> Time(s) >>>>>> LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s) >>>>>> Maximum connection limit reached for ::ffff:172.245.45.20: >>>>>> 509 Time(s) >>>>>> >>>>>> ---------------------- POP-3 End ------------------------- >>>>>> >>>>>> >>>>>> Whereas dovecot is only reporting: >>>>>> >>>>>> --------------------- Dovecot Begin ------------------------ >>>>>> >>>>>> >>>>>> >>>>>> Dovecot disconnects: >>>>>> Inactivity: 1 Time(s) >>>>>> Logged out: 379 Time(s) >>>>>> no auth attempts: 5 Time(s) >>>>>> no reason: 1 Time(s) >>>>>> tried to use disabled plaintext auth: 1 Time(s) >>>>>> >>>>>> **Unmatched Entries** >>>>>> dovecot: dict: mysql: Connected to localhost (postfix): 351 >>>>>> Time(s) >>>>>> >>>>>> ---------------------- Dovecot End ------------------------- >>>>>> >>>>>> >>>>>> How can I get more detailed user activity reporting to logwatch? >>>>>> >>>>>> And why is connection to mysql under Unmatched Entries? >>>>> >>>>> >>>>> >>>>> What version of Logwatch is installed on the server and on which >>>>> distro? >>>>> We are using Logwatch here too and the summary for Dovecot is very >>>>> detailed; even more detailed compared to what you got with >>>>> courier-mail. >>>>> >>>> I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its >>>> logwatch is: >>>> >>>> logwatch-7.3.6-52.el6.noarch >>>> >>>> Oh, and dovecot is: >>>> >>>> dovecot-2.0.9-7.el6.armv5tel >>> >> >> Thanks for this pointer but... >> >>> There is Detail and *OnlyService parameters in logwatch's >>> dovecot.conf (in centos by default >>> /usr/share/logwatch/default.conf/services/dovecot.conf) >> >> No detail parameter in mine which seems rather old: >> >> # $Log: dovecot.conf,v $ >> # Revision 1.3 2006/08/13 21:05:03 bjorn >> # Changed OnlyService to include dovecot for compatibility with >> Dovecot 1.0 >> # based on patches by Mark Nienberg; modification by Patrick Vande >> Walle. >> >> >> *OnlyService = (imap-login|pop3-login|dovecot) >> >> What would I add to that? > > OnlyService refer to the log prefix or service name in your maillog. > If you need more detailed report just add to the mentioned config file: > Detail=10 # 10 is the maximum detail Will make this change shortly. > > But for me looks like you have no imap or pop logins nor deliveries in > logfile at all. > Can you confirm having like this in your maillog? > Oct 28 08:36:34 srv2 dovecot: imap-login: Login: > user=, method=PLAIN, rip=192.168.1.2, > lip=192.168.1.1, mpid=11188, TLS, TLSv1.2 with cipher > ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Oh, they are there e.g.: Nov 21 12:44:24 z9m9z dovecot: pop3-login: Login: user=, method=PLAIN, rip=208.83.67.157, lip=208.83.67.180, mpid=23260, TLS Nov 21 12:45:20 z9m9z dovecot: pop3-login: Login: user=, method=PLAIN, rip=208.83.67.157, lip=208.83.67.180, mpid=23277, TLS Nov 21 11:35:22 z9m9z dovecot: imap-login: Login: user=, method=PLAIN, rip=208.83.67.157, lip=208.83.67.180, mpid=22322, TLS Nov 21 11:37:29 z9m9z dovecot: imap-login: Login: user=, method=PLAIN, rip=208.83.67.157, lip=208.83.67.180, mpid=22365, TLS rgm-ietf is the first I have switched to imap, and I did make one small error that I will have to correct. > > What is your dovecot version? dovecot-2.0.9-7.el6.armv5tel From bernd.kuhls at t-online.de Fri Nov 21 18:42:08 2014 From: bernd.kuhls at t-online.de (Bernd Kuhls) Date: Fri, 21 Nov 2014 19:42:08 +0100 Subject: Static build failure References: <4E4FCBED-7FFC-4583-B075-5A65632EF48D@iki.fi> Message-ID: Timo Sirainen wrote in news:4E4FCBED-7FFC-4583-B075- 5A65632EF48D at iki.fi: > Similar to code already in sha1.h, an easier fix is to add to strnum.h > > #define str_to_time str_to_time_libmysqlclient_craps_all_over Hi, thanks, the compile bug is fixed. Regards, Bernd From rgm at htt-consult.com Fri Nov 21 19:59:01 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 21 Nov 2014 14:59:01 -0500 Subject: Outlook Express and STARTTLS Message-ID: <546F9985.2050207@htt-consult.com> I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge. I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes? From mysql.jorge at decimal.pt Fri Nov 21 20:03:47 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Fri, 21 Nov 2014 20:03:47 -0000 Subject: Handle of "subscription" file/folder for IMAP In-Reply-To: <001b01d0043c$63d3fb10$2b7bf130$@jorge@decimal.pt> References: <001b01d0043c$63d3fb10$2b7bf130$@jorge@decimal.pt> Message-ID: <000001d005c6$42f154c0$c8d3fe40$@jorge@decimal.pt> Hi, Sorry to re-ask, what can I do to prevent this? Thanks, > -----Original Message----- > From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Jorge > Bastos > Sent: quarta-feira, 19 de Novembro de 2014 21:04 > To: dovecot at dovecot.org > Subject: Handle of "subscription" file/folder for IMAP > > Hi, > > For IMAP users, there's the subscription file in the user's home, and > if I try to subscribe more imap folders that are invisible, there's > that one, but as it is a file, nothing is supposed to happen. > Is there an way to, allow users to create the "subscriptions" folder > without any collision, or just deny or don't show this file as an > possible folder (which Is not) to subscribe. > > What does people normally do? > > Thanks in advanced, From gedalya at gedalya.net Fri Nov 21 20:06:05 2014 From: gedalya at gedalya.net (Gedalya) Date: Fri, 21 Nov 2014 15:06:05 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <546F9985.2050207@htt-consult.com> References: <546F9985.2050207@htt-consult.com> Message-ID: <546F9B2D.60402@gedalya.net> On 11/21/2014 02:59 PM, Robert Moskowitz wrote: > I have one user that uses Outlook Express. Not only do I not use it, > I don't have any systems here that can easily use it. I bit of a > challenge. > > I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. > > SO far a google search has not shown me how to configure this for a > user. Anyone have a pointer to instructions so I can talk the person > through the changes? Just put "outlook express ssl" (or tls) in google image search. It doesn't support STARTTLS, only implicit TLS. From gedalya at gedalya.net Fri Nov 21 20:09:23 2014 From: gedalya at gedalya.net (Gedalya) Date: Fri, 21 Nov 2014 15:09:23 -0500 Subject: Handle of "subscription" file/folder for IMAP In-Reply-To: <000001d005c6$42f154c0$c8d3fe40$@jorge@decimal.pt> References: <001b01d0043c$63d3fb10$2b7bf130$@jorge@decimal.pt> <000001d005c6$42f154c0$c8d3fe40$@jorge@decimal.pt> Message-ID: <546F9BF3.5070000@gedalya.net> On 11/21/2014 03:03 PM, Jorge Bastos wrote: > Hi, > > Sorry to re-ask, what can I do to prevent this? > > Thanks, Personally I had trouble understanding your question. You might want to try to rephrase. > >> -----Original Message----- >> From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Jorge >> Bastos >> Sent: quarta-feira, 19 de Novembro de 2014 21:04 >> To: dovecot at dovecot.org >> Subject: Handle of "subscription" file/folder for IMAP >> >> Hi, >> >> For IMAP users, there's the subscription file in the user's home, and >> if I try to subscribe more imap folders that are invisible, there's >> that one, but as it is a file, nothing is supposed to happen. >> Is there an way to, allow users to create the "subscriptions" folder >> without any collision, or just deny or don't show this file as an >> possible folder (which Is not) to subscribe. >> >> What does people normally do? >> >> Thanks in advanced, From h.reindl at thelounge.net Fri Nov 21 20:09:38 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 21 Nov 2014 21:09:38 +0100 Subject: Outlook Express and STARTTLS In-Reply-To: <546F9985.2050207@htt-consult.com> References: <546F9985.2050207@htt-consult.com> Message-ID: <546F9C02.5060301@thelounge.net> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: > I have one user that uses Outlook Express. Not only do I not use it, I > don't have any systems here that can easily use it. I bit of a challenge. > > I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. > > SO far a google search has not shown me how to configure this for a > user. Anyone have a pointer to instructions so I can talk the person > through the changes? it can't as well as Outlook for POP3/IMAP you need 993/995 *without* STARTTLS - period and that's why a sane mailserver needs to support 110,143,993,995,587 *and* 465 to support every client, that won't change in the near future -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From rgm at htt-consult.com Fri Nov 21 20:31:23 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 21 Nov 2014 15:31:23 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <546F9B2D.60402@gedalya.net> References: <546F9985.2050207@htt-consult.com> <546F9B2D.60402@gedalya.net> Message-ID: <546FA11B.4030805@htt-consult.com> On 11/21/2014 03:06 PM, Gedalya wrote: > On 11/21/2014 02:59 PM, Robert Moskowitz wrote: >> I have one user that uses Outlook Express. Not only do I not use >> it, I don't have any systems here that can easily use it. I bit of a >> challenge. >> >> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. >> >> SO far a google search has not shown me how to configure this for a >> user. Anyone have a pointer to instructions so I can talk the person >> through the changes? > Just put "outlook express ssl" (or tls) in google image search. > It doesn't support STARTTLS, only implicit TLS. > OK. No wonder nothing on STARTTLS. I support TLS as well. From rgm at htt-consult.com Fri Nov 21 20:32:25 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 21 Nov 2014 15:32:25 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <546F9C02.5060301@thelounge.net> References: <546F9985.2050207@htt-consult.com> <546F9C02.5060301@thelounge.net> Message-ID: <546FA159.6090000@htt-consult.com> On 11/21/2014 03:09 PM, Reindl Harald wrote: > > Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >> I have one user that uses Outlook Express. Not only do I not use it, I >> don't have any systems here that can easily use it. I bit of a >> challenge. >> >> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. >> >> SO far a google search has not shown me how to configure this for a >> user. Anyone have a pointer to instructions so I can talk the person >> through the changes? > > it can't as well as Outlook for POP3/IMAP > you need 993/995 *without* STARTTLS - period > > and that's why a sane mailserver needs to support 110,143,993,995,587 > *and* 465 to support every client, that won't change in the near future > I missed 465; got the rest. Will have to look THAT one up. Thanks for the tip, Harald. From gedalya at gedalya.net Fri Nov 21 20:38:52 2014 From: gedalya at gedalya.net (Gedalya) Date: Fri, 21 Nov 2014 15:38:52 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <546FA159.6090000@htt-consult.com> References: <546F9985.2050207@htt-consult.com> <546F9C02.5060301@thelounge.net> <546FA159.6090000@htt-consult.com> Message-ID: <546FA2DC.2060109@gedalya.net> On 11/21/2014 03:32 PM, Robert Moskowitz wrote: > > On 11/21/2014 03:09 PM, Reindl Harald wrote: >> >> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >>> I have one user that uses Outlook Express. Not only do I not use >>> it, I >>> don't have any systems here that can easily use it. I bit of a >>> challenge. >>> >>> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. >>> >>> SO far a google search has not shown me how to configure this for a >>> user. Anyone have a pointer to instructions so I can talk the person >>> through the changes? >> >> it can't as well as Outlook for POP3/IMAP >> you need 993/995 *without* STARTTLS - period >> >> and that's why a sane mailserver needs to support 110,143,993,995,587 >> *and* 465 to support every client, that won't change in the near future >> > I missed 465; got the rest. Will have to look THAT one up. Thanks for > the tip, Harald. That's just implicit TLS for SMTP submission, instead of 587. OE needs that. From rgm at htt-consult.com Fri Nov 21 20:51:34 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 21 Nov 2014 15:51:34 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <546FA2DC.2060109@gedalya.net> References: <546F9985.2050207@htt-consult.com> <546F9C02.5060301@thelounge.net> <546FA159.6090000@htt-consult.com> <546FA2DC.2060109@gedalya.net> Message-ID: <546FA5D6.9050308@htt-consult.com> On 11/21/2014 03:38 PM, Gedalya wrote: > On 11/21/2014 03:32 PM, Robert Moskowitz wrote: >> >> On 11/21/2014 03:09 PM, Reindl Harald wrote: >>> >>> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >>>> I have one user that uses Outlook Express. Not only do I not use >>>> it, I >>>> don't have any systems here that can easily use it. I bit of a >>>> challenge. >>>> >>>> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP >>>> connections. >>>> >>>> SO far a google search has not shown me how to configure this for a >>>> user. Anyone have a pointer to instructions so I can talk the person >>>> through the changes? >>> >>> it can't as well as Outlook for POP3/IMAP >>> you need 993/995 *without* STARTTLS - period >>> >>> and that's why a sane mailserver needs to support >>> 110,143,993,995,587 *and* 465 to support every client, that won't >>> change in the near future >>> >> I missed 465; got the rest. Will have to look THAT one up. Thanks >> for the tip, Harald. > That's just implicit TLS for SMTP submission, instead of 587. OE needs > that. > Which is way IETF has made a major pushback against every transport wanting a second port number for TLS. There just are not enough port numbers for this purpose. From h.reindl at thelounge.net Fri Nov 21 21:04:09 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 21 Nov 2014 22:04:09 +0100 Subject: Outlook Express and STARTTLS In-Reply-To: <546FA5D6.9050308@htt-consult.com> References: <546F9985.2050207@htt-consult.com> <546F9C02.5060301@thelounge.net> <546FA159.6090000@htt-consult.com> <546FA2DC.2060109@gedalya.net> <546FA5D6.9050308@htt-consult.com> Message-ID: <546FA8C9.7030506@thelounge.net> Am 21.11.2014 um 21:51 schrieb Robert Moskowitz: > On 11/21/2014 03:38 PM, Gedalya wrote: >> On 11/21/2014 03:32 PM, Robert Moskowitz wrote: >>> >>> On 11/21/2014 03:09 PM, Reindl Harald wrote: >>>> >>>> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >>>>> I have one user that uses Outlook Express. Not only do I not use >>>>> it, I >>>>> don't have any systems here that can easily use it. I bit of a >>>>> challenge. >>>>> >>>>> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP >>>>> connections. >>>>> >>>>> SO far a google search has not shown me how to configure this for a >>>>> user. Anyone have a pointer to instructions so I can talk the person >>>>> through the changes? >>>> >>>> it can't as well as Outlook for POP3/IMAP >>>> you need 993/995 *without* STARTTLS - period >>>> >>>> and that's why a sane mailserver needs to support >>>> 110,143,993,995,587 *and* 465 to support every client, that won't >>>> change in the near future >>>> >>> I missed 465; got the rest. Will have to look THAT one up. Thanks >>> for the tip, Harald. >> That's just implicit TLS for SMTP submission, instead of 587. OE needs >> that. >> > Which is way IETF has made a major pushback against every transport > wanting a second port number for TLS. There just are not enough port > numbers for this purpose well, if we could tun back time 15 years ago many things would be different - IMHO the decision to deprecate 465 in favour to STARTTLS is plain wrong - it is much easier for a MITM to strip out the STARTTLS in the still unencrypted connection (given a client falls back to unencrypted in that cse) before the TLS handshake ever happens -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Fri Nov 21 21:24:13 2014 From: rs at sys4.de (Robert Schetterer) Date: Fri, 21 Nov 2014 22:24:13 +0100 Subject: Outlook Express and STARTTLS In-Reply-To: <546F9985.2050207@htt-consult.com> References: <546F9985.2050207@htt-consult.com> Message-ID: <546FAD7D.10300@sys4.de> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: > I have one user that uses Outlook Express. Not only do I not use it, I > don't have any systems here that can easily use it. I bit of a challenge. > > I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. > > SO far a google search has not shown me how to configure this for a > user. Anyone have a pointer to instructions so I can talk the person > through the changes? you shouldnt support outdated stuff http://en.wikipedia.org/wiki/Outlook_Express ... Included with Windows 98, Windows Me, Windows 2000, Windows XP, Windows Server 2003 ... Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rgm at htt-consult.com Fri Nov 21 21:24:55 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 21 Nov 2014 16:24:55 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <546FA8C9.7030506@thelounge.net> References: <546F9985.2050207@htt-consult.com> <546F9C02.5060301@thelounge.net> <546FA159.6090000@htt-consult.com> <546FA2DC.2060109@gedalya.net> <546FA5D6.9050308@htt-consult.com> <546FA8C9.7030506@thelounge.net> Message-ID: <546FADA7.9030003@htt-consult.com> On 11/21/2014 04:04 PM, Reindl Harald wrote: > > Am 21.11.2014 um 21:51 schrieb Robert Moskowitz: >> On 11/21/2014 03:38 PM, Gedalya wrote: >>> On 11/21/2014 03:32 PM, Robert Moskowitz wrote: >>>> >>>> On 11/21/2014 03:09 PM, Reindl Harald wrote: >>>>> >>>>> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >>>>>> I have one user that uses Outlook Express. Not only do I not use >>>>>> it, I >>>>>> don't have any systems here that can easily use it. I bit of a >>>>>> challenge. >>>>>> >>>>>> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP >>>>>> connections. >>>>>> >>>>>> SO far a google search has not shown me how to configure this for a >>>>>> user. Anyone have a pointer to instructions so I can talk the >>>>>> person >>>>>> through the changes? >>>>> >>>>> it can't as well as Outlook for POP3/IMAP >>>>> you need 993/995 *without* STARTTLS - period >>>>> >>>>> and that's why a sane mailserver needs to support >>>>> 110,143,993,995,587 *and* 465 to support every client, that won't >>>>> change in the near future >>>>> >>>> I missed 465; got the rest. Will have to look THAT one up. Thanks >>>> for the tip, Harald. >>> That's just implicit TLS for SMTP submission, instead of 587. OE needs >>> that. >>> >> Which is way IETF has made a major pushback against every transport >> wanting a second port number for TLS. There just are not enough port >> numbers for this purpose > > well, if we could tun back time 15 years ago many things would be > different - IMHO the decision to deprecate 465 in favour to STARTTLS > is plain wrong - it is much easier for a MITM to strip out the > STARTTLS in the still unencrypted connection (given a client falls > back to unencrypted in that cse) before the TLS handshake ever happens > It becomes yet another DOS attack, as the server would recognize this and drop the connection. Or at least it should. There are still so many MITM attacks it is sad. We do them be intent in corporation proxies to meet their legal rights as to internal usage. But, yes, we really need a way-back machine. Lots of great ideas are just not holding up. From h.reindl at thelounge.net Fri Nov 21 21:29:44 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 21 Nov 2014 22:29:44 +0100 Subject: Outlook Express and STARTTLS In-Reply-To: <546FAD7D.10300@sys4.de> References: <546F9985.2050207@htt-consult.com> <546FAD7D.10300@sys4.de> Message-ID: <546FAEC8.1020905@thelounge.net> Am 21.11.2014 um 22:24 schrieb Robert Schetterer: > Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >> I have one user that uses Outlook Express. Not only do I not use it, I >> don't have any systems here that can easily use it. I bit of a challenge. >> >> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. >> >> SO far a google search has not shown me how to configure this for a >> user. Anyone have a pointer to instructions so I can talk the person >> through the changes? > > you shouldnt support outdated stuff > > http://en.wikipedia.org/wiki/Outlook_Express > > Included with Windows 98, Windows Me, Windows 2000, Windows XP, Windows > Server 2003 the situation for Outlook (not OE) and TLS is not much better some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you shouldnt support" is not that easy to do - if i could i would shut down so much outdated clients while i can't in case of business customers having other business companies as their customers -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From tk at giga.or.at Fri Nov 21 21:52:38 2014 From: tk at giga.or.at (Thomas Klausner) Date: Fri, 21 Nov 2014 22:52:38 +0100 Subject: dovecot & Apple Mail & maildir & lots of Mail Message-ID: <20141121215238.GK12758@danbala.tuwien.ac.at> Hi! I have dovecot 2.1.12 running on a mail server, and recently configured Apple Mail to connect to it using secure IMAP, for the first time. At the beginning it just showed the inbox and everything was fine, but then I wanted to look at some of my folders and found the 'subscribe' menu. When I opened it, Apple Mail went to discover what mailboxes there are, and that's where my trouble began. It seemed to make good progress for some time (though slow -- over days), and now lists the mailboxes from starting with letters a to d on the left hand side (filling all the visible space, so there might be more). However, whenever Apple Mail gets focus, the cursor becomes a spinning rainbow circle and I can't interact with it. I tried deleting the mail account and setting it up again. The inbox was shown again immediately and Apple Mail was usable, but the first time the cursor moved over the mailboxes on the left hand side, it froze again. There were two imap processes on the server, one rather idle, the other eating CPU for about two minutes, then idling, and some time later it disappeared too. My Mail directory is 31G with about 180 directories, each containing mails in maildir format. Has anyone had similar issues? Is my maildir too big for dovecot too handle? How can I debug this? Thanks, Thomas From mysql.jorge at decimal.pt Fri Nov 21 22:19:48 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Fri, 21 Nov 2014 22:19:48 -0000 Subject: Handle of "subscription" file/folder for IMAP In-Reply-To: <546F9BF3.5070000@gedalya.net> References: <001b01d0043c$63d3fb10$2b7bf130$@jorge> <546F9BF3.5070000@gedalya.net> Message-ID: <00e901d005d9$434a0170$c9de0450$@jorge@decimal.pt> Hi, Ok you're right about it, let me simplify it. There's some files in the Maildir, that are from dovecot, like the dovecot.sieve, subscriptions, and these are files, but here are shown an being folders to be subcribed. Question was if it is possible to deny the show of this info in IMAP globally. If I subscribe, for example to "subscriptions", it created the folder, and in the Maildir creates ".subscriptions" with its own structure, so no colision, so far so good. But I'd like to hide "subscriptions" and "dovecot.sieve" from users. Possible? Havent found any info about this, > -----Original Message----- > From: Gedalya [mailto:gedalya at gedalya.net] > Sent: sexta-feira, 21 de Novembro de 2014 20:09 > To: Jorge Bastos; dovecot at dovecot.org > Subject: Re: Handle of "subscription" file/folder for IMAP > > On 11/21/2014 03:03 PM, Jorge Bastos wrote: > > Hi, > > > > Sorry to re-ask, what can I do to prevent this? > > > > Thanks, > Personally I had trouble understanding your question. You might want to > try to rephrase. > > > > >> -----Original Message----- > >> From: dovecot [ mailto:dovecot-bounces at dovecot.org] On Behalf Of > Jorge > >> Bastos > >> Sent: quarta-feira, 19 de Novembro de 2014 21:04 > >> To: dovecot at dovecot.org > >> Subject: Handle of "subscription" file/folder for IMAP > >> > >> Hi, > >> > >> For IMAP users, there's the subscription file in the user's home, > and > >> if I try to subscribe more imap folders that are invisible, there's > >> that one, but as it is a file, nothing is supposed to happen. > >> Is there an way to, allow users to create the "subscriptions" folder > >> without any collision, or just deny or don't show this file as an > >> possible folder (which Is not) to subscribe. > >> > >> What does people normally do? > >> > >> Thanks in advanced, -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 13799 bytes Desc: not available URL: From delrio at mie.utoronto.ca Fri Nov 21 22:35:00 2014 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Fri, 21 Nov 2014 17:35:00 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <546FAEC8.1020905@thelounge.net> References: <546F9985.2050207@htt-consult.com> <546FAD7D.10300@sys4.de> <546FAEC8.1020905@thelounge.net> Message-ID: <546FBE14.602@mie.utoronto.ca> On 11/21/14 04:29 PM, Reindl Harald wrote: > > the situation for Outlook (not OE) and TLS is not much better > > some versions support STARTTLS on SMTP but not for IMAP/POP3 ... > Outlook (at least since version 2010) does support STARTTLS for IMAP/POP3 on port 143. But they don't call it STARTTLS but "TLS". And they call "SSL" to TLS on port 993/995 With Outlook configured for "TLS" on port 143: outlook -> dovecot: a0gk CAPABILITY dovecot -> outlook: * CAPABILITY IMAP4rev1...STARTTLS... outlook -> dovecot: h96q STARTTLS dovecot -> outlook: h96q OK Begin TLS negotiation now (TLS starts) From h.reindl at thelounge.net Fri Nov 21 22:50:13 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 21 Nov 2014 23:50:13 +0100 Subject: Outlook Express and STARTTLS In-Reply-To: <546FBE14.602@mie.utoronto.ca> References: <546F9985.2050207@htt-consult.com> <546FAD7D.10300@sys4.de> <546FAEC8.1020905@thelounge.net> <546FBE14.602@mie.utoronto.ca> Message-ID: <546FC1A5.8050604@thelounge.net> Am 21.11.2014 um 23:35 schrieb Oscar del Rio: > On 11/21/14 04:29 PM, Reindl Harald wrote: >> >> the situation for Outlook (not OE) and TLS is not much better >> >> some versions support STARTTLS on SMTP but not for IMAP/POP3 ... >> > > Outlook (at least since version 2010) does support STARTTLS for > IMAP/POP3 on port 143. > But they don't call it STARTTLS but "TLS". And they call "SSL" to TLS on > port 993/995 > > With Outlook configured for "TLS" on port 143: > outlook -> dovecot: a0gk CAPABILITY > dovecot -> outlook: * CAPABILITY IMAP4rev1...STARTTLS... > outlook -> dovecot: h96q STARTTLS > dovecot -> outlook: h96q OK Begin TLS negotiation now > (TLS starts) for IMAP yes for POP *no* try it out - i have testing VM's for Outlook 2003/2007/2010 and on all of them IMAP/POp3 accounts hence it is a crap but that fact don't solve the problem that you need to support all ports and encryptions on the server side -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From gedalya at gedalya.net Fri Nov 21 22:52:05 2014 From: gedalya at gedalya.net (Gedalya) Date: Fri, 21 Nov 2014 17:52:05 -0500 Subject: Handle of "subscription" file/folder for IMAP In-Reply-To: <00e901d005d9$434a0170$c9de0450$@jorge@decimal.pt> References: <001b01d0043c$63d3fb10$2b7bf130$@jorge> <546F9BF3.5070000@gedalya.net> <00e901d005d9$434a0170$c9de0450$@jorge@decimal.pt> Message-ID: <546FC215.5050908@gedalya.net> On 11/21/2014 05:19 PM, Jorge Bastos wrote: > Hi, > > > > Ok you're right about it, let me simplify it. > > There's some files in the Maildir, that are from dovecot, like the > dovecot.sieve, subscriptions, and these are files, but here are shown an > being folders to be subcribed. > > > > Question was if it is possible to deny the show of this info in IMAP > globally. > > If I subscribe, for example to "subscriptions", it created the folder, and > in the Maildir creates ".subscriptions" with its own structure, so no > colision, so far so good. > > > > But I'd like to hide "subscriptions" and "dovecot.sieve" from users. > > > > Possible? > > Havent found any info about this, > > OK that's better, the screenshot helps too. There are a number of funny things here. First of all, dovecot.sieve belongs in the *home* directory, not in Maildir. The home directory can be, typically, the parent directory of the Maildir. Like in: domains/example.com/user1/Maildir - the user1/ is the home directory and dovecot.sieve lives there. Would you please post your complete dovecot config (output of the command: dovecot -n) and also an example output of ls -la of your directory structure? See also http://dovecot.org/mailinglists.html From mysql.jorge at decimal.pt Fri Nov 21 23:03:46 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Fri, 21 Nov 2014 23:03:46 -0000 Subject: Handle of "subscription" file/folder for IMAP In-Reply-To: <546FC215.5050908@gedalya.net> References: <001b01d0043c$63d3fb10$2b7bf130$@jorge> <546F9BF3.5070000@gedalya.net> <00e901d005d9$434a0170$c9de0450$@jorge> <546FC215.5050908@gedalya.net> Message-ID: <011401d005df$67673f90$3635beb0$@jorge@decimal.pt> > OK that's better, the screenshot helps too. > There are a number of funny things here. > First of all, dovecot.sieve belongs in the *home* directory, not in > Maildir. The home directory can be, typically, the parent directory of > the Maildir. > Like in: domains/example.com/user1/Maildir - the user1/ is the home > directory and dovecot.sieve lives there. > > Would you please post your complete dovecot config (output of the > command: dovecot -n) and also an example output of ls -la of your > directory structure? > > See also http://dovecot.org/mailinglists.html Sure, here it is: root at fastmail:/home/mail/a.com/a at a.com# l total 108 drwx------ 13 5000 5000 4096 Nov 20 22:19 ./ drwx------ 3 5000 5000 4096 Nov 3 23:06 ../ drwx------ 2 5000 5000 4096 Nov 20 22:07 cur/ -rw------- 1 5000 5000 9920 Nov 21 03:25 dovecot.index.cache -rw------- 1 5000 5000 12908 Nov 20 22:19 dovecot.index.log -rw------- 1 5000 5000 202 Nov 10 22:35 .dovecot.lda-dupes -rw------- 1 5000 5000 312 Nov 10 22:23 dovecot.mailbox.log lrwxrwxrwx 1 5000 5000 23 Nov 9 12:21 .dovecot.sieve -> sieve/managesieve.sieve -rw------- 1 5000 5000 461 Nov 9 12:28 .dovecot.sieve.log -rw------- 1 5000 5000 270 Nov 9 15:43 .dovecot.svbin -rw------- 1 5000 5000 782 Nov 19 23:26 dovecot-uidlist -rw------- 1 5000 5000 8 Nov 8 16:32 dovecot-uidvalidity -r--r--r-- 1 5000 5000 0 Nov 3 23:06 dovecot-uidvalidity.54580a72 drwx------ 5 5000 5000 4096 Nov 8 16:33 .Drafts/ drwx------ 5 5000 5000 4096 Nov 8 16:33 .Junk/ drwx------ 5 5000 5000 4096 Nov 8 18:50 .Junk E-mail/ drwx------ 2 5000 5000 4096 Nov 19 23:44 new/ drwx------ 5 5000 5000 4096 Nov 8 16:33 .ola ' aaaa \r/ drwx------ 5 5000 5000 4096 Nov 8 16:33 .Sent Items/ drwx------ 3 5000 5000 4096 Nov 9 15:42 sieve/ -rw------- 1 5000 5000 69 Nov 10 22:23 subscriptions drwx------ 5 5000 5000 4096 Nov 8 21:15 .subscriptions/ drwx------ 2 5000 5000 4096 Nov 19 23:26 tmp/ drwx------ 5 5000 5000 4096 Nov 8 21:15 .Trash/ root at fastmail:/home/mail/a.com/a at a.com# doveconf: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14.23x x86_64 Debian 7.6 ext4 auth_mechanisms = plain login dict { sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no listen = * login_greeting = myserver mail_location = maildir:/home/mail/%d/%u mail_plugins = quota mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = dict:User Quota::proxy::sqlquota quota_exceeded_message = Quota exceeded (mailbox for user is full) / Conta de destino cheia (o email de destino tem a caixa cheia) quota_rule = *:storage=100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_max_script_size = 10M } postmaster_address = trash at email.pt protocols = imap lmtp pop3 sieve service dict { unix_listener dict { mode = 0777 } } service imap { process_limit = 1024 } service lmtp { inet_listener lmtp { address = 0.0.0.0 port = 24 } process_min_avail = 10 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } } service pop3 { process_limit = 1024 } ssl = no ssl_cert = References: <001b01d0043c$63d3fb10$2b7bf130$@jorge> <546F9BF3.5070000@gedalya.net> <00e901d005d9$434a0170$c9de0450$@jorge> <546FC215.5050908@gedalya.net> <011401d005df$67673f90$3635beb0$@jorge@decimal.pt> Message-ID: <546FC904.7010306@gedalya.net> On 11/21/2014 06:03 PM, Jorge Bastos wrote: >> OK that's better, the screenshot helps too. >> There are a number of funny things here. >> First of all, dovecot.sieve belongs in the *home* directory, not in >> Maildir. The home directory can be, typically, the parent directory of >> the Maildir. >> Like in: domains/example.com/user1/Maildir - the user1/ is the home >> directory and dovecot.sieve lives there. >> >> Would you please post your complete dovecot config (output of the >> command: dovecot -n) and also an example output of ls -la of your >> directory structure? >> >> See also http://dovecot.org/mailinglists.html > Sure, here it is: From conf.d/10-mail.conf: # By default LIST command returns all entries in maildir beginning with a dot. # Enabling this option makes Dovecot return only entries which are directories. # This is done by stat()ing each entry, so it causes more disk I/O. # (For systems setting struct dirent->d_type, this check is free and it's # done always regardless of this setting) #maildir_stat_dirs = no So basically the behavior is "correct" in your case. You have the directory entries .dovecot.sieve and .subscriptions, which is anyway a directory indeed, so that's not even a bug. Move all your maildirs to /home/mail/%d/%u/Maildir and then update mail_location accordingly. Then move out the sieve files - .dovecot.sieve, sieve/, .dovecot.sieve.log, .dovecot.svbin to the home directory. It looks like these are not system users, so you may need to set mail_home explicitly to set up the home directory to /home/mail/%d/%u See http://wiki2.dovecot.org/MailLocation http://wiki2.dovecot.org/MailLocation/Maildir http://wiki2.dovecot.org/VirtualUsers/Home > > root at fastmail:/home/mail/a.com/a at a.com# l > total 108 > drwx------ 13 5000 5000 4096 Nov 20 22:19 ./ > drwx------ 3 5000 5000 4096 Nov 3 23:06 ../ > drwx------ 2 5000 5000 4096 Nov 20 22:07 cur/ > -rw------- 1 5000 5000 9920 Nov 21 03:25 dovecot.index.cache > -rw------- 1 5000 5000 12908 Nov 20 22:19 dovecot.index.log > -rw------- 1 5000 5000 202 Nov 10 22:35 .dovecot.lda-dupes > -rw------- 1 5000 5000 312 Nov 10 22:23 dovecot.mailbox.log > lrwxrwxrwx 1 5000 5000 23 Nov 9 12:21 .dovecot.sieve -> > sieve/managesieve.sieve > -rw------- 1 5000 5000 461 Nov 9 12:28 .dovecot.sieve.log > -rw------- 1 5000 5000 270 Nov 9 15:43 .dovecot.svbin > -rw------- 1 5000 5000 782 Nov 19 23:26 dovecot-uidlist > -rw------- 1 5000 5000 8 Nov 8 16:32 dovecot-uidvalidity > -r--r--r-- 1 5000 5000 0 Nov 3 23:06 dovecot-uidvalidity.54580a72 > drwx------ 5 5000 5000 4096 Nov 8 16:33 .Drafts/ > drwx------ 5 5000 5000 4096 Nov 8 16:33 .Junk/ > drwx------ 5 5000 5000 4096 Nov 8 18:50 .Junk E-mail/ > drwx------ 2 5000 5000 4096 Nov 19 23:44 new/ > drwx------ 5 5000 5000 4096 Nov 8 16:33 .ola ' aaaa \r/ > drwx------ 5 5000 5000 4096 Nov 8 16:33 .Sent Items/ > drwx------ 3 5000 5000 4096 Nov 9 15:42 sieve/ > -rw------- 1 5000 5000 69 Nov 10 22:23 subscriptions > drwx------ 5 5000 5000 4096 Nov 8 21:15 .subscriptions/ > drwx------ 2 5000 5000 4096 Nov 19 23:26 tmp/ > drwx------ 5 5000 5000 4096 Nov 8 21:15 .Trash/ > root at fastmail:/home/mail/a.com/a at a.com# > > > doveconf: > # 2.2.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.14.23x x86_64 Debian 7.6 ext4 > auth_mechanisms = plain login > dict { > sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext > } > disable_plaintext_auth = no > listen = * > login_greeting = myserver > mail_location = maildir:/home/mail/%d/%u > mail_plugins = quota > mail_privileged_group = mail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > quota = dict:User Quota::proxy::sqlquota > quota_exceeded_message = Quota exceeded (mailbox for user is full) / Conta > de destino cheia (o email de destino tem a caixa cheia) > quota_rule = *:storage=100M > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_max_script_size = 10M > } > postmaster_address = trash at email.pt > protocols = imap lmtp pop3 sieve > service dict { > unix_listener dict { > mode = 0777 > } > } > service imap { > process_limit = 1024 > } > service lmtp { > inet_listener lmtp { > address = 0.0.0.0 > port = 24 > } > process_min_avail = 10 > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0666 > user = postfix > } > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > } > service pop3 { > process_limit = 1024 > } > ssl = no > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol lmtp { > mail_plugins = quota sieve > } > protocol imap { > mail_plugins = quota imap_quota > } From maxshortte at gmail.com Fri Nov 21 23:22:05 2014 From: maxshortte at gmail.com (Max Shortte) Date: Fri, 21 Nov 2014 18:22:05 -0500 Subject: Mailing list removal. Message-ID: Guys, Can you please remove my email address from the mailing list. Thanks, M From h.reindl at thelounge.net Fri Nov 21 23:26:05 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 22 Nov 2014 00:26:05 +0100 Subject: Mailing list removal. In-Reply-To: References: Message-ID: <546FCA0D.3080908@thelounge.net> Am 22.11.2014 um 00:22 schrieb Max Shortte: > Guys, > > Can you please remove my email address from the mailing list no, as we don't subscribed you we don't do the opposite that's the same *on every mailing-list* on that planet for decades now and hence you got a welcome message as you subscribed List-Id: Dovecot Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From mysql.jorge at decimal.pt Fri Nov 21 23:37:44 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Fri, 21 Nov 2014 23:37:44 -0000 Subject: Handle of "subscription" file/folder for IMAP In-Reply-To: <546FC904.7010306@gedalya.net> References: <001b01d0043c$63d3fb10$2b7bf130$@jorge> <546F9BF3.5070000@gedalya.net> <00e901d005d9$434a0170$c9de0450$@jorge> <546FC215.5050908@gedalya.net> <011401d005df$67673f90$3635beb0$@jorge> <546FC904.7010306@gedalya.net> Message-ID: <013001d005e4$268d9640$73a8c2c0$@jorge@decimal.pt> > So basically the behavior is "correct" in your case. You have the > directory entries .dovecot.sieve and .subscriptions, which is anyway a > directory indeed, so that's not even a bug. > Move all your maildirs to /home/mail/%d/%u/Maildir and then update > mail_location accordingly. > Then move out the sieve files - .dovecot.sieve, sieve/, > .dovecot.sieve.log, .dovecot.svbin to the home directory. > > It looks like these are not system users, so you may need to set > mail_home explicitly to set up the home directory to /home/mail/%d/%u I was not saying it was a bug, was just asking for some advice on this :) But yes, I've read this some times but didn't noticed the end of the mail_location. Understood and thanks for this! I still have only a few users so I can convert them, as I don't want to use the below option: maildir_stat_dirs = no Thanks for your help, From bruno.galindro at gmail.com Sat Nov 22 01:40:19 2014 From: bruno.galindro at gmail.com (Bruno Galindro da Costa) Date: Fri, 21 Nov 2014 23:40:19 -0200 Subject: Prevent a message from be deleted but not from be moved In-Reply-To: <546F594A.9090901@whyscream.net> References: <546F594A.9090901@whyscream.net> Message-ID: How can I do it Tom??? Em 21/11/2014 13:25, "Tom Hendrikx" escreveu: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 21-11-14 14:00, Bruno Galindro da Costa wrote: > > Is it possible to prevent a message from be deleted but not from be > > moved to another mailbox via ACL? > > > > I need this because I'm using antispam plugin with the mailtrain > > backend. It calls a script every time a message is moved to/from a > > monitored spam mailbox. But, if the user deletes a message from the > > spam folder, the script is executed with the option to train the > > antispam to consider that excluded message as a non spam. > > > > Isn't the antispam plugin setting that defines the Trash folder > exactly there to mitigate this behaviour? I.e.: > > - - move from anywhere to spam folder => train as spam > - - move from spam to trash => don't train > - - move from spam to anywhere else => train as ham > > Regards, > Tom > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCAAGBQJUb1lHAAoJEJPfMZ19VO/1FaQQAJqD7rFVVPjtlVQ0OQ5mG+lQ > HpE1z3JAq+h7rkcFSSlMemRDGmy3GWZy98dYDn6swvQFGkdZs4BHHylgpWKBw92N > ACX0HTxUA8dHmz6gEBr7enA0SRlpFa6ulW+eaLzDU5CPZzIhFM9g4BbC/XPQPtea > P0c4Hxw2sj8eOFohDO9HaKmdXTVMNJjNEAm7CiYuMTVGSvbmu6c0Dz2E3Qe97e93 > jY6lqsNfXpcRzHA6l1d9rVVOFHYUZsnE6o+NkkjcR1gGJ56bDy4cS+7Bm1yM12j+ > xzDbLXyMvNceWIVFq6w4ZZd3RjVh17d6aUh2lyzA5oghL3crm4V8sl1KgJqk8EPy > QN+zyFwd4Wn3Sr3Ysw9TVavrOJA9FcQII7sv7Er144YS8oSQ9pV6z8tjpfNfjoBJ > uAe8QHx/xkQ5+n49Lyq4BKlCx8in9aMyKyE5mOuq+U+4vUwNUHnh0jDPKGbMliI2 > VT3dspM0F4miQOwdywPppwX6moJqq2+c9Xob5m/aOSF6iCyACTukvPvnDsgMOZpQ > q5BwGOyhww7e4wQdMl7KnMrMAwP41zrHxRAdZ5REsXlswQyuijMyuFAHWU2hjNcn > IPUUBYWgpp+F8e5UdTtHb74th268UWCsEQSp44DxC8A4VmwG1gbFLtLHjKoL9RdS > ZAcFJAjOxwEu+DNj0PsU > =PzJo > -----END PGP SIGNATURE----- > From gheskett at wdtv.com Sat Nov 22 03:35:41 2014 From: gheskett at wdtv.com (Gene Heskett) Date: Fri, 21 Nov 2014 22:35:41 -0500 Subject: Mailing list removal. In-Reply-To: References: Message-ID: <201411212235.41704.gheskett@wdtv.com> On Friday 21 November 2014 18:22:05 Max Shortte did opine And Gene did reply: > Guys, > > Can you please remove my email address from the mailing list. > > Thanks, > > M You will have to do that yourself. Look at the headers of any msg coming thru this server, it contains the address of the web server that handles that. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS From rs at sys4.de Sat Nov 22 06:17:02 2014 From: rs at sys4.de (Robert Schetterer) Date: Sat, 22 Nov 2014 07:17:02 +0100 Subject: Outlook Express and STARTTLS In-Reply-To: <546FAEC8.1020905@thelounge.net> References: <546F9985.2050207@htt-consult.com> <546FAD7D.10300@sys4.de> <546FAEC8.1020905@thelounge.net> Message-ID: <54702A5E.8000805@sys4.de> Am 21.11.2014 um 22:29 schrieb Reindl Harald: > > Am 21.11.2014 um 22:24 schrieb Robert Schetterer: >> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >>> I have one user that uses Outlook Express. Not only do I not use it, I >>> don't have any systems here that can easily use it. I bit of a >>> challenge. >>> >>> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. >>> >>> SO far a google search has not shown me how to configure this for a >>> user. Anyone have a pointer to instructions so I can talk the person >>> through the changes? >> >> you shouldnt support outdated stuff >> >> http://en.wikipedia.org/wiki/Outlook_Express >> >> Included with Windows 98, Windows Me, Windows 2000, Windows XP, >> Windows >> Server 2003 > > the situation for Outlook (not OE) and TLS is not much better > > some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you > shouldnt support" is not that easy to do - if i could i would shut down > so much outdated clients while i can't in case of business customers > having other business companies as their customers > yes i know that problem, but outdated os may hacked anytime and then it will not be a client/user problem only Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From pch at myzel.net Sat Nov 22 10:39:34 2014 From: pch at myzel.net (Peter) Date: Sat, 22 Nov 2014 11:39:34 +0100 Subject: dovecot & Apple Mail & maildir & lots of Mail In-Reply-To: <20141121215238.GK12758@danbala.tuwien.ac.at> References: <20141121215238.GK12758@danbala.tuwien.ac.at> Message-ID: <547067E6.6090800@myzel.net> Am 2014-11-21 um 22:52 schrieb Thomas Klausner: > Hi! > > My Mail directory is 31G with about 180 directories, each containing > mails in maildir format. > > Has anyone had similar issues? > > Is my maildir too big for dovecot too handle? My Maildir is 61G in 237493 messages spread over 424 folders. dovecot handles this effortlessly. "doveadm mailbox status -t all '*' -u " returns almost instanly on a warm cache. Thunderbird does fine too. -- peter From thierry at odry.net Sat Nov 22 11:34:10 2014 From: thierry at odry.net (Thierry de Montaudry) Date: Sat, 22 Nov 2014 12:34:10 +0100 Subject: dovecot & Apple Mail & maildir & lots of Mail In-Reply-To: <547067E6.6090800@myzel.net> References: <20141121215238.GK12758@danbala.tuwien.ac.at> <547067E6.6090800@myzel.net> Message-ID: <973D48C6-3A30-4401-B29F-B5C4C9D13744@odry.net> Hi, Using Mac Mail with 9 mail accounts, more than 150 folders, and 1000s of mails, I get far too many problems lately, and not only on dovecot, so I would say the problem lies with Mac Mail, and even more if you installed Yosemite. As far as I know dovecot handle very well accounts with 100000s email even if the size is very big. And BTW, looking for a fast and reliable mail client for Mac, to replace Mac Mail, any suggestion? Regards, Thierry On 22 Nov 2014, at 11:39, Peter wrote: > > Am 2014-11-21 um 22:52 schrieb Thomas Klausner: >> Hi! >> >> My Mail directory is 31G with about 180 directories, each containing >> mails in maildir format. >> >> Has anyone had similar issues? >> >> Is my maildir too big for dovecot too handle? > > My Maildir is 61G in 237493 messages spread over 424 folders. dovecot handles this effortlessly. "doveadm mailbox status -t all '*' -u " returns almost instanly on a warm cache. Thunderbird does fine too. > > -- > peter From rs at sys4.de Sat Nov 22 12:03:06 2014 From: rs at sys4.de (Robert Schetterer) Date: Sat, 22 Nov 2014 13:03:06 +0100 Subject: dovecot & Apple Mail & maildir & lots of Mail In-Reply-To: <973D48C6-3A30-4401-B29F-B5C4C9D13744@odry.net> References: <20141121215238.GK12758@danbala.tuwien.ac.at> <547067E6.6090800@myzel.net> <973D48C6-3A30-4401-B29F-B5C4C9D13744@odry.net> Message-ID: <54707B7A.7060505@sys4.de> Am 22.11.2014 um 12:34 schrieb Thierry de Montaudry: > Hi, > > Using Mac Mail with 9 mail accounts, more than 150 folders, and 1000s of mails, I get far too many problems lately, and not only on dovecot, so I would say the problem lies with Mac Mail, and even more if you installed Yosemite. As far as I know dovecot handle very well accounts with 100000s email even if the size is very big. > > And BTW, looking for a fast and reliable mail client for Mac, to replace Mac Mail, any suggestion? https://support.mozilla.org/en-US/kb/installing-thunderbird-on-mac > > Regards, > Thierry > > > On 22 Nov 2014, at 11:39, Peter wrote: >> >> Am 2014-11-21 um 22:52 schrieb Thomas Klausner: >>> Hi! >>> >>> My Mail directory is 31G with about 180 directories, each containing >>> mails in maildir format. >>> >>> Has anyone had similar issues? >>> >>> Is my maildir too big for dovecot too handle? >> >> My Maildir is 61G in 237493 messages spread over 424 folders. dovecot handles this effortlessly. "doveadm mailbox status -t all '*' -u " returns almost instanly on a warm cache. Thunderbird does fine too. >> >> -- >> peter Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From delrio at mie.utoronto.ca Sat Nov 22 14:56:03 2014 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Sat, 22 Nov 2014 09:56:03 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <546FC1A5.8050604@thelounge.net> References: <546F9985.2050207@htt-consult.com> <546FAD7D.10300@sys4.de> <546FAEC8.1020905@thelounge.net> <546FBE14.602@mie.utoronto.ca> <546FC1A5.8050604@thelounge.net> Message-ID: <5470A403.7000609@mie.utoronto.ca> On 21/11/2014 5:50 PM, Reindl Harald wrote: > Am 21.11.2014 um 23:35 schrieb Oscar del Rio: >> On 11/21/14 04:29 PM, Reindl Harald wrote: >>> >>> the situation for Outlook (not OE) and TLS is not much better >>> >>> some versions support STARTTLS on SMTP but not for IMAP/POP3 ... >>> >> >> Outlook (at least since version 2010) does support STARTTLS for >> IMAP/POP3 on port 143. >> But they don't call it STARTTLS but "TLS". And they call "SSL" to TLS on >> port 993/995 >> >> With Outlook configured for "TLS" on port 143: >> outlook -> dovecot: a0gk CAPABILITY >> dovecot -> outlook: * CAPABILITY IMAP4rev1...STARTTLS... >> outlook -> dovecot: h96q STARTTLS >> dovecot -> outlook: h96q OK Begin TLS negotiation now >> (TLS starts) > > for IMAP yes > for POP *no* > > try it out - i have testing VM's for Outlook 2003/2007/2010 and on all > of them IMAP/POp3 accounts You are right. I hadn't tested POP3. I just tested Outlook 2013; no STARTTLS for POP. (I assumed that if they implemented STARTTLS for IMAP they would have also done it for POP... wrong assumption!). > hence it is a crap but that fact don't solve the problem that you need > to support all ports and encryptions on the server side True. From jerry at seibercom.net Sat Nov 22 15:48:14 2014 From: jerry at seibercom.net (Jerry) Date: Sat, 22 Nov 2014 10:48:14 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <54702A5E.8000805@sys4.de> References: <546F9985.2050207@htt-consult.com> <546FAD7D.10300@sys4.de> <546FAEC8.1020905@thelounge.net> <54702A5E.8000805@sys4.de> Message-ID: <20141122104814.29977962@scorpio> On Sat, 22 Nov 2014 07:17:02 +0100, Robert Schetterer stated: >Am 21.11.2014 um 22:29 schrieb Reindl Harald: >> >> Am 21.11.2014 um 22:24 schrieb Robert Schetterer: >>> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >>>> I have one user that uses Outlook Express. Not only do I not use it, I >>>> don't have any systems here that can easily use it. I bit of a >>>> challenge. >>>> >>>> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. >>>> >>>> SO far a google search has not shown me how to configure this for a >>>> user. Anyone have a pointer to instructions so I can talk the person >>>> through the changes? >>> >>> you shouldnt support outdated stuff >>> >>> http://en.wikipedia.org/wiki/Outlook_Express >>> >>> Included with Windows 98, Windows Me, Windows 2000, Windows XP, >>> Windows >>> Server 2003 >> >> the situation for Outlook (not OE) and TLS is not much better >> >> some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you >> shouldnt support" is not that easy to do - if i could i would shut down >> so much outdated clients while i can't in case of business customers >> having other business companies as their customers >> > >yes i know that problem, but outdated os may hacked anytime and then it >will not be a client/user problem only You can always post a suggestion to Microsoft here. I do it all the all the time. http://mymfe.microsoft.com/Office/feedback.aspx?formID=375 -- Jerry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From hanns at hannsmattes.de Sat Nov 22 15:56:44 2014 From: hanns at hannsmattes.de (Hanns Mattes) Date: Sat, 22 Nov 2014 16:56:44 +0100 Subject: Migrate Separator and prefix Message-ID: <5470B23C.5010607@hannsmattes.de> Hi, I'm thinking of changing the separator form "." to "/" and also to allow only folders under INBOX, changing the Prefix. I have to dovecot-servers, which are synched by the replication plugin. My idea is to switch off Server B, make the necessary config-changes, delete all user maildirs, restart the server an let replication do it's work. After that (and correcting the sieve-rules of the users if necessary), I'd stop server A, delete, restart, resync. My idea is, that this will avoid dealing with subscriptions files and change them to reflect the new INBOX-Structure. Is this going to work at all and/or is there a better way for the wanted migration? Thanks in advance Hanns From tom at whyscream.net Sat Nov 22 18:49:06 2014 From: tom at whyscream.net (Tom Hendrikx) Date: Sat, 22 Nov 2014 19:49:06 +0100 Subject: Prevent a message from be deleted but not from be moved In-Reply-To: References: <546F594A.9090901@whyscream.net> Message-ID: <5470DAA2.8070500@whyscream.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 22-11-14 02:40, Bruno Galindro da Costa wrote: > Em 21/11/2014 13:25, "Tom Hendrikx" escreveu: > > On 21-11-14 14:00, Bruno Galindro da Costa wrote: >>>> Is it possible to prevent a message from be deleted but not >>>> from be moved to another mailbox via ACL? >>>> >>>> I need this because I'm using antispam plugin with the >>>> mailtrain backend. It calls a script every time a message is >>>> moved to/from a monitored spam mailbox. But, if the user >>>> deletes a message from the spam folder, the script is >>>> executed with the option to train the antispam to consider >>>> that excluded message as a non spam. >>>> > >> Isn't the antispam plugin setting that defines the Trash folder >> exactly there to mitigate this behaviour? I.e.: >> >> - move from anywhere to spam folder => train as spam - move from >> spam to trash => don't train - move from spam to anywhere else => >> train as ham >> > How can I do it Tom??? Please don't top-post. See the manpage for dovecot-antispam that came with your install. You're looking for the config settings 'antispam_trash' and/or 'antispam_trash_pattern', they should list the names of your Trash directories. Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUcNqeAAoJEJPfMZ19VO/1gIwQAJhRNmer7WC1MTJbC0qgVLqR bMfvYcETkOj3XEr9ReeccmsxsAJApLodnCIXwtNYAx0uM1UvUymst/BIFhQy1IGO bRgIfegYmF6DKbC/BFhYOTkWzyISEMNQT3A0ESE91H+qOL6qHgbNiTZ0HHdeHo8e ImvasixAmoiBcAE6a+TkAZstYfI9Xbu7xAz0ZTw6DW8qC4vwlmgXMCHk4ULw76YZ VOPGbRURPuQmsm4fcl8HmRrNQ7BZS/DqHBVm72z58QjNH3qB+3E4VLtq1xNqRQOh 4LoUvIM3ymmhm4b0Llf5r/3tbneu9dsGsX9axa0UpRivmxajilrFgejJYXO1P0KC NViwg+iwq9e2w+foYE9Xai9NcSbZJTtVdcdhSffS1l+pFJsEsUDkAcNGrTuGikUX 8X29b4fizTa5d5fh8gljxebeufuR/uw6YaohuAjKQ1qxsWdTE3dDwPYnUNWSHJOZ 03YI4LWLutWnn7A5hTotMc9N+oLPVWXWVzVUoJoN0YOcKFhuP2jkuc+Df9DyE0Rf UFHuMiQ1dYb/Pi9uYyWhw7U3tLBvw8wyUj72QNvun0KhbWWi0e2Prg5iqt+iZln2 fz1SwNlVQRVpR9TUVR0c0knOTPGUjhp9rzysgRl7RWuCApLrHCjYU12MI4lHTmeA FfRBrpp6+fD0T0zrOGWx =0A0o -----END PGP SIGNATURE----- From rgm at htt-consult.com Sun Nov 23 00:46:45 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sat, 22 Nov 2014 19:46:45 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <546FA2DC.2060109@gedalya.net> References: <546F9985.2050207@htt-consult.com> <546F9C02.5060301@thelounge.net> <546FA159.6090000@htt-consult.com> <546FA2DC.2060109@gedalya.net> Message-ID: <54712E75.10204@htt-consult.com> On 11/21/2014 03:38 PM, Gedalya wrote: > On 11/21/2014 03:32 PM, Robert Moskowitz wrote: >> >> On 11/21/2014 03:09 PM, Reindl Harald wrote: >>> >>> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >>>> I have one user that uses Outlook Express. Not only do I not use >>>> it, I >>>> don't have any systems here that can easily use it. I bit of a >>>> challenge. >>>> >>>> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP >>>> connections. >>>> >>>> SO far a google search has not shown me how to configure this for a >>>> user. Anyone have a pointer to instructions so I can talk the person >>>> through the changes? >>> >>> it can't as well as Outlook for POP3/IMAP >>> you need 993/995 *without* STARTTLS - period >>> >>> and that's why a sane mailserver needs to support >>> 110,143,993,995,587 *and* 465 to support every client, that won't >>> change in the near future >>> >> I missed 465; got the rest. Will have to look THAT one up. Thanks >> for the tip, Harald. > That's just implicit TLS for SMTP submission, instead of 587. OE needs > that. > Back to fixing this and first I see that I DID try something because I created a firewall rule for 645 instead of 465. Then I checked over at: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt And 465 is not assigned for this purpose. Looks like a land-grab from back in the days. Anyway, this is most likely a POSTFIX config item, not Dovecot, so I will have to check through the docs there to get this set up right. From rgm at htt-consult.com Sun Nov 23 02:17:44 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sat, 22 Nov 2014 21:17:44 -0500 Subject: Outlook Express and STARTTLS In-Reply-To: <54702A5E.8000805@sys4.de> References: <546F9985.2050207@htt-consult.com> <546FAD7D.10300@sys4.de> <546FAEC8.1020905@thelounge.net> <54702A5E.8000805@sys4.de> Message-ID: <547143C8.4070504@htt-consult.com> On 11/22/2014 01:17 AM, Robert Schetterer wrote: > Am 21.11.2014 um 22:29 schrieb Reindl Harald: >> Am 21.11.2014 um 22:24 schrieb Robert Schetterer: >>> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >>>> I have one user that uses Outlook Express. Not only do I not use it, I >>>> don't have any systems here that can easily use it. I bit of a >>>> challenge. >>>> >>>> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. >>>> >>>> SO far a google search has not shown me how to configure this for a >>>> user. Anyone have a pointer to instructions so I can talk the person >>>> through the changes? >>> you shouldnt support outdated stuff >>> >>> http://en.wikipedia.org/wiki/Outlook_Express >>> >>> Included with Windows 98, Windows Me, Windows 2000, Windows XP, >>> Windows >>> Server 2003 >> the situation for Outlook (not OE) and TLS is not much better >> >> some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you >> shouldnt support" is not that easy to do - if i could i would shut down >> so much outdated clients while i can't in case of business customers >> having other business companies as their customers >> > yes i know that problem, but outdated os may hacked anytime and then it > will not be a client/user problem only I have one user that I have to deal with this, and I will probably have them come over so I can 'fix' their notebook, and see what I might do. Thing is this is a charity organization where we do things for them because. So whatever old notebook they have, I have to support what it can do. From jeroen.scheerder at on2it.net Sat Nov 22 12:02:11 2014 From: jeroen.scheerder at on2it.net (Jeroen Scheerder) Date: Sat, 22 Nov 2014 12:02:11 +0000 Subject: dovecot & Apple Mail & maildir & lots of Mail In-Reply-To: <973D48C6-3A30-4401-B29F-B5C4C9D13744@odry.net> References: <20141121215238.GK12758@danbala.tuwien.ac.at> <547067E6.6090800@myzel.net>, <973D48C6-3A30-4401-B29F-B5C4C9D13744@odry.net> Message-ID: <0F6E28C2-B95F-4B5D-A659-160FB09EF262@on2it.net> MailMate! > On 22 nov. 2014, at 12:34, Thierry de Montaudry wrote: > > Hi, > > Using Mac Mail with 9 mail accounts, more than 150 folders, and 1000s of mails, I get far too many problems lately, and not only on dovecot, so I would say the problem lies with Mac Mail, and even more if you installed Yosemite. As far as I know dovecot handle very well accounts with 100000s email even if the size is very big. > > And BTW, looking for a fast and reliable mail client for Mac, to replace Mac Mail, any suggestion? > > Regards, > Thierry > > >> On 22 Nov 2014, at 11:39, Peter wrote: >> >>> Am 2014-11-21 um 22:52 schrieb Thomas Klausner: >>> Hi! >>> >>> My Mail directory is 31G with about 180 directories, each containing >>> mails in maildir format. >>> >>> Has anyone had similar issues? >>> >>> Is my maildir too big for dovecot too handle? >> >> My Maildir is 61G in 237493 messages spread over 424 folders. dovecot handles this effortlessly. "doveadm mailbox status -t all '*' -u " returns almost instanly on a warm cache. Thunderbird does fine too. >> >> -- >> peter >> -- >> Jeroen Scheerder >> ON2IT B.V. >> Regterweistraat 7 >> 4181 CE WAARDENBURG >> T: +31 88 22 66 200 | F: +31 88 22 66 299 >> W: www.on2it.net | E: Jeroen.Scheerder at on2it.net From root at localdomain.pl Fri Nov 21 19:04:46 2014 From: root at localdomain.pl (Grzegorz Nosek) Date: Fri, 21 Nov 2014 20:04:46 +0100 Subject: [PATCH] [dovecot 2.2.9] Quota warnings ignored with FS quotas Message-ID: <546F8CCE.3070400@localdomain.pl> Hi all, I noticed that in some circumstances quota warnings are ignored. The bug arises when both of the following are used: 1. percentage-based quota warnings, i.e.: quota_warning = storage=1%% quota-warning 1 %u 2. filesystem quota backend (and probably others, except for quotas configured directly in dovecot config) Percentage-based quota warnings have rule.bytes_limit recalculated based on root_set->default_rule.bytes_limit, however this value is zero when FS quotas are in use. Real quota values (from quotactl) are fetched very late, in quota_warnings_execute() but at that point no recalculation happens. As the warning rules have bytes_limit==0, they're effectively ignored. The patch below enables quota warnings to be sent when using filesystem (and possibly maildirsize-based) quotas. Based and tested on Ubuntu 14.04's dovecot 2.2.9. Best regards, Grzegorz Nosek diff --git a/src/plugins/quota/quota.c b/src/plugins/quota/quota.c index adbd70d..8e4d7e0 100644 --- a/src/plugins/quota/quota.c +++ b/src/plugins/quota/quota.c @@ -1163,6 +1163,8 @@ static void quota_warnings_execute(struct quota_transaction_context *ctx, &count_current, &count_limit) < 0) return; + quota_root_recalculate_relative_rules(root->set, bytes_limit, count_limit); + bytes_before = bytes_current - ctx->bytes_used; count_before = count_current - ctx->count_used; for (i = 0; i < count; i++) { From baruch at tkos.co.il Sun Nov 23 07:46:47 2014 From: baruch at tkos.co.il (Baruch Siach) Date: Sun, 23 Nov 2014 09:46:47 +0200 Subject: Static build failure In-Reply-To: <20141113174554.GN10379@tarshish> References: <20141113174554.GN10379@tarshish> Message-ID: <20141123074647.GH2374@sapphire.tkos.co.il> Hi dovecot list, On Thu, Nov 13, 2014 at 07:45:54PM +0200, Baruch Siach wrote: > Static build of dovecot fails because src/lib/module-dir.c refers to > MODULE_SUFFIX that is undefined when building statically. This least to the > following build failure: > > module-dir.c: In function 'module_file_get_name': > module-dir.c:624:20: error: 'MODULE_SUFFIX' undeclared (first use in this function) > p = strstr(fname, MODULE_SUFFIX); > ^ Ping? For reference, the problem was observed by the Buildroot autobuilder: http://autobuild.buildroot.net/results/c68/c6844bbffff1cd4f738a5fced011d28f73c90b16/build-end.log baruch > The following somewhat inelegant patch fixes the problem. > > diff -Nuar dovecot-2.2.15-orig/src/lib/module-dir.c dovecot-2.2.15/src/lib/module-dir.c > --- dovecot-2.2.15-orig/src/lib/module-dir.c 2014-10-18 00:10:15.000000000 +0300 > +++ dovecot-2.2.15/src/lib/module-dir.c 2014-11-13 19:27:29.417786313 +0200 > @@ -621,7 +621,11 @@ > if (*p == '_') > fname = p + 1; > > +#ifdef MODULE_SUFFIX > p = strstr(fname, MODULE_SUFFIX); > +#else > + p = NULL; > +#endif > if (p == NULL) > return fname; -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}------------------------------------------------ooO--U--Ooo------------{= - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - From rs at sys4.de Sun Nov 23 08:55:44 2014 From: rs at sys4.de (Robert Schetterer) Date: Sun, 23 Nov 2014 09:55:44 +0100 Subject: Outlook Express and STARTTLS In-Reply-To: <547143C8.4070504@htt-consult.com> References: <546F9985.2050207@htt-consult.com> <546FAD7D.10300@sys4.de> <546FAEC8.1020905@thelounge.net> <54702A5E.8000805@sys4.de> <547143C8.4070504@htt-consult.com> Message-ID: <5471A110.5060101@sys4.de> Am 23.11.2014 um 03:17 schrieb Robert Moskowitz: > > On 11/22/2014 01:17 AM, Robert Schetterer wrote: >> Am 21.11.2014 um 22:29 schrieb Reindl Harald: >>> Am 21.11.2014 um 22:24 schrieb Robert Schetterer: >>>> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz: >>>>> I have one user that uses Outlook Express. Not only do I not use >>>>> it, I >>>>> don't have any systems here that can easily use it. I bit of a >>>>> challenge. >>>>> >>>>> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP >>>>> connections. >>>>> >>>>> SO far a google search has not shown me how to configure this for a >>>>> user. Anyone have a pointer to instructions so I can talk the person >>>>> through the changes? >>>> you shouldnt support outdated stuff >>>> >>>> http://en.wikipedia.org/wiki/Outlook_Express >>>> >>>> Included with Windows 98, Windows Me, Windows 2000, Windows XP, >>>> Windows >>>> Server 2003 >>> the situation for Outlook (not OE) and TLS is not much better >>> >>> some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you >>> shouldnt support" is not that easy to do - if i could i would shut down >>> so much outdated clients while i can't in case of business customers >>> having other business companies as their customers >>> >> yes i know that problem, but outdated os may hacked anytime and then it >> will not be a client/user problem only > > I have one user that I have to deal with this, and I will probably have > them come over so I can 'fix' their notebook, and see what I might do. > Thing is this is a charity organization where we do things for them > because. So whatever old notebook they have, I have to support what it > can do. Its your policy, but if you have webmail, the user may use this, no need to support outdated clients > > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From hanns at hannsmattes.de Sun Nov 23 13:52:05 2014 From: hanns at hannsmattes.de (Hanns Mattes) Date: Sun, 23 Nov 2014 14:52:05 +0100 Subject: Migrate Separator and prefix In-Reply-To: <5470B23C.5010607@hannsmattes.de> References: <5470B23C.5010607@hannsmattes.de> Message-ID: <5471E685.6000201@hannsmattes.de> Hi, Am 22.11.2014 um 16:56 schrieb Hanns Mattes: > My idea is to switch off Server B, make the necessary config-changes, > delete all user maildirs, restart the server an let replication do it's > work. After that (and correcting the sieve-rules of the users if > necessary), I'd stop server A, delete, restart, resync. > > My idea is, that this will avoid dealing with subscriptions files and > change them to reflect the new INBOX-Structure. > > Is this going to work at all and/or is there a better way for the wanted > migration? No, this does not seem to work. I think, I'll have to deal with the subscriptions with a script. Regards hanns From 24x7server at 24x7server.net Sun Nov 23 16:14:10 2014 From: 24x7server at 24x7server.net (Rajesh M.) Date: Sun, 23 Nov 2014 21:44:10 +0530 Subject: failed login message Message-ID: hi i am using dovecot for pop3 and imap along with qmail toaster i had recently changed over from a 32 bit system to a 64 bit system. i use squirrelmail. the issue i face is that when the user inserts an invalid password then the message he gets is connection dropped by imap server (instead of invalid userid or password) such a message confuses the user. my earlier 32 bit version used to give the correct message i am posting this issue here because i am not sure if this is squirrelmail issue or a dovecot issue. can somebody please let me know the reason for this ? rajesh From rs at sys4.de Sun Nov 23 16:21:29 2014 From: rs at sys4.de (Robert Schetterer) Date: Sun, 23 Nov 2014 17:21:29 +0100 Subject: failed login message In-Reply-To: References: Message-ID: <54720989.7040601@sys4.de> Am 23.11.2014 um 17:14 schrieb Rajesh M.: > hi > > i am using dovecot for pop3 and imap along with qmail toaster > > i had recently changed over from a 32 bit system to a 64 bit system. > > i use squirrelmail. > > the issue i face is that when the user inserts an invalid password then the message he gets is connection dropped by imap server (instead of invalid userid or password) > > such a message confuses the user. > > my earlier 32 bit version used to give the correct message > > i am posting this issue here because i am not sure if this is squirrelmail issue or a dovecot issue. > > can somebody please let me know the reason for this ? > > rajesh > yes , you may ask some magic bubble, or post your configs and related logs Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From kind at adm.uib.no Sun Nov 23 16:57:50 2014 From: kind at adm.uib.no (Hans Morten Kind) Date: Sun, 23 Nov 2014 17:57:50 +0100 Subject: 2.2.15 Panic in mbox_sync_read_next_mail() In-Reply-To: <5458BA9A.7060401@ee.ethz.ch> References: <20141029130348.GA1682@alf.uib.no> <5458BA9A.7060401@ee.ethz.ch> Message-ID: <20141123165734.GA25503@alf.uib.no> On Tue, Nov 04, 2014 at 12:38:02PM +0100, Matthias Egger wrote: > Has someone of you just found any kind of solution to this problem? We have been running some days with patches 31262a892ba7 and 80ed82a93c1a from http://hg.dovecot.org/dovecot-2.2/ They are working fine, handling the previously paniced situations smoothly. Thanks again to the folks at dovecot.org! hmk From bertrand.caplet at chunkz.net Sun Nov 23 20:50:37 2014 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Sun, 23 Nov 2014 21:50:37 +0100 Subject: Strange repplication issues Message-ID: <5472489D.2050200@chunkz.net> Hi, I know there are lots of questions about replication, but I searched and didn't find my question. I've got some problems with syncing. I've got 2 servers: A and B When a email arrives on server A sometimes it's not syncing in server B I think server A doesn't always notify server B there are new mails to sync. But I don't know how to fix it. And I spotted something, when it isn't syncing. The only thing to do is to send local or remote mail to server B and then it sync or do a "doveadm sync -A tcp:serverB.example:port" of course. My doveconf -n of the two servers are in attachements bellow. By the way both of my dovecot servers are v2.2.9 P.S.: I didn't test from server B to A but I think it's the same problem. Thanks in advance, Regards. -- CHUNKZ.NET - casual fiddler and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-34-generic x86_64 Ubuntu 14.04.1 LTS ext4 # THIS IS SERVER A CONFIGURATION auth_mechanisms = CRAM-MD5 PLAIN LOGIN dict { sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no doveadm_password = nicepassword dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u first_valid_uid = 106 last_valid_uid = 106 mail_gid = Debian-exim mail_location = maildir:/var/mail/virtual/%d/%n mail_plugins = quota mail_uid = Debian-exim managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_replica = tcp:serverB.example:12345 quota = maildir:User quota quota_exceeded_message = Quota exceeded, please go to http://site.example/over-quota-help for instructions on how to fix this. quota_grace = 10%% quota_rule2 = Trash:storage=+50M quota_rule3 = Sent:storage=+50M quota_set = dict:proxy::sqlquota quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_before = /var/mail/sieve/spam.conf sieve_dir = ~/sieve } protocols = " imap lmtp sieve" service aggregator { fifo_listener replication-notify-fifo { group = Debian-exim user = Debian-exim } unix_listener replication-notify { group = Debian-exim user = Debian-exim } } service auth { unix_listener auth-client { group = Debian-exim mode = 0660 user = Debian-exim } unix_listener auth-userdb { group = Debian-exim mode = 0660 user = Debian-exim } } service doveadm { inet_listener { port = 12345 } } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 1 service_count = 1 vsz_limit = 64 M } service managesieve { process_limit = 10 } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { mode = 0660 user = Debian-exim } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = Debian-exim mode = 0600 user = Debian-exim } } ssl_cert = From rgm at htt-consult.com Sun Nov 23 21:08:55 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sun, 23 Nov 2014 16:08:55 -0500 Subject: Outlook 2010 not connecting to secure POP3 Message-ID: <54724CE7.1070402@htt-consult.com> OK, I did not know that this user has a new computer with Outlook 2010. This SHOULD make it easier but... I have the computer right next to me, they brought it over. It is on the same LAN as this notebook. I can access my server with: openssl s_client -connect z9m9z.htt-consult.com:995 And then log the user in with the appropriate POP3 credentials. In Outlook 2010, in Advanced settings I have specified "This server requires an encrypted connection (SSL)" and it switches to port 995 (from 110). I try connecting and I get an error that "Your server does notg support the connection encryption type you have specified." The first time we tried this it installed my self-signed cert in the local cert store. Any idea on what is going on or how to get this working? From rs at sys4.de Sun Nov 23 21:23:57 2014 From: rs at sys4.de (Robert Schetterer) Date: Sun, 23 Nov 2014 22:23:57 +0100 Subject: Strange repplication issues In-Reply-To: <5472489D.2050200@chunkz.net> References: <5472489D.2050200@chunkz.net> Message-ID: <5472506D.4080002@sys4.de> Am 23.11.2014 um 21:50 schrieb Bertrand Caplet: > Hi, > I know there are lots of questions about replication, but I searched and > didn't find my question. > I've got some problems with syncing. I've got 2 servers: A and B > When a email arrives on server A sometimes it's not syncing in server B > > I think server A doesn't always notify server B there are new mails to > sync. But I don't know how to fix it. > > And I spotted something, when it isn't syncing. The only thing to do is > to send local or remote mail to server B and then it sync or do a > "doveadm sync -A tcp:serverB.example:port" of course. > > My doveconf -n of the two servers are in attachements bellow. > By the way both of my dovecot servers are v2.2.9 i guess best way is upgrade to latest patch level and retest anything in verbose log ? > > > P.S.: I didn't test from server B to A but I think it's the same problem. > > Thanks in advance, > Regards. > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rgm at htt-consult.com Sun Nov 23 21:23:56 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sun, 23 Nov 2014 16:23:56 -0500 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <54724CE7.1070402@htt-consult.com> References: <54724CE7.1070402@htt-consult.com> Message-ID: <5472506C.6020609@htt-consult.com> I finally noticed this popup of K9 blocking https on port (143, 993, 995). So the user has to come back over here and disable K9 long enough to get things working. ARGH! On 11/23/2014 04:08 PM, Robert Moskowitz wrote: > OK, I did not know that this user has a new computer with Outlook > 2010. This SHOULD make it easier but... > > I have the computer right next to me, they brought it over. It is on > the same LAN as this notebook. I can access my server with: > > openssl s_client -connect z9m9z.htt-consult.com:995 > > And then log the user in with the appropriate POP3 credentials. > > In Outlook 2010, in Advanced settings I have specified "This server > requires an encrypted connection (SSL)" and it switches to port 995 > (from 110). I try connecting and I get an error that > > > "Your server does notg support the connection encryption type you have > specified." > > The first time we tried this it installed my self-signed cert in the > local cert store. > > Any idea on what is going on or how to get this working? > From h.reindl at thelounge.net Sun Nov 23 21:33:57 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 23 Nov 2014 22:33:57 +0100 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <5472506C.6020609@htt-consult.com> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> Message-ID: <547252C5.6010001@thelounge.net> no idea what you are talking about K9 is a android client and works fine with TLS no idea what has "https" to do with email nor why someone needs to "disable K9 long enugh" whatever "long enough" is - don't get me wrong but most technical context on several lists of you if it comes to details is cluttered and your permanently "i am working on IETF" even makes things worser Am 23.11.2014 um 22:23 schrieb Robert Moskowitz: > I finally noticed this popup of K9 blocking https on port (143, 993, > 995). So the user has to come back over here and disable K9 long enough > to get things working. > > ARGH! > > On 11/23/2014 04:08 PM, Robert Moskowitz wrote: >> OK, I did not know that this user has a new computer with Outlook >> 2010. This SHOULD make it easier but... >> >> I have the computer right next to me, they brought it over. It is on >> the same LAN as this notebook. I can access my server with: >> >> openssl s_client -connect z9m9z.htt-consult.com:995 >> >> And then log the user in with the appropriate POP3 credentials. >> >> In Outlook 2010, in Advanced settings I have specified "This server >> requires an encrypted connection (SSL)" and it switches to port 995 >> (from 110). I try connecting and I get an error that >> >> >> "Your server does notg support the connection encryption type you have >> specified." >> >> The first time we tried this it installed my self-signed cert in the >> local cert store. >> >> Any idea on what is going on or how to get this working? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From h.reindl at thelounge.net Sun Nov 23 21:37:15 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 23 Nov 2014 22:37:15 +0100 Subject: Outlook 2010 not connecting to secure POP3 In-Reply-To: <54724CE7.1070402@htt-consult.com> References: <54724CE7.1070402@htt-consult.com> Message-ID: <5472538B.8000104@thelounge.net> Am 23.11.2014 um 22:08 schrieb Robert Moskowitz: > OK, I did not know that this user has a new computer with Outlook 2010. > This SHOULD make it easier but... > > I have the computer right next to me, they brought it over. It is on > the same LAN as this notebook. I can access my server with: > > openssl s_client -connect z9m9z.htt-consult.com:995 > > And then log the user in with the appropriate POP3 credentials. > > In Outlook 2010, in Advanced settings I have specified "This server > requires an encrypted connection (SSL)" and it switches to port 995 > (from 110). I try connecting and I get an error that > > "Your server does notg support the connection encryption type you have > specified." > > The first time we tried this it installed my self-signed cert in the > local cert store. > > Any idea on what is going on or how to get this working? learn to post details and configs, to be honest i feel disturbed by all your technical nonsense not able to express what you are talking about over that many years on so many lists for so many software "dovecot -n" output needed at least "sslscan host:995" would also make sense -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Sun Nov 23 21:39:18 2014 From: rs at sys4.de (Robert Schetterer) Date: Sun, 23 Nov 2014 22:39:18 +0100 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <5472506C.6020609@htt-consult.com> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> Message-ID: <54725406.3020502@sys4.de> Am 23.11.2014 um 22:23 schrieb Robert Moskowitz: > I finally noticed this popup of K9 blocking https on port (143, 993, > 995). So the user has to come back over here and disable K9 long enough > to get things working. > > ARGH! shit happens however you may compare your settings with i.e https://www2.suresupport.com/faq/79/471 notice: setting pop3 995 Tag : server requires an encr.. con.. SSL ..type TLS > > On 11/23/2014 04:08 PM, Robert Moskowitz wrote: >> OK, I did not know that this user has a new computer with Outlook >> 2010. This SHOULD make it easier but... >> >> I have the computer right next to me, they brought it over. It is on >> the same LAN as this notebook. I can access my server with: >> >> openssl s_client -connect z9m9z.htt-consult.com:995 >> >> And then log the user in with the appropriate POP3 credentials. >> >> In Outlook 2010, in Advanced settings I have specified "This server >> requires an encrypted connection (SSL)" and it switches to port 995 >> (from 110). I try connecting and I get an error that >> >> >> "Your server does notg support the connection encryption type you have >> specified." >> >> The first time we tried this it installed my self-signed cert in the >> local cert store. >> >> Any idea on what is going on or how to get this working? >> Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Sun Nov 23 21:45:58 2014 From: rs at sys4.de (Robert Schetterer) Date: Sun, 23 Nov 2014 22:45:58 +0100 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <547252C5.6010001@thelounge.net> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> <547252C5.6010001@thelounge.net> Message-ID: <54725596.9030108@sys4.de> Am 23.11.2014 um 22:33 schrieb Reindl Harald: > no idea what you are talking about > > K9 is a android client and works fine with TLS > > no idea what has "https" to do with email nor why someone needs to > "disable K9 long enugh" whatever "long enough" is - don't get me wrong > but most technical context on several lists of you if it comes to > details is cluttered and your permanently "i am working on IETF" even > makes things worser Yeah, such descriptions are leading to confusion, speculation k9 got mail downloaded before outlook could....no idea why sombody should use k9 with pop3 > > Am 23.11.2014 um 22:23 schrieb Robert Moskowitz: >> I finally noticed this popup of K9 blocking https on port (143, 993, >> 995). So the user has to come back over here and disable K9 long enough >> to get things working. >> >> ARGH! >> >> On 11/23/2014 04:08 PM, Robert Moskowitz wrote: >>> OK, I did not know that this user has a new computer with Outlook >>> 2010. This SHOULD make it easier but... >>> >>> I have the computer right next to me, they brought it over. It is on >>> the same LAN as this notebook. I can access my server with: >>> >>> openssl s_client -connect z9m9z.htt-consult.com:995 >>> >>> And then log the user in with the appropriate POP3 credentials. >>> >>> In Outlook 2010, in Advanced settings I have specified "This server >>> requires an encrypted connection (SSL)" and it switches to port 995 >>> (from 110). I try connecting and I get an error that >>> >>> >>> "Your server does notg support the connection encryption type you have >>> specified." >>> >>> The first time we tried this it installed my self-signed cert in the >>> local cert store. >>> >>> Any idea on what is going on or how to get this working? > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rgm at htt-consult.com Sun Nov 23 22:28:40 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sun, 23 Nov 2014 17:28:40 -0500 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <547252C5.6010001@thelounge.net> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> <547252C5.6010001@thelounge.net> Message-ID: <54725F98.1070800@htt-consult.com> On 11/23/2014 04:33 PM, Reindl Harald wrote: > no idea what you are talking about > > K9 is a android client and works fine with TLS K9 for Redcoat is a 'nanny' watcher for Windows. It protects the home computer from all sorts of nastiness on the Internet. Very popular in my community. I do not use it. > > no idea what has "https" to do with email nor why someone needs to > "disable K9 long enugh" whatever "long enough" is - don't get me wrong > but most technical context on several lists of you if it comes to > details is cluttered and your permanently "i am working on IETF" even > makes things worser > > Am 23.11.2014 um 22:23 schrieb Robert Moskowitz: >> I finally noticed this popup of K9 blocking https on port (143, 993, >> 995). So the user has to come back over here and disable K9 long enough >> to get things working. >> >> ARGH! >> >> On 11/23/2014 04:08 PM, Robert Moskowitz wrote: >>> OK, I did not know that this user has a new computer with Outlook >>> 2010. This SHOULD make it easier but... >>> >>> I have the computer right next to me, they brought it over. It is on >>> the same LAN as this notebook. I can access my server with: >>> >>> openssl s_client -connect z9m9z.htt-consult.com:995 >>> >>> And then log the user in with the appropriate POP3 credentials. >>> >>> In Outlook 2010, in Advanced settings I have specified "This server >>> requires an encrypted connection (SSL)" and it switches to port 995 >>> (from 110). I try connecting and I get an error that >>> >>> >>> "Your server does notg support the connection encryption type you have >>> specified." >>> >>> The first time we tried this it installed my self-signed cert in the >>> local cert store. >>> >>> Any idea on what is going on or how to get this working? > From rgm at htt-consult.com Sun Nov 23 22:30:50 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sun, 23 Nov 2014 17:30:50 -0500 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <54725596.9030108@sys4.de> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> <547252C5.6010001@thelounge.net> <54725596.9030108@sys4.de> Message-ID: <5472601A.2080904@htt-consult.com> On 11/23/2014 04:45 PM, Robert Schetterer wrote: > Am 23.11.2014 um 22:33 schrieb Reindl Harald: >> no idea what you are talking about >> >> K9 is a android client and works fine with TLS >> >> no idea what has "https" to do with email nor why someone needs to >> "disable K9 long enugh" whatever "long enough" is - don't get me wrong >> but most technical context on several lists of you if it comes to >> details is cluttered and your permanently "i am working on IETF" even >> makes things worser > Yeah, such descriptions are leading to confusion, speculation > k9 got mail downloaded before outlook could....no idea why sombody > should use k9 with pop3 And I did not know there was a K9 android app. K9 like in guard dogs. The default settings only allow https stuff on port 443. Must be some attempt to get around controls to use TLS on any other port. I really strongly dislike nanny software. But it is very popular in my community... > >> Am 23.11.2014 um 22:23 schrieb Robert Moskowitz: >>> I finally noticed this popup of K9 blocking https on port (143, 993, >>> 995). So the user has to come back over here and disable K9 long enough >>> to get things working. >>> >>> ARGH! >>> >>> On 11/23/2014 04:08 PM, Robert Moskowitz wrote: >>>> OK, I did not know that this user has a new computer with Outlook >>>> 2010. This SHOULD make it easier but... >>>> >>>> I have the computer right next to me, they brought it over. It is on >>>> the same LAN as this notebook. I can access my server with: >>>> >>>> openssl s_client -connect z9m9z.htt-consult.com:995 >>>> >>>> And then log the user in with the appropriate POP3 credentials. >>>> >>>> In Outlook 2010, in Advanced settings I have specified "This server >>>> requires an encrypted connection (SSL)" and it switches to port 995 >>>> (from 110). I try connecting and I get an error that >>>> >>>> >>>> "Your server does notg support the connection encryption type you have >>>> specified." >>>> >>>> The first time we tried this it installed my self-signed cert in the >>>> local cert store. >>>> >>>> Any idea on what is going on or how to get this working? > > > Best Regards > MfG Robert Schetterer > From h.reindl at thelounge.net Sun Nov 23 22:59:43 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 23 Nov 2014 23:59:43 +0100 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <5472601A.2080904@htt-consult.com> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> <547252C5.6010001@thelounge.net> <54725596.9030108@sys4.de> <5472601A.2080904@htt-consult.com> Message-ID: <547266DF.5080307@thelounge.net> Am 23.11.2014 um 23:30 schrieb Robert Moskowitz: > On 11/23/2014 04:45 PM, Robert Schetterer wrote: >> Am 23.11.2014 um 22:33 schrieb Reindl Harald: >>> no idea what you are talking about >>> >>> K9 is a android client and works fine with TLS >>> >>> no idea what has "https" to do with email nor why someone needs to >>> "disable K9 long enugh" whatever "long enough" is - don't get me wrong >>> but most technical context on several lists of you if it comes to >>> details is cluttered and your permanently "i am working on IETF" even >>> makes things worser >> Yeah, such descriptions are leading to confusion, speculation >> k9 got mail downloaded before outlook could....no idea why sombody >> should use k9 with pop3 > > And I did not know there was a K9 android app. K9 like in guard dogs. that's why you should be precise in what you are posting - in context of mail K9 is for pretty anybody https://play.google.com/store/apps/details?id=com.fsck.k9 > The default settings only allow https stuff on port 443. Must be some > attempt to get around controls to use TLS on any other port. uhm "telnet server port" is still the way to go *before* start other debuggings, if that don't work no need to try a high level client until that problem is solved -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From rgm at htt-consult.com Sun Nov 23 23:27:27 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sun, 23 Nov 2014 18:27:27 -0500 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <547266DF.5080307@thelounge.net> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> <547252C5.6010001@thelounge.net> <54725596.9030108@sys4.de> <5472601A.2080904@htt-consult.com> <547266DF.5080307@thelounge.net> Message-ID: <54726D5F.5000808@htt-consult.com> On 11/23/2014 05:59 PM, Reindl Harald wrote: > > Am 23.11.2014 um 23:30 schrieb Robert Moskowitz: >> On 11/23/2014 04:45 PM, Robert Schetterer wrote: >>> Am 23.11.2014 um 22:33 schrieb Reindl Harald: >>>> no idea what you are talking about >>>> >>>> K9 is a android client and works fine with TLS >>>> >>>> no idea what has "https" to do with email nor why someone needs to >>>> "disable K9 long enugh" whatever "long enough" is - don't get me wrong >>>> but most technical context on several lists of you if it comes to >>>> details is cluttered and your permanently "i am working on IETF" even >>>> makes things worser >>> Yeah, such descriptions are leading to confusion, speculation >>> k9 got mail downloaded before outlook could....no idea why sombody >>> should use k9 with pop3 >> >> And I did not know there was a K9 android app. K9 like in guard dogs. > > that's why you should be precise in what you are posting - in context > of mail K9 is for pretty anybody > https://play.google.com/store/apps/details?id=com.fsck.k9 Got it for next time. > >> The default settings only allow https stuff on port 443. Must be some >> attempt to get around controls to use TLS on any other port. > > uhm "telnet server port" is still the way to go *before* start other > debuggings, if that don't work no need to try a high level client > until that problem is solved Well, since this was a secure connection test, needed openssl for the connect, not telnet. And how to do that on Windows? I DID try it on this F20 notebook, and of course it worked just fine. That was why I really suspected Windows TLS functions. Then when I was trying again, I caught a little pop up in the system tray saying how the nanny software was blocking the bad program that was trying to do https to port 995... I really should be so harsh about the nanny software. It DOES protect a lot of families from content they do not want to see. Just that the defaults no longer match where we want internet privacy to go. From bertrand.caplet at chunkz.net Sun Nov 23 23:29:49 2014 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Mon, 24 Nov 2014 00:29:49 +0100 Subject: [SOLVED]Strange repplication issues In-Reply-To: <5472506D.4080002@sys4.de> References: <5472489D.2050200@chunkz.net> <5472506D.4080002@sys4.de> Message-ID: <54726DED.4030606@chunkz.net> > i guess best way is upgrade to latest patch level and retest > anything in verbose log ? > Thanks Robert, actually the configuration wasn't the same on both servers. One had mail_plugins = quota notify replication on top of the configuration (10-mail.conf) which is right. And the other had mail_plugins = $mail_plugins notify replication on the bottom of the configuration (99-replication.conf) so when imap, lmtp, etc. read the variable mail_plugins it wasn't set to notify and replication yet ! Have a good week. -- CHUNKZ.NET - casual fiddler and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From bertrand.caplet at chunkz.net Sun Nov 23 23:35:46 2014 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Mon, 24 Nov 2014 00:35:46 +0100 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <54726D5F.5000808@htt-consult.com> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> <547252C5.6010001@thelounge.net> <54725596.9030108@sys4.de> <5472601A.2080904@htt-consult.com> <547266DF.5080307@thelounge.net> <54726D5F.5000808@htt-consult.com> Message-ID: <54726F52.3050202@chunkz.net> > Well, since this was a secure connection test, needed openssl for the > connect, not telnet. And how to do that on Windows? I DID try it on > this F20 notebook, and of course it worked just fine. That was why I > really suspected Windows TLS functions. Then when I was trying again, I > caught a little pop up in the system tray saying how the nanny software > was blocking the bad program that was trying to do https to port 995... Hey Robert, There is a command on linux to test ssl/tls smtp server : openssl s_client -connect mail.example.com:port -starttls smtp You just need openssl for windows here : http://slproweb.com/products/Win32OpenSSL.html Let me know if this is working. Regards -- CHUNKZ.NET - casual fiddler and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From bertrand.caplet at chunkz.net Sun Nov 23 23:37:50 2014 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Mon, 24 Nov 2014 00:37:50 +0100 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <54726F52.3050202@chunkz.net> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> <547252C5.6010001@thelounge.net> <54725596.9030108@sys4.de> <5472601A.2080904@htt-consult.com> <547266DF.5080307@thelounge.net> <54726D5F.5000808@htt-consult.com> <54726F52.3050202@chunkz.net> Message-ID: <54726FCE.1040602@chunkz.net> > Hey Robert, > There is a command on linux to test ssl/tls smtp server : > openssl s_client -connect mail.example.com:port -starttls smtp > > You just need openssl for windows here : > http://slproweb.com/products/Win32OpenSSL.html > > Let me know if this is working. > Regards > By the way if this isn't working, try connecting to your server via Mozilla Thunderbird. You'll get fixed if this is related to K9 or to your server. Regards -- CHUNKZ.NET - casual fiddler and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rgm at htt-consult.com Mon Nov 24 00:04:04 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sun, 23 Nov 2014 19:04:04 -0500 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <54726F52.3050202@chunkz.net> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> <547252C5.6010001@thelounge.net> <54725596.9030108@sys4.de> <5472601A.2080904@htt-consult.com> <547266DF.5080307@thelounge.net> <54726D5F.5000808@htt-consult.com> <54726F52.3050202@chunkz.net> Message-ID: <547275F4.8050104@htt-consult.com> On 11/23/2014 06:35 PM, Bertrand Caplet wrote: >> Well, since this was a secure connection test, needed openssl for the >> connect, not telnet. And how to do that on Windows? I DID try it on >> this F20 notebook, and of course it worked just fine. That was why I >> really suspected Windows TLS functions. Then when I was trying again, I >> caught a little pop up in the system tray saying how the nanny software >> was blocking the bad program that was trying to do https to port 995... > Hey Robert, > There is a command on linux to test ssl/tls smtp server : > openssl s_client -connect mail.example.com:port -starttls smtp That I knew and used. > You just need openssl for windows here : > http://slproweb.com/products/Win32OpenSSL.html > > Let me know if this is working. Will try this on the family computer. For any future needs... thanks From rgm at htt-consult.com Mon Nov 24 00:32:49 2014 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sun, 23 Nov 2014 19:32:49 -0500 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <54726FCE.1040602@chunkz.net> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> <547252C5.6010001@thelounge.net> <54725596.9030108@sys4.de> <5472601A.2080904@htt-consult.com> <547266DF.5080307@thelounge.net> <54726D5F.5000808@htt-consult.com> <54726F52.3050202@chunkz.net> <54726FCE.1040602@chunkz.net> Message-ID: <54727CB1.1010106@htt-consult.com> On 11/23/2014 06:37 PM, Bertrand Caplet wrote: >> Hey Robert, >> There is a command on linux to test ssl/tls smtp server : >> openssl s_client -connect mail.example.com:port -starttls smtp >> >> You just need openssl for windows here : >> http://slproweb.com/products/Win32OpenSSL.html >> >> Let me know if this is working. >> Regards >> > By the way if this isn't working, > try connecting to your server via Mozilla Thunderbird. You'll get fixed > if this is related to K9 or to your server. I use Thuderbird all the time. I would have to install it on the users computer. But the problem was a nanny software that was monitoring ports opened so any program that tried to connect to port 995 and do a TLS handshake would have gotten slapped down. The user now knows that the K9 nanny software was blocking the mail. We disabled it monitoring https and secure pop3 started working. So now they have to figure out how to enable it and allow the mail to work. Not my problem. From rs at sys4.de Mon Nov 24 06:44:20 2014 From: rs at sys4.de (Robert Schetterer) Date: Mon, 24 Nov 2014 07:44:20 +0100 Subject: Probably K9 not Outlook - Re: Outlook 2010 not connecting to secure POP3 In-Reply-To: <54726F52.3050202@chunkz.net> References: <54724CE7.1070402@htt-consult.com> <5472506C.6020609@htt-consult.com> <547252C5.6010001@thelounge.net> <54725596.9030108@sys4.de> <5472601A.2080904@htt-consult.com> <547266DF.5080307@thelounge.net> <54726D5F.5000808@htt-consult.com> <54726F52.3050202@chunkz.net> Message-ID: <5472D3C4.3060201@sys4.de> Am 24.11.2014 um 00:35 schrieb Bertrand Caplet: >> Well, since this was a secure connection test, needed openssl for the >> connect, not telnet. And how to do that on Windows? I DID try it on >> this F20 notebook, and of course it worked just fine. That was why I >> really suspected Windows TLS functions. Then when I was trying again, I >> caught a little pop up in the system tray saying how the nanny software >> was blocking the bad program that was trying to do https to port 995... > Hey Robert, > There is a command on linux to test ssl/tls smtp server : > openssl s_client -connect mail.example.com:port -starttls smtp > > You just need openssl for windows here : > http://slproweb.com/products/Win32OpenSSL.html this proves not outlook working, on windows there is maybe proxy stuff installed etc > > Let me know if this is working. > Regards > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From jbehrend at mpifr-bonn.mpg.de Mon Nov 24 08:37:27 2014 From: jbehrend at mpifr-bonn.mpg.de (Jan Behrend) Date: Mon, 24 Nov 2014 09:37:27 +0100 Subject: Replication warnings Message-ID: <1416818247.27253.30.camel@jb1.mpifr-bonn.mpg.de> Hi list, I get these warnings quite frequently. Warning: Failed to do incremental sync for mailbox INBOX, retry with a full sync Is this something to worry about? Otherwise the replication works perfectly. Cheers Jan -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum ---------------------------------------- Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 jbehrend at mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de -------------- next part -------------- # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7 xfs auth_gssapi_hostname = imap.mpifr-bonn.mpg.de auth_krb5_keytab = /etc/krb5-ha.keytab auth_mechanisms = plain login gssapi auth_verbose = yes default_process_limit = 1024 default_vsz_limit = 512 M dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } doveadm_password = xxx doveadm_port = 50222 listen = 134.104.18.77 lmtp_save_to_detail_mailbox = yes mail_location = mdbox:/var/mail/%Ln/maildrop mail_plugins = acl zlib notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mdbox_rotate_size = 10 M namespace mpifr_private { inbox = yes location = prefix = separator = . } namespace mpifr_shared { inbox = no list = children location = mdbox:/var/mail/%%n/maildrop prefix = shared.%%n. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } plugin { acl = vfile acl_defaults_from_inbox = yes acl_shared_dict = proxy::acl mail_replica = tcp:192.168.42.173:50222 sieve = ~/.dovecot.sieve sieve_after = /var/mail/global-after.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_global_dir = /var/mail zlib_save = gz zlib_save_level = 6 } protocols = " imap lmtp sieve pop3" replication_dsync_parameters = -d -l 30 -U -n mpifr_private -n mpifr_shared replication_max_conns = 6 service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service anvil { client_limit = 8192 } service auth { client_limit = 8192 unix_listener auth-userdb { group = vmail user = vmail } } service dict { unix_listener dict { group = vmail user = vmail } } service doveadm { inet_listener { address = 192.168.42.105 port = 50222 } } service imap-login { process_min_avail = 5 service_count = 1 } service imap { vsz_limit = 512 M } service indexer-worker { client_limit = 1 process_limit = 10 user = root } service lmtp { inet_listener lmtp { address = 134.104.18.105 port = 24 } } service managesieve-login { inet_listener sieve { address = 134.104.18.77 port = 4190 } service_count = 1 } service pop3-login { process_min_avail = 5 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = required ssl_cert = From dovecot at lists.wgwh.ch Mon Nov 24 14:20:04 2014 From: dovecot at lists.wgwh.ch (Oli Schacher) Date: Mon, 24 Nov 2014 15:20:04 +0100 Subject: Replication warnings In-Reply-To: <1416818247.27253.30.camel@jb1.mpifr-bonn.mpg.de> References: <1416818247.27253.30.camel@jb1.mpifr-bonn.mpg.de> Message-ID: <20141124152004.45f412c2@lists.wgwh.ch> On Mon, 24 Nov 2014 09:37:27 +0100 Jan Behrend wrote: > Hi list, > > I get these warnings quite frequently. > > Warning: Failed to do incremental sync for mailbox INBOX, retry with a > full sync > > Is this something to worry about? Otherwise the replication works > perfectly. > > Cheers Jan > We saw this too with 2.2.13. After we updated to 2.2.15 the warnings went away. Cheers Oli From andy at xecu.net Mon Nov 24 16:21:40 2014 From: andy at xecu.net (Andy Dills) Date: Mon, 24 Nov 2014 11:21:40 -0500 (EST) Subject: Possible to adjust username used to determine the proxy destination? Message-ID: <20141124111310.U197@shell.xecu.net> I'm in a fairly standard cluster environment: shared storage, bunch of servers each acting as both proxies and backends. We do /bin/checkpassword authentication, allowing a great deal of flexibility...protection against brute force, billing mechanisms, but relevant to this issue, I have it set up to allow users to login with either their username (if they are in one of our default domains) or their email address. I'm realizing now that as a consequence of this, "joe" and "joe at xecu.net" are unique as far as dovecot is concerned. Users who login with just their username (and not the full email address) can get assigned to a different backend server than when they login with the full email address (which would also include LMTP deliveries). This has been happening for years, a few broken indexes here and there that seem to resolve themselves, so it hasn't been impacting the service, but I'd like to correct it properly. Is there a way to manipulate this? For example, if I moved the authentication to the proxy layer (it's currently proxy=y nopassword=y), and set $ENV{USER} to the full email address, will director use that for selection instead of the user-supplied username? I'm open to suggestions on how best to accomplish this. Thanks, Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- From jlar310 at gmail.com Mon Nov 24 16:53:00 2014 From: jlar310 at gmail.com (Jeff Larsen) Date: Mon, 24 Nov 2014 10:53:00 -0600 Subject: doveadm backup for all users to file system Message-ID: The wiki says that doveadm backup supports the -A option for all users, but when I specify a file-system destination (like /tmp, or an NFS mounted folder), it just rewrites each user backup to the same location overwriting the previous user's content. You end up with just the content for the last user processed. I tried the typical %u substitution but that just created folder named '%u' and had the same overwrite problem. My userdb is LDAP which works just fine for other doveadm commands. The verbose/debug output from doveadm backup shows that it is processing every user. Example: doveadm -vD backup -A sdbox:/tmp/backup My understanding is that "doveadm backup" is just a front-end for dsync. The dsync manpage on the other hand says "dsync can currently sync only one user at a time. If you want to dsync all users, you'll need to get a list of all users and execute dsync separately..." It appears that "doveadm backup -A" is doing the iteration for me, but it's not generating individual destination paths for each user. So, is this is a documentation problem for "doveadm backup"? Or am I missing something here? Is there some secret sauce for "doveadm backup -A" that I'm not finding? If all else fails, I know I can write a script to iterate over the available users and run the backup repeatedly, but I would like to keep this as simple as possible. Thanks, Jeff From skdovecot at smail.inf.fh-brs.de Tue Nov 25 07:18:29 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 25 Nov 2014 08:18:29 +0100 (CET) Subject: Possible to adjust username used to determine the proxy destination? In-Reply-To: <20141124111310.U197@shell.xecu.net> References: <20141124111310.U197@shell.xecu.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 24 Nov 2014, Andy Dills wrote: > I'm in a fairly standard cluster environment: shared storage, bunch of > servers each acting as both proxies and backends. > > We do /bin/checkpassword authentication, allowing a great deal of > flexibility...protection against brute force, billing mechanisms, but > relevant to this issue, I have it set up to allow users to login with > either their username (if they are in one of our default domains) or their > email address. > > I'm realizing now that as a consequence of this, "joe" and "joe at xecu.net" > are unique as far as dovecot is concerned. Users who login with just their > username (and not the full email address) can get assigned to a different > backend server than when they login with the full email address (which > would also include LMTP deliveries). This has been happening for years, a > few broken indexes here and there that seem to resolve themselves, so it > hasn't been impacting the service, but I'd like to correct it properly. Can return Dovecot Extra Fields as describes in: http://wiki2.dovecot.org/AuthDatabase/CheckPassword ? userdb_user should change the username. > Is there a way to manipulate this? For example, if I moved the > authentication to the proxy layer (it's currently proxy=y nopassword=y), > and set $ENV{USER} to the full email address, will director use that for > selection instead of the user-supplied username? Dunno - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHQtRXz1H7kL/d9rAQIK+Af/XxO7G4IqGMUW0vv7alg778x+hipYrz8G lIIfHdEGhmWcniiqKdVvkA+/UhsWTfjz9ZDaVt/aYRqAXBrXvMZEjntD9cyssz6D rxBdKyQR5bVPOSFBJPOkg/CnRznTsFt8LY4T+OEO59vljyzNXi5um1ehtgsOqYsL 5iB+oO/oBkwObewpHRQFasjoA/lV1k2kJ5YA+Jsb5/+EgF8A78ZrSbQ6XEES89YD o9MZQUmWUVvAHn7plWd4aC3OoCmZV49Oq/q8su2x0fP4jkzIyGDOxre5CJ2uN6s6 tFb2Qo6Ns8ZKf5Zh26BV0mKpSGcfK4KOQW7hyFkdC1i4KnujMNxjoA== =TMrx -----END PGP SIGNATURE----- From aaron at rsbuddy.com Tue Nov 25 08:02:41 2014 From: aaron at rsbuddy.com (Aaron Jenkins) Date: Tue, 25 Nov 2014 08:02:41 +0000 Subject: Working with Active Directory on Windows Server 2012 R2 Message-ID: Hi all, I?m having issues getting Dovecot to work with AD on 2012 R2 in a test environment. Background: AD is running on dc1.ad.automaton.uk, the domain is ad.automaton.uk. The DNS server is running on ad.automaton.uk and the automaton.uk DNS is set up correctly in the test environment in that everything resolves to the correct IP address and I can authenticate with whichever LDAP clients (ldapsearch, ApacheDS, sssd). It refuses to bind on Dovecot for some reason. aaron at mail:/var/log$ uname -a Linux mail.ad.automaton.uk 3.16.0-23-generic #31-Ubuntu SMP Tue Oct 21 17:56:17 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux aaron at mail:/var/log$ dovecot --version 2.2.9 aaron at mail:/var/log$ dpkg -l | grep dovecot ii dovecot-core 1:2.2.9-1ubuntu5 amd64 secure POP3/IMAP server - core files ii dovecot-gssapi 1:2.2.9-1ubuntu5 amd64 secure POP3/IMAP server - GSSAPI support ii dovecot-imapd 1:2.2.9-1ubuntu5 amd64 secure POP3/IMAP server - IMAP daemon ii dovecot-ldap 1:2.2.9-1ubuntu5 amd64 secure POP3/IMAP server - LDAP support aaron at mail:/var/log/$ cat dovecot-debug.log ? Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1 Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may contain sensitive data) Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp Nov 19 09:22:29 auth: Debug: client in: AUTH 2 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 resp= (previous base64 data may contain sensitive data) Nov 19 09:22:39 auth: Debug: client passdb out: FAIL 2 user=aaron.jenkins temp Nov 19 09:22:40 auth: Debug: client in: AUTH 3 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 Nov 19 09:22:44 auth: Debug: client passdb out: CONT 3 Nov 19 09:22:44 auth: Debug: client in: CONT 3 (previous base64 data may contain sensitive data) Nov 19 09:22:50 auth: Debug: client passdb out: FAIL 3 user=aaron.jenkins temp Nov 19 09:22:50 auth: Debug: client in: AUTH 4 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 resp= (previous base64 data may contain sensitive data) Nov 19 09:22:56 auth: Debug: client passdb out: FAIL 4 user=aaron.jenkins temp (I?ve removed the base64 as it might contain passwords I actually use, if it?s important I?ll re-run it with a different password unredacted) Do you guys have any ideas on how to get it working with 2012 R2? I know the LDAP is quite funky but I suspect that?s why it doesn?t work. Also, attached is my sssd config as it?s working fine in case it might provide any insights. -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-ldap.conf.ext Type: application/octet-stream Size: 6269 bytes Desc: dovecot-ldap.conf.ext URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: sssd.conf Type: application/octet-stream Size: 1277 bytes Desc: sssd.conf URL: From joseba.torre at ehu.es Tue Nov 25 09:09:29 2014 From: joseba.torre at ehu.es (Joseba Torre) Date: Tue, 25 Nov 2014 10:09:29 +0100 Subject: Possible to adjust username used to determine the proxy destination? In-Reply-To: <20141124111310.U197@shell.xecu.net> References: <20141124111310.U197@shell.xecu.net> Message-ID: <54744749.7010305@ehu.es> El 24/11/14 a las 17:21, Andy Dills escribi?: > I'm in a fairly standard cluster environment: shared storage, bunch of > servers each acting as both proxies and backends. > > We do /bin/checkpassword authentication, allowing a great deal of > flexibility...protection against brute force, billing mechanisms, but > relevant to this issue, I have it set up to allow users to login with > either their username (if they are in one of our default domains) or their > email address. > > I'm realizing now that as a consequence of this, "joe" and"joe at xecu.net" > are unique as far as dovecot is concerned. Users who login with just their > username (and not the full email address) can get assigned to a different > backend server than when they login with the full email address (which > would also include LMTP deliveries). This has been happening for years, a > few broken indexes here and there that seem to resolve themselves, so it > hasn't been impacting the service, but I'd like to correct it properly. > > Is there a way to manipulate this? For example, if I moved the > authentication to the proxy layer (it's currently proxy=y nopassword=y), > and set $ENV{USER} to the full email address, will director use that for > selection instead of the user-supplied username? > > I'm open to suggestions on how best to accomplish this. I had a similar problem using director. The solution was director_username_hash = %n but I don't know if there is a equivalent solution for proxys HTH From 24x7server at 24x7server.net Tue Nov 25 09:49:18 2014 From: 24x7server at 24x7server.net (24x7server at 24x7server.net) Date: Tue, 25 Nov 2014 15:19:18 +0530 Subject: failed login message Message-ID: <5F23DC0F11BA40DCAC92CD38796A3A75.MAI@24x7server.net> thanks for your reply i intentionaly put the wrong password and checked the dovecot log and the message i got was # tail -f /var/log/dovecot.log | grep "xxx at yyy.com" Nov 25 08:47:46 imap-login: Info: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session= but in the squirrelmail login page instead of the message "unknown user or password incorrect" i get the message ERROR: Connection dropped by IMAP server. Query: LOGOUT in my old server where it is working correctly dovecot logs shows the error Nov 25 14:46:12 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<"xxx at yyy.com">, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured and squirrelmail gives the error : "unknown user or password incorrect" which is correct. is there any other place i need to check or some other config file (either squirrelmail or dovecot) that i need to modify could you kindly guide me rajesh ----- Original Message ----- From: Robert Schetterer [mailto:rs at sys4.de] To: dovecot at dovecot.org Sent: Sun, 23 Nov 2014 17:21:29 +0100 Subject: Re: failed login message Am 23.11.2014 um 17:14 schrieb Rajesh M.: > hi > > i am using dovecot for pop3 and imap along with qmail toaster > > i had recently changed over from a 32 bit system to a 64 bit system. > > i use squirrelmail. > > the issue i face is that when the user inserts an invalid password then the message he gets is connection dropped by imap server (instead of invalid userid or password) > > such a message confuses the user. > > my earlier 32 bit version used to give the correct message > > i am posting this issue here because i am not sure if this is squirrelmail issue or a dovecot issue. > > can somebody please let me know the reason for this ? > > rajesh > yes , you may ask some magic bubble, or post your configs and related logs Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From skdovecot at smail.inf.fh-brs.de Tue Nov 25 10:21:54 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 25 Nov 2014 11:21:54 +0100 (CET) Subject: Working with Active Directory on Windows Server 2012 R2 In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 25 Nov 2014, Aaron Jenkins wrote: > I?m having issues getting Dovecot to work with AD on 2012 R2 in a test environment. > ? > Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) > Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 > Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1 > Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may contain sensitive data) > Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp Your conf: auth_bind = yes dn = aaron.jenkins dnpass = dummypass1 auth_bind_userdn = CN=%u,CN=users,DC=ad,DC=automaton,DC=uk Can you really succeed a simple auth with the dn aaron.jenkins ? This ought to be a full DN. As I understand auth_bind_userdn, you do not need dn/dnpass anyway, because auth_bind_userdn prevents searching for the user's DN, in which case Dovecot requires a connection before any user bind takes place. I wonder if the log shows the error from this setting or from the user's login attempt. Could you try another user? Can you auth from command line via ldapsearch -x -H ldap://dc1.ad.automaton.uk -D \ CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W \ - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHRYQ3z1H7kL/d9rAQLlKgf9GB2o0/T84E9KykVU/IkoCuLQLfaNeTzg tI26Puwl1+tHXY+WkJs8uHTsKWaI5Qyh0Fv/6bR3ZSB5QhEkAQSE87WKfSJCe6FX i1261C5oLSqA8mWYoyPnkeHuHDFKp9YULnfqgBbLzz/7Y63i0dDgaql5stELZSwa XCzUwrEWdxdzgt8h7mnfG6fHn4xxfLeKCiA5e62afjXux4eCGclcytXOpIgl8z7u bULhGmxqyYDvjkGXCex/LYtKx+S6zSIMg/8Ior6SrPBy+IK0qUtwPoOssCY4cycd 4ZRVdvxjmjbHrzQdV/ZJn+jLqSI016l/lzASP7SUptHb8CjwxZxeCw== =6Zsw -----END PGP SIGNATURE----- From gedalya at gedalya.net Tue Nov 25 10:54:49 2014 From: gedalya at gedalya.net (Gedalya) Date: Tue, 25 Nov 2014 05:54:49 -0500 Subject: failed login message In-Reply-To: <5F23DC0F11BA40DCAC92CD38796A3A75.MAI@24x7server.net> References: <5F23DC0F11BA40DCAC92CD38796A3A75.MAI@24x7server.net> Message-ID: <54745FF9.4010605@gedalya.net> On 11/25/2014 04:49 AM, 24x7server at 24x7server.net wrote: > thanks for your reply > > i intentionaly put the wrong password and checked the dovecot log and the message i got was > > # tail -f /var/log/dovecot.log | grep "xxx at yyy.com" > Nov 25 08:47:46 imap-login: Info: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, > secured, session= > > but in the squirrelmail login page instead of the message "unknown user or password incorrect" i get the message > > ERROR: Connection dropped by IMAP server. > Query: LOGOUT > > > in my old server where it is working correctly dovecot logs shows the error > > Nov 25 14:46:12 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<"xxx at yyy.com">, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured > > and squirrelmail gives the error : "unknown user or password incorrect" which is correct. > > is there any other place i need to check or some other config file (either squirrelmail or dovecot) that i need to modify > > could you kindly guide me > 1. Please carefully read http://dovecot.org/mailinglists.html 2. Please carefully follow the instructions at http://dovecot.org/mailinglists.html. In your case, post full details for both servers. 3. Try to manually log in to both servers using e.g. telnet in order to see any differences in the way they respond. Something like $ telnet 192.168.9.11 143 Trying 192.168.9.11... Connected to 192.168.9.11. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready. 1 login gedalya 1234 * BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed. 1 NO [PRIVACYREQUIRED] Plaintext authentication disallowed on non-secure (SSL/TLS) connections. 2 logout * BYE Logging out 2 OK Logout completed. Connection closed by foreign host. (that's how it responds in my specific case as I disallow plaintext login) Or if you need TLS (like me): $ openssl s_client -starttls imap -quiet -connect 192.168.9.11:143 depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 . OK Pre-login capabilities listed, post-login capabilities have more. 1 login gedalya 1234 1 NO [AUTHENTICATIONFAILED] Authentication failed. 2 logout * BYE Logging out 2 OK Logout completed. From r at sys4.de Tue Nov 25 12:27:05 2014 From: r at sys4.de (Ralf Hildebrandt) Date: Tue, 25 Nov 2014 13:27:05 +0100 Subject: Message is missing GUID Message-ID: <20141125122705.GC24568@sys4.de> # doveadm force-resync -u username inbox doveadm(username): Warning: fscking index file /srv/vmail/04/05/14331/mdbox/storage/dovecot.map.index doveadm(username): Warning: mdbox /srv/vmail/04/05/14331/mdbox/storage: rebuilding indexes doveadm(username): Error: Corrupted dbox file /srv/vmail/04/05/14331/mdbox/storage/m.122 (around offset=10056504): Message is missing GUID doveadm(username): Error: mdbox rebuild: Failed to fix file /srv/vmail/04/05/14331/mdbox/storage/m.122 Can I fix this somehow? % doveadm fetch -u username body ALL > /dev/null % doveadm fetch -u ulli.achter at posteo.de GUID ALL > /dev/null Don't throw errors! -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From pj.netfilter at gmail.com Tue Nov 25 13:33:29 2014 From: pj.netfilter at gmail.com (Joy) Date: Tue, 25 Nov 2014 19:03:29 +0530 Subject: LMTP Saving mail to Junk Folder Message-ID: Hi, I am facing an issues where LMTP delivering all mails to Junk folder, I have checked no sieve script exist either in .sieve or .svbin format but if i remove the sieve from plugin area in LMTP configuration file mails get delivered in Inbox folder. Kindly help me to figure out this issue. From gedalya at gedalya.net Tue Nov 25 13:36:02 2014 From: gedalya at gedalya.net (Gedalya) Date: Tue, 25 Nov 2014 08:36:02 -0500 Subject: LMTP Saving mail to Junk Folder In-Reply-To: References: Message-ID: <547485C2.7010900@gedalya.net> On 11/25/2014 08:33 AM, Joy wrote: > Hi, > I am facing an issues where LMTP delivering all mails to Junk folder, > I have checked no sieve script exist either in .sieve or .svbin format but > if i remove the sieve from plugin area in LMTP configuration file mails get > delivered in Inbox folder. > > Kindly help me to figure out this issue. Sounds like it must be a global sieve script then. Look at your conf.d/90-sieve.conf From vitalif at yourcmc.ru Tue Nov 25 13:48:24 2014 From: vitalif at yourcmc.ru (vitalif at yourcmc.ru) Date: Tue, 25 Nov 2014 16:48:24 +0300 Subject: slow incremental indexing of maildirs with squat Message-ID: <6c525d99e13fa2ecaa5c2162db7f9239@yourcmc.ru> Hi! I'm using Dovecot 2.1.7 on Debian Wheezy 32-bit (package version is 1:2.1.7-7+deb7u1) with maildirs. My problem is that the incremental indexing of maildirs with squat takes a very long time... I don't know if it reindexes anything, but it seems it iterates though all messages on each search query and reads them. It works fast only on successive queries within several minutes, probably because of the messages being in cache. What do you think, is it a bug? -- With best regards, Vitaliy Filippov -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dovecot-n.txt URL: From barraudu at tiscali.it Tue Nov 25 23:20:39 2014 From: barraudu at tiscali.it (brd) Date: Wed, 26 Nov 2014 00:20:39 +0100 Subject: LastLogin In-Reply-To: <543F6F3E.30709@luigirosa.com> References: <543F6F3E.30709@luigirosa.com> Message-ID: <20141125232039.GA24873@tiscali.com> another question on recently released last_login plugin... according to wiki http://wiki2.dovecot.org/PostLoginScripting: "It's not currently possible to run post-login scripts in proxies, because they're not actually logging in to the local Dovecot. An alternative method could be implemented some day, maybe as a plugin." is the new last_login plugin able to save last_login even on proxy? -brd Luigi Rosa wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Timo Sirainen wrote on 14/10/2014 18:53: > > > + Added last-login plugin to set user's last-login timestamp on login. > > According to http://wiki2.dovecot.org/Plugins/LastLogin the plugin uses redis, > but can use other dictionaries > > If I have MySQL as userbase backend what field(s) should be created to have > this information recordered in the database? > > > > > > > Ciao, > luigi > > - -- > / > +--[Luigi Rosa]-- > \ > > Afternoon: that part of the day we spend worrying about > how we wasted the morning. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBAgAGBQJUP285AAoJEO5WT/qgw4yKPngQAKYkmLQuVf3/ViWfWOkwah52 > vYv6uXYcWWRa76NNIVGLw4I9LMWv1Nw0DWNAJotPkHBggbBzkc396Etb+6qrj0uT > zNz/uHfsv4CJquxRFyGtGal+j9ZeG2T60PtZXkh+sHAnShSmbvsr+RzLgJOzfYVh > o5RAW//bLiRdyVun32ZRwHLwueI14ppQxnAQOMuvTZNUxYg3nxUnkOObx2/5pGmq > bv61gg+AFK74/QoMZrK9UdS3Pg7gQU8PXd2j4tv08iuJ4MjBlHx14aye0hdc1T6p > 1VlM8kd/nh62B7hQEBPxRB0G2jVA/LM58ENO7MmbsX3E5+p1hgg++aw7prmsZvw8 > mpM5MazHzj78jdclNVa94TqOnXOJ/3D5+0bEAILu20QchjP4aFcmAHf3xZW6lA1t > ZcCYb2n/UOEL2+9vaR8ngAqpi/14mmgQQL1r9rqNDqx8uZGzfRq1LKD2RyQ+Vt0e > ui7eMnL4dNMhpW+IU3eGH8+/V7gf2Aj5MRFDZ8r+nzi6PdjSRBwRz5/arrc87r2P > XmYebH6bRYMpVYHoWk76HrOkOSrYmYYRYijqfMivLoF1Fa25XDu4wqN55D+VZgEa > 5Ad8/BSvhV0Yhg9yVoqXGREbxPLlQAQ8RA2fMhm5I1pqr3YYxoh5ayFiAGPBhnD1 > aBFenPPnc6DnN+luxFWj > =5H+W > -----END PGP SIGNATURE----- From martin at stigge.org Mon Nov 24 15:12:49 2014 From: martin at stigge.org (Martin Stigge) Date: Mon, 24 Nov 2014 16:12:49 +0100 Subject: Move mail behavior Message-ID: <1416841969.11651.2.camel@stigge.org> Hi! I've recently migrated my IMAP mail setup from a server running an older Debian Squeeze with dovecot 1.2.15 to a new Debian Jessie system with dovecot 2.2.13. In the old setup, it used to be so that a mail moved from a folder to another one was marked as deleted in the originating folder (in dovecot 1.2.15). In the new setup, the mail just disappears from the originating folder (with dovecot 2.2.13). The mail arrives properly in the target folder, so that's fine. But I actually liked the old behavior. I observe this with Evolution as well as Icedove (Thunderbird) mail clients, which is why I assume that it's actually a change in the IMAP server behavior. Is it supposed to behave like that? Is there a way to configure this? Regards, Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: From skdovecot at smail.inf.fh-brs.de Wed Nov 26 06:31:21 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 26 Nov 2014 07:31:21 +0100 (CET) Subject: Move mail behavior In-Reply-To: <1416841969.11651.2.camel@stigge.org> References: <1416841969.11651.2.camel@stigge.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 24 Nov 2014, Martin Stigge wrote: > I've recently migrated my IMAP mail setup from a server running an older > Debian Squeeze with dovecot 1.2.15 to a new Debian Jessie system with > dovecot 2.2.13. In the old setup, it used to be so that a mail moved > from a folder to another one was marked as deleted in the originating > folder (in dovecot 1.2.15). In the new setup, the mail just disappears > from the originating folder (with dovecot 2.2.13). The mail arrives > properly in the target folder, so that's fine. But I actually liked the > old behavior. Did you have migrated the old configuration to the new server? Post the config of both servers. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEUAwUBVHVzunz1H7kL/d9rAQJXrQf4+w1xyFuJ8KlNvAB1RRIal2H43rj5piRQ Q/N2JapTP2SzRAeByY2yvT1bWGnK1wlti8NVslCnw+8BbSHv/rh0yqhyBvFKgp61 +1ZCgyJp/RRDRrfo6vEKtnynAE528FCNuOGvP3JngErSznLdTsOi4himAiBmDqAy XuD2fWI6R9eIOd1PYuAapVs2fAHKN7X2sz7e3AN47sNy5pKsyjgzpDAI5PKaGFIt tJUCSNCXoTjJCd5OSbj5q+sprbXrB5jtaJ924+r/CK+3kcWYnOj6NmND58duOw4U lyFlT+PEEwOoKJzhyGoar9k0wL+Xbdl3E+O0rleYsDQp6nWnAQi2 =TnJo -----END PGP SIGNATURE----- From dmiller at amfes.com Wed Nov 26 07:15:20 2014 From: dmiller at amfes.com (Daniel Miller) Date: Tue, 25 Nov 2014 23:15:20 -0800 Subject: Shared mailboxes using SQL Message-ID: I recently tried to change from the simple file to a SQL dictionary for ACL. While the Wiki instructions seemed fairly clear I was having errors. After some further digging, and a little thinking - I read the errors and tried to infer what was happening. I have some IMAP groups configured for sharing. And I guessed the example dictionary didn't allow for them. Looking at my existing shared-mailboxes.db flat file I saw something that gave me a clue. So I added the following: map { pattern = shared/shared-boxes/group/$to/$from table = user_shares value_field = dummy fields { from_user = $from to_user = $to } } And things started working again! A suggestion that perhaps this be added to the wiki - possibly with a bit more information on the "map" sections. Also - would there be any benefit to setting up a separate SQL table for groups? -- Daniel From aaron at rsbuddy.com Wed Nov 26 07:31:54 2014 From: aaron at rsbuddy.com (Aaron Jenkins) Date: Wed, 26 Nov 2014 07:31:54 +0000 Subject: Working with Active Directory on Windows Server 2012 R2 In-Reply-To: References: Message-ID: I?ve attempted the user Mail with the same password with the same result (binding as my own user was a last-ditch attempt). aaron at aaron-Parallels-Virtual-Platform:/etc/sssd$ ldapsearch -x -H ldap://dc1.ad.automaton.uk -D CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: - # # aaron.jenkins, Users, ad.automaton.uk dn: CN=aaron.jenkins,CN=Users,DC=ad,DC=automaton,DC=uk # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Same with the user Mail On November 25, 2014 at 2:18:26 AM, Steffen Kaiser (skdovecot at smail.inf.fh-brs.de) wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 25 Nov 2014, Aaron Jenkins wrote: > I?m having issues getting Dovecot to work with AD on 2012 R2 in a test environment. > ? > Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) > Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 > Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1 > Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may contain sensitive data) > Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp Your conf: auth_bind = yes dn = aaron.jenkins dnpass = dummypass1 auth_bind_userdn = CN=%u,CN=users,DC=ad,DC=automaton,DC=uk Can you really succeed a simple auth with the dn aaron.jenkins ? This ought to be a full DN. As I understand auth_bind_userdn, you do not need dn/dnpass anyway, because auth_bind_userdn prevents searching for the user's DN, in which case Dovecot requires a connection before any user bind takes place. I wonder if the log shows the error from this setting or from the user's login attempt. Could you try another user? Can you auth from command line via ldapsearch -x -H ldap://dc1.ad.automaton.uk -D \ CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W \ - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHRYQ3z1H7kL/d9rAQLlKgf9GB2o0/T84E9KykVU/IkoCuLQLfaNeTzg tI26Puwl1+tHXY+WkJs8uHTsKWaI5Qyh0Fv/6bR3ZSB5QhEkAQSE87WKfSJCe6FX i1261C5oLSqA8mWYoyPnkeHuHDFKp9YULnfqgBbLzz/7Y63i0dDgaql5stELZSwa XCzUwrEWdxdzgt8h7mnfG6fHn4xxfLeKCiA5e62afjXux4eCGclcytXOpIgl8z7u bULhGmxqyYDvjkGXCex/LYtKx+S6zSIMg/8Ior6SrPBy+IK0qUtwPoOssCY4cycd 4ZRVdvxjmjbHrzQdV/ZJn+jLqSI016l/lzASP7SUptHb8CjwxZxeCw== =6Zsw -----END PGP SIGNATURE----- From mail at marc-stuermer.de Wed Nov 26 07:37:45 2014 From: mail at marc-stuermer.de (Marc =?utf-8?b?U3TDvHJtZXI=?=) Date: Wed, 26 Nov 2014 07:37:45 +0000 Subject: slow incremental indexing of maildirs with squat In-Reply-To: <6c525d99e13fa2ecaa5c2162db7f9239@yourcmc.ru> Message-ID: <20141126073745.Horde.8V5QhT5GxEQZXoHrIVQapg1@webmail.no-carrier.info> Zitat von vitalif at yourcmc.ru: > Hi! > > I'm using Dovecot 2.1.7 on Debian Wheezy 32-bit (package version is > 1:2.1.7-7+deb7u1) with maildirs. > > My problem is that the incremental indexing of maildirs with squat > takes a very long time... I don't know if it reindexes anything, but Quoting from the Wiki: http://wiki2.dovecot.org/Plugins/FTS/Squat NOTE: The Squat code is quite slow for large mailboxes. There are also a few bugs that are unlikely to be fixed. In v2.1+ it's recommended to use fts-lucene instead. ----- So you should do what the wiki does suggest, either switching to Lucene or Solr. From skdovecot at smail.inf.fh-brs.de Wed Nov 26 08:20:05 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 26 Nov 2014 09:20:05 +0100 (CET) Subject: Working with Active Directory on Windows Server 2012 R2 In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 26 Nov 2014, Aaron Jenkins wrote: > I?ve attempted the user Mail with the same password with the same result (binding as my own user was a last-ditch attempt). OK, what about the: > As I understand auth_bind_userdn, you do not need > dn/dnpass anyway, because auth_bind_userdn prevents searching for the > user's DN Did you removed the dn/dnpass settings? What about the: > I wonder if the log shows the error from this setting or from the user's > login attempt. Could you try another user? If you login with another user (not aaron.jenkins) to IMAP, which username is listed in the logs then. > > aaron at aaron-Parallels-Virtual-Platform:/etc/sssd$ ldapsearch -x -H ldap://dc1.ad.automaton.uk -D CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: - > # > > # aaron.jenkins, Users, ad.automaton.uk > dn: CN=aaron.jenkins,CN=Users,DC=ad,DC=automaton,DC=uk > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > > Same with the user Mail > > > > On November 25, 2014 at 2:18:26 AM, Steffen Kaiser (skdovecot at smail.inf.fh-brs.de) wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 25 Nov 2014, Aaron Jenkins wrote: > >> I?m having issues getting Dovecot to work with AD on 2012 R2 in a test environment. >> ? >> Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) >> Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 >> Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1 >> Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may contain sensitive data) >> Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp > > Your conf: > auth_bind = yes > dn = aaron.jenkins > dnpass = dummypass1 > auth_bind_userdn = CN=%u,CN=users,DC=ad,DC=automaton,DC=uk > > Can you really succeed a simple auth with the dn aaron.jenkins ? This > ought to be a full DN. As I understand auth_bind_userdn, you do not need > dn/dnpass anyway, because auth_bind_userdn prevents searching for the > user's DN, in which case Dovecot requires a connection before any user > bind takes place. > > I wonder if the log shows the error from this setting or from the user's > login attempt. Could you try another user? > > Can you auth from command line via > > ldapsearch -x -H ldap://dc1.ad.automaton.uk -D \ > CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W \ > - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk > > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVHRYQ3z1H7kL/d9rAQLlKgf9GB2o0/T84E9KykVU/IkoCuLQLfaNeTzg > tI26Puwl1+tHXY+WkJs8uHTsKWaI5Qyh0Fv/6bR3ZSB5QhEkAQSE87WKfSJCe6FX > i1261C5oLSqA8mWYoyPnkeHuHDFKp9YULnfqgBbLzz/7Y63i0dDgaql5stELZSwa > XCzUwrEWdxdzgt8h7mnfG6fHn4xxfLeKCiA5e62afjXux4eCGclcytXOpIgl8z7u > bULhGmxqyYDvjkGXCex/LYtKx+S6zSIMg/8Ior6SrPBy+IK0qUtwPoOssCY4cycd > 4ZRVdvxjmjbHrzQdV/ZJn+jLqSI016l/lzASP7SUptHb8CjwxZxeCw== > =6Zsw > -----END PGP SIGNATURE----- > ---------------Output of GPG------------------ > Decryption of block failed > gpg: Signature made Tue 25 Nov 2014 11:21:55 AM CET using RSA key ID 0BFDDF6B > gpg: BAD signature from "Steffen Kaiser " > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHWNNXz1H7kL/d9rAQLnnAf7B2u8IlAG8ayWgsGSOF6JQCYE071r8fvd 3QS5d8kLw59wDocUaRgDDZKflk3AJkpQVb4SNsrTKaESHk9W6vpG9U9LMoQH9Kcg w2R9nr/m5AH7GKx/aZSYpuJYCHZ9uMIv2lMorgUQb8iZdFcSdTa3p/aiDQf/yvjv yEB4W/tXugLZXsP43sEUjjM4yqaYRDM0D1d9GtohaxuZS+VxuZBEPRLD5Wlkh8cj 4NMrvdgPsAAu3jnhpkOkfRnx6mQ6wyPdd7tU0U8QRFtJcae24c7l8jlK785oEREM wCPRfp+HejnQWUzZ2XRjevv58LWa2teQ+U36zutN5Aj2/VTo+U7H+g== =P2I4 -----END PGP SIGNATURE----- From apm at one.com Wed Nov 26 08:36:50 2014 From: apm at one.com (Peter Mogensen) Date: Wed, 26 Nov 2014 09:36:50 +0100 Subject: Sieve counterpart of IMAP SPECIAL-USE Message-ID: <54759122.4010605@one.com> Hi, It would be useful to allow Sieve scripts to "fileinto" based on SPECIAL-USE flags. But all I've been able to find about it is this: http://www.ietf.org/mail-archive/web/sieve/current/msg05171.html Has there been any progress since? /Peter From maegger at ee.ethz.ch Wed Nov 26 09:09:22 2014 From: maegger at ee.ethz.ch (Matthias Egger) Date: Wed, 26 Nov 2014 10:09:22 +0100 Subject: 2.2.15 Panic in mbox_sync_read_next_mail() In-Reply-To: <20141123165734.GA25503@alf.uib.no> References: <20141029130348.GA1682@alf.uib.no> <5458BA9A.7060401@ee.ethz.ch> <20141123165734.GA25503@alf.uib.no> Message-ID: <547598C2.2070808@ee.ethz.ch> Hello Hans On 11/23/2014 05:57 PM, Hans Morten Kind wrote: > On Tue, Nov 04, 2014 at 12:38:02PM +0100, Matthias Egger wrote: >> Has someone of you just found any kind of solution to this problem? > > We have been running some days with patches 31262a892ba7 and 80ed82a93c1a > from http://hg.dovecot.org/dovecot-2.2/ > > They are working fine, handling the previously paniced situations smoothly. > Thanks again to the folks at dovecot.org! Thank you for sharing this. I will give today or tomorrow a look at these patches. Matthias -- Matthias Egger ETH Zurich Department of Information Technology maegger at ee.ethz.ch and Electrical Engineering IT Support Group (ISG.EE), ETL/F/24.1 Phone +41 (0)44 632 03 90 Physikstrasse 3, CH-8092 Zurich Fax +41 (0)44 632 11 95 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4099 bytes Desc: S/MIME Cryptographic Signature URL: From harry at opendium.com Wed Nov 26 11:04:21 2014 From: harry at opendium.com (Harry Mills) Date: Wed, 26 Nov 2014 11:04:21 +0000 Subject: Pigeonhole, vacation being sent incorrectly Message-ID: <5475B3B5.8030804@opendium.com> Hi, I have an issue with a vacation message in a sieve script. I can't see an error in the script itself. Pigeonhole version: 0.4.2-32 Dovecot Version: 2.2.10 The script was created by Ingo (part of the Horde suite), but I think the script is fine. The problem is that when a message is sent to the "everyone" group (and alias for every person in the organisation), vacation messages are being sent back which I believe is an error. The script is: =============================================== # Sieve Filter # Generated by Ingo (http://www.horde.org/apps/ingo/) (11/11/14, 5:20:06 pm GMT) require ["vacation", "regex", "fileinto"]; # Vacation if allof ( not exists "list-help", not exists "list-unsubscribe", not exists "list-subscribe", not exists "list-owner", not exists "list-post", not exists "list-archive", not exists "list-id", not exists "Mailing-List", not header :comparator "i;ascii-casemap" :is "Precedence" ["list", "bulk", "junk"], not header :comparator "i;ascii-casemap" :matches "To" "Multiple recipients of*" ) { if header :regex "Received" "^.*(2014) (\\(.*\\) )?..:..:.. (\\(.*\\) )?((\\+|\\-)[[:digit:]]{4}|.{1,5})( \\(.*\\))?$" { if header :regex "Received" "^.*(Nov) (\\(.*\\) )?.... (\\(.*\\) )?..:..:.. (\\(.*\\) )?((\\+|\\-)[[:digit:]]{4}|.{1,5})( \\(.*\\))?$" { if header :regex "Received" "^.*(13|14|15|16|17|18) (\\(.*\\) )?... (\\(.*\\) )?.... (\\(.*\\) )?..:..:.. (\\(.*\\) )?((\\+|\\-)[[:digit:]]{4}|.{1,5})( \\(.*\\))?$" { vacation :days 7 :addresses "user2" :subject "Out of office" "IMPORTANT MESSAGE^M THE MESSAGE "; } } } } =============================================== The user "User2" sent a vacation message back to the sender "user at example.com" in response to this message (headers only): =============================================== Return-path: Envelope-to: everyone at example.com Delivery-date: Thu, 13 Nov 2014 16:08:16 +0000 Received: from tunis.Exampledomain.local ([192.168.254.107] helo=Tunis) by mail.example.com with esmtp (Exim 4.72) (envelope-from ) id 1XowwM-0007Qw-Cj for everyone at example.com; Thu, 13 Nov 2014 16:08:10 +0000 From: "User" To: "Everyone at Example" Subject: Electrician Date: Thu, 13 Nov 2014 16:08:10 -0000 Organization: Example Consultancy Message-ID: <02e601cfff5c$051ec350$0f5c49f0$@example.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_02E7_01CFFF5C.051FD4C0" X-Mailer: Microsoft Outlook 14.0 Thread-Index: Ac//W17ujWbs6KgRRsOZFc7+qT45Tg== Content-Language: en-gb X-Spam-Note: SpamAssassin run bypassed - sent from local address This is a multipart message in MIME format. =============================================== I have checked RFC 5230 section 4.5 which states: "Vacation" MUST NOT respond to a message unless the recipient user's email address is in a "To", "Cc", "Bcc", "Resent-To", "Resent-Cc", or "Resent-Bcc" line of the original message. I cannot see the address for "user2 at example.com" in any of those fields, or indeed referenced anywhere in the email. Is this a bug, or am I misunderstanding something? Harry -- Harry Mills Tel: 01749 812100 Managing Director Mob: 07815 848818 Opendium Ltd. www.opendium.com From teemu.huovila at dovecot.fi Wed Nov 26 11:16:46 2014 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Wed, 26 Nov 2014 13:16:46 +0200 Subject: imap-login segfaults when using post-login In-Reply-To: <54639257.7050001@atlas-brb.net> References: <54639257.7050001@atlas-brb.net> Message-ID: <5475B69E.1080907@dovecot.fi> I hope you already found the issue on your own, but here are some pointers, just in case. On 11/12/2014 07:01 PM, Nico Rittner wrote: > imap-login: Fatal: master: service(imap-login): child 574 killed with signal 11 (core dumps disabled) > imap[5523]: segfault at 14 ip b7556276 sp bfc1c940 error 4 in libdovecot.so.0.0.0[b7529000+d4000] > > these are the relevant sections i added: > > service imap-login { > executable = imap post-login > } The service executing the post-login should be imap, not imap-login. Please see http://wiki2.dovecot.org/PostLoginScripting > service post-login { > executable = script-login /path/to/exec > } > > i also used /bin/true as /path/to/exec to exclude > the used exec itself as the reason. same result. Testing with /bin/true will not have the expected results. As its last action, the post-login script needs to call exec on its argv. In sh this would be done with 'exec "$@"'. Again, I refer you to the wiki for examples. br, Teemu Huovila From nick.z.edwards at gmail.com Wed Nov 26 12:22:39 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Wed, 26 Nov 2014 22:22:39 +1000 Subject: Pigeonhole, vacation being sent incorrectly In-Reply-To: <5475B3B5.8030804@opendium.com> References: <5475B3B5.8030804@opendium.com> Message-ID: jesus! learn to use precedence On 11/26/14, Harry Mills wrote: > Hi, > > I have an issue with a vacation message in a sieve script. I can't see > an error in the script itself. > > Pigeonhole version: 0.4.2-32 > Dovecot Version: 2.2.10 > > The script was created by Ingo (part of the Horde suite), but I think > the script is fine. The problem is that when a message is sent to the > "everyone" group (and alias for every person in the organisation), > vacation messages are being sent back which I believe is an error. > > The script is: > > > =============================================== > # Sieve Filter > # Generated by Ingo (http://www.horde.org/apps/ingo/) (11/11/14, > 5:20:06 pm GMT) > require ["vacation", "regex", "fileinto"]; > # Vacation > if allof ( not exists "list-help", not exists "list-unsubscribe", not > exists "list-subscribe", not exists "list-owner", not exists > "list-post", not exists "list-archive", not exists "list-id", not exists > "Mailing-List", not header :comparator "i;ascii-casemap" :is > "Precedence" ["list", "bulk", "junk"], not header :comparator > "i;ascii-casemap" :matches "To" "Multiple recipients of*" ) { > if header :regex "Received" "^.*(2014) (\\(.*\\) )?..:..:.. > (\\(.*\\) )?((\\+|\\-)[[:digit:]]{4}|.{1,5})( \\(.*\\))?$" { > if header :regex "Received" "^.*(Nov) (\\(.*\\) )?.... (\\(.*\\) > )?..:..:.. (\\(.*\\) )?((\\+|\\-)[[:digit:]]{4}|.{1,5})( \\(.*\\))?$" { > if header :regex "Received" "^.*(13|14|15|16|17|18) (\\(.*\\) )?... > (\\(.*\\) )?.... (\\(.*\\) )?..:..:.. (\\(.*\\) > )?((\\+|\\-)[[:digit:]]{4}|.{1,5})( \\(.*\\))?$" { > vacation :days 7 :addresses "user2" :subject "Out of office" > "IMPORTANT MESSAGE^M > THE MESSAGE > "; > } > } > } > } > =============================================== > > The user "User2" sent a vacation message back to the sender > "user at example.com" in response to this message (headers only): > > =============================================== > Return-path: > Envelope-to: everyone at example.com > Delivery-date: Thu, 13 Nov 2014 16:08:16 +0000 > Received: from tunis.Exampledomain.local ([192.168.254.107] helo=Tunis) > by mail.example.com with esmtp (Exim 4.72) > (envelope-from ) > id 1XowwM-0007Qw-Cj > for everyone at example.com; Thu, 13 Nov 2014 16:08:10 +0000 > From: "User" > To: "Everyone at Example" > Subject: Electrician > Date: Thu, 13 Nov 2014 16:08:10 -0000 > Organization: Example Consultancy > Message-ID: <02e601cfff5c$051ec350$0f5c49f0$@example.com> > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_02E7_01CFFF5C.051FD4C0" > X-Mailer: Microsoft Outlook 14.0 > Thread-Index: Ac//W17ujWbs6KgRRsOZFc7+qT45Tg== > Content-Language: en-gb > X-Spam-Note: SpamAssassin run bypassed - sent from local address > > This is a multipart message in MIME format. > > =============================================== > > I have checked RFC 5230 section 4.5 which states: > > "Vacation" MUST NOT respond to a message unless the recipient user's > email address is in a "To", "Cc", "Bcc", "Resent-To", "Resent-Cc", or > "Resent-Bcc" line of the original message. > > I cannot see the address for "user2 at example.com" in any of those fields, > or indeed referenced anywhere in the email. Is this a bug, or am I > misunderstanding something? > > Harry > -- > Harry Mills Tel: 01749 812100 > Managing Director Mob: 07815 848818 > Opendium Ltd. www.opendium.com > From nick.z.edwards at gmail.com Wed Nov 26 12:25:17 2014 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Wed, 26 Nov 2014 22:25:17 +1000 Subject: Pigeonhole, vacation being sent incorrectly In-Reply-To: References: <5475B3B5.8030804@opendium.com> Message-ID: actually . you are, i missed it all the noise horde seems to generate, precedence covers pretty much all of that crap, i was glad I left horde, seems its still as stuffed as ever On 11/26/14, Nick Edwards wrote: > jesus! > learn to use precedence > > > On 11/26/14, Harry Mills wrote: >> Hi, >> >> I have an issue with a vacation message in a sieve script. I can't see >> an error in the script itself. >> >> Pigeonhole version: 0.4.2-32 >> Dovecot Version: 2.2.10 >> >> The script was created by Ingo (part of the Horde suite), but I think >> the script is fine. The problem is that when a message is sent to the >> "everyone" group (and alias for every person in the organisation), >> vacation messages are being sent back which I believe is an error. >> >> The script is: >> >> >> =============================================== >> # Sieve Filter >> # Generated by Ingo (http://www.horde.org/apps/ingo/) (11/11/14, >> 5:20:06 pm GMT) >> require ["vacation", "regex", "fileinto"]; >> # Vacation >> if allof ( not exists "list-help", not exists "list-unsubscribe", not >> exists "list-subscribe", not exists "list-owner", not exists >> "list-post", not exists "list-archive", not exists "list-id", not exists >> "Mailing-List", not header :comparator "i;ascii-casemap" :is >> "Precedence" ["list", "bulk", "junk"], not header :comparator >> "i;ascii-casemap" :matches "To" "Multiple recipients of*" ) { >> if header :regex "Received" "^.*(2014) (\\(.*\\) )?..:..:.. >> (\\(.*\\) )?((\\+|\\-)[[:digit:]]{4}|.{1,5})( \\(.*\\))?$" { >> if header :regex "Received" "^.*(Nov) (\\(.*\\) )?.... (\\(.*\\) >> )?..:..:.. (\\(.*\\) )?((\\+|\\-)[[:digit:]]{4}|.{1,5})( \\(.*\\))?$" { >> if header :regex "Received" "^.*(13|14|15|16|17|18) (\\(.*\\) )?... >> (\\(.*\\) )?.... (\\(.*\\) )?..:..:.. (\\(.*\\) >> )?((\\+|\\-)[[:digit:]]{4}|.{1,5})( \\(.*\\))?$" { >> vacation :days 7 :addresses "user2" :subject "Out of office" >> "IMPORTANT MESSAGE^M >> THE MESSAGE >> "; >> } >> } >> } >> } >> =============================================== >> >> The user "User2" sent a vacation message back to the sender >> "user at example.com" in response to this message (headers only): >> >> =============================================== >> Return-path: >> Envelope-to: everyone at example.com >> Delivery-date: Thu, 13 Nov 2014 16:08:16 +0000 >> Received: from tunis.Exampledomain.local ([192.168.254.107] helo=Tunis) >> by mail.example.com with esmtp (Exim 4.72) >> (envelope-from ) >> id 1XowwM-0007Qw-Cj >> for everyone at example.com; Thu, 13 Nov 2014 16:08:10 +0000 >> From: "User" >> To: "Everyone at Example" >> Subject: Electrician >> Date: Thu, 13 Nov 2014 16:08:10 -0000 >> Organization: Example Consultancy >> Message-ID: <02e601cfff5c$051ec350$0f5c49f0$@example.com> >> MIME-Version: 1.0 >> Content-Type: multipart/alternative; >> boundary="----=_NextPart_000_02E7_01CFFF5C.051FD4C0" >> X-Mailer: Microsoft Outlook 14.0 >> Thread-Index: Ac//W17ujWbs6KgRRsOZFc7+qT45Tg== >> Content-Language: en-gb >> X-Spam-Note: SpamAssassin run bypassed - sent from local address >> >> This is a multipart message in MIME format. >> >> =============================================== >> >> I have checked RFC 5230 section 4.5 which states: >> >> "Vacation" MUST NOT respond to a message unless the recipient user's >> email address is in a "To", "Cc", "Bcc", "Resent-To", "Resent-Cc", or >> "Resent-Bcc" line of the original message. >> >> I cannot see the address for "user2 at example.com" in any of those fields, >> or indeed referenced anywhere in the email. Is this a bug, or am I >> misunderstanding something? >> >> Harry >> -- >> Harry Mills Tel: 01749 812100 >> Managing Director Mob: 07815 848818 >> Opendium Ltd. www.opendium.com >> > From gedalya at gedalya.net Wed Nov 26 12:58:12 2014 From: gedalya at gedalya.net (Gedalya) Date: Wed, 26 Nov 2014 07:58:12 -0500 Subject: Pigeonhole, vacation being sent incorrectly In-Reply-To: <5475B3B5.8030804@opendium.com> References: <5475B3B5.8030804@opendium.com> Message-ID: <5475CE64.5050408@gedalya.net> On 11/26/2014 06:04 AM, Harry Mills wrote: > Hi, > > I have an issue with a vacation message in a sieve script. I can't see > an error in the script itself. > > Pigeonhole version: 0.4.2-32 > Dovecot Version: 2.2.10 > > The script was created by Ingo (part of the Horde suite), but I think > the script is fine. The problem is that when a message is sent to the > "everyone" group (and alias for every person in the organisation), > vacation messages are being sent back which I believe is an error. > There is a configuration option which would make that possible. See 'sieve_vacation_dont_check_recipient' in http://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/Vacation From harry at opendium.com Wed Nov 26 14:43:04 2014 From: harry at opendium.com (Harry Mills) Date: Wed, 26 Nov 2014 14:43:04 +0000 Subject: Pigeonhole, vacation being sent incorrectly In-Reply-To: <5475CE64.5050408@gedalya.net> References: <5475B3B5.8030804@opendium.com> <5475CE64.5050408@gedalya.net> Message-ID: <5475E6F8.206@opendium.com> On 26/11/2014 12:58, Gedalya wrote: > On 11/26/2014 06:04 AM, Harry Mills wrote: >> Hi, >> >> I have an issue with a vacation message in a sieve script. I can't see >> an error in the script itself. >> >> Pigeonhole version: 0.4.2-32 >> Dovecot Version: 2.2.10 >> >> The script was created by Ingo (part of the Horde suite), but I think >> the script is fine. The problem is that when a message is sent to the >> "everyone" group (and alias for every person in the organisation), >> vacation messages are being sent back which I believe is an error. >> > There is a configuration option which would make that possible. > See 'sieve_vacation_dont_check_recipient' in > http://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/Vacation > Hi Gedalya, Thanks for the info - unfortunately that setting isn't configured anywhere so I am assuming the default setting of no will be applied. From skdovecot at smail.inf.fh-brs.de Wed Nov 26 15:15:02 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 26 Nov 2014 16:15:02 +0100 (CET) Subject: Pigeonhole, vacation being sent incorrectly In-Reply-To: <5475E6F8.206@opendium.com> References: <5475B3B5.8030804@opendium.com> <5475CE64.5050408@gedalya.net> <5475E6F8.206@opendium.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 26 Nov 2014, Harry Mills wrote: > On 26/11/2014 12:58, Gedalya wrote: >> On 11/26/2014 06:04 AM, Harry Mills wrote: >>> The script was created by Ingo (part of the Horde suite), but I think >>> the script is fine. The problem is that when a message is sent to the >>> "everyone" group (and alias for every person in the organisation), >>> vacation messages are being sent back which I believe is an error. >>> >> There is a configuration option which would make that possible. >> See 'sieve_vacation_dont_check_recipient' in >> http://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/Vacation > > Thanks for the info - unfortunately that setting isn't configured anywhere so > I am assuming the default setting of no will be applied. a) Did you verified your assumption via doveconf -n ? b) Was "user2" the only one with vacation enabled and did user got the vacation reply from all those users? c) Could you create yet another alias with two test users and try it with this limited user set? d) Did you see the headers of the message user2 got? Maybe this particular message got redirected and got an Resent-To added. "tunis.Exampledomain.local" cries for "MS Exchange", which adds such headers if configured to resent (in opposite to forward) messages. Is user2 a recipient of an Exchange account? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHXud3z1H7kL/d9rAQIBsgf8D+3VHosPPo0V04hY5WXFJoeDq0U8LEAw jWWPehrZWA/T4VgScLrO5981tXMcQ4sPXJES53BDxsR2uwAcAlbLuQlf6vbioaIE 8geIy8QXmu2RZJKycCJahF70iIuwajuTTiHhZaDXh+bgoK3p1Mfs46AHG7w7Wdfx +xmnqUTvUn+z7b7YSrkw+lA3u5an3lWrMmf+u/yMCXeVXrudBAsi3gyysTr8lDwO zeJl+jAoHIfR6WrO+GnxxQa113rYlfE9ke1Ib8SYbqDl6lbNYaBGpPpfczRaGKvc odzygC7iUQJFNnaLEVRXlnZw78/fUigD4rz0ZuFcgxcdFSrzkt6f2g== =QRJC -----END PGP SIGNATURE----- From mark.homoky at lingidiom.com Wed Nov 26 15:20:44 2014 From: mark.homoky at lingidiom.com (Mark Homoky) Date: Wed, 26 Nov 2014 15:20:44 +0000 Subject: 2.2.15: SMTP submission server? In-Reply-To: <5469A284.2020704@tesco.net> References: <5467DBD3.6020400@tesco.net> <5467FCD7.1010208@thelounge.net> <5468513A.7010109@sys4.de> <5469A284.2020704@tesco.net> Message-ID: <5475EFCC.2090509@lingidiom.com> On 17/11/2014 07:23, Ron Leach wrote: > On 16/11/2014 07:24, Robert Schetterer wrote (re-ordered): >> Am 16.11.2014 um 02:24 schrieb Reindl Harald: >> >>> * if you find a security issue in postfix running >>> on 587 over TLS cry out loud > > I'm thinking beyond that; I want to get to the position that when > there is an issue in the MTA, our systems are less exposed than they > might otherwise be. It's not about the MTA. > >>> >>> that's it and if you think that combination is not secure enough pull >>> the network cables >>> > > That's pretty much what we have at the moment, but we need to be able > to submit from offsite, and I'm keen to implement that together with > our migration to 2.2. Of course offsite submission is easy, but in > our experience that is also vulnerable. > >>> Am 16.11.2014 um 00:03 schrieb Ron Leach: >>>> There has been mention >>>> from time to time of a dovecot SMTP submission server. Last I saw was >>>> Timo suggesting this would be a 2.3 feature, but that there was >>>> already >>>> a 'basic' capability in 2.2 that, more or less, merely provided a >>>> secured/authorised SMTP submission. I would like to >>>> *not* have our MTA capable of being exploited as a relay (it isn't, at >>>> the moment) whereas users are logging into our dovecot from offsite >>>> using imaps with passwords. >>>> [snip most of background] >>>> >>>> So, is there some kind of SMTP submission service for a logged in >>>> dovecot user, and how would a client make use of that? Is it possible >>>> to setup 2.2.15 for this? And, crucially, would the connections >>>> between >>>> the client (eg at a hotel in some unreliable location) be encrypted >>>> right from the start, not using STARTTLS, as is the case in imaps? >>>> And, >>>> just to be really demanding, could we configure its use on a >>>> non-standard port? >>> >> >> i dont see your point... >> > > I wondered whether the background might hinder an answer but it > normally helps, I'm sorry it was unclear, and especially so since you > took the time to read it. > > Let me list the approach we'd prefer: > > (i) MTA open on port 25 for inbound email. > > (ii) MTA not open on any other port, because (for example, our) MTAs > are constantly faced on port 25 with password attacks, malformed > packets, malformed messages that contain scripts, and malformed > protocol sequences; all these show up in the logs. In the past, at > least one of those succeeded. We have a saying: 'once bitten, twice > shy'. So, now I would prefer that any MTA we use (that is capable of > outbound messaging) be *not* capable of relaying from any inbound SMTP > protocol. (Because inbound SMTP is the focus of so much attack. > Though current versions of MTAs are conscientiously engineered to be > as secure as is practical, they will be broken. They may even be > broken through no action or omission of their own designers; you may > have seen recent discussions on a cryptography list [1] where the > optimising option in a popular tool chain resulted in some protection > algorithm being rendered ineffective. But that's just one example of > a long line of subsequently revealed security weaknesses, so > architectures based on assumptions that the implementations are now > perfect and that they will remain perfect even though the toolchains, > the OSs, the crypto routines and the attacks evolve would be > ill-founded. And attacks don't become weaker, they constantly improve.) > > (iii) Users who are logged in to Dovecot (ie, authorised by Dovecot, > so not authorised by any software which is subject of attack and which > will be compromised from time to time) able to submit outbound > messages through Dovecot on the internal network to an MTA which will > only relay from the internal network. > > (iv) No use of STARTTLS; all client messaging to be secure at and from > the point of protocol initiation. SSL=required, in terms of the > Dovecot conf. > > This type of approach goes some way towards limiting the exposure from > a compromised MTA (attacks will succeed, from time to time), > irrespective of the cause of that compromise. (Let me be clear, I am > sure any compromise will be unexpected and undeserved by the highly > respected and careful and committed designers of the leading MTAs; the > compromises that occur will be despite their efforts.) Simply, I'm > trying to create a mail environment where remote submission of > outbound mail is practical, whilst ensuring that any MTA compromise > can be undamaging. > > > > > submission server in dovecot is on its way ( my last info ) > > > > So I guess the basic SMTP submission feature is not in 2.2. > > Off topic for Dovecot list, but I might think instead about separate > inbound and outbound MTAs to achieve containment of inbound MTA > compromise. > > Robert (and Harald), thanks, > > Ron > > [1] Among very many threads, on GCC bug 30475, in April this year: > http://www.metzdowd.com/pipermail/cryptography/2014-April/021074.html Hi Ron, Firstly these questions mostly relate to MTA configuration and are hence probably on the wrong list now; however: I second Reindl's views here. The issues you describe as vulnerabilities all stem from bad configuration. Run Postfix 2.11.x (production ready, hardened) or Postfix 2.12.x (development, but run by the author... also hardened). Ensure you're running postscreen within Postfix. Use of the deep protocol tests will eject script kiddies like crazy. Basic postscreen goes after zombie attacks and is still very effective on its own. Either way the attackers won't even get close to an inbound SMTPd process. As Reindl said switch off SASL on port 25 (hence in the SMTP conversation following the ehlo line, the client isn't even offered AUTH and hence the chance to login to try to relay). In Postfix SASL isn't switched on by default - either on port 25 or 587. To enable it edit the master.cf file uncommenting the section for submission (587) with a few options passed in via -o: -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject As others have said moving the MSA - Mail Submission Agent - out of Postfix into Dovecot or another IMAP server doesn't help. If anything you're moving a service out of extremely well tested and battle-hardened code into relatively new untested code. Which would you trust more? Join the postfix list, if you aren't already a member, and submit more questions there regarding hardening your configuration further. Steps you may wish to look at in future include setting up DKIM to sign all outbound mail, and verify all inbound mail. Add whitelisting and blacklisting services to your setup as appropriate. You really can't get stronger mail injection than using the standard submission port only accepting AUTH via TLS encrypted connections on port 587 and Postfix running postscreen (with or without deep protocol tests) to reject the majority of zombie type spammers. The postfix documentation is good and very thorough. -- Kind Regards, Mark Homoky IT Consultant From pj.netfilter at gmail.com Thu Nov 27 06:12:57 2014 From: pj.netfilter at gmail.com (Joy) Date: Thu, 27 Nov 2014 11:42:57 +0530 Subject: LMTP Saving mail to Junk Folder In-Reply-To: <547485C2.7010900@gedalya.net> References: <547485C2.7010900@gedalya.net> Message-ID: Solved... I upgraded the system which caused LMTP to wrongly read default global file. On Tue, Nov 25, 2014 at 7:06 PM, Gedalya wrote: > On 11/25/2014 08:33 AM, Joy wrote: > >> Hi, >> I am facing an issues where LMTP delivering all mails to Junk >> folder, >> I have checked no sieve script exist either in .sieve or .svbin format but >> if i remove the sieve from plugin area in LMTP configuration file mails >> get >> delivered in Inbox folder. >> >> Kindly help me to figure out this issue. >> > Sounds like it must be a global sieve script then. > Look at your conf.d/90-sieve.conf > > From skdovecot at smail.inf.fh-brs.de Thu Nov 27 07:17:53 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 27 Nov 2014 08:17:53 +0100 (CET) Subject: 2.2.15: SMTP submission server? In-Reply-To: <5475EFCC.2090509@lingidiom.com> References: <5467DBD3.6020400@tesco.net> <5467FCD7.1010208@thelounge.net> <5468513A.7010109@sys4.de> <5469A284.2020704@tesco.net> <5475EFCC.2090509@lingidiom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 26 Nov 2014, Mark Homoky wrote: > On 17/11/2014 07:23, Ron Leach wrote: >> On 16/11/2014 07:24, Robert Schetterer wrote (re-ordered): >>> Am 16.11.2014 um 02:24 schrieb Reindl Harald: >> >> Off topic for Dovecot list, but I might think instead about separate >> inbound and outbound MTAs to achieve containment of inbound MTA compromise. @Ron: This seems to be the most sensible option for your concerns anyway, but with a well-known MSA. The inbound MTA need not advertise its existance to the web and, if port 587 is the only one, you could bann port probes, because few attackers will start with port 587. > As Reindl said switch off SASL on port 25 (hence in the SMTP conversation > following the ehlo line, the client isn't even offered AUTH and hence the > chance to login to try to relay). [cut] > You really can't get stronger mail injection than using the standard > submission port only accepting AUTH via TLS encrypted connections on port 587 If both port 25 and port 587 are open on the same server, is there any statitic about how much attackers probe port 25 before 587 and if disabling AUTH on port 25 helps at all in that case? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHbQIXz1H7kL/d9rAQLPRQf+P6PQeJ/A1Ht4/f3ulQr2RceeLwQVkdZu tozkdSOrAs3kynbv0f32axgPy1pZIE2VS4mgFPjBKm3fYDSZMM34NqbNGy+v7vrq FNHDLjTOUusYrXcU57TWWdA8uOBLcfrWemLcnlq75ziELqEBqOtrBpfuYVdN9DB8 927V6Q5To5rTLvul3ZzK+V0YSUu7fkXl9sgHUYpbbtyengUVDYDSL+tQUGhYT5ob Mc/KDP5ZNek956etjMWgrCl1XbMKJdRRi6ZWvdVU7+W8aQkrXErdRp69fgRMTwk2 TNWD+9gN5XMBjZL/ZTIDz2Pi70gQaKDVGeyXD0ALUAmJpIFBoGwrlw== =XrHX -----END PGP SIGNATURE----- From aaron at rsbuddy.com Thu Nov 27 08:15:05 2014 From: aaron at rsbuddy.com (Aaron Jenkins) Date: Thu, 27 Nov 2014 08:15:05 +0000 Subject: Working with Active Directory on Windows Server 2012 R2 In-Reply-To: References: Message-ID: I?ve removed the dn / dnpass. When attempting with new user: $ cat /var/log/dovecot-info.log Nov 27 00:09:29 imap-login: Info: Internal login failure (pid=5553 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, mpid=5558, TLS, session= Nov 27 00:09:29 imap-login: Info: Internal login failure (pid=5559 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, mpid=5560, TLS, session= Nov 27 00:09:29 auth: Info: ldap(test.user at ad.automaton.uk,10.211.55.29,): invalid credentials (given password: ThisIsAPass123) Nov 27 00:09:35 auth: Info: ldap(test.user at ad.automaton.uk,10.211.55.29,): invalid credentials (given password: ThisIsAPass123) Nov 27 00:09:37 imap-login: Info: Disconnected (auth failed, 2 attempts in 8 secs): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, TLS, session= $ cat /var/log/dovecot-debug.log Nov 27 00:13:07 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 27 00:13:07 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 27 00:13:07 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libauthdb_ldap.so Nov 27 00:13:07 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Nov 27 00:13:07 auth: Debug: auth client connected (pid=6219) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=/xfdttIIagAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44650 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlcgBUaGlzSXNBUGFzczEyMw== (previous base64 data may contain sensitive data) Nov 27 00:13:07 auth: Debug: client passdb out: OK 1 user=test.user Nov 27 00:13:07 auth: Debug: master in: REQUEST 2256273409 6219 1 a99d65893905abf592245098b369359e session_pid=6223 request_auth_token Nov 27 00:13:07 auth: Debug: ldap(test.user,10.211.55.29,): user search: base=cn=users,dc=ad,dc=automaton,dc=uk scope=subtree filter=(&(name=test.user)(objectClass=person)) fields=homeDirectory,uidNumber,gidNumber Nov 27 00:13:07 auth: Debug: master userdb out: FAIL 2256273409 Nov 27 00:13:07 auth: Debug: auth client connected (pid=6224) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=gn7dttIIawAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44651 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlcgBUaGlzSXNBUGFzczEyMw== (previous base64 data may contain sensitive data) Nov 27 00:13:07 auth: Debug: client passdb out: OK 1 user=test.user Nov 27 00:13:07 auth: Debug: master in: REQUEST 1233256449 6224 1 587c0fc0406dbbdac1ccf4bb6267ff59 session_pid=6225 request_auth_token Nov 27 00:13:07 auth: Debug: ldap(test.user,10.211.55.29,): user search: base=cn=users,dc=ad,dc=automaton,dc=uk scope=subtree filter=(&(name=test.user)(objectClass=person)) fields=homeDirectory,uidNumber,gidNumber Nov 27 00:13:07 auth: Debug: master userdb out: FAIL 1233256449 Nov 27 00:13:07 auth: Debug: auth client connected (pid=6226) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=Ic3dttIIbAAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44652 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlckBhZC5hdXRvbWF0b24udWsAVGhpc0lzQVBhc3MxMjM= (previous base64 data may contain sensitive data) Nov 27 00:13:09 auth: Debug: client passdb out: FAIL 1 user=test.user at ad.automaton.uk Nov 27 00:13:09 auth: Debug: client in: AUTH 2 PLAIN service=imap secured session=Ic3dttIIbAAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44652 resp=AHRlc3QudXNlckBhZC5hdXRvbWF0b24udWsAVGhpc0lzQVBhc3MxMjM= (previous base64 data may contain sensitive data) Nov 27 00:13:15 auth: Debug: client passdb out: FAIL 2 user=test.user at ad.automaton.uk $ ldapsearch -x -H ldap://dc1.ad.automaton.uk -D CN=test.user,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=test.user,CN=users,DC=ad,DC=automaton,DC=uk # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: - # # test.user, Users, ad.automaton.uk dn: CN=test.user,CN=Users,DC=ad,DC=automaton,DC=uk # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 And the password on AD for test.user is 100% ThisIsAPass123. On November 26, 2014 at 12:16:34 AM, Steffen Kaiser (skdovecot at smail.inf.fh-brs.de) wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 26 Nov 2014, Aaron Jenkins wrote: > I?ve attempted the user Mail with the same password with the same result (binding as my own user was a last-ditch attempt). OK, what about the: > As I understand auth_bind_userdn, you do not need > dn/dnpass anyway, because auth_bind_userdn prevents searching for the > user's DN Did you removed the dn/dnpass settings? What about the: > I wonder if the log shows the error from this setting or from the user's > login attempt. Could you try another user? If you login with another user (not aaron.jenkins) to IMAP, which username is listed in the logs then. > > aaron at aaron-Parallels-Virtual-Platform:/etc/sssd$ ldapsearch -x -H ldap://dc1.ad.automaton.uk -D CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: - > # > > # aaron.jenkins, Users, ad.automaton.uk > dn: CN=aaron.jenkins,CN=Users,DC=ad,DC=automaton,DC=uk > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > > Same with the user Mail > > > > On November 25, 2014 at 2:18:26 AM, Steffen Kaiser (skdovecot at smail.inf.fh-brs.de) wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 25 Nov 2014, Aaron Jenkins wrote: > >> I?m having issues getting Dovecot to work with AD on 2012 R2 in a test environment. >> ? >> Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) >> Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 >> Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1 >> Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may contain sensitive data) >> Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp > > Your conf: > auth_bind = yes > dn = aaron.jenkins > dnpass = dummypass1 > auth_bind_userdn = CN=%u,CN=users,DC=ad,DC=automaton,DC=uk > > Can you really succeed a simple auth with the dn aaron.jenkins ? This > ought to be a full DN. As I understand auth_bind_userdn, you do not need > dn/dnpass anyway, because auth_bind_userdn prevents searching for the > user's DN, in which case Dovecot requires a connection before any user > bind takes place. > > I wonder if the log shows the error from this setting or from the user's > login attempt. Could you try another user? > > Can you auth from command line via > > ldapsearch -x -H ldap://dc1.ad.automaton.uk -D \ > CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W \ > - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk > > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVHRYQ3z1H7kL/d9rAQLlKgf9GB2o0/T84E9KykVU/IkoCuLQLfaNeTzg > tI26Puwl1+tHXY+WkJs8uHTsKWaI5Qyh0Fv/6bR3ZSB5QhEkAQSE87WKfSJCe6FX > i1261C5oLSqA8mWYoyPnkeHuHDFKp9YULnfqgBbLzz/7Y63i0dDgaql5stELZSwa > XCzUwrEWdxdzgt8h7mnfG6fHn4xxfLeKCiA5e62afjXux4eCGclcytXOpIgl8z7u > bULhGmxqyYDvjkGXCex/LYtKx+S6zSIMg/8Ior6SrPBy+IK0qUtwPoOssCY4cycd > 4ZRVdvxjmjbHrzQdV/ZJn+jLqSI016l/lzASP7SUptHb8CjwxZxeCw== > =6Zsw > -----END PGP SIGNATURE----- > ---------------Output of GPG------------------ > Decryption of block failed > gpg: Signature made Tue 25 Nov 2014 11:21:55 AM CET using RSA key ID 0BFDDF6B > gpg: BAD signature from "Steffen Kaiser " > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHWNNXz1H7kL/d9rAQLnnAf7B2u8IlAG8ayWgsGSOF6JQCYE071r8fvd 3QS5d8kLw59wDocUaRgDDZKflk3AJkpQVb4SNsrTKaESHk9W6vpG9U9LMoQH9Kcg w2R9nr/m5AH7GKx/aZSYpuJYCHZ9uMIv2lMorgUQb8iZdFcSdTa3p/aiDQf/yvjv yEB4W/tXugLZXsP43sEUjjM4yqaYRDM0D1d9GtohaxuZS+VxuZBEPRLD5Wlkh8cj 4NMrvdgPsAAu3jnhpkOkfRnx6mQ6wyPdd7tU0U8QRFtJcae24c7l8jlK785oEREM wCPRfp+HejnQWUzZ2XRjevv58LWa2teQ+U36zutN5Aj2/VTo+U7H+g== =P2I4 -----END PGP SIGNATURE----- From jernej.porenta at arnes.si Thu Nov 27 08:21:05 2014 From: jernej.porenta at arnes.si (Jernej Porenta) Date: Thu, 27 Nov 2014 09:21:05 +0100 Subject: 2.2.15 Panic in mbox_sync_read_next_mail() In-Reply-To: <547598C2.2070808@ee.ethz.ch> References: <20141029130348.GA1682@alf.uib.no> <5458BA9A.7060401@ee.ethz.ch> <20141123165734.GA25503@alf.uib.no> <547598C2.2070808@ee.ethz.ch> Message-ID: <5476DEF1.5020603@arnes.si> On 26/11/14 10:09, Matthias Egger wrote: > Hello Hans > > On 11/23/2014 05:57 PM, Hans Morten Kind wrote: >> On Tue, Nov 04, 2014 at 12:38:02PM +0100, Matthias Egger wrote: >>> Has someone of you just found any kind of solution to this problem? >> >> We have been running some days with patches 31262a892ba7 and 80ed82a93c1a >> from http://hg.dovecot.org/dovecot-2.2/ >> >> They are working fine, handling the previously paniced situations smoothly. >> Thanks again to the folks at dovecot.org! > > Thank you for sharing this. I will give today or tomorrow a look at > these patches. At least at our side, these patches have fixed a large number of segfaults opening mbox files. Thank you Timo and dovecot team!!! cheers, Jernej From rs at sys4.de Thu Nov 27 08:35:15 2014 From: rs at sys4.de (Robert Schetterer) Date: Thu, 27 Nov 2014 09:35:15 +0100 Subject: 2.2.15: SMTP submission server? In-Reply-To: References: <5467DBD3.6020400@tesco.net> <5467FCD7.1010208@thelounge.net> <5468513A.7010109@sys4.de> <5469A284.2020704@tesco.net> <5475EFCC.2090509@lingidiom.com> Message-ID: <5476E243.6060708@sys4.de> Am 27.11.2014 um 08:17 schrieb Steffen Kaiser: > On Wed, 26 Nov 2014, Mark Homoky wrote: >> On 17/11/2014 07:23, Ron Leach wrote: >>> On 16/11/2014 07:24, Robert Schetterer wrote (re-ordered): >>>> Am 16.11.2014 um 02:24 schrieb Reindl Harald: >>> >>> Off topic for Dovecot list, but I might think instead about separate >>> inbound and outbound MTAs to achieve containment of inbound MTA >>> compromise. > > @Ron: This seems to be the most sensible option for your concerns > anyway, but with a well-known MSA. The inbound MTA need not advertise > its existance to the web and, if port 587 is the only one, you could > bann port probes, because few attackers will start with port 587. > >> As Reindl said switch off SASL on port 25 (hence in the SMTP >> conversation following the ehlo line, the client isn't even offered >> AUTH and hence the chance to login to try to relay). > [cut] >> You really can't get stronger mail injection than using the standard >> submission port only accepting AUTH via TLS encrypted connections on >> port 587 > > If both port 25 and port 587 are open on the same server, is there any > statitic about how much attackers probe port 25 before 587 and if > disabling AUTH on port 25 helps at all in that case? at my site, brute force is done on both ports, typical search for weak passwords, so no cure having submission only for mail clients ( but for sure this should be state of art ) but in most cases its like submission/smtpd[27698]: warning: unknown[...]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 this maybe related to have autoconfig/autodiscover up and running for all domains,forgotten and/or missconfigured (typos) on mobile clients etc, so someone may argue this isnt a good idea in case of security Looking to all my servers, over the time, all types of hacking on all ports are done, in case of mail it might be a good idea to have i.e fail2ban etc to cover sasl logins, as alternative you may have a look at https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/ Most advance in having submission seperate ( whatever software ) , is the chance to have other restrictions enabled ( more easy ), typical i.e you do postscreen on port 25 , and may use other policies for older mail clients at submission To be honest, i dont understand discussions about security and upcomming dovecot SMTP submission server as long it has no bugs and same advanced config options i.e like postfix submission, after all everyone is free to use it or not. > > -- Steffen Kaiser Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From h.reindl at thelounge.net Thu Nov 27 09:29:40 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 27 Nov 2014 10:29:40 +0100 Subject: 2.2.15: SMTP submission server? In-Reply-To: References: <5467DBD3.6020400@tesco.net> <5467FCD7.1010208@thelounge.net> <5468513A.7010109@sys4.de> <5469A284.2020704@tesco.net> <5475EFCC.2090509@lingidiom.com> Message-ID: <5476EF04.1020505@thelounge.net> Am 27.11.2014 um 08:17 schrieb Steffen Kaiser: > On Wed, 26 Nov 2014, Mark Homoky wrote: >> On 17/11/2014 07:23, Ron Leach wrote: >>> On 16/11/2014 07:24, Robert Schetterer wrote (re-ordered): >>>> Am 16.11.2014 um 02:24 schrieb Reindl Harald: >>> >>> Off topic for Dovecot list, but I might think instead about separate >>> inbound and outbound MTAs to achieve containment of inbound MTA >>> compromise. > > @Ron: This seems to be the most sensible option for your concerns > anyway, but with a well-known MSA. The inbound MTA need not advertise > its existance to the web and, if port 587 is the only one, you could > bann port probes, because few attackers will start with port 587. > >> As Reindl said switch off SASL on port 25 (hence in the SMTP >> conversation following the ehlo line, the client isn't even offered >> AUTH and hence the chance to login to try to relay). > [cut] >> You really can't get stronger mail injection than using the standard >> submission port only accepting AUTH via TLS encrypted connections on >> port 587 > > If both port 25 and port 587 are open on the same server, is there any > statitic about how much attackers probe port 25 before 587 and if > disabling AUTH on port 25 helps at all in that case? surely, nobody cares about 587 because it's typically only possible with autentication to submit mail and so in no way useable for deliver spam or as open relay that below is from a honeypot network but keep in mind that in case oftry a different port from the same IP "last_port" after testing 25/587 changes to that one mysql> select count(*) from dnsbl where dnsbl_last_port=25; +----------+ | count(*) | +----------+ | 790 | +----------+ 1 row in set (0.00 sec) mysql> select count(*) from dnsbl where dnsbl_last_port=587; +----------+ | count(*) | +----------+ | 2 | +----------+ 1 row in set (0.01 sec) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From martin at stigge.org Thu Nov 27 16:14:03 2014 From: martin at stigge.org (Martin Stigge) Date: Thu, 27 Nov 2014 17:14:03 +0100 Subject: Move mail behavior In-Reply-To: References: <1416841969.11651.2.camel@stigge.org> Message-ID: <1417104843.31682.4.camel@stigge.org> On Wed, 2014-11-26 at 07:31 +0100, Steffen Kaiser wrote: > On Mon, 24 Nov 2014, Martin Stigge wrote: > > > I've recently migrated my IMAP mail setup from a server running an older > > Debian Squeeze with dovecot 1.2.15 to a new Debian Jessie system with > > dovecot 2.2.13. In the old setup, it used to be so that a mail moved > > from a folder to another one was marked as deleted in the originating > > folder (in dovecot 1.2.15). In the new setup, the mail just disappears > > from the originating folder (with dovecot 2.2.13). The mail arrives > > properly in the target folder, so that's fine. But I actually liked the > > old behavior. > After a little more digging I found that dovecot 2.2 implements the IMAP MOVE extension from RFC 6851 which my clients also support. Before that, a copy with delete was used, explaining the different behavior. I also see MOVE announced as a capability, so my clients use it. So, no config issue, just a new feature. Regards, Martin From dovecot at randy.pensive.org Thu Nov 27 19:20:14 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Thu, 27 Nov 2014 11:20:14 -0800 Subject: Unable to see virtual users In-Reply-To: <36D3FB12-DC31-4BA5-912B-C5815D031456@iki.fi> References: <36D3FB12-DC31-4BA5-912B-C5815D031456@iki.fi> Message-ID: I'm still having trouble getting users accepted by postfix + dovecot. I have a few (<10) virtual users configured in a passwd-style file in /etc/dovecot/users. I can verify that dovecot sees those users and can authenticate them using 'doveadm' as well as IMAP. I also have one system user configured via PAM. I can verify that dovecot sees this user and can authenticate using 'doveadm' as well as IMAP. I configured the 'dovecot' service in /etc/postfix/master.cf and set /etc/postfix/main.cf to use it to deliver virtual mail, per the dovecot wiki. I also set the postfix local delivery command to dovecot-lda per the dovecot wiki. I first tried telling postfix to not check local users by setting in /etc/postfix/main.cf: local_recipient_maps = With this setup, mail is received and delivered for the system user, but mail to virtual users is bounced with 'unknown user': postfix/local ... relay=local ... status=bounced (unknown user: "test") So then I tried to tell postfix that it had virtual users by configuring them in /etc/postfix/virtual_users and creating a hash using 'postmap' and then in /etc/postfix/main.cf setting local_recipient_maps = proxy:unix:passwd.byname hash:/etc/postfix/virtual_users $alias_maps This made no difference at all. Mail to virtual users still bounces with 'unknown user' while mail to the system user is delivered. So then I set 'mydestination' to an empty string in /etc/postfix/main.cf and set 'virtual_mailbox_domains' to the string that had been in 'mydestination', and set 'mydestination' to an empty string. With this setup, mail to virtual users is delivered, but mail to the system user bounces with 'unknown user': dovecot: auth: passwd-file(randy): unknown user dovecot: auth: passwd-file(randy at domain): unknown user dovecot: auth-worker(12538): passwd(randy at domain): unknown user postfix/pipe[12548]: ... to=, relay=dovecot ... status=bounced (user unknown) My dovecot config: ---------- # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-39-generic x86_64 Ubuntu 14.04.1 LTS ext4 auth_verbose = yes first_valid_gid = 120 first_valid_uid = 112 log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = mdbox:/local/mnt/mail/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = username_format=%n /etc/dovecot/passwd driver = passwd-file } passdb { args = username_format=%n driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = randy at domain protocols = " imap sieve pop3" ssl_cert = Hi dovecot when I modify SIEVE_DEFAULT_MAX_REDIRECTS = 25 in sieve-file:dovecot-1.2-sieve-0.1.7/src/lib-sieve/sieve-limits.h I found this problem occurs about once a week,I'm not sure if it was caused by modify SIEVE_DEFAULT_MAX_REDIRECTS = 25 , defaulte is SIEVE_DEFAULT_MAX_REDIRECTS = 4: LOG: Nov 25 11:20:12 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Nov 25 11:20:12 auth(default): Error: BUG: Worker sent reply with id 230, expected 231 Nov 25 11:20:12 auth(default): Error: worker-server(lwh at rails.cn,127.0.0.1): Aborted: Worker is buggy dovecot -n: namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: shared/%%u/ location: maildir:%Lh/%Ld/%%n/:INDEX=%Lh/%Ld/%Ln/shared/%%u list: children auth default: mechanisms: plain login default_realm: com user: txmail master_user_separator: * verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: /etc/dovecot.master pass: yes master: yes passdb: driver: dict args: /etc/dovecot-memcached.conf userdb: driver: dict args: /etc/dovecot-memcached.conf socket: type: listen client: path: /var/spool/postfix/dovecot-auth mode: 438 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 438 user: txmail group: txmail plugin: quota_warning: storage=90%% %Lh/bin/dovecot-quota-warning.sh 90 %u quota_warning2: storage=95%% %Lh/bin/dovecot-quota-warning.sh 95 %u acl: vfile acl_shared_dict: file:/%Lh/%Ld/shared-mailboxes.db quota: maildir quota_rule: *:storage=10M expire: * 7 expire_dict: proxy::expire auth_socket_path: /var/run/dovecot/auth-master sieve: /opt/nsmail/data/sieve/%Ld/%Ln/.dovecot.sieve autocreate: trash autosubscribe: trash autocreate2: rubbishs autosubscribe2: rubbishs autocreate3: &XfJT0ZABkK5O9g- autosubscribe3: &XfJT0ZABkK5O9g- autocreate4: &g0l6Pw- autosubscribe4: &g0l6Pw- autocreate5: decrypt dict: expire: mysql:/etc/dovecot-expire.conf THANKS YINGYING From 24x7server at 24x7server.net Fri Nov 28 03:45:41 2014 From: 24x7server at 24x7server.net (Rajesh M) Date: Fri, 28 Nov 2014 09:15:41 +0530 Subject: failed login message Message-ID: thank you for guidance, just to recap the issue was about squirrelmail giving a wrong message : "connection dropped by imap server" instead of "invalid user or password" as advised i connected using command line on both my old and new servers, and have posted the details including the output of dovevcot -n. 1) command prompt login. i put wrong password telnet x.x.x.x 143 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE START TLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] ready. 1 login acc at mydomain.com wrongpass 1 NO [AUTHENTICATIONFAILED] Authentication failed. 2) DOVECOT LOG output CURRENT SERVER Nov 28 08:48:39 imap-login: Info: Disconnected (auth failed, 1 attempts in 72 secs): user= OLD SERVER Nov 28 09:06:08 imap-login: Info: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=120.62.202.70, lip=72.35.76.156 3) DOVECOT CONFIG FILE DETAILS # dovecot -n # 2.2.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.29.2.el6.x86_64 x86_64 CentOS release 6.5 (Final) auth_cache_negative_ttl = 0 auth_cache_size = 32 M auth_cache_ttl = 30 mins auth_mechanisms = plain login digest-md5 cram-md5 default_login_user = vpopmail disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 log_path = /var/log/dovecot.log login_greeting = ready. mail_max_userip_connections = 50 mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = prefix = separator = . type = private } passdb { args = cache_key=%u webmail=127.0.0.1 driver = vpopmail } plugin { quota = maildir:ignore=Trash quota_rule = ?:storage=0 } protocols = imap pop3 service imap-login { client_limit = 256 process_limit = 400 process_min_avail = 12 service_count = 0 vsz_limit = 384 M } service pop3-login { client_limit = 1000 process_limit = 400 process_min_avail = 12 service_count = 0 vsz_limit = 512 M } ssl_cert = thanks for your reply > > i intentionaly put the wrong password and checked the dovecot log and the message i got was > > # tail -f /var/log/dovecot.log | grep "xxx at yyy.com" > Nov 25 08:47:46 imap-login: Info: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, > secured, session= > > but in the squirrelmail login page instead of the message "unknown user or password incorrect" i get the message > > ERROR: Connection dropped by IMAP server. > Query: LOGOUT > > > in my old server where it is working correctly dovecot logs shows the error > > Nov 25 14:46:12 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<"xxx at yyy.com">, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured > > and squirrelmail gives the error : "unknown user or password incorrect" which is correct. > > is there any other place i need to check or some other config file (either squirrelmail or dovecot) that i need to modify > > could you kindly guide me > 1. Please carefully read http://dovecot.org/mailinglists.html 2. Please carefully follow the instructions at http://dovecot.org/mailinglists.html. In your case, post full details for both servers. 3. Try to manually log in to both servers using e.g. telnet in order to see any differences in the way they respond. Something like $ telnet 192.168.9.11 143 Trying 192.168.9.11... Connected to 192.168.9.11. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready. 1 login gedalya 1234 * BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed. 1 NO [PRIVACYREQUIRED] Plaintext authentication disallowed on non-secure (SSL/TLS) connections. 2 logout * BYE Logging out 2 OK Logout completed. Connection closed by foreign host. (that's how it responds in my specific case as I disallow plaintext login) Or if you need TLS (like me): $ openssl s_client -starttls imap -quiet -connect 192.168.9.11:143 depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 . OK Pre-login capabilities listed, post-login capabilities have more. 1 login gedalya 1234 1 NO [AUTHENTICATIONFAILED] Authentication failed. 2 logout * BYE Logging out 2 OK Logout completed. From andrewho at animezone.org Fri Nov 28 05:00:54 2014 From: andrewho at animezone.org (Andrew Ho) Date: Fri, 28 Nov 2014 00:00:54 -0500 Subject: auth(default) :Aborted: Worker is buggy In-Reply-To: <28957a78.1003d.149f4780093.Coremail.liuyingying5496@126.com> References: <28957a78.1003d.149f4780093.Coremail.liuyingying5496@126.com> Message-ID: I don't think you changed the default of the SIEVE_DEFAULT_MAX_REDIRECTS is the problem. The "mode:" is for permission of the auth-userdb socket to lookup the userdb. Why did you set it to "438"? reference: http://wiki2.dovecot.org/LDA -- > On Nov 27, 2014, at 10:35 PM, ??? wrote: > > Hi dovecot > when I modify SIEVE_DEFAULT_MAX_REDIRECTS = 25 in sieve-file:dovecot-1.2-sieve-0.1.7/src/lib-sieve/sieve-limits.h > I found this problem occurs about once a week,I'm not sure if it was caused by modify SIEVE_DEFAULT_MAX_REDIRECTS = 25 , defaulte is SIEVE_DEFAULT_MAX_REDIRECTS = 4: > LOG: > Nov 25 11:20:12 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured > Nov 25 11:20:12 auth(default): Error: BUG: Worker sent reply with id 230, expected 231 > Nov 25 11:20:12 auth(default): Error: worker-server(lwh at rails.cn,127.0.0.1): Aborted: Worker is buggy > dovecot -n: > namespace: > type: private > separator: / > inbox: yes > list: yes > subscriptions: yes > namespace: > type: shared > separator: / > prefix: shared/%%u/ > location: maildir:%Lh/%Ld/%%n/:INDEX=%Lh/%Ld/%Ln/shared/%%u > list: children > auth default: > mechanisms: plain login > default_realm: com > user: txmail > master_user_separator: * > verbose: yes > debug: yes > debug_passwords: yes > passdb: > driver: passwd-file > args: /etc/dovecot.master > pass: yes > master: yes > passdb: > driver: dict > args: /etc/dovecot-memcached.conf > userdb: > driver: dict > args: /etc/dovecot-memcached.conf > socket: > type: listen > client: > path: /var/spool/postfix/dovecot-auth > mode: 438 > user: postfix > group: postfix > master: > path: /var/run/dovecot/auth-master > mode: 438 > user: txmail > group: txmail > plugin: > quota_warning: storage=90%% %Lh/bin/dovecot-quota-warning.sh 90 %u > quota_warning2: storage=95%% %Lh/bin/dovecot-quota-warning.sh 95 %u > acl: vfile > acl_shared_dict: file:/%Lh/%Ld/shared-mailboxes.db > quota: maildir > quota_rule: *:storage=10M > expire: * 7 > expire_dict: proxy::expire > auth_socket_path: /var/run/dovecot/auth-master > sieve: /opt/nsmail/data/sieve/%Ld/%Ln/.dovecot.sieve > autocreate: trash > autosubscribe: trash > autocreate2: rubbishs > autosubscribe2: rubbishs > autocreate3: &XfJT0ZABkK5O9g- > autosubscribe3: &XfJT0ZABkK5O9g- > autocreate4: &g0l6Pw- > autosubscribe4: &g0l6Pw- > autocreate5: decrypt > dict: > expire: mysql:/etc/dovecot-expire.conf > THANKS > YINGYING > > From skdovecot at smail.inf.fh-brs.de Fri Nov 28 07:22:53 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 28 Nov 2014 08:22:53 +0100 (CET) Subject: Unable to see virtual users In-Reply-To: References: <36D3FB12-DC31-4BA5-912B-C5815D031456@iki.fi> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 27 Nov 2014, Randall Gellens wrote: > I'm still having trouble getting users accepted by postfix + dovecot. I suppose in your system + virtual user mix, you should use LMTP: http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP So Dovecot handles the difference itself. > userdb { > args = uid=vmail gid=vmail home=/local/mnt/home/%n > driver = static > } > userdb { > driver = passwd > } The static userdb does hide the passwd userdb, because it hits for all users. You should change the order. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHgiznz1H7kL/d9rAQLiYggAmpHjMckaMLks8kYcxZ0/WSAsamIwO5G9 VnlKVClnQuE7XDZXYYpXYp5aspfUMPy4sOO22tXkFFG5lcrm9B25t24xbEzhiuG0 TB35PbAMO5It69V5VjGrqZciSoB36Oys0/Zy+SXEUJRgPrruvyp/V7N5/ht1BzZ2 7ee+h7xTzLHaHBsQXJ6cHfXIrh3ljKyE8EbrV6xuIVf1fmGPAscVKjgcj9wCuawE 0qRMOCFLlUjd2STcCFF18s/IpWRx9jkEht4adnq2JFvRdk6GTCCVHnH5xl8X2jTf 7c3GbVHxjxrpQsqePxnK/bJznh0WcA5SYNV9kVfKtbMLK7ftdPxaQw== =C8Y0 -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Nov 28 07:29:07 2014 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 28 Nov 2014 08:29:07 +0100 (CET) Subject: failed login message In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 28 Nov 2014, Rajesh M wrote: > just to recap the issue was about squirrelmail giving a wrong message : "connection dropped by imap server" instead of "invalid user or password" > > as advised i connected using command line on both my old and new servers, and have posted the details including the output of dovevcot -n. Is this the OLD or CURRENT server and what about the other one? > 1) command prompt login. i put wrong password > > telnet x.x.x.x 143 > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE START > TLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] ready. > > 1 login acc at mydomain.com wrongpass > > 1 NO [AUTHENTICATIONFAILED] Authentication failed. at this point: Does Dovecot drop the telnet session or is it still open? > 2) DOVECOT LOG output > > CURRENT SERVER > Nov 28 08:48:39 imap-login: Info: Disconnected (auth failed, 1 attempts in 72 secs): user= > > OLD SERVER > Nov 28 09:06:08 imap-login: Info: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=120.62.202.70, lip=72.35.76.156 - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHgkRHz1H7kL/d9rAQJwmwgAr0nuj5FpSyGPzD0aWrU0oFaAVmXtuncH ksgfn4ftBNkwVQM2xxnBua2+5KCawnnr5/ll33K3fJUowm/FWZA60b+qcQrC52/f Gx2UY4qUyTgI9FQOvbVdGn3FJZZTz8p5rTXNhOyveDRNxA0y+j95YGMzh9AiGGKH 53YT7b7hwKFXJYYqMPZ1JnArvJEyBiusBRxy4VzM24Ueunb01xmTSDdYpa6msK34 dUHcUtVw1TIuNrB7lWWesw7sOfuqFusXN+judjnIF+lJRZANIqbQhlttZSpyEq6B wXVUa3lOxG68I1cUV7LiFAitNOidS81FRE1/YPA9Btf2II3btzJASA== =B1Qx -----END PGP SIGNATURE----- From mysql.jorge at decimal.pt Fri Nov 28 16:45:12 2014 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Fri, 28 Nov 2014 16:45:12 -0000 Subject: Offtopic, spam+AV Message-ID: <019d01d00b2a$add8c160$098a4420$@jorge@decimal.pt> Hi guys, In my previous servers I have clamav+spamassassin configured in postfix, but things as, scan only outgoing emails it's not possible. What's the best option for these two filtering now adays? Thanks in advanced, From h.reindl at thelounge.net Fri Nov 28 16:56:52 2014 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 28 Nov 2014 17:56:52 +0100 Subject: Offtopic, spam+AV In-Reply-To: <019d01d00b2a$add8c160$098a4420$@jorge@decimal.pt> References: <019d01d00b2a$add8c160$098a4420$@jorge@decimal.pt> Message-ID: <5478A954.9080709@thelounge.net> Am 28.11.2014 um 17:45 schrieb Jorge Bastos: > In my previous servers I have clamav+spamassassin configured in postfix, but > things as, scan only outgoing emails it's not possible. > > What's the best option for these two filtering now adays? besides that this is the wrong list why should it not be possible? * clamav-milter exists * spamass-milter exists * "-o receive_override_options=no_milters" exists normally you have submission (587) for authenticated mail and MX (25) for inbound mail and both can have their own receive_override_options our MX is a own server delivering already filtered messages to the mailstorage on a different vserver in the LAN via port 10025 the service 10025 is only reachable from one IP (the MX LAN interface) and has "receive_override_options=no_milters" while all other smtpd services in "master.cf" use their own milter setup adjusted for outgoing mail and both machines share a careful maintained bayes-database trained on one machine and deployed with rsync -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From mark at msapiro.net Fri Nov 28 18:31:08 2014 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 28 Nov 2014 10:31:08 -0800 Subject: Dovecot 2.2.15, Panic: file mbox-sync.c: line 152 (mbox_sync_read_next_mail): assertion failed: Message-ID: <5478BF6C.3080804@msapiro.net> The log messages are attached. The core dump is at The server is $ uname -a Linux sbh16.songbird.com 2.6.18-8.1.14.el5 #1 SMP Thu Sep 27 18:58:54 EDT 2007 i686 i686 i386 GNU/Linux -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- Nov 27 08:47:28 sbh16 dovecot: imap(gpc): Error: Next message unexpectedly corrupted in mbox file /www/u/gpc/Mail/list_mgr at 1637732 Nov 27 08:47:28 sbh16 dovecot: imap(gpc): Panic: file mbox-sync.c: line 152 (mbox_sync_read_next_mail): assertion failed: (sync_ctx->input->v_offset != mail_ctx->mail.from_offset || sync_ctx->input->eof) Nov 27 08:47:28 sbh16 dovecot: imap(gpc): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0 [0x17deef] -> /usr/local/lib/dovecot/libdovecot.so.0 [0x17df6d] -> /usr/local/lib/dovecot/libdovecot.so.0 [0x17d48b] -> /usr/local/lib/dovecot/libdovecot-storage.so.0 [0xa3735e] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mbox_sync+0x6b6) [0xa39166] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mbox_storage_sync_init+0x81) [0xa3a3b1] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x40) [0xa57290] -> dovecot/imap(imap_sync_init+0x67) [0x8065157] -> dovecot/imap [0x80546a2] -> dovecot/imap [0x80547d9] -> /usr/local/lib/dovecot/libdovecot-storage.so.0 [0xa7fa61] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handle_timeouts+0xe6) [0x191976] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x97) [0x192d17] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x1e) [0x19184e] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x48) [0x191b08] -> Nov 27 08:47:28 sbh16 dovecot: imap(gpc): Fatal: master: service(imap): child 26450 killed with signal 6 (core dumped) From ecasarero at gmail.com Fri Nov 28 18:37:46 2014 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri, 28 Nov 2014 15:37:46 -0300 Subject: how to start a replication master-master correctly Message-ID: Hi all, I currently have one dovecot 2.2.15 working and I would like to add a second master server. If I configure the second server and enable the dsync in both servers, the sync will copy everything from A to B ? I mean, B server won't remove messages in A as it doesn't have anything in its users mailbox? The second master server will be a cold server just for contingency. Thanks From roms2000 at free.fr Fri Nov 28 18:50:07 2014 From: roms2000 at free.fr (romain) Date: Fri, 28 Nov 2014 19:50:07 +0100 Subject: how to start a replication master-master correctly In-Reply-To: References: Message-ID: <5478C3DF.5010904@free.fr> That is :-) But for dsync to work correctly in 2.2.15, You have to enable empty password for connection from your servers, this is strange ... and this wasn't need in previous version (at least 2.2.12) For example, (and correct me if I'm wrong or if I can disable empty password), add a passdb source : passdb { driver = static args = nopassword=y allow_nets=127.0.0.1/32,local,IP_OF_SERVER_A,IP_OF_SERVER_B } Regards, MARIADASSOU Romain Le 28/11/2014 19:37, Eduardo Casarero a ?crit : > Hi all, I currently have one dovecot 2.2.15 working and I would like to add > a second master server. If I configure the second server and enable the > dsync in both servers, the sync will copy everything from A to B ? I mean, > B server won't remove messages in A as it doesn't have anything in its > users mailbox? > > The second master server will be a cold server just for contingency. > > Thanks From bertrand.caplet at chunkz.net Fri Nov 28 18:55:38 2014 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Fri, 28 Nov 2014 19:55:38 +0100 Subject: how to start a replication master-master correctly In-Reply-To: <5478C3DF.5010904@free.fr> References: <5478C3DF.5010904@free.fr> Message-ID: <5478C52A.8050502@chunkz.net> > That is :-) > > But for dsync to work correctly in 2.2.15, You have to enable empty > password for connection from your servers, this is strange ... and this > wasn't need in previous version (at least 2.2.12) > > For example, (and correct me if I'm wrong or if I can disable empty > password), add a passdb source : > > passdb { > driver = static > args = nopassword=y > allow_nets=127.0.0.1/32,local,IP_OF_SERVER_A,IP_OF_SERVER_B > } > > Regards, > MARIADASSOU Romain >> Thanks Well, it's ok in 2.2.9 for dsync password. Eduardo, if you have debian-based system I suggest you install dovecot from apt Regards, -- CHUNKZ.NET - casual fiddler and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From dovecot at randy.pensive.org Sat Nov 29 02:57:40 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Fri, 28 Nov 2014 18:57:40 -0800 Subject: Unable to see virtual users In-Reply-To: References: <36D3FB12-DC31-4BA5-912B-C5815D031456@iki.fi> Message-ID: Thanks very much; please see in-line for clarification questions. At 8:22 AM +0100 11/28/14, Steffen Kaiser wrote: > On Thu, 27 Nov 2014, Randall Gellens wrote: > >> I'm still having trouble getting users accepted by postfix + dovecot. > > I suppose in your system + virtual user mix, you should use LMTP: > http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP > So Dovecot handles the difference itself. I have postfix set to use dovecot-lda as the delivery agent, which I thought would make postfix let dovecot handle the differences. I also thought if I used LMTP then I can't also use dovecot-lda and Sieve. Can you help me understand? > >> userdb { >> args = uid=vmail gid=vmail home=/local/mnt/home/%n >> driver = static >> } >> userdb { >> driver = passwd >> } > > The static userdb does hide the passwd userdb, because it hits for > all users. You should change the order. What I have in /etc/dovecot/conf.d/10-auth.conf is: ---------- passdb { driver = passwd-file # args = scheme=SHA1 /etc/dovecot/passwd # args = username_format=%n /etc/dovecot/users args = username_format=%n /etc/dovecot/passwd } userdb { driver = static args = uid=vmail gid=vmail home=/local/mnt/home/%n } !include auth-system.conf.ext ---------- What I have in /etc/dovecot/conf.d/auth-system.conf.ext is: ---------- passdb { driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=] # [cache_key=] [] #args = dovecot args = username_format=%n } userdb { # driver = passwd # [blocking=no] #args = # Override fields from passwd #override_fields = home=/home/virtual/%u } ---------- So, in /etc/dovecot/conf.d/10-auth.conf the passwd-file userdb is before the static one, yet 'doveconf -n' reports them the other way around. I think the system user is not in the system /etc/passwd file anyway, the sytem user is verified using PAM. Sorry for being so confused. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- Algol was a great improvement on most of its successors. --C.A.R Hoare From ammdispose-dovecot at yahoo.com Sun Nov 30 03:53:23 2014 From: ammdispose-dovecot at yahoo.com (AMM) Date: Sun, 30 Nov 2014 09:23:23 +0530 Subject: v2.2.15 - make check - Conditional jump or move depends on uninitialised value Message-ID: <547A94B3.5030500@yahoo.com> Hello, I am currently using Dovecot 2.2.10 on Fedora 16 - 64 bit system I had made v2.2.10 Fedora 16 rpm file using spec file from ATrpms. http://dl.atrpms.net/all/dovecot.spec It has been working well from 6 months or so. Today I tried to make v2.2.15 rpm using same spec file. But "make check" is giving following error: fatal_printf_format_fix .............................................. : ok 0 / 190 tests failed ==8834== Conditional jump or move depends on uninitialised value(s) ==8834== at 0x4F7FE99: __strspn_sse42 (in /lib64/libc-2.14.90.so) ==8834== by 0x10FCF1: test_ds_recurse (test-data-stack.c:123) ==8834== by 0x10FCC9: test_ds_recurse (test-data-stack.c:119) ==8834== by 0x10FCC9: test_ds_recurse (test-data-stack.c:119) ==8834== by 0x10FCC9: test_ds_recurse (test-data-stack.c:119) ==8834== by 0x10FCC9: test_ds_recurse (test-data-stack.c:119) ==8834== by 0x10FCC9: test_ds_recurse (test-data-stack.c:119) ==8834== by 0x10FCC9: test_ds_recurse (test-data-stack.c:119) ==8834== by 0x10FCC9: test_ds_recurse (test-data-stack.c:119) ==8834== by 0x10FCC9: test_ds_recurse (test-data-stack.c:119) ==8834== by 0x10FCC9: test_ds_recurse (test-data-stack.c:119) ==8834== by 0x10FCC9: test_ds_recurse (test-data-stack.c:119) ==8834== There are more similar errors after that and then rpmbuild aborts. I already saw that someone reported same error recently: http://dovecot.org/pipermail/dovecot/2014-October/098452.html But I do not know what is the right solution / patch? Can I disable "make check" safely? Its a production server so would not take any risk. Can anyone please tell what should I do? Thanks in advance. AMM From dovecot at randy.pensive.org Sun Nov 30 23:17:32 2014 From: dovecot at randy.pensive.org (Randall Gellens) Date: Sun, 30 Nov 2014 15:17:32 -0800 Subject: Unable to see virtual users In-Reply-To: References: <36D3FB12-DC31-4BA5-912B-C5815D031456@iki.fi> Message-ID: I'm still very confused, but I have finally gotten it to recognize all users. What changed from my previous message is that I deleted the static userdb, and added the system user to the /etc/dovecot/users file (but not to the passdb /etc/dovecot/passwd). Oddly, I had to set uid:gid and homedir for each entry in /etc/dovecot/users even though I have these set to default values ("default_fields = uid=vmail gid=vmail home=/local/mnt/home/%n"). I'm still confused about the static userdb, as well as if I need to configure in /etc/postfix/main.cf both the mailbox_command to use dovecot-lda and the virtual_transport = dovecot service. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- (If you can't hear me, it's because I'm in parentheses) From aaron at rsbuddy.com Sun Nov 30 01:40:09 2014 From: aaron at rsbuddy.com (Aaron Jenkins) Date: Sun, 30 Nov 2014 01:40:09 +0000 Subject: Working with Active Directory on Windows Server 2012 R2 In-Reply-To: References: Message-ID: I?ve fixed the issue by using a slightly different configuration. Particularly the problem was due to mistaking %u (user at domain) vs %n (just user). Here are the configuration files for anyone looking to get it working with Active Directory on 2012 R2 on Dovecot 2.2.9 (or similar, whatever comes with Ubuntu Server 14.10). Note: the uid & guid virtual need to exist (i.e. on Ubuntu, useradd virtual) and the directory /var/vmail must exist and be owned by virtual (referenced in 10-mail.conf and dovecot-ldap.conf.ext). I suspect as well that part of the reason that it is working is that I have UNIX services enabled on AD, which if you?re considering any integration with Linux you have to do anyways, so that must be enabled and configured for each user (which if you?re at this stage you likely know how to do). Attached are the relevant configuration files. Hopefully it will save the unfortunate sysadmin tasked with integrating AD and Dovecot one day. On November 27, 2014 at 12:15:05 AM, Aaron Jenkins (aaron at rsbuddy.com) wrote: I?ve removed the dn / dnpass. When attempting with new user: $ cat /var/log/dovecot-info.log Nov 27 00:09:29 imap-login: Info: Internal login failure (pid=5553 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, mpid=5558, TLS, session= Nov 27 00:09:29 imap-login: Info: Internal login failure (pid=5559 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, mpid=5560, TLS, session= Nov 27 00:09:29 auth: Info: ldap(test.user at a d.automaton.uk,10.211.55.29,): invalid credentials (given password: ThisIsAPass123) Nov 27 00:09:35 auth: Info: ldap(test.user at ad.automaton.uk,10.211.55.29,): invalid credentials (given password: ThisIsAPass123) Nov 27 00:09:37 imap-login: Info: Disconnected (auth failed, 2 attempts in 8 secs): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, TLS, session= $ cat /var/log/dovecot-debug.log Nov 27 00:13:07 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 27 00:13:07 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 27 00:13:07 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libauthdb_ldap.so Nov 27 00:13:07 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Nov 27 00:13:07 auth: Debug: auth client connected (pid=6219) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=/xfdttIIagAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44650 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlcgBUaGlzSXNBUGFzczEyMw== (previous base64 data may contain sensitive data) Nov 27 00:13:07 auth: Debug: client passdb out: OK 1 user=test.user Nov 27 00:13:07 auth: Debug: master in: REQUEST 2256273409 6219 1 a99d65893905abf592245098b369359e session_pid=6223 request_auth_token Nov 27 00:13:07 auth: Debug: ldap(test.user,10.211.55.29,): user search: base=cn=users,dc=ad,dc=automaton,dc=uk scope=subtree filter=(&(name=test.user)(objectClass=person)) fields=homeDirectory,uidNumber,gidNumber Nov 27 00:13:07 auth: Debug: master userdb out: FAIL 2256273409 Nov 27 00:13:07 auth: Debug: auth client connected (pid=6224) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=gn7dttIIawAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44651 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlcgBUaGlzSXNBUGFzczEyMw== (previous base64 data may contain sensitive data) Nov 27 00:13:07 auth: Debug: client passdb out: OK 1 user=test.user Nov 27 00:13:07 auth: Debug: master in: REQUEST 1233256449 6224 1 587c0fc0406dbbdac1ccf4bb6267ff59 session_pid=6225 request_auth_token Nov 27 00:13:07 auth: Debug: ldap(test.user,10.211.55.29,): user search: base=cn=users,dc=ad,dc=automaton,dc=uk scope=subtree filter=(&(name=test.user)(objectClass=person)) fields=homeDirectory,uidNumber,gidNumber Nov 27 00:13:07 auth: Debug: master userdb out: FAIL 1233256449 Nov 27 00:13:07 auth: Debug: auth client connected (pid=6226) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=Ic3dttIIbAAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44652 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlckBhZC5hdXRvbWF0b24udWsAVGhpc0lzQVBhc3MxMjM= (previous base64 data may contain sensitive data) Nov 27 00:13:09 auth: Debug: client passdb out: FAIL 1 user=test.user at ad.automaton.uk Nov 27 00:13:09 auth: Debug: client in: AUTH 2 PLAIN service=imap secured session=Ic3dttIIbAAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44652 resp=AHRlc3QudXNlckBhZC5hdXRvbWF0b24udWsAVGhpc0lzQVBhc3MxMjM= (previous base64 data may contain sensitive data) Nov 27 00:13:15 auth: Debug: client passdb out: FAIL 2 user=test.user at ad.automaton.uk $ ldapsearch -x -H ldap://dc1.ad.automaton.uk -D CN=test.user,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=test.user,CN=users,DC=ad,DC=automaton,DC=uk # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: - # # test.user, Users, ad.automaton.uk dn: CN=test.user,CN=Users,DC=ad,DC=automaton,DC=uk # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 And the password on AD for test.user is 100% ThisIsAPass123. On November 26, 2014 at 12:16:34 AM, Steffen Kaiser (skdovecot at smail.inf.fh-brs.de) wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 26 Nov 2014, Aaron Jenkins wrote: > I?ve attempted the user Mail with the same password with the same result (binding as my own user was a last-ditch attempt). OK, what about the: > As I understand auth_bind_userdn, you do not need > dn/dnpass anyway, because auth_bind_userdn prevents searching for the > user's DN Did you removed the dn/dnpass settings? What about the: > I wonder if the log shows the error from this setting or from the user's > login attempt. Could you try another user? If you login with another user (not aaron.jenkins) to IMAP, which username is listed in the logs then. > > aaron at aaron-Parallels-Virtual-Platform:/etc/sssd$ ldapsearch -x -H ldap://dc1.ad.automaton.uk -D CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: - > # > > # aaron.jenkins, Users, ad.automaton.uk > dn: CN=aaron.jenkins,CN=Users,DC=ad,DC=automaton,DC=uk > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > > Same with the user Mail > > > > On November 25, 2014 at 2:18:26 AM, Steffen Kaiser (skdovecot at smail.inf.fh-brs.de) wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 25 Nov 2014, Aaron Jenkins wrote: > >> I?m having issues getting Dovecot to work with AD on 2012 R2 in a test environment. >> ? >> Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) >> Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 >> Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1 >> Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may contain sensitive data) >> Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp > > Your conf: > auth_bind = yes > dn = aaron.jenkins > dnpass = dummypass1 > auth_bind_userdn = CN=%u,CN=users,DC=ad,DC=automaton,DC=uk > > Can you really succeed a simple auth with the dn aaron.jenkins ? This > ought to be a full DN. As I understand auth_bind_userdn, you do not need > dn/dnpass anyway, because auth_bind_userdn prevents searching for the > user's DN, in which case Dovecot requires a connection before any user > bind takes place. > > I wonder if the log shows the error from this setting or from the user's > login attempt. Could you try another user? > > Can you auth from command line via > > ldapsearch -x -H ldap://dc1.ad.automaton.uk -D \ > CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W \ > - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk > > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVHRYQ3z1H7kL/d9rAQLlKgf9GB2o0/T84E9KykVU/IkoCuLQLfaNeTzg > tI26Puwl1+tHXY+WkJs8uHTsKWaI5Qyh0Fv/6bR3ZSB5QhEkAQSE87WKfSJCe6FX > i1261C5oLSqA8mWYoyPnkeHuHDFKp9YULnfqgBbLzz/7Y63i0dDgaql5stELZSwa > XCzUwrEWdxdzgt8h7mnfG6fHn4xxfLeKCiA5e62afjXux4eCGclcytXOpIgl8z7u > bULhGmxqyYDvjkGXCex/LYtKx+S6zSIMg/8Ior6SrPBy+IK0qUtwPoOssCY4cycd > 4ZRVdvxjmjbHrzQdV/ZJn+jLqSI016l/lzASP7SUptHb8CjwxZxeCw== > =6Zsw > -----END PGP SIGNATURE----- > ---------------Output of GPG------------------ > Decryption of block failed > gpg: Signature made Tue 25 Nov 2014 11:21:55 AM CET using RSA key ID 0BFDDF6B > gpg: BAD signature from "Steffen Kaiser " > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHWNNXz1H7kL/d9rAQLnnAf7B2u8IlAG8ayWgsGSOF6JQCYE071r8fvd 3QS5d8kLw59wDocUaRgDDZKflk3AJkpQVb4SNsrTKaESHk9W6vpG9U9LMoQH9Kcg w2R9nr/m5AH7GKx/aZSYpuJYCHZ9uMIv2lMorgUQb8iZdFcSdTa3p/aiDQf/yvjv yEB4W/tXugLZXsP43sEUjjM4yqaYRDM0D1d9GtohaxuZS+VxuZBEPRLD5Wlkh8cj 4NMrvdgPsAAu3jnhpkOkfRnx6mQ6wyPdd7tU0U8QRFtJcae24c7l8jlK785oEREM wCPRfp+HejnQWUzZ2XRjevv58LWa2teQ+U36zutN5Aj2/VTo+U7H+g== =P2I4 -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-ldap.conf.ext Type: application/octet-stream Size: 6233 bytes Desc: dovecot-ldap.conf.ext URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: auth-ldap.conf.ext Type: application/octet-stream Size: 324 bytes Desc: auth-ldap.conf.ext URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 10-auth.conf Type: application/octet-stream Size: 5133 bytes Desc: 10-auth.conf URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 10-mail.conf Type: application/octet-stream Size: 15775 bytes Desc: 10-mail.conf URL: From soko.tica at gmail.com Wed Nov 26 08:04:04 2014 From: soko.tica at gmail.com (soko.tica) Date: Wed, 26 Nov 2014 09:04:04 +0100 Subject: mail_location maildir:~/Maildir Invalid user settings[SOLVED] Message-ID: Hallo list, I was having quite a hard time configuring dovecot on OpenBSD -current. The problem was default Maildir setting in 10-mail.conf, namely: mail_location maildir:~/Maildir was unable to locate user's home directory. As far as I can remember, it was the correct setting on OpenBSD-current a week or two ago. Once I figured out and changed it to mail_location maildir:/path/to/home/%u/Maildir the problem was solved. Attached are dmesg, maillog and doveconf -n output. -------------- next part -------------- OpenBSD 5.6-current (GENERIC) #525: Wed Nov 19 22:47:44 MST 2014 deraadt at i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC -------------- next part -------------- Nov 26 07:11:01 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:11:01 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:11:01 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:11:01 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:11:01 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:11:01 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:11:01 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:11:01 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:11:01 mail smtpd[9800]: delivery: TempFail for fbf36ef37c9c77b7: from=, to=, user=admin, method=mda, delay=5h40m36s, stat=Error (exited abnormally) Nov 26 07:11:01 mail smtpd[9800]: delivery: TempFail for 4bb3fc1714ae81fc: from=, to=, user=admin, method=mda, delay=5h41m, stat=Error (exited abnormally) Nov 26 07:11:01 mail dovecot: master: Dovecot v2.2.15 starting up for imap, pop3, lmtp Nov 26 07:11:02 mail smtpd[9800]: smtp-in: New session 9b58df7942912f06 from host mail.home.lan [local] Nov 26 07:11:02 mail smtpd[9800]: smtp-in: New session 9b58df7a831a623b from host mail.home.lan [local] Nov 26 07:11:02 mail smtpd[9800]: smtp-in: Accepted message c8316a42 on session 9b58df7942912f06: from=<>, to=, size=10090, ndest=1, proto=ESMTP Nov 26 07:11:02 mail smtpd[9800]: smtp-in: Closing session 9b58df7942912f06 Nov 26 07:11:02 mail smtpd[9800]: smtp-in: Accepted message 8cdef080 on session 9b58df7a831a623b: from=<>, to=, size=2704, ndest=1, proto=ESMTP Nov 26 07:11:02 mail smtpd[9800]: smtp-in: Closing session 9b58df7a831a623b Nov 26 07:11:02 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:11:02 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:11:02 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:11:02 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:11:02 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:11:02 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:11:02 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:11:02 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:11:02 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=0s, stat=Error (exited abnormally) Nov 26 07:11:02 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=0s, stat=Error (exited abnormally) Nov 26 07:11:13 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:11:13 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:11:13 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:11:13 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:11:13 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:11:13 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:11:13 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=11s, stat=Error (exited abnormally) Nov 26 07:11:13 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:11:13 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:11:13 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=11s, stat=Error (exited abnormally) Nov 26 07:11:42 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:11:42 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:11:42 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:11:42 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:11:42 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:11:42 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:11:42 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:11:42 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:11:42 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=40s, stat=Error (exited abnormally) Nov 26 07:11:42 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=40s, stat=Error (exited abnormally) Nov 26 07:12:32 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:12:32 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:12:32 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:12:32 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:12:32 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:12:32 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:12:32 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:12:32 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:12:32 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=1m30s, stat=Error (exited abnormally) Nov 26 07:12:32 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=1m30s, stat=Error (exited abnormally) Nov 26 07:13:42 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:13:42 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:13:42 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:13:42 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:13:42 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:13:42 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:13:42 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:13:42 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:13:42 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=2m40s, stat=Error (exited abnormally) Nov 26 07:13:42 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=2m40s, stat=Error (exited abnormally) Nov 26 07:15:13 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:15:13 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:15:13 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:15:13 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:15:13 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:15:13 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:15:13 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:15:13 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:15:13 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=4m11s, stat=Error (exited abnormally) Nov 26 07:15:13 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=4m11s, stat=Error (exited abnormally) Nov 26 07:17:02 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:17:02 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:17:02 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:17:02 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:17:02 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:17:02 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:17:02 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:17:02 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:17:02 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=6m, stat=Error (exited abnormally) Nov 26 07:17:02 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=6m, stat=Error (exited abnormally) Nov 26 07:19:12 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:19:12 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:19:12 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:19:12 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:19:12 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:19:12 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:19:12 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=8m10s, stat=Error (exited abnormally) Nov 26 07:19:12 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:19:12 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:19:12 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=8m10s, stat=Error (exited abnormally) Nov 26 07:21:42 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:21:42 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:21:42 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:21:42 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:21:42 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:21:42 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:21:42 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:21:42 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:21:42 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=10m40s, stat=Error (exited abnormally) Nov 26 07:21:42 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=10m40s, stat=Error (exited abnormally) Nov 26 07:22:41 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:22:41 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:22:42 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:22:42 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:22:42 mail smtpd[9800]: delivery: TempFail for 4bb3fc1714ae81fc: from=, to=, user=admin, method=mda, delay=5h52m41s, stat=Error (exited abnormally) Nov 26 07:23:05 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:23:05 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:23:05 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:23:05 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:23:05 mail smtpd[9800]: delivery: TempFail for fbf36ef37c9c77b7: from=, to=, user=admin, method=mda, delay=5h52m40s, stat=Error (exited abnormally) Nov 26 07:24:32 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:24:32 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:24:32 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:24:32 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:24:32 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:24:32 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:24:32 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:24:32 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:24:32 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=13m30s, stat=Error (exited abnormally) Nov 26 07:24:32 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=13m30s, stat=Error (exited abnormally) Nov 26 07:27:42 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:27:42 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:27:42 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:27:42 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:27:42 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:27:42 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:27:42 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:27:42 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:27:42 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=16m40s, stat=Error (exited abnormally) Nov 26 07:27:42 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=16m40s, stat=Error (exited abnormally) Nov 26 07:31:12 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:31:12 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:31:12 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:31:12 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:31:12 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=20m10s, stat=Error (exited abnormally) Nov 26 07:31:12 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:31:12 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:31:12 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:31:12 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:31:12 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=20m10s, stat=Error (exited abnormally) Nov 26 07:35:03 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:35:03 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:35:03 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:35:03 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:35:03 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:35:03 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:35:03 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:35:03 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:35:03 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=24m1s, stat=Error (exited abnormally) Nov 26 07:35:03 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=24m1s, stat=Error (exited abnormally) Nov 26 07:38:11 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:38:11 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:38:11 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:38:11 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:38:11 mail smtpd[9800]: delivery: TempFail for 4bb3fc1714ae81fc: from=, to=, user=admin, method=mda, delay=6h8m10s, stat=Error (exited abnormally) Nov 26 07:38:35 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:38:35 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:38:35 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:38:35 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:38:35 mail smtpd[9800]: delivery: TempFail for fbf36ef37c9c77b7: from=, to=, user=admin, method=mda, delay=6h8m10s, stat=Error (exited abnormally) Nov 26 07:39:12 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:39:12 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:39:12 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:39:12 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Nov 26 07:39:12 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:39:12 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Nov 26 07:39:12 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:39:12 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:39:12 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=28m10s, stat=Error (exited abnormally) Nov 26 07:39:12 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=28m10s, stat=Error (exited abnormally) Nov 26 07:40:42 mail dovecot: master: Warning: SIGHUP received - reloading configuration Nov 26 07:40:43 mail dovecot: master: Warning: fd limit (ulimit -n) is lower than required under max. load (512 < 1000), because of default_client_limit Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/home/admin~/Maildir Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/home/admin~/Maildir Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/home/admin~/Maildir Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/home/admin~/Maildir Nov 26 07:41:02 mail dovecot: lda(admin): Debug: maildir++: root=/var/home/admin~/Maildir, index=, indexpvt=, control=, inbox=/var/home/admin~/Maildir, alt= Nov 26 07:41:02 mail dovecot: lda(admin): Debug: maildir++: root=/var/home/admin~/Maildir, index=, indexpvt=, control=, inbox=/var/home/admin~/Maildir, alt= Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace : /var/home/admin~/Maildir doesn't exist yet, using default permissions Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace : Using permissions from /var/home/admin~/Maildir: mode=0700 gid=default Nov 26 07:41:02 mail dovecot: lda(admin): Debug: maildir++: root=/var/home/admin~/Maildir, index=, indexpvt=, control=, inbox=/var/home/admin~/Maildir, alt= Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace : /var/home/admin~/Maildir doesn't exist yet, using default permissions Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace : Using permissions from /var/home/admin~/Maildir: mode=0700 gid=default Nov 26 07:41:02 mail dovecot: lda(admin): Debug: maildir++: root=/var/home/admin~/Maildir, index=, indexpvt=, control=, inbox=/var/home/admin~/Maildir, alt= Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace : /var/home/admin~/Maildir doesn't exist yet, using default permissions Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace : /var/home/admin~/Maildir doesn't exist yet, using default permissions Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace : Using permissions from /var/home/admin~/Maildir: mode=0700 gid=default Nov 26 07:41:02 mail dovecot: lda(admin): Debug: Namespace : Using permissions from /var/home/admin~/Maildir: mode=0700 gid=default Nov 26 07:41:02 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': mkdir(/var/home/admin~/Maildir) failed: Permission denied (euid=1000(admin) egid=1000(admin) missing +w perm: /var/home, dir owned by 0:0 mode=0755) Nov 26 07:41:02 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': mkdir(/var/home/admin~/Maildir) failed: Permission denied (euid=1000(admin) egid=1000(admin) missing +w perm: /var/home, dir owned by 0:0 mode=0755) Nov 26 07:41:02 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:41:02 mail smtpd[9800]: delivery: TempFail for 4bb3fc1714ae81fc: from=, to=, user=admin, method=mda, delay=6h11m1s, stat=Error (exited abnormally) Nov 26 07:41:02 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': mkdir(/var/home/admin~/Maildir) failed: Permission denied (euid=1000(admin) egid=1000(admin) missing +w perm: /var/home, dir owned by 0:0 mode=0755) Nov 26 07:41:02 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:41:02 mail dovecot: lda(admin): Error: user admin: Initialization failed: Namespace '': mkdir(/var/home/admin~/Maildir) failed: Permission denied (euid=1000(admin) egid=1000(admin) missing +w perm: /var/home, dir owned by 0:0 mode=0755) Nov 26 07:41:02 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:41:02 mail smtpd[9800]: delivery: TempFail for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=30m, stat=Error (exited abnormally) Nov 26 07:41:02 mail dovecot: lda(admin): Fatal: Invalid user settings. Refer to server log for more information. Nov 26 07:41:02 mail smtpd[9800]: delivery: TempFail for fbf36ef37c9c77b7: from=, to=, user=admin, method=mda, delay=6h10m37s, stat=Error (exited abnormally) Nov 26 07:41:02 mail smtpd[9800]: delivery: TempFail for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=30m, stat=Error (exited abnormally) Nov 26 07:45:23 mail dovecot: master: Warning: SIGHUP received - reloading configuration Nov 26 07:45:24 mail dovecot: master: Warning: fd limit (ulimit -n) is lower than required under max. load (512 < 1000), because of default_client_limit Nov 26 07:45:27 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:45:27 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:45:27 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/home/admin/Maildir Nov 26 07:45:27 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/home/admin/Maildir Nov 26 07:45:27 mail dovecot: lda(admin): Debug: maildir++: root=/var/home/admin/Maildir, index=, indexpvt=, control=, inbox=/var/home/admin/Maildir, alt= Nov 26 07:45:27 mail dovecot: lda(admin): Debug: maildir++: root=/var/home/admin/Maildir, index=, indexpvt=, control=, inbox=/var/home/admin/Maildir, alt= Nov 26 07:45:27 mail dovecot: lda(admin): Debug: userdb lookup skipped, username taken from passwd lookup for process euid Nov 26 07:45:27 mail dovecot: lda(admin): Debug: userdb lookup skipped, username taken from passwd lookup for process euid Nov 26 07:45:27 mail dovecot: lda(admin): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Nov 26 07:45:27 mail dovecot: lda(admin): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Nov 26 07:45:27 mail dovecot: lda(admin): Debug: Destination address: admin at mail.home.lan (source: user at hostname) Nov 26 07:45:27 mail dovecot: lda(admin): Debug: Destination address: admin at mail.home.lan (source: user at hostname) Nov 26 07:45:27 mail dovecot: lda(admin): msgid=unspecified: saved mail to INBOX Nov 26 07:45:27 mail smtpd[9800]: delivery: Ok for 8cdef080cf1ba84f: from=<>, to=, user=admin, method=mda, delay=34m25s, stat=Delivered Nov 26 07:45:28 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:45:28 mail dovecot: lda(admin): msgid=<14337214018328326006.enqueue at mail.home.lan>: saved mail to INBOX Nov 26 07:45:28 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/home/admin/Maildir Nov 26 07:45:28 mail smtpd[9800]: delivery: Ok for 4bb3fc1714ae81fc: from=, to=, user=admin, method=mda, delay=6h15m27s, stat=Delivered Nov 26 07:45:28 mail dovecot: lda(admin): Debug: maildir++: root=/var/home/admin/Maildir, index=, indexpvt=, control=, inbox=/var/home/admin/Maildir, alt= Nov 26 07:45:28 mail dovecot: lda(admin): Debug: Effective uid=1000, gid=1000, home= Nov 26 07:45:28 mail dovecot: lda(admin): Debug: userdb lookup skipped, username taken from passwd lookup for process euid Nov 26 07:45:28 mail dovecot: lda(admin): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/home/admin/Maildir Nov 26 07:45:28 mail dovecot: lda(admin): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Nov 26 07:45:28 mail dovecot: lda(admin): Debug: maildir++: root=/var/home/admin/Maildir, index=, indexpvt=, control=, inbox=/var/home/admin/Maildir, alt= Nov 26 07:45:28 mail dovecot: lda(admin): Debug: Destination address: admin at mail.home.lan (source: user at hostname) Nov 26 07:45:28 mail dovecot: lda(admin): Debug: userdb lookup skipped, username taken from passwd lookup for process euid Nov 26 07:45:28 mail dovecot: lda(admin): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Nov 26 07:45:28 mail dovecot: lda(admin): msgid=<17580214401781573954.enqueue at mail.home.lan>: saved mail to INBOX Nov 26 07:45:28 mail dovecot: lda(admin): Debug: Destination address: admin at mail.home.lan (source: user at hostname) Nov 26 07:45:28 mail smtpd[9800]: delivery: Ok for fbf36ef37c9c77b7: from=, to=, user=admin, method=mda, delay=6h15m3s, stat=Delivered Nov 26 07:45:28 mail dovecot: lda(admin): msgid=unspecified: saved mail to INBOX Nov 26 07:45:28 mail smtpd[9800]: delivery: Ok for c8316a4287fd0ec0: from=<>, to=, user=admin, method=mda, delay=34m26s, stat=Delivered -------------- next part -------------- # 2.2.15: /etc/dovecot/dovecot.conf # OS: OpenBSD 5.6 i386 ffs auth_debug_passwords = yes auth_socket_path = /var/dovecot/auth-userdb auth_verbose = yes auth_verbose_passwords = yes first_valid_uid = 1000 hostname = mail.home.lan imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = X-Original-To mail_debug = yes mail_full_filesystem_access = yes mail_location = maildir:/var/home/%u/Maildir mmap_disable = yes namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { driver = bsdauth } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh postmaster_address = postmaster at home.lan service auth-worker { user = root } service auth { unix_listener auth-userdb { group = _dovenull mode = 0666 user = _dovenull } } service lmtp { unix_listener lmtp { mode = 0666 } } ssl_cert = I'm getting a very strange error and I'm completely mystified by it. Thank you so much for taking a look! I recently migrated some users from another dovecot server to my own, and the previous admin had the passwords in their database using the SSHA256 scheme in HEX format. All the password hashes are in my database (MySQL) with a {SSHA256.HEX} prefix, and I thought at first that they were working fine, but then I checked my logs and am seeing this: localhost dovecot: auth: Error: password(***@***.***): Unknown scheme SSHA256.HEX.b64 (I have replaced the email address with asterisks) I am completely flabbergasted, as I can't imagine how "SSHA256.HEX.b64" is even coming in to existence as a string. I have triple checked the database and that combination appears nowhere in it. Does anybody have any idea how that is happening? Thanks again. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Unknown-scheme-SSHA256-HEX-b64-tp50803.html Sent from the Dovecot mailing list archive at Nabble.com.