July 2020 - dovecot - dovecot.org

Dovecot Maildirs multi language
by Luca Müller 07 Jul '20

07 Jul '20

Hello, I'm hosting a few customers on a dovecot Server. Most users speak german and have german as their main language. I configured the IMAP Foldernames in a Dovecot configuration file like this: ##### root@srv04:~# cat /etc/dovecot/conf.d/105-mailboxes.conf imap_capability = +XLIST namespace inbox { inbox = yes location = separator = / mailbox "Entwürfe" { auto = subscribe special_use = \Drafts auto=subscribe } mailbox Junk-E-Mail { special_use = \Junk auto=subscribe } mailbox "Gelöschte Elemente" { special_use = \Trash auto=subscribe } mailbox "Gesendete Elemente" { special_use = \Sent auto=subscribe } mailbox Archive { special_use = \Archive auto=subscribe } } ##### Dovecot Version: 2.3.10 (0da0eff44) ##### Is it possible to change this configuration for specific users or to provide multi language support somehow? Thanks in advance. Best regards, Luca

4 4

dovecot oauth
by la.jolie＠paquerette 06 Jul '20

06 Jul '20

Hello, I'm trying to configure roundcube / dovecot to work with keycloak. I activated xoauth2 oauthbearer in dovecot. But a problem occurs when dovecot tries to contact the keycloak server (logs are below). My problem looks like this one: https://dovecot.org/pipermail/dovecot/2019-December/117768.html The response to this problem was about a bug in oauth driver (https://dovecot.org/pipermail/dovecot/2019-December/117787.html) Mizuki was using Dovecot v2.2.36 (1f10bfa63) I have Dovecot Dovecot v2.3.4.1 (f79e8e7e4) I'm wondering if this bug is still present in my version or if I have another problem. Both my servers (dovecot and keycloak) are using let's encrypt certificates. I tried to configure Keycloak with nginx proxy and without it (access via port 8443) (in case the problem came from the ssl config on the keycloak server), but still the same error. If the bug is fixed, then could someone tell me what do I have to put in the option tls_ca_cert_file? I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I got from let's encrypt website (https://letsencrypt.org/certificates/ / tried ISRG Root X1 (self-signed) & Let’s Encrypt Authority X3 (IdenTrust cross-signed) & Let’s Encrypt Authority X3 (Signed by ISRG Root X1)) But I always have the same error. Thanks, Kenny My configs: - I'm on a Debian Buster with Dovecot / postfix / roundcube - dovecot -n : --- # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-5-cloud-amd64 x86_64 Debian 10.4 auth_debug = yes auth_mechanisms = xoauth2 oauthbearer login auth_verbose = yes debug_log_path = /var/log/dovecot-debug.log first_valid_gid = 10000 first_valid_uid = 10000 info_log_path = /var/log/dovecot.log last_valid_gid = 20000 last_valid_uid = 20000 lda_mailbox_autocreate = yes log_path = /var/log/dovecot.log mail_debug = yes mail_gid = mail mail_location = maildir:~/Maildir mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { args = /etc/dovecot/dovecot-oauth2.conf.ext driver = oauth2 mechanisms = xoauth2 oauthbearer } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = " imap" service auth { unix_listener /var/spool/postfix/private/auth { mode = 0600 user = postfix } unix_listener auth-master { mode = 0600 user = mail } unix_listener auth-userdb { mode = 0600 user = mail } } service stats { unix_listener stats-reader { mode = 0600 user = mail } unix_listener stats-writer { mode = 0600 user = mail } } ssl_cert = </etc/letsencrypt/live/my.host/fullchain.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes ssl_require_crl = no userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } userdb { args = gid=mail home=/var/mail/%u driver = static } verbose_ssl = yes protocol lda { info_log_path = /var/log/dovecot-deliver.log log_path = /var/log/dovecot-deliver-errors.log } ------ - dovecot-oauth2.conf.ext ----- tokeninfo_url = https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/token introspection_mode = post introspection_url = https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke… username_attribute = email tls_ca_cert_file = /etc/letsencrypt/live/my.host/chain.pem #tls_ca_cert_file = /etc/ssl/certs/letsencrypt.pem #active_attribute = enableMail #active_value = TRUE debug = yes rawlog_dir = /tmp/oauth2 ----- * Logs: ------- Jul 04 17:00:12 auth: Debug: oauth2(my.mail@whatever,::1,<fG8uk6CpBJ0AAAAAAAAAAAAAAAAAAAAB>): oauth2: Making token validation lookup to https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/token Jul 04 17:00:12 auth: Debug: http-client: host my.keycloak.host: Host created Jul 04 17:00:12 auth: Debug: http-client: host my.keycloak.host: Host session created Jul 04 17:00:12 auth: Debug: http-client: host my.keycloak.host: IPs have expired; need to refresh DNS lookup Jul 04 17:00:12 auth: Debug: http-client: host my.keycloak.host: Performing asynchronous DNS lookup Jul 04 17:00:12 auth: Debug: http-client[1]: request [Req1: GET https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…... (long token)]: Submitted (requests left=1) Jul 04 17:00:12 auth: Debug: http-client: host my.keycloak.host: DNS lookup successful; got 1 IPs Jul 04 17:00:12 auth: Debug: http-client: peer 151.62.56.14 (shared): Peer created Jul 04 17:00:12 auth: Debug: http-client: peer 151.62.56.14: Peer pool created Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Peer created Jul 04 17:00:12 auth: Debug: http-client[1]: queue https://my.keycloak.host: Setting up connection to 151.62.56.14 (SSL=my.keycloak.host) (1 requests pending) Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Linked queue https://my.keycloak.host (1 queues linked) Jul 04 17:00:12 auth: Debug: http-client[1]: queue https://my.keycloak.host: Started new connection to 151.62.56.14 (SSL=my.keycloak.host) Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Creating 1 new connections to handle requests (already 0 usable, connecting to 0, closing 0) Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Making new connection 1 of 1 (0 connections exist, 0 pending) Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: (151.62.56.14): Connecting Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: (151.62.56.14): Waiting for connect (fd=22) to finish for max 0 msecs Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: HTTPS connection created (1 parallel connections exist) Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: (151.62.56.14): Client connected (fd=22) Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: Connected Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: Starting SSL handshake Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x10, ret=1: before SSL initialization Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: before SSL initialization Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS write client hello Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002, ret=-1: SSLv3/TLS write client hello Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002, ret=-1: SSLv3/TLS write client hello Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS write client hello Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS read server hello Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL error: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS read server certificate Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS read server key exchange Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS read server done Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS write client key exchange Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS write change cipher spec Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS write finished Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002, ret=-1: SSLv3/TLS write finished Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002, ret=-1: SSLv3/TLS write finished ==> dovecot.log <== Jul 04 17:00:12 auth: Info: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 ==> dovecot-debug.log <== Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002, ret=-1: SSLv3/TLS write finished Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS write finished Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS read change cipher spec Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1: SSLv3/TLS read finished Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x20, ret=1: SSL negotiation finished successfully Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002, ret=1: SSL negotiation finished successfully Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL error: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Connection failed (1 connections exist, 0 pending) Jul 04 17:00:12 auth: Debug: http-client: peer 151.62.56.14: Failed to make connection (1 connections exist, 0 pending) Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Failed to establish any connection within our peer pool: SSL handshaking with 151.62.56.14 failed: read(SSL 151.62.56.14) failed: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 (1 connections exist, 0 pending) Jul 04 17:00:12 auth: Debug: http-client[1]: queue https://my.keycloak.host: Failed to set up connection to 151.62.56.14 (SSL=my.keycloak.host): SSL handshaking with 151.62.56.14 failed: read(SSL 151.62.56.14) failed: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 (1 peers pending, 1 requests pending) Jul 04 17:00:12 auth: Debug: http-client[1]: queue https://my.keycloak.host: Failed to set up any connection; failing all queued requests Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Unlinked queue https://my.keycloak.host (0 queues linked) Jul 04 17:00:12 auth: Debug: http-client[1]: request [Req1: GET https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…... (long token)]: Error: 9003 SSL handshaking with 151.62.56.14 failed: read(SSL 151.62.56.14) failed: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 Jul 04 17:00:12 auth: Debug: http-client[1]: queue https://my.keycloak.host: Dropping request [Req1: GET https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…... (long token)] Jul 04 17:00:12 auth: Debug: oauth2(my.mail@whatever,::1,<fG8uk6CpBJ0AAAAAAAAAAAAAAAAAAAAB>): oauth2: callback(-1, SSL handshaking with 151.62.56.14 failed: read(SSL 151.62.56.14) failed: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3) ==> dovecot.log <== Jul 04 17:00:12 auth: Error: oauth2(my.mail@whatever,::1,<fG8uk6CpBJ0AAAAAAAAAAAAAAAAAAAAB>): oauth2 failed: SSL handshaking with 151.62.56.14 failed: read(SSL 151.62.56.14) failed: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 ==> dovecot-debug.log <== Jul 04 17:00:12 auth: Debug: http-client[1]: request [Req1: GET https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…... (long token)]: Destroy (requests left=1) Jul 04 17:00:12 auth: Debug: http-client[1]: request [Req1: GET https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…... (long token)]: Free (requests left=0) Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: SSL handshaking with 151.62.56.14 failed: read(SSL 151.62.56.14) failed: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: Connection close Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: Connection disconnect Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: (151.62.56.14): Disconnected: Connection closed: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 (fd=22) Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL error: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: Detached peer Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: Connection destroy -------

2 4

export of information about mail into csv
by Marcel Blenkers 05 Jul '20

05 Jul '20

3 3

Quota: How/where to set/change
by Frank Elsner 03 Jul '20

03 Jul '20

Hi experts. in the output of imapsync I found: Host2: found quota, presented in raw IMAP Sending: 7 GETQUOTAROOT INBOX Sent 22 bytes Read: * QUOTAROOT INBOX "User quota" * QUOTA "User quota" (STORAGE 420325 1953125) 7 OK Getquotaroot completed (0.001 + 0.000 secs). Host2: Quota current storage is 430412800 bytes. Limit is 2000000000 bytes. So 21.52 % full Host2 is under my control and running dovecot-2.3.10.1. I need to increase the quota above 2 GB but don't know where it comes from and therefor don't know what to do. This is the doveconf -a: | # 2.3.10.1 (a3d0e1171): /usr/local/dovecot/etc/dovecot/dovecot.conf | # OS: Linux 5.7.6-201.fc32.x86_64 x86_64 Fedora release 32 (Thirty Two) ext3 | # Hostname: christo.fritz.box | # NOTE: Send doveconf -n output instead when asking for help. | auth_anonymous_username = anonymous | auth_cache_negative_ttl = 1 hours | auth_cache_size = 0 | auth_cache_ttl = 1 hours | auth_cache_verify_password_with_worker = no | auth_debug = no | auth_debug_passwords = no | auth_default_realm = | auth_failure_delay = 2 secs | auth_gssapi_hostname = | auth_krb5_keytab = | auth_master_user_separator = | auth_mechanisms = plain login | auth_policy_check_after_auth = yes | auth_policy_check_before_auth = yes | auth_policy_hash_mech = sha256 | auth_policy_hash_nonce = | auth_policy_hash_truncate = 12 | auth_policy_log_only = no | auth_policy_reject_on_fail = no | auth_policy_report_after_auth = yes | auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s | auth_policy_server_api_header = | auth_policy_server_timeout_msecs = 2000 | auth_policy_server_url = | auth_proxy_self = | auth_realms = | auth_socket_path = auth-userdb | auth_ssl_require_client_cert = no | auth_ssl_username_from_cert = no | auth_stats = no | auth_use_winbind = no | auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ | auth_username_format = %Lu | auth_username_translation = | auth_verbose = no | auth_verbose_passwords = no | auth_winbind_helper_path = /usr/bin/ntlm_auth | auth_worker_max_count = 30 | base_dir = /var/run/dovecot | config_cache_size = 1 M | debug_log_path = | default_client_limit = 1024 | default_idle_kill = 1 mins | default_internal_group = dovecot | default_internal_user = dovecot | default_login_user = dovenull | default_process_limit = 256 | default_vsz_limit = 512 M | deliver_log_format = msgid=%m: %$ | dict_db_config = | director_flush_socket = | director_mail_servers = | director_max_parallel_kicks = 100 | director_max_parallel_moves = 100 | director_output_buffer_size = 10 M | director_ping_idle_timeout = 30 secs | director_ping_max_timeout = 1 mins | director_servers = | director_user_expire = 15 mins | director_user_kick_delay = 2 secs | director_username_hash = %Lu | disable_plaintext_auth = yes | dotlock_use_excl = yes | doveadm_allowed_commands = | doveadm_api_key = | doveadm_http_rawlog_dir = | doveadm_password = | doveadm_port = 0 | doveadm_socket_path = doveadm-server | doveadm_ssl = no | doveadm_username = doveadm | doveadm_worker_count = 0 | dsync_alt_char = _ | dsync_commit_msgs_interval = 100 | dsync_features = | dsync_hashed_headers = Date Message-ID | dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U | first_valid_gid = 1 | first_valid_uid = 200 | haproxy_timeout = 3 secs | haproxy_trusted_networks = | hostname = | imap_capability = | imap_client_workarounds = | imap_fetch_failure = disconnect-immediately | imap_hibernate_timeout = 0 | imap_id_log = | imap_id_retain = no | imap_id_send = name * | imap_idle_notify_interval = 2 mins | imap_literal_minus = no | imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes} | imap_max_line_length = 64 k | imap_metadata = no | imap_urlauth_host = | imap_urlauth_logout_format = in=%i out=%o | imap_urlauth_port = 143 | imapc_cmd_timeout = 5 mins | imapc_connection_retry_count = 1 | imapc_connection_retry_interval = 1 secs | imapc_features = | imapc_host = | imapc_list_prefix = | imapc_master_user = | imapc_max_idle_time = 29 mins | imapc_max_line_length = 0 | imapc_password = | imapc_port = 143 | imapc_rawlog_dir = | imapc_sasl_mechanisms = | imapc_ssl = no | imapc_ssl_verify = yes | imapc_user = | import_environment = TZ CORE_OUTOFMEM CORE_ERROR | info_log_path = | instance_name = dovecot | last_valid_gid = 0 | last_valid_uid = 65534 | lda_mailbox_autocreate = no | lda_mailbox_autosubscribe = no | lda_original_recipient_header = | libexec_dir = /usr/local/dovecot/libexec/dovecot | listen = * | lmtp_add_received_header = yes | lmtp_client_workarounds = | lmtp_hdr_delivery_address = final | lmtp_proxy = no | lmtp_proxy_rawlog_dir = | lmtp_rawlog_dir = | lmtp_rcpt_check_quota = no | lmtp_save_to_detail_mailbox = yes | lmtp_user_concurrency_limit = 0 | lock_method = fcntl | log_core_filter = | log_debug = | log_path = syslog | log_timestamp = "%b %d %H:%M:%S " | login_access_sockets = | login_greeting = m28a.ddns.net - IMAPs Service (dovecot) ready. | login_log_format = %$: %s | login_log_format_elements = %u %r %c | login_plugin_dir = /usr/local/dovecot/lib/dovecot/login | login_plugins = | login_proxy_max_disconnect_delay = 0 | login_proxy_notify_path = proxy-notify | login_source_ips = | login_trusted_networks = | mail_access_groups = | mail_always_cache_fields = | mail_attachment_detection_options = | mail_attachment_dir = | mail_attachment_fs = sis posix | mail_attachment_hash = %{sha1} | mail_attachment_min_size = 128 k | mail_attribute_dict = | mail_cache_compress_continued_percentage = 200 | mail_cache_compress_delete_percentage = 20 | mail_cache_compress_header_continue_count = 4 | mail_cache_compress_min_size = 32 k | mail_cache_fields = flags | mail_cache_min_mail_count = 0 | mail_cache_record_max_size = 64 k | mail_cache_unaccessed_field_drop = 30 days | mail_chroot = | mail_debug = no | mail_fsync = optimized | mail_full_filesystem_access = no | mail_gid = | mail_home = | mail_index_log2_max_age = 2 days | mail_index_log_rotate_max_size = 1 M | mail_index_log_rotate_min_age = 5 mins | mail_index_log_rotate_min_size = 32 k | mail_index_rewrite_max_log_bytes = 128 k | mail_index_rewrite_min_log_bytes = 8 k | mail_location = maildir:/var/spool/mail/%u:LAYOUT=fs | mail_log_prefix = "%Us(%u,%r): " | mail_max_keyword_length = 50 | mail_max_lock_timeout = 0 | mail_max_userip_connections = 10 | mail_never_cache_fields = imap.envelope | mail_nfs_index = no | mail_nfs_storage = no | mail_plugin_dir = /usr/dovecot/lib/dovecot/ | mail_plugins = notify quota fts fts_squat acl | mail_prefetch_count = 0 | mail_privileged_group = | mail_save_crlf = no | mail_server_admin = | mail_server_comment = | mail_shared_explicit_inbox = no | mail_sort_max_read_count = 0 | mail_temp_dir = /tmp | mail_temp_scan_interval = 1 weeks | mail_uid = | mail_vsize_bg_after_count = 0 | mailbox_idle_check_interval = 30 secs | mailbox_list_index = yes | mailbox_list_index_include_inbox = no | mailbox_list_index_very_dirty_syncs = no | maildir_broken_filename_sizes = no | maildir_copy_with_hardlinks = yes | maildir_empty_new = no | maildir_stat_dirs = no | maildir_very_dirty_syncs = no | master_user_separator = | mbox_dirty_syncs = yes | mbox_dotlock_change_timeout = 2 mins | mbox_lazy_writes = yes | mbox_lock_timeout = 5 mins | mbox_md5 = apop3d | mbox_min_index_size = 0 | mbox_read_locks = fcntl | mbox_very_dirty_syncs = no | mbox_write_locks = dotlock fcntl | mdbox_preallocate_space = no | mdbox_rotate_interval = 0 | mdbox_rotate_size = 10 M | mmap_disable = no | namespace inbox { | disabled = no | hidden = no | ignore_on_failure = no | inbox = yes | list = yes | location = | mailbox Drafts { | auto = no | autoexpunge = 0 | autoexpunge_max_mails = 0 | comment = | driver = | special_use = \Drafts | } | mailbox Gesendet { | auto = no | autoexpunge = 0 | autoexpunge_max_mails = 0 | comment = | driver = | special_use = \Sent | } | mailbox SPAM { | auto = no | autoexpunge = 0 | autoexpunge_max_mails = 0 | comment = | driver = | special_use = \Junk | } | mailbox Sent { | auto = no | autoexpunge = 0 | autoexpunge_max_mails = 0 | comment = | driver = | special_use = \Sent | } | mailbox Trash { | auto = no | autoexpunge = 0 | autoexpunge_max_mails = 0 | comment = | driver = | special_use = \Trash | } | order = 0 | prefix = | separator = | subscriptions = yes | type = private | } | old_stats_carbon_interval = 30 secs | old_stats_carbon_name = | old_stats_carbon_server = | old_stats_command_min_time = 1 mins | old_stats_domain_min_time = 12 hours | old_stats_ip_min_time = 12 hours | old_stats_memory_limit = 16 M | old_stats_session_min_time = 15 mins | old_stats_user_min_time = 1 hours | passdb { | args = dovecot | auth_verbose = default | default_fields = | deny = no | driver = pam | master = no | mechanisms = | name = | override_fields = | pass = no | result_failure = continue | result_internalfail = continue | result_success = return-ok | skip = never | username_filter = | } | plugin { | fts = squat | fts_squat = partial=4 full=10 | mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append | mail_log_fields = uid box from subject msgid size flags | mail_log_group_events = yes | quota = maildir:User quota | quota_rule = ?:storage=5G | quota_rule2 = Trash:storage=+100M | } | pop3_client_workarounds = | pop3_delete_type = default | pop3_deleted_flag = | pop3_enable_last = no | pop3_fast_size_lookups = no | pop3_lock_session = no | pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s | pop3_no_flag_updates = no | pop3_reuse_xuidl = no | pop3_save_uidl = no | pop3_uidl_duplicates = allow | pop3_uidl_format = %08Xu%08Xv | pop3c_features = | pop3c_host = | pop3c_master_user = | pop3c_password = | pop3c_port = 110 | pop3c_quick_received_date = no | pop3c_rawlog_dir = | pop3c_ssl = no | pop3c_ssl_verify = yes | pop3c_user = %u | postmaster_address = mailonator(a)mailbox.org | protocols = imap | quota_full_tempfail = no | rawlog_dir = | recipient_delimiter = + | rejection_reason = Your message to <%t> was automatically rejected:%n%r | rejection_subject = Rejected: %s | replication_dsync_parameters = -d -N -l 30 -U | replication_full_sync_interval = 1 days | replication_max_conns = 10 | replicator_host = replicator | replicator_port = 0 | sendmail_path = /usr/sbin/sendmail | service aggregator { | chroot = . | client_limit = 0 | drop_priv_before_exec = no | executable = aggregator | extra_groups = | fifo_listener replication-notify-fifo { | group = | mode = 0600 | user = | } | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener replication-notify { | group = | mode = 0600 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service anvil { | chroot = empty | client_limit = 1024 | drop_priv_before_exec = no | executable = anvil | extra_groups = | group = | idle_kill = 4294967295 secs | privileged_group = | process_limit = 1 | process_min_avail = 1 | protocol = | service_count = 0 | type = anvil | unix_listener anvil-auth-penalty { | group = | mode = 0600 | user = | } | unix_listener anvil { | group = | mode = 0600 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service auth-worker { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = auth -w | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = | service_count = 1 | type = | unix_listener auth-worker { | group = | mode = 0600 | user = $default_internal_user | } | user = | vsz_limit = 18446744073709551615 B | } | service auth { | chroot = | client_limit = 0 | drop_priv_before_exec = no | executable = auth | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 1 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener auth-client { | group = exim | mode = 0660 | user = exim | } | unix_listener auth-login { | group = | mode = 0600 | user = $default_internal_user | } | unix_listener auth-master { | group = | mode = 0600 | user = | } | unix_listener auth-userdb { | group = | mode = 0666 | user = $default_internal_user | } | unix_listener login/login { | group = | mode = 0666 | user = | } | unix_listener token-login/tokenlogin { | group = | mode = 0666 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service config { | chroot = | client_limit = 0 | drop_priv_before_exec = no | executable = config | extra_groups = | group = | idle_kill = 4294967295 secs | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = | service_count = 0 | type = config | unix_listener config { | group = | mode = 0600 | user = | } | user = | vsz_limit = 18446744073709551615 B | } | service dict-async { | chroot = | client_limit = 0 | drop_priv_before_exec = no | executable = dict | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener dict-async { | group = $default_internal_group | mode = 0660 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service dict { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = dict | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener dict { | group = $default_internal_group | mode = 0660 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service director { | chroot = . | client_limit = 0 | drop_priv_before_exec = no | executable = director | extra_groups = | fifo_listener login/proxy-notify { | group = | mode = 00 | user = | } | group = | idle_kill = 4294967295 secs | privileged_group = | process_limit = 1 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener director-admin { | group = | mode = 0600 | user = | } | unix_listener login/director { | group = | mode = 00 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service dns_client { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = dns-client | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener dns-client { | group = | mode = 0666 | user = | } | unix_listener login/dns-client { | group = | mode = 0666 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service doveadm { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = doveadm-server | extra_groups = $default_internal_group | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = | service_count = 1 | type = | unix_listener doveadm-server { | group = | mode = 0600 | user = | } | user = | vsz_limit = 18446744073709551615 B | } | service health-check { | chroot = | client_limit = 1 | drop_priv_before_exec = yes | executable = script -p health-check.sh | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = | service_count = 0 | type = | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service imap-hibernate { | chroot = | client_limit = 0 | drop_priv_before_exec = no | executable = imap-hibernate | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = imap | service_count = 0 | type = | unix_listener imap-hibernate { | group = $default_internal_group | mode = 0660 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service imap-login { | chroot = login | client_limit = 0 | drop_priv_before_exec = no | executable = imap-login | extra_groups = | group = | idle_kill = 0 | inet_listener imap { | address = | haproxy = no | port = 143 | reuse_port = no | ssl = no | } | inet_listener imaps { | address = | haproxy = no | port = 993 | reuse_port = no | ssl = yes | } | privileged_group = | process_limit = 512 | process_min_avail = 3 | protocol = imap | service_count = 1 | type = login | user = $default_login_user | vsz_limit = 18446744073709551615 B | } | service imap-postlogin { | chroot = | client_limit = 0 | drop_priv_before_exec = no | executable = script-login /usr/local/sbin/dovecot-imap-post-login | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = | service_count = 0 | type = | user = | vsz_limit = 18446744073709551615 B | } | service imap-urlauth-login { | chroot = token-login | client_limit = 0 | drop_priv_before_exec = no | executable = imap-urlauth-login | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = imap | service_count = 1 | type = login | unix_listener imap-urlauth { | group = | mode = 0666 | user = | } | user = $default_login_user | vsz_limit = 18446744073709551615 B | } | service imap-urlauth-worker { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = imap-urlauth-worker | extra_groups = $default_internal_group | group = | idle_kill = 0 | privileged_group = | process_limit = 1024 | process_min_avail = 0 | protocol = imap | service_count = 1 | type = | unix_listener imap-urlauth-worker { | group = | mode = 0600 | user = $default_internal_user | } | user = | vsz_limit = 18446744073709551615 B | } | service imap-urlauth { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = imap-urlauth | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 1024 | process_min_avail = 0 | protocol = imap | service_count = 1 | type = | unix_listener token-login/imap-urlauth { | group = | mode = 0666 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service imap { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = imap | extra_groups = $default_internal_group | group = | idle_kill = 0 | privileged_group = | process_limit = 128 | process_min_avail = 0 | protocol = imap | service_count = 1 | type = | unix_listener imap-master { | group = | mode = 0600 | user = | } | unix_listener login/imap { | group = | mode = 0666 | user = | } | user = | vsz_limit = 18446744073709551615 B | } | service indexer-worker { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = indexer-worker | extra_groups = $default_internal_group | group = | idle_kill = 0 | privileged_group = | process_limit = 10 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener indexer-worker { | group = | mode = 0600 | user = $default_internal_user | } | user = | vsz_limit = 18446744073709551615 B | } | service indexer { | chroot = | client_limit = 0 | drop_priv_before_exec = no | executable = indexer | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 1 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener indexer { | group = | mode = 0666 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service ipc { | chroot = empty | client_limit = 0 | drop_priv_before_exec = no | executable = ipc | extra_groups = | group = | idle_kill = 0 | privileged_group = | process_limit = 1 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener ipc { | group = | mode = 0600 | user = $default_internal_user | } | unix_listener login/ipc-proxy { | group = | mode = 0600 | user = $default_login_user | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service lmtp { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = lmtp | extra_groups = $default_internal_group | group = | idle_kill = 0 | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = lmtp | service_count = 0 | type = | unix_listener lmtp { | group = | mode = 0666 | user = | } | user = | vsz_limit = 18446744073709551615 B | } | service log { | chroot = | client_limit = 0 | drop_priv_before_exec = no | executable = log | extra_groups = | group = | idle_kill = 4294967295 secs | privileged_group = | process_limit = 1 | process_min_avail = 0 | protocol = | service_count = 0 | type = log | unix_listener log-errors { | group = | mode = 0600 | user = | } | user = | vsz_limit = 18446744073709551615 B | } | service old-stats { | chroot = empty | client_limit = 0 | drop_priv_before_exec = no | executable = old-stats | extra_groups = | fifo_listener old-stats-mail { | group = | mode = 0600 | user = | } | fifo_listener old-stats-user { | group = | mode = 0600 | user = | } | group = | idle_kill = 4294967295 secs | privileged_group = | process_limit = 1 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener old-stats { | group = | mode = 0600 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service pop3-login { | chroot = login | client_limit = 0 | drop_priv_before_exec = no | executable = pop3-login | extra_groups = | group = | idle_kill = 0 | inet_listener pop3 { | address = | haproxy = no | port = 110 | reuse_port = no | ssl = no | } | inet_listener pop3s { | address = | haproxy = no | port = 995 | reuse_port = no | ssl = yes | } | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = pop3 | service_count = 1 | type = login | user = $default_login_user | vsz_limit = 18446744073709551615 B | } | service pop3 { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = pop3 | extra_groups = $default_internal_group | group = | idle_kill = 0 | privileged_group = | process_limit = 128 | process_min_avail = 0 | protocol = pop3 | service_count = 1 | type = | unix_listener login/pop3 { | group = | mode = 0666 | user = | } | user = | vsz_limit = 18446744073709551615 B | } | service replicator { | chroot = | client_limit = 0 | drop_priv_before_exec = no | executable = replicator | extra_groups = | group = | idle_kill = 4294967295 secs | privileged_group = | process_limit = 1 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener replicator-doveadm { | group = | mode = 00 | user = $default_internal_user | } | unix_listener replicator { | group = | mode = 0600 | user = $default_internal_user | } | user = | vsz_limit = 18446744073709551615 B | } | service stats { | chroot = | client_limit = 0 | drop_priv_before_exec = no | executable = stats | extra_groups = | group = | idle_kill = 4294967295 secs | privileged_group = | process_limit = 1 | process_min_avail = 0 | protocol = | service_count = 0 | type = | unix_listener stats-reader { | group = | mode = 0600 | user = | } | unix_listener stats-writer { | group = $default_internal_group | mode = 0660 | user = | } | user = $default_internal_user | vsz_limit = 18446744073709551615 B | } | service submission-login { | chroot = login | client_limit = 0 | drop_priv_before_exec = no | executable = submission-login | extra_groups = | group = | idle_kill = 0 | inet_listener submission { | address = | haproxy = no | port = 587 | reuse_port = no | ssl = no | } | privileged_group = | process_limit = 0 | process_min_avail = 0 | protocol = submission | service_count = 1 | type = login | user = $default_login_user | vsz_limit = 18446744073709551615 B | } | service submission { | chroot = | client_limit = 1 | drop_priv_before_exec = no | executable = submission | extra_groups = $default_internal_group | group = | idle_kill = 0 | privileged_group = | process_limit = 1024 | process_min_avail = 0 | protocol = submission | service_count = 1 | type = | unix_listener login/submission { | group = | mode = 0666 | user = | } | user = | vsz_limit = 18446744073709551615 B | } | shutdown_clients = yes | ssl = yes | ssl_alt_cert = | ssl_alt_key = | ssl_ca = | ssl_cert = </usr/local/etc/Certs/m28a.crt | ssl_cert_username_field = commonName | ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH | ssl_client_ca_dir = | ssl_client_ca_file = | ssl_client_cert = | ssl_client_key = | ssl_client_require_valid_cert = yes | ssl_crypto_device = | ssl_curve_list = | ssl_dh = # hidden, use -P to show it | ssl_key = # hidden, use -P to show it | ssl_key_password = | ssl_min_protocol = TLSv1 | ssl_options = | ssl_prefer_server_ciphers = no | ssl_require_crl = yes | ssl_verify_client_cert = no | state_dir = /var/lib/dovecot | stats_writer_socket_path = stats-writer | submission_client_workarounds = | submission_host = | submission_logout_format = in=%i out=%o | submission_max_mail_size = 0 | submission_max_recipients = 0 | submission_relay_command_timeout = 5 mins | submission_relay_connect_timeout = 30 secs | submission_relay_host = | submission_relay_master_user = | submission_relay_max_idle_time = 29 mins | submission_relay_password = | submission_relay_port = 25 | submission_relay_rawlog_dir = | submission_relay_ssl = no | submission_relay_ssl_verify = yes | submission_relay_trusted = no | submission_relay_user = | submission_ssl = no | submission_timeout = 30 secs | syslog_facility = mail | userdb { | args = | auth_verbose = default | default_fields = | driver = passwd | name = | override_fields = | result_failure = continue | result_internalfail = continue | result_success = return-ok | skip = never | } | valid_chroot_dirs = | verbose_proctitle = yes | verbose_ssl = no | version_ignore = no | protocol lmtp { | mail_plugins = notify quota fts fts_squat acl | } | protocol lda { | mail_plugins = notify quota fts fts_squat acl | } | protocol imap { | imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags | imap_id_log = * | imap_logout_format = [%i/%o] | mail_max_userip_connections = 0 | mail_plugins = notify quota fts fts_squat acl quota imap_quota listescape fts fts_squat | } The config may be sub-optimal. Please concentrate on my quota problem. Stay healthy, Frank Elsner

1 0

Mail replication fails between v2.2.27 and v2.3.4.1
by Apostolis Hardalias 03 Jul '20

03 Jul '20

Hello, I have two installations of dovecot configured to replicate mailboxes between them. recently, i upgraded the operating system on one of them (mx2.example.com) and now i'm running one installation on version 2.2.27 (debian stretch) and another on version 2.3.4.1 (mx1.example.com debian buster). My setup includes 3 shared namespaces that point to the mailboxes of 3 accounts. these accounts are setup to use maildir format. After upgrading one of the hosts, i started having issues with failed replications on those mailboxes. I tried running the replication manually and repeatedly by issuing the following on mx1.example.com: doveadv -d sync -u exception_bucket(a)example.com -d -l 30 -n -u and the logs on mx2.example.com included the following lines consistently: Jul 02 14:21:58 dsync-server(exception_bucket(a)example.com): Debug: brain S: Change during sync: Mailbox GUID 2d32711ddfd27250390e0000a712b6e3 was lost Jul 02 14:21:58 dsync-server(exception_bucket(a)example.com): Debug: brain S: We don't have mailbox 2d32711ddfd27250390e0000a712b6e3 I double checked for the existance of the mailbox with that guid (that guid points to the inbox) and the mailbox existed on both servers but, the contents of the mailbox on the two servers where different (missing e-mails on both servers). I attempted running a force-resync command as follows but with no luck. doveadm -d force-resync -u exception_bucket(a)example.com inbox but the issue persisted. admittedly, i didn't run the command on both servers because i read it doesn't replicate after figuring a workaround. The next thing i tried was attempting replication without the -n flag, given that you mention that there are some issues replicating shared namespaces. That didn't fix the replication status either. After looking around, i came onto the solution on this thread: https://dovecot.org/pipermail/dovecot/2017-october/109620.html which proposed setting mailbox_list_index = no. This was the default setting on version 2.2.27, so i changed that setting on mx2.example.com which was running version 2.3.4.1. This allowed the replication to work but i don't think it is a setting i want in my configuration. Is there something i can do to re-enable dovecot to check index files instead of mailboxes? Could that be an issue when replicating between those two different versions? I'm attaching the configuration files for both the mailservers, a separate configuration file is included since mail_replica settings are set from there, and a link to the compressed log file i pulled during the operation. https://filebin.net/d9yygnq8jg74unwb/replication_debug.log.bz2?t=vv2o81ka Thank you in advance, Apostolis Hardalias

1 0

local stanza only generated for IPv6
by Jeremy Ardley 02 Jul '20

02 Jul '20

I have a mail server with multiple IP addresses and associated DNS names In the dovecot configuration I have a listen directive: listen = mail.example.com.com,mail.otherexample.com,localhost Multiple local stanzas are of the form: local mail.example.com { protocol imap { ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem service imaps_login { inet_listener imaps { address=mail.example.com } inet_listener imap { address=mail.example.com } } } } mail.example.com has IPv4 and IPv6 addresses in DNS When I run doveconf -n the local configuration is only generated for the IPv6 address. I can test the operation on IPv6 using openSSL and see different server certificates on different IP addresses as expected. How do I force local generation for both IPv4 and IPv6 ?

3 4