March 2017 - dovecot - dovecot.org

Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
by Ralf Hildebrandt 20 Mar '17

20 Mar '17

Hi! I upgraded the 2.2 packages today (from 2:2.2.28-1~auto+5 to 2:2.2.28-1~auto+8) I now I'm getting an error: Mar 20 13:25:58 mproxy dovecot: auth: Error: imapc(email.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) I checked, and alas, I had ssl_client_ca_dir = ssl_client_ca_file = So I set: ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt But I'm still getting the error above. I addition, … [View More]

2 5

doveadm proxy password
by Angel L. Mateo 20 Mar '17

20 Mar '17

Hi, I'm configuring a proxy host to connect to backend servers. As proxy is done based on an LDAP attribute of the user, I'm not using director. In the proxy server I have configured: doveadm_port = 24245 doveadm_password = secret And in the backend: service doveadm { inet_listener { port = 24245 } } local <mynetwork> { doveadm_password = secret } But when I run a doveadm command in the proxy I get: amateo_adm@musio10:/etc/dovecot/conf.d$ sudo doveadm … [View More]

1 0

Re: Dovecot 2.2.27 proxy - enforcing per client IP connection limits
by Joseph Tam 20 Mar '17

20 Mar '17

Adi Pircalabu writes: > For us it is, we're periodically getting hammered by iOS devices that > try to open 300+ simultaneous IMAP connections for a single user from > the same IP, while the average hovers usually below 50 for the busier > mailboxes with many folders. Oh yeah, I've seen this. I think this happens when someone does a global pattern search, which causes the client to launch IMAP SEARCH commands on each and every mailbox. I've wondered whether installing Solr would … [View More]

2 1

Mail restore and single storage attachement
by Jean-Luc Oms 20 Mar '17

20 Mar '17

Bonjour, I'm finishing the upgrade of an old installation of Dovecot/postfix mail system for my lab. In the configuration i plan ( dovecot 2.2.27 ), i choose to use: - mdbox format - single storage for attachements - 2 zfs file systems, one for mdboxes, the other for attachments The last tests before production concern my hability to restore a lost mail (or mailbox) ... (lot of changes when you are used to mbox format). 1) I uses doveadm import to restore part of mail from one … [View More]

1 1

Deploying Diffie-Hellman for TLS
by Jerry 20 Mar '17

20 Mar '17

I have been reading up on TLS and Dovecot and came across this URL: https://www.weakdh.org/sysadmin.html which recommended these settings for Dovecot. I would like to know if they are correct? Some much documentation on the web is pure garbage. Dovecot These changes should be made in /etc/dovecot.conf Cipher Suites ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-… [View More]

2 1

Server migration
by Gandalf Corvotempesta 20 Mar '17

20 Mar '17

Hi to all. It's time to migrate an old server to a newer platform Some questions: 1) what happens by changing the pop3/IMAP server on the client? Is the client (Outlook, Thunderbird,...) smart enough to not download every message again? I'm asking this because the easier way to migrate would be move all mailboxes to the new server and then change the hostname on the client 2) what if I add a dovecot proxy on the new server, proxing back all requests to the older one, if the mailbox is still … [View More]

2 1

[Bug] Mailbox aliases still broken
by azurit＠pobox.sk 20 Mar '17

20 Mar '17

Hi, about an year ago i was reporting a bug in mailbox aliases, which remains unfixed and unasnwered (probably totally ignored, don't understand why). I thought it was because the bug is old and already fixed but yesterday i upgraded to Dovecot 2.2.24 and problem persists. Here is the original report, everything, except the Dovecot version, is still correct: http://dovecot.org/list/dovecot/2015-June/101176.html Will this be fixed? Thanks for info. azur

4 7

dovecot problem with ssl
by Nilton Jose Rizzo 19 Mar '17

19 Mar '17

Hi all, I already searched for this error on google and nothing I never install dovecot, this is a first time. This error, I know, is too newbie and stupid, but I checked more than twice. root@server:/usr/local/etc/dovecot # sievec /home3/virtual/default.sieve doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/10-ssl.conf line 7: Unknown setting: ssl root@server:/usr/local/etc/dovecot # I'm running a FreeBSD 12-current and compile all from … [View More]

4 11

replication issues between to nodes
by Remko Lodder 18 Mar '17

18 Mar '17

Hi, Some time ago I posted the below but never got a reponse that I could work with. So i am retrying now in the hope that there might be a better idea/suggestion on how to approach this. Situation; I have two nodes, which should replicate to eachother. My main machine receives most mail and the other one receives mostly system messages and should get replicated. (This used to be delivered on both machines, but given the issues below I had to make sure that the customer email at least … [View More]arrives on machine A, as detailed below). When a mail arrives on main machine (A) everything is fine and things are synchronised asap. Customers can see the email directly via webmail/imap. When a mail arrives on the secondary machine (B) the replication is not issued until machine A starts a sync session. Customers do not see the email on machine A via webmail/imap. When a mail arrives on A, the synchronisation occurs, and all messages on B, not yet on A, are synchronised as well. Customers can now see the email on machine A as well via webmail/imap. Sadly this can mean that emails that became visible are hours late (read: were delivered hours before, but not visible for the customer). Both machines are configured through puppet, only individual settings like IP addresses and certificates are different because well, they have to. I included the difference below, and both ‘doveconf -n’s. If someone has a suggestion on seeing why machine B is not issueing (or does not seem to issue) replication, let me know. I verified that I can connect to the remote machines via IPv4 and IPv6 (for doveadm / replication purposes). Difference between configurations; --- tmp1.txt 2017-03-18 15:18:41.000000000 +0100 +++ tmp2.txt 2017-03-18 15:18:56.000000000 +0100 @@ -55,7 +55,7 @@ imapsieve_mailbox2_name = * mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size - mail_replica = tcps:mail.jr-hosting.nl:12346 + mail_replica = tcps:mail2.jr-hosting.nl:12346 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_execute_bin_dir = /usr/local/lib/dovecot/sieve @@ -105,7 +105,7 @@ } service lmtp { inet_listener lmtp { - address = XXX/X 127.0.0.1 ::1 + address = YYYY/Y 127.0.0.1 ::1 port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { @@ -123,8 +123,8 @@ mode = 0666 } } -ssl_ca = </usr/local/etc/letsencrypt/live/mail2.jr-hosting.nl/fullchain.pem -ssl_cert = </usr/local/etc/letsencrypt/live/mail2.jr-hosting.nl/cert.pem +ssl_ca = </usr/local/etc/letsencrypt/live/mail.jr-hosting.nl/fullchain.pem +ssl_cert = </usr/local/etc/letsencrypt/live/mail.jr-hosting.nl/cert.pem ssl_client_ca_file = /usr/local/certificates/letsencrypt-ca.pem ssl_key = # hidden, use -P to show it ssl_protocols = !SSLv2 !SSLv3 Machine A (the best working machine) # 2.2.28 (bed8434): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.17 (e179378) # OS: FreeBSD 11.0-RELEASE-p8 amd64 auth_mechanisms = plain login disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it haproxy_trusted_networks = XXXX/X lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_fsync = always mail_location = mdbox:~/mdbox mail_plugins = " quota notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve namespace { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . } passdb { driver = pam } plugin { imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_replica = tcps:mail2.jr-hosting.nl:12346 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_execute_bin_dir = /usr/local/lib/dovecot/sieve sieve_global_dir = /usr/local/etc/dovecot/sieve/global/ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms } postmaster_address = postmaster(a)jr-hosting.nl protocols = imap pop3 lmtp sieve replication_dsync_parameters = -d -N -l 60 -U replication_max_conns = 100 service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service doveadm { inet_listener { port = 12346 ssl = yes } } service imap-login { inet_listener imap_haproxy { haproxy = yes port = 10143 } inet_listener imaps_haproxy { haproxy = yes port = 10144 ssl = yes } service_count = 1 } service imap { process_limit = 1024 } service lmtp { inet_listener lmtp { address = XXXX/X 127.0.0.1 ::1 port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3 { process_limit = 1024 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl_ca = </usr/local/etc/letsencrypt/live/mail.jr-hosting.nl/fullchain.pem ssl_cert = </usr/local/etc/letsencrypt/live/mail.jr-hosting.nl/cert.pem ssl_client_ca_file = /usr/local/certificates/letsencrypt-ca.pem ssl_key = # hidden, use -P to show it ssl_protocols = !SSLv2 !SSLv3 userdb { driver = passwd } verbose_proctitle = yes protocol lmtp { auth_username_format = %n mail_plugins = quota sieve postmaster_address = postmaster(a)jr-hosting.nl } protocol lda { mail_plugins = " quota notify replication sieve" } protocol imap { mail_max_userip_connections = 50 mail_plugins = " quota notify replication imap_quota imap_sieve” } Machine B: # 2.2.28 (bed8434): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.17 (e179378) # OS: FreeBSD 11.0-RELEASE-p8 amd64 auth_mechanisms = plain login disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it haproxy_trusted_networks = XXX/X lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_fsync = always mail_location = mdbox:~/mdbox mail_plugins = " quota notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve namespace { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . } passdb { driver = pam } plugin { imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_replica = tcps:mail.jr-hosting.nl:12346 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_execute_bin_dir = /usr/local/lib/dovecot/sieve sieve_global_dir = /usr/local/etc/dovecot/sieve/global/ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms } postmaster_address = postmaster(a)jr-hosting.nl protocols = imap pop3 lmtp sieve replication_dsync_parameters = -d -N -l 60 -U replication_max_conns = 100 service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service doveadm { inet_listener { port = 12346 ssl = yes } } service imap-login { inet_listener imap_haproxy { haproxy = yes port = 10143 } inet_listener imaps_haproxy { haproxy = yes port = 10144 ssl = yes } service_count = 1 } service imap { process_limit = 1024 } service lmtp { inet_listener lmtp { address = XXXX/X 127.0.0.1 ::1 port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3 { process_limit = 1024 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl_ca = </usr/local/etc/letsencrypt/live/mail2.jr-hosting.nl/fullchain.pem ssl_cert = </usr/local/etc/letsencrypt/live/mail2.jr-hosting.nl/cert.pem ssl_client_ca_file = /usr/local/certificates/letsencrypt-ca.pem ssl_key = # hidden, use -P to show it ssl_protocols = !SSLv2 !SSLv3 userdb { driver = passwd } verbose_proctitle = yes protocol lmtp { auth_username_format = %n mail_plugins = quota sieve postmaster_address = postmaster(a)jr-hosting.nl } protocol lda { mail_plugins = " quota notify replication sieve" } protocol imap { mail_max_userip_connections = 50 mail_plugins = " quota notify replication imap_quota imap_sieve” } [View Less]

1 0

sievec
by Robert Moskowitz 17 Mar '17

17 Mar '17

I am building a new mailserver on Centos7. My sieve is created with: mkdir /home/sieve cat <<EOF>/home/sieve/globalfilter.sieve || exit 1 require "fileinto"; if exists "X-Spam-Flag" { if header :contains "X-Spam-Flag" "NO" { } else { fileinto "Spam"; stop; } } if header :contains "subject" ["***SPAM***"] { fileinto "Spam"; stop; } EOF chown -R vmail:mail /home/sieve But in 90-sieve.conf there is the comment: # A path to a global … [View More]

4 8