February 2009 - dovecot

[Dovecot] limiting authentication failures
by Eric B. Schorvitz, Ph.D. 19 Feb '09

19 Feb '09

In my log files I occasionally get a huge number of Dovecot authentication failures (see clip below). I wanted to know if there's a way to limit the number of times an IP address can attempt to authenticate, if there's a way to have a timeout between attempted authentications, or if there is a way to limit authentication attempts by a specific username within a certain period of time. My current solution is to permanently block the specific IP, an IP range, or an entire country from accessing my server AFTER I notice the huge number of authentication failures. This is too ad-hoc a process and was hoping dovecot has something more proactive built in. Thank you in advance for spending time considering this inquiry, Eric --------------------- pam_unix Begin ------------------------ dovecot: Authentication Failures: rhost=::ffff:200.111.39.219 : 764 Time(s) root: 25 Time(s) mysql: 6 Time(s) smmsp: 6 Time(s) --SNIP-- Unknown Entries: check pass; user unknown: 764 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info --SNIP--

2 1

[Dovecot] sieve filters
by Ian P. Christian 19 Feb '09

19 Feb '09

Hi all, I'm trying to figure out a way of filtering mail from a commercial anti-spam platform. Unfortunately you need to compare part of one header against part of another header. I figured I could solve this using sieve variables and pattern matching, however I'm having little luck and don't know how to debug sieve issues. # example headers: must compare 0.00799 against 1:0000 (the 2nd number in the 2nd header) # X-pstn-levels: (S: 0.00799/98.42547 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 ) # X-pstn-settings: 3 (1.0000:1.0000) s cv gt3 gt2 gt1 r p m c if header :matches "X-pstn-levels" "(S: */*" { set "score" "${1}"; if header :matches "X-pstn-settings" " ? (*:*) *" { fileinto "somewhere"; } } The first if appears to match, as if I move the fileinto up there it works - however it doesn't work as it shown here. Can anyone suggest why? Can I achieve what I'm trying to do with sieve? How can I go about debugging scripts? Thanks, Ian

2 2

[Dovecot] kerberos trying to obtain credentials for wrong machine
by Nikolay Shopik 19 Feb '09

19 Feb '09

Hi, I'm currently trying to configure Dovecot to use kerberos. My KDC is Windows 2003 and I successful generated keytab file for Dovecot machine. Problem is when I'm trying to use GSSAPI it told me Obtaining credentials for imap@debian5 - and of course this fails because debian5 isn't KDC, it should look for imap/debian5.inblock.local(a)INBLOCK.LOCAL. What I'm missing?

2 1

[Dovecot] Time moved backwards ....
by Harry Lachanas 18 Feb '09

18 Feb '09

OK.. So I synced the clock.... and got .... dovecot: Time just moved backwards by 1 seconds. I'll sleep now until we're back in present. http://wiki.dovecot.org/TimeMovedBackwards ( The first time I did this the clock moved backwards 2 hours after a timezone change and dovecot suicided ) I think I understand the concept ... However a mail server should probably be synchronized to the local time ..... Suggestions ...??? Harry.

8 10

[Dovecot] mbox snarf plugin + idle
by Jonathan Siegle 18 Feb '09

18 Feb '09

I'm having a problem with mbox snarf not looking at /var/spool/mail/ when in idle mode thus never giving me a RECENT line even though there are new messages in /var/spool/mail/ . Here are the imap commands to reproduce the problem: 1 login userid password 2 select inbox 3 idle When I run "select inbox" it does see my messages in /var/spool/mail/ and moves them over fine. When I truss the process, I see it only running stat calls on my "mbox- snarf" file. To get new messages I issue DONE, CLOSE, and SELECT INBOX. I'm not sure why it is reporting alpha5 two lines below. I did an hg pull just the other day and see 1.2.beta1 in the output of hg tags. # /usr/ladmin2/sbin/dovecot -n # 1.2.alpha5: /usr/ladmin2/etc/dovecot.conf Warning: fd limit 2000 is lower than what Dovecot can use under full load (more than 4224). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: AIX 3 0001112AD300 syslog_facility: local0 protocols: imap listen: *:2222 ssl: no disable_plaintext_auth: no login_dir: /usr/ladmin2/var/run/dovecot/login login_executable: /usr/ladmin2/libexec/dovecot/imap-login login_greeting: Dovecot ready. login_processes_count: 30 max_mail_processes: 4096 mail_location: mbox:%h/new:INBOX=/var/spool/mail/14/%u mmap_disable: yes dotlock_use_excl: no mbox_write_locks: fcntl mbox_lazy_writes: no mail_plugins: mbox_snarf imap_client_workarounds: delay-newmail auth default: mechanisms: plain gssapi krb5_keytab: /etc/krb5/dovecot.keytab gssapi_hostname: $ALL verbose: yes debug: yes passdb: driver: pam userdb: driver: passwd plugin: mbox_snarf: /gpfs/inbox/14/%u Thanks, Jonathan

2 2

Re: [Dovecot] from postfix deliver to dovecot deliver
by dovecot＠corwyn.net 18 Feb '09

18 Feb '09

you're using maildir? (I only ask because I am). In that case, no making the change doesn't require changes in the mailboxes. I made the appropriate changes (just a few days ago) to main.cf and I was good to go. Rick At 08:01 AM 2/18/2009, Johan Hendriks wrote: >Hello all. >I use dovecot in combination with postfix, postfixadmin for virtual users. >Deliver to the mailbox now is done by postfix >Now i want to enable quota's and therefor i need dovecot deliver. >Can i just switch to dovecot deliver? >Or must i first do some prrperations in the mailboxes. > >regards >-- >_______________________ >*Johan Hendriks* >*Schavemaker Transport* > >Tel: +31 (0)251 229098 >Fax: +31 (0)251 212016 >email: j.hendriks(a)schavemaker.com <mailto:j.hendriks@schavemaker.com> >web: http://www.schavemaker.com >_______________________ >/Confidentiality Notice: The information in this document may be >confidential. It is intended only for the use of the named recipient. >If you are not the intended recipient, please notify me immediately >and then delete this document. Do not disclose the contents of this document >to any other person, nor take any copies. Violation of this notice >may be unlawful. / >_______________________

1 0

[Dovecot] assertion failed
by Ian P. Christian 18 Feb '09

18 Feb '09

Does anyone know what might cause this? # dovecot --version 1.1.7 Feb 17 18:21:51 imap-proxy-temp dovecot: Panic: auth(default): file passdb-cache.c: line 121 (passdb_cache_lookup_credentials): assertion failed: (*scheme_r != NULL || *password_r == NULL) Feb 17 18:21:51 imap-proxy-temp dovecot: auth(default): Raw backtrace: dovecot-auth [0x42c0ea] -> dovecot-auth [0x42c143] -> dovecot-auth [0x42b7f6] -> dovecot-auth [0x41acb6] -> dovecot-auth(auth_request_lookup_credentials+0x6f) [0x411cdf] -> dovecot-auth [0x416caf] -> dovecot-auth(auth_request_handler_auth_continue+0xc9) [0x4128e9] -> dovecot-auth [0x40e40a] -> dovecot-auth(io_loop_handler_run+0xf8) [0x42fb48] -> dovecot-auth(io_loop_run+0x1d) [0x42ea4d] -> dovecot-auth(main+0x2f7) [0x416367] -> /lib/libc.so.6(__libc_start_main+0xda) [0x7f83990e54ca] -> dovecot-auth [0x40cdba] Feb 17 18:21:51 imap-proxy-temp dovecot: child 20579 (auth) killed with signal 6

2 4

[Dovecot] Maildir hierarchy sep bug ?
by Thomas Hummel 17 Feb '09

17 Feb '09

Hello Timo, I'm experiencing the following different behaviors with dovecot-1.1.8/Maildir. My Maildir hierarchy separator is the "." (dot) character. My namespaces, when I use them, separator is "/". When I run the server without any namespaces, I can create mailboxes named something like first.name which, of course, are shown to the client as first/ (non selectionnable) first/name For instance in Mutt, if I save a message (the "s" key) from first.name(a)some.domain dovecot happilly creates the .first.name/ Maildir But if I create a public Namespace, then I have to create a private default namespace as well and the server doesn't behave the same way : They're set up like this : namespace private { separator = / prefix = location = maildir:/courriel/boites/%u:CONTROL=/courriel/meta/%u:INDEX=/var/dovecot/indexes/%1u/%u inbox = yes hidden = no list = yes subscriptions = yes } namespace public { separator = / prefix = '#Foo/' location = maildir:/courriel/boites/public/foo inbox = no hidden = yes list = no subscriptions = no } Then users cannot create mailboxes with a dot in it : Character not allowed in mailbox name: '.' which seems normal but can be confusing since, a user used to saving his mail in first.name (in Mutt for instance) wouldn't be able to do so anymore if the server goes from the first to the second setting described above. Granted, a user which does so, probably doesn't do what he thinks he does (he probably thinks he save his message in a folder named "first.name" while instead he actually saves it in a subfolder of "first" named "name"). Still it can be confusing. Is that difference of behavior normal ? Which is the correct behavior ? And is there still no way (except to patch the source) to allow dots in mailbox names in Maildir ? Thanks. -- Thomas Hummel | Institut Pasteur <hummel(a)pasteur.fr> | Pôle informatique - systèmes et réseau

2 7

[Dovecot] Error: IMAP(user): nfs_flush_file_handle_cache_dir: rmdir(/var/mail) failed: Device busy
by Grandy Fu 17 Feb '09

17 Feb '09

Hi, I am running dovecot 1.1.10 and 1.1.11 on Solaris 10, mailboxes are in mbox format and served by Solaris 10 NFSv3, the dovecot cache is on local disk. Some of my users always had above nfs error and their mailbox usually very big, over 100M, 400M, or even 800M. Grandy

2 1

[Dovecot] dbox redesign
by Timo Sirainen 17 Feb '09

17 Feb '09

This is about how to implement multiple msgs/file dbox format. The current v1.1's one msg/file design would stay pretty much the same and it would be compatible with this new design. dbox directories with multiple msgs/file would be like: ~/dbox/storage/ has the actual mail data for all mailboxes ~/dbox/mailboxes/ has subdirectories containing mailboxes and their indexes Also since dbox supports already the single msg per file, those files would be stored in the mailboxes/ directory. So the idea would be that either you use multiple msgs per file using a global storage, or you use single msg per file without a global storage (or it's also possible to be in a mixed setup with some mails in storage/ and some in mailboxes/, mainly to allow migration between those configurations). The storage/ directory would have a new "map index" which is a regular dovecot index (dovecot.index and dovecot.index.log). So the mailbox index would point to mails using an intermediary "map UID". This way if mails are moved to another file only the map index needs to be updated. GUID would be a globally unique 128 bit ID for messages. So if map indexes get corrupted for any reason it's possible to rebuild it by finding the mails using GUIDs. v1.1 dbox has this "dbox.index" file which I was originally planning on using with multiple msgs/file. It had complex file range locking stuff. Now I'm thinking that it's pretty much useless. The only reason for its existence with the new design is for listing metadata for files converted from Maildir. Map index record would contain: - 32 bit map UID - 8 bit flags (MAIL_DELETED flag = message marked as expunged) - 8 bit unused wasted space - 16 bit refcount - 32 bit file sequence - 32 bit file offset --> total 128 bits/msg Mailbox index: - IMAP UID, flags, keywords, etc. - 32 bit map UID - 128 bit GUID dbox file metadata: - 128 bit GUID - size, vsize, received time, saved time, etc. - initial mailbox name (if all indexes get trashed, we can still figure out at least one mailbox where to put the mail. copies would get lost though.) (- no map UID, no imap UID) How to save a message with multiple msgs/file: 1. Find dbox file where to append to: 1.1. Look up the last message from map index 1.2. Is the file "too old"? (or doesn't exist at all) - Yes -> Create new dbox file 1.3. Is the file "too large"? - Yes -> Look at the previous file (one sequence less) and goto 1.2. 1.4. Try to lock the file. - Fail -> Look at prev file and goto 1.2. Now we have a locked/new dbox file where we can write to. Because 1.4. step only tries to lock the file, there's no waiting on locks. This also means that if e.g. two processes are writing new messages rapidly they may be appending actively to two different files. I don't think that's a problem, better than waiting for locks. 2a) We're using an existing file and we need to find the append offset. Since we found the file by finding the last msg in the file, we also know the last message's offset. I wasn't really planning on saving the message sizes in the index file, so to get the append offset I guess it needs to do an extra read on the last msg's header to find the size and skip over it. Hmm. Or would it be less disk I/O to store the size on the index so it could be found directly? I'm not really sure.. In any case, after we find the append offset, check to see if it's at EOF. If not, that means that either another process just saved a new message there or a process crashed previously and left garbage lying around. Refresh the map index to see if this file+offset exists in it. If not, truncate the file and just continue writing there. If it exists, figure out the new append offset and see again if the file limit would be reached. If the file would become too large, unlock the file and goto step 1. 2b) We're writing to a new file. No need to worry about anything in 2a) 3. Write the message and its metadata to dbox file (including generated 128 bit GUID). 4. Assign map UIDs for the written mails and write APPEND records to map index's transaction log. The record would contain the map UID, file seq, offset, refcount=1. The transaction is saved with a "weak" flag (wonder if there's a better name for this) and its offset is remembered. - If we're creating a new dbox file, it's assigned the file seq and rename()d to the final file name while the map index is locked. 5. Write APPEND record to mailbox index's transaction log with IMAP UID, map UID and GUID (and flags, keywords, etc). 6. Write "commit offset=x" record where x is the offset remembered in step 4. This marks the 4's weak transaction as being fully finished. 7. dbox file is unlocked (if we weren't creating a new file). When reading the index and we see a weak transaction without a commit record, call a resolve() function in dbox code. It finds the dbox file in the weak transaction and tries to lock it. If it can't lock it, it (probably) means that there's still a process that's going to finish the save. If a locking succeeded, run a fixup code that goes through all files that are referenced in weak transactions and makes sure all the refcounts and such are valid. Then it writes commit records for each such transaction. Copying can be done by locking source dbox file, writing a weak "refcount++" transaction and continuing from saving step 5. The only step I can think of where there's a small problem is if data is written to dbox file, then process dies, but no saving is attempted to the same file later. The data is left there as garbage until maybe some day later when a message is expunged from that file and cleanup code notices that there's extra data. I thought about reordering steps so that the records are written to map index first, but that's less efficient when writing multiple messages, because each one would need to be saved separately to the map index (where each save would be lock + fstat (+ read) + write + unlock). This is probably a rare problem which doesn't really matter.. Expunging: The "expunge" and "cleanup to remove deleted space" are separate steps. Preferably the cleanup would be done when the server is "less busy", but I guess it could also be configured to happen either immediately or during logout (or once an hour or so). 1. Write "want to expunge" record to mailbox's transaction log. 2. Write a weak "refcount--" to map index's transaction log. 3. Write "expunged" record to mailbox's transaction log. 4. Write "commit" for the weak refcount--. (The two-stage want-to-expunge(1)/expunged(3) is already done for maildir/mbox also.) I was also thinking maybe this could be just 3 steps without a weak transaction. Especially since without a fsync() between 2 and 3 there's really no guarantee about the order in which 2 and 3 happen. And fsync()s are kind of annoying. But then again if that isn't done and it crashes between 2 and 3 the expunge is tried again later which now decrements the refcount again. If the message's original refcount was 1 it would now be negative. That's not really a problem. More problematic is if the message had been copied to another mailbox and refcount=2, now the refcount would be 0 and the message in the other mailbox would get unexpectedly lost. Not good. Space deletion cleanup: 1. Check from map index header to see there are any refcount=0 mails. Although having this step probably requires some annoying dbox-specific code in index handling code. I guess I'll have to see later if there's a non-horribly-ugly way to do this. 2. Go through all records in the map index. Get a list of files that have refcount=0 records. Also make a copy of file seq+offsets and sort them (so at step 3 we can easily find what mails exist). 3. For each file that has refcount=0 records: 3.1. Try to lock the file. -> Fail: Skip to next file. Either someone's appending to it or cleaning it up already. 3.2. Refresh map index. Add any newly added records to the sorted records list (rare). 3.2. Find the first refcount=0 mail. 3.3. Copy all mails after that with refcount>0 to a new file. 3.4. Lock map index, assign new file seq for the new file, rename() it, for each mail we just copied, using a weak transaction write the seq +offset updates to map index's transaction log. Unlock map index. 3.5. Depending on if first refcount=0 mail was the first mail, either unlink() the file or ftruncate() it. 3.6. Write "commit" record to finish the weak transaction. That's a bit inefficient when cleaning up multiple dbox files, but I'm not sure if there's a much better way unless the map index is locked for the entire time. Since the copying might take a while, a long map index lock is bad since it prevents messages from being saved. Reading mails can be done without locking. But since a file can be truncated unexpectedly, the code must be able to find the new file and offset in that situation and continue reading from there. If the message we were reading was just expunged+cleaned up, the client will have to be just disconnected. Since the cleanup shouldn't normally happen immediately after expunge, this should happen rarely/never. Oh and about all these new temp files that are created. When dbox is opened the dir is stat()ed and if its atime is older than 1 week (currently hardcoded) it readdir()s through the dir to see if there are any old temp* files and then unlinks them. With the new design flags/keywords would never be written to actual dbox files. This helps with backups and also avoids the horribleness of having to increase metadata area. To avoid complete data loss due to index corruption (which really shouldn't be happening nowadays), the indexes are also once in a while backed up to e.g. dovecot.index.backup file. If Dovecot detects missing/broken index, it uses this backup copy to rebuild the index as well as it can. I'm also wondering if it's better for each mailbox to have its separate dovecot.index.cache file or if there should be one cache file for the map index. The upside with one index is that if a mail is copied there's no need to duplicate its cached data. The downside is that I'm worried it would cause more disk I/O, since mailboxes are typically accessed separately, so it might be better that the cache data for one mailbox is stored together rather than all around one bigger cache file.

5 7