From aki.tuomi at dovecot.fi Wed Mar 1 08:11:48 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 1 Mar 2017 10:11:48 +0200 Subject: Replacement for antispam plugin In-Reply-To: <1754e048-40f0-a242-6769-332547e95e8c@delphinidae.org.uk> References: <1754e048-40f0-a242-6769-332547e95e8c@delphinidae.org.uk> Message-ID: <42175d27-9227-6346-e1a6-78dcb937a301@dovecot.fi> Some answers inline. Aki On 01.03.2017 00:42, Andy R wrote: > Greetings to the list :) > > > I've been meaning to ask a couple of questions about the imapsieve for > antispam. > > > Firstly, I guess that the example at the bottom of the page > "https://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/IMAPSieve" is > meant to link to the new example at > "https://wiki2.dovecot.org/HowTo/AntispamWithSieve" now? > Thanks, fixed. > > Also... in "imapsieve_mailboxX_name = ${directory}" is the string a > literal, or is it working with the 'special use' flagged directories > from the xx-mailboxes.conf? I'm asking as though I only have a few > users to worry about, different mail clients each have their favourite > special folders. IE thunderbird uses "junk" but one Outlook express > version likes "Junk E-mail" and I have a different favourite from > another version of OE too. So in mailboxes.conf I just added extra > special use lines which seemed to make things happy. Otherwise I ended > up with the server configured 'spam' folder showing as basic folder, > and then each client adding it's own chosen spamfolder each time too. > It is a mailbox mask, not special use flag. > > But, if the imapsieve is only matching to literal foldernames, should > I just duplicate the trigger lines for each type of junk folder or is > there a method to have the sieve script enumerate all the options > listed by 'special use' or is there a better method for this? I want > to put the spam-mail-filing script as a global sieve script as all > users will need it, rather than duplicating out for each user. > There is no way to match special use folders at the moment, but I like the idea. > > > Many thanks , > > > Andy R > > > On 10/02/2017 09:06, Aki Tuomi wrote: >> Hi! >> Since antispam plugin is deprecated and we would really prefer people >> not to use it, we wrote instructions on how to replace it with >> IMAPSieve. Comments and suggestions are most welcome. >> >> https://wiki.dovecot.org/HowTo/AntispamWithSieve >> >> --- >> Aki Tuomi >> Dovecot oy >> From bernard+dovecot at rosset.me Wed Mar 1 10:27:09 2017 From: bernard+dovecot at rosset.me (Bernard) Date: Wed, 1 Mar 2017 11:27:09 +0100 Subject: Dovecot + SpamAssassin through dovecot-antispam Message-ID: Hello, I am new to the list. /Waving at everyone/ I got a basic SpamAssassin working on a Debian setup (w/ debian-spamd user), running as a Postfix transport. I am currently trying to switch it to a dovecot plugin in order to make it interactively work with the email storage (react to mail classification, being able to train it from already received emails, aso.) My problem is now making it able to access my emails. Here is my setup: userdb { driver = static args = uid= gid= home=/var/mail/vhosts/%d/%n } passdb { driver = passwd-file args = } mail_location = maildir:~/mail:LAYOUT=fs mail_privileged_group = vmail Translating into this on the FS: drwxrwsr-x root mail /var/mail/ drwxrws--- root vmail /var/mail/vhosts drwx--S--- vmail vmail /var/mail/vhosts/domain1 drwx--S--- vmail vmail /var/mail/vhosts/domain1/user1 drwx--S--- vmail vmail /var/mail/vhosts/domain1/user2 drwx--S--- vmail vmail /var/mail/vhosts/domain2 drwx--S--- vmail vmail /var/mail/vhosts/domain2/user1 The drwx--S--- access rights are propagated into lower branches/leafs. I am having a hard time understanding what to do, reading http://wiki2.dovecot.org/SharedMailboxes/Permissions, to make all the folders and subsequent files readable by the vmail group too. Based on this documentation, the way dovecot propagate permissions from parent folders is a bit cryptic to me. What needs to be done to achieve that? The idea would be that even if I decided to allocated per-virtual-user a system user for stored files, all the files would still be stored and accessible with the same system group. I understand this would be done with the help of mail_access_groups = vmail, right? FWIW, I am getting inspiration from the following explanations: https://www.christianroessler.net/tech/2015/spamassassin-dovecot-postfix.html If I understand correctly, the guy is bypassing the authentication completely with allow_all_users=yes, right? I do not want to do that anyway. I hope what I am trying to achieve is clear enough and that I provided information enough. Would you help me? --- Bernard From aki.tuomi at dovecot.fi Wed Mar 1 12:02:21 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 1 Mar 2017 14:02:21 +0200 Subject: dovecot-lda crash after upgrade to 2.2.28 In-Reply-To: <902c89e2bd536b31ee1b8c653dd88ff8@kostikov.co> References: <285066cb-bed7-5927-f247-2fe1108140cd@dovecot.fi> <7a4b6acb95d5183179266446789602ab@kostikov.co> <1116891553.1309.1488296543757@appsuite-dev.open-xchange.com> <722518410.1399.1488299658357@appsuite-dev.open-xchange.com> <8443a611e041ce749e6eb903a04e782c@kostikov.co> <1406481107.1657.1488306865726@appsuite-dev.open-xchange.com> <902c89e2bd536b31ee1b8c653dd88ff8@kostikov.co> Message-ID: <515d9660-d3be-bcae-93f5-ee0a33baf59c@dovecot.fi> On 28.02.2017 20:40, Max Kostikov wrote: > Thank you. > Will be waiting for Dovecot update. > > Aki Tuomi ????? 2017-02-28 20:34: >>> On February 28, 2017 at 7:43 PM Max Kostikov wrote: >>> >>> >>> Got it. >>> Here is full backtrace output. >>> >> >> Would appear the bug is in 'Trash' plugin. We'll open an issue about >> this, thank you for reporting this. >> >> Aki > Hi! We believe this issue is now fixed with https://github.com/dovecot/core/commit/326fb016a23480e4ff8dcc03dc80e76812859bd6.patch Aki Tuomi Dovecot oy From velicrongr at gmail.com Wed Mar 1 13:12:52 2017 From: velicrongr at gmail.com (=?UTF-8?B?zpPOuc+Oz4HOs86/z4IgzpTOt868zrHOus+Mz4DOv8+FzrvOv8+C?=) Date: Wed, 1 Mar 2017 15:12:52 +0200 Subject: Expunged message reappeared, giving a new UID Message-ID: Please help. How to stop email replication is on going. dsync-server : Warning Expunged message reappeared, giving a new UID From velicrongr at gmail.com Wed Mar 1 13:40:40 2017 From: velicrongr at gmail.com (=?UTF-8?B?zpPOuc+Oz4HOs86/z4IgzpTOt868zrHOus+Mz4DOv8+FzrvOv8+C?=) Date: Wed, 1 Mar 2017 15:40:40 +0200 Subject: Expunged message reappeared, giving a new UID Message-ID: Dovecot 2.2.27 dsync-server(account_name): Warning: Maildir /usr/local/vhosts/mail/*******/info/Sent: Expunged message reappeared, giving a new UID (old uid=29787, file=*******) What triggers this replication for ever ?? Thank you George From tm at del.bg Wed Mar 1 13:43:54 2017 From: tm at del.bg (Teodor Milkov) Date: Wed, 1 Mar 2017 15:43:54 +0200 Subject: Preserve environment variables for doveadm Message-ID: <5627cc38-99ff-256c-e5fb-f2f3d3a1c6e9@del.bg> Hello, I noticed there are ways to instruct various dovecot processes to preserve particular environment variables. One way is to use import_environment in dovecot.conf and yet another is to export DOVECOT_PRESERVE_ENVS variable ? both can contain space delimited list of variables to preserve. I found report that this is supposed to work for dsync: http://www.dovecot.org/list/dovecot/2012-October/138659.html Unfortunately I can't it to work for "doveadm quota recalc". Is it supposed to work or am I doing something wrong? I did strace on the doveadm process and noticed it does exec() doveconf which in turn does exec() doveadm again. If I replace doveconf with a shell script which exports my environment variables then they become available to doveadm: # cat /dovecot/bin/doveconf.wrapper #!/bin/sh export LD_PRELOAD='dovecot-preload.so' exec /dovecot/bin/doveconf.orig "$@" From gkontos.mail at gmail.com Wed Mar 1 14:05:27 2017 From: gkontos.mail at gmail.com (George Kontostanos) Date: Wed, 1 Mar 2017 16:05:27 +0200 Subject: Expunged message reappeared, giving a new UID In-Reply-To: References: Message-ID: On Wed, Mar 1, 2017 at 3:40 PM, ??????? ???????????? wrote: > Dovecot 2.2.27 > > dsync-server(account_name): Warning: Maildir > /usr/local/vhosts/mail/*******/info/Sent: Expunged message reappeared, > giving a new UID (old uid=29787, file=*******) > > What triggers this replication for ever ?? > > Thank you > George Please find also the doveconf -n # 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: FreeBSD 11.0-RELEASE-p8 amd64 zfs auth_mechanisms = plain login auth_verbose = yes default_client_limit = 2560 default_process_limit = 512 default_vsz_limit = 1 G dict { acl = mysql:/usr/local/etc/dovecot/dovecot-shared-sql.conf.ext quota = mysql:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext } doveadm_password = # hidden, use -P to show it doveadm_port = 12345 log_path = /var/log/dovecot.log mail_home = /usr/local/vhosts/mail/%d/%n mail_location = maildir:/usr/local/vhosts/mail/%d/%n:LAYOUT=fs mail_max_userip_connections = 70 mail_plugins = quota acl notify replication mail_privileged_group = vmail mail_shared_explicit_inbox = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mbox_write_locks = fcntl namespace { inbox = no list = children location = maildir:/usr/local/vhosts/mail/%%d/%%n:LAYOUT=fs:INDEX=/usr/local/vhosts/indexes/%d/%n/shared/%%u:INDEXPVT=/usr/local/vhosts/indexes/%d/%n/shared/%%u prefix = shared/%%d/%%n/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = proxy::acl mail_replica = tcp:mx quota = dict:User quota::proxy::quota quota_rule2 = Trash:storage=+100M sieve = /usr/local/vhosts/mail/%d/%n/.dovecot.sieve sieve_before = /usr/local/vhosts/sieve/before.d/ sieve_dir = /usr/local/vhosts/mail/%d/%n sieve_global_dir = /usr/local/vhosts/sieve/%d sieve_global_path = /usr/local/vhosts/sieve/%d/default.sieve } protocols = imap lmtp sieve sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = vmail } unix_listener replication-notify { mode = 0666 user = vmail } } service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service config { unix_listener config { user = vmail } } service dict { unix_listener dict { mode = 0600 user = vmail } } service doveadm { inet_listener { port = 12345 } user = vmail } service imap-login { inet_listener imap { port = 143 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } service replicator { unix_listener replicator-doveadm { mode = 0666 } } ssl_cert = Recently configured postfix to use the dovecot lda as I wanted to use sieve. Got that working a few days ago but noticed that I wasn't getting any emails to aliases. Checked the logs and saw messages like: Mar 1 08:19:59 carson postfix/lmtp[16949]: 0DCD22016BE: to=< sales at example.com>, relay=carson.example.com[private/dovecot-lmtp], delay=0.07, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (host carson.example.com[private/dovecot-lmtp] said: 550 5.1.1 User doesn't exist: sales at example.com (in reply to RCPT TO command)) Aliases were working previously and are in /etc/postfix/vmaps Anything I need to check on the dovecot end of things to get dovecot to recognize postfix aliases? Thanks...reaching for my morning coffee. Info below: Dovecot 2.2.9 # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.11.0-19-generic x86_64 Ubuntu 14.04.5 LTS ext4 auth_mechanisms = plain login cram-md5 mail_debug = yes mail_location = maildir:/home/vmail/%d/%n/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = username_format=%u /etc/dovecot/shadow driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl_cert = was automatically rejected:%n%r } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } From tanstaafl at libertytrek.org Wed Mar 1 15:21:21 2017 From: tanstaafl at libertytrek.org (Tanstaafl) Date: Wed, 1 Mar 2017 10:21:21 -0500 Subject: Replacement for antispam plugin In-Reply-To: <42175d27-9227-6346-e1a6-78dcb937a301@dovecot.fi> References: <1754e048-40f0-a242-6769-332547e95e8c@delphinidae.org.uk> <42175d27-9227-6346-e1a6-78dcb937a301@dovecot.fi> Message-ID: <8bc713d0-cbd7-7171-14a2-300b6a13de19@libertytrek.org> On Wed Mar 01 2017 03:11:48 GMT-0500 (Eastern Standard Time), Aki Tuomi wrote: >> But, if the imapsieve is only matching to literal foldernames, should >> I just duplicate the trigger lines for each type of junk folder or is >> there a method to have the sieve script enumerate all the options >> listed by 'special use' or is there a better method for this? I want >> to put the spam-mail-filing script as a global sieve script as all >> users will need it, rather than duplicating out for each user. >> > There is no way to match special use folders at the moment, but I like > the idea. If by 'match' you mean, basically, a way to define aliases for different special use folders to a single mailbox name, I suggested this a long time ago, and love the idea. Hopefully you'll at least add this to your official 'ToDo' (or 'maybe ToDo' list? :) Thanks From gkontos.mail at gmail.com Wed Mar 1 16:48:09 2017 From: gkontos.mail at gmail.com (George Kontostanos) Date: Wed, 1 Mar 2017 18:48:09 +0200 Subject: Exclude namespace from replication Message-ID: Hello list, I am using replication with dsync and I am facing some issues with shared folders. More particularly expunged message reappearing. I have searched a bit and it was suggested that shared folders should not be synced. My namespace looks like that: namespace { inbox = no list = children location = maildir:/usr/local/vhosts/mail/%%d/%%n:LAYOUT=fs:INDEX=/usr/local/vhosts/indexes/%d/%n/shared/%%u:INDEXPVT=/usr/local/vhosts/indexes/%d/%n/shared/%%u prefix = shared/%%d/%%n/ separator = / subscriptions = no type = shared } I was wondering if defining: replication_dsync_parameters = -d -N -l 30 -U -x shared Is enough. Or do I need to change the syntax of the namespace like that: namespace shared { .... .... type = shared } Thanks for your help From max at kostikov.co Wed Mar 1 17:38:03 2017 From: max at kostikov.co (Max Kostikov) Date: Wed, 01 Mar 2017 19:38:03 +0200 Subject: dovecot-lda crash after upgrade to 2.2.28 In-Reply-To: <515d9660-d3be-bcae-93f5-ee0a33baf59c@dovecot.fi> References: <285066cb-bed7-5927-f247-2fe1108140cd@dovecot.fi> <7a4b6acb95d5183179266446789602ab@kostikov.co> <1116891553.1309.1488296543757@appsuite-dev.open-xchange.com> <722518410.1399.1488299658357@appsuite-dev.open-xchange.com> <8443a611e041ce749e6eb903a04e782c@kostikov.co> <1406481107.1657.1488306865726@appsuite-dev.open-xchange.com> <902c89e2bd536b31ee1b8c653dd88ff8@kostikov.co> <515d9660-d3be-bcae-93f5-ee0a33baf59c@dovecot.fi> Message-ID: <78488e29da5762a556e90002dbed7e3c@kostikov.co> Thank you. This patch is fully solves the problem. Aki Tuomi ????? 2017-03-01 14:02: > On 28.02.2017 20:40, Max Kostikov wrote: >> Thank you. >> Will be waiting for Dovecot update. >> >> Aki Tuomi ????? 2017-02-28 20:34: >>>> On February 28, 2017 at 7:43 PM Max Kostikov >>>> wrote: >>>> >>>> >>>> Got it. >>>> Here is full backtrace output. >>>> >>> >>> Would appear the bug is in 'Trash' plugin. We'll open an issue about >>> this, thank you for reporting this. >>> >>> Aki >> > > Hi! > > We believe this issue is now fixed with > > https://github.com/dovecot/core/commit/326fb016a23480e4ff8dcc03dc80e76812859bd6.patch > > Aki Tuomi > Dovecot oy -- With best regards, Max Kostikov BBM: 24CA5DF8 | W: https://kostikov.co From dheianevans at gmail.com Wed Mar 1 18:09:12 2017 From: dheianevans at gmail.com (Ian Evans) Date: Wed, 1 Mar 2017 13:09:12 -0500 Subject: Faster way to import Thunderbird pop emails into dovecot imap Maildirs? Message-ID: Until recently, I was using POP on my desktop and imap to access my email on my phone and laptop. Got tired of not having everything everywhere, so decided to go full imap. Followed the suggestions online and created a new imap account for my site in Thunderbird and copied my pop folders over to the imap ones so that the emails would get uploaded to the dovecot server and Maildir folders. That worked for some smaller folders, but in a couple of folders, I have in excess of 20,000 emails. Thunderbird/Dovecot seems to choke on that, apparently timing out at some point. I've tried doing about 1000 messages at a time, but even that is taking more than an hour and I have to be around for each chunk. I'm sure someone here is going to point me to some eureka moment method of exporting the thunderbird folders to some format, sftp'ing them to the server and importing. Just want to be careful that I don't mess up the current batch of emails on the imap server. Thanks for any suggestions. From skdovecot at smail.inf.fh-brs.de Thu Mar 2 07:11:23 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 2 Mar 2017 08:11:23 +0100 (CET) Subject: Faster way to import Thunderbird pop emails into dovecot imap Maildirs? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 1 Mar 2017, Ian Evans wrote: > I'm sure someone here is going to point me to some eureka moment method of > exporting the thunderbird folders to some format, sftp'ing them to the > server and importing. Just want to be careful that I don't mess up the > current batch of emails on the imap server. Some time ago Thunderbird was using mbox-style format to store messages locally. It this is true today and for your installation, you can try the mb2md scripts: http://wiki2.dovecot.org/Migration/MailFormat - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWLfFnHz1H7kL/d9rAQL3nwf+JcpXPoGCBFuR+4yrvLy2Xwp0mvEjO/qN VET4UChEDUa2D6EeFDC59Jmun7YcBRal//Vkc7m+5qnhcRu84BuXe1OBlBD7lAzq 7izYKAgYXGIq1603z0NqsHAmopseo2qbGWUy00LGvqTSBNQV9FzdMYYuaCWWIVu6 FYf/8t2VVScwUhjTtkSNXLQzoxWhtIf5J1hkZHjGyFSMyVH1vcCxn8CwSyowNnbO vZm3I2tcwAvwghGF0w8F0zhNTG7CmbfZOGaIBKvvEvOgJuGo4Edh7Q2vSKG8LZoe YoVkZB0QH5/BVGShYnx3T9jyf2beUrlP1VbAPxfVVThJQPh6PFK3UA== =8cWo -----END PGP SIGNATURE----- From tom at whyscream.net Thu Mar 2 08:40:58 2017 From: tom at whyscream.net (Tom Hendrikx) Date: Thu, 2 Mar 2017 09:40:58 +0100 Subject: dovecot lda bouncing postfix aliases In-Reply-To: References: Message-ID: <0e8316ce-b08b-1d66-1ee5-3b5aa9964f15@whyscream.net> Hi, Typically, postfix should resolve the aliases into user accounts that dovecot knows before you even start delivering to dovecot. You probably messed something up in the postfix config that disables alias expansion before dovecot delivery is attempted. Can you show us your postfix config? Kind regards, Tom On 01-03-17 15:36, Ian Evans wrote: > Recently configured postfix to use the dovecot lda as I wanted to use > sieve. Got that working a few days ago but noticed that I wasn't getting > any emails to aliases. Checked the logs and saw messages like: > > Mar 1 08:19:59 carson postfix/lmtp[16949]: 0DCD22016BE: to=< > sales at example.com>, relay=carson.example.com[private/dovecot-lmtp], > delay=0.07, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (host > carson.example.com[private/dovecot-lmtp] said: 550 5.1.1 > User doesn't exist: sales at example.com (in reply to RCPT TO command)) > > Aliases were working previously and are in /etc/postfix/vmaps > > Anything I need to check on the dovecot end of things to get dovecot to > recognize postfix aliases? > > Thanks...reaching for my morning coffee. Info below: > > Dovecot 2.2.9 > > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.11.0-19-generic x86_64 Ubuntu 14.04.5 LTS ext4 > auth_mechanisms = plain login cram-md5 > mail_debug = yes > mail_location = maildir:/home/vmail/%d/%n/Maildir > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = username_format=%u /etc/dovecot/shadow > driver = passwd-file > } > plugin { > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > protocols = imap pop3 sieve lmtp > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener /var/spool/postfix/private/dovecot-auth { > group = postfix > mode = 0660 > user = postfix > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > ssl_cert = ssl_cipher_list = > ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM > ssl_key = userdb { > driver = passwd > } > userdb { > args = username_format=%u /etc/dovecot/users > driver = passwd-file > } > protocol lmtp { > mail_plugins = sieve > postmaster_address = postmaster at example.com > } > protocol lda { > deliver_log_format = msgid=%m: %$ > mail_plugins = sieve > postmaster_address = postmaster > quota_full_tempfail = yes > rejection_reason = Your message to <%t> was automatically rejected:%n%r > } > protocol imap { > imap_client_workarounds = delay-newmail > mail_max_userip_connections = 10 > } > protocol pop3 { > mail_max_userip_connections = 10 > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > From tom at whyscream.net Thu Mar 2 09:03:46 2017 From: tom at whyscream.net (Tom Hendrikx) Date: Thu, 2 Mar 2017 10:03:46 +0100 Subject: dovecot lda bouncing postfix aliases In-Reply-To: <0e8316ce-b08b-1d66-1ee5-3b5aa9964f15@whyscream.net> References: <0e8316ce-b08b-1d66-1ee5-3b5aa9964f15@whyscream.net> Message-ID: <991f9762-473d-7688-77c2-3b42e2ff7a2a@whyscream.net> Oh wait, you crossposted to the postfix list. Please keep the discussion there going, you have a postfix issue, not a dovecot one ;) Tom On 02-03-17 09:40, Tom Hendrikx wrote: > Hi, > > Typically, postfix should resolve the aliases into user accounts that > dovecot knows before you even start delivering to dovecot. You probably > messed something up in the postfix config that disables alias expansion > before dovecot delivery is attempted. > > Can you show us your postfix config? > > Kind regards, > > Tom > > On 01-03-17 15:36, Ian Evans wrote: >> Recently configured postfix to use the dovecot lda as I wanted to use >> sieve. Got that working a few days ago but noticed that I wasn't getting >> any emails to aliases. Checked the logs and saw messages like: >> >> Mar 1 08:19:59 carson postfix/lmtp[16949]: 0DCD22016BE: to=< >> sales at example.com>, relay=carson.example.com[private/dovecot-lmtp], >> delay=0.07, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (host >> carson.example.com[private/dovecot-lmtp] said: 550 5.1.1 >> User doesn't exist: sales at example.com (in reply to RCPT TO command)) >> >> Aliases were working previously and are in /etc/postfix/vmaps >> >> Anything I need to check on the dovecot end of things to get dovecot to >> recognize postfix aliases? >> >> Thanks...reaching for my morning coffee. Info below: >> >> Dovecot 2.2.9 >> >> # 2.2.9: /etc/dovecot/dovecot.conf >> # OS: Linux 3.11.0-19-generic x86_64 Ubuntu 14.04.5 LTS ext4 >> auth_mechanisms = plain login cram-md5 >> mail_debug = yes >> mail_location = maildir:/home/vmail/%d/%n/Maildir >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character >> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags >> copy include variables body enotify environment mailbox date ihave >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> args = username_format=%u /etc/dovecot/shadow >> driver = passwd-file >> } >> plugin { >> sieve = ~/.dovecot.sieve >> sieve_dir = ~/sieve >> } >> protocols = imap pop3 sieve lmtp >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener /var/spool/postfix/private/dovecot-auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> ssl_cert = > ssl_cipher_list = >> ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM >> ssl_key = > userdb { >> driver = passwd >> } >> userdb { >> args = username_format=%u /etc/dovecot/users >> driver = passwd-file >> } >> protocol lmtp { >> mail_plugins = sieve >> postmaster_address = postmaster at example.com >> } >> protocol lda { >> deliver_log_format = msgid=%m: %$ >> mail_plugins = sieve >> postmaster_address = postmaster >> quota_full_tempfail = yes >> rejection_reason = Your message to <%t> was automatically rejected:%n%r >> } >> protocol imap { >> imap_client_workarounds = delay-newmail >> mail_max_userip_connections = 10 >> } >> protocol pop3 { >> mail_max_userip_connections = 10 >> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> } >> From me at christoph-kluge.eu Thu Mar 2 09:10:50 2017 From: me at christoph-kluge.eu (Christoph Kluge) Date: Thu, 2 Mar 2017 10:10:50 +0100 Subject: Some mails do not get replicated anymore after memory-exhaust In-Reply-To: References: Message-ID: The amount of non-replicated mails on the mirror starts to grow without any exceptions inside the log. Is there a way how I can enforce a full-replication incl. directory scans through the doveadm utility? Besides that are there any arguments against a non-destructive rsync? Could it break anything i.e. flags/dupes? Best On Mon, Feb 27, 2017 at 11:36 PM, Christoph Kluge wrote: > Hey guys, > > overall I have an working dovecot replication between 2 servers running on > amazon cloud. Sadly I had some messages that my server ran out of memory. > After investigating a little bit further I realized that some mails didn't > got replicated, but I'm not sure if this was related to the memory exhaust. > I was expecting that the full-sync would catch them up but sadly it's not. > > Attached I'm adding: > * /etc/dovecot/dovecot.conf from both servers > * one sample of my memory-exhaust exception > * maildir directory listing of one mailbox on both servers > * commands + outpot of manual attempt for full-replication > * grep information of missing mail inside Maildir on both servers > > Here is my configuration from both servers. The configugration is 1:1 the > same except the mail_replica server. Please note one server runs on debian > 8.7 and the other one on 7.11. > > ---- SERVER A >> # dovecot -n >> # 2.2.13: /etc/dovecot/dovecot.conf >> # OS: Linux 3.2.0-4-amd64 x86_64 Debian 8.7 >> ---- SERVER B >> # dovecot -n >> # 2.2.13: /etc/dovecot/dovecot.conf >> # OS: Linux 2.6.32-34-pve i686 Debian 7.11 >> auth_mechanisms = plain login >> disable_plaintext_auth = no >> doveadm_password = **** >> doveadm_port = 12345 >> listen = *,[::] >> log_timestamp = "%Y-%m-%d %H:%M:%S " >> mail_max_userip_connections = 100 >> mail_plugins = notify replication quota >> mail_privileged_group = vmail >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> plugin { >> mail_replica = tcp:*.****.de >> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >> replication_full_sync_interval = 1 hours >> sieve = /var/vmail/%d/%n/.sieve >> sieve_max_redirects = 25 >> } >> protocols = imap >> replication_max_conns = 2 >> service aggregator { >> fifo_listener replication-notify-fifo { >> mode = 0666 >> user = vmail >> } >> unix_listener replication-notify { >> mode = 0666 >> user = vmail >> } >> } >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener auth-userdb { >> group = vmail >> mode = 0600 >> user = vmail >> } >> user = root >> } >> service config { >> unix_listener config { >> user = vmail >> } >> } >> service doveadm { >> inet_listener { >> port = 12345 >> } >> user = vmail >> } >> service imap-login { >> client_limit = 1000 >> process_limit = 512 >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> service replicator { >> process_min_avail = 1 >> unix_listener replicator-doveadm { >> mode = 0666 >> } >> } >> ssl_cert = > ssl_key = > ssl_protocols = !SSLv2 !SSLv3 >> userdb { >> driver = prefetch >> } >> userdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> protocol imap { >> mail_plugins = notify replication quota imap_quota >> } >> protocol pop3 { >> mail_plugins = quota >> pop3_uidl_format = %08Xu%08Xv >> } >> protocol lda { >> mail_plugins = notify replication quota sieve >> postmaster_address = webmaster at localhost >> } >> protocol lmtp { >> mail_plugins = notify replication quota sieve >> postmaster_address = webmaster at localhost >> } > > > This is the exception which I got several times: > > Feb 26 16:16:39 mx dovecot: replicator: Panic: data stack: Out of memory >> when allocating 268435496 bytes >> Feb 26 16:16:39 mx dovecot: replicator: Error: Raw backtrace: >> /usr/lib/dovecot/libdovecot.so.0(+0x6b6fe) [0x7f7ca2b0a6fe] -> >> /usr/lib/dovecot/libdovecot.so.0(+0x6b7ec) [0x7f7ca2b0a7ec] -> >> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f7ca2ac18fb] -> >> /usr/lib/dovecot/libdovecot.so.0(+0x6977e) [0x7f7ca2b0877e] -> >> /usr/lib/dovecot/libdovecot.so.0(+0x699db) [0x7f7ca2b089db] -> >> /usr/lib/dovecot/libdovecot.so.0(+0x82198) [0x7f7ca2b21198] -> >> /usr/lib/dovecot/libdovecot.so.0(+0x6776d) [0x7f7ca2b0676d] -> >> /usr/lib/dovecot/libdovecot.so.0(buffer_write+0x6c) [0x7f7ca2b069dc] -> >> dovecot/replicator(replicator_queue_push+0x14e) [0x7f7ca2fa17ae] -> >> dovecot/replicator(+0x4f9e) [0x7f7ca2fa0f9e] -> dovecot/replicator(+0x4618) >> [0x7f7ca2fa0618] -> dovecot/replicator(+0x4805) [0x7f7ca2fa0805] -> >> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x3f) [0x7f7ca2b1bd0f] >> -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xf9) >> [0x7f7ca2b1cd09] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) >> [0x7f7ca2b1bd79] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) >> [0x7f7ca2b1bdf8] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) >> [0x7f7ca2ac6dc3] -> dovecot/replicator(main+0x195) [0x7f7ca2f9f8b5] -> >> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f7ca2715b45] >> -> dovecot/replicator(+0x395d) [0x7f7ca2f9f95d] >> Feb 26 16:16:39 mx dovecot: imap(***.com): Warning: replication(***.com): >> Sync failure: >> Feb 26 16:16:39 mx dovecot: replicator: Fatal: master: >> service(replicator): child 24012 killed with signal 6 (core dumps disabled) > > > This is the current maildir listing on Server A > > # ls -la /var/vmail/*.eu/*h/Maildir/new/ >> total 24 >> drwx------ 2 vmail vmail 4096 Feb 27 18:12 . >> drwx------ 15 vmail vmail 4096 Feb 27 21:47 .. >> -rw------- 1 vmail vmail 3600 Feb 27 14:49 1488206976.M277562P25620.mail, >> S=3600,W=3671 >> -rw------- 1 vmail vmail 4390 Feb 27 15:17 1488208642.M513542P27111.mail, >> S=4390,W=4478:2,S >> -rw------- 1 vmail vmail 3577 Feb 27 16:32 1488213157.M307300P30773.mail, >> S=3577,W=3648:2,S > > > This is the current maildir listing on Server B > > # ls -la /var/vmail/*.eu/*h/Maildir/new/ >> total 16 >> drwx------ 2 vmail vmail 12288 Feb 27 16:45 . >> drwx------ 15 vmail vmail 4096 Feb 27 21:47 .. > > > This is how I tried to manually sync it > > doveadm -v sync -u *h@*.eu -f tcp:mx.***.de:12345 > > > This is the users sync status > > # doveadm replicator status 'cheecoh at ragequit.eu' >> username priority fast sync full sync failed >> *h@*.eu none 00:24:47 10:57:04 - > > > Then I tried to lookup for the mail-id which is also the same on both > servers > > # grep -ri "M277562P25620" /var/vmail/*.eu/*h/ >> /var/vmail/*.eu/*h/Maildir/dovecot-uidlist:493 >> :1488206976.M277562P25620.mail,S=3600,W=3671 > > > I have no idea what else I could do. I could also pass a "doveadm -Dv > sync" output but this one is really huge.. > > Best Regards > Christoph Kluge > > From azurit at pobox.sk Thu Mar 2 09:38:34 2017 From: azurit at pobox.sk (azurit at pobox.sk) Date: Thu, 02 Mar 2017 10:38:34 +0100 Subject: Search problems after activating fts/solr Message-ID: <20170302103834.Horde.rZMJXLaYgZdJnfEE2_-wgc7@webmail.inetadmin.eu> Hi, after activating fts/solr, we can see a changed behavior of standard (not fulltext) searches. For example, when searching the 'From' field for something at example.com, before activating solr it was ok to start search for word 'some' and the result was correct and complete (all messages from that user was found). After activating fts/solr, searches like this are returning none or only part of messages - i need to search for 'something' to get correct and complete result. Any hints? azur From pch at myzel.net Thu Mar 2 10:24:07 2017 From: pch at myzel.net (Peter Chiochetti) Date: Thu, 2 Mar 2017 11:24:07 +0100 Subject: Sieve subaddress matching Message-ID: Hello Stephan, Maybe this is not an issue at all and nothing but a curiosity; maybe though you do care: When there is only a local part in "To", the "subaddress" extension does not match on the "detail" part. This happened when I made a device on the LAN send to "name+foo", where "name" is a system account on the computer used as smtp. Such mail gets filed into INBOX. Matching the whole address against "name+foo" works. This is with dovecot-sieve 2.2.13, postfix here obviously does not alter the To header. -- peter From fedoraproject at cyberpear.com Thu Mar 2 16:13:21 2017 From: fedoraproject at cyberpear.com (James Cassell) Date: Thu, 02 Mar 2017 11:13:21 -0500 Subject: Sieve subaddress matching In-Reply-To: References: Message-ID: <1488471201.3063920.898253840.6160D36A@webmail.messagingengine.com> On Thu, Mar 2, 2017, at 05:24 AM, Peter Chiochetti wrote: > Hello Stephan, > > Maybe this is not an issue at all and nothing but a curiosity; maybe > though you do care: > > When there is only a local part in "To", the "subaddress" extension does > not match on the "detail" part. > > This happened when I made a device on the LAN send to "name+foo", where > "name" is a system account on the computer used as smtp. > > Such mail gets filed into INBOX. Matching the whole address against > "name+foo" works. This is with dovecot-sieve 2.2.13, postfix here > obviously does not alter the To header. > Since the header doesn't actually contain an e-mail address, I wouldn't expect the subaddress extension, or even just the address test to do anything sane, but that's just me. V/r, James Cassell From sbastian at telecable.com Thu Mar 2 16:21:43 2017 From: sbastian at telecable.com (=?iso-8859-1?Q?Sergio_Bastian_Rodr=EDguez?=) Date: Thu, 2 Mar 2017 16:21:43 +0000 Subject: Mailbox size in log file Message-ID: Hello Dovecot list. I need that Dovecot log writes mailbox size in all POP / IMAP connections, but I do not know if Dovecot can do that. I have been searching about that with not successful. For example, this is the log of our last email platform, different than Dovecot: 06:48:14 025BEE83 POP3 LOGIN user 'xxx at xxx.com' MailboxSize = 61708 Capacity = 2% ...... 06:49:19 025BEE83 POP3 LOGOUT user 'xxx at xxx.com' MailboxSize = 14472 Capacity = 0% In this example we can know the mailbox size before and after the connection, and it shows that user has removed or downloaded all messages from server. Now in Dovecot we have no information about that, and I cannot find any plugin which gives this us functionality. Is it possible to have this feature in Dovecot? Thanks for your help. ________________________________ ------------------------------------------------------------------------ Le informamos, como destinatario de este mensaje, que el correo electr?nico y las comunicaciones por medio de Internet no permiten asegurar ni garantizar la confidencialidad de los mensajes transmitidos, as? como tampoco su integridad o su correcta recepci?n, por lo que TELECABLE DE ASTURIAS, S.A. no asume responsabilidad alguna por tales circunstancias. Si no consintiese en la utilizaci?n del correo electr?nico o de las comunicaciones v?a Internet le rogamos nos lo comunique y ponga en nuestro conocimiento de manera inmediata. Este mensaje va dirigido, de manera exclusiva, a su destinatario y contiene informaci?n confidencial y sujeta al secreto profesional, cuya divulgaci?n no est? permitida por la ley. En caso de haber recibido este mensaje por error, le rogamos que, de forma inmediata, nos lo comunique mediante correo electr?nico remitido a nuestra atenci?n o a trav?s del tel?fono (+ 34) 984191000 y proceda a su eliminaci?n, as? como a la de cualquier documento adjunto al mismo. Asimismo, le comunicamos que la distribuci?n, copia o utilizaci?n de este mensaje, o de cualquier documento adjunto al mismo, cualquiera que fuera su finalidad, est?n prohibidas por la ley. ------------------------------------------------------------------------ From dheianevans at gmail.com Thu Mar 2 17:50:37 2017 From: dheianevans at gmail.com (Ian Evans) Date: Thu, 2 Mar 2017 12:50:37 -0500 Subject: dovecot lda bouncing postfix aliases In-Reply-To: <991f9762-473d-7688-77c2-3b42e2ff7a2a@whyscream.net> References: <0e8316ce-b08b-1d66-1ee5-3b5aa9964f15@whyscream.net> <991f9762-473d-7688-77c2-3b42e2ff7a2a@whyscream.net> Message-ID: On Mar 2, 2017 4:04 AM, "Tom Hendrikx" wrote: Oh wait, you crossposted to the postfix list. Please keep the discussion there going, you have a postfix issue, not a dovecot one ;) Tom On 02-03-17 09:40, Tom Hendrikx wrote: > Hi, > > Typically, postfix should resolve the aliases into user accounts that > dovecot knows before you even start delivering to dovecot. You probably > messed something up in the postfix config that disables alias expansion > before dovecot delivery is attempted. > > Can you show us your postfix config? > > Kind regards, > > Tom > > On 01-03-17 15:36, Ian Evans wrote: >> Recently configured postfix to use the dovecot lda as I wanted to use >> sieve. Got that working a few days ago but noticed that I wasn't getting >> any emails to aliases. Checked the logs and saw messages like: >> >> Mar 1 08:19:59 carson postfix/lmtp[16949]: 0DCD22016BE: to=< >> sales at example.com>, relay=carson.example.com[private/dovecot-lmtp], >> delay=0.07, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (host >> carson.example.com[private/dovecot-lmtp] said: 550 5.1.1 < sales at example.com> >> User doesn't exist: sales at example.com (in reply to RCPT TO command)) >> >> Aliases were working previously and are in /etc/postfix/vmaps >> >> Anything I need to check on the dovecot end of things to get dovecot to >> recognize postfix aliases? >> >> Thanks...reaching for my morning coffee. Info below: >> >> Dovecot 2.2.9 >> >> # 2.2.9: /etc/dovecot/dovecot.conf >> # OS: Linux 3.11.0-19-generic x86_64 Ubuntu 14.04.5 LTS ext4 >> auth_mechanisms = plain login cram-md5 >> mail_debug = yes >> mail_location = maildir:/home/vmail/%d/%n/Maildir >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character >> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags >> copy include variables body enotify environment mailbox date ihave >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> args = username_format=%u /etc/dovecot/shadow >> driver = passwd-file >> } >> plugin { >> sieve = ~/.dovecot.sieve >> sieve_dir = ~/sieve >> } >> protocols = imap pop3 sieve lmtp >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener /var/spool/postfix/private/dovecot-auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> ssl_cert = > ssl_cipher_list = >> ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM >> ssl_key = > userdb { >> driver = passwd >> } >> userdb { >> args = username_format=%u /etc/dovecot/users >> driver = passwd-file >> } >> protocol lmtp { >> mail_plugins = sieve >> postmaster_address = postmaster at example.com >> } >> protocol lda { >> deliver_log_format = msgid=%m: %$ >> mail_plugins = sieve >> postmaster_address = postmaster >> quota_full_tempfail = yes >> rejection_reason = Your message to <%t> was automatically rejected:%n%r >> } >> protocol imap { >> imap_client_workarounds = delay-newmail >> mail_max_userip_connections = 10 >> } >> protocol pop3 { >> mail_max_userip_connections = 10 >> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> } >> Thanks Tom. Yes, I think I have it worked out now. From teemu.huovila at dovecot.fi Thu Mar 2 19:31:21 2017 From: teemu.huovila at dovecot.fi (Teemu Huovila) Date: Thu, 2 Mar 2017 21:31:21 +0200 Subject: Mailbox size in log file In-Reply-To: References: Message-ID: On 02.03.2017 18:21, Sergio Bastian Rodr?guez wrote: > Hello Dovecot list. > > I need that Dovecot log writes mailbox size in all POP / IMAP connections, but I do not know if Dovecot can do that. > I have been searching about that with not successful. > > For example, this is the log of our last email platform, different than Dovecot: > > 06:48:14 025BEE83 POP3 LOGIN user 'xxx at xxx.com' MailboxSize = 61708 Capacity = 2% > ...... > 06:49:19 025BEE83 POP3 LOGOUT user 'xxx at xxx.com' MailboxSize = 14472 Capacity = 0% > > In this example we can know the mailbox size before and after the connection, and it shows that user has removed or downloaded all messages from server. We have a feature very similar to this on our roadmap. I expect there will be time to compelte it in the latter half of 2017. Teemu > > Now in Dovecot we have no information about that, and I cannot find any plugin which gives this us functionality. > > Is it possible to have this feature in Dovecot? > Thanks for your help. > > > ________________________________ > > > ------------------------------------------------------------------------ > Le informamos, como destinatario de este mensaje, que el correo electr?nico y las comunicaciones por medio de Internet no permiten asegurar ni garantizar la confidencialidad de los mensajes transmitidos, as? como tampoco su integridad o su correcta recepci?n, por lo que TELECABLE DE ASTURIAS, S.A. no asume responsabilidad alguna por tales circunstancias. > Si no consintiese en la utilizaci?n del correo electr?nico o de las comunicaciones v?a Internet le rogamos nos lo comunique y ponga en nuestro conocimiento de manera inmediata. Este mensaje va dirigido, de manera exclusiva, a su destinatario y contiene informaci?n confidencial y sujeta al secreto profesional, cuya divulgaci?n no est? permitida por la ley. En caso de haber recibido este mensaje por error, le rogamos que, de forma inmediata, nos lo comunique mediante correo electr?nico remitido a nuestra atenci?n o a trav?s del tel?fono (+ 34) 984191000 y proceda a su eliminaci?n, as? como a la de cualquier documento adjunto al mismo. Asimismo, le comunicamos que la distribuci?n, copia o utilizaci?n de este mensaje, o de cualquier documento adjunto al mismo, cualquiera que fuera su finalidad, est?n prohibidas por la ley. > ------------------------------------------------------------------------ > From dheianevans at gmail.com Thu Mar 2 21:11:45 2017 From: dheianevans at gmail.com (Ian Evans) Date: Thu, 2 Mar 2017 16:11:45 -0500 Subject: Faster way to import Thunderbird pop emails into dovecot imap Maildirs? In-Reply-To: References: Message-ID: On Mar 2, 2017 2:11 AM, "Steffen Kaiser" wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 1 Mar 2017, Ian Evans wrote: I'm sure someone here is going to point me to some eureka moment method of > exporting the thunderbird folders to some format, sftp'ing them to the > server and importing. Just want to be careful that I don't mess up the > current batch of emails on the imap server. > Some time ago Thunderbird was using mbox-style format to store messages locally. It this is true today and for your installation, you can try the mb2md scripts: http://wiki2.dovecot.org/Migration/MailFormat Thanks, I'll take a look at it. From peter at pajamian.dhs.org Thu Mar 2 23:41:14 2017 From: peter at pajamian.dhs.org (Peter) Date: Fri, 3 Mar 2017 12:41:14 +1300 Subject: make check failing in CentOS 6 In-Reply-To: <13415324-46fd-5265-586b-370948668a8f@dovecot.fi> References: <5ddf52d6-9906-d56d-a2c5-2d584bf753b5@pajamian.dhs.org> <13415324-46fd-5265-586b-370948668a8f@dovecot.fi> Message-ID: <45f39102-c351-d0ff-b1ba-d491cad0c74a@pajamian.dhs.org> On 28/02/17 21:59, Aki Tuomi wrote: > We are aware of this and working on fix. Is there anything I can do to help, testing patches, or providing info or anything? Peter From dave.mehler at gmail.com Thu Mar 2 23:54:47 2017 From: dave.mehler at gmail.com (David Mehler) Date: Thu, 2 Mar 2017 18:54:47 -0500 Subject: welcome plugin Message-ID: Hello, Is anyone using the welcome plugin? I'm trying to utilize it to send a message when a user first logs in to the system, containing important information for them to know. The plugin loads, I don't have a configuration problem, but the message never gets sent. What can I provide to more easily troubleshoot this? Thanks. Dave. From kremels at kreme.com Fri Mar 3 00:13:19 2017 From: kremels at kreme.com (@lbutlr) Date: Thu, 2 Mar 2017 17:13:19 -0700 Subject: welcome plugin In-Reply-To: References: Message-ID: On 2017-03-02 (16:54 MST), David Mehler wrote: > > Is anyone using the welcome plugin? I'm trying to utilize it to send a > message when a user first logs in to the system, containing important > information for them to know. The plugin loads, I don't have a > configuration problem, but the message never gets sent. I would say you DO have a configuration problem if the mail doesn?t get sent. > What can I provide to more easily troubleshoot this? I?d start with the settings for the welcome plugin and any logs. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures. From tachibana at qualitia.co.jp Fri Mar 3 00:41:50 2017 From: tachibana at qualitia.co.jp (TACHIBANA Masashi) Date: Fri, 3 Mar 2017 09:41:50 +0900 Subject: IMAP MOVE command with FTS Message-ID: <20170303004104.000003FE.0463@qualitia.co.jp> Hi, I'm using Dovecot 2.2.28 with fts. It seems to work fine almost things. But I found a bug (or my setting problem?) My setting is "fts_autoindex=yes" in /etc/dovecot/conf.d/90-fts.conf Then, I have mailboxes like bellow: a a/lot a/lot/of There are some mails is in "a/lot" folder, then create sub like: a/lot/of/apples And move the mails from "a/lot" to "a/lot/of/apples" by MOVE command. In this case, FTS function fts_backend_xx_update_expunge is called. But fts_backend_xx_update_set_build_key is not called. Another case, follow functions are called and mails will be indexed. fts_backend_xx_update_expunge() fts_backend_xx_update_set_build_key() By the way, in the first case, I tried a command as bellow, then the mails ware indexed correctly: # doveadm index -u user1 at example.com \* I think MOVE is better way to move mails than COPY+FLAG DEL+EXPUNGE. My settings problem? Any hints? Regards, -- Astro.M From dave.mehler at gmail.com Fri Mar 3 00:51:51 2017 From: dave.mehler at gmail.com (David Mehler) Date: Thu, 2 Mar 2017 19:51:51 -0500 Subject: welcome plugin In-Reply-To: References: Message-ID: Hello, Thank you. My configuration is below. It looks like a perm problem, i've set +r on the directory and it is readable. One other thing I noticed when going through the log the testuser logs in, then logs out. Then logs in again, and then gets the error. Any ideas why the two logins? I see this all the time, a log in log out, then another log in log out then the email transaction. Thanks. Dave. # 2.2.28 (bed8434): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.17 (e179378) # OS: FreeBSD 10.3-RELEASE-p11 amd64 ufs auth_default_realm = domain.tld auth_mechanisms = plain login cram-md5 dict { sqlquota = mysql:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_gid = 999 first_valid_uid = 999 hostname = mail.domain.tld imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags last_valid_gid = 999 last_valid_uid = 999 lmtp_rcpt_check_quota = yes mail_gid = vmail mail_home = /home/vmail/%d/%n/home mail_location = maildir:/home/vmail/%d/%n:LAYOUT=fs mail_plugins = acl quota zlib welcome mail_server_admin = mailto:postmaster at domain.tld mail_uid = vmail mailbox_list_index = yes maildir_broken_filename_sizes = yes maildir_empty_new = yes maildir_stat_dirs = yes maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress tldparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify imapsieve namespace { list = yes location = maildir:/home/vmail/public:LAYOUT=fs prefix = public/ separator = / subscriptions = yes type = public } namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { auto = no special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = no special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * last_login_dict = redis:host=127.0.0.1:port=6379 quota = dict:User quota::proxy::sqlquota quota_grace = 10%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO sieve = ~/.dovecot.sieve sieve_before = /usr/local/etc/dovecot/sieve/before.d sieve_extensions = +notify +imapflags sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms } postmaster_address = postmaster at domain.tld protocols = imap service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { mode = 0600 user = vmail } } service dict { unix_listener dict { mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { address = 127.0.0.1 port = 12345 } } ssl_ca = /etc/ssl/certs/cacert.crt ssl_cert = , method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5840, secured, session=<5EXYh5xJesx/AAAB> Feb 28 14:52:06 hostname dovecot: imap(testuser at domain.tld): Logged out in=102 out=1373 Feb 28 14:52:06 hostname dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=7724, secured, session=<0nPch5xJMeR/AAAB> Feb 28 14:52:06 hostname dovecot: lda(testuser at domain.tld): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=143(dovecot) egid=143(dovecot) missing +r perm: /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) Feb 28 14:52:06 hostname dovecot: lda: Fatal: Internal error occurred. Refer to server log for more information. Feb 28 14:52:06 hostname dovecot: welcome: Fatal: master: service(welcome): child 8781 returned error 75 Feb 28 14:52:06 hostname dovecot: imap(testuser at domain.tld): Logged out in=234 out=1549 On 3/2/17, @lbutlr wrote: > On 2017-03-02 (16:54 MST), David Mehler wrote: >> >> Is anyone using the welcome plugin? I'm trying to utilize it to send a >> message when a user first logs in to the system, containing important >> information for them to know. The plugin loads, I don't have a >> configuration problem, but the message never gets sent. > > I would say you DO have a configuration problem if the mail doesn?t get > sent. > >> What can I provide to more easily troubleshoot this? > > I?d start with the settings for the welcome plugin and any logs. > > > -- > Apple broke AppleScripting signatures in Mail.app, so no random signatures. > From larryrtx at gmail.com Fri Mar 3 01:00:04 2017 From: larryrtx at gmail.com (Larry Rosenman) Date: Thu, 2 Mar 2017 17:00:04 -0800 Subject: welcome plugin In-Reply-To: <> <> References: <> <> Message-ID: Directory probably needs rx to allow search. On Mar 2, 2017 at 6:52 PM, > wrote: Hello, Thank you. My configuration is below. It looks like a perm problem, i've set +r on the directory and it is readable. One other thing I noticed when going through the log the testuser logs in, then logs out. Then logs in again, and then gets the error. Any ideas why the two logins? I see this all the time, a log in log out, then another log in log out then the email transaction. Thanks. Dave. # 2.2.28 (bed8434): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.17 (e179378) # OS: FreeBSD 10.3-RELEASE-p11 amd64 ufs auth_default_realm = domain.tld auth_mechanisms = plain login cram-md5 dict { sqlquota = mysql:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_gid = 999 first_valid_uid = 999 hostname = mail.domain.tld imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags last_valid_gid = 999 last_valid_uid = 999 lmtp_rcpt_check_quota = yes mail_gid = vmail mail_home = /home/vmail/%d/%n/home mail_location = maildir:/home/vmail/%d/%n:LAYOUT=fs mail_plugins = acl quota zlib welcome mail_server_admin = mailto:postmaster at domain.tld mail_uid = vmail mailbox_list_index = yes maildir_broken_filename_sizes = yes maildir_empty_new = yes maildir_stat_dirs = yes maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress tldparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify imapsieve namespace { list = yes location = maildir:/home/vmail/public:LAYOUT=fs prefix = public/ separator = / subscriptions = yes type = public } namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { auto = no special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = no special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * last_login_dict = redis:host=127.0.0.1:port=6379 quota = dict:User quota::proxy::sqlquota quota_grace = 10%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO sieve = ~/.dovecot.sieve sieve_before = /usr/local/etc/dovecot/sieve/before.d sieve_extensions = +notify +imapflags sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms } postmaster_address = postmaster at domain.tld protocols = imap service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { mode = 0600 user = vmail } } service dict { unix_listener dict { mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { address = 127.0.0.1 port = 12345 } } ssl_ca = /etc/ssl/certs/cacert.crt ssl_cert = , method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5840, secured, session=<5EXYh5xJesx/AAAB> Feb 28 14:52:06 hostname dovecot: imap(testuser at domain.tld): Logged out in=102 out=1373 Feb 28 14:52:06 hostname dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=7724, secured, session=<0nPch5xJMeR/AAAB> Feb 28 14:52:06 hostname dovecot: lda(testuser at domain.tld): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=143(dovecot) egid=143(dovecot) missing +r perm: /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) Feb 28 14:52:06 hostname dovecot: lda: Fatal: Internal error occurred. Refer to server log for more information. Feb 28 14:52:06 hostname dovecot: welcome: Fatal: master: service(welcome): child 8781 returned error 75 Feb 28 14:52:06 hostname dovecot: imap(testuser at domain.tld): Logged out in=234 out=1549 On 3/2/17, @lbutlr wrote: > On 2017-03-02 (16:54 MST), David Mehler wrote: >> >> Is anyone using the welcome plugin? I'm trying to utilize it to send a >> message when a user first logs in to the system, containing important >> information for them to know. The plugin loads, I don't have a >> configuration problem, but the message never gets sent. > > I would say you DO have a configuration problem if the mail doesn?t get > sent. > >> What can I provide to more easily troubleshoot this? > > I?d start with the settings for the welcome plugin and any logs. > > > -- > Apple broke AppleScripting signatures in Mail.app, so no random signatures. > From markc at renta.net Fri Mar 3 02:18:46 2017 From: markc at renta.net (Mark Constable) Date: Fri, 3 Mar 2017 12:18:46 +1000 Subject: Faster way to import Thunderbird pop emails into dovecot imap Maildirs? In-Reply-To: References: Message-ID: <3dc14df7-2a32-3855-0af9-e325783fce85@renta.net> On 03/03/17 07:11, Ian Evans wrote: > Some time ago Thunderbird was using mbox-style format to store > messages locally. It this is true today and for your installation, > you can try the mb2md scripts: > http://wiki2.dovecot.org/Migration/MailFormat Recent versions of Thunderbird can store local messages in Maildir format... https://wiki.mozilla.org/Thunderbird/Maildir https://mail.mozilla.org/pipermail/tb-enterprise/2015-June/001112.html From kremels at kreme.com Fri Mar 3 06:42:45 2017 From: kremels at kreme.com (@lbutlr) Date: Thu, 2 Mar 2017 23:42:45 -0700 Subject: welcome plugin In-Reply-To: References: Message-ID: <2BEC3562-6845-4616-8CD4-DDF71708CCE6@kreme.com> On 2017-03-02 (17:51 MST), David Mehler wrote: > > Feb 28 14:52:06 hostname dovecot: lda(testuser at domain.tld): Error: > userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: > Permission denied (euid=143(dovecot) egid=143(dovecot) missing +r > perm: /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) This seems pretty clear. What are the permissions on that folder, and why is auth-userdb owned by root? On my system auth-userdb is owned by dovecot. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures. From alessio at skye.it Fri Mar 3 07:41:05 2017 From: alessio at skye.it (Alessio Cecchi) Date: Fri, 3 Mar 2017 08:41:05 +0100 Subject: Mailbox size in log file In-Reply-To: References: Message-ID: <24899e25-f722-a020-203d-452780769b1b@skye.it> Il 02/03/2017 17:21, Sergio Bastian Rodr?guez ha scritto: > Hello Dovecot list. > > I need that Dovecot log writes mailbox size in all POP / IMAP connections, but I do not know if Dovecot can do that. > I have been searching about that with not successful. > > For example, this is the log of our last email platform, different than Dovecot: > > 06:48:14 025BEE83 POP3 LOGIN user 'xxx at xxx.com' MailboxSize = 61708 Capacity = 2% > ...... > 06:49:19 025BEE83 POP3 LOGOUT user 'xxx at xxx.com' MailboxSize = 14472 Capacity = 0% > > In this example we can know the mailbox size before and after the connection, and it shows that user has removed or downloaded all messages from server. > > Now in Dovecot we have no information about that, and I cannot find any plugin which gives this us functionality. Hi, you can add some variables to logout log: /etc/dovecot/conf.d/20-pop3.conf # POP3 logout format string: [...] # %s - mailbox size in bytes (before deletion) -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice From bernard+dovecot at rosset.me Fri Mar 3 08:26:55 2017 From: bernard+dovecot at rosset.me (Bernard) Date: Fri, 3 Mar 2017 09:26:55 +0100 Subject: Dovecot + SpamAssassin through dovecot-antispam In-Reply-To: References: Message-ID: No help there? --- Bernard On 01/03/2017 11:27, Bernard wrote: > Hello, > > I am new to the list. /Waving at everyone/ > > I got a basic SpamAssassin working on a Debian setup (w/ debian-spamd > user), running as a Postfix transport. > > I am currently trying to switch it to a dovecot plugin in order to make > it interactively work with the email storage (react to mail > classification, being able to train it from already received emails, aso.) > My problem is now making it able to access my emails. > > Here is my setup: > userdb { > driver = static > args = uid= gid= home=/var/mail/vhosts/%d/%n > } > > passdb { > driver = passwd-file > args = > } > > mail_location = maildir:~/mail:LAYOUT=fs > mail_privileged_group = vmail > > Translating into this on the FS: > drwxrwsr-x root mail /var/mail/ > drwxrws--- root vmail /var/mail/vhosts > drwx--S--- vmail vmail /var/mail/vhosts/domain1 > drwx--S--- vmail vmail /var/mail/vhosts/domain1/user1 > drwx--S--- vmail vmail /var/mail/vhosts/domain1/user2 > drwx--S--- vmail vmail /var/mail/vhosts/domain2 > drwx--S--- vmail vmail /var/mail/vhosts/domain2/user1 > > The drwx--S--- access rights are propagated into lower branches/leafs. > > I am having a hard time understanding what to do, reading > http://wiki2.dovecot.org/SharedMailboxes/Permissions, to make all the > folders and subsequent files readable by the vmail group too. > Based on this documentation, the way dovecot propagate permissions from > parent folders is a bit cryptic to me. What needs to be done to achieve > that? > > The idea would be that even if I decided to allocated per-virtual-user a > system user for stored files, all the files would still be stored and > accessible with the same system group. > I understand this would be done with the help of mail_access_groups = > vmail, right? > > FWIW, I am getting inspiration from the following explanations: > https://www.christianroessler.net/tech/2015/spamassassin-dovecot-postfix.html > If I understand correctly, the guy is bypassing the authentication > completely with allow_all_users=yes, right? I do not want to do that anyway. > > I hope what I am trying to achieve is clear enough and that I provided > information enough. > Would you help me? > --- > Bernard From amateo at um.es Fri Mar 3 08:42:38 2017 From: amateo at um.es (Angel L. Mateo) Date: Fri, 3 Mar 2017 09:42:38 +0100 Subject: passdb evaluation order Message-ID: <72334999-33e9-ad6f-59d6-24ca977596a2@um.es> Hello, I could have several password databases in dovecot. And according to http://wiki.dovecot.org/PasswordDatabase these passwdbs could allow or deny users and they could have different result_failure and result_sucess behaviors. So the order in which they are evaluated may be significant. So, how do I define this order? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337 From rye at trojka.no Fri Mar 3 11:00:57 2017 From: rye at trojka.no (Eirik Rye) Date: Fri, 3 Mar 2017 12:00:57 +0100 Subject: passdb evaluation order In-Reply-To: <72334999-33e9-ad6f-59d6-24ca977596a2@um.es> References: <72334999-33e9-ad6f-59d6-24ca977596a2@um.es> Message-ID: Den 03.03.2017 09.42, skrev Angel L. Mateo: > Hello, > > I could have several password databases in dovecot. And according to > http://wiki.dovecot.org/PasswordDatabase these passwdbs could allow or > deny users and they could have different result_failure and > result_sucess behaviors. So the order in which they are evaluated may be > significant. > > So, how do I define this order? They evaluate in the same order that they are defined in your configuration. - Eirik Rye From jc at info-systems.de Fri Mar 3 11:22:04 2017 From: jc at info-systems.de (Jakob Curdes) Date: Fri, 3 Mar 2017 12:22:04 +0100 Subject: Upgrade from 2.0. to 2.2 Message-ID: <72114253-bb42-88e3-b74a-0a2e7b632e8f@info-systems.de> Hello, we have a centos 6 server running dovecot 2.0 provided with the OS, currently 2.0.9. We would like to upgrade to the 2.2.19 package provided by the mailserver.guru repo. I read the upgrading docs for 2.1 and 2.2 and found the following issues: 2.0 - 2.1: - define namespace inbox or delete 15-mailboxes.conf (we do not "care about special use mailboxes") - plugins and UTF-8: we do not use one of the listed plugins - to allow mixed usernames set auth_username_format to "nothing" - solr backend: not used in our setup - expire plugin: not used - dsync: not used 2.1 - 2.2 - fts-solr: not used (?) - autocreate: not used - other changes: trivial or not used Are there other things that we need to observe? Is a direct update from 2.0.9 to 2.2.19 feasible with the above precautions or do we need to put in a 2.1 version in between? Thank you for hints, Jakob From aki.tuomi at dovecot.fi Fri Mar 3 11:25:22 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 3 Mar 2017 13:25:22 +0200 Subject: passdb evaluation order In-Reply-To: <72334999-33e9-ad6f-59d6-24ca977596a2@um.es> References: <72334999-33e9-ad6f-59d6-24ca977596a2@um.es> Message-ID: On 2017-03-03 10:42, Angel L. Mateo wrote: > Hello, > > I could have several password databases in dovecot. And according > to http://wiki.dovecot.org/PasswordDatabase these passwdbs could allow > or deny users and they could have different result_failure and > result_sucess behaviors. So the order in which they are evaluated may > be significant. > > So, how do I define this order? > They are processed in the order they are configured, you can affect the order with skip and mechanisms keywords. Aki From aki.tuomi at dovecot.fi Fri Mar 3 11:26:32 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 3 Mar 2017 13:26:32 +0200 Subject: Dovecot + SpamAssassin through dovecot-antispam In-Reply-To: References: Message-ID: On 2017-03-03 10:26, Bernard wrote: > No help there? > --- > Bernard > > On 01/03/2017 11:27, Bernard wrote: >> Hello, >> >> I am new to the list. /Waving at everyone/ >> >> I got a basic SpamAssassin working on a Debian setup (w/ debian-spamd >> user), running as a Postfix transport. >> >> I am currently trying to switch it to a dovecot plugin in order to make >> it interactively work with the email storage (react to mail >> classification, being able to train it from already received emails, aso.) >> My problem is now making it able to access my emails. >> >> Here is my setup: >> userdb { >> driver = static >> args = uid= gid= home=/var/mail/vhosts/%d/%n >> } >> >> passdb { >> driver = passwd-file >> args = >> } >> >> mail_location = maildir:~/mail:LAYOUT=fs >> mail_privileged_group = vmail >> >> Translating into this on the FS: >> drwxrwsr-x root mail /var/mail/ >> drwxrws--- root vmail /var/mail/vhosts >> drwx--S--- vmail vmail /var/mail/vhosts/domain1 >> drwx--S--- vmail vmail /var/mail/vhosts/domain1/user1 >> drwx--S--- vmail vmail /var/mail/vhosts/domain1/user2 >> drwx--S--- vmail vmail /var/mail/vhosts/domain2 >> drwx--S--- vmail vmail /var/mail/vhosts/domain2/user1 >> >> The drwx--S--- access rights are propagated into lower branches/leafs. >> >> I am having a hard time understanding what to do, reading >> http://wiki2.dovecot.org/SharedMailboxes/Permissions, to make all the >> folders and subsequent files readable by the vmail group too. >> Based on this documentation, the way dovecot propagate permissions from >> parent folders is a bit cryptic to me. What needs to be done to achieve >> that? >> >> The idea would be that even if I decided to allocated per-virtual-user a >> system user for stored files, all the files would still be stored and >> accessible with the same system group. >> I understand this would be done with the help of mail_access_groups = >> vmail, right? >> >> FWIW, I am getting inspiration from the following explanations: >> https://www.christianroessler.net/tech/2015/spamassassin-dovecot-postfix.html >> If I understand correctly, the guy is bypassing the authentication >> completely with allow_all_users=yes, right? I do not want to do that anyway. >> >> I hope what I am trying to achieve is clear enough and that I provided >> information enough. >> Would you help me? >> --- >> Bernard Hi! https://wiki2.dovecot.org/HowTo/AntispamWithSieve maybe this would help you? Aki From aki.tuomi at dovecot.fi Fri Mar 3 11:45:44 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 3 Mar 2017 13:45:44 +0200 Subject: Upgrade from 2.0. to 2.2 In-Reply-To: <72114253-bb42-88e3-b74a-0a2e7b632e8f@info-systems.de> References: <72114253-bb42-88e3-b74a-0a2e7b632e8f@info-systems.de> Message-ID: <254bd943-17d2-6868-454b-5fa027b75ef7@dovecot.fi> On 2017-03-03 13:22, Jakob Curdes wrote: > Hello, we have a centos 6 server running dovecot 2.0 provided with the > OS, currently 2.0.9. We would like to upgrade to the 2.2.19 package > provided by the mailserver.guru repo. I read the upgrading docs for > 2.1 and 2.2 and found the following issues: > > 2.0 - 2.1: > - define namespace inbox or delete 15-mailboxes.conf (we do not "care > about special use mailboxes") > - plugins and UTF-8: we do not use one of the listed plugins > - to allow mixed usernames set auth_username_format to "nothing" > - solr backend: not used in our setup > - expire plugin: not used > - dsync: not used > 2.1 - 2.2 > - fts-solr: not used (?) > - autocreate: not used > - other changes: trivial or not used > > > Are there other things that we need to observe? Is a direct update > from 2.0.9 to 2.2.19 feasible with the above precautions or do we need > to put in a 2.1 version in between? > > Thank you for hints, > Jakob I would also consider possibility of upgrading the server too, so you would instead setup a new environment and migrate your users there instead of upgrading the old server. This way you could make sure everything works. Aki From matthew.broadhead at nbmlaw.co.uk Fri Mar 3 12:09:29 2017 From: matthew.broadhead at nbmlaw.co.uk (Matthew Broadhead) Date: Fri, 3 Mar 2017 13:09:29 +0100 Subject: Dovecot + SpamAssassin through dovecot-antispam In-Reply-To: References: Message-ID: <3aefc930-a5c0-8862-4f9a-71a74fc00539@nbmlaw.co.uk> i recently had this problem. i am using centos 7. maybe these links will help you i reverted to the old antispam plugin as a package from https://copr.fedorainfracloud.org/coprs/cottsay/dovecot-antispam/ plus this to help configure http://www.iredmail.org/forum/topic8169-iredmail-support-antispam-via-dovecot-and-spamassassin.html On 03/03/2017 12:26, Aki Tuomi wrote: > > > On 2017-03-03 10:26, Bernard wrote: >> No help there? >> --- >> Bernard >> >> On 01/03/2017 11:27, Bernard wrote: >>> Hello, >>> >>> I am new to the list. /Waving at everyone/ >>> >>> I got a basic SpamAssassin working on a Debian setup (w/ debian-spamd >>> user), running as a Postfix transport. >>> >>> I am currently trying to switch it to a dovecot plugin in order to make >>> it interactively work with the email storage (react to mail >>> classification, being able to train it from already received emails, >>> aso.) >>> My problem is now making it able to access my emails. >>> >>> Here is my setup: >>> userdb { >>> driver = static >>> args = uid= gid= home=/var/mail/vhosts/%d/%n >>> } >>> >>> passdb { >>> driver = passwd-file >>> args = >>> } >>> >>> mail_location = maildir:~/mail:LAYOUT=fs >>> mail_privileged_group = vmail >>> >>> Translating into this on the FS: >>> drwxrwsr-x root mail /var/mail/ >>> drwxrws--- root vmail /var/mail/vhosts >>> drwx--S--- vmail vmail /var/mail/vhosts/domain1 >>> drwx--S--- vmail vmail /var/mail/vhosts/domain1/user1 >>> drwx--S--- vmail vmail /var/mail/vhosts/domain1/user2 >>> drwx--S--- vmail vmail /var/mail/vhosts/domain2 >>> drwx--S--- vmail vmail /var/mail/vhosts/domain2/user1 >>> >>> The drwx--S--- access rights are propagated into lower branches/leafs. >>> >>> I am having a hard time understanding what to do, reading >>> http://wiki2.dovecot.org/SharedMailboxes/Permissions, to make all the >>> folders and subsequent files readable by the vmail group too. >>> Based on this documentation, the way dovecot propagate permissions from >>> parent folders is a bit cryptic to me. What needs to be done to achieve >>> that? >>> >>> The idea would be that even if I decided to allocated >>> per-virtual-user a >>> system user for stored files, all the files would still be stored and >>> accessible with the same system group. >>> I understand this would be done with the help of mail_access_groups = >>> vmail, right? >>> >>> FWIW, I am getting inspiration from the following explanations: >>> https://www.christianroessler.net/tech/2015/spamassassin-dovecot-postfix.html >>> >>> If I understand correctly, the guy is bypassing the authentication >>> completely with allow_all_users=yes, right? I do not want to do that >>> anyway. >>> >>> I hope what I am trying to achieve is clear enough and that I provided >>> information enough. >>> Would you help me? >>> --- >>> Bernard > Hi! > > https://wiki2.dovecot.org/HowTo/AntispamWithSieve > > maybe this would help you? > > Aki From amateo at um.es Fri Mar 3 12:42:24 2017 From: amateo at um.es (Angel L. Mateo) Date: Fri, 3 Mar 2017 13:42:24 +0100 Subject: Do I need to configure director? Message-ID: <044a1bf6-9979-83ac-b33f-c5d4e07fce83@um.es> Hi, I'm configuring a farm of dovecot proxies redirecting users to backend servers. The decision of which backend server is used for a user is based in its ldap account information. In my previous configuration I was using an inherited director configuration in these proxy servers, but now I was wondering that because the decision is made according to user information, I don't need to run director. Do it? Is there any advantage of running director in this scenario? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337 From skdovecot at smail.inf.fh-brs.de Fri Mar 3 12:54:48 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 3 Mar 2017 13:54:48 +0100 (CET) Subject: Dovecot + SpamAssassin through dovecot-antispam In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 3 Mar 2017, Bernard wrote: > On 01/03/2017 11:27, Bernard wrote: >> Hello, >> >> I am new to the list. /Waving at everyone/ >> >> I got a basic SpamAssassin working on a Debian setup (w/ debian-spamd >> user), running as a Postfix transport. >> >> I am currently trying to switch it to a dovecot plugin in order to make >> it interactively work with the email storage (react to mail >> classification, being able to train it from already received emails, aso.) >> My problem is now making it able to access my emails. if you followed the steps of both links, the spam checker is using vmail:vmail, so it has access to the messages. >> Here is my setup: >> userdb { >> driver = static >> args = uid= gid= home=/var/mail/vhosts/%d/%n >> } >> >> passdb { >> driver = passwd-file >> args = >> } >> >> mail_location = maildir:~/mail:LAYOUT=fs >> mail_privileged_group = vmail >> >> Translating into this on the FS: >> drwxrwsr-x root mail /var/mail/ >> drwxrws--- root vmail /var/mail/vhosts >> drwx--S--- vmail vmail /var/mail/vhosts/domain1 >> drwx--S--- vmail vmail /var/mail/vhosts/domain1/user1 >> drwx--S--- vmail vmail /var/mail/vhosts/domain1/user2 >> drwx--S--- vmail vmail /var/mail/vhosts/domain2 >> drwx--S--- vmail vmail /var/mail/vhosts/domain2/user1 >> >> The drwx--S--- access rights are propagated into lower branches/leafs. >> >> I am having a hard time understanding what to do, reading >> http://wiki2.dovecot.org/SharedMailboxes/Permissions, to make all the >> folders and subsequent files readable by the vmail group too. >> Based on this documentation, the way dovecot propagate permissions from >> parent folders is a bit cryptic to me. What needs to be done to achieve >> that? Your output matches the example in section "Permissions to new /domain/user directories" exactly. The portions about to propagate permissions apply to mailboxes and files therein only. Also note: Permissions to new user home directories (v2.2+) When mail_location begins with %h or ~/, its permissions are copied from the first existing parent directory if it has setgid-bit set. This isn't done when the path contains any other %variables. So, do you use Dovecot v2.2 ? >> The idea would be that even if I decided to allocated per-virtual-user a >> system user for stored files, all the files would still be stored and >> accessible with the same system group. >> I understand this would be done with the help of mail_access_groups = >> vmail, right? >> >> FWIW, I am getting inspiration from the following explanations: >> https://www.christianroessler.net/tech/2015/spamassassin-dovecot-postfix.html >> If I understand correctly, the guy is bypassing the authentication >> completely with allow_all_users=yes, right? I do not want to do that anyway. >> >> I hope what I am trying to achieve is clear enough and that I provided >> information enough. >> Would you help me? >> --- >> Bernard > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWLlnmHz1H7kL/d9rAQKOWwgAi0CcrS1KRgvOusCHx/vSsGFv+HFTQsoR gODzxmmJkJKGQAi+lmd26reGRHmlbuuO9EF7nCIcYh0FtYoEJBrV9QstWz/pNj7t khabQune0BI4j+TSHVSR4VTTyaPG4MngmFTQhfljRv22i0Dfkz/Zy0i/E5ppsB5i NyeJse908L0CT6sQQSET5z44nJjSx0txv8mXYq0Q6ViGEOVe4r6hd6360UmhEP4M 6CuAoMo0Oar3R7raURrCXEFt6uvtEeBLgDyGUylJ7+TtM/qL8OlGsR6Fvhd4aw8j Xf92+a54QKgbZXkweReWCKIZmemN1Fe809yUiRSK1hvOr4Z3cbr8IQ== =86QE -----END PGP SIGNATURE----- From bernard+dovecot at rosset.me Fri Mar 3 13:42:56 2017 From: bernard+dovecot at rosset.me (Bernard) Date: Fri, 3 Mar 2017 14:42:56 +0100 Subject: Dovecot + SpamAssassin through dovecot-antispam In-Reply-To: References: Message-ID: <332948c8-f94d-5f88-78e3-643521b173d6@rosset.me> Hello Steffen, Dovecot version: v2.2.13 It seems there is no problem on mail reception step when piped through dovecot. However, running it afterwards is another story. SpamAssassin is run as debian-spamd and thus has its information stored in its own environment (isolation). As an exemple, if you read the end of the tutorial, you will notice sa-learn is then used to train SpamAssassin or to run it on stored messages again. It is that step which bothers me. Even though I could add SpamAssassin debian-spamd user to the vmail group, in the current state that won't help. The idea would be to configure dovecot in such a way that the vmail group has read access to the whole mail tree, even on creation of new mailboxes. Typically I would like the permissions to be ***:vmail, 770 (d) / 660 (f). /As stated, for now I am using a single vmail user for everyone as I only understood how to make dovecot running like that when setting up my mail system. Ultimately, I'd like to add a per-virtual-mailbox (or per-domain?) system user in order to ensure mail privacy system-wise, if possible./ I am having a hard time understanding how dovecot behaves and why, as well as what configuration directives impact what I want to do and which are unrelated. ... hence this call for help on the ML. --- Bernard On 03/03/2017 13:54, Steffen Kaiser wrote: > On Fri, 3 Mar 2017, Bernard wrote: > > > On 01/03/2017 11:27, Bernard wrote: > >> Hello, > >> > >> I am new to the list. /Waving at everyone/ > >> > >> I got a basic SpamAssassin working on a Debian setup (w/ debian-spamd > >> user), running as a Postfix transport. > >> > >> I am currently trying to switch it to a dovecot plugin in order to make > >> it interactively work with the email storage (react to mail > >> classification, being able to train it from already received > emails, aso.) > >> My problem is now making it able to access my emails. > > if you followed the steps of both links, the spam checker is using > vmail:vmail, so it has access to the messages. > > >> Here is my setup: > >> userdb { > >> driver = static > >> args = uid= gid= home=/var/mail/vhosts/%d/%n > >> } > >> > >> passdb { > >> driver = passwd-file > >> args = > >> } > >> > >> mail_location = maildir:~/mail:LAYOUT=fs > >> mail_privileged_group = vmail > >> > >> Translating into this on the FS: > >> drwxrwsr-x root mail /var/mail/ > >> drwxrws--- root vmail /var/mail/vhosts > >> drwx--S--- vmail vmail /var/mail/vhosts/domain1 > >> drwx--S--- vmail vmail /var/mail/vhosts/domain1/user1 > >> drwx--S--- vmail vmail /var/mail/vhosts/domain1/user2 > >> drwx--S--- vmail vmail /var/mail/vhosts/domain2 > >> drwx--S--- vmail vmail /var/mail/vhosts/domain2/user1 > >> > >> The drwx--S--- access rights are propagated into lower branches/leafs. > >> > >> I am having a hard time understanding what to do, reading > >> http://wiki2.dovecot.org/SharedMailboxes/Permissions, to make all the > >> folders and subsequent files readable by the vmail group too. > >> Based on this documentation, the way dovecot propagate permissions from > >> parent folders is a bit cryptic to me. What needs to be done to achieve > >> that? > > Your output matches the example in section "Permissions to new > /domain/user directories" exactly. The portions about to propagate > permissions apply to mailboxes and files therein only. > > Also note: Permissions to new user home directories (v2.2+) > > When mail_location begins with %h or ~/, its permissions are copied > from the first existing parent directory if it has setgid-bit set. > This isn't done when the path contains any other %variables. > > So, do you use Dovecot v2.2 ? > > >> The idea would be that even if I decided to allocated > per-virtual-user a > >> system user for stored files, all the files would still be stored and > >> accessible with the same system group. > >> I understand this would be done with the help of mail_access_groups = > >> vmail, right? > >> > >> FWIW, I am getting inspiration from the following explanations: > >> > https://www.christianroessler.net/tech/2015/spamassassin-dovecot-postfix.html > >> If I understand correctly, the guy is bypassing the authentication > >> completely with allow_all_users=yes, right? I do not want to do > that anyway. > >> > >> I hope what I am trying to achieve is clear enough and that I provided > >> information enough. > >> Would you help me? > >> --- > >> Bernard > > > -- Steffen Kaiser From sbastian at telecable.com Fri Mar 3 14:29:31 2017 From: sbastian at telecable.com (=?iso-8859-1?Q?Sergio_Bastian_Rodr=EDguez?=) Date: Fri, 3 Mar 2017 14:29:31 +0000 Subject: Mailbox size in log file In-Reply-To: <24899e25-f722-a020-203d-452780769b1b@skye.it> References: <24899e25-f722-a020-203d-452780769b1b@skye.it> Message-ID: Hello Alessio, thanks for the information. This is the default information in Bytes in all logout POP session. In think that in the login we haven't anything about size information, at least I haven't found out any option on 20-pop3.conf file. But, is possible to have this info in IMAP sessions? I have configured all logout sessions like that: # IMAP logout format string: # %i - total number of bytes read from client # %o - total number of bytes sent to client # %{fetch_hdr_count} - Number of mails with mail header data sent to client # %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client # %{fetch_body_count} - Number of mails with mail body data sent to client # %{fetch_body_bytes} - Number of bytes with mail body data sent to client # %{deleted} - Number of mails where client added \Deleted flag # %{expunged} - Number of mails that client expunged # %{trashed} - Number of mails that client copied/moved to the # special_use=\Trash mailbox. #imap_logout_format = in=%i out=%o imap_logout_format = in=%i out=%o del=%{deleted} exp=%{expunged} trh=%{trashed} But I prefer to have the mailbox size in the log instead of the number of emails managed. Regards, and thanks again!!!! Regards Sergio Basti?n Rodr?guez Arquitectura y servicios de red Tlf.: +34 984 19 12 65 Fax: +34 984 19 10 01 M?vil: +34 684 69 63 09 Parque Cient?fico y Tecnol?gico de Gij?n Profesor Potter, 190 ? 33203 Gij?n, Asturias www.telecable.es Antes de imprimir este correo electr?nico y su contenido, piense bien si es necesario hacerlo: El medio ambiente es cuesti?n de todos. -----Mensaje original----- De: dovecot [mailto:dovecot-bounces at dovecot.org] En nombre de Alessio Cecchi Enviado el: viernes, 03 de marzo de 2017 8:41 Para: dovecot at dovecot.org Asunto: Re: Mailbox size in log file Il 02/03/2017 17:21, Sergio Bastian Rodr?guez ha scritto: > Hello Dovecot list. > > I need that Dovecot log writes mailbox size in all POP / IMAP connections, but I do not know if Dovecot can do that. > I have been searching about that with not successful. > > For example, this is the log of our last email platform, different than Dovecot: > > 06:48:14 025BEE83 POP3 LOGIN user 'xxx at xxx.com' MailboxSize = 61708 > Capacity = 2% ...... > 06:49:19 025BEE83 POP3 LOGOUT user 'xxx at xxx.com' MailboxSize = 14472 > Capacity = 0% > > In this example we can know the mailbox size before and after the connection, and it shows that user has removed or downloaded all messages from server. > > Now in Dovecot we have no information about that, and I cannot find any plugin which gives this us functionality. Hi, you can add some variables to logout log: /etc/dovecot/conf.d/20-pop3.conf # POP3 logout format string: [...] # %s - mailbox size in bytes (before deletion) -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice ________________________________ ------------------------------------------------------------------------ Le informamos, como destinatario de este mensaje, que el correo electr?nico y las comunicaciones por medio de Internet no permiten asegurar ni garantizar la confidencialidad de los mensajes transmitidos, as? como tampoco su integridad o su correcta recepci?n, por lo que TELECABLE DE ASTURIAS, S.A. no asume responsabilidad alguna por tales circunstancias. Si no consintiese en la utilizaci?n del correo electr?nico o de las comunicaciones v?a Internet le rogamos nos lo comunique y ponga en nuestro conocimiento de manera inmediata. Este mensaje va dirigido, de manera exclusiva, a su destinatario y contiene informaci?n confidencial y sujeta al secreto profesional, cuya divulgaci?n no est? permitida por la ley. En caso de haber recibido este mensaje por error, le rogamos que, de forma inmediata, nos lo comunique mediante correo electr?nico remitido a nuestra atenci?n o a trav?s del tel?fono (+ 34) 984191000 y proceda a su eliminaci?n, as? como a la de cualquier documento adjunto al mismo. Asimismo, le comunicamos que la distribuci?n, copia o utilizaci?n de este mensaje, o de cualquier documento adjunto al mismo, cualquiera que fuera su finalidad, est?n prohibidas por la ley. ------------------------------------------------------------------------ From sbastian at telecable.com Fri Mar 3 14:30:36 2017 From: sbastian at telecable.com (=?utf-8?B?U2VyZ2lvIEJhc3RpYW4gUm9kcsOtZ3Vleg==?=) Date: Fri, 3 Mar 2017 14:30:36 +0000 Subject: Mailbox size in log file In-Reply-To: References: Message-ID: Wowwwww, Teemu, it sounds great!!!! I am looking forward to seeing this point in your roadmap working. Thanks for the update. Sergio Basti?n Rodr?guez Arquitectura y servicios de red Tlf.: +34 984 19 12 65 Fax: +34 984 19 10 01 M?vil: +34 684 69 63 09 Parque Cient?fico y Tecnol?gico de Gij?n Profesor Potter, 190 ? 33203 Gij?n, Asturias www.telecable.es Antes de imprimir este correo electr?nico y su contenido, piense bien si es necesario hacerlo: El medio ambiente es cuesti?n de todos. -----Mensaje original----- De: dovecot [mailto:dovecot-bounces at dovecot.org] En nombre de Teemu Huovila Enviado el: jueves, 02 de marzo de 2017 20:31 Para: dovecot at dovecot.org Asunto: Re: Mailbox size in log file On 02.03.2017 18:21, Sergio Bastian Rodr?guez wrote: > Hello Dovecot list. > > I need that Dovecot log writes mailbox size in all POP / IMAP connections, but I do not know if Dovecot can do that. > I have been searching about that with not successful. > > For example, this is the log of our last email platform, different than Dovecot: > > 06:48:14 025BEE83 POP3 LOGIN user 'xxx at xxx.com' MailboxSize = 61708 > Capacity = 2% ...... > 06:49:19 025BEE83 POP3 LOGOUT user 'xxx at xxx.com' MailboxSize = 14472 > Capacity = 0% > > In this example we can know the mailbox size before and after the connection, and it shows that user has removed or downloaded all messages from server. We have a feature very similar to this on our roadmap. I expect there will be time to compelte it in the latter half of 2017. Teemu > > Now in Dovecot we have no information about that, and I cannot find any plugin which gives this us functionality. > > Is it possible to have this feature in Dovecot? > Thanks for your help. > > > ________________________________ > > > ---------------------------------------------------------------------- > -- Le informamos, como destinatario de este mensaje, que el correo > electr?nico y las comunicaciones por medio de Internet no permiten asegurar ni garantizar la confidencialidad de los mensajes transmitidos, as? como tampoco su integridad o su correcta recepci?n, por lo que TELECABLE DE ASTURIAS, S.A. no asume responsabilidad alguna por tales circunstancias. > Si no consintiese en la utilizaci?n del correo electr?nico o de las comunicaciones v?a Internet le rogamos nos lo comunique y ponga en nuestro conocimiento de manera inmediata. Este mensaje va dirigido, de manera exclusiva, a su destinatario y contiene informaci?n confidencial y sujeta al secreto profesional, cuya divulgaci?n no est? permitida por la ley. En caso de haber recibido este mensaje por error, le rogamos que, de forma inmediata, nos lo comunique mediante correo electr?nico remitido a nuestra atenci?n o a trav?s del tel?fono (+ 34) 984191000 y proceda a su eliminaci?n, as? como a la de cualquier documento adjunto al mismo. Asimismo, le comunicamos que la distribuci?n, copia o utilizaci?n de este mensaje, o de cualquier documento adjunto al mismo, cualquiera que fuera su finalidad, est?n prohibidas por la ley. > ------------------------------------------------------------------------ > ________________________________ ------------------------------------------------------------------------ Le informamos, como destinatario de este mensaje, que el correo electr?nico y las comunicaciones por medio de Internet no permiten asegurar ni garantizar la confidencialidad de los mensajes transmitidos, as? como tampoco su integridad o su correcta recepci?n, por lo que TELECABLE DE ASTURIAS, S.A. no asume responsabilidad alguna por tales circunstancias. Si no consintiese en la utilizaci?n del correo electr?nico o de las comunicaciones v?a Internet le rogamos nos lo comunique y ponga en nuestro conocimiento de manera inmediata. Este mensaje va dirigido, de manera exclusiva, a su destinatario y contiene informaci?n confidencial y sujeta al secreto profesional, cuya divulgaci?n no est? permitida por la ley. En caso de haber recibido este mensaje por error, le rogamos que, de forma inmediata, nos lo comunique mediante correo electr?nico remitido a nuestra atenci?n o a trav?s del tel?fono (+ 34) 984191000 y proceda a su eliminaci?n, as? como a la de cualquier documento adjunto al mismo. Asimismo, le comunicamos que la distribuci?n, copia o utilizaci?n de este mensaje, o de cualquier documento adjunto al mismo, cualquiera que fuera su finalidad, est?n prohibidas por la ley. ------------------------------------------------------------------------ From alessio at skye.it Fri Mar 3 16:14:37 2017 From: alessio at skye.it (Alessio Cecchi) Date: Fri, 3 Mar 2017 17:14:37 +0100 Subject: Director+NFS Experiences In-Reply-To: References: Message-ID: <19013dcc-356d-097b-7c9c-19ac5a3197e5@skye.it> Il 23/02/2017 23:08, Mark Moseley ha scritto: > As someone who is about to begin the process of moving from maildir to > mdbox on NFS (and therefore just about to start the 'director-ization' of > everything) for ~6.5m mailboxes, I'm curious if anyone can share any > experiences with it. The list is surprisingly quiet about this subject, and > articles on google are mainly just about setting director up. I've yet to > stumble across an article about someone's experiences with it. Hi, in the past I did some consulting for ISPs with 4-5mln mailboxes, they had "only" 6 Director and about 30 or more Dovecot backend. About NFS, I had some trouble with Maildir, Director and NFSv4, I don't know if was a problem of client (Debian 6) or storage (NetApp Ontap 8.1) but with NFSv3 work fine. Now we should try again with Centos 6/7 and NFSv4.1. -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice From dave.mehler at gmail.com Fri Mar 3 18:07:31 2017 From: dave.mehler at gmail.com (David Mehler) Date: Fri, 3 Mar 2017 13:07:31 -0500 Subject: letsencrypt Message-ID: Hello, I know some users here are using letsencrypt for their CA. If this is to off topic write me privately. I'm wanting letsencrypt to take over as my CA, replacing existing self signed certificates. I've got web working, a certificate for https sites and one for webmail as they have different names. What I'm now wanting to do is get letsencrypt going for my email setup, the smtp handled by postfix, but mail, and imap I believe are handled by dovecot. With the web it was easy just let apache serve the token that letsencrypt needed and I got certificates. How do I do this with regards email? I hope that's clear. Any help appreciated. Thanks. Dave. From larryrtx at gmail.com Fri Mar 3 18:08:42 2017 From: larryrtx at gmail.com (Larry Rosenman) Date: Fri, 03 Mar 2017 12:08:42 -0600 Subject: letsencrypt In-Reply-To: References: Message-ID: <59AAB268-71E7-4294-A46C-6DB01717E6E8@gmail.com> I have DNS setup as my auth, and use nsupdate to let it get the token. On 3/3/17, 12:07 PM, "dovecot on behalf of David Mehler" wrote: Hello, I know some users here are using letsencrypt for their CA. If this is to off topic write me privately. I'm wanting letsencrypt to take over as my CA, replacing existing self signed certificates. I've got web working, a certificate for https sites and one for webmail as they have different names. What I'm now wanting to do is get letsencrypt going for my email setup, the smtp handled by postfix, but mail, and imap I believe are handled by dovecot. With the web it was easy just let apache serve the token that letsencrypt needed and I got certificates. How do I do this with regards email? I hope that's clear. Any help appreciated. Thanks. Dave. From dave.mehler at gmail.com Fri Mar 3 18:10:16 2017 From: dave.mehler at gmail.com (David Mehler) Date: Fri, 3 Mar 2017 13:10:16 -0500 Subject: welcome plugin In-Reply-To: <2BEC3562-6845-4616-8CD4-DDF71708CCE6@kreme.com> References: <2BEC3562-6845-4616-8CD4-DDF71708CCE6@kreme.com> Message-ID: Hello, Perms are 775 on that folder. If you've got a working configuration can you do a doveconf -n and let me see it? I'd like to compare yours to mine. And if you've got a working welcome script i'd like to see that as well. Thanks. Dave. On 3/3/17, @lbutlr wrote: > On 2017-03-02 (17:51 MST), David Mehler wrote: >> >> Feb 28 14:52:06 hostname dovecot: lda(testuser at domain.tld): Error: >> userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: >> Permission denied (euid=143(dovecot) egid=143(dovecot) missing +r >> perm: /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > > This seems pretty clear. What are the permissions on that folder, and why is > auth-userdb owned by root? > > On my system auth-userdb is owned by dovecot. > > -- > Apple broke AppleScripting signatures in Mail.app, so no random signatures. > From dave.mehler at gmail.com Fri Mar 3 18:12:52 2017 From: dave.mehler at gmail.com (David Mehler) Date: Fri, 3 Mar 2017 13:12:52 -0500 Subject: letsencrypt In-Reply-To: <59AAB268-71E7-4294-A46C-6DB01717E6E8@gmail.com> References: <59AAB268-71E7-4294-A46C-6DB01717E6E8@gmail.com> Message-ID: Hello, Thanks, should have mentioned dns tokens are not possible in my situation. Thanks. Dave. On 3/3/17, Larry Rosenman wrote: > I have DNS setup as my auth, and use nsupdate to let it get the token. > > > > On 3/3/17, 12:07 PM, "dovecot on behalf of David Mehler" > wrote: > > Hello, > > I know some users here are using letsencrypt for their CA. If this is > to off topic write me privately. > > I'm wanting letsencrypt to take over as my CA, replacing existing self > signed certificates. I've got web working, a certificate for https > sites and one for webmail as they have different names. What I'm now > wanting to do is get letsencrypt going for my email setup, the smtp > handled by postfix, but mail, and imap I believe are handled by > dovecot. > > With the web it was easy just let apache serve the token that > letsencrypt needed and I got certificates. How do I do this with > regards email? > > I hope that's clear. > > Any help appreciated. > > Thanks. > Dave. > > > > From listeem at ksb.id.lv Fri Mar 3 18:13:45 2017 From: listeem at ksb.id.lv (KSB) Date: Fri, 3 Mar 2017 20:13:45 +0200 Subject: letsencrypt In-Reply-To: <59AAB268-71E7-4294-A46C-6DB01717E6E8@gmail.com> References: <59AAB268-71E7-4294-A46C-6DB01717E6E8@gmail.com> Message-ID: <957e4c71-513c-05d8-30bc-aafde62ec972@ksb.id.lv> You can also setup web server to handle auth for particular domain or use certbot's standalone auth, but in that case, 80 or 443 port must be free to allow certbot's temporary web server to run on that port. -- KSB On 2017.03.03. 20:08, Larry Rosenman wrote: > I have DNS setup as my auth, and use nsupdate to let it get the token. > > > > On 3/3/17, 12:07 PM, "dovecot on behalf of David Mehler" wrote: > > Hello, > > I know some users here are using letsencrypt for their CA. If this is > to off topic write me privately. > > I'm wanting letsencrypt to take over as my CA, replacing existing self > signed certificates. I've got web working, a certificate for https > sites and one for webmail as they have different names. What I'm now > wanting to do is get letsencrypt going for my email setup, the smtp > handled by postfix, but mail, and imap I believe are handled by > dovecot. > > With the web it was easy just let apache serve the token that > letsencrypt needed and I got certificates. How do I do this with > regards email? > > I hope that's clear. > > Any help appreciated. > > Thanks. > Dave. > > From mine at michi.su Fri Mar 3 18:20:11 2017 From: mine at michi.su (Michael Neurohr) Date: Fri, 3 Mar 2017 19:20:11 +0100 Subject: letsencrypt In-Reply-To: References: Message-ID: <910ceb4e-6c00-8940-2f5b-f495371b199c@michi.su> On 2017-03-03 19:07, David Mehler wrote: > Hello, > > I know some users here are using letsencrypt for their CA. If this is > to off topic write me privately. > > I'm wanting letsencrypt to take over as my CA, replacing existing self > signed certificates. I've got web working, a certificate for https > sites and one for webmail as they have different names. What I'm now > wanting to do is get letsencrypt going for my email setup, the smtp > handled by postfix, but mail, and imap I believe are handled by > dovecot. > > With the web it was easy just let apache serve the token that > letsencrypt needed and I got certificates. How do I do this with > regards email? You can use certbot. It has a built in webserver. It allows you to retrieve and renew the certificates automatically. I'm using it for Dovecot and Postfix. See https://certbot.eff.org/ I'm doing everything with the following command: certbot/certbot-auto certonly --no-self-upgrade --standalone -n --rsa-key-size 4096 -d domain1.example.com -d domain2.example.com --pre-hook scripts/letsencrypt-pre-hook.sh --post-hook scripts/letsencrypt-post-hook.sh With the pre-hook and post-hook scripts I make sure to open and close the firewall on port 443, and to reload Postfix and Dovecot in case a certificate was update. You can find all information about the flags that I'm using at https://certbot.eff.org/docs/using.html Michael From dave.mehler at gmail.com Fri Mar 3 19:22:54 2017 From: dave.mehler at gmail.com (David Mehler) Date: Fri, 3 Mar 2017 14:22:54 -0500 Subject: letsencrypt In-Reply-To: <910ceb4e-6c00-8940-2f5b-f495371b199c@michi.su> References: <910ceb4e-6c00-8940-2f5b-f495371b199c@michi.su> Message-ID: Hello, Thanks. Is there another way of doing this? I've got a web server running on 80 and 443. Are there any other options? Thanks. Dave. On 3/3/17, Michael Neurohr wrote: > On 2017-03-03 19:07, David Mehler wrote: >> Hello, >> >> I know some users here are using letsencrypt for their CA. If this is >> to off topic write me privately. >> >> I'm wanting letsencrypt to take over as my CA, replacing existing self >> signed certificates. I've got web working, a certificate for https >> sites and one for webmail as they have different names. What I'm now >> wanting to do is get letsencrypt going for my email setup, the smtp >> handled by postfix, but mail, and imap I believe are handled by >> dovecot. >> >> With the web it was easy just let apache serve the token that >> letsencrypt needed and I got certificates. How do I do this with >> regards email? > > You can use certbot. It has a built in webserver. It allows you to > retrieve and renew the certificates automatically. I'm using it for > Dovecot and Postfix. > > See https://certbot.eff.org/ > > I'm doing everything with the following command: > > certbot/certbot-auto certonly --no-self-upgrade --standalone -n > --rsa-key-size 4096 -d domain1.example.com -d domain2.example.com > --pre-hook scripts/letsencrypt-pre-hook.sh --post-hook > scripts/letsencrypt-post-hook.sh > > With the pre-hook and post-hook scripts I make sure to open and close > the firewall on port 443, and to reload Postfix and Dovecot in case a > certificate was update. > > You can find all information about the flags that I'm using at > https://certbot.eff.org/docs/using.html > > Michael > From lists at merit.unu.edu Fri Mar 3 19:27:50 2017 From: lists at merit.unu.edu (mj) Date: Fri, 3 Mar 2017 20:27:50 +0100 Subject: letsencrypt In-Reply-To: References: <910ceb4e-6c00-8940-2f5b-f495371b199c@michi.su> Message-ID: <4cad4e62-9c80-1786-d125-2e08160fa1aa@merit.unu.edu> Yes: I'm using the acme.sh client, and I can do: > acme.sh --issue --standalone -d example.com --httpport 88 It does what you'd expect: it runs using a small webserver on port 88 I only just discovered that option myself :-) MJ On 03/03/2017 08:22 PM, David Mehler wrote: > Hello, > > Thanks. Is there another way of doing this? I've got a web server > running on 80 and 443. Are there any other options? > > Thanks. > Dave. From dovecot at avv.solutions Fri Mar 3 19:36:44 2017 From: dovecot at avv.solutions (dovecot at avv.solutions) Date: Fri, 3 Mar 2017 20:36:44 +0100 Subject: letsencrypt In-Reply-To: References: <910ceb4e-6c00-8940-2f5b-f495371b199c@michi.su> Message-ID: Hello, Have you considered running getssl bash script? It is well documented, self-updates automatically, supports https, imaps, pop3s, ... and can push validation tokens to your web server using rsync, ftp, ... See https://github.com/srvrco/getssl/blob/master/README.md Cheers On 03/03/2017 08:22 PM, David Mehler wrote: > Hello, > > Thanks. Is there another way of doing this? I've got a web server > running on 80 and 443. Are there any other options? > > Thanks. > Dave. > > > On 3/3/17, Michael Neurohr wrote: >> On 2017-03-03 19:07, David Mehler wrote: >>> Hello, >>> >>> I know some users here are using letsencrypt for their CA. If this is >>> to off topic write me privately. >>> >>> I'm wanting letsencrypt to take over as my CA, replacing existing self >>> signed certificates. I've got web working, a certificate for https >>> sites and one for webmail as they have different names. What I'm now >>> wanting to do is get letsencrypt going for my email setup, the smtp >>> handled by postfix, but mail, and imap I believe are handled by >>> dovecot. >>> >>> With the web it was easy just let apache serve the token that >>> letsencrypt needed and I got certificates. How do I do this with >>> regards email? >> You can use certbot. It has a built in webserver. It allows you to >> retrieve and renew the certificates automatically. I'm using it for >> Dovecot and Postfix. >> >> See https://certbot.eff.org/ >> >> I'm doing everything with the following command: >> >> certbot/certbot-auto certonly --no-self-upgrade --standalone -n >> --rsa-key-size 4096 -d domain1.example.com -d domain2.example.com >> --pre-hook scripts/letsencrypt-pre-hook.sh --post-hook >> scripts/letsencrypt-post-hook.sh >> >> With the pre-hook and post-hook scripts I make sure to open and close >> the firewall on port 443, and to reload Postfix and Dovecot in case a >> certificate was update. >> >> You can find all information about the flags that I'm using at >> https://certbot.eff.org/docs/using.html >> >> Michael >> From jtam.home at gmail.com Fri Mar 3 21:04:08 2017 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 3 Mar 2017 13:04:08 -0800 (PST) Subject: letsencrypt In-Reply-To: References: Message-ID: David Mehler writes: > I'm wanting letsencrypt to take over as my CA, replacing existing self > signed certificates. I've got web working, a certificate for https > sites and one for webmail as they have different names. What I'm now > wanting to do is get letsencrypt going for my email setup, the smtp > handled by postfix, but mail, and imap I believe are handled by > dovecot. SMTP is handled by postfix, imap/pop is handled by dovecot. > With the web it was easy just let apache serve the token that > letsencrypt needed and I got certificates. How do I do this with > regards email? You can do the DNS challenge method if your server has the ability to update DNS entries, or you can use certbot clients in standalone-mode that will act as a simple web server just long enough to serve out the token to complete the authentication. Joseph Tam From dovecot at allycomm.com Fri Mar 3 22:23:26 2017 From: dovecot at allycomm.com (Jeff Kletsky) Date: Fri, 3 Mar 2017 14:23:26 -0800 Subject: letsencrypt In-Reply-To: References: <910ceb4e-6c00-8940-2f5b-f495371b199c@michi.su> Message-ID: <7e2d534b-01e5-72ce-81df-45b73c86c034@wagsky.com> You can either drop the authentication token into /.wellknown on your running server, or take down the server for a minute to run certbot every couple months. I'm not a fan of symlinks out of config directories and certainly not across chroot / jail boundaries so I manually copy the certs into the a subdirectory of the dovecot config directory. Here's the segment from my local.conf file. The notes on permission choices are mine and are stronger than many suggest. --- # Preferred permissions: root:wheel 0444 ssl_cert = /fullchain.pem # Preferred permissions: root:wheel 0400 ssl_key = /privkey.pem --- FreeBSD uses a different directory structure than most Linux-based systems, so the path to the dovecot config directory may be different for you. I didn't ever find any documentation of the 'var = Hello, > > Thanks. Is there another way of doing this? I've got a web server > running on 80 and 443. Are there any other options? > > Thanks. > Dave. > From jtam.home at gmail.com Fri Mar 3 22:53:45 2017 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 3 Mar 2017 14:53:45 -0800 (PST) Subject: letsencrypt In-Reply-To: References: Message-ID: > Thanks. Is there another way of doing this? I've got a web server > running on 80 and 443. Are there any other options? I'm getting this list in digest mode, so it's possible by the time this gets to you, I will have repeated someone else' suggestion. In this situation, where your dovecot server lives on the same host as a web server (wembail?), and this web server is already going certificate renewal, then just change the certificate to use SNI extension and add all LS services that live on this host. (This does not count as a cert renewal, but a new cert). (E.g. if you are using a certbot to get a certifiticate for "webmail.mydomain", then add "pop3.mydomain", "imap.mydomain" and "smtp.mydomain" to the certificate.) Your web server will have to virtually host those domains for the purposes of mapping the token pickup folder. Then you can use the same certificate for all TLS services hosted on that server. Joseph Tam From markc at renta.net Sat Mar 4 01:46:12 2017 From: markc at renta.net (Mark Constable) Date: Sat, 4 Mar 2017 11:46:12 +1000 Subject: letsencrypt In-Reply-To: References: Message-ID: <9e7204b6-e10c-0c44-06f3-1c3305f271c0@renta.net> On 04/03/17 04:07, David Mehler wrote: > With the web it was easy just let apache serve the token that > letsencrypt needed and I got certificates. How do I do this with > regards email? I know there have been some answers to this already but FWIW I use dehydrated directly from Github and this script sets it up as well as creates a pem version for mail hosts... https://raw.githubusercontent.com/markc/sh/master/bin/newssl Just change WPATH, VCONF and the nginx server snippet then reload apache instead of nginx. Then put a slightly modified version of this on a monthly cronjob... https://raw.githubusercontent.com/markc/sh/master/bin/allssl From lists+dovecot at nospam.webmeneer.net Sat Mar 4 13:28:01 2017 From: lists+dovecot at nospam.webmeneer.net (bOnK) Date: Sat, 4 Mar 2017 14:28:01 +0100 Subject: mdbox Inconsistency in map index Message-ID: After a (power)crash two accounts have been corrupted. I tried to rescue things by running force-resync multiple times, but that didn't work out. Searching the archives, I found a recent suggestion (by Timo) to delete the index files, but I'm not sure which files to delete and what the consequences will be. When I deleted ``storage/dovecot.map.index'' in an unimportant account of my own, things only grew worse and I decided to delete the account and start fresh... Something I obviously don't want to do with the other account as it belongs to a client with about 2.5G mails (856 m.* files), which we don't want to lose. I have observed the following behavior in the logs: When a new mail arrives: (The second line below is always the same, however there's no mail with uid 12819 according to doveadm search uid 12819) Mar 04 11:43:28 lda(user): Warning: mdbox /var/mail/user/storage: Inconsistency in map index (117,1060 != 117,1883660) Mar 04 11:43:28 lda(user): Error: Log synchronization error at seq=117,offset=1546660 for /var/mail/user/storage/dovecot.map.index: Extension record inc drops number below zero (uid=12819, diff=-1, orig=0) Mar 04 11:43:28 lda(user): Warning: fscking index file /var/mail/user/storage/dovecot.map.index Mar 04 11:43:28 lda(user): Info: msgid=: saved mail to INBOX Mar 04 11:43:28 lda(user): Warning: mdbox /var/mail/user/storage: Inconsistency in map index (117,1060 != 117,1883784) Mar 04 11:43:28 lda(user): Warning: fscking index file /var/mail/user/storage/dovecot.map.index Mar 04 11:43:28 lda(user): Warning: mdbox /var/mail/user/storage: rebuilding indexes Mar 04 11:43:28 lda(user): Warning: fscking index file /var/mail/user/storage/dovecot.map.index Mar 04 11:43:28 imap(user): Error: /var/mail/user/mailboxes/INBOX/dbox-Mails/dovecot.index reset, view is now inconsistent Mar 04 11:43:28 imap(user): Info: IMAP session state is inconsistent, please relogin. in=2011 out=108358 deleted=0 expunged=0 trashed=0 When user logs in next (might be from another box/MUA) Mar 04 11:44:36 imap-login: Info: Login: user=, method=PLAIN, rip=82.95.XX.XX, lip=37.97.XX.XX, mpid=14884, TLS, session= Mar 04 11:44:37 imap(user): Warning: mdbox /var/mail/user/storage: Inconsistency in map index (117,1060 != 117,1884336) Mar 04 11:44:37 imap(user): Warning: fscking index file /var/mail/user/storage/dovecot.map.index Mar 04 11:44:37 imap(user): Warning: mdbox /var/mail/user/storage: rebuilding indexes Mar 04 11:44:37 imap(user): Error: /var/mail/user/mailboxes/INBOX/dbox-Mails/dovecot.index reset, view is now inconsistent Mar 04 11:44:37 imap(user): Info: IMAP session state is inconsistent, please relogin. in=331 out=178391 deleted=0 expunged=0 trashed=0 Mar 04 11:44:37 imap(user): Warning: mdbox /var/mail/user/storage: Inconsistency in map index (117,1060 != 117,1884396) Mar 04 11:44:37 imap(user): Warning: fscking index file /var/mail/user/storage/dovecot.map.index Mar 04 11:44:37 imap(user): Warning: fscking index file /var/mail/user/storage/dovecot.map.index Mar 04 11:44:37 imap-login: Info: Login: user=, method=PLAIN, rip=82.95.XX.XX, lip=37.97.XX.XX, mpid=14886, TLS, session= Besides the nuisance of getting kicked of every time a new mail arrives, user cannot delete mails (as in: move to Trash). TL;DR: which files to delete and what will be the consequences? -- b. From mail at jan-von.de Sat Mar 4 13:39:11 2017 From: mail at jan-von.de (Jan Vonde) Date: Sat, 4 Mar 2017 14:39:11 +0100 Subject: fts_solr and connection via https:// In-Reply-To: <62f756c9-27b7-163c-34ed-6fa7b8de0e7c@jan-von.de> References: <3e405043-9e5b-39a5-6ff1-0c462a7bb8cb@jan-von.de> <836bf373-79be-a2cf-3012-45b238014b1d@rename-it.nl> <4c177121-f649-11e5-7f34-f91ea20ceb79@jan-von.de> <69269fb5-65a9-8cfa-ea06-4e6a3cf0232d@rename-it.nl> <71c06e27-7028-a457-a519-5566b00cd42f@rename-it.nl> <62f756c9-27b7-163c-34ed-6fa7b8de0e7c@jan-von.de> Message-ID: Am 17.02.2017 um 17:27 schrieb Jan Vonde: > Am 17.02.2017 um 11:45 schrieb Stephan Bosch: >> Op 8-2-2017 om 21:07 schreef Jan Vonde: >>> Am 07.02.2017 um 12:29 schrieb Stephan Bosch: >>>> Op 31-1-2017 om 6:33 schreef Jan Vonde: >>>>> Am 31.01.2017 um 00:04 schrieb Stephan Bosch: >>>>>> Op 1/22/2017 om 12:01 PM schreef Stephan Bosch: >>>>>>> Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >>>>>>>> I tried adding the following settings but that didn't help: >>>>>>>> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >>>>>>>> ssl_client_ca_dir = /etc/ssl/certs >>>>>>>> >>>>>>>> Can you give me a hint how I can get the ssl certificate accepted? >>>>>>> That should normally have done the trick. However, the sources >>>>>>> tell me >>>>>>> that no ssl_client settings are propagated to the http_client >>>>>>> used by >>>>>>> fts-solr, so SSL is not currently supported it seems. >>>>>>> >>>>>>> I'll check how easy it is to add that. >>>>>> Just to keep you informed: I created a patch, but it is still being >>>>>> tested. >>>>>> >>>>> Thanks for the update Stephan! Awesome! Looking forward to test it >>>>> myself :-) >>>> https://github.com/dovecot/core/commit/526631052ca3175357302af8fa7dcbf763b40c53 >>>> >>>> >>>> >>> Thank you. I am using now the following version: >>> 2.3.0.alpha0 (2eeea57) [XI:2:2.3.0~alpha0-1~auto+650] >>> >>> The error messages I am getting now are like this: >>> >>> doveadm(user at host): Info: Received invalid SSL certificate: unable to >>> get local issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt >>> Authority X3 >>> doveadm(user at host): Error: fts_solr: Lookup failed: 9002 SSL handshaking >>> with 5.45.106.248:443 failed: read(SSL 5.45.106.248:443) failed: >>> Received invalid SSL certificate: unable to get local issuer >>> certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 >>> >>> >>> You can connect to 5.45.106.248:443 and IMHO everything is correct with >>> the chain. >>> >>> >>> I am no SSL expert, but I am reading it as "doveadm and its ssl part >>> cannot verify the Let's Encrypt certificate". It would need the DST Root >>> CA X3 and this is in the local trust store (ssl_client_ca_dir...) >>> >>> >>> Do you have another hint maybe? >> >> We seem to have found another issue there. More on this will follow. >> > Thanks for the update and have a nice weekend, > I don't want to push, am just interested: any news on this? Thanks, Jan :-) From stephan at rename-it.nl Sat Mar 4 14:32:16 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Sat, 4 Mar 2017 15:32:16 +0100 Subject: fts_solr and connection via https:// In-Reply-To: References: <3e405043-9e5b-39a5-6ff1-0c462a7bb8cb@jan-von.de> <836bf373-79be-a2cf-3012-45b238014b1d@rename-it.nl> <4c177121-f649-11e5-7f34-f91ea20ceb79@jan-von.de> <69269fb5-65a9-8cfa-ea06-4e6a3cf0232d@rename-it.nl> <71c06e27-7028-a457-a519-5566b00cd42f@rename-it.nl> <62f756c9-27b7-163c-34ed-6fa7b8de0e7c@jan-von.de> Message-ID: <6b991292-bd9b-1722-999b-478249d0f820@rename-it.nl> Op 3/4/2017 om 2:39 PM schreef Jan Vonde: > Am 17.02.2017 um 17:27 schrieb Jan Vonde: >> Am 17.02.2017 um 11:45 schrieb Stephan Bosch: >>> Op 8-2-2017 om 21:07 schreef Jan Vonde: >>> We seem to have found another issue there. More on this will follow. >>> >> Thanks for the update and have a nice weekend, >> > I don't want to push, am just interested: any news on this? > > > Thanks, Jan :-) Oh, good point. We added a few fixes, but unfortunately the last of those was too late for 2.2.28: https://git.dovecot.net/dovecot/core/commit/8f251da1b6dfe6dc3d86ae71b377d99afe2d4bd2 So, currently, may not yet work for you. I will be in 2.2.29. You can try the master branch of course if you want to test it early. Regards, Stephan. From mail at jan-von.de Sat Mar 4 15:22:01 2017 From: mail at jan-von.de (Jan Vonde) Date: Sat, 4 Mar 2017 16:22:01 +0100 Subject: fts_solr and connection via https:// In-Reply-To: <6b991292-bd9b-1722-999b-478249d0f820@rename-it.nl> References: <3e405043-9e5b-39a5-6ff1-0c462a7bb8cb@jan-von.de> <836bf373-79be-a2cf-3012-45b238014b1d@rename-it.nl> <4c177121-f649-11e5-7f34-f91ea20ceb79@jan-von.de> <69269fb5-65a9-8cfa-ea06-4e6a3cf0232d@rename-it.nl> <71c06e27-7028-a457-a519-5566b00cd42f@rename-it.nl> <62f756c9-27b7-163c-34ed-6fa7b8de0e7c@jan-von.de> <6b991292-bd9b-1722-999b-478249d0f820@rename-it.nl> Message-ID: <12ff4534-bff8-87e9-2731-cc85a71ba9a5@jan-von.de> Am 04.03.2017 um 15:32 schrieb Stephan Bosch: > Op 3/4/2017 om 2:39 PM schreef Jan Vonde: >> Am 17.02.2017 um 17:27 schrieb Jan Vonde: >>> Am 17.02.2017 um 11:45 schrieb Stephan Bosch: >>>> Op 8-2-2017 om 21:07 schreef Jan Vonde: >>>> We seem to have found another issue there. More on this will follow. >>>> >>> Thanks for the update and have a nice weekend, >>> >> I don't want to push, am just interested: any news on this? >> >> >> Thanks, Jan :-) > > Oh, good point. We added a few fixes, but unfortunately the last of > those was too late for 2.2.28: > > https://git.dovecot.net/dovecot/core/commit/8f251da1b6dfe6dc3d86ae71b377d99afe2d4bd2 > > So, currently, may not yet work for you. I will be in 2.2.29. You can > try the master branch of course if you want to test it early. > > > Regards, > > Stephan. > It's working. Awesome! Thanks a lot! \Jan :-) From azurit at pobox.sk Sun Mar 5 07:36:59 2017 From: azurit at pobox.sk (azurit at pobox.sk) Date: Sun, 05 Mar 2017 08:36:59 +0100 Subject: [enhancement] fts-solr low performance Message-ID: <20170305083659.Horde.BPeDHUiVOpGFU_PLZAKwzvs@webmail.inetadmin.eu> Hi, we have activated fts-solr about a week ago and immediately started to experience really *low* performance with MOVE and EXPUNGE commands. After several days of googling, tcpdumping and straceing i was able to find and resolve the problem. We are using Dovecot 2.2.27 from Debian Jessie (jessie-backports), which is doing a soft commit in solr after every MOVE or EXPUNGE command - this behavior cannot be, currently, changed. The problem is that this was causing every MOVE/EXPUNGE to take about 6 seconds to complete. The problem appears to be in very old version of Solr - 3.6.2 (!!). This is the only version which is shipped with current (Jessie) and also next (Stretch) version of Debian, don't ask my why, i don't understand it either. Solr versions below 4.0 are NOT supporting soft commits, so all commits are hard and this was the problem. Finally, i decided to patch our Dovecot to not send a commit at all and everything started to be super fast. I'm doing hard commits every minute via cron so the only consequence of this is that you cannot search for messages delivered before less then a minute (which you, usually, don't need to do anyway). While googling i also find out that Solr supports autoCommit function (and from version 4.0 also autoSoftCommit), so there's no reason for Dovecot to handle this on it's own (and potentially doing hundreds or thousands of soft commits every second) - you can just set Solr to, for example, do autoSoftCommit every second and autoCommit every minute: https://cwiki.apache.org/confluence/display/solr/UpdateHandlers+in+SolrConfig#UpdateHandlersinSolrConfig-autoCommit Also this wiki page should be updated with warning about old versoins of Solr not supporting soft commits (you could also mention the auto[Soft]Commit function): http://wiki2.dovecot.org/Plugins/FTS/Solr I suggest to allow completely disable Solr commits in Dovecot by configuration, so people like me can handle this easily. What do you think? azur From chris at stankevitz.com Sun Mar 5 00:41:53 2017 From: chris at stankevitz.com (Chris Stankevitz) Date: Sat, 4 Mar 2017 16:41:53 -0800 Subject: Transitioning away from mail_location = maildir:~ Message-ID: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> Hi, I have been using this setup for years: mail_home = /var/mail/vhosts/%d/%n mail_location = maildir:~ I have since learned that mail_home and mail_location should be different. I plan to use this: mail_home = /var/mail/vhosts/%d/%n mail_location = maildir:~/mail I would like the transition to be transparent for my email clients. I don't want mail/directories/sieve_scripts to disappear. 1. Should I manually create the maildir:~/mail directories? 2. Should I move files from /var/mail/vhosts/%d/%n into maildir:~/mail? Which files? (In other words: which files are "home directory" files and which files are "mail files"?) Thank you, Chris Example home directory: drwx------ . drwxr-xr-x .. drwx------ .Archives drwx------ .Archives.2016 drwx------ .Archives.2017 drwx------ .Drafts drwx------ .Junk drwx------ .Notes drwx------ .Sent drwx------ .Sent drwx------ .Trash drwx------ .work drwx------ .home drwx------ .todo lrwx------ .dovecot.sieve -rw------- .dovecot.sieve.log -rw------- .dovecot.sieve.log.0 -rw------- .dovecot.svbin drwx------ cur -rw------- dovecot-keywords -rw------- dovecot-uidlist -rw------- dovecot-uidvalidity -r--r--r-- dovecot-uidvalidity.55411048 -rw------- dovecot.index -rw------- dovecot.index.cache -rw------- dovecot.index.log -rw------- dovecot.mailbox.log drwx------ new drwx------ sieve -rw------- subscriptions drwx------ tmp $ dovecot -n # 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: FreeBSD 10.3-RELEASE-p11 amd64 lmtp_save_to_detail_mailbox = yes mail_gid = 1002 mail_home = /var/mail/vhosts/%d/%n mail_location = maildir:~ mail_privileged_group = vpostfix mail_uid = 1002 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users driver = passwd-file } plugin { recipient_delimiter = - sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap pop3 lmtp sieve recipient_delimiter = - service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = postfix mode = 0600 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = xxx ssl_key = xxx userdb { args = username_format=%u /usr/local/etc/dovecot/users driver = passwd-file } protocol lmtp { mail_plugins = " sieve" postmaster_address = xxx } protocol lda { mail_plugins = " sieve" } From tanstaafl at libertytrek.org Sun Mar 5 16:28:15 2017 From: tanstaafl at libertytrek.org (Charles Marcus) Date: Sun, 05 Mar 2017 11:28:15 -0500 Subject: Transitioning away from mail_location = maildir:~ In-Reply-To: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> References: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> Message-ID: I can't provide specific details as I'm on the road, but I successfully used mmv utility to accomplish something similar - changed mail home from domain/local at domain to just domain/local for about 65 users, took less than a second once I worked out the command (it supports wildcards) . The tricky part was changing the sql backend (was using postfixadmin) after the mmv - I ended up just dumping the sql db, editing the file, then pausing postfix/dovecot, performing the mmv, then restoring the db, and restarted postfix/dovecot, was down for maybe 20 seconds or less... On March 4, 2017 7:41:53 PM EST, Chris Stankevitz wrote: >Hi, > >I have been using this setup for years: > >mail_home = /var/mail/vhosts/%d/%n >mail_location = maildir:~ > >I have since learned that mail_home and mail_location should be >different. I plan to use this: > >mail_home = /var/mail/vhosts/%d/%n >mail_location = maildir:~/mail > >I would like the transition to be transparent for my email clients. I >don't want mail/directories/sieve_scripts to disappear. > >1. Should I manually create the maildir:~/mail directories? > >2. Should I move files from /var/mail/vhosts/%d/%n into maildir:~/mail? > >Which files? (In other words: which files are "home directory" files >and which files are "mail files"?) > >Thank you, > >Chris > >Example home directory: > >drwx------ . >drwxr-xr-x .. >drwx------ .Archives >drwx------ .Archives.2016 >drwx------ .Archives.2017 >drwx------ .Drafts >drwx------ .Junk >drwx------ .Notes >drwx------ .Sent >drwx------ .Sent >drwx------ .Trash >drwx------ .work >drwx------ .home >drwx------ .todo >lrwx------ .dovecot.sieve >-rw------- .dovecot.sieve.log >-rw------- .dovecot.sieve.log.0 >-rw------- .dovecot.svbin >drwx------ cur >-rw------- dovecot-keywords >-rw------- dovecot-uidlist >-rw------- dovecot-uidvalidity >-r--r--r-- dovecot-uidvalidity.55411048 >-rw------- dovecot.index >-rw------- dovecot.index.cache >-rw------- dovecot.index.log >-rw------- dovecot.mailbox.log >drwx------ new >drwx------ sieve >-rw------- subscriptions >drwx------ tmp > >$ dovecot -n ># 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf ># Pigeonhole version 0.4.16 (fed8554) ># OS: FreeBSD 10.3-RELEASE-p11 amd64 >lmtp_save_to_detail_mailbox = yes >mail_gid = 1002 >mail_home = /var/mail/vhosts/%d/%n >mail_location = maildir:~ >mail_privileged_group = vpostfix >mail_uid = 1002 >managesieve_notify_capability = mailto >managesieve_sieve_capability = fileinto reject envelope >encoded-character vacation subaddress comparator-i;ascii-numeric >relational regex imap4flags copy include variables body enotify >environment mailbox date index ihave duplicate mime foreverypart >extracttext >namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = >} >passdb { > args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users > driver = passwd-file >} >plugin { > recipient_delimiter = - > sieve = file:~/sieve;active=~/.dovecot.sieve >} >protocols = imap pop3 lmtp sieve >recipient_delimiter = - >service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > group = postfix > mode = 0600 > user = postfix > } >} >service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0666 > user = postfix > } >} >service managesieve-login { > inet_listener sieve { > port = 4190 > } >} >ssl_cert = xxx >ssl_key = xxx >userdb { > args = username_format=%u /usr/local/etc/dovecot/users > driver = passwd-file >} >protocol lmtp { > mail_plugins = " sieve" > postmaster_address = xxx >} >protocol lda { > mail_plugins = " sieve" >} -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From dovecot at avv.solutions Sun Mar 5 18:13:54 2017 From: dovecot at avv.solutions (dovecot at avv.solutions) Date: Sun, 5 Mar 2017 19:13:54 +0100 Subject: quota-warning: possible to have size also? Message-ID: <53c92005-3ef4-40df-f3bb-4ed5f8deff0c@avv.solutions> Hello Community, My dovecot setup works fine with quotas and quota-warning. I have a questions though: when running the warning script, the example foundis it possible to pass the *quota size *as argument also? This would be useful with per-user quota. e.g. /some/script xx% username *xxxbytes* (order is not relevant of course) Thank you for your help. Cheers From mail at tomsommer.dk Sun Mar 5 19:07:01 2017 From: mail at tomsommer.dk (Tom Sommer) Date: Sun, 05 Mar 2017 20:07:01 +0100 Subject: quota-warning: possible to have size also? In-Reply-To: <53c92005-3ef4-40df-f3bb-4ed5f8deff0c@avv.solutions> References: <53c92005-3ef4-40df-f3bb-4ed5f8deff0c@avv.solutions> Message-ID: On 2017-03-05 19:13, dovecot at avv.solutions wrote: > I have a questions though: when running the warning script, the > example foundis it possible to pass the *quota size *as argument also? > This would be useful with per-user quota. > > e.g. /some/script xx% username *xxxbytes* (order is not relevant of > course) +1 and quota-limit as well. From peter at pajamian.dhs.org Sun Mar 5 21:49:04 2017 From: peter at pajamian.dhs.org (Peter) Date: Mon, 6 Mar 2017 10:49:04 +1300 Subject: Upgrade from 2.0. to 2.2 In-Reply-To: <72114253-bb42-88e3-b74a-0a2e7b632e8f@info-systems.de> References: <72114253-bb42-88e3-b74a-0a2e7b632e8f@info-systems.de> Message-ID: <099fc123-eeb4-5c2f-d328-fe02285a9107@pajamian.dhs.org> On 04/03/17 00:22, Jakob Curdes wrote: > Hello, we have a centos 6 server running dovecot 2.0 provided with the > OS, currently 2.0.9. We would like to upgrade to the 2.2.19 package > provided by the mailserver.guru repo. Why upgrade to such an old version? You can get 2.2.27 (2.2.28 in testing) packages from GhettoForge plus: http://ghettoforge.org/ Peter From ad+lists at uni-x.org Sun Mar 5 21:52:21 2017 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Sun, 5 Mar 2017 22:52:21 +0100 Subject: Upgrade from 2.0. to 2.2 In-Reply-To: <099fc123-eeb4-5c2f-d328-fe02285a9107@pajamian.dhs.org> References: <72114253-bb42-88e3-b74a-0a2e7b632e8f@info-systems.de> <099fc123-eeb4-5c2f-d328-fe02285a9107@pajamian.dhs.org> Message-ID: <9a6a6eb5-5030-2e76-ccb9-f11fe42f5506@uni-x.org> Am 05.03.2017 um 22:49 schrieb Peter: > On 04/03/17 00:22, Jakob Curdes wrote: >> Hello, we have a centos 6 server running dovecot 2.0 provided with the >> OS, currently 2.0.9. We would like to upgrade to the 2.2.19 package >> provided by the mailserver.guru repo. > > Why upgrade to such an old version? You can get 2.2.27 (2.2.28 in > testing) packages from GhettoForge plus: > > http://ghettoforge.org/ +1 > Peter Alexander From skdovecot at smail.inf.fh-brs.de Mon Mar 6 07:45:15 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 6 Mar 2017 08:45:15 +0100 (CET) Subject: welcome plugin In-Reply-To: References: <2BEC3562-6845-4616-8CD4-DDF71708CCE6@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 3 Mar 2017, David Mehler wrote: > Perms are 775 on that folder. > On 3/3/17, @lbutlr wrote: >> On 2017-03-02 (17:51 MST), David Mehler wrote: >>> >>> Feb 28 14:52:06 hostname dovecot: lda(testuser at domain.tld): Error: >>> userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: >>> Permission denied (euid=143(dovecot) egid=143(dovecot) missing +r >>> perm: /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) did you mean 0775 on /var/run/dovecot/auth-userdb or /var/run/dovecot? Both variants do not comply to the error message. Did somebody asked already: Do you run with SELinux, AppArmor or the like enabled? http://wiki2.dovecot.org/WhyDoesItNotWork?highlight=%28selinux%29 - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWL0Ti3z1H7kL/d9rAQLQiAf+Jmi3VBCr6anf2qnGmzHON6OssRWzcpNd CM8CPpKHK4jIHaZnX6v19eOLY253nCVw8es7rY7PpbFM2kU4LBQaMUaWul+umJXc m3/eWVyFAzrLe8B05rnq4xF5lbsR9A5iZhKp8BnLh6EemphO1Vxv4Se5ERStDQy4 /Oyj3tdD2j67WXHX6U0wvhJldYty8Y443wxqEcF31WLmKY3+IiNZDbAyKaDzUI8Y n1/nlNg0c5Irpvh7ANWvz5j7BCy1Ehy58R6Pd8KVwFCQ+M/qsf9fYdWCpjx2cfri 8qJA9LtHHe+k+ubKWfjWkFbtvpP5aFtAxrk6w6mt9dxVK3mviDIq2Q== =aN73 -----END PGP SIGNATURE----- From yacinechaouche at yahoo.com Mon Mar 6 08:06:57 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Mon, 6 Mar 2017 08:06:57 +0000 (UTC) Subject: Transitioning away from mail_location = maildir:~ In-Reply-To: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> References: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> Message-ID: <1518606760.2622382.1488787617979@mail.yahoo.com> Hi Chris, >I have since learned that mail_home and mail_location should be >different. I plan to use this: I'm interested about any sources for this ? I find dovecot to be very flexible, so much that you can actual have the home dir inside the maildir instead of the traditional other way around, which is actually my setup ! In /etc/dovecot/conf.d/auth-sql.conf.ext userdb { driver = static args = uid=vmail gid=vmail home=/var/vmail/%d/%n/dovecot } In /etc/dovecot/conf.d/10-mail.conf mail_location = Maildir:~/../ So in my case, the maildir is /var/vmail/%d/%n/ and the home dir is inside the maildir in a directory I named dovecot (home=/var/vmail/%d/%n/dovecot). This is because I migrated from courier which had the maildir directly in /var/vmail/%d/%n/, but since sieve scripts are also put there they are presented as maildir folders (which they're not of course), and this confused my users. So I used this little trick to hide the sieve scripts inside the dovecot directory and still have them working correctly. -- Yassine. From yacinechaouche at yahoo.com Mon Mar 6 08:13:33 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Mon, 6 Mar 2017 08:13:33 +0000 (UTC) Subject: Transitioning away from mail_location = maildir:~ In-Reply-To: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> References: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> Message-ID: <1633136874.2640915.1488788013262@mail.yahoo.com> It's even listed as a possible setup in dovecot's wiki, see : http://genius.it/wiki.dovecot.org/VirtualUsers/Home (annotated version). -- Yassine. From dave.mehler at gmail.com Mon Mar 6 08:31:35 2017 From: dave.mehler at gmail.com (David Mehler) Date: Mon, 6 Mar 2017 03:31:35 -0500 Subject: dovecot 2.2.x listening on multiple interfaces Message-ID: Hello, I'm wondering if it's possible to get dovecot to listen on multiple interfaces without designating * for everything? I've got a machine with three interfaces going to three different networks. I'm not wanting to let dovecot listen on all interfaces * just two of them, standard ports. Is this doable? Thanks. Dave. From jc at info-systems.de Mon Mar 6 08:37:57 2017 From: jc at info-systems.de (Jakob Curdes) Date: Mon, 6 Mar 2017 09:37:57 +0100 Subject: Upgrade from 2.0. to 2.2 In-Reply-To: <9a6a6eb5-5030-2e76-ccb9-f11fe42f5506@uni-x.org> References: <72114253-bb42-88e3-b74a-0a2e7b632e8f@info-systems.de> <099fc123-eeb4-5c2f-d328-fe02285a9107@pajamian.dhs.org> <9a6a6eb5-5030-2e76-ccb9-f11fe42f5506@uni-x.org> Message-ID: Ah, still better. I just want to upgrade to a package that is available from maintained repos, so that is good news for me. Thx, Jakob Am 05.03.2017 um 22:52 schrieb Alexander Dalloz: > Am 05.03.2017 um 22:49 schrieb Peter: >> On 04/03/17 00:22, Jakob Curdes wrote: >>> Hello, we have a centos 6 server running dovecot 2.0 provided with the >>> OS, currently 2.0.9. We would like to upgrade to the 2.2.19 package >>> provided by the mailserver.guru repo. >> >> Why upgrade to such an old version? You can get 2.2.27 (2.2.28 in >> testing) packages from GhettoForge plus: >> >> http://ghettoforge.org/ > > +1 > >> Peter > > Alexander -- Untitled Document Jakob Curdes *Anschrift:* iS information systems oHG Postfach 3011 26020 Oldenburg Tel.: (0)441 - 84 53 1 Fax: (0)441 - 88 59 378 *Sitz:* Donnerschweer Str. 89-91 D 26123 Oldenburg Web: www.info-systems.de Firmierung und Handelsregisterangaben finden Sie unter diesem Link: Firmendaten. -------------- next part -------------- A non-text attachment was scrubbed... Name: is-logo_150.jpg Type: image/jpeg Size: 13333 bytes Desc: not available URL: From jc at info-systems.de Mon Mar 6 08:40:48 2017 From: jc at info-systems.de (Jakob Curdes) Date: Mon, 6 Mar 2017 09:40:48 +0100 Subject: Upgrade from 2.0. to 2.2 In-Reply-To: <254bd943-17d2-6868-454b-5fa027b75ef7@dovecot.fi> References: <72114253-bb42-88e3-b74a-0a2e7b632e8f@info-systems.de> <254bd943-17d2-6868-454b-5fa027b75ef7@dovecot.fi> Message-ID: Am 03.03.2017 um 12:45 schrieb Aki Tuomi: > > > On 2017-03-03 13:22, Jakob Curdes wrote: >> Hello, we have a centos 6 server running dovecot 2.0 provided with >> the OS, currently 2.0.9. We would like to upgrade to the 2.2.19 >> package provided by the mailserver.guru repo. I read the upgrading >> docs for 2.1 and 2.2 and found the following issues: (...) >> Are there other things that we need to observe? Is a direct update >> from 2.0.9 to 2.2.19 feasible with the above precautions or do we >> need to put in a 2.1 version in between? >> >> Thank you for hints, >> Jakob > > I would also consider possibility of upgrading the server too, so you > would instead setup a new environment and migrate your users there > instead of upgrading the old server. This way you could make sure > everything works. > Well, then I have a different problem because in this way I upgrade the complete environment to eg. CentOS 7 and will need to test a plethora of other things. I'd rather stick to the current system (which ist not "old", just the dovecot package in CentOS 6 is "old"). Ok so no other problems known? Regards, Jakob From jc at info-systems.de Mon Mar 6 08:43:01 2017 From: jc at info-systems.de (Jakob Curdes) Date: Mon, 6 Mar 2017 09:43:01 +0100 Subject: Upgrade from 2.0. to 2.2 In-Reply-To: <9a6a6eb5-5030-2e76-ccb9-f11fe42f5506@uni-x.org> References: <72114253-bb42-88e3-b74a-0a2e7b632e8f@info-systems.de> <099fc123-eeb4-5c2f-d328-fe02285a9107@pajamian.dhs.org> <9a6a6eb5-5030-2e76-ccb9-f11fe42f5506@uni-x.org> Message-ID: Ah, still better. I just want to upgrade to a package that is available from maintained repos, so that is good news for me. Thx, Jakob (The last message was crippled somewhere - in my sent folder it looks ok but on the list only our logo appeared...) Am 05.03.2017 um 22:52 schrieb Alexander Dalloz: > Am 05.03.2017 um 22:49 schrieb Peter: >> On 04/03/17 00:22, Jakob Curdes wrote: >>> Hello, we have a centos 6 server running dovecot 2.0 provided with the >>> OS, currently 2.0.9. We would like to upgrade to the 2.2.19 package >>> provided by the mailserver.guru repo. >> >> Why upgrade to such an old version? You can get 2.2.27 (2.2.28 in >> testing) packages from GhettoForge plus: >> >> http://ghettoforge.org/ > > +1 > >> Peter > > Alexander From jost+lists at dimejo.at Mon Mar 6 09:02:37 2017 From: jost+lists at dimejo.at (Alex JOST) Date: Mon, 6 Mar 2017 10:02:37 +0100 Subject: Transitioning away from mail_location = maildir:~ In-Reply-To: <1518606760.2622382.1488787617979@mail.yahoo.com> References: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> <1518606760.2622382.1488787617979@mail.yahoo.com> Message-ID: <003e232e-4fd6-d31e-789c-df51367c6d23@dimejo.at> Am 06.03.2017 um 09:06 schrieb chaouche yacine: > Hi Chris, > >> I have since learned that mail_home and mail_location should be > >> different. I plan to use this: > > I'm interested about any sources for this ? http://wiki.dovecot.org/VirtualUsers/Home "Home directory shouldn't be the same as mail directory with mbox or Maildir formats (but with dbox/obox it's fine). It's possible to do that, but you might run into trouble with it sooner or later." -- Alex JOST From jost+lists at dimejo.at Mon Mar 6 09:19:03 2017 From: jost+lists at dimejo.at (Alex JOST) Date: Mon, 6 Mar 2017 10:19:03 +0100 Subject: dovecot 2.2.x listening on multiple interfaces In-Reply-To: References: Message-ID: Am 06.03.2017 um 09:31 schrieb David Mehler: > Hello, > > I'm wondering if it's possible to get dovecot to listen on multiple > interfaces without designating * for everything? > > I've got a machine with three interfaces going to three different > networks. I'm not wanting to let dovecot listen on all interfaces * > just two of them, standard ports. Is this doable? You could either set some IPs via the listen parameter (see [1]) for all services or specify different IPs for each service (see [2]). [1]: http://www.dovecot.org/doc/dovecot-example.conf [2]: http://wiki.dovecot.org/Services#inet_listeners -- Alex JOST From yacinechaouche at yahoo.com Mon Mar 6 09:39:21 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Mon, 6 Mar 2017 09:39:21 +0000 (UTC) Subject: quota-warning: possible to have size also? In-Reply-To: <53c92005-3ef4-40df-f3bb-4ed5f8deff0c@avv.solutions> References: <53c92005-3ef4-40df-f3bb-4ed5f8deff0c@avv.solutions> Message-ID: <1139215095.2700267.1488793161100@mail.yahoo.com> Hi, I'am using a Maildir++ based quota setting which creates a maildirsize file in every Maildir. The first two lines of this file are the maximum quota in bytes then the actual consumption in bytes and number of messages, like so : 1073741824S 379317999 5169 This means this user has a quota of 1Gb and he is using ~ 379 Mb (you have to divide by 1024 to be more precise) Since the script receieves the user as second argument, you can deduce it's current quota size and restriction by reading the maildirsize file (if you have it). I think you can do the same if your quota is in the database (querying). This a piece of script I wrote once that shows the value of quota used and quota max (both in megas and perecent) that might help you if you know your way through bash scripting : root at messagerie[10.10.10.19] ~/SCRIPTS/MAIL # cat showquota.single mega=$((1024*1024)) inbox="${1%@*}" maildir="/var/vmail/domain.tld/$inbox" backup="/var/vmail/backup.domain.tld/$inbox" [ ! -e $maildir ] && echo "Boite email inexistante. Veuillez v?rifier encore une fois l'orthogrape de $inbox at domain.tld" && exit 1 function get_quota { mailfolder="$1" maildirsize="$mailfolder/maildirsize" fields=$(echo $(head -2 $maildirsize)) max="${fields%%S*}" cur="$(echo $fields | cut -f2 -d ' ')" ratio=$(echo "scale=2; $cur * 100 / $max" | bc) cur=$(echo "scale=2; $cur / $mega" | bc) max=$(echo "scale=2; $max / $mega" | bc) echo "$cur Mo / $max Mo ( $ratio% )" } echo Quota sur la boite aux lettres "$inbox" get_quota "$maildir" echo Quota sur les archives get_quota "$backup" echo "-------------------------------------------------------------------------" root at messagerie[10.10.10.19] ~/SCRIPTS/MAIL # --Yassine. From yacinechaouche at yahoo.com Mon Mar 6 09:48:02 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Mon, 6 Mar 2017 09:48:02 +0000 (UTC) Subject: Transitioning away from mail_location = maildir:~ In-Reply-To: <003e232e-4fd6-d31e-789c-df51367c6d23@dimejo.at> References: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> <1518606760.2622382.1488787617979@mail.yahoo.com> <003e232e-4fd6-d31e-789c-df51367c6d23@dimejo.at> Message-ID: <762532067.2625269.1488793682331@mail.yahoo.com> Thanks Alex. I myself ran into these problems as described above and having distinct Maildir and Homedir helped it. The main reason being dovecot not making any distinction between a folder and maildir folder, which seems to have a very simple solution though. -- Yassine. From jost+lists at dimejo.at Mon Mar 6 10:24:55 2017 From: jost+lists at dimejo.at (Alex JOST) Date: Mon, 6 Mar 2017 11:24:55 +0100 Subject: quota-warning: possible to have size also? In-Reply-To: <1139215095.2700267.1488793161100@mail.yahoo.com> References: <53c92005-3ef4-40df-f3bb-4ed5f8deff0c@avv.solutions> <1139215095.2700267.1488793161100@mail.yahoo.com> Message-ID: Am 06.03.2017 um 10:39 schrieb chaouche yacine: > Hi, > > I'am using a Maildir++ based quota setting which creates a maildirsize file in every Maildir. The first two lines of this file are the maximum quota in bytes then the actual consumption in bytes and number of messages, like so : > > > 1073741824S > 379317999 5169 > > > > This means this user has a quota of 1Gb and he is using ~ 379 Mb (you have to divide by 1024 to be more precise) > > Since the script receieves the user as second argument, you can deduce it's current quota size and restriction by reading the maildirsize file (if you have it). I think you can do the same if your quota is in the database (querying). > > > This a piece of script I wrote once that shows the value of quota used and quota max (both in megas and perecent) that might help you if you know your way through bash scripting : I might be missing something but what's the advantage over doveadm? doveadm quota get -A -- Alex JOST From kremels at kreme.com Mon Mar 6 10:45:46 2017 From: kremels at kreme.com (@lbutlr) Date: Mon, 6 Mar 2017 03:45:46 -0700 Subject: Do I need to configure director? In-Reply-To: <044a1bf6-9979-83ac-b33f-c5d4e07fce83@um.es> References: <044a1bf6-9979-83ac-b33f-c5d4e07fce83@um.es> Message-ID: <36D1E84C-0223-41BE-A523-95ABEBF918B8@kreme.com> On 03 Mar 2017, at 05:42, Angel L. Mateo wrote: > Is there any advantage of running director in this scenario? I haven't used director, but based on what it does it seems it would be of no benefit when the LDAP record has the information that director would otherwise provide. Are your logs detailed enough to show what (if anything) director is doing with your current setup? -- Apple broke AppleScripting signatures in Mail.app, so no random signatures. From yacinechaouche at yahoo.com Mon Mar 6 11:50:17 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Mon, 6 Mar 2017 11:50:17 +0000 (UTC) Subject: quota-warning: possible to have size also? In-Reply-To: References: <53c92005-3ef4-40df-f3bb-4ed5f8deff0c@avv.solutions> <1139215095.2700267.1488793161100@mail.yahoo.com> Message-ID: <577782311.2711086.1488801017201@mail.yahoo.com> Good point Alex, there's no real advantage that script was there from courier's time and I still use it but doveadm quota command does the trick just as well. Actual quota : root at messagerie[10.10.10.19] ~ # doveadm quota get -u sec-drh at domain.tld 2>/dev/null | sed -n 1p | awk '{print $4}' 559728 root at messagerie[10.10.10.19] ~ # Max quota : root at messagerie[10.10.10.19] ~ # doveadm quota get -u sec-drh at domain.tld 2>/dev/null | sed -n 1p | awk '{print $5}' 1048576 root at messagerie[10.10.10.19] ~ # -- Yassine. From skdovecot at smail.inf.fh-brs.de Mon Mar 6 12:46:53 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 6 Mar 2017 13:46:53 +0100 (CET) Subject: Transitioning away from mail_location = maildir:~ In-Reply-To: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> References: <0bca9c89-2084-a466-12fe-7a06cbc9f66a@stankevitz.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 4 Mar 2017, Chris Stankevitz wrote: > mail_home = /var/mail/vhosts/%d/%n > mail_location = maildir:~/mail the default for maildir-type would be ~/Maildir :-) that enables auto-detection as well. > 1. Should I manually create the maildir:~/mail directories? > > 2. Should I move files from /var/mail/vhosts/%d/%n into maildir:~/mail? Which > files? (In other words: which files are "home directory" files and which > files are "mail files"?) > drwx------ . > drwxr-xr-x .. > drwx------ .Archives any dir with dot at the beginning except . and .. > drwx------ cur > drwx------ new > drwx------ tmp these dirs hold the messages of the INBOX > -rw------- dovecot-keywords > -rw------- dovecot-uidlist > -rw------- dovecot-uidvalidity > -r--r--r-- dovecot-uidvalidity.55411048 > -rw------- dovecot.index > -rw------- dovecot.index.cache > -rw------- dovecot.index.log > -rw------- dovecot.mailbox.log > -rw------- subscriptions make it: dovecot.index* dovecot-uid* You do not seem to use mailbox sharing or ACLs, those features would add some other entries. === These not! They belong to Sieve in home: > lrwx------ .dovecot.sieve > -rw------- .dovecot.sieve.log > -rw------- .dovecot.sieve.log.0 > -rw------- .dovecot.svbin > drwx------ sieve Keep any directory without leading dot (except cur, new,& tmp) in home as well. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWL1aPXz1H7kL/d9rAQJO1Qf+LlWcW0yMVAYHurp4+LglYXmZiUiOpJl0 d/7K4pw0yiF0KMrvQaxxugkVJCvQoErWvCiNu9mld1dkg+zzNNBlunRVi/UiJweb /Mp7tdmF7LQeDCdPnetqX9ASI2wr7TBtorOY/VWu+Haq98ZyLLbuhE/zz3CmF1gZ 80hdiOmsnzbakViIk37L0J9+gBZqbcHYQ2voey3UUw7cgd0yECGYCFJFuWK1X95a qB8/nyMUiWAIySZT1jQirMpg21DFYY3qOqsD6VTXkMz0B5ZE4mxq2L7gTQ0Gs73u m1v95QmLAKl8Y5cH7vuZivLt4ElIAAsTlL5Y7SHMkA7jIGjlhMUV3g== =Hgrg -----END PGP SIGNATURE----- From mail at tomsommer.dk Mon Mar 6 14:17:33 2017 From: mail at tomsommer.dk (Tom Sommer) Date: Mon, 06 Mar 2017 15:17:33 +0100 Subject: v2.2.28 released In-Reply-To: References: Message-ID: <400c2a31ca1fda77005d1d61744841d8@tomsommer.dk> On 2017-02-24 14:34, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz.sig Are there any plans to do a bugfix-release, that includes the few issues seen in the mailing-list, or do you consider 2.2.28 safe to upgrade to? Thanks --- Tom From tss at iki.fi Mon Mar 6 22:30:40 2017 From: tss at iki.fi (Timo Sirainen) Date: Mon, 6 Mar 2017 17:30:40 -0500 Subject: v2.2.28 released In-Reply-To: <400c2a31ca1fda77005d1d61744841d8@tomsommer.dk> References: <400c2a31ca1fda77005d1d61744841d8@tomsommer.dk> Message-ID: <4DA4482F-4C85-4F06-A12A-8163E455B2A9@iki.fi> On 6 Mar 2017, at 9.17, Tom Sommer wrote: > > > On 2017-02-24 14:34, Timo Sirainen wrote: >> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz >> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz.sig > > Are there any plans to do a bugfix-release, that includes the few issues seen in the mailing-list, or do you consider 2.2.28 safe to upgrade to? I don't see anything critical. A couple of bugs that might or might not affect you. We'll have 2.2.29 soon enough, so no plans for other releases before that. From saikiran.gummaraj at gmail.com Tue Mar 7 08:38:49 2017 From: saikiran.gummaraj at gmail.com (Sai Kiran Gummaraj) Date: Tue, 7 Mar 2017 14:08:49 +0530 Subject: SiS hashes file ? Message-ID: Hello, In mdbox SiS POSIX mail box setting - There are hard-links under - /ha/sh/- /ha/sh/- Why is a copy of the file kept under hashes/ ? -- Regards, Sai Kiran From bra at fsn.hu Tue Mar 7 08:52:09 2017 From: bra at fsn.hu (Nagy, Attila) Date: Tue, 7 Mar 2017 09:52:09 +0100 Subject: v2.2.28 released In-Reply-To: <4DA4482F-4C85-4F06-A12A-8163E455B2A9@iki.fi> References: <400c2a31ca1fda77005d1d61744841d8@tomsommer.dk> <4DA4482F-4C85-4F06-A12A-8163E455B2A9@iki.fi> Message-ID: On 03/06/2017 11:30 PM, Timo Sirainen wrote: > On 6 Mar 2017, at 9.17, Tom Sommer wrote: >> >> On 2017-02-24 14:34, Timo Sirainen wrote: >>> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz >>> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz.sig >> Are there any plans to do a bugfix-release, that includes the few issues seen in the mailing-list, or do you consider 2.2.28 safe to upgrade to? > I don't see anything critical. A couple of bugs that might or might not affect you. We'll have 2.2.29 soon enough, so no plans for other releases before that. Truncating passwords with dict protocol* seems quite critical to me. :-O Or is it just me, who's affected by that? *: http://dovecot.org/list/dovecot/2017-February/107265.html From aki.tuomi at dovecot.fi Tue Mar 7 09:08:54 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 7 Mar 2017 11:08:54 +0200 Subject: v2.2.28 released In-Reply-To: References: <400c2a31ca1fda77005d1d61744841d8@tomsommer.dk> <4DA4482F-4C85-4F06-A12A-8163E455B2A9@iki.fi> Message-ID: On 07.03.2017 10:52, Nagy, Attila wrote: > On 03/06/2017 11:30 PM, Timo Sirainen wrote: >> On 6 Mar 2017, at 9.17, Tom Sommer wrote: >>> >>> On 2017-02-24 14:34, Timo Sirainen wrote: >>>> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz >>>> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz.sig >>> Are there any plans to do a bugfix-release, that includes the few >>> issues seen in the mailing-list, or do you consider 2.2.28 safe to >>> upgrade to? >> I don't see anything critical. A couple of bugs that might or might >> not affect you. We'll have 2.2.29 soon enough, so no plans for other >> releases before that. > Truncating passwords with dict protocol* seems quite critical to me. :-O > Or is it just me, who's affected by that? > > *: http://dovecot.org/list/dovecot/2017-February/107265.html Hi! The password is not actually truncated, it's actually subjected to var_expand, which is silly. We are working on a patch for this and let y'all know when it's ready. The only truncation happens with % as last character. Aki From rgiles at arlut.utexas.edu Tue Mar 7 17:22:45 2017 From: rgiles at arlut.utexas.edu (Robert Giles) Date: Tue, 7 Mar 2017 11:22:45 -0600 Subject: iOS Mail app and rapid authenticate / disconnect on Dovecot proxy Message-ID: Hi folks, I have a handful of iOS 10.2.1 Mail app IMAP clients that intermittently break into this unexplained authenticate-then-immediately-disconnect behavior when connecting to a RHEL7 Dovecot (dovecot-2.2.10-7.el7) proxy, providing proxied connections to a backend Panda/UW-IMAP server. From talking to the users, the activity would appear to be spontaneous (ie: not caused by user interaction with the device). The behavior doesn't seem to have any observable implications for the end user, other than momentarily hitting the Dovecot process_limit (which, if not raised to a rather large number, disrupts new IMAP proxy connections momentarily). I reckon this is not an issue with Dovecot, but I'm curious to know if other folks have observed this behavior when dealing with iOS Mail app clients? The log entries look like this: iOS 10 device = 172.16.0.1 RHEL7 Dovecot proxy host = 192.168.0.1 ("proxyhost") Panda/UW-IMAP target = panda.imap.tld Mar 6 12:11:00 proxyhost dovecot: imap-login: proxy(jdoe): started proxying to panda.imap.tld:993: user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:00 proxyhost dovecot: imap-login: proxy(jdoe): disconnecting 172.16.0.1 (Disconnected by client): user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS: Disconnected, session= Mar 6 12:11:01 proxyhost dovecot: imap-login: proxy(jdoe): started proxying to panda.imap.tld:993: user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:01 proxyhost dovecot: imap-login: proxy(jdoe): disconnecting 172.16.0.1 (Disconnected by server): user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:01 proxyhost dovecot: imap-login: proxy(jdoe): started proxying to panda.imap.tld:993: user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:01 proxyhost dovecot: imap-login: proxy(jdoe): disconnecting 172.16.0.1 (Disconnected by server): user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:02 proxyhost dovecot: imap-login: proxy(jdoe): started proxying to panda.imap.tld:993: user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:02 proxyhost dovecot: imap-login: proxy(jdoe): disconnecting 172.16.0.1 (Disconnected by server): user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:02 proxyhost dovecot: imap-login: proxy(jdoe): started proxying to panda.imap.tld:993: user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:02 proxyhost dovecot: imap-login: proxy(jdoe): disconnecting 172.16.0.1 (Disconnected by server): user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:03 proxyhost dovecot: imap-login: proxy(jdoe): started proxying to panda.imap.tld:993: user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:03 proxyhost dovecot: imap-login: proxy(jdoe): disconnecting 172.16.0.1 (Disconnected by server): user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:03 proxyhost dovecot: imap-login: proxy(jdoe): started proxying to panda.imap.tld:993: user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= Mar 6 12:11:04 proxyhost dovecot: imap-login: proxy(jdoe): disconnecting 172.16.0.1 (Disconnected by server): user=, method=PLAIN, rip=172.16.0.1, lip=192.168.0.1, TLS, session= ...and on and on, usually until the 'service imap-login' process_limit is reached. You could naturally apply some iptables rate-limiting to avoid hitting process_limit, but it'd be nice to have the iOS client simply behave properly instead. dovecot -n: --- # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-514.6.2.el7.x86_64 x86_64 Red Hat Enterprise Linux Server release 7.3 (Maipo) auth_mechanisms = plain login auth_verbose = yes first_valid_uid = 1000 imap_capability = +I18NLEVEL=1 mbox_write_locks = fcntl passdb { args = nopassword=y default_fields = proxy=y ssl=any-cert host=panda.imap.tld driver = static } protocols = imap pop3 service imap-login { process_limit = 400-ish at the moment process_min_avail = 2 } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } ssl = required ssl_ca = From lists at tigertech.com Tue Mar 7 19:41:59 2017 From: lists at tigertech.com (Robert L Mathews) Date: Tue, 7 Mar 2017 11:41:59 -0800 Subject: v2.2.28 released In-Reply-To: <4DA4482F-4C85-4F06-A12A-8163E455B2A9@iki.fi> References: <400c2a31ca1fda77005d1d61744841d8@tomsommer.dk> <4DA4482F-4C85-4F06-A12A-8163E455B2A9@iki.fi> Message-ID: On 3/6/17 2:30 PM, Timo Sirainen wrote: > I don't see anything critical. A couple of bugs that might or might > not affect you. We'll have 2.2.29 soon enough, so no plans for other > releases before that. As a comment: When trying to choose which version of Dovecot to use in production, I've found it difficult that minor point releases add new features and make other changes, as well as purely fixing bugs. It's a challenge to find a Dovecot version that fixes known issues without introducing other (possibly problematic) changes. As a result, I end up using what seems to be a mostly stable version, plus "extra patches I grabbed from reading the mailing list". I'm grateful for all the effort put into the code, but for me, at least, it would be easier to work with if new features and changes were only in new versions like 2.3, with 2.2.x only fixing bugs. (And when 2.3 is stable, new features would be in 2.4, with 2.3.x just fixing bugs, and so on.) This is the model used in Postfix development, for example, and I find it easier to work with in terms of finding a known stable version. But again, this could be just me, and I apologize if this has already been suggested and found inappropriate. As I said, I definitely appreciate that the code is constantly being improved. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/ From gedalya at gedalya.net Tue Mar 7 20:04:09 2017 From: gedalya at gedalya.net (Gedalya) Date: Tue, 7 Mar 2017 15:04:09 -0500 Subject: v2.2.28 released In-Reply-To: References: <400c2a31ca1fda77005d1d61744841d8@tomsommer.dk> <4DA4482F-4C85-4F06-A12A-8163E455B2A9@iki.fi> Message-ID: <98f338b4-c26e-214d-5de1-aff66c5cf9ed@gedalya.net> On 03/07/2017 02:41 PM, Robert L Mathews wrote: > As a result, I > end up using what seems to be a mostly stable version, plus "extra > patches I grabbed from reading the mailing list". Pretty sure that's what the dovecot enterprise repo is. From adi at ddns.com.au Wed Mar 8 01:32:58 2017 From: adi at ddns.com.au (Adi Pircalabu) Date: Wed, 08 Mar 2017 12:32:58 +1100 Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits Message-ID: Hi, Trying to keep abusive/buggy IMAP clients at bay on a number of Dovecot proxy servers, I've reconfigured them to use "mail_max_userip_connections = 50" in the "protocol imap" section, followed by restarting Dovecot. Yet, I'm still seeing 160+ established connections from a single IP address for the same email account. Am I missing anything? # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 2.6.32-642.4.2.el6.x86_64 x86_64 CentOS release 6.8 (Final) auth_cache_negative_ttl = 5 mins auth_cache_size = 16 M auth_cache_ttl = 18 hours default_client_limit = 6120 default_process_limit = 500 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = imap pop3 lmtp sieve service auth { client_limit = 6120 } service imap-login { process_limit = 2048 process_min_avail = 20 service_count = 0 vsz_limit = 256 M } service imap { process_limit = 2048 } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 0 vsz_limit = 128 M } service managesieve { process_limit = 1024 } service pop3 { process_limit = 1024 } [...] protocol imap { imap_capability = IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE mail_max_userip_connections = 50 } -- Adi Pircalabu From yacinechaouche at yahoo.com Wed Mar 8 14:34:11 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Wed, 8 Mar 2017 14:34:11 +0000 (UTC) Subject: Maildirsize not updated In-Reply-To: <1727387869.3027241.1486905843950@mail.yahoo.com> References: <824227861.1251135.1486644520643.ref@mail.yahoo.com> <824227861.1251135.1486644520643@mail.yahoo.com> <21b1ac9e-43fb-32e7-5ca8-e6267491eb38@dovecot.fi> <758119982.1220532.1486646410142@mail.yahoo.com> <589CBACD.2000908@carpenter.org> <2020836776.3079273.1486905536280@mail.yahoo.com> <1727387869.3027241.1486905843950@mail.yahoo.com> Message-ID: <856794750.1253913.1488983651978@mail.yahoo.com> Just a follow-up with another interesting situation : here's a maildirsize file that records 0 bytes out of 0 messages, yet it has many lines (which are supposed to be mail file sizes, 1 for received mail and -1 for deleted mail) : root at messagerie[10.10.10.19] /var/vmail/backup.algerian-radio.dz/sec-drh # head maildirsize 5368709120S 0 0 5664 1 3713 1 6431 1 4012 1 5801 1 5277612 1 2667474 1 5520 1 root at messagerie[10.10.10.19] /var/vmail/backup.algerian-radio.dz/sec-drh # And here's the output of du showing that the maildir is far from empty : root at messagerie[10.10.10.19] /var/vmail/backup.algerian-radio.dz/sec-drh # du -h --max-depth=1 | sort -h 4.0K ./dovecot 4.0K ./tmp 8.0K ./courierimaphieracl 24K ./.Archive 2.9M ./new 471M ./cur 517M ./.Sent 991M . root at messagerie[10.10.10.19] /var/vmail/backup.algerian-radio.dz/sec-drh # -- Yassine. From adi at ddns.com.au Thu Mar 9 03:05:39 2017 From: adi at ddns.com.au (Adi Pircalabu) Date: Thu, 9 Mar 2017 14:05:39 +1100 Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits In-Reply-To: References: Message-ID: <73d453f9-842a-2bd0-7908-041871b05481@ddns.com.au> Quick follow-up: updated the proxies to 2.2.28, but I still couldn't find a way to limit the inbound IMAP connections per IP & username. I know "mail_max_userip_connections" limit works for the mail stores, but it doesn't seem to have any effect on the proxies. I'm using a mix of Dovecot & Courier-IMAP servers as backends. Basically I need to find a way to enforce the maximum limit for the username<>remoteip so that, if I have: ESTCONNS=`doveadm -f flow proxy list | grep "username=usern at domain.com.proto=imap" | wc -l` $ESTCONNS is lower or equal than the configured limit. The proxies are configured as per https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy to forward the password to the remote server using MySQL. In dovecot-sql.conf.ext I have: password_query = SELECT NULL AS password, 'Y' as nopassword, host, email as email, 'any-cert' as 'starttls', 'Y' AS proxy FROM mailbox WHERE email = '%u' AND disabled_smtpauth=0 At the moment the only way I can limit the number of established connections per source IP address on the Dovecot proxies is using iptables, which isn't what I want. Where else can I look? Adi Pircalabu, System Administrator DDNS, a Total Internet Company 159 Barkly Avenue, Burnley, Vic 3121, T +61 3 9815 6868 On 08/03/17 12:32, Adi Pircalabu wrote: > Hi, > > Trying to keep abusive/buggy IMAP clients at bay on a number of Dovecot > proxy servers, I've reconfigured them to use > "mail_max_userip_connections = 50" in the "protocol imap" section, > followed by restarting Dovecot. Yet, I'm still seeing 160+ established > connections from a single IP address for the same email account. Am I > missing anything? > > # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.16 (fed8554) > # OS: Linux 2.6.32-642.4.2.el6.x86_64 x86_64 CentOS release 6.8 (Final) > auth_cache_negative_ttl = 5 mins > auth_cache_size = 16 M > auth_cache_ttl = 18 hours > default_client_limit = 6120 > default_process_limit = 500 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext imapflags notify > mbox_write_locks = fcntl > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > sieve = file:~/sieve;active=~/.dovecot.sieve > sieve_extensions = +notify +imapflags > } > protocols = imap pop3 lmtp sieve > service auth { > client_limit = 6120 > } > service imap-login { > process_limit = 2048 > process_min_avail = 20 > service_count = 0 > vsz_limit = 256 M > } > service imap { > process_limit = 2048 > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > service_count = 0 > vsz_limit = 128 M > } > service managesieve { > process_limit = 1024 > } > service pop3 { > process_limit = 1024 > } > [...] > protocol imap { > imap_capability = IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > mail_max_userip_connections = 50 > } > > From aki.tuomi at dovecot.fi Fri Mar 10 09:03:55 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 10 Mar 2017 11:03:55 +0200 Subject: v2.2.28 released In-Reply-To: References: <400c2a31ca1fda77005d1d61744841d8@tomsommer.dk> <4DA4482F-4C85-4F06-A12A-8163E455B2A9@iki.fi> Message-ID: On 07.03.2017 11:08, Aki Tuomi wrote: > > On 07.03.2017 10:52, Nagy, Attila wrote: >> On 03/06/2017 11:30 PM, Timo Sirainen wrote: >>> On 6 Mar 2017, at 9.17, Tom Sommer wrote: >>>> On 2017-02-24 14:34, Timo Sirainen wrote: >>>>> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz >>>>> http://dovecot.org/releases/2.2/dovecot-2.2.28.tar.gz.sig >>>> Are there any plans to do a bugfix-release, that includes the few >>>> issues seen in the mailing-list, or do you consider 2.2.28 safe to >>>> upgrade to? >>> I don't see anything critical. A couple of bugs that might or might >>> not affect you. We'll have 2.2.29 soon enough, so no plans for other >>> releases before that. >> Truncating passwords with dict protocol* seems quite critical to me. :-O >> Or is it just me, who's affected by that? >> >> *: http://dovecot.org/list/dovecot/2017-February/107265.html > Hi! > > The password is not actually truncated, it's actually subjected to > var_expand, which is silly. We are working on a patch for this and let > y'all know when it's ready. The only truncation happens with % as last > character. > > Aki Also, this only happens if you configure the lookup key to be password, that is: key passdb { key = %w format = json } So, passwords are not truncated in general, only in this particular use case. Aki From mkawada at redhat.com Fri Mar 10 09:26:52 2017 From: mkawada at redhat.com (Masaharu Kawada) Date: Fri, 10 Mar 2017 18:26:52 +0900 Subject: strange behaviour of dovecot Message-ID: Dear dovecot-list, Dovecot gives the below error messages and those errors go away after running 'systemctl restart dovecot'(Restarting dovecot service)', however, the same happens after a while later(like after 300 mails delivered). --- master : Error : service(anvil) : Initial Status notification no received in 30 seconds, killing the process master : Error : service(log) : Initial Status notification no received in 30 seconds, killing the process master : Error : service(ssl-params) : Initial Status notification no received in 30 seconds, killing the process master : Error : service(log) : child 3703 killed with signal 9 --- then the log process is not there so that no mail log gets captured in maillog: --- root 28036 0.0 0.0 19864 1604 ? Ss 11:45 0:00 /usr/sbin/dovecot -F dovecot 28074 0.0 0.0 9312 1000 ? S 11:46 0:00 dovecot/anvil root 28075 0.0 0.0 12324 2084 ? S 11:46 0:00 dovecot/config --- Does this have something to do with any limitation in dovecot configuration? If anyone in the list ever has similar or same experience, please give me a clue that shows where to look at from here. Thanks, -- Masaharu Kawada From aki.tuomi at dovecot.fi Fri Mar 10 10:32:18 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 10 Mar 2017 12:32:18 +0200 Subject: [Bug] Mailbox aliases still broken In-Reply-To: <20160920115123.Horde.LfhSAhePKsc3CneJ_KxpA-L@webmail.inetadmin.eu> References: <20160918204909.Horde.hfqfbaYx60jylD3X3sRIwvX@webmail.inetadmin.eu> <2835AB61-B28F-4113-BB86-42823EB7DA00@iki.fi> <20160920115123.Horde.LfhSAhePKsc3CneJ_KxpA-L@webmail.inetadmin.eu> Message-ID: <2d5c6fb8-acd5-a928-ca1d-4e066b10a27b@dovecot.fi> On 20.09.2016 12:51, azurit at pobox.sk wrote: >> On 18 Sep 2016, at 21:49, azurit at pobox.sk wrote: >>> >>> Hi, >>> >>> about an year ago i was reporting a bug in mailbox aliases, which >>> remains unfixed and unasnwered (probably totally ignored, don't >>> understand why). I thought it was because the bug is old and already >>> fixed but yesterday i upgraded to Dovecot 2.2.24 and problem persists. >>> >>> Here is the original report, everything, except the Dovecot version, >>> is still correct: >>> http://dovecot.org/list/dovecot/2015-June/101176.html >>> >>> Will this be fixed? Thanks for info. >> >> Do you have mailbox_list_index=yes? That's at least buggy with >> aliases and the fix isn't easy. > > > Yes, i have. Do i need to disable it? What impact will it have? For mailbox aliases to work, yes. It will stop using index file for mailbox lists, which can slightly degrade performance. Aki From aki.tuomi at dovecot.fi Fri Mar 10 10:37:44 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Fri, 10 Mar 2017 12:37:44 +0200 Subject: strange behaviour of dovecot In-Reply-To: References: Message-ID: <80fcf37b-97e0-c2a1-954e-db04d0c3513e@dovecot.fi> On 10.03.2017 11:26, Masaharu Kawada wrote: > Dear dovecot-list, > > Dovecot gives the below error messages and those errors go away after > running 'systemctl restart dovecot'(Restarting dovecot service)', however, > the same happens after a while later(like after 300 mails delivered). > > --- > master : Error : service(anvil) : Initial Status notification no received > in 30 seconds, killing the process > master : Error : service(log) : Initial Status notification no received in > 30 seconds, killing the process > master : Error : service(ssl-params) : Initial Status notification no > received in 30 seconds, killing the process > master : Error : service(log) : child 3703 killed with signal 9 > --- > > then the log process is not there so that no mail log gets captured in > maillog: > > --- > root 28036 0.0 0.0 19864 1604 ? Ss 11:45 0:00 > /usr/sbin/dovecot -F > dovecot 28074 0.0 0.0 9312 1000 ? S 11:46 0:00 > dovecot/anvil > root 28075 0.0 0.0 12324 2084 ? S 11:46 0:00 > dovecot/config > --- > > Does this have something to do with any limitation in dovecot > configuration? > > If anyone in the list ever has similar or same experience, please give me a > clue that shows where to look at from here. > > Thanks, > Are you using some kind of security framework that prevents IPC communications? Such as SELinux or AppArmor? Aki From bunkertor at tiscali.it Fri Mar 10 22:14:11 2017 From: bunkertor at tiscali.it (dovecot) Date: Sat, 11 Mar 2017 05:14:11 +0700 Subject: =?utf-8?B?bmV3IGFydGljbGU=?= Message-ID: <1813343250.20170311011411@tiscali.it> Hi, There is an article I've written recently and I wanted to hear your thoughts about it, please read it here http://example.wowcinema.com/6f6e Best regards, dovecot From rahul at moxic.com Fri Mar 10 22:15:29 2017 From: rahul at moxic.com (Rahul Singh Badyal) Date: Fri, 10 Mar 2017 14:15:29 -0800 Subject: No subject Message-ID: I have Centos 7 mail server installed with dovecot and postfix with MariaDB. I am trying to add a virtual All Mails folder for every user so that they can have all mails such as inbox, sent in a single folder, something like gmail. Please help me for this. *Regards,* *Rahul* From rahul at moxic.com Fri Mar 10 22:23:10 2017 From: rahul at moxic.com (Rahul Singh Badyal) Date: Fri, 10 Mar 2017 14:23:10 -0800 Subject: virtual all mails folder in dovecot Message-ID: I have Centos 7 mail server installed with dovecot and postfix with MariaDB. I am trying to add a virtual All Mails folder for every user so that they can have all mails such as inbox, sent in a single folder, something like gmail. Please help me for this. *Regards,* *Rahul* -------------- next part -------------- [rahul at surrey ~]$ dovecot --version 2.2.10 [rahul at surrey ~]$ dovecot -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-514.10.2.el7.x86_64 x86_64 CentOS Linux release 7.3.1611 (Core) xfs log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/vmail/%d/%n/Maildir mail_plugins = " virtual" namespace { inbox = yes location = prefix = INBOX. separator = . type = private } namespace { location = virtual:~/Maildir/All Mail prefix = All Mail. separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap pop3 service auth-worker { user = root } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { mode = 0600 user = vmail } user = root } ssl_cert = References: Message-ID: <25E44602-38B6-4FCC-B155-0A36DE8762C7@gmail.com> See: http://wiki2.dovecot.org/Plugins/Virtual On 3/10/17, 4:23 PM, "dovecot on behalf of Rahul Singh Badyal" wrote: I have Centos 7 mail server installed with dovecot and postfix with MariaDB. I am trying to add a virtual All Mails folder for every user so that they can have all mails such as inbox, sent in a single folder, something like gmail. Please help me for this. *Regards,* *Rahul* From bunkertor at tiscali.it Fri Mar 10 23:46:10 2017 From: bunkertor at tiscali.it (dovecot) Date: Sat, 11 Mar 2017 03:46:10 +0400 Subject: =?utf-8?B?SeKAmW0gc2xpZ2h0bHkgc2hvY2tlZA==?= Message-ID: <1579878390.20170311024610@tiscali.it> Hey! Just take a look at that crazy stuff, I'm slightly shocked! Here it is http://web.wacinema.com/6869 Yours, dovecot From mrobti at insiberia.net Sat Mar 11 07:04:28 2017 From: mrobti at insiberia.net (MRob) Date: Fri, 10 Mar 2017 23:04:28 -0800 Subject: Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?] In-Reply-To: References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> Message-ID: >> We have a need for some users to have an additional folder created and >> subscribed for them. >> >> Is is possible to return an override for the default "namespace inbox" >> containing the needed mailbox definitions in the userdb lookup for >> such users? If so, how would the userdb lookup result be formatted? >> Presumably as > > Yes, see here: > > http://wiki2.dovecot.org/UserDatabase/ExtraFields > > Each setting ist one "Extra Field" > >> just one long string, but how would the setting be named given there >> can't be a space in it? Can I replace the space with an underscore, >> e.g. >> >> userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe >> special_use = \Drafts } mailbox Trash { auto=subscribe special_use = >> \Trash } }' > > sort of: > > userdb_namespace/inbox/mailbox/Drafts/auto=subscribe > > see also: > > http://www.dovecot.org/list/dovecot/2016-February/103140.html Unfortunately, I'm having trouble with this task. Dovecot 2.2.27 Trying to have an "Important" folder get created and subscribed for only some users. When I put this into my dovecot config file it works as needed (other folders omitted for brevity): namespace inbox { mailbox Trash { auto=subscribe special_use = \Trash } mailbox Important { auto=subscribe } } But I don't want to do it globally, so put it into the userdb lookup: SELECT .... 'subscribe' AS 'namespace/inbox/mailbox/Important/auto' ... WHERE ... I confirmed that the correct query is executing and I know it works because other userdb fields are populated correctly. But the folder does not get created. For passdb lookups: SELECT .... 'subscribe' AS 'userdb_namespace/inbox/mailbox/Important/auto' ... WHERE ... I'd appreciate help/tips. From ml+dovecot at valo.at Sat Mar 11 07:22:06 2017 From: ml+dovecot at valo.at (Christian Kivalo) Date: Sat, 11 Mar 2017 08:22:06 +0100 Subject: Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?] In-Reply-To: References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> Message-ID: Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob : > >>> We have a need for some users to have an additional folder created >and >>> subscribed for them. >>> >>> Is is possible to return an override for the default "namespace >inbox" >>> containing the needed mailbox definitions in the userdb lookup for >>> such users? If so, how would the userdb lookup result be formatted? >>> Presumably as >> >> Yes, see here: >> >> http://wiki2.dovecot.org/UserDatabase/ExtraFields >> >> Each setting ist one "Extra Field" >> >>> just one long string, but how would the setting be named given there > >>> can't be a space in it? Can I replace the space with an underscore, >>> e.g. >>> >>> userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe >>> special_use = \Drafts } mailbox Trash { auto=subscribe special_use = > >>> \Trash } }' >> >> sort of: >> >> userdb_namespace/inbox/mailbox/Drafts/auto=subscribe >> >> see also: >> >> http://www.dovecot.org/list/dovecot/2016-February/103140.html > >Unfortunately, I'm having trouble with this task. > >Dovecot 2.2.27 > >Trying to have an "Important" folder get created and subscribed for >only >some users. When I put this into my dovecot config file it works as >needed (other folders omitted for brevity): > >namespace inbox { > mailbox Trash { > auto=subscribe > special_use = \Trash > } > mailbox Important { > auto=subscribe > } >} > >But I don't want to do it globally, so put it into the userdb lookup: > >SELECT .... 'subscribe' AS 'namespace/inbox/mailbox/Important/auto' ... > >WHERE ... > >I confirmed that the correct query is executing and I know it works >because other userdb fields are populated correctly. But the folder >does >not get created. For passdb lookups: > >SELECT .... 'subscribe' AS >'userdb_namespace/inbox/mailbox/Important/auto' ... WHERE ... > >I'd appreciate help/tips. Whats the output of doveadm user ? -- Christian Kivalo From mrobti at insiberia.net Sat Mar 11 07:28:36 2017 From: mrobti at insiberia.net (MRob) Date: Fri, 10 Mar 2017 23:28:36 -0800 Subject: Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?] In-Reply-To: References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> Message-ID: <986d4a08b13b5a11d613598c576b4d64@insiberia.net> On 2017-03-10 23:22, Christian Kivalo wrote: > Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob : >> >>>> We have a need for some users to have an additional folder created >> and >>>> subscribed for them. >>>> >>>> Is is possible to return an override for the default "namespace >> inbox" >>>> containing the needed mailbox definitions in the userdb lookup for >>>> such users? If so, how would the userdb lookup result be formatted? >>>> Presumably as >>> >>> Yes, see here: >>> >>> http://wiki2.dovecot.org/UserDatabase/ExtraFields >>> >>> Each setting ist one "Extra Field" >>> >>>> just one long string, but how would the setting be named given there >> >>>> can't be a space in it? Can I replace the space with an underscore, >>>> e.g. >>>> >>>> userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe >>>> special_use = \Drafts } mailbox Trash { auto=subscribe special_use = >> >>>> \Trash } }' >>> >>> sort of: >>> >>> userdb_namespace/inbox/mailbox/Drafts/auto=subscribe >>> >>> see also: >>> >>> http://www.dovecot.org/list/dovecot/2016-February/103140.html >> >> Unfortunately, I'm having trouble with this task. >> >> Dovecot 2.2.27 >> >> Trying to have an "Important" folder get created and subscribed for >> only >> some users. When I put this into my dovecot config file it works as >> needed (other folders omitted for brevity): >> >> namespace inbox { >> mailbox Trash { >> auto=subscribe >> special_use = \Trash >> } >> mailbox Important { >> auto=subscribe >> } >> } >> >> But I don't want to do it globally, so put it into the userdb lookup: >> >> SELECT .... 'subscribe' AS 'namespace/inbox/mailbox/Important/auto' >> ... >> >> WHERE ... >> >> I confirmed that the correct query is executing and I know it works >> because other userdb fields are populated correctly. But the folder >> does >> not get created. For passdb lookups: >> >> SELECT .... 'subscribe' AS >> 'userdb_namespace/inbox/mailbox/Important/auto' ... WHERE ... >> >> I'd appreciate help/tips. > Whats the output of doveadm user ? Oh I did not know this doveadm command, thank you! Output included all my other userdb fields as well as this: namespace/inbox/mailbox/Important/auto subscribe From azurit at pobox.sk Sat Mar 11 07:43:14 2017 From: azurit at pobox.sk (azurit at pobox.sk) Date: Sat, 11 Mar 2017 08:43:14 +0100 Subject: [Bug] Mailbox aliases still broken In-Reply-To: <2d5c6fb8-acd5-a928-ca1d-4e066b10a27b@dovecot.fi> References: <20160918204909.Horde.hfqfbaYx60jylD3X3sRIwvX@webmail.inetadmin.eu> <2835AB61-B28F-4113-BB86-42823EB7DA00@iki.fi> <20160920115123.Horde.LfhSAhePKsc3CneJ_KxpA-L@webmail.inetadmin.eu> <2d5c6fb8-acd5-a928-ca1d-4e066b10a27b@dovecot.fi> Message-ID: <20170311084314.Horde.g0r_LhW0-556Aj_U7-b1YSp@webmail.inetadmin.eu> >>> Do you have mailbox_list_index=yes? That's at least buggy with >>> aliases and the fix isn't easy. >> >> >> Yes, i have. Do i need to disable it? What impact will it have? > > For mailbox aliases to work, yes. It will stop using index file for > mailbox lists, which can slightly degrade performance. > > Aki Hm, i didn't like this very much :( How big will the degrade be? Is this only temporary limitation of aliases, which will be fixed in the future (as it's not stated in the docs) or permanent drawback? azur From mrobti at insiberia.net Sat Mar 11 18:41:38 2017 From: mrobti at insiberia.net (MRob) Date: Sat, 11 Mar 2017 10:41:38 -0800 Subject: Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?] In-Reply-To: <986d4a08b13b5a11d613598c576b4d64@insiberia.net> References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> <986d4a08b13b5a11d613598c576b4d64@insiberia.net> Message-ID: <9efcf336c62bcdc957bc745bd5708d73@insiberia.net> On 2017-03-10 23:28, MRob wrote: > On 2017-03-10 23:22, Christian Kivalo wrote: >> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob : >>> >>>>> We have a need for some users to have an additional folder created >>> and >>>>> subscribed for them. >>>>> >>>>> Is is possible to return an override for the default "namespace >>> inbox" >>>>> containing the needed mailbox definitions in the userdb lookup for >>>>> such users? If so, how would the userdb lookup result be formatted? >>>>> Presumably as >>>> >>>> Yes, see here: >>>> >>>> http://wiki2.dovecot.org/UserDatabase/ExtraFields >>>> >>>> Each setting ist one "Extra Field" >>>> >>>>> just one long string, but how would the setting be named given >>>>> there >>> >>>>> can't be a space in it? Can I replace the space with an underscore, >>>>> e.g. >>>>> >>>>> userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe >>>>> special_use = \Drafts } mailbox Trash { auto=subscribe special_use >>>>> = >>> >>>>> \Trash } }' >>>> >>>> sort of: >>>> >>>> userdb_namespace/inbox/mailbox/Drafts/auto=subscribe >>>> >>>> see also: >>>> >>>> http://www.dovecot.org/list/dovecot/2016-February/103140.html >>> >>> Unfortunately, I'm having trouble with this task. >>> >>> Dovecot 2.2.27 >>> >>> Trying to have an "Important" folder get created and subscribed for >>> only >>> some users. When I put this into my dovecot config file it works as >>> needed (other folders omitted for brevity): >>> >>> namespace inbox { >>> mailbox Trash { >>> auto=subscribe >>> special_use = \Trash >>> } >>> mailbox Important { >>> auto=subscribe >>> } >>> } >>> >>> But I don't want to do it globally, so put it into the userdb lookup: >>> >>> SELECT .... 'subscribe' AS 'namespace/inbox/mailbox/Important/auto' >>> ... >>> >>> WHERE ... >>> >>> I confirmed that the correct query is executing and I know it works >>> because other userdb fields are populated correctly. But the folder >>> does >>> not get created. For passdb lookups: >>> >>> SELECT .... 'subscribe' AS >>> 'userdb_namespace/inbox/mailbox/Important/auto' ... WHERE ... >>> >>> I'd appreciate help/tips. >> Whats the output of doveadm user ? > > Oh I did not know this doveadm command, thank you! > > Output included all my other userdb fields as well as this: > > namespace/inbox/mailbox/Important/auto subscribe In other words, I think it's configured correctly, so I hope someone can help me understand why it does not auto-create this folder when logging in. I know it's the weekend, maybe someone sees this on Monday morning. Thank you. From basdove at rediffmail.com Mon Mar 13 00:58:23 2017 From: basdove at rediffmail.com (Basdove) Date: Mon, 13 Mar 2017 06:28:23 +0530 Subject: dovecot: master: Dovecot v2.2.22 (fe789d2) starting up for imap, pop3 (core dumps disabled) Message-ID: <20170313005609.D15C52044D@talvi.dovecot.org> Hi. Always the below log appraring log under /var/log/mail.log Is this right or How to resolve it. Ubuntu 16.04.2 LTS server edition Mar 13 06:13:20 home dovecot: master: Dovecot v2.2.22 (fe789d2) starting up for imap, pop3 (core dumps disabled) Mar 13 06:13:30 home postfix/master[1495]: daemon started -- version 3.1.0, configuration /etc/postfix dovecot -n output -------------------------------------------------------------------- # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 4.4.0-64-generic x86_64 Ubuntu 16.04.2 LTS auth_mechanisms = plain login mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = " imap pop3" service auth-worker { user = root } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl_ca = >/etc/ssl/certs/01.pem ssl_cert = References: <20170313005609.D15C52044D@talvi.dovecot.org> Message-ID: <2CB51780-BF4A-4915-A720-0A741ED752F9@valo.at> Am 13. M?rz 2017 01:58:23 MEZ schrieb Basdove : >Hi. > >Always the below log appraring log under /var/log/mail.log > >Is this right or How to resolve it. > >Ubuntu 16.04.2 LTS server edition > > > >Mar 13 06:13:20 home dovecot: master: Dovecot v2.2.22 (fe789d2) >starting up >for imap, pop3 (core dumps disabled) This is a normal message. No problem there. >Mar 13 06:13:30 home postfix/master[1495]: daemon started -- version >3.1.0, >configuration /etc/postfix This is postfix and also is normal. -- Christian Kivalo From aki.tuomi at dovecot.fi Mon Mar 13 08:25:35 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 13 Mar 2017 10:25:35 +0200 Subject: Dict protocol changes string In-Reply-To: References: <09ccc308-80b2-f245-00f4-8134e7f7ab96@fsn.hu> <4ee8769a-6462-eac2-5ab2-2887a2aeebe7@dovecot.fi> Message-ID: <7b49161c-1ca8-f430-56c1-5b957798c3ee@dovecot.fi> On 28.02.2017 17:59, Nagy, Attila wrote: > On 09/23/2016 08:05 AM, Aki Tuomi wrote: >> On 29.07.2016 15:35, Nagy, Attila wrote: >>> I use pass and userdb with dict protocol in a similar way: >>> >>> key passdb { >>> key = passdb^MAuth-User: %u^MAuth-Pass: %w^MAuth-Protocol: >>> %s^MClient-IP: %r >>> format = json >>> } >>> >>> (^M is an \r character, inserted with vi CTRL-v + enter) >>> >>> Until 2.2.24 this has worked, but 2.2.25 seems to convert that ASCII >>> 13 into an ASCII 1 and an "r". >>> >>> Python printout from what I get with 2.2.25: >>> >>> 'Lshared/passdb\x01rAuth-User: user\x01rAuth-Pass: >>> pass\x01rAuth-Protocol: pop3\x01rClient-IP: 1.2.3.4' >>> >>> Is this change intentional? Why? >> Hi! >> >> Dict protocol escapes you newlines. You are expected to de-escape them >> yourself. >> >> Following escapes are done, you can de-escape them with your client. >> >> \x00 => \x10 >> \x01 => \x11 >> \t => \x1t >> \r => \x1r >> \n => \x1n >> >> > Following up on this: dovecot 2.2.27 and 2.2.28 goes even further > (2.2.25 was OK). > If a user specifies a password with a % in it, dovecot silently > truncates it. > So for example if I specify (just to check this simple example is also > bad): > key passdb { > key = %w > format = json > } > > and a user tries to log in with the password 'Lofasznehogyma%', > dovecot sends the following into the dict socket: > 'Lshared/Lofasznehogyma' > > According to user reports, other characters may also be affected. > > Could you please fix this? Hi! Can you try this? https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch Aki From bra at fsn.hu Mon Mar 13 13:28:34 2017 From: bra at fsn.hu (Nagy, Attila) Date: Mon, 13 Mar 2017 14:28:34 +0100 Subject: Dict protocol changes string In-Reply-To: <7b49161c-1ca8-f430-56c1-5b957798c3ee@dovecot.fi> References: <09ccc308-80b2-f245-00f4-8134e7f7ab96@fsn.hu> <4ee8769a-6462-eac2-5ab2-2887a2aeebe7@dovecot.fi> <7b49161c-1ca8-f430-56c1-5b957798c3ee@dovecot.fi> Message-ID: Hi, On 03/13/2017 09:25 AM, Aki Tuomi wrote: > > On 28.02.2017 17:59, Nagy, Attila wrote: >> On 09/23/2016 08:05 AM, Aki Tuomi wrote: >>> On 29.07.2016 15:35, Nagy, Attila wrote: >>>> I use pass and userdb with dict protocol in a similar way: >>>> >>>> key passdb { >>>> key = passdb^MAuth-User: %u^MAuth-Pass: %w^MAuth-Protocol: >>>> %s^MClient-IP: %r >>>> format = json >>>> } >>>> >>>> (^M is an \r character, inserted with vi CTRL-v + enter) >>>> >>>> Until 2.2.24 this has worked, but 2.2.25 seems to convert that ASCII >>>> 13 into an ASCII 1 and an "r". >>>> >>>> Python printout from what I get with 2.2.25: >>>> >>>> 'Lshared/passdb\x01rAuth-User: user\x01rAuth-Pass: >>>> pass\x01rAuth-Protocol: pop3\x01rClient-IP: 1.2.3.4' >>>> >>>> Is this change intentional? Why? >>> Hi! >>> >>> Dict protocol escapes you newlines. You are expected to de-escape them >>> yourself. >>> >>> Following escapes are done, you can de-escape them with your client. >>> >>> \x00 => \x10 >>> \x01 => \x11 >>> \t => \x1t >>> \r => \x1r >>> \n => \x1n >>> >>> >> Following up on this: dovecot 2.2.27 and 2.2.28 goes even further >> (2.2.25 was OK). >> If a user specifies a password with a % in it, dovecot silently >> truncates it. >> So for example if I specify (just to check this simple example is also >> bad): >> key passdb { >> key = %w >> format = json >> } >> >> and a user tries to log in with the password 'Lofasznehogyma%', >> dovecot sends the following into the dict socket: >> 'Lshared/Lofasznehogyma' >> >> According to user reports, other characters may also be affected. >> >> Could you please fix this? > Hi! > > Can you try this? > > https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch > > Aki I use 2.2.28, so I've actually tried this: --- work/dovecot-2.2.28/src/auth/db-dict.c 2017-03-13 13:47:09.406931000 +0100 +++ work/dovecot-2.2.28/src/auth/db-dict.c.orig 2017-03-13 13:45:47.903461000 +0100 @@ -408,7 +408,7 @@ continue; str_truncate(path, strlen(DICT_PATH_SHARED)); - str_append(path, key->key->key); + var_expand(path, key->key->key, iter->var_expand_table); ret = dict_lookup(iter->conn->dict, iter->pool, str_c(path), &key->value); if (ret > 0) { So far it looks ok. Thanks, From mrobti at insiberia.net Mon Mar 13 17:31:08 2017 From: mrobti at insiberia.net (MRob) Date: Mon, 13 Mar 2017 10:31:08 -0700 Subject: Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?] In-Reply-To: <986d4a08b13b5a11d613598c576b4d64@insiberia.net> References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> <986d4a08b13b5a11d613598c576b4d64@insiberia.net> Message-ID: <2f08c099bd5330a0d1416f7975080efa@insiberia.net> On 2017-03-10 23:28, MRob wrote: > On 2017-03-10 23:22, Christian Kivalo wrote: >> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob : >>> >>>>> We have a need for some users to have an additional folder created >>> and >>>>> subscribed for them. >>>>> >>>>> Is is possible to return an override for the default "namespace >>> inbox" >>>>> containing the needed mailbox definitions in the userdb lookup for >>>>> such users? If so, how would the userdb lookup result be formatted? >>>>> Presumably as >>>> >>>> Yes, see here: >>>> >>>> http://wiki2.dovecot.org/UserDatabase/ExtraFields >>>> >>>> Each setting ist one "Extra Field" >>>> >>>>> just one long string, but how would the setting be named given >>>>> there >>> >>>>> can't be a space in it? Can I replace the space with an underscore, >>>>> e.g. >>>>> >>>>> userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe >>>>> special_use = \Drafts } mailbox Trash { auto=subscribe special_use >>>>> = >>> >>>>> \Trash } }' >>>> >>>> sort of: >>>> >>>> userdb_namespace/inbox/mailbox/Drafts/auto=subscribe >>>> >>>> see also: >>>> >>>> http://www.dovecot.org/list/dovecot/2016-February/103140.html >>> >>> Unfortunately, I'm having trouble with this task. >>> >>> Dovecot 2.2.27 >>> >>> Trying to have an "Important" folder get created and subscribed for >>> only >>> some users. When I put this into my dovecot config file it works as >>> needed (other folders omitted for brevity): >>> >>> namespace inbox { >>> mailbox Trash { >>> auto=subscribe >>> special_use = \Trash >>> } >>> mailbox Important { >>> auto=subscribe >>> } >>> } >>> >>> But I don't want to do it globally, so put it into the userdb lookup: >>> >>> SELECT .... 'subscribe' AS 'namespace/inbox/mailbox/Important/auto' >>> ... >>> >>> WHERE ... >>> >>> I confirmed that the correct query is executing and I know it works >>> because other userdb fields are populated correctly. But the folder >>> does >>> not get created. For passdb lookups: >>> >>> SELECT .... 'subscribe' AS >>> 'userdb_namespace/inbox/mailbox/Important/auto' ... WHERE ... >>> >>> I'd appreciate help/tips. >> Whats the output of doveadm user ? > > Oh I did not know this doveadm command, thank you! > > Output included all my other userdb fields as well as this: > > namespace/inbox/mailbox/Important/auto subscribe Just a polite ping on this problem. Folder auto-creation isn't working with folders specified as part of the userdb lookup. Help appreciated. From mcguire at neurotica.com Mon Mar 13 19:09:44 2017 From: mcguire at neurotica.com (Dave McGuire) Date: Mon, 13 Mar 2017 15:09:44 -0400 Subject: change mdbox rotation size? Message-ID: <3e6d36c8-c5fd-6324-c9b7-a1b6bfcaca1b@neurotica.com> Hey folks. Is it possible/advisable to change the mdbox rotation size on an operational mdbox spool? If so, is there any way to "repackage" (for the lack of a better term) an existing mdbox spool to a different rotation size? Thanks, -Dave -- Dave McGuire, AK4HZ New Kensington, PA From jsmillie at gatewayk12.org Mon Mar 13 20:21:53 2017 From: jsmillie at gatewayk12.org (Jesse C. Smillie) Date: Mon, 13 Mar 2017 16:21:53 -0400 Subject: First time setting up Director Woes References: <251f1ffc-41e6-fb04-149c-71e4390085f1@gatewayk12.org> Message-ID: I'm trying to setup our first director server. Trying to keep the initial config simple really as just maybe a proof of concept and its got me pulling my hair out today. Initially I just tried to convert one of my already running IMAP servers to be a director just to see if I could do it. I modified the configs as it appeared they needed based on: https://wiki2.dovecot.org/Director http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy But it didn't work. Kept serving files locally instead of proxing off to the servers listed. -----------------------------------------------------------------------------------------------==== Mar 13 15:58:27 fugitoid dovecot: imap-login: Login: user=, method=PLAIN, rip=10.0.15.114, lip=10.1.12.221, mpid=3022, TLS, session= Mar 13 15:58:27 fugitoid dovecot: imap(makaveli): Error: User initialization failed: Namespace '': mkdir(/home/makaveli/Maildir) failed: Permission denied (euid=2605(makaveli) egid=1100() missing +w perm: /home, dir owned by 0:0 mode=0755) Mar 13 15:58:27 fugitoid dovecot: imap: Error: Invalid user settings. Refer to server log for more information. Thinking it was just something with that box (still running Dovecot 2.2.10 as well) I moved on to setup a new Centos7 server and go through the setup again and initially it was working for a few hours. -----------------------------------------------------------------------------------------------==== Mar 13 12:19:03 fugitoid dovecot: imap-login: proxy(makaveli): started proxying to 10.1.12.228:993: user=, method=PLAIN, rip=10.0.15.114, lip=10.1.12.221, TLS, session= Then at some point I got side tracked by a pam error message and when I came back from working that out Dovecot was trying to authenticate users locally again. I really feel like I'm missing something here, but for the life of me I can't figure it out. Any ideas would be welcome. Thanks. # 2.2.28 (bed8434): /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-514.10.2.el7.x86_64 x86_64 CentOS Linux release 7.3.1611 (Core) auth_mechanisms = plain login default_client_limit = 1024 director_mail_servers = 10.1.12.229 10.1.12.228 10.1.12.225 director_servers = 10.1.12.221:9090 mail_fsync = always mail_nfs_storage = yes mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = proxy=y nopassword=y ssl=any-cert driver = static } protocols = imap service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director inet_listener imaps { port = 993 ssl = yes } } ssl = required ssl_ca = From aki.tuomi at dovecot.fi Mon Mar 13 20:38:24 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 13 Mar 2017 22:38:24 +0200 (EET) Subject: First time setting up Director Woes In-Reply-To: References: <251f1ffc-41e6-fb04-149c-71e4390085f1@gatewayk12.org> Message-ID: <679365872.591.1489437505926@appsuite-dev.open-xchange.com> > On March 13, 2017 at 10:21 PM "Jesse C. Smillie" wrote: > > > I'm trying to setup our first director server. Trying to keep the > initial config simple really as just maybe a proof of concept and its > got me pulling my hair out today. Initially I just tried to convert one > of my already running IMAP servers to be a director just to see if I > could do it. I modified the configs as it appeared they needed based on: > > https://wiki2.dovecot.org/Director > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > But it didn't work. Kept serving files locally instead of proxing off > to the servers listed. Remove this: > passdb { > driver = pam > } Aki From aki.tuomi at dovecot.fi Mon Mar 13 20:40:36 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 13 Mar 2017 22:40:36 +0200 Subject: Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?] In-Reply-To: <2f08c099bd5330a0d1416f7975080efa@insiberia.net> References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> <986d4a08b13b5a11d613598c576b4d64@insiberia.net> <2f08c099bd5330a0d1416f7975080efa@insiberia.net> Message-ID: <402c4252-dc40-e058-3804-1e8a042f8d92@dovecot.fi> On 2017-03-13 19:31, MRob wrote: > On 2017-03-10 23:28, MRob wrote: >> On 2017-03-10 23:22, Christian Kivalo wrote: >>> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob : >>>> >>>>>> We have a need for some users to have an additional folder created >>>> and >>>>>> subscribed for them. >>>>>> >>>>>> Is is possible to return an override for the default "namespace >>>> inbox" >>>>>> containing the needed mailbox definitions in the userdb lookup for >>>>>> such users? If so, how would the userdb lookup result be formatted? >>>>>> Presumably as >>>>> >>>>> Yes, see here: >>>>> >>>>> http://wiki2.dovecot.org/UserDatabase/ExtraFields >>>>> >>>>> Each setting ist one "Extra Field" >>>>> >>>>>> just one long string, but how would the setting be named given there >>>> >>>>>> can't be a space in it? Can I replace the space with an underscore, >>>>>> e.g. >>>>>> >>>>>> userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe >>>>>> special_use = \Drafts } mailbox Trash { auto=subscribe special_use = >>>> >>>>>> \Trash } }' >>>>> >>>>> sort of: >>>>> >>>>> userdb_namespace/inbox/mailbox/Drafts/auto=subscribe >>>>> >>>>> see also: >>>>> >>>>> http://www.dovecot.org/list/dovecot/2016-February/103140.html >>>> >>>> Unfortunately, I'm having trouble with this task. >>>> >>>> Dovecot 2.2.27 >>>> >>>> Trying to have an "Important" folder get created and subscribed for >>>> only >>>> some users. When I put this into my dovecot config file it works as >>>> needed (other folders omitted for brevity): >>>> >>>> namespace inbox { >>>> mailbox Trash { >>>> auto=subscribe >>>> special_use = \Trash >>>> } >>>> mailbox Important { >>>> auto=subscribe >>>> } >>>> } >>>> >>>> But I don't want to do it globally, so put it into the userdb lookup: >>>> >>>> SELECT .... 'subscribe' AS 'namespace/inbox/mailbox/Important/auto' >>>> ... >>>> >>>> WHERE ... >>>> >>>> I confirmed that the correct query is executing and I know it works >>>> because other userdb fields are populated correctly. But the folder >>>> does >>>> not get created. For passdb lookups: >>>> >>>> SELECT .... 'subscribe' AS >>>> 'userdb_namespace/inbox/mailbox/Important/auto' ... WHERE ... >>>> >>>> I'd appreciate help/tips. >>> Whats the output of doveadm user ? >> >> Oh I did not know this doveadm command, thank you! >> >> Output included all my other userdb fields as well as this: >> >> namespace/inbox/mailbox/Important/auto subscribe > > Just a polite ping on this problem. Folder auto-creation isn't working > with folders specified as part of the userdb lookup. Help appreciated. Can you change config to mail_debug=yes and provide logs for a single session? Aki --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus From jsmillie at gatewayk12.org Mon Mar 13 20:48:19 2017 From: jsmillie at gatewayk12.org (Jesse C. Smillie) Date: Mon, 13 Mar 2017 16:48:19 -0400 Subject: First time setting up Director Woes In-Reply-To: References: <251f1ffc-41e6-fb04-149c-71e4390085f1@gatewayk12.org> <679365872.591.1489437505926@appsuite-dev.open-xchange.com> <0fc99c33-f960-f283-90e9-9bf1c29aa36b@gatewayk12.org> Message-ID: Working again. Explains a lot actually. Inital box I was experimenting on PAM was already setup and had worked. That error I got caught up in was with SSSD and PAM wasn't working. Fixing the error shot myself in the foot in other ways. Thank you! -Jesse C. Smillie On 3/13/17 4:38 PM, Aki Tuomi wrote: >> On March 13, 2017 at 10:21 PM "Jesse C. Smillie" wrote: >> >> >> I'm trying to setup our first director server. Trying to keep the >> initial config simple really as just maybe a proof of concept and its >> got me pulling my hair out today. Initially I just tried to convert one >> of my already running IMAP servers to be a director just to see if I >> could do it. I modified the configs as it appeared they needed based on: >> >> https://wiki2.dovecot.org/Director >> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy >> >> But it didn't work. Kept serving files locally instead of proxing off >> to the servers listed. > Remove this: > >> passdb { >> driver = pam >> } > Aki -------------- next part -------------- A non-text attachment was scrubbed... Name: jsmillie.vcf Type: text/x-vcard Size: 319 bytes Desc: not available URL: From dmiller at amfes.com Mon Mar 13 23:00:24 2017 From: dmiller at amfes.com (Daniel Miller) Date: Mon, 13 Mar 2017 16:00:24 -0700 Subject: Solr 6.4.2 Message-ID: For those trying Solr - version 6.4.2 fixed a number of bugs in the 6.4.x series. Speed is incredible. If you haven't tried it - I strongly recommend it! And, using the included installation script (with Solr) combined with my schema - installation was painless. I'm now running in single core mode without issues (running in cloud mode with a single core seemed silly anyway). -- Daniel From mkawada at redhat.com Tue Mar 14 00:21:44 2017 From: mkawada at redhat.com (Masaharu Kawada) Date: Tue, 14 Mar 2017 09:21:44 +0900 Subject: strange behaviour of dovecot In-Reply-To: <80fcf37b-97e0-c2a1-954e-db04d0c3513e@dovecot.fi> References: <80fcf37b-97e0-c2a1-954e-db04d0c3513e@dovecot.fi> Message-ID: Aki-san, Thanks for your feedback and very sorry for this late response. As for your question, there is no such kind of application used in this server. Any other idea in order to find out what kills service(log) process like this? Very much appreciate your help. Thanks, Masaharu Kawada On Fri, Mar 10, 2017 at 7:37 PM, Aki Tuomi wrote: > > > On 10.03.2017 11:26, Masaharu Kawada wrote: > > Dear dovecot-list, > > > > Dovecot gives the below error messages and those errors go away after > > running 'systemctl restart dovecot'(Restarting dovecot service)', > however, > > the same happens after a while later(like after 300 mails delivered). > > > > --- > > master : Error : service(anvil) : Initial Status notification no received > > in 30 seconds, killing the process > > master : Error : service(log) : Initial Status notification no received > in > > 30 seconds, killing the process > > master : Error : service(ssl-params) : Initial Status notification no > > received in 30 seconds, killing the process > > master : Error : service(log) : child 3703 killed with signal 9 > > --- > > > > then the log process is not there so that no mail log gets captured in > > maillog: > > > > --- > > root 28036 0.0 0.0 19864 1604 ? Ss 11:45 0:00 > > /usr/sbin/dovecot -F > > dovecot 28074 0.0 0.0 9312 1000 ? S 11:46 0:00 > > dovecot/anvil > > root 28075 0.0 0.0 12324 2084 ? S 11:46 0:00 > > dovecot/config > > --- > > > > Does this have something to do with any limitation in dovecot > > configuration? > > > > If anyone in the list ever has similar or same experience, please give > me a > > clue that shows where to look at from here. > > > > Thanks, > > > > Are you using some kind of security framework that prevents IPC > communications? Such as SELinux or AppArmor? > > Aki > From mrobti at insiberia.net Tue Mar 14 03:57:57 2017 From: mrobti at insiberia.net (MRob) Date: Mon, 13 Mar 2017 20:57:57 -0700 Subject: Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?] In-Reply-To: <402c4252-dc40-e058-3804-1e8a042f8d92@dovecot.fi> References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> <986d4a08b13b5a11d613598c576b4d64@insiberia.net> <2f08c099bd5330a0d1416f7975080efa@insiberia.net> <402c4252-dc40-e058-3804-1e8a042f8d92@dovecot.fi> Message-ID: <742e8854b2afd8677909bd6ae3943e28@insiberia.net> On 2017-03-13 13:40, Aki Tuomi wrote: > On 2017-03-13 19:31, MRob wrote: >> On 2017-03-10 23:28, MRob wrote: >>> On 2017-03-10 23:22, Christian Kivalo wrote: >>>> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob : >>>>> >>>>>>> We have a need for some users to have an additional folder >>>>>>> created >>>>> and >>>>>>> subscribed for them. >>>>>>> >>>>>>> Is is possible to return an override for the default "namespace >>>>> inbox" >>>>>>> containing the needed mailbox definitions in the userdb lookup >>>>>>> for >>>>>>> such users? If so, how would the userdb lookup result be >>>>>>> formatted? >>>>>>> Presumably as >>>>>> >>>>>> Yes, see here: >>>>>> >>>>>> http://wiki2.dovecot.org/UserDatabase/ExtraFields >>>>>> >>>>>> Each setting ist one "Extra Field" >>>>>> >>>>>>> just one long string, but how would the setting be named given >>>>>>> there >>>>> >>>>>>> can't be a space in it? Can I replace the space with an >>>>>>> underscore, >>>>>>> e.g. >>>>>>> >>>>>>> userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe >>>>>>> special_use = \Drafts } mailbox Trash { auto=subscribe >>>>>>> special_use = >>>>> >>>>>>> \Trash } }' >>>>>> >>>>>> sort of: >>>>>> >>>>>> userdb_namespace/inbox/mailbox/Drafts/auto=subscribe >>>>>> >>>>>> see also: >>>>>> >>>>>> http://www.dovecot.org/list/dovecot/2016-February/103140.html >>>>> >>>>> Unfortunately, I'm having trouble with this task. >>>>> >>>>> Dovecot 2.2.27 >>>>> >>>>> Trying to have an "Important" folder get created and subscribed for >>>>> only >>>>> some users. When I put this into my dovecot config file it works as >>>>> needed (other folders omitted for brevity): >>>>> >>>>> namespace inbox { >>>>> mailbox Trash { >>>>> auto=subscribe >>>>> special_use = \Trash >>>>> } >>>>> mailbox Important { >>>>> auto=subscribe >>>>> } >>>>> } >>>>> >>>>> But I don't want to do it globally, so put it into the userdb >>>>> lookup: >>>>> >>>>> SELECT .... 'subscribe' AS 'namespace/inbox/mailbox/Important/auto' >>>>> ... >>>>> >>>>> WHERE ... >>>>> >>>>> I confirmed that the correct query is executing and I know it works >>>>> because other userdb fields are populated correctly. But the folder >>>>> does >>>>> not get created. For passdb lookups: >>>>> >>>>> SELECT .... 'subscribe' AS >>>>> 'userdb_namespace/inbox/mailbox/Important/auto' ... WHERE ... >>>>> >>>>> I'd appreciate help/tips. >>>> Whats the output of doveadm user ? >>> >>> Oh I did not know this doveadm command, thank you! >>> >>> Output included all my other userdb fields as well as this: >>> >>> namespace/inbox/mailbox/Important/auto subscribe >> >> Just a polite ping on this problem. Folder auto-creation isn't working >> with folders specified as part of the userdb lookup. Help appreciated. > > Can you change config to > > mail_debug=yes > > and provide logs for a single session? Sorry to return so much later. I can provide full logs, but it looks like this is what you're looking for: Mar 14 01:26:24 mail dovecot: imap(user at example.com): Debug: Unknown userdb setting: plugin/namespace/inbox/mailbox/Important/auto=subscribe Is it the "plugin/" on front? As you see with my doveadm result above, I don't think I caused that to be placed there. Any further guidance? From aki.tuomi at dovecot.fi Tue Mar 14 08:52:02 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 14 Mar 2017 10:52:02 +0200 Subject: Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?] In-Reply-To: <742e8854b2afd8677909bd6ae3943e28@insiberia.net> References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> <986d4a08b13b5a11d613598c576b4d64@insiberia.net> <2f08c099bd5330a0d1416f7975080efa@insiberia.net> <402c4252-dc40-e058-3804-1e8a042f8d92@dovecot.fi> <742e8854b2afd8677909bd6ae3943e28@insiberia.net> Message-ID: <0801cc22-6704-2ba4-e7d8-5959d3f23fd9@dovecot.fi> On 14.03.2017 05:57, MRob wrote: > On 2017-03-13 13:40, Aki Tuomi wrote: >> On 2017-03-13 19:31, MRob wrote: >>> On 2017-03-10 23:28, MRob wrote: >>>> On 2017-03-10 23:22, Christian Kivalo wrote: >>>>> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob : >>>>>> >>>>>>>> We have a need for some users to have an additional folder created >>>>>> and >>>>>>>> subscribed for them. >>>>>>>> >>>>>>>> Is is possible to return an override for the default "namespace >>>>>> inbox" >>>>>>>> containing the needed mailbox definitions in the userdb lookup for >>>>>>>> such users? If so, how would the userdb lookup result be >>>>>>>> formatted? >>>>>>>> Presumably as >>>>>>> >>>>>>> Yes, see here: >>>>>>> >>>>>>> http://wiki2.dovecot.org/UserDatabase/ExtraFields >>>>>>> >>>>>>> Each setting ist one "Extra Field" >>>>>>> >>>>>>>> just one long string, but how would the setting be named given >>>>>>>> there >>>>>> >>>>>>>> can't be a space in it? Can I replace the space with an >>>>>>>> underscore, >>>>>>>> e.g. >>>>>>>> >>>>>>>> userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe >>>>>>>> special_use = \Drafts } mailbox Trash { auto=subscribe >>>>>>>> special_use = >>>>>> >>>>>>>> \Trash } }' >>>>>>> >>>>>>> sort of: >>>>>>> >>>>>>> userdb_namespace/inbox/mailbox/Drafts/auto=subscribe >>>>>>> >>>>>>> see also: >>>>>>> >>>>>>> http://www.dovecot.org/list/dovecot/2016-February/103140.html >>>>>> >>>>>> Unfortunately, I'm having trouble with this task. >>>>>> >>>>>> Dovecot 2.2.27 >>>>>> >>>>>> Trying to have an "Important" folder get created and subscribed for >>>>>> only >>>>>> some users. When I put this into my dovecot config file it works as >>>>>> needed (other folders omitted for brevity): >>>>>> >>>>>> namespace inbox { >>>>>> mailbox Trash { >>>>>> auto=subscribe >>>>>> special_use = \Trash >>>>>> } >>>>>> mailbox Important { >>>>>> auto=subscribe >>>>>> } >>>>>> } >>>>>> >>>>>> But I don't want to do it globally, so put it into the userdb >>>>>> lookup: >>>>>> >>>>>> SELECT .... 'subscribe' AS >>>>>> 'namespace/inbox/mailbox/Important/auto' ... >>>>>> >>>>>> WHERE ... >>>>>> >>>>>> I confirmed that the correct query is executing and I know it works >>>>>> because other userdb fields are populated correctly. But the folder >>>>>> does >>>>>> not get created. For passdb lookups: >>>>>> >>>>>> SELECT .... 'subscribe' AS >>>>>> 'userdb_namespace/inbox/mailbox/Important/auto' ... WHERE ... >>>>>> >>>>>> I'd appreciate help/tips. >>>>> Whats the output of doveadm user ? >>>> >>>> Oh I did not know this doveadm command, thank you! >>>> >>>> Output included all my other userdb fields as well as this: >>>> >>>> namespace/inbox/mailbox/Important/auto subscribe >>> >>> Just a polite ping on this problem. Folder auto-creation isn't >>> working with folders specified as part of the userdb lookup. Help >>> appreciated. >> >> Can you change config to >> >> mail_debug=yes >> >> and provide logs for a single session? > > Sorry to return so much later. I can provide full logs, but it looks > like this is what you're looking for: > > Mar 14 01:26:24 mail dovecot: imap(user at example.com): Debug: Unknown > userdb setting: plugin/namespace/inbox/mailbox/Important/auto=subscribe > > Is it the "plugin/" on front? As you see with my doveadm result above, > I don't think I caused that to be placed there. Any further guidance? userdb_namespace/inbox/mailbox=Important userdb_namespace/inbox/mailbox/Important/name=Important userdb_namespace/inbox/mailbox/Important/auto=create Also if you want to create multiple mailboxes, you can use mailbox=Important,SecondBox,SomeOtherBox and add settings for them. The important one is the 'name' setting. Aki From plataleas at gmail.com Tue Mar 14 09:05:36 2017 From: plataleas at gmail.com (plataleas) Date: Tue, 14 Mar 2017 10:05:36 +0100 Subject: autocreate ONLY for new Users Message-ID: <2bcbeb52-e971-3e5e-eb94-bbb1b7fab06c@gmail.com> Hi All We are currently migrating accounts to Dovecot. The existing accounts do have special folders with different names. (i.e. sent, sent-mail) The autocreate-function of "special folders" is useful. However we need this feature ONLY for new users. The existing accounts have a mapping for their own "special folders". There are discussions about this topic on the mailing list: /http://www.dovecot.org/list/dovecot/2014-August/097313.html https://dovecot.org/list/dovecot/2016-May/104296.html/ Did someone manage to implement this ? Are there workarounds? Thanks and regards plataleas From sami.ketola at dovecot.fi Tue Mar 14 09:17:05 2017 From: sami.ketola at dovecot.fi (Sami Ketola) Date: Tue, 14 Mar 2017 18:17:05 +0900 Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits In-Reply-To: <73d453f9-842a-2bd0-7908-041871b05481@ddns.com.au> References: <73d453f9-842a-2bd0-7908-041871b05481@ddns.com.au> Message-ID: <726520F0-7DC6-4C64-9B03-F81E3F8F778D@dovecot.fi> Hi, mail_max_userip_connections is only enforced at the backend level. The setting has no effect on proxy. If you want to force the limit then you can only do it in the backend. Sami > On 9 Mar 2017, at 12.05, Adi Pircalabu wrote: > > Quick follow-up: updated the proxies to 2.2.28, but I still couldn't find a way to limit the inbound IMAP connections per IP & username. I know "mail_max_userip_connections" limit works for the mail stores, but it doesn't seem to have any effect on the proxies. I'm using a mix of Dovecot & Courier-IMAP servers as backends. > Basically I need to find a way to enforce the maximum limit for the username<>remoteip so that, if I have: > ESTCONNS=`doveadm -f flow proxy list | grep "username=usern at domain.com.proto=imap" | wc -l` > $ESTCONNS is lower or equal than the configured limit. > The proxies are configured as per https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy to forward the password to the remote server using MySQL. In dovecot-sql.conf.ext I have: > password_query = SELECT NULL AS password, 'Y' as nopassword, host, email as email, 'any-cert' as 'starttls', 'Y' AS proxy FROM mailbox WHERE email = '%u' AND disabled_smtpauth=0 > > At the moment the only way I can limit the number of established connections per source IP address on the Dovecot proxies is using iptables, which isn't what I want. > Where else can I look? > > Adi Pircalabu, System Administrator > DDNS, a Total Internet Company > 159 Barkly Avenue, Burnley, Vic 3121, T +61 3 9815 6868 > > On 08/03/17 12:32, Adi Pircalabu wrote: >> Hi, >> Trying to keep abusive/buggy IMAP clients at bay on a number of Dovecot proxy servers, I've reconfigured them to use "mail_max_userip_connections = 50" in the "protocol imap" section, followed by restarting Dovecot. Yet, I'm still seeing 160+ established connections from a single IP address for the same email account. Am I missing anything? >> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf >> # Pigeonhole version 0.4.16 (fed8554) >> # OS: Linux 2.6.32-642.4.2.el6.x86_64 x86_64 CentOS release 6.8 (Final) >> auth_cache_negative_ttl = 5 mins >> auth_cache_size = 16 M >> auth_cache_ttl = 18 hours >> default_client_limit = 6120 >> default_process_limit = 500 >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify >> mbox_write_locks = fcntl >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> args = /etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> } >> plugin { >> sieve = file:~/sieve;active=~/.dovecot.sieve >> sieve_extensions = +notify +imapflags >> } >> protocols = imap pop3 lmtp sieve >> service auth { >> client_limit = 6120 >> } >> service imap-login { >> process_limit = 2048 >> process_min_avail = 20 >> service_count = 0 >> vsz_limit = 256 M >> } >> service imap { >> process_limit = 2048 >> } >> service managesieve-login { >> inet_listener sieve { >> port = 4190 >> } >> service_count = 0 >> vsz_limit = 128 M >> } >> service managesieve { >> process_limit = 1024 >> } >> service pop3 { >> process_limit = 1024 >> } >> [...] >> protocol imap { >> imap_capability = IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE >> mail_max_userip_connections = 50 >> } From mrobti at insiberia.net Tue Mar 14 16:43:26 2017 From: mrobti at insiberia.net (MRob) Date: Tue, 14 Mar 2017 09:43:26 -0700 Subject: Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?] In-Reply-To: <0801cc22-6704-2ba4-e7d8-5959d3f23fd9@dovecot.fi> References: <6c741a1e6a5863c859a2f8eb97e9a408@insiberia.net> <986d4a08b13b5a11d613598c576b4d64@insiberia.net> <2f08c099bd5330a0d1416f7975080efa@insiberia.net> <402c4252-dc40-e058-3804-1e8a042f8d92@dovecot.fi> <742e8854b2afd8677909bd6ae3943e28@insiberia.net> <0801cc22-6704-2ba4-e7d8-5959d3f23fd9@dovecot.fi> Message-ID: <4df71acedea5da2bf4c4d1f774a0a06a@insiberia.net> On 2017-03-14 01:52, Aki Tuomi wrote: > On 14.03.2017 05:57, MRob wrote: >> On 2017-03-13 13:40, Aki Tuomi wrote: >>> On 2017-03-13 19:31, MRob wrote: >>>> On 2017-03-10 23:28, MRob wrote: >>>>> On 2017-03-10 23:22, Christian Kivalo wrote: >>>>>> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob : >>>>>>> >>>>>>>>> We have a need for some users to have an additional folder >>>>>>>>> created >>>>>>> and >>>>>>>>> subscribed for them. >>>>>>>>> >>>>>>>>> Is is possible to return an override for the default "namespace >>>>>>> inbox" >>>>>>>>> containing the needed mailbox definitions in the userdb lookup >>>>>>>>> for >>>>>>>>> such users? If so, how would the userdb lookup result be >>>>>>>>> formatted? >>>>>>>>> Presumably as >>>>>>>> >>>>>>>> Yes, see here: >>>>>>>> >>>>>>>> http://wiki2.dovecot.org/UserDatabase/ExtraFields >>>>>>>> >>>>>>>> Each setting ist one "Extra Field" >>>>>>>> >>>>>>>>> just one long string, but how would the setting be named given >>>>>>>>> there >>>>>>> >>>>>>>>> can't be a space in it? Can I replace the space with an >>>>>>>>> underscore, >>>>>>>>> e.g. >>>>>>>>> >>>>>>>>> userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe >>>>>>>>> special_use = \Drafts } mailbox Trash { auto=subscribe >>>>>>>>> special_use = >>>>>>> >>>>>>>>> \Trash } }' >>>>>>>> >>>>>>>> sort of: >>>>>>>> >>>>>>>> userdb_namespace/inbox/mailbox/Drafts/auto=subscribe >>>>>>>> >>>>>>>> see also: >>>>>>>> >>>>>>>> http://www.dovecot.org/list/dovecot/2016-February/103140.html >>>>>>> >>>>>>> Unfortunately, I'm having trouble with this task. >>>>>>> >>>>>>> Dovecot 2.2.27 >>>>>>> >>>>>>> Trying to have an "Important" folder get created and subscribed >>>>>>> for >>>>>>> only >>>>>>> some users. When I put this into my dovecot config file it works >>>>>>> as >>>>>>> needed (other folders omitted for brevity): >>>>>>> >>>>>>> namespace inbox { >>>>>>> mailbox Trash { >>>>>>> auto=subscribe >>>>>>> special_use = \Trash >>>>>>> } >>>>>>> mailbox Important { >>>>>>> auto=subscribe >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> But I don't want to do it globally, so put it into the userdb >>>>>>> lookup: >>>>>>> >>>>>>> SELECT .... 'subscribe' AS >>>>>>> 'namespace/inbox/mailbox/Important/auto' ... >>>>>>> >>>>>>> WHERE ... >>>>>>> >>>>>>> I confirmed that the correct query is executing and I know it >>>>>>> works >>>>>>> because other userdb fields are populated correctly. But the >>>>>>> folder >>>>>>> does >>>>>>> not get created. For passdb lookups: >>>>>>> >>>>>>> SELECT .... 'subscribe' AS >>>>>>> 'userdb_namespace/inbox/mailbox/Important/auto' ... WHERE ... >>>>>>> >>>>>>> I'd appreciate help/tips. >>>>>> Whats the output of doveadm user ? >>>>> >>>>> Oh I did not know this doveadm command, thank you! >>>>> >>>>> Output included all my other userdb fields as well as this: >>>>> >>>>> namespace/inbox/mailbox/Important/auto subscribe >>>> >>>> Just a polite ping on this problem. Folder auto-creation isn't >>>> working with folders specified as part of the userdb lookup. Help >>>> appreciated. >>> >>> Can you change config to >>> >>> mail_debug=yes >>> >>> and provide logs for a single session? >> >> Sorry to return so much later. I can provide full logs, but it looks >> like this is what you're looking for: >> >> Mar 14 01:26:24 mail dovecot: imap(user at example.com): Debug: Unknown >> userdb setting: >> plugin/namespace/inbox/mailbox/Important/auto=subscribe >> >> Is it the "plugin/" on front? As you see with my doveadm result above, >> I don't think I caused that to be placed there. Any further guidance? > userdb_namespace/inbox/mailbox=Important > userdb_namespace/inbox/mailbox/Important/name=Important > userdb_namespace/inbox/mailbox/Important/auto=create Am I to understand that I'll need all three of these? It makes sense, though the Important/name=Important is a bit awkward - wondering, is this documented anywhere I may have missed? > Also if you want to create multiple mailboxes, you can use > mailbox=Important,SecondBox,SomeOtherBox and add settings for them. The > important one is the 'name' setting. Good tip, thank you. From dave.mehler at gmail.com Tue Mar 14 16:46:54 2017 From: dave.mehler at gmail.com (David Mehler) Date: Tue, 14 Mar 2017 12:46:54 -0400 Subject: welcome plugin Message-ID: Hello, If anyone is using the welcome plugin in dovecot 2.2.x to sent a one-time new welcome email to new users can I get a look at your configuration? I'm stuck, I create a user and the welcome action does not execute. If you've got a script to send the mail can I get a look at that as well? Thanks. Dave. From rs at sys4.de Tue Mar 14 17:02:45 2017 From: rs at sys4.de (Robert Schetterer) Date: Tue, 14 Mar 2017 18:02:45 +0100 Subject: welcome plugin In-Reply-To: References: Message-ID: <2d1b4c0a-fba0-d879-1644-ce75adb0686a@sys4.de> Am 14.03.2017 um 17:46 schrieb David Mehler: > Hello, > > If anyone is using the welcome plugin in dovecot 2.2.x to sent a > one-time new welcome email to new users can I get a look at your > configuration? I'm stuck, I create a user and the welcome action does > not execute. If you've got a script to send the mail can I get a look > at that as well? > > Thanks. > Dave. > postfixadmin has an option for welcome mails, but that has "nearly" null relation to dovecot Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schlei?heimer Stra?e 26/MG, 80333 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From aki.tuomi at dovecot.fi Tue Mar 14 17:09:20 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 14 Mar 2017 19:09:20 +0200 (EET) Subject: welcome plugin In-Reply-To: References: Message-ID: <2123750728.2772.1489511361278@appsuite-dev.open-xchange.com> > On March 14, 2017 at 6:46 PM David Mehler wrote: > > > Hello, > > If anyone is using the welcome plugin in dovecot 2.2.x to sent a > one-time new welcome email to new users can I get a look at your > configuration? I'm stuck, I create a user and the welcome action does > not execute. If you've got a script to send the mail can I get a look > at that as well? > > Thanks. > Dave. Did you follow the instructions in the wiki? http://wiki2.dovecot.org/Plugins/Welcome It's missing the bit saying mail_plugins = $mail_plugins welcome Aki From skdovecot at smail.inf.fh-brs.de Wed Mar 15 06:38:06 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 15 Mar 2017 07:38:06 +0100 (CET) Subject: autocreate ONLY for new Users In-Reply-To: <2bcbeb52-e971-3e5e-eb94-bbb1b7fab06c@gmail.com> References: <2bcbeb52-e971-3e5e-eb94-bbb1b7fab06c@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 14 Mar 2017, plataleas wrote: > We are currently migrating accounts to Dovecot. The existing accounts do > have special folders with different names. (i.e. sent, sent-mail) > > The autocreate-function of "special folders" is useful. However we need > this feature ONLY for new users. The existing accounts have a mapping > for their own "special folders". > > Did someone manage to implement this ? Are there workarounds? Workaround might be the thread "Auto create & subscribe folder from Userdb". Configure Dovecot to autocreate / autosubscribe and configure the userdb of existing users to override auto with no . You should test however, if some mail clients get confused with the new special use folders. When I switched them on several years ago, I had no complains about this. So, I guess, this "advice" (special use tag) is taken into account during account creation only. I'm not sure if you can override "special_use = \Sent", too. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWMjhTnz1H7kL/d9rAQL6UQf/dwNMfEJBXEkg2KQuQVDSmQmQ08Sq3yO+ QeWli1PndWerNJW0Bw2UUP1vtDenQD2HIJVXD5EuO89rycPwaZgK1Pj/NtKeDsN0 zRqYT/znsa9zaCHHyosZVFOVDY2Cat7xUeXv/xb4MCfXDp3dnp0WjRq34Oy0oP11 kq190YmjEkPmIYSIuSnOYfHrgmwMciIP8jzLBwNcEU4TXEgCr6beblVEsfZTxAMs vADo6A0KHCcIL22tJxX452kEE91QeqfurSmcClb5cY+Wo2rTgwBzfRBqvnD/VjCi CkAkyeKFUI//HgI1VBRuiE0b4vQ4Nte0jLyikleVpYW5wxNfFSK0zw== =sUHp -----END PGP SIGNATURE----- From plataleas at gmail.com Wed Mar 15 07:28:42 2017 From: plataleas at gmail.com (plataleas) Date: Wed, 15 Mar 2017 08:28:42 +0100 Subject: autocreate ONLY for new Users In-Reply-To: References: <2bcbeb52-e971-3e5e-eb94-bbb1b7fab06c@gmail.com> Message-ID: <5509eb60-1b49-defc-dfed-694d58f163d2@gmail.com> thanks for the feedback! Userdb would be an option, however we would need to extend our LDAP Schema with an additional "autocreate flag". Modifying the LDAP import scripts, this is quite a task. Another option we were thinking of is creating the special folders by a script right after user creation. By far the best and easiest solution would be a flag to auto-create the special folders ONLY on first login. Is there any chance to get this feature? Thanks a lot! On 03/15/2017 07:38 AM, Steffen Kaiser wrote: > On Tue, 14 Mar 2017, plataleas wrote: > > > We are currently migrating accounts to Dovecot. The existing accounts do > > have special folders with different names. (i.e. sent, sent-mail) > > > The autocreate-function of "special folders" is useful. However we need > > this feature ONLY for new users. The existing accounts have a mapping > > for their own "special folders". > > > Did someone manage to implement this ? Are there workarounds? > > Workaround might be the thread "Auto create & subscribe folder from > Userdb". > > Configure Dovecot to autocreate / autosubscribe and configure the > userdb of existing users to override auto with no . > > You should test however, if some mail clients get confused with the > new special use folders. When I switched them on several years ago, I > had no complains about this. So, I guess, this "advice" (special use > tag) is taken into account during account creation only. > > I'm not sure if you can override "special_use = \Sent", too. > > -- Steffen Kaiser From aki.tuomi at dovecot.fi Wed Mar 15 10:43:00 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 15 Mar 2017 12:43:00 +0200 Subject: autocreate ONLY for new Users In-Reply-To: <5509eb60-1b49-defc-dfed-694d58f163d2@gmail.com> References: <2bcbeb52-e971-3e5e-eb94-bbb1b7fab06c@gmail.com> <5509eb60-1b49-defc-dfed-694d58f163d2@gmail.com> Message-ID: <92473ca1-a471-8f97-f69b-934c3f52ce13@dovecot.fi> You could also use welcome plugin to execute a custom script on first login. Aki On 15.03.2017 09:28, plataleas wrote: > thanks for the feedback! > > Userdb would be an option, however we would need to extend our LDAP > Schema with an additional "autocreate flag". Modifying the LDAP import > scripts, this is quite a task. Another option we were thinking of is > creating the special folders by a script right after user creation. > > By far the best and easiest solution would be a flag to auto-create the > special folders ONLY on first login. > > Is there any chance to get this feature? > > Thanks a lot! > > > On 03/15/2017 07:38 AM, Steffen Kaiser wrote: >> On Tue, 14 Mar 2017, plataleas wrote: >> >>> We are currently migrating accounts to Dovecot. The existing accounts do >>> have special folders with different names. (i.e. sent, sent-mail) >>> The autocreate-function of "special folders" is useful. However we need >>> this feature ONLY for new users. The existing accounts have a mapping >>> for their own "special folders". >>> Did someone manage to implement this ? Are there workarounds? >> Workaround might be the thread "Auto create & subscribe folder from >> Userdb". >> >> Configure Dovecot to autocreate / autosubscribe and configure the >> userdb of existing users to override auto with no . >> >> You should test however, if some mail clients get confused with the >> new special use folders. When I switched them on several years ago, I >> had no complains about this. So, I guess, this "advice" (special use >> tag) is taken into account during account creation only. >> >> I'm not sure if you can override "special_use = \Sent", too. >> >> -- Steffen Kaiser From mail at tomsommer.dk Wed Mar 15 10:56:37 2017 From: mail at tomsommer.dk (Tom Sommer) Date: Wed, 15 Mar 2017 11:56:37 +0100 Subject: Custom cache_key for passdb-sql Message-ID: <92940dda51557aac1abb1e7234692ce5@tomsommer.dk> The cache_key for the SQL-passdb should be created automatically, but for some reason the service (%s) is not part of the key, and I need it to be I've tried to set a manual cache_key, but that fails: Mar 15 11:54:02 auth: Fatal: sql /etc/dovecot/dovecot-sql.conf cache_key=%s%u%{real_ip}: Can't open configuration file /etc/dovecot/dovecot-sql.conf cache_key=%s%u%{real_ip}: No such file or directory passdb { args = /etc/dovecot/dovecot-sql.conf cache_key=%s%u%{real_ip} driver = sql } Is this not possible? -- Tom From plataleas at gmail.com Wed Mar 15 11:07:13 2017 From: plataleas at gmail.com (plataleas) Date: Wed, 15 Mar 2017 12:07:13 +0100 Subject: autocreate ONLY for new Users In-Reply-To: <92473ca1-a471-8f97-f69b-934c3f52ce13@dovecot.fi> References: <2bcbeb52-e971-3e5e-eb94-bbb1b7fab06c@gmail.com> <5509eb60-1b49-defc-dfed-694d58f163d2@gmail.com> <92473ca1-a471-8f97-f69b-934c3f52ce13@dovecot.fi> Message-ID: Thanks Aki!! The welcome plugin sounds like the best workaround. To implement this we would need to upgrade our Dovecot installation: dovecot-core: Installed: 1:2.2.24-1~bpo8+1 Candidate: 1:2.2.27-2~bpo8+1 Are there special recommendations for the upgrade process (in addition to the Dovecot NEWS file)? Any special steps we should be aware of during the upgrade? Is it that simple "apt-get upgrade dovecot-core"? your experiences are highly appreciated! This is our first Dovecot upgrade :-) On 03/15/2017 11:43 AM, Aki Tuomi wrote: > You could also use welcome plugin to execute a custom script on first login. > > Aki > > On 15.03.2017 09:28, plataleas wrote: >> thanks for the feedback! >> >> Userdb would be an option, however we would need to extend our LDAP >> Schema with an additional "autocreate flag". Modifying the LDAP import >> scripts, this is quite a task. Another option we were thinking of is >> creating the special folders by a script right after user creation. >> >> By far the best and easiest solution would be a flag to auto-create the >> special folders ONLY on first login. >> >> Is there any chance to get this feature? >> >> Thanks a lot! >> >> >> On 03/15/2017 07:38 AM, Steffen Kaiser wrote: >>> On Tue, 14 Mar 2017, plataleas wrote: >>> >>>> We are currently migrating accounts to Dovecot. The existing accounts do >>>> have special folders with different names. (i.e. sent, sent-mail) >>>> The autocreate-function of "special folders" is useful. However we need >>>> this feature ONLY for new users. The existing accounts have a mapping >>>> for their own "special folders". >>>> Did someone manage to implement this ? Are there workarounds? >>> Workaround might be the thread "Auto create & subscribe folder from >>> Userdb". >>> >>> Configure Dovecot to autocreate / autosubscribe and configure the >>> userdb of existing users to override auto with no . >>> >>> You should test however, if some mail clients get confused with the >>> new special use folders. When I switched them on several years ago, I >>> had no complains about this. So, I guess, this "advice" (special use >>> tag) is taken into account during account creation only. >>> >>> I'm not sure if you can override "special_use = \Sent", too. >>> >>> -- Steffen Kaiser From aki.tuomi at dovecot.fi Wed Mar 15 11:35:17 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 15 Mar 2017 13:35:17 +0200 Subject: autocreate ONLY for new Users In-Reply-To: References: <2bcbeb52-e971-3e5e-eb94-bbb1b7fab06c@gmail.com> <5509eb60-1b49-defc-dfed-694d58f163d2@gmail.com> <92473ca1-a471-8f97-f69b-934c3f52ce13@dovecot.fi> Message-ID: welcome plugin is already present in 2.2.24, so in that sense, no need to upgrade. Other than that, it should be rather straightforward upgrade. Aki On 15.03.2017 13:07, plataleas wrote: > Thanks Aki!! > > The welcome plugin sounds like the best workaround. To implement this we > would need to upgrade our Dovecot installation: > > dovecot-core: > Installed: 1:2.2.24-1~bpo8+1 > Candidate: 1:2.2.27-2~bpo8+1 > > Are there special recommendations for the upgrade process (in addition > to the Dovecot NEWS file)? Any special steps we should be aware of > during the upgrade? > > Is it that simple "apt-get upgrade dovecot-core"? > > your experiences are highly appreciated! This is our first Dovecot > upgrade :-) > > > > On 03/15/2017 11:43 AM, Aki Tuomi wrote: >> You could also use welcome plugin to execute a custom script on first login. >> >> Aki >> >> On 15.03.2017 09:28, plataleas wrote: >>> thanks for the feedback! >>> >>> Userdb would be an option, however we would need to extend our LDAP >>> Schema with an additional "autocreate flag". Modifying the LDAP import >>> scripts, this is quite a task. Another option we were thinking of is >>> creating the special folders by a script right after user creation. >>> >>> By far the best and easiest solution would be a flag to auto-create the >>> special folders ONLY on first login. >>> >>> Is there any chance to get this feature? >>> >>> Thanks a lot! >>> >>> >>> On 03/15/2017 07:38 AM, Steffen Kaiser wrote: >>>> On Tue, 14 Mar 2017, plataleas wrote: >>>> >>>>> We are currently migrating accounts to Dovecot. The existing accounts do >>>>> have special folders with different names. (i.e. sent, sent-mail) >>>>> The autocreate-function of "special folders" is useful. However we need >>>>> this feature ONLY for new users. The existing accounts have a mapping >>>>> for their own "special folders". >>>>> Did someone manage to implement this ? Are there workarounds? >>>> Workaround might be the thread "Auto create & subscribe folder from >>>> Userdb". >>>> >>>> Configure Dovecot to autocreate / autosubscribe and configure the >>>> userdb of existing users to override auto with no . >>>> >>>> You should test however, if some mail clients get confused with the >>>> new special use folders. When I switched them on several years ago, I >>>> had no complains about this. So, I guess, this "advice" (special use >>>> tag) is taken into account during account creation only. >>>> >>>> I'm not sure if you can override "special_use = \Sent", too. >>>> >>>> -- Steffen Kaiser From sca at andreasschulze.de Wed Mar 15 11:56:46 2017 From: sca at andreasschulze.de (A. Schulze) Date: Wed, 15 Mar 2017 12:56:46 +0100 Subject: pigeonhole / vacation Message-ID: <20170315125646.Horde.yCQIqUEM8L9nC_XQhT28XYC@andreasschulze.de> Hello, we use the sieve vacation module to answer messages for certain mailboxes. vacation send back answers to most but not all messages wich is fine and intended. .dovecot.sieve looks like this: require ["vacation", "variables"]; if header :matches "subject" "*" { vacation :subject "Automatic response to: ${1}" "thanks for your message"; keep; } But now I would like to distinct messages that where answered from those where the vacation module did not send back a message. Is it possible to store answered messages in one folder and unanswered in an other? # probably invalid sieve syntax if vacation .... { fileinto "answered/"; stop; else fileinto "unanswered/"; stop; } After reading RFC 5230 I feel it's not possible at all :-/ Andreas From plataleas at gmail.com Wed Mar 15 14:23:52 2017 From: plataleas at gmail.com (plataleas) Date: Wed, 15 Mar 2017 15:23:52 +0100 Subject: autocreate ONLY for new Users In-Reply-To: References: <2bcbeb52-e971-3e5e-eb94-bbb1b7fab06c@gmail.com> <5509eb60-1b49-defc-dfed-694d58f163d2@gmail.com> <92473ca1-a471-8f97-f69b-934c3f52ce13@dovecot.fi> Message-ID: <33edb4c2-6e58-016c-9bfa-d1e7dea2e031@gmail.com> The welcome plugin is only available for Dovecot Versions 2.2.25+. root at dcot02:~# dovecot --version 2.2.24 (a82c823) root at dcot02:~# grep Error /var/log/syslog Mar 15 15:13:47 dcot02 dovecot: imap: Error: Plugin 'welcome' not found from directory /usr/lib/dovecot/modules Mar 15 15:13:47 dcot02 dovecot: imap: Error: Internal error occurred. Refer to server log for more information. Thanks On 03/15/2017 12:35 PM, Aki Tuomi wrote: > welcome plugin is already present in 2.2.24, so in that sense, no need > to upgrade. Other than that, it should be rather straightforward upgrade. > > Aki > > On 15.03.2017 13:07, plataleas wrote: >> Thanks Aki!! >> >> The welcome plugin sounds like the best workaround. To implement this we >> would need to upgrade our Dovecot installation: >> >> dovecot-core: >> Installed: 1:2.2.24-1~bpo8+1 >> Candidate: 1:2.2.27-2~bpo8+1 >> >> Are there special recommendations for the upgrade process (in addition >> to the Dovecot NEWS file)? Any special steps we should be aware of >> during the upgrade? >> >> Is it that simple "apt-get upgrade dovecot-core"? >> >> your experiences are highly appreciated! This is our first Dovecot >> upgrade :-) >> >> >> >> On 03/15/2017 11:43 AM, Aki Tuomi wrote: >>> You could also use welcome plugin to execute a custom script on first login. >>> >>> Aki >>> >>> On 15.03.2017 09:28, plataleas wrote: >>>> thanks for the feedback! >>>> >>>> Userdb would be an option, however we would need to extend our LDAP >>>> Schema with an additional "autocreate flag". Modifying the LDAP import >>>> scripts, this is quite a task. Another option we were thinking of is >>>> creating the special folders by a script right after user creation. >>>> >>>> By far the best and easiest solution would be a flag to auto-create the >>>> special folders ONLY on first login. >>>> >>>> Is there any chance to get this feature? >>>> >>>> Thanks a lot! >>>> >>>> >>>> On 03/15/2017 07:38 AM, Steffen Kaiser wrote: >>>>> On Tue, 14 Mar 2017, plataleas wrote: >>>>> >>>>>> We are currently migrating accounts to Dovecot. The existing accounts do >>>>>> have special folders with different names. (i.e. sent, sent-mail) >>>>>> The autocreate-function of "special folders" is useful. However we need >>>>>> this feature ONLY for new users. The existing accounts have a mapping >>>>>> for their own "special folders". >>>>>> Did someone manage to implement this ? Are there workarounds? >>>>> Workaround might be the thread "Auto create & subscribe folder from >>>>> Userdb". >>>>> >>>>> Configure Dovecot to autocreate / autosubscribe and configure the >>>>> userdb of existing users to override auto with no . >>>>> >>>>> You should test however, if some mail clients get confused with the >>>>> new special use folders. When I switched them on several years ago, I >>>>> had no complains about this. So, I guess, this "advice" (special use >>>>> tag) is taken into account during account creation only. >>>>> >>>>> I'm not sure if you can override "special_use = \Sent", too. >>>>> >>>>> -- Steffen Kaiser From dougb at dougbarton.us Wed Mar 15 17:11:39 2017 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 15 Mar 2017 10:11:39 -0700 Subject: Postfix Ignoring lmtp, delivering straight to maildir Message-ID: First I'd like to thank all the developers and contributors to dovecot. I've been using it for many years, and deeply appreciate your fine work. :) dovecot --version 2.2.22 (fe789d2) I have a working installation with postfix and dovecot, and I want to add sieve to it, so I am trying to configure postfix to use lmtp instead of 'virtual' for its delivery service. However it is ignoring that request, and for every message I get "status=sent (delivered to maildir)" and it shows up in my Inbox. On my mail host I have 1 normal user, let's say the username is 'myuser'. I have postfix configured to accept mail for several different domains, and each domain has a lot of different mail usernames (I use this for mailing lists and such). I use the virtual_maps feature of postfix, and have a map file that looks like this: abuse at dougbarton.us myuser hostmaster at dougbarton.us myuser dougb at dougbarton.us myuser ... All of this works great, and mail for all the different usernames and domains gets delivered into my one real user's Maildir, and I can see the mail with my IMAP clients. I've configured sieve in dovecot, and I can see the socket for lmtp in /var/spool/postfix/private/. I can also see the managesieve port in netstat, and I can use a sieve client to connect to it and edit scripts, etc. So according to all the tutorials I've read my next step is this in postfix' main.cf: virtual_transport = lmtp:unix:private/dovecot-lmtp which I did, and postfix restarts with no errors. But, it seems to avoid lmtp altogether, and as I mentioned above it delivers straight to my Maildir Inbox every time. I do have a sieve file, and the ~/dovecot.sieve symlink exists. I created a very simple filter: require ["fileinto", "imap4flags"]; if header :contains "Subject" "test" { fileinto "Junk"; } which my sieve client says is correct syntax. Still no joy. :-/ Any thoughts or suggestions are welcome. (And sorry this is so long, but based on my extensive searches it seems my configuration is a bit unique, so I explained it in some length.) Doug From jean-luc.oms at lirmm.fr Wed Mar 15 17:14:45 2017 From: jean-luc.oms at lirmm.fr (Jean-Luc Oms) Date: Wed, 15 Mar 2017 18:14:45 +0100 Subject: Mail restore and single storage attachement Message-ID: <32b0dd78-333b-e235-29df-bd47923b9854@lirmm.fr> Bonjour, I'm finishing the upgrade of an old installation of Dovecot/postfix mail system for my lab. In the configuration i plan ( dovecot 2.2.27 ), i choose to use: - mdbox format - single storage for attachements - 2 zfs file systems, one for mdboxes, the other for attachments The last tests before production concern my hability to restore a lost mail (or mailbox) ... (lot of changes when you are used to mbox format). 1) I uses doveadm import to restore part of mail from one of the zfs snapshot with a cde like: doveadm -Dv import -U bof2 -s -u bof2 mdbox:/mailpool/lirmm/.zfs/snapshot/zfs-auto-snap_frequent-2017-03-15-1645/vmail/bof2/mdbox Recup-AAAA mailbox AAAA I get this error: doveadm(bof2): Error: open() failed with file /mailpool/lirmm/.zfs/snapshot/zfs-auto-snap_frequent-2017-03-15-1645/vmail/bof2/mdbox/mailboxes/AAAA/dbox-Mails/dovecot.index.log: Read-only file system Thats right, my snapshot is ro, but why the import has to write to the source ? I'm missing something ? 2) I don't find any way to specify a source for attachements with the import command, then I first restore all the atachements from one snapshot, then make import, then purge. Is there a way to use a source for attachement file tree, or a command to find the mssing files for the import command ? Thanks -- __________________________________________ Jean-Luc Oms STI-R?seauX - LIRMM - CNRS/UM2 161 rue Ada - BAT 4 - CC 477 34095 Montpellier cedex 5 Tel +33 4 67 41 85 93 Urg +33 6 32 01 04 17 __________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2922 bytes Desc: Signature cryptographique S/MIME URL: From yacinechaouche at yahoo.com Wed Mar 15 17:16:28 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Wed, 15 Mar 2017 17:16:28 +0000 (UTC) Subject: Postfix Ignoring lmtp, delivering straight to maildir In-Reply-To: References: Message-ID: <1988540471.801693.1489598188291@mail.yahoo.com> Hello Doug, First off since this is a postfix configuration problem I beleive it would be better suited in the postfix mailing list. The way I understand it is that you are editing the virtual transport map when you should be changing the local transport map because you are delivering to a normal, system user, not a virtual user. Try and see if that works for you. ? -- Yassine. On Wednesday, March 15, 2017 6:12 PM, Doug Barton wrote: First I'd like to thank all the developers and contributors to dovecot. I've been using it for many years, and deeply appreciate your fine work. :) dovecot --version 2.2.22 (fe789d2) I have a working installation with postfix and dovecot, and I want to add sieve to it, so I am trying to configure postfix to use lmtp instead of 'virtual' for its delivery service. However it is ignoring that request, and for every message I get "status=sent (delivered to maildir)" and it shows up in my Inbox. On my mail host I have 1 normal user, let's say the username is 'myuser'. I have postfix configured to accept mail for several different domains, and each domain has a lot of different mail usernames (I use this for mailing lists and such). I use the virtual_maps feature of postfix, and have a map file that looks like this: abuse at dougbarton.us myuser hostmaster at dougbarton.us myuser dougb at dougbarton.us myuser ... All of this works great, and mail for all the different usernames and domains gets delivered into my one real user's Maildir, and I can see the mail with my IMAP clients. I've configured sieve in dovecot, and I can see the socket for lmtp in /var/spool/postfix/private/. I can also see the managesieve port in netstat, and I can use a sieve client to connect to it and edit scripts, etc. So according to all the tutorials I've read my next step is this in postfix' main.cf: virtual_transport = lmtp:unix:private/dovecot-lmtp which I did, and postfix restarts with no errors. But, it seems to avoid lmtp altogether, and as I mentioned above it delivers straight to my Maildir Inbox every time. I do have a sieve file, and the ~/dovecot.sieve symlink exists. I created a very simple filter: require ["fileinto", "imap4flags"]; if header :contains "Subject" "test" { ? fileinto "Junk"; } which my sieve client says is correct syntax. Still no joy. :-/ Any thoughts or suggestions are welcome. (And sorry this is so long, but based on my extensive searches it seems my configuration is a bit unique, so I explained it in some length.) Doug From ken.zachreson at grandcanyonresort.com Wed Mar 15 17:27:59 2017 From: ken.zachreson at grandcanyonresort.com (Ken Zachreson) Date: Wed, 15 Mar 2017 17:27:59 +0000 Subject: Unable to create needed folders Message-ID: <8738C7F093A9234488A7A840DD785A842BBBA855@PSMAIL.GCRC.local> Greetings, The log reports that a process cannot create the needed folders. Please review and tell me what I have done wrong. dovecot 2.0.9 # 2.0.9: /etc/dovecot/dovecot.conf doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:85: protocol { ssl_listen } has been replaced by service { inet_listener { address } } # OS: Linux 2.6.32-642.15.1.el6.x86_64 x86_64 CentOS release 6.8 (Final) auth_mechanisms = plain login last_valid_gid = 520 last_valid_uid = 520 mail_location = mbox:~/mail/:INBOX=/var/mail/%u mbox_write_locks = fcntl passdb { args = dovecot driver = pam } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imaps { address = * } } service pop3-login { inet_listener pop3s { address = * } } ssl_ca = /etc/pki/tls/certs/gd_bundle-g2-g1.crt ssl_cert = , method=LOGIN, rip=xx.xx.xx.xx, lip=yy.yy.yy.yy, mpid=5973, TLS Mar 15 10:14:03 MultiTronic6 dovecot: imap(wifi.adm): Error: chown(/home/wifi.adm/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=504(wifi.adm), group based on /var/mail/wifi.adm) Mar 15 10:14:03 MultiTronic6 dovecot: imap(wifi.adm): Error: mkdir(/home/wifi.adm/mail/.imap/INBOX) failed: Operation not permitted Mar 15 10:14:03 MultiTronic6 dovecot: imap(wifi.adm): Connection closed bytes=39/423 Thank You, Ken Zachreson IT Manager, Grand Canyon Resort Corp 928-769-2629 928-769-2638 Help Desk From dougb at dougbarton.us Wed Mar 15 17:31:17 2017 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 15 Mar 2017 10:31:17 -0700 Subject: Postfix Ignoring lmtp, delivering straight to maildir In-Reply-To: <1988540471.801693.1489598188291@mail.yahoo.com> References: <1988540471.801693.1489598188291@mail.yahoo.com> Message-ID: <44bb9b2a-4468-522c-6bd0-d47a11dc66b1@dougbarton.us> I considered sending to the postfix list instead, and would be happy to do that if it's more appropriate. In regards to your suggestion, I've tried local_transport and mailbox_transport, but both result in mail bouncing because "User doesn't exist." I've added my virtual_maps file to local_recipient_maps, and that still doesn't work. I did get the expected result with local_transport though (delivered to lmtp). So I'll keep poking that a bit. Thanks! Doug On 03/15/2017 10:16 AM, chaouche yacine wrote: > Hello Doug, > First off since this is a postfix configuration problem I beleive it would be better suited in the postfix mailing list. The way I understand it is that you are editing the virtual transport map when you should be changing the local transport map because you are delivering to a normal, system user, not a virtual user. Try and see if that works for you. > -- Yassine. > > > On Wednesday, March 15, 2017 6:12 PM, Doug Barton wrote: > > > First I'd like to thank all the developers and contributors to dovecot. > I've been using it for many years, and deeply appreciate your fine work. :) > > dovecot --version > 2.2.22 (fe789d2) > > I have a working installation with postfix and dovecot, and I want to > add sieve to it, so I am trying to configure postfix to use lmtp instead > of 'virtual' for its delivery service. However it is ignoring that > request, and for every message I get "status=sent (delivered to > maildir)" and it shows up in my Inbox. > > On my mail host I have 1 normal user, let's say the username is > 'myuser'. I have postfix configured to accept mail for several different > domains, and each domain has a lot of different mail usernames (I use > this for mailing lists and such). I use the virtual_maps feature of > postfix, and have a map file that looks like this: > > abuse at dougbarton.us myuser > hostmaster at dougbarton.us myuser > dougb at dougbarton.us myuser > ... > > All of this works great, and mail for all the different usernames and > domains gets delivered into my one real user's Maildir, and I can see > the mail with my IMAP clients. > > I've configured sieve in dovecot, and I can see the socket for lmtp in > /var/spool/postfix/private/. I can also see the managesieve port in > netstat, and I can use a sieve client to connect to it and edit scripts, > etc. > > So according to all the tutorials I've read my next step is this in > postfix' main.cf: > > virtual_transport = lmtp:unix:private/dovecot-lmtp > > which I did, and postfix restarts with no errors. But, it seems to avoid > lmtp altogether, and as I mentioned above it delivers straight to my > Maildir Inbox every time. > > I do have a sieve file, and the ~/dovecot.sieve symlink exists. I > created a very simple filter: > > require ["fileinto", "imap4flags"]; > > if header :contains "Subject" "test" > { > fileinto "Junk"; > } > > which my sieve client says is correct syntax. Still no joy. :-/ > > Any thoughts or suggestions are welcome. (And sorry this is so long, but > based on my extensive searches it seems my configuration is a bit > unique, so I explained it in some length.) > > Doug > > > > From jerry at seibercom.net Wed Mar 15 18:43:55 2017 From: jerry at seibercom.net (Jerry) Date: Wed, 15 Mar 2017 14:43:55 -0400 Subject: Postfix Ignoring lmtp, delivering straight to maildir In-Reply-To: <44bb9b2a-4468-522c-6bd0-d47a11dc66b1@dougbarton.us> References: <1988540471.801693.1489598188291@mail.yahoo.com> <44bb9b2a-4468-522c-6bd0-d47a11dc66b1@dougbarton.us> Message-ID: <20170315144355.000021fb@seibercom.net> On Wed, 15 Mar 2017 10:31:17 -0700, Doug Barton stated: >I considered sending to the postfix list instead, and would be happy >to do that if it's more appropriate. If you do decide to submit your problem to Postfix, and I think you should, please follow the directions at http://www.postfix.com/DEBUG_README.html, and more specifically http://www.postfix.com/DEBUG_README.html#mail. Nothing pisses off Postfix members more than posting what "YOU" think the main.cf and master.cf are rather than what Postfix is actually interpreting it to be. Include your Postfix version and OS. That includes including actual log entries, not just a one line snippet. Also, be sure to explain exactly what it is you want to accomplish. They are not mind readers. Good luck. -- Jerry From ken.zachreson at grandcanyonresort.com Wed Mar 15 18:55:36 2017 From: ken.zachreson at grandcanyonresort.com (Ken Zachreson) Date: Wed, 15 Mar 2017 18:55:36 +0000 Subject: FW: Unable to create needed folders Message-ID: <8738C7F093A9234488A7A840DD785A842BBBA93D@PSMAIL.GCRC.local> Never mind, I am stupid and did not read all available information. Needed to change permissions on /var/mail/* Thank You, Ken Z -----Original Message----- From: Ken Zachreson Sent: Wednesday, March 15, 2017 10:28 AM To: 'dovecot at dovecot.org' Subject: Unable to create needed folders Greetings, The log reports that a process cannot create the needed folders. Please review and tell me what I have done wrong. dovecot 2.0.9 # 2.0.9: /etc/dovecot/dovecot.conf doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:85: protocol { ssl_listen } has been replaced by service { inet_listener { address } } # OS: Linux 2.6.32-642.15.1.el6.x86_64 x86_64 CentOS release 6.8 (Final) auth_mechanisms = plain login last_valid_gid = 520 last_valid_uid = 520 mail_location = mbox:~/mail/:INBOX=/var/mail/%u mbox_write_locks = fcntl passdb { args = dovecot driver = pam } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imaps { address = * } } service pop3-login { inet_listener pop3s { address = * } } ssl_ca = /etc/pki/tls/certs/gd_bundle-g2-g1.crt ssl_cert = , method=LOGIN, rip=xx.xx.xx.xx, lip=yy.yy.yy.yy, mpid=5973, TLS Mar 15 10:14:03 MultiTronic6 dovecot: imap(wifi.adm): Error: chown(/home/wifi.adm/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=504(wifi.adm), group based on /var/mail/wifi.adm) Mar 15 10:14:03 MultiTronic6 dovecot: imap(wifi.adm): Error: mkdir(/home/wifi.adm/mail/.imap/INBOX) failed: Operation not permitted Mar 15 10:14:03 MultiTronic6 dovecot: imap(wifi.adm): Connection closed bytes=39/423 Thank You, Ken Zachreson IT Manager, Grand Canyon Resort Corp 928-769-2629 928-769-2638 Help Desk From jerry at seibercom.net Wed Mar 15 18:58:40 2017 From: jerry at seibercom.net (Jerry) Date: Wed, 15 Mar 2017 14:58:40 -0400 Subject: Backing Up and Restoring mailboxes Message-ID: <20170315145840.000070ec@seibercom.net> I am going to be wiping clean my system and doing a complete upgrade. I have dovecot installed. I want to back up the mail system, and then be able to restore it. I thought that I could do this. doveadm -Dv backup -u user at example.com maildir:~/DoveBU Then I was going to gunzip that directory and put it onto a USB Drive. Now, after updating the system, I thought that I could just unzip the file from the USB drive. My question is, what command do I run to return the files to the same place they were originally. Assuming the structure was: "/var/mail/vmail/", what would I do? Thanks -- Jerry From adi at ddns.com.au Wed Mar 15 22:14:53 2017 From: adi at ddns.com.au (Adi Pircalabu) Date: Thu, 16 Mar 2017 09:14:53 +1100 Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits In-Reply-To: <726520F0-7DC6-4C64-9B03-F81E3F8F778D@dovecot.fi> References: <73d453f9-842a-2bd0-7908-041871b05481@ddns.com.au> <726520F0-7DC6-4C64-9B03-F81E3F8F778D@dovecot.fi> Message-ID: <3285edd3857c34117e5ae8cf884a3cab@ddns.com.au> Thanks, I thought this might be the case. Is there any solution to enforce this on the proxy? If not, will a feature request be considered anytime soon? I see the proxies as the first line of defense against IMAP "abuse" and I think it's consistent having the same configurable option available on both backends and the proxies. --- Adi Pircalabu On 14-03-2017 20:17, Sami Ketola wrote: > Hi, > > mail_max_userip_connections is only enforced at the backend level. The > setting has no effect on proxy. If you want to force the limit then > you can only do it in the backend. > > Sami > >> On 9 Mar 2017, at 12.05, Adi Pircalabu wrote: >> >> Quick follow-up: updated the proxies to 2.2.28, but I still couldn't >> find a way to limit the inbound IMAP connections per IP & username. I >> know "mail_max_userip_connections" limit works for the mail stores, >> but it doesn't seem to have any effect on the proxies. I'm using a mix >> of Dovecot & Courier-IMAP servers as backends. >> Basically I need to find a way to enforce the maximum limit for the >> username<>remoteip so that, if I have: >> ESTCONNS=`doveadm -f flow proxy list | grep >> "username=usern at domain.com.proto=imap" | wc -l` >> $ESTCONNS is lower or equal than the configured limit. >> The proxies are configured as per >> https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy to >> forward the password to the remote server using MySQL. In >> dovecot-sql.conf.ext I have: >> password_query = SELECT NULL AS password, 'Y' as nopassword, host, >> email as email, 'any-cert' as 'starttls', 'Y' AS proxy FROM mailbox >> WHERE email = '%u' AND disabled_smtpauth=0 >> >> At the moment the only way I can limit the number of established >> connections per source IP address on the Dovecot proxies is using >> iptables, which isn't what I want. >> Where else can I look? >> >> Adi Pircalabu, System Administrator >> DDNS, a Total Internet Company >> 159 Barkly Avenue, Burnley, Vic 3121, T +61 3 9815 6868 >> >> On 08/03/17 12:32, Adi Pircalabu wrote: >>> Hi, >>> Trying to keep abusive/buggy IMAP clients at bay on a number of >>> Dovecot proxy servers, I've reconfigured them to use >>> "mail_max_userip_connections = 50" in the "protocol imap" section, >>> followed by restarting Dovecot. Yet, I'm still seeing 160+ >>> established connections from a single IP address for the same email >>> account. Am I missing anything? >>> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf >>> # Pigeonhole version 0.4.16 (fed8554) >>> # OS: Linux 2.6.32-642.4.2.el6.x86_64 x86_64 CentOS release 6.8 >>> (Final) >>> auth_cache_negative_ttl = 5 mins >>> auth_cache_size = 16 M >>> auth_cache_ttl = 18 hours >>> default_client_limit = 6120 >>> default_process_limit = 500 >>> managesieve_notify_capability = mailto >>> managesieve_sieve_capability = fileinto reject envelope >>> encoded-character vacation subaddress comparator-i;ascii-numeric >>> relational regex imap4flags copy include variables body enotify >>> environment mailbox date index ihave duplicate mime foreverypart >>> extracttext imapflags notify >>> mbox_write_locks = fcntl >>> namespace inbox { >>> inbox = yes >>> location = >>> mailbox Drafts { >>> special_use = \Drafts >>> } >>> mailbox Junk { >>> special_use = \Junk >>> } >>> mailbox Sent { >>> special_use = \Sent >>> } >>> mailbox "Sent Messages" { >>> special_use = \Sent >>> } >>> mailbox Trash { >>> special_use = \Trash >>> } >>> prefix = >>> } >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf.ext >>> driver = sql >>> } >>> plugin { >>> sieve = file:~/sieve;active=~/.dovecot.sieve >>> sieve_extensions = +notify +imapflags >>> } >>> protocols = imap pop3 lmtp sieve >>> service auth { >>> client_limit = 6120 >>> } >>> service imap-login { >>> process_limit = 2048 >>> process_min_avail = 20 >>> service_count = 0 >>> vsz_limit = 256 M >>> } >>> service imap { >>> process_limit = 2048 >>> } >>> service managesieve-login { >>> inet_listener sieve { >>> port = 4190 >>> } >>> service_count = 0 >>> vsz_limit = 128 M >>> } >>> service managesieve { >>> process_limit = 1024 >>> } >>> service pop3 { >>> process_limit = 1024 >>> } >>> [...] >>> protocol imap { >>> imap_capability = IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE >>> mail_max_userip_connections = 50 >>> } From tss at iki.fi Thu Mar 16 00:03:49 2017 From: tss at iki.fi (Timo Sirainen) Date: Thu, 16 Mar 2017 02:03:49 +0200 Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits In-Reply-To: <3285edd3857c34117e5ae8cf884a3cab@ddns.com.au> References: <73d453f9-842a-2bd0-7908-041871b05481@ddns.com.au> <726520F0-7DC6-4C64-9B03-F81E3F8F778D@dovecot.fi> <3285edd3857c34117e5ae8cf884a3cab@ddns.com.au> Message-ID: <2186294D-C0E7-47A8-B085-19B3EC1E5D34@iki.fi> On 16 Mar 2017, at 0.14, Adi Pircalabu wrote: > > I thought this might be the case. Is there any solution to enforce this on the proxy? If not, will a feature request be considered anytime soon? I see the proxies as the first line of defense against IMAP "abuse" and I think it's consistent having the same configurable option available on both backends and the proxies. No plans to support enforcing at proxy level. One problem here is that there are no guarantees that the connections even end up in the same proxies, although I guess if your load balancer does IP stickiness that could work well enough. From adi at ddns.com.au Thu Mar 16 04:30:38 2017 From: adi at ddns.com.au (Adi Pircalabu) Date: Thu, 16 Mar 2017 15:30:38 +1100 Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits In-Reply-To: <2186294D-C0E7-47A8-B085-19B3EC1E5D34@iki.fi> References: <73d453f9-842a-2bd0-7908-041871b05481@ddns.com.au> <726520F0-7DC6-4C64-9B03-F81E3F8F778D@dovecot.fi> <3285edd3857c34117e5ae8cf884a3cab@ddns.com.au> <2186294D-C0E7-47A8-B085-19B3EC1E5D34@iki.fi> Message-ID: On 16/03/17 11:03, Timo Sirainen wrote: > > No plans to support enforcing at proxy level. One problem here is that there are no guarantees that the connections even end up in the same proxies, although I guess if your load balancer does IP stickiness that could work well enough. > With or without a load balancer in front of the proxies, it's still very manageable. Even without a load balancer, if you have say proxy_mail_max_userip_connections=n and m proxies, the maximum number of connections that can hit the backend at any time for an user is n*m. Would this help me to better manage the resources? Think it would. Is there a business case for the feature? For us it is, we're periodically getting hammered by iOS devices that try to open 300+ simultaneous IMAP connections for a single user from the same IP, while the average hovers usually below 50 for the busier mailboxes with many folders. Thanks, Adi Pircalabu, System Administrator From dougb at dougbarton.us Thu Mar 16 08:04:38 2017 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 16 Mar 2017 01:04:38 -0700 Subject: Postfix Ignoring lmtp, delivering straight to maildir In-Reply-To: References: Message-ID: <8d442fc2-39af-48dc-1721-491d15254ce0@dougbarton.us> Looks like this is a dovecot problem after all. :) I can get Postfix to deliver to lmtp, but it's telling it to deliver to a fully qualified 'user at domain.tld' address. Postfix says that it can't find that user, and that turns out to be the case. dovecot: auth: Debug: master in: USER#0112#011user at domain.tld#011service=lmtp So I read up on that error, and it looked like I needed to do this in auth-system.conf.ext userdb { driver = passwd override_fields = username_format=%n } But that didn't work, same error. So how do I convince dovecot that user at domain.tld is really local Unix account named "user" ?? Doug From dougb at dougbarton.us Thu Mar 16 08:39:00 2017 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 16 Mar 2017 01:39:00 -0700 Subject: Postfix Ignoring lmtp, delivering straight to maildir In-Reply-To: <8d442fc2-39af-48dc-1721-491d15254ce0@dougbarton.us> References: <8d442fc2-39af-48dc-1721-491d15254ce0@dougbarton.us> Message-ID: <717127b8-dd04-5fc4-6b5f-09829951a16d@dougbarton.us> And the answer is, auth_username_format=%n in dovecot.conf. On 03/16/2017 01:04 AM, Doug Barton wrote: > Looks like this is a dovecot problem after all. :) > > I can get Postfix to deliver to lmtp, but it's telling it to deliver to > a fully qualified 'user at domain.tld' address. Postfix says that it can't > find that user, and that turns out to be the case. > > dovecot: auth: Debug: master in: > USER#0112#011user at domain.tld#011service=lmtp > > So I read up on that error, and it looked like I needed to do this in > auth-system.conf.ext > > userdb { > driver = passwd > override_fields = username_format=%n > } > > But that didn't work, same error. > > So how do I convince dovecot that user at domain.tld is really local Unix > account named "user" ?? > > Doug From luciano at vespaperitivo.it Thu Mar 16 10:32:41 2017 From: luciano at vespaperitivo.it (Luciano Mannucci) Date: Thu, 16 Mar 2017 11:32:41 +0100 Subject: Timeout Leak Message-ID: <3vkPtf38Knz1cXL8@baobab.bilink.it> Hello all, I've got 3 occurences of this message in my log file: auth: Warning: Timeout leak: 0x805e480 (auth-request-handler.c:550) Can I ignore it, or is it a syhmptom of something wrong? I'm running dovecot 2.2.28 (bed8434). I'll post my doveconf -n if it is worth investigating further... Cheers, Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ From aki.tuomi at dovecot.fi Thu Mar 16 11:48:27 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Thu, 16 Mar 2017 13:48:27 +0200 Subject: Timeout Leak In-Reply-To: <3vkPtf38Knz1cXL8@baobab.bilink.it> References: <3vkPtf38Knz1cXL8@baobab.bilink.it> Message-ID: <8e6e539f-814e-6451-2d09-b9b575a0d158@dovecot.fi> On 16.03.2017 12:32, Luciano Mannucci wrote: > Hello all, > > I've got 3 occurences of this message in my log file: > > auth: Warning: Timeout leak: 0x805e480 (auth-request-handler.c:550) > > Can I ignore it, or is it a syhmptom of something wrong? > > I'm running dovecot 2.2.28 (bed8434). I'll post my doveconf -n if it > is worth investigating further... > > Cheers, > > Luciano. These are always worth looking into. Please do post, also any auth debug logs are welcome. Aki From sami.ketola at dovecot.fi Thu Mar 16 13:58:14 2017 From: sami.ketola at dovecot.fi (Sami Ketola) Date: Thu, 16 Mar 2017 22:58:14 +0900 Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits In-Reply-To: <3285edd3857c34117e5ae8cf884a3cab@ddns.com.au> References: <73d453f9-842a-2bd0-7908-041871b05481@ddns.com.au> <726520F0-7DC6-4C64-9B03-F81E3F8F778D@dovecot.fi> <3285edd3857c34117e5ae8cf884a3cab@ddns.com.au> Message-ID: <0BAB9B4C-12A4-4488-AA92-BFBDBF5B742B@dovecot.fi> Hi, It would be quite hard to enforce a limit at the proxy level since the proxies do not share any information. Currently I do not know any way of enforcing a limit at the proxies already. Sami > On 16 Mar 2017, at 7.14, Adi Pircalabu wrote: > > Thanks, > > I thought this might be the case. Is there any solution to enforce this on the proxy? If not, will a feature request be considered anytime soon? I see the proxies as the first line of defense against IMAP "abuse" and I think it's consistent having the same configurable option available on both backends and the proxies. > > --- > Adi Pircalabu > > On 14-03-2017 20:17, Sami Ketola wrote: >> Hi, >> mail_max_userip_connections is only enforced at the backend level. The >> setting has no effect on proxy. If you want to force the limit then >> you can only do it in the backend. >> Sami >>> On 9 Mar 2017, at 12.05, Adi Pircalabu wrote: >>> Quick follow-up: updated the proxies to 2.2.28, but I still couldn't find a way to limit the inbound IMAP connections per IP & username. I know "mail_max_userip_connections" limit works for the mail stores, but it doesn't seem to have any effect on the proxies. I'm using a mix of Dovecot & Courier-IMAP servers as backends. >>> Basically I need to find a way to enforce the maximum limit for the username<>remoteip so that, if I have: >>> ESTCONNS=`doveadm -f flow proxy list | grep "username=usern at domain.com.proto=imap" | wc -l` >>> $ESTCONNS is lower or equal than the configured limit. >>> The proxies are configured as per https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy to forward the password to the remote server using MySQL. In dovecot-sql.conf.ext I have: >>> password_query = SELECT NULL AS password, 'Y' as nopassword, host, email as email, 'any-cert' as 'starttls', 'Y' AS proxy FROM mailbox WHERE email = '%u' AND disabled_smtpauth=0 >>> At the moment the only way I can limit the number of established connections per source IP address on the Dovecot proxies is using iptables, which isn't what I want. >>> Where else can I look? >>> Adi Pircalabu, System Administrator >>> DDNS, a Total Internet Company >>> 159 Barkly Avenue, Burnley, Vic 3121, T +61 3 9815 6868 >>> On 08/03/17 12:32, Adi Pircalabu wrote: >>>> Hi, >>>> Trying to keep abusive/buggy IMAP clients at bay on a number of Dovecot proxy servers, I've reconfigured them to use "mail_max_userip_connections = 50" in the "protocol imap" section, followed by restarting Dovecot. Yet, I'm still seeing 160+ established connections from a single IP address for the same email account. Am I missing anything? >>>> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf >>>> # Pigeonhole version 0.4.16 (fed8554) >>>> # OS: Linux 2.6.32-642.4.2.el6.x86_64 x86_64 CentOS release 6.8 (Final) >>>> auth_cache_negative_ttl = 5 mins >>>> auth_cache_size = 16 M >>>> auth_cache_ttl = 18 hours >>>> default_client_limit = 6120 >>>> default_process_limit = 500 >>>> managesieve_notify_capability = mailto >>>> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify >>>> mbox_write_locks = fcntl >>>> namespace inbox { >>>> inbox = yes >>>> location = >>>> mailbox Drafts { >>>> special_use = \Drafts >>>> } >>>> mailbox Junk { >>>> special_use = \Junk >>>> } >>>> mailbox Sent { >>>> special_use = \Sent >>>> } >>>> mailbox "Sent Messages" { >>>> special_use = \Sent >>>> } >>>> mailbox Trash { >>>> special_use = \Trash >>>> } >>>> prefix = >>>> } >>>> passdb { >>>> args = /etc/dovecot/dovecot-sql.conf.ext >>>> driver = sql >>>> } >>>> plugin { >>>> sieve = file:~/sieve;active=~/.dovecot.sieve >>>> sieve_extensions = +notify +imapflags >>>> } >>>> protocols = imap pop3 lmtp sieve >>>> service auth { >>>> client_limit = 6120 >>>> } >>>> service imap-login { >>>> process_limit = 2048 >>>> process_min_avail = 20 >>>> service_count = 0 >>>> vsz_limit = 256 M >>>> } >>>> service imap { >>>> process_limit = 2048 >>>> } >>>> service managesieve-login { >>>> inet_listener sieve { >>>> port = 4190 >>>> } >>>> service_count = 0 >>>> vsz_limit = 128 M >>>> } >>>> service managesieve { >>>> process_limit = 1024 >>>> } >>>> service pop3 { >>>> process_limit = 1024 >>>> } >>>> [...] >>>> protocol imap { >>>> imap_capability = IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE >>>> mail_max_userip_connections = 50 >>>> } From ganael.laplanche at centralesupelec.fr Thu Mar 16 14:35:08 2017 From: ganael.laplanche at centralesupelec.fr (Ganael Laplanche) Date: Thu, 16 Mar 2017 15:35:08 +0100 Subject: LDAP locking problems - home related Message-ID: <1829020.nS0b5YeJGk@dmc12.w2k.rennes.supelec.fr> Hi list, # dovecot --version 2.2.13 We use Dovecot LDA and I've discovered lots of messages stating that lock files cannot be written: Mar 16 12:02:03 mailhost dovecot: lda(someuser): Error: file_dotlock_open(/home/sg/someuser/.dovecot.lda-dupes) failed: No such file or directory That user's home directory is fetched from LDAP and does not exist locally on our 'mailhost' machine, so those error messages do make sense; I would like to fix that situation. In our current Dovecot configuration, only mail_location is set: mail_location = maildir:/var/mail/%u I would like to ignore the erroneous 'home' attribute fetched from LDAP and specify a common mail_home, i.e. set: mail_home = /var/mail/%u/home but if I understand correctly, that global mail_home configuration directive would still be overridden by the LDAP 'home' attribute fetched from passdb: [...] pass_attrs = supannAliasLogin=user,userPassword=password,\ homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid [...] Can I just remove homeDirectory from pass_attrs to skip fetching 'home' from LDAP and then set the global mail_home ? Also, if that works: We would switch from a situation where a home is set (but wrong) to one where it becomes valid. Can there be any side-effect in that case (apart from fixing locking problems) ? Finally, will mail_home (leaf) directory be created if it does not exist yet (parent directory exists) ? Best regards, -- Ganael Laplanche Unix Systems Engineer @CentraleSupelec Rennes From ganael.laplanche at centralesupelec.fr Thu Mar 16 14:45:21 2017 From: ganael.laplanche at centralesupelec.fr (Ganael Laplanche) Date: Thu, 16 Mar 2017 15:45:21 +0100 Subject: LDA locking problems - home related In-Reply-To: <1829020.nS0b5YeJGk@dmc12.w2k.rennes.supelec.fr> References: <1829020.nS0b5YeJGk@dmc12.w2k.rennes.supelec.fr> Message-ID: <3573562.mPMUh6cXVB@dmc12.w2k.rennes.supelec.fr> On Thursday 16 March 2017 15:35:08 Ganael Laplanche wrote: > Hi list, Of course, the subject of my mail should be : LDA locking problems - home related not LDA*P*. I could have LDAP locking problems but that's another story ;-) -- Ganael Laplanche Unix Systems Engineer @CentraleSupelec Rennes From edgaras.lukosevicius at gmail.com Thu Mar 16 15:51:45 2017 From: edgaras.lukosevicius at gmail.com (=?UTF-8?Q?Edgaras_Luko=c5=a1evi=c4=8dius?=) Date: Thu, 16 Mar 2017 17:51:45 +0200 Subject: 'doveadm who' behind nginx mail proxy Message-ID: <43fbd441-5d84-39dc-89bf-e3ed9e5278b7@gmail.com> Hello, we have configured nginx to work as mail proxy for backend dovecot servers. Dovecot servers behind nginx proxy are showing internal nginx ip address for every client when running 'doveadm who' instead of showing real client IP addresses. Is is possible to configure this setup to show real client IP addresses when running 'doveadm who' on internal dovecot servers or to configure nginx to show which user-ip pairs are proxied to which servers? From luciano at vespaperitivo.it Thu Mar 16 16:25:41 2017 From: luciano at vespaperitivo.it (Luciano Mannucci) Date: Thu, 16 Mar 2017 17:25:41 +0100 Subject: Timeout Leak In-Reply-To: <8e6e539f-814e-6451-2d09-b9b575a0d158@dovecot.fi> References: <3vkPtf38Knz1cXL8@baobab.bilink.it> <8e6e539f-814e-6451-2d09-b9b575a0d158@dovecot.fi> Message-ID: <3vkYjz2TqczRRqX@baobab.bilink.it> On Thu, 16 Mar 2017 13:48:27 +0200 Aki Tuomi wrote: > These are always worth looking into. Please do post, also any auth debug > logs are welcome. Ok. Theese the logfile lines: Mar 14 18:06:12 master: Warning: Killed with signal 15 (by pid=7390 uid=0 code=kill) Mar 14 18:06:20 auth: Error: net_connect_unix(auth-worker) failed: Connection refused Mar 14 18:06:42 auth: Warning: Timeout leak: 0x805e480 (auth-request-handler.c:550) Mar 14 18:06:42 auth: Warning: Timeout leak: 0x805e480 (auth-request-handler.c:550) Mar 14 18:06:42 auth: Warning: Timeout leak: 0x805e480 (auth-request-handler.c:550) Here is the logfile.info of the relevant minute (a bit longish, passwors censored :)... Mar 14 18:06:01 pop3(l.radice_dls): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/7415, size=950442332 Mar 14 18:06:01 auth: Debug: auth client connected (pid=7375) Mar 14 18:06:01 auth: Debug: client in: AUTH 3 LOGIN service=smtp nologin lip=212.45.144.70 rip=89.248.171.132 Mar 14 18:06:01 auth: Debug: client passdb out: CONT 3 VXNlcm5hbWU6 Mar 14 18:06:01 auth: Debug: client in: CONT 3 XXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:01 auth: Debug: client passdb out: CONT 3 UGFzc3dvcmQ6 Mar 14 18:06:01 auth: Debug: client in: CONT 3 XXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:01 auth-worker(6538): Debug: pam(admin at bilink.net,89.248.171.132): lookup service=dovecot Mar 14 18:06:01 auth-worker(6538): Debug: pam(admin at bilink.net,89.248.171.132): #1/1 style=1 msg=Password: Mar 14 18:06:02 auth: Debug: auth client connected (pid=7377) Mar 14 18:06:02 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=zgbC17NKLOvAqAvR lip=192.168.134.44 rip=192.168.11.209lport=110 rport=60204 Mar 14 18:06:02 auth: Debug: client passdb out: CONT 1 Mar 14 18:06:02 auth: Debug: client in: CONT 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:02 auth-worker(7121): Debug: pam(m.castrechini_mms,192.168.11.209,): lookup service=dovecot Mar 14 18:06:02 auth-worker(7121): Debug: pam(m.castrechini_mms,192.168.11.209,): #1/1 style=1 msg=Password: Mar 14 18:06:02 auth: Debug: client passdb out: OK 1 user=m.castrechini_mms Mar 14 18:06:03 auth: Debug: master in: REQUEST 2912419841 7377 1 e4d4a4c42ae38c0214a0def0bb0f0915 session_pid=7378 Mar 14 18:06:03 auth: Debug: passwd(m.castrechini_mms,192.168.11.209,): userdb cache hit: system_groups_user=m.castrechini_mms uid=3002 gid=111 home=/home/m.castrechini_mms Mar 14 18:06:03 auth: Debug: master userdb out: USER 2912419841 m.castrechini_mms system_groups_user=m.castrechini_mms uid=3002 gid=111 home=/home/m.castrechini_mms Mar 14 18:06:03 pop3-login: Info: Login: user=, method=PLAIN, rip=192.168.11.209, lip=192.168.134.44, mpid=7378, session= Mar 14 18:06:03 pop3(m.castrechini_mms): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 14 18:06:03 auth-worker(6538): Info: pam(admin at bilink.net,89.248.171.132): unknown user Mar 14 18:06:05 auth: Debug: client passdb out: FAIL 3 user=admin at bilink.net Mar 14 18:06:06 auth: Debug: auth client connected (pid=7380) Mar 14 18:06:06 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=khD317NKD+PAqAtY lip=192.168.134.44 rip=192.168.11.88 lport=110 rport=58127 resp=XXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:06 auth-worker(6538): Debug: pam(a.zurlo_mms,192.168.11.88,): lookup service=dovecot Mar 14 18:06:06 auth-worker(6538): Debug: pam(a.zurlo_mms,192.168.11.88,): #1/1 style=1 msg=Password: Mar 14 18:06:06 auth: Debug: client passdb out: OK 1 user=a.zurlo_mms Mar 14 18:06:06 auth: Debug: master in: REQUEST 3493330945 7380 1 e4c2a1b6ab1b7ede85f4fd8611a960c8 session_pid=7382 Mar 14 18:06:06 auth: Debug: passwd(a.zurlo_mms,192.168.11.88,): userdb cache hit: system_groups_user=a.zurlo_mms uid=3005 gid=111 home=/home/a.zurlo_mms Mar 14 18:06:06 auth: Debug: master userdb out: USER 3493330945 a.zurlo_mms system_groups_user=a.zurlo_mms uid=3005 gid=111 home=/home/a.zurlo_mms Mar 14 18:06:06 pop3-login: Info: Login: user=, method=PLAIN, rip=192.168.11.88, lip=192.168.134.44, mpid=7382, session= Mar 14 18:06:06 pop3(a.zurlo_mms): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 14 18:06:06 auth: Debug: auth client connected (pid=7383) Mar 14 18:06:06 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=KP/817NKEuPAqAtY lip=192.168.134.44 rip=192.168.11.88 lport=110 rport=58130 resp=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:06 auth-worker(6538): Debug: pam(controllovideorobot_mms,192.168.11.88,): lookup service=dovecot Mar 14 18:06:06 auth-worker(6538): Debug: pam(controllovideorobot_mms,192.168.11.88,): #1/1 style=1 msg=Password: Mar 14 18:06:06 auth: Debug: client passdb out: OK 1 user=controllovideorobot_mms Mar 14 18:06:06 auth: Debug: master in: REQUEST 1922301953 7383 1 233822ae3d04cb50fb2e019e50750e2e session_pid=7384 Mar 14 18:06:06 auth: Debug: passwd(controllovideorobot_mms,192.168.11.88,): userdb cache hit: system_groups_user=controllovideorobot_mmsuid=3008 gid=111 home=/home/controllovideorobot_mms Mar 14 18:06:06 auth: Debug: master userdb out: USER 1922301953 controllovideorobot_mms system_groups_user=controllovideorobot_mms uid=3008 gid=111 home=/home/controllovideorobot_mms Mar 14 18:06:06 pop3-login: Info: Login: user=, method=PLAIN, rip=192.168.11.88, lip=192.168.134.44, mpid=7384, session= Mar 14 18:06:06 pop3(controllovideorobot_mms): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 14 18:06:08 imap(info_eml): Info: Logged out in=557 out=45291 Mar 14 18:06:08 imap(info_eml): Info: Logged out in=91 out=801 Mar 14 18:06:12 imap(mau_mct): Info: Server shutting down. in=1273 out=27116 Mar 14 18:06:12 imap(mau_mct): Info: Server shutting down. in=296 out=3481 Mar 14 18:06:12 imap(mau_mct): Info: Server shutting down. in=528 out=1528 Mar 14 18:06:12 imap(mau_mct): Info: Server shutting down. in=1090 out=24607 Mar 14 18:06:12 imap(mau_mct): Info: Server shutting down. in=568 out=10682 Mar 14 18:06:12 imap(milena): Info: Server shutting down. in=87414 out=316725 Mar 14 18:06:12 imap(mau_mct): Info: Server shutting down. in=1005 out=49462 Mar 14 18:06:12 imap(alessandro.lucchini_pds): Info: Server shutting down. in=1512 out=3937 Mar 14 18:06:12 imap(studiofrasi): Info: Server shutting down. in=144 out=1263 Mar 14 18:06:12 imap(mau_mct): Info: Server shutting down. in=519 out=1483 Mar 14 18:06:12 imap(alessandro.lucchini_pds): Info: Server shutting down. in=382 out=1808 Mar 14 18:06:12 imap(presidente_pfp): Info: Server shutting down. in=1367 out=4035 Mar 14 18:06:12 imap(presidente_pfp): Info: Server shutting down. in=1455 out=2839 Mar 14 18:06:12 imap(presidente_pfp): Info: Server shutting down. in=997 out=2359 Mar 14 18:06:13 pop3(enricoarienti_cpx): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/224, size=31522996 Mar 14 18:06:15 auth: Debug: client in: AUTH 3 LOGIN service=smtp nologin lip=212.45.144.44 rip=93.174.95.34 Mar 14 18:06:15 auth: Debug: client passdb out: CONT 3 VXNlcm5hbWU6 Mar 14 18:06:15 auth: Debug: client in: CONT 3 XXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:15 auth: Debug: client passdb out: CONT 3 UGFzc3dvcmQ6 Mar 14 18:06:15 auth: Debug: client in: CONT 3 XXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:20 imap(presidente_pfp): Info: Server shutting down. in=7841 out=38312 Mar 14 18:06:20 auth: Debug: client in: AUTH 7 LOGIN service=smtp nologin lip=212.45.144.44 rip=94.102.58.20 Mar 14 18:06:20 auth: Debug: client passdb out: CONT 7 VXNlcm5hbWU6 Mar 14 18:06:20 auth: Debug: client in: CONT 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:20 auth: Debug: client passdb out: CONT 7 UGFzc3dvcmQ6 Mar 14 18:06:20 auth: Debug: client in: CONT 7 XXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:25 master: Info: Dovecot v2.2.28 (bed8434) starting up for pop3, imap Mar 14 18:06:27 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth Mar 14 18:06:27 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Mar 14 18:06:27 auth: Debug: auth client connected (pid=7425) Mar 14 18:06:28 auth: Debug: auth client connected (pid=7427) Mar 14 18:06:28 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=u35A2bNKZNYC5OBN lip=212.45.144.44 rip=2.228.224.77 lport=110 rport=54884 resp=XXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:28 auth-worker(7428): Debug: Loading modules from directory: /usr/lib/dovecot/auth Mar 14 18:06:28 auth-worker(7428): Debug: pam(info_mpw,2.228.224.77,): lookup service=dovecot Mar 14 18:06:28 auth-worker(7428): Debug: pam(info_mpw,2.228.224.77,): #1/1 style=1 msg=Password: Mar 14 18:06:28 auth: Debug: client passdb out: OK 1 user=info_mpw Mar 14 18:06:28 auth: Debug: master in: REQUEST 1603010561 7427 1 91eec6a77f3c053d100bfd66724d2bf8 session_pid=7429 Mar 14 18:06:28 auth: Debug: passwd(info_mpw,2.228.224.77,): userdb cache miss Mar 14 18:06:28 auth-worker(7428): Debug: passwd(info_mpw,2.228.224.77,): lookup Mar 14 18:06:28 auth: Debug: master userdb out: USER 1603010561 info_mpw system_groups_user=info_mpw uid=2766 gid=111 home=/home/info_mpw Mar 14 18:06:28 pop3-login: Info: Login: user=, method=PLAIN, rip=2.228.224.77, lip=212.45.144.44, mpid=7429, session= Mar 14 18:06:28 pop3(info_mpw): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/156, size=21305074 Mar 14 18:06:28 auth: Debug: auth client connected (pid=7430) Mar 14 18:06:28 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=mRpC2bNKZtYC5OBN lip=212.45.144.44 rip=2.228.224.77 lport=110 rport=54886 resp=XXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:28 auth-worker(7428): Debug: pam(info_auv,2.228.224.77,): lookup service=dovecot Mar 14 18:06:28 auth-worker(7428): Debug: pam(info_auv,2.228.224.77,): #1/1 style=1 msg=Password: Mar 14 18:06:28 auth: Debug: client passdb out: OK 1 user=info_auv Mar 14 18:06:28 auth: Debug: master in: REQUEST 3943038977 7430 1 2c8b6c326334aca7e7cb662f218ff917 session_pid=7431 Mar 14 18:06:28 auth: Debug: passwd(info_auv,2.228.224.77,): userdb cache miss Mar 14 18:06:28 auth-worker(7428): Debug: passwd(info_auv,2.228.224.77,): lookup Mar 14 18:06:28 auth: Debug: master userdb out: USER 3943038977 info_auv system_groups_user=info_auv uid=2719 gid=111 home=/home/info_auv Mar 14 18:06:28 pop3-login: Info: Login: user=, method=PLAIN, rip=2.228.224.77, lip=212.45.144.44, mpid=7431, session= Mar 14 18:06:28 pop3(info_auv): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/21, size=1691958 Mar 14 18:06:28 auth: Debug: client in: AUTH 1 PLAIN service=imap session=3sNC2bNKP602zbWH lip=212.45.144.44 rip=54.205.181.135lport=143 rport=44351 resp=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:28 auth-worker(7428): Debug: pam(presidente_pfp,54.205.181.135,<3sNC2bNKP602zbWH>): lookup service=dovecot Mar 14 18:06:28 auth-worker(7428): Debug: pam(presidente_pfp,54.205.181.135,<3sNC2bNKP602zbWH>): #1/1 style=1 msg=Password: Mar 14 18:06:28 auth: Debug: client passdb out: OK 1 user=presidente_pfp Mar 14 18:06:28 auth: Debug: master in: REQUEST 1901068289 7425 1 5fe7716d8d250abfdf4ff45a3305cfe6 session_pid=7433 request_auth_token Mar 14 18:06:28 auth: Debug: passwd(presidente_pfp,54.205.181.135,<3sNC2bNKP602zbWH>): userdb cache miss Mar 14 18:06:28 auth-worker(7428): Debug: passwd(presidente_pfp,54.205.181.135,<3sNC2bNKP602zbWH>): lookup Mar 14 18:06:28 auth: Debug: master userdb out: USER 1901068289 presidente_pfp system_groups_user=presidente_pfp uid=2343 gid=111 home=/home/presidente_pfp auth_token=ecf98b41fdd6c8455c79daec0e131d886ec24a4d Mar 14 18:06:28 imap-login: Info: Login: user=, method=PLAIN, rip=54.205.181.135, lip=212.45.144.44, mpid=7433, session=<3sNC2bNKP602zbWH> Mar 14 18:06:28 auth: Debug: client in: AUTH 4 LOGIN service=smtp nologin lip=212.45.144.44 rip=93.174.93.18 Mar 14 18:06:28 auth: Debug: client passdb out: CONT 4 VXNlcm5hbWU6 Mar 14 18:06:28 auth: Debug: client in: CONT 4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:28 auth: Debug: client passdb out: CONT 4 UGFzc3dvcmQ6 Mar 14 18:06:28 auth: Debug: client in: CONT 4 XXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:32 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=RguE2bNKqMJf8bzq lip=212.45.144.70 rip=95.241.188.234lport=110 rport=49832 resp=XXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:33 auth: Debug: auth client connected (pid=7436) Mar 14 18:06:33 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=4XKV2bNKan/AqKeg lip=192.168.134.44 rip=192.168.167.160lport=110 rport=32618 Mar 14 18:06:33 auth: Debug: client passdb out: CONT 1 Mar 14 18:06:33 auth: Debug: client in: CONT 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:33 auth-worker(7428): Debug: pam(dabbene_mct,192.168.167.160,<4XKV2bNKan/AqKeg>): lookup service=dovecot Mar 14 18:06:33 auth-worker(7428): Debug: pam(dabbene_mct,192.168.167.160,<4XKV2bNKan/AqKeg>): #1/1 style=1 msg=Password: Mar 14 18:06:33 auth: Debug: client passdb out: OK 1 user=dabbene_mct Mar 14 18:06:33 auth: Debug: master in: REQUEST 2830106625 7436 1 99d57dabac099af0f5f1a719a38325d7 session_pid=7437 Mar 14 18:06:33 auth: Debug: passwd(dabbene_mct,192.168.167.160,<4XKV2bNKan/AqKeg>): userdb cache miss Mar 14 18:06:33 auth-worker(7428): Debug: passwd(dabbene_mct,192.168.167.160,<4XKV2bNKan/AqKeg>): lookup Mar 14 18:06:33 auth: Debug: master userdb out: USER 2830106625 dabbene_mct system_groups_user=dabbene_mct uid=3384 gid=111 home=/home/dabbene_mct Mar 14 18:06:33 pop3-login: Info: Login: user=, method=PLAIN, rip=192.168.167.160, lip=192.168.134.44, mpid=7437, session=<4XKV2bNKan/AqKeg> Mar 14 18:06:33 pop3(dabbene_mct): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/9450, size=1755467592 Mar 14 18:06:34 auth: Debug: auth client connected (pid=7438) Mar 14 18:06:34 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=qASe2bNKbH/AqKeg lip=192.168.134.44 rip=192.168.167.160lport=110 rport=32620 Mar 14 18:06:34 auth: Debug: client passdb out: CONT 1 Mar 14 18:06:34 auth: Debug: client in: CONT 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:34 auth-worker(7428): Debug: pam(dabbene_mct,192.168.167.160,): lookup service=dovecot Mar 14 18:06:34 auth-worker(7428): Debug: pam(dabbene_mct,192.168.167.160,): #1/1 style=1 msg=Password: Mar 14 18:06:34 auth: Debug: client passdb out: OK 1 user=dabbene_mct Mar 14 18:06:34 auth: Debug: master in: REQUEST 770310145 7438 1 a8d9f74f6a53257915bd79f7efd1123a session_pid=7439 Mar 14 18:06:34 auth: Debug: passwd(dabbene_mct,192.168.167.160,): userdb cache hit: system_groups_user=dabbene_mct uid=3384 gid=111 home=/home/dabbene_mct Mar 14 18:06:34 auth: Debug: master userdb out: USER 770310145 dabbene_mct system_groups_user=dabbene_mct uid=3384 gid=111 home=/home/dabbene_mct Mar 14 18:06:34 pop3-login: Info: Login: user=, method=PLAIN, rip=192.168.167.160, lip=192.168.134.44, mpid=7439, session= Mar 14 18:06:34 pop3(dabbene_mct): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/9450, size=1755467592 Mar 14 18:06:34 auth: Debug: auth client connected (pid=7440) Mar 14 18:06:34 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=Jgqk2bNKbn/AqKeg lip=192.168.134.44 rip=192.168.167.160lport=110 rport=32622 Mar 14 18:06:34 auth: Debug: client passdb out: CONT 1 Mar 14 18:06:34 auth: Debug: client in: CONT 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:34 auth-worker(7428): Debug: pam(dabbene_mct,192.168.167.160,): lookup service=dovecot Mar 14 18:06:34 auth-worker(7428): Debug: pam(dabbene_mct,192.168.167.160,): #1/1 style=1 msg=Password: Mar 14 18:06:34 auth: Debug: client passdb out: OK 1 user=dabbene_mct Mar 14 18:06:34 auth: Debug: master in: REQUEST 380239873 7440 1 65ec4289d0817fac99e77a6748b572b0 session_pid=7441 Mar 14 18:06:34 auth: Debug: passwd(dabbene_mct,192.168.167.160,): userdb cache hit: system_groups_user=dabbene_mct uid=3384 gid=111 home=/home/dabbene_mct Mar 14 18:06:34 auth: Debug: master userdb out: USER 380239873 dabbene_mct system_groups_user=dabbene_mct uid=3384 gid=111 home=/home/dabbene_mct Mar 14 18:06:34 pop3-login: Info: Login: user=, method=PLAIN, rip=192.168.167.160, lip=192.168.134.44, mpid=7441, session= Mar 14 18:06:34 pop3(dabbene_mct): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/9450, size=1755467592 Mar 14 18:06:34 auth: Debug: auth client connected (pid=7443) Mar 14 18:06:34 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=N3yq2bNKcH/AqKeg lip=192.168.134.44 rip=192.168.167.160lport=110 rport=32624 Mar 14 18:06:34 auth: Debug: client passdb out: CONT 1 Mar 14 18:06:34 auth: Debug: client in: CONT 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:34 auth-worker(7428): Debug: pam(dabbene_mct,192.168.167.160,): lookup service=dovecot Mar 14 18:06:34 auth-worker(7428): Debug: pam(dabbene_mct,192.168.167.160,): #1/1 style=1 msg=Password: Mar 14 18:06:34 auth: Debug: client passdb out: OK 1 user=dabbene_mct Mar 14 18:06:34 auth: Debug: master in: REQUEST 3907125249 7443 1 5e61646a95e7b3f57680a997a6e857db session_pid=7444 Mar 14 18:06:34 auth: Debug: passwd(dabbene_mct,192.168.167.160,): userdb cache hit: system_groups_user=dabbene_mct uid=3384 gid=111 home=/home/dabbene_mct Mar 14 18:06:34 auth: Debug: master userdb out: USER 3907125249 dabbene_mct system_groups_user=dabbene_mct uid=3384 gid=111 home=/home/dabbene_mct Mar 14 18:06:34 pop3-login: Info: Login: user=, method=PLAIN, rip=192.168.167.160, lip=192.168.134.44, mpid=7444, session= Mar 14 18:06:35 pop3(dabbene_mct): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/9450, size=1755467592 Mar 14 18:06:36 auth: Debug: auth client connected (pid=7445) Mar 14 18:06:36 auth: Debug: client in: AUTH 1 PLAIN service=imap secured no-penalty session=pKbC2bNKvcrAqIYQ lip=192.168.134.44rip=192.168.134.16 lport=143 rport=51901 resp=XXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:36 auth-worker(7428): Debug: pam(pteros_gan,192.168.134.16,): lookup service=dovecot Mar 14 18:06:36 auth-worker(7428): Debug: pam(pteros_gan,192.168.134.16,): #1/1 style=1 msg=Password: Mar 14 18:06:36 auth: Debug: client passdb out: OK 1 user=pteros_gan Mar 14 18:06:36 auth: Debug: master in: REQUEST 2847801345 7445 1 7cdbea1c357d06b96e9440d1cf0a5aae session_pid=7446 request_auth_token Mar 14 18:06:36 auth: Debug: passwd(pteros_gan,192.168.134.16,): userdb cache miss Mar 14 18:06:36 auth-worker(7428): Debug: passwd(pteros_gan,192.168.134.16,): lookup Mar 14 18:06:36 auth: Debug: master userdb out: USER 2847801345 pteros_gan system_groups_user=pteros_gan uid=3264 gid=111 home=/home/pteros_gan auth_token=e8801f4334e57f578eba11e501062d2a221a76ec Mar 14 18:06:36 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.134.16, lip=192.168.134.44, mpid=7446, secured, session= Mar 14 18:06:37 imap(pteros_gan): Info: Logged out in=92 out=993 Mar 14 18:06:41 auth: Debug: auth client connected (pid=7449) Mar 14 18:06:41 auth: Debug: client in: AUTH 1 PLAIN service=imap session=HkkJ2rNKJs5dISSB lip=212.45.144.44 rip=93.33.36.129 lport=143 rport=52774 resp=XXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:41 auth-worker(7428): Debug: pam(milena,93.33.36.129,): lookup service=dovecot Mar 14 18:06:41 auth-worker(7428): Debug: pam(milena,93.33.36.129,): #1/1 style=1 msg=Password: Mar 14 18:06:41 auth: Debug: client passdb out: OK 1 user=milena Mar 14 18:06:41 auth: Debug: master in: REQUEST 2300051457 7449 1 1c19961e792ebed350ce962c74eca78a session_pid=7451 request_auth_token Mar 14 18:06:41 auth: Debug: passwd(milena,93.33.36.129,): userdb cache miss Mar 14 18:06:41 auth-worker(7428): Debug: passwd(milena,93.33.36.129,): lookup Mar 14 18:06:41 auth: Debug: master userdb out: USER 2300051457 milena system_groups_user=milena uid=2049 gid=111 home=/home/milena auth_token=e3057d97e713495f979aad9b9d74454e1a8aa532 Mar 14 18:06:41 imap-login: Info: Login: user=, method=PLAIN, rip=93.33.36.129, lip=212.45.144.44, mpid=7451, session= Mar 14 18:06:42 pop3(carnevali): Info: Server shutting down. top=0/0, retr=0/0, del=0/1407, size=134075183 Mar 14 18:06:42 pop3(board_cwl): Info: Server shutting down. top=0/0, retr=0/0, del=0/0, size=0 Mar 14 18:06:42 pop3-login: Info: Disconnected: Shutting down (disconnected while authenticating, waited 10 secs): user=<>, method=PLAIN, rip=95.241.188.234, lip=212.45.144.70, session= Mar 14 18:06:42 auth: Debug: client in: CANCEL 1 Mar 14 18:06:47 auth: Debug: auth client connected (pid=7452) Mar 14 18:06:47 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=bE5l2rNKoPVf8bzq lip=212.45.144.70 rip=95.241.188.234lport=110 rport=62880 resp=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX(previous base64 data may contain sensitive data) Mar 14 18:06:47 auth-worker(7428): Debug: pam(m.ceriani_dls,95.241.188.234,): lookup service=dovecot Mar 14 18:06:47 auth-worker(7428): Debug: pam(m.ceriani_dls,95.241.188.234,): #1/1 style=1 msg=Password: Mar 14 18:06:47 auth: Debug: client passdb out: OK 1 user=m.ceriani_dls Mar 14 18:06:47 auth: Debug: master in: REQUEST 4273209345 7452 1 bdc6b6e0ff022b2b36b73145f7c8e49f session_pid=7453 Mar 14 18:06:47 auth: Debug: passwd(m.ceriani_dls,95.241.188.234,): userdb cache miss Mar 14 18:06:47 auth-worker(7428): Debug: passwd(m.ceriani_dls,95.241.188.234,): lookup Mar 14 18:06:47 auth: Debug: master userdb out: USER 4273209345 m.ceriani_dls system_groups_user=m.ceriani_dls uid=3370 gid=111 home=/home/m.ceriani_dls Mar 14 18:06:47 pop3-login: Info: Login: user=, method=PLAIN, rip=95.241.188.234, lip=212.45.144.70, mpid=7453, session= Mar 14 18:06:47 pop3(m.ceriani_dls): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 14 18:06:51 auth: Debug: auth client connected (pid=7458) Mar 14 18:06:51 auth: Debug: auth client connected (pid=7459) Mar 14 18:06:51 auth: Debug: auth client connected (pid=7460) Mar 14 18:06:51 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=Cg+l2rNKyMJPGI56 lip=212.45.144.44 rip=79.24.142.122 lport=110 rport=49864 resp=XXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:51 auth-worker(7428): Debug: pam(lombardi,79.24.142.122,): lookup service=dovecot Mar 14 18:06:51 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=PBal2rNKme9PGI56 lip=212.45.144.44 rip=79.24.142.122 lport=110 rport=61337 resp=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:51 auth-worker(7428): Debug: pam(lombardi,79.24.142.122,): #1/1 style=1 msg=Password: Mar 14 18:06:51 auth: Debug: client passdb out: OK 1 user=lombardi Mar 14 18:06:51 auth: Debug: master in: REQUEST 3172204545 7458 1 a5455141079bfe1cd3f6ab39db6a79b5 session_pid=7462 Mar 14 18:06:51 auth: Debug: passwd(lombardi,79.24.142.122,): userdb cache miss Mar 14 18:06:51 auth-worker(7428): Debug: passwd(lombardi,79.24.142.122,): lookup Mar 14 18:06:51 auth: Debug: master userdb out: USER 3172204545 lombardi system_groups_user=lombardi uid=1637 gid=111 home=/home/lombardi Mar 14 18:06:51 pop3-login: Info: Login: user=, method=PLAIN, rip=79.24.142.122, lip=212.45.144.44, mpid=7462, session= Mar 14 18:06:51 auth-worker(7461): Debug: Loading modules from directory: /usr/lib/dovecot/auth Mar 14 18:06:51 auth-worker(7461): Debug: pam(mara.lombardi_pds,79.24.142.122,): lookup service=dovecot Mar 14 18:06:51 auth-worker(7461): Debug: pam(mara.lombardi_pds,79.24.142.122,): #1/1 style=1 msg=Password: Mar 14 18:06:51 auth: Debug: client passdb out: OK 1 user=mara.lombardi_pds Mar 14 18:06:51 auth: Debug: master in: REQUEST 799670273 7459 1 0137c0af693e392e968a6539a56c0150 session_pid=7463 Mar 14 18:06:51 auth: Debug: passwd(mara.lombardi_pds,79.24.142.122,): userdb cache miss Mar 14 18:06:51 auth-worker(7428): Debug: passwd(mara.lombardi_pds,79.24.142.122,): lookup Mar 14 18:06:51 auth: Debug: master userdb out: USER 799670273 mara.lombardi_pds system_groups_user=mara.lombardi_pds uid=2498 gid=111 home=/home/mara.lombardi_pds Mar 14 18:06:51 pop3-login: Info: Login: user=, method=PLAIN, rip=79.24.142.122, lip=212.45.144.44, mpid=7463, session= Mar 14 18:06:51 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=Mv6l2rNKJMtPGI56 lip=212.45.144.44 rip=79.24.142.122 lport=110 rport=52004 resp=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXus base64 data may contain sensitive data) Mar 14 18:06:51 auth-worker(7428): Debug: pam(clmara_mrc,79.24.142.122,): lookup service=dovecot Mar 14 18:06:51 auth-worker(7428): Debug: pam(clmara_mrc,79.24.142.122,): #1/1 style=1 msg=Password: Mar 14 18:06:51 auth: Debug: client passdb out: OK 1 user=clmara_mrc Mar 14 18:06:51 auth: Debug: master in: REQUEST 1579548673 7460 1 29fc24ff3e462806e1633496ff00838c session_pid=7464 Mar 14 18:06:51 auth: Debug: passwd(clmara_mrc,79.24.142.122,): userdb cache miss Mar 14 18:06:51 auth-worker(7428): Debug: passwd(clmara_mrc,79.24.142.122,): lookup Mar 14 18:06:51 auth: Debug: master userdb out: USER 1579548673 clmara_mrc system_groups_user=clmara_mrc uid=2429 gid=111 home=/home/clmara_mrc Mar 14 18:06:51 pop3-login: Info: Login: user=, method=PLAIN, rip=79.24.142.122, lip=212.45.144.44, mpid=7464, session= Mar 14 18:06:51 pop3(lombardi): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 14 18:06:51 pop3(mara.lombardi_pds): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 14 18:06:51 pop3(clmara_mrc): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 14 18:06:56 auth: Debug: auth client connected (pid=7467) Mar 14 18:06:57 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=O00C27NKqfqXQs+K lip=212.45.144.44 rip=151.66.207.138 lport=993 rport=64169 local_name=baobab.bilink.net resp=XXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:57 auth-worker(7428): Debug: pam(gloria_mct,151.66.207.138,): lookup service=dovecot Mar 14 18:06:57 auth-worker(7428): Debug: pam(gloria_mct,151.66.207.138,): #1/1 style=1 msg=Password: Mar 14 18:06:57 auth: Debug: client passdb out: OK 1 user=gloria_mct Mar 14 18:06:57 auth: Debug: master in: REQUEST 1863581697 7467 1 5de654b8e8dc647f0f1caadf293acb0d session_pid=7470 request_auth_token Mar 14 18:06:57 auth: Debug: passwd(gloria_mct,151.66.207.138,): userdb cache miss Mar 14 18:06:57 auth-worker(7428): Debug: passwd(gloria_mct,151.66.207.138,): lookup Mar 14 18:06:57 auth: Debug: master userdb out: USER 1863581697 gloria_mct system_groups_user=gloria_mct uid=2052 gid=111 home=/home/gloria_mct auth_token=965428ab0cd3e9840929cb145aa4b695cf7102f4 Mar 14 18:06:57 imap-login: Info: Login: user=, method=PLAIN, rip=151.66.207.138, lip=212.45.144.44, mpid=7470, TLS, session= Mar 14 18:06:58 auth: Debug: auth client connected (pid=7471) Mar 14 18:06:58 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=WXwT27NKY41KfVKS lip=212.45.144.44 rip=74.125.82.146 lport=110 rport=36195 resp=XXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:58 auth-worker(7428): Debug: pam(rod_mcs,74.125.82.146,): lookup service=dovecot Mar 14 18:06:58 auth-worker(7428): Debug: pam(rod_mcs,74.125.82.146,): #1/1 style=1 msg=Password: Mar 14 18:06:58 auth: Debug: client passdb out: OK 1 user=rod_mcs Mar 14 18:06:58 auth: Debug: master in: REQUEST 1814953985 7471 1 31068e449668e6b779966eb3d0913b90 session_pid=7472 Mar 14 18:06:58 auth: Debug: passwd(rod_mcs,74.125.82.146,): userdb cache miss Mar 14 18:06:58 auth-worker(7428): Debug: passwd(rod_mcs,74.125.82.146,): lookup Mar 14 18:06:58 auth: Debug: master userdb out: USER 1814953985 rod_mcs system_groups_user=rod_mcs uid=3478 gid=111 home=/home/rod_mcs Mar 14 18:06:58 pop3-login: Info: Login: user=, method=PLAIN, rip=74.125.82.146, lip=212.45.144.44, mpid=7472, session= Mar 14 18:06:59 auth: Debug: auth client connected (pid=7473) Mar 14 18:06:59 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=3r0e27NK4dWXQs+K lip=212.45.144.44 rip=151.66.207.138 lport=993 rport=54753 local_name=baobab.bilink.net resp=XXXXXXXXXXXXXXXXXXXXXXXXXXXX (previous base64 data may contain sensitive data) Mar 14 18:06:59 auth-worker(7428): Debug: pam(gloria_mct,151.66.207.138,<3r0e27NK4dWXQs+K>): lookup service=dovecot Mar 14 18:06:59 auth-worker(7428): Debug: pam(gloria_mct,151.66.207.138,<3r0e27NK4dWXQs+K>): #1/1 style=1 msg=Password: Mar 14 18:06:59 auth: Debug: client passdb out: OK 1 user=gloria_mct Mar 14 18:06:59 auth: Debug: master in: REQUEST 776994817 7473 1 a5fc0b1823093916d7af6bccfe478d0b session_pid=7474 request_auth_token Mar 14 18:06:59 auth: Debug: passwd(gloria_mct,151.66.207.138,<3r0e27NK4dWXQs+K>): userdb cache hit: system_groups_user=gloria_mct uid=2052 gid=111 home=/home/gloria_mct Mar 14 18:06:59 auth: Debug: master userdb out: USER 776994817 gloria_mct system_groups_user=gloria_mct uid=2052 gid=111 home=/home/gloria_mct auth_token=4abadc259a1dd45540394cbdefe390a198bcbd80 Mar 14 18:06:59 imap-login: Info: Login: user=, method=PLAIN, rip=151.66.207.138, lip=212.45.144.44, mpid=7474, TLS, session=<3r0e27NK4dWXQs+K> Mar 14 18:06:59 pop3(rod_mcs): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/334, size=78892358 And Here is my doveconf -n: # 2.2.28 (bed8434): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.17 (e179378) # OS: Linux 3.0.101-105-pae i686 openSUSE 11.4 (i586) ext3 auth_cache_size = 3 k auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes default_client_limit = 1249 default_vsz_limit = 712 M disable_plaintext_auth = no first_valid_gid = 0 first_valid_uid = 100 info_log_path = /var/log/dovecot/logfile.info listen = * log_path = /var/log/dovecot/logfile login_greeting = Dovecot at Baobab ready. login_trusted_networks = 127.0.0.0/8 212.45.144.0/24 192.168.134.0/24 mail_location = mbox:/var/spool/mailboxes/%u:INBOX=/var/spool/mail/%u:DIRNAME=mbox:INDEX=/var/dovecot_indexes/%u maildir_copy_with_hardlinks = no managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mbox_lock_timeout = 443 secs namespace { inbox = yes location = prefix = separator = . type = private } passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size } protocols = pop3 imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } service imap-login { inet_listener imaps { address = * } process_limit = 512 } service pop3-login { chroot = executable = pop3-login -D inet_listener pop3s { address = * } process_limit = 512 } ssl_ca = References: <571885AA-C2DA-4240-A0B2-F0681D347DE4@wogri.com> <95751283-49CE-4A3C-A1BF-0AC8AAEED08A@iki.fi> <8247506D-9EB9-4B1A-8B11-B05C5B57B74A@wogri.com> Message-ID: <0C527C99-2738-41AF-9DEC-550E24E89AB3@wogri.com> > On Feb 22, 2017, at 15:51, Wolfgang Hennerbichler wrote: > Thank you, I can confirm that after the migration to sdbox I don?t see those errors anymore. Turns out that message still re-appear although all my mailboxes are converted to sdbox. The most likely case for a message to re-appear is that an unread message in the inbox is deleted. On the next imap sync it re-appears (only sometimes, not always). Although this time the server does not log any errors. This is my current dovecot config: # dovecot -n # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.4 x86_64 Debian 8.7 ext4 auth_verbose = yes debug_log_path = /var/log/dovecot.debug doveadm_password = # hidden, use -P to show it first_valid_gid = 106 first_valid_uid = 104 hostname = localhost last_valid_gid = 106 last_valid_uid = 104 mail_gid = dovecot mail_location = sdbox:/var/mail/sdbox/%n mail_plugins = quota fts fts_lucene virtual notify replication mail_temp_dir = /var/lib/dovecot/tmp mail_uid = dovecot managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext editheader namespace { list = children location = virtual:/var/mail/virtual/%n prefix = virtual. separator = . } namespace inbox { inbox = yes list = yes location = mailbox "Deleted Messages" { auto = subscribe special_use = \Trash } mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { special_use = \Trash } prefix = separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { default_language = de fts = lucene fts_lucene = whitespace_chars=@. mail_replica = tcp:172.16.1.2:12345 quota = count:User quota quota_rule = *:storage=6G quota_rule2 = Trash:storage=+200M quota_rule3 = Spam:ignore quota_vsizes = yes quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /etc/sieve/%n.sieve sieve_default = /etc/sieve/default.sieve sieve_dir = ~/sieve sieve_extensions = +editheader } pop3_deleted_flag = $POP3Deleted postmaster_address = postmaster at wogri.at protocols = " imap lmtp sieve pop3" service aggregator { fifo_listener replication-notify-fifo { user = dovecot } unix_listener replication-notify { user = dovecot } } service doveadm { inet_listener { port = 12345 } } service imap-postlogin { executable = script-login /usr/local/bin/mail-location.sh } service imap { process_limit = 1024 } service lmtp { inet_listener lmtp { port = 2003 } unix_listener lmtp { user = dovecot } user = dovecot } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } service pop3 { process_limit = 1024 } service quota-warning { executable = script /usr/local/sbin/quota-warning.sh unix_listener quota-warning { user = dovecot } user = dovecot } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl = required ssl_cert = wogri From jtam.home at gmail.com Thu Mar 16 20:23:20 2017 From: jtam.home at gmail.com (Joseph Tam) Date: Thu, 16 Mar 2017 13:23:20 -0700 (PDT) Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits In-Reply-To: References: Message-ID: Adi Pircalabu writes: > For us it is, we're periodically getting hammered by iOS devices that > try to open 300+ simultaneous IMAP connections for a single user from > the same IP, while the average hovers usually below 50 for the busier > mailboxes with many folders. Oh yeah, I've seen this. I think this happens when someone does a global pattern search, which causes the client to launch IMAP SEARCH commands on each and every mailbox. I've wondered whether installing Solr would alleviate this: it wouldn't directly address the connection limit problem, but perhaps it can return results fast enough to keep the concurrent connections count down. Can anyone with Solr installed confirm/refute this: does installing Solr keep iOS clients from roofing the connection count? Joseph Tam From rgm at htt-consult.com Thu Mar 16 21:20:16 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 16 Mar 2017 14:20:16 -0700 Subject: sievec Message-ID: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> I am building a new mailserver on Centos7. My sieve is created with: mkdir /home/sieve cat </home/sieve/globalfilter.sieve || exit 1 require "fileinto"; if exists "X-Spam-Flag" { if header :contains "X-Spam-Flag" "NO" { } else { fileinto "Spam"; stop; } } if header :contains "subject" ["***SPAM***"] { fileinto "Spam"; stop; } EOF chown -R vmail:mail /home/sieve But in 90-sieve.conf there is the comment: # A path to a global sieve script file, which gets executed ONLY # if user's private Sieve script doesn't exist. Be sure to # pre-compile this script manually using the sievec command line # tool. #sieve_global_path = /var/lib/dovecot/sieve/default.sieve Do I run sievec on this script? And I found the following comment on a blog, about 3 years old: 2: Having a user-defined sieve script will cancel out the global script for redirecting spam. In the dovecot.conf, get rid of the sieve_global_path and sieve_global_dir, and instead use: sieve_before = /path/to/global.sieve -- what this will do is make sure that the global script runs before any user scripts, which allows the spam redirecting to actually work. What is current situation on this? thank you From samba at laurenz.ws Thu Mar 16 12:12:24 2017 From: samba at laurenz.ws (Dirk Laurenz) Date: Thu, 16 Mar 2017 13:12:24 +0100 Subject: dovecot & iOS Message-ID: Hello List, i have a working dovecot imap service running with multiple clients running fine, even iOS. What's anying is, that only on iOS ( ) i see a huge bunch of .CONTROL directories - marked grey. It seems to be a copy of the existing folder structure. I don't see this on thunderbird, outlook or even roundcube. Is there any chance to configure dovecot to hide those folders to iOS? Here's some extended Information.... Attached: Screenshot from iOS, where you can see, what i mean dovecot Version: 2.1.7 root at mail01:~# dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 4.9.14+ armv6l Debian 7.11 lda_mailbox_autocreate = yes listen = * mail_location = maildir:~/Maildir:INBOX=~/Maildir/Inbox:LAYOUT=fs:CONTROL=~/Maildir/.CONTROL:INDEX=~/Maildir/.INDEX namespace { inbox = yes location = mailbox { special_use = \Drafts name = Drafts } mailbox { special_use = \Junk name = Junk } mailbox { special_use = \Sent name = Sent } mailbox { special_use = \Sent name = Sent Messages } mailbox { special_use = \Trash name = Trash } prefix = name = inbox } passdb { driver = pam } plugin { antispam_debug_target = syslog antispam_signature = X-DSPAM-Signature antispam_spam = SPAM antispam_verbose_debug = 1 } postmaster_address = postmaster at domain protocols = " imap" service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap { name = imap-login } service login/imap { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } ssl_cert = From stephan at rename-it.nl Thu Mar 16 22:58:36 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 16 Mar 2017 23:58:36 +0100 Subject: sievec In-Reply-To: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> References: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> Message-ID: Op 3/16/2017 om 10:20 PM schreef Robert Moskowitz: > I am building a new mailserver on Centos7. > > My sieve is created with: > > mkdir /home/sieve > cat </home/sieve/globalfilter.sieve || exit 1 > require "fileinto"; > if exists "X-Spam-Flag" { > if header :contains "X-Spam-Flag" "NO" { > } else { > fileinto "Spam"; > stop; > } > } > if header :contains "subject" ["***SPAM***"] { > fileinto "Spam"; > stop; > } > EOF > > chown -R vmail:mail /home/sieve > > But in 90-sieve.conf there is the comment: > > # A path to a global sieve script file, which gets executed ONLY > # if user's private Sieve script doesn't exist. Be sure to > # pre-compile this script manually using the sievec command line > # tool. > #sieve_global_path = /var/lib/dovecot/sieve/default.sieve > > Do I run sievec on this script? Yes. > And I found the following comment on a blog, about 3 years old: > > 2: Having a user-defined sieve script will cancel out the global > script for redirecting spam. > In the dovecot.conf, get rid of the sieve_global_path and > sieve_global_dir, and instead > use: sieve_before = /path/to/global.sieve -- > what this will do is make sure that the global script runs before any > user scripts, > which allows the spam redirecting to actually work. > > What is current situation on this? That is usually good advice. The sieve_global_path setting is now called sieve_default, since it configures the default script for users that don't have a personal one. So, unless you want users to have the ability and necessity (!) to create their own spam handling rules once they create a personal script, use the sieve_before setting. The sieve_before script also needs to be pre-compiled with sievec. Regards, Stephan. From rgm at htt-consult.com Fri Mar 17 00:39:55 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 16 Mar 2017 17:39:55 -0700 Subject: sievec In-Reply-To: References: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> Message-ID: <0b764481-ebbd-eb0b-c89a-99586085a7d4@htt-consult.com> On 03/16/2017 03:58 PM, Stephan Bosch wrote: > Op 3/16/2017 om 10:20 PM schreef Robert Moskowitz: >> I am building a new mailserver on Centos7. >> >> My sieve is created with: >> >> mkdir /home/sieve >> cat </home/sieve/globalfilter.sieve || exit 1 >> require "fileinto"; >> if exists "X-Spam-Flag" { >> if header :contains "X-Spam-Flag" "NO" { >> } else { >> fileinto "Spam"; >> stop; >> } >> } >> if header :contains "subject" ["***SPAM***"] { >> fileinto "Spam"; >> stop; >> } >> EOF >> >> chown -R vmail:mail /home/sieve >> >> But in 90-sieve.conf there is the comment: >> >> # A path to a global sieve script file, which gets executed ONLY >> # if user's private Sieve script doesn't exist. Be sure to >> # pre-compile this script manually using the sievec command line >> # tool. >> #sieve_global_path = /var/lib/dovecot/sieve/default.sieve >> >> Do I run sievec on this script? > Yes. > >> And I found the following comment on a blog, about 3 years old: >> >> 2: Having a user-defined sieve script will cancel out the global >> script for redirecting spam. >> In the dovecot.conf, get rid of the sieve_global_path and >> sieve_global_dir, and instead >> use: sieve_before = /path/to/global.sieve -- >> what this will do is make sure that the global script runs before any >> user scripts, >> which allows the spam redirecting to actually work. >> >> What is current situation on this? > That is usually good advice. The sieve_global_path setting is now called > sieve_default, since it configures the default script for users that > don't have a personal one. And it is changes like this is why I am really trying for my notes to modify the provided files than replace them. > > So, unless you want users to have the ability and necessity (!) to > create their own spam handling rules once they create a personal script, > use the sieve_before setting. > > The sieve_before script also needs to be pre-compiled with sievec. It seems to my reading that this is the same global.sieve script as what I am using now. That you earlier told me I need to pre-compile. Or am I missing something? From rizzo at i805.com.br Fri Mar 17 08:21:15 2017 From: rizzo at i805.com.br (Nilton Jose Rizzo) Date: Fri, 17 Mar 2017 05:21:15 -0300 Subject: dovecot problem with ssl Message-ID: <20170317081205.M26731@i805.com.br> Hi all, I already searched for this error on google and nothing I never install dovecot, this is a first time. This error, I know, is too newbie and stupid, but I checked more than twice. root at server:/usr/local/etc/dovecot # sievec /home3/virtual/default.sieve doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/10-ssl.conf line 7: Unknown setting: ssl root at server:/usr/local/etc/dovecot # I'm running a FreeBSD 12-current and compile all from ports (mysql, dovecot2, portfix3.1, and all needs ports, but this error don't leave. I'm fowling this tutorial to install all, but when I'll run a sievec this stop with this error. I'm not new in FreeBSD, I'm have good experience in FreeBSD. --- /************************************************* **Nilton Jos? Rizzo UFRRJ **http://www.rizzo.eng.br http://www.ufrrj.br **http://lattes.cnpq.br/0079460703536198 **************************************************/ From ml+dovecot at valo.at Fri Mar 17 05:48:32 2017 From: ml+dovecot at valo.at (Christian Kivalo) Date: Fri, 17 Mar 2017 06:48:32 +0100 Subject: dovecot problem with ssl In-Reply-To: <20170317081205.M26731@i805.com.br> References: <20170317081205.M26731@i805.com.br> Message-ID: Hi >root at server:/usr/local/etc/dovecot # sievec >/home3/virtual/default.sieve >doveconf: Fatal: Error in configuration file >/usr/local/etc/dovecot/conf.d/10-ssl.conf line 7: Unknown setting: ssl >root at server:/usr/local/etc/dovecot # What is there at line 7 in to your /usr/local/etc/dovecot/conf.d/10-ssl.conf ? -- Christian Kivalo From dougb at dougbarton.us Fri Mar 17 06:06:08 2017 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 16 Mar 2017 23:06:08 -0700 Subject: dovecot problem with ssl In-Reply-To: <20170317081205.M26731@i805.com.br> References: <20170317081205.M26731@i805.com.br> Message-ID: On 03/17/2017 01:21 AM, Nilton Jose Rizzo wrote: > > > Hi all, > > > I already searched for this error on google and nothing > > I never install dovecot, this is a first time. > > This error, I know, is too newbie and stupid, but I > checked more than twice. > > root at server:/usr/local/etc/dovecot # sievec /home3/virtual/default.sieve > doveconf: Fatal: Error in configuration file > /usr/local/etc/dovecot/conf.d/10-ssl.conf line 7: Unknown setting: ssl > root at server:/usr/local/etc/dovecot # > > I'm running a FreeBSD 12-current As someone else pointed out, that 7: means the error is on line 7 of the file. Go into dovecot's conf.d folder (in /usr/local/etc/) and do this: diff -u 10-ssl.conf.sample 10-ssl.conf If that doesn't clearly indicate the problem to you, post the results to the list. hope this helps, Doug From dougb at dougbarton.us Fri Mar 17 06:23:29 2017 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 16 Mar 2017 23:23:29 -0700 Subject: sievec In-Reply-To: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> References: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> Message-ID: <55f28a41-b1eb-74fe-173e-0c41a0d6415b@dougbarton.us> Your pattern seems a little too complicated. See below. On 03/16/2017 02:20 PM, Robert Moskowitz wrote: > if exists "X-Spam-Flag" { This isn't needed. If the flag doesn't exist, the 'if header ...' line won't match. You're doing two tests for every message where one is all that's needed. > if header :contains "X-Spam-Flag" "NO" { You can just do "YES" here, and go straight to the command (fileinto). Yes/No is a boolean flag, it will either be one or the other. > fileinto "Spam"; > stop; It's not clear that you need the 'stop' here. hope this helps, Doug From rgm at htt-consult.com Fri Mar 17 06:50:59 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 16 Mar 2017 23:50:59 -0700 Subject: sievec In-Reply-To: <55f28a41-b1eb-74fe-173e-0c41a0d6415b@dougbarton.us> References: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> <55f28a41-b1eb-74fe-173e-0c41a0d6415b@dougbarton.us> Message-ID: Doug, On 03/16/2017 11:23 PM, Doug Barton wrote: > Your pattern seems a little too complicated. See below. I acquired this script from: http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer No telling where he got it from. So I greatly appreciate any and all advice. I am writing my own howto, and I would like to think I am doing a better job of it. I hope to have it finished in a couple weeks. I would say I am the proverbial 80% complete. > > On 03/16/2017 02:20 PM, Robert Moskowitz wrote: > >> if exists "X-Spam-Flag" { > > This isn't needed. If the flag doesn't exist, the 'if header ...' line > won't match. You're doing two tests for every message where one is all > that's needed. > >> if header :contains "X-Spam-Flag" "NO" { > > You can just do "YES" here, and go straight to the command (fileinto). > Yes/No is a boolean flag, it will either be one or the other. > >> fileinto "Spam"; >> stop; > > It's not clear that you need the 'stop' here. > > hope this helps, Not completely. I 'program' in English writing standards like IEEE 802.1AR, 802.15.9, and RFCs. I have not really programmed since the mid-80s with 'B'. I leave the converting of our carefully worded standards to executables to others.... :) That said, is this what you are advising: require "fileinto"; if header :contains "X-Spam-Flag" "YES" { } else { fileinto "Spam"; } if header :contains "subject" ["***SPAM***"] { fileinto "Spam"; } Thanks! From dougb at dougbarton.us Fri Mar 17 07:07:58 2017 From: dougb at dougbarton.us (Doug Barton) Date: Fri, 17 Mar 2017 00:07:58 -0700 Subject: sievec In-Reply-To: References: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> <55f28a41-b1eb-74fe-173e-0c41a0d6415b@dougbarton.us> Message-ID: <0862539e-2d31-f424-5ecc-03b8cc59f8fa@dougbarton.us> On 03/16/2017 11:50 PM, Robert Moskowitz wrote: > Doug, > > On 03/16/2017 11:23 PM, Doug Barton wrote: >> Your pattern seems a little too complicated. See below. > > I acquired this script from: > > http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer > > > No telling where he got it from. So I greatly appreciate any and all > advice. Blindly following things you find on the Internet is not a path to success. :) > I am writing my own howto, and I would like to think I am doing a better > job of it. You may consider whether your own depth of understanding is sufficient to improve the situation, or whether you are simply adding more noise. I wish you luck in any case. > Not completely. I 'program' in English writing standards like IEEE > 802.1AR, 802.15.9, and RFCs. I have not really programmed since the > mid-80s with 'B'. > > I leave the converting of our carefully worded standards to executables > to others.... :) We all have our own areas of expertise. Nothing wrong with that. > That said, is this what you are advising: Not precisely. You want to remove the 'else' in there, as the clause you have will do the opposite of what you intend. Also note that I removed your superfluous square brackets. > require "fileinto"; > if header :contains "X-Spam-Flag" "YES" { > fileinto "Spam"; > } > if header :contains "subject" "***SPAM***" { > fileinto "Spam"; > } The best way to work with this is to start with simple rules on an individual client. Once you get a rule set that works, then you can move on to compiling it for the system. Always start as simple as possible though, and only add to it if your simple thing does not work. This is a pretty good tutorial on the syntax and options for Sieve. Given your intended purpose you should pay special attention to the 'create' modifier for 'fileinto'. Also, I would accomplish both things in the same rule using 'anyof' which should be slightly more efficient (which could make a big difference to server load depending on how many users you are supporting). https://support.tigertech.net/sieve hope this helps, Doug From yacinechaouche at yahoo.com Fri Mar 17 08:52:29 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Fri, 17 Mar 2017 08:52:29 +0000 (UTC) Subject: sievec In-Reply-To: <0862539e-2d31-f424-5ecc-03b8cc59f8fa@dougbarton.us> References: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> <55f28a41-b1eb-74fe-173e-0c41a0d6415b@dougbarton.us> <0862539e-2d31-f424-5ecc-03b8cc59f8fa@dougbarton.us> Message-ID: <1665868661.2075481.1489740749613@mail.yahoo.com> All sieve scripts need to be compiled."default" means absence. So default scripts are used when user scripts don't exist. If users have their sieves scripts then the default won't be executed. If you want to impose your script on all users then use sieve_before not sieve_default. For example, I use a sieve_before script to impose a backup copy of every e-mail delivered to my mailboxes to the corresponding backup mailboxes accounts. Since I want this script to get executed no matter what I use sieve_before not sieve_default. So I guess your SPAM script should also be a sieve_before. ? -- Yassine On Friday, March 17, 2017 8:08 AM, Doug Barton wrote: On 03/16/2017 11:50 PM, Robert Moskowitz wrote: > Doug, > > On 03/16/2017 11:23 PM, Doug Barton wrote: >> Your pattern seems a little too complicated. See below. > > I acquired this script from: > > http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer > > > No telling where he got it from.? So I greatly appreciate any and all > advice. Blindly following things you find on the Internet is not a path to success. :) > I am writing my own howto, and I would like to think I am doing a better > job of it. You may consider whether your own depth of understanding is sufficient to improve the situation, or whether you are simply adding more noise. I wish you luck in any case. > Not completely.? I 'program' in English writing standards like IEEE > 802.1AR, 802.15.9, and RFCs.? I have not really programmed since the > mid-80s with 'B'. > > I leave the converting of our carefully worded standards to executables > to others.... :) We all have our own areas of expertise. Nothing wrong with that. > That said, is this what you are advising: Not precisely. You want to remove the 'else' in there, as the clause you have will do the opposite of what you intend. Also note that I removed your superfluous square brackets. > require "fileinto"; >? if header :contains "X-Spam-Flag" "YES" { >? ? fileinto "Spam"; >? } >? if header :contains "subject" "***SPAM***" { >? ? fileinto "Spam"; >? } The best way to work with this is to start with simple rules on an individual client. Once you get a rule set that works, then you can move on to compiling it for the system. Always start as simple as possible though, and only add to it if your simple thing does not work. This is a pretty good tutorial on the syntax and options for Sieve. Given your intended purpose you should pay special attention to the 'create' modifier for 'fileinto'. Also, I would accomplish both things in the same rule using 'anyof' which should be slightly more efficient (which could make a big difference to server load depending on how many users you are supporting). https://support.tigertech.net/sieve hope this helps, Doug From amateo at um.es Fri Mar 17 11:11:42 2017 From: amateo at um.es (Angel L. Mateo) Date: Fri, 17 Mar 2017 12:11:42 +0100 Subject: Meaning of "protocol !indexer-worker" Message-ID: <961670dc-a327-55c2-9563-1661d7a0acbe@um.es> Hello, I'm configuring dovecot 2.2.28. Comparing with previous versions I have found now in 10-mail.conf the config: protocol !indexer-worker { # If folder vsize calculation requires opening more than this many mails from # disk (i.e. mail sizes aren't in cache already), return failure and finish # the calculation via indexer process. Disabled by default. This setting must # be 0 for indexer-worker processes. #mail_vsize_bg_after_count = 0 } I can see that indexer-worker is the index service in dovecot. But I don't what the '!' means in front of the service name. Any who can explain it to me? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337 From amateo at um.es Fri Mar 17 12:22:56 2017 From: amateo at um.es (Angel L. Mateo) Date: Fri, 17 Mar 2017 13:22:56 +0100 Subject: Do I need to configure director? In-Reply-To: <044a1bf6-9979-83ac-b33f-c5d4e07fce83@um.es> References: <044a1bf6-9979-83ac-b33f-c5d4e07fce83@um.es> Message-ID: <818cf97c-8810-d521-e197-0e317ccb3cbe@um.es> Hi, I'm trying this configuration without using director... My problem now is that I can't use doveadm commands in the proxy host. In my previous configuration (with director) I could. Configurations I have found (https://wiki2.dovecot.org/Director) always talk about director. Is there any documentation about how to configure doveadm in proxy hosts without director? El 03/03/17 a las 13:42, Angel L. Mateo escribi?: > Hi, > > I'm configuring a farm of dovecot proxies redirecting users to > backend servers. The decision of which backend server is used for a user > is based in its ldap account information. > > In my previous configuration I was using an inherited director > configuration in these proxy servers, but now I was wondering that > because the decision is made according to user information, I don't need > to run director. Do it? > > Is there any advantage of running director in this scenario? > -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337 From rgm at htt-consult.com Fri Mar 17 12:46:10 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 17 Mar 2017 05:46:10 -0700 Subject: sievec In-Reply-To: <0862539e-2d31-f424-5ecc-03b8cc59f8fa@dougbarton.us> References: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> <55f28a41-b1eb-74fe-173e-0c41a0d6415b@dougbarton.us> <0862539e-2d31-f424-5ecc-03b8cc59f8fa@dougbarton.us> Message-ID: <42bbc957-c4dd-4329-0969-b0262c772892@htt-consult.com> On 03/17/2017 12:07 AM, Doug Barton wrote: > On 03/16/2017 11:50 PM, Robert Moskowitz wrote: >> Doug, >> >> On 03/16/2017 11:23 PM, Doug Barton wrote: >>> Your pattern seems a little too complicated. See below. >> >> I acquired this script from: >> >> http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer >> >> >> >> No telling where he got it from. So I greatly appreciate any and all >> advice. > > Blindly following things you find on the Internet is not a path to > success. :) That is why I am here asking questions. Like I have done on the postfix, apache, openssl, amavis, and roundcubemail lists (and of course centos, centos-arm, and fedora). With BIND, I just sit down with Mark at IETF meetings :) Going to be doing that with Rich and openssl, as I want to start working with EDDSA certs, as does he. > >> I am writing my own howto, and I would like to think I am doing a better >> job of it. > > You may consider whether your own depth of understanding is sufficient > to improve the situation, or whether you are simply adding more noise. > I wish you luck in any case. Lots of the examples out there say, "use this conf file rather than the one in the package". I learned with postfix NOT to do that, but to use their postconf tool. So I have been brushing up on my SED skills to write SED commands to make the desired changes to the provided files. Once I test out the dovecot conf mods that they are working as I want I will post them here. > >> Not completely. I 'program' in English writing standards like IEEE >> 802.1AR, 802.15.9, and RFCs. I have not really programmed since the >> mid-80s with 'B'. >> >> I leave the converting of our carefully worded standards to executables >> to others.... :) > > We all have our own areas of expertise. Nothing wrong with that. I once knew some AWK (back around '93 on SunOS), but that skill is long gone, and SED is not so hard to learn. Lots of guidance if you google a bit. Then test, test, test! > >> That said, is this what you are advising: > > Not precisely. You want to remove the 'else' in there, as the clause > you have will do the opposite of what you intend. I thought so, but was not sure what you were advising me. Yet another reason to post a reply, "do I got it now", "no you don't" ;) > Also note that I removed your superfluous square brackets. > >> require "fileinto"; >> if header :contains "X-Spam-Flag" "YES" { >> fileinto "Spam"; >> } >> if header :contains "subject" "***SPAM***" { >> fileinto "Spam"; >> } > Thanks > The best way to work with this is to start with simple rules on an > individual client. Once you get a rule set that works, then you can > move on to compiling it for the system. Always start as simple as > possible though, and only add to it if your simple thing does not work. > > This is a pretty good tutorial on the syntax and options for Sieve. > Given your intended purpose you should pay special attention to the > 'create' modifier for 'fileinto'. Also, I would accomplish both things > in the same rule using 'anyof' which should be slightly more efficient > (which could make a big difference to server load depending on how > many users you are supporting). Particularly since this is a duo core armv7 (CubieTruck) that I am working with. I would really want to get one of the newer quad cores, so that amavis/clamav/spamassin could eat up 2 of them, and still have 2 left for postfix, dovecot, and other processes. I don't like the armv8 so far as they are 12V and ready power supplies just aren't out there like 5V for the armv7; plus they are still pricey. But armv8 is 64bit... See: http://medon.htt-consult.com/images/cubietower-3.JPG medon is the top server. It is a simple web server running Centos7-arm: http://medon.htt-consult.com/Centos7-armv7.html onlo is the bottom one, and it is my DNS outward master server. ROI replacing a bunch of intel SFFs like the one on the left was 18 months on power savings. > > https://support.tigertech.net/sieve > > hope this helps, Yes it does. I have been reading a lot, recently! Bob From rgm at htt-consult.com Fri Mar 17 14:02:58 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 17 Mar 2017 07:02:58 -0700 Subject: sievec In-Reply-To: <0862539e-2d31-f424-5ecc-03b8cc59f8fa@dougbarton.us> References: <58209164-23ae-9567-d147-7260bec4ba98@htt-consult.com> <55f28a41-b1eb-74fe-173e-0c41a0d6415b@dougbarton.us> <0862539e-2d31-f424-5ecc-03b8cc59f8fa@dougbarton.us> Message-ID: On 03/17/2017 12:07 AM, Doug Barton wrote: > > Not precisely. You want to remove the 'else' in there, as the clause > you have will do the opposite of what you intend. Also note that I > removed your superfluous square brackets. > >> require "fileinto"; >> if header :contains "X-Spam-Flag" "YES" { >> fileinto "Spam"; >> } >> if header :contains "subject" "***SPAM***" { >> fileinto "Spam"; >> } > > This is a pretty good tutorial on the syntax and options for Sieve. > Given your intended purpose you should pay special attention to the > 'create' modifier for 'fileinto'. Also, I would accomplish both things > in the same rule using 'anyof' which should be slightly more efficient > (which could make a big difference to server load depending on how > many users you are supporting). > > https://support.tigertech.net/sieve Reading this and 'man sievec'... Here is how I have modified your script above: require "fileinto"; if anyof ( header :contains "X-Spam-Flag" "YES", header :contains "subject" "***SPAM***" ) { fileinto "Spam"; } And for sievec, I still use: sieve_before = /home/sieve/globalfilter.sieve dovecot will find the /home/sieve/globalfilter.svbin and proceed with that. I don't have to specify the svbin in the sieve_before option. thanks Bob From info at gwarband.de Fri Mar 17 15:27:11 2017 From: info at gwarband.de (info at gwarband.de) Date: Fri, 17 Mar 2017 16:27:11 +0100 Subject: Dovecot can't connect to openldap over starttls Message-ID: <9984d210a9180693c539a993fe0e9af0@gwarband.de> Hello guys, actually I'm trying to configure dovecot to access openldap for passwordcheck. My openldap is only allow access over "secure ldap". The dovecot can communicate with the openldap server but there is maybe a failure in the sslhandshake. Additional information you can find in the logs or in the dump below. Also I have my ldap config from dovecot in the links below. I have already created an bug reporting in the system of openldap but the answer was to get support from her. All datalinks: https://gwarband.de/openldap/dovecot.log https://gwarband.de/openldap/dovecot-ldap.conf https://gwarband.de/openldap/openldap.log https://gwarband.de/openldap/trace.dump The bugreportinglink from openldap: http://www.openldap.org/its/index.cgi/Incoming?id=8615 I hope you can help me. Regards. Tobias Warband From rgm at htt-consult.com Fri Mar 17 16:08:42 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Fri, 17 Mar 2017 09:08:42 -0700 Subject: Understanding quotas Message-ID: <9620c8c8-baee-2a91-cd00-839f28be6420@htt-consult.com> Just to level-set, I am using Centos7-arm which supplies Dovecot 2.2.10. I don't have access to a arm build or mock environment and use what is available (I DID try to install them but had dependency issues). Much of what I have is from campworld, but some I have picked up from other Centos mailserver builders. Also I am using Postfixadmin which provides quotas per user in mysql database. To access those quotas for dovecot, I have the following script: cat </etc/dovecot/dovecot-dict-quota.conf || exit 1 connect = host=localhost dbname=postfix user=postfix password=$Postfix_Database_Password map { pattern = priv/quota/storage table = quota2 username_field = username value_field = bytes } map { pattern = priv/quota/messages table = quota2 username_field = username value_field = messages } EOF Where $Postfix_Database_Password is an env variable in my install howto. I am setting up quota plugins as follows: sed -i "/#mail_plugins/ a mail_plugins = quota sieve" /etc/dovecot/conf.d/15-lda.conf sed -i "/#mail_plugins / a mail_plugins = quota imap_quota trash" /etc/dovecot/conf.d/20-imap.conf sed -i "/#mail_plugins/ a mail_plugins = quota" /etc/dovecot/conf.d/20-pop3.conf But I am having 'challenges' with how to actually enable quotas and understanding 90-quota.conf. I am starting from campworld's 'reduced' dovecot.conf seeing: dict { quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } and plugin { quota = dict:user::proxy::quotadict acl = vfile:/etc/dovecot/acls trash = /etc/dovecot/trash.conf sieve_global_path = /home/sieve/globalfilter.sieve sieve = ~/dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /home/sieve/ #sieve_extensions = +notify +imapflags sieve_max_script_size = 1M } I have put the sieve plugin lines into the 90-sieve.conf and the acl into 10-acl.conf. Trash is a separate matter for a later question... So I am looking for guidance as to how to integrate the Postfixadmin quota information properly into 90-quota.conf thank you From lists+dovecot at tocc.cz Fri Mar 17 21:48:09 2017 From: lists+dovecot at tocc.cz (Tomas Habarta) Date: Fri, 17 Mar 2017 22:48:09 +0100 Subject: Dovecot can't connect to openldap over starttls In-Reply-To: <9984d210a9180693c539a993fe0e9af0@gwarband.de> References: <9984d210a9180693c539a993fe0e9af0@gwarband.de> Message-ID: <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> Hi, been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the unix socket on the same machine, but tried over inet with STARTTLS and it's working ok... I would suggest double-checking key/certs setup on OpenLDAP side; for the test I have used LE certs, utilizing following cn=config attributes: olcTLSCertificateKeyFile contains private key olcTLSCertificateFile contains certificate olcTLSCACertificateFile contains both certs (DST Root CA X3 and Let's Encrypt Authority X3) and used the same CA file in Dovecot's tls_ca_cert_file Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ? Hope that helps, good luck ;) Tomas On 03/17/2017 04:27 PM, info at gwarband.de wrote: > Hello guys, > > actually I'm trying to configure dovecot to access openldap for > passwordcheck. > My openldap is only allow access over "secure ldap". > The dovecot can communicate with the openldap server but there is maybe > a failure in the sslhandshake. > Additional information you can find in the logs or in the dump below. > Also I have my ldap config from dovecot in the links below. > > I have already created an bug reporting in the system of openldap but > the answer was to get support from her. > > All datalinks: > https://gwarband.de/openldap/dovecot.log > https://gwarband.de/openldap/dovecot-ldap.conf > https://gwarband.de/openldap/openldap.log > https://gwarband.de/openldap/trace.dump > > The bugreportinglink from openldap: > http://www.openldap.org/its/index.cgi/Incoming?id=8615 > > I hope you can help me. > > Regards. > Tobias Warband From rizzo at i805.com.br Sat Mar 18 01:35:40 2017 From: rizzo at i805.com.br (Nilton Jose Rizzo) Date: Fri, 17 Mar 2017 22:35:40 -0300 Subject: dovecot problem with ssl In-Reply-To: References: <20170317081205.M26731@i805.com.br> Message-ID: <20170318013526.M8934@i805.com.br> Em Thu, 16 Mar 2017 23:06:08 -0700, Doug Barton escreveu > On 03/17/2017 01:21 AM, Nilton Jose Rizzo wrote: > > > > > > Hi all, > > > > > > I already searched for this error on google and nothing > > > > I never install dovecot, this is a first time. > > > > This error, I know, is too newbie and stupid, but I > > checked more than twice. > > > > root at server:/usr/local/etc/dovecot # sievec /home3/virtual/default.sieve > > doveconf: Fatal: Error in configuration file > > /usr/local/etc/dovecot/conf.d/10-ssl.conf line 7: Unknown setting: ssl > > root at server:/usr/local/etc/dovecot # > > > > I'm running a FreeBSD 12-current > > As someone else pointed out, that 7: means the error is on line 7 of > the file. > > Go into dovecot's conf.d folder (in /usr/local/etc/) and do this: > > diff -u 10-ssl.conf.sample 10-ssl.conf > > If that doesn't clearly indicate the problem to you, post the > results to the list. > > hope this helps, > > Doug Sorry, I'm forget the link to tutorial http://www.purplehat.org/?page_id=7 root at server:/usr/local/etc/dovecot # head 10 conf.d/10-ssl.conf head: 10: No such file or directory ==> conf.d/10-ssl.conf <== ## ## SSL settings ## # SSL/TLS support: yes, no, required. #ssl = yes ssl=yes # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but root at server:/usr/local/etc/dovecot # I don't have a 10-ssl.conf.simple root at server:/usr/local/etc/dovecot/conf.d # ls 10-auth.conf 90-plugin.conf 10-director.conf 90-quota.conf 10-logging.conf auth-checkpassword.conf.ext 10-mail.conf auth-deny.conf.ext 10-master.conf auth-dict.conf.ext 10-ssl.conf auth-ldap.conf.ext 15-lda.conf auth-master.conf.ext 15-mailboxes.conf auth-passwdfile.conf.ext 20-imap.conf auth-sql.conf.ext 20-lmtp.conf auth-static.conf.ext 20-pop3.conf auth-system.conf.ext 90-acl.conf auth-vpopmail.conf.ext --- /************************************************* **Nilton Jos? Rizzo UFRRJ **http://www.rizzo.eng.br http://www.ufrrj.br **http://lattes.cnpq.br/0079460703536198 **************************************************/ From rizzo at i805.com.br Sat Mar 18 06:19:44 2017 From: rizzo at i805.com.br (Nilton Jose Rizzo) Date: Sat, 18 Mar 2017 03:19:44 -0300 Subject: dovecot problem with ssl In-Reply-To: <20170318013526.M8934@i805.com.br> References: <20170317081205.M26731@i805.com.br> <20170318013526.M8934@i805.com.br> Message-ID: <20170318061830.M57436@i805.com.br> Em Fri, 17 Mar 2017 22:35:40 -0300, Nilton Jose Rizzo escreveu > Em Thu, 16 Mar 2017 23:06:08 -0700, Doug Barton escreveu > > On 03/17/2017 01:21 AM, Nilton Jose Rizzo wrote: > > > > > > > > > Hi all, > > > > > > > > > I already searched for this error on google and nothing > > > > > > I never install dovecot, this is a first time. > > > > > > This error, I know, is too newbie and stupid, but I > > > checked more than twice. > > > > > > root at server:/usr/local/etc/dovecot # sievec /home3/virtual/default.sieve > > > doveconf: Fatal: Error in configuration file > > > /usr/local/etc/dovecot/conf.d/10-ssl.conf line 7: Unknown setting: ssl > > > root at server:/usr/local/etc/dovecot # > > > > > > I'm running a FreeBSD 12-current > > > > As someone else pointed out, that 7: means the error is on line 7 of > > the file. > > > > Go into dovecot's conf.d folder (in /usr/local/etc/) and do this: > > > > diff -u 10-ssl.conf.sample 10-ssl.conf > > > > If that doesn't clearly indicate the problem to you, post the > > results to the list. > > > > hope this helps, > > > > Doug > > Sorry, I'm forget the link to tutorial > > http://www.purplehat.org/?page_id=7 > > root at server:/usr/local/etc/dovecot # head 10 conf.d/10-ssl.conf > head: 10: No such file or directory > ==> conf.d/10-ssl.conf <== > ## > ## SSL settings > ## > > # SSL/TLS support: yes, no, required. > #ssl = yes > ssl=yes > > # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before > # dropping root privileges, so keep the key file unreadable by anyone but > root at server:/usr/local/etc/dovecot # > > I don't have a 10-ssl.conf.simple > > root at server:/usr/local/etc/dovecot/conf.d # ls > 10-auth.conf 90-plugin.conf > 10-director.conf 90-quota.conf > 10-logging.conf auth-checkpassword.conf.ext > 10-mail.conf auth-deny.conf.ext > 10-master.conf auth-dict.conf.ext > 10-ssl.conf auth-ldap.conf.ext > 15-lda.conf auth-master.conf.ext > 15-mailboxes.conf auth-passwdfile.conf.ext > 20-imap.conf auth-sql.conf.ext > 20-lmtp.conf auth-static.conf.ext > 20-pop3.conf auth-system.conf.ext > 90-acl.conf auth-vpopmail.conf.ext root at server:/usr/ports/mail/dovecot2/work/dovecot-2.2.28 # ./configure Install prefix . : /usr/local File offsets ... : 64bit I/O polling .... : kqueue I/O notifys .... : kqueue SSL ............ : yes (OpenSSL) GSSAPI ......... : no passdbs ........ : static passwd passwd-file pam checkpassword dcrypt ..........: yes : -shadow -bsdauth -sia -ldap -sql -vpopmail userdbs ........ : static prefetch passwd passwd-file checkpassword nss : -ldap -sql -vpopmail SQL drivers .... : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr root at server:/usr/ports/mail/dovecot2/work/dovecot-2.2.28 # --- /************************************************* **Nilton Jos? Rizzo UFRRJ **http://www.rizzo.eng.br http://www.ufrrj.br **http://lattes.cnpq.br/0079460703536198 **************************************************/ From info at gwarband.de Sat Mar 18 08:41:13 2017 From: info at gwarband.de (info at gwarband.de) Date: Sat, 18 Mar 2017 09:41:13 +0100 Subject: Dovecot can't connect to openldap over starttls In-Reply-To: <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> References: <9984d210a9180693c539a993fe0e9af0@gwarband.de> <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> Message-ID: <234819ad0826f6b42c5f8852761f8bc5@gwarband.de> Hello, I have also installed LE certs. But nothing helps, I have double-checking all certs. ldapsearch with -ZZ works see: https://gwarband.de/openldap/ldapsearch.log I have also uploaded the TLSCACertificateFile, maybe I have a failure in the merge of the two fiels: https://gwarband.de/openldap/LetsEncrypt.crt And also I have uploaded my complete openldap configuration: https://gwarband.de/openldap/openldap.conf All other components can work and communicate with my openldap server. The components are postfix, openxchange, apache (phpldapadmin). My installated software is: Debian 8 OpenLDAP 2.4.40 Dovecot 2.2.13 I hope you can find the issue. Thanks, Tobias Am 2017-03-17 22:48, schrieb Tomas Habarta: > Hi, > > been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the > unix socket on the same machine, but tried over inet with STARTTLS and > it's working ok... > > I would suggest double-checking key/certs setup on OpenLDAP side; for > the test I have used LE certs, utilizing following cn=config > attributes: > > olcTLSCertificateKeyFile contains private key > olcTLSCertificateFile contains certificate > olcTLSCACertificateFile contains both certs (DST Root CA X3 > and Let's Encrypt Authority X3) > > and used the same CA file in Dovecot's tls_ca_cert_file > > Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ? > > > > Hope that helps, good luck ;) > Tomas > > > On 03/17/2017 04:27 PM, info at gwarband.de wrote: >> Hello guys, >> >> actually I'm trying to configure dovecot to access openldap for >> passwordcheck. >> My openldap is only allow access over "secure ldap". >> The dovecot can communicate with the openldap server but there is >> maybe >> a failure in the sslhandshake. >> Additional information you can find in the logs or in the dump below. >> Also I have my ldap config from dovecot in the links below. >> >> I have already created an bug reporting in the system of openldap but >> the answer was to get support from her. >> >> All datalinks: >> https://gwarband.de/openldap/dovecot.log >> https://gwarband.de/openldap/dovecot-ldap.conf >> https://gwarband.de/openldap/openldap.log >> https://gwarband.de/openldap/trace.dump >> >> The bugreportinglink from openldap: >> http://www.openldap.org/its/index.cgi/Incoming?id=8615 >> >> I hope you can help me. >> >> Regards. >> Tobias Warband From ml+dovecot at valo.at Sat Mar 18 10:36:34 2017 From: ml+dovecot at valo.at (Christian Kivalo) Date: Sat, 18 Mar 2017 11:36:34 +0100 Subject: dovecot problem with ssl In-Reply-To: <20170318061830.M57436@i805.com.br> References: <20170317081205.M26731@i805.com.br> <20170318013526.M8934@i805.com.br> <20170318061830.M57436@i805.com.br> Message-ID: On 2017-03-18 07:19, Nilton Jose Rizzo wrote: > Em Fri, 17 Mar 2017 22:35:40 -0300, Nilton Jose Rizzo escreveu >> Em Thu, 16 Mar 2017 23:06:08 -0700, Doug Barton escreveu >> > On 03/17/2017 01:21 AM, Nilton Jose Rizzo wrote: >> > > >> > > >> > > Hi all, >> > > >> > > >> > > I already searched for this error on google and nothing >> > > >> > > I never install dovecot, this is a first time. >> > > >> > > This error, I know, is too newbie and stupid, but I >> > > checked more than twice. >> > > >> > > root at server:/usr/local/etc/dovecot # sievec /home3/virtual/default.sieve >> > > doveconf: Fatal: Error in configuration file >> > > /usr/local/etc/dovecot/conf.d/10-ssl.conf line 7: Unknown setting: ssl >> > > root at server:/usr/local/etc/dovecot # >> > > >> > > I'm running a FreeBSD 12-current >> > >> > As someone else pointed out, that 7: means the error is on line 7 of >> > the file. >> > >> > Go into dovecot's conf.d folder (in /usr/local/etc/) and do this: >> > >> > diff -u 10-ssl.conf.sample 10-ssl.conf >> > >> > If that doesn't clearly indicate the problem to you, post the >> > results to the list. >> > >> > hope this helps, >> > >> > Doug >> >> Sorry, I'm forget the link to tutorial >> >> http://www.purplehat.org/?page_id=7 >> >> root at server:/usr/local/etc/dovecot # head 10 conf.d/10-ssl.conf >> head: 10: No such file or directory >> ==> conf.d/10-ssl.conf <== >> ## >> ## SSL settings >> ## >> >> # SSL/TLS support: yes, no, required. >> #ssl = yes >> ssl=yes >> >> # PEM encoded X.509 SSL/TLS certificate and private key. They're >> opened before >> # dropping root privileges, so keep the key file unreadable by anyone >> but >> root at server:/usr/local/etc/dovecot # Please post the output of doveconf -n ssl = yes (or ssl=yes) is correct so should work. We need to know more about your running dovecot configuration. Btw: is dovecot running? Can you log in? From localhost and/or from a remote host? Over a secure connection? -- Christian Kivalo From lists+dovecot at tocc.cz Sat Mar 18 11:30:45 2017 From: lists+dovecot at tocc.cz (Tomas Habarta) Date: Sat, 18 Mar 2017 12:30:45 +0100 Subject: Dovecot can't connect to openldap over starttls In-Reply-To: <234819ad0826f6b42c5f8852761f8bc5@gwarband.de> References: <9984d210a9180693c539a993fe0e9af0@gwarband.de> <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> <234819ad0826f6b42c5f8852761f8bc5@gwarband.de> Message-ID: Well, if ldapsearch works, try to replicate its settings for dovecot client. It's not obvious what settings ldapsearch uses, have a look at default client settings in /etc/openldap/ldap.conf, there may be something set a slightly different way. Also double check permissions for files used by dovecot, I mean mainly the file listed for tls_ca_cert_file as dovecot may not have an access for reading... I cannot see anything downright bad, just posted CA cert (which is ok, tested) is *.crt and your config mentions *.pem but I consider it's the same file. Finally, I would recommend to enable debug option for dovecot's client debug_level = -1 (which logs all available) in your dovecot-ldap.conf to see what the library reports and work further on that. You can compare with output from ldapsearch by adding -d-1 switch to it. Hard to tell more at the moment. Tomas On 03/18/2017 09:41 AM, info at gwarband.de wrote: > Hello, > > I have also installed LE certs. > But nothing helps, I have double-checking all certs. > > ldapsearch with -ZZ works see: https://gwarband.de/openldap/ldapsearch.log > > I have also uploaded the TLSCACertificateFile, maybe I have a failure in > the merge of the two fiels: > https://gwarband.de/openldap/LetsEncrypt.crt > > And also I have uploaded my complete openldap configuration: > https://gwarband.de/openldap/openldap.conf > > All other components can work and communicate with my openldap server. > The components are postfix, openxchange, apache (phpldapadmin). > > My installated software is: > Debian 8 > OpenLDAP 2.4.40 > Dovecot 2.2.13 > > I hope you can find the issue. > > Thanks, > Tobias > > Am 2017-03-17 22:48, schrieb Tomas Habarta: >> Hi, >> >> been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the >> unix socket on the same machine, but tried over inet with STARTTLS and >> it's working ok... >> >> I would suggest double-checking key/certs setup on OpenLDAP side; for >> the test I have used LE certs, utilizing following cn=config attributes: >> >> olcTLSCertificateKeyFile contains private key >> olcTLSCertificateFile contains certificate >> olcTLSCACertificateFile contains both certs (DST Root CA X3 >> and Let's Encrypt Authority X3) >> >> and used the same CA file in Dovecot's tls_ca_cert_file >> >> Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ? >> >> >> >> Hope that helps, good luck ;) >> Tomas >> >> >> On 03/17/2017 04:27 PM, info at gwarband.de wrote: >>> Hello guys, >>> >>> actually I'm trying to configure dovecot to access openldap for >>> passwordcheck. >>> My openldap is only allow access over "secure ldap". >>> The dovecot can communicate with the openldap server but there is maybe >>> a failure in the sslhandshake. >>> Additional information you can find in the logs or in the dump below. >>> Also I have my ldap config from dovecot in the links below. >>> >>> I have already created an bug reporting in the system of openldap but >>> the answer was to get support from her. >>> >>> All datalinks: >>> https://gwarband.de/openldap/dovecot.log >>> https://gwarband.de/openldap/dovecot-ldap.conf >>> https://gwarband.de/openldap/openldap.log >>> https://gwarband.de/openldap/trace.dump >>> >>> The bugreportinglink from openldap: >>> http://www.openldap.org/its/index.cgi/Incoming?id=8615 >>> >>> I hope you can help me. >>> >>> Regards. >>> Tobias Warband -- toCc.cz From info at gwarband.de Sat Mar 18 12:31:36 2017 From: info at gwarband.de (info at gwarband.de) Date: Sat, 18 Mar 2017 13:31:36 +0100 Subject: Dovecot can't connect to openldap over starttls In-Reply-To: References: <9984d210a9180693c539a993fe0e9af0@gwarband.de> <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> <234819ad0826f6b42c5f8852761f8bc5@gwarband.de> Message-ID: I've replicate the settings from ldapsearch to dovecot but no success. To the certificate: Yes it's a *.crt file but I have linked the *.pem file to it and dovecot has read access to that file. I have enabled the debugging in dovecot and have uploaded the output: https://gwarband.de/openldap/dovecot-connect.log And the other site with ldapsearch: https://gwarband.de/openldap/ldapsearch-connect.log I'm pretty sure that there is a problem with the sslhandshaking between openldap and dovecot, but I can't find the source of the problem. One of the steps in the sslhandshaking is not success but in the debugging output I can't find any line with a hit to it. Tobias Am 2017-03-18 12:30, schrieb Tomas Habarta: > Well, if ldapsearch works, try to replicate its settings for dovecot > client. > It's not obvious what settings ldapsearch uses, have a look at default > client settings in /etc/openldap/ldap.conf, there may be something set > a > slightly different way. > Also double check permissions for files used by dovecot, I mean mainly > the file listed for tls_ca_cert_file as dovecot may not have an access > for reading... > > I cannot see anything downright bad, just posted CA cert (which is ok, > tested) is *.crt and your config mentions *.pem but I consider it's > the > same file. > > Finally, I would recommend to enable debug option for dovecot's client > debug_level = -1 (which logs all available) in your dovecot-ldap.conf > to see what the library reports and work further on that. > You can compare with output from ldapsearch by adding -d-1 switch to > it. > > Hard to tell more at the moment. > > > Tomas > > On 03/18/2017 09:41 AM, info at gwarband.de wrote: >> Hello, >> >> I have also installed LE certs. >> But nothing helps, I have double-checking all certs. >> >> ldapsearch with -ZZ works see: >> https://gwarband.de/openldap/ldapsearch.log >> >> I have also uploaded the TLSCACertificateFile, maybe I have a failure >> in >> the merge of the two fiels: >> https://gwarband.de/openldap/LetsEncrypt.crt >> >> And also I have uploaded my complete openldap configuration: >> https://gwarband.de/openldap/openldap.conf >> >> All other components can work and communicate with my openldap >> server. >> The components are postfix, openxchange, apache (phpldapadmin). >> >> My installated software is: >> Debian 8 >> OpenLDAP 2.4.40 >> Dovecot 2.2.13 >> >> I hope you can find the issue. >> >> Thanks, >> Tobias >> >> Am 2017-03-17 22:48, schrieb Tomas Habarta: >>> Hi, >>> >>> been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over >>> the >>> unix socket on the same machine, but tried over inet with STARTTLS >>> and >>> it's working ok... >>> >>> I would suggest double-checking key/certs setup on OpenLDAP side; >>> for >>> the test I have used LE certs, utilizing following cn=config >>> attributes: >>> >>> olcTLSCertificateKeyFile contains private key >>> olcTLSCertificateFile contains certificate >>> olcTLSCACertificateFile contains both certs (DST Root CA X3 >>> and Let's Encrypt Authority X3) >>> >>> and used the same CA file in Dovecot's tls_ca_cert_file >>> >>> Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... >>> ? >>> >>> >>> >>> Hope that helps, good luck ;) >>> Tomas >>> >>> >>> On 03/17/2017 04:27 PM, info at gwarband.de wrote: >>>> Hello guys, >>>> >>>> actually I'm trying to configure dovecot to access openldap for >>>> passwordcheck. >>>> My openldap is only allow access over "secure ldap". >>>> The dovecot can communicate with the openldap server but there is >>>> maybe >>>> a failure in the sslhandshake. >>>> Additional information you can find in the logs or in the dump >>>> below. >>>> Also I have my ldap config from dovecot in the links below. >>>> >>>> I have already created an bug reporting in the system of openldap >>>> but >>>> the answer was to get support from her. >>>> >>>> All datalinks: >>>> https://gwarband.de/openldap/dovecot.log >>>> https://gwarband.de/openldap/dovecot-ldap.conf >>>> https://gwarband.de/openldap/openldap.log >>>> https://gwarband.de/openldap/trace.dump >>>> >>>> The bugreportinglink from openldap: >>>> http://www.openldap.org/its/index.cgi/Incoming?id=8615 >>>> >>>> I hope you can help me. >>>> >>>> Regards. >>>> Tobias Warband From lists+dovecot at tocc.cz Sat Mar 18 13:01:50 2017 From: lists+dovecot at tocc.cz (Tomas Habarta) Date: Sat, 18 Mar 2017 14:01:50 +0100 Subject: Dovecot can't connect to openldap over starttls In-Reply-To: References: <9984d210a9180693c539a993fe0e9af0@gwarband.de> <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> <234819ad0826f6b42c5f8852761f8bc5@gwarband.de> Message-ID: Increase log level on server side as well to see what the server says... You may remove anything in TLSCipherSuite for the purpose of testing too. Hopefully anyone knowing OpenLDAP internals could help you analyse it more deeply. Tomas On 03/18/2017 01:31 PM, info at gwarband.de wrote: > I've replicate the settings from ldapsearch to dovecot but no success. > To the certificate: > Yes it's a *.crt file but I have linked the *.pem file to it and dovecot > has read access to that file. > > I have enabled the debugging in dovecot and have uploaded the output: > https://gwarband.de/openldap/dovecot-connect.log > > And the other site with ldapsearch: > https://gwarband.de/openldap/ldapsearch-connect.log > > I'm pretty sure that there is a problem with the sslhandshaking between > openldap and dovecot, but I can't find the source of the problem. > > One of the steps in the sslhandshaking is not success but in the > debugging output I can't find any line with a hit to it. > > Tobias > > Am 2017-03-18 12:30, schrieb Tomas Habarta: >> Well, if ldapsearch works, try to replicate its settings for dovecot >> client. >> It's not obvious what settings ldapsearch uses, have a look at default >> client settings in /etc/openldap/ldap.conf, there may be something set a >> slightly different way. >> Also double check permissions for files used by dovecot, I mean mainly >> the file listed for tls_ca_cert_file as dovecot may not have an access >> for reading... >> >> I cannot see anything downright bad, just posted CA cert (which is ok, >> tested) is *.crt and your config mentions *.pem but I consider it's the >> same file. >> >> Finally, I would recommend to enable debug option for dovecot's client >> debug_level = -1 (which logs all available) in your dovecot-ldap.conf >> to see what the library reports and work further on that. >> You can compare with output from ldapsearch by adding -d-1 switch to it. >> >> Hard to tell more at the moment. >> >> >> Tomas >> >> On 03/18/2017 09:41 AM, info at gwarband.de wrote: >>> Hello, >>> >>> I have also installed LE certs. >>> But nothing helps, I have double-checking all certs. >>> >>> ldapsearch with -ZZ works see: >>> https://gwarband.de/openldap/ldapsearch.log >>> >>> I have also uploaded the TLSCACertificateFile, maybe I have a failure in >>> the merge of the two fiels: >>> https://gwarband.de/openldap/LetsEncrypt.crt >>> >>> And also I have uploaded my complete openldap configuration: >>> https://gwarband.de/openldap/openldap.conf >>> >>> All other components can work and communicate with my openldap server. >>> The components are postfix, openxchange, apache (phpldapadmin). >>> >>> My installated software is: >>> Debian 8 >>> OpenLDAP 2.4.40 >>> Dovecot 2.2.13 >>> >>> I hope you can find the issue. >>> >>> Thanks, >>> Tobias >>> >>> Am 2017-03-17 22:48, schrieb Tomas Habarta: >>>> Hi, >>>> >>>> been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the >>>> unix socket on the same machine, but tried over inet with STARTTLS and >>>> it's working ok... >>>> >>>> I would suggest double-checking key/certs setup on OpenLDAP side; for >>>> the test I have used LE certs, utilizing following cn=config >>>> attributes: >>>> >>>> olcTLSCertificateKeyFile contains private key >>>> olcTLSCertificateFile contains certificate >>>> olcTLSCACertificateFile contains both certs (DST Root CA X3 >>>> and Let's Encrypt Authority X3) >>>> >>>> and used the same CA file in Dovecot's tls_ca_cert_file >>>> >>>> Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ? >>>> >>>> >>>> >>>> Hope that helps, good luck ;) >>>> Tomas >>>> >>>> >>>> On 03/17/2017 04:27 PM, info at gwarband.de wrote: >>>>> Hello guys, >>>>> >>>>> actually I'm trying to configure dovecot to access openldap for >>>>> passwordcheck. >>>>> My openldap is only allow access over "secure ldap". >>>>> The dovecot can communicate with the openldap server but there is >>>>> maybe >>>>> a failure in the sslhandshake. >>>>> Additional information you can find in the logs or in the dump below. >>>>> Also I have my ldap config from dovecot in the links below. >>>>> >>>>> I have already created an bug reporting in the system of openldap but >>>>> the answer was to get support from her. >>>>> >>>>> All datalinks: >>>>> https://gwarband.de/openldap/dovecot.log >>>>> https://gwarband.de/openldap/dovecot-ldap.conf >>>>> https://gwarband.de/openldap/openldap.log >>>>> https://gwarband.de/openldap/trace.dump >>>>> >>>>> The bugreportinglink from openldap: >>>>> http://www.openldap.org/its/index.cgi/Incoming?id=8615 >>>>> >>>>> I hope you can help me. >>>>> >>>>> Regards. >>>>> Tobias Warband -- toCc.cz From info at gwarband.de Sat Mar 18 13:22:20 2017 From: info at gwarband.de (info at gwarband.de) Date: Sat, 18 Mar 2017 14:22:20 +0100 Subject: Dovecot can't connect to openldap over starttls In-Reply-To: References: <9984d210a9180693c539a993fe0e9af0@gwarband.de> <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> <234819ad0826f6b42c5f8852761f8bc5@gwarband.de> Message-ID: The serverlog of openldap with loglevel "any": https://gwarband.de/openldap/openldap-connect.log Note: openldap waits 1 Minute before he says "TLS negotiation failure" after the connect. and dovecot says direct "Connect error" I've also delete the TLSCipherSuite from openldap. Tobias Am 2017-03-18 14:01, schrieb Tomas Habarta: > Increase log level on server side as well to see what the server > says... > You may remove anything in TLSCipherSuite for the purpose of testing > too. > > Hopefully anyone knowing OpenLDAP internals could help you analyse it > more deeply. > > Tomas > > On 03/18/2017 01:31 PM, info at gwarband.de wrote: >> I've replicate the settings from ldapsearch to dovecot but no >> success. >> To the certificate: >> Yes it's a *.crt file but I have linked the *.pem file to it and >> dovecot >> has read access to that file. >> >> I have enabled the debugging in dovecot and have uploaded the output: >> https://gwarband.de/openldap/dovecot-connect.log >> >> And the other site with ldapsearch: >> https://gwarband.de/openldap/ldapsearch-connect.log >> >> I'm pretty sure that there is a problem with the sslhandshaking >> between >> openldap and dovecot, but I can't find the source of the problem. >> >> One of the steps in the sslhandshaking is not success but in the >> debugging output I can't find any line with a hit to it. >> >> Tobias >> >> Am 2017-03-18 12:30, schrieb Tomas Habarta: >>> Well, if ldapsearch works, try to replicate its settings for dovecot >>> client. >>> It's not obvious what settings ldapsearch uses, have a look at >>> default >>> client settings in /etc/openldap/ldap.conf, there may be something >>> set a >>> slightly different way. >>> Also double check permissions for files used by dovecot, I mean >>> mainly >>> the file listed for tls_ca_cert_file as dovecot may not have an >>> access >>> for reading... >>> >>> I cannot see anything downright bad, just posted CA cert (which is >>> ok, >>> tested) is *.crt and your config mentions *.pem but I consider it's >>> the >>> same file. >>> >>> Finally, I would recommend to enable debug option for dovecot's >>> client >>> debug_level = -1 (which logs all available) in your >>> dovecot-ldap.conf >>> to see what the library reports and work further on that. >>> You can compare with output from ldapsearch by adding -d-1 switch to >>> it. >>> >>> Hard to tell more at the moment. >>> >>> >>> Tomas >>> >>> On 03/18/2017 09:41 AM, info at gwarband.de wrote: >>>> Hello, >>>> >>>> I have also installed LE certs. >>>> But nothing helps, I have double-checking all certs. >>>> >>>> ldapsearch with -ZZ works see: >>>> https://gwarband.de/openldap/ldapsearch.log >>>> >>>> I have also uploaded the TLSCACertificateFile, maybe I have a >>>> failure in >>>> the merge of the two fiels: >>>> https://gwarband.de/openldap/LetsEncrypt.crt >>>> >>>> And also I have uploaded my complete openldap configuration: >>>> https://gwarband.de/openldap/openldap.conf >>>> >>>> All other components can work and communicate with my openldap >>>> server. >>>> The components are postfix, openxchange, apache (phpldapadmin). >>>> >>>> My installated software is: >>>> Debian 8 >>>> OpenLDAP 2.4.40 >>>> Dovecot 2.2.13 >>>> >>>> I hope you can find the issue. >>>> >>>> Thanks, >>>> Tobias >>>> >>>> Am 2017-03-17 22:48, schrieb Tomas Habarta: >>>>> Hi, >>>>> >>>>> been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over >>>>> the >>>>> unix socket on the same machine, but tried over inet with STARTTLS >>>>> and >>>>> it's working ok... >>>>> >>>>> I would suggest double-checking key/certs setup on OpenLDAP side; >>>>> for >>>>> the test I have used LE certs, utilizing following cn=config >>>>> attributes: >>>>> >>>>> olcTLSCertificateKeyFile contains private key >>>>> olcTLSCertificateFile contains certificate >>>>> olcTLSCACertificateFile contains both certs (DST Root CA X3 >>>>> and Let's Encrypt Authority X3) >>>>> >>>>> and used the same CA file in Dovecot's tls_ca_cert_file >>>>> >>>>> Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or >>>>> ... ? >>>>> >>>>> >>>>> >>>>> Hope that helps, good luck ;) >>>>> Tomas >>>>> >>>>> >>>>> On 03/17/2017 04:27 PM, info at gwarband.de wrote: >>>>>> Hello guys, >>>>>> >>>>>> actually I'm trying to configure dovecot to access openldap for >>>>>> passwordcheck. >>>>>> My openldap is only allow access over "secure ldap". >>>>>> The dovecot can communicate with the openldap server but there is >>>>>> maybe >>>>>> a failure in the sslhandshake. >>>>>> Additional information you can find in the logs or in the dump >>>>>> below. >>>>>> Also I have my ldap config from dovecot in the links below. >>>>>> >>>>>> I have already created an bug reporting in the system of openldap >>>>>> but >>>>>> the answer was to get support from her. >>>>>> >>>>>> All datalinks: >>>>>> https://gwarband.de/openldap/dovecot.log >>>>>> https://gwarband.de/openldap/dovecot-ldap.conf >>>>>> https://gwarband.de/openldap/openldap.log >>>>>> https://gwarband.de/openldap/trace.dump >>>>>> >>>>>> The bugreportinglink from openldap: >>>>>> http://www.openldap.org/its/index.cgi/Incoming?id=8615 >>>>>> >>>>>> I hope you can help me. >>>>>> >>>>>> Regards. >>>>>> Tobias Warband From remko at FreeBSD.org Sat Mar 18 14:22:41 2017 From: remko at FreeBSD.org (Remko Lodder) Date: Sat, 18 Mar 2017 15:22:41 +0100 Subject: replication issues between to nodes Message-ID: <68C1CA4B-8240-433F-AE39-EB56B451A202@FreeBSD.org> Hi, Some time ago I posted the below but never got a reponse that I could work with. So i am retrying now in the hope that there might be a better idea/suggestion on how to approach this. Situation; I have two nodes, which should replicate to eachother. My main machine receives most mail and the other one receives mostly system messages and should get replicated. (This used to be delivered on both machines, but given the issues below I had to make sure that the customer email at least arrives on machine A, as detailed below). When a mail arrives on main machine (A) everything is fine and things are synchronised asap. Customers can see the email directly via webmail/imap. When a mail arrives on the secondary machine (B) the replication is not issued until machine A starts a sync session. Customers do not see the email on machine A via webmail/imap. When a mail arrives on A, the synchronisation occurs, and all messages on B, not yet on A, are synchronised as well. Customers can now see the email on machine A as well via webmail/imap. Sadly this can mean that emails that became visible are hours late (read: were delivered hours before, but not visible for the customer). Both machines are configured through puppet, only individual settings like IP addresses and certificates are different because well, they have to. I included the difference below, and both ?doveconf -n?s. If someone has a suggestion on seeing why machine B is not issueing (or does not seem to issue) replication, let me know. I verified that I can connect to the remote machines via IPv4 and IPv6 (for doveadm / replication purposes). Difference between configurations; --- tmp1.txt 2017-03-18 15:18:41.000000000 +0100 +++ tmp2.txt 2017-03-18 15:18:56.000000000 +0100 @@ -55,7 +55,7 @@ imapsieve_mailbox2_name = * mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size - mail_replica = tcps:mail.jr-hosting.nl:12346 + mail_replica = tcps:mail2.jr-hosting.nl:12346 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_execute_bin_dir = /usr/local/lib/dovecot/sieve @@ -105,7 +105,7 @@ } service lmtp { inet_listener lmtp { - address = XXX/X 127.0.0.1 ::1 + address = YYYY/Y 127.0.0.1 ::1 port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { @@ -123,8 +123,8 @@ mode = 0666 } } -ssl_ca = wrote: > doveconf: Fatal: Error in configuration file > /usr/local/etc/dovecot/conf.d/10-ssl.conf line 7: Unknown setting: ssl How did you install Dovecot? It sounds like it's been compiled without SSL support. Maybe missing SSL libraries during build? Andy From michael.heuberger at binarykitchen.com Sun Mar 19 00:32:57 2017 From: michael.heuberger at binarykitchen.com (Michael Heuberger) Date: Sun, 19 Mar 2017 13:32:57 +1300 Subject: Permission denied when logrotating dovecot.log Message-ID: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> Hello guys Having headaches here how to make logrotation for dovecot log files work. Having permission issues: michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv dovecot.daily ? reading config file dovecot.daily Handling 1 logs rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. This is my current logrotation conf for dovecot: /var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript } And the /var/log folder has these permissions: drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log Any clues what's wrong? Thanks Michael -- Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand) Mobile (text only) ... +64 21 261 89 81 Email ................ michael at binarykitchen.com Website .............. http://www.binarykitchen.com From inbound-dovecot at listmail.innovate.net Sun Mar 19 00:43:13 2017 From: inbound-dovecot at listmail.innovate.net (Richard) Date: Sun, 19 Mar 2017 00:43:13 +0000 Subject: Permission denied when logrotating dovecot.log In-Reply-To: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> References: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> Message-ID: <2DF671B6A542320EEB4F941B@ritz.innovate.net> > Date: Sunday, March 19, 2017 13:32:57 +1300 > From: Michael Heuberger > > Hello guys > > Having headaches here how to make logrotation for dovecot log files > work. Having permission issues: > > michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv > dovecot.daily > ? > reading config file dovecot.daily > > Handling 1 logs > > rotating pattern: /var/log/dovecot*.log forced from command line > (10 rotations) > empty log files are rotated, old logs are removed > considering log /var/log/dovecot.log > error: skipping "/var/log/dovecot.log" because parent directory has > insecure permissions (It's world writable or writable by group > which is not "root") Set "su" directive in config file to tell > logrotate which user/group should be used for rotation. > > This is my current logrotation conf for dovecot: > > /var/log/dovecot*.log { > rotate 10 > missingok > sharedscripts > postrotate > doveadm log reopen > endscript > } > > And the /var/log folder has these permissions: > > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log > > Any clues what's wrong? As the message says: > because parent directory has insecure permissions > (It's world writable or writable by group which > is not "root") > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group). From michael.heuberger at binarykitchen.com Sun Mar 19 01:56:01 2017 From: michael.heuberger at binarykitchen.com (Michael Heuberger) Date: Sun, 19 Mar 2017 14:56:01 +1300 Subject: Permission denied when logrotating dovecot.log In-Reply-To: <2DF671B6A542320EEB4F941B@ritz.innovate.net> References: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> <2DF671B6A542320EEB4F941B@ritz.innovate.net> Message-ID: <5d04eec9-9495-22cf-0c3c-9c58f72e75ea@binarykitchen.com> Thank you. And what user/group/file perms does your dovecot.log file have? - Michael On 19/03/17 13:43, Richard wrote: > >> Date: Sunday, March 19, 2017 13:32:57 +1300 >> From: Michael Heuberger >> >> Hello guys >> >> Having headaches here how to make logrotation for dovecot log files >> work. Having permission issues: >> >> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv >> dovecot.daily >> ? >> reading config file dovecot.daily >> >> Handling 1 logs >> >> rotating pattern: /var/log/dovecot*.log forced from command line >> (10 rotations) >> empty log files are rotated, old logs are removed >> considering log /var/log/dovecot.log >> error: skipping "/var/log/dovecot.log" because parent directory has >> insecure permissions (It's world writable or writable by group >> which is not "root") Set "su" directive in config file to tell >> logrotate which user/group should be used for rotation. >> >> This is my current logrotation conf for dovecot: >> >> /var/log/dovecot*.log { >> rotate 10 >> missingok >> sharedscripts >> postrotate >> doveadm log reopen >> endscript >> } >> >> And the /var/log folder has these permissions: >> >> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >> >> Any clues what's wrong? > > As the message says: > > > because parent directory has insecure permissions > > (It's world writable or writable by group which > > is not "root") > > > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log > > On my RHEL derived systems, /var/log is root.root (and even then, is > not writable by group). -- Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand) Mobile (text only) ... +64 21 261 89 81 Email ................ michael at binarykitchen.com Website .............. http://www.binarykitchen.com From inbound-dovecot at listmail.innovate.net Sun Mar 19 02:12:58 2017 From: inbound-dovecot at listmail.innovate.net (Richard) Date: Sun, 19 Mar 2017 02:12:58 +0000 Subject: Permission denied when logrotating dovecot.log In-Reply-To: <5d04eec9-9495-22cf-0c3c-9c58f72e75ea@binarykitchen.com> References: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> <2DF671B6A542320EEB4F941B@ritz.innovate.net> <5d04eec9-9495-22cf-0c3c-9c58f72e75ea@binarykitchen.com> Message-ID: <93C5B4D02CC1FE29F7297134@ritz.innovate.net> > Date: Sunday, March 19, 2017 14:56:01 +1300 > From: Michael Heuberger > > On 19/03/17 13:43, Richard wrote: >> >>> Date: Sunday, March 19, 2017 13:32:57 +1300 >>> From: Michael Heuberger >>> >>> Hello guys >>> >>> Having headaches here how to make logrotation for dovecot log >>> files work. Having permission issues: >>> >>> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv >>> dovecot.daily >>> ? >>> reading config file dovecot.daily >>> >>> Handling 1 logs >>> >>> rotating pattern: /var/log/dovecot*.log forced from command line >>> (10 rotations) >>> empty log files are rotated, old logs are removed >>> considering log /var/log/dovecot.log >>> error: skipping "/var/log/dovecot.log" because parent directory >>> has insecure permissions (It's world writable or writable by group >>> which is not "root") Set "su" directive in config file to tell >>> logrotate which user/group should be used for rotation. >>> >>> This is my current logrotation conf for dovecot: >>> >>> /var/log/dovecot*.log { >>> rotate 10 >>> missingok >>> sharedscripts >>> postrotate >>> doveadm log reopen >>> endscript >>> } >>> >>> And the /var/log folder has these permissions: >>> >>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>> >>> Any clues what's wrong? >> >> As the message says: >> >> > because parent directory has insecure permissions >> > (It's world writable or writable by group which >> > is not "root") >> >> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >> >> On my RHEL derived systems, /var/log is root.root (and even then, >> is not writable by group). > > Thank you. And what user/group/file perms does your dovecot.log > file have? > > - Michael > > I log dovecot via syslog to [/var/log/]maillog, rather than its own log file. That file is owned root.root and has permissions of 600. From michael.heuberger at binarykitchen.com Sun Mar 19 02:28:35 2017 From: michael.heuberger at binarykitchen.com (Michael Heuberger) Date: Sun, 19 Mar 2017 15:28:35 +1300 Subject: Permission denied when logrotating dovecot.log In-Reply-To: <93C5B4D02CC1FE29F7297134@ritz.innovate.net> References: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> <2DF671B6A542320EEB4F941B@ritz.innovate.net> <5d04eec9-9495-22cf-0c3c-9c58f72e75ea@binarykitchen.com> <93C5B4D02CC1FE29F7297134@ritz.innovate.net> Message-ID: <245157f6-598f-9c2b-c3be-7dc05c36f672@binarykitchen.com> Well, I tried the same but it didn't work. Setting my dovecot.log to 600 with root:root is breaking my mail system. I am then unable to receive and open emails. Had to apply an ugly hack /var/log/dovecot*.log { su syslog syslog create 666 syslog syslog rotate 10 ... } Like that anyone who wants to access/write to it, can do it and all works. That's my problem. Do not know who/what/how to set this up correctly. - Michael On 19/03/17 15:12, Richard wrote: > >> Date: Sunday, March 19, 2017 14:56:01 +1300 >> From: Michael Heuberger >> >> On 19/03/17 13:43, Richard wrote: >>>> Date: Sunday, March 19, 2017 13:32:57 +1300 >>>> From: Michael Heuberger >>>> >>>> Hello guys >>>> >>>> Having headaches here how to make logrotation for dovecot log >>>> files work. Having permission issues: >>>> >>>> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv >>>> dovecot.daily >>>> ? >>>> reading config file dovecot.daily >>>> >>>> Handling 1 logs >>>> >>>> rotating pattern: /var/log/dovecot*.log forced from command line >>>> (10 rotations) >>>> empty log files are rotated, old logs are removed >>>> considering log /var/log/dovecot.log >>>> error: skipping "/var/log/dovecot.log" because parent directory >>>> has insecure permissions (It's world writable or writable by group >>>> which is not "root") Set "su" directive in config file to tell >>>> logrotate which user/group should be used for rotation. >>>> >>>> This is my current logrotation conf for dovecot: >>>> >>>> /var/log/dovecot*.log { >>>> rotate 10 >>>> missingok >>>> sharedscripts >>>> postrotate >>>> doveadm log reopen >>>> endscript >>>> } >>>> >>>> And the /var/log folder has these permissions: >>>> >>>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>> >>>> Any clues what's wrong? >>> As the message says: >>> >>> > because parent directory has insecure permissions >>> > (It's world writable or writable by group which >>> > is not "root") >>> >>> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>> >>> On my RHEL derived systems, /var/log is root.root (and even then, >>> is not writable by group). >> Thank you. And what user/group/file perms does your dovecot.log >> file have? >> >> - Michael >> >> > I log dovecot via syslog to [/var/log/]maillog, rather than its own > log file. That file is owned root.root and has permissions of 600. -- Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand) Mobile (text only) ... +64 21 261 89 81 Email ................ michael at binarykitchen.com Website .............. http://www.binarykitchen.com From inbound-dovecot at listmail.innovate.net Sun Mar 19 02:40:47 2017 From: inbound-dovecot at listmail.innovate.net (Richard) Date: Sun, 19 Mar 2017 02:40:47 +0000 Subject: Permission denied when logrotating dovecot.log In-Reply-To: <245157f6-598f-9c2b-c3be-7dc05c36f672@binarykitchen.com> References: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> <2DF671B6A542320EEB4F941B@ritz.innovate.net> <5d04eec9-9495-22cf-0c3c-9c58f72e75ea@binarykitchen.com> <93C5B4D02CC1FE29F7297134@ritz.innovate.net> <245157f6-598f-9c2b-c3be-7dc05c36f672@binarykitchen.com> Message-ID: <634D47165AD6551C2243DC7C@ritz.innovate.net> > Date: Sunday, March 19, 2017 15:28:35 +1300 > From: Michael Heuberger > > On 19/03/17 15:12, Richard wrote: >> >>> Date: Sunday, March 19, 2017 14:56:01 +1300 >>> From: Michael Heuberger >>> >>> On 19/03/17 13:43, Richard wrote: >>>>> Date: Sunday, March 19, 2017 13:32:57 +1300 >>>>> From: Michael Heuberger >>>>> >>>>> Hello guys >>>>> >>>>> Having headaches here how to make logrotation for dovecot log >>>>> files work. Having permission issues: >>>>> >>>>> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv >>>>> dovecot.daily >>>>> ? >>>>> reading config file dovecot.daily >>>>> >>>>> Handling 1 logs >>>>> >>>>> rotating pattern: /var/log/dovecot*.log forced from command >>>>> line (10 rotations) >>>>> empty log files are rotated, old logs are removed >>>>> considering log /var/log/dovecot.log >>>>> error: skipping "/var/log/dovecot.log" because parent directory >>>>> has insecure permissions (It's world writable or writable by >>>>> group which is not "root") Set "su" directive in config file to >>>>> tell logrotate which user/group should be used for rotation. >>>>> >>>>> This is my current logrotation conf for dovecot: >>>>> >>>>> /var/log/dovecot*.log { >>>>> rotate 10 >>>>> missingok >>>>> sharedscripts >>>>> postrotate >>>>> doveadm log reopen >>>>> endscript >>>>> } >>>>> >>>>> And the /var/log folder has these permissions: >>>>> >>>>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>>> >>>>> Any clues what's wrong? >>>> As the message says: >>>> >>>> > because parent directory has insecure permissions >>>> > (It's world writable or writable by group which >>>> > is not "root") >>>> >>>> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>> >>>> On my RHEL derived systems, /var/log is root.root (and even then, >>>> is not writable by group). >>> Thank you. And what user/group/file perms does your dovecot.log >>> file have? >>> >>> - Michael >>> >>> >> I log dovecot via syslog to [/var/log/]maillog, rather than its own >> log file. That file is owned root.root and has permissions of 600. > Well, I tried the same but it didn't work. > > Setting my dovecot.log to 600 with root:root is breaking my mail > system. I am then unable to receive and open emails. > > Had to apply an ugly hack > > /var/log/dovecot*.log { > su syslog syslog > create 666 syslog syslog > rotate 10 > ... > } > > Like that anyone who wants to access/write to it, can do it and all > works. > > That's my problem. Do not know who/what/how to set this up > correctly. > > - Michael > I would be inclined to just log dovecot to the syslog mail facility, which I believe is the default (in 10-logging.conf) -- in the RHEL setup anyway, and what I do: log_path = syslog syslog_facility = mail From michael.heuberger at binarykitchen.com Sun Mar 19 06:21:20 2017 From: michael.heuberger at binarykitchen.com (Michael Heuberger) Date: Sun, 19 Mar 2017 19:21:20 +1300 Subject: Permission denied when logrotating dovecot.log In-Reply-To: <634D47165AD6551C2243DC7C@ritz.innovate.net> References: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> <2DF671B6A542320EEB4F941B@ritz.innovate.net> <5d04eec9-9495-22cf-0c3c-9c58f72e75ea@binarykitchen.com> <93C5B4D02CC1FE29F7297134@ritz.innovate.net> <245157f6-598f-9c2b-c3be-7dc05c36f672@binarykitchen.com> <634D47165AD6551C2243DC7C@ritz.innovate.net> Message-ID: Well, I'd rather to have dovecot log alone in one log file. My initial question is that user/group and file permissions to use?? On 19/03/17 15:40, Richard wrote: > >> Date: Sunday, March 19, 2017 15:28:35 +1300 >> From: Michael Heuberger >> >> On 19/03/17 15:12, Richard wrote: >>>> Date: Sunday, March 19, 2017 14:56:01 +1300 >>>> From: Michael Heuberger >>>> >>>> On 19/03/17 13:43, Richard wrote: >>>>>> Date: Sunday, March 19, 2017 13:32:57 +1300 >>>>>> From: Michael Heuberger >>>>>> >>>>>> Hello guys >>>>>> >>>>>> Having headaches here how to make logrotation for dovecot log >>>>>> files work. Having permission issues: >>>>>> >>>>>> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv >>>>>> dovecot.daily >>>>>> ? >>>>>> reading config file dovecot.daily >>>>>> >>>>>> Handling 1 logs >>>>>> >>>>>> rotating pattern: /var/log/dovecot*.log forced from command >>>>>> line (10 rotations) >>>>>> empty log files are rotated, old logs are removed >>>>>> considering log /var/log/dovecot.log >>>>>> error: skipping "/var/log/dovecot.log" because parent directory >>>>>> has insecure permissions (It's world writable or writable by >>>>>> group which is not "root") Set "su" directive in config file to >>>>>> tell logrotate which user/group should be used for rotation. >>>>>> >>>>>> This is my current logrotation conf for dovecot: >>>>>> >>>>>> /var/log/dovecot*.log { >>>>>> rotate 10 >>>>>> missingok >>>>>> sharedscripts >>>>>> postrotate >>>>>> doveadm log reopen >>>>>> endscript >>>>>> } >>>>>> >>>>>> And the /var/log folder has these permissions: >>>>>> >>>>>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>>>> >>>>>> Any clues what's wrong? >>>>> As the message says: >>>>> >>>>> > because parent directory has insecure permissions >>>>> > (It's world writable or writable by group which >>>>> > is not "root") >>>>> >>>>> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>>> >>>>> On my RHEL derived systems, /var/log is root.root (and even then, >>>>> is not writable by group). >>>> Thank you. And what user/group/file perms does your dovecot.log >>>> file have? >>>> >>>> - Michael >>>> >>>> >>> I log dovecot via syslog to [/var/log/]maillog, rather than its own >>> log file. That file is owned root.root and has permissions of 600. >> Well, I tried the same but it didn't work. >> >> Setting my dovecot.log to 600 with root:root is breaking my mail >> system. I am then unable to receive and open emails. >> >> Had to apply an ugly hack >> >> /var/log/dovecot*.log { >> su syslog syslog >> create 666 syslog syslog >> rotate 10 >> ... >> } >> >> Like that anyone who wants to access/write to it, can do it and all >> works. >> >> That's my problem. Do not know who/what/how to set this up >> correctly. >> >> - Michael >> > I would be inclined to just log dovecot to the syslog mail facility, > which I believe is the default (in 10-logging.conf) -- in the RHEL > setup anyway, and what I do: > > log_path = syslog > > syslog_facility = mail -- Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand) Mobile (text only) ... +64 21 261 89 81 Email ................ michael at binarykitchen.com Website .............. http://www.binarykitchen.com From ml+dovecot at valo.at Sun Mar 19 06:32:16 2017 From: ml+dovecot at valo.at (Christian Kivalo) Date: Sun, 19 Mar 2017 07:32:16 +0100 Subject: Permission denied when logrotating dovecot.log In-Reply-To: References: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> <2DF671B6A542320EEB4F941B@ritz.innovate.net> <5d04eec9-9495-22cf-0c3c-9c58f72e75ea@binarykitchen.com> <93C5B4D02CC1FE29F7297134@ritz.innovate.net> <245157f6-598f-9c2b-c3be-7dc05c36f672@binarykitchen.com> <634D47165AD6551C2243DC7C@ritz.innovate.net> Message-ID: <4370D117-C211-46BE-BC96-602E7EE4E251@valo.at> Am 19. M?rz 2017 07:21:20 MEZ schrieb Michael Heuberger : >Well, I'd rather to have dovecot log alone in one log file. Let dovecot log to syslog and set syslog_facility = local5 and configure your syslog daemon to write log data for that facility to a separate file. No need to mess with permissions. >My initial question is that user/group and file permissions to use?? > -- Christian Kivalo From rgm at htt-consult.com Sun Mar 19 07:12:28 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sun, 19 Mar 2017 00:12:28 -0700 Subject: Solved? - Re: Understanding quotas In-Reply-To: <9620c8c8-baee-2a91-cd00-839f28be6420@htt-consult.com> References: <9620c8c8-baee-2a91-cd00-839f28be6420@htt-consult.com> Message-ID: <479d3309-936a-a81b-081a-e2ce1609315d@htt-consult.com> I spent an evening, again, reading up on quota. This time I think my search foo was strong enough. I found guidance and came up with the following: sed -i -e "s/#quota = /sqlquota = /w /dev/stdout" /etc/dovecot/dovecot.conf Sets up a dovecot dictionary of sqlquota to the default file of /etc/dovecot/dovecot-dict-sql.conf.ext cat <>/etc/dovecot/conf.d/90-quota.conf || exit 1 plugin { quota = dict:user::proxy::sqlquota } EOF Appends to the end of 90-quota.conf (tried to do with with a single SED, but it was getting messy) finally: cat </etc/dovecot/dovecot-dict-sql.conf.ext || exit 1 connect = host=localhost dbname=postfix user=postfix password=$Postfix_Database_Password map { pattern = priv/quota/storage table = quota2 username_field = username value_field = bytes } map { pattern = priv/quota/messages table = quota2 username_field = username value_field = messages } EOF Please let me know if I missed something here. Thanks On 03/17/2017 09:08 AM, Robert Moskowitz wrote: > Just to level-set, I am using Centos7-arm which supplies Dovecot > 2.2.10. I don't have access to a arm build or mock environment and > use what is available (I DID try to install them but had dependency > issues). > > Much of what I have is from campworld, but some I have picked up from > other Centos mailserver builders. > > Also I am using Postfixadmin which provides quotas per user in mysql > database. To access those quotas for dovecot, I have the following > script: > > cat </etc/dovecot/dovecot-dict-quota.conf || exit 1 > connect = host=localhost dbname=postfix user=postfix > password=$Postfix_Database_Password > map { > pattern = priv/quota/storage > table = quota2 > username_field = username > value_field = bytes > } > map { > pattern = priv/quota/messages > table = quota2 > username_field = username > value_field = messages > } > EOF > > Where $Postfix_Database_Password is an env variable in my install howto. > > I am setting up quota plugins as follows: > > sed -i "/#mail_plugins/ a mail_plugins = quota sieve" > /etc/dovecot/conf.d/15-lda.conf > sed -i "/#mail_plugins / a mail_plugins = quota imap_quota trash" > /etc/dovecot/conf.d/20-imap.conf > sed -i "/#mail_plugins/ a mail_plugins = quota" > /etc/dovecot/conf.d/20-pop3.conf > > But I am having 'challenges' with how to actually enable quotas and > understanding 90-quota.conf. I am starting from campworld's 'reduced' > dovecot.conf seeing: > > dict { > quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf > } > > and > > plugin { > quota = dict:user::proxy::quotadict > acl = vfile:/etc/dovecot/acls > trash = /etc/dovecot/trash.conf > sieve_global_path = /home/sieve/globalfilter.sieve > sieve = ~/dovecot.sieve > sieve_dir = ~/sieve > sieve_global_dir = /home/sieve/ > #sieve_extensions = +notify +imapflags > sieve_max_script_size = 1M > } > > > > I have put the sieve plugin lines into the 90-sieve.conf and the acl > into 10-acl.conf. Trash is a separate matter for a later question... > > So I am looking for guidance as to how to integrate the Postfixadmin > quota information properly into 90-quota.conf > > thank you > From eduardo at kalinowski.com.br Sun Mar 19 11:03:36 2017 From: eduardo at kalinowski.com.br (Eduardo M KALINOWSKI) Date: Sun, 19 Mar 2017 08:03:36 -0300 Subject: Permission denied when logrotating dovecot.log In-Reply-To: <5d04eec9-9495-22cf-0c3c-9c58f72e75ea@binarykitchen.com> References: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> <2DF671B6A542320EEB4F941B@ritz.innovate.net> <5d04eec9-9495-22cf-0c3c-9c58f72e75ea@binarykitchen.com> Message-ID: Please don't top post. On 18-03-2017 22:56, Michael Heuberger wrote: > Thank you. And what user/group/file perms does your dovecot.log file have? > Here I have drwxr-xr-x 2 root root 4096 Mar 19 06:25 /var/log/dovecot/ And the files are -rw------- 1 root root 4110 Mar 19 07:57 info.log -rw------- 1 root root 0 Mar 19 06:25 main.log -- No-one would remember the Good Samaritan if he had only had good intentions. He had money as well. -- Margaret Thatcher Eduardo M KALINOWSKI eduardo at kalinowski.com.br From rgm at htt-consult.com Sun Mar 19 18:57:32 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Sun, 19 Mar 2017 11:57:32 -0700 Subject: The challenge of customizing Dovecot Message-ID: <5d561547-f0f7-7f60-bc88-3464d331cb20@htt-consult.com> I have been running Dovecot for sometime, but I have just used someone else efforts on customizing it. Many of these throw out the dovecot/conf.d files for a single dovecot.conf with no explanation on what does what. So tell you a few conf.d files to edit. So over the past few days, I have rolled up my sleeves and did my best to work out how to modify the proper conf.d files. To 'stay true' to the Dovecot maintainer's config organization. The target is Centos7 with Dovecot 2.2.10-7 It was HARD! Besides dovecot.conf, I had to modify 13 conf.d files. Add 3 .ext files in /etc/dovecot, and set up sieve. I will soon have my total instructions available on my server, but to share with you what I have done for Dovecot customization and maybe to get some recommendations on improvements. For the most part, I have used SED to modify the conf files. I use a few env variables: your_domain_tld= your_host_only= your_host_tld=$your_host_only.$your_domain_tld Postfix_Database_Password= What follows are the pieces of my customization, all comments welcomed (this is NOT adequately tested! That is later in the week!): sed -i -e "/^#protocols/s/$/ sieve/w /dev/stdout" /etc/dovecot/dovecot.conf sed -i -e "s/^#protocols/protocols/w /dev/stdout" /etc/dovecot/dovecot.conf sed -i -e "s/#quota = /sqlquota = /w /dev/stdout" /etc/dovecot/dovecot.conf sed -i -e "/^auth_mechanisms/s/$/ login/w /dev/stdout" /etc/dovecot/conf.d/10-auth.conf sed -i -e 's/^#!include auth-sql.conf.ext/!include auth-sql.conf.ext/w /dev/stdout' /etc/dovecot/conf.d/10-auth.conf sed -i -e "0,/#userdb {/ s/#userdb {/userdb {/w /dev/stdout" /etc/dovecot/conf.d/auth-sql.conf.ext sed -i -e "s/# driver = prefetch/ driver = prefetch\n }/w /dev/stdout" /etc/dovecot/conf.d/auth-sql.conf.ext sed -i -e "/^#mail_location/s/$/maildir:\/home\/vmail\/%d\/%n/w /dev/stdout" /etc/dovecot/conf.d/10-mail.conf sed -i -e "s/^#mail_location/mail_location/w /dev/stdout" /etc/dovecot/conf.d/10-mail.conf sed -i -e "s/first_valid_uid = 1000/first_valid_uid = 101/w /dev/stdout" /etc/dovecot/conf.d/10-mail.conf sed -i -e "s/#first_valid_gid = 1/first_valid_gid = 12/w /dev/stdout" /etc/dovecot/conf.d/10-mail.conf sed -i "/unix_listener auth-userdb/ a mode = 0666\n user = vmail\n group = mail" /etc/dovecot/conf.d/10-master.conf sed -i "/#unix_listener \/var\/spool/ a mode = 0666\n user = postfix\n group = postfix\n }" /etc/dovecot/conf.d/10-master.conf sed -i -e "s/#unix_listener \/var\/spool/unix_listener \/var\/spool/w /dev/stdout" /etc/dovecot/conf.d/10-master.conf sed -i "/unix_listener dict/ a mode = 0666\n user = vmail\n group = mail" /etc/dovecot/conf.d/10-master.conf sed -i -e "s/^mode/ mode/w /dev/stdout" /etc/dovecot/conf.d/10-master.conf sed -i -e "s/dovecot\/certs\/dovecot.pem/tls\/certs\/$your_host_tld.crt/w /dev/stdout" /etc/dovecot/conf.d/10-ssl.conf sed -i -e "s/dovecot\/private\/dovecot.pem/tls\/private\/$your_host_tld.key/w /dev/stdout" /etc/dovecot/conf.d/10-ssl.conf sed -i -e "/^#postmaster_address/s/$/ postmaster@$your_domain_tld/w /dev/stdout" /etc/dovecot/conf.d/15-lda.conf sed -i -e "s/^#postmaster_address/postmaster_address/w /dev/stdout" /etc/dovecot/conf.d/15-lda.conf sed -i "/#mail_plugins/ a mail_plugins = quota sieve" /etc/dovecot/conf.d/15-lda.conf sed -i -e "s/^mail_plugins/ mail_plugins/w /dev/stdout" /etc/dovecot/conf.d/15-lda.conf sed -i -e "s/^#lda_mailbox_autocreate = no/lda_mailbox_autocreate = yes/w /dev/stdout" /etc/dovecot/conf.d/15-lda.conf sed -i -e "s/^#lda_mailbox_autosubscribe = no/lda_mailbox_autosubscribe = yes/w /dev/stdout" /etc/dovecot/conf.d/15-lda.conf sed -i "/#mail_plugins / a mail_plugins = quota imap_quota trash" /etc/dovecot/conf.d/20-imap.conf sed -i -e "s/^mail_plugins/ mail_plugins/w /dev/stdout" /etc/dovecot/conf.d/20-imap.conf sed -i "/#imap_client_workarounds/ a imap_client_workarounds = delay-newmail" /etc/dovecot/conf.d/20-imap.conf sed -i "/#mail_plugins/ a mail_plugins = sieve" /etc/dovecot/conf.d/20-lmtp.conf sed -i -e "s/^mail_plugins/ mail_plugins/w /dev/stdout" /etc/dovecot/conf.d/20-lmtp.conf sed -i -e "s/^#lmtp_save_to_detail_mailbox = no/lmtp_save_to_detail_mailbox = yes/w /dev/stdout" /etc/dovecot/conf.d/20-lmtp.conf sed -i -e "s/#service managesieve-login/service managesieve-login/w /dev/stdout" /etc/dovecot/conf.d/20-managesieve.conf sed -i -e "s/#inet_listener sieve {/inet_listener sieve {/w /dev/stdout" /etc/dovecot/conf.d/20-managesieve.conf sed -i -e "s/# port = 4190/ port = 4190\n }/w /dev/stdout" /etc/dovecot/conf.d/20-managesieve.conf sed -i "/#vsz_limit/ a }" /etc/dovecot/conf.d/20-managesieve.conf sed -i "/#mail_plugins/ a mail_plugins = quota" /etc/dovecot/conf.d/20-pop3.conf sed -i -e "s/^mail_plugins/ mail_plugins/w /dev/stdout" /etc/dovecot/conf.d/20-pop3.conf sed -i "/#pop3_client_workarounds/ a pop3_client_workarounds = outlook-no-nuls oe-ns-eoh" /etc/dovecot/conf.d/20-pop3.conf sed -i -e "s/#acl = /acl = /w /dev/stdout" /etc/dovecot/conf.d/90-acl.conf sed -i -e "s/#sieve_before =/sieve_before = \/home\/sieve\/globalfilter.sieve/w /dev/stdout" /etc/dovecot/conf.d/90-sieve.conf cat <>/etc/dovecot/conf.d/90-quota.conf || exit 1 plugin { quota = dict:user::proxy::sqlquota trash = /etc/dovecot/dovecot-trash.conf.ext } EOF cat </etc/dovecot/dovecot-trash.conf.ext || exit 1 # Spam mailbox is emptied before Trash 1 Spam # Trash mailbox is emptied before Sent # 2 Trash # If both Sent and "Sent Messages" mailboxes exist, the next oldest message # to be deleted is looked up from both of the mailboxes. # 3 Sent # 3 Sent Messages EOF cat </etc/dovecot/dovecot-sql.conf.ext || exit 1 driver = mysql connect = host=localhost dbname=postfix user=postfix password=$Postfix_Database_Password default_pass_scheme = MD5-CRYPT # following should all be on one line. password_query = SELECT username as user, password, concat('/home/vmail/', maildir) as userdb_home, concat('maildir:/home/vmail/', maildir) as userdb_mail, 101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1' # following should all be on one line user_query = SELECT concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, CONCAT('*:messages=30000:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active = '1' EOF cat </etc/dovecot/dovecot-dict-sql.conf.ext || exit 1 connect = host=localhost dbname=postfix user=postfix password=$Postfix_Database_Password map { pattern = priv/quota/storage table = quota2 username_field = username value_field = bytes } map { pattern = priv/quota/messages table = quota2 username_field = username value_field = messages } EOF mkdir /home/sieve cat </home/sieve/globalfilter.sieve || exit 1 require "fileinto"; if header :contains "X-Spam-Flag" "YES" { fileinto "Spam"; } if header :contains "subject" "***SPAM***" { fileinto "Spam"; } EOF sievec /home/sieve/globalfilter.sieve chown -R vmail:mail /home/sieve From rizzo at i805.com.br Sun Mar 19 22:13:02 2017 From: rizzo at i805.com.br (Nilton Jose Rizzo) Date: Sun, 19 Mar 2017 19:13:02 -0300 Subject: dovecot problem with ssl In-Reply-To: <20170318184513.M87398@i805.com.br> References: <20170317081205.M26731@i805.com.br> <20170318013526.M8934@i805.com.br> <20170318061830.M57436@i805.com.br> <20170318175449.M53823@i805.com.br> <11C568AE-4545-45B4-904F-AE39F1D73B81@valo.at> <20170318184513.M87398@i805.com.br> Message-ID: <20170319220953.M84507@i805.com.br> I'm solve my problem, but not have a idea how or why this solve. I recompliled the dovecot without support to Postgres ans SQLite3 and LDAP. I was configure Mysql support only and all work fine. Some one have any idea Why it's work? TIA --- /************************************************* **Nilton Jos? Rizzo UFRRJ **http://www.rizzo.eng.br http://www.ufrrj.br **http://lattes.cnpq.br/0079460703536198 **************************************************/ From dougb at dougbarton.us Sun Mar 19 19:40:42 2017 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 19 Mar 2017 12:40:42 -0700 Subject: dovecot problem with ssl In-Reply-To: <20170319220953.M84507@i805.com.br> References: <20170317081205.M26731@i805.com.br> <20170318013526.M8934@i805.com.br> <20170318061830.M57436@i805.com.br> <20170318175449.M53823@i805.com.br> <11C568AE-4545-45B4-904F-AE39F1D73B81@valo.at> <20170318184513.M87398@i805.com.br> <20170319220953.M84507@i805.com.br> Message-ID: <4ca3e20e-07df-660a-4e32-051fcf0d8f23@dougbarton.us> This sounds like a problem with the FreeBSD port. You should take up the conversation on freebsd-ports at freebsd.org. Good luck, Doug On 03/19/2017 03:13 PM, Nilton Jose Rizzo wrote: > > I'm solve my problem, but not have a idea how or why this > solve. > > I recompliled the dovecot without support to Postgres > ans SQLite3 and LDAP. I was configure Mysql support only > and all work fine. Some one have any idea Why it's work? > > TIA > > --- > /************************************************* > **Nilton Jos? Rizzo UFRRJ > **http://www.rizzo.eng.br http://www.ufrrj.br > **http://lattes.cnpq.br/0079460703536198 > **************************************************/ > From aki.tuomi at dovecot.fi Mon Mar 20 07:19:57 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 20 Mar 2017 09:19:57 +0200 Subject: [Bug] Mailbox aliases still broken In-Reply-To: <20170311084314.Horde.g0r_LhW0-556Aj_U7-b1YSp@webmail.inetadmin.eu> References: <20160918204909.Horde.hfqfbaYx60jylD3X3sRIwvX@webmail.inetadmin.eu> <2835AB61-B28F-4113-BB86-42823EB7DA00@iki.fi> <20160920115123.Horde.LfhSAhePKsc3CneJ_KxpA-L@webmail.inetadmin.eu> <2d5c6fb8-acd5-a928-ca1d-4e066b10a27b@dovecot.fi> <20170311084314.Horde.g0r_LhW0-556Aj_U7-b1YSp@webmail.inetadmin.eu> Message-ID: On 11.03.2017 09:43, azurit at pobox.sk wrote: >>>> Do you have mailbox_list_index=yes? That's at least buggy with >>>> aliases and the fix isn't easy. >>> >>> >>> Yes, i have. Do i need to disable it? What impact will it have? >> >> For mailbox aliases to work, yes. It will stop using index file for >> mailbox lists, which can slightly degrade performance. >> >> Aki > > > > Hm, i didn't like this very much :( How big will the degrade be? Is > this only temporary limitation of aliases, which will be fixed in the > future (as it's not stated in the docs) or permanent drawback? > > azur It will eventually be fixed. It should not be a huge impact. Aki From gandalf.corvotempesta at gmail.com Mon Mar 20 07:48:56 2017 From: gandalf.corvotempesta at gmail.com (Gandalf Corvotempesta) Date: Mon, 20 Mar 2017 08:48:56 +0100 Subject: Server migration In-Reply-To: References: Message-ID: Hi to all. It's time to migrate an old server to a newer platform Some questions: 1) what happens by changing the pop3/IMAP server on the client? Is the client (Outlook, Thunderbird,...) smart enough to not download every message again? I'm asking this because the easier way to migrate would be move all mailboxes to the new server and then change the hostname on the client 2) what if I add a dovecot proxy on the new server, proxing back all requests to the older one, if the mailbox is still not migrated? Would the whole pop3/IMAP transaction happen through the proxy or there is something an http redirect (or anything similiar to the SIP protocol) ? 3) I think the response to this is no: is dovecot able to log the hostname used for the connection? I have multiple domains pointing to the same IP. Something like the Host header in Http. From yacinechaouche at yahoo.com Mon Mar 20 08:07:45 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Mon, 20 Mar 2017 08:07:45 +0000 (UTC) Subject: Server migration In-Reply-To: References: Message-ID: <521197714.3612466.1489997265309@mail.yahoo.com> Don't lose any of the dovecot-* files and your clients should be fine. I've done 1) a couple of times and nobody got hurt.What you should do is keep the two servers (the old and the new one), and once the new one is ready test with your client only (change your client's IMAP/POP server settings). Once you make sure it works right, you can change the config for the other clients. I have no idea about 2) ? -- Yassine. On Monday, March 20, 2017 8:49 AM, Gandalf Corvotempesta wrote: Hi to all. It's time to migrate an old server to a newer platform Some questions: 1) what happens by changing the pop3/IMAP server on the client? Is the client (Outlook, Thunderbird,...) smart enough to not download every message again? I'm asking this because the easier way to migrate would be move all mailboxes to the new server and then change the hostname on the client 2) what if I add a dovecot proxy on the new server, proxing back all requests to the older one, if the mailbox is still not migrated? Would the whole pop3/IMAP transaction happen through the proxy or there is something an http redirect (or anything similiar to the SIP protocol) ? 3) I think the response to this is no: is dovecot able to log the hostname used for the connection? I have multiple domains pointing to the same IP. Something like the Host header in Http. From lists+dovecot at tocc.cz Mon Mar 20 10:00:39 2017 From: lists+dovecot at tocc.cz (Tomas Habarta) Date: Mon, 20 Mar 2017 11:00:39 +0100 Subject: Dovecot can't connect to openldap over starttls In-Reply-To: References: <9984d210a9180693c539a993fe0e9af0@gwarband.de> <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> <234819ad0826f6b42c5f8852761f8bc5@gwarband.de> Message-ID: I've finally managed that running on Debian 8 test machine by commenting tls_ca_cert_file = option from dovecot-ldap.conf, so only tls = yes tls_require_cert = demand Not sure why is that as on my CentOS6 Dovecot works even with that commented option. May be that CentOS and Debian uses different ldap library or different versions or there's another peculiarity ... Anyway, when tls_require_cert = demand is set, cite: -- With a setting of demand the certificate is requested and a valid certificate must be provided, otherwise the session is immediately terminated. -- As that option doesn't provide any source, it is taken from /etc/ldap/ldap.conf on Debian and if it's missing there, Dovecot client times out on validating provided certificate with imap-login: Error: Timeout waiting for handshake from auth server. imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 30 secs) Tomas On 03/18/2017 02:22 PM, info at gwarband.de wrote: > The serverlog of openldap with loglevel "any": > https://gwarband.de/openldap/openldap-connect.log > Note: openldap waits 1 Minute before he says "TLS negotiation failure" > after the connect. > and dovecot says direct "Connect error" > > I've also delete the TLSCipherSuite from openldap. > > Tobias > > Am 2017-03-18 14:01, schrieb Tomas Habarta: >> Increase log level on server side as well to see what the server says... >> You may remove anything in TLSCipherSuite for the purpose of testing too. >> >> Hopefully anyone knowing OpenLDAP internals could help you analyse it >> more deeply. >> >> Tomas >> >> On 03/18/2017 01:31 PM, info at gwarband.de wrote: >>> I've replicate the settings from ldapsearch to dovecot but no success. >>> To the certificate: >>> Yes it's a *.crt file but I have linked the *.pem file to it and dovecot >>> has read access to that file. >>> >>> I have enabled the debugging in dovecot and have uploaded the output: >>> https://gwarband.de/openldap/dovecot-connect.log >>> >>> And the other site with ldapsearch: >>> https://gwarband.de/openldap/ldapsearch-connect.log >>> >>> I'm pretty sure that there is a problem with the sslhandshaking between >>> openldap and dovecot, but I can't find the source of the problem. >>> >>> One of the steps in the sslhandshaking is not success but in the >>> debugging output I can't find any line with a hit to it. >>> >>> Tobias >>> >>> Am 2017-03-18 12:30, schrieb Tomas Habarta: >>>> Well, if ldapsearch works, try to replicate its settings for dovecot >>>> client. >>>> It's not obvious what settings ldapsearch uses, have a look at default >>>> client settings in /etc/openldap/ldap.conf, there may be something >>>> set a >>>> slightly different way. >>>> Also double check permissions for files used by dovecot, I mean mainly >>>> the file listed for tls_ca_cert_file as dovecot may not have an access >>>> for reading... >>>> >>>> I cannot see anything downright bad, just posted CA cert (which is ok, >>>> tested) is *.crt and your config mentions *.pem but I consider it's the >>>> same file. >>>> >>>> Finally, I would recommend to enable debug option for dovecot's client >>>> debug_level = -1 (which logs all available) in your >>>> dovecot-ldap.conf >>>> to see what the library reports and work further on that. >>>> You can compare with output from ldapsearch by adding -d-1 switch to >>>> it. >>>> >>>> Hard to tell more at the moment. >>>> >>>> >>>> Tomas >>>> >>>> On 03/18/2017 09:41 AM, info at gwarband.de wrote: >>>>> Hello, >>>>> >>>>> I have also installed LE certs. >>>>> But nothing helps, I have double-checking all certs. >>>>> >>>>> ldapsearch with -ZZ works see: >>>>> https://gwarband.de/openldap/ldapsearch.log >>>>> >>>>> I have also uploaded the TLSCACertificateFile, maybe I have a >>>>> failure in >>>>> the merge of the two fiels: >>>>> https://gwarband.de/openldap/LetsEncrypt.crt >>>>> >>>>> And also I have uploaded my complete openldap configuration: >>>>> https://gwarband.de/openldap/openldap.conf >>>>> >>>>> All other components can work and communicate with my openldap server. >>>>> The components are postfix, openxchange, apache (phpldapadmin). >>>>> >>>>> My installated software is: >>>>> Debian 8 >>>>> OpenLDAP 2.4.40 >>>>> Dovecot 2.2.13 >>>>> >>>>> I hope you can find the issue. >>>>> >>>>> Thanks, >>>>> Tobias >>>>> >>>>> Am 2017-03-17 22:48, schrieb Tomas Habarta: >>>>>> Hi, >>>>>> >>>>>> been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the >>>>>> unix socket on the same machine, but tried over inet with STARTTLS >>>>>> and >>>>>> it's working ok... >>>>>> >>>>>> I would suggest double-checking key/certs setup on OpenLDAP side; for >>>>>> the test I have used LE certs, utilizing following cn=config >>>>>> attributes: >>>>>> >>>>>> olcTLSCertificateKeyFile contains private key >>>>>> olcTLSCertificateFile contains certificate >>>>>> olcTLSCACertificateFile contains both certs (DST Root CA X3 >>>>>> and Let's Encrypt Authority X3) >>>>>> >>>>>> and used the same CA file in Dovecot's tls_ca_cert_file >>>>>> >>>>>> Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ? >>>>>> >>>>>> >>>>>> >>>>>> Hope that helps, good luck ;) >>>>>> Tomas >>>>>> >>>>>> >>>>>> On 03/17/2017 04:27 PM, info at gwarband.de wrote: >>>>>>> Hello guys, >>>>>>> >>>>>>> actually I'm trying to configure dovecot to access openldap for >>>>>>> passwordcheck. >>>>>>> My openldap is only allow access over "secure ldap". >>>>>>> The dovecot can communicate with the openldap server but there is >>>>>>> maybe >>>>>>> a failure in the sslhandshake. >>>>>>> Additional information you can find in the logs or in the dump >>>>>>> below. >>>>>>> Also I have my ldap config from dovecot in the links below. >>>>>>> >>>>>>> I have already created an bug reporting in the system of openldap >>>>>>> but >>>>>>> the answer was to get support from her. >>>>>>> >>>>>>> All datalinks: >>>>>>> https://gwarband.de/openldap/dovecot.log >>>>>>> https://gwarband.de/openldap/dovecot-ldap.conf >>>>>>> https://gwarband.de/openldap/openldap.log >>>>>>> https://gwarband.de/openldap/trace.dump >>>>>>> >>>>>>> The bugreportinglink from openldap: >>>>>>> http://www.openldap.org/its/index.cgi/Incoming?id=8615 >>>>>>> >>>>>>> I hope you can help me. >>>>>>> >>>>>>> Regards. >>>>>>> Tobias Warband -- toCc.cz From skdovecot at smail.inf.fh-brs.de Mon Mar 20 10:58:47 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 20 Mar 2017 11:58:47 +0100 (CET) Subject: dovecot & iOS In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 16 Mar 2017, Dirk Laurenz wrote: > What's anying is, that only on iOS ( ) i see a huge bunch of .CONTROL > directories - marked grey. > It seems to be a copy of the existing folder structure. I don't see this on (Y) > Is there any chance to configure dovecot to hide those folders to iOS? I suppose, the mail app under iOS does display all mailboxs, the other ones display subscribed ones only. Because: > mail_location = > maildir:~/Maildir:INBOX=~/Maildir/Inbox:LAYOUT=fs:CONTROL=~/Maildir/.CONTROL:INDEX=~/Maildir/.INDEX ~/Maildir is your top mailbox directory. Then you add Inbox, control and indexes into the very same tree. Moreover control and index have names with a leading dot, which means "is a mailbox" in Maildir. Why did you places control and index into a different tree at all, if you place them into the mailbox storage anyway? Either move them to ~/[.]control and ~/[.]index (with or without leading dot) or remove the settings at all and join control and index with the existing hierarchie. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWM+153z1H7kL/d9rAQIR7ggAvaGVwFfRdgKwPsv/Tz+itLQNQs+li9KT cdb6oz/zR1dSh13cfaTXYfjpcFw23V3UlSapUvIfRLtFbKk1cSiw9IuxRDdfC3j3 kwnx9d21CrGGefzWwG0ToxXXUUnrJvIz1pJWp39wuQwhBZ9eq7PyvdaIHy5Q1Q22 ymDOaH2zK5WflmBBLeSDj4VF5ysiKGP4tvKiXmToLMu8GX89NpG46wwaKUN3JsIK yxa7r5+lKE71JyzTqlID+sB+KKQAi/djMBvzgQOcLTzY4CcAZYoAxNLr8jcIyxan WqMhX0h9bqyh46BYw7i3lu5iL2k2RBQ6V6C32kCy3mXCk4eaBR3G0A== =wbvx -----END PGP SIGNATURE----- From aki.tuomi at dovecot.fi Mon Mar 20 11:07:16 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 20 Mar 2017 13:07:16 +0200 Subject: dovecot & iOS In-Reply-To: References: Message-ID: On 20.03.2017 12:58, Steffen Kaiser wrote: > On Thu, 16 Mar 2017, Dirk Laurenz wrote: > > > What's anying is, that only on iOS ( ) i see a huge bunch of > .CONTROL directories - marked grey. > > > It seems to be a copy of the existing folder structure. I don't see > this on > > (Y) > > > Is there any chance to configure dovecot to hide those folders to iOS? > > I suppose, the mail app under iOS does display all mailboxs, the other > ones display subscribed ones only. > > Because: > > > mail_location = > maildir:~/Maildir:INBOX=~/Maildir/Inbox:LAYOUT=fs:CONTROL=~/Maildir/.CONTROL:INDEX=~/Maildir/.INDEX > > ~/Maildir is your top mailbox directory. > Then you add Inbox, control and indexes into the very same tree. > Moreover control and index have names with a leading dot, which means > "is a mailbox" in Maildir. > > Why did you places control and index into a different tree at all, if > you place them into the mailbox storage anyway? > > Either move them to ~/[.]control and ~/[.]index (with or without > leading dot) or remove the settings at all and join control and index > with the existing hierarchie. > > -- Steffen Kaiser As a general rule, it is a good idea to have separate Mailformat directory (such as Maildir or Mail) under mail_home which contains only your Maildir, sdbox, mdbox whatever format files only, and keep control and index *OUT* of this directory. Same goes for sieve. This is because, as seen above, Maildir contents can be mistakenly interpreted as mail folders, causing problems. So avoid this: mail_home=/var/mail/%u mail_location=/var/mail/%u instead use mail_home=/var/mail/%u mail_location=Maildir:~/Maildir Aki From cedric.bassaget.ml at gmail.com Mon Mar 20 11:24:46 2017 From: cedric.bassaget.ml at gmail.com (=?UTF-8?Q?C=c3=a9dric_ML?=) Date: Mon, 20 Mar 2017 12:24:46 +0100 Subject: doveadm-sync stateful Message-ID: Hello, I'm trying to migrate mail accounts from an old server to a new one. As I need to migrate dozens of accounts which take about 1G each, I need to do stateful sync to make my migration in two times : 1 - I run a : doveadm -D -o mail_fsync=never -o imapc_user=user1 at olddomain.fr sync -s "" -R -1 -u user1 at newdomain.fr imapc: > /tmp/firstsync.log 2>&1 my accounts are synced, and I get a "state" string (AQAAAHm4+Jk=) as the output of doveadm sync command. 2 - Changes are made on the old server, and I expect next dsync will sync only the changes / new mails. So I run a : doveadm -D -o mail_fsync=never -o imapc_user=user1 at olddomain.fr sync -s "AQAAAHm4+Jk=" -R -1 -u user1 at newdomain.fr imapc: > /tmp/secondsync.log 2>&1 My problem is that state of messages are not synchronized (mails marked as read on old server are still unread on new server, mails moved on a folder on the old server are still in the INBOX of new server). The full debug of ran commands is available here : http://fpaste.scsys.co.uk/557551 The result of "doveconf -n" is available here : http://fpaste.scsys.co.uk/557552 I'm using version 2.2.27 Can anyone tell me if I'm doing something wrong ? How can I debug more ? Regards, C?dric From jerry at seibercom.net Mon Mar 20 11:49:55 2017 From: jerry at seibercom.net (Jerry) Date: Mon, 20 Mar 2017 07:49:55 -0400 Subject: Deploying Diffie-Hellman for TLS Message-ID: <20170320074955.00001103@seibercom.net> I have been reading up on TLS and Dovecot and came across this URL: https://www.weakdh.org/sysadmin.html which recommended these settings for Dovecot. I would like to know if they are correct? Some much documentation on the web is pure garbage. Dovecot These changes should be made in /etc/dovecot.conf Cipher Suites ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_prefer_server_ciphers = yes (Dovecot 2.2.6 or greater) DH parameters #regenerates every week ssl_dh_parameters_length = 2048 Contrary to what the site recommends, I would have thought that changes should be made in the "10-ssl.conf" file. I am running "Dovecot 2.2.28" on a FreeBSD-11 machine with OpenSSL 1.0.2k, if that makes any difference. Thanks -- Jerry From aki.tuomi at dovecot.fi Mon Mar 20 11:51:43 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 20 Mar 2017 13:51:43 +0200 Subject: Deploying Diffie-Hellman for TLS In-Reply-To: <20170320074955.00001103@seibercom.net> References: <20170320074955.00001103@seibercom.net> Message-ID: <43f113e7-1e0c-56eb-d2a9-01499dbd0f94@dovecot.fi> On 20.03.2017 13:49, Jerry wrote: > I have been reading up on TLS and Dovecot and came across this URL: > https://www.weakdh.org/sysadmin.html which recommended these settings > for Dovecot. I would like to know if they are correct? Some much > documentation on the web is pure garbage. > > Dovecot > > These changes should be made in /etc/dovecot.conf > > Cipher Suites > > ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > > ssl_prefer_server_ciphers = yes (Dovecot 2.2.6 or greater) > > DH parameters > > #regenerates every week > ssl_dh_parameters_length = 2048 > > Contrary to what the site recommends, I would have thought that changes > should be made in the "10-ssl.conf" file. I am running "Dovecot 2.2.28" > on a FreeBSD-11 machine with OpenSSL 1.0.2k, if that makes any > difference. > > Thanks > Hi! It does not really matter which file you make the changes, since they are all included into dovecot.conf. Aki From jean-luc.oms at lirmm.fr Mon Mar 20 12:06:51 2017 From: jean-luc.oms at lirmm.fr (Jean-Luc Oms) Date: Mon, 20 Mar 2017 13:06:51 +0100 Subject: Fwd: Mail restore and single storage attachement In-Reply-To: <32b0dd78-333b-e235-29df-bd47923b9854@lirmm.fr> References: <32b0dd78-333b-e235-29df-bd47923b9854@lirmm.fr> Message-ID: Bonjour, Nobody uses the SIC functionnality ? I think an extra option like hash added to doveadm fetch would resolve my problem, any plan in a future version ? (may be I've missed an command that can list hashes from a mail for restoring a mailbox. It's the part after the X in the mail storage I need). Jean-Luc Oms -------------- next part -------------- An embedded message was scrubbed... From: Jean-Luc Oms Subject: Mail restore and single storage attachement Date: Wed, 15 Mar 2017 18:14:45 +0100 Size: 11588 URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2922 bytes Desc: Signature cryptographique S/MIME URL: From sami.ketola at dovecot.fi Mon Mar 20 12:10:54 2017 From: sami.ketola at dovecot.fi (Sami Ketola) Date: Mon, 20 Mar 2017 14:10:54 +0200 Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits In-Reply-To: References: Message-ID: <9E38D351-AF4A-48CA-94B5-B43D5BBA871F@dovecot.fi> > On 16 Mar 2017, at 22.23, Joseph Tam wrote: > > Can anyone with Solr installed confirm/refute this: does installing > Solr keep iOS clients from roofing the connection count? I doubt it, but since IMAP SEARCH goes all the way down to the backends mail_max_userip_connections can be used to limit the number of connections. Sami From Ralf.Hildebrandt at charite.de Mon Mar 20 12:30:48 2017 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 20 Mar 2017 13:30:48 +0100 Subject: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Message-ID: <20170320123047.accc5jd4gxu37tza@charite.de> Hi! I upgraded the 2.2 packages today (from 2:2.2.28-1~auto+5 to 2:2.2.28-1~auto+8) I now I'm getting an error: Mar 20 13:25:58 mproxy dovecot: auth: Error: imapc(email.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) I checked, and alas, I had ssl_client_ca_dir = ssl_client_ca_file = So I set: ssl_client_ca_file = References: <20170320123047.accc5jd4gxu37tza@charite.de> Message-ID: <20170320130156.vwv3e33xpr5mcurh@charite.de> * Ralf Hildebrandt : > Hi! > > I upgraded the 2.2 packages today (from 2:2.2.28-1~auto+5 to 2:2.2.28-1~auto+8) I now I'm getting an error: I was able to determine the last working version: 2:2.2.28-1~auto+6 and the first "broken" version: 2:2.2.28-1~auto+7 -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From info at gwarband.de Mon Mar 20 13:04:13 2017 From: info at gwarband.de (info at gwarband.de) Date: Mon, 20 Mar 2017 14:04:13 +0100 Subject: Dovecot can't connect to openldap over starttls In-Reply-To: References: <9984d210a9180693c539a993fe0e9af0@gwarband.de> <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> <234819ad0826f6b42c5f8852761f8bc5@gwarband.de> Message-ID: <219a9329a86c4d3e71610db264612f1e@gwarband.de> I've tested your soulution, but it also says the same error. I've tested all combinations of: - tls_ca_cert_file = - tls = yes - tls_require_cert = demand Every time it says "Connection error". Only when tls is uncommented it says "TLS required". Additional information from my contact with the openldap-technical mailing list: The ldapsearch under the user dovecot with -ZZ works fine. And they mention that the ldap.conf and dovecot-ldap.conf should have no differences, that is correct no differences. Here is a link to the ldap.conf https://gwarband.de/openldap/ldap.conf And the output of ldapsearch under dovecot: https://gwarband.de/openldap/ldapsearch-dovecot.log Tobias Am 2017-03-20 11:00, schrieb Tomas Habarta: > I've finally managed that running on Debian 8 test machine by > commenting > tls_ca_cert_file = > option from dovecot-ldap.conf, so only > tls = yes > tls_require_cert = demand > > Not sure why is that as on my CentOS6 Dovecot works even with that > commented option. May be that CentOS and Debian uses different ldap > library or different versions or there's another peculiarity ... > > Anyway, when tls_require_cert = demand is set, cite: > -- > With a setting of demand the certificate is requested and a valid > certificate must be provided, otherwise the session is immediately > terminated. > -- > > As that option doesn't provide any source, it is taken from > /etc/ldap/ldap.conf on Debian and if it's missing there, Dovecot > client > times out on validating provided certificate with > > imap-login: Error: Timeout waiting for handshake from auth server. > imap-login: Disconnected: Auth process broken (disconnected before > auth > was ready, waited 30 secs) > > > > Tomas > > > On 03/18/2017 02:22 PM, info at gwarband.de wrote: >> The serverlog of openldap with loglevel "any": >> https://gwarband.de/openldap/openldap-connect.log >> Note: openldap waits 1 Minute before he says "TLS negotiation >> failure" >> after the connect. >> and dovecot says direct "Connect error" >> >> I've also delete the TLSCipherSuite from openldap. >> >> Tobias >> >> Am 2017-03-18 14:01, schrieb Tomas Habarta: >>> Increase log level on server side as well to see what the server >>> says... >>> You may remove anything in TLSCipherSuite for the purpose of testing >>> too. >>> >>> Hopefully anyone knowing OpenLDAP internals could help you analyse >>> it >>> more deeply. >>> >>> Tomas >>> >>> On 03/18/2017 01:31 PM, info at gwarband.de wrote: >>>> I've replicate the settings from ldapsearch to dovecot but no >>>> success. >>>> To the certificate: >>>> Yes it's a *.crt file but I have linked the *.pem file to it and >>>> dovecot >>>> has read access to that file. >>>> >>>> I have enabled the debugging in dovecot and have uploaded the >>>> output: >>>> https://gwarband.de/openldap/dovecot-connect.log >>>> >>>> And the other site with ldapsearch: >>>> https://gwarband.de/openldap/ldapsearch-connect.log >>>> >>>> I'm pretty sure that there is a problem with the sslhandshaking >>>> between >>>> openldap and dovecot, but I can't find the source of the problem. >>>> >>>> One of the steps in the sslhandshaking is not success but in the >>>> debugging output I can't find any line with a hit to it. >>>> >>>> Tobias >>>> >>>> Am 2017-03-18 12:30, schrieb Tomas Habarta: >>>>> Well, if ldapsearch works, try to replicate its settings for >>>>> dovecot >>>>> client. >>>>> It's not obvious what settings ldapsearch uses, have a look at >>>>> default >>>>> client settings in /etc/openldap/ldap.conf, there may be something >>>>> set a >>>>> slightly different way. >>>>> Also double check permissions for files used by dovecot, I mean >>>>> mainly >>>>> the file listed for tls_ca_cert_file as dovecot may not have an >>>>> access >>>>> for reading... >>>>> >>>>> I cannot see anything downright bad, just posted CA cert (which is >>>>> ok, >>>>> tested) is *.crt and your config mentions *.pem but I consider >>>>> it's the >>>>> same file. >>>>> >>>>> Finally, I would recommend to enable debug option for dovecot's >>>>> client >>>>> debug_level = -1 (which logs all available) in your >>>>> dovecot-ldap.conf >>>>> to see what the library reports and work further on that. >>>>> You can compare with output from ldapsearch by adding -d-1 switch >>>>> to >>>>> it. >>>>> >>>>> Hard to tell more at the moment. >>>>> >>>>> >>>>> Tomas >>>>> >>>>> On 03/18/2017 09:41 AM, info at gwarband.de wrote: >>>>>> Hello, >>>>>> >>>>>> I have also installed LE certs. >>>>>> But nothing helps, I have double-checking all certs. >>>>>> >>>>>> ldapsearch with -ZZ works see: >>>>>> https://gwarband.de/openldap/ldapsearch.log >>>>>> >>>>>> I have also uploaded the TLSCACertificateFile, maybe I have a >>>>>> failure in >>>>>> the merge of the two fiels: >>>>>> https://gwarband.de/openldap/LetsEncrypt.crt >>>>>> >>>>>> And also I have uploaded my complete openldap configuration: >>>>>> https://gwarband.de/openldap/openldap.conf >>>>>> >>>>>> All other components can work and communicate with my openldap >>>>>> server. >>>>>> The components are postfix, openxchange, apache (phpldapadmin). >>>>>> >>>>>> My installated software is: >>>>>> Debian 8 >>>>>> OpenLDAP 2.4.40 >>>>>> Dovecot 2.2.13 >>>>>> >>>>>> I hope you can find the issue. >>>>>> >>>>>> Thanks, >>>>>> Tobias >>>>>> >>>>>> Am 2017-03-17 22:48, schrieb Tomas Habarta: >>>>>>> Hi, >>>>>>> >>>>>>> been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally >>>>>>> over the >>>>>>> unix socket on the same machine, but tried over inet with >>>>>>> STARTTLS >>>>>>> and >>>>>>> it's working ok... >>>>>>> >>>>>>> I would suggest double-checking key/certs setup on OpenLDAP >>>>>>> side; for >>>>>>> the test I have used LE certs, utilizing following cn=config >>>>>>> attributes: >>>>>>> >>>>>>> olcTLSCertificateKeyFile contains private key >>>>>>> olcTLSCertificateFile contains certificate >>>>>>> olcTLSCACertificateFile contains both certs (DST Root CA >>>>>>> X3 >>>>>>> and Let's Encrypt Authority X3) >>>>>>> >>>>>>> and used the same CA file in Dovecot's tls_ca_cert_file >>>>>>> >>>>>>> Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or >>>>>>> ... ? >>>>>>> >>>>>>> >>>>>>> >>>>>>> Hope that helps, good luck ;) >>>>>>> Tomas >>>>>>> >>>>>>> >>>>>>> On 03/17/2017 04:27 PM, info at gwarband.de wrote: >>>>>>>> Hello guys, >>>>>>>> >>>>>>>> actually I'm trying to configure dovecot to access openldap for >>>>>>>> passwordcheck. >>>>>>>> My openldap is only allow access over "secure ldap". >>>>>>>> The dovecot can communicate with the openldap server but there >>>>>>>> is >>>>>>>> maybe >>>>>>>> a failure in the sslhandshake. >>>>>>>> Additional information you can find in the logs or in the dump >>>>>>>> below. >>>>>>>> Also I have my ldap config from dovecot in the links below. >>>>>>>> >>>>>>>> I have already created an bug reporting in the system of >>>>>>>> openldap >>>>>>>> but >>>>>>>> the answer was to get support from her. >>>>>>>> >>>>>>>> All datalinks: >>>>>>>> https://gwarband.de/openldap/dovecot.log >>>>>>>> https://gwarband.de/openldap/dovecot-ldap.conf >>>>>>>> https://gwarband.de/openldap/openldap.log >>>>>>>> https://gwarband.de/openldap/trace.dump >>>>>>>> >>>>>>>> The bugreportinglink from openldap: >>>>>>>> http://www.openldap.org/its/index.cgi/Incoming?id=8615 >>>>>>>> >>>>>>>> I hope you can help me. >>>>>>>> >>>>>>>> Regards. >>>>>>>> Tobias Warband From Ralf.Hildebrandt at charite.de Mon Mar 20 13:05:42 2017 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 20 Mar 2017 14:05:42 +0100 Subject: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) In-Reply-To: <20170320130156.vwv3e33xpr5mcurh@charite.de> References: <20170320123047.accc5jd4gxu37tza@charite.de> <20170320130156.vwv3e33xpr5mcurh@charite.de> Message-ID: <20170320130542.whcjtftfpuwgzlpj@charite.de> * Ralf Hildebrandt : > * Ralf Hildebrandt : > > Hi! > > > > I upgraded the 2.2 packages today (from 2:2.2.28-1~auto+5 to 2:2.2.28-1~auto+8) I now I'm getting an error: > > I was able to determine the last working version: 2:2.2.28-1~auto+6 > and the first "broken" version: 2:2.2.28-1~auto+7 2:2.2.28-1~auto+7 CHANGES file (http://xi.dovecot.fi/debian/pool/jessie-auto/dovecot-2.2/dovecot_2.2.28-1~auto+7_amd64.changes) says: New revision (a39b5b2852f2) in dovecot Git repository ... - lib-ssl-iostream: Ensure verify_remote_cert is true - lib-ssl-iostream: Fix ambiguity with SSL settings ... I think one of these two could be the culprit -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From aki.tuomi at dovecot.fi Mon Mar 20 14:32:37 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 20 Mar 2017 16:32:37 +0200 Subject: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) In-Reply-To: <20170320123047.accc5jd4gxu37tza@charite.de> References: <20170320123047.accc5jd4gxu37tza@charite.de> Message-ID: <5a4f5ac2-0f87-196b-969b-5705f4afc5de@dovecot.fi> On 20.03.2017 14:30, Ralf Hildebrandt wrote: > ssl_client_ca_file = References: <20170320123047.accc5jd4gxu37tza@charite.de> <5a4f5ac2-0f87-196b-969b-5705f4afc5de@dovecot.fi> Message-ID: <20170320144044.7wrsyz65mloywse4@charite.de> * Aki Tuomi : > > > On 20.03.2017 14:30, Ralf Hildebrandt wrote: > > ssl_client_ca_file = > Leave the < out. It is misleading, I know, but it does say file. =) Makes no difference: # doveconf |fgrep ssl_client_ca ssl_client_ca_dir = ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt and with auto8 I still get: Mar 20 15:38:20 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Mar 20 15:38:20 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context Mar 20 15:38:20 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,): Disconnected from server Mar 20 15:38:20 mproxy dovecot: imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=52992, EOF) Mar 20 15:38:20 mproxy dovecot: auth: Fatal: master: service(auth): child 52990 killed with signal 11 (core dumped) going back to auto6 and everything is peachy again. -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From tss at iki.fi Mon Mar 20 14:45:14 2017 From: tss at iki.fi (Timo Sirainen) Date: Mon, 20 Mar 2017 16:45:14 +0200 Subject: doveadm-sync stateful In-Reply-To: References: Message-ID: On 20 Mar 2017, at 13.24, C?dric ML wrote: > > Hello, > > I'm trying to migrate mail accounts from an old server to a new one. > As I need to migrate dozens of accounts which take about 1G each, I need to do stateful sync to make my migration in two times : > > 1 - I run a : > doveadm -D -o mail_fsync=never -o imapc_user=user1 at olddomain.fr sync -s "" -R -1 -u user1 at newdomain.fr imapc: > /tmp/firstsync.log 2>&1 > > my accounts are synced, and I get a "state" string (AQAAAHm4+Jk=) as the output of doveadm sync command. Stateful synchronization requires at least imapc_features=modseq. That requires that the remote server supports CONDSTORE IMAP extension. And I'm still not entirely sure if that's enough. In general stateful replication isn't really supported with imapc. From amateo at um.es Mon Mar 20 14:55:38 2017 From: amateo at um.es (Angel L. Mateo) Date: Mon, 20 Mar 2017 15:55:38 +0100 Subject: doveadm proxy password Message-ID: <6a7ca3cd-92fd-6d31-ccfb-90c7a0c700ea@um.es> Hi, I'm configuring a proxy host to connect to backend servers. As proxy is done based on an LDAP attribute of the user, I'm not using director. In the proxy server I have configured: doveadm_port = 24245 doveadm_password = secret And in the backend: service doveadm { inet_listener { port = 24245 } } local { doveadm_password = secret } But when I run a doveadm command in the proxy I get: amateo_adm at musio10:/etc/dovecot/conf.d$ sudo doveadm quota get -u amateo at um.es doveadm(amateo at um.es): Error: doveadm authentication failed () doveadm(amateo at um.es): Error: myotis50.um.es:24245: Command quota get failed for amateo at um.es: EOF Quota name Type Value Limit % And in the backed I get: Mar 20 15:52:01 myotis50 dovecot: doveadm: Error: doveadm client authenticated with wrong password I have checked with tcpdump and in the command is sending the base64 encoding of "doveadmsecret" Any help? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337 From aki.tuomi at dovecot.fi Mon Mar 20 14:57:23 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 20 Mar 2017 16:57:23 +0200 Subject: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) In-Reply-To: <20170320144044.7wrsyz65mloywse4@charite.de> References: <20170320123047.accc5jd4gxu37tza@charite.de> <5a4f5ac2-0f87-196b-969b-5705f4afc5de@dovecot.fi> <20170320144044.7wrsyz65mloywse4@charite.de> Message-ID: On 20.03.2017 16:40, Ralf Hildebrandt wrote: > * Aki Tuomi : >> >> On 20.03.2017 14:30, Ralf Hildebrandt wrote: >>> ssl_client_ca_file = > Leave the < out. It is misleading, I know, but it does say file. =) > Makes no difference: > > # doveconf |fgrep ssl_client_ca > ssl_client_ca_dir = > ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt > > and with auto8 I still get: > > Mar 20 15:38:20 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) > Mar 20 15:38:20 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context > Mar 20 15:38:20 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,): Disconnected from server > Mar 20 15:38:20 mproxy dovecot: imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=52992, EOF) > Mar 20 15:38:20 mproxy dovecot: auth: Fatal: master: service(auth): child 52990 killed with signal 11 (core dumped) > > going back to auto6 and everything is peachy again. > Hi! Could you send us the gdb bt full backtrace for the core file? Also, can you send doveconf -n? Aki From Ralf.Hildebrandt at charite.de Mon Mar 20 15:07:29 2017 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 20 Mar 2017 16:07:29 +0100 Subject: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) In-Reply-To: <3vmzd23b7Nz6Z@mproxy.charite.de> Message-ID: <20170320150729.qwqa4w7nugyse2vf@charite.de> * Aki Tuomi : > Could you send us the gdb bt full backtrace for the core file? Currently I can't get it to create coredumps doveconf -n: # 2.2.devel (3f97702): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.devel (023f391) # OS: Linux 4.4.0-65-generic x86_64 Ubuntu 16.04.2 LTS auth_mechanisms = plain login default_vsz_limit = 1 G imapc_host = exchange-imap.charite.de imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no listen = *,:: mail_gid = imapproxy mail_home = /home/imapproxy/%u mail_location = imapc:~/imapc mail_plugins = mail_log notify mail_uid = imapproxy passdb { args = host=exchange-imap.charite.de port=993 ssl=imaps default_fields = userdb_imapc_user=%u userdb_imapc_password=%w userdb_imapc_host=exchange-imap.charite.de userdb_imapc_ssl=imaps userdb_imapc_port=993 driver = imap } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap service auth { inet_listener { address = 127.0.0.1 port = 12345 } } ssl = required ssl_ca = References: <3vmzd23b7Nz6Z@mproxy.charite.de> <20170320150729.qwqa4w7nugyse2vf@charite.de> Message-ID: <20170320151625.GB14377@sys4.de> * Ralf Hildebrandt : > * Aki Tuomi : > > > Could you send us the gdb bt full backtrace for the core file? > > Currently I can't get it to create coredumps Got a coredump and backtrace: ============================= Mar 20 16:10:17 mproxy dovecot: master: Dovecot v2.2.devel (a39b5b2) starting up for imap Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context Mar 20 16:10:26 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,): Disconnected from server Mar 20 16:10:26 mproxy dovecot: imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=1747, EOF) Mar 20 16:10:26 mproxy dovecot: auth: Fatal: master: service(auth): child 1748 killed with signal 11 (core dumped) and the backtrace: # gdb -q /usr/lib/dovecot/auth 1748 Reading symbols from /usr/lib/dovecot/auth...Reading symbols from /usr/lib/debug/.build-id/7a/66f9b5902485fd23f1f3dbab6479c1214f4ef1.debug...done. done. Attaching to program: /usr/lib/dovecot/auth, process 1748 ptrace: No such process. [New LWP 1748] Core was generated by dovecot/auth'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f61e2af2226 in array_append_i (count=, data=, array=) at ../../src/lib/array.h:168 168../../src/lib/array.h: No such file or directory. (gdb) bt full #0 0x00007f61e2af2226 in array_append_i (count=, data=, array=) at ../../src/lib/array.h:168 No locals. #1 imapc_connection_abort_commands_array (cmd_array=cmd_array at entry=0x557d24fbcea0, dest_array=dest_array at entry=0x7ffef84bf690, only_box=only_box at entry=0x0, keep_retriable=keep_retriable at entry=false) at imapc-connection.c:289 cmd = 0x41 i = 0 #2 0x00007f61e2af251a in imapc_connection_abort_commands (conn=0x557d24fbcdc0, only_box=0x0, keep_retriable=) at imapc-connection.c:303 cmdp = cmd = tmp_array = {arr = {buffer = 0x557d24f82960, element_size = 8}, v = 0x557d24f82960, v_modifiable = 0x557d24f82960} reply = {state = IMAPC_COMMAND_STATE_DISCONNECTED, resp_text_key = 0x0, resp_text_value = 0x0, text_full = 0x7f61e2af6316 "Disconnected from server", text_without_resp = 0x7f61e2af6316 "Disconnected from server"} #3 0x00007f61e39e6a92 in io_loop_call_io (io=0x557d24f9bcd0) at ioloop.c:599 ioloop = 0x557d24f8a810 t_id = 2 __FUNCTION__ = "io_loop_call_io" #4 0x00007f61e39e80ea in io_loop_handler_run_internal (ioloop=ioloop at entry=0x557d24f8a810) at ioloop-epoll.c:223 ctx = 0x557d24f92310 io = tv = {tv_sec = 29, tv_usec = 999177} events_count = msecs = ret = 1 i = 0 j = call = __FUNCTION__ = "io_loop_handler_run_internal" #5 0x00007f61e39e6b2c in io_loop_handler_run (ioloop=ioloop at entry=0x557d24f8a810) at ioloop.c:648 No locals. #6 0x00007f61e39e6cd8 in io_loop_run (ioloop=0x557d24f8a810) at ioloop.c:623 __FUNCTION__ = "io_loop_run" #7 0x00007f61e396e7d3 in master_service_run (service=0x557d24f8a6b0, callback=) at master-service.c:641 No locals. #8 0x0000557d2303f31e in main (argc=1, argv=0x557d24f8a390) at main.c:400 c = (gdb) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schlei?heimer Stra?e 26/MG, 80333 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein From info at gwarband.de Mon Mar 20 15:28:32 2017 From: info at gwarband.de (info at gwarband.de) Date: Mon, 20 Mar 2017 16:28:32 +0100 Subject: Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP] Message-ID: Can sombody say something about this request? This is an email from the openldap-technical mailinglist from openldap. Systemdetails are mention in the other email. -------- Originalnachricht -------- Betreff: Re: Dovecot can't connect to openldap over starttls Datum: 2017-03-20 16:18 Absender: Dan White Empf?nger: info at gwarband.de Kopie: openldap-technical at openldap.org On 03/20/17?16:06?+0100, info at gwarband.de wrote: >> Debug Dovecot's implementation of ldap_start_tls_s(). > I don't have any idea how to set a higher debug level to dovecot. In > my opinion I have the highest. So I can't deliver a greater log. I recommend consulting Dovecot's advice on how to run a debugger, or dig into the code which calls libldap. From aki.tuomi at dovecot.fi Mon Mar 20 16:42:01 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 20 Mar 2017 18:42:01 +0200 (EET) Subject: Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP] In-Reply-To: References: Message-ID: <1296888746.404.1490028121677@appsuite-dev.open-xchange.com> > On March 20, 2017 at 5:28 PM info at gwarband.de wrote: > > > Can sombody say something about this request? > > This is an email from the openldap-technical mailinglist from openldap. > > Systemdetails are mention in the other email. > > -------- Originalnachricht -------- > Betreff: Re: Dovecot can't connect to openldap over starttls > Datum: 2017-03-20 16:18 > Absender: Dan White > Empf?nger: info at gwarband.de > Kopie: openldap-technical at openldap.org > > On 03/20/17 16:06 +0100, info at gwarband.de wrote: > >> Debug Dovecot's implementation of ldap_start_tls_s(). > > I don't have any idea how to set a higher debug level to dovecot. In > > my opinion I have the highest. So I can't deliver a greater log. > > I recommend consulting Dovecot's advice on how to run a debugger, or > dig > into the code which calls libldap. Hi! I just ran a quick test, and following things are needed: uris = ldap://ldap.host.com tls = yes tls_ca_cert_file = /path/to/cert-bundle.crt this has been tested with 2.2.28, and works just fine. Not sure why you are having issues. Of course this could be anything between not finding compatible ciphers to the LDAP server actually expecting client certificate, what with the logs not actually being too verbose unfortunately. There isn't too much to "debug" in Dovecot's TLS implementation, it's not doing anything fancy asides from calling the ldap_start_tls_s. I am not sure what debugging you could try further. Aki From larryrtx at gmail.com Mon Mar 20 17:57:43 2017 From: larryrtx at gmail.com (Larry Rosenman) Date: Mon, 20 Mar 2017 12:57:43 -0500 Subject: Crash on doveadm index Message-ID: http://www.lerctr.org/~ler/dovecot/doveadm-2017-03-20.txt doveconf ?n attached? and at: http://www.lerctr.org/~ler/dovecot/doveconf.n.txt -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 -------------- next part -------------- A non-text attachment was scrubbed... Name: dc.n Type: application/octet-stream Size: 5081 bytes Desc: not available URL: From info at gwarband.de Mon Mar 20 18:14:43 2017 From: info at gwarband.de (info at gwarband.de) Date: Mon, 20 Mar 2017 19:14:43 +0100 Subject: Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP] In-Reply-To: <1296888746.404.1490028121677@appsuite-dev.open-xchange.com> References: <1296888746.404.1490028121677@appsuite-dev.open-xchange.com> Message-ID: <0b1a6c1ee9b4c1776dab66441b0b917f@gwarband.de> I have also tested with 2.2.28 and this version has the same issue. The finding of compatible ciphers is not the problem because I have uncommented the ldap entrys: TLSCipherSuite SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM TLSProtocolMin 3.1 Maybe you have further ideas. Am 2017-03-20 17:42, schrieb Aki Tuomi: >> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: >> >> >> Can sombody say something about this request? >> >> This is an email from the openldap-technical mailinglist from >> openldap. >> >> Systemdetails are mention in the other email. >> >> -------- Originalnachricht -------- >> Betreff: Re: Dovecot can't connect to openldap over starttls >> Datum: 2017-03-20 16:18 >> Absender: Dan White >> Empf?nger: info at gwarband.de >> Kopie: openldap-technical at openldap.org >> >> On 03/20/17 16:06 +0100, info at gwarband.de wrote: >>>> Debug Dovecot's implementation of ldap_start_tls_s(). >>> I don't have any idea how to set a higher debug level to dovecot. In >>> my opinion I have the highest. So I can't deliver a greater log. >> >> I recommend consulting Dovecot's advice on how to run a debugger, or >> dig >> into the code which calls libldap. > > Hi! > I just ran a quick test, and following things are needed: > > uris = ldap://ldap.host.com > tls = yes > tls_ca_cert_file = /path/to/cert-bundle.crt > > this has been tested with 2.2.28, and works just fine. Not sure why > you are having issues. > > Of course this could be anything between not finding compatible > ciphers to the LDAP server actually expecting client certificate, what > with the logs not actually being too verbose unfortunately. There > isn't too much to "debug" in Dovecot's TLS implementation, it's not > doing anything fancy asides from calling the ldap_start_tls_s. > > I am not sure what debugging you could try further. > > Aki From aki.tuomi at dovecot.fi Mon Mar 20 18:59:14 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 20 Mar 2017 20:59:14 +0200 (EET) Subject: Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP] In-Reply-To: <0b1a6c1ee9b4c1776dab66441b0b917f@gwarband.de> References: <1296888746.404.1490028121677@appsuite-dev.open-xchange.com> <0b1a6c1ee9b4c1776dab66441b0b917f@gwarband.de> Message-ID: <1351610456.593.1490036354953@appsuite-dev.open-xchange.com> Well, those actually *reduce* the possible algorithms that can be used, so uncommenting those can make things worse. Anyways, your pcap seems incomplete, can you try again? Aki > On March 20, 2017 at 8:14 PM info at gwarband.de wrote: > > > I have also tested with 2.2.28 and this version has the same issue. > > The finding of compatible ciphers is not the problem because I have > uncommented the ldap entrys: > TLSCipherSuite > SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM > TLSProtocolMin 3.1 > > Maybe you have further ideas. > > Am 2017-03-20 17:42, schrieb Aki Tuomi: > >> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: > >> > >> > >> Can sombody say something about this request? > >> > >> This is an email from the openldap-technical mailinglist from > >> openldap. > >> > >> Systemdetails are mention in the other email. > >> > >> -------- Originalnachricht -------- > >> Betreff: Re: Dovecot can't connect to openldap over starttls > >> Datum: 2017-03-20 16:18 > >> Absender: Dan White > >> Empf?nger: info at gwarband.de > >> Kopie: openldap-technical at openldap.org > >> > >> On 03/20/17 16:06 +0100, info at gwarband.de wrote: > >>>> Debug Dovecot's implementation of ldap_start_tls_s(). > >>> I don't have any idea how to set a higher debug level to dovecot. In > >>> my opinion I have the highest. So I can't deliver a greater log. > >> > >> I recommend consulting Dovecot's advice on how to run a debugger, or > >> dig > >> into the code which calls libldap. > > > > Hi! > > I just ran a quick test, and following things are needed: > > > > uris = ldap://ldap.host.com > > tls = yes > > tls_ca_cert_file = /path/to/cert-bundle.crt > > > > this has been tested with 2.2.28, and works just fine. Not sure why > > you are having issues. > > > > Of course this could be anything between not finding compatible > > ciphers to the LDAP server actually expecting client certificate, what > > with the logs not actually being too verbose unfortunately. There > > isn't too much to "debug" in Dovecot's TLS implementation, it's not > > doing anything fancy asides from calling the ldap_start_tls_s. > > > > I am not sure what debugging you could try further. > > > > Aki From lists+dovecot at tocc.cz Mon Mar 20 19:14:27 2017 From: lists+dovecot at tocc.cz (Tomas Habarta) Date: Mon, 20 Mar 2017 20:14:27 +0100 Subject: Dovecot can't connect to openldap over starttls In-Reply-To: <219a9329a86c4d3e71610db264612f1e@gwarband.de> References: <9984d210a9180693c539a993fe0e9af0@gwarband.de> <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> <234819ad0826f6b42c5f8852761f8bc5@gwarband.de> <219a9329a86c4d3e71610db264612f1e@gwarband.de> Message-ID: Actually, I likely managed to replicate the problem itself. I've observed described behavior (timeout with connection error) only if Dovecot's tls_ca_cert_file provided either non-existent file or there was no read access to the existing file -- found during review after sending my last post as I run CentOS, not Debian and didn't adjust the path correctly (/etc/ldap vs. /etc/openldap) in dovecot-ldap.conf when setting that up. Anyway, ldapsearch uses the same library as Dovecot so if ldapsearch works, Dovecot _simply_ must work as well ;) As mentioned, I normally run CentOS, where /etc/ssl/certs has SELinux security context; don't you by any chance run something similar which may prevent Dovecot from accessing the file? I tested on Debian 8 with the standard repo software (same versions you reported), even tried also 2.2.27 from backports and all worked ok, so there seems to be nothing wrong with both software at all, just some little thing in the configuration... Tomas On 03/20/2017 02:04 PM, info at gwarband.de wrote: > I've tested your soulution, but it also says the same error. > I've tested all combinations of: > - tls_ca_cert_file = > - tls = yes > - tls_require_cert = demand > > Every time it says "Connection error". > Only when tls is uncommented it says "TLS required". > > Additional information from my contact with the openldap-technical > mailing list: > The ldapsearch under the user dovecot with -ZZ works fine. > And they mention that the ldap.conf and dovecot-ldap.conf should have no > differences, that is correct no differences. > Here is a link to the ldap.conf > https://gwarband.de/openldap/ldap.conf > And the output of ldapsearch under dovecot: > https://gwarband.de/openldap/ldapsearch-dovecot.log > > Tobias > > Am 2017-03-20 11:00, schrieb Tomas Habarta: >> I've finally managed that running on Debian 8 test machine by commenting >> tls_ca_cert_file = >> option from dovecot-ldap.conf, so only >> tls = yes >> tls_require_cert = demand >> >> Not sure why is that as on my CentOS6 Dovecot works even with that >> commented option. May be that CentOS and Debian uses different ldap >> library or different versions or there's another peculiarity ... >> >> Anyway, when tls_require_cert = demand is set, cite: >> -- >> With a setting of demand the certificate is requested and a valid >> certificate must be provided, otherwise the session is immediately >> terminated. >> -- >> >> As that option doesn't provide any source, it is taken from >> /etc/ldap/ldap.conf on Debian and if it's missing there, Dovecot client >> times out on validating provided certificate with >> >> imap-login: Error: Timeout waiting for handshake from auth server. >> imap-login: Disconnected: Auth process broken (disconnected before auth >> was ready, waited 30 secs) >> >> >> >> Tomas >> >> >> On 03/18/2017 02:22 PM, info at gwarband.de wrote: >>> The serverlog of openldap with loglevel "any": >>> https://gwarband.de/openldap/openldap-connect.log >>> Note: openldap waits 1 Minute before he says "TLS negotiation failure" >>> after the connect. >>> and dovecot says direct "Connect error" >>> >>> I've also delete the TLSCipherSuite from openldap. >>> >>> Tobias >>> >>> Am 2017-03-18 14:01, schrieb Tomas Habarta: >>>> Increase log level on server side as well to see what the server >>>> says... >>>> You may remove anything in TLSCipherSuite for the purpose of testing >>>> too. >>>> >>>> Hopefully anyone knowing OpenLDAP internals could help you analyse it >>>> more deeply. >>>> >>>> Tomas >>>> >>>> On 03/18/2017 01:31 PM, info at gwarband.de wrote: >>>>> I've replicate the settings from ldapsearch to dovecot but no success. >>>>> To the certificate: >>>>> Yes it's a *.crt file but I have linked the *.pem file to it and >>>>> dovecot >>>>> has read access to that file. >>>>> >>>>> I have enabled the debugging in dovecot and have uploaded the output: >>>>> https://gwarband.de/openldap/dovecot-connect.log >>>>> >>>>> And the other site with ldapsearch: >>>>> https://gwarband.de/openldap/ldapsearch-connect.log >>>>> >>>>> I'm pretty sure that there is a problem with the sslhandshaking >>>>> between >>>>> openldap and dovecot, but I can't find the source of the problem. >>>>> >>>>> One of the steps in the sslhandshaking is not success but in the >>>>> debugging output I can't find any line with a hit to it. >>>>> >>>>> Tobias >>>>> >>>>> Am 2017-03-18 12:30, schrieb Tomas Habarta: >>>>>> Well, if ldapsearch works, try to replicate its settings for dovecot >>>>>> client. >>>>>> It's not obvious what settings ldapsearch uses, have a look at >>>>>> default >>>>>> client settings in /etc/openldap/ldap.conf, there may be something >>>>>> set a >>>>>> slightly different way. >>>>>> Also double check permissions for files used by dovecot, I mean >>>>>> mainly >>>>>> the file listed for tls_ca_cert_file as dovecot may not have an >>>>>> access >>>>>> for reading... >>>>>> >>>>>> I cannot see anything downright bad, just posted CA cert (which is >>>>>> ok, >>>>>> tested) is *.crt and your config mentions *.pem but I consider >>>>>> it's the >>>>>> same file. >>>>>> >>>>>> Finally, I would recommend to enable debug option for dovecot's >>>>>> client >>>>>> debug_level = -1 (which logs all available) in your >>>>>> dovecot-ldap.conf >>>>>> to see what the library reports and work further on that. >>>>>> You can compare with output from ldapsearch by adding -d-1 switch to >>>>>> it. >>>>>> >>>>>> Hard to tell more at the moment. >>>>>> >>>>>> >>>>>> Tomas >>>>>> >>>>>> On 03/18/2017 09:41 AM, info at gwarband.de wrote: >>>>>>> Hello, >>>>>>> >>>>>>> I have also installed LE certs. >>>>>>> But nothing helps, I have double-checking all certs. >>>>>>> >>>>>>> ldapsearch with -ZZ works see: >>>>>>> https://gwarband.de/openldap/ldapsearch.log >>>>>>> >>>>>>> I have also uploaded the TLSCACertificateFile, maybe I have a >>>>>>> failure in >>>>>>> the merge of the two fiels: >>>>>>> https://gwarband.de/openldap/LetsEncrypt.crt >>>>>>> >>>>>>> And also I have uploaded my complete openldap configuration: >>>>>>> https://gwarband.de/openldap/openldap.conf >>>>>>> >>>>>>> All other components can work and communicate with my openldap >>>>>>> server. >>>>>>> The components are postfix, openxchange, apache (phpldapadmin). >>>>>>> >>>>>>> My installated software is: >>>>>>> Debian 8 >>>>>>> OpenLDAP 2.4.40 >>>>>>> Dovecot 2.2.13 >>>>>>> >>>>>>> I hope you can find the issue. >>>>>>> >>>>>>> Thanks, >>>>>>> Tobias >>>>>>> >>>>>>> Am 2017-03-17 22:48, schrieb Tomas Habarta: >>>>>>>> Hi, >>>>>>>> >>>>>>>> been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally >>>>>>>> over the >>>>>>>> unix socket on the same machine, but tried over inet with STARTTLS >>>>>>>> and >>>>>>>> it's working ok... >>>>>>>> >>>>>>>> I would suggest double-checking key/certs setup on OpenLDAP >>>>>>>> side; for >>>>>>>> the test I have used LE certs, utilizing following cn=config >>>>>>>> attributes: >>>>>>>> >>>>>>>> olcTLSCertificateKeyFile contains private key >>>>>>>> olcTLSCertificateFile contains certificate >>>>>>>> olcTLSCACertificateFile contains both certs (DST Root CA X3 >>>>>>>> and Let's Encrypt Authority X3) >>>>>>>> >>>>>>>> and used the same CA file in Dovecot's tls_ca_cert_file >>>>>>>> >>>>>>>> Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or >>>>>>>> ... ? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Hope that helps, good luck ;) >>>>>>>> Tomas >>>>>>>> >>>>>>>> >>>>>>>> On 03/17/2017 04:27 PM, info at gwarband.de wrote: >>>>>>>>> Hello guys, >>>>>>>>> >>>>>>>>> actually I'm trying to configure dovecot to access openldap for >>>>>>>>> passwordcheck. >>>>>>>>> My openldap is only allow access over "secure ldap". >>>>>>>>> The dovecot can communicate with the openldap server but there is >>>>>>>>> maybe >>>>>>>>> a failure in the sslhandshake. >>>>>>>>> Additional information you can find in the logs or in the dump >>>>>>>>> below. >>>>>>>>> Also I have my ldap config from dovecot in the links below. >>>>>>>>> >>>>>>>>> I have already created an bug reporting in the system of openldap >>>>>>>>> but >>>>>>>>> the answer was to get support from her. >>>>>>>>> >>>>>>>>> All datalinks: >>>>>>>>> https://gwarband.de/openldap/dovecot.log >>>>>>>>> https://gwarband.de/openldap/dovecot-ldap.conf >>>>>>>>> https://gwarband.de/openldap/openldap.log >>>>>>>>> https://gwarband.de/openldap/trace.dump >>>>>>>>> >>>>>>>>> The bugreportinglink from openldap: >>>>>>>>> http://www.openldap.org/its/index.cgi/Incoming?id=8615 >>>>>>>>> >>>>>>>>> I hope you can help me. >>>>>>>>> >>>>>>>>> Regards. >>>>>>>>> Tobias Warband -- toCc.cz From info at gwarband.de Mon Mar 20 19:24:53 2017 From: info at gwarband.de (info at gwarband.de) Date: Mon, 20 Mar 2017 20:24:53 +0100 Subject: Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP] In-Reply-To: <1351610456.593.1490036354953@appsuite-dev.open-xchange.com> References: <1296888746.404.1490028121677@appsuite-dev.open-xchange.com> <0b1a6c1ee9b4c1776dab66441b0b917f@gwarband.de> <1351610456.593.1490036354953@appsuite-dev.open-xchange.com> Message-ID: <17cc8afbd322fcc1f940b2e4273ec176@gwarband.de> I have a new pcap from beginning to the end with openldap "TLS negoiation failed" https://gwarband.de/openldap/tracefile.dump The sourceports are 45376 and 45377 Tobias Am 2017-03-20 19:59, schrieb Aki Tuomi: > Well, those actually *reduce* the possible algorithms that can be > used, so uncommenting those can make things worse. > > Anyways, your pcap seems incomplete, can you try again? > > Aki > >> On March 20, 2017 at 8:14 PM info at gwarband.de wrote: >> >> >> I have also tested with 2.2.28 and this version has the same issue. >> >> The finding of compatible ciphers is not the problem because I have >> uncommented the ldap entrys: >> TLSCipherSuite >> SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM >> TLSProtocolMin 3.1 >> >> Maybe you have further ideas. >> >> Am 2017-03-20 17:42, schrieb Aki Tuomi: >>>> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: >>>> >>>> >>>> Can sombody say something about this request? >>>> >>>> This is an email from the openldap-technical mailinglist from >>>> openldap. >>>> >>>> Systemdetails are mention in the other email. >>>> >>>> -------- Originalnachricht -------- >>>> Betreff: Re: Dovecot can't connect to openldap over starttls >>>> Datum: 2017-03-20 16:18 >>>> Absender: Dan White >>>> Empf?nger: info at gwarband.de >>>> Kopie: openldap-technical at openldap.org >>>> >>>> On 03/20/17 16:06 +0100, info at gwarband.de wrote: >>>>>> Debug Dovecot's implementation of ldap_start_tls_s(). >>>>> I don't have any idea how to set a higher debug level to dovecot. >>>>> In >>>>> my opinion I have the highest. So I can't deliver a greater log. >>>> >>>> I recommend consulting Dovecot's advice on how to run a debugger, >>>> or >>>> dig >>>> into the code which calls libldap. >>> >>> Hi! >>> I just ran a quick test, and following things are needed: >>> >>> uris = ldap://ldap.host.com >>> tls = yes >>> tls_ca_cert_file = /path/to/cert-bundle.crt >>> >>> this has been tested with 2.2.28, and works just fine. Not sure why >>> you are having issues. >>> >>> Of course this could be anything between not finding compatible >>> ciphers to the LDAP server actually expecting client certificate, >>> what >>> with the logs not actually being too verbose unfortunately. There >>> isn't too much to "debug" in Dovecot's TLS implementation, it's not >>> doing anything fancy asides from calling the ldap_start_tls_s. >>> >>> I am not sure what debugging you could try further. >>> >>> Aki From info at gwarband.de Mon Mar 20 19:33:51 2017 From: info at gwarband.de (info at gwarband.de) Date: Mon, 20 Mar 2017 20:33:51 +0100 Subject: Dovecot can't connect to openldap over starttls In-Reply-To: References: <9984d210a9180693c539a993fe0e9af0@gwarband.de> <8351becb-ec8f-152f-566b-6b5f6a99b53d@tocc.cz> <234819ad0826f6b42c5f8852761f8bc5@gwarband.de> <219a9329a86c4d3e71610db264612f1e@gwarband.de> Message-ID: <94a2ffc6c52f7b69d67a0c7f4a0b95ad@gwarband.de> The user "dovecot" can access and read the cert. Here is an output of the console: https://gwarband.de/openldap/dovecot-certs.log So I think there is nothing what prevent Dovecot to access the file. Tobias Am 2017-03-20 20:14, schrieb Tomas Habarta: > Actually, I likely managed to replicate the problem itself. > I've observed described behavior (timeout with connection error) only > if > Dovecot's tls_ca_cert_file provided either non-existent file or there > was no read access to the existing file -- found during review after > sending my last post as I run CentOS, not Debian and didn't adjust the > path correctly (/etc/ldap vs. /etc/openldap) in dovecot-ldap.conf when > setting that up. > > Anyway, ldapsearch uses the same library as Dovecot so if ldapsearch > works, Dovecot _simply_ must work as well ;) > > As mentioned, I normally run CentOS, where /etc/ssl/certs has SELinux > security context; don't you by any chance run something similar which > may prevent Dovecot from accessing the file? > > I tested on Debian 8 with the standard repo software (same versions > you > reported), even tried also 2.2.27 from backports and all worked ok, so > there seems to be nothing wrong with both software at all, just some > little thing in the configuration... > > > Tomas > > > On 03/20/2017 02:04 PM, info at gwarband.de wrote: >> I've tested your soulution, but it also says the same error. >> I've tested all combinations of: >> - tls_ca_cert_file = >> - tls = yes >> - tls_require_cert = demand >> >> Every time it says "Connection error". >> Only when tls is uncommented it says "TLS required". >> >> Additional information from my contact with the openldap-technical >> mailing list: >> The ldapsearch under the user dovecot with -ZZ works fine. >> And they mention that the ldap.conf and dovecot-ldap.conf should have >> no >> differences, that is correct no differences. >> Here is a link to the ldap.conf >> https://gwarband.de/openldap/ldap.conf >> And the output of ldapsearch under dovecot: >> https://gwarband.de/openldap/ldapsearch-dovecot.log >> >> Tobias >> >> Am 2017-03-20 11:00, schrieb Tomas Habarta: >>> I've finally managed that running on Debian 8 test machine by >>> commenting >>> tls_ca_cert_file = >>> option from dovecot-ldap.conf, so only >>> tls = yes >>> tls_require_cert = demand >>> >>> Not sure why is that as on my CentOS6 Dovecot works even with that >>> commented option. May be that CentOS and Debian uses different ldap >>> library or different versions or there's another peculiarity ... >>> >>> Anyway, when tls_require_cert = demand is set, cite: >>> -- >>> With a setting of demand the certificate is requested and a valid >>> certificate must be provided, otherwise the session is immediately >>> terminated. >>> -- >>> >>> As that option doesn't provide any source, it is taken from >>> /etc/ldap/ldap.conf on Debian and if it's missing there, Dovecot >>> client >>> times out on validating provided certificate with >>> >>> imap-login: Error: Timeout waiting for handshake from auth server. >>> imap-login: Disconnected: Auth process broken (disconnected before >>> auth >>> was ready, waited 30 secs) >>> >>> >>> >>> Tomas >>> >>> >>> On 03/18/2017 02:22 PM, info at gwarband.de wrote: >>>> The serverlog of openldap with loglevel "any": >>>> https://gwarband.de/openldap/openldap-connect.log >>>> Note: openldap waits 1 Minute before he says "TLS negotiation >>>> failure" >>>> after the connect. >>>> and dovecot says direct "Connect error" >>>> >>>> I've also delete the TLSCipherSuite from openldap. >>>> >>>> Tobias >>>> >>>> Am 2017-03-18 14:01, schrieb Tomas Habarta: >>>>> Increase log level on server side as well to see what the server >>>>> says... >>>>> You may remove anything in TLSCipherSuite for the purpose of >>>>> testing >>>>> too. >>>>> >>>>> Hopefully anyone knowing OpenLDAP internals could help you analyse >>>>> it >>>>> more deeply. >>>>> >>>>> Tomas >>>>> >>>>> On 03/18/2017 01:31 PM, info at gwarband.de wrote: >>>>>> I've replicate the settings from ldapsearch to dovecot but no >>>>>> success. >>>>>> To the certificate: >>>>>> Yes it's a *.crt file but I have linked the *.pem file to it and >>>>>> dovecot >>>>>> has read access to that file. >>>>>> >>>>>> I have enabled the debugging in dovecot and have uploaded the >>>>>> output: >>>>>> https://gwarband.de/openldap/dovecot-connect.log >>>>>> >>>>>> And the other site with ldapsearch: >>>>>> https://gwarband.de/openldap/ldapsearch-connect.log >>>>>> >>>>>> I'm pretty sure that there is a problem with the sslhandshaking >>>>>> between >>>>>> openldap and dovecot, but I can't find the source of the problem. >>>>>> >>>>>> One of the steps in the sslhandshaking is not success but in the >>>>>> debugging output I can't find any line with a hit to it. >>>>>> >>>>>> Tobias >>>>>> >>>>>> Am 2017-03-18 12:30, schrieb Tomas Habarta: >>>>>>> Well, if ldapsearch works, try to replicate its settings for >>>>>>> dovecot >>>>>>> client. >>>>>>> It's not obvious what settings ldapsearch uses, have a look at >>>>>>> default >>>>>>> client settings in /etc/openldap/ldap.conf, there may be >>>>>>> something >>>>>>> set a >>>>>>> slightly different way. >>>>>>> Also double check permissions for files used by dovecot, I mean >>>>>>> mainly >>>>>>> the file listed for tls_ca_cert_file as dovecot may not have an >>>>>>> access >>>>>>> for reading... >>>>>>> >>>>>>> I cannot see anything downright bad, just posted CA cert (which >>>>>>> is >>>>>>> ok, >>>>>>> tested) is *.crt and your config mentions *.pem but I consider >>>>>>> it's the >>>>>>> same file. >>>>>>> >>>>>>> Finally, I would recommend to enable debug option for dovecot's >>>>>>> client >>>>>>> debug_level = -1 (which logs all available) in your >>>>>>> dovecot-ldap.conf >>>>>>> to see what the library reports and work further on that. >>>>>>> You can compare with output from ldapsearch by adding -d-1 >>>>>>> switch to >>>>>>> it. >>>>>>> >>>>>>> Hard to tell more at the moment. >>>>>>> >>>>>>> >>>>>>> Tomas >>>>>>> >>>>>>> On 03/18/2017 09:41 AM, info at gwarband.de wrote: >>>>>>>> Hello, >>>>>>>> >>>>>>>> I have also installed LE certs. >>>>>>>> But nothing helps, I have double-checking all certs. >>>>>>>> >>>>>>>> ldapsearch with -ZZ works see: >>>>>>>> https://gwarband.de/openldap/ldapsearch.log >>>>>>>> >>>>>>>> I have also uploaded the TLSCACertificateFile, maybe I have a >>>>>>>> failure in >>>>>>>> the merge of the two fiels: >>>>>>>> https://gwarband.de/openldap/LetsEncrypt.crt >>>>>>>> >>>>>>>> And also I have uploaded my complete openldap configuration: >>>>>>>> https://gwarband.de/openldap/openldap.conf >>>>>>>> >>>>>>>> All other components can work and communicate with my openldap >>>>>>>> server. >>>>>>>> The components are postfix, openxchange, apache (phpldapadmin). >>>>>>>> >>>>>>>> My installated software is: >>>>>>>> Debian 8 >>>>>>>> OpenLDAP 2.4.40 >>>>>>>> Dovecot 2.2.13 >>>>>>>> >>>>>>>> I hope you can find the issue. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Tobias >>>>>>>> >>>>>>>> Am 2017-03-17 22:48, schrieb Tomas Habarta: >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally >>>>>>>>> over the >>>>>>>>> unix socket on the same machine, but tried over inet with >>>>>>>>> STARTTLS >>>>>>>>> and >>>>>>>>> it's working ok... >>>>>>>>> >>>>>>>>> I would suggest double-checking key/certs setup on OpenLDAP >>>>>>>>> side; for >>>>>>>>> the test I have used LE certs, utilizing following cn=config >>>>>>>>> attributes: >>>>>>>>> >>>>>>>>> olcTLSCertificateKeyFile contains private key >>>>>>>>> olcTLSCertificateFile contains certificate >>>>>>>>> olcTLSCACertificateFile contains both certs (DST Root >>>>>>>>> CA X3 >>>>>>>>> and Let's Encrypt Authority X3) >>>>>>>>> >>>>>>>>> and used the same CA file in Dovecot's tls_ca_cert_file >>>>>>>>> >>>>>>>>> Is ldapsearch working ok (-ZZ) and only Dovecot has troubles >>>>>>>>> or >>>>>>>>> ... ? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Hope that helps, good luck ;) >>>>>>>>> Tomas >>>>>>>>> >>>>>>>>> >>>>>>>>> On 03/17/2017 04:27 PM, info at gwarband.de wrote: >>>>>>>>>> Hello guys, >>>>>>>>>> >>>>>>>>>> actually I'm trying to configure dovecot to access openldap >>>>>>>>>> for >>>>>>>>>> passwordcheck. >>>>>>>>>> My openldap is only allow access over "secure ldap". >>>>>>>>>> The dovecot can communicate with the openldap server but >>>>>>>>>> there is >>>>>>>>>> maybe >>>>>>>>>> a failure in the sslhandshake. >>>>>>>>>> Additional information you can find in the logs or in the >>>>>>>>>> dump >>>>>>>>>> below. >>>>>>>>>> Also I have my ldap config from dovecot in the links below. >>>>>>>>>> >>>>>>>>>> I have already created an bug reporting in the system of >>>>>>>>>> openldap >>>>>>>>>> but >>>>>>>>>> the answer was to get support from her. >>>>>>>>>> >>>>>>>>>> All datalinks: >>>>>>>>>> https://gwarband.de/openldap/dovecot.log >>>>>>>>>> https://gwarband.de/openldap/dovecot-ldap.conf >>>>>>>>>> https://gwarband.de/openldap/openldap.log >>>>>>>>>> https://gwarband.de/openldap/trace.dump >>>>>>>>>> >>>>>>>>>> The bugreportinglink from openldap: >>>>>>>>>> http://www.openldap.org/its/index.cgi/Incoming?id=8615 >>>>>>>>>> >>>>>>>>>> I hope you can help me. >>>>>>>>>> >>>>>>>>>> Regards. >>>>>>>>>> Tobias Warband From larryrtx at gmail.com Mon Mar 20 19:44:03 2017 From: larryrtx at gmail.com (Larry Rosenman) Date: Mon, 20 Mar 2017 14:44:03 -0500 Subject: Crash on doveadm index In-Reply-To: References: Message-ID: This appears to be Tika related.? I?m running the latest Tika (1.14). I?ve turned OFF tika, and can index everything. I do have some of the ?bad? messages saved. What can I supply to help debug this? -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 From: Larry Rosenman Date: Monday, March 20, 2017 at 12:57 PM To: Dovecot List Subject: Crash on doveadm index http://www.lerctr.org/~ler/dovecot/doveadm-2017-03-20.txt doveconf ?n attached and at: http://www.lerctr.org/~ler/dovecot/doveconf.n.txt -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 From jtam.home at gmail.com Mon Mar 20 20:03:20 2017 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 20 Mar 2017 13:03:20 -0700 (PDT) Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits In-Reply-To: References: Message-ID: Sami Ketola writes: >> Can anyone with Solr installed confirm/refute this: does installing >> Solr keep iOS clients from roofing the connection count? > > I doubt it, but since IMAP SEARCH goes all the way down to the backends > mail_max_userip_connections can be used to limit the number of > connections. Understood -- that's the current situation I'm in now. Our iOS users would launch a search resulting in a connection burst, hit the connection cap, log out all IMAP sessions out, then start the cycle again. This sometimes lasts for 10's of minutes. I'm not sure what the users sees. Sample logs entries: Mar 19 01:21:30 server dovecot: imap-login: Login: user= ... [... 14 similar logins removed ...] Mar 19 01:21:41 server dovecot: imap-login: Login: user= ... Mar 19 01:21:42 server dovecot: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=16) : user= ... Mar 19 01:21:42 server dovecot: imap(user): Logged out in=425 out=1107 [... 14 similar logouts removed ...] Mar 19 01:21:42 server dovecot: imap(user): Logged out in=382 out=1107 Mar 19 01:21:42 server dovecot: imap-login: Login: user= ... Mar 19 01:21:42 server dovecot: imap-login: Login: user= ... Mar 19 01:21:43 server dovecot: imap-login: Login: user= ... Mar 19 01:21:44 server dovecot: imap-login: Login: user= ... Mar 19 01:21:44 server dovecot: imap(user): Logged out in=442 out=1173 Mar 19 01:21:44 server dovecot: imap(user): Logged out in=442 out=1155 Mar 19 01:21:44 server dovecot: imap(user): Logged out in=442 out=1166 Mar 19 01:21:44 server dovecot: imap(user): Logged out in=442 out=1174 Mar 19 01:21:44 server dovecot: imap-login: Login: user= ... Mar 19 01:21:47 server dovecot: imap-login: Login: user= ... Mar 19 01:21:47 server dovecot: imap-login: Login: user= ... Mar 19 01:21:48 server dovecot: imap-login: Login: user= ... Mar 19 01:21:48 server dovecot: imap-login: Login: user= ... Mar 19 01:21:49 server dovecot: imap-login: Login: user= ... { ... and on and on for the next 10 minutes ... } However, there is a pause between each login that might be long enough to squeeze the search results in if given quickly enough. From the I/O stats, most of these searches have empty results. It probably won't prevent the connection cap problem, but it might minimize the length and severity of these connection storms. Of course, the real fix is for iOS mail-app developers to stop assuming the IMAP server is owned exclusively by the user by configuring some reasonable connection throttles. Joseph Tam From aki.tuomi at dovecot.fi Mon Mar 20 20:43:48 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 20 Mar 2017 22:43:48 +0200 (EET) Subject: Crash on doveadm index In-Reply-To: References: Message-ID: <1451295551.665.1490042628922@appsuite-dev.open-xchange.com> Yeah, it's tika related. Also looks rather simple to fix. Aki > On March 20, 2017 at 9:44 PM Larry Rosenman wrote: > > > This appears to be Tika related. I?m running the latest Tika (1.14). > > > > I?ve turned OFF tika, and can index everything. > > > > I do have some of the ?bad? messages saved. > > > > What can I supply to help debug this? > > > > > > -- > > Larry Rosenman http://www.lerctr.org/~ler > > Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com > > US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 > > > > > > > > From: Larry Rosenman > Date: Monday, March 20, 2017 at 12:57 PM > To: Dovecot List > Subject: Crash on doveadm index > > > > http://www.lerctr.org/~ler/dovecot/doveadm-2017-03-20.txt > > > > doveconf ?n attached and at: > > http://www.lerctr.org/~ler/dovecot/doveconf.n.txt > > > > > > > > -- > > Larry Rosenman http://www.lerctr.org/~ler > > Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com > > US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 > > > > From aki.tuomi at dovecot.fi Mon Mar 20 20:49:09 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 20 Mar 2017 22:49:09 +0200 (EET) Subject: Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP] In-Reply-To: <17cc8afbd322fcc1f940b2e4273ec176@gwarband.de> References: <1296888746.404.1490028121677@appsuite-dev.open-xchange.com> <0b1a6c1ee9b4c1776dab66441b0b917f@gwarband.de> <1351610456.593.1490036354953@appsuite-dev.open-xchange.com> <17cc8afbd322fcc1f940b2e4273ec176@gwarband.de> Message-ID: <2003971905.673.1490042950068@appsuite-dev.open-xchange.com> Did you do some succesful lookup with something there? I can see few failed attempts and one that seems to have worked just fine. As pointed out earlier, are you using security frameworks like SELinux or AppArmor? Also, can you provide namei -l /etc/ssl/certs/LetsEncrypt.pem The failed attempts are really short, indicating a VERY early problem with SSL handshake. Aki > On March 20, 2017 at 9:24 PM info at gwarband.de wrote: > > > I have a new pcap from beginning to the end with openldap "TLS > negoiation failed" > > https://gwarband.de/openldap/tracefile.dump > > The sourceports are 45376 and 45377 > > Tobias > > Am 2017-03-20 19:59, schrieb Aki Tuomi: > > Well, those actually *reduce* the possible algorithms that can be > > used, so uncommenting those can make things worse. > > > > Anyways, your pcap seems incomplete, can you try again? > > > > Aki > > > >> On March 20, 2017 at 8:14 PM info at gwarband.de wrote: > >> > >> > >> I have also tested with 2.2.28 and this version has the same issue. > >> > >> The finding of compatible ciphers is not the problem because I have > >> uncommented the ldap entrys: > >> TLSCipherSuite > >> SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM > >> TLSProtocolMin 3.1 > >> > >> Maybe you have further ideas. > >> > >> Am 2017-03-20 17:42, schrieb Aki Tuomi: > >>>> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: > >>>> > >>>> > >>>> Can sombody say something about this request? > >>>> > >>>> This is an email from the openldap-technical mailinglist from > >>>> openldap. > >>>> > >>>> Systemdetails are mention in the other email. > >>>> > >>>> -------- Originalnachricht -------- > >>>> Betreff: Re: Dovecot can't connect to openldap over starttls > >>>> Datum: 2017-03-20 16:18 > >>>> Absender: Dan White > >>>> Empf?nger: info at gwarband.de > >>>> Kopie: openldap-technical at openldap.org > >>>> > >>>> On 03/20/17 16:06 +0100, info at gwarband.de wrote: > >>>>>> Debug Dovecot's implementation of ldap_start_tls_s(). > >>>>> I don't have any idea how to set a higher debug level to dovecot. > >>>>> In > >>>>> my opinion I have the highest. So I can't deliver a greater log. > >>>> > >>>> I recommend consulting Dovecot's advice on how to run a debugger, > >>>> or > >>>> dig > >>>> into the code which calls libldap. > >>> > >>> Hi! > >>> I just ran a quick test, and following things are needed: > >>> > >>> uris = ldap://ldap.host.com > >>> tls = yes > >>> tls_ca_cert_file = /path/to/cert-bundle.crt > >>> > >>> this has been tested with 2.2.28, and works just fine. Not sure why > >>> you are having issues. > >>> > >>> Of course this could be anything between not finding compatible > >>> ciphers to the LDAP server actually expecting client certificate, > >>> what > >>> with the logs not actually being too verbose unfortunately. There > >>> isn't too much to "debug" in Dovecot's TLS implementation, it's not > >>> doing anything fancy asides from calling the ldap_start_tls_s. > >>> > >>> I am not sure what debugging you could try further. > >>> > >>> Aki From info at gwarband.de Mon Mar 20 21:09:30 2017 From: info at gwarband.de (info at gwarband.de) Date: Mon, 20 Mar 2017 22:09:30 +0100 Subject: Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP] In-Reply-To: <2003971905.673.1490042950068@appsuite-dev.open-xchange.com> References: <1296888746.404.1490028121677@appsuite-dev.open-xchange.com> <0b1a6c1ee9b4c1776dab66441b0b917f@gwarband.de> <1351610456.593.1490036354953@appsuite-dev.open-xchange.com> <17cc8afbd322fcc1f940b2e4273ec176@gwarband.de> <2003971905.673.1490042950068@appsuite-dev.open-xchange.com> Message-ID: <09fc4411ec34ec687bb3d8e99308a7cb@gwarband.de> The one that works fine was my openxchange server, that loads contacts from openldap. In my opinion I don't have installed a security framework list SELinux or AppArmor. The output of namei -l /etc/ssl/certs/LetsEncrypt.pem f: /etc/ssl/certs/LetsEncrypt.pem drwxr-xr-x root root / drwxr-xr-x root root etc drwxr-xr-x root root ssl drwxr-xr-x root root certs lrwxrwxrwx root root LetsEncrypt.pem -> /etc/ssl/own/LetsEncrypt.crt drwxr-xr-x root root / drwxr-xr-x root root etc drwxr-xr-x root root ssl drwxr-x--- root ssl-cert own -rw-r----- root ssl-cert LetsEncrypt.crt Tobias Am 2017-03-20 21:49, schrieb Aki Tuomi: > Did you do some succesful lookup with something there? I can see few > failed attempts and one that seems to have worked just fine. > > As pointed out earlier, are you using security frameworks like > SELinux or AppArmor? Also, can you provide namei -l > /etc/ssl/certs/LetsEncrypt.pem > > The failed attempts are really short, indicating a VERY early problem > with SSL handshake. > > Aki > >> On March 20, 2017 at 9:24 PM info at gwarband.de wrote: >> >> >> I have a new pcap from beginning to the end with openldap "TLS >> negoiation failed" >> >> https://gwarband.de/openldap/tracefile.dump >> >> The sourceports are 45376 and 45377 >> >> Tobias >> >> Am 2017-03-20 19:59, schrieb Aki Tuomi: >>> Well, those actually *reduce* the possible algorithms that can be >>> used, so uncommenting those can make things worse. >>> >>> Anyways, your pcap seems incomplete, can you try again? >>> >>> Aki >>> >>>> On March 20, 2017 at 8:14 PM info at gwarband.de wrote: >>>> >>>> >>>> I have also tested with 2.2.28 and this version has the same issue. >>>> >>>> The finding of compatible ciphers is not the problem because I have >>>> uncommented the ldap entrys: >>>> TLSCipherSuite >>>> SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM >>>> TLSProtocolMin 3.1 >>>> >>>> Maybe you have further ideas. >>>> >>>> Am 2017-03-20 17:42, schrieb Aki Tuomi: >>>>>> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: >>>>>> >>>>>> >>>>>> Can sombody say something about this request? >>>>>> >>>>>> This is an email from the openldap-technical mailinglist from >>>>>> openldap. >>>>>> >>>>>> Systemdetails are mention in the other email. >>>>>> >>>>>> -------- Originalnachricht -------- >>>>>> Betreff: Re: Dovecot can't connect to openldap over starttls >>>>>> Datum: 2017-03-20 16:18 >>>>>> Absender: Dan White >>>>>> Empf?nger: info at gwarband.de >>>>>> Kopie: openldap-technical at openldap.org >>>>>> >>>>>> On 03/20/17 16:06 +0100, info at gwarband.de wrote: >>>>>>>> Debug Dovecot's implementation of ldap_start_tls_s(). >>>>>>> I don't have any idea how to set a higher debug level to >>>>>>> dovecot. >>>>>>> In >>>>>>> my opinion I have the highest. So I can't deliver a greater log. >>>>>> >>>>>> I recommend consulting Dovecot's advice on how to run a debugger, >>>>>> or >>>>>> dig >>>>>> into the code which calls libldap. >>>>> >>>>> Hi! >>>>> I just ran a quick test, and following things are needed: >>>>> >>>>> uris = ldap://ldap.host.com >>>>> tls = yes >>>>> tls_ca_cert_file = /path/to/cert-bundle.crt >>>>> >>>>> this has been tested with 2.2.28, and works just fine. Not sure >>>>> why >>>>> you are having issues. >>>>> >>>>> Of course this could be anything between not finding compatible >>>>> ciphers to the LDAP server actually expecting client certificate, >>>>> what >>>>> with the logs not actually being too verbose unfortunately. There >>>>> isn't too much to "debug" in Dovecot's TLS implementation, it's >>>>> not >>>>> doing anything fancy asides from calling the ldap_start_tls_s. >>>>> >>>>> I am not sure what debugging you could try further. >>>>> >>>>> Aki From adi at ddns.com.au Mon Mar 20 22:08:44 2017 From: adi at ddns.com.au (Adi Pircalabu) Date: Tue, 21 Mar 2017 09:08:44 +1100 Subject: Dovecot 2.2.27 proxy - enforcing per client IP connection limits In-Reply-To: References: Message-ID: <12c895f3-1645-8b8c-5fb3-8fb9f76314f0@ddns.com.au> On 21/03/17 07:03, Joseph Tam wrote: > Sami Ketola writes: > >>> Can anyone with Solr installed confirm/refute this: does installing >>> Solr keep iOS clients from roofing the connection count? >> >> I doubt it, but since IMAP SEARCH goes all the way down to the backends >> mail_max_userip_connections can be used to limit the number of >> connections. > > Understood -- that's the current situation I'm in now. Our iOS users > would launch a search resulting in a connection burst, hit the connection > cap, log out all IMAP sessions out, then start the cycle again. This > sometimes lasts for 10's of minutes. I'm not sure what the users sees. [...] > Of course, the real fix is for iOS mail-app developers to stop assuming > the IMAP server is owned exclusively by the user by configuring some > reasonable connection throttles. Thing is, one should never rely on the intentions or abilities of a 3rd party to fix their buggy code, especially when that 3rd party is Apple. Their IMAP implementation is shambolic at best and, by far and large, the clients using Apple mail clients are causing the most grief. Oh, did I mention that wonderful feature named iOS Profile which has so much potential if designed & implemented properly, but in A.D. 2017 it's still incomplete? It's been more than obvious for years Apple can't be relied on for interoperability, the only way to improve the services offered to the clients is to look at the server side, whenever possible. And one of the options for limiting the IMAP client hammering is to enforce the limits on the proxies directly. Especially in an environment where the backend IMAP server isn't Dovecot and mail_max_userip_connections isn't an option. Even if the proxies don't exchange IMAP login information between them, being able to enforce the limit on the proxy can be a significant improvement to the current situation when the Courier-IMAP servers are open to IMAP abuse because they always see the proxy IP for the incoming connection. Just my .02AUD -- Adi Pircalabu From dmiller at amfes.com Tue Mar 21 05:05:27 2017 From: dmiller at amfes.com (Daniel Miller) Date: Mon, 20 Mar 2017 22:05:27 -0700 Subject: Corruption & migration Message-ID: I have an existing server using mdbox & sis. There is a quantity of corruption - I have no idea where it came in. I'd had a previous rebuild some years ago and I thought I had a clean datastore. By "corruption" I mean missing attachments and either missing or mixed-up emails. I've setup a new server on a virtual machine. Instead of copying the old configs I hand-adjusted individual settings using the current distribution example. The new server is running...but empty. So now my intent is to migrate the mail to the new machine. A few items to note: 1. The existing mail server is the virtual host. The mails are stored locally, in mdbox format, with sis enabled. And possibly zlib. 2. The new server, via VirtualBox, is presently configured for Maildir. I may change to sdbox - I'm now a little reserved about mdbox. 3. Instead of storing the mails within the virtual machine, I'm using the host's drive. This is via an exported NFS4 folder from the host, mounted on the guest, using the options: "auto,noatime,hard,intr,async,nordirplus". 4. My intent is to have the new virtual server become the primary mail server. The mail store will continue to be accessed by NFS4. No other servers or processes (besides backup) should access the mail store. So...my question is what is the best method for the migration? Reading the docs on Dovecot replication I'm still very unsure of how to implement it - particularly the "master-master" or "master-client" relationships. The docs are not 100% clear on which server gets which options. I can guess...which I'd really rather not do. But it seems to me getting one-way replication working would be the most "elegant" solution here. Manual dsync is also an option - but again I'm not on which machine I should execute which options. Imapsync is a possibility and the syntax is clear - but very slow in execution for 100k mails. Any suggestions or pointers would be welcome. -- Daniel From ekorneechev at altlinux.org Tue Mar 21 06:00:40 2017 From: ekorneechev at altlinux.org (Evgeniy Korneechev) Date: Tue, 21 Mar 2017 09:00:40 +0300 (MSK) Subject: Plugin "mail_crypt" - using folder keys In-Reply-To: <16d8a273-457e-5a15-266e-4cf9bfe7eed2@dovecot.fi> References: <406817759.137767.1485529114389.JavaMail.zimbra@remotesystems.ru> <16d8a273-457e-5a15-266e-4cf9bfe7eed2@dovecot.fi> Message-ID: <1548939649.31114.1490076040830.JavaMail.zimbra@remotesystems.ru> Hi! >> 2. If move a letter to another folder (or remove it), it will be unreadable. >> Log: >> imap(cloud): Error: read() failed: >> read(/home/cloud/Maildir/.Sent.test/cur/1485528498.M838579P2267....) failed: >> Decryption error: no private key available (uid=5, box=Sent.test, read reason=) >> imap(cloud): Info: Internal error occurred. Refer to server log for more >> information. >> >> or: >> imap(cloud): Error: read() failed: >> read(/home/cloud/Maildir/.Trash/cur/1485528906.M150750P3081....) failed: >> Decryption error: no private key available >> >> How fix it? >> >> Thank you in advance. > This seems to be a bug, and we are looking into it. Is the bug fixed in the new version (2.2.28)? -- WBR, Korneechev Evgeniy BaseALT/ALTLinux Team From dmiller at amfes.com Tue Mar 21 06:30:02 2017 From: dmiller at amfes.com (Daniel Miller) Date: Mon, 20 Mar 2017 23:30:02 -0700 Subject: Corruption & migration In-Reply-To: References: Message-ID: I'm getting close - I believe I have one-way replication processing now. It's amazing watching the mails magically appear in the new server! I'll tender some updates to the wiki in the hopes it will help others. At this time, I have two errors I haven't been able to eliminate with config changes: dovecot: doveadm: Error: dsync-remote(user at mydomain.com): Warning: Transaction log file /var/mail/mydomain.com/user/sdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.log was locked for 109 seconds (rotating while syncing) Mar 20 23:22:04 bubba dovecot: dsync-local(user at mydomain.com): Error: Remote command returned error 75: ssh -lvmail 192.168.0.4 doveadm dsync-server -uuser at mydomain.com I don't know if the transaction lock issue will fix itself via repeated replication runs. But I have no idea what the "error 75" is. Daniel On 3/20/2017 10:05 PM, Daniel Miller wrote: > I have an existing server using mdbox & sis. There is a quantity of > corruption - I have no idea where it came in. I'd had a previous > rebuild some years ago and I thought I had a clean datastore. By > "corruption" I mean missing attachments and either missing or mixed-up > emails. > > I've setup a new server on a virtual machine. Instead of copying the > old configs I hand-adjusted individual settings using the current > distribution example. The new server is running...but empty. > > So now my intent is to migrate the mail to the new machine. A few > items to note: > 1. The existing mail server is the virtual host. The mails are > stored locally, in mdbox format, with sis enabled. And possibly zlib. > 2. The new server, via VirtualBox, is presently configured for > Maildir. I may change to sdbox - I'm now a little reserved about mdbox. > 3. Instead of storing the mails within the virtual machine, I'm using > the host's drive. This is via an exported NFS4 folder from the host, > mounted on the guest, using the options: > "auto,noatime,hard,intr,async,nordirplus". > 4. My intent is to have the new virtual server become the primary > mail server. The mail store will continue to be accessed by NFS4. No > other servers or processes (besides backup) should access the mail store. > > So...my question is what is the best method for the migration? > > Reading the docs on Dovecot replication I'm still very unsure of how > to implement it - particularly the "master-master" or "master-client" > relationships. The docs are not 100% clear on which server gets which > options. I can guess...which I'd really rather not do. But it seems > to me getting one-way replication working would be the most "elegant" > solution here. > > Manual dsync is also an option - but again I'm not on which machine I > should execute which options. > > Imapsync is a possibility and the syntax is clear - but very slow in > execution for 100k mails. > > Any suggestions or pointers would be welcome. > From cedric.bassaget.ml at gmail.com Tue Mar 21 06:57:21 2017 From: cedric.bassaget.ml at gmail.com (=?UTF-8?Q?C=c3=a9dric_ML?=) Date: Tue, 21 Mar 2017 07:57:21 +0100 Subject: doveadm-sync stateful In-Reply-To: References: Message-ID: Hello Timo, "old server" is running dovecot 1.0.15, so I guess it it will not support imapc_features=modseq... Maybe it would be useful to add these prerequisites to dovecot wiki. Regards, C?dric Le 20/03/2017 ? 15:45, Timo Sirainen a ?crit : > On 20 Mar 2017, at 13.24, C?dric ML wrote: >> Hello, >> >> I'm trying to migrate mail accounts from an old server to a new one. >> As I need to migrate dozens of accounts which take about 1G each, I need to do stateful sync to make my migration in two times : >> >> 1 - I run a : >> doveadm -D -o mail_fsync=never -o imapc_user=user1 at olddomain.fr sync -s "" -R -1 -u user1 at newdomain.fr imapc: > /tmp/firstsync.log 2>&1 >> >> my accounts are synced, and I get a "state" string (AQAAAHm4+Jk=) as the output of doveadm sync command. > Stateful synchronization requires at least imapc_features=modseq. That requires that the remote server supports CONDSTORE IMAP extension. And I'm still not entirely sure if that's enough. In general stateful replication isn't really supported with imapc. > From aki.tuomi at dovecot.fi Tue Mar 21 07:04:29 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 21 Mar 2017 09:04:29 +0200 Subject: Plugin "mail_crypt" - using folder keys In-Reply-To: <1548939649.31114.1490076040830.JavaMail.zimbra@remotesystems.ru> References: <406817759.137767.1485529114389.JavaMail.zimbra@remotesystems.ru> <16d8a273-457e-5a15-266e-4cf9bfe7eed2@dovecot.fi> <1548939649.31114.1490076040830.JavaMail.zimbra@remotesystems.ru> Message-ID: <522fb8bc-7fe9-49f4-7e8f-868e7c405877@dovecot.fi> On 21.03.2017 08:00, Evgeniy Korneechev wrote: > Hi! > >>> 2. If move a letter to another folder (or remove it), it will be unreadable. >>> Log: >>> imap(cloud): Error: read() failed: >>> read(/home/cloud/Maildir/.Sent.test/cur/1485528498.M838579P2267....) failed: >>> Decryption error: no private key available (uid=5, box=Sent.test, read reason=) >>> imap(cloud): Info: Internal error occurred. Refer to server log for more >>> information. >>> >>> or: >>> imap(cloud): Error: read() failed: >>> read(/home/cloud/Maildir/.Trash/cur/1485528906.M150750P3081....) failed: >>> Decryption error: no private key available >>> >>> How fix it? >>> >>> Thank you in advance. >> This seems to be a bug, and we are looking into it. > Is the bug fixed in the new version (2.2.28)? > Unfortunately we are not able to provide a fix until 2.2.29, but it's scheduled for next month. I could provide you with a patch you can try if you want, once it's there. Aki From aki.tuomi at dovecot.fi Tue Mar 21 07:06:18 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 21 Mar 2017 09:06:18 +0200 Subject: Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP] In-Reply-To: <09fc4411ec34ec687bb3d8e99308a7cb@gwarband.de> References: <1296888746.404.1490028121677@appsuite-dev.open-xchange.com> <0b1a6c1ee9b4c1776dab66441b0b917f@gwarband.de> <1351610456.593.1490036354953@appsuite-dev.open-xchange.com> <17cc8afbd322fcc1f940b2e4273ec176@gwarband.de> <2003971905.673.1490042950068@appsuite-dev.open-xchange.com> <09fc4411ec34ec687bb3d8e99308a7cb@gwarband.de> Message-ID: Could you copy LetsEncrypt.pem to a world-readable location, with world-readable rights, and see if this helps with your problem. I saw you tried with cat using su(do), but unfortunately supplementary groups are not always used with processes. Aki On 20.03.2017 23:09, info at gwarband.de wrote: > The one that works fine was my openxchange server, that loads contacts > from openldap. > > In my opinion I don't have installed a security framework list SELinux > or AppArmor. > > The output of namei -l /etc/ssl/certs/LetsEncrypt.pem > f: /etc/ssl/certs/LetsEncrypt.pem > drwxr-xr-x root root / > drwxr-xr-x root root etc > drwxr-xr-x root root ssl > drwxr-xr-x root root certs > lrwxrwxrwx root root LetsEncrypt.pem -> /etc/ssl/own/LetsEncrypt.crt > drwxr-xr-x root root / > drwxr-xr-x root root etc > drwxr-xr-x root root ssl > drwxr-x--- root ssl-cert own > -rw-r----- root ssl-cert LetsEncrypt.crt > > Tobias > > Am 2017-03-20 21:49, schrieb Aki Tuomi: >> Did you do some succesful lookup with something there? I can see few >> failed attempts and one that seems to have worked just fine. >> >> As pointed out earlier, are you using security frameworks like >> SELinux or AppArmor? Also, can you provide namei -l >> /etc/ssl/certs/LetsEncrypt.pem >> >> The failed attempts are really short, indicating a VERY early problem >> with SSL handshake. >> >> Aki >> >>> On March 20, 2017 at 9:24 PM info at gwarband.de wrote: >>> >>> >>> I have a new pcap from beginning to the end with openldap "TLS >>> negoiation failed" >>> >>> https://gwarband.de/openldap/tracefile.dump >>> >>> The sourceports are 45376 and 45377 >>> >>> Tobias >>> >>> Am 2017-03-20 19:59, schrieb Aki Tuomi: >>>> Well, those actually *reduce* the possible algorithms that can be >>>> used, so uncommenting those can make things worse. >>>> >>>> Anyways, your pcap seems incomplete, can you try again? >>>> >>>> Aki >>>> >>>>> On March 20, 2017 at 8:14 PM info at gwarband.de wrote: >>>>> >>>>> >>>>> I have also tested with 2.2.28 and this version has the same issue. >>>>> >>>>> The finding of compatible ciphers is not the problem because I have >>>>> uncommented the ldap entrys: >>>>> TLSCipherSuite >>>>> SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM >>>>> TLSProtocolMin 3.1 >>>>> >>>>> Maybe you have further ideas. >>>>> >>>>> Am 2017-03-20 17:42, schrieb Aki Tuomi: >>>>>>> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: >>>>>>> >>>>>>> >>>>>>> Can sombody say something about this request? >>>>>>> >>>>>>> This is an email from the openldap-technical mailinglist from >>>>>>> openldap. >>>>>>> >>>>>>> Systemdetails are mention in the other email. >>>>>>> >>>>>>> -------- Originalnachricht -------- >>>>>>> Betreff: Re: Dovecot can't connect to openldap over starttls >>>>>>> Datum: 2017-03-20 16:18 >>>>>>> Absender: Dan White >>>>>>> Empf?nger: info at gwarband.de >>>>>>> Kopie: openldap-technical at openldap.org >>>>>>> >>>>>>> On 03/20/17 16:06 +0100, info at gwarband.de wrote: >>>>>>>>> Debug Dovecot's implementation of ldap_start_tls_s(). >>>>>>>> I don't have any idea how to set a higher debug level to dovecot. >>>>>>>> In >>>>>>>> my opinion I have the highest. So I can't deliver a greater log. >>>>>>> >>>>>>> I recommend consulting Dovecot's advice on how to run a debugger, >>>>>>> or >>>>>>> dig >>>>>>> into the code which calls libldap. >>>>>> >>>>>> Hi! >>>>>> I just ran a quick test, and following things are needed: >>>>>> >>>>>> uris = ldap://ldap.host.com >>>>>> tls = yes >>>>>> tls_ca_cert_file = /path/to/cert-bundle.crt >>>>>> >>>>>> this has been tested with 2.2.28, and works just fine. Not sure why >>>>>> you are having issues. >>>>>> >>>>>> Of course this could be anything between not finding compatible >>>>>> ciphers to the LDAP server actually expecting client certificate, >>>>>> what >>>>>> with the logs not actually being too verbose unfortunately. There >>>>>> isn't too much to "debug" in Dovecot's TLS implementation, it's not >>>>>> doing anything fancy asides from calling the ldap_start_tls_s. >>>>>> >>>>>> I am not sure what debugging you could try further. >>>>>> >>>>>> Aki From info at gwarband.de Tue Mar 21 08:32:16 2017 From: info at gwarband.de (info at gwarband.de) Date: Tue, 21 Mar 2017 09:32:16 +0100 Subject: Dovecot can't connect to openldap over starttls [SOLVED] In-Reply-To: References: <1296888746.404.1490028121677@appsuite-dev.open-xchange.com> <0b1a6c1ee9b4c1776dab66441b0b917f@gwarband.de> <1351610456.593.1490036354953@appsuite-dev.open-xchange.com> <17cc8afbd322fcc1f940b2e4273ec176@gwarband.de> <2003971905.673.1490042950068@appsuite-dev.open-xchange.com> <09fc4411ec34ec687bb3d8e99308a7cb@gwarband.de> Message-ID: Thank you very much for this idea. I thought I have already tried this out. I have copy the *.crt to the official dir of ssl/cert and set the access to 644. And now all works correctly. Tobias Am 2017-03-21 08:06, schrieb Aki Tuomi: > Could you copy LetsEncrypt.pem to a world-readable location, with > world-readable rights, and see if this helps with your problem. I saw > you tried with cat using su(do), but unfortunately supplementary > groups > are not always used with processes. > > Aki > > > On 20.03.2017 23:09, info at gwarband.de wrote: >> The one that works fine was my openxchange server, that loads >> contacts >> from openldap. >> >> In my opinion I don't have installed a security framework list >> SELinux >> or AppArmor. >> >> The output of namei -l /etc/ssl/certs/LetsEncrypt.pem >> f: /etc/ssl/certs/LetsEncrypt.pem >> drwxr-xr-x root root / >> drwxr-xr-x root root etc >> drwxr-xr-x root root ssl >> drwxr-xr-x root root certs >> lrwxrwxrwx root root LetsEncrypt.pem -> >> /etc/ssl/own/LetsEncrypt.crt >> drwxr-xr-x root root / >> drwxr-xr-x root root etc >> drwxr-xr-x root root ssl >> drwxr-x--- root ssl-cert own >> -rw-r----- root ssl-cert LetsEncrypt.crt >> >> Tobias >> >> Am 2017-03-20 21:49, schrieb Aki Tuomi: >>> Did you do some succesful lookup with something there? I can see few >>> failed attempts and one that seems to have worked just fine. >>> >>> As pointed out earlier, are you using security frameworks like >>> SELinux or AppArmor? Also, can you provide namei -l >>> /etc/ssl/certs/LetsEncrypt.pem >>> >>> The failed attempts are really short, indicating a VERY early >>> problem >>> with SSL handshake. >>> >>> Aki >>> >>>> On March 20, 2017 at 9:24 PM info at gwarband.de wrote: >>>> >>>> >>>> I have a new pcap from beginning to the end with openldap "TLS >>>> negoiation failed" >>>> >>>> https://gwarband.de/openldap/tracefile.dump >>>> >>>> The sourceports are 45376 and 45377 >>>> >>>> Tobias >>>> >>>> Am 2017-03-20 19:59, schrieb Aki Tuomi: >>>>> Well, those actually *reduce* the possible algorithms that can be >>>>> used, so uncommenting those can make things worse. >>>>> >>>>> Anyways, your pcap seems incomplete, can you try again? >>>>> >>>>> Aki >>>>> >>>>>> On March 20, 2017 at 8:14 PM info at gwarband.de wrote: >>>>>> >>>>>> >>>>>> I have also tested with 2.2.28 and this version has the same >>>>>> issue. >>>>>> >>>>>> The finding of compatible ciphers is not the problem because I >>>>>> have >>>>>> uncommented the ldap entrys: >>>>>> TLSCipherSuite >>>>>> SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM >>>>>> TLSProtocolMin 3.1 >>>>>> >>>>>> Maybe you have further ideas. >>>>>> >>>>>> Am 2017-03-20 17:42, schrieb Aki Tuomi: >>>>>>>> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: >>>>>>>> >>>>>>>> >>>>>>>> Can sombody say something about this request? >>>>>>>> >>>>>>>> This is an email from the openldap-technical mailinglist from >>>>>>>> openldap. >>>>>>>> >>>>>>>> Systemdetails are mention in the other email. >>>>>>>> >>>>>>>> -------- Originalnachricht -------- >>>>>>>> Betreff: Re: Dovecot can't connect to openldap over starttls >>>>>>>> Datum: 2017-03-20 16:18 >>>>>>>> Absender: Dan White >>>>>>>> Empf?nger: info at gwarband.de >>>>>>>> Kopie: openldap-technical at openldap.org >>>>>>>> >>>>>>>> On 03/20/17 16:06 +0100, info at gwarband.de wrote: >>>>>>>>>> Debug Dovecot's implementation of ldap_start_tls_s(). >>>>>>>>> I don't have any idea how to set a higher debug level to >>>>>>>>> dovecot. >>>>>>>>> In >>>>>>>>> my opinion I have the highest. So I can't deliver a greater >>>>>>>>> log. >>>>>>>> >>>>>>>> I recommend consulting Dovecot's advice on how to run a >>>>>>>> debugger, >>>>>>>> or >>>>>>>> dig >>>>>>>> into the code which calls libldap. >>>>>>> >>>>>>> Hi! >>>>>>> I just ran a quick test, and following things are needed: >>>>>>> >>>>>>> uris = ldap://ldap.host.com >>>>>>> tls = yes >>>>>>> tls_ca_cert_file = /path/to/cert-bundle.crt >>>>>>> >>>>>>> this has been tested with 2.2.28, and works just fine. Not sure >>>>>>> why >>>>>>> you are having issues. >>>>>>> >>>>>>> Of course this could be anything between not finding compatible >>>>>>> ciphers to the LDAP server actually expecting client >>>>>>> certificate, >>>>>>> what >>>>>>> with the logs not actually being too verbose unfortunately. >>>>>>> There >>>>>>> isn't too much to "debug" in Dovecot's TLS implementation, it's >>>>>>> not >>>>>>> doing anything fancy asides from calling the ldap_start_tls_s. >>>>>>> >>>>>>> I am not sure what debugging you could try further. >>>>>>> >>>>>>> Aki From bgbhosale at yahoo.co.in Tue Mar 21 10:48:02 2017 From: bgbhosale at yahoo.co.in (Bhushan Bhosale) Date: Tue, 21 Mar 2017 10:48:02 +0000 (UTC) Subject: Help References: <250376433.650349.1490093282306.ref@mail.yahoo.com> Message-ID: <250376433.650349.1490093282306@mail.yahoo.com> Hello, I'm getting below error in /var/log/dovecot-proxy.log. Please help. Thanks in advance. Mar 21 14:40:36 tejas3 dovecot: director: Error: Director 192.168.1.11/in disconnected: Connection closed: Illegal seek (connected 0 secs, in=0 out=43, handshake ME not received Regards, Bhushan From ghooton at scins.ie Tue Mar 21 11:31:02 2017 From: ghooton at scins.ie (Ger Hooton Scoil =?utf-8?b?Q2hyb8OtIMONb3Nh?= Blarney) Date: Tue, 21 Mar 2017 11:31:02 +0000 Subject: New Member Message-ID: <20170321113102.EGroupware.ykpQ9o1Yeo6qd13351qGSLQ@www.scins.ie> Hi All, Before I start posting where /how can I check to see if the question I wish to ask about has already been covered? __________________________________________________ Please consider the environment before printing this email. Ger From aki.tuomi at dovecot.fi Tue Mar 21 11:34:11 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 21 Mar 2017 13:34:11 +0200 Subject: New Member In-Reply-To: <20170321113102.EGroupware.ykpQ9o1Yeo6qd13351qGSLQ@www.scins.ie> References: <20170321113102.EGroupware.ykpQ9o1Yeo6qd13351qGSLQ@www.scins.ie> Message-ID: <30e079f7-5284-262d-dfad-b3e896f04684@dovecot.fi> On 21.03.2017 13:31, Ger Hooton Scoil Chro? ?osa Blarney wrote: > > Hi All, > Before I start posting where /how can I check to see if the question I > wish to ask about has already been covered? > > __________________________________________________ > > Please consider the environment before printing this email. > Ger You could try looking at https://dovecot.org/list/dovecot/ or http://dovecot.markmail.org/ Aki From ghooton at scins.ie Tue Mar 21 11:55:43 2017 From: ghooton at scins.ie (Ger Hooton Scoil =?utf-8?b?Q2hyb8OtIMONb3Nh?= Blarney) Date: Tue, 21 Mar 2017 11:55:43 +0000 Subject: Problem with sieve_before Message-ID: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> Hi All, I cannot get the sieve_before to work. I have dovecot & sieve installed on Debian 7 as follows /etc/dovecot/conf.d/90-sieve.conf : plugin { # The path to the user's main active script. If ManageSieve is used, this the # location of the symbolic link controlled by ManageSieve. sieve = ~/.dovecot.sieve # The default Sieve script when the user has none. This is a path to a global # sieve script file, which gets executed ONLY if user's private Sieve script # doesn't exist. Be sure to pre-compile this script manually using the sievec # command line tool. # --> See sieve_before fore executing scripts before the user's personal # script. sieve_default = /var/lib/dovecot/sieve/default.sieve # Directory for :personal include scripts for the include extension. This # is also where the ManageSieve service stores the user's scripts. sieve_dir = ~/sieve/ # Directory for :global include scripts for the include extension. sieve_global_dir = /var/lib/dovecot/sieve/ # Path to a script file or a directory containing script files that need to be # executed before the user's script. If the path points to a directory, all # the Sieve scripts contained therein (with the proper .sieve extension) are # executed. The order of execution within a directory is determined by the # file names, using a normal 8bit per-character comparison. Multiple script # file or directory paths can be specified by appending an increasing number. sieve_before = /var/lib/dovecot/sieve/before #####sieve_before2 = /var/lib/dovecot/sieve/before/default2.sieve #sieve_before3 = (etc...) # Identical to sieve_before, only the specified scripts are executed after the # user's script (only when keep is still in effect!). Multiple script file or # directory paths can be specified by appending an increasing number. #sieve_after = #sieve_after2 = #sieve_after2 = (etc...) # Which Sieve language extensions are available to users. By default, all # supported extensions are available, except for deprecated extensions or # those that are still under development. Some system administrators may want # to disable certain Sieve extensions or enable those that are not available # by default. This setting can use '+' and '-' to specify differences relative # to the default. For example `sieve_extensions = +imapflags' will enable the # deprecated imapflags extension in addition to all extensions were already # enabled by default. #sieve_extensions = +notify +imapflags ................................. In /var/lib/dovecot/sieve/before I have : drwxrwxrwx 3 mail mail 4096 Mar 20 23:47 .. -rw-rw-rw- 1 root root 195 Mar 21 09:57 default2.svbin -rwxrwxrwx 1 mail mail 157 Mar 21 11:12 default2.sieve default2.sieve is as follows: require ["fileinto"]; if allof (header :matches "subject" "*JUNK*") { fileinto "INBOX.Junk"; } The users personal filters work. Thanks for your help. __________________________________________________ Please consider the environment before printing this email. Ger From yacinechaouche at yahoo.com Tue Mar 21 13:06:14 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Tue, 21 Mar 2017 13:06:14 +0000 (UTC) Subject: Problem with sieve_before In-Reply-To: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> Message-ID: <101607633.4600651.1490101574511@mail.yahoo.com> Hi Ger, sieve_before should be a path to sieve script file, not to a directory. in your configuration, you set sieve_before to /var/lib/dovecot/sieve/before which is a directory. what you need to do is figure out which sieve script you'd like to execute and its path rather. If you think that default2.sieve is the right script then set sieve_before to /var/lib/dovecot/sieve/before/default2.sieve -- Yassine. On Tuesday, March 21, 2017 12:56 PM, Ger Hooton Scoil Chro? ?osa Blarney wrote: > Hi All, > [...] > plugin { > [...] > > > sieve_before = /var/lib/dovecot/sieve/before >................................. > >In /var/lib/dovecot/sieve/before I have : > >drwxrwxrwx 3 mail mail 4096 Mar 20 23:47 .. > >-rw-rw-rw- 1 root root 195 Mar 21 09:57 default2.svbin > >-rwxrwxrwx 1 mail mail 157 Mar 21 11:12 default2.sieve > >default2.sieve is as follows: > >require ["fileinto"]; > >if allof (header :matches "subject" "*JUNK*") { > > fileinto "INBOX.Junk"; > >} From yacinechaouche at yahoo.com Tue Mar 21 13:08:13 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Tue, 21 Mar 2017 13:08:13 +0000 (UTC) Subject: New Member In-Reply-To: <30e079f7-5284-262d-dfad-b3e896f04684@dovecot.fi> References: <20170321113102.EGroupware.ykpQ9o1Yeo6qd13351qGSLQ@www.scins.ie> <30e079f7-5284-262d-dfad-b3e896f04684@dovecot.fi> Message-ID: <679871181.414444.1490101693207@mail.yahoo.com> Hello Ger, In addition, you can also check the dovecot archives at marc.info, here : http://marc.info/?l=dovecot -- Yassine. From ghooton at scins.ie Tue Mar 21 13:30:02 2017 From: ghooton at scins.ie (Ger Hooton Scoil =?utf-8?b?Q2hyb8OtIMONb3Nh?= Blarney) Date: Tue, 21 Mar 2017 13:30:02 +0000 Subject: Problem with sieve_before In-Reply-To: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> Message-ID: <20170321133002.EGroupware.3z9eqOO2mJcZ_wQ0QUmhk1m@www.scins.ie> Hi Yassine, That did not work, is there a way to see is the script is been run? ----------------original message----------------- From:chaouche yacine [yacinechaouche at yahoo.com ] To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], dovecot at dovecot.org Date:Tue, 21 Mar 2017 13:06:14 +0000 (UTC) ------------------------------------------------- > Hi Ger, > > sieve_before should be a path to sieve script file, not to a directory. > in your configuration, you set sieve_before to > /var/lib/dovecot/sieve/before which is a directory. > > what you need to do is figure out which sieve script you'd like to > execute and its path rather. > If you think that default2.sieve is the right script then set > sieve_before to /var/lib/dovecot/sieve/before/default2.sieve > > -- Yassine. > > > > > On Tuesday, March 21, 2017 12:56 PM, Ger Hooton Scoil Chro? ?osa > Blarney wrote: > > > > > >> Hi All, >> [...] > >> plugin { >> [...] >> >> >> sieve_before = /var/lib/dovecot/sieve/before >> ................................. >> >> In /var/lib/dovecot/sieve/before I have : >> >> drwxrwxrwx 3 mail mail 4096 Mar 20 23:47 .. >> >> -rw-rw-rw- 1 root root 195 Mar 21 09:57 default2.svbin >> >> -rwxrwxrwx 1 mail mail 157 Mar 21 11:12 default2.sieve >> >> default2.sieve is as follows: >> >> require ["fileinto"]; >> >> if allof (header :matches "subject" "*JUNK*") { >> >> fileinto "INBOX.Junk"; >> >> } > __________________________________________________ Please consider the environment before printing this email. Ger Hooton Systems Administrator Scoil Chro? ?osa Blarney. Blarney. Co. Cork From rgm at htt-consult.com Tue Mar 21 13:47:18 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Tue, 21 Mar 2017 09:47:18 -0400 Subject: Problem with sieve_before In-Reply-To: <20170321133002.EGroupware.3z9eqOO2mJcZ_wQ0QUmhk1m@www.scins.ie> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <20170321133002.EGroupware.3z9eqOO2mJcZ_wQ0QUmhk1m@www.scins.ie> Message-ID: <38a3ac46-d888-a39a-7408-a767b2d835e3@htt-consult.com> On 03/21/2017 09:30 AM, Ger Hooton Scoil Chro? ?osa Blarney wrote: > > Hi Yassine, > That did not work, is there a way to see is the script is been run? Perhaps it is an SELinux permissions problem? Try setenforce 0 to see? > ----------------original message----------------- > From:chaouche yacine [yacinechaouche at yahoo.com ] > To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], > dovecot at dovecot.org Date:Tue, 21 Mar 2017 13:06:14 +0000 (UTC) > ------------------------------------------------- > > >> Hi Ger, >> >> sieve_before should be a path to sieve script file, not to a directory. >> in your configuration, you set sieve_before to >> /var/lib/dovecot/sieve/before which is a directory. >> >> what you need to do is figure out which sieve script you'd like to >> execute and its path rather. >> If you think that default2.sieve is the right script then set >> sieve_before to /var/lib/dovecot/sieve/before/default2.sieve >> >> -- Yassine. >> >> >> >> >> On Tuesday, March 21, 2017 12:56 PM, Ger Hooton Scoil Chro? ?osa >> Blarney wrote: >> >> >> >> >> >>> Hi All, >>> [...] >> >>> plugin { >>> [...] >>> >>> >>> sieve_before = /var/lib/dovecot/sieve/before >>> ................................. >>> >>> In /var/lib/dovecot/sieve/before I have : >>> >>> drwxrwxrwx 3 mail mail 4096 Mar 20 23:47 .. >>> >>> -rw-rw-rw- 1 root root 195 Mar 21 09:57 default2.svbin >>> >>> -rwxrwxrwx 1 mail mail 157 Mar 21 11:12 default2.sieve >>> >>> default2.sieve is as follows: >>> >>> require ["fileinto"]; >>> >>> if allof (header :matches "subject" "*JUNK*") { >>> >>> fileinto "INBOX.Junk"; >>> >>> } >> > > __________________________________________________ > > Please consider the environment before printing this email. > Ger Hooton > Systems Administrator > Scoil Chro? ?osa Blarney. > Blarney. > Co. Cork > From rgm at htt-consult.com Tue Mar 21 14:03:03 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Tue, 21 Mar 2017 10:03:03 -0400 Subject: Problem with sieve_before In-Reply-To: <101607633.4600651.1490101574511@mail.yahoo.com> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <101607633.4600651.1490101574511@mail.yahoo.com> Message-ID: <2928fe4c-5811-f80c-7f9f-e379cd16829c@htt-consult.com> On 03/21/2017 09:06 AM, chaouche yacine wrote: > Hi Ger, > > sieve_before should be a path to sieve script file, not to a directory. > in your configuration, you set sieve_before to /var/lib/dovecot/sieve/before which is a directory. I don't get that reading: https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration Either file or directory. If a file, it searches for the svbin of that name, otherwise compiles your script. If directory, executes all in the directory. > what you need to do is figure out which sieve script you'd like to execute and its path rather. > If you think that default2.sieve is the right script then > > set sieve_before to /var/lib/dovecot/sieve/before/default2.sieve > > -- Yassine. > > > > > On Tuesday, March 21, 2017 12:56 PM, Ger Hooton Scoil Chro? ?osa Blarney wrote: > > > > > >> Hi All, >> [...] >> plugin { >> [...] >> >> >> sieve_before = /var/lib/dovecot/sieve/before >> ................................. >> >> In /var/lib/dovecot/sieve/before I have : >> >> drwxrwxrwx 3 mail mail 4096 Mar 20 23:47 .. >> >> -rw-rw-rw- 1 root root 195 Mar 21 09:57 default2.svbin >> >> -rwxrwxrwx 1 mail mail 157 Mar 21 11:12 default2.sieve >> >> default2.sieve is as follows: >> >> require ["fileinto"]; >> >> if allof (header :matches "subject" "*JUNK*") { >> >> fileinto "INBOX.Junk"; >> >> } From ghooton at scins.ie Tue Mar 21 14:05:17 2017 From: ghooton at scins.ie (Ger Hooton Scoil =?utf-8?b?Q2hyb8OtIMONb3Nh?= Blarney) Date: Tue, 21 Mar 2017 14:05:17 +0000 Subject: Problem with sieve_before In-Reply-To: <20170321133002.EGroupware.3z9eqOO2mJcZ_wQ0QUmhk1m@www.scins.ie> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <20170321133002.EGroupware.3z9eqOO2mJcZ_wQ0QUmhk1m@www.scins.ie> Message-ID: <20170321140517.EGroupware.RjukNvIPpanYWMRPo3yC_Vp@www.scins.ie> Thanks Robert, how do I do that? ----------------original message----------------- From:Robert Moskowitz [rgm at htt-consult.com ] To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], chaouche yacine [yacinechaouche at yahoo.com ], dovecot at dovecot.org Date:Tue, 21 Mar 2017 09:47:18 -0400 ------------------------------------------------- > > > On 03/21/2017 09:30 AM, Ger Hooton Scoil Chro? ?osa Blarney wrote: >> >> Hi Yassine, >> That did not work, is there a way to see is the script is been run? > > Perhaps it is an SELinux permissions problem? Try setenforce 0 to see? > >> ----------------original message----------------- >> From:chaouche yacine [yacinechaouche at yahoo.com ] >> To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], >> dovecot at dovecot.org Date:Tue, 21 Mar 2017 13:06:14 +0000 (UTC) >> ------------------------------------------------- >> >> >>> Hi Ger, >>> >>> sieve_before should be a path to sieve script file, not to a directory. >>> in your configuration, you set sieve_before to >>> /var/lib/dovecot/sieve/before which is a directory. >>> >>> what you need to do is figure out which sieve script you'd like to >>> execute and its path rather. >>> If you think that default2.sieve is the right script then set >>> sieve_before to /var/lib/dovecot/sieve/before/default2.sieve >>> >>> -- Yassine. >>> >>> >>> >>> >>> On Tuesday, March 21, 2017 12:56 PM, Ger Hooton Scoil Chro? ?osa >>> Blarney wrote: >>> >>> >>> >>> >>> >>>> Hi All, >>>> [...] >>> >>>> plugin { >>>> [...] >>>> >>>> >>>> sieve_before = /var/lib/dovecot/sieve/before >>>> ................................. >>>> >>>> In /var/lib/dovecot/sieve/before I have : >>>> >>>> drwxrwxrwx 3 mail mail 4096 Mar 20 23:47 .. >>>> >>>> -rw-rw-rw- 1 root root 195 Mar 21 09:57 default2.svbin >>>> >>>> -rwxrwxrwx 1 mail mail 157 Mar 21 11:12 default2.sieve >>>> >>>> default2.sieve is as follows: >>>> >>>> require ["fileinto"]; >>>> >>>> if allof (header :matches "subject" "*JUNK*") { >>>> >>>> fileinto "INBOX.Junk"; >>>> >>>> } >>> >> >> __________________________________________________ >> >> Please consider the environment before printing this email. >> Ger Hooton >> Systems Administrator >> Scoil Chro? ?osa Blarney. >> Blarney. >> Co. Cork >> > > __________________________________________________ Please consider the environment before printing this email. Ger Hooton Systems Administrator Scoil Chro? ?osa Blarney. Blarney. Co. Cork From ghooton at scins.ie Tue Mar 21 14:14:19 2017 From: ghooton at scins.ie (Ger Hooton Scoil =?utf-8?b?Q2hyb8OtIMONb3Nh?= Blarney) Date: Tue, 21 Mar 2017 14:14:19 +0000 Subject: Problem with sieve_before[solved] In-Reply-To: <20170321133002.EGroupware.3z9eqOO2mJcZ_wQ0QUmhk1m@www.scins.ie> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <20170321133002.EGroupware.3z9eqOO2mJcZ_wQ0QUmhk1m@www.scins.ie> Message-ID: <20170321141419.EGroupware.674FU-QjX-TD6jVLlhlSa1m@www.scins.ie> I did chmod -R 777 /var/lib/dovecot and it worked. I just need to figure out what the correct setting are. Thanks everyone //Ger ----------------original message----------------- From:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ] To:Robert Moskowitz [rgm at htt-consult.com ], chaouche yacine [yacinechaouche at yahoo.com ], dovecot at dovecot.org Date:Tue, 21 Mar 2017 14:05:17 +0000 ------------------------------------------------- > > Thanks Robert, how do I do that? > > > > ----------------original message----------------- > From:Robert Moskowitz [rgm at htt-consult.com ] > To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], chaouche > yacine [yacinechaouche at yahoo.com ], dovecot at dovecot.org Date:Tue, 21 > Mar 2017 09:47:18 -0400 > ------------------------------------------------- > > >> >> >> On 03/21/2017 09:30 AM, Ger Hooton Scoil Chro? ?osa Blarney wrote: >>> >>> Hi Yassine, >>> That did not work, is there a way to see is the script is been run? >> >> Perhaps it is an SELinux permissions problem? Try setenforce 0 to see? >> >>> ----------------original message----------------- >>> From:chaouche yacine [yacinechaouche at yahoo.com ] >>> To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], >>> dovecot at dovecot.org Date:Tue, 21 Mar 2017 13:06:14 +0000 (UTC) >>> ------------------------------------------------- >>> >>> >>>> Hi Ger, >>>> >>>> sieve_before should be a path to sieve script file, not to a directory. >>>> in your configuration, you set sieve_before to >>>> /var/lib/dovecot/sieve/before which is a directory. >>>> >>>> what you need to do is figure out which sieve script you'd like >>>> to execute and its path rather. >>>> If you think that default2.sieve is the right script then set >>>> sieve_before to /var/lib/dovecot/sieve/before/default2.sieve >>>> >>>> -- Yassine. >>>> >>>> >>>> >>>> >>>> On Tuesday, March 21, 2017 12:56 PM, Ger Hooton Scoil Chro? ?osa >>>> Blarney wrote: >>>> >>>> >>>> >>>> >>>> >>>>> Hi All, >>>>> [...] >>>> >>>>> plugin { >>>>> [...] >>>>> >>>>> >>>>> sieve_before = /var/lib/dovecot/sieve/before >>>>> ................................. >>>>> >>>>> In /var/lib/dovecot/sieve/before I have : >>>>> >>>>> drwxrwxrwx 3 mail mail 4096 Mar 20 23:47 .. >>>>> >>>>> -rw-rw-rw- 1 root root 195 Mar 21 09:57 default2.svbin >>>>> >>>>> -rwxrwxrwx 1 mail mail 157 Mar 21 11:12 default2.sieve >>>>> >>>>> default2.sieve is as follows: >>>>> >>>>> require ["fileinto"]; >>>>> >>>>> if allof (header :matches "subject" "*JUNK*") { >>>>> >>>>> fileinto "INBOX.Junk"; >>>>> >>>>> } >>>> >>> >>> __________________________________________________ >>> >>> Please consider the environment before printing this email. >>> Ger Hooton >>> Systems Administrator >>> Scoil Chro? ?osa Blarney. >>> Blarney. >>> Co. Cork >>> >> >> > > __________________________________________________ > > Please consider the environment before printing this email. > Ger Hooton > Systems Administrator > Scoil Chro? ?osa Blarney. > Blarney. > Co. Cork > __________________________________________________ Please consider the environment before printing this email. Ger Hooton Systems Administrator Scoil Chro? ?osa Blarney. Blarney. Co. Cork From rgm at htt-consult.com Tue Mar 21 14:20:34 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Tue, 21 Mar 2017 10:20:34 -0400 Subject: Problem with sieve_before[solved] In-Reply-To: <20170321141419.EGroupware.674FU-QjX-TD6jVLlhlSa1m@www.scins.ie> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <20170321133002.EGroupware.3z9eqOO2mJcZ_wQ0QUmhk1m@www.scins.ie> <20170321141419.EGroupware.674FU-QjX-TD6jVLlhlSa1m@www.scins.ie> Message-ID: <78e6f70e-d289-bd3d-e01b-791de60a57bf@htt-consult.com> ownership may also have been the issue, but we will no know what the permissions were before you changed them. I would have tried chown -R vmail:mail /var/lib/dovecot Where vmail:mail is the user:group dovecot is running with. This is how I do it. On 03/21/2017 10:14 AM, Ger Hooton Scoil Chro? ?osa Blarney wrote: > > I did chmod -R 777 /var/lib/dovecot and it worked. > I just need to figure out what the correct setting are. > Thanks everyone > //Ger > > > > ----------------original message----------------- > From:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ] > To:Robert Moskowitz [rgm at htt-consult.com ], chaouche yacine > [yacinechaouche at yahoo.com ], dovecot at dovecot.org Date:Tue, 21 Mar 2017 > 14:05:17 +0000 > ------------------------------------------------- > > >> >> Thanks Robert, how do I do that? >> >> >> >> ----------------original message----------------- >> From:Robert Moskowitz [rgm at htt-consult.com ] >> To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], chaouche >> yacine [yacinechaouche at yahoo.com ], dovecot at dovecot.org Date:Tue, 21 >> Mar 2017 09:47:18 -0400 >> ------------------------------------------------- >> >> >>> >>> >>> On 03/21/2017 09:30 AM, Ger Hooton Scoil Chro? ?osa Blarney wrote: >>>> >>>> Hi Yassine, >>>> That did not work, is there a way to see is the script is been run? >>> >>> Perhaps it is an SELinux permissions problem? Try setenforce 0 to see? >>> >>>> ----------------original message----------------- >>>> From:chaouche yacine [yacinechaouche at yahoo.com ] >>>> To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], >>>> dovecot at dovecot.org Date:Tue, 21 Mar 2017 13:06:14 +0000 (UTC) >>>> ------------------------------------------------- >>>> >>>> >>>>> Hi Ger, >>>>> >>>>> sieve_before should be a path to sieve script file, not to a >>>>> directory. >>>>> in your configuration, you set sieve_before to >>>>> /var/lib/dovecot/sieve/before which is a directory. >>>>> >>>>> what you need to do is figure out which sieve script you'd like to >>>>> execute and its path rather. >>>>> If you think that default2.sieve is the right script then set >>>>> sieve_before to /var/lib/dovecot/sieve/before/default2.sieve >>>>> >>>>> -- Yassine. >>>>> >>>>> >>>>> >>>>> >>>>> On Tuesday, March 21, 2017 12:56 PM, Ger Hooton Scoil Chro? ?osa >>>>> Blarney wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> Hi All, >>>>>> [...] >>>>> >>>>>> plugin { >>>>>> [...] >>>>>> >>>>>> >>>>>> sieve_before = /var/lib/dovecot/sieve/before >>>>>> ................................. >>>>>> >>>>>> In /var/lib/dovecot/sieve/before I have : >>>>>> >>>>>> drwxrwxrwx 3 mail mail 4096 Mar 20 23:47 .. >>>>>> >>>>>> -rw-rw-rw- 1 root root 195 Mar 21 09:57 default2.svbin >>>>>> >>>>>> -rwxrwxrwx 1 mail mail 157 Mar 21 11:12 default2.sieve >>>>>> >>>>>> default2.sieve is as follows: >>>>>> >>>>>> require ["fileinto"]; >>>>>> >>>>>> if allof (header :matches "subject" "*JUNK*") { >>>>>> >>>>>> fileinto "INBOX.Junk"; >>>>>> >>>>>> } >>>>> >>>> >>>> __________________________________________________ >>>> >>>> Please consider the environment before printing this email. >>>> Ger Hooton >>>> Systems Administrator >>>> Scoil Chro? ?osa Blarney. >>>> Blarney. >>>> Co. Cork >>>> >>> >>> >> >> __________________________________________________ >> >> Please consider the environment before printing this email. >> Ger Hooton >> Systems Administrator >> Scoil Chro? ?osa Blarney. >> Blarney. >> Co. Cork >> > > __________________________________________________ > > Please consider the environment before printing this email. > Ger Hooton > Systems Administrator > Scoil Chro? ?osa Blarney. > Blarney. > Co. Cork > From ghooton at scins.ie Tue Mar 21 14:27:55 2017 From: ghooton at scins.ie (Ger Hooton Scoil =?utf-8?b?Q2hyb8OtIMONb3Nh?= Blarney) Date: Tue, 21 Mar 2017 14:27:55 +0000 Subject: Problem with sieve_before[solved] In-Reply-To: <20170321141419.EGroupware.674FU-QjX-TD6jVLlhlSa1m@www.scins.ie> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <20170321133002.EGroupware.3z9eqOO2mJcZ_wQ0QUmhk1m@www.scins.ie> <20170321141419.EGroupware.674FU-QjX-TD6jVLlhlSa1m@www.scins.ie> Message-ID: <20170321142755.EGroupware.4cImhV7ptUJ2fPFDcKwXK96@www.scins.ie> I have a backup so I can look at that. ----------------original message----------------- From:Robert Moskowitz [rgm at htt-consult.com ] To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], chaouche yacine [yacinechaouche at yahoo.com ], dovecot at dovecot.org Date:Tue, 21 Mar 2017 10:20:34 -0400 ------------------------------------------------- > ownership may also have been the issue, but we will no know what the > permissions were before you changed them. > > I would have tried > > chown -R vmail:mail /var/lib/dovecot > > Where vmail:mail is the user:group dovecot is running with. This is > how I do it. > > On 03/21/2017 10:14 AM, Ger Hooton Scoil Chro? ?osa Blarney wrote: >> >> I did chmod -R 777 /var/lib/dovecot and it worked. >> I just need to figure out what the correct setting are. >> Thanks everyone >> //Ger >> >> >> >> ----------------original message----------------- >> From:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ] >> To:Robert Moskowitz [rgm at htt-consult.com ], chaouche yacine >> [yacinechaouche at yahoo.com ], dovecot at dovecot.org Date:Tue, 21 Mar >> 2017 14:05:17 +0000 >> ------------------------------------------------- >> >> >>> >>> Thanks Robert, how do I do that? >>> >>> >>> >>> ----------------original message----------------- >>> From:Robert Moskowitz [rgm at htt-consult.com ] >>> To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], >>> chaouche yacine [yacinechaouche at yahoo.com ], dovecot at dovecot.org >>> Date:Tue, 21 Mar 2017 09:47:18 -0400 >>> ------------------------------------------------- >>> >>> >>>> >>>> >>>> On 03/21/2017 09:30 AM, Ger Hooton Scoil Chro? ?osa Blarney wrote: >>>>> >>>>> Hi Yassine, >>>>> That did not work, is there a way to see is the script is been run? >>>> >>>> Perhaps it is an SELinux permissions problem? Try setenforce 0 to see? >>>> >>>>> ----------------original message----------------- >>>>> From:chaouche yacine [yacinechaouche at yahoo.com ] >>>>> To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], >>>>> dovecot at dovecot.org Date:Tue, 21 Mar 2017 13:06:14 +0000 (UTC) >>>>> ------------------------------------------------- >>>>> >>>>> >>>>>> Hi Ger, >>>>>> >>>>>> sieve_before should be a path to sieve script file, not to a directory. >>>>>> in your configuration, you set sieve_before to >>>>>> /var/lib/dovecot/sieve/before which is a directory. >>>>>> >>>>>> what you need to do is figure out which sieve script you'd like >>>>>> to execute and its path rather. >>>>>> If you think that default2.sieve is the right script then set >>>>>> sieve_before to /var/lib/dovecot/sieve/before/default2.sieve >>>>>> >>>>>> -- Yassine. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Tuesday, March 21, 2017 12:56 PM, Ger Hooton Scoil Chro? >>>>>> ?osa Blarney wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Hi All, >>>>>>> [...] >>>>>> >>>>>>> plugin { >>>>>>> [...] >>>>>>> >>>>>>> >>>>>>> sieve_before = /var/lib/dovecot/sieve/before >>>>>>> ................................. >>>>>>> >>>>>>> In /var/lib/dovecot/sieve/before I have : >>>>>>> >>>>>>> drwxrwxrwx 3 mail mail 4096 Mar 20 23:47 .. >>>>>>> >>>>>>> -rw-rw-rw- 1 root root 195 Mar 21 09:57 default2.svbin >>>>>>> >>>>>>> -rwxrwxrwx 1 mail mail 157 Mar 21 11:12 default2.sieve >>>>>>> >>>>>>> default2.sieve is as follows: >>>>>>> >>>>>>> require ["fileinto"]; >>>>>>> >>>>>>> if allof (header :matches "subject" "*JUNK*") { >>>>>>> >>>>>>> fileinto "INBOX.Junk"; >>>>>>> >>>>>>> } >>>>>> >>>>> >>>>> __________________________________________________ >>>>> >>>>> Please consider the environment before printing this email. >>>>> Ger Hooton >>>>> Systems Administrator >>>>> Scoil Chro? ?osa Blarney. >>>>> Blarney. >>>>> Co. Cork >>>>> >>>> >>>> >>> >>> __________________________________________________ >>> >>> Please consider the environment before printing this email. >>> Ger Hooton >>> Systems Administrator >>> Scoil Chro? ?osa Blarney. >>> Blarney. >>> Co. Cork >>> >> >> __________________________________________________ >> >> Please consider the environment before printing this email. >> Ger Hooton >> Systems Administrator >> Scoil Chro? ?osa Blarney. >> Blarney. >> Co. Cork >> > __________________________________________________ Please consider the environment before printing this email. Ger Hooton Systems Administrator Scoil Chro? ?osa Blarney. Blarney. Co. Cork From ghooton at scins.ie Tue Mar 21 14:50:38 2017 From: ghooton at scins.ie (Ger Hooton Scoil =?utf-8?b?Q2hyb8OtIMONb3Nh?= Blarney) Date: Tue, 21 Mar 2017 14:50:38 +0000 Subject: Problem with sieve_before[solved] In-Reply-To: <20170321141419.EGroupware.674FU-QjX-TD6jVLlhlSa1m@www.scins.ie> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <20170321133002.EGroupware.3z9eqOO2mJcZ_wQ0QUmhk1m@www.scins.ie> <20170321141419.EGroupware.674FU-QjX-TD6jVLlhlSa1m@www.scins.ie> Message-ID: <20170321145038.EGroupware.oe2toSD5Cf2kGy8ZYjYWJrm@www.scins.ie> On my Debian 7 system I do not have a uid vmail ----------------original message----------------- From:Robert Moskowitz [rgm at htt-consult.com ] To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], chaouche yacine [yacinechaouche at yahoo.com ], dovecot at dovecot.org Date:Tue, 21 Mar 2017 10:20:34 -0400 ------------------------------------------------- > ownership may also have been the issue, but we will no know what the > permissions were before you changed them. > > I would have tried > > chown -R vmail:mail /var/lib/dovecot > > Where vmail:mail is the user:group dovecot is running with. This is > how I do it. > > On 03/21/2017 10:14 AM, Ger Hooton Scoil Chro? ?osa Blarney wrote: >> >> I did chmod -R 777 /var/lib/dovecot and it worked. >> I just need to figure out what the correct setting are. >> Thanks everyone >> //Ger >> >> >> >> ----------------original message----------------- >> From:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ] >> To:Robert Moskowitz [rgm at htt-consult.com ], chaouche yacine >> [yacinechaouche at yahoo.com ], dovecot at dovecot.org Date:Tue, 21 Mar >> 2017 14:05:17 +0000 >> ------------------------------------------------- >> >> >>> >>> Thanks Robert, how do I do that? >>> >>> >>> >>> ----------------original message----------------- >>> From:Robert Moskowitz [rgm at htt-consult.com ] >>> To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], >>> chaouche yacine [yacinechaouche at yahoo.com ], dovecot at dovecot.org >>> Date:Tue, 21 Mar 2017 09:47:18 -0400 >>> ------------------------------------------------- >>> >>> >>>> >>>> >>>> On 03/21/2017 09:30 AM, Ger Hooton Scoil Chro? ?osa Blarney wrote: >>>>> >>>>> Hi Yassine, >>>>> That did not work, is there a way to see is the script is been run? >>>> >>>> Perhaps it is an SELinux permissions problem? Try setenforce 0 to see? >>>> >>>>> ----------------original message----------------- >>>>> From:chaouche yacine [yacinechaouche at yahoo.com ] >>>>> To:Ger Hooton Scoil Chro? ?osa Blarney [ghooton at scins.ie ], >>>>> dovecot at dovecot.org Date:Tue, 21 Mar 2017 13:06:14 +0000 (UTC) >>>>> ------------------------------------------------- >>>>> >>>>> >>>>>> Hi Ger, >>>>>> >>>>>> sieve_before should be a path to sieve script file, not to a directory. >>>>>> in your configuration, you set sieve_before to >>>>>> /var/lib/dovecot/sieve/before which is a directory. >>>>>> >>>>>> what you need to do is figure out which sieve script you'd like >>>>>> to execute and its path rather. >>>>>> If you think that default2.sieve is the right script then set >>>>>> sieve_before to /var/lib/dovecot/sieve/before/default2.sieve >>>>>> >>>>>> -- Yassine. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Tuesday, March 21, 2017 12:56 PM, Ger Hooton Scoil Chro? >>>>>> ?osa Blarney wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Hi All, >>>>>>> [...] >>>>>> >>>>>>> plugin { >>>>>>> [...] >>>>>>> >>>>>>> >>>>>>> sieve_before = /var/lib/dovecot/sieve/before >>>>>>> ................................. >>>>>>> >>>>>>> In /var/lib/dovecot/sieve/before I have : >>>>>>> >>>>>>> drwxrwxrwx 3 mail mail 4096 Mar 20 23:47 .. >>>>>>> >>>>>>> -rw-rw-rw- 1 root root 195 Mar 21 09:57 default2.svbin >>>>>>> >>>>>>> -rwxrwxrwx 1 mail mail 157 Mar 21 11:12 default2.sieve >>>>>>> >>>>>>> default2.sieve is as follows: >>>>>>> >>>>>>> require ["fileinto"]; >>>>>>> >>>>>>> if allof (header :matches "subject" "*JUNK*") { >>>>>>> >>>>>>> fileinto "INBOX.Junk"; >>>>>>> >>>>>>> } >>>>>> >>>>> >>>>> __________________________________________________ >>>>> >>>>> Please consider the environment before printing this email. >>>>> Ger Hooton >>>>> Systems Administrator >>>>> Scoil Chro? ?osa Blarney. >>>>> Blarney. >>>>> Co. Cork >>>>> >>>> >>>> >>> >>> __________________________________________________ >>> >>> Please consider the environment before printing this email. >>> Ger Hooton >>> Systems Administrator >>> Scoil Chro? ?osa Blarney. >>> Blarney. >>> Co. Cork >>> >> >> __________________________________________________ >> >> Please consider the environment before printing this email. >> Ger Hooton >> Systems Administrator >> Scoil Chro? ?osa Blarney. >> Blarney. >> Co. Cork >> > __________________________________________________ Please consider the environment before printing this email. Ger Hooton Systems Administrator Scoil Chro? ?osa Blarney. Blarney. Co. Cork From yacinechaouche at yahoo.com Tue Mar 21 15:32:01 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Tue, 21 Mar 2017 15:32:01 +0000 (UTC) Subject: Problem with sieve_before In-Reply-To: <2928fe4c-5811-f80c-7f9f-e379cd16829c@htt-consult.com> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <101607633.4600651.1490101574511@mail.yahoo.com> <2928fe4c-5811-f80c-7f9f-e379cd16829c@htt-consult.com> Message-ID: <521378968.310930.1490110321356@mail.yahoo.com> >On Tuesday, March 21, 2017 3:03 PM, Robert Moskowitz wrote: >On 03/21/2017 09:06 AM, chaouche yacine wrote: >> Hi Ger, >> >> sieve_before should be a path to sieve script file, not to a directory. >> in your configuration, you set sieve_before to /var/lib/dovecot/sieve/before which is a directory. >I don't get that reading: >https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration > >Either file or directory. If a file, it searches for the svbin of that >name, otherwise compiles your script. If directory, executes all in the > >directory. Well spotted Robert, I didn't know that. It also says here https://wiki2.dovecot.org/Pigeonhole/Sieve/Usage#scriptcompile that one must be aware of permission issues with auto-compiled scripts : if the system user used by sieve to compile the script doesn't have write access to the directory where the script lives then it can't write the compiled version in that location. This is why one should consider pre-compiling scripts himself to make sure the compiled version is written to disk As mentionned in the link you gave : "IMPORTANT: Be sure to manually pre-compile the scripts specified by sieve_before and sieve_after using the sievec tool, as explained here." -- Yassine From bappasaheb.nirmal at qlc.in Tue Mar 21 16:50:25 2017 From: bappasaheb.nirmal at qlc.in (Bappasaheb Nirmal) Date: Tue, 21 Mar 2017 22:20:25 +0530 Subject: dovecot POP3 log shows too many identical RETR entries Message-ID: <58D159D1.3010002@qlc.in> Hello, Dovecot log is showing too many POP3 RETR entries which are identical lines. I also suspect that it is causing high pop traffic eating most of the network bandwidth. Here are some of the lines out of 11009 in a day. Such pattern is observed only for few users. dovecot version is 2.1.17. ============== Mar 20 00:00:07 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716 Mar 20 00:00:07 pi3 dovecot: pop3-login: Login: user=, method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=26645, secured, session=<5CGrmRlLyAAr861h> Mar 20 00:00:10 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716 Mar 20 00:00:11 pi3 dovecot: pop3-login: Login: user=, method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=29932, secured, session= Mar 20 00:00:12 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716 Mar 20 00:00:13 pi3 dovecot: pop3-login: Login: user=, method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=26819, secured, session=<3DX6mRlLUQAr861h> Mar 20 00:00:14 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716 Mar 20 00:00:15 pi3 dovecot: pop3-login: Login: user=, method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=9636, secured, session= Mar 20 00:00:16 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716 Mar 20 00:00:17 pi3 dovecot: pop3-login: Login: user=, method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=4585, secured, session=<8Yw+mhlL0AAr861h> Mar 20 00:00:18 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716 Mar 20 00:00:18 pi3 dovecot: pop3-login: Login: user=, method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=30049, secured, session= Mar 20 00:00:19 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716 Mar 20 00:00:20 pi3 dovecot: pop3-login: Login: user=, method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=9636, secured, session= Mar 20 00:00:20 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716 Mar 20 00:00:20 pi3 dovecot: pop3-login: Login: user=, method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=4584, secured, session= Mar 20 00:00:21 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716 Mar 20 00:00:23 pi3 dovecot: pop3-login: Login: user=, method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=4585, secured, session= References: Message-ID: Now I'm seeing a bunch of these: 02:28 bubba dovecot: dsync-local(user at mydomain.com): Error: bzlib.read(/var/mail/mydomain.com/user/mdbox/storage/m.20): corrupted data at 24123649 Mar 21 11:02:28 bubba dovecot: dsync-local(user at mydomain.com): Error: dsync(oldserver.host): read(zlib(/var/mail/mydomain.com/user/mdbox/storage/m.20)) failed: read(/var/mail/mydomain.com/user/mdbox/storage/m.20) failed: bzlib.read(/var/mail/mydomain.com/user/mdbox/storage/m.20): corrupted data at 24123649 (last sent=mail, last recv=mail_request (EOL)) Mar 21 11:02:28 bubba dovecot: doveadm: Error: dsync-remote(user at mydomain.com): Error: dsync(localhost): read() failed: read((fd)) failed: dot-input stream ends without '.' line (last sent=mail_request (EOL), last recv=mail) Daniel On 3/20/2017 11:30 PM, Daniel Miller wrote: > I'm getting close - I believe I have one-way replication processing > now. It's amazing watching the mails magically appear in the new > server! I'll tender some updates to the wiki in the hopes it will > help others. > > At this time, I have two errors I haven't been able to eliminate with > config changes: > > dovecot: doveadm: Error: dsync-remote(user at mydomain.com): Warning: > Transaction log file > /var/mail/mydomain.com/user/sdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.log > was locked for 109 seconds (rotating while syncing) > Mar 20 23:22:04 bubba dovecot: dsync-local(user at mydomain.com): Error: > Remote command returned error 75: ssh -lvmail 192.168.0.4 doveadm > dsync-server -uuser at mydomain.com > > I don't know if the transaction lock issue will fix itself via > repeated replication runs. But I have no idea what the "error 75" is. > > Daniel > > > On 3/20/2017 10:05 PM, Daniel Miller wrote: >> I have an existing server using mdbox & sis. There is a quantity of >> corruption - I have no idea where it came in. I'd had a previous >> rebuild some years ago and I thought I had a clean datastore. By >> "corruption" I mean missing attachments and either missing or >> mixed-up emails. >> >> I've setup a new server on a virtual machine. Instead of copying the >> old configs I hand-adjusted individual settings using the current >> distribution example. The new server is running...but empty. >> >> So now my intent is to migrate the mail to the new machine. A few >> items to note: >> 1. The existing mail server is the virtual host. The mails are >> stored locally, in mdbox format, with sis enabled. And possibly zlib. >> 2. The new server, via VirtualBox, is presently configured for >> Maildir. I may change to sdbox - I'm now a little reserved about mdbox. >> 3. Instead of storing the mails within the virtual machine, I'm >> using the host's drive. This is via an exported NFS4 folder from the >> host, mounted on the guest, using the options: >> "auto,noatime,hard,intr,async,nordirplus". >> 4. My intent is to have the new virtual server become the primary >> mail server. The mail store will continue to be accessed by NFS4. No >> other servers or processes (besides backup) should access the mail >> store. >> >> So...my question is what is the best method for the migration? >> >> Reading the docs on Dovecot replication I'm still very unsure of how >> to implement it - particularly the "master-master" or "master-client" >> relationships. The docs are not 100% clear on which server gets >> which options. I can guess...which I'd really rather not do. But it >> seems to me getting one-way replication working would be the most >> "elegant" solution here. >> >> Manual dsync is also an option - but again I'm not on which machine I >> should execute which options. >> >> Imapsync is a possibility and the syntax is clear - but very slow in >> execution for 100k mails. >> >> Any suggestions or pointers would be welcome. >> From rgm at htt-consult.com Tue Mar 21 18:06:29 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Tue, 21 Mar 2017 14:06:29 -0400 Subject: Problem with sieve_before In-Reply-To: <521378968.310930.1490110321356@mail.yahoo.com> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <101607633.4600651.1490101574511@mail.yahoo.com> <2928fe4c-5811-f80c-7f9f-e379cd16829c@htt-consult.com> <521378968.310930.1490110321356@mail.yahoo.com> Message-ID: On 03/21/2017 11:32 AM, chaouche yacine wrote: >> On Tuesday, March 21, 2017 3:03 PM, Robert Moskowitz wrote: >> On 03/21/2017 09:06 AM, chaouche yacine wrote: >>> Hi Ger, >>> >>> sieve_before should be a path to sieve script file, not to a directory. >>> in your configuration, you set sieve_before to /var/lib/dovecot/sieve/before which is a directory. >> I don't get that reading: >> https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration >> >> Either file or directory. If a file, it searches for the svbin of that >> name, otherwise compiles your script. If directory, executes all in the >> >> directory. > Well spotted Robert, I didn't know that. It also says here https://wiki2.dovecot.org/Pigeonhole/Sieve/Usage#scriptcompile that one must be aware of permission issues with auto-compiled scripts : if the system user used by sieve to compile the script doesn't have write access to the directory where the script lives then it can't write the compiled version in that location. This is why one should consider pre-compiling scripts himself to make sure the compiled version is written to disk > > As mentionned in the link you gave : > > "IMPORTANT: Be sure to manually pre-compile the scripts specified by sieve_before and sieve_after using the sievec tool, as explained here." The howto I am making has: mkdir /home/sieve cat </home/sieve/globalfilter.sieve || exit 1 require "fileinto"; if anyof ( header :contains "X-Spam-Flag" "YES", header :contains "subject" "***SPAM***" ) { fileinto "Spam"; } EOF sievec /home/sieve/globalfilter.sieve chown -R vmail:mail /home/sieve With: sed -i -e "s/#sieve_before =/sieve_before = \/home\/sieve\/globalfilter.sieve/w /dev/stdout" /etc/dovecot/conf.d/90-sieve.conf From samuel at yayabo.inf.cu Tue Mar 21 21:43:26 2017 From: samuel at yayabo.inf.cu (Samuel Reina Calvo) Date: Tue, 21 Mar 2017 17:43:26 -0400 Subject: getmail with dovecot delivering problems Message-ID: Hi there, I put together a mail server with postfix+dovecot+mysql with virtual users and it works just fine as internal mail server, but when i put ir under a multidrop email server it sends ok but so far coulnd make getmail to deliver mails correctly. the use of getmail + dovecot downloads email via pop3 but then put all the emails in the same inbox. my maildir is /var/vmail/[domain] getmalirc conf is [retriever]type = MultidropPOP3Retriver server username password envelope_recipient = delivered-to:1 [destination] type = MDA_external path = /usr/local/libexec/dovecot/deliverthen when i run sudo -H -u vmail bash -c 'getmail -g /etc/.getmail -r /etc/.getmail/getmailrc' i get all the time all the messages delivered into /var/vmail/vmail (being vmail the linux user who handles my virtual users) __________ Informaci?n de ESET NOD32 Antivirus, versi?n de la base de firmas de virus 14929 (20170213) __________ ESET NOD32 Antivirus ha comprobado este mensaje. http://www.eset.com From thocar at free.fr Tue Mar 21 21:49:49 2017 From: thocar at free.fr (Thomas =?UTF-8?B?Q2FycmnDqQ==?=) Date: Tue, 21 Mar 2017 22:49:49 +0100 Subject: Is it possible to use sieve when delivering via pipe to the dovecot deliver command ? In-Reply-To: References: <20170121191255.2490b883@tango> Message-ID: <20170321224949.1d0e3023@tango> Thank you Stephan, I found log location with the command you have suggested. From the log I understood, that I have not Enabled my uploaded sieve script (by checking the active radio button in my claws-mail sieve client). Sieve is now working On Tue, 31 Jan 2017 21:26:44 +0100 Stephan Bosch wrote: > Op 1/21/2017 om 7:12 PM schreef Thomas Carri?: > > Hello, > > > > I am using Exim with this delivery configuration: > > > > virtual_delivery: > > driver = pipe > > command = /usr/lib/dovecot/deliver -d $local_part@$domain -f > > ... > > > > I have enabled manage-sieve and uploaded a simple sieve script that > > I can see on the server. > > > > man page of /usr/lib/dovecot/deliver says it supports sieve. > > > > Mail debug is enabled: > > > > $ dovecot -n | grep debug > > mail_debug = yes > > > > Delivering a mail shows only this line in dovecot log: > > > > Jan 21 17:38:51 myserver dovecot: lda(joe at something.com): > > msgid=<20170121183537.7313f219 at homenetwork>: saved mail to INBOX > > > > According to page > > http://wiki2.dovecot.org/Pigeonhole/Sieve/Troubleshooting#Sieve_Scripts_are_not_Executed > > I should have a log saying that the sieve plugin is loaded > > > > Here is the sieve relevant parts of dovecot -n: > > > > # 2.2.13: /etc/dovecot/dovecot.conf > > ... > > plugin { > > sieve = ~/.dovecot.sieve > > sieve_dir = ~/sieve > > } > > ... > > protocols = " imap sieve pop3 sieve" > > ... > > protocol lda { > > mail_plugins = " sieve" > > } > > > > Is there a requirement to use delivery via service (unix socket) so > > that sieve is enabled? > > > > Or is there a configuration thing I forgot ? > > Not really. But I do notice you're executing deliver rather than > dovecot-lda. Usually, one is a symlink to the other though, so it > should not matter. But, still best change that to rule out problems > related to that. > > It should at least be showing debug messages from LDA itself. It may > be logging debug messages elsewhere though (`sudo doveadm log find`). > > You can also try to execute /usr/lib/dovecot/dovecot-lda manually: > > /usr/lib/dovecot/dovecot-lda -olog_path=/dev/stderr -p > /path/to/test/message.eml > > This should print all logging to stderr. You may need to add a -d > argument to select an appropriate user (an it may need to be > run as root). Refer to http://wiki2.dovecot.org/LDA for reference. > > Regards, > > Stephan. > > > From dmiller at amfes.com Tue Mar 21 21:48:59 2017 From: dmiller at amfes.com (Daniel Miller) Date: Tue, 21 Mar 2017 14:48:59 -0700 Subject: replicator crashing - oom Message-ID: I have the following in my log: Mar 21 14:46:59 bubba dovecot: replicator: Panic: data stack: Out of memory when allocating 1073741864 bytes Mar 21 14:46:59 bubba dovecot: replicator: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x97c90) [0x7f4638a7cc90] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x97d6e) [0x7f4638a7cd6e] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4638a14322] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x95e3f) [0x7f4638a7ae3f] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x9608b) [0x7f4638a7b08b] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xb15f8) [0x7f4638a965f8] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x93c42) [0x7f4638a78c42] -> /usr/local/lib/dovecot/libdovecot.so.0(buffer_write+0x74) [0x7f4638a78fb4] -> dovecot/replicator(replicator_queue_push+0x13b) [0x40519b] -> dovecot/replicator() [0x4049c2] -> dovecot/replicator() [0x4040a8] -> dovecot/replicator() [0x404275] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x52) [0x7f4638a907d2] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xe7) [0x7f4638a91d17] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x3c) [0x7f4638a9086c] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f4638a90a28] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f4638a1dfc3] -> dovecot/replicator(main+0x17a) [0x40342a] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f4638640ec5] -> dovecot/replicator() [0x4034c5] Mar 21 14:47:00 bubba dovecot: replicator: Fatal: master: service(replicator): child 15650 killed with signal 6 (core dumped) -- Daniel From larryrtx at gmail.com Wed Mar 22 01:40:56 2017 From: larryrtx at gmail.com (Larry Rosenman) Date: Tue, 21 Mar 2017 20:40:56 -0500 Subject: Crash on doveadm index In-Reply-To: <1451295551.665.1490042628922@appsuite-dev.open-xchange.com> References: <1451295551.665.1490042628922@appsuite-dev.open-xchange.com> Message-ID: <5BCD404B-8841-48F5-B3BE-D29151B2351C@gmail.com> Do you need anything from me to get a patch? -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 On 3/20/17, 3:43 PM, "dovecot on behalf of Aki Tuomi" wrote: Yeah, it's tika related. Also looks rather simple to fix. Aki > On March 20, 2017 at 9:44 PM Larry Rosenman wrote: > > > This appears to be Tika related. I?m running the latest Tika (1.14). > > > > I?ve turned OFF tika, and can index everything. > > > > I do have some of the ?bad? messages saved. > > > > What can I supply to help debug this? > > > > > > -- > > Larry Rosenman http://www.lerctr.org/~ler > > Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com > > US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 > > > > > > > > From: Larry Rosenman > Date: Monday, March 20, 2017 at 12:57 PM > To: Dovecot List > Subject: Crash on doveadm index > > > > http://www.lerctr.org/~ler/dovecot/doveadm-2017-03-20.txt > > > > doveconf ?n attached and at: > > http://www.lerctr.org/~ler/dovecot/doveconf.n.txt > > > > > > > > -- > > Larry Rosenman http://www.lerctr.org/~ler > > Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com > > US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 > > > > From aki.tuomi at dovecot.fi Wed Mar 22 06:43:27 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 22 Mar 2017 08:43:27 +0200 Subject: Crash on doveadm index In-Reply-To: <5BCD404B-8841-48F5-B3BE-D29151B2351C@gmail.com> References: <1451295551.665.1490042628922@appsuite-dev.open-xchange.com> <5BCD404B-8841-48F5-B3BE-D29151B2351C@gmail.com> Message-ID: On 22.03.2017 03:40, Larry Rosenman wrote: > Do you need anything from me to get a patch? > > Should be fixed with this https://github.com/dovecot/core/commit/3751b61dfbc6c141731a740d982fc59918db2482.patch Aki From skdovecot at smail.inf.fh-brs.de Wed Mar 22 07:33:06 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 22 Mar 2017 08:33:06 +0100 (CET) Subject: dovecot POP3 log shows too many identical RETR entries In-Reply-To: <58D159D1.3010002@qlc.in> References: <58D159D1.3010002@qlc.in> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 21 Mar 2017, Bappasaheb Nirmal wrote: > Dovecot log is showing too many POP3 RETR entries which are identical lines. > I also suspect that it is causing high pop traffic eating most of the network > bandwidth. Here are some of the lines out of 11009 in a day. Such pattern is > observed only for few users. dovecot version is 2.1.17. > > ============== > Mar 20 00:00:07 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out > top=0/0, retr=1/64014, del=0/1429, size=478762716 > Mar 20 00:00:07 pi3 dovecot: pop3-login: Login: user=, > method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=26645, secured, > session=<5CGrmRlLyAAr861h> > Mar 20 00:00:10 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out > top=0/0, retr=1/64014, del=0/1429, size=478762716 > Mar 20 00:00:11 pi3 dovecot: pop3-login: Login: user=, > method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=29932, secured, > session= > ============== > > What could be the possible reason? stating the obvious: it looks like normal POP3 polling with abnormal short interval. To verify the guess sniff the network traffic, if the clients open a connection in that short time. If so, check out the users devices, why the client is polling so often. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWNIosnz1H7kL/d9rAQIPkwf/QtvBFJTlC/ldSriN7yFfvhqwwHSkr1xo 4QyO05oyTAewnR0b6fvWTM9/RJxye8pDqijxDDAbH+NhsUOanmHEW+5VAERt1Qaw yij7jnJ4UQTpmTAgi1Esw87da5eHtiVrYI+v4Z+Xceh1NNzk+MZL7nqBYtztE3C/ 9D1BprkKgEVCJPi5MnNBN4n2pQSlGO9WmOpdsELYOnJ5ekp0VpkSO4xk90t347uy pDR77Ao61UBXPYtMnBOO5NDjjcduLSd0tTpWyGIlkLomcK0FSgZpblC/GQ7awnO8 MFtcBBMb3nstIjAJyx6h7jS0zLG3Uadsnc/DbGJnu0PRsgTMgwMSkg== =vUqj -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Mar 22 07:37:46 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 22 Mar 2017 08:37:46 +0100 (CET) Subject: dovecot POP3 log shows too many identical RETR entries In-Reply-To: References: <58D159D1.3010002@qlc.in> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 22 Mar 2017, Steffen Kaiser wrote: > On Tue, 21 Mar 2017, Bappasaheb Nirmal wrote: > >> Dovecot log is showing too many POP3 RETR entries which are identical >> lines. >> I also suspect that it is causing high pop traffic eating most of the >> network >> bandwidth. Here are some of the lines out of 11009 in a day. Such pattern >> is >> observed only for few users. dovecot version is 2.1.17. >> >> ============== >> Mar 20 00:00:07 pi3 dovecot: pop3(user at example.com): Disconnected: Logged >> out >> top=0/0, retr=1/64014, del=0/1429, size=478762716 >> Mar 20 00:00:07 pi3 dovecot: pop3-login: Login: user=, >> method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=26645, secured, >> session=<5CGrmRlLyAAr861h> >> Mar 20 00:00:10 pi3 dovecot: pop3(user at example.com): Disconnected: Logged >> out >> top=0/0, retr=1/64014, del=0/1429, size=478762716 >> Mar 20 00:00:11 pi3 dovecot: pop3-login: Login: user=, >> method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=29932, secured, >> session= >> ============== >> >> What could be the possible reason? > > stating the obvious: it looks like normal POP3 polling with abnormal short > interval. > > To verify the guess sniff the network traffic, if the clients open a > connection in that short time. If so, check out the users devices, why the > client is polling so often. Oh, forgot to mention: looks like that the client downloads the same message of 456MB each time again? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWNIpynz1H7kL/d9rAQKn/ggAkq4s1+BBSacoMGKtTSDuA9Hv5mcdBgLD XYmdh3vVT9SEBLMI6OqGuaJp7OOEfEjPHqBKgwaxieRh4zIyoRlU1K+4nCqmI2tZ 8BADHyEd9DVJ0JY3PWdV9rAXvrCjX4SUbQwrpG+rCLe2WmuzrPPq5n4+o6AofEBh LEUIqPdB9q964lymvYr8LW1GHqhcK2y3G1pGVgVpL4hZIQNfTlid0eO2D9CyA2nY nI3fa4QvjHfDH09OSQsgfQedJqNL/G6QqNaO1jFm/nypZWb31RMOy35Njhee3OiM nxnxzSqbyaBWSsV1dmRKq8wAnfgXsrUuue6jFepfslBFLoHy7V7i3w== =VPF9 -----END PGP SIGNATURE----- From aki.tuomi at dovecot.fi Wed Mar 22 07:52:19 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 22 Mar 2017 09:52:19 +0200 Subject: replicator crashing - oom In-Reply-To: References: Message-ID: <9cc506dc-7422-ab5f-ed5e-a91ef663b812@dovecot.fi> Can you provide us gdb bt full dump? gdb /usr/libexec/dovecot/replicator /path/to/core on some systems, it's /usr/lib/dovecot/replicator Aki On 21.03.2017 23:48, Daniel Miller wrote: > I have the following in my log: > > Mar 21 14:46:59 bubba dovecot: replicator: Panic: data stack: Out of > memory when allocating 1073741864 bytes > Mar 21 14:46:59 bubba dovecot: replicator: Error: Raw backtrace: > /usr/local/lib/dovecot/libdovecot.so.0(+0x97c90) [0x7f4638a7cc90] -> > /usr/local/lib/dovecot/libdovecot.so.0(+0x97d6e) [0x7f4638a7cd6e] -> > /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4638a14322] -> > /usr/local/lib/dovecot/libdovecot.so.0(+0x95e3f) [0x7f4638a7ae3f] -> > /usr/local/lib/dovecot/libdovecot.so.0(+0x9608b) [0x7f4638a7b08b] -> > /usr/local/lib/dovecot/libdovecot.so.0(+0xb15f8) [0x7f4638a965f8] -> > /usr/local/lib/dovecot/libdovecot.so.0(+0x93c42) [0x7f4638a78c42] -> > /usr/local/lib/dovecot/libdovecot.so.0(buffer_write+0x74) > [0x7f4638a78fb4] -> dovecot/replicator(replicator_queue_push+0x13b) > [0x40519b] -> dovecot/replicator() [0x4049c2] -> dovecot/replicator() > [0x4040a8] -> dovecot/replicator() [0x404275] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x52) > [0x7f4638a907d2] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xe7) > [0x7f4638a91d17] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x3c) > [0x7f4638a9086c] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) > [0x7f4638a90a28] -> > /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) > [0x7f4638a1dfc3] -> dovecot/replicator(main+0x17a) [0x40342a] -> > /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) > [0x7f4638640ec5] -> dovecot/replicator() [0x4034c5] > Mar 21 14:47:00 bubba dovecot: replicator: Fatal: master: > service(replicator): child 15650 killed with signal 6 (core dumped) > From aki.tuomi at dovecot.fi Wed Mar 22 07:53:28 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 22 Mar 2017 09:53:28 +0200 Subject: Help In-Reply-To: <250376433.650349.1490093282306@mail.yahoo.com> References: <250376433.650349.1490093282306.ref@mail.yahoo.com> <250376433.650349.1490093282306@mail.yahoo.com> Message-ID: On 21.03.2017 12:48, Bhushan Bhosale wrote: > Hello, > I'm getting below error in /var/log/dovecot-proxy.log. Please help. Thanks in advance. > > Mar 21 14:40:36 tejas3 dovecot: director: Error: Director 192.168.1.11/in disconnected: Connection closed: Illegal seek (connected 0 secs, in=0 out=43, handshake ME not received > Regards, > Bhushan > > Looks like connectivity issue between directors. Does it happen often? Aki From leon at f-m.fm Wed Mar 22 08:03:04 2017 From: leon at f-m.fm (Leon Kyneur) Date: Wed, 22 Mar 2017 01:03:04 -0700 Subject: last_login LDAP - killed with signal 11 (core dumped) Message-ID: <1490169784.673702.919408952.55525B35@webmail.messagingengine.com> Hi I am trying to configure the last_login plugin with LDAP dictionary which is causing dict service to crash. Not sure if this is a bug or some configuration parameter I'm getting wrong? Running latest dovecot but was having the same problem in earlier version 2.2.25 # dovecot --version 2.2.28 (bed8434) I have configured dovecot like so: dovecot.conf (before conf.d/*.conf: dict { #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext lastlogin = ldap:/etc/dovecot/dovecot-ldap-dict.conf.ext } conf.d/10-master.conf service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { mode = 0660 user = vmail group = vmail } } conf.d/20-imap.conf: protocol imap { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins last_login # Maximum number of IMAP connections allowed for a user from each IP address. # NOTE: The username is compared case-sensitively. #mail_max_userip_connections = 10 } 90-plugins.conf plugin { #setting_name = value #last_login_dict = proxy::lastlogin last_login_dict = proxy:dict:lastlogin zlib_save = gz zlib_save_level = 6 } dovecot-ldap-dict.conf.ext: uri = ldap://ldap.internal bind_dn = cn=Manager,dc=mail,dc=com password = XXXX tls = no debug = 1 map { pattern = last-login/$user filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required base_dn = o=domains,dc=mail,dc=com username_attribute = mail value_attribute = lastLoginTime fields { mail=$user } } I don't see dovecot ever making a connection to the LDAP server I've configured in the dovecot-ldap-dict.conf.ext file. Log shows ==> /var/log/dovecot.log <== Mar 22 07:49:30 imap-login: Info: Login: user=, method=PLAIN, rip=X.X.X.X, lip=X.X.X.X, mpid=36105, secured, session= Mar 22 07:49:30 dict: Fatal: master: service(dict): child 36107 killed with signal 11 (core dumped) Mar 22 07:49:30 imap(leon at mail.com): Error: dict-client: Commit may have failed: Connection closed (reply took 0.015 secs) Mar 22 07:49:30 imap(leon at mail.com): Error: last_login_dict: Write was unconfirmed (timeout or disconnect) for user leon at mail.com Backtrace: # gdb /var/core/36107 GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... [New LWP 36107] Reading symbols from /usr/libexec/dovecot/dict...Reading symbols from /usr/lib/debug/usr/libexec/dovecot/dict.debug...done. done. Missing separate debuginfo for Try: yum --enablerepo='*debug*' install /usr/lib/debug/.build-id/b0/07fede01895dec1aca9d8b8993fe27d70a3a20 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `dovecot/dict'. Program terminated with signal 11, Segmentation fault. #0 0x0000000000000000 in ?? () (gdb) bt full #0 0x0000000000000000 in ?? () No symbol table info available. #1 0x00007fbcf11bd04f in cmd_begin (cmd=0x7fbcf2c02910, line=) at dict-commands.c:365 trans = 0x7fbcf2c029a0 id = 1 #2 0x00007fbcf11bdef8 in dict_command_input (conn=conn at entry=0x7fbcf2bf24d0, line=line at entry=0x7fbcf2bf48cb "B1") at dict-commands.c:625 cmd_func = 0x7fbcf13c85c0 cmd = 0x7fbcf2c02910 ret = #3 0x00007fbcf11bc6ee in dict_connection_input_more (conn=0x7fbcf2bf24d0) at dict-connection.c:117 _data_stack_cur_id = 3 line = 0x7fbcf2bf48cb "B1" ret = #4 0x00007fbcf11bc7d2 in dict_connection_input (conn=0x7fbcf2bf24d0) at dict-connection.c:167 line = conn = 0x7fbcf2bf24d0 #5 0x00007fbcf0d1b2d2 in io_loop_call_io (io=0x7fbcf2bf2890) at ioloop.c:599 ioloop = 0x7fbcf2be0740 t_id = 2 __FUNCTION__ = "io_loop_call_io" #6 0x00007fbcf0d1c95f in io_loop_handler_run_internal (ioloop=ioloop at entry=0x7fbcf2be0740) at ioloop-epoll.c:223 ctx = 0x7fbcf2beded0 events = list = 0x7fbcf2bf28f0 io = tv = {tv_sec = 2147483, tv_usec = 0} events_count = msecs = ret = 1 i = 0 call = __FUNCTION__ = "io_loop_handler_run_internal" #7 0x00007fbcf0d1b36c in io_loop_handler_run (ioloop=ioloop at entry=0x7fbcf2be0740) at ioloop.c:648 No locals. #8 0x00007fbcf0d1b528 in io_loop_run (ioloop=0x7fbcf2be0740) at ioloop.c:623 __FUNCTION__ = "io_loop_run" #9 0x00007fbcf0ca4603 in master_service_run (service=0x7fbcf2be05e0, callback=callback at entry=0x7fbcf11be150 ) at master-service.c:641 No locals. #10 0x00007fbcf11bbff9 in main (argc=1, argv=0x7fbcf2be0390) at main.c:161 set_roots = {0x7fbcf13c88a0 , 0x0} error = 0x0 From aki.tuomi at dovecot.fi Wed Mar 22 08:04:56 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 22 Mar 2017 10:04:56 +0200 Subject: last_login LDAP - killed with signal 11 (core dumped) In-Reply-To: <1490169784.673702.919408952.55525B35@webmail.messagingengine.com> References: <1490169784.673702.919408952.55525B35@webmail.messagingengine.com> Message-ID: On 22.03.2017 10:03, Leon Kyneur wrote: > Hi > > I am trying to configure the last_login plugin with LDAP dictionary > which is causing dict service to crash. Not sure if this is a bug or > some configuration parameter I'm getting wrong? > > Running latest dovecot but was having the same problem in earlier > version 2.2.25 > > # dovecot --version > 2.2.28 (bed8434) > > I have configured dovecot like so: > > dovecot.conf (before conf.d/*.conf: > dict { > #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext > #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext > lastlogin = ldap:/etc/dovecot/dovecot-ldap-dict.conf.ext > } > > conf.d/10-master.conf > service dict { > # If dict proxy is used, mail processes should have access to its > socket. > # For example: mode=0660, group=vmail and global > mail_access_groups=vmail > unix_listener dict { > mode = 0660 > user = vmail > group = vmail > } > } > > > conf.d/20-imap.conf: > protocol imap { > # Space separated list of plugins to load (default is global > mail_plugins). > mail_plugins = $mail_plugins last_login > > # Maximum number of IMAP connections allowed for a user from each IP > address. > # NOTE: The username is compared case-sensitively. > #mail_max_userip_connections = 10 > } > > > > 90-plugins.conf > plugin { > #setting_name = value > #last_login_dict = proxy::lastlogin > last_login_dict = proxy:dict:lastlogin > zlib_save = gz > zlib_save_level = 6 > } > > > dovecot-ldap-dict.conf.ext: > uri = ldap://ldap.internal > bind_dn = cn=Manager,dc=mail,dc=com > password = XXXX > tls = no > debug = 1 > > map { > pattern = last-login/$user > filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required > base_dn = o=domains,dc=mail,dc=com > username_attribute = mail > value_attribute = lastLoginTime > fields { > mail=$user > } > } > > I don't see dovecot ever making a connection to the LDAP server I've > configured in the dovecot-ldap-dict.conf.ext file. > > Log shows > > ==> /var/log/dovecot.log <== > Mar 22 07:49:30 imap-login: Info: Login: user=, > method=PLAIN, rip=X.X.X.X, lip=X.X.X.X, mpid=36105, secured, > session= > Mar 22 07:49:30 dict: Fatal: master: service(dict): child 36107 killed > with signal 11 (core dumped) > Mar 22 07:49:30 imap(leon at mail.com): Error: dict-client: Commit may have > failed: Connection closed (reply took 0.015 secs) > Mar 22 07:49:30 imap(leon at mail.com): Error: last_login_dict: Write was > unconfirmed (timeout or disconnect) for user leon at mail.com > > Backtrace: > # gdb /var/core/36107 > GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7 > Copyright (C) 2013 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show > copying" > and "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu". > For bug reporting instructions, please see: > ... > [New LWP 36107] > Reading symbols from /usr/libexec/dovecot/dict...Reading symbols from > /usr/lib/debug/usr/libexec/dovecot/dict.debug...done. > done. > Missing separate debuginfo for > Try: yum --enablerepo='*debug*' install > /usr/lib/debug/.build-id/b0/07fede01895dec1aca9d8b8993fe27d70a3a20 > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > Core was generated by `dovecot/dict'. > Program terminated with signal 11, Segmentation fault. > #0 0x0000000000000000 in ?? () > (gdb) bt full > #0 0x0000000000000000 in ?? () > No symbol table info available. > #1 0x00007fbcf11bd04f in cmd_begin (cmd=0x7fbcf2c02910, line= out>) at dict-commands.c:365 > trans = 0x7fbcf2c029a0 > id = 1 > #2 0x00007fbcf11bdef8 in dict_command_input > (conn=conn at entry=0x7fbcf2bf24d0, line=line at entry=0x7fbcf2bf48cb "B1") at > dict-commands.c:625 > cmd_func = 0x7fbcf13c85c0 > cmd = 0x7fbcf2c02910 > ret = > #3 0x00007fbcf11bc6ee in dict_connection_input_more > (conn=0x7fbcf2bf24d0) at dict-connection.c:117 > _data_stack_cur_id = 3 > line = 0x7fbcf2bf48cb "B1" > ret = > #4 0x00007fbcf11bc7d2 in dict_connection_input (conn=0x7fbcf2bf24d0) at > dict-connection.c:167 > line = > conn = 0x7fbcf2bf24d0 > #5 0x00007fbcf0d1b2d2 in io_loop_call_io (io=0x7fbcf2bf2890) at > ioloop.c:599 > ioloop = 0x7fbcf2be0740 > t_id = 2 > __FUNCTION__ = "io_loop_call_io" > #6 0x00007fbcf0d1c95f in io_loop_handler_run_internal > (ioloop=ioloop at entry=0x7fbcf2be0740) at ioloop-epoll.c:223 > ctx = 0x7fbcf2beded0 > events = > list = 0x7fbcf2bf28f0 > io = > tv = {tv_sec = 2147483, tv_usec = 0} > events_count = > msecs = > ret = 1 > i = 0 > call = > __FUNCTION__ = "io_loop_handler_run_internal" > #7 0x00007fbcf0d1b36c in io_loop_handler_run > (ioloop=ioloop at entry=0x7fbcf2be0740) at ioloop.c:648 > No locals. > #8 0x00007fbcf0d1b528 in io_loop_run (ioloop=0x7fbcf2be0740) at > ioloop.c:623 > __FUNCTION__ = "io_loop_run" > #9 0x00007fbcf0ca4603 in master_service_run (service=0x7fbcf2be05e0, > callback=callback at entry=0x7fbcf11be150 ) at > master-service.c:641 > No locals. > #10 0x00007fbcf11bbff9 in main (argc=1, argv=0x7fbcf2be0390) at > main.c:161 > set_roots = {0x7fbcf13c88a0 , 0x0} > error = 0x0 LDAP writes are not supported in LDAP dict module yet. It should not crash though. Aki From leon at f-m.fm Wed Mar 22 08:17:43 2017 From: leon at f-m.fm (Leon Kyneur) Date: Wed, 22 Mar 2017 01:17:43 -0700 Subject: last_login LDAP - killed with signal 11 (core dumped) In-Reply-To: References: <1490169784.673702.919408952.55525B35@webmail.messagingengine.com> Message-ID: <1490170663.676258.919432592.1FD34BCE@webmail.messagingengine.com> On Wed, Mar 22, 2017, at 01:04 AM, Aki Tuomi wrote: > > On 22.03.2017 10:03, Leon Kyneur wrote: > > Hi > > > > I am trying to configure the last_login plugin with LDAP dictionary > > which is causing dict service to crash. Not sure if this is a bug or > > some configuration parameter I'm getting wrong? > > > > Running latest dovecot but was having the same problem in earlier > > version 2.2.25 > > > > # dovecot --version > > 2.2.28 (bed8434) > > > > I have configured dovecot like so: > > > > dovecot.conf (before conf.d/*.conf: > > dict { > > #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext > > #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext > > lastlogin = ldap:/etc/dovecot/dovecot-ldap-dict.conf.ext > > } > > > > conf.d/10-master.conf > > service dict { > > # If dict proxy is used, mail processes should have access to its > > socket. > > # For example: mode=0660, group=vmail and global > > mail_access_groups=vmail > > unix_listener dict { > > mode = 0660 > > user = vmail > > group = vmail > > } > > } > > > > > > conf.d/20-imap.conf: > > protocol imap { > > # Space separated list of plugins to load (default is global > > mail_plugins). > > mail_plugins = $mail_plugins last_login > > > > # Maximum number of IMAP connections allowed for a user from each IP > > address. > > # NOTE: The username is compared case-sensitively. > > #mail_max_userip_connections = 10 > > } > > > > > > > > 90-plugins.conf > > plugin { > > #setting_name = value > > #last_login_dict = proxy::lastlogin > > last_login_dict = proxy:dict:lastlogin > > zlib_save = gz > > zlib_save_level = 6 > > } > > > > > > dovecot-ldap-dict.conf.ext: > > uri = ldap://ldap.internal > > bind_dn = cn=Manager,dc=mail,dc=com > > password = XXXX > > tls = no > > debug = 1 > > > > map { > > pattern = last-login/$user > > filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required > > base_dn = o=domains,dc=mail,dc=com > > username_attribute = mail > > value_attribute = lastLoginTime > > fields { > > mail=$user > > } > > } > > > > I don't see dovecot ever making a connection to the LDAP server I've > > configured in the dovecot-ldap-dict.conf.ext file. > > > > Log shows > > > > ==> /var/log/dovecot.log <== > > Mar 22 07:49:30 imap-login: Info: Login: user=, > > method=PLAIN, rip=X.X.X.X, lip=X.X.X.X, mpid=36105, secured, > > session= > > Mar 22 07:49:30 dict: Fatal: master: service(dict): child 36107 killed > > with signal 11 (core dumped) > > Mar 22 07:49:30 imap(leon at mail.com): Error: dict-client: Commit may have > > failed: Connection closed (reply took 0.015 secs) > > Mar 22 07:49:30 imap(leon at mail.com): Error: last_login_dict: Write was > > unconfirmed (timeout or disconnect) for user leon at mail.com > > > > Backtrace: > > # gdb /var/core/36107 > > GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7 > > Copyright (C) 2013 Free Software Foundation, Inc. > > License GPLv3+: GNU GPL version 3 or later > > > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. Type "show > > copying" > > and "show warranty" for details. > > This GDB was configured as "x86_64-redhat-linux-gnu". > > For bug reporting instructions, please see: > > ... > > [New LWP 36107] > > Reading symbols from /usr/libexec/dovecot/dict...Reading symbols from > > /usr/lib/debug/usr/libexec/dovecot/dict.debug...done. > > done. > > Missing separate debuginfo for > > Try: yum --enablerepo='*debug*' install > > /usr/lib/debug/.build-id/b0/07fede01895dec1aca9d8b8993fe27d70a3a20 > > [Thread debugging using libthread_db enabled] > > Using host libthread_db library "/lib64/libthread_db.so.1". > > Core was generated by `dovecot/dict'. > > Program terminated with signal 11, Segmentation fault. > > #0 0x0000000000000000 in ?? () > > (gdb) bt full > > #0 0x0000000000000000 in ?? () > > No symbol table info available. > > #1 0x00007fbcf11bd04f in cmd_begin (cmd=0x7fbcf2c02910, line= > out>) at dict-commands.c:365 > > trans = 0x7fbcf2c029a0 > > id = 1 > > #2 0x00007fbcf11bdef8 in dict_command_input > > (conn=conn at entry=0x7fbcf2bf24d0, line=line at entry=0x7fbcf2bf48cb "B1") at > > dict-commands.c:625 > > cmd_func = 0x7fbcf13c85c0 > > cmd = 0x7fbcf2c02910 > > ret = > > #3 0x00007fbcf11bc6ee in dict_connection_input_more > > (conn=0x7fbcf2bf24d0) at dict-connection.c:117 > > _data_stack_cur_id = 3 > > line = 0x7fbcf2bf48cb "B1" > > ret = > > #4 0x00007fbcf11bc7d2 in dict_connection_input (conn=0x7fbcf2bf24d0) at > > dict-connection.c:167 > > line = > > conn = 0x7fbcf2bf24d0 > > #5 0x00007fbcf0d1b2d2 in io_loop_call_io (io=0x7fbcf2bf2890) at > > ioloop.c:599 > > ioloop = 0x7fbcf2be0740 > > t_id = 2 > > __FUNCTION__ = "io_loop_call_io" > > #6 0x00007fbcf0d1c95f in io_loop_handler_run_internal > > (ioloop=ioloop at entry=0x7fbcf2be0740) at ioloop-epoll.c:223 > > ctx = 0x7fbcf2beded0 > > events = > > list = 0x7fbcf2bf28f0 > > io = > > tv = {tv_sec = 2147483, tv_usec = 0} > > events_count = > > msecs = > > ret = 1 > > i = 0 > > call = > > __FUNCTION__ = "io_loop_handler_run_internal" > > #7 0x00007fbcf0d1b36c in io_loop_handler_run > > (ioloop=ioloop at entry=0x7fbcf2be0740) at ioloop.c:648 > > No locals. > > #8 0x00007fbcf0d1b528 in io_loop_run (ioloop=0x7fbcf2be0740) at > > ioloop.c:623 > > __FUNCTION__ = "io_loop_run" > > #9 0x00007fbcf0ca4603 in master_service_run (service=0x7fbcf2be05e0, > > callback=callback at entry=0x7fbcf11be150 ) at > > master-service.c:641 > > No locals. > > #10 0x00007fbcf11bbff9 in main (argc=1, argv=0x7fbcf2be0390) at > > main.c:161 > > set_roots = {0x7fbcf13c88a0 , 0x0} > > error = 0x0 > > LDAP writes are not supported in LDAP dict module yet. It should not > crash though. > > Aki Thanks Aki Couldn't see mention of which backends support write on the wiki - http://wiki2.dovecot.org/Dictionary. Are there others I should avoid? Regards Leon From aki.tuomi at dovecot.fi Wed Mar 22 08:19:05 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Wed, 22 Mar 2017 10:19:05 +0200 Subject: last_login LDAP - killed with signal 11 (core dumped) In-Reply-To: <1490170663.676258.919432592.1FD34BCE@webmail.messagingengine.com> References: <1490169784.673702.919408952.55525B35@webmail.messagingengine.com> <1490170663.676258.919432592.1FD34BCE@webmail.messagingengine.com> Message-ID: On 22.03.2017 10:17, Leon Kyneur wrote: > > > On Wed, Mar 22, 2017, at 01:04 AM, Aki Tuomi wrote: >> On 22.03.2017 10:03, Leon Kyneur wrote: >>> Hi >>> >>> I am trying to configure the last_login plugin with LDAP dictionary >>> which is causing dict service to crash. Not sure if this is a bug or >>> some configuration parameter I'm getting wrong? >>> >>> Running latest dovecot but was having the same problem in earlier >>> version 2.2.25 >>> >>> # dovecot --version >>> 2.2.28 (bed8434) >>> >>> I have configured dovecot like so: >>> >>> dovecot.conf (before conf.d/*.conf: >>> dict { >>> #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext >>> #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext >>> lastlogin = ldap:/etc/dovecot/dovecot-ldap-dict.conf.ext >>> } >>> >>> conf.d/10-master.conf >>> service dict { >>> # If dict proxy is used, mail processes should have access to its >>> socket. >>> # For example: mode=0660, group=vmail and global >>> mail_access_groups=vmail >>> unix_listener dict { >>> mode = 0660 >>> user = vmail >>> group = vmail >>> } >>> } >>> >>> >>> conf.d/20-imap.conf: >>> protocol imap { >>> # Space separated list of plugins to load (default is global >>> mail_plugins). >>> mail_plugins = $mail_plugins last_login >>> >>> # Maximum number of IMAP connections allowed for a user from each IP >>> address. >>> # NOTE: The username is compared case-sensitively. >>> #mail_max_userip_connections = 10 >>> } >>> >>> >>> >>> 90-plugins.conf >>> plugin { >>> #setting_name = value >>> #last_login_dict = proxy::lastlogin >>> last_login_dict = proxy:dict:lastlogin >>> zlib_save = gz >>> zlib_save_level = 6 >>> } >>> >>> >>> dovecot-ldap-dict.conf.ext: >>> uri = ldap://ldap.internal >>> bind_dn = cn=Manager,dc=mail,dc=com >>> password = XXXX >>> tls = no >>> debug = 1 >>> >>> map { >>> pattern = last-login/$user >>> filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required >>> base_dn = o=domains,dc=mail,dc=com >>> username_attribute = mail >>> value_attribute = lastLoginTime >>> fields { >>> mail=$user >>> } >>> } >>> >>> I don't see dovecot ever making a connection to the LDAP server I've >>> configured in the dovecot-ldap-dict.conf.ext file. >>> >>> Log shows >>> >>> ==> /var/log/dovecot.log <== >>> Mar 22 07:49:30 imap-login: Info: Login: user=, >>> method=PLAIN, rip=X.X.X.X, lip=X.X.X.X, mpid=36105, secured, >>> session= >>> Mar 22 07:49:30 dict: Fatal: master: service(dict): child 36107 killed >>> with signal 11 (core dumped) >>> Mar 22 07:49:30 imap(leon at mail.com): Error: dict-client: Commit may have >>> failed: Connection closed (reply took 0.015 secs) >>> Mar 22 07:49:30 imap(leon at mail.com): Error: last_login_dict: Write was >>> unconfirmed (timeout or disconnect) for user leon at mail.com >>> >>> Backtrace: >>> # gdb /var/core/36107 >>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7 >>> Copyright (C) 2013 Free Software Foundation, Inc. >>> License GPLv3+: GNU GPL version 3 or later >>> >>> This is free software: you are free to change and redistribute it. >>> There is NO WARRANTY, to the extent permitted by law. Type "show >>> copying" >>> and "show warranty" for details. >>> This GDB was configured as "x86_64-redhat-linux-gnu". >>> For bug reporting instructions, please see: >>> ... >>> [New LWP 36107] >>> Reading symbols from /usr/libexec/dovecot/dict...Reading symbols from >>> /usr/lib/debug/usr/libexec/dovecot/dict.debug...done. >>> done. >>> Missing separate debuginfo for >>> Try: yum --enablerepo='*debug*' install >>> /usr/lib/debug/.build-id/b0/07fede01895dec1aca9d8b8993fe27d70a3a20 >>> [Thread debugging using libthread_db enabled] >>> Using host libthread_db library "/lib64/libthread_db.so.1". >>> Core was generated by `dovecot/dict'. >>> Program terminated with signal 11, Segmentation fault. >>> #0 0x0000000000000000 in ?? () >>> (gdb) bt full >>> #0 0x0000000000000000 in ?? () >>> No symbol table info available. >>> #1 0x00007fbcf11bd04f in cmd_begin (cmd=0x7fbcf2c02910, line=>> out>) at dict-commands.c:365 >>> trans = 0x7fbcf2c029a0 >>> id = 1 >>> #2 0x00007fbcf11bdef8 in dict_command_input >>> (conn=conn at entry=0x7fbcf2bf24d0, line=line at entry=0x7fbcf2bf48cb "B1") at >>> dict-commands.c:625 >>> cmd_func = 0x7fbcf13c85c0 >>> cmd = 0x7fbcf2c02910 >>> ret = >>> #3 0x00007fbcf11bc6ee in dict_connection_input_more >>> (conn=0x7fbcf2bf24d0) at dict-connection.c:117 >>> _data_stack_cur_id = 3 >>> line = 0x7fbcf2bf48cb "B1" >>> ret = >>> #4 0x00007fbcf11bc7d2 in dict_connection_input (conn=0x7fbcf2bf24d0) at >>> dict-connection.c:167 >>> line = >>> conn = 0x7fbcf2bf24d0 >>> #5 0x00007fbcf0d1b2d2 in io_loop_call_io (io=0x7fbcf2bf2890) at >>> ioloop.c:599 >>> ioloop = 0x7fbcf2be0740 >>> t_id = 2 >>> __FUNCTION__ = "io_loop_call_io" >>> #6 0x00007fbcf0d1c95f in io_loop_handler_run_internal >>> (ioloop=ioloop at entry=0x7fbcf2be0740) at ioloop-epoll.c:223 >>> ctx = 0x7fbcf2beded0 >>> events = >>> list = 0x7fbcf2bf28f0 >>> io = >>> tv = {tv_sec = 2147483, tv_usec = 0} >>> events_count = >>> msecs = >>> ret = 1 >>> i = 0 >>> call = >>> __FUNCTION__ = "io_loop_handler_run_internal" >>> #7 0x00007fbcf0d1b36c in io_loop_handler_run >>> (ioloop=ioloop at entry=0x7fbcf2be0740) at ioloop.c:648 >>> No locals. >>> #8 0x00007fbcf0d1b528 in io_loop_run (ioloop=0x7fbcf2be0740) at >>> ioloop.c:623 >>> __FUNCTION__ = "io_loop_run" >>> #9 0x00007fbcf0ca4603 in master_service_run (service=0x7fbcf2be05e0, >>> callback=callback at entry=0x7fbcf11be150 ) at >>> master-service.c:641 >>> No locals. >>> #10 0x00007fbcf11bbff9 in main (argc=1, argv=0x7fbcf2be0390) at >>> main.c:161 >>> set_roots = {0x7fbcf13c88a0 , 0x0} >>> error = 0x0 >> LDAP writes are not supported in LDAP dict module yet. It should not >> crash though. >> >> Aki > Thanks Aki > > Couldn't see mention of which backends support write on the wiki - > http://wiki2.dovecot.org/Dictionary. Are there others I should avoid? > > Regards > > Leon All the other should support writing. Aki From yacinechaouche at yahoo.com Wed Mar 22 08:25:53 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Wed, 22 Mar 2017 08:25:53 +0000 (UTC) Subject: Problem with sieve_before In-Reply-To: References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <101607633.4600651.1490101574511@mail.yahoo.com> <2928fe4c-5811-f80c-7f9f-e379cd16829c@htt-consult.com> <521378968.310930.1490110321356@mail.yahoo.com> Message-ID: <1279248005.1104563.1490171153279@mail.yahoo.com> On Tuesday, March 21, 2017 7:07 PM, Robert Moskowitz wrote: > The howto I am making has: > > mkdir /home/sieve >[...] > chown -R vmail:mail /home/sieve I notice you are creating a sieve directory in /home/ as if it was a system user, then you change ownership to vmail. I would create the sieve directory directly in /home/vmail or whatever $HOME vmail user has (mine is /var/vmail). But that's just my particular taste :) From yacinechaouche at yahoo.com Wed Mar 22 08:33:57 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Wed, 22 Mar 2017 08:33:57 +0000 (UTC) Subject: getmail with dovecot delivering problems In-Reply-To: References: Message-ID: <123774549.1021279.1490171637694@mail.yahoo.com> On Tuesday, March 21, 2017 10:46 PM, Samuel Reina Calvo wrote: > so far coulnd make getmail to deliver mails correctly. the use of getmail + dovecot downloads email via pop3 but then put all the emails in the same inbox. Hello Samuel, Do you think this might be a getmail configuration issue ? -- Yassine. From rgm at htt-consult.com Wed Mar 22 09:55:46 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Wed, 22 Mar 2017 05:55:46 -0400 Subject: Problem with sieve_before In-Reply-To: <1279248005.1104563.1490171153279@mail.yahoo.com> References: <20170321115543.EGroupware.m6InaSRr03S__KMMRsyVnpU@www.scins.ie> <101607633.4600651.1490101574511@mail.yahoo.com> <2928fe4c-5811-f80c-7f9f-e379cd16829c@htt-consult.com> <521378968.310930.1490110321356@mail.yahoo.com> <1279248005.1104563.1490171153279@mail.yahoo.com> Message-ID: <922ef984-3b78-dd2b-1dc9-a8278030df67@htt-consult.com> On 03/22/2017 04:25 AM, chaouche yacine wrote: > On Tuesday, March 21, 2017 7:07 PM, Robert Moskowitz wrote: >> The howto I am making has: >> >> mkdir /home/sieve >> [...] >> chown -R vmail:mail /home/sieve > I notice you are creating a sieve directory in /home/ as if it was a system user, then you change ownership to vmail. I would create the sieve directory directly in /home/vmail or whatever $HOME vmail user has (mine is /var/vmail). But that's just my particular taste :) > I picked this up years ago from another howto. Lots of pieces of his work, I am reworking. I can see your point. I t puts all the mail related stuff into /home/vmail for backups, rather than the /home backup. I would have to change managesieve the same so that user sieves go there too. No big deal. Must think on this. thanks From k0ste at k0ste.ru Wed Mar 22 10:31:50 2017 From: k0ste at k0ste.ru (Konstantin Shalygin) Date: Wed, 22 Mar 2017 17:31:50 +0700 Subject: [Sieve] Is the way to run external script to get attachment? In-Reply-To: <20170216121900.15484f1ff86e6e9d0cb53781@domain007.com> References: <20170216121900.15484f1ff86e6e9d0cb53781@domain007.com> Message-ID: Yes, I need Sieve for this, because actually I don't know sender or recipient. Sieve script activate on some user in some time. In fact, I did not read the specification *spec-bosch-sieve-extprograms.txt* on github (I use dovecot wiki old revisions) and generally was not attentive enough. I wrote python script and this is works like a charm for month. |require [ "vnd.dovecot.pipe", "variables" ]; if address :is :all "from" "k0ste at k0ste.ru" { pipe "sieve_to_owncloud"; } | Incoming messages goes to script stdin, if script failed - messages delivered to mailbox, otherwise (script is ok) - message discarded. On 02/16/2017 04:19 PM, Konstantin Khomoutov wrote: > On Wed, 15 Feb 2017 17:13:31 +0700 > Konstantin Shalygin wrote: > >> Read all about Extprograms, but have a question. >> Use case: >> Every day we have couple messages with attachment (from one sender, >> this is one-way communication). This attachment is uploads to >> ownCloud. By hand... need some automation. >> As I see, pipe cat execute scripts with text data USER/FROM/SUBJECT - >> and I think with variables it can be any text data, how about >> attachment? >> >> How I see this: script executes and as arg receives from sieve >> attachment file, or message file and we can parse it for attachment. >> When we have attachment - upload to ownCloud via RESTapi and purge >> message. >> >> Found some realization for encrypt messages >> https://github.com/EtiennePerot/gpgit/blob/master/encmaildir.sh >> but for me more easy just connect to IMAP and do what I want (but I >> love sieve). > Do you really need Sieve for this? > > IMO such things are best handled in the SMTP server: > > 1) Set up an alias for the mail address receiving these mails. > > 2) Make that alias expand both to its real final destination > (an address, mails to which would be delivered to the IMAP > folder as before) and to a special "program" entry which looks > like "| /path/to/the/external/program". > > See `man aliases` [4] for more info. > > The program is supposed to receive the mail message to its standard > input stream and do whatever it wishes with them. For instance, this > could be a shell script calling something like `ripmime` [1] on the > input, saving the attachments and then calling into whatever would > upload them. > > Note that if the program completed its task OK, it should return with > the zero result code. Otherwise it's advised to use one of result > codes defined by Sendmail, which are described in [2] and whose exact > numeric values could be googled (for instance, see [3]). If your > program return a "known" exit code on error, you'll get better > diagnostics reported for that failure by your SMTP server. > > 1. http://www.pldaniels.com/ripmime/ > 2. http://docstore.mik.ua/orelly/networking/sendmail/ch36_05.htm > 3. https://gist.github.com/bojanrajkovic/831993 > 4. http://www.postfix.org/aliases.5.html -- Best regards, Konstantin Shalygin From jean-luc.oms at lirmm.fr Wed Mar 22 11:06:38 2017 From: jean-luc.oms at lirmm.fr (Jean-Luc Oms) Date: Wed, 22 Mar 2017 12:06:38 +0100 Subject: SIS and mailbox restore Message-ID: Still on the problem with dovecot 2.2.27 .... I use the single instance storage, and mdbox format. I use 2 zfs file systems, one for mailboxes, the other for attachements. I use znapzend to generate many zfs snapshots for backup purpose (inode numbers are preserved but it is unusefull). When I try to restore a deleted/purged mailbox with doveadm import I get the error of the first attachement missing in the SIS and the process stops. Option 1: the python script is working but it's really too long. * I restore all the SIS missing files since the snapshot date, preserving hard link count; * I restore the mailbox * I purge all the mailbox to delete the large number of unnecessery files restored Option 2: looking in the list archive I see that doveadm dump can guive me the msg.ext-ref that was missing to my knowledge. I try this use of doveadm dump: doveadm dump /MySnapShot/vmail/user/mdbox/storage/m.* Is this correct to get all the information I need ? I have to write a script to get msg.ext-ref for a particular msf.guid, or a specific mailbox Is there a way with doveadm dump to extract this type of information for a particular mailbox ? Thanks for your support. -- __________________________________________ Jean-Luc Oms STI-R?seauX - LIRMM - CNRS/UM2 161 rue Ada - BAT 4 - CC 477 34095 Montpellier cedex 5 Tel +33 4 67 41 85 93 Urg +33 6 32 01 04 17 __________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2922 bytes Desc: Signature cryptographique S/MIME URL: From yacinechaouche at yahoo.com Wed Mar 22 15:36:02 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Wed, 22 Mar 2017 15:36:02 +0000 (UTC) Subject: The challenge of customizing Dovecot In-Reply-To: <5d561547-f0f7-7f60-bc88-3464d331cb20@htt-consult.com> References: <5d561547-f0f7-7f60-bc88-3464d331cb20@htt-consult.com> Message-ID: <1216132629.1515951.1490196962957@mail.yahoo.com> Robert, What would be the benefit of using sed against making customized files and just copying them ? I'd probably just want to copy a working version of /etc/dovecot/ conf files instead of modifying my existing files with sed scripts (or create new ones with cat). -- Yassine. From yacinechaouche at yahoo.com Wed Mar 22 15:43:05 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Wed, 22 Mar 2017 15:43:05 +0000 (UTC) Subject: Permission denied when logrotating dovecot.log In-Reply-To: References: <494c69f4-69a0-32cd-8ebe-9efb7f0be583@binarykitchen.com> <2DF671B6A542320EEB4F941B@ritz.innovate.net> <5d04eec9-9495-22cf-0c3c-9c58f72e75ea@binarykitchen.com> Message-ID: <333764543.1373017.1490197385612@mail.yahoo.com> Michael, You should probably just chmod 600 your dovecot.log file. Here's mine (debian 8): root at messagerie-secours[CHROOT][10.10.10.19] ~ # ls /var/log/dovecot.log -rw------- 1 root root 8.3M Mar 22 16:40 /var/log/dovecot.log root at messagerie-secours[CHROOT][10.10.10.19] ~ # And here are the permissions for my /var/log directory : root at messagerie-secours[CHROOT][10.10.10.19] ~ # ls -d /var/log/ drwxr-xr-x 11 root root 4.0K Mar 22 06:25 /var/log/ root at messagerie-secours[CHROOT][10.10.10.19] ~ # -- Yassine. From dmiller at amfes.com Wed Mar 22 16:11:43 2017 From: dmiller at amfes.com (Daniel Miller) Date: Wed, 22 Mar 2017 09:11:43 -0700 Subject: replicator crashing - oom In-Reply-To: <9cc506dc-7422-ab5f-ed5e-a91ef663b812@dovecot.fi> References: <9cc506dc-7422-ab5f-ed5e-a91ef663b812@dovecot.fi> Message-ID: Where would I find the core file? I'm not finding anything obvious. The replicator path is /usr/local/libexec/dovecot/replicator Daniel On 3/22/2017 12:52 AM, Aki Tuomi wrote: > Can you provide us gdb bt full dump? > > gdb /usr/libexec/dovecot/replicator /path/to/core > > on some systems, it's /usr/lib/dovecot/replicator > > Aki > > On 21.03.2017 23:48, Daniel Miller wrote: >> I have the following in my log: >> >> Mar 21 14:46:59 bubba dovecot: replicator: Panic: data stack: Out of >> memory when allocating 1073741864 bytes >> Mar 21 14:46:59 bubba dovecot: replicator: Error: Raw backtrace: >> /usr/local/lib/dovecot/libdovecot.so.0(+0x97c90) [0x7f4638a7cc90] -> >> /usr/local/lib/dovecot/libdovecot.so.0(+0x97d6e) [0x7f4638a7cd6e] -> >> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4638a14322] -> >> /usr/local/lib/dovecot/libdovecot.so.0(+0x95e3f) [0x7f4638a7ae3f] -> >> /usr/local/lib/dovecot/libdovecot.so.0(+0x9608b) [0x7f4638a7b08b] -> >> /usr/local/lib/dovecot/libdovecot.so.0(+0xb15f8) [0x7f4638a965f8] -> >> /usr/local/lib/dovecot/libdovecot.so.0(+0x93c42) [0x7f4638a78c42] -> >> /usr/local/lib/dovecot/libdovecot.so.0(buffer_write+0x74) >> [0x7f4638a78fb4] -> dovecot/replicator(replicator_queue_push+0x13b) >> [0x40519b] -> dovecot/replicator() [0x4049c2] -> dovecot/replicator() >> [0x4040a8] -> dovecot/replicator() [0x404275] -> >> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x52) >> [0x7f4638a907d2] -> >> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xe7) >> [0x7f4638a91d17] -> >> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x3c) >> [0x7f4638a9086c] -> >> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) >> [0x7f4638a90a28] -> >> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) >> [0x7f4638a1dfc3] -> dovecot/replicator(main+0x17a) [0x40342a] -> >> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) >> [0x7f4638640ec5] -> dovecot/replicator() [0x4034c5] >> Mar 21 14:47:00 bubba dovecot: replicator: Fatal: master: >> service(replicator): child 15650 killed with signal 6 (core dumped) >> From yacinechaouche at yahoo.com Wed Mar 22 16:42:20 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Wed, 22 Mar 2017 16:42:20 +0000 (UTC) Subject: Solved? - Re: Understanding quotas In-Reply-To: <479d3309-936a-a81b-081a-e2ce1609315d@htt-consult.com> References: <9620c8c8-baee-2a91-cd00-839f28be6420@htt-consult.com> <479d3309-936a-a81b-081a-e2ce1609315d@htt-consult.com> Message-ID: <909763841.1512272.1490200940556@mail.yahoo.com> Robert, If you wish, you can go one step further and configure postfix to reject mail -5.X.X DSN- when user is over quota instead of having the mail waiting in the postfix mail queue for considering it a temporary delivery problem -4.X.X DSN-. When the problem is considered temporary postfix will retry to send the e-mail several times (sometimes for a whole week) and the sender wouldn't even know that their message didn't get to the recipient. With a permanent error, the sender is immediately informed that their mail couldn't make it to the recipient's inbox. In order to do this, you need to tell postfix and dovecot to talk together using the LMTP protocol. To achieve this, two things : 1/ In dovecot : configure the lmtp service and tell it that postfix will talk to it through the /var/spool/postfix/private/dovecot-lmtp unix socket. In conf.d/10-master.conf : service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } Here, dovecot will create the socket in postfix's chroot directory just to make sure it can access it (in case it runs chrooted, which is the default in debian). Should you have created the socket outside of postfix's chroot, then postfix wouldn't have access to it. In order for dovecot to create that socket it needs to connect as the postfix system user and group. In Debian, postfix chroot is /var/spool/postfix/. 2/ In postfix : use the lmtp service as your transport and set the "next hop" (postfix's jargon) to the unix dovecot-lmtp socket (that dovecot will create for you). This is done by editing postfix's main.cf : virtual_transport = lmtp:unix:private/dovecot-lmtp you should also find an lmtp line in master.cf, it should read like this : lmtp unix - - - - - lmtp you can leave that unchanged. If you do 1/ and 2/, dovecot will inform postfix (via the LMTP protocol) that the user is over quota and mail should be rejected (not held in queue), postfix will then bounce to the sender, informing them that their message couldn't be delivered : This is the mail system at host my.mailserver.tld I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. [...] : host my.mailserver.tld[private/dovecot-lmtp] said: 552 5.2.2 Quota exceeded (mailbox for user is full) (in reply to end of DATA command) -- Yassine From dmiller at amfes.com Wed Mar 22 16:43:14 2017 From: dmiller at amfes.com (Daniel Miller) Date: Wed, 22 Mar 2017 09:43:14 -0700 Subject: replicator crashing - oom In-Reply-To: References: <9cc506dc-7422-ab5f-ed5e-a91ef663b812@dovecot.fi> Message-ID: Think I got it: #0 0x00007fddaf597c37 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007fddaf59b028 in __GI_abort () at abort.c:89 #2 0x00007fddaf9c0c86 in default_fatal_finish (type=, status=status at entry=0) at failures.c:201 #3 0x00007fddaf9c0d6e in i_internal_fatal_handler (ctx=0x7fff7197d000, format=, args=) at failures.c:670 #4 0x00007fddaf958322 in i_panic (format=format at entry=0x7fddafa047b8 "data stack: Out of memory when allocating %lu bytes") at failures.c:275 #5 0x00007fddaf9bee3f in mem_block_alloc (min_size=536870912) at data-stack.c:341 #6 0x00007fddaf9bf08b in t_malloc_real (size=size at entry=536870912, permanent=permanent at entry=true) at data-stack.c:396 #7 0x00007fddaf9bf0ca in t_malloc (size=size at entry=536870912) at data-stack.c:442 #8 0x00007fddaf9da5f8 in pool_data_stack_realloc (pool=, mem=0x7fdd99f59038, old_size=268435449, new_size=536870912) at mempool-datastack.c:126 #9 0x00007fddaf9bcc42 in p_realloc (new_size=, old_size=, mem=, pool=) at mempool.h:88 #10 buffer_alloc (buf=buf at entry=0xf849a8, size=536870912) at buffer.c:36 #11 0x00007fddaf9bcfb4 in buffer_check_limits (data_size=32, pos=268435424, buf=0xf849a8) at buffer.c:75 #12 buffer_write (_buf=0xf849a8, pos=268435424, data=0xfa0420, data_size=32) at buffer.c:187 #13 0x000000000040519b in array_append_i (count=1, data=0xfa0420, array=) at ../../../src/lib/array.h:168 #14 replicator_queue_handle_sync_lookups (user=0xfa3fc0, queue=0xf92260) at replicator-queue.c:278 ---Type to continue, or q to quit--- #15 replicator_queue_push (queue=0xf92260, user=0xfa3fc0) at replicator-queue.c:296 #16 0x00000000004049c2 in dsync_callback (reply=DSYNC_REPLY_OK, state=0xf84590 "AQAAAHX+sC3O3gNSjAoAAOEwx0RQoclMAwAAAAQ", 'A' , "DAAAAEu2cNfSIZk0oMgAAO8QcX0yhyUwDAAAAlg", 'A' , "IAAADFjqMEUPIEU+IlAACdtazLUaHJTAcAAAAI", 'A' , "BwAAAEfYPTqXct9VYRMAAJ21"..., context=0xfa1560) at replicator-brain.c:121 #17 0x00000000004040a8 in dsync_callback (client=0xfa14a0, state=, reply=DSYNC_REPLY_OK) at dsync-client.c:65 #18 0x0000000000404275 in dsync_input_line (line=0xf84988 "+", client=0xfa14a0) at dsync-client.c:132 #19 dsync_input (client=0xfa14a0) at dsync-client.c:153 #20 0x00007fddaf9d47d2 in io_loop_call_io (io=0xfa15a0) at ioloop.c:599 #21 0x00007fddaf9d5d17 in io_loop_handler_run_internal (ioloop=ioloop at entry=0xf8c720) at ioloop-epoll.c:223 #22 0x00007fddaf9d486c in io_loop_handler_run (ioloop=ioloop at entry=0xf8c720) at ioloop.c:648 #23 0x00007fddaf9d4a28 in io_loop_run (ioloop=0xf8c720) at ioloop.c:623 #24 0x00007fddaf961fc3 in master_service_run (service=0xf8c5c0, callback=callback at entry=0x404720 ) at master-service.c:641 #25 0x000000000040342a in main (argc=1, argv=0xf8c390) at replicator.c:112 Daniel On 3/22/2017 9:11 AM, Daniel Miller wrote: > Where would I find the core file? I'm not finding anything obvious. > > The replicator path is /usr/local/libexec/dovecot/replicator > > Daniel > > On 3/22/2017 12:52 AM, Aki Tuomi wrote: >> Can you provide us gdb bt full dump? >> >> gdb /usr/libexec/dovecot/replicator /path/to/core >> >> on some systems, it's /usr/lib/dovecot/replicator >> >> Aki >> >> On 21.03.2017 23:48, Daniel Miller wrote: >>> I have the following in my log: >>> >>> Mar 21 14:46:59 bubba dovecot: replicator: Panic: data stack: Out of >>> memory when allocating 1073741864 bytes >>> Mar 21 14:46:59 bubba dovecot: replicator: Error: Raw backtrace: >>> /usr/local/lib/dovecot/libdovecot.so.0(+0x97c90) [0x7f4638a7cc90] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(+0x97d6e) [0x7f4638a7cd6e] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4638a14322] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(+0x95e3f) [0x7f4638a7ae3f] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(+0x9608b) [0x7f4638a7b08b] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(+0xb15f8) [0x7f4638a965f8] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(+0x93c42) [0x7f4638a78c42] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(buffer_write+0x74) >>> [0x7f4638a78fb4] -> dovecot/replicator(replicator_queue_push+0x13b) >>> [0x40519b] -> dovecot/replicator() [0x4049c2] -> dovecot/replicator() >>> [0x4040a8] -> dovecot/replicator() [0x404275] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x52) >>> [0x7f4638a907d2] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xe7) >>> >>> [0x7f4638a91d17] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x3c) >>> [0x7f4638a9086c] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) >>> [0x7f4638a90a28] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) >>> [0x7f4638a1dfc3] -> dovecot/replicator(main+0x17a) [0x40342a] -> >>> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) >>> [0x7f4638640ec5] -> dovecot/replicator() [0x4034c5] >>> Mar 21 14:47:00 bubba dovecot: replicator: Fatal: master: >>> service(replicator): child 15650 killed with signal 6 (core dumped) >>> From wogri at wogri.com Wed Mar 22 21:10:56 2017 From: wogri at wogri.com (Wolfgang Hennerbichler) Date: Wed, 22 Mar 2017 22:10:56 +0100 Subject: One way dsync replication with dsync -R Message-ID: <940B4C4E-20B1-44D7-96C8-8B74DB30814F@wogri.com> Hi dovecot users, I?ve found the -R parameter for dsync. Does this enable one-way syncing if enabled on the slave in replication_dsync_parameters? The documentation doesn?t mention much what happens if I enable this on the ?replciation slave?. Before you ask: Two way synchronisation causes issues in my installation (see the unanswered thread here: http://www.dovecot.org/list/dovecot/2017-March/107431.html), it causes unread, deleted messages to re-appear. I would hope that one-way synchronisation would avoid this, but I?d also like to know if the -R parameter is safe to use. I am also still wondering if anybody has a perfectly working 2-way-synchronised dovecot installation (and I?m interested in your dovecot -n). wogri From rgm at htt-consult.com Wed Mar 22 22:25:39 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Wed, 22 Mar 2017 18:25:39 -0400 Subject: The challenge of customizing Dovecot In-Reply-To: <1216132629.1515951.1490196962957@mail.yahoo.com> References: <5d561547-f0f7-7f60-bc88-3464d331cb20@htt-consult.com> <1216132629.1515951.1490196962957@mail.yahoo.com> Message-ID: On 03/22/2017 11:36 AM, chaouche yacine wrote: > Robert, > > What would be the benefit of using sed against making customized files and just copying them ? I'd probably just want to copy a working version of /etc/dovecot/ conf files instead of modifying my existing files with sed scripts (or create new ones with cat). new options are left unaltered. I learned this with postfix, to use postconf instead of trying to replace main.cf. I thought about mv old confs then cat new confs, but again, there are other things set up, and I worked at changing what needed customization, rather than wholesale replacement. From rgm at htt-consult.com Wed Mar 22 22:27:22 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Wed, 22 Mar 2017 18:27:22 -0400 Subject: Solved? - Re: Understanding quotas In-Reply-To: <909763841.1512272.1490200940556@mail.yahoo.com> References: <9620c8c8-baee-2a91-cd00-839f28be6420@htt-consult.com> <479d3309-936a-a81b-081a-e2ce1609315d@htt-consult.com> <909763841.1512272.1490200940556@mail.yahoo.com> Message-ID: Thanks. I will look this over. On 03/22/2017 12:42 PM, chaouche yacine wrote: > Robert, > > > If you wish, you can go one step further and configure postfix to reject mail -5.X.X DSN- when user is over quota instead of having the mail waiting in the postfix mail queue for considering it a temporary delivery problem -4.X.X DSN-. When the problem is considered temporary postfix will retry to send the e-mail several times (sometimes for a whole week) and the sender wouldn't even know that their message didn't get to the recipient. With a permanent error, the sender is immediately informed that their mail couldn't make it to the recipient's inbox. > > > In order to do this, you need to tell postfix and dovecot to talk together using the LMTP protocol. > > To achieve this, two things : > > > 1/ In dovecot : configure the lmtp service and tell it that postfix will talk to it through the /var/spool/postfix/private/dovecot-lmtp unix socket. In conf.d/10-master.conf : > > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > > Here, dovecot will create the socket in postfix's chroot directory just to make sure it can access it (in case it runs chrooted, which is the default in debian). Should you have created the socket outside of postfix's chroot, then postfix wouldn't have access to it. In order for dovecot to create that socket it needs to connect as the postfix system user and group. In Debian, postfix chroot is /var/spool/postfix/. > > > > > > 2/ In postfix : use the lmtp service as your transport and set the "next hop" (postfix's jargon) to the unix dovecot-lmtp socket (that dovecot will create for you). This is done by editing postfix's main.cf : > > > virtual_transport = lmtp:unix:private/dovecot-lmtp > > you should also find an lmtp line in master.cf, it should read like this : > > lmtp unix - - - - - lmtp > > > you can leave that unchanged. > > > If you do 1/ and 2/, dovecot will inform postfix (via the LMTP protocol) that the user is over quota and mail should be rejected (not held in queue), postfix will then bounce to the sender, informing them that their message couldn't be delivered : > > This is the mail system at host my.mailserver.tld > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > [...] > > : host > > my.mailserver.tld[private/dovecot-lmtp] said: 552 5.2.2 > > Quota exceeded (mailbox for user is full) > (in reply to end of DATA command) > > > > > -- Yassine > From rob at robarchibald.com Wed Mar 22 22:54:51 2017 From: rob at robarchibald.com (Rob Archibald) Date: Wed, 22 Mar 2017 15:54:51 -0700 Subject: One way dsync replication with dsync -R In-Reply-To: <940B4C4E-20B1-44D7-96C8-8B74DB30814F@wogri.com> References: <940B4C4E-20B1-44D7-96C8-8B74DB30814F@wogri.com> Message-ID: <00f701d2a35f$51cb3c20$f561b460$@robarchibald.com> I'm using dsync successfully to keep two nodes synchronized, but I have the same problems as you. When I first set it up, I purposely had my phone connected to one node and my desktop connected to the other node. This allowed me to watch for the very issues you're referring to. I ran into them enough that I quit using it that way. But, what I also found was that it was just a timing issue. If they weren't synchronized, I could wait a bit and they would get synched up. Obviously that doesn't work too great if you're sending clients to both nodes through a load balancer though. But, since it was just a timing issue, it also made me feel plenty comfortable using 2-way sync. I've been able to verify that whichever node is the "master" that the other node will be in sync soon thereafter. It just doesn't work great if you're logged into both at the same time. How does that help you may ask? Well, my plan is to setup Dovecot Director on each of my node pairs to enable load balancing that way instead of through some other load balancer. Director should ensure that all clients of a single user will be directed to the same node. Since I haven't set that up yet, I can't guarantee it'll work, but based on my testing and reading, I think it should be fine. The benefits I'm expecting are: 1. Redundant and reliable storage with data always in 2 places at once 2. All devices of a single user always go to the same server so that there is no risk of synchronization delays between devices 3. Local storage connections for Dovecot so hopefully a lot fewer index corruption issues compared to NFS 4. Redundant compute nodes so if one server goes down, clients can still connect At a high level, my complete setup that I'm building is to 1. Shard users into separate server pairs using Dovecot Proxy, 2. Load-balance them within the server pair using Dovecot Director. Hopefully my attempt to explain will come out well in ASCII: Server sharding (however many pairs needed to support users. 4 users each obviously only for illustration purposes) ========================= Server pair 1 (servers A & B) Users 1-4 Server pair 2 (servers C & D) Users 5-8 User connections ============= User 1 device 1 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server A User 2 device 1 ---> Load balancer ---> Dovecot proxy B ---> Send to Server A running Director ---> Connect on Server B User 5 device 1 ---> Load balancer ---> Dovecot proxy C ---> Send to Server C running Director ---> Connect on Server C User 1 device 2 ---> Load balancer ---> Dovecot proxy D ---> Send to Server A running Director ---> Connect on Server A User 7 device 1 ---> Load balancer ---> Dovecot proxy A ---> Send to Server C running Director ---> Connect on Server D User 6 device 1 ---> Load balancer ---> Dovecot proxy B ---> Send to Server C running Director ---> Connect on Server C User 3 device 1 ---> Load balancer ---> Dovecot proxy C ---> Send to Server A running Director ---> Connect on Server B User 8 device 1 ---> Load balancer ---> Dovecot proxy D ---> Send to Server C running Director ---> Connect on Server D User 3 device 2 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server B User 5 device 3 ---> Load balancer ---> Dovecot proxy B ---> Send to Server C running Director ---> Connect on Server C User 5 device 2 ---> Load balancer ---> Dovecot proxy C ---> Send to Server C running Director ---> Connect on Server C User 4 device 1 ---> Load balancer ---> Dovecot proxy D ---> Send to Server A running Director ---> Connect on Server A User 5 device 4 ---> Load balancer ---> Dovecot proxy A ---> Send to Server C running Director ---> Connect on Server C User 1 device 3 ---> Load balancer ---> Dovecot proxy B ---> Send to Server A running Director ---> Connect on Server A User 1 device 4 ---> Load balancer ---> Dovecot proxy C ---> Send to Server A running Director ---> Connect on Server A User 6 device 2 ---> Load balancer ---> Dovecot proxy D ---> Send to Server C running Director ---> Connect on Server C User 2 device 2 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server B Results =========== User 1, 4 - Server A User 2, 3 - Server B User 5, 6 - Server C User 7, 8 - Server D I would love to hear if others have gotten something like this working. Blessings, Rob Archibald CTO, EndFirst LLC rob at robarchibald.com -----Original Message----- From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Wolfgang Hennerbichler Sent: Wednesday, March 22, 2017 2:11 PM To: dovecot at dovecot.org Subject: One way dsync replication with dsync -R Hi dovecot users, I?ve found the -R parameter for dsync. Does this enable one-way syncing if enabled on the slave in replication_dsync_parameters? The documentation doesn?t mention much what happens if I enable this on the ?replciation slave?. Before you ask: Two way synchronisation causes issues in my installation (see the unanswered thread here: http://www.dovecot.org/list/dovecot/2017-March/107431.html), it causes unread, deleted messages to re-appear. I would hope that one-way synchronisation would avoid this, but I?d also like to know if the -R parameter is safe to use. I am also still wondering if anybody has a perfectly working 2-way-synchronised dovecot installation (and I?m interested in your dovecot -n). wogri From rob at robarchibald.com Wed Mar 22 22:58:45 2017 From: rob at robarchibald.com (Rob Archibald) Date: Wed, 22 Mar 2017 15:58:45 -0700 Subject: One way dsync replication with dsync -R In-Reply-To: <00f701d2a35f$51cb3c20$f561b460$@robarchibald.com> References: <940B4C4E-20B1-44D7-96C8-8B74DB30814F@wogri.com> <00f701d2a35f$51cb3c20$f561b460$@robarchibald.com> Message-ID: <00f901d2a35f$dc7b1480$95713d80$@robarchibald.com> Ugh, sorry for the formatting. Not sure what happened when it sent through the list. Trying again Blessings, Rob Archibald CTO, EndFirst LLC rob at robarchibald.com -----Original Message----- From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Rob Archibald Sent: Wednesday, March 22, 2017 3:55 PM To: 'Wolfgang Hennerbichler'; dovecot at dovecot.org Subject: RE: One way dsync replication with dsync -R I'm using dsync successfully to keep two nodes synchronized, but I have the same problems as you. When I first set it up, I purposely had my phone connected to one node and my desktop connected to the other node. This allowed me to watch for the very issues you're referring to. I ran into them enough that I quit using it that way. But, what I also found was that it was just a timing issue. If they weren't synchronized, I could wait a bit and they would get synched up. Obviously that doesn't work too great if you're sending clients to both nodes through a load balancer though. But, since it was just a timing issue, it also made me feel plenty comfortable using 2-way sync. I've been able to verify that whichever node is the "master" that the other node will be in sync soon thereafter. It just doesn't work great if you're logged into both at the same time. How does that help you may ask? Well, my plan is to setup Dovecot Director on each of my node pairs to enable load balancing that way instead of through some other load balancer. Director should ensure that all clients of a single user will be directed to the same node. Since I haven't set that up yet, I can't guarantee it'll work, but based on my testing and reading, I think it should be fine. The benefits I'm expecting are: 1. Redundant and reliable storage with data always in 2 places at once 2. All devices of a single user always go to the same server so that there is no risk of synchronization delays between devices 3. Local storage connections for Dovecot so hopefully a lot fewer index corruption issues compared to NFS 4. Redundant compute nodes so if one server goes down, clients can still connect At a high level, my complete setup that I'm building is to 1. Shard users into separate server pairs using Dovecot Proxy, 2. Load-balance them within the server pair using Dovecot Director. Hopefully my attempt to explain will come out well in ASCII: Server sharding (however many pairs needed to support users. 4 users each obviously only for illustration purposes) ========================= Server pair 1 (servers A & B) Users 1-4 Server pair 2 (servers C & D) Users 5-8 User connections ============= User 1 device 1 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server A User 2 device 1 ---> Load balancer ---> Dovecot proxy B ---> Send to Server A running Director ---> Connect on Server B User 5 device 1 ---> Load balancer ---> Dovecot proxy C ---> Send to Server C running Director ---> Connect on Server C User 1 device 2 ---> Load balancer ---> Dovecot proxy D ---> Send to Server A running Director ---> Connect on Server A User 7 device 1 ---> Load balancer ---> Dovecot proxy A ---> Send to Server C running Director ---> Connect on Server D User 6 device 1 ---> Load balancer ---> Dovecot proxy B ---> Send to Server C running Director ---> Connect on Server C User 3 device 1 ---> Load balancer ---> Dovecot proxy C ---> Send to Server A running Director ---> Connect on Server B User 8 device 1 ---> Load balancer ---> Dovecot proxy D ---> Send to Server C running Director ---> Connect on Server D User 3 device 2 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server B User 5 device 3 ---> Load balancer ---> Dovecot proxy B ---> Send to Server C running Director ---> Connect on Server C User 5 device 2 ---> Load balancer ---> Dovecot proxy C ---> Send to Server C running Director ---> Connect on Server C User 4 device 1 ---> Load balancer ---> Dovecot proxy D ---> Send to Server A running Director ---> Connect on Server A User 5 device 4 ---> Load balancer ---> Dovecot proxy A ---> Send to Server C running Director ---> Connect on Server C User 1 device 3 ---> Load balancer ---> Dovecot proxy B ---> Send to Server A running Director ---> Connect on Server A User 1 device 4 ---> Load balancer ---> Dovecot proxy C ---> Send to Server A running Director ---> Connect on Server A User 6 device 2 ---> Load balancer ---> Dovecot proxy D ---> Send to Server C running Director ---> Connect on Server C User 2 device 2 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server B Results =========== User 1, 4 - Server A User 2, 3 - Server B User 5, 6 - Server C User 7, 8 - Server D I would love to hear if others have gotten something like this working. Blessings, Rob Archibald CTO, EndFirst LLC rob at robarchibald.com -----Original Message----- From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Wolfgang Hennerbichler Sent: Wednesday, March 22, 2017 2:11 PM To: dovecot at dovecot.org Subject: One way dsync replication with dsync -R Hi dovecot users, I?ve found the -R parameter for dsync. Does this enable one-way syncing if enabled on the slave in replication_dsync_parameters? The documentation doesn?t mention much what happens if I enable this on the ?replciation slave?. Before you ask: Two way synchronisation causes issues in my installation (see the unanswered thread here: http://www.dovecot.org/list/dovecot/2017-March/107431.html), it causes unread, deleted messages to re-appear. I would hope that one-way synchronisation would avoid this, but I?d also like to know if the -R parameter is safe to use. I am also still wondering if anybody has a perfectly working 2-way-synchronised dovecot installation (and I?m interested in your dovecot -n). wogri From liam at eliam.co.uk Wed Mar 22 07:17:07 2017 From: liam at eliam.co.uk (Liam Parker) Date: Wed, 22 Mar 2017 07:17:07 -0000 Subject: dovecot configuration oops Message-ID: <000801d2a2dc$52983fa0$f7c8bee0$@eliam.co.uk> Hi, I've just transitioned from using courier to dovecot. Thanks for making this possible. During the 'quite simple' transition process, I didn't do much prep as I'm in more of a more of a fix-compile-fix-compile mode rather than a 'read all the docs first' so you may just want to give up now :) If you are still with me, I just wanted to say, it wasn't completely obvious that I needed a password and a user database [PAM not virtual]. Maybe that's just me but anyway, I spent longer than I should have trying to get PAM to work before eventually realising 'internal error check server logs' meant 'where's your user database'. I guess I assumed PAM could cover it all. If you are in to that kind of thing (usability), it might be sensible to have some kind of "basic errors" check during the config file parse phase which picks up stuff like this and points out a more specific error. I did check the logs vigorously and I even turn on every kind of debug_ (to the extent I started getting plain text passwords in the log!) but the 'internal server error check logs' was actually the only log entry for this issue. In case the point is still unclear, I would have spent less time running in the wrong direction if the error message had been "At least one user database must be configured" or some such. I completely understand if your philosophy is "read the manual or suffer the consequences" and it wasn't a complete fail but a simple up front config check could have helped. Thanks for your time today, Kind Regards, Liam From yacinechaouche at yahoo.com Thu Mar 23 00:03:59 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Thu, 23 Mar 2017 00:03:59 +0000 (UTC) Subject: dovecot configuration oops In-Reply-To: <000801d2a2dc$52983fa0$f7c8bee0$@eliam.co.uk> References: <000801d2a2dc$52983fa0$f7c8bee0$@eliam.co.uk> Message-ID: <1005981343.1798958.1490227439881@mail.yahoo.com> Hello Liam ! I'm not a dovecot developer but usually the classic response is "patch welcome" :) -- Yassine. From rob.mcaninch at gmail.com Thu Mar 23 01:16:36 2017 From: rob.mcaninch at gmail.com (Rob McAninch) Date: Wed, 22 Mar 2017 21:16:36 -0400 Subject: The challenge of customizing Dovecot In-Reply-To: References: <5d561547-f0f7-7f60-bc88-3464d331cb20@htt-consult.com> <1216132629.1515951.1490196962957@mail.yahoo.com> Message-ID: > On Mar 22, 2017, at 18:25, Robert Moskowitz wrote: > > > >> On 03/22/2017 11:36 AM, chaouche yacine wrote: >> Robert, >> >> What would be the benefit of using sed against making customized files and just copying them ? I'd probably just want to copy a working version of /etc/dovecot/ conf files instead of modifying my existing files with sed scripts (or create new ones with cat). > > new options are left unaltered. I learned this with postfix, to use postconf instead of trying to replace main.cf. > > I thought about mv old confs then cat new confs, but again, there are other things set up, and I worked at changing what needed customization, rather than wholesale replacement. Did you consider putting your customization in a local.conf which should be tried at the end? Could put whatever explanation in there you want. On a system like Debian this would more easily allow the default files to be upgraded without intervention. -- Rob From rgm at htt-consult.com Thu Mar 23 03:53:15 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Wed, 22 Mar 2017 23:53:15 -0400 Subject: The challenge of customizing Dovecot In-Reply-To: References: <5d561547-f0f7-7f60-bc88-3464d331cb20@htt-consult.com> <1216132629.1515951.1490196962957@mail.yahoo.com> Message-ID: On 03/22/2017 09:16 PM, Rob McAninch wrote: >> On Mar 22, 2017, at 18:25, Robert Moskowitz wrote: >> >> >> >>> On 03/22/2017 11:36 AM, chaouche yacine wrote: >>> Robert, >>> >>> What would be the benefit of using sed against making customized files and just copying them ? I'd probably just want to copy a working version of /etc/dovecot/ conf files instead of modifying my existing files with sed scripts (or create new ones with cat). >> new options are left unaltered. I learned this with postfix, to use postconf instead of trying to replace main.cf. >> >> I thought about mv old confs then cat new confs, but again, there are other things set up, and I worked at changing what needed customization, rather than wholesale replacement. > Did you consider putting your customization in a local.conf which should be tried at the end? Could put whatever explanation in there you want. On a system like Debian this would more easily allow the default files to be upgraded without intervention. > I have not seen any reference to a local.conf. Can you point this out to me? I will have to see that it is maintained in Centos. But some of the mods are additions (like plugins) to existing lines. I would have to find out how those are processed. thanks From rob.mcaninch at gmail.com Thu Mar 23 04:15:01 2017 From: rob.mcaninch at gmail.com (Rob McAninch) Date: Thu, 23 Mar 2017 00:15:01 -0400 Subject: The challenge of customizing Dovecot In-Reply-To: References: <5d561547-f0f7-7f60-bc88-3464d331cb20@htt-consult.com> <1216132629.1515951.1490196962957@mail.yahoo.com> Message-ID: <751E61DB-BDB3-4AD4-AEB3-10EC42537140@gmail.com> -- Rob McAninch robmcaninch.com (Sent from my iPhone) > On Mar 22, 2017, at 23:53, Robert Moskowitz wrote: > > > > On 03/22/2017 09:16 PM, Rob McAninch wrote: >>> On Mar 22, 2017, at 18:25, Robert Moskowitz wrote: >>> >>> >>> >>>> On 03/22/2017 11:36 AM, chaouche yacine wrote: >>>> Robert, >>>> >>>> What would be the benefit of using sed against making customized files and just copying them ? I'd probably just want to copy a working version of /etc/dovecot/ conf files instead of modifying my existing files with sed scripts (or create new ones with cat). >>> new options are left unaltered. I learned this with postfix, to use postconf instead of trying to replace main.cf. >>> >>> I thought about mv old confs then cat new confs, but again, there are other things set up, and I worked at changing what needed customization, rather than wholesale replacement. >> Did you consider putting your customization in a local.conf which should be tried at the end? Could put whatever explanation in there you want. On a system like Debian this would more easily allow the default files to be upgraded without intervention. >> > I have not seen any reference to a local.conf. Can you point this out to me? I will have to see that it is maintained in Centos. But some of the mods are additions (like plugins) to existing lines. I would have to find out how those are processed. It is mentioned here http://wiki.dovecot.org/ConfigFile Debian Jessie has the last line of dovecot.conf as: !include_try local.conf -- Rob From rgm at htt-consult.com Thu Mar 23 04:30:11 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Thu, 23 Mar 2017 00:30:11 -0400 Subject: The challenge of customizing Dovecot In-Reply-To: <751E61DB-BDB3-4AD4-AEB3-10EC42537140@gmail.com> References: <5d561547-f0f7-7f60-bc88-3464d331cb20@htt-consult.com> <1216132629.1515951.1490196962957@mail.yahoo.com> <751E61DB-BDB3-4AD4-AEB3-10EC42537140@gmail.com> Message-ID: <8f79ecb0-dd3d-c6e3-b4f2-07446ec5815f@htt-consult.com> On 03/23/2017 12:15 AM, Rob McAninch wrote: > > > -- Rob McAninch robmcaninch.com (Sent from my iPhone) >> On Mar 22, 2017, at 23:53, Robert Moskowitz wrote: >> >> >> >> On 03/22/2017 09:16 PM, Rob McAninch wrote: >>>> On Mar 22, 2017, at 18:25, Robert Moskowitz wrote: >>>> >>>> >>>> >>>>> On 03/22/2017 11:36 AM, chaouche yacine wrote: >>>>> Robert, >>>>> >>>>> What would be the benefit of using sed against making customized files and just copying them ? I'd probably just want to copy a working version of/etc/dovecot/ conf files instead of modifying my existing files with sed scripts (or create new ones with cat). >>>> new options are left unaltered. I learned this with postfix, to use postconf instead of trying to replace main.cf. >>>> >>>> I thought about mv old confs then cat new confs, but again, there are other things set up, and I worked at changing what needed customization, rather than wholesale replacement. >>> Did you consider putting your customization in a local.conf which should be tried at the end? Could put whatever explanation in there you want. On a system like Debian this would more easily allow the default files to be upgraded without intervention. >>> >> I have not seen any reference to a local.conf. Can you point this out to me? I will have to see that it is maintained in Centos. But some of the mods are additions (like plugins) to existing lines. I would have to find out how those are processed. > It is mentioned here > http://wiki.dovecot.org/ConfigFile > > Debian Jessie has the last line of dovecot.conf as: > > !include_try local.conf Did a tail and see the same line in Centos. I will have to think about the best way to use this and if it CAN be used for all the customization. I have some ideas. Starting with a comment of which conf.d file a particular section is customizing. thanks From aki.tuomi at dovecot.fi Thu Mar 23 07:17:47 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Thu, 23 Mar 2017 09:17:47 +0200 Subject: replicator crashing - oom In-Reply-To: References: <9cc506dc-7422-ab5f-ed5e-a91ef663b812@dovecot.fi> Message-ID: <065cb11b-4eeb-64b0-ac76-1de4d1106518@dovecot.fi> sysctl kernel.core_pattern usually indicates where cores are placed. If it says 'core' you are probably not gonna find it. Aki On 22.03.2017 18:11, Daniel Miller wrote: > Where would I find the core file? I'm not finding anything obvious. > > The replicator path is /usr/local/libexec/dovecot/replicator > > Daniel > > On 3/22/2017 12:52 AM, Aki Tuomi wrote: >> Can you provide us gdb bt full dump? >> >> gdb /usr/libexec/dovecot/replicator /path/to/core >> >> on some systems, it's /usr/lib/dovecot/replicator >> >> Aki >> >> On 21.03.2017 23:48, Daniel Miller wrote: >>> I have the following in my log: >>> >>> Mar 21 14:46:59 bubba dovecot: replicator: Panic: data stack: Out of >>> memory when allocating 1073741864 bytes >>> Mar 21 14:46:59 bubba dovecot: replicator: Error: Raw backtrace: >>> /usr/local/lib/dovecot/libdovecot.so.0(+0x97c90) [0x7f4638a7cc90] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(+0x97d6e) [0x7f4638a7cd6e] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4638a14322] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(+0x95e3f) [0x7f4638a7ae3f] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(+0x9608b) [0x7f4638a7b08b] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(+0xb15f8) [0x7f4638a965f8] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(+0x93c42) [0x7f4638a78c42] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(buffer_write+0x74) >>> [0x7f4638a78fb4] -> dovecot/replicator(replicator_queue_push+0x13b) >>> [0x40519b] -> dovecot/replicator() [0x4049c2] -> dovecot/replicator() >>> [0x4040a8] -> dovecot/replicator() [0x404275] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x52) >>> [0x7f4638a907d2] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xe7) >>> >>> [0x7f4638a91d17] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x3c) >>> [0x7f4638a9086c] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) >>> [0x7f4638a90a28] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) >>> [0x7f4638a1dfc3] -> dovecot/replicator(main+0x17a) [0x40342a] -> >>> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) >>> [0x7f4638640ec5] -> dovecot/replicator() [0x4034c5] >>> Mar 21 14:47:00 bubba dovecot: replicator: Fatal: master: >>> service(replicator): child 15650 killed with signal 6 (core dumped) >>> From skdovecot at smail.inf.fh-brs.de Thu Mar 23 07:23:32 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 23 Mar 2017 08:23:32 +0100 (CET) Subject: The challenge of customizing Dovecot In-Reply-To: <8f79ecb0-dd3d-c6e3-b4f2-07446ec5815f@htt-consult.com> References: <5d561547-f0f7-7f60-bc88-3464d331cb20@htt-consult.com> <1216132629.1515951.1490196962957@mail.yahoo.com> <751E61DB-BDB3-4AD4-AEB3-10EC42537140@gmail.com> <8f79ecb0-dd3d-c6e3-b4f2-07446ec5815f@htt-consult.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 23 Mar 2017, Robert Moskowitz wrote: > On 03/23/2017 12:15 AM, Rob McAninch wrote: >>> On Mar 22, 2017, at 23:53, Robert Moskowitz wrote: >> It is mentioned here >> http://wiki.dovecot.org/ConfigFile >> >> Debian Jessie has the last line of dovecot.conf as: >> >> !include_try local.conf > > Did a tail and see the same line in Centos. > > I will have to think about the best way to use this and if it CAN be used for > all the customization. > > I have some ideas. Starting with a comment of which conf.d file a particular > section is customizing. This seems to be the end of the example dovecot.conf: # Most of the actual configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes # in filenames are intended to make it easier to understand the ordering. !include conf.d/*.conf # A config file can also tried to be included without giving an error if # it's not found: !include_try local.conf ======== I put my changes into new files sometimes with the same 00-prefix stem. There are settings that e.g. to change defaults, which are not picked up by other sections if mentioned in the last include file. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWNN39Hz1H7kL/d9rAQJRiQgAnL/NcZXOCjNEvY+AgUwQrPbAJz98kR/a 1hGb1FlI4Ssd/ApTIUIHLKRuKAlXt+s7EMMg5zbuKzQWNvXpJodRkkHH5WZcHJkX cMcT7XxKe7ndt8yBbZ9fAFo5XupcvIyLUfCUb50Izr5HsC6ElXuQ6ntRthO+jbtg AOkxH02loxhXJdMsJkuLkikIZ8vRAwK1Mo0hmyT2VqfMPJt7qx2GcU1b6Fx90jEj s3PusBI50ONbp5Sa7z7x1VlJYNxc6hf66lqoWvoY7xayEpCXk+QM+PaR2E/Du2TY x8JTR09KRNo8ouzZoWjwOuLCdDCrDefeQ5sqhAzN11rEZ4aPmMh6mw== =sHJC -----END PGP SIGNATURE----- From muelladdi at gmail.com Thu Mar 23 08:48:31 2017 From: muelladdi at gmail.com (Kein Name) Date: Thu, 23 Mar 2017 09:48:31 +0100 Subject: Ubuntu Dovecot 2.2.9 several Errors, Transaction log as well as BUG message Message-ID: Hello List, I am running an Ubuntu 14.04.5 LTS Server with Dovecot 2.2.9, only local filesystems and authentication done via mysql backend. Server is a Strato Virtual Server running 2.6.32-042stab120.11 #1 SMP Fri Mar 10 16:52:50 MSK 2017 i686 i686 i686 GNU/Linux Sometimes I see errors in the log like this for one user: Error: Transaction log /var/vmail/ example.net/jena/Maildir/.Archives.2017/dovecot.index.log: duplicate transaction log sequence (2) After seeing these, some time later, (mostly 2h), Dovecot starts to deny login from all clients with messages like this: Mar 23 01:32:27 h2312250 dovecot: auth: Error: BUG: Authentication client sent unknown handshake command: REQUEST?1804861441?19318?1?9ce500129289a0237e4e85a6c880a047?session_pid=19323... Mar 23 01:32:27 h2312250 dovecot: imap: Error: Authentication server didn't send valid SPID as expected: MECH#011PLAIN#011plaintext Mar 23 01:32:27 h2312250 dovecot: imap: Error: Disconnected from auth server, aborting (client-pid=19318 client-id=1) Mar 23 01:32:27 h2312250 dovecot: imap-login: Internal login failure (pid=19318 id=1) (internal failure, 1 successful auths): user=< user at example.net>, method=PLAIN, rip=X, lip=X, mpid=19323, session= I do not know if these problems have something to do with each other or not. But it happened several times now (maybe once or twice every month or so). When I restart Dovecot, the error seems gone for the moment, until it comes back in a month or some weeks. For reference, here is the running config: dovecot.conf # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-042stab120.11 i686 Ubuntu 14.04.5 LTS auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } plugin { quota = maildir:User quota quota_rule = *:bytes=10M sieve = ~/dovecot.sieve } protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { mode = 0600 user = vmail } user = root } ssl_cert = References: Message-ID: 2.2.9 is rather old. Updating to a more recent version could help. Aki On 23.03.2017 10:48, Kein Name wrote: > Hello List, > > I am running an Ubuntu 14.04.5 LTS Server with Dovecot 2.2.9, only local > filesystems and authentication done via mysql backend. > Server is a Strato Virtual Server running > 2.6.32-042stab120.11 #1 SMP Fri Mar 10 16:52:50 MSK 2017 i686 i686 i686 > GNU/Linux > > Sometimes I see errors in the log like this for one user: > > Error: Transaction log /var/vmail/ > example.net/jena/Maildir/.Archives.2017/dovecot.index.log: duplicate > transaction log sequence (2) > > After seeing these, some time later, (mostly 2h), Dovecot starts to deny > login from all clients with messages like this: > > Mar 23 01:32:27 h2312250 dovecot: auth: Error: BUG: Authentication client > sent unknown handshake command: > REQUEST?1804861441?19318?1?9ce500129289a0237e4e85a6c880a047?session_pid=19323... > Mar 23 01:32:27 h2312250 dovecot: imap: Error: Authentication server didn't > send valid SPID as expected: MECH#011PLAIN#011plaintext > Mar 23 01:32:27 h2312250 dovecot: imap: Error: Disconnected from auth > server, aborting (client-pid=19318 client-id=1) > Mar 23 01:32:27 h2312250 dovecot: imap-login: Internal login failure > (pid=19318 id=1) (internal failure, 1 successful auths): user=< > user at example.net>, method=PLAIN, rip=X, lip=X, mpid=19323, > session= > > I do not know if these problems have something to do with each other or > not. But it happened several times now (maybe once or twice every month or > so). > When I restart Dovecot, the error seems gone for the moment, until it comes > back in a month or some weeks. > > > For reference, here is the running config: > > dovecot.conf > > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-042stab120.11 i686 Ubuntu 14.04.5 LTS > auth_mechanisms = plain login > auth_verbose = yes > disable_plaintext_auth = no > log_timestamp = "%Y-%m-%d %H:%M:%S " > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date ihave > passdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > plugin { > quota = maildir:User quota > quota_rule = *:bytes=10M > sieve = ~/dovecot.sieve > } > protocols = imap pop3 sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-master { > mode = 0600 > user = vmail > } > user = root > } > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol lda { > auth_socket_path = /var/run/dovecot/auth-master > mail_plugins = sieve quota > postmaster_address = postmaster at example.net > quota_full_tempfail = yes > } > > > dovecot-mysql.conf > > driver = mysql > connect = host=localhost dbname=mail user=user password=XXX > default_pass_scheme = CRYPT > password_query = SELECT password FROM users WHERE email = '%u' > user_query = SELECT > CONCAT('/var/vmail/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') > AS home, > CONCAT('maildir:/var/vmail/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/Maildir/') > AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule > FROM users WHERE email = '%u' > > > Any help is appreciated. > Thanks > Stefan Koenig From muelladdi at gmail.com Thu Mar 23 09:06:25 2017 From: muelladdi at gmail.com (Kein Name) Date: Thu, 23 Mar 2017 10:06:25 +0100 Subject: Ubuntu Dovecot 2.2.9 several Errors, Transaction log as well as BUG message In-Reply-To: References: Message-ID: Thanks for the advice, sadly the VM hoster uses Qemu with an ancient crappy kernel and does not offer any way to move upwards to 16.04 with dovecot 2.2.22. All I could do is try to force the 16.04 packages into the 14.04 system, which would likely add more problems than solve these :/ Stefan 2017-03-23 9:52 GMT+01:00 Aki Tuomi : > 2.2.9 is rather old. Updating to a more recent version could help. > > Aki > > > On 23.03.2017 10:48, Kein Name wrote: > > Hello List, > > > > I am running an Ubuntu 14.04.5 LTS Server with Dovecot 2.2.9, only local > > filesystems and authentication done via mysql backend. > > Server is a Strato Virtual Server running > > 2.6.32-042stab120.11 #1 SMP Fri Mar 10 16:52:50 MSK 2017 i686 i686 i686 > > GNU/Linux > > > > Sometimes I see errors in the log like this for one user: > > > > Error: Transaction log /var/vmail/ > > example.net/jena/Maildir/.Archives.2017/dovecot.index.log: duplicate > > transaction log sequence (2) > > > > After seeing these, some time later, (mostly 2h), Dovecot starts to deny > > login from all clients with messages like this: > > > > Mar 23 01:32:27 h2312250 dovecot: auth: Error: BUG: Authentication client > > sent unknown handshake command: > > REQUEST?1804861441?19318?1?9ce500129289a0237e4e85a6c880a047? > session_pid=19323... > > Mar 23 01:32:27 h2312250 dovecot: imap: Error: Authentication server > didn't > > send valid SPID as expected: MECH#011PLAIN#011plaintext > > Mar 23 01:32:27 h2312250 dovecot: imap: Error: Disconnected from auth > > server, aborting (client-pid=19318 client-id=1) > > Mar 23 01:32:27 h2312250 dovecot: imap-login: Internal login failure > > (pid=19318 id=1) (internal failure, 1 successful auths): user=< > > user at example.net>, method=PLAIN, rip=X, lip=X, mpid=19323, > > session= > > > > I do not know if these problems have something to do with each other or > > not. But it happened several times now (maybe once or twice every month > or > > so). > > When I restart Dovecot, the error seems gone for the moment, until it > comes > > back in a month or some weeks. > > > > > > For reference, here is the running config: > > > > dovecot.conf > > > > # 2.2.9: /etc/dovecot/dovecot.conf > > # OS: Linux 2.6.32-042stab120.11 i686 Ubuntu 14.04.5 LTS > > auth_mechanisms = plain login > > auth_verbose = yes > > disable_plaintext_auth = no > > log_timestamp = "%Y-%m-%d %H:%M:%S " > > managesieve_notify_capability = mailto > > managesieve_sieve_capability = fileinto reject envelope encoded-character > > vacation subaddress comparator-i;ascii-numeric relational regex > imap4flags > > copy include variables body enotify environment mailbox date ihave > > passdb { > > args = /etc/dovecot/dovecot-mysql.conf > > driver = sql > > } > > plugin { > > quota = maildir:User quota > > quota_rule = *:bytes=10M > > sieve = ~/dovecot.sieve > > } > > protocols = imap pop3 sieve > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > group = postfix > > mode = 0660 > > user = postfix > > } > > unix_listener auth-master { > > mode = 0600 > > user = vmail > > } > > user = root > > } > > ssl_cert = > ssl_key = > userdb { > > args = /etc/dovecot/dovecot-mysql.conf > > driver = sql > > } > > protocol pop3 { > > mail_plugins = quota > > pop3_uidl_format = %08Xu%08Xv > > } > > protocol imap { > > mail_plugins = quota imap_quota > > } > > protocol lda { > > auth_socket_path = /var/run/dovecot/auth-master > > mail_plugins = sieve quota > > postmaster_address = postmaster at example.net > > quota_full_tempfail = yes > > } > > > > > > dovecot-mysql.conf > > > > driver = mysql > > connect = host=localhost dbname=mail user=user password=XXX > > default_pass_scheme = CRYPT > > password_query = SELECT password FROM users WHERE email = '%u' > > user_query = SELECT > > CONCAT('/var/vmail/',SUBSTRING_INDEX(email,'@',-1),'/', > SUBSTRING_INDEX(email,'@',1),'/') > > AS home, > > CONCAT('maildir:/var/vmail/',SUBSTRING_INDEX(email,'@',-1),' > /',SUBSTRING_INDEX(email,'@',1),'/Maildir/') > > AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS > quota_rule > > FROM users WHERE email = '%u' > > > > > > Any help is appreciated. > > Thanks > > Stefan Koenig > From Ralf.Hildebrandt at charite.de Thu Mar 23 09:59:54 2017 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Thu, 23 Mar 2017 10:59:54 +0100 Subject: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) In-Reply-To: <20170320151625.GB14377@sys4.de> References: <3vmzd23b7Nz6Z@mproxy.charite.de> <20170320150729.qwqa4w7nugyse2vf@charite.de> <20170320151625.GB14377@sys4.de> Message-ID: <20170323095954.7fvnjagfwck2hl4u@charite.de> * Ralf Hildebrandt : > Mar 20 16:10:17 mproxy dovecot: master: Dovecot v2.2.devel (a39b5b2) starting up for imap > Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) > Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context > Mar 20 16:10:26 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,): Disconnected from server > Mar 20 16:10:26 mproxy dovecot: imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=1747, EOF) > Mar 20 16:10:26 mproxy dovecot: auth: Fatal: master: service(auth): child 1748 killed with signal 11 (core dumped) Still there in auto11 -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From aki.tuomi at dovecot.fi Thu Mar 23 10:00:47 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Thu, 23 Mar 2017 12:00:47 +0200 Subject: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) In-Reply-To: <20170323095954.7fvnjagfwck2hl4u@charite.de> References: <3vmzd23b7Nz6Z@mproxy.charite.de> <20170320150729.qwqa4w7nugyse2vf@charite.de> <20170320151625.GB14377@sys4.de> <20170323095954.7fvnjagfwck2hl4u@charite.de> Message-ID: On 23.03.2017 11:59, Ralf Hildebrandt wrote: > * Ralf Hildebrandt : > >> Mar 20 16:10:17 mproxy dovecot: master: Dovecot v2.2.devel (a39b5b2) starting up for imap >> Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) >> Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context >> Mar 20 16:10:26 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,): Disconnected from server >> Mar 20 16:10:26 mproxy dovecot: imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=1747, EOF) >> Mar 20 16:10:26 mproxy dovecot: auth: Fatal: master: service(auth): child 1748 killed with signal 11 (core dumped) > Still there in auto11 > Yes, we have not gotten round fixing it. Did you remove < from the path? Aki From Ralf.Hildebrandt at charite.de Thu Mar 23 10:04:43 2017 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Thu, 23 Mar 2017 11:04:43 +0100 Subject: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) In-Reply-To: References: <3vmzd23b7Nz6Z@mproxy.charite.de> <20170320150729.qwqa4w7nugyse2vf@charite.de> <20170320151625.GB14377@sys4.de> <20170323095954.7fvnjagfwck2hl4u@charite.de> Message-ID: <20170323100443.mhecicwjay7gggfe@charite.de> * Aki Tuomi : > > Still there in auto11 > > > Yes, we have not gotten round fixing it. Did you remove < from the path? Of course :) -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From mail at tomsommer.dk Thu Mar 23 10:58:43 2017 From: mail at tomsommer.dk (Tom Sommer) Date: Thu, 23 Mar 2017 11:58:43 +0100 Subject: dsync with namespaces Message-ID: I have a major dsync headache which I am hoping someone can help me with. I have to migrate mails from a 'namespace/inbox/prefix=INBOX.' server to a 'namespace/inbox/prefix=' server. So I'm trying # dsync -o 'namespace/inbox/prefix=' sync -1 -f -u xx at xx.com tcp:1.2.3.4 It works fine for some accounts, however for others many hundreds and sometimes thousands of mails go missing from the destination inbox, and a resync doesn't pick them up. The debug output doesn't recognize these either. If I remove the 'namespace/inbox/prefix=' part, then I get 'Error: Couldn't find namespace for mailbox X' errors. Both source and destination is running 2.2.27 I can't imapsync :S Thanks. -- Tom From moseleymark at gmail.com Thu Mar 23 23:21:48 2017 From: moseleymark at gmail.com (Mark Moseley) Date: Thu, 23 Mar 2017 16:21:48 -0700 Subject: "Connection queue full" error Message-ID: Just a quickie: why is "Connection queue full" logged under Info, instead of something like error? Or at least have the word 'error' in it? Seems like a pretty error-ish thing to happen. Anything that causes the connection to fail from the server side should show up in a grep -i for error. I.e. I don't care about clients failing to match up SSL cipher suites; that's fine as Info (SSL errors ironically do have 'error' in them, though I assume that's coming from the ssl libs). But the server dropping connections due to running out of available daemons (and any other "server isn't working right" conditions) is definitely worthy of Error. From dmiller at amfes.com Fri Mar 24 01:46:55 2017 From: dmiller at amfes.com (Daniel Miller) Date: Thu, 23 Mar 2017 18:46:55 -0700 Subject: replicator crashing - oom In-Reply-To: <065cb11b-4eeb-64b0-ac76-1de4d1106518@dovecot.fi> References: <9cc506dc-7422-ab5f-ed5e-a91ef663b812@dovecot.fi> <065cb11b-4eeb-64b0-ac76-1de4d1106518@dovecot.fi> Message-ID: Sorry for the re-post - just want to make sure you saw this: #0 0x00007fddaf597c37 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007fddaf59b028 in __GI_abort () at abort.c:89 #2 0x00007fddaf9c0c86 in default_fatal_finish (type=, status=status at entry=0) at failures.c:201 #3 0x00007fddaf9c0d6e in i_internal_fatal_handler (ctx=0x7fff7197d000, format=, args=) at failures.c:670 #4 0x00007fddaf958322 in i_panic (format=format at entry=0x7fddafa047b8 "data stack: Out of memory when allocating %lu bytes") at failures.c:275 #5 0x00007fddaf9bee3f in mem_block_alloc (min_size=536870912) at data-stack.c:341 #6 0x00007fddaf9bf08b in t_malloc_real (size=size at entry=536870912, permanent=permanent at entry=true) at data-stack.c:396 #7 0x00007fddaf9bf0ca in t_malloc (size=size at entry=536870912) at data-stack.c:442 #8 0x00007fddaf9da5f8 in pool_data_stack_realloc (pool=, mem=0x7fdd99f59038, old_size=268435449, new_size=536870912) at mempool-datastack.c:126 #9 0x00007fddaf9bcc42 in p_realloc (new_size=, old_size=, mem=, pool=) at mempool.h:88 #10 buffer_alloc (buf=buf at entry=0xf849a8, size=536870912) at buffer.c:36 #11 0x00007fddaf9bcfb4 in buffer_check_limits (data_size=32, pos=268435424, buf=0xf849a8) at buffer.c:75 #12 buffer_write (_buf=0xf849a8, pos=268435424, data=0xfa0420, data_size=32) at buffer.c:187 #13 0x000000000040519b in array_append_i (count=1, data=0xfa0420, array=) at ../../../src/lib/array.h:168 #14 replicator_queue_handle_sync_lookups (user=0xfa3fc0, queue=0xf92260) at replicator-queue.c:278 ---Type to continue, or q to quit--- #15 replicator_queue_push (queue=0xf92260, user=0xfa3fc0) at replicator-queue.c:296 #16 0x00000000004049c2 in dsync_callback (reply=DSYNC_REPLY_OK, state=0xf84590 "AQAAAHX+sC3O3gNSjAoAAOEwx0RQoclMAwAAAAQ", 'A' , "DAAAAEu2cNfSIZk0oMgAAO8QcX0yhyUwDAAAAlg", 'A' , "IAAADFjqMEUPIEU+IlAACdtazLUaHJTAcAAAAI", 'A' , "BwAAAEfYPTqXct9VYRMAAJ21"..., context=0xfa1560) at replicator-brain.c:121 #17 0x00000000004040a8 in dsync_callback (client=0xfa14a0, state=, reply=DSYNC_REPLY_OK) at dsync-client.c:65 #18 0x0000000000404275 in dsync_input_line (line=0xf84988 "+", client=0xfa14a0) at dsync-client.c:132 #19 dsync_input (client=0xfa14a0) at dsync-client.c:153 #20 0x00007fddaf9d47d2 in io_loop_call_io (io=0xfa15a0) at ioloop.c:599 #21 0x00007fddaf9d5d17 in io_loop_handler_run_internal (ioloop=ioloop at entry=0xf8c720) at ioloop-epoll.c:223 #22 0x00007fddaf9d486c in io_loop_handler_run (ioloop=ioloop at entry=0xf8c720) at ioloop.c:648 #23 0x00007fddaf9d4a28 in io_loop_run (ioloop=0xf8c720) at ioloop.c:623 #24 0x00007fddaf961fc3 in master_service_run (service=0xf8c5c0, callback=callback at entry=0x404720 ) at master-service.c:641 #25 0x000000000040342a in main (argc=1, argv=0xf8c390) at replicator.c:112 Daniel On 3/23/2017 12:17 AM, Aki Tuomi wrote: > sysctl kernel.core_pattern usually indicates where cores are placed. If > it says 'core' you are probably not gonna find it. > > Aki > > > On 22.03.2017 18:11, Daniel Miller wrote: >> Where would I find the core file? I'm not finding anything obvious. >> >> The replicator path is /usr/local/libexec/dovecot/replicator >> >> Daniel >> >> On 3/22/2017 12:52 AM, Aki Tuomi wrote: >>> Can you provide us gdb bt full dump? >>> >>> gdb /usr/libexec/dovecot/replicator /path/to/core >>> >>> on some systems, it's /usr/lib/dovecot/replicator >>> >>> Aki >>> >>> On 21.03.2017 23:48, Daniel Miller wrote: >>>> I have the following in my log: >>>> >>>> Mar 21 14:46:59 bubba dovecot: replicator: Panic: data stack: Out of >>>> memory when allocating 1073741864 bytes >>>> Mar 21 14:46:59 bubba dovecot: replicator: Error: Raw backtrace: >>>> /usr/local/lib/dovecot/libdovecot.so.0(+0x97c90) [0x7f4638a7cc90] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(+0x97d6e) [0x7f4638a7cd6e] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4638a14322] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(+0x95e3f) [0x7f4638a7ae3f] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(+0x9608b) [0x7f4638a7b08b] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(+0xb15f8) [0x7f4638a965f8] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(+0x93c42) [0x7f4638a78c42] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(buffer_write+0x74) >>>> [0x7f4638a78fb4] -> dovecot/replicator(replicator_queue_push+0x13b) >>>> [0x40519b] -> dovecot/replicator() [0x4049c2] -> dovecot/replicator() >>>> [0x4040a8] -> dovecot/replicator() [0x404275] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x52) >>>> [0x7f4638a907d2] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xe7) >>>> >>>> [0x7f4638a91d17] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x3c) >>>> [0x7f4638a9086c] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) >>>> [0x7f4638a90a28] -> >>>> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) >>>> [0x7f4638a1dfc3] -> dovecot/replicator(main+0x17a) [0x40342a] -> >>>> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) >>>> [0x7f4638640ec5] -> dovecot/replicator() [0x4034c5] >>>> Mar 21 14:47:00 bubba dovecot: replicator: Fatal: master: >>>> service(replicator): child 15650 killed with signal 6 (core dumped) >>>> From dmiller at amfes.com Fri Mar 24 03:24:06 2017 From: dmiller at amfes.com (Daniel Miller) Date: Thu, 23 Mar 2017 20:24:06 -0700 Subject: FTS on shared/virtual folders Message-ID: A question on how FTS is implemented with regards to shared & virtual mailbox. In particular - with Solr. Does Dovecot treat each shared and virtual mailbox as completely independent - which means Solr would reindex each appearance independently? If that's the case, has any thought been given to potentially identifying such queries and passing them to Solr against the "native" or private mailboxes that are referenced? -- Daniel From wogri at wogri.com Fri Mar 24 07:50:44 2017 From: wogri at wogri.com (Wolfgang Hennerbichler) Date: Fri, 24 Mar 2017 08:50:44 +0100 Subject: One way dsync replication with dsync -R In-Reply-To: <00f901d2a35f$dc7b1480$95713d80$@robarchibald.com> References: <940B4C4E-20B1-44D7-96C8-8B74DB30814F@wogri.com> <00f701d2a35f$51cb3c20$f561b460$@robarchibald.com> <00f901d2a35f$dc7b1480$95713d80$@robarchibald.com> Message-ID: <2DA98F5C-5D10-44C7-9191-65D0C3952AFD@wogri.com> Rob, Unfortunately I don?t think the director will solve this problem. I have a director in front of my setup and it is configured to point every client to one server. It didn?t change anything in its behavior. I also have a setup without a director where the clients are only allowed to talk to one host (DNS entries control this) - same thing. Wolfgang > On Mar 22, 2017, at 23:58, Rob Archibald wrote: > > Ugh, sorry for the formatting. Not sure what happened when it sent through the list. Trying again > > Blessings, > Rob Archibald > CTO, EndFirst LLC > rob at robarchibald.com > > > -----Original Message----- > From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Rob Archibald > Sent: Wednesday, March 22, 2017 3:55 PM > To: 'Wolfgang Hennerbichler'; dovecot at dovecot.org > Subject: RE: One way dsync replication with dsync -R > > I'm using dsync successfully to keep two nodes synchronized, but I have the same problems as you. When I first set it up, I purposely had my phone connected to one node and my desktop connected to the other node. This allowed me to watch for the very issues you're referring to. I ran into them enough that I quit using it that way. But, what I also found was that it was just a timing issue. If they weren't synchronized, I could wait a bit and they would get synched up. Obviously that doesn't work too great if you're sending clients to both nodes through a load balancer though. But, since it was just a timing issue, it also made me feel plenty comfortable using 2-way sync. I've been able to verify that whichever node is the "master" that the other node will be in sync soon thereafter. It just doesn't work great if you're logged into both at the same time. > > How does that help you may ask? Well, my plan is to setup Dovecot Director on each of my node pairs to enable load balancing that way instead of through some other load balancer. Director should ensure that all clients of a single user will be directed to the same node. Since I haven't set that up yet, I can't guarantee it'll work, but based on my testing and reading, I think it should be fine. > > The benefits I'm expecting are: > 1. Redundant and reliable storage with data always in 2 places at once > > 2. All devices of a single user always go to the same server so that there is no risk of synchronization delays between devices > > 3. Local storage connections for Dovecot so hopefully a lot fewer index corruption issues compared to NFS > > 4. Redundant compute nodes so if one server goes down, clients can still connect > > > At a high level, my complete setup that I'm building is to 1. Shard users into separate server pairs using Dovecot Proxy, 2. Load-balance them within the server pair using Dovecot Director. Hopefully my attempt to explain will come out well in ASCII: > > Server sharding (however many pairs needed to support users. 4 users each obviously only for illustration purposes) ========================= > > Server pair 1 (servers A & B) Users 1-4 > > Server pair 2 (servers C & D) Users 5-8 > > User connections > ============= > User 1 device 1 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server A > > User 2 device 1 ---> Load balancer ---> Dovecot proxy B ---> Send to Server A running Director ---> Connect on Server B > > User 5 device 1 ---> Load balancer ---> Dovecot proxy C ---> Send to Server C running Director ---> Connect on Server C > > User 1 device 2 ---> Load balancer ---> Dovecot proxy D ---> Send to Server A running Director ---> Connect on Server A > > User 7 device 1 ---> Load balancer ---> Dovecot proxy A ---> Send to Server C running Director ---> Connect on Server D > > User 6 device 1 ---> Load balancer ---> Dovecot proxy B ---> Send to Server C running Director ---> Connect on Server C > > User 3 device 1 ---> Load balancer ---> Dovecot proxy C ---> Send to Server A running Director ---> Connect on Server B > > User 8 device 1 ---> Load balancer ---> Dovecot proxy D ---> Send to Server C running Director ---> Connect on Server D > > User 3 device 2 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server B > > User 5 device 3 ---> Load balancer ---> Dovecot proxy B ---> Send to Server C running Director ---> Connect on Server C > > User 5 device 2 ---> Load balancer ---> Dovecot proxy C ---> Send to Server C running Director ---> Connect on Server C > > User 4 device 1 ---> Load balancer ---> Dovecot proxy D ---> Send to Server A running Director ---> Connect on Server A > > User 5 device 4 ---> Load balancer ---> Dovecot proxy A ---> Send to Server C running Director ---> Connect on Server C > > User 1 device 3 ---> Load balancer ---> Dovecot proxy B ---> Send to Server A running Director ---> Connect on Server A > > User 1 device 4 ---> Load balancer ---> Dovecot proxy C ---> Send to Server A running Director ---> Connect on Server A > > User 6 device 2 ---> Load balancer ---> Dovecot proxy D ---> Send to Server C running Director ---> Connect on Server C > > User 2 device 2 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server B > > Results > =========== > User 1, 4 - Server A > User 2, 3 - Server B > User 5, 6 - Server C > User 7, 8 - Server D > > I would love to hear if others have gotten something like this working. > > Blessings, > Rob Archibald > CTO, EndFirst LLC > rob at robarchibald.com > > -----Original Message----- > From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Wolfgang Hennerbichler > Sent: Wednesday, March 22, 2017 2:11 PM > To: dovecot at dovecot.org > Subject: One way dsync replication with dsync -R > > Hi dovecot users, > > I?ve found the -R parameter for dsync. Does this enable one-way syncing if enabled on the slave in replication_dsync_parameters? The documentation doesn?t mention much what happens if I enable this on the ?replciation slave?. > > Before you ask: Two way synchronisation causes issues in my installation (see the unanswered thread here: http://www.dovecot.org/list/dovecot/2017-March/107431.html), it causes unread, deleted messages to re-appear. I would hope that one-way synchronisation would avoid this, but I?d also like to know if the -R parameter is safe to use. > I am also still wondering if anybody has a perfectly working 2-way-synchronised dovecot installation (and I?m interested in your dovecot -n). > > wogri From rob at robarchibald.com Fri Mar 24 08:43:56 2017 From: rob at robarchibald.com (Rob Archibald) Date: Fri, 24 Mar 2017 01:43:56 -0700 Subject: One way dsync replication with dsync -R In-Reply-To: <2DA98F5C-5D10-44C7-9191-65D0C3952AFD@wogri.com> References: <940B4C4E-20B1-44D7-96C8-8B74DB30814F@wogri.com> <00f701d2a35f$51cb3c20$f561b460$@robarchibald.com> <00f901d2a35f$dc7b1480$95713d80$@robarchibald.com> <2DA98F5C-5D10-44C7-9191-65D0C3952AFD@wogri.com> Message-ID: So, even with a particular user only connecting to one node in the pair, you still see the issue? I'm not seeing that in my setup. I only see it when concurrently connecting the same user to two different nodes in the pair. Blessings, Rob Archibald CTO, EndFirst LLC rob at robarchibald.com > On Mar 24, 2017, at 12:50 AM, Wolfgang Hennerbichler wrote: > > Rob, > > Unfortunately I don?t think the director will solve this problem. I have a director in front of my setup and it is configured to point every client to one server. It didn?t change anything in its behavior. > I also have a setup without a director where the clients are only allowed to talk to one host (DNS entries control this) - same thing. > > Wolfgang > >> On Mar 22, 2017, at 23:58, Rob Archibald wrote: >> >> Ugh, sorry for the formatting. Not sure what happened when it sent through the list. Trying again >> >> Blessings, >> Rob Archibald >> CTO, EndFirst LLC >> rob at robarchibald.com >> >> >> -----Original Message----- >> From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Rob Archibald >> Sent: Wednesday, March 22, 2017 3:55 PM >> To: 'Wolfgang Hennerbichler'; dovecot at dovecot.org >> Subject: RE: One way dsync replication with dsync -R >> >> I'm using dsync successfully to keep two nodes synchronized, but I have the same problems as you. When I first set it up, I purposely had my phone connected to one node and my desktop connected to the other node. This allowed me to watch for the very issues you're referring to. I ran into them enough that I quit using it that way. But, what I also found was that it was just a timing issue. If they weren't synchronized, I could wait a bit and they would get synched up. Obviously that doesn't work too great if you're sending clients to both nodes through a load balancer though. But, since it was just a timing issue, it also made me feel plenty comfortable using 2-way sync. I've been able to verify that whichever node is the "master" that the other node will be in sync soon thereafter. It just doesn't work great if you're logged into both at the same time. >> >> How does that help you may ask? Well, my plan is to setup Dovecot Director on each of my node pairs to enable load balancing that way instead of through some other load balancer. Director should ensure that all clients of a single user will be directed to the same node. Since I haven't set that up yet, I can't guarantee it'll work, but based on my testing and reading, I think it should be fine. >> >> The benefits I'm expecting are: >> 1. Redundant and reliable storage with data always in 2 places at once >> >> 2. All devices of a single user always go to the same server so that there is no risk of synchronization delays between devices >> >> 3. Local storage connections for Dovecot so hopefully a lot fewer index corruption issues compared to NFS >> >> 4. Redundant compute nodes so if one server goes down, clients can still connect >> >> >> At a high level, my complete setup that I'm building is to 1. Shard users into separate server pairs using Dovecot Proxy, 2. Load-balance them within the server pair using Dovecot Director. Hopefully my attempt to explain will come out well in ASCII: >> >> Server sharding (however many pairs needed to support users. 4 users each obviously only for illustration purposes) ========================= >> >> Server pair 1 (servers A & B) Users 1-4 >> >> Server pair 2 (servers C & D) Users 5-8 >> >> User connections >> ============= >> User 1 device 1 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server A >> >> User 2 device 1 ---> Load balancer ---> Dovecot proxy B ---> Send to Server A running Director ---> Connect on Server B >> >> User 5 device 1 ---> Load balancer ---> Dovecot proxy C ---> Send to Server C running Director ---> Connect on Server C >> >> User 1 device 2 ---> Load balancer ---> Dovecot proxy D ---> Send to Server A running Director ---> Connect on Server A >> >> User 7 device 1 ---> Load balancer ---> Dovecot proxy A ---> Send to Server C running Director ---> Connect on Server D >> >> User 6 device 1 ---> Load balancer ---> Dovecot proxy B ---> Send to Server C running Director ---> Connect on Server C >> >> User 3 device 1 ---> Load balancer ---> Dovecot proxy C ---> Send to Server A running Director ---> Connect on Server B >> >> User 8 device 1 ---> Load balancer ---> Dovecot proxy D ---> Send to Server C running Director ---> Connect on Server D >> >> User 3 device 2 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server B >> >> User 5 device 3 ---> Load balancer ---> Dovecot proxy B ---> Send to Server C running Director ---> Connect on Server C >> >> User 5 device 2 ---> Load balancer ---> Dovecot proxy C ---> Send to Server C running Director ---> Connect on Server C >> >> User 4 device 1 ---> Load balancer ---> Dovecot proxy D ---> Send to Server A running Director ---> Connect on Server A >> >> User 5 device 4 ---> Load balancer ---> Dovecot proxy A ---> Send to Server C running Director ---> Connect on Server C >> >> User 1 device 3 ---> Load balancer ---> Dovecot proxy B ---> Send to Server A running Director ---> Connect on Server A >> >> User 1 device 4 ---> Load balancer ---> Dovecot proxy C ---> Send to Server A running Director ---> Connect on Server A >> >> User 6 device 2 ---> Load balancer ---> Dovecot proxy D ---> Send to Server C running Director ---> Connect on Server C >> >> User 2 device 2 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server B >> >> Results >> =========== >> User 1, 4 - Server A >> User 2, 3 - Server B >> User 5, 6 - Server C >> User 7, 8 - Server D >> >> I would love to hear if others have gotten something like this working. >> >> Blessings, >> Rob Archibald >> CTO, EndFirst LLC >> rob at robarchibald.com >> >> -----Original Message----- >> From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Wolfgang Hennerbichler >> Sent: Wednesday, March 22, 2017 2:11 PM >> To: dovecot at dovecot.org >> Subject: One way dsync replication with dsync -R >> >> Hi dovecot users, >> >> I?ve found the -R parameter for dsync. Does this enable one-way syncing if enabled on the slave in replication_dsync_parameters? The documentation doesn?t mention much what happens if I enable this on the ?replciation slave?. >> >> Before you ask: Two way synchronisation causes issues in my installation (see the unanswered thread here: http://www.dovecot.org/list/dovecot/2017-March/107431.html), it causes unread, deleted messages to re-appear. I would hope that one-way synchronisation would avoid this, but I?d also like to know if the -R parameter is safe to use. >> I am also still wondering if anybody has a perfectly working 2-way-synchronised dovecot installation (and I?m interested in your dovecot -n). >> >> wogri From wogri at wogri.com Fri Mar 24 08:45:47 2017 From: wogri at wogri.com (Wolfgang Hennerbichler) Date: Fri, 24 Mar 2017 09:45:47 +0100 Subject: One way dsync replication with dsync -R In-Reply-To: References: <940B4C4E-20B1-44D7-96C8-8B74DB30814F@wogri.com> <00f701d2a35f$51cb3c20$f561b460$@robarchibald.com> <00f901d2a35f$dc7b1480$95713d80$@robarchibald.com> <2DA98F5C-5D10-44C7-9191-65D0C3952AFD@wogri.com> Message-ID: <11F46817-5D39-4493-8FB8-A36B40661E34@wogri.com> Correct. Even with only connecting to one node I see the issue. Interesting, are you willing to share your dovecot -n output? > On Mar 24, 2017, at 09:43, Rob Archibald wrote: > > So, even with a particular user only connecting to one node in the pair, you still see the issue? I'm not seeing that in my setup. I only see it when concurrently connecting the same user to two different nodes in the pair. > > Blessings, > Rob Archibald > CTO, EndFirst LLC > rob at robarchibald.com > >> On Mar 24, 2017, at 12:50 AM, Wolfgang Hennerbichler wrote: >> >> Rob, >> >> Unfortunately I don?t think the director will solve this problem. I have a director in front of my setup and it is configured to point every client to one server. It didn?t change anything in its behavior. >> I also have a setup without a director where the clients are only allowed to talk to one host (DNS entries control this) - same thing. >> >> Wolfgang >> >>> On Mar 22, 2017, at 23:58, Rob Archibald wrote: >>> >>> Ugh, sorry for the formatting. Not sure what happened when it sent through the list. Trying again >>> >>> Blessings, >>> Rob Archibald >>> CTO, EndFirst LLC >>> rob at robarchibald.com >>> >>> >>> -----Original Message----- >>> From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Rob Archibald >>> Sent: Wednesday, March 22, 2017 3:55 PM >>> To: 'Wolfgang Hennerbichler'; dovecot at dovecot.org >>> Subject: RE: One way dsync replication with dsync -R >>> >>> I'm using dsync successfully to keep two nodes synchronized, but I have the same problems as you. When I first set it up, I purposely had my phone connected to one node and my desktop connected to the other node. This allowed me to watch for the very issues you're referring to. I ran into them enough that I quit using it that way. But, what I also found was that it was just a timing issue. If they weren't synchronized, I could wait a bit and they would get synched up. Obviously that doesn't work too great if you're sending clients to both nodes through a load balancer though. But, since it was just a timing issue, it also made me feel plenty comfortable using 2-way sync. I've been able to verify that whichever node is the "master" that the other node will be in sync soon thereafter. It just doesn't work great if you're logged into both at the same time. >>> >>> How does that help you may ask? Well, my plan is to setup Dovecot Director on each of my node pairs to enable load balancing that way instead of through some other load balancer. Director should ensure that all clients of a single user will be directed to the same node. Since I haven't set that up yet, I can't guarantee it'll work, but based on my testing and reading, I think it should be fine. >>> >>> The benefits I'm expecting are: >>> 1. Redundant and reliable storage with data always in 2 places at once >>> >>> 2. All devices of a single user always go to the same server so that there is no risk of synchronization delays between devices >>> >>> 3. Local storage connections for Dovecot so hopefully a lot fewer index corruption issues compared to NFS >>> >>> 4. Redundant compute nodes so if one server goes down, clients can still connect >>> >>> >>> At a high level, my complete setup that I'm building is to 1. Shard users into separate server pairs using Dovecot Proxy, 2. Load-balance them within the server pair using Dovecot Director. Hopefully my attempt to explain will come out well in ASCII: >>> >>> Server sharding (however many pairs needed to support users. 4 users each obviously only for illustration purposes) ========================= >>> >>> Server pair 1 (servers A & B) Users 1-4 >>> >>> Server pair 2 (servers C & D) Users 5-8 >>> >>> User connections >>> ============= >>> User 1 device 1 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server A >>> >>> User 2 device 1 ---> Load balancer ---> Dovecot proxy B ---> Send to Server A running Director ---> Connect on Server B >>> >>> User 5 device 1 ---> Load balancer ---> Dovecot proxy C ---> Send to Server C running Director ---> Connect on Server C >>> >>> User 1 device 2 ---> Load balancer ---> Dovecot proxy D ---> Send to Server A running Director ---> Connect on Server A >>> >>> User 7 device 1 ---> Load balancer ---> Dovecot proxy A ---> Send to Server C running Director ---> Connect on Server D >>> >>> User 6 device 1 ---> Load balancer ---> Dovecot proxy B ---> Send to Server C running Director ---> Connect on Server C >>> >>> User 3 device 1 ---> Load balancer ---> Dovecot proxy C ---> Send to Server A running Director ---> Connect on Server B >>> >>> User 8 device 1 ---> Load balancer ---> Dovecot proxy D ---> Send to Server C running Director ---> Connect on Server D >>> >>> User 3 device 2 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server B >>> >>> User 5 device 3 ---> Load balancer ---> Dovecot proxy B ---> Send to Server C running Director ---> Connect on Server C >>> >>> User 5 device 2 ---> Load balancer ---> Dovecot proxy C ---> Send to Server C running Director ---> Connect on Server C >>> >>> User 4 device 1 ---> Load balancer ---> Dovecot proxy D ---> Send to Server A running Director ---> Connect on Server A >>> >>> User 5 device 4 ---> Load balancer ---> Dovecot proxy A ---> Send to Server C running Director ---> Connect on Server C >>> >>> User 1 device 3 ---> Load balancer ---> Dovecot proxy B ---> Send to Server A running Director ---> Connect on Server A >>> >>> User 1 device 4 ---> Load balancer ---> Dovecot proxy C ---> Send to Server A running Director ---> Connect on Server A >>> >>> User 6 device 2 ---> Load balancer ---> Dovecot proxy D ---> Send to Server C running Director ---> Connect on Server C >>> >>> User 2 device 2 ---> Load balancer ---> Dovecot proxy A ---> Send to Server A running Director ---> Connect on Server B >>> >>> Results >>> =========== >>> User 1, 4 - Server A >>> User 2, 3 - Server B >>> User 5, 6 - Server C >>> User 7, 8 - Server D >>> >>> I would love to hear if others have gotten something like this working. >>> >>> Blessings, >>> Rob Archibald >>> CTO, EndFirst LLC >>> rob at robarchibald.com >>> >>> -----Original Message----- >>> From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Wolfgang Hennerbichler >>> Sent: Wednesday, March 22, 2017 2:11 PM >>> To: dovecot at dovecot.org >>> Subject: One way dsync replication with dsync -R >>> >>> Hi dovecot users, >>> >>> I?ve found the -R parameter for dsync. Does this enable one-way syncing if enabled on the slave in replication_dsync_parameters? The documentation doesn?t mention much what happens if I enable this on the ?replciation slave?. >>> >>> Before you ask: Two way synchronisation causes issues in my installation (see the unanswered thread here: http://www.dovecot.org/list/dovecot/2017-March/107431.html), it causes unread, deleted messages to re-appear. I would hope that one-way synchronisation would avoid this, but I?d also like to know if the -R parameter is safe to use. >>> I am also still wondering if anybody has a perfectly working 2-way-synchronised dovecot installation (and I?m interested in your dovecot -n). >>> >>> wogri > From tss at iki.fi Fri Mar 24 13:52:07 2017 From: tss at iki.fi (Timo Sirainen) Date: Fri, 24 Mar 2017 15:52:07 +0200 Subject: replicator crashing - oom In-Reply-To: References: <9cc506dc-7422-ab5f-ed5e-a91ef663b812@dovecot.fi> <065cb11b-4eeb-64b0-ac76-1de4d1106518@dovecot.fi> Message-ID: <378BFA4C-37CD-4220-B98B-E53DF20EA584@iki.fi> On 24 Mar 2017, at 3.46, Daniel Miller wrote: > > #14 replicator_queue_handle_sync_lookups (user=0xfa3fc0, queue=0xf92260) at replicator-queue.c:278 Oh, you're using synchronous replication (replication_sync_timeout setting). I don't think it's been tested much. From me at christoph-kluge.eu Fri Mar 24 13:56:33 2017 From: me at christoph-kluge.eu (Christoph Kluge) Date: Fri, 24 Mar 2017 14:56:33 +0100 Subject: replicator crashing - oom In-Reply-To: <378BFA4C-37CD-4220-B98B-E53DF20EA584@iki.fi> References: <9cc506dc-7422-ab5f-ed5e-a91ef663b812@dovecot.fi> <065cb11b-4eeb-64b0-ac76-1de4d1106518@dovecot.fi> <378BFA4C-37CD-4220-B98B-E53DF20EA584@iki.fi> Message-ID: > > Oh, you're using synchronous replication (replication_sync_timeout > setting). I don't think it's been tested much. FYI: This happens to me also when activating synchronous replication. Receiving the same oom error-message. On Fri, Mar 24, 2017 at 2:52 PM, Timo Sirainen wrote: > On 24 Mar 2017, at 3.46, Daniel Miller wrote: > > > > #14 replicator_queue_handle_sync_lookups (user=0xfa3fc0, > queue=0xf92260) at replicator-queue.c:278 > > Oh, you're using synchronous replication (replication_sync_timeout > setting). I don't think it's been tested much. > From dmiller at amfes.com Fri Mar 24 18:42:41 2017 From: dmiller at amfes.com (Daniel Miller) Date: Fri, 24 Mar 2017 11:42:41 -0700 Subject: replicator crashing - oom In-Reply-To: <378BFA4C-37CD-4220-B98B-E53DF20EA584@iki.fi> References: <9cc506dc-7422-ab5f-ed5e-a91ef663b812@dovecot.fi> <065cb11b-4eeb-64b0-ac76-1de4d1106518@dovecot.fi> <378BFA4C-37CD-4220-B98B-E53DF20EA584@iki.fi> Message-ID: On 3/24/2017 6:52 AM, Timo Sirainen wrote: > On 24 Mar 2017, at 3.46, Daniel Miller wrote: >> #14 replicator_queue_handle_sync_lookups (user=0xfa3fc0, queue=0xf92260) at replicator-queue.c:278 > Oh, you're using synchronous replication (replication_sync_timeout setting). I don't think it's been tested much. > Oh, that makes me feel so much better ;). Ok...didn't realize I was breaking new ground here... I turned that setting on because I thought it would decrease the warnings about timeouts. Allright...let's see what turning it off does... Daniel From sb at dod.no Sat Mar 25 15:54:53 2017 From: sb at dod.no (Steinar Bang) Date: Sat, 25 Mar 2017 16:54:53 +0100 Subject: Tip: update dovecot MD5 password from PAM Message-ID: This is a PAM module that listens for password changes, and will update the MD5 password for a user, in a file that dovecot can read, when the user's password is changed: https://github.com/steinarb/pam_dovecotmd5pwd Caveat emptor! (Works for me...! :-) ) From aki.tuomi at dovecot.fi Sat Mar 25 18:08:24 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Sat, 25 Mar 2017 20:08:24 +0200 Subject: Tip: update dovecot MD5 password from PAM In-Reply-To: References: Message-ID: On 2017-03-25 17:54, Steinar Bang wrote: > This is a PAM module that listens for password changes, and will update > the MD5 password for a user, in a file that dovecot can read, when the > user's password is changed: > https://github.com/steinarb/pam_dovecotmd5pwd > > Caveat emptor! (Works for me...! :-) ) Maybe you could update the PAM module to upgrade user's passwords to something safer than MD5? Like SSHA515 or CRYPT-SHA512? =) Aki From sb at dod.no Sun Mar 26 11:24:12 2017 From: sb at dod.no (Steinar Bang) Date: Sun, 26 Mar 2017 13:24:12 +0200 Subject: Tip: update dovecot MD5 password from PAM References: Message-ID: >>>>> Aki Tuomi : > On 2017-03-25 17:54, Steinar Bang wrote: >> This is a PAM module that listens for password changes, and will update >> the MD5 password for a user, in a file that dovecot can read, when the >> user's password is changed: >> https://github.com/steinarb/pam_dovecotmd5pwd >> >> Caveat emptor! (Works for me...! :-) ) > Maybe you could update the PAM module to upgrade user's passwords to > something safer than MD5? Like SSHA515 or CRYPT-SHA512? =) Is it possible to do CRAM[1] with any of these encryption methods? And, if so: are these encryption methods widely supported by clients? The essential part for me was to have something widely supported by clients, where the password isn't transferred over the wire as part of the authentication The last time I looked cram-md5 was the only candidate for not transferring the password in cleartext during authentication (and with dovecot cram-md5 requires a special passwd file, which is why I wrote this pam module in the first place). References: [1] From aki.tuomi at dovecot.fi Sun Mar 26 15:59:05 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Sun, 26 Mar 2017 18:59:05 +0300 (EEST) Subject: Tip: update dovecot MD5 password from PAM In-Reply-To: References: Message-ID: <746285760.1304.1490543946130@appsuite-dev.open-xchange.com> > On March 26, 2017 at 2:24 PM Steinar Bang wrote: > > > >>>>> Aki Tuomi : > > > On 2017-03-25 17:54, Steinar Bang wrote: > >> This is a PAM module that listens for password changes, and will update > >> the MD5 password for a user, in a file that dovecot can read, when the > >> user's password is changed: > >> https://github.com/steinarb/pam_dovecotmd5pwd > >> > >> Caveat emptor! (Works for me...! :-) ) > > > Maybe you could update the PAM module to upgrade user's passwords to > > something safer than MD5? Like SSHA515 or CRYPT-SHA512? =) > > Is it possible to do CRAM[1] with any of these encryption methods? > And, if so: are these encryption methods widely supported by clients? > > The essential part for me was to have something widely supported by > clients, where the password isn't transferred over the wire as part of > the authentication > > The last time I looked cram-md5 was the only candidate for not > transferring the password in cleartext during authentication (and with > dovecot cram-md5 requires a special passwd file, which is why I wrote > this pam module in the first place). > > References: > [1] Is there some reason you cannot protect your users with TLS/SSL? Using CRAM-MD5 is not very secure option, since you have to store the password in clear text. Plain MD5 is almost plaintext these days. Aki From sb at dod.no Sun Mar 26 17:22:35 2017 From: sb at dod.no (Steinar Bang) Date: Sun, 26 Mar 2017 19:22:35 +0200 Subject: Tip: update dovecot MD5 password from PAM References: <746285760.1304.1490543946130@appsuite-dev.open-xchange.com> Message-ID: >>>>> Aki Tuomi : > Is there some reason you cannot protect your users with TLS/SSL? I do use SSL. I don't understand what that have to do with the preference of CRAM-MD5 over plain text auth? > Using CRAM-MD5 is not very secure option, since you have to store the > password in clear text. Plain MD5 is almost plaintext these days. I worry less about the security of a password stored in a local file compared to the security of transferring the same password in cleartext over the wire, SSL or not. As for alternatives, google found me SCRAM-SHA-1[1] which is supported by dovecot[2], but google couldn't find me any imap clients supporting it. Kerberos (also listed among the alternatives) would have been really neat, unfortunately private networks and NATing breaks things for Kerberos... maybe IPv6 will revitalize Kerberos...? One can hope. References: [1] [2] From ad+lists at uni-x.org Sun Mar 26 17:33:11 2017 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Sun, 26 Mar 2017 19:33:11 +0200 Subject: Tip: update dovecot MD5 password from PAM In-Reply-To: References: <746285760.1304.1490543946130@appsuite-dev.open-xchange.com> Message-ID: <889c578d-0ee1-50dc-2230-04fa4ab59eb8@uni-x.org> Am 26.03.2017 um 19:22 schrieb Steinar Bang: > I worry less about the security of a password stored in a local file > compared to the security of transferring the same password in cleartext > over the wire, SSL or not. A TLS secured communication ensures that authentication credentials aren't transmitted in plaintext, even if the SASL mechanism is PLAIN. So ensure that the certificates are validated and secure ciphers are used and you are on the safe side. Why would you discredit TLS/SSL? That's not rational. Basically it is bad practice to store credentials in plaintext on a server. Thus shared secret mechanism like CRAM-MD5 are not really a good choice. Alexander From ruga at protonmail.com Sun Mar 26 22:13:13 2017 From: ruga at protonmail.com (Ruga) Date: Sun, 26 Mar 2017 18:13:13 -0400 Subject: Tip: update dovecot MD5 password from PAM In-Reply-To: <746285760.1304.1490543946130@appsuite-dev.open-xchange.com> References: <746285760.1304.1490543946130@appsuite-dev.open-xchange.com> Message-ID: It is a jolly bad idea to use the same password for both email and system access. On TLS+plaintext, if your passwords are slurped by a python script, all accounts are compromised. Congratulations, the NSA will love you. On the other side of the ocean, however, there are European states where you must disclose the fact, or go to jail. (I tried to protect dovecot passwords with bcrypt, but the mail clients refused it.) Sent from ProtonMail Mobile From aki.tuomi at dovecot.fi Mon Mar 27 12:21:45 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Mon, 27 Mar 2017 15:21:45 +0300 Subject: Tip: update dovecot MD5 password from PAM In-Reply-To: References: <746285760.1304.1490543946130@appsuite-dev.open-xchange.com> Message-ID: <0b5dc6af-0caa-14d0-2d29-3b70471d5cff@dovecot.fi> On 27.03.2017 01:13, Ruga wrote: > It is a jolly bad idea to use the same password for both email and system access. > > On TLS+plaintext, if your passwords are slurped by a python script, all accounts are compromised. Congratulations, the NSA will love you. On the other side of the ocean, however, there are European states where you must disclose the fact, or go to jail. > > (I tried to protect dovecot passwords with bcrypt, but the mail clients refused it.) Uh, what? Mail clients do not see how you are storing passwords locally. > > Sent from ProtonMail Mobile Aki From km at bakdong.com Mon Mar 27 13:34:20 2017 From: km at bakdong.com (Kevin) Date: Mon, 27 Mar 2017 20:34:20 +0700 Subject: UID Purge? Message-ID: <58D914DC.7080405@bakdong.com> Hi, I've just migrated to Dovecot from cyrus-imapd, and I notice that when I move emails from one folder to another they appear to be automatically marked deleted (expected) and also purged (not expected). With cyrus, I am used to emails being marked deleted, but still existing until a manual purge (expunge). Is this normal behaviour with Dovecot, and is it configurable? Thanks. Kevin. From ruga at protonmail.com Mon Mar 27 20:10:43 2017 From: ruga at protonmail.com (Ruga) Date: Mon, 27 Mar 2017 16:10:43 -0400 Subject: Tip: update dovecot MD5 password from PAM In-Reply-To: <0b5dc6af-0caa-14d0-2d29-3b70471d5cff@dovecot.fi> References: <746285760.1304.1490543946130@appsuite-dev.open-xchange.com> <0b5dc6af-0caa-14d0-2d29-3b70471d5cff@dovecot.fi> Message-ID: Right. But that's what I experienced. The next experiment is sheduled in two weeks... I will keep notes and logs for you. Sent from ProtonMail Mobile On Mon, Mar 27, 2017 at 2:21 PM, Aki Tuomi wrote: On 27.03.2017 01:13, Ruga wrote: > It is a jolly bad idea to use the same password for both email and system access. > > On TLS+plaintext, if your passwords are slurped by a python script, all accounts are compromised. Congratulations, the NSA will love you. On the other side of the ocean, however, there are European states where you must disclose the fact, or go to jail. > > (I tried to protect dovecot passwords with bcrypt, but the mail clients refused it.) Uh, what? Mail clients do not see how you are storing passwords locally. > > Sent from ProtonMail Mobile Aki From aki.tuomi at dovecot.fi Tue Mar 28 06:01:40 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 28 Mar 2017 09:01:40 +0300 Subject: UID Purge? In-Reply-To: <58D914DC.7080405@bakdong.com> References: <58D914DC.7080405@bakdong.com> Message-ID: <01d14c3c-7e40-fadc-f872-7923c561c080@dovecot.fi> On 27.03.2017 16:34, Kevin wrote: > Hi, > > I've just migrated to Dovecot from cyrus-imapd, and I notice that when > I move emails from one folder to another they appear to be > automatically marked deleted (expected) and also purged (not > expected). With cyrus, I am used to emails being marked deleted, but > still existing until a manual purge (expunge). > > Is this normal behaviour with Dovecot, and is it configurable? > > Thanks. > > Kevin. Does this happen if you do this on wire? telnet localhost 143 a LOGIN username password s SELECT INBOX s STORE 1:1 FLAGS (\Deleted) # or some other message-set n NOOP l LOGOUT Aki From aki.tuomi at dovecot.fi Tue Mar 28 09:12:00 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 28 Mar 2017 12:12:00 +0300 Subject: UID Purge? In-Reply-To: <58DA1706.5090407@bakdong.com> References: <58D914DC.7080405@bakdong.com> <01d14c3c-7e40-fadc-f872-7923c561c080@dovecot.fi> <58DA1706.5090407@bakdong.com> Message-ID: On 28.03.2017 10:55, Kevin Myers wrote: >> Does this happen if you do this on wire? >> >> telnet localhost 143 >> a LOGIN username password >> s SELECT INBOX >> s STORE 1:1 FLAGS (\Deleted) # or some other message-set >> n NOOP >> l LOGOUT >> >> Aki > Good point. No. And if I just delete it in Thunderbird (my client) it > does as it's told and just marks it deleted. Maybe it's a > Thunderbird/Dovecot thing? you could try looking at https://wiki2.dovecot.org/Debugging/Rawlog to find out. Aki From km at bakdong.com Tue Mar 28 11:02:46 2017 From: km at bakdong.com (Kevin Myers) Date: Tue, 28 Mar 2017 18:02:46 +0700 Subject: UID Purge? In-Reply-To: References: Message-ID: <58DA42D6.4050402@bakdong.com> In the rawlog files I get a few lines of text 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NAMESPACE NOTIFY SPECIAL-USE COMPRESS=DEFLATE QUOTA] Logged in 2 OK Begin compression (0.000 + 0.000 secs). then a lot of binary. How do I read it? Kevin. From aki.tuomi at dovecot.fi Tue Mar 28 11:04:57 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 28 Mar 2017 14:04:57 +0300 Subject: UID Purge? In-Reply-To: <58DA42D6.4050402@bakdong.com> References: <58DA42D6.4050402@bakdong.com> Message-ID: <5e4f8cd9-349c-201e-5368-8e953b229aa9@dovecot.fi> On 28.03.2017 14:02, Kevin Myers wrote: > In the rawlog files I get a few lines of text > > 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT > CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC > ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE > NAMESPACE NOTIFY SPECIAL-USE COMPRESS=DEFLATE QUOTA] Logged in > 2 OK Begin compression (0.000 + 0.000 secs). > > then a lot of binary. How do I read it? > > Kevin. Maybe try zcat? Not sure. Aki From km at bakdong.com Tue Mar 28 11:46:40 2017 From: km at bakdong.com (Kevin) Date: Tue, 28 Mar 2017 18:46:40 +0700 Subject: UID Purge? In-Reply-To: <5e4f8cd9-349c-201e-5368-8e953b229aa9@dovecot.fi> References: <5e4f8cd9-349c-201e-5368-8e953b229aa9@dovecot.fi> Message-ID: <58DA4D20.4050509@bakdong.com> Ok, two answers: You read compressed dovecot.rawlogs using doveadm: # doveadm dump -t imapzlib 20170328-183150-8404.in 2 namespace 3 COMPRESS DEFLATE 4 ID ("name" "Thunderbird" "version" "38.7.2") 5 list (subscribed) "" "INBOX.*" return (special-use) 6 list "" "INBOX" 7 select "INBOX" 8 getquotaroot "INBOX" 9 UID fetch 1:* (FLAGS) 10 IDLE DONE 12 uid move 176 "INBOX.Archives.2017" 13 noop 14 getquotaroot "INBOX" 15 UID fetch 1:* (FLAGS) 16 IDLE DONE 17 logout and Thunderbird is making use of 'uid move'. Kevin. From aki.tuomi at dovecot.fi Tue Mar 28 11:49:39 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Tue, 28 Mar 2017 14:49:39 +0300 Subject: UID Purge? In-Reply-To: <58DA4D20.4050509@bakdong.com> References: <5e4f8cd9-349c-201e-5368-8e953b229aa9@dovecot.fi> <58DA4D20.4050509@bakdong.com> Message-ID: <9636391f-fd2c-7595-bc1b-55a907a0c9a2@dovecot.fi> On 28.03.2017 14:46, Kevin wrote: > Ok, two answers: > > You read compressed dovecot.rawlogs using doveadm: > > # doveadm dump -t imapzlib 20170328-183150-8404.in > 2 namespace > 3 COMPRESS DEFLATE > 4 ID ("name" "Thunderbird" "version" "38.7.2") > 5 list (subscribed) "" "INBOX.*" return (special-use) > 6 list "" "INBOX" > 7 select "INBOX" > 8 getquotaroot "INBOX" > 9 UID fetch 1:* (FLAGS) > 10 IDLE > DONE > 12 uid move 176 "INBOX.Archives.2017" > 13 noop > 14 getquotaroot "INBOX" > 15 UID fetch 1:* (FLAGS) > 16 IDLE > DONE > 17 logout > > and Thunderbird is making use of 'uid move'. > > Kevin. So mystery solved. Thank you reporting back on this. Aki From gerard.ranke at hku.nl Tue Mar 28 14:32:53 2017 From: gerard.ranke at hku.nl (Gerard Ranke) Date: Tue, 28 Mar 2017 16:32:53 +0200 Subject: cannot login to imap under load Message-ID: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> Dear list, We moved our dovecot installation to a new vm, and ever since there are problems logging in to our imap server during office hours. ( Evenings and weekends are fine. ) Both the new and the old machine are dovecot 2.2.13. Symptoms: Logging in via imap gives: . OK Pre-login capabilities listed, post-login capabilities have more. a login * OK Waiting for authentication master process to respond.. closed whereas using the same credentials with pop3: +OK Dovecot ready. user +OK pass +OK Logged in. Our mail.err log gives lots of: dovecot: imap-login: Error: master(imap): Auth request timed out (received 0/12 bytes) dovecot: imap: Error: Login client disconnected too early dovecot: auth: Error: Master request 24000.918 not found dovecot: master: Error: service(imap): fork() failed: Resource temporarily unavailable dovecot: master: Error: service(imap): command startup failed, throttling for 2 secs Note thate we our users almost exclusively use imap. Normally we would have some 7 or 800 imap processes running and only a few pop3. Our doveconf -n output: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 4.4.38-93-default x86_64 SUSE Linux Enterprise Server 12 (x86_64) auth_mechanisms = plain login default_client_limit = 2000 default_process_limit = 2000 default_vsz_limit = 512 M disable_plaintext_auth = no imap_client_workarounds = tb-extra-mailbox-sep import_environment = TZ DEBUG_OUTOFMEM DOVECOT_HOSTDOMAIN mail_location = maildir:~/Maildir mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = maildir:User quota quota_rule = *:storage=1G quota_rule2 = Trash:storage=+10%% sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve service anvil { client_limit = 8003 } service auth { client_limit = 10000 unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = dovecot mode = 0666 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 4 service_count = 0 } service imap { process_limit = 2048 } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } process_min_avail = 4 service_count = 0 } service pop3 { process_limit = 2048 } ssl_cert = Message-ID: <854458548.1737736.1490719801245@mail.yahoo.com> Hello dovecot, I would like to study how dovecot manages quota, especially how it deals with the maildirsize file if one chooses to implement quota according to the maildir++ specification. I made a number of assumptions : 1. mail is (always/sometimes) delivered with the dovecot-lda binary, which source code is in src/lda. 2. mail is sent with the mail_deliver function which is called from src/lda/main.c and is defined in src/lib-lda/mail-deliver.c 3. mail_deliver function calls the deliver_mail function (it seems to be pointer to a function) 4. according to src/lib-lda/mail-deliver.h, deliver_mail is set with the mail_deliver_hook_set function. Here's what the comment says /* Sets the deliver_mail hook and returns the previous hook, which the new_hook should call if it's non-NULL. */ deliver_mail_func_t *mail_deliver_hook_set(deliver_mail_func_t *new_hook); The problem at this point is that I can't find where is this function called. A grep on the sources only reveals two results : -*- mode: grep; default-directory: "~/DOWNLOADS/APPS/dovecot-2.2.13/src/" -*- Grep started at Tue Mar 28 17:01:50 grep -nH -e 'mail_deliver_hook_set' -r . ./lib-lda/mail-deliver.c:428:deliver_mail_func_t *mail_deliver_hook_set(deliver_mail_func_t *new_hook) ./lib-lda/mail-deliver.h:103:deliver_mail_func_t *mail_deliver_hook_set(deliver_mail_func_t *new_hook); Grep finished (matches found) at Tue Mar 28 17:01:50 According to the changelog this function has been introduced back in 2010. I don't know if it's really used ? * I am working on the 2.2.13 sources because that's what's installed on my server. * I couldn't find a developers mailling listed in http://www.dovecot.org/mailinglists.html so I'm just posting this here. -- Yassine. From yacinechaouche at yahoo.com Tue Mar 28 17:05:22 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Tue, 28 Mar 2017 17:05:22 +0000 (UTC) Subject: cannot login to imap under load In-Reply-To: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> References: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> Message-ID: <989410503.5616512.1490720722993@mail.yahoo.com> Hello Gerard ! On Tuesday, March 28, 2017 4:55 PM, Gerard Ranke wrote:> dovecot: master: Error: service(imap): fork() failed: Resource > >temporarily unavailable > >dovecot: master: Error: service(imap): command startup failed, > >throttling for 2 secs > > >Note thate we our users almost exclusively use imap. Normally we would > >have some 7 or 800 imap processes running and only a few pop3. Could it be an OS (or VM) limit on the number of processes you can create ? -- Yassine. From markc at renta.net Wed Mar 29 03:41:14 2017 From: markc at renta.net (Mark Constable) Date: Wed, 29 Mar 2017 13:41:14 +1000 Subject: Using SpamProbe via only sieve scripts Message-ID: <1da39b95-623d-1417-c006-a7a0e3205866@renta.net> FWIW this took me days to get right, and still needs tinkering, but it might make for a good starting point for anyone else needing something similar (ie; I don't use or need the overhead of spamassassin or rspamd). https://gist.github.com/markc/eeeb66ce30ea805af62631656cf86c4d Any comments or corrections on that page would be appreciated. From rgm at htt-consult.com Wed Mar 29 04:06:18 2017 From: rgm at htt-consult.com (Robert Moskowitz) Date: Tue, 28 Mar 2017 23:06:18 -0500 Subject: The challenge of customizing Dovecot In-Reply-To: <751E61DB-BDB3-4AD4-AEB3-10EC42537140@gmail.com> References: <5d561547-f0f7-7f60-bc88-3464d331cb20@htt-consult.com> <1216132629.1515951.1490196962957@mail.yahoo.com> <751E61DB-BDB3-4AD4-AEB3-10EC42537140@gmail.com> Message-ID: <9f6a47aa-8002-c706-30d6-9b29b79feb42@htt-consult.com> On 03/22/2017 11:15 PM, Rob McAninch wrote: > > > -- Rob McAninch robmcaninch.com (Sent from my iPhone) >> On Mar 22, 2017, at 23:53, Robert Moskowitz wrote: >> >> >> >> On 03/22/2017 09:16 PM, Rob McAninch wrote: >>>> On Mar 22, 2017, at 18:25, Robert Moskowitz wrote: >>>> >>>> >>>> >>>>> On 03/22/2017 11:36 AM, chaouche yacine wrote: >>>>> Robert, >>>>> >>>>> What would be the benefit of using sed against making customized files and just copying them ? I'd probably just want to copy a working version of/etc/dovecot/ conf files instead of modifying my existing files with sed scripts (or create new ones with cat). >>>> new options are left unaltered. I learned this with postfix, to use postconf instead of trying to replace main.cf. >>>> >>>> I thought about mv old confs then cat new confs, but again, there are other things set up, and I worked at changing what needed customization, rather than wholesale replacement. >>> Did you consider putting your customization in a local.conf which should be tried at the end? Could put whatever explanation in there you want. On a system like Debian this would more easily allow the default files to be upgraded without intervention. >>> >> I have not seen any reference to a local.conf. Can you point this out to me? I will have to see that it is maintained in Centos. But some of the mods are additions (like plugins) to existing lines. I would have to find out how those are processed. > It is mentioned here > http://wiki.dovecot.org/ConfigFile > > Debian Jessie has the last line of dovecot.conf as: > > !include_try local.conf Finally revamped my approach to a local.conf file. I maintained an organization based on which conf file is 'modified' to assist review against later versions of Dovecot. I had observed in developing this, using a guide written for Centos6 (and no telling really how old), that some things had changed. Of course, I still have to test this out. I have quotas actually handled in postfix and dovecot. I can think of reasons why you do both. And if you see anything here obviously wrong, I appreciate any review. Will save me headaches later. Thanks for the help so far. Here is what I got: cat </etc/dovecot/local.conf || exit 1 # Developed on Dovecot 2.2.10 # dovecot.conf protocols = imap pop3 lmtp sieve dict { sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } # 10-auth.conf !include conf.d/auth-sql.conf.ext # auth-sql.conf.ext userdb { driver = prefetch } # 10-mail.conf mail_location = maildir:/home/vmail/%d/%n first_valid_uid = 101 first_valid_gid = 12 # 10-master.conf service auth { unix_listener auth-userdb { mode = 0666 user = vmail group = mail } unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } } service dict { unix_listener dict { mode = 0666 user = vmail group = mail } } # 10-ssl.conf ssl_cert = References: <746285760.1304.1490543946130@appsuite-dev.open-xchange.com> Message-ID: <86b1d558-23a9-bbf5-177d-eec8795332cd@dougbarton.us> This is nonsense. You made a mistake in your configuration. Before you try again next time, you should probably discuss your plan with the list to make sure you're on the right track. Good luck, Doug On 03/26/2017 03:13 PM, Ruga wrote: > (I tried to protect dovecot passwords with bcrypt, but the mail clients refused it.) From mca at caloro.ch Wed Mar 29 04:24:06 2017 From: mca at caloro.ch (mca at caloro.ch) Date: Wed, 29 Mar 2017 06:24:06 +0200 Subject: Email Push to Iphone Message-ID: <002501d2a844$4e09e700$ea1db500$@caloro.ch> Hello Please exist in Dovecot 2.2.13 the E-Mail Push function? So that the Email on me Iphone are available at this moment that will be transfered, I see or found any other 3part software "Z-push", but it's this function are not included on dovecot? Thanks and regards Mauri From mihai at badici.ro Wed Mar 29 04:39:36 2017 From: mihai at badici.ro (Mihai Badici) Date: Wed, 29 Mar 2017 07:39:36 +0300 Subject: Email Push to Iphone In-Reply-To: <002501d2a844$4e09e700$ea1db500$@caloro.ch> References: <002501d2a844$4e09e700$ea1db500$@caloro.ch> Message-ID: <2630796.3YnXUhrEVD@slackware-14> On Wednesday 29 March 2017 06:24:06 mca at caloro.ch wrote: > Hello > > > > Please exist in Dovecot 2.2.13 the E-Mail Push function? > > > > So that the Email on me Iphone are available at this moment that will be > transfered, I see or found any other 3part software "Z-push", but it's this > function are not included on dovecot? > > > > Thanks and regards > > Mauri E-mail push is basically a web application, so i think is better to be managed by third party solutions like z-push or syncroton and let dovecot to focus on the core functionality. From ricardo.branco at wenn.com Wed Mar 29 11:51:37 2017 From: ricardo.branco at wenn.com (Ricardo Branco) Date: Wed, 29 Mar 2017 09:51:37 +0100 Subject: Email Push to Iphone In-Reply-To: References: <002501d2a844$4e09e700$ea1db500$@caloro.ch> Message-ID: <3c8d30fe-c55d-d790-28fa-34a60fa74463@wenn.com> there is this plugin to use APNS to notify phones, its a faf though as you need a legal OSX Server to generate the signing keys, I never ended up implementing it. https://github.com/st3fan/dovecot-xaps-daemon Aki Tuomi wrote on 29/03/2017 07:29: > > On 29.03.2017 07:24, mca at caloro.ch wrote: >> Hello >> >> >> >> Please exist in Dovecot 2.2.13 the E-Mail Push function? >> >> >> >> So that the Email on me Iphone are available at this moment that will be >> transfered, I see or found any other 3part software "Z-push", but it's this >> function are not included on dovecot? >> >> >> >> Thanks and regards >> >> Mauri >> >> > There exists a push notification framework for dovecot, but it does not support iPhone push directly. See https://wiki2.dovecot.org/Plugins/PushNotification > > Aki From skdovecot at smail.inf.fh-brs.de Wed Mar 29 13:38:23 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 29 Mar 2017 12:38:23 +0200 (CEST) Subject: cannot login to imap under load In-Reply-To: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> References: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 28 Mar 2017, Gerard Ranke wrote: > dovecot: master: Error: service(imap): fork() failed: Resource > temporarily unavailable > dovecot: master: Error: service(imap): command startup failed, > throttling for 2 secs check out the ulimits for the Dovecot process. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWNuOn3z1H7kL/d9rAQIj1AgAxH8id+JVGJ7YBVKQkSOfb2N160UNRkNo hZ/6HLPfI3pBIzypccvvV+rHtv8pxvURjG1fbAoDBaMlmDWau0gMFJwepBunuEYx gBQGtrBvsABV2nv5kagP5V8TJjzLZplk4/vz0YGsOjlz2JhxbgHcLLA2FyQKTXgc TWGpmcfWUDTQgQeOLVJcfJUBtbdH4MV0JuDCaiVcbtDuWYpWPRWPw+7Gp4gL46X1 orzD9T4+C/80oBtnUV2fERW7ITeRJTgQ3bR1tKYFQmMDJNpQL78G5P06bJB1D8ob 43TO1Ylb/vz4B2+WnM34gKRQcorcNENuuCjLC6Cy1mQ3MK7kjjoZ8Q== =HW21 -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Mar 29 13:44:06 2017 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 29 Mar 2017 12:44:06 +0200 (CEST) Subject: Studying dovecot source code (searching for mail_deliver_hook_set) In-Reply-To: <854458548.1737736.1490719801245@mail.yahoo.com> References: <854458548.1737736.1490719801245.ref@mail.yahoo.com> <854458548.1737736.1490719801245@mail.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 28 Mar 2017, chaouche yacine wrote: > I would like to study how dovecot manages quota, especially how it deals > with the maildirsize file if one chooses to implement quota according to > the maildir++ specification. Quota is managed by the plugin, which hooks into some events. Check out src/plugins/quota - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWNuP93z1H7kL/d9rAQKcXwf7BkeKmu6C1PVDQxaZ87oQwGqnuwdmj/hI EEFdlqehBZ0qWdHAvfQqXnQpu3gNB+zZINoj109r/8r1I+N96bCW8zY9WArqk3qw 6JbrMqLLw/v0BnBZqfVXGodj/YHrNzAUDVUhBbTL77+T7wbjZJYssHFAxEFXraKq Y+Ypg1PLGXLvhaFbUlUuLqtngn5zTTMRD5zJvsaiBrN1l57yi0LX1QqGeVcyPT2e +00Zg11Cv6mhqOW3GqjH1SIU2UZ+V/M/AGwgHoMVetfRu8iKJTbanerl3cXJFi1D q+jrbxt3rAOH9FJZGVNpGiQ25Iayx/gU3u7qEOtTEg6jLJLVIvZRFQ== =qpgG -----END PGP SIGNATURE----- From stephan at rename-it.nl Wed Mar 29 13:47:23 2017 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 29 Mar 2017 12:47:23 +0200 Subject: pigeonhole / vacation In-Reply-To: <20170315125646.Horde.yCQIqUEM8L9nC_XQhT28XYC@andreasschulze.de> References: <20170315125646.Horde.yCQIqUEM8L9nC_XQhT28XYC@andreasschulze.de> Message-ID: <7e681d88-1467-98f5-d0c4-493ad5ed1b83@rename-it.nl> Op 15-3-2017 om 12:56 schreef A. Schulze: > > Hello, > > we use the sieve vacation module to answer messages for certain > mailboxes. > vacation send back answers to most but not all messages wich is fine > and intended. > > .dovecot.sieve looks like this: > > require ["vacation", "variables"]; > > if header :matches "subject" "*" { > vacation :subject "Automatic response to: ${1}" "thanks for your > message"; > keep; > } > > > But now I would like to distinct messages that where answered from > those where the vacation module > did not send back a message. Is it possible to store answered messages > in one folder and unanswered in an other? > > # probably invalid sieve syntax > if vacation .... { > fileinto "answered/"; > stop; > else > fileinto "unanswered/"; > stop; > } > > After reading RFC 5230 I feel it's not possible at all :-/ I think you're right. You can only determine whether vacation messages are attempted, not whether these are actually sent. You can mimic most of what vacation does to prevent sending inappropriate responses, but that wouldn't be reliable. Regards, Stephan. From gerard.ranke at hku.nl Wed Mar 29 14:07:53 2017 From: gerard.ranke at hku.nl (Gerard Ranke) Date: Wed, 29 Mar 2017 13:07:53 +0200 Subject: cannot login to imap under load In-Reply-To: References: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> Message-ID: <5eb13602-21dc-e23c-171e-0161e6f95c1f@hku.nl> Hi Steffen, On 29-03-17 12:38, Steffen Kaiser wrote: > On Tue, 28 Mar 2017, Gerard Ranke wrote: > >> dovecot: master: Error: service(imap): fork() failed: Resource >> temporarily unavailable >> dovecot: master: Error: service(imap): command startup failed, >> throttling for 2 secs > > check out the ulimits for the Dovecot process. > > -- Steffen Kaiser Here they are: dovecot at mail:~> ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 256942 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 10000 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 256942 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited This looks ok to me, but on startup, I still get: dovecot[9309]: Warning: fd limit (ulimit -n) is lower than required under max. load (1024 < 10000), because of service auth { client_limit } Strange thing is that dovecot still complains about the fd limit being 1024, while I set it to 10000. And how can a ulimit be too low 'because of service auth'? I don't get that at all. Thanks for your interest! gerard From yacinechaouche at yahoo.com Wed Mar 29 14:12:04 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Wed, 29 Mar 2017 11:12:04 +0000 (UTC) Subject: cannot login to imap under load In-Reply-To: <5eb13602-21dc-e23c-171e-0161e6f95c1f@hku.nl> References: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> <5eb13602-21dc-e23c-171e-0161e6f95c1f@hku.nl> Message-ID: <90626078.5444085.1490785924866@mail.yahoo.com> Could it be that dovecot is being started from a container ? ? -- Yassine On Wednesday, March 29, 2017 12:08 PM, Gerard Ranke wrote: Hi Steffen, On 29-03-17 12:38, Steffen Kaiser wrote: > On Tue, 28 Mar 2017, Gerard Ranke wrote: > >> dovecot: master: Error: service(imap): fork() failed: Resource >> temporarily unavailable >> dovecot: master: Error: service(imap): command startup failed, >> throttling for 2 secs > > check out the ulimits for the Dovecot process. > > -- Steffen Kaiser Here they are: dovecot at mail:~> ulimit -a core file size? ? ? ? ? (blocks, -c) 0 data seg size? ? ? ? ? (kbytes, -d) unlimited scheduling priority? ? ? ? ? ? (-e) 0 file size? ? ? ? ? ? ? (blocks, -f) unlimited pending signals? ? ? ? ? ? ? ? (-i) 256942 max locked memory? ? ? (kbytes, -l) 64 max memory size? ? ? ? (kbytes, -m) unlimited open files? ? ? ? ? ? ? ? ? ? ? (-n) 10000 pipe size? ? ? ? ? ? (512 bytes, -p) 8 POSIX message queues? ? (bytes, -q) 819200 real-time priority? ? ? ? ? ? ? (-r) 0 stack size? ? ? ? ? ? ? (kbytes, -s) 8192 cpu time? ? ? ? ? ? ? (seconds, -t) unlimited max user processes? ? ? ? ? ? ? (-u) 256942 virtual memory? ? ? ? ? (kbytes, -v) unlimited file locks? ? ? ? ? ? ? ? ? ? ? (-x) unlimited This looks ok to me, but on startup, I still get: dovecot[9309]: Warning: fd limit (ulimit -n) is lower than required under max. load (1024 < 10000), because of service auth { client_limit } Strange thing is that dovecot still complains about the fd limit being 1024, while I set it to 10000. And how can a ulimit be too low 'because of service auth'? I don't get that at all. Thanks for your interest! gerard From gerard.ranke at hku.nl Wed Mar 29 14:14:49 2017 From: gerard.ranke at hku.nl (Gerard Ranke) Date: Wed, 29 Mar 2017 13:14:49 +0200 Subject: cannot login to imap under load In-Reply-To: <90626078.5444085.1490785924866@mail.yahoo.com> References: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> <5eb13602-21dc-e23c-171e-0161e6f95c1f@hku.nl> <90626078.5444085.1490785924866@mail.yahoo.com> Message-ID: <3edd9238-12ec-0dac-be16-61a3b560ba60@hku.nl> On 29-03-17 13:12, chaouche yacine wrote: > Could it be that dovecot is being started from a container ? > -- Yassine > No, it's just a service on a VM... Best, gerard From gerard.ranke at hku.nl Wed Mar 29 14:18:42 2017 From: gerard.ranke at hku.nl (Gerard Ranke) Date: Wed, 29 Mar 2017 13:18:42 +0200 Subject: cannot login to imap under load In-Reply-To: <4b934e65-b37d-1a15-9727-b209adc8a372@gmx.com> References: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> <5eb13602-21dc-e23c-171e-0161e6f95c1f@hku.nl> <4b934e65-b37d-1a15-9727-b209adc8a372@gmx.com> Message-ID: Hi Maria, It does indeed run from systemd, so this is what's currently in the dovecot unit file ( /etc/systemd/system/dovecot.service ): [Unit] Description=Dovecot IMAP/POP3 email server After=local-fs.target network.target [Service] Type=simple ExecStart=/usr/sbin/dovecot -F NonBlocking=yes TasksMax=10000 LIMIT_NOFILE=10000 [Install] WantedBy=multi-user.target Unfortunately, it doesn't seem to work... Best, gerard On 29-03-17 13:13, Mar?a Arrea wrote: > > If you are running dovecot via systemd, increase NOFILES in the > dovecot startup script > > El 29/03/17 a las 13:07, Gerard Ranke escribi?: >> Hi Steffen, >> >> On 29-03-17 12:38, Steffen Kaiser wrote: >>> On Tue, 28 Mar 2017, Gerard Ranke wrote: >>> >>>> dovecot: master: Error: service(imap): fork() failed: Resource >>>> temporarily unavailable >>>> dovecot: master: Error: service(imap): command startup failed, >>>> throttling for 2 secs >>> check out the ulimits for the Dovecot process. >>> >>> -- Steffen Kaiser >> Here they are: >> >> dovecot at mail:~> ulimit -a >> core file size (blocks, -c) 0 >> data seg size (kbytes, -d) unlimited >> scheduling priority (-e) 0 >> file size (blocks, -f) unlimited >> pending signals (-i) 256942 >> max locked memory (kbytes, -l) 64 >> max memory size (kbytes, -m) unlimited >> open files (-n) 10000 >> pipe size (512 bytes, -p) 8 >> POSIX message queues (bytes, -q) 819200 >> real-time priority (-r) 0 >> stack size (kbytes, -s) 8192 >> cpu time (seconds, -t) unlimited >> max user processes (-u) 256942 >> virtual memory (kbytes, -v) unlimited >> file locks (-x) unlimited >> >> This looks ok to me, but on startup, I still get: >> >> dovecot[9309]: Warning: fd limit (ulimit -n) is lower than required >> under max. load (1024 < 10000), because of service auth { client_limit } >> >> Strange thing is that dovecot still complains about the fd limit being >> 1024, while I set it to 10000. And how can a ulimit be too low 'because >> of service auth'? I don't get that at all. Thanks for your interest! >> >> gerard > > From piper at hrz.uni-marburg.de Wed Mar 29 14:33:52 2017 From: piper at hrz.uni-marburg.de (Piper Andreas) Date: Wed, 29 Mar 2017 13:33:52 +0200 Subject: cannot login to imap under load In-Reply-To: References: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> <5eb13602-21dc-e23c-171e-0161e6f95c1f@hku.nl> <4b934e65-b37d-1a15-9727-b209adc8a372@gmx.com> Message-ID: <96cad811-6c31-6df8-5aa1-45f35f76d63a@hrz.uni-marburg.de> Hello, > > It does indeed run from systemd, so this is what's currently in the > dovecot unit file ( /etc/systemd/system/dovecot.service ): > ... > [Service] > Type=simple > ExecStart=/usr/sbin/dovecot -F > NonBlocking=yes > TasksMax=10000 > LIMIT_NOFILE=10000 ... the parameter should be named LimitNOFile=10000 (without the underscore), see http://man7.org/linux/man-pages/man7/systemd.directives.7.html and http://man7.org/linux/man-pages/man5/systemd.exec.5.html --Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5176 bytes Desc: S/MIME Cryptographic Signature URL: From darix at opensu.se Wed Mar 29 15:40:24 2017 From: darix at opensu.se (Marcus Rueckert) Date: Wed, 29 Mar 2017 14:40:24 +0200 Subject: cannot login to imap under load In-Reply-To: <96cad811-6c31-6df8-5aa1-45f35f76d63a@hrz.uni-marburg.de> References: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> <5eb13602-21dc-e23c-171e-0161e6f95c1f@hku.nl> <4b934e65-b37d-1a15-9727-b209adc8a372@gmx.com> <96cad811-6c31-6df8-5aa1-45f35f76d63a@hrz.uni-marburg.de> Message-ID: <20170329124023.bduhnlkzdqbnb6kj@nordisch.org> On 2017-03-29 13:33:52 +0200, Piper Andreas wrote: > > It does indeed run from systemd, so this is what's currently in the > > dovecot unit file ( /etc/systemd/system/dovecot.service ): > > > ... > > [Service] > > Type=simple > > ExecStart=/usr/sbin/dovecot -F > > NonBlocking=yes > > TasksMax=10000 > > LIMIT_NOFILE=10000 > > ... > > the parameter should be named > > LimitNOFile=10000 > > (without the underscore), see > http://man7.org/linux/man-pages/man7/systemd.directives.7.html and > http://man7.org/linux/man-pages/man5/systemd.exec.5.html Also you dont have to replace the whole service file to achieve this: https://discourse.nordisch.org/t/per-service-ulimits/374 darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org From gerard.ranke at hku.nl Wed Mar 29 17:47:44 2017 From: gerard.ranke at hku.nl (Gerard Ranke) Date: Wed, 29 Mar 2017 16:47:44 +0200 Subject: cannot login to imap under load - SOLVED In-Reply-To: <20170329124023.bduhnlkzdqbnb6kj@nordisch.org> References: <3b68c75c-3711-d597-4de5-7819da1511eb@hku.nl> <5eb13602-21dc-e23c-171e-0161e6f95c1f@hku.nl> <4b934e65-b37d-1a15-9727-b209adc8a372@gmx.com> <96cad811-6c31-6df8-5aa1-45f35f76d63a@hrz.uni-marburg.de> <20170329124023.bduhnlkzdqbnb6kj@nordisch.org> Message-ID: <41b3cce3-a860-f803-c2e5-58c1d1fef7f7@hku.nl> On 29-03-17 14:40, Marcus Rueckert wrote: > On 2017-03-29 13:33:52 +0200, Piper Andreas wrote: >>> It does indeed run from systemd, so this is what's currently in the >>> dovecot unit file ( /etc/systemd/system/dovecot.service ): >>> >> ... >>> [Service] >>> Type=simple >>> ExecStart=/usr/sbin/dovecot -F >>> NonBlocking=yes >>> TasksMax=10000 >>> LIMIT_NOFILE=10000 >> >> ... >> >> the parameter should be named >> >> LimitNOFile=10000 >> >> (without the underscore), see >> http://man7.org/linux/man-pages/man7/systemd.directives.7.html and >> http://man7.org/linux/man-pages/man5/systemd.exec.5.html > > Also you dont have to replace the whole service file to achieve this: > > https://discourse.nordisch.org/t/per-service-ulimits/374 > > darix > Good point! I did remove the /etc/systemd/system/docevot.service file and added /etc/systemd/system/dovecot.service.d/limits.conf which reads: [Service] TasksMax=10000 LimitNOFILE=10000 This should survive system upgrades as well. ( The TaskMax setting is to overcome the default 512 from a cgroup controller that is new for sles12sp2. ) After that it also needed: systemctl daemon-reload systemctl restart dovecot Now dovecot starts up cleanly, and our performance problems are gone. Thank you all who took the time to answer, your remarks were very supporting and insightful! It's just what you need when you have a lot of users breathing down your neck :-) All the best! gerard From aki.tuomi at dovecot.fi Thu Mar 30 09:10:09 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Thu, 30 Mar 2017 09:10:09 +0300 Subject: Using SpamProbe via only sieve scripts In-Reply-To: <1da39b95-623d-1417-c006-a7a0e3205866@renta.net> References: <1da39b95-623d-1417-c006-a7a0e3205866@renta.net> Message-ID: <004b64ed-177b-794d-0f20-3b4861740f10@dovecot.fi> On 29.03.2017 06:41, Mark Constable wrote: > FWIW this took me days to get right, and still needs tinkering, but it > might make for a good starting point for anyone else needing something > similar (ie; I don't use or need the overhead of spamassassin or rspamd). > > https://gist.github.com/markc/eeeb66ce30ea805af62631656cf86c4d > > Any comments or corrections on that page would be appreciated. https://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms "Directly forked programs are executed with a limited set of environment variables: HOME, USER, SENDER, RECIPIENT and ORIG_RECIPIENT. Programs executed through the script-pipe socket service currently have no environment set at all. " Just thought I'd mention this, since it might help making your script considerably easier. Esp. the HOME variable, as that should be set to the mail user's home. Aki From aki.tuomi at dovecot.fi Thu Mar 30 09:14:50 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Thu, 30 Mar 2017 09:14:50 +0300 Subject: Studying dovecot source code (searching for mail_deliver_hook_set) In-Reply-To: References: <854458548.1737736.1490719801245.ref@mail.yahoo.com> <854458548.1737736.1490719801245@mail.yahoo.com> Message-ID: <926f7590-6de0-2f87-d707-daf3d9e6f7f9@dovecot.fi> On 29.03.2017 13:44, Steffen Kaiser wrote: > On Tue, 28 Mar 2017, chaouche yacine wrote: > > > I would like to study how dovecot manages quota, especially how it > deals with the maildirsize file if one chooses to implement quota > according to the maildir++ specification. > > Quota is managed by the plugin, which hooks into some events. Check out > > src/plugins/quota > > -- Steffen Kaiser And in particular, you want to look at src/plugins/quota/quota-maildir.c Aki From jc at info-systems.de Thu Mar 30 10:46:58 2017 From: jc at info-systems.de (Jakob Curdes) Date: Thu, 30 Mar 2017 09:46:58 +0200 Subject: Email Push to Iphone In-Reply-To: <002501d2a844$4e09e700$ea1db500$@caloro.ch> References: <002501d2a844$4e09e700$ea1db500$@caloro.ch> Message-ID: Am 29.03.2017 um 06:24 schrieb mca at caloro.ch: > Hello > > > > Please exist in Dovecot 2.2.13 the E-Mail Push function? > > > > So that the Email on me Iphone are available at this moment that will be > transfered, I see or found any other 3part software "Z-push", but it's this > function are not included on dovecot? We are using z-push with dovecot as IMAP backend in production and it works well, also for iphones. Regards, Jakob From yacinechaouche at yahoo.com Thu Mar 30 12:35:54 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Thu, 30 Mar 2017 09:35:54 +0000 (UTC) Subject: Studying dovecot source code (searching for mail_deliver_hook_set) In-Reply-To: <926f7590-6de0-2f87-d707-daf3d9e6f7f9@dovecot.fi> References: <854458548.1737736.1490719801245.ref@mail.yahoo.com> <854458548.1737736.1490719801245@mail.yahoo.com> <926f7590-6de0-2f87-d707-daf3d9e6f7f9@dovecot.fi> Message-ID: <1038515580.7114372.1490866554418@mail.yahoo.com> Thanks ! I don't know if there's documentation about dovecot's design as a whole, not the details of the plugin itself, to get the big picture ? I assume the plugins are loaded in a loop at dovecot startup, or at login, or when mail is delivered via lda/lmtp ? in the particular case of the quota plugin I assume the quota functions are called from? LMTPD (since this is how I configured postfix to talk to dovecot) ? should I look in LMTPD's source code to find the function that calls the plugin ? ? -- Yassine. On Thursday, March 30, 2017 7:15 AM, Aki Tuomi wrote: On 29.03.2017 13:44, Steffen Kaiser wrote: > On Tue, 28 Mar 2017, chaouche yacine wrote: > > > I would like to study how dovecot manages quota, especially how it > deals with the maildirsize file if one chooses to implement quota > according to the maildir++ specification. > > Quota is managed by the plugin, which hooks into some events. Check out > > src/plugins/quota > > -- Steffen Kaiser And in particular, you want to look at src/plugins/quota/quota-maildir.c Aki From aki.tuomi at dovecot.fi Thu Mar 30 12:41:39 2017 From: aki.tuomi at dovecot.fi (Aki Tuomi) Date: Thu, 30 Mar 2017 12:41:39 +0300 Subject: Studying dovecot source code (searching for mail_deliver_hook_set) In-Reply-To: <1038515580.7114372.1490866554418@mail.yahoo.com> References: <854458548.1737736.1490719801245.ref@mail.yahoo.com> <854458548.1737736.1490719801245@mail.yahoo.com> <926f7590-6de0-2f87-d707-daf3d9e6f7f9@dovecot.fi> <1038515580.7114372.1490866554418@mail.yahoo.com> Message-ID: https://wiki2.dovecot.org/Design Aki On 30.03.2017 12:35, chaouche yacine wrote: > Thanks ! I don't know if there's documentation about dovecot's design as a whole, not the details of the plugin itself, to get the big picture ? I assume the plugins are loaded in a loop at dovecot startup, or at login, or when mail is delivered via lda/lmtp ? in the particular case of the quota plugin I assume the quota functions are called from LMTPD (since this is how I configured postfix to talk to dovecot) ? should I look in LMTPD's source code to find the function that calls the plugin ? > > -- Yassine. > > On Thursday, March 30, 2017 7:15 AM, Aki Tuomi wrote: > > > > > On 29.03.2017 13:44, Steffen Kaiser wrote: >> On Tue, 28 Mar 2017, chaouche yacine wrote: >> >>> I would like to study how dovecot manages quota, especially how it >> deals with the maildirsize file if one chooses to implement quota >> according to the maildir++ specification. >> >> Quota is managed by the plugin, which hooks into some events. Check out >> >> src/plugins/quota >> >> -- Steffen Kaiser > And in particular, you want to look at src/plugins/quota/quota-maildir.c > > Aki > > From yacinechaouche at yahoo.com Thu Mar 30 12:43:39 2017 From: yacinechaouche at yahoo.com (chaouche yacine) Date: Thu, 30 Mar 2017 09:43:39 +0000 (UTC) Subject: Studying dovecot source code (searching for mail_deliver_hook_set) In-Reply-To: References: <854458548.1737736.1490719801245.ref@mail.yahoo.com> <854458548.1737736.1490719801245@mail.yahoo.com> <926f7590-6de0-2f87-d707-daf3d9e6f7f9@dovecot.fi> <1038515580.7114372.1490866554418@mail.yahoo.com> Message-ID: <718389679.6220271.1490867019038@mail.yahoo.com> Perfect ! thanks a lot :) On Thursday, March 30, 2017 10:42 AM, Aki Tuomi wrote: https://wiki2.dovecot.org/Design Aki On 30.03.2017 12:35, chaouche yacine wrote: > Thanks ! I don't know if there's documentation about dovecot's design as a whole, not the details of the plugin itself, to get the big picture ? I assume the plugins are loaded in a loop at dovecot startup, or at login, or when mail is delivered via lda/lmtp ? in the particular case of the quota plugin I assume the quota functions are called from? LMTPD (since this is how I configured postfix to talk to dovecot) ? should I look in LMTPD's source code to find the function that calls the plugin ? > >? -- Yassine. > >? ? On Thursday, March 30, 2017 7:15 AM, Aki Tuomi wrote: >? > >? > > On 29.03.2017 13:44, Steffen Kaiser wrote: >> On Tue, 28 Mar 2017, chaouche yacine wrote: >> >>> I would like to study how dovecot manages quota, especially how it >> deals with the maildirsize file if one chooses to implement quota >> according to the maildir++ specification. >> >> Quota is managed by the plugin, which hooks into some events. Check out >> >> src/plugins/quota >> >> -- Steffen Kaiser > And in particular, you want to look at src/plugins/quota/quota-maildir.c > > Aki > >? ? From elyograg at elyograg.org Fri Mar 31 01:03:31 2017 From: elyograg at elyograg.org (Shawn Heisey) Date: Thu, 30 Mar 2017 16:03:31 -0600 Subject: Slow performance with large folders over the Internet Message-ID: Dovecot package version is 1:1.2.15-7+deb6u1. It is in Debian 6.0.10, using the Debian package. The server is in my basement at home, and is exposed to the Internet so I can fully access my mail from anywhere. I use IMAP for reading mail. I have a number of folders in my mailbox that have thousands of messages in them, from mailing lists. When I'm at home, I have a LAN connection to the server. It goes through a Cisco firewall that limits the connection speed to 100Mb/s. In this situation, I can open a folder with 25000 messages in it, click on the next unread message that Thunderbird did not know about before, and within a second or two, the message will download, allowing me to view it and reply. When I'm at work, with highly variable network latency between Thunderbird and the server, doing exactly the same thing takes a LOT longer. I have seen it take as long as 15 minutes for a single message. If I open a folder with only a few messages in it, it is fast. The server is not overloaded -- I can log into it with ssh and use "mutt -f" to open a folder directly. Loading thousands of messages into mutt takes a while, but I have no difficulty using the ssh connection and running commandline programs. This suggests that the IMAP communication between the server and the client involves a large amount of back and forth communication when the message count in the folder is high, possibly something for every message in the folder. It happens quickly on a LAN but crawls on a connection with high latency. I can understand it taking a few seconds longer on a high-latency link, but it takes minutes. I do plan on building a new server and migrating to Dovecot 2.x, but I haven't had the time to work on that. Is this a known problem? If so, is it fixed in 2.x? Thanks, Shawn From gerard.ranke at hku.nl Fri Mar 31 11:51:28 2017 From: gerard.ranke at hku.nl (Gerard Ranke) Date: Fri, 31 Mar 2017 10:51:28 +0200 Subject: Slow performance with large folders over the Internet In-Reply-To: References: Message-ID: <61fb1503-eea5-d78c-b3d4-7ee0aa7402d5@hku.nl> On 03/31/2017 12:03 AM, Shawn Heisey wrote: > Dovecot package version is 1:1.2.15-7+deb6u1. It is in Debian 6.0.10, > using the Debian package. > > The server is in my basement at home, and is exposed to the Internet so > I can fully access my mail from anywhere. I use IMAP for reading mail. > > I have a number of folders in my mailbox that have thousands of messages > in them, from mailing lists. > > When I'm at home, I have a LAN connection to the server. It goes > through a Cisco firewall that limits the connection speed to 100Mb/s. > In this situation, I can open a folder with 25000 messages in it, click > on the next unread message that Thunderbird did not know about before, > and within a second or two, the message will download, allowing me to > view it and reply. > > When I'm at work, with highly variable network latency between > Thunderbird and the server, doing exactly the same thing takes a LOT > longer. I have seen it take as long as 15 minutes for a single message. > If I open a folder with only a few messages in it, it is fast. > > The server is not overloaded -- I can log into it with ssh and use "mutt > -f" to open a folder directly. Loading thousands of messages into mutt > takes a while, but I have no difficulty using the ssh connection and > running commandline programs. > > This suggests that the IMAP communication between the server and the > client involves a large amount of back and forth communication when the > message count in the folder is high, possibly something for every > message in the folder. It happens quickly on a LAN but crawls on a > connection with high latency. I can understand it taking a few seconds > longer on a high-latency link, but it takes minutes. > > I do plan on building a new server and migrating to Dovecot 2.x, but I > haven't had the time to work on that. > > Is this a known problem? If so, is it fixed in 2.x? > > Thanks, > Shawn > Hi Shawn, If you think that imap is the problem, you can do an imap session by hand and see where the problems are: openssl s_client -CApath /path/to/your/certs -connect your.server:143 -starttls imap See fi. http://wiki.linuxquestions.org/wiki/Testing_IMAP_via_telnet But from your mail I would say that you might have networking or firewall issues. So I would be looking for interface errors, missing ping packets, traceroute output and so on. Best, gerard From troeder at univention.de Fri Mar 31 12:15:36 2017 From: troeder at univention.de (=?UTF-8?Q?Daniel_Tr=c3=b6der?=) Date: Fri, 31 Mar 2017 11:15:36 +0200 Subject: Slow performance with large folders over the Internet In-Reply-To: References: Message-ID: <0e488275-023a-0d88-6eaa-5652a6705bde@univention.de> On 03/31/2017 12:03 AM, Shawn Heisey wrote: > Dovecot package version is 1:1.2.15-7+deb6u1. It is in Debian 6.0.10, > using the Debian package. > > The server is in my basement at home, and is exposed to the Internet so > I can fully access my mail from anywhere. I use IMAP for reading mail. > > I have a number of folders in my mailbox that have thousands of messages > in them, from mailing lists. > > When I'm at home, I have a LAN connection to the server. It goes > through a Cisco firewall that limits the connection speed to 100Mb/s. > In this situation, I can open a folder with 25000 messages in it, click > on the next unread message that Thunderbird did not know about before, > and within a second or two, the message will download, allowing me to > view it and reply. > > When I'm at work, with highly variable network latency between > Thunderbird and the server, doing exactly the same thing takes a LOT > longer. I have seen it take as long as 15 minutes for a single message. > If I open a folder with only a few messages in it, it is fast. > > The server is not overloaded -- I can log into it with ssh and use "mutt > -f" to open a folder directly. Loading thousands of messages into mutt > takes a while, but I have no difficulty using the ssh connection and > running commandline programs. > > This suggests that the IMAP communication between the server and the > client involves a large amount of back and forth communication when the > message count in the folder is high, possibly something for every > message in the folder. It happens quickly on a LAN but crawls on a > connection with high latency. I can understand it taking a few seconds > longer on a high-latency link, but it takes minutes. > > I do plan on building a new server and migrating to Dovecot 2.x, but I > haven't had the time to work on that. > > Is this a known problem? If so, is it fixed in 2.x? > > Thanks, > Shawn This sounds like your companies firewall trying a mitm attack or similar. Just a wild guess. If the SSH-connection is good (probably ignored by the firewall or maybe even prioritized), then forward your IMAP-traffic through it and see if the problem persists. This is not meant as a solution, but to help analyze the problem. # ssh -L 10993:127.0.0.1:993 you at your.server Then connect with Thunderbird to 127.0.0.1:10993. You could also use :143, the SSH-tunnel is already encrypted. Greetings Daniel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From velicrongr at gmail.com Fri Mar 31 17:15:51 2017 From: velicrongr at gmail.com (George Dimakopoulos) Date: Fri, 31 Mar 2017 17:15:51 +0300 Subject: dsync replication Message-ID: Is it stable for dovecot 2.2.27 to implement DRBD (or HAST) on block level for maildir data replication instead of using dsync plugin? Regards, George From wogri at wogri.com Fri Mar 31 21:46:30 2017 From: wogri at wogri.com (Wolfgang Hennerbichler) Date: Fri, 31 Mar 2017 20:46:30 +0200 Subject: dsync replication In-Reply-To: References: Message-ID: <695A0C14-4459-4F9A-951D-FE68D487B4D6@wogri.com> I have a ~2000 user mailcluster on a rbd blockdevice backed by ceph, it?s distributed over ~8 disks and works without any issues for more than 3 years now. Ceph is not so fast as DRBD but more flexible. I would not expect any issues with DRBD, except for the problem that logical failures (e. g. an accidental rm -rf /va/rmail) means your cluster is dead, whereas with dsync nothing is lost. wogri > On Mar 31, 2017, at 16:15, George Dimakopoulos wrote: > > Is it stable for dovecot 2.2.27 to implement DRBD (or HAST) on block level > for maildir data replication instead of using dsync plugin? > > Regards, > > George