From moiseev at mezonplus.ru Sun Feb 1 08:07:59 2015 From: moiseev at mezonplus.ru (Alexander Moisseev) Date: Sun, 1 Feb 2015 11:07:59 +0300 Subject: [Bug ?] IMAP keywords are not preserved during mailbox conversion Message-ID: <54CDDEDF.9030407@mezonplus.ru> IMAP keywords (Thunderbird Tags) are not preserved during Maildir to mdbox conversion. For mailbox conversion I am using the command: # doveadm -o mail_location=maildir:~/Maildir sync -u user at example.com mdbox:~/mdbox After conversion all Thunderbird Tags are lost. Is it a bug or expected behavior? -- Alexander -------------- next part -------------- # doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: FreeBSD 10.1-RELEASE i386 auth_default_realm = example.com auth_mechanisms = digest-md5 cram-md5 apop plain doveadm_password = XXXXXXXXXXXX first_valid_gid = 1000 first_valid_uid = 1000 lda_mailbox_autosubscribe = yes listen = * mail_attachment_dir = /vmail/attachments mail_gid = vmail mail_home = /vmail/%d/%n mail_location = mdbox:~/mdbox mail_plugins = quota zlib mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / } passdb { args = scheme=plain username_format=%n /usr/local/etc/dovecot/dovecot.auth/%d.passwd driver = passwd-file } plugin { antispam_backend = mailtrain antispam_mail_notspam = learn_ham antispam_mail_sendmail = /usr/local/bin/rspamc antispam_mail_sendmail_args = -h;localhost:11334 antispam_mail_spam = learn_spam antispam_spam = Junk antispam_trash = Trash quota = dict:User quota::file:%h/dovecot-quota quota_rule = *:storage=2G quota_rule2 = Trash:storage=+10%% quota_rule3 = Spam:storage=+20%% quota_status_nouser = DUNNO quota_status_success = DUNNO sieve_after = /usr/local/etc/dovecot/sieve/sieve.after sieve_before = /usr/local/etc/dovecot/sieve/sieve.before sieve_vacation_min_period = 0 zlib_save = gz zlib_save_level = 3 } postmaster_address = postmaster at example.com protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { user = vmail } } service config { unix_listener config { mode = 0600 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { user = postfix } } ssl_cert = References: <201501311940.t0VJeIsm015171@Mail.Linux-Consulting.com> Message-ID: <1547309129.590449.1422827079129.JavaMail.yahoo@mail.yahoo.com> Thanks for your tip regarding the busy network. I am using a one year old Cisco Catalyst 2960S (WS-C2960S-48TD-L) with cat6e cables and my network should not be overloaded as far as I know. My mailbox and mail proxy servers are on two different virtual machines on two different servers. It could be possible that it is something with the virtualization but my other VMs do not have any connection time outs or anything. I will keep on searching on the network side. On Saturday, January 31, 2015 8:40 PM, alvin wrote: hi > I don't know if this is related but I also get quite a few of these error messages: > > Jan 31 14:10:46 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer my interpretation: a) you have a very very bz network ... the other end cannot respond to incoming requests even if your network is NOT bz, eg, no collision blinking on your hubs/switches, you are still having network problems b) if all of your dovecot tests is on one host ... disconnect it from the network and see if dovecot's auth finishes its tasks c) to clean up your network ... - use switches ... not hubs .... even inexpensive netgear switches is good enuff - use good 3-6' cat6e cables ... we'll assume the bldg's wiring is done to bldg specs - my guess, you're probably having cabling problems ) - separate slow devices from faster devices eg. separate printers onto its own network with a switch in between printers and everybody else - separate 10/100 devices from gigE devices ... do not mix them up on the same switch/hub c ya alvin > Jan 31 14:13:20 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer > Jan 31 14:13:20 auth: Warning: auth client 0 disconnected with 2 pending requests: Connection reset by peer > Jan 31 14:13:22 auth: Warning: auth client 0 disconnected with 2 pending requests: EOF > Jan 31 14:13:26 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer > > maybe around 20-30 per day. > From h.reindl at thelounge.net Sun Feb 1 21:48:57 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 01 Feb 2015 22:48:57 +0100 Subject: auth: Error: auth worker: Aborted request: Lookup timed out In-Reply-To: <1547309129.590449.1422827079129.JavaMail.yahoo@mail.yahoo.com> References: <201501311940.t0VJeIsm015171@Mail.Linux-Consulting.com> <1547309129.590449.1422827079129.JavaMail.yahoo@mail.yahoo.com> Message-ID: <54CE9F49.9020101@thelounge.net> Am 01.02.2015 um 22:44 schrieb ML mail: > Thanks for your tip regarding the busy network. > > I am using a one year old Cisco Catalyst 2960S (WS-C2960S-48TD-L) with cat6e cables and my network should not be overloaded as far as I know. My mailbox and mail proxy servers are on two different virtual machines on two different servers. It could be possible that it is something with the virtualization but my other VMs do not have any connection time outs or anything. I will keep on searching on the network side. the busy network tip is nonsense since "Connection reset by peer" means nothing else as it says "the remote client lost connection for whatever reason" and that are most likely *mobile clients* and *bots* Feb 1 20:24:17 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 20:24:46 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 20:25:18 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 20:26:01 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 20:26:45 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 20:27:34 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 20:37:04 mail dovecot: auth: Warning: auth client 0 disconnected with 2 pending requests: Connection reset by peer Feb 1 20:37:57 mail dovecot: auth: Warning: auth client 0 disconnected with 2 pending requests: Connection reset by peer Feb 1 21:26:39 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 21:27:49 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 21:28:33 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 21:28:51 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 21:29:35 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 21:30:19 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 21:31:03 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 21:31:39 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 21:31:47 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 21:32:31 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Feb 1 21:33:53 mail dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer >> I don't know if this is related but I also get quite a few of these error messages: >> >> Jan 31 14:10:46 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer > > my interpretation: > > a) you have a very very bz network ... the other end cannot respond to incoming requests > > even if your network is NOT bz, eg, no collision blinking on your hubs/switches, > you are still having network problems > > b) if all of your dovecot tests is on one host ... disconnect it from the network > and see if dovecot's auth finishes its tasks > > c) to clean up your network ... > - use switches ... not hubs .... even inexpensive netgear switches is good enuff > - use good 3-6' cat6e cables ... we'll assume the bldg's wiring is done to bldg specs > - my guess, you're probably having cabling problems ) > - separate slow devices from faster devices > eg. separate printers onto its own network with a switch > in between printers and everybody else > - separate 10/100 devices from gigE devices ... do not mix them up on the same switch/hub > c ya > alvin > > >> Jan 31 14:13:20 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer >> Jan 31 14:13:20 auth: Warning: auth client 0 disconnected with 2 pending requests: Connection reset by peer >> Jan 31 14:13:22 auth: Warning: auth client 0 disconnected with 2 pending requests: EOF >> Jan 31 14:13:26 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From bourek at thinline.cz Mon Feb 2 00:03:37 2015 From: bourek at thinline.cz (Jiri Bourek) Date: Mon, 02 Feb 2015 01:03:37 +0100 Subject: Domain quota In-Reply-To: <54CB9D27.6060907@yandex.ru> References: <54CB9D27.6060907@yandex.ru> Message-ID: <54CEBED9.2000000@thinline.cz> On 30.1.2015 16:03, Evgeny Basov wrote: > Hello. > > I'm tried to use domain quota: > Search the list archives. Unless something changed in that regard, domain quotas don't work. When you use recalc, domain quota is updated to values which are valid for last mailbox that was recalculated. The way we got domain quota working was using filesystem quotas. Naturally this only works if messages (files) are owned by different system groups (one group per domain) and when you're using maildir storage (otherwise no mail count, just size.) I'm not sure but I think I saw another possible solution mentioned in previous discussions on the topic. Should turn up if you search the archive. From petehodur at gmail.com Mon Feb 2 01:17:28 2015 From: petehodur at gmail.com (Peter Hodur) Date: Mon, 2 Feb 2015 02:17:28 +0100 Subject: managesieve & checkpassword authdb interface Message-ID: Hello, does anybody knows what managesieve addon sets in SERVICE env when autentificating to checkpassword? thanks Pete From stephan at rename-it.nl Mon Feb 2 07:12:39 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 02 Feb 2015 08:12:39 +0100 Subject: managesieve & checkpassword authdb interface In-Reply-To: References: Message-ID: <54CF2367.5040604@rename-it.nl> On 2/2/2015 2:17 AM, Peter Hodur wrote: > Hello, > > does anybody knows what managesieve addon sets in SERVICE env when > autentificating to checkpassword? For authentication purposes "sieve" is used. Regards, Stephan. From stephan at rename-it.nl Mon Feb 2 07:21:01 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 02 Feb 2015 08:21:01 +0100 Subject: Sieve permissions issue following update In-Reply-To: <54C6527C.1010902@kit.edu> References: <548732CB.4070606@blackrosetech.com> <5487351C.7030303@localhost.localdomain.org> <5487528D.6030105@blackrosetech.com> <54A54734.4010805@rename-it.nl> <59183495-00BF-4C02-B56E-E118A50386DF@inoc.net> <54A55E9F.8030905@rename-it.nl> <54A5742A.8040207@rename-it.nl> <54C6527C.1010902@kit.edu> Message-ID: <54CF255D.1060108@rename-it.nl> On 1/26/2015 3:43 PM, Olaf Hopp wrote: > On 01/01/2015 05:22 PM, Stephan Bosch wrote: >> On 1/1/2015 4:17 PM, Robert Blayzor wrote: >>> On Jan 1, 2015, at 9:58 AM, Robert Blayzor >>> wrote: >>>>> Hmm. This smells like a bug. I notice that your modification times of >>>>> the .sieve and .svbin file are exactly the same (that is somewhat >>>>> unusual). I'm looking at a potential bug that would explain your >>>>> problem. >>>>> >>>>> To confirm, could you try running sievec again, so that the .svbin is >>>>> actually newer than the .sieve? >>> >>> If it makes any difference at all... I only see this using >>> "dovecot-lda". If I change my Exim transport to use Dovecot's LMTP, >>> I do not see this problem. >> >> That is odd. >> > > Hi Stephan and Robert, > the same issue here and I'm using Exim with dovecot-lmtp and > not with dovecot-lda. > So it doesn't seem to be a problem of LDA vs. lmtp Do you have the opportunity to test this with the latest Mercurial revision? This adds a bit more debug information on the up-to-date check. Otherwise, you'll need to wait until the next release is done. Regards, Stephan. From skdovecot at smail.inf.fh-brs.de Mon Feb 2 07:34:20 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 2 Feb 2015 08:34:20 +0100 (CET) Subject: LDAP: "unused" & "uid missing" In-Reply-To: <54CBF5D9.4010103@netocean.de> References: <54CBF5D9.4010103@netocean.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 30 Jan 2015, Leander Sch?fer wrote: > Does someone know what this means? It looks to me like it got the UID, yet it > complains ... ? Also, why does it complain about attributes being unused, yet > I use prefetch, so they will be used?! > > > Log: > [...] > dovecot: auth: Debug: > ldap(test at mydomain.tld,192.168.10.233,): result: > mailStorageDirectory=/var/vmail mailUidNumber=2110 mailGidNumber=2110 > mailQuotaStorage=10240 mailQuotaMessages=20; > mailQuotaMessages,mailStorageDirectory,mailUidNumber,mailQuotaStorage,mailGidNumber > unused > > dovecot: auth: Debug: > ldap(test at mydomain.tld,192.168.10.233,): result: > mailStorageDirectory=/var/vmail mailUidNumber=2110 mailGidNumber=2110 > mailQuotaStorage=10240 mailQuotaMessages=20; uid missing > [...] I guess that these are related to the user_attrs. > As mentioned, I use prefetch, so this is how my dovecot/dovecot-ldap.conf.ext > is looking: > > [...] > #user_attrs = mailStorageDirectory=home=%$/%u, > mailStorageDirectory=mail=maildir:%$/%u/maildir, mailUidNumber=uid, > mailGidNumber=gid, mailQuotaStorage=quota_rule=*:storage=%$, > mailQuotaMessages=quota_rule2=*:messages=%$ You have commented out user_attrs, there are lookups that do _not_ follow an auth attempt. Those need this setting. > pass_attrs = uid=user, userPassword=password, > mailStorageDirectory=userdb_home=%$/%u, > mailStorageDirectory=userdb_mail=maildir:%$/%u/maildir, > mailUidNumber=userdb_uid, mailGidNumber=userdb_gid, > mailQuotaStorage=userdb_quota_rule=*:storage=%$, > mailQuotaMessages=userdb_quota_rule2=*:messages=%$ > [...] - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVM8ofHz1H7kL/d9rAQLONwgAhHmj1gDzFmFdE9on+kF5jfGKEHvmV6Na 6ZfGt9vL0ReJqLqS/H4MTkbgtr6K3SHouOy0NfcgSpYgHT+vzsSD0EVUhDeenayE jSgFpOE/0HNt0VHiyN89vLGL4nVQu4lOJr5PXTGjwZ74lFK+9L6aO9MBAm+1G4Z4 bvIQC6Uj5DHLHozfCMEUb5BNm0m3Bm69vTIgYBtvROHxXXP1Lqbba/ZspMPqDnkF KH0gdWDUFUUb0KOMcgNgnHCKrSR3ZdnSBd2QszQ4JkOgny2gKhWLjVU0rMQEinU0 0p9bD5jwpJE7hLS/Tj5M7TJe842DXiu+BBpY5LlhIyQ++ISCVUTGCQ== =E8V2 -----END PGP SIGNATURE----- From christian.binder at freilassing.de Mon Feb 2 08:13:28 2015 From: christian.binder at freilassing.de (Christian Binder Stadt Freilassing) Date: Mon, 2 Feb 2015 09:13:28 +0100 Subject: Uniqueness of dovecot mailbox-guids In-Reply-To: <17447_1422519994_t0T8QX63004644_19be7073210b3a37aa30b79fcaf796b0@egroupware.freilassing.de> Message-ID: <14cb7d0c777c776e35570a8fcf1067c3@egroupware.freilassing.de> Can no one give some adivse on this issue? Thanks Christian From hummel at pasteur.fr Mon Feb 2 16:55:26 2015 From: hummel at pasteur.fr (Thomas HUMMEL) Date: Mon, 2 Feb 2015 17:55:26 +0100 Subject: Master user without pass=yes error Message-ID: <20150202165526.GB7275@parmesan.sis.pasteur.fr> Hello Timo, I just tried the master user feature with a very simple setup (Dovecot v2.2.15) : !include auth-master.conf.ext -> passwd-file passdb !include auth-ldap.conf.ext -> ldap passdb (userdb prefetched) without auth_bind=yes without pass=yes I get this userdb lookup error : dovecot: auth: passwd-file(masteruser,157.99.64.42,master,<4Pgesh0OygCdY0Aq>): Master user logging in as normaluser dovecot: auth: Error: prefetch(normaluser,157.99.64.42,<4Pgesh0OygCdY0Aq>): userdb lookup not possible with only userdb prefetch dovecot: imap: Error: Internal auth failure (client-pid=10449 client-id=1) dovecot: imap-login: Internal login failure (pid=10449 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=157.99.64.42, lip=157.99.64.81, mpid=10570, TLS, session=<4Pgesh0OygCdY0Aq> with pass=yes, it works. Feb 2 17:51:24 langres dovecot: auth: passwd-file(masteruser,157.99.64.42,master,): Master user logging in as normaluser Feb 2 17:51:24 langres dovecot: imap-login: Login: user=, method=PLAIN, rip=157.99.64.42, lip=157.99.64.81, mpid=11647, TLS, session= I dont quite understand why because the documentation states that 'pass=yes' "means that Dovecot verifies that the login user really exists before allowing the master user to log in. Without the setting if a nonexistent login username is given,[...]" Here, 'normaluser' exists in the ldap passdb so, even with pass=no, I'm not supposed to be in the 'nonesxistent login username' case. Can you help ? thanks. -- Thomas Hummel | Institut Pasteur | Groupe Exploitation et Infrastructure From juan at inti.gob.ar Mon Feb 2 17:07:24 2015 From: juan at inti.gob.ar (Juan Bernhard) Date: Mon, 02 Feb 2015 14:07:24 -0300 Subject: quote strings passed to sql Message-ID: <54CFAECC.9030805@inti.gob.ar> Hello list. I'm thinking to migrate the hole user db from system users to mysql. I already did it in a test environment, but something is annoying my OCD... I don't quote the variables username and password sent to the mysql server. I know, the mysql user that dovecot uses only has select rights, but it stills bother me, because its possible to do an useless sql code injection. Is there a way to quote that? Something like exim's quote_mysql? Saludos, Juan. From h.reindl at thelounge.net Mon Feb 2 17:09:29 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 02 Feb 2015 18:09:29 +0100 Subject: quote strings passed to sql In-Reply-To: <54CFAECC.9030805@inti.gob.ar> References: <54CFAECC.9030805@inti.gob.ar> Message-ID: <54CFAF49.6000901@thelounge.net> Am 02.02.2015 um 18:07 schrieb Juan Bernhard: > Hello list. I'm thinking to migrate the hole user db from system users > to mysql. I already did it in a test environment, but something is > annoying my OCD... I don't quote the variables username and password > sent to the mysql server. I know, the mysql user that dovecot uses only > has select rights, but it stills bother me, because its possible to do > an useless sql code injection. > > Is there a way to quote that? Something like exim's quote_mysql? there is not much to quote when dovecot accepts only a limited set of chars at all and otherwise don't send any query auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From juan at inti.gob.ar Mon Feb 2 17:17:09 2015 From: juan at inti.gob.ar (Juan Bernhard) Date: Mon, 02 Feb 2015 14:17:09 -0300 Subject: quote strings passed to sql In-Reply-To: <54CFAF49.6000901@thelounge.net> References: <54CFAECC.9030805@inti.gob.ar> <54CFAF49.6000901@thelounge.net> Message-ID: <54CFB115.2080902@inti.gob.ar> > Am 02.02.2015 um 18:07 schrieb Juan Bernhard: >> Hello list. I'm thinking to migrate the hole user db from system users >> to mysql. I already did it in a test environment, but something is >> annoying my OCD... I don't quote the variables username and password >> sent to the mysql server. I know, the mysql user that dovecot uses only >> has select rights, but it stills bother me, because its possible to do >> an useless sql code injection. >> >> Is there a way to quote that? Something like exim's quote_mysql? > > there is not much to quote when dovecot accepts only a limited set of > chars at all and otherwise don't send any query > > auth_username_chars = > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% > auth_username_translation = > %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz > The password is not subjet to this limitation. Im not an sql expert, i still *think* that there is nothing to worry about... but im not 100% sure. From hummel at pasteur.fr Mon Feb 2 17:22:04 2015 From: hummel at pasteur.fr (Thomas HUMMEL) Date: Mon, 2 Feb 2015 18:22:04 +0100 Subject: Master user without pass=yes error In-Reply-To: <20150202165526.GB7275@parmesan.sis.pasteur.fr> References: <20150202165526.GB7275@parmesan.sis.pasteur.fr> Message-ID: <20150202172204.GF7275@parmesan.sis.pasteur.fr> On Mon, Feb 02, 2015 at 05:55:26PM +0100, Thomas HUMMEL wrote: > I just tried the master user feature with a very simple setup (Dovecot v2.2.15) : Also, the documentation states that : "pass=yes" doesn't work with "LDAP with auth_bind=yes, because both of them require knowing the user's password." This sound strange to me since I thought "auth_bind=yes" purpose was only to verify the user password. So, although I understand the need to have the user password to bind to LDAP as the user himself, I thought userdb attributes (and thus the existence or not of the user, i.e. the purpose of "pass=yes") weren't retrieved with a username/password LDAP bind, even with auth_bind=yes. Thanks. -- Thomas Hummel | Institut Pasteur | Groupe Exploitation et Infrastructure From h.reindl at thelounge.net Mon Feb 2 18:18:47 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 02 Feb 2015 19:18:47 +0100 Subject: quote strings passed to sql In-Reply-To: <54CFB115.2080902@inti.gob.ar> References: <54CFAECC.9030805@inti.gob.ar> <54CFAF49.6000901@thelounge.net> <54CFB115.2080902@inti.gob.ar> Message-ID: <54CFBF87.2050105@thelounge.net> Am 02.02.2015 um 18:17 schrieb Juan Bernhard: >> Am 02.02.2015 um 18:07 schrieb Juan Bernhard: >>> Hello list. I'm thinking to migrate the hole user db from system users >>> to mysql. I already did it in a test environment, but something is >>> annoying my OCD... I don't quote the variables username and password >>> sent to the mysql server. I know, the mysql user that dovecot uses only >>> has select rights, but it stills bother me, because its possible to do >>> an useless sql code injection. >>> >>> Is there a way to quote that? Something like exim's quote_mysql? >> >> there is not much to quote when dovecot accepts only a limited set of >> chars at all and otherwise don't send any query >> >> auth_username_chars = >> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% >> auth_username_translation = >> %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz >> > The password is not subjet to this limitation. Im not an sql expert, i > still *think* that there is nothing to worry about... but im not 100% sure did you *test* it or do you just assume? who say something like "quote_mysql" is needed at all? postfix also don't need such a function http://www.postfix.org/mysql_table.5.html SELECT [select_field] FROM [table] WHERE [where_field] = '%s' [additional_conditions] The '%s' in the WHERE clause expands to the escaped search string. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From g.danti at assyoma.it Mon Feb 2 22:08:50 2015 From: g.danti at assyoma.it (Gionatan Danti) Date: Mon, 02 Feb 2015 23:08:50 +0100 Subject: Per-protocol =?UTF-8?Q?ssl=5Fprotocols=20settings?= Message-ID: <1929fe96ab73867a7c87aa3a0042d56f@assyoma.it> Hi all, I have a question regarding the "ssl_protocols" parameter. I understand that editing the 10-ssl.conf file I can set the ssl_protocols variable as required. At the same time, I can edit a single protocol file (eg: 20-pop3.conf) to set the ssl_protocols for a specific protocol/listener. I wander if (and how) I can create a different listener for another POP3 instance, for example listening on port 10995, and using another ssl_protocol setting. In short, I would like to create a different, firewalled pop3s service enabling the SSLv3 stack, while disabling it at system-wide settings. I am able to successfully create a new listener for port 10995, but I don't understand how to associate the ssl_protocols value to the new listener. Simply putting the ssl_protocols value into the listener section give me a configuration error. Thank you all. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti at assyoma.it - info at assyoma.it GPG public key ID: FF5F32A8 From skdovecot at smail.inf.fh-brs.de Tue Feb 3 07:20:27 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 3 Feb 2015 08:20:27 +0100 (CET) Subject: quote strings passed to sql In-Reply-To: <54CFAECC.9030805@inti.gob.ar> References: <54CFAECC.9030805@inti.gob.ar> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 2 Feb 2015, Juan Bernhard wrote: > Hello list. I'm thinking to migrate the hole user db from system users > to mysql. I already did it in a test environment, but something is > annoying my OCD... I don't quote the variables username and password > sent to the mysql server. I know, the mysql user that dovecot uses only > has select rights, but it stills bother me, because its possible to do > an useless sql code injection. > > Is there a way to quote that? Something like exim's quote_mysql? http://dovecot.org/list/dovecot/2006-November/017610.html - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNB2u3z1H7kL/d9rAQLlRgf9F8Uxvw1aF9eDTdjdhFtlst8rFADqQGlc 8X3v0GhTXMlTMzyzH3upATYgW9LV/okwX5WgS1ns/aVlna6s54vOLxUIbBA+Wqo1 ATIMQh5akOWa1ppAw3hV/1X4Lwn4joV6vRlMP2I8SW7RoxST7s1rywIq2YFbYD/f rl6zS5j/3vayeUu9JgCxuRZiD5kQnfLL0OhUIczB7P+K8933qZhZa6TFdUiZk1nl +gJk9chVgAJ4I3RDlOe3/ULK1Sx1QOTht7uuxgZEM//XXBBkL2foPgyKZ9dnXK6B javG7kq60Zzt+qRl4CcEnC7gdbYoEhVm2gYwpwWtFQCKYtE14pTnPw== =QCC5 -----END PGP SIGNATURE----- From hummel at pasteur.fr Tue Feb 3 10:23:22 2015 From: hummel at pasteur.fr (Thomas HUMMEL) Date: Tue, 3 Feb 2015 11:23:22 +0100 Subject: Master user without pass=yes error In-Reply-To: <20150202165526.GB7275@parmesan.sis.pasteur.fr> References: <20150202165526.GB7275@parmesan.sis.pasteur.fr> Message-ID: <20150203102322.GB13322@parmesan.sis.pasteur.fr> On Mon, Feb 02, 2015 at 05:55:26PM +0100, Thomas HUMMEL wrote: > Hello Timo, Hello again. I'll try to answer my own question myself ;-) I think my problem was that "pass=yes" just becomes _mandatory_ when using _only one_ and _prefetched_ userdb because retrieving the normal user userdb attributes then becomes a "side effect" of the "pass=yes" behavior : My understanding now is that, even with master user : . a userdb still has to be done for the normal user and . since my (ldap) userdb is (ldap) passdb-prefetched (and the only userdb), it can only be searched if somehow an (ldap) passdb search is performed -> with pass=no, dovecot does not try to check the existence of the normal user in the normal (ldap) passdb : so the normal user userdb attributes are never retrieved (because of the prefetch nature of this userdb) -> with pass=yes, dovecot performs an (ldap) passdb lookup to check the existence of the user and prefetches the normal user userdb attributes (side effect), allowing the master user to retrieve the normal user mailbox. Am I correct ? Thanks -- Thomas Hummel | Institut Pasteur | Groupe Exploitation et Infrastructure From Ron at Cleven.com Tue Feb 3 14:35:58 2015 From: Ron at Cleven.com (Ron Cleven) Date: Tue, 03 Feb 2015 08:35:58 -0600 (CST) Subject: Hitting wall at 2048 IMAP connections Message-ID: <54D0DCDD.4010102@Cleven.com> We are gradually rolling out Dovecot (IMAP only, no POP3) to our customer base. We are replicating between a pair of CentOS 7 boxes. All has been working wonderfully. However, to be sure our rollout continues to go smoothly, we put together a simple benchmark client program to fire up X persistent IMAP connections (using hundreds of mailboxes) that login, list the folders, select the INBOX, periodically FETCH an email from the INBOX, and otherwise sit in an IDLE loop. As long as we keep the number of concurrent IMAP connections under 2k, everything works fine. 2,000 processes generate a minimal load on the server. However, 2048 is a "hard limit" for number of IMAP processes on a box the way things are configured right now. The number (2048) is a bit too magical to be anything but a misconfiguration of either some kernel limit or a dovecot configuration limit. I have been unable to figure out where else to look. I have pasted in my dovecot config below along with the kernel setting for max_user_instances. Hoping someone can tell me what stupid mistake I have made or what else to check. Just an aside, we front-end this with a separate set of proxy servers that provide an SSL front-end, hence, no SSL in the dovecot config. /proc/sys/fs/inotify/max_user_instances = 4096 # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.13.1.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Cor e) auth_master_user_separator = * auth_mechanisms = plain login default_internal_user = sysadm default_login_user = sysadm default_vsz_limit = 512 M disable_plaintext_auth = no doveadm_password = ************** doveadm_port = 12345 imap_max_line_length = 128 k listen = * mail_gid = 2001 mail_location = maildir:~/Maildir mail_plugins = notify replication mail_uid = 2001 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=PLAIN /z/imap/usr/master-users driver = passwd-file master = yes pass = yes } passdb { args = scheme=PLAIN username_format=%u /z/imap/usr/users driver = passwd-file } plugin { mail_replica = tcp:imap0s sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 1M } protocols = imap pop3 sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = sysadm } unix_listener replication-notify { mode = 0666 user = sysadm } } service auth { unix_listener auth-userdb { mode = 0777 } } service doveadm { inet_listener { port = 12345 } user = sysadm } service imap { process_limit = 4096 } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { process_limit = 4096 } service replicator { process_min_avail = 1 } ssl = no userdb { args = username_format=%u /z/imap/usr/users driver = passwd-file } protocol lda { mail_plugins = sieve notify replication } protocol imap { mail_max_userip_connections = 40 } protocol sieve { managesieve_max_line_length = 65536 } From skdovecot at smail.inf.fh-brs.de Tue Feb 3 14:59:04 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 3 Feb 2015 15:59:04 +0100 (CET) Subject: Hitting wall at 2048 IMAP connections In-Reply-To: <54D0DCDD.4010102@Cleven.com> References: <54D0DCDD.4010102@Cleven.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 3 Feb 2015, Ron Cleven wrote: > We are gradually rolling out Dovecot (IMAP only, no POP3) to our customer > base. We are replicating between a pair of CentOS 7 boxes. All has been > working wonderfully. However, to be sure our rollout continues to go > smoothly, we put together a simple benchmark client program to fire up X > persistent IMAP connections (using hundreds of mailboxes) that login, list > the folders, select the INBOX, periodically FETCH an email from the INBOX, > and otherwise sit in an IDLE loop. As long as we keep the number of > concurrent IMAP connections under 2k, everything works fine. 2,000 processes > generate a minimal load on the server. However, 2048 is a "hard limit" for > number of IMAP processes on a box the way things are configured right now. > The number (2048) is a bit too magical to be anything but a misconfiguration > of either some kernel limit or a dovecot configuration limit. I have been > unable to figure out where else to look. I have pasted in my dovecot config > below along with the kernel setting for max_user_instances. > > Hoping someone can tell me what stupid mistake I have made or what else to > check. > > Just an aside, we front-end this with a separate set of proxy servers that > provide an SSL front-end, hence, no SSL in the dovecot config. > > /proc/sys/fs/inotify/max_user_instances = 4096 Do you use virtual users? Then this setting is way too low. There should be entries in kernel log or Dovecot. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNDiOHz1H7kL/d9rAQKbjwf+IhLHWBSM7I/G9A5I/RmlpcvbClYdYDlk BrSPaUnKkNFC1Gxm5vzNNnQc1lBlpfhUT+BEQbeB2kUkM2khH4pOt5BJarRYrq8o BjcMrkqIUJuYa/kzPgXpgonhywXWCww5AAA2j2w0I/sjPcoxFcEHrPluPq3CasWx VnB5Y9OLzVeALbuGlmC+/hc+K4SJWdL314hGxC5RTNdTY4bHusF/cUJzv63At3fZ V7ahL77+QQ8elMCmRHFXiT2pCHzx6qw54ZUA6hIDt5VPgsMhrBaF8pwr2LIIHhsz 6VwvMvj5A+N8XH3z2QUVa36V5YvQrYoHVqaO/n+5E/LymcvBXx92QA== =1IfD -----END PGP SIGNATURE----- From bluewind at xinu.at Tue Feb 3 15:25:41 2015 From: bluewind at xinu.at (Florian Pritz) Date: Tue, 03 Feb 2015 16:25:41 +0100 Subject: Hitting wall at 2048 IMAP connections In-Reply-To: <54D0DCDD.4010102@Cleven.com> References: <54D0DCDD.4010102@Cleven.com> Message-ID: <54D0E875.1050600@xinu.at> On 03.02.2015 15:35, Ron Cleven wrote: > /proc/sys/fs/inotify/max_user_instances = 4096 Maybe you are hitting some file descriptor limit (kernel or ulimit)? This could help: https://unix.stackexchange.com/questions/36841/why-is-number-of-open-files-limited-in-linux -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From bourek at thinline.cz Tue Feb 3 18:25:50 2015 From: bourek at thinline.cz (Jiri Bourek) Date: Tue, 03 Feb 2015 19:25:50 +0100 Subject: Hitting wall at 2048 IMAP connections In-Reply-To: <54D0DCDD.4010102@Cleven.com> References: <54D0DCDD.4010102@Cleven.com> Message-ID: <54D112AE.2090304@thinline.cz> On 02/03/2015 03:35 PM, Ron Cleven wrote: > We are gradually rolling out Dovecot (IMAP only, no POP3) to our > customer base. We are replicating between a pair of CentOS 7 boxes. All > has been working wonderfully. However, to be sure our rollout continues > to go smoothly, we put together a simple benchmark client program to > fire up X persistent IMAP connections (using hundreds of mailboxes) that > login, list the folders, select the INBOX, periodically FETCH an email > from the INBOX, and otherwise sit in an IDLE loop. As long as we keep > the number of concurrent IMAP connections under 2k, everything works > fine. 2,000 processes generate a minimal load on the server. However, > 2048 is a "hard limit" for number of IMAP processes on a box the way > things are configured right now. The number (2048) is a bit too magical > to be anything but a misconfiguration of either some kernel limit or a > dovecot configuration limit. I have been unable to figure out where > else to look. I have pasted in my dovecot config below along with the > kernel setting for max_user_instances. > > Hoping someone can tell me what stupid mistake I have made or what else > to check. > > Just an aside, we front-end this with a separate set of proxy servers > that provide an SSL front-end, hence, no SSL in the dovecot config. > You didn't mention but did you try checking process_limit and client_limit for various Dovecot services in the output of doveconf | less ? If I remember correctly, as long as imap process lives, it is a client of anvil process. When anvil reaches it's maximum, it's no longer possible to run more imap processes and therefore no longer possible to connect more clients. I think I hit some similar problem in the past, but in my case Dovecot complained during startup and warned that anvil's client_limit is too low compared to imap process_limit and that it could lead to problems. So I just increased the limit and was done with it. That said, this was some time ago so process and setting names can be completely wrong. Hope someone more knowledgeable corrects me in that case From listas at adminlinux.com.br Tue Feb 3 20:30:40 2015 From: listas at adminlinux.com.br (Listas@Adminlinux) Date: Tue, 03 Feb 2015 18:30:40 -0200 Subject: Upstart script for Poolmon In-Reply-To: <54CBAA35.3090207@adminlinux.com.br> References: <54CBAA35.3090207@adminlinux.com.br> Message-ID: <54D12FF0.10200@adminlinux.com.br> If any of you need, this worked for me: root at director-server:~# cat /etc/init/poolmon.conf # Starts the poolmon daemon # # Description: # Poolmon is a director mailserver pool monitoring script for Dovecot, meant # toroughly duplicate the functionality of node health monitors on dedicated # loadbalancers like LVS or F5 BigIP LTM. This script can be safely run on more # than one director host simultaneously, although differences in node # reachability may result in mailserver vhost count flapping. # # processname: poolmon # pidfile: /var/run/poolmon.pid # logfile: /var/log/poolmon.log start on runlevel [2345] stop on runlevel [!2345] respawn expect fork env CMD='/usr/local/sbin/poolmon' env DIRECTOR_SOCKET='/var/run/dovecot_director/director-admin' env DEBUG='--debug' env INTERVAL=5 pre-start script test -x /usr/local/sbin/poolmon || { stop ; exit 0; } end script script exec $CMD --socket=$DIRECTOR_SOCKET $DEBUG --interval=$INTERVAL end script Thanks! -- Thiago Henrique Em 30-01-2015 13:58, Listas at Adminlinux escreveu: > Hi > > My servers are Ubuntu 14.04 and I'm needing to make a Upstart script for > Poolmon. > > Does someone already made this and could to share with us ? > > Thanks! > -- > Thiago henrique From guettliml at thomas-guettler.de Wed Feb 4 06:01:14 2015 From: guettliml at thomas-guettler.de (=?UTF-8?B?VGhvbWFzIEfDvHR0bGVy?=) Date: Wed, 04 Feb 2015 07:01:14 +0100 Subject: Resubmission after N days Message-ID: <54D1B5AA.10303@thomas-guettler.de> Hi, I would like to implement a 43Folder system[1] with dovecot and a mail user agent. Use case: - I have a new mail in my inbox. I read it and see that I can't handle it now. I want to handle this mail in 5 days. - Now I want to have some sort of resubmission: the mail should be moved to a different location for these 5 days. - After 5 days the mail should be moved to my inbox again. How can this be done with Dovecot/IMAP? I have programming experience, but I am new to Dovecot/IMAP. I would like solve this with Dovecot only (without a database or web server). Does the IMAP protocol over methods which could help? [1] 43Folder https://en.wikipedia.org/wiki/Tickler_file -- http://www.thomas-guettler.de/ From andre.peters at debinux.de Wed Feb 4 06:26:07 2015 From: andre.peters at debinux.de (=?utf-8?B?QW5kcsOpIFBldGVycw==?=) Date: Wed, 04 Feb 2015 06:26:07 +0000 Subject: AW: Resubmission after N days In-Reply-To: <54D1B5AA.10303@thomas-guettler.de> References: <54D1B5AA.10303@thomas-guettler.de> Message-ID: <992be1f53af86fff9b089c2c4a9148e2@sogo.debinux.de> Hi, Sounds to me like it can be implemented using sieve. Something like "if is in inbox & is read & is older than n days; then mark as unread". But this means you need to redeliever this mail somehow. Maybe like this: http://serverfault.com/questions/418681/run-sieve-on-maildir (http://serverfault.com/questions/418681/run-sieve-on-maildir) Regards Andr? Am Mi., Febr. 4, 2015 07:02 schrieb Thomas G?ttler : Hi, I would like to implement a 43Folder system[1] with dovecot and a mail user agent. Use case: - I have a new mail in my inbox. I read it and see that I can't handle it now. I want to handle this mail in 5 days. - Now I want to have some sort of resubmission: the mail should be moved to a different location for these 5 days. - After 5 days the mail should be moved to my inbox again. How can this be done with Dovecot/IMAP? I have programming experience, but I am new to Dovecot/IMAP. I would like solve this with Dovecot only (without a database or web server). Does the IMAP protocol over methods which could help? [1] 43Folder https://en.wikipedia.org/wiki/Tickler_file (https://en.wikipedia.org/wiki/Tickler_file) -- http://www.thomas-guettler.de/ (http://www.thomas-guettler.de/) From skdovecot at smail.inf.fh-brs.de Wed Feb 4 06:49:43 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 4 Feb 2015 07:49:43 +0100 (CET) Subject: Resubmission after N days In-Reply-To: <54D1B5AA.10303@thomas-guettler.de> References: <54D1B5AA.10303@thomas-guettler.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 4 Feb 2015, Thomas G?ttler wrote: > I would like to implement a 43Folder system[1] with dovecot and a mail user agent. > > Use case: > > - I have a new mail in my inbox. I read it and see that I can't handle it now. I want to handle this mail in 5 days. > - Now I want to have some sort of resubmission: the mail should be moved to a different location for these 5 days. > - After 5 days the mail should be moved to my inbox again. What mail storage are you using? With Maildir all messages are plain files, you could move those messages into a specific folder and do: find /path/to/folder -mtime +$days -print0 | \ xargs -r0 mv -t /path/to/INBOX/new In my experience you can keep all attributes, keywords etc.pp. on the filename. Depending on how you read your messages, your target directory could be "cur" instead of "new". > How can this be done with Dovecot/IMAP? > > I have programming experience, but I am new to Dovecot/IMAP. So, with Maildir and the normal Unix commands (or a script language), that should be easy. > I would like solve this with Dovecot only (without a database or web server). If you use another storage or some other tagging scheme, see doveadm . With that command you can search for messages and move them, please search the list for examples. > Does the IMAP protocol over methods which could help? Hm, you could use the meta data plugin or even keywords (aka labels), in order to store the "tags" per message, but I would use normal folders. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNHBB3z1H7kL/d9rAQK86gf6AjQ5WRCXtjlAq4IQRU7EqE3eC8pS2wH2 aoryBcRvaClg3L4vt2RTMtgfglVGAJM9F8pK6+t8d9TyCZ0DbAEEE7kjf6tdD4G+ GTaXLmruZ1V7hyipipeAxUmiX6l2adfPUshJDrEE1xTd/XgtsCi2yXqge9ugxgIo qH5HuXjVIp5X1IIc33yQXTvqrnyspdD4LVBpSgwG5WRUFdhiROCGxjJ6iTyCLdts PB0XJaGHq5a8r1FfVTyd31zKQqebhTUCpn/gre3cABHvkBh7H3PQvXeI92QwLa4w r5jnCyq5MO/dfwHdUn2SPJlpYaLcHhL2oFw0csXzDe3ZeMFYECnl3A== =1JaM -----END PGP SIGNATURE----- From mail at oliwel.de Wed Feb 4 07:00:54 2015 From: mail at oliwel.de (Oliver Welter) Date: Wed, 04 Feb 2015 08:00:54 +0100 Subject: Corruption of index files In-Reply-To: <54C4D755.7090602@oliwel.de> References: <54BF9A79.8040702@oliwel.de> <54C425BA.30508@oliwel.de> <20150125114108.GA26116@dimos.andreasschulze.de> <54C4D755.7090602@oliwel.de> Message-ID: <54D1C3A6.60207@oliwel.de> Am 25.01.2015 um 12:45 schrieb Oliver Welter: > Hi Andreas, > > Am 25.01.2015 um 12:41 schrieb Andreas Schulze: >> Oliver Welter: >>>> after upgrading my mail server (dovecot 1.1.7 -> 2.2.13) I get tons of >>>> messages about corrupted index files in the syslog ("Error: Corrupted >>>> transaction log" and "Warning: fscking index file .. dovecot.index". >>>> >>> Some more debugging - I did a "fuser" on a broken dovecot.index file >>> and see a lot of stale file handles, looks like something is not >>> cleaning up. Any ideas are still welcome.... >> >> if your using classic maildir format I would try to completly remove >> any dovecot index files. >> >> my guess: the existing index files are /so old/ >> dovecot is unable to repair them in a propper way. > > I already removed them (when they broke) but the problem comes up again > - it seems to be an issue with concurrent mailbox access and locking but > I am unable to track it down further. It would be helpful to know what > changed in the handling of locks/indexes from 1.1 to 2.2.... > As Follow-Up for archive readers - I dont know what the root cause was, but moving the maildirs from overlayfs to a dedicated non-overlayfs partition solved the problem. Oliver -- Protect your environment - close windows and adopt a penguin! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4074 bytes Desc: S/MIME Cryptographic Signature URL: From skdovecot at smail.inf.fh-brs.de Wed Feb 4 07:16:54 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 4 Feb 2015 08:16:54 +0100 (CET) Subject: Resubmission after N days In-Reply-To: References: <54D1B5AA.10303@thomas-guettler.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 4 Feb 2015, Steffen Kaiser wrote: > On Wed, 4 Feb 2015, Thomas G?ttler wrote: > >> I would like to implement a 43Folder system[1] with dovecot and a mail user >> agent. >> >> Use case: >> >> - I have a new mail in my inbox. I read it and see that I can't handle it >> now. I want to handle this mail in 5 days. >> - Now I want to have some sort of resubmission: the mail should be moved to >> a different location for these 5 days. >> - After 5 days the mail should be moved to my inbox again. > > What mail storage are you using? With Maildir all messages are plain > files, you could move those messages into a specific folder and do: > > find /path/to/folder -mtime +$days -print0 | \ > xargs -r0 mv -t /path/to/INBOX/new > > In my experience you can keep all attributes, keywords etc.pp. on the > filename. Depending on how you read your messages, your target directory > could be "cur" instead of "new". > >> How can this be done with Dovecot/IMAP? >> >> I have programming experience, but I am new to Dovecot/IMAP. > > So, with Maildir and the normal Unix commands (or a script language), that > should be easy. > >> I would like solve this with Dovecot only (without a database or web >> server). > > If you use another storage or some other tagging scheme, see doveadm . > With that command you can search for messages and move them, please search > the list for examples. > >> Does the IMAP protocol over methods which could help? > > Hm, you could use the meta data plugin or even keywords (aka labels), in > order to store the "tags" per message, but I would use normal folders. I've read the wiki page more closely, if you really store the messages "to be filed according to the future date on which each document needs action", say "to-do.2015-02-28", you can use doveadm mailbox to get the mailbox names and doveadm move to move the messages to the INBOX, probably delete empty mailboxes. (Note: the German useage of "mailbox" is different than in English, it's a false friend.) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNHHZnz1H7kL/d9rAQI/OAf9EzXkj67AbCwHpHZ2RTxghikHa0YCNRAX eT5ew/R1cjhjCrt3YFJl4P05j9FBVbwkvodgVWPNl/pP2eDse54hIuT0K+mXsiE3 21h1nLQFANXM5QBAyHFbAlq8juZi1OAeZ/EOfqb5cpkVEziHAsz33ovW9V3KzyYA hYDIwfjLHZfWEwHTlg6in7YxxsAZsirs75kYGENzNWckR/rVd4AonOQS7/O4/zny Bvo//GNB+DrSqpEggzr2BJxKK/R1T91wBhKhOlU8KYvaNNwoA7X4O8YveBXR0qvP aDqeP87xCrBqKBgdbg+eLadCgfgA7qK9IeNCmAzH1JqcpGPhy2+BMg== =9HJX -----END PGP SIGNATURE----- From dovecot at randy.pensive.org Wed Feb 4 07:35:13 2015 From: dovecot at randy.pensive.org (Randall Gellens) Date: Tue, 3 Feb 2015 23:35:13 -0800 Subject: AW: Resubmission after N days In-Reply-To: <992be1f53af86fff9b089c2c4a9148e2@sogo.debinux.de> References: <54D1B5AA.10303@thomas-guettler.de> <992be1f53af86fff9b089c2c4a9148e2@sogo.debinux.de> Message-ID: Is there an extension to allow Sieve to reprocess messages? Normally, Sieve is executed as new messages arrive. Once the message is filed or rejected, Sieve is done and won't get called again on the same message. Now, you could have some other external script that checked periodically for the attributes. Or you could just have your client mark it unread. Sent from my iPad > On Feb 3, 2015, at 10:26 PM, "Andr? Peters" wrote: > > Hi, > Sounds to me like it can be implemented using sieve. > Something like "if is in inbox & is read & is older than n days; then mark as unread". > But this means you need to redeliever this mail somehow. Maybe like this: http://serverfault.com/questions/418681/run-sieve-on-maildir (http://serverfault.com/questions/418681/run-sieve-on-maildir) > Regards > > Andr? > Am Mi., Febr. 4, 2015 07:02 schrieb Thomas G?ttler : > Hi, > > I would like to implement a 43Folder system[1] with dovecot and a mail user agent. > > Use case: > > - I have a new mail in my inbox. I read it and see that I can't handle it now. I want to handle this mail in 5 days. > - Now I want to have some sort of resubmission: the mail should be moved to a different location for these 5 days. > - After 5 days the mail should be moved to my inbox again. > > How can this be done with Dovecot/IMAP? > > I have programming experience, but I am new to Dovecot/IMAP. > > I would like solve this with Dovecot only (without a database or web server). > > Does the IMAP protocol over methods which could help? > > [1] 43Folder https://en.wikipedia.org/wiki/Tickler_file (https://en.wikipedia.org/wiki/Tickler_file) > > -- > http://www.thomas-guettler.de/ (http://www.thomas-guettler.de/) From mlnospam at yahoo.com Wed Feb 4 10:38:55 2015 From: mlnospam at yahoo.com (ML mail) Date: Wed, 4 Feb 2015 10:38:55 +0000 (UTC) Subject: auth: Warning: DNS lookup took 1.550 s Message-ID: <883874650.2045857.1423046335243.JavaMail.yahoo@mail.yahoo.com> Hello, I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning: Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,): DNS lookup for mailboxserver.domain.com took 1.550 s I do not really understand how from time to time DNS queries are slow, I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really? Regards ML From skdovecot at smail.inf.fh-brs.de Wed Feb 4 11:48:36 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 4 Feb 2015 12:48:36 +0100 (CET) Subject: auth: Warning: DNS lookup took 1.550 s In-Reply-To: <883874650.2045857.1423046335243.JavaMail.yahoo@mail.yahoo.com> References: <883874650.2045857.1423046335243.JavaMail.yahoo@mail.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 4 Feb 2015, ML mail wrote: > I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning: > > Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,): DNS lookup for mailboxserver.domain.com took 1.550 s > > I do not really understand how from time to time DNS queries are slow, I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really? Maybe the usual network problems? Did you run a local DNS caching server? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNIHFHz1H7kL/d9rAQJLEQgAu3pPaMZcsZdo7LdhPfltlR+PMQ7J1e8W NNRT3mIrxZ+hGKEKi/Rdtmp18QcR1W0FEQy7xiMpmo8K3i6AstdSUyojf/OHRKV6 NBJxp/ejknI/O005mMAp5SZg0MgchP4Xv0wc6SkdUHoYxtoOo11FfUDSSTU8bH9+ twj5xYJ5UQM8WE2gTtAMxJElga2AZ00ZLTBBpDnCprK+WFx79bkHWCfYCZT+Cb3n OfRoxhD/ZS8llUlZIR/SEXzqOTYstfo9ZnjxsG2Ya/dTVqk/9XhvQGAskdLGtQ4o XmoguLrJRkRA/XORDlaPgNfSo3d50AcXki8kzMBHSRHeGXrXDfioyQ== =Pp5Z -----END PGP SIGNATURE----- From kremels at kreme.com Wed Feb 4 13:54:09 2015 From: kremels at kreme.com (LuKreme) Date: Wed, 4 Feb 2015 06:54:09 -0700 Subject: Resubmission after N days In-Reply-To: References: <54D1B5AA.10303@thomas-guettler.de> Message-ID: On 03 Feb 2015, at 23:49 , Steffen Kaiser wrote: > What mail storage are you using? With Maildir all messages are plain files, you could move those messages into a specific folder and do: > > find /path/to/folder -mtime +$days -print0 | \ > xargs -r0 mv -t /path/to/INBOX/new That?s simple enough, and would work. You could do something like what SaneBox does and create custom named folders like @nextWeek @tomorrow @nextMonth and so on. Honestly, it seems almost straight forward. There must be something I?m missing. -- 'I knew the two of you would get along like a house on fire.' Screams, flames, people running for safety... From nick.z.edwards at gmail.com Wed Feb 4 13:57:25 2015 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Wed, 4 Feb 2015 23:57:25 +1000 Subject: Hitting wall at 2048 IMAP connections In-Reply-To: <54D112AE.2090304@thinline.cz> References: <54D0DCDD.4010102@Cleven.com> <54D112AE.2090304@thinline.cz> Message-ID: The default connection limit values of dovecot are pathetic - unless you run a home mail server where there is only you, the cat and the dog using it. OP, lots of editing with trial and error required. from memory massive increases needed to: service auth -> client limit service imap-login -> process limit service imap -> process limit if using pop3, repeat above two steps s/imap/pop3/ service managesieve -> process limit service anvil -> client_limit (and system ulimit) I'm on holidays in australia at moment so don't have access to copy and show you a working example for 4K users, i will be back on hong kong in 17 days until then i have very limited access. On 2/4/15, Jiri Bourek wrote: > On 02/03/2015 03:35 PM, Ron Cleven wrote: >> We are gradually rolling out Dovecot (IMAP only, no POP3) to our >> customer base. We are replicating between a pair of CentOS 7 boxes. All >> has been working wonderfully. However, to be sure our rollout continues >> to go smoothly, we put together a simple benchmark client program to >> fire up X persistent IMAP connections (using hundreds of mailboxes) that >> login, list the folders, select the INBOX, periodically FETCH an email >> from the INBOX, and otherwise sit in an IDLE loop. As long as we keep >> the number of concurrent IMAP connections under 2k, everything works >> fine. 2,000 processes generate a minimal load on the server. However, >> 2048 is a "hard limit" for number of IMAP processes on a box the way >> things are configured right now. The number (2048) is a bit too magical >> to be anything but a misconfiguration of either some kernel limit or a >> dovecot configuration limit. I have been unable to figure out where >> else to look. I have pasted in my dovecot config below along with the >> kernel setting for max_user_instances. >> >> Hoping someone can tell me what stupid mistake I have made or what else >> to check. >> >> Just an aside, we front-end this with a separate set of proxy servers >> that provide an SSL front-end, hence, no SSL in the dovecot config. >> > > You didn't mention but did you try checking process_limit and > client_limit for various Dovecot services in the output of doveconf | > less ? If I remember correctly, as long as imap process lives, it is a > client of anvil process. When anvil reaches it's maximum, it's no longer > possible to run more imap processes and therefore no longer possible to > connect more clients. > > I think I hit some similar problem in the past, but in my case Dovecot > complained during startup and warned that anvil's client_limit is too > low compared to imap process_limit and that it could lead to problems. > So I just increased the limit and was done with it. > > That said, this was some time ago so process and setting names can be > completely wrong. Hope someone more knowledgeable corrects me in that case > From kremels at kreme.com Wed Feb 4 13:58:42 2015 From: kremels at kreme.com (LuKreme) Date: Wed, 4 Feb 2015 06:58:42 -0700 Subject: auth: Warning: DNS lookup took 1.550 s In-Reply-To: <883874650.2045857.1423046335243.JavaMail.yahoo@mail.yahoo.com> References: <883874650.2045857.1423046335243.JavaMail.yahoo@mail.yahoo.com> Message-ID: On 04 Feb 2015, at 03:38 , ML mail wrote: > I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning: > > Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,): DNS lookup for mailboxserver.domain.com took 1.550 s If you are seeing a warning that dans lookup took 1.5 seconds 5-6 times a day, why are you concerned? > I do not really understand how from time to time DNS queries are slow, Because from time to time, queries are slow. A hiccough in the line, the server is slightly busy doing something else. There?s a lot of bandwidth during those 1.5 seconds being used. It could be anything. If you were seeing hundreds of these warning, or if the times were over 5 seconds, then I?d worry. > I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really? I would not worry about it based on these numbers. -- there were far worse things than Evil. All the demons in Hell would torture your very soul, but that was precisely because they valued souls very highly; Evil would always try to steal the universe, but at least it considered the universe worth stealing. But the grey world behind those empty eyes would trample and destroy without even according its victims the dignity of hatred. It wouldn't even notice them. --The Light Fantastic From mlnospam at yahoo.com Wed Feb 4 16:48:26 2015 From: mlnospam at yahoo.com (ML mail) Date: Wed, 4 Feb 2015 16:48:26 +0000 (UTC) Subject: auth: Warning: DNS lookup took 1.550 s In-Reply-To: References: Message-ID: <335308848.2217068.1423068506544.JavaMail.yahoo@mail.yahoo.com> Thanks for your comments. I understand as DNS uses UDP that there could be some DNS queries which might get lost if the CPU or network is too busy but the thing is that this server is not so busy really. It has 2 cores with 4 GB of RAM and the CPU averages to 2% usage. The network averages to 1 Mbit/s traffic and there are around 600-700 processes running for 1100 mailboxes. Note here that this server is simply a proxy server, mailboxes are located on a separated server on the same LAN, the same applies to the database which has its own server too. These are all virtual machines by the way. I am not running a local DNS cache on the server. As suggested using a local DNS cache would simply fix this issue but I am more interested to know what is generating these slow DNS queries... On Wednesday, February 4, 2015 2:59 PM, LuKreme wrote: On 04 Feb 2015, at 03:38 , ML mail wrote: > I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning: > > Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,): DNS lookup for mailboxserver.domain.com took 1.550 s If you are seeing a warning that dans lookup took 1.5 seconds 5-6 times a day, why are you concerned? > I do not really understand how from time to time DNS queries are slow, Because from time to time, queries are slow. A hiccough in the line, the server is slightly busy doing something else. There?s a lot of bandwidth during those 1.5 seconds being used. It could be anything. If you were seeing hundreds of these warning, or if the times were over 5 seconds, then I?d worry. > I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really? I would not worry about it based on these numbers. -- there were far worse things than Evil. All the demons in Hell would torture your very soul, but that was precisely because they valued souls very highly; Evil would always try to steal the universe, but at least it considered the universe worth stealing. But the grey world behind those empty eyes would trample and destroy without even according its victims the dignity of hatred. It wouldn't even notice them. --The Light Fantastic From georges at mhsoftware.com Wed Feb 4 17:02:23 2015 From: georges at mhsoftware.com (George Sexton) Date: Wed, 04 Feb 2015 10:02:23 -0700 Subject: dovecot.index.log in Maildir/cur Message-ID: <54D2509F.90907@mhsoftware.com> I'm seeing two bogus messages appearing my Maildir/cur directory. They're dovecot.index.log and dovecot-uidlist. -rw------- 1 gsexton users 51 Feb 4 09:04 Maildir/cur/dovecot-uidlist:2,S -rw------- 1 gsexton users 244 Feb 4 09:04 Maildir/cur/dovecot.index.log These files are only appearing in the Maildir/cur directory, and not in any other directory that mail is delivered to (e.g. mail list directories). I'm using the current version of Mozilla Thunderbird as my mail client. Mail is delivered to Maildir/ by procmail. I was originally using Courier, but changed to dovecot. I did run the conversion program on all the mail boxes. Other than these If anyone could help me understand what I'm doing wrong, I'd appreciate it. I've researched the mail list and read the wiki articles, but I'm just not seeing anything that looks helpful. Here's my config info: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.7-7-default x86_64 openSUSE 13.2 (x86_64) -> File System: btrfs mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap service imap-login { inet_listener imaps { port = 993 ssl = yes } } ssl = required ssl_cert = References: <335308848.2217068.1423068506544.JavaMail.yahoo@mail.yahoo.com> Message-ID: <54D280AE.7080305@thelounge.net> how do you come to the conclusion that it matters how busy "this server is"? jesus christ you are asking *remote servers* for their answers and the request as well the answer passes different routers, ISP's and likely a *chain of forwarders* until you don't recursion at your own and even if you do you have no control how overloaded one of the networks between you and the auth dns server or this server itself is *any* of the involved forwarders, networks and auth nameservers are responsible for the time to resolve your query frankly "I see around 5-6 times per day the following warning" as reason for writing a mail and continue insist the problem is on your side shows missing network understanding Am 04.02.2015 um 17:48 schrieb ML mail: > Thanks for your comments. I understand as DNS uses UDP that there could be some DNS queries which might get lost if the CPU or network is too busy but the thing is that this server is not so busy really. It has 2 cores with 4 GB of RAM and the CPU averages to 2% usage. The network averages to 1 Mbit/s traffic and there are around 600-700 processes running for 1100 mailboxes. Note here that this server is simply a proxy server, mailboxes are located on a separated server on the same LAN, the same applies to the database which has its own server too. These are all virtual machines by the way. > > I am not running a local DNS cache on the server. As suggested using a local DNS cache would simply fix this issue but I am more interested to know what is generating these slow DNS queries... > > On Wednesday, February 4, 2015 2:59 PM, LuKreme wrote: > On 04 Feb 2015, at 03:38 , ML mail wrote: >> I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning: >> >> Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,): DNS lookup for mailboxserver.domain.com took 1.550 s > > If you are seeing a warning that dans lookup took 1.5 seconds 5-6 times a day, why are you concerned? > >> I do not really understand how from time to time DNS queries are slow, > > Because from time to time, queries are slow. A hiccough in the line, the server is slightly busy doing something else. There?s a lot of bandwidth during those 1.5 seconds being used. It could be anything. If you were seeing hundreds of these warning, or if the times were over 5 seconds, then I?d worry. > > >> I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really? > > I would not worry about it based on these numbers -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From guettliml at thomas-guettler.de Wed Feb 4 21:18:09 2015 From: guettliml at thomas-guettler.de (=?UTF-8?B?VGhvbWFzIEfDvHR0bGVy?=) Date: Wed, 04 Feb 2015 22:18:09 +0100 Subject: Resubmission after N days In-Reply-To: References: <54D1B5AA.10303@thomas-guettler.de> Message-ID: <54D28C91.2030201@thomas-guettler.de> Am 04.02.2015 um 07:49 schrieb Steffen Kaiser: > On Wed, 4 Feb 2015, Thomas G?ttler wrote: > >> I would like to implement a 43Folder system[1] with dovecot and a mail user agent. > >> Use case: > >> - I have a new mail in my inbox. I read it and see that I can't handle it now. I want to handle this mail in 5 days. >> - Now I want to have some sort of resubmission: the mail should be moved to a different location for these 5 days. >> - After 5 days the mail should be moved to my inbox again. > > What mail storage are you using? With Maildir all messages are plain files, you could move those messages into a specific folder and do: Yes, I use Maildir > > find /path/to/folder -mtime +$days -print0 | \ > xargs -r0 mv -t /path/to/INBOX/new Yes, this should work. But a solution which uses IMAP would be preferred. Thomas -- http://www.thomas-guettler.de/ From jtam.home at gmail.com Wed Feb 4 23:49:46 2015 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 4 Feb 2015 15:49:46 -0800 (PST) Subject: auth: Warning: DNS lookup took 1.550 s In-Reply-To: References: Message-ID: ML mail writes: > I am not running a local DNS cache on the server. As suggested using a > local DNS cache would simply fix this issue but I am more interested to > know what is generating these slow DNS queries... As another poster has commented, a slow DNS response may not be anything related to your setup, but caused by upstream DNS service. Slow DNS response or timeouts is not uncommon, and if you're only getting 6 per day, you should count yourself lucky. If it's the same FDQN that's being delayed, you can maybe run an online DNS diagnostic -- they're may be some bum delegation or unsync'd data you can report, but it will probably not be worth your time to chase this to ground unless it's causing your client to get hung. Joseph Tam From fernando.figaro at uol.com.br Thu Feb 5 01:15:28 2015 From: fernando.figaro at uol.com.br (fernando.figaro at uol.com.br) Date: Wed, 04 Feb 2015 23:15:28 -0200 Subject: lazy_expunge + mdbox Message-ID: <54d2c4304bcd2_2f61159968f073e8304b1@a4-weasel11.mail> Hi, ? I'm studying an issue related to mdbox and lazy_expunge. If it is active in the imap configuration, when you delete a message (copy to new folder + expunge old folder), a copy is also sent to the expunge namespace. ? I realize that is something related to mdbox and?lazy_expunge_only_last_instance and found almost no references except this one (http://hg.dovecot.org/dovecot-2.2/file/24d6708cea76/TODO): ? lazy_expunge_only_last_instance=yes + mdbox doesn't work, because refcounts don't update immediately One other suggestion I found was to disable 'move' capability. Does anyone has other news regarding this issue ? Thanks, Fernando From mlnospam at yahoo.com Thu Feb 5 07:01:58 2015 From: mlnospam at yahoo.com (ML mail) Date: Thu, 5 Feb 2015 07:01:58 +0000 (UTC) Subject: auth: Warning: DNS lookup took 1.550 s In-Reply-To: <54D280AE.7080305@thelounge.net> References: <54D280AE.7080305@thelounge.net> Message-ID: <554158140.101392.1423119718214.JavaMail.yahoo@mail.yahoo.com> My fault here, I should have precised that the DNS query it tries to resolve is simply the DNS name of my mailbox server (mailboxserver.domain.com). So domain.com is hosted locally on DNS servers on that very same network as the dovecot servers are located. Furthermore all the resolvers I use in /etc/resolv.conf are also local DNS resolvers on that same LAN. All the DNS servers (authoritative and recursive) are using PowerDNS. That's why I was really puzzled to see that it can take up to 1.5 seconds to query my own local DNS servers which are in no way overloaded. On Wednesday, February 4, 2015 9:27 PM, Reindl Harald wrote: how do you come to the conclusion that it matters how busy "this server is"? jesus christ you are asking *remote servers* for their answers and the request as well the answer passes different routers, ISP's and likely a *chain of forwarders* until you don't recursion at your own and even if you do you have no control how overloaded one of the networks between you and the auth dns server or this server itself is *any* of the involved forwarders, networks and auth nameservers are responsible for the time to resolve your query frankly "I see around 5-6 times per day the following warning" as reason for writing a mail and continue insist the problem is on your side shows missing network understanding Am 04.02.2015 um 17:48 schrieb ML mail: > Thanks for your comments. I understand as DNS uses UDP that there could be some DNS queries which might get lost if the CPU or network is too busy but the thing is that this server is not so busy really. It has 2 cores with 4 GB of RAM and the CPU averages to 2% usage. The network averages to 1 Mbit/s traffic and there are around 600-700 processes running for 1100 mailboxes. Note here that this server is simply a proxy server, mailboxes are located on a separated server on the same LAN, the same applies to the database which has its own server too. These are all virtual machines by the way. > > I am not running a local DNS cache on the server. As suggested using a local DNS cache would simply fix this issue but I am more interested to know what is generating these slow DNS queries... > > On Wednesday, February 4, 2015 2:59 PM, LuKreme wrote: > On 04 Feb 2015, at 03:38 , ML mail wrote: >> I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning: >> >> Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,): DNS lookup for mailboxserver.domain.com took 1.550 s > > If you are seeing a warning that dans lookup took 1.5 seconds 5-6 times a day, why are you concerned? > >> I do not really understand how from time to time DNS queries are slow, > > Because from time to time, queries are slow. A hiccough in the line, the server is slightly busy doing something else. There?s a lot of bandwidth during those 1.5 seconds being used. It could be anything. If you were seeing hundreds of these warning, or if the times were over 5 seconds, then I?d worry. > > >> I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really? > > I would not worry about it based on these numbers From skdovecot at smail.inf.fh-brs.de Thu Feb 5 07:56:37 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 5 Feb 2015 08:56:37 +0100 (CET) Subject: dovecot.index.log in Maildir/cur In-Reply-To: <54D2509F.90907@mhsoftware.com> References: <54D2509F.90907@mhsoftware.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 4 Feb 2015, George Sexton wrote: > I'm seeing two bogus messages appearing my Maildir/cur directory. They're > dovecot.index.log and dovecot-uidlist. > > -rw------- 1 gsexton users 51 Feb 4 09:04 Maildir/cur/dovecot-uidlist:2,S > -rw------- 1 gsexton users 244 Feb 4 09:04 Maildir/cur/dovecot.index.log > These files are only appearing in the Maildir/cur directory, and not in any > other directory that mail is delivered to (e.g. mail list directories). does the files re-appear if you delete them? > I'm using the current version of Mozilla Thunderbird as my mail client. > > Mail is delivered to Maildir/ by procmail. Do you call Dovecot LDA from procmail? > I was originally using Courier, but changed to dovecot. I did run the > conversion program on all the mail boxes. Maybe, they are left over from this process? Those two files belong into ~/Maildir and not ~/Maildir/cur > mail_location = maildir:~/Maildir > userdb { > driver = passwd > } - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNMiNXz1H7kL/d9rAQKdgAf+MAtAA40QHHm4dyKib9hoidquTGcdGq7L 7vDX16X2VnQt+K1IwrBs+X55O0PI0KVGmXTkHZJRkmXw0sCLZ0KCnoEi/NpJAUb6 GT6EQYQUEF1VyZAX56CtjKrVKt7tLRGZVN21im1DeuSF/zr4wKnxh19JisjXKDRb P0oCTbl1C63odGU6/eJuLFY9g8SzhhQh/CzKFv63o5hGl7kgwQPNeY1dexxl6k8B 61YVpYuvwBpuJy40+XJhf6lJpSAIDYamQNzkrzAeaac2seK5X4fNqv6bvN5O00oW LYDNrX5LBbAJEv0IlwOM0DZ9R0XwytDja+P0vOklfQtYHy545CFebg== =qbV8 -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Thu Feb 5 07:59:24 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 5 Feb 2015 08:59:24 +0100 (CET) Subject: Resubmission after N days In-Reply-To: <54D28C91.2030201@thomas-guettler.de> References: <54D1B5AA.10303@thomas-guettler.de> <54D28C91.2030201@thomas-guettler.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 4 Feb 2015, Thomas G?ttler wrote: > Am 04.02.2015 um 07:49 schrieb Steffen Kaiser: >> On Wed, 4 Feb 2015, Thomas G?ttler wrote: >> >>> I would like to implement a 43Folder system[1] with dovecot and a mail user agent. >> >>> Use case: >> >>> - I have a new mail in my inbox. I read it and see that I can't handle it now. I want to handle this mail in 5 days. >>> - Now I want to have some sort of resubmission: the mail should be moved to a different location for these 5 days. >>> - After 5 days the mail should be moved to my inbox again. >> >> What mail storage are you using? With Maildir all messages are plain files, you could move those messages into a specific folder and do: > > Yes, I use Maildir > >> >> find /path/to/folder -mtime +$days -print0 | \ >> xargs -r0 mv -t /path/to/INBOX/new > > Yes, this should work. But a solution which uses IMAP would be preferred. What specific action shall be done via IMAP? The move? Then use any IMAP client library, use the LIST command to get the mailboxes, FETCH to get the messages and COPY/EXPUNGE to move them. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNMi3Hz1H7kL/d9rAQJj5Af+PEi7dDRcn8aVIB4QRhOLsT0X6IQscMQq 6iftyMNTpjLCNrPg+ED291CtCJ27C/FG7lXsr1TgiCt2IXxkDewlaj9SEk8bX4Pe 6WE6I6ABmsolr/zh5YMfcuDWaojCOZ4o45xI2ljECGaKbqQAi0EPR8YaKhk7zNp/ rby8MM3zhKWq3FG716nm1rZF4ZdewlpAVL2V+SK+IvM1F/mz3LQknwdoxtMCpmHI lIGWqikDaGYcmkbqdtOiF7A7++OKkahX0OMLtl3NUqD010pHebNQXXfefAdpC3zl 7dTGhs/GLLGKt5hMsGeai/1HhQz/vGLD8cEVvBg0g4qJ4XVq0xyczw== =hQHz -----END PGP SIGNATURE----- From hakon at alstadheim.priv.no Thu Feb 5 08:54:44 2015 From: hakon at alstadheim.priv.no (=?UTF-8?B?SMOla29uIEFsc3RhZGhlaW0=?=) Date: Thu, 05 Feb 2015 09:54:44 +0100 Subject: Resubmission after N days In-Reply-To: References: <54D1B5AA.10303@thomas-guettler.de> <54D28C91.2030201@thomas-guettler.de> Message-ID: <54D32FD4.8030008@alstadheim.priv.no> On 05. feb. 2015 08:59, Steffen Kaiser wrote: > > On Wed, 4 Feb 2015, Thomas G?ttler wrote: >> Am 04.02.2015 um 07:49 schrieb Steffen Kaiser: >>> On Wed, 4 Feb 2015, Thomas G?ttler wrote: >>> >>>> I would like to implement a 43Folder system[1] with dovecot and a >>>> mail user agent. >>> >>>> Use case: >>> >>>> - I have a new mail in my inbox. I read it and see that I can't >>>> handle it now. I want to handle this mail in 5 days. >>>> - Now I want to have some sort of resubmission: the mail should be >>>> moved to a different location for these 5 days. >>>> - After 5 days the mail should be moved to my inbox again. >>> >>> What mail storage are you using? With Maildir all messages are plain >>> files, you could move those messages into a specific folder and do: >> >> Yes, I use Maildir >> >>> >>> find /path/to/folder -mtime +$days -print0 | \ >>> xargs -r0 mv -t /path/to/INBOX/new >> >> Yes, this should work. But a solution which uses IMAP would be >> preferred. > > What specific action shall be done via IMAP? The move? > Then use any IMAP client library, use the LIST command to get the > mailboxes, FETCH to get the messages and COPY/EXPUNGE to move them. No need to use the IMAP server directly. Read the manual pages for doveadm(1) and the pages it refers to like doveadm-move(1) and doveadm-flags(1) , check out the \Seen flag. Then sit down with your favourite scripting language, and make some cron-jobs. On principle you do NOT want to manipulate the the dates of the mails, but the user could sort by order received, to get the recently moved mails displayed at the top of the mailbox listing. From guettliml at thomas-guettler.de Thu Feb 5 10:57:43 2015 From: guettliml at thomas-guettler.de (=?UTF-8?B?VGhvbWFzIEfDvHR0bGVy?=) Date: Thu, 05 Feb 2015 11:57:43 +0100 Subject: Resubmission after N days In-Reply-To: References: <54D1B5AA.10303@thomas-guettler.de> <54D28C91.2030201@thomas-guettler.de> Message-ID: <54D34CA7.2030208@thomas-guettler.de> > What specific action shall be done via IMAP? The move? > Then use any IMAP client library, use the LIST command to get the mailboxes, FETCH to get the messages and COPY/EXPUNGE > to move them. You are right moving the mail should be simple. I ask myself it is possible to store the date of the resubmission in the mail itself. Thomas From skdovecot at smail.inf.fh-brs.de Thu Feb 5 11:18:10 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 5 Feb 2015 12:18:10 +0100 (CET) Subject: Resubmission after N days In-Reply-To: <54D34CA7.2030208@thomas-guettler.de> References: <54D1B5AA.10303@thomas-guettler.de> <54D28C91.2030201@thomas-guettler.de> <54D34CA7.2030208@thomas-guettler.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 5 Feb 2015, Thomas G?ttler wrote: >> What specific action shall be done via IMAP? The move? >> Then use any IMAP client library, use the LIST command to get the >> mailboxes, FETCH to get the messages and COPY/EXPUNGE >> to move them. > > You are right moving the mail should be simple. > > I ask myself it is possible to store the date of the resubmission in the mail > itself. How shall the date be visible to the user? Remember that altering the message may invalidate DKIM and other security / verification stuff. Instead of a simple "mv" you can prefix the message with "X-Date: " header, so you mark the message, but it is not visible to the user. If your goal is to have the message "up" according the client side message sorting by date, you would need to alter the Date: header and possibly break message verification. What's your goal in order to " store the date of the resubmission "? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNNRcnz1H7kL/d9rAQIYjAf/WXg66jD3c9Lh+gRA7wiLkTtUKwNRdECr wPAiUnKoNs2pQn3L0k2sSXyZ0xPWAf4kWB6SH5QiVdJ7auvsTrcz/tuXY0Ir+oOL R6RBymXOCObKhnNziVuJbNshSbslj8kNvd0UOOOH//4ID8tXx3i3CbtkpO5h4gtV lySwuVZesDpJOG/+UuyliR2qEtwSG/5L99wvijzVT+SubIyQMX6tesL5Us0A1fGE 9B8XcNyISEUVjLcBHF9C8SmBv8Ux8GOBO1TnrpUH6EzVdYCR6YNOkw9DBgKBEw5S VRqjfkePr4eZP1ZLJenW/DbqXLCOPFtasGBsfTqNrNLU9q0BTesmyA== =Edop -----END PGP SIGNATURE----- From sto at iti.es Thu Feb 5 13:15:42 2015 From: sto at iti.es (Sergio Talens-Oliag) Date: Thu, 5 Feb 2015 14:15:42 +0100 Subject: Bug when using METADATA and ACLs Message-ID: <20150205131541.GA8717@ityrion.iti.upv.es> Hi, I'm trying to use the current version of dovecot as the IMAP server for Kolab and things seem to be working more or less OK, but while working on it I've found a dovecot bug that can probably be fixed quickly by someone familiar with the code. I've found the problem using shared folders, but it is related to ACLs and METADATA. The problem appears when a user only has the 'l' (lookup) permission on a folder and later tries to get METADATA from all his or her folders; a sample session to ilustrate the problem: A1 GETACL "foo" * ACL foo admin akxeilprwtscd -admin "" sto at iti.es lrwstipekxacd A1 OK Getacl completed. A2 SETACL "foo" sto at iti.es l A2 OK Setacl complete. A3 GETACL "foo" * ACL foo admin akxeilprwtscd -admin "" sto at iti.es al A3 OK Getacl completed. A4 GETMETADATA "foo" (/private/vendor/kolab/folder-type /shared/vendor/kolab/folder-type) A4 NO [NOPERM] Permission denied A5 GETMETADATA "*" (/private/vendor/kolab/folder-type /shared/vendor/kolab/folder-type) The dovecot.log messages are: Feb 05 13:59:12 imap(sto at iti.es): Panic: file imap-client.c: line 636 (client_command_free): assertion failed: (client->output_cmd_lock == NULL) Feb 05 13:59:12 imap(sto at iti.es): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x756cf) [0x7f55ab3da6cf] -> /usr/lib/dovecot/libdovecot.so.0(+0x7572e) [0x7f55ab3da72e] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f55ab38c575] -> dovecot/imap [sto at iti.es 127.0.0.1 GETMETADATA](+0x18c9e) [0x7f55abba5c9e] -> dovecot/imap [sto at iti.es 127.0.0.1 GETMETADATA](+0x18e9a) [0x7f55abba5e9a] -> dovecot/imap [sto at iti.es 127.0.0.1 GETMETADATA](+0x18ef4) [0x7f55abba5ef4] -> dovecot/imap [sto at iti.es 127.0.0.1 GETMETADATA](client_handle_input+0x115) [0x7f55abba61e5] -> dovecot/imap [sto at iti.es 127.0.0.1 GETMETADATA](client_input+0x75) [0x7f55abba65b5] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x5b) [0x7f55ab3ec51b] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xbb) [0x7f55ab3ed59b] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7f55ab3ec5a9] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f55ab3ec628] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f55ab391a43] -> dovecot/imap [sto at iti.es 127.0.0.1 GETMETADATA](main+0x2b7) [0x7f55abb9a717] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f55aaff7ead] -> dovecot/imap [sto at iti.es 127.0.0.1 GETMETADATA](+0xd889) [0x7f55abb9a889] Feb 05 13:59:12 imap(sto at iti.es): Fatal: master: service(imap): child 32404 killed with signal 6 (core dumped) And the gdb output is (my binary has no debug symbols, so I guess it is not really useful): (gdb) bt full #0 0x00007f55ab00b165 in raise () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #1 0x00007f55ab00e3e0 in abort () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #2 0x00007f55ab3da6c5 in ?? () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #3 0x00007f55ab3da72e in ?? () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #4 0x00007f55ab38c575 in i_panic () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #5 0x00007f55abba5c9e in client_command_free () No symbol table info available. #6 0x00007f55abba5e9a in ?? () No symbol table info available. #7 0x00007f55abba5ef4 in ?? () No symbol table info available. #8 0x00007f55abba61e5 in client_handle_input () No symbol table info available. #9 0x00007f55abba65b5 in client_input () No symbol table info available. #10 0x00007f55ab3ec51b in io_loop_call_io () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #11 0x00007f55ab3ed59b in io_loop_handler_run_internal () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #12 0x00007f55ab3ec5a9 in io_loop_handler_run () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #13 0x00007f55ab3ec628 in io_loop_run () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #14 0x00007f55ab391a43 in master_service_run () from /usr/lib/dovecot/libdovecot.so.0 No symbol table info available. #15 0x00007f55abb9a717 in main () No symbol table info available. If someone can look into it I will be grateful; of course if more info is needed I'm available to help as much as I can. Thanks in advance, Sergio. -- Sergio Talens-Oliag Key fingerprint = FF77 A16B 9D09 FC7B 6656 CFAD 261D E19A 578A 36F2 From georges at mhsoftware.com Thu Feb 5 15:35:45 2015 From: georges at mhsoftware.com (George Sexton) Date: Thu, 05 Feb 2015 08:35:45 -0700 Subject: dovecot.index.log in Maildir/cur In-Reply-To: References: <54D2509F.90907@mhsoftware.com> Message-ID: <54D38DD1.9020909@mhsoftware.com> On 2/5/2015 12:56 AM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 4 Feb 2015, George Sexton wrote: > >> I'm seeing two bogus messages appearing my Maildir/cur directory. >> They're dovecot.index.log and dovecot-uidlist. >> >> -rw------- 1 gsexton users 51 Feb 4 09:04 >> Maildir/cur/dovecot-uidlist:2,S >> -rw------- 1 gsexton users 244 Feb 4 09:04 >> Maildir/cur/dovecot.index.log > >> These files are only appearing in the Maildir/cur directory, and not >> in any other directory that mail is delivered to (e.g. mail list >> directories). > > does the files re-appear if you delete them? Yes, but not immediately, and not every time. It "seems" like after you delete them an hour or so passes. > >> I'm using the current version of Mozilla Thunderbird as my mail client. >> >> Mail is delivered to Maildir/ by procmail. > > Do you call Dovecot LDA from procmail? No. > >> I was originally using Courier, but changed to dovecot. I did run the >> conversion program on all the mail boxes. > > Maybe, they are left over from this process? Those two files belong > into ~/Maildir and not ~/Maildir/cur > >> mail_location = maildir:~/Maildir > The issue is they keep re-appearing. Other users have reported this as well. -- George Sexton *MH Software, Inc.* Voice: 303 438 9585 http://www.mhsoftware.com From skdovecot at smail.inf.fh-brs.de Thu Feb 5 16:01:40 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 5 Feb 2015 17:01:40 +0100 (CET) Subject: dovecot.index.log in Maildir/cur In-Reply-To: <54D38DD1.9020909@mhsoftware.com> References: <54D2509F.90907@mhsoftware.com> <54D38DD1.9020909@mhsoftware.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 5 Feb 2015, George Sexton wrote: > On 2/5/2015 12:56 AM, Steffen Kaiser wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Wed, 4 Feb 2015, George Sexton wrote: >> >>> I'm seeing two bogus messages appearing my Maildir/cur directory. They're >>> dovecot.index.log and dovecot-uidlist. >>> >>> -rw------- 1 gsexton users 51 Feb 4 09:04 >>> Maildir/cur/dovecot-uidlist:2,S >>> -rw------- 1 gsexton users 244 Feb 4 09:04 Maildir/cur/dovecot.index.log >> >>> These files are only appearing in the Maildir/cur directory, and not in >>> any other directory that mail is delivered to (e.g. mail list >>> directories). >> >> does the files re-appear if you delete them? > > Yes, but not immediately, and not every time. It "seems" like after you > delete them an hour or so passes. > >> >>> I'm using the current version of Mozilla Thunderbird as my mail client. >>> >>> Mail is delivered to Maildir/ by procmail. >> >> Do you call Dovecot LDA from procmail? > > No. Could you delete those files and immediatly send a message to that user and check, if the files re-appear? >> >>> I was originally using Courier, but changed to dovecot. I did run the >>> conversion program on all the mail boxes. >> >> Maybe, they are left over from this process? Those two files belong into >> ~/Maildir and not ~/Maildir/cur >> >>> mail_location = maildir:~/Maildir >> > > The issue is they keep re-appearing. Other users have reported this as well. what's the output of doveadm user -u user of an user which those files? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNOT5Hz1H7kL/d9rAQI+XAf+JQs8xJeSAO35F9J63/pGH0CCb2FkkIa5 zazawFLqG72zvYa/TdnQveUfqP/Uc59sF4tyz8VxeM+bE+8m5bw7i7Dwl1Cj/lTR SIQ0VNnIWC38Shj2MHvHRANAnZdfANfOp0GT3TrR0wex4qNzoNfJVQmP8N3mjlmr dOJlk6xdRCXv/bfWlsrGZiUMXiKGlrm7KHlRuHEo3QbWVlvEK7QyPSg3QYTav3xQ RjuWjOO2vfh6LleFJfq5yEGjJNTlwRMOHti3J0szVuyfaFt6ZY/LjAqGQwYRBOPN YL3kNWYqkzRVVOa5a5o49EYZqdAhSm6Bhku//fFb1Bp5Pl373/eXhA== =bDSX -----END PGP SIGNATURE----- From andre.peters at debinux.de Thu Feb 5 19:47:09 2015 From: andre.peters at debinux.de (=?UTF-8?B?QW5kcsOpIFBldGVycw==?=) Date: Thu, 05 Feb 2015 20:47:09 +0100 Subject: Block folder names in IMAP Message-ID: <54D3C8BD.7010604@debinux.de> Hi, I just merged to Maildir "/" as separator with a fs layout. So I am afraid of running into problems when someone creates a folder named "new", "cur", etc. ... I know I could work this around, but isn't there a way to block folders by their name from being created? Thank you! -- Andr? Peters -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5033 bytes Desc: S/MIME Cryptographic Signature URL: From guettliml at thomas-guettler.de Thu Feb 5 21:29:58 2015 From: guettliml at thomas-guettler.de (=?UTF-8?B?VGhvbWFzIEfDvHR0bGVy?=) Date: Thu, 05 Feb 2015 22:29:58 +0100 Subject: Resubmission after N days In-Reply-To: References: <54D1B5AA.10303@thomas-guettler.de> <54D28C91.2030201@thomas-guettler.de> <54D34CA7.2030208@thomas-guettler.de> Message-ID: <54D3E0D6.6010309@thomas-guettler.de> Am 05.02.2015 um 12:18 schrieb Steffen Kaiser: > On Thu, 5 Feb 2015, Thomas G?ttler wrote: >>> What specific action shall be done via IMAP? The move? >>> Then use any IMAP client library, use the LIST command to get the mailboxes, FETCH to get the messages and COPY/EXPUNGE >>> to move them. > >> You are right moving the mail should be simple. > >> I ask myself it is possible to store the date of the resubmission in the mail itself. > > How shall the date be visible to the user? > > Remember that altering the message may invalidate DKIM and other security / verification stuff. > > Instead of a simple "mv" you can prefix the message with "X-Date: " header, so you mark the message, but it is not visible to the user. > > If your goal is to have the message "up" according the client side message sorting by date, you would need to alter the Date: header and possibly break message verification. > > What's your goal in order to " store the date of the resubmission "? My goal is to use IMAP only, not external database. But I guess this is not possible. I could alter the subject of the mail. What kind of message verification could break? Regards, Thomas G?ttler -- http://www.thomas-guettler.de/ From tcstone at caseystone.com Thu Feb 5 22:39:14 2015 From: tcstone at caseystone.com (Casey Stone) Date: Thu, 5 Feb 2015 22:39:14 +0000 Subject: doveadm sync out of memory Message-ID: Hello: I've been looking forward to getting my mail server up to Dovecot 2.2+ to be able to use the sync mechanism. I run my own mail server just for myself, with a few different accounts, and want to keep a master and backup server in sync. I'm running the Ubuntu server 14.04.1 mail stack which features Dovecot 2.2.9 (and Postfix). My setup is to use system users (userdb passwd / passdb pam) with ~/Maildir. I'll post full sanitized output of dovecot -n if it seems necessary. I have not enabled any plugins (do I need the replicator plugin active?) I have in my conf a doveadm_password defined. Anyway, after setting up an ssl listener on the main machine and after considerable struggles with SSL, I was able to run doveadm sync from the backup server successfully for a small mailbox (around 78 MB) with this command: doveadm sync -R tcps:mainserver.example.com:12345 Since I run this command as the system user on the backup server (same system users as main server) it 'just works' for the correct single user with no further options required. My plan is to run a daily cron job to sync once daily for each user. The problem is when I try to sync a larger mailbox, say 1 GB, dsync-server on the remote (master) machine throws fatal error 83 Out of Memory. I already raised vsz_limit to 512 MB. Problems probably arise with mailboxes around 200 MB though I haven't tested specifically. So my question is, is this expected and I will need to give my VM much more memory to be able to use dovecot sync, or do I have something set wrong, or is it a bug? Thanks for your help. From jtam.home at gmail.com Fri Feb 6 00:30:24 2015 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 5 Feb 2015 16:30:24 -0800 (PST) Subject: auth: Warning: DNS lookup took 1.550 s In-Reply-To: References: Message-ID: ML mail writes: > My fault here, I should have precised that the DNS query it tries to > resolve is simply the DNS name of my mailbox server > (mailboxserver.domain.com). So domain.com is hosted locally on DNS > servers on that very same network as the dovecot servers are located. > Furthermore all the resolvers I use in /etc/resolv.conf are also local > DNS resolvers on that same LAN. All the DNS servers (authoritative and > recursive) are using PowerDNS. That's why I was really puzzled to see > that it can take up to 1.5 seconds to query my own local DNS servers > which are in no way overloaded. That really doesn't change my answer, but since you control the entire DNS chain of query and response, you can further debug it at the server end via logs or network tracing. And you should still run a comprehesive DNS trace (e.g. http://dns.squish.net/) since a misconfiguration could still cause your DNS resolver to go on wild goose chases. In either case, it's probably not Dovecot related. If you want to triage it, just enter static entries into your proxy's /etc/hosts file. Or use bare IPs in your configurations. Joseph Tam From georges at mhsoftware.com Fri Feb 6 00:36:34 2015 From: georges at mhsoftware.com (George Sexton) Date: Thu, 05 Feb 2015 17:36:34 -0700 Subject: dovecot.index.log in Maildir/cur In-Reply-To: References: <54D2509F.90907@mhsoftware.com> <54D38DD1.9020909@mhsoftware.com> Message-ID: <54D40C92.7040207@mhsoftware.com> On 2/5/2015 9:01 AM, Steffen Kaiser wrote: > > Could you delete those files and immediatly send a message to that > user and check, if the files re-appear? > It's pretty random if they do or don't. Sometimes a few minutes later they popup. Sometimes a whole day will pass and then they appear. -- George Sexton *MH Software, Inc.* Voice: 303 438 9585 http://www.mhsoftware.com From jtmoulia at gmail.com Fri Feb 6 00:34:41 2015 From: jtmoulia at gmail.com (Thomas Moulia) Date: Thu, 05 Feb 2015 16:34:41 -0800 Subject: Interface for managing users? Message-ID: Hey all, I'd like to use dovecot as an testing/benchmarking IMAP server for switchboard (https://github.com/thusfresh/switchboard). As part of the tests, I need to add and destroy dovecot users. Is there an interface or tool for this sort of user management at a higher-level than editing the user store, e.g. passwd-file, sql, ...? Also, more generally, are there any tools for using dovecot to test against? Thanks! -Thomas From hakon at alstadheim.priv.no Fri Feb 6 06:23:57 2015 From: hakon at alstadheim.priv.no (=?UTF-8?B?SMOla29uIEFsc3RhZGhlaW0=?=) Date: Fri, 06 Feb 2015 07:23:57 +0100 Subject: Resubmission after N days In-Reply-To: <54D3E0D6.6010309@thomas-guettler.de> References: <54D1B5AA.10303@thomas-guettler.de> <54D28C91.2030201@thomas-guettler.de> <54D34CA7.2030208@thomas-guettler.de> <54D3E0D6.6010309@thomas-guettler.de> Message-ID: <54D45DFD.5060007@alstadheim.priv.no> On 05. feb. 2015 22:29, Thomas G?ttler wrote: > Am 05.02.2015 um 12:18 schrieb Steffen Kaiser: >> On Thu, 5 Feb 2015, Thomas G?ttler wrote: >>>> What specific action shall be done via IMAP? The move? >>>> Then use any IMAP client library, use the LIST command to get the mailboxes, FETCH to get the messages and COPY/EXPUNGE >>>> to move them. >>> You are right moving the mail should be simple. >>> I ask myself it is possible to store the date of the resubmission in the mail itself. >> How shall the date be visible to the user? >> >> Remember that altering the message may invalidate DKIM and other security / verification stuff. >> >> Instead of a simple "mv" you can prefix the message with "X-Date: " header, so you mark the message, but it is not visible to the user. >> >> If your goal is to have the message "up" according the client side message sorting by date, you would need to alter the Date: header and possibly break message verification. >> >> What's your goal in order to " store the date of the resubmission "? > > My goal is to use IMAP only, not external database. But I guess this is not possible. > > I could alter the subject of the mail. What kind of message verification could break? > > Regards, > Thomas G?ttler > (code samples are for bash. untested.) Putting data in the mail is hard without violating mail integrity. If you really want this, an easy way would be to have doveadm create a mailbox "resubmit" folder, and subfolders under there with names like "date --iso" gives you, eg with mailbox "resubmit."$(date -d "next week" +"%F") . Note: "next week" , with the quotes, literally is a valid value for date -d . Then have a cron job moving from mailbox "resubmit."$(date --iso) to inbox. Remember to remove the \Seen flag from the mail. If you do not want to see the mails before next week, just do not subscribe to those folders (see -s flag to doveadm mailbox create ) Now, pick a scripting-language and start coding :-) . -- H?kon Alstadheim / N-7510 Skatval / email: hakon at alstadheim.priv.no tlf: 74 82 60 27 mob: 47 35 39 38 http://alstadheim.priv.no/hakon/ From skdovecot at smail.inf.fh-brs.de Fri Feb 6 07:33:55 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 6 Feb 2015 08:33:55 +0100 (CET) Subject: Interface for managing users? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 5 Feb 2015, Thomas Moulia wrote: > As part of the tests, I need to add and destroy dovecot users. Is there > an interface or tool for this sort of user management at a higher-level > than editing the user store, e.g. passwd-file, sql, ...? It's actually the way around: pick any user management and configure Dovecot to use its database. Depending on what you want, you need a system, that also removes the user's home dirs and/or creates them from a skeleton. If you have already experience with scripting and LDAP or SQL, it should be easy to create some scripts to add/remove necessary data to/from LDAP or SQL and add/remove the user's home dir. After doing a change in the user database, make sure to run doveadm auth cache flush to force Dovecot to pick up the changes, before you fire up the next test. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNRuY3z1H7kL/d9rAQKiqQf/WJMocgXFmxzTtEXEmWNkgjL4PB1X4Nua H9G0Vkyr6zTsvQgFyaQigMes5d3CmZzY/095pdLLP14NGquFI2BgrF5s+WMYhD/w Ao2Vxk437yQss5/vXodxN24xwwSIaBlGxaOTm7yeBwJy7asChdqQlu/9Ewsw5RYe 6FHKE9cGe0ve13eAZYNT6Dis6VpGDj7ljHRwfelj5FZLA+9AKDksmiTzK43Rc0yV XkxmLKyiygYS8/P23cNz2E4iwV/lweCrdgw1OUEUag0tnOvXXo62smqbLqLIDaM2 OzOEb08eHEFPAa7QorDWIMBpuJ1IYXOue5ImfCNZRdP+kzEAA8M0RQ== =x/8k -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Feb 6 07:52:37 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 6 Feb 2015 08:52:37 +0100 (CET) Subject: Resubmission after N days In-Reply-To: <54D3E0D6.6010309@thomas-guettler.de> References: <54D1B5AA.10303@thomas-guettler.de> <54D28C91.2030201@thomas-guettler.de> <54D34CA7.2030208@thomas-guettler.de> <54D3E0D6.6010309@thomas-guettler.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 5 Feb 2015, Thomas G?ttler wrote: > Am 05.02.2015 um 12:18 schrieb Steffen Kaiser: >> On Thu, 5 Feb 2015, Thomas G?ttler wrote: >>>> What specific action shall be done via IMAP? The move? >>>> Then use any IMAP client library, use the LIST command to get the mailboxes, FETCH to get the messages and COPY/EXPUNGE >>>> to move them. >> >>> You are right moving the mail should be simple. >> >>> I ask myself it is possible to store the date of the resubmission in the mail itself. >> >> How shall the date be visible to the user? >> >> Remember that altering the message may invalidate DKIM and other security / verification stuff. >> >> Instead of a simple "mv" you can prefix the message with "X-Date: " header, so you mark the message, but it is not visible to the user. >> >> If your goal is to have the message "up" according the client side message sorting by date, you would need to alter the Date: header and possibly break message verification. >> >> What's your goal in order to " store the date of the resubmission "? > > My goal is to use IMAP only, not external database. But I guess this is not possible. Maybe I rephrase: How should the Resubmission interfaces to the users, how shall the users work with it? The first sentence of the quoted text contains an IMAP-only variant. However, pick up H?kon's advice and use STORE to remove the SEEN flag. So I wonder how the Resubmission shall work. > I could alter the subject of the mail. What kind of message verification could break? For instance DKIM, it may (or may not) sign Date, Subject and other headers. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNRyxXz1H7kL/d9rAQIiFgf/XUcOFxGgUcdCXGDHMTDsa4nFr+gqwMAl 8fzztuKeheqrsGpGKpYb9lwg5oq0N7Q+Otnj0TSgZ2+JkpOdCDFxVLHyYJoxM4/a mSSGm8XHekiI9IKxzSV8Ojplx26vev/4vxvHJgoGNukstHiFzI4tTE0OpiI2E3eg +HUltwwZey57JIS1hHIr33lvJsgLwsBjBkgiOU0+Lkurh7/8HLXP0Z/UKeuL9cib 6E7ZiiV0EhYjkP6urQFxWNfrt7OnhFtQlbI9Dwkirf630cn053/m9Em+vBu5DEcq CAJSTLAMf6z8EPWkUstlq3WMsGUxVYPXTEy5+Nv0Lb8RS9OJyWSSOw== =yk7F -----END PGP SIGNATURE----- From mihai at badici.ro Fri Feb 6 09:05:22 2015 From: mihai at badici.ro (Mihai Badici) Date: Fri, 06 Feb 2015 11:05:22 +0200 Subject: Resubmission after N days In-Reply-To: <54D1B5AA.10303@thomas-guettler.de> References: <54D1B5AA.10303@thomas-guettler.de> Message-ID: <2510318.gXE7ktU0Cg@arhivio> On Wednesday 04 February 2015 07:01:14 Thomas G?ttler wrote: > Hi, > > > I would like to implement a 43Folder system[1] with dovecot and a mail user > agent. > > Use case: > > - I have a new mail in my inbox. I read it and see that I can't handle it > now. I want to handle this mail in 5 days. - Now I want to have some sort > of resubmission: the mail should be moved to a different location for these > 5 days. - After 5 days the mail should be moved to my inbox again. > > How can this be done with Dovecot/IMAP? > > I have programming experience, but I am new to Dovecot/IMAP. > > I would like solve this with Dovecot only (without a database or web > server). > > Does the IMAP protocol over methods which could help? > > > [1] 43Folder https://en.wikipedia.org/wiki/Tickler_file -- Mihai B?dici http://mihai.badici.ro Why don't you use a calendar application to put an event related to that mail? You can use the kolab approach ( IMAP only) for this. From sven at cs-ware.de Fri Feb 6 10:36:35 2015 From: sven at cs-ware.de (Sven Strickroth) Date: Fri, 06 Feb 2015 11:36:35 +0100 Subject: dsync and smooth conversion of Maildir to mdbox Message-ID: <54D49933.2020901@cs-ware.de> Hi, I was experimenting with dsync for Maildir to mdbox conversion. Two isses arised there: * "subscriptions" only contained subscriptions of that namespace, all others were lost - Is there any configuration missing on my side? * "dovecot-acl-list" and "dovecot-acl" shares/permissions were not synced; UPDATE: if I also add "acl" to "mail_plugins" when running dsync (using -o mail_plugins="acl zlib") it works, however, all documentation, e.g. the wiki2, only mention to add acl to lmtp/lda and imap services. - Is there any problem adding acl to "global" mail_plugins? Regarding shared namespace: I cannot convert all mailboxes at once and have to do it mailbox after mailbox. The setting "location = maildir:%%h/Maildir" won't work as some mailboxes are already converted and others aren't. Is there a way to cope with that? "doveconf -n" outout: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16-0.bpo.3-amd64 x86_64 Debian 7.8 dict { acldict = mysql:/etc/dovecot/dovecot-dict-user_shares.conf quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } mail_gid = 8 mail_location = maildir:%h/Maildir mail_plugins = quota zlib mail_privileged_group = mail mail_shared_explicit_inbox = yes mail_uid = 999 namespace { list = children location = maildir:%%h/Maildir prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes list = yes location = prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/79p-sql.conf driver = sql } plugin { acl = vfile acl_anyone = allow acl_shared_dict = proxy::acldict quota = dict:user::proxy::quotadict quota_grace = 0 quota_rule2 = Trash:bytes=+100M } protocols = " imap lmtp" service auth { unix_listener auth-userdb { group = mail mode = 0660 user = vmail } } service dict { unix_listener dict { group = mail mode = 0660 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix } user = vmail } userdb { driver = prefetch } userdb { args = /etc/dovecot/79p-sql.conf driver = sql } -- Best regards, Sven Strickroth PGP key id F5A9D4C4 @ any key-server From guettliml at thomas-guettler.de Fri Feb 6 11:07:00 2015 From: guettliml at thomas-guettler.de (=?ISO-8859-15?Q?Thomas_G=FCttler?=) Date: Fri, 06 Feb 2015 12:07:00 +0100 Subject: Resubmission after N days In-Reply-To: References: <54D1B5AA.10303@thomas-guettler.de> <54D28C91.2030201@thomas-guettler.de> <54D34CA7.2030208@thomas-guettler.de> <54D3E0D6.6010309@thomas-guettler.de> Message-ID: <54D4A054.305@thomas-guettler.de> Am 06.02.2015 um 08:52 schrieb Steffen Kaiser: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 5 Feb 2015, Thomas G?ttler wrote: >> Am 05.02.2015 um 12:18 schrieb Steffen Kaiser: >>> On Thu, 5 Feb 2015, Thomas G?ttler wrote: >>>>> What specific action shall be done via IMAP? The move? >>>>> Then use any IMAP client library, use the LIST command to get the mailboxes, FETCH to get the messages and >>>>> COPY/EXPUNGE >>>>> to move them. >>> >>>> You are right moving the mail should be simple. >>> >>>> I ask myself it is possible to store the date of the resubmission in the mail itself. >>> >>> How shall the date be visible to the user? >>> >>> Remember that altering the message may invalidate DKIM and other security / verification stuff. >>> >>> Instead of a simple "mv" you can prefix the message with "X-Date: " header, so you mark the message, but it is not >>> visible to the user. >>> >>> If your goal is to have the message "up" according the client side message sorting by date, you would need to alter >>> the Date: header and possibly break message verification. >>> >>> What's your goal in order to " store the date of the resubmission "? >> >> My goal is to use IMAP only, not external database. But I guess this is not possible. > > Maybe I rephrase: How should the Resubmission interfaces to the users, how shall the users work with it? > The first sentence of the quoted text contains an IMAP-only variant. However, pick up H?kon's advice and use STORE to > remove the SEEN flag. > So I wonder how the Resubmission shall work. me too. That's why I asked the question on this list. Sad but true, I guess there is no solution. Thank you very much for your feedback. Regards, Thomas From hakon at alstadheim.priv.no Fri Feb 6 11:12:03 2015 From: hakon at alstadheim.priv.no (=?UTF-8?B?SMOla29uIEFsc3RhZGhlaW0=?=) Date: Fri, 06 Feb 2015 12:12:03 +0100 Subject: Resubmission after N days In-Reply-To: <54D1B5AA.10303@thomas-guettler.de> References: <54D1B5AA.10303@thomas-guettler.de> Message-ID: <54D4A183.3010900@alstadheim.priv.no> On 04. feb. 2015 07:01, Thomas G?ttler wrote: > Hi, > > > I would like to implement a 43Folder system[1] with dovecot and a mail user agent. > > Use case: > > - I have a new mail in my inbox. I read it and see that I can't handle it now. I want to handle this mail in 5 days. > - Now I want to have some sort of resubmission: the mail should be moved to a different location for these 5 days. > - After 5 days the mail should be moved to my inbox again. > > How can this be done with Dovecot/IMAP? > > I have programming experience, but I am new to Dovecot/IMAP. > > I would like solve this with Dovecot only (without a database or web server). > > Does the IMAP protocol over methods which could help? > > > [1] 43Folder https://en.wikipedia.org/wiki/Tickler_file > > I would abandon this tack. Inspiration for a different angle: When I right-click a mail in the Icedove (Thunderbird) I am offered to convert the mail into an event or a task. A possible work flow would be to have a single "postponed" folder (also known as mailbox) , and move stuff into there while at the same time converting them to tasks/events. This functionality has been fragile in the past, in that certain contents in the mail would render the event/task invalid. Combination of bugs in the conversion from regular email and the reading of calendar info in my case (davical networked calendar). I think that any effort on your part would be better spent testing and polishing a solution involving some kind of calendar backend. From tm at del.bg Fri Feb 6 15:25:23 2015 From: tm at del.bg (Teodor Milkov) Date: Fri, 06 Feb 2015 17:25:23 +0200 Subject: doveadm quota get doesn't recalculate quota (Maildir backend) Message-ID: <54D4DCE3.1050503@del.bg> Hello, I've noticed that "doveadm quota get" doesn't recalculate quota if maildirsize file is missing for some reason. It just says quota is unknown, usage is 0. In contrast, vpopmail does regenerate maildirsize if it is missing. Reading the Maildir++ specification there is this part: ...If maildirsize does not exist, or if its size is at least 5120 bytes, recalculate it using the procedure defined above, and use the recalculated numbers... One seemingly legitimate reason for maildirsize to be missing is when vpopmail mailbox is set to NOQUOTA (i.e. no limits). My workaround to this is to use a fallback quota: quota_rule = ?:messages=10000000 That is, if there's no backend limit detected (missing maildirsize) then fallback to 10 mln message count quota. In this case doveadm quota get _does_ recalculate usage and even creates maildirsize file. So, my questions are: 1. Isn't it still better to calculate and show usage even if maildirsize is missing? Because calling quota recalc and then quota get is racy - someone else may change configuration or usage etc. between our two calls (forks). 2. If there's good reason against implicit recalculation, then maybe quota get output should be more specific that neither quota nor usage are known? Instead of usage=0 show -1 or "-" or "n/a" or "unkown"? From jtmoulia at gmail.com Fri Feb 6 17:27:37 2015 From: jtmoulia at gmail.com (Thomas Moulia) Date: Fri, 06 Feb 2015 09:27:37 -0800 Subject: Interface for managing users? Message-ID: Hello, > It's actually the way around: pick any user management and configure > Dovecot to use its database. > Depending on what you want, you need a system, that also removes the > user's home dirs and/or creates them from a skeleton. Makes sense, and is nicely simple. > After doing a change in the user database, make sure to run > doveadm auth cache flush > to force Dovecot to pick up the changes, before you fire up the next test. Ah, good to know -- that would've bit me. Thanks for the help, Steffen! -Thomas From dovecot at bsdpanic.com Fri Feb 6 21:38:58 2015 From: dovecot at bsdpanic.com (SW) Date: Fri, 06 Feb 2015 21:38:58 +0000 Subject: TLS config check Message-ID: <54D53472.5020008@bsdpanic.com> Hi All First the essentials: dovecot --version: 2.2.15 /usr/local/etc/dovecot/conf.d/10-ssl.conf: ssl = required ssl_cert = Message-ID: <20150206155024.Horde.Mo-v9toM6Uqjsac6koVnAg4@www.vfemail.net> Quoting SW : > Hi All > > First the essentials: > > dovecot --version: 2.2.15 > > /usr/local/etc/dovecot/conf.d/10-ssl.conf: > > ssl = required > > ssl_cert = > > ssl_key = > ssl_protocols = !SSLv2 !SSLv3 > > ssl_cipher_list = > HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA:+DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA:!AES128:!CAMELLIA128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:+AES256-SHA > > ssl_prefer_server_ciphers = yes > > I would really appreciate it if someone could tell me if my config is > super secure? I run the following email clients: > > K9 on Android 4.4.2 > Thunderbird 31.4 > Outlook 2010 > > I'm interested to know if the config I have is secure and that my cipher > list is acceptable. I'm also keen? to hear thoughts on my config in > respect of Forward Secrecy and the SSLv3/POODLE attack. > Thanks! According to https://cipherli.st/ ssl = yes ssl_cert = Dovecot 2.2.6 Is what you want.? From dovecot at bsdpanic.com Fri Feb 6 22:13:18 2015 From: dovecot at bsdpanic.com (SW) Date: Fri, 06 Feb 2015 22:13:18 +0000 Subject: TLS config check In-Reply-To: <20150206155024.Horde.Mo-v9toM6Uqjsac6koVnAg4@www.vfemail.net> References: <20150206155024.Horde.Mo-v9toM6Uqjsac6koVnAg4@www.vfemail.net> Message-ID: <54D53C7E.4030306@bsdpanic.com> According to https://cipherli.st/ > ssl = yes > ssl_cert = ssl_key = ssl_protocols = !SSLv2 !SSLv3 > ssl_cipher_list = AES128+EECDH:AES128+EDH > ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6 > Is what you want. Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list = AES128+EECDH:AES128+EDH Before I made this change clients were connecting with the following cipher in the log file: ECDHE-ECDSA-AES256-SHA (256/256 bits) After the change the log now says: ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits) Is this an improvement (or more secure) despite going from 256bits to 128bits? Thanks! From g.danti at assyoma.it Fri Feb 6 23:03:22 2015 From: g.danti at assyoma.it (Gionatan Danti) Date: Sat, 07 Feb 2015 00:03:22 +0100 Subject: Per-protocol =?UTF-8?Q?ssl=5Fprotocols=20settings?= In-Reply-To: <1929fe96ab73867a7c87aa3a0042d56f@assyoma.it> References: <1929fe96ab73867a7c87aa3a0042d56f@assyoma.it> Message-ID: <35d54813eb36e02d20566174c14d32c6@assyoma.it> Hi all, anyone with some ideas? Thanks. Il 2015-02-02 23:08 Gionatan Danti ha scritto: > Hi all, > I have a question regarding the "ssl_protocols" parameter. > > I understand that editing the 10-ssl.conf file I can set the > ssl_protocols variable as required. > At the same time, I can edit a single protocol file (eg: 20-pop3.conf) > to set the ssl_protocols for a specific protocol/listener. > > I wander if (and how) I can create a different listener for another > POP3 instance, for example listening on port 10995, and using another > ssl_protocol setting. > > In short, I would like to create a different, firewalled pop3s service > enabling the SSLv3 stack, while disabling it at system-wide settings. > > I am able to successfully create a new listener for port 10995, but I > don't understand how to associate the ssl_protocols value to the new > listener. Simply putting the ssl_protocols value into the listener > section give me a configuration error. > > Thank you all. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti at assyoma.it - info at assyoma.it GPG public key ID: FF5F32A8 From h.reindl at thelounge.net Sat Feb 7 03:47:31 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Sat, 07 Feb 2015 04:47:31 +0100 Subject: TLS config check In-Reply-To: <54D53C7E.4030306@bsdpanic.com> References: <20150206155024.Horde.Mo-v9toM6Uqjsac6koVnAg4@www.vfemail.net> <54D53C7E.4030306@bsdpanic.com> Message-ID: <54D58AD3.50606@thelounge.net> Am 06.02.2015 um 23:13 schrieb SW: > According to https://cipherli.st/ >> ssl = yes >> ssl_cert = > ssl_key = > ssl_protocols = !SSLv2 !SSLv3 >> ssl_cipher_list = AES128+EECDH:AES128+EDH >> ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6 >> Is what you want. > > Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list = > AES128+EECDH:AES128+EDH > > Before I made this change clients were connecting with the following > cipher in the log file: > > ECDHE-ECDSA-AES256-SHA (256/256 bits) > > After the change the log now says: > > ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits) > > Is this an improvement (or more secure) despite going from 256bits to > 128bits? yes it is because AES-GCM is currently the best cipher suite while there is no point for AES256, if AES128 will fall then it likely affects AES256 too and according to Brcue Schneier years ago AES128 has even less problems then AES256 (too lazy for google it again) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From jtam.home at gmail.com Sat Feb 7 06:15:30 2015 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 6 Feb 2015 22:15:30 -0800 (PST) Subject: Controlling inactivity timeout for IMAP Message-ID: I have a problem with a user who uses a wireless carrier that keeps changing his IP as he travels throughout the city. From the perspective of our dovecot IMAP server, the user keeps logging in from another IP, and after a short while, hits up against the mail_max_userip_connections limit. It takes 30 minutes before those orphaned connections times out. Is there any way to decrease the IMAP idle timeout other than to recompile dovecot with a new value? imap-common.h:#define CLIENT_IDLE_TIMEOUT_MSECS (60*30*1000) For example, will this work? service imap { idle_kill = 600 } Joseph Tam From mail at oliwel.de Sat Feb 7 08:40:38 2015 From: mail at oliwel.de (Oliver Welter) Date: Sat, 07 Feb 2015 09:40:38 +0100 Subject: TLS config check In-Reply-To: <54D58AD3.50606@thelounge.net> References: <20150206155024.Horde.Mo-v9toM6Uqjsac6koVnAg4@www.vfemail.net> <54D53C7E.4030306@bsdpanic.com> <54D58AD3.50606@thelounge.net> Message-ID: <54D5CF86.3090504@oliwel.de> Am 07.02.2015 um 04:47 schrieb Reindl Harald: > > Am 06.02.2015 um 23:13 schrieb SW: >> According to https://cipherli.st/ >>> ssl = yes >>> ssl_cert = >> ssl_key = >> ssl_protocols = !SSLv2 !SSLv3 >>> ssl_cipher_list = AES128+EECDH:AES128+EDH >>> ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6 >>> Is what you want. >> >> Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list = >> AES128+EECDH:AES128+EDH >> >> Before I made this change clients were connecting with the following >> cipher in the log file: >> >> ECDHE-ECDSA-AES256-SHA (256/256 bits) >> >> After the change the log now says: >> >> ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits) >> >> Is this an improvement (or more secure) despite going from 256bits to >> 128bits? > > yes it is because AES-GCM is currently the best cipher suite while there > is no point for AES256, if AES128 will fall then it likely affects > AES256 too and according to Brcue Schneier years ago AES128 has even > less problems then AES256 (too lazy for google it again) > Well, I am working in the crypto field and was a bit astonished about this "rant" - so a quick search brought up https://www.schneier.com/blog/archives/2009/07/another_new_aes.html - for those who want it more compact http://crypto.stackexchange.com/questions/5118/is-aes-256-weaker-than-192-and-128-bit-versions. Bottom line: AES256 *IS* better than AES128 for the intended usage but it is also true that AES-GCM rules out other AES based block ciphers for other kinds of attacks, so there is no "black or white" answer. To be honest, I wont worry on this - people who are in the position to break even a 128bit key will most likely find other ways to get into your mail communication ;) Oliver -- Protect your environment - close windows and adopt a penguin! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4074 bytes Desc: S/MIME Cryptographic Signature URL: From dovecot at bsdpanic.com Sat Feb 7 09:00:51 2015 From: dovecot at bsdpanic.com (SW) Date: Sat, 07 Feb 2015 09:00:51 +0000 Subject: TLS config check In-Reply-To: <54D5CF86.3090504@oliwel.de> References: <20150206155024.Horde.Mo-v9toM6Uqjsac6koVnAg4@www.vfemail.net> <54D53C7E.4030306@bsdpanic.com> <54D58AD3.50606@thelounge.net> <54D5CF86.3090504@oliwel.de> Message-ID: <54D5D443.1020602@bsdpanic.com> Is this an improvement (or more secure) despite going from 256bits to 128bits? >> yes it is because AES-GCM is currently the best cipher suite while there >> is no point for AES256, if AES128 will fall then it likely affects >> AES256 too and according to Brcue Schneier years ago AES128 has even >> less problems then AES256 (too lazy for google it again) >> > Well, I am working in the crypto field and was a bit astonished about > this "rant" - so a quick search brought up > https://www.schneier.com/blog/archives/2009/07/another_new_aes.html - > for those who want it more compact > http://crypto.stackexchange.com/questions/5118/is-aes-256-weaker-than-192-and-128-bit-versions. > > Bottom line: AES256 *IS* better than AES128 for the intended usage but > it is also true that AES-GCM rules out other AES based block ciphers for > other kinds of attacks, so there is no "black or white" answer. To be > honest, I wont worry on this - people who are in the position to break > even a 128bit key will most likely find other ways to get into your mail > communication ;) > > Oliver > Thank you all for your replies. I will keep the setting then to: AES128+EECDH:AES128+EDH From dovecot at bsdpanic.com Sat Feb 7 09:10:06 2015 From: dovecot at bsdpanic.com (SW) Date: Sat, 07 Feb 2015 09:10:06 +0000 Subject: TLS config check In-Reply-To: <54D5CF86.3090504@oliwel.de> References: <20150206155024.Horde.Mo-v9toM6Uqjsac6koVnAg4@www.vfemail.net> <54D53C7E.4030306@bsdpanic.com> <54D58AD3.50606@thelounge.net> <54D5CF86.3090504@oliwel.de> Message-ID: <54D5D66E.5030709@bsdpanic.com> I've just done a test with K9 mail on Android 4.4.2 and this is what I see in the log: ECDHE-ECDSA-AES128-SHA (128/128 bits) But when using Thunderbird I see: ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits) I'm happy that Thunderbird is using a secure cipher but is Android? Is ECDHE-ECDSA-AES128-SHA ok/secure? From mail at oliwel.de Sat Feb 7 09:21:12 2015 From: mail at oliwel.de (Oliver Welter) Date: Sat, 07 Feb 2015 10:21:12 +0100 Subject: TLS config check In-Reply-To: <54D5D66E.5030709@bsdpanic.com> References: <20150206155024.Horde.Mo-v9toM6Uqjsac6koVnAg4@www.vfemail.net> <54D53C7E.4030306@bsdpanic.com> <54D58AD3.50606@thelounge.net> <54D5CF86.3090504@oliwel.de> <54D5D66E.5030709@bsdpanic.com> Message-ID: <54D5D908.6000305@oliwel.de> Am 07.02.2015 um 10:10 schrieb SW: > I've just done a test with K9 mail on Android 4.4.2 and this is what I > see in the log: > > ECDHE-ECDSA-AES128-SHA (128/128 bits) > > But when using Thunderbird I see: > > ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits) > > I'm happy that Thunderbird is using a secure cipher but is Android? Is > ECDHE-ECDSA-AES128-SHA ok/secure? Short: See my last answer - secure is never a black or white decission. The chosen cypher will protect your traffic and its better than plain text. Long: The client negotiates the supported ciphers with the server and chooses one that fits for him. I *guess* that k9/anroid simply does not support the GCM cipher and therefore uses another one. To get the "best" result you need to list up all supported ciphers of your client and server and choose one, but be warned that if you ask two analyst, you might not get the same answer which is "best" as this dependes on the kind of threats you want to take care of Oliver -- Protect your environment - close windows and adopt a penguin! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4074 bytes Desc: S/MIME Cryptographic Signature URL: From dovecot at bsdpanic.com Sat Feb 7 10:05:33 2015 From: dovecot at bsdpanic.com (SW) Date: Sat, 07 Feb 2015 10:05:33 +0000 Subject: TLS config check In-Reply-To: <54D5D908.6000305@oliwel.de> References: <20150206155024.Horde.Mo-v9toM6Uqjsac6koVnAg4@www.vfemail.net> <54D53C7E.4030306@bsdpanic.com> <54D58AD3.50606@thelounge.net> <54D5CF86.3090504@oliwel.de> <54D5D66E.5030709@bsdpanic.com> <54D5D908.6000305@oliwel.de> Message-ID: <54D5E36D.2030608@bsdpanic.com> > Short: See my last answer - secure is never a black or white decission. > The chosen cypher will protect your traffic and its better than plain text. > > Long: The client negotiates the supported ciphers with the server and > chooses one that fits for him. I *guess* that k9/anroid simply does not > support the GCM cipher and therefore uses another one. To get the "best" > result you need to list up all supported ciphers of your client and > server and choose one, but be warned that if you ask two analyst, you > might not get the same answer which is "best" as this dependes on the > kind of threats you want to take care of > > > Oliver > Thanks Oliver. I had a look at: https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=4.4.2 And Android 4.4.2 does support: ECDHE-ECDSA-AES128-GCM-SHA256 So why then does K9 not connect using GCM? Could K9 mail not support this cipher? If Android supports it does this mean that K9 mail will support it too? Just trying to figure out WHY I can't get K9 to use GCM! From rs at sys4.de Sat Feb 7 10:15:56 2015 From: rs at sys4.de (Robert Schetterer) Date: Sat, 07 Feb 2015 11:15:56 +0100 Subject: TLS config check In-Reply-To: <54D5E36D.2030608@bsdpanic.com> References: <20150206155024.Horde.Mo-v9toM6Uqjsac6koVnAg4@www.vfemail.net> <54D53C7E.4030306@bsdpanic.com> <54D58AD3.50606@thelounge.net> <54D5CF86.3090504@oliwel.de> <54D5D66E.5030709@bsdpanic.com> <54D5D908.6000305@oliwel.de> <54D5E36D.2030608@bsdpanic.com> Message-ID: <54D5E5DC.3070402@sys4.de> Am 07.02.2015 um 11:05 schrieb SW: > >> Short: See my last answer - secure is never a black or white decission. >> The chosen cypher will protect your traffic and its better than plain >> text. >> >> Long: The client negotiates the supported ciphers with the server and >> chooses one that fits for him. I *guess* that k9/anroid simply does not >> support the GCM cipher and therefore uses another one. To get the "best" >> result you need to list up all supported ciphers of your client and >> server and choose one, but be warned that if you ask two analyst, you >> might not get the same answer which is "best" as this dependes on the >> kind of threats you want to take care of >> >> >> Oliver >> > > Thanks Oliver. > > I had a look at: > > https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=4.4.2 > > And Android 4.4.2 does support: > > ECDHE-ECDSA-AES128-GCM-SHA256 > > So why then does K9 not connect using GCM? Could K9 mail not support > this cipher? If Android supports it does this mean that K9 mail will > support it too? K9 questions should go to https://code.google.com/p/k9mail/issues/list > > Just trying to figure out WHY I can't get K9 to use GCM! Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From kremels at kreme.com Sun Feb 8 05:11:18 2015 From: kremels at kreme.com (LuKreme) Date: Sat, 7 Feb 2015 22:11:18 -0700 Subject: ssl_cipher_list Message-ID: How do I get a list of the possible ciphers that are installed on the system for use in ssl_cipher_list? -- They all have husbands and wives and children and houses and dogs, and you know, they've all made themselves a part of something and they can talk about what they do. What am I gonna say? "I killed the president of Paraguay with a fork. How've you been?" From dovecot-list at mohtex.net Sun Feb 8 06:06:06 2015 From: dovecot-list at mohtex.net (Tamsy) Date: Sun, 08 Feb 2015 13:06:06 +0700 Subject: ssl_cipher_list In-Reply-To: References: Message-ID: <54D6FCCE.2020905@mohtex.net> LuKreme wrote on 08.02.2015 12:11: > How do I get a list of the possible ciphers that are installed on the system for use in ssl_cipher_list? > > Verbose listing of all OpenSSL ciphers including NULL ciphers: openssl ciphers -v 'ALL:eNULL' See also: https://www.openssl.org/docs/apps/ciphers.html From g.danti at assyoma.it Mon Feb 9 10:33:27 2015 From: g.danti at assyoma.it (Gionatan Danti) Date: Mon, 09 Feb 2015 11:33:27 +0100 Subject: Per-protocol ssl_protocols settings In-Reply-To: <35d54813eb36e02d20566174c14d32c6@assyoma.it> References: <1929fe96ab73867a7c87aa3a0042d56f@assyoma.it> <35d54813eb36e02d20566174c14d32c6@assyoma.it> Message-ID: <54D88CF7.8000100@assyoma.it> Sorry for the bump... Anyone know if it is possible to have multiple protocols instances with different ssl_protocols settings? Regards. On 07/02/15 00:03, Gionatan Danti wrote: > Hi all, > anyone with some ideas? > > Thanks. > > Il 2015-02-02 23:08 Gionatan Danti ha scritto: >> Hi all, >> I have a question regarding the "ssl_protocols" parameter. >> >> I understand that editing the 10-ssl.conf file I can set the >> ssl_protocols variable as required. >> At the same time, I can edit a single protocol file (eg: 20-pop3.conf) >> to set the ssl_protocols for a specific protocol/listener. >> >> I wander if (and how) I can create a different listener for another >> POP3 instance, for example listening on port 10995, and using another >> ssl_protocol setting. >> >> In short, I would like to create a different, firewalled pop3s service >> enabling the SSLv3 stack, while disabling it at system-wide settings. >> >> I am able to successfully create a new listener for port 10995, but I >> don't understand how to associate the ssl_protocols value to the new >> listener. Simply putting the ssl_protocols value into the listener >> section give me a configuration error. >> >> Thank you all. > -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti at assyoma.it - info at assyoma.it GPG public key ID: FF5F32A8 From felix at zandanel.me Mon Feb 9 13:54:22 2015 From: felix at zandanel.me (Felix Zandanel) Date: Mon, 9 Feb 2015 14:54:22 +0100 Subject: Per-protocol ssl_protocols settings In-Reply-To: <54D88CF7.8000100@assyoma.it> References: <1929fe96ab73867a7c87aa3a0042d56f@assyoma.it> <35d54813eb36e02d20566174c14d32c6@assyoma.it> <54D88CF7.8000100@assyoma.it> Message-ID: <3850A2D6-C982-4F52-A4D5-26DCF5D9C6A0@zandanel.me> I performed a quick test and it seems that the "ssl_protocols" setting is per-IP only and shared among all listeners defined for that address. As you want this setting to be active for one specific "inet_listener" only (with port 10995 in your case), dovecot would have to permit the "ssl_protocols" directive in that scope, which it doesn?t. As a workaround I suggest using a special, unused loopback address to which you can apply the distinct SSL settings. You could use iptables/NAT to forward all incoming traffic originating from your external IP on port 10995 to 127.0.0.2:10995 for example. Then configure the POP3 service with an "inet_listener" for 127.0.0.2:10995 and use the "local" directive to set up the SSL protocols without touching global settings: local 127.0.0.2 { ssl_protocols = !SSLv2 } Regards, Felix Zandanel > Am 09.02.2015 um 11:33 schrieb Gionatan Danti : > > Sorry for the bump... > > Anyone know if it is possible to have multiple protocols instances with different ssl_protocols settings? > > Regards. > > On 07/02/15 00:03, Gionatan Danti wrote: >> Hi all, >> anyone with some ideas? >> >> Thanks. >> >> Il 2015-02-02 23:08 Gionatan Danti ha scritto: >>> Hi all, >>> I have a question regarding the "ssl_protocols" parameter. >>> >>> I understand that editing the 10-ssl.conf file I can set the >>> ssl_protocols variable as required. >>> At the same time, I can edit a single protocol file (eg: 20-pop3.conf) >>> to set the ssl_protocols for a specific protocol/listener. >>> >>> I wander if (and how) I can create a different listener for another >>> POP3 instance, for example listening on port 10995, and using another >>> ssl_protocol setting. >>> >>> In short, I would like to create a different, firewalled pop3s service >>> enabling the SSLv3 stack, while disabling it at system-wide settings. >>> >>> I am able to successfully create a new listener for port 10995, but I >>> don't understand how to associate the ssl_protocols value to the new >>> listener. Simply putting the ssl_protocols value into the listener >>> section give me a configuration error. >>> >>> Thank you all. >> > > -- > Danti Gionatan > Supporto Tecnico > Assyoma S.r.l. - www.assyoma.it > email: g.danti at assyoma.it - info at assyoma.it > GPG public key ID: FF5F32A8 From rgm at htt-consult.com Mon Feb 9 20:14:32 2015 From: rgm at htt-consult.com (Robert Moskowitz) Date: Mon, 09 Feb 2015 15:14:32 -0500 Subject: Geting mail quota exceeded with plenty of space Message-ID: <54D91528.4040602@htt-consult.com> I have a user that is getting mail quota exceeded: Feb 9 15:00:21 z9m9z dovecot: lda(dm at htt-consult.com): Error: sieve: msgid=<38308773.1704736628308773ywdm at htt-consult.com853430>: failed to store into mailbox 'INBOX': Quota exceeded (mailbox for user is full) Yet the quota is set for 1000Mb and the current reported use is 277Mb. There are only 28 messages in the in box and 842 in the spam. Where might the problem becoming from? The server is Redsleeve 6 (Centos6 on arm). I am running a combination of postfix/dovecot/roundcubemail with a mysql virtual domain database maintained with postfix.admin From rgm at htt-consult.com Mon Feb 9 20:31:18 2015 From: rgm at htt-consult.com (Robert Moskowitz) Date: Mon, 09 Feb 2015 15:31:18 -0500 Subject: Geting mail quota exceeded with plenty of space In-Reply-To: <54D91528.4040602@htt-consult.com> References: <54D91528.4040602@htt-consult.com> Message-ID: <54D91916.2040604@htt-consult.com> Further checkings shows another user also getting "Quota exceeded". This user has only 127Mb toward his quota. Only these two users have this problem. So far. Both are infrequent mail checkers. On 02/09/2015 03:14 PM, Robert Moskowitz wrote: > I have a user that is getting mail quota exceeded: > > > Feb 9 15:00:21 z9m9z dovecot: lda(dm at htt-consult.com): Error: sieve: > msgid=<38308773.1704736628308773ywdm at htt-consult.com853430>: failed to > store into mailbox 'INBOX': Quota exceeded (mailbox for user is full) > > Yet the quota is set for 1000Mb and the current reported use is 277Mb. > > There are only 28 messages in the in box and 842 in the spam. > > Where might the problem becoming from? > > The server is Redsleeve 6 (Centos6 on arm). I am running a > combination of postfix/dovecot/roundcubemail with a mysql virtual > domain database maintained with postfix.admin > > From bertrand.caplet at chunkz.net Mon Feb 9 20:37:01 2015 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Mon, 09 Feb 2015 21:37:01 +0100 Subject: Geting mail quota exceeded with plenty of space In-Reply-To: <54D91916.2040604@htt-consult.com> References: <54D91528.4040602@htt-consult.com> <54D91916.2040604@htt-consult.com> Message-ID: <54D91A6D.2000108@chunkz.net> > Further checkings shows another user also getting "Quota exceeded". This > user has only 127Mb toward his quota. Only these two users have this > problem. So far. Both are infrequent mail checkers. It might be the quota for number of messages : Check with "doveadm quota get -u user at domain.example" If there is a limit for number of messages. Regards, -- CHUNKZ.NET - script kiddie and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rgm at htt-consult.com Mon Feb 9 20:41:14 2015 From: rgm at htt-consult.com (Robert Moskowitz) Date: Mon, 09 Feb 2015 15:41:14 -0500 Subject: Geting mail quota exceeded with plenty of space In-Reply-To: <54D91A6D.2000108@chunkz.net> References: <54D91528.4040602@htt-consult.com> <54D91916.2040604@htt-consult.com> <54D91A6D.2000108@chunkz.net> Message-ID: <54D91B6A.2010308@htt-consult.com> On 02/09/2015 03:37 PM, Bertrand Caplet wrote: >> Further checkings shows another user also getting "Quota exceeded". This >> user has only 127Mb toward his quota. Only these two users have this >> problem. So far. Both are infrequent mail checkers. > It might be the quota for number of messages : Could be. dm has over 9k of trashed messages. but.. > Check with "doveadm quota get -u user at domain.example" > If there is a limit for number of messages. doveadm(root): Fatal: Unknown command 'quota', but plugin quota exists. Try to set mail_plugins=quota From bertrand.caplet at chunkz.net Mon Feb 9 20:51:54 2015 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Mon, 09 Feb 2015 21:51:54 +0100 Subject: Geting mail quota exceeded with plenty of space In-Reply-To: <54D91B6A.2010308@htt-consult.com> References: <54D91528.4040602@htt-consult.com> <54D91916.2040604@htt-consult.com> <54D91A6D.2000108@chunkz.net> <54D91B6A.2010308@htt-consult.com> Message-ID: <54D91DEA.2010509@chunkz.net> > doveadm(root): Fatal: Unknown command 'quota', but plugin quota exists. > Try to set mail_plugins=quota Show me your doveconf -n without your passwords. -- CHUNKZ.NET - script kiddie and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rgm at htt-consult.com Mon Feb 9 20:54:04 2015 From: rgm at htt-consult.com (Robert Moskowitz) Date: Mon, 09 Feb 2015 15:54:04 -0500 Subject: Geting mail quota exceeded with plenty of space In-Reply-To: <54D91A6D.2000108@chunkz.net> References: <54D91528.4040602@htt-consult.com> <54D91916.2040604@htt-consult.com> <54D91A6D.2000108@chunkz.net> Message-ID: <54D91E6C.1000308@htt-consult.com> On 02/09/2015 03:37 PM, Bertrand Caplet wrote: >> Further checkings shows another user also getting "Quota exceeded". This >> user has only 127Mb toward his quota. Only these two users have this >> problem. So far. Both are infrequent mail checkers. > It might be the quota for number of messages : that was it. Emptied trash and mail flowing. How is the message # quota managed? I never encountered it before. But don't have time today to dig into it. conference call coming up. > > Check with "doveadm quota get -u user at domain.example" > If there is a limit for number of messages. > > Regards, From rgm at htt-consult.com Mon Feb 9 20:54:34 2015 From: rgm at htt-consult.com (Robert Moskowitz) Date: Mon, 09 Feb 2015 15:54:34 -0500 Subject: Geting mail quota exceeded with plenty of space In-Reply-To: <54D91DEA.2010509@chunkz.net> References: <54D91528.4040602@htt-consult.com> <54D91916.2040604@htt-consult.com> <54D91A6D.2000108@chunkz.net> <54D91B6A.2010308@htt-consult.com> <54D91DEA.2010509@chunkz.net> Message-ID: <54D91E8A.1000902@htt-consult.com> On 02/09/2015 03:51 PM, Bertrand Caplet wrote: >> doveadm(root): Fatal: Unknown command 'quota', but plugin quota exists. >> Try to set mail_plugins=quota > Show me your doveconf -n without your passwords. Tomorrow. Got a conference call that I am not ready for :( From bertrand.caplet at chunkz.net Mon Feb 9 21:04:59 2015 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Mon, 09 Feb 2015 22:04:59 +0100 Subject: Geting mail quota exceeded with plenty of space In-Reply-To: <54D91E6C.1000308@htt-consult.com> References: <54D91528.4040602@htt-consult.com> <54D91916.2040604@htt-consult.com> <54D91A6D.2000108@chunkz.net> <54D91E6C.1000308@htt-consult.com> Message-ID: <54D920FB.2090009@chunkz.net> > that was it. Emptied trash and mail flowing. How is the message # > quota managed? I never encountered it before. > > But don't have time today to dig into it. conference call coming up. You might have messages quota configured somewhere. And for : > doveadm(root): Fatal: Unknown command 'quota', but plugin quota >exists. Try to set mail_plugins=quota See http://wiki2.dovecot.org/Quota/Configuration you might haven't enabled quota plugin somewhere. -- CHUNKZ.NET - script kiddie and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From info at netocean.de Mon Feb 9 21:29:29 2015 From: info at netocean.de (=?UTF-8?B?TGVhbmRlciBTY2jDpGZlcg==?=) Date: Mon, 09 Feb 2015 22:29:29 +0100 Subject: Postfix , Dovecot & the Spam fight Message-ID: <54D926B9.5090304@netocean.de> Hi, I'm currently busy with a substiution of my current mail server. I'm currently using * Clam-SMTP and * SpamAssassin to fight Spam. I wonder if it is worth implementing AmaViS with SpamAssassin backend instead and also using AmaViS to speak to clamd directly. But I more and more wonder wether AmaViS is even worth it?! It currently looks to me as if AmaViS is eating LOTS of ressources and it is very uncomfortable for automated installations if you have to do dynamic batch changes on the AmaViS configs - sed(1) is your friend but this hectic escaping and workarrounds is really not sustainable to maintain. So my question is: Does AmaViS have any advantages compared to the current setup? I don't seem to find lots of qualified discussions for this on the net. The AmaViS related articles I found are freaking old. Would be nice the get your best practice as a change. Thanks a lot Best regards Leander From h.reindl at thelounge.net Mon Feb 9 21:33:58 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 09 Feb 2015 22:33:58 +0100 Subject: Postfix , Dovecot & the Spam fight In-Reply-To: <54D926B9.5090304@netocean.de> References: <54D926B9.5090304@netocean.de> Message-ID: <54D927C6.5000204@thelounge.net> Am 09.02.2015 um 22:29 schrieb Leander Sch?fer: > I'm currently busy with a substiution of my current mail server. I'm > currently using > > * Clam-SMTP and > * SpamAssassin > > to fight Spam. I wonder if it is worth implementing AmaViS with > SpamAssassin backend instead and also using AmaViS to speak to clamd > directly. But I more and more wonder wether AmaViS is even worth it?! It > currently looks to me as if AmaViS is eating LOTS of ressources and it > is very uncomfortable for automated installations if you have to do > dynamic batch changes on the AmaViS configs - sed(1) is your friend but > this hectic escaping and workarrounds is really not sustainable to > maintain. > > So my question is: Does AmaViS have any advantages compared to the > current setup? I don't seem to find lots of qualified discussions for > this on the net. The AmaViS related articles I found are freaking old. > Would be nice the get your best practice as a change i don't see advantages but issues if you ask something on the SA list and finally find out that amavis handles configurations different ressource usage is mostly the same, amavis is only the glue the hard work is done anyways by spamassassin and clamav for both milters exists so you can reject spam instead only flag and deliver or even more worse silently discard it - not a real problem with postscreen and RBL scroing in front, happy running here since 2014/08 with zero load even at peaks of 400 junk attempts per minute smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock, unix:/run/clamav-milter/clamav-milter.socket -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From info at netocean.de Mon Feb 9 21:43:42 2015 From: info at netocean.de (=?UTF-8?B?TGVhbmRlciBTY2jDpGZlcg==?=) Date: Mon, 09 Feb 2015 22:43:42 +0100 Subject: Postfix , Dovecot & the Spam fight In-Reply-To: <54D927C6.5000204@thelounge.net> References: <54D926B9.5090304@netocean.de> <54D927C6.5000204@thelounge.net> Message-ID: <54D92A0E.4030402@netocean.de> Hi Harald puuhh - thank you for your positive feedback. I'm really relieved ;) It's been a pleasure to write batch scripts for configurin SpamAssassin - and it has also been running like a charm the past 6 years. Go to hell AmaViS ! Crap ;) Best regards Leander Am 09.02.15 um 22:33 schrieb Reindl Harald: > > Am 09.02.2015 um 22:29 schrieb Leander Sch?fer: >> I'm currently busy with a substiution of my current mail server. I'm >> currently using >> >> * Clam-SMTP and >> * SpamAssassin >> >> to fight Spam. I wonder if it is worth implementing AmaViS with >> SpamAssassin backend instead and also using AmaViS to speak to clamd >> directly. But I more and more wonder wether AmaViS is even worth it?! It >> currently looks to me as if AmaViS is eating LOTS of ressources and it >> is very uncomfortable for automated installations if you have to do >> dynamic batch changes on the AmaViS configs - sed(1) is your friend but >> this hectic escaping and workarrounds is really not sustainable to >> maintain. >> >> So my question is: Does AmaViS have any advantages compared to the >> current setup? I don't seem to find lots of qualified discussions for >> this on the net. The AmaViS related articles I found are freaking old. >> Would be nice the get your best practice as a change > > i don't see advantages but issues if you ask something on the SA list > and finally find out that amavis handles configurations different > > ressource usage is mostly the same, amavis is only the glue > the hard work is done anyways by spamassassin and clamav > > for both milters exists so you can reject spam instead only flag and > deliver or even more worse silently discard it - not a real problem > with postscreen and RBL scroing in front, happy running here since > 2014/08 with zero load even at peaks of 400 junk attempts per minute > > smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock, > unix:/run/clamav-milter/clamav-milter.socket > From rs at sys4.de Mon Feb 9 21:47:03 2015 From: rs at sys4.de (Robert Schetterer) Date: Mon, 09 Feb 2015 22:47:03 +0100 Subject: Postfix , Dovecot & the Spam fight In-Reply-To: <54D926B9.5090304@netocean.de> References: <54D926B9.5090304@netocean.de> Message-ID: <54D92AD7.3030505@sys4.de> Am 09.02.2015 um 22:29 schrieb Leander Sch?fer: > So my question is: Does AmaViS have any advantages compared to the > current setup? I don't seem to find lots of qualified discussions for > this on the net. The AmaViS related articles I found are freaking old. > Would be nice the get your best practice as a change. Amavis is a framework, i has more stuff included you might like i.e you wanna use more antivir providers, use it for dkim and lot more, anyway if you dont wanna use it , it may better switch to clamav-milter and spamass-milter from you recent setup perhaps read http://www.ijs.si/software/amavisd/#features after all this isnt a true dovecot question, ask amavis postfix lists Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rgm at htt-consult.com Mon Feb 9 22:23:00 2015 From: rgm at htt-consult.com (Robert Moskowitz) Date: Mon, 09 Feb 2015 17:23:00 -0500 Subject: Geting mail quota exceeded with plenty of space In-Reply-To: <54D91DEA.2010509@chunkz.net> References: <54D91528.4040602@htt-consult.com> <54D91916.2040604@htt-consult.com> <54D91A6D.2000108@chunkz.net> <54D91B6A.2010308@htt-consult.com> <54D91DEA.2010509@chunkz.net> Message-ID: <54D93344.6000802@htt-consult.com> On 02/09/2015 03:51 PM, Bertrand Caplet wrote: >> doveadm(root): Fatal: Unknown command 'quota', but plugin quota exists. >> Try to set mail_plugins=quota > Show me your doveconf -n without your passwords. I looked and no passwords in my doveconf... # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 3.4.61.sun7i+ armv7l Red Sleeve Enterprise Linux release 6 (Leap) ext4 auth_mechanisms = plain login dict { quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } first_valid_gid = 12 first_valid_uid = 101 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_save_to_detail_mailbox = yes mail_location = maildir:/home/vmail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } plugin { acl = vfile:/etc/dovecot/acls quota = dict:user::proxy::quotadict sieve = ~/dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /home/sieve/ sieve_global_path = /home/sieve/globalfilter.sieve sieve_max_script_size = 1M trash = /etc/dovecot/trash.conf } protocols = imap pop3 lmtp sieve service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service { unix_listener { group = postfix mode = 0666 user = postfix path = /var/spool/postfix/private/auth } unix_listener { group = mail mode = 0666 user = vmail path = auth-userdb } name = auth } service config { name = config } service { unix_listener { group = mail mode = 0666 user = vmail path = dict } name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service { inet_listener { port = 143 name = imap } inet_listener { port = 993 ssl = yes name = imaps } name = imap-login } service login/imap { vsz_limit = 256 M name = imap } service lmtp { name = lmtp } service { inet_listener { port = 4190 name = sieve } process_min_avail = 0 service_count = 1 vsz_limit = 64 M name = managesieve-login } service login/sieve { name = managesieve } service { inet_listener { port = 110 name = pop3 } inet_listener { port = 995 ssl = yes name = pop3s } name = pop3-login } service login/pop3 { name = pop3 } service login/ssl-params { name = ssl-params } ssl_cert = References: <54D91528.4040602@htt-consult.com> <54D91916.2040604@htt-consult.com> <54D91A6D.2000108@chunkz.net> <54D91E6C.1000308@htt-consult.com> <54D920FB.2090009@chunkz.net> Message-ID: <54D93440.2060200@htt-consult.com> On 02/09/2015 04:04 PM, Bertrand Caplet wrote: >> that was it. Emptied trash and mail flowing. How is the message # >> quota managed? I never encountered it before. >> >> But don't have time today to dig into it. conference call coming up. > You might have messages quota configured somewhere. > And for : >> doveadm(root): Fatal: Unknown command 'quota', but plugin quota >> exists. Try to set mail_plugins=quota > See http://wiki2.dovecot.org/Quota/Configuration you might haven't > enabled quota plugin somewhere. > /etc/dovecot/dovecot-dict-quota.conf connect = host=localhost dbname=postfix user=postfix password=******* map { pattern = priv/quota/storage table = quota2 username_field = username value_field = bytes } map { pattern = priv/quota/messages table = quota2 username_field = username value_field = messages } /etc/dovecot/dovecot-mysql.conf driver = mysql connect = host=localhost dbname=postfix user=postfix password=******* default_pass_scheme = MD5-CRYPT password_query = SELECT username as user, password, concat('/home/vmail/', maildir) as userdb_home, concat('maildir:/home/vmail/', maildir) as userdb_mail, 101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1' user_query = SELECT concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active = '1' Well there it is, clear as day. messages=10000 Guess I can increase that. I suspect I will have to restart dovecot.... From michael.h.smith at nasa.gov Mon Feb 9 23:19:44 2015 From: michael.h.smith at nasa.gov (Smith, Michael H. (GSFC-760.0)[NICS]) Date: Mon, 9 Feb 2015 23:19:44 +0000 Subject: Mails Not Deleting in first POP3 Session Message-ID: The dovecot -n output is attached to this email. Filename dovecot-n_filtered.conf. Dovecot Version: 2.2.10 OS: CentOS 6.6 MTA: Postfix version 2.6.6 The system is using dsync between two mailbox servers. Problem: When a pop3 session deletes a new message and the pop3 session ends, the message is not deleted. On a subsequent pop3 session, the same messages is deleted again and when the session ends, this time the messages is removed. This results in automated scripts getting duplicate messages. Previous mail server utilized postfix and dbmail. The problem did not exist. All of our replication settings are located in the file /etc/dovecot/conf.d/12-replicator.conf. When I move the above file out of /etc/dovecot/conf.d/ on both mailbox servers and restart dovecot, the pop3 deletion problem goes away and the system behaves as expected i.e. when a messages is deleted, it's removed when the session ends (of course its not replicated to the secondary server). Numerous tests using IMAP and deleted messages behaved as expected.with or without replication Here is some additional information that I hope helps: Below I'm running watch 'pwd; ls -l; echo "../cur"; ls -l ../cur | tail -2' On the primary mailbox server: Every 2.0s: pwd; ls -l; echo "../cur"; ls -l ../cur | t... Mon Feb 9 22:42:04 2015 /home/vmail/nascom.nasa.gov/test_u/new total 48 -rw------- 1 vmail mail 46223 Feb 9 22:41 1423521693.M193283P20903.mbox-open-1.nasc om.nasa.gov,S=46223,W=46902 ../cur -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191796.M570666P7291.mbox-open-1.nascom .nasa.gov,S=3269,W=3980:2, -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191797.M813970P7291.mbox-open-1.nascom .nasa.gov,S=3269,W=3980:2, On the backup mailbox server: Every 2.0s: pwd; ls -l; echo "../cur"; ls -l ../cur... Mon Feb 9 22:44:12 2015 /home/vmail/nascom.nasa.gov/test_u/new total 48 -rw------- 1 vmail mail 46223 Feb 9 22:41 1423521693.M193283P20903.mbox-open-1. nascom.nasa.gov,S=46223,W=46902 ../cur -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191796.M570666P7291.mbox-open-1.na scom.nasa.gov,S=3269,W=3980:2, -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191797.M813970P7291.mbox-open-1.na scom.nasa.gov,S=3269,W=3980:2, After I connect to the primary mailbox server using openssl s_client -connect mail1.example.com:995 tls1_2 user test_u pass 123456 output below from the same watch command from above: Primary Every 2.0s: pwd; ls -l; echo "../cur"; ls -l ../cur | t... Mon Feb 9 22:47:50 2015 /home/vmail/nascom.nasa.gov/test_u/new total 0 ../cur -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191797.M813970P7291.mbox-open-1.nasco m.nasa.gov,S=3269,W=3980:2, -rw------- 1 vmail mail 46223 Feb 9 22:41 1423521693.M193283P20903.mbox-open-1.nasc om.nasa.gov,S=46223,W=46902:2, Secondary: Every 2.0s: pwd; ls -l; echo "../cur"; ls -l ../cur... Mon Feb 9 22:48:14 2015 /home/vmail/nascom.nasa.gov/test_u/new total 48 -rw------- 1 vmail mail 46223 Feb 9 22:41 1423521693.M193283P20903.mbox-open-1. nascom.nasa.gov,S=46223,W=46902 ../cur -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191796.M570666P7291.mbox-open-1.na scom.nasa.gov,S=3269,W=3980:2, -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191797.M813970P7291.mbox-open-1.na scom.nasa.gov,S=3269,W=3980:2, So far, on the primary, the new message is moved to the cur directory while on the backup the new messages is still in new. I perform a list command to get the message I want to delete. In this case the message number is 2402 so it looks like this... list . . . 2401 2402 dele 2402 +OK Marked to be deleted quit Here's the primary: Every 2.0s: pwd; ls -l; echo "../cur"; ls -l ../cur | t... Mon Feb 9 22:53:16 2015 /home/vmail/nascom.nasa.gov/test_u/new total 48 -rw------- 1 vmail mail 46223 Feb 9 22:41 1423521693.M193283P20903.mbox-open-1.nasc om.nasa.gov,S=46223,W=46902 ../cur -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191796.M570666P7291.mbox-open-1.nascom .nasa.gov,S=3269,W=3980:2, -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191797.M813970P7291.mbox-open-1.nascom .nasa.gov,S=3269,W=3980:2, Here's the secondary: Every 2.0s: pwd; ls -l; echo "../cur"; ls -l ../cur... Mon Feb 9 22:53:38 2015 /home/vmail/nascom.nasa.gov/test_u/new total 48 -rw------- 1 vmail mail 46223 Feb 9 22:41 1423522362.M879542P21023.mbox-open-2. nascom.nasa.gov,S=46223,W=46902 ../cur -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191796.M570666P7291.mbox-open-1.na scom.nasa.gov,S=3269,W=3980:2, -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191797.M813970P7291.mbox-open-1.na scom.nasa.gov,S=3269,W=3980:2, See we see the message on the primary is moved back to new while the message on the secindary has a name change. Now for the second session (again using openssl): +OK Dovecot ready. user test_u +OK pass --------------- +OK Logged in. Here's the output on the primary: Every 2.0s: pwd; ls -l; echo "../cur"; ls -l ../cur | t... Mon Feb 9 22:56:27 2015 /home/vmail/nascom.nasa.gov/test_u/new total 0 ../cur -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191797.M813970P7291.mbox-open-1.nasco m.nasa.gov,S=3269,W=3980:2, -rw------- 1 vmail mail 46223 Feb 9 22:41 1423521693.M193283P20903.mbox-open-1.nasc om.nasa.gov,S=46223,W=46902:2, Here's the output on the secondary: Every 2.0s: pwd; ls -l; echo "../cur"; ls -l ../cur... Mon Feb 9 22:57:22 2015 /home/vmail/nascom.nasa.gov/test_u/new total 48 -rw------- 1 vmail mail 46223 Feb 9 22:41 1423522362.M879542P21023.mbox-open-2. nascom.nasa.gov,S=46223,W=46902 ../cur -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191796.M570666P7291.mbox-open-1.na scom.nasa.gov,S=3269,W=3980:2, -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191797.M813970P7291.mbox-open-1.na scom.nasa.gov,S=3269,W=3980:2, Now a list and delete... list . . . 2401 2402 dele 2402 +OK Marked to be deleted quit Here's the output of the primary: Every 2.0s: pwd; ls -l; echo "../cur"; ls -l ../cur | t... Mon Feb 9 22:59:17 2015 /home/vmail/nascom.nasa.gov/test_u/new total 0 ../cur -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191796.M570666P7291.mbox-open-1.nascom .nasa.gov,S=3269,W=3980:2, -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191797.M813970P7291.mbox-open-1.nascom .nasa.gov,S=3269,W=3980:2, Now the scondary: Every 2.0s: pwd; ls -l; echo "../cur"; ls -l ../cur... Mon Feb 9 22:59:37 2015 /home/vmail/nascom.nasa.gov/test_u/new total 0 ../cur -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191796.M570666P7291.mbox-open-1.na scom.nasa.gov,S=3269,W=3980:2, -rw------- 1 vmail mail 3269 Nov 28 16:23 1417191797.M813970P7291.mbox-open-1.na scom.nasa.gov,S=3269,W=3980:2, The message is deleted now. Multiple new messages that are all deleted in the same session behave the same way.. However, if the new messages aren't deleted in the first session, they move to the cur directory. On a subsequent session, the messages can be deleted and they are removed. The new messages remain in the new directory after the first session (as previously stated) on the secondary mailbox server until the dele. So second session deletes appear to work fine Any assistance would be greatly appreciated. --Mike -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-n_filtered.conf Type: application/octet-stream Size: 2935 bytes Desc: dovecot-n_filtered.conf URL: From bertrand.caplet at chunkz.net Tue Feb 10 01:21:41 2015 From: bertrand.caplet at chunkz.net (Bertrand Caplet) Date: Tue, 10 Feb 2015 02:21:41 +0100 Subject: Geting mail quota exceeded with plenty of space In-Reply-To: <54D93440.2060200@htt-consult.com> References: <54D91528.4040602@htt-consult.com> <54D91916.2040604@htt-consult.com> <54D91A6D.2000108@chunkz.net> <54D91E6C.1000308@htt-consult.com> <54D920FB.2090009@chunkz.net> <54D93440.2060200@htt-consult.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Just modify and do dovecot reload. It'll ne alright >CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM mailbox >WHERE username = '%u' AND active = '1' > > > >Well there it is, clear as day. messages=10000 > >Guess I can increase that. I suspect I will have to restart >dovecot.... - -- CHUNKZ.NET - dodgy DIYer and computer technician Bertrand Caplet, Flers (FR) Feel free to send encrypted/signed messages Key ID: FF395BD9 GPG FP: DE10 73FD 17EB 5544 A491 B385 1EDA 35DC FF39 5BD9 -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQJKBAEBCgA0BQJU2V0kLRxCZXJ0cmFuZCBDYXBsZXQgPGJlcnRyYW5kLmNhcGxl dEBjaHVua3oubmV0PgAKCRAe2jXc/zlb2dfpD/41HrL10VzjkH2xJlcdUiCHdkTb xwqh5eW7aINE501JUGdtRc58EVoNgSbXUCI7HYCWj83GFKWYvXXmDsenw/ARqrWU 4MBhxHDPYGbpdlCyVrtzjkaq192WyZgL8IJWERfc8Wu3s8K0j1xGGgS9q/dYh03i MqRiooamRB6uQ6owFjrO0MFG5HYYrGsyjKb61cvsY2kXbyAjzI+ztk2w6Dbfmfne WM02FlwjWBxeVaCJHJ9bqUPwuJaGJ+Bqby2UPv7tSP2/EButFoCIGXUnX8WXqgmG MBh5QqEVfWTwWAIyAvSfNsXfopH2FJVgd0Ng1tfN8oCJQDQoFktQCriQPrEpXnOi LKhKyLBiz4oiIn3icovn3AEjSqQTR5Q0cewwp18iJSDYa+7tMlsecincf6qd0ZFE sfqCklkxfNVxBxKRgtaJIBCGWR9kx9VNU/g/5PjLfgzuewc1ku+24kBZYms0ZhIK wqrkYLsy30aA/GXr8TPM42FFFCWwFDbDDeRpj8wS7t+p5fc5sUUMjzAILMyECueD sMqrtIFm0dw7cbnsSTIzbD9MjbffvVMSvw3PA6WasWJgFEKjRoLS4S7U36svb9V1 triQybAqkIMTSk5fzeJXD0pv1gwW/1DLcUvSfHTHhFexkOxoVk7boLQ4lOU4tAlu TOX+wuqJGIPHxF46yA== =3kSh -----END PGP SIGNATURE----- From Ovidiu.Moldovan at cybercom.com Tue Feb 10 08:25:49 2015 From: Ovidiu.Moldovan at cybercom.com (Ovidiu Moldovan) Date: Tue, 10 Feb 2015 08:25:49 +0000 Subject: Dovecot 2.2.15 issues with global ACL Message-ID: <195b4828cef3457090bac045659187eb@mmambx4.global.ad> Hello, We have upgraded from Dovecot 2.2.13 to 2.2.15 and we are using global ACL file. The content of the ACL file is as following: * owner r INBOX owner lrwstipekxa INBOX/* owner lrwstipekxa user owner rwstipekxa user/* owner rwstipekxa This worked fine but after update any user cannot see any folders from under the INBOX, also they cannot create any new folders. Error into the logs are like this: Debug: acl: Mailbox not in dovecot-acl-list: INBOX Debug: acl: Mailbox not in dovecot-acl-list: INBOX/Chats Debug: acl: Mailbox not in dovecot-acl-list: INBOX/Draft Debug: acl: Mailbox not in dovecot-acl-list: INBOX/INBOX .... I can only see one acl change log at version 2.2.14: http://www.dovecot.org/list/dovecot-news/2014-October/000276.html acl: Global ACL file now supports "quotes" around patterns. But I could not find the reason why the global acl file does not work anymore? Br, Ova From christian.binder at freilassing.de Tue Feb 10 10:11:36 2015 From: christian.binder at freilassing.de (Christian Binder Stadt Freilassing) Date: Tue, 10 Feb 2015 11:11:36 +0100 Subject: Uniqueness of dovecot mailbox-guids In-Reply-To: <17447_1422519994_t0T8QX63004644_19be7073210b3a37aa30b79fcaf796b0@egroupware.freilassing.de> Message-ID: <7b90c050c2f65ddb01a9be192224449b@egroupware.freilassing.de> Bump. Can no one give a hint? Thanks a lot! Christian From christian.binder at freilassing.de Tue Feb 10 11:21:18 2015 From: christian.binder at freilassing.de (Christian Binder Stadt Freilassing) Date: Tue, 10 Feb 2015 12:21:18 +0100 Subject: Uniqueness of dovecot mailbox-guids In-Reply-To: <17447_1422519994_t0T8QX63004644_19be7073210b3a37aa30b79fcaf796b0@egroupware.freilassing.de> Message-ID: <5cf48ff1c04b5e058e11b2335f0cfb2b@egroupware.freilassing.de> Ok, problem solved. Obviously the GUIDs only have to be unique for a specific user account in dovecot. Many thanks to Heinlein Support who helped me with this question! From Ovidiu.Moldovan at cybercom.com Tue Feb 10 12:07:25 2015 From: Ovidiu.Moldovan at cybercom.com (Ovidiu Moldovan) Date: Tue, 10 Feb 2015 12:07:25 +0000 Subject: Dovecot 2.2.15 issues with global ACL In-Reply-To: <195b4828cef3457090bac045659187eb@mmambx4.global.ad> References: <195b4828cef3457090bac045659187eb@mmambx4.global.ad> Message-ID: <617e67c2c6754e528c3b93fa89ebb912@mmambx4.global.ad> It seems after checking the code that global ACL file functionality was changed at 2.2.14 so that only 1 rule is used, not multiple rules. This is not documented or said anywhere into change logs. Br, Ova -----Original Message----- From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Ovidiu Moldovan Sent: 10. helmikuuta 2015 10:26 To: dovecot at dovecot.org Subject: Dovecot 2.2.15 issues with global ACL Hello, We have upgraded from Dovecot 2.2.13 to 2.2.15 and we are using global ACL file. The content of the ACL file is as following: * owner r INBOX owner lrwstipekxa INBOX/* owner lrwstipekxa user owner rwstipekxa user/* owner rwstipekxa This worked fine but after update any user cannot see any folders from under the INBOX, also they cannot create any new folders. Error into the logs are like this: Debug: acl: Mailbox not in dovecot-acl-list: INBOX Debug: acl: Mailbox not in dovecot-acl-list: INBOX/Chats Debug: acl: Mailbox not in dovecot-acl-list: INBOX/Draft Debug: acl: Mailbox not in dovecot-acl-list: INBOX/INBOX .... I can only see one acl change log at version 2.2.14: http://www.dovecot.org/list/dovecot-news/2014-October/000276.html acl: Global ACL file now supports "quotes" around patterns. But I could not find the reason why the global acl file does not work anymore? Br, Ova From doctor at doctor.nl2k.ab.ca Tue Feb 10 15:35:26 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Tue, 10 Feb 2015 08:35:26 -0700 Subject: Server switching Message-ID: <20150210153526.GA20315@doctor.nl2k.ab.ca> Quick question. We are using both IMAP and POP#. Question : how can you avoid retrieving an e-mail that has been already retrieved? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism If you want to catch something, running after it isn't always the best way. -Lois McMaster Bujold From axaly at yahoo.fr Tue Feb 10 15:36:49 2015 From: axaly at yahoo.fr (TN) Date: Tue, 10 Feb 2015 16:36:49 +0100 Subject: How to Delete an user and Purge attachements with a common directory mail_attachment_dir with SIS for all users. Message-ID: <54DA2591.5000904@yahoo.fr> Hello everybody, What is the best way to delete an user mailbox (ex: /var/mail/johndoe ) when all attachments (for all users) are in a common directory with SIS deduplication (ex: mail_attachment_dir = /var/mail/attachments ) ? Trying to delete user mailbox directory (rm) and do the command : doveadm -v purge -u johndoe leave all johndoe's attachments orphelin. Best regards, TN From h.reindl at thelounge.net Tue Feb 10 15:40:06 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 10 Feb 2015 16:40:06 +0100 Subject: Server switching In-Reply-To: <20150210153526.GA20315@doctor.nl2k.ab.ca> References: <20150210153526.GA20315@doctor.nl2k.ab.ca> Message-ID: <54DA2656.9070604@thelounge.net> Am 10.02.2015 um 16:35 schrieb The Doctor: > Quick question. > > We are using both IMAP and POP#. > > Question : > how can you avoid retrieving an e-mail that has been already retrieved? by just rsync the complete data from the old to the new server * first rsync hot while servicers running * stop services * second rsync only transfer the differences * DNS and/or IP change * start servcies on the new server the client don't know anything about that -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From redflag237 at googlemail.com Tue Feb 10 15:58:02 2015 From: redflag237 at googlemail.com (Jonas Plitt) Date: Tue, 10 Feb 2015 16:58:02 +0100 Subject: Slow replication Message-ID: Hi, I'm running two Dovecot 2.2.9 Servers running replication. Users are the same. My Replication is very slow. Mails from Server one appear on Server two after 1-3 hours. Rarely i can see duplicated mails (Log message "Expunged message reappeared. Setting new UID"). This is my doveconf -n output: > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-44-generic x86_64 Ubuntu 14.04.1 LTS > auth_cache_size = 10 M > auth_mechanisms = plain login > debug_log_path = /var/log/dovecot-debug.log > doveadm_password = ABC012456789ABC > doveadm_port = 12345 > imap_idle_notify_interval = 30 mins > info_log_path = /var/log/dovecot-info.log > listen = *,[::] > log_timestamp = "%Y-%m-%d %H:%M:%S " > login_greeting = Dovecot (Ubuntu) ready. > mail_fsync = always > mail_gid = vmail > mail_location = mbox:~/mail:INBOX=/var/mail/%u > mail_plugins = " notify replication zlib mail_log" > mail_privileged_group = vmail > mail_uid = vmail > mailbox_idle_check_interval = 1 mins > mbox_lazy_writes = no > namespace inbox { > inbox = yes > location = > prefix = > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > mail_log_events = delete undelete expunge copy mailbox_delete > mailbox_rename > mail_log_fields = uid box msgid size > mail_replica = tcp:server2.mydomain.de:12345 > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > replication_full_sync_interval = 1 hour > sieve = /var/vmail/%d/%n/.sieve > zlib_save = gz > zlib_save_level = 9 > } > postmaster_address = postmaster at mydomain.tld > protocols = imap pop3 > replication_max_conns = 30 > service aggregator { > fifo_listener replication-notify-fifo { > mode = 0666 > user = vmail > } > unix_listener replication-notify { > mode = 0666 > user = vmail > } > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > user = root > } > service config { > unix_listener config { > user = vmail > } > } > service doveadm { > inet_listener { > port = 12345 > ssl = no > } > user = vmail > } > service imap-login { > client_limit = 1000 > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > process_limit = 500 > process_min_avail = 5 > service_count = 1 > } > service lmtp { > executable = lmtp -L > process_min_avail = 5 > unix_listener lmtp { > group = postfix > mode = 0666 > user = postfix > } > user = vmail > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > service replicator { > process_min_avail = 1 > unix_listener replicator-doveadm { > group = vmail > mode = 0666 > user = vmail > } > unix_listener replicator { > group = vmail > mode = 0666 > user = vmail > } > } > ssl_ca = ssl_cert = ssl_cipher_list = > EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH:EDH:HIGH:+RSA:+SHA: > MEDIUM:+RC4:RC4:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP > ssl_dh_parameters_length = 2048 > ssl_key = ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv2 !SSLv3 > ssl_require_crl = no > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > imap_client_workarounds = delay-newmail > mail_max_userip_connections = 15 > mail_plugins = " notify replication zlib mail_log quota imap_quota > imap_zlib" > ssl_ca = ssl_cert = ssl_key = } > protocol pop3 { > mail_max_userip_connections = 10 > mail_plugins = " notify replication zlib mail_log quota" > pop3_uidl_format = %08Xu%08Xv > ssl_ca = ssl_cert = ssl_key = } > protocol lda { > info_log_path = /var/log/dovecot-lda.log > mail_plugins = " notify replication zlib mail_log" > } > Aditionally, I forced a "doveadm sync -f" using crontab twice a day. Can anybody give me a hint, please? -- regards, Jonas From moiseev at mezonplus.ru Tue Feb 10 18:46:54 2015 From: moiseev at mezonplus.ru (Alexander Moisseev) Date: Tue, 10 Feb 2015 21:46:54 +0300 Subject: How to Delete an user and Purge attachements with a common directory mail_attachment_dir with SIS for all users. In-Reply-To: <54DA2591.5000904@yahoo.fr> References: <54DA2591.5000904@yahoo.fr> Message-ID: <54DA521E.2070704@mezonplus.ru> 10.02.2015 18:36, TN ?????: > What is the best way to delete an user mailbox (ex: /var/mail/johndoe ) when all attachments (for all users) are in a common directory with SIS deduplication (ex: mail_attachment_dir = /var/mail/attachments ) ? > Trying to delete user mailbox directory (rm) and do the command : doveadm -v purge -u johndoe leave all johndoe's attachments orphelin. > You should always expunge mailbox *before* deleting it, if you are using SIS. # doveadm expunge -d -u johndoe mailbox '*' all # rm -rf /var/mail/johndoe https://www.mail-archive.com/dovecot at dovecot.org/msg41683.html -- Alexander From dovecot at daniel.thecshore.com Wed Feb 11 07:33:26 2015 From: dovecot at daniel.thecshore.com (Daniel Dickinson) Date: Wed, 11 Feb 2015 02:33:26 -0500 Subject: [PATCH] Fix for client certificate validation does not work Message-ID: <54DB05C6.9000901@daniel.thecshore.com> Hi all, As I reported earlier (with a typo in the work [BUG]) client certification validation *does not* work even if you do everything exactly according to all documentation and attempts at helpful advice. I have seen this issue with both startssl.com and self-signed certificates, and based on what I've seen from searching the web, this is a problem that has gotten little attention because most people don't bother, but are more than willing to give out useless advice on how to make it work. Furthermore the issue does NOT occur with the cyrus-imap mail server, so it is definitely a server-side issue. The actual issue is that the code for calling OpenSSL that constructs the client certificate validation is in fact WRONG. I don't have a perfect patch as I was mostly interested in getting it working for my needs and didn't bother with constructing the list of CA names to send to the client, preferring to let OpenSSL handle all that sort of thing. What it comes down to is that the code, which probably worked at one point, was not correctly updated at some point and since then client side certificate validation has been BROKEN. I have patched against 2.2.9, however I have seen this problem in the versions in both Debian Wheezy and Debian Jessie as well. As you will see from the patch (which is an attachment as people tend to complain that patches get mangled when you inline them, and even if I have a good client I've gotten heck because the receiver didn't. Regards, Daniel -------------- next part -------------- Index: dovecot-2.2.9/src/login-common/ssl-proxy-openssl.c =================================================================== --- dovecot-2.2.9.orig/src/login-common/ssl-proxy-openssl.c 2015-02-11 00:31:24.986198000 -0500 +++ dovecot-2.2.9/src/login-common/ssl-proxy-openssl.c 2015-02-11 00:32:19.262198000 -0500 @@ -951,54 +951,25 @@ return strstr(cert, "PRIVATE KEY---") != NULL; } -static void load_ca(X509_STORE *store, const char *ca, - STACK_OF(X509_NAME) **xnames_r) +static void load_ca(SSL_CTX *ssl_ctx, const char *ca) { - /* mostly just copy&pasted from X509_load_cert_crl_file() */ - STACK_OF(X509_INFO) *inf; - X509_INFO *itmp; - X509_NAME *xname; - BIO *bio; - int i; - - bio = BIO_new_mem_buf(t_strdup_noconst(ca), strlen(ca)); - if (bio == NULL) - i_fatal("BIO_new_mem_buf() failed"); - inf = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); - if (inf == NULL) - i_fatal("Couldn't parse ssl_ca: %s", ssl_last_error()); - BIO_free(bio); - - if (xnames_r != NULL) { - *xnames_r = sk_X509_NAME_new_null(); - if (*xnames_r == NULL) - i_fatal_status(FATAL_OUTOFMEM, "sk_X509_NAME_new_null() failed"); - } - for(i = 0; i < sk_X509_INFO_num(inf); i++) { - itmp = sk_X509_INFO_value(inf, i); - if(itmp->x509) { - X509_STORE_add_cert(store, itmp->x509); - xname = X509_get_subject_name(itmp->x509); - if (xname != NULL && xnames_r != NULL) { - xname = X509_NAME_dup(xname); - if (xname == NULL) - i_fatal_status(FATAL_OUTOFMEM, "X509_NAME_dup() failed"); - sk_X509_NAME_push(*xnames_r, xname); - } - } - if(itmp->crl) - X509_STORE_add_crl(store, itmp->crl); + struct stat statbuf; + int ret = 0; + stat(ca, &statbuf); + + if (S_ISDIR(statbuf.st_mode)) { + ret = SSL_CTX_load_verify_locations(ssl_ctx, NULL, ca); + } else { + ret = SSL_CTX_load_verify_locations(ssl_ctx, ca, NULL); + } + if (!ret) { + i_fatal("SSL_CTX_load_verify_locations() failed: %s", ssl_last_error()); } - sk_X509_INFO_pop_free(inf, X509_INFO_free); } -static STACK_OF(X509_NAME) * -ssl_proxy_ctx_init(SSL_CTX *ssl_ctx, const struct master_service_ssl_settings *set, - bool load_xnames) +static void +ssl_proxy_ctx_init(SSL_CTX *ssl_ctx, const struct master_service_ssl_settings *set) { - X509_STORE *store; - STACK_OF(X509_NAME) *xnames = NULL; - /* enable all SSL workarounds, except empty fragments as it makes SSL more vulnerable against attacks */ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL & @@ -1010,12 +981,10 @@ if (*set->ssl_ca != '\0') { /* set trusted CA certs */ - store = SSL_CTX_get_cert_store(ssl_ctx); - load_ca(store, set->ssl_ca, load_xnames ? &xnames : NULL); + load_ca(ssl_ctx, set->ssl_ca); } ssl_proxy_ctx_set_crypto_params(ssl_ctx, set); SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); - return xnames; } static void @@ -1068,7 +1037,7 @@ } static void -ssl_proxy_ctx_verify_client(SSL_CTX *ssl_ctx, STACK_OF(X509_NAME) *ca_names) +ssl_proxy_ctx_verify_client(SSL_CTX *ssl_ctx) { #if OPENSSL_VERSION_NUMBER >= 0x00907000L X509_STORE *store; @@ -1079,8 +1048,6 @@ #endif SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, ssl_verify_client_cert); - /* set list of CA names that are sent to client */ - SSL_CTX_set_client_CA_list(ssl_ctx, ca_names); } static const char *ssl_proxy_get_use_certificate_error(const char *cert) @@ -1277,7 +1244,7 @@ ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv23_server_method()); if (ssl_ctx == NULL) i_fatal("SSL_CTX_new() failed"); - xnames = ssl_proxy_ctx_init(ssl_ctx, ssl_set, ctx->verify_client_cert); + ssl_proxy_ctx_init(ssl_ctx, ssl_set); if (SSL_CTX_set_cipher_list(ssl_ctx, ctx->cipher_list) != 1) { i_fatal("Can't set cipher list to '%s': %s", @@ -1303,7 +1270,7 @@ ssl_proxy_ctx_use_key(ctx->ctx, ssl_set); if (ctx->verify_client_cert) - ssl_proxy_ctx_verify_client(ctx->ctx, xnames); + ssl_proxy_ctx_verify_client(ctx->ctx); hash_table_insert(ssl_servers, ctx, ctx); return ctx; @@ -1343,12 +1310,10 @@ ssl_proxy_init_client(const struct login_settings *login_set, const struct master_service_ssl_settings *ssl_set) { - STACK_OF(X509_NAME) *xnames; - if ((ssl_client_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) i_fatal("SSL_CTX_new() failed"); - xnames = ssl_proxy_ctx_init(ssl_client_ctx, ssl_set, TRUE); - ssl_proxy_ctx_verify_client(ssl_client_ctx, xnames); + ssl_proxy_ctx_init(ssl_client_ctx, ssl_set); + ssl_proxy_ctx_verify_client(ssl_client_ctx); ssl_proxy_client_ctx_set_client_cert(ssl_client_ctx, login_set); } Index: dovecot-2.2.9/src/lib-ssl-iostream/iostream-openssl-context.c =================================================================== --- dovecot-2.2.9.orig/src/lib-ssl-iostream/iostream-openssl-context.c 2015-02-11 00:31:24.986198000 -0500 +++ dovecot-2.2.9/src/lib-ssl-iostream/iostream-openssl-context.c 2015-02-11 00:31:24.986198000 -0500 @@ -11,6 +11,7 @@ #include #include #include +#include #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L # define HAVE_ECDH @@ -222,50 +223,26 @@ return ret; } -static int load_ca(X509_STORE *store, const char *ca, - STACK_OF(X509_NAME) **xnames_r) +static int load_ca(SSL_CTX *ssl_ctx, const char *ca) { - /* mostly just copy&pasted from X509_load_cert_crl_file() */ - STACK_OF(X509_INFO) *inf; - STACK_OF(X509_NAME) *xnames; - X509_INFO *itmp; - X509_NAME *xname; - BIO *bio; - int i; - - bio = BIO_new_mem_buf(t_strdup_noconst(ca), strlen(ca)); - if (bio == NULL) - i_fatal("BIO_new_mem_buf() failed"); - inf = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); - BIO_free(bio); - - if (inf == NULL) + struct stat statbuf; + int ret = 0; + stat(ca, &statbuf); + if S_ISDIR(statbuf.st_mode) { + ret = SSL_CTX_load_verify_location(ssl_ctx, NULL, ca); + } else { + ret = SSL_CTX_load_verify_location(ssl_ctx, ca, NULL); + } + if (!ret) { return -1; - - xnames = sk_X509_NAME_new_null(); - if (xnames == NULL) - i_fatal("sk_X509_NAME_new_null() failed"); - for(i = 0; i < sk_X509_INFO_num(inf); i++) { - itmp = sk_X509_INFO_value(inf, i); - if(itmp->x509) { - X509_STORE_add_cert(store, itmp->x509); - xname = X509_get_subject_name(itmp->x509); - if (xname != NULL) - xname = X509_NAME_dup(xname); - if (xname != NULL) - sk_X509_NAME_push(xnames, xname); - } - if(itmp->crl) - X509_STORE_add_crl(store, itmp->crl); + } else { + return 0; } - sk_X509_INFO_pop_free(inf, X509_INFO_free); - *xnames_r = xnames; - return 0; + } static void -ssl_iostream_ctx_verify_remote_cert(struct ssl_iostream_context *ctx, - STACK_OF(X509_NAME) *ca_names) +ssl_iostream_ctx_verify_remote_cert(struct ssl_iostream_context *ctx) { #if OPENSSL_VERSION_NUMBER >= 0x00907000L X509_STORE *store; @@ -274,8 +251,6 @@ X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); #endif - - SSL_CTX_set_client_CA_list(ctx->ssl_ctx, ca_names); } static struct ssl_iostream_settings * @@ -320,18 +295,17 @@ const char **error_r) { X509_STORE *store; - STACK_OF(X509_NAME) *xnames = NULL; const char *ca_file, *ca_dir; bool have_ca = FALSE; if (set->ca != NULL) { store = SSL_CTX_get_cert_store(ctx->ssl_ctx); - if (load_ca(store, set->ca, &xnames) < 0) { + if (load_ca(ctx->ssl_ctx, set->ca) < 0) { *error_r = t_strdup_printf("Couldn't parse ssl_ca: %s", openssl_iostream_error()); return -1; } - ssl_iostream_ctx_verify_remote_cert(ctx, xnames); + ssl_iostream_ctx_verify_remote_cert(ctx); have_ca = TRUE; } ca_file = set->ca_file == NULL || *set->ca_file == '\0' ? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From axaly at yahoo.fr Wed Feb 11 08:58:36 2015 From: axaly at yahoo.fr (Tan) Date: Wed, 11 Feb 2015 08:58:36 +0000 (UTC) Subject: Best way to delete an user mailbox with mdbox format and all attachments detach/dedup ? Message-ID: <105868708.3052992.1423645116735.JavaMail.yahoo@mail.yahoo.com> ??????? Hello everybody, ?? On a Dovecot 2.x, what is the best way to delete an user mailbox when : * all attachments for all users detach in a common directory (mail_attachment_dir = var/mail/attachments ). * attachments use SIS deduplication (mail_attachment_fs = sis posix) * mailbox are in mdbox Trying to delete user mailbox directory (rm) and do the command? : doveadm -v purge -u johndoe , all attachments of this user are orphelins. In another way, is there a dovecot command to delete or to synchronize attachments ? Best regards, TaN From nick.z.edwards at gmail.com Wed Feb 11 12:07:38 2015 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Wed, 11 Feb 2015 22:07:38 +1000 Subject: Server switching In-Reply-To: <54DA2656.9070604@thelounge.net> References: <20150210153526.GA20315@doctor.nl2k.ab.ca> <54DA2656.9070604@thelounge.net> Message-ID: Reindls close, but he omitted the fact that if changing IP, you better shorten the TTL to about 5 mins - 24 hours before you do anything, assuming your default DNS TTL if 24 hrs as most are, if you use longer, than you need to wait that time. then after a few hours after the change if everythings good, reset your TTL back to 86400 or 1D On 2/11/15, Reindl Harald wrote: > > Am 10.02.2015 um 16:35 schrieb The Doctor: >> Quick question. >> >> We are using both IMAP and POP#. >> >> Question : >> how can you avoid retrieving an e-mail that has been already retrieved? > > by just rsync the complete data from the old to the new server > > * first rsync hot while servicers running > * stop services > * second rsync only transfer the differences > * DNS and/or IP change > * start servcies on the new server > > the client don't know anything about that > > > From nick.z.edwards at gmail.com Wed Feb 11 12:10:29 2015 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Wed, 11 Feb 2015 22:10:29 +1000 Subject: [PATCH] Fix for client certificate validation does not work In-Reply-To: <54DB05C6.9000901@daniel.thecshore.com> References: <54DB05C6.9000901@daniel.thecshore.com> Message-ID: what problem with startssl.com? lots of people use them for a long time with no problem On 2/11/15, Daniel Dickinson wrote: > Hi all, > > As I reported earlier (with a typo in the work [BUG]) client > certification validation *does not* work even if you do everything > exactly according to all documentation and attempts at helpful advice. > > I have seen this issue with both startssl.com and self-signed > certificates, and based on what I've seen from searching the web, this > is a problem that has gotten little attention because most people don't > bother, but are more than willing to give out useless advice on how to > make it work. > > Furthermore the issue does NOT occur with the cyrus-imap mail server, so > it is definitely a server-side issue. > > The actual issue is that the code for calling OpenSSL that constructs > the client certificate validation is in fact WRONG. > > I don't have a perfect patch as I was mostly interested in getting it > working for my needs and didn't bother with constructing the list of CA > names to send to the client, preferring to let OpenSSL handle all that > sort of thing. > > What it comes down to is that the code, which probably worked at one > point, was not correctly updated at some point and since then client > side certificate validation has been BROKEN. > > I have patched against 2.2.9, however I have seen this problem in the > versions in both Debian Wheezy and Debian Jessie as well. > > As you will see from the patch (which is an attachment as people tend to > complain that patches get mangled when you inline them, and even if I > have a good client I've gotten heck because the receiver didn't. > > Regards, > > Daniel > > From meloadik at gmail.com Wed Feb 11 15:33:20 2015 From: meloadik at gmail.com (Ultramedia Libertad) Date: Wed, 11 Feb 2015 15:33:20 +0000 Subject: Invalid password in passdb: Not a valid MD5-CRYPT or PLAIN-MD5 password Message-ID: Hi friends, I am migrating imap-courier to dovecot, I use openbsd+postfix+imap-courier, and now I'm trying to run openbsd+opensmtpd+dovecot. In the beginning it was a little traumante but it works OpenSMTPD correctly. Now I have configured dovecot, and I hope that your backend authorization is the same database that was used imap-courier. In /var/log/maillog receipt the following error auth-worker(2915): Error: sql(user at domain.tld,199.254.238.134): Invalid password in passdb: Not a valid MD5-CRYPT or PLAIN-MD5 password My /etc/dovecot/dovecot-sql.conf.ext password_query = \ SELECT login, password \ FROM users WHERE login = '%u' My database MySQL to start as well mysql> CREATE DATABASE mail; Query OK, 1 row affected (0.01 sec) mysql> use mail Database changed mysql> CREATE TABLE domains ( -> id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, -> domain VARCHAR(255) NOT NULL UNIQUE); Query OK, 0 rows affected (0.02 sec) mysql> CREATE TABLE users ( -> id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, -> login VARCHAR(255) NOT NULL UNIQUE, -> name VARCHAR(255) NOT NULL, -> password CHAR(13) NOT NULL, -> uid SMALLINT NOT NULL DEFAULT 2000, -> gid SMALLINT NOT NULL DEFAULT 2000, -> home VARCHAR(255) NOT NULL DEFAULT '/var/vmail', -> maildir VARCHAR(255) NOT NULL, -> quota VARCHAR(10) NOT NULL DEFAULT '10000000S'); Query OK, 0 rows affected (0.01 sec) mysql> CREATE TABLE alias_maps ( -> id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, -> account VARCHAR(255) NOT NULL UNIQUE, -> alias VARCHAR(255) NOT NULL); Query OK, 0 rows affected (0.00 sec) mysql> GRANT SELECT ON mail.* to 'vmail'@'localhost' IDENTIFIED BY 'vmail'; Query OK, 0 rows affected (0.01 sec) mysql> FLUSH PRIVILEGES; Not for me this past this error to insert data in the database, I do this: mysql> INSERT INTO users (login, name, password, maildir) -> VALUES ('name at domain.tld', 'name lastname', ENCRYPT('pass'), -> 'domain.tld/name/'); Which helps me is well received Thanks for all -- editor de sue?os From g.danti at assyoma.it Wed Feb 11 18:06:41 2015 From: g.danti at assyoma.it (Gionatan Danti) Date: Wed, 11 Feb 2015 19:06:41 +0100 Subject: Per-protocol =?UTF-8?Q?ssl=5Fprotocols=20settings?= In-Reply-To: <3850A2D6-C982-4F52-A4D5-26DCF5D9C6A0@zandanel.me> References: <1929fe96ab73867a7c87aa3a0042d56f@assyoma.it> <35d54813eb36e02d20566174c14d32c6@assyoma.it> <54D88CF7.8000100@assyoma.it> <3850A2D6-C982-4F52-A4D5-26DCF5D9C6A0@zandanel.me> Message-ID: <6d87eda6d67aeb9e7c574d40c2ad8a2c@assyoma.it> It is precisely what I need, thank you very much. As a side note, I did not found any reference to "local" (and "remote") directive on the wiki (albeit man doveconf showed some references). Where I can find a documentation of all allowed directives? Thanks again. Il 2015-02-09 14:54 Felix Zandanel ha scritto: > I performed a quick test and it seems that the "ssl_protocols" setting > is per-IP only and shared among all listeners defined for that > address. As you want this setting to be active for one specific > "inet_listener" only (with port 10995 in your case), dovecot would > have to permit the "ssl_protocols" directive in that scope, which it > doesn?t. > > As a workaround I suggest using a special, unused loopback address to > which you can apply the distinct SSL settings. You could use > iptables/NAT to forward all incoming traffic originating from your > external IP on port 10995 to 127.0.0.2:10995 for example. Then > configure the POP3 service with an "inet_listener" for 127.0.0.2:10995 > and use the "local" directive to set up the SSL protocols without > touching global settings: > > local 127.0.0.2 { > ssl_protocols = !SSLv2 > } > > Regards, > Felix Zandanel > > >> Am 09.02.2015 um 11:33 schrieb Gionatan Danti : >> >> Sorry for the bump... >> >> Anyone know if it is possible to have multiple protocols instances >> with different ssl_protocols settings? >> >> Regards. >> >> On 07/02/15 00:03, Gionatan Danti wrote: >>> Hi all, >>> anyone with some ideas? >>> >>> Thanks. >>> >>> Il 2015-02-02 23:08 Gionatan Danti ha scritto: >>>> Hi all, >>>> I have a question regarding the "ssl_protocols" parameter. >>>> >>>> I understand that editing the 10-ssl.conf file I can set the >>>> ssl_protocols variable as required. >>>> At the same time, I can edit a single protocol file (eg: >>>> 20-pop3.conf) >>>> to set the ssl_protocols for a specific protocol/listener. >>>> >>>> I wander if (and how) I can create a different listener for another >>>> POP3 instance, for example listening on port 10995, and using >>>> another >>>> ssl_protocol setting. >>>> >>>> In short, I would like to create a different, firewalled pop3s >>>> service >>>> enabling the SSLv3 stack, while disabling it at system-wide >>>> settings. >>>> >>>> I am able to successfully create a new listener for port 10995, but >>>> I >>>> don't understand how to associate the ssl_protocols value to the new >>>> listener. Simply putting the ssl_protocols value into the listener >>>> section give me a configuration error. >>>> >>>> Thank you all. >>> >> >> -- >> Danti Gionatan >> Supporto Tecnico >> Assyoma S.r.l. - www.assyoma.it >> email: g.danti at assyoma.it - info at assyoma.it >> GPG public key ID: FF5F32A8 -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti at assyoma.it - info at assyoma.it GPG public key ID: FF5F32A8 From portase.florin at medianetork.ro Wed Feb 11 18:34:54 2015 From: portase.florin at medianetork.ro (Florin Portase) Date: Wed, 11 Feb 2015 19:34:54 +0100 Subject: dovecot 2.2.15 script_after not executed Message-ID: <54DBA0CE.5020206@medianetork.ro> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello guys, I'm having troubles making "script_after" to exec sieve scripts:: So: plugin { quota = maildir quota_rule2 = INBOX.Trash:ignore quota_rule3 = INBOX.Sent:ignore sieve = ~/Maildir/sieve/dovecot1.sieve sieve_before = /etc/dovecot/sieve/global.sieve sieve_after = ~/Maildir/sieve/01_vacation.sieve sieve_dir = ~/Maildir/sieve sieve_global_dir = /etc/dovecot/sieve/ sieve_quota_max_scripts = 50 expire = INBOX.Trash expire2 = INBOX.Spam expire3 = INBOX.Junk zlib_save = bz2 } ll /home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/ total 28 - -rw-------. 1 vpopmail vchkpw 912 Feb 11 19:15 01_vacation.sieve - -rw-------. 1 vpopmail vchkpw 212 Feb 11 19:13 01_vacation.svbin drwx------. 2 vpopmail vchkpw 4096 Feb 11 00:02 after lrwxrwxrwx. 1 vpopmail vchkpw 13 Feb 11 19:15 dovecot1.sieve -> filters.sieve - -rw-------. 1 vpopmail vchkpw 878 Feb 11 19:16 dovecot1.svbin - -rw-------. 1 vpopmail vchkpw 1268 Feb 11 18:48 filters.sieve - -rw-------. 1 vpopmail vchkpw 932 Feb 11 18:55 new.sieve drwx------. 2 vpopmail vchkpw 4096 Feb 11 19:15 tmp And here is the debug output: Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: file script: Opened script `01_vacation' from `/home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/01_vacation.sieve' Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: executed after user's Sieve script(3): /home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/01_vacation.sieve Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: Opening script 1 of 3 from `/etc/dovecot/sieve/global.sieve' Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: Loading script /etc/dovecot/sieve/global.sieve Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: Script binary /etc/dovecot/sieve/global.svbin successfully loaded Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: binary save: not saving binary /etc/dovecot/sieve/global.svbin, because it is already stored Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: Executing script from `/etc/dovecot/sieve/global.svbin' Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: Opening script 2 of 3 from `/home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.sieve;name=filters' Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: Loading script /home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.sieve;name=filters Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: Script binary /home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.svbin is not up-to-date Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: Script `filters' from /home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.sieve;name=filters successfully compiled Feb 11 19:16:09 lda(portase.florin at medianetork.ro): Debug: sieve: Executing script from `/home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.sieve;name=filters' Feb 11 19:16:10 lda(portase.florin at medianetork.ro): Info: sieve: msgid=: stored mail into mailbox 'INBOX.Gmail' If I change symlink from dovecot1.sieve -> filters.sieve to dovecot1.sieve -> 01_vacation.sieve vacation filter is working I think I miss something, but have no clue what's wrong. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJU26DNAAoJECEzxtLP+204zckH/R05yYi2iLFrXpYgNE0noyDu f1sAXPHk1UC75Wz0FMLRP/QR4K4ocF4TnZAC8a0e0rLdwILZ2ys7LUL1GkF5D/m6 MLotbZh01pWaI4+C7I6Nw0GeCMBYC1VFFrh/fxVcijdICA5H6v6VmiZs7/AyWq/3 OcmzHeLD0MgHcU7l2zD7MFszYnUTGaJoqztYMzz9Mzzgff7Gw4RioJTh3PDCu/Wp gAXPcX0/8fssSRBnmsIKs7bzUxhsXnFwisq+d6xYa4O/2tG1vU1YmmsGGj9YGIAR x5wKyCcPAeOWnZZ0rLvweVs+KMr91Dl4czteMsV71ZxNzMpLIUXdtrqAGYrHeZU= =PIJn -----END PGP SIGNATURE----- From stephan at rename-it.nl Wed Feb 11 19:41:54 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 11 Feb 2015 20:41:54 +0100 Subject: dovecot 2.2.15 script_after not executed In-Reply-To: <54DBA0CE.5020206@medianetork.ro> References: <54DBA0CE.5020206@medianetork.ro> Message-ID: <54DBB082.8040605@rename-it.nl> On 2/11/2015 7:34 PM, Florin Portase wrote: > > Hello guys, > > I'm having troubles making "script_after" to exec sieve scripts:: > Keep in mind that the sieve_after script is only executed when the "keep" action [1] is executed or when the implicit "keep" [2] is still active, meaning that the user didn't give the mail an explicit destination. If the user does perform actions like fileinto or redirect without a `:copy' argument [3] and without performing an explicit "keep" [2] anywhere, the subsequent sieve_after scripts are not executed [4]. Therefore sieve_after is only useful to provide default behavior for when the user has no explicit rule for what should happen to the e-mail. > `/home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.sieve;name=filters' > Feb 11 19:16:10 lda(portase.florin at medianetork.ro): Info: sieve: > msgid=: > stored mail into mailbox 'INBOX.Gmail' This was probably done using a `fileinto "INBOX.Gmail";' command. This cancels the implicit keep. To force executing sieve_after, the user needs to add a `:copy' argument to that fileinto command or a `keep;' action should be executed. Administrator policies that always need to be executed must be placed in a sieve_before script. For more information: [1]: https://tools.ietf.org/html/rfc5228#section-4.3 [2]: https://tools.ietf.org/html/rfc5228#section-2.10.2 [3]: https://tools.ietf.org/html/rfc3894 [4]: http://tools.ietf.org/html/draft-degener-sieve-multiscript-00 Regards, Stephan. From portase.florin at medianetork.ro Wed Feb 11 21:37:59 2015 From: portase.florin at medianetork.ro (Portase Florin) Date: Wed, 11 Feb 2015 22:37:59 +0100 Subject: dovecot 2.2.15 script_after not executed In-Reply-To: <54DBB082.8040605@rename-it.nl> References: <54DBA0CE.5020206@medianetork.ro> <54DBB082.8040605@rename-it.nl> Message-ID: <54DBCBB7.1070004@medianetork.ro> On 2/11/2015 8:41 PM, Stephan Bosch wrote: > On 2/11/2015 7:34 PM, Florin Portase wrote: >> Hello guys, >> >> I'm having troubles making "script_after" to exec sieve scripts:: >> > Keep in mind that the sieve_after script is only executed when the > "keep" action [1] is executed or when the implicit "keep" [2] is still > active, meaning that the user didn't give the mail an explicit destination. > > If the user does perform actions like fileinto or redirect without a > `:copy' argument [3] and without performing an explicit "keep" [2] > anywhere, the subsequent sieve_after scripts are not executed [4]. > > Therefore sieve_after is only useful to provide default behavior for > when the user has no explicit rule for what should happen to the e-mail. > >> `/home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.sieve;name=lters' >> Feb 11 19:16:10 lda(portase.florin at medianetork.ro): Info: sieve: >> msgid=AAa=MneAO6+wwLh3M8nz1z6Mi2Ae2aDMdrSakJA_-PYCwCvbCA at mail.gmail.com>: >> stored mail into mailbox 'INBOX.Gmail' > This was probably done using a `fileinto "INBOX.Gmail";' command. This > cancels the implicit keep. > > To force executing sieve_after, the user needs to add a `:copy' argument > to that fileinto command or a `keep;' action should be executed. > > Administrator policies that always need to be executed must be placed > in a sieve_before script. > > For more information: > > [1]: https://tools.ietf.org/html/rfc5228#section-4.3 > [2]: https://tools.ietf.org/html/rfc5228#section-2.10.2 > [3]: https://tools.ietf.org/html/rfc3894 > [4]: http://tools.ietf.org/html/draft-degener-sieve-multiscript-00 > > Regards, > > Stephan. > Thanks Stephan, However still have one small issue: fileter.sieve ========== # rule:[amavis] if anyof (address :contains "From" "amavis", address :contains "Cc" "amavis-users at amavis.org", address :contains "To" "amavis-users at amavis.org") { fileinto "INBOX.lists.amavisd-new"; } # rule:[xxx_gmail] elsif anyof (header :contains "From" "xxx at gmail") { setflag "\\Flagged"; fileinto "INBOX.Gmail"; keep; } In this case, both all 3 sieve are executed: global one + filters + vacation. But as side note: when mail come from gmail account, - 1st message is sent to inbox.gmail - 2nd vacation response is sent -3rd message is copied once more directly into INBOX Now, if I modify: fileinto :copy INBOX.Gmail; The message is sent to INBOX.Gmail and also copied to INBOX How can I avoid such behavior ? From stephan at rename-it.nl Thu Feb 12 00:01:58 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 12 Feb 2015 01:01:58 +0100 Subject: dovecot 2.2.15 script_after not executed In-Reply-To: <54DBCBB7.1070004@medianetork.ro> References: <54DBA0CE.5020206@medianetork.ro> <54DBB082.8040605@rename-it.nl> <54DBCBB7.1070004@medianetork.ro> Message-ID: <54DBED76.4070608@rename-it.nl> On 2/11/2015 10:37 PM, Portase Florin wrote: > On 2/11/2015 8:41 PM, Stephan Bosch wrote: >> On 2/11/2015 7:34 PM, Florin Portase wrote: >>> Hello guys, >>> >>> I'm having troubles making "script_after" to exec sieve scripts:: >>> >> Keep in mind that the sieve_after script is only executed when the >> "keep" action [1] is executed or when the implicit "keep" [2] is still >> active, meaning that the user didn't give the mail an explicit destination. >> >> If the user does perform actions like fileinto or redirect without a >> `:copy' argument [3] and without performing an explicit "keep" [2] >> anywhere, the subsequent sieve_after scripts are not executed [4]. >> >> Therefore sieve_after is only useful to provide default behavior for >> when the user has no explicit rule for what should happen to the e-mail. >> >>> `/home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.sieve;name=lters' >>> Feb 11 19:16:10 lda(portase.florin at medianetork.ro): Info: sieve: >>> msgid=AAa=MneAO6+wwLh3M8nz1z6Mi2Ae2aDMdrSakJA_-PYCwCvbCA at mail.gmail.com>: >>> stored mail into mailbox 'INBOX.Gmail' >> This was probably done using a `fileinto "INBOX.Gmail";' command. This >> cancels the implicit keep. >> >> To force executing sieve_after, the user needs to add a `:copy' argument >> to that fileinto command or a `keep;' action should be executed. >> >> Administrator policies that always need to be executed must be placed >> in a sieve_before script. >> >> For more information: >> >> [1]: https://tools.ietf.org/html/rfc5228#section-4.3 >> [2]: https://tools.ietf.org/html/rfc5228#section-2.10.2 >> [3]: https://tools.ietf.org/html/rfc3894 >> [4]: http://tools.ietf.org/html/draft-degener-sieve-multiscript-00 >> >> Regards, >> >> Stephan. >> > Thanks Stephan, > > However still have one small issue: > > fileter.sieve > ========== > > # rule:[amavis] > if anyof (address :contains "From" "amavis", > address :contains "Cc" "amavis-users at amavis.org", > address :contains "To" "amavis-users at amavis.org") > { > fileinto "INBOX.lists.amavisd-new"; > } > # rule:[xxx_gmail] > elsif anyof (header :contains "From" "xxx at gmail") > { > setflag "\\Flagged"; > fileinto "INBOX.Gmail"; > keep; > } > > In this case, both all 3 sieve are executed: global one + filters + > vacation. > But as side note: when mail come from gmail account, > - 1st message is sent to inbox.gmail > - 2nd vacation response is sent > -3rd message is copied once more directly into INBOX > > Now, if I modify: > fileinto :copy INBOX.Gmail; > > The message is sent to INBOX.Gmail and also copied to INBOX > > How can I avoid such behavior ? Why do you have the vacation script in a sieve_after rule? Regards, Stephan. From portase.florin at medianetork.ro Thu Feb 12 01:12:09 2015 From: portase.florin at medianetork.ro (Florin Portase) Date: Thu, 12 Feb 2015 02:12:09 +0100 Subject: dovecot 2.2.15 =?UTF-8?Q?script=5Fafter=20not=20executed?= In-Reply-To: <54DBED76.4070608@rename-it.nl> References: <54DBA0CE.5020206@medianetork.ro> <54DBB082.8040605@rename-it.nl> <54DBCBB7.1070004@medianetork.ro> <54DBED76.4070608@rename-it.nl> Message-ID: <22da12c08c815e1a4175f32249462db5@medianetork.ro> On 2015-02-12 01:01, Stephan Bosch wrote: > On 2/11/2015 10:37 PM, Portase Florin wrote: On 2/11/2015 8:41 PM, Stephan Bosch wrote: On 2/11/2015 7:34 PM, Florin Portase wrote: Hello guys, > > I'm having troubles making "script_after" to exec sieve scripts:: > > Keep in mind that the sieve_after script is only executed when the > "keep" action [1 [1]] is executed or when the implicit "keep" [2 [2]] is still > active, meaning that the user didn't give the mail an explicit destination. > > If the user does perform actions like fileinto or redirect without a > `:copy' argument [3 [3]] and without performing an explicit "keep" [2 [2]] > anywhere, the subsequent sieve_after scripts are not executed [4 [4]]. > > Therefore sieve_after is only useful to provide default behavior for > when the user has no explicit rule for what should happen to the e-mail. > > `/home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.sieve;name=lters' > Feb 11 19:16:10 lda(portase.florin at medianetork.ro): Info: sieve: > msgid=AAa=MneAO6+wwLh3M8nz1z6Mi2Ae2aDMdrSakJA_-PYCwCvbCA at mail.gmail.com>: > stored mail into mailbox 'INBOX.Gmail' This was probably done using a `fileinto "INBOX.Gmail";' command. This > cancels the implicit keep. > > To force executing sieve_after, the user needs to add a `:copy' argument > to that fileinto command or a `keep;' action should be executed. > > Administrator policies that always need to be executed must be placed > in a sieve_before script. > > For more information: > > [1]: https://tools.ietf.org/html/rfc5228#section-4.3 [1] > [2]: https://tools.ietf.org/html/rfc5228#section-2.10.2 [2] > [3]: https://tools.ietf.org/html/rfc3894 [3] > [4]: http://tools.ietf.org/html/draft-degener-sieve-multiscript-00 [4] > > Regards, > > Stephan. Thanks Stephan, However still have one small issue: fileter.sieve ========== # rule:[amavis] if anyof (address :contains "From" "amavis", address :contains "Cc" "amavis-users at amavis.org", address :contains "To" "amavis-users at amavis.org") { fileinto "INBOX.lists.amavisd-new"; } # rule:[xxx_gmail] elsif anyof (header :contains "From" "xxx at gmail") { setflag "\\Flagged"; fileinto "INBOX.Gmail"; keep; } In this case, both all 3 sieve are executed: global one + filters + vacation. But as side note: when mail come from gmail account, - 1st message is sent to inbox.gmail - 2nd vacation response is sent -3rd message is copied once more directly into INBOX Now, if I modify: fileinto :copy INBOX.Gmail; The message is sent to INBOX.Gmail and also copied to INBOX How can I avoid such behavior ? Why do you have the vacation script in a sieve_after rule? Regards, Stephan. Well, I'm using roundcube with 2 plugins ( sieverules + vacation_sieve) 1st one used to create filters for incoming messages and 2nd one just "out of office" response. Because of the limitation of sieverules plugin related to definition of "out of office" response I'm using 2nd one. So, I will have 2 .sieve files ( filters.sieve + vacation.sieve) Just to resume, when I'm activating vacation, the incoming message will be moved/copied to designated folder and vacation will be triggered after. As you can see here :: dovecot1.sieve -> filters.sieve vacation plugin has a build-in function to activate itself as a _default_ rule. But as I mentioned before, incoming messaged will be filtered by filter.sieve and after ( if activated ) to trigger vacation response. Hope, i wasn't to ambiguous :) Links: ------ [1] https://tools.ietf.org/html/rfc5228#section-4.3 [2] https://tools.ietf.org/html/rfc5228#section-2.10.2 [3] https://tools.ietf.org/html/rfc3894 [4] http://tools.ietf.org/html/draft-degener-sieve-multiscript-00 From dovecot at allycomm.com Thu Feb 12 06:21:57 2015 From: dovecot at allycomm.com (Jeff Kletsky) Date: Wed, 11 Feb 2015 22:21:57 -0800 Subject: Processing Maildir contents on message-by-message basis Message-ID: <54DC4685.1000307@allycomm.com> I (finally) moved over to Maildir storage here and would like to implement some "scripts" to manage taking actions on emails manually identified as misclassified as spam/ham. After reading through the Dovecot 2 description of how it works to try to see how it interacts with other processes changing the files. I'm concerned that I would be corrupting the message indexes if I just go hog-wild and run the scripts on the filesystem, rather than through Dovecot in some way. The types of actions taken would likely be: * Select a message from a given mailbox (the "source") * Potentially modify it drastically (remove spamassassin markup, for example) * Pipe the modified message to a mail-delivery agent (still running procmail here) and/or to sa-learn * Assuming successful completion of the pipe action(s), remove the source message from the mailbox While I can use doveadm to do bulk move/delete actions, I don't see a clear way to iterate through a set of messages and perform actions on them. First off, if I wrangle and mangle the message files directly, do I have to worry about the indexes, or do the indexes "magically" repair themselves in cases where the messages are either altered (including headers) or removed? Have I missed a way to iterate over messages and process it using external tools using the dovecot tools? Has this been discussed ad nauseum and I somehow missed it? (If so, for which I apologize profusely). Thanks, Jeff From skdovecot at smail.inf.fh-brs.de Thu Feb 12 08:19:24 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 12 Feb 2015 09:19:24 +0100 (CET) Subject: Processing Maildir contents on message-by-message basis In-Reply-To: <54DC4685.1000307@allycomm.com> References: <54DC4685.1000307@allycomm.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 Feb 2015, Jeff Kletsky wrote: > First off, if I wrangle and mangle the message files directly, do I have to > worry about the indexes, or do the indexes "magically" repair themselves in > cases where the messages are either altered (including headers) or removed? 1) Never ever modify a message on file system. 2) You can remove and add messages with no problem, the next time the mailbox is accessed, the indexes are repaired. 3) You can move messages to ../tmp (that would be a remove in the sense of the indexes), change the message there, modify the filename a bit, just to be sure, e.g. I add a counter after the hostname part: 1222364652.P11383Q0M620284.,S=7215,W=7294:2, adjust S= and W=, and finally move the message back into '.../new' or '.../cur'. That way the message is seen as new one (add). If you do so and if you have more then 26 keywords in the mailbox, the 27th and up are lost, because they cannot be tagged on the filename itself. The indexes are repaired as well. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVNxiDHz1H7kL/d9rAQI8UAf+MQgqCZlfEi6c1Fg/rqPtR+WUiszaHNjK kPZ7WDA2hbIgTncJNwRA+6Y4+qmKrSXj/bMhMLsMNlFPYeERw9plf8htYnIVVRgl sV09otLJ4fBZCeLJwB3DVtFHkh34KSQD2BaUZwV0wyAwrgk6sB9lGaEtTS1Ci3Pu RLSWl4yHuoN3uRuPTFwAoF5Iq3kG+EwxNY363HDdWqhqDHI7U+7Uj+LRWSi9jy/t D2S30jvZHEvO7SqjgYdVhKPhNy6lgh1HLuoTTEMK+H5pQk3NnLKTld+d1MdB36F3 O/NrrnJiymF1NZgKri+OCy1T6UPOczfSGt9NkZF04DwSQ3a22tzwKg== =etwA -----END PGP SIGNATURE----- From meloadik at gmail.com Thu Feb 12 08:19:11 2015 From: meloadik at gmail.com (Ultramedia Libertad) Date: Thu, 12 Feb 2015 08:19:11 +0000 Subject: Invalid password in passdb: Not a valid MD5-CRYPT or PLAIN-MD5 password Message-ID: When using CRYPT to encrypt the password, you must put the following in dovecot-sql.conf.ext default_pass_scheme = CRYPT I hope this can help more people, in addition to leave you as I did my query: password_query = \ SELECT password \ FROM users WHERE login = '%u -- editor de sue?os From dovecot at daniel.thecshore.com Thu Feb 12 11:30:53 2015 From: dovecot at daniel.thecshore.com (Daniel Dickinson) Date: Thu, 12 Feb 2015 06:30:53 -0500 Subject: It works for two SMTP servers and cyrus-imap, why not Dovecot? In-Reply-To: <54DB05C6.9000901@daniel.thecshore.com> References: <54DB05C6.9000901@daniel.thecshore.com> Message-ID: <54DC8EED.2000405@daniel.thecshore.com> Ok, the patch doesn't actually fix the bug. It appeared to do so in that after running the server with the patch applied client certificate validation succeeded, however, it appears this bug is actually intermittent as, even with the patched package, the server is now complaining that the client has not provided a valid SSL certificate. This is definitely not true as the certificates, and in general verification of the same client-side certificates work, even with the same Thunderbird client, with postfix, exim, and cyrus-imapd. In short dovecot has some bug that causes verification of certificates presented by the client to fail, however the bug is not easy to debug as sometimes config changes work, but later, running the same config, things fail again. There appears to be some sort of caching even across client and server restarts that is coming into play and confusing the issue. Anyone know of SSL caching issues with Window 8.1, particular Thunderbird on that platform? Also why is this bug only affecting dovecot? There is some strangeness going on here, and, from web searching for the same issue, it appears others have run into the same issue and had no success in resolving it, despite also doing everything according to documentation. With dovecot 2.2.9 from Ubuntu (i.e. not patched version): The relevant config bits from dovecot -n are: auth_mechanisms = login plain digest-md5 cram-md5 auth_ssl_require_client_cert = yes ssl = required ssl_ca = Hi all, > > As I reported earlier (with a typo in the work [BUG]) client > certification validation *does not* work even if you do everything > exactly according to all documentation and attempts at helpful advice. > > I have seen this issue with both startssl.com and self-signed > certificates, and based on what I've seen from searching the web, this > is a problem that has gotten little attention because most people don't > bother, but are more than willing to give out useless advice on how to > make it work. > > Furthermore the issue does NOT occur with the cyrus-imap mail server, so > it is definitely a server-side issue. > > The actual issue is that the code for calling OpenSSL that constructs > the client certificate validation is in fact WRONG. > > I don't have a perfect patch as I was mostly interested in getting it > working for my needs and didn't bother with constructing the list of CA > names to send to the client, preferring to let OpenSSL handle all that > sort of thing. > > What it comes down to is that the code, which probably worked at one > point, was not correctly updated at some point and since then client > side certificate validation has been BROKEN. > > I have patched against 2.2.9, however I have seen this problem in the > versions in both Debian Wheezy and Debian Jessie as well. > > As you will see from the patch (which is an attachment as people tend to > complain that patches get mangled when you inline them, and even if I > have a good client I've gotten heck because the receiver didn't. > > Regards, > > Daniel > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From moiseev at mezonplus.ru Thu Feb 12 11:44:17 2015 From: moiseev at mezonplus.ru (Alexander Moisseev) Date: Thu, 12 Feb 2015 14:44:17 +0300 Subject: How to Delete an user and Purge attachements with a common directory mail_attachment_dir with SIS for all users. In-Reply-To: <54DA521E.2070704@mezonplus.ru> References: <54DA2591.5000904@yahoo.fr> <54DA521E.2070704@mezonplus.ru> Message-ID: <54DC9211.9060708@mezonplus.ru> On 12.02.2015 12:00, TN wrote: > Hello Alexander, > > Thank you for your answer, it is very helpfull for me. > > Just a little addon with your process to complet the deletion an user : > > # doveadm expunge -d -u johndoe mailbox '*' all > # doveadm -v purge -u johndoe (this command force attachment deletion immediatly ) > # rm -rf /var/mail/johndoe > > Thank you > > PS: Sorry to not reply to the dovecot list because i setup a digest for all answers. > Hi, Many thanks for your reply. It's a *very important* addition actually. There is lack of documentation on SIS. So I have done some experimenting and found out that the command # doveadm purge -u johndoe *is mandatory*. Without this step attachements will stay in mail_attachment_dir forever. Man doveadm-purge(1) states "doveadm-purge - Remove messages with refcount=0 from mdbox files", but actually it also removes attachments from mail_attachment_dir. -- Alexander From dominik at dominikbreu.de Thu Feb 12 11:57:43 2015 From: dominik at dominikbreu.de (Dominik Breu) Date: Thu, 12 Feb 2015 12:57:43 +0100 Subject: Missing amd64 on butobuild Server Message-ID: <1423742263.10970.1.camel@dominikbreu.de> Hello List, is there a Reason why the build server at http://xi.rename-it.nl/debian/ aren?t delivering amd64 since nearly an month? best regards dominik From stephan at rename-it.nl Thu Feb 12 12:23:24 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 12 Feb 2015 13:23:24 +0100 Subject: Missing amd64 on butobuild Server In-Reply-To: <1423742263.10970.1.camel@dominikbreu.de> References: <1423742263.10970.1.camel@dominikbreu.de> Message-ID: <54DC9B3C.7050607@rename-it.nl> Dominik Breu schreef op 12-2-2015 om 12:57: > Hello List, > > is there a Reason why the build server at http://xi.rename-it.nl/debian/ > aren?t delivering amd64 since nearly an month? Xi is broken at the moment. I hope to fix it today. Regards, Stephan. From martin at stefany.eu Thu Feb 12 14:47:27 2015 From: martin at stefany.eu (=?UTF-8?Q?Martin_=C5=A0tefany?=) Date: Thu, 12 Feb 2015 15:47:27 +0100 Subject: Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive Message-ID: <006aeefe195589cc49c03ad1be623dbf@stefany.eu> Hello, I've ran into problem with Dovecot and dsync replication. Everything works perfectly, including replication of sieve scripts, except fact that if user activates the 'managesieve' ruleset (I'm using currently Roundcubemail) on "mail1" host, it wouldn't be activated on "mail2" host, by creating symlink ".dovecot.sieve -> .sieve/managesieve.sieve". I've also tried to use 'replication_full_sync_interval', but symlink is not created anyway. I found 2 references already for this problem, but none came to any conclusion: http://dovecot.org/pipermail/dovecot/2014-June/096650.html http://www.dovecot.org/list/dovecot/2014-September/097857.html Here is the output from 'doveconf -n' from both hosts for reference :: mail1 :: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Core) auth_cache_size = 5 M auth_debug = yes auth_default_realm = example.com auth_gssapi_hostname = mail.example.com auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = plain gssapi auth_realms = example.com auth_verbose = yes doveadm_password = lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " fts fts_lucene notify quota replication virtual zlib" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox All { auto = create special_use = \All } mailbox Archives { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Templates { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } plugin { fts = lucene fts_autoindex = yes fts_lucene = whitespace_chars=@. mail_replica = tcps:mail2.example.com:10993 quota = maildir:User quota quota_rule = *:storage=4GB quota_rule2 = Trash:storage=+50MB sieve = ~/.dovecot.sieve sieve_after = /srv/sieve/after.d/ sieve_before = /srv/sieve/before.d/ sieve_default = /srv/sieve/default.d/dovecot.sieve sieve_dir = ~/.sieve sieve_global_dir = /srv/sieve/ zlib_save = gz zlib_save_level = 9 } postmaster_address = postmaster at example.com protocols = imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { group = vmail mode = 0660 user = vmail } unix_listener replication-notify { group = vmail mode = 0660 user = vmail } } service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } service doveadm { inet_listener { port = 10993 ssl = yes } } service imap-login { inet_listener imaps { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = vmail mode = 0660 user = vmail } } ssl_ca = lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " fts fts_lucene notify quota replication virtual zlib" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox All { auto = create special_use = \All } mailbox Archives { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Templates { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } plugin { fts = lucene fts_autoindex = yes fts_lucene = whitespace_chars=@. mail_replica = tcps:mail1.example.com:10993 quota = maildir:User quota quota_rule = *:storage=4GB quota_rule2 = Trash:storage=+50MB sieve = ~/.dovecot.sieve sieve_after = /srv/sieve/after.d/ sieve_before = /srv/sieve/before.d/ sieve_default = /srv/sieve/default.d/dovecot.sieve sieve_dir = ~/.sieve sieve_global_dir = /srv/sieve/ zlib_save = gz zlib_save_level = 9 } postmaster_address = postmaster at example.com protocols = imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { group = vmail mode = 0660 user = vmail } unix_listener replication-notify { group = vmail mode = 0660 user = vmail } } service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } service doveadm { inet_listener { port = 10993 ssl = yes } } service imap-login { inet_listener imaps { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = vmail mode = 0660 user = vmail } } ssl_ca = ??? .dovecot.lda-dupes ??? .dovecot.sieve -> .sieve/managesieve.sieve ??? .dovecot.svbin ??? Maildir ??? ??? .All ??? ??? ??? cur ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? .Archives ??? ??? ??? cur ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? cur ??? ??? dovecot.index.cache ??? ??? dovecot.index.log ??? ??? dovecot.index.thread ??? ??? dovecot-keywords ??? ??? dovecot.mailbox.log ??? ??? dovecot-uidlist ??? ??? dovecot-uidvalidity ??? ??? dovecot-uidvalidity.54dbb6f0 ??? ??? .Drafts ??? ??? ??? cur ??? ??? ??? dovecot.index.cache ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? .Junk ??? ??? ??? cur ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? lucene-indexes ??? ??? ??? _k.cfs ??? ??? ??? segments_17 ??? ??? ??? segments.gen ??? ??? maildirfolder ??? ??? maildirsize ??? ??? new ??? ??? .Sent ??? ??? ??? cur ??? ??? ??? dovecot.index.cache ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? subscriptions ??? ??? .Templates ??? ??? ??? cur ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? tmp ??? ??? .Trash ??? ??? cur ??? ??? dovecot.index.log ??? ??? dovecot-uidlist ??? ??? maildirfolder ??? ??? new ??? ??? tmp ??? .sieve ??? managesieve.sieve ??? tmp [root at mail2 ~]# tree -a /srv /srv ??? sieve ??? ??? after.d ??? ??? before.d ??? ??? ??? spam.sieve ??? ??? ??? spam.svbin ??? ??? default.d ??? vmail ??? example.com ??? ??? Maildir ??? ??? .All ??? ??? ??? cur ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? .Archives ??? ??? ??? cur ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? cur ??? ??? dovecot.index.cache ??? ??? dovecot.index.log ??? ??? dovecot-keywords ??? ??? dovecot.mailbox.log ??? ??? dovecot-uidlist ??? ??? dovecot-uidvalidity ??? ??? dovecot-uidvalidity.54dbb6f5 ??? ??? .Drafts ??? ??? ??? cur ??? ??? ??? dovecot.index.cache ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? .Junk ??? ??? ??? cur ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? lucene-indexes ??? ??? ??? _k.cfs ??? ??? ??? segments_17 ??? ??? ??? segments.gen ??? ??? maildirfolder ??? ??? maildirsize ??? ??? new ??? ??? .Sent ??? ??? ??? cur ??? ??? ??? dovecot.index.cache ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? subscriptions ??? ??? .Templates ??? ??? ??? cur ??? ??? ??? dovecot.index.log ??? ??? ??? dovecot-uidlist ??? ??? ??? maildirfolder ??? ??? ??? new ??? ??? ??? tmp ??? ??? tmp ??? ??? .Trash ??? ??? cur ??? ??? dovecot.index.log ??? ??? dovecot-uidlist ??? ??? maildirfolder ??? ??? new ??? ??? tmp ??? .sieve ??? managesieve.sieve ??? tmp Thanks a lot for Dovecot anyway! ;) Martin From andre.peters at debinux.de Thu Feb 12 14:51:30 2015 From: andre.peters at debinux.de (=?windows-1252?Q?Andr=E9_Peters?=) Date: Thu, 12 Feb 2015 15:51:30 +0100 Subject: Controlling inactivity timeout for IMAP In-Reply-To: References: Message-ID: <54DCBDF2.9000909@debinux.de> I was following this in hope someone would answer. As a workaround I recommend to set up a POP3 connection with a low polling interval (besides using a TCP Proxy...). Andr? Am 07.02.2015 um 07:15 schrieb Joseph Tam: > > I have a problem with a user who uses a wireless carrier that keeps > changing his IP as he travels throughout the city. From the perspective > of our dovecot IMAP server, the user keeps logging in from another IP, > and after a short while, hits up against the mail_max_userip_connections > limit. It takes 30 minutes before those orphaned connections times out. > > Is there any way to decrease the IMAP idle timeout other than to > recompile dovecot with a new value? > > imap-common.h:#define CLIENT_IDLE_TIMEOUT_MSECS (60*30*1000) > > For example, will this work? > > service imap { > idle_kill = 600 > } > > Joseph Tam -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5622 bytes Desc: S/MIME Cryptographic Signature URL: From lhw+dovecot at ring0.de Thu Feb 12 15:36:20 2015 From: lhw+dovecot at ring0.de (Lennart Weller) Date: Thu, 12 Feb 2015 16:36:20 +0100 Subject: [Patch] Allow for more than one recipient_delimiter (a la postfix 2.11) Message-ID: <20150212153620.GA14028@lhw.ring0.de> Hey everyone, as my previous emails apparently got stuck in a spam filter I'll try this again. The patches attached here allow for more than one recipient delimiter in the address. Which is allowed in postfix since version 2.11. E.g. lhw+postfix at ring0.de would be equal to lhw-postfix at ring0.de if configured that way. Same as postfix only the first discovered delimiter is taken into account and the priority is first to last in the list. Lennart -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot.patch Type: text/x-diff Size: 2734 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pigeonhole.patch Type: text/x-diff Size: 657 bytes Desc: not available URL: From claus.r at bayern-mail.de Thu Feb 12 17:20:19 2015 From: claus.r at bayern-mail.de (Claus) Date: Thu, 12 Feb 2015 18:20:19 +0100 Subject: Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive In-Reply-To: <006aeefe195589cc49c03ad1be623dbf@stefany.eu> References: <006aeefe195589cc49c03ad1be623dbf@stefany.eu> Message-ID: <54DCE0D3.8060800@bayern-mail.de> Am 12.02.2015 um 15:47 schrieb Martin ?tefany: > Hello, > > I've ran into problem with Dovecot and dsync replication. Everything > works perfectly, including replication of sieve scripts, except fact > that if user activates the 'managesieve' ruleset (I'm using currently > Roundcubemail) on "mail1" host, it wouldn't be activated on "mail2" > host, by creating symlink ".dovecot.sieve -> > .sieve/managesieve.sieve". I've also tried to use > 'replication_full_sync_interval', but symlink is not created anyway. > > I found 2 references already for this problem, but none came to any > conclusion: > > http://dovecot.org/pipermail/dovecot/2014-June/096650.html > http://www.dovecot.org/list/dovecot/2014-September/097857.html > > > Here is the output from 'doveconf -n' from both hosts for reference :: > > mail1 :: > # 2.2.10: /etc/dovecot/dovecot.conf > # OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 CentOS Linux release > 7.0.1406 (Core) > auth_cache_size = 5 M > auth_debug = yes > auth_default_realm = example.com > auth_gssapi_hostname = mail.example.com > auth_krb5_keytab = /etc/dovecot/dovecot.keytab > auth_mechanisms = plain gssapi > auth_realms = example.com > auth_verbose = yes > doveadm_password = > lmtp_save_to_detail_mailbox = yes > mail_debug = yes > mail_location = maildir:~/Maildir > mail_plugins = " fts fts_lucene notify quota replication virtual zlib" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date ihave > namespace inbox { > inbox = yes > location = > mailbox All { > auto = create > special_use = \All > } > mailbox Archives { > auto = subscribe > special_use = \Archive > } > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Templates { > auto = subscribe > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = / > type = private > } > passdb { > args = /etc/dovecot/dovecot-ldap-passdb.conf.ext > driver = ldap > } > plugin { > fts = lucene > fts_autoindex = yes > fts_lucene = whitespace_chars=@. > mail_replica = tcps:mail2.example.com:10993 > quota = maildir:User quota > quota_rule = *:storage=4GB > quota_rule2 = Trash:storage=+50MB > sieve = ~/.dovecot.sieve > sieve_after = /srv/sieve/after.d/ > sieve_before = /srv/sieve/before.d/ > sieve_default = /srv/sieve/default.d/dovecot.sieve > sieve_dir = ~/.sieve > sieve_global_dir = /srv/sieve/ > zlib_save = gz > zlib_save_level = 9 > } > postmaster_address = postmaster at example.com > protocols = imap lmtp sieve > service aggregator { > fifo_listener replication-notify-fifo { > group = vmail > mode = 0660 > user = vmail > } > unix_listener replication-notify { > group = vmail > mode = 0660 > user = vmail > } > } > service auth { > unix_listener /var/spool/postfix/private/dovecot-auth { > group = postfix > mode = 0660 > user = postfix > } > } > service doveadm { > inet_listener { > port = 10993 > ssl = yes > } > } > service imap-login { > inet_listener imaps { > port = 0 > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > service_count = 1 > } > service replicator { > process_min_avail = 1 > unix_listener replicator-doveadm { > group = vmail > mode = 0660 > user = vmail > } > } > ssl_ca = ssl_cert = ssl_cipher_list = > EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA > ssl_client_ca_file = /etc/ipa/ca.crt > ssl_client_cert = ssl_client_key = ssl_key = ssl_parameters_regenerate = 1 weeks > ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv2 !SSLv3 > userdb { > args = /etc/dovecot/dovecot-ldap-userdb.conf.ext > driver = ldap > override_fields = gid=vmail home=/srv/vmail/example.com/%n > } > verbose_ssl = yes > protocol lmtp { > mail_plugins = " fts fts_lucene notify quota replication virtual > zlib sieve" > } > protocol imap { > mail_plugins = " fts fts_lucene notify quota replication virtual > zlib imap_quota imap_zlib" > } > > > mail2 :: > # 2.2.10: /etc/dovecot/dovecot.conf > # OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 CentOS Linux release > 7.0.1406 (Core) > auth_cache_size = 5 M > auth_debug = yes > auth_default_realm = example.com > auth_gssapi_hostname = mail.example.com > auth_krb5_keytab = /etc/dovecot/dovecot.keytab > auth_mechanisms = plain gssapi > auth_realms = example.com > auth_verbose = yes > doveadm_password = > lmtp_save_to_detail_mailbox = yes > mail_debug = yes > mail_location = maildir:~/Maildir > mail_plugins = " fts fts_lucene notify quota replication virtual zlib" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date ihave > namespace inbox { > inbox = yes > location = > mailbox All { > auto = create > special_use = \All > } > mailbox Archives { > auto = subscribe > special_use = \Archive > } > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Templates { > auto = subscribe > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = / > type = private > } > passdb { > args = /etc/dovecot/dovecot-ldap-passdb.conf.ext > driver = ldap > } > plugin { > fts = lucene > fts_autoindex = yes > fts_lucene = whitespace_chars=@. > mail_replica = tcps:mail1.example.com:10993 > quota = maildir:User quota > quota_rule = *:storage=4GB > quota_rule2 = Trash:storage=+50MB > sieve = ~/.dovecot.sieve > sieve_after = /srv/sieve/after.d/ > sieve_before = /srv/sieve/before.d/ > sieve_default = /srv/sieve/default.d/dovecot.sieve > sieve_dir = ~/.sieve > sieve_global_dir = /srv/sieve/ > zlib_save = gz > zlib_save_level = 9 > } > postmaster_address = postmaster at example.com > protocols = imap lmtp sieve > service aggregator { > fifo_listener replication-notify-fifo { > group = vmail > mode = 0660 > user = vmail > } > unix_listener replication-notify { > group = vmail > mode = 0660 > user = vmail > } > } > service auth { > unix_listener /var/spool/postfix/private/dovecot-auth { > group = postfix > mode = 0660 > user = postfix > } > } > service doveadm { > inet_listener { > port = 10993 > ssl = yes > } > } > service imap-login { > inet_listener imaps { > port = 0 > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > service_count = 1 > } > service replicator { > process_min_avail = 1 > unix_listener replicator-doveadm { > group = vmail > mode = 0660 > user = vmail > } > } > ssl_ca = ssl_cert = ssl_cipher_list = > EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA > ssl_client_ca_file = /etc/ipa/ca.crt > ssl_client_cert = ssl_client_key = ssl_key = ssl_parameters_regenerate = 1 weeks > ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv2 !SSLv3 > userdb { > args = /etc/dovecot/dovecot-ldap-userdb.conf.ext > driver = ldap > override_fields = gid=vmail home=/srv/vmail/example.com/%n > } > verbose_ssl = yes > protocol lmtp { > mail_plugins = " fts fts_lucene notify quota replication virtual > zlib sieve" > } > protocol imap { > mail_plugins = " fts fts_lucene notify quota replication virtual > zlib imap_quota imap_zlib" > } > > > > And reference directory structure :: > [root at mail1 ~]# tree -a /srv > /srv > ??? sieve > ? ??? after.d > ? ??? before.d > ? ? ??? spam.sieve > ? ? ??? spam.svbin > ? ??? default.d > ??? vmail > ??? example.com > ??? > ??? .dovecot.lda-dupes > ??? .dovecot.sieve -> .sieve/managesieve.sieve > ??? .dovecot.svbin > ??? Maildir > ? ??? .All > ? ? ??? cur > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? .Archives > ? ? ??? cur > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? cur > ? ??? dovecot.index.cache > ? ??? dovecot.index.log > ? ??? dovecot.index.thread > ? ??? dovecot-keywords > ? ??? dovecot.mailbox.log > ? ??? dovecot-uidlist > ? ??? dovecot-uidvalidity > ? ??? dovecot-uidvalidity.54dbb6f0 > ? ??? .Drafts > ? ? ??? cur > ? ? ??? dovecot.index.cache > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? .Junk > ? ? ??? cur > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? lucene-indexes > ? ? ??? _k.cfs > ? ? ??? segments_17 > ? ? ??? segments.gen > ? ??? maildirfolder > ? ??? maildirsize > ? ??? new > ? ??? .Sent > ? ? ??? cur > ? ? ??? dovecot.index.cache > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? subscriptions > ? ??? .Templates > ? ? ??? cur > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? tmp > ? ??? .Trash > ? ??? cur > ? ??? dovecot.index.log > ? ??? dovecot-uidlist > ? ??? maildirfolder > ? ??? new > ? ??? tmp > ??? .sieve > ??? managesieve.sieve > ??? tmp > > > [root at mail2 ~]# tree -a /srv > /srv > ??? sieve > ? ??? after.d > ? ??? before.d > ? ? ??? spam.sieve > ? ? ??? spam.svbin > ? ??? default.d > ??? vmail > ??? example.com > ??? > ??? Maildir > ? ??? .All > ? ? ??? cur > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? .Archives > ? ? ??? cur > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? cur > ? ??? dovecot.index.cache > ? ??? dovecot.index.log > ? ??? dovecot-keywords > ? ??? dovecot.mailbox.log > ? ??? dovecot-uidlist > ? ??? dovecot-uidvalidity > ? ??? dovecot-uidvalidity.54dbb6f5 > ? ??? .Drafts > ? ? ??? cur > ? ? ??? dovecot.index.cache > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? .Junk > ? ? ??? cur > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? lucene-indexes > ? ? ??? _k.cfs > ? ? ??? segments_17 > ? ? ??? segments.gen > ? ??? maildirfolder > ? ??? maildirsize > ? ??? new > ? ??? .Sent > ? ? ??? cur > ? ? ??? dovecot.index.cache > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? subscriptions > ? ??? .Templates > ? ? ??? cur > ? ? ??? dovecot.index.log > ? ? ??? dovecot-uidlist > ? ? ??? maildirfolder > ? ? ??? new > ? ? ??? tmp > ? ??? tmp > ? ??? .Trash > ? ??? cur > ? ??? dovecot.index.log > ? ??? dovecot-uidlist > ? ??? maildirfolder > ? ??? new > ? ??? tmp > ??? .sieve > ??? managesieve.sieve > ??? tmp > > Thanks a lot for Dovecot anyway! ;) > > Martin Hi Martin, the problem was fixed in pigeonhole-0.4.4. I recommend to use dovecot-2.2.15 with newest pigeonhole-0.4.6. Claus From ben at electricembers.coop Thu Feb 12 18:35:14 2015 From: ben at electricembers.coop (Benjamin Connelly) Date: Thu, 12 Feb 2015 10:35:14 -0800 Subject: curious when certain patches might become part of a release Message-ID: <1423766114.29700.6.camel@werk> We ran in to this same problem others discussed in this thread: http://dovecot.org/list/dovecot/2014-November/098927.html and have also applied the patches (31262a892ba7 and 80ed82a93c1a) and it seems to have stopped the panics. We usually just use the FreeBSD ports tree to install software, so I'm looking forward to the time when we can go back to that. Will those patches be part of the next release? Benjamin From martin at stefany.eu Thu Feb 12 20:30:31 2015 From: martin at stefany.eu (=?UTF-8?Q?Martin_=C5=A0tefany?=) Date: Thu, 12 Feb 2015 21:30:31 +0100 Subject: Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive In-Reply-To: <54DCE0D3.8060800@bayern-mail.de> References: <006aeefe195589cc49c03ad1be623dbf@stefany.eu> <54DCE0D3.8060800@bayern-mail.de> Message-ID: <4421084b9e89d42ab11142d66812a2ea@stefany.eu> Hello Claus, I've installed dovecot-2.2.15-3.fc20.x86_64.rpm + dovecot-pigeonhole-2.2.15-3.fc20.x86_64.rpm from Fedora guys and it works like a charm. Thank you! Martin D?a 12.2.2015 18:20 Claus nap?sal(a): > Am 12.02.2015 um 15:47 schrieb Martin ?tefany: >> Hello, >> >> I've ran into problem with Dovecot and dsync replication. Everything >> works perfectly, including replication of sieve scripts, except fact >> that if user activates the 'managesieve' ruleset (I'm using currently >> Roundcubemail) on "mail1" host, it wouldn't be activated on "mail2" >> host, by creating symlink ".dovecot.sieve -> >> .sieve/managesieve.sieve". I've also tried to use >> 'replication_full_sync_interval', but symlink is not created anyway. >> >> I found 2 references already for this problem, but none came to any >> conclusion: >> >> http://dovecot.org/pipermail/dovecot/2014-June/096650.html >> http://www.dovecot.org/list/dovecot/2014-September/097857.html >> >> >> Here is the output from 'doveconf -n' from both hosts for reference :: >> >> mail1 :: >> # 2.2.10: /etc/dovecot/dovecot.conf >> # OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 CentOS Linux release >> 7.0.1406 (Core) >> auth_cache_size = 5 M >> auth_debug = yes >> auth_default_realm = example.com >> auth_gssapi_hostname = mail.example.com >> auth_krb5_keytab = /etc/dovecot/dovecot.keytab >> auth_mechanisms = plain gssapi >> auth_realms = example.com >> auth_verbose = yes >> doveadm_password = >> lmtp_save_to_detail_mailbox = yes >> mail_debug = yes >> mail_location = maildir:~/Maildir >> mail_plugins = " fts fts_lucene notify quota replication virtual zlib" >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope >> encoded-character vacation subaddress comparator-i;ascii-numeric >> relational regex imap4flags copy include variables body enotify >> environment mailbox date ihave >> namespace inbox { >> inbox = yes >> location = >> mailbox All { >> auto = create >> special_use = \All >> } >> mailbox Archives { >> auto = subscribe >> special_use = \Archive >> } >> mailbox Drafts { >> auto = subscribe >> special_use = \Drafts >> } >> mailbox Junk { >> auto = subscribe >> special_use = \Junk >> } >> mailbox Sent { >> auto = subscribe >> special_use = \Sent >> } >> mailbox Templates { >> auto = subscribe >> } >> mailbox Trash { >> auto = subscribe >> special_use = \Trash >> } >> prefix = >> separator = / >> type = private >> } >> passdb { >> args = /etc/dovecot/dovecot-ldap-passdb.conf.ext >> driver = ldap >> } >> plugin { >> fts = lucene >> fts_autoindex = yes >> fts_lucene = whitespace_chars=@. >> mail_replica = tcps:mail2.example.com:10993 >> quota = maildir:User quota >> quota_rule = *:storage=4GB >> quota_rule2 = Trash:storage=+50MB >> sieve = ~/.dovecot.sieve >> sieve_after = /srv/sieve/after.d/ >> sieve_before = /srv/sieve/before.d/ >> sieve_default = /srv/sieve/default.d/dovecot.sieve >> sieve_dir = ~/.sieve >> sieve_global_dir = /srv/sieve/ >> zlib_save = gz >> zlib_save_level = 9 >> } >> postmaster_address = postmaster at example.com >> protocols = imap lmtp sieve >> service aggregator { >> fifo_listener replication-notify-fifo { >> group = vmail >> mode = 0660 >> user = vmail >> } >> unix_listener replication-notify { >> group = vmail >> mode = 0660 >> user = vmail >> } >> } >> service auth { >> unix_listener /var/spool/postfix/private/dovecot-auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service doveadm { >> inet_listener { >> port = 10993 >> ssl = yes >> } >> } >> service imap-login { >> inet_listener imaps { >> port = 0 >> } >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service managesieve-login { >> inet_listener sieve { >> port = 4190 >> } >> service_count = 1 >> } >> service replicator { >> process_min_avail = 1 >> unix_listener replicator-doveadm { >> group = vmail >> mode = 0660 >> user = vmail >> } >> } >> ssl_ca = > ssl_cert = > ssl_cipher_list = >> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA >> ssl_client_ca_file = /etc/ipa/ca.crt >> ssl_client_cert = > ssl_client_key = > ssl_key = > ssl_parameters_regenerate = 1 weeks >> ssl_prefer_server_ciphers = yes >> ssl_protocols = !SSLv2 !SSLv3 >> userdb { >> args = /etc/dovecot/dovecot-ldap-userdb.conf.ext >> driver = ldap >> override_fields = gid=vmail home=/srv/vmail/example.com/%n >> } >> verbose_ssl = yes >> protocol lmtp { >> mail_plugins = " fts fts_lucene notify quota replication virtual >> zlib sieve" >> } >> protocol imap { >> mail_plugins = " fts fts_lucene notify quota replication virtual >> zlib imap_quota imap_zlib" >> } >> >> >> mail2 :: >> # 2.2.10: /etc/dovecot/dovecot.conf >> # OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 CentOS Linux release >> 7.0.1406 (Core) >> auth_cache_size = 5 M >> auth_debug = yes >> auth_default_realm = example.com >> auth_gssapi_hostname = mail.example.com >> auth_krb5_keytab = /etc/dovecot/dovecot.keytab >> auth_mechanisms = plain gssapi >> auth_realms = example.com >> auth_verbose = yes >> doveadm_password = >> lmtp_save_to_detail_mailbox = yes >> mail_debug = yes >> mail_location = maildir:~/Maildir >> mail_plugins = " fts fts_lucene notify quota replication virtual zlib" >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope >> encoded-character vacation subaddress comparator-i;ascii-numeric >> relational regex imap4flags copy include variables body enotify >> environment mailbox date ihave >> namespace inbox { >> inbox = yes >> location = >> mailbox All { >> auto = create >> special_use = \All >> } >> mailbox Archives { >> auto = subscribe >> special_use = \Archive >> } >> mailbox Drafts { >> auto = subscribe >> special_use = \Drafts >> } >> mailbox Junk { >> auto = subscribe >> special_use = \Junk >> } >> mailbox Sent { >> auto = subscribe >> special_use = \Sent >> } >> mailbox Templates { >> auto = subscribe >> } >> mailbox Trash { >> auto = subscribe >> special_use = \Trash >> } >> prefix = >> separator = / >> type = private >> } >> passdb { >> args = /etc/dovecot/dovecot-ldap-passdb.conf.ext >> driver = ldap >> } >> plugin { >> fts = lucene >> fts_autoindex = yes >> fts_lucene = whitespace_chars=@. >> mail_replica = tcps:mail1.example.com:10993 >> quota = maildir:User quota >> quota_rule = *:storage=4GB >> quota_rule2 = Trash:storage=+50MB >> sieve = ~/.dovecot.sieve >> sieve_after = /srv/sieve/after.d/ >> sieve_before = /srv/sieve/before.d/ >> sieve_default = /srv/sieve/default.d/dovecot.sieve >> sieve_dir = ~/.sieve >> sieve_global_dir = /srv/sieve/ >> zlib_save = gz >> zlib_save_level = 9 >> } >> postmaster_address = postmaster at example.com >> protocols = imap lmtp sieve >> service aggregator { >> fifo_listener replication-notify-fifo { >> group = vmail >> mode = 0660 >> user = vmail >> } >> unix_listener replication-notify { >> group = vmail >> mode = 0660 >> user = vmail >> } >> } >> service auth { >> unix_listener /var/spool/postfix/private/dovecot-auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service doveadm { >> inet_listener { >> port = 10993 >> ssl = yes >> } >> } >> service imap-login { >> inet_listener imaps { >> port = 0 >> } >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service managesieve-login { >> inet_listener sieve { >> port = 4190 >> } >> service_count = 1 >> } >> service replicator { >> process_min_avail = 1 >> unix_listener replicator-doveadm { >> group = vmail >> mode = 0660 >> user = vmail >> } >> } >> ssl_ca = > ssl_cert = > ssl_cipher_list = >> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA >> ssl_client_ca_file = /etc/ipa/ca.crt >> ssl_client_cert = > ssl_client_key = > ssl_key = > ssl_parameters_regenerate = 1 weeks >> ssl_prefer_server_ciphers = yes >> ssl_protocols = !SSLv2 !SSLv3 >> userdb { >> args = /etc/dovecot/dovecot-ldap-userdb.conf.ext >> driver = ldap >> override_fields = gid=vmail home=/srv/vmail/example.com/%n >> } >> verbose_ssl = yes >> protocol lmtp { >> mail_plugins = " fts fts_lucene notify quota replication virtual >> zlib sieve" >> } >> protocol imap { >> mail_plugins = " fts fts_lucene notify quota replication virtual >> zlib imap_quota imap_zlib" >> } >> >> >> >> And reference directory structure :: >> [root at mail1 ~]# tree -a /srv >> /srv >> ??? sieve >> ? ??? after.d >> ? ??? before.d >> ? ? ??? spam.sieve >> ? ? ??? spam.svbin >> ? ??? default.d >> ??? vmail >> ??? example.com >> ??? >> ??? .dovecot.lda-dupes >> ??? .dovecot.sieve -> .sieve/managesieve.sieve >> ??? .dovecot.svbin >> ??? Maildir >> ? ??? .All >> ? ? ??? cur >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? .Archives >> ? ? ??? cur >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? cur >> ? ??? dovecot.index.cache >> ? ??? dovecot.index.log >> ? ??? dovecot.index.thread >> ? ??? dovecot-keywords >> ? ??? dovecot.mailbox.log >> ? ??? dovecot-uidlist >> ? ??? dovecot-uidvalidity >> ? ??? dovecot-uidvalidity.54dbb6f0 >> ? ??? .Drafts >> ? ? ??? cur >> ? ? ??? dovecot.index.cache >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? .Junk >> ? ? ??? cur >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? lucene-indexes >> ? ? ??? _k.cfs >> ? ? ??? segments_17 >> ? ? ??? segments.gen >> ? ??? maildirfolder >> ? ??? maildirsize >> ? ??? new >> ? ??? .Sent >> ? ? ??? cur >> ? ? ??? dovecot.index.cache >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? subscriptions >> ? ??? .Templates >> ? ? ??? cur >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? tmp >> ? ??? .Trash >> ? ??? cur >> ? ??? dovecot.index.log >> ? ??? dovecot-uidlist >> ? ??? maildirfolder >> ? ??? new >> ? ??? tmp >> ??? .sieve >> ??? managesieve.sieve >> ??? tmp >> >> >> [root at mail2 ~]# tree -a /srv >> /srv >> ??? sieve >> ? ??? after.d >> ? ??? before.d >> ? ? ??? spam.sieve >> ? ? ??? spam.svbin >> ? ??? default.d >> ??? vmail >> ??? example.com >> ??? >> ??? Maildir >> ? ??? .All >> ? ? ??? cur >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? .Archives >> ? ? ??? cur >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? cur >> ? ??? dovecot.index.cache >> ? ??? dovecot.index.log >> ? ??? dovecot-keywords >> ? ??? dovecot.mailbox.log >> ? ??? dovecot-uidlist >> ? ??? dovecot-uidvalidity >> ? ??? dovecot-uidvalidity.54dbb6f5 >> ? ??? .Drafts >> ? ? ??? cur >> ? ? ??? dovecot.index.cache >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? .Junk >> ? ? ??? cur >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? lucene-indexes >> ? ? ??? _k.cfs >> ? ? ??? segments_17 >> ? ? ??? segments.gen >> ? ??? maildirfolder >> ? ??? maildirsize >> ? ??? new >> ? ??? .Sent >> ? ? ??? cur >> ? ? ??? dovecot.index.cache >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? subscriptions >> ? ??? .Templates >> ? ? ??? cur >> ? ? ??? dovecot.index.log >> ? ? ??? dovecot-uidlist >> ? ? ??? maildirfolder >> ? ? ??? new >> ? ? ??? tmp >> ? ??? tmp >> ? ??? .Trash >> ? ??? cur >> ? ??? dovecot.index.log >> ? ??? dovecot-uidlist >> ? ??? maildirfolder >> ? ??? new >> ? ??? tmp >> ??? .sieve >> ??? managesieve.sieve >> ??? tmp >> >> Thanks a lot for Dovecot anyway! ;) >> >> Martin > Hi Martin, > > the problem was fixed in pigeonhole-0.4.4. > I recommend to use dovecot-2.2.15 with newest pigeonhole-0.4.6. > > Claus From lucabert at lucabert.de Thu Feb 12 21:03:01 2015 From: lucabert at lucabert.de (Luca Bertoncello) Date: Thu, 12 Feb 2015 22:03:01 +0100 Subject: Enabling mod-sequences Message-ID: <20150212220301.7f14efdc@frodo.lucabert.intra> Hi list! I have Dovecot 1.2.9 from Ubuntu repositories on my server. Now I installed Horde and it give me sometimes the error "Mailbox does not support mod-sequences". Well, I must say, that I didn't know these mod-sequences, but I can' know all... Well, the question now is: how can I enable the support of the mod-sequences on the mailboxes of my Server? I searched in the Dovecot-Wiki, but I didn't found anything... Thanks a lot for your help Luca Bertoncello (lucabert at lucabert.de) From superinterstellar at gmail.com Fri Feb 13 03:59:03 2015 From: superinterstellar at gmail.com (Kevin Laurie) Date: Fri, 13 Feb 2015 11:59:03 +0800 Subject: examples of shared shared-mailboxes.db Message-ID: Hello, I need help. i am trying to configure shared in boxes. I need to create a dictionary for shared inbox. how does 1 write shared-mailboxes.db dictionary? any example for the syntax/config? thanks kevin Below is part of the config i am trying to achieve:- plugin { acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db } From andre.peters at debinux.de Fri Feb 13 04:45:46 2015 From: andre.peters at debinux.de (=?UTF-8?B?QW5kcsOpIFBldGVycw==?=) Date: Fri, 13 Feb 2015 05:45:46 +0100 Subject: examples of shared shared-mailboxes.db In-Reply-To: References: Message-ID: <54DD817A.9020504@debinux.de> Hi, that looks correct. I am not sure if this was necessary, but I "touched" the file before starting Dovecot... You also need to have the correct permissions set. Andr? Am 13.02.2015 um 04:59 schrieb Kevin Laurie: > Hello, > > I need help. i am trying to configure shared in boxes. > I need to create a dictionary for shared inbox. > how does 1 write shared-mailboxes.db dictionary? > any example for the syntax/config? > thanks > kevin > > Below is part of the config i am trying to achieve:- > > plugin { > acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db > } > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5622 bytes Desc: S/MIME Cryptographic Signature URL: From skdovecot at smail.inf.fh-brs.de Fri Feb 13 07:22:37 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 13 Feb 2015 08:22:37 +0100 (CET) Subject: curious when certain patches might become part of a release In-Reply-To: <1423766114.29700.6.camel@werk> References: <1423766114.29700.6.camel@werk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 12 Feb 2015, Benjamin Connelly wrote: > We ran in to this same problem others discussed in this thread: > > http://dovecot.org/list/dovecot/2014-November/098927.html > > and have also applied the patches (31262a892ba7 and 80ed82a93c1a) and it > seems to have stopped the panics. We usually just use the FreeBSD ports > tree to install software, so I'm looking forward to the time when we can > go back to that. Will those patches be part of the next release? you have to ask this question the FreeBSD maintainer of the Dovecot package. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVN2mPnz1H7kL/d9rAQINMgf/Wq77+rLBCt9MbLwpItAga1aJH20hmaW+ 15+82sQ4/wGAR81RARiFR1hftz29Rdc/p4ZtOvNg2uE9VWpKUnRg/5DJA/ey3n26 Ns1mt7Qfn4V+ed1S7YYkJp4+MMqEDt+lMdCpau7koabU55S+thqUdsGBXBEGQgYe ElWnnb4p9TJEM5c2zRrI0D3M0yAXxCaG8qfPPYVc3vKXQq7siss42w/MBstmbBgY N48N18vqYNuSRdwjXlKzV1wSzodTEtnTsUTmMbngxl//kmyyyNhv5+xVh/EGj5IE jsFbrw0vZhg/vdAPZQUeeBRrdnid5BgVp4Pfdxs5SyhMbCZUkQzsKA== =2qFL -----END PGP SIGNATURE----- From superinterstellar at gmail.com Fri Feb 13 07:47:45 2015 From: superinterstellar at gmail.com (Kevin Laurie) Date: Fri, 13 Feb 2015 15:47:45 +0800 Subject: examples of shared shared-mailboxes.db In-Reply-To: <54DD817A.9020504@debinux.de> References: <54DD817A.9020504@debinux.de> Message-ID: Dear Andre, Thanks for yr reply. What do i include in the file shared-mailboxes.db ? As in the input. Is it really plain text ? So for example i write into the file shared-mailbox.db :- shared at domain.net shared2 at domain.net etc... Is it like that or what kind of syntax needs to be used? On Fri, Feb 13, 2015 at 12:45 PM, Andr? Peters wrote: > Hi, > > that looks correct. I am not sure if this was necessary, but I "touched" > the file before starting Dovecot... > You also need to have the correct permissions set. > > Andr? > > Am 13.02.2015 um 04:59 schrieb Kevin Laurie: > > Hello, >> >> I need help. i am trying to configure shared in boxes. >> I need to create a dictionary for shared inbox. >> how does 1 write shared-mailboxes.db dictionary? >> any example for the syntax/config? >> thanks >> kevin >> >> Below is part of the config i am trying to achieve:- >> >> plugin { >> acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db >> } >> >> > From slusarz at curecanti.org Fri Feb 13 07:52:44 2015 From: slusarz at curecanti.org (Michael M Slusarz) Date: Fri, 13 Feb 2015 00:52:44 -0700 Subject: Enabling mod-sequences In-Reply-To: <20150212220301.7f14efdc@frodo.lucabert.intra> Message-ID: <20150213005244.Horde._kHYzmX_eL-sYdsUmd5QIg1@bigworm.curecanti.org> Quoting Luca Bertoncello : > I have Dovecot 1.2.9 from Ubuntu repositories on my server. > Now I installed Horde and it give me sometimes the error "Mailbox does not > support mod-sequences". This would happen if trying to do obtain MODSEQ on a mailbox that has mod-sequences disabled. That error should be caught and not be user-visible (I recall fixing something like that a while back, but in any case that's a topic for the Horde/IMP lists, not here). > Well, I must say, that I didn't know these mod-sequences, but I can' know > all... > > Well, the question now is: how can I enable the support of the mod-sequences > on the mailboxes of my Server? You probably do have mod-sequences available in general. But for whatever reason a particular mailbox doesn't support it. This can be do to a variety of reasons (e.g read-only access to underlying data storage). michael From andre.peters at debinux.de Fri Feb 13 08:03:55 2015 From: andre.peters at debinux.de (=?UTF-8?B?QW5kcsOpIFBldGVycw==?=) Date: Fri, 13 Feb 2015 09:03:55 +0100 Subject: examples of shared shared-mailboxes.db In-Reply-To: References: <54DD817A.9020504@debinux.de> Message-ID: <54DDAFEB.1010208@debinux.de> Hi Kevin, You don't put anything into it by yourself. This file only helps Dovecot to lookup shares to prevent iterating through every users mailbox. When you create a share, Dovecot places a plain-text entry inside this file. When a user logs in, Dovecot asks its acl "database" in whose mail directory it should look for a share. An entry could look like this: shared/shared-boxes/user/shared-for-user at domain.tld/shared-by at domain.tld You don't have to put a .db ending to that file. You could name it shares.txt, too. Important: "file:". Andr? Am 13.02.2015 um 08:47 schrieb Kevin Laurie: > Dear Andre, > Thanks for yr reply. > What do i include in the file shared-mailboxes.db ? > As in the input. Is it really plain text ? > So for example i write into the file shared-mailbox.db :- > shared at domain.net > shared2 at domain.net etc... > > Is it like that or what kind of syntax needs to be used? > > > > On Fri, Feb 13, 2015 at 12:45 PM, Andr? Peters > wrote: > >> Hi, >> >> that looks correct. I am not sure if this was necessary, but I "touched" >> the file before starting Dovecot... >> You also need to have the correct permissions set. >> >> Andr? >> >> Am 13.02.2015 um 04:59 schrieb Kevin Laurie: >> >> Hello, >>> >>> I need help. i am trying to configure shared in boxes. >>> I need to create a dictionary for shared inbox. >>> how does 1 write shared-mailboxes.db dictionary? >>> any example for the syntax/config? >>> thanks >>> kevin >>> >>> Below is part of the config i am trying to achieve:- >>> >>> plugin { >>> acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db >>> } >>> >>> >> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5622 bytes Desc: S/MIME Cryptographic Signature URL: From lucabert at lucabert.de Fri Feb 13 08:20:58 2015 From: lucabert at lucabert.de (Luca Bertoncello) Date: Fri, 13 Feb 2015 08:20:58 +0000 Subject: Enabling mod-sequences In-Reply-To: <20150213005244.Horde._kHYzmX_eL-sYdsUmd5QIg1@bigworm.curecanti.org> References: <20150212220301.7f14efdc@frodo.lucabert.intra> <20150213005244.Horde._kHYzmX_eL-sYdsUmd5QIg1@bigworm.curecanti.org> Message-ID: <20150213082058.Horde.n_qNtTfE8uLml6IRXESOtQ1@horde.lucabert.de> Zitat von Michael M Slusarz : > Quoting Luca Bertoncello : > >> I have Dovecot 1.2.9 from Ubuntu repositories on my server. >> Now I installed Horde and it give me sometimes the error "Mailbox does not >> support mod-sequences". > > This would happen if trying to do obtain MODSEQ on a mailbox that > has mod-sequences disabled. That error should be caught and not be > user-visible (I recall fixing something like that a while back, but > in any case that's a topic for the Horde/IMP lists, not here). > >> Well, I must say, that I didn't know these mod-sequences, but I can' know >> all... >> >> Well, the question now is: how can I enable the support of the mod-sequences >> on the mailboxes of my Server? > > You probably do have mod-sequences available in general. But for > whatever reason a particular mailbox doesn't support it. This can > be do to a variety of reasons (e.g read-only access to underlying > data storage). Hi Michael, thank you for your answer. Could you suggest me how can I find the problem? On my Server I have a directory /var/spool/mail/ (permission 775, owner exim, group mail). Dovecot runs with user "dovecot" which is in group "mail". The Mailbox directories have permission 755 and are owner from user "exim" and group "mail". In the directories there are a directory "Maildir" with the same permissions and users, and in this directory the usual maildir-structure. Is somewhat false? Thanks Luca Bertoncello (lucabert at lucabert.de) From superinterstellar at gmail.com Fri Feb 13 08:26:46 2015 From: superinterstellar at gmail.com (Kevin Laurie) Date: Fri, 13 Feb 2015 16:26:46 +0800 Subject: examples of shared shared-mailboxes.db In-Reply-To: <54DDAFEB.1010208@debinux.de> References: <54DD817A.9020504@debinux.de> <54DDAFEB.1010208@debinux.de> Message-ID: Dear Andre, Ah ok. Didn't know that. Let me try it. Thanks! Kevin On Fri, Feb 13, 2015 at 4:03 PM, Andr? Peters wrote: > Hi Kevin, > You don't put anything into it by yourself. > This file only helps Dovecot to lookup shares to prevent iterating through > every users mailbox. > When you create a share, Dovecot places a plain-text entry inside this > file. When a user logs in, Dovecot asks its acl "database" in whose mail > directory it should look for a share. > > An entry could look like this: > shared/shared-boxes/user/shared-for-user at domain.tld/shared-by at domain.tld > > You don't have to put a .db ending to that file. You could name it > shares.txt, too. Important: "file:". > > Andr? > > Am 13.02.2015 um 08:47 schrieb Kevin Laurie: > > Dear Andre, >> Thanks for yr reply. >> What do i include in the file shared-mailboxes.db ? >> As in the input. Is it really plain text ? >> So for example i write into the file shared-mailbox.db :- >> shared at domain.net >> shared2 at domain.net etc... >> >> Is it like that or what kind of syntax needs to be used? >> >> >> >> On Fri, Feb 13, 2015 at 12:45 PM, Andr? Peters >> wrote: >> >> Hi, >>> >>> that looks correct. I am not sure if this was necessary, but I "touched" >>> the file before starting Dovecot... >>> You also need to have the correct permissions set. >>> >>> Andr? >>> >>> Am 13.02.2015 um 04:59 schrieb Kevin Laurie: >>> >>> Hello, >>> >>>> >>>> I need help. i am trying to configure shared in boxes. >>>> I need to create a dictionary for shared inbox. >>>> how does 1 write shared-mailboxes.db dictionary? >>>> any example for the syntax/config? >>>> thanks >>>> kevin >>>> >>>> Below is part of the config i am trying to achieve:- >>>> >>>> plugin { >>>> acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db >>>> } >>>> >>>> >>>> >>> > From rick at havokmon.com Fri Feb 13 13:50:31 2015 From: rick at havokmon.com (Rick Romero) Date: Fri, 13 Feb 2015 07:50:31 -0600 Subject: Howto NTML In-Reply-To: <201501270329.t0R3TDh4016706@server.novatec-inc.com> Message-ID: <20150213075031.Horde.jIi_KpMrX6FbEc95oHF6Hg1@www.vfemail.net> Quoting Mark Foley : > Has anyone gotten NTLM working with Dovecot and Outlook? > > I have a Samba4 domain controller / active directory running just fine > on Linux > Slackware64 14.1.? PLAIN authenticiation works just fine if I create > /etc/passwd > accounts for the domain users. > I'd really love to have AD authentication working on this setup! > --Mark I can't help with the full setup - but if you have to create /etc/passwd accounts, it sounds like you need to update? /etc/nsswitch.conf to include Samba lookups: From rick at havokmon.com Fri Feb 13 13:54:57 2015 From: rick at havokmon.com (Rick Romero) Date: Fri, 13 Feb 2015 07:54:57 -0600 Subject: Howto NTML In-Reply-To: <201501270329.t0R3TDh4016706@server.novatec-inc.com> Message-ID: <20150213075457.Horde.m0zDuZtazoXDqijFJoY2-A1@www.vfemail.net> Quoting Mark Foley : > Has anyone gotten NTLM working with Dovecot and Outlook? > > I have a Samba4 domain controller / active directory running just fine > on Linux > Slackware64 14.1.? PLAIN authenticiation works just fine if I create > /etc/passwd > accounts for the domain users. > > I'd really love to have AD authentication working on this setup! > --Mark > ? (whoops misfired) I can't help with the full setup - but if you have to create /etc/passwd accounts, it sounds like you need to update? /etc/nsswitch.conf to include Samba lookups: passwd: files winbind group: files winbind ## only available on IRIX: use winbind to resolve hosts: # hosts: files dns winbind ## All other NSS enabled systems should use libnss_wins.so like this: hosts: files dns winsCentrify had an awesome package that did all the work for you.? Not sure if that's still available. Rick From dovecot at daniel.thecshore.com Fri Feb 13 14:07:53 2015 From: dovecot at daniel.thecshore.com (Daniel Dickinson) Date: Fri, 13 Feb 2015 09:07:53 -0500 Subject: [SOLVED] Thunderbird client certification validation fails with same profile but changed IMAP server software (Re: It works for two SMTP servers and cyrus-imap, why not Dovecot?) In-Reply-To: <54DC8EAC.4060403@daniel.thecshore.com> References: <54DB05C6.9000901@daniel.thecshore.com> <54DC8EAC.4060403@daniel.thecshore.com> Message-ID: <54DE0539.2080607@daniel.thecshore.com> In hopes that searching may turn up the solution for others: The reason client certificate validation was failing in Thunderbird when it had previously succeeded with other servers (both IMAP and SMTP) is precisely that: the client and profile where the same ones used to connect to the server who's hostname hadn't changed, and email addresses and usernames were the same, and Thunderbird can't handle that. Keeping your existing Thunderbird profile when switching the IMAP server software running on the hosting server doesn't work even if you change all the configs that should matter (rename old accounts out of the way, replace the server they are supposed to be contacting with blank, and so on) and create new accounts within the same profile. The workaround for this bug in Thunderbird is to move the old profile out of the way and start fresh. The apparent cause of failure (invalid cert messages and other messages that make it look like it's a configuration or certificate/CA file issue) actually has nothing to do with the actual issue and is a major red herring. Sorry for the noise, back to regular scheduled program... Regards, Daniel On 2015-02-12 6:29 AM, Daniel Curran-Dickinson wrote: > Ok, the patch doesn't actually fix the bug. It appeared to do so in > that after running the server with the patch applied client certificate > validation succeeded, however, it appears this bug is actually > intermittent as, even with the patched package, the server is now > complaining that the client has not provided a valid SSL certificate. > > This is definitely not true as the certificates, and in general > verification of the same client-side certificates work, even with the > same Thunderbird client, with postfix, exim, and cyrus-imapd. > > In short dovecot has some bug that causes verification of certificates > presented by the client to fail, however the bug is not easy to debug as > sometimes config changes work, but later, running the same config, > things fail again. > > There appears to be some sort of caching even across client and server > restarts that is coming into play and confusing the issue. > > Anyone know of SSL caching issues with Window 8.1, particular > Thunderbird on that platform? > > Also why is this bug only affecting dovecot? There is some strangeness > going on here, and, from web searching for the same issue, it appears > others have run into the same issue and had no success in resolving it, > despite also doing everything according to documentation. > > With dovecot 2.2.9 from Ubuntu (i.e. not patched version): > The relevant config bits from dovecot -n are: > > auth_mechanisms = login plain digest-md5 cram-md5 > auth_ssl_require_client_cert = yes > ssl = required > ssl_ca = ssl_cert = ssl_key = ssl_protocols = !SSLv2 !SSLv3 > ssl_require_crl = no (yes or no makes no difference) > ssl_verify_client_cert = yes > > Oddly this doesn't appear in dovecot -n, though set > > disable_plaintext_auth = yes > > Client fails whether configured for encrypted passwords or not > Client fails whether using ssl = yes (imaps) on 993 or STARTTLS on 143 > > And yes I have followed the correct ordering of the CA followed by CRL > (and tried without CRL as well). > > In addition I have tried CA + intermediate and CA + crl + intermediate + > crl for startssl.com certificates as well as the above test with > self-signed CA (root CA + crl or just root CA). > > I have also just confirmed (by connecting and sending mail on port 587 > with STARTTLS and SSL required, with client certificate validation > required by postfix) that using the same certificate, same client, same > mail server, that SMTP AUTH + verification of client certificates succeeds. > > Since I've had the same client using the same certificates work with all > three of postfix (SMTP), exim (SMTP), and cyrus-imapd (IMAP), there is > not doubt that there is an issue with dovecot's handling of this scenario. > > I know I'm harping on this 'it works elsewhere' theme, but this bug has > been ignored for ages because of the assumption that user is doing > something wrong, and that is simply not the case, or if it is, dovecot > is very, very bad at indicating what the actual problem is. > > Line-ending are *nix line endings. > > Anything else that you want to suggest along with how to make dovecot > report what the actual problem is if there is some other magic formulae > to invoke? > > If I've missed something it's by no means obvious or explained clearly > anywhere. > > Regards, > > Daniel > > On 2015-02-11 2:33 AM, Daniel Dickinson wrote: >> Hi all, >> >> As I reported earlier (with a typo in the work [BUG]) client >> certification validation *does not* work even if you do everything >> exactly according to all documentation and attempts at helpful advice. >> >> I have seen this issue with both startssl.com and self-signed >> certificates, and based on what I've seen from searching the web, this >> is a problem that has gotten little attention because most people don't >> bother, but are more than willing to give out useless advice on how to >> make it work. >> >> Furthermore the issue does NOT occur with the cyrus-imap mail server, so >> it is definitely a server-side issue. >> >> The actual issue is that the code for calling OpenSSL that constructs >> the client certificate validation is in fact WRONG. >> >> I don't have a perfect patch as I was mostly interested in getting it >> working for my needs and didn't bother with constructing the list of CA >> names to send to the client, preferring to let OpenSSL handle all that >> sort of thing. >> >> What it comes down to is that the code, which probably worked at one >> point, was not correctly updated at some point and since then client >> side certificate validation has been BROKEN. >> >> I have patched against 2.2.9, however I have seen this problem in the >> versions in both Debian Wheezy and Debian Jessie as well. >> >> As you will see from the patch (which is an attachment as people tend to >> complain that patches get mangled when you inline them, and even if I >> have a good client I've gotten heck because the receiver didn't. >> >> Regards, >> >> Daniel >> > From superinterstellar at gmail.com Fri Feb 13 14:54:16 2015 From: superinterstellar at gmail.com (Kevin Laurie) Date: Fri, 13 Feb 2015 22:54:16 +0800 Subject: doveadm deduplicate commands Message-ID: Hello, I just migrated my emails from gmail using getmail. In the process I got some emails that have been doubled or tripled How do I run the doveadm command to delete copies of same emails? I tried running the following:- doveadm deduplicate -u user at domain.net inbox but I get error:- doveadm(root): Fatal: Unknown argument INBOX Could someone share some way to automatically remove duplicated messages? Thanks Kevin From bourek at thinline.cz Fri Feb 13 15:15:13 2015 From: bourek at thinline.cz (Jiri Bourek) Date: Fri, 13 Feb 2015 16:15:13 +0100 Subject: doveadm deduplicate commands In-Reply-To: References: Message-ID: <54DE1501.4010400@thinline.cz> On 13.2.2015 15:54, Kevin Laurie wrote: > Hello, > I just migrated my emails from gmail using getmail. > In the process I got some emails that have been doubled or tripled > How do I run the doveadm command to delete copies of same emails? > > I tried running the following:- > doveadm deduplicate -u user at domain.net inbox > > but I get error:- > doveadm(root): Fatal: Unknown argument INBOX > > Could someone share some way to automatically remove duplicated messages? > > Thanks > Kevin > See documentation - man doveadm-deduplicate and man doveadm-search-query should be enough. I'm guessing you're missing "MAILBOX" in the command. Also when using deduplicate on my servers, it usually doesn't remove every duplicate on first run and needs to be executed repeatedly. Not sure if it's Debian version's (2.2.13) bug or an upstream one. YMMV From tcstone at caseystone.com Fri Feb 13 15:19:18 2015 From: tcstone at caseystone.com (Casey Stone) Date: Fri, 13 Feb 2015 15:19:18 +0000 Subject: doveadm sync out of memory In-Reply-To: References: Message-ID: On Feb 5, 2015, at 10:39 PM, Casey Stone wrote: > Hello: > > I've been looking forward to getting my mail server up to Dovecot 2.2+ to be able to use the sync mechanism. I run my own mail server just for myself, with a few different accounts, and want to keep a master and backup server in sync. > > I'm running the Ubuntu server 14.04.1 mail stack which features Dovecot 2.2.9 (and Postfix). My setup is to use system users (userdb passwd / passdb pam) with ~/Maildir. I'll post full sanitized output of dovecot -n if it seems necessary. I have not enabled any plugins (do I need the replicator plugin active?) I have in my conf a doveadm_password defined. > > Anyway, after setting up an ssl listener on the main machine and after considerable struggles with SSL, I was able to run doveadm sync from the backup server successfully for a small mailbox (around 78 MB) with this command: > > doveadm sync -R tcps:mainserver.example.com:12345 > > Since I run this command as the system user on the backup server (same system users as main server) it 'just works' for the correct single user with no further options required. My plan is to run a daily cron job to sync once daily for each user. > > The problem is when I try to sync a larger mailbox, say 1 GB, dsync-server on the remote (master) machine throws fatal error 83 Out of Memory. I already raised vsz_limit to 512 MB. Problems probably arise with mailboxes around 200 MB though I haven't tested specifically. So my question is, is this expected and I will need to give my VM much more memory to be able to use dovecot sync, or do I have something set wrong, or is it a bug? > > Thanks for your help. No repsonses :-( Here is what it looks like when it crashes with an out of memory error: (start of the run) Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: Effective uid=1002, gid=1002, home=/home/tcstone Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list$ Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: maildir++: root=/data/tcstone/Maildir, index=, indexpvt=, control=, inbo$ Feb 13 14:02:39 thepost dovecot: dsync-server(tcstone): Debug: Namespace : Using permissions from /data/tcstone/Maildir: mode=0700 gid=defau$ Feb 13 14:02:39 thepost dovecot: dsync-server(tcstone): Debug: brain S: out state=send_mailbox_tree changed=1 <<>> (end of the run) Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Fatal: pool_system_realloc(536870912): Out of memory Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x5e271) [0x7f9d2056b271] -> /usr/lib/dovecot/libdovecot.so.0(+0x5e34e) [0x7f9d2056b34e] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f9d20526bf8] -> /usr/lib/dovecot/libdovecot.so.0(+0x72d53) [0x7f9d2057fd53] -> /usr/lib/dovecot/libdovecot.so.0(+0x7792a) [0x7f9d2058492a] -> /usr/lib/dovecot/libdovecot.so.0(+0x77be6) [0x7f9d20584be6] -> /usr/lib/dovecot/libdovecot.so.0(+0x78748) [0x7f9d20585748] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0x8d) [0x7f9d20583d7d] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_send+0x1a) [0x7f9d20583e1a] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x4c05) [0x7f9d1f6a0c05] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(openssl_iostream_bio_sync+0x21) [0x7f9d1f6a1881] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x7a4d) [0x7f9d1f6a3a4d] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x7d69) [0x7f9d1f6a3d69] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0x8d) [0x7f9d20583d7d] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_nsendv+0xf) [0x7f9d20583e5f] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_nsend+0x1a) [0x7f9d20583e8a] -> dovecot/doveadm-server(+0x2b03f) [0x7f9d20d3003f] -> dovecot/doveadm-server(+0x2c768) [0x7f9d20d31768] -> dovecot/doveadm-server(dsync_ibc_send_mail+0x29) [0x7f9d20d2f309] -> dovecot/doveadm-server(dsync_brain_sync_mails+0x5fc) [0x7f9d20d24a1c] -> dovecot/doveadm-server(dsync_brain_run+0x523) [0x7f9d20d20f93] -> dovecot/doveadm-server(+0x1c270) [0x7f9d20d21270] -> dovecot/doveadm-server(+0x2de60) [0x7f9d20d32e60] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7f9d2057b247] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7f9d2057bfd7] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f9d2057ade8] -> dovecot/doveadm-server(+0x1a189) [0x7f9d20d1f189] -> dovecot/doveadm-server(+0xebeb) [0x7f9d20d13beb] Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Fatal: master: service(doveadm): child 13232 returned error 83 (Out of memory (service doveadm { vsz_limit=512 MB }, you may need to increase it) - set DEBUG_OUTOFMEM=1 environment to get core dump) I haven't tested whether it is simply the effect of having DEBUG active that kills it... A run requiring moving just over 100 MB of mail is enough to cause the error. I have tested manually copying the Maildir to the backup server, then running the sync or backup command -- this works. Thus is seems related not to the size of the mailbox but the size of the data that needs to be copied. From superinterstellar at gmail.com Fri Feb 13 15:40:03 2015 From: superinterstellar at gmail.com (Kevin Laurie) Date: Fri, 13 Feb 2015 23:40:03 +0800 Subject: doveadm deduplicate commands In-Reply-To: <54DE1501.4010400@thinline.cz> References: <54DE1501.4010400@thinline.cz> Message-ID: Dear Jiri Noted. Thanks On Fri, Feb 13, 2015 at 11:15 PM, Jiri Bourek wrote: > On 13.2.2015 15:54, Kevin Laurie wrote: > >> Hello, >> I just migrated my emails from gmail using getmail. >> In the process I got some emails that have been doubled or tripled >> How do I run the doveadm command to delete copies of same emails? >> >> I tried running the following:- >> doveadm deduplicate -u user at domain.net inbox >> >> but I get error:- >> doveadm(root): Fatal: Unknown argument INBOX >> >> Could someone share some way to automatically remove duplicated messages? >> >> Thanks >> Kevin >> >> > See documentation - man doveadm-deduplicate and man doveadm-search-query > should be enough. I'm guessing you're missing "MAILBOX" in the command. > > Also when using deduplicate on my servers, it usually doesn't remove every > duplicate on first run and needs to be executed repeatedly. Not sure if > it's Debian version's (2.2.13) bug or an upstream one. YMMV > From emmanuel.fuste at thalesgroup.com Fri Feb 13 15:42:09 2015 From: emmanuel.fuste at thalesgroup.com (FUSTE Emmanuel) Date: Fri, 13 Feb 2015 16:42:09 +0100 Subject: doveadm sync out of memory In-Reply-To: References: Message-ID: <19525_1423842134_54DE1B53_19525_59_2_54DE1B51.8000900@thalesgroup.com> Le 13/02/2015 16:19, Casey Stone a ?crit : > On Feb 5, 2015, at 10:39 PM, Casey Stone wrote: > >> Hello: >> >> I've been looking forward to getting my mail server up to Dovecot 2.2+ to be able to use the sync mechanism. I run my own mail server just for myself, with a few different accounts, and want to keep a master and backup server in sync. >> >> I'm running the Ubuntu server 14.04.1 mail stack which features Dovecot 2.2.9 (and Postfix). My setup is to use system users (userdb passwd / passdb pam) with ~/Maildir. I'll post full sanitized output of dovecot -n if it seems necessary. I have not enabled any plugins (do I need the replicator plugin active?) I have in my conf a doveadm_password defined. >> >> Anyway, after setting up an ssl listener on the main machine and after considerable struggles with SSL, I was able to run doveadm sync from the backup server successfully for a small mailbox (around 78 MB) with this command: >> >> doveadm sync -R tcps:mainserver.example.com:12345 >> >> Since I run this command as the system user on the backup server (same system users as main server) it 'just works' for the correct single user with no further options required. My plan is to run a daily cron job to sync once daily for each user. >> >> The problem is when I try to sync a larger mailbox, say 1 GB, dsync-server on the remote (master) machine throws fatal error 83 Out of Memory. I already raised vsz_limit to 512 MB. Problems probably arise with mailboxes around 200 MB though I haven't tested specifically. So my question is, is this expected and I will need to give my VM much more memory to be able to use dovecot sync, or do I have something set wrong, or is it a bug? >> >> Thanks for your help. > No repsonses :-( > > Here is what it looks like when it crashes with an out of memory error: > > (start of the run) > Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: Effective uid=1002, gid=1002, home=/home/tcstone > Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list$ > Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: maildir++: root=/data/tcstone/Maildir, index=, indexpvt=, control=, inbo$ > Feb 13 14:02:39 thepost dovecot: dsync-server(tcstone): Debug: Namespace : Using permissions from /data/tcstone/Maildir: mode=0700 gid=defau$ > Feb 13 14:02:39 thepost dovecot: dsync-server(tcstone): Debug: brain S: out state=send_mailbox_tree changed=1 > > <<>> > > (end of the run) > Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Fatal: pool_system_realloc(536870912): Out of memory > Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x5e271) [0x7f9d2056b271] -> /usr/lib/dovecot/libdovecot.so.0(+0x5e34e) [0x7f9d2056b34e] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f9d20526bf8] -> /usr/lib/dovecot/libdovecot.so.0(+0x72d53) [0x7f9d2057fd53] -> /usr/lib/dovecot/libdovecot.so.0(+0x7792a) [0x7f9d2058492a] -> /usr/lib/dovecot/libdovecot.so.0(+0x77be6) [0x7f9d20584be6] -> /usr/lib/dovecot/libdovecot.so.0(+0x78748) [0x7f9d20585748] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0x8d) [0x7f9d20583d7d] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_send+0x1a) [0x7f9d20583e1a] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x4c05) [0x7f9d1f6a0c05] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(openssl_iostream_bio_sync+0x21) [0x7f9d1f6a1881] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x7a4d) [0x7f9d1f6a3a4d] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x7d69) [0x7f9d1f6a3d69] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0x8d) [0x7f9d20583d7d] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_nsendv+0xf) [0x7f9d20583e5f] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_nsend+0x1a) [0x7f9d20583e8a] -> dovecot/doveadm-server(+0x2b03f) [0x7f9d20d3003f] -> dovecot/doveadm-server(+0x2c768) [0x7f9d20d31768] -> dovecot/doveadm-server(dsync_ibc_send_mail+0x29) [0x7f9d20d2f309] -> dovecot/doveadm-server(dsync_brain_sync_mails+0x5fc) [0x7f9d20d24a1c] -> dovecot/doveadm-server(dsync_brain_run+0x523) [0x7f9d20d20f93] -> dovecot/doveadm-server(+0x1c270) [0x7f9d20d21270] -> dovecot/doveadm-server(+0x2de60) [0x7f9d20d32e60] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7f9d2057b247] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7f9d2057bfd7] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f9d2057ade8] -> dovecot/doveadm-server(+0x1a189) [0x7f9d20d1f189] -> dovecot/doveadm-server(+0xebeb) [0x7f9d20d13beb] > Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Fatal: master: service(doveadm): child 13232 returned error 83 (Out of memory (service doveadm { vsz_limit=512 MB }, you may need to increase it) - set DEBUG_OUTOFMEM=1 environment to get core dump) > > I haven't tested whether it is simply the effect of having DEBUG active that kills it... A run requiring moving just over 100 MB of mail is enough to cause the error. I have tested manually copying the Maildir to the backup server, then running the sync or backup command -- this works. Thus is seems related not to the size of the mailbox but the size of the data that needs to be copied. To use dsync, use Dovecot 2.2.15 to avoid any trouble. Use apt.dovecot.fi repository. Emmanuel. From superinterstellar at gmail.com Fri Feb 13 15:47:43 2015 From: superinterstellar at gmail.com (Kevin Laurie) Date: Fri, 13 Feb 2015 23:47:43 +0800 Subject: Dovecot FTS Sor Error Message-ID: Hi, I have been trying to get fts solr to work for a while. Keep getting the error below(was wondering if this was schema related?) root at mail:/var/log# doveadm index -u user at domain.net inbox doveadm(thai at sicl.net): Error: fts_solr: Indexing failed: Server Error Below is from the apache solr output log:- Appreciate if someone can confirm the cause of this error. Thanks Kevin 2/13/2015, 11:30:53 PM ERROR SolrCore org.apache.solr.common.SolrException: Exception writing document id 1/3765be2ea8594f54780e00003555fc1a/useri at domain.net to the index; possible analysis error. org.apache.solr.common.SolrException: Exception writing document id 1/3765be2ea8594f54780e00003555fc1a/ochi at sicl.net to the index; possible analysis error. at org.apache.solr.update.DirectUpdateHandler2.addDoc(DirectUpdateHandler2.java:168) at org.apache.solr.update.processor.RunUpdateProcessor.processAdd(RunUpdateProcessorFactory.java:69) at org.apache.solr.update.processor.UpdateRequestProcessor.processAdd(UpdateRequestProcessor.java:51) at org.apache.solr.update.processor.DistributedUpdateProcessor.doLocalAdd(DistributedUpdateProcessor.java:926) at org.apache.solr.update.processor.DistributedUpdateProcessor.versionAdd(DistributedUpdateProcessor.java:1080) at org.apache.solr.update.processor.DistributedUpdateProcessor.processAdd(DistributedUpdateProcessor.java:692) at org.apache.solr.update.processor.LogUpdateProcessor.processAdd(LogUpdateProcessorFactory.java:100) at org.apache.solr.handler.loader.XMLLoader.processUpdate(XMLLoader.java:247) at org.apache.solr.handler.loader.XMLLoader.load(XMLLoader.java:174) at org.apache.solr.handler.UpdateRequestHandler$1.load(UpdateRequestHandler.java:99) at org.apache.solr.handler.ContentStreamHandlerBase.handleRequestBody(ContentStreamHandlerBase.java:74) at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:135) at org.apache.solr.core.SolrCore.execute(SolrCore.java:1967) at org.apache.solr.servlet.SolrDispatchFilter.execute(SolrDispatchFilter.java:777) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:418) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:207) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:368) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.BlockingHttpConnection.handleRequest(BlockingHttpConnection.java:53) at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:953) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1014) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:953) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) at org.eclipse.jetty.server.BlockingHttpConnection.handle(BlockingHttpConnection.java:72) at org.eclipse.jetty.server.bio.SocketConnector$ConnectorEndPoint.run(SocketConnector.java:264) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) at java.lang.Thread.run(Thread.java:745) Caused by: org.apache.lucene.store.AlreadyClosedException: this IndexWriter is closed at org.apache.lucene.index.IndexWriter.ensureOpen(IndexWriter.java:698) at org.apache.lucene.index.IndexWriter.ensureOpen(IndexWriter.java:712) at org.apache.lucene.index.IndexWriter.updateDocument(IndexWriter.java:1507) at org.apache.solr.update.DirectUpdateHandler2.addDoc0(DirectUpdateHandler2.java:240) at org.apache.solr.update.DirectUpdateHandler2.addDoc(DirectUpdateHandler2.java:164) ... 40 more Caused by: java.lang.OutOfMemoryError: Java heap space at org.apache.lucene.index.FreqProxTermsWriterPerField$FreqProxPostingsArray.(FreqProxTermsWriterPerField.java:210) at org.apache.lucene.index.FreqProxTermsWriterPerField$FreqProxPostingsArray.newInstance(FreqProxTermsWriterPerField.java:230) at org.apache.lucene.index.ParallelPostingsArray.grow(ParallelPostingsArray.java:48) at org.apache.lucene.index.TermsHashPerField$PostingsBytesStartArray.grow(TermsHashPerField.java:252) at org.apache.lucene.util.BytesRefHash.add(BytesRefHash.java:292) at org.apache.lucene.index.TermsHashPerField.add(TermsHashPerField.java:151) at org.apache.lucene.index.DefaultIndexingChain$PerField.invert(DefaultIndexingChain.java:659) at org.apache.lucene.index.DefaultIndexingChain.processField(DefaultIndexingChain.java:359) at org.apache.lucene.index.DefaultIndexingChain.processDocument(DefaultIndexingChain.java:318) at org.apache.lucene.index.DocumentsWriterPerThread.updateDocument(DocumentsWriterPerThread.java:239) at org.apache.lucene.index.DocumentsWriter.updateDocument(DocumentsWriter.java:454) at org.apache.lucene.index.IndexWriter.updateDocument(IndexWriter.java:1511) at org.apache.solr.update.DirectUpdateHandler2.addDoc0(DirectUpdateHandler2.java:240) at org.apache.solr.update.DirectUpdateHandler2.addDoc(DirectUpdateHandler2.java:164) at org.apache.solr.update.processor.RunUpdateProcessor.processAdd(RunUpdateProcessorFactory.java:69) at org.apache.solr.update.processor.UpdateRequestProcessor.processAdd(UpdateRequestProcessor.java:51) at org.apache.solr.update.processor.DistributedUpdateProcessor.doLocalAdd(DistributedUpdateProcessor.java:926) at org.apache.solr.update.processor.DistributedUpdateProcessor.versionAdd(DistributedUpdateProcessor.java:1080) at org.apache.solr.update.processor.DistributedUpdateProcessor.processAdd(DistributedUpdateProcessor.java:692) at org.apache.solr.update.processor.LogUpdateProcessor.processAdd(LogUpdateProcessorFactory.java:100) at org.apache.solr.handler.loader.XMLLoader.processUpdate(XMLLoader.java:247) at org.apache.solr.handler.loader.XMLLoader.load(XMLLoader.java:174) at org.apache.solr.handler.UpdateRequestHandler$1.load(UpdateRequestHandler.java:99) at org.apache.solr.handler.ContentStreamHandlerBase.handleRequestBody(ContentStreamHandlerBase.java:74) at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:135) at org.apache.solr.core.SolrCore.execute(SolrCore.java:1967) at org.apache.solr.servlet.SolrDispatchFilter.execute(SolrDispatchFilter.java:777) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:418) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:207) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) From superinterstellar at gmail.com Fri Feb 13 15:59:58 2015 From: superinterstellar at gmail.com (Kevin Laurie) Date: Fri, 13 Feb 2015 23:59:58 +0800 Subject: doveadm deduplicate commands In-Reply-To: References: <54DE1501.4010400@thinline.cz> Message-ID: Dear Jiri, I tried the following to try to get the inbox deduplicated. My inbox is quite large and urgently need to remove the duplicated messages. Is there an easy way to do this? Sorry for being so presistant but I need help. The command I tried:- doveadm deduplicate -u user at domain.net mailbox inbox On Fri, Feb 13, 2015 at 11:40 PM, Kevin Laurie wrote: > Dear Jiri > Noted. > Thanks > > > On Fri, Feb 13, 2015 at 11:15 PM, Jiri Bourek wrote: > >> On 13.2.2015 15:54, Kevin Laurie wrote: >> >>> Hello, >>> I just migrated my emails from gmail using getmail. >>> In the process I got some emails that have been doubled or tripled >>> How do I run the doveadm command to delete copies of same emails? >>> >>> I tried running the following:- >>> doveadm deduplicate -u user at domain.net inbox >>> >>> but I get error:- >>> doveadm(root): Fatal: Unknown argument INBOX >>> >>> Could someone share some way to automatically remove duplicated messages? >>> >>> Thanks >>> Kevin >>> >>> >> See documentation - man doveadm-deduplicate and man doveadm-search-query >> should be enough. I'm guessing you're missing "MAILBOX" in the command. >> >> Also when using deduplicate on my servers, it usually doesn't remove >> every duplicate on first run and needs to be executed repeatedly. Not sure >> if it's Debian version's (2.2.13) bug or an upstream one. YMMV >> > > From bourek at thinline.cz Fri Feb 13 16:47:34 2015 From: bourek at thinline.cz (Jiri Bourek) Date: Fri, 13 Feb 2015 17:47:34 +0100 Subject: doveadm deduplicate commands In-Reply-To: References: <54DE1501.4010400@thinline.cz> Message-ID: <54DE2AA6.3040401@thinline.cz> On 13.2.2015 16:59, Kevin Laurie wrote: > Dear Jiri, > > I tried the following to try to get the inbox deduplicated. My inbox is > quite large and urgently need to remove the duplicated messages. > Is there an easy way to do this? > Sorry for being so presistant but I need help. > > The command I tried:- > > doveadm deduplicate -u user at domain.net mailbox inbox > I'd try this (in shell): doveadm search -u user at domain.net mailbox inbox | wc -l Doveadm will print mailbox-guid and uid pair for every message in inbox, one per line, pipe it into "wc -l", which will count the lines and output a number - that's the count of messages in INBOX. Then try doveadm deduplicate and after that the search command above again. If the count changed, deduplicate is working - you may only need to run it multiple times. If the count doesn't change, dovecot is unable to recognize duplicates in your mailbox and you need to find another solution. Maybe check out the "-m" option in man doveadm-deduplicate From superinterstellar at gmail.com Fri Feb 13 17:10:08 2015 From: superinterstellar at gmail.com (Kevin Laurie) Date: Sat, 14 Feb 2015 01:10:08 +0800 Subject: doveadm deduplicate commands In-Reply-To: <54DE2AA6.3040401@thinline.cz> References: <54DE1501.4010400@thinline.cz> <54DE2AA6.3040401@thinline.cz> Message-ID: Dear Jiri, Thanks for your feedback. Does not work. I guess its because of the usage of getmail. I had set it to read_all = true which downloaded all the messages several times. Will purge the entire box and use getmail again to move all messages. Thanks Kevin On Sat, Feb 14, 2015 at 12:47 AM, Jiri Bourek wrote: > On 13.2.2015 16:59, Kevin Laurie wrote: >> >> Dear Jiri, >> >> I tried the following to try to get the inbox deduplicated. My inbox is >> quite large and urgently need to remove the duplicated messages. >> Is there an easy way to do this? >> Sorry for being so presistant but I need help. >> >> The command I tried:- >> >> doveadm deduplicate -u user at domain.net mailbox inbox >> > > I'd try this (in shell): > > doveadm search -u user at domain.net mailbox inbox | wc -l > > Doveadm will print mailbox-guid and uid pair for every message in inbox, one > per line, pipe it into "wc -l", which will count the lines and output a > number - that's the count of messages in INBOX. > > Then try doveadm deduplicate and after that the search command above again. > If the count changed, deduplicate is working - you may only need to run it > multiple times. > > If the count doesn't change, dovecot is unable to recognize duplicates in > your mailbox and you need to find another solution. Maybe check out the "-m" > option in man doveadm-deduplicate From ben at electricembers.coop Fri Feb 13 17:24:33 2015 From: ben at electricembers.coop (Benjamin Connelly) Date: Fri, 13 Feb 2015 09:24:33 -0800 Subject: curious when certain patches might become part of a release In-Reply-To: References: <1423766114.29700.6.camel@werk> Message-ID: <1423848273.4154.3.camel@werk> > > We ran in to this same problem others discussed in this thread: > > > > http://dovecot.org/list/dovecot/2014-November/098927.html > > > > and have also applied the patches (31262a892ba7 and 80ed82a93c1a) and it > > seems to have stopped the panics. We usually just use the FreeBSD ports > > tree to install software, so I'm looking forward to the time when we can > > go back to that. Will those patches be part of the next release? > > you have to ask this question the FreeBSD maintainer of the Dovecot > package. But the FreeBSD ports tree is up to the latest 2.2.15 -- yet we were still experiencing the panics, and had to apply those patches. So I'm wondering more about what version release of Dovecot itself will include those mbox sync patches. . . Ben From pch at myzel.net Fri Feb 13 17:53:56 2015 From: pch at myzel.net (Peter) Date: Fri, 13 Feb 2015 18:53:56 +0100 Subject: doveadm deduplicate commands In-Reply-To: <54DE2AA6.3040401@thinline.cz> References: <54DE1501.4010400@thinline.cz> <54DE2AA6.3040401@thinline.cz> Message-ID: <54DE3A34.1090100@myzel.net> Am 2015-02-13 um 17:47 schrieb Jiri Bourek: > I'd try this (in shell): > > doveadm search -u user at domain.net mailbox inbox | wc -l > > Doveadm will print mailbox-guid and uid pair for every message in inbox, > one per line, pipe it into "wc -l", which will count the lines and > output a number - that's the count of messages in INBOX. > > Then try doveadm deduplicate and after that the search command above > again. If the count changed, deduplicate is working - you may only need > to run it multiple times. > > If the count doesn't change, dovecot is unable to recognize duplicates > in your mailbox and you need to find another solution. Maybe check out > the "-m" option in man doveadm-deduplicate One should take great care, guids are not always unique, eg after consolidating several folders into one, that is, when deduplication might become really useful! Below shell commands give a temptative view of what will be expunged, dont deduplicate, if you do not like what diff says: > ## Beware - its not just duplicates sometimes? > BOX="mailbox INBOX" > USR="-u myname" > # by guid > doveadm -f table fetch $USR 'guid hdr.Message-ID hdr.Subject' $BOX | sort --stable -k1,1 > /tmp/F1A.txt > doveadm -f table fetch $USR 'guid hdr.Message-ID hdr.Subject' $BOX | sort --stable --uniq -k1,1 > /tmp/F1B.txt > diff -u /tmp/F1A.txt /tmp/F1B.txt | less -S > doveadm deduplicate $USR $BOX > # by Message-ID > doveadm -f table fetch $USR 'guid hdr.Message-ID hdr.Subject' $BOX | sort --stable -k2,2 > /tmp/F2A.txt > doveadm -f table fetch $USR 'guid hdr.Message-ID hdr.Subject' $BOX | sort --stable --uniq -k2,2 > /tmp/F2B.txt > diff -u /tmp/F2A.txt /tmp/F2B.txt | less -S > doveadm deduplicate -m $USR $BOX -- peter From moiseev at mezonplus.ru Fri Feb 13 17:58:54 2015 From: moiseev at mezonplus.ru (Alexander Moisseev) Date: Fri, 13 Feb 2015 20:58:54 +0300 Subject: curious when certain patches might become part of a release In-Reply-To: <1423848273.4154.3.camel@werk> References: <1423766114.29700.6.camel@werk> <1423848273.4154.3.camel@werk> Message-ID: <54DE3B5E.5010002@mezonplus.ru> 13.02.2015 20:24, Benjamin Connelly ?????: >>> We ran in to this same problem others discussed in this thread: >>> >>> http://dovecot.org/list/dovecot/2014-November/098927.html >>> >>> and have also applied the patches (31262a892ba7 and 80ed82a93c1a) and it >>> seems to have stopped the panics. We usually just use the FreeBSD ports >>> tree to install software, so I'm looking forward to the time when we can >>> go back to that. Will those patches be part of the next release? >> >> you have to ask this question the FreeBSD maintainer of the Dovecot >> package. > > But the FreeBSD ports tree is up to the latest 2.2.15 -- yet we were > still experiencing the panics, and had to apply those patches. So I'm > wondering more about what version release of Dovecot itself will include > those mbox sync patches. . . > > Ben > Do you mind to open a PR in the FreeBSD Bugzilla? -- Alexander From ben at electricembers.coop Fri Feb 13 18:38:48 2015 From: ben at electricembers.coop (Benjamin Connelly) Date: Fri, 13 Feb 2015 10:38:48 -0800 Subject: curious when certain patches might become part of a release In-Reply-To: <54DE3B5E.5010002@mezonplus.ru> References: <1423766114.29700.6.camel@werk> <1423848273.4154.3.camel@werk> <54DE3B5E.5010002@mezonplus.ru> Message-ID: <1423852728.4154.23.camel@werk> > >>> We ran in to this same problem others discussed in this thread: > >>> > >>> http://dovecot.org/list/dovecot/2014-November/098927.html > >>> > >>> and have also applied the patches (31262a892ba7 and 80ed82a93c1a) and it > >>> seems to have stopped the panics. We usually just use the FreeBSD ports > >>> tree to install software, so I'm looking forward to the time when we can > >>> go back to that. Will those patches be part of the next release? > >> > >> you have to ask this question the FreeBSD maintainer of the Dovecot > >> package. > > > > But the FreeBSD ports tree is up to the latest 2.2.15 -- yet we were > > still experiencing the panics, and had to apply those patches. So I'm > > wondering more about what version release of Dovecot itself will include > > those mbox sync patches. . . > > > > Ben > > > Do you mind to open a PR in the FreeBSD Bugzilla? Sorry, I think my naive question about the Dovecot development process has lead us astray. The bug wasn't specific to FreeBSD (or the FreeBSD port.) It's apparently fixed by 31262a892ba7 and 80ed82a93c1a so I was just wondering how Dovecot development works: should we expect these patches to be a part of 2.3 when it's released? Or might they appear in a 2.2.16 or somesuch? Benjamin From moiseev at mezonplus.ru Fri Feb 13 19:18:59 2015 From: moiseev at mezonplus.ru (Alexander Moisseev) Date: Fri, 13 Feb 2015 22:18:59 +0300 Subject: curious when certain patches might become part of a release In-Reply-To: <1423852728.4154.23.camel@werk> References: <1423766114.29700.6.camel@werk> <1423848273.4154.3.camel@werk> <54DE3B5E.5010002@mezonplus.ru> <1423852728.4154.23.camel@werk> Message-ID: <54DE4E23.9080607@mezonplus.ru> 13.02.2015 21:38, Benjamin Connelly ?????: > The bug wasn't specific to FreeBSD (or the FreeBSD > port.) It's apparently fixed by 31262a892ba7 and 80ed82a93c1a Of course it is not a port bug. I minded you can ask port maintainer to include those patches into the port. From mysql.jorge at decimal.pt Fri Feb 13 23:49:27 2015 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Fri, 13 Feb 2015 23:49:27 -0000 Subject: script-login help Message-ID: <014101d047e7$b44b5e00$1ce21a00$@jorge@decimal.pt> Hi, I'm trying to execute a bash script to update the last login, IP, and protocol on the user's record, but I'm not being able 'cause I think this is only for 2.2.24+ http://dovecot.org/pipermail/dovecot/2014-January/094610.html I'm on 2.2.23, any change/example to make it work here? Thanks in advanced, Jorge Bastos From andre.peters at debinux.de Sat Feb 14 04:37:20 2015 From: andre.peters at debinux.de (=?windows-1252?Q?Andr=E9_Peters?=) Date: Sat, 14 Feb 2015 05:37:20 +0100 Subject: script-login help In-Reply-To: <014101d047e7$b44b5e00$1ce21a00$@jorge@decimal.pt> References: <014101d047e7$b44b5e00$1ce21a00$@jorge@decimal.pt> Message-ID: <54DED100.2020202@debinux.de> Hi, I just want to remind you of this plugin: http://wiki2.dovecot.org/Plugins/LastLogin - maybe an option? Andr? Am 14.02.2015 um 00:49 schrieb Jorge Bastos: > Hi, > > > > I'm trying to execute a bash script to update the last login, IP, and > protocol on the user's record, but I'm not being able 'cause I think this is > only for 2.2.24+ > > > > http://dovecot.org/pipermail/dovecot/2014-January/094610.html > > > > I'm on 2.2.23, any change/example to make it work here? > > > > Thanks in advanced, > > Jorge Bastos > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5622 bytes Desc: S/MIME Cryptographic Signature URL: From gdrub13 at gmail.com Sat Feb 14 09:36:56 2015 From: gdrub13 at gmail.com (rub zorghy) Date: Sat, 14 Feb 2015 10:36:56 +0100 Subject: auth: Fatal: No passdbs specified in configuration file Message-ID: Hi, I upgraded to 20150213 (f10725a5eed8+). I chose LDAP as the authentication source for Dovecot. Compilation succeeds. Starting dovecot from command line : /usr/local/sbin/dovecot -c /usr/local/etc/dovecot/ The error log contains : "dovecot: auth: Fatal: No passdbs specified in configuration file. PLAIN mechanism needs one" It works properly with Dovecot 2.0.9. Any clues or suggestions, anything I could try...? Thanks, This is the output of dovecot -n: # 20150213 (f10725a5eed8+): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.6 (Santiago) doveconf: Warning: Dovecot was last started using /usr/local/etc/dovecot/, but this config is /usr/local/etc/dovecot/dovecot.conf auth_debug = yes auth_debug_passwords = yes auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no mail_debug = yes mail_gid = 5000 mail_location = maildir:~/Maildir:LAYOUT=fs mail_plugins = " quota acl" mail_uid = 5000 mbox_write_locks = fcntl namespace { list = children location = maildir:/store/vmail/public:LAYOUT=fs prefix = public/ separator = / subscriptions = no type = public } namespace inbox { inbox = yes location = prefix = } passdb { args = /usr/local/etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = maildir quota_rule = *:storage=50M quota_rule2 = Trash:storage=+5M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u } service auth { client_limit = 9516 unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { process_min_avail = 2 service_count = 0 } service imap { process_limit = 8192 } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl_cert = Hello. I wrote about this three weeks ago but got no answer. I'm going to officially "forward" the Debian bug this time, with all the details. The test case is just 840 bytes long. Please give it a try. ---------- Forwarded message ---------- From: Santiago Vila To: submit at bugs.debian.org Date: Fri, 23 Jan 2015 22:32:28 +0100 (CET) Subject: dovecot-imapd: corrupts mailbox after trying to retrieve it Package: dovecot-imapd Version: 1:2.2.13-11 Severity: serious The following mbox folder, when put in $HOME/mail, becomes corrupted after trying to retrieve it with fetchmail. The problem may be reproduced by using the same machine as server and client: * Put "inbox-b" in $HOME/mail * Put this in $HOME/.fetchmailrc server localhost proto imap port 143: user "someuser" pass "thepassword" * Retrieve email using this command line: fetchmail -a localhost --folder inbox-b -m "true" Note: By looking at the "true" above it is clear that whatever fetchmail does with the message is not important at all. You will see something like this: 12 messages for someuser at localhost (folder inbox-b). reading message someuser at localhost:1 of 12 (171 header octets) (3 body octets) flushed reading message someuser at localhost:2 of 12 (245 header octets) (3 body octets) flushed reading message someuser at localhost:3 of 12 (245 header octets) (3 body octets) flushed reading message someuser at localhost:4 of 12 (245 header octets) (3 body octets) flushed reading message someuser at localhost:5 of 12 (245 header octets) (3 body octets) flushed reading message someuser at localhost:6 of 12 (171 header octets) (3 body octets) flushed reading message someuser at localhost:7 of 12 (171 header octets) (3 body octets) flushed reading message someuser at localhost:8 of 12 (245 header octets) (3 body octets) flushed reading message someuser at localhost:9 of 12 (245 header octets) (3 body octets) flushed reading message someuser at localhost:10 of 12 (245 header octets) (3 body octets) flushed reading message someuser at localhost:11 of 12 (245 header octets) (3 body octets) flushed reading message someuser at localhost:12 of 12 (273 header octets)fetchmail: incorrect header line found - see manpage for bad-header option not flushed And in fact "inbox-b" in the server is now like this: [...] >From root at example.com Tue Jan 13 10:18:20 2015 rstuvwxyzabcdefghijklmnopqrstuvwxyz at example.com To: a at example.com Subject: a MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <20150113091737.B5ADA5F8B1 at example.com> Date: Tue, 13 Jan 2015 10:17:25 +0100 (CET) X-UID: 16035 Status: O a Note how the From: line has been truncated from its original state. I have been suffering from this problem for months. At first I believed it was some misbehaving procmail/formail recipe I had on the server, but that's not the case as this example shows. Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: inbox-b.gz Type: application/gzip Size: 840 bytes Desc: URL: From mysql.jorge at decimal.pt Sat Feb 14 15:09:34 2015 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Sat, 14 Feb 2015 15:09:34 +0000 Subject: script-login help Message-ID: Hi andre Well thats the thing. Im still on 2.2.23 as i use debian sid. Anyway i dont see any info on how to get the login ip or protocol. Is is possible?Andr? Peters wrote:Hi, I just want to remind you of this plugin: http://wiki2.dovecot.org/Plugins/LastLogin - maybe an option? Andr? Am 14.02.2015 um 00:49 schrieb Jorge Bastos: > Hi, > > > > I'm trying to execute a bash script to update the last login, IP, and > protocol on the user's record, but I'm not being able 'cause I think this is > only for 2.2.24+ > > > > http://dovecot.org/pipermail/dovecot/2014-January/094610.html > > > > I'm on 2.2.23, any change/example to make it work here? > > > > Thanks in advanced, > > Jorge Bastos > From Ron at Cleven.com Sat Feb 14 16:30:03 2015 From: Ron at Cleven.com (Ron Cleven) Date: Sat, 14 Feb 2015 10:30:03 -0600 (CST) Subject: concurrent IMAP connections (plus 2 easy questions) Message-ID: <54DF7809.2070909@Cleven.com> I posted a few days back asking about configuration issues with a modestly large number of IMAP connections. Several people were kind enough to respond with various ideas. Armed with those ideas and Google, I was able to determine the underlying configuration issues with CentOS 7 and Dovecot 2.2.10. I did some further benchmarking to ensure that we could properly plan our server configuration requirements as we continue to roll this out, so I thought I would share this, partly to see if anyone has experiences that conflict with my findings. I found that each incremental dovecot IMAP process required about 750k of RAM. Simulations confirmed that 8 gig of RAM was sufficient to support approximately 10,000 concurrent IMAP connections (no POP3). CentOS settings: Added: fs/inotify/max_user_instances = 28000 to: /etc/sysctl.d/99-sysctl.conf Added: * hard nproc 28000 * soft nproc 28000 * hard nofile 28000 * soft nofile 28000 to: /etc/security/limits.d/20-nproc.conf To verify the settings after reboot: cat /proc/sys/fs/inotify/max_user_instances ulimit -Hn ulimit -Sn Dovecot: Added: process_limit = 28000 to service imap{} /etc/dovecot/conf.d/10-master.conf Added (using proxies, would like to just turn off this check): mail_max_userip_connections = 40 to protocol imap {}: /etc/dovecot/conf.d/20-imap.conf Added: process_limit = 28000 to service managesieve {}: /etc/dovecot/conf.d/20-managesieve.conf Hope this helps someone. Feedback would be welcome. It would be great if there was a blessed cookbook for Dovecot scaling. At this point it seems a bit like an art form. Now to my two "easy" questions. 1) TCP replication between our two CentOS boxes has been working great, no complaints. However, I realized I did not know how to check the status of replications, as one might want to do if one of the two boxes was taken offline for maintenance or repair. On the surface, it would appear that the command: doveadm replicator status '*' would likely show me what I want to know. However, when I tried it, I got: doveadm(): Fatal: net_connect_unix(/var/run/dovecot/replicator-doveadm) failed: No such file or directory The documentation says that doveadm assumes the socket /var/run/dovecot/replicator-doveadm and the command format provides a "-a" override. In that directory, there is no "replicator-doveadm" socket, but I do see a "replicator" socket. So, should I be using the command: doveadm replicator status -a /var/run/dovecot/replicator '*' or is the non-existence of the replicator-doveadm socket indicative of something I might have done wrong with the config? I hate experimenting more than I have to with a production box. The 2.2.10 Dovecot I am running was installed via yum, so there are no potential compilation issues. 2) It seems logical to me that: dovecot stop would first lock out any new user connections, then do the equivalent of a: doveadm kick "*" before actually cycling everything else down to ensure the shutdown is as graceful as possible. I suppose I could experiment and find out for certain, but I have the sense that the "stop" command is not quite that elegant, so we have implemented procedures to work around it. Just a point of curiosity. An alternative would be if there was a doveadm command to lock out any new user connections, which could then be followed by kick and stop. I have found that many clients are VERY quick to reconnect after a kick. From tss at iki.fi Sun Feb 15 08:55:13 2015 From: tss at iki.fi (Timo Sirainen) Date: Sun, 15 Feb 2015 10:55:13 +0200 Subject: Bug#776094: dovecot-imapd: corrupts mailbox after trying to retrieve it (fwd) In-Reply-To: References: Message-ID: On 14 Feb 2015, at 16:23, Santiago Vila wrote: > I wrote about this three weeks ago but got no answer. I'm going to > officially "forward" the Debian bug this time, with all the details. > > The test case is just 840 bytes long. Please give it a try. .. > Package: dovecot-imapd > Version: 1:2.2.13-11 > Severity: serious I can't reproduce with latest Dovecot hg. But just in case it's still not fixed, there are two important things: 1) Send your doveconf -n output, since there are some settings that can affect this 2) rm -rf ~/mail/.imap/inbox-b before testing to make sure indexes don't cause this problem. > The following mbox folder, when put in $HOME/mail, becomes corrupted after > trying to retrieve it with fetchmail. > > The problem may be reproduced by using the same machine as server and client: > > * Put "inbox-b" in $HOME/mail > > * Put this in $HOME/.fetchmailrc > > server localhost proto imap port 143: > user "someuser" > pass "thepassword" > > * Retrieve email using this command line: > > fetchmail -a localhost --folder inbox-b -m "true" > > > Note: By looking at the "true" above it is clear that whatever > fetchmail does with the message is not important at all. > > > You will see something like this: > > 12 messages for someuser at localhost (folder inbox-b). > reading message someuser at localhost:1 of 12 (171 header octets) (3 body octets) flushed > reading message someuser at localhost:2 of 12 (245 header octets) (3 body octets) flushed > reading message someuser at localhost:3 of 12 (245 header octets) (3 body octets) flushed > reading message someuser at localhost:4 of 12 (245 header octets) (3 body octets) flushed > reading message someuser at localhost:5 of 12 (245 header octets) (3 body octets) flushed > reading message someuser at localhost:6 of 12 (171 header octets) (3 body octets) flushed > reading message someuser at localhost:7 of 12 (171 header octets) (3 body octets) flushed > reading message someuser at localhost:8 of 12 (245 header octets) (3 body octets) flushed > reading message someuser at localhost:9 of 12 (245 header octets) (3 body octets) flushed > reading message someuser at localhost:10 of 12 (245 header octets) (3 body octets) flushed > reading message someuser at localhost:11 of 12 (245 header octets) (3 body octets) flushed > reading message someuser at localhost:12 of 12 (273 header octets)fetchmail: incorrect header line found - see manpage for bad-header option > not flushed > > > And in fact "inbox-b" in the server is now like this: > > [...] >> From root at example.com Tue Jan 13 10:18:20 2015 > rstuvwxyzabcdefghijklmnopqrstuvwxyz at example.com > To: a at example.com > Subject: a > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit > Message-Id: <20150113091737.B5ADA5F8B1 at example.com> > Date: Tue, 13 Jan 2015 10:17:25 +0100 (CET) > X-UID: 16035 > Status: O > > a > > > Note how the From: line has been truncated from its original state. > > > I have been suffering from this problem for months. At first I believed > it was some misbehaving procmail/formail recipe I had on the server, > but that's not the case as this example shows. > > Thanks. From stephan at rename-it.nl Sun Feb 15 23:01:07 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 16 Feb 2015 00:01:07 +0100 Subject: dovecot 2.2.15 script_after not executed In-Reply-To: <22da12c08c815e1a4175f32249462db5@medianetork.ro> References: <54DBA0CE.5020206@medianetork.ro> <54DBB082.8040605@rename-it.nl> <54DBCBB7.1070004@medianetork.ro> <54DBED76.4070608@rename-it.nl> <22da12c08c815e1a4175f32249462db5@medianetork.ro> Message-ID: <54E12533.7070809@rename-it.nl> On 2/12/2015 2:12 AM, Florin Portase wrote: > > On 2015-02-12 01:01, Stephan Bosch wrote: > >> On 2/11/2015 10:37 PM, Portase Florin wrote: >>> On 2/11/2015 8:41 PM, Stephan Bosch wrote: >>>> On 2/11/2015 7:34 PM, Florin Portase wrote: >>>>> Hello guys, >>>>> >>>>> I'm having troubles making "script_after" to exec sieve scripts:: >>>>> >>>> Keep in mind that the sieve_after script is only executed when the >>>> "keep" action [1 ] >>>> is executed or when the implicit "keep" [2 >>>> ] is still >>>> active, meaning that the user didn't give the mail an explicit >>>> destination. >>>> >>>> If the user does perform actions like fileinto or redirect without a >>>> `:copy' argument [3 ] and >>>> without performing an explicit "keep" [2 >>>> ] >>>> anywhere, the subsequent sieve_after scripts are not executed [4 >>>> ]. >>>> >>>> Therefore sieve_after is only useful to provide default behavior for >>>> when the user has no explicit rule for what should happen to the >>>> e-mail. >>>> >>>>> `/home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.sieve;name=lters' >>>>> Feb 11 19:16:10 lda(portase.florin at medianetork.ro >>>>> ): Info: sieve: >>>>> msgid=AAa=MneAO6+wwLh3M8nz1z6Mi2Ae2aDMdrSakJA_-PYCwCvbCA at mail.gmail.com >>>>> >: >>>>> stored mail into mailbox 'INBOX.Gmail' >>>> This was probably done using a `fileinto "INBOX.Gmail";' command. This >>>> cancels the implicit keep. >>>> >>>> To force executing sieve_after, the user needs to add a `:copy' >>>> argument >>>> to that fileinto command or a `keep;' action should be executed. >>>> >>>> Administrator policies that always need to be executed must be placed >>>> in a sieve_before script. >>>> >>>> For more information: >>>> >>>> [1]: https://tools.ietf.org/html/rfc5228#section-4.3 >>>> [2]: https://tools.ietf.org/html/rfc5228#section-2.10.2 >>>> [3]: https://tools.ietf.org/html/rfc3894 >>>> [4]: http://tools.ietf.org/html/draft-degener-sieve-multiscript-00 >>>> >>>> Regards, >>>> >>>> Stephan. >>>> >>> Thanks Stephan, >>> >>> However still have one small issue: >>> >>> fileter.sieve >>> ========== >>> >>> # rule:[amavis] >>> if anyof (address :contains "From" "amavis", >>> address :contains "Cc" "amavis-users at amavis.org >>> ", >>> address :contains "To" "amavis-users at amavis.org >>> ") >>> { >>> fileinto "INBOX.lists.amavisd-new"; >>> } >>> # rule:[xxx_gmail] >>> elsif anyof (header :contains "From" "xxx at gmail ") >>> { >>> setflag "\\Flagged"; >>> fileinto "INBOX.Gmail"; >>> keep; >>> } >>> >>> In this case, both all 3 sieve are executed: global one + filters + >>> vacation. >>> But as side note: when mail come from gmail account, >>> - 1st message is sent to inbox.gmail >>> - 2nd vacation response is sent >>> -3rd message is copied once more directly into INBOX >>> >>> Now, if I modify: >>> fileinto :copy INBOX.Gmail; >>> >>> The message is sent to INBOX.Gmail and also copied to INBOX >>> >>> How can I avoid such behavior ? >> With your configuration, the vacation script is responsible for the final delivery decision. If that script only executes the vacation command, the message is stored into INBOX by default (implicit keep). >> Why do you have the vacation script in a sieve_after rule? >> > > I'm using roundcube with 2 plugins ( sieverules + vacation_sieve) > > 1st one used to create filters for incoming messages and 2nd one just > "out of office" response. > > Because of the limitation of sieverules plugin related to definition > of "out of office" response I'm using 2nd one. > > So, I will have 2 .sieve files ( filters.sieve + vacation.sieve) > > Just to resume, when I'm activating vacation, the incoming message > will be moved/copied to designated folder and vacation will be > triggered after. > > As you can see here :: dovecot1.sieve -> filters.sieve > > vacation plugin has a build-in function to activate itself as a > _default_ rule. > > But as I mentioned before, incoming messaged will be filtered by > filter.sieve and after ( if activated ) to trigger vacation response. > > Hope, i wasn't to ambiguous :) > If you want to force execution of the vacation rule, it should be in sieve_before (or in you case that would be sieve_before2). As a bonus, the user's main active script (filters.sieve) will have responsibility for the final delivery. So if there's no (implicit) keep, there will be no message in INBOX. Regards, Stephan. From WGross at uni-hd.de Mon Feb 16 09:09:16 2015 From: WGross at uni-hd.de (Wolfgang Gross) Date: Mon, 16 Feb 2015 10:09:16 +0100 Subject: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism Message-ID: <54E1B3BC.29818.34369A@WGross.uni-hd.de> Hi, this is not a genuine Dovecot bug, more a nuisance. It applies to OpenSuse 13.2 but maybe also to other Linux's. The standard installation of Dovecot (especially 10-ssl.conf) places the certificate dovecot.pem in /etc/ssl/certs. Sometimes during updates does OpenSuse renew all certificates in /etc/ssl/certs and erases dovecot.pem. This blocks further access to the mailbox. I found a similar report here: https://bbs.archlinux.de/viewtopic.php?id=27288 Workaround: Move dovecot.pem to another directory and change 10-ssl.conf accordingly. Regards Wolfgang Gross -- Dr. W. Gross Sektion Chirurgische Forschung Klinik f?r Allgemein-, Viszeral- und Transplantationschirurgie Universit?tsklinikum Heidelberg Im Neuenheimer Feld 365, D-69120 Heidelberg, Germany Tel. ++49 (0)6221/566392, Fax: ++49 (0)6221/566402 WGross at uni-hd.de From portase.florin at medianetork.ro Mon Feb 16 10:44:01 2015 From: portase.florin at medianetork.ro (Florin Portase) Date: Mon, 16 Feb 2015 11:44:01 +0100 Subject: dovecot 2.2.15 script_after not executed In-Reply-To: <54E12533.7070809@rename-it.nl> References: <54DBA0CE.5020206@medianetork.ro> <54DBB082.8040605@rename-it.nl> <54DBCBB7.1070004@medianetork.ro> <54DBED76.4070608@rename-it.nl> <22da12c08c815e1a4175f32249462db5@medianetork.ro> <54E12533.7070809@rename-it.nl> Message-ID: <54E1C9F1.6040107@medianetork.ro> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/16/2015 12:01 AM, Stephan Bosch wrote: > On 2/12/2015 2:12 AM, Florin Portase wrote: >> >> On 2015-02-12 01:01, Stephan Bosch wrote: >> >>> On 2/11/2015 10:37 PM, Portase Florin wrote: >>>> On 2/11/2015 8:41 PM, Stephan Bosch wrote: >>>>> On 2/11/2015 7:34 PM, Florin Portase wrote: >>>>>> Hello guys, >>>>>> >>>>>> I'm having troubles making "script_after" to exec sieve >>>>>> scripts:: >>>>>> >>>>> Keep in mind that the sieve_after script is only executed >>>>> when the "keep" action [1 >>>>> ] is >>>>> executed or when the implicit "keep" [2 >>>>> ] is >>>>> still active, meaning that the user didn't give the mail an >>>>> explicit destination. >>>>> >>>>> If the user does perform actions like fileinto or redirect >>>>> without a `:copy' argument [3 >>>>> ] and without >>>>> performing an explicit "keep" [2 >>>>> ] >>>>> anywhere, the subsequent sieve_after scripts are not >>>>> executed [4 >>>>> ]. >>>>> >>>>> >>>>> Therefore sieve_after is only useful to provide default behavior for >>>>> when the user has no explicit rule for what should happen >>>>> to the e-mail. >>>>> >>>>>> `/home/vpopmail/domains/medianetork.ro/portase.florin/Maildir/sieve/dovecot1.sieve;name=lters' >>>>>> >>>>>> Feb 11 19:16:10 lda(portase.florin at medianetork.ro >>>>>> ): Info: sieve: >>>>>> msgid=AAa=MneAO6+wwLh3M8nz1z6Mi2Ae2aDMdrSakJA_-PYCwCvbCA at mail.gmail.com >>>>>> >>>>>> >: >>>>>> stored mail into mailbox 'INBOX.Gmail' >>>>> This was probably done using a `fileinto "INBOX.Gmail";' >>>>> command. This cancels the implicit keep. >>>>> >>>>> To force executing sieve_after, the user needs to add a >>>>> `:copy' argument to that fileinto command or a `keep;' >>>>> action should be executed. >>>>> >>>>> Administrator policies that always need to be executed >>>>> must be placed in a sieve_before script. >>>>> >>>>> For more information: >>>>> >>>>> [1]: https://tools.ietf.org/html/rfc5228#section-4.3 [2]: >>>>> https://tools.ietf.org/html/rfc5228#section-2.10.2 [3]: >>>>> https://tools.ietf.org/html/rfc3894 [4]: >>>>> http://tools.ietf.org/html/draft-degener-sieve-multiscript-00 >>>>> >>>>> >>>>> Regards, >>>>> >>>>> Stephan. >>>>> >>>> Thanks Stephan, >>>> >>>> However still have one small issue: >>>> >>>> fileter.sieve ========== >>>> >>>> # rule:[amavis] if anyof (address :contains "From" "amavis", >>>> address :contains "Cc" "amavis-users at amavis.org >>>> ", address :contains "To" >>>> "amavis-users at amavis.org ") >>>> { fileinto "INBOX.lists.amavisd-new"; } # rule:[xxx_gmail] >>>> elsif anyof (header :contains "From" "xxx at gmail >>>> ") { setflag "\\Flagged"; fileinto >>>> "INBOX.Gmail"; keep; } >>>> >>>> In this case, both all 3 sieve are executed: global one + >>>> filters + vacation. But as side note: when mail come from >>>> gmail account, - 1st message is sent to inbox.gmail - 2nd >>>> vacation response is sent -3rd message is copied once more >>>> directly into INBOX >>>> >>>> Now, if I modify: fileinto :copy INBOX.Gmail; >>>> >>>> The message is sent to INBOX.Gmail and also copied to INBOX >>>> >>>> How can I avoid such behavior ? >>> > > With your configuration, the vacation script is responsible for > the final delivery decision. If that script only executes the > vacation command, the message is stored into INBOX by default > (implicit keep). > >>> Why do you have the vacation script in a sieve_after rule? >>> >> >> I'm using roundcube with 2 plugins ( sieverules + >> vacation_sieve) >> >> 1st one used to create filters for incoming messages and 2nd one >> just "out of office" response. >> >> Because of the limitation of sieverules plugin related to >> definition of "out of office" response I'm using 2nd one. >> >> So, I will have 2 .sieve files ( filters.sieve + vacation.sieve) >> >> Just to resume, when I'm activating vacation, the incoming >> message will be moved/copied to designated folder and vacation >> will be triggered after. >> >> As you can see here :: dovecot1.sieve -> filters.sieve >> >> vacation plugin has a build-in function to activate itself as a >> _default_ rule. >> >> But as I mentioned before, incoming messaged will be filtered by >> filter.sieve and after ( if activated ) to trigger vacation >> response. >> >> Hope, i wasn't to ambiguous :) >> > > If you want to force execution of the vacation rule, it should be > in sieve_before (or in you case that would be sieve_before2). > > As a bonus, the user's main active script (filters.sieve) will > have responsibility for the final delivery. So if there's no > (implicit) keep, there will be no message in INBOX. > > Regards, > > Stephan. > > > Thanks Stephan, yes, everything is working well :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJU4cnxAAoJECEzxtLP+2049uIH/3llT4xv+YbzG+F8WKejNC4D sgjTFgroLywXNR147CHgAuDgkdCT3HqKxcgp/U4VpupWd0cXVasEIgArKVGlL6Zh fJxmAeJZaPxa4AxL9VAT4gEvwDO4LReoneTrKMQ0I3Y80FgA0tOQ8Q6ZaTllUi6n R61mabZJ6x7RDEAdYr/lm2r5c1X5QLJoC4Q8McXfeB6jrVfyVoR23s3dWgG0rer4 I+cEsBh7wzpNYxs3JYNYLf0H9EpTggsLGUfqs2RwApi8p7fjWrohF60zbNammiFS HQQqlR4JKqx+Bv8z/oPqQe+DpYRdqVNMxbJDb/bJbpbTLKtSaqRyr9DsNlGlxPk= =F4Bk -----END PGP SIGNATURE----- From c.vielhauer at me.com Mon Feb 16 10:55:44 2015 From: c.vielhauer at me.com (Christian Vielhauer) Date: Mon, 16 Feb 2015 11:55:44 +0100 Subject: Cannot delete folders from Maildir in only one account Message-ID: Hi I try to delete the folder ?test" from Thunderbird 31.4.0 (Win), Webmail (Sogo 2.2.16), or Mail 8.2 (Mac Yosemite), but I am not able to delete in this account. Nevertheless I am able to create new folders. These new folders are not deleteable, too. dovecot 2.2.9 on Ubuntu 14.04 LTS 64-bit In /var/log/mail.{err,log} I cannot see any errors. In another account it works without any problems. (create and delete folders) Have you any hint, I can try? Chris From bna at sunlink.ru Mon Feb 16 11:03:10 2015 From: bna at sunlink.ru (=?UTF-8?B?0J3QuNC60LjRgtCwINCR0L7RgNC40YHQtdC90LrQvtCy?=) Date: Mon, 16 Feb 2015 14:03:10 +0300 Subject: Migrate from Courier to Dovecot - shared folders - can't subscribe Message-ID: <54E1CE6E.6040606@sunlink.ru> Hello, I try to migrate from Courier to Dovecot and i have a trouble with shared folders. Shared mailbox is visible in list, but i can't subscribe to it. user - bna at test.sunlink.ru shared folder - mail-rack at test.sunlink.ru Here is a raw log: LOGIN-AND-FIND-SUBSCRIBED-IN: 2 namespace 3 ENABLE CONDSTORE 4 ID ("name" "Thunderbird" "version" "31.4.0") 5 list (subscribed) "" "INBOX.*" 6 list (subscribed) "" "shared.*" 7 list "" "INBOX" 8 select "INBOX" (CONDSTORE) 9 myrights "INBOX" 10 getacl "INBOX" 11 getquotaroot "INBOX" 12 UID fetch 33:* (FLAGS) 13 IDLE DONE 14 list (subscribed) "" "INBOX.*" 15 list "" "INBOX.%" 16 list "" "INBOX.%.%" 17 list (subscribed) "" "shared.*" 18 list "" "shared.%" 19 list "" "shared.%.%" 20 IDLE DONE 21 list "" "shared.shared/%" 22 list "" "shared.shared/%/%" 23 IDLE DONE 24 list "" "shared.mail-rack.%" 25 list "" "shared.mail-rack.%.%" 26 IDLE DONE 27 close 28 logout LOGIN-AND-FIND-SUBSCRIBED-OUT: 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE NOTIFY QUOTA ACL RIGHTS=texk] Logged in * NAMESPACE (("INBOX." ".")) (("shared." ".")) NIL 2 OK Namespace completed. * ENABLED CONDSTORE 3 OK Enabled. * ID ("name" "Dovecot") 4 OK ID completed. * LIST (\Subscribed) "." INBOX.Archives * LIST (\Subscribed) "." INBOX.Drafts * LIST (\Subscribed) "." INBOX.Junk * LIST (\Subscribed) "." INBOX.Sent * LIST (\Subscribed) "." INBOX.Trash * LIST (\Subscribed) "." INBOX.INBOX.1 * LIST (\Subscribed) "." INBOX.1 5 OK List completed. 6 OK List completed. * LIST (\HasChildren) "." INBOX 7 OK List completed. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk $Forwarded Junk) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk $Forwarded Junk \*)] Flags permitted. * 24 EXISTS * 0 RECENT * OK [UIDVALIDITY 1423308312] UIDs valid * OK [UIDNEXT 39] Predicted next UID * OK [HIGHESTMODSEQ 675] Highest 8 OK [READ-WRITE] Select completed (0.000 secs). * MYRIGHTS INBOX lrwstipekxacd 9 OK Myrights completed. * ACL INBOX bna at test.sunlink.ru lrwstipekxacd 10 OK Getacl completed. * QUOTAROOT INBOX "User quota" * QUOTA "User quota" (STORAGE 79458 512000) 11 OK Getquotaroot completed. * 24 FETCH (UID 32 FLAGS (\Seen NonJunk)) 12 OK Fetch completed. + idling 13 OK Idle completed. * LIST (\Subscribed) "." INBOX.Archives * LIST (\Subscribed) "." INBOX.Drafts * LIST (\Subscribed) "." INBOX.Junk * LIST (\Subscribed) "." INBOX.Sent * LIST (\Subscribed) "." INBOX.Trash * LIST (\Subscribed) "." INBOX.INBOX.1 * LIST (\Subscribed) "." INBOX.1 14 OK List completed. * LIST (\HasNoChildren \UnMarked) "." INBOX.1 * LIST (\HasNoChildren \UnMarked \Sent) "." INBOX.Sent * LIST (\HasNoChildren \UnMarked \Junk) "." INBOX.Junk * LIST (\HasNoChildren \UnMarked \Drafts) "." INBOX.Drafts * LIST (\HasNoChildren \UnMarked) "." INBOX.Archives * LIST (\HasNoChildren \Trash) "." INBOX.Trash 15 OK List completed. * LIST (\HasNoChildren \UnMarked) "." INBOX.INBOX.1 16 OK List completed. 17 OK List completed. * LIST (\HasChildren) "." shared.mail-rack 18 OK List completed. * LIST (\HasNoChildren \UnMarked) "." shared.mail-rack.Trash 19 OK List completed. + idling 20 OK Idle completed. 21 OK List completed. 22 OK List completed. + idling 23 OK Idle completed. * LIST (\HasNoChildren \UnMarked) "." shared.mail-rack.Trash 24 OK List completed. 25 OK List completed. + idling 26 OK Idle completed. 27 OK Close completed. * BYE Logging out 28 OK Logout completed. SUBSCRIBE-IN: 2 ENABLE CONDSTORE 3 ID ("name" "Thunderbird" "version" "31.4.0") 4 subscribe "shared.mail-rack" 5 list (subscribed) "" "INBOX.*" 6 list (subscribed) "" "shared.*" 7 list "" "INBOX" 8 logout SUBSCRIBE-OUT: 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE NOTIFY QUOTA ACL RIGHTS=texk] Logged in * ENABLED CONDSTORE 2 OK Enabled. * ID ("name" "Dovecot") 3 OK ID completed. 4 NO [CANNOT] This namespace has no subscriptions * LIST (\Subscribed) "." INBOX.Archives * LIST (\Subscribed) "." INBOX.Drafts * LIST (\Subscribed) "." INBOX.Junk * LIST (\Subscribed) "." INBOX.Sent * LIST (\Subscribed) "." INBOX.Trash * LIST (\Subscribed) "." INBOX.INBOX.1 * LIST (\Subscribed) "." INBOX.1 5 OK List completed. 6 OK List completed. * LIST (\HasChildren) "." INBOX 7 OK List completed. * BYE Logging out 8 OK Logout completed. As I understood from documentation if "shared." namespace have "subscription = no" then there shall be a parent namespace to match, before "shared.". But i have inbox namespace with prefix "INBOX." Where I was mistaken in a configuration? $ dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-xen-686 i686 Debian 7.8 xfs auth_mechanisms = plain login auth_verbose = yes dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no first_valid_gid = 8 first_valid_uid = 8 info_log_path = /var/log/dovecot.log lda_mailbox_autocreate = yes listen = 172.27.65.34, 87.244.0.24 log_path = /var/log/dovecot.error.log mail_debug = yes mail_gid = mail mail_location = maildir:/var/virtmail/%d/%n mail_plugins = acl quota mail_uid = mail mailbox_list_index = yes maildir_very_dirty_syncs = yes namespace { hidden = no ignore_on_failure = yes list = children location = maildir:/var/virtmail/%%d/%%n prefix = shared.%%n. separator = . subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_defaults_from_inbox = yes acl_shared_dict = file:/var/virtmail/%d/shared-mailboxes.db antispam_allow_append_to_spam = no antispam_backend = pipe antispam_pipe_program = /root/sa-learn-pipe.sh antispam_pipe_program_notspam_arg = --ham antispam_pipe_program_spam_arg = --spam antispam_spam = Junk;Spam;SPAM antispam_trash = Trash antispam_unsure = Unsure quota = dict:User quota::proxy::quota quota_grace = 10%% quota_rule = *:storage=300M quota_rule2 = INBOX.Trash:storage=+100M quota_rule3 = INBOX.Sent:storage=+50M quota_rule4 = INBOX.SPAM:ignore quota_rule5 = INBOX.Junk:ignore quota_warning = storage=95%% quota-warning 95 %u sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve/after sieve_before = /etc/dovecot/sieve/before sieve_dir = ~/sieve } protocols = " imap lmtp" service auth { unix_listener auth-client { mode = 0660 user = Debian-exim } } service dict { unix_listener dict { group = mail mode = 0600 user = mail } } service quota-warning { executable = script /root/quota-warning.sh unix_listener quota-warning { user = mail } } ssl_cert = , method=PLAIN, rip=87.244.6.122, lip=87.244.0.24, mpid=28110, session= Feb 13 18:21:06 script-login: Debug: Added userdb setting: plugin/quota_rule=*:bytes=500M Feb 13 18:21:06 imap: Debug: Loading modules from directory: /usr/lib/dovecot/modules Feb 13 18:21:06 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Feb 13 18:21:06 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib02_imap_acl_plugin.so Feb 13 18:21:06 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Feb 13 18:21:06 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so Feb 13 18:21:06 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so Feb 13 18:21:06 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib20_mail_log_plugin.so Feb 13 18:21:06 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib90_antispam_plugin.so Feb 13 18:21:06 imap: Debug: Added userdb setting: plugin/quota_rule=*:bytes=500M Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Effective uid=8, gid=8, home=/var/virtmail/test.sunlink.ru/bna Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Quota root: name=User quota backend=dict args=:proxy::quota Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=* bytes=524288000 messages=0 Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Trash bytes=+104857600 messages=0 Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Sent bytes=+52428800 messages=0 Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.SPAM ignored Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Junk ignored Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Quota warning: bytes=498073600 (95%) messages=0 reverse=no command=quota-warning 95 bna at test.sunlink.ru Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Quota grace: root=User quota bytes=52428800 (10%) Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: dict quota: user=bna at test.sunlink.ru, uri=proxy::quota, noenforcing=0 Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Namespace inbox: type=private, prefix=INBOX., sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/virtmail/test.sunlink.ru/bna Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: maildir++: root=/var/virtmail/test.sunlink.ru/bna, index=, indexpvt=, control=, inbox=/var/virtmail/test.sunlink.ru/bna, alt= Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: acl: initializing backend with data: vfile Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: acl: acl username = bna at test.sunlink.ru Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: acl: owner = 1 Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: acl vfile: Global ACLs disabled Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Namespace : type=shared, prefix=shared.%n., sep=., inbox=no, hidden=no, list=children, subscriptions=no location=maildir:/var/virtmail/%d/%n Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: acl: initializing backend with data: vfile Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: acl: acl username = bna at test.sunlink.ru Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: acl: owner = 0 Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: acl vfile: Global ACLs disabled Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none Feb 13 18:21:06 imap(bna at test.sunlink.ru): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.Archives/dovecot-acl not found Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.Drafts/dovecot-acl not found Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.Junk/dovecot-acl not found Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.Sent/dovecot-acl not found Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.Trash/dovecot-acl not found Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.INBOX.1/dovecot-acl not found Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.1/dovecot-acl not found Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: Quota root: name=User quota backend=dict args=:proxy::quota Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=* bytes=524288000 messages=0 Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Trash bytes=+104857600 messages=0 Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Sent bytes=+52428800 messages=0 Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.SPAM ignored Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Junk ignored Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: Quota warning: bytes=498073600 (95%) messages=0 reverse=no command=quota-warning 95 mail-rack at test.sunlink.ru Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: Quota grace: root=User quota bytes=52428800 (10%) Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: dict quota: user=mail-rack at test.sunlink.ru, uri=proxy::quota, noenforcing=0 Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: maildir++: root=/var/virtmail/test.sunlink.ru/mail-rack, index=, indexpvt=, control=, inbox=/var/virtmail/test.sunlink.ru/mail-rack, alt= Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl: initializing backend with data: vfile Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl: acl username = mail-rack at test.sunlink.ru Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl: owner = 1 Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: Global ACLs disabled Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: maildir++: root=/var/virtmail/test.sunlink.ru/mail-rack, index=, indexpvt=, control=, inbox=/var/virtmail/test.sunlink.ru/mail-rack, alt= Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl: initializing backend with data: vfile Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl: acl username = bna at test.sunlink.ru Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl: owner = 0 Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: Global ACLs disabled Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: reading file /var/virtmail/test.sunlink.ru/mail-rack/dovecot-acl Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: Namespace shared.mail-rack.: Using permissions from /var/virtmail/test.sunlink.ru/mail-rack: mode=0700 gid=default Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/dovecot-acl not found Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: Namespace INBOX.: Using permissions from /var/virtmail/test.sunlink.ru/bna: mode=0700 gid=default Feb 13 18:21:07 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/dovecot-acl not found Feb 13 18:21:08 imap(bna at test.sunlink.ru): Debug: Namespace shared.: Using permissions from : mode=0700 gid=default Feb 13 18:21:08 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/mail-rack/.Trash/dovecot-acl not found Feb 13 18:21:13 imap-login: Info: Login: user=, method=PLAIN, rip=87.244.6.122, lip=87.244.0.24, mpid=28114, session= Feb 13 18:21:13 script-login: Debug: Added userdb setting: plugin/quota_rule=*:bytes=500M Feb 13 18:21:13 imap: Debug: Loading modules from directory: /usr/lib/dovecot/modules Feb 13 18:21:13 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Feb 13 18:21:13 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib02_imap_acl_plugin.so Feb 13 18:21:13 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Feb 13 18:21:13 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so Feb 13 18:21:13 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so Feb 13 18:21:13 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib20_mail_log_plugin.so Feb 13 18:21:13 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib90_antispam_plugin.so Feb 13 18:21:13 imap: Debug: Added userdb setting: plugin/quota_rule=*:bytes=500M Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Effective uid=8, gid=8, home=/var/virtmail/test.sunlink.ru/bna Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota root: name=User quota backend=dict args=:proxy::quota Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=* bytes=524288000 messages=0 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Trash bytes=+104857600 messages=0 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Sent bytes=+52428800 messages=0 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.SPAM ignored Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Junk ignored Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota warning: bytes=498073600 (95%) messages=0 reverse=no command=quota-warning 95 bna at test.sunlink.ru Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota grace: root=User quota bytes=52428800 (10%) Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: dict quota: user=bna at test.sunlink.ru, uri=proxy::quota, noenforcing=0 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Namespace inbox: type=private, prefix=INBOX., sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/virtmail/test.sunlink.ru/bna Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: maildir++: root=/var/virtmail/test.sunlink.ru/bna, index=, indexpvt=, control=, inbox=/var/virtmail/test.sunlink.ru/bna, alt= Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: initializing backend with data: vfile Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: acl username = bna at test.sunlink.ru Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: owner = 1 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: Global ACLs disabled Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Namespace : type=shared, prefix=shared.%n., sep=., inbox=no, hidden=no, list=children, subscriptions=no location=maildir:/var/virtmail/%d/%n Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: initializing backend with data: vfile Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: acl username = bna at test.sunlink.ru Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: owner = 0 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: Global ACLs disabled Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota root: name=User quota backend=dict args=:proxy::quota Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=* bytes=524288000 messages=0 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Trash bytes=+104857600 messages=0 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Sent bytes=+52428800 messages=0 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.SPAM ignored Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota rule: root=User quota mailbox=INBOX.Junk ignored Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota warning: bytes=498073600 (95%) messages=0 reverse=no command=quota-warning 95 mail-rack at test.sunlink.ru Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Quota grace: root=User quota bytes=52428800 (10%) Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: dict quota: user=mail-rack at test.sunlink.ru, uri=proxy::quota, noenforcing=0 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: maildir++: root=/var/virtmail/test.sunlink.ru/mail-rack, index=, indexpvt=, control=, inbox=/var/virtmail/test.sunlink.ru/mail-rack, alt= Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: initializing backend with data: vfile Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: acl username = mail-rack at test.sunlink.ru Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: owner = 1 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: Global ACLs disabled Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: maildir++: root=/var/virtmail/test.sunlink.ru/mail-rack, index=, indexpvt=, control=, inbox=/var/virtmail/test.sunlink.ru/mail-rack, alt= Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: initializing backend with data: vfile Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: acl username = bna at test.sunlink.ru Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl: owner = 0 Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: Global ACLs disabled Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: reading file /var/virtmail/test.sunlink.ru/mail-rack/dovecot-acl Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.Archives/dovecot-acl not found Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.Drafts/dovecot-acl not found Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.Junk/dovecot-acl not found Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.Sent/dovecot-acl not found Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.Trash/dovecot-acl not found Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.INBOX.1/dovecot-acl not found Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/.1/dovecot-acl not found Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Namespace shared.mail-rack.: Using permissions from /var/virtmail/test.sunlink.ru/mail-rack: mode=0700 gid=default Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: acl vfile: file /var/virtmail/test.sunlink.ru/bna/dovecot-acl not found Feb 13 18:21:13 imap(bna at test.sunlink.ru): Debug: Namespace INBOX.: Using permissions from /var/virtmail/test.sunlink.ru/bna: mode=0700 gid=default Feb 13 18:21:16 imap(bna at test.sunlink.ru): Info: Disconnected: Logged out in=196 out=921 Feb 13 18:21:16 imap(bna at test.sunlink.ru): Info: Disconnected: Logged out in=664 out=2824 From nick.z.edwards at gmail.com Mon Feb 16 11:59:04 2015 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Mon, 16 Feb 2015 21:59:04 +1000 Subject: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism In-Reply-To: <54E1B3BC.29818.34369A@WGross.uni-hd.de> References: <54E1B3BC.29818.34369A@WGross.uni-hd.de> Message-ID: This directory in later times is where more and more distros are putting system wide server CA type certs, most distros are moving to this path, so the package maintainer should fix their script, maybe to /etc/ssl/private or such. On 2/16/15, Wolfgang Gross wrote: > Hi, > > this is not a genuine Dovecot bug, more a nuisance. > It applies to OpenSuse 13.2 but maybe also to other Linux's. > > The standard installation of Dovecot (especially 10-ssl.conf) places the > certificate dovecot.pem in /etc/ssl/certs. > Sometimes during updates does OpenSuse renew all certificates in > /etc/ssl/certs > and erases dovecot.pem. This blocks further access to the mailbox. > > I found a similar report here: > https://bbs.archlinux.de/viewtopic.php?id=27288 > > Workaround: Move dovecot.pem to another directory and change 10-ssl.conf > accordingly. > > Regards > > Wolfgang Gross > > -- > Dr. W. Gross > Sektion Chirurgische Forschung > Klinik f?r Allgemein-, Viszeral- und Transplantationschirurgie > Universit?tsklinikum Heidelberg > Im Neuenheimer Feld 365, D-69120 Heidelberg, Germany > Tel. ++49 (0)6221/566392, Fax: ++49 (0)6221/566402 > WGross at uni-hd.de > From WGross at uni-hd.de Mon Feb 16 14:42:31 2015 From: WGross at uni-hd.de (Wolfgang Gross) Date: Mon, 16 Feb 2015 15:42:31 +0100 Subject: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism In-Reply-To: References: <54E1B3BC.29818.34369A@WGross.uni-hd.de>, Message-ID: <54E201D7.7184.16550E4@WGross.uni-hd.de> On 16 Feb 2015 at 21:59, Nick Edwards wrote: > This directory in later times is where more and more distros are > putting system wide server CA type certs, most distros are moving to > this path, so the package maintainer should fix their script, maybe to > /etc/ssl/private or such. Maybe not in /etc/ssl/private for security reasons? 10-ssl.conf uses the same file name for certificate and private key; better change this, too. > > On 2/16/15, Wolfgang Gross wrote: > > Hi, > > > > this is not a genuine Dovecot bug, more a nuisance. > > It applies to OpenSuse 13.2 but maybe also to other Linux's. > > > > The standard installation of Dovecot (especially 10-ssl.conf) places the > > certificate dovecot.pem in /etc/ssl/certs. > > Sometimes during updates does OpenSuse renew all certificates in > > /etc/ssl/certs > > and erases dovecot.pem. This blocks further access to the mailbox. > > > > I found a similar report here: > > https://bbs.archlinux.de/viewtopic.php?id=27288 > > From dovecot at lists.killian.com Mon Feb 16 14:53:36 2015 From: dovecot at lists.killian.com (dovecot at lists.killian.com) Date: Mon, 16 Feb 2015 06:53:36 -0800 Subject: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism Message-ID: <20150216145336.E0F6EA5740@maple.killian.com> An embedded and charset-unspecified text was scrubbed... Name: not available URL: From h.reindl at thelounge.net Mon Feb 16 15:23:37 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 16 Feb 2015 16:23:37 +0100 Subject: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism In-Reply-To: <20150216145336.E0F6EA5740@maple.killian.com> References: <20150216145336.E0F6EA5740@maple.killian.com> Message-ID: <54E20B79.5080005@thelounge.net> Am 16.02.2015 um 15:53 schrieb dovecot at lists.killian.com: > Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki: > > "The CA file should contain the certificate(s) followed by the matching CRL(s). Note that the CRLs are required to exist. For a multi-level CA place the certificates in this order: > > Issuing CA cert > Issuing CA CRL > Intermediate CA cert > Intermediate CA CRL > Root CA cert > Root CA CRL" that is how you can and should build your PEM files for *every* SSL aware software, Apache and Postfix are happy with exactly that format i go even so far and include the CDHE and DHE params there which means in case of a recent httpd you can make DHE compatible which most clients even if your RSA certificate is 4096 Bit (read the hint about 2.4.7 or later at http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile if you want to know why) there is also no need to place that certs below /etc/dovecot at all nor have them readable for anybody but root, we have our wildcard certificate on a unique location synced to all servers offering SSL and again Dovecot, Postfix and Apache are happy to read the PEM root-only PEM files at startup and that's it -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From dovecot at lists.killian.com Mon Feb 16 15:42:10 2015 From: dovecot at lists.killian.com (dovecot at lists.killian.com) Date: Mon, 16 Feb 2015 07:42:10 -0800 Subject: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism Message-ID: <20150216154210.1A6D2A55B0@maple.killian.com> An embedded and charset-unspecified text was scrubbed... Name: not available URL: From h.reindl at thelounge.net Mon Feb 16 15:49:31 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 16 Feb 2015 16:49:31 +0100 Subject: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism In-Reply-To: <20150216154210.1A6D2A55B0@maple.killian.com> References: <20150216154210.1A6D2A55B0@maple.killian.com> Message-ID: <54E2118B.2060704@thelounge.net> yu can typically "cat" all the stuff into the same PEM-file and use that file for all related configuration options - since each part has a -----BEGIN and -----END section the chances are hight that the software dont't need to support it explicitly but the TLS layer picks the right thing (that's a very non-technical wording by intention) Am 16.02.2015 um 16:42 schrieb dovecot at lists.killian.com: > Thanks for the note. I had never seen anything in the postfix and apache documentation that the CRLs could be intermingled with the CRTs in the CRT file. The documentation for those programs suggests putting the CRLs in a separate file (e.g. apache SSLCARevocationFile) or doesn't talk about putting CRLs in with the certs (e.g. postfix smtpd_tls_cert_file). If it works to put them all in one file for those programs, that's good to know. > > On 2015/2/16 07:23, Reindl Harald wrote: >> >> Am 16.02.2015 um 15:53 schrieb dovecot at lists.killian.com: >>> Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki: >>> >>> "The CA file should contain the certificate(s) followed by the matching CRL(s). Note that the CRLs are required to exist. For a multi-level CA place the certificates in this order: >>> >>> Issuing CA cert >>> Issuing CA CRL >>> Intermediate CA cert >>> Intermediate CA CRL >>> Root CA cert >>> Root CA CRL" >> >> that is how you can and should build your PEM files for *every* SSL aware software, Apache and Postfix are happy with exactly that format >> >> i go even so far and include the CDHE and DHE params there which means in case of a recent httpd you can make DHE compatible which most clients even if your RSA certificate is 4096 Bit (read the hint about 2.4.7 or later at http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile if you want to know why) >> >> there is also no need to place that certs below /etc/dovecot at all nor have them readable for anybody but root, we have our wildcard certificate on a unique location synced to all servers offering SSL and again Dovecot, Postfix and Apache are happy to read the PEM root-only PEM files at startup and that's it -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From tcstone at caseystone.com Mon Feb 16 19:40:24 2015 From: tcstone at caseystone.com (Casey Stone) Date: Mon, 16 Feb 2015 19:40:24 +0000 Subject: doveadm sync out of memory In-Reply-To: <19525_1423842134_54DE1B53_19525_59_2_54DE1B51.8000900@thalesgroup.com> References: <19525_1423842134_54DE1B53_19525_59_2_54DE1B51.8000900@thalesgroup.com> Message-ID: On Feb 13, 2015, at 3:42 PM, FUSTE Emmanuel wrote: > Le 13/02/2015 16:19, Casey Stone a ?crit : >> On Feb 5, 2015, at 10:39 PM, Casey Stone wrote: >> >>> Hello: >>> >>> I've been looking forward to getting my mail server up to Dovecot 2.2+ to be able to use the sync mechanism. I run my own mail server just for myself, with a few different accounts, and want to keep a master and backup server in sync. >>> >>> I'm running the Ubuntu server 14.04.1 mail stack which features Dovecot 2.2.9 (and Postfix). My setup is to use system users (userdb passwd / passdb pam) with ~/Maildir. I'll post full sanitized output of dovecot -n if it seems necessary. I have not enabled any plugins (do I need the replicator plugin active?) I have in my conf a doveadm_password defined. >>> >>> Anyway, after setting up an ssl listener on the main machine and after considerable struggles with SSL, I was able to run doveadm sync from the backup server successfully for a small mailbox (around 78 MB) with this command: >>> >>> doveadm sync -R tcps:mainserver.example.com:12345 >>> >>> Since I run this command as the system user on the backup server (same system users as main server) it 'just works' for the correct single user with no further options required. My plan is to run a daily cron job to sync once daily for each user. >>> >>> The problem is when I try to sync a larger mailbox, say 1 GB, dsync-server on the remote (master) machine throws fatal error 83 Out of Memory. I already raised vsz_limit to 512 MB. Problems probably arise with mailboxes around 200 MB though I haven't tested specifically. So my question is, is this expected and I will need to give my VM much more memory to be able to use dovecot sync, or do I have something set wrong, or is it a bug? >>> >>> Thanks for your help. >> No repsonses :-( >> >> Here is what it looks like when it crashes with an out of memory error: >> >> (start of the run) >> Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: Effective uid=1002, gid=1002, home=/home/tcstone >> Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list$ >> Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: maildir++: root=/data/tcstone/Maildir, index=, indexpvt=, control=, inbo$ >> Feb 13 14:02:39 thepost dovecot: dsync-server(tcstone): Debug: Namespace : Using permissions from /data/tcstone/Maildir: mode=0700 gid=defau$ >> Feb 13 14:02:39 thepost dovecot: dsync-server(tcstone): Debug: brain S: out state=send_mailbox_tree changed=1 >> >> <<>> >> >> (end of the run) >> Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Fatal: pool_system_realloc(536870912): Out of memory >> Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x5e271) [0x7f9d2056b271] -> /usr/lib/dovecot/libdovecot.so.0(+0x5e34e) [0x7f9d2056b34e] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f9d20526bf8] -> /usr/lib/dovecot/libdovecot.so.0(+0x72d53) [0x7f9d2057fd53] -> /usr/lib/dovecot/libdovecot.so.0(+0x7792a) [0x7f9d2058492a] -> /usr/lib/dovecot/libdovecot.so.0(+0x77be6) [0x7f9d20584be6] -> /usr/lib/dovecot/libdovecot.so.0(+0x78748) [0x7f9d20585748] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0x8d) [0x7f9d20583d7d] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_send+0x1a) [0x7f9d20583e1a] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x4c05) [0x7f9d1f6a0c05] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(openssl_iostream_bio_sync+0x21) [0x7f9d1f6a1881] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x7a4d) [0x7f9d1f6a3a4d] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x7d69) [0x7f9d1f6a3d69] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0x8d) [0x7f9d20583d7d] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_nsendv+0xf) [0x7f9d20583e5f] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_nsend+0x1a) [0x7f9d20583e8a] -> dovecot/doveadm-server(+0x2b03f) [0x7f9d20d3003f] -> dovecot/doveadm-server(+0x2c768) [0x7f9d20d31768] -> dovecot/doveadm-server(dsync_ibc_send_mail+0x29) [0x7f9d20d2f309] -> dovecot/doveadm-server(dsync_brain_sync_mails+0x5fc) [0x7f9d20d24a1c] -> dovecot/doveadm-server(dsync_brain_run+0x523) [0x7f9d20d20f93] -> dovecot/doveadm-server(+0x1c270) [0x7f9d20d21270] -> dovecot/doveadm-server(+0x2de60) [0x7f9d20d32e60] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7f9d2057b247] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7f9d2057bfd7] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f9d2057ade8] -> dovecot/doveadm-server(+0x1a189) [0x7f9d20d1f189] -> dovecot/doveadm-server(+0xebeb) [0x7f9d20d13beb] >> Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Fatal: master: service(doveadm): child 13232 returned error 83 (Out of memory (service doveadm { vsz_limit=512 MB }, you may need to increase it) - set DEBUG_OUTOFMEM=1 environment to get core dump) >> >> I haven't tested whether it is simply the effect of having DEBUG active that kills it... A run requiring moving just over 100 MB of mail is enough to cause the error. I have tested manually copying the Maildir to the backup server, then running the sync or backup command -- this works. Thus is seems related not to the size of the mailbox but the size of the data that needs to be copied. > To use dsync, use Dovecot 2.2.15 to avoid any trouble. > Use apt.dovecot.fi repository. > > Emmanuel. At first I scoffed at this notion, preferring to stick with my distributions own packaged versions, but then I realised that there is this 'enterprise version' called dovecot-ee available, and now it even is free (previously $99/year I guess). I registered for this and have a license and username/password now, but it seems Ubuntu is only supported as of 12.04 not 14.04 that I am running. I tried to add the repo changing 'precise' for 'trusty' but the repo did not respond to that. Anyone know if it's safe to use 'precise' on a trusty server, or if there is progress to create packages for trusty? Also, should I apt-get remove dovecot-core etc before installing from the new repo? By the way, the backup operations seem to be working now using doveadm backup -u username -R tcps:mainserver.example.com:12345 if I do the 'seeding' of the backup manually (by copying). Thanks. From Jochen.Bern at LINworks.de Tue Feb 17 00:28:11 2015 From: Jochen.Bern at LINworks.de (Jochen Bern) Date: Tue, 17 Feb 2015 01:28:11 +0100 Subject: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism In-Reply-To: <54E20B79.5080005@thelounge.net> References: <20150216145336.E0F6EA5740@maple.killian.com> <54E20B79.5080005@thelounge.net> Message-ID: <54E28B1B.7050500@LINworks.de> On 02/16/2015 04:23 PM, Reindl Harald wrote: >> "The CA file should contain the certificate(s) followed by the >> matching CRL(s). Note that the CRLs are required to exist. For a >> multi-level CA place the certificates in this order: >> >> Issuing CA cert >> Issuing CA CRL >> Intermediate CA cert >> Intermediate CA CRL >> Root CA cert >> Root CA CRL" > > that is how you can and should build your PEM files for *every* SSL ^^^^^^^ > aware software NACK. I have set up CentOS 6 servers a little more than two years ago with that format used for dovecot and OpenVPN, including verification that the functionality was there. Last month we had a need to revoke a client's certs and it turned out that OpenVPN had silently stopped honoring the CRLs somewhere along the update path (dovecot still enforces them). I had to QuickFix the OpenVPN config from the above monolithic file over to a CApath https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html#notes to successfully lock the disgraced client out. Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im : Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Gesch?ftsf?hrer Metin Dogan, Oliver Michel From jtam.home at gmail.com Tue Feb 17 00:33:33 2015 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 16 Feb 2015 16:33:33 -0800 (PST) Subject: Controlling inactivity timeout for IMAP In-Reply-To: References: Message-ID: Andr? Peters writes: > > I have a problem with a user who uses a wireless carrier that keeps > > changing his IP as he travels throughout the city. From the perspective > > of our dovecot IMAP server, the user keeps logging in from another IP, > > and after a short while, hits up against the mail_max_userip_connections > > limit. It takes 30 minutes before those orphaned connections times out. > > > > Is there any way to decrease the IMAP idle timeout other than to > > recompile dovecot with a new value? > > > > imap-common.h:#define CLIENT_IDLE_TIMEOUT_MSECS (60*30*1000) > > > > For example, will this work? > > > > service imap { > > idle_kill = 600 > > } > > I was following this in hope someone would answer. > > As a workaround I recommend to set up a POP3 connection with a low > polling interval (besides using a TCP Proxy...). I'll give that a try -- I'll probably still get the odd orphaned process if the client changed address in the middle of a POP session. To close this out, I'll relate my experiments to asnwer the question I posed above in case it's of use to someone. Changing pre-authentication timeouts. The default is 3 minutes hardcoded at diff -r -U0 a/src/lib-master/master-interface.h b/src/lib-master/master-interface.h --- a/src/lib-master/master-interface.h Mon Jun 2 04:50:10 2014 +++ b/src/lib-master/master-interface.h Sat Feb 14 18:41:39 2015 @@ -99,1 +99,1 @@ -#define MASTER_LOGIN_TIMEOUT_SECS (3*60) +#define MASTER_LOGIN_TIMEOUT_SECS (31) Changing it to 31s still seems overly generous, but you can not set it lower unless you also change the next define /* auth server should abort auth requests before that happens */ #define MASTER_AUTH_SERVER_TIMEOUT_SECS (MASTER_LOGIN_TIMEOUT_SECS - 30) I really don't understand what this is about, but if this becomes zero, authentication breaks. Maybe (MASTER_LOGIN_TIMEOUT_SECS>>1) would be a safer definition. $ date; netcat 127.0.0.1 143; date Mon Feb 16 15:23:44 EST 2015 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Ready. * BYE Disconnected for inactivity. Mon Feb 16 15:24:15 EST 2015 Changing post-authentication IMAP idle timeout The default (RFC minimum) is 30 minutes, which can be changed here diff -r -U0 a/src/imap/imap-common.h b/src/imap/imap-common.h --- a/src/imap/imap-common.h Mon Jun 2 04:50:10 2014 +++ b/src/imap/imap-common.h Sat Feb 14 18:44:24 2015 @@ -5,1 +5,1 @@ -#define CLIENT_IDLE_TIMEOUT_MSECS (60*30*1000) +#define CLIENT_IDLE_TIMEOUT_MSECS (60*15*1000) I also tried changing it in dovecot.conf service imap { idle_kill = 630 } but after recompiling/reconfiguring with both options, idle_kill has no influence. $ date ; echo . login user password | netcat 127.0.0.1 143 ; date Mon Feb 16 15:47:10 EST 2015 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Ready. . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE] Logged in * BYE Disconnected for inactivity. Mon Feb 16 16:02:11 EST 2015 General notes: Dovecot is chock full of these ad-hoc/default/RFC timeout definitions. The interaction of these timeouts between dovecot's internal components as well as remote clients is complex, and could cause problems if you change them. For example, our webmail system opens persistent IMAP connections, and if you set dovecot's idle timeout less than the webmail's idle timeout, the user will get an annoying re-login requests. It would be nice if this problem of mobile WiFi mail readers acquiring (and abandoning) new IPs could be handled in a more gracious way (reaping on a expedited schedule or LRU basis), but unless you really have to and know what you are doing, I would suggest not modifying timeouts. Joseph Tam From dovecot at lists.killian.com Tue Feb 17 03:10:25 2015 From: dovecot at lists.killian.com (dovecot at lists.killian.com) Date: Mon, 16 Feb 2015 19:10:25 -0800 Subject: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism Message-ID: <20150217031025.3F492A55A3@maple.killian.com> An embedded and charset-unspecified text was scrubbed... Name: not available URL: From christian.binder at freilassing.de Tue Feb 17 06:25:53 2015 From: christian.binder at freilassing.de (Christian Binder Stadt Freilassing) Date: Tue, 17 Feb 2015 07:25:53 +0100 Subject: Dovecot fsync question Message-ID: <47c3cf0c102910e12725ccb1fc21c401@egroupware.freilassing.de> Hello, I followed these steps in http://wiki2.dovecot.org/MailLocation/LocalDisk # Default to no fsyncing mail_fsync = never protocol lda { # Enable fsyncing for LDA mail_fsync = optimized } protocol lmtp { # Enable fsyncing for LMTP mail_fsync = optimized } This gives quite a good performance, but I'm not sure about the risks. Does it mean that things like *put a Sent Mail to Sent folder *change status of mails really don't get synced to disk for a long time (hours??). Or do we talk about seconds and everything is fine when dirty pages get synced by the system. cat /proc/meminfo | grep 'Dirty' lets me assume that there are always just a few KB in the dirty pages and these are written to disk every few seconds. Are the dovecot "mail_fsync = never" transactions inclduded there? Thanks a lot! Christian From skdovecot at smail.inf.fh-brs.de Tue Feb 17 07:19:08 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 17 Feb 2015 08:19:08 +0100 (CET) Subject: Cannot delete folders from Maildir in only one account In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 16 Feb 2015, Christian Vielhauer wrote: > I try to delete the folder ?test" from Thunderbird 31.4.0 (Win), Webmail (Sogo 2.2.16), or Mail 8.2 (Mac Yosemite), but I am not able to delete in this account. > Nevertheless I am able to create new folders. These new folders are not deleteable, too. What's the returned description sctring, if you try to delete the folder manually via telnet? > dovecot 2.2.9 on Ubuntu 14.04 LTS 64-bit > > In /var/log/mail.{err,log} I cannot see any errors. What does Dovecot log? It usually logs to somewhere else. > In another account it works without any problems. (create and delete folders) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOLrbHz1H7kL/d9rAQKX4Qf/SpTk2cNVW+i4Se8Rk+hwaNzz7IC/cjdt 3HS9VVtvnVMR9tD5cpMo7UiY+kSvjzOJqAK4wYoeFgVr066HS3kUyVa00/U0JbVZ VJK7jQ82bVwXT+2PUq45zAfeo9UCtrn+LB9IVmv4/nlMc4F33U4E+b7lAQmLZKMC esUNO4M2NhIoQSag9O+ejviLiFK0dAx7jdtcDxy6S6Bn/b98orvNwTKw1ygs7g7c /nho06pfrqDOsBx+W7jP/rExACkmV20fmjhiW3Vgo2hp0TRNzqkPB4KYHr44cDXf o/HRQY+e/Vg80Bz1H6H1ASBmq85gZWjhyXRxpvnr0+n4gqf5dhuzDg== =U3z9 -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Feb 17 07:23:20 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 17 Feb 2015 08:23:20 +0100 (CET) Subject: auth: Fatal: No passdbs specified in configuration file In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 14 Feb 2015, rub zorghy wrote: > Compilation succeeds. Starting dovecot from command line : > /usr/local/sbin/dovecot -c /usr/local/etc/dovecot/ > > The error log contains : > > "dovecot: auth: Fatal: No passdbs specified in configuration file. PLAIN > mechanism needs one" http://wiki2.dovecot.org/Tools/Dovecot says, -c needs a config _file_, not a directory. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOLsaHz1H7kL/d9rAQJWjAf/TBsfKAB3uRrsl98mmDoupgPHRBeRePO/ QwZN+4lH37+1sGsZ0WzTpprOnO4I99B4tyrnRYRa67bwhoevtiY5dJujKP+tJYjR Az8K+RkzRfuiu91X3rmHfx94AkIZ+igdqN1fY2J0SRfqv5sTi1VaoyIy/sacJdaC Ds25DE9hSrXbSHUJbw7ie1Ya0zR3Bbv2Tc1KWSs2qIEQcJYAI37P7jzAzIB415d/ roodl3x5u/5qQx8VsXpKanPt2ljFBDv8FcdUG/U7SQmALkZVrM+eQVsMsWSbpF5G oBm9W1C7dlU0OnbI6Pgqep5WlHp4o/bC9sv+bm9cj2fcNaL8XPR/iA== =MhGj -----END PGP SIGNATURE----- From mellon85 at gmail.com Tue Feb 17 10:17:21 2015 From: mellon85 at gmail.com (Dario Meloni) Date: Tue, 17 Feb 2015 10:17:21 +0000 (UTC) Subject: Dovecot 2.1.7 random login fails Message-ID: From: Dario Meloni Subject: Dovecot 2.1.7 intermittent login issues Newsgroups: gmane.mail.imap.dovecot X-Draft-Attribution: X-Draft-Attribution-Author: X-Draft-Attribution-Date: X-Draft-Attribution-Id: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hello, Dovecot version 2.1.7, running in a debian:stable docker container. I am having a weird issues with dovecot failing randomly sometimes with pop3 sometimes with imap but only in case of SSL for example from the logs I can see this: Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [172.17.2.5] Feb 17 07:48:32 pop3-login: Fatal: read(ssl-params) failed: Permission denied and from the debug log: Feb 17 07:48:32 auth: Debug: auth client connected (pid=21) Feb 17 07:48:32 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=[REDACTED] lip=172.17.2.11 rip=172.17.2.5 lport=110 rport=38967 resp=[REDACTED] Feb 17 07:48:32 auth-worker(16): Debug: pam(test,172.17.2.5): lookup service=dovecot Feb 17 07:48:32 auth-worker(16): Debug: pam(test,172.17.2.5): #1/1 style=1 msg=Password: Feb 17 07:48:32 auth: Debug: client out: OK 1 user=test Feb 17 07:48:32 auth: Debug: master in: REQUEST 951582721 21 1 1fb51b26a3656db28fa3d333bd7568a4 Feb 17 07:48:32 auth: Debug: passwd(test,172.17.2.5,[REDACTED]): lookup Feb 17 07:48:32 auth: Debug: master out: USER 951582721 test system_groups_user=test uid=1000 gid=8 home=/home/test Feb 17 07:48:32 pop3(test): Debug: Effective uid=1000, gid=8, home=/home/ test Feb 17 07:48:32 pop3(test): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:~/mail:INBOX=/var/mail/test Feb 17 07:48:32 pop3(test): Debug: fs: root=/home/test/mail, index=, control=, inbox=/var/mail/test, alt= Feb 17 07:48:32 pop3(test): Debug: Namespace : Using permissions from / home/test/mail: mode=0700 gid=-1 Feb 17 07:48:32 auth: Debug: auth client connected (pid=23) I checked in the code and found that the issue is from ssl-params.c apparently not being able to read from a file descriptor that it already opened... Any idea? From emmanuel.fuste at thalesgroup.com Tue Feb 17 10:51:43 2015 From: emmanuel.fuste at thalesgroup.com (FUSTE Emmanuel) Date: Tue, 17 Feb 2015 11:51:43 +0100 Subject: doveadm sync out of memory In-Reply-To: References: <19525_1423842134_54DE1B53_19525_59_2_54DE1B51.8000900@thalesgroup.com> Message-ID: <14981_1424170307_54E31D43_14981_12189_1_54E31D3F.1060700@thalesgroup.com> Le 16/02/2015 20:40, Casey Stone a ?crit : > On Feb 13, 2015, at 3:42 PM, FUSTE Emmanuel wrote: > >> Le 13/02/2015 16:19, Casey Stone a ?crit : >>> On Feb 5, 2015, at 10:39 PM, Casey Stone wrote: >>> >>>> Hello: >>>> >>>> I've been looking forward to getting my mail server up to Dovecot 2.2+ to be able to use the sync mechanism. I run my own mail server just for myself, with a few different accounts, and want to keep a master and backup server in sync. >>>> >>>> I'm running the Ubuntu server 14.04.1 mail stack which features Dovecot 2.2.9 (and Postfix). My setup is to use system users (userdb passwd / passdb pam) with ~/Maildir. I'll post full sanitized output of dovecot -n if it seems necessary. I have not enabled any plugins (do I need the replicator plugin active?) I have in my conf a doveadm_password defined. >>>> >>>> Anyway, after setting up an ssl listener on the main machine and after considerable struggles with SSL, I was able to run doveadm sync from the backup server successfully for a small mailbox (around 78 MB) with this command: >>>> >>>> doveadm sync -R tcps:mainserver.example.com:12345 >>>> >>>> Since I run this command as the system user on the backup server (same system users as main server) it 'just works' for the correct single user with no further options required. My plan is to run a daily cron job to sync once daily for each user. >>>> >>>> The problem is when I try to sync a larger mailbox, say 1 GB, dsync-server on the remote (master) machine throws fatal error 83 Out of Memory. I already raised vsz_limit to 512 MB. Problems probably arise with mailboxes around 200 MB though I haven't tested specifically. So my question is, is this expected and I will need to give my VM much more memory to be able to use dovecot sync, or do I have something set wrong, or is it a bug? >>>> >>>> Thanks for your help. >>> No repsonses :-( >>> >>> Here is what it looks like when it crashes with an out of memory error: >>> >>> (start of the run) >>> Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: Effective uid=1002, gid=1002, home=/home/tcstone >>> Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list$ >>> Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: maildir++: root=/data/tcstone/Maildir, index=, indexpvt=, control=, inbo$ >>> Feb 13 14:02:39 thepost dovecot: dsync-server(tcstone): Debug: Namespace : Using permissions from /data/tcstone/Maildir: mode=0700 gid=defau$ >>> Feb 13 14:02:39 thepost dovecot: dsync-server(tcstone): Debug: brain S: out state=send_mailbox_tree changed=1 >>> >>> <<>> >>> >>> (end of the run) >>> Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Fatal: pool_system_realloc(536870912): Out of memory >>> Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x5e271) [0x7f9d2056b271] -> /usr/lib/dovecot/libdovecot.so.0(+0x5e34e) [0x7f9d2056b34e] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f9d20526bf8] -> /usr/lib/dovecot/libdovecot.so.0(+0x72d53) [0x7f9d2057fd53] -> /usr/lib/dovecot/libdovecot.so.0(+0x7792a) [0x7f9d2058492a] -> /usr/lib/dovecot/libdovecot.so.0(+0x77be6) [0x7f9d20584be6] -> /usr/lib/dovecot/libdovecot.so.0(+0x78748) [0x7f9d20585748] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0x8d) [0x7f9d20583d7d] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_send+0x1a) [0x7f9d20583e1a] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x4c05) [0x7f9d1f6a0c05] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(openssl_iostream_bio_sync+0x21) [0x7f9d1f6a1881] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x7a4d) [0x7f9d1f6a3a4d] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x7d69) [0x7f9d1f6a3d69] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0x8d) [0x7f9d20583d7d] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_nsendv+0xf) [0x7f9d20583e5f] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_nsend+0x1a) [0x7f9d20583e8a] -> dovecot/doveadm-server(+0x2b03f) [0x7f9d20d3003f] -> dovecot/doveadm-server(+0x2c768) [0x7f9d20d31768] -> dovecot/doveadm-server(dsync_ibc_send_mail+0x29) [0x7f9d20d2f309] -> dovecot/doveadm-server(dsync_brain_sync_mails+0x5fc) [0x7f9d20d24a1c] -> dovecot/doveadm-server(dsync_brain_run+0x523) [0x7f9d20d20f93] -> dovecot/doveadm-server(+0x1c270) [0x7f9d20d21270] -> dovecot/doveadm-server(+0x2de60) [0x7f9d20d32e60] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7f9d2057b247] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7f9d2057bfd7] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f9d2057ade8] -> dovecot/doveadm-server(+0x1a189) [0x7f9d20d1f189] -> dovecot/doveadm-server(+0xebeb) [0x7f9d20d13beb] >>> Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Fatal: master: service(doveadm): child 13232 returned error 83 (Out of memory (service doveadm { vsz_limit=512 MB }, you may need to increase it) - set DEBUG_OUTOFMEM=1 environment to get core dump) >>> >>> I haven't tested whether it is simply the effect of having DEBUG active that kills it... A run requiring moving just over 100 MB of mail is enough to cause the error. I have tested manually copying the Maildir to the backup server, then running the sync or backup command -- this works. Thus is seems related not to the size of the mailbox but the size of the data that needs to be copied. >> To use dsync, use Dovecot 2.2.15 to avoid any trouble. >> Use apt.dovecot.fi repository. >> >> Emmanuel. > At first I scoffed at this notion, preferring to stick with my distributions own packaged versions, but then I realised that there is this 'enterprise version' called dovecot-ee available, and now it even is free (previously $99/year I guess). I registered for this and have a license and username/password now, but it seems Ubuntu is only supported as of 12.04 not 14.04 that I am running. > > I tried to add the repo changing 'precise' for 'trusty' but the repo did not respond to that. Anyone know if it's safe to use 'precise' on a trusty server, or if there is progress to create packages for trusty? Also, should I apt-get remove dovecot-core etc before installing from the new repo? > > By the way, the backup operations seem to be working now using doveadm backup -u username -R tcps:mainserver.example.com:12345 if I do the 'seeding' of the backup manually (by copying). > > Thanks. Yes, it is safe. You dont need to remove dovecot-core etc before installing from the new repo. Apt will do it for you automaticaly. Emmanuel. From c.vielhauer at me.com Tue Feb 17 11:09:57 2015 From: c.vielhauer at me.com (Christian Vielhauer) Date: Tue, 17 Feb 2015 12:09:57 +0100 Subject: Cannot delete folders from Maildir in only one account Message-ID: <34D59896-F091-4D02-9B47-AC022D3B17F8@me.com> Hi Steffen thanks for your reply. I found that permissions of some folders are different than others? After chmod all permissions to the same go= permissions, it works. No matter what happens to generate different permissions for only this one account. Because all other accounts are correct. I will have a look at this from time to time. As soon it not happens agains this thread is solved. On Mon, 16 Feb 2015, Christian Vielhauer wrote: > I try to delete the folder ?test" from Thunderbird 31.4.0 (Win), Webmail (Sogo 2.2.16), or Mail 8.2 (Mac Yosemite), but I am not able to delete in this account. > Nevertheless I am able to create new folders. These new folders are not deleteable, too. What's the returned description sctring, if you try to delete the folder manually via telnet? > dovecot 2.2.9 on Ubuntu 14.04 LTS 64-bit > > In /var/log/mail.{err,log} I cannot see any errors. What does Dovecot log? It usually logs to somewhere else. > In another account it works without any problems. (create and delete folders) - -- Steffen Kaiser From pj.netfilter at gmail.com Tue Feb 17 12:50:53 2015 From: pj.netfilter at gmail.com (Joy) Date: Tue, 17 Feb 2015 18:20:53 +0530 Subject: Help with archive server Message-ID: Hi, I want to build a system where 6 months old mail to be moved to archive server to keep my mailbox clean and fast. Is there any way to achieve the same using any pre-built binary shipped with dovecot ? Thanks and Regards Joy From mellon85 at gmail.com Tue Feb 17 13:23:58 2015 From: mellon85 at gmail.com (Dario Meloni) Date: Tue, 17 Feb 2015 13:23:58 +0000 (UTC) Subject: Dovecot 2.1.7 random login fails References: Message-ID: On Tue, 17 Feb 2015 10:17:21 +0000, Dario Meloni wrote: > Dovecot version 2.1.7, running in a debian:stable docker container. [..] I also tried using the backport packages and I have the same issues on version 2.2.13 From rs at sys4.de Tue Feb 17 14:09:54 2015 From: rs at sys4.de (Robert Schetterer) Date: Tue, 17 Feb 2015 15:09:54 +0100 Subject: Help with archive server In-Reply-To: References: Message-ID: <54E34BB2.9040808@sys4.de> Am 17.02.2015 um 13:50 schrieb Joy: > Hi, > I want to build a system where 6 months old mail to be moved to > archive server to keep my mailbox clean and fast. > > Is there any way to achieve the same using any pre-built binary shipped > with dovecot ? > > > Thanks and Regards > > Joy > Classical Mail Archive means store a copy of all incoming mail ( without spam ) like i.e here https://sys4.de/de/blog/2013/02/07/mailarchiv-mit-dovecot-und-postfix-sortiert-nach-datum-mailadressen-und-ein-ausgehend-unterordnern/ But i think you want something other, perhaps some imapsync via cron daily executed at the archive server ,from your active mailbox to your archive mailbox for mail older then 6 months http://linux.die.net/man/1/imapsync watch [--maxage ] [--minage ] for archive mailbox on the same dovecot server http://wiki2.dovecot.org/Tools/Doveadm/Move http://wiki2.dovecot.org/Tools/Doveadm/SearchQuery may also solve it Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From rs at sys4.de Tue Feb 17 14:21:33 2015 From: rs at sys4.de (Robert Schetterer) Date: Tue, 17 Feb 2015 15:21:33 +0100 Subject: Help with archive server In-Reply-To: <54E34BB2.9040808@sys4.de> References: <54E34BB2.9040808@sys4.de> Message-ID: <54E34E6D.2050001@sys4.de> Am 17.02.2015 um 15:09 schrieb Robert Schetterer: > Am 17.02.2015 um 13:50 schrieb Joy: >> Hi, >> I want to build a system where 6 months old mail to be moved to >> archive server to keep my mailbox clean and fast. >> >> Is there any way to achieve the same using any pre-built binary shipped >> with dovecot ? >> >> >> Thanks and Regards >> >> Joy >> > > Classical Mail Archive means store a copy of all incoming mail ( without > spam ) > > like i.e here > > https://sys4.de/de/blog/2013/02/07/mailarchiv-mit-dovecot-und-postfix-sortiert-nach-datum-mailadressen-und-ein-ausgehend-unterordnern/ > > But i think you want something other, perhaps some imapsync via cron > daily executed at the archive server ,from your active mailbox to your > archive mailbox for mail older then 6 months > > http://linux.die.net/man/1/imapsync > > watch > > [--maxage ] > [--minage ] > > for archive mailbox on the same dovecot server > > http://wiki2.dovecot.org/Tools/Doveadm/Move > http://wiki2.dovecot.org/Tools/Doveadm/SearchQuery > > may also solve it http://wiki2.dovecot.org/Tools/Doveadm/Import is maybe better after that you need expunge allready archived mail in the active mailbox but there may lots of other chances solving it i.e dsync, rsync but thats all depending to your setup i.e mailbox format, involved servers etc. > > > Best Regards > MfG Robert Schetterer > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From peljasz at yahoo.co.uk Tue Feb 17 16:03:17 2015 From: peljasz at yahoo.co.uk (lejeczek) Date: Tue, 17 Feb 2015 16:03:17 +0000 Subject: multiple ldap userdb and passdb Message-ID: <54E36645.3020700@yahoo.co.uk> hi everybody. I wonder if such a scenario is possible. if yes would I configure multiple passdb using ldap driver or within one clause set up multiple args? How would this work? many thanks P. From michal at mailmix.pl Tue Feb 17 19:03:27 2015 From: michal at mailmix.pl (=?UTF-8?B?TWljaGHFgiBHacW8ecWEc2tp?=) Date: Tue, 17 Feb 2015 20:03:27 +0100 Subject: [PATCH] [dovecot 2.2.9] Quota warnings ignored with FS quotas In-Reply-To: <546F8CCE.3070400@localdomain.pl> References: <546F8CCE.3070400@localdomain.pl> Message-ID: <54E3907F.8060009@mailmix.pl> On 21.11.2014 20:04, Grzegorz Nosek wrote: > Hi all, > > I noticed that in some circumstances quota warnings are ignored. The > bug arises when both of the following are used: > > 1. percentage-based quota warnings, i.e.: > > quota_warning = storage=1%% quota-warning 1 %u > > 2. filesystem quota backend (and probably others, except for quotas > configured directly in dovecot config) > > Percentage-based quota warnings have rule.bytes_limit recalculated > based on root_set->default_rule.bytes_limit, however this value is > zero when FS quotas are in use. Real quota values (from quotactl) are > fetched very late, in quota_warnings_execute() but at that point no > recalculation happens. As the warning rules have bytes_limit==0, > they're effectively ignored. > > The patch below enables quota warnings to be sent when using > filesystem (and possibly maildirsize-based) quotas. > > Based and tested on Ubuntu 14.04's dovecot 2.2.9. > > Best regards, > Grzegorz Nosek > > > diff --git a/src/plugins/quota/quota.c b/src/plugins/quota/quota.c > index adbd70d..8e4d7e0 100644 > --- a/src/plugins/quota/quota.c > +++ b/src/plugins/quota/quota.c > @@ -1163,6 +1163,8 @@ static void quota_warnings_execute(struct > quota_transaction_context *ctx, > &count_current, &count_limit) < 0) > return; > > + quota_root_recalculate_relative_rules(root->set, bytes_limit, > count_limit); > + > bytes_before = bytes_current - ctx->bytes_used; > count_before = count_current - ctx->count_used; > for (i = 0; i < count; i++) { Hi, this patch realy fix the bug in quota_warning. Is it possible to add this patch to the next release ? -- Pozdrawiam / Best Regards Micha? Gi?y?ski From user+dovecot at localhost.localdomain.org Tue Feb 17 19:36:41 2015 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 17 Feb 2015 19:36:41 +0000 Subject: multiple ldap userdb and passdb In-Reply-To: <54E36645.3020700@yahoo.co.uk> References: <54E36645.3020700@yahoo.co.uk> Message-ID: <54E39849.7010100@localhost.localdomain.org> On 02/17/2015 04:03 PM, lejeczek wrote: > hi everybody. > > I wonder if such a scenario is possible. > if yes would I configure multiple passdb using ldap driver > or within one clause set up multiple args? How would this work? Did you read http://wiki2.dovecot.org/Authentication/MultipleDatabases? Regards, Pascal -- The trapper recommends today: face1e55.1504802 at localdomain.org From damien at desfontain.es Tue Feb 17 20:05:15 2015 From: damien at desfontain.es (Damien Desfontaines) Date: Tue, 17 Feb 2015 21:05:15 +0100 Subject: Permissions for shared mail don't work In-Reply-To: References: <20141016223305.GC17848@K3PO.thurnes.local> <20141017214057.GD17848@K3PO.thurnes.local> <544265B6.8030504@smail.inf.fh-brs.de> <20141018130758.GE17848@K3PO.thurnes.local> <54437BEB.4030407@smail.inf.fh-brs.de> <20141019190539.GG17848@K3PO.thurnes.local> Message-ID: <20150217200515.GA19587@K3PO.thurnes.local> Hi, Sorry for the crazy latency. I just did that, it works like a charm. And apparently, my postfix aliases still work. Thanks a lot! Damien On Mon, Oct 20, 2014 at 08:27:59AM +0200, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sun, 19 Oct 2014, Damien Desfontaines wrote: > > >On Sun, Oct 19, 2014 at 10:52:59AM +0200, Steffen wrote: > >>>>how do you deliver new messages to spam's INBOX? > >>> > >>>By sending an e-mail to spam.whatever at desfontain.es ? > >>> > >>>(I'm not sure I understand the question?) > >>> > >> > >>How does your MTA deliver the messages to the INBOX, do you use > >>Dovecor LDA, LMTP or the MTA? > > > >The MTA itself delivers it, I think. Here are my config files?: > >- http://paste.fulltxt.net/xx31R (/etc/postfix/main.cf) > >- and http://paste.fulltxt.net/t9iXRBIH (/etc/postfix/master.cf) > > I don't use Postfix, but neither Postfix nor Maildrop honor Dovecot's > permission settings obviously. So, you need to re-configure those to set > the Unix permissions, too. > > I'd recommend to reconfigure Postfix to use Dovecot LMTP: > http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP > > or Dovecot LDA. However, if you use maildrop filtering, you have to > switch to Dovecot Pigeonhole Sieve filtering. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVESrcHz1H7kL/d9rAQIDlggAgN1l0PA0yWYVIMIpuehVb0bKkdiKsDh1 > adP899zThrl8/gKC6TQLldbCi92Kxnudt+yCZef07oFoiZxy3Xj+o7jECJrWI900 > LLG1TrwR2IX2jmwKL3XNR2F5nOJl2ePp8YI5LxYZiys2eZ1Ug9Ks0klJTEBzKCY3 > cZqad5+T7C1Lp39IjJF9ILPUWaCIFgkTgWBt/TvgXx6zj4zYxFL1bweN2zZOteFz > m3nm8GcWlfXs2R9zc7Lpn+SM8IjRAZKB+/PtF2eqDHxQ+D8mddIqDFQhSK30sjfq > Cf5ZMB7/+jEzSi4DdEnNwrsSGyuoJCEA5Ekoj1zR5M0HNOWMKy4V6A== > =1q+8 > -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 213 bytes Desc: Digital signature URL: From robertfantini at gmail.com Tue Feb 17 21:29:01 2015 From: robertfantini at gmail.com (Robert Fantini) Date: Tue, 17 Feb 2015 16:29:01 -0500 Subject: how to run dovecot imap on separate server from postfix? Message-ID: Hello we are using version 2.2.13 on debian. currently imap runs on the same system as postfix , spamassassin and other mail related software. I'd like to move dovecot imapd and mail storage to its own system. I've search google and wiki and could not see how to do so. could someone please point me in the direction to that done? I like reading documentation.. here is more info on our set up: postfix: # grep dovecot /etc/postfix/* /etc/postfix/main.cf:mailbox_transport = lmtp:unix:private/dovecot-lmtp /etc/postfix/main.cf:smtpd_sasl_type = dovecot kind regards Rob Fantini From h.reindl at thelounge.net Tue Feb 17 21:37:40 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Feb 2015 22:37:40 +0100 Subject: how to run dovecot imap on separate server from postfix? In-Reply-To: References: Message-ID: <54E3B4A4.80406@thelounge.net> Am 17.02.2015 um 22:29 schrieb Robert Fantini: > we are using version 2.2.13 on debian. > > currently imap runs on the same system as postfix , spamassassin and > other mail related software. > > I'd like to move dovecot imapd and mail storage to its own system. > > I've search google and wiki and could not see how to do so. > > could someone please point me in the direction to that done? I like > reading documentation.. > > here is more info on our set up: > > postfix: > # grep dovecot /etc/postfix/* > /etc/postfix/main.cf:mailbox_transport = lmtp:unix:private/dovecot-lmtp > /etc/postfix/main.cf:smtpd_sasl_type = dovecot just configure postfix to use "lmtp:host:port" of the dovecot machine -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From robertfantini at gmail.com Tue Feb 17 21:51:54 2015 From: robertfantini at gmail.com (Robert Fantini) Date: Tue, 17 Feb 2015 16:51:54 -0500 Subject: how to run dovecot imap on separate server from postfix? In-Reply-To: <54E3B4A4.80406@thelounge.net> References: <54E3B4A4.80406@thelounge.net> Message-ID: Hello Reindl, thank you for the response. I want to make sure that the postfix delivery does not give up trying to get the email delivered when the lmtp host is not reachable. I do not just want to assume that the default settings are correct for us. Are there postfix or other settings which can be checked and adjusted? On Tue, Feb 17, 2015 at 4:37 PM, Reindl Harald wrote: > > Am 17.02.2015 um 22:29 schrieb Robert Fantini: > > we are using version 2.2.13 on debian. >> >> currently imap runs on the same system as postfix , spamassassin and >> other mail related software. >> >> I'd like to move dovecot imapd and mail storage to its own system. >> >> I've search google and wiki and could not see how to do so. >> >> could someone please point me in the direction to that done? I like >> reading documentation.. >> >> here is more info on our set up: >> >> postfix: >> # grep dovecot /etc/postfix/* >> /etc/postfix/main.cf:mailbox_transport = lmtp:unix:private/dovecot-lmtp >> /etc/postfix/main.cf:smtpd_sasl_type = dovecot >> > > just configure postfix to use "lmtp:host:port" of the dovecot machine > > From h.reindl at thelounge.net Tue Feb 17 21:57:43 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 17 Feb 2015 22:57:43 +0100 Subject: how to run dovecot imap on separate server from postfix? In-Reply-To: References: <54E3B4A4.80406@thelounge.net> Message-ID: <54E3B957.6010200@thelounge.net> Am 17.02.2015 um 22:51 schrieb Robert Fantini: > I want to make sure that the postfix delivery does not give up trying to > get the email delivered when the lmtp host is not reachable. I do not > just want to assume that the default settings are correct for us. > > Are there postfix or other settings which can be checked and adjusted? postfix was *not* written by a moron and hence in any case any mail in the queue will be re-tried until "maximal_queue_lifetime" is reached there is no difference if lmtp is a unix socket or on the network because nobody can say for sure that the lmtpd on localhost is reachable 365/7/24 and hence any sane MTA handles errors properly > On Tue, Feb 17, 2015 at 4:37 PM, Reindl Harald > wrote: >> >> Am 17.02.2015 um 22:29 schrieb Robert Fantini: >> >> we are using version 2.2.13 on debian. >>> >>> currently imap runs on the same system as postfix , spamassassin and >>> other mail related software. >>> >>> I'd like to move dovecot imapd and mail storage to its own system. >>> >>> I've search google and wiki and could not see how to do so. >>> >>> could someone please point me in the direction to that done? I like >>> reading documentation.. >>> >>> here is more info on our set up: >>> >>> postfix: >>> # grep dovecot /etc/postfix/* >>> /etc/postfix/main.cf:mailbox_transport = lmtp:unix:private/dovecot-lmtp >>> /etc/postfix/main.cf:smtpd_sasl_type = dovecot >>> >> >> just configure postfix to use "lmtp:host:port" of the dovecot machine -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From robertfantini at gmail.com Tue Feb 17 22:02:39 2015 From: robertfantini at gmail.com (Robert Fantini) Date: Tue, 17 Feb 2015 17:02:39 -0500 Subject: how to run dovecot imap on separate server from postfix? In-Reply-To: <54E3B957.6010200@thelounge.net> References: <54E3B4A4.80406@thelounge.net> <54E3B957.6010200@thelounge.net> Message-ID: Hello again Reindl Harald I always thought Wietse Venema was only as smart as me ;-) seriously thank you for the help. On Tue, Feb 17, 2015 at 4:57 PM, Reindl Harald wrote: > > Am 17.02.2015 um 22:51 schrieb Robert Fantini: > >> I want to make sure that the postfix delivery does not give up trying to >> get the email delivered when the lmtp host is not reachable. I do >> not >> just want to assume that the default settings are correct for us. >> >> Are there postfix or other settings which can be checked and adjusted? >> > > postfix was *not* written by a moron and hence in any case any mail in the > queue will be re-tried until "maximal_queue_lifetime" is reached > > there is no difference if lmtp is a unix socket or on the network because > nobody can say for sure that the lmtpd on localhost is reachable 365/7/24 > and hence any sane MTA handles errors properly > > > On Tue, Feb 17, 2015 at 4:37 PM, Reindl Harald >> wrote: >> >>> >>> Am 17.02.2015 um 22:29 schrieb Robert Fantini: >>> >>> we are using version 2.2.13 on debian. >>> >>>> >>>> currently imap runs on the same system as postfix , spamassassin >>>> and >>>> other mail related software. >>>> >>>> I'd like to move dovecot imapd and mail storage to its own system. >>>> >>>> I've search google and wiki and could not see how to do so. >>>> >>>> could someone please point me in the direction to that done? I like >>>> reading documentation.. >>>> >>>> here is more info on our set up: >>>> >>>> postfix: >>>> # grep dovecot /etc/postfix/* >>>> /etc/postfix/main.cf:mailbox_transport = lmtp:unix:private/dovecot-lmtp >>>> /etc/postfix/main.cf:smtpd_sasl_type = dovecot >>>> >>>> >>> just configure postfix to use "lmtp:host:port" of the dovecot machine >>> >> > From skdovecot at smail.inf.fh-brs.de Wed Feb 18 06:49:04 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 18 Feb 2015 07:49:04 +0100 (CET) Subject: Dovecot 2.1.7 random login fails In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 17 Feb 2015, Dario Meloni wrote: > Feb 17 07:48:32 pop3-login: Fatal: read(ssl-params) failed: Permission > denied > > I checked in the code and found that the issue is from ssl-params.c > apparently not being able to read from a file descriptor that it already > opened... did you've verified that the file exists and has a reasonable file size? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOQ14Hz1H7kL/d9rAQICRAf/fX8WD3zgwdae+U2IH/PHkbiEuIcFrSjh nqtjpBQ8zcKLfGpVV13+okJ+Yt0uQDGXLoXmwrDuQD0IGZKwpFxAJXzZn1xzG7GM kma3jtUE5Jw//eTk2e3dLCsnYPU8XA8/pi5zYzpgITtScAA3LitLApT4uGfgLtMD GHZlxVxryHrRllYlkO8gECeuBBaDwpPHGz6cgImReTrHk1OEAoc61TOlamPxbIR/ PEWrEoohUNqbXY81qsdqtyrRbzmHWpMcJlFT6JvaCIXIZgFzbmIayE54klYSfSqh J9etOQz/gKdwT1QXT4w6DeVJUbvCTNGv6ZNT+CYDBVr7+DhpnTBjmg== =krXV -----END PGP SIGNATURE----- From peljasz at yahoo.co.uk Wed Feb 18 07:25:31 2015 From: peljasz at yahoo.co.uk (lejeczek) Date: Wed, 18 Feb 2015 07:25:31 +0000 Subject: multiple ldap userdb and passdb In-Reply-To: <54E39849.7010100@localhost.localdomain.org> References: <54E36645.3020700@yahoo.co.uk> <54E39849.7010100@localhost.localdomain.org> Message-ID: <54E43E6B.3030105@yahoo.co.uk> On 17/02/15 19:36, Pascal Volk wrote: > On 02/17/2015 04:03 PM, lejeczek wrote: >> hi everybody. >> >> I wonder if such a scenario is possible. >> if yes would I configure multiple passdb using ldap driver >> or within one clause set up multiple args? How would this work? > Did you read http://wiki2.dovecot.org/Authentication/MultipleDatabases? > yes, and other different articles, but nowhere there was a setup with the same type/driver of database occurring more than once in the config discussed. I would have to look up to different DN that exist under different trees and I wonder how this can be achieved. > Regards, > Pascal From skdovecot at smail.inf.fh-brs.de Wed Feb 18 07:39:33 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 18 Feb 2015 08:39:33 +0100 (CET) Subject: multiple ldap userdb and passdb In-Reply-To: <54E43E6B.3030105@yahoo.co.uk> References: <54E36645.3020700@yahoo.co.uk> <54E39849.7010100@localhost.localdomain.org> <54E43E6B.3030105@yahoo.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 18 Feb 2015, lejeczek wrote: > On 17/02/15 19:36, Pascal Volk wrote: >> On 02/17/2015 04:03 PM, lejeczek wrote: >>> hi everybody. >>> >>> I wonder if such a scenario is possible. >>> if yes would I configure multiple passdb using ldap driver >>> or within one clause set up multiple args? How would this work? >> Did you read http://wiki2.dovecot.org/Authentication/MultipleDatabases? >> > yes, and other different articles, but nowhere there was a setup with the > same type/driver of database occurring more than once in the config > discussed. > I would have to look up to different DN that exist under different trees and > I wonder how this can be achieved. different trees == different servers? Anyway: duplicate the ldap.conf file and use one file for one passdb/userdb pair and the other one for a second pair. If both trees reside on the same server, you probably find a filter to select them. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVORBtXz1H7kL/d9rAQL2iQgAknJOk5Bt4L9kqWqNFrVV0+ipumQCda4U w4JEHHM5qDfXIp7KW5aV8zdDCCgAirpx9v5myHtr73I3w3S3R7FQNy6ZKikJvD6w 3nD/TC8eZxWoVMm/6HlZLxvRl7qAyZQ2W3I/q7VTFhZsdCGeTdioHGLxiOusHTNr 8W/BWZSImsyqdtKEDlCdKLj0XdByCBZubbr4q5y4prWeXuXvHMKT1x44MIZxyqsA wvm9T93GJ2YNrV7ICGfFImaZwqNVmJ3B7SVi6iDTYxQITFnpDabiPmqUG/zPjqRk Hu/yec5ZDgOCEXee4bjHY+Ws2Az7a4ekPnsP6WoifOSoGy2v8DzEtg== =dSdp -----END PGP SIGNATURE----- From mellon85 at gmail.com Wed Feb 18 09:38:22 2015 From: mellon85 at gmail.com (Dario Meloni) Date: Wed, 18 Feb 2015 09:38:22 +0000 (UTC) Subject: Dovecot 2.1.7 random login fails References: Message-ID: On Wed, 18 Feb 2015 07:49:04 +0100, Steffen Kaiser wrote: > did you've verified that the file exists and has a reasonable file size? The file in question is actually a unix socket that I guess is used to refresh the SSL data from the main privileged process. I don't know which process is actually logging the error, but the ssl- params file is root owned and is readable and writable by everyone. From robertfantini at gmail.com Wed Feb 18 17:15:05 2015 From: robertfantini at gmail.com (Robert Fantini) Date: Wed, 18 Feb 2015 12:15:05 -0500 Subject: how to run dovecot imap on separate server from postfix? In-Reply-To: References: <54E3B4A4.80406@thelounge.net> <54E3B957.6010200@thelounge.net> Message-ID: I'm trying to figure out the exact line to put to /etc/postfix/main.cf for local lmtp deliver we use: mailbox_transport = *lmtp:unix:private/dovecot-lmtp* for remote it is supposed to be:* lmtp:host:port* yet at the remote lmtp does not use ports. UNIX domain sockets are used instead: netstat --listening --programs| grep lmtp unix 2 [ ACC ] STREAM LISTENING 8457 3696/dovecot /var/run/dovecot/lmtp unix 2 [ ACC ] STREAM LISTENING 7998 3834/master private/lmtp unix 2 [ ACC ] STREAM LISTENING 7630 3696/dovecot /var/spool/postfix/private/dovecot-lmtp Is there a different setting for lmtp using 'domain sockets' ? On Tue, Feb 17, 2015 at 5:02 PM, Robert Fantini wrote: > Hello again Reindl Harald > > I always thought Wietse Venema was only as smart as me ;-) > > seriously thank you for the help. > > On Tue, Feb 17, 2015 at 4:57 PM, Reindl Harald > wrote: > >> >> Am 17.02.2015 um 22:51 schrieb Robert Fantini: >> >>> I want to make sure that the postfix delivery does not give up trying to >>> get the email delivered when the lmtp host is not reachable. I do >>> not >>> just want to assume that the default settings are correct for us. >>> >>> Are there postfix or other settings which can be checked and adjusted? >>> >> >> postfix was *not* written by a moron and hence in any case any mail in >> the queue will be re-tried until "maximal_queue_lifetime" is reached >> >> there is no difference if lmtp is a unix socket or on the network because >> nobody can say for sure that the lmtpd on localhost is reachable 365/7/24 >> and hence any sane MTA handles errors properly >> >> >> On Tue, Feb 17, 2015 at 4:37 PM, Reindl Harald >>> wrote: >>> >>>> >>>> Am 17.02.2015 um 22:29 schrieb Robert Fantini: >>>> >>>> we are using version 2.2.13 on debian. >>>> >>>>> >>>>> currently imap runs on the same system as postfix , spamassassin >>>>> and >>>>> other mail related software. >>>>> >>>>> I'd like to move dovecot imapd and mail storage to its own system. >>>>> >>>>> I've search google and wiki and could not see how to do so. >>>>> >>>>> could someone please point me in the direction to that done? I like >>>>> reading documentation.. >>>>> >>>>> here is more info on our set up: >>>>> >>>>> postfix: >>>>> # grep dovecot /etc/postfix/* >>>>> /etc/postfix/main.cf:mailbox_transport = >>>>> lmtp:unix:private/dovecot-lmtp >>>>> /etc/postfix/main.cf:smtpd_sasl_type = dovecot >>>>> >>>>> >>>> just configure postfix to use "lmtp:host:port" of the dovecot machine >>>> >>> >> > From h.reindl at thelounge.net Wed Feb 18 17:20:42 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 18 Feb 2015 18:20:42 +0100 Subject: how to run dovecot imap on separate server from postfix? In-Reply-To: References: <54E3B4A4.80406@thelounge.net> <54E3B957.6010200@thelounge.net> Message-ID: <54E4C9EA.8020807@thelounge.net> Am 18.02.2015 um 18:15 schrieb Robert Fantini: > I'm trying to figure out the exact line to put to /etc/postfix/main.cf > > for local lmtp deliver we use: > mailbox_transport = *lmtp:unix:private/dovecot-lmtp* > > for remote it is supposed to be:* lmtp:host:port* > > yet at the remote lmtp does not use ports. UNIX domain sockets are used > instead so just configure dovecot lmtpd to listen on a TCP port, port 24 is reserved for that - and don't open the port for any other machine as the postfix server [harry at srv-rhsoft:~]$ cat /etc/services | grep -i lmtp lmtp 24/tcp # LMTP Mail Delivery lmtp 24/udp # LMTP Mail Delivery -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From h.reindl at thelounge.net Wed Feb 18 17:37:04 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 18 Feb 2015 18:37:04 +0100 Subject: how to run dovecot imap on separate server from postfix? In-Reply-To: <54E4C9EA.8020807@thelounge.net> References: <54E3B4A4.80406@thelounge.net> <54E3B957.6010200@thelounge.net> <54E4C9EA.8020807@thelounge.net> Message-ID: <54E4CDC0.9060601@thelounge.net> Am 18.02.2015 um 18:20 schrieb Reindl Harald: > > Am 18.02.2015 um 18:15 schrieb Robert Fantini: >> I'm trying to figure out the exact line to put to /etc/postfix/main.cf >> >> for local lmtp deliver we use: >> mailbox_transport = *lmtp:unix:private/dovecot-lmtp* >> >> for remote it is supposed to be:* lmtp:host:port* >> >> yet at the remote lmtp does not use ports. UNIX domain sockets are used >> instead > > so just configure dovecot lmtpd to listen on a TCP port, port 24 is > reserved for that - and don't open the port for any other machine as the > postfix server > > [harry at srv-rhsoft:~]$ cat /etc/services | grep -i lmtp > lmtp 24/tcp # LMTP Mail Delivery > lmtp 24/udp # LMTP Mail Delivery and since i answered the same question yet on the postfix list http://wiki2.dovecot.org/LMTP http://www.postfix.org/lmtp.8.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From robertfantini at gmail.com Wed Feb 18 19:07:13 2015 From: robertfantini at gmail.com (Robert Fantini) Date: Wed, 18 Feb 2015 14:07:13 -0500 Subject: how to run dovecot imap on separate server from postfix? In-Reply-To: <54E4CDC0.9060601@thelounge.net> References: <54E3B4A4.80406@thelounge.net> <54E3B957.6010200@thelounge.net> <54E4C9EA.8020807@thelounge.net> <54E4CDC0.9060601@thelounge.net> Message-ID: OK I got delivery from postfix to lmtp working , by changing from unix_listener to inet_listener . Reindl wrote "don't open the port for any other machine as the postfix server" I see that is important.. I assume that just a firewall setting? Or does the 'address' line in inet_listener lmtp have something to do with it? On Wed, Feb 18, 2015 at 12:37 PM, Reindl Harald wrote: > > > Am 18.02.2015 um 18:20 schrieb Reindl Harald: > > >> Am 18.02.2015 um 18:15 schrieb Robert Fantini: >> >>> I'm trying to figure out the exact line to put to /etc/postfix/main.cf >>> >>> for local lmtp deliver we use: >>> mailbox_transport = *lmtp:unix:private/dovecot-lmtp* >>> >>> for remote it is supposed to be:* lmtp:host:port* >>> >>> yet at the remote lmtp does not use ports. UNIX domain sockets are used >>> instead >>> >> >> so just configure dovecot lmtpd to listen on a TCP port, port 24 is >> reserved for that - and don't open the port for any other machine as the >> postfix server >> >> [harry at srv-rhsoft:~]$ cat /etc/services | grep -i lmtp >> lmtp 24/tcp # LMTP Mail Delivery >> lmtp 24/udp # LMTP Mail Delivery >> > > and since i answered the same question yet on the postfix list > > http://wiki2.dovecot.org/LMTP > http://www.postfix.org/lmtp.8.html > > From h.reindl at thelounge.net Wed Feb 18 19:14:21 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 18 Feb 2015 20:14:21 +0100 Subject: how to run dovecot imap on separate server from postfix? In-Reply-To: References: <54E3B4A4.80406@thelounge.net> <54E3B957.6010200@thelounge.net> <54E4C9EA.8020807@thelounge.net> <54E4CDC0.9060601@thelounge.net> Message-ID: <54E4E48D.4070301@thelounge.net> Am 18.02.2015 um 20:07 schrieb Robert Fantini: > OK I got delivery from postfix to lmtp working , > > by changing from unix_listener to inet_listener . > > > Reindl wrote "don't open the port for any other machine as the postfix > server" > I see that is important.. I assume that just a firewall setting? Or > does the 'address' line in inet_listener lmtp have something to do with > it? firewall as long as you don't have more than one network card and the interface dovecot is listening on is only reachable from the postfix server even if: *always* restrict the packet filter, sooner or later somebody will change something without realize the impact and hence if it comes to security put at least 2 safety nets in front of server ports > On Wed, Feb 18, 2015 at 12:37 PM, Reindl Harald > wrote: > >> >> >> Am 18.02.2015 um 18:20 schrieb Reindl Harald: >> >> >>> Am 18.02.2015 um 18:15 schrieb Robert Fantini: >>> >>>> I'm trying to figure out the exact line to put to /etc/postfix/main.cf >>>> >>>> for local lmtp deliver we use: >>>> mailbox_transport = *lmtp:unix:private/dovecot-lmtp* >>>> >>>> for remote it is supposed to be:* lmtp:host:port* >>>> >>>> yet at the remote lmtp does not use ports. UNIX domain sockets are used >>>> instead >>>> >>> >>> so just configure dovecot lmtpd to listen on a TCP port, port 24 is >>> reserved for that - and don't open the port for any other machine as the >>> postfix server >>> >>> [harry at srv-rhsoft:~]$ cat /etc/services | grep -i lmtp >>> lmtp 24/tcp # LMTP Mail Delivery >>> lmtp 24/udp # LMTP Mail Delivery >>> >> >> and since i answered the same question yet on the postfix list >> >> http://wiki2.dovecot.org/LMTP >> http://www.postfix.org/lmtp.8.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From tcstone at caseystone.com Wed Feb 18 21:07:32 2015 From: tcstone at caseystone.com (Casey Stone) Date: Wed, 18 Feb 2015 21:07:32 +0000 Subject: doveadm sync out of memory In-Reply-To: <14981_1424170307_54E31D43_14981_12189_1_54E31D3F.1060700@thalesgroup.com> References: <19525_1423842134_54DE1B53_19525_59_2_54DE1B51.8000900@thalesgroup.com> <14981_1424170307_54E31D43_14981_12189_1_54E31D3F.1060700@thalesgroup.com> Message-ID: On Feb 17, 2015, at 10:51 AM, FUSTE Emmanuel wrote: > Le 16/02/2015 20:40, Casey Stone a ?crit : >> On Feb 13, 2015, at 3:42 PM, FUSTE Emmanuel wrote: >> >>> Le 13/02/2015 16:19, Casey Stone a ?crit : >>>> On Feb 5, 2015, at 10:39 PM, Casey Stone wrote: >>>> >>>>> Hello: >>>>> >>>>> I've been looking forward to getting my mail server up to Dovecot 2.2+ to be able to use the sync mechanism. I run my own mail server just for myself, with a few different accounts, and want to keep a master and backup server in sync. >>>>> >>>>> I'm running the Ubuntu server 14.04.1 mail stack which features Dovecot 2.2.9 (and Postfix). My setup is to use system users (userdb passwd / passdb pam) with ~/Maildir. I'll post full sanitized output of dovecot -n if it seems necessary. I have not enabled any plugins (do I need the replicator plugin active?) I have in my conf a doveadm_password defined. >>>>> >>>>> Anyway, after setting up an ssl listener on the main machine and after considerable struggles with SSL, I was able to run doveadm sync from the backup server successfully for a small mailbox (around 78 MB) with this command: >>>>> >>>>> doveadm sync -R tcps:mainserver.example.com:12345 >>>>> >>>>> Since I run this command as the system user on the backup server (same system users as main server) it 'just works' for the correct single user with no further options required. My plan is to run a daily cron job to sync once daily for each user. >>>>> >>>>> The problem is when I try to sync a larger mailbox, say 1 GB, dsync-server on the remote (master) machine throws fatal error 83 Out of Memory. I already raised vsz_limit to 512 MB. Problems probably arise with mailboxes around 200 MB though I haven't tested specifically. So my question is, is this expected and I will need to give my VM much more memory to be able to use dovecot sync, or do I have something set wrong, or is it a bug? >>>>> >>>>> Thanks for your help. >>>> No repsonses :-( >>>> >>>> Here is what it looks like when it crashes with an out of memory error: >>>> >>>> (start of the run) >>>> Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: Effective uid=1002, gid=1002, home=/home/tcstone >>>> Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list$ >>>> Feb 13 14:02:38 thepost dovecot: doveadm(10.0.1.22,tcstone): Debug: maildir++: root=/data/tcstone/Maildir, index=, indexpvt=, control=, inbo$ >>>> Feb 13 14:02:39 thepost dovecot: dsync-server(tcstone): Debug: Namespace : Using permissions from /data/tcstone/Maildir: mode=0700 gid=defau$ >>>> Feb 13 14:02:39 thepost dovecot: dsync-server(tcstone): Debug: brain S: out state=send_mailbox_tree changed=1 >>>> >>>> <<>> >>>> >>>> (end of the run) >>>> Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Fatal: pool_system_realloc(536870912): Out of memory >>>> Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x5e271) [0x7f9d2056b271] -> /usr/lib/dovecot/libdovecot.so.0(+0x5e34e) [0x7f9d2056b34e] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f9d20526bf8] -> /usr/lib/dovecot/libdovecot.so.0(+0x72d53) [0x7f9d2057fd53] -> /usr/lib/dovecot/libdovecot.so.0(+0x7792a) [0x7f9d2058492a] -> /usr/lib/dovecot/libdovecot.so.0(+0x77be6) [0x7f9d20584be6] -> /usr/lib/dovecot/libdovecot.so.0(+0x78748) [0x7f9d20585748] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0x8d) [0x7f9d20583d7d] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_send+0x1a) [0x7f9d20583e1a] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x4c05) [0x7f9d1f6a0c05] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(openssl_iostream_bio_sync+0x21) [0x7f9d1f6a1881] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x7a4d) [0x7f9d1f6a3a4d] -> /usr/lib/dovecot/modules/libssl_iostream_openssl.so(+0x7d69) [0x7f9d1f6a3d69] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_sendv+0x8d) [0x7f9d20583d7d] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_nsendv+0xf) [0x7f9d20583e5f] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_nsend+0x1a) [0x7f9d20583e8a] -> dovecot/doveadm-server(+0x2b03f) [0x7f9d20d3003f] -> dovecot/doveadm-server(+0x2c768) [0x7f9d20d31768] -> dovecot/doveadm-server(dsync_ibc_send_mail+0x29) [0x7f9d20d2f309] -> dovecot/doveadm-server(dsync_brain_sync_mails+0x5fc) [0x7f9d20d24a1c] -> dovecot/doveadm-server(dsync_brain_run+0x523) [0x7f9d20d20f93] -> dovecot/doveadm-server(+0x1c270) [0x7f9d20d21270] -> dovecot/doveadm-server(+0x2de60) [0x7f9d20d32e60] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7f9d2057b247] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7f9d2057bfd7] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f9d2057ade8] -> dovecot/doveadm-server(+0x1a189) [0x7f9d20d1f189] -> dovecot/doveadm-server(+0xebeb) [0x7f9d20d13beb] >>>> Feb 13 14:02:52 thepost dovecot: dsync-server(tcstone): Fatal: master: service(doveadm): child 13232 returned error 83 (Out of memory (service doveadm { vsz_limit=512 MB }, you may need to increase it) - set DEBUG_OUTOFMEM=1 environment to get core dump) >>>> >>>> I haven't tested whether it is simply the effect of having DEBUG active that kills it... A run requiring moving just over 100 MB of mail is enough to cause the error. I have tested manually copying the Maildir to the backup server, then running the sync or backup command -- this works. Thus is seems related not to the size of the mailbox but the size of the data that needs to be copied. >>> To use dsync, use Dovecot 2.2.15 to avoid any trouble. >>> Use apt.dovecot.fi repository. >>> >>> Emmanuel. >> At first I scoffed at this notion, preferring to stick with my distributions own packaged versions, but then I realised that there is this 'enterprise version' called dovecot-ee available, and now it even is free (previously $99/year I guess). I registered for this and have a license and username/password now, but it seems Ubuntu is only supported as of 12.04 not 14.04 that I am running. >> >> I tried to add the repo changing 'precise' for 'trusty' but the repo did not respond to that. Anyone know if it's safe to use 'precise' on a trusty server, or if there is progress to create packages for trusty? Also, should I apt-get remove dovecot-core etc before installing from the new repo? >> >> By the way, the backup operations seem to be working now using doveadm backup -u username -R tcps:mainserver.example.com:12345 if I do the 'seeding' of the backup manually (by copying). >> >> Thanks. > Yes, it is safe. You dont need to remove dovecot-core etc before > installing from the new repo. Apt will do it for you automaticaly. > > Emmanuel. I made the change to dovecot-ee from the official dovecot.fi repo. Here's the simulation I made before doing it: # apt-get -s install dovecot-ee-core dovecot-ee-imapd dovecot-ee-pop3d dovecot-ee-lmtpd dovecot-ee-sieve dovecot-ee-managesieved Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: dovecot-ee-gssapi dovecot-ee-pgsql dovecot-ee-mysql dovecot-ee-sqlite dovecot-ee-ldap dovecot-ee-solr dovecot-ee-lucene The following packages will be REMOVED dovecot-core dovecot-imapd dovecot-managesieved dovecot-pop3d dovecot-sieve mail-stack-delivery The following NEW packages will be installed dovecot-ee-core dovecot-ee-imapd dovecot-ee-lmtpd dovecot-ee-managesieved dovecot-ee-pop3d dovecot-ee-sieve 0 to upgrade, 6 to newly install, 6 to remove and 10 not to upgrade. Remv mail-stack-delivery [1:2.2.9-1ubuntu2.1] Remv dovecot-managesieved [1:2.2.9-1ubuntu2.1] Remv dovecot-sieve [1:2.2.9-1ubuntu2.1] Remv dovecot-core [1:2.2.9-1ubuntu2.1] [dovecot-pop3d:amd64 dovecot-imapd:amd64 ] Remv dovecot-imapd [1:2.2.9-1ubuntu2.1] [dovecot-pop3d:amd64 ] Remv dovecot-pop3d [1:2.2.9-1ubuntu2.1] Inst dovecot-ee-core (1:2.2.15.8-1 Dovecot Enterprise Edition:stable [amd64]) Inst dovecot-ee-imapd (1:2.2.15.8-1 Dovecot Enterprise Edition:stable [amd64]) Inst dovecot-ee-lmtpd (1:2.2.15.8-1 Dovecot Enterprise Edition:stable [amd64]) Inst dovecot-ee-sieve (0.4.6-2 Dovecot Enterprise Edition:stable [amd64]) Inst dovecot-ee-managesieved (0.4.6-2 Dovecot Enterprise Edition:stable [amd64]) Inst dovecot-ee-pop3d (1:2.2.15.8-1 Dovecot Enterprise Edition:stable [amd64]) Conf dovecot-ee-core (1:2.2.15.8-1 Dovecot Enterprise Edition:stable [amd64]) Conf dovecot-ee-imapd (1:2.2.15.8-1 Dovecot Enterprise Edition:stable [amd64]) Conf dovecot-ee-lmtpd (1:2.2.15.8-1 Dovecot Enterprise Edition:stable [amd64]) Conf dovecot-ee-sieve (0.4.6-2 Dovecot Enterprise Edition:stable [amd64]) Conf dovecot-ee-managesieved (0.4.6-2 Dovecot Enterprise Edition:stable [amd64]) Conf dovecot-ee-pop3d (1:2.2.15.8-1 Dovecot Enterprise Edition:stable [amd64]) There was a problem though, Ubuntu-related I guess, maybe due to removing the package mail-stack-delivery. It changed my /etc/postfix/main.cf config! This rendered my server inoperable of course. It changed the SSL certs back to snakeoil, changed home_mailbox to blank, changed SASL type to Cryus among other changes. It did not completely replace my main.cf file though, just made some changes! So, that's horrible. Be sure to backup your config files before doing this if you feel like trying it. I'll follow up on whether it fixes any memory or syncing issues for me. From fernando.figaro at uol.com.br Wed Feb 18 22:00:18 2015 From: fernando.figaro at uol.com.br (fernando.figaro at uol.com.br) Date: Wed, 18 Feb 2015 20:00:18 -0200 Subject: lazy_expunge + mdbox In-Reply-To: ["54d2c4304bcd2_2f61159968f073e8304b1@a4-weasel11.mail"] References: ["54d2c4304bcd2_2f61159968f073e8304b1@a4-weasel11.mail"] Message-ID: <54e50b72ad6c_700c15abedba93e483221@a4-weasel6.mail> It appears to me that this issue is related to how lazy_expunge and last_instance work with mdbox - that is different from maildir. With maildir, the message is moved to the expunged namespace only when the last copy is removed (example: from trash folder). With mdbox, first time when you move message from one folder to another, dovecot creates a copy in the expunge namespace. When you delete messages or expunge them from Trash folder (example, nightly 'doveadm expunge' cronjob) they are simply deleted because they already have copies at expunged namespace. @Timo, is that correct ? This is what I could understand from my tests. Thanks, Fernando De: fernando.figaro at uol.com.br Enviada: Quarta-feira, 4 de Fevereiro de 2015 23:15 Para: dovecot at dovecot.org Assunto: lazy_expunge + mdbox Hi, ? I'm studying an issue related to mdbox and lazy_expunge. If it is active in the imap configuration, when you delete a message (copy to new folder + expunge old folder), a copy is also sent to the expunge namespace. ? I realize that is something related to mdbox and?lazy_expunge_only_last_instance and found almost no references except this one (http://hg.dovecot.org/dovecot-2.2/file/24d6708cea76/TODO): ? lazy_expunge_only_last_instance=yes + mdbox doesn't work, because refcounts don't update immediately One other suggestion I found was to disable 'move' capability. Does anyone has other news regarding this issue ? Thanks, Fernando From emanuel.evans at gmail.com Wed Feb 18 23:43:49 2015 From: emanuel.evans at gmail.com (Emanuel Evans) Date: Wed, 18 Feb 2015 15:43:49 -0800 Subject: Permissions problem with mdbox maildir Message-ID: Hi! Apologies if this has come up before, or if this is a duplicate posting (I tried posting before but I think it got lost). Anyways, I'm trying to set up an IMAP server with dovecot, and everything seems to be more or less working except that I periodically see error messages like this in my logs: Feb 18 01:01:15 stark dovecot: lmtp(31956, root at aleme.nu): Error: link(/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index, /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmp) failed: Operation not permitted I'm assuming it's a permissions problem with my maildir, but I can't figure out what the relevant process is in order to fix it. The maildir is owned by vmail with permissions set to 700; here is the output of dovecot -n: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 fuse.encfs mail_gid = vmail mail_location = mdbox:/var/decrypted/vmail/%d/%n mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { antispam_allow_append_to_spam = no antispam_dspam_args = --user;root;deliver=;--source=error;--client antispam_spam = Junk antispam_trash = Trash sieve = ~/.dovecot.sieve sieve_before = /var/lib/dovecot/sieve/before sieve_dir = ~/sieve sieve_global_dir = /var/lib/dovecot/sieve/global } protocols = " imap lmtp sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imaps { port = 993 ssl = yes } service_count = 1 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = vmail } ... ... userdb { args = uid=vmail gid=vmail home=/var/vmail/%d/%n driver = static } protocol lmtp { mail_plugins = " sieve" } protocol imap { mail_plugins = " antispam" } As you can see, I'm keeping the maildir on an encfs-encrypted volume, in case that's relevant. Please let me know any ideas for why this might be happening. Thanks in advance! Emanuel From skdovecot at smail.inf.fh-brs.de Thu Feb 19 07:20:32 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 19 Feb 2015 08:20:32 +0100 (CET) Subject: Permissions problem with mdbox maildir In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 18 Feb 2015, Emanuel Evans wrote: > Hi! Apologies if this has come up before, or if this is a duplicate > posting (I tried posting before but I think it got lost). Anyways, I'm > trying to set up an IMAP server with dovecot, and everything seems to be > more or less working except that I periodically see error messages like > this in my logs: > > Feb 18 01:01:15 stark dovecot: lmtp(31956, root at aleme.nu): Error: link(/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index, /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmp) failed: Operation not permitted > > I'm assuming it's a permissions problem with my maildir, but I can't > figure out what the relevant process is in order to fix it. The maildir > is owned by vmail with permissions set to 700; here is the output of > dovecot -n: > > # 2.1.7: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 fuse.encfs > userdb { > args = uid=vmail gid=vmail home=/var/vmail/%d/%n > driver = static > } > As you can see, I'm keeping the maildir on an encfs-encrypted volume, in > case that's relevant. Please let me know any ideas for why this might be > happening. Thanks in advance! Could you try what happens, if you create the hardlink manually as the vmail user _two_ times, if the first link() succeeds. Maybe: 1) hard links won't work on your encfs, 2) link() fails with "Operation not permitted" instead of "File exists" in your case, if the target file already exists. Something like: sudo -u vmail ln \ /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index \ /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmp - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOWOwHz1H7kL/d9rAQKT/wf/VceDCyJ+R2e4lo8ZKuAg7uIKrembrtEE D73wzQcqiAkmzUXf9IbjmpUGRgwFISN3C9vrImpWbBjYad+WdV4joTB0ECCKSYN/ IdFNlZ+GG87w8Wc/3e7aLInsp83fX4COvnwih2PRs7qGAJVn4MSnaCA5ClU3quFB s7CY2oj92x1kr/kOBidw/tLeKdhscP9u8k/Ih77oQaHyN45Lwa4jIcJRNvK4/o9u UEW74QZsC3Fs9MZttsJlsHgtNtUtv2P3AjkpZ1Dwzghu66sX3T1n3RFOKNIMhNe5 mtiOP67UtR6JV2/9YvTrOrjYn1wR/zrqJe/TSKyXttpV21ljI6H87Q== =DOx5 -----END PGP SIGNATURE----- From stephan at rename-it.nl Thu Feb 19 07:55:00 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 19 Feb 2015 08:55:00 +0100 Subject: Xi autobuilds restored Message-ID: <54E596D4.7050808@rename-it.nl> Hi, Xi had problems for more than a month now. I finally managed to access it yesterday, but it was a bit more broken than I anticipated. I had to re-install the whole system. It should now work as before. It is now Debian stable/amd64, so that is now also the master release, which is always built first. Regards, Stephan. From emanuel.evans at gmail.com Thu Feb 19 16:29:45 2015 From: emanuel.evans at gmail.com (Emanuel Evans) Date: Thu, 19 Feb 2015 08:29:45 -0800 Subject: Permissions problem with mdbox maildir References: Message-ID: Steffen Kaiser writes: > Could you try what happens, if you create the hardlink manually as the > vmail user _two_ times, if the first link() succeeds. Maybe: > > 1) hard links won't work on your encfs, > 2) link() fails with "Operation not permitted" instead of "File exists" in > your case, if the target file already exists. > > Something like: sudo -u vmail ln \ > /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index \ > /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmp It turns out (1) was the problem?encfs doesn't allow hard links in my configuration. I've set maildir_copy_with_hardlinks to no; hopefully that will resolve the issue. Thanks so much for your help! From sanvila at unex.es Thu Feb 19 21:34:07 2015 From: sanvila at unex.es (Santiago Vila) Date: Thu, 19 Feb 2015 22:34:07 +0100 (CET) Subject: Bug#776094: dovecot-imapd: corrupts mailbox after trying to retrieve it (fwd) In-Reply-To: References: Message-ID: On Sun, 15 Feb 2015, Timo Sirainen wrote: > On 14 Feb 2015, at 16:23, Santiago Vila wrote: > > > I wrote about this three weeks ago but got no answer. I'm going to > > officially "forward" the Debian bug this time, with all the details. > > > > The test case is just 840 bytes long. Please give it a try. [ Small correction: It's really 3873 bvtes long, uncompressed ]. > .. > > Package: dovecot-imapd > > Version: 1:2.2.13-11 > > Severity: serious > > I can't reproduce with latest Dovecot hg. In such case we would love to know what is the commit that fixed this, so that we can apply it to the 2.2.13 version in Debian. We have frozen the distribution as we are about to release jessie as Debian 8, so no new upstream releases are allowed anymore. > But just in case it's still not fixed, there are two important things: > > 1) Send your doveconf -n output, since there are some settings that can affect this Nothing special. The default configuration from the Debian package. The bug may be reproduced without touching any file in /etc at all. This is the result of "doveconf -n": # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.0 mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = " imap" ssl = no userdb { driver = passwd } > 2) rm -rf ~/mail/.imap/inbox-b before testing to make sure indexes don't cause this problem. Yes, I did that. In fact, I checked that this happens on a freshly installed virtual machine, i.e. no ~/mail/.imap at all. From juliand at aspedia.net Fri Feb 20 06:05:22 2015 From: juliand at aspedia.net (Julian De Marchi) Date: Fri, 20 Feb 2015 16:05:22 +1000 Subject: Dovecot Director Issue/Bug when host="" Message-ID: <54E6CEA2.1090403@aspedia.net> heya-- Been playing with dovecot today as I was learning about the features I haven't used yet like the director/proxy stuff. I setup a basic dovecot stack today which is 1 director and 1 IMAP dovecot server behind it. I have one user setup in MySQL and when I first changed from proxy mode to director mode I left the host column populated with the IMAP server. Once I confirmed this was working I then changed host to "" not NULL. When I then preformed my next check I got these errors(no details omitted as this is a test system): Feb 20 14:57:19 smtp-test dovecot: auth-worker(15423): Debug: sql(email3 at example.com,10.107.0.8): query: SELECT email as user, password, host, 'Y' AS proxy_maybe, 'user' AS master, 'password' AS pass, 'any-cert' AS 'ssl' FROM virtual_users WHERE email='email3 at example.com'; Feb 20 14:57:19 smtp-test dovecot: auth: Error: proxy(email3 at example.com,10.107.0.8,): DNS lookup for failed: Invalid input from dns-client Feb 20 14:57:19 smtp-test dovecot: auth: Error: close((null)) failed: Bad file descriptor When I changed the host data from "" to NULL all worked as expected. So the question is: is this a bug with the error output? It was kind of hard for me to diagnose at first without leaning on support in the freenode channel. This is very repeatable as it is a proper error, you can't resolve "". --julian From peljasz at yahoo.co.uk Fri Feb 20 07:53:46 2015 From: peljasz at yahoo.co.uk (lejeczek) Date: Fri, 20 Feb 2015 07:53:46 +0000 Subject: multiple ldap userdb and passdb In-Reply-To: References: <54E36645.3020700@yahoo.co.uk> <54E39849.7010100@localhost.localdomain.org> <54E43E6B.3030105@yahoo.co.uk> Message-ID: <54E6E80A.6040403@yahoo.co.uk> On 18/02/15 07:39, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 18 Feb 2015, lejeczek wrote: >> On 17/02/15 19:36, Pascal Volk wrote: >>> On 02/17/2015 04:03 PM, lejeczek wrote: >>>> hi everybody. >>>> >>>> I wonder if such a scenario is possible. >>>> if yes would I configure multiple passdb using ldap driver >>>> or within one clause set up multiple args? How would >>>> this work? >>> Did you read >>> http://wiki2.dovecot.org/Authentication/MultipleDatabases? >>> >> yes, and other different articles, but nowhere there was >> a setup with the same type/driver of database occurring >> more than once in the config discussed. >> I would have to look up to different DN that exist under >> different trees and I wonder how this can be achieved. > > different trees == different servers? same server different top level trees email client agent uses and passes user at FQDN What would be great is to find something to read "best practices" on devising threes maybe with mail servers in mind. > > Anyway: duplicate the ldap.conf file and use one file for > one passdb/userdb pair and the other one for a second pair. > > If both trees reside on the same server, you probably find > a filter to select them. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVORBtXz1H7kL/d9rAQL2iQgAknJOk5Bt4L9kqWqNFrVV0+ipumQCda4U > > w4JEHHM5qDfXIp7KW5aV8zdDCCgAirpx9v5myHtr73I3w3S3R7FQNy6ZKikJvD6w > > 3nD/TC8eZxWoVMm/6HlZLxvRl7qAyZQ2W3I/q7VTFhZsdCGeTdioHGLxiOusHTNr > > 8W/BWZSImsyqdtKEDlCdKLj0XdByCBZubbr4q5y4prWeXuXvHMKT1x44MIZxyqsA > > wvm9T93GJ2YNrV7ICGfFImaZwqNVmJ3B7SVi6iDTYxQITFnpDabiPmqUG/zPjqRk > > Hu/yec5ZDgOCEXee4bjHY+Ws2Az7a4ekPnsP6WoifOSoGy2v8DzEtg== > =dSdp > -----END PGP SIGNATURE----- > From skdovecot at smail.inf.fh-brs.de Fri Feb 20 14:00:34 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 20 Feb 2015 15:00:34 +0100 (CET) Subject: multiple ldap userdb and passdb In-Reply-To: <54E6E80A.6040403@yahoo.co.uk> References: <54E36645.3020700@yahoo.co.uk> <54E39849.7010100@localhost.localdomain.org> <54E43E6B.3030105@yahoo.co.uk> <54E6E80A.6040403@yahoo.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 20 Feb 2015, lejeczek wrote: > On 18/02/15 07:39, Steffen Kaiser wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Wed, 18 Feb 2015, lejeczek wrote: >>> On 17/02/15 19:36, Pascal Volk wrote: >>>> On 02/17/2015 04:03 PM, lejeczek wrote: >>>>> hi everybody. >>>>> >>>>> I wonder if such a scenario is possible. >>>>> if yes would I configure multiple passdb using ldap driver >>>>> or within one clause set up multiple args? How would this work? >>>> Did you read http://wiki2.dovecot.org/Authentication/MultipleDatabases? >>>> >>> yes, and other different articles, but nowhere there was a setup with the >>> same type/driver of database occurring more than once in the config >>> discussed. >>> I would have to look up to different DN that exist under different trees >>> and I wonder how this can be achieved. >> >> different trees == different servers? > same server different top level trees > email client agent uses and passes user at FQDN > What would be great is to find something to read "best practices" on devising > threes maybe with mail servers in mind. The server does not support the empty top level search base? >> >> Anyway: duplicate the ldap.conf file and use one file for one passdb/userdb >> pair and the other one for a second pair. >> >> If both trees reside on the same server, you probably find a filter to >> select them. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOc+Anz1H7kL/d9rAQLkCwf9G5se9p2A5svrt3EQTiGIKX/zs0VLbjhk 16GLgMzVt/gR5IwXPVcNJivnKY8Y1LkgbSUXfVAlTLjNYAaagGDn/5TdNzzi+FO1 BnHf47b9GfkU25Kut1zwyIfN1o07SO/ULGa8bzhTBMgypk8ru6JmNW7wKrUu8DjN bTnP8Y923WQPre+ksSjdl8YzaRjVEoZSPlb1gP0/DpWy16IBMn0XHOqB+xR5XGbb t0a1jNw27alQwq7GKqj9A9p3Ao9ctnhT71w/IxQFopNj03eRWoYhUpAHuHNXwQhU 0sV5bfCA22fixgIz3F2kwbsDiwYDz7zKE9EuZ5q9pXZYGiH9wt7iww== =y9s7 -----END PGP SIGNATURE----- From CMarcus at Media-Brokers.com Fri Feb 20 14:03:09 2015 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 20 Feb 2015 09:03:09 -0500 Subject: Bug#776094: dovecot-imapd: corrupts mailbox after trying to retrieve it (fwd) In-Reply-To: References: Message-ID: <54E73E9D.5040802@Media-Brokers.com> On 2/19/2015 4:34 PM, Santiago Vila wrote: > In such case we would love to know what is the commit that fixed this, > so that we can apply it to the 2.2.13 version in Debian. We have > frozen the distribution as we are about to release jessie as Debian 8, > so no new upstream releases are allowed anymore. I have NEVER understood the rationale for doing this for MINOR release. Major releases/updates, sure, I understand completely, but minor releases? It is far too much pain for far too little gain imnsho... From h.reindl at thelounge.net Fri Feb 20 14:15:23 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 20 Feb 2015 15:15:23 +0100 Subject: Bug#776094: dovecot-imapd: corrupts mailbox after trying to retrieve it (fwd) In-Reply-To: <54E73E9D.5040802@Media-Brokers.com> References: <54E73E9D.5040802@Media-Brokers.com> Message-ID: <54E7417B.8050406@thelounge.net> Am 20.02.2015 um 15:03 schrieb Charles Marcus: > On 2/19/2015 4:34 PM, Santiago Vila wrote: >> In such case we would love to know what is the commit that fixed this, >> so that we can apply it to the 2.2.13 version in Debian. We have >> frozen the distribution as we are about to release jessie as Debian 8, >> so no new upstream releases are allowed anymore. > > I have NEVER understood the rationale for doing this for MINOR release. > > Major releases/updates, sure, I understand completely, but minor > releases? It is far too much pain for far too little gain imnsho... that's a political decision to not break workarounds because someone removes a bug you worked around or even not break stupid software rely on the bahvior of bugs :-) and to make web-developers lifes harder because params in PHP which help to prepare upgrade to >= 5.4 and are present for many years in 5.3.x are not available on Debian systems -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From sanvila at unex.es Sat Feb 21 19:07:44 2015 From: sanvila at unex.es (Santiago Vila) Date: Sat, 21 Feb 2015 20:07:44 +0100 Subject: Bug#776094: dovecot-imapd: corrupts mailbox after trying to retrieve it (fwd) In-Reply-To: References: Message-ID: <20150221190744.GA8456@cantor.unex.es> On Sun, Feb 15, 2015 at 10:55:13AM +0200, Timo Sirainen wrote: > On 14 Feb 2015, at 16:23, Santiago Vila wrote: > > > I wrote about this three weeks ago but got no answer. I'm going to > > officially "forward" the Debian bug this time, with all the details. > > > > The test case is just 840 bytes long. Please give it a try. > .. > > Package: dovecot-imapd > > Version: 1:2.2.13-11 > > Severity: serious > > I can't reproduce with latest Dovecot hg. But just in case it's still not fixed, there are two important things: Would you please try with 2.2.15, which is the latest released version? I have just tested version 2.2.15 in Debian experimental, and I can still reproduce the bug. Thanks. From larryrtx at gmail.com Sun Feb 22 20:28:49 2015 From: larryrtx at gmail.com (Larry Rosenman) Date: Sun, 22 Feb 2015 14:28:49 -0600 Subject: Why doesn't index see my #ARCHIVE/ namespace? Message-ID: thebighonker.lerctr.org /home/ler $ doveadm -D -v index \#ARCHIVE/2015/01/INBOX doveadm(ler): Debug: Loading modules from directory: /usr/local/lib/dovecot doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/lib20_fts_plugin.so doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/lib21_fts_lucene_plugin.so doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/lib90_stats_plugin.so doveadm(ler): Debug: Loading modules from directory: /usr/local/lib/dovecot/doveadm doveadm(ler): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: Undefined symbol "acl_user_module" (this is usually intentional, so just ignore this message) doveadm(ler): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: Undefined symbol "expire_set_lookup" (this is usually intentional, so just ignore this message) doveadm(ler): Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so: Undefined symbol "quota_user_module" (this is usually intentional, so just ignore this message) doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so doveadm(ler): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so doveadm(ler): Debug: Effective uid=1002, gid=1002, home=/home/ler doveadm(ler): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:~/mail:INBOX=~/mail/INBOX doveadm(ler): Debug: fs: root=/home/ler/mail, index=, indexpvt=, control=, inbox=/home/ler/mail/INBOX, alt= doveadm(ler): Debug: Namespace archive: type=private, prefix=#ARCHIVE/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=mbox:~/MAILARCHIVE doveadm(ler): Debug: mbox: INBOX defaulted to /home/ler/MAILARCHIVE/inbox doveadm(ler): Debug: fs: root=/home/ler/MAILARCHIVE, index=, indexpvt=, control=, inbox=/home/ler/MAILARCHIVE/inbox, alt= doveadm(ler): Debug: Ignoring unknown cache field: pop3.order doveadm(ler): Debug: Ignoring unknown cache field: binary.parts doveadm(ler): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable doveadm(ler): Info: #ARCHIVE/2015/01/INBOX: Caching mails seq=3..3366 doveadm(ler): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable doveadm(ler): Error: lucene: Failed to sync mailbox INBOX: Mailbox isn't selectable 3364/3364 thebighonker.lerctr.org /home/ler $ thebighonker.lerctr.org /home/ler $ doveconf -n >/tmp/doveconf.out thebighonker.lerctr.org /home/ler $ cat /tmp/doveconf.out # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: FreeBSD 10.1-STABLE amd64 auth_default_realm = lerctr.org auth_mechanisms = plain login auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org auth_username_format = %Ln lda_mailbox_autocreate = yes lmtp_save_to_detail_mailbox = yes login_access_sockets = tcpwrap mail_attribute_dict = file:mail/.imap/dovecot-mail-attributes mail_debug = yes mail_location = mbox:~/mail:INBOX=~/mail/INBOX mail_plugins = fts fts_lucene stats mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate vacation-seconds editheader namespace archive { hidden = no inbox = no list = yes location = mbox:~/MAILARCHIVE prefix = "#ARCHIVE/" separator = / } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox INBOX { auto = create } mailbox Junk { special_use = \Junk } mailbox SENT { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = failure_show_msg=yes session=yes max_requests=20 driver = pam } plugin { fts = lucene fts_autoindex = yes fts_lucene = whitespace_chars=@. normalize no_snowball recipient_delimiter = + sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +editheader +vacation-seconds stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 5s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-client { mode = 0666 } unix_listener auth-master { mode = 0666 } } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0666 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } ssl_cert = Hello, I'm trying to configure the quota-status service, but it seems I'm not successful with my director setup (2.2.9). I activate the quota-status service like this on my director server: $ cat 91-quota-status.conf ## ## Quota-Status configuration. ## # Load Module quota-status and listen on TCP/IP Port for connections. service quota-status { ? executable = quota-status -p postfix ? inet_listener { ??? address = 10.0.1.44 ??? port = 12340 ? } ? client_limit = 1 } # Plugin configuration. # Return messages for requests by quota status: success, nouser and overquota. plugin { ? quota_status_success = DUNNO ? quota_status_nouser = DUNNO ? quota_status_overquota = "552 5.2.2 Mailbox is over quota" } After restarting the director service I try to query the quota status service: printf "recipient=user at domain.de\nsize=100000\n\n" | nc 10.0.1.44 12340 The output is: action=DEFER_IF_PERMIT Invalid user settings. Refer to server log for more information. In the debug log of the director I see this: Feb 23 03:03:09 director01 dovecot: auth: Debug: userdb out: USER 1 user at domain.de mail=mdbox:/mnt/data01/domain.de/user/maildir home=/mnt/data01/domain.de/user proxy=Y master= pass= uid=5000 gid=1 quota_rule=*:storage=60593 quota_rule2=*:messages=100000 Feb 23 03:03:09 director01 dovecot: quota-status(user at domain.de): Error: user user at domain.de: Initialization failed: Namespace '': mkdir(/mnt/data01/domain.de/user/maildir/mailboxes) failed: Permission denied (euid=5000(vmail) egid=1(daemon) missing +w perm: /mnt, dir owned by 0:0 mode=0755) So the quota status service tries to access the mailbox of the user ON THE DIRECTOR. But the director has not mounted the mailboxes of the users, that's what the backend dovecots are for (proxy=Y). So the quota-status query is not proxied to the dovecot backend server I would assume. Does that mean I have to start the quota-status service on the dovecot backend servers and access it from the Postfix server directly? Currently the Postfixes can only reach the directors, not the backend servers. Is it possible to use the quota-status service on the director? Thanks for any hints and help Michael From zackwag32 at gmail.com Mon Feb 23 07:37:13 2015 From: zackwag32 at gmail.com (=?UTF-8?B?0JjQstCw0L0g0JrQvtC70L7RgdC+0LI=?=) Date: Mon, 23 Feb 2015 11:37:13 +0400 Subject: Using Dovecot IMAPC to collect mail Message-ID: Hi list. I was looking at Dovecot's imapc feature for some time. I am aiming to use Dovecot with imapc as a kind of "store-and-forward" proxy. If I understand imapc correctly, there are two connections at work ? one between the client and Dovecot and one between Dovecot and backend. When the client asks Dovecot for mail, Dovecot will retrieve mail from the backend and then send it to the client. So the question is, is it possible to configure Dovecot with imapc in such a way that it would store the mail it passes to the client? Should I use mail filter plugin to do this? I am also quite confused about authentication in this setting. Let's assume we use 'plain' authentication mechanism, then what happens? I guess that the client just sends Dovecot its credentials, and Dovecot tries to authenticate with them at the backed, responding to the client accordingly. Is this true? Thanks. From zackwag32 at gmail.com Mon Feb 23 07:48:44 2015 From: zackwag32 at gmail.com (=?UTF-8?B?0JjQstCw0L0g0JrQvtC70L7RgdC+0LI=?=) Date: Mon, 23 Feb 2015 11:48:44 +0400 Subject: Using Dovecot IMAPC to collect mail In-Reply-To: References: Message-ID: Oh, and I'm asking about Dovecot version 2.2.15. From mellon85 at gmail.com Mon Feb 23 10:28:09 2015 From: mellon85 at gmail.com (Dario Meloni) Date: Mon, 23 Feb 2015 10:28:09 +0000 (UTC) Subject: Dovecot 2.1.7 random login fails References: Message-ID: On Wed, 18 Feb 2015 09:38:22 +0000, Dario Meloni wrote: >> did you've verified that the file exists and has a reasonable file >> size? > > The file in question is actually a unix socket that I guess is used to > refresh the SSL data from the main privileged process. > I don't know which process is actually logging the error, but the ssl- > params file is root owned and is readable and writable by everyone. No one has any idea why the ssl-param socket might not be working? I tried also different distributions (centos, ubuntu, debian) and the dovecot repositories (to try the latest stable, 2.2) and I routinely get that error. From david.scheele2 at googlemail.com Mon Feb 23 17:02:13 2015 From: david.scheele2 at googlemail.com (David Scheele) Date: Mon, 23 Feb 2015 18:02:13 +0100 Subject: "Temporary authentication failure" ? Cant connect with ldap user Message-ID: Hello there, first time writing. I'm relatively new to linux and have been tasked with setting up the following configuration: Debian Wheezy Server Postfix Dovecot OpenLDAP So, I set up the Server, installed and configured postfix, ldap and dovecot (in that order) and now simply try to log into the mail account with a used from the LDAP over telnet. The test looks like this: *|> telnet localhost 143* *| a bunch of stuff ending with:* *| OK [**] Dovecot ready.* *|> a login username userpassword* *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date here]* In the logs it says *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn cn=admin): Invalid credentials* But I KNOW the admin password I entered into the dovecot-lda.conf.ext is correct as I use it to log into the LDAP directory over jxplorer I also know the password for the user i try to log in with is correct as i set it myself over and over just to be sure there are no typos. I'm at a loss, I've been at this end for a few days now and can't find good tutorials online because its either always an old dovecot, postfix, ldap or debian version and somewhere in the middle it just stops because some file is completely missing. I get the impression I'm just not able-brained for linux useage. Anyway, here are a few more informations about the system: *Dovecot version 2.1.7* Output of grep -v '^ *\(#.*\)\?$' dovecot-sql.conf: *hosts = localhost* *dn = cn=admin* *dnpass = [password]* *sasl_bind = no* *tls = no* *auth_bind = yes* *ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password* Output of dovecot -n: *disable_plaintest_auth = no* *mail_location = mbox:~/mail:INBOX=/var/mail/%u* *[namespace config here]* *passdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver = ldap* *}* *plugin {* *sieve = ~/.dovecot.sieve* *sieve_dir = ~/sieve* *}* *protocols = " imap pop3"* *ssl_cert = References: Message-ID: <54EB5FE7.4060808@computerisms.ca> Hi, > *hosts = localhost* > *dn = cn=admin* > *dnpass = [password]* > *sasl_bind = no* > *tls = no* > *auth_bind = yes* Just a guess, but I don't see a matching auth_bind_userdn to go with this... > *ldap_version = 3* > *base = dc=[domainname],dc=de* > *user_attrs = uidNumber=uid,gidNumber=gid* > *user_filter = (&(objectClass=posixAccount)(uid=%u))* > *pass_attrs = uid=user,userPassword=password* From superinterstellar at gmail.com Mon Feb 23 17:14:31 2015 From: superinterstellar at gmail.com (Kevin Laurie) Date: Tue, 24 Feb 2015 01:14:31 +0800 Subject: indexing mails required? Message-ID: Hi, I just got solr working and would like to do FTS. Do I need to index? I have 20GB email account that is getting indexed using the following command(it seems to be taking a while):- doveadm index -u user at domain.net INBOX Is this common? Please advise Thanks Kevin From mihai at badici.ro Mon Feb 23 18:11:01 2015 From: mihai at badici.ro (Mihai Badici) Date: Mon, 23 Feb 2015 20:11:01 +0200 Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: <6117926.U18iD4Yk88@arhivio> On Monday 23 February 2015 18:02:13 David Scheele wrote: > Hello there, first time writing. > > I'm relatively new to linux and have been tasked with setting up the > following configuration: > Debian Wheezy Server > Postfix > Dovecot > OpenLDAP > I use this configuration for some time, I call it Machinet mailserver as a sort of dumb version of Kolab Mailserver. You can find a simple script here for installing all thing, is not finished but you can at least look at configuration files: http://mihai.badici.ro/linux/machinet/debian/ Some short info here: http://machinet.badici.ro/ > So, I set up the Server, installed and configured postfix, ldap and dovecot > (in that order) and now simply try to log into the mail account with a used > from the LDAP over telnet. > > The test looks like this: > > *|> telnet localhost 143* > *| a bunch of stuff ending with:* > *| OK [**] Dovecot ready.* > *|> a login username userpassword* > *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date > here]* > > In the logs it says > > *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn > cn=admin): Invalid credentials* > > But I KNOW the admin password I entered into the dovecot-lda.conf.ext is > correct as I use it to log into the LDAP directory over jxplorer > > I also know the password for the user i try to log in with is correct as i > set it myself over and over just to be sure there are no typos. > I'm at a loss, I've been at this end for a few days now and can't find good > tutorials online because its either always an old dovecot, postfix, ldap or > debian version and somewhere in the middle it just stops because some file > is completely missing. I get the impression I'm just not able-brained for > linux useage. > > Anyway, here are a few more informations about the system: > > *Dovecot version 2.1.7* > > Output of grep -v '^ *\(#.*\)\?$' dovecot-sql.conf: > > *hosts = localhost* > *dn = cn=admin* > *dnpass = [password]* > *sasl_bind = no* > *tls = no* > *auth_bind = yes* > *ldap_version = 3* > *base = dc=[domainname],dc=de* > *user_attrs = uidNumber=uid,gidNumber=gid* > *user_filter = (&(objectClass=posixAccount)(uid=%u))* > *pass_attrs = uid=user,userPassword=password* > > Output of dovecot -n: > > *disable_plaintest_auth = no* > *mail_location = mbox:~/mail:INBOX=/var/mail/%u* > *[namespace config here]* > > *passdb {* > *args = /etc/dovecot/dovecot-ldap.conf.ext* > *driver = ldap* > *}* > *plugin {* > *sieve = ~/.dovecot.sieve* > *sieve_dir = ~/sieve* > *}* > > *protocols = " imap pop3"* > *ssl_cert = *ssl_key = *userdb {* > *args = /etc/dovecot/dovecot-ldap.conf.ext* > *driver =ldap* > *}* > *protocol pop3 {* > *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* > *pop3_uidl_format = %08Xu%08Xv* > *}* > > Any help would be greatly apprechiated.... I'm going crazy over here. > > Thanks in advance, > David -- Mihai B?dici http://mihai.badici.ro From emanuel.evans at gmail.com Mon Feb 23 19:22:59 2015 From: emanuel.evans at gmail.com (Emanuel Evans) Date: Mon, 23 Feb 2015 11:22:59 -0800 Subject: Permissions problem with mdbox maildir References: Message-ID: Emanuel Evans writes: > Steffen Kaiser writes: > >> Could you try what happens, if you create the hardlink manually as the >> vmail user _two_ times, if the first link() succeeds. Maybe: >> >> 1) hard links won't work on your encfs, >> 2) link() fails with "Operation not permitted" instead of "File exists" in >> your case, if the target file already exists. >> >> Something like: sudo -u vmail ln \ >> /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index \ >> /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmp > > It turns out (1) was the problem?encfs doesn't allow hard links in my > configuration. I've set maildir_copy_with_hardlinks to no; hopefully > that will resolve the issue. Thanks so much for your help! Unfortunately, even with maildir_copy_with_hardlinks set to "no", the problem still seems to persist. So my question becomes: is there a way to prevent dovecot from using hardlinks in all circumstances? (If it isn't possible, I can change my encfs setup.) From marcelo.moises at staff.atmail.com Tue Feb 24 03:44:23 2015 From: marcelo.moises at staff.atmail.com (Marcelo) Date: Tue, 24 Feb 2015 13:44:23 +1000 Subject: [Dovecot] Sieve vacation not working In-Reply-To: Message-ID: <1424749463.5507.1.camel@staff.atmail.com> It only works without :addresses for me And even when getting this on confirmation the logs: Feb 24 09:03:52 localhost dovecot: lmtp(7895, a1 at dum.li): yeIlOfjN61TXHgAA0J78UA: sieve: msgid=<451bb443b8ad815c205a2cce07ac31aec0727c47 at vm-atmail7>: sent vacation response to It wasn't working. This did the trick on CentOS 7 though: alternatives --set mta /usr/sbin/sendmail.exim Cheers From skdovecot at smail.inf.fh-brs.de Tue Feb 24 07:05:41 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Feb 2015 08:05:41 +0100 (CET) Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 23 Feb 2015, David Scheele wrote: > So, I set up the Server, installed and configured postfix, ldap and dovecot > (in that order) and now simply try to log into the mail account with a used > from the LDAP over telnet. > > The test looks like this: > > *|> telnet localhost 143* > *| a bunch of stuff ending with:* > *| OK [**] Dovecot ready.* > *|> a login username userpassword* > *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date > here]* > > In the logs it says > > *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn > cn=admin): Invalid credentials* > > But I KNOW the admin password I entered into the dovecot-lda.conf.ext is > correct as I use it to log into the LDAP directory over jxplorer > > I also know the password for the user i try to log in with is correct as i > set it myself over and over just to be sure there are no typos. > I'm at a loss, I've been at this end for a few days now and can't find good > tutorials online because its either always an old dovecot, postfix, ldap or > debian version and somewhere in the middle it just stops because some file > is completely missing. I get the impression I'm just not able-brained for > linux useage. > > Anyway, here are a few more informations about the system: > > *Dovecot version 2.1.7* > > Output of grep -v '^ *\(#.*\)\?$' dovecot-sql.conf: ^^^^^^^^^^^^^^^^ > > *hosts = localhost* > *dn = cn=admin* > *dnpass = [password]* > *sasl_bind = no* > *tls = no* > *auth_bind = yes* > *ldap_version = 3* > *base = dc=[domainname],dc=de* > *user_attrs = uidNumber=uid,gidNumber=gid* > *user_filter = (&(objectClass=posixAccount)(uid=%u))* > *pass_attrs = uid=user,userPassword=password* > > Output of dovecot -n: > > *disable_plaintest_auth = no* > *mail_location = mbox:~/mail:INBOX=/var/mail/%u* > *[namespace config here]* > > *passdb {* > *args = /etc/dovecot/dovecot-ldap.conf.ext* ^^^^^^^^^^^^^^^^^^^^ filename mismatch > *driver = ldap* > *}* > *plugin {* > *sieve = ~/.dovecot.sieve* > *sieve_dir = ~/sieve* > *}* > > *protocols = " imap pop3"* > *ssl_cert = *ssl_key = *userdb {* > *args = /etc/dovecot/dovecot-ldap.conf.ext* > *driver =ldap* > *}* > *protocol pop3 {* > *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* > *pop3_uidl_format = %08Xu%08Xv* > *}* > > Any help would be greatly apprechiated.... I'm going crazy over here. > > Thanks in advance, > David > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== =8upy -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Tue Feb 24 07:07:38 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Feb 2015 08:07:38 +0100 (CET) Subject: Permissions problem with mdbox maildir In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 23 Feb 2015, Emanuel Evans wrote: > Emanuel Evans writes: > >> Steffen Kaiser writes: >> >>> Could you try what happens, if you create the hardlink manually as the >>> vmail user _two_ times, if the first link() succeeds. Maybe: >>> >>> 1) hard links won't work on your encfs, >>> 2) link() fails with "Operation not permitted" instead of "File exists" in >>> your case, if the target file already exists. >>> >>> Something like: sudo -u vmail ln \ >>> /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index \ >>> /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmp >> >> It turns out (1) was the problem?encfs doesn't allow hard links in my >> configuration. I've set maildir_copy_with_hardlinks to no; hopefully >> that will resolve the issue. Thanks so much for your help! > > Unfortunately, even with maildir_copy_with_hardlinks set to "no", the > problem still seems to persist. So my question becomes: is there a way > to prevent dovecot from using hardlinks in all circumstances? (If it I don't think so. > isn't possible, I can change my encfs setup.) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOwjOnz1H7kL/d9rAQILcQgAxA6L0gs2cPeYYrW0th8BVsU6GWs7NweS BkhZgawrAvgTxTFDna4hjG0CM57aWlDxvcGzHuVLg5Q35TijGJl+UY6OHY78v8dI dw+l2H2VQjtt2qw2tlStes2XHW3eCM+PWVz9KRYKfIZoof53kwpn16sGlDE9kde8 J5ndgXYl4ACiNZHxkjumTgX/jNg0NMADWGQZUZoPU9KEUS2MPnKC08M0BWvryiQV auOFK1ZVrrL3R9JKQ85E9yYYBfIWRFx/uY+vi7WZWlgPieaqsC3cxBYRriTVoW13 j1GflBwg6mwM0xF7kJ2iywLQzQHjCxnsrpqU+6X+sW7dfIhI5JNDhA== =txun -----END PGP SIGNATURE----- From david.scheele2 at googlemail.com Tue Feb 24 08:36:39 2015 From: david.scheele2 at googlemail.com (David Scheele) Date: Tue, 24 Feb 2015 09:36:39 +0100 Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: @Steffen Kaiser: Sorry I wrote that wrong. I did indeed *grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext* to get those results. @Bob Miller: And how would that look like? I added a auth_bind_userdn looking like this: *auth_bind_userdn = uid=%u,dc=[hostname],o=de* And restartet dovecot, no use. Any other ideas? Best, David 2015-02-24 8:05 GMT+01:00 Steffen Kaiser : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 23 Feb 2015, David Scheele wrote: > > So, I set up the Server, installed and configured postfix, ldap and >> dovecot >> (in that order) and now simply try to log into the mail account with a >> used >> from the LDAP over telnet. >> >> The test looks like this: >> >> *|> telnet localhost 143* >> *| a bunch of stuff ending with:* >> *| OK [**] Dovecot ready.* >> *|> a login username userpassword* >> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date >> here]* >> >> In the logs it says >> >> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn >> cn=admin): Invalid credentials* >> >> But I KNOW the admin password I entered into the dovecot-lda.conf.ext is >> correct as I use it to log into the LDAP directory over jxplorer >> >> I also know the password for the user i try to log in with is correct as i >> set it myself over and over just to be sure there are no typos. >> I'm at a loss, I've been at this end for a few days now and can't find >> good >> tutorials online because its either always an old dovecot, postfix, ldap >> or >> debian version and somewhere in the middle it just stops because some file >> is completely missing. I get the impression I'm just not able-brained for >> linux useage. >> >> Anyway, here are a few more informations about the system: >> >> *Dovecot version 2.1.7* >> >> Output of grep -v '^ *\(#.*\)\?$' dovecot-sql.conf: >> > ^^^^^^^^^^^^^^^^ > >> >> *hosts = localhost* >> *dn = cn=admin* >> *dnpass = [password]* >> *sasl_bind = no* >> *tls = no* >> *auth_bind = yes* >> *ldap_version = 3* >> *base = dc=[domainname],dc=de* >> *user_attrs = uidNumber=uid,gidNumber=gid* >> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >> *pass_attrs = uid=user,userPassword=password* >> >> Output of dovecot -n: >> >> *disable_plaintest_auth = no* >> *mail_location = mbox:~/mail:INBOX=/var/mail/%u* >> *[namespace config here]* >> >> *passdb {* >> *args = /etc/dovecot/dovecot-ldap.conf.ext* >> > ^^^^^^^^^^^^^^^^^^^^ > > filename mismatch > > *driver = ldap* >> *}* >> *plugin {* >> *sieve = ~/.dovecot.sieve* >> *sieve_dir = ~/sieve* >> *}* >> >> *protocols = " imap pop3"* >> *ssl_cert = > *ssl_key = > *userdb {* >> *args = /etc/dovecot/dovecot-ldap.conf.ext* >> *driver =ldap* >> *}* >> *protocol pop3 {* >> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* >> *pop3_uidl_format = %08Xu%08Xv* >> *}* >> >> Any help would be greatly apprechiated.... I'm going crazy over here. >> >> Thanks in advance, >> David >> >> > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 > 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ > okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl > Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi > k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J > wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== > =8upy > -----END PGP SIGNATURE----- > From skdovecot at smail.inf.fh-brs.de Tue Feb 24 09:02:51 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Feb 2015 10:02:51 +0100 (CET) Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 24 Feb 2015, David Scheele wrote: > 2015-02-24 8:05 GMT+01:00 Steffen Kaiser : >> On Mon, 23 Feb 2015, David Scheele wrote: >> >> So, I set up the Server, installed and configured postfix, ldap and >>> dovecot >>> (in that order) and now simply try to log into the mail account with a >>> used >>> from the LDAP over telnet. >>> >>> The test looks like this: >>> >>> *|> telnet localhost 143* >>> *| a bunch of stuff ending with:* >>> *| OK [**] Dovecot ready.* >>> *|> a login username userpassword* >>> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date >>> here]* >>> >>> In the logs it says >>> >>> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn >>> cn=admin): Invalid credentials* >>> >>> But I KNOW the admin password I entered into the dovecot-lda.conf.ext is >>> correct as I use it to log into the LDAP directory over jxplorer >>> >>> I also know the password for the user i try to log in with is correct as i >>> set it myself over and over just to be sure there are no typos. >>> I'm at a loss, I've been at this end for a few days now and can't find >>> good >>> tutorials online because its either always an old dovecot, postfix, ldap >>> or >>> debian version and somewhere in the middle it just stops because some file >>> is completely missing. I get the impression I'm just not able-brained for >>> linux useage. >>> >>> Anyway, here are a few more informations about the system: >>> >>> *Dovecot version 2.1.7* >>> >>> Output of grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext: >>> *hosts = localhost* >>> *dn = cn=admin* >>> *dnpass = [password]* install the ldap-utils package - that one containing ldapsearch - and execute: ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \ '(&(objectClass=posixAccount)(uid=<>))' then enter your password. 1) I suppose, cn=admin is missing a domain name, e.g. dc=[domainname],dc=de . 2) does your dnpass contain "funny" characters? >>> *sasl_bind = no* >>> *tls = no* >>> *auth_bind = yes* >>> *ldap_version = 3* >>> *base = dc=[domainname],dc=de* >>> *user_attrs = uidNumber=uid,gidNumber=gid* >>> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >>> *pass_attrs = uid=user,userPassword=password* BTW: You do not habe no pass_filter or I deleted it last time. >>> >>> Output of dovecot -n: >>> >>> *disable_plaintest_auth = no* >>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u* >>> *[namespace config here]* >>> >>> *passdb {* >>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>> >> ^^^^^^^^^^^^^^^^^^^^ >> >> filename mismatch >> >> *driver = ldap* >>> *}* >>> *plugin {* >>> *sieve = ~/.dovecot.sieve* >>> *sieve_dir = ~/sieve* >>> *}* >>> >>> *protocols = " imap pop3"* >>> *ssl_cert = >> *ssl_key = >> *userdb {* >>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>> *driver =ldap* >>> *}* >>> *protocol pop3 {* >>> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* >>> *pop3_uidl_format = %08Xu%08Xv* >>> *}* >>> >>> Any help would be greatly apprechiated.... I'm going crazy over here. >>> >>> Thanks in advance, >>> David >>> >>> >> - -- Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 >> 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ >> okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl >> Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi >> k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J >> wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== >> =8upy >> -----END PGP SIGNATURE----- >> > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== =W7kX -----END PGP SIGNATURE----- From thomas.hofmann at post.ch Tue Feb 24 09:02:22 2015 From: thomas.hofmann at post.ch (thomas.hofmann at post.ch) Date: Tue, 24 Feb 2015 09:02:22 +0000 Subject: Dovecot 2.2.15, Panic: array.h: line 197 (array_idx_i): assertion failed: (idx * array->element_size < array->buffer->used) Message-ID: <7175FBD8FD977B44AD1A48A3D7AB46A207E7460D@HXMB14.pnet.ch> Hi all Version: 2.2.15 OS: SLES11 SP3 x86_64 Problem with replication for some users: Log Server 1: Feb 24 09:29:42 v063ik dovecot: dsync-local(user at domain.com): Error: read(v063il.pnet.ch) failed: Log Server 2: Feb 24 09:29:42 v063il dovecot: dsync-server(user at domain.com): Panic: file ../../../src/lib/array.h: line 197 (array_idx_i): assertion failed: (idx * array->element_size < array->buffer->used) Feb 24 09:29:42 v063il dovecot: dsync-server(user at domain.com): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x75f63) [0x7fac77eeaf63] -> /usr/lib64/dovecot/libdovecot.so.0(+0x75ff6) [0x7fac77eeaff6] -> /usr/lib64/dovecot/libdovecot.so.0(+0x27595) [0x7fac77e9c595] -> /usr/lib64/dovecot/modules/lib01_acl_plugin.so(+0x71ba) [0x7fac772c41ba] -> /usr/lib64/dovecot/modules/lib01_acl_plugin.so(acl_attribute_iter_next+0x64) [0x7fac772c5bb4] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0xb11ca) [0x7fac782071ca] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_storage_mailbox_delete_pre+0xd8) [0x7fac782074a8] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_storage_mailbox_delete+0x9) [0x7fac782075a9] -> /usr/lib64/dovecot/modules/lib15_notify_plugin.so(+0x2080) [0x7fac76eaa080] -> /usr/lib64/dovecot/modules/lib01_acl_plugin.so(+0xea66) [0x7fac772cba66] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_delete+0x2f) [0x7fac781db70f] -> dovecot/doveadm-server [10.1.100.49 user at domain.com recv_mailbox_tree_deletes](dsync_brain_mailbox_tree_sync_change+0x319) [0x7fac786b6249] -> dovecot/doveadm-server [10.1.100.49 user at domain.com recv_mailbox_tree_deletes](dsync_brain_recv_mailbox_tree_deletes+0x212) [0x7fac786b54d2] -> dovecot/doveadm-server [10.1.100.49 user at domain.com recv_mailbox_tree_deletes](dsync_brain_run+0x5eb) [0x7fac786b28db] -> dovecot/doveadm-server [10.1.100.49 user at domain.com recv_mailbox_tree_deletes](+0x1ef7d) [0x7fac786b2f7d] -> dovecot/doveadm-server [10.1.100.49 user at domain.com recv_mailbox_tree_deletes](+0x3203f) [0x7fac786c603f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x7fac77efcc29] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xb4) [0x7fac77efde24] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7fac77efccc9] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fac77efcd58] -> dovecot/doveadm-server [10.1.100.49 user at domain.com recv_mailbox_tree_deletes](+0x104c0) [0x7fac786a44c0] -> dovecot/doveadm-server [10.1.100.49 user at domain.com recv_mailbox_tree_deletes](+0x135c3) [0x7fac786a75c3] -> dovecot/doveadm-server [10.1.100.49 user at domain.com recv_mailbox_tree_deletes](+0x1d3d2) [0x7fac786b13d2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x7fac77efcc29] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xb4) [0x7fac77efde24] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7fac77efccc9] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fac77efcd58] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fac77ea14d3] Feb 24 09:29:42 v063il dovecot: dsync-server(user at domain.com): Fatal: master: service(doveadm): child 12663 killed with signal 6 (core dumped) Backtrace of core dump of server 2: v063il:/usr/lib64/dovecot # gdb /usr/lib/dovecot/doveadm-server /data/vmail/epost.ch/1003539/core GNU gdb (GDB) SUSE (7.5.1-0.7.29) Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-suse-linux". For bug reporting instructions, please see: ... Reading symbols from /usr/lib/dovecot/doveadm-server...done. [New LWP 12509] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Missing separate debuginfo for /lib64/libbz2.so.1 Try: zypper install -C "debuginfo(build-id)=9d16aacb0b213c6ff10b2f162549f2cefee24697" Missing separate debuginfo for /lib64/libgcc_s.so.1 Try: zypper install -C "debuginfo(build-id)=3b149eccd897f1f37dce50ad22614043eba757a2" Core was generated by `dovecot/doveadm-server'. Program terminated with signal 6, Aborted. #0 0x00007fe4cc640885 in *__GI_raise (sig=) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt full #0 0x00007fe4cc640885 in *__GI_raise (sig=) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 pid = selftid = #1 0x00007fe4cc641e61 in *__GI_abort () at abort.c:92 act = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {140620662524321, 32, 4294967295, 33, 140620662296361, 140620658199328, 140620670309600, 206158430224, 4294967295, 140736446740304, 157882997, 2994704, 140620661813248, 4294967295, 33, 0}}, sa_flags = -856089480, sa_restorer = 0x7fe400000001} sigs = {__val = {32, 0 }} #2 0x00007fe4cc9fcf82 in default_fatal_finish (type=, status=0) at failures.c:202 backtrace = 0x7fe4cee02c90 "/usr/lib64/dovecot/libdovecot.so.0(+0x75f63) [0x7fe4cc9fcf63] -> /usr/lib64/dovecot/libdovecot.so.0(+0x75ff6) [0x7fe4cc9fcff6] -> /usr/lib64/dovecot/libdovecot.so.0(+0x27595) [0x7fe4cc9ae595] -> /usr/"... #3 0x00007fe4cc9fcff6 in i_internal_fatal_handler (ctx=0x7fffc1ea3890, format=, args=) at failures.c:666 status = 0 #4 0x00007fe4cc9ae595 in i_panic (format=) at failures.c:276 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0, timestamp_usecs = 0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffc1ea3970, reg_save_area = 0x7fffc1ea38b0}} #5 0x00007fe4cbdd61ba in array_idx_i (idx=, array=) at ../../../src/lib/array.h:197 __FUNCTION__ = "array_idx_i" #6 acl_default_object_list_next (iter=, rights_r=) at acl-api.c:216 No locals. #7 0x00007fe4cbdd7bb4 in acl_attribute_iter_next_acl (aiter=) at acl-attributes.c:193 No locals. #8 acl_attribute_iter_next (iter=0x7fe4cede87f0) at acl-attributes.c:219 key = 0x0 #9 0x00007fe4ccd191ca in mailbox_delete_all_attributes (t=0x7fe4ceddbf80, type=MAIL_ATTRIBUTE_TYPE_SHARED) at index-storage.c:632 iter = 0x7fe4cede87f0 key = ret = 0 #10 0x00007fe4ccd194a8 in mailbox_expunge_all_data (box=) at index-storage.c:670 No locals. #11 index_storage_mailbox_delete_pre (box=0x7fe4cede5cb0) at index-storage.c:707 status = {messages = 3435634784, recent = 32740, unseen = 3470679216, uidvalidity = 32740, uidnext = 3470679216, first_unseen_seq = 32740, first_recent_uid = 1, last_cached_seq = 0, highest_modseq = 140620699884664, highest_pvt_modseq = 140620668173509, keywords = 0x0, permanent_flags = MAIL_FLAGGED, permanent_keywords = 0, allow_new_keywords = 0, nonpermanent_modseqs = 0, no_modseq_tracking = 0, have_guids = 0, have_save_guids = 0, have_only_guid128 = 0} #12 0x00007fe4ccd195a9 in index_storage_mailbox_delete (box=0x30dd) at index-storage.c:764 ret = #13 0x00007fe4cb9bc080 in notify_mailbox_delete (box=0x7fe4cede5cb0) at notify-storage.c:231 lbox = 0x7fe4cede65f0 #14 0x00007fe4cbddda66 in acl_mailbox_delete (box=0x7fe4cede5cb0) at acl-mailbox.c:190 ret = 0 #15 0x00007fe4ccced70f in mailbox_delete (box=0x7fe4cede5cb0) at mail-storage.c:1357 ret = #16 0x00007fe4cd1c8249 in dsync_brain_mailbox_tree_sync_change (brain=0x7fe4cedbc7d0, change=0x7fe4cedd5c60) at dsync-brain-mailbox-tree-sync.c:182 box = 0x7fe4cede5cb0 destbox = errstr = func_name = 0x7fe4cd1dedf5 "mailbox_delete" storage_name = error = ret = 1 __FUNCTION__ = "dsync_brain_mailbox_tree_sync_change" #17 0x00007fe4cd1c74d2 in dsync_brain_mailbox_trees_sync (brain=) at dsync-brain-mailbox-tree.c:295 No locals. #18 dsync_brain_recv_mailbox_tree_deletes (brain=0x7fe4cedbc7d0) at dsync-brain-mailbox-tree.c:471 node = 0x0 status = 0x7fe4cd1de985 "not found" deletes = 0x7fe4cedc32b0 i = 30 count = 30 sep = __FUNCTION__ = "dsync_brain_recv_mailbox_tree_deletes" #19 0x00007fe4cd1c48db in dsync_brain_run_real (changed_r=, brain=) at dsync-brain.c:568 No locals. #20 dsync_brain_run (brain=0x7fe4cedbc7d0, changed_r=0x7fffc1ea3d5f) at dsync-brain.c:608 _data_stack_cur_id = 5 ret = true #21 0x00007fe4cd1c4f7d in dsync_brain_run_io (context=) at dsync-brain.c:89 brain = 0x7fe4cedbc7d0 changed = false try_pending = true #22 0x00007fe4cd1d803f in dsync_ibc_stream_input (ibc=0x7fe4cedba7b0) at dsync-ibc-stream.c:199 No locals. #23 0x00007fe4cca0ec29 in io_loop_call_io (io=0x7fe4cedba660) at ioloop.c:498 ioloop = 0x7fe4ced58110 t_id = 4 __FUNCTION__ = "io_loop_call_io" #24 0x00007fe4cca0fe24 in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 ctx = 0x7fe4ceda5920 event = 0x7fe4ceda5a60 list = 0x7fe4cedba640 io = 0x30dd tv = {tv_sec = 59, tv_usec = 997329} msecs = ret = call = false __FUNCTION__ = "io_loop_handler_run_internal" #25 0x00007fe4cca0ecc9 in io_loop_handler_run (ioloop=0x30dd) at ioloop.c:545 No locals. #26 0x00007fe4cca0ed58 in io_loop_run (ioloop=0x7fe4ced58110) at ioloop.c:522 __FUNCTION__ = "io_loop_run" #27 0x00007fe4cd1b64c0 in cmd_dsync_server_run (_ctx=0x7fe4ceda4310, user=0x7fe4cedb0d60) at doveadm-dsync.c:1043 ibc = 0x7fe4cedba7b0 brain = 0x7fe4cedbc7d0 temp_prefix = state_str = 0x0 sync_type = name = 0x7fe4ced7c730 "SSL 10.1.100.49" process_title_prefix = 0x7fe4ced46da8 "10.1.100.49 " #28 0x00007fe4cd1b95c3 in doveadm_mail_next_user (ctx=0x7fe4ceda4310, input=, error_r=0x7fffc1ea3f00) at doveadm-mail.c:314 error = ip = ret = 0 __FUNCTION__ = "doveadm_mail_next_user" #29 0x00007fe4cd1c33d2 in doveadm_mail_cmd_server_run (input=, ctx=, conn=) at client-connection.c:123 No locals. #30 client_handle_command (args=, conn=) at client-connection.c:232 ctx = 0x7fe4ceda4310 flags = cmd_name = input = {module = 0x0, service = 0x7fe4cd1db44b "doveadm", username = 0x7fe4ced44679 "user at domain.com", session_id = 0x0, local_ip = {family = 2, u = { ip6 = {__in6_u = {__u6_addr8 = "\n\001d2", '\000' , __u6_addr16 = {266, 12900, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {845414666, 0, 0, 0}}}, ip4 = {s_addr = 845414666}}}, remote_ip = {family = 2, u = {ip6 = {__in6_u = {__u6_addr8 = "\n\001d1", '\000' , __u6_addr16 = {266, 12644, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {828637450, 0, 0, 0}}}, ip4 = {s_addr = 828637450}}}, local_port = 24042, remote_port = 43404, userdb_fields = 0x0, flags_override_add = (unknown: 0), flags_override_remove = (unknown: 0), no_userdb_lookup = 0} argc = #31 client_connection_input (conn=0x7fe4ced77dd0) at client-connection.c:345 args = _data_stack_cur_id = 3 line = ok = #32 0x00007fe4cca0ec29 in io_loop_call_io (io=0x7fe4ced76d80) at ioloop.c:498 ioloop = 0x7fe4ced4b730 t_id = 2 __FUNCTION__ = "io_loop_call_io" #33 0x00007fe4cca0fe24 in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 ctx = 0x7fe4ced57f80 event = 0x7fe4ced50f10 list = 0x7fe4ced76de0 io = 0x30dd tv = {tv_sec = 2147483, tv_usec = 0} msecs = ret = call = false __FUNCTION__ = "io_loop_handler_run_internal" #34 0x00007fe4cca0ecc9 in io_loop_handler_run (ioloop=0x30dd) at ioloop.c:545 No locals. #35 0x00007fe4cca0ed58 in io_loop_run (ioloop=0x7fe4ced4b730) at ioloop.c:522 __FUNCTION__ = "io_loop_run" #36 0x00007fe4cc9b34d3 in master_service_run (service=0x7fe4ced4b5c0, callback=0x30dd) at master-service.c:566 No locals. #37 0x00007fe4cd1c3bbb in main (argc=1, argv=0x7fe4ced4b390) at main.c:92 set_roots = {0x7fe4cd3e8cc0 , 0x0} error = 0x7fe4cd1b60b0 <_start> "1\355I\211\321^H\211\342H\203\344\360PTL\213\005*.#" (gdb) Thanks for help. Thom From david.scheele2 at googlemail.com Tue Feb 24 09:23:14 2015 From: david.scheele2 at googlemail.com (David Scheele) Date: Tue, 24 Feb 2015 10:23:14 +0100 Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: The ldap-utils were already installed. I did the ldapsearch you gave me, but after inputting my admin password it gives me *ldap_bind: Invalid credentials (49)* I logged into the ldap server with my admin credentials (which worked fine) and changed my password to '12345', Trying that, still *Invalid credentials* . 1.) I tried that already. The error switches to syntax error then. 2.) Not really. An upper case letter and a number + various lowercase letters. Not very exotic. Is the pass_filter neccessary? I just wanted to make the installation as basic as possible, to not get any unwanted errors. Best, David 2015-02-24 10:02 GMT+01:00 Steffen Kaiser : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 24 Feb 2015, David Scheele wrote: > >> 2015-02-24 8:05 GMT+01:00 Steffen Kaiser : >> >>> On Mon, 23 Feb 2015, David Scheele wrote: >>> >>> So, I set up the Server, installed and configured postfix, ldap and >>> >>>> dovecot >>>> (in that order) and now simply try to log into the mail account with a >>>> used >>>> from the LDAP over telnet. >>>> >>>> The test looks like this: >>>> >>>> *|> telnet localhost 143* >>>> *| a bunch of stuff ending with:* >>>> *| OK [**] Dovecot ready.* >>>> *|> a login username userpassword* >>>> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date >>>> here]* >>>> >>>> In the logs it says >>>> >>>> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn >>>> cn=admin): Invalid credentials* >>>> >>>> But I KNOW the admin password I entered into the dovecot-lda.conf.ext is >>>> correct as I use it to log into the LDAP directory over jxplorer >>>> >>>> I also know the password for the user i try to log in with is correct >>>> as i >>>> set it myself over and over just to be sure there are no typos. >>>> I'm at a loss, I've been at this end for a few days now and can't find >>>> good >>>> tutorials online because its either always an old dovecot, postfix, ldap >>>> or >>>> debian version and somewhere in the middle it just stops because some >>>> file >>>> is completely missing. I get the impression I'm just not able-brained >>>> for >>>> linux useage. >>>> >>>> Anyway, here are a few more informations about the system: >>>> >>>> *Dovecot version 2.1.7* >>>> >>>> Output of grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext: >>>> *hosts = localhost* >>>> *dn = cn=admin* >>>> *dnpass = [password]* >>>> >>> > install the ldap-utils package - that one containing ldapsearch - and > execute: > > ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \ > '(&(objectClass=posixAccount)(uid=<>))' > > then enter your password. > > 1) I suppose, cn=admin is missing a domain name, e.g. > dc=[domainname],dc=de . > > 2) does your dnpass contain "funny" characters? > > *sasl_bind = no* >>>> *tls = no* >>>> *auth_bind = yes* >>>> *ldap_version = 3* >>>> *base = dc=[domainname],dc=de* >>>> *user_attrs = uidNumber=uid,gidNumber=gid* >>>> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >>>> *pass_attrs = uid=user,userPassword=password* >>>> >>> > BTW: You do not habe no pass_filter or I deleted it last time. > > > >>>> Output of dovecot -n: >>>> >>>> *disable_plaintest_auth = no* >>>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u* >>>> *[namespace config here]* >>>> >>>> *passdb {* >>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>> >>>> ^^^^^^^^^^^^^^^^^^^^ >>> >>> filename mismatch >>> >>> *driver = ldap* >>> >>>> *}* >>>> *plugin {* >>>> *sieve = ~/.dovecot.sieve* >>>> *sieve_dir = ~/sieve* >>>> *}* >>>> >>>> *protocols = " imap pop3"* >>>> *ssl_cert = >>> *ssl_key = >>> *userdb {* >>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>> *driver =ldap* >>>> *}* >>>> *protocol pop3 {* >>>> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* >>>> *pop3_uidl_format = %08Xu%08Xv* >>>> *}* >>>> >>>> Any help would be greatly apprechiated.... I'm going crazy over here. >>>> >>>> Thanks in advance, >>>> David >>>> >>>> >>>> - -- Steffen Kaiser >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1 >>> >>> iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 >>> 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ >>> okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl >>> Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi >>> k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J >>> wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== >>> =8upy >>> -----END PGP SIGNATURE----- >>> >>> >> > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt > /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe > QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 > 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs > wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO > bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== > =W7kX > -----END PGP SIGNATURE----- > From mihai at badici.ro Tue Feb 24 09:30:11 2015 From: mihai at badici.ro (Mihai Badici) Date: Tue, 24 Feb 2015 11:30:11 +0200 Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: <1679828.TbQp35xDLC@arhivio> On Tuesday 24 February 2015 10:23:14 David Scheele wrote: > The ldap-utils were already installed. > I did the ldapsearch you gave me, but after inputting my admin password it > gives me > *ldap_bind: Invalid credentials (49)* > I logged into the ldap server with my admin credentials (which worked fine) > and changed my password to '12345', Trying that, still *Invalid credentials* > . > > 1.) I tried that already. The error switches to syntax error then. > 2.) Not really. An upper case letter and a number + various lowercase > letters. Not very exotic. > > Is the pass_filter neccessary? I just wanted to make the installation as > basic as possible, to not get any unwanted errors. > > Best, > David > You can compare the querry performed by ldapsearch versus the one performed by your ldap frontend by looking in openldap log ( /var/log/debug ? ) Should be the dn pf the admin user, maybe isn't cn=admin but cn=admin,dc=mydomain . From skdovecot at smail.inf.fh-brs.de Tue Feb 24 09:42:16 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Feb 2015 10:42:16 +0100 (CET) Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 24 Feb 2015, David Scheele wrote: > > The ldap-utils were already installed. > I did the ldapsearch you gave me, but after inputting my admin password it > gives me > *ldap_bind: Invalid credentials (49)* > I logged into the ldap server with my admin credentials (which worked fine) > and changed my password to '12345', Trying that, still *Invalid credentials* > . Oh forgot: ldapsearch -x .. Also try: ldapsearch -x cn=admin to get the full DN of the admin > 1.) I tried that already. The error switches to syntax error then. > 2.) Not really. An upper case letter and a number + various lowercase > letters. Not very exotic. > > Is the pass_filter neccessary? I just wanted to make the installation as > basic as possible, to not get any unwanted errors. > > Best, > David > > 2015-02-24 10:02 GMT+01:00 Steffen Kaiser : > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Tue, 24 Feb 2015, David Scheele wrote: >> >>> 2015-02-24 8:05 GMT+01:00 Steffen Kaiser : >>> >>>> On Mon, 23 Feb 2015, David Scheele wrote: >>>> >>>> So, I set up the Server, installed and configured postfix, ldap and >>>> >>>>> dovecot >>>>> (in that order) and now simply try to log into the mail account with a >>>>> used >>>>> from the LDAP over telnet. >>>>> >>>>> The test looks like this: >>>>> >>>>> *|> telnet localhost 143* >>>>> *| a bunch of stuff ending with:* >>>>> *| OK [**] Dovecot ready.* >>>>> *|> a login username userpassword* >>>>> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date >>>>> here]* >>>>> >>>>> In the logs it says >>>>> >>>>> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn >>>>> cn=admin): Invalid credentials* >>>>> >>>>> But I KNOW the admin password I entered into the dovecot-lda.conf.ext is >>>>> correct as I use it to log into the LDAP directory over jxplorer >>>>> >>>>> I also know the password for the user i try to log in with is correct >>>>> as i >>>>> set it myself over and over just to be sure there are no typos. >>>>> I'm at a loss, I've been at this end for a few days now and can't find >>>>> good >>>>> tutorials online because its either always an old dovecot, postfix, ldap >>>>> or >>>>> debian version and somewhere in the middle it just stops because some >>>>> file >>>>> is completely missing. I get the impression I'm just not able-brained >>>>> for >>>>> linux useage. >>>>> >>>>> Anyway, here are a few more informations about the system: >>>>> >>>>> *Dovecot version 2.1.7* >>>>> >>>>> Output of grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext: >>>>> *hosts = localhost* >>>>> *dn = cn=admin* >>>>> *dnpass = [password]* >>>>> >>>> >> install the ldap-utils package - that one containing ldapsearch - and >> execute: >> >> ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \ >> '(&(objectClass=posixAccount)(uid=<>))' >> >> then enter your password. >> >> 1) I suppose, cn=admin is missing a domain name, e.g. >> dc=[domainname],dc=de . >> >> 2) does your dnpass contain "funny" characters? >> >> *sasl_bind = no* >>>>> *tls = no* >>>>> *auth_bind = yes* >>>>> *ldap_version = 3* >>>>> *base = dc=[domainname],dc=de* >>>>> *user_attrs = uidNumber=uid,gidNumber=gid* >>>>> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >>>>> *pass_attrs = uid=user,userPassword=password* >>>>> >>>> >> BTW: You do not habe no pass_filter or I deleted it last time. >> >> >> >>>>> Output of dovecot -n: >>>>> >>>>> *disable_plaintest_auth = no* >>>>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u* >>>>> *[namespace config here]* >>>>> >>>>> *passdb {* >>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>>> >>>>> ^^^^^^^^^^^^^^^^^^^^ >>>> >>>> filename mismatch >>>> >>>> *driver = ldap* >>>> >>>>> *}* >>>>> *plugin {* >>>>> *sieve = ~/.dovecot.sieve* >>>>> *sieve_dir = ~/sieve* >>>>> *}* >>>>> >>>>> *protocols = " imap pop3"* >>>>> *ssl_cert = >>>> *ssl_key = >>>> *userdb {* >>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>>> *driver =ldap* >>>>> *}* >>>>> *protocol pop3 {* >>>>> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* >>>>> *pop3_uidl_format = %08Xu%08Xv* >>>>> *}* >>>>> >>>>> Any help would be greatly apprechiated.... I'm going crazy over here. >>>>> >>>>> Thanks in advance, >>>>> David >>>>> >>>>> >>>>> - -- Steffen Kaiser >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1 >>>> >>>> iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 >>>> 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ >>>> okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl >>>> Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi >>>> k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J >>>> wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== >>>> =8upy >>>> -----END PGP SIGNATURE----- >>>> >>>> >>> >> - -- Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt >> /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe >> QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 >> 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs >> wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO >> bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== >> =W7kX >> -----END PGP SIGNATURE----- >> > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw== =pJnh -----END PGP SIGNATURE----- From david.scheele2 at googlemail.com Tue Feb 24 09:51:44 2015 From: david.scheele2 at googlemail.com (David Scheele) Date: Tue, 24 Feb 2015 10:51:44 +0100 Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: Hmm... *ldapsearch -x cn=admin* gives me: | # A bunch of information not really interesting | # search result | search: 2 | result: 32 No such object | | numResponses: 1 *ldapsearch -x cn=admin* gives the same. Did i configure the ldap wrong? 2015-02-24 10:42 GMT+01:00 Steffen Kaiser : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 24 Feb 2015, David Scheele wrote: > > >> The ldap-utils were already installed. >> I did the ldapsearch you gave me, but after inputting my admin password it >> gives me >> *ldap_bind: Invalid credentials (49)* >> I logged into the ldap server with my admin credentials (which worked >> fine) >> and changed my password to '12345', Trying that, still *Invalid >> credentials* >> . >> > > Oh forgot: > > ldapsearch -x .. > > Also try: > > ldapsearch -x cn=admin > > > to get the full DN of the admin > > > 1.) I tried that already. The error switches to syntax error then. >> 2.) Not really. An upper case letter and a number + various lowercase >> letters. Not very exotic. >> >> Is the pass_filter neccessary? I just wanted to make the installation as >> basic as possible, to not get any unwanted errors. >> >> Best, >> David >> >> 2015-02-24 10:02 GMT+01:00 Steffen Kaiser > >: >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On Tue, 24 Feb 2015, David Scheele wrote: >>> >>> 2015-02-24 8:05 GMT+01:00 Steffen Kaiser >>> >: >>>> >>>> On Mon, 23 Feb 2015, David Scheele wrote: >>>>> >>>>> So, I set up the Server, installed and configured postfix, ldap and >>>>> >>>>> dovecot >>>>>> (in that order) and now simply try to log into the mail account with a >>>>>> used >>>>>> from the LDAP over telnet. >>>>>> >>>>>> The test looks like this: >>>>>> >>>>>> *|> telnet localhost 143* >>>>>> *| a bunch of stuff ending with:* >>>>>> *| OK [**] Dovecot ready.* >>>>>> *|> a login username userpassword* >>>>>> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date >>>>>> here]* >>>>>> >>>>>> In the logs it says >>>>>> >>>>>> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn >>>>>> cn=admin): Invalid credentials* >>>>>> >>>>>> But I KNOW the admin password I entered into the dovecot-lda.conf.ext >>>>>> is >>>>>> correct as I use it to log into the LDAP directory over jxplorer >>>>>> >>>>>> I also know the password for the user i try to log in with is correct >>>>>> as i >>>>>> set it myself over and over just to be sure there are no typos. >>>>>> I'm at a loss, I've been at this end for a few days now and can't find >>>>>> good >>>>>> tutorials online because its either always an old dovecot, postfix, >>>>>> ldap >>>>>> or >>>>>> debian version and somewhere in the middle it just stops because some >>>>>> file >>>>>> is completely missing. I get the impression I'm just not able-brained >>>>>> for >>>>>> linux useage. >>>>>> >>>>>> Anyway, here are a few more informations about the system: >>>>>> >>>>>> *Dovecot version 2.1.7* >>>>>> >>>>>> Output of grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext: >>>>>> *hosts = localhost* >>>>>> *dn = cn=admin* >>>>>> *dnpass = [password]* >>>>>> >>>>>> >>>>> install the ldap-utils package - that one containing ldapsearch - and >>> execute: >>> >>> ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \ >>> '(&(objectClass=posixAccount)(uid=<>))' >>> >>> then enter your password. >>> >>> 1) I suppose, cn=admin is missing a domain name, e.g. >>> dc=[domainname],dc=de . >>> >>> 2) does your dnpass contain "funny" characters? >>> >>> *sasl_bind = no* >>> >>>> *tls = no* >>>>>> *auth_bind = yes* >>>>>> *ldap_version = 3* >>>>>> *base = dc=[domainname],dc=de* >>>>>> *user_attrs = uidNumber=uid,gidNumber=gid* >>>>>> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >>>>>> *pass_attrs = uid=user,userPassword=password* >>>>>> >>>>>> >>>>> BTW: You do not habe no pass_filter or I deleted it last time. >>> >>> >>> >>> Output of dovecot -n: >>>>>> >>>>>> *disable_plaintest_auth = no* >>>>>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u* >>>>>> *[namespace config here]* >>>>>> >>>>>> *passdb {* >>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>>>> >>>>>> ^^^^^^^^^^^^^^^^^^^^ >>>>>> >>>>> >>>>> filename mismatch >>>>> >>>>> *driver = ldap* >>>>> >>>>> *}* >>>>>> *plugin {* >>>>>> *sieve = ~/.dovecot.sieve* >>>>>> *sieve_dir = ~/sieve* >>>>>> *}* >>>>>> >>>>>> *protocols = " imap pop3"* >>>>>> *ssl_cert = >>>>> *ssl_key = >>>>> *userdb {* >>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>>>> *driver =ldap* >>>>>> *}* >>>>>> *protocol pop3 {* >>>>>> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* >>>>>> *pop3_uidl_format = %08Xu%08Xv* >>>>>> *}* >>>>>> >>>>>> Any help would be greatly apprechiated.... I'm going crazy over here. >>>>>> >>>>>> Thanks in advance, >>>>>> David >>>>>> >>>>>> >>>>>> - -- Steffen Kaiser >>>>>> >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: GnuPG v1 >>>>> >>>>> iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 >>>>> 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ >>>>> okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl >>>>> Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi >>>>> k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J >>>>> wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== >>>>> =8upy >>>>> -----END PGP SIGNATURE----- >>>>> >>>>> >>>>> >>>> - -- Steffen Kaiser >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1 >>> >>> iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt >>> /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe >>> QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 >>> 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs >>> wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO >>> bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== >>> =W7kX >>> -----END PGP SIGNATURE----- >>> >>> >> > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU > DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li > Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE > zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH > iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS > d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw== > =pJnh > -----END PGP SIGNATURE----- > From skdovecot at smail.inf.fh-brs.de Tue Feb 24 10:10:16 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Feb 2015 11:10:16 +0100 (CET) Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 24 Feb 2015, David Scheele wrote: > > *ldapsearch -x cn=admin* gives me: > > | # A bunch of information not really interesting > | # search result > | search: 2 > | result: 32 No such object > | > | numResponses: 1 > > *ldapsearch -x cn=admin* gives the same. > Did i configure the ldap wrong? ldapsearch -x -h localhost cn=admin ? > > 2015-02-24 10:42 GMT+01:00 Steffen Kaiser : > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Tue, 24 Feb 2015, David Scheele wrote: >> >> >>> The ldap-utils were already installed. >>> I did the ldapsearch you gave me, but after inputting my admin password it >>> gives me >>> *ldap_bind: Invalid credentials (49)* >>> I logged into the ldap server with my admin credentials (which worked >>> fine) >>> and changed my password to '12345', Trying that, still *Invalid >>> credentials* >>> . >>> >> >> Oh forgot: >> >> ldapsearch -x .. >> >> Also try: >> >> ldapsearch -x cn=admin >> >> >> to get the full DN of the admin >> >> >> 1.) I tried that already. The error switches to syntax error then. >>> 2.) Not really. An upper case letter and a number + various lowercase >>> letters. Not very exotic. >>> >>> Is the pass_filter neccessary? I just wanted to make the installation as >>> basic as possible, to not get any unwanted errors. >>> >>> Best, >>> David >>> >>> 2015-02-24 10:02 GMT+01:00 Steffen Kaiser >>> : >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> On Tue, 24 Feb 2015, David Scheele wrote: >>>> >>>> 2015-02-24 8:05 GMT+01:00 Steffen Kaiser >>>>> : >>>>> >>>>> On Mon, 23 Feb 2015, David Scheele wrote: >>>>>> >>>>>> So, I set up the Server, installed and configured postfix, ldap and >>>>>> >>>>>> dovecot >>>>>>> (in that order) and now simply try to log into the mail account with a >>>>>>> used >>>>>>> from the LDAP over telnet. >>>>>>> >>>>>>> The test looks like this: >>>>>>> >>>>>>> *|> telnet localhost 143* >>>>>>> *| a bunch of stuff ending with:* >>>>>>> *| OK [**] Dovecot ready.* >>>>>>> *|> a login username userpassword* >>>>>>> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date >>>>>>> here]* >>>>>>> >>>>>>> In the logs it says >>>>>>> >>>>>>> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn >>>>>>> cn=admin): Invalid credentials* >>>>>>> >>>>>>> But I KNOW the admin password I entered into the dovecot-lda.conf.ext >>>>>>> is >>>>>>> correct as I use it to log into the LDAP directory over jxplorer >>>>>>> >>>>>>> I also know the password for the user i try to log in with is correct >>>>>>> as i >>>>>>> set it myself over and over just to be sure there are no typos. >>>>>>> I'm at a loss, I've been at this end for a few days now and can't find >>>>>>> good >>>>>>> tutorials online because its either always an old dovecot, postfix, >>>>>>> ldap >>>>>>> or >>>>>>> debian version and somewhere in the middle it just stops because some >>>>>>> file >>>>>>> is completely missing. I get the impression I'm just not able-brained >>>>>>> for >>>>>>> linux useage. >>>>>>> >>>>>>> Anyway, here are a few more informations about the system: >>>>>>> >>>>>>> *Dovecot version 2.1.7* >>>>>>> >>>>>>> Output of grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext: >>>>>>> *hosts = localhost* >>>>>>> *dn = cn=admin* >>>>>>> *dnpass = [password]* >>>>>>> >>>>>>> >>>>>> install the ldap-utils package - that one containing ldapsearch - and >>>> execute: >>>> >>>> ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \ >>>> '(&(objectClass=posixAccount)(uid=<>))' >>>> >>>> then enter your password. >>>> >>>> 1) I suppose, cn=admin is missing a domain name, e.g. >>>> dc=[domainname],dc=de . >>>> >>>> 2) does your dnpass contain "funny" characters? >>>> >>>> *sasl_bind = no* >>>> >>>>> *tls = no* >>>>>>> *auth_bind = yes* >>>>>>> *ldap_version = 3* >>>>>>> *base = dc=[domainname],dc=de* >>>>>>> *user_attrs = uidNumber=uid,gidNumber=gid* >>>>>>> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >>>>>>> *pass_attrs = uid=user,userPassword=password* >>>>>>> >>>>>>> >>>>>> BTW: You do not habe no pass_filter or I deleted it last time. >>>> >>>> >>>> >>>> Output of dovecot -n: >>>>>>> >>>>>>> *disable_plaintest_auth = no* >>>>>>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u* >>>>>>> *[namespace config here]* >>>>>>> >>>>>>> *passdb {* >>>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>>>>> >>>>>>> ^^^^^^^^^^^^^^^^^^^^ >>>>>>> >>>>>> >>>>>> filename mismatch >>>>>> >>>>>> *driver = ldap* >>>>>> >>>>>> *}* >>>>>>> *plugin {* >>>>>>> *sieve = ~/.dovecot.sieve* >>>>>>> *sieve_dir = ~/sieve* >>>>>>> *}* >>>>>>> >>>>>>> *protocols = " imap pop3"* >>>>>>> *ssl_cert = >>>>>> *ssl_key = >>>>>> *userdb {* >>>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>>>>> *driver =ldap* >>>>>>> *}* >>>>>>> *protocol pop3 {* >>>>>>> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* >>>>>>> *pop3_uidl_format = %08Xu%08Xv* >>>>>>> *}* >>>>>>> >>>>>>> Any help would be greatly apprechiated.... I'm going crazy over here. >>>>>>> >>>>>>> Thanks in advance, >>>>>>> David >>>>>>> >>>>>>> >>>>>>> - -- Steffen Kaiser >>>>>>> >>>>>> -----BEGIN PGP SIGNATURE----- >>>>>> Version: GnuPG v1 >>>>>> >>>>>> iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 >>>>>> 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ >>>>>> okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl >>>>>> Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi >>>>>> k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J >>>>>> wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== >>>>>> =8upy >>>>>> -----END PGP SIGNATURE----- >>>>>> >>>>>> >>>>>> >>>>> - -- Steffen Kaiser >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1 >>>> >>>> iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt >>>> /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe >>>> QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 >>>> 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs >>>> wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO >>>> bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== >>>> =W7kX >>>> -----END PGP SIGNATURE----- >>>> >>>> >>> >> - -- Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU >> DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li >> Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE >> zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH >> iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS >> d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw== >> =pJnh >> -----END PGP SIGNATURE----- >> > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOxOCHz1H7kL/d9rAQIpnAgAg7AppZILrbrqcclRNKc1iZc299rPuRIm ghf2Bmv+WF21u9qKtvwHmCYFYD4v+JgmPRS1X8e+jxEFocAYkA25qESDElvjJKfD qq3CiLQ42VLcBxGQZ70WlyJXkQK5TUBMu9tF1YuhjuGwb4lF0KMOAiowSwt8xsut JlsgxHfDbVYa8okQ5DwEydHSfqcwBBs3GLzJcQb2UYZRN6GIq71wFqFqQuAI8QRk knzjGUqOYrvsrjdMcp+G+5eywk/Mum/rU5+xXU/0ReyjYtlMGf8iggOzWq8J98Wv c4brY6BegnlAlXLQfmsJnZDZn06bsovdBji88xJPCjaxjur2m8PHtQ== =RCw5 -----END PGP SIGNATURE----- From david.scheele2 at googlemail.com Tue Feb 24 10:10:47 2015 From: david.scheele2 at googlemail.com (David Scheele) Date: Tue, 24 Feb 2015 11:10:47 +0100 Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: Ok I completed the dn as thus: *dn = cn=admin,dc=luenenet,dc=de* And now wehn i try* a login Username Password *over *telnet localhost 143* I get *a NO [AUTHENTICATIONFAILED] Authentication failed.* I confirmed that the user password is correct. by the way,* ldapsearch -x -D 'cn=admin,dc=[domainname],dc=de' -w 12345 -b 'dc=[**domainname**],dc=de' cn* gives me: *| # [**domainname* *].de* *| dn: dc=[**domainname**],dc=de* *| #admin, [**domainname* *].de* *| dn: cn=admin,dc=[**domainname* *],dc=de* *| cn: admin* *| # [User Name], [**domainname* *].de* *| dn: cn=[User Name],dc=[**domainname* *],dc=de* *| cn: [User Name]* *| #search result* *| search: 2* *| result: 0 Success* *| # numResponses: 4* *| # numEntries: 3* 2015-02-24 10:51 GMT+01:00 David Scheele : > Hmm... > > *ldapsearch -x cn=admin* gives me: > > | # A bunch of information not really interesting > | # search result > | search: 2 > | result: 32 No such object > | > | numResponses: 1 > > *ldapsearch -x cn=admin* gives the same. > Did i configure the ldap wrong? > > > 2015-02-24 10:42 GMT+01:00 Steffen Kaiser : > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Tue, 24 Feb 2015, David Scheele wrote: >> >> >>> The ldap-utils were already installed. >>> I did the ldapsearch you gave me, but after inputting my admin password >>> it >>> gives me >>> *ldap_bind: Invalid credentials (49)* >>> I logged into the ldap server with my admin credentials (which worked >>> fine) >>> and changed my password to '12345', Trying that, still *Invalid >>> credentials* >>> . >>> >> >> Oh forgot: >> >> ldapsearch -x .. >> >> Also try: >> >> ldapsearch -x cn=admin >> >> >> to get the full DN of the admin >> >> >> 1.) I tried that already. The error switches to syntax error then. >>> 2.) Not really. An upper case letter and a number + various lowercase >>> letters. Not very exotic. >>> >>> Is the pass_filter neccessary? I just wanted to make the installation as >>> basic as possible, to not get any unwanted errors. >>> >>> Best, >>> David >>> >>> 2015-02-24 10:02 GMT+01:00 Steffen Kaiser >> >: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> On Tue, 24 Feb 2015, David Scheele wrote: >>>> >>>> 2015-02-24 8:05 GMT+01:00 Steffen Kaiser < >>>>> skdovecot at smail.inf.fh-brs.de>: >>>>> >>>>> On Mon, 23 Feb 2015, David Scheele wrote: >>>>>> >>>>>> So, I set up the Server, installed and configured postfix, ldap and >>>>>> >>>>>> dovecot >>>>>>> (in that order) and now simply try to log into the mail account with >>>>>>> a >>>>>>> used >>>>>>> from the LDAP over telnet. >>>>>>> >>>>>>> The test looks like this: >>>>>>> >>>>>>> *|> telnet localhost 143* >>>>>>> *| a bunch of stuff ending with:* >>>>>>> *| OK [**] Dovecot ready.* >>>>>>> *|> a login username userpassword* >>>>>>> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and >>>>>>> date >>>>>>> here]* >>>>>>> >>>>>>> In the logs it says >>>>>>> >>>>>>> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn >>>>>>> cn=admin): Invalid credentials* >>>>>>> >>>>>>> But I KNOW the admin password I entered into the >>>>>>> dovecot-lda.conf.ext is >>>>>>> correct as I use it to log into the LDAP directory over jxplorer >>>>>>> >>>>>>> I also know the password for the user i try to log in with is correct >>>>>>> as i >>>>>>> set it myself over and over just to be sure there are no typos. >>>>>>> I'm at a loss, I've been at this end for a few days now and can't >>>>>>> find >>>>>>> good >>>>>>> tutorials online because its either always an old dovecot, postfix, >>>>>>> ldap >>>>>>> or >>>>>>> debian version and somewhere in the middle it just stops because some >>>>>>> file >>>>>>> is completely missing. I get the impression I'm just not able-brained >>>>>>> for >>>>>>> linux useage. >>>>>>> >>>>>>> Anyway, here are a few more informations about the system: >>>>>>> >>>>>>> *Dovecot version 2.1.7* >>>>>>> >>>>>>> Output of grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext: >>>>>>> *hosts = localhost* >>>>>>> *dn = cn=admin* >>>>>>> *dnpass = [password]* >>>>>>> >>>>>>> >>>>>> install the ldap-utils package - that one containing ldapsearch - and >>>> execute: >>>> >>>> ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \ >>>> '(&(objectClass=posixAccount)(uid=<>))' >>>> >>>> then enter your password. >>>> >>>> 1) I suppose, cn=admin is missing a domain name, e.g. >>>> dc=[domainname],dc=de . >>>> >>>> 2) does your dnpass contain "funny" characters? >>>> >>>> *sasl_bind = no* >>>> >>>>> *tls = no* >>>>>>> *auth_bind = yes* >>>>>>> *ldap_version = 3* >>>>>>> *base = dc=[domainname],dc=de* >>>>>>> *user_attrs = uidNumber=uid,gidNumber=gid* >>>>>>> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >>>>>>> *pass_attrs = uid=user,userPassword=password* >>>>>>> >>>>>>> >>>>>> BTW: You do not habe no pass_filter or I deleted it last time. >>>> >>>> >>>> >>>> Output of dovecot -n: >>>>>>> >>>>>>> *disable_plaintest_auth = no* >>>>>>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u* >>>>>>> *[namespace config here]* >>>>>>> >>>>>>> *passdb {* >>>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>>>>> >>>>>>> ^^^^^^^^^^^^^^^^^^^^ >>>>>>> >>>>>> >>>>>> filename mismatch >>>>>> >>>>>> *driver = ldap* >>>>>> >>>>>> *}* >>>>>>> *plugin {* >>>>>>> *sieve = ~/.dovecot.sieve* >>>>>>> *sieve_dir = ~/sieve* >>>>>>> *}* >>>>>>> >>>>>>> *protocols = " imap pop3"* >>>>>>> *ssl_cert = >>>>>> *ssl_key = >>>>>> *userdb {* >>>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>>>>> *driver =ldap* >>>>>>> *}* >>>>>>> *protocol pop3 {* >>>>>>> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* >>>>>>> *pop3_uidl_format = %08Xu%08Xv* >>>>>>> *}* >>>>>>> >>>>>>> Any help would be greatly apprechiated.... I'm going crazy over here. >>>>>>> >>>>>>> Thanks in advance, >>>>>>> David >>>>>>> >>>>>>> >>>>>>> - -- Steffen Kaiser >>>>>>> >>>>>> -----BEGIN PGP SIGNATURE----- >>>>>> Version: GnuPG v1 >>>>>> >>>>>> iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 >>>>>> 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ >>>>>> okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl >>>>>> Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi >>>>>> k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J >>>>>> wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== >>>>>> =8upy >>>>>> -----END PGP SIGNATURE----- >>>>>> >>>>>> >>>>>> >>>>> - -- Steffen Kaiser >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1 >>>> >>>> iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt >>>> /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe >>>> QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 >>>> 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs >>>> wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO >>>> bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== >>>> =W7kX >>>> -----END PGP SIGNATURE----- >>>> >>>> >>> >> - -- Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU >> DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li >> Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE >> zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH >> iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS >> d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw== >> =pJnh >> -----END PGP SIGNATURE----- >> > > From skdovecot at smail.inf.fh-brs.de Tue Feb 24 10:33:03 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 24 Feb 2015 11:33:03 +0100 (CET) Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 24 Feb 2015, David Scheele wrote: > Ok I completed the dn as thus: > *dn = cn=admin,dc=luenenet,dc=de* > And now wehn i try* a login Username Password *over *telnet localhost 143* I > get > *a NO [AUTHENTICATIONFAILED] Authentication failed.* Did you've added pass_filter? Has the LDAP item > *| # [User Name], [**domainname* > *].de* > *| dn: cn=[User Name],dc=[**domainname* > *],dc=de* > > *| cn: [User Name]* the attributes objectClass: posixAccount uid: ? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOxTX3z1H7kL/d9rAQK0SQf/TgLwfpfzoEOOnZcUxVXiUdKPjmqsGyL3 tuyN2WzBPXB338lJfRdY8YVRRHqvn3Ff++LkpyM6sPXhIGqEjdln0T/75e3H4M+b NV6lvmyw+J+5s3+m7BoEa3WMam9cmubCSrmpM8UdGMIcF2W4tgsNuRQG+cAofOIU pG9yFi3RyKNUPxXJJKw1t8ZnSwDPVuEzL+CPMuFqT0QRoFPWHbEdrsyWRs5/EeUp +hROn57AF40OtWpF+dIV/HHNzyAwmFqhmJS7AJcajvqtUS8q62xj0S81EvOXnN1f 9tRoDjkfYoaxT4eOMXtP37E9MZzdrcnK5zG5G8nANbgjo8uyVOeA/Q== =WqJq -----END PGP SIGNATURE----- From mihai at badici.ro Tue Feb 24 10:33:51 2015 From: mihai at badici.ro (Mihai Badici) Date: Tue, 24 Feb 2015 12:33:51 +0200 Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: Message-ID: <2088409.g8Fepl7QzO@arhivio> On Tuesday 24 February 2015 10:51:44 David Scheele wrote: > Hmm... > > *ldapsearch -x cn=admin* gives me: > | # A bunch of information not really interesting > | # search result > | search: 2 > | result: 32 No such object > | > | numResponses: 1 > > *ldapsearch -x cn=admin* gives the same. > Did i configure the ldap wrong? Ldapsearch will search in the default container. But probably the admin user is in different container, like cn=admin,cn=config so you can't find it with this search From giedrius.tuminauskas at alva-group.com Tue Feb 24 13:41:49 2015 From: giedrius.tuminauskas at alva-group.com (Giedrius Tuminauskas) Date: Tue, 24 Feb 2015 13:41:49 +0000 Subject: Mail migration / dsync Message-ID: <54EC7F9D.3070100@alva-group.com> Hello, I am trying to migrate emails from: Mountain Lion OSX 10.8.5 (dovecot: 2.0.19apple1) to: RHEL 7.0 (dovecot: 2.2.10) Using command: dsync -m /Library/Server/Mail/Data/mail/XYZWXYZW-XYZW-XYZW-XYW-XYZXYZXYZXYZ/ -u giedriust mirror giedriust at 192.168.xx.xx root at 192.168.xx.xx's password: dsync-remote(giedriust at domainname.com): Error: dsync(local): Remote dsync doesn't use compatible protocol dsync-remote(giedriust at domainname.com): Error: dsync(local): Remote dsync doesn't use compatible protocol dsync-local(giedriust): Error: Invalid server handshake: VERSION dsync 3 2 Is there a way to synchronise all the emails and convert them from simple Maildir to Maildir (layout=fs) format? -- * Giedrius Tuminauskas* From superinterstellar at gmail.com Tue Feb 24 17:15:37 2015 From: superinterstellar at gmail.com (Kevin Laurie) Date: Wed, 25 Feb 2015 01:15:37 +0800 Subject: FTS Solr = No search results for Body Search - (serious issue, please help) Message-ID: Hi, I have been trying to get FTS to work with dovecot. When I search from my client (roundcube webmail) I am able to get results for From, To and Subject fields expect Body on my Apache Solr engine. Could this be a schema related problem? This is output for the Subject: 8025 [main] INFO org.eclipse.jetty.server.AbstractConnector ? Started SocketConnector at 0.0.0.0:8983 9001 [searcherExecutor-6-thread-1] INFO org.apache.solr.core.SolrCore ? [collection1] Registered new searcher Searcher at 7dfcb28[collection1] main{StandardDirectoryReader(segments_4g:789:nrt _6z(4.10.2):C16672 _44(4.10.2):C6996 _56(4.10.2):C3672 _64(4.10.2):C4000 _8y(4.10.2):C3143 _7v(4.10.2):C673 _7b(4.10.2):C830 _85(4.10.2):C3754 _7k(4.10.2):C3975 _8f(4.10.2):C1516 _7n(4.10.2):C67 _9a(4.10.2):C677 _8o(4.10.2):C38 _8v(4.10.2):C40 _9l(4.10.2):C2705 _8x(4.10.2):C43 _90(4.10.2):C16 _9b(4.10.2):C22 _9d(4.10.2):C44 _9f(4.10.2):C84 _9h(4.10.2):C83 _9i(4.10.2):C356 _9j(4.10.2):C84 _9k(4.10.2):C296 _9m(4.10.2):C83 _9n(4.10.2):C57)} 155092 [qtp433527567-13] INFO org.apache.solr.core.SolrCore ? [collection1] webapp=/solr path=/select params={sort=uid+asc&fl=uid,score&q=subject:"price"&fq=%2Bbox:ac553604f7314b54e62300003555fc1a+%2Buser:"user at domain.net"&rows=107178} hits=1237 status=0 QTime=1918 This is output for the From / To: 3374412 [qtp1728413448-16] INFO org.apache.solr.core.SolrCore ? [collection1] webapp=/solr path=/select params={sort=uid+asc&fl=uid,score&q=subject:"dave"+OR+from:"dave"+OR+to:"dave"&fq=%2Bbox:ac553604f7314b54e62300003555fc1a+%2Buser:"bob at email.net"&rows=107161} hits=571 status=0 QTime=706 3379438 [qtp1728413448-18] INFO org.apache.solr.servlet. SolrDispatchFilter ? [admin] webapp=null path=/admin/info/logging params={_=1424714397078&since=1424711021771&wt=json} status=0 QTime=0 When I search the body text, the client searches for a little time before it stops and I have no results . From luciano at vespaperitivo.it Tue Feb 24 17:28:43 2015 From: luciano at vespaperitivo.it (Luciano Mannucci) Date: Tue, 24 Feb 2015 18:28:43 +0100 Subject: Conditional SASL authentication Message-ID: <3ks6hc3RqlzRRrN@baobab.bilink.it> Hello, I have a few users that are often hit by a trojan virus that steals e-mail user and password. Having a very little (if not null) power on their machines, I need to be able to block the outgoing mail wich is handled by postfix via dovecot SASL. Blocking it at dovecot level would be optimal, for the virus doesn't necessarily use the e-mail of the user as its from, just the user and password for the authentication phase. Is it feasible? AdvThanksAnce, Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From georges at mhsoftware.com Tue Feb 24 17:54:40 2015 From: georges at mhsoftware.com (George Sexton) Date: Tue, 24 Feb 2015 10:54:40 -0700 Subject: Conditional SASL authentication In-Reply-To: <3ks6hc3RqlzRRrN@baobab.bilink.it> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> Message-ID: <54ECBAE0.4030306@mhsoftware.com> The things that occur to me are 1) Ensure that the sender domain is authorized by doing a rule in main.cf for send_restrictions. Then at least they won't be sending things with faked from=. 2) Do some work with rate limiting. http://steam.io/2013/04/01/postfix-rate-limiting/ 3) Look at something like fail2ban. On 2/24/2015 10:28 AM, Luciano Mannucci wrote: > Hello, > > I have a few users that are often hit by a trojan virus that steals > e-mail user and password. Having a very little (if not null) power on > their machines, I need to be able to block the outgoing mail wich is > handled by postfix via dovecot SASL. > Blocking it at dovecot level would be optimal, for the virus doesn't > necessarily use the e-mail of the user as its from, just the user and > password for the authentication phase. > > Is it feasible? > > AdvThanksAnce, > > Luciano. -- George Sexton *MH Software, Inc.* Voice: 303 438 9585 http://www.mhsoftware.com From h.reindl at thelounge.net Tue Feb 24 17:56:03 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 24 Feb 2015 18:56:03 +0100 Subject: Conditional SASL authentication In-Reply-To: <3ks6hc3RqlzRRrN@baobab.bilink.it> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> Message-ID: <54ECBB33.2000106@thelounge.net> Am 24.02.2015 um 18:28 schrieb Luciano Mannucci: > I have a few users that are often hit by a trojan virus that steals > e-mail user and password. Having a very little (if not null) power on > their machines, I need to be able to block the outgoing mail wich is > handled by postfix via dovecot SASL. > Blocking it at dovecot level would be optimal, for the virus doesn't > necessarily use the e-mail of the user as its from, just the user and > password for the authentication phase. > > Is it feasible? not sure what you try to achieve * if you cahnge the pwd SASL auth is taken away * if you don't want enforce SASL per IP mynetworks is your friend but nobody really wants to place foreign machines in mynetworks and allow to send mail unauthenticated from a machine he don't own - and if it si only because in most configurations more restrictions than with SASL are bypassed it's anyways not a dovecot question -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From me at junc.eu Tue Feb 24 18:00:09 2015 From: me at junc.eu (Benny Pedersen) Date: Tue, 24 Feb 2015 19:00:09 +0100 Subject: Conditional SASL authentication In-Reply-To: <3ks6hc3RqlzRRrN@baobab.bilink.it> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> Message-ID: <14bbcbf0028.28c1.d475fad7b14312f5d8424e35e39f7512@junc.eu> On February 24, 2015 6:30:53 PM Luciano Mannucci wrote: > Is it feasible? no, when this happend disable smtp auth, but not login, then send a mail why smtp auth is disabled From h.reindl at thelounge.net Tue Feb 24 18:00:32 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 24 Feb 2015 19:00:32 +0100 Subject: Conditional SASL authentication In-Reply-To: <3ks6hc3RqlzRRrN@baobab.bilink.it> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> Message-ID: <54ECBC40.70500@thelounge.net> Am 24.02.2015 um 18:28 schrieb Luciano Mannucci: > for the virus doesn't necessarily use the e-mail of the > user as its from, just the user and password for the > authentication phase so you allow random envelope senders on your servers? why? smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_recipient reject_non_fqdn_sender reject_unlisted_sender reject_authenticated_sender_login_mismatch permit_sasl_authenticated reject -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From adrian.minta at gmail.com Tue Feb 24 18:03:51 2015 From: adrian.minta at gmail.com (Adrian Minta) Date: Tue, 24 Feb 2015 20:03:51 +0200 Subject: Conditional SASL authentication In-Reply-To: <3ks6hc3RqlzRRrN@baobab.bilink.it> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> Message-ID: <54ECBD07.7020207@gmail.com> Hello, take a look at postfwd, especially "rate limit examples": http://postfwd.org/ -- Best regards, Adrian Minta From luciano at vespaperitivo.it Tue Feb 24 18:04:44 2015 From: luciano at vespaperitivo.it (Luciano Mannucci) Date: Tue, 24 Feb 2015 19:04:44 +0100 Subject: Conditional SASL authentication In-Reply-To: <54ECBB33.2000106@thelounge.net> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> <54ECBB33.2000106@thelounge.net> Message-ID: <3ks7V96YBtzRRrN@baobab.bilink.it> On Tue, 24 Feb 2015 18:56:03 +0100 Reindl Harald wrote: > * if you cahnge the pwd SASL auth is taken away True. But this way the user will be unable to read his/her mail, including my message saying "Hey, you've got a new virus!". Thanks anyway, luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From h.reindl at thelounge.net Tue Feb 24 18:09:20 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 24 Feb 2015 19:09:20 +0100 Subject: Conditional SASL authentication In-Reply-To: <3ks7V96YBtzRRrN@baobab.bilink.it> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> <54ECBB33.2000106@thelounge.net> <3ks7V96YBtzRRrN@baobab.bilink.it> Message-ID: <54ECBE50.3090207@thelounge.net> Am 24.02.2015 um 19:04 schrieb Luciano Mannucci: > On Tue, 24 Feb 2015 18:56:03 +0100 > Reindl Harald wrote: > >> * if you cahnge the pwd SASL auth is taken away > True. > But this way the user will be unable to read his/her mail, including > my message saying "Hey, you've got a new virus!" if the account is compromised the password *must be changed* and the user contacted on a different channel - otherwise you risk hijacking his other accounts connected to the mail-address and a ton of additional damage -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From luciano at vespaperitivo.it Tue Feb 24 18:13:46 2015 From: luciano at vespaperitivo.it (Luciano Mannucci) Date: Tue, 24 Feb 2015 19:13:46 +0100 Subject: Conditional SASL authentication In-Reply-To: <14bbcbf0028.28c1.d475fad7b14312f5d8424e35e39f7512@junc.eu> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> <14bbcbf0028.28c1.d475fad7b14312f5d8424e35e39f7512@junc.eu> Message-ID: <3ks7hb65ypz1cXKy@baobab.bilink.it> On Tue, 24 Feb 2015 19:00:09 +0100 Benny Pedersen wrote: > no, when this happend disable smtp auth, but not login, then send a mail > why smtp auth is disabled This way, I'll block everybody, not only the troyan victims. luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From luciano at vespaperitivo.it Tue Feb 24 18:20:49 2015 From: luciano at vespaperitivo.it (Luciano Mannucci) Date: Tue, 24 Feb 2015 19:20:49 +0100 Subject: Conditional SASL authentication In-Reply-To: <54ECBC40.70500@thelounge.net> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> <54ECBC40.70500@thelounge.net> Message-ID: <3ks7rk5tMMzRRrN@baobab.bilink.it> On Tue, 24 Feb 2015 19:00:32 +0100 Reindl Harald wrote: > so you allow random envelope senders on your servers? > why? I know it is not necessarily a good idea... :) It is basicaly to allow fake home addresses from the office for some managers. Thanks for the smtpd_recipient_restrictions list, it sounds interesting! Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From h.reindl at thelounge.net Tue Feb 24 18:29:08 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 24 Feb 2015 19:29:08 +0100 Subject: Conditional SASL authentication In-Reply-To: <3ks7rk5tMMzRRrN@baobab.bilink.it> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> <54ECBC40.70500@thelounge.net> <3ks7rk5tMMzRRrN@baobab.bilink.it> Message-ID: <54ECC2F4.8060806@thelounge.net> Am 24.02.2015 um 19:20 schrieb Luciano Mannucci: > On Tue, 24 Feb 2015 19:00:32 +0100 > Reindl Harald wrote: > >> so you allow random envelope senders on your servers? >> why? > I know it is not necessarily a good idea... :) > It is basicaly to allow fake home addresses from the office for some > managers. don't allow senders which you would not receive mail for - period especially don't allow fakes - if your machine spews a large amount of mail here not bypass sender-verification because not SPF you would get blocked unconditionally IP based > Thanks for the smtpd_recipient_restrictions list, it sounds interesting! it's for submission only! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From adrian.minta at gmail.com Tue Feb 24 18:37:01 2015 From: adrian.minta at gmail.com (Adrian Minta) Date: Tue, 24 Feb 2015 20:37:01 +0200 Subject: Conditional SASL authentication In-Reply-To: <54ECC2F4.8060806@thelounge.net> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> <54ECBC40.70500@thelounge.net> <3ks7rk5tMMzRRrN@baobab.bilink.it> <54ECC2F4.8060806@thelounge.net> Message-ID: <54ECC4CD.5020506@gmail.com> On 24.02.2015 20:29, Reindl Harald wrote: > > > don't allow senders which you would not receive mail for - period > Seems interesting, at least until the bots adapt to this. Any idea how could this be implemented ? -- Best regards, Adrian Minta From h.reindl at thelounge.net Tue Feb 24 18:40:55 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 24 Feb 2015 19:40:55 +0100 Subject: Conditional SASL authentication In-Reply-To: <54ECC4CD.5020506@gmail.com> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> <54ECBC40.70500@thelounge.net> <3ks7rk5tMMzRRrN@baobab.bilink.it> <54ECC2F4.8060806@thelounge.net> <54ECC4CD.5020506@gmail.com> Message-ID: <54ECC5B7.1000605@thelounge.net> Am 24.02.2015 um 19:37 schrieb Adrian Minta: > On 24.02.2015 20:29, Reindl Harald wrote: >> >> don't allow senders which you would not receive mail for - period >> > Seems interesting, at least until the bots adapt to this. > Any idea how could this be implemented? with the configuration i have posted in that thread? for me that was a prerequisite before even consider put my first mailserver setup on a public IP and that's enforced even on any webserver here by shared database tables -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From adrian.minta at gmail.com Tue Feb 24 18:48:58 2015 From: adrian.minta at gmail.com (Adrian Minta) Date: Tue, 24 Feb 2015 20:48:58 +0200 Subject: Conditional SASL authentication In-Reply-To: <54ECC5B7.1000605@thelounge.net> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> <54ECBC40.70500@thelounge.net> <3ks7rk5tMMzRRrN@baobab.bilink.it> <54ECC2F4.8060806@thelounge.net> <54ECC4CD.5020506@gmail.com> <54ECC5B7.1000605@thelounge.net> Message-ID: <54ECC79A.2080606@gmail.com> On 24.02.2015 20:40, Reindl Harald wrote: > > > Am 24.02.2015 um 19:37 schrieb Adrian Minta: >> On 24.02.2015 20:29, Reindl Harald wrote: >>> >>> don't allow senders which you would not receive mail for - period >>> >> Seems interesting, at least until the bots adapt to this. >> Any idea how could this be implemented? > > with the configuration i have posted in that thread? > > for me that was a prerequisite before even consider put my first > mailserver setup on a public IP and that's enforced even on any > webserver here by shared database tables > Ups ... sorry, reject_authenticated_sender_login_mismatch from smtpd_sender_restrictions ofc. I was thinking about not accepting mails from users/ip witch don't do a least one pop3 or imap read before sending. -- Best regards, Adrian Minta From h.reindl at thelounge.net Tue Feb 24 19:05:35 2015 From: h.reindl at thelounge.net (Reindl Harald) Date: Tue, 24 Feb 2015 20:05:35 +0100 Subject: Conditional SASL authentication In-Reply-To: <54ECC79A.2080606@gmail.com> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> <54ECBC40.70500@thelounge.net> <3ks7rk5tMMzRRrN@baobab.bilink.it> <54ECC2F4.8060806@thelounge.net> <54ECC4CD.5020506@gmail.com> <54ECC5B7.1000605@thelounge.net> <54ECC79A.2080606@gmail.com> Message-ID: <54ECCB7F.8060107@thelounge.net> Am 24.02.2015 um 19:48 schrieb Adrian Minta: > On 24.02.2015 20:40, Reindl Harald wrote: >> >> >> Am 24.02.2015 um 19:37 schrieb Adrian Minta: >>> On 24.02.2015 20:29, Reindl Harald wrote: >>>> >>>> don't allow senders which you would not receive mail for - period >>>> >>> Seems interesting, at least until the bots adapt to this. >>> Any idea how could this be implemented? >> >> with the configuration i have posted in that thread? >> >> for me that was a prerequisite before even consider put my first >> mailserver setup on a public IP and that's enforced even on any >> webserver here by shared database tables > > Ups ... sorry, reject_authenticated_sender_login_mismatch from > smtpd_sender_restrictions ofc. > I was thinking about not accepting mails from users/ip witch don't do a > least one pop3 or imap read before sending pop-before-smtp was a completly broken idea 15 years ago and is now much more after having a ton of clients behind carrier-grade NAT (mobile devices and all that stuff) * implement SMTP auth properly * enforce SMTP auth unconditionally * don't allow foreign sender domains if you can't do that 3 things don't run a public mailserver -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From skdovecot at smail.inf.fh-brs.de Wed Feb 25 06:29:53 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 25 Feb 2015 07:29:53 +0100 (CET) Subject: Conditional SASL authentication In-Reply-To: <3ks7V96YBtzRRrN@baobab.bilink.it> References: <3ks6hc3RqlzRRrN@baobab.bilink.it> <54ECBB33.2000106@thelounge.net> <3ks7V96YBtzRRrN@baobab.bilink.it> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 24 Feb 2015, Luciano Mannucci wrote: > On Tue, 24 Feb 2015 18:56:03 +0100 > Reindl Harald wrote: > >> * if you cahnge the pwd SASL auth is taken away > True. > But this way the user will be unable to read his/her mail, including > my message saying "Hey, you've got a new virus!". OK, I had the task to disallow somebody to use SMTP, but allow to use IMAP. I use LDAP and my pass_filter contains: (!(deniedService=%Ls)) deniedService is a locally created string attribute. I don't know what postfix-Dovecot-SASL uses as "service", but it should be something like smtp. With LDAP or SQL you can block users (or even select passwords) by service string. See http://wiki2.dovecot.org/Variables for more options. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVO1r4Xz1H7kL/d9rAQL83ggApmDjmx4+97oKJYsrDIWmbZfLLyam6sTJ Sk6G3/Qh4pHDZBS/G55VeThwTO9UCvh9u2RL8pAWMnOyF576YduE6Q/xBvksnKXQ /+qaO1aOQxuEKwCqcoLh+k7q6kanMqxhgHvF86aO9ifEz7BaCP/doN65gKZuXUg9 ywBqS22guTlN4Lwuuhn8hoZi5OILs/WqD+Ym45VwMQz8wrS5Vq0WxzECkhFxewMa lebS7B6CePokF4x8J4xalH/yRTlJo3sDk89xTEYmv6CWMNnRiL1XB2dO4+MdxXH9 E7CAF328DHLN2ZiZwCmLjyOS3lA8pgWaib0wcSP+D09Qi/mUYWXi9Q== =cJoL -----END PGP SIGNATURE----- From christian.binder at freilassing.de Wed Feb 25 06:59:35 2015 From: christian.binder at freilassing.de (Christian Binder Stadt Freilassing) Date: Wed, 25 Feb 2015 07:59:35 +0100 Subject: Dovecot fsync question In-Reply-To: <19289_1424154484_t1H6S2pS022403_47c3cf0c102910e12725ccb1fc21c401@egroupware.freilassing.de> Message-ID: Hi list, is there a reason why nobody answers an my topics? Greetings Christian From lucabert at lucabert.de Wed Feb 25 07:13:36 2015 From: lucabert at lucabert.de (Luca Bertoncello) Date: Wed, 25 Feb 2015 08:13:36 +0100 Subject: Updating Dovecot Message-ID: <20150225081336.6b6fb602@frodo.lucabert.intra> Hi all! Currently I use Dovecot 1.2.9 from Ubuntu repositories. I'll try to upgrade Dovecot (to 2.2.15), compiling from sources. It seems not too difficult... :) Well, I see, that I have to recreate the configuration, since the old one can not be used with Dovecot2, OK, not a problem. Now: is there something special to be done to upgrade Dovecot or can I just stop the old version and start the new one and all runs without problem? Thanks a lot! Luca Bertoncello (lucabert at lucabert.de) From skdovecot at smail.inf.fh-brs.de Wed Feb 25 07:35:25 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 25 Feb 2015 08:35:25 +0100 (CET) Subject: Updating Dovecot In-Reply-To: <20150225081336.6b6fb602@frodo.lucabert.intra> References: <20150225081336.6b6fb602@frodo.lucabert.intra> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 25 Feb 2015, Luca Bertoncello wrote: > Currently I use Dovecot 1.2.9 from Ubuntu repositories. > I'll try to upgrade Dovecot (to 2.2.15), compiling from sources. It seems not > too difficult... :) > > Well, I see, that I have to recreate the configuration, since the old one > can not be used with Dovecot2, OK, not a problem. > > Now: is there something special to be done to upgrade Dovecot or can I just > stop the old version and start the new one and all runs without problem? If you do not change the logic of the config, keep the same mail storage format, etc.pp., Dovecot should update all Dovecot-related files and it should work. However, you cannot go back without loosing some information depending on your storage. Therefore, it is always wise to: backup everything and do a test on a test system before touching the production server. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVO17PXz1H7kL/d9rAQK3IQf/fTK1Cf511NUJN+KDfCoqXRK65TbOzyau PyWxynCdZdiaAdBY7N21Gy9T8qdsLjXPqCj7lyPZYNr+uIuaA8rLZHg+ZDUbqrp7 vJ2VMZDl0S8UeB/hih0ZRFDHq1yYkE30FHlujej2ABmEdEhuLIzDrX+Fbt0jPKC8 f+8M0efM2Mi/NZ8Tor4Xbz9RvC+7GrQ90NT25faWTBoWjviJBhzaEDIy6gWpsRFg 6UtvxV2VmreNGmVTNi2Rt4cfiQqpur6BH611ckjo9jU4TicPMgVR3IOB4Y+LOc+t /NkJNGYjHEaTk9Kw0LLBGPDH6mKj82QiZPr5Tf49z+V2BS1DdRkbpQ== =55rS -----END PGP SIGNATURE----- From sto at iti.es Wed Feb 25 08:57:06 2015 From: sto at iti.es (Sergio Talens-Oliag) Date: Wed, 25 Feb 2015 09:57:06 +0100 Subject: Metadata suport for public mailboxes Message-ID: <20150225085706.GA14697@ityrion.iti.upv.es> I'm using the latest version of dovecot (2.2.15) and I was trying to use a public namespace with metadata; I've found that it works for the users with enough permissions to set the metadata, but the values are set per user, that is, each user has its own metadata and does not see the values set by others. That sounds OK, as my mail_attribute_dict is configured as follows: mail_attribute_dict = file:/srv/vmail/%d/spool/%n/dovecot-metadata But for public mailboxes it would make sense to set the metadata in a user independent mode. Searching around I've found the following on the dovecot changelog: 2013-11-02 Timo Sirainen [...] TODO: - Metadata doesn't work for public namespaces. There should probably be a mail_attribute_public_dict setting for that. [...] So my guess that the mail_attribute_public_dict is not available. Is that the case or has it been implemented in a different way? Thanks in advance, Sergio -- Sergio Talens-Oliag Key fingerprint = FF77 A16B 9D09 FC7B 6656 CFAD 261D E19A 578A 36F2 From david.scheele2 at googlemail.com Wed Feb 25 09:31:22 2015 From: david.scheele2 at googlemail.com (David Scheele) Date: Wed, 25 Feb 2015 10:31:22 +0100 Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: <2088409.g8Fepl7QzO@arhivio> References: <2088409.g8Fepl7QzO@arhivio> Message-ID: Is there a good, foolproof dovecot-openldap tutorial that walks you through the steps and works with the newest version of both softwares? I'm giving up and starting anew. 2015-02-24 11:33 GMT+01:00 Mihai Badici : > On Tuesday 24 February 2015 10:51:44 David Scheele wrote: > > Hmm... > > > > *ldapsearch -x cn=admin* gives me: > > | # A bunch of information not really interesting > > | # search result > > | search: 2 > > | result: 32 No such object > > | > > | numResponses: 1 > > > > *ldapsearch -x cn=admin* gives the same. > > Did i configure the ldap wrong? > Ldapsearch will search in the default container. > But probably the admin user is in different container, like > cn=admin,cn=config > so you can't find it with this search > From mihai at badici.ro Wed Feb 25 11:11:09 2015 From: mihai at badici.ro (Mihai Badici) Date: Wed, 25 Feb 2015 13:11:09 +0200 Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: References: <2088409.g8Fepl7QzO@arhivio> Message-ID: <1905530.h1LIAk0W1K@arhivio> On Wednesday 25 February 2015 10:31:22 David Scheele wrote: > Is there a good, foolproof dovecot-openldap tutorial that walks you through > the steps and works with the newest version of both softwares? > I'm giving up and starting anew. > 2015-02-24 11:33 GMT+01:00 Mihai Badici : > > On Tuesday 24 February 2015 10:51:44 David Scheele wrote: > > > Hmm... Well, I'm not sure. As I said, you can take a look on my templates. Openldap is maybe to flexible for us :) and the dovecot setup always depend on openldap setup.. which depend on your distribution if you install it with apt-get. If you download my packages you don't need to install them but there are some configuration templates you can see and modify. If you have anonymous access you don't need to bind with admin credentials. > > > *ldapsearch -x cn=admin* gives me: > > > | # A bunch of information not really interesting > > > | # search result > > > | search: 2 > > > | result: 32 No such object > > > | > > > | numResponses: 1 > > > > > > *ldapsearch -x cn=admin* gives the same. > > > Did i configure the ldap wrong? > > > > Ldapsearch will search in the default container. > > But probably the admin user is in different container, like > > cn=admin,cn=config > > so you can't find it with this search -- Mihai B?dici http://mihai.badici.ro From HFlor at gmx.de Wed Feb 25 11:24:57 2015 From: HFlor at gmx.de (Hardy Flor) Date: Wed, 25 Feb 2015 12:24:57 +0100 Subject: btrfs for mail_attachment_dir Message-ID: <54EDB109.4070708@gmx.de> Hello, I don't find any indication, that no btrfs for then filesystem for the path in "mail_attachment_dir" is to be used. but btrfs has a big problem with hard links in the same directory. Nuisance is the only deal with a different file system? Hardy From skdovecot at smail.inf.fh-brs.de Wed Feb 25 12:10:47 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 25 Feb 2015 13:10:47 +0100 (CET) Subject: "Temporary authentication failure" ? Cant connect with ldap user In-Reply-To: <1905530.h1LIAk0W1K@arhivio> References: <2088409.g8Fepl7QzO@arhivio> <1905530.h1LIAk0W1K@arhivio> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 25 Feb 2015, Mihai Badici wrote: > On Wednesday 25 February 2015 10:31:22 David Scheele wrote: >> Is there a good, foolproof dovecot-openldap tutorial that walks you through >> the steps and works with the newest version of both softwares? >> I'm giving up and starting anew. > >> 2015-02-24 11:33 GMT+01:00 Mihai Badici : >>> On Tuesday 24 February 2015 10:51:44 David Scheele wrote: >>>> Hmm... > > Well, I'm not sure. As I said, you can take a look on my templates. > Openldap is maybe to flexible for us :) and the dovecot setup always depend > on openldap setup.. which depend on your distribution if you install it with > apt-get. > If you download my packages you don't need to install them but there are some > configuration templates you can see and modify. > > If you have anonymous access you don't need to bind with admin credentials. (Y) @David: You should know your LDAP setup and craft Dovecot for it. - From your question I guess that you have not changed the LDAP scheme, but use some default posixAccount objectclass. So tell us: 1) does ldapsearch -x -h server displays all users ? If yes: No admin access required. 2) How does your users are to login? Mail address, account name, user name? 3) Which information is storred in LDAP per account mandatory and in which LDAP attribute. >>>> *ldapsearch -x cn=admin* gives me: >>>> | # A bunch of information not really interesting >>>> | # search result >>>> | search: 2 >>>> | result: 32 No such object >>>> | >>>> | numResponses: 1 >>>> >>>> *ldapsearch -x cn=admin* gives the same. >>>> Did i configure the ldap wrong? >>> >>> Ldapsearch will search in the default container. >>> But probably the admin user is in different container, like >>> cn=admin,cn=config >>> so you can't find it with this search > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVO27x3z1H7kL/d9rAQJGhggAj/DEzn5pl9yGG2tgAo2OvMCAW9ag/saw D+vDNK2MKgDRYbWk3Rt9pdHGWmTBtXMZltIX/EFe/nFOMMBFpwS0qbEaJedCuNad ThEVtrYRkliwkXR6XMdLbPWbM47eJt+feftygD/NJ6V5rZ6QmX22aALJbZz8QbRJ 9nq7CsbGai1T99cjUxBny2u6jF96gjXI4DIr8iyva+GIWiehIGUl4n+9NGqgvvky SBLwefTrRZDQPfMj4+NjNxdjZ/RDKC+aFVSTrbybXQCTUv3LDm9BU5JJchO6q53x VzJWLmC08gmuv0bG+xc5rmoeV49GoFhkX1C8h5ovDbG5XYbPiP9pQA== =Z1Ak -----END PGP SIGNATURE----- From eduardo at kalinowski.com.br Wed Feb 25 12:14:21 2015 From: eduardo at kalinowski.com.br (Eduardo M KALINOWSKI) Date: Wed, 25 Feb 2015 12:14:21 +0000 Subject: btrfs for mail_attachment_dir In-Reply-To: <54EDB109.4070708@gmx.de> Message-ID: <20150225121422.Horde.IiLffA3ziCCs5tJeSacjjA8@mail.kalinowski.com.br> On Qua, 25 Fev 2015, Hardy Flor wrote: > I don't find any indication, that no btrfs for then filesystem for > the path in "mail_attachment_dir" is to be used. but btrfs has a big > problem with hard links in the same directory. According to [0] (and the links in there), this problem has been long solved. [0]http://en.wikipedia.org/wiki/Btrfs#File_system_tree -- Eduardo M KALINOWSKI eduardo at kalinowski.com.br From HFlor at gmx.de Wed Feb 25 12:44:00 2015 From: HFlor at gmx.de (Hardy Flor) Date: Wed, 25 Feb 2015 13:44:00 +0100 Subject: btrfs for mail_attachment_dir In-Reply-To: <20150225121422.Horde.IiLffA3ziCCs5tJeSacjjA8@mail.kalinowski.com.br> References: <20150225121422.Horde.IiLffA3ziCCs5tJeSacjjA8@mail.kalinowski.com.br> Message-ID: <54EDC390.2060006@gmx.de> I have posted this in the German-debian forum: https://debianforum.de/forum/viewtopic.php?f=9&t=154096 The result was that it still does not work. I have the kernel with version 3.13.33 > According to [0] (and the links in there), this problem has been long > solved. > > [0]http://en.wikipedia.org/wiki/Btrfs#File_system_tree > From bobber at kc0dxf.net Wed Feb 25 18:01:20 2015 From: bobber at kc0dxf.net (Bobber) Date: Wed, 25 Feb 2015 12:01:20 -0600 Subject: ACL Error Message-ID: <54EE0DF0.50503@kc0dxf.net> I'm trying to set up global ACLs. I have the following in the config file: > # acl > mail_plugins = acl > > protocol imap { > mail_plugins = $mail_plugins imap_acl > } > > plugin { > # Without global ACLs: > #acl = vfile > > # With global ACL files in /etc/dovecot/dovecot-acls file (v2.2.11+): > #acl = vfile:/etc/dovecot/dovecot-acl > acl = vfile:/usr/local/etc/dovecot/dovecot-acl > } And here is my dovecot-acl: > user=bobber lrwstipekxa > authenticated lr But when I restart dovecot and try to access folders, I get the following errors in the log file: > Error: Global ACL file /usr/local/etc/dovecot/dovecot-acl line 1: > Unknown ID 'lrwstipekxa' Any ideas what's causing this? -- *Bob Wooldridge* Blog: http://kc0dxf.net/blog/ From apm at one.com Wed Feb 25 18:59:20 2015 From: apm at one.com (Peter Mogensen) Date: Wed, 25 Feb 2015 19:59:20 +0100 Subject: Proxying of non "plain" SASL mechnisms. Message-ID: <1424890760.8096.42.camel@one.com> Hi, I understand from earlier discussions that the reason dovecot doesn't support proxying of other SASL mechanisms than those which supply the plaintext password is that in general it would be possible to proxy any SASL mechanism since it might protect against man-in-the-middle attacks (which would prevent proxying). However, that has led to choice between letting users use PLAIN (or equivalent), or to have the proxy access the target hosts by "master" password. Of course, having the plaintext password the proxy could in principle do other challenge/response SASL handshakes with the target backend, but right now only LOGIN and PLAIN is implemented. So I wondered about the rationale for not just forward the SASL handshake. - First, blindly forwardning will not do, since the mech data has to be decoded anyway to do any per/user passdb lookup (to, say, find the target host). But you don't need authentication to actually succeed to do that. You only need AuthZ-id or AuthN-id. - Secondly, the design of the interaction between imap-login processes and the auth-service in general prevent in general to forward multi-handshake SASL mechanisms, since the authentication must be done before the proxying can be started. But it doesn't prevent forwarding of single handshake SASL mechanisms which use SASL-IR. - Thirdly, while it's correct that some SASL mechanisms protect against man-in-the-middle attacks, that doesn't apply for most single-handshake SASL-IR mechanisms unless they do some kind of channel-binding. (like SASL EXTERNAL) For example, the GS2-KRB5 SASL mech would be perfectly forwarded if just the Kerberos ticket doesn't put restrictions on the client IP-address. So, why not just extend the support for proxy authentication forwarding to any single-handskake SASL-IR mechanism, which doesn't use channel-binding? (which includes PLAIN, but also GS2-KRB5, and possibly others). /Peter From honza801 at gmail.com Tue Feb 24 12:43:41 2015 From: honza801 at gmail.com (Jan Krcmar) Date: Tue, 24 Feb 2015 13:43:41 +0100 Subject: New maildir default permissions Message-ID: hi, i'm trying to configure dovecot to create maildir directories of new users with specific permissions. i'm ending with this dovecot: auth: Debug: sql(blabla,::1,): query: SELECT data_user.username, data_user.password, 500 AS userdb_uid, 500 AS userdb_gid, 500 as mail_access_groups, 750 as mode, '/var/mail/' AS userdb_home, concat('maildir:/var/mail/', data_ldap.maildir) AS userdb_mail, concat('*:bytes=', data_ldap.quota) AS userdb_quota_rule FROM data_user LEFT JOIN data_ldap ON data_user.ldap_id=data_ldap.id WHERE lower(username) = 'blabla' AND active=true dovecot: auth: Debug: client passdb out: OK#0111#011user=blabla#011mail_access_groups=500#011mode=750 dovecot: auth: Debug: master in: REQUEST#0111075576833#0115939#0111#. dovecot: auth: Debug: prefetch(blabla,::1,): success dovecot: auth: Debug: master userdb out: USER#0111075576833#011blabla#011uid=500#011gid=500#011home=/var/mail/#011mail=maildir:/var/mail/b/blabla#011quota_rule=*:bytes=100M dovecot: imap-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=5940, secured, session= dovecot: imap: Debug: Loading modules from directory: /usr/lib/dovecot/modules dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so dovecot: imap: Debug: Added userdb setting: mail=maildir:/var/mail/b/blabla dovecot: imap: Debug: Added userdb setting: plugin/quota_rule=*:bytes=100M dovecot: imap(blabla): Debug: Effective uid=500, gid=500, home=/var/mail/ dovecot: imap(blabla): Debug: Quota root: name=User quota backend=maildir args= dovecot: imap(blabla): Debug: Quota rule: root=User quota mailbox=* bytes=104857600 messages=0 dovecot: imap(blabla): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/mail/b/blabla dovecot: imap(blabla): Debug: maildir++: root=/var/mail/b/blabla, index=, control=, inbox=/var/mail/b/blabla, alt= dovecot: imap(blabla): Debug: Namespace : /var/mail/b/blabla doesn't exist yet, using default permissions dovecot: imap(blabla): Debug: Namespace : Using permissions from /var/mail/b/blabla: mode=0700 gid=-1 could anyone tell me, how to set the default permissions? it uses mode=700, and i need mode=750 instead i'm using dovecot 2.1.17 thanks fous From yodaslack at stacksoft.ru Wed Feb 25 09:10:16 2015 From: yodaslack at stacksoft.ru (Anton Chevychalov) Date: Wed, 25 Feb 2015 12:10:16 +0300 Subject: dsync backup touch source index files. Message-ID: <20150225121016.37f81b80@tahmasib.office.stacksoft.ru> Hi everyone, Can someone explain me why dsync need read-write access to source box when pulling data (dsync -R backup)? I am working on migration from Dovecot 1.x with maildir to latest Dovecot 2.2.15 with mdbox and found that there is no way to do this from ro filesystem (got "failed: Read-only file system" on access to /dovecot.index.log). I am wondering is it bug or feature? I am not sure that this is save to allow dsync v2.2.15 to have write access to v1.x indexes. -- Anton Chevychalov From tcstone at caseystone.com Wed Feb 25 20:50:21 2015 From: tcstone at caseystone.com (Casey Stone) Date: Wed, 25 Feb 2015 20:50:21 +0000 Subject: dsync backup touch source index files. In-Reply-To: <20150225121016.37f81b80@tahmasib.office.stacksoft.ru> References: <20150225121016.37f81b80@tahmasib.office.stacksoft.ru> Message-ID: I don't know the answer to your question, but in case you don't get a suitable answer from someone better qualified than me, you might try having dovadm pull the data my making an imap connection to the older server like: doveadm -o imapc_features=fetch-headers -o mail_prefetch_count=20 -o imapc_port=993 -o imapc_ssl=imaps -o imapc_ssl_verify=no -o mail_fsync=never -o imapc_host=mail.example.com -o imapc_user=mailuser at exmple.com -o imapc_password=123456 backup -R imapc: From tcstone at caseystone.com Wed Feb 25 20:53:26 2015 From: tcstone at caseystone.com (Casey Stone) Date: Wed, 25 Feb 2015 20:53:26 +0000 Subject: Mail migration / dsync In-Reply-To: <54EC7F9D.3070100@alva-group.com> References: <54EC7F9D.3070100@alva-group.com> Message-ID: I'm not an expert, but I just gave a similar answer to someone else in a similar situation (significantly older dovecot version on old server) and I suggest trying to use doveadm backup on the new server to pull the mail from the old server via IMAP like: doveadm -o imapc_features=fetch-headers -o mail_prefetch_count=20 -o imapc_port=993 -o imapc_ssl=imaps -o imapc_ssl_verify=no -o mail_fsync=never -o imapc_host=mail.example.com -o imapc_user=mailuser at exmple.com -o imapc_password=123456 backup -R imapc: From mail at marc-stuermer.de Wed Feb 25 22:50:55 2015 From: mail at marc-stuermer.de (=?UTF-8?B?TWFyYyBTdMO8cm1lcg==?=) Date: Wed, 25 Feb 2015 23:50:55 +0100 Subject: btrfs for mail_attachment_dir In-Reply-To: <54EDB109.4070708@gmx.de> References: <54EDB109.4070708@gmx.de> Message-ID: <54EE51CF.7030902@marc-stuermer.de> Am 25.02.2015 um 12:24 schrieb Hardy Flor: > I don't find any indication, that no btrfs for then filesystem for the > path in "mail_attachment_dir" is to be used. but btrfs has a big problem > with hard links in the same directory. > Nuisance is the only deal with a different file system? Btrfs is still nowhere near production ready in 2015. If you want to run a server, which should be reliable, use ext4 oder maybe XFS instead. Or ZFS, if you need a COW. If you are feeling adventurous, then use btrfs. From ac at stacksoft.ru Thu Feb 26 08:39:51 2015 From: ac at stacksoft.ru (Anton Chevychalov) Date: Thu, 26 Feb 2015 11:39:51 +0300 Subject: dsync backup touch source index files. In-Reply-To: References: <20150225121016.37f81b80@tahmasib.office.stacksoft.ru> Message-ID: <192b4855863f8f4672f417419979d75b@stacksoft.ru> Thanks for answer. I know about that way, but that too slow compared to direct fs way. I think to make file system snapshot to be sure that I broke nothing. But all this looks like a bug for me. Casey Stone ????? 25-02-2015 23:50: > I don't know the answer to your question, but in case you don't get a > suitable answer from someone better qualified than me, you might try > having dovadm pull the data my making an imap connection to the older > server like: > > doveadm -o imapc_features=fetch-headers -o mail_prefetch_count=20 -o > imapc_port=993 -o imapc_ssl=imaps -o imapc_ssl_verify=no -o > mail_fsync=never -o imapc_host=mail.example.com -o > imapc_user=mailuser at exmple.com -o imapc_password=123456 backup -R > imapc: From paolo.cravero at csi.it Thu Feb 26 13:47:50 2015 From: paolo.cravero at csi.it (Paolo Cravero) Date: Thu, 26 Feb 2015 14:47:50 +0100 (CET) Subject: mdbox + sis + altstorage: error in attachments-connector (file not found) Message-ID: <497560866.683122.1424958471075.JavaMail.open-xchange@comunica.csi.it> Hello, first time here. I am playing with Dovecot because of its mdbox storage, SIS feature and altstorage ability. I authenticate against LDAP (passdb), but I don't fetch operational data from LDAP (mail_locations are static from config files and "user_attrs = =uid=500, =gid=500, =home=/maildata1/home/%d/%1n/%n"). On a daily basis I run "doveadm altmove -A savedbefore 5d" Thunderbird apparently works 100%, but only apparently. When accessing one of those mailboxes through Open-Xchange IMAP I got an error for the first time. Then I could reproduce it with Thunderbird as well, I simply had to open the message mentioned in the log: Feb 26 14:06:02 tst-msg03 dovecot: imap(paolo.cravero at csi.it): Error: read(attachments-connector(/maildata1/altstorage/csi.it/p/paolo.cravero/storage/m.35)) failed: read(/maildata1/attachments/40/68/40683f07fcbf1f95f09b273e472b3c7067f43210641baf6e3cce333a27b36e11-4a235a29fd05db54fd6800001117ea21[base64:19 b/l]) failed: open(/maildata1/attachments/40/68/40683f07fcbf1f95f09b273e472b3c7067f43210641baf6e3cce333a27b36e11-4a235a29fd05db54fd6800001117ea21) failed: No such file or directory (uid=5940, box=INBOX) Feb 26 14:06:02 tst-msg03 dovecot: imap(paolo.cravero at csi.it): Error: read(attachments-connector(/maildata1/altstorage/csi.it/p/paolo.cravero/storage/m.35)) failed: read(/maildata1/attachments/40/68/40683f07fcbf1f95f09b273e472b3c7067f43210641baf6e3cce333a27b36e11-4a235a29fd05db54fd6800001117ea21[base64:19 b/l]) failed: open(/maildata1/attachments/40/68/40683f07fcbf1f95f09b273e472b3c7067f43210641baf6e3cce333a27b36e11-4a235a29fd05db54fd6800001117ea21) failed: No such file or directory (uid=5940, box=INBOX) Feb 26 14:06:02 tst-msg03 dovecot: imap(paolo.cravero at csi.it): Disconnected: Internal error occurred. Refer to server log for more information. [2015-02-26 14:06:02] in=182 out=1266 This happens on many messages sitting in the altstorage that had an attachment. The detached attachment file does not exist. Sometimes not even the path is there (anymore?). At some point in time I have run "doveadm purge" on the mailbox in error, but I am not sure that is the culprit. Have I hit a bug or done something wrong? Please suggest tests to verify where I stand. Config dump follows. Paolo # 2.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.5 (Santiago) ext3 auth_mechanisms = plain login disable_plaintext_auth = no imap_client_workarounds = tb-extra-mailbox-sep lmtp_save_to_detail_mailbox = yes mail_attachment_dir = /maildata1/attachments mail_attachment_hash = %{sha256} mail_debug = yes mail_gid = 500 mail_location = mdbox:/maildata1/main/%d/%1n/%n:ALT=/maildata1/altstorage/%d/%1n/%n:INDEX=/maildata1/indexes/%d/%1n/%n mail_plugins = quota mail_log notify lazy_expunge mail_uid = 500 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate mbox_write_locks = fcntl mdbox_rotate_size = 50 M namespace { hidden = no list = yes location = mdbox:/maildata1/main/%d/%1n/%n:INDEX=/maildata1/indexes/%d/%1n/%n:MAILBOXDIR=expunged prefix = .EXPUNGED/ subscriptions = no } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { lazy_expunge = .EXPUNGED/ mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append mail_log_fields = uid box msgid size flags vsize quota = dict:User quota::file:%h/dovecot-quota quota_grace = 10%% quota_rule = *:storage=10G quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { group = vmail user = vmail } } service lmtp { inet_listener lmtp { address = 10.102.42.114 port = 24 } process_min_avail = 2 user = vmail } ssl_cert = Getting some errors like: Feb 26 12:19:43 bubba dovecot: imap(dmiller at amfes.com): Error: read(attachments-connector(/var/mail/amfes.com/dmiller/mdbox/storage/m.7089)) failed: read(/var/mail/attachments/f6/f4/f6f4f3b882bf3488af632389d4aaba8adc332b12-60ab750a1aa4b554da1600009db5accb[base64:18 b/l]) failed: open(/var/mail/attachments/f6/f4/f6f4f3b882bf3488af632389d4aaba8adc332b12-60ab750a1aa4b554da1600009db5accb) failed: No such file or directory (uid=19555, box=Sent) Feb 26 12:19:43 bubba dovecot: imap(dmiller at amfes.com): Disconnected: Internal error occurred. Refer to server log for more information. [2015-02-26 12:19:43] in=159 out=1003 Browsing to the ../attachments/f6/f4 folder, I find no files but a "hashes" folder, which has a f6f4f3b882bf3488af632389d4aaba8adc332b12 file of size that feels appropriate for the expected PDF attachment. -- Daniel From jean-francois.senechal at ac.marche.be Fri Feb 27 13:52:08 2015 From: jean-francois.senechal at ac.marche.be (=?UTF-8?B?SmVhbi1GcmFuw6dvaXMgU8OpbsOpY2hhbA==?=) Date: Fri, 27 Feb 2015 14:52:08 +0100 Subject: postfix ldap unknown user Message-ID: <54F07688.20603@ac.marche.be> Hi, My config dovecot 2.2.13 Postfix 2.9.6 Debian wheezy When I send a message to my user test (siroco) postfix said unknown user But the user exist : doveadm user siroco : field value uid 3002 gid 2000 home /var/spool/dovecot/mail/s/siroco mail maildir:~/Maildir:LAYOUT=fs postmap -vq siroco ldap:/etc/postfix/ldap_virtual_aliases.cf return siroco 2 questions : postfix search with siroco or with siroco at citoyens2015.marche.be ? postmap must return siroco or siroco at citoyen2015.marche.be ? And I don't know if I set for alias_maps, virtual_mailbox_maps, virtual_alias_maps ? My postconf alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-citoyen.cf append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = 172.17.1.232, 127.0.0.1 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, localhost mydomain = marche.be myhostname = citoyen2015.marche.be mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = gatekeeper.marche.be smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_aliases.cf virtual_mailbox_domains = hash:/etc/postfix/virtual_domains virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_recipients.cf virtual_transport = dovecot My ldap_virtual_recipients.cf (same in ldap-citoyen.cf and in ldap_virtual_aliases.cf) server_host = ldap.marche.be search_base = ou=Users,ou=Citoyens,dc=marche,dc=be scope = sub bind = no version = 3 #query_filter = (&(|(mail=%s)(gosaMailAlternateAddress=%s))(objectClass=gosaMailAccount)) query_filter = (|(gosaMailAlternateAddress=%s)(mail=%s)(uid=%s)) #result_attribute = uid result_attribute = gosaMailForwardingAddress *Error log * Feb 27 14:16:13 citoyen2015 postfix/trivial-rewrite[4917]: warning: do not list domain citoyen2015.marche.be in BOTH mydestination and virtual_mailbox_domains Feb 27 14:16:13 citoyen2015 postfix/local[4919]: E8C3920A: to=, relay=local, delay=0.23, delays=0.13/0.01/0/0.1, dsn=5.1.1, status=bounced (unknown user: "siroco") Feb 27 14:16:13 citoyen2015 postfix/cleanup[4918]: 2C28A20C: message-id=<20150227131613.2C28A20C at citoyen2015.marche.be> Thanks -- logomarche Jean-Fran?ois S?n?chal Centre de Support T?l?matique Webmaster Rue des Carmes, 22 6900 Marche-en-Famenne T?l: 084/32 70 55 - Fax: 084/32 70 72 jean-francois.senechal at ac.marche.be Retrouvez-nous sur www.marche.be et sur logofacebook Disclaimer | SVP, pensez ? notre environnement avant d'imprimer ce mail -------------- next part -------------- A non-text attachment was scrubbed... Name: marche.jpg Type: image/jpeg Size: 6845 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: share-button.png Type: image/png Size: 4419 bytes Desc: not available URL: From jean-francois.senechal at ac.marche.be Fri Feb 27 14:06:27 2015 From: jean-francois.senechal at ac.marche.be (=?UTF-8?B?SmVhbi1GcmFuw6dvaXMgU8OpbsOpY2hhbA==?=) Date: Fri, 27 Feb 2015 15:06:27 +0100 Subject: postfix ldap unknown user Message-ID: <54F079E3.6030202@ac.marche.be> Hi, My config dovecot 2.2.13 Postfix 2.9.6 Debian wheezy When I send a message to my user test (siroco) postfix said unknown user But the user exist : doveadm user siroco : field value uid 3002 gid 2000 home /var/spool/dovecot/mail/s/siroco mail maildir:~/Maildir:LAYOUT=fs postmap -vq siroco ldap:/etc/postfix/ldap_virtual_aliases.cf return siroco 2 questions : postfix search with siroco or with siroco at citoyens2015.marche.be ? postmap must return siroco or siroco at citoyen2015.marche.be ? And I don't know if I set for alias_maps, virtual_mailbox_maps, virtual_alias_maps ? My postconf alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-citoyen.cf append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = 172.17.1.232, 127.0.0.1 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, localhost mydomain = marche.be myhostname = citoyen2015.marche.be mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = gatekeeper.marche.be smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_aliases.cf virtual_mailbox_domains = hash:/etc/postfix/virtual_domains virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_recipients.cf virtual_transport = dovecot My ldap_virtual_recipients.cf (same in ldap-citoyen.cf and in ldap_virtual_aliases.cf) server_host = ldap.marche.be search_base = ou=Users,ou=Citoyens,dc=marche,dc=be scope = sub bind = no version = 3 #query_filter = (&(|(mail=%s)(gosaMailAlternateAddress=%s))(objectClass=gosaMailAccount)) query_filter = (|(gosaMailAlternateAddress=%s)(mail=%s)(uid=%s)) #result_attribute = uid result_attribute = gosaMailForwardingAddress *Error log * Feb 27 14:16:13 citoyen2015 postfix/trivial-rewrite[4917]: warning: do not list domain citoyen2015.marche.be in BOTH mydestination and virtual_mailbox_domains Feb 27 14:16:13 citoyen2015 postfix/local[4919]: E8C3920A: to=, relay=local, delay=0.23, delays=0.13/0.01/0/0.1, dsn=5.1.1, status=bounced (unknown user: "siroco") Feb 27 14:16:13 citoyen2015 postfix/cleanup[4918]: 2C28A20C: message-id=<20150227131613.2C28A20C at citoyen2015.marche.be> Thanks From mihai at badici.ro Fri Feb 27 14:11:44 2015 From: mihai at badici.ro (Mihai Badici) Date: Fri, 27 Feb 2015 16:11:44 +0200 Subject: postfix ldap unknown user In-Reply-To: <54F079E3.6030202@ac.marche.be> References: <54F079E3.6030202@ac.marche.be> Message-ID: <5529072.tutVYfD9BM@arhivio> On Friday 27 February 2015 15:06:27 Jean-Fran?ois S?n?chal wrote: > Hi, > > My config dovecot 2.2.13 Postfix 2.9.6 Debian wheezy > > When I send a message to my user test (siroco) postfix said unknown user > > But the user exist : > > doveadm user siroco : > field value > uid 3002 > gid 2000 > home /var/spool/dovecot/mail/s/siroco > mail maildir:~/Maildir:LAYOUT=fs > > postmap -vq siroco ldap:/etc/postfix/ldap_virtual_aliases.cf > return siroco 1. it search exactly your query (siroco) 2. the final destination is virtual_mailbox_maps > > 2 questions : > > postfix search with siroco or with siroco at citoyens2015.marche.be ? > > postmap must return siroco or siroco at citoyen2015.marche.be ? > > And I don't know if I set for alias_maps, virtual_mailbox_maps, > virtual_alias_maps ? > > My postconf > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-citoyen.cf > append_dot_mydomain = no > biff = no > config_directory = /etc/postfix > inet_interfaces = 172.17.1.232, 127.0.0.1 > mailbox_command = procmail -a "$EXTENSION" > mailbox_size_limit = 0 > mydestination = $myhostname, localhost.$mydomain, localhost If you list citoyen2015.marche,be in virtual domains map you should remove $myhostname here > mydomain = marche.be > myhostname = citoyen2015.marche.be > mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 > myorigin = /etc/mailname > readme_directory = no > recipient_delimiter = + > relayhost = gatekeeper.marche.be > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) > virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_aliases.cf > virtual_mailbox_domains = hash:/etc/postfix/virtual_domains > virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_recipients.cf > virtual_transport = dovecot > > > My ldap_virtual_recipients.cf (same in ldap-citoyen.cf and in > ldap_virtual_aliases.cf) > > server_host = ldap.marche.be > search_base = ou=Users,ou=Citoyens,dc=marche,dc=be > scope = sub > bind = no > version = 3 > > #query_filter = > (&(|(mail=%s)(gosaMailAlternateAddress=%s))(objectClass=gosaMailAccount)) > query_filter = (|(gosaMailAlternateAddress=%s)(mail=%s)(uid=%s)) > #result_attribute = uid > result_attribute = gosaMailForwardingAddress > > > *Error log * > > Feb 27 14:16:13 citoyen2015 postfix/trivial-rewrite[4917]: warning: do > not list domain citoyen2015.marche.be in BOTH mydestination and > virtual_mailbox_domains > Feb 27 14:16:13 citoyen2015 postfix/local[4919]: E8C3920A: > to=, relay=local, delay=0.23, > delays=0.13/0.01/0/0.1, dsn=5.1.1, status=bounced (unknown user: "siroco") > Feb 27 14:16:13 citoyen2015 postfix/cleanup[4918]: 2C28A20C: > message-id=<20150227131613.2C28A20C at citoyen2015.marche.be> > > Thanks -- Mihai B?dici http://mihai.badici.ro From karol at babioch.de Fri Feb 27 14:30:04 2015 From: karol at babioch.de (Karol Babioch) Date: Fri, 27 Feb 2015 15:30:04 +0100 Subject: Require certificate for external clients Message-ID: <54F07F6C.6050008@babioch.de> Hi list, I'm currently looking into ways of making use of client certificates. I want to force external clients (i.e. anything outside the local subnet) to use client certificates. It is my understanding that this in itself can be achieved with the "ssl_require_client_cert" setting. However, I also want local clients (i.e. anything from a specific subnet) to be able to authenticate by the usual means (i.e. password-based). As far as I know dovecot is not able to operate on multiple ports, as stated in the FAQ [1]. The redirect approach, which is also mentioned there, is of no help to me, because in my case I would need a different setup on both ports. Other suggestions [2] won't work in my case either. I probably could get away with using "imaps" for external clients, while using "imap" (without SSL) for internal ones. Having said this, I don't quite like the idea, especially since the traffic might pass through some potentially unsecure networks and I don't want to bother with VPN/SSH tunnels for that purpose. A native SSL/TLS solution would be very much appreciated. Is there a (recommended) way to do this? Thanks in advance. Best regards, Karol Babioch [1]: http://wiki.dovecot.org/QuestionsAndAnswers#Is_it_possible_to_have_Dovecot_imap.2BAC8-pop_daemons_listening_on_multiple_ports.3F [2]: http://www.dovecot.org/list/dovecot/2010-November/054804.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rick at havokmon.com Fri Feb 27 14:37:05 2015 From: rick at havokmon.com (Rick Romero) Date: Fri, 27 Feb 2015 08:37:05 -0600 Subject: Require certificate for external clients In-Reply-To: <54F07F6C.6050008@babioch.de> Message-ID: <20150227083705.Horde.eowBGOnIkNJKPSMa4q9FzA8@www.vfemail.net> Quoting Karol Babioch : > Hi list, > > I'm currently looking into ways of making use of client certificates. I > want to force external clients (i.e. anything outside the local subnet) > to use client certificates. It is my understanding that this in itself > can be achieved with the "ssl_require_client_cert" setting. > > However, I also want local clients (i.e. anything from a specific > subnet) to be able to authenticate by the usual means (i.e. > password-based). How about a second front-end? One dovecot-proxy for external users that requires certs, the other is the 'real' machine accessible directly only for internal users. Rick From andreas.kasenides at cs.ucy.ac.cy Fri Feb 27 14:42:36 2015 From: andreas.kasenides at cs.ucy.ac.cy (Andreas Kasenides) Date: Fri, 27 Feb 2015 16:42:36 +0200 Subject: users of dbox format Message-ID: <54F0825C.3040701@cs.ucy.ac.cy> I am interested in finding out your experiences with using the dbox format (especially mdbox) if you use this format. I am contemplating changing my maildir setup to mdbox but I still need to make a case for it against maildir which has become a de-facto standard and provides sort of a secure basis in case of software changes. Your input will be appreciated. -- Andreas Kasenides Senior IT Officer Dept. of Computer Science, University of Cyprus Tel: 22892714, Fax: 22892701 (5B4ANK) From david.scheele2 at googlemail.com Fri Feb 27 14:46:37 2015 From: david.scheele2 at googlemail.com (David Scheele) Date: Fri, 27 Feb 2015 15:46:37 +0100 Subject: Dovecot & LDAP Take #2: Authentication failed and logging Message-ID: Hi there, after banging my head against a wall for a bit I got more indepth with dovecot and am now much more knowledgeable about the system than before. But I still have two problems: 1.) For some reason my dovecot doesnt log correctly. I put debug_log to -1 and expected to see logs flooding in in my syslog. When I try to log in via telnet over imap and the login succeeds it loggs correctly. But when it fails there is no log entry. Any clue what might cause this? And now the big fish: 2.) Still hanging to log a user in over telnet via imap. I'm pretty sure i have misconfigured something. first of all: 2a.) Is the *passdb* and *userdb* ind the dovecot.conf still needed in the newest version? It appears to me that all authing runs over the *10-auth.conf*, *auth-ldap.conf.ext* and *dovecot-ldap.conf.ext *and the passdb and userdb settings might just be remnants of the past? or am i wrong here? 2b.) This is my config: *# 2.1.7: /etc/dovecot/dovecot.conf# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 ext4auth_mechanisms = plain logindefault_login_user = vmaildisable_plaintext_auth = nofirst_valid_gid = 2222first_valid_uid = 2222listen = *mail_access_groups = vmailmail_debug = yesmail_location = maildir:/var/vmail/%d/%npassdb { args = scheme=SHA1 /etc/dovecot/passwd driver = passwd-file}protocols = imapservice auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root}service imap-login { process_min_avail = 1 user = vmail}ssl = nouserdb { args = uid=2222 gid=2222 home=/var/vmail/%d/%n allow_all_users=yes driver = static}* *hosts = [ hostname].[domainname].dedebug_level = -1auth_bind = yesauth_bind_userdn = cn=%u,ou=People,dc=**[domainname]* *,dc=debase = ou=People,dc=[domainname],dc=deuser_attrs = uidNumber=uiduser_filter = (&(objectClass=inetOrgPerson)(uid=%u))pass_attrs = uid=user,userPassword=passwordpass_filter = (&(objectClass=inetOrgPerson)(uid=%u))iterate_attrs = uid=useriterate_filter = (objectClass=inetOrgPerson)* The user I try to log in with is: *cn=Klara Fall,ou=People,dc=[domainname],dc=de* *objectclasses: inetOrgPerson, organizationalPerson, person, simpleSecurityObject,top* *sn=Fall* *userPassword is set* *mail: klara.fall@[domainname].de* *uid: klarafall* I want to try with auth bind because I think i understood whats going on with that. When i try to a login klarafall [password] it gives me a NO [AUTHENTICATIONFAILED] Authentication failed. Any clues? This would be much easier with logging... but see 1.) :) I feel I'm not far from the finish line. Best, David From skdovecot at smail.inf.fh-brs.de Fri Feb 27 14:56:13 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 27 Feb 2015 15:56:13 +0100 (CET) Subject: Dovecot & LDAP Take #2: Authentication failed and logging In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 27 Feb 2015, David Scheele wrote: > But I still have two problems: > > 1.) For some reason my dovecot doesnt log correctly. I put debug_log to -1 ? http://wiki2.dovecot.org/Logging?highlight=%28debug_log%29 > and expected to see logs flooding in in my syslog. When I try to log in via > telnet over imap and the login succeeds it loggs correctly. But when it > fails there is no log entry. Any clue what might cause this? > > And now the big fish: > > 2.) Still hanging to log a user in over telnet via imap. I'm pretty sure i > have misconfigured something. first of all: > > 2a.) Is the *passdb* and *userdb* ind the dovecot.conf still needed in the > newest version? It appears to me that all authing runs over the > *10-auth.conf*, *auth-ldap.conf.ext* and *dovecot-ldap.conf.ext *and the > passdb and userdb settings might just be remnants of the past? or am i > wrong here? Did you've consulted the Wiki? http://wiki2.dovecot.org/Authentication - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVPCFjXz1H7kL/d9rAQLdVgf+MD2W8tx2DgsVy7vXQqcywaOWbGXPdW1o psRQDaSWf8IlSOZOeYNC0k3AbGSPbb70pYibGDeFo5W8wIdsEyTizEmvZOmKRTnC Bf6Q3hFPOQ9TUrcGVKwyA5lbR4UkMwLLOUcj1PvFwJ4d3iGx0Rqc4xMFPv79oXDq H5fiXxDjlJlFcqdE4Z3XedzEUDmTjYihGCr+2Zsa/wKjrEM2PYZn+SZEsv+AZZgL LcnH2eqVt6CaN44H12H9auvC2KLbVXAPCGHlwnmD1IXfXfK1IsDkH3yzsSPYxtQn tv0Ps7mSig/8MJrP+17kl42q0P7YsMYFqzlSUK9u/Dkwx7NoMeZd4Q== =o5Xt -----END PGP SIGNATURE----- From david.scheele2 at googlemail.com Fri Feb 27 14:58:16 2015 From: david.scheele2 at googlemail.com (David Scheele) Date: Fri, 27 Feb 2015 15:58:16 +0100 Subject: Dovecot & LDAP Take #2: Authentication failed and logging In-Reply-To: References: Message-ID: Thanks for the reply. I did indeed consult the wiki. But most of the time it seems some information is old and/or more confusing then helping. But I'll take another look. 2015-02-27 15:56 GMT+01:00 Steffen Kaiser : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 27 Feb 2015, David Scheele wrote: > >> But I still have two problems: >> >> 1.) For some reason my dovecot doesnt log correctly. I put debug_log to -1 >> > > ? http://wiki2.dovecot.org/Logging?highlight=%28debug_log%29 > > and expected to see logs flooding in in my syslog. When I try to log in >> via >> telnet over imap and the login succeeds it loggs correctly. But when it >> fails there is no log entry. Any clue what might cause this? >> >> And now the big fish: >> >> 2.) Still hanging to log a user in over telnet via imap. I'm pretty sure i >> have misconfigured something. first of all: >> >> 2a.) Is the *passdb* and *userdb* ind the dovecot.conf still needed in the >> newest version? It appears to me that all authing runs over the >> *10-auth.conf*, *auth-ldap.conf.ext* and *dovecot-ldap.conf.ext *and the >> passdb and userdb settings might just be remnants of the past? or am i >> wrong here? >> > > Did you've consulted the Wiki? > http://wiki2.dovecot.org/Authentication > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVPCFjXz1H7kL/d9rAQLdVgf+MD2W8tx2DgsVy7vXQqcywaOWbGXPdW1o > psRQDaSWf8IlSOZOeYNC0k3AbGSPbb70pYibGDeFo5W8wIdsEyTizEmvZOmKRTnC > Bf6Q3hFPOQ9TUrcGVKwyA5lbR4UkMwLLOUcj1PvFwJ4d3iGx0Rqc4xMFPv79oXDq > H5fiXxDjlJlFcqdE4Z3XedzEUDmTjYihGCr+2Zsa/wKjrEM2PYZn+SZEsv+AZZgL > LcnH2eqVt6CaN44H12H9auvC2KLbVXAPCGHlwnmD1IXfXfK1IsDkH3yzsSPYxtQn > tv0Ps7mSig/8MJrP+17kl42q0P7YsMYFqzlSUK9u/Dkwx7NoMeZd4Q== > =o5Xt > -----END PGP SIGNATURE----- > From paolo.cravero at csi.it Fri Feb 27 15:00:59 2015 From: paolo.cravero at csi.it (Paolo Cravero) Date: Fri, 27 Feb 2015 16:00:59 +0100 (CET) Subject: Dovecot & LDAP Take #2: Authentication failed and logging Message-ID: <624736716.726284.1425049259608.JavaMail.open-xchange@comunica.csi.it> This is the user DN: > cn=Klara Fall,ou=People,dc=[domainname],dc=de According to your Dovecot configuration > auth_bind_userdn = cn=%u,ou=People,dc=**[domainname]**,dc=de if you login with "klarafall" it will be expanded into cn=klarafall,ou=People,dc=[domainname],dc=de which is not the correct DN for Mrs Klara. So if you login with "Klara Fall" it should work, but that will probably mess up the things on Dovecot filesystem. I am strongly against setting a static DN when dealing with LDAP authentication. LDAP servers are optimized to serve search requests, so let yours do the job. Allow Dovecot to lookup the correct DN based on the attribute you supply (uid) and then authenticate. This should be achieved if you comment out the auth_bind_userdn line. Paolo Cravero From paolo.cravero at csi.it Fri Feb 27 15:14:13 2015 From: paolo.cravero at csi.it (Paolo Cravero) Date: Fri, 27 Feb 2015 16:14:13 +0100 (CET) Subject: users of dbox format In-Reply-To: <54F0825C.3040701@cs.ucy.ac.cy> References: <54F0825C.3040701@cs.ucy.ac.cy> Message-ID: <663781955.727183.1425050053461.JavaMail.open-xchange@comunica.csi.it> Andreas, > I am interested in finding out your experiences with using the dbox > format (especially mdbox) if you use this format. mdbox is THE reason why I am trying Dovecot. With mailboxes of several (tens of) GB with several k of messages I hope mdbox will speedup backups. Also SIS for attachments sounds very good, but still doesn't follow the altstorage rules (while messages go to altstorage, the extracted attachment stays in the SIS partition). > I am contemplating changing my maildir setup to mdbox but I still need > to make a case for it My current interest is to keep live mailbox data in Maildir format and "archive" in the altstorage in mdbox after 30 days or so. I will experiment that configuration next week. Nevertheless I am still puzzled by the lost data I got yesterday in my mdbox+SIS+altstorage combination (see my message and the one from Daniel Miller). I am also interested to hear real life stories. 73 Paolo Cravero From HFlor at gmx.de Fri Feb 27 17:18:02 2015 From: HFlor at gmx.de (Hardy Flor) Date: Fri, 27 Feb 2015 18:18:02 +0100 Subject: mdbox attachment errors In-Reply-To: References: Message-ID: <54F0A6CA.6020806@gmx.de> copy file "f6f4f3b882bf3488af632389d4aaba8adc332b12" from backup to "/var/mail/attachments/f6/f4/hashes/f6f4f3b882bf3488af632389d4aaba8adc332b12" and create hardlink to "/var/mail/attachments/f6/f4/f6f4f3b882bf3488af632389d4aaba8adc332b12-60ab750a1aa4b554da1600009db5accb" Am 26.02.2015 um 21:17 schrieb Daniel Miller: > Getting some errors like: > > Feb 26 12:19:43 bubba dovecot: imap(dmiller at amfes.com): Error: > read(attachments-connector(/var/mail/amfes.com/dmiller/mdbox/storage/m.7089)) > failed: > read(/var/mail/attachments/f6/f4/f6f4f3b882bf3488af632389d4aaba8adc332b12-60ab750a1aa4b554da1600009db5accb[base64:18 > b/l]) failed: > open(/var/mail/attachments/f6/f4/f6f4f3b882bf3488af632389d4aaba8adc332b12-60ab750a1aa4b554da1600009db5accb) > failed: No such file or directory (uid=19555, box=Sent) > Feb 26 12:19:43 bubba dovecot: imap(dmiller at amfes.com): Disconnected: > Internal error occurred. Refer to server log for more information. > [2015-02-26 12:19:43] in=159 out=1003 > > Browsing to the ../attachments/f6/f4 folder, I find no files but a > "hashes" folder, which has a f6f4f3b882bf3488af632389d4aaba8adc332b12 > file of size that feels appropriate for the expected PDF attachment. > From tim.jones at fon.com Fri Feb 27 17:47:57 2015 From: tim.jones at fon.com (Tim Jones) Date: Fri, 27 Feb 2015 18:47:57 +0100 Subject: userdb passwd-file default_fields uid not expanding %variable Message-ID: Hi all, I'm trying to set up a very simple shared mail server, where each 'domain' is a system user, i.e. 'example.com' is a real user with /home/example.com/, a uid of 5001 (and gid 'example.com' of 5001). Each domain\user has their own maildir inside their home, and a plain passwd-file with the virtual mail users associated with that domain. Version & config info: > # dovecot -n > # 2.2.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 > auth_mechanisms = plain login > auth_verbose = yes > disable_plaintext_auth = no > mail_location = mbox:~/mail:INBOX=/var/mail/%u > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = username_format=%n /home/%d/mail_users > driver = passwd-file > } > protocols = " imap lmtp pop3" > ssl = no > userdb { > args = username_format=%n /home/%d/mail_users > default_fields = uid=%d gid=%d home=/home/%d/mail/%n > mail=maildir:/home/%d/mail/%n > driver = passwd-file > } Every time I try to authenticate via imap, I get the error > dovecot: auth: Fatal: passwd-file userdb: Invalid uid: > %d > If I put fixed a uid and gid in the userdb default_fields line: > default_fields = uid=example.com gid=example.com home=/home/%d/mail/%n > mail=maildir:/home/%d/mail/%n authentication passes without a problem, but of course, only for users of example.com. Checking the wiki (http://wiki2.dovecot.org/UserDatabase#Userdb_settings) clearly states that the default_fields values support %variables, so I'm not sure if I'm missing some other config required for this to work. Many thanks in advance, [image: Fon] Tim JonesSoftware Development+34 612345678 C/ Quintanavides 15, Edificio 2, Planta 1? Parque Empresarial V?a Norte de Metrovacesa Las Tablas 28050 MadridSkype: tim.jones.fonAll information in this email is confidential From tim.jones at fon.com Fri Feb 27 18:20:31 2015 From: tim.jones at fon.com (Tim Jones) Date: Fri, 27 Feb 2015 19:20:31 +0100 Subject: userdb passwd-file default_fields uid not expanding %variable Message-ID: Hi all, I'm trying to set up a very simple shared mail server, where each 'domain' is a system user, i.e. 'example.com' is a real user with /home/example.com/, a uid of 5001 (and gid 'example.com' of 5001). Each domain\user has their own maildir inside their home, and a plain passwd-file with the virtual mail users associated with that domain. Version & config info: # dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = username_format=%n /home/%d/mail_users driver = passwd-file } protocols = " imap lmtp pop3" ssl = no userdb { args = username_format=%n /home/%d/mail_users default_fields = uid=%d gid=%d home=/home/%d/mail/%n mail=maildir:/home/%d/mail/%n driver = passwd-file } Every time I try to authenticate via imap, I get the error > dovecot: auth: Fatal: passwd-file userdb: Invalid uid: %d If I put fixed a uid and gid in the userdb default_fields line: > default_fields = uid=example.com gid=example.com home=/home/%d/mail/%n mail=maildir:/home/%d/mail/%n authentication passes without a problem, but of course, only for users of example.com. Checking the wiki (http://wiki2.dovecot.org/UserDatabase#Userdb_settings) clearly states that the default_fields values support %variables, so I'm not sure if I'm missing some other config required for this to work. Many thanks in advance, Tim Jones Software Development +34 612345678 C/ Quintanavides 15, Edificio 2, Planta 1? Parque Empresarial V?a Norte de Metrovacesa Las Tablas 28050 Madrid Skype: tim.jones.fon All information in this email is confidential From tim.jones at fon.com Fri Feb 27 21:24:23 2015 From: tim.jones at fon.com (Tim Jones) Date: Fri, 27 Feb 2015 22:24:23 +0100 Subject: userdb passwd-file default_fields uid not expanding %variable In-Reply-To: References: Message-ID: First, sorry for the double post, not sure how that happened. Secondly, I should add the userdb error happens as soon as any connection attempt is map to the pop3\imap port, before a login command can be sent. Obviously, since no login is started, there will be no username from which to extract the %d domain name variable. So the error makes sense. My problem is that the userdb is being checked upon connection rather than login, is there a way to bypass or disable that. Or maybe a 'failover' userdb to try if the correct one fails. Many thanks, Tim Jones Software Development +34 612345678 C/ Quintanavides 15, Edificio 2, Planta 1? Parque Empresarial V?a Norte de Metrovacesa Las Tablas 28050 Madrid Skype: tim.jones.fon All information in this email is confidential On 27 February 2015 at 19:20, Tim Jones wrote: > Hi all, > > I'm trying to set up a very simple shared mail server, where each > 'domain' is a system user, i.e. 'example.com' is a real user with > /home/example.com/, a uid of 5001 (and gid 'example.com' of 5001). > Each domain\user has their own maildir inside their home, and a plain > passwd-file with the virtual mail users associated with that domain. > > Version & config info: > > # dovecot -n > # 2.2.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 > auth_mechanisms = plain login > auth_verbose = yes > disable_plaintext_auth = no > mail_location = mbox:~/mail:INBOX=/var/mail/%u > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = username_format=%n /home/%d/mail_users > driver = passwd-file > } > protocols = " imap lmtp pop3" > ssl = no > userdb { > args = username_format=%n /home/%d/mail_users > default_fields = uid=%d gid=%d home=/home/%d/mail/%n > mail=maildir:/home/%d/mail/%n > driver = passwd-file > } > > Every time I try to authenticate via imap, I get the error > >> dovecot: auth: Fatal: passwd-file userdb: Invalid uid: %d > > > If I put fixed a uid and gid in the userdb default_fields line: > >> default_fields = uid=example.com gid=example.com home=/home/%d/mail/%n mail=maildir:/home/%d/mail/%n > > authentication passes without a problem, but of course, only for users > of example.com. > > Checking the wiki > (http://wiki2.dovecot.org/UserDatabase#Userdb_settings) clearly states > that the default_fields values support %variables, so I'm not sure if > I'm missing some other config required for this to work. > > Many thanks in advance, > > Tim Jones > Software Development > +34 612345678 > C/ Quintanavides 15, Edificio 2, Planta 1? > Parque Empresarial V?a Norte de Metrovacesa > Las Tablas > 28050 Madrid > Skype: tim.jones.fon > All information in this email is confidential From jtam.home at gmail.com Fri Feb 27 23:28:55 2015 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 27 Feb 2015 15:28:55 -0800 (PST) Subject: Require certificate for external clients In-Reply-To: References: Message-ID: Karol Babioch writes: > As far as I know dovecot is not able to operate on multiple ports, as > stated in the FAQ [1]. > > [1]: > http://wiki.dovecot.org/QuestionsAndAnswers#Is_it_possible_to_have_Dovecot_imap.2BAC8-pop_daemons_listening_on_multiple_ports.3F That should be qualified as "Is it possible to have Dovecot imap/pop daemons listening on multiple ports for a single running instance." You can run two instances of dovecot, each on a different port or multi-homed listening address. You can share libraries, binaries, log files, but use separate configuration files, specifying different ports/addresses/ssl-configs/auth/access parameters. Then you can fire them both up dovecot -c /dovecot/etc/dovecot-1.conf dovecot -c /dovecot/etc/dovecot-2.conf That's the rough sketch of how to do it. Joseph Tam From moiseev at mezonplus.ru Sat Feb 28 06:40:37 2015 From: moiseev at mezonplus.ru (Alexander Moisseev) Date: Sat, 28 Feb 2015 09:40:37 +0300 Subject: users of dbox format In-Reply-To: <54F0825C.3040701@cs.ucy.ac.cy> References: <54F0825C.3040701@cs.ucy.ac.cy> Message-ID: <54F162E5.5000404@mezonplus.ru> 27.02.2015 17:42, Andreas Kasenides ?????: > I am interested in finding out your experiences with using the dbox format (especially mdbox) if you use this format. I am using mdbox+SIS on small production server about 2 months. It works well for me. But I have had some difficulties using doveadm tools in particular situations. Mostly because of some parts of documentation wasn't clear enough for me. > I am contemplating changing my maildir setup to mdbox but I still need to make a case for it > against maildir which has become a de-facto standard and provides sort of a secure basis in case of > software changes. You can convert from mdbox to maildir at any time. Also you can use both formats on the same server simultaneously. -- Alexander From tlx at leuxner.net Sat Feb 28 07:00:29 2015 From: tlx at leuxner.net (Thomas Leuxner) Date: Sat, 28 Feb 2015 08:00:29 +0100 Subject: ACL Error In-Reply-To: <54EE0DF0.50503@kc0dxf.net> References: <54EE0DF0.50503@kc0dxf.net> Message-ID: <20150228070029.GA47338@nihlus.leuxner.net> * Bobber 2015.02.25 19:01: > > acl = vfile:/usr/local/etc/dovecot/dovecot-acl > And here is my dovecot-acl: > > >user=bobber lrwstipekxa > >authenticated lr Global ACLs require a search pattern as described here: http://wiki2.dovecot.org/ACL * user=bobber lrwstipekxa Public/* user=bobber lrwstipekxa Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From moiseev at mezonplus.ru Sat Feb 28 07:01:39 2015 From: moiseev at mezonplus.ru (Alexander Moisseev) Date: Sat, 28 Feb 2015 10:01:39 +0300 Subject: users of dbox format In-Reply-To: <663781955.727183.1425050053461.JavaMail.open-xchange@comunica.csi.it> References: <54F0825C.3040701@cs.ucy.ac.cy> <663781955.727183.1425050053461.JavaMail.open-xchange@comunica.csi.it> Message-ID: <54F167D3.50900@mezonplus.ru> 27.02.2015 18:14, Paolo Cravero ?????: > > mdbox is THE reason why I am trying Dovecot. With mailboxes of several (tens > of) GB with several k of messages I hope mdbox will speedup backups. What backup method are you using? I am doing one-way synchronization to mdbox+SIS at separate ZFS filesystem of the backup server and make snapshots to have backup history. I used to backup with rsync previously. After was I switched to doveadm-backup the backup speed increased dramatically. From robert.gierzinger at hpc.at Sat Feb 28 19:17:54 2015 From: robert.gierzinger at hpc.at (Robert Gierzinger) Date: Sat, 28 Feb 2015 20:17:54 +0100 Subject: SOLR 5 Message-ID: <607ea91045088057faa6a5b1840cfb47@hpc.at> Hello, I just wanted to give SOLR 5 a try, however there probably have changed quite some bits in the config files, did not even manage to create a core with various solrconfig.xml and schema.xml files, but I am absolutely no expert in solr. Has anybody given it a try or are there some tips on how to get it running? regards, Robert From mail at marc-stuermer.de Sat Feb 28 20:27:49 2015 From: mail at marc-stuermer.de (=?UTF-8?B?TWFyYyBTdMO8cm1lcg==?=) Date: Sat, 28 Feb 2015 21:27:49 +0100 Subject: users of dbox format In-Reply-To: <54F0825C.3040701@cs.ucy.ac.cy> References: <54F0825C.3040701@cs.ucy.ac.cy> Message-ID: <54F224C5.8010801@marc-stuermer.de> Am 27.02.2015 um 15:42 schrieb Andreas Kasenides: > I am contemplating changing my maildir setup to mdbox but I still need > to make a case for it > against maildir which has become a de-facto standard and provides sort > of a secure basis in case of > software changes. Pros of Mdbox: * uses less files, meaning MUCH faster backup, faster fsck * you can use ALT storage, namely saving certain folders on a faster/slower storage (e.g. Inbox on fast RAID and rest on slower RAID) * you can compress it, making it even faster (zlib and so on) * uses much less I/O-operations compared to Maildir Cons: * you need to use the doveadm-toolchain, so you need to learn it; no longer mingling with emails on file system level anymore! * you need a snapshot for a consistent backup * if you lose the index file, all information on folders/mails is lost From Marcus.Woeltje at neos-it.de Fri Feb 27 15:16:42 2015 From: Marcus.Woeltje at neos-it.de (=?iso-8859-1?Q?W=F6ltje=2C_Marcus?=) Date: Fri, 27 Feb 2015 15:16:42 +0000 Subject: Postfix - dovecot-lda -> Permission denied Message-ID: <497ED10F0C1FA8488397AB0162B18D330B209068@EX1.neos-it.local> Hi erveryone! I'm trying to run Postix and Dovecot on a Mac OS X, but somehow, it doesn't work. I probably messed up the privileges or something else. Hopefully someone of you, can help me figure it out. So far, Postfix is delivering the mail into ~/Maildir. But as soon as I add the line: mailbox_command = /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda in /etc/postfix/main.cf I get the following entry in the mail.log. Feb 27 16:08:02 Nils-iMac.local local[53237]: fatal: execvp /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda: Permission denied Feb 27 16:08:02 Nils-iMac.local postfix/local[53236]: B246837BE40: to=, orig_to=, relay=local, delay=1185, delays=1185/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda: Permission denied ) Here are the rights of dovecot-lda: -rwxrwx--- 1 root certusers 32144 Dec 5 04:41 /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda Hope someone has an Idea. :) Bye, Marcus In case you need my doveconf: dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 6 first_valid_uid = 6 hostname = imap_capability = imap_client_workarounds = imap_id_log = * imap_id_send = "name" * "version" * imap_idle_notify_interval = 2 mins imap_logout_format = in=%i out=%o imap_max_line_length = 64 k imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imap_urlauth_submit_user = submit imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_ssl = no imapc_ssl_verify = yes imapc_user = import_environment = TZ info_log_path = /Library/Logs/Mail/mail-info.log instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_mailbox_listid_autosave = no lda_original_recipient_header = libexec_dir = /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot listen = *, :: lmtp_address_translate = lmtp_proxy = no lmtp_rcpt_check_quota = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = /Library/Logs/Mail/mail-err.log log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c login_trusted_networks = mail_access_groups = mail mail_always_cache_fields = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_attribute_dict = file:/Library/Server/Mail/Data/attributes/attributes.dict mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = certusers mail_home = mail_location = maildir:~/Maildir:INBOX=~/Maildir mail_log_prefix = "%s(pid %p user %u): " mail_max_bad_commands = 20 mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /Applications/Server.app/Contents/ServerRoot/usr/lib/dovecot mail_plugins = quota zlib acl fts fts_sk mail_prefetch_count = 0 mail_privileged_group = mail mail_save_crlf = no mail_shared_explicit_inbox = no mail_temp_dir = /tmp mail_temp_scan_interval = 1 weeks mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index = no maildir_broken_filename_sizes = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no managesieve_client_workarounds = managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_md5 = apop3d mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 200 M mmap_disable = no namespace acl-mailboxes { disabled = no hidden = no ignore_on_failure = no inbox = no list = children location = maildir:/Users/%u/Maildir:INDEX=/Users%u/Maildi/shared/%%u prefix = shared.%%u. separator = . subscriptions = no type = shared } namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = no driver = special_use = \Drafts } mailbox Junk { auto = no driver = special_use = \Junk } mailbox Sent { auto = no driver = special_use = \Sent } mailbox "Sent Messages" { auto = no driver = special_use = \Sent } mailbox Trash { auto = no driver = special_use = \Trash } prefix = separator = subscriptions = yes type = private } namespace list-archives { disabled = no hidden = no ignore_on_failure = no inbox = no list = children location = maildir:/Library/Server/Mail/Data/listserver/messages/archive/lists/%%u:INDEX=/Library/Server/Mail/Data/listserver/messages/archive/shared/%%u prefix = archives.%%u. separator = . subscriptions = no type = shared } passdb { args = default_fields = deny = no driver = od master = no override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never } passdb { args = /Library/Server/Mail/Config/dovecot/submit.passdb default_fields = deny = no driver = passwd-file master = no override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never } plugin { acl = vfile:/Library/Server/Mail/Config/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/Library/Server/Mail/Data/shared/shared-mailboxes fts = sk quota = maildir:User quota quota_warning = storage=100%% quota-exceeded %u sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u stats_refresh = 30 secs stats_track_cmds = yes } pop3_client_workarounds = pop3_deleted_flag = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_duplicates = allow pop3_uidl_format = %08Xu%08Xv pop3c_host = pop3c_master_user = pop3c_password = pop3c_port = 110 pop3c_rawlog_dir = pop3c_ssl = no pop3c_ssl_verify = yes pop3c_user = %u postmaster_address = postmaster at localhost protocols = imap pop3 lmtp sieve quota_full_tempfail = yes recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s replication_full_sync_interval = 1 days replication_max_conns = 10 replicator_host = replicator replicator_port = 0 sendmail_path = /usr/sbin/sendmail service aggregator { chroot = . client_limit = 0 drop_priv_before_exec = no executable = aggregator extra_groups = fifo_listener replication-notify-fifo { group = mode = 0600 user = } group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replication-notify { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 0 drop_priv_before_exec = no executable = auth extra_groups = _keytabusers group = idle_kill = 15 mins privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0666 user = _dovecot } unix_listener login/login { group = mode = 0666 user = } unix_listener token-login/tokenlogin { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = . client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs inet_listener { address = port = 0 ssl = no } privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener director-userdb { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = port = 143 ssl = no } inet_listener imaps { address = port = 993 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 0 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-login { chroot = token-login client_limit = 0 drop_priv_before_exec = no executable = imap-urlauth-login extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login unix_listener imap-urlauth { group = mode = 0666 user = } user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth-worker extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener imap-urlauth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service imap-urlauth { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener token-login/imap-urlauth { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service imap { chroot = client_limit = 5 drop_priv_before_exec = no executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 200 process_min_avail = 0 protocol = imap service_count = 0 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service indexer-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = indexer-worker extra_groups = group = idle_kill = 0 privileged_group = process_limit = 10 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer-worker { group = mode = 0600 user = $default_internal_user } user = _dovecot vsz_limit = 18446744073709551615 B } service indexer { chroot = client_limit = 0 drop_priv_before_exec = no executable = indexer extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service ipc { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = ipc extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener ipc { group = mode = 0600 user = } unix_listener login/ipc-proxy { group = mode = 0600 user = $default_login_user } user = $default_internal_user vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 1 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log unix_listener log-errors { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service managesieve-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = managesieve-login extra_groups = group = idle_kill = 0 inet_listener sieve { address = port = 4190 ssl = no } privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service managesieve { chroot = client_limit = 1 drop_priv_before_exec = no executable = managesieve extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = unix_listener login/sieve { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 ssl = no } inet_listener pop3s { address = port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service pop3 { chroot = client_limit = 5 drop_priv_before_exec = no executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 200 process_min_avail = 0 protocol = pop3 service_count = 0 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service quota-exceeded { chroot = client_limit = 0 drop_priv_before_exec = no executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded.sh extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener quota-exceeded { group = mail mode = 0660 user = _dovecot } user = _dovecot vsz_limit = 18446744073709551615 B } service quota-warning { chroot = client_limit = 0 drop_priv_before_exec = no executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning.sh extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener quota-warning { group = mail mode = 0660 user = _dovecot } user = _dovecot vsz_limit = 18446744073709551615 B } service replicator { chroot = client_limit = 0 drop_priv_before_exec = no executable = replicator extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replicator-doveadm { group = mode = 00 user = $default_internal_user } unix_listener replicator { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } unix_listener ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0600 user = _dovecot } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } # 2.2.5: /Library/Server/Mail/Config/dovecot/dovecot.conf # OS: Darwin 14.1.0 x86_64 # NOTE: Send doveconf -n output instead when asking for help. aps_topic = auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = $ALL auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain login apop digest-md5 gssapi auth_proxy_self = auth_realms = LAPPENBUSCH auth_socket_path = /var/run/dovecot/auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %n auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = /Library/Logs/Mail/mail-debug.log default_client_limit = 1000 default_idle_kill = 1 mins default_internal_user = _dovecot default_login_user = _dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins director_username_hash = %u disable_plaintext_auth = no dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 6 first_valid_uid = 6 hostname = imap_capability = imap_client_workarounds = imap_id_log = *