From wizz at mniam.net Tue Oct 1 00:22:53 2013 From: wizz at mniam.net (Kamil Andrusz) Date: Mon, 30 Sep 2013 23:22:53 +0200 Subject: [Dovecot] Panic: file mail-storage.c: line 834 (mailbox_verify_name): assertion failed In-Reply-To: <8B6D70A8-049E-4B0F-A2BB-786380F1A0FA@iki.fi> References: <44D2E9CA-B21B-476A-8FD4-55B090DC658B@mniam.net> <8B6D70A8-049E-4B0F-A2BB-786380F1A0FA@iki.fi> Message-ID: On 30 wrz 2013, at 07:54, Timo Sirainen wrote: > On 28.9.2013, at 18.11, Kamil Andrusz wrote: > >> Sep 28 16:57:21 shwurzbung dovecot: imap(wizz): Panic: file mail-storage.c: line 834 (mailbox_verify_name): assertion failed: (strncmp(vname, ns->prefix, ns->prefix_len-1) == 0) > >> namespace { >> hidden = yes >> inbox = yes >> list = no >> location = mbox:~/mail:INBOX=/var/mail/%u >> prefix = inbox/ >> type = private >> } > > Don't use prefix=inbox/. Either use INBOX/ or something completely different. I think the proper fix here is to just fail to run with this configuration. > Hi Timo, Looks like this solved the issue. Thanks a lot! Regards, Kamil Andrusz -- It's just a matter of opinion. From marc at girotec.es Tue Oct 1 10:29:13 2013 From: marc at girotec.es (Marc Casas - Girotec) Date: Tue, 1 Oct 2013 09:29:13 +0200 Subject: [Dovecot] Dovecot disconnecting while downloading large attachments Message-ID: <002201cebe77$edcbdfb0$c9639f10$@girotec.es> Hi, We're using Dovecot 1.2.15 with Debian Squeeze. The mail server is working properly (we use both POP3 and IMAP) with normal messages, but if we try to download a large message (more than 20mb) using POP3, the server disconnects and our application fails. It's possible to change this behavior? How can we setup Dovecot so it disconnects after 20 or 30 minutes (I think now is disconnecting after 10 minutes) of "inactivity"? Regards, Marc From bruce+dovecot at bmts.us Tue Oct 1 19:32:12 2013 From: bruce+dovecot at bmts.us (Bruce Marriner) Date: Tue, 01 Oct 2013 11:32:12 -0500 Subject: [Dovecot] How to configure statistics tracking Message-ID: <658-524af900-1-2b98bf8@78858843> I'm trying to configure the dovecot statistics tracking option with Dovecot 2.1.12 on FreeBSD 9.1-RELEASE. I've seen on the wiki page the configuration settings needed for this but it does not say which configuration file these settings should be added to. http://wiki2.dovecot.org/Statistics I was hoping someone could tell me which file these settings should be added to? Do they all just go into the same file or different files? I have a primary dovecot.conf file then inside conf.d/ there are dozens of files that hold the configuration settings for all the different parts of dovecot. Would I just add all of these settings into a conf.d/stats.conf file that would be pulled into the main configuration? Does it matter what order the (10-stats.conf, 20-stats.conf, etc) the file is set for? Thanks. From mhlavink at redhat.com Tue Oct 1 21:14:18 2013 From: mhlavink at redhat.com (Michal Hlavinka) Date: Tue, 01 Oct 2013 20:14:18 +0200 Subject: [Dovecot] [bug] ssl-params hangs when FIPS is enabled Message-ID: <524B10FA.2060709@redhat.com> Hi, we found a bug in ssl-params. It calls openssl DH generator for 512 and 1024 bits, but in FIPS mode, openssl won't generate anything for less than 1024, so it fails with: error:0506A06E:Diffie-Hellman routines:DH_BUILTIN_GENPARAMS:key size too small but when DH generator fails, ssl-params hangs forever in io_loop_run: __epoll_wait_nocancel() io_loop_handler_run(..) at ioloop-epoll.c:176 io_loop_run(..) at ioloop.c:406 master_service_run(..) at master-service.c:566 main(..) at main.c:156 Getting system in FIPS mode can be a little tricky, but DH_generator simulated failure can do the trick. Just change ssl-params/ssl-params-openssl.c:generate_dh_paramaters:39 - if (dh == NULL) { + if (1 || dh == NULL) { and when you run ssl-params (with no ssl-parameters.dat), it hangs. Let me know if you need more information. Regards, Michal Hlavinka From skdovecot at smail.inf.fh-brs.de Tue Oct 1 22:56:17 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Tue, 01 Oct 2013 21:56:17 +0200 Subject: [Dovecot] How to configure statistics tracking In-Reply-To: <658-524af900-1-2b98bf8@78858843> References: <658-524af900-1-2b98bf8@78858843> Message-ID: <524B28E1.5050405@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bruce Marriner wrote: > > I was hoping someone could tell me which file these settings should > be added to? Do they all just go into the same file or different > files? I have a primary dovecot.conf file then inside conf.d/ > there are dozens of files that hold the configuration settings for > all the different parts of dovecot. > > Would I just add all of these settings into a conf.d/stats.conf > file that would be pulled into the main configuration? best way IMHO, that way the settings are not overridden on update. > Does it matter what order the (10-stats.conf, 20-stats.conf, etc) > the file is set for? latter settings override previous ones, but this is seldom used except to override default options, I guess. - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUkso4F3r2wJMiz2NAQJKQAf/U0F+DW7CoBQvmbraetlGdhV/ta8vrp5G v5OVKE2nXy38ncDhsUIvH0VMH5rAfKH4tbDQWC4TDtBLgi2U5XTFFpkShm4XQOtS G+SL9DprY2WYnW5uBOk6MIFhiBxQRgUw/x9N4NDE5VeHeiJIzFp6MDqztuVIFvgp SzbXPoe/i+T+p8UjuJqumNnULNm808H3wsDETPOIXuU0FsGwFQ1bm8NP5LyPqyiM n4gJ/6iqOFvz5IC6GAbWtdSGM7zVBZadVMc5BBX1NvjbPh/8/OAp8JgS+R2AFpur NCENQgOs2y6+e/vgmS8moH1RNJGQjv/xj57+Ktpugbg69USA6tIx8g== =Xgl4 -----END PGP SIGNATURE----- From dclist at gmail.com Wed Oct 2 00:07:11 2013 From: dclist at gmail.com (dclist) Date: Tue, 1 Oct 2013 17:07:11 -0400 Subject: [Dovecot] Older messages not showing up after reinstall Message-ID: I reinstalled Ubuntu, keeping my maildir directories. Messages older than the date of reinstall are not being served by dovecot. The messages show up normally in my MUA if I load the maildir directory directly. I assume there is a file somewhere where dovecot is keeping a list of seen messages which I need to reset. The old messages appear to be in dovecot-uidlist. I tried moving dovecot.index* to no effect. How do I get the pre-reinstall messages to be served by dovecot? # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.8.0-31-generic x86_64 Ubuntu 13.04 auth_debug = yes auth_debug_passwords = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_debug = yes mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/password driver = passwd-file } passdb { driver = pam } plugin { fts = squat fts_squat = partial=4 full=4 } protocols = imap service auth { user = root } ssl_cert = I have a user with a lot of email (A LOT of email, probably over 500,000 emails). Recently, several thousand messages of his were lost, and I pulled them out of the backup archives (zip files containing each days emails in an mbox) that are created on his account and fed them into his procmail scripts and they were all processed just fine and ended up in the right directories. Except. The messages were from 6 months back, and the messages now show up in his mail client with the time stamp of the date they were restored, and not the date that shows up in the headers of the message. Anything I can do? -- I AM NOT A LICENSED HAIRSTYLIST Bart chalkboard Ep. AABF04 From skdovecot at smail.inf.fh-brs.de Wed Oct 2 09:26:20 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 2 Oct 2013 08:26:20 +0200 (CEST) Subject: [Dovecot] Older messages not showing up after reinstall In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 1 Oct 2013, dclist wrote: > I reinstalled Ubuntu, keeping my maildir directories. Messages older than > the date of reinstall are not being served by dovecot. The messages show up > normally in my MUA if I load the maildir directory directly. May I say that I doubt that Dovecot does not serve them, if you see newer messages in the same mailbox :-) > I assume there is a file somewhere where dovecot is keeping a list of seen > messages which I need to reset. The old messages appear to be in > dovecot-uidlist. I tried moving dovecot.index* to no effect. remove dovecot-uidlist, this causes a full sync with the MUA, because the validity changes. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUku8jF3r2wJMiz2NAQJLmAf/SHjrSjgymtb+lBwsB9YhCdhXuBCgX1X/ aaGCL9BGHazNqPvXeQAmnw1XIk34e0vyByR1TG4WGL0qOVAXDzUFzlAj5r9+oHAH cEDoRl+Nxq8rBE/6E+pHCbpGKHh0eybN4zlAdPfM4nkP0Ksfu4N5ciolE9OpD9wT yRB7ZZg6VaNwvYSAt1unXbYX722xEhNFl+I4S8We/7MUA1wuzcSTPx7q57+j2mxz XVez1gHT+RsO6uHEy1Y9EPaBisJY5teaYjBnaP3ugDruk0XeITCt3L6Ed5jv1yic WqeuMnicb0g90rVpoaYNyYYyknuXC7KWxSuY09K6eHrgXTVd/iYu2A== =p+2f -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Oct 2 10:28:40 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 2 Oct 2013 09:28:40 +0200 (CEST) Subject: [Dovecot] Fixing Timestamps In-Reply-To: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> References: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 1 Oct 2013, LuKreme wrote: > Except. > > The messages were from 6 months back, and the messages now show up in > his mail client with the time stamp of the date they were restored, and > not the date that shows up in the headers of the message. > > Anything I can do? You have to change the internal date. What storage do you use? With maildir: change the mtime of the message file to the desired date. remove dovecot-uidlist and dovecot.index.cache to force a fill resync. If your message file looks like: 1377237376.M533007P21292.,S=884,W=905:... change the first number to the seconds since epoch, maybe these numbers have some internal meaning as well for internal date. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUkvLKF3r2wJMiz2NAQLoDgf/Xq4LhpDHxmEa7ORV+hungTeu5nWHbGwf Ih5v3HDQ3R6yL0yEq04Vf8J8spqg1Pt8rHnUQd3fC/xLHbRBV8+n2XJdD5yH99fD j265mJPo8GO8sN40Z3ABlJdZa1YFlQZDa/zKclwEGotH3OxnXHE2LiqcuNjq6lt7 xODimr3M5fuVnYDwnH6XL4LxZXjYEHZ3zR1g7aIBsiQEvAgUBsocdjks7FcqFyzR Turd+sw65G3Qq5u81CmFNY0gbxETCvR2M/xsH6/imk3LGkD8kKTb8ohA+dvUpd/3 DGsFYLdR6GW8Y1LAtzaia4YnnbJ+RM1PsRpssuOzQ/vwlShDujYH1g== =tgbO -----END PGP SIGNATURE----- From marcin at mejor.pl Wed Oct 2 10:48:44 2013 From: marcin at mejor.pl (=?UTF-8?B?TWFyY2luIE1pcm9zxYJhdw==?=) Date: Wed, 02 Oct 2013 09:48:44 +0200 Subject: [Dovecot] Fixing Timestamps In-Reply-To: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> References: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> Message-ID: <524BCFDC.300@mejor.pl> W dniu 02.10.2013 01:42, LuKreme pisze: > I have a user with a lot of email (A LOT of email, probably over 500,000 emails). Recently, several thousand messages of his were lost, and I pulled them out of the backup archives (zip files containing each days emails in an mbox) that are created on his account and fed them into his procmail scripts and they were all processed just fine and ended up in the right directories. > > Except. > > The messages were from 6 months back, and the messages now show up in his mail client with the time stamp of the date they were restored, and not the date that shows up in the headers of the message. > > Anything I can do? Hi! Does procmail add header Delivery-date: ? Can you compare headers of email before and after procmail delivered it? Marcin From openmsk at gmail.com Wed Oct 2 10:50:02 2013 From: openmsk at gmail.com (John Smith) Date: Wed, 2 Oct 2013 11:50:02 +0400 Subject: [Dovecot] shared or acl or etc Message-ID: Hello, I need help: [root at dovecot]# dovecot -n # 2.1.16: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.18.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug = yes auth_mechanisms = plain login auth_use_winbind = yes auth_username_format = %u auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no listen = * mail_access_groups = vmail mail_debug = yes mail_gid = 5000 mail_location = maildir:~/:LAYOUT=fs mail_plugins = " quota acl" mail_privileged_group = vmail mail_uid = 5000 mbox_write_locks = fcntl namespace { list = children location = maildir:%%h:INDEX=~/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 autocreate = Sent autocreate2 = Trash autocreate3 = Drafts autosubscribe = Sent autosubscribe2 = Trash autosubscribe3 = Drafts quota = maildir:User quota quota_rule = *:storage=100M quota_rule2 = Trash:storage=+100M quota_rule3 = Sent:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { mode = 0666 user = vmail } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl = no ssl_cert = We're running Dovecot 2.1.17 on Debian: # 2.1.17 (9efbc0731929): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-042stab078.27.debug i686 Debian 7.1 simfs and we're having this namespace configuration: mail_location = mdbox:/var/mail/%Ld/%Ln/mdbox namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = prefix = separator = . subscriptions = yes type = private } As you can see, our namespace seperator is "." and not "/": a LIST "" "*" * LIST (\HasChildren) "." INBOX.test * LIST (\HasNoChildren) "." INBOX.test.huhu * LIST (\HasNoChildren \Trash) "." Trash * LIST (\HasChildren) "." INBOX a OK List completed. The problem is, that doveadm isn't able to import his own mdbox-directory: 1) delete the whole mdbox folder # rm -rf mdbox 2) create the new mdbox folder and create some subfolders in it # doveadm mailbox create -u max.muster INBOX.test # doveadm mailbox create -u max.muster INBOX.test.huhu 3) put a mail into a subfolder 4) try to re-import the whole mdbox: it doesn't work # doveadm import -u max.muster mdbox:mdbox BACKUP all doveadm(max.muster): Error: Couldn't create mailbox BACKUP.INBOX/test/huhu: Character not allowed in mailbox name: '/' Looks like there's something wrong in the namespace or like doveadm is working with a hardcoded internal namespace... Peer -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From bambero at gmail.com Wed Oct 2 16:49:16 2013 From: bambero at gmail.com (Bambero) Date: Wed, 2 Oct 2013 15:49:16 +0200 Subject: [Dovecot] LDAP for passdb and SQL for userdb Message-ID: Hello Is it possible to setup double backend ? ldap for auth only and SQL for userdb information(quota,maildir etc) ? Now I'm using SQL backend and configuration looks like this: passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } userdb { driver = prefetch } userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } Can I do something like: passdb { driver = sql args = /etc/dovecot/dovecot-ldap.conf } userdb { driver = prefetch } userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } Should I leave: userdb { driver = prefetch } Bambero From joseba.torre at ehu.es Wed Oct 2 17:11:47 2013 From: joseba.torre at ehu.es (Joseba Torre) Date: Wed, 02 Oct 2013 16:11:47 +0200 Subject: [Dovecot] LDAP for passdb and SQL for userdb In-Reply-To: References: Message-ID: <524C29A3.6000600@ehu.es> El 02/10/13 15:49, Bambero escribi?: > Hello > > Is it possible to setup double backend ? ldap for auth only and SQL for > userdb information(quota,maildir etc) ? Of course, you can mix backends the way you like. > > Now I'm using SQL backend and configuration looks like this: > > passdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf > } > > userdb { > driver = prefetch > } > > userdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf > } > > Can I do something like: > > passdb { > driver = sql This is driver = ldap > args = /etc/dovecot/dovecot-ldap.conf > } > > userdb { > driver = prefetch > } You don't need this one any more. Prefetch is used to get the userdb attributes in the auth query, but if you use different DDBB it makes no sense. > > userdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf > } > HTH From miro.rovis at croatiafidelis.hr Wed Oct 2 17:55:23 2013 From: miro.rovis at croatiafidelis.hr (miro.rovis at croatiafidelis.hr) Date: Wed, 02 Oct 2013 16:55:23 +0200 Subject: [Dovecot] Dovecot namespace solved while writing; preparing to refilter Message-ID: <7bceeb6d221c7df0cf3671a6cd785c72@croatiafidelis.hr> Hi! My plea to readers: =================== Pls., people who only want strictly technical issues to read, and frown at any broader context regardless how intrinsically related, but not strictly technically related, it might be, skip all the way, all the way to, search for exact words: "strictly technical" or visually, find two lines of sole "===" characters. Thank you! Upon umptieth failure, and having cloned the system onto another same arch, much more: same MBO-model box (cloning and restoring clean is my defence to get the system into as clean a state as can be, after any longer time online --I had had systems comprimised, and now I am a little paranoid)... So, after weeks of some failures in some phases of installations of dovecot and friends (as explained further in this text), I cloned the same system, but from previously taken clean backup, used it some time, and now I want to update the mailbox back because now the first system is in clean state, having I restored from clean backup... This is a Debian weekly testing install, which I clone btwn two same MBO-model boxes to keep it as clean as a non-expert user like me can have it... To a large extent I do trust installing and update/upgrading my systems from the weekly builds (but hey, why don't they PGP-sign those as kernel tarballs and as Grsecurity or Tor-browser tarballs are signed? any Debian developer reading this, why not?)... because I can check with some trust the weekly builds' sums for integrity, but how and why could or would I trust simply installing anything straight from the internet? By cloning (I used to dd disk dump when cloning, but nowadays it seems faster and reliable enough with Sysresccd's fsarchiver, so I dd just the small boot partition), by cloning I keep the system as close to clean as those non-pgp-signed weekly builds allow... Now add to that that the real FFmpeg is not allowed into Debian, and I am a fan of it (I very much use it, it's running almost all the time, on some or other of my systems), but you have to get it through deb-multimedia.org if you want it on Debian (what freedom is that, banning programs from official repositories?!)... and add to that that I want Grsecurity/Pax at all cost, in my system, and not: http://www.nsa.gov/research/selinux/ which I don't want in my system, at all cost, but to which the Debian current leadership seems to be total-blind-fidelity bound to... Add those and you get pretty much all the basic ingredients of my fight for freedom and true privacy which are layed siege onto in the GNU/Linux Operating System and the few related other free OS's, in most of its flavors and branches and deployments of the day, from the outside and also from the inside. Because even with the long-delayed-in-updating gNewSense, for insufficient developer power (I mean: too few), probably, what's the use of the fine deblobbed kernel if they put SELinux into it? Where's freedom with what I suspect can not be other than fake security with surreptitious surveillance? (BTW, go and ask people, but not loudly, who compile their Gentoo's --there' a link to my short post on forums.gentoo.org a few lines below-- like I compile (on other systems of mine), only a minority of very uninformed or some special entities' aficionados use anything other than Grsecurity on their Hardened Gentoos --and Gentoo is unquestionably the leader in hardening-- it's not just me, it's only that I am loud about it)... But I also tried to call this issue to GNU-freedom seeking people's attention such as here: https://lists.nongnu.org/archive/html/gnewsense-users/2013-09/msg00001.html and entire thread: Grsecurity on gNewSense, but for real? I didn't mean to dwell on these issues here, and it is not the reason I write my messege to dovecot-mailing list, but this is the broad perspective of my, and I am sure not only my case, of my deployment of dovecot and broadly these are the reasons why I deploy it on my system. No, this broader picture I don't think is not off-topic. I did think hard about it... No, I believe it is good to mention these issues in this post-Snowden era when the scale and scope of total surveillance can not be successfully sneered and scoffed at and dismissed, like some "exceptional" (Obama talking to the U.S. of A. nation in September 2013, in his quest for support, thankfully lacking, of then being planned Iraq-2003-like-in-pretence-and-lies attack-to-be on Syria)... like some "exceptional" people would want it (that's the Gentoo Forum's link mentioned above)... http://forums.gentoo.org/viewtopic-t-967806.html A case of actual protection of my Gentoo box by Grsecurity At least these issues should not be anymore successfully sneered and scoffed at and dismissed, but we're all less and less free as mankind... And, since I don't connect to my SOHO network the box which I open to the internet, I have mails to refilter into the very probably clean cloned box... And I need to refilter using dovecot (which I finally got to work)... These lines, all the dozen or so paragraphs from the beginning up unto here, do appear first for reading, but are written just about all the very last, after the rest of the text below has already been written, except the final proofreading notes intersparsed). ============================================================================= ============================================================================= Now nearly only strictly technical I go, for the sake of people who prefer so. That maildir mailbox being all poorly sorted (I must have made other mistakes, I am just still new and generally lack expertise in all these true mailer tools; but very impressed I am with them! thanks Sirainen, thanks Varshavchik, thanks MuttDude, thanks Venema, and all, I admire you people!), so I removed the old Maildir and I made this scriptlet: This is my configuration: me at mybox:# dovecot -n # 2.1.17: /etc/dovecot/dovecot.conf # OS: Linux 3.10.9-grsec-130827 x86_64 Debian jessie/sid auth_debug = yes mail_debug = yes mail_location = maildir:~/Maildir:LAYOUT=fs mail_plugins = acl quota mail_privileged_group = mail namespace { hidden = yes inbox = yes list = no location = mbox:~/mail:INBOX=/var/mail/%u prefix = "#mbox/" separator = / } namespace { location = maildir:~/Maildir prefix = separator = / } passdb { args = dovecot driver = pam } protocols = " imap" ssl_cert = on the wiki and maybe other places. But only after the 15-mailboxes.conf was completely commented out. Now I can view my mailbox from anywhere on my network, I guess (tried from the other box and from the same box with mutt, it works!). So namespace is solved I guess. However, for my mail system to completely function in the right GNU/Linux way, I have to get more GNU good things together in harmony. Naming some of the other dovecot friends: *getmail*, which hands on to *maildrop* for delivery... And *postfix* with TLS for sending mail, via 465 port, *stunnel*... That bit feels daunting to me, really... This namespace thing also cost me a few ounces of raw nerves and some occasional darkness in feelings... The worse is still before my mind constantly: still not being able to send mail the normal way, since the normal way is simply not in cleartext anymore... I probably could just fine sent to port 25, but after all the political persecution and censorship that as homeland-living dissident I suffered and still suffer, I don't see that as a solution at all... The obscured morale that I was upon me for a while is due to that stunnel connection not being yet set up... So, sending this from the web yet, I guess (prepared upfront, jealous of my time fixing systems that suffer from strange behavior or break whenever I'm longer online)... However, since I have been writing this not really hoping to get the namespace working in the process (quite a few days I spent on it, and weeks on mail system altogether, I can only hope to get the stunnel right if I really study it as if attending university classes, I'm afraid, just like the hurdles that I went finally past cost me real studying your manuals, my GNU freedom heros!)... ...And this message I having had started some five or ten hours ago [ before the final broader picture paragraphs that are all in the beginning part of the message; this very note is at the time of the very last proofreading ], now I see that I went different direction before discovering the setup for namespace that worked for me. How I used maildirmake (it's the maildrop's not the dovecot's one) I thought but now see doesn't probably have much to do with the solution for namespace I found. I leave it there though, because I need to fix the mailbox by refiltering it, with the aid of the dovecot server, similar to how it is explained in: http://wiki.dovecot.org/HowTo/RefilterMail Because I got some syntax wrong in ~/.mailfiler for the maildrop MDA, and then I got some of those wrongly named (numbered, no a-z, only 0-9 digits in names) fake mailing-list folders that can be seen in my post on mutt mailing-list: http://marc.info/?l=mutt-users&m=138021971816188&w=2 (the .muttrc however is completely different now, sure, than in that link) I hope the main, the namespace dovecot part of this message may elicit someone's advice, if they got past that phase with the 15-mailboxes.conf at its default. Or it is explained in the manuals I need to give a second or a third read to understand them... And I'll be back to report if I made ordered mails in my Maildir right with the refiltering. Just pls. allow time, I'm a late adopter, I'm 56 years of age, can't make these things as quick as you youngsters do it. Thanks for the fine Dovecot mail server! Miroslav Rovis Zagreb, Croatia From kremels at kreme.com Wed Oct 2 18:01:43 2013 From: kremels at kreme.com (LuKreme) Date: Wed, 2 Oct 2013 09:01:43 -0600 Subject: [Dovecot] Fixing Timestamps In-Reply-To: References: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> Message-ID: > On Oct 2, 2013, at 1:28, Steffen Kaiser wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >> On Tue, 1 Oct 2013, LuKreme wrote: >> >> Except. >> >> The messages were from 6 months back, and the messages now show up in his mail client with the time stamp of the date they were restored, and not the date that shows up in the headers of the message. >> >> Anything I can do? > > You have to change the internal date. What storage do you use? Maildir. > With maildir: change the mtime of the message file to the desired date. Right, is there a simple way to do that? I hate to have to grep every message for a date and then convert it to epoch and rename the file, but it sounds like that's what's needed? From lampacz+dovecot at gmail.com Wed Oct 2 18:44:02 2013 From: lampacz+dovecot at gmail.com (Lampa) Date: Wed, 2 Oct 2013 17:44:02 +0200 Subject: [Dovecot] sieve notify and lmtp Message-ID: Hello, i've setup sieve script which send notify to user (user at domain.com). But user at domain.com is alias user at domain.com and user at anotherdomain.com. LMTP delivers notification only to user at domain.com but not to user at anotherdomain.com. How to force send notification over smtp (which will be delivered to both) or i must use to=user at anotherdomain.com in notify ? Thank you for your advices. Lampa From stephan at rename-it.nl Wed Oct 2 19:06:27 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Wed, 02 Oct 2013 18:06:27 +0200 Subject: [Dovecot] sieve notify and lmtp In-Reply-To: References: Message-ID: <524C4483.2000106@rename-it.nl> On 10/2/2013 5:44 PM, Lampa wrote: > Hello, > > i've setup sieve script which send notify to user (user at domain.com). > But user at domain.com is alias user at domain.com and > user at anotherdomain.com. LMTP delivers notification only to > user at domain.com but not to user at anotherdomain.com. How to force send > notification over smtp (which will be delivered to both) or i must use > to=user at anotherdomain.com in notify ? > > Thank you for your advices. Dovecot and Sieve are oblivious to aliases. Resolving those is the responsibility of your MTA. You can indeed use Sieve to force delivery to additional recipients using additional to=, or cc= recipients, or separate notify actions, which triggers separate mail transmissions for each recipient. However, if aliases are involved, this can also cause duplicate notifications on the receiving end... Regards, Stephan. From laz at paravis.net Wed Oct 2 19:20:09 2013 From: laz at paravis.net (Laz Peterson) Date: Wed, 2 Oct 2013 09:20:09 -0700 Subject: [Dovecot] Username issue with Dovecot LDA, IMAP and Winbind Authentication Message-ID: <1C15EDC5-3A92-4981-856D-F89652D55A6D@paravis.net> Hi there Dovecot community -- I'll try to make this short. Here's the setup ? Ubuntu 12.04, Postfix, Dovecot, along with Amavis/Clamd/Spamassassin. Postfix is currently receiving emails for virtual users in multiple domains, all of which are authenticating through Winbind to Windows AD servers. The users log in to the POP/IMAP/SMTP services using the format user at domain.corp (the internal domain, not the external mail domain). The domains are all in the same forest, but there are many different domains to authenticate against. Dovecot is currently handling POP, IMAP, and authentication. Postfix uses a MySQL database to map the external email domain to the internal AD domain, for example domain.com -> domain.corp. Postfix also queries the same SQL database for where to save the messages -- /home/vmail/domain\user -- I have the SQL query strip off the ".corp". I had to do this because pam_winbind returns the usernames as "DOMAIN\user" upon successful Dovecot authentication, instead of "user at domain.corp", which ends up invalidating all of the %u, %n, and %d variables. On the user side, after successful auth, I can only define %u and %n in my Dovecot configuration -- %d is null, %u is "DOMAIN\user", and %n is "DOMAIN\user". (I use %Lu or %Ln to make it all lower-case.) With this, I am able to authenticate users off of multiple domains, have the mail delivered to a folder that is also accessible to the user when they log in. It serves its purpose. Here's my problem. I am trying to now integrate Pigeonhole and ManageSieve using Dovecot-LDA specified by "virtual_transport", and this is where things get confusing. Dovecot IMAP/POP/SMTP auth notes the user account to be "DOMAIN\user", while Dovecot-LDA receives the email to user at domain.com, noting the user account to be "user at domain.corp". The same arguments for userdb in "auth-system.conf.ext" are used by both Dovecot when user is logging in for IMAP/POP/SMTP and Dovecot-LDA when it is storing the mail. Because of the way pam_winbind returns the usernames without being able to use %d anymore, I cannot seem to get the same behavior for both sides of Dovecot. For example, if I set home and maildir to "/home/vmail/%Ln", Dovecot-LDA delivers emails into the folder "/home/vmail/user at domain.corp" and Dovecot IMAP/POP looks in "/home/vmail/domain\user". If I set the home/maildir to "/home/vmail/%Ld/%Lu", Dovecot-LDA delivers emails into the folder "/home/vmail/domain.corp/user" and Dovecot IMAP/POP looks in "/home/vmail/\/domain\user". So, I seem to be thoroughly unable to get something here that works ? The closest I can get is setting home/maildir to "/home/vmail/%Ld\%Lu", but that now gives the LDA side "/home/vmail/domain.corp\user" and the IMAP/POP/SMTP side "/home/vmail/\\domain\user". If I am able to get pam_winbind to return "user at domain.corp" instead of "DOMAIN\user", I'd be fine. Or, if I could set the home and maildir locations separately for Dovecot-LDA and Dovecot, I would also be okay. Any suggestions? I know this is probably a Winbind limitation, but I do not know a thing about working with PAM authentication. I tried to compile and install a pam_regex module (which seems to not be offered as a native package in Ubuntu), but it gives errors after adding that to my PAM configuration. I'm stumped. Please let me know if I can include my configuration for either Postfix or Dovecot. Thank you so much for any help. ~ Laz Peterson From laz at paravis.net Wed Oct 2 19:47:08 2013 From: laz at paravis.net (Laz Peterson) Date: Wed, 2 Oct 2013 09:47:08 -0700 Subject: [Dovecot] Username issue with Dovecot LDA, IMAP and Winbind Authentication In-Reply-To: <1C15EDC5-3A92-4981-856D-F89652D55A6D@paravis.net> References: <1C15EDC5-3A92-4981-856D-F89652D55A6D@paravis.net> Message-ID: I forgot to add ? (Doh) ? My Dovecot version is 2.1.7. Thanks. ~ Laz Peterson Paravis Business Networks Ph: 909.660.5100 On Oct 2, 2013, at 9:20 AM, Laz Peterson wrote: > Hi there Dovecot community -- > > I'll try to make this short. Here's the setup ? Ubuntu 12.04, Postfix, Dovecot, along with Amavis/Clamd/Spamassassin. Postfix is currently receiving emails for virtual users in multiple domains, all of which are authenticating through Winbind to Windows AD servers. The users log in to the POP/IMAP/SMTP services using the format user at domain.corp (the internal domain, not the external mail domain). The domains are all in the same forest, but there are many different domains to authenticate against. > > Dovecot is currently handling POP, IMAP, and authentication. Postfix uses a MySQL database to map the external email domain to the internal AD domain, for example domain.com -> domain.corp. Postfix also queries the same SQL database for where to save the messages -- /home/vmail/domain\user -- I have the SQL query strip off the ".corp". I had to do this because pam_winbind returns the usernames as "DOMAIN\user" upon successful Dovecot authentication, instead of "user at domain.corp", which ends up invalidating all of the %u, %n, and %d variables. On the user side, after successful auth, I can only define %u and %n in my Dovecot configuration -- %d is null, %u is "DOMAIN\user", and %n is "DOMAIN\user". (I use %Lu or %Ln to make it all lower-case.) > > With this, I am able to authenticate users off of multiple domains, have the mail delivered to a folder that is also accessible to the user when they log in. It serves its purpose. > > Here's my problem. I am trying to now integrate Pigeonhole and ManageSieve using Dovecot-LDA specified by "virtual_transport", and this is where things get confusing. Dovecot IMAP/POP/SMTP auth notes the user account to be "DOMAIN\user", while Dovecot-LDA receives the email to user at domain.com, noting the user account to be "user at domain.corp". The same arguments for userdb in "auth-system.conf.ext" are used by both Dovecot when user is logging in for IMAP/POP/SMTP and Dovecot-LDA when it is storing the mail. Because of the way pam_winbind returns the usernames without being able to use %d anymore, I cannot seem to get the same behavior for both sides of Dovecot. > > For example, if I set home and maildir to "/home/vmail/%Ln", Dovecot-LDA delivers emails into the folder "/home/vmail/user at domain.corp" and Dovecot IMAP/POP looks in "/home/vmail/domain\user". If I set the home/maildir to "/home/vmail/%Ld/%Lu", Dovecot-LDA delivers emails into the folder "/home/vmail/domain.corp/user" and Dovecot IMAP/POP looks in "/home/vmail/\/domain\user". So, I seem to be thoroughly unable to get something here that works ? The closest I can get is setting home/maildir to "/home/vmail/%Ld\%Lu", but that now gives the LDA side "/home/vmail/domain.corp\user" and the IMAP/POP/SMTP side "/home/vmail/\\domain\user". > > If I am able to get pam_winbind to return "user at domain.corp" instead of "DOMAIN\user", I'd be fine. Or, if I could set the home and maildir locations separately for Dovecot-LDA and Dovecot, I would also be okay. > > Any suggestions? I know this is probably a Winbind limitation, but I do not know a thing about working with PAM authentication. I tried to compile and install a pam_regex module (which seems to not be offered as a native package in Ubuntu), but it gives errors after adding that to my PAM configuration. I'm stumped. > > Please let me know if I can include my configuration for either Postfix or Dovecot. > > Thank you so much for any help. > > ~ Laz Peterson From CMarcus at Media-Brokers.com Wed Oct 2 20:51:24 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Wed, 02 Oct 2013 13:51:24 -0400 Subject: [Dovecot] Fixing Timestamps In-Reply-To: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> References: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> Message-ID: <524C5D1C.5040301@Media-Brokers.com> On 2013-10-01 7:42 PM, LuKreme wrote: > I have a user with a lot of email (A LOT of email, probably over 500,000 emails). Recently, several thousand messages of his were lost, and I pulled them out of the backup archives (zip files containing each days emails in an mbox) that are created on his account and fed them into his procmail scripts and they were all processed just fine and ended up in the right directories. > > Except. > > The messages were from 6 months back, and the messages now show up in his mail client with the time stamp of the date they were restored, and not the date that shows up in the headers of the message. > > Anything I can do? Fix your restore script/methodology, then restore them again... -- Best regards, */Charles/* From kremels at kreme.com Wed Oct 2 21:43:59 2013 From: kremels at kreme.com (LuKreme) Date: Wed, 2 Oct 2013 12:43:59 -0600 Subject: [Dovecot] Fixing Timestamps In-Reply-To: <524C5D1C.5040301@Media-Brokers.com> References: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> <524C5D1C.5040301@Media-Brokers.com> Message-ID: <63032125-10FA-4C3C-9C8B-87EF85FE963F@kreme.com> On 02 Oct 2013, at 11:51 , Charles Marcus wrote: > On 2013-10-01 7:42 PM, LuKreme wrote: >> I have a user with a lot of email (A LOT of email, probably over 500,000 emails). Recently, several thousand messages of his were lost, and I pulled them out of the backup archives (zip files containing each days emails in an mbox) that are created on his account and fed them into his procmail scripts and they were all processed just fine and ended up in the right directories. >> >> Except. >> >> The messages were from 6 months back, and the messages now show up in his mail client with the time stamp of the date they were restored, and not the date that shows up in the headers of the message. >> >> Anything I can do? > > Fix your restore script/methodology, then restore them again? That would just move the grep/convert/rename into the restore process. Maildir saves the file with the epoch timestamp of the time the file is saved. -- The cat turned and tried to find a place of safety in the suit's breastplate. He was beginning to doubt he'd make it through the knight. From rplatel at tucows.com Wed Oct 2 22:28:36 2013 From: rplatel at tucows.com (Richard Platel) Date: Wed, 2 Oct 2013 15:28:36 -0400 Subject: [Dovecot] fts-solr indexer-worker connects to wrong solr host dovecot-2.2.4 In-Reply-To: <7064632D-270E-4EA4-B62F-12A5151AC381@tucows.com> References: <7064632D-270E-4EA4-B62F-12A5151AC381@tucows.com> Message-ID: I've confirmed that this problem still exists in 2.2.5 It seems that indexer-worker only init's plugins at startup, so the fts_solr plugin is holding the url= parameter from the first user. The problem doesn't happen if the indexer-worker process is idle-killed between users. A new process starts up with the new user's userdb settings. I thought I could work around this problem by adjusting indexer-worker's settings: service indexer-worker { service_count = 1 idle_kill = 1 } but these changes don't seem to have any effect, the indexer-worker process still hangs around idling after indexing a user, and isn't idle-killed for upwards of a minute. Any help? On 2013-09-27, at 11:46 AM, Richard Platel wrote: > Hello. > We're setting up fts solr and want to have the solr server host be set per-user via UserDB. > > It looks like if a user connects and fts indexes mail, and then another user connects and indexes mail, indexer-worker is connecting to the first user's fts host: > > User1, hammer at rp-auth-test.com connects, does a SEARCH for the first time, indexer-worker gets UserDB settings and correctly indexes mail on ftsvs01: > > [...] > auth-worker(2195): Debug: dict(hammer at rp-auth-test.com): lookup shared/userdb/hammer at rp-auth-test.com > auth-worker(2195): Debug: dict(hammer at rp-auth-test.com): result: {"uid":"8","fts":"solr","quota_rule4":"Spam:ignore","_session":"talk15_590ec6d100042","quota_rule3":"Trash:ignore","quota_rule2":"*:messages=2684354","quota_rule":"*:storage=5242880k","mail":"maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/","fts_solr":"debug url=http://ftsvs01:8080/solr/","gid":"8"} > auth: Debug: userdb out: USER 1 hammer at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=talk15_590ec6d100042 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ fts_solr=debug url=http://ftsvs01:8080/solr/ gid=8 > indexer-worker: Debug: auth input: hammer at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=talk15_590ec6d100042 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ fts_solr=debug url=http://ftsvs01:8080/solr/ gid=8 > indexer-worker: Debug: Added userdb setting: plugin/_session=talk15_590ec6d100042 > indexer-worker: Debug: Added userdb setting: plugin/fts=solr > indexer-worker: Debug: Added userdb setting: plugin/fts_solr=debug url=http://ftsvs01:8080/solr/ > indexer-worker: Debug: Added userdb setting: mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/ha > mmer at rp-auth-test.com/ > indexer-worker: Debug: Added userdb setting: plugin/quota_rule=*:storage=5242880k > indexer-worker: Debug: Added userdb setting: plugin/quota_rule2=*:messages=2684354 > indexer-worker: Debug: Added userdb setting: plugin/quota_rule3=Trash:ignore > indexer-worker: Debug: Added userdb setting: plugin/quota_rule4=Spam:ignore > indexer-worker(hammer at rp-auth-test.com): Debug: Effective uid=8, gid=8, home= > indexer-worker(hammer at rp-auth-test.com): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions > =yes location=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ > indexer-worker(hammer at rp-auth-test.com): Debug: maildir++: root=/mail/mailstore01/215/573/hammer at rp-auth-test.com, index=/mail/index01/215/ > 573/hammer at rp-auth-test.com, indexpvt=, control=, inbox=/mail/mailstore01/215/573/hammer at rp-auth-test.com, alt= > indexer-worker(hammer at rp-auth-test.com): Debug: Ignoring unknown cache field: pop3.order > indexer-worker(hammer at rp-auth-test.com): Debug: Ignoring unknown cache field: binary.parts > indexer-worker(hammer at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294685 vs 1380294612 > ): /mail/index01/215/573/hammer at rp-auth-test.com/.INBOX/dovecot.index.log > indexer-worker(hammer at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Submitted > [...] > > > User1 index finishes and imap searches against ftsvs01 > [...] > imap(hammer at rp-auth-test.com): Debug: http-client: request [GET http://ftsvs01:8080/solr/select?fl=uid,score&rows=2&sort=uid+asc&q=(hdr:%22moo%22+OR+body:%22moo%22)&fq=%2Bbox:42faee1f735b1e52b3210000386e9ade+%2Buser:%22hammer at rp-auth-test.com%22]: Submitted > [...] > > > User2 grant at rp-auth-test.com connects and does a SEARCH, index worker gets gets UserDB settings, including fts host ftsvs02, but connects to ftsvs01 (also note index-worker initially shows wrong user in loglines) > [...] > auth-worker(2195): Debug: dict(grant at rp-auth-test.com): lookup shared/userdb/grant at rp-auth-test.com > auth-worker(2195): Debug: dict(grant at rp-auth-test.com): result: {"uid":"8","fts":"solr","quota_rule4":"Spam:ignore","_session":"cow80_609fed7600001","quota_rule3":"Trash:ignore","quota_rule2":"*:messages=2684354","quota_rule":"*:storage=5242880k","mail":"maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/","fts_solr":"debug url=http://ftsvs02:8080/solr/","gid":"8"} > auth: Debug: userdb out: USER 2 grant at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=cow80_609fed7600001 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ fts_solr=debug url=http://ftsvs02:8080/solr/ gid=8 > indexer-worker(hammer at rp-auth-test.com): Debug: auth input: grant at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=cow80_609fed7600001 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ fts_solr=debug url=http://ftsvs02:8080/solr/ gid=8 > indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/_session=cow80_609fed7600001 > indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/fts=solr > indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/fts_solr=debug url=http://ftsvs02:8080/solr/ > indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ > indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule=*:storage=5242880k > indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule2=*:messages=2684354 > indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule3=Trash:ignore > indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule4=Spam:ignore > indexer-worker(grant at rp-auth-test.com): Debug: Effective uid=8, gid=8, home= > indexer-worker(grant at rp-auth-test.com): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ > indexer-worker(grant at rp-auth-test.com): Debug: maildir++: root=/mail/mailstore01/812/023/grant at rp-auth-test.com, index=/mail/index01/812/023/grant at rp-auth-test.com, indexpvt=, control=, inbox=/mail/mailstore01/812/023/grant at rp-auth-test.com, alt= > indexer-worker(grant at rp-auth-test.com): Debug: Ignoring unknown cache field: pop3.order > indexer-worker(grant at rp-auth-test.com): Debug: Ignoring unknown cache field: binary.parts > indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.cache > indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.log > indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.cache > indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Submitted > [...] > > indexer-worker indexes User2's mail on wrong fts host: > [...] > indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Sent header > indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload > indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload > indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload > indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload > indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload > indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload > [...] > > indexer-worker finishes and imap searches against correct fts host ftsvs02 > [...] > imap(grant at rp-auth-test.com): Debug: http-client: request [GET http://ftsvs02:8080/solr/select?fl=uid,score&rows=194&sort=uid+asc&q=(hdr:%22Fasdf%22+OR+body:%22Fasdf%22)&fq=%2Bbox:62d61f003b5a1e52af130000386e9ade+%2Buser:%22grant at rp-auth-test.com%22]: Submitted > [...] > > > > From hugh at davenport.net.nz Thu Oct 3 09:43:16 2013 From: hugh at davenport.net.nz (Hugh Davenport) Date: Thu, 03 Oct 2013 19:43:16 +1300 Subject: [Dovecot] =?utf-8?q?Can_sieve_filter_mail_based_on_emails_earlier?= =?utf-8?q?_in_the_thread=3F?= Message-ID: <4e36fa11e423d47e8377507205e42052@davenport.net.nz> Basically I want the following scenario: Subscribe to lots of mailing lists - each filtered into separate folders When I participate in a thread (by starting it, replying to it, or ... setting a flag on an email in the thread) - filter into the particular mailing list folder - AND filter into INBOX (or another folder of my choosing) I'm thinking for this, the first two can have rules that take into account In-Reference-To and using my domain. But the third case of using a flag... that seems to require referencing earlier emails in the thread. Is this possible in sieve? Or am I barking up the wrong tree? I believe gmail can do it, but who knows what they use for their filtering... Thanks for any help anyone provides! Cheers, Hugh From vlamsdoem at gmail.com Thu Oct 3 11:23:27 2013 From: vlamsdoem at gmail.com (Vincent Zakofski) Date: Thu, 3 Oct 2013 10:23:27 +0200 Subject: [Dovecot] understanding user_attrs and mail_uid/gid Message-ID: Hello, I'm trying to understand what's the difference between those parameters. In my dovecot.conf in the global section I have a definition of mail_uid and mail_gid. In my LDAP configuration used by passdb and userdb, I have a definition for user_attrs= uidNumber=500,gidNumber=8. Here is a part of my configuration files (dovecot version: 2.1.7) dovecot.conf mail_gid = 8 mail_uid = 500 passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } dovecot-ldap.conf user_filter = (&(objectClass=posixAccount)(mailLocalAddress=%n)) user_attrs = uidNumber=500,gidNumber=8 So everything works fine when all those parameters are present in my configuration files. If I suppress one of them nothing is working (mail reading or delivering). Can someone tell me where I can find a definition of those arguments, if found nothing relevant on the wiki. Thanks, From laz at paravis.net Thu Oct 3 17:52:38 2013 From: laz at paravis.net (Laz Peterson) Date: Thu, 3 Oct 2013 07:52:38 -0700 Subject: [Dovecot] Username issue with Dovecot LDA, IMAP and Winbind Authentication In-Reply-To: <1C15EDC5-3A92-4981-856D-F89652D55A6D@paravis.net> References: <1C15EDC5-3A92-4981-856D-F89652D55A6D@paravis.net> Message-ID: <3933DC2A-1C53-4E1B-9FEF-6EC0B3E3B2E0@paravis.net> An update on the status of my situation -- I switched from pam_winbind to pam_krb5. Now, my user accounts are being returned as "user at DOMAIN.CORP" instead of "DOMAIN\user". Dovecot-LDA is running flawlessly alongside Dovecot-IMAP. All systems go. Case closed. Thanks. On Oct 2, 2013, at 9:20 AM, Laz Peterson wrote: > Hi there Dovecot community -- > > I'll try to make this short. Here's the setup ? Ubuntu 12.04, Postfix, Dovecot, along with Amavis/Clamd/Spamassassin. Postfix is currently receiving emails for virtual users in multiple domains, all of which are authenticating through Winbind to Windows AD servers. The users log in to the POP/IMAP/SMTP services using the format user at domain.corp (the internal domain, not the external mail domain). The domains are all in the same forest, but there are many different domains to authenticate against. > > Dovecot is currently handling POP, IMAP, and authentication. Postfix uses a MySQL database to map the external email domain to the internal AD domain, for example domain.com -> domain.corp. Postfix also queries the same SQL database for where to save the messages -- /home/vmail/domain\user -- I have the SQL query strip off the ".corp". I had to do this because pam_winbind returns the usernames as "DOMAIN\user" upon successful Dovecot authentication, instead of "user at domain.corp", which ends up invalidating all of the %u, %n, and %d variables. On the user side, after successful auth, I can only define %u and %n in my Dovecot configuration -- %d is null, %u is "DOMAIN\user", and %n is "DOMAIN\user". (I use %Lu or %Ln to make it all lower-case.) > > With this, I am able to authenticate users off of multiple domains, have the mail delivered to a folder that is also accessible to the user when they log in. It serves its purpose. > > Here's my problem. I am trying to now integrate Pigeonhole and ManageSieve using Dovecot-LDA specified by "virtual_transport", and this is where things get confusing. Dovecot IMAP/POP/SMTP auth notes the user account to be "DOMAIN\user", while Dovecot-LDA receives the email to user at domain.com, noting the user account to be "user at domain.corp". The same arguments for userdb in "auth-system.conf.ext" are used by both Dovecot when user is logging in for IMAP/POP/SMTP and Dovecot-LDA when it is storing the mail. Because of the way pam_winbind returns the usernames without being able to use %d anymore, I cannot seem to get the same behavior for both sides of Dovecot. > > For example, if I set home and maildir to "/home/vmail/%Ln", Dovecot-LDA delivers emails into the folder "/home/vmail/user at domain.corp" and Dovecot IMAP/POP looks in "/home/vmail/domain\user". If I set the home/maildir to "/home/vmail/%Ld/%Lu", Dovecot-LDA delivers emails into the folder "/home/vmail/domain.corp/user" and Dovecot IMAP/POP looks in "/home/vmail/\/domain\user". So, I seem to be thoroughly unable to get something here that works ? The closest I can get is setting home/maildir to "/home/vmail/%Ld\%Lu", but that now gives the LDA side "/home/vmail/domain.corp\user" and the IMAP/POP/SMTP side "/home/vmail/\\domain\user". > > If I am able to get pam_winbind to return "user at domain.corp" instead of "DOMAIN\user", I'd be fine. Or, if I could set the home and maildir locations separately for Dovecot-LDA and Dovecot, I would also be okay. > > Any suggestions? I know this is probably a Winbind limitation, but I do not know a thing about working with PAM authentication. I tried to compile and install a pam_regex module (which seems to not be offered as a native package in Ubuntu), but it gives errors after adding that to my PAM configuration. I'm stumped. > > Please let me know if I can include my configuration for either Postfix or Dovecot. > > Thank you so much for any help. > > ~ Laz Peterson From rplatel at tucows.com Thu Oct 3 19:27:56 2013 From: rplatel at tucows.com (Richard Platel) Date: Thu, 3 Oct 2013 12:27:56 -0400 Subject: [Dovecot] fts-solr indexer-worker connects to wrong solr host dovecot-2.2.4 In-Reply-To: References: <7064632D-270E-4EA4-B62F-12A5151AC381@tucows.com> Message-ID: Did some more digging. The problem is that the fts-solr plugin has a global solr_conn pointer, that persists between users. I think this patch fixes the problem: --- a/dovecot/fts_solr_plugin/fts-solr-plugin.c +++ b/dovecot/fts_solr_plugin/fts-solr-plugin.c @@ -50,6 +50,13 @@ static void fts_solr_mail_user_create(struct mail_user *user, const char *env) { struct fts_solr_user *fuser; + /** solr URL may be different per-user **/ + if (solr_conn != NULL) { + solr_connection_deinit(solr_conn); + solr_conn = NULL; + } + /**/ + fuser = p_new(user->pool, struct fts_solr_user, 1); if (fts_solr_plugin_init_settings(user, &fuser->set, env) < 0) { /* invalid settings, disabling */ On 2013-10-02, at 3:28 PM, Richard Platel wrote: > I've confirmed that this problem still exists in 2.2.5 > > It seems that indexer-worker only init's plugins at startup, so the fts_solr plugin is holding the url= parameter from the first user. > > The problem doesn't happen if the indexer-worker process is idle-killed between users. A new process starts up with the new user's userdb settings. > > I thought I could work around this problem by adjusting indexer-worker's settings: > > service indexer-worker { > service_count = 1 > idle_kill = 1 > } > > but these changes don't seem to have any effect, the indexer-worker process still hangs around idling after indexing a user, and isn't idle-killed for upwards of a minute. > > Any help? > > > On 2013-09-27, at 11:46 AM, Richard Platel wrote: > >> Hello. >> We're setting up fts solr and want to have the solr server host be set per-user via UserDB. >> >> It looks like if a user connects and fts indexes mail, and then another user connects and indexes mail, indexer-worker is connecting to the first user's fts host: >> >> User1, hammer at rp-auth-test.com connects, does a SEARCH for the first time, indexer-worker gets UserDB settings and correctly indexes mail on ftsvs01: >> >> [...] >> auth-worker(2195): Debug: dict(hammer at rp-auth-test.com): lookup shared/userdb/hammer at rp-auth-test.com >> auth-worker(2195): Debug: dict(hammer at rp-auth-test.com): result: {"uid":"8","fts":"solr","quota_rule4":"Spam:ignore","_session":"talk15_590ec6d100042","quota_rule3":"Trash:ignore","quota_rule2":"*:messages=2684354","quota_rule":"*:storage=5242880k","mail":"maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/","fts_solr":"debug url=http://ftsvs01:8080/solr/","gid":"8"} >> auth: Debug: userdb out: USER 1 hammer at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=talk15_590ec6d100042 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ fts_solr=debug url=http://ftsvs01:8080/solr/ gid=8 >> indexer-worker: Debug: auth input: hammer at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=talk15_590ec6d100042 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ fts_solr=debug url=http://ftsvs01:8080/solr/ gid=8 >> indexer-worker: Debug: Added userdb setting: plugin/_session=talk15_590ec6d100042 >> indexer-worker: Debug: Added userdb setting: plugin/fts=solr >> indexer-worker: Debug: Added userdb setting: plugin/fts_solr=debug url=http://ftsvs01:8080/solr/ >> indexer-worker: Debug: Added userdb setting: mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/ha >> mmer at rp-auth-test.com/ >> indexer-worker: Debug: Added userdb setting: plugin/quota_rule=*:storage=5242880k >> indexer-worker: Debug: Added userdb setting: plugin/quota_rule2=*:messages=2684354 >> indexer-worker: Debug: Added userdb setting: plugin/quota_rule3=Trash:ignore >> indexer-worker: Debug: Added userdb setting: plugin/quota_rule4=Spam:ignore >> indexer-worker(hammer at rp-auth-test.com): Debug: Effective uid=8, gid=8, home= >> indexer-worker(hammer at rp-auth-test.com): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions >> =yes location=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ >> indexer-worker(hammer at rp-auth-test.com): Debug: maildir++: root=/mail/mailstore01/215/573/hammer at rp-auth-test.com, index=/mail/index01/215/ >> 573/hammer at rp-auth-test.com, indexpvt=, control=, inbox=/mail/mailstore01/215/573/hammer at rp-auth-test.com, alt= >> indexer-worker(hammer at rp-auth-test.com): Debug: Ignoring unknown cache field: pop3.order >> indexer-worker(hammer at rp-auth-test.com): Debug: Ignoring unknown cache field: binary.parts >> indexer-worker(hammer at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294685 vs 1380294612 >> ): /mail/index01/215/573/hammer at rp-auth-test.com/.INBOX/dovecot.index.log >> indexer-worker(hammer at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Submitted >> [...] >> >> >> User1 index finishes and imap searches against ftsvs01 >> [...] >> imap(hammer at rp-auth-test.com): Debug: http-client: request [GET http://ftsvs01:8080/solr/select?fl=uid,score&rows=2&sort=uid+asc&q=(hdr:%22moo%22+OR+body:%22moo%22)&fq=%2Bbox:42faee1f735b1e52b3210000386e9ade+%2Buser:%22hammer at rp-auth-test.com%22]: Submitted >> [...] >> >> >> User2 grant at rp-auth-test.com connects and does a SEARCH, index worker gets gets UserDB settings, including fts host ftsvs02, but connects to ftsvs01 (also note index-worker initially shows wrong user in loglines) >> [...] >> auth-worker(2195): Debug: dict(grant at rp-auth-test.com): lookup shared/userdb/grant at rp-auth-test.com >> auth-worker(2195): Debug: dict(grant at rp-auth-test.com): result: {"uid":"8","fts":"solr","quota_rule4":"Spam:ignore","_session":"cow80_609fed7600001","quota_rule3":"Trash:ignore","quota_rule2":"*:messages=2684354","quota_rule":"*:storage=5242880k","mail":"maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/","fts_solr":"debug url=http://ftsvs02:8080/solr/","gid":"8"} >> auth: Debug: userdb out: USER 2 grant at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=cow80_609fed7600001 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ fts_solr=debug url=http://ftsvs02:8080/solr/ gid=8 >> indexer-worker(hammer at rp-auth-test.com): Debug: auth input: grant at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=cow80_609fed7600001 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ fts_solr=debug url=http://ftsvs02:8080/solr/ gid=8 >> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/_session=cow80_609fed7600001 >> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/fts=solr >> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/fts_solr=debug url=http://ftsvs02:8080/solr/ >> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ >> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule=*:storage=5242880k >> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule2=*:messages=2684354 >> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule3=Trash:ignore >> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule4=Spam:ignore >> indexer-worker(grant at rp-auth-test.com): Debug: Effective uid=8, gid=8, home= >> indexer-worker(grant at rp-auth-test.com): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ >> indexer-worker(grant at rp-auth-test.com): Debug: maildir++: root=/mail/mailstore01/812/023/grant at rp-auth-test.com, index=/mail/index01/812/023/grant at rp-auth-test.com, indexpvt=, control=, inbox=/mail/mailstore01/812/023/grant at rp-auth-test.com, alt= >> indexer-worker(grant at rp-auth-test.com): Debug: Ignoring unknown cache field: pop3.order >> indexer-worker(grant at rp-auth-test.com): Debug: Ignoring unknown cache field: binary.parts >> indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.cache >> indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.log >> indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.cache >> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Submitted >> [...] >> >> indexer-worker indexes User2's mail on wrong fts host: >> [...] >> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Sent header >> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >> [...] >> >> indexer-worker finishes and imap searches against correct fts host ftsvs02 >> [...] >> imap(grant at rp-auth-test.com): Debug: http-client: request [GET http://ftsvs02:8080/solr/select?fl=uid,score&rows=194&sort=uid+asc&q=(hdr:%22Fasdf%22+OR+body:%22Fasdf%22)&fq=%2Bbox:62d61f003b5a1e52af130000386e9ade+%2Buser:%22grant at rp-auth-test.com%22]: Submitted >> [...] >> >> >> >> > From alex.wanderley at edmonton.ca Thu Oct 3 22:08:43 2013 From: alex.wanderley at edmonton.ca (Alex Wanderley) Date: Thu, 3 Oct 2013 13:08:43 -0600 Subject: [Dovecot] Proxy to gmail help Message-ID: Hello, I understand the matter of using Dovecot as a forward proxy to Gmail is very popular (and even trivial), but my lack of Dovecot experience took me to at point where I truly need your help... I'm starting my task by trying to have something simple, where I can test connectivity to Gmail by sending a telnet to our Dovecot server. The Dovecot server accepts the telnet request, but for some reason (and here I guess is something related to SSL/TLS), I can't get to Gmail. Here my configuration and logs/outputs: ==> OS: * I'm using an old Centos 5.8 server as a proof of concept. ############################################################# ==> Dovecot configuration: # 2.2.5: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-308.8.2.el5xen x86_64 CentOS release 5.8 (Final) auth_cache_negative_ttl = 10 mins auth_cache_size = 1 k auth_cache_ttl = 10 mins auth_debug = yes auth_debug_passwords = yes auth_mechanisms = cram-md5 digest-md5 apop login plain auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no listen = XXX.XXX.XXX.XXX login_greeting = Dovecot Ready login_log_format_elements = %u %r %m %c mail_debug = yes mail_max_userip_connections = 100 passdb { args = /etc/dovecot/sql.conf driver = sql } protocols = pop3 service pop3-login { client_limit = 200 inet_listener pop3 { address = dovecotserver. port = 110 } process_limit = 1 process_min_avail = 1 service_count = 0 vsz_limit = 256 M } shutdown_clients = no ssl_ca = /etc/pki/dovecot/certs/dovecot.pem ssl_cert = sql.conf file driver = mysql connect = host=/var/lib/mysql/mysql.sock dbname=mysql user=root password=xxxxxx password_query = SELECT NULL AS password, host, destuser, proxy, 'Y' AS starttls, '995' AS port, 'Y' AS nopassword FROM DovecotProxy WHERE user = '%u' ############################################################# ==> DovecotProxy table mysql> select * from DovecotProxy where user = 'MYUSER'; +-------------+---------------+-----------------------+------------------------------------------------+-------+ | user | host | destuser | password | proxy | +-------------+---------------+-----------------------+------------------------------------------------+-------+ | MYUSER | pop.gmail.com | MYUSER at gmail.com | {MD5-CRYPT}$1$L824LVh4$r.hyZ icsE5tmGaeJrY/dw/ | Y | +-------------+---------------+-----------------------+------------------------------------------------+-------+ ##>> I understand "proxy" and "password" are not required there. That happened for testing. ############################################################# ==> Telnet session: xxxxxx [/tmp] > telnet dovecotserver 110 Trying XXX.XXX.XXX.XXX... Connected to dovecotserver. Escape character is '^]'. +OK Dovecot Ready <6111.1.524dad13.VYOVkhqfe1Ox7Wz+VfogMg==@dovecotserver> user MYUSER +OK pass PASSWD -ERR Account is temporarily unavailable. quit +OK Logging out Connection to dovecotserver closed by foreign host. ############################################################# ==> Logged messages in /var/log/mailllog: Oct 3 12:23:02 dovecotserver dovecot: master: Warning: Killed with signal 15 (by pid=26790 uid=0 code=kill) Oct 3 12:23:53 dovecotserver dovecot: master: Dovecot v2.2.5 starting up (core dumps disabled) Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Read auth token secret from /var/run/dovecot//auth-token-secret.dat Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: auth client connected (pid=26810) Oct 3 12:24:30 dovecotserver dovecot: auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=/IH8S9rnzACiat/X lip=162.106.XXX.YYY rip=162.106.XXX.ZZZ lport=110 rport=37836 resp=AHNtYXJ0YnVzZWRtAHMwbWV0aGluZw== (previous base64 data may contain sensitive data) Oct 3 12:24:30 dovecotserver dovecot: auth: Debug: cache(MYUSER,162.106.223.215,): miss Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Loading modules from directory: /usr/lib64/dovecot/auth Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: sql(MYUSER,162.106.XXX.ZZZ): query: SELECT NULL AS password, host, destuser, proxy, 'Y' AS starttls, '995' AS port, 'Y' AS nopassword FROM DovecotProxy WHERE user = 'MYUSER' Oct 3 12:24:30 dovecotserver dovecot: auth: Debug: client passdb out: OK 1 user=MYUSER host=pop.gmail.com destuser= MYUSER at gmail.com proxy starttls=Y port=995 nopassword=Y hostip=74.125.142.108 pass=XXXXXXXXX Oct 3 12:24:30 dovecotserver dovecot: pop3-login: Debug: Ignoring unknown passdb extra field: nopassword Oct 3 12:25:00 dovecotserver dovecot: pop3-login: Error: proxy(MYUSER): Login for pop.gmail.com:995 timed out in state=0 (after 30 secs, local=162.106.XXX.YYY:51196) Oct 3 12:25:12 dovecotserver dovecot: pop3-login: Aborted login (internal failure, 1 successful auths): MYUSER, 162.106.XXX.ZZZ, PLAIN ==> Something that caught my attention here: "....proxy starttls=Y..." shouldn't look like "...proxy=Y starttls=Y..." ??? I didn't see "...proxy=Y..." even after setting the sql query like "...'Y' as proxy...". ############################################################# If you had the patience to read this far, thanks a lot for trying to help... Alex From stan at hardwarefreak.com Thu Oct 3 23:25:07 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 03 Oct 2013 15:25:07 -0500 Subject: [Dovecot] Can sieve filter mail based on emails earlier in the thread? In-Reply-To: <4e36fa11e423d47e8377507205e42052@davenport.net.nz> References: <4e36fa11e423d47e8377507205e42052@davenport.net.nz> Message-ID: <524DD2A3.6060400@hardwarefreak.com> On 10/3/2013 1:43 AM, Hugh Davenport wrote: > Basically I want the following scenario: > > Subscribe to lots of mailing lists > - each filtered into separate folders > > When I participate in a thread (by starting it, replying to it, or ... > setting a flag on an email > in the thread) > - filter into the particular mailing list folder > - AND filter into INBOX (or another folder of my choosing) > > I'm thinking for this, the first two can have rules that take into > account In-Reference-To and > using my domain. But the third case of using a flag... that seems to > require referencing earlier > emails in the thread. > > Is this possible in sieve? Or am I barking up the wrong tree? So you simply want to make it easier to find your own posts on a busy list? Might I suggest you simply use flags instead of copying the msgs to another folder? See: Flagging or Highlighting your mail http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples -- Stan From nick.z.edwards at gmail.com Fri Oct 4 08:47:51 2013 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Fri, 4 Oct 2013 15:47:51 +1000 Subject: [Dovecot] fail2ban Message-ID: For dovecot 2.1 as per wiki2, is this still valid? noticed a problem before and saw it does seem to be triggering, I use: maxretry = 6 findtime = 600 bantime = 3600 and there was like, 2400 hits in 4 minutes, it is pointing to the correct log file, but I am no expert with fail2ban, so not sure if the log format of today is compatible with the wiki2 entry filter.d/dovecot.conf [Definition] failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.* ignoreregex = From bruce+kolab at bmts.us Thu Oct 3 21:30:43 2013 From: bruce+kolab at bmts.us (Bruce Marriner) Date: Thu, 03 Oct 2013 13:30:43 -0500 Subject: [Dovecot] How to configure statistics tracking In-Reply-To: <524B28E1.5050405@smail.inf.fh-brs.de> Message-ID: <907-524db800-1-55085f00@185240879> On Tuesday, October 1, 2013 02:56 PM CDT, Steffen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Bruce Marriner wrote: > > > > I was hoping someone could tell me which file these settings should > > be added to? Do they all just go into the same file or different > > files? I have a primary dovecot.conf file then inside conf.d/ > > there are dozens of files that hold the configuration settings for > > all the different parts of dovecot. > > > > Would I just add all of these settings into a conf.d/stats.conf > > file that would be pulled into the main configuration? > > best way IMHO, that way the settings are not overridden on update. > > > Does it matter what order the (10-stats.conf, 20-stats.conf, etc) > > the file is set for? > > latter settings override previous ones, but this is seldom used except > to override default options, I guess. > > - -- > Steffen Thanks Steffen. I added all the lines into a 90-stats.conf file and Dovecot complained about not being able to load a module with an error about the 1st line: mail_plugins = $mail_plugins stats So.. I opened up 10-mail.conf and added stats to the existing mail_plugins variable there. Now it's working. Not sure why it didn't work have everything in the same file though. If I can, I'll try to figure that out. I was hoping to find out which users were using up all my bandwidth :) But the stats doesn't seem to detail that in any way that I saw. The real problem I found out though was Outlook 2013 has a problem with IMAP and it transfers tons of data on each sync. From delrio at mie.utoronto.ca Fri Oct 4 15:29:21 2013 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Fri, 04 Oct 2013 08:29:21 -0400 Subject: [Dovecot] fail2ban In-Reply-To: References: Message-ID: <524EB4A1.4050301@mie.utoronto.ca> On 04/10/2013 1:47 AM, Nick Edwards wrote: > For dovecot 2.1 > > as per wiki2, is this still valid? noticed a problem before and saw > it does seem to be triggering, I use: > > maxretry = 6 > findtime = 600 > bantime = 3600 > > and there was like, 2400 hits in 4 minutes, it is pointing to the > correct log file, but I am no expert with fail2ban, so not sure if the > log format of today is compatible with the wiki2 entry > Test the filter with fail2ban-regex. fail2ban-regex --help From jgoerzen at opencsw.org Fri Oct 4 22:44:40 2013 From: jgoerzen at opencsw.org (Jake Goerzen) Date: Fri, 04 Oct 2013 12:44:40 -0700 Subject: [Dovecot] version 2.2.6 breaks compiling on Solaris 10 sparc In-Reply-To: <5249E48E.7050100@mie.utoronto.ca> References: <524614EA.9040900@opencsw.org> <5249A72B.2030705@opencsw.org> <5249E48E.7050100@mie.utoronto.ca> Message-ID: <524F1AA8.8000809@opencsw.org> On 09/30/13 13:52, Oscar del Rio wrote: > > On 09/30/13 12:30 PM, Jake Goerzen wrote: >> On 09/27/13 23:35, Timo Sirainen wrote: >>> On 28.9.2013, at 1.29, Jake Goerzen wrote: >>> >>>> I maintain the dovecot package at opencsw.org. The latest >>>> release of dovecot verison 2.2.6 has some changes to lib-http which >>>> is breaking compiling on Solaris 10 sparc (though x86 builds >>>> successfully). Here is part of the compiler output while building: >>>> >>>> >>>> libtool: compile: /opt/SUNWspro/bin/cc -DHAVE_CONFIG_H -I. -I../.. >>>> -I../../src/lib -I../../src/lib-test -I../../src/lib-dns >>>> -I../../src/lib-ssl-iostream -I/opt/csw/include/mysql >>>> -I/opt/csw/include/postgresql -I/opt/csw/include -xO3 -m32 >>>> -xarch=sparc -I/opt/csw/include -c http-header-parser.c -KPIC -DPIC >>>> -o .libs/http-header-parser.o >>>> "http-header-parser.c", line 264: warning: statement not reached >>>> "http-header-parser.c", line 281: warning: argument #3 is >>>> incompatible with prototype: >>>> prototype: pointer to unsigned int : >>>> "../../src/lib/istream.h", line 152 argument : pointer to >>>> unsigned long long >>> http://hg.dovecot.org/dovecot-2.2/rev/83e74b3a0d10 fixes this. >>> >>> >> >> >> I applied this patch and that fixes the compile error. However, I >> still get undefined symbols while linking: >> >> /bin/bash ../../libtool --tag=CC --mode=link >> /opt/SUNWspro/bin/cc -xO3 -m32 -xarch=sparc -I/opt/csw/include >> -no-undefined -m32 -xarch=sparc -L/opt/csw/lib -o test-http-url >> test-http-url.o http-url.lo ../lib-test/libtest.la ../lib/liblib.la >> -export-dynamic -lrt -lnsl -lsocket -lsendfile >> libtool: link: /opt/SUNWspro/bin/cc -xO3 -m32 -xarch=sparc >> -I/opt/csw/include -m32 -xarch=sparc -o test-http-url >> test-http-url.o .libs/http-url.o -L/opt/csw/lib >> ../lib-test/.libs/libtest.a ../lib/.libs/liblib.a -lrt -lnsl >> -lsocket -lsendfile >> Undefined first referenced >> symbol in file >> http_header_field_find .libs/http-url.o >> http_header_field_get .libs/http-url.o >> http_header_get_fields .libs/http-url.o >> ld: fatal: symbol referencing errors. No output written to >> test-http-url >> >> >> Could there be an earlier change to some header file that is causing >> undefined symbols? >> > > Just to test it, I tried on an old Solaris 10 sparc (gcc 3.4.3) and > what I get is: > > gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test > -I../../src/lib-dns -I../../src/lib-ssl-iostream -I/usr/local/include > -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations > -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast > -fno-builtin-strftime -I/usr/sfw/include -MT test-http-server.o -MD > -MP -MF .deps/test-http-server.Tpo -c -o test-http-server.o > test-http-server.c > test-http-server.c: In function `main': > test-http-server.c:128: error: size of array `type name' is negative > gmake[3]: *** [test-http-server.o] Error 1 > gmake[3]: Leaving directory `/tmp/dovecot/dovecot-2.2.6/src/lib-http' > In case anyone is curious, I was able to successfully built dovecot version 2.2.6 using GCC 4.8.0 on Solaris 10 sparc & x86. From gordon.grubert+lists at uni-greifswald.de Fri Oct 4 22:55:18 2013 From: gordon.grubert+lists at uni-greifswald.de (Gordon Grubert) Date: Fri, 04 Oct 2013 21:55:18 +0200 Subject: [Dovecot] fail2ban In-Reply-To: References: Message-ID: <524F1D26.50809@uni-greifswald.de> Hi, On 10/04/2013 07:47 AM, Nick Edwards wrote: > For dovecot 2.1 > > as per wiki2, is this still valid? noticed a problem before and saw > it does seem to be triggering, I use: > > maxretry = 6 > findtime = 600 > bantime = 3600 > > and there was like, 2400 hits in 4 minutes, it is pointing to the > correct log file, but I am no expert with fail2ban, so not sure if the > log format of today is compatible with the wiki2 entry > > > filter.d/dovecot.conf > [Definition] > failregex = (?: pop3-login|imap-login): (?:Authentication > failure|Aborted login \(auth failed|Aborted login \(tried to use > disabled|Disconnected \(auth failed).*rip=(?P\S*),.* > ignoreregex = > this is no problem of dovecot. Nevertheless, for analysis, you can use fail2ban-regex when applying your filter to your logfile. Best regards, Gordon -- Universit?tsrechenzentrum (URZ) E.-M.-Arndt-Universit?t Greifswald Felix-Hausdorff-Str. 12 17489 Greifswald Germany Tel. +49 3834 86 1456 Fax. +49 3834 86 1401 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4982 bytes Desc: S/MIME Cryptographic Signature URL: From raubvogel at gmail.com Fri Oct 4 23:48:41 2013 From: raubvogel at gmail.com (Mauricio Tavares) Date: Fri, 4 Oct 2013 16:48:41 -0400 Subject: [Dovecot] On mailboxes, separators, and dovecot2 Message-ID: While I was running dovecot 1.2.9, I had my mailboxes using the old Courier IMAP format. i.e. my mailboxes would look like INBOX.Orders.Scams Going to dovecot 2 (but not 2.1), I see to have a few questions: 1) It seems I would device my mailbox thingies in 10-mail.conf: namespace inbox { inbox = yes separator = . location = prefix = INBOX. type = private mailbox SPAM { auto=subscribe special_use = \Junk } mailbox Trash { auto=subscribe special_use = \Trash } mailbox Sent { auto=subscribe special_use = \Sent } } but how would I prepresent my INBOX.Orders.Scams folder? Something like mailbox Orders.Scams { auto=subscribe } perhaps? 2) Reading (am I literate?) through http://wiki2.dovecot.org/Namespaces, it seems having separator = . is not only outdated but also a bad idea (but, I had child mailboxes as shown above). Could anybody elaborate one that? And which clients still do LSUB *? From mathieu at 400iso.net Sat Oct 5 00:17:20 2013 From: mathieu at 400iso.net (Mathieu R.) Date: Fri, 04 Oct 2013 23:17:20 +0200 Subject: [Dovecot] Dovecot sending quota warning to MAILER-DAEMON Message-ID: <1380921440.9088.6.camel@kubrick> Hello, i'm testing quota now, and dovecot is not sending quota warning to the user, but to MAILER-DAEMON, wich obviously give me an error. here is my 90-quota.conf http://paste.debian.net/50580/ dovecot 2.1.7, on debian stable any idea ? -- Mathieu R. From skdovecot at smail.inf.fh-brs.de Sat Oct 5 00:33:07 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Fri, 04 Oct 2013 23:33:07 +0200 Subject: [Dovecot] Fixing Timestamps In-Reply-To: <63032125-10FA-4C3C-9C8B-87EF85FE963F@kreme.com> References: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> <524C5D1C.5040301@Media-Brokers.com> <63032125-10FA-4C3C-9C8B-87EF85FE963F@kreme.com> Message-ID: <524F3413.5020301@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 LuKreme wrote: > > On 02 Oct 2013, at 11:51 , Charles Marcus > wrote: > >> On 2013-10-01 7:42 PM, LuKreme wrote: >>> I have a user with a lot of email (A LOT of email, probably >>> over 500,000 emails). Recently, several thousand messages of >>> his were lost, and I pulled them out of the backup archives >>> (zip files containing each days emails in an mbox) that are >>> created on his account and fed them into his procmail scripts >>> and they were all processed just fine and ended up in the right >>> directories. >>> >>> Except. >>> >>> The messages were from 6 months back, and the messages now show >>> up in his mail client with the time stamp of the date they were >>> restored, and not the date that shows up in the headers of the >>> message. >>> >>> Anything I can do? >> >> Fix your restore script/methodology, then restore them again? > > That would just move the grep/convert/rename into the restore > process. > > Maildir saves the file with the epoch timestamp of the time the > file is saved. you re-submit the message into the message transfer process, hence the message is new and not the original "backup"ed message. If you would backup and restore the file from/to the Maildir without procmail a.s.o. you would have the original message. - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUk80E13r2wJMiz2NAQKEwQf+Lrps5g2y36ONPmkV4A44DdFB/1q5lF8/ tJReF/YfWyqM6SlFW07HsfJet1Sl8eEAd9EMVmjbbMk6kVZsSGBRTAYn03myHZbd m4dHznmw+X4dhGx5k/NInSlLLBV8RKCjR+SKXnKbHxw7EA1SFNs0r/6U06wR5MwV 20KKSyHpS2s3mNsCQzG0U56AEUj1oIwXJfk6LJBPPMOs1kbGFk7FD21BSrdf3xHc JZKBbUMZ2N57csa8i88rUSd/wtt5hw9QtDS9H7fyLiqPy3bfz6/MSEJv/vBVw7Gz PA0oUmOoAMh27IJg1KZNaN0FCyT8K/zafy4B2JZWOHc6f+jQYjmSEQ== =i8Gp -----END PGP SIGNATURE----- From mathieu at 400iso.net Sat Oct 5 00:48:40 2013 From: mathieu at 400iso.net (Mathieu R.) Date: Fri, 04 Oct 2013 23:48:40 +0200 Subject: [Dovecot] Dovecot sending quota warning to MAILER-DAEMON In-Reply-To: <1380921440.9088.6.camel@kubrick> References: <1380921440.9088.6.camel@kubrick> Message-ID: Sorry for noise... My warning script was wrong... "Mathieu R." a ?crit?: >Hello, > >i'm testing quota now, and dovecot is not sending quota warning to the >user, but to MAILER-DAEMON, wich obviously give me an error. > >here is my 90-quota.conf http://paste.debian.net/50580/ >dovecot 2.1.7, on debian stable > >any idea ? >-- >Mathieu R. -- Envoy? de mon t?l?phone Android avec K-9 Mail. Excusez la bri?vet?. From skdovecot at smail.inf.fh-brs.de Sat Oct 5 00:54:42 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Fri, 04 Oct 2013 23:54:42 +0200 Subject: [Dovecot] Fixing Timestamps In-Reply-To: References: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> Message-ID: <524F3922.8050806@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 LuKreme wrote: > >> On Oct 2, 2013, at 1:28, Steffen Kaiser >> wrote: >> >>> On Tue, 1 Oct 2013, LuKreme wrote: The messages were from 6 >>> months back, and the messages now show up in his mail client >>> with the time stamp of the date they were restored, and not the >>> date that shows up in the headers of the message. >>> >>> Anything I can do? >> >> You have to change the internal date. What storage do you use? > > Maildir. > >> With maildir: change the mtime of the message file to the desired >> date. > > Right, is there a simple way to do that? I hate to have to grep > every message for a date and then convert it to epoch and rename > the file, but it sounds like that's what's needed? I guess not :-) https://mikegriffin.ie/blog/20130226-change-the-timestamp-of-maildir-files/ I would change "grep '^Date:'" to "grep -i '^Date:'", because the header keywords are case-insensitive as far as I know. If you are fluet with perl, try http://search.cpan.org/~dskoll/MIME-tools-5.504/lib/MIME/Parser.pm http://search.cpan.org/~deian/Maildir-Lite-0.02/lib/Maildir/Lite.pm has an example to scan Maildir. - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUk85Il3r2wJMiz2NAQJtIQgAubc44bQZCTZUJ9xzQEnzlAM3NrLbXB84 uEUzXC+HyxL/mBEL2Kp2KmZv3PP23HGKmPBwTgICiv5HXYJj5wTB6LKSWBtOvmVF 7WbUXT7wpgx9BWYiV6JWawYE1qXJORu/4pYw5mK83m+qaLYomdW7pdQMrKHmsfPt eY59n2MJA+2SEULAmDajImGCP1ZeE3PeQyr3cL3EAoHzR9NS/06nqZ+21DfeoxaW UCbrgZQGn2HQPznZrCkAE0wQzfI9EC5BluREmhLSgyP0QgbEB2pR7jO4mKz3ZxQ2 r/21QBprhEL3FKtCe0k4aAidZ2c5hU3tXoqmVGgJQyxa+ycBkR6U4Q== =NbWz -----END PGP SIGNATURE----- From kremels at kreme.com Sat Oct 5 02:06:19 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 4 Oct 2013 17:06:19 -0600 Subject: [Dovecot] Fixing Timestamps In-Reply-To: <524F3413.5020301@smail.inf.fh-brs.de> References: <18CEB800-21F4-4012-B51E-0996FF8BA9D3@kreme.com> <524C5D1C.5040301@Media-Brokers.com> <63032125-10FA-4C3C-9C8B-87EF85FE963F@kreme.com> <524F3413.5020301@smail.inf.fh-brs.de> Message-ID: <6E1ABBC5-2595-4F97-B3B1-AACCF135FFBF@kreme.com> On 04 Oct 2013, at 15:33 , Steffen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > LuKreme wrote: >> >> On 02 Oct 2013, at 11:51 , Charles Marcus >> wrote: >> >>> On 2013-10-01 7:42 PM, LuKreme wrote: >>>> I have a user with a lot of email (A LOT of email, probably >>>> over 500,000 emails). Recently, several thousand messages of >>>> his were lost, and I pulled them out of the backup archives >>>> (zip files containing each days emails in an mbox) that are >>>> created on his account and fed them into his procmail scripts >>>> and they were all processed just fine and ended up in the right >>>> directories. >>>> >>>> Except. >>>> >>>> The messages were from 6 months back, and the messages now show >>>> up in his mail client with the time stamp of the date they were >>>> restored, and not the date that shows up in the headers of the >>>> message. >>>> >>>> Anything I can do? >>> >>> Fix your restore script/methodology, then restore them again? >> >> That would just move the grep/convert/rename into the restore >> process. >> >> Maildir saves the file with the epoch timestamp of the time the >> file is saved. > > you re-submit the message into the message transfer process, hence the > message is new and not the original "backup"ed message. If you would > backup and restore the file from/to the Maildir without procmail > a.s.o. you would have the original message. The backup messages are not in a maildir, they are stored in daily gzip files. -- I SAW NOTHING UNUSUAL IN THE TEACHER'S LOUNGE Bart chalkboard Ep. 8F17 From noel.butler at ausics.net Sat Oct 5 06:09:01 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sat, 05 Oct 2013 13:09:01 +1000 Subject: [Dovecot] fail2ban In-Reply-To: References: Message-ID: <1380942541.6117.23.camel@tardis> On Fri, 2013-10-04 at 15:47 +1000, Nick Edwards wrote: > For dovecot 2.1 > > as per wiki2, is this still valid? noticed a problem before and saw > it does seem to be triggering, I use: > looks out dated > filter.d/dovecot.conf That'll never work, you need to change > [Definition] > failregex = (?: pop3-login|imap-login): (?:Authentication to failregex = (?: pop3-login|imap-login): .*(?:Authentication ^^ BUT, then, with the rest of your regex, it will only partly match because its looking for ", something" like " ,TLS" at the end which wont appear on failed imap/pop3 logins that dont use TLS, etc, so any failed attempts using TLs, will be found, if they are not using it, they will be missed (most miscreants likely wont be using it anyway) I am NO python expert, in fact, I know less than less about python, so you'll best need to wait for someone who knows the answer, or ask on fail2ban list, on how you can change that to match both, by changing the last bit to \(auth failed).*rip=(?P\S*) in meantime, you could repeat your failregex, like failregex = (?: pop3-login|imap-login): .*(?:Authentication failure| Aborted login \(auth failed|Aborted login \(tried to use disabled| Disconnected \(auth failed).*rip=(?P\S*),.* (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*) I think thats horrible, messy, yukky, but it likely might work :) at least until you find a better answer, there are some fail2ban fanbois on this list, but as its the weekend, you may need to be patient. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From noel.butler at ausics.net Sat Oct 5 06:15:54 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sat, 05 Oct 2013 13:15:54 +1000 Subject: [Dovecot] fail2ban In-Reply-To: <524F1D26.50809@uni-greifswald.de> References: <524F1D26.50809@uni-greifswald.de> Message-ID: <1380942954.6117.26.camel@tardis> On Fri, 2013-10-04 at 21:55 +0200, Gordon Grubert wrote: > > > > this is no problem of dovecot. Nevertheless, for analysis, you can use > fail2ban-regex when applying your filter to your logfile. > Kind of right, but the dovevcot wiki apparently contains wrong information, so I think its fair enough it be brought up on this list as per my previous, when someone comes up with simpler working example than what I suggested, Timo can fix it -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From delrio at mie.utoronto.ca Sat Oct 5 16:55:41 2013 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Sat, 05 Oct 2013 09:55:41 -0400 Subject: [Dovecot] fail2ban In-Reply-To: References: Message-ID: <52501A5D.70901@mie.utoronto.ca> On 04/10/2013 1:47 AM, Nick Edwards wrote: > filter.d/dovecot.conf > [Definition] > failregex = (?: pop3-login|imap-login): (?:Authentication > failure|Aborted login \(auth failed|Aborted login \(tried to use > disabled|Disconnected \(auth failed).*rip=(?P\S*),.* > ignoreregex = The following is included with fail2ban 0.8.10 filters.d/dovecot.conf # Fail2Ban configuration file for dovcot # # Author: Martin Waschbuesch # # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*\s+rip=(?P\S*),.* pam.*dovecot.*(?:authentication failure).*\s+rhost=(?:\s+user=.*)?\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = From nick.z.edwards at gmail.com Sat Oct 5 18:31:51 2013 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Sun, 6 Oct 2013 01:31:51 +1000 Subject: [Dovecot] fail2ban In-Reply-To: <52501A5D.70901@mie.utoronto.ca> References: <52501A5D.70901@mie.utoronto.ca> Message-ID: Thanks I have already fixed this as with my reply to Noel, his suggestion works and, as with like your example which is same as Noels first, and as he correctly it seems mentions with my tests with fail2ban-regex, it only sees TLS, the deadbeats trying to brute force me, never seem to use that, so it requires what Noel suggested, a repeat without the end ,.* as well, and our OS not using pam, so wouldnt need that thanks anyway On 10/5/13, Oscar del Rio wrote: > On 04/10/2013 1:47 AM, Nick Edwards wrote: >> filter.d/dovecot.conf >> [Definition] >> failregex = (?: pop3-login|imap-login): (?:Authentication >> failure|Aborted login \(auth failed|Aborted login \(tried to use >> disabled|Disconnected \(auth failed).*rip=(?P\S*),.* >> ignoreregex = > > The following is included with fail2ban 0.8.10 > > filters.d/dovecot.conf > > # Fail2Ban configuration file for dovcot > # > # Author: Martin Waschbuesch > # > # > > [Definition] > > # Option: failregex > # Notes.: regex to match the password failures messages in the logfile. > The > # host must be matched by a group named "host". The tag > "" can > # be used for standard IP/hostname matching and is only an > alias for > # (?:::f{4,6}:)?(?P[\w\-.^_]+) > # Values: TEXT > # > failregex = .*(?:pop3-login|imap-login):.*(?:Authentication > failure|Aborted login \(auth failed|Aborted login \(tried to use > disabled|Disconnected \(auth failed).*\s+rip=(?P\S*),.* > pam.*dovecot.*(?:authentication > failure).*\s+rhost=(?:\s+user=.*)?\s*$ > > # Option: ignoreregex > # Notes.: regex to ignore. If this regex matches, the line is ignored. > # Values: TEXT > # > ignoreregex = > > From nick.z.edwards at gmail.com Sat Oct 5 18:32:50 2013 From: nick.z.edwards at gmail.com (Nick Edwards) Date: Sun, 6 Oct 2013 01:32:50 +1000 Subject: [Dovecot] fail2ban In-Reply-To: <1380942541.6117.23.camel@tardis> References: <1380942541.6117.23.camel@tardis> Message-ID: Bingo! Thanks, working now On 10/5/13, Noel Butler wrote: > On Fri, 2013-10-04 at 15:47 +1000, Nick Edwards wrote: >> For dovecot 2.1 >> >> as per wiki2, is this still valid? noticed a problem before and saw >> it does seem to be triggering, I use: >> > > looks out dated > >> filter.d/dovecot.conf > > That'll never work, you need to change > >> [Definition] >> failregex = (?: pop3-login|imap-login): (?:Authentication > to > > failregex = (?: pop3-login|imap-login): .*(?:Authentication > ^^ > > BUT, then, with the rest of your regex, it will only partly match > because its looking for ", something" like " ,TLS" at the end which > wont appear on failed imap/pop3 logins that dont use TLS, etc, so any > failed attempts using TLs, will be found, if they are not using it, they > will be missed (most miscreants likely wont be using it anyway) > > I am NO python expert, in fact, I know less than less about python, so > you'll best need to wait for someone who knows the answer, or ask on > fail2ban list, on how you can change that to match both, by changing > the last bit to > \(auth failed).*rip=(?P\S*) on ,TLS or nothing at all> > > in meantime, you could repeat your failregex, like > > failregex = (?: pop3-login|imap-login): .*(?:Authentication failure| > Aborted login \(auth failed|Aborted login \(tried to use disabled| > Disconnected \(auth failed).*rip=(?P\S*),.* > (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted > login \(auth failed|Aborted login \(tried to use disabled|Disconnected > \(auth failed).*rip=(?P\S*) > > > I think thats horrible, messy, yukky, but it likely might work :) at > least until you find a better answer, there are some fail2ban fanbois on > this list, but as its the weekend, you may need to be patient. > > From guenther at palousecom.com Sat Oct 5 20:16:07 2013 From: guenther at palousecom.com (Dean Guenther) Date: Sat, 5 Oct 2013 10:16:07 -0700 (PDT) Subject: [Dovecot] couple of errors on new setup Message-ID: <2022e30a47b60e1c9a9300e695831dab.squirrel@www.palousecom.com> I have stood up a new test mail server as an upgraded version of my existing mail server. I have been fairly consistently getting two types of error messages. I'm thinking they may be related permissions issues, but I can't figure out what their problem is. Oct 4 12:45:47 digory dovecot: imap(guenther): Error: file_dotlock_open() failed with file /home/guenther/mail/ForUs/.imap/Home/dovecot.index.log: Resource temporarily unavailable Oct 4 12:46:16 digory dovecot: imap(guenther): Error: file_dotlock_open(/home/guenther/mail/ForUs/PCS/.imap/PCS misc/dovecot.index.log) failed: Permission denied (euid=500(guenther) egid=500(guenther), access(/home/guenther/mail/ForUs/PCS/.imap/PCS misc/dovecot.index.log, 4) failed: No such file or directory) Here are my specifics: OS: CentOS 6.4 - 2.6.32-358.11.1.el6.x86_64 MailScanner: 4.84.6 Postfix: 2.6.6 DoveCot: 2.2.4 NFS v4 (both the mail spool and /home are NVS v4 mounts to file server) Here are the non-default settings: dovecot -n # 2.2.4: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.11.1.el6.x86_64 x86_64 CentOS release 6.4 (Fina auth_verbose = yes disable_plaintext_auth = no mail_access_groups = users,guenther mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u mail_privileged_group = mail mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = Since I still have to send mail from web, I may not be able to get this message as a reply to my previous mail, but it belongs to this same thread: http://www.dovecot.org/list/dovecot/2013-October/092810.html Some of the work I have now done. I can now easily, lest some hurdle shows up, use a script based on the one I mentioned (here it is again: http://wiki.dovecot.org/HowTo/RefilterMail ), but I used maildrop, having harkened to the advice by the author of Debian Reference, Osamu Aoki: http://www.debian.org/doc/manuals/debian-reference/ch06.en.html#_the_remote_mail_retrieval_and_forward_utility http://www.debian.org/doc/manuals/debian-reference/ch06.en.html#_mail_delivery_agent_mda_with_filter So while, after connecting with the password, I wait some 5 or 10 minutes (the machines I install/clone Debian onto are old machines) for all the mail from the other Dovecot on the other machine, same MBO and all, as I explained in the previous message, again; I am preparing this before going online, I haven't see if there are any replies in the last maybe 40 hours)... me at mybox2:~$ getmail getmail version 4.43.0 Copyright (C) 1998-2012 Charles Cazabon. Licensed under the GNU GPL version 2. SimpleIMAPSSLRetriever:me at mybox1.myfantasydomain:993: read_all and not delete -- all messages will be retrieved each time getmail is run SimpleIMAPSSLRetriever:me at mybox1.myfantasydomain:993: Enter password for SimpleIMAPSSLRetriever:me at mybox1.myfantasydomain:993: The: me at mybox2:~$ getmail command that I issued has just churned out all the 2945 messages into my homefolder here. And this is the previously prepared ----%<-------------------------------------------------------- $ cat ~/.getmail/getmailrc [retriever] type = SimpleIMAPSSLRetriever server = mybox1.myfantasydomain username = mr mailboxes= ALL [destination] type = MDA_external path = /usr/bin/maildrop unixfrom = True [options] verbose = 2 delete = False read_all = True delivered_to = False message_log = ~/.getmail/Mrinet_refilter.log ----%<-------------------------------------------------------- Not much talk needed about the getmailrc above, because it's all in the getmail manual, faq, and places. Sure, I also, prepared .mailfilter, for the maildrop, the fine program that nicely put all mails where I decided I wanted them! ----%<-------------------------------------------------------- $ cat ~/.mailfilter # ~/.mailfilter # based on: # http://www.wonkity.com/~wblock/docs/html/maildrop.html TYPE="maildir" logfile "$HOME/.mailfilter.log" ECHO="/bin/echo" MAIL="/usr/bin/mail" MAILDIRMAKE="/usr/bin/maildirmake" REFORMAIL="/usr/bin/reformail" MBOX=($TYPE =~ /mbox/) MAILDIR=($TYPE =~ /maildir/) # use mbox by default DEFAULT="$HOME/mail" FOLDERS="$DEFAULT/" if ( $MAILDIR ) { DEFAULT="$HOME/Maildir" FOLDERS="$DEFAULT/." } if ( $MAILDIR ) { `${MAILDIRMAKE} "$DEFAULT"` if ( $RETURNCODE == 0 ) { # notify the user when new folders are created NEWFOLDERMSG="${FOLDERS} folder created" `${ECHO} "$NEWFOLDERMSG" | ${MAIL} -s "$NEWFOLDERMSG" $LOGNAME` } } # filter out duplicate messages `${REFORMAIL} -D 8192 $HOME/.duplicate.cache` if ( $RETURNCODE == 0 ) { log "File: (duplicate) ($SIZE)\n" exit } if (/^(To|Cc|Envelope-To|Delivered-To):.*(miro\.rovis at croatiafidelis\.hr)/) { MYFOLDERDOT="$MATCH2" MYFOLDER=`echo $MYFOLDERDOT|sed 's/\.//g'` if ( $MAILDIR ) { `${MAILDIRMAKE} -f "$MYFOLDER" "$DEFAULT"` if ( $RETURNCODE == 0 ) { # notify the user when new folders are created NEWFOLDERMSG="${FOLDERS}$MYFOLDER list folder created" `${ECHO} "$NEWFOLDERMSG" | ${MAIL} -s "$NEWFOLDERMSG" $LOGNAME` } } # handle mailing list messages automatically if ( /^List-Id:.*<([0-9A-Za-z_\.\-]+)/ ) { LISTNAMEDOT="$MATCH1" LISTNAME=`echo $LISTNAMEDOT|sed 's/\.//g'` # don't create a folder for Mailman status messages, just deliver them if ( $LISTNAME =~ /Mailman/ ) to $DEFAULT if ( $MAILDIR ) { `${MAILDIRMAKE} -f "$MYFOLDER.$LISTNAME" "$DEFAULT"` if ( $RETURNCODE == 0 ) { # notify the user when new folders are created NEWFOLDERMSG="${FOLDERS}$MYFOLDER.$LISTNAME list folder created" `${ECHO} "$NEWFOLDERMSG" | ${MAIL} -s "$NEWFOLDERMSG" $LOGNAME` } } to ${FOLDERS}$MYFOLDER.$LISTNAME } to ${FOLDERS}$MYFOLDER } if (/^(To|Cc|Envelope-To|Delivered-To):.*(m.rovis at inet\.hr)/) { MYFOLDERDOT="$MATCH2" MYFOLDER=`echo $MYFOLDERDOT|sed 's/\.//g'` if ( $MAILDIR ) { `${MAILDIRMAKE} -f "$MYFOLDER" "$DEFAULT"` if ( $RETURNCODE == 0 ) { # notify the user when new folders are created NEWFOLDERMSG="${FOLDERS}$MYFOLDER list folder created" `${ECHO} "$NEWFOLDERMSG" | ${MAIL} -s "$NEWFOLDERMSG" $LOGNAME` } } if (/^Return-Path:.*@(facebookmail\.com)/) { MY2FOLDERDOT="$MATCH1" MY2FOLDER=`echo $MY2FOLDERDOT|sed 's/\.//g'` if ( $MAILDIR ) { `${MAILDIRMAKE} -f "${MYFOLDER}.${MY2FOLDER}" "$DEFAULT"` if ( $RETURNCODE == 0 ) { # notify the user when new folders are created NEWFOLDERMSG="${FOLDERS}${MYFOLDER}.${MY2FOLDER} list folder created" `${ECHO} "$NEWFOLDERMSG" | ${MAIL} -s "$NEWFOLDERMSG" $LOGNAME` } } # handle Facebook groups/lists messages automatically if ( /^List-Id:.*<([0-9A-Za-z_\-]+)\.+/ ) { LIST2NAME="$MATCH1" # don't create a folder for Mailman status messages, just deliver them if ( $LIST2NAME =~ /Mailman/ ) to $DEFAULT if ( $MAILDIR ) { `${MAILDIRMAKE} -f "${MYFOLDER}.${MY2FOLDER}.$LIST2NAME" "$DEFAULT"` if ( $RETURNCODE == 0 ) { # notify the user when new folders are created NEWFOLDERMSG="${FOLDERS}${MYFOLDER}.${MY2FOLDER}.$LIST2NAME list folder created" `${ECHO} "$NEWFOLDERMSG" | ${MAIL} -s "$NEWFOLDERMSG" $LOGNAME` } } to ${FOLDERS}${MYFOLDER}.${MY2FOLDER}.$LIST2NAME } to ${FOLDERS}${MYFOLDER}.$MY2FOLDER } if (/^(To|From):.*(childrenofmedugorje at gmail\.com)/) { MY2FOLDERDOT="$MATCH2" MY2FOLDER=`echo $MY2FOLDERDOT|sed 's/\.//g'` if ( $MAILDIR ) { `${MAILDIRMAKE} -f "${MYFOLDER}.${MY2FOLDER}" "$DEFAULT"` if ( $RETURNCODE == 0 ) { # notify the user when new folders are created NEWFOLDERMSG="${FOLDERS}${MYFOLDER}.${MY2FOLDER} list folder created" `${ECHO} "$NEWFOLDERMSG" | ${MAIL} -s "$NEWFOLDERMSG" $LOGNAME` } } to ${FOLDERS}${MYFOLDER}.$MY2FOLDER } if ( /^From:\s*EWTN\s*<(wings at ewtn.com)>/ ) { MY2FOLDERDOT="$MATCH1" MY2FOLDER=`echo $MY2FOLDERDOT|sed 's/\.//g'` if ( $MAILDIR ) { `${MAILDIRMAKE} -f "${MYFOLDER}.${MY2FOLDER}" "$DEFAULT"` if ( $RETURNCODE == 0 ) { # notify the user when new folders are created NEWFOLDERMSG="${FOLDERS}${MYFOLDER}.${MY2FOLDER} list folder created" `${ECHO} "$NEWFOLDERMSG" | ${MAIL} -s "$NEWFOLDERMSG" $LOGNAME` } } to ${FOLDERS}${MYFOLDER}.$MY2FOLDER } # handle mailing list messages automatically if ( /^List-Id:.*<([0-9A-Za-z_\.\-]+)/ ) { LISTNAMEDOT="$MATCH1" LISTNAME=`echo $LISTNAMEDOT|sed 's/\.//g'` # don't create a folder for Mailman status messages, just deliver them if ( $LISTNAME =~ /Mailman/ ) to $DEFAULT if ( $MAILDIR ) { `${MAILDIRMAKE} -f "$MYFOLDER.$LISTNAME" "$DEFAULT"` if ( $RETURNCODE == 0 ) { # notify the user when new folders are created NEWFOLDERMSG="${FOLDERS}$MYFOLDER.$LISTNAME list folder created" `${ECHO} "$NEWFOLDERMSG" | ${MAIL} -s "$NEWFOLDERMSG" $LOGNAME` } } to ${FOLDERS}$MYFOLDER.$LISTNAME } to ${FOLDERS}$MYFOLDER } ----%<-------------------------------------------------------- Here is my .muttrc, to show nearly all the components of my setup, which I hope to be using for mail.. I really understand only now, that the basis is really e-mail, not the browsers, or other things, for the life on the internet... That the basis is really e-mail these days on Russia Today said also Ladar Levison, the Lavabit.com founder that fought for his users' privacy all the way to losing his business. I admire people of such integrity and humanity! Not like the Canadian Hushmail which sold NSA's whistleblower Thomas Drake... Who says I don't like people from NSA. I highly regard him, and Ross Tice, and some others! It's the usual perception most of people have, that email is less important/less advanced, whatnot, not just me, but not delving into it here. I'm yet to see if my "broader picture" provoked any angry reactions... (Note while proofreading: No reactions, neither good nor bad, I just saw.) But I hope this will be technical enough now and to the completion of this thread... I haven't found anywhere other then on the www.wonkity.com, the address that I gave above, examples for maildrop, so I hope other users will find mine useful, which will be source of content for me... I invested time and effort to arrange those lines. Just let me give you the .muttrc (and completely without the unrelated settings for this story), because the dominant talk is about the maildrop, not the other two configuration files. ----%<-------------------------------------------------------- $ cat ~/.muttrc set mbox_type="maildir" set spoolfile=imaps://me at mybox2/ set folder=imaps://me at mybox2/ set ssl_starttls=yes set ssl_force_tls=yes set imap_passive ----%<-------------------------------------------------------- What I got with that maildrop in my Dovecot, and it would need some functions set, because I used too much pastion to get same work repeated on different input, but I don't know hot to do it, and it is by no means urgent, since I achived all the refiltering and in the way I wanted it, is I decided I wanted all mail in folders by the e-mail address by which I recieve them, and used the usual List-Id header to sort mails into up to two levels deeper, exactly for the famous yukky Stasimail, oh, sorry! I meant zucky Facebookmail. Also it would be great to check for existance of a foled before attemting to create it... It hasn't been yet urgent to me, and I am rather exhausted now, not only from this coding, but also because I got the tumbleweed pollen allergy (American native plant, brought here as ornamental plant in Columbo's time, but nauseating/suffocating (but rarely to death), fever causing to lots of people in Europe, through allergy, so I was also bed-ridden much of the time... and I am not well neither as I am writing this, so not much of proofreading before sending this. And to check for existance I guess it's with ... ~= ( some expression) of folders, so not to get an error on every fail attempt at creating folders as Warren Block explained here: http://www.wonkity.com/~wblock/docs/html/maildrop.html#_em_maildir_em_compatibility , and maybe improve those lines by using some foreach loop or some such means... Ah, notice that I start with no folder whatsoever, neither mbox not maildir type, I let the script do it all in my /home/mr! The .mailfilter settings above for maildrop upon completion of refiltering gave me, in my mutt, not going back to no GUIs no more, thanx so kindly!, but no love lost there, with all your Java and Javascript and stinking popup windows out of nowhere and rummiging in my machine which I in no way provoked, let alone initiated, and most certainly not acquiesced to... So this is, with a few copy-pastes (just the Mutt fine colors will be missing): y:Exit c:Chdir m:Mask ?:Help 1 IMAP + INBOX/ 2 IMAP + mirorovis at croatiafidelishr/ 3 IMAP + mirovis at inethr/ 4 IMAP + mrovis at inethr/ /\ /\ /\ /\ /\ /\ /\ / / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \/ \/ \/ \/ \/ \/ \/ -- Mutt: Directory [imaps://me at mybox2/], File mask: !^\.[^.] y:Exit c:Chdir m:Mask ?:Help 1 IMAP ../ 2 IMAP dovecotdovecotorg /\ /\ /\ /\ /\ /\ /\ / / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \/ \/ \/ \/ \/ \/ \/ -- Mutt: Directory [=mirorovis at croatiafidelishr/], File mask: !^\.[^.] y:Exit c:Chdir m:Mask ?:Help 1 IMAP ../ 2 IMAP dmo-discussiondeb-multimediaorg 3 IMAP gnewsense-usersnongnuorg 4 IMAP helpdeskiskonhr /\ /\ /\ /\ /\ /\ /\ / / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \/ \/ \/ \/ \/ \/ \/ -- Mutt: Directory [=mirovis at inethr/], File mask: !^\.[^.] y:Exit c:Chdir m:Mask ?:Help 1 IMAP ../ 2 IMAP alsa-userlistssourceforgenet 3 IMAP blfs-supportlinuxfromscratchorg 4 IMAP childrenofmedugorje at gmailcom 5 IMAP cinelerraskolelinuxno 6 IMAP cjeniklosthr 7 IMAP dailydavelistsimmunityinccom 8 IMAP debburn-devellistsaliothdebianorg 9 IMAP + facebookmailcom/ 10 IMAP ffmpeg-userffmpegorg 11 IMAP gnewsense-usersnongnuorg 12 IMAP listalosthr 13 IMAP mencoder-usersmplayerhqhu 14 IMAP mplayer-usersmplayerhqhu 15 IMAP userslistsclaws-mailorg 16 IMAP wings at ewtncom 17 IMAP wireshark-announcewiresharkorg 18 IMAP wireshark-userswiresharkorg /\ /\ /\ /\ /\ /\ /\ / \/ \/ \/ \/ \/ \/ \/ -- Mutt: Directory [=mrovis at inethr/], File mask: !^\.[^.] It's this last directory, i.e. this e-mail address that has the most of the folders. So I'll show how I got all the Facebookmail in one folder, and devided by its' groups/lists you name what they are. y:Exit c:Chdir m:Mask ?:Help 1 IMAP ../ 2 IMAP 109806486481 3 IMAP 114674985270726 4 IMAP 116954758434576 5 IMAP 132773866800887 6 IMAP 141591592620540 7 IMAP 147623871992079 8 IMAP 148721478521575 9 IMAP 158927160843505 10 IMAP 166374096744320 11 IMAP 177486422318814 12 IMAP 178566045493622 13 IMAP 191938787541916 14 IMAP 195731330459694 15 IMAP 199083346818377 16 IMAP 203424869671315 17 IMAP 248203298232 18 IMAP 259057640810411 19 IMAP 312893169439 20 IMAP 37080471529 21 IMAP 77789534513 22 IMAP australiacroatiaunited 23 IMAP domovinausrcu 24 IMAP hrperoistine 25 IMAP hrvatirimokatolici 26 IMAP hrvatskastraza 27 IMAP nacionalist 28 IMAP stopkrscanofobiji 29 IMAP zakonoovrsi -- Mutt: Directory [=mrovis at inethr/facebookmailcom/], File mask: !^\.[^.] I didn't need any rudimentary ASCII drawing to represent the blank lines cut out, because this is all the Stasi lists/groups here. The fact that some are named in numbers and not in [a-z] is only because that is the first part of the address, before @facebookmail.com part. Not touching that, no need to spend time on those... If there is some user who would like to have any more explanaion on this, I can try and tell more, but I know most of the users here know more and can do better that I, so I leave the talk now. I'll take a few looks back to see if I got any replies, just I can't do it in very frequent periods at all. I also have a few issues probably for the Mutt people to solve, the issues I suspect are with Mutt, but they are not urgent either. And also, not major issue, I tried sticking :DIRNAME=mAildir to the end of my mail_location line, but it simply didn't work, I mean, as per: http://wiki2.dovecot.org/MailLocation/Maildir I will try and get the stunnel to get my outgoing mail on the 465 port with TLS, but that is not an issue related here at all I think. Thanks again to you fine developers for these great programs. Timo Sirainen, you are greatly appreciated here, and my respect for your fine country Finland, and for your nation! Miroslav Rovis Zagreb, Croatia From noel.butler at ausics.net Sun Oct 6 04:04:18 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sun, 06 Oct 2013 11:04:18 +1000 Subject: [Dovecot] couple of errors on new setup In-Reply-To: <2022e30a47b60e1c9a9300e695831dab.squirrel@www.palousecom.com> References: <2022e30a47b60e1c9a9300e695831dab.squirrel@www.palousecom.com> Message-ID: On 06/10/2013 03:16, Dean Guenther wrote: > mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u > mail_privileged_group = mail > mbox_write_locks = fcntl mbox over NFS has *never* been recommended, it is unsafe - for any pop/imap type server, not just dovecot. If its not too late, and since you are testing a new server it cant be, change to Maildir, it was designed specifically for this very reason. also should use: mail_fsync = yes mail_nfs_index = yes mail_nfs_storage = yes mmap_disable = yes From jogi at mur.at Sun Oct 6 13:39:30 2013 From: jogi at mur.at (=?UTF-8?B?Sm9naSBIb2Ztw7xsbGVy?=) Date: Sun, 06 Oct 2013 12:39:30 +0200 Subject: [Dovecot] Transparent Migration from cyrus to dovecot Message-ID: <52513DE2.6070708@mur.at> Hi dovecot people, We are in the process of preparing the migration from a cyrus 2.1 installation to dovecot. Dovecot will be installed on new hardware, so we have separated servers that can/will exist in parallel for a while. Our goal is to do the migration without interrupting the service for our users too much. Currently we tend to using dsync. So I am asking for best practice suggestions, tips and hints from people who have done such a thing before. Curiously awaiting your replies ;) Cheers! PS: I am subscribed to the list. So no need to include my address in replies. Thanks! -- j.hofm?ller Optimism doesn't alter the laws of physics. - Subcommander T'Pol -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 230 bytes Desc: OpenPGP digital signature URL: From bill at bmorgan.com Sun Oct 6 18:55:49 2013 From: bill at bmorgan.com (Bill Morgan) Date: Sun, 06 Oct 2013 10:55:49 -0500 Subject: [Dovecot] retr errors Message-ID: <52518805.1030809@bmorgan.com> My ISP uses Dovecot and I have had an ongoing problem for a while using several email clients. Sometimes the response to a retr request is mal-formed. The expected response "+OK nnn octets" is not returned. The response looks like it started somewhere in the message headers. Sometimes a retry can clear the problem but I usually need to delete the first message via a putty session. The problem, when present, is always on the first message. Never seen it in the middle of a series of messages. This problem has been seen on different machines, different versions of Windows, at home and on the road. I have wireshark traces showing good and bad sessions.... ====================== stat +OK 93 1000437 retr 1 +OK 6946 octets Return-path: ..... ========================= retr 1 of blahblah at blah.com designates 2607:f8b0:4001:c03::235 as permitted sender) smtp.mail=blahblah at blah.com; dkim=pass header.i=@blah.com Reply-To: android-developers at googlegroups.com Precedence: list Mailing-list: ...... ================== My ISP has been non-helpful. Any ideas how I can track down the problem? Thanks Bill From dar at darklajid.de Sun Oct 6 20:52:55 2013 From: dar at darklajid.de (Benjamin Podszun) Date: Sun, 06 Oct 2013 19:52:55 +0200 Subject: [Dovecot] State of the FTS modules and packaging Message-ID: Hi there. I'm running a small (VPS) mail system just for myself for quite a while and want to support some friends and family now. For that I'm improving / documenting the setup. One thing I never cared to implement was FTS support. Looking at the options [1] now, I'm stuck. I don't want solr (no Java bashing here, I'm sure that's working awesome. But I don't want to pull all these dependencies in on my tiny VPS: Memory and disk will be as small as I can get away with). With that out of the way: What are my options? Squat: Why's squat deprecated? Did it stop working? Can someone shed some light on the original reasons for the deprecation? What are the risks to go with squat anyway? Clucene: That seems .. unusable. It would be my prefered choice (not deprecated, little dependencies), but .. it isn't packaged in deb based distributions (Debian, Ubuntu). It doesn't even _build_, because it doesn't use pkg-config to find the clucene includes (at least for 2.1.17) in these environments. Centos is even more out of date with 2.0.9. Given the experience above, is solr my only option to offer FTS? Can you guys share how you're having a stable base/os with a somewhat recent (and complete!) dovecot package? Thanks a lot & regards, Ben 1: http://wiki2.dovecot.org/Plugins/FTS From tss at iki.fi Sun Oct 6 21:58:32 2013 From: tss at iki.fi (Timo Sirainen) Date: Sun, 6 Oct 2013 21:58:32 +0300 Subject: [Dovecot] couple of errors on new setup In-Reply-To: References: <2022e30a47b60e1c9a9300e695831dab.squirrel@www.palousecom.com> Message-ID: <7BFF059D-67EB-47DD-BB0D-0951DA463C78@iki.fi> On 6.10.2013, at 4.04, Noel Butler wrote: > mail_nfs_index = yes > mail_nfs_storage = yes These are never recommended. They may be a kludgy workaround to avoid worst problems, but they will never work 100% In the recommended configurations (one Dovecot server or director cluster) you won't need them. From scw.dovecot at nsilimited.co.uk Sun Oct 6 22:01:22 2013 From: scw.dovecot at nsilimited.co.uk (Steve) Date: Sun, 06 Oct 2013 20:01:22 +0100 Subject: [Dovecot] Problems getting Squirrelmail and Avelsieve to connect to Pigeonhole Message-ID: <5251B382.2050705@nsilimited.co.uk> Hi, I have been going around in circles trying to find the solution. Many others appear to have the same problem, but never a solution or explanation. I am running Dovecot 2.0.21 under Fedora 16. All components are running on the same server, whose IP address is shown as '192.168.x.y'. The dovecot -n output is: /SSH Secure Shell 3.2.0 (Build 267)/ /Copyright (c) 2000-2002 SSH Communications Security Corp - http://www.ssh.com// /This copy of SSH Secure Shell is a non-commercial version./ /This version does not include PKI and PKCS #11 functionality./ /Last login: Sun Oct 6 17:00:08 2013 from 192.168.2.196/ /[root at nsi-server2 ~]# /usr/sbin/dovecot -n/ /# 2.0.21: /etc/dovecot/dovecot.conf/ /# OS: Linux 3.6.11-4.fc16.x86_64 x86_64 Fedora release 16 (Verne) / /auth_debug_passwords = yes/ /auth_verbose = yes/ /auth_verbose_passwords = plain/ /log_path = /var/log/mail/dovecot.log/ /mail_access_groups = mail/ /mail_location = mbox:~/mail:INBOX=/var/mail/%u/ /managesieve_notify_capability = mailto/ /managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave/ /mbox_write_locks = fcntl/ /passdb {/ / driver = pam/ /}/ /passdb {/ / args = /etc/dovecot/users/ / driver = passwd-file/ /}/ /plugin {/ / sieve = ~/.dovecot.sieve/ / sieve_dir = ~/sieve/ / sieve_global_path = /var/lib/dovecot/sieve/default.sieve/ /}/ /protocols = imap pop3 sieve sieve/ /service imap-login {/ / inet_listener imap {/ / address = 192.168.x.y,localhost/ / }/ / inet_listener imaps {/ / address = 192.168.x.y/ / }/ /}/ /service managesieve-login {/ / inet_listener sieve {/ / port = 4190/ / }/ /}/ /service pop3-login {/ / inet_listener pop3 {/ / address = 192.168.x,y,localhost/ / }/ / inet_listener pop3s {/ / address = 192.168.x.y/ / }/ /}/ /ssl_cert = On attempting to connect to the managesieve port from Squirrelmail, using the 'Filter' button i get the following error message: /*Could not log on to timsieved daemon on your IMAP server localhost.*/ /*Please contact your administrator*/ Running/*# /usr/sbin/ngrep -d lo port 4190 */produces the following trace: /[root at nsi-server root]# /usr/sbin/ngrep -d lo port 4190/ /interface: lo (127.0.0.0/255.0.0.0)/ /filter: (ip or ip6) and ( port 4190 )/ /####/ /T 127.0.0.1:4190 -> 127.0.0.1:35495 [AP]/ / "IMPLEMENTATION" "Dovecot Pigeonhole".."SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator/ / -i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave".."NOTIFY/ / " "mailto".."SASL" "PLAIN".."STARTTLS".."VERSION" "1.0"..OK "Dovecot ready.".. / /##/ /T 127.0.0.1:35495 -> 127.0.0.1:4190 [AP]/ / AUTHENTICATE "PLAIN" \{28+}.. / /##/ /T 127.0.0.1:35495 -> 127.0.0.1:4190 [AP]/ /c3RldmUAc3RldmUAbWFnaWNsaWs=.. / /##/ /T 127.0.0.1:4190 -> 127.0.0.1:35495 [AP]/ / NO "Invalid characters in atom"..NO "Error in MANAGESIEVE command received by server.".. / /###/ I hope that someone can provide a way to get the filter management working as I am more that happy with the way Dovecot and Squirrelmail are working, but just want to add server-side filtering, especially tagged mail produced by Spamassassin :) Many thanks Steve From stephan at rename-it.nl Sun Oct 6 22:56:28 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Sun, 06 Oct 2013 21:56:28 +0200 Subject: [Dovecot] Problems getting Squirrelmail and Avelsieve to connect to Pigeonhole In-Reply-To: <5251B382.2050705@nsilimited.co.uk> References: <5251B382.2050705@nsilimited.co.uk> Message-ID: <5251C06C.40209@rename-it.nl> On 10/6/2013 9:01 PM, Steve wrote: > Running/*# /usr/sbin/ngrep -d lo port 4190 */produces the following > trace: > > /##/ > /T 127.0.0.1:35495 -> 127.0.0.1:4190 [AP]/ > / AUTHENTICATE "PLAIN" \{28+}.. / > /##/ > /T 127.0.0.1:35495 -> 127.0.0.1:4190 [AP]/ > /c3RldmUAc3RldmUAbWFnaWNsaWs=.. / > /##/ > /T 127.0.0.1:4190 -> 127.0.0.1:35495 [AP]/ > / NO "Invalid characters in atom"..NO "Error in MANAGESIEVE command > received by server.".. / > /###/ > > I hope that someone can provide a way to get the filter management > working as I am more that happy with the way Dovecot and Squirrelmail > are working, but just want to add server-side filtering, especially > tagged mail produced by Spamassassin :) I was a bit confused by what your screen dump looks like with all those slashes, so initially I didn't notice one strange slash that is actually causing this phenomenon. I went as far as installing 2.0.21 with Pigeonhole 0.2.6 to reproduce this, only to find out that I couldn't. But.. when I copied this literally into my manual ManageSieve telnet session: AUTHENTICATE "PLAIN" \{28+} it failed in the same manner. The reason is quite obvious: this is not a valid ManageSieve command. That '\' is not supposed to be there. So, it looks like AvelSieve is severely broken. Regards, Stephan. From dan at langille.org Sun Oct 6 23:42:16 2013 From: dan at langille.org (Dan Langille) Date: Sun, 6 Oct 2013 16:42:16 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <52386E62.6040806@shom.fr> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> <523861B3.7090703@thelounge.net> <52386E62.6040806@shom.fr> Message-ID: <156D1F6E-96F9-4176-BF33-7B4323E41879@langille.org> On Sep 17, 2013, at 10:59 AM, Bruno Tr?guier wrote: > Le 17/09/2013 ? 16:32, Dan Langille a ?crit : >> $ openssl s_client -connect imaps.unixathome.org:993 -quiet >> depth=0 >> /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org >> >> verify error:num=20:unable to get local issuer certificate >> verify return:1 >> depth=0 >> /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org >> >> verify error:num=27:certificate not trusted >> verify return:1 >> depth=0 >> /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org >> >> verify error:num=21:unable to verify the first certificate >> verify return:1 >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> IDLE AUTH=PLAIN] Dovecot ready. >> >> Somewhere, somehow, there is something vastly different and not working. > > Hi, > > Something is definitely wrong with your certificate chain. The first > certificate listed in your chain (depth 2) should be StartCom's root CA, > bearing "CN = StartCom Certification Authority", the 2nd one (depth 1) > should be the intermediate cert, bearing "CN = StartCom Class 1 Primary > Intermediate Server CA" and the last one (depth 0) should be yours. > > You told in an earlier message that you had put the 3 certs (yours, then > the intermediate, and then the root) in your crt file. Is it still the > case ? If not, you really *must* do it, even if you find it makes no > difference. Maybe there's another problem somewhere else, but this chain > is a prerequisite for many clients to work. After a long delay, I'm ready to tackle this again. This is my configuration: # dovecot -n # 2.2.6: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE-p6 amd64 auth_debug = yes auth_verbose = yes first_valid_gid = 1001 first_valid_uid = 1001 mail_debug = yes mail_location = maildir:~/Maildir mail_privileged_group = mail passdb { args = scheme=SHA512-CRYPT /var/db/dovecot.users driver = passwd-file } protocols = imap service imap-login { inet_listener imap { address = 199.233.228.197 port = 0 } inet_listener imaps { address = 199.233.228.197 } } ssl_cert = dovecot.pem All the certs are startssl.com certs. Testing via the command line gives: $ openssl s_client -connect imaps.unixathome.org:993 CONNECTED(00000003) depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/description=VwhdJi0sLHP3BDtQ/C=US/ST=Pennsylvania/L=Media/O=Daniel Langille/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIHsjCCBpqgAwIBAgIDAaiZMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0 YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg MiBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTMxMDA2MTIzODI3 WhcNMTUxMDA2MjA1NzI4WjCBsjEZMBcGA1UEDRMQVndoZEppMHNMSFAzQkR0UTEL MAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTEOMAwGA1UEBxMFTWVk aWExGDAWBgNVBAoTD0RhbmllbCBMYW5naWxsZTEdMBsGA1UEAxMUaW1hcHMudW5p eGF0aG9tZS5vcmcxKDAmBgkqhkiG9w0BCQEWGXBvc3RtYXN0ZXJAdW5peGF0aG9t ZS5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQLgy4N8rCnhZS5t uwA0/4gTmMNdNflfwUgWGGUoeOC3qcodt2EitcnuhLfvDJORrpZtxKYYK0SMAlJt RHg+DTp+9mSCicDWjoxOcc1WbUUkAiFdkL155LtMEd2xSB/NaEbjeone86ln5erz 4BLJqiaaubOkhAwXrJy/Owfp6RUbqEKUToGI1bF+q5EFFGqh3rO7/3Gpx0qihScx 6sGa04CgqhT0G6JOw6zJ5zJE0PSX4U/S7nAJCA/ktXNU3v23Jd+RYIOqrmuyHnf6 dISQH8HQKr83L3D3Yq64GCadvf0Nv/xrxc/4UO2mpiZlZppf+8Q+vTgfwl98OH62 mqdUM8hspGMAtRGmt8ccB73ukmqHvY9QJEGNNvx181VlTTcAygi/R5LiEtwFewAj Zk4QvC4O3O3Rxl6VKfEgmoO93EXFfbVylv7MQqs6NKGeIdMgBpcxdsrlXo8ofVCz uIQvJV8G8mlejP/RstZAoGxtUP5BRrLbcke3q77l6d6DYrTAhb7SgxP31AYrSknj I+sCNb5IJvrrZe9lZt8OYlm3Yog8wjiTCgeBlytes7L95Dr0Xn8jZk4Dzg59HbO4 AIlSVdMistZatAvM9QFBPUdt36dyNkFOGpAtNblfmV3pB1Wyz0LlxhS2n3XFxSJB ZgHvBYV891UoSm6julSzeE2i/6liIQIDAQABo4IC8zCCAu8wCQYDVR0TBAIwADAL BgNVHQ8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1Ud DgQWBBTuSWRJewXVTNYjoX6gw/DdaXcDqTAfBgNVHSMEGDAWgBQR2yNF/VTManFv hIoD1773AS8mhjAvBgNVHREEKDAmghRpbWFwcy51bml4YXRob21lLm9yZ4IOdW5p eGF0aG9tZS5vcmcwggFWBgNVHSAEggFNMIIBSTAIBgZngQwBAgIwggE7BgsrBgEE AYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29t L3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1 ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1l bnRzIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9y IHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlp bmcgcGFydHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9j cmwuc3RhcnRzc2wuY29tL2NydDItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5 BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIv c2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9j ZXJ0cy9zdWIuY2xhc3MyLnNlcnZlci5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDov L3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IBAQBHkfLREbnBtJUE MPDsaHEZSEDe5uagtAvuNMQh03qcu5UG2x5KkjeT6OK7JwrrjEehA+m5t2JcGtPY dLN8VB9w7WdPg4ezNR/F4sKdeOPNl8+Us5pWMXRPnLN8EqAp4Kg5KzfJli8Jnaxw Snbs1Itmwxm19lYF2nWPUMMBru4CxHN7U5jbii+wqpi3LhRK/okuMEbG7xogcboP n2CDTFk6Yc9W0BE7XBwr1t0xE8KFgvlKu87RS3C+d1AkzM92NUDgS0JQgmO6F2T/ nBsediEpNGORzEvSuq/4wVych5tUKFkksy5X4CHXZw86YjZccPcrtpLrWxs5EhUD s+tkDOSK -----END CERTIFICATE----- subject=/description=VwhdJi0sLHP3BDtQ/C=US/ST=Pennsylvania/L=Media/O=Daniel Langille/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA --- No client certificate CA names sent --- SSL handshake has read 6672 bytes and written 409 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4098 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: AE8788A1289F10CB6417E4578F2EB86AFC132B3637748B237C559C72ECE26D77 Session-ID-ctx: Master-Key: 9D2151FF1BB2C45F32C1DBB1E49E45FA1E03F82387EE9FCCB50D7F2DB02BB0169D82B4ED386DCD17221856DD35CB1617 Key-Arg : None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - a4 61 9f 61 21 7e 67 45-71 2d 46 97 c7 4c 6c 99 .a.a!~gEq-F..Ll. 0010 - e8 7a 4b 5b 5d f5 32 e7-fe 1d 78 fa 4e 43 72 6e .zK[].2...x.NCrn 0020 - 68 22 4b 60 68 91 98 39-d1 50 09 0a 2a 08 f0 ae h"K`h..9.P..*... 0030 - a9 6e 14 b8 d9 82 09 3b-7d ef 1a b0 f1 d8 a7 c4 .n.....;}....... 0040 - 2c 83 57 a1 03 6e 17 89-13 ff 82 e0 06 88 c9 a1 ,.W..n.......... 0050 - dc 79 e7 3f 3b d4 da da-47 d8 63 07 71 6c df 2b .y.?;...G.c.ql.+ 0060 - 39 b2 0f f7 bf ac 8e b3-37 24 6f 58 83 1f 2a 65 9.......7$oX..*e 0070 - 7f 19 fb 1c 9a 46 1f 35-73 b1 cb 73 6b b5 c6 84 .....F.5s..sk... 0080 - dc d3 4b cb e7 db bb 7c-f3 52 b4 69 1b 42 9e 21 ..K....|.R.i.B.! 0090 - 4d c0 50 19 d2 98 77 be-b8 0e 9e 66 e7 d7 d9 52 M.P...w....f...R Start Time: 1381089774 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. I can login fine. This is the temporary login and password. There is nothing private in there at present. If anyone wishes to confirm this works, please feel free to connect in. I'm especially interested in those of you with Mac or iPhones. Is this only me? All Mac/iPhone? a1 login dan password a1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE] Logged in and commands work OK: a3 examine inbox * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1379426958] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [NOMODSEQ] No permanent modsequences a3 OK [READ-ONLY] Examine completed (0.014 secs). Logout: a5 LOGOUT * BYE Logging out a5 OK Logout completed. closed All looks good. /var/log/maillog shows: Oct 6 20:06:28 imaps dovecot: imap-login: Login: user=, method=PLAIN, rip=98.111.147.220, lip=199.233.228.197, mpid=81052, TLS, session= Oct 6 20:08:21 imaps dovecot: imap(dan): Disconnected: Logged out in=26 out=691 I have Thunderbird working just fine on my Macbook. But my goal is mail.app on my iPhone and my Macbook. When they try to connect, the mail server logs are: Oct 6 20:20:25 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [98.111.147.220] Oct 6 20:20:25 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, TLS handshaking: Disconnected, session= Yet, the same iPhone and Macbook connect fine to a dovecot 1.2.17 installation. That's my current IMAP server. I'm moving to another server and failing so far. Suggestions to use another client app or platform will not be entertained, because, clearly, this works with dovecot 1. -- Dan Langille - http://langille.org From lists at wildgooses.com Sun Oct 6 23:56:02 2013 From: lists at wildgooses.com (Ed W) Date: Sun, 06 Oct 2013 21:56:02 +0100 Subject: [Dovecot] Transparent Migration from cyrus to dovecot In-Reply-To: <52513DE2.6070708@mur.at> References: <52513DE2.6070708@mur.at> Message-ID: <5251CE62.5060104@wildgooses.com> Make use of the proxy feature. You can add a "server" entry into your userdb, that way you can literally move users over one by one and flip their server location. You can easily test individual users and move them over individually. Works brilliantly Ed W On 06/10/2013 11:39, Jogi Hofm?ller wrote: > Hi dovecot people, > > We are in the process of preparing the migration from a cyrus 2.1 > installation to dovecot. Dovecot will be installed on new hardware, so > we have separated servers that can/will exist in parallel for a while. > > Our goal is to do the migration without interrupting the service for our > users too much. Currently we tend to using dsync. So I am asking for > best practice suggestions, tips and hints from people who have done such > a thing before. > > Curiously awaiting your replies ;) > > Cheers! > PS: I am subscribed to the list. So no need to include my address in > replies. Thanks! From h.reindl at thelounge.net Mon Oct 7 00:06:08 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 06 Oct 2013 23:06:08 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <156D1F6E-96F9-4176-BF33-7B4323E41879@langille.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> < 523861B3.7090703@thelounge.net> <52386E62.6040806@shom.fr> <156D1F6E-96F9-4176-BF33-7B4323E41879@langille.org> Message-ID: <5251D0C0.40404@thelounge.net> Am 06.10.2013 22:42, schrieb Dan Langille: > I have Thunderbird working just fine on my Macbook. > > But my goal is mail.app on my iPhone and my Macbook. When they try to connect, the mail server logs are: > > Oct 6 20:20:25 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [98.111.147.220] > Oct 6 20:20:25 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, TLS handshaking: Disconnected, session= > Yet, the same iPhone and Macbook connect fine to a dovecot 1.2.17 installation. That's my current IMAP server. I'm moving to another server and failing so far. > > Suggestions to use another client app or platform will not be entertained, because, clearly, this works with dovecot 1 and mail.app is working even with *self signed* certificates and dovecot 2.2 you only have to accept / import the certificate proven by a testserver all day long so i assume the problem exists between chair and keyboard -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From d.parthey at metaways.de Mon Oct 7 01:47:22 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Mon, 07 Oct 2013 00:47:22 +0200 Subject: [Dovecot] retr errors In-Reply-To: <52518805.1030809@bmorgan.com> References: <52518805.1030809@bmorgan.com> Message-ID: <80f87e40-fb0a-4eb1-b014-c26eabb8e380@email.android.com> Hi Bill You should send the wireshark traces to your ISP and ask him to fix it. At least one would require the doveconf -n output and the version of dovecot. Probably a bug in an older dovecot version? Regards Daniel From d.parthey at metaways.de Mon Oct 7 01:58:30 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Mon, 07 Oct 2013 00:58:30 +0200 Subject: [Dovecot] retr errors In-Reply-To: <52518805.1030809@bmorgan.com> References: <52518805.1030809@bmorgan.com> Message-ID: <0ba749c1-96a4-4896-baa6-2ab69f7c6b4c@email.android.com> Hi Bill, any intercepting virus scanner or personal firewall software between your mail client and the dovecot server? Regards Daniel From wouter at private-lotus.org Mon Oct 7 02:01:14 2013 From: wouter at private-lotus.org (Wouter Berkepeis) Date: Mon, 07 Oct 2013 01:01:14 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 Message-ID: <5251EBBA.4000505@private-lotus.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I just subscribed to the mailing list because I am stuck trying to solve a problem getting smartsieve to work with a new version of dovecot. But let me first explain the situation shortly. I am running a mail server at home for personal use, and for fun. At this moment this is an old, slow machine running Debian Squeeze, Dovecot 1.2.15 and Exim 4.72. Authentication is done with LDAP, running OpenLDAP 2.4.23. For managing mail filtering I use Smartsieve 1.0.0-RC2 in conjunction with Dovecot's Managesieve plugin. It's all working properly. But because this machine is slow, I'm now busy upgrading building a new machine running Debian Wheezy, Dovecot 2.1.7 and Exim 4.80. I've got it all running and working now (that is: locally in my lan): imap with dovecot, smtp with exim, Dovecot's sieve plugin working properly, authentication done through LDAP backend. But what I can't get to work is Smartsieve. Looking at the logs on my server I can tell managesieve-login is not working well with Smartsieve. As far as I understand authentication is always done over a secure connection using TLS. Here is some logged output, Dovecot as well as Smartsieve. dovecot-info.log: 2013-10-06 21:16:20 managesieve-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number 40, session= syslog: Oct 6 21:51:40 jingo smartsieve[12168]: getCryptLib: using rc4 Oct 6 21:51:40 jingo smartsieve[12168]: getCryptLib: using rc4 Oct 6 21:51:40 jingo smartsieve[12168]: FAILED LOGIN: jingo [192.168.2.12] {Private Lotus}: starttls: TLS initialization failed: socket timed out while reading server response: #002 Oct 6 21:51:40 jingo smartsieve[12168]: 2Z#027#015141003200542Z0??1#0130#011#006#003U#004#006#023#002NL1#0230#021#006#003U#004#010#014#012Overijssel1#0200#016#006#003U#004#007#014#007Hengelo1#0!#006#003U#004#012#014#032Private Lotus Organization1#0230#021#006#003U#004#013#014#012Jingo Mail1&0$#006#003U#004#003#014#035jingo.private-lotus.no-ip.net1&0$#006#011*?H??#015#001#011#001#026#027amigo at private-lotus.org0?#001"0#015#006#011*?H??#015#001#001#001#005 Oct 6 21:51:40 jingo smartsieve[12168]: #003#001 Oct 6 21:51:40 jingo smartsieve[12168]: ?m?N?gH??t#021???#011$?f+?#013?#021??#013?y?Zd#032??}??#012??#003xP? What is clear is that somehow no user information is being negotiated. Issuing a manual TLS login give the following results: root at amigos:~# gnutls-cli --starttls -p 4190 jingo.private-lotus.no-ip.net Resolving 'jingo.private-lotus.no-ip.net'... Connecting to '82.161.181.183:4190'... - - Simple Client Mode: "IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave" "NOTIFY" "mailto" "SASL" "" "STARTTLS" "VERSION" "1.0" OK "Dovecot ready." STARTTLS OK "Begin TLS negotiation now." *** Starting TLS handshake - - Ephemeral Diffie-Hellman parameters - Using prime: 1024 bits - Secret key: 1022 bits - Peer's public key: 1024 bits - - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=NL,ST=Overijssel,L=Hengelo,O=Private Lotus Organization,OU=Jingo Mail,CN=jingo.private-lotus.no-ip.net,EMAIL=amigo at private-lotus.org', issuer `C=NL,ST=Overijssel,L=Hengelo,O=Private Lotus Organization,OU=Private Lotus Certificate Authority,CN=private-lotus.no-ip.net,EMAIL=amigo at private-lotus.org', RSA key 2048 bits, signed using RSA-SHA, activated `2013-10-03 20:05:42 UTC', expires `2014-10-03 20:05:42 UTC', SHA-1 fingerprint `85ff6b5846a53e7eb5d46c3c4ebfd7beb253ba15' - - The hostname in the certificate matches 'jingo.private-lotus.no-ip.net'. - - Peer's certificate issuer is unknown - - Peer's certificate is NOT trusted - - Version: TLS1.1 - - Key Exchange: DHE-RSA - - Cipher: AES-128-CBC - - MAC: SHA1 - - Compression: NULL Everything OK I guess. Especially the first part of the output is interesting: "IMPLEMENTATION" "Dovecot Pigeonhole" This is what Smartsieve is looking at. With the former version the string was 'dovecot', so I changed this in the 'Managesieve.php' file. This file was already patched as stated on the site. Furthermore I changed everything referring to port 2000 to port 4190. But it still ain't working. Am I doing something wrong? Or is Smartsieve just becoming too outdated to work with newer versions of Dovecot? To get the picture complete, hereby my used config of Dovecot, generated with 'dovecot -n' : root at jingo:~# dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.1 info_log_path = /var/log/dovecot/dovecot-info.log log_path = /var/log/dovecot/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { mail_log_fields = uid box msgid size flags sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /etc/dovecot/sieve/ } protocols = " imap sieve" service auth-worker { user = $default_internal_user } service imap-login { inet_listener imap { address = * port = 143 } inet_listener imaps { address = * port = 993 } } service managesieve-login { executable = /usr/lib/dovecot/managesieve-login inet_listener sieve { port = 4190 } } service managesieve { executable = /usr/lib/dovecot/managesieve } ssl_cert = References: <2022e30a47b60e1c9a9300e695831dab.squirrel@www.palousecom.com> <7BFF059D-67EB-47DD-BB0D-0951DA463C78@iki.fi> Message-ID: <209146157a7ac804672768a691f689bc@ausics.net> On 07/10/2013 04:58, Timo Sirainen wrote: > On 6.10.2013, at 4.04, Noel Butler wrote: > >> mail_nfs_index = yes >> mail_nfs_storage = yes > > These are never recommended. They may be a kludgy workaround to avoid > worst problems, but they will never work 100% In the recommended > configurations (one Dovecot server or director cluster) you won't need > them. Ahh OK, thanks, our configs have been carried over since early days when this recommended, certainly never seen any errors with them on our cluster (and we don't use director). From bill at bmorgan.com Mon Oct 7 04:19:32 2013 From: bill at bmorgan.com (Bill Morgan) Date: Sun, 06 Oct 2013 20:19:32 -0500 Subject: [Dovecot] retr errors In-Reply-To: <0ba749c1-96a4-4896-baa6-2ab69f7c6b4c@email.android.com> References: <52518805.1030809@bmorgan.com> <0ba749c1-96a4-4896-baa6-2ab69f7c6b4c@email.android.com> Message-ID: <52520C24.9030003@bmorgan.com> On 10/6/2013 5:58 PM, Daniel Parthey wrote: > Hi Bill, > > any intercepting virus scanner or personal firewall software between your mail client and the dovecot server? > > Regards > Daniel McAfee.... and the ISP wasn't interested in the wireshark traces. I know, I should change the ISP and see if the problem goes away. :-) Thanks From noel.butler at ausics.net Mon Oct 7 04:33:23 2013 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 07 Oct 2013 11:33:23 +1000 Subject: [Dovecot] retr errors In-Reply-To: <52520C24.9030003@bmorgan.com> References: <52518805.1030809@bmorgan.com> <0ba749c1-96a4-4896-baa6-2ab69f7c6b4c@email.android.com> <52520C24.9030003@bmorgan.com> Message-ID: <0e33ce13680ca3200ae2fdb1d0bf4c43@ausics.net> On 07/10/2013 11:19, Bill Morgan wrote: > On 10/6/2013 5:58 PM, Daniel Parthey wrote: >> Hi Bill, >> >> any intercepting virus scanner or personal firewall software between >> your mail client and the dovecot server? >> >> Regards >> Daniel > McAfee.... > As I'm sure Daniel was implying, did you also test without these? Also, do they provide webmail? next time you get a stuck message, login to webmail and see if its OK there, try using only webmail for a week or two, if you have this trouble every day, you'll soon reproduce it, or rule out the ISP end. > and the ISP wasn't interested in the wireshark traces. Baring in mind, that ISP tech support, is exactly that, "ISP, Tech Support" not Microsoft support, or apple support or whatever, the ISP can only support its services, not your local client software, if they can prove, and your ISP should have by process of elimination, for instance, webmail, you have no trouble, then they have ruled out an ISP related cause, and they are very within their rights to say "not our problem". Also remember, engineers tend to act/get-involved when complaints are en-mass, its to their advantage to look at it then, IOW, the care factor will increase with multiple people exhibiting the same problem over a short or same period of time. > > I know, I should change the ISP and see if the problem goes away. :-) > Sounds like a fair idea to me if you rule out everything on your end and can prove beyond doubt it is the ISP, else you'll just be moving the problem sideways, not up towards resolution. From list_dovecot at bluerosetech.com Mon Oct 7 06:59:07 2013 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Sun, 06 Oct 2013 20:59:07 -0700 Subject: [Dovecot] Transparent Migration from cyrus to dovecot In-Reply-To: <5251CE62.5060104@wildgooses.com> References: <52513DE2.6070708@mur.at> <5251CE62.5060104@wildgooses.com> Message-ID: <5252318B.1080306@bluerosetech.com> On 10/6/2013 1:56 PM, Ed W wrote: > Make use of the proxy feature. You can add a "server" entry into your > userdb, that way you can literally move users over one by one and flip > their server location. You can easily test individual users and move > them over individually. > > Works brilliantly Second this. Pair it with a snapshot-capable FS and you can migrate the bulk of data in the background, then do the stop cyrus delivery, offline cyrus, copy remaining differences, online dovecot, start delivery to dovecot steps in a matter of seconds. From raubvogel at gmail.com Mon Oct 7 07:17:43 2013 From: raubvogel at gmail.com (Mauricio Tavares) Date: Mon, 7 Oct 2013 00:17:43 -0400 Subject: [Dovecot] Yet another going from 1.2 to 2.X question: authentication In-Reply-To: <1379572837.11128.11.camel@tardis> References: <1379572837.11128.11.camel@tardis> Message-ID: On Thu, Sep 19, 2013 at 2:40 AM, Noel Butler wrote: > On Thu, 2013-09-19 at 00:50 -0400, Mauricio Tavares wrote: > >> So in 1.2.9 I had something like this: >> >> [...] >> >> socket listen { >> master { >> path = /var/run/dovecot/auth-master >> mode = 0600 >> user = virtual # User running Dovecot LDA's deliver >> } >> } >> >> # Dovecot as SASL Auth >> socket listen { >> client { >> path = /var/spool/postfix/private/dovecot-auth >> mode = 0660 >> user = postfix >> group = postfix >> } >> } >> >> I see I can, per http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL, >> setup the sasl entry as >> >> # Dovecot as SASL Auth >> service auth { >> unix_listener /var/spool/postfix/private/dovecot-auth >> mode = 0660 >> user = postfix >> group = postfix >> } >> >> what about the lda? From http://wiki2.dovecot.org/LDA I take it would >> be as simple as >> >> service auth { >> unix_listener auth-userdb { >> mode = 0600 >> user = virtual # User running Dovecot LDA's deliver >> } >> } >> >> Am I correct? > > > Yes, but no need for two service auth's, put them under the one. you > might want to also include group= in addition to user, probably wont > matter too much if you don't, I cant remember the consequences of not. > Makes sense, so I shall set them up as /etc/dovecot/conf.d/10-master.conf # http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL service auth { unix_listener auth-userdb { mode = 0600 user = virtual # User running Dovecot LDA's deliver } # Dovecot as SASL Auth unix_listener /var/spool/postfix/private/dovecot-auth { mode = 0660 user = postfix group = postfix } } Thanks for the help (and sorry for the late reply)! Now as soon as the namespaces make sense to me and I figure out how to get sieve properly configured I can do the upgrade. From stephan at rename-it.nl Mon Oct 7 09:54:50 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 07 Oct 2013 08:54:50 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: <5251EBBA.4000505@private-lotus.org> References: <5251EBBA.4000505@private-lotus.org> Message-ID: <52525ABA.5000105@rename-it.nl> On 10/7/2013 1:01 AM, Wouter Berkepeis wrote: > > Everything OK I guess. Especially the first part of the output is > interesting: "IMPLEMENTATION" "Dovecot Pigeonhole" > This is what Smartsieve is looking at. With the former version the > string was 'dovecot', so I changed this in the 'Managesieve.php' file. > This file was already patched as stated on the site. Furthermore I > changed everything referring to port 2000 to port 4190. That should work. I used the patch mentioned here: http://www.mail-archive.com/dovecot at dovecot.org/msg21862.html And modified it for the new situation. I'm assuming this is very similar to what you're doing and here it works. You could try to obtain more information by logging the protocol exchange: http://wiki2.dovecot.org/Debugging/Rawlog Alternatively you can debug Smartsieve by adding more logging into the source code. And yes, SmartSieve is unmaintained, so I would not recommend using it anymore. Regards, Stephan. From przemek.orzechowski at makolab.pl Mon Oct 7 10:27:48 2013 From: przemek.orzechowski at makolab.pl (=?UTF-8?B?UHJ6ZW15c8WCYXcgT3J6ZWNob3dza2k=?=) Date: Mon, 07 Oct 2013 09:27:48 +0200 Subject: [Dovecot] retr errors In-Reply-To: <0e33ce13680ca3200ae2fdb1d0bf4c43@ausics.net> References: <52518805.1030809@bmorgan.com> <0ba749c1-96a4-4896-baa6-2ab69f7c6b4c@email.android.com> <52520C24.9030003@bmorgan.com> <0e33ce13680ca3200ae2fdb1d0bf4c43@ausics.net> Message-ID: <52526274.6010600@makolab.pl> W dniu 07.10.2013 03:33, Noel Butler pisze: > On 07/10/2013 11:19, Bill Morgan wrote: >> On 10/6/2013 5:58 PM, Daniel Parthey wrote: >>> Hi Bill, >>> >>> any intercepting virus scanner or personal firewall software between >>> your mail client and the dovecot server? >>> >>> Regards >>> Daniel >> McAfee.... >> I would suggest temporaily disabling McAffle (might be not posssible without uninstaling it, at least its the case with norton and kaspersky) as from my personal experience AV suits tend to break mail transfers. AV's that i had problems with include Norton, Kaspersky, Avast ... We are not using McAffe here but it's probable that if mail filtering or Firewall/Internet security/Anti phishing is enabled, McAffe is intercepting Your mail en route and scanning it what might lead to errors. > As I'm sure Daniel was implying, did you also test without these? > Also, do they provide webmail? next time you get a stuck message, > login to webmail and see if its OK there, try using only webmail for a > week or two, if you have this trouble every day, you'll soon reproduce > it, or rule out the ISP end. > >> and the ISP wasn't interested in the wireshark traces. > > Baring in mind, that ISP tech support, is exactly that, "ISP, Tech > Support" not Microsoft support, or apple support or whatever, the ISP > can only support its services, not your local client software, if they > can prove, and your ISP should have by process of elimination, for > instance, webmail, you have no trouble, then they have ruled out an > ISP related cause, and they are very within their rights to say "not > our problem". > > Also remember, engineers tend to act/get-involved when complaints are > en-mass, its to their advantage to look at it then, IOW, the care > factor will increase with multiple people exhibiting the same problem > over a short or same period of time. > >> >> I know, I should change the ISP and see if the problem goes away. :-) >> > > Sounds like a fair idea to me if you rule out everything on your end > and can prove beyond doubt it is the ISP, else you'll just be moving > the problem sideways, not up towards resolution. > > From me at junc.eu Mon Oct 7 13:06:22 2013 From: me at junc.eu (Benny Pedersen) Date: Mon, 07 Oct 2013 12:06:22 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: <5251EBBA.4000505@private-lotus.org> References: <5251EBBA.4000505@private-lotus.org> Message-ID: Wouter Berkepeis skrev den 2013-10-07 01:01: > dovecot-info.log: > 2013-10-06 21:16:20 managesieve-login: Info: Disconnected (no auth > attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS > handshaking: SSL_accept() failed: error:14094410:SSL > routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert > number > 40, session= > syslog: setup smartsieve to disable tls, then it works edit in servers.php From me at junc.eu Mon Oct 7 13:09:40 2013 From: me at junc.eu (Benny Pedersen) Date: Mon, 07 Oct 2013 12:09:40 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: <52525ABA.5000105@rename-it.nl> References: <5251EBBA.4000505@private-lotus.org> <52525ABA.5000105@rename-it.nl> Message-ID: <29eead18cfef701c278b5ab3b6067106@junc.eu> Stephan Bosch skrev den 2013-10-07 08:54: > And yes, SmartSieve is unmaintained, so I would not recommend using > it > anymore. just sad it is not, its imho still the best standalone webui for sieve From noel.butler at ausics.net Mon Oct 7 13:28:10 2013 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 07 Oct 2013 20:28:10 +1000 Subject: [Dovecot] Yet another going from 1.2 to 2.X question: authentication In-Reply-To: References: <1379572837.11128.11.camel@tardis> Message-ID: On 07/10/2013 14:17, Mauricio Tavares wrote: > Makes sense, so I shall set them up as > > /etc/dovecot/conf.d/10-master.conf > # http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > > service auth { > unix_listener auth-userdb { > mode = 0600 > user = virtual # User running Dovecot LDA's deliver > } > > # Dovecot as SASL Auth > unix_listener /var/spool/postfix/private/dovecot-auth { > mode = 0660 > user = postfix > group = postfix > } > } > Looks good to me > Thanks for the help (and sorry for the late reply)! Now as soon as the > namespaces make sense to me and I figure out how to get sieve properly > configured I can do the upgrade. hehe, no problems, I wont comment on namespaces since I don't use anything special in that regards, but sieve is easy to configure service managesieve-login { service_count = 1 process_min_avail = 0 vsz_limit = 64M inet_listener sieve { port = 4190 } } service managesieve { process_limit = 1024 } protocol sieve { managesieve_max_line_length = 65536 managesieve_logout_format = bytes=%i/%o managesieve_implementation_string = Dovecot Pigeonhole managesieve_max_compile_errors = 5 mail_max_userip_connections = 10 } set... in global: protocols = pop3 imap sieve (assuming you use both pop3 and imap) protocol lda: mail_plugins = $mail_plugins sieve and in the plugin section, something like sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_vacation_min_period = 1d sieve_vacation_default_period = 7d ...and you're all set From info at eye-catching-webdesign.de Mon Oct 7 13:35:10 2013 From: info at eye-catching-webdesign.de (Lucas Rothamel - Eye Catching Webdesign) Date: Mon, 07 Oct 2013 12:35:10 +0200 Subject: [Dovecot] Replication: long detalys Message-ID: <52528E5E.2040904@eye-catching-webdesign.de> Hello everybody, I am running dovecot 2.1.7 on Debian Wheezy on two servers with replication set up, MTA is postfix. The idea is to have a redundant mail system so that when one server fails, users can continue using the other server (failover of POP/IMAP through DNS redirection). Servers are called srv06 and srv07: Below is the dovecot config, both servers have identical config, only the replica srv0x address is different. I read to put this line into 10-mail.conf and I did: mail_plugins = $mail_plugins notify replication My Problem: When E-Mail arrives on one server, it is only available on the other server many hours later. Same behaviour in both directions. This means I see different mailboxes via IMAP depending on which server I connect to - in theory I want the client not to be able to tell which server it is connected to. dovecot -n: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 ext4 auth_mechanisms = plain login cram-md5 disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/%d/%n/Maildir mail_privileged_group = mail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { mail_replica = remote:vmail at srv07.xxx quota = maildir:User quota quota_rule = *:storage=1GB replication_full_sync_interval = 1 hours } protocols = imap pop3 service aggregator { fifo_listener replication-notify-fifo { mode = 0600 user = vmail } unix_listener replication-notify { mode = 0600 user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } service config { unix_listener config { user = vmail } } service doveadm { user = vmail } service replicator { process_min_avail = 1 } ssl_cert = From CMarcus at Media-Brokers.com Mon Oct 7 13:44:44 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 07 Oct 2013 06:44:44 -0400 Subject: [Dovecot] retr errors In-Reply-To: <52520C24.9030003@bmorgan.com> References: <52518805.1030809@bmorgan.com> <0ba749c1-96a4-4896-baa6-2ab69f7c6b4c@email.android.com> <52520C24.9030003@bmorgan.com> Message-ID: <5252909C.90500@Media-Brokers.com> On 2013-10-06 9:19 PM, Bill Morgan wrote: > On 10/6/2013 5:58 PM, Daniel Parthey wrote: >> Hi Bill, >> >> any intercepting virus scanner or personal firewall software between >> your mail client and the dovecot server? > McAfee.... Well, I'd just stop right there, fire whoever installed Macafee, remove it, and install a real antivirus (ESET is my preferred, but *anything* but Macafee or Norton)... -- Best regards, */Charles/* From dovecot at lists.wgwh.ch Mon Oct 7 17:51:56 2013 From: dovecot at lists.wgwh.ch (Oli Schacher) Date: Mon, 7 Oct 2013 16:51:56 +0200 Subject: [Dovecot] Replication: long detalys In-Reply-To: <52528E5E.2040904@eye-catching-webdesign.de> References: <52528E5E.2040904@eye-catching-webdesign.de> Message-ID: <20131007165156.00f22121@lists.wgwh.ch> On Mon, 07 Oct 2013 12:35:10 +0200 Lucas Rothamel - Eye Catching Webdesign wrote: > Hello everybody, > > I am running dovecot 2.1.7 on Debian Wheezy on two servers with > replication set up This kind of setup is recommended on dovecot 2.2+ only. http://wiki2.dovecot.org/Replication : """ NOTE: v2.2 is highly recommended for this. Earlier versions can't do incremental metadata syncing. This means that the more mails a mailbox has, the slower it is to sync it. """ Also, Timo fixed *tons* of dsync replication bugs for 2.2. Upgrading to the latest version will most likely make these errors go away. Best regards Oli From dan at langille.org Mon Oct 7 18:39:20 2013 From: dan at langille.org (Dan Langille) Date: Mon, 07 Oct 2013 11:39:20 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5251D0C0.40404@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" "<52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> < 523861B3.7090703@thelounge.net> " <52386E62.6040806@shom.fr> <156D1F6E-96F9-4176-BF33-7B4323E41879@langille.org> <5251D0C0.40404@thelounge.net> Message-ID: On 2013-10-06 17:06, Reindl Harald wrote: > Am 06.10.2013 22:42, schrieb Dan Langille: > I have Thunderbird working just fine on my Macbook. > > But my goal is mail.app on my iPhone and my Macbook. When they try to > connect, the mail server logs are: > > Oct 6 20:20:25 imaps dovecot: imap-login: Warning: SSL failed: > where=0x2002: SSLv3 read client certificate A [98.111.147.220] > Oct 6 20:20:25 imaps dovecot: imap-login: Disconnected (no auth > attempts in 1 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, > TLS handshaking: Disconnected, session= > Yet, the same iPhone and Macbook connect fine to a dovecot 1.2.17 > installation. That's my current IMAP server. I'm moving to another > server and failing so far. > > Suggestions to use another client app or platform will not be > entertained, because, clearly, this works with dovecot 1 > > and mail.app is working even with *self signed* certificates and > dovecot 2.2 > you only have to accept / import the certificate > proven by a testserver all day long > > so i assume the problem exists between chair and keyboard It is something I am doing. Without a doubt. Clearly, there is something unique about this situation which is not going well. I want to discover the problem so others do not encounter it in future. -- Dan Langille - http://langille.org/ From wouter at private-lotus.org Mon Oct 7 18:54:09 2013 From: wouter at private-lotus.org (Wouter Berkepeis) Date: Mon, 07 Oct 2013 17:54:09 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: <52525ABA.5000105@rename-it.nl> References: <5251EBBA.4000505@private-lotus.org> <52525ABA.5000105@rename-it.nl> Message-ID: <5252D921.7040101@private-lotus.org> Hello Stephan, Thanks for the answer. I also thought it should work this way. Thank you for the suggestion using rawlog, hopefully I can find out why it does not work (yet). Complicating factor is that I run 2 versions of SmartSieve on two different machines, the old one for everyday use, and the new one for testing inside my lan. Always a bit tricky these do not interfere. For testing managesieve(-login) I also used the Thunderbird sieve plugin. This is working ok for the new setup, I can actually log in and send and save sieve settings on the server (a lot of s's...:-) ). So Dovecot is working ok, it's the client side causing the problem. Regards, Wouter On 10/07/2013 08:54 AM, Stephan Bosch wrote: > On 10/7/2013 1:01 AM, Wouter Berkepeis wrote: >> Everything OK I guess. Especially the first part of the output is >> interesting: "IMPLEMENTATION" "Dovecot Pigeonhole" >> This is what Smartsieve is looking at. With the former version the >> string was 'dovecot', so I changed this in the 'Managesieve.php' file. >> This file was already patched as stated on the site. Furthermore I >> changed everything referring to port 2000 to port 4190. > That should work. I used the patch mentioned here: > > http://www.mail-archive.com/dovecot at dovecot.org/msg21862.html > > And modified it for the new situation. I'm assuming this is very similar > to what you're doing and here it works. > > You could try to obtain more information by logging the protocol exchange: > > http://wiki2.dovecot.org/Debugging/Rawlog > > Alternatively you can debug Smartsieve by adding more logging into the > source code. > > And yes, SmartSieve is unmaintained, so I would not recommend using it > anymore. > > Regards, > > Stephan. > > From wouter at private-lotus.org Mon Oct 7 19:04:09 2013 From: wouter at private-lotus.org (Wouter Berkepeis) Date: Mon, 07 Oct 2013 18:04:09 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: References: <5251EBBA.4000505@private-lotus.org> Message-ID: <5252DB79.1070604@private-lotus.org> Thanks for the reply. I already tried all possible options in server.php : from 993/imap/ssl/novalidate-certs to 143/imap/notls with setting use_starttls to false. It seems that smartsieve/managesieve-login is always trying to setup a secure connection. Looking at my log files TLS handshaking is always been done. I don't know what is causing this behaviour. On 10/07/2013 12:06 PM, Benny Pedersen wrote: > Wouter Berkepeis skrev den 2013-10-07 01:01: > >> dovecot-info.log: >> 2013-10-06 21:16:20 managesieve-login: Info: Disconnected (no auth >> attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS >> handshaking: SSL_accept() failed: error:14094410:SSL >> routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number >> 40, session= >> syslog: > > setup smartsieve to disable tls, then it works > > edit in servers.php > From alex.wanderley at edmonton.ca Mon Oct 7 19:11:21 2013 From: alex.wanderley at edmonton.ca (Alex Wanderley) Date: Mon, 7 Oct 2013 10:11:21 -0600 Subject: [Dovecot] Proxy to gmail not working Message-ID: Hi, I've been trying to build a password forwarding proxy to Gmail without success... The SSL connection to Dovecot is happening no problem (as far as I can tell), but for some reason the conversation between Dovecot and Gmail is getting timed out. I know this is supposed to be simple... :-( But could somebody please give me some help by pointing what I'm not doing right? No matter how much I've been researching about this, I can't find the solution. Thanks a lot, Alex # 2.2.5: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-308.8.2.el5xen x86_64 CentOS release 5.8 (Final) auth_cache_negative_ttl = 10 mins auth_cache_size = 1 k auth_cache_ttl = 10 mins auth_debug = yes auth_debug_passwords = yes auth_mechanisms = cram-md5 digest-md5 apop login plain auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz auth_verbose = yes base_dir = /var/run/dovecot/ listen = 162.106.yyy.zzz login_greeting = Dovecot Ready login_log_format_elements = %u %r %m %c mail_debug = yes mail_max_userip_connections = 100 passdb { args = proxy=y nopassword=y user=remotemail destuser=remotemail at gmail.comhost= pop.gmail.com port=995 proxy_timeout=15 starttls=y driver = static } protocols = pop3 service pop3-login { client_limit = 200 inet_listener pop3 { address = dserver port = 110 } process_limit = 1 process_min_avail = 1 service_count = 0 vsz_limit = 256 M } ssl = required ssl_ca = ): lookup Oct 7 09:33:13 dserver dovecot: auth: Debug: static(remotemail,162.106.xxx.yyy,): Allowing any password Oct 7 09:33:13 dserver dovecot: auth: Debug: client passdb out: OK 2 user=remotemail proxy nopassword=y destuser= remotemail at gmail.com host=pop.gmail.com port=995 proxy _timeout=15 starttls=y hostip=74.125.142.108 pass=123456789 Oct 7 09:33:13 dserver dovecot: pop3-login: Debug: Ignoring unknown passdb extra field: nopassword Oct 7 09:33:28 dserver dovecot: pop3-login: Error: proxy(remotemail): Login for pop.gmail.com:995 timed out in state=0 (after 15 secs, local=162.106.yyy.zzz:59282) Oct 7 09:33:34 dserver dovecot: pop3-login: Aborted login (internal failure, 1 successful auths): remotemail, 162.106.xxx.yyy, PLAIN, TLS Oct 7 09:33:34 dserver dovecot: pop3-login: Debug: SSL alert: close notify [162.106.xxx.yyy] From CMarcus at Media-Brokers.com Mon Oct 7 19:37:12 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 07 Oct 2013 12:37:12 -0400 Subject: [Dovecot] Proxy to gmail not working In-Reply-To: References: Message-ID: <5252E338.3080702@Media-Brokers.com> On 2013-10-07 12:11 PM, Alex Wanderley wrote: > # OS: Linux 2.6.18-308.8.2.el5xen x86_64 CentOS release 5.8 (Final) Aaaack! Makes me wonder what vancient version of openssl, and maybe that is the culprit? From h.reindl at thelounge.net Mon Oct 7 19:47:49 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 07 Oct 2013 18:47:49 +0200 Subject: [Dovecot] Proxy to gmail not working In-Reply-To: <5252E338.3080702@Media-Brokers.com> References: <5252E338.3080702@Media-Brokers.com> Message-ID: <5252E5B5.6040101@thelounge.net> Am 07.10.2013 18:37, schrieb Charles Marcus: > On 2013-10-07 12:11 PM, Alex Wanderley wrote: >> # OS: Linux 2.6.18-308.8.2.el5xen x86_64 CentOS release 5.8 (Final) > > Aaaack! > > Makes me wonder what vancient version of openssl, and maybe that is the culprit? openssl-0.9.8e - so what - better read more than 1 line before answer Port 995 *is not* STARTTLS and *that* is the reason http://en.wikipedia.org/wiki/STARTTLS STARTTLS is *always* the default port and starts unecrypted while POP3S/IMAPS starts with a SSL handshake >> passdb { >> args = proxy=y nopassword=y user=remotemail destuser=remotemail at gmail.comhost= >> pop.gmail.com port=995 proxy_timeout=15 starttls=y >> driver = static >> } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From me at junc.eu Mon Oct 7 20:26:59 2013 From: me at junc.eu (Benny Pedersen) Date: Mon, 07 Oct 2013 19:26:59 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: <5252DB79.1070604@private-lotus.org> References: <5251EBBA.4000505@private-lotus.org> <5252DB79.1070604@private-lotus.org> Message-ID: <304a6da8d926bb2801dce200417507c8@junc.eu> Wouter Berkepeis skrev den 2013-10-07 18:04: > Thanks for the reply. I already tried all possible options in > server.php > : from 993/imap/ssl/novalidate-certs to 143/imap/notls with setting > use_starttls to false. It seems that smartsieve/managesieve-login is > always trying to setup a secure connection. Looking at my log files > TLS > handshaking is always been done. I don't know what is causing this > behaviour. well then change to http://www.horde.org/apps/ingo with is still maintained i have lost how to solve it in smartsieve, if you only want to have webui with smartsieve it possible to disable tls for the dovecot part on port 2000 / 4190, this is fine for connection as long is just loopback interface, its still possible to have smartsieve on a https webpage From Bruno.Treguier at shom.fr Mon Oct 7 20:57:15 2013 From: Bruno.Treguier at shom.fr (=?ISO-8859-1?Q?Bruno_Tr=E9guier?=) Date: Mon, 07 Oct 2013 19:57:15 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <156D1F6E-96F9-4176-BF33-7B4323E41879@langille.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> <523861B3.7090703@thelounge.net> <52386E62.6040806@shom.fr> <156D1F6E-96F9-4176-BF33-7B4323E41879@langille.org> Message-ID: <5252F5FB.6070607@shom.fr> Le 06/10/2013 ? 22:42, Dan Langille a ?crit : > After a long delay, I'm ready to tackle this again. [...] > Testing via the command line gives: > > $ openssl s_client -connect imaps.unixathome.org:993 > CONNECTED(00000003) > depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority > verify error:num=19:self signed certificate in certificate chain > verify return:0 Ok, this is fine, and different from the result you were getting a few weeks ago. Your cert chain is ok, it seems. The "errornum=19:self signed certificate in certificate chain" is a "normal" errot, due to the fact that you didn't tell openssl where to find a list of valid root certs. > All looks good. > > /var/log/maillog shows: > > Oct 6 20:06:28 imaps dovecot: imap-login: Login: user=, method=PLAIN, rip=98.111.147.220, lip=199.233.228.197, mpid=81052, TLS, session= > Oct 6 20:08:21 imaps dovecot: imap(dan): Disconnected: Logged out in=26 out=691 > > > I have Thunderbird working just fine on my Macbook. > > But my goal is mail.app on my iPhone and my Macbook. When they try to connect, the mail server logs are: > > Oct 6 20:20:25 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [98.111.147.220] > Oct 6 20:20:25 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, TLS handshaking: Disconnected, session= > > Yet, the same iPhone and Macbook connect fine to a dovecot 1.2.17 installation. That's my current IMAP server. I'm moving to another server and failing so far. > > Suggestions to use another client app or platform will not be entertained, because, clearly, this works with dovecot 1. Well, sorry but no further suggestions as far as I'm concerned then, except that some people tend to think that mail.app is pretty crappy and behaves quite strangely in certain situations... Best regards, Bruno -- - Service Hydrographique et Oceanographique de la Marine - DMGS/INF - 13, rue du Chatellier - CS 92803 - 29228 Brest Cedex 2, FRANCE - Phone: +33 2 98 22 17 49 - Email: Bruno.Treguier at shom.fr From wouter at private-lotus.org Mon Oct 7 21:37:02 2013 From: wouter at private-lotus.org (Wouter Berkepeis) Date: Mon, 07 Oct 2013 20:37:02 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: <304a6da8d926bb2801dce200417507c8@junc.eu> References: <5251EBBA.4000505@private-lotus.org> <5252DB79.1070604@private-lotus.org> <304a6da8d926bb2801dce200417507c8@junc.eu> Message-ID: <5252FF4E.3030304@private-lotus.org> Thanks for the tip. I had to disable ssl completely to finally login to SmartSieve. But then I saw that the interface is 'crippled', it's missing some parts. I don't know what is causing that, but I've had it with SmartSieve for now. Which is a pity because it's the only stand-alone (web)gui, as far as I know. Looking for alternatives I already came across Ingo. But this is part of the Horde suite and Horde is not part of Debian Wheezy. And I don't like that I have to use a whole suite just for managing my sieve filter settings. Another alternative maybe could be the Avelsieve plugin for Squirrelmail. But with LDAP authentication I am using I also have to install the LDAP backend plugin. It's becoming a bit too tricky for me, and again, I have to use another program just to manage sieve. So, I guess, maybe it's time to pick up my rusty programming skills and create a gui myself.... Regards, Wouter On 10/07/2013 07:26 PM, Benny Pedersen wrote: > Wouter Berkepeis skrev den 2013-10-07 18:04: >> Thanks for the reply. I already tried all possible options in server.php >> : from 993/imap/ssl/novalidate-certs to 143/imap/notls with setting >> use_starttls to false. It seems that smartsieve/managesieve-login is >> always trying to setup a secure connection. Looking at my log files TLS >> handshaking is always been done. I don't know what is causing this >> behaviour. > > well then change to http://www.horde.org/apps/ingo with is still > maintained > > i have lost how to solve it in smartsieve, if you only want to have > webui with smartsieve it possible to disable tls for the dovecot part > on port 2000 / 4190, this is fine for connection as long is just > loopback interface, its still possible to have smartsieve on a https > webpage > -------------- next part -------------- A non-text attachment was scrubbed... Name: fdfdeege.png Type: image/png Size: 5830 bytes Desc: not available URL: From jtam.home at gmail.com Tue Oct 8 01:22:53 2013 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 7 Oct 2013 15:22:53 -0700 (PDT) Subject: [Dovecot] Proxy to gmail not working In-Reply-To: References: Message-ID: On Mon, 7 Oct 2013, Alex Wanderley writes: > passdb { > args = proxy=y nopassword=y user=remotemail destuser=remotemail at gmail.comhost= > pop.gmail.com port=995 proxy_timeout=15 starttls=y > driver = static > } > ... > Oct 7 09:33:13 dserver dovecot: auth: Debug: client passdb out: OK > 2 user=remotemail proxy nopassword=y destuser= > remotemail at gmail.com host=pop.gmail.com port=995 proxy > _timeout=15 starttls=y hostip=74.125.142.108 pass=123456789 > Oct 7 09:33:13 dserver dovecot: pop3-login: Debug: Ignoring unknown passdb > extra field: nopassword > Oct 7 09:33:28 dserver dovecot: pop3-login: Error: proxy(remotemail): > Login for pop.gmail.com:995 timed out in state=0 (after 15 secs, > local=162.106.yyy.zzz:59282) Idle speculation, but remote port 995 usually means SSL type connection (i.e. dive right into SSL protocol), whereas "starttls=y" starts out in plaintext, and SSL negotiations starts after a STARTTLS directive. Looking at http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy methinks you want to replace "starttls=y" with "ssl=yes". Joseph Tam From me at junc.eu Tue Oct 8 08:24:56 2013 From: me at junc.eu (Benny Pedersen) Date: Tue, 08 Oct 2013 07:24:56 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: <5252FF4E.3030304@private-lotus.org> References: "\"<5251EBBA.4000505@private-lotus.org>" " <5252DB79.1070604@private-lotus.org> <304a6da8d926bb2801dce200417507c8@junc.eu> <5252FF4E.3030304@private-lotus.org> Message-ID: <5febe4a99f5b8bcd077c56f930be0dd4@junc.eu> Wouter Berkepeis skrev den 2013-10-07 20:37: > Thanks for the tip. I had to disable ssl completely to finally login > to > SmartSieve. But then I saw that the interface is 'crippled', it's > missing some parts. I don't know what is causing that, but I've had > it > with SmartSieve for now. Which is a pity because it's the only > stand-alone (web)gui, as far as I know. ingo does not need full horde install, wake up :) > Looking for alternatives I already came across Ingo. But this is part > of > the Horde suite and Horde is not part of Debian Wheezy. make a virtualbox with gentoo then where its supported :) > And I don't like > that I have to use a whole suite just for managing my sieve filter > settings. who sayed that ? > Another alternative maybe could be the Avelsieve plugin for > Squirrelmail. or roundcube ? > But with LDAP authentication I am using I also have to > install the LDAP backend plugin. nope, if you use webmail its done > It's becoming a bit too tricky for me, come on, you manage debian ? > and again, I have to use another program just to manage sieve. upto you, i just show you little help in solve it > So, I guess, maybe it's time to pick up my rusty programming skills > and > create a gui myself.... its opensource From wouter at private-lotus.org Tue Oct 8 08:49:26 2013 From: wouter at private-lotus.org (Wouter Berkepeis) Date: Tue, 08 Oct 2013 07:49:26 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: <5febe4a99f5b8bcd077c56f930be0dd4@junc.eu> References: "\"<5251EBBA.4000505@private-lotus.org>" " <5252DB79.1070604@private-lotus.org> <304a6da8d926bb2801dce200417507c8@junc.eu> <5252FF4E.3030304@private-lotus.org> <5febe4a99f5b8bcd077c56f930be0dd4@junc.eu> Message-ID: <52539CE6.6070602@private-lotus.org> Hello Benny, Thanks for your response. Ingo looks promising to me as a sufficient solution, but on the Ingo site one of the stated prerequisites is : (start quote) To function properly, Ingo *requires* the following: A working Horde installation Ingo runs within the Horde Application Framework , a set of common tools for web applications written in PHP. You must install Horde before installing Ingo. (end quote) So, if I can install Ingo without Horde as you say, I would be more then happy. Btw, my remark about the LDAP authentication with Squirrelmail being too tricky to implement maybe wasn't described right. What I meant was it's not worth the efforts installing all this, just to be able to manage sieve filters from inside another program. I have installed Squirrelmail for just being able to look now and then at my e-mail at public places, I don't use it frequently. Anyway, thanks for your little help. :-) Regards, Wouter On 10/08/2013 07:24 AM, Benny Pedersen wrote: > Wouter Berkepeis skrev den 2013-10-07 20:37: >> Thanks for the tip. I had to disable ssl completely to finally login to >> SmartSieve. But then I saw that the interface is 'crippled', it's >> missing some parts. I don't know what is causing that, but I've had it >> with SmartSieve for now. Which is a pity because it's the only >> stand-alone (web)gui, as far as I know. > > ingo does not need full horde install, wake up :) > >> Looking for alternatives I already came across Ingo. But this is part of >> the Horde suite and Horde is not part of Debian Wheezy. > > make a virtualbox with gentoo then where its supported :) > >> And I don't like >> that I have to use a whole suite just for managing my sieve filter >> settings. > > who sayed that ? > >> Another alternative maybe could be the Avelsieve plugin for >> Squirrelmail. > > or roundcube ? > >> But with LDAP authentication I am using I also have to >> install the LDAP backend plugin. > > nope, if you use webmail its done > >> It's becoming a bit too tricky for me, > > come on, you manage debian ? > >> and again, I have to use another program just to manage sieve. > > upto you, i just show you little help in solve it > >> So, I guess, maybe it's time to pick up my rusty programming skills and >> create a gui myself.... > > its opensource > From simon.buongiorno at gmail.com Tue Oct 8 09:13:59 2013 From: simon.buongiorno at gmail.com (Simon B) Date: Tue, 8 Oct 2013 08:13:59 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: <52539CE6.6070602@private-lotus.org> References: <5251EBBA.4000505@private-lotus.org> <5252DB79.1070604@private-lotus.org> <304a6da8d926bb2801dce200417507c8@junc.eu> <5252FF4E.3030304@private-lotus.org> <5febe4a99f5b8bcd077c56f930be0dd4@junc.eu> <52539CE6.6070602@private-lotus.org> Message-ID: On 8 Oct 2013 07:50, "Wouter Berkepeis" wrote: > > Hello Benny, > > Thanks for your response. Ingo looks promising to me as a sufficient > solution, but on the Ingo site one of the stated prerequisites is : > > (start quote) > > To function properly, Ingo *requires* the following: > > A working Horde installation > > Ingo runs within the Horde Application Framework > , a set of common tools for web > applications written in PHP. You must install Horde before installing Ingo. > > (end quote) > > So, if I can install Ingo without Horde as you say, I would be more then > happy. > > Btw, my remark about the LDAP authentication with Squirrelmail being too > tricky to implement maybe wasn't described right. What I meant was it's > not worth the efforts installing all this, just to be able to manage > sieve filters from inside another program. I have installed Squirrelmail > for just being able to look now and then at my e-mail at public places, > I don't use it frequently. > > Anyway, thanks for your little help. :-) A working horde installation is in this case the horde package. If you don't need to install webmail, address book, calendar, tasks, you don't have to. Let alone the wiki, photo gallery, bookmark manager or ticket interface. Just install horde and Ingo and be done. You may find it useful to install imp too -to take care of the authentication, but you don't have to show it to the user. And installing by pear couldn't be easier. Why do you need a debian package? Simon From me at junc.eu Tue Oct 8 09:44:20 2013 From: me at junc.eu (Benny Pedersen) Date: Tue, 08 Oct 2013 08:44:20 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: <52539CE6.6070602@private-lotus.org> References: "\"\\\"\\\\\\\"<5251EBBA.4000505@private-lotus.org>\\\" \\\" <5252DB79.1070604@private-lotus.org> <304a6da8d926bb2801dce200417507c8@junc.eu> <5252FF4E.3030304@private-lotus.org>" <5febe4a99f5b8bcd077c56f930be0dd4@junc.eu>" <52539CE6.6070602@private-lotus.org> Message-ID: <4167501d33ef90d351135a57e5e51739@junc.eu> Wouter Berkepeis skrev den 2013-10-08 07:49: > So, if I can install Ingo without Horde as you say, I would be more > then > happy. yes ingo needs horde framework, but not the full horde problem to run > Btw, my remark about the LDAP authentication with Squirrelmail being > too > tricky to implement maybe wasn't described right. you dont need auth in squirrelmail, its imap auth in the first place > What I meant was it's > not worth the efforts installing all this, just to be able to manage > sieve filters from inside another program. I have installed > Squirrelmail > for just being able to look now and then at my e-mail at public > places, > I don't use it frequently. if all needed tools is missing in debian why use it ? create a launchpad bug of have ingo installed via apt-get will be next step > Anyway, thanks for your little help. :-) no problem From jogi at mur.at Tue Oct 8 10:14:28 2013 From: jogi at mur.at (=?UTF-8?B?Sm9naSBIb2Ztw7xsbGVy?=) Date: Tue, 08 Oct 2013 09:14:28 +0200 Subject: [Dovecot] Transparent Migration from cyrus to dovecot In-Reply-To: <5251CE62.5060104@wildgooses.com> References: <52513DE2.6070708@mur.at> <5251CE62.5060104@wildgooses.com> Message-ID: <5253B0D4.5060705@mur.at> Hi Ed, Thanks for the encouragement! Am 2013-10-06 22:56, schrieb Ed W: > Make use of the proxy feature. You can add a "server" entry into your > userdb, that way you can literally move users over one by one and flip > their server location. You can easily test individual users and move > them over individually. One question still remains in my head. The migration/dsync page [1] states that 'The source IMAP/POP3 mailboxes shouldn't be modified while dsync is running. Also "dsync backup" means that if the destination has any changes that don't exist in source IMAP server, the changes are deleted.' So how does the setup behave *while* I migrate a user's mail? I figured that I would start with a proxy entry for every user. Then disabling proxy for the first mailbox and start migrating it. So new mail would be delivered to the newly created dovecot mailbox while all the mail from the old server would start appearing. From the quote above I take it that new mail *could* disappear. OK, this is all still theory since I have not done any tests. However, the more I know beforehand, the better the process will work, I hope ;) [1] http://wiki2.dovecot.org/Migration/Dsync Cheers! -- j.hofm?ller Optimism doesn't alter the laws of physics. - Subcommander T'Pol -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 230 bytes Desc: OpenPGP digital signature URL: From stocton12 at yahoo.com Tue Oct 8 15:20:57 2013 From: stocton12 at yahoo.com (b m) Date: Tue, 8 Oct 2013 05:20:57 -0700 (PDT) Subject: [Dovecot] cas proxy ticket as password Message-ID: <1381234857.41950.YahooMailNeo@web125703.mail.ne1.yahoo.com> Hi everybody. Hi I'm tryingto use CAS for authenticating in dovecot. I have installed pam_cas and when I try castest i get "" for my service (imaps://mywebmail.com) But when I actually try to login, dovecot uses the PT from the cas server as password. Any ideas what I'm missing? Thanks a lot. From dan at langille.org Tue Oct 8 15:59:55 2013 From: dan at langille.org (Dan Langille) Date: Tue, 08 Oct 2013 08:59:55 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5252F5FB.6070607@shom.fr> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" "\"<52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> <523861B3.7090703@thelounge.net>" " <52386E62.6040806@shom.fr> <156D1F6E-96F9-4176-BF33-7B4323E41879@langille.org> <5252F5FB.6070607@shom.fr> Message-ID: On 2013-10-07 13:57, Bruno Tr?guier wrote: > Le 06/10/2013 ? 22:42, Dan Langille a ?crit : > After a long delay, I'm ready to tackle this again. > > [...] > Testing via the command line gives: > > $ openssl s_client -connect imaps.unixathome.org:993 > CONNECTED(00000003) > depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate > Signing, CN = StartCom Certification Authority > verify error:num=19:self signed certificate in certificate chain > verify return:0 > > Ok, this is fine, and different from the result you were getting a few > weeks ago. Your cert chain is ok, it seems. The "errornum=19:self > signed > certificate in certificate chain" is a "normal" errot, due to the fact > that you didn't tell openssl where to find a list of valid root certs. > > > All looks good. > > /var/log/maillog shows: > > Oct 6 20:06:28 imaps dovecot: imap-login: Login: user=, > method=PLAIN, rip=98.111.147.220, lip=199.233.228.197, mpid=81052, TLS, > session= > Oct 6 20:08:21 imaps dovecot: imap(dan): Disconnected: Logged out > in=26 out=691 > > > I have Thunderbird working just fine on my Macbook. > > But my goal is mail.app on my iPhone and my Macbook. When they try to > connect, the mail server logs are: > > Oct 6 20:20:25 imaps dovecot: imap-login: Warning: SSL failed: > where=0x2002: SSLv3 read client certificate A [98.111.147.220] > Oct 6 20:20:25 imaps dovecot: imap-login: Disconnected (no auth > attempts in 1 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, > TLS handshaking: Disconnected, session= > > Yet, the same iPhone and Macbook connect fine to a dovecot 1.2.17 > installation. That's my current IMAP server. I'm moving to another > server and failing so far. > > Suggestions to use another client app or platform will not be > entertained, because, clearly, this works with dovecot 1. > > Well, sorry but no further suggestions as far as I'm concerned then, > except that some people tend to think that mail.app is pretty crappy > and > behaves quite strangely in certain situations... I have given up. As much as I'd like to solve this problem, I must move on. I will resort to self-signed certificates.[1] I had hoped to resolve the issue so that others can use the solution. My thanks to those that have offered suggestions and help. [1] - FYI, I am the only user of this IMAP server. -- Dan Langille - http://langille.org/ From TIHiggins at uss.com Tue Oct 8 20:40:01 2013 From: TIHiggins at uss.com (Thomas I Higgins) Date: Tue, 8 Oct 2013 13:40:01 -0400 Subject: [Dovecot] POP3 Setup help Message-ID: I am lost as to what I am missing. I am setting up dovecot 2.0.9 on a RHEL 6.4 machine as provided by my provider. I have IMAP up and running, and I have POP3 up and running. Testing confirms this. Also, if it makes a difference, I enabled dovecot as my LDA. Sendmail was setup as well due to our 1.x version using it and I though I had to. Anyway, everything is working perfectly with the services, except the mail is sending to the wrong location for POP. I am trying to use Maildir for both services, but it keeps delivering the POP3 mail to /var/spool/mail/u% instead of to Maildir as specified in the configuration files. I have rechecked every setting at least twice and still can't see what I am doing wrong. I suppose I can use mbox and redirect after making the appropriate namespace changes, but that has it's own potential drawbacks and seems more like a kludge than the correct way around this (unless I misunderstand how it should work). Can anyone point me in the right direction on how to fix this? Thanks in advance, Thomas Higgins From dan at langille.org Wed Oct 9 01:16:19 2013 From: dan at langille.org (Dan Langille) Date: Tue, 8 Oct 2013 18:16:19 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" "\"<52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> <523861B3.7090703@thelounge.net>" " <52386E62.6040806@shom.fr> <156D1F6E-96F9-4176-BF33-7B4323E41879@langille.org> <5252F5FB.6070607@shom.fr> Message-ID: <43261896-DE66-4E49-A158-17B580FD5C29@langille.org> On Oct 8, 2013, at 8:59 AM, Dan Langille wrote: > On 2013-10-07 13:57, Bruno Tr?guier wrote: >> Le 06/10/2013 ? 22:42, Dan Langille a ?crit : >> After a long delay, I'm ready to tackle this again. >> [...] >> Testing via the command line gives: >> $ openssl s_client -connect imaps.unixathome.org:993 >> CONNECTED(00000003) >> depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority >> verify error:num=19:self signed certificate in certificate chain >> verify return:0 >> Ok, this is fine, and different from the result you were getting a few >> weeks ago. Your cert chain is ok, it seems. The "errornum=19:self signed >> certificate in certificate chain" is a "normal" errot, due to the fact >> that you didn't tell openssl where to find a list of valid root certs. >> All looks good. >> /var/log/maillog shows: >> Oct 6 20:06:28 imaps dovecot: imap-login: Login: user=, method=PLAIN, rip=98.111.147.220, lip=199.233.228.197, mpid=81052, TLS, session= >> Oct 6 20:08:21 imaps dovecot: imap(dan): Disconnected: Logged out in=26 out=691 >> I have Thunderbird working just fine on my Macbook. >> But my goal is mail.app on my iPhone and my Macbook. When they try to connect, the mail server logs are: >> Oct 6 20:20:25 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [98.111.147.220] >> Oct 6 20:20:25 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, TLS handshaking: Disconnected, session= >> Yet, the same iPhone and Macbook connect fine to a dovecot 1.2.17 installation. That's my current IMAP server. I'm moving to another server and failing so far. >> Suggestions to use another client app or platform will not be entertained, because, clearly, this works with dovecot 1. >> Well, sorry but no further suggestions as far as I'm concerned then, >> except that some people tend to think that mail.app is pretty crappy and >> behaves quite strangely in certain situations... > > I have given up. As much as I'd like to solve this problem, I must move on. I will resort to self-signed certificates.[1] I had hoped to resolve the issue so that others can use the solution. > > My thanks to those that have offered suggestions and help. > > [1] - FYI, I am the only user of this IMAP server. The problem *may* be with 4096 bit certificates. I've been able to connect with a 2048-bit, but not with a 4096-bit. More testing to be done. -- Dan Langille - http://langille.org From noel.butler at ausics.net Wed Oct 9 01:53:13 2013 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 09 Oct 2013 08:53:13 +1000 Subject: [Dovecot] POP3 Setup help In-Reply-To: References: Message-ID: <19324d551b7a81b004edc3fa0a8a40f4@ausics.net> On 09/10/2013 03:40, Thomas I Higgins wrote: > I am lost as to what I am missing. I am setting up dovecot 2.0.9 on a > RHEL > 6.4 machine as provided by my provider. I have IMAP up and running, > and I > have POP3 up and running. Testing confirms this. Also, if it makes a > difference, I enabled dovecot as my LDA. Sendmail was setup as well > due to > our 1.x version using it and I though I had to. Anyway, everything is > working perfectly with the services, except the mail is sending to the > wrong location for POP. I am trying to use Maildir for both services, > but > it keeps delivering the POP3 mail to /var/spool/mail/u% instead of to > Maildir as specified in the configuration files. I have rechecked > every > setting at least twice and still can't see what I am doing wrong. I > suppose I can use mbox and redirect after making the appropriate > namespace > changes, but that has it's own potential drawbacks and seems more like > a > kludge than the correct way around this (unless I misunderstand how it > should work). Can anyone point me in the right direction on how to fix > this? > > Thanks in advance, > > Thomas Higgins it's a lovely day here, but you must be far away and bad weather in between us, as my ESP doesnt seem to get through, so we'll have to revert to the old manual hard labour way by you executing doveconf -n , copy and pasting that output into a list reply. From skdovecot at smail.inf.fh-brs.de Wed Oct 9 09:06:41 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 9 Oct 2013 08:06:41 +0200 (CEST) Subject: [Dovecot] POP3 Setup help In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 8 Oct 2013, Thomas I Higgins wrote: > our 1.x version using it and I though I had to. Anyway, everything is > working perfectly with the services, except the mail is sending to the > wrong location for POP. I am trying to use Maildir for both services, but > it keeps delivering the POP3 mail to /var/spool/mail/u% instead of to > Maildir as specified in the configuration files. I have rechecked every Next to Noel's advice, please explain what "it keeps delivering the POP3 mail" shall mean. Who/what is "it" and why a mail retrieval protocol, like POP3, gets mail delivered? Do you mean that Dovecot uses the wrong location, when an user pops messages via the POP3 protocol? Kind regards, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUlTyc13r2wJMiz2NAQJmpAgAsVIByWoXelEZ9uMN3FxToWl53toPFkqP zNkPMv4L4i3hMb2Ak26cbaYAg7h2lfUoT1y7jxbivx+vutqovDJeq1YKJ813Ah4C 7lsK+G3FqNeQ8AQrjsxDEGSf5Iw4gAfH1JOBwtgh/0fSFmpJ1aVN2SlLIcsM2+8f gjYELp4JDja8zRNlwuD+PH0ZYGGDZpo3NqKWS+Puk5XYYQlR9tPh+xXHDdNQmlbI 9pw+4DOgB5pYOiqDniNdOFFl8HH6XqPQ3Rd/ubRNhSP9camPSrs6ynOpeknicjI3 F0fTukiK7ype0OusnFq/Z2WmMeEMtv5sjMDa7s5+y5kef3S8q1sShQ== =xDsc -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Oct 9 09:28:45 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 9 Oct 2013 08:28:45 +0200 (CEST) Subject: [Dovecot] shared or acl or etc In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 2 Oct 2013, John Smith wrote: > user_attrs = sAMAccountName=home=/home/vmail/%L$, > maxStorage=quota_rule=*:bytes=%$M > > With these settings the domain users successfully authenticate and can > receive mail from their mail_localtion, however there are a few users with > the same email address, but different sAMAccountName > These users use the same e-mail on all connected by imap. > > Tell me how to beat this situation? Well, your user_attrs does not fit into this situation. Either add another attribute to override the mail_location in these few cases or use another attribute "home" for all users or make the file system match the config and add symlinks for those users that share the same mail storage. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUlT3nV3r2wJMiz2NAQLFqQgAk2UgYlw7MjAIVRlLfN+KKLsI55DmZ+KP 5BNTXHqwWsxb/eW97nP9z+dhu+J08QJV4SEfFHGaLSfVK02fJal2VWTNvRrJelDE ON+qBn8qPXhWgbR/EaLEKT7P8KU/pcT5p/EyjoJnRApggLkezY+1fruUe6vavtsh sVbLRaFGRk8tXHAyvdyxdtCaKlohl29O4F8ShXf59CJ3xl1mlyJn3nzjGz18WSjh RaUc1frk8dj69t20zmDRY+9aCk7OWVM02tUizIhZBKonrN5c1R7qyFeOUvb2NBiF fNBECoC7jhxxcHXzXnAmCci1SEEXSHvGwutvZCK+nBATJn46196yxQ== =GjD+ -----END PGP SIGNATURE----- From frank at moltke28.B.Shuttle.DE Wed Oct 9 15:57:01 2013 From: frank at moltke28.B.Shuttle.DE (Frank Elsner) Date: Wed, 9 Oct 2013 14:57:01 +0200 Subject: [Dovecot] dovecot: ssl-params Message-ID: (auto-added) Hello *, what is the reason for this strange behaviour? May I ignore it? Oct 8 19:32:20 seymour dovecot: ssl-params: Generating SSL parameters Oct 8 19:32:29 seymour dovecot: ssl-params: SSL parameters regeneration completed Oct 9 07:01:05 seymour dovecot: ssl-params: Generating SSL parameters Oct 9 07:01:06 seymour dovecot: imap-login: Login: frank, 192.168.28.1, TLS Oct 9 07:01:06 seymour dovecot: ssl-params: SSL parameters regeneration completed Oct 9 07:01:07 seymour dovecot: ssl-params: Error: epoll_ctl(del, 7) failed: No such file or directory Oct 9 07:01:07 seymour dovecot: ssl-params: Error: epoll_ctl(del, 8) failed: No such file or directory Kind regards, Frank Elsner From wouter at private-lotus.org Wed Oct 9 21:22:30 2013 From: wouter at private-lotus.org (Wouter Berkepeis) Date: Wed, 09 Oct 2013 20:22:30 +0200 Subject: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7 In-Reply-To: References: <5251EBBA.4000505@private-lotus.org> <5252DB79.1070604@private-lotus.org> <304a6da8d926bb2801dce200417507c8@junc.eu> <5252FF4E.3030304@private-lotus.org> <5febe4a99f5b8bcd077c56f930be0dd4@junc.eu> <52539CE6.6070602@private-lotus.org> Message-ID: <52559EE6.7090505@private-lotus.org> Hello Simon, Thank you for your explanation about Horde and Ingo. I will certainly try to install it and see if it satisfies my needs. And as you said, installation is done by pear, so a Debian package is not needed. I only wondered why the Horde software is not included anymore in Wheezy, as it was in Squeeze. Not that it probably would be of much worth, I have another machine running Ubuntu 12.04.3 LTS and the version in the repo is a bit outdated (3.3). Regards, Wouter On 10/08/2013 08:13 AM, Simon B wrote: > > > On 8 Oct 2013 07:50, "Wouter Berkepeis" > wrote: > > > > Hello Benny, > > > > Thanks for your response. Ingo looks promising to me as a sufficient > > solution, but on the Ingo site one of the stated prerequisites is : > > > > (start quote) > > > > To function properly, Ingo *requires* the following: > > > > A working Horde installation > > > > Ingo runs within the Horde Application Framework > > , a set of common tools for web > > applications written in PHP. You must install Horde before installing Ingo. > > > > (end quote) > > > > So, if I can install Ingo without Horde as you say, I would be more then > > happy. > > > > Btw, my remark about the LDAP authentication with Squirrelmail being too > > tricky to implement maybe wasn't described right. What I meant was it's > > not worth the efforts installing all this, just to be able to manage > > sieve filters from inside another program. I have installed Squirrelmail > > for just being able to look now and then at my e-mail at public places, > > I don't use it frequently. > > > > Anyway, thanks for your little help. :-) > > A working horde installation is in this case the horde package. If you don't need to install webmail, address book, calendar, tasks, you don't have to. Let alone the wiki, photo gallery, bookmark manager or ticket interface. > > Just install horde and Ingo and be done. > > You may find it useful to install imp too -to take care of the authentication, but you don't have to show it to the user. > > And installing by pear couldn't be easier. Why do you need a debian package? > > Simon > From vorgusa at gmail.com Wed Oct 9 21:24:04 2013 From: vorgusa at gmail.com (Chris Lasater) Date: Wed, 09 Oct 2013 14:24:04 -0400 Subject: [Dovecot] Doveadm with a 2nd Instance In-Reply-To: <20130926130237.GT13717@harrier.slackbuilds.org> References: <5243BBCD.3060107@gmail.com> <20130926130237.GT13717@harrier.slackbuilds.org> Message-ID: <52559F44.2010600@gmail.com> Hey Rob, I figured this one out. The bug is associated with the default run/dovecot base_dir. If you move both instances to a different location then (or at least the one named dovecot) it works fine and I can control both instances properly. Chris On 09/26/2013 09:02 AM, /dev/rob0 wrote: > On Thu, Sep 26, 2013 at 12:45:01AM -0400, Chris Lasater wrote: >> I am trying to use 2 instances of Dovecot on the same server so I >> can have a Director managing my connections, everything appears to >> be working, but I can not use doveadm to control my 2nd instance, >> but doveconf seems to work fine. > I have noticed the same thing. It seems that doveadm ignores -i. > "dovecot" works with -c /path/to/other/dovecot.conf, but it too > ignores -i. > > We got the idea to try -i from > http://wiki2.dovecot.org/Tools/Doveadm/Instance , but "doveadm help" > itself does not show a -i. > >> I have stopped and started both my instances so the config running >> is what is in the config file, but when I use -i Director with >> doveadm it uses the other instances config. > And this is a big problem for trying to use "doveadm director" > commands when the director instance uses the nonstandard paths. I > haven't found a way to do that yet! "-c /path/to/other/dovecot.conf" > didn't work. > > http://wiki2.dovecot.org/Tools/Doveadm/Director > > Currently on 2.2.5, about to switch to 2.2.6 EE. It seemed like it > worked back in 2.0.9 before upgrading. From dan at langille.org Wed Oct 9 22:06:30 2013 From: dan at langille.org (Dan Langille) Date: Wed, 9 Oct 2013 15:06:30 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5251D0C0.40404@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> < 523861B3.7090703@thelounge.net> <52386E62.6040806@shom.fr> <156D1F6E-96F9-4176-BF33-7B4323E41879@langille.org> <5251D0C0.40404@thelounge.net> Message-ID: <7CFE8982-88B4-4D52-B096-6183E1C43704@langille.org> On Oct 6, 2013, at 5:06 PM, Reindl Harald wrote: > > > Am 06.10.2013 22:42, schrieb Dan Langille: >> I have Thunderbird working just fine on my Macbook. >> >> But my goal is mail.app on my iPhone and my Macbook. When they try to connect, the mail server logs are: >> >> Oct 6 20:20:25 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [98.111.147.220] >> Oct 6 20:20:25 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, TLS handshaking: Disconnected, session= >> Yet, the same iPhone and Macbook connect fine to a dovecot 1.2.17 installation. That's my current IMAP server. I'm moving to another server and failing so far. >> >> Suggestions to use another client app or platform will not be entertained, because, clearly, this works with dovecot 1 > > and mail.app is working even with *self signed* certificates and dovecot 2.2 > you only have to accept / import the certificate > proven by a testserver all day long It seems that the test server is not testing this particular situation. > > so i assume the problem exists between chair and keyboard Turns out, this assumption is incorrect. Just saying?. -- Dan Langille - http://langille.org From h.reindl at thelounge.net Wed Oct 9 22:17:43 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 09 Oct 2013 21:17:43 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <7CFE8982-88B4-4D52-B096-6183E1C43704@langille.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <523310AD ".30209@mie.utoronto.ca>" <838267d0cae96d1c60fc8c78d91bb29e@mail.unixathome . org> <1379123747.7900.19.camel@tardis> < 5A9B0990-E0E0-40B4-8754-B0685B4B179C@langille.org> <1379212564.7813.26. camel@tardis> < " 1379377718.5447.30.camel@tardis>" <5ad696a456446b9d638c257a61ac6cae@mail. " unixathome.org>" <52384E57.10509@thelounge.net> < 0db334276e557faf03f1c0950ca21da3@mail.unixathome.org> <5238588E.4010405@ thelounge.net> <73e9154b633d6ffc149671641c45a364@mail.unixathome.org> < 523861B3.7090703@thelounge.net> <52386E62.6040806@shom.fr> < 156D1F6E-96F9-4176-BF33-7B4323E41879@langille.org> <5251D0C0.40404@ thelounge.net> <7CFE8982-88B4-4D52-B096-6183E1C43704@langille.org> Message-ID: <5255ABD7.1000001@thelounge.net> Am 09.10.2013 21:06, schrieb Dan Langille: > On Oct 6, 2013, at 5:06 PM, Reindl Harald wrote: >> and mail.app is working even with *self signed* certificates and dovecot 2.2 >> you only have to accept / import the certificate >> proven by a testserver all day long > > It seems that the test server is not testing this particular situation. it is not the servers job to accept the cert the particular server makes it even harder as defaults ssl_cipher_list = EECDH-AES256:EECDH-AES:DHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-AES256:EDH-AES128:EDH-AES:EECDH-RC4:DHE-RC4:EDH-RC4:AES256-SHA:AES128-SHA:TLSv1+HIGH:HIGH:RC4+MEDIUM:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2:!PSK:@STRENGTH ssl_prefer_server_ciphers = yes >> so i assume the problem exists between chair and keyboard > > Turns out, this assumption is incorrect. > > Just saying imap-login: OK: imap at testserver.rhsoft.net, 91.118.73.200, CRAM-MD5, TLSv1 with cipher DHE-RSA-AES256-SHA * dovecot 2.2.6 / openssl-1.0.1e * self signed certificate * 4096 Bit (recently changed from 2048 bit and had to be again accepted by the user) * Apple OSX Mail.app it's not the job of the server to accept the cert period -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From eliezer at ngtech.co.il Wed Oct 9 22:27:35 2013 From: eliezer at ngtech.co.il (Eliezer Croitoru) Date: Wed, 09 Oct 2013 22:27:35 +0300 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> Message-ID: <5255AE27.6040408@ngtech.co.il> On 09/13/2013 02:59 PM, Dan Langille wrote: > > *** /var/log/maillog *** > Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: > where=0x2002: SSLv3 read client certificate A [166.137.84.11] > Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth > attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, > TLS handshaking: Disconnected, session= How about tring to use a username to identify the user?? it is very clear that there is nothing that the client tries to do... Eliezer From h.reindl at thelounge.net Wed Oct 9 22:31:04 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 09 Oct 2013 21:31:04 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5255AE27.6040408@ngtech.co.il> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> Message-ID: <5255AEF8.5040008@thelounge.net> Am 09.10.2013 21:27, schrieb Eliezer Croitoru: > On 09/13/2013 02:59 PM, Dan Langille wrote: >> >> *** /var/log/maillog *** >> Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: >> where=0x2002: SSLv3 read client certificate A [166.137.84.11] >> Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth >> attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, >> TLS handshaking: Disconnected, session= > How about tring to use a username to identify the user?? > it is very clear that there is nothing that the client tries to do... it is much more clear that there is no username if the client refuses the SSL handshake because it does not like the cert or the offered ssl-ciphers user=<> is pretty normal in a lot of cases * ssl cert not accepted and not allowed by the user in case of untrusted * no cipher the client accpets * no auth-mech the client accepts offered by the server so how do *you* imagine to see a username in the log? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From eliezer at ngtech.co.il Wed Oct 9 22:45:08 2013 From: eliezer at ngtech.co.il (Eliezer Croitoru) Date: Wed, 09 Oct 2013 22:45:08 +0300 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5255AEF8.5040008@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> Message-ID: <5255B244.8040801@ngtech.co.il> On 10/09/2013 10:31 PM, Reindl Harald wrote: > > > Am 09.10.2013 21:27, schrieb Eliezer Croitoru: >> On 09/13/2013 02:59 PM, Dan Langille wrote: >>> >>> *** /var/log/maillog *** >>> Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: >>> where=0x2002: SSLv3 read client certificate A [166.137.84.11] >>> Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth >>> attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, >>> TLS handshaking: Disconnected, session= >> How about tring to use a username to identify the user?? >> it is very clear that there is nothing that the client tries to do... > > it is much more clear that there is no username if the client > refuses the SSL handshake because it does not like the cert > or the offered ssl-ciphers > > user=<> is pretty normal in a lot of cases > > * ssl cert not accepted and not allowed by the user in case of untrusted > * no cipher the client accpets > * no auth-mech the client accepts offered by the server > > so how do *you* imagine to see a username in the log? > I expect that StarSSL will put a good configuration examples for Apache Postfix Dovecot Exim nginx and more.. This way their service would give much more... I am just still unsure How long would it take to write the docs that exalain all the mentioned above: there is a SSL hirarcy and StarSSL uses this hirarchy which you need to understand and then the next thing to do is to answer a question or two to make sure you understand that everything is OK with the service etc. A basic openssl client into a ssl port should be sufficent but in a case of a special client that verifies two way key it's another story. Hope there was a solution in the upper part of the thread. Eliezer From h.reindl at thelounge.net Wed Oct 9 22:55:35 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 09 Oct 2013 21:55:35 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5255B244.8040801@ngtech.co.il> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27 .6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@ngtech.co.il> Message-ID: <5255B4B7.10804@thelounge.net> Am 09.10.2013 21:45, schrieb Eliezer Croitoru: > On 10/09/2013 10:31 PM, Reindl Harald wrote: >> >> >> Am 09.10.2013 21:27, schrieb Eliezer Croitoru: >>> On 09/13/2013 02:59 PM, Dan Langille wrote: >>>> >>>> *** /var/log/maillog *** >>>> Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: >>>> where=0x2002: SSLv3 read client certificate A [166.137.84.11] >>>> Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth >>>> attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, >>>> TLS handshaking: Disconnected, session= >>> How about tring to use a username to identify the user?? >>> it is very clear that there is nothing that the client tries to do... >> >> it is much more clear that there is no username if the client >> refuses the SSL handshake because it does not like the cert >> or the offered ssl-ciphers >> >> user=<> is pretty normal in a lot of cases >> >> * ssl cert not accepted and not allowed by the user in case of untrusted >> * no cipher the client accpets >> * no auth-mech the client accepts offered by the server >> >> so how do *you* imagine to see a username in the log? >> > I expect that StarSSL will put a good configuration examples for Apache Postfix Dovecot Exim nginx and more.. not their job and not part of the problem * your client accepts a certificate * your client does not accept your certificate in case it does not *you* as enduser have to accept/import the servers cert http://stackoverflow.com/questions/10879370/startssl-class-1-certificate-not-accepted-by-browser-weblogic-10-0-1 http://www.startssl.com/?app=25#31 if someone does not know what a "intermediate CA" he needs to RTFM or *read* messages of his client or buy by all major clients acepted certificates but that all has less to do with your blunty "it is very clear that there is nothing that the client tries to do" showing that you have zero expierience how a client handshake works -> it does not send usernames or even passwords until it is not satisfied with the negotiation of auth-mechs and ssl-handshake -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From eliezer at ngtech.co.il Wed Oct 9 23:09:53 2013 From: eliezer at ngtech.co.il (Eliezer Croitoru) Date: Wed, 09 Oct 2013 23:09:53 +0300 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5255B4B7.10804@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@ngtech.co.il> <5255B4B7.10804@thelounge.net> Message-ID: <5255B811.5080800@ngtech.co.il> On 10/09/2013 10:55 PM, Reindl Harald wrote: > > > Am 09.10.2013 21:45, schrieb Eliezer Croitoru: >> On 10/09/2013 10:31 PM, Reindl Harald wrote: >>> >>> >>> Am 09.10.2013 21:27, schrieb Eliezer Croitoru: >>>> On 09/13/2013 02:59 PM, Dan Langille wrote: >>>>> >>>>> *** /var/log/maillog *** >>>>> Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: >>>>> where=0x2002: SSLv3 read client certificate A [166.137.84.11] >>>>> Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth >>>>> attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, >>>>> TLS handshaking: Disconnected, session= >>>> How about tring to use a username to identify the user?? >>>> it is very clear that there is nothing that the client tries to do... >>> >>> it is much more clear that there is no username if the client >>> refuses the SSL handshake because it does not like the cert >>> or the offered ssl-ciphers >>> >>> user=<> is pretty normal in a lot of cases >>> >>> * ssl cert not accepted and not allowed by the user in case of untrusted >>> * no cipher the client accpets >>> * no auth-mech the client accepts offered by the server >>> >>> so how do *you* imagine to see a username in the log? >>> >> I expect that StarSSL will put a good configuration examples for Apache Postfix Dovecot Exim nginx and more.. > > not their job and not part of the problem > > * your client accepts a certificate > * your client does not accept your certificate > > in case it does not *you* as enduser have to accept/import the servers cert > > http://stackoverflow.com/questions/10879370/startssl-class-1-certificate-not-accepted-by-browser-weblogic-10-0-1 > http://www.startssl.com/?app=25#31 > > if someone does not know what a "intermediate CA" he needs to RTFM or *read* > messages of his client or buy by all major clients acepted certificates > > but that all has less to do with your blunty "it is very clear that there is nothing that > the client tries to do" showing that you have zero expierience how a client handshake > works -> it does not send usernames or even passwords until it is not satisfied > with the negotiation of auth-mechs and ssl-handshake > I Would try to use StartSSL with squid and I will see if the docs in squid ssl-bump explains the subject in a way I can understand. As Dan explained his major problem is with specific encryption cypher in a very specific size.. I would imaging that 4k bits certificate handshake and validation can take more then 1 sec.. Am I right about it? Thanks, Eliezer From h.reindl at thelounge.net Wed Oct 9 23:15:00 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 09 Oct 2013 22:15:00 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5255B811.5080800@ngtech.co.il> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27 .6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@ ngtech.co.il> <5255B4B7.10804@thelounge.net> <5255B811.5080800@ngtech.co.il> Message-ID: <5255B944.4090704@thelounge.net> Am 09.10.2013 22:09, schrieb Eliezer Croitoru: > On 10/09/2013 10:55 PM, Reindl Harald wrote: >> >> >> Am 09.10.2013 21:45, schrieb Eliezer Croitoru: >>> On 10/09/2013 10:31 PM, Reindl Harald wrote: >>>> >>>> >>>> Am 09.10.2013 21:27, schrieb Eliezer Croitoru: >>>>> On 09/13/2013 02:59 PM, Dan Langille wrote: >>>>>> >>>>>> *** /var/log/maillog *** >>>>>> Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: >>>>>> where=0x2002: SSLv3 read client certificate A [166.137.84.11] >>>>>> Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth >>>>>> attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, >>>>>> TLS handshaking: Disconnected, session= >>>>> How about tring to use a username to identify the user?? >>>>> it is very clear that there is nothing that the client tries to do... >>>> >>>> it is much more clear that there is no username if the client >>>> refuses the SSL handshake because it does not like the cert >>>> or the offered ssl-ciphers >>>> >>>> user=<> is pretty normal in a lot of cases >>>> >>>> * ssl cert not accepted and not allowed by the user in case of untrusted >>>> * no cipher the client accpets >>>> * no auth-mech the client accepts offered by the server >>>> >>>> so how do *you* imagine to see a username in the log? >>>> >>> I expect that StarSSL will put a good configuration examples for Apache Postfix Dovecot Exim nginx and more.. >> >> not their job and not part of the problem >> >> * your client accepts a certificate >> * your client does not accept your certificate >> >> in case it does not *you* as enduser have to accept/import the servers cert >> >> http://stackoverflow.com/questions/10879370/startssl-class-1-certificate-not-accepted-by-browser-weblogic-10-0-1 >> http://www.startssl.com/?app=25#31 >> >> if someone does not know what a "intermediate CA" he needs to RTFM or *read* >> messages of his client or buy by all major clients acepted certificates >> >> but that all has less to do with your blunty "it is very clear that there is nothing that >> the client tries to do" showing that you have zero expierience how a client handshake >> works -> it does not send usernames or even passwords until it is not satisfied >> with the negotiation of auth-mechs and ssl-handshake >> > I Would try to use StartSSL with squid and I will see if the docs in squid ssl-bump explains the subject in a way I > can understand RTFM http://www.startssl.com/?app=25 or go to http://www.thawte.com/ > As Dan explained his major problem is with specific encryption cypher in a very specific size.. > I would imaging that 4k bits certificate handshake and validation can take more then 1 sec.. > Am I right about it? why in the world should it take more than 1 second? and even if - how does this matter? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From eliezer at ngtech.co.il Thu Oct 10 00:09:23 2013 From: eliezer at ngtech.co.il (Eliezer Croitoru) Date: Thu, 10 Oct 2013 00:09:23 +0300 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5255B944.4090704@thelounge.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@[84.95.212.160]> <5255B4B7.10804@thelounge.net> <5255B811.5080800@ngtech.co.il> <5255B944.4090704@thelounge.net> Message-ID: <5255C603.7060200@ngtech.co.il> On 10/09/2013 11:15 PM, Reindl Harald wrote: > why in the world should it take more than 1 second? > and even if - how does this matter? The dovecot daemon waited only 1 second for responnse.. and if there is a 900 Mhz client like many devices that uses android how long it would take to encypt end decrypt over Mobile network a 4k encryption without any assisting crypt cards?? Eliezer From h.reindl at thelounge.net Thu Oct 10 00:30:25 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 09 Oct 2013 23:30:25 +0200 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5255C603.7060200@ngtech.co.il> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27 .6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@[ 84.95.212.160]> <5255B4B7.10804@thelounge. net> <5255B811.5080800@ngtech.co.il> <5255B944.4090704@thelounge.net> <5255C603.7060200@ngtech.co.il> Message-ID: <5255CAF1.5010506@thelounge.net> Am 09.10.2013 23:09, schrieb Eliezer Croitoru: > On 10/09/2013 11:15 PM, Reindl Harald wrote: >> why in the world should it take more than 1 second? >> and even if - how does this matter? > The dovecot daemon waited only 1 second for responnse.. says who? the *client* closed the connection within one second because it did not accept cert/ciphers/auth-mechs > and if there is a 900 Mhz client like many devices that uses android how long > it would take to encypt end decrypt over Mobile network a 4k encryption without > any assisting crypt cards?? you need to understand basics for assumptions encypt/decrypt what amount of data? for the handshake - meaningless -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From noel.butler at ausics.net Thu Oct 10 01:33:56 2013 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 10 Oct 2013 08:33:56 +1000 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <5255B811.5080800@ngtech.co.il> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@ngtech.co.il> <5255B4B7.10804@thelounge.net> <5255B811.5080800@ngtech.co.il> Message-ID: <76b80f197bc2c58ff92902f700769b34@ausics.net> On 10/10/2013 06:09, Eliezer Croitoru wrote: > I would imaging that 4k bits certificate handshake and validation can > take more then 1 sec.. > Am I right about it? > hardly and the size is not his problem. he was given a test account on my network when I last saw this thread (few weeks back?), that uses startssl, and 4096 certs, his mail.app connected fine. From dan at langille.org Thu Oct 10 03:51:59 2013 From: dan at langille.org (Dan Langille) Date: Wed, 9 Oct 2013 20:51:59 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <76b80f197bc2c58ff92902f700769b34@ausics.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@ngtech.co.il> <5255B4B7.10804@thelounge.net> <5255B811.5080800@ngtech.co.il> <76b80f197bc2c58ff92902f700769b34@ausics.net> Message-ID: On Oct 9, 2013, at 6:33 PM, Noel Butler wrote: > On 10/10/2013 06:09, Eliezer Croitoru wrote: > >> I would imaging that 4k bits certificate handshake and validation can >> take more then 1 sec.. >> Am I right about it? > > hardly > > and the size is not his problem. > > he was given a test account on my network when I last saw this thread (few weeks back?), that uses startssl, and 4096 certs, his mail.app connected fine. I would like to investigate that more if you like. Others have experienced problem connected to my test server. I can't believe I've created a non-functional Dovecot configuration. One avenue I will purse: if I swap from 4096 to 2048, why does it work? Here is a connection with a 4096 cert: $ openssl s_ s_client -connect imaps.unixathome.org:993 CONNECTED(00000003) depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/description=VwhdJi0sLHP3BDtQ/C=US/ST=Pennsylvania/L=Media/O=Daniel Langille/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority --- Here is it with a 2048 cert: $ openssl s_client -connect imaps.unixathome.org:993 CONNECTED(00000003) depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/description=3Hs89se3p9RsmJBG/C=US/ST=Pennsylvania/L=Media/O=Daniel Langille/CN=test1.langille.org/emailAddress=postmaster at langille.org i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority The only thing I change in the configuration is: # MY KEYS #ssl_cert = References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@ngtech.co.il> <5255B4B7.10804@thelounge.net> <5255B811.5080800@ngtech.co.il> <76b80f197bc2c58ff92902f700769b34@ausics.net> Message-ID: <90ffb242008bb545f208fcefc7304509@ausics.net> I can't recall if we previously discussed it, but, why the fascination with imaps, why not use TLS on 143, or wont that connect either? tried pop3 TLS ? pop3s? and when you test, use -CAfile /path/to/(startssl's)CA.pem I see no auth mech statement, so using hte default is limited, IIRC, login is re auth_mechanisms = plain login On 10/10/2013 10:51, Dan Langille wrote: > On Oct 9, 2013, at 6:33 PM, Noel Butler wrote: > >> On 10/10/2013 06:09, Eliezer Croitoru wrote: >> >>> I would imaging that 4k bits certificate handshake and validation can >>> take more then 1 sec.. >>> Am I right about it? >> >> hardly >> >> and the size is not his problem. >> >> he was given a test account on my network when I last saw this thread >> (few weeks back?), that uses startssl, and 4096 certs, his mail.app >> connected fine. > > I would like to investigate that more if you like. Others have > experienced problem connected to my test server. I can't believe I've > created a non-functional Dovecot configuration. > > One avenue I will purse: if I swap from 4096 to 2048, why does it work? > > Here is a connection with a 4096 cert: > > $ openssl s_ s_client -connect imaps.unixathome.org:993 > CONNECTED(00000003) > depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > verify error:num=19:self signed certificate in certificate chain > verify return:0 > --- > Certificate chain > 0 > s:/description=VwhdJi0sLHP3BDtQ/C=US/ST=Pennsylvania/L=Media/O=Daniel > Langille/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Class 2 Primary Intermediate Server CA > 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Class 2 Primary Intermediate Server CA > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > --- > > > Here is it with a 2048 cert: > > $ openssl s_client -connect imaps.unixathome.org:993 > CONNECTED(00000003) > depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > verify error:num=19:self signed certificate in certificate chain > verify return:0 > --- > Certificate chain > 0 > s:/description=3Hs89se3p9RsmJBG/C=US/ST=Pennsylvania/L=Media/O=Daniel > Langille/CN=test1.langille.org/emailAddress=postmaster at langille.org > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Class 2 Primary Intermediate Server CA > 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Class 2 Primary Intermediate Server CA > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > > The only thing I change in the configuration is: > > # MY KEYS > #ssl_cert = #ssl_key = > # My 2048 key > ssl_cert = ssl_key = > Current configuration is: > > # doveconf -n > # 2.2.6: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 9.1-RELEASE-p6 amd64 > auth_debug = yes > auth_verbose = yes > first_valid_gid = 1001 > first_valid_uid = 1001 > mail_debug = yes > mail_location = maildir:~/Maildir > mail_privileged_group = mail > passdb { > args = scheme=SHA512-CRYPT /var/db/dovecot.users > driver = passwd-file > } > protocols = imap > service imap-login { > inet_listener imap { > address = 199.233.228.197 > } > inet_listener imaps { > address = 199.233.228.197 > } > } > ssl_ca = ssl_cert = ssl_key = userdb { > args = /var/db/dovecot.users > driver = passwd-file > } > verbose_proctitle = yes From noel.butler at ausics.net Thu Oct 10 06:43:19 2013 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 10 Oct 2013 13:43:19 +1000 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <90ffb242008bb545f208fcefc7304509@ausics.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@ngtech.co.il> <5255B4B7.10804@thelounge.net> <5255B811.5080800@ngtech.co.il> <76b80f197bc2c58ff92902f700769b34@ausics.net> <90ffb242008bb545f208fcefc7304509@ausics.net> Message-ID: <3724b1804ab55b11ae5eb63f61ee3c4e@ausics.net> On 10/10/2013 13:36, Noel Butler wrote: > I can't recall if we previously discussed it, but, why the fascination > with imaps, why not use TLS on 143, or wont that connect either? tried > pop3 TLS ? pop3s? > > and when you test, use -CAfile /path/to/(startssl's)CA.pem > > I see no auth mech statement, so using hte default is limited, IIRC, > login is re > > > auth_mechanisms = plain login > > > bugger...... stupid webmail... as I was trying to say, IIRC type login is required for ssl ,at least with winblow sclients, try adding the above and see what goes. plain is preferred, but that's because TLS is preferred. use the local - int- ca > cert.pem and remove the ssl_ca option From pw at wk-serv.de Thu Oct 10 14:53:59 2013 From: pw at wk-serv.de (Patrick Westenberg) Date: Thu, 10 Oct 2013 13:53:59 +0200 Subject: [Dovecot] Questio about replication Message-ID: <52569557.9070305@wk-serv.de> Hi everyone, this article (http://blog.dovecot.org/2012/02/dovecot-clustering-with-dsync-based.html) describes the situation for director/NFS-based clusters and SSH-based clusters. Right now I'm running the first setup with one proxy/director and two backends (all 2.2.x) mounting an NFS-share but I'd like to get rid of NFS (it's slow) and, if one backend is down, the proxy still sends the user to that backend. The article says: "High-availability non-NFS setup One possibility is to use Dovecot proxies, which know which servers are down. Instead of directing users to those servers, it would direct them to replica servers." My question is, if I can still use my proxy/direcot setup but every backend having it's local (or iSCSI-backed) ext4 storage and not using the SSH-based replication method? Regards Patrick From crohmann at netcologne.de Thu Oct 10 18:06:36 2013 From: crohmann at netcologne.de (Christian Rohmann) Date: Thu, 10 Oct 2013 17:06:36 +0200 Subject: [Dovecot] Transparent Migration from cyrus to dovecot In-Reply-To: <52513DE2.6070708@mur.at> References: <52513DE2.6070708@mur.at> Message-ID: <5256C27C.3060703@netcologne.de> Hey Jogi, On 06.10.2013 12:39, Jogi Hofm?ller wrote: > Our goal is to do the migration without interrupting the service > for our users too much. Currently we tend to using dsync. So I am > asking for best practice suggestions, tips and hints from people > who have done such a thing before. I work for NetCologne GmbH, an ISP in Cologne, Germany. I did a talk "Austausch einer ISP-Mailplattform ohne Downtime" at the mail server conference the Heinlein-Support company held in Berlin in 2011. https://www.youtube.com/watch?v=kLQOkiBebU0 It's sure a bit dated and we started with dovecot 1.2.x, so no dsync available. But maybe it's a least somewhat entertaining to watch how we did things and avoided downtime. Regards Christian From jogi at mur.at Thu Oct 10 20:34:51 2013 From: jogi at mur.at (=?UTF-8?B?Sm9naSBIb2Ztw7xsbGVy?=) Date: Thu, 10 Oct 2013 19:34:51 +0200 Subject: [Dovecot] Transparent Migration from cyrus to dovecot In-Reply-To: <5256C27C.3060703@netcologne.de> References: <52513DE2.6070708@mur.at> <5256C27C.3060703@netcologne.de> Message-ID: <5256E53B.3000806@mur.at> Dear Christian, Am 2013-10-10 17:06, schrieb Christian Rohmann: > I work for NetCologne GmbH, an ISP in Cologne, Germany. I did a talk > "Austausch einer ISP-Mailplattform ohne Downtime" at the mail server > conference the Heinlein-Support company held in Berlin in 2011. > > https://www.youtube.com/watch?v=kLQOkiBebU0 Thanks for the video! Unfortunately most things that allowed you to do migration in the file system don't apply for us (e.g. we have mailboxes in the GB range). So I think we will go for dsync and dovecot's proxy features ;) Regards, -- j.hofm?ller mur.sat -- a space art project http://sat.mur.at/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 230 bytes Desc: OpenPGP digital signature URL: From tss at iki.fi Thu Oct 10 21:01:04 2013 From: tss at iki.fi (Timo Sirainen) Date: Thu, 10 Oct 2013 21:01:04 +0300 Subject: [Dovecot] v2.2: Fix to slow process creation in some setups Message-ID: Especially some imap/pop3 login bursts could have caused errors like: imap-login: Error: net_connect_unix(imap) failed: Resource temporarily unavailable Fix in http://hg.dovecot.org/dovecot-2.2/rev/69179ca6007d Explanation & workaround in http://wiki2.dovecot.org/SocketUnavailable : Dovecot v2.2.0 - v2.2.6 were attempting to optimize host.domain lookups by doing them only once in the master process. Unfortunately they were actually doing the lookup every time when creating a new process. In some configuration this lookup could have done a somewhat slow DNS lookup, causing the process creation to become very slow and triggering this message. The fix is in v2.2.7 and you can also workaround this: ? Add to dovecof.conf: import_environment = TZ DEBUG_OUTOFMEM DOVECOT_HOSTDOMAIN ? Before "dovecot" binary is started, run: export DOVECOT_HOSTDOMAIN=mailserver.example.com (of course changing the value) From dan at langille.org Thu Oct 10 21:16:44 2013 From: dan at langille.org (Dan Langille) Date: Thu, 10 Oct 2013 14:16:44 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: <90ffb242008bb545f208fcefc7304509@ausics.net> References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@ngtech.co.il> <5255B4B7.10804@thelounge.net> <5255B811.5080800@ngtech.co.il> <76b80f197bc2c58ff92902f700769b34@ausics.net> <90ffb242008bb545f208fcefc7304509@ausics.net> Message-ID: <149F1E97-F604-42A2-9F22-65EAD8065892@langille.org> On Oct 9, 2013, at 11:36 PM, Noel Butler wrote: > I can't recall if we previously discussed it, but, why the fascination with imaps, why not use TLS on 143, or wont that connect either? Yes, neither TLS nor IMAPS will connect. > tried pop3 TLS ? pop3s? I have not. My next step will be setting up a non-dovecot IMAP server and test the same certificates there. > and when you test, use -CAfile /path/to/(startssl's)CA.pem When I do that, I get: $ openssl s_client -t -CAfile /usr/local/share/certs/ca-root-nss.crt -connect imaps.unixathome.org:993 CONNECTED(00000003) depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority verify return:1 depth=1 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA verify return:1 depth=0 /description=VwhdJi0sLHP3BDtQ/C=US/ST=Pennsylvania/L=Media/O=Daniel Langille/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org verify return:1 --- ?. lots snipped New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4098 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: C9D4AF8FA11CF6EF00E367BC1B45BA465668AEAE595BF3925FC679C7816CE023 Session-ID-ctx: Master-Key: AA0B04AB1C93688C089349A0137D99B5E65303F58A322397509284AE224B37149F76C8C1CD2A7BAC12BEA8E190468598 Key-Arg : None Start Time: 1381428914 Timeout : 300 (sec) Verify return code: 0 (ok) All looks good? > I see no auth mech statement, so using hte default is limited, IIRC, login is re > > > auth_mechanisms = plain login But that's OK, right? > > > > On 10/10/2013 10:51, Dan Langille wrote: >> On Oct 9, 2013, at 6:33 PM, Noel Butler wrote: >>> On 10/10/2013 06:09, Eliezer Croitoru wrote: >>>> I would imaging that 4k bits certificate handshake and validation can >>>> take more then 1 sec.. >>>> Am I right about it? >>> hardly >>> and the size is not his problem. >>> he was given a test account on my network when I last saw this thread (few weeks back?), that uses startssl, and 4096 certs, his mail.app connected fine. >> I would like to investigate that more if you like. Others have >> experienced problem connected to my test server. I can't believe I've >> created a non-functional Dovecot configuration. >> One avenue I will purse: if I swap from 4096 to 2048, why does it work? >> Here is a connection with a 4096 cert: >> $ openssl s_ s_client -connect imaps.unixathome.org:993 >> CONNECTED(00000003) >> depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> verify error:num=19:self signed certificate in certificate chain >> verify return:0 >> --- >> Certificate chain >> 0 >> s:/description=VwhdJi0sLHP3BDtQ/C=US/ST=Pennsylvania/L=Media/O=Daniel >> Langille/CN=imaps.unixathome.org/emailAddress=postmaster at unixathome.org >> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Class 2 Primary Intermediate Server CA >> 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Class 2 Primary Intermediate Server CA >> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> --- >> Here is it with a 2048 cert: >> $ openssl s_client -connect imaps.unixathome.org:993 >> CONNECTED(00000003) >> depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> verify error:num=19:self signed certificate in certificate chain >> verify return:0 >> --- >> Certificate chain >> 0 >> s:/description=3Hs89se3p9RsmJBG/C=US/ST=Pennsylvania/L=Media/O=Daniel >> Langille/CN=test1.langille.org/emailAddress=postmaster at langille.org >> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Class 2 Primary Intermediate Server CA >> 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Class 2 Primary Intermediate Server CA >> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate >> Signing/CN=StartCom Certification Authority >> The only thing I change in the configuration is: >> # MY KEYS >> #ssl_cert = > #ssl_key = > # My 2048 key >> ssl_cert = > ssl_key = > Current configuration is: >> # doveconf -n >> # 2.2.6: /usr/local/etc/dovecot/dovecot.conf >> # OS: FreeBSD 9.1-RELEASE-p6 amd64 >> auth_debug = yes >> auth_verbose = yes >> first_valid_gid = 1001 >> first_valid_uid = 1001 >> mail_debug = yes >> mail_location = maildir:~/Maildir >> mail_privileged_group = mail >> passdb { >> args = scheme=SHA512-CRYPT /var/db/dovecot.users >> driver = passwd-file >> } >> protocols = imap >> service imap-login { >> inet_listener imap { >> address = 199.233.228.197 >> } >> inet_listener imaps { >> address = 199.233.228.197 >> } >> } >> ssl_ca = > ssl_cert = > ssl_key = > userdb { >> args = /var/db/dovecot.users >> driver = passwd-file >> } >> verbose_proctitle = yes > -- Dan Langille - http://langille.org From spork at bway.net Thu Oct 10 21:25:06 2013 From: spork at bway.net (Charles Sprickman) Date: Thu, 10 Oct 2013 14:25:06 -0400 Subject: [Dovecot] cached message size errors Message-ID: Hello, We recently moved from courier to dovecot, and I'm seeing a handful of errors that prevent people from retrieving email. Below is a snippet of the log sequence I see when this happens: Oct 10 13:44:24 mbox dovecot: imap(xxx at bway.net): Error: Cached message size smaller than expected (1759 < 1830) Oct 10 13:44:24 mbox dovecot: imap(xxx at bway.net): Error: Maildir filename has wrong S value, renamed the file from /home/vpopmail/domains/bway.net/1/xxx/Maildir/cur/1381381552.91972.xena.bway.net,S=1759:2,b to /home/vpopmail/domains/bway.net/1/xxx/Maildir/cur/1381381552.91972.xena.bway.net,S=1830:2,b Oct 10 13:44:24 mbox dovecot: imap(xxx at bway.net): Error: Corrupted index cache file /home/vpopmail/domains/bway.net/1/xxx/Maildir/dovecot.index.cache: Broken physical size for mail UID 447401 Oct 10 13:44:24 mbox dovecot: imap(xxx at bway.net): Error: read(/home/vpopmail/domains/bway.net/1/xxx/Maildir/cur/1381381552.91972.xena.bway.net,S=1759:2,b) failed: Invalid argument Oct 10 13:44:24 mbox dovecot: imap(xxx at bway.net): Disconnected: Internal error occurred. Refer to server log for more information. [2013-10-10 13:44:24] in=784 out=3017 Basically it looks like dovecot detects a mismatch in the file size vs. the file size embedded in the maildir filename, tries to fix it and then has issues reading the fixed file. Removing the file in question allows the user to retrieve email. The "invalid argument" error seems especially strange, as I'm able to view the file by hand with no problems. Blowing away the indexes and letting them get recreated seems to not help at all. This was an old vpopmail setup with both maildrop and vdelivermail doing the final delivery both now and prior to the migration to dovecot. For a quick fix, is there a way to have dovecot ignore the error and present the rest of the mailbox? Longer term fix, I'm not even sure where to start I've used dovecot elsewhere for quite some time (with maildirs) and I've never had an issue like this. 'doveconf -n' below... Thanks, Charles -- Charles Sprickman NetEng/SysAdmin Bway.net - New York's Best Internet www.bway.net spork at bway.net - 212.655.9344 # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.4-RELEASE-p1 amd64 auth_default_realm = bway.net auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes base_dir = /var/run/dovecot/ default_process_limit = 300 disable_plaintext_auth = no first_valid_uid = 89 instance_name = dovecot1 last_valid_uid = 90 listen = 127.0.0.1,216.220.96.26,216.220.96.25 login_greeting = Dovecot ready - bway.net. mail_plugins = " quota" mailbox_list_index = yes namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { special_use = \Junk } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = maildir:User quota quota_rule = Inbox.Trash:storage=+100M quota_rule2 = Inbox.Spam:storage=+100M } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %v-%u protocols = imap pop3 ssl_cert = References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@ngtech.co.il> <5255B4B7.10804@thelounge.net> <5255B811.5080800@ngtech.co.il> <76b80f197bc2c58ff92902f700769b34@ausics.net> <90ffb242008bb545f208fcefc7304509@ausics.net> <3724b1804ab55b11ae5eb63f61ee3c4e@ausics.net> Message-ID: On Oct 9, 2013, at 11:43 PM, Noel Butler wrote: > On 10/10/2013 13:36, Noel Butler wrote: >> I can't recall if we previously discussed it, but, why the fascination >> with imaps, why not use TLS on 143, or wont that connect either? tried >> pop3 TLS ? pop3s? >> and when you test, use -CAfile /path/to/(startssl's)CA.pem >> I see no auth mech statement, so using hte default is limited, IIRC, login is re >> auth_mechanisms = plain login > > bugger...... stupid webmail... as I was trying to say, IIRC type login is required for ssl > ,at least with winblow sclients, try adding the above and see what goes. > plain is preferred, but that's because TLS is preferred. To be clear, I am using this now: auth_mechanisms = plain login > use the local - int- ca > cert.pem I have all three in there. > and remove the ssl_ca option Removed. Restarted dovecot. Mail on the Macbook reports: "There may be a problem with the mail server or network. Verify the settings for account ?Langille? or try again. The server returned the error: Mail was unable to connect to server ?test1.langille.org? using SSL on port 993. Verify that this server supports SSL and that your account settings are correct." /var/log/maillog shows: Oct 10 18:25:19 imaps dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, session=<5fLNH2foGABib5Pc> Oct 10 18:25:19 imaps dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, session=<5gDPH2fokABib5Pc> I should have four separate IMAP instances ready later today. -- Dan Langille - http://langille.org From ar-dovecotlist at acrconsulting.co.uk Thu Oct 10 23:01:51 2013 From: ar-dovecotlist at acrconsulting.co.uk (Andrew Richards) Date: 10 Oct 2013 21:01:51 +0100 Subject: [Dovecot] Transparent Migration from cyrus to dovecot In-Reply-To: <5256E53B.3000806@mur.at> References: <52513DE2.6070708@mur.at> <5256C27C.3060703@netcologne.de> <5256E53B.3000806@mur.at> Message-ID: <2502799.Uy2ukpAifs@ar-desk> On Thursday 10 Oct 2013 19:34:51 Jogi Hofm?ller wrote: > Dear Christian, > > Am 2013-10-10 17:06, schrieb Christian Rohmann: > > I work for NetCologne GmbH, an ISP in Cologne, Germany. I did a talk > > "Austausch einer ISP-Mailplattform ohne Downtime" at the mail server > > conference the Heinlein-Support company held in Berlin in 2011. > > > > https://www.youtube.com/watch?v=kLQOkiBebU0 > > Thanks for the video! Unfortunately most things that allowed you to do > migration in the file system don't apply for us (e.g. we have mailboxes > in the GB range). So I think we will go for dsync and dovecot's proxy > features ;) Perhaps rather 'old-school' now, but I've used Perdition for large transparent migrations in the past very successfully, http://horms.net/projects/perdition/ with Dovecot being your target platform, it makes sense to explore the Dovecot [proxy] approach first; Perdition may be handy to have as a backup strategy. cheers, Andrew. From mailinglists at xgm.de Thu Oct 10 23:15:25 2013 From: mailinglists at xgm.de (Florian Lindner) Date: Thu, 10 Oct 2013 22:15:25 +0200 Subject: [Dovecot] Maildir and home location Message-ID: <8476159.GqeILqdJnc@horus> Hello! My current mail setup looks like that: MTA is postfix, MDA is maildrop. Each system user configures mail delivery using the .mailfilter of maildrop to arbitrary maildirs in his home. For each maildir a POP3/IMAP account can be configured, currently I use courier-imap/-pop and think about replacing it by dovecot. AFAIK with dovecot each account has a home and maildir assigned which should not be equal neither should a home dir be used for mulitple accounts. My problem is where to put these homedirs? System users have full SSH access on the machine. I would really prefer to put them somewhere where the users could delete them (if they need to reset or delete their account). Optimal would be in the maildir itself, but... What are your suggestions? Regards, Florian From spork at bway.net Fri Oct 11 00:10:56 2013 From: spork at bway.net (Charles Sprickman) Date: Thu, 10 Oct 2013 17:10:56 -0400 Subject: [Dovecot] cached message size errors In-Reply-To: References: Message-ID: Following up to myself on this, I think I'm basically seeing a variation on this bug from 2.1.x: http://www.dovecot.org/list/dovecot/2012-March/064211.html To restate what happens: * dovecot detects the size mismatch * file is renamed to correct it * the cache file is flagged as incorrect due to the size mismatch * next read of the mailbox dovecot looks for the *old* filename The workaround to set "maildir_broken_filename_sizes=yes" seems to work. The cause of all this of course was Courier, as it was what generated all the mismatches in the first place, but it seems like this is in turn triggering a bug in Dovecot. It kind of seems like the file gets renamed but the index is never updated to reflect this? I've got plenty of samples, here's what one looks like, always just a few bytes off: -rw------- 1 vpopmail vchkpw 23731 Oct 4 16:11 cur/1380917460.26966.xena.bway.net,S=23666:2,S Also, while that thread mentions gzipped, messages, these are not. Charles On Oct 10, 2013, at 2:25 PM, Charles Sprickman wrote: > Hello, > > We recently moved from courier to dovecot, and I'm seeing a handful > of errors that prevent people from retrieving email. > > Below is a snippet of the log sequence I see when this happens: > > Oct 10 13:44:24 mbox dovecot: imap(xxx at bway.net): Error: Cached message size smaller than expected (1759 < 1830) > Oct 10 13:44:24 mbox dovecot: imap(xxx at bway.net): Error: Maildir filename has wrong S value, renamed the file from /home/vpopmail/domains/bway.net/1/xxx/Maildir/cur/1381381552.91972.xena.bway.net,S=1759:2,b to /home/vpopmail/domains/bway.net/1/xxx/Maildir/cur/1381381552.91972.xena.bway.net,S=1830:2,b > Oct 10 13:44:24 mbox dovecot: imap(xxx at bway.net): Error: Corrupted index cache file /home/vpopmail/domains/bway.net/1/xxx/Maildir/dovecot.index.cache: Broken physical size for mail UID 447401 > Oct 10 13:44:24 mbox dovecot: imap(xxx at bway.net): Error: read(/home/vpopmail/domains/bway.net/1/xxx/Maildir/cur/1381381552.91972.xena.bway.net,S=1759:2,b) failed: Invalid argument > Oct 10 13:44:24 mbox dovecot: imap(xxx at bway.net): Disconnected: Internal error occurred. Refer to server log for more information. [2013-10-10 13:44:24] in=784 out=3017 > > Basically it looks like dovecot detects a mismatch in the file size > vs. the file size embedded in the maildir filename, tries to fix it > and then has issues reading the fixed file. Removing the file in > question allows the user to retrieve email. The "invalid argument" > error seems especially strange, as I'm able to view the file by hand > with no problems. > > Blowing away the indexes and letting them get recreated seems to not > help at all. > > This was an old vpopmail setup with both maildrop and vdelivermail > doing the final delivery both now and prior to the migration to > dovecot. > > For a quick fix, is there a way to have dovecot ignore the error and > present the rest of the mailbox? > > Longer term fix, I'm not even sure where to start I've used dovecot > elsewhere for quite some time (with maildirs) and I've never had an > issue like this. > > 'doveconf -n' below... > > Thanks, > > Charles > -- > Charles Sprickman > NetEng/SysAdmin > Bway.net - New York's Best Internet www.bway.net > spork at bway.net - 212.655.9344 > > > # 2.2.5: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 8.4-RELEASE-p1 amd64 > auth_default_realm = bway.net > auth_socket_path = /var/run/dovecot/auth-userdb > auth_verbose = yes > base_dir = /var/run/dovecot/ > default_process_limit = 300 > disable_plaintext_auth = no > first_valid_uid = 89 > instance_name = dovecot1 > last_valid_uid = 90 > listen = 127.0.0.1,216.220.96.26,216.220.96.25 > login_greeting = Dovecot ready - bway.net. > mail_plugins = " quota" > mailbox_list_index = yes > namespace inbox { > hidden = no > inbox = yes > list = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Spam { > special_use = \Junk > } > mailbox Trash { > special_use = \Trash > } > prefix = INBOX. > separator = . > subscriptions = yes > type = private > } > passdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > quota = maildir:User quota > quota_rule = Inbox.Trash:storage=+100M > quota_rule2 = Inbox.Spam:storage=+100M > } > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_uidl_format = %v-%u > protocols = imap pop3 > ssl_cert = ssl_key = userdb { > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol imap { > mail_max_userip_connections = 40 > mail_plugins = " quota imap_quota" > } > protocol pop3 { > mail_max_userip_connections = 20 > } > > > From dan at langille.org Fri Oct 11 02:33:59 2013 From: dan at langille.org (Dan Langille) Date: Thu, 10 Oct 2013 19:33:59 -0400 Subject: [Dovecot] SSL with startssl.com certificates In-Reply-To: References: <5f22c91795126dcbfc0999c2606d5b72@mail.unixathome.org> <5255AE27.6040408@ngtech.co.il> <5255AEF8.5040008@thelounge.net> <5255B244.8040801@ngtech.co.il> <5255B4B7.10804@thelounge.net> <5255B811.5080800@ngtech.co.il> <76b80f197bc2c58ff92902f700769b34@ausics.net> <90ffb242008bb545f208fcefc7304509@ausics.net> <3724b1804ab55b11ae5eb63f61ee3c4e@ausics.net> Message-ID: <16567B63-F7AE-46CC-93E5-259179CB7E88@langille.org> On Oct 10, 2013, at 2:26 PM, Dan Langille wrote: > On Oct 9, 2013, at 11:43 PM, Noel Butler wrote: > >> On 10/10/2013 13:36, Noel Butler wrote: >>> I can't recall if we previously discussed it, but, why the fascination >>> with imaps, why not use TLS on 143, or wont that connect either? tried >>> pop3 TLS ? pop3s? >>> and when you test, use -CAfile /path/to/(startssl's)CA.pem >>> I see no auth mech statement, so using hte default is limited, IIRC, login is re >>> auth_mechanisms = plain login >> >> bugger...... stupid webmail... as I was trying to say, IIRC type login is required for ssl >> ,at least with winblow sclients, try adding the above and see what goes. >> plain is preferred, but that's because TLS is preferred. > > To be clear, I am using this now: > > auth_mechanisms = plain login > >> use the local - int- ca > cert.pem > > I have all three in there. > >> and remove the ssl_ca option > > Removed. > > Restarted dovecot. > > Mail on the Macbook reports: > > "There may be a problem with the mail server or network. Verify the settings for account ?Langille? or try again. > > The server returned the error: Mail was unable to connect to server ?test1.langille.org? using SSL on port 993. Verify that this server supports SSL and that your account settings are correct." > > /var/log/maillog shows: > > Oct 10 18:25:19 imaps dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, session=<5fLNH2foGABib5Pc> > Oct 10 18:25:19 imaps dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, session=<5gDPH2fokABib5Pc> > > I should have four separate IMAP instances ready later today. I created those instances. But the new StartCOM 4096-bit cert I created works just fine. So why did the original problem cert fail? I tried it on the new server. It failed there two. Exact same configuration. One cert works. The other cert fails. So what's different? The anomaly has been found. First, the cause of the problem is something I did. The problem cert is 4098-bits. Two more than the usual 4096-bits. DOH. I must give credit to StartCOM. They pointed out this difference just now. And you can see yourself here: http://dan.langille.org/2013/10/10/one-startcom-cert-works-the-other-does-not/ I'll be raising a bug with Apple. My thanks for the help. My apologies for the noise. -- Dan Langille - http://langille.org From rick at openfortress.nl Fri Oct 11 09:07:47 2013 From: rick at openfortress.nl (Rick van Rein (OpenFortress)) Date: Fri, 11 Oct 2013 08:07:47 +0200 Subject: [Dovecot] Optimisation opportunity for IMAP searches Message-ID: <47E0BE04-77A6-4A74-9B61-9D33107B86FF@openfortress.nl> Hello, I love Dovecot, but when developing a small IMAP tool, I ran into searching behaviour can easily be optimised. Please forgive a rather detailed suggestion. This was on Dovecot 1.2.15 on Debian Squeeze. My tool? It's called "midget" and retrieves documents from an IMAP box based on their mid: or cid: identifier, as per RFC 2392. I thought this would be useful to retrieve email attachments into a remote shell environment. When using Kerberos, the credentials and a strong hint of one's mail address are already present anyway, DNS SRV does the rest. If you want to see the early code, I'll be happy to share it here. The three formats of the URIs in RFC 2392 are: * mid:messageid * cid:contentid * mid:messageid/contentid Searching for a mid: with only a Message-ID part is quick and probably indexed, (HEADER Message-ID ) Searching for a cid: meant ploughing through body text to get to the attachments, so it was a slow and costly and needed checking of the outcome: (TEXT ) The quicker URI form to get to a Content-Id should be to mention it at the end of a mid: URI, and search for (HEADER Message-ID )(TEXT ) Much to my surprise, this took about as long as the cid: query -- ploughing through lots of body text while it only needed to look through a one message bodies! As a human, I can see a straightforward improvement. However, it is more difficult to find a general solution -- but that is what I'm describing below, in the hope that it will help to improve Dovecot's search performance. 0. In general, searches are Boolean expressions composed with implied AND and explicit (NOT ?) and (OR ?.) constructs. 1. Using the theorems of The Morgan, push all (NOT ?) constructs inside as far as possible, until they surround elementary statements. Some may have a trivial solution, such as (NOT (ALL)). Others will retain the NOT but that might be handled with a different use of the indexes. In general, this phase turns all AND and OR constructs into positive logic, without duplicating search terms. 2. Estimate the effort involved in every part of the calculation. (HEADER) is lighter than (TEXT) and headers may be further split into with / without index. Larger sets could be more work to search than smaller ones. In general, an estimate of the number of comparisons could be a good metric for work to be done. 3. For AND compositions, start with the simplest one in the AND compostition, and continue with increasingly heavier ones. Apply later conditions only on the output of the previous conditions, either after collecting all of it or everytime something is found. Whatever is optimal -- bulk operations are more efficient, but may collect large sets to handle. 4. For OR compositions, either start a thread for each part, or switch focus and collect sorted streams into one collectively sorted stream. I've been doing this stuff all through my PhD thesis work, so it come easy to me :-) But this optimisation does not appear to be implemented yet, so I thought I'd suggest it. I hope this is useful to Dovecot! Best wishes, Rick van Rein From d.parthey at metaways.de Fri Oct 11 10:32:45 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Fri, 11 Oct 2013 09:32:45 +0200 Subject: [Dovecot] Questio about replication In-Reply-To: <52569557.9070305@wk-serv.de> References: <52569557.9070305@wk-serv.de> Message-ID: <456f4273-0001-4287-a7d2-5b07c92c07dc@email.android.com> Hi Patrick, You can use the proxy in combination with a database to return a fixed backend host per user, but be aware of the fact that if one host goes down, all mailboxes on this host will also be down (if there is no replica). The director uses a hash function instead and can only be used when all backend nodes can serve the same set of users. The director uses the proxy feature to forward the connection to the backend host, but the backend is selected by the hash function depending on the username. In short: use the proxy not the director, but keep copies/replica of your mailboxes somewhere in case one host goes down. Regards Daniel From tss at iki.fi Fri Oct 11 12:37:19 2013 From: tss at iki.fi (Timo Sirainen) Date: Fri, 11 Oct 2013 12:37:19 +0300 Subject: [Dovecot] Optimisation opportunity for IMAP searches In-Reply-To: <47E0BE04-77A6-4A74-9B61-9D33107B86FF@openfortress.nl> References: <47E0BE04-77A6-4A74-9B61-9D33107B86FF@openfortress.nl> Message-ID: <9EDAF88D-2CD4-4A40-BFAA-4E20E28EA5E3@iki.fi> Hi, The search code works pretty much like you described. I was surprised to find out that in v2.2 it still didn't work correctly, but it was quite a small fix: http://hg.dovecot.org/dovecot-2.2/rev/4b0a736bc40c On 11.10.2013, at 9.07, Rick van Rein (OpenFortress) wrote: > Hello, > > I love Dovecot, but when developing a small IMAP tool, I ran into searching behaviour can easily be optimised. Please forgive a rather detailed suggestion. This was on Dovecot 1.2.15 on Debian Squeeze. > > My tool? It's called "midget" and retrieves documents from an IMAP box based on their mid: or cid: identifier, as per RFC 2392. I thought this would be useful to retrieve email attachments into a remote shell environment. When using Kerberos, the credentials and a strong hint of one's mail address are already present anyway, DNS SRV does the rest. If you want to see the early code, I'll be happy to share it here. > > The three formats of the URIs in RFC 2392 are: > * mid:messageid > * cid:contentid > * mid:messageid/contentid > > Searching for a mid: with only a Message-ID part is quick and probably indexed, > > (HEADER Message-ID ) > > Searching for a cid: meant ploughing through body text to get to the attachments, so it was a slow and costly and needed checking of the outcome: > > (TEXT ) > > The quicker URI form to get to a Content-Id should be to mention it at the end of a mid: URI, and search for > > (HEADER Message-ID )(TEXT ) > > Much to my surprise, this took about as long as the cid: query -- ploughing through lots of body text while it only needed to look through a one message bodies! As a human, I can see a straightforward improvement. However, it is more difficult to find a general solution -- but that is what I'm describing below, in the hope that it will help to improve Dovecot's search performance. > > > 0. In general, searches are Boolean expressions composed with implied AND and explicit (NOT ?) and (OR ?.) constructs. > > 1. Using the theorems of The Morgan, push all (NOT ?) constructs inside as far as possible, until they surround elementary statements. Some may have a trivial solution, such as (NOT (ALL)). Others will retain the NOT but that might be handled with a different use of the indexes. In general, this phase turns all AND and OR constructs into positive logic, without duplicating search terms. > > 2. Estimate the effort involved in every part of the calculation. (HEADER) is lighter than (TEXT) and headers may be further split into with / without index. Larger sets could be more work to search than smaller ones. In general, an estimate of the number of comparisons could be a good metric for work to be done. > > 3. For AND compositions, start with the simplest one in the AND compostition, and continue with increasingly heavier ones. Apply later conditions only on the output of the previous conditions, either after collecting all of it or everytime something is found. Whatever is optimal -- bulk operations are more efficient, but may collect large sets to handle. > > 4. For OR compositions, either start a thread for each part, or switch focus and collect sorted streams into one collectively sorted stream. > > I've been doing this stuff all through my PhD thesis work, so it come easy to me :-) But this optimisation does not appear to be implemented yet, so I thought I'd suggest it. I hope this is useful to Dovecot! > > > Best wishes, > > Rick van Rein > > From rick at openfortress.nl Fri Oct 11 17:03:59 2013 From: rick at openfortress.nl (Rick van Rein (OpenFortress)) Date: Fri, 11 Oct 2013 16:03:59 +0200 Subject: [Dovecot] Optimisation opportunity for IMAP searches In-Reply-To: <9EDAF88D-2CD4-4A40-BFAA-4E20E28EA5E3@iki.fi> References: <47E0BE04-77A6-4A74-9B61-9D33107B86FF@openfortress.nl> <9EDAF88D-2CD4-4A40-BFAA-4E20E28EA5E3@iki.fi> Message-ID: <3C73D106-B927-4717-B375-AA64F07D8891@openfortress.nl> Hi Timo, > The search code works pretty much like you described. Yeah, that's what I'd assumed from Dovecot until I ran into these strange findings. > I was surprised to find out that in v2.2 it still didn't work correctly, but it was quite a small fix: http://hg.dovecot.org/dovecot-2.2/rev/4b0a736bc40c Cool. The future is smiling, and we both did something useful today ;-) Thanks! -Rick From raubvogel at gmail.com Fri Oct 11 17:30:07 2013 From: raubvogel at gmail.com (Mauricio Tavares) Date: Fri, 11 Oct 2013 10:30:07 -0400 Subject: [Dovecot] Sieve and Namespace in dovecot 2.0.X Message-ID: Based on what I read in http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage, if I have a namespace defined as tail conf.d/10-mail.conf namespace inbox { inbox = yes location = prefix = INBOX. separator =. type = private } A global script like cat /etc/dovecot/sieve/global-spam.sieve require ["fileinto", "regex"]; # Must use regex here as 'contains' may not be valid, it erroneously # moved: # X-Spam-Status: No, score=-4.0 required=8.0 tests=ALL_TRUSTED,BAYES_00, # DCC_CHECK_NEGATIVE,HTML_MESSAGE,T_TM2_M_HEADER_IN_MSG,UNTRUSTED_Relay, # XM_SPF_Neutral autolearn=disabled version=3.2.5, No # # Due to the 'YES' in BAYES, let's just make sure YES is at the # _beginning_ of X-Spam-Status, while ignoring anything past it. #if header :regex "X-Spam-Status" "^[Yy][Ee][Ss].*" { if header :matches "X-Spam-Status" "Yes*" { fileinto "INBOX.Spam"; stop; } should put spam in bob/.Spam. But, I am getting an error message stating that INBOX.Spam does not exist: Oct 11 09:57:33 mail dovecot: lda(bob at domain.com): Error: sieve: msgid=<0.0.0.71C.1CEC689A21CFF08.7068B7 at ip.aidolip.us>: failed to store into mailbox 'INBOX.Spam': Mailbox doesn't exist: INBOX.Spam How come? From martin.rabl at rablnet.de Fri Oct 11 17:33:53 2013 From: martin.rabl at rablnet.de (Martin Rabl) Date: Fri, 11 Oct 2013 16:33:53 +0200 Subject: [Dovecot] Sieve and Namespace in dovecot 2.0.X In-Reply-To: References: Message-ID: <52580C51.7060808@rablnet.de> Hi, try fileinto :create "INBOX.Spam"; Bye, Martin Am 11.10.2013 16:30, schrieb Mauricio Tavares: > Based on what I read in > http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage, if I have a namespace > defined as > > tail conf.d/10-mail.conf > > namespace inbox { > inbox = yes > location = > prefix = INBOX. > separator =. > type = private > > } > > A global script like > > cat /etc/dovecot/sieve/global-spam.sieve > require ["fileinto", "regex"]; > # Must use regex here as 'contains' may not be valid, it erroneously > # moved: > # X-Spam-Status: No, score=-4.0 required=8.0 tests=ALL_TRUSTED,BAYES_00, > # DCC_CHECK_NEGATIVE,HTML_MESSAGE,T_TM2_M_HEADER_IN_MSG,UNTRUSTED_Relay, > # XM_SPF_Neutral autolearn=disabled version=3.2.5, No > # > # Due to the 'YES' in BAYES, let's just make sure YES is at the > # _beginning_ of X-Spam-Status, while ignoring anything past it. > #if header :regex "X-Spam-Status" "^[Yy][Ee][Ss].*" { > if header :matches "X-Spam-Status" "Yes*" { > fileinto "INBOX.Spam"; > stop; > } > > should put spam in bob/.Spam. But, I am getting an error message > stating that INBOX.Spam does not exist: > > Oct 11 09:57:33 mail dovecot: lda(bob at domain.com): Error: sieve: > msgid=<0.0.0.71C.1CEC689A21CFF08.7068B7 at ip.aidolip.us>: failed to > store into mailbox 'INBOX.Spam': Mailbox doesn't exist: INBOX.Spam > > How come? > -- Viele Gr??e, Martin Rabl From raubvogel at gmail.com Fri Oct 11 17:44:34 2013 From: raubvogel at gmail.com (Mauricio Tavares) Date: Fri, 11 Oct 2013 10:44:34 -0400 Subject: [Dovecot] Sieve and Namespace in dovecot 2.0.X In-Reply-To: <52580C51.7060808@rablnet.de> References: <52580C51.7060808@rablnet.de> Message-ID: On Fri, Oct 11, 2013 at 10:33 AM, Martin Rabl wrote: > Hi, > > try > > fileinto :create "INBOX.Spam"; > > Bye, > Martin > Even though .Spam already exists in the user's mailbox? doveadm mailbox status -u bob at domain.com messages INBOX.Spam INBOX.Spam messages=92283 > Am 11.10.2013 16:30, schrieb Mauricio Tavares: > >> Based on what I read in >> http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage, if I have a namespace >> defined as >> >> tail conf.d/10-mail.conf >> >> namespace inbox { >> inbox = yes >> location = >> prefix = INBOX. >> separator =. >> type = private >> >> } >> >> A global script like >> >> cat /etc/dovecot/sieve/global-spam.sieve >> require ["fileinto", "regex"]; >> # Must use regex here as 'contains' may not be valid, it erroneously >> # moved: >> # X-Spam-Status: No, score=-4.0 required=8.0 tests=ALL_TRUSTED,BAYES_00, >> # >> DCC_CHECK_NEGATIVE,HTML_MESSAGE,T_TM2_M_HEADER_IN_MSG,UNTRUSTED_Relay, >> # XM_SPF_Neutral autolearn=disabled version=3.2.5, No >> # >> # Due to the 'YES' in BAYES, let's just make sure YES is at the >> # _beginning_ of X-Spam-Status, while ignoring anything past it. >> #if header :regex "X-Spam-Status" "^[Yy][Ee][Ss].*" { >> if header :matches "X-Spam-Status" "Yes*" { >> fileinto "INBOX.Spam"; >> stop; >> } >> >> should put spam in bob/.Spam. But, I am getting an error message >> stating that INBOX.Spam does not exist: >> >> Oct 11 09:57:33 mail dovecot: lda(bob at domain.com): Error: sieve: >> msgid=<0.0.0.71C.1CEC689A21CFF08.7068B7 at ip.aidolip.us>: failed to >> store into mailbox 'INBOX.Spam': Mailbox doesn't exist: INBOX.Spam >> >> How come? >> > > > -- > Viele Gr??e, > > Martin Rabl From martin.rabl at rablnet.de Fri Oct 11 17:50:29 2013 From: martin.rabl at rablnet.de (Martin Rabl) Date: Fri, 11 Oct 2013 16:50:29 +0200 Subject: [Dovecot] Sieve and Namespace in dovecot 2.0.X In-Reply-To: References: <52580C51.7060808@rablnet.de> Message-ID: <52581035.5020802@rablnet.de> Hm. Ok. Am 11.10.2013 16:44, schrieb Mauricio Tavares: > On Fri, Oct 11, 2013 at 10:33 AM, Martin Rabl wrote: >> fileinto :create "INBOX.Spam"; > Even though .Spam already exists in the user's mailbox? > doveadm mailbox status -u bob at domain.com messages INBOX.Spam > INBOX.Spam messages=92283 >>> namespace inbox { >>> inbox = yes >>> location = >>> prefix = INBOX. >>> separator =. >>> type = private >>> >>> } Yep, try it - if the folder is there, it will happen nothing. I think, there is a namespace problem, and maybe the spamfolder is located unter INBOX.INBOX.Spam (just an idea). I think, sieve will create a folder, where it assumes there is one. It's just a little experimental ... ;-) Greetings, Martin From raubvogel at gmail.com Fri Oct 11 18:08:57 2013 From: raubvogel at gmail.com (Mauricio Tavares) Date: Fri, 11 Oct 2013 11:08:57 -0400 Subject: [Dovecot] Sieve and Namespace in dovecot 2.0.X In-Reply-To: <52581035.5020802@rablnet.de> References: <52580C51.7060808@rablnet.de> <52581035.5020802@rablnet.de> Message-ID: On Fri, Oct 11, 2013 at 10:50 AM, Martin Rabl wrote: > Hm. Ok. > > Am 11.10.2013 16:44, schrieb Mauricio Tavares: >> >> On Fri, Oct 11, 2013 at 10:33 AM, Martin Rabl >> wrote: >>> >>> fileinto :create "INBOX.Spam"; >> >> Even though .Spam already exists in the user's mailbox? >> doveadm mailbox status -u bob at domain.com messages INBOX.Spam >> INBOX.Spam messages=92283 > > >>>> namespace inbox { >>>> inbox = yes >>>> location = >>>> prefix = INBOX. >>>> separator =. >>>> type = private >>>> >>>> } > > Yep, try it - if the folder is there, it will happen nothing. > > I think, there is a namespace problem, and maybe the spamfolder is located > unter INBOX.INBOX.Spam (just an idea). > > I think, sieve will create a folder, where it assumes there is one. > It's just a little experimental ... ;-) > > > Greetings, > Martin Interesting: now it reports that it put the spam in its proper place: Oct 11 11:02:27 mail dovecot: lda(bob at domain.com): sieve: msgid=<6563.377.5164.515684 at Pickedit.us> : stored mail into mailbox 'INBOX.Spam' And, it created INBOX.Spam: drwxr-x--- 5 virtual virtual 4096 Oct 11 11:02 .INBOX.Spam drwxr-x--- 5 virtual virtual 4096 Oct 11 01:52 .Spam So, let's drop INBOX altogether fileinto :create "Spam"; and see what kind of mess we can come up with, right? =) From raubvogel at gmail.com Fri Oct 11 18:29:16 2013 From: raubvogel at gmail.com (Mauricio Tavares) Date: Fri, 11 Oct 2013 11:29:16 -0400 Subject: [Dovecot] Sieve and Namespace in dovecot 2.0.X In-Reply-To: References: <52580C51.7060808@rablnet.de> <52581035.5020802@rablnet.de> Message-ID: On Fri, Oct 11, 2013 at 11:08 AM, Mauricio Tavares wrote: > On Fri, Oct 11, 2013 at 10:50 AM, Martin Rabl wrote: >> Hm. Ok. >> >> Am 11.10.2013 16:44, schrieb Mauricio Tavares: >>> >>> On Fri, Oct 11, 2013 at 10:33 AM, Martin Rabl >>> wrote: >>>> >>>> fileinto :create "INBOX.Spam"; >>> >>> Even though .Spam already exists in the user's mailbox? >>> doveadm mailbox status -u bob at domain.com messages INBOX.Spam >>> INBOX.Spam messages=92283 >> >> >>>>> namespace inbox { >>>>> inbox = yes >>>>> location = >>>>> prefix = INBOX. >>>>> separator =. >>>>> type = private >>>>> >>>>> } >> >> Yep, try it - if the folder is there, it will happen nothing. >> >> I think, there is a namespace problem, and maybe the spamfolder is located >> unter INBOX.INBOX.Spam (just an idea). >> >> I think, sieve will create a folder, where it assumes there is one. >> It's just a little experimental ... ;-) >> >> >> Greetings, >> Martin > > Interesting: now it reports that it put the spam in its proper place: > > Oct 11 11:02:27 mail dovecot: lda(bob at domain.com): sieve: > msgid=<6563.377.5164.515684 at Pickedit.us> : stored mail into mailbox > 'INBOX.Spam' > > And, it created INBOX.Spam: > > drwxr-x--- 5 virtual virtual 4096 Oct 11 11:02 .INBOX.Spam > drwxr-x--- 5 virtual virtual 4096 Oct 11 01:52 .Spam > > So, let's drop INBOX altogether > > fileinto :create "Spam"; > > and see what kind of mess we can come up with, right? =) And that seems to have worked. Now I feel like http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage and I do not like each other... From ricardo at wenn.com Fri Oct 11 20:06:19 2013 From: ricardo at wenn.com (Ricardo Branco) Date: Fri, 11 Oct 2013 18:06:19 +0100 Subject: [Dovecot] ./configure not checking solr deps Message-ID: <5258300B.3000105@wenn.com> It seems that when you run ./configure with --with-solr it does not check for deps libcurl and libexpat. When we compiled it silently went though and still compiled without a problem then missed installing solr. Maybe im missing something? -- The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain any message or any part of it. If you have received an email in error, please contact the sender and delete the material from any computer. The contents of this email are not for publication unless specifically stated. Furthermore, the information contained in this message, and any attachment(s) thereto, is for information purposes only and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of WENN or its subsidiaries and associated companies. We make every effort to keep our network free from viruses. However, you do need to check this e-mail and any attachments to it for viruses as we can take no responsibility for any computer virus which may be transferred by way! of this e-mail. WENN Ltd: Registered Office: 35 Tileyard Studios, Tileyard Road, London, N7 9AH, England. Registered No: 4375163. Place of Registration: United Kingdom. USA Entertainment News Inc (d/b/a WENN): Registered Office: 352 7th Avenue, Suite 1105, New York, NY 10001-5657, USA The WENN name, design and related marks are trademarks of the WENN group of companies. (c) 2013 All Rights Reserved. From ricardo at wenn.com Fri Oct 11 20:10:39 2013 From: ricardo at wenn.com (Ricardo Branco) Date: Fri, 11 Oct 2013 18:10:39 +0100 Subject: [Dovecot] Solr issue with Zlib Message-ID: <5258310F.8040607@wenn.com> I have found that if you the fts_solr plugin is listed after Zlib it will cause an indexing problem where any message that was compressed with Zlib is submitted to solr without being uncompressed. The order of the plugins is important. Not sure if this can be fixed but im trying to add a wiki note. -- The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain any message or any part of it. If you have received an email in error, please contact the sender and delete the material from any computer. The contents of this email are not for publication unless specifically stated. Furthermore, the information contained in this message, and any attachment(s) thereto, is for information purposes only and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of WENN or its subsidiaries and associated companies. We make every effort to keep our network free from viruses. However, you do need to check this e-mail and any attachments to it for viruses as we can take no responsibility for any computer virus which may be transferred by way! of this e-mail. WENN Ltd: Registered Office: 35 Tileyard Studios, Tileyard Road, London, N7 9AH, England. Registered No: 4375163. Place of Registration: United Kingdom. USA Entertainment News Inc (d/b/a WENN): Registered Office: 352 7th Avenue, Suite 1105, New York, NY 10001-5657, USA The WENN name, design and related marks are trademarks of the WENN group of companies. (c) 2013 All Rights Reserved. From rob0 at gmx.co.uk Sat Oct 12 00:31:46 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Fri, 11 Oct 2013 16:31:46 -0500 Subject: [Dovecot] Doveadm with a 2nd Instance In-Reply-To: <52559F44.2010600@gmail.com> References: <5243BBCD.3060107@gmail.com> <20130926130237.GT13717@harrier.slackbuilds.org> <52559F44.2010600@gmail.com> Message-ID: <20131011213146.GO9230@harrier.slackbuilds.org> On Wed, Oct 09, 2013 at 02:24:04PM -0400, Chris Lasater wrote: > I figured this one out. The bug is associated with the default > run/dovecot base_dir. If you move both instances to a different > location then (or at least the one named dovecot) it works fine > and I can control both instances properly. Thank you for following up. I haven't had the chance to get back to this yet, but if the list doesn't hear back from me, assume it worked. :) > On 09/26/2013 09:02 AM, /dev/rob0 wrote: > >On Thu, Sep 26, 2013 at 12:45:01AM -0400, Chris Lasater wrote: > >>I am trying to use 2 instances of Dovecot on the same server so I > >>can have a Director managing my connections, everything appears to > >>be working, but I can not use doveadm to control my 2nd instance, > >>but doveconf seems to work fine. > >I have noticed the same thing. It seems that doveadm ignores -i. > >"dovecot" works with -c /path/to/other/dovecot.conf, but it too > >ignores -i. > > > >We got the idea to try -i from > >http://wiki2.dovecot.org/Tools/Doveadm/Instance , but "doveadm help" > >itself does not show a -i. > > > >>I have stopped and started both my instances so the config running > >>is what is in the config file, but when I use -i Director with > >>doveadm it uses the other instances config. > >And this is a big problem for trying to use "doveadm director" > >commands when the director instance uses the nonstandard paths. I > >haven't found a way to do that yet! "-c /path/to/other/dovecot.conf" > >didn't work. > > > >http://wiki2.dovecot.org/Tools/Doveadm/Director > > > >Currently on 2.2.5, about to switch to 2.2.6 EE. It seemed like it > >worked back in 2.0.9 before upgrading. > -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From voytek at sbt.net.au Sat Oct 12 01:05:01 2013 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Sat, 12 Oct 2013 09:05:01 +1100 Subject: [Dovecot] re-sorting emails in chrono order Message-ID: dovecot 2.1.1 I access my IMAP folders through SquirrelMail as a result of 'part copying' (probably through web client ? not sure), that is copying/moving some emails, later, the rest, I have a sub folder where I have maybe 30 emails from 2012 appear at the very end like so 2013/2012/2010/.../2006/2005/2012 how can I re-sort ? thanks Voytek From d.parthey at metaways.de Sat Oct 12 12:22:46 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Sat, 12 Oct 2013 11:22:46 +0200 Subject: [Dovecot] Transparent Migration from cyrus to dovecot In-Reply-To: <5253B0D4.5060705@mur.at> References: <52513DE2.6070708@mur.at> <5251CE62.5060104@wildgooses.com> <5253B0D4.5060705@mur.at> Message-ID: Hi Jogi "Jogi Hofm?ller" schrieb: >One question still remains in my head. The migration/dsync page [1] >states that 'The source IMAP/POP3 mailboxes shouldn't be modified while >dsync is running. Also "dsync backup" means that if the destination has >any changes that don't exist in source IMAP server, the changes are >deleted.' So how does the setup behave *while* I migrate a user's >mail? We disabled the login (IMAP, POP3 and SMTP as well) of the user to be migrated and kicked the user from the system. Then we deferred the delivery to the user mailbox in the MTA with a temporary failure and a message like "Mailbox being migrated", with the help of a lookup table in the database. This avoids changes to the affected mailbox during the sync. If something goes terribly wrong during sync, you can simply switch the proxy back to the old mailbox and re-enable delivery. No mail will be lost, since it should remain in the remote MTA's mail queue for a while in order to be retried and delivered later. Regards Daniel From noel.butler at ausics.net Sat Oct 12 13:43:25 2013 From: noel.butler at ausics.net (Noel Butler) Date: Sat, 12 Oct 2013 20:43:25 +1000 Subject: [Dovecot] Transparent Migration from cyrus to dovecot In-Reply-To: References: <52513DE2.6070708@mur.at> <5251CE62.5060104@wildgooses.com> <5253B0D4.5060705@mur.at> Message-ID: On 12/10/2013 19:22, Daniel Parthey wrote: > No mail will be lost, since it should remain in the remote MTA's mail > queue for a while in order to be retried and delivered later. > No guarantee there, some services are broken and do not retry, hotmail used to, and I've heard in some cases, still does, do this, some marketing system (ok, so thats no loss) do this - there reasoning is because of such high outbound queues, it would only delay first runs and upset their clients, again, no loss to me, but one persons spam can be anothers ham. It is after all why we have secondary MX's, on network, and if need be, off network. From mitya at mageia.org Sat Oct 12 01:12:28 2013 From: mitya at mageia.org (Dimitri) Date: Sat, 12 Oct 2013 02:12:28 +0400 Subject: [Dovecot] Dovecot 2.2.6 comression library build error Message-ID: <1381529548.15542.8.camel@localhost> Hi, I'm trying to build Dovecot 2.2.6 under Mageia Linux, and there are two issues. 1. I get the following errors during build, please see http://pastebin.com/RmSRZPip - the compression library requires dlopen/dlsym/etc functions, but the library providing them is not mentioned in the linking command. I've managed to workaround this by adding -ldl to the corresponding src/lib-compression/Makefile.in line. 2. The lib90_sieve_extprograms_plugin.so library gets installed into /dovecot/sieve (and it's the only file to reside there), while all other modules are installed into /dovecot/modules. Has this been done on purpose? For Mageia package, I've decided to move this file to the standard location. Thanks, Dimitri Mageia Linux packager From listen at constabel.net Sat Oct 12 20:37:49 2013 From: listen at constabel.net (Mike Constabel) Date: Sat, 12 Oct 2013 19:37:49 +0200 Subject: [Dovecot] Error: Syncing mailbox virtual failed: Virtual mailbox missing configuration file Message-ID: <20131012173749.GK27227@herakles.constabel-it.de> Hi, if I use doveadm search -u xx at xx.de savedbefore 15w or other search queries i got as first line: doveadm(xx at xx.de): Error: Syncing mailbox virtual failed: Virtual mailbox missing configuration file The virtual Mailbox has a config file: # cat /mailspool1/xx.de/xx/Maildir/virtual/Alle\ eigenen\ E-Mails/dovecot-virtual * all root at srv-mail:~# doveconf -n # 2.2.6 (81aedacbb01f): /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 ext4 auth_mechanisms = plain login dict { expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } lmtp_save_to_detail_mailbox = yes log_path = /var/log/dovecot/dovecot.log mail_attachment_dir = /mailspool1/attachments mail_attachment_min_size = 64 k mail_location = mdbox:/mailspool1/%d/%n/mdbox:ALT=/mailspool2/%d/%n/mdbox mail_plugins = quota mail_log notify expire trash acl zlib mailbox_alias virtual mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = mdbox:/mailspool1/%%d/%%n/mdbox:INDEXPVT=~/mdbox/shared/%%u prefix = shared/%%u/ separator = / type = shared } namespace { list = children location = mdbox:/mailspool1/public-folders/mdbox:INDEXPVT=~/mdbox/public/public-folders prefix = public/ separator = / type = public } namespace { location = virtual:~/Maildir/virtual prefix = virtual/ separator = / } namespace inbox { inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } mailbox virtual/All { special_use = \All } mailbox virtual/Flagged { special_use = \Flagged } prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = file:/mailspool1/shared-mailboxes.db mail_log_events = delete undelete expunge copy mailbox_create mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mailbox_alias_new = Sent Messages mailbox_alias_new2 = Sent Items mailbox_alias_new3 = Gesendete Elemente mailbox_alias_new4 = Gel?schte Elemente mailbox_alias_new5 = Junk-E-Mail mailbox_alias_old = Sent mailbox_alias_old2 = Sent mailbox_alias_old3 = Sent mailbox_alias_old4 = Trash mailbox_alias_old5 = Junk quota = dict:User quota::proxy::quota quota_grace = 10%% quota_rule = *:storage=10G quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve zlib_save = gz zlib_save_level = 6 } pop3_client_workarounds = outlook-no-nuls protocols = " imap lmtp sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service dict { unix_listener dict { group = vmail mode = 0660 } } service lmtp { inet_listener lmtp { address = 192.168.1.98 port = 24 } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } service managesieve { process_limit = 1024 } ssl_cert = Dear all, few days ago I updated Debian to the latest stable and since then Dovecot is not working. I use Dovecot as LDA for Postfix and also for IMAP access. Also I used SASL and everything was ok before update. After I updated to Dovecot 2.1.7 (it used to be 1.x before) it looks like that e-mail delever is working but I can not configure IMAP access to work. All users/passwords are stored as local users in /etc/passwd When I tried to connect to imap log file shows: Oct 12 22:16:16 seenet-mtp dovecot: auth-worker(24788): Debug: pam(user at mydomain.com,178.x.y.z): lookup service=dovecot Oct 12 22:17:16 seenet-mtp dovecot: auth: Error: auth worker: Aborted request: Lookup timed out Also tested access opensasl clent and after I tried to log in I have received: * OK Waiting for authentication process to respond.. tar NO [UNAVAILABLE] Temporary authentication failure. [seenet-mtp:2013-10-12 20:20:27] # doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.2 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_location = maildir:/%h/mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = " imap" service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } ssl_cert = References: <5259AFED.90905@svetnauke.org> Message-ID: <5259B1D2.9070601@thelounge.net> Am 12.10.2013 22:24, schrieb Milan Milo?evi?: > Dear all, > > few days ago I updated Debian to the latest stable and since then Dovecot is not working. I use Dovecot as LDA for > Postfix and also for IMAP access. Also I used SASL and everything was ok before update. After I updated to Dovecot > 2.1.7 (it used to be 1.x before) it looks like that e-mail delever is working but I can not configure IMAP access > to work. 1.x to 2.x is a *major upgrade* so look in your syslog (not the maillog) and the next time before oyu do a migration i suggest https://www.google.at/search?q=upgrade+dovecot+1.x+to+2.x which will result at the following instructions *before* start the upgrade http://wiki2.dovecot.org/Upgrading/2.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From mmilan at svetnauke.org Sat Oct 12 23:44:51 2013 From: mmilan at svetnauke.org (=?UTF-8?B?TWlsYW4gTWlsb8WhZXZpxIc=?=) Date: Sat, 12 Oct 2013 22:44:51 +0200 Subject: [Dovecot] Problem with Dovecot after upgrade to Debian 7.0 (stable) In-Reply-To: <5259B1D2.9070601@thelounge.net> References: <5259AFED.90905@svetnauke.org> <5259B1D2.9070601@thelounge.net> Message-ID: <5259B4C3.1020903@svetnauke.org> I have checked that before and did doveconf -n -c... at first but the result was same. After that I have removed Postfix, Dovecot, saslauthd and all configurations. I installed everything again (by following documentations for Dovecot and Postfix) and the problem is still here. To me it looks like that there is a problem when dovecot tries to connect to PAM but I'm not sure... > > 1.x to 2.x is a *major upgrade* > > so look in your syslog (not the maillog) and the next time before oyu > do a migration i suggest > https://www.google.at/search?q=upgrade+dovecot+1.x+to+2.x which will > result at the following instructions *before* start the upgrade > > http://wiki2.dovecot.org/Upgrading/2.0 From skdovecot at smail.inf.fh-brs.de Sun Oct 13 00:12:20 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen) Date: Sat, 12 Oct 2013 23:12:20 +0200 Subject: [Dovecot] Problem with Dovecot after upgrade to Debian 7.0 (stable) In-Reply-To: <5259AFED.90905@svetnauke.org> References: <5259AFED.90905@svetnauke.org> Message-ID: <5259BB34.9090408@smail.inf.fh-brs.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Milan Milo?evi? wrote: > Oct 12 22:16:16 seenet-mtp dovecot: auth-worker(24788): Debug: > pam(user at mydomain.com,178.x.y.z): lookup service=dovecot Oct 12 > 22:17:16 seenet-mtp dovecot: auth: Error: auth worker: Aborted > request: Lookup timed out > > Also tested access opensasl clent and after I tried to log in I > have received: > > * OK Waiting for authentication process to respond.. tar NO > [UNAVAILABLE] Temporary authentication failure. > [seenet-mtp:2013-10-12 20:20:27] > > protocols = " imap" service auth { unix_listener > /var/spool/postfix/private/auth { mode = 0666 } } service auth { client_limit = 12500 unix_listener auth-client { mode = 0766 } unix_listener auth-userdb { mode = 0766 user = vmail } } I'm pretty sure you need some of these above, too. You have only the Postfix auth demon, but none of the Dovecot-internal one. Please check out the default config and add your configs to it. - -- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUlm7M13r2wJMiz2NAQLLFgf+IrY1pMATHgQ3N5SOQ1eqVL0yjZx1GfUR ueCk5rAKvQ9b+ZUn7YVFaHJVie5lCZVYlQMx+4EG8BPxUNQIR84jmje9xhVRrNrF 3qBxYD8ksuDeVMaf4nX9wV2XnYmMe9M3tCKqSLyWksmmC2p+OCBdp996UW26gR2C suIR5162IXFpolRhcTCt/4BMRh6wodcl6A52J+jpKr9iU3EuNrAX/bDaYBL1tYsu w6VXU/HGXhl8xIbQwASnbtdqPii5PVTkRWZtPgHeOWdQ3oZ6N2gPO9O/3e7N3wzl cjJkzxLJ07nXwuFsVV3mKtUFYCcDVpR/DuWOm9qZEirxozeRkg+RkA== =9PL1 -----END PGP SIGNATURE----- From ede at ede.com.ec Sun Oct 13 01:01:00 2013 From: ede at ede.com.ec (ede at ede.com.ec) Date: Sat, 12 Oct 2013 17:01:00 -0500 Subject: [Dovecot] Problem with PAM, vpopmail and Roundcube Message-ID: <20131012220202.F025B1AE87C5@dovecot.org> Hello, I have a problem to which I have not been able to find a solution by myself or online. I have Dovecot running together with Qmail on a CentOS server. I need to be able to control which users are allowed IMAP access and at the same time allow IMAP access for all users when the requests are coming from a specific IP. My problem has two parts, detailed below. ----------------------------------------------------------- 1. PAM not working to allow access only for specified users ----------------------------------------------------------- Right now I am controlling IMAP access with [vmoduser -i] in Qmail which is not what I want. I need the IMAP access to be closed for everyone and then specify which users are allowed to access. I tried using [pam.d] for this as per http://wiki.dovecot.org/Authentication/RestrictAccess but although I am not getting any errors, all users are still allowed access unless I block them with [vmoduser -i]. In [dovecot.conf] I have: passdb pam { args = * } In [/etc/pam.d/imap] I have: auth required pam_listfile.so item=user sense=allow file=/etc/imapusers onerr=fail And in [/etc/imapusers] I have specified the only users that should have access. Any ideas why this isn't working? ------------------------------------------------------- 2. Allow access for all users coming from a specific IP ------------------------------------------------------- I have a Roundcube installation running on an external server and I need *all* my users to be able to use the Webmail regardless if they have IMAP or only POP access from their computer or mobile devices. Using PAM I tried in [/etc/pam.d/imap]: auth required pam_listfile.so item=user sense=allow file=/etc/imapusers onerr=fail allow_nets=127.0.0.0/8,192.168.0.0/16,1.2.3.4 ...where the webmail installation would be installed at IP [1.2.3.4]. But no luck! ------------------------------------------------------- Please - if there are anyone with ideas I could really use them. I have been going around in circles for the last couple of weeks and I don't know what to do! Sincerely, Daniel From list_dovecot at bluerosetech.com Sun Oct 13 01:08:42 2013 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Sat, 12 Oct 2013 15:08:42 -0700 Subject: [Dovecot] Transparent Migration from cyrus to dovecot In-Reply-To: References: <52513DE2.6070708@mur.at> <5251CE62.5060104@wildgooses.com> <5253B0D4.5060705@mur.at> Message-ID: <5259C86A.10500@bluerosetech.com> On 10/12/2013 3:43 AM, Noel Butler wrote: > On 12/10/2013 19:22, Daniel Parthey wrote: > >> No mail will be lost, since it should remain in the remote MTA's mail >> queue for a while in order to be retried and delivered later. >> > > No guarantee there, some services are broken and do not retry, hotmail > used to, and I've heard in some cases, still does, do this, some > marketing system (ok, so thats no loss) do this - there reasoning is > because of such high outbound queues, it would only delay first runs and > upset their clients, again, no loss to me, but one persons spam can be > anothers ham. > > It is after all why we have secondary MX's, on network, and if need be, > off network. Instead of deferring the message and returning a 4xx to the remote client, accept it normally and put it into a hold queue or defer the delivery transport. After the switchover, requeue the message. From d.parthey at metaways.de Sun Oct 13 01:40:13 2013 From: d.parthey at metaways.de (Daniel Parthey) Date: Sun, 13 Oct 2013 00:40:13 +0200 Subject: [Dovecot] Problem with PAM, vpopmail and Roundcube In-Reply-To: <20131012220202.F025B1AE87C5@dovecot.org> References: <20131012220202.F025B1AE87C5@dovecot.org> Message-ID: <53c221ac-f76c-4d10-a6b6-30910f6371fc@email.android.com> Hi Daniel possibly http://wiki2.dovecot.org/PostLoginScripting is the right wiki article for you. It describes how to block a user depending on username and/or IP. Regards Daniel From mmilan at svetnauke.org Sun Oct 13 02:20:19 2013 From: mmilan at svetnauke.org (=?UTF-8?B?TWlsYW4gTWlsb8WhZXZpxIc=?=) Date: Sun, 13 Oct 2013 01:20:19 +0200 Subject: [Dovecot] Problem with Dovecot after upgrade to Debian 7.0 (stable) In-Reply-To: <5259BB34.9090408@smail.inf.fh-brs.de> References: <5259AFED.90905@svetnauke.org> <5259BB34.9090408@smail.inf.fh-brs.de> Message-ID: <5259D933.7090605@svetnauke.org> Thanks. I tried it (few combinations) but it didn't help. I have received few errors: - User doesn't exist: vmail - dovecotWarning: fd limit (ulimit -n) is lower than required under max. load (1024 < 12500), because of service auth { client_limit Milan On 10/12/2013 11:12 PM, Steffen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Milan Milo?evi? wrote: > >> Oct 12 22:16:16 seenet-mtp dovecot: auth-worker(24788): Debug: >> pam(user at mydomain.com,178.x.y.z): lookup service=dovecot Oct 12 >> 22:17:16 seenet-mtp dovecot: auth: Error: auth worker: Aborted >> request: Lookup timed out >> >> Also tested access opensasl clent and after I tried to log in I >> have received: >> >> * OK Waiting for authentication process to respond.. tar NO >> [UNAVAILABLE] Temporary authentication failure. >> [seenet-mtp:2013-10-12 20:20:27] >> >> protocols = " imap" service auth { unix_listener >> /var/spool/postfix/private/auth { mode = 0666 } } > service auth { > client_limit = 12500 > unix_listener auth-client { > mode = 0766 > } > unix_listener auth-userdb { > mode = 0766 > user = vmail > } > } > > I'm pretty sure you need some of these above, too. You have only the > Postfix auth demon, but none of the Dovecot-internal one. > > Please check out the default config and add your configs to it. > > - -- > Steffen > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (Darwin) > Comment: Using GnuPG with undefined - http://www.enigmail.net/ > > iQEVAwUBUlm7M13r2wJMiz2NAQLLFgf+IrY1pMATHgQ3N5SOQ1eqVL0yjZx1GfUR > ueCk5rAKvQ9b+ZUn7YVFaHJVie5lCZVYlQMx+4EG8BPxUNQIR84jmje9xhVRrNrF > 3qBxYD8ksuDeVMaf4nX9wV2XnYmMe9M3tCKqSLyWksmmC2p+OCBdp996UW26gR2C > suIR5162IXFpolRhcTCt/4BMRh6wodcl6A52J+jpKr9iU3EuNrAX/bDaYBL1tYsu > w6VXU/HGXhl8xIbQwASnbtdqPii5PVTkRWZtPgHeOWdQ3oZ6N2gPO9O/3e7N3wzl > cjJkzxLJ07nXwuFsVV3mKtUFYCcDVpR/DuWOm9qZEirxozeRkg+RkA== > =9PL1 > -----END PGP SIGNATURE----- From ede at ede.com.ec Sun Oct 13 02:51:59 2013 From: ede at ede.com.ec (ede at ede.com.ec) Date: Sat, 12 Oct 2013 18:51:59 -0500 Subject: [Dovecot] Problem with PAM, vpopmail and Roundcube In-Reply-To: <53c221ac-f76c-4d10-a6b6-30910f6371fc@email.android.com> References: <20131012220202.F025B1AE87C5@dovecot.org> <53c221ac-f76c-4d10-a6b6-30910f6371fc@email.android.com> Message-ID: <20131012235157.B58771AE876A@dovecot.org> Hi Daniel, Thank you for getting back to me so quickly. I was actually thinking of using Post Login Scripting if everything else failed, but was hoping for a solution using PAM. Anyway, I'll give the scripting a chance. Thanks again. Daniel At 05:40 PM 10/12/2013, Daniel Parthey wrote: ----------------------------------------------------------------------- Hi Daniel possibly http://wiki2.dovecot.org/PostLoginScripting is the right wiki article for you. It describes how to block a user depending on username and/or IP. Regards Daniel From roms2000 at free.fr Sun Oct 13 19:52:57 2013 From: roms2000 at free.fr (romain) Date: Sun, 13 Oct 2013 18:52:57 +0200 Subject: [Dovecot] dovecot 2.2.x and replication with dsync and shared / public namespace In-Reply-To: <5240A74C.9090105@free.fr> References: <5240A74C.9090105@free.fr> Message-ID: <525ACFE9.8050200@free.fr> Replying to my self : Dovecot 2.2 seems to have problem to replicate shared folders / public folders. To workaround, I had to modify source file "src/replication/replicator/dsync-client.c" and change line 210 : str_printfa(cmd, "\tsync\t-d\t-N\t-l\t%u", DSYNC_LOCK_TIMEOUT_SECS); To : str_printfa(cmd, "\tsync\t-d\t-l\t%u", DSYNC_LOCK_TIMEOUT_SECS); This way, replicator is using command : doveadm sync -u USERNAME -d -l 30 -U -s instead of doveadm sync -u USERNAME -d -N -l 30 -U -s (note : -N enable to sync all Namespace) Latest command would sync all user's Namespace (private / shared / public) and will failed, and user's mailboxes won't be replicated. An option in replicator plugin's could be usefull to enable / disable sync of shared folders, sync of public folders, and sync of user's mailboxes. MARIADASSOU Romain Le 23/09/2013 22:40, romain a ?crit : > Hi, > > I'm trying to configure replication with dsync on Dovecot 2.2.5 (and > latest nightly). > > I did followed the guide at http://wiki2.dovecot.org/Replication > > But I can get dsync-server working only if my users do not have access > to shared mailboxes and / or public mailboxes which is problematic for > our setup. > > dsync-server is trying to create folders in public/ namespace : > ------------------------------------- > 2013-09-23 20:34:04 dsync-server(adupont): Panic: file > dsync-brain-mailbox-tree.c: line 384 > (dsync_brain_mailbox_tree_add_delete): assertion failed: > (other_node->ns == NULL || other_node->ns == node->ns) > 2013-09-23 20:34:04 dsync-server(adupont): Error: Raw backtrace: > /usr/local/lib/dovecot/libdovecot.so.0(+0x64faa) [0x7f7bf42dcfaa] -> > /usr/local/lib/dovecot/libdovecot.so.0(+0x64fee) [0x7f7bf42dcfee] -> > /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f7bf4299299] -> > dovecot/doveadm-server() [0x41ba52] -> > dovecot/doveadm-server(dsync_brain_recv_mailbox_tree_deletes+0xbb) > [0x41c39b] -> dovecot/doveadm-server(dsync_brain_run+0x37c) [0x41972c] > -> dovecot/doveadm-server() [0x419bf8] -> dovecot/doveadm-server() > [0x42ba20] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) > [0x7f7bf42ed3d6] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) > [0x7f7bf42ee23f] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) > [0x7f7bf42ecf18] -> dovecot/doveadm-server() [0x416e59] -> > dovecot/doveadm-server() [0x40cc77] -> dovecot/doveadm-server() > [0x415ddd] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) > [0x7f7bf42ed3d6] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) > [0x7f7bf42ee23f] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) > [0x7f7bf42ecf18] -> > /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) > [0x7f7bf429e553] -> dovecot/doveadm-server(main+0x11b) [0x40c9eb] -> > /lib64/libc.so.6(__libc_start_main+0xed) [0x7f7bf3f0932d] -> > dovecot/doveadm-server() [0x40ca59] > 2013-09-23 20:34:04 dsync-server(adupont): Fatal: master: > service(doveadm): child 28131 killed with signal 6 (core dumped) > ------------------------------------- > dsync-server is trying to create folders in shared/ namespace : > ------------------------------------- > 2013-09-23 20:34:05 dsync-server(s.durant): Panic: file > dsync-mailbox-tree-sync.c: line 1029 (sync_create_mailboxes): > assertion failed: (node->ns == other_node->ns) > 2013-09-23 20:34:05 dsync-server(s.durant): Error: Raw backtrace: > /usr/local/lib/dovecot/libdovecot.so.0(+0x64faa) [0x7ffb6fd74faa] -> > /usr/local/lib/dovecot/libdovecot.so.0(+0x64fee) [0x7ffb6fd74fee] -> > /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7ffb6fd31299] -> > dovecot/doveadm-server() [0x426025] -> > dovecot/doveadm-server(dsync_mailbox_trees_sync_init+0x139) [0x427789] > -> dovecot/doveadm-server(dsync_brain_recv_mailbox_tree_deletes+0xdd) > [0x41c3bd] -> dovecot/doveadm-server(dsync_brain_run+0x37c) [0x41972c] > -> dovecot/doveadm-server() [0x419bf8] -> dovecot/doveadm-server() > [0x42ba20] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) > [0x7ffb6fd853d6] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) > [0x7ffb6fd8623f] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) > [0x7ffb6fd84f18] -> dovecot/doveadm-server() [0x416e59] -> > dovecot/doveadm-server() [0x40cc77] -> dovecot/doveadm-server() > [0x415ddd] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) > [0x7ffb6fd853d6] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) > [0x7ffb6fd8623f] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) > [0x7ffb6fd84f18] -> > /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) > [0x7ffb6fd36553] -> dovecot/doveadm-server(main+0x11b) [0x40c9eb] -> > /lib64/libc.so.6(__libc_start_main+0xed) [0x7ffb6f9a132d] -> > dovecot/doveadm-server() [0x40ca59] > 2013-09-23 20:34:05 dsync-server(s.durant): Fatal: master: > service(doveadm): child 28137 killed with signal 6 (core dumped) > ------------------------------------- > > If I run the command "doveadm -v sync -u my.user -f > tcp:10.20.0.2:12345" mailboxes are sync correctly. No problem with > public and shared mailboxes. > > If i run the command doveadm replicator replicate 's.durant' or > doveadm replicator replicate '*', I get plenty of Panic / Error for > all users that can access Public mailboxes or Shared mailboxes. > > Regards, > MARIADASSOU Romain From p.heinlein at heinlein-support.de Sun Oct 13 23:54:54 2013 From: p.heinlein at heinlein-support.de (Peer Heinlein) Date: Sun, 13 Oct 2013 22:54:54 +0200 Subject: [Dovecot] doveadm can't import his own mdboxes In-Reply-To: <524C23A4.1020709@heinlein-support.de> References: <524C23A4.1020709@heinlein-support.de> Message-ID: <525B089E.60806@heinlein-support.de> Hi, I'd like to remind to my question / bug-report some days ago. Can anybody help? Peer -------- Original-Nachricht -------- Betreff: [Dovecot] doveadm can't import his own mdboxes Datum: Wed, 02 Oct 2013 15:46:12 +0200 Von: Peer Heinlein An: Dovecot Mailing List We're running Dovecot 2.1.17 on Debian: # 2.1.17 (9efbc0731929): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-042stab078.27.debug i686 Debian 7.1 simfs and we're having this namespace configuration: mail_location = mdbox:/var/mail/%Ld/%Ln/mdbox namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = prefix = separator = . subscriptions = yes type = private } As you can see, our namespace seperator is "." and not "/": a LIST "" "*" * LIST (\HasChildren) "." INBOX.test * LIST (\HasNoChildren) "." INBOX.test.huhu * LIST (\HasNoChildren \Trash) "." Trash * LIST (\HasChildren) "." INBOX a OK List completed. The problem is, that doveadm isn't able to import his own mdbox-directory: 1) delete the whole mdbox folder # rm -rf mdbox 2) create the new mdbox folder and create some subfolders in it # doveadm mailbox create -u max.muster INBOX.test # doveadm mailbox create -u max.muster INBOX.test.huhu 3) put a mail into a subfolder 4) try to re-import the whole mdbox: it doesn't work # doveadm import -u max.muster mdbox:mdbox BACKUP all doveadm(max.muster): Error: Couldn't create mailbox BACKUP.INBOX/test/huhu: Character not allowed in mailbox name: '/' Looks like there's something wrong in the namespace or like doveadm is working with a hardcoded internal namespace... Peer -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin From arnon at back2front.ca Mon Oct 14 08:24:45 2013 From: arnon at back2front.ca (Arnon Weinberg) Date: Mon, 14 Oct 2013 01:24:45 -0400 Subject: [Dovecot] Email address with special characters in userdb Message-ID: <525B801D.5020308@back2front.ca> Hi, I have a userdb file set up in passwd-file format containing the following entries: >doveadm user test1*test2 at test.com test1-test2 at test.com test1?test2 at test.com test1 at test2@test.com test1%test2 at test.com I can access the 1st entry (no special characters) no problem: >doveadm user test1-test2 at test.com -f home /var/vmail The 2nd entry (using UTF-8 encoding) doesn't come up: >doveadm user test1?test2 at test.com -f home userdb lookup: user test1?test2 at test.com doesn't exist The 3rd entry does come up: >doveadm user test1 at test2@test.com -f home /var/vmail but Postfix escapes this case using quotes, and they don't work: >doveadm user '"'test1 at test2'"'@test.com userdb lookup: user "test1 at test2"@test.com doesn't exist The 4th entry does not come up at all: >doveadm user test1%test2 at test.com -f home userdb lookup: user test1%test2 at test.com doesn't exist I believe these are all valid characters for email addresses (per the RFC) except '@' (which ironically works without escaping). How can I get them working? >dovecot --version 2.1.16 -- Arnon Weinberg www.back2front.ca From mailinglists at xgm.de Mon Oct 14 13:57:32 2013 From: mailinglists at xgm.de (Florian Lindner) Date: Mon, 14 Oct 2013 12:57:32 +0200 Subject: [Dovecot] Questions about special_use mailboxes Message-ID: <2510090.LiNLJpGL9M@horus> Hello, I am using using dovecot 2.1.7 from debian stable: namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Spam { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } I monitor IMAP traffic using the MUA trojita. When I select the mailbox Drafts: >>> y10 SELECT Drafts (QRESYNC (1381746443 1)) <<< * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) <<< * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. Flag is \Draft instead of \Drafts? When I select Sent >>> y12 SELECT Sent (QRESYNC (1381746442 7 (2 2))) <<< * OK [CLOSED] Previous mailbox closed.?? <<< * FLAGS (\Answered \Flagged \Deleted \Seen \Draft $SENT) <<< * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft $SENT \*)] Flags permitted. Why is the flag $SENT ? http://www.faqs.org/rfcs/rfc6154.html mentiones nothing like that. When I select Spam: >>> y14 SELECT Spam (QRESYNC (1381746444 1)) <<< * OK [CLOSED] Previous mailbox closed. <<< * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) <<< * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. No flag at all? Or am I getting IMAP wrong? Thanks, Florian From andreas.schulze at datev.de Mon Oct 14 14:41:40 2013 From: andreas.schulze at datev.de (Andreas Schulze) Date: Mon, 14 Oct 2013 13:41:40 +0200 Subject: [Dovecot] how to handle logging Message-ID: <20131014114140.GA25399@spider.services.datevnet.de> Hello, I plan a migration to dovecot and have concerns about the amount of logged data. On a testsystem dovecot produced 1TB syslog per day with a comparable amount of pop3 sessions. The current server log to STDOUT which is connected to multilog (circular buffer, http://cr.yp.to/daemontools/multilog.html) That way I can have a look at the last activities to any time. I like to have that in dovecot too. But since dovecot uses syslog it's not possible to adopt 1:1 Any ideas? Thanks -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr J?rg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen From ben+dovecot at mail-subs.com Mon Oct 14 14:45:22 2013 From: ben+dovecot at mail-subs.com (Ben) Date: Mon, 14 Oct 2013 12:45:22 +0100 Subject: [Dovecot] how to handle logging In-Reply-To: <20131014114140.GA25399@spider.services.datevnet.de> References: <20131014114140.GA25399@spider.services.datevnet.de> Message-ID: <525BD952.6070303@mail-subs.com> On 14/10/2013 12:41, Andreas Schulze wrote: > Hello, > > I plan a migration to dovecot and have concerns about the amount of logged data. > On a testsystem dovecot produced 1TB syslog per day with a comparable amount of pop3 sessions. > > The current server log to STDOUT which is connected to multilog > (circular buffer, http://cr.yp.to/daemontools/multilog.html) > That way I can have a look at the last activities to any time. > > I like to have that in dovecot too. But since dovecot uses syslog > it's not possible to adopt 1:1 > > Any ideas? > Thanks > > What's wrong with good old sysslog, or why don't you use Splunk or some other proper grown-up logging tool ? Relying on STDOUT sounds like a recipe for disaster. From andreas.schulze at datev.de Mon Oct 14 14:52:30 2013 From: andreas.schulze at datev.de (Andreas Schulze) Date: Mon, 14 Oct 2013 13:52:30 +0200 Subject: [Dovecot] how to handle logging In-Reply-To: <525BD952.6070303@mail-subs.com> References: <20131014114140.GA25399@spider.services.datevnet.de> <525BD952.6070303@mail-subs.com> Message-ID: <20131014115230.GA25813@spider.services.datevnet.de> Am 14.10.2013 12:45 schrieb Ben: > >The current server log to STDOUT which is connected to multilog > >(circular buffer, http://cr.yp.to/daemontools/multilog.html) > >That way I can have a look at the last activities to any time. > What's wrong with good old sysslog, or why don't you use Splunk or > some other proper grown-up logging tool ? Relying on STDOUT sounds > like a recipe for disaster. writing >1 TB per day sounds not wise. At least not if I mostly will not read it. The interesting part is allways at the end... -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr J?rg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen From antondollmaier at aditsystems.de Mon Oct 14 14:57:16 2013 From: antondollmaier at aditsystems.de (Anton Dollmaier) Date: Mon, 14 Oct 2013 13:57:16 +0200 Subject: [Dovecot] how to handle logging In-Reply-To: <20131014115230.GA25813@spider.services.datevnet.de> References: <20131014114140.GA25399@spider.services.datevnet.de> <525BD952.6070303@mail-subs.com> <20131014115230.GA25813@spider.services.datevnet.de> Message-ID: <525BDC1C.4030607@aditsystems.de> Hi, > writing >1 TB per day sounds not wise. Use syslog-ng or similar to define log destinations to STDOUT / STDIN like multilog and omitting the "write to disk" part. E.g., using syslog-ng with the MongoDB target and a capped collection enables a similar circular buffer with the search techniques of MongoDB. Best, Anton -- ADIT Systems Anton Dollmaier, M.Sc. Im Moos 22 84323 Massing Telefon: +49-8724-3949990 (Mo-Sa, 10:00-20:00 Uhr, dt. Festnetz) Telefax: +49-8724-3949999 Umsatzsteuer-ID: DE221493781 Twitter: http://twitter.com/ADITSystems Blog: http://blog.aditsystems.de/ Facebook: http://www.facebook.com/ADITSystems KundenCenter: https://kunden.aditsystems.de/kc/ Wiki: https://kunden.aditsystems.de/wiki/ From andreas.schulze at datev.de Mon Oct 14 16:13:29 2013 From: andreas.schulze at datev.de (Andreas Schulze) Date: Mon, 14 Oct 2013 15:13:29 +0200 Subject: [Dovecot] SOLVED: how to handle logging In-Reply-To: <525BDC1C.4030607@aditsystems.de> References: <20131014114140.GA25399@spider.services.datevnet.de> <525BD952.6070303@mail-subs.com> <20131014115230.GA25813@spider.services.datevnet.de> <525BDC1C.4030607@aditsystems.de> Message-ID: <20131014131329.GA2072@spider.services.datevnet.de> Am 14.10.2013 13:57 schrieb Anton Dollmaier: > Use syslog-ng or similar to define log destinations to STDOUT / > STDIN like multilog and omitting the "write to disk" part. solved by changing syslog-ng.conf: - destination pop3 { file("/path/to/pop3.log"); };" + destination pop3 { program("multilog t /path/to/logdir"); }; Thanks for the pointer to syslog-ng configuration :-) -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr J?rg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen From claus.r at bayern-mail.de Mon Oct 14 16:47:31 2013 From: claus.r at bayern-mail.de (claus.r at bayern-mail.de) Date: Mon, 14 Oct 2013 15:47:31 +0200 Subject: [Dovecot] LMTP Proxy auth Message-ID: <05c7ef67c71d101a6c869db46bb16f27@bayern-mail.de> Hi, i tried to use lmtp proxy to a cyrus-server where i need authentication. My passdb lookup gives me: user=mailbox at cyrus.serv.er host=192.168.1.1 proxy=Y pass=secret destuser=cyrus_lmtp_master As i see in packettrace to the lmtp-cyrus-server the dovecot-proxy didn't try any authentication. Could someone please confirm to me that LMTP proxy with auth isn't supported or is there any configuration issue i have missed? From TIHiggins at uss.com Mon Oct 14 18:16:06 2013 From: TIHiggins at uss.com (Thomas I Higgins) Date: Mon, 14 Oct 2013 11:16:06 -0400 Subject: [Dovecot] POP3 Setup help - more info Message-ID: Well my last email went unaswered - I assume because I didn't provide enough detailed information. Not a surprise if that is the case. Anyway, I also noted that there is no dovecot/pop3 process like there is for IMAP. Not certain that is wrong, but I am guessing it is. I am enclosing the output from a doveconf -an query - hopefully you can see a screenshot, otherwise I have to figure out how to get it in text form (work disables cp & scp traffic). Hopefully this will provide information that will help define what I am missing? Thanks again, Thomas Higgins -------------- next part -------------- A non-text attachment was scrubbed... Name: 12445147.gif Type: image/gif Size: 14094 bytes Desc: not available URL: From mail at joachim-breitner.de Mon Oct 14 12:22:38 2013 From: mail at joachim-breitner.de (Joachim Breitner) Date: Mon, 14 Oct 2013 11:22:38 +0200 Subject: [Dovecot] Public dovecot namespace visible only to some users Message-ID: <1381742558.3941.8.camel@kirk> Hi, I have a dovecot IMAP server (version 2.1.7) with Maildirs and a virtual user setup (e.g. all accounts are mapped to the same system user). I?d like to create a public namespace shared between users A and B, but not any other user. I tried to set up the namespace as follows: namespace { type = public separator = . prefix = INBOX.XFeeds. location = maildir:/var/vhosts/feeds:INDEX=~/Maildir/feeds/ subscriptions = no } together with a acl-file: /var/vhosts/feeds $ cat dovecot-acl user=A lrwstipekxa user=B lrwipk Now user C cannot access the contents of the XFeeds mailbox, but it still shows up in its IMAP client. How can I make sure that other users cannot observe that this namespace exists? Thanks, Joachim PS: If you collect serverfault reputation, feel free to answer on http://serverfault.com/questions/544061/public-dovecot-namespace-visible-only-to-some-users as well :-) PPS: Relevant parts of my configuration: first_valid_uid = 109 last_valid_uid = 109 mail_gid = vhost mail_location = maildir:~/Maildir mail_privileged_group = mail mail_uid = vhost managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { location = maildir:/var/vhosts/feeds:INDEX=~/Maildir/feeds/ prefix = INBOX.XFeeds. separator = . subscriptions = no type = public } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . } passdb { args = /etc/vhosts/dovecot-userdb driver = passwd-file } plugin { acl = vfile sieve = ~/dovecot.sieve sieve_dir = ~/sieve } userdb { args = uid=vhost gid=vhost home=/var/vhosts/%d/%n driver = static } protocol imap { mail_plugins = " acl" } -- Joachim ?nomeata? Breitner mail at joachim-breitner.de ? http://www.joachim-breitner.de/ Jabber: nomeata at joachim-breitner.de ? GPG-Key: 0x4743206C Debian Developer: nomeata at debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: From mail at joachim-breitner.de Mon Oct 14 17:38:31 2013 From: mail at joachim-breitner.de (Joachim Breitner) Date: Mon, 14 Oct 2013 16:38:31 +0200 Subject: [Dovecot] Public dovecot namespace visible only to some users In-Reply-To: <1381742558.3941.8.camel@kirk> References: <1381742558.3941.8.camel@kirk> Message-ID: <1381761511.10722.1.camel@kirk> H, Am Montag, den 14.10.2013, 11:22 +0200 schrieb Joachim Breitner: > How can I make sure that other users > cannot observe that this namespace exists? something else that I tried since is to set "list = no" in the esttings of "namespace feeds", and add "userdb_namespace/feeds/list=yes" to the passwd file, but the latter did not seem to have any effect. Greetings, Joachim -- Joachim ?nomeata? Breitner mail at joachim-breitner.de ? http://www.joachim-breitner.de/ Jabber: nomeata at joachim-breitner.de ? GPG-Key: 0x4743206C Debian Developer: nomeata at debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: From j.luebbert at kaladix.org Mon Oct 14 19:08:54 2013 From: j.luebbert at kaladix.org (=?ISO-8859-15?Q?J=F6rg_L=FCbbert?=) Date: Mon, 14 Oct 2013 18:08:54 +0200 Subject: [Dovecot] DH parameter length too small? Message-ID: <525C1716.6080901@kaladix.org> Hello, from my understanding, using 1024bit DH parameters results in a not sufficiently secure key exchange for DH(E). Therefore I think it would be advisable to have parameters of at least 2048bit . In fact, I would see a great benefit in chosing parameter length arbitrarily. I also do not see the benefit of parameter regeneration. What were the design goals here? Thanks, J?rg L?bbert From rob0 at gmx.co.uk Mon Oct 14 19:37:53 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 14 Oct 2013 11:37:53 -0500 Subject: [Dovecot] Email address with special characters in userdb In-Reply-To: <525B801D.5020308@back2front.ca> References: <525B801D.5020308@back2front.ca> Message-ID: <20131014163753.GR9230@harrier.slackbuilds.org> On Mon, Oct 14, 2013 at 01:24:45AM -0400, Arnon Weinberg wrote: > I have a userdb file set up in passwd-file format containing the > following entries: > >doveadm user test1*test2 at test.com > test1-test2 at test.com > test1?test2 at test.com > test1 at test2@test.com > test1%test2 at test.com snip > I believe these are all valid characters for email addresses (per > the RFC) except '@' (which ironically works without escaping). No exception is made for "@". *All* 7-bit printable characters, ASCII 32 through 127, are allowed. RFC 5321. > How can I get them working? > > >dovecot --version > 2.1.16 See auth_username_chars in your conf.d/10-auth.conf file. RFC 5321 notwithstanding, it's reasonable and usually a good idea to limit the characters that YOUR SITE will allow in usernames. You can still send mail to <"eat at Joe's"@example.com>, but in general, if you plan to use such addresses in your own domains, you should consider rewriting them in your MTA (aliases(5) or similar.) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From rob0 at gmx.co.uk Mon Oct 14 19:58:51 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 14 Oct 2013 11:58:51 -0500 Subject: [Dovecot] POP3 Setup help - more info In-Reply-To: References: Message-ID: <20131014165851.GS9230@harrier.slackbuilds.org> On Mon, Oct 14, 2013 at 11:16:06AM -0400, Thomas I Higgins wrote: > Well my last email went unaswered Not so. You got two replies. If you are not going to read your replies, you cannot be helped. > - I assume because I didn't provide enough detailed information. Both replies noted this. One asked for clarification. > Not a surprise if that is the case. Anyway, I also noted that > there is no dovecot/pop3 process like there is for IMAP. Not > certain that is wrong, but I am guessing it is. I am enclosing > the output from a doveconf -an query - hopefully you can see a > screenshot, No, I can't. (I could, but I won't, to be exact.) Please don't post binary attachments to public mailing lists. > otherwise I have to figure out how to get it in text form Yes, you should. In addition to the ignored replies in the other thread, I'll ask this: why do you want to use POP3? IMAP can do everything POP3 can do, and it's superior in many ways. POP3 should have died out a decade ago. > (work disables cp & scp traffic). Hopefully this will provide > information that will help define what I am missing? -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From h.reindl at thelounge.net Mon Oct 14 20:02:37 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 14 Oct 2013 19:02:37 +0200 Subject: [Dovecot] POP3 Setup help - more info In-Reply-To: <20131014165851.GS9230@harrier.slackbuilds.org> References: <20131014165851.GS9230@harrier.slackbuilds.org> Message-ID: <525C23AD.5070504@thelounge.net> Am 14.10.2013 18:58, schrieb /dev/rob0: > In addition to the ignored replies in the other thread, I'll ask > this: why do you want to use POP3? IMAP can do everything POP3 can > do, and it's superior in many ways. POP3 should have died out a > decade ago say who? you want to provide storage, backup and responsibility for every message all users ever received in their live and train them how to move messages to local folders instead have a typical POP3 setup with some days keep on server where the user must not all the time remember that he should act before quota warnings arrive? well, you can do so, many others won't -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From campbell at cnpapers.com Mon Oct 14 20:37:03 2013 From: campbell at cnpapers.com (Steve Campbell) Date: Mon, 14 Oct 2013 13:37:03 -0400 Subject: [Dovecot] POP3 Setup help - more info In-Reply-To: <20131014165851.GS9230@harrier.slackbuilds.org> References: <20131014165851.GS9230@harrier.slackbuilds.org> Message-ID: <525C2BBF.3060007@cnpapers.com> >> otherwise I have to figure out how to get it in text form > Yes, you should. > > Try something like: #!/bin/sh ( dovecot -an && echo) | /bin/mail -s "Dovecot -an output" you at yourdomain.com Put the above two lines in an executable file (chmod 777 or something like that and erase after you run it) and run the file. It should send the output of "dovecot -an" to the email address you at yourdomain.com with a subject line of "Dovecot -an output". You might have to use a different "/bin/mail" command depending on what your mail server is. steve campbell From dac at getodata.ro Mon Oct 14 21:22:43 2013 From: dac at getodata.ro (dac at getodata.ro) Date: Mon, 14 Oct 2013 18:22:43 +0000 Subject: [Dovecot] Dovecot proxy hooks Message-ID: <092115485c69b26bc50f447278b2bc7f@getodata.ro> I am interested in the possibility of using Dovecot IMAP/POP proxying capabilities to analyze emails that are passing through and possibly modify content on the fly. This subject has been discussed here [1] before. I have tried the mail-filter plugin [2], but the hooks it uses are only called in a non-proxy setup. Is there a practical way of doing this, or plans to add such a feature? Links: [1]: http://dovecot.org/list/dovecot/2006-February/011704.html [2]: http://www.dovecot.org/patches/2.2/mail-filter.tar.gz From azurit at pobox.sk Mon Oct 14 21:28:29 2013 From: azurit at pobox.sk (azurIt) Date: Mon, 14 Oct 2013 20:28:29 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= Message-ID: <20131014202829.D69A4098@pobox.sk> Hi, i'm using Dovecot 2.1.7 (Debian Wheezy) and output from LIST command looks strange: C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN (STATUS (UNSEEN)) S: * LIST () "." "INBOX" S: * LIST () "." "INBOX.Karantena" S: * STATUS "INBOX.Karantena" (UNSEEN 0) S: * LIST () "." "INBOX.Spam" S: * STATUS "INBOX.Spam" (UNSEEN 0) S: 4 OK List completed. The UNSEEN information for INBOX is completely missing. It is correct behavior? If not, is this a known bug in 2.1.7? Thank you. azur From slusarz at curecanti.org Mon Oct 14 22:23:18 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Mon, 14 Oct 2013 13:23:18 -0600 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131014202829.D69A4098@pobox.sk> References: <20131014202829.D69A4098@pobox.sk> Message-ID: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> Quoting azurIt : > i'm using Dovecot 2.1.7 (Debian Wheezy) and output from LIST command > looks strange: > > C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN (STATUS (UNSEEN)) > S: * LIST () "." "INBOX" > S: * LIST () "." "INBOX.Karantena" > S: * STATUS "INBOX.Karantena" (UNSEEN 0) > S: * LIST () "." "INBOX.Spam" > S: * STATUS "INBOX.Spam" (UNSEEN 0) > S: 4 OK List completed. > > The UNSEEN information for INBOX is completely missing. It is > correct behavior? No. RFC 5819 [2]: "For each selectable mailbox matching the list pattern and selection options, the server MUST return an untagged LIST response followed by an untagged STATUS response containing the information requested in the STATUS return option." INBOX matches the list pattern (It is explicitly contained in the search list) and the selection options (which is empty), so the server MUST return both a LIST response -AND- a STATUS response. 2.1.10 changelog has this cryptic entry: - imap: Various fixes to listing mailboxes. Maybe that is what fixed things (I don't see this behavior in 2.2.6). michael From azurit at pobox.sk Mon Oct 14 22:39:49 2013 From: azurit at pobox.sk (azurIt) Date: Mon, 14 Oct 2013 21:39:49 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= In-Reply-To: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> References: <20131014202829.D69A4098@pobox.sk> <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> Message-ID: <20131014213949.F9D26637@pobox.sk> >Quoting azurIt : > >> i'm using Dovecot 2.1.7 (Debian Wheezy) and output from LIST command >> looks strange: >> >> C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN (STATUS (UNSEEN)) >> S: * LIST () "." "INBOX" >> S: * LIST () "." "INBOX.Karantena" >> S: * STATUS "INBOX.Karantena" (UNSEEN 0) >> S: * LIST () "." "INBOX.Spam" >> S: * STATUS "INBOX.Spam" (UNSEEN 0) >> S: 4 OK List completed. >> >> The UNSEEN information for INBOX is completely missing. It is >> correct behavior? > >No. RFC 5819 [2]: > >"For each selectable mailbox matching the list pattern and selection >options, the server MUST return an untagged LIST response followed by >an untagged STATUS response containing the information requested in >the STATUS return option." > >INBOX matches the list pattern (It is explicitly contained in the >search list) and the selection options (which is empty), so the server >MUST return both a LIST response -AND- a STATUS response. > >2.1.10 changelog has this cryptic entry: > - imap: Various fixes to listing mailboxes. > >Maybe that is what fixed things (I don't see this behavior in 2.2.6). > >michael > Ok, i have this in my config: namespace inbox { prefix = INBOX. separator = . inbox = yes list = yes } Based on migration instructions from here: http://wiki2.dovecot.org/Migration/Courier and here: http://wiki2.dovecot.org/Namespaces Difference is that second page is using namespace 'inbox' and first not. I tried both and the second was working ok while first was doing problems in IMAP clients (it puts folder tree to different location than it was with Courier). The problem with LIST command disappears when i comment out line "prefix = INBOX.". Any hints? Thank you. azur From igord at bra.in.rs Mon Oct 14 22:57:19 2013 From: igord at bra.in.rs (Igor David) Date: Mon, 14 Oct 2013 20:57:19 +0100 Subject: [Dovecot] Analyzing and correlating Dovecot with Postfix logs Message-ID: <00184e4ae4072d185c9af0a55b4f4658@bra.in.rs> Hi All, I was wondering if anyone knows what are best practices for correlating logs between Postfix and Dovecot ? I am having setup with postfix + amavisd + spamassassin + dovecot and everything looks like a charm for few years now. However, when e-mail arrives to my system, postfix is sending it to amavisd on port 10024, which is returning back to postfix on 10025, and postfix is then delivering e-mail to Dovecot (which is acting as LDA), so I can find e-mail header via message-ID easily in Postfix logs. But after that I cannot find e-mail in my Dovecot Maildir list as a filename, as Dovecot is having it's own way of storing e-mails in Maildir format, and I can't see that messageID in directory. I can grep all e-mails which can take some time, so I was wondering if there is more appropriate work around or setup Postfix/Dovecot, e.g. to modify somehow dovecot Maildir naming convention or similar? I was trying to find answer around but could not so any help is appreciated! Versions: Dovecot: 2.1.13 Amavisd: amavisd-new-2.6.6 postfix: 2.3.3 Thanks in advance! -- Kind regards, Igor From noel.butler at ausics.net Tue Oct 15 02:55:14 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 15 Oct 2013 09:55:14 +1000 Subject: [Dovecot] POP3 Setup help - more info In-Reply-To: <20131014165851.GS9230@harrier.slackbuilds.org> References: <20131014165851.GS9230@harrier.slackbuilds.org> Message-ID: On 15/10/2013 02:58, /dev/rob0 wrote: > In addition to the ignored replies in the other thread, I'll ask > this: why do you want to use POP3? IMAP can do everything POP3 can > do, and it's superior in many ways. POP3 should have died out a > decade ago. Not sure what country he's in, but I'll comment on that comment :) Some countries, disks are not cheap, for instance in Australia, disks and most hardware is on average over 200% more expensive, than the U.S., I've been given some pricing that makes it 350% dearer. Most ISP's here, even the most largest ones, only offer pop3 - imap is reserved for those very few using webmail. Of the very few that do offer imap, the take up rate over the years is negligible, such that it is not worth the effort, likely due to privacy which most aussies take seriously. Although we are not as bad as the US with its publicised broad over reaching FISA warrants, it is still all too easy for law enforcement here to get warrants to secretly access your mail if on ISP servers, but bloody hard to do so if you use pop3 and have already d/l it to whatever device/client you choose to use. Then there's the other law, yes, those obnoxious jackass interfering govt #$E# with nothing else to do but regulate everything but "thin air" (give em time they'll do that too), IOW, imap, providing a service where every single email is stored on servers, you are accountable for, and must be recovered, even if idiot1234 deletes a message by mistake and when you say, no, you deleted it tuff luck, you can be sued for their loss of data. With pop3 that onus and risk is removed. From Jost.Krieger+dovecot at rub.de Tue Oct 15 14:41:35 2013 From: Jost.Krieger+dovecot at rub.de (Jost Krieger) Date: 15 Oct 2013 13:41:35 +0200 Subject: [Dovecot] how to handle logging In-Reply-To: <20131014114140.GA25399@spider.services.datevnet.de> References: <20131014114140.GA25399@spider.services.datevnet.de> Message-ID: <20131015114134.GM3688@ruhr-uni-bochum.de> On Mon Oct 14 13:41:40 2013, Andreas Schulze wrote: > I plan a migration to dovecot and have concerns about the amount of logged data. > On a testsystem dovecot produced 1TB syslog per day with a comparable amount of pop3 sessions. > > The current server log to STDOUT which is connected to multilog > (circular buffer, http://cr.yp.to/daemontools/multilog.html) > That way I can have a look at the last activities to any time. > > I like to have that in dovecot too. But since dovecot uses syslog > it's not possible to adopt 1:1 I'm a bit late, but what's wrong with log_path = /dev/stderr We have been using multilog for dovecot for a long time. One problem, though: delivery logs will probably land somewhere else than server logs. Yours Jost Krieger -- | Jost.Krieger+sig at ruhr-uni-bochum.de Please help stamp out spam! | | Postmaster, JAPH, resident answer machine at RUB Comp. Center | | Sincere words are not sweet, sweet words are not sincere. | | Lao Tse, Tao Te King 81 | From farzad_itm at yahoo.com Mon Oct 14 19:43:31 2013 From: farzad_itm at yahoo.com (Farzad Mahdikhani) Date: Mon, 14 Oct 2013 09:43:31 -0700 (PDT) Subject: [Dovecot] Using dovecot as LDA for postfix Message-ID: <1381769011.35703.YahooMailNeo@web124504.mail.ne1.yahoo.com> Hi Here is my environment: Red Hat Enterprise Linux Server release 5.7 (Tikanga) postfix-2.9.1-1.rhel5 dovecot 1.0.7 I want to config a complete postfix-dovecot mail server. First I configured postfix to use procmail, its default LDA and dovecot for pop3 and imap. I didn't changed main.cf a lot, just myhostname and a few other properties. I didn't set home_mailbox. About dovecot.conf here is the output of dovecot -n : ? # 1.0.7: /etc/dovecot.conf log_path: /var/log/dovecot.log protocols: imap pop3 login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib64/dovecot/imap mail_plugin_dir(imap): /usr/lib64/dovecot/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 auth default: ? mechanisms: plain login ? passdb: ??? driver: pam ? userdb: ??? driver: passwd As you can see mail_location is not set. At this time everything was OK and working. I was able to send email using SquirrelMail and thunderbird. I got two users, user1 and user2, in my linux machine and when I sent an email from user1 at software.com to user2 at software.com the sent mail was saved in /home/user1/mail/Sent and the received email was in /var/mail/user2. The log file for dovecot had entries like this for user1 and user2: dovecot: Oct 14 14:44:52 Info: IMAP(user1): maildir: couldn't find root dir dovecot: Oct 14 14:44:52 Info: IMAP(user1): mbox: root exists (/home/user1/mail) dovecot: Oct 14 14:44:52 Info: IMAP(user1): mbox: INBOX exists (/var/mail/user1) dovecot: Oct 14 14:44:52 Info: IMAP(user1): mbox: root=/home/user1/mail, index=/home/user1/mail, inbox=/var/mail/user1 At this point I tried to change the LDA from procmail to dovecot by the following settings: I added/changed the following in the main.cf: mailbox_command = /usr/libexec/dovecot/deliver dovecot_destination_recipient_limit = 1 virtual_mailbox_domains = software.com virtual_transport = dovecot I added the following in the master.cf: dovecot?? unix? -?????? n?????? n?????? -?????? -?????? pipe ? flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient} But it didn't work. When I send email from from user2 to user1 the sent email is correctly saved in /home/user2/mail/Sent but it seems that user1 doesn't receive the incoming email. dovecot.log had entries like the following: dovecot: Oct 14 14:54:04 Info: imap-login: Login: user=, method=PLAIN, rip=::ffff:172.27.7.8, lip=::ffff:172.16.100.183, TLS dovecot: Oct 14 14:54:04 Info: IMAP(user1): Effective uid=504, gid=504, home=/home/user1 dovecot: Oct 14 14:54:04 Info: IMAP(user1): maildir: access(/home/user1/Maildir, rwx): failed: No such file or directory dovecot: Oct 14 14:54:04 Info: IMAP(user1): maildir: couldn't find root dir dovecot: Oct 14 14:54:04 Info: IMAP(user1): mbox: root exists (/home/user1/mail) dovecot: Oct 14 14:54:04 Info: IMAP(user1): mbox: INBOX exists (/var/mail/user1) dovecot: Oct 14 14:54:04 Info: IMAP(user1): mbox: root=/home/user1/mail, index=/home/user1/mail, inbox=/var/mail/user1 Setting home_mailbox = Maildir/ in main.cf and mail_location = maildir:~/Maildir in dovecot.cf didn't help. I have been googling and reading and testing for 4 or 5 days for this but there was no chance. Now, I am stuck and any help would be really really appreciated. Regards, Ferez From CMarcus at Media-Brokers.com Tue Oct 15 18:08:34 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Tue, 15 Oct 2013 11:08:34 -0400 Subject: [Dovecot] Using dovecot as LDA for postfix In-Reply-To: <1381769011.35703.YahooMailNeo@web124504.mail.ne1.yahoo.com> References: <1381769011.35703.YahooMailNeo@web124504.mail.ne1.yahoo.com> Message-ID: <525D5A72.5010605@Media-Brokers.com> On 2013-10-14 12:43 PM, Farzad Mahdikhani wrote: > dovecot 1.0.7 > > I want to config a complete postfix-dovecot mail server. So, please do not start with an ancient, unsupported version. 2.2.6 is the latest stable, but at least use the latest 2.1 version... -- Best regards, */Charles/* From raubvogel at gmail.com Tue Oct 15 18:52:47 2013 From: raubvogel at gmail.com (Mauricio Tavares) Date: Tue, 15 Oct 2013 11:52:47 -0400 Subject: [Dovecot] Using dovecot as LDA for postfix In-Reply-To: <525D5A72.5010605@Media-Brokers.com> References: <1381769011.35703.YahooMailNeo@web124504.mail.ne1.yahoo.com> <525D5A72.5010605@Media-Brokers.com> Message-ID: On Tue, Oct 15, 2013 at 11:08 AM, Charles Marcus wrote: > On 2013-10-14 12:43 PM, Farzad Mahdikhani wrote: >> >> dovecot 1.0.7 >> >> I want to config a complete postfix-dovecot mail server. > > > So, please do not start with an ancient, unsupported version. > > 2.2.6 is the latest stable, but at least use the latest 2.1 version... > He's running redhat/centos 5.X; latest dovecot version for that is 1.0.7. Only way out if he is using the redhat packages is to go to redhat 6.X, which probably means a full reinstall... which he may not be authorized to do. And even then he would be a 2.0.9. Some of us do have to stick to the packages officially supported by a distro; I had the very same issue, which is why I was stuck with 1.2.9 in ubuntu 10.04 and now 2.0.19 in 12.04LTS. Would I love to be at least in 2.1? You betcha, but... To the OP: you might want to see if epel or the other non-official repositories have something newer and whether your boss allows you to use them. As I mentioned above, I have run 1.2.9 until quite recently, so I still have my configs available. Don't know how much 1.0.7 differs from 1.2.9 though; you will need to check http://wiki1.dovecot.org/. But, I can paste them here. On thing I am curious about is why you have maildir and mbox at the same time. > -- > > Best regards, > > */Charles/* From rob0 at gmx.co.uk Tue Oct 15 18:59:50 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Tue, 15 Oct 2013 10:59:50 -0500 Subject: [Dovecot] Using dovecot as LDA for postfix In-Reply-To: <1381769011.35703.YahooMailNeo@web124504.mail.ne1.yahoo.com> References: <1381769011.35703.YahooMailNeo@web124504.mail.ne1.yahoo.com> Message-ID: <20131015155950.GU9230@harrier.slackbuilds.org> On Mon, Oct 14, 2013 at 09:43:31AM -0700, Farzad Mahdikhani wrote: > Here is my environment: > Red Hat Enterprise Linux Server release 5.7 (Tikanga) > postfix-2.9.1-1.rhel5 > dovecot 1.0.7 You used a third-party RPM or SRPM for Postfix, why not for Dovecot? Also, the latest in the Postfix 2.9 series is patchlevel 6 or so. > I want to config a complete postfix-dovecot mail server. First I > configured postfix to use procmail, its default LDA and dovecot for FWIW, procmail is NOT the default LDA for Postfix. Postfix has its own local(8) and [optional] virtual(8) LDAs. Procmail is very old and unmaintained (it makes Dovecot 1.x look recent!) Only old and well- established sites should be using procmail now. There are much better options for new sites in A.D. 2013. > pop3 and imap. I didn't changed main.cf a lot, just myhostname and > a few other properties. I didn't set home_mailbox. About > dovecot.conf here is the output of dovecot -n : > ? > # 1.0.7: /etc/dovecot.conf > log_path: /var/log/dovecot.log > protocols: imap pop3 > login_dir: /var/run/dovecot/login > login_executable(default): /usr/libexec/dovecot/imap-login > login_executable(imap): /usr/libexec/dovecot/imap-login > login_executable(pop3): /usr/libexec/dovecot/pop3-login > mail_debug: yes > mail_executable(default): /usr/libexec/dovecot/imap > mail_executable(imap): /usr/libexec/dovecot/imap > mail_executable(pop3): /usr/libexec/dovecot/pop3 > mail_plugin_dir(default): /usr/lib64/dovecot/imap > mail_plugin_dir(imap): /usr/lib64/dovecot/imap > mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 > auth default: > ? mechanisms: plain login > ? passdb: > ??? driver: pam > ? userdb: > ??? driver: passwd > > As you can see mail_location is not set. At this time everything > was OK and working. I was able to send email using SquirrelMail and > thunderbird. I got two users, user1 and user2, in my linux machine > and when I sent an email from user1 at software.com to > user2 at software.com the sent mail was saved in /home/user1/mail/Sent > and the received email was in /var/mail/user2. The log file for > dovecot had entries like this for user1 and user2: > > dovecot: Oct 14 14:44:52 Info: IMAP(user1): maildir: couldn't find root dir > dovecot: Oct 14 14:44:52 Info: IMAP(user1): mbox: root exists (/home/user1/mail) > dovecot: Oct 14 14:44:52 Info: IMAP(user1): mbox: INBOX exists (/var/mail/user1) > dovecot: Oct 14 14:44:52 Info: IMAP(user1): mbox: root=/home/user1/mail, index=/home/user1/mail, inbox=/var/mail/user1 > > At this point I tried to change the LDA from procmail to dovecot > by the following settings: > > I added/changed the following in the main.cf: > > mailbox_command = /usr/libexec/dovecot/deliver This is used for the local domain class. It's not relevant for other address classes. > dovecot_destination_recipient_limit = 1 > virtual_mailbox_domains = software.com This defines the virtual mailbox domain address class. This says that addresses at software.com are virtual mailbox, NOT local, addresses. If you're using passwd and PAM as userdb/passdb, this is not what you want. > virtual_transport = dovecot And this is the default transport to be used for virtual mailboxes. > I added the following in the master.cf: > > dovecot?? unix? -?????? n?????? n?????? -?????? -?????? pipe > ? flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient} > > But it didn't work. When I send email from from user2 to user1 the > sent email is correctly saved in /home/user2/mail/Sent but it seems > that user1 doesn't receive the incoming email. dovecot.log had > entries like the following: > > dovecot: Oct 14 14:54:04 Info: imap-login: Login: user=, method=PLAIN, rip=::ffff:172.27.7.8, lip=::ffff:172.16.100.183, TLS That's a system user login (local user in Postfix terms.) > dovecot: Oct 14 14:54:04 Info: IMAP(user1): Effective uid=504, gid=504, home=/home/user1 > dovecot: Oct 14 14:54:04 Info: IMAP(user1): maildir: access(/home/user1/Maildir, rwx): failed: No such file or directory > dovecot: Oct 14 14:54:04 Info: IMAP(user1): maildir: couldn't find root dir > dovecot: Oct 14 14:54:04 Info: IMAP(user1): mbox: root exists (/home/user1/mail) > dovecot: Oct 14 14:54:04 Info: IMAP(user1): mbox: INBOX exists (/var/mail/user1) > dovecot: Oct 14 14:54:04 Info: IMAP(user1): mbox: root=/home/user1/mail, index=/home/user1/mail, inbox=/var/mail/user1 > > Setting home_mailbox = Maildir/ in main.cf and mail_location = The home_mailbox setting IS relevant to local domains. > maildir:~/Maildir in dovecot.cf didn't help. I have been googling > and reading and testing for 4 or 5 days for this but there was no > chance. Now, I am stuck and any help would be really really > appreciated. This is mostly a Postfix question, BTW, so I will point to to the Postfix documentation. Don't confuse your address classes: http://www.postfix.org/ADDRESS_CLASS_README.html http://www.postfix.org/VIRTUAL_README.html -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From ramatukuma at hotmail.com Tue Oct 15 23:33:44 2013 From: ramatukuma at hotmail.com (Reinaldo Matukuma) Date: Tue, 15 Oct 2013 17:33:44 -0300 Subject: [Dovecot] Plugin issue with update from 2.0.19 to 2.1.17 Message-ID: Hello. Probably only Timo can help-me with this. I have a self-made plugin based on the zlib plugin that i use to cryptograph the messages at inbox. As a side-effect of the cryptography, my plugin changes the size of the message, but until 2.0.19 this works well with dovecot index and the W/S flags. But now, i'm going to upgrade to 2.1.17 and now i have these messages on log at my test ambiance: Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Cached message size smaller than expected (367 < 529) Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Maildir filename has wrong S value, renamed the file from /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381879158.M634385P5208.test,S=367,W=378:2,S to /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381879158.M634385P5208.test,S=529:2,S Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Corrupted index cache file /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/dovecot.index.cache: Broken physical size for mail UID 6 I understood with these messages that the dovecot is arguing to get the real size of the file now, overriding the return of size from my crypto plugin. But i don't understood if this is a consequence from the changes to correct the index issue (the dovecot.index.cache issue). So... I want know if the correct way to fix this would be change my plugin to return the real size of the file (that will be larger than the effective message that the plugin returne after the de-cryptography) or if i need use some new function to the plugin replace the expected size based on the real size of the message, not of the file. Thanks Reinaldo From spork at bway.net Wed Oct 16 00:15:05 2013 From: spork at bway.net (Charles Sprickman) Date: Tue, 15 Oct 2013 17:15:05 -0400 Subject: [Dovecot] Plugin issue with update from 2.0.19 to 2.1.17 In-Reply-To: References: Message-ID: On Oct 15, 2013, at 4:33 PM, Reinaldo Matukuma wrote: > Hello. Probably only Timo can help-me with this. > > I have a self-made plugin based on the zlib plugin that i use to cryptograph the messages at inbox. > > As a side-effect of the cryptography, my plugin changes the size of the message, but until 2.0.19 this works well with dovecot index and the W/S flags. > > But now, i'm going to upgrade to 2.1.17 and now i have these messages on log at my test ambiance: > > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Cached message size smaller than expected (367 < 529) > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Maildir filename has wrong S value, renamed the file from /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381879158.M634385P5208.test,S=367,W=378:2,S to /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381879158.M634385P5208.test,S=529:2,S > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Corrupted index cache file /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/dovecot.index.cache: Broken physical size for mail UID 6 I think there's something else up, this looks quite similar to what I reported the other day: http://dovecot.org/list/dovecot/2013-October/092917.html Do you get further messages after the "broken physical size" indicating that dovecot is then trying to open the file based on the original filename? Regardless, setting this should turn off the file size/name corrections, perhaps that will help: maildir_broken_filename_sizes=yes Charles > > I understood with these messages that the dovecot is arguing to get the real size of the file now, overriding the return of size from my crypto plugin. But i don't understood if this is a consequence from the changes to correct the index issue (the dovecot.index.cache issue). > > So... I want know if the correct way to fix this would be change my plugin to return the real size of the file (that will be larger than the effective message that the plugin returne after the de-cryptography) or if i need use some new function to the plugin replace the expected size based on the real size of the message, not of the file. > > Thanks > > Reinaldo > From h.reindl at thelounge.net Wed Oct 16 02:17:46 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 16 Oct 2013 01:17:46 +0200 Subject: [Dovecot] "Perfect Forward Secrecy" on Redhat/Fedora Message-ID: <525DCD1A.8050000@thelounge.net> RHEL/CentOS 6.5 will support ECDHE Fedora currently makes the turnaround no wonder that i burned down many hours: https://bugzilla.redhat.com/show_bug.cgi?id=1019390 https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108 ______________________________ recent dovecot with also support older clients but perfer best possible encryption for modern ones ssl_prefer_server_ciphers = yes ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH ______________________________ the same for Apache: SSLHonorCipherOrder On SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From lacelle at roboticresearch.com Wed Oct 16 17:08:11 2013 From: lacelle at roboticresearch.com (Zach La Celle) Date: Wed, 16 Oct 2013 10:08:11 -0400 Subject: [Dovecot] fstat() errors on /srv/mail//dovecot.index.log Message-ID: <525E9DCB.40307@roboticresearch.com> Dovecot version 2.1.7 Ubuntu 12.04.3 LTS Kernel 3.2.0-35-generic x86_64 I'm not sure exactly when this started occurring, but sporatically users report issues receiving email, having email saved to "Sent," etc. Looking in dovecot.log, I see the following errors: 2013-10-16 09:53:20 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=27434, secured, session= 2013-10-16 09:53:20 imap(user1): Info: Disconnected: Logged out in=93 out=846 2013-10-16 09:53:21 imap(user2): Info: Disconnected: Logged out in=3616 out=495 2013-10-16 09:53:24 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=27436, secured, session= 2013-10-16 09:53:24 imap(user3): Info: Disconnected: Logged out in=93 out=819 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file /srv/mail/user4/dovecot.index.log: No such file or directory 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file /srv/mail/user4/dovecot.index.log: No such file or directory 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file /srv/mail/user4/dovecot.index.log: No such file or directory 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file /srv/mail/user4/dovecot.index.log: No such file or directory 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file /srv/mail/user4/dovecot.index.log: No such file or directory 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file /srv/mail/user4/dovecot.index.log: No such file or directory 2013-10-16 09:53:41 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=27438, secured, session= 2013-10-16 09:53:41 imap(user3): Info: Disconnected: Logged out in=93 out=819 2013-10-16 09:54:12 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=27440, secured, session=<6bI5CdzoCQB/AAAB> 2013-10-16 09:54:12 imap(user1): Info: Disconnected: Logged out in=93 out=846 2013-10-16 09:54:12 imap(user5): Info: Disconnected: Logged out in=736 out=7064 2013-10-16 09:54:15 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=27442, secured, session= 2013-10-16 09:54:15 imap(user6): Info: Disconnected: Logged out in=95 out=902 2013-10-16 09:54:20 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=27444, secured, session= 2013-10-16 09:54:20 imap(user1): Info: Disconnected: Logged out in=93 out=846 2013-10-16 09:54:24 imap-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=27446, secured, session= 2013-10-16 09:54:24 imap(user3): Info: Disconnected: Logged out in=93 out=819 These errors are not confined to a single user, and do not occur with the same frequency. I originally was running the Dovecot shipped with the default Ubuntu repositories (don't remember which version, but it was 1.*) and used a backport to upgrade to 2.1.7 to see if that fixed it. It did not. Any ideas why this is happening? From azurit at pobox.sk Thu Oct 17 00:16:43 2013 From: azurit at pobox.sk (azurIt) Date: Wed, 16 Oct 2013 23:16:43 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= In-Reply-To: <20131014213949.F9D26637@pobox.sk> References: <20131014202829.D69A4098@pobox.sk>, <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> <20131014213949.F9D26637@pobox.sk> Message-ID: <20131016231643.9254E916@pobox.sk> >>Quoting azurIt : >> >>> i'm using Dovecot 2.1.7 (Debian Wheezy) and output from LIST command >>> looks strange: >>> >>> C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN (STATUS (UNSEEN)) >>> S: * LIST () "." "INBOX" >>> S: * LIST () "." "INBOX.Karantena" >>> S: * STATUS "INBOX.Karantena" (UNSEEN 0) >>> S: * LIST () "." "INBOX.Spam" >>> S: * STATUS "INBOX.Spam" (UNSEEN 0) >>> S: 4 OK List completed. >>> >>> The UNSEEN information for INBOX is completely missing. It is >>> correct behavior? >> >>No. RFC 5819 [2]: >> >>"For each selectable mailbox matching the list pattern and selection >>options, the server MUST return an untagged LIST response followed by >>an untagged STATUS response containing the information requested in >>the STATUS return option." >> >>INBOX matches the list pattern (It is explicitly contained in the >>search list) and the selection options (which is empty), so the server >>MUST return both a LIST response -AND- a STATUS response. >> >>2.1.10 changelog has this cryptic entry: >> - imap: Various fixes to listing mailboxes. >> >>Maybe that is what fixed things (I don't see this behavior in 2.2.6). >> >>michael >> > > > > > >Ok, i have this in my config: > >namespace inbox { > prefix = INBOX. > separator = . > inbox = yes > list = yes >} > >Based on migration instructions from here: >http://wiki2.dovecot.org/Migration/Courier > >and here: >http://wiki2.dovecot.org/Namespaces > >Difference is that second page is using namespace 'inbox' and first not. I tried both and the second was working ok while first was doing problems in IMAP clients (it puts folder tree to different location than it was with Courier). > >The problem with LIST command disappears when i comment out line "prefix = INBOX.". Any hints? Thank you. > >azur Really no one? From azurit at pobox.sk Thu Oct 17 00:45:29 2013 From: azurit at pobox.sk (azurIt) Date: Wed, 16 Oct 2013 23:45:29 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= In-Reply-To: References: <20131014202829.D69A4098@pobox.sk>, <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <20131014213949.F9D26637@pobox.sk>, <20131016231643.9254E916@pobox.sk> Message-ID: <20131016234529.4DC51E63@pobox.sk> > Od: Charles Sprickman > Komu: azurIt > D?tum: 16.10.2013 23:20 > Predmet: Re: [Dovecot] Strange output from LIST command > >I just did a move from Courier to Dovecot 2.2, and also followed the namespace suggestions in the wiki. > >I've not had any issues, but if you want to drop me a note showing the IMAP commands and results you get for LIST, I'll compare locally and let you know if I see anything different? > >Charles >-- >Charles Sprickman >NetEng/SysAdmin >Bway.net - New York's Best Internet www.bway.net >spork at bway.net - 212.655.9344 > Thank you. I tried to upgrade to 2.1.17 just to see if it helps - it didn't. Looks like an unfixed bug in 2.1.. I will see tomorrow if i can rebuild Debian experimental packages so i can try version 2.2. azur From spork at bway.net Thu Oct 17 01:12:00 2013 From: spork at bway.net (Charles Sprickman) Date: Wed, 16 Oct 2013 18:12:00 -0400 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131016234529.4DC51E63@pobox.sk> References: <20131014202829.D69A4098@pobox.sk>, <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <20131014213949.F9D26637@pobox.sk>, <20131016231643.9254E916@pobox.sk> <20131016234529.4DC51E63@pobox.sk> Message-ID: On Oct 16, 2013, at 5:45 PM, azurIt wrote: >> Od: Charles Sprickman >> Komu: azurIt >> D?tum: 16.10.2013 23:20 >> Predmet: Re: [Dovecot] Strange output from LIST command >> >> I just did a move from Courier to Dovecot 2.2, and also followed the namespace suggestions in the wiki. >> >> I've not had any issues, but if you want to drop me a note showing the IMAP commands and results you get for LIST, I'll compare locally and let you know if I see anything different? >> >> Charles >> -- >> Charles Sprickman >> NetEng/SysAdmin >> Bway.net - New York's Best Internet www.bway.net >> spork at bway.net - 212.655.9344 >> > > > > Thank you. I tried to upgrade to 2.1.17 just to see if it helps - it didn't. Looks like an unfixed bug in 2.1.. I will see tomorrow if i can rebuild Debian experimental packages so i can try version 2.2. If it helps, here's a simple session: Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready - bway.net. . login xx xx . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE NOTIFY QUOTA] Logged in . namespace * NAMESPACE (("INBOX." ".")) NIL NIL . OK Namespace completed. . list "" "INBOX.%" * LIST (\HasNoChildren) "." INBOX.old * LIST (\HasNoChildren \UnMarked) "." INBOX.test * LIST (\HasNoChildren \UnMarked) "." INBOX.sent-mail * LIST (\HasNoChildren) "." INBOX.sent-mail-aug-2007 * LIST (\HasNoChildren \UnMarked) "." INBOX.saved-messages * LIST (\HasNoChildren \UnMarked) "." INBOX.Virus * LIST (\HasNoChildren \UnMarked \Trash) "." INBOX.Trash * LIST (\HasNoChildren \UnMarked \Junk) "." INBOX.Spam * LIST (\HasNoChildren \Sent) "." INBOX.Sent * LIST (\HasNoChildren \UnMarked \Drafts) "." INBOX.Drafts * LIST (\HasNoChildren \UnMarked) "." "INBOX.Another odd one, 2" * LIST (\HasNoChildren \UnMarked) "." "INBOX.A fuuny folder!" . OK List completed. . logout * BYE Logging out . OK Logout completed. Connection closed by foreign host. Namespace config: namespace inbox { # per http://wiki2.dovecot.org/Migration/Courier prefix = INBOX. separator = . type = private inbox = yes hidden = no list = yes subscriptions = yes } One issue I ran into with the courier-compatible namespaces is that in my quota plugin rules, I had to explicitly state the full path to the "special" mailboxes when applying quota rules to them: (in 90-quota.conf) plugin { quota_rule = Inbox.Trash:storage=+100M quota_rule2 = Inbox.Spam:storage=+100M } HTH, Charles > > azur From sinisa.rudan at gmail.com Wed Oct 16 20:58:40 2013 From: sinisa.rudan at gmail.com (SiR) Date: Wed, 16 Oct 2013 10:58:40 -0700 (PDT) Subject: [Dovecot] Having problem that e-mails for all users are grouped in the same "sent" file (same for "drafts"). Message-ID: <1381946320611-44836.post@n4.nabble.com> This is an urgent problem for us. Is this expected? the problem is that when users access their e-mail through web-mail (roundcubemail) users see each others messages in unified "Sent" folder We have used: joe /etc/postfix/virtual to enable managing e-mails on multiple domains by same Postfix server. Thank you -- View this message in context: http://dovecot.2317879.n4.nabble.com/Having-problem-that-e-mails-for-all-users-are-grouped-in-the-same-sent-file-same-for-drafts-tp44836.html Sent from the Dovecot mailing list archive at Nabble.com. From skdovecot at smail.inf.fh-brs.de Thu Oct 17 10:17:31 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 17 Oct 2013 09:17:31 +0200 (CEST) Subject: [Dovecot] Having problem that e-mails for all users are grouped in the same "sent" file (same for "drafts"). In-Reply-To: <1381946320611-44836.post@n4.nabble.com> References: <1381946320611-44836.post@n4.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 16 Oct 2013, SiR wrote: > This is an urgent problem for us. > Is this expected? No, it isn't. > the problem is that when users access their e-mail through web-mail > (roundcubemail) > users see each others messages in unified "Sent" folder > We have used: > joe /etc/postfix/virtual > to enable managing e-mails on multiple domains by same Postfix server. You have to post the active configuration of Dovecot (doveconf -n), Postfix (postconf) and Roundcube. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUl+PDF3r2wJMiz2NAQLkewf6A/RN4trw2bGH04hnSZo0AzfmlWxyo22w MUBKNv8NwND4f+du94BXQiymUVazBi30GjznXktZAx6tCc4nv6ankXkWpTfUkx16 sg83wilkTrMFnMNiaasOgq4zcCGPdBQi17mh5AvoZ45aXWcdWgYgoxnJ+v80C6nD f9TuqVwqKoOIfz5W79fKmMXrr+W4owToIvwqwfr2RAKjt5eU0hT4OBMTilgLpDxY W+UKuSRkWdIEaJSzSL8+y7CJ9WJb0sjUjFvWL5T6mUcH8JuYfdiy1rO6nMw8Kvsv 6A+5eVrmKmw6rB2wynTwGJj7gt0mizF+lTYjhqXOjnJExdEYxi3TJw== =1iav -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Thu Oct 17 10:25:35 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 17 Oct 2013 09:25:35 +0200 (CEST) Subject: [Dovecot] Public dovecot namespace visible only to some users In-Reply-To: <1381761511.10722.1.camel@kirk> References: <1381742558.3941.8.camel@kirk> <1381761511.10722.1.camel@kirk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 14 Oct 2013, Joachim Breitner wrote: > something else that I tried since is to set "list = no" in the esttings try list = children see http://wiki2.dovecot.org/SharedMailboxes/Public last example. I think I remember a similiar report a while back. Maybe it's a bug in your version. > of "namespace feeds", and add "userdb_namespace/feeds/list=yes" to the > passwd file, but the latter did not seem to have any effect. you use a static userdb, so the setting is not read from the passwd file. The file is consulted for password only per your config. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUl+Q713r2wJMiz2NAQLnugf/Zlvaiovi8EnZZ32gAjdRa2OPZqvbaa4C qieH2XKW5tZRHnZl6xo8wn7P6okFQ4VZ281svsTY/xj++UHY0Lu3mdUBIpHVHmWq JC0ZKD5JW1KF6b7Jwt1FdNJrQIDglv84IYiVF7+wGdohj4ErCuYvghP2llRZdWMw Hs2YpkyMQ9vKPAu9F5xraywqrEmPA+myVHNrgxVa+lbXVU6b5JgGGysJ/84oeXBp S8zmAeADv7ZFgWfQ98AzYaY2SNvw9or/kHG7kwKtoylZ5XvosU8o393nH7LFII/D JOzOzLP4yLPxvYPn2kBYdOKFWEEepZdkY8nJlaEkVdWtHf2qeLU76g== =P05C -----END PGP SIGNATURE----- From noel.butler at ausics.net Thu Oct 17 12:25:08 2013 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 17 Oct 2013 19:25:08 +1000 Subject: [Dovecot] fstat() errors on /srv/mail//dovecot.index.log In-Reply-To: <525E9DCB.40307@roboticresearch.com> References: <525E9DCB.40307@roboticresearch.com> Message-ID: On 17/10/2013 00:08, Zach La Celle wrote: > Dovecot version 2.1.7 > Ubuntu 12.04.3 LTS > Kernel 3.2.0-35-generic x86_64 > > I'm not sure exactly when this started occurring, but sporatically > users > report issues receiving email, having email saved to "Sent," etc. > Looking in dovecot.log, I see the following errors: > > 2013-10-16 09:53:20 imap-login: Info: Login: user=, > method=PLAIN, > rip=127.0.0.1, lip=127.0.0.1, mpid=27434, secured, > session= > 2013-10-16 09:53:20 imap(user1): Info: Disconnected: Logged out in=93 > out=846 > 2013-10-16 09:53:21 imap(user2): Info: Disconnected: Logged out in=3616 > out=495 > 2013-10-16 09:53:24 imap-login: Info: Login: user=, > method=PLAIN, > rip=127.0.0.1, lip=127.0.0.1, mpid=27436, secured, > session= > 2013-10-16 09:53:24 imap(user3): Info: Disconnected: Logged out in=93 > out=819 > 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file > /srv/mail/user4/dovecot.index.log: No such file or directory > 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file > /srv/mail/user4/dovecot.index.log: No such file or directory > 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file > /srv/mail/user4/dovecot.index.log: No such file or directory > 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file > /srv/mail/user4/dovecot.index.log: No such file or directory > 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file > /srv/mail/user4/dovecot.index.log: No such file or directory > 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file > /srv/mail/user4/dovecot.index.log: No such file or directory > 2013-10-16 09:53:41 imap-login: Info: Login: user=, > method=PLAIN, > rip=127.0.0.1, lip=127.0.0.1, mpid=27438, secured, > session= > 2013-10-16 09:53:41 imap(user3): Info: Disconnected: Logged out in=93 > out=819 > 2013-10-16 09:54:12 imap-login: Info: Login: user=, > method=PLAIN, > rip=127.0.0.1, lip=127.0.0.1, mpid=27440, secured, > session=<6bI5CdzoCQB/AAAB> > 2013-10-16 09:54:12 imap(user1): Info: Disconnected: Logged out in=93 > out=846 > 2013-10-16 09:54:12 imap(user5): Info: Disconnected: Logged out in=736 > out=7064 > 2013-10-16 09:54:15 imap-login: Info: Login: user=, > method=PLAIN, > rip=127.0.0.1, lip=127.0.0.1, mpid=27442, secured, > session= > 2013-10-16 09:54:15 imap(user6): Info: Disconnected: Logged out in=95 > out=902 > 2013-10-16 09:54:20 imap-login: Info: Login: user=, > method=PLAIN, > rip=127.0.0.1, lip=127.0.0.1, mpid=27444, secured, > session= > 2013-10-16 09:54:20 imap(user1): Info: Disconnected: Logged out in=93 > out=846 > 2013-10-16 09:54:24 imap-login: Info: Login: user=, > method=PLAIN, > rip=127.0.0.1, lip=127.0.0.1, mpid=27446, secured, > session= > 2013-10-16 09:54:24 imap(user3): Info: Disconnected: Logged out in=93 > out=819 > > These errors are not confined to a single user, and do not occur with > the same frequency. > This isnt per chance on a NAS/SAN/DAS is it? > I originally was running the Dovecot shipped with the default Ubuntu > repositories (don't remember which version, but it was 1.*) and used a > backport to upgrade to 2.1.7 to see if that fixed it. It did not. > > Any ideas why this is happening? gawd knows what debian (thats all ubuntu is, same package maintainers 99% of time) do to things, wouldnt be the first time they put out a package that was kaput from get go, so doveconf -n output will likely be required From brong at fastmail.fm Thu Oct 17 13:13:20 2013 From: brong at fastmail.fm (Bron Gondwana) Date: Thu, 17 Oct 2013 21:13:20 +1100 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> References: <20131014202829.D69A4098@pobox.sk> <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> Message-ID: <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com> On Tue, Oct 15, 2013, at 06:23 AM, Michael M Slusarz wrote: > Quoting azurIt : > > > i'm using Dovecot 2.1.7 (Debian Wheezy) and output from LIST command > > looks strange: > > > > C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN (STATUS (UNSEEN)) > > S: * LIST () "." "INBOX" > > S: * LIST () "." "INBOX.Karantena" > > S: * STATUS "INBOX.Karantena" (UNSEEN 0) > > S: * LIST () "." "INBOX.Spam" > > S: * STATUS "INBOX.Spam" (UNSEEN 0) > > S: 4 OK List completed. > > > > The UNSEEN information for INBOX is completely missing. It is > > correct behavior? > > No. RFC 5819 [2]: > > "For each selectable mailbox matching the list pattern and selection > options, the server MUST return an untagged LIST response followed by > an untagged STATUS response containing the information requested in > the STATUS return option." Just wondering if the INBOX was SELECTed at the time? There's some fun interaction around STATUS and SELECT in RFC3501. Bron. -- Bron Gondwana brong at fastmail.fm From azurit at pobox.sk Thu Oct 17 13:21:54 2013 From: azurit at pobox.sk (azurIt) Date: Thu, 17 Oct 2013 12:21:54 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= In-Reply-To: <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com> References: <20131014202829.D69A4098@pobox.sk>, <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com> Message-ID: <20131017122154.E4F05434@pobox.sk> ______________________________________________________________ > Od: Bron Gondwana > Komu: Michael M Slusarz , > D?tum: 17.10.2013 12:14 > Predmet: Re: [Dovecot] Strange output from LIST command > >On Tue, Oct 15, 2013, at 06:23 AM, Michael M Slusarz wrote: >> Quoting azurIt : >> >> > i'm using Dovecot 2.1.7 (Debian Wheezy) and output from LIST command >> > looks strange: >> > >> > C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN (STATUS (UNSEEN)) >> > S: * LIST () "." "INBOX" >> > S: * LIST () "." "INBOX.Karantena" >> > S: * STATUS "INBOX.Karantena" (UNSEEN 0) >> > S: * LIST () "." "INBOX.Spam" >> > S: * STATUS "INBOX.Spam" (UNSEEN 0) >> > S: 4 OK List completed. >> > >> > The UNSEEN information for INBOX is completely missing. It is >> > correct behavior? >> >> No. RFC 5819 [2]: >> >> "For each selectable mailbox matching the list pattern and selection >> options, the server MUST return an untagged LIST response followed by >> an untagged STATUS response containing the information requested in >> the STATUS return option." > >Just wondering if the INBOX was SELECTed at the time? There's some fun >interaction around STATUS and SELECT in RFC3501. > >Bron. Here's the complete IMAP communication, see the (1) only: http://bugs.horde.org/view.php?actionID=view_file&type=log&file=imap-ok.log&ticket=12748 I also find out that it's working ok when i LIST the INBOX alone like this: C: 4 LIST () "" (INBOX) RETURN (STATUS (UNSEEN)) S: * LIST () "." "INBOX" S: * STATUS "INBOX" (UNSEEN 2) S: 4 OK List completed. The information about UNSEEN messages is correct. It's only doing problems when listing multiple folders at once. azur From brong at fastmail.fm Thu Oct 17 13:29:08 2013 From: brong at fastmail.fm (Bron Gondwana) Date: Thu, 17 Oct 2013 21:29:08 +1100 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131017122154.E4F05434@pobox.sk> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com> <20131017122154.E4F05434@pobox.sk> Message-ID: <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com> On Thu, Oct 17, 2013, at 09:21 PM, azurIt wrote: > ______________________________________________________________ > > Od: Bron Gondwana > > Komu: Michael M Slusarz , > > D?tum: 17.10.2013 12:14 > > Predmet: Re: [Dovecot] Strange output from LIST command > > > >On Tue, Oct 15, 2013, at 06:23 AM, Michael M Slusarz wrote: > >> Quoting azurIt : > >> > >> > i'm using Dovecot 2.1.7 (Debian Wheezy) and output from LIST command > >> > looks strange: > >> > > >> > C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN (STATUS (UNSEEN)) > >> > S: * LIST () "." "INBOX" > >> > S: * LIST () "." "INBOX.Karantena" > >> > S: * STATUS "INBOX.Karantena" (UNSEEN 0) > >> > S: * LIST () "." "INBOX.Spam" > >> > S: * STATUS "INBOX.Spam" (UNSEEN 0) > >> > S: 4 OK List completed. > >> > > >> > The UNSEEN information for INBOX is completely missing. It is > >> > correct behavior? > >> > >> No. RFC 5819 [2]: > >> > >> "For each selectable mailbox matching the list pattern and selection > >> options, the server MUST return an untagged LIST response followed by > >> an untagged STATUS response containing the information requested in > >> the STATUS return option." > > > >Just wondering if the INBOX was SELECTed at the time? There's some fun > >interaction around STATUS and SELECT in RFC3501. > > > >Bron. > > > Here's the complete IMAP communication, see the (1) only: > http://bugs.horde.org/view.php?actionID=view_file&type=log&file=imap-ok.log&ticket=12748 > > I also find out that it's working ok when i LIST the INBOX alone like this: > C: 4 LIST () "" (INBOX) RETURN (STATUS (UNSEEN)) > S: * LIST () "." "INBOX" > S: * STATUS "INBOX" (UNSEEN 2) > S: 4 OK List completed. > > The information about UNSEEN messages is correct. It's only doing problems when listing multiple folders at once. Yeah, that definitely looks like a bug! I've CC'd Timo to grab his attention :) Hey Timo, it works right in Cyrus :p . list () "" (INBOX INBOX.Trash INBOX.Archive) RETURN (STATUS (UNSEEN)) * LIST (\HasChildren) "." INBOX * STATUS INBOX (UNSEEN 0) * LIST (\Trash) "." INBOX.Trash * STATUS INBOX.Trash (UNSEEN 0) * LIST (\HasChildren \Archive) "." INBOX.Archive * STATUS INBOX.Archive (UNSEEN 0) . OK Completed (0.010 secs 113 calls) (I have specialusealways configured, doesn't seem to break anyone) Bron. -- Bron Gondwana brong at fastmail.fm From slusarz at curecanti.org Thu Oct 17 15:46:09 2013 From: slusarz at curecanti.org (Michael M Slusarz) Date: Thu, 17 Oct 2013 06:46:09 -0600 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com> References: <20131014202829.D69A4098@pobox.sk> <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com> Message-ID: <20131017064609.Horde.8VpcalPz_sNU0yRpPxwa0Q2@bigworm.curecanti.org> Quoting Bron Gondwana : > On Tue, Oct 15, 2013, at 06:23 AM, Michael M Slusarz wrote: > >> No. RFC 5819 [2]: >> >> "For each selectable mailbox matching the list pattern and selection >> options, the server MUST return an untagged LIST response followed by >> an untagged STATUS response containing the information requested in >> the STATUS return option." > > Just wondering if the INBOX was SELECTed at the time? There's some fun > interaction around STATUS and SELECT in RFC3501. Except as I read 5819, this is completely irrelevant. LIST-STATUS != STATUS. LIST-STATUS produces STATUS-like responses, but isn't controlled by any of the rules of the original STATUS. At least that's how I interpret it. Looking at the rest of this thread, I think we are all in agreement that something is fishy. As OP reported, it appears to be something specific with personal namespaces (possibly 'INBOX.' only). michael From lacelle at roboticresearch.com Thu Oct 17 16:23:16 2013 From: lacelle at roboticresearch.com (Zach La Celle) Date: Thu, 17 Oct 2013 09:23:16 -0400 Subject: [Dovecot] fstat() errors on /srv/mail//dovecot.index.log In-Reply-To: References: <525E9DCB.40307@roboticresearch.com> Message-ID: <525FE4C4.6060301@roboticresearch.com> On 10/17/2013 05:25 AM, Noel Butler wrote: > On 17/10/2013 00:08, Zach La Celle wrote: >> Dovecot version 2.1.7 >> Ubuntu 12.04.3 LTS >> Kernel 3.2.0-35-generic x86_64 >> >> I'm not sure exactly when this started occurring, but sporatically users >> report issues receiving email, having email saved to "Sent," etc. >> Looking in dovecot.log, I see the following errors: >> >> 2013-10-16 09:53:20 imap-login: Info: Login: user=, method=PLAIN, >> rip=127.0.0.1, lip=127.0.0.1, mpid=27434, secured, >> session= >> 2013-10-16 09:53:20 imap(user1): Info: Disconnected: Logged out in=93 >> out=846 >> 2013-10-16 09:53:21 imap(user2): Info: Disconnected: Logged out in=3616 >> out=495 >> 2013-10-16 09:53:24 imap-login: Info: Login: user=, method=PLAIN, >> rip=127.0.0.1, lip=127.0.0.1, mpid=27436, secured, >> session= >> 2013-10-16 09:53:24 imap(user3): Info: Disconnected: Logged out in=93 >> out=819 >> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >> /srv/mail/user4/dovecot.index.log: No such file or directory >> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >> /srv/mail/user4/dovecot.index.log: No such file or directory >> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >> /srv/mail/user4/dovecot.index.log: No such file or directory >> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >> /srv/mail/user4/dovecot.index.log: No such file or directory >> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >> /srv/mail/user4/dovecot.index.log: No such file or directory >> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >> /srv/mail/user4/dovecot.index.log: No such file or directory >> 2013-10-16 09:53:41 imap-login: Info: Login: user=, method=PLAIN, >> rip=127.0.0.1, lip=127.0.0.1, mpid=27438, secured, >> session= >> 2013-10-16 09:53:41 imap(user3): Info: Disconnected: Logged out in=93 >> out=819 >> 2013-10-16 09:54:12 imap-login: Info: Login: user=, method=PLAIN, >> rip=127.0.0.1, lip=127.0.0.1, mpid=27440, secured, >> session=<6bI5CdzoCQB/AAAB> >> 2013-10-16 09:54:12 imap(user1): Info: Disconnected: Logged out in=93 >> out=846 >> 2013-10-16 09:54:12 imap(user5): Info: Disconnected: Logged out in=736 >> out=7064 >> 2013-10-16 09:54:15 imap-login: Info: Login: user=, method=PLAIN, >> rip=127.0.0.1, lip=127.0.0.1, mpid=27442, secured, >> session= >> 2013-10-16 09:54:15 imap(user6): Info: Disconnected: Logged out in=95 >> out=902 >> 2013-10-16 09:54:20 imap-login: Info: Login: user=, method=PLAIN, >> rip=127.0.0.1, lip=127.0.0.1, mpid=27444, secured, >> session= >> 2013-10-16 09:54:20 imap(user1): Info: Disconnected: Logged out in=93 >> out=846 >> 2013-10-16 09:54:24 imap-login: Info: Login: user=, method=PLAIN, >> rip=127.0.0.1, lip=127.0.0.1, mpid=27446, secured, >> session= >> 2013-10-16 09:54:24 imap(user3): Info: Disconnected: Logged out in=93 >> out=819 >> >> These errors are not confined to a single user, and do not occur with >> the same frequency. >> > > > This isnt per chance on a NAS/SAN/DAS is it? > No, it is not on a SAN. I saw that thread a while back, but this doesn't seem to be related. >> I originally was running the Dovecot shipped with the default Ubuntu >> repositories (don't remember which version, but it was 1.*) and used a >> backport to upgrade to 2.1.7 to see if that fixed it. It did not. >> >> Any ideas why this is happening? > > gawd knows what debian (thats all ubuntu is, same package maintainers > 99% of time) do to things, wouldnt be the first time they put out a > package that was kaput from get go, so doveconf -n output will likely > be required > I can provide "dovecot -n" output if this doesn't answer the question, but it might be an apparmor issue. We recently enabled apparmor protection, and it seems that it generated an ungodly amount of profiles in complain mode. So many, that it was causing issues with usage of the openssl library. Putting it in to enforce mode seems like it might fix the problem. I'll post more information once this is confirmed or denied. From ramatukuma at hotmail.com Thu Oct 17 17:05:18 2013 From: ramatukuma at hotmail.com (Reinaldo Matukuma) Date: Thu, 17 Oct 2013 11:05:18 -0300 Subject: [Dovecot] Plugin issue with update from 2.0.19 to 2.1.17 In-Reply-To: References: , Message-ID: Hi Charles. I don't think that is the same issue... I tried to set the maildir_broken_filename_sizes=yes and have tryed the Timo fix patch (attached here: http://www.dovecot.org/list/dovecot/2012-March/064731.html) but the index continues to recalculate the size. This is after the Timo fix patch: Oct 16 20:50:13 teste dovecot: imap(reinaldo at exemplo.com.br): Error: Cached message size smaller than expected (367 < 529) Oct 16 20:50:13 teste dovecot: imap(reinaldo at exemplo.com.br): Error: Maildir filename has wrong S value, renamed the file from /storage/teste/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381967409.M54518P30563.teste,S=367,W=378:2,S to /storage/teste/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381967409.M54518P30563.teste,S=529:2,S Oct 16 20:50:13 teste dovecot: imap(reinaldo at exemplo.com.br): Error: Corrupted index cache file /storage/teste/messages/exemplo.com.br/reinaldo/Maildir/.Sent/dovecot.index.cache: Broken physical size for mail UID 8 And this is after the maildir_broken_filename_sizes=yes conf: Oct 17 12:21:04 teste dovecot: imap(reinaldo at exemplo.com.br): Error: Cached message size smaller than expected (368 < 530) Oct 17 12:21:04 teste dovecot: imap(reinaldo at exemplo.com.br): Error: Maildir filename has wrong S value, renamed the file from /storage/teste/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381969983.M452882P30597.teste,S=530:2,S to /storage/teste/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381969983.M452882P30597.teste,S=530:2,S Oct 17 12:21:04 teste dovecot: imap(reinaldo at exemplo.com.br): Error: Corrupted index cache file /storage/teste/messages/exemplo.com.br/reinaldo/Maildir/.Sent/dovecot.index.cache: Broken physical size for mail UID 11 So... I noticed that after the maildir_broken_filename_sizes=yes i still got the error but there no changes on the S flag of the filename. Is the dovecot.index.cache used for text searching too? Because if it is i think that i really need some way to make my plugin informs the correct size to dovecot, as i think that works on dovecot 2.0.19. PS: I had to change some calls on my plugin in order to comply with some changes on dovecot 2.1.17. That is the list of the calls that had been changed... Could be that I had make another choice for values of the functions? Before (2.0.19): - return zmail->super.get_stream(_mail, hdr_size, body_size, stream_r); After (2.1.17): + return zmail->super.get_stream(_mail, 1, hdr_size, body_size, stream_r); Before (2.0.19): - if (zmail->super.get_stream(_mail, NULL, NULL, &input) < 0){ After (2.1.17): + if (zmail->super.get_stream(_mail, 1, NULL, NULL, &input) < 0){ Before (2.0.19): - full_input[1] = i_stream_create_fd(fd1, 0, TRUE); After (2.1.17): + full_input[1] = i_stream_create_fd(fd1, (size_t)-1, TRUE); Before (2.0.19): - if (zmail->super.get_stream(ctx->dest_mail, NULL, NULL, &input) >= 0){ After (2.1.17): + if (zmail->super.get_stream(ctx->dest_mail, 1, NULL, NULL, &input) >= 0){ Before (2.0.19): - return o_stream_create(&emexis_stream->ostream); After (2.1.17): + return o_stream_create(&emexis_stream->ostream, NULL); And after define: mail->v.get_stream = myplugin_permail_get_stream; i have this function declaration on 2.0.19: static int myplugin_permail_get_stream(struct mail *_mail, struct message_size *hdr_size, struct message_size *body_size, struct istream **stream_r) { and this on 2.1.17: static int emexis_permail_get_stream(struct mail *_mail, bool get_body ATTR_UNUSED, struct message_size *hdr_size, struct message_size *body_size, struct istream **stream_r) { > CC: dovecot at dovecot.org > From: spork at bway.net > Subject: Re: [Dovecot] Plugin issue with update from 2.0.19 to 2.1.17 > Date: Tue, 15 Oct 2013 17:15:05 -0400 > To: ramatukuma at hotmail.com > > > On Oct 15, 2013, at 4:33 PM, Reinaldo Matukuma wrote: > > > Hello. Probably only Timo can help-me with this. > > > > I have a self-made plugin based on the zlib plugin that i use to cryptograph the messages at inbox. > > > > As a side-effect of the cryptography, my plugin changes the size of the message, but until 2.0.19 this works well with dovecot index and the W/S flags. > > > > But now, i'm going to upgrade to 2.1.17 and now i have these messages on log at my test ambiance: > > > > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Cached message size smaller than expected (367 < 529) > > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Maildir filename has wrong S value, renamed the file from /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381879158.M634385P5208.test,S=367,W=378:2,S to /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381879158.M634385P5208.test,S=529:2,S > > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Corrupted index cache file /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/dovecot.index.cache: Broken physical size for mail UID 6 > > I think there's something else up, this looks quite similar to what I reported the other day: > > http://dovecot.org/list/dovecot/2013-October/092917.html > > Do you get further messages after the "broken physical size" indicating that dovecot is then trying to open the file based on the original filename? > > Regardless, setting this should turn off the file size/name corrections, perhaps that will help: > > maildir_broken_filename_sizes=yes > > Charles > > > > > I understood with these messages that the dovecot is arguing to get the real size of the file now, overriding the return of size from my crypto plugin. But i don't understood if this is a consequence from the changes to correct the index issue (the dovecot.index.cache issue). > > > > So... I want know if the correct way to fix this would be change my plugin to return the real size of the file (that will be larger than the effective message that the plugin returne after the de-cryptography) or if i need use some new function to the plugin replace the expected size based on the real size of the message, not of the file. > > > > Thanks > > > > Reinaldo > > > From ramatukuma at hotmail.com Thu Oct 17 21:00:51 2013 From: ramatukuma at hotmail.com (Reinaldo Matukuma) Date: Thu, 17 Oct 2013 15:00:51 -0300 Subject: [Dovecot] Plugin issue with update from 2.0.19 to 2.1.17 In-Reply-To: References: Message-ID: Humm... Looking deeper on my plugin i saw that have a call to the i_stream_create_header_filter: full_input[0] = i_stream_create_header_filter(input, HEADER_FILTER_EXCLUDE | HEADER_FILTER_NO_CR, exclude_headers, 3, filter_callback, &zuser->hash_value); I need this because i really have 3 lines on the header that i need to hide from the client... And i have a call to i_stream_create_concat too: imail->data.stream = i_stream_create_concat(full_input); Because i have a header and body separation too just for the fact that the header could be searched via dovecot cache once it remains un-cryptographed. So... The size of S flag before dovecot change it is exactly the header size minus 3 lines of the header plus the un-cryptographed body content. I notice too two things: - that dovecot does the rename of the file and can open the message (including the un-cryptographed body part) but removes the W flag on the filename. Isn't the W flag used anymore? - that the size used by dovecot when it renames the file is only the size of the header part, excluding the body part... I did a test with a larger message and got this at the log: Oct 17 17:24:27 test dovecot: imap(reinaldo at exemplo.com.br): Error: Cached message size larger than expected (3472 > 1010) Oct 17 17:24:27 test dovecot: imap(reinaldo at exemplo.com.br): Error: Maildir filename has wrong S value, renamed the file from /storage/test/messages/exemplo.com.br/reinaldo/Maildir/cur/1382041442.M605987P2439V2051I475262.test,S=3472,W=3538:2, to /storage/test/messages/exemplo.com.br/reinaldo/Maildir/cur/1382041442.M605987P2439V2051I475262.test,S=1010:2, Oct 17 17:24:27 test dovecot: imap(reinaldo at exemplo.com.br): Error: Corrupted index cache file /storage/test/messages/exemplo.com.br/reinaldo/Maildir/dovecot.index.cache: Broken physical size for mail UID 18 Oct 17 17:24:27 test dovecot: imap(reinaldo at exemplo.com.br): Error: read() failed: Input/output error (FETCH for mailbox INBOX UID 18) Oct 17 17:24:27 test dovecot: imap(reinaldo at exemplo.com.br): Disconnected: Internal error occurred. Refer to server log for more information. [2013-10-17 17:24:27] in=339 out=2915 So... I'm assuming that on dovecot 2.0.19 the index.cache was indexing all the header and un-cryptographed body, really using the information on S and W flags. Does the dovecot 2.1.17 index work in another way, needing to index only the header part of the message? > From: ramatukuma at hotmail.com > To: dovecot at dovecot.org > Date: Tue, 15 Oct 2013 17:33:44 -0300 > Subject: [Dovecot] Plugin issue with update from 2.0.19 to 2.1.17 > > Hello. Probably only Timo can help-me with this. > > I have a self-made plugin based on the zlib plugin that i use to cryptograph the messages at inbox. > > As a side-effect of the cryptography, my plugin changes the size of the message, but until 2.0.19 this works well with dovecot index and the W/S flags. > > But now, i'm going to upgrade to 2.1.17 and now i have these messages on log at my test ambiance: > > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Cached message size smaller than expected (367 < 529) > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Maildir filename has wrong S value, renamed the file from /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381879158.M634385P5208.test,S=367,W=378:2,S to /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381879158.M634385P5208.test,S=529:2,S > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Corrupted index cache file /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/dovecot.index.cache: Broken physical size for mail UID 6 > > I understood with these messages that the dovecot is arguing to get the real size of the file now, overriding the return of size from my crypto plugin. But i don't understood if this is a consequence from the changes to correct the index issue (the dovecot.index.cache issue). > > So... I want know if the correct way to fix this would be change my plugin to return the real size of the file (that will be larger than the effective message that the plugin returne after the de-cryptography) or if i need use some new function to the plugin replace the expected size based on the real size of the message, not of the file. > > Thanks > > Reinaldo > From mail at joachim-breitner.de Thu Oct 17 21:20:27 2013 From: mail at joachim-breitner.de (Joachim Breitner) Date: Thu, 17 Oct 2013 20:20:27 +0200 Subject: [Dovecot] Public dovecot namespace visible only to some users In-Reply-To: References: <1381742558.3941.8.camel@kirk> <1381761511.10722.1.camel@kirk> Message-ID: <1382034027.23300.1.camel@kirk> Hi Steffen, Am Donnerstag, den 17.10.2013, 09:25 +0200 schrieb Steffen Kaiser: > On Mon, 14 Oct 2013, Joachim Breitner wrote: > > of "namespace feeds", and add "userdb_namespace/feeds/list=yes" to the > > passwd file, but the latter did not seem to have any effect. > > you use a static userdb, so the setting is not read from the passwd file. > The file is consulted for password only per your config. that was it. After changing userdb to: userdb { args = /etc/vhosts/dovecot-userdb default_fields = uid=vhost gid=vhost home=/var/vhosts/%d/%n driver = passwd-file } I was able to selectively enable the namespace in /etc/vhosts/dovecot-userdb using username:{MD5}password::::::userdb_namespace/feeds/list=yes (It has "list=no" set in the namespace configuration.) Thanks! Joachim -- Joachim ?nomeata? Breitner mail at joachim-breitner.de ? http://www.joachim-breitner.de/ Jabber: nomeata at joachim-breitner.de ? GPG-Key: 0x4743206C Debian Developer: nomeata at debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: From brong at fastmail.fm Fri Oct 18 04:31:29 2013 From: brong at fastmail.fm (Bron Gondwana) Date: Fri, 18 Oct 2013 12:31:29 +1100 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131017064609.Horde.8VpcalPz_sNU0yRpPxwa0Q2@bigworm.curecanti.org> References: <20131014202829.D69A4098@pobox.sk> <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com> <20131017064609.Horde.8VpcalPz_sNU0yRpPxwa0Q2@bigworm.curecanti.org> Message-ID: <1382059889.28224.35404961.63DE019C@webmail.messagingengine.com> On Thu, Oct 17, 2013, at 11:46 PM, Michael M Slusarz wrote: > Quoting Bron Gondwana : > > > On Tue, Oct 15, 2013, at 06:23 AM, Michael M Slusarz wrote: > > > >> No. RFC 5819 [2]: > >> > >> "For each selectable mailbox matching the list pattern and selection > >> options, the server MUST return an untagged LIST response followed by > >> an untagged STATUS response containing the information requested in > >> the STATUS return option." > > > > Just wondering if the INBOX was SELECTed at the time? There's some fun > > interaction around STATUS and SELECT in RFC3501. > > Except as I read 5819, this is completely irrelevant. LIST-STATUS != > STATUS. LIST-STATUS produces STATUS-like responses, but isn't > controlled by any of the rules of the original STATUS. At least > that's how I interpret it. Yeah, that may be - except at least in Cyrus they share quite a lot of common code. Probably in Dovecot as well. Such things are a fertile ground for bugs, particularly in IMAP with all the ugly special case corners that exceptions create over time. I wish "SELECTED" was less special in a bunch of ways. > Looking at the rest of this thread, I think we are all in agreement > that something is fishy. As OP reported, it appears to be something > specific with personal namespaces (possibly 'INBOX.' only). Yep, definitely looks fishy! Bron. -- Bron Gondwana brong at fastmail.fm From skdovecot at smail.inf.fh-brs.de Fri Oct 18 11:31:20 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 18 Oct 2013 10:31:20 +0200 (CEST) Subject: [Dovecot] Login into other user's account // master user for non-master users // chroot to users. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Currently some of our organizational roles uses shared secrets (aka the password) to access the mail account of an organizational role, say "sales" for example. For one, I don't like shared secrets, for second, there had been some changes to shared mailboxes, I can only say "user sales has deleted the message at then and then". Therefore I would like to access the mailboxes of organizational roles with the accounts of the humans performing the role currently. Using sharing and ACLs it is possible to map the mailboxes of "sales" to "users.sales" namespace for specific other users, actually the human ones, say userA and userB for example. However, userB does not like managing identities in its MUA and refuses to acknowledge the messages in users.sales for various reasons. One reason was that userB wants to visibly separate strictly both mail accounts, the private messages in "userB" and the role's ones in "sales". Now, I came into thinking that it would be good in such case, if userB could authentificate as, say "sales*userB" - much like a master user - and ends in "sales"'s home, but with access permissions of "userB", well, like a chroot. Would it be an interesting feature to add to Dovecot's core? If I simulate "sales*userB" with password of userB and let the userdb return the home of sales, userB would gain "owner" privilegues of sales implicitly. So there seems to exist no workaround. Kind regards, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmDx3l3r2wJMiz2NAQLgVwgAw/RgAll9QPEwEPAY4hNHrTcieyZoCMUc iTGBDYcfaELnlLZJupbM4fRPyVYMe4uRmuy2pBKXwDplCriW9FIETQ36Jx6oppZn Ojf1+ZLjBUwr0OBpGMXyDd0XpNWgaEOiEzvvpOykO+pJJCKEJR7uR0usQ5cV6JRt z7qiY3t7n7H0j12Oas7w+IsRrTgMe9FsJ4D37SwxeZCpM12y17E2T2mX10ycvnTM 27/Gai8iyp/4dlO0NqBZ+qU/txqs2h+y5SARngj4Ru9YkmwutC9b8/4kBObTzzdx w1ahO3sYPTH0KmQ0Voc63H6T6U6CkBmYr9kqplkTdEiwtdg9AJSSfQ== =1arj -----END PGP SIGNATURE----- From adi at cg.tuwien.ac.at Fri Oct 18 14:57:12 2013 From: adi at cg.tuwien.ac.at (Adi Kriegisch) Date: Fri, 18 Oct 2013 13:57:12 +0200 Subject: [Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1 Message-ID: <20131018115712.GW25187@vrvis.at> Dear all, I tried to do a backport of 'ssl_prefer_server_ciphers' (http://hg.dovecot.org/dovecot-2.2/rev/897484f45a87/) to Dovecot 2.1 (namely the Debian version of Dovecot) and wanted to ask if there is any chance to integrate this feature into Dovecot 2.1 'upstream' as well. As the code structure changed quite a bit, I am not sure if my patch is complete. I tested it with pop3s and imaps in my test environment and it works just as expected and seemed to not have any unwanted effects. (Dovecot code is probably the most beautiful and easy to read C code I've seen, but there might also be some pitfalls I missed.) best regards, Adi Kriegisch PS: I need that feature to enable PFS while allowing Outlook to still connect and the others not to fall back to a different cipher; I was unable to find a PFS cipher that is supported by Outlook and OpenSSL. -------------- next part -------------- A non-text attachment was scrubbed... Name: ssl_prefer_server_ciphers-dc21.diff Type: text/x-diff Size: 5066 bytes Desc: not available URL: From h.reindl at thelounge.net Fri Oct 18 15:00:26 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 18 Oct 2013 14:00:26 +0200 Subject: [Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1 In-Reply-To: <20131018115712.GW25187@vrvis.at> References: <20131018115712.GW25187@vrvis.at> Message-ID: <526122DA.3090600@thelounge.net> Am 18.10.2013 13:57, schrieb Adi Kriegisch: > I tried to do a backport of 'ssl_prefer_server_ciphers' > (http://hg.dovecot.org/dovecot-2.2/rev/897484f45a87/) to Dovecot 2.1 > (namely the Debian version of Dovecot) and wanted to ask if there is any > chance to integrate this feature into Dovecot 2.1 'upstream' as well. > As the code structure changed quite a bit, I am not sure if my patch is > complete. I tested it with pop3s and imaps in my test environment and it > works just as expected and seemed to not have any unwanted effects. > (Dovecot code is probably the most beautiful and easy to read C code I've > seen, but there might also be some pitfalls I missed.) > > best regards, > Adi Kriegisch > > PS: I need that feature to enable PFS while allowing Outlook to still > connect and the others not to fall back to a different cipher; I was > unable to find a PFS cipher that is supported by Outlook and OpenSSL ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH ssl_prefer_server_ciphers = yes Outlook, at least on WinXP any version, continues to use RC4 ciphers but any sane mail client is using PFS ciphers -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From adi at cg.tuwien.ac.at Fri Oct 18 15:22:36 2013 From: adi at cg.tuwien.ac.at (Adi Kriegisch) Date: Fri, 18 Oct 2013 14:22:36 +0200 Subject: [Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1 In-Reply-To: <526122DA.3090600@thelounge.net> References: <20131018115712.GW25187@vrvis.at> <526122DA.3090600@thelounge.net> Message-ID: <20131018122236.GX25187@vrvis.at> Hi! > > PS: I need that feature to enable PFS while allowing Outlook to still > > connect and the others not to fall back to a different cipher; I was > > unable to find a PFS cipher that is supported by Outlook and OpenSSL > > ssl_cipher_list = > EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH > ssl_prefer_server_ciphers = yes > > Outlook, at least on WinXP any version, continues to use RC4 ciphers > but any sane mail client is using PFS ciphers Thanks for sharing; I opted for disabling RC4 completely and came up with the following (formatted for readability): HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256: EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA: +DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA: !AES128:!CAMELLIA128: !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:!RC4:!SEED: +AES256-SHA which disables every cipher with less than 256bit and leaves AES256-SHA as a last resort for Outlook... (and is except for that pretty similar to your cipher string). This gives (openssl ciphers -V 'theabovestring'): 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 0xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 0xC0,0x0A - ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD 0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD 0xC0,0x2A - ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 0xC0,0x26 - ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 0xC0,0x0F - ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 0xC0,0x05 - ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1 0x00,0x39 - DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 ...and as I have no DSA keys (aka | grep -v DSA): 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 0xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD 0xC0,0x2A - ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 0xC0,0x0F - ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 0x00,0x39 - DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 There is probably still room for improvement, but Android devices now use some DHE key exchange, Thunderbird uses the CAMELLIA cipher and so on; only Outlook -- which should have mitigated the BEAST attack uses AES256-SHA. I hope -- here too -- I didn't miss a thing. Probably the ordering should be changed a little... all the best! -- Adi From h.reindl at thelounge.net Fri Oct 18 15:32:45 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 18 Oct 2013 14:32:45 +0200 Subject: [Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1 In-Reply-To: <20131018122236.GX25187@vrvis.at> References: <20131018115712.GW25187@vrvis.at> <526122DA.3090600@thelounge. net> <20131018122236.GX25187@vrvis.at> Message-ID: <52612A6D.3050607@thelounge.net> Am 18.10.2013 14:22, schrieb Adi Kriegisch: >>> PS: I need that feature to enable PFS while allowing Outlook to still >>> connect and the others not to fall back to a different cipher; I was >>> unable to find a PFS cipher that is supported by Outlook and OpenSSL >> >> ssl_cipher_list = >> EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH >> ssl_prefer_server_ciphers = yes >> >> Outlook, at least on WinXP any version, continues to use RC4 ciphers >> but any sane mail client is using PFS ciphers > Thanks for sharing; I opted for disabling RC4 completely and came up with > the following (formatted for readability) > HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256: > EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA: > +DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA: > !AES128:!CAMELLIA128: > !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:!RC4:!SEED: > +AES256-SHA > which disables every cipher with less than 256bit and leaves AES256-SHA as > a last resort for Outlook... this does *not work* with Outlook 2003-2010 on Windows XP it is also not a good idea to disable 128 Bit completly the idea behind ECDHE is that 128 Bit is as secure as non-EC with 256 Bit > and is except for that pretty similar to your cipher string and likely results in not using PFS for several clients my string is from https://www.ssllabs.com/ articles and *verified* to provide PFS for any client except WinXP a slightly different one in case of HTTP resulted in only very few clients using PFS, most likely your changes are resulting for a lot of clients in fall back to AES-256 without PFS -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From sinisa.rudan at gmail.com Fri Oct 18 15:06:56 2013 From: sinisa.rudan at gmail.com (SiR) Date: Fri, 18 Oct 2013 05:06:56 -0700 (PDT) Subject: [Dovecot] Having problem that e-mails for all users are grouped in the same "sent" file (same for "drafts"). In-Reply-To: References: <1381946320611-44836.post@n4.nabble.com> Message-ID: <1382098016382-44855.post@n4.nabble.com> Thank you, Steffen. So, you are telling that in correct working environment, each user should have its own "Sent" and "Drafts" file? Does anybody knows how to achieve it, or what can cause their non-separation? Thanks -- View this message in context: http://dovecot.2317879.n4.nabble.com/Having-problem-that-e-mails-for-all-users-are-grouped-in-the-same-sent-file-same-for-drafts-tp44836p44855.html Sent from the Dovecot mailing list archive at Nabble.com. From skdovecot at smail.inf.fh-brs.de Fri Oct 18 17:04:37 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 18 Oct 2013 16:04:37 +0200 (CEST) Subject: [Dovecot] Having problem that e-mails for all users are grouped in the same "sent" file (same for "drafts"). In-Reply-To: <1382098016382-44855.post@n4.nabble.com> References: <1381946320611-44836.post@n4.nabble.com> <1382098016382-44855.post@n4.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 18 Oct 2013, SiR wrote: > So, you are telling that in correct working environment, each user should > have its own "Sent" and "Drafts" file? No, it's a matter of configuration. Usually users have their own Sent and Drafts, but that is not mandatory. > Does anybody knows how to achieve it, or what can cause their > non-separation? Please re-read my last response. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmE/9V3r2wJMiz2NAQLoIQf/TaOlxzUolBsFfdmDSlEatiHXbKQcWgJ3 a8lrGBmYIqsjKhF6gCoDkF8dD6gvLfdSWkdjKXtwQft4r5bEc58v1SsI4APYXpZs 0aiFufhTaBDFieqDd8Fsz+/83TDD/a5SVTQbV/IVmeQTj2cB+rwu81R/6pO8KBY7 QiRTdd04q+D55Xfa+3MdB5LZjcOoMk+ItXsyvKTMOrybnF+/ka33UHKawB2em/jU nT4+WyzDoTGaW84PYOOqzxCZsm69BWFEA9Bxu88/KmVuxzRRvPhUHbmAxeXrayHK odyzPPpih3rPmtKimuBCouT6x9iMxPxsWNqL69EI/6IL8+HreMvK6A== =tFdN -----END PGP SIGNATURE----- From jogi at mur.at Fri Oct 18 17:30:15 2013 From: jogi at mur.at (=?UTF-8?B?Sm9naSBIb2Ztw7xsbGVy?=) Date: Fri, 18 Oct 2013 16:30:15 +0200 Subject: [Dovecot] proxy, userdb and passdb Message-ID: <526145F7.9020303@mur.at> Dear all, We are getting closer to the migration of our mailsystem. Now I have a special question. We are successfully using passdb { driver = pam } and that is good. Now, how would I tell dovecot to proxy certain users (the ones not yet migrated) to the old server? My attempts to configure an additional userdb failed since this seems to override the passdb setting. Grateful for any hints! Cheers, -- j.hofm?ller Optimism doesn't alter the laws of physics. - Subcommander T'Pol -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 230 bytes Desc: OpenPGP digital signature URL: From adi at cg.tuwien.ac.at Fri Oct 18 20:48:12 2013 From: adi at cg.tuwien.ac.at (Adi Kriegisch) Date: Fri, 18 Oct 2013 19:48:12 +0200 Subject: [Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1 In-Reply-To: <20131018115712.GW25187@vrvis.at> References: <20131018115712.GW25187@vrvis.at> Message-ID: <20131018174812.GZ25187@vrvis.at> Dear all, > I tried to do a backport of 'ssl_prefer_server_ciphers' > (http://hg.dovecot.org/dovecot-2.2/rev/897484f45a87/) to Dovecot 2.1 [...] > (Dovecot code is probably the most beautiful and easy to read C code I've > seen, but there might also be some pitfalls I missed.) I'd be very grateful, if someone could have a closer look at the patch and see wether I missed something. best regards, Adi Kriegisch From dan at langille.org Fri Oct 18 21:03:58 2013 From: dan at langille.org (Dan Langille) Date: Fri, 18 Oct 2013 14:03:58 -0400 Subject: [Dovecot] =?utf-8?q?Which_MTA_for_a_personal-use_dovecot_instance?= =?utf-8?q?=3F?= Message-ID: I'm planning to deploy a personal dovecot IMAP server (i.e. I am the only user) in a FreeBSD jail. At present, I have IMAP deployed on the same host as one of my mail servers, which is running Postfix. I do like Postfix, but it seems to be a bit overkill for this particular situation. All my incoming MX are provided by Google. They handle the incoming mail and forward to my private MX, and from there the mail for me goes into my ~/Maildir. With the move to IMAP in a jail, I need to get the mail from my private MX into that jail. All mail being sent to that jail will be destined for my ~/Maildir, with some massaging via procmail. Given that I've just started using mail/nullmailer, I was wondering if there was something simple that I could use. I was planning to use postfix, require TLS, lock things down tightly. But I'm open to suggestions for something simple. -- Dan Langille - http://langille.org/ From h.reindl at thelounge.net Fri Oct 18 21:10:23 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Fri, 18 Oct 2013 20:10:23 +0200 Subject: [Dovecot] Which MTA for a personal-use dovecot instance? In-Reply-To: References: Message-ID: <5261798F.5060903@thelounge.net> Am 18.10.2013 20:03, schrieb Dan Langille: > I'm planning to deploy a personal dovecot IMAP server (i.e. I am the only user) in a FreeBSD jail. > > At present, I have IMAP deployed on the same host as one of my mail servers, which is running Postfix. I do like > Postfix, but it seems to be a bit overkill for this particular situation where can postfix be a overhead? for simple setups you only a few lines of configuration and all others as default - hard to find any software more easy to configure with the backward compatibility postfix offers since many years -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From anmeyer at anup.de Sat Oct 19 02:55:20 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Sat, 19 Oct 2013 01:55:20 +0200 Subject: [Dovecot] Question to sieve symlink Message-ID: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> Hello! A Server running openSUSE 12.3 and dovecot version 2.1.13. In the log I find Oct 19 00:23:23 managesieve(anmeyer at anup.de): Warning: sieve-storage: Active sieve script symlink /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve is broken: invalid/unknown path to storage (points to /var/spool/vhosts/anup.de/anmeyer/.sieve/managesieve.sieve). But the link is ok and when I login to roundcube I can manage the filters. What's the problem? Greetings Andreas From devurandom at gmx.net Sat Oct 19 23:33:27 2013 From: devurandom at gmx.net (Dennis Schridde) Date: Sat, 19 Oct 2013 22:33:27 +0200 Subject: [Dovecot] dovecot-metadata-plugin v14 patches In-Reply-To: <5f03f6654914772a83ebc7c1f1685b0a@lefoyer.ru> References: <5f03f6654914772a83ebc7c1f1685b0a@lefoyer.ru> Message-ID: <3842228.EGouozXFuP@ernie> Hello Sergey! Thanks for the report and sorry for taking so long to respond. I did not use your patches directly, but they were very valuable in locating the issue. Am Dienstag, 16. Juli 2013, 10:47:02 schrieb Sergey Sidlyarenko: > Please apply patches for dovecot-metadata-plugin v14. > 1. dovecot-metadata-plugin-value_nil - fix plugin crach if entry->value > == NULL (strlen(NULL) - segfault). Fixed in 517fa826a9ff If there are more cases where this can create a problem, please tell me. I left the return value of get_value at NULL intentionally, so there is a clear destinction between the backend data format (NULL) and the IMAP frontend format ("NIL") and nil values can be easily detected. > 2. dovecot-metadata-plugin-utf7_support - add support metadata for UTF8 > mailfolder. Fixed in 05fc591d2943 I looked at the Dovecot sourcecode and got the impression that mailbox names are always UTF-7 in IMAP, and always UTF-8 in Dovecot. So the conversion has to be always applied. If you have further bugreports or suggestions, please do not hesitate to tell me. Best regards, Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From list_dovecot at bluerosetech.com Sun Oct 20 02:58:42 2013 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Sat, 19 Oct 2013 16:58:42 -0700 Subject: [Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1 In-Reply-To: <52612A6D.3050607@thelounge.net> References: <20131018115712.GW25187@vrvis.at> <526122DA.3090600@thelounge. net> <20131018122236.GX25187@vrvis.at> <52612A6D.3050607@thelounge.net> Message-ID: <52631CB2.10805@bluerosetech.com> On 10/18/2013 5:32 AM, Reindl Harald wrote: > > Am 18.10.2013 14:22, schrieb Adi Kriegisch: >>>> PS: I need that feature to enable PFS while allowing Outlook to still >>>> connect and the others not to fall back to a different cipher; I was >>>> unable to find a PFS cipher that is supported by Outlook and OpenSSL >>> >>> ssl_cipher_list = >>> EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH >>> ssl_prefer_server_ciphers = yes >>> >>> Outlook, at least on WinXP any version, continues to use RC4 ciphers >>> but any sane mail client is using PFS ciphers >> Thanks for sharing; I opted for disabling RC4 completely and came up with >> the following (formatted for readability) >> HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256: >> EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA: >> +DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA: >> !AES128:!CAMELLIA128: >> !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:!RC4:!SEED: >> +AES256-SHA >> which disables every cipher with less than 256bit and leaves AES256-SHA as >> a last resort for Outlook... > > this does *not work* with Outlook 2003-2010 on Windows XP It's not Outlook's fault. Office, IE, etc. all use stunnel which, on XP/2003, is as outdated as OpenSSL 0.9.8. Enable 3DES to support XP clients. From h.reindl at thelounge.net Sun Oct 20 03:24:09 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 20 Oct 2013 02:24:09 +0200 Subject: [Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1 In-Reply-To: <52631CB2.10805@bluerosetech.com> References: <20131018115712.GW25187@vrvis.at> <526122DA.3090600@thelounge. net> <20131018122236.GX25187@vrvis.at> <52612A6D.3050607@thelounge.net> <52631CB2.10805@bluerosetech.com> Message-ID: <526322A9.6000008@thelounge.net> Am 20.10.2013 01:58, schrieb Darren Pilgrim: > On 10/18/2013 5:32 AM, Reindl Harald wrote: >> Am 18.10.2013 14:22, schrieb Adi Kriegisch: >>>>> PS: I need that feature to enable PFS while allowing Outlook to still >>>>> connect and the others not to fall back to a different cipher; I was >>>>> unable to find a PFS cipher that is supported by Outlook and OpenSSL >>>> >>>> ssl_cipher_list = >>>> EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH >>>> >>>> ssl_prefer_server_ciphers = yes >>>> >>>> Outlook, at least on WinXP any version, continues to use RC4 ciphers >>>> but any sane mail client is using PFS ciphers >>> Thanks for sharing; I opted for disabling RC4 completely and came up with >>> the following (formatted for readability) >>> HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256: >>> EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA: >>> +DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA: >>> !AES128:!CAMELLIA128: >>> !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:!RC4:!SEED: >>> +AES256-SHA >>> which disables every cipher with less than 256bit and leaves AES256-SHA as >>> a last resort for Outlook... >> >> this does *not work* with Outlook 2003-2010 on Windows XP > > It's not Outlook's fault. Office, IE, etc. all use stunnel which, on XP/2003, is as outdated as OpenSSL 0.9.8. > > Enable 3DES to support XP clients and how does that give you any gain over RC4? http://en.wikipedia.org/wiki/Triple_DES#Security http://en.wikipedia.org/wiki/RC4#Security >>> It is noteworthy, however, that RC4, being a stream cipher, is the only common >>> cipher which is immune[9] to the 2011 BEAST attack on TLS 1.0, which exploits a >>> known weakness in the way cipher block chaining mode is used with all of the other >>> ciphers supported by TLS 1.0, which are all block ciphers why do you waste that much time? sane clients with the ciphers i provided use secure encryption without break XP users and more you can't do - period -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From list_dovecot at bluerosetech.com Sun Oct 20 03:38:10 2013 From: list_dovecot at bluerosetech.com (Darren Pilgrim) Date: Sat, 19 Oct 2013 17:38:10 -0700 Subject: [Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1 In-Reply-To: <526322A9.6000008@thelounge.net> References: <20131018115712.GW25187@vrvis.at> <526122DA.3090600@thelounge. net> <20131018122236.GX25187@vrvis.at> <52612A6D.3050607@thelounge.net> <52631CB2.10805@bluerosetech.com> <526322A9.6000008@thelounge.net> Message-ID: <526325F2.8070604@bluerosetech.com> On 10/19/2013 5:24 PM, Reindl Harald wrote: > Am 20.10.2013 01:58, schrieb Darren Pilgrim: >> On 10/18/2013 5:32 AM, Reindl Harald wrote: >>> this does *not work* with Outlook 2003-2010 on Windows XP >> >> It's not Outlook's fault. Office, IE, etc. all use stunnel which, on XP/2003, is as outdated as OpenSSL 0.9.8. >> >> Enable 3DES to support XP clients > > and how does that give you any gain over RC4?s The cipherspec given disables both. Given a choice, I'd rather have 3DES than RC4. > http://en.wikipedia.org/wiki/Triple_DES#Security > http://en.wikipedia.org/wiki/RC4#Security Umm... did you actually read those? That's a long, varied list of attacks on RC4, whereas 3DES is only vulnerable to the same attacks as all other CBC-mode ciphers. 112-bit encryption is still generally safe for at least a few more years. Well past the point where we don't have to worry about XP anymore. -- Please reply on list. From CMarcus at Media-Brokers.com Sun Oct 20 16:25:29 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sun, 20 Oct 2013 09:25:29 -0400 Subject: [Dovecot] Login into other user's account // master user for non-master users // chroot to users. In-Reply-To: References: Message-ID: <5263D9C9.7020803@Media-Brokers.com> On 2013-10-18 4:31 AM, Steffen Kaiser wrote: > Now, I came into thinking that it would be good in such case, if userB > could authentificate as, say "sales*userB" - much like a master user - > and ends in "sales"'s home, but with access permissions of "userB", > well, like a chroot. > > > Would it be an interesting feature to add to Dovecot's core? I would actually find that very useful. We have similar role based email accounts, and currently we have the same problem - no way to tell which of the users in question did what... -- Best regards, */Charles/* From h.reindl at thelounge.net Sun Oct 20 16:42:59 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Sun, 20 Oct 2013 15:42:59 +0200 Subject: [Dovecot] Login into other user's account // master user for non-master users // chroot to users. In-Reply-To: <5263D9C9.7020803@Media-Brokers.com> References: <5263D9C9.7020803@Media-Brokers.com> Message-ID: <5263DDE3.3040103@thelounge.net> Am 20.10.2013 15:25, schrieb Charles Marcus: > On 2013-10-18 4:31 AM, Steffen Kaiser wrote: >> Now, I came into thinking that it would be good in such case, if userB could authentificate as, say "sales*userB" >> - much like a master user - and ends in "sales"'s home, but with access permissions of "userB", well, like a chroot. >> >> Would it be an interesting feature to add to Dovecot's core? > > I would actually find that very useful. We have similar role based email accounts, and currently we have the same > problem - no way to tell which of the users in question did what... and how does the different username change anything? the inbox is still shared you see a differnt username for login but you still do not se *what* he did and if you would have *that* in the logs username + ip-address makes the match -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From anmeyer at anup.de Sun Oct 20 16:55:03 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Sun, 20 Oct 2013 15:55:03 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> Message-ID: <20131020155503.51694706@itxnew.bitcorner.intern> Andreas Meyer wrote: > A Server running openSUSE 12.3 and dovecot version 2.1.13. > In the log I find > > Oct 19 00:23:23 managesieve(anmeyer at anup.de): Warning: sieve-storage: Active sieve script symlink /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve is broken: invalid/unknown path to storage (points to /var/spool/vhosts/anup.de/anmeyer/.sieve/managesieve.sieve). > > But the link is ok and when I login to roundcube I can manage the filters. > What's the problem? I found the corresponding part in sieve-storage-script.c /* Check whether the path is any good */ if ( strcmp(scriptpath, storage->link_path) != 0 && strcmp(scriptpath, storage->dir) != 0 ) { i_warning ("sieve-storage: Active sieve script symlink %s is broken: " "invalid/unknown path to storage (points to %s).", storage->active_path, link); return NULL; } but I am not a programmer to say what's wrong there. Andreas From stephan at rename-it.nl Sun Oct 20 18:26:28 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Sun, 20 Oct 2013 17:26:28 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> Message-ID: <5263F624.7040809@rename-it.nl> On 10/19/2013 1:55 AM, Andreas Meyer wrote: > Hello! > > A Server running openSUSE 12.3 and dovecot version 2.1.13. > In the log I find > > Oct 19 00:23:23 managesieve(anmeyer at anup.de): Warning: sieve-storage: Active sieve script symlink /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve is broken: invalid/unknown path to storage (points to /var/spool/vhosts/anup.de/anmeyer/.sieve/managesieve.sieve). > > But the link is ok and when I login to roundcube I can manage the filters. > What's the problem? What is your configuration (output from dovecot -n) ? Regards, Stephan From info at eye-catching-webdesign.de Sun Oct 20 18:27:51 2013 From: info at eye-catching-webdesign.de (Lucas Rothamel - Eye Catching Webdesign) Date: Sun, 20 Oct 2013 17:27:51 +0200 Subject: [Dovecot] Upgrade from 2.1 to 2.2 on Debian Message-ID: <5263F677.50908@eye-catching-webdesign.de> Hello, I am currently running Dovecot 2.1 on current Debian and need to upgrade to 2.2 to use the replication features. I understand that I therefore need to compile Dovecot myself. I am using a MySQL database for users authentication, therefore I need to compile Dovecot with mysql support: *./configure --with-mysql* Unfortunately this terminates with: *configure: error: Can't build with MySQL support: libmysqlclient not found* I installed libmysqlclient from debian repos, but it does not help. Also, how do I then connect the newly installed dovecot to my existing /etc/init.d/dovecot script? Thank you. Lucas -- Lucas Rothamel Eye Catching Webdesign info at eye-catching-webdesign.de - www.eye-catching-webdesign.de You know, we go to the gym to keep the body fit. Similarly the mind needs some rest. The mind is bombarded with so many impressions. Our mind has been bombarded by impressions the whole time. It needs a different kind of rest other than sleep. And meditation is such a rest. It calms the mind. energizes the spirit and makes the body more strong and vibrant. improves the immune system. The immune cells, the T-cell count go higher through Sudarshan Kriya and meditation. And you feel so nice inside. - Sri Sri Ravi Shankar I love deadlines. I like the whooshing sound they make as they fly by. -- Douglas Adams -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4282 bytes Desc: S/MIME Cryptographic Signature URL: From anmeyer at anup.de Sun Oct 20 18:39:23 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Sun, 20 Oct 2013 17:39:23 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <5263F624.7040809@rename-it.nl> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> <5263F624.7040809@rename-it.nl> Message-ID: <20131020173923.25e4c4a1@itxnew.bitcorner.intern> Hello! Stephan Bosch wrote: > On 10/19/2013 1:55 AM, Andreas Meyer wrote: > > Hello! > > > > A Server running openSUSE 12.3 and dovecot version 2.1.13. > > In the log I find > > > > Oct 19 00:23:23 managesieve(anmeyer at anup.de): Warning: sieve-storage: Active sieve script symlink /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve is broken: invalid/unknown path to storage (points to /var/spool/vhosts/anup.de/anmeyer/.sieve/managesieve.sieve). > > > > But the link is ok and when I login to roundcube I can manage the filters. > > What's the problem? > > What is your configuration (output from dovecot -n) ? I will not send this sensitive output to a public mailinglist. Do you need a special part of the output? Andreas From CMarcus at Media-Brokers.com Sun Oct 20 18:43:48 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sun, 20 Oct 2013 11:43:48 -0400 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <20131020173923.25e4c4a1@itxnew.bitcorner.intern> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> <5263F624.7040809@rename-it.nl> <20131020173923.25e4c4a1@itxnew.bitcorner.intern> Message-ID: <5263FA34.1010206@Media-Brokers.com> On 2013-10-20 11:39 AM, Andreas Meyer wrote: > Stephan Bosch wrote: >> What is your configuration (output from dovecot -n) ? > I will not send this sensitive output to a public mailinglist. > Do you need a special part of the output? Don't be stupid. There is little to nothing in that output that would put your system at risk - and if there was, a few seconds to obfuscate it is all it would take. Otherwise, there is nothing anyone here can dot to help you. -- Best regards, */Charles/* From anmeyer at anup.de Sun Oct 20 19:05:45 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Sun, 20 Oct 2013 18:05:45 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <5263FA34.1010206@Media-Brokers.com> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> <5263F624.7040809@rename-it.nl> <20131020173923.25e4c4a1@itxnew.bitcorner.intern> <5263FA34.1010206@Media-Brokers.com> Message-ID: <20131020180545.3a80a8d7@itxnew.bitcorner.intern> Charles Marcus wrote: > On 2013-10-20 11:39 AM, Andreas Meyer wrote: > > Stephan Bosch wrote: > >> What is your configuration (output from dovecot -n) ? > > > I will not send this sensitive output to a public mailinglist. > > Do you need a special part of the output? > > Don't be stupid. There is little to nothing in that output that would > put your system at risk - and if there was, a few seconds to obfuscate > it is all it would take. > > Otherwise, there is nothing anyone here can dot to help you. > ok, here it is: # 2.1.17: /etc/dovecot/dovecot.conf # OS: Linux 3.7.10-1.16-pae i686 openSUSE 12.3 (i586) auth_mechanisms = plain cram-md5 auth_verbose = yes debug_log_path = /var/log/dovecot-debug.log disable_plaintext_auth = no hostname = delta.bitcorner.eu log_path = /var/log/dovecot1 login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k mail_home = /var/spool/vhosts/%d/%n mail_location = maildir:~/ mail_plugins = quota managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave vacation-seconds namespace inbox { inbox = yes location = prefix = } passdb { args = /etc/dovecot/passwd driver = passwd-file } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { autocreate = Trash autocreate2 = Drafts autocreate3 = Sent autosubscribe = Trash autosubscribe2 = Drafts autosubscribe3 = Sent quota = maildir:User quota quota_grace = 10%% quota_rule = *:storage=500MB quota_rule2 = Trash:storage=+10%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full / Mailbox ist voll quota_status_success = DUNNO sieve = ~/.dovecot.sieve sieve_dir = ~/.sieve sieve_extensions = +vacation-seconds sieve_vacation_default_period = 10d sieve_vacation_max_period = 30d sieve_vacation_min_period = 1h } postmaster_address = postmaster at bitcorner.de protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = vmail } ssl_cert = References: <5263F677.50908@eye-catching-webdesign.de> Message-ID: <526400B4.4020901@gedalya.net> You need the libmysqlclient-dev package if you want to compile something with mysql. Did you install it? On 10/20/2013 11:27 AM, Lucas Rothamel - Eye Catching Webdesign wrote: > Hello, > > I am currently running Dovecot 2.1 on current Debian and need to > upgrade to 2.2 to use the replication features. > > I understand that I therefore need to compile Dovecot myself. I am > using a MySQL database for users authentication, therefore I need to > compile Dovecot with mysql support: > *./configure --with-mysql* > Unfortunately this terminates with: > *configure: error: Can't build with MySQL support: libmysqlclient not > found* > > I installed libmysqlclient from debian repos, but it does not help. > > Also, how do I then connect the newly installed dovecot to my existing > /etc/init.d/dovecot script? > > Thank you. > Lucas > From wildfire at progsoc.org Sun Oct 20 19:24:04 2013 From: wildfire at progsoc.org (Anand Kumria) Date: Sun, 20 Oct 2013 17:24:04 +0100 Subject: [Dovecot] backup maildir mailbox bugs Message-ID: Hi, Using dovecot v2.2.5.5, I get the following: $ doveadm -v backup -R -u user at example.com maildir:/home/rsync/ example.com/user/Maildir/ [...] dsync(user at example.com): Panic: file dsync-mailbox-export.c: line 228 (export_save_change_get): assertion failed: (change->type == DSYNC_MAIL_CHANGE_TYPE_FLAG_CHANGE) dsync(user at example.com): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x59e6a) [0x7f91ad185e6a] -> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7f91ad185f2a] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f91ad144b89] -> doveadm [user at example.com Printing Quotes send:mailbox recv:mailbox](dsync_mailbox_export_init+0x8b8) [0x434028] -> doveadm [ user at example.com Printing Quotes send:mailbox recv:mailbox](dsync_brain_sync_mailbox_open+0x233) [0x42ba83] -> doveadm [ user at example.com Printing Quotes send:mailbox recv:mailbox](dsync_brain_slave_recv_mailbox+0x125) [0x42c615] -> doveadm [ user at example.com Printing Quotes send:mailbox recv:mailbox](dsync_brain_run+0x369) [0x42a929] -> doveadm [user at example.comPrinting Quotes send:mailbox recv:mailbox]() [0x42881b] -> doveadm [ user at example.com Printing Quotes send:mailbox recv:mailbox]() [0x411ad7] -> doveadm [user at example.com Printing Quotes send:mailbox recv:mailbox](doveadm_mail_try_run+0x260) [0x4127a0] -> doveadm [ user at example.com Printing Quotes send:mailbox recv:mailbox](main+0x3f0) [0x4116c0] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed) [0x7f91acd8e76d] -> doveadm [user at example.com Printing Quotes send:mailbox recv:mailbox]() [0x4118bd] Other lines emitted were Info lines indicating what message was being processed. Unfortunately this appears to stop the backup dead in it's tracks. Suggestions on how to proceed? I was (originally) doing this as an IMAP to IMAP copy, and when that failed I managed to get the raw Maildir. Now I appear stuck with that too. Regards, Anand -- ?Don?t be sad because it?s over. Smile because it happened.? ? Dr. Seuss From wildfire at progsoc.org Sun Oct 20 20:01:05 2013 From: wildfire at progsoc.org (Anand Kumria) Date: Sun, 20 Oct 2013 18:01:05 +0100 Subject: [Dovecot] unusual dsync lines In-Reply-To: <4B776E73-04AF-48E1-84C3-7765926A7ADA@iki.fi> References: <4B776E73-04AF-48E1-84C3-7765926A7ADA@iki.fi> Message-ID: Hi, $ doveadm sync -1 -r raw.log -R 'doveadm -o imapc_user=foo -o imapc_password=bar -o mail=imapc: dsync-server' I couldn't get that line to work, I get errors like: doveadm(root): Fatal: Error reading configuration: Invalid -o parameter imapc:: Missing '=' dsync-local(root): Error: read(remote) failed: EOF (version not received) dsync-local(root): Panic: file iostream.c: line 37 (io_stream_unref): assertion failed: (stream->refcount > 0) *** glibc detected *** doveadm: corrupted double-linked list: 0x0000000002312620 *** I have ended up doing: $ doveadm -v -o imapc_user=user at example.com -o imapc_password=password -o imapc_host=imap.example.com -o imapc_port=993 -o imapc_ssl=imaps -o imapc_ssl_dir=/etc/ssl -o imapc_feature=rfc822.size -o imapc_ssl_verify=no sync -1 -r raw2.log -R -u user at example.com imapc: I'll let you know if it finishes. Thanks, Anand On 22 September 2013 01:03, Timo Sirainen wrote: > > On 17.9.2013, at 6.25, Anand Kumria wrote: > > > Another day, another dysnc attempt. Using Dovecot v2.2.5.4; I see: > > Is it still duplicating mails? So if you first delete everything from > destination directory, then run doveadm sync -1 twice it duplicates the > mails? Or just gives them new UIDs without duplicating anything? I can't > reproduce either with the latest hg version at least. There were a few > fixes since v2.2.5, but I'm not sure if they were related to this. > > > # doveadm -v -o imapc_user=user at example.com -o imapc_password=password > -o > > imapc_host=imap.example.com -o imapc_port=993 -o imapc_ssl=imaps -o > > imapc_ssl_dir=/etc/ssl -o imapc_feature=rfc822.size -o > imapc_ssl_verify=no > > sync -1 -R -u user at example.com imapc: > > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8343, > > msgid=<4F387A25.5010900 at example.com>, size=2954969 > > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8344, > > msgid=<5237B0BF.7030402 at example.com>, size=3371710 > > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8345, > > msgid=<5237B588.6040009 at example.com>, size=3266 > > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8346, > > msgid=<5237B6B4.2030203 at example.com>, size=4201 > > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8347, > > msgid=<5237B888.7030807 at example.com>, size=3371445 > > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8348, > > msgid=<5237C224.9010608 at example.com>, size=3371745 > > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8349, > > msgid=<5237C350.5080608 at example.com>, size=3371700 > > dsync(user at example.com): Info: copy from Drafts: box=Drafts, uid=8350, > > msgid=<5237C5EE.5030408 at example.com>, size=3371619 > > dsync(user at example.com): Info: expunge: box=Drafts, uid=8209, msgid=< > > 4F387A25.5010900 at example.com>, size=2954969 > > > > The interesting lines being uid=8209 and uid=8343; why would dsync both > > copy and then expunge the same message from the same mailbox? > > I think "move" gets logged as copy+expunge. It probably just wanted to > give a new UID to the message. Why it wanted to do that, I'm not sure .. > One way to debug this would be to get rawlogs of the traffic between the > two dsync brains, by running something like: > > doveadm sync -1 -r raw.log -R 'doveadm -o imapc_user=foo -o > imapc_password=bar -o mail=imapc: dsync-server' > > The rawlog would then show why dsync does what it does. Also latest hg has > some additional debug logging (doveadm -D), but it's still not in all the > places so it might not be enough. > > > From stephan at rename-it.nl Sun Oct 20 20:41:01 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Sun, 20 Oct 2013 19:41:01 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <20131020180545.3a80a8d7@itxnew.bitcorner.intern> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> <5263F624.7040809@rename-it.nl> <20131020173923.25e4c4a1@itxnew.bitcorner.intern> <5263FA34.1010206@Media-Brokers.com> <20131020180545.3a80a8d7@itxnew.bitcorner.intern> Message-ID: <526415AD.4070900@rename-it.nl> On 10/20/2013 6:05 PM, Andreas Meyer wrote: > I did not have this problem with the symlink before with a selfcompiled > dovecot version 2.1.17 and a selfcompiled version of dovecot-2.1-pigeonhole-0.3.1 > > Now, I used the rpm-packages of the distribution (version 2.1.13), upgraded > yesterday with rpm's to version 2.1.17 but the problem persists. Could you enable mail_debug and show us what the logs say? Regards, Stephan From anmeyer at anup.de Sun Oct 20 21:01:26 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Sun, 20 Oct 2013 20:01:26 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <526415AD.4070900@rename-it.nl> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> <5263F624.7040809@rename-it.nl> <20131020173923.25e4c4a1@itxnew.bitcorner.intern> <5263FA34.1010206@Media-Brokers.com> <20131020180545.3a80a8d7@itxnew.bitcorner.intern> <526415AD.4070900@rename-it.nl> Message-ID: <20131020200126.28c62abe@itxnew.bitcorner.intern> Stephan Bosch wrote: > On 10/20/2013 6:05 PM, Andreas Meyer wrote: > > I did not have this problem with the symlink before with a selfcompiled > > dovecot version 2.1.17 and a selfcompiled version of dovecot-2.1-pigeonhole-0.3.1 > > > > Now, I used the rpm-packages of the distribution (version 2.1.13), upgraded > > yesterday with rpm's to version 2.1.17 but the problem persists. > > Could you enable mail_debug and show us what the logs say? I specified mail_debug = yes debug_log_path = /var/log/dovecot-debug.log in dovecot.conf and restarted dovecot, but nothing is written to the log. # doveadm log find Debug: /var/log/dovecot-debug.log Info: /var/log/dovecot1 Warning: /var/log/dovecot1 Error: /var/log/dovecot1 Fatal: /var/log/dovecot1 > Regards, > > Stephan Andreas From rs at sys4.de Sun Oct 20 21:05:07 2013 From: rs at sys4.de (Robert Schetterer) Date: Sun, 20 Oct 2013 20:05:07 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <20131020200126.28c62abe@itxnew.bitcorner.intern> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> <5263F624.7040809@rename-it.nl> <20131020173923.25e4c4a1@itxnew.bitcorner.intern> <5263FA34.1010206@Media-Brokers.com> <20131020180545.3a80a8d7@itxnew.bitcorner.intern> <526415AD.4070900@rename-it.nl> <20131020200126.28c62abe@itxnew.bitcorner.intern> Message-ID: <52641B53.6060406@sys4.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 20.10.2013 20:01, schrieb Andreas Meyer: > Stephan Bosch wrote: > >> On 10/20/2013 6:05 PM, Andreas Meyer wrote: >>> I did not have this problem with the symlink before with a >>> selfcompiled dovecot version 2.1.17 and a selfcompiled version >>> of dovecot-2.1-pigeonhole-0.3.1 >>> >>> Now, I used the rpm-packages of the distribution (version >>> 2.1.13), upgraded yesterday with rpm's to version 2.1.17 but >>> the problem persists. >> >> Could you enable mail_debug and show us what the logs say? > > I specified > > mail_debug = yes debug_log_path = /var/log/dovecot-debug.log > > in dovecot.conf and restarted dovecot, but nothing is written to > the log. > > # doveadm log find Debug: /var/log/dovecot-debug.log Info: > /var/log/dovecot1 Warning: /var/log/dovecot1 Error: > /var/log/dovecot1 Fatal: /var/log/dovecot1 > >> Regards, >> >> Stephan > > Andreas > does it exist ,is it writable ? Best Regards MfG Robert Schetterer - -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSZBtOAAoJEP8jBObu0LlEhDkH/2OnCkfIKQWlun97jeJk6ujR BefuHWVr4AKyoLlCbhy5iZ4rLMIMtWGrqTMHqI6hgieAwmVrv2k7VOhziiBU25q5 c5M1ymR3tnYUIG6D4ublGLbOyPh4F063ZdVbOgb9tVjI8Kd7JMU434liBzIMmdrF CixXQU1YiCuCz+tSjXOYIOjlcEarh0OGSFUBq1luUYL2b0NivcMQE0xAHX7jQP09 OyXpVdDvG7dfInn3o6/4GOE+1Ar8l239RW67STrAM8mOJ47bzxIBBn7YmSIbwE6Z Sv1JqzwhrFElPqgJMcDI9j5aAPdxREaNEv0JV/F7DX54lT10u5Dc7s6NhXrigg8= =RXO3 -----END PGP SIGNATURE----- From anmeyer at anup.de Sun Oct 20 21:15:19 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Sun, 20 Oct 2013 20:15:19 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <526415AD.4070900@rename-it.nl> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> <5263F624.7040809@rename-it.nl> <20131020173923.25e4c4a1@itxnew.bitcorner.intern> <5263FA34.1010206@Media-Brokers.com> <20131020180545.3a80a8d7@itxnew.bitcorner.intern> <526415AD.4070900@rename-it.nl> Message-ID: <20131020201519.2bea0007@itxnew.bitcorner.intern> Stephan Bosch wrote: > On 10/20/2013 6:05 PM, Andreas Meyer wrote: > > I did not have this problem with the symlink before with a selfcompiled > > dovecot version 2.1.17 and a selfcompiled version of dovecot-2.1-pigeonhole-0.3.1 > > > > Now, I used the rpm-packages of the distribution (version 2.1.13), upgraded > > yesterday with rpm's to version 2.1.17 but the problem persists. > > Could you enable mail_debug and show us what the logs say? In the debug.log I have this Oct 20 20:10:39 managesieve: Debug: Loading modules from directory: /usr/lib/dovecot/modules Oct 20 20:10:39 managesieve: Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Oct 20 20:10:39 managesieve: Debug: Added userdb setting: mail=maildir:~/ Oct 20 20:10:39 managesieve: Debug: Added userdb setting: plugin/quota_rule=*:bytes=1G Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: Effective uid=5000, gid=5000, home=/var/spool/vhosts/anup.de/anmeyer Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: Quota root: name=User quota backend=maildir args= Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0 Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: Quota rule: root=User quota mailbox=Trash bytes=+107374182 (10%) messages=0 Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/ Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: maildir++: root=/var/spool/vhosts/anup.de/anmeyer, index=, control=, inbox=/var/spool/vhosts/anup.de/anmeyer, alt= Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: sieve: include: sieve_global_dir is not set; it is currently not possible to include `:global' scripts. Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: sieve-storage: using active sieve script path: /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: sieve-storage: using sieve script storage directory: /var/spool/vhosts/anup.de/anmeyer/.sieve Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: sieve-storage: using permissions from /var/spool/vhosts/anup.de/anmeyer/.sieve: mode=0700 gid=-1 Oct 20 20:10:39 managesieve(anmeyer at anup.de): Debug: sieve-storage: relative path to sieve storage in active link: .sieve/ Oct 20 20:10:51 managesieve: Debug: Loading modules from directory: /usr/lib/dovecot/modules Oct 20 20:10:51 managesieve: Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Oct 20 20:10:51 managesieve: Debug: Added userdb setting: mail=maildir:~/ Oct 20 20:10:51 managesieve: Debug: Added userdb setting: plugin/quota_rule=*:bytes=1G Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: Effective uid=5000, gid=5000, home=/var/spool/vhosts/anup.de/anmeyer Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: Quota root: name=User quota backend=maildir args= Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0 Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: Quota rule: root=User quota mailbox=Trash bytes=+107374182 (10%) messages=0 Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/ Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: maildir++: root=/var/spool/vhosts/anup.de/anmeyer, index=, control=, inbox=/var/spool/vhosts/anup.de/anmeyer, alt= Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: sieve: include: sieve_global_dir is not set; it is currently not possible to include `:global' scripts. Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: sieve-storage: using active sieve script path: /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: sieve-storage: using sieve script storage directory: /var/spool/vhosts/anup.de/anmeyer/.sieve Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: sieve-storage: using permissions from /var/spool/vhosts/anup.de/anmeyer/.sieve: mode=0700 gid=-1 Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: sieve-storage: relative path to sieve storage in active link: .sieve/ Oct 20 20:10:51 imap: Debug: Loading modules from directory: /usr/lib/dovecot/modules Oct 20 20:10:51 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Oct 20 20:10:51 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so Oct 20 20:10:51 imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib20_autocreate_plugin.so Oct 20 20:10:51 imap: Debug: Added userdb setting: mail=maildir:~/ Oct 20 20:10:51 imap: Debug: Added userdb setting: plugin/quota_rule=*:bytes=1G Oct 20 20:10:51 imap(anmeyer at anup.de): Debug: Effective uid=5000, gid=5000, home=/var/spool/vhosts/anup.de/anmeyer Oct 20 20:10:51 imap(anmeyer at anup.de): Debug: Quota root: name=User quota backend=maildir args= Oct 20 20:10:51 imap(anmeyer at anup.de): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0 Oct 20 20:10:51 imap(anmeyer at anup.de): Debug: Quota rule: root=User quota mailbox=Trash bytes=+107374182 (10%) messages=0 Oct 20 20:10:51 imap(anmeyer at anup.de): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/ Oct 20 20:10:51 imap(anmeyer at anup.de): Debug: maildir++: root=/var/spool/vhosts/anup.de/anmeyer, index=, control=, inbox=/var/spool/vhosts/anup.de/anmeyer, alt= In the regular log this: Oct 20 20:10:39 managesieve-login: Info: Login: user=, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, mpid=1898, secured Oct 20 20:10:39 managesieve(anmeyer at anup.de): Warning: sieve-storage: Active sieve script symlink /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve is broken: invalid/unknown path to storage (points to /var/spool/vhosts/anup.de/anmeyer/.sieve/banane.sieve). Oct 20 20:10:39 managesieve(anmeyer at anup.de): Warning: sieve-storage: Active sieve script symlink /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve is broken: invalid/unknown path to storage (points to /var/spool/vhosts/anup.de/anmeyer/.sieve/banane.sieve). Oct 20 20:10:39 managesieve(anmeyer at anup.de): Info: Disconnected: Logged out bytes=52/1565 > Regards, > > Stephan Andreas From anmeyer at anup.de Sun Oct 20 21:20:00 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Sun, 20 Oct 2013 20:20:00 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <52641B53.6060406@sys4.de> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> <5263F624.7040809@rename-it.nl> <20131020173923.25e4c4a1@itxnew.bitcorner.intern> <5263FA34.1010206@Media-Brokers.com> <20131020180545.3a80a8d7@itxnew.bitcorner.intern> <526415AD.4070900@rename-it.nl> <20131020200126.28c62abe@itxnew.bitcorner.intern> <52641B53.6060406@sys4.de> Message-ID: <20131020202000.1a693761@itxnew.bitcorner.intern> Robert Schetterer wrote: > Am 20.10.2013 20:01, schrieb Andreas Meyer: > > Stephan Bosch wrote: > >>> Now, I used the rpm-packages of the distribution (version > >>> 2.1.13), upgraded yesterday with rpm's to version 2.1.17 but > >>> the problem persists. > >> > >> Could you enable mail_debug and show us what the logs say? > > > > I specified > > > > mail_debug = yes debug_log_path = /var/log/dovecot-debug.log > > > > in dovecot.conf and restarted dovecot, but nothing is written to > > the log. > > > > # doveadm log find Debug: /var/log/dovecot-debug.log Info: > > /var/log/dovecot1 Warning: /var/log/dovecot1 Error: > > /var/log/dovecot1 Fatal: /var/log/dovecot1 > does it exist ,is it writable ? I set mail_debug = yes debug_log_path = /var/log/dovecot-debug.log in the dovecot.conf but in the 10-logging.conf there was mail_debug = no set. I thought the dovecot.conf would overtop the 10-logging.conf > Best Regards > MfG Robert Schetterer Andreas From stephan at rename-it.nl Sun Oct 20 23:40:03 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Sun, 20 Oct 2013 22:40:03 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <20131020201519.2bea0007@itxnew.bitcorner.intern> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> <5263F624.7040809@rename-it.nl> <20131020173923.25e4c4a1@itxnew.bitcorner.intern> <5263FA34.1010206@Media-Brokers.com> <20131020180545.3a80a8d7@itxnew.bitcorner.intern> <526415AD.4070900@rename-it.nl> <20131020201519.2bea0007@itxnew.bitcorner.intern> Message-ID: <52643FA3.2060000@rename-it.nl> On 10/20/2013 8:15 PM, Andreas Meyer wrote: > Stephan Bosch wrote: > >> Could you enable mail_debug and show us what the logs say? > In the debug.log I have this > > Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: sieve-storage: using active sieve script path: /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve > Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: sieve-storage: using sieve script storage directory: /var/spool/vhosts/anup.de/anmeyer/.sieve > Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: sieve-storage: using permissions from /var/spool/vhosts/anup.de/anmeyer/.sieve: mode=0700 gid=-1 > Oct 20 20:10:51 managesieve(anmeyer at anup.de): Debug: sieve-storage: relative path to sieve storage in active link: .sieve/ > > In the regular log this: > > Oct 20 20:10:39 managesieve-login: Info: Login: user=, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, mpid=1898, secured > Oct 20 20:10:39 managesieve(anmeyer at anup.de): Warning: sieve-storage: Active sieve script symlink /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve is broken: invalid/unknown path to storage (points to /var/spool/vhosts/anup.de/anmeyer/.sieve/banane.sieve). > Oct 20 20:10:39 managesieve(anmeyer at anup.de): Warning: sieve-storage: Active sieve script symlink /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve is broken: invalid/unknown path to storage (points to /var/spool/vhosts/anup.de/anmeyer/.sieve/banane.sieve). > Oct 20 20:10:39 managesieve(anmeyer at anup.de): Info: Disconnected: Logged out bytes=52/1565 This looks like a bug to me. Could you try to set: sieve_dir = ~/.sieve/ (notice the slash at the end) Does it stop complaining now? Regards, Stephan. From anmeyer at anup.de Sun Oct 20 23:55:05 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Sun, 20 Oct 2013 22:55:05 +0200 Subject: [Dovecot] Question to sieve symlink In-Reply-To: <52643FA3.2060000@rename-it.nl> References: <20131019015520.6fca7c5c@itxnew.bitcorner.intern> <5263F624.7040809@rename-it.nl> <20131020173923.25e4c4a1@itxnew.bitcorner.intern> <5263FA34.1010206@Media-Brokers.com> <20131020180545.3a80a8d7@itxnew.bitcorner.intern> <526415AD.4070900@rename-it.nl> <20131020201519.2bea0007@itxnew.bitcorner.intern> <52643FA3.2060000@rename-it.nl> Message-ID: <20131020225505.3d2aeb26@itxnew.bitcorner.intern> Stephan Bosch wrote: > > Oct 20 20:10:39 managesieve-login: Info: Login: user=, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, mpid=1898, secured > > Oct 20 20:10:39 managesieve(anmeyer at anup.de): Warning: sieve-storage: Active sieve script symlink /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve is broken: invalid/unknown path to storage (points to /var/spool/vhosts/anup.de/anmeyer/.sieve/banane.sieve). > > Oct 20 20:10:39 managesieve(anmeyer at anup.de): Warning: sieve-storage: Active sieve script symlink /var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve is broken: invalid/unknown path to storage (points to /var/spool/vhosts/anup.de/anmeyer/.sieve/banane.sieve). > > Oct 20 20:10:39 managesieve(anmeyer at anup.de): Info: Disconnected: Logged out bytes=52/1565 > > This looks like a bug to me. Could you try to set: > > sieve_dir = ~/.sieve/ > > (notice the slash at the end) > > Does it stop complaining now? well allright, that seems to solve the problem. No complains anymore so far about the broken symlink. > Regards, > > Stephan. Thank you so much! Andreas From sven at svenhartge.de Mon Oct 21 00:39:43 2013 From: sven at svenhartge.de (Sven Hartge) Date: Sun, 20 Oct 2013 23:39:43 +0200 Subject: [Dovecot] Upgrade from 2.1 to 2.2 on Debian References: <5263F677.50908@eye-catching-webdesign.de> Message-ID: <2a547ajsutv8@mids.svenhartge.de> Lucas Rothamel - Eye Catching Webdesign wrote: > I am currently running Dovecot 2.1 on current Debian and need to upgrade > to 2.2 to use the replication features. > I understand that I therefore need to compile Dovecot myself. No. Just use the excellent packages from http://xi.rename-it.nl/debian/ See http://wiki2.dovecot.org/PrebuiltBinaries for more information. It says "Don't use them in production" on the label of the repository, but if you set the installed packages on hold via dpkg/apt-get so you don't get suprised by sudden updates, this repository is safe to use. Gr??e, Sven. -- Sigmentation fault. Core dumped. From gedalya at gedalya.net Mon Oct 21 00:46:57 2013 From: gedalya at gedalya.net (Gedalya) Date: Sun, 20 Oct 2013 17:46:57 -0400 Subject: [Dovecot] Upgrade from 2.1 to 2.2 on Debian In-Reply-To: <2a547ajsutv8@mids.svenhartge.de> References: <5263F677.50908@eye-catching-webdesign.de> <2a547ajsutv8@mids.svenhartge.de> Message-ID: <52644F51.5010305@gedalya.net> On 10/20/2013 05:39 PM, Sven Hartge wrote: > Lucas Rothamel - Eye Catching Webdesign wrote: > >> I am currently running Dovecot 2.1 on current Debian and need to upgrade >> to 2.2 to use the replication features. >> I understand that I therefore need to compile Dovecot myself. > No. Just use the excellent packages from http://xi.rename-it.nl/debian/ > See http://wiki2.dovecot.org/PrebuiltBinaries for more information. > > It says "Don't use them in production" on the label of the repository, > but if you set the installed packages on hold via dpkg/apt-get so you > don't get suprised by sudden updates, this repository is safe to use. > > Gr??e, > Sven. > I agree in principle, specifically if you just look at the last commits at http://hg.dovecot.org/dovecot-2.2/ so you know what your latest binaries contain, and it seems to make sense, then you can put the packages on hold, and test them given your particular configuration and demands. if it works, then .. it works. If you want the proper debian way, just take the 2.2 package from debian's experiemental suite , refresh it to 2.2.6 and compile it. It's not all that hard to do. From sven at svenhartge.de Mon Oct 21 00:52:08 2013 From: sven at svenhartge.de (Sven Hartge) Date: Sun, 20 Oct 2013 23:52:08 +0200 Subject: [Dovecot] Upgrade from 2.1 to 2.2 on Debian References: <5263F677.50908@eye-catching-webdesign.de> <2a547ajsutv8@mids.svenhartge.de> <52644F51.5010305@gedalya.net> Message-ID: <3a5483isutv8@mids.svenhartge.de> Gedalya wrote: > On 10/20/2013 05:39 PM, Sven Hartge wrote: >> Lucas Rothamel - Eye Catching Webdesign wrote: >>> I am currently running Dovecot 2.1 on current Debian and need to >>> upgrade to 2.2 to use the replication features. I understand that I >>> therefore need to compile Dovecot myself. >> No. Just use the excellent packages from >> http://xi.rename-it.nl/debian/ See >> http://wiki2.dovecot.org/PrebuiltBinaries for more information. >> >> It says "Don't use them in production" on the label of the >> repository, but if you set the installed packages on hold via >> dpkg/apt-get so you don't get suprised by sudden updates, this >> repository is safe to use. > I agree in principle, specifically if you just look at the last > commits at http://hg.dovecot.org/dovecot-2.2/ so you know what your > latest binaries contain, and it seems to make sense, then you can put > the packages on hold, and test them given your particular > configuration and demands. if it works, then .. it works. > If you want the proper debian way, just take the 2.2 package from > debian's experiemental suite , refresh it to 2.2.6 and compile it. > It's not all that hard to do. The moment the included pigeonhole patch does no longer apply cleanly, simply respinning the package becomes a tad more difficult. If you know your way around the Debian packaging tools, this is of course no big problem. All others might be better of with the packages from rename-it.nl, as those are based on the latest packages from Debian with all the matching patches applied. Gr??e, Sven. -- Sigmentation fault. Core dumped. From jordan2175 at gmail.com Sat Oct 19 08:28:10 2013 From: jordan2175 at gmail.com (Bret Jordan) Date: Fri, 18 Oct 2013 23:28:10 -0600 Subject: [Dovecot] Issues with configure script / Makefile Message-ID: Dear Dovecot, I have noticed that when you pass a --prefix in to the configure script and say specify a path of /local/dovecot-2.2.6 that when you install most of the subdirectories (etc, lib, include, libexec,etc) have a dovecot directory in them, like if you were installing to /. This is not typical of most *nix software. So I tried to specify the exact location with the following configure options, but they are not honored when it comes to installation. I have looked through the configure script to see if I can see where the problem is and can not see it. These are the ones that do not work. Some of the others, however to work. # Do not work --sysconfdir=/local/dovecot-2.2.6/etc \ --libdir=/local/dovecot-2.2.6/lib \ --includedir=/local/dovecot-2.2.6/include \ --libexecdir=/local/dovecot-2.2.6/libexec \ # Do work --docdir=/local/dovecot-2.2.6/share/doc \ --with-ssl=openssl --with-ssldir=/local/dovecot.2.2.6/ssl \ --with-statedir=/local/dovecot-2.2.6/lib \ --with-moduledir=/local/dovecot-2.2.6/lib \ --with-rundir=/run/dovecot Bret Bret Jordan CISSP | Sr Security Architect PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From bangkokmaco at gmail.com Mon Oct 21 13:27:46 2013 From: bangkokmaco at gmail.com (bangkokmaco at gmail.com) Date: Mon, 21 Oct 2013 10:27:46 +0000 Subject: [Dovecot] bangkokmaco@gmail.com has indicated you're a friend. Accept? Message-ID: <0.0.E.531.1CECE482F143334.246A@mail3.fliporamail.com> Hi, bangkokmaco at gmail.com wants to follow you. ****** Is bangkokmaco at gmail.com you friend? ****** If Yes please follow the link below: http://invites.fliporamail.com/signup_e.html?fullname=Dovecot+Mailing+List&email=dovecot at dovecot.org&invitername=maco&inviterid=21103194&userid=0&token=0&emailmasterid=3fa84c4c-3a95-4010-aded-96c1476942e7&from=bangkokmaco at gmail.com&uie=7&src=txt_yes If No please follow the link below: http://invites.fliporamail.com/signup_e_no.html?fullname=Dovecot+Mailing+List&email=dovecot at dovecot.org&invitername=maco&inviterid=21103194&userid=0&token=0&emailmasterid=3fa84c4c-3a95-4010-aded-96c1476942e7&from=bangkokmaco at gmail.com&uie=7&src=txt_no Follow the link below to remove yourself from all such emails http://invites.fliporamail.com/uns.jsp?email=dovecot at dovecot.org&iid=3fa84c4c-3a95-4010-aded-96c1476942e7&from=bangkokmaco at gmail.com From me at junc.eu Mon Oct 21 13:41:08 2013 From: me at junc.eu (Benny Pedersen) Date: Mon, 21 Oct 2013 12:41:08 +0200 Subject: [Dovecot] =?utf-8?q?bangkokmaco=40gmail=2Ecom_has_indicated_you?= =?utf-8?q?=27re_a_friend=2E_Accept=3F?= In-Reply-To: <0.0.E.531.1CECE482F143334.246A@mail3.fliporamail.com> References: <0.0.E.531.1CECE482F143334.246A@mail3.fliporamail.com> Message-ID: <0fa3970b149c337921a57919df0331c2@junc.eu> bangkokmaco at gmail.com skrev den 2013-10-21 12:27: > bangkokmaco at gmail.com wants to follow you. just follow this maillist, no problem :) whats your real name ? From me at junc.eu Mon Oct 21 14:00:36 2013 From: me at junc.eu (Benny Pedersen) Date: Mon, 21 Oct 2013 13:00:36 +0200 Subject: [Dovecot] =?utf-8?q?dovecot_dropbox_plugin_created_another_proble?= =?utf-8?b?bSA/?= Message-ID: <4017d06ea809df9023121c47a1e944ba@junc.eu> http://blog.dynamoo.com/2013/10/dropbox-spam-leads-to-malware-on-errr.html From skdovecot at smail.inf.fh-brs.de Mon Oct 21 16:25:35 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 21 Oct 2013 15:25:35 +0200 (CEST) Subject: [Dovecot] Login into other user's account // master user for non-master users // chroot to users. In-Reply-To: <5263DDE3.3040103@thelounge.net> References: <5263D9C9.7020803@Media-Brokers.com> <5263DDE3.3040103@thelounge.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 20 Oct 2013, Reindl Harald wrote: > Am 20.10.2013 15:25, schrieb Charles Marcus: >> On 2013-10-18 4:31 AM, Steffen Kaiser wrote: >>> Now, I came into thinking that it would be good in such case, if userB could authentificate as, say "sales*userB" >>> - much like a master user - and ends in "sales"'s home, but with access permissions of "userB", well, like a chroot. >>> >>> Would it be an interesting feature to add to Dovecot's core? >> >> I would actually find that very useful. We have similar role based email accounts, and currently we have the same >> problem - no way to tell which of the users in question did what... > > and how does the different username change anything? > the inbox is still shared > > you see a differnt username for login but you still > do not se *what* he did and if you would have *that* with mail_log you do. > in the logs username + ip-address makes the match With NAT all users share the same IP. Then we have webmail users, that share the same IP, too. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmUrUF3r2wJMiz2NAQJ6qQf+KiRj+nXTggmZQN+TzcAazXifuUk49+/e wbj/JxKtw5pGUc2APQ5E6/C6XoYwBjZySWbufM0ZJUPeS6E62Hn+TjdGWH4YatDs jhTZmujUSEemVQlt++KMKMZ2qEgTbA26lItJSiubuqQoeNT0V0RrkQi0b1giJZXk aScomo9xvWm0o/4IBK2KUgUmFOAz6ZMnmhGmgmQhJIqLLM6unUWUHmSb64bBfVB0 R77qN3zStg6hTAv1Oc2QCs7ycTP31nngbRjbv4fZgIBKBFyX1Ygz5xZGtJwVgeqo 3MWx6pgtL30A1hjey8l5t9vHzivT2kvrT70ukUlYNAuN9w8oW0Bh5A== =O2s5 -----END PGP SIGNATURE----- From CMarcus at Media-Brokers.com Mon Oct 21 16:30:35 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 21 Oct 2013 09:30:35 -0400 Subject: [Dovecot] Login into other user's account // master user for non-master users // chroot to users. In-Reply-To: References: <5263D9C9.7020803@Media-Brokers.com> <5263DDE3.3040103@thelounge.net> Message-ID: <52652C7B.9030305@Media-Brokers.com> Thanks Steffen... I kill-filed Reindl a while back due to his abusive, arrogant nature... Too bad - I held off for a long time, because he does actually seem to have a clue most of the time. Charles On 2013-10-21 9:25 AM, Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sun, 20 Oct 2013, Reindl Harald wrote: > >> Am 20.10.2013 15:25, schrieb Charles Marcus: >>> On 2013-10-18 4:31 AM, Steffen Kaiser >>> wrote: >>>> Now, I came into thinking that it would be good in such case, if >>>> userB could authentificate as, say "sales*userB" >>>> - much like a master user - and ends in "sales"'s home, but with >>>> access permissions of "userB", well, like a chroot. >>>> >>>> Would it be an interesting feature to add to Dovecot's core? >>> >>> I would actually find that very useful. We have similar role based >>> email accounts, and currently we have the same >>> problem - no way to tell which of the users in question did what... >> >> and how does the different username change anything? >> the inbox is still shared >> >> you see a differnt username for login but you still >> do not se *what* he did and if you would have *that* > > with mail_log you do. > >> in the logs username + ip-address makes the match > > With NAT all users share the same IP. Then we have webmail users, that > share the same IP, too. > > - -- Steffen Kaiser -- Best regards, */Charles/* From h.reindl at thelounge.net Mon Oct 21 16:37:10 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 21 Oct 2013 15:37:10 +0200 Subject: [Dovecot] Login into other user's account // master user for non-master users // chroot to users. In-Reply-To: <52652C7B.9030305@Media-Brokers.com> References: <5263D9C9.7020803@Media-Brokers.com> <5263DDE3. 3040103@thelounge.net> <52652C7B.9030305@Media-Brokers.com> Message-ID: <52652E06.7020602@thelounge.net> Am 21.10.2013 15:30, schrieb Charles Marcus: > Thanks Steffen... > > I kill-filed Reindl a while back due to his abusive, arrogant nature... what was absusive in this thread? and the abusive reply to you in the following thread was well deserved after your "prove it" http://dovecot.org/list/dovecot/2013-February/088587.html > Too bad - I held off for a long time, because he does actually seem to have a clue most of the time. because i read docs, not only for dovecot, for a lot of other server software far away from mail and the underlying RFC's too > On 2013-10-21 9:25 AM, Steffen Kaiser wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Sun, 20 Oct 2013, Reindl Harald wrote: >> >>> Am 20.10.2013 15:25, schrieb Charles Marcus: >>>> On 2013-10-18 4:31 AM, Steffen Kaiser wrote: >>>>> Now, I came into thinking that it would be good in such case, if userB could authentificate as, say "sales*userB" >>>>> - much like a master user - and ends in "sales"'s home, but with access permissions of "userB", well, like a >>>>> chroot. >>>>> >>>>> Would it be an interesting feature to add to Dovecot's core? >>>> >>>> I would actually find that very useful. We have similar role based email accounts, and currently we have the same >>>> problem - no way to tell which of the users in question did what... >>> >>> and how does the different username change anything? >>> the inbox is still shared >>> >>> you see a differnt username for login but you still >>> do not se *what* he did and if you would have *that* >> >> with mail_log you do. >> >>> in the logs username + ip-address makes the match >> >> With NAT all users share the same IP. Then we have webmail users, that share the same IP, too -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From rob0 at gmx.co.uk Mon Oct 21 19:31:14 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 21 Oct 2013 11:31:14 -0500 Subject: [Dovecot] to/about Reindl (was: Login into other user's account ...) In-Reply-To: <52652E06.7020602@thelounge.net> References: <5263D9C9.7020803@Media-Brokers.com> <5263DDE3.3040103@thelounge.net> <52652C7B.9030305@Media-Brokers.com> <52652E06.7020602@thelounge.net> Message-ID: <20131021163114.GI16659@harrier.slackbuilds.org> [ Reply-To set: let's not make this another pointless thread ] On Mon, Oct 21, 2013 at 03:37:10PM +0200, Reindl Harald wrote: > Am 21.10.2013 15:30, schrieb Charles Marcus: > > Thanks Steffen... > > > > I kill-filed Reindl a while back due to his abusive, arrogant > > nature... > > what was absusive in this thread? I think you misunderstand. Charles was actually paying you a partial compliment. He was not saying that your response was abusive. He was saying that you actually seem to have a clue most of the time. FWIW I agree on both counts. You tend to get abusive sometimes, but your technical accuracy is very good. > and the abusive reply to you in the following thread was > well deserved after your "prove it" > http://dovecot.org/list/dovecot/2013-February/088587.html The idea that abuse is "well deserved" could be the origin of your difficulty in fitting in with online technical communities. There's really nothing worth getting angry over. If I think someone has been rude to me, my best response is no response. I haven't seen that from you. You never let anything pass. You'll probably ignore my Reply-To: header and reply to this. > > Too bad - I held off for a long time, because he does actually > > seem to have a clue most of the time. > > because i read docs, not only for dovecot, for a lot of other > server software far away from mail and the underlying RFC's too Yes, that is obvious. You have a lot to contribute. Too bad we can only get that at a price that many posters consider too high. Sincere best wishes to you. EOT. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From reymervargas at gmail.com Mon Oct 21 22:23:18 2013 From: reymervargas at gmail.com (Reymer Antonio Vargas Solano) Date: Mon, 21 Oct 2013 13:23:18 -0600 Subject: [Dovecot] Mailboxes separated from IMAP server Message-ID: Hello folks, At my university we are trying to implement a distributed email backend, but I have some troubles, The topology: Server A: Postfix+LMTP # MTA Server B: Dovecot+LMTP # Just mailboxes Server C: Dovecot # POP3/IMAP Right now the Server A can leave a received email to the Server B, but I don't know how to communicate Server C to the Server B to retrieve the emails. I think that we should use IMAP protocol, but I am confused about how to connect them, I don't know if we have to use a proxy IMAP server, or another thing. Can anyone give me an idea? Regards, Reymer Antonio Vargas Solano From h.reindl at thelounge.net Mon Oct 21 22:30:24 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 21 Oct 2013 21:30:24 +0200 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: References: Message-ID: <526580D0.4000509@thelounge.net> Am 21.10.2013 21:23, schrieb Reymer Antonio Vargas Solano: > At my university we are trying to implement a distributed email backend, > but I have some troubles, > > The topology: > > Server A: Postfix+LMTP # MTA > Server B: Dovecot+LMTP # Just mailboxes > Server C: Dovecot # POP3/IMAP > > Right now the Server A can leave a received email to the Server B, but I > don't know how to communicate Server C to the Server B to retrieve the > emails. > > I think that we should use IMAP protocol, but I am confused about how to > connect them, I don't know if we have to use a proxy IMAP server, or > another thing. > > Can anyone give me an idea? http://en.wikipedia.org/wiki/Storage_area_network http://en.wikipedia.org/wiki/Clustered_file_system -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From CMarcus at Media-Brokers.com Mon Oct 21 22:48:10 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 21 Oct 2013 15:48:10 -0400 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: References: Message-ID: <526584FA.1040907@Media-Brokers.com> On 2013-10-21 3:23 PM, Reymer Antonio Vargas Solano wrote: > At my university we are trying to implement a distributed email backend, > but I have some troubles, > > The topology: > > Server A: Postfix+LMTP # MTA > Server B: Dovecot+LMTP # Just mailboxes > Server C: Dovecot # POP3/IMAP > > Right now the Server A can leave a received email to the Server B, but I > don't know how to communicate Server C to the Server B to retrieve the > emails. > > I think that we should use IMAP protocol, but I am confused about how to > connect them, I don't know if we have to use a proxy IMAP server, or > another thing. It all depends on what you want to accomplish... First, I'm guessing your subject is not precisely correct - the IMAP server IS 'the mailboxes'... So, I guess you meant separate MTA and IMAP servers? If so, then... a) you could set up dsync to sync server C with B b) you could do the same with imapsync (best to use dsync though, unless you're stuck with dovecot versions prior to 2.2.# due to brain-dead distro limitations or corporate policies) c) you could use some kind of distributed filesystem Why the 2 dovecot servers? If it is for load, how many users on each (maybe you don't need 2)? If for redundancy, then definitely dsync, but there are other issues to consider (if HA is your goal)... -- Best regards, */Charles /* From rs at sys4.de Mon Oct 21 22:51:27 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 21 Oct 2013 21:51:27 +0200 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: <526580D0.4000509@thelounge.net> References: <526580D0.4000509@thelounge.net> Message-ID: <526585BF.3070701@sys4.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 21.10.2013 21:30, schrieb Reindl Harald: > > > Am 21.10.2013 21:23, schrieb Reymer Antonio Vargas Solano: >> At my university we are trying to implement a distributed email >> backend, but I have some troubles, >> >> The topology: >> >> Server A: Postfix+LMTP # MTA Server B: Dovecot+LMTP # Just >> mailboxes Server C: Dovecot # POP3/IMAP >> >> Right now the Server A can leave a received email to the Server >> B, but I don't know how to communicate Server C to the Server B >> to retrieve the emails. >> >> I think that we should use IMAP protocol, but I am confused about >> how to connect them, I don't know if we have to use a proxy IMAP >> server, or another thing. >> >> Can anyone give me an idea? some more ideas , but based on another server setup/layout use loadbalancer to serveral mailservers ( postfix/dovecot/amavis ) with shared storage ( gfs, nfs, ocfs2 , ceph ,drbd ) etc , shared ldap, sql auth backends etc http://sys4.de/de/blog/2013/06/10/loadbalancing-mit-keepalived-postfix-dovecot/ http://sys4.de/de/blog/2013/06/06/postfix-dovecot-ceph-cluster-storage/ sorry only german or http://www.kutukupret.com/2011/06/19/postfix-realtime-maildir-replication-using-dual-primary-drbd-with-ocfs2/ there are a lot of chances how to solve it, deeply depends how many mailboxes inkl quota you want to goal, and how much traffic is awaited, and at the end what is your budget target. > > http://en.wikipedia.org/wiki/Storage_area_network > http://en.wikipedia.org/wiki/Clustered_file_system > Best Regards MfG Robert Schetterer - -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSZYW5AAoJEP8jBObu0LlEP7sIAJ0DzkJPAjHcChgyih7JBuOw 4BasW4fxKbYcqZhkMdSdrnCMQ6HU3kFKu1IIj7fB25HKcJcZ+vDn7jvG1W+XmZgJ dqolm5vVtK3Map+xYiMrHoPSUgQQzYuL/r1C2zIsR7G4H4qOQRTCqAPCGjFBnCwD tv+i60qukBmwAtEdeTWlUct1MWMyQWuNSiVSmy12NskVFk2yunvwTmHyp0eokuhp ybxw5sEpqCXiMgHTdDAxct2oCYFPSTzBUt0ZaVxZHvyeQhU99CQSzFDcpGgnv6ck pdacW0yGzM2yEG1OjsHCC7TwQlNEcVB5Ndz6ZuMWePPtWFY+WA1ojfplT7U13mo= =FtoI -----END PGP SIGNATURE----- From reymervargas at gmail.com Mon Oct 21 23:10:38 2013 From: reymervargas at gmail.com (Reymer Antonio Vargas Solano) Date: Mon, 21 Oct 2013 14:10:38 -0600 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: <526580D0.4000509@thelounge.net> References: <526580D0.4000509@thelounge.net> Message-ID: Are you kidding me? Is not how or where to store the mailboxes... is how to connect an imap server to another IMAP server that have mailboxes! ravs On Mon, Oct 21, 2013 at 1:30 PM, Reindl Harald wrote: > > > Am 21.10.2013 21:23, schrieb Reymer Antonio Vargas Solano: > > At my university we are trying to implement a distributed email backend, > > but I have some troubles, > > > > The topology: > > > > Server A: Postfix+LMTP # MTA > > Server B: Dovecot+LMTP # Just mailboxes > > Server C: Dovecot # POP3/IMAP > > > > Right now the Server A can leave a received email to the Server B, but I > > don't know how to communicate Server C to the Server B to retrieve the > > emails. > > > > I think that we should use IMAP protocol, but I am confused about how to > > connect them, I don't know if we have to use a proxy IMAP server, or > > another thing. > > > > Can anyone give me an idea? > > http://en.wikipedia.org/wiki/Storage_area_network > http://en.wikipedia.org/wiki/Clustered_file_system > > From azurit at pobox.sk Mon Oct 21 23:11:01 2013 From: azurit at pobox.sk (azurIt) Date: Mon, 21 Oct 2013 22:11:01 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= In-Reply-To: <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com>, <20131017122154.E4F05434@pobox.sk> <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com> Message-ID: <20131021221101.9D8D854F@pobox.sk> > Od: Bron Gondwana > Komu: > D?tum: 17.10.2013 12:30 > Predmet: Re: [Dovecot] Strange output from LIST command > > CC: "Timo Sirainen" >On Thu, Oct 17, 2013, at 09:21 PM, azurIt wrote: >> ______________________________________________________________ >> > Od: Bron Gondwana >> > Komu: Michael M Slusarz , >> > D?tum: 17.10.2013 12:14 >> > Predmet: Re: [Dovecot] Strange output from LIST command >> > >> >On Tue, Oct 15, 2013, at 06:23 AM, Michael M Slusarz wrote: >> >> Quoting azurIt : >> >> >> >> > i'm using Dovecot 2.1.7 (Debian Wheezy) and output from LIST command >> >> > looks strange: >> >> > >> >> > C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN (STATUS (UNSEEN)) >> >> > S: * LIST () "." "INBOX" >> >> > S: * LIST () "." "INBOX.Karantena" >> >> > S: * STATUS "INBOX.Karantena" (UNSEEN 0) >> >> > S: * LIST () "." "INBOX.Spam" >> >> > S: * STATUS "INBOX.Spam" (UNSEEN 0) >> >> > S: 4 OK List completed. >> >> > >> >> > The UNSEEN information for INBOX is completely missing. It is >> >> > correct behavior? >> >> >> >> No. RFC 5819 [2]: >> >> >> >> "For each selectable mailbox matching the list pattern and selection >> >> options, the server MUST return an untagged LIST response followed by >> >> an untagged STATUS response containing the information requested in >> >> the STATUS return option." >> > >> >Just wondering if the INBOX was SELECTed at the time? There's some fun >> >interaction around STATUS and SELECT in RFC3501. >> > >> >Bron. >> >> >> Here's the complete IMAP communication, see the (1) only: >> http://bugs.horde.org/view.php?actionID=view_file&type=log&file=imap-ok.log&ticket=12748 >> >> I also find out that it's working ok when i LIST the INBOX alone like this: >> C: 4 LIST () "" (INBOX) RETURN (STATUS (UNSEEN)) >> S: * LIST () "." "INBOX" >> S: * STATUS "INBOX" (UNSEEN 2) >> S: 4 OK List completed. >> >> The information about UNSEEN messages is correct. It's only doing problems when listing multiple folders at once. > >Yeah, that definitely looks like a bug! I've CC'd Timo to grab his attention :) Can anyone confirm the bug? Will it be fixed in 2.1.x? Thank you. azur From reymervargas at gmail.com Mon Oct 21 23:15:45 2013 From: reymervargas at gmail.com (Reymer Antonio Vargas Solano) Date: Mon, 21 Oct 2013 14:15:45 -0600 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: <526584FA.1040907@Media-Brokers.com> References: <526584FA.1040907@Media-Brokers.com> Message-ID: Sorry about the subject! Thanks for your time I'll try to implement dsync.. I pretend to use 2 dovecot servers because one of them just have the LMTP protocol and the other one have the load of the connections that uses protocols IMAP and POP Regards, ravs ravs On Mon, Oct 21, 2013 at 1:48 PM, Charles Marcus wrote: > On 2013-10-21 3:23 PM, Reymer Antonio Vargas Solano < > reymervargas at gmail.com> wrote: > >> At my university we are trying to implement a distributed email backend, >> but I have some troubles, >> >> The topology: >> >> Server A: Postfix+LMTP # MTA >> Server B: Dovecot+LMTP # Just mailboxes >> Server C: Dovecot # POP3/IMAP >> >> Right now the Server A can leave a received email to the Server B, but I >> don't know how to communicate Server C to the Server B to retrieve the >> emails. >> >> I think that we should use IMAP protocol, but I am confused about how to >> connect them, I don't know if we have to use a proxy IMAP server, or >> another thing. >> > > It all depends on what you want to accomplish... > > First, I'm guessing your subject is not precisely correct - the IMAP > server IS 'the mailboxes'... > > So, I guess you meant separate MTA and IMAP servers? > > If so, then... > > a) you could set up dsync to sync server C with B > > b) you could do the same with imapsync (best to use dsync though, unless > you're stuck with dovecot versions prior to 2.2.# due to brain-dead distro > limitations or corporate policies) > > c) you could use some kind of distributed filesystem > > Why the 2 dovecot servers? If it is for load, how many users on each > (maybe you don't need 2)? If for redundancy, then definitely dsync, but > there are other issues to consider (if HA is your goal)... > > > -- > > Best regards, > > */Charles > /* > From reymervargas at gmail.com Mon Oct 21 23:16:34 2013 From: reymervargas at gmail.com (Reymer Antonio Vargas Solano) Date: Mon, 21 Oct 2013 14:16:34 -0600 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: <526585BF.3070701@sys4.de> References: <526580D0.4000509@thelounge.net> <526585BF.3070701@sys4.de> Message-ID: Thanks about the information, don't worry about the german. Regards, ravs On Mon, Oct 21, 2013 at 1:51 PM, Robert Schetterer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Am 21.10.2013 21:30, schrieb Reindl Harald: > > > > > > Am 21.10.2013 21:23, schrieb Reymer Antonio Vargas Solano: > >> At my university we are trying to implement a distributed email > >> backend, but I have some troubles, > >> > >> The topology: > >> > >> Server A: Postfix+LMTP # MTA Server B: Dovecot+LMTP # Just > >> mailboxes Server C: Dovecot # POP3/IMAP > >> > >> Right now the Server A can leave a received email to the Server > >> B, but I don't know how to communicate Server C to the Server B > >> to retrieve the emails. > >> > >> I think that we should use IMAP protocol, but I am confused about > >> how to connect them, I don't know if we have to use a proxy IMAP > >> server, or another thing. > >> > >> Can anyone give me an idea? > > some more ideas , but based on another server setup/layout > use loadbalancer to serveral mailservers ( postfix/dovecot/amavis ) > with shared storage ( gfs, nfs, ocfs2 , ceph ,drbd ) etc , shared > ldap, sql auth backends etc > > > http://sys4.de/de/blog/2013/06/10/loadbalancing-mit-keepalived-postfix-dovecot/ > > http://sys4.de/de/blog/2013/06/06/postfix-dovecot-ceph-cluster-storage/ > > sorry only german > > or > > > http://www.kutukupret.com/2011/06/19/postfix-realtime-maildir-replication-using-dual-primary-drbd-with-ocfs2/ > > there are a lot of chances how to solve it, deeply depends how many > mailboxes inkl quota you want to goal, and how much traffic is > awaited, and at the end what is your budget target. > > > > > http://en.wikipedia.org/wiki/Storage_area_network > > http://en.wikipedia.org/wiki/Clustered_file_system > > > > > > Best Regards > MfG Robert Schetterer > > - -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstra?e 15, 81669 M?nchen > > Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 > Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQEcBAEBAgAGBQJSZYW5AAoJEP8jBObu0LlEP7sIAJ0DzkJPAjHcChgyih7JBuOw > 4BasW4fxKbYcqZhkMdSdrnCMQ6HU3kFKu1IIj7fB25HKcJcZ+vDn7jvG1W+XmZgJ > dqolm5vVtK3Map+xYiMrHoPSUgQQzYuL/r1C2zIsR7G4H4qOQRTCqAPCGjFBnCwD > tv+i60qukBmwAtEdeTWlUct1MWMyQWuNSiVSmy12NskVFk2yunvwTmHyp0eokuhp > ybxw5sEpqCXiMgHTdDAxct2oCYFPSTzBUt0ZaVxZHvyeQhU99CQSzFDcpGgnv6ck > pdacW0yGzM2yEG1OjsHCC7TwQlNEcVB5Ndz6ZuMWePPtWFY+WA1ojfplT7U13mo= > =FtoI > -----END PGP SIGNATURE----- > From h.reindl at thelounge.net Mon Oct 21 23:20:47 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 21 Oct 2013 22:20:47 +0200 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: References: <526580D0.4000509@thelounge.net> Message-ID: <52658C9F.4020702@thelounge.net> no i am not kidding you what i linked is how in professional environments typically things are done - virtually nobody would talk from one IMAP server to another one to deliver mails to the client with clustedred and replicated filesystems you have all servers accesing the same mail storage and your DNS-record has all of the servers listed http://en.wikipedia.org/wiki/Round-robin_DNS so before you assume someone is kidding you google how load balancing is done in large environments, read the links others provide and if you are not on a that large environment one server would be enough Am 21.10.2013 22:10, schrieb Reymer Antonio Vargas Solano: > Are you kidding me? Is not how or where to store the mailboxes... is how to connect an imap server to another IMAP > server that have mailboxes! > > On Mon, Oct 21, 2013 at 1:30 PM, Reindl Harald > wrote: > > > > Am 21.10.2013 21:23, schrieb Reymer Antonio Vargas Solano: > > At my university we are trying to implement a distributed email backend, > > but I have some troubles, > > > > The topology: > > > > Server A: Postfix+LMTP # MTA > > Server B: Dovecot+LMTP # Just mailboxes > > Server C: Dovecot # POP3/IMAP > > > > Right now the Server A can leave a received email to the Server B, but I > > don't know how to communicate Server C to the Server B to retrieve the > > emails. > > > > I think that we should use IMAP protocol, but I am confused about how to > > connect them, I don't know if we have to use a proxy IMAP server, or > > another thing. > > > > Can anyone give me an idea? > > http://en.wikipedia.org/wiki/Storage_area_network > http://en.wikipedia.org/wiki/Clustered_file_system -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From h.reindl at thelounge.net Mon Oct 21 23:23:57 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 21 Oct 2013 22:23:57 +0200 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: References: <526580D0.4000509@thelounge.net> <526585BF.3070701@sys4.de> Message-ID: <52658D5D.5070406@thelounge.net> Am 21.10.2013 22:16, schrieb Reymer Antonio Vargas Solano: > Thanks about the information, don't worry about the german. interesting that you answered my links about shared and clustered storage with "are you kidding me? Is not how or where to store the mailboxes" well, remind me not try to answer your questions in the future > On Mon, Oct 21, 2013 at 1:51 PM, Robert Schetterer wrote: > > Am 21.10.2013 21:30, schrieb Reindl Harald: >>>> >>>> Am 21.10.2013 21:23, schrieb Reymer Antonio Vargas Solano: >>>>> At my university we are trying to implement a distributed email >>>>> backend, but I have some troubles, >>>>> >>>>> The topology: >>>>> >>>>> Server A: Postfix+LMTP # MTA Server B: Dovecot+LMTP # Just >>>>> mailboxes Server C: Dovecot # POP3/IMAP >>>>> >>>>> Right now the Server A can leave a received email to the Server >>>>> B, but I don't know how to communicate Server C to the Server B >>>>> to retrieve the emails. >>>>> >>>>> I think that we should use IMAP protocol, but I am confused about >>>>> how to connect them, I don't know if we have to use a proxy IMAP >>>>> server, or another thing. >>>>> >>>>> Can anyone give me an idea? > > some more ideas , but based on another server setup/layout > use loadbalancer to serveral mailservers ( postfix/dovecot/amavis ) > with shared storage ( gfs, nfs, ocfs2 , ceph ,drbd ) etc , shared > ldap, sql auth backends etc > > http://sys4.de/de/blog/2013/06/10/loadbalancing-mit-keepalived-postfix-dovecot/ > > http://sys4.de/de/blog/2013/06/06/postfix-dovecot-ceph-cluster-storage/ > > sorry only german > > or > > http://www.kutukupret.com/2011/06/19/postfix-realtime-maildir-replication-using-dual-primary-drbd-with-ocfs2/ > > there are a lot of chances how to solve it, deeply depends how many > mailboxes inkl quota you want to goal, and how much traffic is > awaited, and at the end what is your budget target. > >>>> >>>> http://en.wikipedia.org/wiki/Storage_area_network >>>> http://en.wikipedia.org/wiki/Clustered_file_system -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From reymervargas at gmail.com Mon Oct 21 23:25:13 2013 From: reymervargas at gmail.com (Reymer Antonio Vargas Solano) Date: Mon, 21 Oct 2013 14:25:13 -0600 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: <52658C9F.4020702@thelounge.net> References: <526580D0.4000509@thelounge.net> <52658C9F.4020702@thelounge.net> Message-ID: I know how HA n LB works, is just that is not what I'm looking for for example if you have and imap server that stores the mailboxes in a LUNs of a SAN, that only store the emails received for the postfix servers, transfered by LMTP way, how you can configure another IMAP server that use POP and IMAP protocols without access the SAN just communicating with the other Dovecot server... On Mon, Oct 21, 2013 at 2:20 PM, Reindl Harald wrote: > no i am not kidding you > > what i linked is how in professional environments typically things > are done - virtually nobody would talk from one IMAP server to > another one to deliver mails to the client > > with clustedred and replicated filesystems you have all servers > accesing the same mail storage and your DNS-record has all of > the servers listed > > http://en.wikipedia.org/wiki/Round-robin_DNS > > so before you assume someone is kidding you google how load balancing > is done in large environments, read the links others provide and if > you are not on a that large environment one server would be enough > > Am 21.10.2013 22:10, schrieb Reymer Antonio Vargas Solano: > > Are you kidding me? Is not how or where to store the mailboxes... is how > to connect an imap server to another IMAP > > server that have mailboxes! > > > > On Mon, Oct 21, 2013 at 1:30 PM, Reindl Harald h.reindl at thelounge.net>> wrote: > > > > > > > > Am 21.10.2013 21:23, schrieb Reymer Antonio Vargas Solano: > > > At my university we are trying to implement a distributed email > backend, > > > but I have some troubles, > > > > > > The topology: > > > > > > Server A: Postfix+LMTP # MTA > > > Server B: Dovecot+LMTP # Just mailboxes > > > Server C: Dovecot # POP3/IMAP > > > > > > Right now the Server A can leave a received email to the Server B, > but I > > > don't know how to communicate Server C to the Server B to retrieve > the > > > emails. > > > > > > I think that we should use IMAP protocol, but I am confused about > how to > > > connect them, I don't know if we have to use a proxy IMAP server, > or > > > another thing. > > > > > > Can anyone give me an idea? > > > > http://en.wikipedia.org/wiki/Storage_area_network > > http://en.wikipedia.org/wiki/Clustered_file_system > > From reganyelcich at gmail.com Mon Oct 21 23:29:14 2013 From: reganyelcich at gmail.com (Regan Yelcich) Date: Tue, 22 Oct 2013 09:29:14 +1300 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: <526584FA.1040907@Media-Brokers.com> References: <526584FA.1040907@Media-Brokers.com> Message-ID: I've got a working setup very similar to this. You want to setup server C as a proxy to B. Server B also needs to have Dovecot IMAP running on it so it has something to proxy to = IMAP IMAP I'm using MySQL as the backend for Dovecot, so depending on how you're setup this should give you the basic idea anyway. In your dovecot.conf file on Server C you just need to specify a Proxy as part of the password_query... password_query = \ SELECT \ password \ ,username AS user \ ,'y' as proxy \ ,'' as host \ FROM \ mailbox \ WHERE \ username = '%u' \ AND active='1' On 22/10/2013, at 8:48 AM, Charles Marcus wrote: > On 2013-10-21 3:23 PM, Reymer Antonio Vargas Solano wrote: >> At my university we are trying to implement a distributed email backend, >> but I have some troubles, >> >> The topology: >> >> Server A: Postfix+LMTP # MTA >> Server B: Dovecot+LMTP # Just mailboxes >> Server C: Dovecot # POP3/IMAP >> >> Right now the Server A can leave a received email to the Server B, but I >> don't know how to communicate Server C to the Server B to retrieve the >> emails. >> >> I think that we should use IMAP protocol, but I am confused about how to >> connect them, I don't know if we have to use a proxy IMAP server, or >> another thing. From h.reindl at thelounge.net Mon Oct 21 23:29:33 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 21 Oct 2013 22:29:33 +0200 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: References: <526580D0.4000509@thelounge.net> <52658C9F.4020702@thelounge.net> Message-ID: <52658EAD.9010703@thelounge.net> fine - so i make my answer more precise: if it comes to that you should re-think your achitecture instead seek for workarounds which will hide the problem for some time and sonner or later make a re-design of the architecture much harder than starting to do so earlier but your choice..... Am 21.10.2013 22:25, schrieb Reymer Antonio Vargas Solano: > I know how HA n LB works, is just that is not what I'm looking for for example if you have and imap server that > stores the mailboxes in a LUNs of a SAN, that only store the emails received for the postfix servers, transfered by > LMTP way, how you can configure another IMAP server that use POP and IMAP protocols without access the SAN just > communicating with the other Dovecot server... > > On Mon, Oct 21, 2013 at 2:20 PM, Reindl Harald > wrote: > > no i am not kidding you > > what i linked is how in professional environments typically things > are done - virtually nobody would talk from one IMAP server to > another one to deliver mails to the client > > with clustedred and replicated filesystems you have all servers > accesing the same mail storage and your DNS-record has all of > the servers listed > > http://en.wikipedia.org/wiki/Round-robin_DNS > > so before you assume someone is kidding you google how load balancing > is done in large environments, read the links others provide and if > you are not on a that large environment one server would be enough > > Am 21.10.2013 22:10, schrieb Reymer Antonio Vargas Solano: > > Are you kidding me? Is not how or where to store the mailboxes... is how to connect an imap server to another > IMAP > > server that have mailboxes! > > > > On Mon, Oct 21, 2013 at 1:30 PM, Reindl Harald > >> wrote: > > > > > > > > Am 21.10.2013 21:23, schrieb Reymer Antonio Vargas Solano: > > > At my university we are trying to implement a distributed email backend, > > > but I have some troubles, > > > > > > The topology: > > > > > > Server A: Postfix+LMTP # MTA > > > Server B: Dovecot+LMTP # Just mailboxes > > > Server C: Dovecot # POP3/IMAP > > > > > > Right now the Server A can leave a received email to the Server B, but I > > > don't know how to communicate Server C to the Server B to retrieve the > > > emails. > > > > > > I think that we should use IMAP protocol, but I am confused about how to > > > connect them, I don't know if we have to use a proxy IMAP server, or > > > another thing. > > > > > > Can anyone give me an idea? > > > > http://en.wikipedia.org/wiki/Storage_area_network > > http://en.wikipedia.org/wiki/Clustered_file_system -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From reymervargas at gmail.com Mon Oct 21 23:33:37 2013 From: reymervargas at gmail.com (Reymer Antonio Vargas Solano) Date: Mon, 21 Oct 2013 14:33:37 -0600 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: <52658EAD.9010703@thelounge.net> References: <526580D0.4000509@thelounge.net> <52658C9F.4020702@thelounge.net> <52658EAD.9010703@thelounge.net> Message-ID: Ok, thanks for your time Reindl Harald, I'll consider your ideas! On Mon, Oct 21, 2013 at 2:29 PM, Reindl Harald wrote: > fine - so i make my answer more precise: > > if it comes to that you should re-think your achitecture instead > seek for workarounds which will hide the problem for some time > and sonner or later make a re-design of the architecture much > harder than starting to do so earlier > > but your choice..... > > Am 21.10.2013 22:25, schrieb Reymer Antonio Vargas Solano: > > I know how HA n LB works, is just that is not what I'm looking for for > example if you have and imap server that > > stores the mailboxes in a LUNs of a SAN, that only store the emails > received for the postfix servers, transfered by > > LMTP way, how you can configure another IMAP server that use POP and > IMAP protocols without access the SAN just > > communicating with the other Dovecot server... > > > > On Mon, Oct 21, 2013 at 2:20 PM, Reindl Harald h.reindl at thelounge.net>> wrote: > > > > no i am not kidding you > > > > what i linked is how in professional environments typically things > > are done - virtually nobody would talk from one IMAP server to > > another one to deliver mails to the client > > > > with clustedred and replicated filesystems you have all servers > > accesing the same mail storage and your DNS-record has all of > > the servers listed > > > > http://en.wikipedia.org/wiki/Round-robin_DNS > > > > so before you assume someone is kidding you google how load balancing > > is done in large environments, read the links others provide and if > > you are not on a that large environment one server would be enough > > > > Am 21.10.2013 22:10, schrieb Reymer Antonio Vargas Solano: > > > Are you kidding me? Is not how or where to store the mailboxes... > is how to connect an imap server to another > > IMAP > > > server that have mailboxes! > > > > > > On Mon, Oct 21, 2013 at 1:30 PM, Reindl Harald < > h.reindl at thelounge.net > > >> > wrote: > > > > > > > > > > > > Am 21.10.2013 21:23, schrieb Reymer Antonio Vargas Solano: > > > > At my university we are trying to implement a distributed > email backend, > > > > but I have some troubles, > > > > > > > > The topology: > > > > > > > > Server A: Postfix+LMTP # MTA > > > > Server B: Dovecot+LMTP # Just mailboxes > > > > Server C: Dovecot # POP3/IMAP > > > > > > > > Right now the Server A can leave a received email to the > Server B, but I > > > > don't know how to communicate Server C to the Server B to > retrieve the > > > > emails. > > > > > > > > I think that we should use IMAP protocol, but I am confused > about how to > > > > connect them, I don't know if we have to use a proxy IMAP > server, or > > > > another thing. > > > > > > > > Can anyone give me an idea? > > > > > > http://en.wikipedia.org/wiki/Storage_area_network > > > http://en.wikipedia.org/wiki/Clustered_file_system > > From CMarcus at Media-Brokers.com Mon Oct 21 23:39:33 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 21 Oct 2013 16:39:33 -0400 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: References: <526580D0.4000509@thelounge.net> <52658C9F.4020702@thelounge.net> Message-ID: <52659105.4030507@Media-Brokers.com> On 2013-10-21 4:25 PM, Reymer Antonio Vargas Solano wrote: > I know how HA n LB works, is just that is not what I'm looking for for > example if you have and imap server that stores the mailboxes in a LUNs of > a SAN, that only store the emails received for the postfix servers, > transfered by LMTP way, how you can configure another IMAP server that use > POP and IMAP protocols without access the SAN just communicating with the > other Dovecot server... In that case you may be interested in the dovecot proy feature: http://wiki2.dovecot.org/HowTo/ImapProxy -- Best regards, */Charles/* From reymervargas at gmail.com Mon Oct 21 23:39:33 2013 From: reymervargas at gmail.com (Reymer Antonio Vargas Solano) Date: Mon, 21 Oct 2013 14:39:33 -0600 Subject: [Dovecot] Mailboxes separated from IMAP server In-Reply-To: References: <526584FA.1040907@Media-Brokers.com> Message-ID: Hello Regan, I am using LDAP to store users and passwords. I will try your setup, I think it could work! On Mon, Oct 21, 2013 at 2:29 PM, Regan Yelcich wrote: > I've got a working setup very similar to this. > > You want to setup server C as a proxy to B. Server B also needs to have > Dovecot IMAP running on it so it has something to proxy to = IMAP > IMAP > > I'm using MySQL as the backend for Dovecot, so depending on how you're > setup this should give you the basic idea anyway. > > In your dovecot.conf file on Server C you just need to specify a Proxy as > part of the password_query... > > password_query = \ > SELECT \ > password \ > ,username AS user \ > ,'y' as proxy \ > ,'' as host \ > FROM \ > mailbox \ > WHERE \ > username = '%u' \ > AND active='1' > > > > On 22/10/2013, at 8:48 AM, Charles Marcus wrote: > > > On 2013-10-21 3:23 PM, Reymer Antonio Vargas Solano < > reymervargas at gmail.com> wrote: > >> At my university we are trying to implement a distributed email backend, > >> but I have some troubles, > >> > >> The topology: > >> > >> Server A: Postfix+LMTP # MTA > >> Server B: Dovecot+LMTP # Just mailboxes > >> Server C: Dovecot # POP3/IMAP > >> > >> Right now the Server A can leave a received email to the Server B, but I > >> don't know how to communicate Server C to the Server B to retrieve the > >> emails. > >> > >> I think that we should use IMAP protocol, but I am confused about how to > >> connect them, I don't know if we have to use a proxy IMAP server, or > >> another thing. > > From vorgusa at gmail.com Tue Oct 22 00:42:30 2013 From: vorgusa at gmail.com (Chris Lasater) Date: Mon, 21 Oct 2013 17:42:30 -0400 Subject: [Dovecot] Dbox group file permissions Message-ID: <52659FC6.6060004@gmail.com> Hi everyone, I feel like I am missing something obvious here. I have dovecot up and running and every piece of mail is given user read/write permission. I see the option mail_gid, but I do not see anyplace to set the group permissions. I see the below wiki talking about new home directories getting their permission from the parent directory, but this does not seem to work. Any assistance would be appreciated. http://wiki2.dovecot.org/SharedMailboxes/Permissions I changed the group permissions on the parent directory, and used rm -rf to delete the user directories, then logged in again so it was recreated. [user at dovecot ~]$ sudo ls -la /mnt/home/imapd/domain.example.net/ total 24 drwxr-x--- 6 imapd imapd 4096 Oct 21 17:35 . drwxr-xr-x 46 imapd nagios 4096 Oct 21 16:55 .. drwx------ 3 imapd imapd 4096 Oct 21 16:59 user1 drwx------ 3 imapd imapd 4096 Oct 21 17:35 user2 Setup Mail is written in dbox format CentOS 5.9 dovecot 2.2.6 NFS with director Mail Configs mail_home = /mnt/home/imapd/%d/%n mail_location = dbox:/mnt/home/imapd/%d/%n mail_uid = imapd mail_gid = imapd Thanks, Chris From rs at sys4.de Tue Oct 22 01:13:23 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 22 Oct 2013 00:13:23 +0200 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131021221101.9D8D854F@pobox.sk> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com>, <20131017122154.E4F05434@pobox.sk> <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com> <20131021221101.9D8D854F@pobox.sk> Message-ID: <5265A703.5040801@sys4.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 21.10.2013 22:11, schrieb azurIt: >> Od: Bron Gondwana Komu: >> D?tum: 17.10.2013 12:30 Predmet: Re: >> [Dovecot] Strange output from LIST command >> >> CC: "Timo Sirainen" On Thu, Oct 17, 2013, at 09:21 >> PM, azurIt wrote: >>> ______________________________________________________________ >>>> Od: Bron Gondwana Komu: Michael M Slusarz >>>> , D?tum: >>>> 17.10.2013 12:14 Predmet: Re: [Dovecot] Strange output from >>>> LIST command >>>> >>>> On Tue, Oct 15, 2013, at 06:23 AM, Michael M Slusarz wrote: >>>>> Quoting azurIt : >>>>> >>>>>> i'm using Dovecot 2.1.7 (Debian Wheezy) and output from >>>>>> LIST command looks strange: >>>>>> >>>>>> C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN >>>>>> (STATUS (UNSEEN)) S: * LIST () "." "INBOX" S: * LIST () >>>>>> "." "INBOX.Karantena" S: * STATUS "INBOX.Karantena" >>>>>> (UNSEEN 0) S: * LIST () "." "INBOX.Spam" S: * STATUS >>>>>> "INBOX.Spam" (UNSEEN 0) S: 4 OK List completed. >>>>>> >>>>>> The UNSEEN information for INBOX is completely missing. >>>>>> It is correct behavior? >>>>> >>>>> No. RFC 5819 [2]: >>>>> >>>>> "For each selectable mailbox matching the list pattern and >>>>> selection options, the server MUST return an untagged LIST >>>>> response followed by an untagged STATUS response containing >>>>> the information requested in the STATUS return option." >>>> >>>> Just wondering if the INBOX was SELECTed at the time? >>>> There's some fun interaction around STATUS and SELECT in >>>> RFC3501. >>>> >>>> Bron. >>> >>> >>> Here's the complete IMAP communication, see the (1) only: >>> http://bugs.horde.org/view.php?actionID=view_file&type=log&file=imap-ok.log&ticket=12748 >>> >>> >>> I also find out that it's working ok when i LIST the INBOX alone like this: >>> C: 4 LIST () "" (INBOX) RETURN (STATUS (UNSEEN)) S: * LIST () >>> "." "INBOX" S: * STATUS "INBOX" (UNSEEN 2) S: 4 OK List >>> completed. >>> >>> The information about UNSEEN messages is correct. It's only >>> doing problems when listing multiple folders at once. >> >> Yeah, that definitely looks like a bug! I've CC'd Timo to grab >> his attention :) > > > Can anyone confirm the bug? Will it be fixed in 2.1.x? Thank you. > > azur > 2.1.7 is out of date update to 2.1.17 or 2.2.6 and try again Best Regards MfG Robert Schetterer - -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSZab9AAoJEP8jBObu0LlEr60IAJR4REJ+cgdgCE10Z4iouHC/ mOHqAgbhzS7ZctzL/BQxurO92jjSFV2dcUCp+eijg6VPPBUy7wrQTP6QCCCJO481 CJhDKjzMMCWi7z7H2xEYjKU0J6P9wo+uCGZAk0R7GcaJiRzEv6u7nRtwsks6lROV krvZOOkGMBGpMa2leHDxgVHGjLtmMPZgSGgvusTlxTw1iVhRdYk8gvW+cm9g3WbH bEHF87lP0LO9aab4HcrtuM4U7hllhvDV05f3aCF5+qhA4ZDSNr0SKGg/Q4DUYLP4 sD2cbdvyJ1P/UdwqI0BLBnmUp2cdmeLxJskkSZENS8TOhPeW18KfFd0m3w+soeQ= =jSY1 -----END PGP SIGNATURE----- From asabatgirl at hotmail.com Tue Oct 22 03:47:04 2013 From: asabatgirl at hotmail.com (Asmaa Ahmed) Date: Tue, 22 Oct 2013 02:47:04 +0200 Subject: [Dovecot] using dovecot in Asterisk imap storage Message-ID: Hello, I am trying to use postfix/dovecot as mail server to be the imap storage for my voicemail system.For that I installed postfix and dovecot and trying to follow the instructions in this post http://etel.wiki.oreilly.com/wiki/index.php?title=Storing_Voicemail_on_an_IMAP_server&printable=yes I should add a master user for Asterisk to your IMAP server that has access to all user's mailboxes and as per the instructions, I should edit auth section in dovecot.conf which I can't find! Is there something wrong or should I add this section by myselfAlso I don't have dovecot.masterusers, should I create it? $/etc/dovecot$ /usr/sbin/dovecot -n# 2.0.19: /etc/dovecot/dovecot.conf# OS: Linux 3.2.0-31-virtual x86_64 Ubuntu 12.04.3 LTS mail_location = maildir:~/Maildirmanagesieve_notify_capability = mailtomanagesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihavepassdb { driver = pam}plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve}protocols = imap pop3 sieveservice auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix }}ssl_cert = was automatically rejected:%n%r} Thanks. From bob at computerisms.ca Tue Oct 22 05:05:19 2013 From: bob at computerisms.ca (Bob Miller) Date: Mon, 21 Oct 2013 19:05:19 -0700 Subject: [Dovecot] using dovecot in Asterisk imap storage In-Reply-To: References: Message-ID: <1382407519.6886.257.camel@worklian> -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Tue, 2013-10-22 at 02:47 +0200, Asmaa Ahmed wrote: > Hello, > I am trying to use postfix/dovecot as mail server to be the imap storage for my voicemail system.For that I installed postfix and dovecot and trying to follow the instructions in this post http://etel.wiki.oreilly.com/wiki/index.php?title=Storing_Voicemail_on_an_IMAP_server&printable=yes ugh. it's hard to read your mail, some line breaks or new paragraphs would be useful. I have yet to find one wiki that answers all questions. Expand your horizon: http://wiki2.dovecot.org/Authentication/MasterUsers FWIW, if you are using a recent version of freepbx you can configure imap storage in there on a per-user/extension basis, so you don't need to set up the masteruser... From azurit at pobox.sk Tue Oct 22 10:06:03 2013 From: azurit at pobox.sk (azurIt) Date: Tue, 22 Oct 2013 09:06:03 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= In-Reply-To: <5265A703.5040801@sys4.de> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com>, <20131017122154.E4F05434@pobox.sk>, <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com>, <20131021221101.9D8D854F@pobox.sk> <5265A703.5040801@sys4.de> Message-ID: <20131022090603.A7D37888@pobox.sk> > Od: Robert Schetterer > Komu: > D?tum: 22.10.2013 00:14 > Predmet: Re: [Dovecot] Strange output from LIST command > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Am 21.10.2013 22:11, schrieb azurIt: >>> Od: Bron Gondwana Komu: >>> D?tum: 17.10.2013 12:30 Predmet: Re: >>> [Dovecot] Strange output from LIST command >>> >>> CC: "Timo Sirainen" On Thu, Oct 17, 2013, at 09:21 >>> PM, azurIt wrote: >>>> ______________________________________________________________ >>>>> Od: Bron Gondwana Komu: Michael M Slusarz >>>>> , D?tum: >>>>> 17.10.2013 12:14 Predmet: Re: [Dovecot] Strange output from >>>>> LIST command >>>>> >>>>> On Tue, Oct 15, 2013, at 06:23 AM, Michael M Slusarz wrote: >>>>>> Quoting azurIt : >>>>>> >>>>>>> i'm using Dovecot 2.1.7 (Debian Wheezy) and output from >>>>>>> LIST command looks strange: >>>>>>> >>>>>>> C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN >>>>>>> (STATUS (UNSEEN)) S: * LIST () "." "INBOX" S: * LIST () >>>>>>> "." "INBOX.Karantena" S: * STATUS "INBOX.Karantena" >>>>>>> (UNSEEN 0) S: * LIST () "." "INBOX.Spam" S: * STATUS >>>>>>> "INBOX.Spam" (UNSEEN 0) S: 4 OK List completed. >>>>>>> >>>>>>> The UNSEEN information for INBOX is completely missing. >>>>>>> It is correct behavior? >>>>>> >>>>>> No. RFC 5819 [2]: >>>>>> >>>>>> "For each selectable mailbox matching the list pattern and >>>>>> selection options, the server MUST return an untagged LIST >>>>>> response followed by an untagged STATUS response containing >>>>>> the information requested in the STATUS return option." >>>>> >>>>> Just wondering if the INBOX was SELECTed at the time? >>>>> There's some fun interaction around STATUS and SELECT in >>>>> RFC3501. >>>>> >>>>> Bron. >>>> >>>> >>>> Here's the complete IMAP communication, see the (1) only: >>>> http://bugs.horde.org/view.php?actionID=view_file&type=log&file=imap-ok.log&ticket=12748 >>>> >>>> >>>> >I also find out that it's working ok when i LIST the INBOX alone like this: >>>> C: 4 LIST () "" (INBOX) RETURN (STATUS (UNSEEN)) S: * LIST () >>>> "." "INBOX" S: * STATUS "INBOX" (UNSEEN 2) S: 4 OK List >>>> completed. >>>> >>>> The information about UNSEEN messages is correct. It's only >>>> doing problems when listing multiple folders at once. >>> >>> Yeah, that definitely looks like a bug! I've CC'd Timo to grab >>> his attention :) >> >> >> Can anyone confirm the bug? Will it be fixed in 2.1.x? Thank you. >> >> azur >> > > >2.1.7 is out of date update to 2.1.17 or 2.2.6 and try again As i already said, i tried 2.1.17 and problem persists: http://dovecot.2317879.n4.nabble.com/Strange-output-from-LIST-command-tp44817p44838.html azur From skdovecot at smail.inf.fh-brs.de Tue Oct 22 11:05:44 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Tue, 22 Oct 2013 10:05:44 +0200 (CEST) Subject: [Dovecot] proxy, userdb and passdb In-Reply-To: <526145F7.9020303@mur.at> References: <526145F7.9020303@mur.at> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 18 Oct 2013, Jogi Hofm?ller wrote: > We are getting closer to the migration of our mailsystem. Now I have a > special question. We are successfully using > > passdb { > driver = pam > } > > and that is good. Now, how would I tell dovecot to proxy certain users > (the ones not yet migrated) to the old server? My attempts to configure > an additional userdb failed since this seems to override the passdb setting. see http://wiki2.dovecot.org/PasswordDatabase/ExtraFields However, a userdb does never override passdb setting (as I understand your wording), because the userdb kicks in later, you should post your config. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmYx2F3r2wJMiz2NAQIOYwf/aylycKboWUL9rTep6u0wzfC+e5ZVLHec oZSzF3Kths+dC6IOwEyCBlMuDdk+3Wol1enFzpFVonV11dJ8r55dpUcDqKEhVgS/ Jmx9B/e2+T5aHNZ/VjFxO9rLA+eVasR5g8SQqyjOxN7s71qgrxeGdLfFqt6PoZ5Y 7ZLawGee0wjDblPsG6lpxfCbnJDKF2ooqkIOQ3SQm43bHd5hBHUprJYjXdI4vbFR I2yMNGbAbyuHgzJcPV1/W1GX1UUbFp53DUENFvg3C4Q9rxHAtzDu3JgirkRxhOQ0 qgZ0Uklmddviqp0KgVGulv0jJe0kk03hI689vfwIkddP5LwESwd4Rw== =kIXe -----END PGP SIGNATURE----- From jogi at mur.at Tue Oct 22 13:13:28 2013 From: jogi at mur.at (=?UTF-8?B?Sm9naSBIb2Ztw7xsbGVy?=) Date: Tue, 22 Oct 2013 12:13:28 +0200 Subject: [Dovecot] proxy, userdb and passdb In-Reply-To: References: <526145F7.9020303@mur.at> Message-ID: <52664FC8.50606@mur.at> Hi Steffen, Am 2013-10-22 10:05, schrieb Steffen Kaiser: > see http://wiki2.dovecot.org/PasswordDatabase/ExtraFields Did, thanks. The errors I mentioned in my previous post are gone. Still, proxying does not work as expected. Instead I get strange warnings: Oct 22 12:06:51 server dovecot: auth-worker(PID): Warning: userdb passwd: Move templates args to override_fields setting This is the proxy-userdb file's content (I removed the UID and IP address): user:::::::proxy=y host=IP-ADDRESS starttls=y nopassword=y > However, a userdb does never override passdb setting (as I understand > your wording), because the userdb kicks in later, you should post your > config. Here it comes: # 2.1.17: /etc/dovecot/dovecot.conf # OS: Linux 3.10-3-amd64 x86_64 Debian jessie/sid mail_location = maildir:~/Maildir mail_plugins = acl namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ subscriptions = no type = shared } namespace inbox { hidden = yes inbox = yes list = no location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = session=yes driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap lmtp pop3" ssl_cert = Folks, Several questions packed into one email ;) Can dovecot use TLS/SSL on LTMP inet socket? Can I configure dovecot to only let an authenticated user deliver mail via LMTP? Can I tell dovecot to use a user/password for proxying LMTP connections? All this is related to my quest to move from cyrus to dovecot transparently to our users. And if any of the above questions can be answered with yes, I would appreciate the odd hint on howto configure that :) Thanks in advance! -- j.hofm?ller aka Thesix http://users.mur.at/thesix/ From asabatgirl at hotmail.com Tue Oct 22 16:25:34 2013 From: asabatgirl at hotmail.com (Asmaa Ahmed) Date: Tue, 22 Oct 2013 15:25:34 +0200 Subject: [Dovecot] using dovecot in Asterisk imap storage In-Reply-To: <1382407519.6886.257.camel@worklian> References: , <1382407519.6886.257.camel@worklian> Message-ID: Hello,Thanks for the link, I know how I can configure it from the wiki.. My question is can I add this section completely by myself?I can't find this section at all in dovecot.conf to modify it, and dovecot.masterusers file doesn't exist too in etc configuration files, should I create it too?because I couldn't find the section even commented gave me a doubt if it is the correct way to do it for this version, so I am posting here if someone can confirm this!Thanks. > From: bob at computerisms.ca > To: dovecot at dovecot.org > Date: Mon, 21 Oct 2013 19:05:19 -0700 > Subject: Re: [Dovecot] using dovecot in Asterisk imap storage > > > -- > Computerisms > Bob Miller > 867-334-7117 / 867-633-3760 > http://computerisms.ca > > > On Tue, 2013-10-22 at 02:47 +0200, Asmaa Ahmed wrote: > > Hello, > > I am trying to use postfix/dovecot as mail server to be the imap storage for my voicemail system.For that I installed postfix and dovecot and trying to follow the instructions in this post http://etel.wiki.oreilly.com/wiki/index.php?title=Storing_Voicemail_on_an_IMAP_server&printable=yes > > ugh. it's hard to read your mail, some line breaks or new paragraphs > would be useful. > > I have yet to find one wiki that answers all questions. Expand your > horizon: > > http://wiki2.dovecot.org/Authentication/MasterUsers > > FWIW, if you are using a recent version of freepbx you can configure > imap storage in there on a per-user/extension basis, so you don't need > to set up the masteruser... > > > From lacelle at roboticresearch.com Tue Oct 22 17:14:46 2013 From: lacelle at roboticresearch.com (Zach La Celle) Date: Tue, 22 Oct 2013 10:14:46 -0400 Subject: [Dovecot] fstat() errors on /srv/mail//dovecot.index.log In-Reply-To: <525FE4C4.6060301@roboticresearch.com> References: <525E9DCB.40307@roboticresearch.com> <525FE4C4.6060301@roboticresearch.com> Message-ID: <52668856.2080908@roboticresearch.com> On 10/17/2013 09:23 AM, Zach La Celle wrote: > On 10/17/2013 05:25 AM, Noel Butler wrote: >> On 17/10/2013 00:08, Zach La Celle wrote: >>> Dovecot version 2.1.7 >>> Ubuntu 12.04.3 LTS >>> Kernel 3.2.0-35-generic x86_64 >>> >>> I'm not sure exactly when this started occurring, but sporatically users >>> report issues receiving email, having email saved to "Sent," etc. >>> Looking in dovecot.log, I see the following errors: >>> >>> 2013-10-16 09:53:20 imap-login: Info: Login: user=, method=PLAIN, >>> rip=127.0.0.1, lip=127.0.0.1, mpid=27434, secured, >>> session= >>> 2013-10-16 09:53:20 imap(user1): Info: Disconnected: Logged out in=93 >>> out=846 >>> 2013-10-16 09:53:21 imap(user2): Info: Disconnected: Logged out in=3616 >>> out=495 >>> 2013-10-16 09:53:24 imap-login: Info: Login: user=, method=PLAIN, >>> rip=127.0.0.1, lip=127.0.0.1, mpid=27436, secured, >>> session= >>> 2013-10-16 09:53:24 imap(user3): Info: Disconnected: Logged out in=93 >>> out=819 >>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>> /srv/mail/user4/dovecot.index.log: No such file or directory >>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>> /srv/mail/user4/dovecot.index.log: No such file or directory >>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>> /srv/mail/user4/dovecot.index.log: No such file or directory >>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>> /srv/mail/user4/dovecot.index.log: No such file or directory >>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>> /srv/mail/user4/dovecot.index.log: No such file or directory >>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>> /srv/mail/user4/dovecot.index.log: No such file or directory >>> 2013-10-16 09:53:41 imap-login: Info: Login: user=, method=PLAIN, >>> rip=127.0.0.1, lip=127.0.0.1, mpid=27438, secured, >>> session= >>> 2013-10-16 09:53:41 imap(user3): Info: Disconnected: Logged out in=93 >>> out=819 >>> 2013-10-16 09:54:12 imap-login: Info: Login: user=, method=PLAIN, >>> rip=127.0.0.1, lip=127.0.0.1, mpid=27440, secured, >>> session=<6bI5CdzoCQB/AAAB> >>> 2013-10-16 09:54:12 imap(user1): Info: Disconnected: Logged out in=93 >>> out=846 >>> 2013-10-16 09:54:12 imap(user5): Info: Disconnected: Logged out in=736 >>> out=7064 >>> 2013-10-16 09:54:15 imap-login: Info: Login: user=, method=PLAIN, >>> rip=127.0.0.1, lip=127.0.0.1, mpid=27442, secured, >>> session= >>> 2013-10-16 09:54:15 imap(user6): Info: Disconnected: Logged out in=95 >>> out=902 >>> 2013-10-16 09:54:20 imap-login: Info: Login: user=, method=PLAIN, >>> rip=127.0.0.1, lip=127.0.0.1, mpid=27444, secured, >>> session= >>> 2013-10-16 09:54:20 imap(user1): Info: Disconnected: Logged out in=93 >>> out=846 >>> 2013-10-16 09:54:24 imap-login: Info: Login: user=, method=PLAIN, >>> rip=127.0.0.1, lip=127.0.0.1, mpid=27446, secured, >>> session= >>> 2013-10-16 09:54:24 imap(user3): Info: Disconnected: Logged out in=93 >>> out=819 >>> >>> These errors are not confined to a single user, and do not occur with >>> the same frequency. >>> >> >> This isnt per chance on a NAS/SAN/DAS is it? >> > No, it is not on a SAN. I saw that thread a while back, but this > doesn't seem to be related. >>> I originally was running the Dovecot shipped with the default Ubuntu >>> repositories (don't remember which version, but it was 1.*) and used a >>> backport to upgrade to 2.1.7 to see if that fixed it. It did not. >>> >>> Any ideas why this is happening? >> gawd knows what debian (thats all ubuntu is, same package maintainers >> 99% of time) do to things, wouldnt be the first time they put out a >> package that was kaput from get go, so doveconf -n output will likely >> be required >> > I can provide "dovecot -n" output if this doesn't answer the question, > but it might be an apparmor issue. We recently enabled apparmor > protection, and it seems that it generated an ungodly amount of profiles > in complain mode. So many, that it was causing issues with usage of the > openssl library. > > Putting it in to enforce mode seems like it might fix the problem. I'll > post more information once this is confirmed or denied. I'm replying to this post for completeness. This was definitely a problem with AppArmor in complain mode breaking IMAP. It was generating an incredible amount of logging information, and ended up blocking access to the OpenSSL .so files every once in a while. Putting AppArmor into enforce mode (after checking all of the rules and verifying functionality) worked. No more fstat() errors. From asabatgirl at hotmail.com Tue Oct 22 18:59:14 2013 From: asabatgirl at hotmail.com (Asmaa Ahmed) Date: Tue, 22 Oct 2013 17:59:14 +0200 Subject: [Dovecot] using dovecot in Asterisk imap storage In-Reply-To: References: , , <1382407519.6886.257.camel@worklian>, Message-ID: When I tried to add this section, I got this error at restarting dovecot $ /usr/sbin/dovecot restartdoveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.confdoveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:77: add auth_ prefix to all settings inside auth {} and remove the auth {} section completelydoveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 78: Expecting '=' > From: asabatgirl at hotmail.com > To: dovecot at dovecot.org > Date: Tue, 22 Oct 2013 15:25:34 +0200 > Subject: Re: [Dovecot] using dovecot in Asterisk imap storage > > Hello,Thanks for the link, I know how I can configure it from the wiki.. My question is can I add this section completely by myself?I can't find this section at all in dovecot.conf to modify it, and dovecot.masterusers file doesn't exist too in etc configuration files, should I create it too?because I couldn't find the section even commented gave me a doubt if it is the correct way to do it for this version, so I am posting here if someone can confirm this! Thanks. > > From: bob at computerisms.ca > > To: dovecot at dovecot.org > > Date: Mon, 21 Oct 2013 19:05:19 -0700 > > Subject: Re: [Dovecot] using dovecot in Asterisk imap storage > > > > > > -- > > Computerisms > > Bob Miller > > 867-334-7117 / 867-633-3760 > > http://computerisms.ca > > > > > > On Tue, 2013-10-22 at 02:47 +0200, Asmaa Ahmed wrote: > > > Hello, > > > I am trying to use postfix/dovecot as mail server to be the imap storage for my voicemail system.For that I installed postfix and dovecot and trying to follow the instructions in this post http://etel.wiki.oreilly.com/wiki/index.php?title=Storing_Voicemail_on_an_IMAP_server&printable=yes > > > > ugh. it's hard to read your mail, some line breaks or new paragraphs > > would be useful. > > > > I have yet to find one wiki that answers all questions. Expand your > > horizon: > > > > http://wiki2.dovecot.org/Authentication/MasterUsers > > > > FWIW, if you are using a recent version of freepbx you can configure > > imap storage in there on a per-user/extension basis, so you don't need > > to set up the masteruser... > > > > > > > From asabatgirl at hotmail.com Tue Oct 22 19:02:12 2013 From: asabatgirl at hotmail.com (Asmaa Ahmed) Date: Tue, 22 Oct 2013 18:02:12 +0200 Subject: [Dovecot] using dovecot in Asterisk imap storage In-Reply-To: References: , , <1382407519.6886.257.camel@worklian>, Message-ID: When I tried to add this section, I got this error at restarting dovecot $ /usr/sbin/dovecot restartdoveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.confdoveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:77: add auth_ prefix to all settings inside auth {} and remove the auth {} section completelydoveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 78: Expecting '=' From dan at langille.org Tue Oct 22 21:52:25 2013 From: dan at langille.org (Dan Langille) Date: Tue, 22 Oct 2013 14:52:25 -0400 Subject: [Dovecot] doveadm: Fatal: open(/dev/tty) Message-ID: I received this message today, and remembered, you can't do that... $ doveadm pw -s SHA512-CRYPT Enter new password: doveadm(dan): Fatal: open(/dev/tty) failed: No such file or directory It seems if you have no tty, you can't create a password. Surely there is a better way to do this? Looking at the code, it's trying to open the tty and turn off echo. For the record: FreeBSD 8.4-RELEASE-p3 And yes, there is no console. I'm attached to a FreeBSD jail from the host system, directly via the ezjail-admin console command. # w 6:52PM up 18 days, 23:34, 0 users, load averages: 0.96, 0.57, 0.46 USER TTY FROM LOGIN@ IDLE WHAT # Ain't nobody there.. -- Dan Langille - http://langille.org/ From ppi at searchy.net Tue Oct 22 21:54:25 2013 From: ppi at searchy.net (Frank de Bot) Date: Tue, 22 Oct 2013 20:54:25 +0200 Subject: [Dovecot] doveadm: Fatal: open(/dev/tty) In-Reply-To: References: Message-ID: <5266C9E1.6090409@searchy.net> Hi, It sounds you have forgotten to mount /dev in the jail. You can consult http://www.freebsd.org/doc/handbook/jails-build.html for all steps to do this. Regards, Frank de Bot Dan Langille wrote: > I received this message today, and remembered, you can't do that... > > $ doveadm pw -s SHA512-CRYPT > Enter new password: doveadm(dan): Fatal: open(/dev/tty) failed: No such > file or directory > > > It seems if you have no tty, you can't create a password. Surely there > is a better way to do this? > > Looking at the code, it's trying to open the tty and turn off echo. > > For the record: FreeBSD 8.4-RELEASE-p3 > > And yes, there is no console. I'm attached to a FreeBSD jail from the > host system, directly via the ezjail-admin console command. > > # w > 6:52PM up 18 days, 23:34, 0 users, load averages: 0.96, 0.57, 0.46 > USER TTY FROM LOGIN@ IDLE WHAT > # > > Ain't nobody there.. > From dan at langille.org Tue Oct 22 22:09:57 2013 From: dan at langille.org (Dan Langille) Date: Tue, 22 Oct 2013 15:09:57 -0400 Subject: [Dovecot] doveadm: Fatal: open(/dev/tty) In-Reply-To: <5266C9E1.6090409@searchy.net> References: <5266C9E1.6090409@searchy.net> Message-ID: <211d39039f5b33091dfa02e7a43bea78@mail.unixathome.org> On 2013-10-22 14:54, Frank de Bot wrote: > Dan Langille wrote: > I received this message today, and remembered, you can't do that... > > $ doveadm pw -s SHA512-CRYPT > Enter new password: doveadm(dan): Fatal: open(/dev/tty) failed: No such > file or directory > > > It seems if you have no tty, you can't create a password. Surely there > is a better way to do this? > > Looking at the code, it's trying to open the tty and turn off echo. > > For the record: FreeBSD 8.4-RELEASE-p3 > > And yes, there is no console. I'm attached to a FreeBSD jail from the > host system, directly via the ezjail-admin console command. > > # w > 6:52PM up 18 days, 23:34, 0 users, load averages: 0.96, 0.57, 0.46 > USER TTY FROM LOGIN@ IDLE WHAT > # > > Ain't nobody there.. > Hi, > > It sounds you have forgotten to mount /dev in the jail. You can > consult http://www.freebsd.org/doc/handbook/jails-build.html for all > steps to do this. Thanks Frank. /dev is mounted. In the jail: # ls /dev fd log null ptmx pts random stderr stdin stdout urandom zero From the jail host: $ mount | grep myjail | grep dev devfs on /usr/jails/myjail/dev (devfs, local, multilabel) fdescfs on /usr/jails/myjail/dev/fd (fdescfs) Dovecot, Postfix, & Bacula are running fine. -- Dan Langille - http://langille.org/ From marc at perkel.com Tue Oct 22 22:31:27 2013 From: marc at perkel.com (Marc Perkel) Date: Tue, 22 Oct 2013 12:31:27 -0700 Subject: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication Message-ID: <5266D28F.4050400@perkel.com> I would like to have a list of IPs (hacker list) that I can do a lookup on so that if anyone tries to authenticate to dovecot they always fail if they are on my list. I have the list - and the list is available as a DNS blacklist. I'd like to have it work with both local IP lists or RBL lookup. The idea is so hackers from known IP addresses never succeed. If Dovecot provides the feature I have about 1/2 million IP addresses of known current hackers to block. Anyone else interested in this? From me at junc.eu Tue Oct 22 22:41:02 2013 From: me at junc.eu (Benny Pedersen) Date: Tue, 22 Oct 2013 21:41:02 +0200 Subject: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication In-Reply-To: <5266D28F.4050400@perkel.com> References: <5266D28F.4050400@perkel.com> Message-ID: Marc Perkel skrev den 2013-10-22 21:31: > Anyone else interested in this? would you sell more ram later ? basicly you like to have fail2ban to a central server logging via syslog ? if yes create more rules to fail2ban and show it on a wiki From rick at havokmon.com Tue Oct 22 22:45:02 2013 From: rick at havokmon.com (Rick Romero) Date: Tue, 22 Oct 2013 14:45:02 -0500 Subject: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication In-Reply-To: <5266D28F.4050400@perkel.com> References: <5266D28F.4050400@perkel.com> Message-ID: <20131022144502.Horde.LvO6ZHBxI_vbjCViDt0A9A1@beta.vfemail.net> Quoting Marc Perkel : > I would like to have a list of IPs (hacker list) that I can do a lookup > on so that if anyone tries to authenticate to dovecot they always fail > if they are on my list. > > I have the list - and the list is available as a DNS blacklist. > > I'd like to have it work with both local IP lists or RBL lookup. > > The idea is so hackers from known IP addresses never succeed. > > If Dovecot provides the feature I have about 1/2 million IP addresses of > known current hackers to block. > Anyone else interested in this? How about doing a SQL Auth with a 'NOT IN ' select. Then in your post auth script do an RBL lookup and if listed (but not in your whitelist), add to your table (with a timestamp to expire of course) and kick the user. IMHO, the problem with all out blocks on auth is the same as doing an all out block based on SPF - so many IPs are shared you can easily get false positives. Rick From dan at langille.org Tue Oct 22 22:47:23 2013 From: dan at langille.org (Dan Langille) Date: Tue, 22 Oct 2013 15:47:23 -0400 Subject: [Dovecot] doveadm: Fatal: open(/dev/tty) In-Reply-To: References: Message-ID: <49b8ff6df5fbb0dcb39ebb5f650faaf3@mail.unixathome.org> On 2013-10-22 14:52, Dan Langille wrote: > I received this message today, and remembered, you can't do that... > > $ doveadm pw -s SHA512-CRYPT > Enter new password: doveadm(dan): Fatal: open(/dev/tty) failed: No > such file or directory > > > It seems if you have no tty, you can't create a password. Surely > there is a better way to do this? > > Looking at the code, it's trying to open the tty and turn off echo. > > For the record: FreeBSD 8.4-RELEASE-p3 > > And yes, there is no console. I'm attached to a FreeBSD jail from the > host system, directly via the ezjail-admin console command. > > # w > 6:52PM up 18 days, 23:34, 0 users, load averages: 0.96, 0.57, 0.46 > USER TTY FROM LOGIN@ IDLE WHAT > # > > Ain't nobody there.. This is mostly for the record, as I found nobody else encountering this problem. Interesting... the same thing on a FreeBSD 9.1-RELEASE-p6 gives a different result. After getting into the jail via 'ezjail-admin console', there is a tty listed: # w 7:14PM up 43 days, 23:52, 1 user, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT root pts/0 - 7:14PM - w And all is well: # doveoveadm pw -s SHA512-CRYPT Enter new password: -- Dan Langille - http://langille.org/ From Christian.Schmidt at chemie.uni-hamburg.de Wed Oct 23 00:11:16 2013 From: Christian.Schmidt at chemie.uni-hamburg.de (Christian Schmidt) Date: Tue, 22 Oct 2013 23:11:16 +0200 Subject: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication In-Reply-To: <5266D28F.4050400@perkel.com> References: <5266D28F.4050400@perkel.com> Message-ID: <5266E9F4.9000306@chemie.uni-hamburg.de> 22.10.2013 21:31, Marc Perkel: > I would like to have a list of IPs (hacker list) that I can do a lookup > on so that if anyone tries to authenticate to dovecot they always fail > if they are on my list. You could enable dovecot's tcpwrapper support for this. Kind Regards, Christian Schmidt -- No signature available. From noel.butler at ausics.net Wed Oct 23 01:08:56 2013 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 23 Oct 2013 08:08:56 +1000 Subject: [Dovecot] fstat() errors on /srv/mail//dovecot.index.log In-Reply-To: <52668856.2080908@roboticresearch.com> References: " <525E9DCB.40307@roboticresearch.com>" <525FE4C4.6060301@roboticresearch.com> <52668856.2080908@roboticresearch.com> Message-ID: <11a937338804e5b62b58a350c40dc94f@ausics.net> Zach, Thanks for following up with the list, though I dont and wont touch anything debian/, there are plenty here who do, and may in time appreciate your feedback if they strike same. On 23/10/2013 00:14, Zach La Celle wrote: > On 10/17/2013 09:23 AM, Zach La Celle wrote: >> On 10/17/2013 05:25 AM, Noel Butler wrote: >>> On 17/10/2013 00:08, Zach La Celle wrote: >>>> Dovecot version 2.1.7 >>>> Ubuntu 12.04.3 LTS >>>> Kernel 3.2.0-35-generic x86_64 >>>> >>>> I'm not sure exactly when this started occurring, but sporatically >>>> users >>>> report issues receiving email, having email saved to "Sent," etc. >>>> Looking in dovecot.log, I see the following errors: >>>> >>>> 2013-10-16 09:53:20 imap-login: Info: Login: user=, >>>> method=PLAIN, >>>> rip=127.0.0.1, lip=127.0.0.1, mpid=27434, secured, >>>> session= >>>> 2013-10-16 09:53:20 imap(user1): Info: Disconnected: Logged out >>>> in=93 >>>> out=846 >>>> 2013-10-16 09:53:21 imap(user2): Info: Disconnected: Logged out >>>> in=3616 >>>> out=495 >>>> 2013-10-16 09:53:24 imap-login: Info: Login: user=, >>>> method=PLAIN, >>>> rip=127.0.0.1, lip=127.0.0.1, mpid=27436, secured, >>>> session= >>>> 2013-10-16 09:53:24 imap(user3): Info: Disconnected: Logged out >>>> in=93 >>>> out=819 >>>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>>> /srv/mail/user4/dovecot.index.log: No such file or directory >>>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>>> /srv/mail/user4/dovecot.index.log: No such file or directory >>>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>>> /srv/mail/user4/dovecot.index.log: No such file or directory >>>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>>> /srv/mail/user4/dovecot.index.log: No such file or directory >>>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>>> /srv/mail/user4/dovecot.index.log: No such file or directory >>>> 2013-10-16 09:53:33 imap(user4): Error: fstat() failed with file >>>> /srv/mail/user4/dovecot.index.log: No such file or directory >>>> 2013-10-16 09:53:41 imap-login: Info: Login: user=, >>>> method=PLAIN, >>>> rip=127.0.0.1, lip=127.0.0.1, mpid=27438, secured, >>>> session= >>>> 2013-10-16 09:53:41 imap(user3): Info: Disconnected: Logged out >>>> in=93 >>>> out=819 >>>> 2013-10-16 09:54:12 imap-login: Info: Login: user=, >>>> method=PLAIN, >>>> rip=127.0.0.1, lip=127.0.0.1, mpid=27440, secured, >>>> session=<6bI5CdzoCQB/AAAB> >>>> 2013-10-16 09:54:12 imap(user1): Info: Disconnected: Logged out >>>> in=93 >>>> out=846 >>>> 2013-10-16 09:54:12 imap(user5): Info: Disconnected: Logged out >>>> in=736 >>>> out=7064 >>>> 2013-10-16 09:54:15 imap-login: Info: Login: user=, >>>> method=PLAIN, >>>> rip=127.0.0.1, lip=127.0.0.1, mpid=27442, secured, >>>> session= >>>> 2013-10-16 09:54:15 imap(user6): Info: Disconnected: Logged out >>>> in=95 >>>> out=902 >>>> 2013-10-16 09:54:20 imap-login: Info: Login: user=, >>>> method=PLAIN, >>>> rip=127.0.0.1, lip=127.0.0.1, mpid=27444, secured, >>>> session= >>>> 2013-10-16 09:54:20 imap(user1): Info: Disconnected: Logged out >>>> in=93 >>>> out=846 >>>> 2013-10-16 09:54:24 imap-login: Info: Login: user=, >>>> method=PLAIN, >>>> rip=127.0.0.1, lip=127.0.0.1, mpid=27446, secured, >>>> session= >>>> 2013-10-16 09:54:24 imap(user3): Info: Disconnected: Logged out >>>> in=93 >>>> out=819 >>>> >>>> These errors are not confined to a single user, and do not occur >>>> with >>>> the same frequency. >>>> >>> >>> This isnt per chance on a NAS/SAN/DAS is it? >>> >> No, it is not on a SAN. I saw that thread a while back, but this >> doesn't seem to be related. >>>> I originally was running the Dovecot shipped with the default Ubuntu >>>> repositories (don't remember which version, but it was 1.*) and used >>>> a >>>> backport to upgrade to 2.1.7 to see if that fixed it. It did not. >>>> >>>> Any ideas why this is happening? >>> gawd knows what debian (thats all ubuntu is, same package maintainers >>> 99% of time) do to things, wouldnt be the first time they put out a >>> package that was kaput from get go, so doveconf -n output will >>> likely >>> be required >>> >> I can provide "dovecot -n" output if this doesn't answer the question, >> but it might be an apparmor issue. We recently enabled apparmor >> protection, and it seems that it generated an ungodly amount of >> profiles >> in complain mode. So many, that it was causing issues with usage of >> the >> openssl library. >> >> Putting it in to enforce mode seems like it might fix the problem. >> I'll >> post more information once this is confirmed or denied. > I'm replying to this post for completeness. This was definitely a > problem with AppArmor in complain mode breaking IMAP. It was > generating > an incredible amount of logging information, and ended up blocking > access to the OpenSSL .so files every once in a while. > > Putting AppArmor into enforce mode (after checking all of the rules and > verifying functionality) worked. No more fstat() errors. From noel.butler at ausics.net Wed Oct 23 01:22:15 2013 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 23 Oct 2013 08:22:15 +1000 Subject: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication In-Reply-To: <20131022144502.Horde.LvO6ZHBxI_vbjCViDt0A9A1@beta.vfemail.net> References: <5266D28F.4050400@perkel.com> <20131022144502.Horde.LvO6ZHBxI_vbjCViDt0A9A1@beta.vfemail.net> Message-ID: <3ed9c264e4aaf248c72853df459e5118@ausics.net> On 23/10/2013 05:45, Rick Romero wrote: > > IMHO, the problem with all out blocks on auth is the same as doing an > all > out block based on SPF - so many IPs are shared you can easily get > false > positives. Blocks using SPF will not be FP's, they will be by your internal decision, so will be a genuine block 'hit', even if you don't keep your RR current, that's the admins fault, not the users, or blockers. But I agree with you on the rest, since of those 500K IP's Marc claims to have I'd bet that 99% are hijacked innocent pc's/servers, and of them, >75% would likely be a one time usage. From dovecot at r.paypc.com Wed Oct 23 06:27:36 2013 From: dovecot at r.paypc.com (Robin) Date: Tue, 22 Oct 2013 20:27:36 -0700 Subject: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication In-Reply-To: <3ed9c264e4aaf248c72853df459e5118@ausics.net> References: <5266D28F.4050400@perkel.com> <20131022144502.Horde.LvO6ZHBxI_vbjCViDt0A9A1@beta.vfemail.net> <3ed9c264e4aaf248c72853df459e5118@ausics.net> Message-ID: <52674228.2020501@r.paypc.com> On 10/22/2013 3:22 PM, Noel Butler wrote: > But I agree with you on the rest, since of those 500K IP's Marc claims > to have I'd bet that 99% are hijacked innocent pc's/servers, and of > them, >75% would likely be a one time usage. This accords with our own statistics. While it IS tempting to treat every IP# that "spams" or hits you with a port-scan as something worthy of blackholing, the reality is that the vast majority of the attempts are from "innocent" victim hosts. Now, there's little doubt that MOST of these are not legitimate MTA endpoints, and so "shouldn't" be issuing email directly to your MX hosts. SPF + OpenDKIM are great, but only for those domains that actually use them; you can score "improperly delivered" emails bearing those domains with a policy defined by their operators, but many domains don't publish a policy. I would caution people to avoid throwing out the baby with the bathwater. I've been collecting an increasing number of "mysterious" email delivery problems to endpoints which do not issue DSN/bounces, *OR* provide any feedback to their users that emails have been "blocked". The list includes some big names, like: comcast (cable ISP subscribers) secureserver.net hosted emails (GoDaddy's "hosted email" service, which uses Cloudmark's anti-spam solutions) McAfee's "MXLogic" anti-spam services McAfee's "SaaS/MXLogic" anti-spam service has a responsive false positive mediation system, whereas comcast's + GoDaddy's setups are thoroughly dysfunctional and broken. Despite publishing SPF, fully specified OpenDKIM and using DomainKeys signing, having perfectly clean IP# reputations and not being on ANY RBLs, emails to those hosts is at best "random", or in comcast's case - when it's hosting "vanity domains" for its customers - completely broken. I strongly suspect these inferior anti-spam systems are mistakenly ascribing fault for "Joe Jobbed" spam runs, even if they're delivered by non-compliant hosts as specified in the domain's SPF. All of my clients "login" and issue emails through our MTAs, which are specified as permitted senders in SPF, so there are no "rogue" road warriors "allowed" by our domains' SPF policies. My point is simple: it's easy to let frustration about spam get the better of you, but don't create worse problems for your users and those who try to legitimately reach them. It's progressively making email less and less usable in a global context. =R= From stan at hardwarefreak.com Wed Oct 23 06:32:16 2013 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Tue, 22 Oct 2013 22:32:16 -0500 Subject: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication In-Reply-To: <52674228.2020501@r.paypc.com> References: <5266D28F.4050400@perkel.com> <20131022144502.Horde.LvO6ZHBxI_vbjCViDt0A9A1@beta.vfemail.net> <3ed9c264e4aaf248c72853df459e5118@ausics.net> <52674228.2020501@r.paypc.com> Message-ID: <52674340.8020904@hardwarefreak.com> On 10/22/2013 10:27 PM, Robin wrote: > On 10/22/2013 3:22 PM, Noel Butler wrote: >> But I agree with you on the rest, since of those 500K IP's Marc claims >> to have I'd bet that 99% are hijacked innocent pc's/servers, and of >> them, >75% would likely be a one time usage. > > This accords with our own statistics. While it IS tempting to treat > every IP# that "spams" or hits you with a port-scan as something worthy > of blackholing, the reality is that the vast majority of the attempts > are from "innocent" victim hosts. > > Now, there's little doubt that MOST of these are not legitimate MTA > endpoints, and so "shouldn't" be issuing email directly to your MX > hosts. SPF + OpenDKIM are great... The OP is discussing possibly blocking *IMAP* connections, not SMTP. -- Stan From frank.bonnet at esiee.fr Wed Oct 23 09:44:10 2013 From: frank.bonnet at esiee.fr (BONNET, Frank) Date: Wed, 23 Oct 2013 08:44:10 +0200 Subject: [Dovecot] secure email server Message-ID: Hello I have to setup a "secured" email server - encrypted filesystem - SSL or TLS only for SMTP and IMAPS - Talking only to some known other same-secured servers Any info/links welcome ! Please do not start some flame war around this ! I've been ordered to set up such server and I KNOW there are probably security holes but nothing's perfect so a starting point is necessary *Thank you for any infos* From skdovecot at smail.inf.fh-brs.de Wed Oct 23 10:24:53 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 23 Oct 2013 09:24:53 +0200 (CEST) Subject: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication In-Reply-To: <5266D28F.4050400@perkel.com> References: <5266D28F.4050400@perkel.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 Oct 2013, Marc Perkel wrote: > I would like to have a list of IPs (hacker list) that I can do a lookup on so > that if anyone tries to authenticate to dovecot they always fail if they are > on my list. > > I have the list - and the list is available as a DNS blacklist. > > I'd like to have it work with both local IP lists or RBL lookup. > > The idea is so hackers from known IP addresses never succeed. Why would you let the auth happen at all? Is it some sort of tarpitting? Otherwise you could just block the IP with a firewall. Maybe you can combine the deny AuthDatabase, as explained here: http://wiki2.dovecot.org/Authentication/RestrictAccess?highlight=%28deny%29 with a socket auth demon: http://wiki2.dovecot.org/AuthDatabase/Dict So, you return success via the auth socket dict and use the remote IP as "key", but success is turned into "deny". > If Dovecot provides the feature I have about 1/2 million IP addresses of > known current hackers to block. Well, I do not like the notion "one IP == one person", too many setups use NAT. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmd5xl3r2wJMiz2NAQLaVQf+KLz5cXy9u51KdVnoc2deJydbSuv0J8b1 IpQ2270EIKctTwtwABvYEEOM8o07S20kAL+vqBFBFgvS6pK/mgtm9fg/z1+GPgpu S5ngfOuHw+NrmwSP/JSOGCezFXnccH2a7KVN47pgYVRKWEOMH+j0hbbrogfXcMRD NMtI3GTDlPO0BVdXAavJxQylXbVYAZy5icrd/YkFyp6MkWCNOWkUYzOmr1/sAPZu 8t2t0SXXyfUc/gKHOdO8EGGbS2Bc2YRRO/M3iLScAiJWdo6uu4uCMOjPbZB+utqB 8Nicns0n9ZSCgIixYrjsfwE75nEjY8IwbSplL952sz4kHvG3+5MYrA== =TH+V -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Oct 23 10:38:34 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 23 Oct 2013 09:38:34 +0200 (CEST) Subject: [Dovecot] secure email server In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 23 Oct 2013, BONNET, Frank wrote: > I have to setup a "secured" email server > > - encrypted filesystem hmm. First define what "encrypted" means in this case, the whole partition with one master key, encrypted for each user, ... . For the first, several block device level approaches exist, for the latter check out AFS or Encfs. > - SSL or TLS only for SMTP and IMAPS Well, if you use an inspecting firewall, that checks the traffic, you will be on the save side of life. Does IMAPS means: no STARTTLS over IMAP? Then drop the imap listener in Dovecot. > - Talking only to some known other same-secured servers use an IP firewall. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmd8+l3r2wJMiz2NAQIgVAf+Jx3D8hOty+6vDZ8O5jfU0CoLRr8w/8AR xqKpZ3+oTd5AR7PsK7YjI+PbW1h3NAgYHn9ms8ANDbG2bdEYUoVg6TNjXFtom1Rp dIDrTWeZg/8ese+EtxtG2UZeUS11rP41xpQzpKCHjvO/4Ght0aM5sXonkiLNX/39 NffNOhUB1hCF7eFeVmnm3aexr+bKY8b6MqmRKRXQZsgghoNcAxu0sSXd3+02t/ty brLLhzg3oTPaePSQ72x3FNklhpntyHGOELF8Lun8xCn9hsHCPhBQYRE0eW3G3Qyp TDCix5UZh7hx8BqNmy3DqIKQza9/M9h+MHpd4j+UL+GOHC324JwAJg== =WULk -----END PGP SIGNATURE----- From frank.bonnet at esiee.fr Wed Oct 23 14:16:54 2013 From: frank.bonnet at esiee.fr (BONNET, Frank) Date: Wed, 23 Oct 2013 13:16:54 +0200 Subject: [Dovecot] secure email server In-Reply-To: References: Message-ID: my first question is : does postfix and dovecot are able to use an encrypted filesystem such as Encfs ? For the access question , yes I will use a Juniper firewall ( is it safe to use Juniper ? )to filter IMAP and SMTP access from the outside and the LAN And yes STARTTLS will be used for both SMTP & IMAP access *Frank BONNET* Systemes UNIX et Reseaux ESIEE PARIS 01.45.92.66.17 - 06.70.37.37.69 2013/10/23 Steffen Kaiser > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 23 Oct 2013, BONNET, Frank wrote: > > I have to setup a "secured" email server >> >> - encrypted filesystem >> > > hmm. First define what "encrypted" means in this case, the whole partition > with one master key, encrypted for each user, ... . For the first, several > block device level approaches exist, for the latter check out AFS or Encfs. > > > - SSL or TLS only for SMTP and IMAPS >> > > Well, if you use an inspecting firewall, that checks the traffic, you will > be on the save side of life. > > Does IMAPS means: no STARTTLS over IMAP? Then drop the imap listener in > Dovecot. > > > - Talking only to some known other same-secured servers >> > > use an IP firewall. > > - -- Steffen Kaiser > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUmd8+**l3r2wJMiz2NAQIgVAf+Jx3D8hOty+**6vDZ8O5jfU0CoLRr8w/8AR > xqKpZ3+oTd5AR7PsK7YjI+**PbW1h3NAgYHn9ms8ANDbG2bdEYUoVg**6TNjXFtom1Rp > dIDrTWeZg/8ese+**EtxtG2UZeUS11rP41xpQzpKCHjvO/**4Ght0aM5sXonkiLNX/39 > NffNOhUB1hCF7eFeVmnm3aexr+**bKY8b6MqmRKRXQZsgghoNcAxu0sSXd**3+02t/ty > brLLhzg3oTPaePSQ72x3FNklhpntyH**GOELF8Lun8xCn9hsHCPhBQYRE0eW3G**3Qyp > TDCix5UZh7hx8BqNmy3DqIKQza9/**M9h+MHpd4j+UL+GOHC324JwAJg== > =WULk > -----END PGP SIGNATURE----- > From h.reindl at thelounge.net Wed Oct 23 14:21:48 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 23 Oct 2013 13:21:48 +0200 Subject: [Dovecot] secure email server In-Reply-To: References: Message-ID: <5267B14C.1040504@thelounge.net> Am 23.10.2013 13:16, schrieb BONNET, Frank: > my first question is : does postfix and dovecot are able to use an > encrypted filesystem such as Encfs? dovecot and postfix are userland-applications it's not their job to bother about a filesystem this is a kernel-task -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From rs at sys4.de Wed Oct 23 16:05:02 2013 From: rs at sys4.de (Robert Schetterer) Date: Wed, 23 Oct 2013 15:05:02 +0200 Subject: [Dovecot] secure email server In-Reply-To: References: Message-ID: <5267C97E.9030704@sys4.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 23.10.2013 13:16, schrieb BONNET, Frank: > my first question is : does postfix and dovecot are able to use an > encrypted filesystem such as Encfs ? i am not an expert with crypto filesystems, but from my few, depend to "mail" this would be a feature "on top" ( additional to i.e vpn, ssl, tls, gpg ) , the main problem may be ever, you have to mount the mailbox partition read/writable to dovecot, so you might not get what youre hoping to get from the security sight > > For the access question , yes I will use a Juniper firewall ( is it > safe to use Juniper ? )to filter IMAP and SMTP access from the > outside and the LAN that looks also "on top" to me, if this is a "closed net" you might choose ports with ssl/tls what you like, or simply "start" only secure standard ports, additional overlay with local firewall, using a boarder firewall too, should not hurt anyway the mail setup youre goal is deeply relate to the "paranoid" level you have/want to match, let me give an example, however you manage super secure servers inkl vpn, ssl, tls , gpg, but your users have insecure client computers and/or Os Types there will be ever a hole ,to brake in, also from paranoia level high.. ,it shouldnt be allowed to connect to that system with i.e imap clients which are not open software, closed software may enable spy before any crypt mech has taken place. At the end there will be ever code bugs. So there is no "secure" mail server , there ever will exist a mail setup which match the security level you want or have to match. > > And yes STARTTLS will be used for both SMTP & IMAP access > > > *Frank BONNET* > > Systemes UNIX et Reseaux > > ESIEE PARIS > > 01.45.92.66.17 - 06.70.37.37.69 > > > 2013/10/23 Steffen Kaiser > > On Wed, 23 Oct 2013, BONNET, Frank wrote: > > I have to setup a "secured" email server >>>> >>>> - encrypted filesystem >>>> > > hmm. First define what "encrypted" means in this case, the whole > partition with one master key, encrypted for each user, ... . For > the first, several block device level approaches exist, for the > latter check out AFS or Encfs. > > > - SSL or TLS only for SMTP and IMAPS >>>> > > Well, if you use an inspecting firewall, that checks the traffic, > you will be on the save side of life. > > Does IMAPS means: no STARTTLS over IMAP? Then drop the imap > listener in Dovecot. > > > - Talking only to some known other same-secured servers >>>> > > use an IP firewall. > > -- Steffen Kaiser > >> > Best Regards MfG Robert Schetterer - -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSZ8l4AAoJEP8jBObu0LlEmQEH/ioFzWv3RWX3amK0pdEMPUF8 0w5S8uLO2Ho2TsajzaJrKPSj3ln3uLcAjtvMn/iYh/0SyR2ksRzX9jZMk2MSXKgu pww8Xfv/d75/tJ+mcdzRUy/lvB0z0XcqkbWQdRuAUq/wNwzOddX1p1WJX5LTFoyv qR8OIsn66JwGsUAdrmgKkCWe/FBjr9YQ0JJ1AOiXc1FcU+shceAhMelJKpi9PTzX FbOjRVRywpmxT+z4aiPS2XeSWe3N2TCXGwINFZUMJcgWkX77CeTH6Z7NIq2cCnWk gbTpqU6eTThuWfKvf9V5tVgSNo+sLk2J5pfJFOFLe+ZdNMK1CN7kKRCGxJEW2wI= =qKE5 -----END PGP SIGNATURE----- From raabe at froglogic.com Wed Oct 23 16:21:06 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Wed, 23 Oct 2013 15:21:06 +0200 Subject: [Dovecot] secure email server In-Reply-To: <5267B14C.1040504@thelounge.net> References: " " <5267B14C.1040504@thelounge.net> Message-ID: <45bd51e3b313b7e4c9805d6a8c6ddb8f@roundcube.froglogic.com> On 2013-10-23 13:21, Reindl Harald wrote: > Am 23.10.2013 13:16, schrieb BONNET, Frank: >> my first question is : does postfix and dovecot are able to use an >> encrypted filesystem such as Encfs? > > dovecot and postfix are userland-applications > it's not their job to bother about a filesystem > this is a kernel-task Not all userland applications work equally well with all filesystems (consider programs which work poorly with NFS because they are built around the assumption that certain syscalls are fast). - Frerich From bernd at petrovitsch.priv.at Wed Oct 23 16:27:08 2013 From: bernd at petrovitsch.priv.at (Bernd Petrovitsch) Date: Wed, 23 Oct 2013 15:27:08 +0200 Subject: [Dovecot] secure email server In-Reply-To: <45bd51e3b313b7e4c9805d6a8c6ddb8f@roundcube.froglogic.com> References: " " <5267B14C.1040504@thelounge.net> <45bd51e3b313b7e4c9805d6a8c6ddb8f@roundcube.froglogic.com> Message-ID: <1382534828.22152.79.camel@thorin.petrovitsch.priv.at> On Mit, 2013-10-23 at 15:21 +0200, Frerich Raabe wrote: > On 2013-10-23 13:21, Reindl Harald wrote: > > Am 23.10.2013 13:16, schrieb BONNET, Frank: > >> my first question is : does postfix and dovecot are able to use an > >> encrypted filesystem such as Encfs? > > > > dovecot and postfix are userland-applications > > it's not their job to bother about a filesystem > > this is a kernel-task > > Not all userland applications work equally well with all filesystems > (consider programs which work poorly with NFS because they are built > around the assumption that certain syscalls are fast). That assumption is somewhat optimistic and - thus - these applications are obviously buggy. Since Dovecot works on NFS, it should work with almost all filesystems and (relatively) slow ones too. And MTAs (like postfix) are also build for (and used in) large systems so they should better work on NFS and slow I/O too. Bernd -- Bernd Petrovitsch Email : bernd at petrovitsch.priv.at LUGA : http://www.luga.at From skdovecot at smail.inf.fh-brs.de Wed Oct 23 18:39:46 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 23 Oct 2013 17:39:46 +0200 (CEST) Subject: [Dovecot] secure email server In-Reply-To: <5267C97E.9030704@sys4.de> References: <5267C97E.9030704@sys4.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 23 Oct 2013, Robert Schetterer wrote: > Am 23.10.2013 13:16, schrieb BONNET, Frank: >> my first question is : does postfix and dovecot are able to use an >> encrypted filesystem such as Encfs ? > > i am not an expert with crypto filesystems, but from my few, depend to > "mail" this would be a feature "on top" ( additional to i.e vpn, ssl, > tls, gpg ) , the main problem may be ever, you have to mount the > mailbox partition read/writable to dovecot, so you might not get what With PAM you can mount AFS and EncFS user volumes with the user password transparently. (Well, I did not used EncFS in production, but in theory). So, each Dovecot process would run with special user privilegues to access the user's mails. That however imposes the problem, how mails are delivered into the mail storage without some sort of master user, because the MDA does not gain the user privilegues without the user's password. Maybe, for that a "pending INBOX" had to be created, from where the user slurps the new mails on login with the snarf plugin. > youre hoping to get from the security sight Yes, I agree. >> And yes STARTTLS will be used for both SMTP & IMAP access With Dovecot you can use the "secure" variable, dunno if this works with PMA though. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmftwl3r2wJMiz2NAQIPpQgAt3O3fZ68L2XyAOvTE9vmaiAQfuRIqoIK 6L5kBogZ+l8cESdlX5L/sotsOaMTWd4UisapvtsAurLavOQgB7rOBK7+/RVWX9Mj n5pPHNBK7T0V8n6p1NI74jpsEkNuWRk4D7UGP0wa1Jypul50rF/icZHjJfeP011p tQsgfziSZRZSi9cwSFFYUMPAqagljyQyr8nQ5D7DtrUd9rcbvfAkXACIPx8jjAUz g1sr0vprv44poLSjh7djBgDFSN4hbViynj86i8YMf10RYq8s9eNnEhHrzeVpVdj+ BlwvafT+TMl7NdFPnqYZHj1difp70YH00LM/INZfZWfRxCENjGo/TQ== =AHnD -----END PGP SIGNATURE----- From kremels at kreme.com Wed Oct 23 18:56:05 2013 From: kremels at kreme.com (LuKreme) Date: Wed, 23 Oct 2013 09:56:05 -0600 Subject: [Dovecot] recipient_delimiter deux Message-ID: <78F8CEEF-992E-4622-AC54-ED1980B5DB14@kreme.com> OK, I've been banging my head on why my procmail setup for virtual users is no longer working (difficult to test, since enabling it breaks live user's mail). There are only a few virtual users who have any sort of filters in place anyway (the heavy procmail users are local, not virtual), and they are fairly simple, so I think I can recreate them with sieve. I think I have everything I need for sieve to work, but now what? The first thing I want to do is have sieve process recipient_delimiter into a separate mailbox (creating it, if needed). Googling just for example sieve scripts comes up empty (well, directing to the dovecot wiki which at least on the links that come up, does not have sample scripts). so, foo+bar at example.com will go into foo's mailstore in the folder .bar/new/ On 27 Sep 2013, at 00:24 , Steffen Kaiser wrote: > Dovecot LDA uses the "-m" option and only lda_mailbox_autocreate and lda_mailbox_autosubscribe, no need for recipient_delimiter to override the default mailbox. Which I still don't understand. recipient_delimiter = + is the default, so I shouldn't need to set it in my confs, I just need to setup a sieve recipe (is that what it is called? script?) that will process these messages, right? What would that look like? I have to setup the SQL users so that LMTP or LDA is used for deliver, but I want that to apply only to the sql users. Something like this, maybe? userdb { args = /etc/dovecot/dovecot-sql.conf.ext default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u mail=maildir:/usr/local/virtual/%u sieve=/var/sieve/%u.sieve protocol_lda=$mailplugins sieve driver = sql } I'm sure that protoco_lda isn't the right syntax though. If I set sieve=/var/sieve/%u.sieve as above would users still be able to use sieve-manage to manage their own sieve files? And what MUAs support this? If I left that out, do I put ~/.dovecot.sieve in with the other mailboxes and {cur,new,tmp} and the index files, or will there be issues? If I put a dovecot.sieve file there will it just be seen, processed, and work? (SQL user's $HOME is their maildir) $ doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 auth_mechanisms = PLAIN LOGIN disable_plaintext_auth = no first_valid_uid = 89 login_log_format_elements = user=<%u> %r %m %c mail_location = maildir:~/Maildir mail_max_userip_connections = 90 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } ssl_cert = References: <78F8CEEF-992E-4622-AC54-ED1980B5DB14@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 23 Oct 2013, LuKreme wrote: > OK, I've been banging my head on why my procmail setup for virtual users is no longer working (difficult to test, since enabling it breaks live user's mail). There are only a few virtual users who have any sort of filters in place anyway (the heavy procmail users are local, not virtual), and they are fairly simple, so I think I can recreate them with sieve. > > I think I have everything I need for sieve to work, but now what? > > The first thing I want to do is have sieve process recipient_delimiter into a separate mailbox (creating it, if needed). Googling just for example sieve scripts comes up empty (well, directing to the dovecot wiki which at least on the links that come up, does not have sample scripts). > > so, foo+bar at example.com will go into foo's mailstore in the folder .bar/new/ > > On 27 Sep 2013, at 00:24 , Steffen Kaiser wrote: >> Dovecot LDA uses the "-m" option and only lda_mailbox_autocreate and lda_mailbox_autosubscribe, no need for recipient_delimiter to override the default mailbox. > > Which I still don't understand. > > recipient_delimiter = + is the default, so I shouldn't need to set it in my confs, I just need to setup a sieve recipe (is that what it is called? script?) that will process these messages, right? What would that look like? > > I have to setup the SQL users so that LMTP or LDA is used for deliver, but I want that to apply only to the sql users. Something like this, maybe? This particular step is done in your MTA. So, how do you deliver your messages from the MTA into the mail storage of the user? If you want to use procmail for system users and Dovecot's LDA/LMTP for virtual users, you need to configure a separation _there_ already. The MTA decides with LDA to use: procmail vs. Dovecot. My reply above applies to the branch, when the MTA uses Dovecot LDA to deliver messages (to virtual users). Then use the -m option of the Dovecot LDA, no need for a Sieve script. See http://wiki2.dovecot.org/LDA/Postfix If you use Dovecot's LMTP service, set lmtp_save_to_detail_mailbox = yes, no need for Sieve script either. However, Sieve can override this default mailbox with fileinto, actually both variants just replace the default mailbox (aka INBOX). If you want to use a Sieve script, you need to get the "subaddress" of the envelope recipient address. I've never done this. See http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples 2nd example in section "Plus Addressed mail filtering", however some MTA do not pass envelope information to Dovecot LDA, LMTP would be required then. See remark below that example, too. > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u mail=maildir:/usr/local/virtual/%u sieve=/var/sieve/%u.sieve protocol_lda=$mailplugins sieve > driver = sql > } > > I'm sure that protoco_lda isn't the right syntax though. > > If I set sieve=/var/sieve/%u.sieve as above would users still be able to use sieve-manage to manage their own sieve files? And what MUAs support this? > > If I left that out, do I put ~/.dovecot.sieve in with the other mailboxes and {cur,new,tmp} and the index files, or will there be issues? If I put a dovecot.sieve file there will it just be seen, processed, and work? > > (SQL user's $HOME is their maildir) > > $ doveconf -n > # 2.2.5: /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 9.1-RELEASE i386 > auth_mechanisms = PLAIN LOGIN > disable_plaintext_auth = no > first_valid_uid = 89 > login_log_format_elements = user=<%u> %r %m %c > mail_location = maildir:~/Maildir > mail_max_userip_connections = 90 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox NotJunk { > auto = subscribe > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocols = imap sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > } > ssl_cert = ssl_key = userdb { > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u mail=maildir:/usr/local/virtual/%u > driver = sql > } > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmjAMV3r2wJMiz2NAQIjTAf+OtgoNRi0BYkOFPGT1YGb1aTKvsv05hfV CPD7iapbP3DYNe7UyVYfWqA+rtyHQizByzDZaOdZdxigQ6Ae9d/3ewtoIyj6ZypJ 8i8egoNM9w4IOHCPYBcticqNTfHkzg6T+TJEftf7ohHEmBqnoHZ+uX33sG1bBCgS U0MzgSu3DL4WSnMfvGxuWNjsrpx0ChkfOY3uxPWhbCTQrIKo31tYfiqeIdlLgHbA hWhndufYhQNChdzY2WMwqeMDrR7yo04tuj5Bhx8HfIVwdPkyXRvaYu4D3pqmZ57Y sOAWEwrH1LdHTgxRCa7VfwvrTYg/LdvOKd3d7s61StQFeuC98V1SLw== =MnJi -----END PGP SIGNATURE----- From kremels at kreme.com Thu Oct 24 10:19:46 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 24 Oct 2013 01:19:46 -0600 Subject: [Dovecot] recipient_delimiter deux In-Reply-To: References: <78F8CEEF-992E-4622-AC54-ED1980B5DB14@kreme.com> Message-ID: <4C81A4F3-38BA-4773-9A7C-0137079B540C@kreme.com> On 24 Oct 2013, at 00:37 , Steffen Kaiser wrote: > This particular step is done in your MTA. So, how do you deliver your messages from the MTA into the mail storage of the user? If you want to use procmail for system users and Dovecot's LDA/LMTP for virtual users, you need to configure a separation _there_ already. The MTA decides with LDA to use: procmail vs. Dovecot. postfix is set to virtual_transport = virtual So I would set this to dovecot instead and then in master.cf dovecot unix - n n - - pipe flags=DRhu user=user:group argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension} OK, I?ll give that a shot. -- "I am" is reportedly the shortest sentence in the English language. Could it be that "I do" is the longest sentence? From amateo at um.es Thu Oct 24 13:37:24 2013 From: amateo at um.es (Angel L. Mateo) Date: Thu, 24 Oct 2013 12:37:24 +0200 Subject: [Dovecot] failed: Message has been copied too many times Message-ID: <5268F864.8030800@um.es> Hello, I'm running dovecot 2.1.16 in a ubuntu 12.04 server, with lazy_expunge, SiS and mdbox format. The problem I'm having is that the index for one the mailboxes of one of my users is growing too much. This is not the first time of this problem. In previous cases, is because a message is duplicated thousand of times (I haven't found any reason for this). In these cases, moving messages to other folder and moving again to this same folder fixes the problem. So I have tried this, and I have moved all messages from this folder to another one. But this time, after this, indexes directory is still using a lot of space. And the folder seems to have more serious problems: amateo_adm at myotis51:~$ sudo doveadm search -u vlo mailbox BORRADOS.INBOX.MNCS doveadm(vlo): Error: Syncing mailbox BORRADOS.INBOX.MNCS failed: Message has been copied too many times (59306 + -1) I have tried to delete the folder, with the same result: amateo_adm at myotis51:~$ sudo doveadm mailbox delete -u vlo BORRADOS.INBOX.MNCS doveadm(vlo): Error: Can't delete mailbox BORRADOS.INBOX.MNCS: Message has been copied too many times (59306 + -1) And to purge user's mailbox, but it didn't fix the problem. PS: If this could help, BORRADOS. is the namespace used by lazy_expunge plugin. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337 From amateo at um.es Thu Oct 24 13:41:05 2013 From: amateo at um.es (Angel L. Mateo) Date: Thu, 24 Oct 2013 12:41:05 +0200 Subject: [Dovecot] failed: Message has been copied too many times In-Reply-To: <5268F864.8030800@um.es> References: <5268F864.8030800@um.es> Message-ID: <5268F941.9040908@um.es> El 24/10/13 12:37, Angel L. Mateo escribi?: > Hello, > > I'm running dovecot 2.1.16 in a ubuntu 12.04 server, with > lazy_expunge, SiS and mdbox format. > > The problem I'm having is that the index for one the mailboxes of > one of my users is growing too much. This is not the first time of this > problem. In previous cases, is because a message is duplicated thousand > of times (I haven't found any reason for this). In these cases, moving > messages to other folder and moving again to this same folder fixes the > problem. So I have tried this, and I have moved all messages from this > folder to another one. > > But this time, after this, indexes directory is still using a lot > of space. And the folder seems to have more serious problems: > > amateo_adm at myotis51:~$ sudo doveadm search -u vlo mailbox > BORRADOS.INBOX.MNCS > doveadm(vlo): Error: Syncing mailbox BORRADOS.INBOX.MNCS failed: Message > has been copied too many times (59306 + -1) > > I have tried to delete the folder, with the same result: > > amateo_adm at myotis51:~$ sudo doveadm mailbox delete -u vlo > BORRADOS.INBOX.MNCS > doveadm(vlo): Error: Can't delete mailbox BORRADOS.INBOX.MNCS: Message > has been copied too many times (59306 + -1) > > And to purge user's mailbox, but it didn't fix the problem. > > PS: If this could help, BORRADOS. is the namespace used by lazy_expunge > plugin. > One more thing, when I said that the index has grown too much is because index directory for this mailbox folder is about 850MB, and the mailbox originally had about 3000 messages. This is the list of files in the index directory: root at myotis51:/mail/indexes/vl/vlo/expunged/mailboxes/INBOX/MNCS# ls -lh total 853M -rw------- 1 vmail vmail 127M oct 24 11:16 dovecot.index -rw------- 1 vmail vmail 127M oct 24 11:02 dovecot.index.backup -rw------- 1 vmail vmail 186M oct 24 12:14 dovecot.index.cache -rw------- 1 vmail vmail 180M oct 24 12:36 dovecot.index.log -rw------- 1 vmail vmail 138M oct 24 11:02 dovecot.index.log.2 -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337 From noc at wvnet.at Thu Oct 24 16:07:21 2013 From: noc at wvnet.at (NOC WVNET) Date: Thu, 24 Oct 2013 15:07:21 +0200 Subject: [Dovecot] mailbox sharing with mdbox Message-ID: <090e01ced0b9$f9d11740$ed7345c0$@wvnet.at> Hello, i want to know if it's possible to use mailbox sharing with mdbox. I have done a setup with maildir where it's working fine but with mdbox I'm only able to subscribe the shared folder but there are no messages in it. (maybe a problem with the namespace) I'm running dovecot 2.2.6 [deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2.patched main ] on Debian Wheezy Kind regards Stefan From azurit at pobox.sk Thu Oct 24 16:13:02 2013 From: azurit at pobox.sk (azurIt) Date: Thu, 24 Oct 2013 15:13:02 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= In-Reply-To: <20131022090603.A7D37888@pobox.sk> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com>, <20131017122154.E4F05434@pobox.sk>, <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com>, <20131021221101.9D8D854F@pobox.sk>, <5265A703.5040801@sys4.de> <20131022090603.A7D37888@pobox.sk> Message-ID: <20131024151302.18C55F5C@pobox.sk> > Od: azurIt > Komu: > D?tum: 22.10.2013 09:07 > Predmet: Re: [Dovecot] Strange output from LIST command > >> Od: Robert Schetterer >> Komu: >> D?tum: 22.10.2013 00:14 >> Predmet: Re: [Dovecot] Strange output from LIST command >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Am 21.10.2013 22:11, schrieb azurIt: >>>> Od: Bron Gondwana Komu: >>>> D?tum: 17.10.2013 12:30 Predmet: Re: >>>> [Dovecot] Strange output from LIST command >>>> >>>> CC: "Timo Sirainen" On Thu, Oct 17, 2013, at 09:21 >>>> PM, azurIt wrote: >>>>> ______________________________________________________________ >>>>>> Od: Bron Gondwana Komu: Michael M Slusarz >>>>>> , D?tum: >>>>>> 17.10.2013 12:14 Predmet: Re: [Dovecot] Strange output from >>>>>> LIST command >>>>>> >>>>>> On Tue, Oct 15, 2013, at 06:23 AM, Michael M Slusarz wrote: >>>>>>> Quoting azurIt : >>>>>>> >>>>>>>> i'm using Dovecot 2.1.7 (Debian Wheezy) and output from >>>>>>>> LIST command looks strange: >>>>>>>> >>>>>>>> C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN >>>>>>>> (STATUS (UNSEEN)) S: * LIST () "." "INBOX" S: * LIST () >>>>>>>> "." "INBOX.Karantena" S: * STATUS "INBOX.Karantena" >>>>>>>> (UNSEEN 0) S: * LIST () "." "INBOX.Spam" S: * STATUS >>>>>>>> "INBOX.Spam" (UNSEEN 0) S: 4 OK List completed. >>>>>>>> >>>>>>>> The UNSEEN information for INBOX is completely missing. >>>>>>>> It is correct behavior? >>>>>>> >>>>>>> No. RFC 5819 [2]: >>>>>>> >>>>>>> "For each selectable mailbox matching the list pattern and >>>>>>> selection options, the server MUST return an untagged LIST >>>>>>> response followed by an untagged STATUS response containing >>>>>>> the information requested in the STATUS return option." >>>>>> >>>>>> Just wondering if the INBOX was SELECTed at the time? >>>>>> There's some fun interaction around STATUS and SELECT in >>>>>> RFC3501. >>>>>> >>>>>> Bron. >>>>> >>>>> >>>>> Here's the complete IMAP communication, see the (1) only: >>>>> http://bugs.horde.org/view.php?actionID=view_file&type=log&file=imap-ok.log&ticket=12748 >>>>> >>>>> >>>>> >>I also find out that it's working ok when i LIST the INBOX alone like this: >>>>> C: 4 LIST () "" (INBOX) RETURN (STATUS (UNSEEN)) S: * LIST () >>>>> "." "INBOX" S: * STATUS "INBOX" (UNSEEN 2) S: 4 OK List >>>>> completed. >>>>> >>>>> The information about UNSEEN messages is correct. It's only >>>>> doing problems when listing multiple folders at once. >>>> >>>> Yeah, that definitely looks like a bug! I've CC'd Timo to grab >>>> his attention :) >>> >>> >>> Can anyone confirm the bug? Will it be fixed in 2.1.x? Thank you. >>> >>> azur >>> >> >> >>2.1.7 is out of date update to 2.1.17 or 2.2.6 and try again > > >As i already said, i tried 2.1.17 and problem persists: >http://dovecot.2317879.n4.nabble.com/Strange-output-from-LIST-command-tp44817p44838.html > >azur Ok, how am i suppose to send a bug report? Everyone is ignoring this here on mailing list so this is probably not a good way but i didn't find any other on Dovecot web site. Thank you. azur From listserv at xtlv.cn Thu Oct 24 16:13:24 2013 From: listserv at xtlv.cn (Mario Arnold) Date: Thu, 24 Oct 2013 15:13:24 +0200 Subject: [Dovecot] Problems with userdb lookup In-Reply-To: References: Message-ID: <52691CF4.4080902@xtlv.cn> Hello, since few days there are problems with the userdb lookup. The problem occur if the recipient user is unknown (here test at xtlv.cn) doveconf -n # 2.2.6 (f89e645cba90): /etc/dovecot/dovecot.conf # OS: Linux 3.2.45.stk32 i686 Debian jessie/sid ext3 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = digest-md5 cram-md5 auth_username_translation = %Lu auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot/dov_debug.log hostname = kyoto.vtlx.cn login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k mail_debug = yes mail_gid = vmail mail_home = /var/mail/vhosts/%Ld/%Ln mail_location = sdbox:/var/mail/vhosts/%Ld/%Ln:DIRNAME=DbOx-mAiLs mail_plugins = " quota mail_log notify expire zlib" mail_privileged_group = vmail mail_uid = vmail mailbox_list_index = yes ... passdb { args = scheme=PLAIN username_format=%Lu /etc/dovecot/user_pw/passwd driver = passwd-file } postmaster_address = postmaster at xtlv.cn protocols = " imap lmtp sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } } service config { unix_listener config { mode = 0600 user = vmail } } service dict { unix_listener dict { mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = 84.38.75.44 port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { address = 84.38.75.44 port = 4190 } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { address = 84.38.75.44 port = 995 ssl = yes } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } } ... userdb { args = username_format=%Lu /etc/dovecot/user_pw/passwd driver = passwd-file } ... > gdb /usr/lib/dovecot/auth core_dbg GNU gdb (GDB) 7.6 (Debian 7.6-5) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/lib/dovecot/auth...Reading symbols from /usr/lib/debug/usr/lib/dovecot/auth...done. done. [New LWP 26466] warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". Core was generated by `dovecot/auth'. Program terminated with signal 6, Aborted. #0 0xb779d424 in __kernel_vsyscall () (gdb) bt full #0 0xb779d424 in __kernel_vsyscall () No symbol table info available. #1 0xb74ec80f in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 resultvar = resultvar = pid = -1218015232 selftid = 26466 #2 0xb74efcc3 in __GI_abort () at abort.c:90 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0xb7794ff4, sa_sigaction = 0xb7794ff4}, sa_mask = {__val = {0, 3077744103, 3216056844, 3078348800, 3078207408, 1, 3078184664, 3078275225, 3078207848, 3077070192, 1, 1, 0, 0, 159279448, 3077360220, 3077743598, 3078180852, 3075085960, 3077367868, 159354316, 3077744683, 3078186032, 3075227880, 3216056948, 3077897967, 0, 3078180852, 0, 0, 159354316, 3078300704}}, sa_flags = 1, sa_restorer = 0xb74efb80 <__GI_abort>} sigs = {__val = {32, 0 }} #3 0xb772abf9 in default_fatal_finish (type=, status=status at entry=0) at failures.c:192 backtrace = 0x97e6978 "/usr/lib/dovecot/libdovecot.so.0(+0x67bcf) [0xb772abcf] -> /usr/lib/dovecot/libdovecot.so.0(+0x67c51) [0xb772ac51] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0xb76de1d6] -> /usr/lib/dovecot/libdo"... #4 0xb772ac51 in i_internal_fatal_handler (ctx=0xbfb122e4, format=0xb7757344 "file %s: line %d (%s): assertion failed: (%s)", args=0xbfb12304 "") at failures.c:653 status = 0 #5 0xb76de1d6 in i_panic (format=format at entry=0xb7757344 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:264 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = 0xbfb12304 "" #6 0xb7751886 in p_strndup (pool=0xb7796544 , str=str at entry=0x0, max_chars=max_chars at entry=4294967295) at strfuncs.c:74 mem = len = __FUNCTION__ = "p_strndup" #7 0xb7751d7f in t_strndup (str=0x0, max_chars=4294967295) at strfuncs.c:236 No locals. #8 0x08057003 in auth_request_append_password (str=str at entry=0x97e68a8, request=0x97f8da8, request=0x97f8da8) at auth-request.c:1799 p = log_type = max_len = 4294967295 #9 0x08058cf2 in auth_request_log_unknown_user (request=request at entry=0x97f8da8, subsystem=subsystem at entry=0x807a0cc "passwd-file") at auth-request.c:1846 str = 0x97e68a8 #10 0x0806268c in db_passwd_file_lookup (db=0x97f4430, request=request at entry=0x97f8da8, username_format=0x97ef148 "%Lu") at db-passwd-file.c:466 pw = 0x97f4470 pu = table = username = 0x97e6598 dest = #11 0x0806d8bf in passwd_file_lookup (auth_request=0x97f8da8, callback=0x80599b0 ) at userdb-passwd-file.c:45 _module = module = pu = table = str = key = value = p = #12 0x08059c94 in auth_request_lookup_user (request=0x97f8da8, callback=callback at entry=0x8054ce0 ) at auth-request.c:1072 userdb = 0x97ef150 cache_key = #13 0x08055612 in master_input_user (args=0x97f8751 "7\ttest at xtlv.cn\tservice=quota-status", conn=0x97f8b48) at auth-master-connection.c:314 auth_request = 0x97f8da8 error = 0xbfb125ac "\244\325s\267H\213\177\t" ret = -- ??????? From skdovecot at smail.inf.fh-brs.de Thu Oct 24 16:41:16 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Thu, 24 Oct 2013 15:41:16 +0200 (CEST) Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131024151302.18C55F5C@pobox.sk> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com>, <20131017122154.E4F05434@pobox.sk>, <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com>, <20131021221101.9D8D854F@pobox.sk>, <5265A703.5040801@sys4.de> <20131022090603.A7D37888@pobox.sk> <20131024151302.18C55F5C@pobox.sk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 24 Oct 2013, azurIt wrote: > Ok, how am i suppose to send a bug report? Everyone is ignoring this > here on mailing list so this is probably not a good way but i didn't > find any other on Dovecot web site. Thank you. Timo monitors this list well. So maybe: a) he is occupied with paid work or vacation, b) you've sent in no patch, c) this bug is not fatal in order to have him kick in immediately. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmkjfF3r2wJMiz2NAQJbUwf8DK0tFdw8zrcSv3B4727jdgCboGcO7AXx jkfCIxesoRyi1BNpOVZI9am6wijvvHXMMZrztc0NO9bRrg9Ld+Ww+Caza8Rmn5KL WIPtuZlMVc1G8FkFEO0fz7ReTZC9c5fbcH1XtrmcR3uUNYn0WdQyHGyWZqqFixYE U/skSSbuupfUNinotS3h4lqWV8QTptt9OtlIzQpDrYeB1ssFCRnIkzM18a0dFBmS YIO0sWteUouUVh7M3xLkUvV5tbTKCYRCxeJO/dd574tnrxV5Xvlqy+uDHbciq/Ba 8uZaJ3m/2fdx1nuTbONY72+unZLD/c9b0+UO27zKRBpi9FuOgCadnw== =6hap -----END PGP SIGNATURE----- From azurit at pobox.sk Thu Oct 24 16:48:27 2013 From: azurit at pobox.sk (azurIt) Date: Thu, 24 Oct 2013 15:48:27 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= In-Reply-To: References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com>, <20131017122154.E4F05434@pobox.sk>, <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com>, <20131021221101.9D8D854F@pobox.sk>, <5265A703.5040801@sys4.de>, <20131022090603.A7D37888@pobox.sk>, <20131024151302.18C55F5C@pobox.sk> Message-ID: <20131024154827.BD82E8E1@pobox.sk> > Od: Steffen Kaiser > Komu: azurIt > D?tum: 24.10.2013 15:42 > Predmet: Re: [Dovecot] Strange output from LIST command > > CC: dovecot at dovecot.org >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Thu, 24 Oct 2013, azurIt wrote: > >> Ok, how am i suppose to send a bug report? Everyone is ignoring this >> here on mailing list so this is probably not a good way but i didn't >> find any other on Dovecot web site. Thank you. > >Timo monitors this list well. So maybe: > >a) he is occupied with paid work or vacation, >b) you've sent in no patch, >c) this bug is not fatal in order to have him kick in immediately. How am i suppose to know that my report was even noticed by any developer? azur From kremels at kreme.com Thu Oct 24 17:54:33 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 24 Oct 2013 08:54:33 -0600 Subject: [Dovecot] recipient_delimiter deux In-Reply-To: <4C81A4F3-38BA-4773-9A7C-0137079B540C@kreme.com> References: <78F8CEEF-992E-4622-AC54-ED1980B5DB14@kreme.com> <4C81A4F3-38BA-4773-9A7C-0137079B540C@kreme.com> Message-ID: <9AAB4E25-1670-48CE-A4F2-537A7B57FF11@kreme.com> Thanks Steffen, with the very slight alteration of removing the -n (which caused deliver to abort and the message to bounce, oops) from the line I posted, everything works just fine. For the archives: dovecot unix - n n - - pipe flags=DRhu user=user:group argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -m ${extension} -- This is Art holding a Mirror up to Life. That's why everything is exactly the wrong way around. --Wyrd Sisters From kremels at kreme.com Thu Oct 24 17:58:20 2013 From: kremels at kreme.com (LuKreme) Date: Thu, 24 Oct 2013 08:58:20 -0600 Subject: [Dovecot] Broken files? Message-ID: <1E5DD284-BF48-4207-92B2-AEACCE042064@kreme.com> Getting a lot of these error for two specific mailboxes. They repeat many times a day, usually within less than 5 minutes. mail dovecot: imap(kremels): Error: Broken file /home/kremels/Maildir/.zz.x-tech.2010/dovecot-uidlist line 2: Invalid extended fields: : $ cat .zz.x-tech.2010/dovecot-uidlist 3 V1263241007 N56581 G11fe2118db236952f984010021d1a38d OI tried deleting the files that generated the errors, but they were recreated and the errors returned. (I?m using dovecot2 and Maildir) -- Death was familiar with the concept of the eternal, ever-renewed hero, the champion with a thousand faces. He'd refrained from commenting. From info at eye-catching-webdesign.de Thu Oct 24 20:55:43 2013 From: info at eye-catching-webdesign.de (Lucas Rothamel - Eye Catching Webdesign) Date: Thu, 24 Oct 2013 19:55:43 +0200 Subject: [Dovecot] Replication not happening on 2.2 Message-ID: <52695F1F.1010404@eye-catching-webdesign.de> Hello, first - thanks for the help in getting dovecot 2.2 compiled and installed on Debian. I have Dovecot 2.2 running now on two servers, and to test replication, I am polling mail on one server whilst the other creates mail regularly from crontab output. I have replication set up, but nothing at all is appearing on the other server, and I do not have any dsync / doveadm messages in /var/log/mail.log any more. With 2.1, these two used to spam many errors into mail.log. Any hints? Here is my dovecot-n output: # 2.2.6: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 ext4 auth_mechanisms = plain login cram-md5 disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/%d/%n/Maildir mail_plugins = " notify replication" mail_privileged_group = mail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { mail_replica = remote:vmail at mydomain quota = maildir:User quota quota_rule = *:storage=1GB replication_full_sync_interval = 1 hours } protocols = imap pop3 service aggregator { fifo_listener replication-notify-fifo { mode = 0600 user = vmail } unix_listener replication-notify { mode = 0600 user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } service config { unix_listener config { user = vmail } } service doveadm { user = vmail } service replicator { process_min_avail = 1 } ssl_cert = From noel.butler at ausics.net Fri Oct 25 01:41:25 2013 From: noel.butler at ausics.net (Noel Butler) Date: Fri, 25 Oct 2013 08:41:25 +1000 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131024154827.BD82E8E1@pobox.sk> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com>, <20131017122154.E4F05434@pobox.sk>, <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com>, <20131021221101.9D8D854F@pobox.sk>, <5265A703.5040801@sys4.de>, <20131022090603.A7D37888@pobox.sk>, <20131024151302.18C55F5C@pobox.sk> <20131024154827.BD82E8E1@pobox.sk> Message-ID: <529969440bc136ea4261daddad90e5df@ausics.net> On 24/10/2013 23:48, azurIt wrote: > > How am i suppose to know that my report was even noticed by any > developer? > > azur http://dictionary.reference.com/browse/patience From rob0 at gmx.co.uk Fri Oct 25 03:08:33 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Thu, 24 Oct 2013 19:08:33 -0500 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131024154827.BD82E8E1@pobox.sk> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com> <20131017122154.E4F05434@pobox.sk> <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com> <20131021221101.9D8D854F@pobox.sk> <5265A703.5040801@sys4.de> <20131022090603.A7D37888@pobox.sk> <20131024151302.18C55F5C@pobox.sk> <20131024154827.BD82E8E1@pobox.sk> Message-ID: <20131025000833.GQ16659@harrier.slackbuilds.org> On Thu, Oct 24, 2013 at 03:48:27PM +0200, azurIt wrote: > > Od: Steffen Kaiser > >On Thu, 24 Oct 2013, azurIt wrote: > >> Ok, how am i suppose to send a bug report? Everyone is ignoring > >> this here on mailing list so this is probably not a good way but > >> i didn't find any other on Dovecot web site. Thank you. > > > >Timo monitors this list well. So maybe: > > > >a) he is occupied with paid work or vacation, > >b) you've sent in no patch, > >c) this bug is not fatal in order to have him kick in immediately. > > How am i suppose to know that my report was even noticed by any > developer? Again: take Steffen's word for it. Timo monitors this list well. Sometime's he's busy. If it's worth it to you, contact his company and sponsor a fix. Otherwise, wait. Sometimes Timo gets behind on replies here, but he goes back and answers every significant thread. He will reply.[1] [1] Offer void where taxed or prohibited, or if, God forbid, he got hit by a bus. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From consultant at rustyross.com Fri Oct 25 05:55:34 2013 From: consultant at rustyross.com (Rusty Ross) Date: Thu, 24 Oct 2013 22:55:34 -0400 Subject: [Dovecot] Replication (Mac OS X) Message-ID: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Hello, I am taking a stab at setting up dovecot replication between two OS X Mavericks servers. (The dovecot version in Mavericks is 2.2.5.) The first question I have is in regards to userdb. The user accounts are Open Directory based. The output of: doveadm user ?*' ?yields only: # doveadm user ?*' submit However, specific user accounts can be looked up explicitly, ie: # doveadm user 'mary' field value uid 214 gid 6 home mail maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F quota maildir:User quota:noenforcing quota_rule *:storage=0 mail_location maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F sieve /Library/Server/Mail/Data/rules/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F/dovecot.sieve sieve_dir /Library/Server/Mail/Data/rules/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F sieve_storage /Library/Server/Mail/Data/rules/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F According to http://wiki2.dovecot.org/Replication, user listing via ?doveadm user ?*?? is required for replication. Any thoughts about how I can get that working (or work around it) in this environment? Thanks, Rusty From consultant at rustyross.com Fri Oct 25 07:59:27 2013 From: consultant at rustyross.com (Rusty Ross) Date: Fri, 25 Oct 2013 00:59:27 -0400 Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Message-ID: <30FE15AA-23D2-45E1-A0B7-A64EE23CE11C@rustyross.com> Following up on my own message. Actually replication is working (mostly). Here are two issues at present: (1) Because doveadm user ?*? returns ?submit?, replication is constantly trying to dsync for an account called ?submit: Oct 25 00:36:20 auth: Error: od[getpwnam_ext](submit): No record for user Oct 25 00:41:21 auth: Error: od[getpwnam_ext](submit): No record for user Oct 25 00:46:21 auth: Error: od[getpwnam_ext](submit): No record for user Is there an easy way to suppress replication from trying to sync the ?submit? user? (2) The home directory field is empty for each user: # doveadm user 'mary' field value uid 214 gid 6 home mail maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F quota maildir:User quota:noenforcing quota_rule *:storage=0 mail_location maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F sieve /Library/Server/Mail/Data/rules/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F/dovecot.sieve sieve_dir /Library/Server/Mail/Data/rules/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F sieve_storage /Library/Server/Mail/Data/rules/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F ?and because of this, replication complains because it has nowhere to save a lock file: Oct 25 00:19:07 dsync-local(mary): Error: User has no home directory Oct 25 00:19:07 dsync-local(mary): Error: Remote command returned error 75 I believe this should be an easy fix. I added the following in the userdb block in auth-od,conf.ext: default_fields = home=/Library/Server/Mail/Data/mail/%u However, this expands to: # doveadm user 'mary? [?] home /Library/Server/Mail/Data/mail/mary mail_location maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F [?] ...and not... # doveadm user 'mary' [?] home /Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F mail_location maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F [?] ?as desired. I see that the dovecot documentation states that %u expands to the user?s short name, but then why does the following in 10-mail.conf: mail_location = maildir:/Library/Server/Mail/Data/mail/%u ...expand to the user?s GUID? Thanks for any insight, Rusty From skdovecot at smail.inf.fh-brs.de Fri Oct 25 09:20:18 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 25 Oct 2013 08:20:18 +0200 (CEST) Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 24 Oct 2013, Rusty Ross wrote: > The first question I have is in regards to userdb. please post your configuration. > The user accounts are Open Directory based. The output of: > > doveadm user ?*' > > ?yields only: > > # doveadm user ?*' > submit I do not have not submit in the output. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmoNol3r2wJMiz2NAQJGTQf5AbF88M5Eb6ataLlap7Klwd4bcaq31HVa SoH3onniuDeLE5el9FPDr1X+dwchx+Tk9NCIt2QzYoWSAUwGSbQ8WyJUsb6GN6C7 SgD38XxFfuEve367e1zn1v2veCm13DUGG7zF4gethfObNGC88/Z7plmsM07KZOM7 fOq6OtTG3PvGrrBokIj0tJS+N8riIFAjDc9UZFTvEjpVZ+cRjw7kAY0I+nFeVA7G idMULQkNHjrhX+gboONP273aY5lc3OOF86ZMvHJ4T0yUL1al7Mebs0URJUW4SSJb 9XcnzB9gzboplNZ39dLFcNJdEHxzTSfDLX+0iOHRdihjKVxgJSpfqQ== =lfpJ -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Oct 25 09:22:52 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 25 Oct 2013 08:22:52 +0200 (CEST) Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: <30FE15AA-23D2-45E1-A0B7-A64EE23CE11C@rustyross.com> References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> <30FE15AA-23D2-45E1-A0B7-A64EE23CE11C@rustyross.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Oct 2013, Rusty Ross wrote: > Actually replication is working (mostly). Here are two issues at present: Post you config: doveconf -n and references ext-files. > I see that the dovecot documentation states that %u expands to the user?s short name, but then why does the following in 10-mail.conf: > > mail_location = maildir:/Library/Server/Mail/Data/mail/%u > > ...expand to the user?s GUID? Maybe it's overriden by other settings, or by userdb, or ... . - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmoOPF3r2wJMiz2NAQK6fgf+IcsNKcO4E3ahsmklD2+vrF/aaWcv7ksA mZLYkQeC0003S5AXv49VZmT32cQsWaqNLLXBB+4VcS9Jfn9YvjmJcAxMDSyYm/pj tx1mtKMnaQ6XAUOIQLgtpp9XaVlF8L8TaNdOLEeXkVNWMaVYZYNk5JERlwnXyJiR YHtbNhnmBTz8/JPDqECjbn1hHtU5SfHqAZ3MQIpPAyWhvR7yMCX8TGS1JmeMWeBd Ij5+ZmmiGMpRfXYb7Bs/HKd3uslJAQqlfLG+20ULa086A5yJvuf1Ls/JZhZrpJG3 N1XM8ILjoVJDW0ZTc3tJja7tE3X48FmDRdvHocjPMI/x5fGiQab84Q== =HEP8 -----END PGP SIGNATURE----- From azurit at pobox.sk Fri Oct 25 10:20:01 2013 From: azurit at pobox.sk (azurIt) Date: Fri, 25 Oct 2013 09:20:01 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= In-Reply-To: <529969440bc136ea4261daddad90e5df@ausics.net> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com>, <20131017122154.E4F05434@pobox.sk>, <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com>, <20131021221101.9D8D854F@pobox.sk>, <5265A703.5040801@sys4.de>, <20131022090603.A7D37888@pobox.sk>, <20131024151302.18C55F5C@pobox.sk>, , <20131024154827.BD82E8E1@pobox.sk> <529969440bc136ea4261daddad90e5df@ausics.net> Message-ID: <20131025092001.CF57B090@pobox.sk> > Od: Noel Butler > Komu: > D?tum: 25.10.2013 00:42 > Predmet: Re: [Dovecot] Strange output from LIST command > >On 24/10/2013 23:48, azurIt wrote: > >> >> How am i suppose to know that my report was even noticed by any >> developer? >> >> azur > >http://dictionary.reference.com/browse/patience > This is NOT about patience. azur From skdovecot at smail.inf.fh-brs.de Fri Oct 25 11:15:19 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 25 Oct 2013 10:15:19 +0200 (CEST) Subject: [Dovecot] Broken files? In-Reply-To: <1E5DD284-BF48-4207-92B2-AEACCE042064@kreme.com> References: <1E5DD284-BF48-4207-92B2-AEACCE042064@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 24 Oct 2013, LuKreme wrote: > Getting a lot of these error for two specific mailboxes. They repeat many times a day, usually within less than 5 minutes. > > mail dovecot: imap(kremels): Error: Broken file /home/kremels/Maildir/.zz.x-tech.2010/dovecot-uidlist line 2: Invalid extended fields: : > > $ cat .zz.x-tech.2010/dovecot-uidlist > 3 V1263241007 N56581 G11fe2118db236952f984010021d1a38d > > OI tried deleting the files that generated the errors, but they were recreated and the errors returned. the error claims line 2, but the file has just one? Or is the second line present, but empty (just newline). Is it possible, that two Dovecot instances, maybe two on the same server or via a shared filesystem, access the same mailbox the same time? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmool13r2wJMiz2NAQKkzAf/SyH0Wes+UTReuXIbXupJkmCXvSUxDb13 +sx99SzBRgQS91jfn0BEwfbzxOvTwsrrp96kUOkTY0CEmR0PdqeiYHp6MebdMiJT NbV+L8fyjQUL0RIAYWpij07o9p8//J81NqfU9N9PO0dk2773SNtzLig6jod9AHyr TX4VCT0XIZMBgZGbuUOogCXcN+O+/Ca3wejMWrSXG5qH7m4kbYRg2vOALbVbpA5C umxqaHmbbzHHaUBCP/MJvqzpinugSn6Bjwmb86a7Y0i7tPvkatSyDfEKeYoMgpen amkzIEIMS+AIpwBFGY8GD3dQ97YiIHnHkftPzW3V68K57H0PAzCwNQ== =QVtk -----END PGP SIGNATURE----- From jogi at mur.at Fri Oct 25 13:15:23 2013 From: jogi at mur.at (=?UTF-8?B?Sm9naSBIb2Ztw7xsbGVy?=) Date: Fri, 25 Oct 2013 12:15:23 +0200 Subject: [Dovecot] dsync core dump Message-ID: <526A44BB.9080205@mur.at> Dear all, We're slowly progressing towards migration, and now run into dscyn dumping core when trying to sync mailboxes from the old imap server. Needless to say that not one byte get's transferred. On the old.server all I see is a correct login. This is what we get for one example user: server:~# doveadm -v -D backup -R -u USER imapc: doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) doveadm(USER): Debug: auth input: USER system_groups_user=USER uid=XXXX gid=YYYY home=/home/USER /etc/dovecot/proxy-userdb doveadm(USER): Debug: Unknown userdb setting: plugin//etc/dovecot/proxy-userdb=yes doveadm(USER): Debug: Effective uid=XXXX, gid=YYYY, home=/home/USER doveadm(USER): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=yes, list=no, subscriptions=yes location=maildir:~/Maildir doveadm(USER): Debug: maildir++: root=/home/USER/Maildir, index=, control=, inbox=/home/USER/Maildir, alt= doveadm(USER): Debug: acl: initializing backend with data: vfile doveadm(USER): Debug: acl: acl username = USER doveadm(USER): Debug: acl: owner = 1 doveadm(USER): Debug: acl vfile: Global ACL directory: (none) doveadm(USER): Debug: Namespace : type=shared, prefix=shared/%u/, sep=, inbox=no, hidden=no, list=children, subscriptions=no location=maildir:%h/Maildir:INDEX=~/Maildir/shared/%u doveadm(USER): Debug: shared: root=/var/run/dovecot, index=, control=, inbox=, alt= doveadm(USER): Debug: acl: initializing backend with data: vfile doveadm(USER): Debug: acl: acl username = USER doveadm(USER): Debug: acl: owner = 0 doveadm(USER): Debug: acl vfile: Global ACL directory: (none) dsync(USER): Debug: Effective uid=XXXX, gid=YYYY, home=/home/USER dsync(USER): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=yes, list=no, subscriptions=yes location=imapc: dsync(USER): Debug: imapc: root=, index=, control=, inbox=, alt= dsync(USER): Debug: imapc(old.server:PORT): Looking up IP address dsync(USER): Debug: imapc(old.server:PORT): Connecting to IP dsync(USER): Debug: imapc(old.server:PORT): Starting SSL handshake dsync(USER): Debug: imapc(old.server:PORT): SSL handshake successful dsync(USER): Debug: imapc(old.server:PORT): Server capabilities: IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=PLAIN ANNOTATEMORE dsync(USER): Debug: imapc(old.server:PORT): Authenticating as cyrus for user USER dsync(USER): Debug: imapc(old.server:PORT): Authenticated successfully dsync(USER): Debug: acl: initializing backend with data: vfile dsync(USER): Debug: acl: acl username = USER dsync(USER): Debug: acl: owner = 1 dsync(USER): Debug: acl vfile: Global ACL directory: (none) dsync(USER): Debug: Namespace : type=shared, prefix=shared/%u/, sep=, inbox=no, hidden=no, list=children, subscriptions=no location=maildir:%h/Maildir:INDEX=~/Maildir/shared/%u dsync(USER): Debug: shared: root=/var/run/dovecot, index=, control=, inbox=, alt= dsync(USER): Debug: acl: initializing backend with data: vfile dsync(USER): Debug: acl: acl username = USER dsync(USER): Debug: acl: owner = 0 dsync(USER): Debug: acl vfile: Global ACL directory: (none) Segmentation fault (core dumped) Here is the output of dovecot -n # 2.1.17: /etc/dovecot/dovecot.conf # OS: Linux 3.10-3-amd64 x86_64 Debian jessie/sid auth_debug = yes imapc_features = rfc822.size imapc_host = old.server imapc_list_prefix = INBOX imapc_master_user = MASTERUSER imapc_password = MASTERPASS imapc_port = PORT imapc_ssl = imaps imapc_ssl_ca_dir = /etc/ssl/certs lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = acl namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ subscriptions = no type = shared } namespace inbox { hidden = yes inbox = yes list = no location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = session=yes driver = pam } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap lmtp pop3" service auth { unix_listener auth-userdb { mode = 0777 } } service lmtp { inet_listener lmtp { address = 172.16.16.78 port = 24 } } ssl_cert = From noel.butler at ausics.net Fri Oct 25 13:48:43 2013 From: noel.butler at ausics.net (Noel Butler) Date: Fri, 25 Oct 2013 20:48:43 +1000 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131025092001.CF57B090@pobox.sk> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org>, <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com>, <20131017122154.E4F05434@pobox.sk>, <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com>, <20131021221101.9D8D854F@pobox.sk>, <5265A703.5040801@sys4.de>, <20131022090603.A7D37888@pobox.sk>, <20131024151302.18C55F5C@pobox.sk>, , <20131024154827.BD82E8E1@pobox.sk> <529969440bc136ea4261daddad90e5df@ausics.net> <20131025092001.CF57B090@pobox.sk> Message-ID: <111458774a9fbf70965dcb576ffed767@ausics.net> On 25/10/2013 17:20, azurIt wrote: >> Od: Noel Butler >> Komu: >> D?tum: 25.10.2013 00:42 >> Predmet: Re: [Dovecot] Strange output from LIST command >> >> On 24/10/2013 23:48, azurIt wrote: >> >>> >>> How am i suppose to know that my report was even noticed by any >>> developer? >>> >>> azur >> >> http://dictionary.reference.com/browse/patience >> > > > This is NOT about patience. > > azur of course it is, you report an alleged bug, now you wait until developer notes, and attempts to reproduce it, and if he can commits a fix, else he will tell you he can not reproduce it. I do see your point about needing confirmation the report was made, its why we use bugzilla, it would be beneficial if Timo did as well, but he chooses not to, he did give a reason for this, but it was many many years ago when he had more free time, now his time is scarce, one day he may reconsider it, so in meantime you need to wait it out, hence, patience. Dovecot does have a commercial side as Steffen alluded to, so if your bug is debilitating your business, you could always engage the commercial side of Dovecot, the fix which obviously is not affecting the masses, would likely gain priority. From me at junc.eu Fri Oct 25 15:36:55 2013 From: me at junc.eu (Benny Pedersen) Date: Fri, 25 Oct 2013 14:36:55 +0200 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131025000833.GQ16659@harrier.slackbuilds.org> References: <20131014132318.Horde.raGguX9ssInPc2T7N2N9gQ9@bigworm.curecanti.org> <1382004800.29012.35080385.0D68C3BA@webmail.messagingengine.com> <20131017122154.E4F05434@pobox.sk> <1382005748.1103.35085513.4F2BBDF3@webmail.messagingengine.com> <20131021221101.9D8D854F@pobox.sk> <5265A703.5040801@sys4.de> <20131022090603.A7D37888@pobox.sk> <20131024151302.18C55F5C@pobox.sk> <20131024154827.BD82E8E1@pobox.sk> <20131025000833.GQ16659@harrier.slackbuilds.org> Message-ID: <23b0fc93806a8ffc8f0f1fa7f4e7e246@junc.eu> /dev/rob0 skrev den 2013-10-25 02:08: > [1] Offer void where taxed or prohibited, or if, God forbid, he > got hit by a bus. or new job with nokia, could not resists :-) From acn at annachristina.eu Thu Oct 24 10:59:54 2013 From: acn at annachristina.eu (=?UTF-8?B?QW5uYSBDaHJpc3RpbmEgTmHDnw==?=) Date: Thu, 24 Oct 2013 09:59:54 +0200 Subject: [Dovecot] Empty Mails from MAILER-DAEMON with Dovecot-Antispam and DSPAM Message-ID: <5268D37A.1070906@annachristina.eu> Hallo, I've installed the dovecot-Antispam extension to my dovecot IMAP installation in conjunction with DSPAM. But when moving Mails from e.g. INBOX to Spam or vice versa, empty mails from MAILER-DAEMON appear after the original mail has been moved. This happens using Thunderbird 17esr, K-9 Mail on Android and Apple Mail (Mountain Lion). (Perhaps also when using a Webmail IMAP client) The source from one of these empty mails looks like this: ----snip---- Return-Path: X-Original-To: acn Delivered-To: acn at mydomain.name Received: from localhost (localhost.localdomain [127.0.0.1]) by (Postfix) with SMTP id CB81B140011 for ; Thu, 24 Oct 2013 09:23:33 +0200 (CEST) X-DSPAM-Reclassified: Spam Message-Id: <20131024072333.CB81B140011@> Date: Thu, 24 Oct 2013 09:23:33 +0200 (CEST) From: MAILER-DAEMON ----/snip---- Do you have any idea why these mails appear and how I can prevent it? I'm using these Debian packages: ii dovecot-antispam 2.0+20120225-3 ii dovecot-core 1:2.1.7-7 ii dovecot-imapd 1:2.1.7-7 ii dovecot-ldap 1:2.1.7-7 ii dovecot-lmtpd 1:2.1.7-7 ii dovecot-managesieved 1:2.1.7-7 ii dovecot-sieve 1:2.1.7-7 ii dspam 3.10.1+dfsg-11 ii postfix 2.9.6-2 ii postfix-ldap 2.9.6-2 DSPAM is integrated in Postfix via master.cf: ----snip---- smtp inet n - - - - smtpd -o content_filter=dspam dspam unix - n n - - pipe flags=u user=vmail:vmail argv=/usr/bin/dspamc --deliver=innocent,spam --user $user Mails go to dovecot via this 'virtual'-transport: dovecot unix - n n - - pipe flags=ODRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -e -f ${sender} -d ${user} ----/snip---- The rest of my configuration follows: dovecot -n: ----snip---- # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.2 ext4 auth_cache_size = 1 M auth_mechanisms = plain login auth_worker_max_count = 5 listen = *, [::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/vmail/%u/Maildir mail_privileged_group = mail mailbox_idle_check_interval = 15 secs managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify passdb { args = /etc/dovecot/ldap-passdb.conf.ext driver = ldap } plugin { antispam_allow_append_to_spam = no antispam_backend = dspam antispam_dspam_args = --user;%Lu;--deliver=spam,innocent;--source=error antispam_dspam_binary = /usr/bin/dspamc antispam_dspam_notspam = --class=innocent antispam_dspam_spam = --class=spam antispam_signature = X-DSPAM-Signature antispam_signature_missing = move antispam_spam = Spam;Junk antispam_trash = Trash;Deleted Items;Deleted Messages sieve = ~/.dovecot.sieve sieve_before = /etc/dovecot/sieve-before.d sieve_extensions = +notify +imapflags sieve_storage = ~/sieve } protocols = imap sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } user = $default_internal_user } service imap-login { process_min_avail = 2 service_count = 0 vsz_limit = 32 M } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } user = vmail } ssl_cert = default:teft Preference "spamAction=deliver" # { quarantine | tag | deliver } -> default:quarantine Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM] Preference "statisticalSedation=5" # { 0 - 10 } -> default:0 Preference "enableBNR=on" # { on | off } -> default:off Preference "enableWhitelist=on" # { on | off } -> default:on Preference "signatureLocation=headers" # { message | headers } -> default:message Preference "tagSpam=off" # { on | off } Preference "tagNonspam=off" # { on | off } Preference "showFactors=off" # { on | off } -> default:off Preference "optIn=off" # { on | off } Preference "optOut=off" # { on | off } Preference "whitelistThreshold=10" # { Integer } -> default:10 Preference "makeCorpus=off" # { on | off } -> default:off Preference "storeFragments=off" # { on | off } -> default:off Preference "localStore=" # { on | off } -> default:username Preference "processorBias=on" # { on | off } -> default:on Preference "fallbackDomain=off" # { on | off } -> default:off Preference "trainPristine=off" # { on | off } -> default:off Preference "optOutClamAV=off" # { on | off } -> default:off Preference "ignoreRBLLookups=off" # { on | off } -> default:off Preference "RBLInoculate=off" # { on | off } -> default:off Preference "notifications=off" # { on | off } -> default:off AllowOverride enableBNR AllowOverride enableWhitelist AllowOverride fallbackDomain AllowOverride ignoreGroups AllowOverride ignoreRBLLookups AllowOverride localStore AllowOverride makeCorpus AllowOverride optIn AllowOverride optOut AllowOverride optOutClamAV AllowOverride processorBias AllowOverride RBLInoculate AllowOverride showFactors AllowOverride signatureLocation AllowOverride spamAction AllowOverride spamSubject AllowOverride statisticalSedation AllowOverride storeFragments AllowOverride tagNonspam AllowOverride tagSpam AllowOverride trainPristine AllowOverride trainingMode AllowOverride whitelistThreshold AllowOverride dailyQuarantineSummary AllowOverride notifications IgnoreHeader DKIM-Signature IgnoreHeader X-Spam-Status IgnoreHeader X-Spam-Scanned IgnoreHeader X-Virus-Scanner-Result Notifications off PurgeSignatures 14 # Stale signatures PurgeNeutral 90 # Tokens with neutralish probabilities PurgeUnused 90 # Unused tokens PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes) PurgeHits1S 15 # Tokens with only 1 spam hit PurgeHits1I 15 # Tokens with only 1 innocent hit LocalMX 127.0.0.1 SystemLog on UserLog on Opt out ClamAVPort 3310 ClamAVHost 127.0.0.1 ClamAVResponse spam ServerMode auto ServerPass.Relay1 "" ServerParameters "--deliver=innocent,spam --user %u" ServerIdent "localhost.localdomain" ServerDomainSocketPath "/var/run/dspam/dspam.sock" ClientHost /var/run/dspam/dspam.sock ClientIdent "@Relay1" ProcessorURLContext on ProcessorBias off StripRcptDomain off Include /etc/dspam/dspam.d/ ----/snip---- Thanks a lot! Kind regards, Anna Christina Na? From dovecot.org at veggiechinese.net Fri Oct 25 04:00:10 2013 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Thu, 24 Oct 2013 18:00:10 -0700 Subject: [Dovecot] UIDL conversion courier -> dovecot Message-ID: <20131025010010.GH70090@aura.veggiechinese.net> I've got a weird split setup where POP3 is currently handled by Courier (courier-imap-3.0.2 distribution), and IMAP is currently handled by the RHEL 5 version of Dovecot (1.0.7) I'm trying to figure out a way to convert the POP3 UIDLs (in cases where the courierpop3dsizelist is newer than dovecot-uidlist, at least) to something that Dovecot will read, or to configure Dovecot's pop3 to use a UIDL format that will work, as mentioned in the migration wiki. We have some "squeaky wheel" users who don't have their POP clients set to delete messages, and are likely to complain about re-downloading their several GB of mail. Thus far, the migration scripts haven't seemed to work properly, maybe because of the versions I'm using. I'm not sure whether the Courier versions there refer to Courier MTA version or Courier IMAP version, but adjusting the UIDL format to %v-%u (as suggested for early Courier 3 / Dovecot 1.0) hasn't worked (I saw %u-%v online, but that also didn't work). Since the Courier system doesn't seem to report validity, I also tried just '%u' - this works *if* I delete the header line as well as rename the courierpop3dsizelist to dovecot-uidlist, but I still don't get the exact same UIDLs as before. I'm willing to write my own migration tool, or to adapt the existing one, but I could use some assistance knowing how to do the translation. Dovecot -n for that instance is below, slightly sanitized, obviously I can change pop3_uidl_format; I also tried getting rid of pop3_reuse_xuidl: Basically, to give a concreate example, the Courier system seems to use the filename as the UIDL, with this courierpop3dsizelist: /2 45 1382654636 1199751891.13891_0.water-ox:2,Sa 2412 0:1382654636 1199927364.22870_0.fire-ox:2,S 2440 0:1382654636 1199936486.3332_0.wood-ox:2,Sa 2074 0:1382654636 1199985712.27745_0.water-ox:2,RS 4007 0:1382654636 1199993867.23139_0.fire-ox:2,S 1550 0:1382654636 producing this UIDL output: UIDL +OK 1 1199751891.13891_0.water-ox 2 1199927364.22870_0.fire-ox 3 1199936486.3332_0.wood-ox 4 1199985712.27745_0.water-ox 5 1199993867.23139_0.fire-ox [...] Dovecot's dovecot-uidlist: 3 V1199747645 N606 562 W2412 :1199751891.13891_0.water-ox:2,Sa 563 W2440 :1199927364.22870_0.fire-ox:2,S 564 W2074 :1199936486.3332_0.wood-ox:2,Sa 565 W4007 :1199985712.27745_0.water-ox:2,RS 566 W1550 :1199993867.23139_0.fire-ox:2,S producing: UIDL +OK 1 1199747645-562 2 1199747645-563 3 1199747645-564 4 1199747645-565 5 1199747645-566 (or, if I change the format to just %u): +OK 1 650 2 651 3 652 4 653 5 654 # dovecot --version 1.0.7 # 1.0.7: /etc/dovecot.d/XXX.cfg base_dir: /var/run/dovecot/pop-its syslog_facility: local4 protocols: pop3 pop3s listen: *:110 ssl_listen: *:995 ssl_ca_file: /etc/pki/dovecot/certs/XX.pem ssl_cert_file: /etc/pki/dovecot/certs/XXXX.pem ssl_key_file: /etc/pki/dovecot/private/XXXX.key disable_plaintext_auth: yes login_dir: /var/run/dovecot/pop-its/login login_executable: /usr/libexec/dovecot/pop3-login login_greeting_capability: yes login_processes_count: 4 login_max_processes_count: 512 verbose_proctitle: yes mail_location: maildir:/var/spool/maildir/%1Ln/%Ln:INDEX=/var/spool/dovecot/indexes/%1Ln/%Ln mail_debug: yes mmap_disable: yes maildir_copy_with_hardlinks: yes mail_executable: /usr/libexec/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/pop3 pop3_reuse_xuidl: yes pop3_uidl_format: %v-%u pop3_client_workarounds: outlook-no-nuls oe-ns-eoh namespace: type: private separator: . prefix: Mail. inbox: yes auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot.conf-ldap userdb: driver: static args: uid=vmail gid=mail home=/var/spool/maildir/%1Ln/%Ln socket: type: listen master: path: /var/run/dovecot/pop-its/auth-master mode: 384 user: vmail group: mail TIA! /wby From stephen.ryan at electricmail.com Fri Oct 25 13:21:20 2013 From: stephen.ryan at electricmail.com (stephen.ryan) Date: Fri, 25 Oct 2013 03:21:20 -0700 (PDT) Subject: [Dovecot] "Renaming not supported across conflicting directory permissions" In-Reply-To: <1361034754.3230.80.camel@hurina> References: <04C4B084-A082-443E-A54A-1E7A147EC3BE@tucows.com> <1361034754.3230.80.camel@hurina> Message-ID: <1382696480670-44969.post@n4.nabble.com> We are seeing this occurring in 2.1.17 imap . rename "INBOX.Folder1" "INBOX.SubFolder.Folder1" . NO [CANNOT] Renaming not supported across conflicting directory permissions Permissions don't have the sticky bit like other posters drwx------ 1 mail mail 428 Oct 13 00:15 .SubFolder drwxr-x--- 1 mail mail 344 Oct 24 18:19 .Folder1 Chmod 700 .Folder1 fixes the issue and lets dovecot move it. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Renaming-not-supported-across-conflicting-directory-permissions-tp40122p44969.html Sent from the Dovecot mailing list archive at Nabble.com. From consultant at rustyross.com Fri Oct 25 15:51:01 2013 From: consultant at rustyross.com (Rusty Ross) Date: Fri, 25 Oct 2013 08:51:01 -0400 Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Message-ID: On Oct 25, 2013, at 2:20 AM, Steffen Kaiser wrote: > please post your configuration. # doveconf -n # 2.2.5: /Library/Server/Mail/Config/dovecot/dovecot.conf # OS: Darwin 13.0.0 x86_64 hfs auth_mechanisms = cram-md5 plain login apop digest-md5 auth_realms = server1.rustytest.lan auth_socket_path = /var/run/dovecot/auth-userdb auth_username_format = %n debug_log_path = /Library/Logs/Mail/mail-debug.log default_internal_user = _dovecot default_login_user = _dovenull disable_plaintext_auth = no doveadm_password = secret doveadm_port = 12345 dsync_remote_cmd = ssh -l%{login} %{host} /Applications/Server.app/Contents/ServerRoot/usr/bin/doveadm dsync-server -u%u first_valid_gid = 6 first_valid_uid = 6 imap_id_log = * imap_id_send = "name" * "version" * imap_urlauth_submit_user = submit info_log_path = /Library/Logs/Mail/mail-info.log log_path = /Library/Logs/Mail/mail-err.log login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_access_groups = mail mail_attribute_dict = file:/Library/Server/Mail/Data/attributes/attributes.dict mail_location = maildir:/Library/Server/Mail/Data/mail/%u mail_log_prefix = "%s(pid %p user %u): " mail_plugins = quota zlib acl fts fts_sk notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mdbox_rotate_size = 200 M namespace acl-mailboxes { list = children location = maildir:/Library/Server/Mail/Data/mail/users/%%u:INDEX=/Library/Server/Mail/Data/mail/shared/%%u prefix = shared.%%u. separator = . subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } namespace list-archives { list = children location = maildir:/Library/Server/Mail/Data/listserver/messages/archive/lists/%%u:INDEX=/Library/Server/Mail/Data/listserver/messages/archive/shared/%%u prefix = archives.%%u. separator = . subscriptions = no type = shared } passdb { driver = od } passdb { args = /Library/Server/Mail/Config/dovecot/submit.passdb driver = passwd-file } plugin { acl = vfile:/Library/Server/Mail/Config/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/Library/Server/Mail/Data/shared/shared-mailboxes fts = sk mail_replica = remote:root at server2.rustytest.lan quota = maildir:User quota quota_warning = storage=100%% quota-exceeded %u sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u stats_refresh = 30 secs stats_track_cmds = yes } postmaster_address = postmaster at server1.rustytest.lan protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service aggregator { fifo_listener replication-notify-fifo { user = _dovecot } unix_listener replication-notify { user = _dovecot } } service auth { extra_groups = _keytabusers idle_kill = 15 mins unix_listener auth-userdb { user = _dovecot } } service dns_client { unix_listener dns-client { mode = 0600 } } service doveadm { inet_listener { port = 12345 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap { client_limit = 5 process_limit = 200 service_count = 0 } service indexer-worker { user = _dovecot } service lmtp { unix_listener lmtp { mode = 0600 } } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { client_limit = 5 process_limit = 200 service_count = 0 } service quota-exceeded { executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded.sh unix_listener quota-exceeded { group = mail mode = 0660 user = _dovecot } user = _dovecot } service quota-warning { executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning.sh unix_listener quota-warning { group = mail mode = 0660 user = _dovecot } user = _dovecot } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } service stats { fifo_listener stats-mail { mode = 0600 user = _dovecot } } ssl = required ssl_ca = enforce_quotas=no # use_getpwnam_ext=yes blocking=no driver = od args = partition=/Library/Server/Mail/Config/dovecot/partition_map.conf enforce_quotas=no default_fields = home=/Library/Server/Mail/Data/mail/B3E33468-AAC1-41A3-8E7E-B85012658884 } # cat /Library/Server/Mail/Config/dovecot/submit.passdb submit:{PLAIN}AQ32W5sFMZ1RUWErZskeTt:214:6::/var/empty:: As a side note, Apple is apparently using ?submit? for imap_urlauth_submit_user (see doveconf -n, above) but I personally have no idea what that settings does. Rusty From consultant at rustyross.com Fri Oct 25 15:53:26 2013 From: consultant at rustyross.com (Rusty Ross) Date: Fri, 25 Oct 2013 08:53:26 -0400 Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Message-ID: <07E26E35-2C06-4B1E-A1F4-CE71461EE4AD@rustyross.com> On Oct 25, 2013, at 2:20 AM, Steffen Kaiser wrote: > please post your configuration. Sorry, my previous config email contains a typo. Please disregard the "cat auth-od.conf.ext? in that email. This is the accurate one: # cat auth-od.conf.ext # Authentication using Open Directory. Included from 10-auth.conf. # # Version 2.2.x (AR14759611) passdb { # OD cache refresh intervals. The positive cache TTL applies to # enabled accounts. The negative cache TTL applies to disabled # accounts. Nonexistent accounts are not cached. # arguments: args = pos_cache_ttl=3600 neg_cache_ttl=60 # use_getpwnam_ext=yes blocking=no driver = od } userdb { # OD cache refresh intervals. The positive cache TTL applies to # enabled accounts. The negative cache TTL applies to disabled # accounts. Nonexistent accounts are not cached. # Set enforce_quotas to yes to deny message delivery and message # copying when user account has exceeded their quota. # Use global_quota to enable system wide quota. Individual # quotas override global quota. # additional args: pos_cache_ttl=3600 neg_cache_ttl=60 # luser_relay= enforce_quotas=no # use_getpwnam_ext=yes blocking=no driver = od args = partition=/Library/Server/Mail/Config/dovecot/partition_map.conf enforce_quotas=no default_fields = home=/Library/Server/Mail/Data/mail/%u } From skdovecot at smail.inf.fh-brs.de Fri Oct 25 16:36:37 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 25 Oct 2013 15:36:37 +0200 (CEST) Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Oct 2013, Rusty Ross wrote: > userdb { > args = /Library/Server/Mail/Config/dovecot/submit.passdb > driver = passwd-file > } > > # cat /Library/Server/Mail/Config/dovecot/submit.passdb > submit:{PLAIN}AQ32W5sFMZ1RUWErZskeTt:214:6::/var/empty:: > > As a side note, Apple is apparently using ?submit? for imap_urlauth_submit_user (see doveconf -n, above) but I personally have no idea what that settings does. That's why doveadm user \* returns "submit" as user. That's an Apple (or however made your package of Dovecot) question then, IMHO. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmpz5V3r2wJMiz2NAQLrWAgAmYn6XWC9Yq4oZKVE+BFr4sE9g7IWbe8H 4jd+imzDOcmcSctd+i8uv8KgHJpeKbBW7bnqKAuVen5zXgmXN+8ssffgp9ID2VAk 61kBwwv0b5qu6NUCVtsjFyx0DWvAfYLCBZkbDhhOCANZSjnAPCwxJriY0IxDzfMc E5JmZ2Z249DqQI9bPWuOcgI7sd8/gZ3U9BEJ0I2LTuSKnlnBNVgZaN5FRDBxt71d UsuaKIYAzZhtfhHEe9VJbHXowy+2li+zugEjI//u4QO+/fugsggTj45YN/T81JsR aGlJ4nvtuFkEsmycJGKhOV2SNv7l+HYH8bHtyNru3ZSXrWrG9Vn57Q== =sxvo -----END PGP SIGNATURE----- From consultant at rustyross.com Fri Oct 25 16:38:04 2013 From: consultant at rustyross.com (Rusty Ross) Date: Fri, 25 Oct 2013 09:38:04 -0400 Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Message-ID: <75E3BC51-55BB-47CD-8C4F-AE337307215E@rustyross.com> On Oct 25, 2013, at 9:36 AM, Steffen Kaiser wrote: > That's why doveadm user \* returns "submit" as user. That's an Apple (or however made your package of Dovecot) question then, IMHO. Maybe. But assuming it?s there to stay (as per Apple), do you have any ideas about how to get the replication plugin to ignore it? Rusty From consultant at rustyross.com Fri Oct 25 16:40:13 2013 From: consultant at rustyross.com (Rusty Ross) Date: Fri, 25 Oct 2013 09:40:13 -0400 Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Message-ID: <6CED748F-243E-4353-B81F-CAC6FB06035C@rustyross.com> Also, based on the posted config, any ideas about how to populate the user ?home? path with the user?s GUID rather than short name? ie: home /Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F mail maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F instead of: home /Library/Server/Mail/Data/mail/mary mail maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F Thanks, Rusty From skdovecot at smail.inf.fh-brs.de Fri Oct 25 16:42:28 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 25 Oct 2013 15:42:28 +0200 (CEST) Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Oct 2013, Rusty Ross wrote: about %u and GUID > mail_location = maildir:/Library/Server/Mail/Data/mail/%u > userdb { > args = partition=/Library/Server/Mail/Config/dovecot/partition_map.conf enforce_quotas=no > default_fields = home=/Library/Server/Mail/Data/mail/%u > driver = od > } I'm pretty sure, that the od driver does return a "mail" field overriding the default mail_location setting. Therefore home=/Library/Server/Mail/Data/mail/%u gets not expanded. IMHO, it's again a very MacOSX or package specific question. The "od" driver needs to return a home field for each query. Or maybe, override the uid (%u) with the GUID in your particular installation. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmp1RF3r2wJMiz2NAQKNXwf7Bnn9bas+obFE/FBqrj1+ScPwMacIaGQo hACZigvKAdNLDaQxCSP1q3ZbWj6yFFA31El1Wq+CMdNQc+ItT7/FKqaoSAxZvCB3 N1UvxIR9urQAWjeKPaa9PYrw5sdq1UuMEHPDlY7mALWLdz67//77YsIKNPFPcNEv B++aDKUiDSYcU2vKrsRllN6OO7rMVgqrpur6y1G1woM/TNGGo9AbYmIde5m0AniR ryfbsQmeshFucmUIskona2SP7M+vjnfaDo8h0MwYV6AMybRpM6Cy7AOKrcJY0QN4 uw90vkFXVSJicCSv3u10679z2/pM54EUEN7jfWqVU7b/kC1aGBnHCA== =i4O5 -----END PGP SIGNATURE----- From consultant at rustyross.com Fri Oct 25 16:45:42 2013 From: consultant at rustyross.com (Rusty Ross) Date: Fri, 25 Oct 2013 09:45:42 -0400 Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Message-ID: On Oct 25, 2013, at 9:42 AM, Steffen Kaiser wrote: > I'm pretty sure, that the od driver does return a "mail" field overriding the default mail_location setting. Therefore home=/Library/Server/Mail/Data/mail/%u gets not expanded. I don?t believe this is true, since I manually added: > default_fields = home=/Library/Server/Mail/Data/mail/%u to > userdb { > args = partition=/Library/Server/Mail/Config/dovecot/partition_map.conf enforce_quotas=no > default_fields = home=/Library/Server/Mail/Data/mail/%u > driver = od > } Before I added it, home was empty: > # doveadm user 'mary' > field value > uid 214 > gid 6 > home > mail maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F > quota maildir:User quota:noenforcing > quota_rule *:storage=0 > mail_location maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F > sieve /Library/Server/Mail/Data/rules/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F/dovecot.sieve > sieve_dir /Library/Server/Mail/Data/rules/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F > sieve_storage /Library/Server/Mail/Data/rules/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F Rusty From skdovecot at smail.inf.fh-brs.de Fri Oct 25 16:49:51 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 25 Oct 2013 15:49:51 +0200 (CEST) Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: <6CED748F-243E-4353-B81F-CAC6FB06035C@rustyross.com> References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> <6CED748F-243E-4353-B81F-CAC6FB06035C@rustyross.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Oct 2013, Rusty Ross wrote: > ie: > > home /Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F > mail maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F > > instead of: > > home /Library/Server/Mail/Data/mail/mary > mail maildir:/Library/Server/Mail/Data/mail/10C94BF9-5CC4-4DDB-B0F0-5D23F22B2D9F Sorry, but I have no experience with MacOSX server stuff. "od" seems to mean "OpenDirectory", which is some LDAP implementation. You probably find some od-dovecot-adapter/conf-file, like this http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb . The conf does not point to a specific conf file, so I cannot give no clues. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmp2/13r2wJMiz2NAQKIfwf+Ko0CtNtubVwQpV+jDyYkv5A4Iy1kh4gY /4dNBxG9WTmr/6a84yrXHuhbr0ScnSMnv2xWnZHCAYc2NtpZ6Ba8XxG7kwJZ9WzA RcvAqzFFVbwSJSPQhqYNKbEn5iTIpSo5SJapAkldsEaX+Pyj7fiI6BcopfjAGlT9 7eeGbSxuuVmdZ2Zer+eC/hnHW+YHVW8bES7ojq5E5vYxlqVnDvm2d3HDNukSp/p+ cogz4hV3Bf3bENdx79EGXKgz08PiQpoig7bbr5jmEvWk4+nYmwYzqVQ6Q8SJ7Dx+ KfaS69LZ8c3IgvhhL9AVENNoIbhmQsytaxWWDSqdsIi/o1evAUy/eQ== =ORl0 -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Fri Oct 25 16:57:26 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Fri, 25 Oct 2013 15:57:26 +0200 (CEST) Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Oct 2013, Rusty Ross wrote: > On Oct 25, 2013, at 9:42 AM, Steffen Kaiser wrote: > >> I'm pretty sure, that the od driver does return a "mail" field overriding the default mail_location setting. Therefore home=/Library/Server/Mail/Data/mail/%u gets not expanded. > > I don?t believe this is true, since I manually added: > >> default_fields = home=/Library/Server/Mail/Data/mail/%u > > to > >> userdb { >> args = partition=/Library/Server/Mail/Config/dovecot/partition_map.conf enforce_quotas=no >> default_fields = home=/Library/Server/Mail/Data/mail/%u >> driver = od >> } > > Before I added it, home was empty: That means that the od driver does not return no "home" field. Once you've added the default field for "home", Dovecot kicked in and added "home", but replaced %u with the login name rather then GUID. Therefore I concluded that Dovecot does not expand the default mail_location setting, but the od driver returns "mail", which already has the GUID in it. Dovecot does nothing on the returned string. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUmp4xl3r2wJMiz2NAQJ1vQgAu7IqDsNilgunpabdflFbxjvSn006IB33 XsXWVmDfK/HtnNmaQUPZjvuqKZYcVvypBN2zrJR1wgaesVPX1ltEnctKE8brkpFD iPGc5wH/UyNMSe/sOFfqcDaNDmASRQkDhq4lvXI1SPgLj9/0IPFgPOizhzXhWhm8 WTznq7WZyZUKkXXRUeitVhkrSWW0nCIeypxkbaZCNyrECDZNc2TeYBw+NMSBymmT IgrG/8Sww36xRp3GA9fnCvCCmsdLx+5AT8reVtmJkZOsrm2GWZzFGDefVf0ZS1HX 9hjqoCjesQ0d3RdU4sOcIAPPFTz9JAPwhUh5UwstxfrbBDRtw7RBrA== =0EA6 -----END PGP SIGNATURE----- From CMarcus at Media-Brokers.com Fri Oct 25 17:43:53 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 25 Oct 2013 10:43:53 -0400 Subject: [Dovecot] dsync core dump In-Reply-To: <526A44BB.9080205@mur.at> References: <526A44BB.9080205@mur.at> Message-ID: <526A83A9.6020404@Media-Brokers.com> On 2013-10-25 6:15 AM, Jogi Hofm?ller wrote: > Here is the output of dovecot -n > > # 2.1.17: /etc/dovecot/dovecot.conf Dsync was completely written and is vastly improved in the 2.2.x series. If you need to use dsync, you need to update to 2.2 (preferably the latest, which is currently 2.2.6)... -- Best regards, */Charles/* From michael.abbott at apple.com Fri Oct 25 17:44:57 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Fri, 25 Oct 2013 09:44:57 -0500 Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: <30FE15AA-23D2-45E1-A0B7-A64EE23CE11C@rustyross.com> References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> <30FE15AA-23D2-45E1-A0B7-A64EE23CE11C@rustyross.com> Message-ID: > default_fields = home=/Library/Server/Mail/Data/mail/%u Try: default_fields = home=/Library/Server/Mail/Data/mail/users/%u From consultant at rustyross.com Fri Oct 25 17:49:34 2013 From: consultant at rustyross.com (Rusty Ross) Date: Fri, 25 Oct 2013 10:49:34 -0400 Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> <30FE15AA-23D2-45E1-A0B7-A64EE23CE11C@rustyross.com> Message-ID: <8FA10296-DCF6-409C-8801-973E6B121917@rustyross.com> Ah, that?s beautiful, Mike. I didn?t realize that there was a directory of symlinks based on short names. That fixes that. Thank you. (You don't you have any thoughts only getting replication to ignore the ?submit? user, do you?) Best, Rusty On Oct 25, 2013, at 10:44 AM, Mike Abbott wrote: >> default_fields = home=/Library/Server/Mail/Data/mail/%u > > Try: > > default_fields = home=/Library/Server/Mail/Data/mail/users/%u From michael.abbott at apple.com Fri Oct 25 18:05:44 2013 From: michael.abbott at apple.com (Mike Abbott) Date: Fri, 25 Oct 2013 10:05:44 -0500 Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: <8FA10296-DCF6-409C-8801-973E6B121917@rustyross.com> References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> <30FE15AA-23D2-45E1-A0B7-A64EE23CE11C@rustyross.com> <8FA10296-DCF6-409C-8801-973E6B121917@rustyross.com> Message-ID: <8BC6C1D2-F614-4F3B-B721-628380EA7B61@apple.com> > (You don't you have any thoughts only getting replication to ignore the ?submit? user, do you?) Just remove it from your config and disable urlauth. That will also fix the security hole you opened when you sent your submit user's password to the list :). From consultant at rustyross.com Fri Oct 25 18:07:18 2013 From: consultant at rustyross.com (Rusty Ross) Date: Fri, 25 Oct 2013 11:07:18 -0400 Subject: [Dovecot] Replication (Mac OS X) In-Reply-To: <8BC6C1D2-F614-4F3B-B721-628380EA7B61@apple.com> References: <4ACA3C8E-76AC-4DE5-BA8A-1B487EE4AE3C@rustyross.com> <30FE15AA-23D2-45E1-A0B7-A64EE23CE11C@rustyross.com> <8FA10296-DCF6-409C-8801-973E6B121917@rustyross.com> <8BC6C1D2-F614-4F3B-B721-628380EA7B61@apple.com> Message-ID: What (if anything) will disabling urlauth break in Apple?s world? I am assuming they took the trouble to implement it for a reason. PS: I actually randomized the password for example purposes when I posted to the list. :) Rusty On Oct 25, 2013, at 11:05 AM, Mike Abbott wrote: >> (You don't you have any thoughts only getting replication to ignore the ?submit? user, do you?) > > Just remove it from your config and disable urlauth. That will also fix the security hole you opened when you sent your submit user's password to the list :). From kremels at kreme.com Fri Oct 25 20:04:13 2013 From: kremels at kreme.com (LuKreme) Date: Fri, 25 Oct 2013 11:04:13 -0600 Subject: [Dovecot] Broken files? In-Reply-To: References: <1E5DD284-BF48-4207-92B2-AEACCE042064@kreme.com> Message-ID: On 25 Oct 2013, at 02:15 , Steffen Kaiser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 24 Oct 2013, LuKreme wrote: > >> Getting a lot of these error for two specific mailboxes. They repeat many times a day, usually within less than 5 minutes. >> >> mail dovecot: imap(kremels): Error: Broken file /home/kremels/Maildir/.zz.x-tech.2010/dovecot-uidlist line 2: Invalid extended fields: : >> >> $ cat .zz.x-tech.2010/dovecot-uidlist >> 3 V1263241007 N56581 G11fe2118db236952f984010021d1a38d >> >> OI tried deleting the files that generated the errors, but they were recreated and the errors returned. > > the error claims line 2, but the file has just one? Or is the second line present, but empty (just newline). Hmm. I think it had just one line. I *think* I figured it out, the mailboxes that were causing the errors each had a file in them named ?:,2? since removing those and removing the dovecot-uidlist the problem hasn?t returned. -- Monique: He keeps putting his testicles all over me. Lane: Excuse me? From andrzej.filip at gmail.com Fri Oct 25 20:40:21 2013 From: andrzej.filip at gmail.com (Andrzej A. Filip) Date: Fri, 25 Oct 2013 19:40:21 +0200 Subject: [Dovecot] separate mail_location for system and normal users Message-ID: <526AAD05.7030706@gmail.com> How to configure dovecot to use different default mail_location for system (uid<1_000) and normal users (uid>=1_000)? I want to to use by default * classic mailbox in standard location for system users * maildir in $HOME subdirectory for normal users From dovecot.org at veggiechinese.net Fri Oct 25 22:00:36 2013 From: dovecot.org at veggiechinese.net (Will Yardley) Date: Fri, 25 Oct 2013 12:00:36 -0700 Subject: [Dovecot] UIDL conversion courier -> dovecot In-Reply-To: <20131025010010.GH70090@aura.veggiechinese.net> References: <20131025010010.GH70090@aura.veggiechinese.net> Message-ID: <20131025190036.GI70090@aura.veggiechinese.net> Sorry for the self-followup... Looks like I just needed to look at the Courier v0 instructions and set pop3_uidl_format = %f That seems to work as expected, and the bonus is, I'll have the UIDLs the clients expect without any conversion. /wby From tom at whyscream.net Sat Oct 26 16:43:19 2013 From: tom at whyscream.net (Tom Hendrikx) Date: Sat, 26 Oct 2013 15:43:19 +0200 Subject: [Dovecot] Empty Mails from MAILER-DAEMON with Dovecot-Antispam and DSPAM In-Reply-To: <5268D37A.1070906@annachristina.eu> References: <5268D37A.1070906@annachristina.eu> Message-ID: <526BC6F7.60301@whyscream.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 24-10-13 09:59, Anna Christina Na? wrote: > Hallo, > > I've installed the dovecot-Antispam extension to my dovecot IMAP > installation in conjunction with DSPAM. > > But when moving Mails from e.g. INBOX to Spam or vice versa, empty > mails from MAILER-DAEMON appear after the original mail has been > moved. This happens using Thunderbird 17esr, K-9 Mail on Android > and Apple Mail (Mountain Lion). (Perhaps also when using a Webmail > IMAP client) > > The source from one of these empty mails looks like this: > > ----snip---- Return-Path: X-Original-To: acn > Delivered-To: acn at mydomain.name Received: from localhost > (localhost.localdomain [127.0.0.1]) by (Postfix) > with SMTP id CB81B140011 for ; Thu, 24 Oct 2013 09:23:33 +0200 > (CEST) X-DSPAM-Reclassified: Spam Message-Id: > <20131024072333.CB81B140011@> Date: Thu, 24 Oct 2013 > 09:23:33 +0200 (CEST) From: MAILER-DAEMON ----/snip---- > > Do you have any idea why these mails appear and how I can prevent > it? > > # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 > Debian 7.2 ext4 auth_cache_size = 1 M auth_mechanisms = plain > login auth_worker_max_count = 5 listen = *, [::] log_timestamp = > "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/vmail/%u/Maildir > mail_privileged_group = mail mailbox_idle_check_interval = 15 secs > managesieve_notify_capability = mailto managesieve_sieve_capability > = fileinto reject envelope encoded-character vacation subaddress > comparator-i;ascii-numeric relational regex imap4flags copy include > variables body enotify environment mailbox date ihave imapflags > notify passdb { args = /etc/dovecot/ldap-passdb.conf.ext driver = > ldap } plugin { antispam_allow_append_to_spam = no antispam_backend > = dspam antispam_dspam_args = > --user;%Lu;--deliver=spam,innocent;--source=error You're telling DSPAM to re-deliver e-mail after retraining. You don't want that, as you already received the e-mail. You only want DSPAM to re-learn the message, so try something like: antispam_dspam_args = --user;%Lu;--deliver=;--source=error > antispam_dspam_binary = /usr/bin/dspamc antispam_dspam_notspam = > --class=innocent antispam_dspam_spam = --class=spam > antispam_signature = X-DSPAM-Signature antispam_signature_missing = > move antispam_spam = Spam;Junk antispam_trash = Trash;Deleted > Items;Deleted Messages Kind regards, Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSa8b2AAoJEJPfMZ19VO/1J9EP/08yHDm8Okxe65TA83eQMHp4 SHj3EvJH115BtRjSEJMME3CQ7Vd5G3Ah1l3b6QMWhkEM2zRiFXD10WfrMplZvO/5 snS70CFHKataNyaTuBG7XxK5Gv56DmCIH2j1k/YjSXnUsl8G9Xpbh3lLoPZDALoC 9BThSrTCxMc2hN3W+VGBvhxh1Nk2t8hak56QvzSebKDkazLX7MHcexZWZuBqh+v5 saicGoSak3FSNhowTul0JI9EzFtU8VKlLOFOqy/31/4NynszJQs+aWrm1xkxkZV4 l+nLiRvQUC+TUO0AfvlUwxFCs8cT39IAhPU9lqWNoR8SAM31aqOJRBeO28HMx3Ur KOlefJnm77fQk6C+upqr0pKu+EgqvxQQBHjacZOKnzUptlwxzS2he38OswiWBk8b oSqPXpGvZ9jxxmfXQAg0M/a1ztIz6/8vAxNAZHKsuKciXFIn6iZyswn7A1fm2W06 KHHu4ocQ3mGmJ2n5AdnYQP+9axuPBRjCKL2gT2K5hP7uHuJr9vXOUaWpAfAmTPVa ATyXa6rnmtxOwKZt0azLFQhMzLu6kjEgTTcus3PLJFURECBoatrGMaWOCasLBu6w 4+g63ProScxZ1+P+MDUifxIBdiVD2M5qFc2zhnExt254hE/5YOYcgDq5f8x/XL6m gy34lWdAQtg8aKoCD07c =hw6D -----END PGP SIGNATURE----- From tss at iki.fi Sat Oct 26 18:01:00 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 18:01:00 +0300 Subject: [Dovecot] Strange output from LIST command In-Reply-To: <20131014202829.D69A4098@pobox.sk> References: <20131014202829.D69A4098@pobox.sk> Message-ID: <72AC2585-638D-4439-8F44-34CC2D017BEE@iki.fi> On 14.10.2013, at 21.28, azurIt wrote: > i'm using Dovecot 2.1.7 (Debian Wheezy) and output from LIST command looks strange: > > C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN (STATUS (UNSEEN)) > S: * LIST () "." "INBOX" > S: * LIST () "." "INBOX.Karantena" > S: * STATUS "INBOX.Karantena" (UNSEEN 0) > S: * LIST () "." "INBOX.Spam" > S: * STATUS "INBOX.Spam" (UNSEEN 0) > S: 4 OK List completed. > > The UNSEEN information for INBOX is completely missing. It is correct behavior? If not, is this a known bug in 2.1.7? Thank you. Fixed: http://hg.dovecot.org/dovecot-2.1/rev/d16e212531ec It was also already working for v2.2. From tss at iki.fi Sat Oct 26 18:08:29 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 18:08:29 +0300 Subject: [Dovecot] Problems with userdb lookup In-Reply-To: <52691CF4.4080902@xtlv.cn> References: <52691CF4.4080902@xtlv.cn> Message-ID: <102D1CD7-9E16-4306-A6CC-A34D7500463D@iki.fi> On 24.10.2013, at 16.13, Mario Arnold wrote: > #6 0xb7751886 in p_strndup (pool=0xb7796544 , > str=str at entry=0x0, max_chars=max_chars at entry=4294967295) at strfuncs.c:74 > mem = > len = > __FUNCTION__ = "p_strndup" > #7 0xb7751d7f in t_strndup (str=0x0, max_chars=4294967295) at strfuncs.c:236 > No locals. > #8 0x08057003 in auth_request_append_password (str=str at entry=0x97e68a8, > request=0x97f8da8, request=0x97f8da8) at auth-request.c:1799 > p = > log_type = > max_len = 4294967295 2 fixes related to this: http://hg.dovecot.org/dovecot-2.2/rev/8a8e63a351f5 http://hg.dovecot.org/dovecot-2.2/rev/1d222bd0a49c From tss at iki.fi Sat Oct 26 18:10:33 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 18:10:33 +0300 Subject: [Dovecot] failed: Message has been copied too many times In-Reply-To: <5268F941.9040908@um.es> References: <5268F864.8030800@um.es> <5268F941.9040908@um.es> Message-ID: On 24.10.2013, at 13.41, Angel L. Mateo wrote: >> amateo_adm at myotis51:~$ sudo doveadm search -u vlo mailbox >> BORRADOS.INBOX.MNCS >> doveadm(vlo): Error: Syncing mailbox BORRADOS.INBOX.MNCS failed: Message >> has been copied too many times (59306 + -1) Looks like the index is corrupted. It should never have gotten that high. Have you tried doveadm force-resync -u vlo INBOX? > One more thing, when I said that the index has grown too much is because index directory for this mailbox folder is about 850MB, and the mailbox originally had about 3000 messages. This is the list of files in the index directory: > > root at myotis51:/mail/indexes/vl/vlo/expunged/mailboxes/INBOX/MNCS# ls -lh > total 853M > -rw------- 1 vmail vmail 127M oct 24 11:16 dovecot.index > -rw------- 1 vmail vmail 127M oct 24 11:02 dovecot.index.backup > -rw------- 1 vmail vmail 186M oct 24 12:14 dovecot.index.cache > -rw------- 1 vmail vmail 180M oct 24 12:36 dovecot.index.log > -rw------- 1 vmail vmail 138M oct 24 11:02 dovecot.index.log.2 These files are way too large for a mailbox with just 3000 mails. From tss at iki.fi Sat Oct 26 18:12:01 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 18:12:01 +0300 Subject: [Dovecot] LMTP, TLS/SSL, authentication, proxy In-Reply-To: <5266635C.2070801@mur.at> References: <5266635C.2070801@mur.at> Message-ID: <33FCBADC-4414-420C-AF85-9EC7985F4143@iki.fi> On 22.10.2013, at 14.37, Jogi Hofm?ller wrote: > Several questions packed into one email ;) > > Can dovecot use TLS/SSL on LTMP inet socket? Probably. Try adding ssl=yes to the inet_listener {}. > Can I configure dovecot to only let an authenticated user deliver mail via LMTP? Currently LMTP server doesn?t support AUTH. > Can I tell dovecot to use a user/password for proxying LMTP connections? Yes, the same way as for IMAP/POP3. From tss at iki.fi Sat Oct 26 18:14:25 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 18:14:25 +0300 Subject: [Dovecot] proxy, userdb and passdb In-Reply-To: <52664FC8.50606@mur.at> References: <526145F7.9020303@mur.at> <52664FC8.50606@mur.at> Message-ID: On 22.10.2013, at 13.13, Jogi Hofm?ller wrote: > Hi Steffen, > > Am 2013-10-22 10:05, schrieb Steffen Kaiser: > >> see http://wiki2.dovecot.org/PasswordDatabase/ExtraFields > > Did, thanks. The errors I mentioned in my previous post are gone. Still, proxying does not work as expected. Instead I get strange warnings: > > Oct 22 12:06:51 server dovecot: auth-worker(PID): Warning: userdb passwd: Move templates args to override_fields setting > > This is the proxy-userdb file's content (I removed the UID and IP address): > > user:::::::proxy=y host=IP-ADDRESS starttls=y nopassword=y > passdb { > args = session=yes > driver = pam > } > userdb { > args = /etc/dovecot/proxy-userdb > driver = passwd > } 1) Use passwd-file, not passwd 2) userdb has no effect on proxying, it must be passdb. If you really want to keep using PAM, you need to use Dovecot v2.2 with an additional passdb configuring the proxying for the users. http://wiki2.dovecot.org/PasswordDatabase#Passdb_settings explains more. It can?t be done with v2.1. From tss at iki.fi Sat Oct 26 18:18:16 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 18:18:16 +0300 Subject: [Dovecot] Login into other user's account // master user for non-master users // chroot to users. In-Reply-To: References: Message-ID: On 18.10.2013, at 11.31, Steffen Kaiser wrote: > Now, I came into thinking that it would be good in such case, if userB could authentificate as, say "sales*userB" - much like a master user - and ends in "sales"'s home, but with access permissions of "userB", well, like a chroot. > > > Would it be an interesting feature to add to Dovecot's core? > > > If I simulate "sales*userB" with password of userB and let the userdb return the home of sales, userB would gain "owner" privilegues of sales implicitly. So there seems to exist no workaround. I think that?s already possible. If master user=sales and userB = login user, the ACLs would work the way you want. The problem is how to have different passwords for the sales master user for userA and userB. But that could be done by e.g. a checkpassword script. From azurit at pobox.sk Sat Oct 26 18:22:02 2013 From: azurit at pobox.sk (azurIt) Date: Sat, 26 Oct 2013 17:22:02 +0200 Subject: [Dovecot] =?utf-8?q?Strange_output_from_LIST_command?= In-Reply-To: <72AC2585-638D-4439-8F44-34CC2D017BEE@iki.fi> References: <20131014202829.D69A4098@pobox.sk> <72AC2585-638D-4439-8F44-34CC2D017BEE@iki.fi> Message-ID: <20131026172202.B567135D@pobox.sk> > Od: Timo Sirainen > Komu: azurIt > D?tum: 26.10.2013 17:01 > Predmet: Re: [Dovecot] Strange output from LIST command > > CC: "dovecot at dovecot.org List" >On 14.10.2013, at 21.28, azurIt wrote: > >> i'm using Dovecot 2.1.7 (Debian Wheezy) and output from LIST command looks strange: >> >> C: 4 LIST () "" (INBOX INBOX.Karantena INBOX.Spam) RETURN (STATUS (UNSEEN)) >> S: * LIST () "." "INBOX" >> S: * LIST () "." "INBOX.Karantena" >> S: * STATUS "INBOX.Karantena" (UNSEEN 0) >> S: * LIST () "." "INBOX.Spam" >> S: * STATUS "INBOX.Spam" (UNSEEN 0) >> S: 4 OK List completed. >> >> The UNSEEN information for INBOX is completely missing. It is correct behavior? If not, is this a known bug in 2.1.7? Thank you. > >Fixed: http://hg.dovecot.org/dovecot-2.1/rev/d16e212531ec > >It was also already working for v2.2. Thank you. Which version will include this fix and approximately when it will be released? Thanks for info. azur From tss at iki.fi Sat Oct 26 18:23:37 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 18:23:37 +0300 Subject: [Dovecot] backup maildir mailbox bugs In-Reply-To: References: Message-ID: <835A9C19-67D4-4E27-9D56-06DBE78DB5B1@iki.fi> On 20.10.2013, at 19.24, Anand Kumria wrote: > Using dovecot v2.2.5.5, I get the following: > > $ doveadm -v backup -R -u user at example.com maildir:/home/rsync/ > example.com/user/Maildir/ > > [...] > > dsync(user at example.com): Panic: file dsync-mailbox-export.c: line 228 > (export_save_change_get): assertion failed: (change->type == > DSYNC_MAIL_CHANGE_TYPE_FLAG_CHANGE) That?s definitely a bug, but I?m not sure how to reproduce it. Can you create such a test maildir where this happens that you could send to me? For example you could change all the mail contents to just use ?x? letters. Here?s a script that does it: http://dovecot.org/tools/maildir-anonymize.pl Most likely this is related to your specific dovecot.index* files, and deleting them would fix the problem. I?d still like to fix the real bug though. From tss at iki.fi Sat Oct 26 18:31:50 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 18:31:50 +0300 Subject: [Dovecot] unusual dsync lines In-Reply-To: References: <4B776E73-04AF-48E1-84C3-7765926A7ADA@iki.fi> Message-ID: <20D428CD-CE1F-4344-A3EB-E0792D54FF0D@iki.fi> On 20.10.2013, at 20.01, Anand Kumria wrote: > Hi, > > $ doveadm sync -1 -r raw.log -R 'doveadm -o imapc_user=foo -o > imapc_password=bar -o mail=imapc: dsync-server' > > I couldn't get that line to work, I get errors like: > > doveadm(root): Fatal: Error reading configuration: Invalid -o parameter > imapc:: Missing ?=' Not sure about the above error, but > dsync-local(root): Error: read(remote) failed: EOF (version not received) > dsync-local(root): Panic: file iostream.c: line 37 (io_stream_unref): > assertion failed: (stream->refcount > 0) > *** glibc detected *** doveadm: corrupted double-linked list: > 0x0000000002312620 *** this is fixed now: http://hg.dovecot.org/dovecot-2.2/rev/d66b4b1b343a From tss at iki.fi Sat Oct 26 18:37:58 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 18:37:58 +0300 Subject: [Dovecot] Plugin issue with update from 2.0.19 to 2.1.17 In-Reply-To: References: Message-ID: <2397BB98-08EF-4DF8-8C4E-7DA4E931DD69@iki.fi> On 15.10.2013, at 23.33, Reinaldo Matukuma wrote: > Hello. Probably only Timo can help-me with this. > > I have a self-made plugin based on the zlib plugin that i use to cryptograph the messages at inbox. > > As a side-effect of the cryptography, my plugin changes the size of the message, but until 2.0.19 this works well with dovecot index and the W/S flags. > > But now, i'm going to upgrade to 2.1.17 and now i have these messages on log at my test ambiance: > > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Cached message size smaller than expected (367 < 529) > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Maildir filename has wrong S value, renamed the file from /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381879158.M634385P5208.test,S=367,W=378:2,S to /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/cur/1381879158.M634385P5208.test,S=529:2,S > Oct 15 20:19:25 test dovecot: imap(reinaldo at exemplo.com.br): Error: Corrupted index cache file /storage/test/messages/exemplo.com.br/reinaldo/Maildir/.Sent/dovecot.index.cache: Broken physical size for mail UID 6 Is it intended that when decrypting messages you?ll get exactly the original message back? Or are you also modifying the message? Assuming there is no modification, you could take a look at how http://dovecot.org/patches/2.2/mail-filter.tar.gz does that without problems. Message modifications should also be possible with that code with small modifications. I?m not sure if that code works for v2.1. From tss at iki.fi Sat Oct 26 18:39:56 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 18:39:56 +0300 Subject: [Dovecot] Dovecot proxy hooks In-Reply-To: <092115485c69b26bc50f447278b2bc7f@getodata.ro> References: <092115485c69b26bc50f447278b2bc7f@getodata.ro> Message-ID: <570A0C84-AE71-4D90-BEA5-136482997743@iki.fi> On 14.10.2013, at 21.22, dac at getodata.ro wrote: > I am interested in the possibility of using Dovecot IMAP/POP proxying capabilities to analyze emails that are passing through and possibly modify content on the fly. This subject has been discussed here [1] before. > I have tried the mail-filter plugin [2], but the hooks it uses are only called in a non-proxy setup. > > Is there a practical way of doing this, or plans to add such a feature? > > Links: > [1]: http://dovecot.org/list/dovecot/2006-February/011704.html > [2]: http://www.dovecot.org/patches/2.2/mail-filter.tar.gz You can?t use the simple proxying feature for this. If you modify the mail content, it would require modifying quite a lot of different command outputs and there?s no way a proxy could do it without more or less reimplementing half of the IMAP server functionality. But what you could do is to use the imapc backend and the mail-filter. From tss at iki.fi Sat Oct 26 19:00:49 2013 From: tss at iki.fi (Timo Sirainen) Date: Sat, 26 Oct 2013 19:00:49 +0300 Subject: [Dovecot] fts-solr indexer-worker connects to wrong solr host dovecot-2.2.4 In-Reply-To: References: <7064632D-270E-4EA4-B62F-12A5151AC381@tucows.com> Message-ID: <1EBEF433-0FA6-4045-B0D5-042D597F6AA9@iki.fi> Here?s a more complex fix that reuses the HTTP connections for the same hosts: http://hg.dovecot.org/dovecot-2.2/rev/26355654c314 On 3.10.2013, at 19.27, Richard Platel wrote: > Did some more digging. > > The problem is that the fts-solr plugin has a global solr_conn pointer, that persists between users. I think this patch fixes the problem: > > --- a/dovecot/fts_solr_plugin/fts-solr-plugin.c > +++ b/dovecot/fts_solr_plugin/fts-solr-plugin.c > @@ -50,6 +50,13 @@ static void fts_solr_mail_user_create(struct mail_user *user, const char *env) > { > struct fts_solr_user *fuser; > > + /** solr URL may be different per-user **/ > + if (solr_conn != NULL) { > + solr_connection_deinit(solr_conn); > + solr_conn = NULL; > + } > + /**/ > + > fuser = p_new(user->pool, struct fts_solr_user, 1); > if (fts_solr_plugin_init_settings(user, &fuser->set, env) < 0) { > /* invalid settings, disabling */ > > > On 2013-10-02, at 3:28 PM, Richard Platel wrote: > >> I've confirmed that this problem still exists in 2.2.5 >> >> It seems that indexer-worker only init's plugins at startup, so the fts_solr plugin is holding the url= parameter from the first user. >> >> The problem doesn't happen if the indexer-worker process is idle-killed between users. A new process starts up with the new user's userdb settings. >> >> I thought I could work around this problem by adjusting indexer-worker's settings: >> >> service indexer-worker { >> service_count = 1 >> idle_kill = 1 >> } >> >> but these changes don't seem to have any effect, the indexer-worker process still hangs around idling after indexing a user, and isn't idle-killed for upwards of a minute. >> >> Any help? >> >> >> On 2013-09-27, at 11:46 AM, Richard Platel wrote: >> >>> Hello. >>> We're setting up fts solr and want to have the solr server host be set per-user via UserDB. >>> >>> It looks like if a user connects and fts indexes mail, and then another user connects and indexes mail, indexer-worker is connecting to the first user's fts host: >>> >>> User1, hammer at rp-auth-test.com connects, does a SEARCH for the first time, indexer-worker gets UserDB settings and correctly indexes mail on ftsvs01: >>> >>> [...] >>> auth-worker(2195): Debug: dict(hammer at rp-auth-test.com): lookup shared/userdb/hammer at rp-auth-test.com >>> auth-worker(2195): Debug: dict(hammer at rp-auth-test.com): result: {"uid":"8","fts":"solr","quota_rule4":"Spam:ignore","_session":"talk15_590ec6d100042","quota_rule3":"Trash:ignore","quota_rule2":"*:messages=2684354","quota_rule":"*:storage=5242880k","mail":"maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/","fts_solr":"debug url=http://ftsvs01:8080/solr/","gid":"8"} >>> auth: Debug: userdb out: USER 1 hammer at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=talk15_590ec6d100042 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ fts_solr=debug url=http://ftsvs01:8080/solr/ gid=8 >>> indexer-worker: Debug: auth input: hammer at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=talk15_590ec6d100042 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ fts_solr=debug url=http://ftsvs01:8080/solr/ gid=8 >>> indexer-worker: Debug: Added userdb setting: plugin/_session=talk15_590ec6d100042 >>> indexer-worker: Debug: Added userdb setting: plugin/fts=solr >>> indexer-worker: Debug: Added userdb setting: plugin/fts_solr=debug url=http://ftsvs01:8080/solr/ >>> indexer-worker: Debug: Added userdb setting: mail=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/ha >>> mmer at rp-auth-test.com/ >>> indexer-worker: Debug: Added userdb setting: plugin/quota_rule=*:storage=5242880k >>> indexer-worker: Debug: Added userdb setting: plugin/quota_rule2=*:messages=2684354 >>> indexer-worker: Debug: Added userdb setting: plugin/quota_rule3=Trash:ignore >>> indexer-worker: Debug: Added userdb setting: plugin/quota_rule4=Spam:ignore >>> indexer-worker(hammer at rp-auth-test.com): Debug: Effective uid=8, gid=8, home= >>> indexer-worker(hammer at rp-auth-test.com): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions >>> =yes location=maildir:/mail/mailstore01/215/573/hammer at rp-auth-test.com/:INDEX=/mail/index01/215/573/hammer at rp-auth-test.com/ >>> indexer-worker(hammer at rp-auth-test.com): Debug: maildir++: root=/mail/mailstore01/215/573/hammer at rp-auth-test.com, index=/mail/index01/215/ >>> 573/hammer at rp-auth-test.com, indexpvt=, control=, inbox=/mail/mailstore01/215/573/hammer at rp-auth-test.com, alt= >>> indexer-worker(hammer at rp-auth-test.com): Debug: Ignoring unknown cache field: pop3.order >>> indexer-worker(hammer at rp-auth-test.com): Debug: Ignoring unknown cache field: binary.parts >>> indexer-worker(hammer at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294685 vs 1380294612 >>> ): /mail/index01/215/573/hammer at rp-auth-test.com/.INBOX/dovecot.index.log >>> indexer-worker(hammer at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Submitted >>> [...] >>> >>> >>> User1 index finishes and imap searches against ftsvs01 >>> [...] >>> imap(hammer at rp-auth-test.com): Debug: http-client: request [GET http://ftsvs01:8080/solr/select?fl=uid,score&rows=2&sort=uid+asc&q=(hdr:%22moo%22+OR+body:%22moo%22)&fq=%2Bbox:42faee1f735b1e52b3210000386e9ade+%2Buser:%22hammer at rp-auth-test.com%22]: Submitted >>> [...] >>> >>> >>> User2 grant at rp-auth-test.com connects and does a SEARCH, index worker gets gets UserDB settings, including fts host ftsvs02, but connects to ftsvs01 (also note index-worker initially shows wrong user in loglines) >>> [...] >>> auth-worker(2195): Debug: dict(grant at rp-auth-test.com): lookup shared/userdb/grant at rp-auth-test.com >>> auth-worker(2195): Debug: dict(grant at rp-auth-test.com): result: {"uid":"8","fts":"solr","quota_rule4":"Spam:ignore","_session":"cow80_609fed7600001","quota_rule3":"Trash:ignore","quota_rule2":"*:messages=2684354","quota_rule":"*:storage=5242880k","mail":"maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/","fts_solr":"debug url=http://ftsvs02:8080/solr/","gid":"8"} >>> auth: Debug: userdb out: USER 2 grant at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=cow80_609fed7600001 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ fts_solr=debug url=http://ftsvs02:8080/solr/ gid=8 >>> indexer-worker(hammer at rp-auth-test.com): Debug: auth input: grant at rp-auth-test.com uid=8 fts=solr quota_rule4=Spam:ignore _session=cow80_609fed7600001 quota_rule3=Trash:ignore quota_rule2=*:messages=2684354 quota_rule=*:storage=5242880k mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ fts_solr=debug url=http://ftsvs02:8080/solr/ gid=8 >>> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/_session=cow80_609fed7600001 >>> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/fts=solr >>> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/fts_solr=debug url=http://ftsvs02:8080/solr/ >>> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: mail=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ >>> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule=*:storage=5242880k >>> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule2=*:messages=2684354 >>> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule3=Trash:ignore >>> indexer-worker(hammer at rp-auth-test.com): Debug: Added userdb setting: plugin/quota_rule4=Spam:ignore >>> indexer-worker(grant at rp-auth-test.com): Debug: Effective uid=8, gid=8, home= >>> indexer-worker(grant at rp-auth-test.com): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/mail/mailstore01/812/023/grant at rp-auth-test.com/:INDEX=/mail/index01/812/023/grant at rp-auth-test.com/ >>> indexer-worker(grant at rp-auth-test.com): Debug: maildir++: root=/mail/mailstore01/812/023/grant at rp-auth-test.com, index=/mail/index01/812/023/grant at rp-auth-test.com, indexpvt=, control=, inbox=/mail/mailstore01/812/023/grant at rp-auth-test.com, alt= >>> indexer-worker(grant at rp-auth-test.com): Debug: Ignoring unknown cache field: pop3.order >>> indexer-worker(grant at rp-auth-test.com): Debug: Ignoring unknown cache field: binary.parts >>> indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.cache >>> indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.log >>> indexer-worker(grant at rp-auth-test.com): Warning: Created dotlock file's timestamp is different than current time (1380294736 vs 1380294664): /mail/index01/812/023/grant at rp-auth-test.com/.INBOX/dovecot.index.cache >>> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Submitted >>> [...] >>> >>> indexer-worker indexes User2's mail on wrong fts host: >>> [...] >>> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Sent header >>> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >>> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >>> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >>> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >>> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >>> indexer-worker(grant at rp-auth-test.com): Debug: http-client: request [POST http://ftsvs01:8080/solr/update]: Partially sent payload >>> [...] >>> >>> indexer-worker finishes and imap searches against correct fts host ftsvs02 >>> [...] >>> imap(grant at rp-auth-test.com): Debug: http-client: request [GET http://ftsvs02:8080/solr/select?fl=uid,score&rows=194&sort=uid+asc&q=(hdr:%22Fasdf%22+OR+body:%22Fasdf%22)&fq=%2Bbox:62d61f003b5a1e52af130000386e9ade+%2Buser:%22grant at rp-auth-test.com%22]: Submitted >>> [...] >>> >>> >>> >>> >> > From dan at langille.org Sun Oct 27 20:26:17 2013 From: dan at langille.org (Dan Langille) Date: Sun, 27 Oct 2013 14:26:17 -0400 Subject: [Dovecot] Which MTA for a personal-use dovecot instance? In-Reply-To: <5261798F.5060903@thelounge.net> References: <5261798F.5060903@thelounge.net> Message-ID: <33DAB6FD-ECA7-4723-811C-0943F1261F75@langille.org> On Oct 18, 2013, at 2:10 PM, Reindl Harald wrote: > > > Am 18.10.2013 20:03, schrieb Dan Langille: >> I'm planning to deploy a personal dovecot IMAP server (i.e. I am the only user) in a FreeBSD jail. >> >> At present, I have IMAP deployed on the same host as one of my mail servers, which is running Postfix. I do like >> Postfix, but it seems to be a bit overkill for this particular situation > > where can postfix be a overhead? I have no idea. This is why I was asking. > for simple setups you only a few lines of configuration and all others > as default - hard to find any software more easy to configure with > the backward compatibility postfix offers since many years I've been using Postfix for several years and don't use anything else for incoming email. For situations where there is only outgoing email, I've started to use nullmailer to relay the mail to a smart host (running postfix). For what it's worth, the jail mentioned above is now running Postfix and dovecot, along with 24 other supporting packages. -- Dan Langille - http://langille.org From CMarcus at Media-Brokers.com Sun Oct 27 22:21:58 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Sun, 27 Oct 2013 16:21:58 -0400 Subject: [Dovecot] Blocking certain hostnames/clients Message-ID: <526D75E6.5080003@Media-Brokers.com> Hello, As a result of learning of the new 'Intro' App introduced by LinkedIn, and discussing how to block SMTP access to my postfix server from these clients, I'm now interested in doing the same for dovecot. Bottom line desire is to avoid scraping/hijacking email stored on my dovecot server by any client other than a users client. This includes Intro (so, LinkedIn), Blackberry, GMail, Outlook, etc. The boss has expressed the desire to NOT block all email from them, just disallow any of their clients from AUTH'ing (either SMTP or IMAP/POP). I'd be interested if anyone has any kind of database of hostnames/IP blocks of the freemailers out there that support adding 3rd party accounts, especially ones supporting IMAP. Anyway, article raising the concern found here: http://www.bishopfox.com/blog/2013/10/linkedin-intro/ "LinkedIn released a new product today called Intro. They call it ?doing the impossible?, but some might call it ?hijacking email?. Why do we say this? Consider the following: Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of your emails go through LinkedIn?s servers. You read that right. Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn?s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to?whatever they feel like." -- Best regards, */Charles/* From itgeek31 at googlemail.com Mon Oct 28 02:43:48 2013 From: itgeek31 at googlemail.com (IT geek 31) Date: Mon, 28 Oct 2013 01:43:48 +0100 Subject: [Dovecot] Dovecot replication - I'm stuck Message-ID: Hi, I've been following the wiki document at http://wiki2.dovecot.org/Replication, but I've become stuck. I'm running version 2.1.3 on NetBSD 5.2 (v2.2+ isn't available as a package yet, and compiling my own is well outside my wheelhouse). I have a couple of questions: The wiki page keeps referring to "vmail". Is this a just system user I need to create? Presumably on both Dovecot boxes? If I don't use virtual users, do I need this? Here is my dovecot -n: # 2.1.3: /usr/pkg/etc/dovecot/dovecot.conf # OS: NetBSD 5.2 cobalt auth_mechanisms = plain login dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u listen = 192.168.1.1 login_greeting = Go on then, let's have it... mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_plugins = " notify replication" passdb { driver = passwd } plugin { mail_replica = remote:vmail at server2.mydomain.com replication_full_sync_interval = 1 hours } protocols = imap service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } service imap-login { inet_listener imap { port = 0 } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl_cert = References: Message-ID: <526DFD4F.2080602@eye-catching-webdesign.de> Yes, create the vmail user on both boxes and set up key-based authentication via SSH so the two can talk to each other without passwords. Also, best upgrade to dovecot 2.2 as mentioned on the wiki page, as only 2.2 supports incremental syncing of mailboxes. Regards, Lucas Am 28.10.13 01:43, schrieb IT geek 31: > Hi, > > I've been following the wiki document at > http://wiki2.dovecot.org/Replication, but I've become stuck. > > I'm running version 2.1.3 on NetBSD 5.2 (v2.2+ isn't available as a package > yet, and compiling my own is well outside my wheelhouse). > > I have a couple of questions: > > The wiki page keeps referring to "vmail". Is this a just system user I > need to create? Presumably on both Dovecot boxes? > > If I don't use virtual users, do I need this? > > Here is my dovecot -n: > > > # 2.1.3: /usr/pkg/etc/dovecot/dovecot.conf > # OS: NetBSD 5.2 cobalt > auth_mechanisms = plain login > dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u > listen = 192.168.1.1 > login_greeting = Go on then, let's have it... > mail_location = mbox:~/mail:INBOX=/var/mail/%u > mail_plugins = " notify replication" > passdb { > driver = passwd > } > plugin { > mail_replica = remote:vmail at server2.mydomain.com > replication_full_sync_interval = 1 hours > } > protocols = imap > service aggregator { > fifo_listener replication-notify-fifo { > user = vmail > } > unix_listener replication-notify { > user = vmail > } > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > user = root > } > service imap-login { > inet_listener imap { > port = 0 > } > } > service replicator { > process_min_avail = 1 > unix_listener replicator-doveadm { > mode = 0600 > } > } > ssl_cert = ssl_key = userdb { > driver = passwd > } > protocol lda { > postmaster_address = postmaster at mydomain.com > } > > > Any help would be greatly appreciated, as I'd really love to get this > working. > > Thanks, > > > -Mark > -- Lucas Rothamel Eye Catching Webdesign info at eye-catching-webdesign.de - www.eye-catching-webdesign.de You know, we go to the gym to keep the body fit. Similarly the mind needs some rest. The mind is bombarded with so many impressions. Our mind has been bombarded by impressions the whole time. It needs a different kind of rest other than sleep. And meditation is such a rest. It calms the mind. energizes the spirit and makes the body more strong and vibrant. improves the immune system. The immune cells, the T-cell count go higher through Sudarshan Kriya and meditation. And you feel so nice inside. - Sri Sri Ravi Shankar I love deadlines. I like the whooshing sound they make as they fly by. -- Douglas Adams -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4282 bytes Desc: S/MIME Cryptographic Signature URL: From skdovecot at smail.inf.fh-brs.de Mon Oct 28 10:29:47 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 28 Oct 2013 09:29:47 +0100 (CET) Subject: [Dovecot] separate mail_location for system and normal users In-Reply-To: <526AAD05.7030706@gmail.com> References: <526AAD05.7030706@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Oct 2013, Andrzej A. Filip wrote: > How to configure dovecot to use different default mail_location for > system (uid<1_000) and normal users (uid>=1_000)? > > I want to to use by default > * classic mailbox in standard location for system users > * maildir in $HOME subdirectory for normal users That depends :-) If you have just one userdb, configure the default mail_location for most users and return a mail extra field for the other ones. You use passwd? This probably will not work, see http://wiki2.dovecot.org/UserDatabase/ExtraFields about the syntax You could probably copy the set of users, that requires extra fields, from your /etc/passwd to somewhere else, adding the extra field. Then configure the copy as userdb { driver passwd-file } _before_ the userdb { passwd }. That way, the entries in the passwd-file override the ones in /etc/passwd, because they are found first. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUm4gfF3r2wJMiz2NAQJavgf/SDZJD7iJd04zGhlQ5+Ac4DKKwnjpzWTf Mk0KR7+3uqSIOyukWdciKvRK/Y0PZWblr53YTIQ3ibb7xQkAB0nZQewRfmymhn4F jQRT/Wa1Vakga+kJQyXZOFntaieXyPycgbj7Z6iiO4w04QUqLOT42UCHzBQrtJ9R z99gYpZNcyZ2Ha0GIEAHIEGJSquWZsVeEziP1cAbJBYJYEgPeYVtGWDWgvY9HKu1 T8MwerdUPxN1jKf8p/rX5jhyVRJPY1y4ofbhAZ/W4tMeeV5sPNj78/B3h0aQ+WIy WxdY6hw8e8I0yO03KiBl+KJWVTmfU3Zm0DzQ+mptGZevPj+ajE7jSw== =UY/5 -----END PGP SIGNATURE----- From itgeek31 at googlemail.com Mon Oct 28 11:45:17 2013 From: itgeek31 at googlemail.com (IT geek 31) Date: Mon, 28 Oct 2013 10:45:17 +0100 Subject: [Dovecot] Dovecot replication - I'm stuck In-Reply-To: <526DFD4F.2080602@eye-catching-webdesign.de> References: <526DFD4F.2080602@eye-catching-webdesign.de> Message-ID: Hi Lucas, Thanks for your response. I have done that, and when logged into both servers as the vmail I can SSH to the other server and am not challenged for a password (I'm using keys). However when I restart Dovecot I get the following error: Oct 28 10:36:11 server1 dovecot: dsync-local(vmail): Error: remote: Permission denied, please try again. Oct 28 10:36:11 server1 dovecot: dsync-local(vmail): Error: remote: Permission denied, please try again. Oct 28 10:36:11 server1 dovecot: dsync-local(vmail): Error: remote: Permission denied (publickey,password,keyboard-interactive). Oct 28 10:36:11 server1 dovecot: dsync-local(vmail): Error: read() from worker server failed: EOF So even though I can SSH from one server to another using key-based auth and the vmail account, it appears dsync can't. Any ideas? -Mark On 28 October 2013 06:59, Lucas Rothamel - Eye Catching Webdesign < info at eye-catching-webdesign.de> wrote: > Yes, create the vmail user on both boxes and set up key-based > authentication via SSH so the two can talk to each other without passwords. > > Also, best upgrade to dovecot 2.2 as mentioned on the wiki page, as only > 2.2 supports incremental syncing of mailboxes. > > Regards, > Lucas > > > Am 28.10.13 01:43, schrieb IT geek 31: > >> Hi, >> >> I've been following the wiki document at >> http://wiki2.dovecot.org/**Replication, >> but I've become stuck. >> >> I'm running version 2.1.3 on NetBSD 5.2 (v2.2+ isn't available as a >> package >> yet, and compiling my own is well outside my wheelhouse). >> >> I have a couple of questions: >> >> The wiki page keeps referring to "vmail". Is this a just system user I >> need to create? Presumably on both Dovecot boxes? >> >> If I don't use virtual users, do I need this? >> >> Here is my dovecot -n: >> >> >> # 2.1.3: /usr/pkg/etc/dovecot/dovecot.**conf >> # OS: NetBSD 5.2 cobalt >> auth_mechanisms = plain login >> dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u >> listen = 192.168.1.1 >> login_greeting = Go on then, let's have it... >> mail_location = mbox:~/mail:INBOX=/var/mail/%u >> mail_plugins = " notify replication" >> passdb { >> driver = passwd >> } >> plugin { >> mail_replica = remote:vmail at server2.mydomain.**com >> replication_full_sync_interval = 1 hours >> } >> protocols = imap >> service aggregator { >> fifo_listener replication-notify-fifo { >> user = vmail >> } >> unix_listener replication-notify { >> user = vmail >> } >> } >> service auth { >> unix_listener /var/spool/postfix/private/**auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> user = root >> } >> service imap-login { >> inet_listener imap { >> port = 0 >> } >> } >> service replicator { >> process_min_avail = 1 >> unix_listener replicator-doveadm { >> mode = 0600 >> } >> } >> ssl_cert = > ssl_key = > userdb { >> driver = passwd >> } >> protocol lda { >> postmaster_address = postmaster at mydomain.com >> } >> >> >> Any help would be greatly appreciated, as I'd really love to get this >> working. >> >> Thanks, >> >> >> -Mark >> >> > -- > Lucas Rothamel > Eye Catching Webdesign > info at eye-catching-webdesign.de - www.eye-catching-webdesign.de > > You know, we go to the gym to keep the body fit. Similarly the mind needs > some rest. The mind is bombarded with so many impressions. Our mind has > been bombarded by impressions the whole time. It needs a different kind of > rest other than sleep. And meditation is such a rest. It calms the mind. > energizes the spirit and makes the body more strong and vibrant. improves > the immune system. The immune cells, the T-cell count go higher through > Sudarshan Kriya and meditation. And you feel so nice inside. - Sri Sri Ravi > Shankar > I love deadlines. I like the whooshing sound they make as they fly by. -- > Douglas Adams > > > From amateo at um.es Mon Oct 28 11:46:07 2013 From: amateo at um.es (Angel L. Mateo) Date: Mon, 28 Oct 2013 10:46:07 +0100 Subject: [Dovecot] failed: Message has been copied too many times In-Reply-To: References: <5268F864.8030800@um.es> <5268F941.9040908@um.es> Message-ID: <526E325F.7000308@um.es> El 26/10/13 17:10, Timo Sirainen escribi?: > On 24.10.2013, at 13.41, Angel L. Mateo wrote: > >>> amateo_adm at myotis51:~$ sudo doveadm search -u vlo mailbox >>> BORRADOS.INBOX.MNCS >>> doveadm(vlo): Error: Syncing mailbox BORRADOS.INBOX.MNCS failed: Message >>> has been copied too many times (59306 + -1) > > Looks like the index is corrupted. It should never have gotten that high. Have you tried doveadm force-resync -u vlo INBOX? > I have just tried it now, for the same problem with other user. But it didn't fix anything. The problem is that for some reason, dovecot is duplicating user mails. In the problem I'm having today, a user has 3833 distinct messages in a mailbox, but 122 of them are duplicated 19866 each, so a search in the folder shows 2228712 messages. A force-resync of the folder doesn't fix anything. What worried me the most is that this problem is appearing very often in my system (once a week at least). -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337 From aakumykov at yandex.ru Mon Oct 28 12:34:40 2013 From: aakumykov at yandex.ru (=?koi8-r?B?4c7E0sXKIOvVzdnLz9c=?=) Date: Mon, 28 Oct 2013 17:34:40 +0700 Subject: [Dovecot] Disable unsecure POP3 at all (Dovecot 2.1) Message-ID: <83421382956480@x4web1f.yandex.ru> Hi to all. Is it possible to disable unsecure POP3 protocol at all in Dovecot 2.1? There was "protocols" option in 1.x version, and there was separate pop3 and pop3s modules. There is no "pop3s" in configuration files in 2.1. From h.reindl at thelounge.net Mon Oct 28 12:47:53 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 28 Oct 2013 11:47:53 +0100 Subject: [Dovecot] Disable unsecure POP3 at all (Dovecot 2.1) In-Reply-To: <83421382956480@x4web1f.yandex.ru> References: <83421382956480@x4web1f.yandex.ru> Message-ID: <526E40D9.1050903@thelounge.net> Am 28.10.2013 11:34, schrieb ?????? ???????: > Is it possible to disable unsecure POP3 protocol at all in Dovecot 2.1? > There was "protocols" option in 1.x version, and there was separate pop3 and pop3s modules 110/143 are not unsecure because the way to go these days should be http://en.wikipedia.org/wiki/STARTTLS http://wiki2.dovecot.org/SSL disable_plaintext_auth=yes ssl=required > There is no "pop3s" in configuration files in 2.1 says who? # provided services protocols = imap pop3 # configure imap-proxy service imap-login { inet_listener imap { address = **.**.**.** port = 143 } inet_listener imaps { address = **.**.**.** port = 993 } vsz_limit = 512M service_count = 0 process_min_avail = 1 process_limit = 15 client_limit = 300 } # configure pop3-proxy service pop3-login { inet_listener pop3 { address = **.**.**.** port = 110 } inet_listener pop3s { address = **.**.**.** port = 995 } vsz_limit = 512M service_count = 0 process_min_avail = 1 process_limit = 15 client_limit = 100 } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From azurit at pobox.sk Mon Oct 28 14:24:01 2013 From: azurit at pobox.sk (azurIt) Date: Mon, 28 Oct 2013 13:24:01 +0100 Subject: [Dovecot] =?utf-8?q?Pre_imap-session_scripting?= Message-ID: <20131028132401.BA6CC473@pobox.sk> Hi, is it possible to run a script right after the IMAP/POP3 session was started? I know about post-login scripting but this is probably not what i'm looking for. I need to run a script which will know PID of process running IMAP session (so it must be already started). Thank you. azur From dovecot at r.paypc.com Mon Oct 28 14:40:16 2013 From: dovecot at r.paypc.com (Robin) Date: Mon, 28 Oct 2013 05:40:16 -0700 Subject: [Dovecot] Blocking certain hostnames/clients In-Reply-To: <526D75E6.5080003@Media-Brokers.com> References: <526D75E6.5080003@Media-Brokers.com> Message-ID: <526E5B30.5090507@r.paypc.com> On 10/27/2013 1:21 PM, Charles Marcus wrote: > Bottom line desire is to avoid scraping/hijacking email stored on my > dovecot server by any client other than a users client. I don't think IMAP has a "client identification" component in its protocol, at least one that's in widespread and "compatible" use. So you're stuck with IP/hostname-based ACLs or perhaps something more "forensic" that does analysis of how those clients access mail and tailor a countermeasure accordingly. Of course, blackholing all of the offending IP#s is an option, but I suspect it will be a bit "whack-a-mole". =R= From skdovecot at smail.inf.fh-brs.de Mon Oct 28 15:51:27 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 28 Oct 2013 14:51:27 +0100 (CET) Subject: [Dovecot] Blocking certain hostnames/clients In-Reply-To: <526D75E6.5080003@Media-Brokers.com> References: <526D75E6.5080003@Media-Brokers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 27 Oct 2013, Charles Marcus wrote: > As a result of learning of the new 'Intro' App introduced by LinkedIn, and > discussing how to block SMTP access to my postfix server from these clients, > I'm now interested in doing the same for dovecot. Reading the description, I would say: No valid user would AUTH into your IMAP server, so block those LinkedIn-IP addresses for all ports, but plain old 25. No need to fiddle in Dovecot and you'll save resources. If you want to log them as incidents, you might look into: # Most (but not all) settings can be overridden by different protocols and/or # source/destination IPs by placing the settings inside sections, for example: # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } put a user-deny passdb {} in a remote { } block at the 1st place. However, I don't know if this works, though. > The boss has expressed the desire to NOT block all email from them, just > disallow any of their clients from AUTH'ing (either SMTP or IMAP/POP). would work, if you block all ports, but 25, from these IPs. > I'd be interested if anyone has any kind of database of hostnames/IP blocks > of the freemailers out there that support adding 3rd party accounts, > especially ones supporting IMAP. This does not read like a freemail, but just a gateway. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUm5r313r2wJMiz2NAQLUJwf+LWQVx4rJrcrmspDT4K1BnZTKIV7mS62e 2L/3TwYSGic6SzAUbQR25DYZDOaBnsOdlk2MND1fRq8mRNXTjPKGiGUHRQ5qC+qA WE3+zixXObD2/YFiH8NjAXy3waURhoYXkGdfNbiMfJoaVpwi2KtSQTWFD5WtEyvm TuyQP0UFpRiM87c9g6M634/lNiUKUK3m65s02dkJxcfEf7SQVpRESjKOtyys2hm3 gx9hgphWsZpaBYGhzs9q7nydy2WyYgLvreBtugid5YhHmTGB2YkUnNqe57jt0iAM C/CioVSZkJrTJ40ja4BO1iYifkxHmdo2ar88w4adnzWUsMEInQZrDQ== =lLXQ -----END PGP SIGNATURE----- From rob0 at gmx.co.uk Mon Oct 28 16:13:41 2013 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 28 Oct 2013 09:13:41 -0500 Subject: [Dovecot] Dovecot replication - I'm stuck In-Reply-To: References: Message-ID: <20131028141341.GX16659@harrier.slackbuilds.org> On Mon, Oct 28, 2013 at 01:43:48AM +0100, IT geek 31 wrote: > I've been following the wiki document at > http://wiki2.dovecot.org/Replication, but I've become stuck. > > I'm running version 2.1.3 on NetBSD 5.2 (v2.2+ isn't available as a > package yet, and compiling my own is well outside my wheelhouse). > > I have a couple of questions: > > The wiki page keeps referring to "vmail". Is this a just system > user I need to create? Presumably on both Dovecot boxes? > > If I don't use virtual users, do I need this? No. If you're using system users, each user owns his/her own mail. Replication would have to be done as root (or of course by a special user with sudo or other privilege escalation.) Scroll further down that page to the part about "dsync wrapper script for root SSH login (v2.2+)", but oops, you don't have 2.2. Sad. I guess you'll either have to upgrade or figure out another way to do this (probably out of Dovecot scope.) > Here is my dovecot -n: snip -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: From skdovecot at smail.inf.fh-brs.de Mon Oct 28 16:29:42 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Mon, 28 Oct 2013 15:29:42 +0100 (CET) Subject: [Dovecot] BUG with Maildir/cur/:2, (was Re: Broken files?) In-Reply-To: References: <1E5DD284-BF48-4207-92B2-AEACCE042064@kreme.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Oct 2013, LuKreme wrote: hi Timo, > I *think* I figured it out, the mailboxes that were causing the errors > each had a file in them named ?:,2? since removing those and removing > the dovecot-uidlist the problem hasn?t returned. if the Maildir has the file ":,2" in it, you get two errors the first time you select that mailbox: Error: Broken file //Maildir/.t/dovecot-uidlist line 2: Invalid extended fields: : Warning: Fixed a duplicate: //Maildir/.t/cur/:2, -> 1382969744.M379516P28028.msa but the ":2," remains in the Maildir. The next time the mailbox changes, e.g after "touch //Maildir/.t/cur", you only get the first error. Actually such file should never exist in a Maildir and is most likly not created by Dovecot itself, but for robustness Dovecot could rename such file into some sane name. Tested with # 2.2.5 (9531ec8afe8b): /usr/local/dovecot-2.2.5/etc/dovecot/dovecot.conf Thanks, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUm501l3r2wJMiz2NAQJL9wgAngP0olvc68EvOgkEedEOZy+dXXQiMlW8 UfGthUncpUyg9tmNN1g9A11/gn5PUcOC8IF2TQ2z6nXOFgC267X3gC2nZUWI7Qau TYe87AK15QeDeGEON+7KNjlWyQQyBtFgmMVqns/BPHJ6m+qpg4bbQcB3MQQkWiZJ X7IenoC17bf2if6jrmIqCfLIrggYkIdjMOGcX2BWnN6SYIu7Z9cCfF7aHa/UyV98 2G0znFdqUXGXepHVfkQAznZ22g5jgGdUgJ53yC4rDlChltZOYEFTKoz4UQivbawb Q4NL4kN7lKzO2uTf3JQeakM/obYykOHmAFQ13TqFfMaIzGl2WXLSRw== =iOwW -----END PGP SIGNATURE----- From vorgusa at gmail.com Mon Oct 28 17:16:22 2013 From: vorgusa at gmail.com (Chris Lasater) Date: Mon, 28 Oct 2013 11:16:22 -0400 Subject: [Dovecot] Dbox group file permissions Message-ID: <526E7FC6.1090001@gmail.com> Just in case someone else has the same problem, I had to change the following two variables mail_home = /mnt/home/imapd/%d/%n mail_location = dbox:/mnt/home/imapd/%d/%n to mail_home = /mnt/home/imapd/%d/%n mail_location = dbox:~/ "When mail_location begins with%h or~/, its permissions are copied from the first existing parent directory if it has setgid-bit set. This isn't done when the path contains any other %variables." From doug at impalanetworks.com Mon Oct 28 18:02:13 2013 From: doug at impalanetworks.com (Douglas Mortensen) Date: Mon, 28 Oct 2013 10:02:13 -0600 Subject: [Dovecot] Encryption solution for messages at rest Message-ID: Hi, We have clients with various security & compliance requirements. Although not required, it would be ideal to have messages encrypted at rest. We already use SSL/TLS to secure the transmission of most email. However, it would be nice to have them encrypted sitting on our server. Is anyone doing this? I think that ideally, rather than full-disk encryption, we should use an encryption that encrypts the actual email messages as they sit on our file system. This way even if we ever had our server breached by an attacker, they wouldn't be able to do anything with the messages. However, this would also mean that if the attacker can't decrypt the files, than dovecot and postfix still would need to. This means that the encryption key would need to be available to the dovecot deamon. We'd either need to have it in a file that is restricted to access only by dovecot (less secure), or use an encryption passphrase for the certificate which would have to be typed in manually each time that dovecot starts or restarts (more secure, but also more work and possibility of disruption because the server can't restart gracefully without a human being having to be present [although I don't think we have issues with unexpected restarts anyway]). Is anyone doing anything like this with dovecot? Thanks!! - Doug Mortensen Network Consultant Impala Networks Inc CCNA, MCSA, Security+, A+ Linux+, Network+, Server+ A.A.S. Information Technology . www.impalanetworks.com P: (505) 327-7300 F: (505) 327-7545 From itgeek31 at googlemail.com Mon Oct 28 18:05:43 2013 From: itgeek31 at googlemail.com (IT geek 31) Date: Mon, 28 Oct 2013 17:05:43 +0100 Subject: [Dovecot] Dovecot replication - I'm stuck In-Reply-To: <20131028141341.GX16659@harrier.slackbuilds.org> References: <20131028141341.GX16659@harrier.slackbuilds.org> Message-ID: Ah, gutted. Neither are an option right now. Thanks for your help anyway. -Mark On 28 October 2013 15:13, /dev/rob0 wrote: > On Mon, Oct 28, 2013 at 01:43:48AM +0100, IT geek 31 wrote: > > I've been following the wiki document at > > http://wiki2.dovecot.org/Replication, but I've become stuck. > > > > I'm running version 2.1.3 on NetBSD 5.2 (v2.2+ isn't available as a > > package yet, and compiling my own is well outside my wheelhouse). > > > > I have a couple of questions: > > > > The wiki page keeps referring to "vmail". Is this a just system > > user I need to create? Presumably on both Dovecot boxes? > > > > If I don't use virtual users, do I need this? > > No. If you're using system users, each user owns his/her own mail. > Replication would have to be done as root (or of course by a special > user with sudo or other privilege escalation.) > > Scroll further down that page to the part about "dsync wrapper script > for root SSH login (v2.2+)", but oops, you don't have 2.2. Sad. I > guess you'll either have to upgrade or figure out another way to do > this (probably out of Dovecot scope.) > > > Here is my dovecot -n: > snip > -- > http://rob0.nodns4.us/ -- system administration and consulting > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: > From marcin at mejor.pl Mon Oct 28 18:08:14 2013 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Mon, 28 Oct 2013 17:08:14 +0100 Subject: [Dovecot] When imapc can't connect to remote IMAP prevents user login (and blocks LDA) In-Reply-To: References: <50CCB000.2070808@mejor.pl> <1355862809.13277.51.camel@hurina> <50D0E8C9.1070301@mejor.pl> Message-ID: <526E8BEE.5080008@mejor.pl> W dniu 18.12.2012 23:10, Timo Sirainen pisze: > On 19.12.2012, at 0.06, Marcin Miros?aw wrote: > >>>> I'd like to ask is this behavior correct? >>> >>> You're using Dovecot as simple imapc proxy without local mails? Then >>> yeah, what else could it really do? >> >> Here is problem, I'm using local mails also!:) So when remote imap >> server doesn't want to talk with me I can't even check mail emails. >> I can understand this behavior (e.g. lda can't deliver email because >> sieve script could put such email in folder available via imapc) but it >> looks like a kind of DoS for my mailbox;) Maybe some kind of switch >> could be implemented: treat imapc errors as critical or not? Just an idea. > > I saw only one namespace in your configuration. Are you adding the imapc namespace somewhere else, or how exactly does your system work? Anyway, if you have a separate imapc namespace, I think you can simply set: > > namespace .. { > ignore_on_failure = yes > } Hi again! I'm answering in this old thread because I found another case when "ignore_on_failure = yes" doesn't help. When remote IMAP server is shuted down or is firewalled, in log appears " 2013-10-26T14:27:04.380859+02:00 meteor dovecot: imap(marcin at mejor.pl) : Error: imapc(imap.wp.pl:993): connect(212.77.101.140, 993) timed out after 30 seconds " In this case LDA doesn't deliver emails not I can't login using IMAP client. Is it possible to do something with such case? P.S. Now I'm using dovecot-2.2.6. Marcin From rs at sys4.de Mon Oct 28 19:19:51 2013 From: rs at sys4.de (Robert Schetterer) Date: Mon, 28 Oct 2013 18:19:51 +0100 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: <526E9CB7.4060300@sys4.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 28.10.2013 17:02, schrieb Douglas Mortensen: > Hi, > > We have clients with various security & compliance requirements. > Although not required, it would be ideal to have messages encrypted > at rest. We already use SSL/TLS to secure the transmission of most > email. However, it would be nice to have them encrypted sitting on > our server. Is anyone doing this? I think that ideally, rather than > full-disk encryption, we should use an encryption that encrypts the > actual email messages as they sit on our file system. This way even > if we ever had our server breached by an attacker, they wouldn't be > able to do anything with the messages. However, this would also > mean that if the attacker can't decrypt the files, than dovecot and > postfix still would need to. This means that the encryption key > would need to be available to the dovecot deamon. We'd either need > to have it in a file that is restricted to access only by dovecot > (less secure), or use an encryption passphrase for the certificate > which would have to be typed in manually each time that dovecot > starts or restarts (more secure, but also more work and possibility > of disruption because the server can't restart gracefully without a > human being having to be present [although I don't think we have > issues with unexpected restarts anyway]). > > Is anyone doing anything like this with dovecot? perhaps look at https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve > > Thanks!! - Doug Mortensen Network Consultant Impala Networks Inc > CCNA, MCSA, Security+, A+ Linux+, Network+, Server+ A.A.S. > Information Technology . www.impalanetworks.com P: (505) 327-7300 > F: (505) 327-7545 > Best Regards MfG Robert Schetterer - -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSbpyxAAoJEP8jBObu0LlEFmUH/0i8vKvqvIC9d3AX/QHpd7G6 +ybdiRsndYnyrOMVoRf/P0L9S2QL/FY/stQ3s4xmIZbZAlh2qQI6PhcZRPDJD1pA 59bJppKwZmm37+uj+gEYgNWdG08Adtr9xsreKvYr97Un/9W/psXYxstswITLXC9Q 8/7n4S/GBUkG36924EvtSr+nrl5HrMKgY9H5XBVz/KAauK6NYy9A3UyiaNaGVgnJ Sd58ZgMKuk84pkSFov+uj5VNz84btyfH3JQowZwN3tN8hxrmqDdkEpO38LB87PMX /sJprTisgS5WetB9GOXcSY2rbpE7I5uL3VycA/46nB1PQHe2zRY9ZQEdTNHOiTQ= =NEp8 -----END PGP SIGNATURE----- From michael at orlitzky.com Mon Oct 28 19:50:57 2013 From: michael at orlitzky.com (Michael Orlitzky) Date: Mon, 28 Oct 2013 13:50:57 -0400 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: <526EA401.5080605@orlitzky.com> On 10/28/2013 12:02 PM, Douglas Mortensen wrote: > Hi, > > We have clients with various security & compliance requirements. > Although not required, it would be ideal to have messages encrypted > at rest. You can rule out a lot of the crazier options by answering the questions, (a) What attack scenario do you have in mind? (b) How will encryption help? From doug at impalanetworks.com Mon Oct 28 21:14:33 2013 From: doug at impalanetworks.com (Douglas Mortensen) Date: Mon, 28 Oct 2013 13:14:33 -0600 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: Currently our dovecot servers are on our webhosting linux boxes. We are using the LAMP stack to host websites, and also doing email with postfix & dovecot on these systems. We provide this as a hosting setup for 100+ accounts/websites on a single server (a multi-tenant setup). Each customer has anywhere between 1-100 email accounts which Dovecot services. If a customer has vulnerable PHP code on a website, some of these will allow a remote file upload. I have seen cases where they upload a PHP script that is a sort of web-based console/shell to the server (file-system, etc.). It provides several tools which all run through the uploaded PHP script to try to brute force and do other attacks. I've seen attempts at a root exploit. We've never had a root exploit and any such case of a customer's site being hacked has been easily contained by simple filesystem permissions being correct (and the fact that we have apache setup to run all scripts as the user who is the owner of the script files, which confines the script to that users' permissions). Still nobody loves the idea of bad guys trying to hack on your box. So.... given that type of scenario, if filesystem permissions weren't correct, or some new exploit surfaced that allowed someone bypass or elevate to root, then they could theoretically have access to the entire fileystem including where emails are stored. I hope to never have this sort of thing happen. We patch our systems regularly and have other security measures we follow to prevent this. We also are managing most of the PHP scripts customers use ourselves now and are updating those for the CMS' and other systems proactively. However, it would be nice to know that even if we were breached, the emails on the server were encrypted and would be completely useless to an attacker. This type of encryption is ideal and some regulations prefer (although don't require) it. - Doug Mortensen Network Consultant Impala Networks P: 505.327.7300 -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Michael Orlitzky Sent: Monday, October 28, 2013 11:52 AM To: dovecot Subject: Re: [Dovecot] Encryption solution for messages at rest On 10/28/2013 12:02 PM, Douglas Mortensen wrote: > Hi, > > We have clients with various security & compliance requirements. > Although not required, it would be ideal to have messages encrypted at > rest. You can rule out a lot of the crazier options by answering the questions, (a) What attack scenario do you have in mind? (b) How will encryption help? From h.reindl at thelounge.net Mon Oct 28 21:23:20 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 28 Oct 2013 20:23:20 +0100 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: <526EB9A8.1030108@thelounge.net> Am 28.10.2013 20:14, schrieb Douglas Mortensen: > So.... given that type of scenario, if filesystem permissions weren't correct, or some new exploit surfaced that allowed someone bypass or elevate to root, then they could theoretically have access to the entire fileystem including where emails are stored. > I hope to never have this sort of thing happen. We patch our systems regularly and have other security measures we follow to prevent this. We also are managing most of the PHP scripts customers use ourselves now and are updating those for the CMS' and other systems proactively. how would enryption help here? > However, it would be nice to know that even if we were breached, the emails on the server were encrypted and would be completely useless to an attacker. > This type of encryption is ideal and some regulations prefer (although don't require) it impossible and useless if someone comes that far he can also read whatever configuration containing the keys encryption is nice in case of disks got stolen but not for protection against intrusion on the running machine > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Michael Orlitzky > Sent: Monday, October 28, 2013 11:52 AM > To: dovecot > Subject: Re: [Dovecot] Encryption solution for messages at rest > > On 10/28/2013 12:02 PM, Douglas Mortensen wrote: >> Hi, >> >> We have clients with various security & compliance requirements. >> Although not required, it would be ideal to have messages encrypted at >> rest. > > You can rule out a lot of the crazier options by answering the questions, > > (a) What attack scenario do you have in mind? > > (b) How will encryption help? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From ronleach at tesco.net Mon Oct 28 21:39:22 2013 From: ronleach at tesco.net (Ron Leach) Date: Mon, 28 Oct 2013 19:39:22 +0000 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: <526EBD6A.1010407@tesco.net> On 28/10/2013 19:14, Douglas Mortensen wrote: > > So.... given that type of scenario, if filesystem permissions > weren't correct, or some new exploit surfaced that allowed someone > bypass or elevate to root, then they could theoretically have > access to the entire fileystem including where emails are stored. > > ... > > However, it would be nice to know that even if we were breached, > the emails on the server were encrypted and would be completely > useless to an attacker. > > This type of encryption is ideal and some regulations prefer > (although don't require) it. OK, but encryption will only help if the bad guy, who gets elevated to root, can not access the decryption keys. But you initially suggested Dovecot has to decrypt the mails, so I would think root access would be able to obtain keys and run (in some manner) suitable decryption, even if offline back in its lair. And this brings me to something I wanted to ask from your first post - and please forgive a basic question. Why does Dovecot need to decrypt the messages? Why could not the messages be encrypted, and only the clients decrypt them - this way only the clients would have the decryption keys and the bad root-guy can't get the keys. Is true that Dovecot needs access to mails in clear? If yes, what part of the mails does Dovecot need in clear - might clear 'headers' be sufficient for its purposes, so that message content remains encrypted? Such a scenario might require all users (or, maybe, just those users that wanted this facility) to ensure they had suitable clients, maybe Thunderbird with a suitable plug-in, or maybe a special-purpose client. And whatever public email server you (or the customers) are running would have to encrypt public email on receipt, and decrypt on public transmission, but 'in-company' email within each customer could remain encrypted, anyway. Such a scheme would depend, though, on the extent to which Dovecot does require access to mail 'content' (in addition to Dovecot housekeeping data such as time of receipt, read status, index value, etc). Hence the question, does Dovecot need access to mail in clear? regards, Ron From michael at orlitzky.com Mon Oct 28 21:49:09 2013 From: michael at orlitzky.com (Michael Orlitzky) Date: Mon, 28 Oct 2013 15:49:09 -0400 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: <526EBFB5.4000009@orlitzky.com> On 10/28/2013 03:14 PM, Douglas Mortensen wrote: > If a customer has vulnerable PHP code on a website, some of these > will allow a remote file upload. I have seen cases where they upload > a PHP script that is a sort of web-based console/shell to the server > (file-system, etc.). It provides several tools which all run through > the uploaded PHP script to try to brute force and do other attacks. > I've seen attempts at a root exploit. We've never had a root exploit > and any such case of a customer's site being hacked has been easily > contained by simple filesystem permissions being correct (and the > fact that we have apache setup to run all scripts as the user who is > the owner of the script files, which confines the script to that > users' permissions). Still nobody loves the idea of bad guys trying > to hack on your box. If an attacker gets root, the entire exercise is pointless, because he can get the decryption key. So you "don't have to worry" about that case =) A suggestion, not dovecot-related: The web users -- in our case, www.example.com -- shouldn't have access to anything outside of the web root. You can achieve this within PHP by placing everything that the website will need under one directory, and setting (in apache): php_admin_value open_basedir /var/www/$domain/$host/ php_admin_value upload_tmp_dir /var/www/$domain/$host/tmp php_admin_value session.save_path /var/www/$domain/$host/tmp php_admin_value sys_temp_dir /var/www/$domain/$host/tmp Personally, I don't trust PHP at all, so we create a separate web user for each vhost and run them under mpm-itk . > So.... given that type of scenario, if filesystem permissions weren't > correct, or some new exploit surfaced that allowed someone bypass or > elevate to root, then they could theoretically have access to the > entire fileystem including where emails are stored. Who has access to the maildirs on your systems? On ours, everything is owned by deliver:deliver, with mode 700 or 600. The dovecot 'deliver' user is the one who reads and writes all mail. (It is in fact a misnomer now that we use LMTP). You can achieve the same by setting mode=600 everywhere in dovecot.conf, but this depends on your setup. Suppose someone gains access to the 'deliver' user. That user is the one who reads and would decrypt the mail; therefore the attacker can read the mail anyway. But if they don't gain access to the 'deliver' account, what can they do? Barring incorrect permissions or a kernel bug, nothing. The permissions are handled by dovecot, which ostensibly you trust. And if there's a kernel bug, you have bigger problems. From h.reindl at thelounge.net Mon Oct 28 22:10:32 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Mon, 28 Oct 2013 21:10:32 +0100 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: <526EBFB5.4000009@orlitzky.com> References: <526EBFB5.4000009@orlitzky.com> Message-ID: <526EC4B8.6030201@thelounge.net> Am 28.10.2013 20:49, schrieb Michael Orlitzky: > On 10/28/2013 03:14 PM, Douglas Mortensen wrote: >> If a customer has vulnerable PHP code on a website, some of these >> will allow a remote file upload. I have seen cases where they upload >> a PHP script that is a sort of web-based console/shell to the server >> (file-system, etc.). It provides several tools which all run through >> the uploaded PHP script to try to brute force and do other attacks. >> I've seen attempts at a root exploit. We've never had a root exploit >> and any such case of a customer's site being hacked has been easily >> contained by simple filesystem permissions being correct (and the >> fact that we have apache setup to run all scripts as the user who is >> the owner of the script files, which confines the script to that >> users' permissions). Still nobody loves the idea of bad guys trying >> to hack on your box. > > If an attacker gets root, the entire exercise is pointless, because he > can get the decryption key. So you "don't have to worry" about that case =) > > A suggestion, not dovecot-related: > > The web users -- in our case, www.example.com -- shouldn't have access > to anything outside of the web root. You can achieve this within PHP by > placing everything that the website will need under one directory, and > setting (in apache): > > php_admin_value open_basedir /var/www/$domain/$host/ > php_admin_value upload_tmp_dir /var/www/$domain/$host/tmp > php_admin_value session.save_path /var/www/$domain/$host/tmp > php_admin_value sys_temp_dir /var/www/$domain/$host/tmp oh no - do *not* place the sesiondata anywhere inside open_basdir this is one of the badest things you can do because any otherwise harmless script bypassed whatever security restriction will be able to read *any* session data but hey, also PHP upstream a few years ago had no clue about session-security https://bugs.php.net/bug.php?id=42077 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From raabe at froglogic.com Tue Oct 29 00:22:11 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Mon, 28 Oct 2013 23:22:11 +0100 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: <526EB9A8.1030108@thelounge.net> References: " " <526EB9A8.1030108@thelounge.net> Message-ID: On 2013-10-28 20:23, Reindl Harald wrote: > Am 28.10.2013 20:14, schrieb Douglas Mortensen: >> However, it would be nice to know that even if we were breached, the >> emails on the server were encrypted and would be completely useless to >> an attacker. >> This type of encryption is ideal and some regulations prefer >> (although don't require) it > > impossible and useless > if someone comes that far he can also read whatever configuration > containing the keys In principle, this can be addressed by employing asymmetric key encryption. You could imagine a system which requires users to generate a key pair and then submit their public key. The mail system will encrypt all mail received for a user with that users public key. When accessing the mail, the user configures his user agent to use the private key to decrypt the mail. In practice, it's probably not that easy: 1. I suppose you'd have to be careful to not break features like server-side searching though. If you only store encrypted mail, the only moment where the system sees the plain mail is when it's received. So you'd probably need to index it at that point and then use that index for subsequent queries. Once the mail is written to disk, the server never sees the real data anymore. 2. Different mail storage formats probably work differently well. mbox is right out, with Maildir it might not be acceptable to encode the raw mail file - I don't know whether Dovecot uses any actual contents of files with Maildir (as opposed to the Dovecot-specific indices and the file name). If it does, then you should maybe just encrypt just the body but no headers or similiar. There's surely more to consider, but I think this is anything but "impossible and useless". Accessing sensitive data which is stored on an untrusted system is an old and solved problem, I wouldn't be surprised if you just have to consider implementation details in the case of a mail server. -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From michael at orlitzky.com Tue Oct 29 02:10:25 2013 From: michael at orlitzky.com (Michael Orlitzky) Date: Mon, 28 Oct 2013 20:10:25 -0400 Subject: [Dovecot] OT: PHP session data storage In-Reply-To: <526EC4B8.6030201@thelounge.net> References: <526EBFB5.4000009@orlitzky.com> <526EC4B8.6030201@thelounge.net> Message-ID: <526EFCF1.8030107@orlitzky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/28/2013 04:10 PM, Reindl Harald wrote: >> >> php_admin_value open_basedir /var/www/$domain/$host/ >> php_admin_value upload_tmp_dir /var/www/$domain/$host/tmp >> php_admin_value session.save_path /var/www/$domain/$host/tmp >> php_admin_value sys_temp_dir /var/www/$domain/$host/tmp > > oh no - do *not* place the sesiondata anywhere inside open_basdir > this is one of the badest things you can do because any otherwise > harmless script bypassed whatever security restriction will be able > to read *any* session data > You have a point, but I wouldn't go as far as to say it's one of the worst things you can do. If a vulnerable PHP script allows an attacker to (at least try to) read arbitrary files, then it's possible to read session data that lies within open_basedir. Note that they can already read your database credentials out of config.php at that point. But, if you put the session data under open_basedir, then it's easy to restrict access to the entire /var/www/example.com hierarchy to the one user that needs it: www.example.com. In the scenario I described, I'm able to tell our customers that their websites are "physically" separated from our other customers. If there's a vulnerability in someone else's site, the kernel (via filesystem ACLs) will prevent it from affecting yours. The web user for example.NET truly cannot even traverse /var/www/example.COM, where everything important to you is stored. This is robust against Apache, Ruby, Python, etc. vulnerabilities as well -- not just PHP. I already mentioned that I don't trust PHP. Our sites would be just as secure if open_basedir stopped working tomorrow, since the filesystem ACLs are what we trust to work. So, we trade the potential to read sessions for that peace of mind. Not trying to downplay your complaint, just pointing out another POV. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQIcBAEBAgAGBQJSbvzxAAoJEBxJck0inpOi2AUQAJCnroIfBiaB1EIeV+X0wfE4 drfac6wdp16bQxRBQOj2if0qhG363bK3jVTwirEsSeWgmE9FBMDiiQeLe3txL4Nb 7NffcX/ThxM9i7Xwpd13ZMsmOlJiTbRg54AeLaBP7oUVnRd5wyaby60KyFDF9raN LP8aYtVs2GR8tCG1tEbwfoOZGmAtRx8Ku7HiYHlUBiyHdFFg86svV//ShiHpp9+N 4m+1uDEyLsRZ8o9U7x7p/mAwB6sHLcRlQNIA5lHdI8eGqy3J/H+O61u9zs1a4YPS XKUY6wkLc9ksuD56N+an+jT51+0KybyJTOh8m4ZjEhZLBdkhzkeLQkAkQ4XG0MLW 7IsEq6SpY7j/0jSI/DoXBu/dsY275J9BpciRisKBmmZQEybZqzrgUWyHrWSKa72R OjiCnYCrnQj8q71k+U3jUKL+b4xChtrN6+JzIAbCdVjfu7UTaBquz0cN29EnopnB HqzWLwqP1aXlBzlVBGvyVN8mQWDEbtKIMcH0FvT5UYR+YGKxhaEadVFRcqx2t+p/ zifIN1g4hn66V4nxv1ULi3nM1rze8RUbjj9cJL1xP+iEstJdfdo+Fz5GNnp2dq0t E3lvghfv5fL9syaq7eanHU4W0sfF9IbtJ4cqbyzAKi5zBwWuk2tueQ1N1GX++CxG mMFqEPKR6gkUGX/ooEIc =iaNf -----END PGP SIGNATURE----- From noel.butler at ausics.net Tue Oct 29 03:11:54 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 29 Oct 2013 11:11:54 +1000 Subject: [Dovecot] OT: PHP session data storage In-Reply-To: <526EFCF1.8030107@orlitzky.com> References: "\"" " <526EBFB5.4000009@orlitzky.com> <526EC4B8.6030201@thelounge.net> <526EFCF1.8030107@orlitzky.com> Message-ID: On 29/10/2013 10:10, Michael Orlitzky wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 10/28/2013 04:10 PM, Reindl Harald wrote: >>> >>> php_admin_value open_basedir /var/www/$domain/$host/ >>> php_admin_value upload_tmp_dir /var/www/$domain/$host/tmp >>> php_admin_value session.save_path /var/www/$domain/$host/tmp >>> php_admin_value sys_temp_dir /var/www/$domain/$host/tmp >> >> oh no - do *not* place the sesiondata anywhere inside open_basdir >> this is one of the badest things you can do because any otherwise >> harmless script bypassed whatever security restriction will be able >> to read *any* session data >> > > You have a point, but I wouldn't go as far as to say it's one of the > worst things you can do. If a vulnerable PHP script allows an attacker > to (at least try to) read arbitrary files, then it's possible to read > session data that lies within open_basedir. Note that they can already > read your database credentials out of config.php at that point. > > But, if you put the session data under open_basedir, then it's easy to > restrict access to the entire /var/www/example.com hierarchy to the > one user that needs it: www.example.com. In the scenario I described, > I'm able to tell our customers that their websites are "physically" > separated from our other customers. > > If there's a vulnerability in someone else's site, the kernel (via > filesystem ACLs) will prevent it from affecting yours. The web user > for example.NET truly cannot even traverse /var/www/example.COM, where > everything important to you is stored. This is robust against Apache, > Ruby, Python, etc. vulnerabilities as well -- not just PHP. > > I already mentioned that I don't trust PHP. Our sites would be just as > secure if open_basedir stopped working tomorrow, since the filesystem > ACLs are what we trust to work. So, we trade the potential to read > sessions for that peace of mind. Not trying to downplay your > complaint, just pointing out another POV. Some time ago, we too, evaluated the pros and cons given our design, and we too, decided on the lesser evil and keep it under open_basedir, have done for many many years without problem, of course I'm not so naive to think it may never one day be a problem for a single host, when running shared hosting there are always risks, in everything. From noel.butler at ausics.net Tue Oct 29 03:17:38 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 29 Oct 2013 11:17:38 +1000 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: <526E9CB7.4060300@sys4.de> References: <526E9CB7.4060300@sys4.de> Message-ID: <0fd8f034a943b8f140c5b00496977743@ausics.net> On 29/10/2013 03:19, Robert Schetterer wrote: > > > https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve > I got worried, laughed, and stopped reading at: "not only do you not have to edit any Postfix configuration (which by itself is an exercise in patience)," As you know, postfix can be done in your sleep, if he thinks he needs patience to do postfix, I should introduce him to sendmail configuration (which I also think is easy - but having used it for 15 years before moving to postix, I guess it would want to be easy LOL) :) From me at electronico.nc Tue Oct 29 05:05:34 2013 From: me at electronico.nc (me at electronico.nc) Date: Tue, 29 Oct 2013 14:05:34 +1100 Subject: [Dovecot] pigeonhole sources no more available Message-ID: <526F25FE.6060103@electronico.nc> Hi all, Please excuse me for this message but I can't find the pigeonhole sources available anymore. This page : http://pigeonhole.dovecot.org/download.html Points to (for latest sources) : http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.2.tar.gz And it seems that : www.rename-it.nl is now : http://www.medicalbits.nl So we get 404 error ... Could someone point us the to right URL and, maybe, update pigeonhole.dovecot.org ? Thanks in advance for your time. Nicolas From noel.butler at ausics.net Tue Oct 29 05:49:20 2013 From: noel.butler at ausics.net (Noel Butler) Date: Tue, 29 Oct 2013 13:49:20 +1000 Subject: [Dovecot] pigeonhole sources no more available In-Reply-To: <526F25FE.6060103@electronico.nc> References: <526F25FE.6060103@electronico.nc> Message-ID: <1383018561.9018.5.camel@tardis> ummmm someone doesnt use DNSSEC... its been hijacked me thinks http://www. medicalbits. nl/ .... really? :) On Tue, 2013-10-29 at 14:05 +1100, me at electronico.nc wrote: > Hi all, > Please excuse me for this message but I can't find the pigeonhole > sources available anymore. > This page : http://pigeonhole.dovecot.org/download.html > Points to (for latest sources) : > http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.2.tar.gz > And it seems that : www.rename-it.nl > is now : http://www.medicalbits.nl > So we get 404 error ... > Could someone point us the to right URL and, maybe, update > pigeonhole.dovecot.org ? > Thanks in advance for your time. > Nicolas -------------- next part -------------- A non-text attachment was scrubbed... Name: face-smile.png Type: image/png Size: 873 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From pug at felsing.net Tue Oct 29 09:53:48 2013 From: pug at felsing.net (Christian Felsing) Date: Tue, 29 Oct 2013 08:53:48 +0100 Subject: [Dovecot] pigeonhole sources no more available In-Reply-To: <526F25FE.6060103@electronico.nc> References: <526F25FE.6060103@electronico.nc> Message-ID: <526F698C.7050401@felsing.net> Hello, until problem is resolved, I provide that on https://x.ip6.li/dovecot-2.2-pigeonhole-0.4.2.tar.gz best regards Christian Felsing Am 29.10.13 04:05, schrieb me at electronico.nc: > Please excuse me for this message but I can't find the pigeonhole sources available anymore. > Points to (for latest sources) : http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.2.tar.gz From rs at sys4.de Tue Oct 29 09:54:04 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 29 Oct 2013 08:54:04 +0100 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: <526F699C.9080402@sys4.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 28.10.2013 20:14, schrieb Douglas Mortensen: > Currently our dovecot servers are on our webhosting linux boxes. We > are using the LAMP stack to host websites, and also doing email > with postfix & dovecot on these systems. We provide this as a > hosting setup for 100+ accounts/websites on a single server (a > multi-tenant setup). Each customer has anywhere between 1-100 email > accounts which Dovecot services. > > If a customer has vulnerable PHP code on a website, some of these > will allow a remote file upload. I have seen cases where they > upload a PHP script that is a sort of web-based console/shell to > the server (file-system, etc.). It provides several tools which all > run through the uploaded PHP script to try to brute force and do > other attacks. I've seen attempts at a root exploit. We've never > had a root exploit and any such case of a customer's site being > hacked has been easily contained by simple filesystem permissions > being correct (and the fact that we have apache setup to run all > scripts as the user who is the owner of the script files, which > confines the script to that users' permissions). Still nobody loves > the idea of bad guys trying to hack on your box. > > So.... given that type of scenario, if filesystem permissions > weren't correct, or some new exploit surfaced that allowed someone > bypass or elevate to root, then they could theoretically have > access to the entire fileystem including where emails are stored. > > I hope to never have this sort of thing happen. We patch our > systems regularly and have other security measures we follow to > prevent this. We also are managing most of the PHP scripts > customers use ourselves now and are updating those for the CMS' and > other systems proactively. > > However, it would be nice to know that even if we were breached, > the emails on the server were encrypted and would be completely > useless to an attacker. > > This type of encryption is ideal and some regulations prefer > (although don't require) it. - Doug Mortensen Network Consultant > Impala Networks P: 505.327.7300 you shouldnt host mail/imap services on the same servers with massive http hosting, i dont see a real connection between php bugs etc and dovecot, it more a question of setup design you have choosen what makes thing more bad then they have to be > > -----Original Message----- From: dovecot-bounces at dovecot.org > [mailto:dovecot-bounces at dovecot.org] On Behalf Of Michael Orlitzky > Sent: Monday, October 28, 2013 11:52 AM To: dovecot Subject: Re: > [Dovecot] Encryption solution for messages at rest > > On 10/28/2013 12:02 PM, Douglas Mortensen wrote: >> Hi, >> >> We have clients with various security & compliance requirements. >> Although not required, it would be ideal to have messages >> encrypted at rest. > > You can rule out a lot of the crazier options by answering the > questions, > > (a) What attack scenario do you have in mind? > > (b) How will encryption help? > Best Regards MfG Robert Schetterer - -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSb2mWAAoJEP8jBObu0LlEWkAH+gImez3F9cz1c5TcbgWTMdP6 onrp2Swd5gw6bKNkj2R6bzvtNPTNtrCUxVNU8c8YIIyeMK+fq3d6YxjB8p5nwrrR AqL82xo97CbjPluldrcUAZUzBSUMrIjXC4dKAQvpD/Nhl7QMmPmeCcvZ8B39urcs 4AT2vSDI5wvuMtpKzj2ohA5P9UAwDPmm6beihWn73IubCWeUcO47sJj4W0dnO2bv OZ2k6TwLfRbdkqH3wH0JEGqnYgrRxm9czkidH1C5JJM5MAosJoTn21dSbLZoqD8O pmdT7jqUfyZ1GkUDO2OqEHl1V04RQhlP0wxAKTh39ahvQrXZgPzTwhxw6T0cZoM= =zZYc -----END PGP SIGNATURE----- From rs at sys4.de Tue Oct 29 10:02:52 2013 From: rs at sys4.de (Robert Schetterer) Date: Tue, 29 Oct 2013 09:02:52 +0100 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: <0fd8f034a943b8f140c5b00496977743@ausics.net> References: <526E9CB7.4060300@sys4.de> <0fd8f034a943b8f140c5b00496977743@ausics.net> Message-ID: <526F6BAC.3090001@sys4.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 29.10.2013 02:17, schrieb Noel Butler: > On 29/10/2013 03:19, Robert Schetterer wrote: > >> >> >> https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve >> > >> > > I got worried, laughed, and stopped reading at: > > "not only do you not have to edit any Postfix configuration (which > by itself is an exercise in patience)," > > > As you know, postfix can be done in your sleep, if he thinks he > needs patience to do postfix, I should introduce him to sendmail > configuration (which I also think is easy - but having used it for > 15 years before moving to postix, I guess it would want to be easy > LOL) :) > Hi Noel, its not my blog, and the main thing i looked at, is how to connect dove external sieve plugin with gpg, youre right postfix has well done docs and mail list, so i simply rare care about postfix statements written elsewhere. Best Regards MfG Robert Schetterer - -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSb2usAAoJEP8jBObu0LlEFjcIAMtuDU5+0lBdZ+2OUm9NLOIo 8nG/fk7zGzkdR5ULix7/iLeyegZ0ngt5o5FOKJzSKGfZvzdc5yrFHhTEX7ejzhTn 2vnckCJQfTV8mCO1Y0d5PKxKxCUPKOjcRHRdhcRdbT5sVsyxvPaBeKkiaxm8gDr6 +VaWjyTXPghMyOTppKNj8N9v1q8Dcm94Apt987I4pskbTDxLZJWwGbzOxc5m4Ejn wUCLW6ykav/zZL04T8/qDuXQ5YdEICiGAylZaPqjgz4J9uevr/xsKNCWEFgQ+2W3 hmQDJhivi+QZd5YnkhUU7Hy84U1eIOmAFgaFrZk4ZtrK89Q51JqYlfLw9jYpZ3E= =dAXz -----END PGP SIGNATURE----- From tom at whyscream.net Tue Oct 29 10:08:46 2013 From: tom at whyscream.net (Tom Hendrikx) Date: Tue, 29 Oct 2013 09:08:46 +0100 Subject: [Dovecot] pigeonhole sources no more available In-Reply-To: <1383018561.9018.5.camel@tardis> References: <526F25FE.6060103@electronico.nc> <1383018561.9018.5.camel@tardis> Message-ID: <526F6D0E.4060006@whyscream.net> Hi, The physical address details on both sites look the same, and the domains share the rename-it dns infra. I guess Stephan simply screwed up his vhost config... See google cache for old site: http://webcache.googleusercontent.com/search?q=cache:0A6QBfSIBDUJ:www.rename-it.nl/index.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D4%26Itemid%3D4+&cd=2&hl=en&ct=clnk&gl=nl&client=ubuntu Regards, Tom On 10/29/2013 04:49 AM, Noel Butler wrote: > ummmm someone doesnt use DNSSEC... its been hijacked me thinks > > http://www. medicalbits. nl/ .... really? :) > > > On Tue, 2013-10-29 at 14:05 +1100, me at electronico.nc wrote: > >> Hi all, >> Please excuse me for this message but I can't find the pigeonhole >> sources available anymore. >> This page : http://pigeonhole.dovecot.org/download.html >> Points to (for latest sources) : >> http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.2.tar.gz >> And it seems that : www.rename-it.nl >> is now : http://www.medicalbits.nl >> So we get 404 error ... >> Could someone point us the to right URL and, maybe, update >> pigeonhole.dovecot.org ? >> Thanks in advance for your time. >> Nicolas > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From lists at wildgooses.com Tue Oct 29 10:26:27 2013 From: lists at wildgooses.com (Ed W) Date: Tue, 29 Oct 2013 08:26:27 +0000 Subject: [Dovecot] Crash in dovecot 2.2.6 Message-ID: <526F7133.9010903@wildgooses.com> Hi, I recently upgraded from a dovecot 2.1 version to 2.2.6. I now have a single user who occasionally triggers a crash (just this one user it seems?). The user connects via LiveMail (v14.0.8117.) and IMAP. Oct 29 08:05:26 mail1 dovecot: imap(customer at example.org): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x6575a) [0xd94cc75a] -> /usr/lib/dovecot/libdovecot.so.0(+0x657cb) [0xd94cc7cb] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0xd9481991] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_export+0xa69) [0xd95e3e09] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xa9618) [0xd95e2618] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit_full+0xd1) [0xd95e2b31] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit+0x23) [0xd95e2c23] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_sync_commit+0xe9) [0xd95ec0c9] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x527d2) [0xd958b7d2] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x51b0c) [0xd958ab0c] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x51eea) [0xd958aeea] -> /usr/lib/dovecot/libdovecot-storage.so.0(maildir_storage_sync_init+0xef) [0xd958b2af] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x3b) [0xd959c4ab] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x3f) [0xd959c5ef] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x48) [0xd95cabc8] -> /usr/lib/dovecot/lib20_fts_plugin.so(+0xb362) [0xd928f362] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x49) [0xd959da79] -> dovecot/imap [customer at example.org 176.35.111.117 STATUS](imap_status_get+0x73) [0x8064503] -> dovecot/imap [customer at example.org 176.35.111.117 STATUS](cmd_status+0x189) [0x80591d9] -> dovecot/imap [customer at example.org 176.35.111.117 STATUS](command_exec+0x32) [0x805d762] -> dovecot/imap [customer at example.org 176.35.111.117 STATUS]() [0x805c747] -> dovecot/imap [customer at example.org 176.35.111.117 STATUS]() [0x805c891] -> dovecot/imap [customer at example.org 176.35.111.117 STATUS](client_handle_input+0x125) [0x805cae5] -> dovecot/imap [customer at example.org 176.35.111.117 STATUS](client_input+0x72) [0x805ce92] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x44) [0xd94def84] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xce) [0xd94dff7e] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0xd94dea40] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x2e) [0xd94874be] System is gentoo 32bit. Do you need configs? Thanks for any advice Ed W From stephan at rename-it.nl Tue Oct 29 10:54:47 2013 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 29 Oct 2013 09:54:47 +0100 Subject: [Dovecot] pigeonhole sources no more available In-Reply-To: <526F25FE.6060103@electronico.nc> References: <526F25FE.6060103@electronico.nc> Message-ID: <526F77D7.2090805@rename-it.nl> On 10/29/2013 4:05 AM, me at electronico.nc wrote: > Hi all, > Please excuse me for this message but I can't find the pigeonhole > sources available anymore. > This page : http://pigeonhole.dovecot.org/download.html > Points to (for latest sources) : > http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.2.tar.gz > And it seems that : www.rename-it.nl > is now : http://www.medicalbits.nl > So we get 404 error ... > Could someone point us the to right URL and, maybe, update > pigeonhole.dovecot.org ? > Thanks in advance for your time. Looks like the administrator renamed rename-it (pun intended) without realizing that the Pigeonhole downloads were still located there. I should have moved this ages ago, but I did it now. I'll also make the old URL redirect to the new location (but that can take a while still). Regards, Stephan. From kremels at kreme.com Tue Oct 29 17:25:22 2013 From: kremels at kreme.com (LuKreme) Date: Tue, 29 Oct 2013 09:25:22 -0600 Subject: [Dovecot] recipient_delimiter deux In-Reply-To: <9AAB4E25-1670-48CE-A4F2-537A7B57FF11@kreme.com> References: <78F8CEEF-992E-4622-AC54-ED1980B5DB14@kreme.com> <4C81A4F3-38BA-4773-9A7C-0137079B540C@kreme.com> <9AAB4E25-1670-48CE-A4F2-537A7B57FF11@kreme.com> Message-ID: <5D322B0E-8259-4106-BADE-EB5FFCE63DD9@kreme.com> On 24 Oct 2013, at 08:54 , LuKreme wrote: > dovecot unix - n n - - pipe flags=DRhu user=user:group argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -m ${extension} I ran into a problem with this line in that the D flag generates an error if a message is sent to two virtual users. warning: pipe flag `D' requires dovecot_destination_recipient_limit = 1 Also, I notice that on the dovecot2 page deliver is dovecot-lda. I'm trying this right now and will see if there's any further errors: main.cf: dovecot_destination_recipient_limit = 1 master.cf dovecot unix - n n - - pipe flags=DRhu user=vpopmail:vchkpw argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${user}@${nexthop} -m ${extension} -- You and me Sunday driving Not arriving From mnewpipe at gmail.com Tue Oct 29 17:48:04 2013 From: mnewpipe at gmail.com (Michael Neurohr) Date: Tue, 29 Oct 2013 16:48:04 +0100 Subject: [Dovecot] Building the Antispam plugin fails Message-ID: Hi! I'm running Dovecot 2.2.5 on a CentOS 6.4 server from the ATRPMs repository. Unfortunately this repo does not provide a packaged version of the Antispam Plugin. So I followed the steps outlined in the Dovecot Wiki [1]. But when running the command ./configure, I get stuck with the following error: checking for dovecot-config in "/usr/local/lib/dovecot"... not found configure: configure: Use --with-dovecot=DIR to provide the path to the dovecot-config file. configure: error: dovecot-config not found So I downloaded the dovecot-devel package and run the configure command again with the following command: ./configure --with-dovecot=/usr/include/dovecot but with the same result. I made sure the the directory "/usr/include/dovecot" does contain the Dovecot header files. What can I do next? Do I really also have to install Dovecot from the sources only to get the Antispam Plugin working? Thanks, Michael [1] http://wiki2.dovecot.org/Plugins/Antispam From ajb2 at mssl.ucl.ac.uk Tue Oct 29 18:03:47 2013 From: ajb2 at mssl.ucl.ac.uk (Alan Brown) Date: Tue, 29 Oct 2013 16:03:47 +0000 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: <526FDC63.5080100@site.mssl.ucl.ac.uk> > Date: Tue, 29 Oct 2013 08:54:04 +0100 > From: Robert Schetterer > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Encryption solution for messages at rest > Message-ID: <526F699C.9080402 at sys4.de> > Content-Type: text/plain; charset=ISO-8859-1 > > > you shouldnt host mail/imap services on the same servers with massive > http hosting, You shouldn't host anything else on a webserver FULLSTOP. Webservers are best treated as "disposable" and should be heavily sandboxed. Any resources they can use should be vetted and ideally set as "read only" Inbound external access should be firewalled down to the webserver ports and OUTBOUND traffic should be firewalled too (If it has no business initiating external connections then block all SYNs), in order to stop it becoming a DDoS zombie. It's foolish (at best) to have mail servers running on a webserver, because if it's compromised it can immediately be used as a spam engine without much further effort. At least if it has to hand mail off to another mailserver you have a chance to run outbound filtering on the emitted mail without worrying about that being compromised too. From tss at iki.fi Tue Oct 29 18:55:10 2013 From: tss at iki.fi (Timo Sirainen) Date: Tue, 29 Oct 2013 18:55:10 +0200 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: On 28.10.2013, at 18.02, Douglas Mortensen wrote: > We have clients with various security & compliance requirements. Although not required, it would be ideal to have messages encrypted at rest. We already use SSL/TLS to secure the transmission of most email. However, it would be nice to have them encrypted sitting on our server. Is anyone doing this? I think that ideally, rather than full-disk encryption, we should use an encryption that encrypts the actual email messages as they sit on our file system. This way even if we ever had our server breached by an attacker, they wouldn't be able to do anything with the messages. However, this would also mean that if the attacker can't decrypt the files, than dovecot and postfix still would need to. This means that the encryption key would need to be available to the dovecot deamon. We'd either need to have it in a file that is restricted to access only by dovecot (less secure), or use an encryption passphrase for the certificate which would have to be typed in manually each time that dovecot starts or restarts (more secure, but also more work and possibility of disruption because the server can't restart gracefully without a human being having to be present [although I don't think we have issues with unexpected restarts anyway]). > > Is anyone doing anything like this with dovecot? http://dovecot.org/patches/2.2/mail-filter.tar.gz could be used as the base for this. From user+dovecot at localhost.localdomain.org Tue Oct 29 19:24:42 2013 From: user+dovecot at localhost.localdomain.org (Pascal Volk) Date: Tue, 29 Oct 2013 17:24:42 +0000 Subject: [Dovecot] Building the Antispam plugin fails In-Reply-To: References: Message-ID: <526FEF5A.3060902@localhost.localdomain.org> On 10/29/2013 03:48 PM Michael Neurohr wrote: > ? > I'm running Dovecot 2.2.5 on a CentOS 6.4 server from the ATRPMs > repository. ? > ? > configure: Use --with-dovecot=DIR to provide the path to the dovecot-config > file. > configure: error: dovecot-config not found ^^^^^^^^^^^^^^ > > So I downloaded the dovecot-devel package and run the configure command > again with the following command: > ./configure --with-dovecot=/usr/include/dovecot > but with the same result. > I made sure the the directory "/usr/include/dovecot" does contain the > Dovecot header files. Yeah, dovecot-devel-2.2.5-?.rpm installs some headers into /usr/include/dovecot. BUT: The error message says: error: dovecot-config not found The file dovecot-config is installed under /usr/lib/dovecot. So use: ./configure --with-dovecot=/usr/lib/dovecot HTH Pascal -- The trapper recommends today: defaced.1330218 at localdomain.org From mnewpipe at gmail.com Tue Oct 29 21:44:54 2013 From: mnewpipe at gmail.com (Michael Neurohr) Date: Tue, 29 Oct 2013 20:44:54 +0100 Subject: [Dovecot] Building the Antispam plugin fails In-Reply-To: <526FEF5A.3060902@localhost.localdomain.org> References: <526FEF5A.3060902@localhost.localdomain.org> Message-ID: <52701036.6020809@gmail.com> Aaahh! I didn't realize, that dovecot-config is a file... Thanks for your help! Now everything is working :-) Michael On 29.10.2013 18:24, Pascal Volk wrote: > On 10/29/2013 03:48 PM Michael Neurohr wrote: >> ? >> I'm running Dovecot 2.2.5 on a CentOS 6.4 server from the ATRPMs >> repository. ? >> ? >> configure: Use --with-dovecot=DIR to provide the path to the dovecot-config >> file. >> configure: error: dovecot-config not found > ^^^^^^^^^^^^^^ >> >> So I downloaded the dovecot-devel package and run the configure command >> again with the following command: >> ./configure --with-dovecot=/usr/include/dovecot >> but with the same result. >> I made sure the the directory "/usr/include/dovecot" does contain the >> Dovecot header files. > > Yeah, dovecot-devel-2.2.5-?.rpm installs some headers into > /usr/include/dovecot. > BUT: The error message says: > > error: dovecot-config not found > > The file dovecot-config is installed under /usr/lib/dovecot. > > So use: ./configure --with-dovecot=/usr/lib/dovecot > > > HTH > Pascal > From wolfgang.ganzert at web.de Tue Oct 29 23:00:41 2013 From: wolfgang.ganzert at web.de (Wolfgang Ganzert) Date: Tue, 29 Oct 2013 22:00:41 +0100 Subject: [Dovecot] Problem with dovecot-lda Message-ID: <3724579.uydpOJVK3I@athlon> Hello Ladies and Gentlemen, first of all I have to say that dovecot is really impressive. I seems to be a very goot IMAP server and has in general a good documentation. I'm a beginner regarding the administration so please excuse if my questions sound silly but I want to learn to administrate these sophisticated things. Now here's my configuration: Linux openSuSE 12.1 Postfix 2.8.8 Dovecot 2.0.16 Boundary condition: Postfix as smtp (Postfix is configured as relay server; mail is sent to smtp.web.de if mail is not locally distributed) Dovecot as IMAP server in my private network (192.168....) Situation: I want to store outgoing mail which is send by postfix also in a "SENT" folder in Dovecot. The SENT folder is available and created through the plugin "autocreate". The main.cf file from postfix contains the following mailbox command: mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" -m SENT If I send a simple mail from the shell with the following command echo "Hello me" | mail -s "Dovecot test 50, shell nach SENT" $USER the mail is send to my mailbox and stored in the folder "SENT" as unread. Problem: 1. I would expect to have to mails coming in; one in my "SENT" folder because this is copy of the mail and another one which is the incoming folder because the mail was sent to me. But, there is no mail in the incoming folder. 2. If I use a mail client like kmail2 the same thing happens. The mail is distributed to the SENT folder but there's no copy in the incoming folder. 3. If I send a mail to my adress at @web.de with the postfix configuration from above I do not receive the mail at web.de. 4. If I send a mail to my adress at @web.de with a postfix simplified mailbox command NOT containing the mailbox with "-m", then mail is send to web.de and there I receive it in the incoming box. This is the simplified command: mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" Summary: All examples from above show that I do not get a COPY of the outgoing mail in my "SENT" folder but it's the REAL mail. Can You please give me some advice what to do? Thank You! Wolfgang P.S.: In /var/log/mail and /var/log/dovecot.log I do not get any errors. From tom at whyscream.net Tue Oct 29 23:25:55 2013 From: tom at whyscream.net (Tom Hendrikx) Date: Tue, 29 Oct 2013 22:25:55 +0100 Subject: [Dovecot] Problem with dovecot-lda In-Reply-To: <3724579.uydpOJVK3I@athlon> References: <3724579.uydpOJVK3I@athlon> Message-ID: <527027E3.3000905@whyscream.net> On 29-10-13 22:00, Wolfgang Ganzert wrote: > Hello Ladies and Gentlemen, > > first of all I have to say that dovecot is really impressive. I seems to be a > very goot IMAP server and has in general a good documentation. > > I'm a beginner regarding the administration so please excuse if my questions > sound silly but I want to learn to administrate these sophisticated things. > > Now here's my configuration: > Linux openSuSE 12.1 > Postfix 2.8.8 > Dovecot 2.0.16 > > Boundary condition: > Postfix as smtp (Postfix is configured as relay server; mail is sent to > smtp.web.de if mail is not locally distributed) > Dovecot as IMAP server in my private network (192.168....) > > Situation: > I want to store outgoing mail which is send by postfix also in a "SENT" folder > in Dovecot. The SENT folder is available and created through the plugin > "autocreate". The main.cf file from postfix contains the following mailbox > command: > > mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" -m > SENT > > If I send a simple mail from the shell with the following command > > echo "Hello me" | mail -s "Dovecot test 50, shell nach SENT" $USER > > the mail is send to my mailbox and stored in the folder "SENT" as unread. > > Problem: > 1. > I would expect to have to mails coming in; one in my "SENT" folder because > this is copy of the mail and another one which is the incoming folder because > the mail was sent to me. But, there is no mail in the incoming folder. > 2. > If I use a mail client like kmail2 the same thing happens. The mail is > distributed to the SENT folder but there's no copy in the incoming folder. > 3. > If I send a mail to my adress at @web.de with the postfix configuration from > above I do not receive the mail at web.de. > 4. > If I send a mail to my adress at @web.de with a postfix simplified mailbox > command NOT containing the mailbox with "-m", then mail is send to web.de and > there I receive it in the incoming box. This is the simplified command: > mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" > > Summary: > All examples from above show that I do not get a COPY of the outgoing mail in > my "SENT" folder but it's the REAL mail. > You are correct ;) You need 2 copies of the e-mail: one that is delivered to the recipient (on- or offsite), and one copy needs to go in your sent folder. To fix it, you could bcc yourself and store the bcc in the sent folder. Postfix can do that using always_bcc / recipient_bcc_maps. You should generate that only for the non IMAP sent e-mails (no idea on how to detect that), and then send that copy to dovecot-lda. When you generate the bcc using recipient delimiter syntax (account+sent at domain.tld), sieve is easily configurable to deliver to your sent folder. So generally speaking, you have a Postfix problem to solve. The dovecot part is really easy :) Regards, Tom From me at junc.eu Wed Oct 30 00:30:25 2013 From: me at junc.eu (Benny Pedersen) Date: Tue, 29 Oct 2013 23:30:25 +0100 Subject: [Dovecot] Disable unsecure POP3 at all (Dovecot 2.1) In-Reply-To: <83421382956480@x4web1f.yandex.ru> References: <83421382956480@x4web1f.yandex.ru> Message-ID: <917678ca7f720d93a0d111300ebd198d@junc.eu> ?????? ??????? skrev den 2013-10-28 11:34: > Hi to all. > Is it possible to disable unsecure POP3 protocol at all in Dovecot 2.1? > There was "protocols" option in 1.x version, and there was separate > pop3 and pop3s modules. > There is no "pop3s" in configuration files in 2.1. sure, set inet_listner pop3 to port = 0 there is a pop3s if you add one more help show dovecot -n From andrzej.filip at gmail.com Wed Oct 30 01:43:18 2013 From: andrzej.filip at gmail.com (Andrzej A. Filip) Date: Wed, 30 Oct 2013 00:43:18 +0100 Subject: [Dovecot] separate mail_location for system and normal users In-Reply-To: References: <526AAD05.7030706@gmail.com> Message-ID: <52704816.4060800@gmail.com> On 10/28/2013 09:29 AM, Steffen Kaiser wrote: > On Fri, 25 Oct 2013, Andrzej A. Filip wrote: > >> How to configure dovecot to use different default mail_location for >> system (uid<1_000) and normal users (uid>=1_000)? > >> I want to to use by default >> * classic mailbox in standard location for system users >> * maildir in $HOME subdirectory for normal users > > That depends :-) > > If you have just one userdb, configure the default mail_location for > most users and return a mail extra field for the other ones. > > You use passwd? This probably will not work, see > http://wiki2.dovecot.org/UserDatabase/ExtraFields about the syntax > > You could probably copy the set of users, that requires extra fields, > from your /etc/passwd to somewhere else, adding the extra field. Then > configure the copy as userdb { driver passwd-file } _before_ the userdb > { passwd }. That way, the entries in the passwd-file override the ones > in /etc/passwd, because they are found first. I have used userdb/passwd fix for a system with a few "real user mailboxes". I wanted something better fit for larger systems. From mlively at yahoo.com Wed Oct 30 05:08:09 2013 From: mlively at yahoo.com (marcus lively) Date: Tue, 29 Oct 2013 20:08:09 -0700 (PDT) Subject: [Dovecot] IMAP Dovecot unknown namespace creating root folders Message-ID: <1383102489.41245.YahooMailNeo@web121605.mail.ne1.yahoo.com> Hi, I hope someone can point me in the right direction here. I am migrating a mailbox from a non cPanel server, and the mailboxes have folders which seem to be at the same level as the Inbox. The users access these mailboxes using IMAP. The new server configuration is Exim > Dovecot 1.2.17 > Maildir with the standard cPanel install settings. dovecot -n output below I have created the new mailbox within cPanel however when I try to create a 'top level' folder in Outlook I receive the error 'Cannot create the folder: Unknown namespace' (Note I also tried this with the windows mail client to ensure it was not client side) I know that I can get round this by setting the root folder path on the client to 'Inbox' and therefore the folders would be created as sub-folders of Inbox, and this would not be visible to the user, but I was hoping to migrate without touching the clients. Should dovecot report the default root folder path automatically, or create a default top level namespace for each user so this can be done, or could I have just gone wrong and missed something. Any advice on getting this working appreciated, thanks for any help Maspry # 1.2.17: /etc/dovecot.conf # OS: Linux 2.6.32-71.el6.x86_64 x86_64 CentOS release 6.4 (Final)? protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/dovecot/ssl/dovecot.crt ssl_key_file: /etc/dovecot/ssl/dovecot.key ssl_cipher_list: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_process_per_connection: no login_processes_count: 2 login_max_processes_count: 50 login_max_connections: 500 mail_max_userip_connections(default): 20 mail_max_userip_connections(imap): 20 mail_max_userip_connections(pop3): 3 maildir_copy_preserve_filename: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): acl quota imap_quota mail_plugins(imap): acl quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib64/dovecot/imap mail_plugin_dir(imap): /usr/lib64/dovecot/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): UID%u-%v pop3_logout_format(default): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_logout_format(imap): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_logout_format(pop3): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o namespace: ? type: private ? prefix: INBOX. ? inbox: yes ? list: yes ? subscriptions: yes lda: ? postmaster_address: postmaster at example.com auth default: ? mechanisms: plain login ? cache_size: 1024 ? username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$-=?^_{}~./@+% ? passdb: ? ? driver: checkpassword ? ? args: /usr/local/cpanel/bin/dovecot-auth ? userdb: ? ? driver: prefetch ? socket: ? ? type: listen ? ? client: ? ? ? path: /var/run/dovecot/auth-client ? ? ? mode: 438 plugin: ? quota: maildir ? quota_rule: Trash:ignore ? acl: vfile From me at electronico.nc Wed Oct 30 10:00:39 2013 From: me at electronico.nc (me at electronico.nc) Date: Wed, 30 Oct 2013 19:00:39 +1100 Subject: [Dovecot] dovecot-ldap : can't find user in OU subtree Message-ID: <5270BCA7.6070908@electronico.nc> Hi all, Well, I've compiled and installed dovecot 2.2.6 with following options: > ./configure --prefix=/usr/ --sysconfdir=/etc/ --with-mysql > --libexecdir=/usr/lib/ --localstatedir=/var > --with-moduledir=/usr/lib/dovecot/modules --disable-rpath > --disable-static --with-zlib --with-bzlib --with-solr --with-ldap > --with-gssapi --with-nss doveconf -n: > # 2.2.6: /etc/dovecot/dovecot.conf > # OS: Linux 3.8.0-32-generic x86_64 Ubuntu 12.04.3 LTS ext4 > auth_debug = yes > auth_mechanisms = plain login > auth_verbose = yes > first_valid_gid = 20001 > first_valid_uid = 20001 > log_timestamp = %Y-%m-%d %H:%M:%S > mail_debug = yes > mail_gid = 20001 > mail_home = /media/data/email/%n > mail_location = maildir:/media/data/email/%n/mail > mail_plugins = fts fts_solr acl zlib mail_log notify > mail_uid = 20001 > managesieve_notify_capability = mailto > managesieve_sieve_capability = comparator-i;octet > comparator-i;ascii-casemap fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex > imap4flags copy include variables body enotify environment mailbox > date spamtest spamtestplus virustest > namespace { > list = no > location = > maildir:/media/data/email/%%n/mail:INDEX=/media/data/email/%n/mail/shared/%%n > prefix = shared/%%n/ > separator = / > subscriptions = no > type = shared > } > namespace inbox { > inbox = yes > location = maildir:/media/data/email/%n/mail > mailbox Sent { > auto = subscribe > } > mailbox Spam { > auto = subscribe > } > mailbox SpamFalse { > auto = subscribe > } > mailbox SpamToLearn { > auto = subscribe > } > prefix = > separator = / > type = private > } > passdb { > args = /etc/dovecot/dovecot-ldap-passdb.conf.ext > driver = ldap > } > plugin { > acl = vfile > mail_log_events = delete undelete expunge copy mailbox_delete > mailbox_rename save mailbox_create > mail_log_fields = uid box msgid size > sieve = /media/data/email/%n/dovecot.sieve > sieve_after = /media/data/email/sieve/global.sieve > sieve_dir = /media/data/email/%n/sieve > zlib_save = bz2 > zlib_save_level = 9 > } > protocols = imap pop3 sieve lmtp > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-master { > group = vmail > mode = 0660 > user = vmail > } > unix_listener auth-userdb { > group = vmail > mode = 0640 > user = vmail > } > } > service imap-login { > inet_listener imap { > address = * > port = 143 > } > inet_listener imaps { > address = * > port = 993 > ssl = yes > } > process_limit = 256 > } > service lmtp { > inet_listener lmtp { > address = * > port = 24 > } > user = vmail > } > service managesieve-login { > inet_listener sieve { > address = * > port = 4190 > } > process_limit = 256 > vsz_limit = 64 M > } > service pop3-login { > inet_listener pop3 { > address = * > port = 110 > } > inet_listener pop3s { > address = * > port = 995 > ssl = yes > } > } > ssl = required > ssl_ca = ssl_cert = ssl_key = ssl_verify_client_cert = yes > userdb { > args = /etc/dovecot/dovecot-ldap-userdb.conf.ext > driver = ldap > } > protocol imap { > imap_client_workarounds = delay-newmail > imap_max_line_length = 64 k > mail_max_userip_connections = 20 > mail_plugins = acl imap_acl mail_log notify zlib > } > protocol pop3 { > mail_plugins = zlib mail_log notify > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_uidl_format = %08Xu%08Xv > } > protocol sieve { > managesieve_logout_format = bytes ( in=%i : out=%o ) > } > protocol lda { > info_log_path = > log_path = > mail_plugins = sieve zlib mail_log notify > quota_full_tempfail = yes > syslog_facility = mail > } > protocol lmtp { > info_log_path = > log_path = > mail_plugins = sieve fts zlib mail_log notify > quota_full_tempfail = yes > } /etc/dovecot/dovecot-ldap-passdb.conf.ext: > hosts = localhost > auth_bind = yes > auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan > ldap_version = 3 > base = ou=users,dc=domain,dc=lan > scope = subtree > pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) /etc/dovecot/dovecot-ldap-userdb.conf.ext: > hosts = localhost > dn = cn=ldap,cn=Users,DC=domain,DC=lan > dnpass = My_secret_pass > ldap_version = 3 > base = OU=users,DC=domain,DC=lan > scope = subtree > user_attrs = uid=20001, gid=20001, home=/media/data/email/%n, > mail=/media/data/email/%n/mail > user_filter = (&(objectClass=person)(cn=%n)(mail=*)) > iterate_attrs = cn=user > iterate_filter = (objectClass=person) All seems to work as expected up-to-now, but : If I move a user from OU 'users' to a sub-OU 'administrative' on Active Directory : -> The user can't login anymore to Dovecot I have added the "scope = subtree" to the userdb and passdb files but it doesn't change anything. Here is the debug part when user test3 (located in ou=users, ou=administrative) tries to login: > Oct 30 18:49:12 serveur dovecot: auth: Debug: auth client connected > (pid=4292) > Oct 30 18:49:12 serveur dovecot: auth: Debug: client in: > AUTH#0111#011PLAIN#011service=imap#011secured#011session=L6uskfDpKwAKChTQ#011lip=10.10.20.1#011rip=10.10.20.208#011lport=993#011rport=54827 > Oct 30 18:49:12 serveur dovecot: auth: Debug: client passdb out: > CONT#0111#011 > Oct 30 18:49:12 serveur dovecot: auth: Debug: client in: CONT > Oct 30 18:49:12 serveur dovecot: auth: > ldap(test3,10.10.20.208,): invalid credentials > Oct 30 18:49:14 serveur dovecot: auth: Debug: client passdb out: > FAIL#0111#011user=test3 As soon as I move user 'test3' back to ou=users, it can login ... > Oct 30 18:53:57 serveur dovecot: auth: Debug: Loading modules from > directory: /usr/lib/dovecot/modules/auth > Oct 30 18:53:57 serveur dovecot: auth: Debug: Read auth token secret > from /var/run/dovecot/auth-token-secret.dat > Oct 30 18:53:57 serveur dovecot: auth: Debug: auth client connected > (pid=4303) > Oct 30 18:53:57 serveur dovecot: auth: Debug: client in: > AUTH#0111#011PLAIN#011service=imap#011secured#011session=h+ypovDpUAAKChTQ#011lip=10.10.20.1#011rip=10.10.20.208#011lport=993#011rport=54864 > Oct 30 18:53:57 serveur dovecot: auth: Debug: client passdb out: > CONT#0111#011 > Oct 30 18:53:57 serveur dovecot: auth: Debug: client in: CONT > Oct 30 18:53:57 serveur dovecot: auth: Debug: client passdb out: > OK#0111#011user=test3 Thanks in advance for your time and lights. Nicolas From skdovecot at smail.inf.fh-brs.de Wed Oct 30 10:32:10 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 30 Oct 2013 09:32:10 +0100 (CET) Subject: [Dovecot] dovecot-ldap : can't find user in OU subtree In-Reply-To: <5270BCA7.6070908@electronico.nc> References: <5270BCA7.6070908@electronico.nc> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 30 Oct 2013, me at electronico.nc wrote: >> passdb { >> args = /etc/dovecot/dovecot-ldap-passdb.conf.ext >> driver = ldap >> } > > /etc/dovecot/dovecot-ldap-passdb.conf.ext: >> hosts = localhost >> auth_bind = yes >> auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan >> ldap_version = 3 >> base = ou=users,dc=domain,dc=lan >> scope = subtree >> pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) >> user_attrs = uid=20001, gid=20001, home=/media/data/email/%n, mail=/media/data/email/%n/mail >> user_filter = (&(objectClass=person)(cn=%n)(mail=*)) pass_filter and user_filter differ in %u vs. %n. > Here is the debug part when user test3 (located in ou=users, > ou=administrative) tries to login: The auth_bind_userdn does not match the ou=administrative location. Drop the auth_bind_userdn, IMHO, so Dovecot actually uses pass_filter to search for the DN of the user. >> Oct 30 18:49:12 serveur dovecot: auth: >> ldap(test3,10.10.20.208,): invalid credentials >> Oct 30 18:49:14 serveur dovecot: auth: Debug: client passdb out: >> FAIL#0111#011user=test3 > As soon as I move user 'test3' back to ou=users, it can login ... >> Oct 30 18:53:57 serveur dovecot: auth: Debug: client passdb out: >> OK#0111#011user=test3 - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUnDECl3r2wJMiz2NAQLEJQgAp/fECmujABG7xDI4nSkyn7ZcDp5xOqLm qa+t2O+DPmEqC9EI+MIBaM8XOzKBG7iAVHpVtJJ06WA/Sn0aupyWxq6mAFEIYTtM 2byKy4eSWexZU3XbhvggqMVaRJTBGHV31f2d05ZXjLzFeU4nzczN7xZ4DKVRqzhz ii72NyMDf1bUhEx+1O7irMLnitOtpBlxsI5Xws6qrc1T4xlv0jjEkaqXEQAnPLWH 9F4x+t1mKks+UcMMl6wOUQ/Siozg4GBVjnyNd8F7bLVRznntkhxzOY0apCC8Df9+ kC2OhOF9ItHXKR2QI9w/emdqeKjbGQHEdrqC3Von2T/ntUA3yYHrCw== =mGae -----END PGP SIGNATURE----- From skdovecot at smail.inf.fh-brs.de Wed Oct 30 10:37:56 2013 From: skdovecot at smail.inf.fh-brs.de (Steffen Kaiser) Date: Wed, 30 Oct 2013 09:37:56 +0100 (CET) Subject: [Dovecot] separate mail_location for system and normal users In-Reply-To: <52704816.4060800@gmail.com> References: <526AAD05.7030706@gmail.com> <52704816.4060800@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 30 Oct 2013, Andrzej A. Filip wrote: > On 10/28/2013 09:29 AM, Steffen Kaiser wrote: >> On Fri, 25 Oct 2013, Andrzej A. Filip wrote: >> >>> How to configure dovecot to use different default mail_location for >>> system (uid<1_000) and normal users (uid>=1_000)? >> >>> I want to to use by default >>> * classic mailbox in standard location for system users >>> * maildir in $HOME subdirectory for normal users >> >> That depends :-) >> >> If you have just one userdb, configure the default mail_location for >> most users and return a mail extra field for the other ones. >> >> You use passwd? This probably will not work, see >> http://wiki2.dovecot.org/UserDatabase/ExtraFields about the syntax >> >> You could probably copy the set of users, that requires extra fields, >> from your /etc/passwd to somewhere else, adding the extra field. Then >> configure the copy as userdb { driver passwd-file } _before_ the userdb >> { passwd }. That way, the entries in the passwd-file override the ones >> in /etc/passwd, because they are found first. > > I have used userdb/passwd fix for a system with a few "real user > mailboxes". I wanted something better fit for larger systems. Hmm? You need to return a different mail field for one set of users. /etc/passwd cannot do this. So you need some other userdb for the set of users, for whom you want to override the default mail_location, be it passwd-file, SQL, LDAP, ... . You wrote "normal users (uid>=1_000)", so they are system users in /etc/passwd as well, I assumed. If those system already use another user database, try using it and extend it with the Dovecot settings. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUnDFZF3r2wJMiz2NAQLjjAf9EvyLhylwZbyVuFyl59PVEdgrLdXo/9Y/ KrQhoV9c3stxJPjyz2RG1C7AL4it66NTFbKBtilV/qOILcfBtmF4pA+quMsAmQzW ezu/yhFJyTfyqjgomrPbaBieORCY77ya1gL4OLhhhkPy4spFW4sUZWlOebRL7+sj eHfjSHzmVVj/zA7hQNh8fsv/kx7JMqfHATkfPcMFF3lebM0SYr+N4Sc17TUDoEqG BhHnUlDYnx08TELuAtdMipBckaFeUd2GTIH3tlSvKq9IkygnvjKDUhuz/+Bfpp6k /Left6uzuWErcp+PaQaIgvUqJt9I2rfKzHNbVJXk8qS7TQ42Tvmztg== =9ZZj -----END PGP SIGNATURE----- From doug at impalanetworks.com Wed Oct 30 12:09:26 2013 From: doug at impalanetworks.com (Douglas Mortensen) Date: Wed, 30 Oct 2013 04:09:26 -0600 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: So I suppose you're not a fan of the email hosting systems on the planet that bundle many services onto 1 box. Thanks for the feedback. - Doug Mortensen Network Consultant Impala Networks P: 505.327.7300 -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Alan Brown Sent: Tuesday, October 29, 2013 10:05 AM To: dovecot Subject: [Dovecot] Encryption solution for messages at rest > Date: Tue, 29 Oct 2013 08:54:04 +0100 > From: Robert Schetterer > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Encryption solution for messages at rest > Message-ID: <526F699C.9080402 at sys4.de> > Content-Type: text/plain; charset=ISO-8859-1 > > > you shouldnt host mail/imap services on the same servers with massive > http hosting, You shouldn't host anything else on a webserver FULLSTOP. Webservers are best treated as "disposable" and should be heavily sandboxed. Any resources they can use should be vetted and ideally set as "read only" Inbound external access should be firewalled down to the webserver ports and OUTBOUND traffic should be firewalled too (If it has no business initiating external connections then block all SYNs), in order to stop it becoming a DDoS zombie. It's foolish (at best) to have mail servers running on a webserver, because if it's compromised it can immediately be used as a spam engine without much further effort. At least if it has to hand mail off to another mailserver you have a chance to run outbound filtering on the emitted mail without worrying about that being compromised too. From dalevizo at otenet.gr Wed Oct 30 12:42:54 2013 From: dalevizo at otenet.gr (Dimos Alevizos) Date: Wed, 30 Oct 2013 12:42:54 +0200 Subject: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' In-Reply-To: <625F4988-B777-4DB0-84FF-E5ED6A5EFD14@iki.fi> References: <51C1AB7B.9030404@otenet.gr> <4EAAD8C1-A99F-4D66-9FB6-32E634E4A8A5@iki.fi> <20130624104131.GB9999@otenet.gr> <51CA967E.1000701@otenet.gr> <625F4988-B777-4DB0-84FF-E5ED6A5EFD14@iki.fi> Message-ID: <5270E2AE.6020900@otenet.gr> I'm afraid it doesn't seem to be working. I've compiled a patched 2.2.6 dovecot with the patch you sent and installed it in a production server (had to be 2.2.6 cause we've upgraded all the rest since I begun this thread months ago) and although we still have mbox corruptions (rarely as before) the server isn't crashing : Oct 30 11:15:19 pop04 dovecot: pop3-login: Login: user=, method=PLAIN, rip=85.72.232.35, lip=83.235.66.43, mpid=24419, secured, session=<+0ywxfHpIQBVSOgj> Oct 30 11:15:20 pop04 dovecot: pop3(artower at otenet.gr): Disconnected: Logged out top=0/0, retr=0/0, del=0/1336, size=471029518 Oct 30 11:19:12 pop04 dovecot: lmtp(2863, artower at otenet.gr): r7U3KnyhcFIvCwAAckDtvw: msgid=: size=17823 saved mail to INBOX Oct 30 11:33:12 pop04 dovecot: pop3-login: Login: user=, method=PLAIN, rip=85.72.224.94, lip=83.235.66.43, mpid=600, secured, session= Oct 30 11:33:12 pop04 dovecot: pop3(artower at otenet.gr): Error: Syncing INBOX failed: Mailbox isn't a valid mbox file Oct 30 11:33:12 pop04 dovecot: pop3(artower at otenet.gr): Error: Couldn't init INBOX: Mailbox isn't a valid mbox file Oct 30 11:33:12 pop04 dovecot: pop3(artower at otenet.gr): Mailbox init failed top=0/0, retr=0/0, del=0/0, size=0 Oct 30 11:33:33 pop04 dovecot: lmtp(16314, artower at otenet.gr): Au4vIMqucFK6PwAAckDtvw: msgid=<004401ced552$bb5ecd70$321c6850$@planet.nl>: size=7975817 save failed to INBOX: Mailbox isn't a valid mbox file Perhaps the patch is only valid for 2.1.16 and needs to be modified for 2.2.6 ? Thank you for your time Dimos Alevizos -------- Original Message -------- Subject: Re: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' From: Timo Sirainen To: Dimos Alevizos CC: dovecot at dovecot.org, Dimitris Paouris Date: 26/06/2013 06:59 ?? > It crashes one specific IMAP/POP3 session, so others are unaffected. The potential problems: > > * It might cause the user's mbox to become crashing constantly. so first crash -> client reconnects -> client attempts the same operation -> crash again. Then again, this might not happen, it depends. > > * The mbox file would probably become slightly more corrupted than normally, because it doesn't finish moving data around. No data should get actually lost, but some parts could become duplicated (e.g. some headers or even mails, possibly causing UID renumbering = redownloading). > > So not ideal in production, but shouldn't be too bad either, especially if you just wait for the first crash and then immediately switch to the old unpatched version. > > On 26.6.2013, at 10.21, Dimos Alevizos wrote: > >> Hi, >> >> I haven't had the time to compile it yet, but a question just occurred. >> Given that it's so rare and we can't reproduce it on a dev server, how safe is this to use on a production server ? >> When you say "crash" you mean the whole dovecot server or that specific client's child ? >> >> D. >> >> -------- Original Message -------- >> Subject: Re: [Dovecot] Mbox corruption - Inbox beginning with 'FFrom' or 'FrFrom' >> From: dalevizo >> To: Timo Sirainen >> CC: dovecot at dovecot.org, Dimitris Paouris >> Date: 24/06/2013 01:41 ?? >> >>> Thanx I'll try the patch as soon as possible and I'll let you know. >>> It is indeed very rare. We're only seeing 4-5 corruptions in about 13 >>> million logins per day. >>> I've been trying to convince our design team that we should move to >>> maildir, but the truth is that it's quite a change, and we're way too >>> busy to deal with everything else AND a migration from mbox to maildir. >>> >>> D. >>> >>> On Mon 24/06/2013 13:16, Timo Sirainen wrote: >>>> On 19.6.2013, at 16.00, Dimos Alevizos wrote: >>>> >>>>> we're having some problems with our dovecot setup. >>>>> I've seen similar problems in the mailing list some years ago but alas wasn't able to find a solution. >>>>> >>>>> Our setup is as follows : >>>>> An MX farm (postfix) sends mails via LMTP to a director farm (dovecot 2.1.12) which proxies pop3/imap/lmtp traffic to a dovecot farm (dovecot 2.1.16). >>>>> All mailboxes and indexes are on NFS and all servers are Centos. >>>>> >>>>> The problem is that at times we see mailboxes (all of them are in mbox format) beginning with FFrom or FrFrom and of course dovecot says it's not a valid mbox file. >>>> >>>> This is quite an old bug, but it happens rarely enough that I haven't been able to reproduce and fix it. Actually people hadn't complained about it for a long time now, so I had assumed it had somehow gotten fixed already. >>>> >>>> With the attached debug patch it should crash instead of (completely) corrupting the mbox file. Debugging the resulting core file with gdb could be useful in figuring this out. >>>> >>>> Although I wouldn't recommend mbox format for any big installation anyway.. >>>> >>> >>> >>>> >>>> >>> >> > From lists at wildgooses.com Wed Oct 30 12:46:41 2013 From: lists at wildgooses.com (Ed W) Date: Wed, 30 Oct 2013 10:46:41 +0000 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: Message-ID: <5270E391.7030003@wildgooses.com> I think your problem can be more generically restated as: - Untrusted users have access to the mailstore, eg employees who maintain the server, attackers who break into the system as untrusted user accounts - There is some trusted process to get access to decryption keys and largely this process is secure (obviously except attacks which succeed to escalate to root, or if employees typically get root access) - How to extend this secure key access process to dovecot So Exchange offers this feature where you can encrypt the mail and grant specific users access to decrypt subsets of the mail. This means that employees managing the mail server may not have access to decrypt the messages for their boss, etc (without at least using trickery to bypass and escalate their privileges - of course this is always possible, especially with physical access, but it reduces the attack surface) Off the top of my head it seems like any attempts to do this using block disk encryption layers substantially boil down to equivalent to standard file permissions. eg adding ecryptfs on the mail store means you need to prevent access to the mounted decrypted files, which given the mail store is a long running process, is largely equivalent to just using file permissions, MAC, grsec, etc to protect the dir? Timo's suggestion to incorporate in Dovecot opens up possible solutions. ie now files can be decrypted *as* they are required by the mail server. decryption key can probably be stored in userdb without loss of privacy (since if you can get the password for the account you can just pickup the emails via imap?). Bonus marks if you design some encrypted key store, but is seems challenging to add value here, possibly against more specific attacks, eg you don't want your database DBA to be able to get access to the decryption keys, hence a separate (simple) database just for decryption keys moves the problem sideways. Using Timo's filter this all seems very do-able, but performance will obviously be impacted. Modern processers are very fast at certain types of encryption opts though..? I'm interested to see what you produce. Seems interesting, but as many have already commented, it really only defends against a limited attack surface and not at all if the dovecot process or root/dovecot user is compromised. I think corporates would quite like this feature though Ed W On 28/10/2013 19:14, Douglas Mortensen wrote: > Currently our dovecot servers are on our webhosting linux boxes. We are using the LAMP stack to host websites, and also doing email with postfix & dovecot on these systems. We provide this as a hosting setup for 100+ accounts/websites on a single server (a multi-tenant setup). Each customer has anywhere between 1-100 email accounts which Dovecot services. > > If a customer has vulnerable PHP code on a website, some of these will allow a remote file upload. I have seen cases where they upload a PHP script that is a sort of web-based console/shell to the server (file-system, etc.). It provides several tools which all run through the uploaded PHP script to try to brute force and do other attacks. I've seen attempts at a root exploit. We've never had a root exploit and any such case of a customer's site being hacked has been easily contained by simple filesystem permissions being correct (and the fact that we have apache setup to run all scripts as the user who is the owner of the script files, which confines the script to that users' permissions). Still nobody loves the idea of bad guys trying to hack on your box. > > So.... given that type of scenario, if filesystem permissions weren't correct, or some new exploit surfaced that allowed someone bypass or elevate to root, then they could theoretically have access to the entire fileystem including where emails are stored. > > I hope to never have this sort of thing happen. We patch our systems regularly and have other security measures we follow to prevent this. We also are managing most of the PHP scripts customers use ourselves now and are updating those for the CMS' and other systems proactively. > > However, it would be nice to know that even if we were breached, the emails on the server were encrypted and would be completely useless to an attacker. > > This type of encryption is ideal and some regulations prefer (although don't require) it. > - > Doug Mortensen > Network Consultant > Impala Networks > P: 505.327.7300 > > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Michael Orlitzky > Sent: Monday, October 28, 2013 11:52 AM > To: dovecot > Subject: Re: [Dovecot] Encryption solution for messages at rest > > On 10/28/2013 12:02 PM, Douglas Mortensen wrote: >> Hi, >> >> We have clients with various security & compliance requirements. >> Although not required, it would be ideal to have messages encrypted at >> rest. > You can rule out a lot of the crazier options by answering the questions, > > (a) What attack scenario do you have in mind? > > (b) How will encryption help? > From itgeek31 at googlemail.com Wed Oct 30 13:01:07 2013 From: itgeek31 at googlemail.com (IT geek 31) Date: Wed, 30 Oct 2013 12:01:07 +0100 Subject: [Dovecot] Replication on v2.2.6 - I'm stuck (again) Message-ID: Hi, I'm trying to get Dovecot replication working between two servers. I didn't have much luck on v2.1.3, so after receiving advice from the list I have upgraded to v2.2.6. I now get the error: Oct 30 11:50:16 server1 dovecot: doveadm(mark): Error: user mark: Auth PASS lookup failed Oct 30 11:50:16 server2 dovecot: doveadm(mark): Error: sync: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) Here is my config: # 2.2.6: /usr/pkg/etc/dovecot/dovecot.conf # OS: NetBSD 5.2 cobalt auth_mechanisms = plain login doveadm_password = mylittlesecret doveadm_port = 12345 dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u listen = 192.168.1.1 login_greeting = Go on then, let's have it... mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_plugins = " notify replication" passdb { driver = passwd } plugin { mail_replica = remote:vmail at server2.mydomain.com replication_full_sync_interval = 1 hours } protocols = imap service aggregator { fifo_listener replication-notify-fifo { mode = 0600 user = vmail } unix_listener replication-notify { mode = 0600 user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } service doveadm { inet_listener { port = 12345 } } service imap-login { inet_listener imap { port = 0 } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl_cert = References: <526EBFB5.4000009@orlitzky.com> Message-ID: <9ffa7973ef455eb7f769a9c24c06057b@junc.eu> Michael Orlitzky skrev den 2013-10-28 20:49: > php_admin_value open_basedir /var/www/$domain/$host/ > php_admin_value upload_tmp_dir /var/www/$domain/$host/tmp > php_admin_value session.save_path /var/www/$domain/$host/tmp > php_admin_value sys_temp_dir /var/www/$domain/$host/tmp so dont create tmp upload dirs in webroot, this is classic way of showing no care From mlively at yahoo.com Wed Oct 30 15:17:04 2013 From: mlively at yahoo.com (Marcus Lively) Date: Wed, 30 Oct 2013 13:17:04 -0000 Subject: [Dovecot] IMAP Dovecot unknown namespace creating root folders In-Reply-To: <1383102489.41245.YahooMailNeo@web121605.mail.ne1.yahoo.com> References: <1383102489.41245.YahooMailNeo@web121605.mail.ne1.yahoo.com> Message-ID: <189a01ced572$5487ff70$fd97fe50$@com> Hi all, I believe I have worked this out, there is an entry in dovecot.conf for the private namespace which sets the prefix required to access the namespace as follows prefix = INBOX. I commented this out and restarted dovecot. I know that I need to make this change in the template for dovecot as the direct edit of dovecot.conf will be overwritten when dovecot is updated. I am also checking if there are any implications in doing this, If anyone knows any please drop me a reply. Many thanks Marcus > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] > On Behalf Of marcus lively > Sent: 30 October 2013 03:08 > To: dovecot at dovecot.org > Subject: [Dovecot] IMAP Dovecot unknown namespace creating root folders > > Hi, I hope someone can point me in the right direction here. I am > migrating a mailbox from a non cPanel server, and the mailboxes have > folders which seem to be at the same level as the Inbox. The users > access these mailboxes using IMAP. > > The new server configuration is Exim > Dovecot 1.2.17 > Maildir with > the standard cPanel install settings. dovecot -n output below > > I have created the new mailbox within cPanel however when I try to > create a 'top level' folder in Outlook I receive the error 'Cannot > create the folder: Unknown namespace' (Note I also tried this with the > windows mail client to ensure it was not client side) > > I know that I can get round this by setting the root folder path on the > client to 'Inbox' and therefore the folders would be created as sub- > folders of Inbox, and this would not be visible to the user, but I was > hoping to migrate without touching the clients. > > Should dovecot report the default root folder path automatically, or > create a default top level namespace for each user so this can be done, > or could I have just gone wrong and missed something. > > Any advice on getting this working appreciated, thanks for any help > > Maspry > > # 1.2.17: /etc/dovecot.conf > # OS: Linux 2.6.32-71.el6.x86_64 x86_64 CentOS release 6.4 (Final) > protocols: imap imaps pop3 pop3s > ssl_cert_file: /etc/dovecot/ssl/dovecot.crt > ssl_key_file: /etc/dovecot/ssl/dovecot.key > ssl_cipher_list: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable(default): /usr/libexec/dovecot/imap-login > login_executable(imap): /usr/libexec/dovecot/imap-login > login_executable(pop3): /usr/libexec/dovecot/pop3-login > login_process_per_connection: no > login_processes_count: 2 > login_max_processes_count: 50 > login_max_connections: 500 > mail_max_userip_connections(default): 20 > mail_max_userip_connections(imap): 20 > mail_max_userip_connections(pop3): 3 > maildir_copy_preserve_filename: yes > mail_executable(default): /usr/libexec/dovecot/imap > mail_executable(imap): /usr/libexec/dovecot/imap > mail_executable(pop3): /usr/libexec/dovecot/pop3 > mail_plugins(default): acl quota imap_quota > mail_plugins(imap): acl quota imap_quota > mail_plugins(pop3): quota > mail_plugin_dir(default): /usr/lib64/dovecot/imap > mail_plugin_dir(imap): /usr/lib64/dovecot/imap > mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 > pop3_uidl_format(default): %08Xu%08Xv > pop3_uidl_format(imap): %08Xu%08Xv > pop3_uidl_format(pop3): UID%u-%v > pop3_logout_format(default): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s > pop3_logout_format(imap): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s > pop3_logout_format(pop3): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, > bytes=%i/%o > namespace: > ? type: private > ? prefix: INBOX. > ? inbox: yes > ? list: yes > ? subscriptions: yes > lda: > ? postmaster_address: postmaster at example.com auth default: > ? mechanisms: plain login > ? cache_size: 1024 > ? username_chars: > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$- > =?^_{}~./@+% > ? passdb: > ? ? driver: checkpassword > ? ? args: /usr/local/cpanel/bin/dovecot-auth > ? userdb: > ? ? driver: prefetch > ? socket: > ? ? type: listen > ? ? client: > ? ? ? path: /var/run/dovecot/auth-client > ? ? ? mode: 438 > plugin: > ? quota: maildir > ? quota_rule: Trash:ignore > ? acl: vfile From mnewpipe at gmail.com Wed Oct 30 16:11:20 2013 From: mnewpipe at gmail.com (Michael Neurohr) Date: Wed, 30 Oct 2013 15:11:20 +0100 Subject: [Dovecot] Right values for Antispam plugin Message-ID: Hi! I'm currently configuring the Dovecot Antispam plugin for the use with Dspam. In general it works, but I'm not sure about one special config parameter: antispam_dspam_args At the moment I set it to: antispam_dspam_args = --source=error;--signature=%%s;--user;%u Is that the appropriate value for retraining? I'm not sure if "%%s" is correct to get the signature value. I was not able to find any documentation that describes that value. So I just want to know if my plugin config is correct for retraining. plugin { antispam_backend = dspam antispam_spam = Spam antispam_trash = trash;Trash;Deleted Items;Deleted Messages antispam_signature = X-DSPAM-Signature antispam_signature_missing = move antispam_dspam_binary = /usr/bin/dspam antispam_dspam_args = --source=error;--signature=%%s;--user;%u } Thanks, Michael From michael at orlitzky.com Wed Oct 30 16:54:52 2013 From: michael at orlitzky.com (Michael Orlitzky) Date: Wed, 30 Oct 2013 10:54:52 -0400 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: <9ffa7973ef455eb7f769a9c24c06057b@junc.eu> References: <526EBFB5.4000009@orlitzky.com> <9ffa7973ef455eb7f769a9c24c06057b@junc.eu> Message-ID: <52711DBC.1020502@orlitzky.com> On 10/30/2013 09:01 AM, Benny Pedersen wrote: > Michael Orlitzky skrev den 2013-10-28 20:49: > >> php_admin_value open_basedir /var/www/$domain/$host/ >> php_admin_value upload_tmp_dir /var/www/$domain/$host/tmp >> php_admin_value session.save_path /var/www/$domain/$host/tmp >> php_admin_value sys_temp_dir /var/www/$domain/$host/tmp > > so dont create tmp upload dirs in webroot, this is classic way of > showing no care > DocumentRoot is /var/www/$domain/$host/public. From miquels at cistron.nl Wed Oct 30 17:03:51 2013 From: miquels at cistron.nl (Miquel van Smoorenburg) Date: Wed, 30 Oct 2013 16:03:51 +0100 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: References: " " <526EB9A8.1030108@thelounge.net> Message-ID: <52711FD7.8000804@cistron.nl> On 28/10/13 23:22, Frerich Raabe wrote: > On 2013-10-28 20:23, Reindl Harald wrote: >> Am 28.10.2013 20:14, schrieb Douglas Mortensen: >>> However, it would be nice to know that even if we were breached, the >>> emails on the server were encrypted and would be completely useless >>> to an attacker. >>> This type of encryption is ideal and some regulations prefer >>> (although don't require) it >> >> impossible and useless >> if someone comes that far he can also read whatever configuration >> containing the keys > > In principle, this can be addressed by employing asymmetric key encryption. > > You could imagine a system which requires users to generate a key pair > and then submit their public key. The mail system will encrypt all mail > received for a user with that users public key. When accessing the mail, > the user configures his user agent to use the private key to decrypt the > mail. > > In practice, it's probably not that easy: > > 1. I suppose you'd have to be careful to not break features like > server-side searching though. If you only store encrypted mail, the only > moment where the system sees the plain mail is when it's received. So > you'd probably need to index it at that point and then use that index > for subsequent queries. Once the mail is written to disk, the server > never sees the real data anymore. > > 2. Different mail storage formats probably work differently well. mbox > is right out, with Maildir it might not be acceptable to encode the raw > mail file - I don't know whether Dovecot uses any actual contents of > files with Maildir (as opposed to the Dovecot-specific indices and the > file name). If it does, then you should maybe just encrypt just the body > but no headers or similiar. > > There's surely more to consider, but I think this is anything but > "impossible and useless". Accessing sensitive data which is stored on an > untrusted system is an old and solved problem, I wouldn't be surprised > if you just have to consider implementation details in the case of a > mail server. Well you can generate the public and private key on the server, then set the users password as the keyphrase, and leave it stored on the server. Incoming mail would be automatically encrypted with the public key, then stored. When the user logs in to imap/pop the password is not only used for authentication, but also to unlock the private key. Dovecot can then decrypt the messages on the fly. Basically this is how Lavamail worked. It is reasonably secure, but doesn't help against a hostile root user on the server that hacks dovecot to just log the password when a user logs in. Or someone who has acquired your SSL keys and taps your internet connection. Mike. From raabe at froglogic.com Wed Oct 30 17:11:12 2013 From: raabe at froglogic.com (Frerich Raabe) Date: Wed, 30 Oct 2013 16:11:12 +0100 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: <52711FD7.8000804@cistron.nl> References: "\"\\\" \\\" " " <526EB9A8.1030108@thelounge.net> <52711FD7.8000804@cistron.nl> Message-ID: On 2013-10-30 16:03, Miquel van Smoorenburg wrote: > On 28/10/13 23:22, Frerich Raabe wrote: >> You could imagine a system which requires users to generate a key >> pair >> and then submit their public key. The mail system will encrypt all >> mail >> received for a user with that users public key. When accessing the >> mail, >> the user configures his user agent to use the private key to decrypt >> the >> mail. [..] > Well you can generate the public and private key on the server, then > set the users password as the keyphrase, and leave it stored on the > server. > > Incoming mail would be automatically encrypted with the public key, > then stored. > > When the user logs in to imap/pop the password is not only used for > authentication, but also to unlock the private key. Dovecot can then > decrypt the messages on the fly. > > Basically this is how Lavamail worked. It is reasonably secure, but > doesn't help against a hostile root user on the server that hacks > dovecot to just log the password when a user logs in. Or someone who > has acquired your SSL keys and taps your internet connection. The whole idea of using asymmetric encryption was that the server *does not* have the private key. It only has the public key, so it can store incoming mail encrypted using the users public key (which requires no password). Dovecot would then just serve the encrypted mail, all encryption would happen on the client side using the private key which only the client has. In the case of Maildir, I suspect (but I don't know) that Dovecot doesn't treat the individual files as plain data: it does look into them when serving (not only when indexing) to parse some headers or so. So I guess you cannot just encrypt the raw file on disk but you rather have to "rewrite" the mail so that only the body is encrypted but the headers are left untouched. This means that a hostile root user could see the headers, but at least not the body of the message. -- Frerich Raabe - raabe at froglogic.com www.froglogic.com - Multi-Platform GUI Testing From h.reindl at thelounge.net Wed Oct 30 17:11:28 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Wed, 30 Oct 2013 16:11:28 +0100 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: <52711DBC.1020502@orlitzky.com> References: <526EBFB5.4000009@orlitzky.com> <9ffa7973ef455eb7f769a9c24c06057b@junc.eu> <52711DBC.1020502@orlitzky.com> Message-ID: <527121A0.6000701@thelounge.net> Am 30.10.2013 15:54, schrieb Michael Orlitzky: > On 10/30/2013 09:01 AM, Benny Pedersen wrote: >> Michael Orlitzky skrev den 2013-10-28 20:49: >> >>> php_admin_value open_basedir /var/www/$domain/$host/ >>> php_admin_value upload_tmp_dir /var/www/$domain/$host/tmp >>> php_admin_value session.save_path /var/www/$domain/$host/tmp >>> php_admin_value sys_temp_dir /var/www/$domain/$host/tmp >> >> so dont create tmp upload dirs in webroot, this is classic way of >> showing no care > > DocumentRoot is /var/www/$domain/$host/public and so open_basedir should be the same and *not* include "upload_tmp_dir" and "session.save_path", otherwise this all is nonsense from security point of view and to come back to topic: do *not* install a public webserver on your mailserver - period -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From rick at havokmon.com Wed Oct 30 17:19:32 2013 From: rick at havokmon.com (Rick Romero) Date: Wed, 30 Oct 2013 10:19:32 -0500 Subject: [Dovecot] Encryption solution for messages at rest In-Reply-To: <52711FD7.8000804@cistron.nl> References: <52711FD7.8000804@cistron.nl> Message-ID: <20131030101932.Horde.W7zhda1uA4XSblKc5dkuZQ1@beta.vfemail.net> Quoting Miquel van Smoorenburg : > On 28/10/13 23:22, Frerich Raabe wrote: >> On 2013-10-28 20:23, Reindl Harald wrote: >>> Am 28.10.2013 20:14, schrieb Douglas Mortensen: >>>> However, it would be nice to know that even if we were breached, the >>>> emails on the server were encrypted and would be completely useless >>>> to an attacker. >>>> This type of encryption is ideal and some regulations prefer >>>> (although don't require) it >>> >>> impossible and useless >>> if someone comes that far he can also read whatever configuration >>> containing the keys >> >> In principle, this can be addressed by employing asymmetric key >> encryption. >> >> You could imagine a system which requires users to generate a key pair >> and then submit their public key. The mail system will encrypt all mail >> received for a user with that users public key. When accessing the mail, >> the user configures his user agent to use the private key to decrypt the >> mail. >> >> In practice, it's probably not that easy: >> >> 1. I suppose you'd have to be careful to not break features like >> server-side searching though. If you only store encrypted mail, the only >> moment where the system sees the plain mail is when it's received. So >> you'd probably need to index it at that point and then use that index >> for subsequent queries. Once the mail is written to disk, the server >> never sees the real data anymore. >> >> 2. Different mail storage formats probably work differently well. mbox >> is right out, with Maildir it might not be acceptable to encode the raw >> mail file - I don't know whether Dovecot uses any actual contents of >> files with Maildir (as opposed to the Dovecot-specific indices and the >> file name). If it does, then you should maybe just encrypt just the body >> but no headers or similiar. >> >> There's surely more to consider, but I think this is anything but >> "impossible and useless". Accessing sensitive data which is stored on an >> untrusted system is an old and solved problem, I wouldn't be surprised >> if you just have to consider implementation details in the case of a >> mail server. > > Well you can generate the public and private key on the server, then set > the users password as the keyphrase, and leave it stored on the server. > > Incoming mail would be automatically encrypted with the public key, then > stored. > > When the user logs in to imap/pop the password is not only used for > authentication, but also to unlock the private key. Dovecot can then > decrypt the messages on the fly. > > Basically this is how Lavamail worked. It is reasonably secure, but > doesn't help against a hostile root user on the server that hacks > dovecot to just log the password when a user logs in. Or someone who has > acquired your SSL keys and taps your internet connection. > Mike. Or someone that has your email password. Basically, it's no different than unencrypted mail on an encrypted filesystem. Doing more work != more secure - that's why Lavamail was nothing more than a marketing ploy.? Imagine going to your bank to put things in your lockbox, and giving your personal items to the teller who then runs an obstacle course before getting to the vault.? Are your things more secure than you putting the items in the lockbox you have the key for? Use GPG, and make sure the user understands that full text search is not available.? For the client, either they run it locally, use the gpg Chrome plug-in, or the site implements opengpg.js.? Then all decryption occurs client-side. http://openpgpjs.org/ You could come up with some custom public/private key exchange, but why?? If you're going to encrypt and decrypt it locally anyways, what does it matter?? The equivalent to the Lavabit hack, without the pointless runaround, would be to use the Dovecot zip module to encrypt the data so only the Dovecot process can read it - though you could still trivially log the user's password for direct data access.? IMHO, logging a password you receive in plain text is far from a hack.? To me a hack requires a little complexity or inginuity. Rick From me at electronico.nc Wed Oct 30 22:17:14 2013 From: me at electronico.nc (me at electronico.nc) Date: Thu, 31 Oct 2013 07:17:14 +1100 Subject: [Dovecot] dovecot-ldap : can't find user in OU subtree In-Reply-To: References: <5270BCA7.6070908@electronico.nc> Message-ID: <5271694A.4010802@electronico.nc> Hello and thanks for your answer. Le 30/10/2013 19:32, Steffen Kaiser a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 30 Oct 2013, me at electronico.nc wrote: > >>> passdb { >>> args = /etc/dovecot/dovecot-ldap-passdb.conf.ext >>> driver = ldap >>> } >> >> /etc/dovecot/dovecot-ldap-passdb.conf.ext: >>> hosts = localhost >>> auth_bind = yes >>> auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan > > You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan > >>> ldap_version = 3 >>> base = ou=users,dc=domain,dc=lan >>> scope = subtree >>> pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) > >>> user_attrs = uid=20001, gid=20001, home=/media/data/email/%n, > mail=/media/data/email/%n/mail >>> user_filter = (&(objectClass=person)(cn=%n)(mail=*)) > > pass_filter and user_filter differ in %u vs. %n. I doesn't really matters in this situation as users are connected to an unique AD domain and their credentials are setup with user/password, so in this case %u and %n are identical. > >> Here is the debug part when user test3 (located in ou=users, >> ou=administrative) tries to login: > > The auth_bind_userdn does not match the ou=administrative location. > Drop the auth_bind_userdn, IMHO, so Dovecot actually uses pass_filter > to search for the DN of the user. > I have tried a lot of ways to use DN or OU in pass_filter, like : pass_filter = (&(objectClass=person)(cn=%u)(ou=users)(mail=*)) pass_filter = (&(objectClass=person)(cn=%u)(ou:dn:=rdk_users)(mail=*)) but it seems Active Directory doesn't support OU or DN in filters :-( Thanks anyway for your help, this is definitively not a Dovecot issue. Nicolas >>> Oct 30 18:49:12 serveur dovecot: auth: >>> ldap(test3,10.10.20.208,): invalid credentials >>> Oct 30 18:49:14 serveur dovecot: auth: Debug: client passdb out: >>> FAIL#0111#011user=test3 > >> As soon as I move user 'test3' back to ou=users, it can login ... >>> Oct 30 18:53:57 serveur dovecot: auth: Debug: client passdb out: >>> OK#0111#011user=test3 > > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUnDECl3r2wJMiz2NAQLEJQgAp/fECmujABG7xDI4nSkyn7ZcDp5xOqLm > qa+t2O+DPmEqC9EI+MIBaM8XOzKBG7iAVHpVtJJ06WA/Sn0aupyWxq6mAFEIYTtM > 2byKy4eSWexZU3XbhvggqMVaRJTBGHV31f2d05ZXjLzFeU4nzczN7xZ4DKVRqzhz > ii72NyMDf1bUhEx+1O7irMLnitOtpBlxsI5Xws6qrc1T4xlv0jjEkaqXEQAnPLWH > 9F4x+t1mKks+UcMMl6wOUQ/Siozg4GBVjnyNd8F7bLVRznntkhxzOY0apCC8Df9+ > kC2OhOF9ItHXKR2QI9w/emdqeKjbGQHEdrqC3Von2T/ntUA3yYHrCw== > =mGae > -----END PGP SIGNATURE----- > From achim at ag-web.biz Thu Oct 31 01:42:44 2013 From: achim at ag-web.biz (Achim Gottinger) Date: Thu, 31 Oct 2013 00:42:44 +0100 Subject: [Dovecot] dovecot-ldap : can't find user in OU subtree In-Reply-To: <5271694A.4010802@electronico.nc> References: <5270BCA7.6070908@electronico.nc> <5271694A.4010802@electronico.nc> Message-ID: <52719974.30403@ag-web.biz> Am 30.10.2013 21:17, schrieb me at electronico.nc: > Hello and thanks for your answer. > > Le 30/10/2013 19:32, Steffen Kaiser a ?crit : >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Wed, 30 Oct 2013, me at electronico.nc wrote: >> >>>> passdb { >>>> args = /etc/dovecot/dovecot-ldap-passdb.conf.ext >>>> driver = ldap >>>> } >>> >>> /etc/dovecot/dovecot-ldap-passdb.conf.ext: >>>> hosts = localhost >>>> auth_bind = yes >>>> auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan >> >> You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan >> >>>> ldap_version = 3 >>>> base = ou=users,dc=domain,dc=lan >>>> scope = subtree >>>> pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) > You should use /etc/dovecot/dovecot-ldap-passdb.conf.ext hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=lan dnpass = My_secret_pass auth_bind = yes ldap_version = 3 base = OU=users,DC=domain,DC=lan scope = subtree pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) That way pass_filter should match cn=%u,OU=administrative,OU=Users,DC=domain,DC=lan as well. Take an look at http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds DN lookup vs. DN template. From me at electronico.nc Thu Oct 31 02:11:56 2013 From: me at electronico.nc (me at electronico.nc) Date: Thu, 31 Oct 2013 11:11:56 +1100 Subject: [Dovecot] dovecot-ldap : can't find user in OU subtree // solved In-Reply-To: <52719974.30403@ag-web.biz> References: <5270BCA7.6070908@electronico.nc> <5271694A.4010802@electronico.nc> <52719974.30403@ag-web.biz> Message-ID: <5271A04C.9070203@electronico.nc> Le 31/10/2013 10:42, Achim Gottinger a ?crit : > Am 30.10.2013 21:17, schrieb me at electronico.nc: >> Hello and thanks for your answer. >> >> Le 30/10/2013 19:32, Steffen Kaiser a ?crit : >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On Wed, 30 Oct 2013, me at electronico.nc wrote: >>> >>>>> passdb { >>>>> args = /etc/dovecot/dovecot-ldap-passdb.conf.ext >>>>> driver = ldap >>>>> } >>>> >>>> /etc/dovecot/dovecot-ldap-passdb.conf.ext: >>>>> hosts = localhost >>>>> auth_bind = yes >>>>> auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan >>> >>> You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan >>> >>>>> ldap_version = 3 >>>>> base = ou=users,dc=domain,dc=lan >>>>> scope = subtree >>>>> pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) >> > You should use > > /etc/dovecot/dovecot-ldap-passdb.conf.ext > > hosts = localhost > dn = cn=ldap,cn=Users,DC=domain,DC=lan > dnpass = My_secret_pass > auth_bind = yes > ldap_version = 3 > base = OU=users,DC=domain,DC=lan > scope = subtree > pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) > > That way pass_filter should match > cn=%u,OU=administrative,OU=Users,DC=domain,DC=lan as well. Take an > look at http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds DN lookup > vs. DN template. > > Hello Achim, Thanks for your answer :-) Sure it works OK, as soon as I specify dn & dnpass (that I omitted in passdb... :-[ ) Many thanks again ! Nicolas From mlively at yahoo.com Thu Oct 31 03:36:38 2013 From: mlively at yahoo.com (Marcus Lively) Date: Thu, 31 Oct 2013 01:36:38 -0000 Subject: [Dovecot] IMAP Dovecot unknown namespace creating root folders In-Reply-To: <189a01ced572$5487ff70$fd97fe50$@com> References: <1383102489.41245.YahooMailNeo@web121605.mail.ne1.yahoo.com> <189a01ced572$5487ff70$fd97fe50$@com> Message-ID: <001201ced5d9$a5aa3d20$f0feb760$@com> Hi All, For info I now believe that this is a cPanel issue not a Dovecot issue. cPanel re-writes dovecot.conf from a template, and what it calls the datastore. From what I have learnt so far it looks like cPanel seems to have lost the mechanism to permit you to change the 'prefix' value in the datastore which I believe should be located at /var/cpanel/conf/dovecot/main, as it no longer exists. The template /var/cpanel/templates/dovecot1.2/main.default exists and modifies the default dovecot.conf and sets it with 'prefix = INBOX.' which I believe is not a default dovecot.conf value. I was able to get around this by creating a copy of the main.deafult file which needs to be called main.local in the same directory and commenting out line 362 as such '#prefix = [% namespace_private.prefix %]' I am still investigating this and will post further info should I find it. Kind regards Marcus > -----Original Message----- > there is an entry in dovecot.conf for > the private namespace which sets the prefix required to access the > namespace as follows > > prefix = INBOX. > > I commented this out and restarted dovecot. > > > > Hi, I hope someone can point me in the right direction here. I am > > migrating a mailbox from a non cPanel server, and the mailboxes have > > folders which seem to be at the same level as the Inbox. > > when I try to > > create a 'top level' folder in Outlook I receive the error 'Cannot > > create the folder: Unknown namespace' From jess.portnoy at kaltura.com Thu Oct 31 13:19:27 2013 From: jess.portnoy at kaltura.com (Jess Portnoy) Date: Thu, 31 Oct 2013 13:19:27 +0200 Subject: [Dovecot] init script as provided http://wiki2.dovecot.org/DovecotInit Message-ID: Hello list, I would add: # dovecot Startup script for the dovecot server # # chkconfig: - # processname: dovecot # config: /path/to/config # pidfile: /path/to/pid So that it supports the chkconfig used by RHEL and clones too. Also, maybe it should be installed by the Makefile's install target? it could then also set: DAEMON=/path/to/dovecot/daemon instead of: DAEMON=/usr/local/sbin/dovecot Cause naturally, it will know the prefix chosen. May the source be with you, Jess Portnoy From achim at ag-web.biz Thu Oct 31 13:28:07 2013 From: achim at ag-web.biz (Achim Gottinger) Date: Thu, 31 Oct 2013 12:28:07 +0100 Subject: [Dovecot] dovecot-ldap : can't find user in OU subtree // solved In-Reply-To: <5271A04C.9070203@electronico.nc> References: <5270BCA7.6070908@electronico.nc> <5271694A.4010802@electronico.nc> <52719974.30403@ag-web.biz> <5271A04C.9070203@electronico.nc> Message-ID: <52723EC7.8070807@ag-web.biz> Am 31.10.2013 01:11, schrieb me at electronico.nc: > Le 31/10/2013 10:42, Achim Gottinger a ?crit : >> Am 30.10.2013 21:17, schrieb me at electronico.nc: >>> Hello and thanks for your answer. >>> >>> Le 30/10/2013 19:32, Steffen Kaiser a ?crit : >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> On Wed, 30 Oct 2013, me at electronico.nc wrote: >>>> >>>>>> passdb { >>>>>> args = /etc/dovecot/dovecot-ldap-passdb.conf.ext >>>>>> driver = ldap >>>>>> } >>>>> >>>>> /etc/dovecot/dovecot-ldap-passdb.conf.ext: >>>>>> hosts = localhost >>>>>> auth_bind = yes >>>>>> auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan >>>> >>>> You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan >>>> >>>>>> ldap_version = 3 >>>>>> base = ou=users,dc=domain,dc=lan >>>>>> scope = subtree >>>>>> pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) >>> >> You should use >> >> /etc/dovecot/dovecot-ldap-passdb.conf.ext >> >> hosts = localhost >> dn = cn=ldap,cn=Users,DC=domain,DC=lan >> dnpass = My_secret_pass >> auth_bind = yes >> ldap_version = 3 >> base = OU=users,DC=domain,DC=lan >> scope = subtree >> pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) >> >> That way pass_filter should match >> cn=%u,OU=administrative,OU=Users,DC=domain,DC=lan as well. Take an >> look at http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds DN >> lookup vs. DN template. >> >> > Hello Achim, > Thanks for your answer :-) > Sure it works OK, as soon as I specify dn & dnpass (that I omitted in > passdb... :-[ ) > Many thanks again ! > Nicolas The problem was auth_bind_userdn which only matched users in OU=users. If you use that type of passwort check pass_filter is not used. Now dovecot binds as user dn first, does an lookup of the users dn via pass_filter and uses the result as the dn for the password verification via an second bind to ldap. If you use the LDAP Server from an Active Directory i'd recommen you use. pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)). Because if you use Windows Remote Admin Tools to create users the users dn is usually someting like dn=cn=[Full Name],ou=Users,dc=domain,dc=lan and cn=[Full Name]. sAMAccountName however holds the users login name. From anmeyer at anup.de Thu Oct 31 13:47:06 2013 From: anmeyer at anup.de (Andreas Meyer) Date: Thu, 31 Oct 2013 12:47:06 +0100 Subject: [Dovecot] double login lines Message-ID: <20131031124706.21fb5171@itxnew.bitcorner.intern> Hi! Who can tell me why I have double login lines for some accounts? Oct 31 12:35:36 imap-login: Info: Login: user=, method=CRAM-MD5, rip=84.179.59.177, lip=78.47.3.18, mpid=29905, TLS, TLSv1 with cipher RC4-MD5 (128/128 bits) Oct 31 12:35:36 imap-login: Info: Login: user=, method=CRAM-MD5, rip=84.179.59.177, lip=78.47.3.18, mpid=29906, TLS, TLSv1 with cipher RC4-MD5 (128/128 bits) I can not think of any reason why this happens at the same time. Greetings Andreas From h.reindl at thelounge.net Thu Oct 31 14:06:32 2013 From: h.reindl at thelounge.net (Reindl Harald) Date: Thu, 31 Oct 2013 13:06:32 +0100 Subject: [Dovecot] double login lines In-Reply-To: <20131031124706.21fb5171@itxnew.bitcorner.intern> References: <20131031124706.21fb5171@itxnew.bitcorner.intern> Message-ID: <527247C8.5050309@thelounge.net> Am 31.10.2013 12:47, schrieb Andreas Meyer: > Who can tell me why I have double login lines for some accounts? > > Oct 31 12:35:36 imap-login: Info: Login: user=, method=CRAM-MD5, rip=84.179.59.177, lip=78.47.3.18, mpid=29905, TLS, TLSv1 with cipher RC4-MD5 (128/128 bits) > Oct 31 12:35:36 imap-login: Info: Login: user=, method=CRAM-MD5, rip=84.179.59.177, lip=78.47.3.18, mpid=29906, TLS, TLSv1 with cipher RC4-MD5 (128/128 bits) > > I can not think of any reason why this happens at the same time IMAP is mostly one connection per folder up to the clients limit per server which may vary -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From steve at kingswayelec.co.uk Thu Oct 31 16:42:52 2013 From: steve at kingswayelec.co.uk (Steve Downes) Date: Thu, 31 Oct 2013 14:42:52 +0000 Subject: [Dovecot] Logging in to a virtual users Maildir Message-ID: Trying to set up a mailserver to run exim4, dovecot2, (clamav procmail or similar not yet installed) on a virtual machine & access it from various hosts mostly using Mutt. So far no attempt at encryption although there are some pem files from a previous attempt & some evidence from the mutt debug file they may be being used . So far I have attempted to set up dovecot to by accessed by MUAs only & tried to access it from Mutt on on the mailserver virtual machine & on another on locally networked machine (no networking problems). When I open a local mutt I get the following:- 1) could not connect to vmail-s (connection refused) (vmail-s is the mailserver host) 2) mutt then opens, with a blank message screen 3) from mutt I then put C (open mailbox ? for list) & ?. 4) I then get a file list for the mailbox including all dovecot files but no mailbox files except cur. new, & tmp 5) if enter on ../ I get (presumably) /home/vmail/users/steve/ showing Maildir as the 2nd line 6) select Maildir gives me my inbox but continuing the process does not give me acces to any other folders. The files in my mailbox are from my previous version of Dovecot (V1*) but I have previously tried to start anew set of mailboxes with similar results. I enclose below:- my Dovecot.conf file My muttrc file a .muttdebug0 file Dovecot log files show nothing but Dovecot stop/start lines. Any pointers please? Steve --------------------------------- /etc/dovecot/dovecot.conf # based on Dovecot.org/HowTo/SimpleVirtualInstall # Dovecot version 2 # ASD 131028 protocols = imap # separate dovecot logging log_path = /var/log/dovecot.log # info_log_path = /var/log/dovecot-info.log info_log_path = /var/log/dovecot.log mail_debug=yes # disable ssl for now ssl = no disable_plaintext_auth = no # Maildir boxes mail_location = maildir:~/home/vmail/%u/Maildir # if your using pop3, you'll need this # pop3_uidl_format = %g # authentication configuration auth_verbose=yes auth_debug=yes auth_mechanisms=plain auth_debug_passwords=yes passdb { driver = passwd-file args = /etc/dovecot/passwd } userdb { driver = static args = uid=vmail gid=vmail home=/home/vmail/%u/Maildir } -------------------------------------------- ~/.mutt.muttrc # muttrc file started 131029 set mbox_type="Maildir" set spoolfile=imaps://steve at vmail-s/ set folder="/home/vmail/users/steve" unset mark_old set postponed="/home/vmail/users/steve/drafts/" set postpone=ask-yes set imap_check_subscribed set abort_nosubject=yes set include=yes set editor="emacsclient %s" set alias_file="/home/steve/.mutt/mutt-aliases --------------------------------------------- .muttdebug0 [2013-10-31 14:35:23] Mutt/1.5.21 (2010-09-15) debugging at level 2 [2013-10-31 14:35:23] Reading configuration file '/etc/Muttrc'. [2013-10-31 14:35:23] Reading configuration file '/usr/lib/mutt/source-muttrc.d|'. [2013-10-31 14:35:23] Reading configuration file '/etc/Muttrc.d/charset.rc'. [2013-10-31 14:35:23] Reading configuration file '/etc/Muttrc.d/colors.rc'. [2013-10-31 14:35:23] Reading configuration file '/etc/Muttrc.d/compressed-folders.rc'. [2013-10-31 14:35:23] Reading configuration file '/etc/Muttrc.d/gpg.rc'. [2013-10-31 14:35:23] Reading configuration file '/etc/Muttrc.d/smime.rc'. [2013-10-31 14:35:23] Reading configuration file '/home/steve/.mutt/muttrc'. [2013-10-31 14:35:23] Reading imaps://steve at vmail-s/... [2013-10-31 14:35:23] Looking up vmail-s... [2013-10-31 14:35:23] Connecting to vmail-s... [2013-10-31 14:35:23] Connection failed. errno: 111... [2013-10-31 14:35:23] Could not connect to vmail-s (Connection refused). [2013-10-31 14:35:25] Connected to vmail-s:993 on fd=-1 [2013-10-31 14:35:55] Reading /home/vmail/users/steve/Maildir... [2013-10-31 14:35:55] Scanning /home/vmail/users/steve/Maildir... 0 [2013-10-31 14:35:55] Reading /home/vmail/users/steve/Maildir... 0 [2013-10-31 14:35:55] Scanning /home/vmail/users/steve/Maildir... 0 [2013-10-31 14:35:55] ../mh.c:728: queueing 1382383788.2292_0.mail-s:2,Sa [2013-10-31 14:35:55] ../mh.c:728: queueing 1381593772.6226_1.mail-s:2,S [2013-10-31 14:35:55] ../mh.c:728: queueing 1382022143.2719_1.mail-s:2,S [2013-10-31 14:35:55] Reading /home/vmail/users/steve/Maildir... 0/54 (0%) [2013-10-31 14:35:55] Reading /home/vmail/users/steve/Maildir... 0/54 (0%) [2013-10-31 14:35:55] parse_parameters: `boundary="==Multipart_Boundary_xc75j85x"' [2013-10-31 14:35:55] parse_parameter: `boundary' = `==Multipart_Boundary_xc75j85x' [2013-10-31 14:35:55] parse_parameters: `charset="us-ascii"' [2013-10-31 14:35:55] ../mh.c:773 maildir_add_to_context(): Considering [2013-10-31 14:35:55] ../mh.c:782 Adding header structure. Flags: OR [2013-10-31 14:35:55] ../mh.c:773 maildir_add_to_context(): Considering [2013-10-31 14:35:55] Sorting mailbox... (I have cut most of the repeated lines for each email out of this file) From joseba.torre at ehu.es Thu Oct 31 17:17:47 2013 From: joseba.torre at ehu.es (Joseba Torre) Date: Thu, 31 Oct 2013 16:17:47 +0100 Subject: [Dovecot] failed: Message has been copied too many times In-Reply-To: <526E325F.7000308@um.es> References: <5268F864.8030800@um.es> <5268F941.9040908@um.es> <526E325F.7000308@um.es> Message-ID: <5272749B.1050201@ehu.es> El 28/10/13 10:46, Angel L. Mateo escribi?: > > The problem is that for some reason, dovecot is duplicating user > mails. In the problem I'm having today, a user has 3833 distinct > messages in a mailbox, but 122 of them are duplicated 19866 each, so a > search in the folder shows 2228712 messages. A force-resync of the > folder doesn't fix anything. > > What worried me the most is that this problem is appearing very > often in my system (once a week at least). > Are you sure it's dovecot who is duplicating emails? I have seen this before (not so many copies, but the same effect) and I've always thought it was a thunderbird thing (in every case I've seen the client was thunderbird, and I think your users also use it). I've always solved with the thunderbird function to remove duplicates. HTH From CMarcus at Media-Brokers.com Thu Oct 31 17:29:23 2013 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Thu, 31 Oct 2013 11:29:23 -0400 Subject: [Dovecot] failed: Message has been copied too many times In-Reply-To: <5272749B.1050201@ehu.es> References: <5268F864.8030800@um.es> <5268F941.9040908@um.es> <526E325F.7000308@um.es> <5272749B.1050201@ehu.es> Message-ID: <52727753.2070001@Media-Brokers.com> On 2013-10-31 11:17 AM, Joseba Torre wrote: > Are you sure it's dovecot who is duplicating emails? I have seen this > before (not so many copies, but the same effect) and I've always > thought it was a thunderbird thing (in every case I've seen the client > was thunderbird, and I think your users also use it). I have seen this happen when the user tries to mass delete thousands of emails using 'Move to Trash', then is impatient when it slows to a crawl, and they try to close Thunderbird and end up 'force quitting' it... We had one user that ended up with 5 copies of thousands of messages from doing this repeatedly > I've always solved with the thunderbird function to remove duplicates. Exactly what I used to clean up the mess... -- Best regards, */Charles/* From keith at mountifield.org Wed Oct 30 20:35:48 2013 From: keith at mountifield.org (Keith Mountifield) Date: Wed, 30 Oct 2013 18:35:48 -0000 Subject: [Dovecot] Configuring SPECIAL-USE Dovecot 2.0.9 Message-ID: Hi All, I'm trying to configure Dovecot 2.0.9 to support Outlook 2013. As I understand it, I need to configure XLIST. I have added imap_capability = +XLIST to 20-imap.conf When I try to query the IMAP folders I get an error "An IMAP command Failed". Looking at the logs I get XLIST Command not found. I can only assume that I'm missing something in the configuration. Any help would be greatly appreciated Thanks Keith