From emailgrant at gmail.com Tue Sep 1 01:01:02 2015 From: emailgrant at gmail.com (Grant) Date: Mon, 31 Aug 2015 18:01:02 -0700 Subject: 'doveadm expunge' with -A and userdb { driver = passwd } Message-ID: I'm expunging mail in my crontab like this: doveadm search -u user1 mailbox INBOX.Trash savedbefore 30d doveadm search -u user2 mailbox INBOX.Trash savedbefore 30d doveadm search -u user3 mailbox INBOX.Trash savedbefore 30d ... I'd rather do this: doveadm search -A mailbox INBOX.Trash savedbefore 30d but I'm told not to: "If the -A option is present, the command will be performed for all users. Using this option in combination with system users from userdb { driver = passwd } is not recommended, because it contains also users with a lower UID than the one configured with the first_valid_uid setting." I'm using userdb { driver = passwd-file } but I'm guessing that's the same thing. Am I understanding this correctly? - Grant From skdovecot at smail.inf.fh-brs.de Tue Sep 1 06:37:34 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 1 Sep 2015 08:37:34 +0200 (CEST) Subject: 'doveadm expunge' with -A and userdb { driver = passwd } In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 31 Aug 2015, Grant wrote: > doveadm search -A mailbox INBOX.Trash savedbefore 30d > > but I'm told not to: > > "If the -A option is present, the command will be performed for all > users. Using this option in combination with system users from userdb > { driver = passwd } is not recommended, because it contains also users > with a lower UID than the one configured with the first_valid_uid > setting." > > I'm using userdb { driver = passwd-file } but I'm guessing that's the > same thing. Am I understanding this correctly? Which passwd-file do you use? Does this file contains any users, which uid is lower than first_valid_uid? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVeVHrnz1H7kL/d9rAQIQlAf/XDInanijWJPkwLTGsoIE4ibxLAJx98Zr KCOKTImdYfKE7M3DW6RhSiGod5j4nckbJnEjT9wBF1rRltJq/UO2yZfdhVu4Hj9X py/AMw9d3h1wd4grwl1ciSDXcI2e8Z9sdpwKn/Gwn45jLb/6pEQPFFmU8S5p0nv9 fTMOs6NNBD1G7vQdZyu4Z6qbXeLtiBq1XTwzBeQ3dysSeOBfpzApVlCjr2CYbrdR g7nshg/LBA8ZFD2Jd4r71kyFVRkxDcc03/C0StamSF+ay4tYc8VXo31NknqCcCuM +3fzufyQ9S+rFumpEp20XQjkyjFMBsWbpP3ebLsnVPGrIPhQpBy2Dg== =NyT3 -----END PGP SIGNATURE----- From joe.beaubien at gmail.com Tue Sep 1 22:23:15 2015 From: joe.beaubien at gmail.com (Joe Beaubien) Date: Tue, 1 Sep 2015 18:23:15 -0400 Subject: Single Instance Storage after the fact Message-ID: Hi everyone, I tried to find info about this online, but I couldn't find anything talking specifically about what I am trying to accomplish. I am sending and receiving the same attachments pretty often and as a result my email accounts are growing much more rapidly than I would like. *My goal* is to set up a second instance of Dovecot with SIS enabled and transfer everything over to this new Dovecot setup. I was thinking of simply running a dsync backup from the old instance and then a dsync backup -R on the new instance with SIS. Would this effectively create a new set of mailboxes without attachments (and a new folder full of attachments)? If not, can someone point me to information on how to accomplish this? Best regards, Joe B. From p.heinlein at heinlein-support.de Wed Sep 2 09:58:18 2015 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Wed, 2 Sep 2015 11:58:18 +0200 Subject: Moving mails from shared folder to shared folder doesn't work Message-ID: <55E6C83A.2010102@heinlein-support.de> Hi, having the attached configuration with Dovecot 2.2.9, Dovecot's crashing when moving a mail from a shared folder into another shared folder. Moving that mail into a "real" folder of the user or moving that mail from a real folder into the shared folder is always working. But moving from a shared folder into a shared folder doesn't work. Sep 2 11:47:42 mail02 dovecot: imap(peer.heinlein at example.com): Panic: file mail-index.c: line 380 (mail_index_keywords_unref): assertion failed: (keywords->refcount > 0) Sep 2 11:47:42 mail02 dovecot: imap(peer.heinlein at example.com): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x62792) [0x7f87e455f792] -> /usr/lib/dovecot/libdovecot.so.0(+0x627f6) [0x7f87e455f7f6] -> /usr/lib/dovecot/libdovecot.so.0(+0x1c5ca) [0x7f87e45195ca] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xb032f) [0x7f87e487232f] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_copy+0x75) [0x7f87e4838315] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_move+0x1d) [0x7f87e48383dd] -> dovecot/imap [peer.heinlein at example.com 172.31.xxx.xxx UID move](+0xec4a) [0x7f87e4cfbc4a] -> dovecot/imap [peer.heinlein at example.com 172.31.xxx.xxx UID move](command_exec+0x3d) [0x7f87e4d06acd] -> dovecot/imap [peer.heinlein at example.com 172.31.xxx.xxx UID move](+0x18b60) [0x7f87e4d05b60] -> dovecot/imap [peer.heinlein at example.com 172.31.xxx.xxx UID move](+0x18c4d) [0x7f87e4d05c4d] -> dovecot/imap [peer.heinlein at example.com 172.31.xxx.xxx UID move](client_handle_input+0x11d) [0x7f87e4d05edd] -> dovecot/imap [peer.heinlein at example.com 172.31.xxx.xxx UID move](client_input+0x72) [0x7f87e4d06292] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f87e456f5f6] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) [0x7f87e45706cf] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f87e456f568] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f87e451e0c3] -> dovecot/imap [peer.heinlein at example.com 172.31.xxx.xxx UID move](main+0x303) [0x7f87e4d10043] -> /lib/libc.so.6(__libc_start_main+0xfd) [0x7f87e4192c8d] -> dovecot/imap [peer.heinlein at example.com 172.31.xxx.xxx UID move](+0xd0e9) [0x7f87e4cfa0e9] Sep 2 11:47:42 mail02 dovecot: imap(peer.heinlein at example.com): Fatal: master: service(imap): child 18707 killed with signal 6 (core dumps disabled) Peer -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin -------------- next part -------------- root at mail02:/media/hotfix# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-32-generic x86_64 Ubuntu 10.04.4 LTS auth_debug = yes auth_mechanisms = plain login cram-md5 digest-md5 apop auth_username_translation = %Lu auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_debug = yes mail_gid = vmail mail_location = maildir:~/Maildir mail_max_userip_connections = 750 mail_plugins = acl mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes list = yes location = prefix = INBOX/ separator = / subscriptions = yes type = private } namespace { list = children location = maildir:/mail/%%Ld/%%Ln/Maildir:INDEX=~/Maildir/shared/%%Lu:INDEXPVT=~/Maildir/shared/%%Lu:CONTROL=/mail/%Ld/%Ln/Maildir/shared/%%Lu prefix = shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes quota = maildir:storage= sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_max_redirects = 10 } postmaster_address = postmaster at example.com protocols = lmtp imap sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { inet_listener imap { address = 127.0.0.1, xxxxx port = 143 } inet_listener imaps { address = 127.0.0.1, xxxxx port = 993 } process_min_avail = 4 service_count = 0 } service imap { executable = imap postlogin } service managesieve-login { inet_listener sieve { address = * port = 4190 } inet_listener sieve_deprecated { address = * port = 2000 } process_min_avail = 2 service_count = 0 } service pop3 { executable = pop3 postlogin } service postlogin { executable = script-login -d rawlog } userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } verbose_proctitle = yes protocol imap { mail_plugins = acl imap_acl } protocol pop3 { mail_plugins = acl } protocol lmtp { mail_plugins = acl sieve } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From p.heinlein at heinlein-support.de Wed Sep 2 11:12:48 2015 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Wed, 2 Sep 2015 13:12:48 +0200 Subject: doveadm-server hangs with 100% cpu usage In-Reply-To: References: <55352503.5020703@heinlein-support.de> Message-ID: <55E6D9B0.4060202@heinlein-support.de> Am 21.04.2015 um 21:50 schrieb Timo Sirainen: > So killing the doveadm-server process will cause it to hang again for the same user? That's good, since it means it can be reproduced by taking a copy of the mailboxes and trying to run "doveadm sync" manually on them locally, e.g.: > > doveadm -D -o mail=mdbox:/tmp/mdbox1 sync mdbox:/tmp/mdbox2 > > Does that hang? It's not hanging -- doveadm terminates. But at the end the destination folder is empty: root at dobby5:/tmp# doveadm -D -o mail_debug=yes -o mail=mdbox:/tmp/test1 sync mdbox:/tmp/test2 Debug: Loading modules from directory: /usr/lib/dovecot/modules Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_mail_log_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_replication_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) doveadm(root): Debug: Effective uid=0, gid=0, home=/root doveadm(root): Debug: Quota root: name=User quota backend=dict args=:noenforcing:file:/root/dovecot-quota doveadm(root): Debug: Quota rule: root=User quota mailbox=* bytes=0 messages=500000 doveadm(root): Debug: Quota grace: root=User quota bytes=0 (10%) doveadm(root): Debug: dict quota: user=root, uri=file:/root/dovecot-quota, noenforcing=1 doveadm(root): Debug: Namespace inbox: type=private, prefix=INBOX/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/tmp/test1 doveadm(root): Debug: fs: root=/tmp/test1, index=, indexpvt=, control=, inbox=, alt= doveadm(root): Debug: acl: initializing backend with data: vfile doveadm(root): Debug: acl: acl username = root doveadm(root): Debug: acl: owner = 1 doveadm(root): Debug: acl vfile: Global ACLs disabled doveadm(root): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=mdbox:%h/mdbox doveadm(root): Debug: shared: root=/var/run/dovecot/, index=, indexpvt=, control=, inbox=, alt= doveadm(root): Debug: acl: initializing backend with data: vfile doveadm(root): Debug: acl: acl username = root doveadm(root): Debug: acl: owner = 0 doveadm(root): Debug: acl vfile: Global ACLs disabled doveadm(root): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none doveadm(root): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= doveadm(root): Debug: acl vfile: file /tmp/test1/mailboxes/dovecot-acl not found doveadm(root): Debug: acl vfile: file /tmp/test1/mailboxes/INBOX/dbox-Mails/dovecot-acl not found doveadm(root): Debug: Namespace INBOX/: Using permissions from /tmp/test1: mode=0700 gid=default dsync(root): Debug: Effective uid=0, gid=0, home=/root dsync(root): Debug: Quota root: name=User quota backend=dict args=:noenforcing:file:/root/dovecot-quota dsync(root): Debug: Quota rule: root=User quota mailbox=* bytes=0 messages=500000 dsync(root): Debug: Quota grace: root=User quota bytes=0 (10%) dsync(root): Debug: dict quota: user=root, uri=file:/root/dovecot-quota, noenforcing=1 dsync(root): Debug: Namespace inbox: type=private, prefix=INBOX/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/tmp/test2 dsync(root): Debug: fs: root=/tmp/test2, index=, indexpvt=, control=, inbox=, alt= dsync(root): Debug: Namespace INBOX/: /tmp/test2 doesn't exist yet, using default permissions dsync(root): Debug: Namespace INBOX/: Using permissions from /tmp/test2: mode=0700 gid=default dsync(root): Debug: acl: initializing backend with data: vfile dsync(root): Debug: acl: acl username = root dsync(root): Debug: acl: owner = 1 dsync(root): Debug: acl vfile: Global ACLs disabled dsync(root): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=mdbox:%h/mdbox dsync(root): Debug: shared: root=/var/run/dovecot/, index=, indexpvt=, control=, inbox=, alt= dsync(root): Debug: acl: initializing backend with data: vfile dsync(root): Debug: acl: acl username = root dsync(root): Debug: acl: owner = 0 dsync(root): Debug: acl vfile: Global ACLs disabled dsync(root): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none dsync(root): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= dsync(root): Debug: acl vfile: file /tmp/test2/mailboxes/dovecot-acl not found dsync(root): Debug: acl vfile: file /tmp/test2/mailboxes/INBOX/dbox-Mails/dovecot-acl not found dsync(root): Debug: acl vfile: file /tmp/test2/mailboxes/INBOX/dbox-Mails/dovecot-acl not found dsync(root): Debug: brain M: Local mailbox tree: INBOX guid=00000000000000000000000000000000 uid_validity=0 uid_next=0 subs=no last_change=0 last_subs=0 dsync(root): Debug: brain S: Local mailbox tree: INBOX guid=00000000000000000000000000000000 uid_validity=0 uid_next=0 subs=no last_change=0 last_subs=0 dsync(root): Debug: brain M: Remote mailbox tree: INBOX guid=00000000000000000000000000000000 uid_validity=0 uid_next=0 subs=no last_change=0 last_subs=0 dsync(root): Debug: brain S: Remote mailbox tree: INBOX guid=00000000000000000000000000000000 uid_validity=0 uid_next=0 subs=no last_change=0 last_subs=0 dsync(root): Debug: brain M: Mailbox INBOX: local=00000000000000000000000000000000/0/0, remote=00000000000000000000000000000000/0/0: Directory rename branch not found dsync(root): Debug: brain S: Mailbox INBOX: local=00000000000000000000000000000000/0/0, remote=00000000000000000000000000000000/0/0: Directory rename branch not found Peer -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From andrew at mcnaughty.com Wed Sep 2 11:43:34 2015 From: andrew at mcnaughty.com (Andrew McN) Date: Wed, 02 Sep 2015 21:43:34 +1000 Subject: imap segfaults when using antispam plugin, and moving mail to an 'unsure' folder. In-Reply-To: <55CBA7D4.3040101@mcnaughty.com> References: <55CBA7D4.3040101@mcnaughty.com> Message-ID: <55E6E0E6.6050707@mcnaughty.com> I've had no responses to this bug report. Does anyone have any ideas on how I can move it forward? Regards, Andrew On 13/08/15 06:08, Andrew McN wrote: > > I put up a question on serverfault first, which has the details, > including a stack trace: > http://serverfault.com/questions/713687/dovecot-antispam-error-storing-mail > . Details also copied below. > > Is this a known bug? If I built dovecot from source rather than using > the Ubuntu 14.04 packages, would I expect that to help? Are there any > configuration details that might be relevant? (dovecot -n output shown > > Any help much appreciated. > > Andrew McNaughton > > > > > Details on the serverfault page repeated below, plus a little more. > > ----------------------------------------------------- > > Ubuntu 14.04.3 x86_64 > Running inside lxc-docker 1.7.0 > dovecot-imapd 1:2.2.9-1ubuntu2 > dovecot-antispam 2.0+20130822-2build1 > > Filesystem is via docker, so aufs is involved, and under that on the > host systems is ext4 > > ----------------------------------------------------- > > I know mail is not supposed to be moved into a mailbox of type 'unsure'. > The server should refuse this action. What actually happens though is > that the imap process throws an error and dies: > > Aug 12 17:53:07 255c7fc2d2f0 imap: antispam: > mailbox_is_unsure(Review-Classification): 1 > Aug 12 17:53:07 255c7fc2d2f0 dovecot: imap(user at example.com): Panic: > file mail-storage.c: line 2141 (mailbox_copy): assertion failed: > (!ctx->unfinished) > Aug 12 17:53:07 255c7fc2d2f0 dovecot: imap(user at example.com): Error: Raw > backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x5e271) [0x7f718e7dd271] > -> /usr/lib/dovecot/libdovecot.so.0(+0x5e34e) [0x7f718e7dd34e] -> > /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f718e798a9e] -> > /usr/lib/dovecot/libdovecot-storage.so.0(+0x7196f) [0x7f718eab896f] -> > /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_move+0x15) > [0x7f718eab8985] -> dovecot/imap(+0xded5) [0x7f718ef84ed5] -> > dovecot/imap(command_exec+0x3c) [0x7f718ef8f6dc] -> > dovecot/imap(+0x176cf) [0x7f718ef8e6cf] -> dovecot/imap(+0x17785) > [0x7f718ef8e785] -> dovecot/imap(client_handle_input+0x125) > [0x7f718ef8eaa5] -> dovecot/imap(client_input+0x75) [0x7f718ef8ee35] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7f718e7ed247] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) > [0x7f718e7edfd7] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) > [0x7f718e7ecde8] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) > [0x7f718e79dc93] -> dovecot/imap(main+0x2c4) [0x7f718ef832f4] -> > /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f718e3dbec5] > -> dovecot/imap(+0xc460) [0x7f718ef83460] > Aug 12 17:53:07 255c7fc2d2f0 dovecot: imap(user at example.com): Fatal: > master: service(imap): child 58 killed with signal 6 (core dumped) > > ----------------------------------------------------------------------- > > root at 8ec9579667fc:/# gdb /usr/lib/dovecot/imap /tmp/61 > GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1 > Copyright (C) 2014 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-linux-gnu". > Type "show configuration" for configuration details. > For bug reporting instructions, please see: > . > Find the GDB manual and other documentation resources online at: > . > For help, type "help". > Type "apropos word" to search for commands related to "word"... > Reading symbols from /usr/lib/dovecot/imap...Reading symbols from > /usr/lib/debug//usr/lib/dovecot/imap...done. > done. > [New LWP 61] > Core was generated by `dovecot/imap'. > Program terminated with signal SIGABRT, Aborted. > #0 0x00007f5dd5394cc9 in __GI_raise (sig=sig at entry=6) at > ../nptl/sysdeps/unix/sysv/linux/raise.c:56 > 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. > (gdb) bt full > #0 0x00007f5dd5394cc9 in __GI_raise (sig=sig at entry=6) at > ../nptl/sysdeps/unix/sysv/linux/raise.c:56 > resultvar = 0 > pid = 61 > selftid = 61 > #1 0x00007f5dd53980d8 in __GI_abort () at abort.c:89 > save_stage = 2 > act = {__sigaction_handler = {sa_handler = 0x800, sa_sigaction = > 0x800}, sa_mask = {__val = {140041026109520, 178, 140041026077952, 512, > 140040990095251, 140041026077952, 140041026077952, 512, > 140040990087565, 140734823456136, 140040990231826, 140041026077952, > 140734823456040, 0, > 140040990231929, 140041026077952}}, sa_flags = -713567062, > sa_restorer = 0x7fff6128dd01} > sigs = {__val = {32, 0 }} > #2 0x00007f5dd5781298 in default_fatal_finish (type=, > status=status at entry=0) at failures.c:192 > backtrace = 0x7f5dd79d0538 > "/usr/lib/dovecot/libdovecot.so.0(+0x5e271) [0x7f5dd5781271] -> > /usr/lib/dovecot/libdovecot.so.0(+0x5e34e) [0x7f5dd578134e] -> > /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f5dd573ca9e] -> > /usr/lib/d"... > #3 0x00007f5dd578134e in i_internal_fatal_handler (ctx=0x7fff6128dd70, > format=, args=) at failures.c:653 > status = 0 > #4 0x00007f5dd573ca9e in i_panic (format=format at entry=0x7f5dd5ab1e68 > "file %s: line %d (%s): assertion failed: (%s)") at failures.c:264 > ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} > args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = > 0x7fff6128de60, reg_save_area = 0x7fff6128dda0}} > #5 0x00007f5dd5a5c96f in mailbox_copy (_ctx=, > mail=mail at entry=0x7f5dd79ffbc0) at mail-storage.c:2141 > ctx = 0x7f5dd7a043e0 > t = 0x7f5dd79fdf00 > keywords = 0x0 > pvt_flags = 0 > real_mail = > ret = -1 > __FUNCTION__ = "mailbox_copy" > #6 0x00007f5dd5a5c985 in mailbox_move (_ctx=, > mail=0x7f5dd79ffbc0) at mail-storage.c:2153 > ctx = 0x7f5dd7a043e0 > #7 0x00007f5dd5f28ed5 in fetch_and_copy (copy_count_r= pointer>, src_uidset_r=, search_args=, > src_trans_r=0x7fff6128df18, t=, move=true, > client=0x7f5dd79ee440) at cmd-copy.c:67 > search_ctx = 0x7f5dd79ff920 > src_trans = 0x7f5dd79fec10 > srcset_ctx = {str = 0x7f5dd79d0350, first_uid = 0, last_uid = > 4294967295} > ret = 1 > save_ctx = 0x0 > mail = 0x7f5dd79ffbc0 > copy_count = 1 > src_uidset = 0x7f5dd79d0350 > #8 cmd_copy_full (cmd=0x7f5dd79eee70, move=) at > cmd-copy.c:123 > client = 0x7f5dd79ee440 > dest_storage = > destbox = 0x7f5dd79f8d10 > t = 0x7f5dd79fdf00 > src_trans = 0x7f5dd573d029 > search_args = 0x7f5dd79f73a0 > messageset = 0x7f5dd79dbc10 "76" > mailbox = 0x7f5dd79dbc18 "Review-Classification" > src_uidset = > sync_flags = (unknown: 0) > imap_flags = (unknown: 0) > changes = {pool = 0x7f5dd79d0350, uid_validity = 0, saved_uids = > {arr = {buffer = 0x1, element_size = 140040986301132}, v = 0x1, > v_modifiable = 0x1}, > ignored_modseq_changes = 3617438728, changed = 93, > no_read_perm = 127} > msg = > ret = > __FUNCTION__ = "cmd_copy_full" > #9 0x00007f5dd5f336dc in command_exec (cmd=0x7f5dd79eee70) at > imap-commands.c:158 > hook = 0x7f5dd79d90d0 > ret = > #10 0x00007f5dd5f326cf in client_command_input (cmd=0x7f5dd79eee70) at > imap-client.c:780 > client = 0x7f5dd79ee440 > command = > __FUNCTION__ = "client_command_input" > #11 0x00007f5dd5f32785 in client_command_input (cmd=0x7f5dd79eee70) at > imap-client.c:841 > client = 0x7f5dd79ee440 > command = > __FUNCTION__ = "client_command_input" > #12 0x00007f5dd5f32aa5 in client_handle_next_command > (remove_io_r=, client=0x7f5dd79ee440) at > imap-client.c:879 > No locals. > #13 client_handle_input (client=client at entry=0x7f5dd79ee440) at > imap-client.c:891 > _data_stack_cur_id = 3 > remove_io = false > handled_commands = false > __FUNCTION__ = "client_handle_input" > #14 0x00007f5dd5f32e35 in client_input (client=0x7f5dd79ee440) at > imap-client.c:933 > cmd = 0x7f5dd79e5ae0 > output = 0x7f5dd79eeca0 > bytes = 39 > __FUNCTION__ = "client_input" > #15 0x00007f5dd5791247 in io_loop_call_io (io=0x7f5dd79eed90) at > ioloop.c:388 > ioloop = 0x7f5dd79d8720 > t_id = 2 > #16 0x00007f5dd5791fd7 in io_loop_handler_run > (ioloop=ioloop at entry=0x7f5dd79d8720) at ioloop-epoll.c:220 > ctx = 0x7f5dd79d93b0 > list = 0x7f5dd79dade0 > io = > tv = {tv_sec = 1799, tv_usec = 999178} > events_count = > msecs = > ret = 1 > i = 0 > call = > __FUNCTION__ = "io_loop_handler_run" > #17 0x00007f5dd5790de8 in io_loop_run (ioloop=0x7f5dd79d8720) at > ioloop.c:412 > __FUNCTION__ = "io_loop_run" > #18 0x00007f5dd5741c93 in master_service_run (service=0x7f5dd79d85b0, > callback=) at master-service.c:566 > No locals. > #19 0x00007f5dd5f272f4 in main (argc=1, argv=0x7f5dd79d8390) at main.c:400 > set_roots = {0x7f5dd614aa00 , 0x0} > login_set = {auth_socket_path = 0x7f5dd79d0048 "\001", > postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, > callback = 0x7f5dd5f3c0f0 , > failure_callback = 0x7f5dd5f3be20 , > request_auth_token = 1} > service_flags = > storage_service_flags = > username = 0x0 > c = > > ------------------------------------------------------------------------------- > > root at 8ec9579667fc:/# dovecot -n > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-43-generic x86_64 Ubuntu 14.04.3 LTS ext4 > auth_debug = yes > auth_verbose = yes > disable_plaintext_auth = no > first_valid_gid = 150 > first_valid_uid = 150 > last_valid_gid = 150 > last_valid_uid = 150 > mail_debug = yes > mail_gid = vmail > mail_location = > maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/Maildir/indexes > mail_uid = vmail > namespace inbox { > inbox = yes > location = > mailbox Attention-Not-Required { > auto = subscribe > special_use = \Junk > } > mailbox Attention { > auto = subscribe > } > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Review-Classification { > auto = subscribe > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > antispam_backend = dspam > antispam_debug_target = syslog > antispam_dspam_args = --deliver=;--user;%u; > antispam_dspam_binary = /usr/bin/dspam > antispam_signature = X-DSPAM-Signature > antispam_signature_missing = error > antispam_spam = Attention-Not-Required > antispam_trash = Trash > antispam_unsure = Review-Classification > antispam_verbose_debug = 1 > mail_log_events = delete undelete expunge copy mailbox_delete > mailbox_rename > mail_log_fields = uid box msgid size > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > postmaster_address = postmaster at example.net > protocols = " imap lmtp" > service lmtp { > inet_listener lmtp { > address = 127.0.0.1 > port = 24 > } > user = vmail > } > ssl_cert = ssl_key = ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2 > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol lmtp { > mail_plugins = " sieve" > } > protocol lda { > mail_plugins = " sieve" > } > protocol imap { > mail_plugins = " antispam" > } > > From emailgrant at gmail.com Wed Sep 2 12:55:36 2015 From: emailgrant at gmail.com (Grant) Date: Wed, 2 Sep 2015 05:55:36 -0700 Subject: 'doveadm expunge' with -A and userdb { driver = passwd } In-Reply-To: References: Message-ID: >> doveadm search -A mailbox INBOX.Trash savedbefore 30d >> >> but I'm told not to: >> >> "If the -A option is present, the command will be performed for all >> users. Using this option in combination with system users from userdb >> { driver = passwd } is not recommended, because it contains also users >> with a lower UID than the one configured with the first_valid_uid >> setting." >> >> I'm using userdb { driver = passwd-file } but I'm guessing that's the >> same thing. Am I understanding this correctly? > > > Which passwd-file do you use? Does this file contains any users, which uid > is lower than first_valid_uid? Here's what my Gentoo-default auth-passwdfile.conf.ext says: passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users } But I don't have an /etc/dovecot/users file. I also don't seem to have any mail user uid lower than 1000, but I do have some users above 1000 which aren't mail users (nobody, etc). - Grant From sergey.schwartz at bgoperator.com Wed Sep 2 15:03:00 2015 From: sergey.schwartz at bgoperator.com (Sergey Schwartz) Date: Wed, 2 Sep 2015 18:03:00 +0300 Subject: sieve filtering utf 8 strings Message-ID: <55E70FA4.2000301@bgoperator.com> Guys, I'm completely stuck, so asking for advice. My user has a sieve script which checks message header if it contains words in russian like '???? ???????????? ?????????'. Pritty simple script # rule:[??????????] if allof (header :contains "subject" "LDS (robot): ???? ???????????? ?????????", header :contains "from" "noreply at bgoperator.com") { fileinto "??????????"; } I don't have errors compiling the script or executing it via LMTP, but it doesn't work. Normally user receives messages from robot with subject encoded as quoted-printable Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= =?UTF-8?Q?=D0=B8=D1=8F__=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= When I send a test message via Thunderbird with required words - sieve works fine and subject is encoded in base64 Subject: =?UTF-8?B?0JvQuNGB0YIg0LHRgNC+0L3QuNGA0L7QstCw0L3QuNGPINC+0YLQv9GA?= =?UTF-8?B?0LDQstC70LXQvQ==?= It is the same text, but encodind is different - base 64 works fine and quoted-printable does not. Is it possible to have both supported for sieve ? -- Best regards, Sergey Schwartz Senior System Administrator Biblio Globus Tour Operator www.bgoperator.ru T: +7 495 5042500 ext 1532 E: sergey.schwartz at bgoperator.com From axel.luttgens at skynet.be Wed Sep 2 16:28:04 2015 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Wed, 2 Sep 2015 18:28:04 +0200 Subject: 'doveadm expunge' with -A and userdb { driver = passwd } In-Reply-To: References: Message-ID: > Le 2 sept. 2015 ? 14:55, Grant a ?crit : > > [?] > Here's what my Gentoo-default auth-passwdfile.conf.ext says: > > passdb { > driver = passwd-file > args = scheme=CRYPT username_format=%u /etc/dovecot/users > } > userdb { > driver = passwd-file > args = username_format=%u /etc/dovecot/users > } > > But I don't have an /etc/dovecot/users file. I also don't seem to > have any mail user uid lower than 1000, but I do have some users above > 1000 which aren?t mail users (nobody, etc). Hello Grant, So as to avoid any ambiguity, could you post the output of "doveconf -n"? Axel From mfoley at ohprs.org Wed Sep 2 17:31:35 2015 From: mfoley at ohprs.org (Mark Foley) Date: Wed, 02 Sep 2015 13:31:35 -0400 Subject: How to "Windows Authenticate" Message-ID: <201509021731.t82HVZ4r021574@mail.hprs.local> I've been using Dovecot 2.2.15 as the IMAP server for Outlook (2010/2013) on Windows workstations for over 6 months with no problems. Dovecot is hosted on the office Samba4 AC/DC server. I have been using auth_mechanisms plain login, and passdb driver = shadow. What I'd like to do now is use the "Windows Authenticated" login so I don't have to have separate passwords for users logging into the Windows AD workstations and their Outlook clients. If anyone has actually done this I'd appreciate some tips. My various attempts have not been successful. Here is my current config: $ doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = Is there anyway of replicating between more than one other instance of Dovecot. I have bidirectional replication working successfully and it seems to be reliable. I would like to replicate from one or more of these instances to one other. Is this possible? Dirk From p.heinlein at heinlein-support.de Wed Sep 2 20:01:13 2015 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Wed, 02 Sep 2015 22:01:13 +0200 Subject: Set X-Original-To based an ORCPT? Message-ID: <55E75589.5010105@heinlein-support.de> Since http://dovecot.org/pipermail/dovecot-cvs/2014-November/025241.html Dovecot's LMTP does support ORCPT. Is it possible to set X-Original-To-Header based on that ORCPT? Peer -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From b-dovecot.org at grmbl.net Wed Sep 2 20:59:06 2015 From: b-dovecot.org at grmbl.net (B) Date: Wed, 2 Sep 2015 22:59:06 +0200 Subject: more than two way replication In-Reply-To: <55E74DAE.9070309@tobit.co.uk> References: <55E74DAE.9070309@tobit.co.uk> Message-ID: <20150902205906.GE5534@mx.grmbl.net> Dirk, On Wed, Sep 02, 2015 at 08:27:42PM +0100, djk wrote: > Is there anyway of replicating between more than one other instance > of Dovecot. I have bidirectional replication working successfully and > it seems to be reliable. I would like to replicate from one or more > of these instances to one other. Is this possible? I've asked the same question a few months ago and was looking at having multiple mail_replicas or using round robin DNS for the mail_replica. Here's how I "solved" it: Server A, B, C A -> B on A set mail_replica = B Mail arrives at A, syncs to B B -> C on B set mail_replica = C Mail arrives at B, syncs to C C -> A on C set mail_replica = A Mail arrives at C, syncs to A The more you add the higher the delays. Not the best solution but it works. Timo please add multiple mail_replicas and maybe priorities for high latency links. HTH B. From axel.luttgens at skynet.be Wed Sep 2 22:17:45 2015 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Thu, 3 Sep 2015 00:17:45 +0200 Subject: sieve filtering utf 8 strings In-Reply-To: <55E70FA4.2000301@bgoperator.com> References: <55E70FA4.2000301@bgoperator.com> Message-ID: <6FC90AD5-22AD-4F79-9673-7AF50DABF32C@skynet.be> > Le 2 sept. 2015 ? 17:03, Sergey Schwartz a ?crit : > > Guys, > > I'm completely stuck, so asking for advice. > My user has a sieve script which checks message header if it contains words in russian like '???? ???????????? ?????????'. > > Pritty simple script > > # rule:[??????????] > if allof (header :contains "subject" "LDS (robot): ???? ???????????? ?????????", header :contains "from" "noreply at bgoperator.com") > { > fileinto "??????????"; > } > > I don't have errors compiling the script or executing it via LMTP, but it doesn't work. > Normally user receives messages from robot with subject encoded as quoted-printable > > Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= > =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= > =?UTF-8?Q?=D0=B8=D1=8F__=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= > > > When I send a test message via Thunderbird with required words - sieve works fine and subject is encoded in base64 > > Subject: =?UTF-8?B?0JvQuNGB0YIg0LHRgNC+0L3QuNGA0L7QstCw0L3QuNGPINC+0YLQv9GA?= > =?UTF-8?B?0LDQstC70LXQvQ==?= > > > It is the same text, but encodind is different - base 64 works fine and quoted-printable does not. > Is it possible to have both supported for sieve ? Hello Sergey, IIRC, many enhancements have been brought to dovecot/sieve handling of encodings over the consecutive past releases. What version are you running? Axel From stephan at rename-it.nl Thu Sep 3 00:20:25 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 3 Sep 2015 02:20:25 +0200 Subject: sieve filtering utf 8 strings In-Reply-To: <55E70FA4.2000301@bgoperator.com> References: <55E70FA4.2000301@bgoperator.com> Message-ID: <55E79249.5040707@rename-it.nl> Op 9/2/2015 om 5:03 PM schreef Sergey Schwartz: > Guys, > > I'm completely stuck, so asking for advice. > My user has a sieve script which checks message header if it contains > words in russian like '???? ???????????? ?????????'. > > Pritty simple script > > # rule:[??????????] > if allof (header :contains "subject" "LDS (robot): ???? ???????????? > ?????????", header :contains "from" "noreply at bgoperator.com") > { > fileinto "??????????"; > } > > I don't have errors compiling the script or executing it via LMTP, but > it doesn't work. > Normally user receives messages from robot with subject encoded as > quoted-printable > > Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= > =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= > > =?UTF-8?Q?=D0=B8=D1=8F__=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= > > > > When I send a test message via Thunderbird with required words - sieve > works fine and subject is encoded in base64 > > Subject: > =?UTF-8?B?0JvQuNGB0YIg0LHRgNC+0L3QuNGA0L7QstCw0L3QuNGPINC+0YLQv9GA?= > =?UTF-8?B?0LDQstC70LXQvQ==?= > > It is the same text, but encodind is different - base 64 works fine > and quoted-printable does not. > Is it possible to have both supported for sieve ? Both should be supported. I checked your encoded text using a test suite script (see below for a long answer) and it seems that your encoding is not what you expect. This: Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= =?UTF-8?Q?=D0=B8=D1=8F__=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= Yields: "LDS (robot): ???? ???????????? ????????" Notice the two spaces before ???????? and the missing Cyrillic N at the end. The two spaces are caused by the double '__' in the third line of the encoded subject. The final N in the subject is just not encoded. This: Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= =?UTF-8?Q?=D0=B8=D1=8F_=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= =?UTF-8?Q?=D0=BD?= Yields: "LDS (robot): ???? ???????????? ?????????" Which is obviously OK. So, to me, it seems as though the program that creates these messages is encoding the wrong text or is messing up encoding itself. Regards, Stephan. LONG ANSWER: I wrote a little test suite script like this: I executed it from the source directory: $ src/testsuite/testsuite -Tlevel=matching -t - ~/frop.svtest Test case: /home/stephan/frop.svtest: ## Started executing script 'frop.svtest' 3: testsuite: test_set command 3: set test parameter 'message' = "Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= =?UTF-8?Q?=D0=B8=D1=8F__=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= From: noreply at bgoperator.com To: friep at example.net Frop! " 14: ** Testsuite test start: "Test original" 16: header test 16: starting `:contains' match with `i;ascii-casemap' comparator: 16: extracting `subject' headers from message 16: matching value `LDS (robot): ???? ???????????? ????????' 16: with key `LDS (robot): ???? ???????????? ?????????' => 0 16: finishing match with result: not matched 17: jump if result is false 17: jumping to line 20 20: testsuite: test_fail command; FAIL current test 1: Test 'Test original' FAILED: Failed 20: jumping to line 24 24: testsuite: test_set command 24: set test parameter 'message' = "Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= =?UTF-8?Q?=D0=B8=D1=8F_=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= =?UTF-8?Q?=D0=BD?= From: noreply at bgoperator.com To: friep at example.net Frop! " 36: ** Testsuite test start: "Test mended" 38: header test 38: starting `:contains' match with `i;ascii-casemap' comparator: 38: extracting `subject' headers from message 38: matching value `LDS (robot): ???? ???????????? ?????????' 38: with key `LDS (robot): ???? ???????????? ?????????' => 1 38: finishing match with result: matched 39: jump if result is false 39: not jumping 40: header test 40: starting `:contains' match with `i;ascii-casemap' comparator: 40: extracting `from' headers from message 40: matching value `noreply at bgoperator.com' 40: with key `noreply at bgoperator.com' => 1 40: finishing match with result: matched 40: jump if result is false 40: not jumping 40: jumping to line 42 42: ** Testsuite test end 2: Test 'Test mended' SUCCEEDED ## Finished executing script 'frop.svtest' FAIL: 1 of 2 tests failed. Regards, Stephan. From andreas.fineske at iea-dpc.de Thu Sep 3 09:30:21 2015 From: andreas.fineske at iea-dpc.de (Andreas Fineske) Date: Thu, 03 Sep 2015 11:30:21 +0200 Subject: Error: Raw backtrace: and Transaction log changed unexpectedly, can't get modseq Message-ID: Hi there, i've got some errors in my log files # dovecot --version 2.2.9 Here the Log's: Aug?26?12:05:39?s-imap4?dovecot:?dsync-server(ralph.carstens.iea-dpc.de):?Error:?Raw?backtrace:?/usr/lib/dovecot/libdovecot.so.0(+0x5e271)?[0x7f61d943c271]?->?/usr/lib/dovecot/libdovecot.so.0(+0x5e34e)?[0x7f61d943c34e]?->?/usr/lib/dovecot/libdovecot.so.0(i_fatal+0)?[0x7f61d93f7a9e]?->?/usr/lib/dovecot/modules/lib01_acl_plugin.so(+0x53e2)?[0x7f61d8c083e2]?->?/usr/lib/dovecot/modules/lib01_acl_plugin.so(+0x72d9)?[0x7f61d8c0a2d9]?->?/usr/lib/dovecot/modules/lib01_acl_plugin.so(acl_attribute_iter_next+0x5d)?[0x7f61d8c0953d]?->?/usr/lib/dovecot/libdovecot-storage.so.0(+0x99e73)?[0x7f61d973fe73]?->?/usr/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_delete+0xf8)?[0x7f61d9741338]?->?/usr/lib/dovecot/modules/lib15_notify_plugin.so(+0x1d10)?[0x7f61d87efd10]?->?/usr/lib/dovecot/modules/lib01_acl_plugin.so(+0xbe16)?[0x7f61d8c0ee16]?->?/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_delete+0x27)?[0x7f61d9717f77]?->?dovecot/doveadm-server?[ralph.carstens.iea-dpc.de?recv_mailbox_tree_deletes](dsync_brain_mailbox_tree_sync_change+0x281)?[0x7f61d9bf4e21]?->?dovecot/doveadm-server?[ralph.carstens.iea-dpc.de?recv_mailbox_tree_deletes](dsync_brain_recv_mailbox_tree_deletes+0x11b)?[0x7f61d9bf4aeb]?->?dovecot/doveadm-server?[ralph.carstens.iea-dpc.de?recv_mailbox_tree_deletes](dsync_brain_run+0x4e3)?[0x7f61d9bf1f53]?->?dovecot/doveadm-server?[ralph.carstens.iea-dpc.de?recv_mailbox_tree_deletes](+0x1c270)?[0x7f61d9bf2270]?->?dovecot/doveadm-server?[ralph.carstens.iea-dpc.de?recv_mailbox_tree_deletes](+0x2de60)?[0x7f61d9c03e60]?->?/usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27)?[0x7f61d944c247]?->?/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7)?[0x7f61d944cfd7]?->?/usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38)?[0x7f61d944bde8]?->?dovecot/doveadm-server?[ralph.carstens.iea-dpc.de?recv_mailbox_tree_deletes](+0x1a189)?[0x7f61d9bf0189]?->?dovecot/doveadm-server?[ralph.carstens.iea-dpc.de?recv_mailbox_tree_deletes](+0xebeb)?[0x7f61d9be4beb]?->?dovecot/doveadm-server?[ralph.carstens.iea-dpc.de?recv_mailbox_tree_deletes](+0x184d3)?[0x7f61d9bee4d3]?->?/usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27)?[0x7f61d944c247]?->?/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7)?[0x7f61d944cfd7]?->?/usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38)?[0x7f61d944bde8]?->?/usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13)?[0x7f61d93fcc93]?->?dovecot/doveadm-server?[ralph.carstens.iea-dpc.de?recv_mailbox_tree_deletes](main+0x11b)?[0x7f61d9be494b]?->?/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)?[0x7f61d903aec5] and Aug?26?09:33:03?s-imap3?dovecot:?dsync-local(dv.iea-dpc.de):?Error:?/vmail/iea-dpc.de/dv/Maildir/.Projekte.BiSpra.erledigt/dovecot.index.log:?Transaction?log?changed?unexpectedly,?can't?get?modseq Aug?26?09:33:03?s-imap3?dovecot:?dsync-local(dv.iea-dpc.de):?Error:?/vmail/iea-dpc.de/dv/Maildir/.Projekte.BiSpra.erledigt/dovecot.index.log:?Transaction?log?changed?unexpectedly,?can't?get?modseq Can you help me? Gru? Andreas -- IEA Data Processing and Research Center Andreas Fineske ICT Services Mexikoring 37 22297 Hamburg Germany tel: +49 40 48 500-550 fax: +49 40 48 500-501 email:andreas.fineske at iea-dpc.de web: www.iea-dpc.de -- -- IEA Data Processing and Research Center Andreas Fineske Information and Communication Technology Services Mexikoring 37 22297 Hamburg Tel.: 040/48 500 550 Fax:??040/48 500 501 E-Mail: andreas.fineske at iea-dpc.de Web:??www.iea-dpc.de -- From miloslav.hula at gmail.com Thu Sep 3 09:36:09 2015 From: miloslav.hula at gmail.com (=?UTF-8?Q?Miloslav_H=c5=afla?=) Date: Thu, 3 Sep 2015 11:36:09 +0200 Subject: Unsubscribe from shared mailbox Message-ID: <55E81489.3090009@gmail.com> Hi, I'm using Dovecot 2.2.13-11 (Debian Jessie) and shared namespace (to be old Cyrus compatible setting): namespace { list = children location = maildir:/vmail/user/%%n/Maildir:INDEXPVT=/vmail/user/%n/Maildir/Shared/%%n prefix = user.%%n. separator = . subscriptions = yes type = shared } My account: milo Other account: peter After subscription, I have: /vmail/user/milo/Maildir/Shared/peter/.INBOX/dovecot.index.pvt.log After unsubscribe, file and folder still exists. Where Dovecot stores the information, that I had unsubscribed from this folder? I need this to analyze subscriptions over all mail acounts. Thank you, Miloslav From mfoley at ohprs.org Thu Sep 3 10:25:01 2015 From: mfoley at ohprs.org (Mark Foley) Date: Thu, 03 Sep 2015 06:25:01 -0400 Subject: How to "Windows Authenticate" In-Reply-To: <201509021731.t82HVZ4r021574@mail.hprs.local> References: <201509021731.t82HVZ4r021574@mail.hprs.local> Message-ID: <201509031025.t83AP1W5020976@mail.hprs.local> This can't be that hard. I think I've enabled LDAP in Dovecot just by including dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I now have the configuration shown below. Two questions: 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook accounts still have the ID and password set in "Logon Information". Checking "Require logon using Secure Password Authentication (SPA)" doesn't work. All I can seem to find on the Internet is how to configure address books using LDAP. 2. Should I remove "passdb { drive = shadow } from the dovecot configuration? Anybody? $ doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocols = imap ssl_cert = Date: Wed, 02 Sep 2015 13:31:35 -0400 To: dovecot at dovecot.org Subject: How to "Windows Authenticate" > I've been using Dovecot 2.2.15 as the IMAP server for Outlook (2010/2013) on > Windows workstations for over 6 months with no problems. Dovecot is hosted on > the office Samba4 AC/DC server. > > I have been using auth_mechanisms plain login, and passdb driver = shadow. > > What I'd like to do now is use the "Windows Authenticated" login so I don't have > to have separate passwords for users logging into the Windows AD workstations > and their Outlook clients. > > If anyone has actually done this I'd appreciate some tips. My various attempts > have not been successful. > > Here is my current config: > > $ doveconf -n > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > auth_debug_passwords = yes > auth_mechanisms = plain login > auth_verbose = yes > auth_verbose_passwords = plain > disable_plaintext_auth = no > info_log_path = /var/log/dovecot_info > mail_location = maildir:~/Maildir > passdb { > driver = shadow > } > protocols = imap > ssl_cert = ssl_key = userdb { > driver = passwd > } > verbose_ssl = yes > > Thanks, Mark Foley >From dovecot-bounces at dovecot.org Wed Sep 2 13:32:13 2015 Return-Path: X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.98.6 at mail X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ (2011-06-06) on mail.hprs.local X-Spam-Level: X-Spam-Status: No, score=0.0 required=3.0 tests=none autolearn=unavailable version=3.3.2-_revision__1.14__ X-Original-To: dovecot at dovecot.org Delivered-To: dovecot at dovecot.org X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.98.6 at mail From: Mark Foley Date: Wed, 02 Sep 2015 13:31:35 -0400 Organization: Ohio Highway Patrol Retirement System To: dovecot at dovecot.org Subject: How to "Windows Authenticate" User-Agent: Heirloom mailx 12.5 7/5/10 Content-Type: text/plain; charset=us-ascii X-BeenThere: dovecot at dovecot.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Dovecot Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dovecot-bounces at dovecot.org Sender: "dovecot" Status: R I've been using Dovecot 2.2.15 as the IMAP server for Outlook (2010/2013) on Windows workstations for over 6 months with no problems. Dovecot is hosted on the office Samba4 AC/DC server. I have been using auth_mechanisms plain login, and passdb driver = shadow. What I'd like to do now is use the "Windows Authenticated" login so I don't have to have separate passwords for users logging into the Windows AD workstations and their Outlook clients. If anyone has actually done this I'd appreciate some tips. My various attempts have not been successful. Here is my current config: $ doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = References: <55AF50DB.40001@bgoperator.com> <55AF74EC.3090704@bgoperator.com> <55B20C47.60809@bgoperator.com> Message-ID: <53DD7807-0914-40E9-8529-78DC07A6EAE5@iki.fi> On 24 Jul 2015, at 12:58, Sergey Schwartz wrote: > > I've got a bit more details > > Jul 24 10:21:50 mx10 dovecot: imap(oleg.vasilyev at bgoperator.com): *Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset): assertion failed: (offset < 0x40000000)* I think you have a huge >4 GB dovecot.index.cache file there? From rick at havokmon.com Thu Sep 3 11:53:19 2015 From: rick at havokmon.com (Rick Romero) Date: Thu, 03 Sep 2015 06:53:19 -0500 Subject: How to "Windows Authenticate" In-Reply-To: <201509031025.t83AP1W5020976@mail.hprs.local> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> Message-ID: <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> Hi Mark, I haven't done it, but I've played with the scenario enough to have an idea. What you want to do is have Outlook auth via NTLM to Dovecot.? First that means having the machine be a domain member (usually via Samba) in order to properly process NTLM/Kerberos handshake - which it appears you have. Second that means having Dovecot know how to accept NTLM authentication (SPA) to pass to the Samba backend. A 'Dovecot NTLM' search led me here: http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm What's not on the page that I'd expect to see, are the compile-time requirements for inclucing samba/kerberos libs within Dovecot.? If it doesn't 'just work' with the config changes in the wiki, you may need to recompile with the right features. Also - check the permissions of the ntlm_auth program. That's caused many issues with Radius installs, IIRC. Hope that helps! Rick Quoting Mark Foley : > This can't be that hard. I think I've enabled LDAP in Dovecot just by > including > dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > now have > the configuration shown below. Two questions: > > 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook > accounts still have the ID and password set in "Logon Information". > Checking > "Require logon using Secure Password Authentication (SPA)" doesn't work. > All I > can seem to find on the Internet is how to configure address books using > LDAP. > > 2. Should I remove "passdb { drive = shadow } from the dovecot > configuration? > > Anybody? > > $ doveconf -n > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > auth_debug_passwords = yes > auth_mechanisms = plain login > auth_verbose = yes > auth_verbose_passwords = plain > disable_plaintext_auth = no > info_log_path = /var/log/dovecot_info > mail_location = maildir:~/Maildir > passdb { > driver = shadow > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > protocols = imap > ssl_cert = ssl_key = userdb { > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > verbose_ssl = yes > > -----Original Message----- > From: Mark Foley > Date: Wed, 02 Sep 2015 13:31:35 -0400 > To: dovecot at dovecot.org > Subject: How to "Windows Authenticate" > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook >> (2010/2013) on >> Windows workstations for over 6 months with no problems.? Dovecot is >> hosted on >> the office Samba4 AC/DC server. >> >> I have been using auth_mechanisms plain login, and passdb driver = >> shadow. >> >> What I'd like to do now is use the "Windows Authenticated" login so I >> don't have >> to have separate passwords for users logging into the Windows AD >> workstations >> and their Outlook clients. >> >> If anyone has actually done this I'd appreciate some tips. My various >> attempts >> have not been successful. >> >> Here is my current config: >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> ? driver = shadow >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> ? driver = passwd >> } >> verbose_ssl = yes >> >> Thanks, Mark Foley > > From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 > Return-Path: > X-Virus-Status: Clean > X-Virus-Scanned: clamav-milter 0.98.6 at mail > X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > (2011-06-06) on > ? ? ? ? mail.hprs.local > X-Spam-Level: > X-Spam-Status: No, score=0.0 required=3.0 tests=none autolearn=unavailable > ? ? ? ? version=3.3.2-_revision__1.14__ > X-Original-To: dovecot at dovecot.org > Delivered-To: dovecot at dovecot.org > X-Virus-Status: Clean > X-Virus-Scanned: clamav-milter 0.98.6 at mail > From: Mark Foley > Date: Wed, 02 Sep 2015 13:31:35 -0400 > Organization: Ohio Highway Patrol Retirement System > To: dovecot at dovecot.org > Subject: How to "Windows Authenticate" > User-Agent: Heirloom mailx 12.5 7/5/10 > Content-Type: text/plain; charset=us-ascii > X-BeenThere: dovecot at dovecot.org > X-Mailman-Version: 2.1.17 > Precedence: list > List-Id: Dovecot Mailing List > List-Unsubscribe: , > ? ? ? ? > List-Archive: > List-Post: > List-Help: > List-Subscribe: , > ? ? ? ? > Errors-To: dovecot-bounces at dovecot.org > Sender: "dovecot" > Status: R > > I've been using Dovecot 2.2.15 as the IMAP server for Outlook > (2010/2013) on > Windows workstations for over 6 months with no problems.? Dovecot is > hosted on > the office Samba4 AC/DC server. > > I have been using auth_mechanisms plain login, and passdb driver = shadow. > > What I'd like to do now is use the "Windows Authenticated" login so I > don't have > to have separate passwords for users logging into the Windows AD > workstations > and their Outlook clients. > > If anyone has actually done this I'd appreciate some tips. My various > attempts > have not been successful. > > Here is my current config: > > $ doveconf -n > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > auth_debug_passwords = yes > auth_mechanisms = plain login > auth_verbose = yes > auth_verbose_passwords = plain > disable_plaintext_auth = no > info_log_path = /var/log/dovecot_info > mail_location = maildir:~/Maildir > passdb { > driver = shadow > } > protocols = imap > ssl_cert = ssl_key = userdb { > driver = passwd > } > verbose_ssl = yes > Thanks, Mark Foley From sergey.schwartz at bgoperator.com Thu Sep 3 12:32:55 2015 From: sergey.schwartz at bgoperator.com (Sergey Schwartz) Date: Thu, 3 Sep 2015 15:32:55 +0300 Subject: sieve filtering utf 8 strings In-Reply-To: <55E79249.5040707@rename-it.nl> References: <55E70FA4.2000301@bgoperator.com> <55E79249.5040707@rename-it.nl> Message-ID: <55E83DF7.40807@bgoperator.com> Stephan, You rock!!! The extra space is the bad guy :c) Looks like RoundCube webmail cuts off extra spaces from the subject in the UI. If I copy/paste subject from RC the second space is missing. Thunderbird showed all spaces as they are in the message source and filter works just fine now. Regarding the subjects itself - I didn't copy complete source, sorry, didn't thought you'll need it. Here is complete example Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= =?UTF-8?Q?=D0=B8=D1=8F__=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= =?UTF-8?Q?=D0=BD__id=3D12120000443610341?= =?UTF-8?Q?8_=D0=B7=D0=B0=D1=8F=D0=B2=D0=BA=D0=B0_845522195
=0A?= dovecot --version 2.2.18 (e157d13efac9) Best regards, Sergey Schwartz Senior System Administrator Biblio Globus Tour Operator www.bgoperator.ru T: +7 495 5042500 ext 1532 E: sergey.schwartz at bgoperator.com 03.09.2015 03:20, Stephan Bosch ?????: > Op 9/2/2015 om 5:03 PM schreef Sergey Schwartz: >> Guys, >> >> I'm completely stuck, so asking for advice. >> My user has a sieve script which checks message header if it contains >> words in russian like '???? ???????????? ?????????'. >> >> Pritty simple script >> >> # rule:[??????????] >> if allof (header :contains "subject" "LDS (robot): ???? ???????????? >> ?????????", header :contains "from" "noreply at bgoperator.com") >> { >> fileinto "??????????"; >> } >> >> I don't have errors compiling the script or executing it via LMTP, but >> it doesn't work. >> Normally user receives messages from robot with subject encoded as >> quoted-printable >> >> Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= >> =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= >> >> =?UTF-8?Q?=D0=B8=D1=8F__=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= >> >> >> >> When I send a test message via Thunderbird with required words - sieve >> works fine and subject is encoded in base64 >> >> Subject: >> =?UTF-8?B?0JvQuNGB0YIg0LHRgNC+0L3QuNGA0L7QstCw0L3QuNGPINC+0YLQv9GA?= >> =?UTF-8?B?0LDQstC70LXQvQ==?= >> >> It is the same text, but encodind is different - base 64 works fine >> and quoted-printable does not. >> Is it possible to have both supported for sieve ? > Both should be supported. I checked your encoded text using a test suite > script (see below for a long answer) and it seems that your encoding is > not what you expect. > > This: > > Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= > =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= > =?UTF-8?Q?=D0=B8=D1=8F__=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= > > Yields: > > "LDS (robot): ???? ???????????? ????????" > > Notice the two spaces before ???????? and the missing Cyrillic N at the > end. The two spaces are caused by the double '__' in the third line of > the encoded subject. The final N in the subject is just not encoded. > > This: > > Subject: =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= > =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= > =?UTF-8?Q?=D0=B8=D1=8F_=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= > =?UTF-8?Q?=D0=BD?= > > Yields: > > "LDS (robot): ???? ???????????? ?????????" > > Which is obviously OK. > > So, to me, it seems as though the program that creates these messages is > encoding the wrong text or is messing up encoding itself. > > Regards, > > Stephan. > > > LONG ANSWER: > > I wrote a little test suite script like this: > > > > I executed it from the source directory: > > $ src/testsuite/testsuite -Tlevel=matching -t - ~/frop.svtest > > > Test case: /home/stephan/frop.svtest: > > > ## Started executing script 'frop.svtest' > 3: testsuite: test_set command > 3: set test parameter 'message' = "Subject: > =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= > =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= > =?UTF-8?Q?=D0=B8=D1=8F__=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= > From: noreply at bgoperator.com > To: friep at example.net > > Frop! > " > > 14: ** Testsuite test start: "Test original" > 16: header test > 16: starting `:contains' match with `i;ascii-casemap' comparator: > 16: extracting `subject' headers from message > 16: matching value `LDS (robot): ???? ???????????? ????????' > 16: with key `LDS (robot): ???? ???????????? ?????????' => 0 > 16: finishing match with result: not matched > 17: jump if result is false > 17: jumping to line 20 > 20: testsuite: test_fail command; FAIL current test > 1: Test 'Test original' FAILED: Failed > 20: jumping to line 24 > 24: testsuite: test_set command > 24: set test parameter 'message' = "Subject: > =?UTF-8?Q?LDS_(robot):_=D0=9B=D0=B8=D1=81=D1=82?= > =?UTF-8?Q?_=D0=B1=D1=80=D0=BE=D0=BD=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD?= > =?UTF-8?Q?=D0=B8=D1=8F_=D0=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5?= > =?UTF-8?Q?=D0=BD?= > From: noreply at bgoperator.com > To: friep at example.net > > Frop! > " > > 36: ** Testsuite test start: "Test mended" > 38: header test > 38: starting `:contains' match with `i;ascii-casemap' comparator: > 38: extracting `subject' headers from message > 38: matching value `LDS (robot): ???? ???????????? ?????????' > 38: with key `LDS (robot): ???? ???????????? ?????????' => 1 > 38: finishing match with result: matched > 39: jump if result is false > 39: not jumping > 40: header test > 40: starting `:contains' match with `i;ascii-casemap' comparator: > 40: extracting `from' headers from message > 40: matching value `noreply at bgoperator.com' > 40: with key `noreply at bgoperator.com' => 1 > 40: finishing match with result: matched > 40: jump if result is false > 40: not jumping > 40: jumping to line 42 > 42: ** Testsuite test end > > 2: Test 'Test mended' SUCCEEDED > ## Finished executing script 'frop.svtest' > > FAIL: 1 of 2 tests failed. > > > Regards, > > Stephan. > > From support at antenna.nl Thu Sep 3 14:23:59 2015 From: support at antenna.nl (Support Antenna) Date: Thu, 3 Sep 2015 16:23:59 +0200 (CEST) Subject: disable quota for all users Message-ID: Dear all, On a new server (postfix dovecot postfixadmin Centos) I did define quota=0 in postfixadmin However suddenly a user with more than 9Gb of mail got his mailbox new/cur empty and maillog shows: Sep 3 15:43:56 mail16 dovecot: lda(brouwerb at scholarium.nl): Error: sieve: msgid=: failed to store into mailbox 'INBOX': Quota exceeded (mailbox for user is full) Sep 3 15:43:56 mail16 dovecot: lda(brouwerb at scholarium.nl): Error: sieve: script /home/sieve/globalfilter.sieve failed with unsuccessful implicit keep Sep 3 15:43:56 mail16 dovecot: lda(brouwerb at scholarium.nl): msgid=: rejected: Quota exceeded (mailbox for user is full) Apparently somewhere a quota is defined, probably in dovecot cd /etc/dovecot grep -R quota * |grep -v "#" conf.d/auth-vpopmail.conf.ext: args = quota_template=quota_rule=*:backend=%q dovecot.conf: mail_plugins = quota sieve dovecot.conf: mail_plugins = quota imap_quota trash dovecot.conf: mail_plugins = quota dovecot.conf: quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf dovecot.conf: quota = dict:user::proxy::quotadict dovecot-dict-quota.conf: pattern = priv/quota/storage dovecot-dict-quota.conf: table = quota2 dovecot-dict-quota.conf: pattern = priv/quota/messages dovecot-dict-quota.conf: table = quota2 dovecot-mysql.conf:user_query = SELECT concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active = '1' Output of dovecot -n : # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-573.3.1.el6.x86_64 x86_64 CentOS release 6.7 (Final) ext4 auth_mechanisms = plain login dict { quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } first_valid_gid = 12 first_valid_uid = 101 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_save_to_detail_mailbox = yes mail_location = maildir:/home/vmail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } plugin { acl = vfile:/etc/dovecot/acls quota = dict:user::proxy::quotadict sieve = ~/dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /home/sieve/ sieve_global_path = /home/sieve/globalfilter.sieve sieve_max_script_size = 1M trash = /etc/dovecot/trash.conf } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = mail mode = 0666 user = vmail } } service dict { unix_listener dict { group = mail mode = 0666 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap { vsz_limit = 256 M } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_ca = References: Message-ID: Sorry, forgot to mention: version 2.0.9 (dovecot.x86_64 1:2.0.9-19.el6.1) On Thu, 3 Sep 2015, Support Antenna wrote: > Dear all, > > On a new server (postfix dovecot postfixadmin Centos) > I did define quota=0 in postfixadmin > > However suddenly a user with more than 9Gb of mail got his mailbox new/cur > empty and maillog shows: > > Sep 3 15:43:56 mail16 dovecot: lda(brouwerb at scholarium.nl): Error: sieve: > msgid=: failed to > store into mailbox 'INBOX': Quota exceeded (mailbox for user is full) > Sep 3 15:43:56 mail16 dovecot: lda(brouwerb at scholarium.nl): Error: sieve: > script /home/sieve/globalfilter.sieve failed with unsuccessful implicit keep > Sep 3 15:43:56 mail16 dovecot: lda(brouwerb at scholarium.nl): > msgid=: rejected: > Quota exceeded (mailbox for user is full) > > > Apparently somewhere a quota is defined, probably in dovecot > > cd /etc/dovecot > grep -R quota * |grep -v "#" > conf.d/auth-vpopmail.conf.ext: args = quota_template=quota_rule=*:backend=%q > dovecot.conf: mail_plugins = quota sieve > dovecot.conf: mail_plugins = quota imap_quota trash > dovecot.conf: mail_plugins = quota > dovecot.conf: quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf > dovecot.conf: quota = dict:user::proxy::quotadict > dovecot-dict-quota.conf: pattern = priv/quota/storage > dovecot-dict-quota.conf: table = quota2 > dovecot-dict-quota.conf: pattern = priv/quota/messages > dovecot-dict-quota.conf: table = quota2 > dovecot-mysql.conf:user_query = SELECT concat('/home/vmail/', maildir) as > home, concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, > CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM mailbox WHERE > username = '%u' AND active = '1' > > Output of dovecot -n : > > # 2.0.9: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-573.3.1.el6.x86_64 x86_64 CentOS release 6.7 (Final) ext4 > auth_mechanisms = plain login > dict { > quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf > } > first_valid_gid = 12 > first_valid_uid = 101 > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > lmtp_save_to_detail_mailbox = yes > mail_location = maildir:/home/vmail/%d/%n > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date > passdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > plugin { > acl = vfile:/etc/dovecot/acls > quota = dict:user::proxy::quotadict > sieve = ~/dovecot.sieve > sieve_dir = ~/sieve > sieve_global_dir = /home/sieve/ > sieve_global_path = /home/sieve/globalfilter.sieve > sieve_max_script_size = 1M > trash = /etc/dovecot/trash.conf > } > protocols = imap pop3 lmtp sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > group = mail > mode = 0666 > user = vmail > } > } > service dict { > unix_listener dict { > group = mail > mode = 0666 > user = vmail > } > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service imap { > vsz_limit = 256 M > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > process_min_avail = 0 > service_count = 1 > vsz_limit = 64 M > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl_ca = ssl_cert = ssl_key = ssl_verify_client_cert = yes > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > protocol lda { > mail_plugins = quota sieve > postmaster_address = postmaster at antenna.nl > } > protocol imap { > imap_client_workarounds = delay-newmail > mail_plugins = quota imap_quota trash > } > protocol lmtp { > mail_plugins = sieve > } > protocol pop3 { > mail_plugins = quota > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol sieve { > managesieve_implementation_string = Dovecot Pigeonhole > managesieve_max_compile_errors = 5 > managesieve_max_line_length = 65536 > } > > > What should be changed where to disable quota (as to messages and space)? > > > Thanks a lot, > > warm regards, > > Tsj?bbe > From sergey.schwartz at bgoperator.com Thu Sep 3 14:35:01 2015 From: sergey.schwartz at bgoperator.com (Sergey Schwartz) Date: Thu, 3 Sep 2015 17:35:01 +0300 Subject: internal server error In-Reply-To: <53DD7807-0914-40E9-8529-78DC07A6EAE5@iki.fi> References: <55AF50DB.40001@bgoperator.com> <55AF74EC.3090704@bgoperator.com> <55B20C47.60809@bgoperator.com> <53DD7807-0914-40E9-8529-78DC07A6EAE5@iki.fi> Message-ID: <55E85A95.2030805@bgoperator.com> Timo, Probabbly it was, but I can't check it now. I was deploying replication with dsync and a few users got overloaded with duplicate messages. Each affected user had a few messages duplicated ~30 000 times. To workaround the issue I was trying to a) run deduplicate on the mailbox, and if it didn't help b) rebuild user with dsync backup. Best regards, Sergey Schwartz Senior System Administrator Biblio Globus Tour Operator www.bgoperator.ru T: +7 495 5042500 ext 1532 E: sergey.schwartz at bgoperator.com 03.09.2015 14:06, Timo Sirainen ?????: > On 24 Jul 2015, at 12:58, Sergey Schwartz wrote: >> I've got a bit more details >> >> Jul 24 10:21:50 mx10 dovecot: imap(oleg.vasilyev at bgoperator.com): *Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset): assertion failed: (offset < 0x40000000)* > I think you have a huge >4 GB dovecot.index.cache file there? > From sottilette at rfx.it Thu Sep 3 16:11:15 2015 From: sottilette at rfx.it (Franc) Date: Thu, 3 Sep 2015 18:11:15 +0200 (CEST) Subject: new server Message-ID: I am going to build a new box (2-3.000 users, 4-500 domains name (50-100 real, remaining used as redirect on the main (.it,.eu,.com,...)) . Is there any how-to or similar to follow for build an updated system? (My current boxes are based on CentoOS 6.x using included Dovecot + PostFix .rpms) I am thinking to CentOS 7.x + Dovecot + PostFix + RoundCube + Squirrel + procmail with unix users and virtual users. But I admit that systemd isn't still my best friend ... :-) In CentOS 7.x there is a default dovecot-2.2.10. Is it enough Ok or better use different rpms source? Any hints is welcomed :-) Thanks, F. From me at junc.eu Thu Sep 3 16:14:42 2015 From: me at junc.eu (Benny Pedersen) Date: Thu, 03 Sep 2015 18:14:42 +0200 Subject: disable quota for all users In-Reply-To: References: Message-ID: <382413979dff62d78b342203d00814b2@junc.eu> Support Antenna skrev den 2015-09-03 16:23: > dovecot-mysql.conf:user_query = SELECT concat('/home/vmail/', maildir) > as home, concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, > 12 AS gid, CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM > mailbox WHERE username = '%u' AND active = '1' over 10000 msgs but below quota size ? > sieve_max_script_size = 1M if its in same filesystem as maildir ? From me at junc.eu Thu Sep 3 16:16:52 2015 From: me at junc.eu (Benny Pedersen) Date: Thu, 03 Sep 2015 18:16:52 +0200 Subject: disable quota for all users In-Reply-To: References: Message-ID: <23e121077f640533dd8fa48980f4330f@junc.eu> Support Antenna skrev den 2015-09-03 16:30: > Sorry, forgot to mention: version 2.0.9 > (dovecot.x86_64 1:2.0.9-19.el6.1) >> # 2.0.9: /etc/dovecot/dovecot.conf >> # OS: Linux 2.6.32-573.3.1.el6.x86_64 x86_64 CentOS release 6.7 >> (Final) ext4 dovecot tell us all needed dont you read it self ? From support at antenna.nl Thu Sep 3 16:26:01 2015 From: support at antenna.nl (Support Antenna) Date: Thu, 3 Sep 2015 18:26:01 +0200 (CEST) Subject: disable quota for all users In-Reply-To: <382413979dff62d78b342203d00814b2@junc.eu> References: <382413979dff62d78b342203d00814b2@junc.eu> Message-ID: Hi Benny, Thanks a million, increasing the number of messages solved it! Kind regards, -- Tsjebbe On Thu, 3 Sep 2015, Benny Pedersen wrote: > Support Antenna skrev den 2015-09-03 16:23: > >> dovecot-mysql.conf:user_query = SELECT concat('/home/vmail/', maildir) >> as home, concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, >> 12 AS gid, CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM >> mailbox WHERE username = '%u' AND active = '1' > > over 10000 msgs but below quota size ? > >> sieve_max_script_size = 1M > > if its in same filesystem as maildir ? > From me at junc.eu Thu Sep 3 16:33:51 2015 From: me at junc.eu (Benny Pedersen) Date: Thu, 03 Sep 2015 18:33:51 +0200 Subject: disable quota for all users In-Reply-To: References: <382413979dff62d78b342203d00814b2@junc.eu> Message-ID: Support Antenna skrev den 2015-09-03 18:26: > Thanks a million, increasing the number of messages solved it! centos 7 is btw stable :=) From rgiles at arlut.utexas.edu Thu Sep 3 18:25:41 2015 From: rgiles at arlut.utexas.edu (Robert Giles) Date: Thu, 3 Sep 2015 13:25:41 -0500 Subject: Reviving an old thread: "requiring client certificates for external connections" Message-ID: <55E890A5.9080002@arlut.utexas.edu> Hi folks - reviving an old thread from 2010: http://www.dovecot.org/list/dovecot/2010-December/055837.html We're basically looking to do the same thing: require client certificates for external connections, while preserving certificate-less username/password authentication for internal connections. Any tips on the best way to accomplish this? 'ssl_verify_client_cert = yes' can go within a local {} block, but it doesn't seem to force the client to submit a certificate. Thanks in advance - Robert Giles -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3835 bytes Desc: S/MIME Cryptographic Signature URL: From paulo at matos-sorge.com Thu Sep 3 20:03:09 2015 From: paulo at matos-sorge.com (Paulo Matos) Date: Thu, 3 Sep 2015 21:03:09 +0100 Subject: Mailbox can't be created In-Reply-To: <55DF4F18.2030300@uni-x.org> References: <55DF4F18.2030300@uni-x.org> Message-ID: On 27/08/15 18:55, Alexander Dalloz wrote: > Am 27.08.2015 um 13:46 schrieb Paulo Matos: >> On 27/08/15 10:42, Muzaffer Tolga Ozses wrote: >>> Please check permissions as this sounds like a permissions issue m >> >> I am confused then. /home/vmail/Maildir is 700 for vmail:vmail. If >> dovecot-lda runs as vmail then there's no problem, if it runs as root it >> shouldn't face problems either. > > That statement is not correct nowadays as UNIX permissions aren't all > any longer. There are tools like AppArmor and in your case with Fedora > there is SELinux preventing even actions by root user. > > Make sure the SELinux context fits. "/home/vmail" and the subfolder > "Maildir" has to be SELinux labeled correctly. > > ausearch -m avc SElinux is not the issue in my case: $ sestatus SELinux status: disabled -- Paulo Matos From paulo at matos-sorge.com Thu Sep 3 20:10:00 2015 From: paulo at matos-sorge.com (Paulo Matos) Date: Thu, 3 Sep 2015 21:10:00 +0100 Subject: Mailbox can't be created In-Reply-To: <15F589F3-06B8-4191-9A9A-4BE18133F938@iki.fi> References: <15F589F3-06B8-4191-9A9A-4BE18133F938@iki.fi> Message-ID: On 29/08/15 11:31, Timo Sirainen wrote: > On 27 Aug 2015, at 12:07, Paulo Matos wrote: >> >> Aug 27 10:02:29 lda(): Info: msgid=: save failed to open mailbox PreINBOX: Mailbox can't be created > > I have no idea how you could get that error message. Looking at the code I don't see any way it could happen.. This error message exists only if the mailbox is tried to be created for a "fail" storage, which you can't really do. I'd maybe try recompiling Dovecot or something. > dovecot sources 2.2.18 (src/lib-storage/fail-mailbox.c): static int fail_mailbox_create(struct mailbox *box, const struct mailbox_update *update ATTR_UNUSED, bool directory ATTR_UNUSED) { mail_storage_set_error(box->storage, MAIL_ERROR_NOTPOSSIBLE, "Mailbox can't be created"); return -1; } -- Paulo Matos From emailgrant at gmail.com Fri Sep 4 04:19:08 2015 From: emailgrant at gmail.com (Grant) Date: Thu, 3 Sep 2015 21:19:08 -0700 Subject: 'doveadm expunge' with -A and userdb { driver = passwd } In-Reply-To: References: Message-ID: >> [?] >> Here's what my Gentoo-default auth-passwdfile.conf.ext says: >> >> passdb { >> driver = passwd-file >> args = scheme=CRYPT username_format=%u /etc/dovecot/users >> } >> userdb { >> driver = passwd-file >> args = username_format=%u /etc/dovecot/users >> } >> >> But I don't have an /etc/dovecot/users file. I also don't seem to >> have any mail user uid lower than 1000, but I do have some users above >> 1000 which aren?t mail users (nobody, etc). > > Hello Grant, > > So as to avoid any ambiguity, could you post the output of "doveconf -n"? Sure, here it is: # doveconf -n # 2.2.16: /etc/dovecot/dovecot.conf # OS: Linux x86_64 Gentoo Base System release 2.2 listen = 127.0.0.1 mail_location = maildir:~/.maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . } passdb { args = * driver = pam } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } protocols = imap service imap-login { inet_listener imap { port = 143 } } ssl_cert = References: Message-ID: <0AC5C234-6250-4F12-A7B7-BF6E61A02076@skynet.be> > Le 4 sept. 2015 ? 06:19, Grant a ?crit : > >>> [?] >>> >>> But I don't have an /etc/dovecot/users file. I also don't seem to >>> have any mail user uid lower than 1000, but I do have some users above >>> 1000 which aren?t mail users (nobody, etc). >> >> Hello Grant, >> >> So as to avoid any ambiguity, could you post the output of "doveconf -n"? > > > Sure, here it is: > > # doveconf -n > # 2.2.16: /etc/dovecot/dovecot.conf > # OS: Linux x86_64 Gentoo Base System release 2.2 > listen = 127.0.0.1 > mail_location = maildir:~/.maildir > [?] > passdb { > args = * > driver = pam > } > passdb { > args = scheme=CRYPT username_format=%u /etc/dovecot/users > driver = passwd-file > } > [?] > userdb { > driver = passwd > } > userdb { > args = username_format=%u /etc/dovecot/users > driver = passwd-file > } Thank you, Grant. It thus appears that your server is configured to make use of system users, for both user authentication and user lookup. That you don?t have a /etc/dovecot/users file just means that the system is the only source for user information. You may find more details at http://wiki2.dovecot.org/Authentication/MultipleDatabases. And yes, the warning about doveadm?s -A option thus appears to be relevant in your case. HTH, Axel From es at fruitcom.com Fri Sep 4 08:22:24 2015 From: es at fruitcom.com (Eric Smith) Date: Fri, 4 Sep 2015 10:22:24 +0200 Subject: apple mail fails to connect intermittently Message-ID: <20150904082224.GA13508@biovolt.nl> Hi (New to dovecot) I am experiencing intermittent connection failures with both apple mail and ios mail. No specific errors and I cannot find relevant information on the mac logs or on my server. It spontaneously corrects. restarting dovecot - no dice It just happened now (again), this time there might have been a reason, I just dovecot-lda'd some large mailboxes from mbox to Maildir. But as I said, it spontaneously corrects, so is downloading now. While this connection error is occurring, then I can connect to dovecot via a remote mutt session, via web imap client and via outlook. Is this a known issue? FWIW: % doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.19.0-26-generic i686 Ubuntu 15.04 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } mailbox virtual/All { special_use = \All } prefix = } passdb { driver = pam } postmaster_address = postmaster at biovolt.nl protocols = " imap lmtp" ssl_cert = References: <0AC5C234-6250-4F12-A7B7-BF6E61A02076@skynet.be> Message-ID: >>>> But I don't have an /etc/dovecot/users file. I also don't seem to >>>> have any mail user uid lower than 1000, but I do have some users above >>>> 1000 which aren?t mail users (nobody, etc). >>> >>> Hello Grant, >>> >>> So as to avoid any ambiguity, could you post the output of "doveconf -n"? >> >> >> Sure, here it is: >> >> # doveconf -n >> # 2.2.16: /etc/dovecot/dovecot.conf >> # OS: Linux x86_64 Gentoo Base System release 2.2 >> listen = 127.0.0.1 >> mail_location = maildir:~/.maildir >> [?] >> passdb { >> args = * >> driver = pam >> } >> passdb { >> args = scheme=CRYPT username_format=%u /etc/dovecot/users >> driver = passwd-file >> } >> [?] >> userdb { >> driver = passwd >> } >> userdb { >> args = username_format=%u /etc/dovecot/users >> driver = passwd-file >> } > > Thank you, Grant. > > It thus appears that your server is configured to make use of system users, for both user authentication and user lookup. That you don?t have a /etc/dovecot/users file just means that the system is the only source for user information. > > You may find more details at http://wiki2.dovecot.org/Authentication/MultipleDatabases. > > And yes, the warning about doveadm?s -A option thus appears to be relevant in your case. In that case it sounds like my best options would be to either continue expunging old mail with a separate line for each user or switch to /etc/dovecot/users for user lookup and maintain a list of mail users there so I can use doveadm -A. How can I switch to /etc/dovecot/users? - Grant From axel.luttgens at skynet.be Fri Sep 4 21:42:15 2015 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Fri, 4 Sep 2015 23:42:15 +0200 Subject: 'doveadm expunge' with -A and userdb { driver = passwd } In-Reply-To: References: <0AC5C234-6250-4F12-A7B7-BF6E61A02076@skynet.be> Message-ID: <4033C00F-ECCB-40A7-977E-8C722C6DAE23@skynet.be> > Le 4 sept. 2015 ? 19:38, Grant a ?crit : > [?] >> >> And yes, the warning about doveadm?s -A option thus appears to be relevant in your case. > > > In that case it sounds like my best options would be to either > continue expunging old mail with a separate line for each user or > switch to /etc/dovecot/users for user lookup and maintain a list of > mail users there so I can use doveadm -A. How can I switch to > /etc/dovecot/users? Note that the warning may be obsolete for recent versions of Dovecot, in the sense that (IIRC) doveadm?s iteration upon system users might honor the first_valid_uid (and last_valid_uid) settings since several years now. A quick look at the code tends to show this is indeed the case; of course, only Timo could tell for sure. ;-) Should it be the case, and provided you are running a sufficiently recent version of Dovecot, you could just explicitly set those values in your configuration file, in accordance to the uids you have allocated to your mail users. HTH, Axel From joe.beaubien at gmail.com Sat Sep 5 15:40:01 2015 From: joe.beaubien at gmail.com (Joe Beaubien) Date: Sat, 5 Sep 2015 11:40:01 -0400 Subject: Problems setting up SIS (duplicate files with same hash) Message-ID: Hi everyone, I am currently trying to setup our next dovecot server (2.2.18) with SIS enabled, but I have enconutered 1 problem and 1 question: *1) Same attachment, different filenames* I have a feeling a misconfigured something (or forgot to do something) because SIS almost works, but not quite since 3 identical attachment take 3x the space (see end of email for my SIS config). For 3 the emails I sent with the same attachment, I got 3 seperate files with the same hash name but a different string following the dash: -rw------- 1 info info 2.6M Sep 5 11:14 e35083e3280a21c6aaabbae8cb23d54493f514a5-6a22711a7b05eb5509480000045c9bf4 -rw------- 1 info info 2.6M Sep 5 11:16 e35083e3280a21c6aaabbae8cb23d54493f514a5-6c22711a7b05eb5509480000045c9bf4 -rw------- 2 info info 2.6M Sep 5 11:18 e35083e3280a21c6aaabbae8cb23d54493f514a5-6e22711a7b05eb5509480000045c9bf4 drwx------ 2 info info 4.0K Sep 5 11:18 hashes For the record, the "hashes" subfolder has only 1 hash (e35083e3280a21c6aaabbae8cb23d54493f514a5) which perfectly matches the first part of the 3 filenames. *2) Saving attachments under a generic name or more flexible permissions?* It seems that dovecot saves the attachment with the username and group of the user who has received the email. Is it possible to have dovecot save the attachments as a generic user (like dovecot or dovenull) so that all my different users can share the same pool of attachments? Alternatively, is it possible to have dovecot save the attachment under more flexible permissions so that they can be shared between users? This would allow us to save alot of disk space. *Here is the SIS config I am using:* mail_attachment_dir = /data/emails/attachments #mail_attachment_min_size = 128k #mail_attachment_fs = sis posix #mail_attachment_hash = %{sha1} Any help would be very much appreciated. Thank you, Joe B From joe.beaubien at gmail.com Sat Sep 5 15:52:37 2015 From: joe.beaubien at gmail.com (Joe Beaubien) Date: Sat, 5 Sep 2015 11:52:37 -0400 Subject: Problems setting up SIS (duplicate files with same hash) In-Reply-To: References: Message-ID: I'm starting to think there is something I don't understand about running dovecot with SIS. After I deleted the 3 emails that have the same attachment, the 3 attachments are still on disk (saved under the name of the hash). After running doveadm purge & doveadm deduplicate, the 3 attachments are still on disk (the 3 emails were the only emails on server, so I can guarantee that no other emails are pointing to the attachments). *What am I not understanding?* It makes no sense that the attachments would never be cleaned, so I am sure I am missing something. Best regards, Joe B On Sat, Sep 5, 2015 at 11:40 AM, Joe Beaubien wrote: > Hi everyone, > > I am currently trying to setup our next dovecot server (2.2.18) with SIS > enabled, but I have enconutered 1 problem and 1 question: > > > *1) Same attachment, different filenames* > > I have a feeling a misconfigured something (or forgot to do something) > because SIS almost works, but not quite since 3 identical attachment take > 3x the space (see end of email for my SIS config). > > For 3 the emails I sent with the same attachment, I got 3 seperate files > with the same hash name but a different string following the dash: > > -rw------- 1 info info 2.6M Sep 5 11:14 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6a22711a7b05eb5509480000045c9bf4 > -rw------- 1 info info 2.6M Sep 5 11:16 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6c22711a7b05eb5509480000045c9bf4 > -rw------- 2 info info 2.6M Sep 5 11:18 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6e22711a7b05eb5509480000045c9bf4 > drwx------ 2 info info 4.0K Sep 5 11:18 hashes > > For the record, the "hashes" subfolder has only 1 hash > (e35083e3280a21c6aaabbae8cb23d54493f514a5) which perfectly matches the > first part of the 3 filenames. > > > > *2) Saving attachments under a generic name or more flexible permissions?* > > It seems that dovecot saves the attachment with the username and group of > the user who has received the email. > > Is it possible to have dovecot save the attachments as a generic user > (like dovecot or dovenull) so that all my different users can share the > same pool of attachments? > > Alternatively, is it possible to have dovecot save the attachment under > more flexible permissions so that they can be shared between users? > > This would allow us to save alot of disk space. > > > *Here is the SIS config I am using:* > > mail_attachment_dir = /data/emails/attachments > #mail_attachment_min_size = 128k > #mail_attachment_fs = sis posix > #mail_attachment_hash = %{sha1} > > > > Any help would be very much appreciated. > > Thank you, > > Joe B > From debian at lhanke.de Sat Sep 5 20:46:01 2015 From: debian at lhanke.de (Lars Hanke) Date: Sat, 05 Sep 2015 22:46:01 +0200 Subject: Considerations for a not so simple set-up ... Message-ID: <55EB5489.4060500@lhanke.de> I want to set up a new IMAP server with Dovecot, so far I've been running Cyrus. I'm running dovecot on Debian Jessie. The general idea of the system would be: 1) Virtual users, i.e. login users are disjoint from any mail accounts. 2) Real-Users authenticate using their kerberos tickets. 3) There is a n-to-n mapping of real to virtual users. 4) Maildirs shall be stored on glusterfs. 5) Fallback passwords for cloud access Concerning 1) and 2) I keep reading that this is possible, but I could not find any concise and current description. I'd welcome pointers to howtos. Concerning 3) this should be a matter of ACL, e.g. a single real user (kerberos pricipal) may have several mail-boxes (virtual users), and groups of real users may share the same mail-box. I have a faint idea, how this could be done in Cyrus (but never did that), but I read that these features should exist in Dovecot as well. But I'm completely lost to even figure out a starting point. I appreciate any keywords for further reading. Concerning 4) I read that there are some issues using NFS. Are there any caveats when using gluster? Concerning 5) Users logging in from outside may not have TGT on their notebooks, which by design should run as stand-alone. They should nevertheless be able to access their mail. I currently think of another set of real users, but anything less messy is welcome. Did someone try something similar, already? Thanks for your help, - lars. From mfoley at ohprs.org Sat Sep 5 21:12:50 2015 From: mfoley at ohprs.org (Mark Foley) Date: Sat, 05 Sep 2015 17:12:50 -0400 Subject: How to "Windows Authenticate" In-Reply-To: <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> Message-ID: <201509052112.t85LCowS007652@mail.hprs.local> Rick et al, The link you gave was a start, but is targeted for Samba3 and is assuming a probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, and includes setting up kerberos. I'm using a Samba4 AD/DC with integrated kerberos (so I don't think there is any setup I can do there). Nevertheless I've followed the instructions otherwise; specifically adding to 10-auto.conf the following recommended lines: auth_use_winbind = yes auth_winbind_helper_path = /usr/bin/ntlm_auth mechanisms = plain ntlm login (Before, my 'mechanisms' were only plain and login). /usr/bin/ntlm_auth has global r/w privilege. I did not specify the static userdb since these users are configued in /etc/passwd and I thought that would work; example given in link (could that be an issue?): userdb static { args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln allow_all_users=yes } This didn't work. Also, existing, working Outlook connections using 'logon' (i.e. the userID and PW are configured in Outlook) stopped working. I changed a test Outlook client to check the 'Request login using Secure Password Authentication (SPA)' and also checked: More Settings > Outgoing Server > My outgoing server (SMTP) requires authentication' and 'Use same settings as my incoming mail server'. Note that on the "Change Account" dialog (where the SPA checkbox is) the 'User Name' and 'Password' retained their values and were not grayed out as I would have expected if using AD authentication. After doing the above and clicking 'Test Account Settings' I was re-promted to enter a password - also not expected. At bottom are the Dovecot log message I received after doing the 'Test Account Settings'. Surely, connecting from an Outlook client to Dovecot on a Samba4 AD/DC should be a very common implementation. Has someone done this successfully? Immediately below is my doveconf -n and below that the dovecot log messages. > doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain ntlm login auth_use_winbind = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = , method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=10220, session= Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 05 16:46:22 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 05 16:46:22 auth: Debug: Read auth token secret from /usr/local/var/run/dovecot/auth-token-secret.dat Sep 05 16:46:22 auth: Debug: auth client connected (pid=13487) Sep 05 16:46:22 auth: Debug: client in: AUTH 1 NTLM service=imap session=IlvqGwYf0wDAqAA6 lip=192.168.0.2 rip=192.168.0.58 lport=143 rport=52947 Sep 05 16:46:22 auth: Debug: client passdb out: OK 1 user=mark at hprs original_user=mark at HPRS Sep 05 16:46:22 auth: Debug: master in: REQUEST 3030384641 13487 1 bac5f6531f9d4c3316f93bd4c4a63ddd session_pid=13491 request_auth_token Sep 05 16:46:22 auth-worker(13492): Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 05 16:46:22 auth-worker(13492): Debug: shadow(mark at hprs,192.168.0.58): lookup Sep 05 16:46:22 auth-worker(13492): Info: shadow(mark at hprs,192.168.0.58): unknown user Sep 05 16:46:22 auth: Debug: master userdb out: NOTFOUND 3030384641 Sep 05 16:46:22 imap-login: Info: Internal login failure (pid=13487 id=1) (internal failure, 1 successful auths): user=, method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=13491, session= Thanks --Mark -----Original Message----- > Date: Thu, 03 Sep 2015 06:53:19 -0500 > From: Rick Romero > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Hi Mark, > > I haven't done it, but I've played with the scenario enough to have an > idea. > > What you want to do is have Outlook auth via NTLM to Dovecot.? > > First that means having the machine be a domain member (usually via Samba) > in order to properly process NTLM/Kerberos handshake - which it appears you > have. > Second that means having Dovecot know how to accept NTLM authentication > (SPA) to pass to the Samba backend. > > A 'Dovecot NTLM' search led me here: > http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > > What's not on the page that I'd expect to see, are the compile-time > requirements for inclucing samba/kerberos libs within Dovecot.? If it > doesn't 'just work' with the config changes in the wiki, you may need to > recompile with the right features. > > Also - check the permissions of the ntlm_auth program. That's caused many > issues with Radius installs, IIRC. > > Hope that helps! > > Rick > > Quoting Mark Foley : > > > This can't be that hard. I think I've enabled LDAP in Dovecot just by > > including > > dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > > now have > > the configuration shown below. Two questions: > > > > 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook > > accounts still have the ID and password set in "Logon Information". > > Checking > > "Require logon using Secure Password Authentication (SPA)" doesn't work. > > All I > > can seem to find on the Internet is how to configure address books using > > LDAP. > > > > 2. Should I remove "passdb { drive = shadow } from the dovecot > > configuration? > > > > Anybody? > > > > $ doveconf -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > passdb { > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > userdb { > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > verbose_ssl = yes > > > > -----Original Message----- > > From: Mark Foley > > Date: Wed, 02 Sep 2015 13:31:35 -0400 > > To: dovecot at dovecot.org > > Subject: How to "Windows Authenticate" > > > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> ? driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> ? driver = passwd > >> } > >> verbose_ssl = yes > >> > >> Thanks, Mark Foley > > > > From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 > > Return-Path: > > X-Virus-Status: Clean > > X-Virus-Scanned: clamav-milter 0.98.6 at mail > > X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > > (2011-06-06) on > > ? ? ? ? mail.hprs.local > > X-Spam-Level: > > X-Spam-Status: No, score=0.0 required=3.0 tests=none > autolearn=unavailable > > ? ? ? ? version=3.3.2-_revision__1.14__ > > X-Original-To: dovecot at dovecot.org > > Delivered-To: dovecot at dovecot.org > > X-Virus-Status: Clean > > X-Virus-Scanned: clamav-milter 0.98.6 at mail > > From: Mark Foley > > Date: Wed, 02 Sep 2015 13:31:35 -0400 > > Organization: Ohio Highway Patrol Retirement System > > To: dovecot at dovecot.org > > Subject: How to "Windows Authenticate" > > User-Agent: Heirloom mailx 12.5 7/5/10 > > Content-Type: text/plain; charset=us-ascii > > X-BeenThere: dovecot at dovecot.org > > X-Mailman-Version: 2.1.17 > > Precedence: list > > List-Id: Dovecot Mailing List > > List-Unsubscribe: , > > ? ? ? ? > > List-Archive: > > List-Post: > > List-Help: > > List-Subscribe: , > > ? ? ? ? > > Errors-To: dovecot-bounces at dovecot.org > > Sender: "dovecot" > > Status: R > > > > I've been using Dovecot 2.2.15 as the IMAP server for Outlook > > (2010/2013) on > > Windows workstations for over 6 months with no problems.? Dovecot is > > hosted on > > the office Samba4 AC/DC server. > > > > I have been using auth_mechanisms plain login, and passdb driver = > shadow. > > > > What I'd like to do now is use the "Windows Authenticated" login so I > > don't have > > to have separate passwords for users logging into the Windows AD > > workstations > > and their Outlook clients. > > > > If anyone has actually done this I'd appreciate some tips. My various > > attempts > > have not been successful. > > > > Here is my current config: > > > > $ doveconf -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > verbose_ssl = yes > > Thanks, Mark Foley > From dovecot-bounces at dovecot.org Thu Sep 3 07:53:44 2015 > Return-Path: > X-Virus-Status: Clean > X-Virus-Scanned: clamav-milter 0.98.6 at mail > X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ (2011-06-06) on > mail.hprs.local > X-Spam-Level: > X-Spam-Status: No, score=0.0 required=3.0 tests=none autolearn=ham > version=3.3.2-_revision__1.14__ > X-Original-To: dovecot at dovecot.org > Delivered-To: dovecot at dovecot.org > Date: Thu, 03 Sep 2015 06:53:19 -0500 > From: Rick Romero > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) > X-VFEmail-Originating-IP: MTA3LjEzNi4xNDQuMjMw > X-VFEmail-AntiSpam: Notify admin at vfemail.net of any spam, and include > VFEmail headers > Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes > Content-Disposition: inline > Content-Description: Plaintext Message > X-Content-Filtered-By: Mailman/MimeDel 2.1.17 > X-BeenThere: dovecot at dovecot.org > X-Mailman-Version: 2.1.17 > Precedence: list > List-Id: Dovecot Mailing List > List-Unsubscribe: , > > List-Archive: > List-Post: > List-Help: > List-Subscribe: , > > Errors-To: dovecot-bounces at dovecot.org > Sender: "dovecot" > Status: R > > Hi Mark, > > I haven't done it, but I've played with the scenario enough to have an > idea. > > What you want to do is have Outlook auth via NTLM to Dovecot.? > > First that means having the machine be a domain member (usually via Samba) > in order to properly process NTLM/Kerberos handshake - which it appears you > have. > Second that means having Dovecot know how to accept NTLM authentication > (SPA) to pass to the Samba backend. > > A 'Dovecot NTLM' search led me here: > http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > > What's not on the page that I'd expect to see, are the compile-time > requirements for inclucing samba/kerberos libs within Dovecot.? If it > doesn't 'just work' with the config changes in the wiki, you may need to > recompile with the right features. > > Also - check the permissions of the ntlm_auth program. That's caused many > issues with Radius installs, IIRC. > > Hope that helps! > > Rick > > Quoting Mark Foley : > > > This can't be that hard. I think I've enabled LDAP in Dovecot just by > > including > > dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > > now have > > the configuration shown below. Two questions: > > > > 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook > > accounts still have the ID and password set in "Logon Information". > > Checking > > "Require logon using Secure Password Authentication (SPA)" doesn't work. > > All I > > can seem to find on the Internet is how to configure address books using > > LDAP. > > > > 2. Should I remove "passdb { drive = shadow } from the dovecot > > configuration? > > > > Anybody? > > > > $ doveconf -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > passdb { > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > userdb { > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > verbose_ssl = yes > > > > -----Original Message----- > > From: Mark Foley > > Date: Wed, 02 Sep 2015 13:31:35 -0400 > > To: dovecot at dovecot.org > > Subject: How to "Windows Authenticate" > > > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> ? driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> ? driver = passwd > >> } > >> verbose_ssl = yes > >> > >> Thanks, Mark Foley > > > > From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 > > Return-Path: > > X-Virus-Status: Clean > > X-Virus-Scanned: clamav-milter 0.98.6 at mail > > X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > > (2011-06-06) on > > ? ? ? ? mail.hprs.local > > X-Spam-Level: > > X-Spam-Status: No, score=0.0 required=3.0 tests=none > autolearn=unavailable > > ? ? ? ? version=3.3.2-_revision__1.14__ > > X-Original-To: dovecot at dovecot.org > > Delivered-To: dovecot at dovecot.org > > X-Virus-Status: Clean > > X-Virus-Scanned: clamav-milter 0.98.6 at mail > > From: Mark Foley > > Date: Wed, 02 Sep 2015 13:31:35 -0400 > > Organization: Ohio Highway Patrol Retirement System > > To: dovecot at dovecot.org > > Subject: How to "Windows Authenticate" > > User-Agent: Heirloom mailx 12.5 7/5/10 > > Content-Type: text/plain; charset=us-ascii > > X-BeenThere: dovecot at dovecot.org > > X-Mailman-Version: 2.1.17 > > Precedence: list > > List-Id: Dovecot Mailing List > > List-Unsubscribe: , > > ? ? ? ? > > List-Archive: > > List-Post: > > List-Help: > > List-Subscribe: , > > ? ? ? ? > > Errors-To: dovecot-bounces at dovecot.org > > Sender: "dovecot" > > Status: R > > > > I've been using Dovecot 2.2.15 as the IMAP server for Outlook > > (2010/2013) on > > Windows workstations for over 6 months with no problems.? Dovecot is > > hosted on > > the office Samba4 AC/DC server. > > > > I have been using auth_mechanisms plain login, and passdb driver = > shadow. > > > > What I'd like to do now is use the "Windows Authenticated" login so I > > don't have > > to have separate passwords for users logging into the Windows AD > > workstations > > and their Outlook clients. > > > > If anyone has actually done this I'd appreciate some tips. My various > > attempts > > have not been successful. > > > > Here is my current config: > > > > $ doveconf -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > verbose_ssl = yes > > Thanks, Mark Foley > From tss at iki.fi Sat Sep 5 23:44:03 2015 From: tss at iki.fi (Timo Sirainen) Date: Sun, 6 Sep 2015 02:44:03 +0300 Subject: Mailbox can't be created In-Reply-To: References: <15F589F3-06B8-4191-9A9A-4BE18133F938@iki.fi> Message-ID: > On 03 Sep 2015, at 23:10, Paulo Matos wrote: > > On 29/08/15 11:31, Timo Sirainen wrote: >> On 27 Aug 2015, at 12:07, Paulo Matos wrote: >>> >>> Aug 27 10:02:29 lda(): Info: msgid=: save failed to open mailbox PreINBOX: Mailbox can't be created >> >> I have no idea how you could get that error message. Looking at the code I don't see any way it could happen.. This error message exists only if the mailbox is tried to be created for a "fail" storage, which you can't really do. I'd maybe try recompiling Dovecot or something. >> > > dovecot sources 2.2.18 (src/lib-storage/fail-mailbox.c): > static int > fail_mailbox_create(struct mailbox *box, > const struct mailbox_update *update ATTR_UNUSED, > bool directory ATTR_UNUSED) > { Add here: i_panic("can't get here"); Then when it crashes, get gdb backtrace as described by http://dovecot.org/bugreport.html From compte-dovecot at ingescom.com Sun Sep 6 16:55:52 2015 From: compte-dovecot at ingescom.com (Samuel) Date: Sun, 06 Sep 2015 18:55:52 +0200 Subject: doveadm quota recalc problem for domain Message-ID: <55EC7018.3010002@ingescom.com> Hello, I've set up user quota and domain quota for dict SQL and all seems OK. New mail for user increase the user quota and the domain quota. Deleting email count down user quota and domain quota. But in case of SQL failure, I'm trying to rebuild the user quota and domain quota with doveadm quota recalc. The problem is that the command : 'doveadm quota recalc -u foo at bar' sets the domain quota only with user foo at bar even when I try a domain quota recalc : doveadm quota recalc -A or doveadm quota recalc -u *@bar (only one user is taken in account for the domain quota and not all the user). The domain SQL database is broken with value of only one user for the whole domain quota. So how to achieve rebuild domain quota correctly with doveadm ? Thanks a lot. Samuel. Debian Jessie Dovecot : 2.2.13 custom grsec kernel :Linux postfix 3.14.50-grsec-1 ########################## dovecot -n : # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14.50-grsec-1 x86_64 Debian 8.1 nfs4 auth_mechanisms = plain login auth_verbose = yes dict { quota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf quota_domain = mysql:/etc/dovecot/dovecot-dict-sql-domain.conf } lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes login_trusted_networks = XXXXXX/24 mail_location = maildir:/maildir/%d/%n/Maildir mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = dict:user::proxy::quota quota2 = dict:domain:%d:proxy::quota_domain quota_grace = 10M quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_warning = storage=100%% quota-warning 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=80%% quota-warning 80 %u quota_warning4 = -storage=100%% quota-warning below %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve lmtp service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service dict { unix_listener dict { mode = 0666 user = dovecot } } service quota-status { executable = quota-status -p postfix inet_listener { port = 12340 } } service quota-warning { client_limit = 1 executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = vmail } ssl_cert = Hello, I'm trying to get Dovecot to use GSSAPI for authentication. I have an IPA server on CentOS 7 with a bunch of my servers attached to the IPA domain, including the server running Dovecot. I've followed official documentation from Red Hat and read numerous wiki articles on how to configure Dovecot to get it to use GSSAPI correctly. I don't think I've done anything incorrectly, but it refuses to work. This is the error I'm seeing: mailman02 dovecot: imap-login: Disconnected (tried to use unsupported auth mechanism): user=<>, method=PLAIN, rip=1.1.1.1, lip=2.2.2.2, TLS, session= I don't understand why no username is being passed. My mail client is Evolution 3.10.4. FYI, Dovecot does work fine using a user/password file. I'm just trying to switch it over to GSSAPI so that I can manage passwords from one system. Any help would be appreciated. Regards, Ranbir -- Kanwar R.S. Sandhu From mfoley at ohprs.org Mon Sep 7 00:31:21 2015 From: mfoley at ohprs.org (Mark Foley) Date: Sun, 06 Sep 2015 20:31:21 -0400 Subject: How to "Windows Authenticate" In-Reply-To: <201509052112.t85LCowS007652@mail.hprs.local> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> Message-ID: <201509070031.t870VLCY019948@mail.hprs.local> More info ... My dovecot error log shows: Sep 05 16:45:19 auth: Debug: client in: AUTH 1 NTLM service=imap Sep 05 16:45:19 auth: Debug: client passdb out: OK 1 user=mark at hprs original_user=mark at HPRS Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713 10219 1 f56352c207cb8f6dea4d264b2c0f8dc1 session_pid=10220 request_auth_token Sep 05 16:45:19 auth-worker(5498): Debug: shadow(mark at hprs,192.168.0.58): lookup Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): unknown user Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND 998899713 whereas the successful 'plain login' config'ed mechanism (before adding NTLM config) have: Sep 06 20:27:38 auth-worker(18616): Debug: shadow(mark,104.6.249.210): lookup The failed ntlm look-up is looking up user mark at hprs in shadow, which it doesn't find. Is there a way to strip the "@hprs" bit from the user so it can find the correct entry in /etc/shadow? That might fix the problem. --Mark -----Original Message----- From: Mark Foley Date: Sat, 05 Sep 2015 17:12:50 -0400 To: dovecot at dovecot.org Subject: Re: How to "Windows Authenticate" Rick et al, The link you gave was a start, but is targeted for Samba3 and is assuming a probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, and includes setting up kerberos. I'm using a Samba4 AD/DC with integrated kerberos (so I don't think there is any setup I can do there). Nevertheless I've followed the instructions otherwise; specifically adding to 10-auto.conf the following recommended lines: auth_use_winbind = yes auth_winbind_helper_path = /usr/bin/ntlm_auth mechanisms = plain ntlm login (Before, my 'mechanisms' were only plain and login). /usr/bin/ntlm_auth has global r/w privilege. I did not specify the static userdb since these users are configued in /etc/passwd and I thought that would work; example given in link (could that be an issue?): userdb static { args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln allow_all_users=yes } This didn't work. Also, existing, working Outlook connections using 'logon' (i.e. the userID and PW are configured in Outlook) stopped working. I changed a test Outlook client to check the 'Request login using Secure Password Authentication (SPA)' and also checked: More Settings > Outgoing Server > My outgoing server (SMTP) requires authentication' and 'Use same settings as my incoming mail server'. Note that on the "Change Account" dialog (where the SPA checkbox is) the 'User Name' and 'Password' retained their values and were not grayed out as I would have expected if using AD authentication. After doing the above and clicking 'Test Account Settings' I was re-promted to enter a password - also not expected. At bottom are the Dovecot log message I received after doing the 'Test Account Settings'. Surely, connecting from an Outlook client to Dovecot on a Samba4 AD/DC should be a very common implementation. Has someone done this successfully? Immediately below is my doveconf -n and below that the dovecot log messages. > doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain ntlm login auth_use_winbind = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = , method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=10220, session= Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 05 16:46:22 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 05 16:46:22 auth: Debug: Read auth token secret from /usr/local/var/run/dovecot/auth-token-secret.dat Sep 05 16:46:22 auth: Debug: auth client connected (pid=13487) Sep 05 16:46:22 auth: Debug: client in: AUTH 1 NTLM service=imap session=IlvqGwYf0wDAqAA6 lip=192.168.0.2 rip=192.168.0.58 lport=143 rport=52947 Sep 05 16:46:22 auth: Debug: client passdb out: OK 1 user=mark at hprs original_user=mark at HPRS Sep 05 16:46:22 auth: Debug: master in: REQUEST 3030384641 13487 1 bac5f6531f9d4c3316f93bd4c4a63ddd session_pid=13491 request_auth_token Sep 05 16:46:22 auth-worker(13492): Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 05 16:46:22 auth-worker(13492): Debug: shadow(mark at hprs,192.168.0.58): lookup Sep 05 16:46:22 auth-worker(13492): Info: shadow(mark at hprs,192.168.0.58): unknown user Sep 05 16:46:22 auth: Debug: master userdb out: NOTFOUND 3030384641 Sep 05 16:46:22 imap-login: Info: Internal login failure (pid=13487 id=1) (internal failure, 1 successful auths): user=, method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=13491, session= Thanks --Mark -----Original Message----- > Date: Thu, 03 Sep 2015 06:53:19 -0500 > From: Rick Romero > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Hi Mark, > > I haven't done it, but I've played with the scenario enough to have an > idea. > > What you want to do is have Outlook auth via NTLM to Dovecot.? > > First that means having the machine be a domain member (usually via Samba) > in order to properly process NTLM/Kerberos handshake - which it appears you > have. > Second that means having Dovecot know how to accept NTLM authentication > (SPA) to pass to the Samba backend. > > A 'Dovecot NTLM' search led me here: > http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > > What's not on the page that I'd expect to see, are the compile-time > requirements for inclucing samba/kerberos libs within Dovecot.? If it > doesn't 'just work' with the config changes in the wiki, you may need to > recompile with the right features. > > Also - check the permissions of the ntlm_auth program. That's caused many > issues with Radius installs, IIRC. > > Hope that helps! > > Rick > > Quoting Mark Foley : > > > This can't be that hard. I think I've enabled LDAP in Dovecot just by > > including > > dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > > now have > > the configuration shown below. Two questions: > > > > 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook > > accounts still have the ID and password set in "Logon Information". > > Checking > > "Require logon using Secure Password Authentication (SPA)" doesn't work. > > All I > > can seem to find on the Internet is how to configure address books using > > LDAP. > > > > 2. Should I remove "passdb { drive = shadow } from the dovecot > > configuration? > > > > Anybody? > > > > $ doveconf -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > passdb { > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > userdb { > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > verbose_ssl = yes > > > > -----Original Message----- > > From: Mark Foley > > Date: Wed, 02 Sep 2015 13:31:35 -0400 > > To: dovecot at dovecot.org > > Subject: How to "Windows Authenticate" > > > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> ? driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> ? driver = passwd > >> } > >> verbose_ssl = yes > >> > >> Thanks, Mark Foley > > > > From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 > > Return-Path: > > X-Virus-Status: Clean > > X-Virus-Scanned: clamav-milter 0.98.6 at mail > > X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > > (2011-06-06) on > > ? ? ? ? mail.hprs.local > > X-Spam-Level: > > X-Spam-Status: No, score=0.0 required=3.0 tests=none > autolearn=unavailable > > ? ? ? ? version=3.3.2-_revision__1.14__ > > X-Original-To: dovecot at dovecot.org > > Delivered-To: dovecot at dovecot.org > > X-Virus-Status: Clean > > X-Virus-Scanned: clamav-milter 0.98.6 at mail > > From: Mark Foley > > Date: Wed, 02 Sep 2015 13:31:35 -0400 > > Organization: Ohio Highway Patrol Retirement System > > To: dovecot at dovecot.org > > Subject: How to "Windows Authenticate" > > User-Agent: Heirloom mailx 12.5 7/5/10 > > Content-Type: text/plain; charset=us-ascii > > X-BeenThere: dovecot at dovecot.org > > X-Mailman-Version: 2.1.17 > > Precedence: list > > List-Id: Dovecot Mailing List > > List-Unsubscribe: , > > ? ? ? ? > > List-Archive: > > List-Post: > > List-Help: > > List-Subscribe: , > > ? ? ? ? > > Errors-To: dovecot-bounces at dovecot.org > > Sender: "dovecot" > > Status: R > > > > I've been using Dovecot 2.2.15 as the IMAP server for Outlook > > (2010/2013) on > > Windows workstations for over 6 months with no problems.? Dovecot is > > hosted on > > the office Samba4 AC/DC server. > > > > I have been using auth_mechanisms plain login, and passdb driver = > shadow. > > > > What I'd like to do now is use the "Windows Authenticated" login so I > > don't have > > to have separate passwords for users logging into the Windows AD > > workstations > > and their Outlook clients. > > > > If anyone has actually done this I'd appreciate some tips. My various > > attempts > > have not been successful. > > > > Here is my current config: > > > > $ doveconf -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > verbose_ssl = yes > > Thanks, Mark Foley > From dovecot-bounces at dovecot.org Thu Sep 3 07:53:44 2015 > Return-Path: > X-Virus-Status: Clean > X-Virus-Scanned: clamav-milter 0.98.6 at mail > X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ (2011-06-06) on > mail.hprs.local > X-Spam-Level: > X-Spam-Status: No, score=0.0 required=3.0 tests=none autolearn=ham > version=3.3.2-_revision__1.14__ > X-Original-To: dovecot at dovecot.org > Delivered-To: dovecot at dovecot.org > Date: Thu, 03 Sep 2015 06:53:19 -0500 > From: Rick Romero > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) > X-VFEmail-Originating-IP: MTA3LjEzNi4xNDQuMjMw > X-VFEmail-AntiSpam: Notify admin at vfemail.net of any spam, and include > VFEmail headers > Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes > Content-Disposition: inline > Content-Description: Plaintext Message > X-Content-Filtered-By: Mailman/MimeDel 2.1.17 > X-BeenThere: dovecot at dovecot.org > X-Mailman-Version: 2.1.17 > Precedence: list > List-Id: Dovecot Mailing List > List-Unsubscribe: , > > List-Archive: > List-Post: > List-Help: > List-Subscribe: , > > Errors-To: dovecot-bounces at dovecot.org > Sender: "dovecot" > Status: R > > Hi Mark, > > I haven't done it, but I've played with the scenario enough to have an > idea. > > What you want to do is have Outlook auth via NTLM to Dovecot.? > > First that means having the machine be a domain member (usually via Samba) > in order to properly process NTLM/Kerberos handshake - which it appears you > have. > Second that means having Dovecot know how to accept NTLM authentication > (SPA) to pass to the Samba backend. > > A 'Dovecot NTLM' search led me here: > http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > > What's not on the page that I'd expect to see, are the compile-time > requirements for inclucing samba/kerberos libs within Dovecot.? If it > doesn't 'just work' with the config changes in the wiki, you may need to > recompile with the right features. > > Also - check the permissions of the ntlm_auth program. That's caused many > issues with Radius installs, IIRC. > > Hope that helps! > > Rick > > Quoting Mark Foley : > > > This can't be that hard. I think I've enabled LDAP in Dovecot just by > > including > > dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > > now have > > the configuration shown below. Two questions: > > > > 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook > > accounts still have the ID and password set in "Logon Information". > > Checking > > "Require logon using Secure Password Authentication (SPA)" doesn't work. > > All I > > can seem to find on the Internet is how to configure address books using > > LDAP. > > > > 2. Should I remove "passdb { drive = shadow } from the dovecot > > configuration? > > > > Anybody? > > > > $ doveconf -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > passdb { > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > userdb { > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > verbose_ssl = yes > > > > -----Original Message----- > > From: Mark Foley > > Date: Wed, 02 Sep 2015 13:31:35 -0400 > > To: dovecot at dovecot.org > > Subject: How to "Windows Authenticate" > > > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> ? driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> ? driver = passwd > >> } > >> verbose_ssl = yes > >> > >> Thanks, Mark Foley > > > > From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 > > Return-Path: > > X-Virus-Status: Clean > > X-Virus-Scanned: clamav-milter 0.98.6 at mail > > X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > > (2011-06-06) on > > ? ? ? ? mail.hprs.local > > X-Spam-Level: > > X-Spam-Status: No, score=0.0 required=3.0 tests=none > autolearn=unavailable > > ? ? ? ? version=3.3.2-_revision__1.14__ > > X-Original-To: dovecot at dovecot.org > > Delivered-To: dovecot at dovecot.org > > X-Virus-Status: Clean > > X-Virus-Scanned: clamav-milter 0.98.6 at mail > > From: Mark Foley > > Date: Wed, 02 Sep 2015 13:31:35 -0400 > > Organization: Ohio Highway Patrol Retirement System > > To: dovecot at dovecot.org > > Subject: How to "Windows Authenticate" > > User-Agent: Heirloom mailx 12.5 7/5/10 > > Content-Type: text/plain; charset=us-ascii > > X-BeenThere: dovecot at dovecot.org > > X-Mailman-Version: 2.1.17 > > Precedence: list > > List-Id: Dovecot Mailing List > > List-Unsubscribe: , > > ? ? ? ? > > List-Archive: > > List-Post: > > List-Help: > > List-Subscribe: , > > ? ? ? ? > > Errors-To: dovecot-bounces at dovecot.org > > Sender: "dovecot" > > Status: R > > > > I've been using Dovecot 2.2.15 as the IMAP server for Outlook > > (2010/2013) on > > Windows workstations for over 6 months with no problems.? Dovecot is > > hosted on > > the office Samba4 AC/DC server. > > > > I have been using auth_mechanisms plain login, and passdb driver = > shadow. > > > > What I'd like to do now is use the "Windows Authenticated" login so I > > don't have > > to have separate passwords for users logging into the Windows AD > > workstations > > and their Outlook clients. > > > > If anyone has actually done this I'd appreciate some tips. My various > > attempts > > have not been successful. > > > > Here is my current config: > > > > $ doveconf -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > verbose_ssl = yes > > Thanks, Mark Foley > From m3freak at thesandhufamily.ca Mon Sep 7 14:47:30 2015 From: m3freak at thesandhufamily.ca (Kanwar Ranbir Sandhu) Date: Mon, 07 Sep 2015 10:47:30 -0400 Subject: Dovecot and IPA In-Reply-To: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> Message-ID: <1441637250.23223.8.camel@master.theinside.rnr> On Sun, 2015-09-06 at 17:41 -0400, Kanwar Ranbir Sandhu wrote: > I've followed official documentation from Red Hat and read numerous wiki > articles on how to configure Dovecot to get it to use GSSAPI correctly. > I don't think I've done anything incorrectly, but it refuses to work. > This is the error I'm seeing: > > mailman02 dovecot: imap-login: Disconnected (tried to use unsupported > auth mechanism): user=<>, method=PLAIN, rip=1.1.1.1, lip=2.2.2.2, TLS, > session= > > I don't understand why no username is being passed. My mail client is > Evolution 3.10.4. Anyone? I could really use some help with trouble shooting my setup. Kerberos + Dovecot apparently works really well, but not for me...yet. :( Ranbir -- Kanwar R.S. Sandhu From me at junc.eu Mon Sep 7 15:07:18 2015 From: me at junc.eu (Benny Pedersen) Date: Mon, 07 Sep 2015 17:07:18 +0200 Subject: Dovecot and IPA In-Reply-To: <1441637250.23223.8.camel@master.theinside.rnr> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> Message-ID: <11e50b5273875e397c55141497d4089a@junc.eu> Kanwar Ranbir Sandhu skrev den 2015-09-07 16:47: > Kerberos + Dovecot apparently works really well, but not for > me...yet. :( you choiced to use a precompiled problem from redhat, no ? if you used freebsd or gentoo there whould only be learning curve left back to your problem, are you sure maintainer at redhat enabled kerberos auth login ? if need more help ask the maintainer for the rpm package, or still convenced its a bug in dovecot show dovecot -n, i have lost if you already have, but lets take it from there on From MANUEL.DELGADO at ucr.ac.cr Mon Sep 7 15:14:26 2015 From: MANUEL.DELGADO at ucr.ac.cr (Manuel Delgado) Date: Mon, 07 Sep 2015 09:14:26 -0600 Subject: Dovecot and IPA In-Reply-To: <1441637250.23223.8.camel@master.theinside.rnr> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> Message-ID: Hi Ranbir I've worked with freeIPA a little, but without your doveconf or some other context information, it is difficult to identify the issue. Regards, Manuel Delgado ----------------------------------------------------------- *Usuario Linux* *#520940 * Mag. Computaci?n e Inform?tica Universidad de Costa Rica Centro de Inform?tica On Mon, Sep 7, 2015 at 8:47 AM, Kanwar Ranbir Sandhu < m3freak at thesandhufamily.ca> wrote: > On Sun, 2015-09-06 at 17:41 -0400, Kanwar Ranbir Sandhu wrote: > > I've followed official documentation from Red Hat and read numerous wiki > > articles on how to configure Dovecot to get it to use GSSAPI correctly. > > I don't think I've done anything incorrectly, but it refuses to work. > > This is the error I'm seeing: > > > > mailman02 dovecot: imap-login: Disconnected (tried to use unsupported > > auth mechanism): user=<>, method=PLAIN, rip=1.1.1.1, lip=2.2.2.2, TLS, > > session= > > > > I don't understand why no username is being passed. My mail client is > > Evolution 3.10.4. > > Anyone? I could really use some help with trouble shooting my setup. > > Kerberos + Dovecot apparently works really well, but not for > me...yet. :( > > Ranbir > > -- > Kanwar R.S. Sandhu > From m3freak at thesandhufamily.ca Mon Sep 7 16:02:04 2015 From: m3freak at thesandhufamily.ca (Kanwar Ranbir Sandhu) Date: Mon, 07 Sep 2015 12:02:04 -0400 Subject: Dovecot and IPA In-Reply-To: References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> Message-ID: <1441641724.9217.2.camel@master.theinside.rnr> On Mon, 2015-09-07 at 09:14 -0600, Manuel Delgado wrote: > Hi Ranbir > > I've worked with freeIPA a little, but without your doveconf or some other > context information, it is difficult to identify the issue. Crap...I meant to include that. Here's what it looks like when I enable GSSAPI: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-229.11.1.el7.x86_64 x86_64 CentOS Linux release 7.1.1503 (Core) auth_default_realm = theinside.rnr auth_gssapi_hostname = mailman02.theinside.rnr auth_krb5_keytab = /etc/imap.keytab auth_mechanisms = gssapi auth_realms = theinside.rnr hostname = imap.thesandhufamily.ca listen = 1.1.0.0 mail_gid = virtual mail_location = maildir:~/Maildir mail_plugins = quota acl mail_uid = virtual managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace { location = maildir:/var/spool/mail/thesandhufamily.ca/public prefix = Public. separator = . subscriptions = no type = public } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } plugin { acl = vfile quota = maildir:User quota quota_rule = *:storage=500M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster@%d protocols = imap lmtp service auth-worker { user = $default_internal_user } service auth { inet_listener { address = 1.1.0.0 port = 17900 } unix_listener auth-userdb { group = virtual mode = 0600 user = virtual } } service imap-login { process_min_avail = 5 } service imap { process_limit = 10 } service lmtp { inet_listener lmtp { address = 1.1.0.0 port = 24 } } ssl = required ssl_cert = References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> <11e50b5273875e397c55141497d4089a@junc.eu> Message-ID: <1441642059.9217.5.camel@master.theinside.rnr> On Mon, 2015-09-07 at 17:07 +0200, Benny Pedersen wrote: > Kanwar Ranbir Sandhu skrev den 2015-09-07 16:47: > > > Kerberos + Dovecot apparently works really well, but not for > > me...yet. :( > > you choiced to use a precompiled problem from redhat, no ? Yes. Well, not Red Hat directly - I'm using CentOS. > back to your problem, are you sure maintainer at redhat enabled kerberos > auth login ? Yes, I can see AUTH=GSSAPI when I telnet to the server and get a list of Dovecot's capabilities. > if need more help ask the maintainer for the rpm package, or still > convenced its a bug in dovecot show dovecot -n, i have lost if you > already have, but lets take it from there on I don't think it's a bug in Dovecot. I have feeling I have a misconfiguration, but I can't figure out what it is. I sent my config in a reply to another list member's message. Maybe the broken part will jump out now. Thanks, Ranbir -- Kanwar R.S. Sandhu From me at junc.eu Mon Sep 7 16:39:56 2015 From: me at junc.eu (Benny Pedersen) Date: Mon, 07 Sep 2015 18:39:56 +0200 Subject: Dovecot and IPA In-Reply-To: <1441641724.9217.2.camel@master.theinside.rnr> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> <1441641724.9217.2.camel@master.theinside.rnr> Message-ID: Kanwar Ranbir Sandhu skrev den 2015-09-07 18:02: > args = uid=virtual gid=virtual home=/var/spool/mail/%d/%n/ uid and gid must be nummeric just like output from id id virtual make the args have same info From m3freak at thesandhufamily.ca Mon Sep 7 16:54:33 2015 From: m3freak at thesandhufamily.ca (Kanwar Ranbir Sandhu) Date: Mon, 07 Sep 2015 12:54:33 -0400 Subject: Dovecot and IPA In-Reply-To: References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> <1441641724.9217.2.camel@master.theinside.rnr> Message-ID: <1441644873.9217.7.camel@master.theinside.rnr> On Mon, 2015-09-07 at 18:39 +0200, Benny Pedersen wrote: > Kanwar Ranbir Sandhu skrev den 2015-09-07 18:02: > > > args = uid=virtual gid=virtual home=/var/spool/mail/%d/%n/ > > uid and gid must be nummeric just like output from id > > id virtual > > make the args have same info That's never caused any issues before. In fact, in my normal configuration (i.e. no GSSAPI auth) it works just fine. Is GSSAPI auth the only auth method that needs a numeric ID? Regards, Ranbir -- Kanwar R.S. Sandhu From m3freak at thesandhufamily.ca Mon Sep 7 17:29:47 2015 From: m3freak at thesandhufamily.ca (Kanwar Ranbir Sandhu) Date: Mon, 07 Sep 2015 13:29:47 -0400 Subject: Dovecot and IPA In-Reply-To: References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> <1441641724.9217.2.camel@master.theinside.rnr> Message-ID: <1441646987.14760.1.camel@master.theinside.rnr> On Mon, 2015-09-07 at 18:39 +0200, Benny Pedersen wrote: > Kanwar Ranbir Sandhu skrev den 2015-09-07 18:02: > > > args = uid=virtual gid=virtual home=/var/spool/mail/%d/%n/ > > uid and gid must be nummeric just like output from id > > id virtual > > make the args have same info I tried it for shits and giggles: no change. :( I'm still seeing the same problem. -- Kanwar R.S. Sandhu From m3freak at thesandhufamily.ca Mon Sep 7 17:34:01 2015 From: m3freak at thesandhufamily.ca (Kanwar Ranbir Sandhu) Date: Mon, 07 Sep 2015 13:34:01 -0400 Subject: Dovecot and IPA In-Reply-To: <1441646987.14760.1.camel@master.theinside.rnr> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> <1441641724.9217.2.camel@master.theinside.rnr> <1441646987.14760.1.camel@master.theinside.rnr> Message-ID: <1441647241.14760.3.camel@master.theinside.rnr> On Mon, 2015-09-07 at 13:29 -0400, Kanwar Ranbir Sandhu wrote: > I tried it for shits and giggles: no change. :( I'm still seeing the > same problem. I forget to add some additional errors I've seen in the logs: http://pastebin.ca/3155329 -- Kanwar R.S. Sandhu From tss at iki.fi Mon Sep 7 17:37:51 2015 From: tss at iki.fi (Timo Sirainen) Date: Mon, 7 Sep 2015 20:37:51 +0300 Subject: Dovecot and IPA In-Reply-To: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> Message-ID: > On 07 Sep 2015, at 00:41, Kanwar Ranbir Sandhu wrote: > > Hello, > > I'm trying to get Dovecot to use GSSAPI for authentication. I have an IPA server on CentOS 7 with a bunch of my servers attached to the IPA domain, including the server running Dovecot. > > I've followed official documentation from Red Hat and read numerous wiki articles on how to configure Dovecot to get it to use GSSAPI correctly. I don't think I've done anything incorrectly, but it refuses to work. This is the error I'm seeing: > > mailman02 dovecot: imap-login: Disconnected (tried to use unsupported auth mechanism): user=<>, method=PLAIN, rip=1.1.1.1, lip=2.2.2.2, TLS, session= It says "tried to use unsupported auth mechanism". In your later mail you say that telnet shows AUTH=GSSAPI in capabilities. So that would mean that the client isn't using AUTHENTICATE GSSAPI but something else. Set auth_debug=yes and/or see what the client actually does by enabling pre-login rawlog: http://wiki2.dovecot.org/Debugging/Rawlog From MANUEL.DELGADO at ucr.ac.cr Mon Sep 7 17:45:07 2015 From: MANUEL.DELGADO at ucr.ac.cr (Manuel Delgado) Date: Mon, 07 Sep 2015 11:45:07 -0600 Subject: Dovecot and IPA In-Reply-To: <1441641724.9217.2.camel@master.theinside.rnr> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> <1441641724.9217.2.camel@master.theinside.rnr> Message-ID: >From the first message I noted this: mailman02 dovecot: imap-login: Disconnected (tried to use unsupported auth > mechanism): user=<>, method=PLAIN, rip=1.1.1.1, lip=2.2.2.2, TLS, > session= It seems that your client is not using GSSAPI, but PLAIN instead. About your config: On Mon, Sep 7, 2015 at 10:02 AM, Kanwar Ranbir Sandhu < m3freak at thesandhufamily.ca> wrote: > > > auth_default_realm = theinside.rnr > auth_realms = theinside.rnr > In my configs I was forced to use REALM in uppercase. When I used it lowercase I had issues mainly with PAM. > auth_krb5_keytab = /etc/imap.keytab Double-check that your keytab is correctly authorized in IPA and it's still valid. In my case I had to setup a cron to refresh the keytab. (Remember chown it, so Dovecot can read it) Regards, Manuel Delgado ----------------------------------------------------------- *Usuario Linux* *#520940 * Mag. Computaci?n e Inform?tica Universidad de Costa Rica Centro de Inform?tica From me at junc.eu Mon Sep 7 17:47:53 2015 From: me at junc.eu (Benny Pedersen) Date: Mon, 07 Sep 2015 19:47:53 +0200 Subject: Dovecot and IPA In-Reply-To: <1441646987.14760.1.camel@master.theinside.rnr> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> <1441641724.9217.2.camel@master.theinside.rnr> <1441646987.14760.1.camel@master.theinside.rnr> Message-ID: <6da710cb773db6c4a51e732b54f7fcb5@junc.eu> Kanwar Ranbir Sandhu skrev den 2015-09-07 19:29: > I tried it for shits and giggles: no change. :( I'm still seeing the > same problem. dovecot is buildt with security in mind... using namebased gid or uid is not secure it might just still works, but its not secure From pch at myzel.net Mon Sep 7 18:21:55 2015 From: pch at myzel.net (Peter Chiochetti) Date: Mon, 7 Sep 2015 20:21:55 +0200 Subject: Dovecot and IPA In-Reply-To: <6da710cb773db6c4a51e732b54f7fcb5@junc.eu> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> <1441641724.9217.2.camel@master.theinside.rnr> <1441646987.14760.1.camel@master.theinside.rnr> <6da710cb773db6c4a51e732b54f7fcb5@junc.eu> Message-ID: <55EDD5C3.6010706@myzel.net> Am 2015-09-07 um 19:47 schrieb Benny Pedersen: > Kanwar Ranbir Sandhu skrev den 2015-09-07 19:29: > >> I tried it for shits and giggles: no change. :( I'm still seeing the >> same problem. > > dovecot is buildt with security in mind... > > using namebased gid or uid is not secure > > it might just still works, but its not secure Benny, where did you learn all this? -- peter From tss at iki.fi Mon Sep 7 18:56:56 2015 From: tss at iki.fi (Timo Sirainen) Date: Mon, 7 Sep 2015 21:56:56 +0300 Subject: question on autch cache parameters In-Reply-To: <55C21E22.10808@securepoint.de> References: <55C21E22.10808@securepoint.de> Message-ID: <7CA2D39E-5D94-4A76-9A99-FF39C375EF25@iki.fi> Fixed: http://hg.dovecot.org/dovecot-2.2/rev/b7f7ad2bc4d0 > On 05 Aug 2015, at 17:30, matthias lay wrote: > > Hi list, > > I have a question on auth caching in 2.2.18. > > I am using acl_groups for a master user, appended in a static userdb file > > # snip ############################### > master at uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster > allow_nets=127.0.0.1 > # snap ############################### > > and use this group in a global ACL file. > I discovered this only works on first NOT-cached login > > > > environment in imap-postlogin script on first login: > > > AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c > MASTER_USER=master at uma > SPUSER=private/pdf > LOCAL_IP=127.0.0.1 > USER=pdf > AUTH_USER=master at uma > PWD=/var/run/dovecot > USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER > SHLVL=1 > HOME=/var/data/vmail/private/pdf > ACL_GROUPS=umareadmaster > IP=127.0.0.1 > _=/usr/bin/env > > > on the second cached login it looks like this > > > AUTH_TOKEN=12703b11932f233520f6d4b33559c33aeb1cfc7f > MASTER_USER=master at uma > SPUSER=private/pdf > LOCAL_IP=127.0.0.1 > USER=pdf > AUTH_USER=master at uma > PWD=/var/run/dovecot > USERDB_KEYS=HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER > SHLVL=1 > HOME=/var/data/vmail/private/pdf > IP=127.0.0.1 > _=/usr/bin/env > > so the ACL_GROUPS is gone. > > is this intended to be like that. > so groups not included in cache and I have to find another approach? > > anybody else encountered similar problems with some auth Variables and > caching? > > > Greetz Matze From tss at iki.fi Mon Sep 7 19:08:39 2015 From: tss at iki.fi (Timo Sirainen) Date: Mon, 7 Sep 2015 22:08:39 +0300 Subject: Dovecot 2.2.18 Panic: file index-mail-binary.c In-Reply-To: <20150728091215.Horde.gmc7i3jGADyFKBjMowoMTOj@hermes.dg4yfa.org> References: <20150728091215.Horde.gmc7i3jGADyFKBjMowoMTOj@hermes.dg4yfa.org> Message-ID: <7F317F52-2AAF-4B81-A24A-BBDE4593993F@iki.fi> On 28 Jul 2015, at 10:12, Michael Borgelt wrote: > > Hi, > I got the following in my dovecot log's on an particular email message with dovecot-imap. > > ---snip--- > Jul 28 08:42:11 hermes dovecot: imap(mborgelt): Panic: file index-mail-binary.c: line 354 (blocks_count_lines): assertion failed: (ret == -1) Not sure why this wasn't more commonly happening, but here's the fix: http://hg.dovecot.org/dovecot-2.2/rev/865405fce42e From me at junc.eu Mon Sep 7 19:27:00 2015 From: me at junc.eu (Benny Pedersen) Date: Mon, 07 Sep 2015 21:27:00 +0200 Subject: Dovecot and IPA In-Reply-To: <55EDD5C3.6010706@myzel.net> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441637250.23223.8.camel@master.theinside.rnr> <1441641724.9217.2.camel@master.theinside.rnr> <1441646987.14760.1.camel@master.theinside.rnr> <6da710cb773db6c4a51e732b54f7fcb5@junc.eu> <55EDD5C3.6010706@myzel.net> Message-ID: <5f5196b2a75f9249d1ac1b8ea038a4c4@junc.eu> Peter Chiochetti skrev den 2015-09-07 20:21: >> dovecot is buildt with security in mind... >> using namebased gid or uid is not secure >> it might just still works, but its not secure > Benny, where did you learn all this? not here, since no one care :) time for my own coffee break after a long day From tss at iki.fi Mon Sep 7 19:34:40 2015 From: tss at iki.fi (Timo Sirainen) Date: Mon, 07 Sep 2015 22:34:40 +0300 Subject: [Patch] Fix hang in safe_sendfile on SmartOS In-Reply-To: References: Message-ID: <55EDE6D0.10400@iki.fi> On 07/16/2015 06:03 PM, Sebastian Wiedenroth wrote: > Fix hang in safe_sendfile on SmartOS > > The call to sendfile on SmartOS can fail with EOPNOTSUPP. This is a valid error > code and documented in the man page. This error code needs to be handled or > else dovecot will retry the sendfile call endlessly and hang. Committed .. However, I think a more important bug is that it hangs. It's definitely not supposed to hang. Which process was it that was hanging How can I reproduce that? I can only get it to disconnect the IMAP client. From rick at havokmon.com Mon Sep 7 01:00:11 2015 From: rick at havokmon.com (Rick Romero) Date: Sun, 06 Sep 2015 20:00:11 -0500 Subject: How to "Windows Authenticate" In-Reply-To: <201509070031.t870VLCY019948@mail.hprs.local> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> Message-ID: <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> Hmm.? I would expect to see 'mark at hprs.com'.? Whatever your full domain name is. It also won't look up /etc/shadow - Samba is doing the AD->Unix UID mapping.? Your AD users shouldn't be in there when all is said and done.? Well, at when I did a Samba4 install as a DC it still behaved like a Samba3 member, and there were no AD users in the local unix passwd files. What does wbinfo -u provide?? It should list all your users - especially because it's an DC.? Whatever wbinfo -u shows, you may need to adjust another config file to match waht Dovecot is receiving.? I assume /etc/nsswitch.conf has been modified to use Samba? Sorry I haven't done this, but it doesn't seem like anyone else has either - so I'm just shooting in the dark here trying to get you steered in the right direction... Rick Quoting Mark Foley : > More info ... > > My dovecot error log shows: > > Sep 05 16:45:19 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? > service=imap > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ? > ?user=mark at hprs? original_user=mark at HPRS > Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713? ? ? ?10219? > ?1? ? ? ?f56352c207cb8f6dea4d264b2c0f8dc1? ? ? ?session_pid=10220? ? ? > ?request_auth_token > Sep 05 16:45:19 auth-worker(5498): Debug: > shadow(mark at hprs,192.168.0.58): lookup > Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > unknown user > Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ? 998899713 > > whereas the successful 'plain login' config'ed mechanism (before adding > NTLM > config) have: > > Sep 06 20:27:38 auth-worker(18616): Debug: shadow(mark,104.6.249.210): > lookup > > The failed ntlm look-up is looking up user mark at hprs in shadow, which it > doesn't > find. Is there a way to strip the "@hprs" bit from the user so it can > find the > correct entry in /etc/shadow? That might fix the problem. > > --Mark > > -----Original Message----- > From: Mark Foley > Date: Sat, 05 Sep 2015 17:12:50 -0400 > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Rick et al, > > The link you gave was a start, but is targeted for Samba3 and is > assuming a > probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, > and > includes setting up kerberos. > > I'm using a Samba4 AD/DC with integrated kerberos (so I don't think > there is any > setup I can do there).? Nevertheless I've followed the instructions > otherwise; > specifically adding to 10-auto.conf the following recommended lines: > > auth_use_winbind = yes > auth_winbind_helper_path = /usr/bin/ntlm_auth > mechanisms = plain ntlm login > > (Before, my 'mechanisms' were only plain and login). /usr/bin/ntlm_auth > has > global r/w privilege. > > I did not specify the static userdb since these users are configued in > /etc/passwd and I thought that would work; example given in link (could > that be > an issue?): > > userdb static { > ? args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln > ? mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln > ? allow_all_users=yes > } > > This didn't work. Also, existing, working Outlook connections using > 'logon' > (i.e. the userID and PW are configured in Outlook) stopped working. > > I changed a test Outlook client to check the 'Request login using Secure > Password Authentication (SPA)' and also checked: More Settings > > Outgoing Server >> My outgoing server (SMTP) requires authentication' and 'Use same >> settings as > > my incoming mail server'.? Note that on the "Change Account" dialog > (where the > SPA checkbox is) the 'User Name' and 'Password' retained their values > and were > not grayed out as I would have expected if using AD authentication. > > After doing the above and clicking 'Test Account Settings' I was > re-promted to > enter a password - also not expected. At bottom are the Dovecot log > message I > received after doing the 'Test Account Settings'. > > Surely, connecting from an Outlook client to Dovecot on a Samba4 AD/DC > should be > a very common implementation. Has someone done this successfully? > > Immediately below is my doveconf -n and below that the dovecot log > messages. > >> doveconf -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > auth_debug_passwords = yes > auth_mechanisms = plain ntlm login > auth_use_winbind = yes > auth_verbose = yes > auth_verbose_passwords = plain > disable_plaintext_auth = no > info_log_path = /var/log/dovecot_info > mail_location = maildir:~/Maildir > passdb { > driver = shadow > } > protocols = imap > ssl_cert = ssl_key = userdb { > driver = passwd > } > verbose_ssl = yes > > dovecot log after doing 'Test Account Settings' in Outlook: > > Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be > used for ECDH and ECDHE key exchanges > Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be > used for ECDH and ECDHE key exchanges > Sep 05 16:45:19 auth: Debug: auth client connected (pid=10219) > Sep 05 16:45:19 auth: Debug: client in: AUTH? ? ? ? 1? ? ? ? NTLM? ? ? ? > service=imap? ? ? ? session=HXssGAYf0ADAqAA6? ? ? ? lip=192.168.0.2? ? ? > ? rip=192.168.0.58? ? ? ? lport=143? ? ? ? rport=52944 > Sep 05 16:45:19 auth: Debug: client passdb out: CONT? ? ? ? 1 > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? ? 1? ? ? ? > user=mark at hprs? ? ? ? original_user=mark at HPRS > Sep 05 16:45:19 auth: Debug: master in: REQUEST? ? ? ? 998899713? ? ? ? > 10219? ? ? ? 1? ? ? ? f56352c207cb8f6dea4d264b2c0f8dc1? ? ? ? > session_pid=10220? ? ? ? request_auth_token > Sep 05 16:45:19 auth-worker(5498): Debug: > shadow(mark at hprs,192.168.0.58): lookup > Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > unknown user > Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ? 998899713 > Sep 05 16:45:19 imap-login: Info: Internal login failure (pid=10219 > id=1) (internal failure, 1 successful auths): user=, > method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=10220, > session= > Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be > used for ECDH and ECDHE key exchanges > Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be > used for ECDH and ECDHE key exchanges > Sep 05 16:46:22 auth: Debug: Loading modules from directory: > /usr/local/lib/dovecot/auth > Sep 05 16:46:22 auth: Debug: Read auth token secret from > /usr/local/var/run/dovecot/auth-token-secret.dat > Sep 05 16:46:22 auth: Debug: auth client connected (pid=13487) > Sep 05 16:46:22 auth: Debug: client in: AUTH? ? ? ? 1? ? ? ? NTLM? ? ? ? > service=imap? ? ? ? session=IlvqGwYf0wDAqAA6? ? ? ? lip=192.168.0.2? ? ? > ? rip=192.168.0.58? ? ? ? lport=143? ? ? ? rport=52947 > Sep 05 16:46:22 auth: Debug: client passdb out: OK? ? ? ? 1? ? ? ? > user=mark at hprs? ? ? ? original_user=mark at HPRS > Sep 05 16:46:22 auth: Debug: master in: REQUEST? ? ? ? 3030384641? ? ? ? > 13487? ? ? ? 1? ? ? ? bac5f6531f9d4c3316f93bd4c4a63ddd? ? ? ? > session_pid=13491? ? ? ? request_auth_token > Sep 05 16:46:22 auth-worker(13492): Debug: Loading modules from > directory: /usr/local/lib/dovecot/auth > Sep 05 16:46:22 auth-worker(13492): Debug: > shadow(mark at hprs,192.168.0.58): lookup > Sep 05 16:46:22 auth-worker(13492): Info: > shadow(mark at hprs,192.168.0.58): unknown user > Sep 05 16:46:22 auth: Debug: master userdb out: NOTFOUND? ? ? ? 3030384641 > Sep 05 16:46:22 imap-login: Info: Internal login failure (pid=13487 > id=1) (internal failure, 1 successful auths): user=, > method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=13491, > session= > > Thanks --Mark > > -----Original Message----- >> Date: Thu, 03 Sep 2015 06:53:19 -0500 >> From: Rick Romero >> To: dovecot at dovecot.org >> Subject: Re: How to "Windows Authenticate" >> >> ? Hi Mark, >> >> I haven't done it, but I've played with the scenario enough to have an >> idea. >> >> What you want to do is have Outlook auth via NTLM to Dovecot.? >> >> First that means having the machine be a domain member (usually via >> Samba) >> in order to properly process NTLM/Kerberos handshake - which it appears >> you >> have. >> Second that means having Dovecot know how to accept NTLM authentication >> (SPA) to pass to the Samba backend. >> >> A 'Dovecot NTLM' search led me here: >> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm >> >> What's not on the page that I'd expect to see, are the compile-time >> requirements for inclucing samba/kerberos libs within Dovecot.? If it >> doesn't 'just work' with the config changes in the wiki, you may need to >> recompile with the right features. >> >> Also - check the permissions of the ntlm_auth program. That's caused many >> issues with Radius installs, IIRC. >> >> Hope that helps! >> >> Rick >> >> Quoting Mark Foley : >> >> This can't be that hard. I think I've enabled LDAP in Dovecot just by >> including >> dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I >> now have >> the configuration shown below. Two questions: >> >> 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook >> accounts still have the ID and password set in "Logon Information". >> Checking >> "Require logon using Secure Password Authentication (SPA)" doesn't work. >> All I >> can seem to find on the Internet is how to configure address books using >> LDAP. >> >> 2. Should I remove "passdb { drive = shadow } from the dovecot >> configuration? >> >> Anybody? >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> driver = shadow >> } >> passdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> userdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> verbose_ssl = yes >> >> -----Original Message----- >> From: Mark Foley >> Date: Wed, 02 Sep 2015 13:31:35 -0400 >> To: dovecot at dovecot.org >> Subject: How to "Windows Authenticate" >> >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook >> (2010/2013) on >> Windows workstations for over 6 months with no problems.? Dovecot is >> hosted on >> the office Samba4 AC/DC server. >> >> I have been using auth_mechanisms plain login, and passdb driver = >> shadow. >> >> What I'd like to do now is use the "Windows Authenticated" login so I >> don't have >> to have separate passwords for users logging into the Windows AD >> workstations >> and their Outlook clients. >> >> If anyone has actually done this I'd appreciate some tips. My various >> attempts >> have not been successful. >> >> Here is my current config: >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> ? driver = shadow >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> ? driver = passwd >> } >> verbose_ssl = yes >> >> Thanks, Mark Foley >> >> From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 >> Return-Path: >> X-Virus-Status: Clean >> X-Virus-Scanned: clamav-milter 0.98.6 at mail >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ >> (2011-06-06) on >> ? ? ? ? mail.hprs.local >> X-Spam-Level: >> X-Spam-Status: No, score=0.0 required=3.0 tests=none >> autolearn=unavailable >> ? ? ? ? version=3.3.2-_revision__1.14__ >> X-Original-To: dovecot at dovecot.org >> Delivered-To: dovecot at dovecot.org >> X-Virus-Status: Clean >> X-Virus-Scanned: clamav-milter 0.98.6 at mail >> From: Mark Foley >> Date: Wed, 02 Sep 2015 13:31:35 -0400 >> Organization: Ohio Highway Patrol Retirement System >> To: dovecot at dovecot.org >> Subject: How to "Windows Authenticate" >> User-Agent: Heirloom mailx 12.5 7/5/10 >> Content-Type: text/plain; charset=us-ascii >> X-BeenThere: dovecot at dovecot.org >> X-Mailman-Version: 2.1.17 >> Precedence: list >> List-Id: Dovecot Mailing List >> List-Unsubscribe: , >> ? ? ? ? >> List-Archive: >> List-Post: >> List-Help: >> List-Subscribe: , >> ? ? ? ? >> Errors-To: dovecot-bounces at dovecot.org >> Sender: "dovecot" >> Status: R >> >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook >> (2010/2013) on >> Windows workstations for over 6 months with no problems.? Dovecot is >> hosted on >> the office Samba4 AC/DC server. >> >> I have been using auth_mechanisms plain login, and passdb driver = >> shadow. >> >> What I'd like to do now is use the "Windows Authenticated" login so I >> don't have >> to have separate passwords for users logging into the Windows AD >> workstations >> and their Outlook clients. >> >> If anyone has actually done this I'd appreciate some tips. My various >> attempts >> have not been successful. >> >> Here is my current config: >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> driver = shadow >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> verbose_ssl = yes >> Thanks, Mark Foley >> From dovecot-bounces at dovecot.org? Thu Sep? 3 07:53:44 2015 >> Return-Path: >> X-Virus-Status: Clean >> X-Virus-Scanned: clamav-milter 0.98.6 at mail >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ >> (2011-06-06) on >> ? ? ? ? mail.hprs.local >> X-Spam-Level: >> X-Spam-Status: No, score=0.0 required=3.0 tests=none autolearn=ham >> ? ? ? ? version=3.3.2-_revision__1.14__ >> X-Original-To: dovecot at dovecot.org >> Delivered-To: dovecot at dovecot.org >> Date: Thu, 03 Sep 2015 06:53:19 -0500 >> From: Rick Romero >> To: dovecot at dovecot.org >> Subject: Re: How to "Windows Authenticate" >> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) >> X-VFEmail-Originating-IP: MTA3LjEzNi4xNDQuMjMw >> X-VFEmail-AntiSpam: Notify admin at vfemail.net of any spam, and include >> ? ? ? ? VFEmail headers >> Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes >> Content-Disposition: inline >> Content-Description: Plaintext Message >> X-Content-Filtered-By: Mailman/MimeDel 2.1.17 >> X-BeenThere: dovecot at dovecot.org >> X-Mailman-Version: 2.1.17 >> Precedence: list >> List-Id: Dovecot Mailing List >> List-Unsubscribe: , >> ? ? ? ? >> List-Archive: >> List-Post: >> List-Help: >> List-Subscribe: , >> ? ? ? ? >> Errors-To: dovecot-bounces at dovecot.org >> Sender: "dovecot" >> Status: R >> >> ? Hi Mark, >> >> I haven't done it, but I've played with the scenario enough to have an >> idea. >> >> What you want to do is have Outlook auth via NTLM to Dovecot.? >> >> First that means having the machine be a domain member (usually via >> Samba) >> in order to properly process NTLM/Kerberos handshake - which it appears >> you >> have. >> Second that means having Dovecot know how to accept NTLM authentication >> (SPA) to pass to the Samba backend. >> >> A 'Dovecot NTLM' search led me here: >> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm >> >> What's not on the page that I'd expect to see, are the compile-time >> requirements for inclucing samba/kerberos libs within Dovecot.? If it >> doesn't 'just work' with the config changes in the wiki, you may need to >> recompile with the right features. >> >> Also - check the permissions of the ntlm_auth program. That's caused many >> issues with Radius installs, IIRC. >> >> Hope that helps! >> >> Rick >> >> Quoting Mark Foley : >> >> This can't be that hard. I think I've enabled LDAP in Dovecot just by >> including >> dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I >> now have >> the configuration shown below. Two questions: >> >> 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook >> accounts still have the ID and password set in "Logon Information". >> Checking >> "Require logon using Secure Password Authentication (SPA)" doesn't work. >> All I >> can seem to find on the Internet is how to configure address books using >> LDAP. >> >> 2. Should I remove "passdb { drive = shadow } from the dovecot >> configuration? >> >> Anybody? >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> driver = shadow >> } >> passdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> userdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> verbose_ssl = yes >> >> -----Original Message----- >> From: Mark Foley >> Date: Wed, 02 Sep 2015 13:31:35 -0400 >> To: dovecot at dovecot.org >> Subject: How to "Windows Authenticate" >> >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook >> (2010/2013) on >> Windows workstations for over 6 months with no problems.? Dovecot is >> hosted on >> the office Samba4 AC/DC server. >> >> I have been using auth_mechanisms plain login, and passdb driver = >> shadow. >> >> What I'd like to do now is use the "Windows Authenticated" login so I >> don't have >> to have separate passwords for users logging into the Windows AD >> workstations >> and their Outlook clients. >> >> If anyone has actually done this I'd appreciate some tips. My various >> attempts >> have not been successful. >> >> Here is my current config: >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> ? driver = shadow >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> ? driver = passwd >> } >> verbose_ssl = yes >> >> Thanks, Mark Foley >> >> From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 >> Return-Path: >> X-Virus-Status: Clean >> X-Virus-Scanned: clamav-milter 0.98.6 at mail >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ >> (2011-06-06) on >> ? ? ? ? mail.hprs.local >> X-Spam-Level: >> X-Spam-Status: No, score=0.0 required=3.0 tests=none >> autolearn=unavailable >> ? ? ? ? version=3.3.2-_revision__1.14__ >> X-Original-To: dovecot at dovecot.org >> Delivered-To: dovecot at dovecot.org >> X-Virus-Status: Clean >> X-Virus-Scanned: clamav-milter 0.98.6 at mail >> From: Mark Foley >> Date: Wed, 02 Sep 2015 13:31:35 -0400 >> Organization: Ohio Highway Patrol Retirement System >> To: dovecot at dovecot.org >> Subject: How to "Windows Authenticate" >> User-Agent: Heirloom mailx 12.5 7/5/10 >> Content-Type: text/plain; charset=us-ascii >> X-BeenThere: dovecot at dovecot.org >> X-Mailman-Version: 2.1.17 >> Precedence: list >> List-Id: Dovecot Mailing List >> List-Unsubscribe: , >> ? ? ? ? >> List-Archive: >> List-Post: >> List-Help: >> List-Subscribe: , >> ? ? ? ? >> Errors-To: dovecot-bounces at dovecot.org >> Sender: "dovecot" >> Status: R >> >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook >> (2010/2013) on >> Windows workstations for over 6 months with no problems.? Dovecot is >> hosted on >> the office Samba4 AC/DC server. >> >> I have been using auth_mechanisms plain login, and passdb driver = >> shadow. >> >> What I'd like to do now is use the "Windows Authenticated" login so I >> don't have >> to have separate passwords for users logging into the Windows AD >> workstations >> and their Outlook clients. >> >> If anyone has actually done this I'd appreciate some tips. My various >> attempts >> have not been successful. >> >> Here is my current config: >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> driver = shadow >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> verbose_ssl = yes >> Thanks, Mark Foley > > ? From tss at iki.fi Mon Sep 7 19:52:31 2015 From: tss at iki.fi (Timo Sirainen) Date: Mon, 07 Sep 2015 22:52:31 +0300 Subject: "NOTIFY SET (mailboxes INBOX (...))" crashes the IMAP client In-Reply-To: <20150719172116.GA9515@localhost> References: <20150719172116.GA9515@localhost> Message-ID: <55EDEAFF.60308@iki.fi> On 07/19/2015 08:21 PM, Guilhem Moulin wrote: > Hi list, > > The NOTIFY extension (RFC 5465) works fine for mailboxes in the "virtual/" > namespace, but it crashes the IMAP client when used with a mailbox in > the empty "" namespace: Fixed: http://hg.dovecot.org/dovecot-2.2/rev/fae5feef70af > ~$ /usr/lib/dovecot/imap > * PREAUTH [CAPABILITY IMAP4rev1 ? NOTIFY SPECIAL-USE] Logged in as guilhem > a NAMESPACE > * NAMESPACE (("" "/")("virtual/" "/")) NIL NIL > a OK Namespace completed. > b NOTIFY SET (mailboxes virtual/all (MessageNew MessageExpunge)) > b OK NOTIFY completed (0.001 secs). > c NOTIFY SET (mailboxes INBOX (MessageNew MessageExpunge)) > imap(guilhem): Panic: file mail-namespace.c: line 679 (mail_namespace_find): assertion failed: (ns != NULL) > imap(guilhem): Error: Raw backtrace: ? > Aborted > > The "subtree" mailbox filter has the same problem, but the > non-parameterized ones ("inboxes", "personal" and "subscribed") work > fine. > > You'll find the output of ?dovecot -n? enclosed. > Cheers, > From tss at iki.fi Mon Sep 7 20:09:26 2015 From: tss at iki.fi (Timo Sirainen) Date: Mon, 07 Sep 2015 23:09:26 +0300 Subject: "NOTIFY SET (mailboxes INBOX (...))" crashes the IMAP client In-Reply-To: <20150726160017.GA7065@localhost> References: <20150719172116.GA9515@localhost> <20150726160017.GA7065@localhost> Message-ID: <55EDEEF6.6040803@iki.fi> On 07/26/2015 07:00 PM, Guilhem Moulin wrote: > On Sun, 19 Jul 2015 at 19:21:16 +0200, Guilhem Moulin wrote: >> The "subtree" mailbox filter has the same problem, but the >> non-parameterized ones ("inboxes", "personal" and "subscribed") work >> fine. > > Actually there are further problem with the INBOX namespace, to which I'm > subscribed: > > $ /usr/lib/dovecot/imap > S1: * PREAUTH [CAPABILITY IMAP4rev1 ? MOVE NOTIFY SPECIAL-USE] Logged in as guilhem > C1: a1 LIST "" (INBOX TRASH) RETURN (SUBSCRIBED) > S1 * LIST (\Subscribed \UnMarked) "/" TRASH > S1 * LIST (\Subscribed) "/" INBOX > S1: a1 OK List completed (0.003 secs). > C1: b1 NOTIFY SET (SUBSCRIBED (MessageNew MessageExpunge FlagChange)) > S1: b1 OK NOTIFY completed (0.002 secs). > > $ /usr/lib/dovecot/imap > S2: * PREAUTH [CAPABILITY IMAP4rev1 ? MOVE NOTIFY SPECIAL-USE] Logged in as guilhem > C2: a2 APPEND INBOX {1+} > C2: x > S2: a2 OK [APPENDUID 1384472528 26087] Append completed (0.008 secs). > > This crashes S1 as well: > > S1: imap(guilhem): Panic: file mail-storage.c: line 1511 (mailbox_is_subscribed): assertion failed: (box->list->subscriptions != NULL) Fixed: http://hg.dovecot.org/dovecot-2.2/rev/73acc7075146 From m3freak at thesandhufamily.ca Mon Sep 7 20:58:12 2015 From: m3freak at thesandhufamily.ca (Kanwar Ranbir Sandhu) Date: Mon, 07 Sep 2015 16:58:12 -0400 Subject: Dovecot and IPA In-Reply-To: References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> Message-ID: <1441659492.25427.1.camel@thesandhufamily.ca> On Mon, 2015-09-07 at 20:37 +0300, Timo Sirainen wrote: > It says "tried to use unsupported auth mechanism". In your later mail > you say that telnet shows AUTH=GSSAPI in capabilities. So that would > mean that the client isn't using AUTHENTICATE GSSAPI but something > else. I'd been considering that perhaps my version of Evolution was too old, so I upgraded from Fedora 20 to Fedora 22: still doesn't work. :/ > Set auth_debug=yes and/or see what the client actually does by > enabling pre-login rawlog: http://wiki2.dovecot.org/Debugging/Rawlog Alright, I enabled it. I have some logs, but I'm not clear on what I should and shouldn't include here. Can I just copy and paste both in and out logs verbatim without inadvertently giving up my passwords or something?? Regards, Ranbir -- Kanwar R.S. Sandhu From tss at iki.fi Mon Sep 7 21:10:13 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 08 Sep 2015 00:10:13 +0300 Subject: bug in acl_defaults_from_inbox option In-Reply-To: <55B79BFE.3020406@sissa.it> References: <55B79BFE.3020406@sissa.it> Message-ID: <55EDFD35.6050503@iki.fi> On 07/28/2015 06:13 PM, Marco Giunta wrote: > Hi at all, > there is a bug in in acl_defaults_from_inbox option: if you define it > with ANY value ('yes', 'no', 'whatyouwant', 'xxx') it acts like the > value is ALWAYS 'yes', and Dovecot enable it; the only way to disable > it, is comment it or delete from configuration file. > > With 'acl_defaults_from_inbox = no', or 'acl_defaults_from_inbox = > whatyouwant', all my folders get ACLs from INBOX; in my case I want to > only share INBOX, but also all other folders were shared. This happens to all boolean settings inside plugin {}. Not ideal, but also not something that will get fixed without some larger settings code changes. From tss at iki.fi Mon Sep 7 21:10:44 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 08 Sep 2015 00:10:44 +0300 Subject: NOTIFY regression: 2.18 no longer notifies of events in INBOX In-Reply-To: <20150726155022.GA18087@localhost> References: <20150726155022.GA18087@localhost> Message-ID: <55EDFD54.8020105@iki.fi> Fixed: http://hg.dovecot.org/dovecot-2.2/rev/fa979ccfa34c http://hg.dovecot.org/dovecot-2.2/rev/f600285c3df2 On 07/26/2015 06:50 PM, Guilhem Moulin wrote: > Here is an example with APPEND > > $ /usr/lib/dovecot/imap > S1: * PREAUTH [CAPABILITY IMAP4rev1 ? MOVE NOTIFY SPECIAL-USE] Logged in as guilhem > C1: a1 NOTIFY SET (INBOXES (MessageNew MessageExpunge FlagChange)) > S1: a1 OK NOTIFY completed (0.000 secs) > > $ /usr/lib/dovecot/imap > S2: * PREAUTH [CAPABILITY IMAP4rev1 ? MOVE NOTIFY SPECIAL-USE] Logged in as guilhem > C2: a2 APPEND INBOX {1+} > C2: x > S2: a2 OK [APPENDUID 1384472528 26085] Append completed (0.229 secs). > > With 2.13 from Debian Jessie, S1 sends a notification for the new > message in INBOX, as expected: > > S1: * STATUS INBOX (MESSAGES 4333 UIDNEXT 26086 UNSEEN 1) > > However it doesn't with 2.18 from Debian Sid, as if ?INBOX? was excluded > from the mailbox filter ?INBOXES?. It does send a notification for > ?virtual/unseen? instead (as expected), but nothing for ?INBOX?. > > S1: * STATUS virtual/unseen (MESSAGES 3 UIDNEXT 15186 UNSEEN 3) > > This is INBOX-specific because APPENDING the message to another mailbox > triggers the notification on both 2.13 and 2.18 as expected: > > S1: * STATUS test (MESSAGES 2 UIDNEXT 3 UNSEEN 2) > S1: * STATUS virtual/unseen (MESSAGES 2 UIDNEXT 15195 UNSEEN 2) > > I attach the ?dovecot -n? output for both 2.13 and 2.18. > From me at junc.eu Mon Sep 7 21:15:28 2015 From: me at junc.eu (Benny Pedersen) Date: Mon, 07 Sep 2015 23:15:28 +0200 Subject: Dovecot and IPA In-Reply-To: <1441659492.25427.1.camel@thesandhufamily.ca> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441659492.25427.1.camel@thesandhufamily.ca> Message-ID: Kanwar Ranbir Sandhu skrev den 2015-09-07 22:58: > Alright, I enabled it. I have some logs, but I'm not clear on what I > should and shouldn't include here. Can I just copy and paste both in > and out logs verbatim without inadvertently giving up my passwords or > something?? change password before debug logs then run debug change password paste it is safe From tss at iki.fi Mon Sep 7 21:36:12 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 08 Sep 2015 00:36:12 +0300 Subject: charset-iconv.c panic In-Reply-To: References: Message-ID: <55EE034C.2010007@iki.fi> On 07/29/2015 04:02 PM, mihaiush wrote: > Hi, > > I have a mailbox where indexing fails with the following error: > > # /opt/dovecot2/bin/doveadm -c /tmp/dovecot.conf -o > mail_location=/tmp/skesselring index '*' > doveadm(root): Panic: file charset-iconv.c: line 132 (charset_to_utf8): > assertion failed: (*src_size - pos <= CHARSET_MAX_PENDING_BUF_SIZE) Is it possible for you to send the broken mail to me? Otherwise it would be pretty difficult to figure out how to fix this. Also applying this patch would make it a bit clearer where the problem is: http://hg.dovecot.org/dovecot-2.2/rev/9fdbb3b220ec > ctx = {mail = 0x23639b0, update_ctx = 0x2355980, content_type = > 0x2371540 "text/*", content_disposition = 0x2371fa0 "attachment; > filename=\"PTT-20141109-WA0001.amr\"", body_parser = 0x23832a0, word_buf = So the problem is with indexing an attachment called "PTT-20141109 WA0001.amr". From tss at iki.fi Mon Sep 7 21:37:42 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 08 Sep 2015 00:37:42 +0300 Subject: RFC 5465 (NOTIFY) violation: missing HIGHESTMODSEQ in initial STATUS responses In-Reply-To: <20150719174014.GA30172@localhost> References: <20150719174014.GA30172@localhost> Message-ID: <55EE03A6.3080905@iki.fi> Oh, and this was also fixed a week ago: http://hg.dovecot.org/dovecot-2.2/rev/238a34ad1ab0 On 07/19/2015 08:40 PM, Guilhem Moulin wrote: > Quoting RFC 5465 (NOTIFY): > > ?If the NOTIFY command enables MessageNew, MessageExpunge, > AnnotationChange, or FlagChange notifications for a mailbox other > than the currently selected mailbox, and the client has specified > the STATUS indicator parameter, then the server MUST send a STATUS > response for that mailbox before NOTIFY's tagged OK. [?] > If either AnnotationChange or FlagChange are included and > the server also supports the CONDSTORE [RFC4551] and/or QRESYNC > [RFC5162] extensions, the STATUS response MUST contain UIDVALIDITY > and HIGHESTMODSEQ.? ? > https://tools.ietf.org/html/rfc5465#section-3.1 > > While unsolicited STATUS responses include HIGHESTMODSEQ indeed, the initial > STATUS responses (caused by the presence of the STATUS indicator) do not: > > ~$ /usr/lib/dovecot/imap > * PREAUTH [CAPABILITY IMAP4rev1 ? CONDSTORE QRESYNC ? NOTIFY SPECIAL-USE] Logged in as guilhem > a ENABLE QRESYNC > * ENABLED QRESYNC > a OK Enabled (0.000 secs). > b NOTIFY SET STATUS (SUBSCRIBED (MessageNew MessageExpunge FlagChange)) > * STATUS INBOX (MESSAGES 9069 UIDNEXT 109398 UIDVALIDITY 1312585007 UNSEEN 0) > [?] > b OK NOTIFY completed (0.008 secs). > [time passes? a new message is delivered to INBOX] > * STATUS INBOX (MESSAGES 9070 UIDNEXT 109399 UNSEEN 1 HIGHESTMODSEQ 22216) > > This defeats the purpose of the STATUS indicator for disconnected > clients since they have to issue separate STATUS commands (or a LIST > command if LIST-{EXTENDED,STATUS} have been advertized) to find out > which mailboxes have got a new HIGHESTMODSEQ. > > Cheers, > From tss at iki.fi Mon Sep 7 21:47:25 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 08 Sep 2015 00:47:25 +0300 Subject: Null deference pointer in dovecot-2.2.18 In-Reply-To: <77ff3a4c.601a.14e8fae4212.Coremail.zhuceyonghu_2013@163.com> References: <77ff3a4c.601a.14e8fae4212.Coremail.zhuceyonghu_2013@163.com> Message-ID: <55EE05ED.5060104@iki.fi> These are all false positives. I added some asserts that hopefully get rid of two of the warnings. I couldn't really think of a way to nicely avoid the mail-index-fsck.c warning. http://hg.dovecot.org/dovecot-2.2/rev/06b884831f25 On 07/15/2015 06:07 AM, ?? wrote: > Dear, > > > use our static analysis tools, I find some bugs (Null deference pointer) for dovecot-2.2.18. Null deference pointer bugs often make program crashes, Please confim them, Thanks! > > > 1. dovecot-2.2.18/src/config/config-request.c 332 > > > 'setting_export_section_name(ctx->prefix, def, children[i], i);', pointer 'children' in line 202 assigned NULL and if branch 'case SET_DEFLIST_UNIQUE' not execute, so pointer 'children' is always NULL. It load to a bug of null deference pointer In line 332. > > > The same bugs also appeared in : > > > 1. dovecot-2.2.18/src/lib-index/mail-index-fsck.c line 170 or 174, pointer 'kw_rec ' mybe NULL. > > > 2.dovecot-2.2.18/src/lib-storage/mail-search-args-simplify line 349, pointer 'prev_arg' mybe NULL. > > > > > > > best wishes~ > > > Amy > > > From tss at iki.fi Mon Sep 7 21:51:45 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 08 Sep 2015 00:51:45 +0300 Subject: How about an option to disbale headers? (was Re: Patch for "doveadm -f table" nit) In-Reply-To: <5596A0A1.6030303@gedalya.net> References: <78D069B1-3D22-456B-B13E-1FD9AC871157@iki.fi> <550A891D.8040108@gedalya.net> <43DCC0A1-BD9B-4A1E-88EE-51517B3EBBB0@iki.fi> <5561790A.1020607@gedalya.net> <5596A0A1.6030303@gedalya.net> Message-ID: <55EE06F1.6090807@iki.fi> On 07/03/2015 05:48 PM, Gedalya wrote: > On 05/24/2015 03:08 AM, Gedalya wrote: >> On 03/20/2015 02:47 PM, Timo Sirainen wrote: >>> Added -h parameter now to hg. >> >> Using 2.2.18. >> With -f table this behaves as expected, however with -t tab the output >> seems to include the separating tabs of the header line prepended to >> the first line of output. >> In other words, the header line is printed partially - only the tabs, >> no actual headers and no newline. > > Timo? Fixed: http://hg.dovecot.org/dovecot-2.2/rev/b8f09586ab33 From larryrtx at gmail.com Mon Sep 7 21:56:00 2015 From: larryrtx at gmail.com (Larry Rosenman) Date: Mon, 7 Sep 2015 16:56:00 -0500 Subject: Is it a bug when you move mail between namespaces.... Message-ID: that the fts data gets lost? doveconf -n attached -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 -------------- next part -------------- A non-text attachment was scrubbed... Name: doveconf.ler.out Type: application/octet-stream Size: 3418 bytes Desc: not available URL: From tss at iki.fi Mon Sep 7 22:00:25 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 08 Sep 2015 01:00:25 +0300 Subject: Is it a bug when you move mail between namespaces.... In-Reply-To: References: Message-ID: <55EE08F9.9030409@iki.fi> On 09/08/2015 12:56 AM, Larry Rosenman wrote: > that the fts data gets lost? All full text search backends are now implemented so that if you copy/move mails, the mails need to be indexed again the destination folder. Alternative would be to index mails only with their GUIDs and have a GUID => { folder GUID, IMAP UID } mapping and filter the mails based on that. But such reverse index doesn't exist quite yet. From larryrtx at gmail.com Mon Sep 7 22:01:43 2015 From: larryrtx at gmail.com (Larry Rosenman) Date: Mon, 7 Sep 2015 17:01:43 -0500 Subject: Is it a bug when you move mail between namespaces.... In-Reply-To: <55EE08F9.9030409@iki.fi> References: <55EE08F9.9030409@iki.fi> Message-ID: should fts_autoindex handle that case? On Mon, Sep 7, 2015 at 5:00 PM, Timo Sirainen wrote: > On 09/08/2015 12:56 AM, Larry Rosenman wrote: > > that the fts data gets lost? > > All full text search backends are now implemented so that if you > copy/move mails, the mails need to be indexed again the destination folder. > > Alternative would be to index mails only with their GUIDs and have a > GUID => { folder GUID, IMAP UID } mapping and filter the mails based on > that. But such reverse index doesn't exist quite yet. > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 From gedalya at gedalya.net Mon Sep 7 22:16:32 2015 From: gedalya at gedalya.net (Gedalya) Date: Mon, 07 Sep 2015 18:16:32 -0400 Subject: [Dovecot] dsync replication errors In-Reply-To: <1361089297.3230.84.camel@hurina> References: <20130131112752.642beb56@boscos> <20130131130639.260eb4b8@boscos> <8430F751-4A7E-4CCF-AFAF-20E4C9F2A608@iki.fi> <20130131134624.2c515aa8@boscos> <4ABF8E21-B7D4-47A7-B79F-81E97BE21A7C@iki.fi> <20130131141018.44b30d71@boscos> <8114CD6C-3825-4BAB-919D-EE3AD92FFF4F@iki.fi> <20130131143639.3cfdf41c@boscos> <20130131173736.3015b6cb@boscos> <3221CB48-750F-493F-AFE0-32E6FDD18360@iki.fi> <20130131184125.49d35f5d@boscos> <1359663448.3230.0.camel@hurina> <20130201132825.5363b1f4@boscos> <1361028022.3230.61.camel@hurina> <20130216193244.03b3c5a6@boscos.leetdreams.ch> <1361089297.3230.84.camel@hurina> Message-ID: <55EE0CC0.80804@gedalya.net> On 02/17/2013 03:21 AM, Timo Sirainen wrote: > Although there's still some mail > duplication problem with maildir that doesn't log any errors about it. > I'm not sure why that happens. While you're around, Timo :-) I've had such an issue recently with 2.2.18, using Maildir, where emails were being replicated circularly creating more and more duplicate copies. Replication should have been unidirectional in reality since changes were being made on one side only. Nothing coherent was being logged. Only "Warning: Maildir /srv/mail/domains/.../Maildir: Expunged message reappeared, giving a new UID .. " appearing on the receiving side. Is there any intelligence on the matter, or should I isolate this down and report it from scratch? From tss at iki.fi Mon Sep 7 22:22:19 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 8 Sep 2015 01:22:19 +0300 Subject: [Patch] Fix hang in safe_sendfile on SmartOS In-Reply-To: References: <55EDE6D0.10400@iki.fi> Message-ID: On 07 Sep 2015, at 23:19, Sebastian Wiedenroth wrote: > > >> Am 07.09.2015 um 21:34 schrieb Timo Sirainen : >> >> On 07/16/2015 06:03 PM, Sebastian Wiedenroth wrote: >>> Fix hang in safe_sendfile on SmartOS >>> >>> The call to sendfile on SmartOS can fail with EOPNOTSUPP. This is a valid error >>> code and documented in the man page. This error code needs to be handled or >>> else dovecot will retry the sendfile call endlessly and hang. >> >> Committed .. However, I think a more important bug is that it hangs. >> It's definitely not supposed to hang. Which process was it that was >> hanging How can I reproduce that? I can only get it to disconnect the >> IMAP client. > > > Thanks! > > It was the managesieve process that was hanging. > To trigger it we used sieve-connect [1] like this: > sieve-connect -u demo at example.com mailbox.example.com Thanks. I did find a bug in Pigeonhole with this when issuing a GET command :) Also I see now why it's looping, more or less. sendfile() is still indicating that it's sending some data (by updating s_offset) even though it's returning a failure. I wonder if reverting the earlier EOPNOTSUPP change and applying this patch causes it to assert-crash instead of going to infinite loop? http://hg.dovecot.org/dovecot-2.2/rev/f6dd24658fb1 From tss at iki.fi Mon Sep 7 22:22:37 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 8 Sep 2015 01:22:37 +0300 Subject: Is it a bug when you move mail between namespaces.... In-Reply-To: References: <55EE08F9.9030409@iki.fi> Message-ID: <24064A82-CAF8-412A-9B98-1BF5C5508329@iki.fi> It should. > On 08 Sep 2015, at 01:01, Larry Rosenman wrote: > > should fts_autoindex handle that case? > > > On Mon, Sep 7, 2015 at 5:00 PM, Timo Sirainen > wrote: > On 09/08/2015 12:56 AM, Larry Rosenman wrote: > > that the fts data gets lost? > > All full text search backends are now implemented so that if you > copy/move mails, the mails need to be indexed again the destination folder. > > Alternative would be to index mails only with their GUIDs and have a > GUID => { folder GUID, IMAP UID } mapping and filter the mails based on > that. But such reverse index doesn't exist quite yet. > > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 From larryrtx at gmail.com Mon Sep 7 22:23:35 2015 From: larryrtx at gmail.com (Larry Rosenman) Date: Mon, 7 Sep 2015 17:23:35 -0500 Subject: Is it a bug when you move mail between namespaces.... In-Reply-To: <24064A82-CAF8-412A-9B98-1BF5C5508329@iki.fi> References: <55EE08F9.9030409@iki.fi> <24064A82-CAF8-412A-9B98-1BF5C5508329@iki.fi> Message-ID: It doesn't in my current 2.2.18 setup with the config I posted. On Mon, Sep 7, 2015 at 5:22 PM, Timo Sirainen wrote: > It should. > > On 08 Sep 2015, at 01:01, Larry Rosenman wrote: > > should fts_autoindex handle that case? > > > On Mon, Sep 7, 2015 at 5:00 PM, Timo Sirainen wrote: > >> On 09/08/2015 12:56 AM, Larry Rosenman wrote: >> > that the fts data gets lost? >> >> All full text search backends are now implemented so that if you >> copy/move mails, the mails need to be indexed again the destination >> folder. >> >> Alternative would be to index mails only with their GUIDs and have a >> GUID => { folder GUID, IMAP UID } mapping and filter the mails based on >> that. But such reverse index doesn't exist quite yet. >> > > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 > > > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 From tss at iki.fi Mon Sep 7 22:25:21 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 8 Sep 2015 01:25:21 +0300 Subject: [Dovecot] dsync replication errors In-Reply-To: <55EE0CC0.80804@gedalya.net> References: <20130131112752.642beb56@boscos> <20130131130639.260eb4b8@boscos> <8430F751-4A7E-4CCF-AFAF-20E4C9F2A608@iki.fi> <20130131134624.2c515aa8@boscos> <4ABF8E21-B7D4-47A7-B79F-81E97BE21A7C@iki.fi> <20130131141018.44b30d71@boscos> <8114CD6C-3825-4BAB-919D-EE3AD92FFF4F@iki.fi> <20130131143639.3cfdf41c@boscos> <20130131173736.3015b6cb@boscos> <3221CB48-750F-493F-AFE0-32E6FDD18360@iki.fi> <20130131184125.49d35f5d@boscos> <1359663448.3230.0.camel@hurina> <20130201132825.5363b1f4@boscos> <1361028022.3230.61.camel@hurina> <20130216193244.03b3c5a6@boscos.leetdreams.ch> <1361089297.3230.84.camel@hurina> <55EE0CC0.80804@gedalya.net> Message-ID: <15A63551-0A84-4952-82EB-3CBDC60B72C2@iki.fi> On 08 Sep 2015, at 01:16, Gedalya wrote: > > On 02/17/2013 03:21 AM, Timo Sirainen wrote: >> Although there's still some mail >> duplication problem with maildir that doesn't log any errors about it. >> I'm not sure why that happens. > > While you're around, Timo :-) > > I've had such an issue recently with 2.2.18, using Maildir, where emails were being replicated circularly creating more and more duplicate copies. > Replication should have been unidirectional in reality since changes were being made on one side only. > Nothing coherent was being logged. Only "Warning: Maildir /srv/mail/domains/.../Maildir: Expunged message reappeared, giving a new UID .. " appearing on the receiving side. > Is there any intelligence on the matter, or should I isolate this down and report it from scratch? dsync bugs usually take a lot of time to debug. Unless there's an easily reproducible way to break it, I try to avoid spending time on it. Also in this case the bug might be in Maildir code instead of dsync code. From sebastian.wiedenroth at skylime.net Mon Sep 7 20:19:26 2015 From: sebastian.wiedenroth at skylime.net (Sebastian Wiedenroth) Date: Mon, 7 Sep 2015 22:19:26 +0200 Subject: [Patch] Fix hang in safe_sendfile on SmartOS In-Reply-To: <55EDE6D0.10400@iki.fi> References: <55EDE6D0.10400@iki.fi> Message-ID: > Am 07.09.2015 um 21:34 schrieb Timo Sirainen : > > On 07/16/2015 06:03 PM, Sebastian Wiedenroth wrote: >> Fix hang in safe_sendfile on SmartOS >> >> The call to sendfile on SmartOS can fail with EOPNOTSUPP. This is a valid error >> code and documented in the man page. This error code needs to be handled or >> else dovecot will retry the sendfile call endlessly and hang. > > Committed .. However, I think a more important bug is that it hangs. > It's definitely not supposed to hang. Which process was it that was > hanging How can I reproduce that? I can only get it to disconnect the > IMAP client. Thanks! It was the managesieve process that was hanging. To trigger it we used sieve-connect [1] like this: sieve-connect -u demo at example.com mailbox.example.com To find the issue we used a dtrace script [2]. With an unpatched version it would show: CPU ID FUNCTION:NAME 0 4623 safe_sendfile:return 7 4 fffffd7fffdff8b8 154 -> 77 0 4623 safe_sendfile:return 7 4 fffffd7fffdff8b8 9223372036854775807 -> 77 0 4623 safe_sendfile:return 7 4 fffffd7fffdff8b8 9223372036854775807 -> 77 and then just repeat the last line as it retried the call forever. This is where it hangs, spinning on the cpu. After looking at the code I confirmed the issue with a dtrace one-liner that tracks the sendfilev syscall: dtrace -n 'syscall::sendfilev:return {printf("%d %x\n", arg0, errno)}' This showed that the call returned with EOPNOTSUPP (0x7a): 0 6155 sendfilev:return -1 7a The man page lists this as a valid error code and handling it the same way as EAFNOSUPPORT fixed the issue for us. There are a few more error codes in the man page that currently are not handled by dovecot. This might be something to look into in the future. I hope this answer provides the details you?re looking for. Best regards, Sebastian [1] https://github.com/philpennock/sieve-connect [2] https://gist.github.com/wiedi/4b4ebe5f92ac5b54951b From mfoley at ohprs.org Tue Sep 8 01:28:23 2015 From: mfoley at ohprs.org (Mark Foley) Date: Mon, 07 Sep 2015 21:28:23 -0400 Subject: How to "Windows Authenticate" In-Reply-To: <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> Message-ID: <201509080128.t881SNUF010141@mail.hprs.local> Comments interspersed with yours ... --Mark -----Original Message----- > Date: Sun, 06 Sep 2015 20:00:11 -0500 > From: Rick Romero > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Hmm. I would expect to see 'mark at hprs.com'. Whatever your full domain > name is. Full user at domain would be mark at hprs.local > It also won't look up /etc/shadow - Samba is doing the AD->Unix UID > mapping. Your AD users shouldn't be in there when all is said and done. I was thinking this too. I don't know why NTLM would need a userdb at all. It should just use something like ntlm_auth (which is configured in auth_winbind_helper). What if I simply removed the userdb? What would you recommend for userdb, passdb? > Well, at when I did a Samba4 install as a DC it still behaved like a Samba3 > member, and there were no AD users in the local unix passwd files. > > What does wbinfo -u provide? It should list all your users - especially > because it's an DC. Whatever wbinfo -u shows, you may need to adjust > another config file to match waht Dovecot is receiving. $ wbinfo -u Administrator Guest krbtgt dns-mail mark sogo **arr **ress **mith **nee **ris **atterson **armaine **tkeson **mmitoh These are all the AD users (most obfuscated for a bit of security). I am testing with user mark. > > I assume /etc/nsswitch.conf has been modified to use Samba? > Unless the Samba provision did something to nnswitch, I've done nothing; nor have I seen anything in the Samba or dovecot wikis suggesting changes. Remember also that the Samba4 AD/DC works perfectly with redirected folders and users logging on to any Windows workstations, and works perfectly with things wanting "Windows Authentication" like SQLserver, so the "Windows Authentication" does work at some level. My /etc/nsswitch.conf is: passwd: compat group: compat hosts: files dns networks: files services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files bootparams: files automount: files aliases: files > Sorry I haven't done this, but it doesn't seem like anyone else has either > - so I'm just shooting in the dark here trying to get you steered in the > right direction... > > Rick Yeah, I can't seem to find a soul on the planet who has actually done this. If I get it figured out I'll post with a suggestion to Timo to wiki-ize it. I'm a bit puzzled that no one appears to have done this. I would think that a Samba4 AD/DC in a office environment with lots of Windows workstations running Outlook would be about the most common environment there is; especially now that Small Business Server is no longer sold and Server Essentials does not support Exchange. What are all the SBS/Exchange/Outlook small businesses doing? Limping along with SBS2008/11, or putting their email in Outlook.com? Seems like the Samba4/dovecot/Outlook combo would be an ideal migration. I appreciate your help. > > Quoting Mark Foley : > > > More info ... > > > > My dovecot error log shows: > > > > Sep 05 16:45:19 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? > > service=imap > > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ? > > ?user=mark at hprs? original_user=mark at HPRS > > Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713? ? ? > ?10219? > > ?1? ? ? ?f56352c207cb8f6dea4d264b2c0f8dc1? ? ? > ?session_pid=10220? ? ? > > ?request_auth_token > > Sep 05 16:45:19 auth-worker(5498): Debug: > > shadow(mark at hprs,192.168.0.58): lookup > > Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > > unknown user > > Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ? > 998899713 > > > > whereas the successful 'plain login' config'ed mechanism (before adding > > NTLM > > config) have: > > > > Sep 06 20:27:38 auth-worker(18616): Debug: shadow(mark,104.6.249.210): > > lookup > > > > The failed ntlm look-up is looking up user mark at hprs in shadow, which it > > doesn't > > find. Is there a way to strip the "@hprs" bit from the user so it can > > find the > > correct entry in /etc/shadow? That might fix the problem. > > > > --Mark > > > > -----Original Message----- > > From: Mark Foley > > Date: Sat, 05 Sep 2015 17:12:50 -0400 > > To: dovecot at dovecot.org > > Subject: Re: How to "Windows Authenticate" > > > > Rick et al, > > > > The link you gave was a start, but is targeted for Samba3 and is > > assuming a > > probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, > > and > > includes setting up kerberos. > > > > I'm using a Samba4 AD/DC with integrated kerberos (so I don't think > > there is any > > setup I can do there).? Nevertheless I've followed the instructions > > otherwise; > > specifically adding to 10-auto.conf the following recommended lines: > > > > auth_use_winbind = yes > > auth_winbind_helper_path = /usr/bin/ntlm_auth > > mechanisms = plain ntlm login > > > > (Before, my 'mechanisms' were only plain and login). /usr/bin/ntlm_auth > > has > > global r/w privilege. > > > > I did not specify the static userdb since these users are configued in > > /etc/passwd and I thought that would work; example given in link (could > > that be > > an issue?): > > > > userdb static { > > ? args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln > > ? mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln > > ? allow_all_users=yes > > } > > > > This didn't work. Also, existing, working Outlook connections using > > 'logon' > > (i.e. the userID and PW are configured in Outlook) stopped working. > > > > I changed a test Outlook client to check the 'Request login using Secure > > Password Authentication (SPA)' and also checked: More Settings > > > Outgoing Server > >> My outgoing server (SMTP) requires authentication' and 'Use same > >> settings as > > > > my incoming mail server'.? Note that on the "Change Account" dialog > > (where the > > SPA checkbox is) the 'User Name' and 'Password' retained their values > > and were > > not grayed out as I would have expected if using AD authentication. > > > > After doing the above and clicking 'Test Account Settings' I was > > re-promted to > > enter a password - also not expected. At bottom are the Dovecot log > > message I > > received after doing the 'Test Account Settings'. > > > > Surely, connecting from an Outlook client to Dovecot on a Samba4 AD/DC > > should be > > a very common implementation. Has someone done this successfully? > > > > Immediately below is my doveconf -n and below that the dovecot log > > messages. > > > >> doveconf -n > > > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain ntlm login > > auth_use_winbind = yes > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > verbose_ssl = yes > > > > dovecot log after doing 'Test Account Settings' in Outlook: > > > > Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Sep 05 16:45:19 auth: Debug: auth client connected (pid=10219) > > Sep 05 16:45:19 auth: Debug: client in: AUTH? ? ? ? 1? ? ? ? > NTLM? ? ? ? > > service=imap? ? ? ? session=HXssGAYf0ADAqAA6? ? ? ? > lip=192.168.0.2? ? ? > > ? rip=192.168.0.58? ? ? ? lport=143? ? ? ? rport=52944 > > Sep 05 16:45:19 auth: Debug: client passdb out: CONT? ? ? ? 1 > > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? ? 1? ? ? > ? > > user=mark at hprs? ? ? ? original_user=mark at HPRS > > Sep 05 16:45:19 auth: Debug: master in: REQUEST? ? ? ? 998899713? ? > ? ? > > 10219? ? ? ? 1? ? ? ? f56352c207cb8f6dea4d264b2c0f8dc1? ? ? ? > > session_pid=10220? ? ? ? request_auth_token > > Sep 05 16:45:19 auth-worker(5498): Debug: > > shadow(mark at hprs,192.168.0.58): lookup > > Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > > unknown user > > Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ? > 998899713 > > Sep 05 16:45:19 imap-login: Info: Internal login failure (pid=10219 > > id=1) (internal failure, 1 successful auths): user=, > > method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=10220, > > session= > > Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Sep 05 16:46:22 auth: Debug: Loading modules from directory: > > /usr/local/lib/dovecot/auth > > Sep 05 16:46:22 auth: Debug: Read auth token secret from > > /usr/local/var/run/dovecot/auth-token-secret.dat > > Sep 05 16:46:22 auth: Debug: auth client connected (pid=13487) > > Sep 05 16:46:22 auth: Debug: client in: AUTH? ? ? ? 1? ? ? ? > NTLM? ? ? ? > > service=imap? ? ? ? session=IlvqGwYf0wDAqAA6? ? ? ? > lip=192.168.0.2? ? ? > > ? rip=192.168.0.58? ? ? ? lport=143? ? ? ? rport=52947 > > Sep 05 16:46:22 auth: Debug: client passdb out: OK? ? ? ? 1? ? ? > ? > > user=mark at hprs? ? ? ? original_user=mark at HPRS > > Sep 05 16:46:22 auth: Debug: master in: REQUEST? ? ? ? 3030384641? > ? ? ? > > 13487? ? ? ? 1? ? ? ? bac5f6531f9d4c3316f93bd4c4a63ddd? ? ? ? > > session_pid=13491? ? ? ? request_auth_token > > Sep 05 16:46:22 auth-worker(13492): Debug: Loading modules from > > directory: /usr/local/lib/dovecot/auth > > Sep 05 16:46:22 auth-worker(13492): Debug: > > shadow(mark at hprs,192.168.0.58): lookup > > Sep 05 16:46:22 auth-worker(13492): Info: > > shadow(mark at hprs,192.168.0.58): unknown user > > Sep 05 16:46:22 auth: Debug: master userdb out: NOTFOUND? ? ? ? > 3030384641 > > Sep 05 16:46:22 imap-login: Info: Internal login failure (pid=13487 > > id=1) (internal failure, 1 successful auths): user=, > > method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=13491, > > session= > > > > Thanks --Mark > > > > -----Original Message----- > >> Date: Thu, 03 Sep 2015 06:53:19 -0500 > >> From: Rick Romero > >> To: dovecot at dovecot.org > >> Subject: Re: How to "Windows Authenticate" > >> > >> ? Hi Mark, > >> > >> I haven't done it, but I've played with the scenario enough to have an > >> idea. > >> > >> What you want to do is have Outlook auth via NTLM to Dovecot.? > >> > >> First that means having the machine be a domain member (usually via > >> Samba) > >> in order to properly process NTLM/Kerberos handshake - which it appears > >> you > >> have. > >> Second that means having Dovecot know how to accept NTLM authentication > >> (SPA) to pass to the Samba backend. > >> > >> A 'Dovecot NTLM' search led me here: > >> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > >> > >> What's not on the page that I'd expect to see, are the compile-time > >> requirements for inclucing samba/kerberos libs within Dovecot.? If it > >> doesn't 'just work' with the config changes in the wiki, you may need to > >> recompile with the right features. > >> > >> Also - check the permissions of the ntlm_auth program. That's caused > many > >> issues with Radius installs, IIRC. > >> > >> Hope that helps! > >> > >> Rick > >> > >> Quoting Mark Foley : > >> > >> This can't be that hard. I think I've enabled LDAP in Dovecot just by > >> including > >> dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > >> now have > >> the configuration shown below. Two questions: > >> > >> 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook > >> accounts still have the ID and password set in "Logon Information". > >> Checking > >> "Require logon using Secure Password Authentication (SPA)" doesn't work. > >> All I > >> can seem to find on the Internet is how to configure address books using > >> LDAP. > >> > >> 2. Should I remove "passdb { drive = shadow } from the dovecot > >> configuration? > >> > >> Anybody? > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> driver = shadow > >> } > >> passdb { > >> args = /etc/dovecot/dovecot-ldap.conf.ext > >> driver = ldap > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> driver = passwd > >> } > >> userdb { > >> args = /etc/dovecot/dovecot-ldap.conf.ext > >> driver = ldap > >> } > >> verbose_ssl = yes > >> > >> -----Original Message----- > >> From: Mark Foley > >> Date: Wed, 02 Sep 2015 13:31:35 -0400 > >> To: dovecot at dovecot.org > >> Subject: How to "Windows Authenticate" > >> > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> ? driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> ? driver = passwd > >> } > >> verbose_ssl = yes > >> > >> Thanks, Mark Foley > >> > >> From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 > >> Return-Path: > >> X-Virus-Status: Clean > >> X-Virus-Scanned: clamav-milter 0.98.6 at mail > >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > >> (2011-06-06) on > >> ? ? ? ? mail.hprs.local > >> X-Spam-Level: > >> X-Spam-Status: No, score=0.0 required=3.0 tests=none > >> autolearn=unavailable > >> ? ? ? ? version=3.3.2-_revision__1.14__ > >> X-Original-To: dovecot at dovecot.org > >> Delivered-To: dovecot at dovecot.org > >> X-Virus-Status: Clean > >> X-Virus-Scanned: clamav-milter 0.98.6 at mail > >> From: Mark Foley > >> Date: Wed, 02 Sep 2015 13:31:35 -0400 > >> Organization: Ohio Highway Patrol Retirement System > >> To: dovecot at dovecot.org > >> Subject: How to "Windows Authenticate" > >> User-Agent: Heirloom mailx 12.5 7/5/10 > >> Content-Type: text/plain; charset=us-ascii > >> X-BeenThere: dovecot at dovecot.org > >> X-Mailman-Version: 2.1.17 > >> Precedence: list > >> List-Id: Dovecot Mailing List > >> List-Unsubscribe: , > >> ? ? ? ? > >> List-Archive: > >> List-Post: > >> List-Help: > >> List-Subscribe: , > >> ? ? ? ? > >> Errors-To: dovecot-bounces at dovecot.org > >> Sender: "dovecot" > >> Status: R > >> > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> driver = passwd > >> } > >> verbose_ssl = yes > >> Thanks, Mark Foley > >> From dovecot-bounces at dovecot.org? Thu Sep? 3 07:53:44 2015 > >> Return-Path: > >> X-Virus-Status: Clean > >> X-Virus-Scanned: clamav-milter 0.98.6 at mail > >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > >> (2011-06-06) on > >> ? ? ? ? mail.hprs.local > >> X-Spam-Level: > >> X-Spam-Status: No, score=0.0 required=3.0 tests=none autolearn=ham > >> ? ? ? ? version=3.3.2-_revision__1.14__ > >> X-Original-To: dovecot at dovecot.org > >> Delivered-To: dovecot at dovecot.org > >> Date: Thu, 03 Sep 2015 06:53:19 -0500 > >> From: Rick Romero > >> To: dovecot at dovecot.org > >> Subject: Re: How to "Windows Authenticate" > >> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) > >> X-VFEmail-Originating-IP: MTA3LjEzNi4xNDQuMjMw > >> X-VFEmail-AntiSpam: Notify admin at vfemail.net of any spam, and include > >> ? ? ? ? VFEmail headers > >> Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes > >> Content-Disposition: inline > >> Content-Description: Plaintext Message > >> X-Content-Filtered-By: Mailman/MimeDel 2.1.17 > >> X-BeenThere: dovecot at dovecot.org > >> X-Mailman-Version: 2.1.17 > >> Precedence: list > >> List-Id: Dovecot Mailing List > >> List-Unsubscribe: , > >> ? ? ? ? > >> List-Archive: > >> List-Post: > >> List-Help: > >> List-Subscribe: , > >> ? ? ? ? > >> Errors-To: dovecot-bounces at dovecot.org > >> Sender: "dovecot" > >> Status: R > >> > >> ? Hi Mark, > >> > >> I haven't done it, but I've played with the scenario enough to have an > >> idea. > >> > >> What you want to do is have Outlook auth via NTLM to Dovecot.? > >> > >> First that means having the machine be a domain member (usually via > >> Samba) > >> in order to properly process NTLM/Kerberos handshake - which it appears > >> you > >> have. > >> Second that means having Dovecot know how to accept NTLM authentication > >> (SPA) to pass to the Samba backend. > >> > >> A 'Dovecot NTLM' search led me here: > >> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > >> > >> What's not on the page that I'd expect to see, are the compile-time > >> requirements for inclucing samba/kerberos libs within Dovecot.? If it > >> doesn't 'just work' with the config changes in the wiki, you may need to > >> recompile with the right features. > >> > >> Also - check the permissions of the ntlm_auth program. That's caused > many > >> issues with Radius installs, IIRC. > >> > >> Hope that helps! > >> > >> Rick > >> > >> Quoting Mark Foley : > >> > >> This can't be that hard. I think I've enabled LDAP in Dovecot just by > >> including > >> dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > >> now have > >> the configuration shown below. Two questions: > >> > >> 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook > >> accounts still have the ID and password set in "Logon Information". > >> Checking > >> "Require logon using Secure Password Authentication (SPA)" doesn't work. > >> All I > >> can seem to find on the Internet is how to configure address books using > >> LDAP. > >> > >> 2. Should I remove "passdb { drive = shadow } from the dovecot > >> configuration? > >> > >> Anybody? > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> driver = shadow > >> } > >> passdb { > >> args = /etc/dovecot/dovecot-ldap.conf.ext > >> driver = ldap > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> driver = passwd > >> } > >> userdb { > >> args = /etc/dovecot/dovecot-ldap.conf.ext > >> driver = ldap > >> } > >> verbose_ssl = yes > >> > >> -----Original Message----- > >> From: Mark Foley > >> Date: Wed, 02 Sep 2015 13:31:35 -0400 > >> To: dovecot at dovecot.org > >> Subject: How to "Windows Authenticate" > >> > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> ? driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> ? driver = passwd > >> } > >> verbose_ssl = yes > >> > >> Thanks, Mark Foley > >> > >> From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 > >> Return-Path: > >> X-Virus-Status: Clean > >> X-Virus-Scanned: clamav-milter 0.98.6 at mail > >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > >> (2011-06-06) on > >> ? ? ? ? mail.hprs.local > >> X-Spam-Level: > >> X-Spam-Status: No, score=0.0 required=3.0 tests=none > >> autolearn=unavailable > >> ? ? ? ? version=3.3.2-_revision__1.14__ > >> X-Original-To: dovecot at dovecot.org > >> Delivered-To: dovecot at dovecot.org > >> X-Virus-Status: Clean > >> X-Virus-Scanned: clamav-milter 0.98.6 at mail > >> From: Mark Foley > >> Date: Wed, 02 Sep 2015 13:31:35 -0400 > >> Organization: Ohio Highway Patrol Retirement System > >> To: dovecot at dovecot.org > >> Subject: How to "Windows Authenticate" > >> User-Agent: Heirloom mailx 12.5 7/5/10 > >> Content-Type: text/plain; charset=us-ascii > >> X-BeenThere: dovecot at dovecot.org > >> X-Mailman-Version: 2.1.17 > >> Precedence: list > >> List-Id: Dovecot Mailing List > >> List-Unsubscribe: , > >> ? ? ? ? > >> List-Archive: > >> List-Post: > >> List-Help: > >> List-Subscribe: , > >> ? ? ? ? > >> Errors-To: dovecot-bounces at dovecot.org > >> Sender: "dovecot" > >> Status: R > >> > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> driver = passwd > >> } > >> verbose_ssl = yes > >> Thanks, Mark Foley > > > > ? > From m3freak at thesandhufamily.ca Tue Sep 8 03:16:36 2015 From: m3freak at thesandhufamily.ca (Kanwar Ranbir Sandhu) Date: Mon, 07 Sep 2015 23:16:36 -0400 Subject: Dovecot and IPA In-Reply-To: References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441659492.25427.1.camel@thesandhufamily.ca> Message-ID: <1441682196.3968.4.camel@thesandhufamily.ca> On Mon, 2015-09-07 at 23:15 +0200, Benny Pedersen wrote: > change password before debug logs > > then run debug > > change password > > paste it > > is safe Here's the in rawlog: 1441680001.046492 B00001 AUTHENTICATE GSSAPI 1441680001.051720 YIICZQYJKoZIhvcSAQICAQBuggJUMIICUKADAgEFoQMCAQ6iBwMFACAAAACjggFlYYIBYTC CAV2gAwIBBaEPGw1USEVJTlNJREUuUk5SoiowKKADAgEDoSEwHxsEaW1hcBsXbWFpbG1hbj AyLnRoZWluc2lkZS5ybnKjggEXMIIBE6ADAgESoQMCAQKiggEFBIIBAQc2ZO0LqkT03rNse kmt522hC/aiXw/TLsQmI687pJUmMCky/aeyFpOr4SL3fcvd7PD4FXh193hgo+XUfky8eoCc L8Ajd3ck/wg0qGd3sHmiwJAmrRNf/eCrENv6GbHqKjIq+S7fo9UesVWFuF+UgRVLWmOBZfM fX7oj6i4U4vBT5SwxHZ+YQtxf7oDl1cXPz7s+53AXe7rr9HoCheavTu7h682l2nPkw8+U1j ZiwXXstZtf5eG/K+wDe8omDzehDB5SaqeZ2nQNtr7CeRxgBGpDjtajVf5jkFf2GBDsZDeoG ABLAF++RcLxdyDQvVRFe0EeLs1qUXxX9ThNwTmnbCfRpIHRMIHOoAMCARKigcYEgcP4Mqy1 HrNRK79HY89oRG9tpP0FyDuWd38xXd/pKfqFl0NDkENdBHXUSsyOVKYsNFSncf1EIRL2s1s fWnV1Folk2HB/JvtEJD3eA1+f5wSXiT5pcmc/5tE+Bdf8n8wC0ExGx3RrM0cffjr/CgR7SE 6z9MHUn2UPGIFyoq7zDFrD5ILV5KyZd2zm86prr8tziEZ3wmYQbVsx3rEG1lJ193Z++S2yj 57+fGoJ7jA56GXNChfB/hFNx4xs2QSzCjccy0D+3RI= 1441680001.087279 1441680001.087982 BQQE/wAMAAAAAAAAFP2szwH///9yYW5iaXKB/Devj+/oz2utdNs= Here's the out rawlog: 1441680000.950204 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN -REFERRALS ID ENABLE IDLE LOGINDISABLED AUTH=GSSAPI] Dovecot ready. 1441680001.049592 + 1441680001.085562 + YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv03ycmqWKFL9 foDag8BqF5je64ekOG0UCpcDfT4v3ZwNLLhZL/Fo0THb+xD09LJcGM2AtTzRMFFV8V7YHSV L1q+/X9exo0mxU6tMeHmXhMDq71PDcqB5zKdCpTmhakqny5x/vLM47xlnzj+oqwgnY 1441680001.087338 + BQQF/wAMAAAAAAAAJbP26AH///8IAt4FH+6nauwY4Oc= 1441680001.096713 B00001 NO [UNAVAILABLE] Temporary authentication failure. [mailman02.theinside.rnr:2015-09-08 02:40:01] 1441680001.096726 * OK Waiting for authentication process to respond.. Ranbir -- Kanwar R.S. Sandhu From giunta at sissa.it Tue Sep 8 06:32:10 2015 From: giunta at sissa.it (Marco Giunta) Date: Tue, 8 Sep 2015 08:32:10 +0200 Subject: bug in acl_defaults_from_inbox option In-Reply-To: <55EDFD35.6050503@iki.fi> References: <55B79BFE.3020406@sissa.it> <55EDFD35.6050503@iki.fi> Message-ID: <55EE80EA.7080000@sissa.it> On 2015-09-07 23:10, Timo Sirainen wrote: > This happens to all boolean settings inside plugin {}. Not ideal, but > also not something that will get fixed without some larger settings code > changes. ok, no problem, but I didn't find this note on Dovecot wiki; maybe it is better to add it on a general page about configuration, to save future sysadmin headaches ;-) -- ----------------------------------- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: giunta at sissa.it | ----------------------------------- From tlx at leuxner.net Tue Sep 8 07:51:31 2015 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 8 Sep 2015 09:51:31 +0200 Subject: Different behavior of ACLs in MUA and doveadm In-Reply-To: <20141231211045.GA43677@nihlus.leuxner.net> References: <20141231211045.GA43677@nihlus.leuxner.net> Message-ID: <20150908075117.GA389@nihlus.leuxner.net> * Thomas Leuxner 2014.12.31 22:10: namespace { list = yes location = mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public prefix = Public/ separator = / subscriptions = no type = public } $ cat /var/vmail/conf.d/leuxner.net/global-acl INBOX owner lrwstiekxap Public/* group=PublicMailboxAdmins lrwsipk Public/* anyone lr Public/* authenticated lrws $ doveadm mailbox create -u tlx at leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 doveadm(tlx at leuxner.net): Error: Can't create mailbox Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied $ doveadm acl get -u tlx at leuxner.net Public/Archive/Mailing-Lists/Dovecot doveadm(tlx at leuxner.net): Error: Can't open mailbox Public/Archive/Mailing-Lists/Dovecot: Mailbox doesn't exist: Public/Archive/Mailing-Lists/Dovecot ID Global Rights I retested this issue after all the HG commits. Doveadm still treats the namespace/ACL differently compared to a MUA. While doveadm refuses to create the mailbox, the MUA succeeds. However I'd like to do all this scripted using doveadm ideally... $ openssl s_client -connect host.domain.tld:143 -starttls imap . OK Pre-login capabilities listed, post-login capabilities have more. 1 login tlx at leuxner.net * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NOTIFY SPECIAL-USE QUOTA ACL RIGHTS=texk 1 OK Logged in 2 list "Public/Archive" * [...] * LIST (\Noselect \HasChildren) "/" Public/Archive/Mailing-Lists/Dovecot * LIST (\HasNoChildren \UnMarked) "/" Public/Archive/Mailing-Lists/Dovecot/2014 * LIST (\HasNoChildren \UnMarked) "/" Public/Archive/Mailing-Lists/Dovecot/2013 * LIST (\HasNoChildren \UnMarked) "/" Public/Archive/Mailing-Lists/Dovecot/2012 [...] 2 OK List completed (0.016 secs). 3 create "Public/Archive/Mailing-Lists/Dovecot/2015" 3 OK Create completed (0.006 secs). 4 list "Public/Archive" * [...] * LIST (\HasNoChildren) "/" Public/Archive/Mailing-Lists/Dovecot/2015 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From sergey.schwartz at bgoperator.com Tue Sep 8 08:20:05 2015 From: sergey.schwartz at bgoperator.com (Sergey Schwartz) Date: Tue, 8 Sep 2015 11:20:05 +0300 Subject: [Dovecot] dsync replication errors In-Reply-To: <15A63551-0A84-4952-82EB-3CBDC60B72C2@iki.fi> References: <20130131112752.642beb56@boscos> <20130131130639.260eb4b8@boscos> <8430F751-4A7E-4CCF-AFAF-20E4C9F2A608@iki.fi> <20130131134624.2c515aa8@boscos> <4ABF8E21-B7D4-47A7-B79F-81E97BE21A7C@iki.fi> <20130131141018.44b30d71@boscos> <8114CD6C-3825-4BAB-919D-EE3AD92FFF4F@iki.fi> <20130131143639.3cfdf41c@boscos> <20130131173736.3015b6cb@boscos> <3221CB48-750F-493F-AFE0-32E6FDD18360@iki.fi> <20130131184125.49d35f5d@boscos> <1359663448.3230.0.camel@hurina> <20130201132825.5363b1f4@boscos> <1361028022.3230.61.camel@hurina> <20130216193244.03b3c5a6@boscos.leetdreams.ch> <1361089297.3230.84.camel@hurina> <55EE0CC0.80804@gedalya.net> <15A63551-0A84-4952-82EB-3CBDC60B72C2@iki.fi> Message-ID: <55EE9A35.20903@bgoperator.com> Timo, I use mdbox and probably have similar issue, but in my case only shared mailboxes were affected. May 26 12:35:05 mx10 dovecot: doveadm: Error: dsync-remote(anna.harina at bgoperator.com): Error: Mailbox shared/l.davydjanc at bgoperator.com/russia: Save commit failed: Message has been copied too many times (50045 + 1) May 26 12:35:19 mx10 dovecot: dsync-local(anna.harina at bgoperator.com): Error: Mailbox shared/l.davydjanc at bgoperator.com/russia: Save commit failed: Message has been copied too many times (16511 + 16257) May 26 12:35:42 mx10 dovecot: doveadm: Error: dsync-remote(angelina.alieva at bgoperator.com): Error: Mailbox shared/l.davydjanc at bgoperator.com/russia: Save commit failed: Message has been copied too many times (50045 + 1) May 26 12:35:42 mx10 dovecot: dsync-local(angelina.alieva at bgoperator.com): Error: Mailbox shared/l.davydjanc at bgoperator.com/russia: Save commit failed: Message has been copied too many times (16511 + 16257) May 26 12:37:21 mx10 dovecot: doveadm: Error: dsync-remote(e.shestakova at bgoperator.com): Error: Mailbox shared/l.davydjanc at bgoperator.com/russia: Save commit failed: Message has been copied too many times (50045 + 1) May 26 12:37:41 mx10 dovecot: dsync-local(e.shestakova at bgoperator.com): Error: Mailbox shared/l.davydjanc at bgoperator.com/russia: Save commit failed: Message has been copied too many times (16511 + 16257) May 26 12:59:45 mx10 dovecot: doveadm: Error: dsync-remote(m.korobova at bgoperator.com): Error: Mailbox turkey: Save commit failed: Message has been copied too many times (24498 + 8270) May 26 13:00:34 mx10 dovecot: doveadm: Error: dsync-remote(g.zhelonkina at bgoperator.com): Error: Mailbox booking: Save commit failed: Message has been copied too many times (55213 + 1) May 26 13:09:18 mx10 dovecot: dsync-local(l.davydjanc at bgoperator.com): Error: Mailbox russia: Save commit failed: Message has been copied too many times (16511 + 16257) May 26 13:09:30 mx10 dovecot: doveadm: Error: dsync-remote(l.davydjanc at bgoperator.com): Error: Mailbox russia: Save commit failed: Message has been copied too many times (50045 + 1) May 26 13:19:50 mx10 dovecot: doveadm: Error: dsync-remote(g.zhelonkina at bgoperator.com): Error: Mailbox booking: Save commit failed: Message has been copied too many times (55213 + 1) Best regards, Sergey Schwartz Senior System Administrator Biblio Globus Tour Operator www.bgoperator.ru T: +7 495 5042500 ext 1532 E: sergey.schwartz at bgoperator.com 08.09.2015 01:25, Timo Sirainen ?????: > On 08 Sep 2015, at 01:16, Gedalya wrote: >> On 02/17/2013 03:21 AM, Timo Sirainen wrote: >>> Although there's still some mail >>> duplication problem with maildir that doesn't log any errors about it. >>> I'm not sure why that happens. >> While you're around, Timo :-) >> >> I've had such an issue recently with 2.2.18, using Maildir, where emails were being replicated circularly creating more and more duplicate copies. >> Replication should have been unidirectional in reality since changes were being made on one side only. >> Nothing coherent was being logged. Only "Warning: Maildir /srv/mail/domains/.../Maildir: Expunged message reappeared, giving a new UID .. " appearing on the receiving side. >> Is there any intelligence on the matter, or should I isolate this down and report it from scratch? > dsync bugs usually take a lot of time to debug. Unless there's an easily reproducible way to break it, I try to avoid spending time on it. Also in this case the bug might be in Maildir code instead of dsync code. From cumc-4361-2 at chguadalquivir.es Tue Sep 8 09:00:37 2015 From: cumc-4361-2 at chguadalquivir.es (Fran) Date: Tue, 8 Sep 2015 11:00:37 +0200 Subject: My dovecot works fine against Active Directory 2003, but not against AD2008 Message-ID: <55EEA3B5.1060208@chguadalquivir.es> Hello, my dovecot installation has been working fine against AD till we upgrade from AD 2003 to AD 2008. As http://wiki2.dovecot.org/AuthDatabase/LDAP said, now I'm not able to connect AD through 389 port. The port 3268 works fine though. (...) Sep 7 19:02:05 dovecot: imap-login: Error: master(imap): Auth request timed out (received 0/12 bytes) Sep 7 19:02:05 dovecot: imap-login: Internal login failure (pid=4846 id=1) (internal failure, 1 successful auths): user=<>, method=PLAIN, rip=, lip=, TLS, session= (...) Sep 7 19:02:06 dovecot: auth: Error: ldap(,,): Connection appears to be hanging, reconnecting Sep 7 19:02:06 dovecot: auth: Error: ldap(,,): LDAP search returned multiple entries (...) Is there a technical reason for this problem? Does it exist any workaround? The use of Global Catalog (port 3268) is not a solution for me, since it misses many attributes. (ex. I use the field "initials" to set the quota and this field is not available through port 3268). I also noticed that, now, it uses any DC available in the domain, it doesn't care what I configured in "hosts = " parameter. This is using "hosts = dc03.domain:389": ----------------------------------------------- [root@ ~]# netstat -anp | grep dovecot | grep auth tcp 22 0 :55217 :389 ESTABLISHED 4872/dovecot/auth tcp 22 0 :57645 :389 ESTABLISHED 4872/dovecot/auth tcp 0 0 :55216 :389 ESTABLISHED 4872/dovecot/auth It looks like it does a look up for other domains controller (I don't know how nor why) and it connect aleatory to any DC in my domain (in this case dc06.domain, but it changes any time), additionally to the configured one (dc03.domain). This is using "hosts = dc03.domain:3268": ------------------------------------------------ [root@ ~]# netstat -anp | grep dovecot | grep auth tcp 0 0 :58485 :3268 ESTABLISHED 4982/dovecot/auth In this case, only the configured server in host parameter is used (I think this is the right behaviour) Aditional info: --------------- CentOS Linux release 7.0.1406 (Core) dovecot 2.2.10 Build options: ioloop=epoll notify=inotify ipv6 openssl io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail SQL driver plugins: mysql postgresql sqlite Passdb: checkpassword ldap pam passwd passwd-file shadow sql Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql My /etc/dovecot/dovecot-ldap.conf.ext -------------------------------------- #hosts = dc03.domain:3268 hosts = dc03.domain:389 #uris = ldap://dc03.domain base = DC=domain #tls = yes tls = no ldap_version = 3 auth_bind = yes auth_bind_userdn = %u at domain #auth_bind_userdn = DOMAIN\%u dn = cn=,cn=Users,dc=domain dnpass = #scope = subtree #deref = never user_filter = (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) pass_filter = (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) pass_attrs = userPassword=password user_attrs = Initials=quota_rule=*:storage=%$MB --------------- -------------------------- Log trace using PORT 389: -------------------------- Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [] Sep 7 19:00:35 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Sep 7 19:00:35 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Sep 7 19:00:35 dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [] Sep 7 19:00:35 dovecot: auth: Debug: auth client connected (pid=4846) Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [] Sep 7 19:00:35 dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=T+grMCsfqgAKHyZV lip= rip= lport=993 rport=59818 Sep 7 19:00:35 dovecot: auth: Debug: client passdb out: CONT 1 Sep 7 19:00:35 dovecot: auth: Debug: client in: CONT 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous base64 data may contain sensitive data) Sep 7 19:00:35 dovecot: auth: Debug: client passdb out: OK 1 user= Sep 7 19:00:35 dovecot: auth: Debug: master in: REQUEST 4142792705 4846 1 cb2115241ccfd81959c15122ec062a8b session_pid=4849 request_auth_token Sep 7 19:00:35 dovecot: auth: Debug: ldap(,,): user search: base=DC=domain scope=subtree filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) fields=Initials Sep 7 19:02:05 dovecot: imap-login: Error: master(imap): Auth request timed out (received 0/12 bytes) Sep 7 19:02:05 dovecot: imap-login: Internal login failure (pid=4846 id=1) (internal failure, 1 successful auths): user=<>, method=PLAIN, rip=, lip=, TLS, session= Sep 7 19:02:05 dovecot: auth: Debug: client in: CANCEL 1 Sep 7 19:02:05 dovecot: imap-login: Debug: SSL alert: close notify [] Sep 7 19:02:05 dovecot: imap: Error: Login client disconnected too early Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 7 19:02:05 dovecot: auth: Debug: auth client connected (pid=4868) Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [] Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [] Sep 7 19:02:06 dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=ZjyONSsf6QAKHyZV lip= rip= lport=993 rport=59881 Sep 7 19:02:06 dovecot: auth: Debug: client passdb out: CONT 1 Sep 7 19:02:06 dovecot: auth: Debug: client in: CONT 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous base64 data may contain sensitive data) Sep 7 19:02:06 dovecot: auth: Error: ldap(,,): Connection appears to be hanging, reconnecting Sep 7 19:02:06 dovecot: auth: Error: ldap(,,): LDAP search returned multiple entries Sep 7 19:03:10 dovecot: imap: Error: Auth server request timed out after 155 secs (client-pid=4846 client-id=1) Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: close notify [] Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: close notify [] Sep 7 19:04:36 dovecot: auth: Error: PLAIN(,,): Request 4868.1 timed out after 150 secs, state=1 Sep 7 19:05:05 dovecot: imap-login: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 179 secs): user=<>, method=PLAIN, rip=, lip=, TLS, session= Sep 7 19:05:05 dovecot: auth: Debug: client in: CANCEL Sep 7 19:06:06 dovecot: auth: ldap(,,): Shutting down Sep 7 19:06:06 dovecot: auth: Debug: master userdb out: FAIL 4142792705 Sep 7 19:06:06 dovecot: auth: ldap(,,): Shutting down Sep 7 19:06:06 dovecot: auth: Debug: client passdb out: FAIL 1 user= temp -------------------------- Log trace using PORT 3268: -------------------------- Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [] Sep 7 19:33:07 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Sep 7 19:33:07 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Sep 7 19:33:07 dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [] Sep 7 19:33:07 dovecot: auth: Debug: auth client connected (pid=4971) Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [] Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [] Sep 7 19:33:08 dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=FAKKpCsf0AAKHyZV lip= rip= lport=993 rport=61648 Sep 7 19:33:08 dovecot: auth: Debug: client passdb out: CONT 1 Sep 7 19:33:08 dovecot: auth: Debug: client in: CONT 1 AEN1bWMtNDM2MS0yAGZvcnRpbmV0LjIwMTQ= (previous base64 data may contain sensitive data) Sep 7 19:33:08 dovecot: auth: Debug: client passdb out: OK 1 user= Sep 7 19:33:08 dovecot: auth: Debug: master in: REQUEST 3261071361 4971 1 4755688f0bdd33a0fadcc5d3b8664e61 session_pid=4974 request_auth_token Sep 7 19:33:08 dovecot: auth: Debug: ldap(,,): user search: base=DC=domain scope=subtree filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) fields=Initials [Here start the difference between 389 and 3268 ports] Sep 7 19:33:08 dovecot: auth: Debug: ldap(,,): no fields returned by the server [Next line you can see missing attributes, due to I'm using port 3268] Sep 7 19:33:08 dovecot: auth: Debug: ldap(,,): result: Initials missing Sep 7 19:33:08 dovecot: auth: Debug: master userdb out: USER 3261071361 uid=1000 gid=1000 home=/home/mailstorage// auth_token=9191cdf475600f0a47e185bb65817c0e0f495894 Sep 7 19:33:08 dovecot: imap-login: Login: user=<>, method=PLAIN, rip=, lip=, mpid=4974, TLS, session= Sep 7 19:33:08 dovecot: imap: Debug: Loading modules from directory: /usr/lib64/dovecot Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so Sep 7 19:33:08 dovecot: imap(): Debug: Effective uid=1000, gid=1000, home=/home/mailstorage// Sep 7 19:33:08 dovecot: imap(): Debug: Quota root: name=CuotaUsuario backend=maildir args= Sep 7 19:33:08 dovecot: imap(): Debug: Quota rule: root=CuotaUsuario mailbox=* bytes=2097152 messages=0 Sep 7 19:33:08 dovecot: imap(): Debug: Quota grace: root=CuotaUsuario bytes=209715 (10%) Sep 7 19:33:08 dovecot: imap(): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Sep 7 19:33:08 dovecot: imap(): Debug: maildir++: root=/home/mailstorage///Maildir, index=, indexpvt=, control=, inbox=/home/mailstorage///Maildir, alt= From Jens.Kirchner at web.de Tue Sep 8 09:06:39 2015 From: Jens.Kirchner at web.de (Jens Kirchner) Date: Tue, 8 Sep 2015 11:06:39 +0200 Subject: File permissions: system groups for do not work for group/shared mailboxes Message-ID: Hello! I am struggling to set up a group mailbox for users of a certain system group. I want to grant access to the mailbox on a filesystem mode by using the system groups. The problem, the set up works fine and when I use setfacl and grant permissions too each user manually, it works fine. However, I want to use a system user's group membership in order to grant access to these mailboxes insted of manually granting for each user. dovecot version: 2.2.9 This is the config part: namespace { location = maildir:/data/mail/public:LAYOUT=fs prefix = GROUP-MAILBOXES/ separator = / subscriptions = no type = public } ... passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } ... userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } filesystem permissions (getfacl): # file: GroupboxA/ # owner: root # group: root user::rwx user:user1:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:user1:rwx default:group::rwx default:mask::rwx default:other::--- # file: GroupboxB/ # owner: root # group: root user::rwx group::rwx group:group1:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:group1:rwx default:mask::rwx default:other::--- user1 is in roup1 When setting username-based permissions (GroupboxA), the mailbox is usable and subsribable; when setting groupname-based permissions (GroupboxB) it is not subscribable/usable. Thanks for your help in advance and best regards, Jens From tss at iki.fi Tue Sep 8 10:08:46 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 8 Sep 2015 13:08:46 +0300 Subject: charset-iconv.c panic In-Reply-To: <55EE034C.2010007@iki.fi> References: <55EE034C.2010007@iki.fi> Message-ID: <90CD7FFA-DD94-4004-B2F7-68B38F9F295F@iki.fi> > On 08 Sep 2015, at 00:36, Timo Sirainen wrote: > > On 07/29/2015 04:02 PM, mihaiush wrote: >> Hi, >> >> I have a mailbox where indexing fails with the following error: >> >> # /opt/dovecot2/bin/doveadm -c /tmp/dovecot.conf -o >> mail_location=/tmp/skesselring index '*' >> doveadm(root): Panic: file charset-iconv.c: line 132 (charset_to_utf8): >> assertion failed: (*src_size - pos <= CHARSET_MAX_PENDING_BUF_SIZE) > > Is it possible for you to send the broken mail to me? Otherwise it would > be pretty difficult to figure out how to fix this. > > Also applying this patch would make it a bit clearer where the problem > is: http://hg.dovecot.org/dovecot-2.2/rev/9fdbb3b220ec > >> ctx = {mail = 0x23639b0, update_ctx = 0x2355980, content_type = >> 0x2371540 "text/*", content_disposition = 0x2371fa0 "attachment; >> filename=\"PTT-20141109-WA0001.amr\"", body_parser = 0x23832a0, word_buf = > > So the problem is with indexing an attachment called "PTT-20141109 > WA0001.amr". Fixed: http://hg.dovecot.org/dovecot-2.2/rev/cb4fcdc716e2 It doesn't seem to happen with newer glibc versions though, at least not in my Debian unstable. From tss at iki.fi Tue Sep 8 10:11:47 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 8 Sep 2015 13:11:47 +0300 Subject: Dovecot and IPA In-Reply-To: <1441682196.3968.4.camel@thesandhufamily.ca> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441659492.25427.1.camel@thesandhufamily.ca> <1441682196.3968.4.camel@thesandhufamily.ca> Message-ID: <3EAD0D1C-88F9-4216-900C-2F0B09427015@iki.fi> > On 08 Sep 2015, at 06:16, Kanwar Ranbir Sandhu wrote: > > On Mon, 2015-09-07 at 23:15 +0200, Benny Pedersen wrote: >> change password before debug logs >> >> then run debug >> >> change password >> >> paste it >> >> is safe > > Here's the in rawlog: > > 1441680001.046492 B00001 AUTHENTICATE GSSAPI So it is using AUTHENTICATE GSSAPI. > 1441680001.096713 B00001 NO [UNAVAILABLE] Temporary authentication > failure. [mailman02.theinside.rnr:2015-09-08 02:40:01] > 1441680001.096726 * OK Waiting for authentication process to respond.. I guess it's now crashing with this: auth: Panic: file auth-request.c: line 733 (auth_request_is_disabled_master_user): assertion failed: (request->requested_login_user != NULL) That's a bug in the Dovecot version you're using. Upgrade. From bluewind at xinu.at Tue Sep 8 10:14:27 2015 From: bluewind at xinu.at (Florian Pritz) Date: Tue, 8 Sep 2015 12:14:27 +0200 Subject: segfault when using zlib module with glibc 2.22 In-Reply-To: <41DA8C27-1279-4757-AD78-BF348BE2445B@iki.fi> References: <20150820003739.5e3e3897@marin.server-speed.net> <41DA8C27-1279-4757-AD78-BF348BE2445B@iki.fi> Message-ID: <20150908121427.055bd540@marin.server-speed.net> Hi, On Mon, 24 Aug 2015 19:18:41 +0300 Timo Sirainen wrote: > If it only happens with Arch Linux with an updated glibc version, I doubt the problem is with Dovecot's code. It's indeed a glibc issue and it appears upstream already has a fix and that fix has been merged into Arch Linux' glibc 2.22-3 package. Thanks for the pointer. Florian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From paul at aptanet.com Tue Sep 8 10:16:52 2015 From: paul at aptanet.com (Paul Tansom) Date: Tue, 8 Sep 2015 11:16:52 +0100 Subject: Public folder subscriptions with Outlook Message-ID: <20150908101652.GB4688@aptanet.com> This is more an Outlook issue than Dovecot, but given that it is connected to Dovecot I figured there would be a good pool of knowledge here that increases the likelihood that somebody knows the answer :) I have a Dovecot server setup with a public folder and keep getting complaints that Outlook users don't see new folders created by other people. In Thunderbird it is simply a case of unchecking the box to only show subscribed folders, but I can't find a way to do this in Outlook. The only thing I can think of is putting a script on the server to check for new folders and update each users subcriptions file, but I'm not completely happy with that solution! Any suggestions welcome. -- Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001 Vice Chair, FSB Portsmouth & SE Hampshire Branch | http://www.fsb.org.uk/ ============================================================================= Registered in England | Company No: 4905028 | Registered Office: Ralls House, Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP From tss at iki.fi Tue Sep 8 10:20:40 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 8 Sep 2015 13:20:40 +0300 Subject: Different behavior of ACLs in MUA and doveadm In-Reply-To: <20141231211045.GA43677@nihlus.leuxner.net> References: <20141231211045.GA43677@nihlus.leuxner.net> Message-ID: <43CE19FB-1F47-4231-A7CA-13E9A33D3EE7@iki.fi> On 31 Dec 2014, at 23:10, Thomas Leuxner wrote: > > I have noticed a difference in the behavior of ACLs. When used in a MUA the following global ACL works fine and has the desired effect - new mailboxes can be created by a user being part of the 'PublicMailboxAdmins' group: How does the PublicMailboxAdmins group get set? Looks to me like the problem is that it's not getting set to doveadm. Here's an easy way to check if that's the problem or something else: http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389 If that doesn't help: Show your full doveconf -n, set auth_debug=yes and mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a difference somewhere in there. From tss at iki.fi Tue Sep 8 10:24:42 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 8 Sep 2015 13:24:42 +0300 Subject: [Dovecot] dsync replication errors In-Reply-To: <55EE9A35.20903@bgoperator.com> References: <20130131112752.642beb56@boscos> <20130131130639.260eb4b8@boscos> <8430F751-4A7E-4CCF-AFAF-20E4C9F2A608@iki.fi> <20130131134624.2c515aa8@boscos> <4ABF8E21-B7D4-47A7-B79F-81E97BE21A7C@iki.fi> <20130131141018.44b30d71@boscos> <8114CD6C-3825-4BAB-919D-EE3AD92FFF4F@iki.fi> <20130131143639.3cfdf41c@boscos> <20130131173736.3015b6cb@boscos> <3221CB48-750F-493F-AFE0-32E6FDD18360@iki.fi> <20130131184125.49d35f5d@boscos> <1359663448.3230.0.camel@hurina> <20130201132825.5363b1f4@boscos> <1361028022.3230.61.camel@hurina> <20130216193244.03b3c5a6@boscos.leetdreams.ch> <1361089297.3230.84.camel@hurina> <55EE0CC0.80804@gedalya.net> <15A63551-0A84-4952-82EB-3CBDC60B72C2@iki.fi> <55EE9A35.20903@bgoperator.com> Message-ID: <5EB2C42A-D57F-498D-AA87-91733595B518@iki.fi> On 08 Sep 2015, at 11:20, Sergey Schwartz wrote: > > I use mdbox and probably have similar issue, but in my case only shared mailboxes were affected. Yes, shared mailboxes don't work nicely with replication. Replication is locking only the original user, so for shared mailboxes multiple dsyncs can be running in parallel and messing things up. A bit troublesome to fix this. I've had this issue happening for a couple of years now for our mails and I haven't bothered fixing it, so it's unlikely I'll do it anytime soon.. Although I haven't seen that many duplicates of the mails - just 10 or so. From jerry at seibercom.net Tue Sep 8 10:29:56 2015 From: jerry at seibercom.net (Jerry) Date: Tue, 8 Sep 2015 06:29:56 -0400 Subject: Public folder subscriptions with Outlook In-Reply-To: <20150908101652.GB4688@aptanet.com> References: <20150908101652.GB4688@aptanet.com> Message-ID: <20150908062956.4ea6718f@seibercom.net> On Tue, 8 Sep 2015 11:16:52 +0100, Paul Tansom stated: >This is more an Outlook issue than Dovecot, but given that it is connected to >Dovecot I figured there would be a good pool of knowledge here that increases >the likelihood that somebody knows the answer :) > >I have a Dovecot server setup with a public folder and keep getting >complaints that Outlook users don't see new folders created by other people. >In Thunderbird it is simply a case of unchecking the box to only show >subscribed folders, but I can't find a way to do this in Outlook. The only >thing I can think of is putting a script on the server to check for new >folders and update each users subcriptions file, but I'm not completely >happy with that solution! > >Any suggestions welcome. What version of Outlook? -- Jerry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From Hajo.Locke at gmx.de Tue Sep 8 11:10:25 2015 From: Hajo.Locke at gmx.de (Hajo Locke) Date: Tue, 8 Sep 2015 13:10:25 +0200 Subject: sieve_extprograms - double linebreaks at filtering Message-ID: <55EEC221.3020103@gmx.de> Hello List, i have a problem when using sieve-plugin sieve_extprograms. I use dovecot 2.2.18 and bundled pigeonhole 0.4.6 (Ubuntu 14.04.3 LTS) i have enabled sieve_extprograms and vnd.dovecot.filter to send mail to user-defined script and get changed content back. My script previously was used with procmail and is working fine. Using same script with vnd.dovecot.filter leads to odd behavior. I already found out the problem itself: By sending Mailcontent to filter-programm it seems that sieve/sieve_extprograms is adding additional linebreaks to every line of complete mail. Please see this image to clarify: http://r31i.imgup.net/header8d56.jpg?l=de Every lineending got additional windows-lineendings, which leads to problems with processing scripts. Piping mails by procmail to same script is working without problems, because this mails are recieved "clean" without the "^M". this is part of dovecot.conf: plugin { sieve = ~/.dovecot.sieve sieve_plugins = sieve_extprograms sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter +vnd.dovecot.execute sieve_pipe_bin_dir = /usr/local/bin/ sieve_filter_bin_dir = /usr/local/bin/ } this is part of userscript ~/.dovecot.sieve: require ["fileinto", "vacation", "variables", "envelope", "imap4flags", "vnd.dovecot.filter", "subaddress"]; if address "to" "test2 at example.com" { filter "my-script"; } my-script currently just recieves and saves raw-data, so i could find difference between sieve and procmail mails. What to do here? Is this a kind of bug of sieve/sieve_extprograms or i have to use additional parameters? Thanks, Hajo From tlx at leuxner.net Tue Sep 8 11:26:51 2015 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 8 Sep 2015 13:26:51 +0200 Subject: Different behavior of ACLs in MUA and doveadm In-Reply-To: <43CE19FB-1F47-4231-A7CA-13E9A33D3EE7@iki.fi> References: <20141231211045.GA43677@nihlus.leuxner.net> <43CE19FB-1F47-4231-A7CA-13E9A33D3EE7@iki.fi> Message-ID: <20150908112651.GA46514@nihlus.leuxner.net> * Timo Sirainen 2015.09.08 12:20: > How does the PublicMailboxAdmins group get set? Looks to me like the problem is that it's not getting set to doveadm. Here's an easy way to check if that's the problem or something else: http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389 > > If that doesn't help: Show your full doveconf -n, set auth_debug=yes and mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a difference somewhere in there. $ doveadm mailbox create -u tlx at leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 doveadm(tlx at leuxner.net): Error: Can't create mailbox Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied Both debug levels raised, it doesn't log about the problem when using doveadm. I guess the patch is not enough: Sep 8 13:19:07 nihlus dovecot: auth: Debug: master in: USER#0111#011tlx at leuxner.net#011service=doveadm Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file(tlx at leuxner.net): userdb cache miss Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file /var/vmail/auth.d/leuxner.net/passwd: Read 1 users in 0 secs Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file(tlx at leuxner.net): lookup: user=tlx at leuxner.net file=/var/vmail/auth.d/leuxner.net/passwd Sep 8 13:19:07 nihlus dovecot: auth: Debug: userdb out: USER#0111#011tlx at leuxner.net#011uid=5000#011gid=5000#011home=/var/vmail/domains/leuxner.net/tlx#011quota_rule=*:storage=5G#011acl_groups=PublicMailboxAdmins With IMAP it is more talkative: 3 create "Public/Archive/Mailing-Lists/Dovecot/2015" Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Added userdb setting: plugin/acl_groups=PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Added userdb setting: plugin/quota_rule=*:storage=5G Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Effective uid=5000, gid=5000, home=/var/vmail/domains/leuxner.net/tlx Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Quota root: name=user backend=dict args=:file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Quota rule: root=user mailbox=* bytes=5368709120 messages=0 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Quota rule: root=user mailbox=Trash bytes=+536870912 (10%) messages=0 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Quota grace: root=user bytes=536870912 (10%) Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: dict quota: user=tlx at leuxner.net, uri=file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota, noenforcing=0 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox, index=, indexpvt=, control=, inbox=, alt= Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: owner = 1 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox /public Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: fs: root=/var/vmail/public, index=, indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, alt= Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: owner = 0 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace : type=private, prefix=Virtual/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=virtual:~/mdbox/virtual Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox/virtual, index=, indexpvt=, control=, inbox=, alt= Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: owner = 1 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:07:13 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/domains/leuxner.net/tlx/mdbox/mailboxes/dovecot-acl not found Sep 8 13:07:13 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace : Using permissions from /var/vmail/domains/leuxner.net/tlx/mdbox: mode=0700 gid=default Sep 8 13:07:13 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace Public/: Using permissions from /var/vmail/public: mode=0700 gid=default Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace Public/: /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015 doesn't exist yet, using default permissions Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/dbox-Mails/dovecot-acl not found Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015/dbox-Mails/dovecot-acl not found Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015/dbox-Mails/dovecot-acl not found Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015/dbox-Mails/dovecot-acl not found # 2.2.18 (500e8dd7a389): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.8 # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.2 auth_cache_size = 16 k auth_debug = yes auth_verbose = yes deliver_log_format = msgid=%m, time=%{delivery_time}ms, status=%$ hostname = host.domain.tld imap_hibernate_timeout = 1 mins imap_id_log = * imap_logout_format = in=%i out=%o hdr=%{fetch_hdr_count} body=%{fetch_body_count} del=%{deleted} exp=%{expunged} trash=%{trashed} mail_debug = yes mail_location = mdbox:~/mdbox mail_plugins = acl quota stats zlib virtual mailbox_list_index = yes namespace { list = yes location = mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public prefix = Public/ separator = / subscriptions = no type = public } namespace { location = virtual:~/mdbox/virtual prefix = Virtual/ separator = / } namespace inbox { hidden = no inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = username_format=%u /var/vmail/auth.d/%d/passwd driver = passwd-file } plugin { acl = vfile:/var/vmail/conf.d/%d/global-acl:cache_secs=300 mail_log_events = expunge mailbox_delete quota = dict:user::file:%h/mdbox/dovecot-quota quota_grace = 10%% quota_rule = *:storage=1GB quota_rule2 = Trash:storage=+10%% quota_status_nouser = DUNNO quota_status_success = DUNNO sieve = file:~/sieve;active=~/.dovecot.sieve sieve_global_dir = /var/vmail/conf.d/%d/sieve stats_refresh = 30s stats_track_cmds = yes zlib_save = gz zlib_save_level = 6 } protocols = " imap lmtp" quota_full_tempfail = yes service auth-worker { unix_listener auth-worker { user = doveauth } user = doveauth } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = doveauth } service imap-hibernate { unix_listener imap-hibernate { user = vmail } } service imap-login { inet_listener imap { address = 1.2.3.4 port = 143 reuse_port = yes } inet_listener imaps { port = 0 } process_min_avail = 8 } service imap { unix_listener imap-master { user = dovecot } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_ca = From vlad.pop at qaleido.com Tue Sep 8 11:58:03 2015 From: vlad.pop at qaleido.com (Vlad Pop) Date: Tue, 08 Sep 2015 14:58:03 +0300 Subject: Fetch command response questions Message-ID: Hello, I have the following issue: When using command? FETCH 2 (BODY.PEEK[HEADER] UID INTERNALDATE FLAGS BODYSTRUCTURE) on 2 different emails, we get 2 different response structure. First response structure contains the BODYSTRUCTURE in a single line, while in the second response, the BODYSTRUCTURE is divided into multiple lines with "{61}" character at the end of each line. The difference between those 2 emails is the name of some attachments. The attachment is an .eml file named "Re: [SR-Users] Keep-Alive in dialog "freeing a free fragment"" Is this a sort of bug or is it correct to receive the?BODYSTRUCTURE on multiple lines? Vlad Pop From tss at iki.fi Tue Sep 8 12:28:14 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 08 Sep 2015 15:28:14 +0300 Subject: Different behavior of ACLs in MUA and doveadm In-Reply-To: <20150908112651.GA46514@nihlus.leuxner.net> References: <20141231211045.GA43677@nihlus.leuxner.net> <43CE19FB-1F47-4231-A7CA-13E9A33D3EE7@iki.fi> <20150908112651.GA46514@nihlus.leuxner.net> Message-ID: <55EED45E.9080009@iki.fi> On 09/08/2015 02:26 PM, Thomas Leuxner wrote: > * Timo Sirainen 2015.09.08 12:20: > >> How does the PublicMailboxAdmins group get set? Looks to me like the problem is that it's not getting set to doveadm. Here's an easy way to check if that's the problem or something else: http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389 >> >> If that doesn't help: Show your full doveconf -n, set auth_debug=yes and mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a difference somewhere in there. > > $ doveadm mailbox create -u tlx at leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 > doveadm(tlx at leuxner.net): Error: Can't create mailbox Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied > > Both debug levels raised, it doesn't log about the problem when using doveadm. I guess the patch is not enough: With doveadm you need to give -D parameter for it to log debug output. From tss at iki.fi Tue Sep 8 12:30:27 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 08 Sep 2015 15:30:27 +0300 Subject: Fetch command response questions In-Reply-To: References: Message-ID: <55EED4E3.7030002@iki.fi> On 09/08/2015 02:58 PM, Vlad Pop wrote: > Hello, > > > > I have the following issue: > > > > When using command > > FETCH 2 (BODY.PEEK[HEADER] UID INTERNALDATE FLAGS BODYSTRUCTURE) > > on 2 different emails, we get 2 different response structure. > > > > First response structure contains the BODYSTRUCTURE in a single line, while in the second response, the BODYSTRUCTURE is divided into multiple lines with "{61}" character at the end of each line. > > > > The difference between those 2 emails is the name of some attachments. The attachment is an .eml file named "Re: [SR-Users] Keep-Alive in dialog "freeing a free fragment"" > > > > Is this a sort of bug or is it correct to receive the BODYSTRUCTURE on multiple lines? IMAP server can decide whether it returns a "string" or {123}\r\nliteral. Dovecot decides this in such a way that it sends the minimum number of bytes to the IMAP client. So there is no bug in Dovecot. From tlx at leuxner.net Tue Sep 8 12:50:01 2015 From: tlx at leuxner.net (Thomas Leuxner) Date: Tue, 8 Sep 2015 14:50:01 +0200 Subject: Different behavior of ACLs in MUA and doveadm In-Reply-To: <55EED45E.9080009@iki.fi> References: <20141231211045.GA43677@nihlus.leuxner.net> <43CE19FB-1F47-4231-A7CA-13E9A33D3EE7@iki.fi> <20150908112651.GA46514@nihlus.leuxner.net> <55EED45E.9080009@iki.fi> Message-ID: <20150908125001.GB46514@nihlus.leuxner.net> * Timo Sirainen 2015.09.08 14:28: > > Both debug levels raised, it doesn't log about the problem when using doveadm. I guess the patch is not enough: > > With doveadm you need to give -D parameter for it to log debug output. Comparing this to the previous imap log it does seem to ignore the global ACL pattern: $ doveadm -D mailbox create -u tlx at leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 Debug: Loading modules from directory: /usr/lib/dovecot/modules Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_virtual_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib90_stats_plugin.so Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) doveadm(tlx at leuxner.net): Debug: auth input: tlx at leuxner.net quota_rule=*:storage=5G acl_groups=PublicMailboxAdmins uid=5000 gid=5000 home=/var/vmail/domains/leuxner.net/tlx doveadm(tlx at leuxner.net): Debug: Added userdb setting: plugin/acl_groups=PublicMailboxAdmins doveadm(tlx at leuxner.net): Debug: Added userdb setting: plugin/quota_rule=*:storage=5G doveadm(tlx at leuxner.net): Debug: Effective uid=5000, gid=5000, home=/var/vmail/domains/leuxner.net/tlx doveadm(tlx at leuxner.net): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled doveadm(tlx at leuxner.net): Debug: Quota root: name=user backend=dict args=:file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota doveadm(tlx at leuxner.net): Debug: Quota rule: root=user mailbox=* bytes=5368709120 messages=0 doveadm(tlx at leuxner.net): Debug: Quota rule: root=user mailbox=Trash bytes=+536870912 (10%) messages=0 doveadm(tlx at leuxner.net): Debug: Quota grace: root=user bytes=536870912 (10%) doveadm(tlx at leuxner.net): Debug: dict quota: user=tlx at leuxner.net, uri=file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota, noenforcing=0 doveadm(tlx at leuxner.net): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox doveadm(tlx at leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox, index=, indexpvt=, control=, inbox=, alt= doveadm(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net doveadm(tlx at leuxner.net): Debug: acl: owner = 1 doveadm(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public doveadm(tlx at leuxner.net): Debug: fs: root=/var/vmail/public, index=, indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, alt= doveadm(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net doveadm(tlx at leuxner.net): Debug: acl: owner = 0 doveadm(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: Namespace : type=private, prefix=Virtual/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=virtual:~/mdbox/virtual doveadm(tlx at leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox/virtual, index=, indexpvt=, control=, inbox=, alt= doveadm(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net doveadm(tlx at leuxner.net): Debug: acl: owner = 1 doveadm(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/dovecot-acl not found doveadm(tlx at leuxner.net): Error: Can't create mailbox Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: From paul at aptanet.com Tue Sep 8 12:52:30 2015 From: paul at aptanet.com (Paul Tansom) Date: Tue, 8 Sep 2015 13:52:30 +0100 Subject: Public folder subscriptions with Outlook In-Reply-To: <20150908062956.4ea6718f@seibercom.net> References: <20150908101652.GB4688@aptanet.com> <20150908062956.4ea6718f@seibercom.net> Message-ID: <20150908125229.GC4688@aptanet.com> ** Jerry [2015-09-08 11:30]: > On Tue, 8 Sep 2015 11:16:52 +0100, Paul Tansom stated: > >This is more an Outlook issue than Dovecot, but given that it is connected to > >Dovecot I figured there would be a good pool of knowledge here that increases > >the likelihood that somebody knows the answer :) > > > >I have a Dovecot server setup with a public folder and keep getting > >complaints that Outlook users don't see new folders created by other people. > >In Thunderbird it is simply a case of unchecking the box to only show > >subscribed folders, but I can't find a way to do this in Outlook. The only > >thing I can think of is putting a script on the server to check for new > >folders and update each users subcriptions file, but I'm not completely > >happy with that solution! > > > >Any suggestions welcome. > > What version of Outlook? ** end quote [Jerry] Mainly 2010, but I think there may be a 2003 too. At the moment I'm looking into using 'subscriptions = yes' in the namespace to use a shared subscriptions file for the public folder - posting to this list has started me thinking of things I can do on the server rather than the client. -- Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001 Vice Chair, FSB Portsmouth & SE Hampshire Branch | http://www.fsb.org.uk/ ============================================================================= Registered in England | Company No: 4905028 | Registered Office: Ralls House, Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP From andreas.fineske at iea-dpc.de Tue Sep 8 13:00:48 2015 From: andreas.fineske at iea-dpc.de (Andreas Fineske) Date: Tue, 08 Sep 2015 15:00:48 +0200 Subject: can't get modseq in logfile Message-ID: <2367b63fafa680a56fb6f4953e4eef77@go.iea-dpc.de> Hello, I've found this in the logfile: Sep 7 23:16:55 s-imap3 dovecot: dsync-local(timss.iea-dpc.de): Error: /vmail/iea-dpc.de/timss/Maildir/.Countries.USA/dovecot.index.log: Transaction log changed unexpectedly, can't get modseq Can anyone tell me what is worng? Regards Andreas -- IEA Data Processing and Research Center Andreas Fineske Information and Communication Technology Services Mexikoring 37 22297 Hamburg Tel.: 040/48 500 550 Fax:??040/48 500 501 E-Mail: andreas.fineske at iea-dpc.de Web:??www.iea-dpc.de -- From asteriskmail at gmail.com Tue Sep 8 13:17:27 2015 From: asteriskmail at gmail.com (Il Neofita) Date: Tue, 8 Sep 2015 09:17:27 -0400 Subject: Problem with SHA2/Geotrust and dovecot 2.0.9 Message-ID: Hi I have renew my geotrust certificate using sha2, and I have problem with Dovecot 2.0.9 and redhat 6.7. The same certificate is working in Apache. The error is dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. and the configuration file is ssl_cert= References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441659492.25427.1.camel@thesandhufamily.ca> <1441682196.3968.4.camel@thesandhufamily.ca> <3EAD0D1C-88F9-4216-900C-2F0B09427015@iki.fi> Message-ID: <1441725240.3968.13.camel@thesandhufamily.ca> On Tue, 2015-09-08 at 13:11 +0300, Timo Sirainen wrote: > I guess it's now crashing with this: > > auth: Panic: file auth-request.c: line 733 > (auth_request_is_disabled_master_user): assertion failed: (request > ->requested_login_user != NULL) > > That's a bug in the Dovecot version you're using. Upgrade. That's just awesome. I saw that in the debug log before I posted to the list, but I was hoping it was being triggered by a bad configuration on my part. :/ Ima screwed until an update is release by the CentOS team and they'll be waiting until Red Hat does something about it. :: cries :: Thanks to everyone for the help! At least now I know it's not my fault. Regards, Ranbir -- Kanwar R.S. Sandhu From mlocati at gmail.com Tue Sep 8 15:15:13 2015 From: mlocati at gmail.com (Michele Locati) Date: Tue, 8 Sep 2015 17:15:13 +0200 Subject: Multiple vacation Message-ID: Hi all I'm using Dovecot 2.2.9 and I'm having problems configuring multiple vacation actions. The problem is that I'd like to have two different senders and two different messages, selecting the correct case by the recipient email address. I mean, if someone writes me to my email address "to-address1 at example.com" I'd like to answer from "from-address1 at example.com" with the message "TEST 1". If someone writes me to my email address "to-address2 at example.com" I'd like to answer from "from-address2 at example.com" with the message "TEST 2". Here's my script: require ["fileinto","vacation"]; vacation :addresses ["to-address1 at example.com"] :from " from-address1 at example.com" text: TEST 1 . ; } vacation :addresses ["to-address2 at example.com"] :from " from-address2 at example.com" text: TEST 2 . ; But the vacation filter doesn't work, and I see this message in the log file: main script: line X: error: duplicate vacation action not allowed (previously triggered one was here: main script: line Y). Is there a way to allow multiple vacation actions? Thank you Michele From stephan at rename-it.nl Tue Sep 8 15:34:26 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 8 Sep 2015 17:34:26 +0200 Subject: Multiple vacation In-Reply-To: References: Message-ID: <55EF0002.8080105@rename-it.nl> Op 8-9-2015 om 17:15 schreef Michele Locati: > I'm using Dovecot 2.2.9 and I'm having problems configuring multiple > vacation actions. > The problem is that I'd like to have two different senders and two > different messages, selecting the correct case by the recipient email > address. > I mean, if someone writes me to my email address "to-address1 at example.com" > I'd like to answer from "from-address1 at example.com" with the message "TEST > 1". > If someone writes me to my email address "to-address2 at example.com" I'd like > to answer from "from-address2 at example.com" with the message "TEST 2". > > Here's my script: > > require ["fileinto","vacation"]; > > vacation :addresses ["to-address1 at example.com"] :from " > from-address1 at example.com" text: > TEST 1 > . > ; > } > > vacation :addresses ["to-address2 at example.com"] :from " > from-address2 at example.com" text: > TEST 2 > . > ; > > > But the vacation filter doesn't work, and I see this message in the log > file: > > main script: line X: error: duplicate vacation action not allowed > (previously triggered one was here: main script: line Y). > > Is there a way to allow multiple vacation actions? The script you posted will not even compile. There is a stray '}'. Anyway, you need to selectively trigger vacation responses. Your script tries to send both at all times, which is not allowed by the Sieve specification. You could do something like this: require ["fileinto","vacation", "envelope"]; if envelope "to" "to-address1 at example.com" { vacation :addresses ["to-address1 at example.com"] :from " from-address1 at example.com" text: TEST 1 . ; } elsif envelope "to" "to-address2 at example.com" { vacation :addresses ["to-address2 at example.com"] :from " from-address2 at example.com" text: TEST 2 . ; } Read these for more information: https://tools.ietf.org/html/rfc5228 https://tools.ietf.org/html/rfc5230 Regards, Stephan. From ml+dovecot at valo.at Tue Sep 8 15:39:42 2015 From: ml+dovecot at valo.at (Christian Kivalo) Date: Tue, 08 Sep 2015 17:39:42 +0200 Subject: Multiple vacation In-Reply-To: References: Message-ID: <163A79F3-28D7-4CBB-A879-0F96281259EF@valo.at> Am 08. September 2015 17:15:13 MESZ, schrieb Michele Locati : >Hi all > >I'm using Dovecot 2.2.9 and I'm having problems configuring multiple >vacation actions. >The problem is that I'd like to have two different senders and two >different messages, selecting the correct case by the recipient email >address. >I mean, if someone writes me to my email address >"to-address1 at example.com" >I'd like to answer from "from-address1 at example.com" with the message >"TEST >1". >If someone writes me to my email address "to-address2 at example.com" I'd >like >to answer from "from-address2 at example.com" with the message "TEST 2". > >Here's my script: > >require ["fileinto","vacation"]; > >vacation :addresses ["to-address1 at example.com"] :from " >from-address1 at example.com" text: >TEST 1 >. >; >} > >vacation :addresses ["to-address2 at example.com"] :from " >from-address2 at example.com" text: >TEST 2 >. >; > > >But the vacation filter doesn't work, and I see this message in the log >file: > >main script: line X: error: duplicate vacation action not allowed >(previously triggered one was here: main script: line Y). > >Is there a way to allow multiple vacation actions? Should be possible with an if elsif clause. eg If address :is "to" "address 1" { vacation1 } elsif address :is "to" "address 2" { vacation2 } Look at the sieve configuration examples at http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples Also take a look at the sieve vacation RFC, part 4.8, Examples at https://tools.ietf.org/html/rfc5230#section-4.8 >Thank you >Michele Regards - c From mlocati at gmail.com Tue Sep 8 15:53:19 2015 From: mlocati at gmail.com (Michele Locati) Date: Tue, 8 Sep 2015 17:53:19 +0200 Subject: Multiple vacation In-Reply-To: <55EF0002.8080105@rename-it.nl> References: <55EF0002.8080105@rename-it.nl> Message-ID: 2015-09-08 17:34 GMT+02:00 Stephan Bosch : > > > Op 8-9-2015 om 17:15 schreef Michele Locati: > > I'm using Dovecot 2.2.9 and I'm having problems configuring multiple >> vacation actions. >> The problem is that I'd like to have two different senders and two >> different messages, selecting the correct case by the recipient email >> address. >> I mean, if someone writes me to my email address "to-address1 at example.com >> " >> I'd like to answer from "from-address1 at example.com" with the message >> "TEST >> 1". >> If someone writes me to my email address "to-address2 at example.com" I'd >> like >> to answer from "from-address2 at example.com" with the message "TEST 2". >> >> Here's my script: >> >> require ["fileinto","vacation"]; >> >> vacation :addresses ["to-address1 at example.com"] :from " >> from-address1 at example.com" text: >> TEST 1 >> . >> ; >> } >> >> vacation :addresses ["to-address2 at example.com"] :from " >> from-address2 at example.com" text: >> TEST 2 >> . >> ; >> >> >> But the vacation filter doesn't work, and I see this message in the log >> file: >> >> main script: line X: error: duplicate vacation action not allowed >> (previously triggered one was here: main script: line Y). >> >> Is there a way to allow multiple vacation actions? >> > > The script you posted will not even compile. There is a stray '}'. > > Anyway, you need to selectively trigger vacation responses. Your script > tries to send both at all times, which is not allowed by the Sieve > specification. > > You could do something like this: > > require ["fileinto","vacation", "envelope"]; > > if envelope "to" "to-address1 at example.com" { > vacation :addresses ["to-address1 at example.com"] :from " > from-address1 at example.com" text: > TEST 1 > . > ; > } elsif envelope "to" "to-address2 at example.com" { > vacation :addresses ["to-address2 at example.com"] :from " > from-address2 at example.com" text: > TEST 2 > . > ; > } > > Read these for more information: > > https://tools.ietf.org/html/rfc5228 > https://tools.ietf.org/html/rfc5230 > > > Regards, > > Stephan. > > Thank you Stephan Sorry for the typo: I (badly) extracted part of my script, that is generated by the managesieve plugin of Roundcube. As for the RCF, vacation responses gets triggered only if the :address contains the recipient of the message. Since the two vacation rules contain different recipient address they wouldn't be triggered at the same time. Manually editing that script would break the possibility to edit it via the Roundcube plugin, and I can't absolutely teach every user of my company how to connect via ssh and edit that script. So, it's a big pity that is not possible to have two (or more) concurrent vacation scripts: I'll have to manage every user by hand. Thank you anyway for your explanation -- Michele From tss at iki.fi Tue Sep 8 16:27:35 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 08 Sep 2015 19:27:35 +0300 Subject: Dovecot and IPA In-Reply-To: <1441725240.3968.13.camel@thesandhufamily.ca> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441659492.25427.1.camel@thesandhufamily.ca> <1441682196.3968.4.camel@thesandhufamily.ca> <3EAD0D1C-88F9-4216-900C-2F0B09427015@iki.fi> <1441725240.3968.13.camel@thesandhufamily.ca> Message-ID: <55EF0C77.5090401@iki.fi> On 09/08/2015 06:14 PM, Kanwar Ranbir Sandhu wrote: > On Tue, 2015-09-08 at 13:11 +0300, Timo Sirainen wrote: >> I guess it's now crashing with this: >> >> auth: Panic: file auth-request.c: line 733 >> (auth_request_is_disabled_master_user): assertion failed: (request >> ->requested_login_user != NULL) >> >> That's a bug in the Dovecot version you're using. Upgrade. > > That's just awesome. I saw that in the debug log before I posted to the > list, but I was hoping it was being triggered by a bad configuration on > my part. :/ > > Ima screwed until an update is release by the CentOS team and they'll > be waiting until Red Hat does something about it. > > :: cries :: > > Thanks to everyone for the help! At least now I know it's not my fault. You can probably work around that by configuring something like: passdb { driver = passwd-file args = /etc/dovecot/passwd.master master = yes } The passwd.master file itself can be empty. From m3freak at thesandhufamily.ca Tue Sep 8 16:51:25 2015 From: m3freak at thesandhufamily.ca (Kanwar Ranbir Sandhu) Date: Tue, 08 Sep 2015 12:51:25 -0400 Subject: Dovecot and IPA In-Reply-To: <55EF0C77.5090401@iki.fi> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441659492.25427.1.camel@thesandhufamily.ca> <1441682196.3968.4.camel@thesandhufamily.ca> <3EAD0D1C-88F9-4216-900C-2F0B09427015@iki.fi> <1441725240.3968.13.camel@thesandhufamily.ca> <55EF0C77.5090401@iki.fi> Message-ID: <1441731085.3968.17.camel@thesandhufamily.ca> On Tue, 2015-09-08 at 19:27 +0300, Timo Sirainen wrote: > You can probably work around that by configuring something like: > > passdb { > driver = passwd-file > args = /etc/dovecot/passwd.master > master = yes > } > > The passwd.master file itself can be empty. Where do I add this config: in auth-static.conf.ext? I take it a master user isn't absolutely required, but to workaround this bug, one must be configured? Ranbir -- Kanwar R.S. Sandhu From me at junc.eu Tue Sep 8 18:32:33 2015 From: me at junc.eu (Benny Pedersen) Date: Tue, 08 Sep 2015 20:32:33 +0200 Subject: Dovecot and IPA In-Reply-To: <1441725240.3968.13.camel@thesandhufamily.ca> References: <6a9959fe5cb90259ff2b46f3b130be4a@thesandhufamily.ca> <1441659492.25427.1.camel@thesandhufamily.ca> <1441682196.3968.4.camel@thesandhufamily.ca> <3EAD0D1C-88F9-4216-900C-2F0B09427015@iki.fi> <1441725240.3968.13.camel@thesandhufamily.ca> Message-ID: Kanwar Ranbir Sandhu skrev den 2015-09-08 17:14: > Thanks to everyone for the help! At least now I know it's not my fault. only fault if any you maked was to choice a precompiled problem, but try to make a bugreport at redhat on it, possible also on other distros that is precompiled, if you find another os that solves it faster, you have found a possible os to install :=) From cumc-4361-2 at chguadalquivir.es Tue Sep 8 15:19:53 2015 From: cumc-4361-2 at chguadalquivir.es (Fran) Date: Tue, 8 Sep 2015 17:19:53 +0200 Subject: My dovecot works fine against Active Directory 2003, but not against AD2008 In-Reply-To: <55EEA3B5.1060208@chguadalquivir.es> References: <55EEA3B5.1060208@chguadalquivir.es> Message-ID: <55EEFC99.10006@chguadalquivir.es> I've logged a session using the option debug_level = -1. The log is attached. I still don't understand what is happening and why all my domain controllers are being used even when I just use one of them in "host" parameter in my /etc/dovecot/dovecot-ldap.conf.ext. Thanks in advance, Regards El 08/09/2015 a las 11:00, Fran escribi?: > Hello, > > my dovecot installation has been working fine against AD till we upgrade > from AD 2003 to AD 2008. As http://wiki2.dovecot.org/AuthDatabase/LDAP > said, now I'm not able to connect AD through 389 port. The port 3268 > works fine though. > > (...) > Sep 7 19:02:05 dovecot: imap-login: Error: > master(imap): Auth request timed out (received 0/12 bytes) > Sep 7 19:02:05 dovecot: imap-login: Internal login > failure (pid=4846 id=1) (internal failure, 1 successful auths): > user=<>, method=PLAIN, rip=, > lip=, TLS, session= > (...) > Sep 7 19:02:06 dovecot: auth: Error: > ldap(,,): Connection appears > to be hanging, reconnecting > Sep 7 19:02:06 dovecot: auth: Error: > ldap(,,): LDAP search returned > multiple entries > (...) > > Is there a technical reason for this problem? Does it exist any workaround? > > The use of Global Catalog (port 3268) is not a solution for me, since it > misses many attributes. (ex. I use the field "initials" to set the quota > and this field is not available through port 3268). > > I also noticed that, now, it uses any DC available in the domain, it > doesn't care what I configured in "hosts = " parameter. > > This is using "hosts = dc03.domain:389": > ----------------------------------------------- > > [root@ ~]# netstat -anp | grep dovecot | grep auth > tcp 22 0 :55217 > :389 ESTABLISHED 4872/dovecot/auth > tcp 22 0 :57645 > :389 ESTABLISHED 4872/dovecot/auth > tcp 0 0 :55216 > :389 ESTABLISHED 4872/dovecot/auth > > It looks like it does a look up for other domains controller (I don't > know how nor why) and it connect aleatory to any DC in my domain (in > this case dc06.domain, but it changes any time), additionally to the > configured one (dc03.domain). > > This is using "hosts = dc03.domain:3268": > ------------------------------------------------ > [root@ ~]# netstat -anp | grep dovecot | grep auth > tcp 0 0 :58485 > :3268 ESTABLISHED 4982/dovecot/auth > > In this case, only the configured server in host parameter is used (I > think this is the right behaviour) > > > Aditional info: > --------------- > CentOS Linux release 7.0.1406 (Core) > > dovecot 2.2.10 > > Build options: ioloop=epoll notify=inotify ipv6 openssl io_block_size=8192 > Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail > SQL driver plugins: mysql postgresql sqlite > Passdb: checkpassword ldap pam passwd passwd-file shadow sql > Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql > > > My /etc/dovecot/dovecot-ldap.conf.ext > -------------------------------------- > #hosts = dc03.domain:3268 > hosts = dc03.domain:389 > #uris = ldap://dc03.domain > base = DC=domain > #tls = yes > tls = no > ldap_version = 3 > auth_bind = yes > auth_bind_userdn = %u at domain > #auth_bind_userdn = DOMAIN\%u > dn = cn=,cn=Users,dc=domain > dnpass = > > #scope = subtree > #deref = never > > user_filter = > (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) > pass_filter = > (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) > pass_attrs = userPassword=password > user_attrs = Initials=quota_rule=*:storage=%$MB > --------------- > > > -------------------------- > Log trace using PORT 389: > -------------------------- > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x10, ret=1: before/accept initialization [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: before/accept initialization [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client hello A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server hello A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write certificate A [] > Sep 7 19:00:35 dovecot: auth: Debug: Loading modules > from directory: /usr/lib64/dovecot/auth > Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so > Sep 7 19:00:35 dovecot: auth: Debug: Loading modules > from directory: /usr/lib64/dovecot/auth > Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libauthdb_ldap.so > Sep 7 19:00:35 dovecot: auth: Debug: Read auth token > secret from /var/run/dovecot/auth-token-secret.dat > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write key exchange A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server done A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:00:35 dovecot: auth: Debug: auth client > connected (pid=4846) > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client key exchange A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read finished A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write session ticket A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write change cipher spec A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write finished A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x20, ret=1: SSL negotiation finished successfully [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=1: SSL negotiation finished successfully [] > Sep 7 19:00:35 dovecot: auth: Debug: client in: AUTH > 1 PLAIN service=imap secured session=T+grMCsfqgAKHyZV > lip= rip= lport=993 rport=59818 > Sep 7 19:00:35 dovecot: auth: Debug: client passdb out: > CONT 1 > Sep 7 19:00:35 dovecot: auth: Debug: client in: CONT > 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous > base64 data may contain sensitive data) > Sep 7 19:00:35 dovecot: auth: Debug: client passdb out: > OK 1 user= > Sep 7 19:00:35 dovecot: auth: Debug: master in: > REQUEST 4142792705 4846 1 > cb2115241ccfd81959c15122ec062a8b session_pid=4849 > request_auth_token > Sep 7 19:00:35 dovecot: auth: Debug: > ldap(,,): user search: > base=DC=domain scope=subtree > filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) > fields=Initials > > Sep 7 19:02:05 dovecot: imap-login: Error: > master(imap): Auth request timed out (received 0/12 bytes) > Sep 7 19:02:05 dovecot: imap-login: Internal login > failure (pid=4846 id=1) (internal failure, 1 successful auths): > user=<>, method=PLAIN, rip=, > lip=, TLS, session= > Sep 7 19:02:05 dovecot: auth: Debug: client in: > CANCEL 1 > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL alert: > close notify [] > Sep 7 19:02:05 dovecot: imap: Error: Login client > disconnected too early > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:02:05 dovecot: auth: Debug: auth client > connected (pid=4868) > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x10, ret=1: before/accept initialization [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: before/accept initialization [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client hello A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server hello A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write certificate A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write key exchange A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server done A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client key exchange A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read finished A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write session ticket A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write change cipher spec A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write finished A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x20, ret=1: SSL negotiation finished successfully [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=1: SSL negotiation finished successfully [] > Sep 7 19:02:06 dovecot: auth: Debug: client in: AUTH > 1 PLAIN service=imap secured session=ZjyONSsf6QAKHyZV > lip= rip= lport=993 rport=59881 > Sep 7 19:02:06 dovecot: auth: Debug: client passdb out: > CONT 1 > Sep 7 19:02:06 dovecot: auth: Debug: client in: CONT > 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous > base64 data may contain sensitive data) > Sep 7 19:02:06 dovecot: auth: Error: > ldap(,,): Connection appears > to be hanging, reconnecting > Sep 7 19:02:06 dovecot: auth: Error: > ldap(,,): LDAP search returned > multiple entries > > Sep 7 19:03:10 dovecot: imap: Error: Auth server > request timed out after 155 secs (client-pid=4846 client-id=1) > > Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: > close notify [] > Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: > close notify [] > > Sep 7 19:04:36 dovecot: auth: Error: > PLAIN(,,): Request 4868.1 > timed out after 150 secs, state=1 > > Sep 7 19:05:05 dovecot: imap-login: Disconnected: > Inactivity during authentication (disconnected while authenticating, > waited 179 secs): user=<>, method=PLAIN, rip=, > lip=, TLS, session= > Sep 7 19:05:05 dovecot: auth: Debug: client in: CANCEL > > Sep 7 19:06:06 dovecot: auth: > ldap(,,): Shutting down > Sep 7 19:06:06 dovecot: auth: Debug: master userdb out: > FAIL 4142792705 > Sep 7 19:06:06 dovecot: auth: > ldap(,,): Shutting down > Sep 7 19:06:06 dovecot: auth: Debug: client passdb out: > FAIL 1 user= temp > > > > > -------------------------- > Log trace using PORT 3268: > -------------------------- > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x10, ret=1: before/accept initialization [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: before/accept initialization [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client hello A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server hello A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write certificate A [] > Sep 7 19:33:07 dovecot: auth: Debug: Loading modules > from directory: /usr/lib64/dovecot/auth > Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so > Sep 7 19:33:07 dovecot: auth: Debug: Loading modules > from directory: /usr/lib64/dovecot/auth > Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libauthdb_ldap.so > Sep 7 19:33:07 dovecot: auth: Debug: Read auth token > secret from /var/run/dovecot/auth-token-secret.dat > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write key exchange A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server done A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:33:07 dovecot: auth: Debug: auth client > connected (pid=4971) > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client key exchange A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read finished A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write session ticket A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write change cipher spec A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write finished A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x20, ret=1: SSL negotiation finished successfully [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=1: SSL negotiation finished successfully [] > Sep 7 19:33:08 dovecot: auth: Debug: client in: AUTH > 1 PLAIN service=imap secured session=FAKKpCsf0AAKHyZV > lip= rip= lport=993 rport=61648 > Sep 7 19:33:08 dovecot: auth: Debug: client passdb out: > CONT 1 > Sep 7 19:33:08 dovecot: auth: Debug: client in: CONT > 1 AEN1bWMtNDM2MS0yAGZvcnRpbmV0LjIwMTQ= (previous base64 data may > contain sensitive data) > Sep 7 19:33:08 dovecot: auth: Debug: client passdb out: > OK 1 user= > Sep 7 19:33:08 dovecot: auth: Debug: master in: > REQUEST 3261071361 4971 1 > 4755688f0bdd33a0fadcc5d3b8664e61 session_pid=4974 > request_auth_token > Sep 7 19:33:08 dovecot: auth: Debug: > ldap(,,): user search: > base=DC=domain scope=subtree > filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) > fields=Initials > > [Here start the difference between 389 and 3268 ports] > > Sep 7 19:33:08 dovecot: auth: Debug: > ldap(,,): no fields returned > by the server > > [Next line you can see missing attributes, due to I'm using port 3268] > > Sep 7 19:33:08 dovecot: auth: Debug: > ldap(,,): result: Initials > missing > Sep 7 19:33:08 dovecot: auth: Debug: master userdb out: > USER 3261071361 uid=1000 gid=1000 > home=/home/mailstorage// > auth_token=9191cdf475600f0a47e185bb65817c0e0f495894 > Sep 7 19:33:08 dovecot: imap-login: Login: > user=<>, method=PLAIN, rip=, > lip=, mpid=4974, TLS, session= > Sep 7 19:33:08 dovecot: imap: Debug: Loading modules > from directory: /usr/lib64/dovecot > Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: > /usr/lib64/dovecot/lib10_quota_plugin.so > Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: > /usr/lib64/dovecot/lib11_imap_quota_plugin.so > Sep 7 19:33:08 dovecot: imap(): Debug: > Effective uid=1000, gid=1000, home=/home/mailstorage// > Sep 7 19:33:08 dovecot: imap(): Debug: Quota > root: name=CuotaUsuario backend=maildir args= > Sep 7 19:33:08 dovecot: imap(): Debug: Quota > rule: root=CuotaUsuario mailbox=* bytes=2097152 messages=0 > Sep 7 19:33:08 dovecot: imap(): Debug: Quota > grace: root=CuotaUsuario bytes=209715 (10%) > Sep 7 19:33:08 dovecot: imap(): Debug: > Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, > list=yes, subscriptions=yes location=maildir:~/Maildir > Sep 7 19:33:08 dovecot: imap(): Debug: > maildir++: root=/home/mailstorage///Maildir, index=, > indexpvt=, control=, > inbox=/home/mailstorage///Maildir, alt= > -------------- next part -------------- Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Sep 8 12:43:19 dovecotServer dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Sep 8 12:43:19 dovecotServer dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Sep 8 12:43:19 dovecotServer dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_bind Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_simple_bind Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_sasl_bind Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_send_initial_request Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_new_connection 1 1 0 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_int_open_connection Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_connect_to_host: TCP dc03server.dom:389 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_new_socket: 18 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_prepare_socket: 18 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_connect_to_host: Trying :389 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_pvt_connect: fd: 18 tm: -1 async: 0 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: attempting to connect: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: connect success Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_open_defconn: successful Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_send_server_request Sep 8 12:43:19 dovecotServer dovecot: auth: Debug: auth client connected (pid=9100) Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid -1 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid -1 (timeout 0 usec) Sep 8 12:43:19 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:19 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:19 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:19 2015 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: * msgid 1, origid 1, status InProgress Sep 8 12:43:19 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 1 (abandoned 0) Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 0 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:19 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 1 message type bind Sep 8 12:43:19 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 0 new referrals Sep 8 12:43:19 dovecotServer dovecot: auth: Error: read1msg: mark request completed, ld 0x7f8453ac1c10 msgid 1 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: request done: ld 0x7f8453ac1c10 msgid 1 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: res_errno: 0, res_error: <>, res_matched: <> Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_free_request (origid 1, msgid 1) Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_parse_result Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_msgfree Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid -1 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid -1 (timeout 0 usec) Sep 8 12:43:19 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:19 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:19 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:19 2015 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 0 (abandoned 0) Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:19 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 0 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:19 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [192.168.1.80] Sep 8 12:43:19 dovecotServer dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [192.168.1.80] Sep 8 12:43:20 dovecotServer dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=SdnRCDof8gAKHyZV lip= rip=192.168.1.80 lport=993 rport=4594 Sep 8 12:43:20 dovecotServer dovecot: auth: Debug: client passdb out: CONT 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Debug: client in: CONT 1 AEN1bWMtNDM2MS0yAGZvcnRpbmV0LjIwMTQ= (previous base64 data may contain sensitive data) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_simple_bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_sasl_bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_initial_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_server_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid -1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid -1 (timeout 0 usec) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 2, origid 2, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 1 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 2 message type bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 0 new referrals Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: mark request completed, ld 0x7f8453ac1c10 msgid 2 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: request done: ld 0x7f8453ac1c10 msgid 2 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: res_errno: 0, res_error: <>, res_matched: <> Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_free_request (origid 2, msgid 2) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_parse_result Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_parse_result Sep 8 12:43:20 dovecotServer dovecot: auth: Debug: client passdb out: OK 1 user=user-2 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_msgfree Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid -1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid -1 (timeout 0 usec) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 0 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:20 dovecotServer dovecot: auth: Debug: master in: REQUEST 1247150081 9100 1 dcb51b5e41d9bcd1e08d6d04490172a3 session_pid=9103 request_auth_token Sep 8 12:43:20 dovecotServer dovecot: auth: Debug: ldap(user-2,192.168.1.80,): user search: base=DC=dom scope=subtree filter=(&(userPrincipalName=user-2 at dom)(objectClass=person)(|(mail=user-2 at domain.dom)(othermailbox=user-2 at domain.dom))) fields=Initials Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_simple_bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_sasl_bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_initial_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_server_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid -1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid -1 (timeout 0 usec) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 3, origid 3, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 1 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 3 message type bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 0 new referrals Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: mark request completed, ld 0x7f8453ac1c10 msgid 3 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: request done: ld 0x7f8453ac1c10 msgid 3 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: res_errno: 0, res_error: <>, res_matched: <> Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_free_request (origid 3, msgid 3) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_parse_result Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_search Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: "(&(userPrincipalName=user-2 at dom)(objectClass=person)(|(mail=user-2 at domain.dom)(othermailbox=user-2 at domain.dom)))" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: AND Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter_list "(userPrincipalName=user-2 at dom)(objectClass=person)(|(mail=user-2 at domain.dom)(othermailbox=user-2 at domain.dom))" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: "(userPrincipalName=user-2 at dom)" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: simple Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_simple_filter: "userPrincipalName=user-2 at dom" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: "(objectClass=person)" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: simple Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_simple_filter: "objectClass=person" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: "(|(mail=user-2 at domain.dom)(othermailbox=user-2 at domain.dom))" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: OR Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter_list "(mail=user-2 at domain.dom)(othermailbox=user-2 at domain.dom)" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: "(mail=user-2 at domain.dom)" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: simple Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_simple_filter: "mail=user-2 at domain.dom" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: "(othermailbox=user-2 at domain.dom)" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_filter: simple Sep 8 12:43:20 dovecotServer dovecot: auth: Error: put_simple_filter: "othermailbox=user-2 at domain.dom" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_build_search_req ATTRS: Initials Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_initial_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_server_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_msgfree Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid -1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid -1 (timeout 0 usec) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 4, origid 4, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 1 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid -1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid -1 (timeout 0 usec) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 4, origid 4, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 1 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 4 message type search-entry Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid -1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid -1 (timeout 0 usec) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 4, origid 4, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 1 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid -1 all 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 4 message type search-reference Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chase_v3referrals Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_url_parse_ext(ldap://ForestDnsZones.dom/DC=ForestDnsZones,DC=dom) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: re_encode_request: new msgid 5, new dn Sep 8 12:43:20 dovecotServer dovecot: auth: Error: re_encode_request new request is: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ber_dump: buf=0x7f8453ad2ea0 ptr=0x7f8453ad2f76 end=0x7f8453ad3e7c len=214 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0000: 61 6c 73 61 6c 73 00 00 00 00 00 00 00 00 00 00 alsals.......... Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00d0: 00 00 00 00 00 00 ...... Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chase_v3referral: msgid 4, url "ldap://ForestDnsZones.dom/DC=ForestDnsZones,DC=dom" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_server_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_new_connection 0 1 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_open_connection Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_connect_to_host: TCP ForestDnsZones.dom:389 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_new_socket: 21 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_prepare_socket: 21 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_connect_to_host: Trying :389 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_pvt_connect: fd: 21 tm: -1 async: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: attempting to connect: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: connect success Sep 8 12:43:20 dovecotServer dovecot: auth: Error: anonymous rebind via ldap_sasl_bind("") Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_sasl_bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_initial_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_server_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid 6 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid 6 (timeout 100000 usec) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid 6 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: ForestDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 3 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 6, origid 6, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 4, origid 4, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 1, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 2 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid 6 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 6 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 4 message type search-reference Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chase_v3referrals Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_url_parse_ext(ldap://DomainDnsZones.dom/DC=DomainDnsZones,DC=dom) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: re_encode_request: new msgid 7, new dn Sep 8 12:43:20 dovecotServer dovecot: auth: Error: re_encode_request new request is: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ber_dump: buf=0x7f8453ad53c0 ptr=0x7f8453ad5496 end=0x7f8453ad639c len=214 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0000: 61 6c 73 61 6c 73 00 00 00 00 00 00 00 00 00 00 alsals.......... Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00d0: 00 00 00 00 00 00 ...... Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chase_v3referral: msgid 4, url "ldap://DomainDnsZones.dom/DC=DomainDnsZones,DC=dom" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_server_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_new_connection 0 1 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_open_connection Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_connect_to_host: TCP DomainDnsZones.dom:389 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_new_socket: 22 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_prepare_socket: 22 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_connect_to_host: Trying :389 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_pvt_connect: fd: 22 tm: -1 async: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: attempting to connect: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: connect success Sep 8 12:43:20 dovecotServer dovecot: auth: Error: anonymous rebind via ldap_sasl_bind("") Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_sasl_bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_initial_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_server_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid 8 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid 8 (timeout 100000 usec) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid 8 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: DomainDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: ForestDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 4 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 8, origid 8, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 6, origid 6, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 4, origid 4, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 2, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 3 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid 8 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 8 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 6 message type bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 0 new referrals Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: mark request completed, ld 0x7f8453ac1c10 msgid 6 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: request done: ld 0x7f8453ac1c10 msgid 6 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: res_errno: 0, res_error: <>, res_matched: <> Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_free_request (origid 6, msgid 6) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 8 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 4 message type search-reference Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chase_v3referrals Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_url_parse_ext(ldap://dom/CN=Configuration,DC=dom) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: re_encode_request: new msgid 9, new dn Sep 8 12:43:20 dovecotServer dovecot: auth: Error: re_encode_request new request is: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ber_dump: buf=0x7f8453ad7840 ptr=0x7f8453ad7915 end=0x7f8453ad881c len=213 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0000: 61 6c 73 61 6c 73 00 00 00 00 00 00 00 00 00 00 alsals.......... Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 0090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Sep 8 12:43:20 dovecotServer dovecot: auth: Error: 00d0: 00 00 00 00 00 ..... Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chase_v3referral: msgid 4, url "ldap://dom/CN=Configuration,DC=dom" Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_server_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_new_connection 0 1 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_open_connection Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_connect_to_host: TCP dom:389 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_new_socket: 23 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_prepare_socket: 23 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_connect_to_host: Trying :389 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_pvt_connect: fd: 23 tm: -1 async: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: attempting to connect: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: connect success Sep 8 12:43:20 dovecotServer dovecot: auth: Error: anonymous rebind via ldap_sasl_bind("") Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_sasl_bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_initial_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_send_server_request Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_result ld 0x7f8453ac1c10 msgid 10 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 msgid 10 (timeout 100000 usec) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid 10 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: DomainDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: ForestDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 5 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 10, origid 10, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 8, origid 8, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 4, origid 4, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 3, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 3 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 6, type 97 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid 10 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 10 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 8 message type bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 0 new referrals Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: mark request completed, ld 0x7f8453ac1c10 msgid 8 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: request done: ld 0x7f8453ac1c10 msgid 8 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: res_errno: 0, res_error: <>, res_matched: <> Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_free_request (origid 8, msgid 8) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 10 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 4 message type search-result Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 0 new referrals Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: mark request completed, ld 0x7f8453ac1c10 msgid 4 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 0 s 99737 us to go Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid 10 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: DomainDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: ForestDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 4 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 10, origid 10, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 4, origid 4, status RequestCompleted Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 3, parent count 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 2 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 8, type 97 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 6, type 97 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 2 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid 10 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 NULL Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_int_select Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 10 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 msgid 10 message type bind Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: ld 0x7f8453ac1c10 0 new referrals Sep 8 12:43:20 dovecotServer dovecot: auth: Error: read1msg: mark request completed, ld 0x7f8453ac1c10 msgid 10 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: request done: ld 0x7f8453ac1c10 msgid 10 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: res_errno: 0, res_error: <>, res_matched: <> Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_free_request (origid 10, msgid 10) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_parse_result Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_msgfree Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 0 s 95007 us to go Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid 8 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: DomainDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: ForestDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 3 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 9, origid 4, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 4, origid 4, status RequestCompleted Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 3, parent count 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 request count 2 (abandoned 0) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Response Queue: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 4, type 115 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 8, type 97 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 6, type 97 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ld 0x7f8453ac1c10 response count 3 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList ld 0x7f8453ac1c10 msgid 8 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_chkResponseList returns ld 0x7f8453ac1c10 msgid 8, type 0x61 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_parse_result Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ldap_msgfree Sep 8 12:43:20 dovecotServer dovecot: auth: Error: adding response ld 0x7f8453ac1c10 msgid 4 type 115: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg ld 0x7f8453ac1c10 0 s 91828 us to go Sep 8 12:43:20 dovecotServer dovecot: auth: Error: wait4msg continue ld 0x7f8453ac1c10 msgid 6 all 1 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Connections: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: DomainDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: ForestDnsZones.dom port: 0 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 1 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: rebind in progress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: queue is empty Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * host: dc03server.dom port: 389 (default) Sep 8 12:43:20 dovecotServer dovecot: auth: Error: refcnt: 2 status: Connected Sep 8 12:43:20 dovecotServer dovecot: auth: Error: last used: Tue Sep 8 12:43:20 2015 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: ** ld 0x7f8453ac1c10 Outstanding Requests: Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 7, origid 4, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 2 Sep 8 12:43:20 dovecotServer dovecot: auth: Error: * msgid 9, origid 4, status InProgress Sep 8 12:43:20 dovecotServer dovecot: auth: Error: outstanding referrals 0, parent count 1 From mfoley at ohprs.org Tue Sep 8 23:11:09 2015 From: mfoley at ohprs.org (Mark Foley) Date: Tue, 08 Sep 2015 19:11:09 -0400 Subject: How to "Windows Authenticate" In-Reply-To: <201509080128.t881SNUF010141@mail.hprs.local> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> Message-ID: <201509082311.t88NB963021145@mail.hprs.local> More experimentation ... I tried removing userdb and passdb from the dovecot NTLM config. That didn't work. I then tried adding a static userdb as follows: userdb { driver = static # allow_all_users = yes args = gid=100 home=/home/HPRS/%n } (Interestingly, when I uncommented "allow_all_users" I got an "unsupported setting" [or something like that], even though that was in there from the beginning and is shown in the example wiki http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm) Anyway, in both tests my error messages were the same: Sep 08 18:38:16 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 08 18:38:16 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 08 18:38:16 auth: Debug: auth client connected (pid=8758) Sep 08 18:38:16 auth: Debug: client in: AUTH 1 NTLM service=imap session=vPWqBUQfeADAqAA6 lip=192.168.0.2 rip=192.168.0.58 lport=143 rport=56184 Sep 08 18:38:16 auth: Debug: client passdb out: CONT 1 Sep 08 18:38:16 auth: Info: ntlm(?,192.168.0.58,): user not authenticated: NT_STATUS_LOGON_FAILURE Sep 08 18:38:18 auth: Debug: client passdb out: FAIL 1 Notice that my userid (mark or mark at ohprs) is nowhere to be found. Whereas when I specified the userdb passwd at least it had a user id in the error log. From my previous test with userdb passwd amd passdb shadow: Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ??user=mark at hprs? original_user=mark at HPRS Sep 05 16:45:19 auth-worker(5498): Debug: shadow(mark at hprs,192.168.0.58): lookup Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): unknown user Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ?998899713 The "Info: ntml" log entry has ntlm(?,192.168.0.58,), whereas the previous test "Info shadow" log entry has Info: shadow(mark at hprs,192.168.0.58). Of course I have no passdb specified which is right for NTML ... or is it? I feel like this should be obvious to someone familiar with Dovecot. Once again, it's difficult for me to believe no on on planet Earth (who also happens to subscribe to this list) had ever done Dovecot/ntlm from Outlook before. Help!!! If I can't get this last bit sorted out I'll be forced back to Server 2012 and Exchange. Thanks, --Mark -----Original Message----- From: Mark Foley Date: Mon, 07 Sep 2015 21:28:23 -0400 Organization: Ohio Highway Patrol Retirement System To: dovecot at dovecot.org Subject: Re: How to "Windows Authenticate" Comments interspersed with yours ... --Mark -----Original Message----- > Date: Sun, 06 Sep 2015 20:00:11 -0500 > From: Rick Romero > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Hmm. I would expect to see 'mark at hprs.com'. Whatever your full domain > name is. Full user at domain would be mark at hprs.local > It also won't look up /etc/shadow - Samba is doing the AD->Unix UID > mapping. Your AD users shouldn't be in there when all is said and done. I was thinking this too. I don't know why NTLM would need a userdb at all. It should just use something like ntlm_auth (which is configured in auth_winbind_helper). What if I simply removed the userdb? What would you recommend for userdb, passdb? > Well, at when I did a Samba4 install as a DC it still behaved like a Samba3 > member, and there were no AD users in the local unix passwd files. > > What does wbinfo -u provide? It should list all your users - especially > because it's an DC. Whatever wbinfo -u shows, you may need to adjust > another config file to match waht Dovecot is receiving. $ wbinfo -u Administrator Guest krbtgt dns-mail mark sogo **arr **ress **mith **nee **ris **atterson **armaine **tkeson **mmitoh These are all the AD users (most obfuscated for a bit of security). I am testing with user mark. > > I assume /etc/nsswitch.conf has been modified to use Samba? > Unless the Samba provision did something to nnswitch, I've done nothing; nor have I seen anything in the Samba or dovecot wikis suggesting changes. Remember also that the Samba4 AD/DC works perfectly with redirected folders and users logging on to any Windows workstations, and works perfectly with things wanting "Windows Authentication" like SQLserver, so the "Windows Authentication" does work at some level. My /etc/nsswitch.conf is: passwd: compat group: compat hosts: files dns networks: files services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files bootparams: files automount: files aliases: files > Sorry I haven't done this, but it doesn't seem like anyone else has either > - so I'm just shooting in the dark here trying to get you steered in the > right direction... > > Rick Yeah, I can't seem to find a soul on the planet who has actually done this. If I get it figured out I'll post with a suggestion to Timo to wiki-ize it. I'm a bit puzzled that no one appears to have done this. I would think that a Samba4 AD/DC in a office environment with lots of Windows workstations running Outlook would be about the most common environment there is; especially now that Small Business Server is no longer sold and Server Essentials does not support Exchange. What are all the SBS/Exchange/Outlook small businesses doing? Limping along with SBS2008/11, or putting their email in Outlook.com? Seems like the Samba4/dovecot/Outlook combo would be an ideal migration. I appreciate your help. > > Quoting Mark Foley : > > > More info ... > > > > My dovecot error log shows: > > > > Sep 05 16:45:19 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? > > service=imap > > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ? > > ?user=mark at hprs? original_user=mark at HPRS > > Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713? ? ? > ?10219? > > ?1? ? ? ?f56352c207cb8f6dea4d264b2c0f8dc1? ? ? > ?session_pid=10220? ? ? > > ?request_auth_token > > Sep 05 16:45:19 auth-worker(5498): Debug: > > shadow(mark at hprs,192.168.0.58): lookup > > Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > > unknown user > > Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ? > 998899713 > > > > whereas the successful 'plain login' config'ed mechanism (before adding > > NTLM > > config) have: > > > > Sep 06 20:27:38 auth-worker(18616): Debug: shadow(mark,104.6.249.210): > > lookup > > > > The failed ntlm look-up is looking up user mark at hprs in shadow, which it > > doesn't > > find. Is there a way to strip the "@hprs" bit from the user so it can > > find the > > correct entry in /etc/shadow? That might fix the problem. > > > > --Mark > > > > -----Original Message----- > > From: Mark Foley > > Date: Sat, 05 Sep 2015 17:12:50 -0400 > > To: dovecot at dovecot.org > > Subject: Re: How to "Windows Authenticate" > > > > Rick et al, > > > > The link you gave was a start, but is targeted for Samba3 and is > > assuming a > > probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, > > and > > includes setting up kerberos. > > > > I'm using a Samba4 AD/DC with integrated kerberos (so I don't think > > there is any > > setup I can do there).? Nevertheless I've followed the instructions > > otherwise; > > specifically adding to 10-auto.conf the following recommended lines: > > > > auth_use_winbind = yes > > auth_winbind_helper_path = /usr/bin/ntlm_auth > > mechanisms = plain ntlm login > > > > (Before, my 'mechanisms' were only plain and login). /usr/bin/ntlm_auth > > has > > global r/w privilege. > > > > I did not specify the static userdb since these users are configued in > > /etc/passwd and I thought that would work; example given in link (could > > that be > > an issue?): > > > > userdb static { > > ? args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln > > ? mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln > > ? allow_all_users=yes > > } > > > > This didn't work. Also, existing, working Outlook connections using > > 'logon' > > (i.e. the userID and PW are configured in Outlook) stopped working. > > > > I changed a test Outlook client to check the 'Request login using Secure > > Password Authentication (SPA)' and also checked: More Settings > > > Outgoing Server > >> My outgoing server (SMTP) requires authentication' and 'Use same > >> settings as > > > > my incoming mail server'.? Note that on the "Change Account" dialog > > (where the > > SPA checkbox is) the 'User Name' and 'Password' retained their values > > and were > > not grayed out as I would have expected if using AD authentication. > > > > After doing the above and clicking 'Test Account Settings' I was > > re-promted to > > enter a password - also not expected. At bottom are the Dovecot log > > message I > > received after doing the 'Test Account Settings'. > > > > Surely, connecting from an Outlook client to Dovecot on a Samba4 AD/DC > > should be > > a very common implementation. Has someone done this successfully? > > > > Immediately below is my doveconf -n and below that the dovecot log > > messages. > > > >> doveconf -n > > > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain ntlm login > > auth_use_winbind = yes > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > verbose_ssl = yes > > > > dovecot log after doing 'Test Account Settings' in Outlook: > > > > Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Sep 05 16:45:19 auth: Debug: auth client connected (pid=10219) > > Sep 05 16:45:19 auth: Debug: client in: AUTH? ? ? ? 1? ? ? ? > NTLM? ? ? ? > > service=imap? ? ? ? session=HXssGAYf0ADAqAA6? ? ? ? > lip=192.168.0.2? ? ? > > ? rip=192.168.0.58? ? ? ? lport=143? ? ? ? rport=52944 > > Sep 05 16:45:19 auth: Debug: client passdb out: CONT? ? ? ? 1 > > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? ? 1? ? ? > ? > > user=mark at hprs? ? ? ? original_user=mark at HPRS > > Sep 05 16:45:19 auth: Debug: master in: REQUEST? ? ? ? 998899713? ? > ? ? > > 10219? ? ? ? 1? ? ? ? f56352c207cb8f6dea4d264b2c0f8dc1? ? ? ? > > session_pid=10220? ? ? ? request_auth_token > > Sep 05 16:45:19 auth-worker(5498): Debug: > > shadow(mark at hprs,192.168.0.58): lookup > > Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > > unknown user > > Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ? > 998899713 > > Sep 05 16:45:19 imap-login: Info: Internal login failure (pid=10219 > > id=1) (internal failure, 1 successful auths): user=, > > method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=10220, > > session= > > Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Sep 05 16:46:22 auth: Debug: Loading modules from directory: > > /usr/local/lib/dovecot/auth > > Sep 05 16:46:22 auth: Debug: Read auth token secret from > > /usr/local/var/run/dovecot/auth-token-secret.dat > > Sep 05 16:46:22 auth: Debug: auth client connected (pid=13487) > > Sep 05 16:46:22 auth: Debug: client in: AUTH? ? ? ? 1? ? ? ? > NTLM? ? ? ? > > service=imap? ? ? ? session=IlvqGwYf0wDAqAA6? ? ? ? > lip=192.168.0.2? ? ? > > ? rip=192.168.0.58? ? ? ? lport=143? ? ? ? rport=52947 > > Sep 05 16:46:22 auth: Debug: client passdb out: OK? ? ? ? 1? ? ? > ? > > user=mark at hprs? ? ? ? original_user=mark at HPRS > > Sep 05 16:46:22 auth: Debug: master in: REQUEST? ? ? ? 3030384641? > ? ? ? > > 13487? ? ? ? 1? ? ? ? bac5f6531f9d4c3316f93bd4c4a63ddd? ? ? ? > > session_pid=13491? ? ? ? request_auth_token > > Sep 05 16:46:22 auth-worker(13492): Debug: Loading modules from > > directory: /usr/local/lib/dovecot/auth > > Sep 05 16:46:22 auth-worker(13492): Debug: > > shadow(mark at hprs,192.168.0.58): lookup > > Sep 05 16:46:22 auth-worker(13492): Info: > > shadow(mark at hprs,192.168.0.58): unknown user > > Sep 05 16:46:22 auth: Debug: master userdb out: NOTFOUND? ? ? ? > 3030384641 > > Sep 05 16:46:22 imap-login: Info: Internal login failure (pid=13487 > > id=1) (internal failure, 1 successful auths): user=, > > method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=13491, > > session= > > > > Thanks --Mark > > > > -----Original Message----- > >> Date: Thu, 03 Sep 2015 06:53:19 -0500 > >> From: Rick Romero > >> To: dovecot at dovecot.org > >> Subject: Re: How to "Windows Authenticate" > >> > >> ? Hi Mark, > >> > >> I haven't done it, but I've played with the scenario enough to have an > >> idea. > >> > >> What you want to do is have Outlook auth via NTLM to Dovecot.? > >> > >> First that means having the machine be a domain member (usually via > >> Samba) > >> in order to properly process NTLM/Kerberos handshake - which it appears > >> you > >> have. > >> Second that means having Dovecot know how to accept NTLM authentication > >> (SPA) to pass to the Samba backend. > >> > >> A 'Dovecot NTLM' search led me here: > >> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > >> > >> What's not on the page that I'd expect to see, are the compile-time > >> requirements for inclucing samba/kerberos libs within Dovecot.? If it > >> doesn't 'just work' with the config changes in the wiki, you may need to > >> recompile with the right features. > >> > >> Also - check the permissions of the ntlm_auth program. That's caused > many > >> issues with Radius installs, IIRC. > >> > >> Hope that helps! > >> > >> Rick > >> > >> Quoting Mark Foley : > >> > >> This can't be that hard. I think I've enabled LDAP in Dovecot just by > >> including > >> dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > >> now have > >> the configuration shown below. Two questions: > >> > >> 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook > >> accounts still have the ID and password set in "Logon Information". > >> Checking > >> "Require logon using Secure Password Authentication (SPA)" doesn't work. > >> All I > >> can seem to find on the Internet is how to configure address books using > >> LDAP. > >> > >> 2. Should I remove "passdb { drive = shadow } from the dovecot > >> configuration? > >> > >> Anybody? > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> driver = shadow > >> } > >> passdb { > >> args = /etc/dovecot/dovecot-ldap.conf.ext > >> driver = ldap > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> driver = passwd > >> } > >> userdb { > >> args = /etc/dovecot/dovecot-ldap.conf.ext > >> driver = ldap > >> } > >> verbose_ssl = yes > >> > >> -----Original Message----- > >> From: Mark Foley > >> Date: Wed, 02 Sep 2015 13:31:35 -0400 > >> To: dovecot at dovecot.org > >> Subject: How to "Windows Authenticate" > >> > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> ? driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> ? driver = passwd > >> } > >> verbose_ssl = yes > >> > >> Thanks, Mark Foley > >> > >> From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 > >> Return-Path: > >> X-Virus-Status: Clean > >> X-Virus-Scanned: clamav-milter 0.98.6 at mail > >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > >> (2011-06-06) on > >> ? ? ? ? mail.hprs.local > >> X-Spam-Level: > >> X-Spam-Status: No, score=0.0 required=3.0 tests=none > >> autolearn=unavailable > >> ? ? ? ? version=3.3.2-_revision__1.14__ > >> X-Original-To: dovecot at dovecot.org > >> Delivered-To: dovecot at dovecot.org > >> X-Virus-Status: Clean > >> X-Virus-Scanned: clamav-milter 0.98.6 at mail > >> From: Mark Foley > >> Date: Wed, 02 Sep 2015 13:31:35 -0400 > >> Organization: Ohio Highway Patrol Retirement System > >> To: dovecot at dovecot.org > >> Subject: How to "Windows Authenticate" > >> User-Agent: Heirloom mailx 12.5 7/5/10 > >> Content-Type: text/plain; charset=us-ascii > >> X-BeenThere: dovecot at dovecot.org > >> X-Mailman-Version: 2.1.17 > >> Precedence: list > >> List-Id: Dovecot Mailing List > >> List-Unsubscribe: , > >> ? ? ? ? > >> List-Archive: > >> List-Post: > >> List-Help: > >> List-Subscribe: , > >> ? ? ? ? > >> Errors-To: dovecot-bounces at dovecot.org > >> Sender: "dovecot" > >> Status: R > >> > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> driver = passwd > >> } > >> verbose_ssl = yes > >> Thanks, Mark Foley > >> From dovecot-bounces at dovecot.org? Thu Sep? 3 07:53:44 2015 > >> Return-Path: > >> X-Virus-Status: Clean > >> X-Virus-Scanned: clamav-milter 0.98.6 at mail > >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > >> (2011-06-06) on > >> ? ? ? ? mail.hprs.local > >> X-Spam-Level: > >> X-Spam-Status: No, score=0.0 required=3.0 tests=none autolearn=ham > >> ? ? ? ? version=3.3.2-_revision__1.14__ > >> X-Original-To: dovecot at dovecot.org > >> Delivered-To: dovecot at dovecot.org > >> Date: Thu, 03 Sep 2015 06:53:19 -0500 > >> From: Rick Romero > >> To: dovecot at dovecot.org > >> Subject: Re: How to "Windows Authenticate" > >> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) > >> X-VFEmail-Originating-IP: MTA3LjEzNi4xNDQuMjMw > >> X-VFEmail-AntiSpam: Notify admin at vfemail.net of any spam, and include > >> ? ? ? ? VFEmail headers > >> Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes > >> Content-Disposition: inline > >> Content-Description: Plaintext Message > >> X-Content-Filtered-By: Mailman/MimeDel 2.1.17 > >> X-BeenThere: dovecot at dovecot.org > >> X-Mailman-Version: 2.1.17 > >> Precedence: list > >> List-Id: Dovecot Mailing List > >> List-Unsubscribe: , > >> ? ? ? ? > >> List-Archive: > >> List-Post: > >> List-Help: > >> List-Subscribe: , > >> ? ? ? ? > >> Errors-To: dovecot-bounces at dovecot.org > >> Sender: "dovecot" > >> Status: R > >> > >> ? Hi Mark, > >> > >> I haven't done it, but I've played with the scenario enough to have an > >> idea. > >> > >> What you want to do is have Outlook auth via NTLM to Dovecot.? > >> > >> First that means having the machine be a domain member (usually via > >> Samba) > >> in order to properly process NTLM/Kerberos handshake - which it appears > >> you > >> have. > >> Second that means having Dovecot know how to accept NTLM authentication > >> (SPA) to pass to the Samba backend. > >> > >> A 'Dovecot NTLM' search led me here: > >> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > >> > >> What's not on the page that I'd expect to see, are the compile-time > >> requirements for inclucing samba/kerberos libs within Dovecot.? If it > >> doesn't 'just work' with the config changes in the wiki, you may need to > >> recompile with the right features. > >> > >> Also - check the permissions of the ntlm_auth program. That's caused > many > >> issues with Radius installs, IIRC. > >> > >> Hope that helps! > >> > >> Rick > >> > >> Quoting Mark Foley : > >> > >> This can't be that hard. I think I've enabled LDAP in Dovecot just by > >> including > >> dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > >> now have > >> the configuration shown below. Two questions: > >> > >> 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook > >> accounts still have the ID and password set in "Logon Information". > >> Checking > >> "Require logon using Secure Password Authentication (SPA)" doesn't work. > >> All I > >> can seem to find on the Internet is how to configure address books using > >> LDAP. > >> > >> 2. Should I remove "passdb { drive = shadow } from the dovecot > >> configuration? > >> > >> Anybody? > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> driver = shadow > >> } > >> passdb { > >> args = /etc/dovecot/dovecot-ldap.conf.ext > >> driver = ldap > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> driver = passwd > >> } > >> userdb { > >> args = /etc/dovecot/dovecot-ldap.conf.ext > >> driver = ldap > >> } > >> verbose_ssl = yes > >> > >> -----Original Message----- > >> From: Mark Foley > >> Date: Wed, 02 Sep 2015 13:31:35 -0400 > >> To: dovecot at dovecot.org > >> Subject: How to "Windows Authenticate" > >> > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> ? driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> ? driver = passwd > >> } > >> verbose_ssl = yes > >> > >> Thanks, Mark Foley > >> > >> From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 > >> Return-Path: > >> X-Virus-Status: Clean > >> X-Virus-Scanned: clamav-milter 0.98.6 at mail > >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ > >> (2011-06-06) on > >> ? ? ? ? mail.hprs.local > >> X-Spam-Level: > >> X-Spam-Status: No, score=0.0 required=3.0 tests=none > >> autolearn=unavailable > >> ? ? ? ? version=3.3.2-_revision__1.14__ > >> X-Original-To: dovecot at dovecot.org > >> Delivered-To: dovecot at dovecot.org > >> X-Virus-Status: Clean > >> X-Virus-Scanned: clamav-milter 0.98.6 at mail > >> From: Mark Foley > >> Date: Wed, 02 Sep 2015 13:31:35 -0400 > >> Organization: Ohio Highway Patrol Retirement System > >> To: dovecot at dovecot.org > >> Subject: How to "Windows Authenticate" > >> User-Agent: Heirloom mailx 12.5 7/5/10 > >> Content-Type: text/plain; charset=us-ascii > >> X-BeenThere: dovecot at dovecot.org > >> X-Mailman-Version: 2.1.17 > >> Precedence: list > >> List-Id: Dovecot Mailing List > >> List-Unsubscribe: , > >> ? ? ? ? > >> List-Archive: > >> List-Post: > >> List-Help: > >> List-Subscribe: , > >> ? ? ? ? > >> Errors-To: dovecot-bounces at dovecot.org > >> Sender: "dovecot" > >> Status: R > >> > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> driver = passwd > >> } > >> verbose_ssl = yes > >> Thanks, Mark Foley > > > > ? > From joe.beaubien at gmail.com Tue Sep 8 23:56:46 2015 From: joe.beaubien at gmail.com (Joe Beaubien) Date: Tue, 8 Sep 2015 19:56:46 -0400 Subject: Problems setting up SIS (duplicate files with same hash) In-Reply-To: References: Message-ID: Can anyone help with SIS? On Sat, Sep 5, 2015 at 11:40 AM, Joe Beaubien wrote: > Hi everyone, > > I am currently trying to setup our next dovecot server (2.2.18) with SIS > enabled, but I have enconutered 1 problem and 1 question: > > > *1) Same attachment, different filenames* > > I have a feeling a misconfigured something (or forgot to do something) > because SIS almost works, but not quite since 3 identical attachment take > 3x the space (see end of email for my SIS config). > > For 3 the emails I sent with the same attachment, I got 3 seperate files > with the same hash name but a different string following the dash: > > -rw------- 1 info info 2.6M Sep 5 11:14 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6a22711a7b05eb5509480000045c9bf4 > -rw------- 1 info info 2.6M Sep 5 11:16 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6c22711a7b05eb5509480000045c9bf4 > -rw------- 2 info info 2.6M Sep 5 11:18 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6e22711a7b05eb5509480000045c9bf4 > drwx------ 2 info info 4.0K Sep 5 11:18 hashes > > For the record, the "hashes" subfolder has only 1 hash > (e35083e3280a21c6aaabbae8cb23d54493f514a5) which perfectly matches the > first part of the 3 filenames. > > > > *2) Saving attachments under a generic name or more flexible permissions?* > > It seems that dovecot saves the attachment with the username and group of > the user who has received the email. > > Is it possible to have dovecot save the attachments as a generic user > (like dovecot or dovenull) so that all my different users can share the > same pool of attachments? > > Alternatively, is it possible to have dovecot save the attachment under > more flexible permissions so that they can be shared between users? > > This would allow us to save alot of disk space. > > > *Here is the SIS config I am using:* > > mail_attachment_dir = /data/emails/attachments > #mail_attachment_min_size = 128k > #mail_attachment_fs = sis posix > #mail_attachment_hash = %{sha1} > > > > Any help would be very much appreciated. > > Thank you, > > Joe B > From joe.beaubien at gmail.com Wed Sep 9 03:57:10 2015 From: joe.beaubien at gmail.com (Joe Beaubien) Date: Tue, 8 Sep 2015 23:57:10 -0400 Subject: Problems setting up SIS (duplicate files with same hash) In-Reply-To: References: Message-ID: I figured out item #1, however, #2 is still problematic. How can I setup dovecot to handle multiple mailboxes with SIS? If I use "sis posix", the folders /var/attachments/[0-9a-f][0-9a-f] get created under the name of the first mailbox. Whenevver the second mailbox tries to read/write to those folders, it fails. Also, it seems that the attachments never get deduplicated, but i'll deal with that later. If I use "sis-queue", then the files get deduplicated, but I cannot fix the multiple mailbox issues. I tried adding %u to the mail_attachment_dir, whcih seems to work at first. But when I try to deduplicate the attachments with "doveadm sis deduplicate" it seems that mail_attachment_fs does not support %u and the path does not resolve properly. Any ideas? Thanks, Joe B I'm trying to run SIS with queueing enabled I tried running SIS with "sis posix", however when the /var/attachments/[0-9a-f][0-9a-f] folders get created under the name of the first mailbox, the second mailbox cannot write/read to them. I then tried adding %u to mail_attachment_dir, but then I had errors when running doveadm sis deduplicate because mail_attachment_fs doesn't seem to support %u in the queue path. How can I support multiple mailboxes with SIS??? On Sat, Sep 5, 2015 at 11:40 AM, Joe Beaubien wrote: > Hi everyone, > > I am currently trying to setup our next dovecot server (2.2.18) with SIS > enabled, but I have enconutered 1 problem and 1 question: > > > *1) Same attachment, different filenames* > > I have a feeling a misconfigured something (or forgot to do something) > because SIS almost works, but not quite since 3 identical attachment take > 3x the space (see end of email for my SIS config). > > For 3 the emails I sent with the same attachment, I got 3 seperate files > with the same hash name but a different string following the dash: > > -rw------- 1 info info 2.6M Sep 5 11:14 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6a22711a7b05eb5509480000045c9bf4 > -rw------- 1 info info 2.6M Sep 5 11:16 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6c22711a7b05eb5509480000045c9bf4 > -rw------- 2 info info 2.6M Sep 5 11:18 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6e22711a7b05eb5509480000045c9bf4 > drwx------ 2 info info 4.0K Sep 5 11:18 hashes > > For the record, the "hashes" subfolder has only 1 hash > (e35083e3280a21c6aaabbae8cb23d54493f514a5) which perfectly matches the > first part of the 3 filenames. > > > > *2) Saving attachments under a generic name or more flexible permissions?* > > It seems that dovecot saves the attachment with the username and group of > the user who has received the email. > > Is it possible to have dovecot save the attachments as a generic user > (like dovecot or dovenull) so that all my different users can share the > same pool of attachments? > > Alternatively, is it possible to have dovecot save the attachment under > more flexible permissions so that they can be shared between users? > > This would allow us to save alot of disk space. > > > *Here is the SIS config I am using:* > > mail_attachment_dir = /data/emails/attachments > #mail_attachment_min_size = 128k > #mail_attachment_fs = sis posix > #mail_attachment_hash = %{sha1} > > > > Any help would be very much appreciated. > > Thank you, > > Joe B > From rick at havokmon.com Wed Sep 9 02:21:13 2015 From: rick at havokmon.com (Rick Romero) Date: Tue, 08 Sep 2015 21:21:13 -0500 Subject: How to "Windows Authenticate" In-Reply-To: <201509082311.t88NB963021145@mail.hprs.local> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> <201509082311.t88NB963021145@mail.hprs.local> Message-ID: <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> If I had time I would be all over this - but IMHO the main problem is that Dovecot != Exchange.? Even in small environments - unless I'm out of date, there's no calendar, tasks or contact lists within Dovecot. Your next best best is to use something like Horde that would allow you to auth via ActiveSync (on Outlook 2013 clients) and manage everything else that the users will want, with Dovecot as the mail backend. Though I believe there could be licensing issues if you're looking to do it for free.? I think, by license, you still need CALs for each ActiveSync client (if you're in the US). Auth-Wise it'd be a whole different animal.? I'm not sure if there's anything pre-packaged NTLM + Horde - though Apache/PHP/Linux with Samba would accept the username via GSSAPI and I suppose you could pass that to HordeAuth. I hate Exchange - I have a nagging 45 second delay on OWA logins ever since I had to setup multiple NICs to get Outlook to stop complaining about certs, and today while trying to fix that issue, AD decided to stop replicating one of my trusted domains (and began rejecting auths for linked mailboxes from that domain) and in short I really just hate that environment with every fiber of my being and would love to see a decent free Exchange replacement on *nix. Rick Quoting Mark Foley : > More experimentation ... > > I tried removing userdb and passdb from the dovecot NTLM config. That > didn't > work. I then tried adding a static userdb as follows: > > userdb { > driver = static > #? allow_all_users = yes > args = gid=100 home=/home/HPRS/%n > } > > (Interestingly, when I uncommented "allow_all_users" I got an "unsupported > setting" [or something like that], even though that was in there from the > beginning and is shown in the example wiki > http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm) > > Anyway, in both tests my error messages were the same: > > Sep 08 18:38:16 imap-login: Debug: SSL: elliptic curve secp384r1 will be > used for ECDH and ECDHE key exchanges > Sep 08 18:38:16 imap-login: Debug: SSL: elliptic curve secp384r1 will be > used for ECDH and ECDHE key exchanges > Sep 08 18:38:16 auth: Debug: auth client connected (pid=8758) > Sep 08 18:38:16 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? > service=imap? ? session=vPWqBUQfeADAqAA6? ? ? lip=192.168.0.2? > rip=192.168.0.58? ? ? ? lport=143? ? ? ?rport=56184 > Sep 08 18:38:16 auth: Debug: client passdb out: CONT? ? 1 > Sep 08 18:38:16 auth: Info: ntlm(?,192.168.0.58,): > user not authenticated: NT_STATUS_LOGON_FAILURE > Sep 08 18:38:18 auth: Debug: client passdb out: FAIL? ? 1 > > Notice that my userid (mark or mark at ohprs) is nowhere to be found.? > Whereas when > I specified the userdb passwd at least it had a user id in the error > log.? From > my previous test with userdb passwd amd passdb shadow: > > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? > ??user=mark at hprs? original_user=mark at HPRS > Sep 05 16:45:19 auth-worker(5498): Debug: > shadow(mark at hprs,192.168.0.58): lookup > Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > unknown user > Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ?998899713 > > The "Info: ntml" log entry has ntlm(?,192.168.0.58,), > whereas > the previous test "Info shadow" log entry has Info: > shadow(mark at hprs,192.168.0.58). > > Of course I have no passdb specified which is right for NTML ... or is it? > > I feel like this should be obvious to someone familiar with Dovecot. > Once again, > it's difficult for me to believe no on on planet Earth (who also happens > to > subscribe to this list) had ever done Dovecot/ntlm from Outlook before. > > Help!!! If I can't get this last bit sorted out I'll be forced back to > Server > 2012 and Exchange. > > Thanks, --Mark > > -----Original Message----- > From: Mark Foley > Date: Mon, 07 Sep 2015 21:28:23 -0400 > Organization: Ohio Highway Patrol Retirement System > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Comments interspersed with yours ... > > --Mark > > -----Original Message----- >> Date: Sun, 06 Sep 2015 20:00:11 -0500 >> From: Rick Romero >> To: dovecot at dovecot.org >> Subject: Re: How to "Windows Authenticate" >> >> ? Hmm.? I would expect to see 'mark at hprs.com'.? Whatever your full domain >> name is. > > Full user at domain would be mark at hprs.local > >> It also won't look up /etc/shadow - Samba is doing the AD->Unix UID >> mapping.? Your AD users shouldn't be in there when all is said and done. > > I was thinking this too.? I don't know why NTLM would need a userdb at > all.? It > should just use something like ntlm_auth (which is configured in > auth_winbind_helper). > > What if I simply removed the userdb?? What would you recommend for > userdb, passdb? > >> Well, at when I did a Samba4 install as a DC it still behaved like a >> Samba3 >> member, and there were no AD users in the local unix passwd files. >> >> What does wbinfo -u provide?? It should list all your users - especially >> because it's an DC.? Whatever wbinfo -u shows, you may need to adjust >> another config file to match waht Dovecot is receiving. > > $ wbinfo -u > > Administrator > Guest > krbtgt > dns-mail > mark > sogo > **arr > **ress > **mith > **nee > **ris > **atterson > **armaine > **tkeson > **mmitoh > > These are all the AD users (most obfuscated for a bit of security). I am > testing > with user mark. > >> I assume /etc/nsswitch.conf has been modified to use Samba? > > Unless the Samba provision did something to nnswitch, I've done nothing; > nor > have I seen anything in the Samba or dovecot wikis suggesting changes.? > Remember > also that the Samba4 AD/DC works perfectly with redirected folders and > users > logging on to any Windows workstations, and works perfectly with things > wanting > "Windows Authentication" like SQLserver, so the "Windows Authentication" > does > work at some level.? My /etc/nsswitch.conf is: > > passwd:? ? ? ? ?compat > group:? ? ? ? ? compat > > hosts:? ? ? ? ? files dns > networks:? ? ? ?files > > services:? ? ? ?files > protocols:? ? ? files > rpc:? ? ? ? ? ? files > ethers:? ? ? ? ?files > netmasks:? ? ? ?files > netgroup:? ? ? ?files > bootparams:? ? ?files > > automount:? ? ? files > aliases:? ? ? ? files > >> Sorry I haven't done this, but it doesn't seem like anyone else has >> either >> - so I'm just shooting in the dark here trying to get you steered in the >> right direction... >> >> Rick > > Yeah, I can't seem to find a soul on the planet who has actually done > this. If I > get it figured out I'll post with a suggestion to Timo to wiki-ize it. > > I'm a bit puzzled that no one appears to have done this. I would think > that a > Samba4 AD/DC in a office environment with lots of Windows workstations > running > Outlook would be about the most common environment there is; especially > now that > Small Business Server is no longer sold and Server Essentials does not > support > Exchange. What are all the SBS/Exchange/Outlook small businesses doing? > Limping > along with SBS2008/11, or putting their email in Outlook.com? Seems like > the > Samba4/dovecot/Outlook combo would be an ideal migration. > > I appreciate your help. > >> Quoting Mark Foley : >> >> More info ... >> >> My dovecot error log shows: >> >> Sep 05 16:45:19 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? >> service=imap >> Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ? >> ?user=mark at hprs? original_user=mark at HPRS >> Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713? ? ? >> ?10219? >> ?1? ? ? ?f56352c207cb8f6dea4d264b2c0f8dc1? ? ? >> ?session_pid=10220? ? ? >> ?request_auth_token >> Sep 05 16:45:19 auth-worker(5498): Debug: >> shadow(mark at hprs,192.168.0.58): lookup >> Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): >> unknown user >> Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ? >> 998899713 >> >> whereas the successful 'plain login' config'ed mechanism (before adding >> NTLM >> config) have: >> >> Sep 06 20:27:38 auth-worker(18616): Debug: shadow(mark,104.6.249.210): >> lookup >> >> The failed ntlm look-up is looking up user mark at hprs in shadow, which it >> doesn't >> find. Is there a way to strip the "@hprs" bit from the user so it can >> find the >> correct entry in /etc/shadow? That might fix the problem. >> >> --Mark >> >> -----Original Message----- >> From: Mark Foley >> Date: Sat, 05 Sep 2015 17:12:50 -0400 >> To: dovecot at dovecot.org >> Subject: Re: How to "Windows Authenticate" >> >> Rick et al, >> >> The link you gave was a start, but is targeted for Samba3 and is >> assuming a >> probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, >> and >> includes setting up kerberos. >> >> I'm using a Samba4 AD/DC with integrated kerberos (so I don't think >> there is any >> setup I can do there).? Nevertheless I've followed the instructions >> otherwise; >> specifically adding to 10-auto.conf the following recommended lines: >> >> auth_use_winbind = yes >> auth_winbind_helper_path = /usr/bin/ntlm_auth >> mechanisms = plain ntlm login >> >> (Before, my 'mechanisms' were only plain and login). /usr/bin/ntlm_auth >> has >> global r/w privilege. >> >> I did not specify the static userdb since these users are configued in >> /etc/passwd and I thought that would work; example given in link (could >> that be >> an issue?): >> >> userdb static { >> ? args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln >> ? mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln >> ? allow_all_users=yes >> } >> >> This didn't work. Also, existing, working Outlook connections using >> 'logon' >> (i.e. the userID and PW are configured in Outlook) stopped working. >> >> I changed a test Outlook client to check the 'Request login using Secure >> Password Authentication (SPA)' and also checked: More Settings > >> Outgoing Server >> My outgoing server (SMTP) requires authentication' and 'Use same >> settings as >> >> my incoming mail server'.? Note that on the "Change Account" dialog >> (where the >> SPA checkbox is) the 'User Name' and 'Password' retained their values >> and were >> not grayed out as I would have expected if using AD authentication. >> >> After doing the above and clicking 'Test Account Settings' I was >> re-promted to >> enter a password - also not expected. At bottom are the Dovecot log >> message I >> received after doing the 'Test Account Settings'. >> >> Surely, connecting from an Outlook client to Dovecot on a Samba4 AD/DC >> should be >> a very common implementation. Has someone done this successfully? >> >> Immediately below is my doveconf -n and below that the dovecot log >> messages. >> >> doveconf -n >> >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain ntlm login >> auth_use_winbind = yes >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> driver = shadow >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> verbose_ssl = yes >> >> dovecot log after doing 'Test Account Settings' in Outlook: >> >> Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be >> used for ECDH and ECDHE key exchanges >> Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be >> used for ECDH and ECDHE key exchanges >> Sep 05 16:45:19 auth: Debug: auth client connected (pid=10219) >> Sep 05 16:45:19 auth: Debug: client in: AUTH? ? ? ? 1? ? ? ? >> NTLM? ? ? ? >> service=imap? ? ? ? session=HXssGAYf0ADAqAA6? ? ? ? >> lip=192.168.0.2? ? ? >> ? rip=192.168.0.58? ? ? ? lport=143? ? ? ? rport=52944 >> Sep 05 16:45:19 auth: Debug: client passdb out: CONT? ? ? ? 1 >> Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? ? 1? ? ? >> ? >> user=mark at hprs? ? ? ? original_user=mark at HPRS >> Sep 05 16:45:19 auth: Debug: master in: REQUEST? ? ? ? 998899713? ? >> ? ? >> 10219? ? ? ? 1? ? ? ? f56352c207cb8f6dea4d264b2c0f8dc1? ? ? ? >> session_pid=10220? ? ? ? request_auth_token >> Sep 05 16:45:19 auth-worker(5498): Debug: >> shadow(mark at hprs,192.168.0.58): lookup >> Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): >> unknown user >> Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ? >> 998899713 >> Sep 05 16:45:19 imap-login: Info: Internal login failure (pid=10219 >> id=1) (internal failure, 1 successful auths): user=, >> method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=10220, >> session= >> Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be >> used for ECDH and ECDHE key exchanges >> Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be >> used for ECDH and ECDHE key exchanges >> Sep 05 16:46:22 auth: Debug: Loading modules from directory: >> /usr/local/lib/dovecot/auth >> Sep 05 16:46:22 auth: Debug: Read auth token secret from >> /usr/local/var/run/dovecot/auth-token-secret.dat >> Sep 05 16:46:22 auth: Debug: auth client connected (pid=13487) >> Sep 05 16:46:22 auth: Debug: client in: AUTH? ? ? ? 1? ? ? ? >> NTLM? ? ? ? >> service=imap? ? ? ? session=IlvqGwYf0wDAqAA6? ? ? ? >> lip=192.168.0.2? ? ? >> ? rip=192.168.0.58? ? ? ? lport=143? ? ? ? rport=52947 >> Sep 05 16:46:22 auth: Debug: client passdb out: OK? ? ? ? 1? ? ? >> ? >> user=mark at hprs? ? ? ? original_user=mark at HPRS >> Sep 05 16:46:22 auth: Debug: master in: REQUEST? ? ? ? 3030384641? >> ? ? ? >> 13487? ? ? ? 1? ? ? ? bac5f6531f9d4c3316f93bd4c4a63ddd? ? ? ? >> session_pid=13491? ? ? ? request_auth_token >> Sep 05 16:46:22 auth-worker(13492): Debug: Loading modules from >> directory: /usr/local/lib/dovecot/auth >> Sep 05 16:46:22 auth-worker(13492): Debug: >> shadow(mark at hprs,192.168.0.58): lookup >> Sep 05 16:46:22 auth-worker(13492): Info: >> shadow(mark at hprs,192.168.0.58): unknown user >> Sep 05 16:46:22 auth: Debug: master userdb out: NOTFOUND? ? ? ? >> 3030384641 >> Sep 05 16:46:22 imap-login: Info: Internal login failure (pid=13487 >> id=1) (internal failure, 1 successful auths): user=, >> method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=13491, >> session= >> >> Thanks --Mark >> >> -----Original Message----- >> Date: Thu, 03 Sep 2015 06:53:19 -0500 >> From: Rick Romero >> To: dovecot at dovecot.org >> Subject: Re: How to "Windows Authenticate" >> >> ? Hi Mark, >> >> I haven't done it, but I've played with the scenario enough to have an >> idea. >> >> What you want to do is have Outlook auth via NTLM to Dovecot.? >> >> First that means having the machine be a domain member (usually via >> Samba) >> in order to properly process NTLM/Kerberos handshake - which it appears >> you >> have. >> Second that means having Dovecot know how to accept NTLM authentication >> (SPA) to pass to the Samba backend. >> >> A 'Dovecot NTLM' search led me here: >> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm >> >> What's not on the page that I'd expect to see, are the compile-time >> requirements for inclucing samba/kerberos libs within Dovecot.? If it >> doesn't 'just work' with the config changes in the wiki, you may need to >> recompile with the right features. >> >> Also - check the permissions of the ntlm_auth program. That's caused >> many >> issues with Radius installs, IIRC. >> >> Hope that helps! >> >> Rick >> >> Quoting Mark Foley : >> >> This can't be that hard. I think I've enabled LDAP in Dovecot just by >> including >> dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I >> now have >> the configuration shown below. Two questions: >> >> 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook >> accounts still have the ID and password set in "Logon Information". >> Checking >> "Require logon using Secure Password Authentication (SPA)" doesn't work. >> All I >> can seem to find on the Internet is how to configure address books using >> LDAP. >> >> 2. Should I remove "passdb { drive = shadow } from the dovecot >> configuration? >> >> Anybody? >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> driver = shadow >> } >> passdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> userdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> verbose_ssl = yes >> >> -----Original Message----- >> From: Mark Foley >> Date: Wed, 02 Sep 2015 13:31:35 -0400 >> To: dovecot at dovecot.org >> Subject: How to "Windows Authenticate" >> >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook >> (2010/2013) on >> Windows workstations for over 6 months with no problems.? Dovecot is >> hosted on >> the office Samba4 AC/DC server. >> >> I have been using auth_mechanisms plain login, and passdb driver = >> shadow. >> >> What I'd like to do now is use the "Windows Authenticated" login so I >> don't have >> to have separate passwords for users logging into the Windows AD >> workstations >> and their Outlook clients. >> >> If anyone has actually done this I'd appreciate some tips. My various >> attempts >> have not been successful. >> >> Here is my current config: >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> ? driver = shadow >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> ? driver = passwd >> } >> verbose_ssl = yes >> >> Thanks, Mark Foley >> >> From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 >> Return-Path: >> X-Virus-Status: Clean >> X-Virus-Scanned: clamav-milter 0.98.6 at mail >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ >> (2011-06-06) on >> ? ? ? ? mail.hprs.local >> X-Spam-Level: >> X-Spam-Status: No, score=0.0 required=3.0 tests=none >> autolearn=unavailable >> ? ? ? ? version=3.3.2-_revision__1.14__ >> X-Original-To: dovecot at dovecot.org >> Delivered-To: dovecot at dovecot.org >> X-Virus-Status: Clean >> X-Virus-Scanned: clamav-milter 0.98.6 at mail >> From: Mark Foley >> Date: Wed, 02 Sep 2015 13:31:35 -0400 >> Organization: Ohio Highway Patrol Retirement System >> To: dovecot at dovecot.org >> Subject: How to "Windows Authenticate" >> User-Agent: Heirloom mailx 12.5 7/5/10 >> Content-Type: text/plain; charset=us-ascii >> X-BeenThere: dovecot at dovecot.org >> X-Mailman-Version: 2.1.17 >> Precedence: list >> List-Id: Dovecot Mailing List >> List-Unsubscribe: , >> ? ? ? ? >> List-Archive: >> List-Post: >> List-Help: >> List-Subscribe: , >> ? ? ? ? >> Errors-To: dovecot-bounces at dovecot.org >> Sender: "dovecot" >> Status: R >> >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook >> (2010/2013) on >> Windows workstations for over 6 months with no problems.? Dovecot is >> hosted on >> the office Samba4 AC/DC server. >> >> I have been using auth_mechanisms plain login, and passdb driver = >> shadow. >> >> What I'd like to do now is use the "Windows Authenticated" login so I >> don't have >> to have separate passwords for users logging into the Windows AD >> workstations >> and their Outlook clients. >> >> If anyone has actually done this I'd appreciate some tips. My various >> attempts >> have not been successful. >> >> Here is my current config: >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> driver = shadow >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> verbose_ssl = yes >> Thanks, Mark Foley >> From dovecot-bounces at dovecot.org? Thu Sep? 3 07:53:44 2015 >> Return-Path: >> X-Virus-Status: Clean >> X-Virus-Scanned: clamav-milter 0.98.6 at mail >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ >> (2011-06-06) on >> ? ? ? ? mail.hprs.local >> X-Spam-Level: >> X-Spam-Status: No, score=0.0 required=3.0 tests=none autolearn=ham >> ? ? ? ? version=3.3.2-_revision__1.14__ >> X-Original-To: dovecot at dovecot.org >> Delivered-To: dovecot at dovecot.org >> Date: Thu, 03 Sep 2015 06:53:19 -0500 >> From: Rick Romero >> To: dovecot at dovecot.org >> Subject: Re: How to "Windows Authenticate" >> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) >> X-VFEmail-Originating-IP: MTA3LjEzNi4xNDQuMjMw >> X-VFEmail-AntiSpam: Notify admin at vfemail.net of any spam, and include >> ? ? ? ? VFEmail headers >> Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes >> Content-Disposition: inline >> Content-Description: Plaintext Message >> X-Content-Filtered-By: Mailman/MimeDel 2.1.17 >> X-BeenThere: dovecot at dovecot.org >> X-Mailman-Version: 2.1.17 >> Precedence: list >> List-Id: Dovecot Mailing List >> List-Unsubscribe: , >> ? ? ? ? >> List-Archive: >> List-Post: >> List-Help: >> List-Subscribe: , >> ? ? ? ? >> Errors-To: dovecot-bounces at dovecot.org >> Sender: "dovecot" >> Status: R >> >> ? Hi Mark, >> >> I haven't done it, but I've played with the scenario enough to have an >> idea. >> >> What you want to do is have Outlook auth via NTLM to Dovecot.? >> >> First that means having the machine be a domain member (usually via >> Samba) >> in order to properly process NTLM/Kerberos handshake - which it appears >> you >> have. >> Second that means having Dovecot know how to accept NTLM authentication >> (SPA) to pass to the Samba backend. >> >> A 'Dovecot NTLM' search led me here: >> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm >> >> What's not on the page that I'd expect to see, are the compile-time >> requirements for inclucing samba/kerberos libs within Dovecot.? If it >> doesn't 'just work' with the config changes in the wiki, you may need to >> recompile with the right features. >> >> Also - check the permissions of the ntlm_auth program. That's caused >> many >> issues with Radius installs, IIRC. >> >> Hope that helps! >> >> Rick >> >> Quoting Mark Foley : >> >> This can't be that hard. I think I've enabled LDAP in Dovecot just by >> including >> dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I >> now have >> the configuration shown below. Two questions: >> >> 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook >> accounts still have the ID and password set in "Logon Information". >> Checking >> "Require logon using Secure Password Authentication (SPA)" doesn't work. >> All I >> can seem to find on the Internet is how to configure address books using >> LDAP. >> >> 2. Should I remove "passdb { drive = shadow } from the dovecot >> configuration? >> >> Anybody? >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> driver = shadow >> } >> passdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> userdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> verbose_ssl = yes >> >> -----Original Message----- >> From: Mark Foley >> Date: Wed, 02 Sep 2015 13:31:35 -0400 >> To: dovecot at dovecot.org >> Subject: How to "Windows Authenticate" >> >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook >> (2010/2013) on >> Windows workstations for over 6 months with no problems.? Dovecot is >> hosted on >> the office Samba4 AC/DC server. >> >> I have been using auth_mechanisms plain login, and passdb driver = >> shadow. >> >> What I'd like to do now is use the "Windows Authenticated" login so I >> don't have >> to have separate passwords for users logging into the Windows AD >> workstations >> and their Outlook clients. >> >> If anyone has actually done this I'd appreciate some tips. My various >> attempts >> have not been successful. >> >> Here is my current config: >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> ? driver = shadow >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> ? driver = passwd >> } >> verbose_ssl = yes >> >> Thanks, Mark Foley >> >> From dovecot-bounces at dovecot.org? Wed Sep? 2 13:32:13 2015 >> Return-Path: >> X-Virus-Status: Clean >> X-Virus-Scanned: clamav-milter 0.98.6 at mail >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ >> (2011-06-06) on >> ? ? ? ? mail.hprs.local >> X-Spam-Level: >> X-Spam-Status: No, score=0.0 required=3.0 tests=none >> autolearn=unavailable >> ? ? ? ? version=3.3.2-_revision__1.14__ >> X-Original-To: dovecot at dovecot.org >> Delivered-To: dovecot at dovecot.org >> X-Virus-Status: Clean >> X-Virus-Scanned: clamav-milter 0.98.6 at mail >> From: Mark Foley >> Date: Wed, 02 Sep 2015 13:31:35 -0400 >> Organization: Ohio Highway Patrol Retirement System >> To: dovecot at dovecot.org >> Subject: How to "Windows Authenticate" >> User-Agent: Heirloom mailx 12.5 7/5/10 >> Content-Type: text/plain; charset=us-ascii >> X-BeenThere: dovecot at dovecot.org >> X-Mailman-Version: 2.1.17 >> Precedence: list >> List-Id: Dovecot Mailing List >> List-Unsubscribe: , >> ? ? ? ? >> List-Archive: >> List-Post: >> List-Help: >> List-Subscribe: , >> ? ? ? ? >> Errors-To: dovecot-bounces at dovecot.org >> Sender: "dovecot" >> Status: R >> >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook >> (2010/2013) on >> Windows workstations for over 6 months with no problems.? Dovecot is >> hosted on >> the office Samba4 AC/DC server. >> >> I have been using auth_mechanisms plain login, and passdb driver = >> shadow. >> >> What I'd like to do now is use the "Windows Authenticated" login so I >> don't have >> to have separate passwords for users logging into the Windows AD >> workstations >> and their Outlook clients. >> >> If anyone has actually done this I'd appreciate some tips. My various >> attempts >> have not been successful. >> >> Here is my current config: >> >> $ doveconf -n >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 >> auth_debug_passwords = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> disable_plaintext_auth = no >> info_log_path = /var/log/dovecot_info >> mail_location = maildir:~/Maildir >> passdb { >> driver = shadow >> } >> protocols = imap >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> verbose_ssl = yes >> Thanks, Mark Foley >> >> ? > > ? From stephan at rename-it.nl Wed Sep 9 09:26:50 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 9 Sep 2015 11:26:50 +0200 Subject: sieve_extprograms - double linebreaks at filtering In-Reply-To: <55EEC221.3020103@gmx.de> References: <55EEC221.3020103@gmx.de> Message-ID: <55EFFB5A.9060008@rename-it.nl> Op 8-9-2015 om 13:10 schreef Hajo Locke: > Hello List, > > i have a problem when using sieve-plugin sieve_extprograms. I use > dovecot 2.2.18 and bundled pigeonhole 0.4.6 (Ubuntu 14.04.3 LTS) > > i have enabled sieve_extprograms and vnd.dovecot.filter to send mail > to user-defined script and get changed content back. > My script previously was used with procmail and is working fine. > Using same script with vnd.dovecot.filter leads to odd behavior. > I already found out the problem itself: > By sending Mailcontent to filter-programm it seems that > sieve/sieve_extprograms is adding additional linebreaks to every line > of complete mail. > Please see this image to clarify: > http://r31i.imgup.net/header8d56.jpg?l=de > Every lineending got additional windows-lineendings, which leads to > problems with processing scripts. > Piping mails by procmail to same script is working without problems, > because this mails are recieved "clean" without the "^M". Well, the specified format for an internet message like e-mail has CRLF line endings everywhere. That's why this happens now: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/file/5df1b6d72ec2/src/plugins/sieve-extprograms/sieve-extprograms-common.c#l604 But maybe that is not such a good idea in a UNIX environment. I think I can just make it configurable. Regards, Stephan. From jerry at seibercom.net Wed Sep 9 09:30:13 2015 From: jerry at seibercom.net (Jerry) Date: Wed, 9 Sep 2015 05:30:13 -0400 Subject: How to "Windows Authenticate" In-Reply-To: <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> <201509082311.t88NB963021145@mail.hprs.local> <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> Message-ID: <20150909053013.31ed0ac4@seibercom.net> On Tue, 08 Sep 2015 21:21:13 -0500, Rick Romero stated: >I hate Exchange - I have a nagging 45 second delay on OWA logins ever since >I had to setup multiple NICs to get Outlook to stop complaining about >certs, and today while trying to fix that issue, AD decided to stop >replicating one of my trusted domains (and began rejecting auths for linked >mailboxes from that domain) and in short I really just hate that >environment with every fiber of my being and would love to see a decent >free Exchange replacement on *nix. The only time I have had a problem with certs, is when they are "self signed". -- Jerry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From sergey.schwartz at bgoperator.com Wed Sep 9 10:37:14 2015 From: sergey.schwartz at bgoperator.com (Sergey Schwartz) Date: Wed, 9 Sep 2015 13:37:14 +0300 Subject: [Dovecot] dsync replication errors In-Reply-To: <5EB2C42A-D57F-498D-AA87-91733595B518@iki.fi> References: <20130131112752.642beb56@boscos> <20130131130639.260eb4b8@boscos> <8430F751-4A7E-4CCF-AFAF-20E4C9F2A608@iki.fi> <20130131134624.2c515aa8@boscos> <4ABF8E21-B7D4-47A7-B79F-81E97BE21A7C@iki.fi> <20130131141018.44b30d71@boscos> <8114CD6C-3825-4BAB-919D-EE3AD92FFF4F@iki.fi> <20130131143639.3cfdf41c@boscos> <20130131173736.3015b6cb@boscos> <3221CB48-750F-493F-AFE0-32E6FDD18360@iki.fi> <20130131184125.49d35f5d@boscos> <1359663448.3230.0.camel@hurina> <20130201132825.5363b1f4@boscos> <1361028022.3230.61.camel@hurina> <20130216193244.03b3c5a6@boscos.leetdreams.ch> <1361089297.3230.84.camel@hurina> <55EE0CC0.80804@gedalya.net> <15A63551-0A84-4952-82EB-3CBDC60B72C2@iki.fi> <55EE9A35.20903@bgoperator.com> <5EB2C42A-D57F-498D-AA87-91733595B518@iki.fi> Message-ID: <55F00BDA.5010405@bgoperator.com> Timo, Is it possible to limit replication scope with INBOX namespace only ? Best regards, Sergey Schwartz Senior System Administrator Biblio Globus Tour Operator www.bgoperator.ru T: +7 495 5042500 ext 1532 E: sergey.schwartz at bgoperator.com 08.09.2015 13:24, Timo Sirainen ?????: > On 08 Sep 2015, at 11:20, Sergey Schwartz wrote: >> I use mdbox and probably have similar issue, but in my case only shared mailboxes were affected. > Yes, shared mailboxes don't work nicely with replication. Replication is locking only the original user, so for shared mailboxes multiple dsyncs can be running in parallel and messing things up. A bit troublesome to fix this. I've had this issue happening for a couple of years now for our mails and I haven't bothered fixing it, so it's unlikely I'll do it anytime soon.. Although I haven't seen that many duplicates of the mails - just 10 or so. > From tss at iki.fi Wed Sep 9 10:38:55 2015 From: tss at iki.fi (Timo Sirainen) Date: Wed, 9 Sep 2015 13:38:55 +0300 Subject: [Dovecot] dsync replication errors In-Reply-To: <55F00BDA.5010405@bgoperator.com> References: <20130131112752.642beb56@boscos> <20130131130639.260eb4b8@boscos> <8430F751-4A7E-4CCF-AFAF-20E4C9F2A608@iki.fi> <20130131134624.2c515aa8@boscos> <4ABF8E21-B7D4-47A7-B79F-81E97BE21A7C@iki.fi> <20130131141018.44b30d71@boscos> <8114CD6C-3825-4BAB-919D-EE3AD92FFF4F@iki.fi> <20130131143639.3cfdf41c@boscos> <20130131173736.3015b6cb@boscos> <3221CB48-750F-493F-AFE0-32E6FDD18360@iki.fi> <20130131184125.49d35f5d@boscos> <1359663448.3230.0.camel@hurina> <20130201132825.5363b1f4@boscos> <1361028022.3230.61.camel@hurina> <20130216193244.03b3c5a6@boscos.leetdreams.ch> <1361089297.3230.84.camel@hurina> <55EE0CC0.80804@gedalya.net> <15A63551-0A84-4952-82EB-3CBDC60B72C2@iki.fi> <55EE9A35.20903@bgoperator.com> <5EB2C42A-D57F-498D-AA87-91733595B518@iki.fi> <55F00BDA.5010405@bgoperator.com> Message-ID: On 09 Sep 2015, at 13:37, Sergey Schwartz wrote: > > Timo, > > Is it possible to limit replication scope with INBOX namespace only ? replication_dsync_parameters = ... -n INBOX/ or -n "" or whatever the INBOX namespace is. > > Best regards, > Sergey Schwartz > > Senior System Administrator > Biblio Globus Tour Operator > www.bgoperator.ru > > T: +7 495 5042500 ext 1532 > E: sergey.schwartz at bgoperator.com > > 08.09.2015 13:24, Timo Sirainen ?????: >> On 08 Sep 2015, at 11:20, Sergey Schwartz wrote: >>> I use mdbox and probably have similar issue, but in my case only shared mailboxes were affected. >> Yes, shared mailboxes don't work nicely with replication. Replication is locking only the original user, so for shared mailboxes multiple dsyncs can be running in parallel and messing things up. A bit troublesome to fix this. I've had this issue happening for a couple of years now for our mails and I haven't bothered fixing it, so it's unlikely I'll do it anytime soon.. Although I haven't seen that many duplicates of the mails - just 10 or so. >> From matthias.lay at securepoint.de Wed Sep 9 15:22:34 2015 From: matthias.lay at securepoint.de (Matthias Lay) Date: Wed, 9 Sep 2015 17:22:34 +0200 Subject: My dovecot works fine against Active Directory 2003, but not against AD2008 In-Reply-To: <55EEA3B5.1060208@chguadalquivir.es> References: <55EEA3B5.1060208@chguadalquivir.es> Message-ID: <20150909172234.78693073@eugen.spdev.local> hi, check your /etc/openldap/ldap.conf for REFERRALS off I had this errors with "referrals on" in misconfigured dns environments. you can debug the dns packets by strace-ing the auth process On Tue, 8 Sep 2015 11:00:37 +0200 Fran wrote: > Hello, > > my dovecot installation has been working fine against AD till we > upgrade from AD 2003 to AD 2008. As > http://wiki2.dovecot.org/AuthDatabase/LDAP said, now I'm not able to > connect AD through 389 port. The port 3268 works fine though. > > (...) > Sep 7 19:02:05 dovecot: imap-login: Error: > master(imap): Auth request timed out (received 0/12 bytes) > Sep 7 19:02:05 dovecot: imap-login: Internal login > failure (pid=4846 id=1) (internal failure, 1 successful auths): > user=<>, method=PLAIN, rip=, > lip=, TLS, session= > (...) > Sep 7 19:02:06 dovecot: auth: Error: > ldap(,,): Connection appears > to be hanging, reconnecting > Sep 7 19:02:06 dovecot: auth: Error: > ldap(,,): LDAP search > returned multiple entries > (...) > > Is there a technical reason for this problem? Does it exist any > workaround? > > The use of Global Catalog (port 3268) is not a solution for me, since > it misses many attributes. (ex. I use the field "initials" to set the > quota and this field is not available through port 3268). > > I also noticed that, now, it uses any DC available in the domain, it > doesn't care what I configured in "hosts = " parameter. > > This is using "hosts = dc03.domain:389": > ----------------------------------------------- > > [root@ ~]# netstat -anp | grep dovecot | grep auth > tcp 22 0 :55217 > :389 ESTABLISHED 4872/dovecot/auth > tcp 22 0 :57645 > :389 ESTABLISHED 4872/dovecot/auth > tcp 0 0 :55216 > :389 ESTABLISHED 4872/dovecot/auth > > It looks like it does a look up for other domains controller (I don't > know how nor why) and it connect aleatory to any DC in my domain (in > this case dc06.domain, but it changes any time), additionally to the > configured one (dc03.domain). > > This is using "hosts = dc03.domain:3268": > ------------------------------------------------ > [root@ ~]# netstat -anp | grep dovecot | grep auth > tcp 0 0 :58485 > :3268 ESTABLISHED 4982/dovecot/auth > > In this case, only the configured server in host parameter is used (I > think this is the right behaviour) > > > Aditional info: > --------------- > CentOS Linux release 7.0.1406 (Core) > > dovecot 2.2.10 > > Build options: ioloop=epoll notify=inotify ipv6 openssl > io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox > cydir imapc pop3c raw fail SQL driver plugins: mysql postgresql sqlite > Passdb: checkpassword ldap pam passwd passwd-file shadow sql > Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql > > > My /etc/dovecot/dovecot-ldap.conf.ext > -------------------------------------- > #hosts = dc03.domain:3268 > hosts = dc03.domain:389 > #uris = ldap://dc03.domain > base = DC=domain > #tls = yes > tls = no > ldap_version = 3 > auth_bind = yes > auth_bind_userdn = %u at domain > #auth_bind_userdn = DOMAIN\%u > dn = cn=,cn=Users,dc=domain > dnpass = > > #scope = subtree > #deref = never > > user_filter = > (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) > pass_filter = > (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) > pass_attrs = userPassword=password > user_attrs = Initials=quota_rule=*:storage=%$MB > --------------- > > > -------------------------- > Log trace using PORT 389: > -------------------------- > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x10, ret=1: before/accept initialization [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: before/accept initialization [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client hello A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server hello A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write certificate A [] > Sep 7 19:00:35 dovecot: auth: Debug: Loading modules > from directory: /usr/lib64/dovecot/auth > Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so > Sep 7 19:00:35 dovecot: auth: Debug: Loading modules > from directory: /usr/lib64/dovecot/auth > Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libauthdb_ldap.so > Sep 7 19:00:35 dovecot: auth: Debug: Read auth token > secret from /var/run/dovecot/auth-token-secret.dat > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write key exchange A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server done A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:00:35 dovecot: auth: Debug: auth client > connected (pid=4846) > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client key exchange A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read finished A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write session ticket A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write change cipher spec A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write finished A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x20, ret=1: SSL negotiation finished successfully > [] Sep 7 19:00:35 dovecot: imap-login: > Debug: SSL: where=0x2002, ret=1: SSL negotiation finished > successfully [] Sep 7 19:00:35 > dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap > secured session=T+grMCsfqgAKHyZV lip= > rip= lport=993 rport=59818 Sep 7 19:00:35 > dovecot: auth: Debug: client passdb out: CONT 1 > Sep 7 19:00:35 dovecot: auth: Debug: client in: CONT > 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous > base64 data may contain sensitive data) > Sep 7 19:00:35 dovecot: auth: Debug: client passdb > out: OK 1 user= > Sep 7 19:00:35 dovecot: auth: Debug: master in: > REQUEST 4142792705 4846 1 > cb2115241ccfd81959c15122ec062a8b session_pid=4849 > request_auth_token > Sep 7 19:00:35 dovecot: auth: Debug: > ldap(,,): user search: > base=DC=domain scope=subtree > filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) > fields=Initials > > Sep 7 19:02:05 dovecot: imap-login: Error: > master(imap): Auth request timed out (received 0/12 bytes) > Sep 7 19:02:05 dovecot: imap-login: Internal login > failure (pid=4846 id=1) (internal failure, 1 successful auths): > user=<>, method=PLAIN, rip=, > lip=, TLS, session= > Sep 7 19:02:05 dovecot: auth: Debug: client in: > CANCEL 1 > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL alert: > close notify [] > Sep 7 19:02:05 dovecot: imap: Error: Login client > disconnected too early > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:02:05 dovecot: auth: Debug: auth client > connected (pid=4868) > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x10, ret=1: before/accept initialization [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: before/accept initialization [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client hello A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server hello A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write certificate A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write key exchange A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server done A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client key exchange A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read finished A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write session ticket A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write change cipher spec A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write finished A [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > where=0x20, ret=1: SSL negotiation finished successfully > [] Sep 7 19:02:05 dovecot: imap-login: > Debug: SSL: where=0x2002, ret=1: SSL negotiation finished > successfully [] Sep 7 19:02:06 > dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap > secured session=ZjyONSsf6QAKHyZV lip= > rip= lport=993 rport=59881 Sep 7 19:02:06 > dovecot: auth: Debug: client passdb out: CONT 1 > Sep 7 19:02:06 dovecot: auth: Debug: client in: CONT > 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous > base64 data may contain sensitive data) > Sep 7 19:02:06 dovecot: auth: Error: > ldap(,,): Connection appears > to be hanging, reconnecting > Sep 7 19:02:06 dovecot: auth: Error: > ldap(,,): LDAP search > returned multiple entries > > Sep 7 19:03:10 dovecot: imap: Error: Auth server > request timed out after 155 secs (client-pid=4846 client-id=1) > > Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: > close notify [] > Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: > close notify [] > > Sep 7 19:04:36 dovecot: auth: Error: > PLAIN(,,): Request 4868.1 > timed out after 150 secs, state=1 > > Sep 7 19:05:05 dovecot: imap-login: Disconnected: > Inactivity during authentication (disconnected while authenticating, > waited 179 secs): user=<>, method=PLAIN, rip=, > lip=, TLS, session= > Sep 7 19:05:05 dovecot: auth: Debug: client in: > CANCEL > > Sep 7 19:06:06 dovecot: auth: > ldap(,,): Shutting down > Sep 7 19:06:06 dovecot: auth: Debug: master userdb > out: FAIL 4142792705 > Sep 7 19:06:06 dovecot: auth: > ldap(,,): Shutting down > Sep 7 19:06:06 dovecot: auth: Debug: client passdb > out: FAIL 1 user= temp > > > > > -------------------------- > Log trace using PORT 3268: > -------------------------- > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x10, ret=1: before/accept initialization [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: before/accept initialization [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client hello A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server hello A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write certificate A [] > Sep 7 19:33:07 dovecot: auth: Debug: Loading modules > from directory: /usr/lib64/dovecot/auth > Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so > Sep 7 19:33:07 dovecot: auth: Debug: Loading modules > from directory: /usr/lib64/dovecot/auth > Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libauthdb_ldap.so > Sep 7 19:33:07 dovecot: auth: Debug: Read auth token > secret from /var/run/dovecot/auth-token-secret.dat > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write key exchange A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server done A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [] > Sep 7 19:33:07 dovecot: auth: Debug: auth client > connected (pid=4971) > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client key exchange A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read finished A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write session ticket A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write change cipher spec A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write finished A [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 flush data [] > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > where=0x20, ret=1: SSL negotiation finished successfully > [] Sep 7 19:33:07 dovecot: imap-login: > Debug: SSL: where=0x2002, ret=1: SSL negotiation finished > successfully [] Sep 7 19:33:08 > dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap > secured session=FAKKpCsf0AAKHyZV lip= > rip= lport=993 rport=61648 Sep 7 19:33:08 > dovecot: auth: Debug: client passdb out: CONT 1 > Sep 7 19:33:08 dovecot: auth: Debug: client in: CONT > 1 AEN1bWMtNDM2MS0yAGZvcnRpbmV0LjIwMTQ= (previous base64 data may > contain sensitive data) > Sep 7 19:33:08 dovecot: auth: Debug: client passdb > out: OK 1 user= > Sep 7 19:33:08 dovecot: auth: Debug: master in: > REQUEST 3261071361 4971 1 > 4755688f0bdd33a0fadcc5d3b8664e61 session_pid=4974 > request_auth_token > Sep 7 19:33:08 dovecot: auth: Debug: > ldap(,,): user search: > base=DC=domain scope=subtree > filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) > fields=Initials > > [Here start the difference between 389 and 3268 ports] > > Sep 7 19:33:08 dovecot: auth: Debug: > ldap(,,): no fields returned > by the server > > [Next line you can see missing attributes, due to I'm using port 3268] > > Sep 7 19:33:08 dovecot: auth: Debug: > ldap(,,): result: Initials > missing > Sep 7 19:33:08 dovecot: auth: Debug: master userdb > out: USER 3261071361 uid=1000 > gid=1000 home=/home/mailstorage// > auth_token=9191cdf475600f0a47e185bb65817c0e0f495894 > Sep 7 19:33:08 dovecot: imap-login: Login: > user=<>, method=PLAIN, rip=, > lip=, mpid=4974, TLS, session= > Sep 7 19:33:08 dovecot: imap: Debug: Loading modules > from directory: /usr/lib64/dovecot > Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: > /usr/lib64/dovecot/lib10_quota_plugin.so > Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: > /usr/lib64/dovecot/lib11_imap_quota_plugin.so > Sep 7 19:33:08 dovecot: imap(): Debug: > Effective uid=1000, gid=1000, > home=/home/mailstorage// Sep 7 19:33:08 > dovecot: imap(): Debug: Quota root: > name=CuotaUsuario backend=maildir args= Sep 7 19:33:08 > dovecot: imap(): Debug: Quota rule: > root=CuotaUsuario mailbox=* bytes=2097152 messages=0 Sep 7 19:33:08 > dovecot: imap(): Debug: Quota grace: > root=CuotaUsuario bytes=209715 (10%) Sep 7 19:33:08 > dovecot: imap(): Debug: Namespace inbox: type=private, > prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes > location=maildir:~/Maildir Sep 7 19:33:08 dovecot: > imap(): Debug: maildir++: > root=/home/mailstorage///Maildir, index=, > indexpvt=, control=, > inbox=/home/mailstorage///Maildir, alt= From j.echter at echter-kuechen-elektro.de Wed Sep 9 19:24:42 2015 From: j.echter at echter-kuechen-elektro.de (J. Echter) Date: Wed, 9 Sep 2015 21:24:42 +0200 Subject: Convert from Maildir to Mdbox In-Reply-To: <55D4036B.7070706@granch.ru> References: <55C9A5A8.9010501@echter-kuechen-elektro.de> <55CC2C0F.2010709@granch.ru> <55CE2675.3070003@echter-kuechen-elektro.de> <55D4036B.7070706@granch.ru> Message-ID: <55F0877A.1080003@echter-kuechen-elektro.de> Am 19.08.2015 um 06:17 schrieb ?????? ????? ??????????????: > 14/08/15 23:33, J. Echter ?????: >>> >> Hi, >> >> thanks for your reply. >> >> Would be nice to have a look at this script :) >> >> Thanks for your offer. >> >> Juergen >> > > http://www.sheltonsoft.ru/fileZ/other/convmbx.tar.bz2 > > When you converting maildir-based mail boxes, you must grant write > access to anyone to root mailbox folder, elsewhere conveting failed > (dsync runs in user access space). I.e. when your layout is > /usr/folder/mailbox1, /usr/folder/mailbox2 etc. you must grant access > to /usr/folder. Script detects user home directory and placed mail > onto it. > > commonlib.sh and colorprint.sh placed anywhere on PATH, /usr/bin is > good place. > > Message "INBOX exist..." you can safely ignored > Hi, sorry for the late reply. I'll try this soon. Thanks again! From mfoley at ohprs.org Thu Sep 10 02:47:14 2015 From: mfoley at ohprs.org (Mark Foley) Date: Wed, 09 Sep 2015 22:47:14 -0400 Subject: How to "Windows Authenticate" In-Reply-To: <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> <201509082311.t88NB963021145@mail.hprs.local> <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> Message-ID: <201509100247.t8A2lE98017371@mail.hprs.local> Rick, I extremely dislike Exchange as well. I have a long list of problems: near impossibility to monitor logs for trouble, poor configurable spam checking, no good way to archive and review emails ... I could go on for paragraphs, but the main reason we recently migrated away from SBS/Exchange is that Microsoft no longer sells Small Business Server and its replacement, Server Essentials, does not support Exchange! Exchange has to run on Server 2012, but MS would prefer you to use Server Essentials with your email in the cloud. We're not gonna do that. Samba4 AD/DC and Dovecot work perfectly for everything including access from SmartPhones. I've got roaming domain logins, redirected folders, calendars and contacts work just fine with Outlook and WebDav for sharing calendars; don't need them in Dovecot. For the most part, Outlook users can't tell they are not still on Exchange ... except they have to maintain their Outlook password distinct from their Windows password. Which is their one HUGE issue. My absolutely LAST issue with totally duplicating SBS/Exchange functionality on Samba4/Dovecot is getting Dovecot to authenticate with Outlook clients using Windows Authentication which, as I understand things, can supposedly be done with NTLM. I just can't get it to work. I think a heck of a lot if Windows [SB]Server shops would convert to Samba4/Dovecot if someone figured out how to do this. My Dovecot log messages make it look close to working: Sep 05 16:45:19 auth-worker(5498): Debug: shadow(mark at hprs,192.168.0.58): lookup Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): unknown user Dovecot gets the user as" mark at hprs" instead of "mark" and therefore can't find it in the userdb. I can find no Dovecot wiki on this. If Dovecot just can't authenticate this way can someone (Timo?) tell me so and I'll cease my 8 month quest. Otherwise, what should I have for a userdb? What should I have for a passdb? Can I parse the "@hprs" bit off the userId received by Dovecot? These seem to be my hang-ups. At this point, I'm open to guesses. Just for the heck of it, here's one of the doveconf's I tested with, reproduced here because it's burried in the messages below: # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain ntlm login auth_use_winbind = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = It also won't look up /etc/shadow - Samba is doing the AD->Unix UID > mapping.? Your AD users shouldn't be in there when all is said and > done. If not there, where? Humor me. Give me ONE suggestion to try! --Mark -----Original Message----- > Date: Tue, 08 Sep 2015 21:21:13 -0500 > From: Rick Romero > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > If I had time I would be all over this - but IMHO the main problem is that > Dovecot != Exchange.? Even in small environments - unless I'm out of date, > there's no calendar, tasks or contact lists within Dovecot. > > Your next best best is to use something like Horde that would allow you to > auth via ActiveSync (on Outlook 2013 clients) and manage everything else > that the users will want, with Dovecot as the mail backend. > Though I believe there could be licensing issues if you're looking to do it > for free.? I think, by license, you still need CALs for each ActiveSync > client (if you're in the US). > > Auth-Wise it'd be a whole different animal.? I'm not sure if there's > anything pre-packaged NTLM + Horde - though Apache/PHP/Linux with Samba > would accept the username via GSSAPI and I suppose you could pass that to > HordeAuth. > > I hate Exchange - I have a nagging 45 second delay on OWA logins ever since > I had to setup multiple NICs to get Outlook to stop complaining about > certs, and today while trying to fix that issue, AD decided to stop > replicating one of my trusted domains (and began rejecting auths for linked > mailboxes from that domain) and in short I really just hate that > environment with every fiber of my being and would love to see a decent > free Exchange replacement on *nix. > > Rick > > Quoting Mark Foley : > > > More experimentation ... > > > > I tried removing userdb and passdb from the dovecot NTLM config. That > > didn't > > work. I then tried adding a static userdb as follows: > > > > userdb { > > driver = static > > #? allow_all_users = yes > > args = gid=100 home=/home/HPRS/%n > > } > > > > (Interestingly, when I uncommented "allow_all_users" I got an > "unsupported > > setting" [or something like that], even though that was in there from the > > beginning and is shown in the example wiki > > http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm) > > > > Anyway, in both tests my error messages were the same: > > > > Sep 08 18:38:16 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Sep 08 18:38:16 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Sep 08 18:38:16 auth: Debug: auth client connected (pid=8758) > > Sep 08 18:38:16 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? > > service=imap? ? session=vPWqBUQfeADAqAA6? ? ? lip=192.168.0.2? > > rip=192.168.0.58? ? ? ? lport=143? ? ? ?rport=56184 > > Sep 08 18:38:16 auth: Debug: client passdb out: CONT? ? 1 > > Sep 08 18:38:16 auth: Info: ntlm(?,192.168.0.58,): > > user not authenticated: NT_STATUS_LOGON_FAILURE > > Sep 08 18:38:18 auth: Debug: client passdb out: FAIL? ? 1 > > > > Notice that my userid (mark or mark at ohprs) is nowhere to be found.? > > Whereas when > > I specified the userdb passwd at least it had a user id in the error > > log.? From > > my previous test with userdb passwd amd passdb shadow: > > > > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? > > ??user=mark at hprs? original_user=mark at HPRS > > Sep 05 16:45:19 auth-worker(5498): Debug: > > shadow(mark at hprs,192.168.0.58): lookup > > Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > > unknown user > > Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? > ?998899713 > > > > The "Info: ntml" log entry has ntlm(?,192.168.0.58,), > > whereas > > the previous test "Info shadow" log entry has Info: > > shadow(mark at hprs,192.168.0.58). > > > > Of course I have no passdb specified which is right for NTML ... or is > it? > > > > I feel like this should be obvious to someone familiar with Dovecot. > > Once again, > > it's difficult for me to believe no on on planet Earth (who also happens > > to > > subscribe to this list) had ever done Dovecot/ntlm from Outlook before. > > > > Help!!! If I can't get this last bit sorted out I'll be forced back to > > Server > > 2012 and Exchange. > > > > Thanks, --Mark > > > > -----Original Message----- > > From: Mark Foley > > Date: Mon, 07 Sep 2015 21:28:23 -0400 > > Organization: Ohio Highway Patrol Retirement System > > To: dovecot at dovecot.org > > Subject: Re: How to "Windows Authenticate" > > > > Comments interspersed with yours ... > > > > --Mark > > > > -----Original Message----- > >> Date: Sun, 06 Sep 2015 20:00:11 -0500 > >> From: Rick Romero > >> To: dovecot at dovecot.org > >> Subject: Re: How to "Windows Authenticate" > >> > >> ? Hmm.? I would expect to see 'mark at hprs.com'.? Whatever your full > domain > >> name is. > > > > Full user at domain would be mark at hprs.local > > > >> It also won't look up /etc/shadow - Samba is doing the AD->Unix UID > >> mapping.? Your AD users shouldn't be in there when all is said and > done. > > > > I was thinking this too.? I don't know why NTLM would need a userdb at > > all.? It > > should just use something like ntlm_auth (which is configured in > > auth_winbind_helper). > > > > What if I simply removed the userdb?? What would you recommend for > > userdb, passdb? > > > >> Well, at when I did a Samba4 install as a DC it still behaved like a > >> Samba3 > >> member, and there were no AD users in the local unix passwd files. > >> > >> What does wbinfo -u provide?? It should list all your users - > especially > >> because it's an DC.? Whatever wbinfo -u shows, you may need to adjust > >> another config file to match waht Dovecot is receiving. > > > > $ wbinfo -u > > > > Administrator > > Guest > > krbtgt > > dns-mail > > mark > > sogo > > **arr > > **ress > > **mith > > **nee > > **ris > > **atterson > > **armaine > > **tkeson > > **mmitoh > > > > These are all the AD users (most obfuscated for a bit of security). I am > > testing > > with user mark. > > > >> I assume /etc/nsswitch.conf has been modified to use Samba? > > > > Unless the Samba provision did something to nnswitch, I've done nothing; > > nor > > have I seen anything in the Samba or dovecot wikis suggesting changes.? > > Remember > > also that the Samba4 AD/DC works perfectly with redirected folders and > > users > > logging on to any Windows workstations, and works perfectly with things > > wanting > > "Windows Authentication" like SQLserver, so the "Windows Authentication" > > does > > work at some level.? My /etc/nsswitch.conf is: > > > > passwd:? ? ? ? ?compat > > group:? ? ? ? ? compat > > > > hosts:? ? ? ? ? files dns > > networks:? ? ? ?files > > > > services:? ? ? ?files > > protocols:? ? ? files > > rpc:? ? ? ? ? ? files > > ethers:? ? ? ? ?files > > netmasks:? ? ? ?files > > netgroup:? ? ? ?files > > bootparams:? ? ?files > > > > automount:? ? ? files > > aliases:? ? ? ? files > > > >> Sorry I haven't done this, but it doesn't seem like anyone else has > >> either > >> - so I'm just shooting in the dark here trying to get you steered in the > >> right direction... > >> > >> Rick > > > > Yeah, I can't seem to find a soul on the planet who has actually done > > this. If I > > get it figured out I'll post with a suggestion to Timo to wiki-ize it. > > > > I'm a bit puzzled that no one appears to have done this. I would think > > that a > > Samba4 AD/DC in a office environment with lots of Windows workstations > > running > > Outlook would be about the most common environment there is; especially > > now that > > Small Business Server is no longer sold and Server Essentials does not > > support > > Exchange. What are all the SBS/Exchange/Outlook small businesses doing? > > Limping > > along with SBS2008/11, or putting their email in Outlook.com? Seems like > > the > > Samba4/dovecot/Outlook combo would be an ideal migration. > > > > I appreciate your help. > > > >> Quoting Mark Foley : > >> > >> More info ... > >> > >> My dovecot error log shows: > >> > >> Sep 05 16:45:19 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? > >> service=imap > >> Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ? > >> ?user=mark at hprs? original_user=mark at HPRS > >> Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713? ? ? > >> ?10219? > >> ?1? ? ? ?f56352c207cb8f6dea4d264b2c0f8dc1? ? ? > >> ?session_pid=10220? ? ? > >> ?request_auth_token > >> Sep 05 16:45:19 auth-worker(5498): Debug: > >> shadow(mark at hprs,192.168.0.58): lookup > >> Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > >> unknown user > >> Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ? > >> 998899713 > >> > >> whereas the successful 'plain login' config'ed mechanism (before adding > >> NTLM > >> config) have: > >> > >> Sep 06 20:27:38 auth-worker(18616): Debug: shadow(mark,104.6.249.210): > >> lookup > >> > >> The failed ntlm look-up is looking up user mark at hprs in shadow, which it > >> doesn't > >> find. Is there a way to strip the "@hprs" bit from the user so it can > >> find the > >> correct entry in /etc/shadow? That might fix the problem. > >> > >> --Mark > >> > >> -----Original Message----- > >> From: Mark Foley > >> Date: Sat, 05 Sep 2015 17:12:50 -0400 > >> To: dovecot at dovecot.org > >> Subject: Re: How to "Windows Authenticate" > >> > >> Rick et al, > >> > >> The link you gave was a start, but is targeted for Samba3 and is > >> assuming a > >> probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, > >> and > >> includes setting up kerberos. > >> > >> I'm using a Samba4 AD/DC with integrated kerberos (so I don't think > >> there is any > >> setup I can do there).? Nevertheless I've followed the instructions > >> otherwise; > >> specifically adding to 10-auto.conf the following recommended lines: > >> > >> auth_use_winbind = yes > >> auth_winbind_helper_path = /usr/bin/ntlm_auth > >> mechanisms = plain ntlm login > >> > >> (Before, my 'mechanisms' were only plain and login). /usr/bin/ntlm_auth > >> has > >> global r/w privilege. > >> > >> I did not specify the static userdb since these users are configued in > >> /etc/passwd and I thought that would work; example given in link (could > >> that be > >> an issue?): > >> > >> userdb static { > >> ? args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln > >> ? mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln > >> ? allow_all_users=yes > >> } > >> > >> This didn't work. Also, existing, working Outlook connections using > >> 'logon' > >> (i.e. the userID and PW are configured in Outlook) stopped working. > >> > >> I changed a test Outlook client to check the 'Request login using Secure > >> Password Authentication (SPA)' and also checked: More Settings > > >> Outgoing Server > >> My outgoing server (SMTP) requires authentication' and 'Use same > >> settings as > >> > >> my incoming mail server'.? Note that on the "Change Account" dialog > >> (where the > >> SPA checkbox is) the 'User Name' and 'Password' retained their values > >> and were > >> not grayed out as I would have expected if using AD authentication. > >> > >> After doing the above and clicking 'Test Account Settings' I was > >> re-promted to > >> enter a password - also not expected. At bottom are the Dovecot log > >> message I > >> received after doing the 'Test Account Settings'. > >> > >> Surely, connecting from an Outlook client to Dovecot on a Samba4 AD/DC > >> should be > >> a very common implementation. Has someone done this successfully? > >> > >> Immediately below is my doveconf -n and below that the dovecot log > >> messages. > >> > >> doveconf -n > >> > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain ntlm login > >> auth_use_winbind = yes > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> driver = passwd > >> } > >> verbose_ssl = yes > >> > >> dovecot log after doing 'Test Account Settings' in Outlook: > >> > >> Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be > >> used for ECDH and ECDHE key exchanges > >> Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be > >> used for ECDH and ECDHE key exchanges > >> Sep 05 16:45:19 auth: Debug: auth client connected (pid=10219) > >> Sep 05 16:45:19 auth: Debug: client in: AUTH? ? ? ? 1? ? ? ? > >> NTLM? ? ? ? > >> service=imap? ? ? ? session=HXssGAYf0ADAqAA6? ? ? ? > >> lip=192.168.0.2? ? ? > >> ? rip=192.168.0.58? ? ? ? lport=143? ? ? ? rport=52944 > >> Sep 05 16:45:19 auth: Debug: client passdb out: CONT? ? ? ? 1 > >> Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? ? 1? ? ? > >> ? > >> user=mark at hprs? ? ? ? original_user=mark at HPRS > >> Sep 05 16:45:19 auth: Debug: master in: REQUEST? ? ? ? 998899713? > ? > >> ? ? > >> 10219? ? ? ? 1? ? ? ? f56352c207cb8f6dea4d264b2c0f8dc1? ? ? > ? > >> session_pid=10220? ? ? ? request_auth_token > >> Sep 05 16:45:19 auth-worker(5498): Debug: > >> shadow(mark at hprs,192.168.0.58): lookup > >> Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > >> unknown user > >> Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND? ? ? ? > >> 998899713 > >> Sep 05 16:45:19 imap-login: Info: Internal login failure (pid=10219 > >> id=1) (internal failure, 1 successful auths): user=, > >> method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=10220, > >> session= > >> Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be > >> used for ECDH and ECDHE key exchanges > >> Sep 05 16:46:22 imap-login: Debug: SSL: elliptic curve secp384r1 will be > >> used for ECDH and ECDHE key exchanges > >> Sep 05 16:46:22 auth: Debug: Loading modules from directory: > >> /usr/local/lib/dovecot/auth > >> Sep 05 16:46:22 auth: Debug: Read auth token secret from > >> /usr/local/var/run/dovecot/auth-token-secret.dat > >> Sep 05 16:46:22 auth: Debug: auth client connected (pid=13487) > >> Sep 05 16:46:22 auth: Debug: client in: AUTH? ? ? ? 1? ? ? ? > >> NTLM? ? ? ? > >> service=imap? ? ? ? session=IlvqGwYf0wDAqAA6? ? ? ? > >> lip=192.168.0.2? ? ? > >> ? rip=192.168.0.58? ? ? ? lport=143? ? ? ? rport=52947 > >> Sep 05 16:46:22 auth: Debug: client passdb out: OK? ? ? ? 1? ? ? > >> ? > >> user=mark at hprs? ? ? ? original_user=mark at HPRS > >> Sep 05 16:46:22 auth: Debug: master in: REQUEST? ? ? ? 3030384641? > >> ? ? ? > >> 13487? ? ? ? 1? ? ? ? bac5f6531f9d4c3316f93bd4c4a63ddd? ? ? > ? > >> session_pid=13491? ? ? ? request_auth_token > >> Sep 05 16:46:22 auth-worker(13492): Debug: Loading modules from > >> directory: /usr/local/lib/dovecot/auth > >> Sep 05 16:46:22 auth-worker(13492): Debug: > >> shadow(mark at hprs,192.168.0.58): lookup > >> Sep 05 16:46:22 auth-worker(13492): Info: > >> shadow(mark at hprs,192.168.0.58): unknown user > >> Sep 05 16:46:22 auth: Debug: master userdb out: NOTFOUND? ? ? ? > >> 3030384641 > >> Sep 05 16:46:22 imap-login: Info: Internal login failure (pid=13487 > >> id=1) (internal failure, 1 successful auths): user=, > >> method=NTLM, rip=192.168.0.58, lip=192.168.0.2, mpid=13491, > >> session= > >> > >> Thanks --Mark > >> > >> -----Original Message----- > >> Date: Thu, 03 Sep 2015 06:53:19 -0500 > >> From: Rick Romero > >> To: dovecot at dovecot.org > >> Subject: Re: How to "Windows Authenticate" > >> > >> ? Hi Mark, > >> > >> I haven't done it, but I've played with the scenario enough to have an > >> idea. > >> > >> What you want to do is have Outlook auth via NTLM to Dovecot.? > >> > >> First that means having the machine be a domain member (usually via > >> Samba) > >> in order to properly process NTLM/Kerberos handshake - which it appears > >> you > >> have. > >> Second that means having Dovecot know how to accept NTLM authentication > >> (SPA) to pass to the Samba backend. > >> > >> A 'Dovecot NTLM' search led me here: > >> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > >> > >> What's not on the page that I'd expect to see, are the compile-time > >> requirements for inclucing samba/kerberos libs within Dovecot.? If it > >> doesn't 'just work' with the config changes in the wiki, you may need to > >> recompile with the right features. > >> > >> Also - check the permissions of the ntlm_auth program. That's caused > >> many > >> issues with Radius installs, IIRC. > >> > >> Hope that helps! > >> > >> Rick > >> > >> Quoting Mark Foley : > >> > >> This can't be that hard. I think I've enabled LDAP in Dovecot just by > >> including > >> dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > >> now have > >> the configuration shown below. Two questions: > >> > >> 1. How do I set Outlook to authenticate with LDAP? Currently the Outlook > >> accounts still have the ID and password set in "Logon Information". > >> Checking > >> "Require logon using Secure Password Authentication (SPA)" doesn't work. > >> All I > >> can seem to find on the Internet is how to configure address books using > >> LDAP. > >> > >> 2. Should I remove "passdb { drive = shadow } from the dovecot > >> configuration? > >> > >> Anybody? > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> driver = shadow > >> } > >> passdb { > >> args = /etc/dovecot/dovecot-ldap.conf.ext > >> driver = ldap > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> driver = passwd > >> } > >> userdb { > >> args = /etc/dovecot/dovecot-ldap.conf.ext > >> driver = ldap > >> } > >> verbose_ssl = yes > >> > >> -----Original Message----- > >> From: Mark Foley > >> Date: Wed, 02 Sep 2015 13:31:35 -0400 > >> To: dovecot at dovecot.org > >> Subject: How to "Windows Authenticate" > >> > >> I've been using Dovecot 2.2.15 as the IMAP server for Outlook > >> (2010/2013) on > >> Windows workstations for over 6 months with no problems.? Dovecot is > >> hosted on > >> the office Samba4 AC/DC server. > >> > >> I have been using auth_mechanisms plain login, and passdb driver = > >> shadow. > >> > >> What I'd like to do now is use the "Windows Authenticated" login so I > >> don't have > >> to have separate passwords for users logging into the Windows AD > >> workstations > >> and their Outlook clients. > >> > >> If anyone has actually done this I'd appreciate some tips. My various > >> attempts > >> have not been successful. > >> > >> Here is my current config: > >> > >> $ doveconf -n > >> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > >> # OS: Linux 3.10.17 x86_64 Slackware 14.1 > >> auth_debug_passwords = yes > >> auth_mechanisms = plain login > >> auth_verbose = yes > >> auth_verbose_passwords = plain > >> disable_plaintext_auth = no > >> info_log_path = /var/log/dovecot_info > >> mail_location = maildir:~/Maildir > >> passdb { > >> ? driver = shadow > >> } > >> protocols = imap > >> ssl_cert = >> ssl_key = >> userdb { > >> ? driver = passwd > >> } > >> verbose_ssl = yes > >> > >> Thanks, Mark Foley > >> From mfoley at ohprs.org Thu Sep 10 02:51:54 2015 From: mfoley at ohprs.org (Mark Foley) Date: Wed, 09 Sep 2015 22:51:54 -0400 Subject: My dovecot works fine against Active Directory 2003, but not against AD2008 In-Reply-To: <20150909172234.78693073@eugen.spdev.local> References: <55EEA3B5.1060208@chguadalquivir.es> <20150909172234.78693073@eugen.spdev.local> Message-ID: <201509100251.t8A2psuS025040@mail.hprs.local> Fran and/or Matthias, Could you publish your doveconf -n? I can't get dovecot to authenticate with my AD. Maybe you have a solution I could try. What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8 and are therefore using Outlook? --Mark -----Original Message----- > Date: Wed, 9 Sep 2015 17:22:34 +0200 > From: Matthias Lay > To: Dovecot Mailing List > Subject: Re: My dovecot works fine against Active Directory 2003, but not > against AD2008 > > > hi, > > check your > > /etc/openldap/ldap.conf > > for > > REFERRALS off > > I had this errors with "referrals on" in misconfigured dns environments. > > > you can debug the dns packets by strace-ing the auth process > > > > > On Tue, 8 Sep 2015 11:00:37 +0200 > Fran wrote: > > > Hello, > > > > my dovecot installation has been working fine against AD till we > > upgrade from AD 2003 to AD 2008. As > > http://wiki2.dovecot.org/AuthDatabase/LDAP said, now I'm not able to > > connect AD through 389 port. The port 3268 works fine though. > > > > (...) > > Sep 7 19:02:05 dovecot: imap-login: Error: > > master(imap): Auth request timed out (received 0/12 bytes) > > Sep 7 19:02:05 dovecot: imap-login: Internal login > > failure (pid=4846 id=1) (internal failure, 1 successful auths): > > user=<>, method=PLAIN, rip=, > > lip=, TLS, session= > > (...) > > Sep 7 19:02:06 dovecot: auth: Error: > > ldap(,,): Connection appears > > to be hanging, reconnecting > > Sep 7 19:02:06 dovecot: auth: Error: > > ldap(,,): LDAP search > > returned multiple entries > > (...) > > > > Is there a technical reason for this problem? Does it exist any > > workaround? > > > > The use of Global Catalog (port 3268) is not a solution for me, since > > it misses many attributes. (ex. I use the field "initials" to set the > > quota and this field is not available through port 3268). > > > > I also noticed that, now, it uses any DC available in the domain, it > > doesn't care what I configured in "hosts = " parameter. > > > > This is using "hosts = dc03.domain:389": > > ----------------------------------------------- > > > > [root@ ~]# netstat -anp | grep dovecot | grep auth > > tcp 22 0 :55217 > > :389 ESTABLISHED 4872/dovecot/auth > > tcp 22 0 :57645 > > :389 ESTABLISHED 4872/dovecot/auth > > tcp 0 0 :55216 > > :389 ESTABLISHED 4872/dovecot/auth > > > > It looks like it does a look up for other domains controller (I don't > > know how nor why) and it connect aleatory to any DC in my domain (in > > this case dc06.domain, but it changes any time), additionally to the > > configured one (dc03.domain). > > > > This is using "hosts = dc03.domain:3268": > > ------------------------------------------------ > > [root@ ~]# netstat -anp | grep dovecot | grep auth > > tcp 0 0 :58485 > > :3268 ESTABLISHED 4982/dovecot/auth > > > > In this case, only the configured server in host parameter is used (I > > think this is the right behaviour) > > > > > > Aditional info: > > --------------- > > CentOS Linux release 7.0.1406 (Core) > > > > dovecot 2.2.10 > > > > Build options: ioloop=epoll notify=inotify ipv6 openssl > > io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox > > cydir imapc pop3c raw fail SQL driver plugins: mysql postgresql sqlite > > Passdb: checkpassword ldap pam passwd passwd-file shadow sql > > Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql > > > > > > My /etc/dovecot/dovecot-ldap.conf.ext > > -------------------------------------- > > #hosts = dc03.domain:3268 > > hosts = dc03.domain:389 > > #uris = ldap://dc03.domain > > base = DC=domain > > #tls = yes > > tls = no > > ldap_version = 3 > > auth_bind = yes > > auth_bind_userdn = %u at domain > > #auth_bind_userdn = DOMAIN\%u > > dn = cn=,cn=Users,dc=domain > > dnpass = > > > > #scope = subtree > > #deref = never > > > > user_filter = > > (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) > > pass_filter = > > (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) > > pass_attrs = userPassword=password > > user_attrs = Initials=quota_rule=*:storage=%$MB > > --------------- > > > > > > -------------------------- > > Log trace using PORT 389: > > -------------------------- > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x10, ret=1: before/accept initialization [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: before/accept initialization [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 read client hello A [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write server hello A [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write certificate A [] > > Sep 7 19:00:35 dovecot: auth: Debug: Loading modules > > from directory: /usr/lib64/dovecot/auth > > Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: > > /usr/lib64/dovecot/auth/libdriver_sqlite.so > > Sep 7 19:00:35 dovecot: auth: Debug: Loading modules > > from directory: /usr/lib64/dovecot/auth > > Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: > > /usr/lib64/dovecot/auth/libauthdb_ldap.so > > Sep 7 19:00:35 dovecot: auth: Debug: Read auth token > > secret from /var/run/dovecot/auth-token-secret.dat > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write key exchange A [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write server done A [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 flush data [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2002, ret=-1: SSLv3 read client certificate A [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2002, ret=-1: SSLv3 read client certificate A [] > > Sep 7 19:00:35 dovecot: auth: Debug: auth client > > connected (pid=4846) > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 read client key exchange A [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 read finished A [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write session ticket A [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write change cipher spec A [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write finished A [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 flush data [] > > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > > where=0x20, ret=1: SSL negotiation finished successfully > > [] Sep 7 19:00:35 dovecot: imap-login: > > Debug: SSL: where=0x2002, ret=1: SSL negotiation finished > > successfully [] Sep 7 19:00:35 > > dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap > > secured session=T+grMCsfqgAKHyZV lip= > > rip= lport=993 rport=59818 Sep 7 19:00:35 > > dovecot: auth: Debug: client passdb out: CONT 1 > > Sep 7 19:00:35 dovecot: auth: Debug: client in: CONT > > 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous > > base64 data may contain sensitive data) > > Sep 7 19:00:35 dovecot: auth: Debug: client passdb > > out: OK 1 user= > > Sep 7 19:00:35 dovecot: auth: Debug: master in: > > REQUEST 4142792705 4846 1 > > cb2115241ccfd81959c15122ec062a8b session_pid=4849 > > request_auth_token > > Sep 7 19:00:35 dovecot: auth: Debug: > > ldap(,,): user search: > > base=DC=domain scope=subtree > > filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) > > fields=Initials > > > > Sep 7 19:02:05 dovecot: imap-login: Error: > > master(imap): Auth request timed out (received 0/12 bytes) > > Sep 7 19:02:05 dovecot: imap-login: Internal login > > failure (pid=4846 id=1) (internal failure, 1 successful auths): > > user=<>, method=PLAIN, rip=, > > lip=, TLS, session= > > Sep 7 19:02:05 dovecot: auth: Debug: client in: > > CANCEL 1 > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL alert: > > close notify [] > > Sep 7 19:02:05 dovecot: imap: Error: Login client > > disconnected too early > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > > Sep 7 19:02:05 dovecot: auth: Debug: auth client > > connected (pid=4868) > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x10, ret=1: before/accept initialization [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: before/accept initialization [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 read client hello A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write server hello A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write certificate A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write key exchange A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write server done A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 flush data [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2002, ret=-1: SSLv3 read client certificate A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2002, ret=-1: SSLv3 read client certificate A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 read client key exchange A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 read finished A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write session ticket A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write change cipher spec A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write finished A [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 flush data [] > > Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: > > where=0x20, ret=1: SSL negotiation finished successfully > > [] Sep 7 19:02:05 dovecot: imap-login: > > Debug: SSL: where=0x2002, ret=1: SSL negotiation finished > > successfully [] Sep 7 19:02:06 > > dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap > > secured session=ZjyONSsf6QAKHyZV lip= > > rip= lport=993 rport=59881 Sep 7 19:02:06 > > dovecot: auth: Debug: client passdb out: CONT 1 > > Sep 7 19:02:06 dovecot: auth: Debug: client in: CONT > > 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous > > base64 data may contain sensitive data) > > Sep 7 19:02:06 dovecot: auth: Error: > > ldap(,,): Connection appears > > to be hanging, reconnecting > > Sep 7 19:02:06 dovecot: auth: Error: > > ldap(,,): LDAP search > > returned multiple entries > > > > Sep 7 19:03:10 dovecot: imap: Error: Auth server > > request timed out after 155 secs (client-pid=4846 client-id=1) > > > > Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: > > close notify [] > > Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: > > close notify [] > > > > Sep 7 19:04:36 dovecot: auth: Error: > > PLAIN(,,): Request 4868.1 > > timed out after 150 secs, state=1 > > > > Sep 7 19:05:05 dovecot: imap-login: Disconnected: > > Inactivity during authentication (disconnected while authenticating, > > waited 179 secs): user=<>, method=PLAIN, rip=, > > lip=, TLS, session= > > Sep 7 19:05:05 dovecot: auth: Debug: client in: > > CANCEL > > > > Sep 7 19:06:06 dovecot: auth: > > ldap(,,): Shutting down > > Sep 7 19:06:06 dovecot: auth: Debug: master userdb > > out: FAIL 4142792705 > > Sep 7 19:06:06 dovecot: auth: > > ldap(,,): Shutting down > > Sep 7 19:06:06 dovecot: auth: Debug: client passdb > > out: FAIL 1 user= temp > > > > > > > > > > -------------------------- > > Log trace using PORT 3268: > > -------------------------- > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x10, ret=1: before/accept initialization [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: before/accept initialization [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 read client hello A [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write server hello A [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write certificate A [] > > Sep 7 19:33:07 dovecot: auth: Debug: Loading modules > > from directory: /usr/lib64/dovecot/auth > > Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: > > /usr/lib64/dovecot/auth/libdriver_sqlite.so > > Sep 7 19:33:07 dovecot: auth: Debug: Loading modules > > from directory: /usr/lib64/dovecot/auth > > Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: > > /usr/lib64/dovecot/auth/libauthdb_ldap.so > > Sep 7 19:33:07 dovecot: auth: Debug: Read auth token > > secret from /var/run/dovecot/auth-token-secret.dat > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write key exchange A [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write server done A [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 flush data [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2002, ret=-1: SSLv3 read client certificate A [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2002, ret=-1: SSLv3 read client certificate A [] > > Sep 7 19:33:07 dovecot: auth: Debug: auth client > > connected (pid=4971) > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 read client key exchange A [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 read finished A [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write session ticket A [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write change cipher spec A [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 write finished A [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: SSLv3 flush data [] > > Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: > > where=0x20, ret=1: SSL negotiation finished successfully > > [] Sep 7 19:33:07 dovecot: imap-login: > > Debug: SSL: where=0x2002, ret=1: SSL negotiation finished > > successfully [] Sep 7 19:33:08 > > dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap > > secured session=FAKKpCsf0AAKHyZV lip= > > rip= lport=993 rport=61648 Sep 7 19:33:08 > > dovecot: auth: Debug: client passdb out: CONT 1 > > Sep 7 19:33:08 dovecot: auth: Debug: client in: CONT > > 1 AEN1bWMtNDM2MS0yAGZvcnRpbmV0LjIwMTQ= (previous base64 data may > > contain sensitive data) > > Sep 7 19:33:08 dovecot: auth: Debug: client passdb > > out: OK 1 user= > > Sep 7 19:33:08 dovecot: auth: Debug: master in: > > REQUEST 3261071361 4971 1 > > 4755688f0bdd33a0fadcc5d3b8664e61 session_pid=4974 > > request_auth_token > > Sep 7 19:33:08 dovecot: auth: Debug: > > ldap(,,): user search: > > base=DC=domain scope=subtree > > filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) > > fields=Initials > > > > [Here start the difference between 389 and 3268 ports] > > > > Sep 7 19:33:08 dovecot: auth: Debug: > > ldap(,,): no fields returned > > by the server > > > > [Next line you can see missing attributes, due to I'm using port 3268] > > > > Sep 7 19:33:08 dovecot: auth: Debug: > > ldap(,,): result: Initials > > missing > > Sep 7 19:33:08 dovecot: auth: Debug: master userdb > > out: USER 3261071361 uid=1000 > > gid=1000 home=/home/mailstorage// > > auth_token=9191cdf475600f0a47e185bb65817c0e0f495894 > > Sep 7 19:33:08 dovecot: imap-login: Login: > > user=<>, method=PLAIN, rip=, > > lip=, mpid=4974, TLS, session= > > Sep 7 19:33:08 dovecot: imap: Debug: Loading modules > > from directory: /usr/lib64/dovecot > > Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: > > /usr/lib64/dovecot/lib10_quota_plugin.so > > Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: > > /usr/lib64/dovecot/lib11_imap_quota_plugin.so > > Sep 7 19:33:08 dovecot: imap(): Debug: > > Effective uid=1000, gid=1000, > > home=/home/mailstorage// Sep 7 19:33:08 > > dovecot: imap(): Debug: Quota root: > > name=CuotaUsuario backend=maildir args= Sep 7 19:33:08 > > dovecot: imap(): Debug: Quota rule: > > root=CuotaUsuario mailbox=* bytes=2097152 messages=0 Sep 7 19:33:08 > > dovecot: imap(): Debug: Quota grace: > > root=CuotaUsuario bytes=209715 (10%) Sep 7 19:33:08 > > dovecot: imap(): Debug: Namespace inbox: type=private, > > prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes > > location=maildir:~/Maildir Sep 7 19:33:08 dovecot: > > imap(): Debug: maildir++: > > root=/home/mailstorage///Maildir, index=, > > indexpvt=, control=, > > inbox=/home/mailstorage///Maildir, alt= > From cumc-4361-2 at chguadalquivir.es Thu Sep 10 11:10:57 2015 From: cumc-4361-2 at chguadalquivir.es (Fran) Date: Thu, 10 Sep 2015 13:10:57 +0200 Subject: My dovecot works fine against Active Directory 2003, but not against AD2008 In-Reply-To: <20150909172234.78693073@eugen.spdev.local> References: <55EEA3B5.1060208@chguadalquivir.es> <20150909172234.78693073@eugen.spdev.local> Message-ID: <55F16541.6090202@chguadalquivir.es> Hi Matthias, thank you very much! that fixed the problem. I had workaround the problem by using "base = ou=xxxx, dc=dom", instead of "base = dc=dom" in the dovecot-ldap.conf.ext file, because that also worked (I don't know why, but the problem happen if you use as base just the domain, but not if you add a second level). But that forced to me to use several userdb/passdb blocks definitions, one for each OU in which I have users, so I think that your fix is better. I'm not able to understand the actual reason behind all this though... What's the technical explanation behind this behaviour?? I mean, it seems to be that the problem is that the Domain controller (DC) was sending a "referrals" answer and dovecot auth made a connection to these others DC but something wrong happened (dovecot can't deal correctly with that kind of answers?? I don't know). Anyways, as far as I know: 1) A referral answer should be done by a DC when it can't provide the object that the client are requesting 2) REFERRALS off in ldap.conf means that the client should not follow referrals returned by the DC So, if a referral answer is given from my DC, I think that is because such DC can't provide the object which the client is looking for, so, why works fine just by telling dovecot: "Don't follow referrals"? Regards El 09/09/2015 a las 17:22, Matthias Lay escribi?: > hi, > > check your > > /etc/openldap/ldap.conf > > for > > REFERRALS off > > I had this errors with "referrals on" in misconfigured dns environments. > > > you can debug the dns packets by strace-ing the auth process > > > > > On Tue, 8 Sep 2015 11:00:37 +0200 > Fran wrote: > >> Hello, >> >> my dovecot installation has been working fine against AD till we >> upgrade from AD 2003 to AD 2008. As >> http://wiki2.dovecot.org/AuthDatabase/LDAP said, now I'm not able to >> connect AD through 389 port. The port 3268 works fine though. >> >> (...) >> Sep 7 19:02:05 dovecot: imap-login: Error: >> master(imap): Auth request timed out (received 0/12 bytes) >> Sep 7 19:02:05 dovecot: imap-login: Internal login >> failure (pid=4846 id=1) (internal failure, 1 successful auths): >> user=<>, method=PLAIN, rip=, >> lip=, TLS, session= >> (...) >> Sep 7 19:02:06 dovecot: auth: Error: >> ldap(,,): Connection appears >> to be hanging, reconnecting >> Sep 7 19:02:06 dovecot: auth: Error: >> ldap(,,): LDAP search >> returned multiple entries >> (...) >> >> Is there a technical reason for this problem? Does it exist any >> workaround? >> >> The use of Global Catalog (port 3268) is not a solution for me, since >> it misses many attributes. (ex. I use the field "initials" to set the >> quota and this field is not available through port 3268). >> >> I also noticed that, now, it uses any DC available in the domain, it >> doesn't care what I configured in "hosts = " parameter. >> >> This is using "hosts = dc03.domain:389": >> ----------------------------------------------- >> >> [root@ ~]# netstat -anp | grep dovecot | grep auth >> tcp 22 0 :55217 >> :389 ESTABLISHED 4872/dovecot/auth >> tcp 22 0 :57645 >> :389 ESTABLISHED 4872/dovecot/auth >> tcp 0 0 :55216 >> :389 ESTABLISHED 4872/dovecot/auth >> >> It looks like it does a look up for other domains controller (I don't >> know how nor why) and it connect aleatory to any DC in my domain (in >> this case dc06.domain, but it changes any time), additionally to the >> configured one (dc03.domain). >> >> This is using "hosts = dc03.domain:3268": >> ------------------------------------------------ >> [root@ ~]# netstat -anp | grep dovecot | grep auth >> tcp 0 0 :58485 >> :3268 ESTABLISHED 4982/dovecot/auth >> >> In this case, only the configured server in host parameter is used (I >> think this is the right behaviour) >> >> >> Aditional info: >> --------------- >> CentOS Linux release 7.0.1406 (Core) >> >> dovecot 2.2.10 >> >> Build options: ioloop=epoll notify=inotify ipv6 openssl >> io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox >> cydir imapc pop3c raw fail SQL driver plugins: mysql postgresql sqlite >> Passdb: checkpassword ldap pam passwd passwd-file shadow sql >> Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql >> >> >> My /etc/dovecot/dovecot-ldap.conf.ext >> -------------------------------------- >> #hosts = dc03.domain:3268 >> hosts = dc03.domain:389 >> #uris = ldap://dc03.domain >> base = DC=domain >> #tls = yes >> tls = no >> ldap_version = 3 >> auth_bind = yes >> auth_bind_userdn = %u at domain >> #auth_bind_userdn = DOMAIN\%u >> dn = cn=,cn=Users,dc=domain >> dnpass = >> >> #scope = subtree >> #deref = never >> >> user_filter = >> (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) >> pass_filter = >> (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) >> pass_attrs = userPassword=password >> user_attrs = Initials=quota_rule=*:storage=%$MB >> --------------- >> >> >> -------------------------- >> Log trace using PORT 389: >> -------------------------- >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x10, ret=1: before/accept initialization [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: before/accept initialization [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 read client hello A [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write server hello A [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write certificate A [] >> Sep 7 19:00:35 dovecot: auth: Debug: Loading modules >> from directory: /usr/lib64/dovecot/auth >> Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: >> /usr/lib64/dovecot/auth/libdriver_sqlite.so >> Sep 7 19:00:35 dovecot: auth: Debug: Loading modules >> from directory: /usr/lib64/dovecot/auth >> Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: >> /usr/lib64/dovecot/auth/libauthdb_ldap.so >> Sep 7 19:00:35 dovecot: auth: Debug: Read auth token >> secret from /var/run/dovecot/auth-token-secret.dat >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write key exchange A [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write server done A [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 flush data [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: SSLv3 read client certificate A [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: SSLv3 read client certificate A [] >> Sep 7 19:00:35 dovecot: auth: Debug: auth client >> connected (pid=4846) >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 read client key exchange A [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 read finished A [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write session ticket A [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write change cipher spec A [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write finished A [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 flush data [] >> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >> where=0x20, ret=1: SSL negotiation finished successfully >> [] Sep 7 19:00:35 dovecot: imap-login: >> Debug: SSL: where=0x2002, ret=1: SSL negotiation finished >> successfully [] Sep 7 19:00:35 >> dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap >> secured session=T+grMCsfqgAKHyZV lip= >> rip= lport=993 rport=59818 Sep 7 19:00:35 >> dovecot: auth: Debug: client passdb out: CONT 1 >> Sep 7 19:00:35 dovecot: auth: Debug: client in: CONT >> 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous >> base64 data may contain sensitive data) >> Sep 7 19:00:35 dovecot: auth: Debug: client passdb >> out: OK 1 user= >> Sep 7 19:00:35 dovecot: auth: Debug: master in: >> REQUEST 4142792705 4846 1 >> cb2115241ccfd81959c15122ec062a8b session_pid=4849 >> request_auth_token >> Sep 7 19:00:35 dovecot: auth: Debug: >> ldap(,,): user search: >> base=DC=domain scope=subtree >> filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) >> fields=Initials >> >> Sep 7 19:02:05 dovecot: imap-login: Error: >> master(imap): Auth request timed out (received 0/12 bytes) >> Sep 7 19:02:05 dovecot: imap-login: Internal login >> failure (pid=4846 id=1) (internal failure, 1 successful auths): >> user=<>, method=PLAIN, rip=, >> lip=, TLS, session= >> Sep 7 19:02:05 dovecot: auth: Debug: client in: >> CANCEL 1 >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL alert: >> close notify [] >> Sep 7 19:02:05 dovecot: imap: Error: Login client >> disconnected too early >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >> Sep 7 19:02:05 dovecot: auth: Debug: auth client >> connected (pid=4868) >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x10, ret=1: before/accept initialization [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: before/accept initialization [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 read client hello A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write server hello A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write certificate A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write key exchange A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write server done A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 flush data [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: SSLv3 read client certificate A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: SSLv3 read client certificate A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 read client key exchange A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 read finished A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write session ticket A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write change cipher spec A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write finished A [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 flush data [] >> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >> where=0x20, ret=1: SSL negotiation finished successfully >> [] Sep 7 19:02:05 dovecot: imap-login: >> Debug: SSL: where=0x2002, ret=1: SSL negotiation finished >> successfully [] Sep 7 19:02:06 >> dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap >> secured session=ZjyONSsf6QAKHyZV lip= >> rip= lport=993 rport=59881 Sep 7 19:02:06 >> dovecot: auth: Debug: client passdb out: CONT 1 >> Sep 7 19:02:06 dovecot: auth: Debug: client in: CONT >> 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous >> base64 data may contain sensitive data) >> Sep 7 19:02:06 dovecot: auth: Error: >> ldap(,,): Connection appears >> to be hanging, reconnecting >> Sep 7 19:02:06 dovecot: auth: Error: >> ldap(,,): LDAP search >> returned multiple entries >> >> Sep 7 19:03:10 dovecot: imap: Error: Auth server >> request timed out after 155 secs (client-pid=4846 client-id=1) >> >> Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: >> close notify [] >> Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: >> close notify [] >> >> Sep 7 19:04:36 dovecot: auth: Error: >> PLAIN(,,): Request 4868.1 >> timed out after 150 secs, state=1 >> >> Sep 7 19:05:05 dovecot: imap-login: Disconnected: >> Inactivity during authentication (disconnected while authenticating, >> waited 179 secs): user=<>, method=PLAIN, rip=, >> lip=, TLS, session= >> Sep 7 19:05:05 dovecot: auth: Debug: client in: >> CANCEL >> >> Sep 7 19:06:06 dovecot: auth: >> ldap(,,): Shutting down >> Sep 7 19:06:06 dovecot: auth: Debug: master userdb >> out: FAIL 4142792705 >> Sep 7 19:06:06 dovecot: auth: >> ldap(,,): Shutting down >> Sep 7 19:06:06 dovecot: auth: Debug: client passdb >> out: FAIL 1 user= temp >> >> >> >> >> -------------------------- >> Log trace using PORT 3268: >> -------------------------- >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x10, ret=1: before/accept initialization [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: before/accept initialization [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 read client hello A [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write server hello A [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write certificate A [] >> Sep 7 19:33:07 dovecot: auth: Debug: Loading modules >> from directory: /usr/lib64/dovecot/auth >> Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: >> /usr/lib64/dovecot/auth/libdriver_sqlite.so >> Sep 7 19:33:07 dovecot: auth: Debug: Loading modules >> from directory: /usr/lib64/dovecot/auth >> Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: >> /usr/lib64/dovecot/auth/libauthdb_ldap.so >> Sep 7 19:33:07 dovecot: auth: Debug: Read auth token >> secret from /var/run/dovecot/auth-token-secret.dat >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write key exchange A [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write server done A [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 flush data [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: SSLv3 read client certificate A [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: SSLv3 read client certificate A [] >> Sep 7 19:33:07 dovecot: auth: Debug: auth client >> connected (pid=4971) >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 read client key exchange A [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 read finished A [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write session ticket A [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write change cipher spec A [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 write finished A [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: SSLv3 flush data [] >> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >> where=0x20, ret=1: SSL negotiation finished successfully >> [] Sep 7 19:33:07 dovecot: imap-login: >> Debug: SSL: where=0x2002, ret=1: SSL negotiation finished >> successfully [] Sep 7 19:33:08 >> dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap >> secured session=FAKKpCsf0AAKHyZV lip= >> rip= lport=993 rport=61648 Sep 7 19:33:08 >> dovecot: auth: Debug: client passdb out: CONT 1 >> Sep 7 19:33:08 dovecot: auth: Debug: client in: CONT >> 1 AEN1bWMtNDM2MS0yAGZvcnRpbmV0LjIwMTQ= (previous base64 data may >> contain sensitive data) >> Sep 7 19:33:08 dovecot: auth: Debug: client passdb >> out: OK 1 user= >> Sep 7 19:33:08 dovecot: auth: Debug: master in: >> REQUEST 3261071361 4971 1 >> 4755688f0bdd33a0fadcc5d3b8664e61 session_pid=4974 >> request_auth_token >> Sep 7 19:33:08 dovecot: auth: Debug: >> ldap(,,): user search: >> base=DC=domain scope=subtree >> filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) >> fields=Initials >> >> [Here start the difference between 389 and 3268 ports] >> >> Sep 7 19:33:08 dovecot: auth: Debug: >> ldap(,,): no fields returned >> by the server >> >> [Next line you can see missing attributes, due to I'm using port 3268] >> >> Sep 7 19:33:08 dovecot: auth: Debug: >> ldap(,,): result: Initials >> missing >> Sep 7 19:33:08 dovecot: auth: Debug: master userdb >> out: USER 3261071361 uid=1000 >> gid=1000 home=/home/mailstorage// >> auth_token=9191cdf475600f0a47e185bb65817c0e0f495894 >> Sep 7 19:33:08 dovecot: imap-login: Login: >> user=<>, method=PLAIN, rip=, >> lip=, mpid=4974, TLS, session= >> Sep 7 19:33:08 dovecot: imap: Debug: Loading modules >> from directory: /usr/lib64/dovecot >> Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: >> /usr/lib64/dovecot/lib10_quota_plugin.so >> Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: >> /usr/lib64/dovecot/lib11_imap_quota_plugin.so >> Sep 7 19:33:08 dovecot: imap(): Debug: >> Effective uid=1000, gid=1000, >> home=/home/mailstorage// Sep 7 19:33:08 >> dovecot: imap(): Debug: Quota root: >> name=CuotaUsuario backend=maildir args= Sep 7 19:33:08 >> dovecot: imap(): Debug: Quota rule: >> root=CuotaUsuario mailbox=* bytes=2097152 messages=0 Sep 7 19:33:08 >> dovecot: imap(): Debug: Quota grace: >> root=CuotaUsuario bytes=209715 (10%) Sep 7 19:33:08 >> dovecot: imap(): Debug: Namespace inbox: type=private, >> prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes >> location=maildir:~/Maildir Sep 7 19:33:08 dovecot: >> imap(): Debug: maildir++: >> root=/home/mailstorage///Maildir, index=, >> indexpvt=, control=, >> inbox=/home/mailstorage///Maildir, alt= From cumc-4361-2 at chguadalquivir.es Thu Sep 10 11:26:21 2015 From: cumc-4361-2 at chguadalquivir.es (Fran) Date: Thu, 10 Sep 2015 13:26:21 +0200 Subject: My dovecot works fine against Active Directory 2003, but not against AD2008 In-Reply-To: <201509100251.t8A2psuS025040@mail.hprs.local> References: <55EEA3B5.1060208@chguadalquivir.es> <20150909172234.78693073@eugen.spdev.local> <201509100251.t8A2psuS025040@mail.hprs.local> Message-ID: <55F168DD.6040006@chguadalquivir.es> Hi Mark, when I say AD 2003/8 I mean Active Directory 2003/8. My configuration is attached. I based my installation (dovecot+postfix) in the guides of this site: http://www.linuxmail.info The LDAP part is this: http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/ You can also use PAM to connect to AD (http://www.linuxmail.info/active-directory-dovecot-pam-authentication/) but that way doesn't allow to retrieve custom fields from the AD (ex. a field to set quota per user), so I'm using the standard LDAP method. Regards El 10/09/2015 a las 4:51, Mark Foley escribi?: > Fran and/or Matthias, > > Could you publish your doveconf -n? I can't get dovecot to authenticate with my > AD. Maybe you have a solution I could try. > > What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8 > and are therefore using Outlook? > > --Mark > > -----Original Message----- >> Date: Wed, 9 Sep 2015 17:22:34 +0200 >> From: Matthias Lay >> To: Dovecot Mailing List >> Subject: Re: My dovecot works fine against Active Directory 2003, but not >> against AD2008 >> >> >> hi, >> >> check your >> >> /etc/openldap/ldap.conf >> >> for >> >> REFERRALS off >> >> I had this errors with "referrals on" in misconfigured dns environments. >> >> >> you can debug the dns packets by strace-ing the auth process >> >> >> >> >> On Tue, 8 Sep 2015 11:00:37 +0200 >> Fran wrote: >> >>> Hello, >>> >>> my dovecot installation has been working fine against AD till we >>> upgrade from AD 2003 to AD 2008. As >>> http://wiki2.dovecot.org/AuthDatabase/LDAP said, now I'm not able to >>> connect AD through 389 port. The port 3268 works fine though. >>> >>> (...) >>> Sep 7 19:02:05 dovecot: imap-login: Error: >>> master(imap): Auth request timed out (received 0/12 bytes) >>> Sep 7 19:02:05 dovecot: imap-login: Internal login >>> failure (pid=4846 id=1) (internal failure, 1 successful auths): >>> user=<>, method=PLAIN, rip=, >>> lip=, TLS, session= >>> (...) >>> Sep 7 19:02:06 dovecot: auth: Error: >>> ldap(,,): Connection appears >>> to be hanging, reconnecting >>> Sep 7 19:02:06 dovecot: auth: Error: >>> ldap(,,): LDAP search >>> returned multiple entries >>> (...) >>> >>> Is there a technical reason for this problem? Does it exist any >>> workaround? >>> >>> The use of Global Catalog (port 3268) is not a solution for me, since >>> it misses many attributes. (ex. I use the field "initials" to set the >>> quota and this field is not available through port 3268). >>> >>> I also noticed that, now, it uses any DC available in the domain, it >>> doesn't care what I configured in "hosts = " parameter. >>> >>> This is using "hosts = dc03.domain:389": >>> ----------------------------------------------- >>> >>> [root@ ~]# netstat -anp | grep dovecot | grep auth >>> tcp 22 0 :55217 >>> :389 ESTABLISHED 4872/dovecot/auth >>> tcp 22 0 :57645 >>> :389 ESTABLISHED 4872/dovecot/auth >>> tcp 0 0 :55216 >>> :389 ESTABLISHED 4872/dovecot/auth >>> >>> It looks like it does a look up for other domains controller (I don't >>> know how nor why) and it connect aleatory to any DC in my domain (in >>> this case dc06.domain, but it changes any time), additionally to the >>> configured one (dc03.domain). >>> >>> This is using "hosts = dc03.domain:3268": >>> ------------------------------------------------ >>> [root@ ~]# netstat -anp | grep dovecot | grep auth >>> tcp 0 0 :58485 >>> :3268 ESTABLISHED 4982/dovecot/auth >>> >>> In this case, only the configured server in host parameter is used (I >>> think this is the right behaviour) >>> >>> >>> Aditional info: >>> --------------- >>> CentOS Linux release 7.0.1406 (Core) >>> >>> dovecot 2.2.10 >>> >>> Build options: ioloop=epoll notify=inotify ipv6 openssl >>> io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox >>> cydir imapc pop3c raw fail SQL driver plugins: mysql postgresql sqlite >>> Passdb: checkpassword ldap pam passwd passwd-file shadow sql >>> Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql >>> >>> >>> My /etc/dovecot/dovecot-ldap.conf.ext >>> -------------------------------------- >>> #hosts = dc03.domain:3268 >>> hosts = dc03.domain:389 >>> #uris = ldap://dc03.domain >>> base = DC=domain >>> #tls = yes >>> tls = no >>> ldap_version = 3 >>> auth_bind = yes >>> auth_bind_userdn = %u at domain >>> #auth_bind_userdn = DOMAIN\%u >>> dn = cn=,cn=Users,dc=domain >>> dnpass = >>> >>> #scope = subtree >>> #deref = never >>> >>> user_filter = >>> (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) >>> pass_filter = >>> (&(userPrincipalName=%u at domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) >>> pass_attrs = userPassword=password >>> user_attrs = Initials=quota_rule=*:storage=%$MB >>> --------------- >>> >>> >>> -------------------------- >>> Log trace using PORT 389: >>> -------------------------- >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x10, ret=1: before/accept initialization [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: before/accept initialization [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 read client hello A [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write server hello A [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write certificate A [] >>> Sep 7 19:00:35 dovecot: auth: Debug: Loading modules >>> from directory: /usr/lib64/dovecot/auth >>> Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: >>> /usr/lib64/dovecot/auth/libdriver_sqlite.so >>> Sep 7 19:00:35 dovecot: auth: Debug: Loading modules >>> from directory: /usr/lib64/dovecot/auth >>> Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: >>> /usr/lib64/dovecot/auth/libauthdb_ldap.so >>> Sep 7 19:00:35 dovecot: auth: Debug: Read auth token >>> secret from /var/run/dovecot/auth-token-secret.dat >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write key exchange A [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write server done A [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 flush data [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2002, ret=-1: SSLv3 read client certificate A [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2002, ret=-1: SSLv3 read client certificate A [] >>> Sep 7 19:00:35 dovecot: auth: Debug: auth client >>> connected (pid=4846) >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 read client key exchange A [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 read finished A [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write session ticket A [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write change cipher spec A [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write finished A [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 flush data [] >>> Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: >>> where=0x20, ret=1: SSL negotiation finished successfully >>> [] Sep 7 19:00:35 dovecot: imap-login: >>> Debug: SSL: where=0x2002, ret=1: SSL negotiation finished >>> successfully [] Sep 7 19:00:35 >>> dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap >>> secured session=T+grMCsfqgAKHyZV lip= >>> rip= lport=993 rport=59818 Sep 7 19:00:35 >>> dovecot: auth: Debug: client passdb out: CONT 1 >>> Sep 7 19:00:35 dovecot: auth: Debug: client in: CONT >>> 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous >>> base64 data may contain sensitive data) >>> Sep 7 19:00:35 dovecot: auth: Debug: client passdb >>> out: OK 1 user= >>> Sep 7 19:00:35 dovecot: auth: Debug: master in: >>> REQUEST 4142792705 4846 1 >>> cb2115241ccfd81959c15122ec062a8b session_pid=4849 >>> request_auth_token >>> Sep 7 19:00:35 dovecot: auth: Debug: >>> ldap(,,): user search: >>> base=DC=domain scope=subtree >>> filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) >>> fields=Initials >>> >>> Sep 7 19:02:05 dovecot: imap-login: Error: >>> master(imap): Auth request timed out (received 0/12 bytes) >>> Sep 7 19:02:05 dovecot: imap-login: Internal login >>> failure (pid=4846 id=1) (internal failure, 1 successful auths): >>> user=<>, method=PLAIN, rip=, >>> lip=, TLS, session= >>> Sep 7 19:02:05 dovecot: auth: Debug: client in: >>> CANCEL 1 >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL alert: >>> close notify [] >>> Sep 7 19:02:05 dovecot: imap: Error: Login client >>> disconnected too early >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >>> Sep 7 19:02:05 dovecot: auth: Debug: auth client >>> connected (pid=4868) >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x10, ret=1: before/accept initialization [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: before/accept initialization [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 read client hello A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write server hello A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write certificate A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write key exchange A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write server done A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 flush data [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2002, ret=-1: SSLv3 read client certificate A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2002, ret=-1: SSLv3 read client certificate A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 read client key exchange A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 read finished A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write session ticket A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write change cipher spec A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write finished A [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 flush data [] >>> Sep 7 19:02:05 dovecot: imap-login: Debug: SSL: >>> where=0x20, ret=1: SSL negotiation finished successfully >>> [] Sep 7 19:02:05 dovecot: imap-login: >>> Debug: SSL: where=0x2002, ret=1: SSL negotiation finished >>> successfully [] Sep 7 19:02:06 >>> dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap >>> secured session=ZjyONSsf6QAKHyZV lip= >>> rip= lport=993 rport=59881 Sep 7 19:02:06 >>> dovecot: auth: Debug: client passdb out: CONT 1 >>> Sep 7 19:02:06 dovecot: auth: Debug: client in: CONT >>> 1 AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous >>> base64 data may contain sensitive data) >>> Sep 7 19:02:06 dovecot: auth: Error: >>> ldap(,,): Connection appears >>> to be hanging, reconnecting >>> Sep 7 19:02:06 dovecot: auth: Error: >>> ldap(,,): LDAP search >>> returned multiple entries >>> >>> Sep 7 19:03:10 dovecot: imap: Error: Auth server >>> request timed out after 155 secs (client-pid=4846 client-id=1) >>> >>> Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: >>> close notify [] >>> Sep 7 19:04:18 dovecot: imap-login: Debug: SSL alert: >>> close notify [] >>> >>> Sep 7 19:04:36 dovecot: auth: Error: >>> PLAIN(,,): Request 4868.1 >>> timed out after 150 secs, state=1 >>> >>> Sep 7 19:05:05 dovecot: imap-login: Disconnected: >>> Inactivity during authentication (disconnected while authenticating, >>> waited 179 secs): user=<>, method=PLAIN, rip=, >>> lip=, TLS, session= >>> Sep 7 19:05:05 dovecot: auth: Debug: client in: >>> CANCEL >>> >>> Sep 7 19:06:06 dovecot: auth: >>> ldap(,,): Shutting down >>> Sep 7 19:06:06 dovecot: auth: Debug: master userdb >>> out: FAIL 4142792705 >>> Sep 7 19:06:06 dovecot: auth: >>> ldap(,,): Shutting down >>> Sep 7 19:06:06 dovecot: auth: Debug: client passdb >>> out: FAIL 1 user= temp >>> >>> >>> >>> >>> -------------------------- >>> Log trace using PORT 3268: >>> -------------------------- >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x10, ret=1: before/accept initialization [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: before/accept initialization [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 read client hello A [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write server hello A [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write certificate A [] >>> Sep 7 19:33:07 dovecot: auth: Debug: Loading modules >>> from directory: /usr/lib64/dovecot/auth >>> Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: >>> /usr/lib64/dovecot/auth/libdriver_sqlite.so >>> Sep 7 19:33:07 dovecot: auth: Debug: Loading modules >>> from directory: /usr/lib64/dovecot/auth >>> Sep 7 19:33:07 dovecot: auth: Debug: Module loaded: >>> /usr/lib64/dovecot/auth/libauthdb_ldap.so >>> Sep 7 19:33:07 dovecot: auth: Debug: Read auth token >>> secret from /var/run/dovecot/auth-token-secret.dat >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write key exchange A [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write server done A [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 flush data [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2002, ret=-1: SSLv3 read client certificate A [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2002, ret=-1: SSLv3 read client certificate A [] >>> Sep 7 19:33:07 dovecot: auth: Debug: auth client >>> connected (pid=4971) >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 read client key exchange A [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 read finished A [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write session ticket A [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write change cipher spec A [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 write finished A [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x2001, ret=1: SSLv3 flush data [] >>> Sep 7 19:33:07 dovecot: imap-login: Debug: SSL: >>> where=0x20, ret=1: SSL negotiation finished successfully >>> [] Sep 7 19:33:07 dovecot: imap-login: >>> Debug: SSL: where=0x2002, ret=1: SSL negotiation finished >>> successfully [] Sep 7 19:33:08 >>> dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap >>> secured session=FAKKpCsf0AAKHyZV lip= >>> rip= lport=993 rport=61648 Sep 7 19:33:08 >>> dovecot: auth: Debug: client passdb out: CONT 1 >>> Sep 7 19:33:08 dovecot: auth: Debug: client in: CONT >>> 1 AEN1bWMtNDM2MS0yAGZvcnRpbmV0LjIwMTQ= (previous base64 data may >>> contain sensitive data) >>> Sep 7 19:33:08 dovecot: auth: Debug: client passdb >>> out: OK 1 user= >>> Sep 7 19:33:08 dovecot: auth: Debug: master in: >>> REQUEST 3261071361 4971 1 >>> 4755688f0bdd33a0fadcc5d3b8664e61 session_pid=4974 >>> request_auth_token >>> Sep 7 19:33:08 dovecot: auth: Debug: >>> ldap(,,): user search: >>> base=DC=domain scope=subtree >>> filter=(&(userPrincipalName=@domain)(objectClass=person)(|(mail=@)(othermailbox=@))) >>> fields=Initials >>> >>> [Here start the difference between 389 and 3268 ports] >>> >>> Sep 7 19:33:08 dovecot: auth: Debug: >>> ldap(,,): no fields returned >>> by the server >>> >>> [Next line you can see missing attributes, due to I'm using port 3268] >>> >>> Sep 7 19:33:08 dovecot: auth: Debug: >>> ldap(,,): result: Initials >>> missing >>> Sep 7 19:33:08 dovecot: auth: Debug: master userdb >>> out: USER 3261071361 uid=1000 >>> gid=1000 home=/home/mailstorage// >>> auth_token=9191cdf475600f0a47e185bb65817c0e0f495894 >>> Sep 7 19:33:08 dovecot: imap-login: Login: >>> user=<>, method=PLAIN, rip=, >>> lip=, mpid=4974, TLS, session= >>> Sep 7 19:33:08 dovecot: imap: Debug: Loading modules >>> from directory: /usr/lib64/dovecot >>> Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: >>> /usr/lib64/dovecot/lib10_quota_plugin.so >>> Sep 7 19:33:08 dovecot: imap: Debug: Module loaded: >>> /usr/lib64/dovecot/lib11_imap_quota_plugin.so >>> Sep 7 19:33:08 dovecot: imap(): Debug: >>> Effective uid=1000, gid=1000, >>> home=/home/mailstorage// Sep 7 19:33:08 >>> dovecot: imap(): Debug: Quota root: >>> name=CuotaUsuario backend=maildir args= Sep 7 19:33:08 >>> dovecot: imap(): Debug: Quota rule: >>> root=CuotaUsuario mailbox=* bytes=2097152 messages=0 Sep 7 19:33:08 >>> dovecot: imap(): Debug: Quota grace: >>> root=CuotaUsuario bytes=209715 (10%) Sep 7 19:33:08 >>> dovecot: imap(): Debug: Namespace inbox: type=private, >>> prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes >>> location=maildir:~/Maildir Sep 7 19:33:08 dovecot: >>> imap(): Debug: maildir++: >>> root=/home/mailstorage///Maildir, index=, >>> indexpvt=, control=, >>> inbox=/home/mailstorage///Maildir, alt= -- Fran M?rquez Servicio de Inform?tica - Sistemas y Comunicaciones Confederaci?n Hidrogr?fica del Guadalquivir Tel.: 955.637.616 E-mail: cumc-4361-2 at chguadalquivir.es www.chguadalquivir.es -------------- next part -------------- hosts = dc03.dom dc04.dom dc05.dom base = dc=dom ldap_version = 3 scope = subtree deref = never debug_level = -1 auth_bind = yes auth_bind_userdn = %n at dom dn = cn=user_for_bind,cn=Users,dc=dom dnpass = ************ user_filter = (&(userPrincipalName=%u at dom)(objectClass=person)(|(mail=%u at name.dom)(othermailbox=%u at name.dom))) user_attrs = quotaFieldAD=quota_rule=*:storage=%$MB pass_filter = (&(userPrincipalName=%u at dom)(objectClass=person)(|(mail=%u at name.dom)(othermailbox=%u at name.dom))) pass_attrs = userPassword=password -------------- next part -------------- # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-229.11.1.el7.x86_64 x86_64 CentOS Linux release 7.1.1503 (Core) auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = plain mail_debug = yes mail_gid = vmail mail_home = /home/vmail/name.dom/%Lu mail_location = maildir:~/Maildir mail_plugins = " quota" mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = maildir:UserQuote quota_exceeded_message = Quota exceeded, please go to http://www.example.com/over_quota_help for instructions on how to fix this. quota_grace = 10%% quota_rule = *:storage=2MB quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 37555 } } ssl = required ssl_cert = References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> <201509082311.t88NB963021145@mail.hprs.local> <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> <201509100247.t8A2lE98017371@mail.hprs.local> Message-ID: <20150910082715.Horde.jucYEJDsiBuzj6iP1IBedA1@www.vfemail.net> Quoting Mark Foley : > Rick, > > Samba4 AD/DC and Dovecot work perfectly for everything including access > from > SmartPhones.? I've got roaming domain logins, redirected folders, > calendars and > contacts work just fine with Outlook and WebDav for sharing calendars; > don't > need them in Dovecot.? > ? Do you have that documented somewhere?? I would love to see how that's done. > For the most part, Outlook users can't tell they are not > still on Exchange ...? except they have to maintain their Outlook password > distinct from their Windows password.? Which is their one HUGE issue. > > My absolutely LAST issue with totally duplicating SBS/Exchange > functionality on > Samba4/Dovecot is getting Dovecot to authenticate with Outlook clients > using > Windows Authentication which, as I understand things, can supposedly be > done > with NTLM.? I just can't get it to work.? I think a heck of a lot if > Windows > [SB]Server shops would convert to Samba4/Dovecot if someone figured out > how to > do this. > > My Dovecot log messages make it look close to working: > > Sep 05 16:45:19 auth-worker(5498): Debug: > shadow(mark at hprs,192.168.0.58): lookup > Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > unknown user > > Dovecot gets the user as" mark at hprs" instead of "mark" and therefore > can't find > it in the userdb. > > I can find no Dovecot wiki on this. If Dovecot just can't authenticate > this way > can someone (Timo?) tell me so and I'll cease my 8 month quest. These are two http://wiki2.dovecot.org/Authentication/Kerberos http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm As I understand it, NTLM is a layer above Kerberos.? I don't see either referenced similarly to either wiki pages in the pasted config... > Otherwise, what should I have for a userdb? What should I have for a > passdb? Can > I parse the "@hprs" bit off the userId received by Dovecot? These seem > to be my > hang-ups.? At this point, I'm open to guesses. > > Just for the heck of it, here's one of the doveconf's I tested with, > reproduced > here because it's burried in the messages below: > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > auth_debug_passwords = yes > auth_mechanisms = plain ntlm login > auth_use_winbind = yes > auth_verbose = yes > auth_verbose_passwords = plain > disable_plaintext_auth = no > info_log_path = /var/log/dovecot_info > mail_location = maildir:~/Maildir > passdb { > driver = shadow > } > protocols = imap > ssl_cert = ssl_key = userdb { > driver = passwd > } > verbose_ssl = yes > > And wbinfo (requested by you in an earlier message) showing some of the > Domain > users (I'm testing with mark): > > $ wbinfo -u > Administrator > Guest > krbtgt > dns-mail > mark > sogo > (more) > > You wrote: > >> It also won't look up /etc/shadow - Samba is doing the AD->Unix UID >> mapping.? Your AD users shouldn't be in there when all is said and >> done. > > If not there, where? Samba handles the idmap. The pasted config looks like a local shadow lookup. Though I don't think that resolves the user at domain uid 'issue'..? Maybe Samba/NTLM/Kerberos will just recognize the domain and take care of it ? In any case, side note -? I wrote a webapp a while ago in PHP, and I have 3 domains in a Trust and the user's browser sends their auth info to an Apache server using Kerberos auth.? It looks like what you're seeing, based on my code - 'user at domain' is normal: $authusername = $_SERVER["PHP_AUTH_USER"]; if ( stristr($authusername,"@")) { ??????? $auth_ar = explode("@",$authusername) ; // So receiving user at domain is at least to be expected. I don't know what Dovecot would do with that domain info...? I would probably work on doing AD auth on another package first - maybe ssh or PureFTPd - then come back to Dovecot - but also review the two auth options I linked above if you didn't get my mail the first time. I CCd you directly, because I swear I provided the NTLM wiki page before, and maybe my mail got dropped. Rick > Humor me. Give me ONE suggestion to try! > --Mark > ? From matthias.lay at securepoint.de Thu Sep 10 13:40:47 2015 From: matthias.lay at securepoint.de (Matthias Lay) Date: Thu, 10 Sep 2015 15:40:47 +0200 Subject: My dovecot works fine against Active Directory 2003, but not against AD2008 In-Reply-To: <55F16541.6090202@chguadalquivir.es> References: <55EEA3B5.1060208@chguadalquivir.es> <20150909172234.78693073@eugen.spdev.local> <55F16541.6090202@chguadalquivir.es> Message-ID: <20150910154047.63565528@eugen.spdev.local> Hi Fran, this is not a dovecot problem, thats a pure dns problem and can only be fixed in your dns environment. referrals are propagated in a "special" dns design in SRV records. so the ldap client performs a dns lookup for this names and this is the point of hanging (as in most "hanging cases", its dns). see: https://technet.microsoft.com/en-us/library/cc978014.aspx https://technet.microsoft.com/en-us/library/cc961719.aspx http://www.mail-archive.com/cas at tp.its.yale.edu/msg00797.html for information. Greetz Matze On Thu, 10 Sep 2015 13:10:57 +0200 Fran wrote: > Hi Matthias, > > thank you very much! that fixed the problem. > > I had workaround the problem by using "base = ou=xxxx, dc=dom", > instead of "base = dc=dom" in the dovecot-ldap.conf.ext file, because > that also worked (I don't know why, but the problem happen if you use > as base just the domain, but not if you add a second level). But that > forced to me to use several userdb/passdb blocks definitions, one for > each OU in which I have users, so I think that your fix is better. > > I'm not able to understand the actual reason behind all this though... > > What's the technical explanation behind this behaviour?? I mean, it > seems to be that the problem is that the Domain controller (DC) was > sending a "referrals" answer and dovecot auth made a connection to > these others DC but something wrong happened (dovecot can't deal > correctly with that kind of answers?? I don't know). > > Anyways, as far as I know: > > 1) A referral answer should be done by a DC when it can't provide the > object that the client are requesting > 2) REFERRALS off in ldap.conf means that the client should not follow > referrals returned by the DC > > So, if a referral answer is given from my DC, I think that is because > such DC can't provide the object which the client is looking for, so, > why works fine just by telling dovecot: "Don't follow referrals"? > > Regards > > > > El 09/09/2015 a las 17:22, Matthias Lay escribi?: > > hi, > > > > check your > > > > /etc/openldap/ldap.conf > > > > for > > > > REFERRALS off > > > > I had this errors with "referrals on" in misconfigured dns > > environments. > > > > > > you can debug the dns packets by strace-ing the auth process > > > > > > > > > > On Tue, 8 Sep 2015 11:00:37 +0200 From cumc-4361-2 at chguadalquivir.es Thu Sep 10 15:14:40 2015 From: cumc-4361-2 at chguadalquivir.es (Fran) Date: Thu, 10 Sep 2015 17:14:40 +0200 Subject: My dovecot works fine against Active Directory 2003, but not against AD2008 In-Reply-To: <20150910154047.63565528@eugen.spdev.local> References: <55EEA3B5.1060208@chguadalquivir.es> <20150909172234.78693073@eugen.spdev.local> <55F16541.6090202@chguadalquivir.es> <20150910154047.63565528@eugen.spdev.local> Message-ID: <55F19E60.6060909@chguadalquivir.es> Thank again for the solution and for the explanation. Fran El 10/09/2015 a las 15:40, Matthias Lay escribi?: > Hi Fran, > > > this is not a dovecot problem, thats a pure dns problem and can only > be fixed in your dns environment. > > > referrals are propagated in a "special" dns design in SRV records. > so the ldap client performs a dns lookup for this names and this is the > point of hanging (as in most "hanging cases", its dns). > > see: > https://technet.microsoft.com/en-us/library/cc978014.aspx > https://technet.microsoft.com/en-us/library/cc961719.aspx > http://www.mail-archive.com/cas at tp.its.yale.edu/msg00797.html > > for information. > > > Greetz Matze > > > > > On Thu, 10 Sep 2015 13:10:57 +0200 > Fran wrote: > >> Hi Matthias, >> >> thank you very much! that fixed the problem. >> >> I had workaround the problem by using "base = ou=xxxx, dc=dom", >> instead of "base = dc=dom" in the dovecot-ldap.conf.ext file, because >> that also worked (I don't know why, but the problem happen if you use >> as base just the domain, but not if you add a second level). But that >> forced to me to use several userdb/passdb blocks definitions, one for >> each OU in which I have users, so I think that your fix is better. >> >> I'm not able to understand the actual reason behind all this though... >> >> What's the technical explanation behind this behaviour?? I mean, it >> seems to be that the problem is that the Domain controller (DC) was >> sending a "referrals" answer and dovecot auth made a connection to >> these others DC but something wrong happened (dovecot can't deal >> correctly with that kind of answers?? I don't know). >> >> Anyways, as far as I know: >> >> 1) A referral answer should be done by a DC when it can't provide the >> object that the client are requesting >> 2) REFERRALS off in ldap.conf means that the client should not follow >> referrals returned by the DC >> >> So, if a referral answer is given from my DC, I think that is because >> such DC can't provide the object which the client is looking for, so, >> why works fine just by telling dovecot: "Don't follow referrals"? >> >> Regards >> >> >> >> El 09/09/2015 a las 17:22, Matthias Lay escribi?: >>> hi, >>> >>> check your >>> >>> /etc/openldap/ldap.conf >>> >>> for >>> >>> REFERRALS off >>> >>> I had this errors with "referrals on" in misconfigured dns >>> environments. >>> >>> >>> you can debug the dns packets by strace-ing the auth process >>> >>> >>> >>> >>> On Tue, 8 Sep 2015 11:00:37 +0200 From asaldanha at infolink.com.br Thu Sep 10 18:02:13 2015 From: asaldanha at infolink.com.br (Alfredo Saldanha) Date: Thu, 10 Sep 2015 15:02:13 -0300 (BRT) Subject: Message moved to Spam folder mysteriously Message-ID: <1728052343.563142.1441908133450.JavaMail.zimbra@corp.infolink.com.br> Hi there, How dovecot move the message to Spam without antispam plugin installed or sieve rule to move to this folder? I have no configuration to do this. My logs: Sep 10 12:12:44 mda02 dovecot: imap(my.user at mydomain.com): Warning: Inotify instance limit for user 5000 (UID vmail) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances Sep 10 12:12:45 mda02 dovecot: imap(my.user at mydomain.com): copy from INBOX: box=Spam, uid=134, msgid=<466c888b2179f7e2c0fc74b186396785 at mydomain.com>, size=2838 Sep 10 12:12:45 mda02 dovecot: imap(my.user at mydomain.com): expunge: box=INBOX, uid=826, msgid=<466c888b2179f7e2c0fc74b186396785 at mydomain.com>, size=2838 I don't have any client connected at the imap server in this time. Some tip? BR, Alfredo From larryrtx at gmail.com Thu Sep 10 18:04:38 2015 From: larryrtx at gmail.com (Larry Rosenman) Date: Thu, 10 Sep 2015 13:04:38 -0500 Subject: Message moved to Spam folder mysteriously In-Reply-To: <1728052343.563142.1441908133450.JavaMail.zimbra@corp.infolink.com.br> References: <1728052343.563142.1441908133450.JavaMail.zimbra@corp.infolink.com.br> Message-ID: Do you have SIeve(pigeonhole) with rules? Or an Anti-Spam proxy in front of Dovecot? On Thu, Sep 10, 2015 at 1:02 PM, Alfredo Saldanha wrote: > Hi there, > > How dovecot move the message to Spam without antispam plugin installed or > sieve rule to move to this folder? > I have no configuration to do this. > > My logs: > Sep 10 12:12:44 mda02 dovecot: imap(my.user at mydomain.com): Warning: > Inotify instance limit for user 5000 (UID vmail) exceeded, disabling. > Increase /proc/sys/fs/inotify/max_user_instances > Sep 10 12:12:45 mda02 dovecot: imap(my.user at mydomain.com): copy from > INBOX: box=Spam, uid=134, msgid=< > 466c888b2179f7e2c0fc74b186396785 at mydomain.com>, size=2838 > Sep 10 12:12:45 mda02 dovecot: imap(my.user at mydomain.com): expunge: > box=INBOX, uid=826, msgid=<466c888b2179f7e2c0fc74b186396785 at mydomain.com>, > size=2838 > > I don't have any client connected at the imap server in this time. > > Some tip? > > BR, > > Alfredo > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 From larryrtx at gmail.com Thu Sep 10 18:05:43 2015 From: larryrtx at gmail.com (Larry Rosenman) Date: Thu, 10 Sep 2015 13:05:43 -0500 Subject: Is it a bug when you move mail between namespaces.... In-Reply-To: References: <55EE08F9.9030409@iki.fi> <24064A82-CAF8-412A-9B98-1BF5C5508329@iki.fi> Message-ID: Is there a fix coming for this, Timo? Or is it a longer term issue? On Mon, Sep 7, 2015 at 5:23 PM, Larry Rosenman wrote: > It doesn't in my current 2.2.18 setup with the config I posted. > > > On Mon, Sep 7, 2015 at 5:22 PM, Timo Sirainen wrote: > >> It should. >> >> On 08 Sep 2015, at 01:01, Larry Rosenman wrote: >> >> should fts_autoindex handle that case? >> >> >> On Mon, Sep 7, 2015 at 5:00 PM, Timo Sirainen wrote: >> >>> On 09/08/2015 12:56 AM, Larry Rosenman wrote: >>> > that the fts data gets lost? >>> >>> All full text search backends are now implemented so that if you >>> copy/move mails, the mails need to be indexed again the destination >>> folder. >>> >>> Alternative would be to index mails only with their GUIDs and have a >>> GUID => { folder GUID, IMAP UID } mapping and filter the mails based on >>> that. But such reverse index doesn't exist quite yet. >>> >> >> >> >> -- >> Larry Rosenman http://www.lerctr.org/~ler >> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 >> >> >> > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 From tss at iki.fi Thu Sep 10 18:22:16 2015 From: tss at iki.fi (Timo Sirainen) Date: Thu, 10 Sep 2015 21:22:16 +0300 Subject: Is it a bug when you move mail between namespaces.... In-Reply-To: References: <55EE08F9.9030409@iki.fi> <24064A82-CAF8-412A-9B98-1BF5C5508329@iki.fi> Message-ID: <65461F61-7AE6-4EEE-BFB9-1B6407B2D437@iki.fi> It works for me. I don't know why it wouldn't work for you. Looking at the autoindexing code I don't see how it could be possible that it works for saving but not copying. > On 10 Sep 2015, at 21:05, Larry Rosenman wrote: > > Is there a fix coming for this, Timo? Or is it a longer term issue? > > On Mon, Sep 7, 2015 at 5:23 PM, Larry Rosenman > wrote: > It doesn't in my current 2.2.18 setup with the config I posted. > > > On Mon, Sep 7, 2015 at 5:22 PM, Timo Sirainen > wrote: > It should. > >> On 08 Sep 2015, at 01:01, Larry Rosenman > wrote: >> >> should fts_autoindex handle that case? >> >> >> On Mon, Sep 7, 2015 at 5:00 PM, Timo Sirainen > wrote: >> On 09/08/2015 12:56 AM, Larry Rosenman wrote: >> > that the fts data gets lost? >> >> All full text search backends are now implemented so that if you >> copy/move mails, the mails need to be indexed again the destination folder. >> >> Alternative would be to index mails only with their GUIDs and have a >> GUID => { folder GUID, IMAP UID } mapping and filter the mails based on >> that. But such reverse index doesn't exist quite yet. >> >> >> >> -- >> Larry Rosenman http://www.lerctr.org/~ler >> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 > > > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 > > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 From larryrtx at gmail.com Thu Sep 10 18:24:44 2015 From: larryrtx at gmail.com (Larry Rosenman) Date: Thu, 10 Sep 2015 13:24:44 -0500 Subject: Is it a bug when you move mail between namespaces.... In-Reply-To: <65461F61-7AE6-4EEE-BFB9-1B6407B2D437@iki.fi> References: <55EE08F9.9030409@iki.fi> <24064A82-CAF8-412A-9B98-1BF5C5508329@iki.fi> <65461F61-7AE6-4EEE-BFB9-1B6407B2D437@iki.fi> Message-ID: my monthly archive script does: echo `date` start ${i} doveadm mailbox create \#ARCHIVE/${YEAR_LAST_MONTH}/${i} doveadm -f tab mailbox status messages ${i} doveadm move \#ARCHIVE/${YEAR_LAST_MONTH}/${i} mailbox \ ${i} BEFORE ${TODAY} SINCE ${FIRST_LAST_MONTH} doveadm -f tab mailbox status messages ${i} echo `date` done ${i} for each mailbox that has >= 1 message in it. so on the move, the fts data gets lost / deleted. On Thu, Sep 10, 2015 at 1:22 PM, Timo Sirainen wrote: > It works for me. I don't know why it wouldn't work for you. Looking at the > autoindexing code I don't see how it could be possible that it works for > saving but not copying. > > On 10 Sep 2015, at 21:05, Larry Rosenman wrote: > > Is there a fix coming for this, Timo? Or is it a longer term issue? > > On Mon, Sep 7, 2015 at 5:23 PM, Larry Rosenman wrote: > >> It doesn't in my current 2.2.18 setup with the config I posted. >> >> >> On Mon, Sep 7, 2015 at 5:22 PM, Timo Sirainen wrote: >> >>> It should. >>> >>> On 08 Sep 2015, at 01:01, Larry Rosenman wrote: >>> >>> should fts_autoindex handle that case? >>> >>> >>> On Mon, Sep 7, 2015 at 5:00 PM, Timo Sirainen wrote: >>> >>>> On 09/08/2015 12:56 AM, Larry Rosenman wrote: >>>> > that the fts data gets lost? >>>> >>>> All full text search backends are now implemented so that if you >>>> copy/move mails, the mails need to be indexed again the destination >>>> folder. >>>> >>>> Alternative would be to index mails only with their GUIDs and have a >>>> GUID => { folder GUID, IMAP UID } mapping and filter the mails based on >>>> that. But such reverse index doesn't exist quite yet. >>>> >>> >>> >>> >>> -- >>> Larry Rosenman http://www.lerctr.org/~ler >>> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >>> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 >>> >>> >>> >> >> >> -- >> Larry Rosenman http://www.lerctr.org/~ler >> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 >> > > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 > > > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 From rs at sys4.de Thu Sep 10 18:48:47 2015 From: rs at sys4.de (Robert Schetterer) Date: Thu, 10 Sep 2015 20:48:47 +0200 Subject: Message moved to Spam folder mysteriously In-Reply-To: <1728052343.563142.1441908133450.JavaMail.zimbra@corp.infolink.com.br> References: <1728052343.563142.1441908133450.JavaMail.zimbra@corp.infolink.com.br> Message-ID: <55F1D08F.3070702@sys4.de> Am 10.09.2015 um 20:02 schrieb Alfredo Saldanha: > Hi there, > > How dovecot move the message to Spam without antispam plugin installed or sieve rule to move to this folder? > I have no configuration to do this. > > My logs: > Sep 10 12:12:44 mda02 dovecot: imap(my.user at mydomain.com): Warning: Inotify instance limit for user 5000 (UID vmail) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances > Sep 10 12:12:45 mda02 dovecot: imap(my.user at mydomain.com): copy from INBOX: box=Spam, uid=134, msgid=<466c888b2179f7e2c0fc74b186396785 at mydomain.com>, size=2838 > Sep 10 12:12:45 mda02 dovecot: imap(my.user at mydomain.com): expunge: box=INBOX, uid=826, msgid=<466c888b2179f7e2c0fc74b186396785 at mydomain.com>, size=2838 > > I don't have any client connected at the imap server in this time. Double check this, usally i.e Thunderbird use its only antispam solution to move mails into spam folder if they exist and configured > > Some tip? > > BR, > > Alfredo > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From asaldanha at infolink.com.br Thu Sep 10 21:29:54 2015 From: asaldanha at infolink.com.br (Alfredo Saldanha) Date: Thu, 10 Sep 2015 18:29:54 -0300 (BRT) Subject: Message moved to Spam folder mysteriously In-Reply-To: <85821809.1180134.1441920544862.JavaMail.zimbra@corp.infolink.com.br> References: <1728052343.563142.1441908133450.JavaMail.zimbra@corp.infolink.com.br> Message-ID: <1039185188.1183259.1441920594146.JavaMail.zimbra@corp.infolink.com.br> Hi Larry, I have nothing. ----- Mensagem original ----- De: "Larry Rosenman" Para: "Alfredo Saldanha" Cc: "Dovecot Mailing List" Enviadas: Quinta-feira, 10 de setembro de 2015 15:04:38 Assunto: Re: Message moved to Spam folder mysteriously Do you have SIeve(pigeonhole) with rules? Or an Anti-Spam proxy in front of Dovecot? On Thu, Sep 10, 2015 at 1:02 PM, Alfredo Saldanha < asaldanha at infolink.com.br > wrote: Hi there, How dovecot move the message to Spam without antispam plugin installed or sieve rule to move to this folder? I have no configuration to do this. My logs: Sep 10 12:12:44 mda02 dovecot: imap( my.user at mydomain.com ): Warning: Inotify instance limit for user 5000 (UID vmail) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances Sep 10 12:12:45 mda02 dovecot: imap( my.user at mydomain.com ): copy from INBOX: box=Spam, uid=134, msgid=< 466c888b2179f7e2c0fc74b186396785 at mydomain.com >, size=2838 Sep 10 12:12:45 mda02 dovecot: imap( my.user at mydomain.com ): expunge: box=INBOX, uid=826, msgid=< 466c888b2179f7e2c0fc74b186396785 at mydomain.com >, size=2838 I don't have any client connected at the imap server in this time. Some tip? BR, Alfredo -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 From asaldanha at infolink.com.br Thu Sep 10 21:34:10 2015 From: asaldanha at infolink.com.br (Alfredo Saldanha) Date: Thu, 10 Sep 2015 18:34:10 -0300 (BRT) Subject: Message moved to Spam folder mysteriously In-Reply-To: <1667563581.1198288.1441920845922.JavaMail.zimbra@corp.infolink.com.br> References: <1728052343.563142.1441908133450.JavaMail.zimbra@corp.infolink.com.br> <55F1D08F.3070702@sys4.de> Message-ID: <1990679535.1198547.1441920850493.JavaMail.zimbra@corp.infolink.com.br> Hello Robert, I've checked, there is no client connected according my imap logs. So weird. ----- Mensagem original ----- De: "Robert Schetterer" Para: dovecot at dovecot.org Enviadas: Quinta-feira, 10 de setembro de 2015 15:48:47 Assunto: Re: Message moved to Spam folder mysteriously Am 10.09.2015 um 20:02 schrieb Alfredo Saldanha: > Hi there, > > How dovecot move the message to Spam without antispam plugin installed or sieve rule to move to this folder? > I have no configuration to do this. > > My logs: > Sep 10 12:12:44 mda02 dovecot: imap(my.user at mydomain.com): Warning: Inotify instance limit for user 5000 (UID vmail) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances > Sep 10 12:12:45 mda02 dovecot: imap(my.user at mydomain.com): copy from INBOX: box=Spam, uid=134, msgid=<466c888b2179f7e2c0fc74b186396785 at mydomain.com>, size=2838 > Sep 10 12:12:45 mda02 dovecot: imap(my.user at mydomain.com): expunge: box=INBOX, uid=826, msgid=<466c888b2179f7e2c0fc74b186396785 at mydomain.com>, size=2838 > > I don't have any client connected at the imap server in this time. Double check this, usally i.e Thunderbird use its only antispam solution to move mails into spam folder if they exist and configured > > Some tip? > > BR, > > Alfredo > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From tss at iki.fi Thu Sep 10 21:43:16 2015 From: tss at iki.fi (Timo Sirainen) Date: Fri, 11 Sep 2015 00:43:16 +0300 Subject: Dovecot CalDAV server Message-ID: I've been once in a while over the years thinking about implementing CalDAV (and CardDAV) to Dovecot. It might be time to start that soon. Does anyone have any suggestions? So far my main goals would be: - scalable, of course - configurable storage (object storage, regular fs, maybe some key-value dbs, maybe storing as emails) - efficient indexes (potentially using key-value dbs? or maybe just local files. not sure yet what kind of indexing is needed) - have it work with dsync (= replication & migration) Some things I wonder about: - Maybe there is already some code out there that could be used to implement it faster? - Maybe even use something else besides C to implement it.. Then again that makes integration to Dovecot more difficult. - Is anybody interested in helping to develop this? :) I think I still have too much other work that I won't spend a lot of time coding it.. One thing that makes this easier is that Open-Xchange has already implemented a CalDAV server, so they can help to avoid the biggest design mistakes. (There are a couple of reasons why they'd want to replace that.) From p at sys4.de Thu Sep 10 22:04:29 2015 From: p at sys4.de (Patrick Ben Koetter) Date: Fri, 11 Sep 2015 00:04:29 +0200 Subject: Dovecot CalDAV server In-Reply-To: References: Message-ID: <20150910220429.GC3008@sys4.de> * Timo Sirainen : > I've been once in a while over the years thinking about implementing CalDAV (and CardDAV) to Dovecot. It might be time to start that soon. Does anyone have any suggestions? So far my main goals would be: > > - scalable, of course > - configurable storage (object storage, regular fs, maybe some key-value dbs, maybe storing as emails) > - efficient indexes (potentially using key-value dbs? or maybe just local files. not sure yet what kind of indexing is needed) > - have it work with dsync (= replication & migration) Well CalDAV/CardDAV is just another protocol you put in front of your storage engine, right? (Besides the tweaks it will take?) > Some things I wonder about: > > - Maybe there is already some code out there that could be used to implement it faster? > - Maybe even use something else besides C to implement it.. Then again that makes integration to Dovecot more difficult. Have you had a look at http://radicale.org/? I haven't used it myself, but heard good things about it. p at rick > - Is anybody interested in helping to develop this? :) I think I still have too much other work that I won't spend a lot of time coding it.. > > One thing that makes this easier is that Open-Xchange has already implemented a CalDAV server, so they can help to avoid the biggest design mistakes. (There are a couple of reasons why they'd want to replace that.) -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From mfoley at ohprs.org Fri Sep 11 03:05:18 2015 From: mfoley at ohprs.org (Mark Foley) Date: Thu, 10 Sep 2015 23:05:18 -0400 Subject: Need help on checkpassword userdb/passdb Message-ID: <201509110305.t8B35ItT007880@mail.hprs.local> I'm experimenting with checkpassword as an auth method for usedb and passdb (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb and passdb *exactly* as the wiki suggests as the "standard way": passdb { driver = checkpassword args = /user/util/bin/checkpassword } userdb { driver = prefetch } I've created a checkpassword program that does receive the correct user and password from dovecot. And I am successfully authenticating with ntlm_auth and exiting with status 0. My debug output: AUTHORIZED: (null) USER: (null) userdb_uid: (null) userdb_gid: (null) arg1=/usr/local/libexec/dovecot/checkpassword-reply CMD: /usr/bin/ntlm_auth --username="mark" --password='mypass' ntlm_auth status: 0 Now, the wiki says 2 things that have me stumped: 1. It says that, "Dovecot calls the script with AUTHORIZED=1 environment set when performing a userdb lookup. The script must acknowledge this by changing the environment to AUTHORIZED=2, otherwise the lookup fails." As you can see from my program log, "AUTHORIZED" is not set. Why? Nor are any of the other environment variables mentioned in the wiki. I've listed all the environment variables that *are* passed to the program at the bottom of this message. 2. The wiki says, "Your program received a path to checkpassword-reply binary as the first parameter. Execute it." I did so as a fork() and then execve("/usr/local/libexec/dovecot/checkpassword-reply") How do I know it worked ... or failed? What am I doing wrong? Dovecot log entries: Sep 10 22:54:04 auth: Debug: auth client connected (pid=14748) Sep 10 22:54:04 auth: Debug: client in: AUTH 1 PLAIN service=imap session=AkYg1G8f8QDAqAA6 lip=192.168.0.2 rip=192.168.0.58 lport=143 rport=49649 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data) Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,): execute: /user/util/bin/checkpassword /usr/local/libexec/dovecot/checkpassword-reply Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,): exit_status=0 Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,): Received input: Sep 10 22:54:06 auth: Debug: client passdb out: FAIL 1 user=mark temp ENV variables passed to the checkpassword program: DOVECOT_PRESERVE_ENVS=TZ CORE_OUTOFMEM CORE_ERROR DOVECOT_CHILD_PROCESS=1 CONFIG_FILE=/usr/local/var/run/dovecot/config CLIENT_LIMIT=1000 PROCESS_LIMIT=1 PROCESS_MIN_AVAIL=0 IDLE_KILL=60 GENERATION=2991 DOVECOT_HOSTNAME=mail DOVECOT_HOSTDOMAIN=mail.hprs.local DOVECOT_VERSION=2.2.15 LOG_SERVICE=1 SOCKET_COUNT=6 SSL_SOCKET_COUNT=0 SOCKET_NAMES=login tokenlogin auth-login auth-client auth-userdb auth-master PROTO=TCP ORIG_UID=151 SERVICE=imap TCPLOCALIP=192.168.0.2 LOCAL_IP=192.168.0.2 TCPREMOTEIP=192.168.0.58 REMOTE_IP=192.168.0.58 TCPLOCALPORT=143 TCPREMOTEPORT=49649 AUTH_USER=mark AUTH_USERNAME=mark AUTH_SERVICE=imap AUTH_LIP=192.168.0.2 AUTH_RIP=192.168.0.58 AUTH_PID=14748 AUTH_MECH=PLAIN AUTH_SECURED= AUTH_LPORT=143 AUTH_RPORT=49649 AUTH_CERT= AUTH_SESSION=AkYg1G8f8QDAqAA6 AUTH_REAL_LIP=192.168.0.2 AUTH_REAL_RIP=192.168.0.58 AUTH_REAL_LPORT=143 AUTH_REAL_RPORT=49649 AUTH_ORIG_USER=mark AUTH_ORIG_USERNAME=mark --Mark From mfoley at ohprs.org Fri Sep 11 04:05:53 2015 From: mfoley at ohprs.org (Mark Foley) Date: Fri, 11 Sep 2015 00:05:53 -0400 Subject: How to "Windows Authenticate" In-Reply-To: <20150910082715.Horde.jucYEJDsiBuzj6iP1IBedA1@www.vfemail.net> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> <201509082311.t88NB963021145@mail.hprs.local> <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> <201509100247.t8A2lE98017371@mail.hprs.local> <20150910082715.Horde.jucYEJDsiBuzj6iP1IBedA1@www.vfemail.net> Message-ID: <201509110405.t8B45rLm016121@mail.hprs.local> As to your suggested links, Samba4 uses Heimdal Kerberos which is part of the Samba4 installation: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Installation, so I don't know if the krb5 configs discussed in your link will apply. I'll revisit this if other things I'm trying don't work out. If that http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm link were on paper I've have worn out the pages by now. I did see your original message to me on that, tried what I could and posted my results to the list dated Sat, 05 Sep 2015 17:12:50 -0400. Didn't work, probably because I don't know what I'm doing, although I don't think I've spent longer on any other software package without mastering it! The userdb syntax shown on that site had errors with my dovecot 2.2.15. Instructions for an older version (dates on wikis would be nice)? Check out my Sep 5 posting if you missed it and see if I'm doing something stupidly obviously wrong. I'll have to also say the the wiki docs are pretty, but very difficult to comprehend. There's an awful lot of assumed knowledge and terminology in there and even though I have decades of Unix sysadmin experience, I get lost very quickly. A lot of things seem overcomplicated. For example, I'm now trying the checkpassword auth method. Seems pretty simple at first: it gets the username and password and returns 0 if OK or 1 if not. Simple right? But no, the Dovecot implmentation wants you to also set environment variables (which don't appear to be there) and execute programs from within programs, and of course, it doesn't "just work". Why the complexity? Why not return a simple 0 or 1 and go with that? Oh well, I'm going to have to abandon this soon. Workplace indulgence is wearing thin. --Mark -----Original Message----- > Date: Thu, 10 Sep 2015 08:27:15 -0500 > From: Rick Romero > To: dovecot at dovecot.org > Cc: mfoley at ohprs.org > Subject: Re: How to "Windows Authenticate" > > Quoting Mark Foley : > > > Rick, > > > > Samba4 AD/DC and Dovecot work perfectly for everything including access > > from > > SmartPhones.? I've got roaming domain logins, redirected folders, > > calendars and > > contacts work just fine with Outlook and WebDav for sharing calendars; > > don't > > need them in Dovecot.? > > ? > > Do you have that documented somewhere?? I would love to see how that's > done. > > > For the most part, Outlook users can't tell they are not > > still on Exchange ...? except they have to maintain their Outlook > password > > distinct from their Windows password.? Which is their one HUGE issue. > > > > My absolutely LAST issue with totally duplicating SBS/Exchange > > functionality on > > Samba4/Dovecot is getting Dovecot to authenticate with Outlook clients > > using > > Windows Authentication which, as I understand things, can supposedly be > > done > > with NTLM.? I just can't get it to work.? I think a heck of a lot if > > Windows > > [SB]Server shops would convert to Samba4/Dovecot if someone figured out > > how to > > do this. > > > > My Dovecot log messages make it look close to working: > > > > Sep 05 16:45:19 auth-worker(5498): Debug: > > shadow(mark at hprs,192.168.0.58): lookup > > Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark at hprs,192.168.0.58): > > unknown user > > > > Dovecot gets the user as" mark at hprs" instead of "mark" and therefore > > can't find > > it in the userdb. > > > > I can find no Dovecot wiki on this. If Dovecot just can't authenticate > > this way > > can someone (Timo?) tell me so and I'll cease my 8 month quest. > > These are two > > http://wiki2.dovecot.org/Authentication/Kerberos > http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > > As I understand it, NTLM is a layer above Kerberos.? I don't see either > referenced similarly to either wiki pages in the pasted config... > > > Otherwise, what should I have for a userdb? What should I have for a > > passdb? Can > > I parse the "@hprs" bit off the userId received by Dovecot? These seem > > to be my > > hang-ups.? At this point, I'm open to guesses. > > > > Just for the heck of it, here's one of the doveconf's I tested with, > > reproduced > > here because it's burried in the messages below: > > > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain ntlm login > > auth_use_winbind = yes > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > protocols = imap > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > verbose_ssl = yes > > > > And wbinfo (requested by you in an earlier message) showing some of the > > Domain > > users (I'm testing with mark): > > > > $ wbinfo -u > > Administrator > > Guest > > krbtgt > > dns-mail > > mark > > sogo > > (more) > > > > You wrote: > > > >> It also won't look up /etc/shadow - Samba is doing the AD->Unix UID > >> mapping.? Your AD users shouldn't be in there when all is said and > >> done. > > > > If not there, where? > > Samba handles the idmap. The pasted config looks like a local shadow > lookup. > > Though I don't think that resolves the user at domain uid 'issue'..? Maybe > Samba/NTLM/Kerberos will just recognize the domain and take care of it ? > > In any case, side note -? I wrote a webapp a while ago in PHP, and I have > 3 domains in a Trust and the user's browser sends their auth info to an > Apache server using Kerberos auth.? It looks like what you're seeing, > based on my code - 'user at domain' is normal: > $authusername = $_SERVER["PHP_AUTH_USER"]; > if ( stristr($authusername,"@")) { > ??????? $auth_ar = explode("@",$authusername) ; > // > > So receiving user at domain is at least to be expected. > > I don't know what Dovecot would do with that domain info...? > > I would probably work on doing AD auth on another package first - maybe ssh > or PureFTPd - then come back to Dovecot - but also review the two auth > options I linked above if you didn't get my mail the first time. > > I CCd you directly, because I swear I provided the NTLM wiki page before, > and maybe my mail got dropped. > > Rick > > > Humor me. Give me ONE suggestion to try! > > > --Mark > > ? From alec at alec.pl Fri Sep 11 06:21:24 2015 From: alec at alec.pl (A.L.E.C) Date: Fri, 11 Sep 2015 08:21:24 +0200 Subject: Dovecot CalDAV server In-Reply-To: References: Message-ID: <55F272E4.2060207@alec.pl> On 09/10/2015 11:43 PM, Timo Sirainen wrote: > - Maybe there is already some code out there that could be used to implement it faster? As I know Cyrus IMAP has this feature, but I didn't try it nor see the code. -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From dickson.tim at googlemail.com Fri Sep 11 09:19:41 2015 From: dickson.tim at googlemail.com (Tim Dickson) Date: Fri, 11 Sep 2015 10:19:41 +0100 Subject: Dovecot CalDAV server In-Reply-To: References: Message-ID: <55F29CAD.8020807@googlemail.com> On 10/09/2015 22:43, Timo Sirainen wrote: > I've been once in a while over the years thinking about implementing CalDAV (and CardDAV) to Dovecot. It might be time to start that soon. Does anyone have any suggestions? So far my main goals would be: a simple method for handling calender permissions. ie, private calenders, public calenders, and limited access calenders radical is easy to install, but working out permissions for editing/viewing I found less than simple. having permissions, or at least login tied with dovecot reduces password admin. > - scalable, of course > - configurable storage (object storage, regular fs, maybe some key-value dbs, maybe storing as emails) It may be able to be implemented in a text file or sql table, but I'm not sure how the mua's handle adding entries/calenders/changing permissions etc. If it would work for thunderbird and ms outlook, it would cover a large section of the local userbase that may use it, and working with squirrelmail and roundcube would cover most of the webmail based users > - efficient indexes (potentially using key-value dbs? or maybe just local files. not sure yet what kind of indexing is needed) > - have it work with dsync (= replication & migration) > > Some things I wonder about: > > - Maybe there is already some code out there that could be used to implement it faster? > - Maybe even use something else besides C to implement it.. Then again that makes integration to Dovecot more difficult. > - Is anybody interested in helping to develop this? :) I think I still have too much other work that I won't spend a lot of time coding it.. > > One thing that makes this easier is that Open-Xchange has already implemented a CalDAV server, so they can help to avoid the biggest design mistakes. (There are a couple of reasons why they'd want to replace that.) > From admin at dishaw.org Fri Sep 11 10:07:38 2015 From: admin at dishaw.org (Admin) Date: Fri, 11 Sep 2015 06:07:38 -0400 Subject: Dovecot CalDAV server In-Reply-To: References: Message-ID: <9146F77C-23BF-40F9-88B8-FBE43F9EB0AC@dishaw.org> > On Sep 10, 2015, at 5:43 PM, Timo Sirainen wrote: > > I've been once in a while over the years thinking about implementing CalDAV (and CardDAV) to Dovecot. It might be time to start that soon. Does anyone have any suggestions? > > Some things I wonder about: > > - Maybe there is already some code out there that could be used to implement it faster? I have used davical and was pretty happy with it. My biggest complaint is that it requires a web server and PHP. It uses Postgresql as a storage backend, which I think is a bit heavy for small applications. > - Maybe even use something else besides C to implement it.. Then again that makes integration to Dovecot more difficult. I think keeping it in C is the way to go. From niklaas at kulturflatrate.net Fri Sep 11 10:08:32 2015 From: niklaas at kulturflatrate.net (Niklaas Baudet von Gersdorff) Date: Fri, 11 Sep 2015 12:08:32 +0200 Subject: Dovecot CalDAV server In-Reply-To: <20150910220429.GC3008@sys4.de> References: <20150910220429.GC3008@sys4.de> Message-ID: <20150911120832.0318d74a@len-t420.klaas> On Fri, 11 Sep 2015 00:04:29 +0200 Patrick Ben Koetter

wrote: > Have you had a look at http://radicale.org/? I haven't used it > myself, but heard good things about it. Thanks for sharing. This really looks interesting. -- Niklaas From niklaas at kulturflatrate.net Fri Sep 11 10:11:53 2015 From: niklaas at kulturflatrate.net (Niklaas Baudet von Gersdorff) Date: Fri, 11 Sep 2015 12:11:53 +0200 Subject: Dovecot CalDAV server In-Reply-To: References: Message-ID: <20150911121153.5641bcab@len-t420.klaas> On Fri, 11 Sep 2015 00:43:16 +0300 Timo Sirainen wrote: > I've been once in a while over the years thinking about implementing > CalDAV (and CardDAV) to Dovecot. It might be time to start that soon. > Does anyone have any suggestions? So far my main goals would be: > > - scalable, of course > - configurable storage (object storage, regular fs, maybe some > key-value dbs, maybe storing as emails) > - efficient indexes (potentially using key-value dbs? or maybe just > local files. not sure yet what kind of indexing is needed) > - have it work with dsync (= replication & migration) Have you heard about SOGo yet? http://www.sogo.nu/ It is an entire groupware server but its focus lies on scalability implemented through open standards. For an overview check http://www.sogo.nu/english/about/technology.html I haven't used it myself yet but I am planning to do so. -- Niklaas From p at sys4.de Fri Sep 11 10:26:25 2015 From: p at sys4.de (Patrick Ben Koetter) Date: Fri, 11 Sep 2015 12:26:25 +0200 Subject: Dovecot CalDAV server In-Reply-To: <20150911121153.5641bcab@len-t420.klaas> References: <20150911121153.5641bcab@len-t420.klaas> Message-ID: <20150911102625.GB6897@sys4.de> * Niklaas Baudet von Gersdorff : > On Fri, 11 Sep 2015 00:43:16 +0300 > Timo Sirainen wrote: > > > I've been once in a while over the years thinking about implementing > > CalDAV (and CardDAV) to Dovecot. It might be time to start that soon. > > Does anyone have any suggestions? So far my main goals would be: > > > > - scalable, of course > > - configurable storage (object storage, regular fs, maybe some > > key-value dbs, maybe storing as emails) > > - efficient indexes (potentially using key-value dbs? or maybe just > > local files. not sure yet what kind of indexing is needed) > > - have it work with dsync (= replication & migration) > > Have you heard about SOGo yet? > > http://www.sogo.nu/ > > It is an entire groupware server but its focus lies on scalability > implemented through open standards. For an overview check SOGo is good groupware. It is rock solid and runs stable. But it won't scale for what Timo is after. At least that's what I was told a while ago. p at rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From jerry at seibercom.net Fri Sep 11 10:28:52 2015 From: jerry at seibercom.net (Jerry) Date: Fri, 11 Sep 2015 06:28:52 -0400 Subject: Dovecot CalDAV server In-Reply-To: References: Message-ID: <20150911062852.0bd80b8b@seibercom.net> On Fri, 11 Sep 2015 00:43:16 +0300, Timo Sirainen stated: >I've been once in a while over the years thinking about implementing CalDAV >(and CardDAV) to Dovecot. It might be time to start that soon. Does anyone >have any suggestions? So far my main goals would be: > > - scalable, of course > - configurable storage (object storage, regular fs, maybe some key-value > dbs, maybe storing as emails) > - efficient indexes (potentially using key-value dbs? or maybe just local > files. not sure yet what kind of indexing is needed) > - have it work with dsync (= replication & migration) > >Some things I wonder about: > > - Maybe there is already some code out there that could be used to > implement it faster? > - Maybe even use something else besides C to implement it.. Then again that > makes integration to Dovecot more difficult. > - Is anybody interested in helping to develop this? :) I think I still have > too much other work that I won't spend a lot of time coding it.. > >One thing that makes this easier is that Open-Xchange has already >implemented a CalDAV server, so they can help to avoid the biggest design >mistakes. (There are a couple of reasons why they'd want to replace that.) The RFCs 6352 & 4791 are all ready in place. As long as everything stays in compliance, I think it would be a wonderful idea. And yes I would stick with "C". -- Jerry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From ms at sys4.de Fri Sep 11 10:37:13 2015 From: ms at sys4.de (Michael Schwartzkopff) Date: Fri, 11 Sep 2015 12:37:13 +0200 Subject: Dovecot CalDAV server In-Reply-To: <20150911102625.GB6897@sys4.de> References: <20150911121153.5641bcab@len-t420.klaas> <20150911102625.GB6897@sys4.de> Message-ID: <14145604.dVG3ssVkKU@nb003> Am Freitag, 11. September 2015, 12:26:25 schrieb Patrick Ben Koetter: > * Niklaas Baudet von Gersdorff : > > On Fri, 11 Sep 2015 00:43:16 +0300 > > > > Timo Sirainen wrote: > > > I've been once in a while over the years thinking about implementing > > > CalDAV (and CardDAV) to Dovecot. It might be time to start that soon. > > > > > > Does anyone have any suggestions? So far my main goals would be: > > > - scalable, of course > > > - configurable storage (object storage, regular fs, maybe some > > > > > > key-value dbs, maybe storing as emails) > > > > > > - efficient indexes (potentially using key-value dbs? or maybe just > > > > > > local files. not sure yet what kind of indexing is needed) > > > > > > - have it work with dsync (= replication & migration) > > > > Have you heard about SOGo yet? > > > > http://www.sogo.nu/ > > > > It is an entire groupware server but its focus lies on scalability > > implemented through open standards. For an overview check > > SOGo is good groupware. It is rock solid and runs stable. > But it won't scale for what Timo is after. At least that's what I was told a > while ago. Scaling is done with loadbalancers nowadays. Network-based or application- based. Both work depending which one is better in which situation. Mit freundlichen Gr??en, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 230 bytes Desc: This is a digitally signed message part. URL: From rs at sys4.de Fri Sep 11 15:55:12 2015 From: rs at sys4.de (Robert Schetterer) Date: Fri, 11 Sep 2015 17:55:12 +0200 Subject: Dovecot CalDAV server In-Reply-To: References: Message-ID: <55F2F960.9030902@sys4.de> Am 10.09.2015 um 23:43 schrieb Timo Sirainen: > I've been once in a while over the years thinking about implementing CalDAV (and CardDAV) to Dovecot. It might be time to start that soon. Does anyone have any suggestions? So far my main goals would be: > > - scalable, of course > - configurable storage (object storage, regular fs, maybe some key-value dbs, maybe storing as emails) > - efficient indexes (potentially using key-value dbs? or maybe just local files. not sure yet what kind of indexing is needed) > - have it work with dsync (= replication & migration) > > Some things I wonder about: > > - Maybe there is already some code out there that could be used to implement it faster? > - Maybe even use something else besides C to implement it.. Then again that makes integration to Dovecot more difficult. > - Is anybody interested in helping to develop this? :) I think I still have too much other work that I won't spend a lot of time coding it.. > > One thing that makes this easier is that Open-Xchange has already implemented a CalDAV server, so they can help to avoid the biggest design mistakes. (There are a couple of reasons why they'd want to replace that.) > Hi Timo, caldav / carddav in dovecot will be an ultimate nice feature. I remember Kolab with imap file storage backend, storing vcard, ics in imap folders. ( which should be hidden ) There was a thunderbird plugin for this, but i had no good performance. Advantage of this solution might be the exist imap acl system can be used for all kind of addressbook , kalendar sharing. Perhaps public addressbooks and calendars are possible too this way ( and at last anonymous read only ones ). All other servers i know use some db backend. I guess you will have hard times with clients, cause there are all kind of known bugs. Specially serial appointment with/and different timezones over summertime and wintertime changes seems difficult to code. Best way all in UTC and let the client convert it in its local timezone. Also there are two ways of invitations notices via mail , let the client send it, or the server has to do it ( or perhaps combinate ). So resources calenders are needed too ,for auto booking calenders you need some kind of scripting. For the first releases mark as higly beta , its very bad for user if they trust in calenders which might have bugs. the new thunderbird carddav addressbook seems to stuck since years https://github.com/mikeconley/thunderbird-ensemble Of course i am willing to test your code and report. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From mihai at badici.ro Fri Sep 11 16:10:38 2015 From: mihai at badici.ro (Mihai Badici) Date: Fri, 11 Sep 2015 19:10:38 +0300 Subject: Dovecot CalDAV server In-Reply-To: <55F2F960.9030902@sys4.de> References: <55F2F960.9030902@sys4.de> Message-ID: <30044945.CmhBvIV0tm@hpdesktop> On Friday 11 September 2015 17:55:12 Robert Schetterer wrote: > Am 10.09.2015 um 23:43 schrieb Timo Sirainen: > > I've been once in a while over the years thinking about implementing CalDAV (and CardDAV) to Dovecot. It might be time to start that soon. Does anyone have any suggestions? So far my main goals would be: > > - scalable, of course > > - configurable storage (object storage, regular fs, maybe some key- value > > dbs, maybe storing as emails) - efficient indexes (potentially using > > key-value dbs? or maybe just local files. not sure yet what kind of > > indexing is needed) - have it work with dsync (= replication & > > migration) > > > > Some things I wonder about: > > - Maybe there is already some code out there that could be used to > > implement it faster? - Maybe even use something else besides C to > > implement it.. Then again that makes integration to Dovecot more > > difficult. - Is anybody interested in helping to develop this? :) I > > think I still have too much other work that I won't spend a lot of time > > coding it..> > > One thing that makes this easier is that Open-Xchange has already > > implemented a CalDAV server, so they can help to avoid the biggest design > > mistakes. (There are a couple of reasons why they'd want to replace > > that.) > Hi Timo, caldav / carddav in dovecot will be an ultimate nice feature. > > I remember Kolab with imap file storage backend, storing vcard, ics in > imap folders. ( which should be hidden ) > In fact with metadata support (which is now mainstream in dovecot) you can store arbitrary data in imap. The folder is simply marked as: addressbook, calendar or whatever you want . I think there is nothing more to implement in dovecot (well, is enough place for improuvement) ; > There was a thunderbird plugin for this, but i had no good performance. > Advantage of this solution might be the exist imap acl system can be > used for all kind of addressbook , kalendar sharing. Perhaps public > addressbooks and calendars are possible too this way ( and at last > anonymous read only ones ). Thunderbird is stagnant; I think we don't have an IMAP client dovecot deserve :) But IMHO all the rest ( storing, parsing) should be implemented client side via plugins. > > All other servers i know use some db backend. I guess you will have > hard times with clients, cause there are all kind of known bugs. > > > Best Regards > MfG Robert Schetterer-- Mihai Badici[1] -------- [1] http://mihai.badici.ro From branko at majic.rs Fri Sep 11 16:54:55 2015 From: branko at majic.rs (Branko Majic) Date: Fri, 11 Sep 2015 18:54:55 +0200 Subject: Dovecot CalDAV server In-Reply-To: References: Message-ID: <20150911185455.211bd23c@zetkin.primekey.se> On Fri, 11 Sep 2015 00:43:16 +0300 Timo Sirainen wrote: > I've been once in a while over the years thinking about implementing CalDAV (and CardDAV) to Dovecot. It might be time to start that soon. Does anyone have any suggestions? Perhaps support for LDAP as a backend for retrieving contact information (CardDAV) and/or a way to sync the contacts between Dovecot and LDAP in some sane way. This could end-up being more trouble than worth, though. Best regards -- Branko Majic Jabber: branko at majic.rs Please use only Free formats when sending attachments to me. ?????? ????? ?????: branko at majic.rs ????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From mihai at badici.ro Fri Sep 11 18:44:36 2015 From: mihai at badici.ro (Mihai Badici) Date: Fri, 11 Sep 2015 21:44:36 +0300 Subject: Dovecot CalDAV server In-Reply-To: References: Message-ID: <2208420.n4m9J71KEe@hpdesktop> On Friday 11 September 2015 00:43:16 Timo Sirainen wrote: > I've been once in a while over the years thinking about implementing CalDAV > (and CardDAV) to Dovecot. It might be time to start that soon. Does anyone > have any suggestions? So far my main goals would be: > > - scalable, of course > - configurable storage (object storage, regular fs, maybe some key- value > dbs, maybe storing as emails) - efficient indexes (potentially using > key-value dbs? or maybe just local files. not sure yet what kind of > indexing is needed) - have it work with dsync (= replication & migration) The kolab project already store calendars and cards as e-mails. I use dovecot from few years using part of this project. They use libkolabxml who provide binding for encoding/decoding objects ; this is an approach with advandages and disadvantages ( an external library can be upgraded to reflect changes in object format) but i think compatibility is a good thing at the end. Maybe this could be pluggable to allow different xml formats, but I think all should be more or less similar. > > Some things I wonder about: > > - Maybe there is already some code out there that could be used to > implement it faster? - Maybe even use something else besides C to implement > it.. Then again that makes integration to Dovecot more difficult. - Is > anybody interested in helping to develop this? :) I think I still have too > much other work that I won't spend a lot of time coding it.. > > One thing that makes this easier is that Open-Xchange has already > implemented a CalDAV server, so they can help to avoid the biggest design > mistakes. (There are a couple of reasons why they'd want to replace that. I think there are two parts of the project: object storage and protocol implementation. If you choose the kolab approach, the object storage part is already done :) > -- Mihai Badici[1] -------- [1] http://mihai.badici.ro From larryrtx at gmail.com Fri Sep 11 18:50:22 2015 From: larryrtx at gmail.com (Larry Rosenman) Date: Fri, 11 Sep 2015 13:50:22 -0500 Subject: Is it a bug when you move mail between namespaces.... In-Reply-To: References: <55EE08F9.9030409@iki.fi> <24064A82-CAF8-412A-9B98-1BF5C5508329@iki.fi> <65461F61-7AE6-4EEE-BFB9-1B6407B2D437@iki.fi> Message-ID: Timo, Did you get a chance to look at this? Thanks! On Thu, Sep 10, 2015 at 1:24 PM, Larry Rosenman wrote: > my monthly archive script does: > > echo `date` start ${i} > doveadm mailbox create \#ARCHIVE/${YEAR_LAST_MONTH}/${i} > doveadm -f tab mailbox status messages ${i} > doveadm move \#ARCHIVE/${YEAR_LAST_MONTH}/${i} mailbox \ > ${i} BEFORE ${TODAY} SINCE ${FIRST_LAST_MONTH} > doveadm -f tab mailbox status messages ${i} > echo `date` done ${i} > > for each mailbox that has >= 1 message in it. > > so on the move, the fts data gets lost / deleted. > > > On Thu, Sep 10, 2015 at 1:22 PM, Timo Sirainen wrote: > >> It works for me. I don't know why it wouldn't work for you. Looking at >> the autoindexing code I don't see how it could be possible that it works >> for saving but not copying. >> >> On 10 Sep 2015, at 21:05, Larry Rosenman wrote: >> >> Is there a fix coming for this, Timo? Or is it a longer term issue? >> >> On Mon, Sep 7, 2015 at 5:23 PM, Larry Rosenman >> wrote: >> >>> It doesn't in my current 2.2.18 setup with the config I posted. >>> >>> >>> On Mon, Sep 7, 2015 at 5:22 PM, Timo Sirainen wrote: >>> >>>> It should. >>>> >>>> On 08 Sep 2015, at 01:01, Larry Rosenman wrote: >>>> >>>> should fts_autoindex handle that case? >>>> >>>> >>>> On Mon, Sep 7, 2015 at 5:00 PM, Timo Sirainen wrote: >>>> >>>>> On 09/08/2015 12:56 AM, Larry Rosenman wrote: >>>>> > that the fts data gets lost? >>>>> >>>>> All full text search backends are now implemented so that if you >>>>> copy/move mails, the mails need to be indexed again the destination >>>>> folder. >>>>> >>>>> Alternative would be to index mails only with their GUIDs and have a >>>>> GUID => { folder GUID, IMAP UID } mapping and filter the mails based on >>>>> that. But such reverse index doesn't exist quite yet. >>>>> >>>> >>>> >>>> >>>> -- >>>> Larry Rosenman http://www.lerctr.org/~ler >>>> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >>>> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 >>>> >>>> >>>> >>> >>> >>> -- >>> Larry Rosenman http://www.lerctr.org/~ler >>> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >>> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 >>> >> >> >> >> -- >> Larry Rosenman http://www.lerctr.org/~ler >> Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com >> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 >> >> >> > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 From pixilla at macports.org Fri Sep 11 19:45:20 2015 From: pixilla at macports.org (Bradley Giesbrecht) Date: Fri, 11 Sep 2015 12:45:20 -0700 Subject: object storage Message-ID: Is the Dovecot Object Storage plugin still available for purchase? Clicking the store link [2] from this page [1] does not show any info about purchasing the plugin. [1] http://www.dovecot.fi/dovecot-object-storage-plugins-available-for-online-purchase/ [2] http://shop.dovecot.fi/ Regards, Bradley Giesbrecht (pixilla) From mborgelt at borgelt.org Wed Sep 9 06:31:26 2015 From: mborgelt at borgelt.org (Michael Borgelt) Date: Wed, 09 Sep 2015 08:31:26 +0200 Subject: Dovecot 2.2.18 Panic: file index-mail-binary.c In-Reply-To: <7F317F52-2AAF-4B81-A24A-BBDE4593993F@iki.fi> References: <20150728091215.Horde.gmc7i3jGADyFKBjMowoMTOj@hermes.dg4yfa.org> <7F317F52-2AAF-4B81-A24A-BBDE4593993F@iki.fi> Message-ID: <20150909083126.Horde.rrfArb1U1Fwj8uv6EK6f5cs@hermes.dg4yfa.org> Zitat von Timo Sirainen : > On 28 Jul 2015, at 10:12, Michael Borgelt wrote: >> Hi, >> I got the following in my dovecot log's on an particular email message >> with dovecot-imap. >> >> ---snip--- >> Jul 28 08:42:11 hermes dovecot: imap(mborgelt): Panic: file >> index-mail-binary.c: line 354 (blocks_count_lines): assertion failed: >> (ret == -1) > > Not sure why this wasn't more commonly happening, but here's the fix: > http://hg.dovecot.org/dovecot-2.2/rev/865405fce42e Thank you for your support. This fixes the bug. Regards, Michael. MICHAEL BORGELT e-mail: mborgelt at borgelt.org -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2640 bytes Desc: S/MIME-Signatur URL: From mfoley at ohprs.org Sat Sep 12 01:57:40 2015 From: mfoley at ohprs.org (Mark Foley) Date: Fri, 11 Sep 2015 21:57:40 -0400 Subject: Need help on checkpassword userdb/passdb In-Reply-To: <201509110305.t8B35ItT007880@mail.hprs.local> References: <201509110305.t8B35ItT007880@mail.hprs.local> Message-ID: <201509120157.t8C1ve7W011710@mail.hprs.local> Not to be grumpy, but I've posted a dozen or more message to this list in the past week about what I think might be relatively common/easy issues and have had zero response except from Rick Romero who is trying, but hasn't actually done what I need himself. I'm sure someone has. Perhaps these problem are too mundane compared to CalDAV, sieve filtering and IPA to excite List interest? Come on Dovecotters! Let's step up to the plate! To follow up on my previous posting in this thread, I'm trying to get checkpassword to work. I have confirmed that it is setting the environment variables as described in (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). My debug output of env variables sent to checkpassword-reply: $USER=mark userdb_uid=3000026 userdb_gid=100 INSECURE_SETUID=1 EXTRA=userdb_uid userdb_gid I have confirmed that my checkpassword program returns 0 authenticating the user with the AD: fork pid = 4239, ntlm_auth status: 0 The pid listed above is the pid of the forked /usr/local/libexec/dovecot/checkpassword-reply program. For testing purposes, I've replaced that with a stub of my own that shows the set environment variables so I know checkpassword-reply is getting them (listed above). Notice in the log messages below that everything looks correct. It has the correct username, UID, GID, client passdb out: OK. No error in the log that I can see. I believe I've done everything exactly as documented in the wiki, but it doesn't work I get the Outlook message "Your IMAP server closed the connection ... Error Code: 0x800CCCDD". Finally, I tried setting: chgrp dovecot /usr/local/libexec/dovecot/checkpassword-reply chmod g+s /usr/local/libexec/dovecot/checkpassword-reply As the wiki suggested and setting the env variable INSECURE_SETUID=1. Same error. Googling the 0x800CCCDD code simply says to turn of scheduled send/received, but that makes no different. Same error. I believe I've done everything exactly according to the documentation. Does checkpassword actually work with Dovecot version 2.2.15? If not, could someone please tell me so I can stop wasting my time. If it does work, can someone please help me figure out why it does not for me? Thanks -- Mark My dovecot log: Sep 11 21:18:22 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 11 21:18:22 auth: Debug: Read auth token secret from /usr/local/var/run/dovecot/auth-token-secret.dat Sep 11 21:18:22 auth: Debug: auth client connected (pid=4234) Sep 11 21:18:22 auth: Debug: client in: AUTH 1 PLAIN service=imap session=tHPCm4IftgDAqAA6 lip=192.168.0.2 rip=192.168.0.58 lport=143 rport=50614 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data) Sep 11 21:18:22 auth: Debug: checkpassword(mark,192.168.0.58,): execute: /user/util/bin/checkpassword /usr/local/libexec/dovecot/checkpassword-reply Sep 11 21:18:22 auth: Debug: checkpassword(mark,192.168.0.58,): exit_status=0 Sep 11 21:18:22 auth: Debug: checkpassword(mark,192.168.0.58,): Received input: userdb_uid=3000026 userdb_gid=100 Sep 11 21:18:22 auth: Debug: client passdb out: OK 1 user=mark Sep 11 21:18:22 auth: Debug: master in: REQUEST 1794375681 4234 1 c2551b70ccf5e2f8e022869663bf6a70 session_pid=4240 request_auth_token Sep 11 21:18:22 auth: Debug: prefetch(mark,192.168.0.58,): success Sep 11 21:18:22 auth: Debug: master userdb out: USER 1794375681 mark uid=3000026 gid=100 auth_token=008ebf0ebd9c1654085de247f10cdf0a746555d4 Sep 11 21:18:22 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.0.58, lip=192.168.0.2, mpid=4240, session= -----Original Message----- From: Mark Foley Date: Thu, 10 Sep 2015 23:05:18 -0400 To: dovecot at dovecot.org Subject: Need help on checkpassword userdb/passdb I'm experimenting with checkpassword as an auth method for usedb and passdb (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb and passdb *exactly* as the wiki suggests as the "standard way": passdb { driver = checkpassword args = /user/util/bin/checkpassword } userdb { driver = prefetch } I've created a checkpassword program that does receive the correct user and password from dovecot. And I am successfully authenticating with ntlm_auth and exiting with status 0. My debug output: AUTHORIZED: (null) USER: (null) userdb_uid: (null) userdb_gid: (null) arg1=/usr/local/libexec/dovecot/checkpassword-reply CMD: /usr/bin/ntlm_auth --username="mark" --password='mypass' ntlm_auth status: 0 Now, the wiki says 2 things that have me stumped: 1. It says that, "Dovecot calls the script with AUTHORIZED=1 environment set when performing a userdb lookup. The script must acknowledge this by changing the environment to AUTHORIZED=2, otherwise the lookup fails." As you can see from my program log, "AUTHORIZED" is not set. Why? Nor are any of the other environment variables mentioned in the wiki. I've listed all the environment variables that *are* passed to the program at the bottom of this message. 2. The wiki says, "Your program received a path to checkpassword-reply binary as the first parameter. Execute it." I did so as a fork() and then execve("/usr/local/libexec/dovecot/checkpassword-reply") How do I know it worked ... or failed? What am I doing wrong? Dovecot log entries: Sep 10 22:54:04 auth: Debug: auth client connected (pid=14748) Sep 10 22:54:04 auth: Debug: client in: AUTH 1 PLAIN service=imap session=AkYg1G8f8QDAqAA6 lip=192.168.0.2 rip=192.168.0.58 lport=143 rport=49649 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data) Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,): execute: /user/util/bin/checkpassword /usr/local/libexec/dovecot/checkpassword-reply Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,): exit_status=0 Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,): Received input: Sep 10 22:54:06 auth: Debug: client passdb out: FAIL 1 user=mark temp ENV variables passed to the checkpassword program: DOVECOT_PRESERVE_ENVS=TZ CORE_OUTOFMEM CORE_ERROR DOVECOT_CHILD_PROCESS=1 CONFIG_FILE=/usr/local/var/run/dovecot/config CLIENT_LIMIT=1000 PROCESS_LIMIT=1 PROCESS_MIN_AVAIL=0 IDLE_KILL=60 GENERATION=2991 DOVECOT_HOSTNAME=mail DOVECOT_HOSTDOMAIN=mail.hprs.local DOVECOT_VERSION=2.2.15 LOG_SERVICE=1 SOCKET_COUNT=6 SSL_SOCKET_COUNT=0 SOCKET_NAMES=login tokenlogin auth-login auth-client auth-userdb auth-master PROTO=TCP ORIG_UID=151 SERVICE=imap TCPLOCALIP=192.168.0.2 LOCAL_IP=192.168.0.2 TCPREMOTEIP=192.168.0.58 REMOTE_IP=192.168.0.58 TCPLOCALPORT=143 TCPREMOTEPORT=49649 AUTH_USER=mark AUTH_USERNAME=mark AUTH_SERVICE=imap AUTH_LIP=192.168.0.2 AUTH_RIP=192.168.0.58 AUTH_PID=14748 AUTH_MECH=PLAIN AUTH_SECURED= AUTH_LPORT=143 AUTH_RPORT=49649 AUTH_CERT= AUTH_SESSION=AkYg1G8f8QDAqAA6 AUTH_REAL_LIP=192.168.0.2 AUTH_REAL_RIP=192.168.0.58 AUTH_REAL_LPORT=143 AUTH_REAL_RPORT=49649 AUTH_ORIG_USER=mark AUTH_ORIG_USERNAME=mark --Mark From mfoley at ohprs.org Sat Sep 12 06:31:14 2015 From: mfoley at ohprs.org (Mark Foley) Date: Sat, 12 Sep 2015 02:31:14 -0400 Subject: My dovecot works fine against Active Directory 2003, but not against AD2008 Message-ID: <201509120631.t8C6VE2T005436@mail.hprs.local> Fran - thanks for your reply. I'm cc'ing you directly on this as well as posting to the list as I'm not sure how often you check the list and I'm down to hanging by my last fingernail on this project. I have some preliminary questions interspersed below. Thanks, --Mark -----Original Message----- > Subject: Re: My dovecot works fine against Active Directory 2003, but not > against AD2008 > To: dovecot at dovecot.org > From: Fran > Date: Thu, 10 Sep 2015 13:26:21 +0200 > > Hi Mark, > > when I say AD 2003/8 I mean Active Directory 2003/8. Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers indicated to me you might be talking about Windows Small Business Server 2003 or 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC on Linux. > > My configuration is attached. Thank you very much for that. If I make some headway, I'll likely have more questions on specifics. > > I based my installation (dovecot+postfix) in the guides of this site: > http://www.linuxmail.info > > The LDAP part is this: > http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/ If you were able to make sense out of these sites' tiny screen-shots and one-line descriptions my hat's off to you. "Your a better man that I am Gunga-Din!" If there was more detailed narrative somewhere I couldn't find it. Also, I don't have jXplorer on my system, so probably I couldn't get too far anyway. BIG QUESTIONS: 1. Are you using MS Outlook IMAP clients in your environment? If so, how are you making them connect with LDAP? By checking the SPA checkbox? 2. The mail_gid/mail_uid as vmail confuses me. I see that setting a lot, including in your config. http://wiki2.dovecot.org/VirtualUsers says, "You can create, for example, one vmail user which owns all the mails, or you can assign a separate UID for each user." I have assigned a separte UID for each based on the UID returned by `wbinfo -u `. Does assigning separate UIDs mess up my ability to adapt your configuration? little questions: 3. I'm not planning on using quotas. Can I safely omit your mail_plugins = " quota" setting and all your plugin { quota_...} settings? I want to be as simple as possible to start. 4. Likewise, dovecot seems to be able to find users' mailboxes just fine. Can I omit the namespace inbox {} setting? These may seem like amaturish questions, but little details have foiled me a lot on this Dovecot project. If I feel confident with the answers you provide here, I'll move on to trying some things. Thanks a lot for your help!!! --Mark > > You can also use PAM to connect to AD > (http://www.linuxmail.info/active-directory-dovecot-pam-authentication/) > but that way doesn't allow to retrieve custom fields from the AD (ex. a > field to set quota per user), so I'm using the standard LDAP method. > > Regards > > El 10/09/2015 a las 4:51, Mark Foley escribi?: > > Fran and/or Matthias, > > > > Could you publish your doveconf -n? I can't get dovecot to authenticate with my > > AD. Maybe you have a solution I could try. > > > > What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8 > > and are therefore using Outlook? > > > > --Mark > > > > -----Original Message----- [deleted] From 24x7server at 24x7server.net Sat Sep 12 18:53:29 2015 From: 24x7server at 24x7server.net (Rajesh M) Date: Sun, 13 Sep 2015 00:23:29 +0530 Subject: concerning dovecot settings for high volume server Message-ID: <16E97053E7B24926AE733E6C85C9F884.MAI@ns1.24x7server.net> hi centos 6 64 bit hex core processor with hyperthreading ie display shows 12 cores 16 gb ram 600 gb 15000 rpm drive we are having around 4000 users on a server i wish to allow 1500 pop3 and 1500 imap connections simultaneously. need help regarding the settings to handle the above imap-login, pop3-login imap pop3 service settings i recently i got an error imap-login: Error: read(imap) failed: Remote closed connection (process_limit reached?) my current dovecot config file # 2.2.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.23.3.el6.x86_64 x86_64 CentOS release 6.5 (Final) auth_cache_negative_ttl = 0 auth_cache_ttl = 0 auth_mechanisms = plain login digest-md5 cram-md5 default_login_user = vpopmail disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 log_path = /var/log/dovecot.log login_greeting = ready. mail_max_userip_connections = 50 mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = prefix = separator = . type = private } passdb { args = cache_key=%u webmail=127.0.0.1 driver = vpopmail } plugin { quota = maildir:ignore=Trash quota_rule = ?:storage=0 } protocols = imap pop3 service imap-login { client_limit = 256 process_limit = 400 process_min_avail = 4 service_count = 0 vsz_limit = 512 M } service pop3-login { client_limit = 1000 process_limit = 400 process_min_avail = 12 service_count = 0 vsz_limit = 512 M } ssl_cert = References: <16E97053E7B24926AE733E6C85C9F884.MAI@ns1.24x7server.net> Message-ID: <55F49FC7.6020200@ajmconsulting.ca> You may be running up against Linux system/user limits. Run $ cat /proc/sys/kernel/pid_max and $ ulimit -a That should give some insight into your problem. On 12/09/2015 2:53 PM, Rajesh M wrote: > hi > > centos 6 64 bit > > hex core processor with hyperthreading ie display shows 12 cores > 16 gb ram > 600 gb 15000 rpm drive > > we are having around 4000 users on a server > > > i wish to allow 1500 pop3 and 1500 imap connections simultaneously. > > need help regarding the settings to handle the above > > imap-login, pop3-login > imap pop3 service settings > > i recently i got an error > imap-login: Error: read(imap) failed: Remote closed connection (process_limit reached?) > > > my current dovecot config file > > # 2.2.7: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-431.23.3.el6.x86_64 x86_64 CentOS release 6.5 (Final) > auth_cache_negative_ttl = 0 > auth_cache_ttl = 0 > auth_mechanisms = plain login digest-md5 cram-md5 > default_login_user = vpopmail > disable_plaintext_auth = no > first_valid_gid = 89 > first_valid_uid = 89 > log_path = /var/log/dovecot.log > login_greeting = ready. > mail_max_userip_connections = 50 > mail_plugins = " quota" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace { > inbox = yes > location = > prefix = > separator = . > type = private > } > passdb { > args = cache_key=%u webmail=127.0.0.1 > driver = vpopmail > } > plugin { > quota = maildir:ignore=Trash > quota_rule = ?:storage=0 > } > protocols = imap pop3 > service imap-login { > client_limit = 256 > process_limit = 400 > process_min_avail = 4 > service_count = 0 > vsz_limit = 512 M > } > service pop3-login { > client_limit = 1000 > process_limit = 400 > process_min_avail = 12 > service_count = 0 > vsz_limit = 512 M > } > ssl_cert = ssl_dh_parameters_length = 2048 > ssl_key = userdb { > args = cache_key=%u quota_template=quota_rule=*:backend=%q > driver = vpopmail > } > protocol imap { > imap_client_workarounds = delay-newmail > mail_plugins = " quota imap_quota" > } > protocol pop3 { > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_fast_size_lookups = yes > pop3_lock_session = no > pop3_no_flag_updates = yes > } > > > thanks very much, > > rajesh From 24x7server at 24x7server.net Sun Sep 13 02:51:56 2015 From: 24x7server at 24x7server.net (Rajesh M) Date: Sun, 13 Sep 2015 08:21:56 +0530 Subject: concerning dovecot settings for high volume server Message-ID: ----- Original Message ----- From: Tony Morehen [mailto:tmorehen at ajmconsulting.ca] To: dovecot at dovecot.org Sent: Sat, 12 Sep 2015 17:57:27 -0400 Subject: Re: concerning dovecot settings for high volume server You may be running up against Linux system/user limits. Run $ cat /proc/sys/kernel/pid_max and $ ulimit -a That should give some insight into your problem. On 12/09/2015 2:53 PM, Rajesh M wrote: > hi > > centos 6 64 bit > > hex core processor with hyperthreading ie display shows 12 cores > 16 gb ram > 600 gb 15000 rpm drive > > we are having around 4000 users on a server > > > i wish to allow 1500 pop3 and 1500 imap connections simultaneously. > > need help regarding the settings to handle the above > > imap-login, pop3-login > imap pop3 service settings > > i recently i got an error > imap-login: Error: read(imap) failed: Remote closed connection (process_limit reached?) > > > my current dovecot config file > > # 2.2.7: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-431.23.3.el6.x86_64 x86_64 CentOS release 6.5 (Final) > auth_cache_negative_ttl = 0 > auth_cache_ttl = 0 > auth_mechanisms = plain login digest-md5 cram-md5 > default_login_user = vpopmail > disable_plaintext_auth = no > first_valid_gid = 89 > first_valid_uid = 89 > log_path = /var/log/dovecot.log > login_greeting = ready. > mail_max_userip_connections = 50 > mail_plugins = " quota" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace { > inbox = yes > location = > prefix = > separator = . > type = private > } > passdb { > args = cache_key=%u webmail=127.0.0.1 > driver = vpopmail > } > plugin { > quota = maildir:ignore=Trash > quota_rule = ?:storage=0 > } > protocols = imap pop3 > service imap-login { > client_limit = 256 > process_limit = 400 > process_min_avail = 4 > service_count = 0 > vsz_limit = 512 M > } > service pop3-login { > client_limit = 1000 > process_limit = 400 > process_min_avail = 12 > service_count = 0 > vsz_limit = 512 M > } > ssl_cert = ssl_dh_parameters_length = 2048 > ssl_key = userdb { > args = cache_key=%u quota_template=quota_rule=*:backend=%q > driver = vpopmail > } > protocol imap { > imap_client_workarounds = delay-newmail > mail_plugins = " quota imap_quota" > } > protocol pop3 { > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_fast_size_lookups = yes > pop3_lock_session = no > pop3_no_flag_updates = yes > } > > > thanks very much, > > rajesh this is the first time i got this message since past over an year. the error went away as soon as i restarted dovecot.. surprisingly this happened in the night ie off-office hours. here are the values i got also could you provide me the settings for the limits if wish to handle around 1500 simultaneous connections of pop3 and imap each ? the current values are as follows [root at ns1 log]# cat /proc/sys/kernel/pid_max 49152 [root at ns1 log]# ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 127047 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 127047 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited thanks rajesh From mfoley at ohprs.org Sun Sep 13 03:10:55 2015 From: mfoley at ohprs.org (Mark Foley) Date: Sat, 12 Sep 2015 23:10:55 -0400 Subject: Need help on checkpassword userdb/passdb In-Reply-To: <201509120157.t8C1ve7W011710@mail.hprs.local> References: <201509110305.t8B35ItT007880@mail.hprs.local> <201509120157.t8C1ve7W011710@mail.hprs.local> Message-ID: <201509130310.t8D3AtGE015092@mail.hprs.local> I figured out how to make checkpassword work. There is a problem with the documentation. http://wiki2.dovecot.org/AuthDatabase/CheckPassword, under 'Security' says, "a. If possible, change the checkpassword to return userdb_uid and userdb_gid extra fields instead of using setuid() and setgid(). This also improves the performance." And, under 'Checkpassword Interface' it says, "Return the user's UNIX UID and GID using userdb_uid and userdb_gid environments and add them to the EXTRA environment ..." I did all of this and it didn't work. However, when I added the userdb_home environment variable and added that to the EXTRA environment variable, it worked. I tried this because I happened upon http://wiki2.dovecot.org/UserDatabase/Prefetch which mentioned userdb_home. The http://wiki2.dovecot.org/AuthDatabase/CheckPassword needs to have this bit of information added in the appropriate place(s) or the developer/hackster will waste days trying to get checkpassword working until he/she stumbles across the userdb_home comment elsewhere. Nevertheless, checkpassword turns out not to be the solution to my original problem, so I will keep on keepin' on ... --Mark -----Original Message----- From: Mark Foley Date: Fri, 11 Sep 2015 21:57:40 -0400 To: dovecot at dovecot.org Subject: Re: Need help on checkpassword userdb/passdb [grumpy bit deleted] To follow up on my previous posting in this thread, I'm trying to get checkpassword to work. I have confirmed that it is setting the environment variables as described in (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). My debug output of env variables sent to checkpassword-reply: $USER=mark userdb_uid=3000026 userdb_gid=100 INSECURE_SETUID=1 EXTRA=userdb_uid userdb_gid I have confirmed that my checkpassword program returns 0 authenticating the user with the AD: fork pid = 4239, ntlm_auth status: 0 The pid listed above is the pid of the forked /usr/local/libexec/dovecot/checkpassword-reply program. For testing purposes, I've replaced that with a stub of my own that shows the set environment variables so I know checkpassword-reply is getting them (listed above). Notice in the log messages below that everything looks correct. It has the correct username, UID, GID, client passdb out: OK. No error in the log that I can see. I believe I've done everything exactly as documented in the wiki, but it doesn't work I get the Outlook message "Your IMAP server closed the connection ... Error Code: 0x800CCCDD". Finally, I tried setting: chgrp dovecot /usr/local/libexec/dovecot/checkpassword-reply chmod g+s /usr/local/libexec/dovecot/checkpassword-reply As the wiki suggested and setting the env variable INSECURE_SETUID=1. Same error. Googling the 0x800CCCDD code simply says to turn of scheduled send/received, but that makes no different. Same error. I believe I've done everything exactly according to the documentation. Does checkpassword actually work with Dovecot version 2.2.15? If not, could someone please tell me so I can stop wasting my time. If it does work, can someone please help me figure out why it does not for me? Thanks -- Mark My dovecot log: Sep 11 21:18:22 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 11 21:18:22 auth: Debug: Read auth token secret from /usr/local/var/run/dovecot/auth-token-secret.dat Sep 11 21:18:22 auth: Debug: auth client connected (pid=4234) Sep 11 21:18:22 auth: Debug: client in: AUTH 1 PLAIN service=imap session=tHPCm4IftgDAqAA6 lip=192.168.0.2 rip=192.168.0.58 lport=143 rport=50614 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data) Sep 11 21:18:22 auth: Debug: checkpassword(mark,192.168.0.58,): execute: /user/util/bin/checkpassword /usr/local/libexec/dovecot/checkpassword-reply Sep 11 21:18:22 auth: Debug: checkpassword(mark,192.168.0.58,): exit_status=0 Sep 11 21:18:22 auth: Debug: checkpassword(mark,192.168.0.58,): Received input: userdb_uid=3000026 userdb_gid=100 Sep 11 21:18:22 auth: Debug: client passdb out: OK 1 user=mark Sep 11 21:18:22 auth: Debug: master in: REQUEST 1794375681 4234 1 c2551b70ccf5e2f8e022869663bf6a70 session_pid=4240 request_auth_token Sep 11 21:18:22 auth: Debug: prefetch(mark,192.168.0.58,): success Sep 11 21:18:22 auth: Debug: master userdb out: USER 1794375681 mark uid=3000026 gid=100 auth_token=008ebf0ebd9c1654085de247f10cdf0a746555d4 Sep 11 21:18:22 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.0.58, lip=192.168.0.2, mpid=4240, session= -----Original Message----- From: Mark Foley Date: Thu, 10 Sep 2015 23:05:18 -0400 To: dovecot at dovecot.org Subject: Need help on checkpassword userdb/passdb I'm experimenting with checkpassword as an auth method for usedb and passdb (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb and passdb *exactly* as the wiki suggests as the "standard way": passdb { driver = checkpassword args = /user/util/bin/checkpassword } userdb { driver = prefetch } I've created a checkpassword program that does receive the correct user and password from dovecot. And I am successfully authenticating with ntlm_auth and exiting with status 0. My debug output: AUTHORIZED: (null) USER: (null) userdb_uid: (null) userdb_gid: (null) arg1=/usr/local/libexec/dovecot/checkpassword-reply CMD: /usr/bin/ntlm_auth --username="mark" --password='mypass' ntlm_auth status: 0 Now, the wiki says 2 things that have me stumped: 1. It says that, "Dovecot calls the script with AUTHORIZED=1 environment set when performing a userdb lookup. The script must acknowledge this by changing the environment to AUTHORIZED=2, otherwise the lookup fails." As you can see from my program log, "AUTHORIZED" is not set. Why? Nor are any of the other environment variables mentioned in the wiki. I've listed all the environment variables that *are* passed to the program at the bottom of this message. 2. The wiki says, "Your program received a path to checkpassword-reply binary as the first parameter. Execute it." I did so as a fork() and then execve("/usr/local/libexec/dovecot/checkpassword-reply") How do I know it worked ... or failed? What am I doing wrong? Dovecot log entries: Sep 10 22:54:04 auth: Debug: auth client connected (pid=14748) Sep 10 22:54:04 auth: Debug: client in: AUTH 1 PLAIN service=imap session=AkYg1G8f8QDAqAA6 lip=192.168.0.2 rip=192.168.0.58 lport=143 rport=49649 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data) Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,): execute: /user/util/bin/checkpassword /usr/local/libexec/dovecot/checkpassword-reply Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,): exit_status=0 Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,): Received input: Sep 10 22:54:06 auth: Debug: client passdb out: FAIL 1 user=mark temp ENV variables passed to the checkpassword program: DOVECOT_PRESERVE_ENVS=TZ CORE_OUTOFMEM CORE_ERROR DOVECOT_CHILD_PROCESS=1 CONFIG_FILE=/usr/local/var/run/dovecot/config CLIENT_LIMIT=1000 PROCESS_LIMIT=1 PROCESS_MIN_AVAIL=0 IDLE_KILL=60 GENERATION=2991 DOVECOT_HOSTNAME=mail DOVECOT_HOSTDOMAIN=mail.hprs.local DOVECOT_VERSION=2.2.15 LOG_SERVICE=1 SOCKET_COUNT=6 SSL_SOCKET_COUNT=0 SOCKET_NAMES=login tokenlogin auth-login auth-client auth-userdb auth-master PROTO=TCP ORIG_UID=151 SERVICE=imap TCPLOCALIP=192.168.0.2 LOCAL_IP=192.168.0.2 TCPREMOTEIP=192.168.0.58 REMOTE_IP=192.168.0.58 TCPLOCALPORT=143 TCPREMOTEPORT=49649 AUTH_USER=mark AUTH_USERNAME=mark AUTH_SERVICE=imap AUTH_LIP=192.168.0.2 AUTH_RIP=192.168.0.58 AUTH_PID=14748 AUTH_MECH=PLAIN AUTH_SECURED= AUTH_LPORT=143 AUTH_RPORT=49649 AUTH_CERT= AUTH_SESSION=AkYg1G8f8QDAqAA6 AUTH_REAL_LIP=192.168.0.2 AUTH_REAL_RIP=192.168.0.58 AUTH_REAL_LPORT=143 AUTH_REAL_RPORT=49649 AUTH_ORIG_USER=mark AUTH_ORIG_USERNAME=mark --Mark From tmorehen at ajmconsulting.ca Sun Sep 13 04:09:44 2015 From: tmorehen at ajmconsulting.ca (Tony Morehen) Date: Sun, 13 Sep 2015 00:09:44 -0400 Subject: concerning dovecot settings for high volume server In-Reply-To: References: Message-ID: <55F4F708.9030403@ajmconsulting.ca> On 9/12/2015 10:51 PM, Rajesh M wrote: > ----- Original Message ----- > From: Tony Morehen [mailto:tmorehen at ajmconsulting.ca] > To: dovecot at dovecot.org > Sent: Sat, 12 Sep 2015 17:57:27 -0400 > Subject: Re: concerning dovecot settings for high volume server > > You may be running up against Linux system/user limits. Run > $ cat /proc/sys/kernel/pid_max > and > $ ulimit -a > That should give some insight into your problem. > > On 12/09/2015 2:53 PM, Rajesh M wrote: >> hi >> >> centos 6 64 bit >> >> hex core processor with hyperthreading ie display shows 12 cores >> 16 gb ram >> 600 gb 15000 rpm drive >> >> we are having around 4000 users on a server >> >> >> i wish to allow 1500 pop3 and 1500 imap connections simultaneously. >> >> need help regarding the settings to handle the above >> >> imap-login, pop3-login >> imap pop3 service settings >> >> i recently i got an error >> imap-login: Error: read(imap) failed: Remote closed connection (process_limit reached?) >> >> >> my current dovecot config file >> >> # 2.2.7: /etc/dovecot/dovecot.conf >> # OS: Linux 2.6.32-431.23.3.el6.x86_64 x86_64 CentOS release 6.5 (Final) >> auth_cache_negative_ttl = 0 >> auth_cache_ttl = 0 >> auth_mechanisms = plain login digest-md5 cram-md5 >> default_login_user = vpopmail >> disable_plaintext_auth = no >> first_valid_gid = 89 >> first_valid_uid = 89 >> log_path = /var/log/dovecot.log >> login_greeting = ready. >> mail_max_userip_connections = 50 >> mail_plugins = " quota" >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave >> namespace { >> inbox = yes >> location = >> prefix = >> separator = . >> type = private >> } >> passdb { >> args = cache_key=%u webmail=127.0.0.1 >> driver = vpopmail >> } >> plugin { >> quota = maildir:ignore=Trash >> quota_rule = ?:storage=0 >> } >> protocols = imap pop3 >> service imap-login { >> client_limit = 256 >> process_limit = 400 >> process_min_avail = 4 >> service_count = 0 >> vsz_limit = 512 M >> } >> service pop3-login { >> client_limit = 1000 >> process_limit = 400 >> process_min_avail = 12 >> service_count = 0 >> vsz_limit = 512 M >> } >> ssl_cert = > ssl_dh_parameters_length = 2048 >> ssl_key = > userdb { >> args = cache_key=%u quota_template=quota_rule=*:backend=%q >> driver = vpopmail >> } >> protocol imap { >> imap_client_workarounds = delay-newmail >> mail_plugins = " quota imap_quota" >> } >> protocol pop3 { >> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> pop3_fast_size_lookups = yes >> pop3_lock_session = no >> pop3_no_flag_updates = yes >> } >> >> >> thanks very much, >> >> rajesh > > > this is the first time i got this message since past over an year. > the error went away as soon as i restarted dovecot.. > surprisingly this happened in the night ie off-office hours. > > here are the values i got > > also could you provide me the settings for the limits if wish to handle around 1500 simultaneous connections of pop3 and imap each ? > > the current values are as follows > > [root at ns1 log]# cat /proc/sys/kernel/pid_max > 49152 > > [root at ns1 log]# ulimit -a > core file size (blocks, -c) 0 > data seg size (kbytes, -d) unlimited > scheduling priority (-e) 0 > file size (blocks, -f) unlimited > pending signals (-i) 127047 > max locked memory (kbytes, -l) 64 > max memory size (kbytes, -m) unlimited > open files (-n) 1024 > pipe size (512 bytes, -p) 8 > POSIX message queues (bytes, -q) 819200 > real-time priority (-r) 0 > stack size (kbytes, -s) 10240 > cpu time (seconds, -t) unlimited > max user processes (-u) 127047 > virtual memory (kbytes, -v) unlimited > file locks (-x) unlimited > > > thanks > rajesh I'm no expert but it is my understanding that the binding limit would be the lower of pid_max or max user processes ie 49152. From that you would subtract 300 (reserved system pids) and the number of non-dovecot processes. Dovecot itself uses about 6 base processes (/usr/sbin/dovecot -F; dovecot/anvil; dovecot/log; dovecot/config; dovecot/auth; dovecot/ssl-params) plus one processes for each logged-in pop3 and imap mailbox. That's one process for each pop3 account but potentially multiple imap mailboxes per imap account if the imap client is using idle to monitor multiple imap mailboxes for changes. Assuming 10 mailboxes per simultaneous imap account, that would be 15000 processes, well below max_pid. I'd say that your problem does not appear to arise from system limits. Perhaps someone else could point you in a different direction. From mfoley at ohprs.org Sun Sep 13 05:10:57 2015 From: mfoley at ohprs.org (Mark Foley) Date: Sun, 13 Sep 2015 01:10:57 -0400 Subject: How to "Windows Authenticate" In-Reply-To: <201509110405.t8B45rLm016121@mail.hprs.local> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> <201509082311.t88NB963021145@mail.hprs.local> <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> <201509100247.t8A2lE98017371@mail.hprs.local> <20150910082715.Horde.jucYEJDsiBuzj6iP1IBedA1@www.vfemail.net> <201509110405.t8B45rLm016121@mail.hprs.local> Message-ID: <201509130510.t8D5Avj3012284@mail.hprs.local> I am running Dovecot 2.2.15 on Linux Slackware 14.1 and Samba 4.1.17 as the Active Directory/Domain Controller on the same host as Dovecot. Sendmail/procmail delivers mail to users' $HOME/Maildir. MS Outlook/IMAP is the client MTU used to connect with Dovecot to read mail on the Users' WIN7 workstations. I believe I have confirmed that MS Outlook will either ... 1) send the userid and password configured in the Outlook settings to Dovecot for authorizing. This mechanism has been working fine for months. or ... 2) Use NTML authorization if "Require login using Secure Password Authentication (SPA)" is checked: https://en.wikipedia.org/wiki/Secure_Password_Authentication Those, I believe, are the only two choices with Outlook (other than Exchange). Therefore, in order not to configure a Domain-distinct password in Outlook, I need to use the NTLM auth_mechanism for AD "Windows Authentication" with Dovecot. I've tried the settings below (just trying one user at the moment): $ doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain ntlm auth_use_winbind = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir protocols = imap ssl_cert = , rip=192.168.0.58, lip=98.102.63.107, session=<2PnkuZkfqADAqAA6> Can someone tell me what this means and how to fix it? Note that I have read http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm over and over, so simply referring me to that link will not help. Thanks, Mark From rs at sys4.de Sun Sep 13 06:13:40 2015 From: rs at sys4.de (Robert Schetterer) Date: Sun, 13 Sep 2015 08:13:40 +0200 Subject: concerning dovecot settings for high volume server In-Reply-To: <16E97053E7B24926AE733E6C85C9F884.MAI@ns1.24x7server.net> References: <16E97053E7B24926AE733E6C85C9F884.MAI@ns1.24x7server.net> Message-ID: <55F51414.1080101@sys4.de> Am 12.09.2015 um 20:53 schrieb Rajesh M: > hi > > centos 6 64 bit > > hex core processor with hyperthreading ie display shows 12 cores > 16 gb ram > 600 gb 15000 rpm drive > > we are having around 4000 users on a server > > > i wish to allow 1500 pop3 and 1500 imap connections simultaneously. for pop3 you will have no problems, perhaps you need a little tuning imap is different cause many clients will stay idle perhaps you should consider a setup with loadbalancers and more then one servers Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From axel.luttgens at skynet.be Sun Sep 13 06:26:28 2015 From: axel.luttgens at skynet.be (Axel Luttgens) Date: Sun, 13 Sep 2015 08:26:28 +0200 Subject: concerning dovecot settings for high volume server In-Reply-To: <16E97053E7B24926AE733E6C85C9F884.MAI@ns1.24x7server.net> References: <16E97053E7B24926AE733E6C85C9F884.MAI@ns1.24x7server.net> Message-ID: <5DB76508-2A92-4500-A520-1B2647F2DB66@skynet.be> > Le 12 sept. 2015 ? 20:53, Rajesh M a ?crit : > > hi > > [?] > > i wish to allow 1500 pop3 and 1500 imap connections simultaneously. > > need help regarding the settings to handle the above > > imap-login, pop3-login > imap pop3 service settings > > i recently i got an error > imap-login: Error: read(imap) failed: Remote closed connection (process_limit reached?) > > [?] Hello Rajesh, I guess you could have a look at: http://wiki2.dovecot.org/Services For example, a pop3 connection requires one pop3-login process and one pop3 process (unless your are running in "high performance mode"; but this doesn?t seem to be the case). So, you would have to adjust the process_limit setting for both of these services. IIRC, those settings are by default set to 0 and thus take the value of default_process_limit (which in turn defaults to 100). Of course, as others have already noted, such settings must remain within the limits configured at the system level. HTH, Axel From bind at enas.net Sun Sep 13 07:33:14 2015 From: bind at enas.net (Urban Loesch) Date: Sun, 13 Sep 2015 09:33:14 +0200 Subject: concerning dovecot settings for high volume server In-Reply-To: <16E97053E7B24926AE733E6C85C9F884.MAI@ns1.24x7server.net> References: <16E97053E7B24926AE733E6C85C9F884.MAI@ns1.24x7server.net> Message-ID: <55F526BA.1000800@enas.net> Hi, I have running dovecot with about 28k users. Here comes my relevant config for pop3 and imap from "doveconf -n". No problems so far. -- snip -- default_client_limit = 2000 ... service imap-login { inet_listener imap { port = 143 } process_limit = 256 process_min_avail = 50 service_count = 1 } service imap { process_limit = 2048 process_min_avail = 50 service_count = 1 vsz_limit = 512 M } ... service pop3-login { inet_listener pop3 { port = 110 } process_limit = 256 process_min_avail = 25 service_count = 1 } service pop3 { process_limit = 256 process_min_avail = 25 service_count = 1 } ... protocol imap { imap_client_workarounds = tb-extra-mailbox-sep imap_id_log = * imap_logout_format = bytes=%i/%o session=<%{session}> mail_max_userip_connections = 40 mail_plugins = " quota mail_log notify zlib imap_quota imap_zlib" } ... protocol pop3 { mail_plugins = " quota mail_log notify zlib" pop3_logout_format = bytes_sent=%o top=%t/%p, retr=%r/%b, del=%d/%m, \ size=%s uidl_hash=%u session=<%{session}> } -- snip -- Regards Urban Am 12.09.2015 um 20:53 schrieb Rajesh M: > hi > > centos 6 64 bit > > hex core processor with hyperthreading ie display shows 12 cores > 16 gb ram > 600 gb 15000 rpm drive > > we are having around 4000 users on a server > > > i wish to allow 1500 pop3 and 1500 imap connections simultaneously. > > need help regarding the settings to handle the above > > imap-login, pop3-login > imap pop3 service settings > > i recently i got an error > imap-login: Error: read(imap) failed: Remote closed connection (process_limit reached?) > > > my current dovecot config file > > # 2.2.7: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-431.23.3.el6.x86_64 x86_64 CentOS release 6.5 (Final) > auth_cache_negative_ttl = 0 > auth_cache_ttl = 0 > auth_mechanisms = plain login digest-md5 cram-md5 > default_login_user = vpopmail > disable_plaintext_auth = no > first_valid_gid = 89 > first_valid_uid = 89 > log_path = /var/log/dovecot.log > login_greeting = ready. > mail_max_userip_connections = 50 > mail_plugins = " quota" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace { > inbox = yes > location = > prefix = > separator = . > type = private > } > passdb { > args = cache_key=%u webmail=127.0.0.1 > driver = vpopmail > } > plugin { > quota = maildir:ignore=Trash > quota_rule = ?:storage=0 > } > protocols = imap pop3 > service imap-login { > client_limit = 256 > process_limit = 400 > process_min_avail = 4 > service_count = 0 > vsz_limit = 512 M > } > service pop3-login { > client_limit = 1000 > process_limit = 400 > process_min_avail = 12 > service_count = 0 > vsz_limit = 512 M > } > ssl_cert = ssl_dh_parameters_length = 2048 > ssl_key = userdb { > args = cache_key=%u quota_template=quota_rule=*:backend=%q > driver = vpopmail > } > protocol imap { > imap_client_workarounds = delay-newmail > mail_plugins = " quota imap_quota" > } > protocol pop3 { > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_fast_size_lookups = yes > pop3_lock_session = no > pop3_no_flag_updates = yes > } > > > thanks very much, > > rajesh > From jonikula at gmail.com Sun Sep 13 10:19:50 2015 From: jonikula at gmail.com (Jouko Nikula) Date: Sun, 13 Sep 2015 13:19:50 +0300 Subject: BINARY capability not working correctly? Message-ID: Hello, I have trouble with some attachments not working on Horde and Roundcube. I made a ticket to Roundcube webmail and they tracked down it to Dovecot not responding correctly to BINARY FETCH: http://trac.roundcube.net/ticket/1490532 What is causing Dovecot to answer NIL? Is there an issue in Dovecot? If I want to disable to BINARY capability in Dovecot I need to use imap_capabilities. I found out that I could add capabilities with syntax imap_capabilities= +FOO but it seems I can't use similar syntax (imap_capabilities= -FOO) to remove capabilities? If I list all capabilities like: imap_capabilities= IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE MOVE QUOTA I understood that this will result in listing all capabilities already pre-login. Is this a problem? Thanks, Jouko Nikula From anmeyer at mailbox.org Sun Sep 13 11:58:52 2015 From: anmeyer at mailbox.org (Andreas Meyer) Date: Sun, 13 Sep 2015 13:58:52 +0200 Subject: no login with MySQL Message-ID: <20150913135852.73a99d60@workstation.bitcorner.intern> Hello! Setup again to authenticate my users with MySQL but can't login. Sep 13 11:55:49 auth: Info: passwd-file(a.meyer at nimmini.de,95.88.63.177,): unknown user Sep 13 11:55:49 auth: Info: passwd-file(a.meyer at nimmini.de,95.88.63.177,): unknown user Sep 13 11:55:49 imap-login: Info: Login: user=, method=CRAM-MD5, rip=95.88.63.177, lip=46.38.231.143, mpid=30826, TLS, TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Sep 13 11:55:49 imap(a.meyer at nimmini.de): Error: user a.meyer at nimmini.de: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/ Sep 13 11:55:49 imap(a.meyer at nimmini.de): Error: Invalid user settings. Refer to server log for more information. Sep 13 11:55:49 auth: Debug: auth client connected (pid=30825) Sep 13 11:55:49 auth: Debug: client in: AUTH 1 CRAM-MD5 service=imap secured session=R7Qe9J0fTgBfWD+x lip=46.38.231.143 rip=95.88.63.177 lport=143 rport=45646 Sep 13 11:55:49 auth: Debug: client passdb out: CONT 1 PDkzMDcwNTI5Mzk5NTk1NTYuMTQ0MjEzODE0OUBiaXRtYWNoaW5lMT4= Sep 13 11:55:49 auth: Debug: client in: CONT Sep 13 11:55:49 auth: Debug: passwd-file(a.meyer at nimmini.de,95.88.63.177,): lookup: user=a.meyer at nimmini.de file=/etc/dovecot/passwd Sep 13 11:55:49 auth-worker(30822): Debug: sql(a.meyer at nimmini.de,95.88.63.177): query: SELECT username AS username, password FROM mailbox WHERE username = 'a.meyer at nimmini.de' AND active = 1 Sep 13 11:55:49 auth: Debug: client passdb out: OK 1 user=a.meyer at nimmini.de Sep 13 11:55:49 auth: Debug: master in: REQUEST 997457921 30821 1 dc2456b4ee1453e5458806ab92da9ee7 session_pid=30826 request_auth_token Sep 13 11:55:49 auth: Debug: passwd-file(a.meyer at nimmini.de,95.88.63.177,): lookup: user=a.meyer at nimmini.de file=/etc/dovecot/passwd Sep 13 11:55:49 auth-worker(30822): Debug: passwd-file(a.meyer at nimmini.de,95.88.63.177): SELECT maildir, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = 'a.meyer at nimmini.de' Sep 13 11:55:49 auth: Debug: master userdb out: USER 997457921 a.meyer at nimmini.de maildir=/var/spool/vhosts/nimmini.de/ uid=5000 gid=5000 quota_rule=*:storage=5242880 quota_rule2=Trash:storage=+100 auth_token=2a4c8e78ff8fcf3f9599eecbefb6a5605f22abe5 Sep 13 11:55:49 imap: Debug: Loading modules from directory: /usr/lib64/dovecot/modules Sep 13 11:55:49 imap: Debug: Module loaded: /usr/lib64/dovecot/modules/lib01_acl_plugin.so Sep 13 11:55:49 imap: Debug: Module loaded: /usr/lib64/dovecot/modules/lib02_imap_acl_plugin.so Sep 13 11:55:49 imap: Debug: Module loaded: /usr/lib64/dovecot/modules/lib10_quota_plugin.so Sep 13 11:55:49 imap: Debug: Module loaded: /usr/lib64/dovecot/modules/lib11_imap_quota_plugin.so Sep 13 11:55:49 imap: Debug: Added userdb setting: plugin/maildir=/var/spool/vhosts/nimmini.de/ Sep 13 11:55:49 imap: Debug: Added userdb setting: plugin/quota_rule=*:storage=5242880 Sep 13 11:55:49 imap: Debug: Added userdb setting: plugin/quota_rule2=Trash:storage=+100 Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Effective uid=5000, gid=5000, home= Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Quota root: name=User quota backend=maildir args= Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Quota rule: root=User quota mailbox=* bytes=5368709120 messages=0 Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Quota rule: root=User quota mailbox=Trash bytes=+102400 messages=0 Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Quota grace: root=User quota bytes=53687091 (1%) Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/ This is what claws-mail says: [12:22:48] IMAP4< * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5] Dovecot ready. [12:22:48] IMAP4> 1 STARTTLS [12:22:48] IMAP4< 1 OK Begin TLS negotiation now. * IMAP connection is un-authenticated [12:22:48] IMAP4> 2 CAPABILITY [12:22:48] IMAP4< * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=CRAM-MD5 [12:22:48] IMAP4< 2 OK Pre-login capabilities listed, post-login capabilities have more. [12:22:48] IMAP4> Logging a.meyer at nimmini.de to mail.nimmini.de using CRAM-MD5 ** IMAP Fehler auf mail.nimmini.de: parse error (sehr wahrscheinlich ein nicht RFC-konformer Server) ** IMAP4-Verbindung unterbrochen [12:22:48] IMAP4< Error logging in to mail.nimmini.de When I set auth_type PLAIN in Roundcube, login fails too. The SELECTS in the database are ok: mysql> SELECT maildir, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = 'a.meyer at nimmini.de'; +-------------------------------+------+------+-------------------+--------------------+ | maildir | uid | gid | quota_rule | quota_rule2 | +-------------------------------+------+------+-------------------+--------------------+ | /var/spool/vhosts/nimmini.de/ | 5000 | 5000 | *:storage=5242880 | Trash:storage=+100 | +-------------------------------+------+------+-------------------+--------------------+ 1 row in set (0,00 sec) mysql> SELECT username AS username, password FROM mailbox WHERE username = 'a.meyer at nimmini.de' AND active = 1 -> ; +--------------------+----------+ | username | password | +--------------------+----------+ | a.meyer at nimmini.de | hidden | +--------------------+----------+ 1 row in set (0,00 sec) mysql> quit What's wrong? Any help appreciated! Regards Andreas From stephan at rename-it.nl Sun Sep 13 12:04:37 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Sun, 13 Sep 2015 14:04:37 +0200 Subject: BINARY capability not working correctly? In-Reply-To: References: Message-ID: <55F56655.5030907@rename-it.nl> Op 9/13/2015 om 12:19 PM schreef Jouko Nikula: > Hello, > > I have trouble with some attachments not working on Horde and > Roundcube. I made a ticket to Roundcube webmail and they tracked down > it to Dovecot not responding correctly to BINARY FETCH: > > http://trac.roundcube.net/ticket/1490532 > > What is causing Dovecot to answer NIL? Is there an issue in Dovecot? A few questions to facilitate debugging: - Do your logs show anything that may be related to this issue? - What is the output of `dovecot -n` ? > If I want to disable to BINARY capability in Dovecot I need to use > imap_capabilities. I found out that I could add capabilities with > syntax > imap_capabilities= +FOO > but it seems I can't use similar syntax (imap_capabilities= -FOO) to > remove capabilities? If I list all capabilities like: > > imap_capabilities= IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID > ENABLE IDLE AUTH=PLAIN SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT > CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC > ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE > MOVE QUOTA > > I understood that this will result in listing all capabilities already > pre-login. Is this a problem? Not that I know of. Regards, Stephan. From 24x7server at 24x7server.net Sun Sep 13 17:35:22 2015 From: 24x7server at 24x7server.net (Rajesh M) Date: Sun, 13 Sep 2015 23:05:22 +0530 Subject: concerning dovecot settings for high volume server Message-ID: <9950E1B5D5204D99958814152D9E25D9.MAI@ns1.24x7server.net> thanks very much urban. this was very helpful. i have around 12500 users spread over 3 independent servers each having around 4000+ users i am using qmailtoaster, vpopmail, spamassassin and dovecot. in future i am planning to consolidate all using a HA cluster. if it is ok with you could you kindly share some information about your email server configuration. if you do not wish to put it on the list then you can directly email me. 1) is your email volume high ? 2) server hardware to support 28000 users 3) mailserver software - exim or postfix ??. 4) antispam software like spamassassin if any also if you have faced any email re-download issues with dovecot sometimes randomly incase of pop3 users storing emails on the server ? thanks rajesh ----- Original Message ----- From: Urban Loesch [mailto:bind at enas.net] To: dovecot at dovecot.org Sent: Sun, 13 Sep 2015 09:33:14 +0200 Subject: Re: concerning dovecot settings for high volume server Hi, I have running dovecot with about 28k users. Here comes my relevant config for pop3 and imap from "doveconf -n". No problems so far. -- snip -- default_client_limit = 2000 ... service imap-login { inet_listener imap { port = 143 } process_limit = 256 process_min_avail = 50 service_count = 1 } service imap { process_limit = 2048 process_min_avail = 50 service_count = 1 vsz_limit = 512 M } ... service pop3-login { inet_listener pop3 { port = 110 } process_limit = 256 process_min_avail = 25 service_count = 1 } service pop3 { process_limit = 256 process_min_avail = 25 service_count = 1 } ... protocol imap { imap_client_workarounds = tb-extra-mailbox-sep imap_id_log = * imap_logout_format = bytes=%i/%o session=<%{session}> mail_max_userip_connections = 40 mail_plugins = " quota mail_log notify zlib imap_quota imap_zlib" } ... protocol pop3 { mail_plugins = " quota mail_log notify zlib" pop3_logout_format = bytes_sent=%o top=%t/%p, retr=%r/%b, del=%d/%m, \ size=%s uidl_hash=%u session=<%{session}> } -- snip -- Regards Urban Am 12.09.2015 um 20:53 schrieb Rajesh M: > hi > > centos 6 64 bit > > hex core processor with hyperthreading ie display shows 12 cores > 16 gb ram > 600 gb 15000 rpm drive > > we are having around 4000 users on a server > > > i wish to allow 1500 pop3 and 1500 imap connections simultaneously. > > need help regarding the settings to handle the above > > imap-login, pop3-login > imap pop3 service settings > > i recently i got an error > imap-login: Error: read(imap) failed: Remote closed connection (process_limit reached?) > > > my current dovecot config file > > # 2.2.7: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-431.23.3.el6.x86_64 x86_64 CentOS release 6.5 (Final) > auth_cache_negative_ttl = 0 > auth_cache_ttl = 0 > auth_mechanisms = plain login digest-md5 cram-md5 > default_login_user = vpopmail > disable_plaintext_auth = no > first_valid_gid = 89 > first_valid_uid = 89 > log_path = /var/log/dovecot.log > login_greeting = ready. > mail_max_userip_connections = 50 > mail_plugins = " quota" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace { > inbox = yes > location = > prefix = > separator = . > type = private > } > passdb { > args = cache_key=%u webmail=127.0.0.1 > driver = vpopmail > } > plugin { > quota = maildir:ignore=Trash > quota_rule = ?:storage=0 > } > protocols = imap pop3 > service imap-login { > client_limit = 256 > process_limit = 400 > process_min_avail = 4 > service_count = 0 > vsz_limit = 512 M > } > service pop3-login { > client_limit = 1000 > process_limit = 400 > process_min_avail = 12 > service_count = 0 > vsz_limit = 512 M > } > ssl_cert = ssl_dh_parameters_length = 2048 > ssl_key = userdb { > args = cache_key=%u quota_template=quota_rule=*:backend=%q > driver = vpopmail > } > protocol imap { > imap_client_workarounds = delay-newmail > mail_plugins = " quota imap_quota" > } > protocol pop3 { > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_fast_size_lookups = yes > pop3_lock_session = no > pop3_no_flag_updates = yes > } > > > thanks very much, > > rajesh > From ml+dovecot at valo.at Sun Sep 13 17:51:38 2015 From: ml+dovecot at valo.at (Christian Kivalo) Date: Sun, 13 Sep 2015 19:51:38 +0200 Subject: no login with MySQL In-Reply-To: <20150913135852.73a99d60@workstation.bitcorner.intern> References: <20150913135852.73a99d60@workstation.bitcorner.intern> Message-ID: <8debbab81096dc8ba8f1dfb739cca55a@valo.at> On 2015-09-13 13:58, Andreas Meyer wrote: > Hello! > > Setup again to authenticate my users with MySQL but can't login. > > Sep 13 11:55:49 auth: Info: > passwd-file(a.meyer at nimmini.de,95.88.63.177,): > unknown user > Sep 13 11:55:49 auth: Info: > passwd-file(a.meyer at nimmini.de,95.88.63.177,): > unknown user > Sep 13 11:55:49 imap-login: Info: Login: user=, > method=CRAM-MD5, rip=95.88.63.177, lip=46.38.231.143, mpid=30826, TLS, > TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Error: user > a.meyer at nimmini.de: Initialization failed: Namespace '': Home > directory not set for user. Can't expand ~/ for mail root dir in: ~/ > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Error: Invalid user > settings. Refer to server log for more information. i see an error here "Error: Invalid user settings" relating to the users mail_location direcory. Is "mail_location" (and not so important "mail_home") defined? With my setup "mail" and "home" is returned from the userdb query from mysql home: /srv/mail/%u mail: /srv/mail/%u/Maildir see http://wiki2.dovecot.org/VirtualUsers/Home > Sep 13 11:55:49 auth: Debug: auth client connected (pid=30825) > Sep 13 11:55:49 auth: Debug: client in: AUTH 1 CRAM-MD5 > service=imap secured session=R7Qe9J0fTgBfWD+x > lip=46.38.231.143 rip=95.88.63.177 lport=143 rport=45646 > Sep 13 11:55:49 auth: Debug: client passdb out: CONT 1 > PDkzMDcwNTI5Mzk5NTk1NTYuMTQ0MjEzODE0OUBiaXRtYWNoaW5lMT4= > Sep 13 11:55:49 auth: Debug: client in: CONT > Sep 13 11:55:49 auth: Debug: > passwd-file(a.meyer at nimmini.de,95.88.63.177,): > lookup: user=a.meyer at nimmini.de file=/etc/dovecot/passwd > Sep 13 11:55:49 auth-worker(30822): Debug: > sql(a.meyer at nimmini.de,95.88.63.177): query: SELECT username AS > username, password FROM mailbox WHERE username = 'a.meyer at nimmini.de' > AND active = 1 > Sep 13 11:55:49 auth: Debug: client passdb out: OK 1 > user=a.meyer at nimmini.de > Sep 13 11:55:49 auth: Debug: master in: REQUEST 997457921 30821 > 1 dc2456b4ee1453e5458806ab92da9ee7 session_pid=30826 > request_auth_token > Sep 13 11:55:49 auth: Debug: > passwd-file(a.meyer at nimmini.de,95.88.63.177,): > lookup: user=a.meyer at nimmini.de file=/etc/dovecot/passwd > Sep 13 11:55:49 auth-worker(30822): Debug: > passwd-file(a.meyer at nimmini.de,95.88.63.177): SELECT maildir, uid, > gid, concat('*:storage=', quota) AS quota_rule, > concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox > WHERE username = 'a.meyer at nimmini.de' > Sep 13 11:55:49 auth: Debug: master userdb out: USER 997457921 > a.meyer at nimmini.de maildir=/var/spool/vhosts/nimmini.de/ > uid=5000 gid=5000 quota_rule=*:storage=5242880 > quota_rule2=Trash:storage=+100 > auth_token=2a4c8e78ff8fcf3f9599eecbefb6a5605f22abe5 > Sep 13 11:55:49 imap: Debug: Loading modules from directory: > /usr/lib64/dovecot/modules > Sep 13 11:55:49 imap: Debug: Module loaded: > /usr/lib64/dovecot/modules/lib01_acl_plugin.so > Sep 13 11:55:49 imap: Debug: Module loaded: > /usr/lib64/dovecot/modules/lib02_imap_acl_plugin.so > Sep 13 11:55:49 imap: Debug: Module loaded: > /usr/lib64/dovecot/modules/lib10_quota_plugin.so > Sep 13 11:55:49 imap: Debug: Module loaded: > /usr/lib64/dovecot/modules/lib11_imap_quota_plugin.so > Sep 13 11:55:49 imap: Debug: Added userdb setting: > plugin/maildir=/var/spool/vhosts/nimmini.de/ > Sep 13 11:55:49 imap: Debug: Added userdb setting: > plugin/quota_rule=*:storage=5242880 > Sep 13 11:55:49 imap: Debug: Added userdb setting: > plugin/quota_rule2=Trash:storage=+100 > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Effective uid=5000, > gid=5000, home= > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Quota root: name=User > quota backend=maildir args= > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Quota rule: root=User > quota mailbox=* bytes=5368709120 messages=0 > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Quota rule: root=User > quota mailbox=Trash bytes=+102400 messages=0 > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Quota grace: > root=User quota bytes=53687091 (1%) > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Namespace inbox: > type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, > subscriptions=yes location=maildir:~/ on one of my accounts this same line looks like this: imap(aaa at kivalo.at): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/srv/mail/aaa at kivalo.at/Maildir:LAYOUT=fs where location is the "mail_location" setting from 10-mail.conf and is overridden by the userdb from sql for every user. it's probably enough to set the option mail_location in 10-mail.conf to an absolute path. > This is what claws-mail says: > > [12:22:48] IMAP4< * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR > LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5] > Dovecot ready. > [12:22:48] IMAP4> 1 STARTTLS > [12:22:48] IMAP4< 1 OK Begin TLS negotiation now. > * IMAP connection is un-authenticated > [12:22:48] IMAP4> 2 CAPABILITY > [12:22:48] IMAP4< * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR > LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=CRAM-MD5 > [12:22:48] IMAP4< 2 OK Pre-login capabilities listed, post-login > capabilities have more. > [12:22:48] IMAP4> Logging a.meyer at nimmini.de to mail.nimmini.de using > CRAM-MD5 > ** IMAP Fehler auf mail.nimmini.de: parse error (sehr wahrscheinlich > ein nicht RFC-konformer Server) > ** IMAP4-Verbindung unterbrochen > [12:22:48] IMAP4< Error logging in to mail.nimmini.de > > When I set auth_type PLAIN in Roundcube, login fails too. > > The SELECTS in the database are ok: > > mysql> SELECT maildir, uid, gid, concat('*:storage=', quota) AS > quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM > mailbox WHERE username = 'a.meyer at nimmini.de'; > +-------------------------------+------+------+-------------------+--------------------+ > | maildir | uid | gid | quota_rule | > quota_rule2 | > +-------------------------------+------+------+-------------------+--------------------+ > | /var/spool/vhosts/nimmini.de/ | 5000 | 5000 | *:storage=5242880 | > Trash:storage=+100 | > +-------------------------------+------+------+-------------------+--------------------+ > 1 row in set (0,00 sec) > > mysql> SELECT username AS username, password FROM mailbox WHERE > username = 'a.meyer at nimmini.de' AND active = 1 > -> ; > +--------------------+----------+ > | username | password | > +--------------------+----------+ > | a.meyer at nimmini.de | hidden | > +--------------------+----------+ > 1 row in set (0,00 sec) > > mysql> quit > > What's wrong? Any help appreciated! > > Regards > > Andreas Regards - Christian From anmeyer at mailbox.org Sun Sep 13 19:05:15 2015 From: anmeyer at mailbox.org (Andreas Meyer) Date: Sun, 13 Sep 2015 21:05:15 +0200 Subject: no login with MySQL In-Reply-To: <8debbab81096dc8ba8f1dfb739cca55a@valo.at> References: <20150913135852.73a99d60@workstation.bitcorner.intern> <8debbab81096dc8ba8f1dfb739cca55a@valo.at> Message-ID: <20150913210515.0466de0d@workstation.bitcorner.intern> Hello! Christian Kivalo schrieb am 13.09.15 um 19:51:38 Uhr: > > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Error: user > > a.meyer at nimmini.de: Initialization failed: Namespace '': Home > > directory not set for user. Can't expand ~/ for mail root dir in: ~/ > > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Error: Invalid user > > settings. Refer to server log for more information. > > i see an error here "Error: Invalid user settings" relating to the users > mail_location direcory. > > Is "mail_location" (and not so important "mail_home") defined? In dovecot.conf mail_location = maildir:~/ is set. This works with the system-users defined in the passwd file. I think the query-string f?r MySQL would overwrite this mail_location, right? But how do I define it in the query? > With my setup "mail" and "home" is returned from the userdb query from > mysql > > home: /srv/mail/%u > mail: /srv/mail/%u/Maildir The query-strings for virtual users look like this: password_query = SELECT username AS username, password FROM mailbox WHERE username = '%u' AND active = 1 user_query = SELECT maildir, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u' There is no mail_loation defined. I thought if maildir is queried, the %u would expand to the mail_location of the user. Where the users only with the local part of the address exist in the filesystem. /var/spool/vhosts/nimmini.de/a.meyer whereas /var/spool/vhosts is a symlink to /home/vhosts. This setup worked fine sometime ago and I wanted to reactivate MySQL for dovecot. Now the query doesn't work anymore, the location seems to be invalid. location=maildir:~/ instead of /var/spool/vhosts/nimmini.de/%u. > > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Namespace inbox: > > type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, > > subscriptions=yes location=maildir:~/ > > on one of my accounts this same line looks like this: > imap(aaa at kivalo.at): Debug: Namespace inbox: type=private, prefix=, > sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes > location=maildir:/srv/mail/aaa at kivalo.at/Maildir:LAYOUT=fs > > where location is the "mail_location" setting from 10-mail.conf and is > overridden by the userdb from sql for every user. > > it's probably enough to set the option mail_location in 10-mail.conf to > an absolute path. I cannot set the absolute path in mail_location, because I have systemusers and virtual users. Don't know how to set mail_location in the query-string for MySQL, if the expandation of %u is not enough. %u would expand to the full address a.meyer at nimmini.de whereas the location looks like /var/spool/vhosts/nimmini.de/a.meyer Don't know what to do. Regards Andreas From ml+dovecot at valo.at Sun Sep 13 20:08:04 2015 From: ml+dovecot at valo.at (Christian Kivalo) Date: Sun, 13 Sep 2015 22:08:04 +0200 Subject: no login with MySQL In-Reply-To: <20150913210515.0466de0d@workstation.bitcorner.intern> References: <20150913135852.73a99d60@workstation.bitcorner.intern> <8debbab81096dc8ba8f1dfb739cca55a@valo.at> <20150913210515.0466de0d@workstation.bitcorner.intern> Message-ID: <2350dbbbd7bd49d5d845e924cfdb85db@valo.at> On 2015-09-13 21:05, Andreas Meyer wrote: > Hello! > > Christian Kivalo schrieb am 13.09.15 um 19:51:38 > Uhr: > >> > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Error: user >> > a.meyer at nimmini.de: Initialization failed: Namespace '': Home >> > directory not set for user. Can't expand ~/ for mail root dir in: ~/ >> > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Error: Invalid user >> > settings. Refer to server log for more information. >> >> i see an error here "Error: Invalid user settings" relating to the >> users >> mail_location direcory. >> >> Is "mail_location" (and not so important "mail_home") defined? > > In dovecot.conf mail_location = maildir:~/ is set. This works with > the system-users defined in the passwd file. > > I think the query-string f?r MySQL would overwrite this mail_location, > right? But how do I define it in the query? yes thats how it should work but your query (looking at the query result from your first email) overwrites the mail_location with "/var/spool/vhosts/nimmini.de/" without a username. >> With my setup "mail" and "home" is returned from the userdb query from >> mysql >> >> home: /srv/mail/%u >> mail: /srv/mail/%u/Maildir > > The query-strings for virtual users look like this: > > password_query = SELECT username AS username, password FROM mailbox > WHERE username = '%u' AND active = 1 > user_query = SELECT maildir, uid, gid, concat('*:storage=', quota) AS > quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM > mailbox WHERE username = '%u' what about user_query = SELECT CONCAT(maildir, SUBSTRING_INDEX(username,'@',+1)) as mail, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u' The SUBSTRING_INDEX returns everything left of the '@' from field username, that should give you something like +--------------------------------------+------+------+-------------------+--------------------+ | mail | uid | gid | quota_rule | quota_rule2 | +--------------------------------------+------+------+-------------------+--------------------+ | /var/spool/vhosts/nimmini.de/a.meyer | 5000 | 5000 | *:storage=5242880 | Trash:storage=+100 | +--------------------------------------+------+------+-------------------+--------------------+ which hopefully is the path to your maildir. > There is no mail_loation defined. I thought if maildir is queried, the > %u > would expand to the mail_location of the user. Where the users only > with > the local part of the address exist in the filesystem. I don't know a setting called "maildir" dovecot expects a field "mail" to be returned by your sql query or uses the default one (set in 10-mail.conf). maybe even this works, but it too will only return the path without the username user_query = SELECT maildir AS mail, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u' %u is the user at domain username %n is the username without the @domain part > /var/spool/vhosts/nimmini.de/a.meyer > > whereas /var/spool/vhosts is a symlink to /home/vhosts. > > This setup worked fine sometime ago and I wanted to reactivate MySQL > for dovecot. Now the query doesn't work anymore, the location seems > to be invalid. > > location=maildir:~/ > instead of > /var/spool/vhosts/nimmini.de/%u. > >> > Sep 13 11:55:49 imap(a.meyer at nimmini.de): Debug: Namespace inbox: >> > type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, >> > subscriptions=yes location=maildir:~/ >> >> on one of my accounts this same line looks like this: >> imap(aaa at kivalo.at): Debug: Namespace inbox: type=private, prefix=, >> sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes >> location=maildir:/srv/mail/aaa at kivalo.at/Maildir:LAYOUT=fs >> >> where location is the "mail_location" setting from 10-mail.conf and is >> overridden by the userdb from sql for every user. >> >> it's probably enough to set the option mail_location in 10-mail.conf >> to >> an absolute path. > > I cannot set the absolute path in mail_location, because I have > systemusers and virtual users. > > Don't know how to set mail_location in the query-string for MySQL, > if the expandation of %u is not enough. %u would expand to the full > address a.meyer at nimmini.de whereas the location looks like > /var/spool/vhosts/nimmini.de/a.meyer > Don't know what to do. > > Regards > > Andreas - christian From anmeyer at mailbox.org Sun Sep 13 20:52:15 2015 From: anmeyer at mailbox.org (Andreas Meyer) Date: Sun, 13 Sep 2015 22:52:15 +0200 Subject: no login with MySQL In-Reply-To: <2350dbbbd7bd49d5d845e924cfdb85db@valo.at> References: <20150913135852.73a99d60@workstation.bitcorner.intern> <8debbab81096dc8ba8f1dfb739cca55a@valo.at> <20150913210515.0466de0d@workstation.bitcorner.intern> <2350dbbbd7bd49d5d845e924cfdb85db@valo.at> Message-ID: <20150913225215.4b18b68b@workstation.bitcorner.intern> Christian Kivalo schrieb am 13.09.15 um 22:08:04 Uhr: > > I think the query-string f?r MySQL would overwrite this mail_location, > > right? But how do I define it in the query? > > yes thats how it should work but your query (looking at the query result > from your first email) overwrites the mail_location with > "/var/spool/vhosts/nimmini.de/" without a username. > > >> With my setup "mail" and "home" is returned from the userdb query from > >> mysql > >> > >> home: /srv/mail/%u > >> mail: /srv/mail/%u/Maildir > > > > The query-strings for virtual users look like this: > > > > password_query = SELECT username AS username, password FROM mailbox > > WHERE username = '%u' AND active = 1 > > user_query = SELECT maildir, uid, gid, concat('*:storage=', quota) AS > > quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM > > mailbox WHERE username = '%u' > > what about > user_query = SELECT CONCAT(maildir, SUBSTRING_INDEX(username,'@',+1)) as > mail, uid, gid, concat('*:storage=', quota) AS quota_rule, > concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE > username = '%u' With this query above I can login again with Roundcube and claws-mail but with the mysql-client I get: mysql> SELECT CONCAT(maildir, SUBSTRING_INDEX(username,'@',+1)) as mail, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u'; Empty set (0,00 sec) This is my old query with wich I couldn't log in. mysql> SELECT maildir, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u'; Empty set (0,00 sec) > > The SUBSTRING_INDEX returns everything left of the '@' from field > username, that should give you something like > > +--------------------------------------+------+------+-------------------+--------------------+ > | mail | uid | gid | quota_rule > | quota_rule2 | > +--------------------------------------+------+------+-------------------+--------------------+ > | /var/spool/vhosts/nimmini.de/a.meyer | 5000 | 5000 | *:storage=5242880 > | Trash:storage=+100 | > +--------------------------------------+------+------+-------------------+--------------------+ > > which hopefully is the path to your maildir. I get am Emty set Don't understand it. Andreas From lists.zxinn at otaking.se Sun Sep 13 22:20:37 2015 From: lists.zxinn at otaking.se (=?UTF-8?Q?Tobias_Franz=c3=a9n?=) Date: Mon, 14 Sep 2015 00:20:37 +0200 Subject: no login with MySQL In-Reply-To: <20150913225215.4b18b68b@workstation.bitcorner.intern> References: <20150913135852.73a99d60@workstation.bitcorner.intern> <8debbab81096dc8ba8f1dfb739cca55a@valo.at> <20150913210515.0466de0d@workstation.bitcorner.intern> <2350dbbbd7bd49d5d845e924cfdb85db@valo.at> <20150913225215.4b18b68b@workstation.bitcorner.intern> Message-ID: <55F5F6B5.1000202@otaking.se> On 2015-09-13 22:52, Andreas Meyer wrote: > Christian Kivalo schrieb am 13.09.15 um 22:08:04 Uhr: > >>> I think the query-string f?r MySQL would overwrite this mail_location, >>> right? But how do I define it in the query? >> yes thats how it should work but your query (looking at the query result >> from your first email) overwrites the mail_location with >> "/var/spool/vhosts/nimmini.de/" without a username. >> >>>> With my setup "mail" and "home" is returned from the userdb query from >>>> mysql >>>> >>>> home: /srv/mail/%u >>>> mail: /srv/mail/%u/Maildir >>> The query-strings for virtual users look like this: >>> >>> password_query = SELECT username AS username, password FROM mailbox >>> WHERE username = '%u' AND active = 1 >>> user_query = SELECT maildir, uid, gid, concat('*:storage=', quota) AS >>> quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM >>> mailbox WHERE username = '%u' >> what about >> user_query = SELECT CONCAT(maildir, SUBSTRING_INDEX(username,'@',+1)) as >> mail, uid, gid, concat('*:storage=', quota) AS quota_rule, >> concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE >> username = '%u' > With this query above I can login again with Roundcube and claws-mail but > with the mysql-client I get: > > mysql> SELECT CONCAT(maildir, SUBSTRING_INDEX(username,'@',+1)) as mail, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u'; > Empty set (0,00 sec) > > This is my old query with wich I couldn't log in. > mysql> SELECT maildir, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u'; > Empty set (0,00 sec) > >> The SUBSTRING_INDEX returns everything left of the '@' from field >> username, that should give you something like >> >> +--------------------------------------+------+------+-------------------+--------------------+ >> | mail | uid | gid | quota_rule >> | quota_rule2 | >> +--------------------------------------+------+------+-------------------+--------------------+ >> | /var/spool/vhosts/nimmini.de/a.meyer | 5000 | 5000 | *:storage=5242880 >> | Trash:storage=+100 | >> +--------------------------------------+------+------+-------------------+--------------------+ >> >> which hopefully is the path to your maildir. > I get am Emty set > > Don't understand it. > > Andreas Hi Andreas, Make sure to return a "home" attribute, and only optionally a "mail" attribute, from your SQL user query. Your "home" attribute for user "a.meyer at nimmini.de" should return "/var/spool/vhosts/nimmini.de/a.meyer", and only if you want to override the global mail_location specify a "mail" attribute to return something like "maildir:/var/spool/vhosts/nimmini.de/a.meyer/Maildir". There is no "maildir" attribute used from the SQL query, to my knowledge. If you want to have the maildir stored directly in the user's home folder, e.g. "/var/spool/vhosts/nimmini.de/a.meyer", and your global mail_location already is "maildir:~/", then you only need to return a proper "home" attribute from SQL. BR Tobias From me at junc.eu Sun Sep 13 23:17:17 2015 From: me at junc.eu (Benny Pedersen) Date: Mon, 14 Sep 2015 01:17:17 +0200 Subject: no login with MySQL In-Reply-To: <20150913225215.4b18b68b@workstation.bitcorner.intern> References: <20150913135852.73a99d60@workstation.bitcorner.intern> <8debbab81096dc8ba8f1dfb739cca55a@valo.at> <20150913210515.0466de0d@workstation.bitcorner.intern> <2350dbbbd7bd49d5d845e924cfdb85db@valo.at> <20150913225215.4b18b68b@workstation.bitcorner.intern> Message-ID: Andreas Meyer skrev den 2015-09-13 22:52: > Don't understand it. in mysql shell you self need to expand %u since there is possible no user email that is %u :-) From anmeyer at mailbox.org Mon Sep 14 02:46:48 2015 From: anmeyer at mailbox.org (Andreas Meyer) Date: Mon, 14 Sep 2015 04:46:48 +0200 Subject: no login with MySQL In-Reply-To: References: <20150913135852.73a99d60@workstation.bitcorner.intern> <8debbab81096dc8ba8f1dfb739cca55a@valo.at> <20150913210515.0466de0d@workstation.bitcorner.intern> <2350dbbbd7bd49d5d845e924cfdb85db@valo.at> <20150913225215.4b18b68b@workstation.bitcorner.intern> Message-ID: <20150914044648.2d49d0b7@workstation.bitcorner.intern> Benny Pedersen schrieb am 14.09.15 um 01:17:17 Uhr: > Andreas Meyer skrev den 2015-09-13 22:52: > > > Don't understand it. > > in mysql shell you self need to expand %u > > since there is possible no user email that is %u Yes, of course. Too much stress today. But I solved my problems with mysql, auth, dovecot_lda and postfix deferred mail by just setting mail_home = /var/spool/vhosts/%d/%n in dovecot.conf again. And the old queries work again. Now is bedtime. Thank you everybody! Andreas From bind at enas.net Mon Sep 14 07:47:50 2015 From: bind at enas.net (Urban Loesch) Date: Mon, 14 Sep 2015 09:47:50 +0200 Subject: concerning dovecot settings for high volume server In-Reply-To: <9950E1B5D5204D99958814152D9E25D9.MAI@ns1.24x7server.net> References: <9950E1B5D5204D99958814152D9E25D9.MAI@ns1.24x7server.net> Message-ID: <55F67BA6.10408@enas.net> Hi Rajesh, our setup looks as follows: - we are running linux-vserver as virtualization technology - we have 2 dedicated IMAP/POP3 Proxies in front of 8 dovecot containers. - totally about 2900 concurrent imap sessions on each imap proxy and about 180 concurrent pop3 sessions - all dovecot containers are running on the same hardware (no problems until today): DELL PER720 with 2x 200GB RAID 1 SSD's for dovecot indexes, 8x 4TB RAID 10 for maildata, 2x300GB RAID1 for OS 64GB RAM, 2x CPU E5-2640 0 @ 2.50GHz - HA is Active/Passive with DRBD on 10GBIT dedicated NIC's for all 3 partitions. - in summary there are about 47k accounts on it. - 15minutes system load is between 0.5 - 2.5 - mailserver software is always postfix - amavis with spamassassin and clamav - opendkim, opendmarc as milter implementations Front MX and antispam filtering is running on 2 different machines. Mail volume is between 200k and 600k (spam inclusive) per day. We never faced some email re-download, only if the customers changes his mail client. But that's normal. Hope that helps. Best Urban Am 13.09.2015 um 19:35 schrieb Rajesh M: > thanks very much urban. this was very helpful. > > i have around 12500 users spread over 3 independent servers each having around 4000+ users > i am using qmailtoaster, vpopmail, spamassassin and dovecot. > > in future i am planning to consolidate all using a HA cluster. > > if it is ok with you could you kindly share some information about your email server configuration. if you do not wish to put it on the list then you can directly email me. > > 1) is your email volume high ? > 2) server hardware to support 28000 users > 3) mailserver software - exim or postfix ??. > 4) antispam software like spamassassin if any > > also if you have faced any email re-download issues with dovecot sometimes randomly incase of pop3 users storing emails on the server ? > > > thanks > rajesh > > > > ----- Original Message ----- > From: Urban Loesch [mailto:bind at enas.net] > To: dovecot at dovecot.org > Sent: Sun, 13 Sep 2015 09:33:14 +0200 > Subject: Re: concerning dovecot settings for high volume server > > Hi, > > I have running dovecot with about 28k users. > Here comes my relevant config for pop3 and imap from "doveconf -n". > No problems so far. > > -- snip -- > default_client_limit = 2000 > ... > > service imap-login { > inet_listener imap { > port = 143 > } > process_limit = 256 > process_min_avail = 50 > service_count = 1 > } > service imap { > process_limit = 2048 > process_min_avail = 50 > service_count = 1 > vsz_limit = 512 M > } > ... > > service pop3-login { > inet_listener pop3 { > port = 110 > } > process_limit = 256 > process_min_avail = 25 > service_count = 1 > } > service pop3 { > process_limit = 256 > process_min_avail = 25 > service_count = 1 > } > ... > > protocol imap { > imap_client_workarounds = tb-extra-mailbox-sep > imap_id_log = * > imap_logout_format = bytes=%i/%o session=<%{session}> > mail_max_userip_connections = 40 > mail_plugins = " quota mail_log notify zlib imap_quota imap_zlib" > } > > ... > protocol pop3 { > mail_plugins = " quota mail_log notify zlib" > pop3_logout_format = bytes_sent=%o top=%t/%p, retr=%r/%b, del=%d/%m, > \ size=%s uidl_hash=%u session=<%{session}> > } > -- snip -- > > Regards > Urban > > > Am 12.09.2015 um 20:53 schrieb Rajesh M: >> hi >> >> centos 6 64 bit >> >> hex core processor with hyperthreading ie display shows 12 cores >> 16 gb ram >> 600 gb 15000 rpm drive >> >> we are having around 4000 users on a server >> >> >> i wish to allow 1500 pop3 and 1500 imap connections simultaneously. >> >> need help regarding the settings to handle the above >> >> imap-login, pop3-login >> imap pop3 service settings >> >> i recently i got an error >> imap-login: Error: read(imap) failed: Remote closed connection (process_limit reached?) >> >> >> my current dovecot config file >> >> # 2.2.7: /etc/dovecot/dovecot.conf >> # OS: Linux 2.6.32-431.23.3.el6.x86_64 x86_64 CentOS release 6.5 (Final) >> auth_cache_negative_ttl = 0 >> auth_cache_ttl = 0 >> auth_mechanisms = plain login digest-md5 cram-md5 >> default_login_user = vpopmail >> disable_plaintext_auth = no >> first_valid_gid = 89 >> first_valid_uid = 89 >> log_path = /var/log/dovecot.log >> login_greeting = ready. >> mail_max_userip_connections = 50 >> mail_plugins = " quota" >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave >> namespace { >> inbox = yes >> location = >> prefix = >> separator = . >> type = private >> } >> passdb { >> args = cache_key=%u webmail=127.0.0.1 >> driver = vpopmail >> } >> plugin { >> quota = maildir:ignore=Trash >> quota_rule = ?:storage=0 >> } >> protocols = imap pop3 >> service imap-login { >> client_limit = 256 >> process_limit = 400 >> process_min_avail = 4 >> service_count = 0 >> vsz_limit = 512 M >> } >> service pop3-login { >> client_limit = 1000 >> process_limit = 400 >> process_min_avail = 12 >> service_count = 0 >> vsz_limit = 512 M >> } >> ssl_cert = > ssl_dh_parameters_length = 2048 >> ssl_key = > userdb { >> args = cache_key=%u quota_template=quota_rule=*:backend=%q >> driver = vpopmail >> } >> protocol imap { >> imap_client_workarounds = delay-newmail >> mail_plugins = " quota imap_quota" >> } >> protocol pop3 { >> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> pop3_fast_size_lookups = yes >> pop3_lock_session = no >> pop3_no_flag_updates = yes >> } >> >> >> thanks very much, >> >> rajesh >> > From julien.fastre at champs-libres.coop Mon Sep 14 08:00:10 2015 From: julien.fastre at champs-libres.coop (=?UTF-8?Q?Julien_Fastr=c3=a9?=) Date: Mon, 14 Sep 2015 10:00:10 +0200 Subject: Dovecot does not accept new connection with error "imap-login: Error: read(anvil) failed: EOF" Message-ID: <55F67E8A.8070002@champs-libres.coop> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, First of all, thank you for the work the contributors are doing with Dovecot ! Dovecot is doing a great job ! I am encountering a problem with a configuration and, despite my search on the web, I do not find any solution for this problem. Dovecot seems to stop accepting new connection. The users : - - can not save sent messages to "Sent" folder (using Thunderbird) ; - - can not connect or retrieve message from webmail (using sogo or roundcube) In the log, I see this error : > Jun 30 13:54:53 mail dovecot: imap-login: Error: read(anvil) > failed: EOF Jun 30 13:54:53 mail dovecot: message repeated 2 times: > [ imap-login: Error: read(anvil) failed: EOF] (the message may be repeated more than 2 times) It happens... sometimes. Manually restarting the dovecot service make the software working again. By searching on the web, I regularly see this statement in logs : > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF like here : http://www.dovecot.org/list/dovecot/2010-November/054694.htm l But it doesn't seem to be the same problem as mine (anvil / anvil-auth-penalty). The problem happens during peak load. Sometimes it happens twice a week, sometimes it may spent two month without any problem (during holidays, I did not had any problem). My configuration : > # doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux > 3.13.0-49-generic x86_64 Ubuntu 14.04.3 LTS login_trusted_networks > = 10.0.3.0/24 mail_location = mbox:~/mail:INBOX=/var/mail/%u > mail_plugins = quota acl managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date ihave namespace { list = children location > = maildir:/var/mail-data/vhosts/%%u:INDEX=~/shared/%%u prefix = > shared/%%u/ separator = / subscriptions = no type = shared } > namespace inbox { inbox = yes location = mailbox Drafts { > special_use = \Drafts } mailbox Junk { special_use = \Junk } > mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { > special_use = \Sent } mailbox Trash { special_use = \Trash } prefix > = separator = / type = private } passdb { driver = pam } passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { > acl = vfile acl_shared_dict = > file:/var/mail-data/acl_db/shared-mailboxes quota = maildir:User > quota quota_grace = 10%% quota_rule = *:storage=2G quota_rule2 = > Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } > postmaster_address = julienfastre at cvfe.be protocols = " imap lmtp > sieve" service auth { unix_listener > /var/spool/postfix/private/dovecot-auth { group = postfix mode = > 0660 user = postfix } } service lmtp { unix_listener > /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = > 0600 user = postfix } } ssl_ca = ssl_cert = passwd } userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver > = ldap } protocol lmtp { mail_plugins = quota acl sieve } protocol > imap { mail_max_userip_connections = 30 mail_plugins = quota acl > imap_quota imap_acl } As somes answer about anvil-auth-penalty may suggest it is linked with proc capabilities, this is the limitation of the /proc > root at mail:/home/ubuntu# ps -aux | grep anvil postfix 4568 0.0 > 0.0 27404 1596 ? S 08:00 0:00 anvil -l -t unix -u -c > dovecot 5788 0.0 0.0 9280 956 ? S 09:45 0:00 > dovecot/anvil root 5973 0.0 0.0 11748 928 pts/2 S+ > 09:57 0:00 grep --color=auto anvil root at mail:/home/ubuntu# cat > /proc/5788/limits Limit Soft Limit > Hard Limit Units Max cpu time unlimited > unlimited seconds Max file size unlimited > unlimited bytes Max data size 268435456 > 268435456 bytes Max stack size 8388608 > unlimited bytes Max core file size 0 > unlimited bytes Max resident set unlimited > unlimited bytes Max processes 257157 > 257157 processes Max open files 1024 > 4096 files Max locked memory 65536 > 65536 bytes Max address space 268435456 > 268435456 bytes Max file locks unlimited > unlimited locks Max pending signals 257157 > 257157 signals Max msgqueue size 819200 > 819200 bytes Max nice priority 0 > 0 Max realtime priority 0 0 > Max realtime timeout unlimited unlimited > us If it may help, dovecot is running inside an lxc container. I would really appreciate any help. Thanks for your time ! Julien Fastr? - -- Julien Fastr? Champs Libres http://www.champs-libres.coop +32 486 540 660 Champs Libres Cooperative SCRLFS Rue Jean Bury 23 - 4000 Li?ge - Belgique BE0541.427.670 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJV9n6KAAoJEL+8y7VSV380BtoQALEFOmb2llnlgRrpbHIUuFRY g+dDRYETAmjVTsPoNVR45x5n/CcT6sOY5iZw7r3O2vBtVtyr8T2iF/6d+xKxvRj+ zM76+Cdd27ydkPEI83fDGH0ckXhjRgd1MU8xEi4RjdbgE3LCMlD0TtGImPniPFM9 POY8U3psEGUaiIrd3s6DwHVamYG+8ackvHgKua0L83r4turf6AI/0kdioCStxurE IKkdPTew8W92O3QiVJ0//6A5BC6HT+hTICgUqAx4mAgCVR1PIvRAMywUy08JFJtD A/RmZj2350ApY8oKukhbKfLSamTcP+UApYt6C0PfPjPpSQUVgEkI/zWA2NH+6Pjg XA311MK9+lYcjNqM6AAAjM2H012sh6AC/u17S1t8x85HY0KUk1YldfyLUeHgRg9Y 4JBFxKP7u4exIu1Us5R1qDPOkbE3e4zzUtI57Ae/QhzTiwpWdJkQ/4hdJhwbDcGp X5RTBNldd4mFqdhPeRXN5Vh2OL9HkboA3XIMac2ZrNJC3DEl2GZJRa+Zay/OJCaj 6eppyTxYr0J2shOkvYEz/BbUYLdAX1MkkOM8bWc5rcIsvvUZhe9lX7HMNCZoNTJq Y01l9o/qzu3feIssZ0tJ4FL6hYA6TirO9i/H7NG0cVBsgCccxFtFIDsZBTIW6Gqw Nsf4SLNo7GhADcbAeeOm =2mKN -----END PGP SIGNATURE----- From julien.fastre at champs-libres.coop Mon Sep 14 08:02:20 2015 From: julien.fastre at champs-libres.coop (=?UTF-8?Q?Julien_Fastr=c3=a9?=) Date: Mon, 14 Sep 2015 10:02:20 +0200 Subject: Dovecot does not accept new connection with error "imap-login: Error: read(anvil) failed: EOF" In-Reply-To: <55F67E8A.8070002@champs-libres.coop> References: <55F67E8A.8070002@champs-libres.coop> Message-ID: <55F67F0C.4070400@champs-libres.coop> Without any gpg signature, the doveconf -n may be more readable : > # doveconf -n > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-49-generic x86_64 Ubuntu 14.04.3 LTS > login_trusted_networks = 10.0.3.0/24 > mail_location = mbox:~/mail:INBOX=/var/mail/%u > mail_plugins = quota acl > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace { > list = children > location = maildir:/var/mail-data/vhosts/%%u:INDEX=~/shared/%%u > prefix = shared/%%u/ > separator = / > subscriptions = no > type = shared > } > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > separator = / > type = private > } > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > acl = vfile > acl_shared_dict = file:/var/mail-data/acl_db/shared-mailboxes > quota = maildir:User quota > quota_grace = 10%% > quota_rule = *:storage=2G > quota_rule2 = Trash:storage=+100M > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > postmaster_address = julienfastre at cvfe.be > protocols = " imap lmtp sieve" > service auth { > unix_listener /var/spool/postfix/private/dovecot-auth { > group = postfix > mode = 0660 > user = postfix > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > ssl_ca = ssl_cert = ssl_key = userdb { > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > protocol lmtp { > mail_plugins = quota acl sieve > } > protocol imap { > mail_max_userip_connections = 30 > mail_plugins = quota acl imap_quota imap_acl > } Le 14/09/15 10:00, Julien Fastr? a ?crit : > Hi, > > First of all, thank you for the work the contributors are doing with > Dovecot ! Dovecot is doing a great job ! > > I am encountering a problem with a configuration and, despite my > search on the web, I do not find any solution for this problem. > > Dovecot seems to stop accepting new connection. The users : > > - can not save sent messages to "Sent" folder (using Thunderbird) ; > - can not connect or retrieve message from webmail (using sogo or > roundcube) > > In the log, I see this error : > > >> Jun 30 13:54:53 mail dovecot: imap-login: Error: read(anvil) >> failed: EOF Jun 30 13:54:53 mail dovecot: message repeated 2 times: >> [ imap-login: Error: read(anvil) failed: EOF] > > (the message may be repeated more than 2 times) > > It happens... sometimes. Manually restarting the dovecot service make > the software working again. > > By searching on the web, I regularly see this statement in logs : > > >> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > > like here : http://www.dovecot.org/list/dovecot/2010-November/054694.htm > l > > But it doesn't seem to be the same problem as mine (anvil / > anvil-auth-penalty). > > The problem happens during peak load. Sometimes it happens twice a > week, sometimes it may spent two month without any problem (during > holidays, I did not had any problem). > > > My configuration : > >> # doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux >> 3.13.0-49-generic x86_64 Ubuntu 14.04.3 LTS login_trusted_networks >> = 10.0.3.0/24 mail_location = mbox:~/mail:INBOX=/var/mail/%u >> mail_plugins = quota acl managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope >> encoded-character vacation subaddress comparator-i;ascii-numeric >> relational regex imap4flags copy include variables body enotify >> environment mailbox date ihave namespace { list = children location >> = maildir:/var/mail-data/vhosts/%%u:INDEX=~/shared/%%u prefix = >> shared/%%u/ separator = / subscriptions = no type = shared } >> namespace inbox { inbox = yes location = mailbox Drafts { >> special_use = \Drafts } mailbox Junk { special_use = \Junk } >> mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { >> special_use = \Sent } mailbox Trash { special_use = \Trash } prefix >> = separator = / type = private } passdb { driver = pam } passdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { >> acl = vfile acl_shared_dict = >> file:/var/mail-data/acl_db/shared-mailboxes quota = maildir:User >> quota quota_grace = 10%% quota_rule = *:storage=2G quota_rule2 = >> Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } >> postmaster_address = julienfastre at cvfe.be protocols = " imap lmtp >> sieve" service auth { unix_listener >> /var/spool/postfix/private/dovecot-auth { group = postfix mode = >> 0660 user = postfix } } service lmtp { unix_listener >> /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = >> 0600 user = postfix } } ssl_ca = > ssl_cert = > > passwd } userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver >> = ldap } protocol lmtp { mail_plugins = quota acl sieve } protocol >> imap { mail_max_userip_connections = 30 mail_plugins = quota acl >> imap_quota imap_acl } > > As somes answer about anvil-auth-penalty may suggest it is linked with > proc capabilities, this is the limitation of the /proc > >> root at mail:/home/ubuntu# ps -aux | grep anvil postfix 4568 0.0 >> 0.0 27404 1596 ? S 08:00 0:00 anvil -l -t unix -u -c >> dovecot 5788 0.0 0.0 9280 956 ? S 09:45 0:00 >> dovecot/anvil root 5973 0.0 0.0 11748 928 pts/2 S+ >> 09:57 0:00 grep --color=auto anvil root at mail:/home/ubuntu# cat >> /proc/5788/limits Limit Soft Limit >> Hard Limit Units Max cpu time unlimited >> unlimited seconds Max file size unlimited >> unlimited bytes Max data size 268435456 >> 268435456 bytes Max stack size 8388608 >> unlimited bytes Max core file size 0 >> unlimited bytes Max resident set unlimited >> unlimited bytes Max processes 257157 >> 257157 processes Max open files 1024 >> 4096 files Max locked memory 65536 >> 65536 bytes Max address space 268435456 >> 268435456 bytes Max file locks unlimited >> unlimited locks Max pending signals 257157 >> 257157 signals Max msgqueue size 819200 >> 819200 bytes Max nice priority 0 >> 0 Max realtime priority 0 0 >> Max realtime timeout unlimited unlimited >> us > > If it may help, dovecot is running inside an lxc container. > > I would really appreciate any help. Thanks for your time ! > > Julien Fastr? > > -- Julien Fastr? Champs Libres http://www.champs-libres.coop +32 486 540 660 Champs Libres Cooperative SCRLFS Rue Jean Bury 23 - 4000 Li?ge - Belgique BE0541.427.670 From tss at iki.fi Tue Sep 15 03:31:25 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 15 Sep 2015 12:31:25 +0900 Subject: object storage In-Reply-To: References: Message-ID: <33D6AB95-7DD0-4385-B001-4A659F4A6F67@iki.fi> On 12 Sep 2015, at 04:45, Bradley Giesbrecht wrote: > > Is the Dovecot Object Storage plugin still available for purchase? > > Clicking the store link [2] from this page [1] does not show any info about purchasing the plugin. > > [1] http://www.dovecot.fi/dovecot-object-storage-plugins-available-for-online-purchase/ > [2] http://shop.dovecot.fi/ It's available, but at least for now we're only selling it to big customers. From rick at havokmon.com Tue Sep 15 12:52:58 2015 From: rick at havokmon.com (Rick Romero) Date: Tue, 15 Sep 2015 07:52:58 -0500 Subject: FreeBSD 10 & default_vsz_limit causing reboots? Message-ID: <20150915075258.Horde.L7aLBFqZ4XBYjluThkKt9w1@www.vfemail.net> Ok, So this is really more of an observation than anything else.? I had a FreeBSD 10.1 server that was running great. Some SSL issue came up, or I upgrade Dovecot in ports - something occurred and the machine started rebooting randomly.? It would run for 2 weeks, then reboot.? It might run for 5 days and then reboot. So I started doing more FreeBSD upgrades, thinking it was a kernel issue. The reboots only increased.? This weekend I started thinking I might actually be having hardware issues.? But, since I don't have easy physical access to the box and it's REALLY under loaded, I figured what the hell and upraded to 10.2 on Sunday.? I think it rebooted 4 times after that on Sunday, and then another 2 times Monday morning.? Its worth noting that while I have crash dumps enabled, they don't seem to be occurring.? So hardware is still a possibility. After the 2nd Monday morning reboot, I started to wonder if there was some sort of process issue.? Besides the OS upgrades - I had been monitoring the Dovecot logs for when the process limits are reached, and increasing them.? It's a 'big' box, and load is typically between .30 and .50. CPUs aren't overtaxed, and most of the memory is dedicated to ZFS.? The reboots are so short, I've only received one 'down' alert due to them. So it's a conerning issue, but not really impacting production. On a whim I changed my default_vsz_limit (as I had been increasing every other limit but that) from 384M to 512M.? The system hasn't rebooted in 24hours. Now that could be a coincidence, but I thought I'd at least put it out there. If you see anything weird in my dovecot config, let me know - My config was originally vpopmail, but over time I've migrated to SQL-only. root at romulus:/usr/local/etc/dovecot # dovecot -n # 2.2.18: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.2-RELEASE amd64 auth_master_user_separator = * auth_mechanisms = plain login auth_username_translation = %@ auth_verbose = yes default_login_user = dovecot default_vsz_limit = 512 M disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 last_valid_gid = 89 last_valid_uid = 89 log_path = /dev/stderr login_greeting = Ready. login_trusted_networks = 172.16.100.0/24 mail_fsync = never mail_plugins = " quota zlib stats" mail_privileged_group = mail namespace compat { ? alias_for = ? hidden = yes ? inbox = no ? list = no ? location = ? prefix = INBOX. ? separator = . } namespace inbox { ? inbox = yes ? location = ? prefix = ? separator = . } passdb { ? args = /usr/local/etc/dovecot/dovecot-master-sql.conf ? driver = sql ? master = yes ? pass = yes } passdb { ? args = /usr/local/etc/dovecot/dovecot-sql.conf ? driver = sql } plugin { ? quota = maildir ? quota_rule = Trash:storage=+10%% ? stats_refresh = 30 secs ? stats_track_cmds = yes } protocols = imap pop3 service anvil { ? client_limit = 3175 } service auth { ? client_limit = 3684 ? unix_listener auth-master { ??? mode = 0600 ? } } service imap-login { ? process_limit = 1536 ? process_min_avail = 25 ? service_count = 1 } service imap-postlogin { ? executable = script-login rawlog /usr/local/etc/dovecot/lastauth-imap.sh ? user = vpopmail } service imap { ? executable = /usr/local/libexec/dovecot/imap imap-postlogin ? process_limit = 1536 } service pop-postlogin { ? executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh ? user = vpopmail } service pop3-login { ? process_limit = 1536 ? process_min_avail = 15 ? service_count = 1 } service pop3 { ? executable = /usr/local/libexec/dovecot/pop3 pop-postlogin } service stats { ? fifo_listener stats-mail { ??? mode = 0600 ??? user = vpopmail ? } } shutdown_clients = no ssl_cert = As shown below, adding a message to TRASH doesn't increase virtual/test's MESSAGES count. However SELECTing virtual/test triggers the increase; so does running `doveadm mailbox status vsize virtual/test` in another shell. $ mkdir -m0700 ~/mail/virtual/test $ echo -e "TRASH\n\tall" > ~/mail/virtual/test/dovecot-virtual $ /usr/lib/dovecot/imap S: * PREAUTH [CAPABILITY IMAP4rev1 ? ] Logged in as guilhem C: a STATUS TRASH (MESSAGES UIDNEXT UNSEEN) C: b STATUS virtual/test (MESSAGES UIDNEXT UNSEEN) S: * STATUS TRASH (MESSAGES 5599 UIDNEXT 5619 UNSEEN 0) S: a OK Status completed (0.001 secs). S: * STATUS virtual/test (MESSAGES 5599 UIDNEXT 5600 UNSEEN 0) S: b OK Status completed (0.032 secs). C: c APPEND TRASH {1+} S: x S: c OK [APPENDUID 1442277584 5619] Append completed (0.029 secs). C: d STATUS TRASH (MESSAGES UIDNEXT UNSEEN) C: e STATUS virtual/test (MESSAGES UIDNEXT UNSEEN) S: * STATUS TRASH (MESSAGES 5600 UIDNEXT 5620 UNSEEN 1) S: d OK Status completed (0.000 secs). S: * STATUS virtual/test (MESSAGES 5599 UIDNEXT 5600 UNSEEN 0) S: e OK Status completed (0.000 secs). # it doesn't help to LOGOUT and issue the STATUS command again. However, # it does to execute `doveadm mailbox status vsize virtual/test` in another # shell, or to SELECT virtual/test in the IMAP session. C: f STATUS TRASH (MESSAGES UIDNEXT UNSEEN) C: g STATUS virtual/test (MESSAGES UIDNEXT UNSEEN) S: * STATUS TRASH (MESSAGES 5600 UIDNEXT 5620 UNSEEN 1) S: f OK Status completed (0.000 secs). S: * STATUS virtual/test (MESSAGES 5600 UIDNEXT 5601 UNSEEN 1) S: g OK Status completed (0.000 secs). Cheers, -- Guilhem. -------------- next part -------------- # 2.2.18: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.8 (0c4ae064f307+) # OS: Linux 4.1.0-2-686-pae i686 Debian stretch/sid listen = 127.0.0.1, ::1 mail_location = maildir:~/mail mail_plugins = virtual mailbox_list_index = yes namespace inbox { inbox = yes location = mailbox DRAFTS { auto = create special_use = \Drafts } mailbox SENT { auto = subscribe special_use = \Sent } mailbox SPAM { auto = create special_use = \Junk } mailbox TRASH { auto = create special_use = \Trash } mailbox virtual/all { special_use = \All } mailbox virtual/flagged { special_use = \Flagged } prefix = separator = / } namespace virtual { hidden = no list = no location = virtual:~/mail/virtual prefix = virtual/ separator = / } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = " imap" service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 0 } } ssl = no userdb { driver = passwd } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From nmilas at noa.gr Wed Sep 16 11:52:51 2015 From: nmilas at noa.gr (Nikolaos Milas) Date: Wed, 16 Sep 2015 14:52:51 +0300 Subject: Messages lost from imap folders Message-ID: <55F95813.5030505@noa.gr> Hello, We have one user who is complaining that he has lost mails from 3 imap folders, administered through squirrelmail. The folders suddenly appeared unregistered, and once manually registered they were empty. Has anyone observed something like this? We are running two servers (as VMs) with Dovecot v2.2.18, synced (two-way) using dsync. The configurations follow. Can you please help me understand what may have gone wrong? Can I try to find actions regarding these folders in the logs? What should I search for? Could this be an issue involving dsync? How can I trace back dsync activity in detail? Server configs follow (I have only altered the real domain name and the login greeting.) Thanks in advance, Nick ----------------------------------------------------------------------------- SERVER 1 ----------------------------------------------------------------------------- protocols = imap pop3 login_greeting = Hello World! mail_location = maildir:~/Maildir/ mail_gid = 500 mail_uid = 500 auth_mechanisms = plain login auth_username_format = %Lu auth_verbose = yes auth_debug = no mail_debug = no disable_plaintext_auth = no mail_plugins = quota notify replication protocol imap { imap_client_workarounds = "delay-newmail" mail_plugins = quota imap_quota notify replication } protocol pop3 { mail_max_userip_connections = 3 mail_plugins = quota notify replication pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } protocol lda { auth_socket_path = /var/run/dovecot/auth-master info_log_path = log_path = mail_plugins = quota notify replication postmaster_address = sysadmin at example.com sendmail_path = /usr/lib/sendmail } userdb { args = /etc/dovecot/dovecot-usrdb-ldap.conf driver = ldap } passdb { args = /etc/dovecot/dovecot-passdb-ldap.conf driver = ldap } dsync_remote_cmd = ssh -l root vmail1.example.com doveadm dsync-server -u%u replication_dsync_parameters = -d -N -l 30 -U plugin { mail_replica = remote:vmail at vmail1.example.com } plugin { quota = maildir:User quota quota_rule = *:storage=5G quota_rule2 = Trash:storage=+3%% quota_warning = storage=75%% quota-warning 75 %u quota_warning2 = storage=90%% quota-warning 90 %u } service quota-warning { executable = script /opt/mail1.sh user = vmail unix_listener quota-warning { user = vmail } } service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service replicator { unix_listener replicator-doveadm { mode = 0600 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = root } service imap-login { service_count = 1 vsz_limit = 64 M } service pop3-login { service_count = 1 vsz_limit = 64 M } service replicator { process_min_avail = 1 } service imap { executable = imap postlogin } service pop3 { executable = pop3 postlogin } service postlogin { executable = script-login -d rawlog unix_listener postlogin { } } ssl_ca = References: <201509120631.t8C6VE2T005436@mail.hprs.local> Message-ID: <55F9709C.2090108@elyograg.org> On 9/12/2015 12:31 AM, Mark Foley wrote: > Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers > indicated to me you might be talking about Windows Small Business Server 2003 or > 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC > on Linux. The OP probably is referring to AD functional levels: https://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx Thanks, Shawn From mfoley at ohprs.org Wed Sep 16 17:10:46 2015 From: mfoley at ohprs.org (Mark Foley) Date: Wed, 16 Sep 2015 13:10:46 -0400 Subject: How to "Windows Authenticate" In-Reply-To: <201509130510.t8D5Avj3012284@mail.hprs.local> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> <201509082311.t88NB963021145@mail.hprs.local> <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> <201509100247.t8A2lE98017371@mail.hprs.local> <20150910082715.Horde.jucYEJDsiBuzj6iP1IBedA1@www.vfemail.net> <201509110405.t8B45rLm016121@mail.hprs.local> <201509130510.t8D5Avj3012284@mail.hprs.local> Message-ID: <201509161710.t8GHAkIc016830@mail.hprs.local> Does the Dovecot NTLM mechanism work with MS Outlook? [ ] YES [ ] NO Please check one ... anybody. --Mark -----Original Message----- From: Mark Foley Date: Sun, 13 Sep 2015 01:10:57 -0400 To: dovecot at dovecot.org Subject: Re: How to "Windows Authenticate" I am running Dovecot 2.2.15 on Linux Slackware 14.1 and Samba 4.1.17 as the Active Directory/Domain Controller on the same host as Dovecot. Sendmail/procmail delivers mail to users' $HOME/Maildir. MS Outlook/IMAP is the client MTU used to connect with Dovecot to read mail on the Users' WIN7 workstations. I believe I have confirmed that MS Outlook will either ... 1) send the userid and password configured in the Outlook settings to Dovecot for authorizing. This mechanism has been working fine for months. or ... 2) Use NTML authorization if "Require login using Secure Password Authentication (SPA)" is checked: https://en.wikipedia.org/wiki/Secure_Password_Authentication Those, I believe, are the only two choices with Outlook (other than Exchange). Therefore, in order not to configure a Domain-distinct password in Outlook, I need to use the NTLM auth_mechanism for AD "Windows Authentication" with Dovecot. I've tried the settings below (just trying one user at the moment): $ doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain ntlm auth_use_winbind = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir protocols = imap ssl_cert = , rip=192.168.0.58, lip=98.102.63.107, session=<2PnkuZkfqADAqAA6> Can someone tell me what this means and how to fix it? Note that I have read http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm over and over, so simply referring me to that link will not help. Thanks, Mark From remko at FreeBSD.org Wed Sep 16 17:38:08 2015 From: remko at FreeBSD.org (Remko Lodder) Date: Wed, 16 Sep 2015 19:38:08 +0200 Subject: How to "Windows Authenticate" In-Reply-To: <201509161710.t8GHAkIc016830@mail.hprs.local> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> <201509082311.t88NB963021145@mail.hprs.local> <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> <201509100247.t8A2lE98017371@mail.hprs.local> <20150910082715.Horde.jucYEJDsiBuzj6iP1IBedA1@www.vfemail.net> <201509110405.t8B45rLm016121@mail.hprs.local> <201509130510.t8D5Avj3012284@mail.hprs.local> <201509161710.t8GHAkIc016830@mail.hprs.local> Message-ID: > On 16 Sep 2015, at 19:10, Mark Foley wrote: > > Does the Dovecot NTLM mechanism work with MS Outlook? > > [ ] YES > [ ] NO > > Please check one ... anybody. > > ?Mark The URL on the wiki, which had probably been shared before with you; http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm suggests it does. The URL quotes: Step 5. Passwordless authentication If you have logged on from Windows to the AD domain, try leaving the password field, on the account, on the MUA, blank. The username / password, from the initial logon to the Windows machine, are seamlessly picked up and supplied to the challenge-response process between the MUA, Dovecot and AD. Employing this way of authentication we achieve single sign-on and we don't need to maintain MUA local passwords. Did you follow the suggestions that are on that page? (all of them). Thank you, Remko -- /"\ Best regards, | remko at FreeBSD.org \ / Remko Lodder | remko at EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From remko at FreeBSD.org Wed Sep 16 17:39:28 2015 From: remko at FreeBSD.org (Remko Lodder) Date: Wed, 16 Sep 2015 19:39:28 +0200 Subject: How to "Windows Authenticate" In-Reply-To: <201509161710.t8GHAkIc016830@mail.hprs.local> References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> <201509082311.t88NB963021145@mail.hprs.local> <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> <201509100247.t8A2lE98017371@mail.hprs.local> <20150910082715.Horde.jucYEJDsiBuzj6iP1IBedA1@www.vfemail.net> <201509110405.t8B45rLm016121@mail.hprs.local> <201509130510.t8D5Avj3012284@mail.hprs.local> <201509161710.t8GHAkIc016830@mail.hprs.local> Message-ID: <3EC0673D-4FF5-4D59-B1F6-8A31FECE58DE@FreeBSD.org> > On 16 Sep 2015, at 19:10, Mark Foley wrote: > > Does the Dovecot NTLM mechanism work with MS Outlook? > > [ ] YES > [ ] NO > > Please check one ... anybody. > > --Mark > > [checking not suited for work]: : host mail.ohprs.org[98.102.63.107] said: 550 5.7.1 Access denied (in reply to MAIL FROM command) You are welcome :-p -- /"\ Best regards, | remko at FreeBSD.org \ / Remko Lodder | remko at EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From ferdinand.gruber at telering.at Wed Sep 16 21:34:47 2015 From: ferdinand.gruber at telering.at (Ferdinand Gruber) Date: Wed, 16 Sep 2015 23:34:47 +0200 Subject: New created users can not log in Message-ID: <55F9E077.4010208@telering.at> Hi, I am using dovecot 2.2 for some time. All users on the system can log in using Horde Webmail. But now, after creating a new user on the server with this new user is not able to log in. Of course I have set a password for the new user. In the log file I can see: Sep 16 23:04:05 servername auth: gkr-pam: error looking up user information Sep 16 23:04:07 servername HORDE: [imp] [login] Authentication failed. [pid 1584 on line 730 of "/srv/www/htdocs/horde/imp/lib/Imap.php"] Sep 16 23:04:07 servername HORDE: [imp] FAILED LOGIN for calendar (93.82.157.132) to {imap://localhost/} [pid 1584 on line 157 of "/srv/www/htdocs/horde/imp/lib/Auth.php"] Sep 16 23:04:07 servername HORDE: [horde] FAILED LOGIN for calendar to horde (93.82.157.132) [pid 1584 on line 199 of "/srv/www/htdocs/horde/login.php"] Please give me a hint. -- Ferdinand From mfoley at ohprs.org Wed Sep 16 21:44:24 2015 From: mfoley at ohprs.org (Mark Foley) Date: Wed, 16 Sep 2015 17:44:24 -0400 Subject: How to "Windows Authenticate" In-Reply-To: References: <201509021731.t82HVZ4r021574@mail.hprs.local> <201509031025.t83AP1W5020976@mail.hprs.local> <20150903065319.Horde.2BrAxFp30mN2LnIZrXEq7w8@www.vfemail.net> <201509052112.t85LCowS007652@mail.hprs.local> <201509070031.t870VLCY019948@mail.hprs.local> <20150906200011.Horde.aZNzwfpiV_G6ZeeX8wLk9A4@www.vfemail.net> <201509080128.t881SNUF010141@mail.hprs.local> <201509082311.t88NB963021145@mail.hprs.local> <20150908212113.Horde.XsYniNr9u8OfSSykmsFoFA1@www.vfemail.net> <201509100247.t8A2lE98017371@mail.hprs.local> <20150910082715.Horde.jucYEJDsiBuzj6iP1IBedA1@www.vfemail.net> <201509110405.t8B45rLm016121@mail.hprs.local> <201509130510.t8D5Avj3012284@mail.hprs.local> <201509161710.t8GHAkIc016830@mail.hprs.local> Message-ID: <201509162144.t8GLiOmW010982@mail.hprs.local> Love your "ASCII Ribbon Campaign" signature! I still use mailx myself. I'll have to check out that "access denied" message for the email to mfoley at ohprs.org. I haven't seen that before. FreeBSD.org is not blocked in my access.db. Hmmm ... Anyway, yes, I've been through those instructions over and over and they certainly do "suggest" it should work, but I haven't yet found anyone that has actually got it working. I assume you have not either, right? The platform these instructions are targeted to are not quite my setup as the Dovecot host is also the AD/DC using Samba4, so the DC/join instructions don't apply, nor does the Kerberos: "Please note that you do not need to install or configure any other Kerberos KDC for Samba to work. Samba includes a AD-compatible KDC, currently based on an included copy of the Heimdal project." https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_Kerberos Also, the instruction in the link you reference must be a bit out of date because the suggested userdb: userdb static { args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln allow_all_users=yes } gives an error with my dovecot 2.2.15. The word "static" has to go inside the curly-braces as "driver static" and the "allow_all_users" has to be added to the 'args' string. Otherwise, Dovecot won't run the config as shown in the link. Otherwise and with the above changes to the userdb, I believe I've followed all applicable instructions in that link. The error I get with my config in the Dovecot log is: Sep 13 00:53:12 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 13 00:53:12 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.168.0.58, lip=98.102.63.107, session=<2PnkuZkfqADAqAA6> Any idea what would generate this message? --Mark -----Original Message----- > Subject: Re: How to "Windows Authenticate" > From: Remko Lodder > Date: Wed, 16 Sep 2015 19:38:08 +0200 > To: Mark Foley > Cc: dovecot at dovecot.org > > > On 16 Sep 2015, at 19:10, Mark Foley wrote: > > > > Does the Dovecot NTLM mechanism work with MS Outlook? > > > > [ ] YES > > [ ] NO > > > > Please check one ... anybody. > > > > ???Mark > > > > The URL on the wiki, which had probably been shared before with you; > > http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > > suggests it does. > > The URL quotes: > > Step 5. Passwordless authentication > > If you have logged on from Windows to the AD domain, try leaving the password field, on the account, on the MUA, blank. The username / password, from the initial logon to the Windows machine, are seamlessly picked up and supplied to the challenge-response process between the MUA, Dovecot and AD. Employing this way of authentication we achieve single sign-on and we don't need to maintain MUA local passwords. > > Did you follow the suggestions that are on that page? (all of them). > > Thank you, > Remko > > -- > /"\ Best regards, | remko at FreeBSD.org > \ / Remko Lodder | remko at EFnet > X http://www.evilcoder.org/ | > / \ ASCII Ribbon Campaign | Against HTML Mail and News > From terry at dop.com Thu Sep 17 00:32:27 2015 From: terry at dop.com (Terry Barnum) Date: Wed, 16 Sep 2015 17:32:27 -0700 Subject: restrict map-login by geoip? Message-ID: Is there a way to restrict my user logins from a set of IPs? For example, all my users are in the US so there shouldn't be any logins from other countries. Can I tell dovecot to restrict logins to a CIDR list of US IPs? Can someone point me to docs on how to set this up? I've searched but haven't found how to accomplish this. Thanks, -Terry Terry Barnum digital OutPost http://www.dop.com From edgar at pettijohn-web.com Thu Sep 17 00:43:06 2015 From: edgar at pettijohn-web.com (Edgar Pettijohn) Date: Wed, 16 Sep 2015 19:43:06 -0500 Subject: restrict map-login by geoip? In-Reply-To: References: Message-ID: <55FA0C9A.90609@pettijohn-web.com> I don't know if dovecot does, but your firewall should be able to. On 09/16/2015 07:32 PM, Terry Barnum wrote: > Is there a way to restrict my user logins from a set of IPs? For example, all my users are in the US so there shouldn't be any logins from other countries. Can I tell dovecot to restrict logins to a CIDR list of US IPs? Can someone point me to docs on how to set this up? I've searched but haven't found how to accomplish this. > > Thanks, > -Terry > > Terry Barnum > digital OutPost > http://www.dop.com From me at junc.eu Thu Sep 17 01:31:06 2015 From: me at junc.eu (Benny Pedersen) Date: Thu, 17 Sep 2015 03:31:06 +0200 Subject: restrict map-login by =?UTF-8?Q?geoip=3F?= In-Reply-To: References: Message-ID: <93935069385998dde03ba4dbec9d7da9@junc.eu> Terry Barnum skrev den 2015-09-17 02:32: > I've searched but haven't found how to accomplish this. http://wiki2.dovecot.org/Authentication/RestrictAccess http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets took me 3 sec :=) From terry at dop.com Thu Sep 17 01:56:53 2015 From: terry at dop.com (Terry Barnum) Date: Wed, 16 Sep 2015 18:56:53 -0700 Subject: restrict map-login by geoip? In-Reply-To: <93935069385998dde03ba4dbec9d7da9@junc.eu> References: <93935069385998dde03ba4dbec9d7da9@junc.eu> Message-ID: <04BC0E92-5D7C-4866-B6E7-621121D032F0@dop.com> Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this? Thanks, -Terry iPhone says Hello World! > On Sep 16, 2015, at 6:31 PM, Benny Pedersen wrote: > > Terry Barnum skrev den 2015-09-17 02:32: > >> I've searched but haven't found how to accomplish this. > > http://wiki2.dovecot.org/Authentication/RestrictAccess > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets > > took me 3 sec :=) > From me at junc.eu Thu Sep 17 02:07:33 2015 From: me at junc.eu (Benny Pedersen) Date: Thu, 17 Sep 2015 04:07:33 +0200 Subject: restrict map-login by =?UTF-8?Q?geoip=3F?= In-Reply-To: <04BC0E92-5D7C-4866-B6E7-621121D032F0@dop.com> References: <93935069385998dde03ba4dbec9d7da9@junc.eu> <04BC0E92-5D7C-4866-B6E7-621121D032F0@dop.com> Message-ID: <7349fa570f0f998fad8ece0d8c2ae90b@junc.eu> Terry Barnum skrev den 2015-09-17 03:56: > Thanks Benny. I should've said I saw AllowNets but in researching it > looked like it expected a smaller comma separated list, not hundreds > of IP blocks. Is that what you are using to accomplish this? i did not write the wiki or dovecot c code, you asked how dovecot if it could doit, i searched the link for you, but i admit i du not understand the wiki self here :( but basicly 127.0.0.0/8 is one cidr range with many ips 127.0.0.2/32 is a single ip cidr range for ipv6 its possible aswell, but i dont know how to From troeder at univention.de Thu Sep 17 06:56:43 2015 From: troeder at univention.de (=?UTF-8?B?RGFuaWVsIFRyw7ZkZXI=?=) Date: Thu, 17 Sep 2015 08:56:43 +0200 Subject: New created users can not log in In-Reply-To: <55F9E077.4010208@telering.at> References: <55F9E077.4010208@telering.at> Message-ID: <55FA642B.6090007@univention.de> On 09/16/2015 23:34, Ferdinand Gruber wrote: > Hi, > > I am using dovecot 2.2 for some time. All users on the system can log in > using Horde Webmail. > > But now, after creating a new user on the server with username> this new user is not able to log in. Of course I have set a > password for the new user. > > In the log file I can see: > Sep 16 23:04:05 servername auth: gkr-pam: error looking up user information > Sep 16 23:04:07 servername HORDE: [imp] [login] Authentication failed. > [pid 1584 on line 730 of "/srv/www/htdocs/horde/imp/lib/Imap.php"] > Sep 16 23:04:07 servername HORDE: [imp] FAILED LOGIN for calendar > (93.82.157.132) to {imap://localhost/} [pid 1584 on line 157 of > "/srv/www/htdocs/horde/imp/lib/Auth.php"] > Sep 16 23:04:07 servername HORDE: [horde] FAILED LOGIN for calendar to > horde (93.82.157.132) [pid 1584 on line 199 of > "/srv/www/htdocs/horde/login.php"] > > Please give me a hint. Please raise the logging level of the auth section in 10-logging.conf (auth_verbose=yes, auth_verbose_passwords=yes, auth_debug=yes, auth_debug_passwords=yes) and reload Dovecot. Then test login using fetchmail: # fetchmail --check --nodetach --protocol IMAP --all --keep --username And send the relevant log from the IMAP server (probably /var/log/syslog), not the log of the webserver. Greetings Daniel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From ferdinand.gruber at telering.at Thu Sep 17 10:03:38 2015 From: ferdinand.gruber at telering.at (Ferdinand Gruber) Date: Thu, 17 Sep 2015 12:03:38 +0200 Subject: New created users can not log in In-Reply-To: <55F9E077.4010208@telering.at> References: <55F9E077.4010208@telering.at> Message-ID: <55FA8FFA.7090201@telering.at> Am 16.09.2015 um 23:34 schrieb Ferdinand Gruber: > Hi, > > I am using dovecot 2.2 for some time. All users on the system can log > in using Horde Webmail. > > But now, after creating a new user on the server with username> this new user is not able to log in. Of course I have set a > password for the new user. > > In the log file I can see: > Sep 16 23:04:05 servername auth: gkr-pam: error looking up user > information > Sep 16 23:04:07 servername HORDE: [imp] [login] Authentication failed. > [pid 1584 on line 730 of "/srv/www/htdocs/horde/imp/lib/Imap.php"] > Sep 16 23:04:07 servername HORDE: [imp] FAILED LOGIN for calendar > (93.82.157.132) to {imap://localhost/} [pid 1584 on line 157 of > "/srv/www/htdocs/horde/imp/lib/Auth.php"] > Sep 16 23:04:07 servername HORDE: [horde] FAILED LOGIN for calendar to > horde (93.82.157.132) [pid 1584 on line 199 of > "/srv/www/htdocs/horde/login.php"] > > Please give me a hint. > I could solve the problem. There was no mail folder in the home directory of the new user. Now I copied the folder ~/mail from a previous existing user to /etc/skel. This seems to solve the problem. New created users are able to log in. -- Ferdinand Gruber fer.gru at aon.at 00 43 7249 48737 00 43 650 542 88 33 Grieskirchner Stra?e 22 4701 Bad Schallerbach From pixilla at macports.org Thu Sep 17 15:35:22 2015 From: pixilla at macports.org (Bradley Giesbrecht) Date: Thu, 17 Sep 2015 08:35:22 -0700 Subject: restrict map-login by geoip? In-Reply-To: <04BC0E92-5D7C-4866-B6E7-621121D032F0@dop.com> References: <93935069385998dde03ba4dbec9d7da9@junc.eu> <04BC0E92-5D7C-4866-B6E7-621121D032F0@dop.com> Message-ID: >> On Sep 16, 2015, at 6:31 PM, Benny Pedersen wrote: >> >> Terry Barnum skrev den 2015-09-17 02:32: >> >>> I've searched but haven't found how to accomplish this. >> >> http://wiki2.dovecot.org/Authentication/RestrictAccess >> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets >> >> took me 3 sec :=) > > On Sep 16, 2015, at 6:56 PM, Terry Barnum wrote: > > Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this? You could use a geoip table [1] in your firewall or in dovecot with sql and variables [2]. [1] https://dev.maxmind.com/geoip/geoip2/geolite2/ [2] http://wiki2.dovecot.org/Variables Regards, Bradley Giesbrecht (pixilla) From alessio at skye.it Thu Sep 17 15:56:07 2015 From: alessio at skye.it (Alessio Cecchi) Date: Thu, 17 Sep 2015 17:56:07 +0200 Subject: concerning dovecot settings for high volume server In-Reply-To: <55F67BA6.10408@enas.net> References: <9950E1B5D5204D99958814152D9E25D9.MAI@ns1.24x7server.net> <55F67BA6.10408@enas.net> Message-ID: <55FAE297.3010405@skye.it> Hi Urban, I'm interesting in your hardware configuration, in percent how much is the I/O on indexes volume and how in maildata volume? Without index on SSD you will be able to run 28k users on RAID10 (SATA/SAS) only? I'm evaluating if store indexes, on my configuration, on SSD for improving performance. Thanks Il 14/09/2015 09:47, Urban Loesch ha scritto: > Hi Rajesh, > > our setup looks as follows: > > - we are running linux-vserver as virtualization technology > - we have 2 dedicated IMAP/POP3 Proxies in front of 8 dovecot containers. > - totally about 2900 concurrent imap sessions on each imap proxy and about 180 concurrent pop3 sessions > > - all dovecot containers are running on the same hardware (no problems until today): > DELL PER720 with 2x 200GB RAID 1 SSD's for dovecot indexes, 8x 4TB RAID 10 for maildata, 2x300GB RAID1 for OS > 64GB RAM, 2x CPU E5-2640 0 @ 2.50GHz -- Alessio Cecchi https://www.linkedin.com/in/alessice From asteriskmail at gmail.com Thu Sep 17 22:36:54 2015 From: asteriskmail at gmail.com (Il Neofita) Date: Thu, 17 Sep 2015 18:36:54 -0400 Subject: Sieve and forward Message-ID: Hi I have already posted to the postfix group, however, I believe that sieve and dovecot should be able to fix this problem. When I receive a message from yahoo and the user forward it to a gmail or yahoo acount this email is considered as spam or rejected. >From yahoo is rejected since it seems that I am try to send spam since the email should be signed with dkim. Is there a way to encpuslated or sign in some way. Thank you From nmilas at noa.gr Sat Sep 19 07:40:51 2015 From: nmilas at noa.gr (Nikolaos Milas) Date: Sat, 19 Sep 2015 10:40:51 +0300 Subject: Messages lost from imap folders In-Reply-To: <55F95813.5030505@noa.gr> References: <55F95813.5030505@noa.gr> Message-ID: <55FD1183.3000508@noa.gr> Anyone? No suggestions whatsoever? Nick On 16/9/2015 2:52 ??, Nikolaos Milas wrote: > Hello, > > We have one user who is complaining that he has lost mails from 3 imap > folders, administered through squirrelmail. > > The folders suddenly appeared unregistered, and once manually > registered they were empty. > > Has anyone observed something like this? > > We are running two servers (as VMs) with Dovecot v2.2.18, synced > (two-way) using dsync. The configurations follow. > > Can you please help me understand what may have gone wrong? > > Can I try to find actions regarding these folders in the logs? What > should I search for? > > Could this be an issue involving dsync? How can I trace back dsync > activity in detail? > > Server configs follow (I have only altered the real domain name and > the login greeting.) > > Thanks in advance, > Nick > > ----------------------------------------------------------------------------- > > SERVER 1 > ----------------------------------------------------------------------------- > > > protocols = imap pop3 > > login_greeting = Hello World! > > mail_location = maildir:~/Maildir/ > mail_gid = 500 > mail_uid = 500 > > auth_mechanisms = plain login > auth_username_format = %Lu > > auth_verbose = yes > auth_debug = no > mail_debug = no > > disable_plaintext_auth = no > > mail_plugins = quota notify replication > > protocol imap { > imap_client_workarounds = "delay-newmail" > mail_plugins = quota imap_quota notify replication > } > > protocol pop3 { > mail_max_userip_connections = 3 > mail_plugins = quota notify replication > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_uidl_format = %08Xu%08Xv > } > > protocol lda { > auth_socket_path = /var/run/dovecot/auth-master > info_log_path = > log_path = > mail_plugins = quota notify replication > postmaster_address = sysadmin at example.com > sendmail_path = /usr/lib/sendmail > } > > userdb { > args = /etc/dovecot/dovecot-usrdb-ldap.conf > driver = ldap > } > > passdb { > args = /etc/dovecot/dovecot-passdb-ldap.conf > driver = ldap > } > > dsync_remote_cmd = ssh -l root vmail1.example.com doveadm dsync-server > -u%u > replication_dsync_parameters = -d -N -l 30 -U > > plugin { > mail_replica = remote:vmail at vmail1.example.com > } > > plugin { > quota = maildir:User quota > quota_rule = *:storage=5G > quota_rule2 = Trash:storage=+3%% > quota_warning = storage=75%% quota-warning 75 %u > quota_warning2 = storage=90%% quota-warning 90 %u > } > > service quota-warning { > executable = script /opt/mail1.sh > user = vmail > unix_listener quota-warning { > user = vmail > } > } > > service aggregator { > fifo_listener replication-notify-fifo { > user = vmail > } > unix_listener replication-notify { > user = vmail > } > } > > service replicator { > unix_listener replicator-doveadm { > mode = 0600 > } > } > > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-master { > group = vmail > mode = 0660 > user = vmail > } > user = root > } > > service imap-login { > service_count = 1 > vsz_limit = 64 M > } > > service pop3-login { > service_count = 1 > vsz_limit = 64 M > } > > service replicator { > process_min_avail = 1 > } > > service imap { > executable = imap postlogin > } > service pop3 { > executable = pop3 postlogin > } > > service postlogin { > executable = script-login -d rawlog > unix_listener postlogin { > } > } > > ssl_ca = ssl_cert = ssl_key = > ssl_protocols = !SSLv2 !SSLv3 > > syslog_facility = local1 > > ----------------------------------------------------------------------------- > > SERVER 2 > ----------------------------------------------------------------------------- > > > protocols = imap pop3 > > login_greeting = Hello World! > > mail_location = maildir:~/Maildir/ > mail_gid = 5000 > mail_uid = 5000 > > auth_mechanisms = plain login > auth_username_format = %Lu > auth_verbose = yes > disable_plaintext_auth = no > > mail_plugins = quota notify replication > > protocol imap { > imap_client_workarounds = "delay-newmail " > mail_plugins = quota imap_quota notify replication > } > > protocol pop3 { > mail_max_userip_connections = 3 > mail_plugins = quota notify replication > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_uidl_format = %08Xu%08Xv > } > > protocol lda { > auth_socket_path = /var/run/dovecot/auth-master > info_log_path = > log_path = > mail_plugins = quota notify replication > postmaster_address = sysadmin at example.com > sendmail_path = /usr/lib/sendmail > } > > userdb { > args = /etc/dovecot/dovecot-usrdb-ldap.conf > driver = ldap > } > > passdb { > args = /etc/dovecot/dovecot-passdb-ldap.conf > driver = ldap > } > > dsync_remote_cmd = ssh -l root vmail.example.com doveadm dsync-server > -u%u > replication_dsync_parameters = -d -N -l 30 -U > > plugin { > mail_replica = remote:vmail at vmail.example.com > } > > plugin { > quota = maildir:User quota > quota_rule = *:storage=5G > quota_rule2 = Trash:storage=+3%% > quota_warning = storage=75%% quota-warning 75 %u > quota_warning2 = storage=90%% quota-warning 90 %u > } > > service quota-warning { > executable = script /opt/mail1.sh > user = vmail > unix_listener quota-warning { > user = vmail > } > } > > service aggregator { > fifo_listener replication-notify-fifo { > user = vmail > } > unix_listener replication-notify { > user = vmail > } > } > > service replicator { > unix_listener replicator-doveadm { > mode = 0600 > } > } > > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-master { > group = vmail > mode = 0660 > user = vmail > } > user = root > } > > service imap-login { > service_count = 1 > vsz_limit = 64 M > } > > service pop3-login { > service_count = 1 > vsz_limit = 64 M > } > > service replicator { > process_min_avail = 1 > } > > ssl_ca = ssl_cert = ssl_key = > syslog_facility = local1 > > ssl_protocols = !SSLv2 !SSLv3 > > ----------------------------------------------------------------------------- > > From lists at marzocchi.net Sat Sep 19 14:17:53 2015 From: lists at marzocchi.net (Olaf Marzocchi) Date: Sat, 19 Sep 2015 16:17:53 +0200 Subject: Maildir: ACLs/Unix perms and unable to see content of specific mailbox Message-ID: <55FD6E91.7020505@marzocchi.net> Dear Dovecot users, hello. I will merge two issues I have into a single email because they may be related. I used dovecot on a OmniOS server since 2014 (currently OmniOS r151014) with the following configuration (it shows 2.2.18 because I recently updated dovecot, skipping only the PostgreSQL plugin): # 2.2.18: /etc/dovecot/dovecot.conf # OS: SunOS 5.11 i86pc zfs mail_location = maildir:/tank/home/%u/Maildir mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap ssl = required ssl_cert = References: <55F56655.5030907@rename-it.nl> Message-ID: <55FD7EED.5070506@dovecot.fi> On 9/13/2015 6:04 AM, Stephan Bosch wrote: > Op 9/13/2015 om 12:19 PM schreef Jouko Nikula: >> Hello, >> >> I have trouble with some attachments not working on Horde and >> Roundcube. I made a ticket to Roundcube webmail and they tracked down >> it to Dovecot not responding correctly to BINARY FETCH: >> >> http://trac.roundcube.net/ticket/1490532 >> >> What is causing Dovecot to answer NIL? Is there an issue in Dovecot? > > A few questions to facilitate debugging: > > - Do your logs show anything that may be related to this issue? > - What is the output of `dovecot -n` ? Probably this: http://markmail.org/message/abjg72sw7ii5ty5x Trivial to workaround in client code, so no need to disable BINARY outright on a client. michael From ml+dovecot at valo.at Sat Sep 19 17:22:50 2015 From: ml+dovecot at valo.at (Christian Kivalo) Date: Sat, 19 Sep 2015 19:22:50 +0200 Subject: Maildir: ACLs/Unix perms and unable to see content of specific mailbox In-Reply-To: <55FD6E91.7020505@marzocchi.net> References: <55FD6E91.7020505@marzocchi.net> Message-ID: <839515024ef34c25a9bbe682a454855c@valo.at> Hi, On 2015-09-19 16:17, Olaf Marzocchi wrote: > Dear Dovecot users, hello. > I will merge two issues I have into a single email because they may be > related. > > I used dovecot on a OmniOS server since 2014 (currently OmniOS > r151014) with the following configuration (it shows 2.2.18 because I > recently updated dovecot, skipping only the PostgreSQL plugin): > > # 2.2.18: /etc/dovecot/dovecot.conf > # OS: SunOS 5.11 i86pc zfs > mail_location = maildir:/tank/home/%u/Maildir > mail_privileged_group = mail > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > protocols = imap > ssl = required > ssl_cert = ssl_key = userdb { > driver = passwd > } > > You can see that I set the Maildir folder inside the shared home > folders of my server (it is only one user, anyway). > It always worked perfectly, but one-two months ago I changed the > permissions of my whole home folder, recursively, to add proper ACLs. > I needed them because the clients started using illumos kernel SMB > (relying on ACLs) instead of Netatalk/AFP (relying on Unix perms > only). > I didn't realise I applied the ACLs also to the Maildir folder. > > Dovecot worked for several weeks fine, I noticed the issue only > yesterday when a mailbox (see below) appeared in Thunderbird > completely empty even if the "cur" subfolder on the server still > contains all the mails. > > Dovecot was throwing some errors like: > > dovecot: [ID 583609 mail.error] imap(olaf): Error: > rename(/tank/home/olaf/Maildir/.&A6k- Mailing > Lists.Log/dovecot.index.cache) failed: Permission denied > (euid=501(olaf) egid=501(olaf) UNIX perms appear ok (ACL/MAC wrong?)) > dovecot: [ID 583609 mail.error] imap(olaf): Error: > rename(/tank/home/olaf/Maildir/.&A6k- Mailing > Lists.Log/dovecot.index.tmp, /tank/home/olaf/Maildir/.&A6k- Mailing > Lists.Log/dovecot.index) failed: Permission denied > dovecot: [ID 583609 mail.error] imap(olaf): Error: > unlink(/tank/home/olaf/Maildir/subscriptions.lock) failed: Permission > denied > dovecot: [ID 583609 mail.error] imap(olaf): Error: > rename(/tank/home/olaf/Maildir/subscriptions.lock, > /tank/home/olaf/Maildir/subscriptions) failed: Permission denied > > I will post here the current permissions of the folder containing > Maildir, of the Maildir itself, of its contents, and of the folder > that appears empty when browsed with a client (Thunderbird). > > /tank/home/olaf $ ls -lV .. > drwx------+ 16 olaf olaf 17 Sep 19 01:52 olaf > user:olaf:rwxpdDaARWcCos:fd-----:allow > group:2147483648:rwxpdDaARWcCos:fd-----:allow > everyone@:rwxpdDaARWcCos:fd-----:deny > > /tank/home/olaf $ ls -lV > drwxrwx--- 348 olaf olaf 359 Sep 19 01:51 Maildir > owner@:rwxp--aARWcCos:-------:allow > group@:rwxp--a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow > > /tank/home/olaf $ ls -lV Maildir/ > drwxrwx--- 2 olaf olaf 2 Jan 30 2014 cur > owner@:rwxp--aARWcCos:-------:allow > group@:rwxp--a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow > -rwxrwx--- 1 olaf olaf 21 Jan 30 2014 dovecot-keywords > owner@:rwxp--aARWcCos:-------:allow > group@:rwxp--a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow > (ALL THE SAME PERMISSIONS FOR THE OTHER FILES EXCEPT...) > -rwxrwx--- 1 olaf olaf 13735 Jan 24 2015 subscriptions > owner@:rwxp--aARWcCos:-------:allow > group@:rwxp--a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow > -rw-rw---- 1 olaf olaf 13709 Sep 19 01:51 > subscriptions.lock > owner@:rw-p--aARWcCos:-------:allow > group@:rw-p--a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow > > The folder that appears empty: > > /tank/home/olaf $ ls -lV Maildir/.Generiche/ > total 513 > drwxrwx--- 2 olaf olaf 949 Sep 18 01:42 cur > owner@:rwxp--aARWcCos:-------:allow > group@:rwxp--a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow > -rwxrwx--- 1 olaf olaf 46 May 18 2014 dovecot-keywords > owner@:rwxp--aARWcCos:-------:allow > group@:rwxp--a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow > (ALL THE SAME PERMISSIONS FOR THE OTHER FILES) > > > I really hope you will have the time to help me because I already > applied the permissions recursively and I removed the ACLs, almost as > it was before my mistake. > I specified "almost" because originally (I checked the backups) the > Maildir folder had an ACL that gave access permissions also to the > group "mail": > > drwxrwx---+349 olaf olaf 359 Feb 16 2014 Maildir > group:mail:rwxpdDaARWcCos:fd-----:allow > owner@:rwxpdDaARWcCos:fd----I:allow > group@:rwxpdDaARWcCos:fd----I:allow > everyone@:rwxpdDaARWcCos:fd----I:deny > > Yesterday I haven't replicated it because from the documentation I > understood it was not necessary. From my view the permissions seem to be set correctly, i have to admin, its been a while since i moved to virtual users so i may be wrong here... The log output also seems to support that permissions are correct. Have you tried adding the group:mail:.... ACLs back? Have you set mail_debug=yes or other more verbose logging settings? http://wiki2.dovecot.org/Logging > My questions, in short: > - what are the permissions I need to give to the Maildir folder? I > understood from the documentation it's 700, with my user/group (the > one of the user accessing the mail). What about ACLs? and what about > group "mail"? > - the (only!) subfolder which appears empty in Thunderbird, may it > depend on the permissions? maybe due to them the index was not updated > and UIDs don't match. If after applying the correct permissions I > still cannot see its contents, is there a way to recover the mails? > the files are all still there. > > Sorry for the long email, but after several tries yesterday I > exhausted my ideas. > > Regards, > Olaf Regards, Christian From lists at lazygranch.com Sun Sep 20 12:20:57 2015 From: lists at lazygranch.com (lists at lazygranch.com) Date: Sun, 20 Sep 2015 05:20:57 -0700 Subject: Can't receive email Message-ID: <20150920122057.5484629.20488.10927@lazygranch.com> No problem sending email, but I can't receive email. Diagnostics follow: a login user at domain.com password a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE] Logged in b select inbox * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 9 EXISTS * 1 RECENT * OK [UNSEEN 9] First unseen. * OK [UIDVALIDITY 1439944213] UIDs valid * OK [UIDNEXT 10] Predicted next UID * OK [HIGHESTMODSEQ 2] Highest b OK [READ-WRITE] Select completed (0.017 secs). c list "" * * LIST (\HasNoChildren \Trash) "." Trash * LIST (\HasNoChildren) "." Queue * LIST (\HasNoChildren \Sent) "." Sent * LIST (\HasNoChildren \Drafts) "." Drafts * LIST (\HasNoChildren) "." INBOX c OK List completed (0.001 secs). d lsub "" * * LSUB (\Trash) "." Trash * LSUB () "." Queue * LSUB (\Sent) "." Sent * LSUB (\Drafts) "." Drafts d OK Lsub completed (0.003 secs). e logout * BYE Logging out e OK Logout completed. closed --------------------------------------- from dovecot.log Sep 19 23:35:13 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [xxx.xxx.xxx.xxx] Sep 19 23:35:13 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [xxx.xxx.xxx.xxx] Sep 19 23:35:13 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [xxx.xxx.xxx.xxx] Sep 19 23:35:13 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 19 23:35:13 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Sep 19 23:35:13 auth: Debug: passwd-file /usr/local/etc/dovecot/users: Read 2 users in 0 secs Sep 19 23:35:13 auth: Debug: auth client connected (pid=1698) Sep 19 23:38:13 imap-login: Info: Disconnected: Inactivity (no auth attempts in 180 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS handshaking, session= -------------------------------- # dovecot -n # 2.2.18: /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.8 (0c4ae064f307+) # OS: FreeBSD 10.1-RELEASE-p19 amd64 auth_debug = yes auth_debug_passwords = yes auth_verbose = yes log_path = /var/log/dovecot.log mail_debug = yes mail_gid = 1003 mail_home = /var/mail/vhosts/%d/%n mail_location = maildir:~ mail_privileged_group = vpostfix mail_uid = 1003 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users driver = passwd-file } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = postfix mode = 0600 user = postfix } } ssl_cert = As this is my first message to this ML: Hello! I am using a password-protected SSL key for my dovecot MDA. When I tried to use the ssl_key_password configuration directive as follow: ssl_key_password = References: Message-ID: <5564714065acb17882ffbd0c71d88947@valo.at> Hi, On 2015-09-20 15:35, B. R. wrote: > As this is my first message to this ML: Hello! > > I am using a password-protected SSL key for my dovecot MDA. > When I tried to use the ssl_key_password configuration directive as > follow: > ssl_key_password = it did not work as I logged the following: > dovecot: imap-login: Error: SSL: Stacked error: error:06065064:digital > envelope routines:EVP_DecryptFinal_ex:bad decrypt > dovecot: imap-login: Fatal: Couldn't parse private ssl_key: > error:0906A065:PEM routines:PEM_do_header:bad decrypt > > However, not using the fille inclusion but directly configuring as > follow: > ssl_key_password = mypass > did work... I don't know for sure but maybe its not implemented to load the password from a file... Reading http://wiki2.dovecot.org/SSL/DovecotConfiguration suggests to use an extra config file with tightened permissions that only contains the "ssl_key_password = $password" configuration directive and include this file with "!include_try $file". That way you could swap that file out automatically when renewing the private key. > I am loading my certificate & key with the file inclusion trick... How > come > cannot I use that for the password file? > It would avoid input the password directly into the dovecot > configuraiton > files, forcing me to change permissions and duplicating it... When > renewing > the private key I will be force to edit the password at every location. > > Is it a bug? or a feature? :D > --- > *B. R.* Regards christian From lists at marzocchi.net Sun Sep 20 14:39:27 2015 From: lists at marzocchi.net (Olaf Marzocchi) Date: Sun, 20 Sep 2015 16:39:27 +0200 Subject: Maildir: ACLs/Unix perms and unable to see content of specific mailbox In-Reply-To: <839515024ef34c25a9bbe682a454855c@valo.at> References: <55FD6E91.7020505@marzocchi.net> <839515024ef34c25a9bbe682a454855c@valo.at> Message-ID: <55FEC51F.8030804@marzocchi.net> I found that the ACL I gave were not automatically applied to the newly created files and dirs (missing :fd-----:), so I corrected them and I added group:mail. $ chmod -R A=owner@:rwxpdDaARWcCos:fd-----:allow,\ user:olaf:rwxpdDaARWcCos:fd-----:allow,\ group@:rwxpdDaARWcCos:fd-----:allow,\ group:olaf:rwxpdDaARWcCos:fd-----:allow,\ group:mail:rwxpdDaARWcCos:fd-----:allow,\ everyone@:------a-R-c--s:fd-----:allow Maildir (I know I duplicated my username and group, but I wanted to be sure...) drwxrwx---+348 olaf olaf 359 Sep 20 16:21 Maildir owner@:rwxpdDaARWcCos:fd-----:allow user:olaf:rwxpdDaARWcCos:fd-----:allow group@:rwxpdDaARWcCos:fd-----:allow group:olaf:rwxpdDaARWcCos:fd-----:allow group:mail:rwxpdDaARWcCos:fd-----:allow everyone@:------a-R-c--s:fd-----:allow I verified that newly created files inside Maildir correctly retain these ACLs. I still get the errors (I added "mail_debug=yes" and restarted): [ID 583609 mail.error] imap(olaf): Error: rename(/tank/home/olaf/Maildir/.Amici, conoscenti/dovecot.index.cache) failed: Permission denied (euid=501(olaf) egid=501(olaf) UNIX perms appear ok (ACL/MAC wrong?)) [ID 583609 mail.error] imap(olaf): Error: rename(/tank/home/olaf/Maildir/.Amici, conoscenti/dovecot.index.tmp, /tank/home/olaf/Maildir/.Amici, conoscenti/dovecot.index) failed: Permission denied No further details. I won't post the ls- lV again since the permissions in the specified file and folder are all exactly like the Maildir folder above. Different errors after I tried to rename a mail folder: Debug: Namespace : Using permissions from /tank/home/olaf/Maildir: mode=0770 gid=default Error: unlink(/tank/home/olaf/Maildir/subscriptions.lock) failed: Permission denied Error: file_dotlock_replace() failed with subscription file /tank/home/olaf/Maildir/subscriptions: Permission denied Error: rename(/tank/home/olaf/Maildir/subscriptions.lock, /tank/home/olaf/Maildir/subscriptions) failed: Permission denied At this point I don't know if it is an issue with my system, or some sort of incompatibility between dovecot and illumos or ZFS. Except for folder renaming I can put mails in the IMAP folders and see them, but I fear for future problems caused by this issue. In case there is someone able to read source code, this is the file where the ACL/MAC issue is generated: http://hg.dovecot.org/dovecot-2.2/file/4f4243794ba1/src/lib/eacces-error.c Has anyone with this additional information some clue? I still don't. Olaf On 19/09/2015 19:22, Christian Kivalo wrote: > Hi, > > On 2015-09-19 16:17, Olaf Marzocchi wrote: >> Dear Dovecot users, hello. >> I will merge two issues I have into a single email because they may be >> related. >> >> I used dovecot on a OmniOS server since 2014 (currently OmniOS >> r151014) with the following configuration (it shows 2.2.18 because I >> recently updated dovecot, skipping only the PostgreSQL plugin): >> >> # 2.2.18: /etc/dovecot/dovecot.conf >> # OS: SunOS 5.11 i86pc zfs >> mail_location = maildir:/tank/home/%u/Maildir >> mail_privileged_group = mail >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> driver = pam >> } >> protocols = imap >> ssl = required >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> >> You can see that I set the Maildir folder inside the shared home >> folders of my server (it is only one user, anyway). >> It always worked perfectly, but one-two months ago I changed the >> permissions of my whole home folder, recursively, to add proper ACLs. >> I needed them because the clients started using illumos kernel SMB >> (relying on ACLs) instead of Netatalk/AFP (relying on Unix perms >> only). >> I didn't realise I applied the ACLs also to the Maildir folder. >> >> Dovecot worked for several weeks fine, I noticed the issue only >> yesterday when a mailbox (see below) appeared in Thunderbird >> completely empty even if the "cur" subfolder on the server still >> contains all the mails. >> >> Dovecot was throwing some errors like: >> >> dovecot: [ID 583609 mail.error] imap(olaf): Error: >> rename(/tank/home/olaf/Maildir/.&A6k- Mailing >> Lists.Log/dovecot.index.cache) failed: Permission denied >> (euid=501(olaf) egid=501(olaf) UNIX perms appear ok (ACL/MAC wrong?)) >> dovecot: [ID 583609 mail.error] imap(olaf): Error: >> rename(/tank/home/olaf/Maildir/.&A6k- Mailing >> Lists.Log/dovecot.index.tmp, /tank/home/olaf/Maildir/.&A6k- Mailing >> Lists.Log/dovecot.index) failed: Permission denied >> dovecot: [ID 583609 mail.error] imap(olaf): Error: >> unlink(/tank/home/olaf/Maildir/subscriptions.lock) failed: Permission >> denied >> dovecot: [ID 583609 mail.error] imap(olaf): Error: >> rename(/tank/home/olaf/Maildir/subscriptions.lock, >> /tank/home/olaf/Maildir/subscriptions) failed: Permission denied >> >> I will post here the current permissions of the folder containing >> Maildir, of the Maildir itself, of its contents, and of the folder >> that appears empty when browsed with a client (Thunderbird). >> >> /tank/home/olaf $ ls -lV .. >> drwx------+ 16 olaf olaf 17 Sep 19 01:52 olaf >> user:olaf:rwxpdDaARWcCos:fd-----:allow >> group:2147483648:rwxpdDaARWcCos:fd-----:allow >> everyone@:rwxpdDaARWcCos:fd-----:deny >> >> /tank/home/olaf $ ls -lV >> drwxrwx--- 348 olaf olaf 359 Sep 19 01:51 Maildir >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> >> /tank/home/olaf $ ls -lV Maildir/ >> drwxrwx--- 2 olaf olaf 2 Jan 30 2014 cur >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> -rwxrwx--- 1 olaf olaf 21 Jan 30 2014 dovecot-keywords >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> (ALL THE SAME PERMISSIONS FOR THE OTHER FILES EXCEPT...) >> -rwxrwx--- 1 olaf olaf 13735 Jan 24 2015 subscriptions >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> -rw-rw---- 1 olaf olaf 13709 Sep 19 01:51 subscriptions.lock >> owner@:rw-p--aARWcCos:-------:allow >> group@:rw-p--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> >> The folder that appears empty: >> >> /tank/home/olaf $ ls -lV Maildir/.Generiche/ >> total 513 >> drwxrwx--- 2 olaf olaf 949 Sep 18 01:42 cur >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> -rwxrwx--- 1 olaf olaf 46 May 18 2014 dovecot-keywords >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> (ALL THE SAME PERMISSIONS FOR THE OTHER FILES) >> >> >> I really hope you will have the time to help me because I already >> applied the permissions recursively and I removed the ACLs, almost as >> it was before my mistake. >> I specified "almost" because originally (I checked the backups) the >> Maildir folder had an ACL that gave access permissions also to the >> group "mail": >> >> drwxrwx---+349 olaf olaf 359 Feb 16 2014 Maildir >> group:mail:rwxpdDaARWcCos:fd-----:allow >> owner@:rwxpdDaARWcCos:fd----I:allow >> group@:rwxpdDaARWcCos:fd----I:allow >> everyone@:rwxpdDaARWcCos:fd----I:deny >> >> Yesterday I haven't replicated it because from the documentation I >> understood it was not necessary. > > From my view the permissions seem to be set correctly, i have to admin, > its been a while since i moved to virtual users so i may be wrong here... > > The log output also seems to support that permissions are correct. > > Have you tried adding the group:mail:.... ACLs back? > > Have you set mail_debug=yes or other more verbose logging settings? > http://wiki2.dovecot.org/Logging > > > >> My questions, in short: >> - what are the permissions I need to give to the Maildir folder? I >> understood from the documentation it's 700, with my user/group (the >> one of the user accessing the mail). What about ACLs? and what about >> group "mail"? >> - the (only!) subfolder which appears empty in Thunderbird, may it >> depend on the permissions? maybe due to them the index was not updated >> and UIDs don't match. If after applying the correct permissions I >> still cannot see its contents, is there a way to recover the mails? >> the files are all still there. >> >> Sorry for the long email, but after several tries yesterday I >> exhausted my ideas. >> >> Regards, >> Olaf > > Regards, > Christian From t.b.mailinglists at igeno-fat.de Sun Sep 20 22:16:06 2015 From: t.b.mailinglists at igeno-fat.de (T.B.) Date: Mon, 21 Sep 2015 00:16:06 +0200 Subject: [Dovecot] Pigeonhole sieve re-filter extension? In-Reply-To: <536B7A82.5070602@rename-it.nl> References: <5368BCD3.8080604@igeno-fat.de> <5368C20B.6090909@rename-it.nl> <5368C78E.9000107@alec.pl> <53694ACB.5070806@igeno-fat.de> <5369F171.2000709@igeno-fat.de> <536B7A82.5070602@rename-it.nl> Message-ID: <55FF3026.9050100@igeno-fat.de> Hi Stephan Bosch, any update on this? Regards, T.B. Am 08.05.2014 um 14:37 schrieb Stephan Bosch: > T.B. schreef op 7-5-2014 10:40: >> I think it would not be a problem to develop a solution to remotely >> trigger re-filtering for me, myself and I. But that is not the point >> here. Clients like the Thunderbird Sieve Extension >> (https://github.com/thsmi/sieve, >> https://addons.mozilla.org/de/thunderbird/addon/sieve/) or the diverse >> webmail MUA's will only start implementing such a feature if there is >> a official draft or specification. > > Yes, I agree. > >> The whole point of my initiative here is that Managesieve finally >> becomes the capability to replicate the features the users know from >> their local client side filtering (Thunderbird, Outlook) which provide >> the feature of re-filtering. Even big webmail providers like the >> Global Mail Exchange / GMX here in Germany provide re-filtering in >> their webgui. > > I don't think this should be a ManageSieve feature. ManageSieve > currently does not need/have access to the user's mailbox. It therefore > also doesn't have the syntax elements and mechanisms in place to select > mailboxes and ranges of messages. I think the only sensible place for > this feature is IMAP. > >> I use the sieve-filter tool very often for myself - everytime when I >> create a new subfolder and create a new fileinto rule, I refilter my >> Inbox to clean it up and have a consistent subfolder with all old and >> new mails that are matching the rule. >> >> The man page of the sieve-filter tool is 2 and a half years old ;) >> (http://pigeonhole.dovecot.org/doc/man1/sieve-filter.1.html) >> Sadly even the Wiki page doesn't mention it directly: >> http://wiki2.dovecot.org/HowTo/RefilterMail > > I haven't received much feedback about this command line tool. So either > everyone is happy with it, or it is rarely used. :) > >> Since the new german Dovecot book (http://www.dovecot-buch.de/) >> recommends the sieve-filter tool for refiltering, it will get much >> more attention in the future. > > Only from Germans at first, although it will be translated soon I guess. > > Anyway, I will give this idea a closer look somewhat soon. The main > problem with IMAPSieve is not the METADATA support or the other Sieve > extensions needed for it, it is the atomic nature of the IMAP commands > for which it is used: either the whole command succeeds or the whole > command fails. This makes things difficult for the Sieve interpreter, as > it needs to keep record of what it has done for when a rollback is > needed. Especially for "redirect" this is a huge pain. > > However, as you rightly say, this new feature can be simpler than that. > It can reduce the atomicity to include only the processing of individual > messages and e.g. return a response indicating which messages were > successfully processed. This way, the state at client and server can > still remain consistent without too much trouble. I think I'll make a > proof-of-concept first and then condense my experience into a proper > specification. This can take a while though; there is much Dovecot stuff > on my list at the moment. > > Regards, > > Stephan. From avb at korax.net Mon Sep 21 05:53:53 2015 From: avb at korax.net (Alex Bulan) Date: Mon, 21 Sep 2015 01:53:53 -0400 (EDT) Subject: Dovecot proxy ignores trusted root certificate store Message-ID: <20150921013013.N73899@int2.korax.net> Dovecot v2.2.18 OS: FreeBSD 10.1/amd64 Dovecot in proxy mode ignores the root certificate store and can't verify the backend's SSL certificate. I've pointed ssl_client_ca_file to my root certificate store, but I suspect ssl_client_ca_file is only used in imapc context. It seems to be ignored in proxy context. doveconf -n ssl_client_ca_file: ssl_client_ca_file = /usr/local/share/certs/ca-root-nss.crt In my password_query I return host set to the backend's IP address, starttls='yes', proxy='y'. The backend's certificate chain is correct and it verifies successfully with "openssl s_client -connect x.x.x.x:110 -starttls pop3 -CAfile /usr/local/share/certs/ca-root-nss.crt". But the Dovecot proxy fails to verify the intermediate certificate it receives from the backend. The inode atime of ca-root-nss.crt is never updated, either at Dovecot start or when it connects to the backend, so Dovecot (via the openssl library) never reads the file. Sep 20 19:59:48 dovecot: pop3-login: Invalid certificate: unable to get local issuer certificate: /C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA - G4 Sep 20 19:59:48 dovecot: pop3-login: Invalid certificate: certificate not trusted: /C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA - G4 Sep 20 19:59:48 dovecot: pop3-login: Error: proxy: Received invalid SSL certificate from x.x.x.x:110: unable to get local issuer certificate: /C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA - G4: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, session= From mihai at badici.ro Mon Sep 21 06:00:58 2015 From: mihai at badici.ro (Mihai Badici) Date: Mon, 21 Sep 2015 09:00:58 +0300 Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <20150921013013.N73899@int2.korax.net> References: <20150921013013.N73899@int2.korax.net> Message-ID: <1680879.QHthPtFNUz@hpdesktop> On Monday 21 September 2015 01:53:53 Alex Bulan wrote: > Dovecot v2.2.18 > OS: FreeBSD 10.1/amd64 > > Dovecot in proxy mode ignores the root certificate store and can't verify > the backend's SSL certificate. > > I've pointed ssl_client_ca_file to my root certificate store, but I > suspect ssl_client_ca_file is only used in imapc context. It seems to be > ignored in proxy context. > > doveconf -n ssl_client_ca_file: > ssl_client_ca_file = /usr/local/share/certs/ca-root-nss.crt I think the correct syntax is : ssl_ca = < /etc/ssl/certs/cacert.pem For all kind of ssl_xyz files Mihai Badici[1] -------- [1] http://mihai.badici.ro From ml+dovecot at valo.at Mon Sep 21 07:09:18 2015 From: ml+dovecot at valo.at (Christian Kivalo) Date: Mon, 21 Sep 2015 09:09:18 +0200 Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <20150921013013.N73899@int2.korax.net> References: <20150921013013.N73899@int2.korax.net> Message-ID: <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> Hi > I've pointed ssl_client_ca_file to my root certificate store, but I > suspect ssl_client_ca_file is only used in imapc context. It seems to > be ignored in proxy context. > > doveconf -n ssl_client_ca_file: > ssl_client_ca_file = /usr/local/share/certs/ca-root-nss.crt You are missing the "<" before the file path Try ssl_client_ca_file = References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> Message-ID: <20150921032259.A73899@int2.korax.net> The result is the same with or without "<" before the file path. With "<" the inode atime is updated at Dovecot startup, so the file is at least opened, but Dovecot still can't verify the cert. The only place in the Wiki that shows an example of ssl_client_ca_file is on this page, and there's no "<" in front of the file path: http://wiki2.dovecot.org/Replication (quote) The client must be able to verify that the SSL certificate is valid, so you need to specify the directory containing valid SSL CA roots: ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat (end quote) On Mon, 21 Sep 2015, Christian Kivalo wrote: > Hi > >> I've pointed ssl_client_ca_file to my root certificate store, but I >> suspect ssl_client_ca_file is only used in imapc context. It seems to >> be ignored in proxy context. >> >> doveconf -n ssl_client_ca_file: >> ssl_client_ca_file = /usr/local/share/certs/ca-root-nss.crt > > You are missing the "<" before the file path > > Try ssl_client_ca_file = > See http://wiki2.dovecot.org/SSL/DovecotConfiguration > > Regards > Christian > From ml+dovecot at valo.at Mon Sep 21 08:50:19 2015 From: ml+dovecot at valo.at (Christian Kivalo) Date: Mon, 21 Sep 2015 10:50:19 +0200 Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <20150921032259.A73899@int2.korax.net> References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> <20150921032259.A73899@int2.korax.net> Message-ID: <25f0e609a40a7edc1d6c3e89f91625ca@valo.at> On 2015-09-21 09:28, Alex Bulan wrote: > The result is the same with or without "<" before the file path. With > "<" the inode atime is updated at Dovecot startup, so the file is at > least opened, but Dovecot still can't verify the cert. > > The only place in the Wiki that shows an example of ssl_client_ca_file > is on this page, and there's no "<" in front of the file path: > > http://wiki2.dovecot.org/Replication > > (quote) > The client must be able to verify that the SSL certificate is valid, > so you need to specify the directory containing valid SSL CA roots: > > ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu > ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat > (end quote) For replication only settings? I can only guess as i currently don't use proxy nor replication. Haven't found much about proxying and ssl but found a configuration parameter ssl_ca = > On Mon, 21 Sep 2015, Christian Kivalo wrote: > >> Hi >> >>> I've pointed ssl_client_ca_file to my root certificate store, but I >>> suspect ssl_client_ca_file is only used in imapc context. It seems >>> to >>> be ignored in proxy context. >>> >>> doveconf -n ssl_client_ca_file: >>> ssl_client_ca_file = /usr/local/share/certs/ca-root-nss.crt >> >> You are missing the "<" before the file path >> >> Try ssl_client_ca_file = > >> See http://wiki2.dovecot.org/SSL/DovecotConfiguration >> >> Regards >> Christian >> - Christian From andrew at mcnaughty.com Mon Sep 21 11:45:29 2015 From: andrew at mcnaughty.com (Andrew McN) Date: Mon, 21 Sep 2015 21:45:29 +1000 Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <20150921032259.A73899@int2.korax.net> References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> <20150921032259.A73899@int2.korax.net> Message-ID: <55FFEDD9.8080203@mcnaughty.com> On 21/09/15 17:28, Alex Bulan wrote: > The result is the same with or without "<" before the file path. With > "<" the inode atime is updated at Dovecot startup, so the file is at > least opened, but Dovecot still can't verify the cert. > > The only place in the Wiki that shows an example of ssl_client_ca_file > is on this page, and there's no "<" in front of the file path: > > http://wiki2.dovecot.org/Replication > > (quote) > The client must be able to verify that the SSL certificate is valid, so > you need to specify the directory containing valid SSL CA roots: > > ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu > ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat > (end quote) > Suggesting that on Redhat you should specify "the directory containing valid SSL CA roots" by setting ssl_client_ca_file sounds kinda crazy. Sounds like setting a file instead. So that bit of documentation should be treated as rather suspect. Regards, Andrew From Hajo.Locke at gmx.de Mon Sep 21 12:34:22 2015 From: Hajo.Locke at gmx.de (Hajo Locke) Date: Mon, 21 Sep 2015 14:34:22 +0200 Subject: sieve_extprograms - run any individual script? Message-ID: <55FFF94E.3020907@gmx.de> Hello, i use sieve extension sieve_extprograms to send incoming mail to some script. For security reasons it is needed that script-paths etc. are registered in dovecot.conf This is my current dovecot.conf plugin { sieve = ~/.dovecot.sieve sieve_plugins = sieve_extprograms sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter +vnd.dovecot.execute sieve_pipe_bin_dir = /usr/local/bin/ sieve_filter_bin_dir = /usr/local/bin/ } .dovecot.sieve example: if address "to" "test at example.com" { filter "myfilter"; } This is all working without problems. Is there a possibility to allow users the execution of individual scripts in own homepath? Some people need to pipe mails to scripts for immediately processing (some ticketsystems need this). Is there a way to make this possible with sieve? Thanks, Hajo From tom at whyscream.net Mon Sep 21 16:58:22 2015 From: tom at whyscream.net (Tom Hendrikx) Date: Mon, 21 Sep 2015 18:58:22 +0200 Subject: sieve_extprograms - run any individual script? In-Reply-To: <55FFF94E.3020907@gmx.de> References: <55FFF94E.3020907@gmx.de> Message-ID: <5600372E.10407@whyscream.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 21-09-15 14:34, Hajo Locke wrote: > Hello, > > i use sieve extension sieve_extprograms to send incoming mail to > some script. For security reasons it is needed that script-paths > etc. are registered in dovecot.conf This is my current > dovecot.conf > > plugin { sieve = ~/.dovecot.sieve sieve_plugins = > sieve_extprograms sieve_extensions = +vnd.dovecot.pipe > +vnd.dovecot.filter +vnd.dovecot.execute sieve_pipe_bin_dir = > /usr/local/bin/ sieve_filter_bin_dir = /usr/local/bin/ } > > .dovecot.sieve example: > > if address "to" "test at example.com" { filter "myfilter"; } > > This is all working without problems. > > Is there a possibility to allow users the execution of individual > scripts in own homepath? Some people need to pipe mails to scripts > for immediately processing (some ticketsystems need this). Is there > a way to make this possible with sieve? I'd hope that for a ticketing system setup that needs this, the mail admin is asked to help setup a proper solution. The very design where the mail admin decides which programs are (safe to) run is based on security. If you really want your users to define their own programs to run, you could create a simple shell script and setup it up as an extprogram, which delivers their mail to procmail. But it's surely the ugliest workaround I made up this year... ;P Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWADcuAAoJEJPfMZ19VO/110oP/R9EztNAlI/QsfBPAVqRYI5k PGPAeCwb952BUKQNbx8koVChsL4nMnX8QqcUDyg0NUN1H4ImZhAGbdNBISGmpVmI 3wb1EjGkadoSC+t6NXqAP+fIljNZe9gA2T54J+w8iDl3Qv6zNCq6eIWAS8xYPLOG /0l1uJ+eVs2UvPpHMGXT+XI649nyIzsB2ac0TP6EffcxX9tY7O3LhEMvgZWBSm72 POAa+TYApb4jsZFcffgZAbFFoyDgujL3sxK8yBHNu3q8xYDJ2dLJxEVQwneKsc/1 6N18c4TWrl3TnhCEWbzq5pjSsqaEAW6wyQXFxw1j7k41cplWgZB2wuCLyMo448E6 P820HA4T4Vd19Lk0VsIaCj4CTVCE4BQ+mhRi/rDFOqa32iObtp8e9sAcz8bzsjof Si7Z2jtv6S8B8Jw8pX5e0zNeTtcguYLVwOJEFadjmmOXK0qWvkA+Cstx+2Yhcal9 1p6CaNzPSXjKV1d1RWjYtGfK8FjkWYKcpO/csfjswQjucAEUGv2+W3NLd39p/Esg /7KLlE9d4Ar86SK0GX72oDg7L2zOxSXd1rpC2DUae+WLIzzX+bY+mNxMjeabcSQl 2/baD0jiTT2g2vb+QtBUlZmB8hdqnfALC6lL47yoojBjwX1cjjZzXsiqt0O+zKb9 pZPm6gzKVTnNpdGN+LX5 =h/hT -----END PGP SIGNATURE----- From reallfqq-dovecot at yahoo.fr Mon Sep 21 17:11:50 2015 From: reallfqq-dovecot at yahoo.fr (B. R.) Date: Mon, 21 Sep 2015 19:11:50 +0200 Subject: ssl_key_password loaded from file: 'Couldn't parse private ssl_key' In-Reply-To: <5564714065acb17882ffbd0c71d88947@valo.at> References: <5564714065acb17882ffbd0c71d88947@valo.at> Message-ID: Hello, Thanks for your answer. I read this Wiki tip, but it does not fit, as I serve emails for several domains, each using its iwn (potentioally enciphered) private key. I thus need to use the directive as port of a local_name block. I tried to create 2 blocks in 2 different files automatically loaded from conf.d: ### private.conf ### <-- prevented read permission for other than root:root local_name mydomain { ssl_key_password = mypass } ### 10-ssl.conf ### local_name mydomain { ssl_cert = wrote: > Hi, > > On 2015-09-20 15:35, B. R. wrote: > >> As this is my first message to this ML: Hello! >> >> I am using a password-protected SSL key for my dovecot MDA. >> When I tried to use the ssl_key_password configuration directive as >> follow: >> ssl_key_password = > it did not work as I logged the following: >> dovecot: imap-login: Error: SSL: Stacked error: error:06065064:digital >> envelope routines:EVP_DecryptFinal_ex:bad decrypt >> dovecot: imap-login: Fatal: Couldn't parse private ssl_key: >> error:0906A065:PEM routines:PEM_do_header:bad decrypt >> >> However, not using the fille inclusion but directly configuring as follow: >> ssl_key_password = mypass >> did work... >> > > I don't know for sure but maybe its not implemented to load the password > from a file... > > Reading http://wiki2.dovecot.org/SSL/DovecotConfiguration suggests to use > an extra config file with tightened permissions that only contains the > "ssl_key_password = $password" configuration directive and include this > file with "!include_try $file". > > That way you could swap that file out automatically when renewing the > private key. > > I am loading my certificate & key with the file inclusion trick... How come >> cannot I use that for the password file? >> It would avoid input the password directly into the dovecot configuraiton >> files, forcing me to change permissions and duplicating it... When >> renewing >> the private key I will be force to edit the password at every location. >> >> Is it a bug? or a feature? :D >> --- >> *B. R.* >> > > Regards > christian > From rs at sys4.de Mon Sep 21 17:20:14 2015 From: rs at sys4.de (Robert Schetterer) Date: Mon, 21 Sep 2015 19:20:14 +0200 Subject: sieve_extprograms - run any individual script? In-Reply-To: <55FFF94E.3020907@gmx.de> References: <55FFF94E.3020907@gmx.de> Message-ID: <56003C4E.6080400@sys4.de> Am 21.09.2015 um 14:34 schrieb Hajo Locke: > Hello, > > i use sieve extension sieve_extprograms to send incoming mail to some > script. > For security reasons it is needed that script-paths etc. are registered > in dovecot.conf > This is my current dovecot.conf > > plugin { > sieve = ~/.dovecot.sieve > sieve_plugins = sieve_extprograms > sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter > +vnd.dovecot.execute > sieve_pipe_bin_dir = /usr/local/bin/ > sieve_filter_bin_dir = /usr/local/bin/ > } > > .dovecot.sieve example: > > if address "to" "test at example.com" > { > filter "myfilter"; > } > > This is all working without problems. > > Is there a possibility to allow users the execution of individual > scripts in own homepath? Some people need to pipe mails to scripts for > immediately processing (some ticketsystems need this). > Is there a way to make this possible with sieve? > > Thanks, > Hajo perhaps includes help http://tools.ietf.org/html/rfc6609 Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From avb at korax.net Mon Sep 21 17:34:25 2015 From: avb at korax.net (Alex Bulan) Date: Mon, 21 Sep 2015 13:34:25 -0400 (EDT) Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <25f0e609a40a7edc1d6c3e89f91625ca@valo.at> References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> <20150921032259.A73899@int2.korax.net> <25f0e609a40a7edc1d6c3e89f91625ca@valo.at> Message-ID: <20150921111912.D73899@int2.korax.net> On Mon, 21 Sep 2015, Christian Kivalo wrote: > Haven't found much about proxying and ssl but found a configuration parameter > ssl_ca = > http://wiki2.dovecot.org/SSL/DovecotConfiguration section Client certificate > verification/authentication ssl_ca serves a different purpose, it's for setting your certificate authority in order to verify client certs you've issued. Setting "ssl_ca = References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> <20150921032259.A73899@int2.korax.net> <55FFEDD9.8080203@mcnaughty.com> Message-ID: <20150921134203.F73899@int2.korax.net> On Mon, 21 Sep 2015, Andrew McN wrote: >> http://wiki2.dovecot.org/Replication >> >> (quote) >> The client must be able to verify that the SSL certificate is valid, so >> you need to specify the directory containing valid SSL CA roots: >> >> ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu >> ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat >> (end quote) >> > > Suggesting that on Redhat you should specify "the directory containing > valid SSL CA roots" by setting ssl_client_ca_file sounds kinda crazy. > Sounds like setting a file instead. So that bit of documentation should > be treated as rather suspect. > > Regards, > Andrew In some environments, root certs are stored in a hashed directory, in other environments they're stored in one file. One would typically use one setting or the other. I think ssl_client_ca_file was implemented later than ssl_client_ca_dir. The comment just needs to be updated. From edgar at pettijohn-web.com Mon Sep 21 21:07:08 2015 From: edgar at pettijohn-web.com (Edgar Pettijohn) Date: Mon, 21 Sep 2015 16:07:08 -0500 Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <20150921134203.F73899@int2.korax.net> References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> <20150921032259.A73899@int2.korax.net> <55FFEDD9.8080203@mcnaughty.com> <20150921134203.F73899@int2.korax.net> Message-ID: <5600717C.9070004@pettijohn-web.com> doveconf -n? On 09/21/2015 12:45 PM, Alex Bulan wrote: > On Mon, 21 Sep 2015, Andrew McN wrote: > >>> http://wiki2.dovecot.org/Replication >>> >>> (quote) >>> The client must be able to verify that the SSL certificate is valid, so >>> you need to specify the directory containing valid SSL CA roots: >>> >>> ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu >>> ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat >>> (end quote) >>> >> >> Suggesting that on Redhat you should specify "the directory containing >> valid SSL CA roots" by setting ssl_client_ca_file sounds kinda crazy. >> Sounds like setting a file instead. So that bit of documentation should >> be treated as rather suspect. >> >> Regards, >> Andrew > > In some environments, root certs are stored in a hashed directory, in > other environments they're stored in one file. One would typically > use one setting or the other. > > I think ssl_client_ca_file was implemented later than > ssl_client_ca_dir. The comment just needs to be updated. From avb at korax.net Mon Sep 21 22:11:12 2015 From: avb at korax.net (Alex Bulan) Date: Mon, 21 Sep 2015 18:11:12 -0400 (EDT) Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <5600717C.9070004@pettijohn-web.com> References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> <20150921032259.A73899@int2.korax.net> <55FFEDD9.8080203@mcnaughty.com> <20150921134203.F73899@int2.korax.net> <5600717C.9070004@pettijohn-web.com> Message-ID: <20150921174213.A73899@int2.korax.net> On Mon, 21 Sep 2015, Edgar Pettijohn wrote: > doveconf -n? doveconf -n|grep ssl should suffice: ssl = required ssl_ca = References: <5564714065acb17882ffbd0c71d88947@valo.at> Message-ID: <56008294.8060904@pettijohn-web.com> On 09/21/2015 12:11 PM, B. R. wrote: > Hello, > > Thanks for your answer. > > I read this Wiki tip, but it does not fit, as I serve emails for several > domains, each using its iwn (potentioally enciphered) private key. > I thus need to use the directive as port of a local_name block. > > I tried to create 2 blocks in 2 different files automatically loaded from > conf.d: > ### private.conf ### <-- prevented read permission for other than root:root > local_name mydomain { > ssl_key_password = mypass > } > > ### 10-ssl.conf ### > local_name mydomain { > ssl_cert = sslkey = } Maybe try: private.conf local_name mydomain { ssl_key_password = password ssl_cert = But that failed with 'Couldn't open include file > /etc/dovecot/conf.d/private.conf: Permission denied' > Restricting rights directly on 10-ssl.conf failed with a similar error: > 'Couldn't open include file /etc/dovecot/conf.d/10-ssl.conf: Permission > denied' > > So far, I have not found a reliable way of using enciphered private keys > with dovecot... > --- > *B. R.* > > On Sun, Sep 20, 2015 at 4:00 PM, Christian Kivalo > wrote: > >> Hi, >> >> On 2015-09-20 15:35, B. R. wrote: >> >>> As this is my first message to this ML: Hello! >>> >>> I am using a password-protected SSL key for my dovecot MDA. >>> When I tried to use the ssl_key_password configuration directive as >>> follow: >>> ssl_key_password = >> it did not work as I logged the following: >>> dovecot: imap-login: Error: SSL: Stacked error: error:06065064:digital >>> envelope routines:EVP_DecryptFinal_ex:bad decrypt >>> dovecot: imap-login: Fatal: Couldn't parse private ssl_key: >>> error:0906A065:PEM routines:PEM_do_header:bad decrypt >>> >>> However, not using the fille inclusion but directly configuring as follow: >>> ssl_key_password = mypass >>> did work... >>> >> I don't know for sure but maybe its not implemented to load the password >> from a file... >> >> Reading http://wiki2.dovecot.org/SSL/DovecotConfiguration suggests to use >> an extra config file with tightened permissions that only contains the >> "ssl_key_password = $password" configuration directive and include this >> file with "!include_try $file". >> >> That way you could swap that file out automatically when renewing the >> private key. >> >> I am loading my certificate & key with the file inclusion trick... How come >>> cannot I use that for the password file? >>> It would avoid input the password directly into the dovecot configuraiton >>> files, forcing me to change permissions and duplicating it... When >>> renewing >>> the private key I will be force to edit the password at every location. >>> >>> Is it a bug? or a feature? :D >>> --- >>> *B. R.* >>> >> Regards >> christian >> From stephan at rename-it.nl Mon Sep 21 22:25:32 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 22 Sep 2015 00:25:32 +0200 Subject: [Dovecot] Pigeonhole sieve re-filter extension? In-Reply-To: <55FF3026.9050100@igeno-fat.de> References: <5368BCD3.8080604@igeno-fat.de> <5368C20B.6090909@rename-it.nl> <5368C78E.9000107@alec.pl> <53694ACB.5070806@igeno-fat.de> <5369F171.2000709@igeno-fat.de> <536B7A82.5070602@rename-it.nl> <55FF3026.9050100@igeno-fat.de> Message-ID: <560083DC.4030308@rename-it.nl> Op 9/21/2015 om 12:16 AM schreef T.B.: > Hi Stephan Bosch, > any update on this? Unfortunately, no. It is not high up my list at the moment. :/ Regards, Stephan. > > > Regards, > > T.B. > > > Am 08.05.2014 um 14:37 schrieb Stephan Bosch: >> T.B. schreef op 7-5-2014 10:40: >>> I think it would not be a problem to develop a solution to remotely >>> trigger re-filtering for me, myself and I. But that is not the point >>> here. Clients like the Thunderbird Sieve Extension >>> (https://github.com/thsmi/sieve, >>> https://addons.mozilla.org/de/thunderbird/addon/sieve/) or the diverse >>> webmail MUA's will only start implementing such a feature if there is >>> a official draft or specification. >> >> Yes, I agree. >> >>> The whole point of my initiative here is that Managesieve finally >>> becomes the capability to replicate the features the users know from >>> their local client side filtering (Thunderbird, Outlook) which provide >>> the feature of re-filtering. Even big webmail providers like the >>> Global Mail Exchange / GMX here in Germany provide re-filtering in >>> their webgui. >> >> I don't think this should be a ManageSieve feature. ManageSieve >> currently does not need/have access to the user's mailbox. It therefore >> also doesn't have the syntax elements and mechanisms in place to select >> mailboxes and ranges of messages. I think the only sensible place for >> this feature is IMAP. >> >>> I use the sieve-filter tool very often for myself - everytime when I >>> create a new subfolder and create a new fileinto rule, I refilter my >>> Inbox to clean it up and have a consistent subfolder with all old and >>> new mails that are matching the rule. >>> >>> The man page of the sieve-filter tool is 2 and a half years old ;) >>> (http://pigeonhole.dovecot.org/doc/man1/sieve-filter.1.html) >>> Sadly even the Wiki page doesn't mention it directly: >>> http://wiki2.dovecot.org/HowTo/RefilterMail >> >> I haven't received much feedback about this command line tool. So either >> everyone is happy with it, or it is rarely used. :) >> >>> Since the new german Dovecot book (http://www.dovecot-buch.de/) >>> recommends the sieve-filter tool for refiltering, it will get much >>> more attention in the future. >> >> Only from Germans at first, although it will be translated soon I guess. >> >> Anyway, I will give this idea a closer look somewhat soon. The main >> problem with IMAPSieve is not the METADATA support or the other Sieve >> extensions needed for it, it is the atomic nature of the IMAP commands >> for which it is used: either the whole command succeeds or the whole >> command fails. This makes things difficult for the Sieve interpreter, as >> it needs to keep record of what it has done for when a rollback is >> needed. Especially for "redirect" this is a huge pain. >> >> However, as you rightly say, this new feature can be simpler than that. >> It can reduce the atomicity to include only the processing of individual >> messages and e.g. return a response indicating which messages were >> successfully processed. This way, the state at client and server can >> still remain consistent without too much trouble. I think I'll make a >> proof-of-concept first and then condense my experience into a proper >> specification. This can take a while though; there is much Dovecot stuff >> on my list at the moment. >> >> Regards, >> >> Stephan. From stephan at rename-it.nl Mon Sep 21 22:37:30 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 22 Sep 2015 00:37:30 +0200 Subject: sieve_extprograms - run any individual script? In-Reply-To: <55FFF94E.3020907@gmx.de> References: <55FFF94E.3020907@gmx.de> Message-ID: <560086AA.2060001@rename-it.nl> Op 9/21/2015 om 2:34 PM schreef Hajo Locke: > Hello, > > i use sieve extension sieve_extprograms to send incoming mail to some > script. > For security reasons it is needed that script-paths etc. are > registered in dovecot.conf > This is my current dovecot.conf > > plugin { > sieve = ~/.dovecot.sieve > sieve_plugins = sieve_extprograms > sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter > +vnd.dovecot.execute > sieve_pipe_bin_dir = /usr/local/bin/ > sieve_filter_bin_dir = /usr/local/bin/ > } > > .dovecot.sieve example: > > if address "to" "test at example.com" > { > filter "myfilter"; > } Uhh.. you're pointing extprograms to a directory where many programs can be installed by default. That is unwise to put it mildly. Do not allow Sieve to execute random programs like this. Typical use is to point it to a directory of scripts that check their arguments vigorously for malicious use, not common system tools. > This is all working without problems. > Is there a possibility to allow users the execution of individual > scripts in own homepath? Some people need to pipe mails to scripts for > immediately processing (some ticketsystems need this). > Is there a way to make this possible with sieve? It is generally not a good idea to let any user just execute any program they like from Sieve. The LMTP seteuid root privileges are dropped before executing the program, but still... About your question: the extprograms plugin currently supports only one directory for programs. You could use those scripts to execute/include a script in the user's directory, e.g. based on script parameters. You can also set sieve_*_bin_dir from userdb, to make these user-specific. Regards, Stephan. From edgar at pettijohn-web.com Tue Sep 22 01:42:24 2015 From: edgar at pettijohn-web.com (Edgar Pettijohn) Date: Mon, 21 Sep 2015 20:42:24 -0500 Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <20150921174213.A73899@int2.korax.net> References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> <20150921032259.A73899@int2.korax.net> <55FFEDD9.8080203@mcnaughty.com> <20150921134203.F73899@int2.korax.net> <5600717C.9070004@pettijohn-web.com> <20150921174213.A73899@int2.korax.net> Message-ID: <5600B200.3030300@pettijohn-web.com> On 09/21/2015 05:11 PM, Alex Bulan wrote: > On Mon, 21 Sep 2015, Edgar Pettijohn wrote: > >> doveconf -n? > > doveconf -n|grep ssl should suffice: > > ssl = required shouldn't it be: ssl = yes I was only aware of the choice of yes or no here, but I could be wrong. > ssl_ca = ssl_cert = ssl_key = ssl_require_crl = no > > I'm using "ssl_ca = temporary workaround, even though this is not what ssl_ca is for. It > happens to work, at least for now, but this is not a fix. > > ssl_client_ca_file should be used instead, but it has no effect in > proxy mode: > > ssl_client_ca_file = /usr/local/share/certs/ca-root-nss.crt > > This doesn't work either (and the Dovecot Wiki shows it used without > "<"): > > ssl_client_ca_file = > And "ssl_require_crl = no" to silence "unable to get certificate CRL" > log messages. I don't need it to check CRLs on the backend's > certificate chain. From avb at korax.net Tue Sep 22 02:21:11 2015 From: avb at korax.net (Alex Bulan) Date: Mon, 21 Sep 2015 22:21:11 -0400 (EDT) Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <5600B200.3030300@pettijohn-web.com> References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> <20150921032259.A73899@int2.korax.net> <55FFEDD9.8080203@mcnaughty.com> <20150921134203.F73899@int2.korax.net> <5600717C.9070004@pettijohn-web.com> <20150921174213.A73899@int2.korax.net> <5600B200.3030300@pettijohn-web.com> Message-ID: <20150921221920.G73899@int2.korax.net> On Mon, 21 Sep 2015, Edgar Pettijohn wrote: >> ssl = required > > shouldn't it be: > > ssl = yes > > I was only aware of the choice of yes or no here, but I could be wrong. See http://wiki2.dovecot.org/SSL/DovecotConfiguration From marco.fretz at gmail.com Tue Sep 22 06:07:02 2015 From: marco.fretz at gmail.com (Marco Fretz) Date: Tue, 22 Sep 2015 08:07:02 +0200 Subject: Multiple passwords for a user (SQL) In-Reply-To: <5432AB3D.8010306@gmail.com> References: <54325A74.4030507@gmail.com> <5432AB3D.8010306@gmail.com> Message-ID: <5600F006.20304@gmail.com> I managed to write a ugly but working checkpassword script for dovecot, having multiple passwords for a user. But now I found this: https://github.com/dweuthen/roundcube-application_passwords I think this is the better way to go. the crypt passwords are the biggest problem because you need the stored hash to generate the input hash. I know this is safer, but in my opinion SHA2 or what ever is best available hash in mysql something should do it as well. having application passwords is a bigger security advantage than having stronger hashes in the database. correct me if I'm wrong :-) best regards Marco On 06.10.2014 16:46, Marco Fretz wrote: > > Thank you Steffen, > > This sounds like a plan. checkpassword looks quite simple to use and I > could still use default userdb with dovecot-sql for userhome, quota, etc. > I'll give this a try. > > thanks > Marco > > Am 06.10.2014 13:52, schrieb Steffen Kaiser: > > On Mon, 6 Oct 2014, Marco Fretz wrote: > > >> corresponding user in the users table - one use has many passwords > (1:n). > >> for dovecot this means that it will get multiple rows with passwords > >> back from the "password_query". is there a way to tell dovecot to check > >> all those returned passwords and "pass" the request if one of those > >> passwords match? > > > I think no, but you could craft a PAM module and use the pam passdb or > supply a checkpassword script: > > > http://wiki2.dovecot.org/PasswordDatabase > > > -- Steffen Kaiser > From skdovecot at smail.inf.fh-brs.de Tue Sep 22 06:38:23 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 22 Sep 2015 08:38:23 +0200 (CEST) Subject: Can't receive email In-Reply-To: <20150920122057.5484629.20488.10927@lazygranch.com> References: <20150920122057.5484629.20488.10927@lazygranch.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 20 Sep 2015, lists at lazygranch.com wrote: > No problem sending email, but I can't receive email. Diagnostics follow: this is a pretty unspecific information. At which stage the message is stuck and not delivered to Dovecot? Which MTA do you use and how is it configurated? Or are the messages delivered to Dovecot and are spooled into the mail storage? > a login user at domain.com password > a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE] Logged in > b select inbox > * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) > * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. > * 9 EXISTS > * 1 RECENT > * OK [UNSEEN 9] First unseen. > * OK [UIDVALIDITY 1439944213] UIDs valid > * OK [UIDNEXT 10] Predicted next UID > * OK [HIGHESTMODSEQ 2] Highest > b OK [READ-WRITE] Select completed (0.017 secs). > c list "" * > * LIST (\HasNoChildren \Trash) "." Trash > * LIST (\HasNoChildren) "." Queue > * LIST (\HasNoChildren \Sent) "." Sent > * LIST (\HasNoChildren \Drafts) "." Drafts > * LIST (\HasNoChildren) "." INBOX > c OK List completed (0.001 secs). > d lsub "" * > * LSUB (\Trash) "." Trash > * LSUB () "." Queue > * LSUB (\Sent) "." Sent > * LSUB (\Drafts) "." Drafts > d OK Lsub completed (0.003 secs). > e logout > * BYE Logging out > e OK Logout completed. So you can login into Dovecot and query status information, your client did not tried to fetch any message. > closed > --------------------------------------- > from dovecot.log > Sep 19 23:35:13 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [xxx.xxx.xxx.xxx] > Sep 19 23:35:13 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [xxx.xxx.xxx.xxx] > Sep 19 23:35:13 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [xxx.xxx.xxx.xxx] > Sep 19 23:35:13 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth > Sep 19 23:35:13 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat > Sep 19 23:35:13 auth: Debug: passwd-file /usr/local/etc/dovecot/users: Read 2 users in 0 secs > Sep 19 23:35:13 auth: Debug: auth client connected (pid=1698) > Sep 19 23:38:13 imap-login: Info: Disconnected: Inactivity (no auth attempts in 180 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS handshaking, session= > -------------------------------- The client connected to Dovecot, but did not sent any authentification information. > # dovecot -n > # 2.2.18: /usr/local/etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.8 (0c4ae064f307+) > # OS: FreeBSD 10.1-RELEASE-p19 amd64 > auth_debug = yes > auth_debug_passwords = yes > auth_verbose = yes > log_path = /var/log/dovecot.log > mail_debug = yes > mail_gid = 1003 > mail_home = /var/mail/vhosts/%d/%n > mail_location = maildir:~ > mail_privileged_group = vpostfix > mail_uid = 1003 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users > driver = passwd-file > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > group = postfix > mode = 0600 > user = postfix > } > } > ssl_cert = ssl_key = userdb { > args = username_format=%u /usr/local/etc/dovecot/users > driver = passwd-file > } > verbose_ssl = yes > # > -------------------------- > # dovecot --version > 2.2.18? > ? > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVgD3X3z1H7kL/d9rAQKnTQgAh5hfO/5N8nFHWcFl8TjYLcOdEA3rBHRH e3thIrGzLM3pWyPTPPQ9mMAZZbDP2ZuZuYxiwIb09gtCS387GXFWCYYa4uMfuQdP whNBl0+zRDIFrWl9Rh5SYAfeDrr2xmBQuAtn1Wsdp5xiYFL0cZYsb7vkNzildvJT /aND0FXWev8UDlm4vcPVTa2yS4y4ZVxi2veYiwyemRsoMxKtIX6TzNWIK8UjvMMr cyc2D3VGEAc/90OSIuMlCBToMUZvk0S5XJJl9tDtEKNnAmejkvqHlWETNkgxXDjd wMHjv0nUJqrGFO8+NuYPhrLOpzqKOxl5+hYXyyfcw0VFkqHBbmku8g== =8rp/ -----END PGP SIGNATURE----- From Hajo.Locke at gmx.de Tue Sep 22 09:04:16 2015 From: Hajo.Locke at gmx.de (Hajo Locke) Date: Tue, 22 Sep 2015 11:04:16 +0200 Subject: sieve_extprograms - run any individual script? In-Reply-To: <560086AA.2060001@rename-it.nl> References: <55FFF94E.3020907@gmx.de> <560086AA.2060001@rename-it.nl> Message-ID: <56011990.40007@gmx.de> Hello, Am 22.09.2015 um 00:37 schrieb Stephan Bosch: > Op 9/21/2015 om 2:34 PM schreef Hajo Locke: >> Hello, >> >> i use sieve extension sieve_extprograms to send incoming mail to some >> script. >> For security reasons it is needed that script-paths etc. are >> registered in dovecot.conf >> This is my current dovecot.conf >> >> plugin { >> sieve = ~/.dovecot.sieve >> sieve_plugins = sieve_extprograms >> sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter >> +vnd.dovecot.execute >> sieve_pipe_bin_dir = /usr/local/bin/ >> sieve_filter_bin_dir = /usr/local/bin/ >> } >> >> .dovecot.sieve example: >> >> if address "to" "test at example.com" >> { >> filter "myfilter"; >> } > Uhh.. you're pointing extprograms to a directory where many programs can > be installed by default. That is unwise to put it mildly. Do not allow > Sieve to execute random programs like this. Typical use is to point it > to a directory of scripts that check their arguments vigorously for > malicious use, not common system tools. We use some global scripts for mail-processing which are located in /usr/local/bin/ Just a bunch of scripts is available, others are blocked by chmod+apparmor. Users cant upload own scripts to /usr/local/bin > >> This is all working without problems. > >> Is there a possibility to allow users the execution of individual >> scripts in own homepath? Some people need to pipe mails to scripts for >> immediately processing (some ticketsystems need this). >> Is there a way to make this possible with sieve? > It is generally not a good idea to let any user just execute any program > they like from Sieve. The LMTP seteuid root privileges are dropped > before executing the program, but still... I dont see the big problem here. we migrating from mbox to mdbox and by the way we have to switch from procmail to sieve. procmail is a dinosaur but reliable. starting scripts etc. all is possible. procmail/sieve are running with userprivileges. Our users cant reach other mailboxes/useraccounts, additional we use apparmor to prevent curious OS-access. may be 0.5 or 1% of users want to use individual scripts but in a hosting company it is not easy to tell that long time used technics get abolished. Complete disabling to run individual scripts may be good for standard-users, but admins should not be restricted without chance of change. > > About your question: the extprograms plugin currently supports only one > directory for programs. You could use those scripts to execute/include a > script in the user's directory, e.g. based on script parameters. You can > also set sieve_*_bin_dir from userdb, to make these user-specific. We already use plenty userdb settings. i will try to add sieve_*bin_dir, but it seems of cost of our global-scripts in /usr/local/bin/ . > > Regards, > > Stephan. > Thanks, Hajo From tss at iki.fi Tue Sep 22 10:50:55 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 22 Sep 2015 13:50:55 +0300 Subject: 2.2.18 Regression: Incorrect STATUS response for virtual mailboxes In-Reply-To: <20150915160845.GA7037@localhost> References: <20150915160845.GA7037@localhost> Message-ID: <8BCC6AC7-D399-44B0-A0BF-50060D950EDE@iki.fi> On 15 Sep 2015, at 19:08, Guilhem Moulin wrote: > > As shown below, adding a message to TRASH doesn't increase > virtual/test's MESSAGES count. However SELECTing virtual/test triggers > the increase; so does running `doveadm mailbox status vsize > virtual/test` in another shell. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/587226389203 A workaround would be to use mailbox_list_index=no From tss at iki.fi Tue Sep 22 11:05:33 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 22 Sep 2015 14:05:33 +0300 Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <20150921174213.A73899@int2.korax.net> References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> <20150921032259.A73899@int2.korax.net> <55FFEDD9.8080203@mcnaughty.com> <20150921134203.F73899@int2.korax.net> <5600717C.9070004@pettijohn-web.com> <20150921174213.A73899@int2.korax.net> Message-ID: <93C8185A-2373-4D67-B416-CF0D7906EF26@iki.fi> On 22 Sep 2015, at 01:11, Alex Bulan wrote: > > On Mon, 21 Sep 2015, Edgar Pettijohn wrote: > >> doveconf -n? > > doveconf -n|grep ssl should suffice: > > ssl = required > ssl_ca = ssl_cert = ssl_key = ssl_require_crl = no > > I'm using "ssl_ca = > ssl_client_ca_file should be used instead, but it has no effect in proxy mode: Yeah. The ssl_client_ca_file was implemented later than the SSL proxying code. I think this may be something that needs to wait for v2.3 to get fixed. v2.3 hopefully removes the duplicated ssl code and uses lib-ssl-iostream for proxying also, which makes this easier to implement. From avb at korax.net Tue Sep 22 19:01:20 2015 From: avb at korax.net (Alex Bulan) Date: Tue, 22 Sep 2015 15:01:20 -0400 (EDT) Subject: Dovecot proxy ignores trusted root certificate store In-Reply-To: <93C8185A-2373-4D67-B416-CF0D7906EF26@iki.fi> References: <20150921013013.N73899@int2.korax.net> <2bdca7b7ae4de3ed3fd92d1b1bd68a2d@valo.at> <20150921032259.A73899@int2.korax.net> <55FFEDD9.8080203@mcnaughty.com> <20150921134203.F73899@int2.korax.net> <5600717C.9070004@pettijohn-web.com> <20150921174213.A73899@int2.korax.net> <93C8185A-2373-4D67-B416-CF0D7906EF26@iki.fi> Message-ID: <20150922145334.I73899@int2.korax.net> On Tue, 22 Sep 2015, Timo Sirainen wrote: > Yeah. The ssl_client_ca_file was implemented later than the SSL proxying > code. I think this may be something that needs to wait for v2.3 to get > fixed. v2.3 hopefully removes the duplicated ssl code and uses > lib-ssl-iostream for proxying also, which makes this easier to > implement. Thanks, Timo. I'll use the ssl_ca workaround for now. From krzf83 at gmail.com Wed Sep 23 12:53:17 2015 From: krzf83 at gmail.com (krzf83@gmail.com ) Date: Wed, 23 Sep 2015 14:53:17 +0200 Subject: bug - over system quota and dovecot-uidlist Message-ID: Ever since I've migraded from courier pop3 to dovecot pop3 I'm constantly getting complains from users that went over system quota for short while and then their pop3 client downloads all messages again. I never happened with courier pop3. I think that dovecot does not handle dovecot-uidlist file safely so it can withstand such situations. rsync and other similar programs always writes to a copy of the file like dovecot-uidlis.xcb453 and on success unlinks old file and renames new one. Dovecot should not assume that write operation on dovecot-uidlist will succeed. Yes, I know I can put metadata like dovecot-uidlist somewhere else, on another partition but that really splits mailbox into multiple locations making for example backups way harder to make, restore, share etc. From tss at iki.fi Wed Sep 23 13:19:14 2015 From: tss at iki.fi (Timo Sirainen) Date: Wed, 23 Sep 2015 16:19:14 +0300 Subject: bug - over system quota and dovecot-uidlist In-Reply-To: References: Message-ID: <5602A6D2.3070305@iki.fi> On 09/23/2015 03:53 PM, krzf83 at gmail.com wrote: > Ever since I've migraded from courier pop3 to dovecot pop3 I'm > constantly getting complains from users that went over system quota > for short while and then their pop3 client downloads all messages > again. I never happened with courier pop3. I think that dovecot does > not handle dovecot-uidlist file safely so it can withstand such > situations. > rsync and other similar programs always writes to a copy of the file > like dovecot-uidlis.xcb453 and on success unlinks old file and renames > new one. Dovecot should not assume that write operation on > dovecot-uidlist will succeed. Dovecot doesn't assume that either. I don't know what exactly the problem is here, maybe some small mistake or maybe something larger that can't be fixed, but I'm sure it's not because Dovecot assumes that writes are succeeding. I don't unfortunately have time to debug it myself. The main reason why I haven't bothered even trying to support this use case is that there's no way to handle this 100% correctly and safely for IMAP (although I suppose you could get away with it working nearly always, and for POP3 it could be made to work 100% correctly). From tss at iki.fi Wed Sep 23 13:30:00 2015 From: tss at iki.fi (Timo Sirainen) Date: Wed, 23 Sep 2015 16:30:00 +0300 Subject: v2.2.19 release candidate released Message-ID: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz.sig A lot of changes since v2.2.18, so here's a release candidate first. If no bugs are reported, I'm planning on making the final release sometimes this week. The most interesting new features here are the imap-hibernate process, quota count backend and director/proxy improvements. * "doveadm director flush" command has a changed meaning now: It safely moves users to their wanted backends, instead of simply forgetting the mapping entirely and leaving the existing connections untouched. Use -F parameter to get the original unsafe behavior. + Added support for imap-hiberanate processes. + Optimized tracking mailboxes' vsizes (= sum of all messages' size). If mailbox_list_index=yes, it's also stored in there. This makes it very efficient to look up vsizes for all mailboxes. + Added a quota "count" backend, which uses the mailbox vsizes to get the current quota usage. It requires using the new quota_vsizes=yes setting, which tracks the messages' "virtual sizes" rather than "physical sizes". Their distiction is minor and mostly irrelevant nowadays (if mail sizes should be counted with LF or CRLF newlines). + "doveadm director up/down" commands added. The monitoring script should be using these commands instead of changing the vhost count. This allows admin to manually disable a server by changing the vhost count to 0 without the monitoring script changing it back. + Added support for HAProxy protocol: http://wiki2.dovecot.org/HAProxy + Added push-notification plugin framework, which can be used to easily implement push notifications to various backends. Implemented "ox" backend for notifying Open-Xchange via HTTP/json. + imap_logout_format supports more variables now, e.g. number of deleted messages. + pop3: Added pop3_delete_type setting (related to pop3_deleted_flag). + plugin { fts_enforced=yes } setting now fails body searches unless it can be done via the full text search engine. + Added %{passdb:*} and %{userdb:*} variables to various places + auth: Added ":protected" suffix for passdb and userdb fields. If used, the field doesn't overwrite an existing field. + IMAP/POP3 proxy: If a backend server dies, avoid client reconnection spikes by slowly disconnecting clients over time. This is enabled by setting login_proxy_max_disconnect_delay=secs passdb extra field. + imap: Added new read-only METADATA entries: /private/specialuse, /shared/comment, /shared/admin + imap: If client disconnects in the middle of a command, log how long the command had been running. - mdbox: Rebuilding could have caused message's reference count to overflow the 16bit number in some situations, causing problems when trying to expunge the duplicates. - Various search fixes (fts, solr, tika, lib-charset, indexer) - Various virtual plugin fixes - Various fixes and optimizations to dsync, imapc and pop3-migration - imap: Various RFC compliancy and crash fixes to NOTIFY From marcin at mejor.pl Wed Sep 23 14:24:07 2015 From: marcin at mejor.pl (=?UTF-8?Q?Marcin_Miros=c5=82aw?=) Date: Wed, 23 Sep 2015 16:24:07 +0200 Subject: [dovecot-2.2.18] dsync error: Error: Can't delete mailbox INBOX: INBOX can't be deleted. Problem with name of folders? Message-ID: <5602B607.2090005@mejor.pl> Hi All! I'm also hitted by this problem. I'm trying to migrate emails from very old dbmail to dovecot (maildir). I read old threads with similar problem but I found only such solutions: - upgrade to 2.2.13 - workarround : use imapsync - no solution I'd like to not use imapsync, have you got an idea what should I do to do migration successfully? dsync throws: doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib15_notify_plugin.so doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib20_fts_plugin.so doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib20_listescape_plugin.so doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib20_mail_log_plugin.so doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib20_zlib_plugin.so doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib21_fts_squat_plugin.so doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib90_stats_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot/doveadm doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: exp ire_set_init (this is usually intentional, so just ignore this message) doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_sieve_plugin.so doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so doveadm(example.user at example.com): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 doveadm(example.user at example.com): Debug: Effective uid=999, gid=999, home=/data/poczta/skrzynki/example.com/example.user doveadm(example.user at example.com): Debug: Quota root: name=User quota backend=dict args=:proxy::quota doveadm(example.user at example.com): Debug: Quota rule: root=User quota mailbox=* bytes=104857600 messages=0 doveadm(example.user at example.com): Debug: Quota rule: root=User quota mailbox=Trash bytes=+104857600 messages=0 doveadm(example.user at example.com): Debug: Quota warning: bytes=89128960 (85%) messages=0 reverse=no command=quota-warning 85 example.user at example.com doveadm(example.user at example.com): Debug: Quota grace: root=User quota bytes=10485760 (10%) doveadm(example.user at example.com): Debug: dict quota: user=example.user at example.com, uri=proxy::quota, noenforcing=0 doveadm(example.user at example.com): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=imapc: doveadm(example.user at example.com): Debug: imapc(source-imap-server:144): Looking up IP address doveadm(example.user at example.com): Debug: imapc(source-imap-server:144): Connecting to 192.168.1.202:144 doveadm(example.user at example.com): Debug: imapc(source-imap-server:144): Server capabilities: IMAP4 IMAP4rev1 AUTH=LOGIN ACL NAMESPACE SORT CHILDREN QUOTA doveadm(example.user at example.com): Debug: imapc(source-imap-server:144): Authenticating as example.user at example.com doveadm(example.user at example.com): Debug: imapc(source-imap-server:144): Authenticated successfully doveadm(example.user at example.com): Debug: imapc: root=, index=, indexpvt=, control=, inbox=, alt= doveadm(example.user at example.com): Debug: fts: Indexes disabled for namespace '' doveadm(example.user at example.com): Debug: acl: initializing backend with data: vfile:/data/poczta/acl/global-acls:cache_secs=60 doveadm(example.user at example.com): Debug: acl: acl username = example.user at example.com doveadm(example.user at example.com): Debug: acl: owner = 1 doveadm(example.user at example.com): Debug: acl vfile: Global ACL legacy directory: /data/poczta/acl/global-acls doveadm(example.user at example.com): Debug: Namespace : type=shared, prefix=shared/%n/, sep=, inbox=no, hidden=no, list=yes, subscriptions=yes location=maildir:%h/.mail dir:INDEX=/data/poczta/indeksy/shared/example.com/example.user doveadm(example.user at example.com): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= doveadm(example.user at example.com): Debug: fts: Indexes disabled for namespace 'shared/%n/' doveadm(example.user at example.com): Debug: acl: initializing backend with data: vfile:/data/poczta/acl/global-acls:cache_secs=60 doveadm(example.user at example.com): Debug: acl: acl username = example.user at example.com doveadm(example.user at example.com): Debug: acl: owner = 0 doveadm(example.user at example.com): Debug: acl vfile: Global ACL legacy directory: /data/poczta/acl/global-acls doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/ not found doveadm(example.user at example.com): Debug: Namespace : Using permissions from : mode=0700 gid=default doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX.Trash not found doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX.Sent not found doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX.Junk not found doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX.Drafts not found doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX not found doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/Total Wellbeing App not found doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/Philipiak not found doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/Nexto not found doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/Inne not found doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/IMGW not found doveadm(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/E-pasa? wizyt?wki not found dsync(example.user at example.com): Debug: Effective uid=999, gid=999, home=/data/poczta/skrzynki/example.com/example.user dsync(example.user at example.com): Debug: Quota root: name=User quota backend=dict args=:proxy::quota dsync(example.user at example.com): Debug: Quota rule: root=User quota mailbox=* bytes=104857600 messages=0 dsync(example.user at example.com): Debug: Quota rule: root=User quota mailbox=Trash bytes=+104857600 messages=0 dsync(example.user at example.com): Debug: Quota warning: bytes=89128960 (85%) messages=0 reverse=no command=quota-warning 85 example.user at example.com dsync(example.user at example.com): Debug: Quota grace: root=User quota bytes=10485760 (10%) dsync(example.user at example.com): Debug: dict quota: user=example.user at example.com, uri=proxy::quota, noenforcing=0 dsync(example.user at example.com): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/data/poczta/skrzynki/example.com/example.user/.maildir/:INDEX=/data/poczta/indeksy/example.com/example.user dsync(example.user at example.com): Debug: maildir++: root=/data/poczta/skrzynki/example.com/example.user/.maildir, index=/data/poczta/indeksy/example.com/example.user, indexpvt=, control=, inbox=/data/poczta/skrzynki/example.com/example.user/.maildir, alt= dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: Namespace : Using permissions from /data/poczta/skrzynki/example.com/example.user/.maildir: mode=0700 gid=default dsync(example.user at example.com): Debug: acl: initializing backend with data: vfile:/data/poczta/acl/global-acls:cache_secs=60 dsync(example.user at example.com): Debug: acl: acl username = example.user at example.com dsync(example.user at example.com): Debug: acl: owner = 1 dsync(example.user at example.com): Debug: acl vfile: Global ACL legacy directory: /data/poczta/acl/global-acls dsync(example.user at example.com): Debug: Namespace : type=shared, prefix=shared/%n/, sep=, inbox=no, hidden=no, list=yes, subscriptions=yes location=maildir:%h/.maildir:INDEX=/data/poczta/indeksy/shared/example.com/example.user dsync(example.user at example.com): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= dsync(example.user at example.com): Debug: fts: Indexes disabled for namespace 'shared/%n/' dsync(example.user at example.com): Debug: acl: initializing backend with data: vfile:/data/poczta/acl/global-acls:cache_secs=60 dsync(example.user at example.com): Debug: acl: acl username = example.user at example.com dsync(example.user at example.com): Debug: acl: owner = 0 dsync(example.user at example.com): Debug: acl vfile: Global ACL legacy directory: /data/poczta/acl/global-acls dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/ not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/dovecot-acl not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/Junk not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.Junk/dovecot-acl not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/Trash not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.Trash/dovecot-acl not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/Archive not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.Archive/dovecot-acl not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/Sent not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.Sent/dovecot-acl not found dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX guid=c92f64f79f0d1ed01e6d5b314f04886c uid_validity=13783 uid_next=34894281 subs=no last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX/E-pasa? wizyt?wki guid=5d360d682d48c1090150341143cf6fad uid_validity=13841 uid_next=3489428 1 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX/IMGW guid=5849136be8a03ed13bf8f9d41910d7f8 uid_validity=13805 uid_next=34894281 subs=yes la st_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX guid=c92f64f79f0d1ed01e6d5b314f04886c uid_validity=13783 uid_next=34894281 subs=no last_ch ange=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX/E-pasa? wizyt?wki guid=5d360d682d48c1090150341143cf6fad uid_validity=13841 uid_next=348942 81 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX/IMGW guid=5849136be8a03ed13bf8f9d41910d7f8 uid_validity=13805 uid_next=34894281 subs=yes l ast_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX/Inne guid=5eb05c4811720cdf3d9f5352dc994fac uid_validity=13804 uid_next=34894281 subs=yes la st_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX/Inne guid=5eb05c4811720cdf3d9f5352dc994fac uid_validity=13804 uid_next=34894281 subs=yes l ast_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX/Nexto guid=d467b829b0cc91ac4eb975715889bd31 uid_validity=13806 uid_next=34894281 subs=yes l ast_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX/Nexto guid=d467b829b0cc91ac4eb975715889bd31 uid_validity=13806 uid_next=34894281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX/Philipiak guid=790024d6afa83b393825d00df73b516d uid_validity=13913 uid_next=34894281 subs=y es last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX/Philipiak guid=790024d6afa83b393825d00df73b516d uid_validity=13913 uid_next=34894281 subs= yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX/Total Wellbeing App guid=2baa2fed3be5624bc399327558327e3e uid_validity=13818 uid_next=34894 281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX/Total Wellbeing App guid=2baa2fed3be5624bc399327558327e3e uid_validity=13818 uid_next=3489 4281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX.Drafts guid=004ef77f6a9c3669bcb43012f3a43855 uid_validity=13784 uid_next=34894281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX.Drafts guid=004ef77f6a9c3669bcb43012f3a43855 uid_validity=13784 uid_next=34894281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX.Junk guid=4849549b42c9c7de02f5e49cfa8ae258 uid_validity=13786 uid_next=34894281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX.Junk guid=4849549b42c9c7de02f5e49cfa8ae258 uid_validity=13786 uid_next=34894281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX.Sent guid=7d3c7eaa71cdf47ee8a1192687cda8cd uid_validity=13785 uid_next=34894281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX.Sent guid=7d3c7eaa71cdf47ee8a1192687cda8cd uid_validity=13785 uid_next=34894281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain M: Local mailbox tree: INBOX.Trash guid=b36f688eae08506001091708006abe5a uid_validity=13787 uid_next=34894281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: brain S: Remote mailbox tree: INBOX.Trash guid=b36f688eae08506001091708006abe5a uid_validity=13787 uid_next=34894281 subs=yes last_change=0 last_subs=0 dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/ not found dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.E-pasa&AXw- wizyt&APM-wki doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/dovecot-acl not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/E-pasa? wizyt?wki not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.E-pasa&AXw- wizyt&APM-wki/dovecot-acl not found dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.IMGW doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/dovecot-acl not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/IMGW not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.IMGW/dovecot-acl not found dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.Inne doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/dovecot-acl not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/Inne not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.Inne/dovecot-acl not found dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.Nexto doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/dovecot-acl not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/Nexto not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.Nexto/dovecot-acl not found dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.Philipiak doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/dovecot-acl not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/Philipiak not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.Philipiak/dovecot-acl not found dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.Total Wellbeing App doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/dovecot-acl not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX/Total Wellbeing App not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX.Total Wellbeing App/dovecot-acl not found dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX\2eDrafts doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: Namespace : Using permissions from /data/poczta/skrzynki/example.com/example.user/.maildir: mode=0700 gid=default dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/ not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX.Drafts not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX\2eDrafts/dovecot-acl not found dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX\2eJunk doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: Namespace : Using permissions from /data/poczta/skrzynki/example.com/example.user/.maildir: mode=0700 gid=default dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/ not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX.Junk not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX\2eJunk/dovecot-acl not found dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX\2eSent doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: Namespace : Using permissions from /data/poczta/skrzynki/example.com/example.user/.maildir: mode=0700 gid=default dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/ not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX.Sent not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX\2eSent/dovecot-acl not found dsync(example.user at example.com): Debug: Namespace : /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX\2eTrash doesn't exist yet, using default permissions dsync(example.user at example.com): Debug: Namespace : Using permissions from /data/poczta/skrzynki/example.com/example.user/.maildir: mode=0700 gid=default dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/ not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX.Trash not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/.INBOX\2eTrash/dovecot-acl not found dsync(example.user at example.com): Debug: brain M: Remote mailbox tree deletion: guid=723d36276ba602567e720000b2e75159 type=mailbox timestamp=1443014289 name= local update=not found dsync(example.user at example.com): Debug: brain M: Remote mailbox tree deletion: guid=2621c6fd51a58e1d1d5c491aac714886 type=dir timestamp=1443014289 name= local update=not found dsync(example.user at example.com): Debug: brain M: Remote mailbox tree deletion: guid=703d36276ba602567e720000b2e75159 type=mailbox timestamp=1443014289 name= local update=not found dsync(example.user at example.com): Debug: brain M: Remote mailbox tree deletion: guid=86c7d94c87680557f26fcb26843f739f type=dir timestamp=1443014289 name= local update=not found dsync(example.user at example.com): Debug: brain M: Remote mailbox tree deletion: guid=733d36276ba602567e720000b2e75159 type=mailbox timestamp=1443014289 name= local update=not found dsync(example.user at example.com): Debug: brain M: Remote mailbox tree deletion: guid=35f49dcfbfb2e03fdce327671e82bf17 type=dir timestamp=1443014289 name= local update=not found dsync(example.user at example.com): Debug: brain M: Remote mailbox tree deletion: guid=713d36276ba602567e720000b2e75159 type=mailbox timestamp=1443014289 name= local update=not found dsync(example.user at example.com): Debug: brain M: Remote mailbox tree deletion: guid=e3bf62bb7f5af7ba291b2df1a11d573b type=dir timestamp=1443014289 name= local update=not found dsync(example.user at example.com): Debug: doveadm-sieve: Iterating Sieve mailbox attributes dsync(example.user at example.com): Debug: sieve: Pigeonhole version 0.4.5 (b7754774631d+) initializing dsync(example.user at example.com): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. dsync(example.user at example.com): Debug: sieve: file storage: Using script storage path: /data/poczta/skrzynki/example.com/example.user/sieve dsync(example.user at example.com): Debug: sieve: file storage: Using active Sieve script path: /data/poczta/skrzynki/example.com/example.user/.dovecot.sieve dsync(example.user at example.com): Debug: sieve: file storage: Relative path to sieve storage in active link: sieve/ dsync(example.user at example.com): Debug: sieve: file storage: Using permissions from /data/poczta/skrzynki/example.com/example.user/sieve: mode=0700 gid=-1 dsync(example.user at example.com): Debug: sieve: file storage: sync: Synchronization active dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX not found dsync(example.user at example.com): Warning: Deleting mailbox 'INBOX': UID=34841186 GUID= is missing locally dsync(example.user at example.com): Debug: brain S: Import INBOX: Import change GUID= UID=34841186 hdr_hash=ec96ee09dfd0dda2cdf5e3eabaf86dfd result=Reverting local change by deleting mailbox - No more local mails found dsync(example.user at example.com): Debug: brain S: Import INBOX: Saved UIDs: dsync(example.user at example.com): Debug: doveadm-sieve: Iterating Sieve mailbox attributes dsync(example.user at example.com): Debug: sieve: Pigeonhole version 0.4.5 (b7754774631d+) initializing dsync(example.user at example.com): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. dsync(example.user at example.com): Debug: sieve: file storage: Using script storage path: /data/poczta/skrzynki/example.com/example.user/sieve dsync(example.user at example.com): Debug: sieve: file storage: Using active Sieve script path: /data/poczta/skrzynki/example.com/example.user/.dovecot.sieve dsync(example.user at example.com): Debug: sieve: file storage: Relative path to sieve storage in active link: sieve/ dsync(example.user at example.com): Debug: sieve: file storage: Using permissions from /data/poczta/skrzynki/example.com/example.user/sieve: mode=0700 gid=-1 dsync(example.user at example.com): Debug: sieve: file storage: sync: Synchronization active dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/acl/global-acls/INBOX not found dsync(example.user at example.com): Debug: acl vfile: file /data/poczta/skrzynki/example.com/example.user/.maildir/dovecot-acl not found dsync(example.user at example.com): Error: Couldn't delete mailbox INBOX: INBOX can't be deleted. dsync(example.user at example.com): Debug: imapc(source-imap-server:144): Disconnected doveadm conf -n: # 2.2.18: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.8 (0c4ae064f307+) # OS: Linux 3.18.12-gentoo x86_64 Gentoo Base System release 2.2 auth_cache_size = 64 k auth_cache_ttl = 10 mins auth_master_user_separator = * auth_mechanisms = plain login default_vsz_limit = 512 M deliver_log_format = msgid=%m: from=%f: phys=%p: virt=%w %$ dict { lastlogin = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext quota = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_gid = 999 first_valid_uid = 999 last_valid_gid = 999 last_valid_uid = 999 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * mail_gid = 999 mail_location = maildir:~/.maildir:INDEX=/data/poczta/indeksy/%d/%n mail_log_prefix = "%s(%u) <%{session}>: " mail_plugins = acl fts fts_squat listescape quota notify mail_log stats zlib mail_prefetch_count = 50 mail_temp_dir = /data/poczta/tmp mail_uid = 999 mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate namespace { location = maildir:%%h/.maildir:INDEX=/data/poczta/indeksy/shared/%d/%n prefix = shared/%%n/ type = shared } namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Archives { special_use = \Archive } mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } mailbox Wiadomo?ci-?mieci { special_use = \Junk } mailbox Wiadomo&AVs-ci-&AVs-mieci { special_use = \Junk } prefix = separator = / } passdb { driver = pam master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/data/poczta/acl/global-acls:cache_secs=60 acl_shared_dict = file:/data/poczta/acl/shared-mailboxes.db antispam_backend = spool2dir antispam_debug_target = syslog antispam_pipe_tmpdir = /tmp antispam_spam_pattern_ignorecase = SPAM;Junk antispam_spool2dir_notspam = /data/poczta/tmp/spamspool/%u__%%020lu-%%05lu___ham antispam_spool2dir_spam = /data/poczta/tmp/spamspool/%u__%%020lu-%%05lu___spam antispam_trash_pattern_ignorecase = trash;Deleted * antispam_verbose_debug = 1 fts = squat fts_squat = partial=4 full=10 last_login_dict = proxy::lastlogin last_login_key = lastlogin/%u/%s/%r listescape_char = \ quota = dict:User quota::proxy::quota quota_rule2 = Trash:storage=+100M quota_warning = storage=85%% quota-warning 85 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_default = /etc/dovecot/sieve/sieve_default_spam-to-junk.sieve stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 1M stats_refresh = 30 s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } postmaster_address = postmaster at example2.com protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth-worker { user = root } service auth { unix_listener auth-client { group = mail mode = 0660 } unix_listener auth-userdb { mode = 0777 } } service dict { unix_listener dict { group = poczta mode = 0660 } } service lmtp { inet_listener lmtp { address = 192.168.1.198 port = 24 } } service quota-warning { executable = script /data/poczta/bin/quota-warning.sh unix_listener quota-warning { group = poczta mode = 01224 } user = poczta } service stats { fifo_listener stats-mail { group = poczta mode = 0660 } } ssl_cert = References: <5602B607.2090005@mejor.pl> Message-ID: <5602C0D0.5050909@mejor.pl> With dovecot-2.2.19.rc1 still have this error. From marcin at mejor.pl Wed Sep 23 15:26:43 2015 From: marcin at mejor.pl (=?UTF-8?Q?Marcin_Miros=c5=82aw?=) Date: Wed, 23 Sep 2015 17:26:43 +0200 Subject: v2.2.19 release candidate released In-Reply-To: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> Message-ID: <5602C4B3.10800@mejor.pl> W dniu 23.09.2015 o 15:30, Timo Sirainen pisze: > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz.sig > > A lot of changes since v2.2.18, so here's a release candidate first. If no bugs are reported, I'm planning on making the final release sometimes this week. The most interesting new features here are the imap-hibernate process, quota count backend and director/proxy improvements. Hi! I'm seeing: Sep 23 17:23:43 mail dovecot: dict: Panic: file driver-pgsql.c: line 463 (do_query): assertion failed: (SQL_DB_IS_READY(&db->api)) Sep 23 17:23:43 mail dovecot: dict: Fatal: master: service(dict): child 23430 killed with signal 6 (core dumped) Sep 23 17:23:43 mail dovecot: dict: Panic: file driver-pgsql.c: line 463 (do_query): assertion failed: (SQL_DB_IS_READY(&db->api)) Sep 23 17:23:43 mail dovecot: dict: Fatal: master: service(dict): child 23321 killed with signal 6 (core dumped) # gdb -q /usr/libexec/dovecot/dict 'core-1443021920-97-6-!usr!libexec!dovecot!dict-23764' Reading symbols from /usr/libexec/dovecot/dict...Reading symbols from /usr/lib64/debug//usr/libexec/dovecot/dict.debug...done. done. [New LWP 23764] warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `dovecot/dict'. Program terminated with signal SIGABRT, Aborted. #0 0x00007f2623e6d096 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55 55 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007f2623e6d096 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55 #1 0x00007f2623e6e680 in __GI_abort () at abort.c:89 #2 0x00007f26244918dd in default_fatal_finish (type=LOG_TYPE_PANIC, status=status at entry=0) at failures.c:201 #3 0x00007f2624491a31 in i_internal_fatal_handler (ctx=0x7fffb4a422f0, format=, args=) at failures.c:670 #4 0x00007f262442ca1e in i_panic (format=format at entry=0x7f262492c5c8 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:275 #5 0x00007f26249240b6 in sql_dict_transaction_has_nonexistent (ctx=0x7f2625e7bca0) at dict-sql.c:720 #6 0x00007f26249240f3 in sql_dict_transaction_commit_callback (error=, ctx=0x7f2625e7bca0) at dict-sql.c:734 #7 0x00007f262492844f in driver_sqlpool_commit_callback (error=, ctx=0x7f2625e726a0) at driver-sqlpool.c:720 #8 0x00007f262492a60f in transaction_commit_callback (result=0x7f2625e7b6a0, ctx=0x7f2625e66dd0) at driver-pgsql.c:880 #9 0x00007f2624929e8e in result_finish (result=0x7f2625e7b6a0) at driver-pgsql.c:388 #10 0x00007f26244a8c51 in io_loop_call_io (io=0x7f2625e66c30) at ioloop.c:559 #11 0x00007f26244aa40d in io_loop_handler_run_internal (ioloop=ioloop at entry=0x7f2625e60710) at ioloop-epoll.c:220 #12 0x00007f26244a8d26 in io_loop_handler_run (ioloop=ioloop at entry=0x7f2625e60710) at ioloop.c:607 #13 0x00007f26244a8f06 in io_loop_run (ioloop=0x7f2625e60710) at ioloop.c:583 #14 0x00007f2624433593 in master_service_run (service=0x7f2625e605b0, callback=) at master-service.c:640 #15 0x00007f2624921907 in main (argc=1, argv=0x7f2625e60390) at main.c:105 (gdb) Marcin From bjornar.ness at gmail.com Wed Sep 23 18:28:56 2015 From: bjornar.ness at gmail.com (=?UTF-8?Q?Bj=C3=B8rnar_Ness?=) Date: Wed, 23 Sep 2015 20:28:56 +0200 Subject: dict lookup from quota plugin Message-ID: I am having trouble with using a custom daemon listening on a socket together with the quota plugin. My configuration is: quota = dict:User quota::dict:/tmp/dovecot-proxy-dict:: The problem is that dovecot sends keys without usernames, for example: priv/quota/storage Is it possible to get around this limitation without code modification? Also, is it planned to support the "new-style" userdb/passdb lookups from other plugins? -- Bj(/)rnar From tss at iki.fi Wed Sep 23 20:10:09 2015 From: tss at iki.fi (Timo Sirainen) Date: Wed, 23 Sep 2015 23:10:09 +0300 Subject: dict lookup from quota plugin In-Reply-To: References: Message-ID: <25320D5E-6E1E-4342-BEE3-7B4C721845B8@iki.fi> > On 23 Sep 2015, at 21:28, Bj?rnar Ness wrote: > > I am having trouble with using a custom daemon listening on a socket > together with the quota plugin. My configuration is: > > > quota = dict:User quota::dict:/tmp/dovecot-proxy-dict:: > > The problem is that dovecot sends keys without usernames, for example: > > priv/quota/storage > > Is it possible to get around this limitation without code modification? Username is sent as part of the first handshake command. > Also, is it planned to support the "new-style" userdb/passdb lookups from > other plugins? What's a new-style userdb/passdb lookup?.. From tss at iki.fi Wed Sep 23 20:12:16 2015 From: tss at iki.fi (Timo Sirainen) Date: Wed, 23 Sep 2015 23:12:16 +0300 Subject: [dovecot-2.2.18] dsync error: Error: Can't delete mailbox INBOX: INBOX can't be deleted. In-Reply-To: <5602C0D0.5050909@mejor.pl> References: <5602B607.2090005@mejor.pl> <5602C0D0.5050909@mejor.pl> Message-ID: On 23 Sep 2015, at 18:10, Marcin Miros?aw wrote: > > With dovecot-2.2.19.rc1 still have this error. "doveadm backup" wants to delete and recreate a folder if there are some changes that can't be incrementally just added to it (mainly if IMAP UIDs would need to be inserted in the middle of the folder). Maildir doesn't allow INBOX to be deleted (because it's difficult), so this fails. Solution is to either not use Maildir format, or rm -rf Maildir manually before running dsync. From tss at iki.fi Wed Sep 23 22:07:22 2015 From: tss at iki.fi (Timo Sirainen) Date: Thu, 24 Sep 2015 01:07:22 +0300 Subject: v2.2.19 release candidate released In-Reply-To: <5602C4B3.10800@mejor.pl> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> <5602C4B3.10800@mejor.pl> Message-ID: > On 23 Sep 2015, at 18:26, Marcin Miros?aw wrote: > > W dniu 23.09.2015 o 15:30, Timo Sirainen pisze: >> http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz >> http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz.sig >> >> A lot of changes since v2.2.18, so here's a release candidate first. If no bugs are reported, I'm planning on making the final release sometimes this week. The most interesting new features here are the imap-hibernate process, quota count backend and director/proxy improvements. > > Hi! > I'm seeing: > Sep 23 17:23:43 mail dovecot: dict: Panic: file driver-pgsql.c: line 463 > (do_query): assertion failed: (SQL_DB_IS_READY(&db->api)) > Sep 23 17:23:43 mail dovecot: dict: Fatal: master: service(dict): child > 23430 killed with signal 6 (core dumped) > Sep 23 17:23:43 mail dovecot: dict: Panic: file driver-pgsql.c: line 463 > (do_query): assertion failed: (SQL_DB_IS_READY(&db->api)) > Sep 23 17:23:43 mail dovecot: dict: Fatal: master: service(dict): child > 23321 killed with signal 6 (core dumped) It's because dict-sql started actually doing an asynchronous commits now, which were broken with pgsql. These should fix it: http://hg.dovecot.org/dovecot-2.2/rev/59e4fcaa0f76 http://hg.dovecot.org/dovecot-2.2/rev/9ceeb1a5c492 http://hg.dovecot.org/dovecot-2.2/rev/beb3b8496b7d I think this also means that you could have only a couple of dict processes, since all the queries should now be done asynchronously. So if you had for example: quota = dict:User quota::proxy::sqlquota you could now have: quota = dict:User quota::proxy:dict-async:sqlquota You'd also probably need to change the service dict-async { unix_listener dict-async { permissions } }. Then again, it might not work. I haven't really tested this case. :) From lists at lazygranch.com Wed Sep 23 22:20:38 2015 From: lists at lazygranch.com (lists at lazygranch.com) Date: Wed, 23 Sep 2015 15:20:38 -0700 Subject: Can't receive email In-Reply-To: References: <20150920122057.5484629.20488.10927@lazygranch.com> Message-ID: <20150923222038.5484629.18704.11076@lazygranch.com> ?It now works. I have no idea why now and not yesterday. I had booted the server yesterday and that didn't fix it.? Thank for your help. From flint42 at gmail.com Thu Sep 24 06:23:33 2015 From: flint42 at gmail.com (Jean-Baptiste Vignaud) Date: Thu, 24 Sep 2015 08:23:33 +0200 Subject: v2.2.19 release candidate released In-Reply-To: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> Message-ID: Hello; Some issue with virtual storage and fts-lucene: Sep 24 08:12:16 imap(jbv00 at x xx): Panic: file virtual-storage.c: line 370 (virtual_backend_box_close): assertion failed: (mbox->backends_open_count > 0) Sep 24 08:12:16 imap(jbv00 at x xx): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x7fb4a) [0x7fa31284fb4a] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x7fbb6) [0x7fa31284fbb6] -> /usr/local/lib/dovecot/libdovecot.so.0(i_error+0) [0x7fa3127f967f] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9324) [0x7fa3111ba324] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x93d5) [0x7fa3111ba3d5] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9429) [0x7fa3111ba429] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7fa312b0a8ea] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x13) [0x7fa312b0c453] -> dovecot/imap(cmd_logout+0x40) [0x4113c0] -> dovecot/imap(command_exec+0x75) [0x4194f5] -> dovecot/imap() [0x417bb0] -> dovecot/imap() [0x417c46] -> dovecot/imap(client_handle_input+0x11d) [0x417f3d] -> dovecot/imap(client_input+0x6f) [0x4182bf] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x5b) [0x7fa312861ecb] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xb7) [0x7fa312863457] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) [0x7fa312861f75] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa312862118] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fa3127fe873] -> dovecot/imap(main+0x2cc) [0x4249ac] -> /lib64/libc.so.6(__libc_start_main+0xfd) [0x7fa31245ad5d] -> dovecot/imap() [0x40bf99] Sep 24 08:12:16 imap(jbv00 at x xx): Fatal: master: service(imap): child 16321 killed with signal 6 (core dumps disabled) I think thys was introduced by http://hg.dovecot.org/dovecot-2.2/rev/251747c3afe5. (gdb) r -u jbv00 at xxx Starting program: /usr/local/libexec/dovecot/imap -u jbv00 at xxx [Thread debugging using libthread_db enabled] process 16340 is executing new program: /usr/local/bin/doveconf Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.166.el6_7.1.x86_64 [Thread debugging using libthread_db enabled] process 16340 is executing new program: /usr/local/libexec/dovecot/imap Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.166.el6_7.1.x86_64 [Thread debugging using libthread_db enabled] * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SEARCH=FUZZY SPECIAL-USE QUOTA] Logged in as jbv00 at xxx l select virtual.all * FLAGS (\Answered \Flagged \Deleted \Seen \Draft $MDNSent $Forwarded unknown-1) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft $MDNSent $Forwarded unknown-1 \*)] Flags permitted. * 16480 EXISTS * 0 RECENT * OK [UNSEEN 626] First unseen. * OK [UIDVALIDITY 1441363451] UIDs valid * OK [UIDNEXT 16481] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest l OK [READ-WRITE] Select completed (0.000 + 0.000 secs). s search text test * SEARCH 520 606 697 896 898 899 901 2118 2166 2871 2873 2878 2884 2885 2897 2928 2932 2935 2942 6286 7080 7082 7139 7339 7852 7866 7886 8433 8698 9373 9552 9578 9605 9609 9731 10053 10250 10320 10322 10323 10341 10493 10618 10887 11065 11069 11147 11169 11292 11297 11298 11351 11991 12197 12231 12428 12429 13889 15214 16464 s OK Search completed (0.393 + 0.000 secs). l logout imap(jbv00 at xxx): Panic: file virtual-storage.c: line 370 (virtual_backend_box_close): assertion failed: (mbox->backends_open_count > 0) imap(jbv00 at xxx): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x7fb4a) [0x7ffff783bb4a] -> /usr/local/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x32) [0x7ffff783bc52] -> /usr/local/lib/dovecot/libdovecot.so.0(i_error+0) [0x7ffff77e567f] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9324) [0x7ffff61a6324] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x93d5) [0x7ffff61a63d5] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9429) [0x7ffff61a6429] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7ffff7af68ea] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x13) [0x7ffff7af8453] -> /usr/local/libexec/dovecot/imap(cmd_logout+0x40) [0x4113c0] -> /usr/local/libexec/dovecot/imap(command_exec+0x75) [0x4194f5] -> /usr/local/libexec/dovecot/imap() [0x417bb0] -> /usr/local/libexec/dovecot/imap() [0x417c46] -> /usr/local/libexec/dovecot/imap(client_handle_input+0x11d) [0x417f3d] -> /usr/local/libexec/dovecot/imap(client_input+0x6f) [0x4182bf] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x5b) [0x7ffff784decb] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xb7) [0x7ffff784f457] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) [0x7ffff784df75] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7ffff784e118] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7ffff77ea873] -> /usr/local/libexec/dovecot/imap(main+0x2cc) [0x4249ac] -> /lib64/libc.so.6(__libc_start_main+0xfd) [0x7ffff7446d5d] -> /usr/local/libexec/dovecot/imap() [0x40bf99] Program received signal SIGABRT, Aborted. 0x00007ffff745a625 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.166.el6_7.1.x86_64 libgcc-4.4.7-16.el6.x86_64 libstdc++-4.4.7-16.el6.x86_64 zlib-1.2.3-29.el6.x86_64 (gdb) bt #0 0x00007ffff745a625 in raise () from /lib64/libc.so.6 #1 0x00007ffff745be05 in abort () from /lib64/libc.so.6 #2 0x00007ffff783bb40 in default_fatal_finish (type=, status=0) at failures.c:201 #3 0x00007ffff783bc52 in default_fatal_handler (ctx=0x7fffffffe1d0, format=, args=) at failures.c:215 #4 0x00007ffff77e567f in i_panic (format=0x3fd4

) at failures.c:275 #5 0x00007ffff61a6324 in virtual_backend_box_close (mbox=0x664830, bbox=0x670838) at virtual-storage.c:370 #6 0x00007ffff61a63d5 in virtual_mailbox_close_internal (mbox=0x664830) at virtual-storage.c:401 #7 0x00007ffff61a6429 in virtual_mailbox_close (box=) at virtual-storage.c:463 #8 0x00007ffff7af68ea in mailbox_close (box=0x664830) at mail-storage.c:1228 #9 0x00007ffff7af8453 in mailbox_free (_box=) at mail-storage.c:1248 #10 0x00000000004113c0 in cmd_logout (cmd=0x65fb30) at cmd-logout.c:18 #11 0x00000000004194f5 in command_exec (cmd=0x65fb30) at imap-commands.c:169 #12 0x0000000000417bb0 in client_command_input (cmd=0x65fb30) at imap-client.c:869 #13 0x0000000000417c46 in client_command_input (cmd=0x65fb30) at imap-client.c:929 #14 0x0000000000417f3d in client_handle_next_command (client=0x65ef30) at imap-client.c:967 #15 client_handle_input (client=0x65ef30) at imap-client.c:979 #16 0x00000000004182bf in client_input (client=0x65ef30) at imap-client.c:1021 #17 0x00007ffff784decb in io_loop_call_io (io=0x65fa20) at ioloop.c:559 #18 0x00007ffff784f457 in io_loop_handler_run_internal (ioloop=) at ioloop-epoll.c:220 #19 0x00007ffff784df75 in io_loop_handler_run (ioloop=0x63ec70) at ioloop.c:607 #20 0x00007ffff784e118 in io_loop_run (ioloop=0x63ec70) at ioloop.c:583 #21 0x00007ffff77ea873 in master_service_run (service=0x63eb10, callback=) at master-service.c:640 #22 0x00000000004249ac in main (argc=3, argv=0x63e390) at main.c:442 This can also be avoided by setting plugin/virtual_max_open_mailboxes=1000 (where 1000 is greater than the number of total folders of the mailbox). /usr/local/sbin/dovecot -n # 2.2.19.rc1: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.5 (Final) ext4 auth_debug = yes auth_mechanisms = plain cram-md5 apop auth_username_chars = auth_verbose = yes base_dir = /usr/local/var/run default_login_user = dovelog dict { path = /usr/local/var/run/dict-server quotadict = mysql:/usr/local/etc/dovecot/conf.d/dovecot-dict-quota.conf } disable_plaintext_auth = no first_valid_uid = 100 listen = * log_path = /home/backend/logs/dovecot/dovecot.log mail_gid = vmail mail_location = maildir:/home/backend/vmail/%d/%n mail_plugins = fts fts_lucene virtual mail_uid = vmail namespace { hidden = no inbox = yes location = mailbox Drafts { auto = create special_use = \Drafts } mailbox Sent { auto = create special_use = \Sent } mailbox Spam { auto = create special_use = \Junk } mailbox Trash { auto = create special_use = \Trash } prefix = INBOX. separator = . type = private } namespace { hidden = yes inbox = no list = no location = virtual:/usr/local/etc/dovecot/virtual:INDEX=~/virtual prefix = virtual. separator = . subscriptions = no } passdb { args = /usr/local/etc/dovecot/conf.d/dovecot-mysql.conf driver = sql } plugin { fts = lucene fts_decoder = decode2text fts_lucene = whitespace_chars=@. mail_log_events = delete undelete expunge copy mail_log_fields = uid box msgid size mail_log_group_events = no mail_log_max_lines_per_sec = 0 quota = dict:user::proxy::quotadict quota_rule = *:storage=100M quota_rule2 = *:messages=1000000 } protocols = imap pop3 service auth { unix_listener auth-client { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } user = dovecot } service decode2text { executable = script /usr/local/libexec/dovecot/decode2text.sh group = vmail unix_listener decode2text { group = vmail mode = 0666 user = vmail } user = vmail } service dict { unix_listener dict { mode = 0600 user = vmail } } service imap-login { user = dovelog } service pop3-login { user = dovelog } ssl_cert = wrote: > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz.sig > > A lot of changes since v2.2.18, so here's a release candidate first. If no > bugs are reported, I'm planning on making the final release sometimes this > week. The most interesting new features here are the imap-hibernate > process, quota count backend and director/proxy improvements. > > * "doveadm director flush" command has a changed meaning now: > It safely moves users to their wanted backends, instead of simply > forgetting the mapping entirely and leaving the existing connections > untouched. Use -F parameter to get the original unsafe behavior. > > + Added support for imap-hiberanate processes. > + Optimized tracking mailboxes' vsizes (= sum of all messages' size). > If mailbox_list_index=yes, it's also stored in there. This makes it > very efficient to look up vsizes for all mailboxes. > + Added a quota "count" backend, which uses the mailbox vsizes to get > the current quota usage. It requires using the new quota_vsizes=yes > setting, which tracks the messages' "virtual sizes" rather than > "physical sizes". Their distiction is minor and mostly irrelevant > nowadays (if mail sizes should be counted with LF or CRLF newlines). > + "doveadm director up/down" commands added. The monitoring script > should be using these commands instead of changing the vhost count. > This allows admin to manually disable a server by changing the vhost > count to 0 without the monitoring script changing it back. > + Added support for HAProxy protocol: http://wiki2.dovecot.org/HAProxy > + Added push-notification plugin framework, which can be used to > easily implement push notifications to various backends. Implemented > "ox" backend for notifying Open-Xchange via HTTP/json. > + imap_logout_format supports more variables now, e.g. number of > deleted messages. > + pop3: Added pop3_delete_type setting (related to pop3_deleted_flag). > + plugin { fts_enforced=yes } setting now fails body searches unless > it can be done via the full text search engine. > + Added %{passdb:*} and %{userdb:*} variables to various places > + auth: Added ":protected" suffix for passdb and userdb fields. If > used, the field doesn't overwrite an existing field. > + IMAP/POP3 proxy: If a backend server dies, avoid client reconnection > spikes by slowly disconnecting clients over time. This is enabled by > setting login_proxy_max_disconnect_delay=secs passdb extra field. > + imap: Added new read-only METADATA entries: /private/specialuse, > /shared/comment, /shared/admin > + imap: If client disconnects in the middle of a command, log how long > the command had been running. > - mdbox: Rebuilding could have caused message's reference count to > overflow the 16bit number in some situations, causing problems when > trying to expunge the duplicates. > - Various search fixes (fts, solr, tika, lib-charset, indexer) > - Various virtual plugin fixes > - Various fixes and optimizations to dsync, imapc and pop3-migration > - imap: Various RFC compliancy and crash fixes to NOTIFY > From fumiyas at osstech.jp Thu Sep 24 08:26:27 2015 From: fumiyas at osstech.jp (SATOH Fumiyasu) Date: Thu, 24 Sep 2015 17:26:27 +0900 Subject: FTS not indexing new folders (mailboxes) In-Reply-To: References: Message-ID: <874mikz0i4.wl-fumiyas@osstech.jp> Hi, At Fri, 31 Jul 2015 09:41:10 -0300, Francisco Wagner C. Freire wrote: > Im getting problem on FTS on new created folders (mailboxes). > > How to simulate: > > - Enable FTS (solr on our case) > - Create a new folder (mailbox) > - Move some message to that mailbox > - Try to search for the message contents > > *doveadm search -u user at domain text sometext* > # Found nothing, but if i move the message to another mailbox, the search > catch the message. > # I tried doveadm index command but no response as well Same here with Dovecot 2.2.13 and Solr. > # This works only after a full fts rescan > *doveadm fts rescan -u user at domain* > > # And now, works > > *doveadm search -u user at domain text > sometext3c7b60241443ba55af680000cc4d0d4b 1* > > # My dovecot version = 2.2.18 (EE) > # My fts config: > > fts = solr > fts_autoindex = yes > fts_autoindex_max_recent_msgs = 50 > fts_solr = url=http://127.0.0.1:8080/solr/ > > Anyone got this problem? -- -- Name: SATOH Fumiyasu @ OSS Technology Corp. (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- GitHub Home: https://GitHub.com/fumiyas/ -- PGP Fingerprint: BBE1 A1C9 525A 292E 6729 CDEC ADC2 9DCA 5E1C CBCA From marcin at mejor.pl Thu Sep 24 08:27:53 2015 From: marcin at mejor.pl (=?UTF-8?Q?Marcin_Miros=c5=82aw?=) Date: Thu, 24 Sep 2015 10:27:53 +0200 Subject: [dovecot-2.2.18] dsync error: Error: Can't delete mailbox INBOX: INBOX can't be deleted. In-Reply-To: References: <5602B607.2090005@mejor.pl> <5602C0D0.5050909@mejor.pl> Message-ID: <5603B409.8090805@mejor.pl> W dniu 23.09.2015 o 22:12, Timo Sirainen pisze: > On 23 Sep 2015, at 18:10, Marcin Miros?aw wrote: >> >> With dovecot-2.2.19.rc1 still have this error. > > "doveadm backup" wants to delete and recreate a folder if there are some changes that can't be incrementally just added to it (mainly if IMAP UIDs would need to be inserted in the middle of the folder). Maildir doesn't allow INBOX to be deleted (because it's difficult), so this fails. Solution is to either not use Maildir format, or rm -rf Maildir manually before running dsync. Hi Timo, hi all! The problem is that I'm removing all .maildir/ folder before starting dsync. This solution doesn't work for me. Do you think that only migrating to e.g. mbox and then migrating from mbox to maildir is the only way that can works? Thanks, Marcin From lista at xdrv.co.uk Thu Sep 24 08:33:54 2015 From: lista at xdrv.co.uk (James) Date: Thu, 24 Sep 2015 09:33:54 +0100 Subject: v2.2.19 release candidate released In-Reply-To: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> Message-ID: <5603B572.8010303@xdrv.co.uk> On 23/09/2015 14:30, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz Comiling with cc on Solaris 10 complains "void function cannot return value", patch attached. Dovecot is offering the equivalent of: void bar() { } void foo() { return bar(); } which cc doesn't accept whereas gcc does. Otherwise no problems, I have 2.2.19.rc1 running on a lightly loaded system. -------------- next part -------------- --- ../original/src/lib-settings/settings-parser.c 2015-09-23 13:59:40.000000000 +0100 +++ src/lib-settings/settings-parser.c 2015-09-23 15:24:12.715857666 +0100 @@ -1296,7 +1296,7 @@ void *set, pool_t pool, const struct var_expand_table *table) { - return settings_var_expand_with_funcs(info, set, pool, table, NULL, NULL); + settings_var_expand_with_funcs(info, set, pool, table, NULL, NULL); } void settings_var_expand_with_funcs(const struct setting_parser_info *info, --- ../original/src/lib-dict/dict.c 2015-09-02 15:34:00.000000000 +0100 +++ src/lib-dict/dict.c 2015-09-23 15:25:08.746448489 +0100 @@ -133,7 +133,7 @@ callback(&result, context); return; } - return dict->v.lookup_async(dict, key, callback, context); + dict->v.lookup_async(dict, key, callback, context); } struct dict_iterate_context * From tss at iki.fi Thu Sep 24 09:01:15 2015 From: tss at iki.fi (Timo Sirainen) Date: Thu, 24 Sep 2015 12:01:15 +0300 Subject: FTS not indexing new folders (mailboxes) In-Reply-To: <874mikz0i4.wl-fumiyas@osstech.jp> References: <874mikz0i4.wl-fumiyas@osstech.jp> Message-ID: <1C640137-5B8E-475C-A17F-F257A8C55728@iki.fi> On 24 Sep 2015, at 11:26, SATOH Fumiyasu wrote: > > Hi, > > At Fri, 31 Jul 2015 09:41:10 -0300, > Francisco Wagner C. Freire wrote: >> Im getting problem on FTS on new created folders (mailboxes). >> >> How to simulate: >> >> - Enable FTS (solr on our case) >> - Create a new folder (mailbox) >> - Move some message to that mailbox >> - Try to search for the message contents >> >> *doveadm search -u user at domain text sometext* >> # Found nothing, but if i move the message to another mailbox, the search >> catch the message. >> # I tried doveadm index command but no response as well > > Same here with Dovecot 2.2.13 and Solr. 2.2.19 should fix this. From marcin at mejor.pl Thu Sep 24 09:19:41 2015 From: marcin at mejor.pl (=?UTF-8?Q?Marcin_Miros=c5=82aw?=) Date: Thu, 24 Sep 2015 11:19:41 +0200 Subject: v2.2.19 release candidate released In-Reply-To: References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> <5602C4B3.10800@mejor.pl> Message-ID: <5603C02D.4090204@mejor.pl> W dniu 24.09.2015 o 00:07, Timo Sirainen pisze: > >> On 23 Sep 2015, at 18:26, Marcin Miros?aw wrote: >> >> W dniu 23.09.2015 o 15:30, Timo Sirainen pisze: >>> http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz >>> http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz.sig >>> >>> A lot of changes since v2.2.18, so here's a release candidate first. If no bugs are reported, I'm planning on making the final release sometimes this week. The most interesting new features here are the imap-hibernate process, quota count backend and director/proxy improvements. >> >> Hi! >> I'm seeing: >> Sep 23 17:23:43 mail dovecot: dict: Panic: file driver-pgsql.c: line 463 >> (do_query): assertion failed: (SQL_DB_IS_READY(&db->api)) >> Sep 23 17:23:43 mail dovecot: dict: Fatal: master: service(dict): child >> 23430 killed with signal 6 (core dumped) >> Sep 23 17:23:43 mail dovecot: dict: Panic: file driver-pgsql.c: line 463 >> (do_query): assertion failed: (SQL_DB_IS_READY(&db->api)) >> Sep 23 17:23:43 mail dovecot: dict: Fatal: master: service(dict): child >> 23321 killed with signal 6 (core dumped) > > It's because dict-sql started actually doing an asynchronous commits now, which were broken with pgsql. These should fix it: > > http://hg.dovecot.org/dovecot-2.2/rev/59e4fcaa0f76 > http://hg.dovecot.org/dovecot-2.2/rev/9ceeb1a5c492 > http://hg.dovecot.org/dovecot-2.2/rev/beb3b8496b7d > > I think this also means that you could have only a couple of dict processes, since all the queries should now be done asynchronously. So if you had for example: > > quota = dict:User quota::proxy::sqlquota > > you could now have: > > quota = dict:User quota::proxy:dict-async:sqlquota > > You'd also probably need to change the service dict-async { unix_listener dict-async { permissions } }. > > Then again, it might not work. I haven't really tested this case. :) I didn't try to use dict-async yet. Those three patches solves problem with throwing core by dovecot-dict. Thank you, Marcin From sca at andreasschulze.de Thu Sep 24 10:17:21 2015 From: sca at andreasschulze.de (A. Schulze) Date: Thu, 24 Sep 2015 12:17:21 +0200 Subject: v2.2.19 release candidate released In-Reply-To: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> Message-ID: <5603CDB1.6020303@andreasschulze.de> Am 23.09.2015 um 15:30 schrieb Timo Sirainen: > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz.sig > > A lot of changes since v2.2.18, so here's a release candidate first. If no bugs are reported, I'm planning on making the final release sometimes this week. The most interesting new features here are the imap-hibernate process, quota count backend and director/proxy improvements. rc1 compile and run on some smaller Debian hosts here without problems. Andreas From marcin at mejor.pl Thu Sep 24 10:43:29 2015 From: marcin at mejor.pl (=?UTF-8?Q?Marcin_Miros=c5=82aw?=) Date: Thu, 24 Sep 2015 12:43:29 +0200 Subject: v2.2.19 release candidate released In-Reply-To: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> Message-ID: <5603D3D1.6090207@mejor.pl> W dniu 23.09.2015 o 15:30, Timo Sirainen pisze: > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz.sig > > A lot of changes since v2.2.18, so here's a release candidate first. If no bugs are reported, I'm planning on making the final release sometimes this week. The most interesting new features here are the imap-hibernate process, quota count backend and director/proxy improvements. Hi! I'm getting compilation error using clang: > make[4]: Entering directory '/var/tmp/portage/net-mail/dovecot-2.2.19_rc1/work/dovecot-2.2.19.rc1/src/lib' > /bin/sh ../../libtool --tag=CC --mode=compile clang -DHAVE_CONFIG_H -I. -I../.. -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prototypes -Wmissing-declaratio > ns -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c -o guid.lo guid.c > libtool: compile: clang -DHAVE_CONFIG_H -I. -I../.. -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscrip > ts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c guid.c -fPIC -DPIC -o .libs/guid.o > guid.c:106:2: error: array size is negative > buffer_create_from_data(&buf, guid_r, GUID_128_SIZE); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ./buffer.h:23:8: note: expanded from macro 'buffer_create_from_data' > (void)COMPILE_ERROR_IF_TRUE(__builtin_object_size((d),3) < ((s)?(s):1)); \ > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ./macros.h:161:15: note: expanded from macro 'COMPILE_ERROR_IF_TRUE' > (sizeof(char[1 - 2 * !!(condition)]) - 1) > ^~~~~~~~~~~~~~~~~~~~~ > 1 error generated. > /bin/sh ../../libtool --tag=CC --mode=compile clang -DHAVE_CONFIG_H -I. -I../.. -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prototypes -Wmissing-declaratio > ns -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c -o istream-jsonstr.lo istream-jsonstr.c > libtool: compile: clang -DHAVE_CONFIG_H -I. -I../.. -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscrip > ts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c istream-jsonstr.c -fPIC -DPIC -o .libs/istream-jsonstr.o > istream-jsonstr.c:72:3: error: array size is negative > buffer_create_from_data(&buf, dest, MAX_UTF8_LEN); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ./buffer.h:23:8: note: expanded from macro 'buffer_create_from_data' > (void)COMPILE_ERROR_IF_TRUE(__builtin_object_size((d),3) < ((s)?(s):1)); \ > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ./macros.h:161:15: note: expanded from macro 'COMPILE_ERROR_IF_TRUE' > (sizeof(char[1 - 2 * !!(condition)]) - 1) > ^~~~~~~~~~~~~~~~~~~~~ > 1 error generated. > Makefile:1085: recipe for target 'istream-jsonstr.lo' failed > make[4]: *** [istream-jsonstr.lo] Error 1 > make[3]: Entering directory '/var/tmp/portage/net-mail/dovecot-2.2.19_rc1/work/dovecot-2.2.19.rc1/src/lib-mail' > /bin/sh ../../libtool --tag=CC --mode=compile clang -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -I../../src/lib-charset -std=gnu99 -O2 -mar > ch=native -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict > -aliasing=2 -c -o istream-binary-converter.lo istream-binary-converter.c > libtool: compile: clang -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -I../../src/lib-charset -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prot > otypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c istream-binary-con > verter.c -fPIC -DPIC -o .libs/istream-binary-converter.o > istream-binary-converter.c:119:3: error: array size is negative > buffer_create_from_data(&buf, dest, BASE64_BLOCK_SIZE); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ../../src/lib/buffer.h:23:8: note: expanded from macro 'buffer_create_from_data' > (void)COMPILE_ERROR_IF_TRUE(__builtin_object_size((d),3) < ((s)?(s):1)); \ > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ../../src/lib/macros.h:161:15: note: expanded from macro 'COMPILE_ERROR_IF_TRUE' > (sizeof(char[1 - 2 * !!(condition)]) - 1) > ^~~~~~~~~~~~~~~~~~~~~ > 1 error generated. > Makefile:882: recipe for target 'istream-binary-converter.lo' failed > libtool: compile: clang -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -I../../src/lib-charset -I../../src/lib-dict -I../../src/lib-mail -I../../sr > c/lib-storage -I../../src/lib-imap -I../../src/lib-imap-storage -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wch > ar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c imap-urlauth-backend.c -fPIC -DPIC -o .libs/imap-urlauth-backend.o > imap-urlauth-backend.c:62:3: error: array size is negative > buffer_create_from_data(&key_buf, mailbox_key_r, > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ../../src/lib/buffer.h:23:8: note: expanded from macro 'buffer_create_from_data' > (void)COMPILE_ERROR_IF_TRUE(__builtin_object_size((d),3) < ((s)?(s):1)); \ > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ../../src/lib/macros.h:161:15: note: expanded from macro 'COMPILE_ERROR_IF_TRUE' > (sizeof(char[1 - 2 * !!(condition)]) - 1) > ^~~~~~~~~~~~~~~~~~~~~ > 1 error generated. > Makefile:484: recipe for target 'imap-urlauth-bac > make[4]: Entering directory '/var/tmp/portage/net-mail/dovecot-2.2.19_rc1/work/dovecot-2.2.19.rc1/src/lib-storage' > /bin/sh ../../libtool --tag=CC --mode=compile clang -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -I../../src/lib-auth -I../../src/lib-dict -I. > ./../src/lib-sasl -I../../src/lib-ssl-iostream -I../../src/lib-fs -I../../src/lib-master -I../../src/lib-settings -I../../src/lib-charset -I../../src/lib-mail -I../.. > /src/lib-imap -I../../src/lib-index -DPKG_RUNDIR=\""/var/run/dovecot"\" -DMODULEDIR=\""/usr/lib64/dovecot"\" -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prototy > pes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c -o mail.lo mail.c > libtool: compile: clang -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test -I../../src/lib-auth -I../../src/lib-dict -I../../src/lib-sasl -I../../src/l > ib-ssl-iostream -I../../src/lib-fs -I../../src/lib-master -I../../src/lib-settings -I../../src/lib-charset -I../../src/lib-mail -I../../src/lib-imap -I../../src/lib-i > ndex -DPKG_RUNDIR=\"/var/run/dovecot\" -DMODULEDIR=\"/usr/lib64/dovecot\" -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer- > arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c mail.c -fPIC -DPIC -o .libs/mail.o > mail.c:419:3: error: array size is negative > buffer_create_from_data(&buf, guid_128_r, GUID_128_SIZE); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ../../src/lib/buffer.h:23:8: note: expanded from macro 'buffer_create_from_data' > (void)COMPILE_ERROR_IF_TRUE(__builtin_object_size((d),3) < ((s)?(s):1)); \ > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ../../src/lib/macros.h:161:15: note: expanded from macro 'COMPILE_ERROR_IF_TRUE' > (sizeof(char[1 - 2 * !!(condition)]) - 1) > ^~~~~~~~~~~~~~~~~~~~~ > 1 error generated. > Makefile:767: recipe for target 'mail.lo' failed > make[3]: Entering directory '/var/tmp/portage/net-mail/dovecot-2.2.19_rc1/work/dovecot-2.2.19.rc1/src/lib-otp' > clang -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscrip > ts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c -o otp-parse.o otp-parse.c > otp-parse.c:45:2: error: array size is negative > buffer_create_from_data(&buf, hash, OTP_HASH_SIZE); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ../../src/lib/buffer.h:23:8: note: expanded from macro 'buffer_create_from_data' > (void)COMPILE_ERROR_IF_TRUE(__builtin_object_size((d),3) < ((s)?(s):1)); \ > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ../../src/lib/macros.h:161:15: note: expanded from macro 'COMPILE_ERROR_IF_TRUE' > (sizeof(char[1 - 2 * !!(condition)]) - 1) > ^~~~~~~~~~~~~~~~~~~~~ > 1 error generated. > Makefile:433: recipe for target 'otp-parse.o' failed $ clang -v clang version 3.8.0 (cc0e5a2f90ee7a0d48042c4b5b66546521f77923) (11768ab0810142d431e9be949daa779a8809347b) Marcin From tss at iki.fi Thu Sep 24 12:01:11 2015 From: tss at iki.fi (Timo Sirainen) Date: Thu, 24 Sep 2015 15:01:11 +0300 Subject: v2.2.19 release candidate released In-Reply-To: <5603D3D1.6090207@mejor.pl> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> <5603D3D1.6090207@mejor.pl> Message-ID: <516F325F-7C11-4B1E-B5EB-E221A6884F8B@iki.fi> On 24 Sep 2015, at 13:43, Marcin Miros?aw wrote: > > W dniu 23.09.2015 o 15:30, Timo Sirainen pisze: >> http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz >> http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz.sig >> >> A lot of changes since v2.2.18, so here's a release candidate first. If no bugs are reported, I'm planning on making the final release sometimes this week. The most interesting new features here are the imap-hibernate process, quota count backend and director/proxy improvements. > > Hi! > I'm getting compilation error using clang: > >> guid.c:106:2: error: array size is negative >> buffer_create_from_data(&buf, guid_r, GUID_128_SIZE); >> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> ./buffer.h:23:8: note: expanded from macro 'buffer_create_from_data' >> (void)COMPILE_ERROR_IF_TRUE(__builtin_object_size((d),3) < ((s)?(s):1)); \ What happens if in src/lib/buffer.h line 23 you change the __builtin_object_size((d),3) to __builtin_object_size((d),1)? Does it work? From marcin at mejor.pl Thu Sep 24 12:11:04 2015 From: marcin at mejor.pl (=?UTF-8?Q?Marcin_Miros=c5=82aw?=) Date: Thu, 24 Sep 2015 14:11:04 +0200 Subject: v2.2.19 release candidate released In-Reply-To: <516F325F-7C11-4B1E-B5EB-E221A6884F8B@iki.fi> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> <5603D3D1.6090207@mejor.pl> <516F325F-7C11-4B1E-B5EB-E221A6884F8B@iki.fi> Message-ID: <5603E858.2060409@mejor.pl> W dniu 24.09.2015 o 14:01, Timo Sirainen pisze: > On 24 Sep 2015, at 13:43, Marcin Miros?aw wrote: >> >> W dniu 23.09.2015 o 15:30, Timo Sirainen pisze: >>> http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz >>> http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc1.tar.gz.sig >>> >>> A lot of changes since v2.2.18, so here's a release candidate first. If no bugs are reported, I'm planning on making the final release sometimes this week. The most interesting new features here are the imap-hibernate process, quota count backend and director/proxy improvements. >> >> Hi! >> I'm getting compilation error using clang: >> >>> guid.c:106:2: error: array size is negative >>> buffer_create_from_data(&buf, guid_r, GUID_128_SIZE); >>> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> ./buffer.h:23:8: note: expanded from macro 'buffer_create_from_data' >>> (void)COMPILE_ERROR_IF_TRUE(__builtin_object_size((d),3) < ((s)?(s):1)); \ > > What happens if in src/lib/buffer.h line 23 you change the __builtin_object_size((d),3) to __builtin_object_size((d),1)? Does it work? Yes, it works. Now dovecot-2.2.19.rc1 compiles fine. Thanks, Marcin P.S. Is such warnings something you care? > clang -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-settings -I../../src/lib-master -DPKG_RUNDIR=\""/var/run/dovecot"\" -DPKG_STATEDIR=\""/var/lib/dovecot"\" -DPKG_LIBEXECDIR=\""/usr/libexec/dovecot"\" -DBINDIR=\""/usr/bin"\" -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c -o sd-daemon.o sd-daemon.c > sd-daemon.c:56:19: warning: implicit declaration of function 'getenv' is invalid in C99 [-Wimplicit-function-declaration] > if (!(e = getenv("LISTEN_PID"))) { > ^ > sd-daemon.c:56:17: warning: incompatible integer to pointer conversion assigning to 'const char *' from 'int' [-Wint-conversion] > if (!(e = getenv("LISTEN_PID"))) { > ^ ~~~~~~~~~~~~~~~~~~~~ > sd-daemon.c:62:13: warning: implicit declaration of function 'strtoul' is invalid in C99 [-Wimplicit-function-declaration] > l = strtoul(e, &p, 10); > ^ > sd-daemon.c:80:17: warning: incompatible integer to pointer conversion assigning to 'const char *' from 'int' [-Wint-conversion] > if (!(e = getenv("LISTEN_FDS"))) { > ^ ~~~~~~~~~~~~~~~~~~~~ > sd-daemon.c:119:17: warning: implicit declaration of function 'unsetenv' is invalid in C99 [-Wimplicit-function-declaration] > unsetenv("LISTEN_PID"); > ^ > sd-daemon.c:342:17: warning: incompatible integer to pointer conversion assigning to 'const char *' from 'int' [-Wint-conversion] > if (!(e = getenv("NOTIFY_SOCKET"))) > ^ ~~~~~~~~~~~~~~~~~~~~~~~ > sd-daemon.c:411:9: warning: implicit declaration of function 'free' is invalid in C99 [-Wimplicit-function-declaration] > free(p); > ^ > 7 warnings generated. From tss at iki.fi Thu Sep 24 12:23:04 2015 From: tss at iki.fi (Timo Sirainen) Date: Thu, 24 Sep 2015 15:23:04 +0300 Subject: v2.2.19 release candidate released In-Reply-To: <5603E858.2060409@mejor.pl> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> <5603D3D1.6090207@mejor.pl> <516F325F-7C11-4B1E-B5EB-E221A6884F8B@iki.fi> <5603E858.2060409@mejor.pl> Message-ID: <6FD968FA-220C-442D-B139-A324018A5D2F@iki.fi> On 24 Sep 2015, at 15:11, Marcin Miros?aw wrote: > >> >> What happens if in src/lib/buffer.h line 23 you change the __builtin_object_size((d),3) to __builtin_object_size((d),1)? Does it work? > > Yes, it works. Now dovecot-2.2.19.rc1 compiles fine. OK, committed the change. > P.S. Is such warnings something you care? >> clang -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-settings -I../../src/lib-master -DPKG_RUNDIR=\""/var/run/dovecot"\" -DPKG_STATEDIR=\""/var/lib/dovecot"\" -DPKG_LIBEXECDIR=\""/usr/libexec/dovecot"\" -DBINDIR=\""/usr/bin"\" -std=gnu99 -O2 -march=native -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -c -o sd-daemon.o sd-daemon.c >> sd-daemon.c:56:19: warning: implicit declaration of function 'getenv' is invalid in C99 [-Wimplicit-function-declaration] >> if (!(e = getenv("LISTEN_PID"))) { These were already fixed: http://hg.dovecot.org/dovecot-2.2/rev/c4b9e6606cbf From tss at iki.fi Thu Sep 24 16:08:21 2015 From: tss at iki.fi (Timo Sirainen) Date: Thu, 24 Sep 2015 19:08:21 +0300 Subject: v2.2.19 release candidate released In-Reply-To: References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> Message-ID: <56041FF5.5010105@iki.fi> On 09/24/2015 09:23 AM, Jean-Baptiste Vignaud wrote: > Hello; > > Some issue with virtual storage and fts-lucene: > > Sep 24 08:12:16 imap(jbv00 at x xx): Panic: file > virtual-storage.c: line 370 (virtual_backend_box_close): assertion failed: > (mbox->backends_open_count > 0) Fixed: http://hg.dovecot.org/dovecot-2.2/rev/4b5b8e6a4a32 Although I think this code can now cause a lot of mailboxes to be opened again if the search result is found from all the mailboxes. So probably needs some more work. From tss at iki.fi Thu Sep 24 16:27:50 2015 From: tss at iki.fi (Timo Sirainen) Date: Thu, 24 Sep 2015 19:27:50 +0300 Subject: v2.2.19 release candidate released In-Reply-To: <56041FF5.5010105@iki.fi> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> <56041FF5.5010105@iki.fi> Message-ID: <56042486.2080206@iki.fi> On 09/24/2015 07:08 PM, Timo Sirainen wrote: > On 09/24/2015 09:23 AM, Jean-Baptiste Vignaud wrote: >> Hello; >> >> Some issue with virtual storage and fts-lucene: >> >> Sep 24 08:12:16 imap(jbv00 at x xx): Panic: file >> virtual-storage.c: line 370 (virtual_backend_box_close): assertion failed: >> (mbox->backends_open_count > 0) > > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/4b5b8e6a4a32 > > Although I think this code can now cause a lot of mailboxes to be opened > again if the search result is found from all the mailboxes. So probably > needs some more work. After a bit more testing, it looks like it would happen for all the searches regardless of the results. So, implemented it using another method that should always work: http://hg.dovecot.org/dovecot-2.2/rev/055d1e2d894c From dovecot at outputservices.com Thu Sep 24 17:31:53 2015 From: dovecot at outputservices.com (dovecot at outputservices.com) Date: Thu, 24 Sep 2015 11:31:53 -0600 (MDT) Subject: dovecot --hostdomain issue Message-ID: <201509241731.t8OHVro02294@www.outputservices.com> I am on a server I called "email. But dovecot says i am on sunfire.outputservices.com ------------------------------------ dovecot --hostdomain sunfire.outputservices.com ------------------------------------ I would like to at least get it to say email.outputservices.com. But what I really want it to say is posta.outputservices.com. First where does --hostdomain get it's information so I can clear that up? Then how can I get it to identify as posta.outputservices.com? Dave Ryan dovecot at outputservices.com Senior System Administrator Output Services, Inc. Thursday, September 24, 2015 1124 hrs MDT ----------------------------------------------------------- doveconf -n # 2.2.15: /usr/local/tools/dovecot/etc/dovecot/dovecot.conf # OS: SunOS 5.10 i86pc base_dir = /dovecot/var/run/dovecot log_path = /dovecot/log/log login_trusted_networks = 137.106.0.0/16 mail_location = mbox:~/posta:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /dovecot/etc/dovecot/conf.d/ldap.settings driver = ldap } protocols = imap service auth { unix_listener /postfix/mqueue/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 } } ssl_cert = Message-ID: <20150924082605.Horde.elRR0JKiZI2HgqVuUYd5UQ1@www.vfemail.net> Update.? Only a single reboot has occurred since changing defalt_vsz_limit from 384M to 512M.? It would seem that something the users are doing is causing that virtual memory size to be exceeded (possibly a mailbox search?), and when that occurs Dovecot/FreeBSD is not handling the event as smoothly as expected. Here's my dmesg for more basic info. Sep 17 11:25:39 romulus syslogd: kernel boot file is /boot/kernel/kernel Sep 17 11:25:39 romulus kernel: Copyright (c) 1992-2015 The FreeBSD Project. Sep 17 11:25:39 romulus kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Sep 17 11:25:39 romulus kernel: The Regents of the University of California. All rights reserved. Sep 17 11:25:39 romulus kernel: FreeBSD is a registered trademark of The FreeBSD Foundation. Sep 17 11:25:39 romulus kernel: FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015 Sep 17 11:25:39 romulus kernel: root at releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 Sep 17 11:25:39 romulus kernel: FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512 Sep 17 11:25:39 romulus kernel: CPU: Intel(R) Xeon(R) CPU?????????? E5462? @ 2.80GHz (2800.15-MHz K8-class CPU) Sep 17 11:25:39 romulus kernel: Origin="GenuineIntel"? Id=0x1067a? Family=0x6? Model=0x17? Stepping=10 Sep 17 11:25:39 romulus kernel: Features=0xbfebfbff Sep 17 11:25:39 romulus kernel: Features2=0xc0ce3bd Sep 17 11:25:39 romulus kernel: AMD Features=0x20100800 Sep 17 11:25:39 romulus kernel: AMD Features2=0x1 Sep 17 11:25:39 romulus kernel: VT-x: (disabled in BIOS) HLT,PAUSE Sep 17 11:25:39 romulus kernel: TSC: P-state invariant, performance statistics Sep 17 11:25:39 romulus kernel: real memory? = 34359738368 (32768 MB) Sep 17 11:25:39 romulus kernel: avail memory = 33300127744 (31757 MB) Sep 17 11:25:39 romulus kernel: Event timer "LAPIC" quality 400 Sep 17 11:25:39 romulus kernel: ACPI APIC Table: Sep 17 11:25:39 romulus kernel: FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs Sep 17 11:25:39 romulus kernel: FreeBSD/SMP: 2 package(s) x 4 core(s) Sep 17 11:25:39 romulus kernel: cpu0 (BSP): APIC ID:? 0 Sep 17 11:25:39 romulus kernel: cpu1 (AP): APIC ID:? 1 Sep 17 11:25:39 romulus kernel: cpu2 (AP): APIC ID:? 2 Sep 17 11:25:39 romulus kernel: cpu3 (AP): APIC ID:? 3 Sep 17 11:25:39 romulus kernel: cpu4 (AP): APIC ID:? 4 Sep 17 11:25:39 romulus kernel: cpu5 (AP): APIC ID:? 5 Sep 17 11:25:39 romulus kernel: cpu6 (AP): APIC ID:? 6 Sep 17 11:25:39 romulus kernel: cpu7 (AP): APIC ID:? 7 Sep 17 11:25:39 romulus kernel: ioapic0 irqs 0-23 on motherboard Sep 17 11:25:39 romulus kernel: ioapic1 irqs 24-47 on motherboard Sep 17 11:25:39 romulus kernel: ioapic2 irqs 48-71 on motherboard Sep 17 11:25:39 romulus kernel: random: initialized Sep 17 11:25:39 romulus kernel: kbd1 at kbdmux0 Sep 17 11:25:39 romulus kernel: acpi0: on motherboard Sep 17 11:25:39 romulus kernel: acpi0: Power Button (fixed) Sep 17 11:25:39 romulus kernel: unknown: I/O range not supported Sep 17 11:25:39 romulus kernel: cpu0: on acpi0 Sep 17 11:25:39 romulus kernel: cpu1: on acpi0 Sep 17 11:25:39 romulus kernel: cpu2: on acpi0 Sep 17 11:25:39 romulus kernel: cpu3: on acpi0 Sep 17 11:25:39 romulus kernel: cpu4: on acpi0 Sep 17 11:25:39 romulus kernel: cpu5: on acpi0 Sep 17 11:25:39 romulus kernel: cpu6: on acpi0 Sep 17 11:25:39 romulus kernel: cpu7: on acpi0 Sep 17 11:25:39 romulus kernel: hpet0: iomem 0xfed00000-0xfed003ff irq 0,8 on acpi0 Sep 17 11:25:39 romulus kernel: Timecounter "HPET" frequency 14318180 Hz quality 950 Sep 17 11:25:39 romulus kernel: Event timer "HPET" frequency 14318180 Hz quality 350 Sep 17 11:25:39 romulus kernel: Event timer "HPET1" frequency 14318180 Hz quality 340 Sep 17 11:25:39 romulus kernel: Event timer "HPET2" frequency 14318180 Hz quality 340 Sep 17 11:25:39 romulus kernel: atrtc0: port 0x70-0x71 on acpi0 Sep 17 11:25:39 romulus kernel: Event timer "RTC" frequency 32768 Hz quality 0 Sep 17 11:25:39 romulus kernel: attimer0: port 0x40-0x43,0x50-0x53 on acpi0 Sep 17 11:25:39 romulus kernel: Timecounter "i8254" frequency 1193182 Hz quality 0 Sep 17 11:25:39 romulus kernel: Event timer "i8254" frequency 1193182 Hz quality 100 Sep 17 11:25:39 romulus kernel: Timecounter "ACPI-fast" frequency 3579545 Hz quality 900 Sep 17 11:25:39 romulus kernel: acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0 Sep 17 11:25:39 romulus kernel: pcib0: port 0xcf8-0xcff on acpi0 Sep 17 11:25:39 romulus kernel: pci0: on pcib0 Sep 17 11:25:39 romulus kernel: pcib1: irq 48 at device 1.0 on pci0 Sep 17 11:25:39 romulus kernel: pci1: on pcib1 Sep 17 11:25:39 romulus kernel: mps0: port 0x2000-0x20ff mem 0xd8240000-0xd824ffff,0xd8200000-0xd823ffff irq 48 at device 0.0 on pci1 Sep 17 11:25:39 romulus kernel: mps0: Firmware: 19.00.00.00, Driver: 20.00.00.00-fbsd Sep 17 11:25:39 romulus kernel: mps0: IOCCapabilities: 5285c Sep 17 11:25:39 romulus kernel: pcib2: irq 50 at device 3.0 on pci0 Sep 17 11:25:39 romulus kernel: pci2: on pcib2 Sep 17 11:25:39 romulus kernel: pcib3: irq 52 at device 5.0 on pci0 Sep 17 11:25:39 romulus kernel: pci3: on pcib3 Sep 17 11:25:39 romulus kernel: pcib4: irq 54 at device 7.0 on pci0 Sep 17 11:25:39 romulus kernel: pci4: on pcib4 Sep 17 11:25:39 romulus kernel: pcib5: irq 54 at device 0.0 on pci4 Sep 17 11:25:39 romulus kernel: pci5: on pcib5 Sep 17 11:25:39 romulus kernel: pcib6: irq 54 at device 0.0 on pci5 Sep 17 11:25:39 romulus kernel: pci6: on pcib6 Sep 17 11:25:39 romulus kernel: mfi0: port 0x3000-0x30ff mem 0xd8440000-0xd847ffff,0xd8400000-0xd843ffff irq 54 at device 0.0 on pci6 Sep 17 11:25:39 romulus kernel: mfi0: Using MSI Sep 17 11:25:39 romulus kernel: mfi0: Megaraid SAS driver Ver 4.23 Sep 17 11:25:39 romulus kernel: mfi0: FW MaxCmds = 1008, limiting to 128 Sep 17 11:25:39 romulus kernel: pcib7: at device 0.3 on pci4 Sep 17 11:25:39 romulus kernel: pci7: on pcib7 Sep 17 11:25:39 romulus kernel: pcib8: irq 56 at device 9.0 on pci0 Sep 17 11:25:39 romulus kernel: pci8: on pcib8 Sep 17 11:25:39 romulus kernel: igb0: port 0x4000-0x401f mem 0xd8540000-0xd855ffff,0xd8520000-0xd853ffff,0xd8500000-0xd8503fff irq 56 at device 0.0 on pci8 Sep 17 11:25:39 romulus kernel: igb0: Using MSIX interrupts with 5 vectors Sep 17 11:25:39 romulus kernel: igb0: Ethernet address: 00:30:48:ca:21:f6 Sep 17 11:25:39 romulus kernel: igb0: Bound queue 0 to cpu 0 Sep 17 11:25:39 romulus kernel: igb0: Bound queue 1 to cpu 1 Sep 17 11:25:39 romulus kernel: igb0: Bound queue 2 to cpu 2 Sep 17 11:25:39 romulus kernel: igb0: Bound queue 3 to cpu 3 Sep 17 11:25:39 romulus kernel: igb1: port 0x4020-0x403f mem 0xd8580000-0xd859ffff,0xd8560000-0xd857ffff,0xd8504000-0xd8507fff irq 70 at device 0.1 on pci8 Sep 17 11:25:39 romulus kernel: igb1: Using MSIX interrupts with 5 vectors Sep 17 11:25:39 romulus kernel: igb1: Ethernet address: 00:30:48:ca:21:f7 Sep 17 11:25:39 romulus kernel: igb1: Bound queue 0 to cpu 4 Sep 17 11:25:39 romulus kernel: igb1: Bound queue 1 to cpu 5 Sep 17 11:25:39 romulus kernel: igb1: Bound queue 2 to cpu 6 Sep 17 11:25:39 romulus kernel: igb1: Bound queue 3 to cpu 7 Sep 17 11:25:39 romulus kernel: pcib9: irq 16 at device 28.0 on pci0 Sep 17 11:25:39 romulus kernel: pci9: on pcib9 Sep 17 11:25:39 romulus kernel: uhci0: port 0x1800-0x181f irq 20 at device 29.0 on pci0 Sep 17 11:25:39 romulus kernel: usbus0 on uhci0 Sep 17 11:25:39 romulus kernel: uhci1: port 0x1820-0x183f irq 21 at device 29.1 on pci0 Sep 17 11:25:39 romulus kernel: usbus1 on uhci1 Sep 17 11:25:39 romulus kernel: uhci2: port 0x1840-0x185f irq 22 at device 29.2 on pci0 Sep 17 11:25:39 romulus kernel: usbus2 on uhci2 Sep 17 11:25:39 romulus kernel: ehci0: mem 0xd8704000-0xd87043ff irq 23 at device 29.7 on pci0 Sep 17 11:25:39 romulus kernel: usbus3: EHCI version 1.0 Sep 17 11:25:39 romulus kernel: usbus3 on ehci0 Sep 17 11:25:39 romulus kernel: pcib10: at device 30.0 on pci0 Sep 17 11:25:39 romulus kernel: pci10: on pcib10 Sep 17 11:25:39 romulus kernel: vgapci0: port 0x5000-0x50ff mem 0xd0000000-0xd7ffffff,0xd8600000-0xd860ffff irq 18 at device 1.0 on pci10 Sep 17 11:25:39 romulus kernel: vgapci0: Boot video device Sep 17 11:25:39 romulus kernel: isab0: at device 31.0 on pci0 Sep 17 11:25:39 romulus kernel: isa0: on isab0 Sep 17 11:25:39 romulus kernel: atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x1860-0x186f at device 31.2 on pci0 Sep 17 11:25:39 romulus kernel: ata0: at channel 0 on atapci0 Sep 17 11:25:39 romulus kernel: ata1: at channel 1 on atapci0 Sep 17 11:25:39 romulus kernel: acpi_button0: on acpi0 Sep 17 11:25:39 romulus kernel: atkbdc0: port 0x60,0x64 irq 1 on acpi0 Sep 17 11:25:39 romulus kernel: atkbd0: irq 1 on atkbdc0 Sep 17 11:25:39 romulus kernel: kbd0 at atkbd0 Sep 17 11:25:39 romulus kernel: atkbd0: [GIANT-LOCKED] Sep 17 11:25:39 romulus kernel: uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 Sep 17 11:25:39 romulus kernel: uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0 Sep 17 11:25:39 romulus kernel: fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0 Sep 17 11:25:39 romulus kernel: orm0: at iomem 0xc0000-0xcafff on isa0 Sep 17 11:25:39 romulus kernel: sc0: at flags 0x100 on isa0 Sep 17 11:25:39 romulus kernel: sc0: VGA <16 virtual consoles, flags=0x300> Sep 17 11:25:39 romulus kernel: vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Sep 17 11:25:39 romulus kernel: ppc0: cannot reserve I/O port range Sep 17 11:25:39 romulus kernel: est0: on cpu0 Sep 17 11:25:39 romulus kernel: est: CPU supports Enhanced Speedstep, but is not recognized. Sep 17 11:25:39 romulus kernel: est: cpu_vendor GenuineIntel, msr 719071906000719 Sep 17 11:25:39 romulus kernel: device_attach: est0 attach returned 6 Sep 17 11:25:39 romulus kernel: est1: on cpu1 Sep 17 11:25:39 romulus kernel: est: CPU supports Enhanced Speedstep, but is not recognized. Sep 17 11:25:39 romulus kernel: est: cpu_vendor GenuineIntel, msr 719071906000719 Sep 17 11:25:39 romulus kernel: device_attach: est1 attach returned 6 Sep 17 11:25:39 romulus kernel: est2: on cpu2 Sep 17 11:25:39 romulus kernel: est: CPU supports Enhanced Speedstep, but is not recognized. Sep 17 11:25:39 romulus kernel: est: cpu_vendor GenuineIntel, msr 719071906000719 Sep 17 11:25:39 romulus kernel: device_attach: est2 attach returned 6 Sep 17 11:25:39 romulus kernel: est3: on cpu3 Sep 17 11:25:39 romulus kernel: est: CPU supports Enhanced Speedstep, but is not recognized. Sep 17 11:25:39 romulus kernel: est: cpu_vendor GenuineIntel, msr 719071906000719 Sep 17 11:25:39 romulus kernel: device_attach: est3 attach returned 6 Sep 17 11:25:39 romulus kernel: est4: on cpu4 Sep 17 11:25:39 romulus kernel: est: CPU supports Enhanced Speedstep, but is not recognized. Sep 17 11:25:39 romulus kernel: est: cpu_vendor GenuineIntel, msr 719071906000719 Sep 17 11:25:39 romulus kernel: device_attach: est4 attach returned 6 Sep 17 11:25:39 romulus kernel: est5: on cpu5 Sep 17 11:25:39 romulus kernel: est: CPU supports Enhanced Speedstep, but is not recognized. Sep 17 11:25:39 romulus kernel: est: cpu_vendor GenuineIntel, msr 719071906000719 Sep 17 11:25:39 romulus kernel: device_attach: est5 attach returned 6 Sep 17 11:25:39 romulus kernel: est6: on cpu6 Sep 17 11:25:39 romulus kernel: est: CPU supports Enhanced Speedstep, but is not recognized. Sep 17 11:25:39 romulus kernel: est: cpu_vendor GenuineIntel, msr 719071906000719 Sep 17 11:25:39 romulus kernel: device_attach: est6 attach returned 6 Sep 17 11:25:39 romulus kernel: est7: on cpu7 Sep 17 11:25:39 romulus kernel: est: CPU supports Enhanced Speedstep, but is not recognized. Sep 17 11:25:39 romulus kernel: est: cpu_vendor GenuineIntel, msr 719071906000719 Sep 17 11:25:39 romulus kernel: device_attach: est7 attach returned 6 Sep 17 11:25:39 romulus kernel: mfi0: 200232 (495457679s/0x0020/info) - Shutdown command received from host Sep 17 11:25:39 romulus kernel: mfi0: 200233 (boot + 3s/0x0020/info) - Firmware initialization started (PCI ID 0060/1000/1006/1000) Sep 17 11:25:39 romulus kernel: mfi0: 200234 (boot + 3s/0x0020/info) - Firmware version 1.40.342-1650 Sep 17 11:25:39 romulus kernel: mfi0: 200235 (boot + 4s/0x0008/info) - Battery Present Sep 17 11:25:39 romulus kernel: mfi0: 200236 (boot + 5s/0x0020/info) - Board Revision Sep 17 11:25:39 romulus kernel: mfi0: 200237 (boot + 31s/0x0010/info) - Connector External B Port (loc=3 sasMux=0x0) is active Sep 17 11:25:39 romulus kernel: mfi0: 200238 (boot + 31s/0x0010/info) - Connector Int.Ports 4-7 (loc=2 sasMux=0x1) is active Sep 17 11:25:39 romulus kernel: mfi0: 200239 (boot + 31s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Sep 17 11:25:39 romulus kernel: mfi0: 200240 (boot + 31s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Info: enclPd=ffff, scsiType=0, portMap=04, sasAddr=2e327a7b9c92a5a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200241 (boot + 31s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Sep 17 11:25:39 romulus kernel: mfi0: 200242 (boot + 31s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Info: enclPd=ffff, scsiType=0, portMap=05, sasAddr=2c41917f8d8c88a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200243 (boot + 31s/0x0002/info) - Inserted: PD 20(e0xff/s32) Sep 17 11:25:39 romulus kernel: mfi0: 200244 (boot + 31s/0x0002/info) - Inserted: PD 20(e0xff/s32) Info: enclPd=ffff, scsiType=0, portMap=06, sasAddr=db373556649cb3bd,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200245 (boot + 31s/0x0002/info) - Inserted: PD 21(e0xff/s33) Sep 17 11:25:39 romulus kernel: mfi0: 200246 (boot + 31s/0x0002/info) - Inserted: PD 21(e0xff/s33) Info: enclPd=ffff, scsiType=0, portMap=07, sasAddr=db37355566a2b2b9,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200247 (495457736s/0x0020/info) - Time established as 09/13/15 11:08:56; (51 seconds since power on) Sep 17 11:25:39 romulus kernel: mfi0: 200248 (495457771s/0x0008/info) - Battery temperature is normal Sep 17 11:25:39 romulus kernel: mfi0: 200249 (495457771s/0x0008/info) - Battery relearn will start in 4 days Sep 17 11:25:39 romulus kernel: mfi0: 200250 (boot + 3s/0x0020/info) - Firmware initialization started (PCI ID 0060/1000/1006/1000) Sep 17 11:25:39 romulus kernel: mfi0: 200251 (boot + 3s/0x0020/info) - Firmware version 1.40.342-1650 Sep 17 11:25:39 romulus kernel: mfi0: 200252 (boot + 4s/0x0008/info) - Battery Present Sep 17 11:25:39 romulus kernel: mfi0: 200253 (boot + 5s/0x0020/info) - Board Revision Sep 17 11:25:39 romulus kernel: mfi0: 200254 (boot + 33s/0x0010/info) - Connector External B Port (loc=3 sasMux=0x0) is active Sep 17 11:25:39 romulus kernel: mfi0: 200255 (boot + 33s/0x0010/info) - Connector Int.Ports 4-7 (loc=2 sasMux=0x1) is active Sep 17 11:25:39 romulus kernel: mfi0: 200256 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Sep 17 11:25:39 romulus kernel: mfi0: 200257 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Info: enclPd=ffff, scsiType=0, portMap=04, sasAddr=2e327a7b9c92a5a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200258 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Sep 17 11:25:39 romulus kernel: mfi0: 200259 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Info: enclPd=ffff, scsiType=0, portMap=05, sasAddr=2c41917f8d8c88a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200260 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Sep 17 11:25:39 romulus kernel: mfi0: 200261 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Info: enclPd=ffff, scsiType=0, portMap=06, sasAddr=db373556649cb3bd,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200262 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Sep 17 11:25:39 romulus kernel: mfi0: 200263 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Info: enclPd=ffff, scsiType=0, portMap=07, sasAddr=db37355566a2b2b9,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200264 (495467062s/0x0020/info) - Time established as 09/13/15 13:44:22; (51 seconds since power on) Sep 17 11:25:39 romulus kernel: mfi0: 200265 (495467099s/0x0008/info) - Battery temperature is normal Sep 17 11:25:39 romulus kernel: mfi0: 200266 (495467099s/0x0008/info) - Battery relearn will start in 4 days Sep 17 11:25:39 romulus kernel: mfi0: 200267 (495525274s/0x0008/info) - Battery started charging Sep 17 11:25:39 romulus kernel: mfi0: 200268 (boot + 3s/0x0020/info) - Firmware initialization started (PCI ID 0060/1000/1006/1000) Sep 17 11:25:39 romulus kernel: mfi0: 200269 (boot + 3s/0x0020/info) - Firmware version 1.40.342-1650 Sep 17 11:25:39 romulus kernel: mfi0: 200270 (boot + 4s/0x0008/info) - Battery Present Sep 17 11:25:39 romulus kernel: mfi0: 200271 (boot + 5s/0x0020/info) - Board Revision Sep 17 11:25:39 romulus kernel: mfi0: 200272 (boot + 33s/0x0010/info) - Connector External B Port (loc=3 sasMux=0x0) is active Sep 17 11:25:39 romulus kernel: mfi0: 200273 (boot + 33s/0x0010/info) - Connector Int.Ports 4-7 (loc=2 sasMux=0x1) is active Sep 17 11:25:39 romulus kernel: mfi0: 200274 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Sep 17 11:25:39 romulus kernel: mfi0: 200275 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Info: enclPd=ffff, scsiType=0, portMap=04, sasAddr=2e327a7b9c92a5a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200276 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Sep 17 11:25:39 romulus kernel: mfi0: 200277 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Info: enclPd=ffff, scsiType=0, portMap=05, sasAddr=2c41917f8d8c88a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200278 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Sep 17 11:25:39 romulus kernel: mfi0: 200279 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Info: enclPd=ffff, scsiType=0, portMap=06, sasAddr=db373556649cb3bd,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200280 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Sep 17 11:25:39 romulus kernel: mfi0: 200281 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Info: enclPd=ffff, scsiType=0, portMap=07, sasAddr=db37355566a2b2b9,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200282 (boot + 43s/0x0020/info) - Cache data recovered successfully Sep 17 11:25:39 romulus kernel: mfi0: 200283 (495526581s/0x0020/info) - Time established as 09/14/15? 6:16:21; (49 seconds since power on) Sep 17 11:25:39 romulus kernel: mfi0: 200284 (495526620s/0x0008/info) - Battery started charging Sep 17 11:25:39 romulus kernel: mfi0: 200285 (495526620s/0x0008/info) - Battery temperature is normal Sep 17 11:25:39 romulus kernel: mfi0: 200286 (495526620s/0x0008/info) - Battery relearn will start in 4 days Sep 17 11:25:39 romulus kernel: mfi0: 200287 (495526685s/0x0008/info) - Battery charge complete Sep 17 11:25:39 romulus kernel: mfi0: 200288 (boot + 3s/0x0020/info) - Firmware initialization started (PCI ID 0060/1000/1006/1000) Sep 17 11:25:39 romulus kernel: mfi0: 200289 (boot + 3s/0x0020/info) - Firmware version 1.40.342-1650 Sep 17 11:25:39 romulus kernel: mfi0: 200290 (boot + 4s/0x0008/info) - Battery Present Sep 17 11:25:39 romulus kernel: mfi0: 200291 (boot + 5s/0x0020/info) - Board Revision Sep 17 11:25:39 romulus kernel: mfi0: 200292 (boot + 33s/0x0010/info) - Connector External B Port (loc=3 sasMux=0x0) is active Sep 17 11:25:39 romulus kernel: mfi0: 200293 (boot + 33s/0x0010/info) - Connector Int.Ports 4-7 (loc=2 sasMux=0x1) is active Sep 17 11:25:39 romulus kernel: mfi0: 200294 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Sep 17 11:25:39 romulus kernel: mfi0: 200295 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Info: enclPd=ffff, scsiType=0, portMap=04, sasAddr=2e327a7b9c92a5a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200296 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Sep 17 11:25:39 romulus kernel: mfi0: 200297 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Info: enclPd=ffff, scsiType=0, portMap=05, sasAddr=2c41917f8d8c88a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200298 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Sep 17 11:25:39 romulus kernel: mfi0: 200299 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Info: enclPd=ffff, scsiType=0, portMap=06, sasAddr=db373556649cb3bd,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200300 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Sep 17 11:25:39 romulus kernel: mfi0: 200301 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Info: enclPd=ffff, scsiType=0, portMap=07, sasAddr=db37355566a2b2b9,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200302 (495527955s/0x0020/info) - Time established as 09/14/15? 6:39:15; (51 seconds since power on) Sep 17 11:25:39 romulus kernel: mfi0: 200303 (495527992s/0x0008/info) - Battery temperature is normal Sep 17 11:25:39 romulus kernel: mfi0: 200304 (495527992s/0x0008/info) - Battery relearn will start in 4 days Sep 17 11:25:39 romulus kernel: mfi0: 200305 (boot + 3s/0x0020/info) - Firmware initialization started (PCI ID 0060/1000/1006/1000) Sep 17 11:25:39 romulus kernel: mfi0: 200306 (boot + 3s/0x0020/info) - Firmware version 1.40.342-1650 Sep 17 11:25:39 romulus kernel: mfi0: 200307 (boot + 4s/0x0008/info) - Battery Present Sep 17 11:25:39 romulus kernel: mfi0: 200308 (boot + 5s/0x0020/info) - Board Revision Sep 17 11:25:39 romulus kernel: mfi0: 200309 (boot + 33s/0x0010/info) - Connector External B Port (loc=3 sasMux=0x0) is active Sep 17 11:25:39 romulus kernel: mfi0: 200310 (boot + 33s/0x0010/info) - Connector Int.Ports 4-7 (loc=2 sasMux=0x1) is active Sep 17 11:25:39 romulus kernel: mfi0: 200311 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Sep 17 11:25:39 romulus kernel: mfi0: 200312 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Info: enclPd=ffff, scsiType=0, portMap=04, sasAddr=2e327a7b9c92a5a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200313 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Sep 17 11:25:39 romulus kernel: mfi0: 200314 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Info: enclPd=ffff, scsiType=0, portMap=05, sasAddr=2c41917f8d8c88a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200315 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Sep 17 11:25:39 romulus kernel: mfi0: 200316 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Info: enclPd=ffff, scsiType=0, portMap=06, sasAddr=db373556649cb3bd,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200317 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Sep 17 11:25:39 romulus kernel: mfi0: 200318 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Info: enclPd=ffff, scsiType=0, portMap=07, sasAddr=db37355566a2b2b9,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200319 (boot + 43s/0x0020/info) - Cache data recovered successfully Sep 17 11:25:39 romulus kernel: mfi0: 200320 (495531691s/0x0020/info) - Time established as 09/14/15? 7:41:31; (49 seconds since power on) Sep 17 11:25:39 romulus kernel: mfi0: 200321 (495531730s/0x0008/info) - Battery temperature is normal Sep 17 11:25:39 romulus kernel: mfi0: 200322 (495531730s/0x0008/info) - Battery relearn will start in 4 days Sep 17 11:25:39 romulus kernel: mfi0: 200323 (boot + 3s/0x0020/info) - Firmware initialization started (PCI ID 0060/1000/1006/1000) Sep 17 11:25:39 romulus kernel: mfi0: 200324 (boot + 3s/0x0020/info) - Firmware version 1.40.342-1650 Sep 17 11:25:39 romulus kernel: mfi0: 200325 (boot + 4s/0x0008/info) - Battery Present Sep 17 11:25:39 romulus kernel: mfi0: 200326 (boot + 5s/0x0020/info) - Board Revision Sep 17 11:25:39 romulus kernel: mfi0: 200327 (boot + 33s/0x0010/info) - Connector External B Port (loc=3 sasMux=0x0) is active Sep 17 11:25:39 romulus kernel: mfi0: 200328 (boot + 33s/0x0010/info) - Connector Int.Ports 4-7 (loc=2 sasMux=0x1) is active Sep 17 11:25:39 romulus kernel: mfi0: 200329 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Sep 17 11:25:39 romulus kernel: mfi0: 200330 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Info: enclPd=ffff, scsiType=0, portMap=04, sasAddr=2e327a7b9c92a5a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200331 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Sep 17 11:25:39 romulus kernel: mfi0: 200332 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Info: enclPd=ffff, scsiType=0, portMap=05, sasAddr=2c41917f8d8c88a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200333 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Sep 17 11:25:39 romulus kernel: mfi0: 200334 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Info: enclPd=ffff, scsiType=0, portMap=06, sasAddr=db373556649cb3bd,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200335 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Sep 17 11:25:39 romulus kernel: mfi0: 200336 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Info: enclPd=ffff, scsiType=0, portMap=07, sasAddr=db37355566a2b2b9,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200337 (boot + 44s/0x0020/info) - Cache data recovered successfully Sep 17 11:25:39 romulus kernel: mfi0: 200338 (495539802s/0x0020/info) - Time established as 09/14/15? 9:56:42; (50 seconds since power on) Sep 17 11:25:39 romulus kernel: mfi0: 200339 (495539840s/0x0008/info) - Battery temperature is normal Sep 17 11:25:39 romulus kernel: mfi0: 200340 (495539840s/0x0008/info) - Battery relearn will start in 4 days Sep 17 11:25:39 romulus kernel: mfi0: 200341 (495614135s/0x0008/info) - Battery relearn will start in 2 day Sep 17 11:25:39 romulus kernel: mfi0: 200342 (495700520s/0x0008/info) - Battery relearn will start in 1 day Sep 17 11:25:39 romulus kernel: mfi0: 200343 (495763895s/0x0008/info) - Battery started charging Sep 17 11:25:39 romulus kernel: mfi0: 200344 (495765390s/0x0008/info) - Battery charge complete Sep 17 11:25:39 romulus kernel: mfi0: 200345 (495768900s/0x0008/info) - Battery relearn will start in 5 hours Sep 17 11:25:39 romulus kernel: mfi0: 200346 (495786970s/0x0008/info) - Battery relearn pending: Battery is under charge Sep 17 11:25:39 romulus kernel: mfi0: 200347 (495786970s/0x0008/info) - Battery relearn started Sep 17 11:25:39 romulus kernel: mfi0: 200348 (495786970s/0x0008/WARN) - BBU disabled; changing WB virtual disks to WT, Forced WB VDs are not affected Sep 17 11:25:39 romulus kernel: mfi0: 200349 (495786970s/0x0001/info) - Policy change on VD 00/0 to [ID=00,dcp=01,ccp=00,ap=0,dc=2,dbgi=0] from [ID=00,dcp=01,ccp=01,ap=0,dc=2,dbgi=0] Sep 17 11:25:39 romulus kernel: mfi0: 200350 (495786970s/0x0001/info) - Policy change on VD 01/1 to [ID=01,dcp=01,ccp=00,ap=0,dc=1,dbgi=0] from [ID=01,dcp=01,ccp=01,ap=0,dc=1,dbgi=0] Sep 17 11:25:39 romulus kernel: mfi0: 200351 (495787035s/0x0008/info) - Battery is discharging Sep 17 11:25:39 romulus kernel: mfi0: 200352 (495787035s/0x0008/info) - Battery relearn in progress Sep 17 11:25:39 romulus kernel: mfi0: 200353 (495794965s/0x0008/info) - Battery relearn completed Sep 17 11:25:39 romulus kernel: mfi0: 200354 (495795030s/0x0008/info) - Battery started charging Sep 17 11:25:39 romulus kernel: mfi0: 200355 (boot + 3s/0x0020/info) - Firmware initialization started (PCI ID 0060/1000/1006/1000) Sep 17 11:25:39 romulus kernel: mfi0: 200356 (boot + 3s/0x0020/info) - Firmware version 1.40.342-1650 Sep 17 11:25:39 romulus kernel: mfi0: 200357 (boot + 4s/0x0008/info) - Battery Present Sep 17 11:25:39 romulus kernel: mfi0: 200358 (boot + 5s/0x0020/info) - Board Revision Sep 17 11:25:39 romulus kernel: mfi0: 200359 (boot + 33s/0x0010/info) - Connector External B Port (loc=3 sasMux=0x0) is active Sep 17 11:25:39 romulus kernel: mfi0: 200360 (boot + 33s/0x0010/info) - Connector Int.Ports 4-7 (loc=2 sasMux=0x1) is active Sep 17 11:25:39 romulus kernel: mfi0: 200361 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Sep 17 11:25:39 romulus kernel: mfi0: 200362 (boot + 33s/0x0002/info) - Inserted: PD 1e(e0xff/s30) Info: enclPd=ffff, scsiType=0, portMap=04, sasAddr=2e327a7b9c92a5a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200363 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Sep 17 11:25:39 romulus kernel: mfi0: 200364 (boot + 33s/0x0002/info) - Inserted: PD 1f(e0xff/s31) Info: enclPd=ffff, scsiType=0, portMap=05, sasAddr=2c41917f8d8c88a2,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200365 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Sep 17 11:25:39 romulus kernel: mfi0: 200366 (boot + 33s/0x0002/info) - Inserted: PD 20(e0xff/s32) Info: enclPd=ffff, scsiType=0, portMap=06, sasAddr=db373556649cb3bd,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200367 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Sep 17 11:25:39 romulus kernel: mfi0: 200368 (boot + 33s/0x0002/info) - Inserted: PD 21(e0xff/s33) Info: enclPd=ffff, scsiType=0, portMap=07, sasAddr=db37355566a2b2b9,0000000000000000 Sep 17 11:25:39 romulus kernel: mfi0: 200369 (495804262s/0x0020/info) - Time established as 09/17/15 11:24:22; (51 seconds since power on) Sep 17 11:25:39 romulus kernel: mfi0: 200370 (495804299s/0x0008/info) - Battery started charging Sep 17 11:25:39 romulus kernel: mfi0: 200371 (495804299s/0x0008/info) - Battery temperature is normal Sep 17 11:25:39 romulus kernel: mfi0: 200372 (495804299s/0x0008/WARN) - BBU disabled; changing WB virtual disks to WT, Forced WB VDs are not affected Sep 17 11:25:39 romulus kernel: mfi0: 200373 (495804299s/0x0001/info) - Policy change on VD 00/0 to [ID=00,dcp=01,ccp=00,ap=0,dc=2,dbgi=0] from [ID=00,dcp=01,ccp=01,ap=0,dc=2,dbgi=0] Sep 17 11:25:39 romulus kernel: mfi0: 200374 (495804299s/0x0001/info) - Policy change on VD 01/1 to [ID=01,dcp=01,ccp=00,ap=0,dc=1,dbgi=0] from [ID=01,dcp=01,ccp=01,ap=0,dc=1,dbgi=0] Sep 17 11:25:39 romulus kernel: random: unblocking device. Sep 17 11:25:39 romulus kernel: usbus0: 12Mbps Full Speed USB v1.0 Sep 17 11:25:39 romulus kernel: Timecounters tick every 1.000 msec Sep 17 11:25:39 romulus kernel: usbus1: 12Mbps Full Speed USB v1.0 Sep 17 11:25:39 romulus kernel: usbus2: 12Mbps Full Speed USB v1.0 Sep 17 11:25:39 romulus kernel: usbus3: 480Mbps High Speed USB v2.0 Sep 17 11:25:39 romulus kernel: ugen1.1: at usbus1 Sep 17 11:25:39 romulus kernel: uhub0: on usbus1 Sep 17 11:25:39 romulus kernel: ugen0.1: at usbus0 Sep 17 11:25:39 romulus kernel: uhub1: on usbus0 Sep 17 11:25:39 romulus kernel: ugen3.1: at usbus3 Sep 17 11:25:39 romulus kernel: uhub2: on usbus3 Sep 17 11:25:39 romulus kernel: ugen2.1: at usbus2 Sep 17 11:25:39 romulus kernel: uhub3: on usbus2 Sep 17 11:25:39 romulus kernel: mfid0 on mfi0 Sep 17 11:25:39 romulus kernel: mfid0: 475136MB (973078528 sectors) RAID volume (no label) is optimal Sep 17 11:25:39 romulus kernel: mfid1 on mfi0 Sep 17 11:25:39 romulus kernel: mfid1: 59392MB (121634816 sectors) RAID volume (no label) is optimal Sep 17 11:25:39 romulus kernel: uhub0: 2 ports with 2 removable, self powered Sep 17 11:25:39 romulus kernel: uhub1: 2 ports with 2 removable, self powered Sep 17 11:25:39 romulus kernel: uhub3: 2 ports with 2 removable, self powered Sep 17 11:25:39 romulus kernel: mps0: SAS Address for SATA device = 6f8376497abfc6b5 Sep 17 11:25:39 romulus kernel: mps0: SAS Address for SATA device = 6f8376567bc1d3c3 Sep 17 11:25:39 romulus kernel: mps0: SAS Address for SATA device = 6f8376528dc0d1c0 Sep 17 11:25:39 romulus kernel: mps0: SAS Address from SATA device = 6f8376497abfc6b5 Sep 17 11:25:39 romulus kernel: mps0: SAS Address from SATA device = 6f8376567bc1d3c3 Sep 17 11:25:39 romulus kernel: mps0: SAS Address from SATA device = 6f8376528dc0d1c0 Sep 17 11:25:39 romulus kernel: da0 at mps0 bus 0 scbus0 target 0 lun 0 Sep 17 11:25:39 romulus kernel: da1 at mps0 bus 0 scbus0 target 1 lun 0 Sep 17 11:25:39 romulus kernel: da1: Fixed Direct Access SPC-4 SCSI device Sep 17 11:25:39 romulus kernel: da0: Fixed Direct Access SPC-4 SCSI device Sep 17 11:25:39 romulus kernel: da0: Serial Number???????? 14170C183476 Sep 17 11:25:39 romulus kernel: da0: 600.000MB/s transfers Sep 17 11:25:39 romulus kernel: da0: Command Queueing enabled Sep 17 11:25:39 romulus kernel: da0: 488386MB (1000215216 512 byte sectors: 255H 63S/T 62260C) Sep 17 11:25:39 romulus kernel: da2 at mps0 bus 0 scbus0 target 2 lun 0 Sep 17 11:25:39 romulus kernel: da1: Serial Number???????? 14080C1E46EC Sep 17 11:25:39 romulus kernel: da1: 600.000MB/s transfers Sep 17 11:25:39 romulus kernel: da1: Command Queueing enabled Sep 17 11:25:39 romulus kernel: da1: 488386MB (1000215216 512 byte sectors: 255H 63S/T 62260C) Sep 17 11:25:39 romulus kernel: da2: Fixed Direct Access SPC-4 SCSI device Sep 17 11:25:39 romulus kernel: da2: Serial Number???????? 14170C1AF5BA Sep 17 11:25:39 romulus kernel: da2: 600.000MB/s transfers Sep 17 11:25:39 romulus kernel: da2: Command Queueing enabled Sep 17 11:25:39 romulus kernel: da2: 488386MB (1000215216 512 byte sectors: 255H 63S/T 62260C) Sep 17 11:25:39 romulus kernel: ada0 at ata0 bus 0 scbus1 target 0 lun 0 Sep 17 11:25:39 romulus kernel: ada0: ACS-2 ATA SATA 3.x device Sep 17 11:25:39 romulus kernel: ada0: Serial Number B976030532 Sep 17 11:25:39 romulus kernel: ada0: 150.000MB/s transfers (SATA, UDMA5, PIO 1024bytes) Sep 17 11:25:39 romulus kernel: ada0: 30533MB (62533296 512 byte sectors: 16H 63S/T 16383C) Sep 17 11:25:39 romulus kernel: ada0: Previously was known as ad0 Sep 17 11:25:39 romulus kernel: SMP: AP CPU #2 Launched! Sep 17 11:25:39 romulus kernel: SMP: AP CPU #6 Launched! Sep 17 11:25:39 romulus kernel: SMP: AP CPU #4 Launched! Sep 17 11:25:39 romulus kernel: SMP: AP CPU #1 Launched! Sep 17 11:25:39 romulus kernel: SMP: AP CPU #3 Launched! Sep 17 11:25:39 romulus kernel: SMP: AP CPU #7 Launched! Sep 17 11:25:39 romulus kernel: SMP: AP CPU #5 Launched! Sep 17 11:25:39 romulus kernel: Timecounter "TSC-low" frequency 1400075561 Hz quality 1000 Sep 17 11:25:39 romulus kernel: Root mount waiting for: usbus3 Sep 17 11:25:39 romulus kernel: uhub2: 6 ports with 6 removable, self powered Sep 17 11:25:39 romulus kernel: Trying to mount root from ufs:/dev/mfid0p2 [rw]... Sep 17 11:25:39 romulus kernel: WARNING: / was not properly dismounted Sep 17 11:25:39 romulus kernel: WARNING: /: mount pending error: blocks 8 files 1 Sep 17 11:25:39 romulus kernel: ZFS filesystem version: 5 Sep 17 11:25:39 romulus kernel: ZFS storage pool version: features support (5000) Quoting Rick Romero : > Ok, > > So this is really more of an observation than anything else.? > > I had a FreeBSD 10.1 server that was running great. Some SSL issue came > up, > or I upgrade Dovecot in ports - something occurred and the machine started > rebooting randomly.? It would run for 2 weeks, then reboot.? It might run > for 5 days and then reboot. So I started doing more FreeBSD upgrades, > thinking it was a kernel issue. The reboots only increased.? > > This weekend I started thinking I might actually be having hardware > issues.? But, since I don't have easy physical access to the box and it's > REALLY under loaded, I figured what the hell and upraded to 10.2 on > Sunday.? I think it rebooted 4 times after that on Sunday, and then > another 2 times Monday morning.? > > Its worth noting that while I have crash dumps enabled, they don't seem to > be occurring.? So hardware is still a possibility. > > After the 2nd Monday morning reboot, I started to wonder if there was some > sort of process issue.? Besides the OS upgrades - I had been monitoring > the Dovecot logs for when the process limits are reached, and increasing > them.? It's a 'big' box, and load is typically between .30 and .50. CPUs > aren't overtaxed, and most of the memory is dedicated to ZFS.? The reboots > are so short, I've only received one 'down' alert due to them. So it's a > conerning issue, but not really impacting production. > > On a whim I changed my default_vsz_limit (as I had been increasing every > other limit but that) from 384M to 512M.? The system hasn't rebooted in > 24hours. > > Now that could be a coincidence, but I thought I'd at least put it out > there. > > If you see anything weird in my dovecot config, let me know - My config > was > originally vpopmail, but over time I've migrated to SQL-only. > > root at romulus:/usr/local/etc/dovecot # dovecot -n > # 2.2.18: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 10.2-RELEASE amd64 > auth_master_user_separator = * > auth_mechanisms = plain login > auth_username_translation = %@ > auth_verbose = yes > default_login_user = dovecot > default_vsz_limit = 512 M > disable_plaintext_auth = no > first_valid_gid = 89 > first_valid_uid = 89 > last_valid_gid = 89 > last_valid_uid = 89 > log_path = /dev/stderr > login_greeting = Ready. > login_trusted_networks = 172.16.100.0/24 > mail_fsync = never > mail_plugins = " quota zlib stats" > mail_privileged_group = mail > namespace compat { > ? alias_for = > ? hidden = yes > ? inbox = no > ? list = no > ? location = > ? prefix = INBOX. > ? separator = . > } > namespace inbox { > ? inbox = yes > ? location = > ? prefix = > ? separator = . > } > passdb { > ? args = /usr/local/etc/dovecot/dovecot-master-sql.conf > ? driver = sql > ? master = yes > ? pass = yes > } > passdb { > ? args = /usr/local/etc/dovecot/dovecot-sql.conf > ? driver = sql > } > plugin { > ? quota = maildir > ? quota_rule = Trash:storage=+10%% > ? stats_refresh = 30 secs > ? stats_track_cmds = yes > } > protocols = imap pop3 > service anvil { > ? client_limit = 3175 > } > service auth { > ? client_limit = 3684 > ? unix_listener auth-master { > ??? mode = 0600 > ? } > } > service imap-login { > ? process_limit = 1536 > ? process_min_avail = 25 > ? service_count = 1 > } > service imap-postlogin { > ? executable = script-login rawlog /usr/local/etc/dovecot/lastauth-imap.sh > ? user = vpopmail > } > service imap { > ? executable = /usr/local/libexec/dovecot/imap imap-postlogin > ? process_limit = 1536 > } > service pop-postlogin { > ? executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh > ? user = vpopmail > } > service pop3-login { > ? process_limit = 1536 > ? process_min_avail = 15 > ? service_count = 1 > } > service pop3 { > ? executable = /usr/local/libexec/dovecot/pop3 pop-postlogin > } > service stats { > ? fifo_listener stats-mail { > ??? mode = 0600 > ??? user = vpopmail > ? } > } > shutdown_clients = no > ssl_cert = ssl_key = ssl_key_password = na > userdb { > ? driver = prefetch > } > verbose_proctitle = yes > protocol imap { > ? imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > ? mail_max_userip_connections = 100 > ? mail_plugins = " quota zlib stats imap_zlib quota imap_quota" > } > protocol pop3 { > ? mail_max_userip_connections = 100 > ? mail_plugins = quota > ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > ? pop3_uidl_format = %08Xu%08Xv} From tss at iki.fi Thu Sep 24 18:58:20 2015 From: tss at iki.fi (Timo Sirainen) Date: Thu, 24 Sep 2015 21:58:20 +0300 Subject: FreeBSD 10 & default_vsz_limit causing reboots? In-Reply-To: <20150924082605.Horde.elRR0JKiZI2HgqVuUYd5UQ1@www.vfemail.net> References: <20150924082605.Horde.elRR0JKiZI2HgqVuUYd5UQ1@www.vfemail.net> Message-ID: <251A47F9-5E10-4589-895C-0C13885E2A94@iki.fi> On 24 Sep 2015, at 16:26, Rick Romero wrote: > > Update. Only a single reboot has occurred since changing > defalt_vsz_limit from 384M to 512M. It would seem that something the > users are doing is causing that virtual memory size to be exceeded > (possibly a mailbox search?), and when that occurs Dovecot/FreeBSD is not > handling the event as smoothly as expected. I could maybe understand that a system might reboot in some conditions when it runs out of memory, but you're doing the exact opposite of avoiding that by increasing the vsz limit. It just means that the system is potentially going to use even more memory. And wouldn't FreeBSD have something similar to Linux's out-of-memory killer? I think either your hardware is broken or FreeBSD has some serious bug, and a hardware problem seems more likely to me. From rick at havokmon.com Thu Sep 24 19:36:45 2015 From: rick at havokmon.com (Rick Romero) Date: Thu, 24 Sep 2015 14:36:45 -0500 Subject: FreeBSD 10 & default_vsz_limit causing reboots? In-Reply-To: <251A47F9-5E10-4589-895C-0C13885E2A94@iki.fi> References: <20150924082605.Horde.elRR0JKiZI2HgqVuUYd5UQ1@www.vfemail.net> <251A47F9-5E10-4589-895C-0C13885E2A94@iki.fi> Message-ID: <20150924143645.Horde.5Yj7QTSEifSCiWxJKwJcjw9@www.vfemail.net> Quoting Timo Sirainen : > On 24 Sep 2015, at 16:26, Rick Romero wrote: >> Update.? Only a single reboot has occurred since changing >> defalt_vsz_limit from 384M to 512M.? It would seem that something the >> users are doing is causing that virtual memory size to be exceeded >> (possibly a mailbox search?), and when that occurs Dovecot/FreeBSD is not >> handling the event as smoothly as expected. > > I could maybe understand that a system might reboot in some conditions > when it runs out of memory, but you're doing the exact opposite of > avoiding that by increasing the vsz limit. It just means that the system > is potentially going to use even more memory. And wouldn't FreeBSD have > something similar to Linux's out-of-memory killer? > I think either your hardware is broken or FreeBSD has some serious bug, > and a hardware problem seems more likely to me. I was thinking along the lines of the process kill handling (? I don't know what actually occurs when the limit is reached - I'm assuming a thread is terminated) was triggering something odd in FreeBSD. Activity/Usage has increased with the frequency of reboots, at least until I changed that parameter. User acitivty is the same, reboots have decreased dramatically (Just 1 since the change 9/14).? While I wouldn't rule it out, it seems to me that it's less likely to be a hardware problem if I've simply provided MORE memory to a process (or set of processes) to avoid the issue... This is my current 'top' output.? It's not that the system is actually running low on memory, so I had no heisitation increasing the vsz limit. last pid: 59072;? load averages:? 0.30,? 0.29,? 0.32?????????????????????????????????????????????????????????? up 7+03:02:34? 14:27:59 1265 processes:1 running, 1264 sleeping CPU:? 2.6% user,? 0.0% nice,? 1.4% system,? 0.2% interrupt, 95.9% idle Mem: 3326M Active, 2210M Inact, 25G Wired, 8828K Cache, 1655M Buf, 1000M Free ARC: 20G Total, 14G MFU, 4646M MRU, 3845K Anon, 621M Header, 1216M Other Swap: 4096M Total, 4096M Free Now, it's entirely possible that the user(s) who were eating all my server resources stopped using the system at the same time I increased the vsz limit, but that seems unlikely. I'm leaning towards a FreeBSD issue of some sort - but I thought this might be a more approprate place as I have no hard data, I'm not sure what other software might use a similar vsz limit process/check that could trigger the oddity, and I just wanted it documented somewhere. :) ?? Rick From tss at iki.fi Thu Sep 24 19:42:33 2015 From: tss at iki.fi (Timo Sirainen) Date: Thu, 24 Sep 2015 22:42:33 +0300 Subject: FreeBSD 10 & default_vsz_limit causing reboots? In-Reply-To: <20150924143645.Horde.5Yj7QTSEifSCiWxJKwJcjw9@www.vfemail.net> References: <20150924082605.Horde.elRR0JKiZI2HgqVuUYd5UQ1@www.vfemail.net> <251A47F9-5E10-4589-895C-0C13885E2A94@iki.fi> <20150924143645.Horde.5Yj7QTSEifSCiWxJKwJcjw9@www.vfemail.net> Message-ID: On 24 Sep 2015, at 22:36, Rick Romero wrote: > > Quoting Timo Sirainen >: > >> On 24 Sep 2015, at 16:26, Rick Romero > wrote: >> >>> Update. Only a single reboot has occurred since changing >>> defalt_vsz_limit from 384M to 512M. It would seem that something the >>> users are doing is causing that virtual memory size to be exceeded >>> (possibly a mailbox search?), and when that occurs Dovecot/FreeBSD is not >>> handling the event as smoothly as expected. >>> >> I could maybe understand that a system might reboot in some conditions when it runs out of memory, but you're doing the exact opposite of avoiding that by increasing the vsz limit. It just means that the system is potentially going to use even more memory. And wouldn't FreeBSD have something similar to Linux's out-of-memory killer? >> I think either your hardware is broken or FreeBSD has some serious bug, and a hardware problem seems more likely to me. > > I was thinking along the lines of the process kill handling (? I don't know what actually occurs when the limit is reached - I'm assuming a thread is terminated) was triggering something odd in FreeBSD. > Yeah. That would fit into the "serious FreeBSD bug" category. If a limit is reached, kernel is supposed to send SIGKILL to the process. From stephan at rename-it.nl Thu Sep 24 21:56:48 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 24 Sep 2015 23:56:48 +0200 Subject: Released Pigeonhole v0.4.9.rc1 for Dovecot v2.2.19.rc1 Message-ID: <560471A0.9040401@rename-it.nl> Hello Dovecot users, Here's the Pigeonhole RC that goes with the Dovecot RC. Changelog v0.4.9.rc1: * Properly implemented checking of ABI version for Sieve interpreter plugins, much like Dovecot itself does for plugins. This will prevent plugin ABI mismatches. + Implemented a vnd.dovecot.environment extension. This builds upon the standard environment extension and adds a few more environment items, such as username and default mailbox. It also creates a variables namespace so that environment items can be accessed directly. I am still thinking about more environment items that can be added. + Sieve extprograms plugin: Made line endings of the input passed to the external programs configurable. This can be configured separately for each of the three extensions. + ManageSieve: Implemented proxy XCLIENT support. This allows the proxy to pass client information to the back-end. - ManageSieve: Fixed an assert failure occurring when a client disconnects during the GETSCRIPT command. - doveadm sieve plugin: Fixed incorrect initialization of mail user. This caused a few memory leaks. - sieve-filter command line tool: Fixed handling of failure-related implicit keep when there is an explicit default destination folder. This caused message duplication. - lib-sieve: Fixed bug in RFC5322 header folding. Words longer than the optimal line length caused empty lines in the output, which would break the resulting message header. This surfaced in References: headers with very long message IDs. The release is available as follows: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.9.rc1.tar.gz http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.9.rc1.tar.gz.sig Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for more information. Have fun testing this new release and don't hesitate to notify me when there are any problems. Regards, -- Stephan Bosch stephan at rename-it.nl From skdovecot at smail.inf.fh-brs.de Fri Sep 25 05:37:42 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 25 Sep 2015 07:37:42 +0200 (CEST) Subject: dovecot --hostdomain issue In-Reply-To: <201509241731.t8OHVro02294@www.outputservices.com> References: <201509241731.t8OHVro02294@www.outputservices.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 24 Sep 2015, dovecot at outputservices.com wrote: > I am on a server I called "email. > > But dovecot says i am on sunfire.outputservices.com > > ------------------------------------ > dovecot --hostdomain > sunfire.outputservices.com > ------------------------------------ > > I would like to at least get it to say email.outputservices.com. But what I really want it to say is posta.outputservices.com. > > First where does --hostdomain get it's information so I can clear that up? > > Then how can I get it to identify as posta.outputservices.com? http://hg.dovecot.org/dovecot-2.2/file/8183663ad7c0/src/lib/hostpid.c At the end. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVgTdpnz1H7kL/d9rAQK0IAf+OTaBGNv4Jbg9nqUjW+2StNgGNZz3WTNo G6xhywH7/GeFjdXEywdgf3If7AMgI67SBS8pvFPnlon+OJqe9Kp6gaYqT7C4InFR o9EleynZLg9Dsr/DpUedu2XKFKe4orKPr+F0T0o9SaMrC/zPfZ0oaegSNFNEzFTB 7atvFzT+RxSqd6Rki2UxHt3i0WuaaRmZABg4nsIsomGJ36I7RlkNq/+IEqxPyogi l8kTstkb/I+jgjzkeghE/LFEod793yAhbrPzce0eJ51t42jY26pqsoxLgkudvPC8 eaFDKs4YWENSEHfIKa5dNYvIlLfYU1D1w5mJE6LgM2sM9lmlXN1+bQ== =k2Su -----END PGP SIGNATURE----- From flint42 at gmail.com Fri Sep 25 06:48:27 2015 From: flint42 at gmail.com (Jean-Baptiste Vignaud) Date: Fri, 25 Sep 2015 08:48:27 +0200 Subject: v2.2.19 release candidate released In-Reply-To: <56042486.2080206@iki.fi> References: <364E1C97-46A4-4745-BBDF-ED0DB4BFC446@iki.fi> <56041FF5.5010105@iki.fi> <56042486.2080206@iki.fi> Message-ID: On Thu, Sep 24, 2015 at 6:27 PM, Timo Sirainen wrote: > On 09/24/2015 07:08 PM, Timo Sirainen wrote: > > On 09/24/2015 09:23 AM, Jean-Baptiste Vignaud wrote: > >> Hello; > >> > >> Some issue with virtual storage and fts-lucene: > >> > >> Sep 24 08:12:16 imap(jbv00 at x xx): Panic: file > >> virtual-storage.c: line 370 (virtual_backend_box_close): assertion > failed: > >> (mbox->backends_open_count > 0) > > > > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/4b5b8e6a4a32 > > > > Although I think this code can now cause a lot of mailboxes to be opened > > again if the search result is found from all the mailboxes. So probably > > needs some more work. > > After a bit more testing, it looks like it would happen for all the > searches regardless of the results. So, implemented it using another > method that should always work: > http://hg.dovecot.org/dovecot-2.2/rev/055d1e2d894c > Problem fixed; thanks ! JB From pawel.grzesik at gmail.com Fri Sep 25 09:51:02 2015 From: pawel.grzesik at gmail.com (=?UTF-8?Q?Pawe=C5=82_Grzesik?=) Date: Fri, 25 Sep 2015 10:51:02 +0100 Subject: Sieve - multiple cores/CPUs Message-ID: Hi All, I have a quick question about the Sieve in Dovecot. I know that this is a plugin so probably it depends on the Dovecot itself but: is it able to use multiple cores/CPUs when doing the filtering? does the filtering for each mail user run on a separate core? Thanks, Pawel From wrosenauer at gmail.com Fri Sep 25 11:03:18 2015 From: wrosenauer at gmail.com (Wolfgang Rosenauer) Date: Fri, 25 Sep 2015 13:03:18 +0200 Subject: Cyrus mailbox (plain files) to Dovecot Message-ID: Hi, I'm migrating from a Cyrus to a Dovecot installation right now. As part of it I've got plain Cyrus mailboxes (w/o real metadata; so to say I've got the /var/spool/imap/user part but not the /var/lib/imap/user one)). Those former mailboxes I want to provide under a public namespace via ACLs. The question I cannot answer right now is: How can I convert these plain mailboxes on a FS level to maildir++ so I can provide them as public mailboxes on the new system? The tools I have found require a valid/complete cyrus mailbox. (I don't really care about message flags etc). Thanks, Wolfgang From miloslav.hula at gmail.com Fri Sep 25 11:51:57 2015 From: miloslav.hula at gmail.com (=?UTF-8?Q?Miloslav_H=c5=afla?=) Date: Fri, 25 Sep 2015 13:51:57 +0200 Subject: Cyrus mailbox (plain files) to Dovecot In-Reply-To: References: Message-ID: <5605355D.8040802@gmail.com> Hi, the simplest way is to create cur/new/tmp folders for every mailbox and copy all mailfiles into new folder. Dovecot will create all other files like 'dovecot-uidlist' automatically. You may get some warnings. All emails will be marked as new ones and all will be redownloaded. Milo Dne 25.9.2015 v 13:03 Wolfgang Rosenauer napsal(a): > I'm migrating from a Cyrus to a Dovecot installation right now. As part of > it I've got plain Cyrus mailboxes (w/o real metadata; so to say I've got > the /var/spool/imap/user part but not the /var/lib/imap/user one)). > Those former mailboxes I want to provide under a public namespace via ACLs. > The question I cannot answer right now is: > How can I convert these plain mailboxes on a FS level to maildir++ so I can > provide them as public mailboxes on the new system? The tools I have found > require a valid/complete cyrus mailbox. (I don't really care about message > flags etc). From skdovecot at smail.inf.fh-brs.de Fri Sep 25 12:38:53 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 25 Sep 2015 14:38:53 +0200 (CEST) Subject: Sieve - multiple cores/CPUs In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Sep 2015, Pawe? Grzesik wrote: > I have a quick question about the Sieve in Dovecot. I know that this is a > plugin so probably it depends on the Dovecot itself but: > > is it able to use multiple cores/CPUs when doing the filtering? does the > filtering for each mail user run on a separate core? When a message is deliviered, a new process is forked. So, yes, if there are multiple simultaneously deliviered messages, multiple cores are used. But no, for one particular message the process uses just one core. But I suppose, that this does not answer your question? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVgVAXXz1H7kL/d9rAQJzyAgAjd7HRwcR37fXxkBc5CMGplMONmctsOtf 8Iy71llY/qzQEfcyQwzqX51ZanM5FlJo69IuByUSpLsLZ4xEHZFfTyVYznhq+1fX 8nJx1YjPMGJZsWDqKCzjkDqMhMIZZe/GO9RzA3EUAzh1MZ5JYXoTBWyayrMoEhXY 6gzx3Wig4ySASTg2H/Dau/8Q46BVbQnKGk1Fw49mnwMP3HGMDQC3Ycky6SI4U0Bz DwtgH2jAPv27p7GElg3tY78IHVQKsCkCYiiJCnHJIwzKbBE2Fz7YlUgifWQgqYW5 8mUONtHZ01Omkvkt9pvCV/owtRIsJkfHgBMkHoFGRyWujY/sR2mm0A== =DEb0 -----END PGP SIGNATURE----- From Kind at adm.uib.no Fri Sep 25 14:56:50 2015 From: Kind at adm.uib.no (Hans Morten Kind) Date: Fri, 25 Sep 2015 16:56:50 +0200 Subject: object storage In-Reply-To: <33D6AB95-7DD0-4385-B001-4A659F4A6F67@iki.fi> References: <33D6AB95-7DD0-4385-B001-4A659F4A6F67@iki.fi> Message-ID: <20150925145650.GA20178@alf.uib.no> On Tue, Sep 15, 2015 at 12:31:25PM +0900, Timo Sirainen wrote: > On 12 Sep 2015, at 04:45, Bradley Giesbrecht wrote: > > > > Is the Dovecot Object Storage plugin still available for purchase? > > > > It's available, but at least for now we're only selling it to big customers. Well how big? Would a univeristy with 25.000 users count as BIG? Or are we talking about HUGE? hmk From roundcube222 at alaadin.org Sat Sep 26 08:40:36 2015 From: roundcube222 at alaadin.org (Michael Peter) Date: Sat, 26 Sep 2015 11:40:36 +0300 Subject: dovecot quota service for postfix Message-ID: <50c2566607ca890515ee046e71e53ccb.squirrel@mailer.coptics.org> Hello, I am trying to use dovecot quota service for postfix in order set quota for some users. i configure postfix policy service to ask dovecot if user quota is sufficient to accept the email or not. (dovecot in this case acts only as policy server to postfix as it only ACCEPT/REJECT email according to user quota, but it is not used to deliver email , because postfix will deliver the email to user mailbox) Incase user is underquota, then the email is returned back to postfix for processing and delivering email to user mbox, incase user has no sufficient quota then dovecot will inform postfix to reject email. Please confirm if what i mentioned above is correct and that i understand correctly how dove-cot policy works with postfix. Kindly check my configuration below and advise the missing parts to add... plugin { quota_rule = *:storage=1G quota_grace = 10%% # 10% is the default quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full" ... } The above configurations is for all users which is not override by quota rules in userdb's extra fields in my password file below. Is the above configuration missing some thing ? i am using mbox format for emails storage. do you i have to add (quota= SOMETHING) before (quote_rule = *:storage=1G) and what to do add to make dovecot support mbox quota? smtpd_recipient_restrictions = check_policy_service inet:SERVER-HIDDEN-FOR-SECRUITY.com:12340 service quota-status { executable = quota-status -p postfix inet_listener { port = 12340 } client_limit = 1 } now in order to configure dovecot specific quota for user named (user1) i use passwd-file as follow user1:{plain}pass3:1002:1002::/home/user1::userdb_mail=mbox:~/mymail:INBOX=/var/mail/user1 userdb_quota_rule=*:bytes=300M All other users except users1 should have 1GB storage according to this configuration. which user1 will only have 300MB Please advise what is my configuration is missing and if i need to add any thing to run without issues. Many thanks Michael Peter From lists at itns.co.za Sat Sep 26 09:15:27 2015 From: lists at itns.co.za (Greg Wildman) Date: Sat, 26 Sep 2015 11:15:27 +0200 Subject: v2.2.19 release candidate released Message-ID: <1443258927.26439.15.camel@itns.co.za> Hello, I am trying out 2.2.19.rc1 on a lightly loaded server with no problems so far. The reason I wanted to try 2.2.19.rc1 was to get access to the %{listener} variable in the auth phase so I can modify the SQL password_query according to which unix_listener is being queried. According to the docs, "These variables work only in Dovecot-auth and login_log_format_elements setting". I can confirm that %{listener} works in login_log_format_elements but it does not work if I use it in my SQL auth query. My logic is as follows: I create multiple listeners for different SASL authentications in 10 -master.conf service auth { unix_listener auth-userdb { mode = 0660 user = dovecot group = vmail } unix_listener exim-client { mode = 0660 user = dovecot group = exim } unix_listener xmpp-client { mode = 0660 user = dovecot group = mail } user = $default_internal_user } Now I want to use %{listener} in my SQL password_query in a case statement to auth according to which listener is being used. E.g. CASE '%{listener} ' \ WHEN 'exim-client' THEN ma.SMTPAUTH_allowed = 'YES' \ WHEN 'xmpp-client' THEN ma.XMPP_allowed = 'YES' \ ELSE ma.IMAP_allowed = 'YES' \ END Should the %{listener} variable work in this case ? -- Greg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part URL: From marcin at mejor.pl Sat Sep 26 13:11:32 2015 From: marcin at mejor.pl (=?UTF-8?Q?Marcin_Miros=c5=82aw?=) Date: Sat, 26 Sep 2015 15:11:32 +0200 Subject: [dovecot-2.2.18][SOLVED] dsync error: Error: Can't delete mailbox INBOX: INBOX can't be deleted. In-Reply-To: <5603B409.8090805@mejor.pl> References: <5602B607.2090005@mejor.pl> <5602C0D0.5050909@mejor.pl> <5603B409.8090805@mejor.pl> Message-ID: <56069984.9090704@mejor.pl> W dniu 2015-09-24 o 10:27, Marcin Miros?aw pisze: > W dniu 23.09.2015 o 22:12, Timo Sirainen pisze: >> On 23 Sep 2015, at 18:10, Marcin Miros?aw wrote: >>> >>> With dovecot-2.2.19.rc1 still have this error. >> >> "doveadm backup" wants to delete and recreate a folder if there are some changes that can't be incrementally just added to it (mainly if IMAP UIDs would need to be inserted in the middle of the folder). Maildir doesn't allow INBOX to be deleted (because it's difficult), so this fails. Solution is to either not use Maildir format, or rm -rf Maildir manually before running dsync. > > Hi Timo, hi all! > The problem is that I'm removing all .maildir/ folder before starting > dsync. This solution doesn't work for me. Do you think that only > migrating to e.g. mbox and then migrating from mbox to maildir is the > only way that can works? Hi all! I've found what was the root of problem. I removed .maildir/ but I didn't removed index files. Thanks, Marcin From tss at iki.fi Sat Sep 26 13:28:05 2015 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Sep 2015 16:28:05 +0300 Subject: object storage In-Reply-To: <20150925145650.GA20178@alf.uib.no> References: <33D6AB95-7DD0-4385-B001-4A659F4A6F67@iki.fi> <20150925145650.GA20178@alf.uib.no> Message-ID: <28C527B1-60D5-4692-8980-BB23E5B7F678@iki.fi> On 25 Sep 2015, at 17:56, Hans Morten Kind wrote: > > On Tue, Sep 15, 2015 at 12:31:25PM +0900, Timo Sirainen wrote: >> On 12 Sep 2015, at 04:45, Bradley Giesbrecht wrote: >>> >>> Is the Dovecot Object Storage plugin still available for purchase? >>> >> >> It's available, but at least for now we're only selling it to big customers. > > Well how big? Would a univeristy with 25.000 users count as BIG? > Or are we talking about HUGE? Our typical projects have several million user accounts. I think 100k users is around the minimum. From mysqlstudent at gmail.com Sat Sep 26 15:26:52 2015 From: mysqlstudent at gmail.com (Alex) Date: Sat, 26 Sep 2015 11:26:52 -0400 Subject: Expunged message reappeared to mailbox Message-ID: Hi, I'm using dovecot-2.2.18 on fedora22 and receiving the following messages: Sep 26 11:07:52 orion dovecot: imap(dave): Error: Sync failed for mbox file /var/spool/mail/alex: Expunged message reappeared to mailbox (UID 267101 < 267175, seq=2, idx_msgs=0) How do I troubleshoot this? Any idea what could be causing it? I've included my doveconf below. # 2.2.18: /etc/dovecot/dovecot.conf # OS: Linux 4.0.7-300.fc22.x86_64 x86_64 Fedora release 22 (Twenty Two) mail_gid = mail mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u mail_plugins = " listescape" mail_privileged_group = mail mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { driver = pam } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } process_min_avail = 20 service_count = 0 } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { address = 192.168.1.100 port = 995 } } ssl_ca = Hello, I'm using dovecot with getmail and spamassassin. To re-learn false detected mails I created two folders and use an external script that checks the corresponding maildir directories for changes (with inotifywait). The mails found in these directories are passed to sa-learn (to re-learn the correct classification) and then moved back to the inbox or the spam folder. To access the mail I use "doveadm search" (to find all mails in the two folders), "doveadm fetch" (to get the text and pass it to sa-learn) and "doveadm move" (to move the mail to the correct location. This works as desired, except that a mail once marked as spam will forever be marked as such. Spamassassin has the -d option to remove the markup, but I need to replace the original mail with the cleaned version. The only idea I got was deleting that mail and importing the cleaned one, but as I want to implement several "special" folders for further functionality with different IMAP clients I would prefer a "cleaner" solution. What would be the correct/best way to modify the mail body/header/text from an external tool? Kind regards, Frank From tss at iki.fi Sun Sep 27 16:21:24 2015 From: tss at iki.fi (Timo Sirainen) Date: Sun, 27 Sep 2015 19:21:24 +0300 Subject: modify message with doveadm? In-Reply-To: <56081501.5020606@gmx.net> References: <56081501.5020606@gmx.net> Message-ID: On 27 Sep 2015, at 19:10, Frank-Ulrich Sommer wrote: > > Hello, > > I'm using dovecot with getmail and spamassassin. To re-learn false detected mails I created two folders and use an external script that checks the corresponding maildir directories for changes (with inotifywait). The mails found in these directories are passed to sa-learn (to re-learn the correct classification) and then moved back to the inbox or the spam folder. > > To access the mail I use "doveadm search" (to find all mails in the two folders), "doveadm fetch" (to get the text and pass it to sa-learn) and "doveadm move" (to move the mail to the correct location. > This works as desired, except that a mail once marked as spam will forever be marked as such. Spamassassin has the -d option to remove the markup, but I need to replace the original mail with the cleaned version. The only idea I got was deleting that mail and importing the cleaned one, but as I want to implement several "special" folders for further functionality with different IMAP clients I would prefer a "cleaner" solution. > > What would be the correct/best way to modify the mail body/header/text from an external tool? IMAP protocol doesn't allow modifying messages. If they change, they need to get a new IMAP UID. So you'll need to use doveadm save + doveadm expunge to do this. From tss at iki.fi Sun Sep 27 16:25:39 2015 From: tss at iki.fi (Timo Sirainen) Date: Sun, 27 Sep 2015 19:25:39 +0300 Subject: v2.2.19 release candidate released In-Reply-To: <1443258927.26439.15.camel@itns.co.za> References: <1443258927.26439.15.camel@itns.co.za> Message-ID: <09020081-A70C-476C-9615-D5F68BD68A99@iki.fi> On 26 Sep 2015, at 12:15, Greg Wildman wrote: > > Hello, > > I am trying out 2.2.19.rc1 on a lightly loaded server with no problems > so far. The reason I wanted to try 2.2.19.rc1 was to get access to the > %{listener} variable in the auth phase so I can modify the SQL > password_query according to which unix_listener is being queried. > > According to the docs, "These variables work only in Dovecot-auth and > login_log_format_elements setting". I can confirm that %{listener} > works in login_log_format_elements but it does not work if I use it in > my SQL auth query. The docs were wrong - fixed now. Although I suppose auth could also have that.. > Now I want to use %{listener} in my SQL password_query in a case > statement to auth according to which listener is being used. E.g. > > CASE '%{listener} ' \ > WHEN 'exim-client' THEN ma.SMTPAUTH_allowed = 'YES' \ > WHEN 'xmpp-client' THEN ma.XMPP_allowed = 'YES' \ > ELSE ma.IMAP_allowed = 'YES' \ > END Typically they would use a different service (smtp, xmpp, imap) and you'd use e.g.: protocol smtp { passdb { ... } } This of course trusts that the auth client sends the correct service. From urushkin at telros.ru Sun Sep 27 17:38:27 2015 From: urushkin at telros.ru (Sergey Urushkin) Date: Sun, 27 Sep 2015 20:38:27 +0300 Subject: dovecot, fts, solr5 patch, fuzzy search Message-ID: <0b1b853535031f37ad5d7baa67798da7@telros.ru> Hi! I have a patch and several thoughts about FTS in dovecot. I. SOLR v5.1 and above doesn't allow GET /select queries with Content-Type header set, so, I just removed it from the code: --- dovecot-2.2.18/src/plugins/fts-solr/solr-connection.c 2015-05-13 17:14:45.000000000 +0300 +++ dovecot-2.2.18.patch/src/plugins/fts-solr/solr-connection.c 2015-09-27 19:47:40.363843359 +0300 @@ -432,7 +432,6 @@ solr_connection_select_response, conn); http_client_request_set_port(http_req, conn->http_port); http_client_request_set_ssl(http_req, conn->http_ssl); - http_client_request_add_header(http_req, "Content-Type", "text/xml"); http_client_request_submit(http_req); conn->request_status = 0; After that it works just fine. And it seems it doesn't hurt compatibility with older versions. Tested with 3.1, 3.6.2, 4.10.4, 5.3.1 So, I think this patch should be included. II. Fuzzy search. As I understand dovecot searches the same way despite FUZZY word is given or not. In my case I'd like to have an ability to make lookups like "domain.com usernamepart" (usernamepart - part of localpart). So, I use 'edismax15' inside requestHandler /select in solrconfig.xml. It's very convenient for users. Besides other things, this makes searches "abc at def" and "def at abc" identical to dovecot. But the problem is that sometimes the exact match is necessary. E.g. when using "doveadm expunge". For now I found a workaround - remove fts plugins while using doveadm with -o "`dovecot -n | sed -n 's/"//; s/ *= */=/; /^mail_plugins/s/\("\| fts\(\|_[^ ]\+\)\)//gp'`". But I think users should have an ability to decide which search type to use. Here is what I'm suggesting: 1. Implement fts_fuzzy_default option (default - true, current behavior). false should disable fuzzy search by default. 2. Make a way for fts backend to choose which search type to use. For solr it would be an ability to specify: a) "handler" (default=select) and "handler_fuzzy" (default=select or handler's value) (the same as handler by default). After this you have to create second select-like handler with fuzzy capabilities in solrconfig.xml. Example: fts_solr = url=http://127.0.0.1:8983/solr/dovecot/ handler=select handler_fuzzy=select2 This method will use the same index for both search types. b) "url_fuzzy" URL (different solr core or even address/port), like this: fts_solr = url=http://127.0.0.1:8983/solr/dovecot/ url_fuzzy=http://127.0.0.1:8983/solr/dovecot_fuzzy/ This method will allow to have two completely different indexes. And according to RFC 6203 search query generally may be mixed (FUZZY/EXACT). Both options will be useful in different setups. Hope, these thoughts will help. -- Best regards, Sergey Urushkin From anmeyer at mailbox.org Sun Sep 27 17:53:27 2015 From: anmeyer at mailbox.org (Andreas Meyer) Date: Sun, 27 Sep 2015 19:53:27 +0200 Subject: distuguish between different domains Message-ID: <20150927195327.1f85f343@workstation.bitcorner.intern> Hello! I asked myself wether it is possible to distinguish between different doamins in dovecot so that a user only sees his mailbox when he is connecting with user1 at aaa.de specifying the server with mail.aaa.de for example. So the server does not handout the mailbox for user1 at bbb.de when the client connects to mail.aaa.de as user1 at bbb.de I have this problem with roundcube. Dovecot is responisble for two domains. With roundcube I can login as user1 at aaa.de altough the client is configured like so: $config['smtp_server'] = 'tls://mail.bbb.de'; and I am landing in the mailbox of user1 at aaa.de Is there a way to striktly differentiate between doamins? Both domains have their own IP-addresses. Regards Andreas From doctor at doctor.nl2k.ab.ca Sun Sep 27 18:40:40 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sun, 27 Sep 2015 12:40:40 -0600 Subject: v2.2.19 release candidate released In-Reply-To: <09020081-A70C-476C-9615-D5F68BD68A99@iki.fi> References: <1443258927.26439.15.camel@itns.co.za> <09020081-A70C-476C-9615-D5F68BD68A99@iki.fi> Message-ID: <20150927184040.GA12434@doctor.nl2k.ab.ca> Timo, I have to test something on one of the BSD, namely related to src/lib/net.c . -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!! From doctor at doctor.nl2k.ab.ca Sun Sep 27 19:09:07 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sun, 27 Sep 2015 13:09:07 -0600 Subject: v2.2.19 release candidate released In-Reply-To: <20150927184040.GA12434@doctor.nl2k.ab.ca> References: <1443258927.26439.15.camel@itns.co.za> <09020081-A70C-476C-9615-D5F68BD68A99@iki.fi> <20150927184040.GA12434@doctor.nl2k.ab.ca> Message-ID: <20150927190907.GA17602@doctor.nl2k.ab.ca> On Sun, Sep 27, 2015 at 12:40:40PM -0600, The Doctor wrote: > Timo, > > I have to test something on one of the BSD, namely related to src/lib/net.c . > FYI make sys/ucred.h reads #ifndef _SYS_UCRED_H_ #define _SYS_UCRED_H_ /* * Credentials. */ struct ucred { u_int cr_ref; /* reference count */ uid_t cr_uid; /* effective user id */ short cr_ngroups; /* number of groups */ gid_t cr_groups[NGROUPS]; /* groups */ }; #define cr_gid cr_groups[0] #define NOCRED NULL /* no credential available */ #define FSCRED ((struct ucred *)-1) /* filesystem credential */ struct fcred { uid_t fc_ruid; /* real user id */ gid_t fc_rgid; /* real group id */ char fc_login[MAXLOGNAME]; /* setlogin() name */ struct ucred fc_ucred; }; #define fc_uid fc_ucred.cr_uid /* effective user id */ #define fc_ngroups fc_ucred.cr_ngroups /* number of groups */ #define fc_groups fc_ucred.cr_groups /* groups */ #define fc_gid fc_ucred.cr_gid /* effective group id */ #ifdef KERNEL #define crhold(cr) (cr)->cr_ref++ struct ucred *crcopy __P((struct ucred *cr)); struct ucred *crdup __P((struct ucred *cr)); void crfree __P((struct ucred *cr)); struct ucred *crget __P((void)); int suser __P((struct ucred *, u_short *acflag)); int groupmember __P((gid_t, struct ucred *)); #endif /* KERNEL */ #endif /* !_SYS_UCRED_H_ */ > -- > Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca > God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! > http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism > Time for Stephen to move on on Oct 19 2015!! -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!! From lists at marzocchi.net Sun Sep 27 22:05:39 2015 From: lists at marzocchi.net (Olaf Marzocchi) Date: Mon, 28 Sep 2015 00:05:39 +0200 Subject: Maildir: ACLs/Unix perms: unlink(...) failed: Permission denied In-Reply-To: <839515024ef34c25a9bbe682a454855c@valo.at> References: <55FD6E91.7020505@marzocchi.net> <839515024ef34c25a9bbe682a454855c@valo.at> Message-ID: <56086833.7090507@marzocchi.net> Hi, I tried again with some other options. After finding http://www.dovecot.org/list/dovecot/2013-November/093793.html I deleted every ACL from the directory Maildir and I also assigned the group "mail" to it, recursively: OmniOS-Xeon:/tank/home/olaf/Maildir/.Generiche $ ls -lV total 903 drwxrwxrwx 2 olaf mail 2 Sep 27 23:47 cur owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:rwxp--a-R-c--s:-------:allow (and so on) I tried also mail_full_filesystem_access = yes hoping that it would solve the issue, but nothing. Even with mail_debug = yes the log does not give any info besides dovecot: [ID 583609 mail.error] imap(olaf): Error: unlink(/tank/home/olaf/Maildir/.Generiche/dovecot-uidlist.tmp) failed: Permission denied (it shows also "rename" instead of "unlink") With these additional info, has anyone any idea about the cause of the problem? My doveconf -n: # 2.2.18: /etc/dovecot/dovecot.conf # OS: SunOS 5.11 i86pc zfs mail_debug = yes mail_full_filesystem_access = yes mail_location = maildir:/tank/home/%u/Maildir mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap ssl = required ssl_cert = Hi, > > On 2015-09-19 16:17, Olaf Marzocchi wrote: >> Dear Dovecot users, hello. >> I will merge two issues I have into a single email because they may be >> related. >> >> I used dovecot on a OmniOS server since 2014 (currently OmniOS >> r151014) with the following configuration (it shows 2.2.18 because I >> recently updated dovecot, skipping only the PostgreSQL plugin): >> >> # 2.2.18: /etc/dovecot/dovecot.conf >> # OS: SunOS 5.11 i86pc zfs >> mail_location = maildir:/tank/home/%u/Maildir >> mail_privileged_group = mail >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> driver = pam >> } >> protocols = imap >> ssl = required >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> >> You can see that I set the Maildir folder inside the shared home >> folders of my server (it is only one user, anyway). >> It always worked perfectly, but one-two months ago I changed the >> permissions of my whole home folder, recursively, to add proper ACLs. >> I needed them because the clients started using illumos kernel SMB >> (relying on ACLs) instead of Netatalk/AFP (relying on Unix perms >> only). >> I didn't realise I applied the ACLs also to the Maildir folder. >> >> Dovecot worked for several weeks fine, I noticed the issue only >> yesterday when a mailbox (see below) appeared in Thunderbird >> completely empty even if the "cur" subfolder on the server still >> contains all the mails. >> >> Dovecot was throwing some errors like: >> >> dovecot: [ID 583609 mail.error] imap(olaf): Error: >> rename(/tank/home/olaf/Maildir/.&A6k- Mailing >> Lists.Log/dovecot.index.cache) failed: Permission denied >> (euid=501(olaf) egid=501(olaf) UNIX perms appear ok (ACL/MAC wrong?)) >> dovecot: [ID 583609 mail.error] imap(olaf): Error: >> rename(/tank/home/olaf/Maildir/.&A6k- Mailing >> Lists.Log/dovecot.index.tmp, /tank/home/olaf/Maildir/.&A6k- Mailing >> Lists.Log/dovecot.index) failed: Permission denied >> dovecot: [ID 583609 mail.error] imap(olaf): Error: >> unlink(/tank/home/olaf/Maildir/subscriptions.lock) failed: Permission >> denied >> dovecot: [ID 583609 mail.error] imap(olaf): Error: >> rename(/tank/home/olaf/Maildir/subscriptions.lock, >> /tank/home/olaf/Maildir/subscriptions) failed: Permission denied >> >> I will post here the current permissions of the folder containing >> Maildir, of the Maildir itself, of its contents, and of the folder >> that appears empty when browsed with a client (Thunderbird). >> >> /tank/home/olaf $ ls -lV .. >> drwx------+ 16 olaf olaf 17 Sep 19 01:52 olaf >> user:olaf:rwxpdDaARWcCos:fd-----:allow >> group:2147483648:rwxpdDaARWcCos:fd-----:allow >> everyone@:rwxpdDaARWcCos:fd-----:deny >> >> /tank/home/olaf $ ls -lV >> drwxrwx--- 348 olaf olaf 359 Sep 19 01:51 Maildir >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> >> /tank/home/olaf $ ls -lV Maildir/ >> drwxrwx--- 2 olaf olaf 2 Jan 30 2014 cur >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> -rwxrwx--- 1 olaf olaf 21 Jan 30 2014 dovecot-keywords >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> (ALL THE SAME PERMISSIONS FOR THE OTHER FILES EXCEPT...) >> -rwxrwx--- 1 olaf olaf 13735 Jan 24 2015 subscriptions >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> -rw-rw---- 1 olaf olaf 13709 Sep 19 01:51 subscriptions.lock >> owner@:rw-p--aARWcCos:-------:allow >> group@:rw-p--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> >> The folder that appears empty: >> >> /tank/home/olaf $ ls -lV Maildir/.Generiche/ >> total 513 >> drwxrwx--- 2 olaf olaf 949 Sep 18 01:42 cur >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> -rwxrwx--- 1 olaf olaf 46 May 18 2014 dovecot-keywords >> owner@:rwxp--aARWcCos:-------:allow >> group@:rwxp--a-R-c--s:-------:allow >> everyone@:------a-R-c--s:-------:allow >> (ALL THE SAME PERMISSIONS FOR THE OTHER FILES) >> >> >> I really hope you will have the time to help me because I already >> applied the permissions recursively and I removed the ACLs, almost as >> it was before my mistake. >> I specified "almost" because originally (I checked the backups) the >> Maildir folder had an ACL that gave access permissions also to the >> group "mail": >> >> drwxrwx---+349 olaf olaf 359 Feb 16 2014 Maildir >> group:mail:rwxpdDaARWcCos:fd-----:allow >> owner@:rwxpdDaARWcCos:fd----I:allow >> group@:rwxpdDaARWcCos:fd----I:allow >> everyone@:rwxpdDaARWcCos:fd----I:deny >> >> Yesterday I haven't replicated it because from the documentation I >> understood it was not necessary. > > From my view the permissions seem to be set correctly, i have to admin, > its been a while since i moved to virtual users so i may be wrong here... > > The log output also seems to support that permissions are correct. > > Have you tried adding the group:mail:.... ACLs back? > > Have you set mail_debug=yes or other more verbose logging settings? > http://wiki2.dovecot.org/Logging From doctor at doctor.nl2k.ab.ca Mon Sep 28 04:06:00 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sun, 27 Sep 2015 22:06:00 -0600 Subject: v2.2.19 release candidate released In-Reply-To: <20150927190907.GA17602@doctor.nl2k.ab.ca> References: <1443258927.26439.15.camel@itns.co.za> <09020081-A70C-476C-9615-D5F68BD68A99@iki.fi> <20150927184040.GA12434@doctor.nl2k.ab.ca> <20150927190907.GA17602@doctor.nl2k.ab.ca> Message-ID: <20150928040600.GA4510@doctor.nl2k.ab.ca> On Sun, Sep 27, 2015 at 01:09:07PM -0600, The Doctor wrote: > On Sun, Sep 27, 2015 at 12:40:40PM -0600, The Doctor wrote: > > Timo, > > > > I have to test something on one of the BSD, namely related to src/lib/net.c . > > > > FYI make sys/ucred.h reads > > > #ifndef _SYS_UCRED_H_ > #define _SYS_UCRED_H_ > > /* > * Credentials. > */ > > struct ucred { > u_int cr_ref; /* reference count */ > uid_t cr_uid; /* effective user id */ > short cr_ngroups; /* number of groups */ > gid_t cr_groups[NGROUPS]; /* groups */ > }; > #define cr_gid cr_groups[0] > #define NOCRED NULL /* no credential available */ > #define FSCRED ((struct ucred *)-1) /* filesystem credential */ > > struct fcred { > uid_t fc_ruid; /* real user id */ > gid_t fc_rgid; /* real group id */ > char fc_login[MAXLOGNAME]; /* setlogin() name */ > struct ucred fc_ucred; > }; > #define fc_uid fc_ucred.cr_uid /* effective user id */ > #define fc_ngroups fc_ucred.cr_ngroups /* number of groups */ > #define fc_groups fc_ucred.cr_groups /* groups */ > #define fc_gid fc_ucred.cr_gid /* effective group id */ > > #ifdef KERNEL > #define crhold(cr) (cr)->cr_ref++ > > struct ucred *crcopy __P((struct ucred *cr)); > struct ucred *crdup __P((struct ucred *cr)); > void crfree __P((struct ucred *cr)); > struct ucred *crget __P((void)); > int suser __P((struct ucred *, u_short *acflag)); > int groupmember __P((gid_t, struct ucred *)); > #endif /* KERNEL */ > > #endif /* !_SYS_UCRED_H_ */ > > > > -- > > Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca > > God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! > > http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism > > Time for Stephen to move on on Oct 19 2015!! > > -- > Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca > God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! > http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism > Time for Stephen to move on on Oct 19 2015!! I might have to send you the sys/socket.h file. I did find /* * Socket credentials. */ struct sockcred { uid_t sc_uid; /* real user id */ uid_t sc_euid; /* effective user id */ gid_t sc_gid; /* real group id */ gid_t sc_egid; /* effective group id */ int sc_ngroups; /* number of supplemental groups */ gid_t sc_groups[1]; /* variable length */ }; but the 19rc1 is only staying up for less than one imnute. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!! From urushkin at telros.ru Mon Sep 28 05:06:10 2015 From: urushkin at telros.ru (Sergey Urushkin) Date: Mon, 28 Sep 2015 08:06:10 +0300 Subject: dovecot, fts, solr5 patch, fuzzy search In-Reply-To: <0b1b853535031f37ad5d7baa67798da7@telros.ru> References: <0b1b853535031f37ad5d7baa67798da7@telros.ru> Message-ID: <728560BB-7D97-4464-A7A9-38FE755AF416@telros.ru> 27 ???????? 2015 ?. 20:38:27 GMT+03:00, Sergey Urushkin ?????: >Hi! >I have a patch and several thoughts about FTS in dovecot. > >I. SOLR v5.1 and above doesn't allow GET /select queries with >Content-Type header set, so, I just removed it from the code: > >--- dovecot-2.2.18/src/plugins/fts-solr/solr-connection.c 2015-05-13 >17:14:45.000000000 +0300 >+++ >dovecot-2.2.18.patch/src/plugins/fts-solr/solr-connection.c 2015-09-27 >19:47:40.363843359 +0300 >@@ -432,7 +432,6 @@ > solr_connection_select_response, conn); > http_client_request_set_port(http_req, conn->http_port); > http_client_request_set_ssl(http_req, conn->http_ssl); >- http_client_request_add_header(http_req, "Content-Type", "text/xml"); > http_client_request_submit(http_req); > > conn->request_status = 0; > >After that it works just fine. And it seems it doesn't hurt >compatibility with older versions. Tested with 3.1, 3.6.2, 4.10.4, >5.3.1 >So, I think this patch should be included. > > >II. Fuzzy search. As I understand dovecot searches the same way despite > >FUZZY word is given or not. In my case I'd like to have an ability to >make lookups like "domain.com usernamepart" (usernamepart - part of >localpart). So, I use 'edismaxname="qs">15' inside requestHandler /select in solrconfig.xml. >It's very convenient for users. Besides other things, this makes >searches "abc at def" and "def at abc" identical to dovecot. But the problem >is that sometimes the exact match is necessary. E.g. when using >"doveadm >expunge". For now I found a workaround - remove fts plugins while using > >doveadm with -o "`dovecot -n | sed -n 's/"//; s/ *= */=/; >/^mail_plugins/s/\("\| fts\(\|_[^ ]\+\)\)//gp'`". >But I think users should have an ability to decide which search type to > >use. Here is what I'm suggesting: > >1. Implement fts_fuzzy_default option (default - true, current >behavior). false should disable fuzzy search by default. I've just realised that with handler_fuzzy (default - handler value) and url_fuzzy (default - url value) there is no need in such option, fts backend should choose itself how to treat searches. But another option - fts_fuzzy_only (default - false) might be helpful in some way, allowing to only use fts for fuzzy searches. >2. Make a way for fts backend to choose which search type to use. For >solr it would be an ability to specify: > a) "handler" (default=select) and "handler_fuzzy" (default=select or >handler's value) (the same as handler by default). After this you have >to create second select-like handler with fuzzy capabilities in >solrconfig.xml. Example: > fts_solr = url=http://127.0.0.1:8983/solr/dovecot/ handler=select >handler_fuzzy=select2 > This method will use the same index for both search types. > > b) "url_fuzzy" URL (different solr core or even address/port), like >this: > fts_solr = url=http://127.0.0.1:8983/solr/dovecot/ >url_fuzzy=http://127.0.0.1:8983/solr/dovecot_fuzzy/ > This method will allow to have two completely different indexes. > > And according to RFC 6203 search query generally may be mixed >(FUZZY/EXACT). > > Both options will be useful in different setups. > >Hope, these thoughts will help. -- Best regards, Sergey Urushkin From marco.fretz at gmail.com Mon Sep 28 06:29:59 2015 From: marco.fretz at gmail.com (Marco Fretz) Date: Mon, 28 Sep 2015 08:29:59 +0200 Subject: distuguish between different domains In-Reply-To: <20150927195327.1f85f343@workstation.bitcorner.intern> References: <20150927195327.1f85f343@workstation.bitcorner.intern> Message-ID: <5608DE67.7010901@gmail.com> Hi Andreas, I'm not 100% sure what you're trying to accomplish. smtp_server in roundcube is the outgoing server (submission server, i.e. postfix). Mailbox is IMAP (dovecot). You can easily spawn 2 instances of dovecot, one serving aaa.de and one serving bbb.de on different IPs. What exactly is the problem with 2 domains on one dovecot? I mean user @aaa.de usually does not have the password for @bbb.de and vise versa. About the sending server in roundcube: I don't think there is a way to have a different submission server for different sender domains in roundcubde. But you could use the postfix configuration to map sender domains to different outgoing connection IPs. Does this help? If not, please tell us more about what you're trying to do. regards Marco On 27.09.2015 19:53, Andreas Meyer wrote: > Hello! > > I asked myself wether it is possible to distinguish between > different doamins in dovecot so that a user only sees his > mailbox when he is connecting with user1 at aaa.de specifying > the server with mail.aaa.de for example. > > So the server does not handout the mailbox for user1 at bbb.de > when the client connects to mail.aaa.de as user1 at bbb.de > > I have this problem with roundcube. Dovecot is responisble > for two domains. With roundcube I can login as user1 at aaa.de > altough the client is configured like so: > $config['smtp_server'] = 'tls://mail.bbb.de'; > and I am landing in the mailbox of user1 at aaa.de > > Is there a way to striktly differentiate between doamins? > Both domains have their own IP-addresses. > > Regards > > Andreas From marco.fretz at gmail.com Mon Sep 28 06:37:58 2015 From: marco.fretz at gmail.com (Marco Fretz) Date: Mon, 28 Sep 2015 08:37:58 +0200 Subject: Sieve and forward In-Reply-To: References: Message-ID: <5608E046.6070001@gmail.com> Hi, I think the problem is you cannot resign the forwarded message... and if you keep the original sender domain it looses the signature? I'm not a DKIM guru though :-) Maybe just forward it as attachment from the users address... regards Marco On 18.09.2015 00:36, Il Neofita wrote: > Hi > I have already posted to the postfix group, however, I believe that sieve > and dovecot should be able to fix this problem. > When I receive a message from yahoo and the user forward it to a gmail or > yahoo acount this email is considered as spam or rejected. > From yahoo is rejected since it seems that I am try to send spam since the > email should be signed with dkim. > Is there a way to encpuslated or sign in some way. > > Thank you From marco.fretz at gmail.com Mon Sep 28 06:42:26 2015 From: marco.fretz at gmail.com (Marco Fretz) Date: Mon, 28 Sep 2015 08:42:26 +0200 Subject: Problem with SHA2/Geotrust and dovecot 2.0.9 In-Reply-To: References: Message-ID: <5608E152.3040805@gmail.com> Hi, does the cert work if you open and output it as text with openssl command? not sure if 2.0.9 does support sha2, I think it should - I guess it actually depends on openssl libs not dovecot. On 08.09.2015 15:17, Il Neofita wrote: > Hi > I have renew my geotrust certificate using sha2, and I have problem with > Dovecot 2.0.9 and redhat 6.7. > The same certificate is working in Apache. > > The error is > > dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM > certificate. > > and the configuration file is > > ssl_cert= ssl_key = ssl_ca = > What I should do? From anmeyer at mailbox.org Mon Sep 28 08:48:03 2015 From: anmeyer at mailbox.org (Andreas Meyer) Date: Mon, 28 Sep 2015 10:48:03 +0200 Subject: distuguish between different domains In-Reply-To: <5608DE67.7010901@gmail.com> References: <20150927195327.1f85f343@workstation.bitcorner.intern> <5608DE67.7010901@gmail.com> Message-ID: <20150928104803.52be8505@workstation.bitcorner.intern> Hello! Marco Fretz schrieb am 28.09.15 um 08:29:59 Uhr: > Hi Andreas, > > I'm not 100% sure what you're trying to accomplish. > > smtp_server in roundcube is the outgoing server (submission server, i.e. > postfix). Mailbox is IMAP (dovecot). > You can easily spawn 2 instances of dovecot, one serving aaa.de and one > serving bbb.de on different IPs. How do I do this? > What exactly is the problem with 2 domains on one dovecot? I mean user > @aaa.de usually does not have the password for @bbb.de and vise versa. What is irritating me is that when there are two domains served by dovecot, in the client I can specify server.aaa.de although I have an email-address user at bbb.de and connect as such. For my understanding it should not be possible to connect to server server.aaa.de with an address line user at bbb.de and dovecot serves the mailbox of that user. > About the sending server in roundcube: I don't think there is a way to > have a different submission server for different sender domains in > roundcubde. But you could use the postfix configuration to map sender > domains to different outgoing connection IPs. Postfix is not the problem. It's the login into the IMAP-server that is irritating me. Or am I completely wrong? Regards Andreas From alec at alec.pl Mon Sep 28 08:54:24 2015 From: alec at alec.pl (A.L.E.C) Date: Mon, 28 Sep 2015 10:54:24 +0200 Subject: distuguish between different domains In-Reply-To: <20150928104803.52be8505@workstation.bitcorner.intern> References: <20150927195327.1f85f343@workstation.bitcorner.intern> <5608DE67.7010901@gmail.com> <20150928104803.52be8505@workstation.bitcorner.intern> Message-ID: <56090040.6010704@alec.pl> On 09/28/2015 10:48 AM, Andreas Meyer wrote: > Postfix is not the problem. It's the login into the IMAP-server that > is irritating me. Or am I completely wrong? You are completely wrong ;) If the mailbox exist server handles it, there's no difference from/to which "domain" was the connection. Besides you can configure Roundcube to select server IP/host based on logon domain. -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl From skdovecot at smail.inf.fh-brs.de Mon Sep 28 09:01:43 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 28 Sep 2015 11:01:43 +0200 (CEST) Subject: distuguish between different domains In-Reply-To: <20150928104803.52be8505@workstation.bitcorner.intern> References: <20150927195327.1f85f343@workstation.bitcorner.intern> <5608DE67.7010901@gmail.com> <20150928104803.52be8505@workstation.bitcorner.intern> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 28 Sep 2015, Andreas Meyer wrote: > For my understanding it should not be possible to connect to server > server.aaa.de with an address line user at bbb.de and dovecot serves > the mailbox of that user. that's virtual hosting :-) - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVgkB93z1H7kL/d9rAQLwRQf9EYit7l2ZSaSQQhojeoqNKXcZj1FP9SZY Wm+w3mI/zL/5xlWhvZPmZgTGs6aLUqU1la0zl4Nd95gRiVuG5DQPruUfu9uvG8XV t6u+mpf4wGkeDZlkrYMSKmOrE8eUV6Bdi0fuBZrDCihChGSb8NceMn7u58uTBDFr Pj5AmU+71OrWHisvmCjsQAelOXNpHMf+hFHxb5xJatbDl9wqf443WyoUBaVGCb2q 1rbYz+TT/5BGfLwibefmuTkzWn8ca/RryJV2GaynIyp+WynlRh5w+1Q1EPZgS/Di xOIk7+H/JKbnlQ6quxOn9sfjiiqKEDIJmxPSRGsEJvSz9+EYxnhL7w== =xR/L -----END PGP SIGNATURE----- From thomassen at a4a.de Mon Sep 28 09:32:43 2015 From: thomassen at a4a.de (Peter Thomassen) Date: Mon, 28 Sep 2015 11:32:43 +0200 Subject: Error saving to IMAP folder Message-ID: <5609093B.7050505@a4a.de> Hi, I have been using dovecot for multiple years, without a problem so far. I'm running version 2.0.19-0ubuntu2.2. A few weeks ago, the following problem started. When sending an e-mail with Thunderbird, the message is saved to the "Sent" IMAP folder after sending it out. Every few days, this -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From thomassen at a4a.de Mon Sep 28 09:44:52 2015 From: thomassen at a4a.de (Peter Thomassen) Date: Mon, 28 Sep 2015 11:44:52 +0200 Subject: Error saving to IMAP folder In-Reply-To: <5609093B.7050505@a4a.de> References: <5609093B.7050505@a4a.de> Message-ID: <56090C14.9020708@a4a.de> Hi, Apologies for the post. In the process of typing, I found this solution: http://www.dovecot.org/list/dovecot/2012-January/080629.html When closing the message window, I accidentally sent the message to the list instead of deleting it. Cheers, Peter On 09/28/2015 11:32 AM, Peter Thomassen wrote: > Hi, > > I have been using dovecot for multiple years, without a problem so far. > I'm running version 2.0.19-0ubuntu2.2. > > A few weeks ago, the following problem started. When sending an e-mail > with Thunderbird, the message is saved to the "Sent" IMAP folder after > sending it out. Every few days, this > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From anmeyer at mailbox.org Mon Sep 28 10:08:47 2015 From: anmeyer at mailbox.org (Andreas Meyer) Date: Mon, 28 Sep 2015 12:08:47 +0200 Subject: distuguish between different domains In-Reply-To: <56090040.6010704@alec.pl> References: <20150927195327.1f85f343@workstation.bitcorner.intern> <5608DE67.7010901@gmail.com> <20150928104803.52be8505@workstation.bitcorner.intern> <56090040.6010704@alec.pl> Message-ID: <20150928120847.0ac444cb@workstation.bitcorner.intern> "A.L.E.C" schrieb am 28.09.15 um 10:54:24 Uhr: > On 09/28/2015 10:48 AM, Andreas Meyer wrote: > > Postfix is not the problem. It's the login into the IMAP-server that > > is irritating me. Or am I completely wrong? > > You are completely wrong ;) If the mailbox exist server handles it, > there's no difference from/to which "domain" was the connection. Besides > you can configure Roundcube to select server IP/host based on logon domain. It makes not difference when I define $rcmail_config['default_host'] = 'tls://mail.bbb.de'; in Roundcube. I guess the advantage of this setting is to identify the server when the server are running on different machines. But as long as the domains reside on the same machine, it does not matter. I can login as user at aaa.de and the mailbox is served. That's what is irritating me. But I can life with it. Regards Andreas From pch at myzel.net Mon Sep 28 11:03:55 2015 From: pch at myzel.net (Peter Chiochetti) Date: Mon, 28 Sep 2015 13:03:55 +0200 Subject: doveadm fetch line wrapping Message-ID: <56091E9B.9030404@myzel.net> The manual at http://wiki2.dovecot.org/Tools/Doveadm/Deduplicate tells how to estimate what will be expunged: > doveadm -f table fetch -u jane 'guid uid' mailbox a_Box | sort I wanted to learn the subjects: > doveadm -f table fetch -u jane 'guid hdr.Subject' mailbox a_Box In the output, long lines will be broken up, continuation lines starting with a blank (mostly), disabling the sort > doveadm -f table fetch -u jane 'guid hdr.Subject' mailbox a_Box \ > | sed -e :a -e '$!N;s/\n\s//;ta' -e 'P;D' | sort --stable Some (gnu) sed foo joins them back together, the sort works again :) -- peter From tss at iki.fi Mon Sep 28 12:03:08 2015 From: tss at iki.fi (Timo Sirainen) Date: Mon, 28 Sep 2015 15:03:08 +0300 Subject: doveadm fetch line wrapping In-Reply-To: <56091E9B.9030404@myzel.net> References: <56091E9B.9030404@myzel.net> Message-ID: <53197EF7-C6FC-49F1-8E3E-10544EB2AE9F@iki.fi> On 28 Sep 2015, at 14:03, Peter Chiochetti wrote: > > The manual at http://wiki2.dovecot.org/Tools/Doveadm/Deduplicate > tells how to estimate what will be expunged: > >> doveadm -f table fetch -u jane 'guid uid' mailbox a_Box | sort > > I wanted to learn the subjects: > >> doveadm -f table fetch -u jane 'guid hdr.Subject' mailbox a_Box > > In the output, long lines will be broken up, continuation lines starting with a blank (mostly), disabling the sort > >> doveadm -f table fetch -u jane 'guid hdr.Subject' mailbox a_Box \ >> | sed -e :a -e '$!N;s/\n\s//;ta' -e 'P;D' | sort --stable > > Some (gnu) sed foo joins them back together, the sort works again :) I think this would work too: doveadm -f table fetch -u jane 'guid hdr.Subject.utf8' mailbox a_Box | sort From paolo.cravero at csi.it Mon Sep 28 13:18:08 2015 From: paolo.cravero at csi.it (Paolo Cravero) Date: Mon, 28 Sep 2015 15:18:08 +0200 (CEST) Subject: object storage In-Reply-To: <28C527B1-60D5-4692-8980-BB23E5B7F678@iki.fi> References: <33D6AB95-7DD0-4385-B001-4A659F4A6F67@iki.fi> <20150925145650.GA20178@alf.uib.no> <28C527B1-60D5-4692-8980-BB23E5B7F678@iki.fi> Message-ID: <58435316.1579264.1443446288422.JavaMail.open-xchange@comunica.csi.it> > Timo Sirainen wrote: > Our typical projects have several million user accounts. I think 100k > users is around the minimum. Interesting. So che choice for object storage is driven by the number of accounts rather than the amount of data stored? For example I am heading towards 10 TB online with "just" 10k users. It wouldn't be worth? Paolo From skyice at openmailbox.org Mon Sep 28 13:46:06 2015 From: skyice at openmailbox.org (Pierre Barre) Date: Mon, 28 Sep 2015 15:46:06 +0200 Subject: object storage In-Reply-To: <58435316.1579264.1443446288422.JavaMail.open-xchange@comunica.csi.it> References: <33D6AB95-7DD0-4385-B001-4A659F4A6F67@iki.fi> <20150925145650.GA20178@alf.uib.no> <28C527B1-60D5-4692-8980-BB23E5B7F678@iki.fi> <58435316.1579264.1443446288422.JavaMail.open-xchange@comunica.csi.it> Message-ID: <7beba3a3e227dc32dc70c5ba7404a986@openmailbox.org> Le 2015-09-28 15:18, Paolo Cravero a ?crit?: >> Timo Sirainen wrote: >> Our typical projects have several million user accounts. I think 100k >> users is around the minimum. > > Interesting. So che choice for object storage is driven by the number > of > accounts rather than the amount of data stored? For example I am > heading > towards 10 TB online with "just" 10k users. It wouldn't be worth? > > Paolo Since they sell it with a pricing /user, the data stored should not matter to them. From marco.fretz at gmail.com Mon Sep 28 14:18:51 2015 From: marco.fretz at gmail.com (Marco Fretz) Date: Mon, 28 Sep 2015 16:18:51 +0200 Subject: distuguish between different domains In-Reply-To: <20150928104803.52be8505@workstation.bitcorner.intern> References: <20150927195327.1f85f343@workstation.bitcorner.intern> <5608DE67.7010901@gmail.com> <20150928104803.52be8505@workstation.bitcorner.intern> Message-ID: <56094C4B.1000109@gmail.com> On 28.09.2015 10:48, Andreas Meyer wrote: > Hello! > > Marco Fretz schrieb am 28.09.15 um 08:29:59 Uhr: > >> Hi Andreas, >> >> I'm not 100% sure what you're trying to accomplish. >> >> smtp_server in roundcube is the outgoing server (submission server, i.e. >> postfix). Mailbox is IMAP (dovecot). >> You can easily spawn 2 instances of dovecot, one serving aaa.de and one >> serving bbb.de on different IPs. > How do I do this? http://wiki2.dovecot.org/RunningDovecot I do this by creating a 2nd startup script / systemd service you can then use another dovecot config file and specify different listen IPs (and Ports). This is also useful for different SSL certs per domain / ip, etc. > >> What exactly is the problem with 2 domains on one dovecot? I mean user >> @aaa.de usually does not have the password for @bbb.de and vise versa. > What is irritating me is that when there are two domains served by > dovecot, in the client I can specify server.aaa.de although I have > an email-address user at bbb.de and connect as such. > > For my understanding it should not be possible to connect to server > server.aaa.de with an address line user at bbb.de and dovecot serves > the mailbox of that user. the dovecot service does not care about the server dns name. the dns name resolves to the IP address on the client (roundcube) and the client connects to the server. if the same dovecot instance listens to all / both IP address, client will end up on this dovecot instance and all valid user-password combinations are authorized. that's the way it has to be, otherwise virtual / mass virtual domain hosting would not be possible as you cannot spawn 1000 instances on the same machine (ok, in theory you could do that :D) > >> About the sending server in roundcube: I don't think there is a way to >> have a different submission server for different sender domains in >> roundcubde. But you could use the postfix configuration to map sender >> domains to different outgoing connection IPs. > Postfix is not the problem. It's the login into the IMAP-server that > is irritating me. Or am I completely wrong? > > Regards > > Andreas From philip at turmel.org Mon Sep 28 14:23:59 2015 From: philip at turmel.org (Phil Turmel) Date: Mon, 28 Sep 2015 10:23:59 -0400 Subject: distuguish between different domains In-Reply-To: <56094C4B.1000109@gmail.com> References: <20150927195327.1f85f343@workstation.bitcorner.intern> <5608DE67.7010901@gmail.com> <20150928104803.52be8505@workstation.bitcorner.intern> <56094C4B.1000109@gmail.com> Message-ID: <56094D7F.3090100@turmel.org> On 09/28/2015 10:18 AM, Marco Fretz wrote: > On 28.09.2015 10:48, Andreas Meyer wrote: >> For my understanding it should not be possible to connect to server >> server.aaa.de with an address line user at bbb.de and dovecot serves >> the mailbox of that user. > the dovecot service does not care about the server dns name. the dns > name resolves to the IP address on the client (roundcube) and the client > connects to the server. if the same dovecot instance listens to all / > both IP address, client will end up on this dovecot instance and all > valid user-password combinations are authorized. that's the way it has > to be, otherwise virtual / mass virtual domain hosting would not be > possible as you cannot spawn 1000 instances on the same machine (ok, in > theory you could do that :D) No, it's only impossible if you are using passdb or otherwise authenticating against real users of the system. If you are using virtual users (SQL, LDAP, etc.), you can include the domain name in the auth lookups. Phil From tj at terramar.net Mon Sep 28 14:25:10 2015 From: tj at terramar.net (Tom Johnson) Date: Mon, 28 Sep 2015 07:25:10 -0700 Subject: object storage In-Reply-To: <58435316.1579264.1443446288422.JavaMail.open-xchange@comunica.csi.it> References: <33D6AB95-7DD0-4385-B001-4A659F4A6F67@iki.fi> <20150925145650.GA20178@alf.uib.no> <28C527B1-60D5-4692-8980-BB23E5B7F678@iki.fi> <58435316.1579264.1443446288422.JavaMail.open-xchange@comunica.csi.it> Message-ID: <05DFE8F6-6AA8-4968-ABF3-98EF93D450E6@terramar.net> I went to them to discuss 300-500,000 users, right after dovecot was acquired by OpenXChange. The terms were onerous, to say the least. It was straight per-user pricing with no flexibility for non-standard usage patterns. Mostly they wanted to talk about OpenXChange, in which I have absolutely no interest. I walked away undecided: would I look at developing my own object storage back-end for dovecot and open-source it? Or would I abandon dovecot entirely? I'm still undecided. > On Sep 28, 2015, at 6:18 AM, Paolo Cravero wrote: > > >> Timo Sirainen wrote: >> Our typical projects have several million user accounts. I think 100k >> users is around the minimum. > > Interesting. So che choice for object storage is driven by the number of > accounts rather than the amount of data stored? For example I am heading > towards 10 TB online with "just" 10k users. It wouldn't be worth? > > Paolo From tss at iki.fi Mon Sep 28 14:34:34 2015 From: tss at iki.fi (Timo Sirainen) Date: Mon, 28 Sep 2015 17:34:34 +0300 Subject: v2.2.19 release candidate 2 released Message-ID: <9A87B500-0D00-449A-B79D-97A57E67030C@iki.fi> http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc2.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc2.tar.gz.sig There were still a bit too many bugs in RC1, so here's RC2. Hopefully this will be stable enough to become v2.2.19 final. Please test now rather than wait for v2.2.19 final, since v2.2.20 is unlikely to arrive anytime soon (unless there are some major problems). Some fixes since RC1: - dict fixes, especially with pgsql - virtual plugin crashfixes - quota "count" backend fixes - lib-http fixes - some compiling fixes From voytek at sbt.net.au Mon Sep 28 14:47:25 2015 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Tue, 29 Sep 2015 00:47:25 +1000 Subject: mirroring one domain.tld to domain.tld.au Message-ID: <0e430da252c67c4f89adfd88929003ba.squirrel@sbt.net.au> I have Postfix/Dovecot/postfixadmin/MySQL with several virtual mailbox domains one of the domains is like aname.com.au, the user also now has aname.com, and, would like to 'mirror' most of the addresses to be user at aname.com, THOUGH, some are to remain as user2 at aname.com.au so, both user at aname.com as well as user at aname.com.au should be one user the users retrive emails as user at aname.com.au longer term... some would want to use aname.com.au. some, aname.com what's the best/proper way to do so in Dovecot ? I think I can do Postfix with postfixadmin to "Mirror addresses of one of your domains to another." but what do I do at the Dovecot end...? thanks for any pointers, suggestions or advice From pch at myzel.net Mon Sep 28 20:35:20 2015 From: pch at myzel.net (Peter Chiochetti) Date: Mon, 28 Sep 2015 22:35:20 +0200 Subject: doveadm fetch line wrapping In-Reply-To: <53197EF7-C6FC-49F1-8E3E-10544EB2AE9F@iki.fi> References: <56091E9B.9030404@myzel.net> <53197EF7-C6FC-49F1-8E3E-10544EB2AE9F@iki.fi> Message-ID: <5609A488.70901@myzel.net> Am 2015-09-28 um 14:03 schrieb Timo Sirainen: > On 28 Sep 2015, at 14:03, Peter Chiochetti wrote: >> >> The manual at http://wiki2.dovecot.org/Tools/Doveadm/Deduplicate >> tells how to estimate what will be expunged: >> >>> doveadm -f table fetch -u jane 'guid uid' mailbox a_Box | sort >> >> I wanted to learn the subjects: >> >>> doveadm -f table fetch -u jane 'guid hdr.Subject' mailbox a_Box >> >> In the output, long lines will be broken up, continuation lines starting with a blank (mostly), disabling the sort >> >>> doveadm -f table fetch -u jane 'guid hdr.Subject' mailbox a_Box \ >>> | sed -e :a -e '$!N;s/\n\s//;ta' -e 'P;D' | sort --stable >> >> Some (gnu) sed foo joins them back together, the sort works again :) > > I think this would work too: > > doveadm -f table fetch -u jane 'guid hdr.Subject.utf8' mailbox a_Box | sort > Indeed, that works, and the result is much easier to read. Thank You a lot for the tip! PS: Does mail_plugins mail_log mail_log_fiels also support this chaining of decoder? If not, a feature wished for? Gonna try tomorrow or next week ;) -- peter From tss at iki.fi Mon Sep 28 20:51:20 2015 From: tss at iki.fi (Timo Sirainen) Date: Mon, 28 Sep 2015 23:51:20 +0300 Subject: doveadm fetch line wrapping In-Reply-To: <5609A488.70901@myzel.net> References: <56091E9B.9030404@myzel.net> <53197EF7-C6FC-49F1-8E3E-10544EB2AE9F@iki.fi> <5609A488.70901@myzel.net> Message-ID: <0E5E1F05-F25B-4807-A6E4-51F71E0B2305@iki.fi> On 28 Sep 2015, at 23:35, Peter Chiochetti wrote: > >> doveadm -f table fetch -u jane 'guid hdr.Subject.utf8' mailbox a_Box | sort >> > Indeed, that works, and the result is much easier to read. Thank You a lot for the tip! > > PS: Does mail_plugins mail_log mail_log_fiels also support this chaining of decoder? If not, a feature wished for? Gonna try tomorrow or next week ;) No, but I think it should be changed to do that always.. That would be a v2.3 change though. From doark at mail.com Tue Sep 29 04:58:31 2015 From: doark at mail.com (David Niklas) Date: Tue, 29 Sep 2015 00:58:31 -0400 Subject: Newbie why is dovecot classified diff then sendmail or courier Message-ID: <20150929005831.5a80fe1f@ulgy_thing> Hello, this is probably a dumb question, but I can't for the life of me figure out why sendmail and courier are classified universally as network-mail-mta whereas dovecot is in places like network-mail-general or some such place. I've used several Linux distros and have noted this keenly (they also normally classify photorec, the HD recovery tool as hardware-photography,so this may just be a mistake). I'm concerned that I'm looking into the wrong software for an mail transport/delivery agent. Thanks, David From skdovecot at smail.inf.fh-brs.de Tue Sep 29 06:36:13 2015 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 29 Sep 2015 08:36:13 +0200 (CEST) Subject: mirroring one domain.tld to domain.tld.au In-Reply-To: <0e430da252c67c4f89adfd88929003ba.squirrel@sbt.net.au> References: <0e430da252c67c4f89adfd88929003ba.squirrel@sbt.net.au> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 29 Sep 2015, voytek at sbt.net.au wrote: > I have Postfix/Dovecot/postfixadmin/MySQL with several virtual mailbox > domains > > one of the domains is like aname.com.au, the user also now has aname.com, > and, would like to 'mirror' most of the addresses to be user at aname.com, > THOUGH, some are to remain as user2 at aname.com.au > > so, both user at aname.com as well as user at aname.com.au should be one user > > the users retrive emails as user at aname.com.au > > longer term... some would want to use aname.com.au. some, aname.com > > what's the best/proper way to do so in Dovecot ? > > I think I can do Postfix with postfixadmin to "Mirror addresses of one of > your domains to another." I cannot help you with Postfix, but: you wrote: .../Dovecot/.../MySQL are all users storred in SQL? If so: make all lookups for userXYZ at aname.com.au and userXYZ at aname.com return the same data without relying on %u and %d, even for default values, for both passdb and userdb. In this case, you do not need to worry about the change for Dovecot and Postfix. ==== If you tweak Postfix to deliver to just one domain, you can tweak Dovecot to change the domain name in passdb lookups, in order to use the other domain in userdb queries, however, message delivery needs to use the domain in userdb only, see: http://wiki2.dovecot.org/AuthDatabase/SQL password_query = SELECT ..., userid AS user \ ^^^^^^^^^^ FROM users WHERE userid = '%Lu' OR userid2 = '%Lu'; ^^^^^^^^^^ Match the user for both domains - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVgoxXXz1H7kL/d9rAQIvXAgAv4e+x+klD1qAeTUONmTlNEnUEq2hRvRs cd3VsEdrK925AHXSHtwasV97ZkBxRE+dNBpn+cGKT26m/E5UP9LgJCZXrypmMVjk ql3Z1h00thsTyzc+SJS5MIULpdmuuPP14QndvAnHpxuY5/c/hnwPTibi2fwXJm7E d6Pf3w7IARl4gJv96GbSfGnDsiuu508P1PyqJhFWEf0nTnf+tFzIO7sa7Yb1Ubep DPclzP2Cobd6rFiUTC/lp+r4sv/QmbeOT4G/7CkExbrFo0fQD8mb4qe9a3AnQBsu 5Fscmkt5HWWaLYj3pLDMiLd5DxpMbzilxDttoRqvsTutngArbDgPTA== =U7Gw -----END PGP SIGNATURE----- From tolga at ozses.net Tue Sep 29 06:34:04 2015 From: tolga at ozses.net (Muzaffer Tolga Ozses) Date: Tue, 29 Sep 2015 09:34:04 +0300 Subject: My website feedback Message-ID: Hi, I gave a feedback about dovecot.fi website yesterday. It's awaiting moderation because it exceeded message size because it contains a screenshot. Was this ML the right place to post this? If not, please redirect me to the appropriate place. Regards, From pch at myzel.net Tue Sep 29 07:39:56 2015 From: pch at myzel.net (Peter Chiochetti) Date: Tue, 29 Sep 2015 09:39:56 +0200 Subject: Newbie why is dovecot classified diff then sendmail or courier In-Reply-To: <20150929005831.5a80fe1f@ulgy_thing> References: <20150929005831.5a80fe1f@ulgy_thing> Message-ID: <560A404C.6070709@myzel.net> Am 2015-09-29 um 06:58 schrieb David Niklas: > Hello, this is probably a dumb question, but I can't for the life of me > figure out why sendmail and courier are classified universally as > network-mail-mta whereas dovecot is in places like network-mail-general > or some such place. > I'm concerned that I'm looking into the wrong software for an mail > transport/delivery agent. Hello David, https://en.wikipedia.org/wiki/Message_transfer_agent has the global scheme. There may be better guides for newbies, but it lays out the terms used. Dovecot appears here https://en.wikipedia.org/wiki/Mail_delivery_agent -- peter From giunta at sissa.it Tue Sep 29 08:36:22 2015 From: giunta at sissa.it (Marco Giunta) Date: Tue, 29 Sep 2015 10:36:22 +0200 Subject: BUG: service(auth) crash when quota-status lookup an address with local-part starting with auth_master_user_separator Message-ID: <560A4D86.3010602@sissa.it> Hi, I'm using dovecot 2.2.15 (configuration attached below), and I 've enabled quota-status; when I try to look up the quota status of an address with the local-part starting with the same character as 'auth_master_user_separator', dovecot/auth crash: My 'auth_master_user_separator' is '*' # telnet localhost 25001 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. request=smtpd_access_policy sender=johndoe at example.com recipient=*@example.com size=100000000 action=DEFER_IF_PERMIT Internal error occurred. Refer to server log for more information. request=smtpd_access_policy sender=johndoe at example.com recipient=*janedoe at example.com size=100000000 action=DEFER_IF_PERMIT Internal error occurred. Refer to server log for more information. request=smtpd_access_policy sender=johndoe at example.com recipient=;@example.com size=100000000 action=DUNNO request=smtpd_access_policy sender=johndoe at example.com recipient=;janedoe at example.com size=100000000 and in server log: Sep 29 08:51:05 my_server dovecot: master: Dovecot v2.2.15 starting up for imap, pop3, lmtp, sieve (core dumps disabled) Sep 29 08:51:05 my_server dovecot: master: Warning: /mnt is no longer mounted. See http://wiki2.dovecot.org/Mountpoints Sep 29 08:51:41 my_server dovecot: auth: Panic: file auth-request.c: line 1252 (auth_request_set_login_username): assertion failed: (*username != '\0') Sep 29 08:51:41 my_server dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a7126a] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a712d6] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a70cac] -> dovecot/auth [0x4131eb] -> dovecot/auth(auth_request_set_username+0x94) [0x413284] -> dovecot/auth [0x40dc4c] -> dovecot/auth [0x40e60b] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x3d70a82699] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd5) [0x3d70a83a55] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x3d70a82739] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x3d70a829b8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x3d70a29233] -> dovecot/auth(main+0x383) [0x41cfc3] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3302e1d9f4] -> dovecot/auth [0x40b5f9] Sep 29 08:51:41 my_server dovecot: quota-status: Error: userdb lookup(*@example.com): Disconnected unexpectedly Sep 29 08:51:41 my_server dovecot: auth: Fatal: master: service(auth): child 2147 killed with signal 6 (core dumps disabled) Sep 29 10:02:02 my_server dovecot: auth: Fatal: master: service(auth): child 12592 killed with signal 6 (core dumps disabled) Sep 29 10:03:52 my_server dovecot: auth: Panic: file auth-request.c: line 1252 (auth_request_set_login_username): assertion failed: (*username != '\0') Sep 29 10:03:52 my_server dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a7126a] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a712d6] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a70cac] -> dovecot/auth [0x4131eb] -> dovecot/auth(auth_request_set_username+0x94) [0x413284] -> dovecot/auth [0x40dc4c] -> dovecot/auth [0x40e60b] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x3d70a82699] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd5) [0x3d70a83a55] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x3d70a82739] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x3d70a829b8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x3d70a29233] -> dovecot/auth(main+0x383) [0x41cfc3] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3302e1d9f4] -> dovecot/auth [0x40b5f9] Sep 29 10:03:52 my_server dovecot: quota-status: Error: userdb lookup(*janedoe at example.com): Disconnected unexpectedly Sep 29 10:03:52 my_server dovecot: auth: Fatal: master: service(auth): child 9945 killed with signal 6 (core dumps disabled) Sep 29 10:16:10 my_server dovecot: auth: userdb(?): Username character disallowed by auth_username_chars: 0x3b (username: ;@example.com) Sep 29 10:16:43 my_server dovecot: auth: userdb(?): Username character disallowed by auth_username_chars: 0x3b (username: ;janedoe at example.com) If I change my 'auth_master_user_separator' to an other character, for example ';' : # telnet localhost 25001 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. request=smtpd_access_policy sender=johndoe at example.com recipient=*@example.com size=100000000 action=DUNNO request=smtpd_access_policy sender=johndoe at example.com recipient=*janedoe at example.com size=100000000 action=DUNNO request=smtpd_access_policy sender=johndoe at example.com recipient=;@example.com size=100000000 action=DEFER_IF_PERMIT Internal error occurred. Refer to server log for more information. request=smtpd_access_policy sender=johndoe at example.com recipient=;janedoe at example.com size=100000000 action=DEFER_IF_PERMIT Internal error occurred. Refer to server log for more information. and server log: Sep 29 10:20:00 my_server dovecot: auth: userdb(?): Username character disallowed by auth_username_chars: 0x2a (username: *@example.com) Sep 29 10:20:31 my_server dovecot: auth: userdb(?): Username character disallowed by auth_username_chars: 0x2a (username: *janedoe at example.com) Sep 29 10:20:54 my_server dovecot: auth: Panic: file auth-request.c: line 1252 (auth_request_set_login_username): assertion failed: (*username != '\0') Sep 29 10:20:54 my_server dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a7126a] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a712d6] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a70cac] -> dovecot/auth [0x4131eb] -> dovecot/auth(auth_request_set_username+0x94) [0x413284] -> dovecot/auth [0x40dc4c] -> dovecot/auth [0x40e60b] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x3d70a82699] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd5) [0x3d70a83a55] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x3d70a82739] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x3d70a829b8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x3d70a29233] -> dovecot/auth(main+0x383) [0x41cfc3] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3302e1d9f4] -> dovecot/auth [0x40b5f9] Sep 29 10:20:54 my_server dovecot: quota-status: Error: userdb lookup(;@example.com): Disconnected unexpectedly Sep 29 10:20:54 my_server dovecot: auth: Fatal: master: service(auth): child 19941 killed with signal 6 (core dumps disabled) Sep 29 10:21:15 my_server dovecot: auth: Panic: file auth-request.c: line 1252 (auth_request_set_login_username): assertion failed: (*username != '\0') Sep 29 10:21:15 my_server dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a7126a] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a712d6] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a70cac] -> dovecot/auth [0x4131eb] -> dovecot/auth(auth_request_set_username+0x94) [0x413284] -> dovecot/auth [0x40dc4c] -> dovecot/auth [0x40e60b] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x3d70a82699] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd5) [0x3d70a83a55] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x3d70a82739] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x3d70a829b8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x3d70a29233] -> dovecot/auth(main+0x383) [0x41cfc3] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3302e1d9f4] -> dovecot/auth [0x40b5f9] Sep 29 10:21:15 my_server dovecot: quota-status: Error: userdb lookup(;janedoe at example.com): Disconnected unexpectedly Sep 29 10:21:15 my_server dovecot: auth: Fatal: master: service(auth): child 20758 killed with signal 6 (core dumps disabled) of course, I don't have any address '*@example.com' or '*janedoe at example.com', but some bot in internet try to send emails to these addresses, and my Postfix ask my dovecot server for the quota of '*' or '*janedoe' user. I've solved the problem adding a REJECT rule to Postfix to discard the mail to '*@example.com' before the quota check, but this problem should be solved in Dovecot. thank you, Marco My configuration: # 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 2.6.18-406.el5 x86_64 Red Hat Enterprise Linux Server release 5.11 (Tikanga) ext3 auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = sha1 disable_plaintext_auth = no doveadm_password = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX doveadm_port = 12345 first_valid_uid = 200 hostname = myserver.example.com imap_client_workarounds = delay-newmail lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = X-Original-To listen = * login_log_format_elements = user=<%u> PID=%p method=%m rip=%r lip=%l %c login_trusted_networks = XXX.XXX.XXX.XXX mail_gid = mail mail_home = /var/spool/mail/%1n/%n mail_location = maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n mail_plugins = acl mailbox_alias quota mail_shared_explicit_inbox = yes mail_uid = vmail maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate vacation-seconds imapflags notify mbox_write_locks = fcntl mmap_disable = yes namespace archives { hidden = no inbox = no list = children location = maildir:/var/spool/archives/%1n/%n:INDEX=/var/shared/indexes/%1n/%n/archives mailbox 2015 { auto = subscribe special_use = \Archive } prefix = Archives. separator = . subscriptions = no type = private } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . } namespace others { list = children location = maildir:/var/spool/mail/%%1n/%%n:INDEXPVT=/var/shared/indexes/%1n/%n/shared/%%n prefix = Other Users.%%n. separator = . subscriptions = no type = shared } namespace others_archives { list = children location = maildir:/var/spool/archives/%%1n/%%n:INDEXPVT=/var/shared/indexes/%1n/%n/shared/%%n/archives prefix = Other Users Archives.%%n. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/var/shared/dovecot/shared-mailboxes.dict fts = solr fts_autoindex = yes fts_autoindex_max_recent_msgs = 20 fts_solr = url=http://solr.localdomain:8080/solr/ mailbox_alias_new = INBOX_spam mailbox_alias_old = Junk quota = maildir:User quota:ns= quota2 = maildir:Archive quota:ns=Archives. quota2_rule = *:storage=20GB quota2_warning = storage=95%% quota2-warning 95 %u quota2_warning2 = storage=90%% quota2-warning 90 %u quota2_warning3 = storage=80%% quota2-warning 80 %u quota_rule = *:storage=5GB quota_rule2 = Trash:storage=+20%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Quota exceeded (mailbox for user is full) quota_status_success = DUNNO quota_warning = storage=100%% quota-warning 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=90%% quota-warning 90 %u quota_warning4 = storage=80%% quota-warning 80 %u sieve = file:~/sieve;active=~/sieve/.dovecot.sieve sieve_default = /etc/dovecot/sieve/dovecot.sieve sieve_extensions = +notify +imapflags +vacation-seconds sieve_max_redirects = 16 sieve_vacation_min_period = 0s } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh postmaster_address = postmaster at example.com protocols = imap pop3 lmtp sieve rejection_reason = Your message to <%t> was automatically rejected for the following reason - il tuo messaggio a <%t> ? stato rifiutato per il seguente motivo:%n%n%r rejection_subject = Rejected - Messaggio rifiutato: %s service auth { inet_listener { port = 49494 } unix_listener auth-userdb { user = vmail } } service dict { unix_listener dict { user = vmail } } service doveadm { inet_listener { port = 26001 } } service imap-login { process_min_avail = 16 service_count = 0 } service imap { process_limit = 2048 } service lmtp { inet_listener lmtp { port = 24 } process_min_avail = 5 } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } process_min_avail = 16 service_count = 0 vsz_limit = 256 M } service quota-status { client_limit = 1 executable = /usr/libexec/dovecot/quota-status -p postfix inet_listener { port = 25001 } } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } service quota2-warning { executable = script /usr/local/bin/dovecot-quota2-warning.sh unix_listener quota2-warning { user = vmail } user = vmail } ssl_cert = References: Message-ID: <2D0D4C02-DB83-4FFF-A56E-50D0BF26CDA3@iki.fi> On 29 Sep 2015, at 09:34, Muzaffer Tolga Ozses wrote: > > Hi, > > I gave a feedback about dovecot.fi website yesterday. It's awaiting > moderation because it exceeded message size because it contains a > screenshot. Was this ML the right place to post this? If not, please > redirect me to the appropriate place. dovecot.fi web site is going to have a total redesign, once somebody has time.. We know there are many problems with it. From tss at iki.fi Tue Sep 29 09:06:39 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 29 Sep 2015 12:06:39 +0300 Subject: BUG: service(auth) crash when quota-status lookup an address with local-part starting with auth_master_user_separator In-Reply-To: <560A4D86.3010602@sissa.it> References: <560A4D86.3010602@sissa.it> Message-ID: <70DD8B6F-F84C-46F6-838C-3854E25CCD4E@iki.fi> On 29 Sep 2015, at 11:36, Marco Giunta wrote: > > Hi, > I'm using dovecot 2.2.15 (configuration attached below), and I 've enabled quota-status; when I try to look up the quota status of an address with the local-part starting with the same character as 'auth_master_user_separator', dovecot/auth crash: > > My 'auth_master_user_separator' is '*' > > Sep 29 08:51:41 my_server dovecot: auth: Panic: file auth-request.c: line 1252 (auth_request_set_login_username): assertion failed: (*username != '\0') v2.2.17 fixes this crash, but a better fix would be to disale the separator for these lookups. I think something like this would work: auth_master_user_separator = * protocol quota-status { # disable auth_master_user_separator = } or alternatively enable master user separator only for imap: auth_master_user_separator = protocol imap { auth_master_user_separator = * } From giunta at sissa.it Tue Sep 29 09:41:49 2015 From: giunta at sissa.it (Marco Giunta) Date: Tue, 29 Sep 2015 11:41:49 +0200 Subject: BUG: service(auth) crash when quota-status lookup an address with local-part starting with auth_master_user_separator In-Reply-To: <70DD8B6F-F84C-46F6-838C-3854E25CCD4E@iki.fi> References: <560A4D86.3010602@sissa.it> <70DD8B6F-F84C-46F6-838C-3854E25CCD4E@iki.fi> Message-ID: <560A5CDD.1010509@sissa.it> On 2015-09-29 11:06, Timo Sirainen wrote: > On 29 Sep 2015, at 11:36, Marco Giunta wrote: > > but a better fix would be to disale the separator for these lookups. I think something like this would work: > > auth_master_user_separator = * > protocol quota-status { > # disable > auth_master_user_separator = > } > Thank you Timo, this works like a charms on 2.2.16; I'm waiting 2.2.19 to update my servers. Marco -- ----------------------------------- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: giunta at sissa.it | ----------------------------------- From marco.fretz at gmail.com Tue Sep 29 11:26:44 2015 From: marco.fretz at gmail.com (Marco Fretz) Date: Tue, 29 Sep 2015 13:26:44 +0200 Subject: distuguish between different domains In-Reply-To: <56094D7F.3090100@turmel.org> References: <20150927195327.1f85f343@workstation.bitcorner.intern> <5608DE67.7010901@gmail.com> <20150928104803.52be8505@workstation.bitcorner.intern> <56094C4B.1000109@gmail.com> <56094D7F.3090100@turmel.org> Message-ID: <560A7574.6070802@gmail.com> >> the dovecot service does not care about the server dns name. the dns >> name resolves to the IP address on the client (roundcube) and the client >> connects to the server. if the same dovecot instance listens to all / >> both IP address, client will end up on this dovecot instance and all >> valid user-password combinations are authorized. that's the way it has >> to be, otherwise virtual / mass virtual domain hosting would not be >> possible as you cannot spawn 1000 instances on the same machine (ok, in >> theory you could do that :D) > No, it's only impossible if you are using passdb or otherwise > authenticating against real users of the system. If you are using > virtual users (SQL, LDAP, etc.), you can include the domain name in the > auth lookups. > > Andreas was asking about the fqdn where the imap client is connecting to, not the user name / e-mail address. you can use localpart and domain from the email address in passdb / userdb lookups but dovecot (imap) is nothing like http where you send the a hostname of the site you're conncting to in the header. From marco.fretz at gmail.com Tue Sep 29 11:44:08 2015 From: marco.fretz at gmail.com (Marco Fretz) Date: Tue, 29 Sep 2015 13:44:08 +0200 Subject: mirroring one domain.tld to domain.tld.au In-Reply-To: <0e430da252c67c4f89adfd88929003ba.squirrel@sbt.net.au> References: <0e430da252c67c4f89adfd88929003ba.squirrel@sbt.net.au> Message-ID: <560A7988.7070608@gmail.com> On 28.09.2015 16:47, voytek at sbt.net.au wrote: > I have Postfix/Dovecot/postfixadmin/MySQL with several virtual mailbox > domains > > one of the domains is like aname.com.au, the user also now has aname.com, > and, would like to 'mirror' most of the addresses to be user at aname.com, > THOUGH, some are to remain as user2 at aname.com.au I usually do this by having 4 tables in mysql: hosting (links everything together, links to a product table, quota, what ever) domains (domainnames) accounts (homedir, password, etc.) usernames - one hosting has many accounts - one hosting has many domains (domain aliases) - one account has many usernames (localpart aliases for same account) then you can match like anything you want out of this and you use similar queries for postfix and dovecot. in the domains table you could have a column boolean "maindomain" and in the account table you have a column "maindomain_only"... for my use, users don't care if there are other alias combinations - they just don't use it then. but they can login with any combination of @ and it's still only one mail directory per account. it's also a good idea to name the maildirectory like /, so you don't have the domain / username hardcoded anywhere. just some thoughts, works great for me - but depends on your exact use case. you can do like anything you want in SQL for postfix and dovecot.... keep performance in mind though :-) > > so, both user at aname.com as well as user at aname.com.au should be one user > > the users retrive emails as user at aname.com.au > > longer term... some would want to use aname.com.au. some, aname.com > > what's the best/proper way to do so in Dovecot ? > > I think I can do Postfix with postfixadmin to "Mirror addresses of one of > your domains to another." > > but what do I do at the Dovecot end...? > > thanks for any pointers, suggestions or advice From pbatkov at hostcomm.ru Tue Sep 29 14:14:19 2015 From: pbatkov at hostcomm.ru (Pavel Batkov) Date: Tue, 29 Sep 2015 17:14:19 +0300 Subject: quota count Message-ID: <560A9CBB.80305@hostcomm.ru> Hi Dovecot: 2.2.19.rc2 OS: CentOS Linux release 7.1.1503 (Core) FS: XFS Problem: Dovecot it does not include line breaks in the letter. Bug or feautre? Message size in fs: 1125 bytes Message: From cras at irccrew.org Tue Jul 23 19:39:23 2002 Received: with ECARTIS (v1.0.0; list dovecot); Tue, 23 Jul 2002 19:39:23 +0300 (EEST) Return-Path: Delivered-To: dovecot at procontrol.fi Received: from shodan.irccrew.org (shodan.irccrew.org [80.83.4.2]) by danu.procontrol.fi (Postfix) with ESMTP id 434B423848 for ; Tue, 23 Jul 2002 19:39:23 +0300 (EEST) Received: by shodan.irccrew.org (Postfix, from userid 6976) id 175FA4C0A0; Tue, 23 Jul 2002 19:39:23 +0300 (EEST) Date: Tue, 23 Jul 2002 19:39:23 +0300 From: Timo Sirainen To: dovecot at procontrol.fi Subject: [dovecot] first test mail Message-ID: <20020723193923.J22431 at irccrew.org> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.5i Content-Type: text/plain; charset=us-ascii X-archive-position: 1 X-ecartis-version: Ecartis v1.0.0 Sender: dovecot-bounce at procontrol.fi Errors-to: dovecot-bounce at procontrol.fi X-original-sender: tss at iki.fi Precedence: bulk X-list: dovecot X-IMAPbase: 1096038620 0000010517 X-UID: 1 Status: O lets see if it works Dovecot count dict mysql: UPDATE quota SET bytes=bytes+974,messages=messages+1 WHERE username = 'user10 at test.test' From jonikula at gmail.com Tue Sep 29 14:22:36 2015 From: jonikula at gmail.com (Jouko Nikula) Date: Tue, 29 Sep 2015 17:22:36 +0300 Subject: BINARY capability not working correctly? In-Reply-To: <55FD7EED.5070506@dovecot.fi> References: <55F56655.5030907@rename-it.nl> <55FD7EED.5070506@dovecot.fi> Message-ID: On Sat, Sep 19, 2015 at 6:27 PM, Michael M Slusarz wrote: > > Probably this: http://markmail.org/message/abjg72sw7ii5ty5x > > Trivial to workaround in client code, so no need to disable BINARY outright > on a client. > It seems that you were right. Updating dovecot from version 2.2.10 to 2.2.18 corrected the problem. The fix is in 2.2.13. Thanks a lot! - Jouko From james at lottspot.com Tue Sep 29 14:28:18 2015 From: james at lottspot.com (James Lott) Date: Tue, 29 Sep 2015 07:28:18 -0700 Subject: dovecot quota service for postfix In-Reply-To: <50c2566607ca890515ee046e71e53ccb.squirrel@mailer.coptics.org> References: <50c2566607ca890515ee046e71e53ccb.squirrel@mailer.coptics.org> Message-ID: <560AA002.9030203@lottspot.com> > Incase user is underquota, then the email is returned back to postfix for > processing and delivering email to user mbox, incase user has no > sufficient quota then dovecot will inform postfix to reject email. > > Please confirm if what i mentioned above is correct and that i understand > correctly how dove-cot policy works with postfix. Your understanding is mor or less correct, except that postfix never passes the email itself to dovecot when performing the quota check. It simply sends a message to the quota policy service asking if the recipient is over quota. If the recipient is over quota, dovecot provides postfix with the response configured in quota_status_overquota. If the recipient is under quota, dovecot provides postfix with the response configured in quota_status_success. If dovecot does not know the user, it provides postfix with the response configured in quota_status_nouser. > Kindly check my configuration below and advise the missing parts to add... I don't see anything wrong with your configuration on first appraisal, but if it isn't working I would recommend you perform the following troubleshooting steps. 1. Verify the user's mailbox is over or under quota in alignment with your expectations - `doveadm quota -u $RECIPIENT` 2. Test that the quota service provides the response you expect it to - `echo "recipient=$RECIPIENT" | nc -q1 localhost 12340` On 09/26/2015 01:40 AM, Michael Peter wrote: > Hello, > > I am trying to use dovecot quota service for postfix in order set quota > for some users. > > i configure postfix policy service to ask dovecot if user quota is > sufficient to accept the email or not. > > (dovecot in this case acts only as policy server to postfix as it only > ACCEPT/REJECT email according to user quota, but it is not used to deliver > email , because postfix will deliver the email to user mailbox) > > Incase user is underquota, then the email is returned back to postfix for > processing and delivering email to user mbox, incase user has no > sufficient quota then dovecot will inform postfix to reject email. > > Please confirm if what i mentioned above is correct and that i understand > correctly how dove-cot policy works with postfix. > > > Kindly check my configuration below and advise the missing parts to add... > > > > > > plugin { > quota_rule = *:storage=1G > quota_grace = 10%% > # 10% is the default > quota_status_success = DUNNO > quota_status_nouser = DUNNO > quota_status_overquota = "552 5.2.2 Mailbox is full" > ... > } > > The above configurations is for all users which is not override by quota > rules in userdb's extra fields in my password file below. > > Is the above configuration missing some thing ? i am using mbox format for > emails storage. do you i have to add (quota= SOMETHING) before (quote_rule > = *:storage=1G) and what to do add to make dovecot support mbox quota? > > smtpd_recipient_restrictions = > check_policy_service inet:SERVER-HIDDEN-FOR-SECRUITY.com:12340 > > > service quota-status { > executable = quota-status -p postfix > inet_listener { > port = 12340 > } > client_limit = 1 > } > > now in order to configure dovecot specific quota for user named (user1) i > use passwd-file as follow > > user1:{plain}pass3:1002:1002::/home/user1::userdb_mail=mbox:~/mymail:INBOX=/var/mail/user1 > userdb_quota_rule=*:bytes=300M > > All other users except users1 should have 1GB storage according to this > configuration. which user1 will only have 300MB > > Please advise what is my configuration is missing and if i need to add any > thing to run without issues. > > Many thanks > > Michael Peter From tss at iki.fi Tue Sep 29 14:46:51 2015 From: tss at iki.fi (Timo Sirainen) Date: Tue, 29 Sep 2015 17:46:51 +0300 Subject: quota count In-Reply-To: <560A9CBB.80305@hostcomm.ru> References: <560A9CBB.80305@hostcomm.ru> Message-ID: <560AA45B.3060701@iki.fi> On 09/29/2015 05:14 PM, Pavel Batkov wrote: > Hi > > Dovecot: 2.2.19.rc2 > OS: CentOS Linux release 7.1.1503 (Core) > FS: XFS > > Problem: > > Dovecot it does not include line breaks in the letter. Bug or feautre? I don't think it's related to line feeds, although there are settings related to that. What mailbox format are you using? It seems like mbox format. With mbox: > Message size in fs: 1125 bytes > > Message: > > From cras at irccrew.org Tue Jul 23 19:39:23 2002 .. > X-IMAPbase: 1096038620 0000010517 > X-UID: 1 > Status: O These above 4 lines are internal metadata with mbox format. Because they're not really part of the real message, they're not counted towards the quota. (And practically this would also make it difficult, because a flag change would then also change the quota.) > Dovecot count dict mysql: > > UPDATE quota SET bytes=bytes+974,messages=messages+1 WHERE username = > 'user10 at test.test' After removing those lines, the message size matches the 974 bytes correctly. From pbatkov at hostcomm.ru Tue Sep 29 15:29:23 2015 From: pbatkov at hostcomm.ru (Pavel Batkov) Date: Tue, 29 Sep 2015 18:29:23 +0300 Subject: quota count In-Reply-To: <560AA45B.3060701@iki.fi> References: <560A9CBB.80305@hostcomm.ru> <560AA45B.3060701@iki.fi> Message-ID: <560AAE53.3020906@hostcomm.ru> On 29.09.2015 17:46, Timo Sirainen wrote: > On 09/29/2015 05:14 PM, Pavel Batkov wrote: >> Hi >> >> Dovecot: 2.2.19.rc2 >> OS: CentOS Linux release 7.1.1503 (Core) >> FS: XFS >> >> Problem: >> >> Dovecot it does not include line breaks in the letter. Bug or feautre? > I don't think it's related to line feeds, although there are settings > related to that. What mailbox format are you using? It seems like mbox > format. With mbox: mbox > >> Message size in fs: 1125 bytes >> >> Message: >> >> From cras at irccrew.org Tue Jul 23 19:39:23 2002 > .. >> X-IMAPbase: 1096038620 0000010517 >> X-UID: 1 >> Status: O > These above 4 lines are internal metadata with mbox format. Because > they're not really part of the real message, they're not counted towards > the quota. (And practically this would also make it difficult, because a > flag change would then also change the quota.) > >> Dovecot count dict mysql: >> >> UPDATE quota SET bytes=bytes+974,messages=messages+1 WHERE username = >> 'user10 at test.test' > After removing those lines, the message size matches the 974 bytes > correctly. From distler at golem.ph.utexas.edu Tue Sep 29 20:22:49 2015 From: distler at golem.ph.utexas.edu (Jacques Distler) Date: Tue, 29 Sep 2015 15:22:49 -0500 Subject: v2.2.19 release candidate 2 released Message-ID: Darwin doesn't have an EDEADLOCK error code, so compilation fails on MacOSX: file-lock.c:214:16: error: use of undeclared identifier 'EDEADLOCK' if (errno == EDEADLOCK) ^ file-lock.c:262:16: error: use of undeclared identifier 'EDEADLOCK' if (errno == EDEADLOCK) ^ 2 errors generated. make[4]: *** [file-lock.lo] Error 1 make[3]: *** [all] Error 2 make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 203 bytes Desc: Message signed with OpenPGP using GPGMail URL: From remko at freebsd.org Tue Sep 15 16:06:55 2015 From: remko at freebsd.org (Remko Lodder) Date: Tue, 15 Sep 2015 18:06:55 +0200 (CEST) Subject: FreeBSD 10 & default_vsz_limit causing reboots? In-Reply-To: <20150915075258.Horde.L7aLBFqZ4XBYjluThkKt9w1@www.vfemail.net> References: <20150915075258.Horde.L7aLBFqZ4XBYjluThkKt9w1@www.vfemail.net> Message-ID: <1159436266.29.1442333216217.JavaMail.open-xchange@openexchange.elvandar.org> Hi, > Op 15 september 2015 om 14:52 schreef Rick Romero : > > > Ok, > > So this is really more of an observation than anything else.? > > I had a FreeBSD 10.1 server that was running great. Some SSL issue came up, > or I upgrade Dovecot in ports - something occurred and the machine started > rebooting randomly.? It would run for 2 weeks, then reboot.? It might run > for 5 days and then reboot. So I started doing more FreeBSD upgrades, > thinking it was a kernel issue. The reboots only increased.? > > This weekend I started thinking I might actually be having hardware > issues.? But, since I don't have easy physical access to the box and it's > REALLY under loaded, I figured what the hell and upraded to 10.2 on > Sunday.? I think it rebooted 4 times after that on Sunday, and then > another 2 times Monday morning.? > > Its worth noting that while I have crash dumps enabled, they don't seem to > be occurring.? So hardware is still a possibility. Jumping in at some point here, as FreeBSD dev I run most of my servers on FreeBSD. All my mailservers are running FreeBSD. My customer backend servers run Dovecot on FreeBSD. we have a few hundred mailboxes (not that many). I upgrade all my packages and system whenever there are updates and I figured out whether they are OK or not. That means that I most likely do more upgrades then you do at the moment. I never ever had the symptoms you describe nor did I need to tweak settings. Given this is a "FreeBSD"box crashing I thought I should reply. I think you need to contact the FreeBSD devs (other then me) to ask what is going on. Perhaps you can do a backtrace on the dump to see what was going on. If you installed panicmail (a tool by Colin Percival) it will automatically create an informative email which describes the issue more or less .. Please poke me offline when I can help you more with that. Cheers Remko(@FreeBSD.org) > > After the 2nd Monday morning reboot, I started to wonder if there was some > sort of process issue.? Besides the OS upgrades - I had been monitoring > the Dovecot logs for when the process limits are reached, and increasing > them.? It's a 'big' box, and load is typically between .30 and .50. CPUs > aren't overtaxed, and most of the memory is dedicated to ZFS.? The reboots > are so short, I've only received one 'down' alert due to them. So it's a > conerning issue, but not really impacting production. > > On a whim I changed my default_vsz_limit (as I had been increasing every > other limit but that) from 384M to 512M.? The system hasn't rebooted in > 24hours. > > Now that could be a coincidence, but I thought I'd at least put it out > there. > > If you see anything weird in my dovecot config, let me know - My config was > originally vpopmail, but over time I've migrated to SQL-only. > > root at romulus:/usr/local/etc/dovecot # dovecot -n > # 2.2.18: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 10.2-RELEASE amd64 > auth_master_user_separator = * > auth_mechanisms = plain login > auth_username_translation = %@ > auth_verbose = yes > default_login_user = dovecot > default_vsz_limit = 512 M > disable_plaintext_auth = no > first_valid_gid = 89 > first_valid_uid = 89 > last_valid_gid = 89 > last_valid_uid = 89 > log_path = /dev/stderr > login_greeting = Ready. > login_trusted_networks = 172.16.100.0/24 > mail_fsync = never > mail_plugins = " quota zlib stats" > mail_privileged_group = mail > namespace compat { > ? alias_for = > ? hidden = yes > ? inbox = no > ? list = no > ? location = > ? prefix = INBOX. > ? separator = . > } > namespace inbox { > ? inbox = yes > ? location = > ? prefix = > ? separator = . > } > passdb { > ? args = /usr/local/etc/dovecot/dovecot-master-sql.conf > ? driver = sql > ? master = yes > ? pass = yes > } > passdb { > ? args = /usr/local/etc/dovecot/dovecot-sql.conf > ? driver = sql > } > plugin { > ? quota = maildir > ? quota_rule = Trash:storage=+10%% > ? stats_refresh = 30 secs > ? stats_track_cmds = yes > } > protocols = imap pop3 > service anvil { > ? client_limit = 3175 > } > service auth { > ? client_limit = 3684 > ? unix_listener auth-master { > ??? mode = 0600 > ? } > } > service imap-login { > ? process_limit = 1536 > ? process_min_avail = 25 > ? service_count = 1 > } > service imap-postlogin { > ? executable = script-login rawlog /usr/local/etc/dovecot/lastauth-imap.sh > ? user = vpopmail > } > service imap { > ? executable = /usr/local/libexec/dovecot/imap imap-postlogin > ? process_limit = 1536 > } > service pop-postlogin { > ? executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh > ? user = vpopmail > } > service pop3-login { > ? process_limit = 1536 > ? process_min_avail = 15 > ? service_count = 1 > } > service pop3 { > ? executable = /usr/local/libexec/dovecot/pop3 pop-postlogin > } > service stats { > ? fifo_listener stats-mail { > ??? mode = 0600 > ??? user = vpopmail > ? } > } > shutdown_clients = no > ssl_cert = ssl_key = ssl_key_password = na > userdb { > ? driver = prefetch > } > verbose_proctitle = yes > protocol imap { > ? imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > ? mail_max_userip_connections = 100 > ? mail_plugins = " quota zlib stats imap_zlib quota imap_quota" > } > protocol pop3 { > ? mail_max_userip_connections = 100 > ? mail_plugins = quota > ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > ? pop3_uidl_format = %08Xu%08Xv > } From user+dovecot at localhost.localdomain.org Tue Sep 29 21:07:43 2015 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 29 Sep 2015 21:07:43 +0000 Subject: v2.2.19 release candidate 2 released In-Reply-To: References: Message-ID: <560AFD9F.10505@localhost.localdomain.org> On 2015-09-29 20:22, Jacques Distler wrote: > Darwin doesn't have an EDEADLOCK error code, so compilation fails on MacOSX: > > file-lock.c:214:16: error: use of undeclared identifier 'EDEADLOCK' > if (errno == EDEADLOCK) > ^ > file-lock.c:262:16: error: use of undeclared identifier 'EDEADLOCK' > if (errno == EDEADLOCK) > ^ Does http://hg.dovecot.org/dovecot-2.2/rev/7633bca91551 fix the problem for you? Regards, Pascal -- The trapper recommends today: deadbeef.1527223 at localdomain.org From distler at golem.ph.utexas.edu Tue Sep 29 22:05:51 2015 From: distler at golem.ph.utexas.edu (Jacques Distler) Date: Tue, 29 Sep 2015 17:05:51 -0500 Subject: Released Pigeonhole v0.4.9.rc1 for Dovecot v2.2.19.rc1 Message-ID: duplicate symbol _vnd_environment_extension in: ../../src/lib-sieve/plugins/vnd.dovecot/environment/.libs/libsieve_ext_vnd_environment.a(ext-vnd-environment.o) ../../src/lib-sieve/plugins/vnd.dovecot/environment/.libs/libsieve_ext_vnd_environment.a(ext-vnd-environment-items.o) duplicate symbol _vnd_environment_extension in: ../../src/lib-sieve/plugins/vnd.dovecot/environment/.libs/libsieve_ext_vnd_environment.a(ext-vnd-environment.o) ../../src/lib-sieve/plugins/vnd.dovecot/environment/.libs/libsieve_ext_vnd_environment.a(ext-vnd-environment-variables.o) ld: 2 duplicate symbols for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation) make[4]: *** [libdovecot-sieve.la] Error 1 make[3]: *** [all-recursive] Error 1 make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 203 bytes Desc: Message signed with OpenPGP using GPGMail URL: From distler at golem.ph.utexas.edu Tue Sep 29 22:07:02 2015 From: distler at golem.ph.utexas.edu (Jacques Distler) Date: Tue, 29 Sep 2015 17:07:02 -0500 Subject: v2.2.19 release candidate 2 released Message-ID: > Does http://hg.dovecot.org/dovecot-2.2/rev/7633bca91551 > fix the problem for you? Seems to. Thanks! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 203 bytes Desc: Message signed with OpenPGP using GPGMail URL: From stephan at rename-it.nl Tue Sep 29 22:56:19 2015 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 30 Sep 2015 00:56:19 +0200 Subject: Released Pigeonhole v0.4.9.rc1 for Dovecot v2.2.19.rc1 In-Reply-To: References: Message-ID: <560B1713.4030301@rename-it.nl> Op 30-9-2015 om 0:05 schreef Jacques Distler: > duplicate symbol _vnd_environment_extension in: > ../../src/lib-sieve/plugins/vnd.dovecot/environment/.libs/libsieve_ext_vnd_environment.a(ext-vnd-environment.o) > ../../src/lib-sieve/plugins/vnd.dovecot/environment/.libs/libsieve_ext_vnd_environment.a(ext-vnd-environment-items.o) > duplicate symbol _vnd_environment_extension in: > ../../src/lib-sieve/plugins/vnd.dovecot/environment/.libs/libsieve_ext_vnd_environment.a(ext-vnd-environment.o) > ../../src/lib-sieve/plugins/vnd.dovecot/environment/.libs/libsieve_ext_vnd_environment.a(ext-vnd-environment-variables.o) > ld: 2 duplicate symbols for architecture x86_64 > clang: error: linker command failed with exit code 1 (use -v to see invocation) > make[4]: *** [libdovecot-sieve.la] Error 1 > make[3]: *** [all-recursive] Error 1 > make[2]: *** [all-recursive] Error 1 > make[1]: *** [all-recursive] Error 1 > make: *** [all] Error 2 Fixed: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/9ac3914392a4 Regards, Stephan. From bra at fsn.hu Wed Sep 30 09:19:13 2015 From: bra at fsn.hu (Nagy, Attila) Date: Wed, 30 Sep 2015 11:19:13 +0200 Subject: userdb prefetch doesn't work with imapc (2.2.18) Message-ID: <560BA911.3040901@fsn.hu> Hi, I have the following config in dovecot 2.2.18: # doveconf -n userdb passdb userdb { driver = prefetch } passdb { args = host=127.0.0.1 port=1430 default_fields = userdb_imapc_user=%u userdb_imapc_password=%w driver = imap } I guess it should cause a single login to the backend IMAP server when issuing a LOGIN to dovecot. Yet, dovecot opens two TCP sessions. In the first, it issues a LOGIN and in the second it logs in again (LOGIN) and issues LIST "" "". At the end (after LOGIN succeeds to dovecot), only one of the two connections remain open to the backend server. Any ideas about this? Thanks, From marcin at mejor.pl Wed Sep 30 10:25:17 2015 From: marcin at mejor.pl (=?UTF-8?Q?Marcin_Miros=c5=82aw?=) Date: Wed, 30 Sep 2015 12:25:17 +0200 Subject: v2.2.19 release candidate 2 released In-Reply-To: <9A87B500-0D00-449A-B79D-97A57E67030C@iki.fi> References: <9A87B500-0D00-449A-B79D-97A57E67030C@iki.fi> Message-ID: <560BB88D.5030806@mejor.pl> W dniu 28.09.2015 o 16:34, Timo Sirainen pisze: > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc2.tar.gz > http://dovecot.org/releases/2.2/rc/dovecot-2.2.19.rc2.tar.gz.sig > > There were still a bit too many bugs in RC1, so here's RC2. Hopefully this will be stable enough to become v2.2.19 final. Please test now rather than wait for v2.2.19 final, since v2.2.20 is unlikely to arrive anytime soon (unless there are some major problems). Hi! How looks plans for developing FTS? On wiki[1] is written that squat is obsolete and "fts-dovecot is Dovecot Pro's new search index, under development. (Requires v2.2+) " but page fts-dovecot doesn't exist in wiki. Is fts-dovecot working? Is squat only one usable built-in fts engine in dovecot? Should we expect v2.3.x in near future? [1] - http://wiki2.dovecot.org/Plugins/FTS From tss at iki.fi Wed Sep 30 11:06:44 2015 From: tss at iki.fi (Timo Sirainen) Date: Wed, 30 Sep 2015 14:06:44 +0300 Subject: userdb prefetch doesn't work with imapc (2.2.18) In-Reply-To: <560BA911.3040901@fsn.hu> References: <560BA911.3040901@fsn.hu> Message-ID: <461CF8FA-8E69-4C7C-BC6D-E2E224296CF4@iki.fi> > On 30 Sep 2015, at 12:19, Nagy, Attila wrote: > > Hi, > > I have the following config in dovecot 2.2.18: > # doveconf -n userdb passdb > userdb { > driver = prefetch > } > passdb { > args = host=127.0.0.1 port=1430 > default_fields = userdb_imapc_user=%u userdb_imapc_password=%w > driver = imap > } > > I guess it should cause a single login to the backend IMAP server when issuing a LOGIN to dovecot. > Yet, dovecot opens two TCP sessions. In the first, it issues a LOGIN and in the second it logs in again (LOGIN) and issues LIST "" "". > > At the end (after LOGIN succeeds to dovecot), only one of the two connections remain open to the backend server. It's intended to open two TCP sessions. There's no way to fix this without some major changes. Although you could install imapproxy on localhost and have it cache the connection. From yvon.thoraval at gmail.com Wed Sep 30 13:14:40 2015 From: yvon.thoraval at gmail.com (Yvon Thoraval) Date: Wed, 30 Sep 2015 15:14:40 +0200 Subject: [IMAP] Nothing in INBOX Message-ID: Hey all, I've just installed Postfix + Dovecot on Xubunto 14.04 LTS. Following this page : Setup a mail server with Postfix and Dovecot on Ubuntu / Debian although I'm able to send emails to GMail and other kind of domain, nothing appears on Thunderbird INBOX, nor using openssl : ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $ openssl s_client -connect imap..:993 CONNECTED(00000003) Start Time: 1443543797 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. A1 LOGIN @. A1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE] Logged in A2 LIST "" "*" * LIST (\HasNoChildren) "." GMail * LIST (\HasNoChildren \Drafts) "." Drafts * LIST (\HasNoChildren) "." j-kiosk * LIST (\HasNoChildren \Trash) "." Trash * LIST (\HasNoChildren) "." Pourriel * LIST (\HasNoChildren) "." "Linux Mint" * LIST (\HasNoChildren) "." free * LIST (\HasNoChildren \Sent) "." Sent * LIST (\HasNoChildren) "." INBOX A2 OK List completed. A3 EXAMINE INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1443454274] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [NOMODSEQ] No permanent modsequences A3 OK [READ-ONLY] Examine completed (0.000 secs). ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- However, using mail, i can read the emails : ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $ mail Heirloom mailx version 12.5 6/20/10. Type ? for help. "/var/mail/desktop": 20 messages 9 new 18 unread U 1 Desktop User Sun Sep 27 13:01 19/621 ceci est le sujet N 20 Yvon Thoraval Tue Sep 29 18:02 25/1042 another mail with Maildir... ? ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- my dovecot setup uses vhosts : ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $ ls -al /var/mail/vhosts/// total 76K drwxr-sr-x 14 vmail vmail 4,0K sept. 29 18:01 ./ drwxr-sr-x 4 vmail vmail 4,0K sept. 27 10:31 ../ drwxr-sr-x 2 vmail vmail 4,0K sept. 28 17:31 cur/ -rw-r--r-- 1 vmail vmail 272 sept. 28 17:31 dovecot.index.log -rw-r--r-- 1 vmail vmail 168 sept. 29 16:16 dovecot.mailbox.log -rw-r--r-- 1 vmail vmail 51 sept. 28 17:31 dovecot-uidlist -rw-r--r-- 1 vmail vmail 8 sept. 29 16:17 dovecot-uidvalidity -r--r--r-- 1 vmail vmail 0 sept. 28 17:31 dovecot-uidvalidity.56095d49 drwxr-sr-x 5 vmail vmail 4,0K sept. 29 15:09 .Drafts/ drwxr-sr-x 5 vmail vmail 4,0K sept. 28 18:40 .free/ drwxr-sr-x 5 vmail vmail 4,0K sept. 28 18:41 .GMail/ drwxr-sr-x 5 vmail vmail 4,0K sept. 29 16:17 .j-kiosk/ drwxr-sr-x 5 vmail vmail 4,0K sept. 29 16:17 .Linux Mint/ drwxr-sr-x 2 vmail vmail 4,0K sept. 29 18:01 Maildir/ -rw-r--r-- 1 vmail vmail 0 sept. 28 17:31 maildirfolder drwxr-sr-x 2 vmail vmail 4,0K sept. 28 17:31 new/ drwxr-sr-x 5 vmail vmail 4,0K sept. 29 15:08 .Pourriel/ drwxr-sr-x 5 vmail vmail 4,0K sept. 29 16:17 .Sent/ -rw-r--r-- 1 vmail vmail 48 sept. 29 16:16 subscriptions drwxr-sr-x 2 vmail vmail 4,0K sept. 28 17:31 tmp/ drwxr-sr-x 5 vmail vmail 4,0K sept. 29 15:06 .Trash/ ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- with nothing in new subfolder: ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $ ls -al /var/mail/vhosts///new total 8,0K drwxr-sr-x 2 vmail vmail 4,0K sept. 28 17:31 ./ drwxr-sr-x 14 vmail vmail 4,0K sept. 29 18:01 ../ ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- my Postfix version : ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $ postconf -d | grep mail_version mail_version = 2.11.0 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- my Dovecot version : ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $ dovecot --version 2.2.9 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- my Dovecot conf : ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $ sudo dovecot -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.14.32-xxxx-std-ipv6-64 x86_64 Ubuntu 14.04.3 LTS ext4 auth_mechanisms = plain login listen = * log_path = /var/log/dovecot.log mail_location = maildir:/var/mail/vhosts/%d/%n namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users driver = passwd-file } postmaster_address = desktop at j-kiosk.com protocols = " imap lmtp pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } ssl = required ssl_cert = . myhostname = smtp.. mynetworks = .0/24, 127.0.0.0/8 myorigin =. readme_directory = no recipient_delimiter = relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains virtual_transport = lmtp:unix:private/dovecot-lmtp ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- From km at mathcs.emory.edu Wed Sep 30 14:13:13 2015 From: km at mathcs.emory.edu (Ken Mandelberg) Date: Wed, 30 Sep 2015 10:13:13 -0400 Subject: Double Dots Message-ID: <560BEDF9.6090800@mathcs.emory.edu> I've noticed lately that Dovecot seems to be inserting an extra dot in some url's contained in html email. The most consistent example I see is in the newsletters from the Washington Post. For example, if I look at the raw email on the mail server I see text that starts Enlightenment succeeded! Thanks, David From bytesplit at gmail.com Wed Sep 30 17:55:31 2015 From: bytesplit at gmail.com (Philon) Date: Wed, 30 Sep 2015 19:55:31 +0200 Subject: [IMAP] Nothing in INBOX In-Reply-To: References: Message-ID: <22E0C881-B2A9-4BBC-BECF-ED49DDEBD26E@googlemail.com> Hi Yvon, perhaps you can take a look into your logs at /var/log/mail.log (and dovecot.log as you configured). There Postfix should pickup the incoming email and deliver it to Dovecot. From this communication the problem should be pretty obvious. Philon > Am 30.09.2015 um 15:14 schrieb Yvon Thoraval : > > Hey all, > > I've just installed Postfix + Dovecot on Xubunto 14.04 LTS. > Following this page : > Setup a mail server with Postfix and Dovecot on Ubuntu / Debian > > > although I'm able to send emails to GMail and other kind of domain, nothing > appears on Thunderbird INBOX, nor using openssl : > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > $ openssl s_client -connect imap..:993 > CONNECTED(00000003) > > > > Start Time: 1443543797 > Timeout : 300 (sec) > Verify return code: 18 (self signed certificate) > --- > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. > A1 LOGIN @. > A1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT > MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS > LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN > CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE] Logged in > A2 LIST "" "*" > * LIST (\HasNoChildren) "." GMail > * LIST (\HasNoChildren \Drafts) "." Drafts > * LIST (\HasNoChildren) "." j-kiosk > * LIST (\HasNoChildren \Trash) "." Trash > * LIST (\HasNoChildren) "." Pourriel > * LIST (\HasNoChildren) "." "Linux Mint" > * LIST (\HasNoChildren) "." free > * LIST (\HasNoChildren \Sent) "." Sent > * LIST (\HasNoChildren) "." INBOX > A2 OK List completed. > A3 EXAMINE INBOX > * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) > * OK [PERMANENTFLAGS ()] Read-only mailbox. > * 0 EXISTS > * 0 RECENT > * OK [UIDVALIDITY 1443454274] UIDs valid > * OK [UIDNEXT 1] Predicted next UID > * OK [NOMODSEQ] No permanent modsequences > A3 OK [READ-ONLY] Examine completed (0.000 secs). > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > > However, using mail, i can read the emails : > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > $ mail > > Heirloom mailx version 12.5 6/20/10. Type ? for help. > > "/var/mail/desktop": 20 messages 9 new 18 unread > > U 1 Desktop User Sun Sep 27 13:01 19/621 ceci est le sujet > > > > N 20 Yvon Thoraval Tue Sep 29 18:02 25/1042 another mail with > Maildir... > > ? > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > my dovecot setup uses vhosts : > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > $ ls -al /var/mail/vhosts/// > > total 76K > > drwxr-sr-x 14 vmail vmail 4,0K sept. 29 18:01 ./ > > drwxr-sr-x 4 vmail vmail 4,0K sept. 27 10:31 ../ > > drwxr-sr-x 2 vmail vmail 4,0K sept. 28 17:31 cur/ > > -rw-r--r-- 1 vmail vmail 272 sept. 28 17:31 dovecot.index.log > > -rw-r--r-- 1 vmail vmail 168 sept. 29 16:16 dovecot.mailbox.log > > -rw-r--r-- 1 vmail vmail 51 sept. 28 17:31 dovecot-uidlist > > -rw-r--r-- 1 vmail vmail 8 sept. 29 16:17 dovecot-uidvalidity > > -r--r--r-- 1 vmail vmail 0 sept. 28 17:31 dovecot-uidvalidity.56095d49 > > drwxr-sr-x 5 vmail vmail 4,0K sept. 29 15:09 .Drafts/ > > drwxr-sr-x 5 vmail vmail 4,0K sept. 28 18:40 .free/ > > drwxr-sr-x 5 vmail vmail 4,0K sept. 28 18:41 .GMail/ > > drwxr-sr-x 5 vmail vmail 4,0K sept. 29 16:17 .j-kiosk/ > > drwxr-sr-x 5 vmail vmail 4,0K sept. 29 16:17 .Linux Mint/ > > drwxr-sr-x 2 vmail vmail 4,0K sept. 29 18:01 Maildir/ > > -rw-r--r-- 1 vmail vmail 0 sept. 28 17:31 maildirfolder > > drwxr-sr-x 2 vmail vmail 4,0K sept. 28 17:31 new/ > > drwxr-sr-x 5 vmail vmail 4,0K sept. 29 15:08 .Pourriel/ > > drwxr-sr-x 5 vmail vmail 4,0K sept. 29 16:17 .Sent/ > > -rw-r--r-- 1 vmail vmail 48 sept. 29 16:16 subscriptions > > drwxr-sr-x 2 vmail vmail 4,0K sept. 28 17:31 tmp/ > > drwxr-sr-x 5 vmail vmail 4,0K sept. 29 15:06 .Trash/ > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > with nothing in new subfolder: > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > $ ls -al /var/mail/vhosts///new > > total 8,0K > > drwxr-sr-x 2 vmail vmail 4,0K sept. 28 17:31 ./ > > drwxr-sr-x 14 vmail vmail 4,0K sept. 29 18:01 ../ > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > my Postfix version : > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > $ postconf -d | grep mail_version > > mail_version = 2.11.0 > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > my Dovecot version : > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > $ dovecot --version > > 2.2.9 > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > my Dovecot conf : > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > $ sudo dovecot -n > > # 2.2.9: /etc/dovecot/dovecot.conf > > # OS: Linux 3.14.32-xxxx-std-ipv6-64 x86_64 Ubuntu 14.04.3 LTS ext4 > > auth_mechanisms = plain login > > listen = * > > log_path = /var/log/dovecot.log > > mail_location = maildir:/var/mail/vhosts/%d/%n > > namespace inbox { > > inbox = yes > > location = > > mailbox Drafts { > > special_use = \Drafts > > } > > mailbox Junk { > > special_use = \Junk > > } > > mailbox Sent { > > special_use = \Sent > > } > > mailbox "Sent Messages" { > > special_use = \Sent > > } > > mailbox Trash { > > special_use = \Trash > > } > > prefix = > > } > > passdb { > > driver = pam > > } > > passdb { > > args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users > > driver = passwd-file > > } > > postmaster_address = desktop at j-kiosk.com > > protocols = " imap lmtp pop3" > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > group = postfix > > mode = 0666 > > user = postfix > > } > > } > > service imap-login { > > inet_listener imaps { > > port = 993 > > ssl = yes > > } > > } > > service lmtp { > > unix_listener /var/spool/postfix/private/dovecot-lmtp { > > group = postfix > > mode = 0600 > > user = postfix > > } > > } > > service pop3-login { > > inet_listener pop3s { > > port = 995 > > ssl = yes > > } > > } > > ssl = required > > ssl_cert = > ssl_key = > userdb { > > driver = passwd > > } > > userdb { > > args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > > driver = static > > } > > protocol imap { > > imap_client_workarounds = tb-extra-mailbox-sep > > } > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > my Postfix conf: > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > $ postconf -n > > alias_database = hash:/etc/aliases > > alias_maps = hash:/etc/aliases > > append_dot_mydomain = no > > biff = no > > config_directory = /etc/postfix > > inet_interfaces = all > > inet_protocols = all > > mailbox_size_limit = 51200000 > > mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost > > mydomain = . > > myhostname = smtp.. > > mynetworks = .0/24, 127.0.0.0/8 > > myorigin =. > > readme_directory = no > > recipient_delimiter = > > relayhost = > > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > > smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) > > smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated > defer_unauth_destination > > smtpd_sasl_auth_enable = yes > > smtpd_sasl_path = private/auth > > smtpd_sasl_type = dovecot > > smtpd_tls_auth_only = yes > > smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem > > smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key > > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > > smtpd_use_tls = yes > > virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains > > virtual_transport = lmtp:unix:private/dovecot-lmtp > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- From jtam.home at gmail.com Wed Sep 30 20:03:37 2015 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 30 Sep 2015 13:03:37 -0700 (PDT) Subject: [IMAP] Nothing in INBOX In-Reply-To: References: Message-ID: Yvon Thoraval writes: > although I'm able to send emails to GMail and other kind of domain, nothing > appears on Thunderbird INBOX, nor using openssl : I haven't combed through your diagnostic, but two things junp out at me. Your "mail" output states > "/var/mail/desktop": 20 messages 9 new 18 unread indicating that the INBOX is held in /var/mail/desktop, whereas your dovecot configuration states > mail_location = maildir:/var/mail/vhosts/%d/%n So there seems to be a disagreement as to where the INBOX is located. Maybe you need to set the INBOX parameter directly. http://wiki2.dovecot.org/MailLocation Joseph Tam