January 2023 - dovecot

Migrating, syncing, maybe load-balancing/failover two dovecot servers?
by Gerben Wierda 05 Jan '23

05 Jan '23

I am in the process of migrating from dovecot on one OS (macOS/darwin) to a new server running dovecot with another OS (Ubuntu Linux 22.4). I have mostly copied/adapted the setup of the old server to the new. I am in the process of finishing that and adding some stuff that still needs to be added/migrated, like rspamd. And the data of course before the new one takes over from the old. I have done a migration before (MacOS X Server dovecot to MacPorts dovecot on macOS), many years ago, I recall that I used dovecot syncing but also rsync and I don't really recall (and anyway, the software has changed since) I have been thinking about keeping them both alive, with one as a failover for the other. They will not share their storage (e.g. NFS), So, I was wondering if I can do something with syncing between instances and dovecot director. I have been looking at the documentation, but a quick scan reveals I cannot locate some sort of tutorial and I am uncertain what will work and what not. If keeping both alive in parallel is too problematic, it is OK to have regular syncing in one direction (old to new) at first and then switch over and have syncing in the other direction (new to old) Can someone enlighten me? Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>) R&A IT Strategy <https://ea.rna.nl/> (main site) Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

4 5

imap and lmtp create different index/control folders
by George Asenov 05 Jan '23

05 Jan '23

Hello, We have migrated our mail server from procmail lda to dovecot lmtp/sieve . dovecot imap create the dir with the email account test(a)s32.teststring.ml for name but lmtp create it as test-s32.someteststring.ml(a)serverhostname.tld I can't figure out how to manipulate nor what username postfix send to dovecot/lmtp or how dovecot/lmtp interpret it. As you will see in the config below there is a separate userdb set for lmtp because it receive the username/envelope from postfix as test-s32.someteststring.ml(a)serverhostname.tld which prevent it to use the pam authentication to verify and use the mail user to deliver email. So I use driver = passwd-file which have the option to configure the format of the username. But this is kind of dirty hack which i do not like. Anyone now how to configure dovecot/lmtp by default to remove the @myserverhostname.tld from the username or configure postfix not to add it? Here is the postfix config: ############################# postconf 2bounce_notice_recipient = postmaster access_map_defer_code = 450 access_map_reject_code = 554 address_verify_cache_cleanup_interval = 12h address_verify_default_transport = $default_transport address_verify_local_transport = $local_transport address_verify_map = btree:$data_directory/verify_cache address_verify_negative_cache = yes address_verify_negative_expire_time = 3d address_verify_negative_refresh_time = 3h address_verify_pending_request_limit = 5000 address_verify_poll_count = ${stress?{1}:{3}} address_verify_poll_delay = 3s address_verify_positive_expire_time = 31d address_verify_positive_refresh_time = 7d address_verify_relay_transport = $relay_transport address_verify_relayhost = $relayhost address_verify_sender = $double_bounce_sender address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps address_verify_sender_ttl = 0s address_verify_service_name = verify address_verify_transport_maps = $transport_maps address_verify_virtual_transport = $virtual_transport alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_mail_to_commands = alias, forward allow_mail_to_files = alias, forward allow_min_user = no allow_percent_hack = no allow_untrusted_routing = no alternate_config_directories = always_add_missing_headers = no always_bcc = anvil_rate_time_unit = 60s anvil_status_update_time = 600s append_at_myorigin = yes append_dot_mydomain = ${{$compatibility_level} < {1} ? {yes} : {no}} application_event_drain_time = 100s authorized_flush_users = static:anyone authorized_mailq_users = static:anyone authorized_submit_users = static:anyone backwards_bounce_logfile_compatibility = yes berkeley_db_create_buffer_size = 16777216 berkeley_db_read_buffer_size = 131072 best_mx_transport = biff = yes body_checks = body_checks_size_limit = 51200 bounce_notice_recipient = postmaster bounce_queue_lifetime = 5d bounce_service_name = bounce bounce_size_limit = 50000 bounce_template_file = broken_sasl_auth_clients = yes canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient canonical_maps = cleanup_service_name = cleanup command_directory = /usr/sbin command_execution_directory = command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ command_time_limit = 1000s compatibility_level = 2 config_directory = /etc/postfix confirm_delay_cleared = no connection_cache_protocol_timeout = 5s connection_cache_service_name = scache connection_cache_status_update_time = 600s connection_cache_ttl_limit = 2s content_filter = cyrus_sasl_config_path = daemon_directory = /usr/libexec/postfix daemon_table_open_error_is_fatal = no daemon_timeout = 18000s data_directory = /var/lib/postfix debug_peer_level = 2 debug_peer_list = debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 default_database_type = hash default_delivery_slot_cost = 5 default_delivery_slot_discount = 50 default_delivery_slot_loan = 3 default_delivery_status_filter = default_destination_concurrency_failed_cohort_limit = 1 default_destination_concurrency_limit = 20 default_destination_concurrency_negative_feedback = 1 default_destination_concurrency_positive_feedback = 1 default_destination_rate_delay = 0s default_destination_recipient_limit = 50 default_extra_recipient_limit = 1000 default_filter_nexthop = default_minimum_delivery_slots = 3 default_privs = nobody default_process_limit = 100 default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} default_recipient_limit = 20000 default_recipient_refill_delay = 5s default_recipient_refill_limit = 100 default_transport = smtp default_transport_rate_delay = 0s default_verp_delimiters = += defer_code = 450 defer_service_name = defer defer_transports = delay_logging_resolution_limit = 2 delay_notice_recipient = postmaster delay_warning_time = 0h deliver_lock_attempts = 20 deliver_lock_delay = 1s destination_concurrency_feedback_debug = no detect_8bit_encoding_header = yes disable_dns_lookups = no disable_mime_input_processing = no disable_mime_output_conversion = no disable_verp_bounces = no disable_vrfy_command = yes dns_ncache_ttl_fix_enable = no dnsblog_reply_delay = 0s dnsblog_service_name = dnsblog dont_remove = 0 double_bounce_sender = double-bounce duplicate_filter_limit = 1000 empty_address_default_transport_maps_lookup_key = <> empty_address_recipient = MAILER-DAEMON empty_address_relayhost_maps_lookup_key = <> enable_idna2003_compatibility = no enable_long_queue_ids = no enable_original_recipient = yes error_delivery_slot_cost = $default_delivery_slot_cost error_delivery_slot_discount = $default_delivery_slot_discount error_delivery_slot_loan = $default_delivery_slot_loan error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit error_destination_concurrency_limit = $default_destination_concurrency_limit error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback error_destination_rate_delay = $default_destination_rate_delay error_destination_recipient_limit = $default_destination_recipient_limit error_extra_recipient_limit = $default_extra_recipient_limit error_initial_destination_concurrency = $initial_destination_concurrency error_minimum_delivery_slots = $default_minimum_delivery_slots error_notice_recipient = postmaster error_recipient_limit = $default_recipient_limit error_recipient_refill_delay = $default_recipient_refill_delay error_recipient_refill_limit = $default_recipient_refill_limit error_service_name = error error_transport_rate_delay = $default_transport_rate_delay execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ expand_owner_alias = no export_environment = TZ MAIL_CONFIG LANG fallback_transport = fallback_transport_maps = fast_flush_domains = $relay_domains fast_flush_purge_time = 7d fast_flush_refresh_time = 12h fault_injection_code = 0 flush_service_name = flush fork_attempts = 5 fork_delay = 1s forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward frozen_delivered_to = yes hash_queue_depth = 1 hash_queue_names = deferred, defer header_address_token_limit = 10240 header_checks = header_from_format = standard header_size_limit = 102400 helpful_warnings = yes home_mailbox = Maildir/ hopcount_limit = 50 html_directory = no ignore_mx_lookup_error = no import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C POSTLOG_SERVICE POSTLOG_HOSTNAME in_flow_delay = 1s inet_interfaces = all inet_protocols = ipv4 info_log_address_format = internal initial_destination_concurrency = 5 internal_mail_filter_classes = invalid_hostname_reject_code = 501 ipc_idle = 5s ipc_timeout = 3600s ipc_ttl = 1000s line_length_limit = 2048 lmdb_map_size = 16777216 lmtp_address_preference = any lmtp_address_verify_target = rcpt lmtp_assume_final = no lmtp_balance_inet_protocols = yes lmtp_bind_address = lmtp_bind_address6 = lmtp_body_checks = lmtp_cname_overrides_servername = no lmtp_connect_timeout = 0s lmtp_connection_cache_destinations = lmtp_connection_cache_on_demand = yes lmtp_connection_cache_time_limit = 2s lmtp_connection_reuse_count_limit = 0 lmtp_connection_reuse_time_limit = 300s lmtp_data_done_timeout = 600s lmtp_data_init_timeout = 120s lmtp_data_xfer_timeout = 180s lmtp_defer_if_no_mx_address_found = no lmtp_delivery_slot_cost = $default_delivery_slot_cost lmtp_delivery_slot_discount = $default_delivery_slot_discount lmtp_delivery_slot_loan = $default_delivery_slot_loan lmtp_delivery_status_filter = $default_delivery_status_filter lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit lmtp_destination_concurrency_limit = $default_destination_concurrency_limit lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback lmtp_destination_rate_delay = $default_destination_rate_delay lmtp_destination_recipient_limit = $default_destination_recipient_limit lmtp_discard_lhlo_keyword_address_maps = lmtp_discard_lhlo_keywords = lmtp_dns_reply_filter = lmtp_dns_resolver_options = lmtp_dns_support_level = lmtp_enforce_tls = no lmtp_extra_recipient_limit = $default_extra_recipient_limit lmtp_fallback_relay = lmtp_generic_maps = lmtp_header_checks = lmtp_host_lookup = dns lmtp_initial_destination_concurrency = $initial_destination_concurrency lmtp_lhlo_name = $myhostname lmtp_lhlo_timeout = 300s lmtp_line_length_limit = 998 lmtp_mail_timeout = 300s lmtp_mime_header_checks = lmtp_minimum_delivery_slots = $default_minimum_delivery_slots lmtp_mx_address_limit = 5 lmtp_mx_session_limit = 2 lmtp_nested_header_checks = lmtp_per_record_deadline = no lmtp_pix_workaround_delay_time = 10s lmtp_pix_workaround_maps = lmtp_pix_workaround_threshold_time = 500s lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf lmtp_quit_timeout = 300s lmtp_quote_rfc821_envelope = yes lmtp_randomize_addresses = yes lmtp_rcpt_timeout = 300s lmtp_recipient_limit = $default_recipient_limit lmtp_recipient_refill_delay = $default_recipient_refill_delay lmtp_recipient_refill_limit = $default_recipient_refill_limit lmtp_reply_filter = lmtp_rset_timeout = 20s lmtp_sasl_auth_cache_name = lmtp_sasl_auth_cache_time = 90d lmtp_sasl_auth_enable = no lmtp_sasl_auth_soft_bounce = yes lmtp_sasl_mechanism_filter = lmtp_sasl_password_maps = lmtp_sasl_path = lmtp_sasl_security_options = noplaintext, noanonymous lmtp_sasl_tls_security_options = $lmtp_sasl_security_options lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options lmtp_sasl_type = cyrus lmtp_send_dummy_mail_auth = no lmtp_send_xforward_command = no lmtp_sender_dependent_authentication = no lmtp_skip_5xx_greeting = yes lmtp_skip_quit_response = no lmtp_starttls_timeout = 300s lmtp_tcp_port = 24 lmtp_tls_CAfile = lmtp_tls_CApath = lmtp_tls_block_early_mail_reply = no lmtp_tls_cert_file = lmtp_tls_chain_files = lmtp_tls_ciphers = medium lmtp_tls_connection_reuse = no lmtp_tls_dcert_file = lmtp_tls_dkey_file = $lmtp_tls_dcert_file lmtp_tls_eccert_file = lmtp_tls_eckey_file = $lmtp_tls_eccert_file lmtp_tls_enforce_peername = yes lmtp_tls_exclude_ciphers = lmtp_tls_fingerprint_cert_match = lmtp_tls_fingerprint_digest = md5 lmtp_tls_force_insecure_host_tlsa_lookup = no lmtp_tls_key_file = $lmtp_tls_cert_file lmtp_tls_loglevel = 0 lmtp_tls_mandatory_ciphers = medium lmtp_tls_mandatory_exclude_ciphers = lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 lmtp_tls_note_starttls_offer = no lmtp_tls_per_site = lmtp_tls_policy_maps = lmtp_tls_protocols = !SSLv2, !SSLv3 lmtp_tls_scert_verifydepth = 9 lmtp_tls_secure_cert_match = nexthop lmtp_tls_security_level = lmtp_tls_servername = lmtp_tls_session_cache_database = lmtp_tls_session_cache_timeout = 3600s lmtp_tls_trust_anchor_file = lmtp_tls_verify_cert_match = hostname lmtp_tls_wrappermode = no lmtp_transport_rate_delay = $default_transport_rate_delay lmtp_use_tls = no lmtp_xforward_timeout = 300s local_command_shell = local_delivery_slot_cost = $default_delivery_slot_cost local_delivery_slot_discount = $default_delivery_slot_discount local_delivery_slot_loan = $default_delivery_slot_loan local_delivery_status_filter = $default_delivery_status_filter local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit local_destination_concurrency_limit = 2 local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback local_destination_rate_delay = $default_destination_rate_delay local_destination_recipient_limit = 1 local_extra_recipient_limit = $default_extra_recipient_limit local_header_rewrite_clients = "" local_initial_destination_concurrency = $initial_destination_concurrency local_minimum_delivery_slots = $default_minimum_delivery_slots local_recipient_limit = $default_recipient_limit local_recipient_maps = proxy:unix:passwd.byname $alias_maps local_recipient_refill_delay = $default_recipient_refill_delay local_recipient_refill_limit = $default_recipient_refill_limit local_transport = local:$myhostname local_transport_rate_delay = $default_transport_rate_delay luser_relay = mail_name = Postfix mail_owner = postfix mail_release_date = 20201107 mail_spool_directory = /var/mail mail_version = 3.5.8 mailbox_command = mailbox_command_maps = mailbox_delivery_lock = fcntl, dotlock mailbox_size_limit = 0 mailbox_transport = lmtp:unix:private/dovecot-lmtp mailbox_transport_maps = maillog_file = maillog_file_compressor = gzip maillog_file_prefixes = /var, /dev/stdout maillog_file_rotate_suffix = %Y%m%d-%H%M%S mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maps_rbl_domains = maps_rbl_reject_code = 554 masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = master_service_disable = max_idle = 100s max_use = 100 maximal_backoff_time = 4000s maximal_queue_lifetime = 1d message_drop_headers = bcc, content-length, resent-bcc, return-path message_reject_characters = message_size_limit = 32000000 message_strip_characters = meta_directory = /etc/postfix milter_command_timeout = 30s milter_connect_macros = j {daemon_name} {daemon_addr} v _ milter_connect_timeout = 30s milter_content_timeout = 300s milter_data_macros = i milter_default_action = accept milter_end_of_data_macros = i milter_end_of_header_macros = i milter_header_checks = milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} milter_macro_daemon_name = $myhostname milter_macro_defaults = milter_macro_v = $mail_name $mail_version milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} milter_protocol = 6 milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} milter_unknown_command_macros = mime_boundary_length_limit = 2048 mime_header_checks = $header_checks mime_nesting_limit = 100 minimal_backoff_time = 300s multi_instance_directories = multi_instance_enable = no multi_instance_group = multi_instance_name = multi_instance_wrapper = multi_recipient_bounce_reject_code = 550 mydestination = $myhostname, localhost.$mydomain, localhost, localhost.localdomain mydomain = mydomain.tld myhostname = sub.mydomain.tld mynetworks = 127.0.0.1/32 mynetworks_style = ${{$compatibility_level} < {2} ? {subnet} : {host}} myorigin = $myhostname nested_header_checks = $header_checks newaliases_path = /usr/bin/newaliases.postfix non_fqdn_reject_code = 504 non_smtpd_milters = inet:rspamd.domain.tld:11332 notify_classes = resource, software openssl_path = openssl owner_request_special = yes parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps permit_mx_backup_networks = pickup_service_name = pickup pipe_delivery_status_filter = $default_delivery_status_filter plaintext_reject_code = 450 postlog_service_name = postlog postlogd_watchdog_timeout = 10s postmulti_control_commands = reload flush postmulti_start_commands = start postmulti_stop_commands = stop abort drain quick-stop postscreen_access_list = permit_mynetworks postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = no postscreen_bare_newline_ttl = 30d postscreen_blacklist_action = ignore postscreen_cache_cleanup_interval = 12h postscreen_cache_map = btree:$data_directory/postscreen_cache postscreen_cache_retention_time = 7d postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit postscreen_command_count_limit = 20 postscreen_command_filter = postscreen_command_time_limit = ${stress?{10}:{300}}s postscreen_disable_vrfy_command = $disable_vrfy_command postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords postscreen_dnsbl_action = ignore postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h postscreen_dnsbl_min_ttl = 60s postscreen_dnsbl_reply_map = postscreen_dnsbl_sites = postscreen_dnsbl_threshold = 1 postscreen_dnsbl_timeout = 10s postscreen_dnsbl_whitelist_threshold = 0 postscreen_enforce_tls = $smtpd_enforce_tls postscreen_expansion_filter = $smtpd_expansion_filter postscreen_forbidden_commands = $smtpd_forbidden_commands postscreen_greet_action = ignore postscreen_greet_banner = $smtpd_banner postscreen_greet_ttl = 1d postscreen_greet_wait = ${stress?{2}:{6}}s postscreen_helo_required = $smtpd_helo_required postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = no postscreen_non_smtp_command_ttl = 30d postscreen_pipelining_action = enforce postscreen_pipelining_enable = no postscreen_pipelining_ttl = 30d postscreen_post_queue_limit = $default_process_limit postscreen_pre_queue_limit = $default_process_limit postscreen_reject_footer = $smtpd_reject_footer postscreen_reject_footer_maps = $smtpd_reject_footer_maps postscreen_tls_security_level = $smtpd_tls_security_level postscreen_upstream_proxy_protocol = postscreen_upstream_proxy_timeout = 5s postscreen_use_tls = $smtpd_use_tls postscreen_watchdog_timeout = 10s postscreen_whitelist_interfaces = static:all prepend_delivered_header = command, file, forward process_id = 2311500 process_id_directory = pid process_name = postconf propagate_unmatched_extensions = canonical, virtual proxy_interfaces = proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions $address_verify_sender_dependent_default_transport_maps $address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps $fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps $lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps $mailbox_transport_maps $postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps $sender_dependent_default_transport_maps $sender_dependent_relayhost_maps $smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps $smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps $virtual_uid_maps proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map proxymap_service_name = proxymap proxywrite_service_name = proxywrite qmgr_clog_warn_time = 300s qmgr_daemon_timeout = 1000s qmgr_fudge_factor = 100 qmgr_ipc_timeout = 60s qmgr_message_active_limit = 20000 qmgr_message_recipient_limit = 20000 qmgr_message_recipient_minimum = 10 qmqpd_authorized_clients = qmqpd_client_port_logging = no qmqpd_error_delay = 1s qmqpd_timeout = 300s queue_directory = /var/spool/postfix queue_file_attribute_count_limit = 100 queue_minfree = 0 queue_run_delay = 300s queue_service_name = qmgr rbl_reply_maps = readme_directory = /usr/share/doc/postfix/README_FILES receive_override_options = recipient_bcc_maps = recipient_canonical_classes = envelope_recipient, header_recipient recipient_canonical_maps = recipient_delimiter = reject_code = 554 reject_tempfail_action = defer_if_permit relay_clientcerts = relay_delivery_slot_cost = $default_delivery_slot_cost relay_delivery_slot_discount = $default_delivery_slot_discount relay_delivery_slot_loan = $default_delivery_slot_loan relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit relay_destination_concurrency_limit = $default_destination_concurrency_limit relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback relay_destination_rate_delay = $default_destination_rate_delay relay_destination_recipient_limit = $default_destination_recipient_limit relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} relay_domains_reject_code = 554 relay_extra_recipient_limit = $default_extra_recipient_limit relay_initial_destination_concurrency = $initial_destination_concurrency relay_minimum_delivery_slots = $default_minimum_delivery_slots relay_recipient_limit = $default_recipient_limit relay_recipient_maps = relay_recipient_refill_delay = $default_recipient_refill_delay relay_recipient_refill_limit = $default_recipient_refill_limit relay_transport = relay relay_transport_rate_delay = $default_transport_rate_delay relayhost = relocated_maps = remote_header_rewrite_domain = require_home_directory = no reset_owner_alias = no resolve_dequoted_address = yes resolve_null_domain = no resolve_numeric_domain = no retry_delivery_slot_cost = $default_delivery_slot_cost retry_delivery_slot_discount = $default_delivery_slot_discount retry_delivery_slot_loan = $default_delivery_slot_loan retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit retry_destination_concurrency_limit = $default_destination_concurrency_limit retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback retry_destination_rate_delay = $default_destination_rate_delay retry_destination_recipient_limit = $default_destination_recipient_limit retry_extra_recipient_limit = $default_extra_recipient_limit retry_initial_destination_concurrency = $initial_destination_concurrency retry_minimum_delivery_slots = $default_minimum_delivery_slots retry_recipient_limit = $default_recipient_limit retry_recipient_refill_delay = $default_recipient_refill_delay retry_recipient_refill_limit = $default_recipient_refill_limit retry_transport_rate_delay = $default_transport_rate_delay rewrite_service_name = rewrite rhel_ipv6_normalize = no sample_directory = /usr/share/doc/postfix/samples send_cyrus_sasl_authzid = no sender_bcc_maps = hash:/etc/postfix/bcc sender_canonical_classes = envelope_sender, header_sender sender_canonical_maps = sender_dependent_default_transport_maps = hash:/etc/postfix/dependent sender_dependent_relayhost_maps = sendmail_fix_line_endings = always sendmail_path = /usr/sbin/sendmail.postfix service_name = service_throttle_time = 60s setgid_group = postdrop shlib_directory = /usr/lib64/postfix show_user_unknown_table_name = yes showq_service_name = showq smtp_address_preference = any smtp_address_verify_target = rcpt smtp_always_send_ehlo = yes smtp_balance_inet_protocols = yes smtp_bind_address = smtp_bind_address6 = smtp_body_checks = smtp_cname_overrides_servername = no smtp_connect_timeout = 30s smtp_connection_cache_destinations = smtp_connection_cache_on_demand = yes smtp_connection_cache_time_limit = 2s smtp_connection_reuse_count_limit = 0 smtp_connection_reuse_time_limit = 300s smtp_data_done_timeout = 600s smtp_data_init_timeout = 120s smtp_data_xfer_timeout = 180s smtp_defer_if_no_mx_address_found = no smtp_delivery_slot_cost = $default_delivery_slot_cost smtp_delivery_slot_discount = $default_delivery_slot_discount smtp_delivery_slot_loan = $default_delivery_slot_loan smtp_delivery_status_filter = $default_delivery_status_filter smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit smtp_destination_concurrency_limit = $default_destination_concurrency_limit smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback smtp_destination_rate_delay = $default_destination_rate_delay smtp_destination_recipient_limit = $default_destination_recipient_limit smtp_discard_ehlo_keyword_address_maps = smtp_discard_ehlo_keywords = smtp_dns_reply_filter = smtp_dns_resolver_options = smtp_dns_support_level = smtp_enforce_tls = no smtp_extra_recipient_limit = $default_extra_recipient_limit smtp_fallback_relay = $fallback_relay smtp_generic_maps = smtp_header_checks = smtp_helo_name = $myhostname smtp_helo_timeout = 300s smtp_host_lookup = dns smtp_initial_destination_concurrency = $initial_destination_concurrency smtp_line_length_limit = 998 smtp_mail_timeout = 300s smtp_mime_header_checks = smtp_minimum_delivery_slots = $default_minimum_delivery_slots smtp_mx_address_limit = 5 smtp_mx_session_limit = 2 smtp_nested_header_checks = smtp_never_send_ehlo = no smtp_per_record_deadline = no smtp_pix_workaround_delay_time = 10s smtp_pix_workaround_maps = smtp_pix_workaround_threshold_time = 500s smtp_pix_workarounds = disable_esmtp,delay_dotcrlf smtp_quit_timeout = 300s smtp_quote_rfc821_envelope = yes smtp_randomize_addresses = yes smtp_rcpt_timeout = 300s smtp_recipient_limit = $default_recipient_limit smtp_recipient_refill_delay = $default_recipient_refill_delay smtp_recipient_refill_limit = $default_recipient_refill_limit smtp_reply_filter = smtp_rset_timeout = 20s smtp_sasl_auth_cache_name = smtp_sasl_auth_cache_time = 90d smtp_sasl_auth_enable = no smtp_sasl_auth_soft_bounce = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = smtp_sasl_path = smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options smtp_sasl_type = cyrus smtp_send_dummy_mail_auth = no smtp_send_xforward_command = no smtp_sender_dependent_authentication = no smtp_skip_5xx_greeting = yes smtp_skip_quit_response = yes smtp_starttls_timeout = 300s smtp_tcp_port = smtp smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtp_tls_CApath = /etc/pki/tls/certs smtp_tls_block_early_mail_reply = no smtp_tls_cert_file = smtp_tls_chain_files = smtp_tls_ciphers = medium smtp_tls_connection_reuse = no smtp_tls_dane_insecure_mx_policy = dane smtp_tls_dcert_file = smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_tls_eccert_file = smtp_tls_eckey_file = $smtp_tls_eccert_file smtp_tls_enforce_peername = yes smtp_tls_exclude_ciphers = RC4, aNULL, EXPORT, LOW, MEDIUM smtp_tls_fingerprint_cert_match = smtp_tls_fingerprint_digest = md5 smtp_tls_force_insecure_host_tlsa_lookup = no smtp_tls_key_file = $smtp_tls_cert_file smtp_tls_loglevel = 0 smtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_exclude_ciphers = smtp_tls_mandatory_protocols = !SSLv2,!SSLv3 smtp_tls_note_starttls_offer = no smtp_tls_per_site = smtp_tls_policy_maps = smtp_tls_protocols = !SSLv2,!SSLv3 smtp_tls_scert_verifydepth = 9 smtp_tls_secure_cert_match = nexthop, dot-nexthop smtp_tls_security_level = may smtp_tls_servername = smtp_tls_session_cache_database = smtp_tls_session_cache_timeout = 3600s smtp_tls_trust_anchor_file = smtp_tls_verify_cert_match = hostname smtp_tls_wrappermode = no smtp_transport_rate_delay = $default_transport_rate_delay smtp_use_tls = no smtp_xforward_timeout = 300s smtpd_authorized_verp_clients = $authorized_verp_clients smtpd_authorized_xclient_hosts = smtpd_authorized_xforward_hosts = smtpd_banner = $myhostname ESMTP $mail_name smtpd_client_auth_rate_limit = 0 smtpd_client_connection_count_limit = 10 smtpd_client_connection_rate_limit = 60 smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} smtpd_client_message_rate_limit = 0 smtpd_client_new_tls_session_rate_limit = 0 smtpd_client_port_logging = no smtpd_client_recipient_rate_limit = 0 smtpd_client_restrictions = smtpd_command_filter = smtpd_data_restrictions = smtpd_delay_open_until_valid_rcpt = yes smtpd_delay_reject = yes smtpd_discard_ehlo_keyword_address_maps = smtpd_discard_ehlo_keywords = chunking smtpd_dns_reply_filter = smtpd_end_of_data_restrictions = smtpd_enforce_tls = no smtpd_error_sleep_time = 1s smtpd_etrn_restrictions = smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ smtpd_forbidden_commands = CONNECT GET POST smtpd_hard_error_limit = ${stress?{1}:{20}} smtpd_helo_required = no smtpd_helo_restrictions = smtpd_history_flush_threshold = 100 smtpd_junk_command_limit = ${stress?{1}:{100}} smtpd_log_access_permit_actions = smtpd_milter_maps = smtpd_milters = inet:rspamd.domain.tld:11332 smtpd_noop_commands = smtpd_null_access_lookup_key = <> smtpd_peername_lookup = yes smtpd_per_record_deadline = ${stress?{yes}:{no}} smtpd_policy_service_default_action = 451 4.3.5 Server configuration problem smtpd_policy_service_max_idle = 300s smtpd_policy_service_max_ttl = 1000s smtpd_policy_service_policy_context = smtpd_policy_service_request_limit = 0 smtpd_policy_service_retry_delay = 1s smtpd_policy_service_timeout = 100s smtpd_policy_service_try_limit = 2 smtpd_proxy_ehlo = $myhostname smtpd_proxy_filter = smtpd_proxy_options = smtpd_proxy_timeout = 100s smtpd_recipient_limit = 1000 smtpd_recipient_overshoot_limit = 1000 smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rhsbl_client dbl.spamhaus.org smtpd_reject_footer = smtpd_reject_footer_maps = smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}} smtpd_restriction_classes = smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_exceptions_networks = smtpd_sasl_local_domain = smtpd_sasl_path = smtpd smtpd_sasl_response_limit = 12288 smtpd_sasl_security_options = noanonymous smtpd_sasl_service = smtp smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = cyrus smtpd_sender_login_maps = unionmap:{regexp:/etc/postfix/login_maps.pcre hash:/etc/postfix/virtual} smtpd_sender_restrictions = smtpd_service_name = smtpd smtpd_soft_error_limit = 10 smtpd_starttls_timeout = ${stress?{10}:{300}}s smtpd_timeout = ${stress?{10}:{300}}s smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem smtpd_tls_CApath = smtpd_tls_always_issue_session_ids = yes smtpd_tls_ask_ccert = no smtpd_tls_auth_only = no smtpd_tls_ccert_verifydepth = 9 smtpd_tls_cert_file = smtpd_tls_chain_files = /etc/pki/tls/private/postfix.key,/etc/pki/tls/certs/postfix.pem smtpd_tls_ciphers = medium smtpd_tls_dcert_file = smtpd_tls_dh1024_param_file = smtpd_tls_dh512_param_file = smtpd_tls_dkey_file = $smtpd_tls_dcert_file smtpd_tls_eccert_file = smtpd_tls_eckey_file = $smtpd_tls_eccert_file smtpd_tls_eecdh_grade = auto smtpd_tls_exclude_ciphers = RC4, aNULL, EXPORT, LOW, MEDIUM smtpd_tls_fingerprint_digest = md5 smtpd_tls_key_file = $smtpd_tls_cert_file smtpd_tls_loglevel = 0 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_received_header = no smtpd_tls_req_ccert = no smtpd_tls_security_level = may smtpd_tls_session_cache_database = smtpd_tls_session_cache_timeout = 3600s smtpd_tls_wrappermode = no smtpd_upstream_proxy_protocol = smtpd_upstream_proxy_timeout = 5s smtpd_use_tls = yes smtputf8_autodetect_classes = sendmail, verify smtputf8_enable = ${{$compatibility_level} < {1} ? {no} : {yes}} soft_bounce = no stale_lock_time = 500s stress = strict_7bit_headers = no strict_8bitmime = no strict_8bitmime_body = no strict_mailbox_ownership = yes strict_mime_encoding_domain = no strict_rfc821_envelopes = no strict_smtputf8 = no sun_mailtool_compatibility = no swap_bangpath = yes syslog_facility = mail syslog_name = ${multi_instance_name?{$multi_instance_name}:{postfix}} tcp_windowsize = 0 tls_append_default_CA = no tls_daemon_random_bytes = 32 tls_dane_digests = sha512 sha256 tls_disable_workarounds = tls_eecdh_auto_curves = X25519 X448 prime256v1 secp521r1 secp384r1 tls_eecdh_strong_curve = prime256v1 tls_eecdh_ultra_curve = secp384r1 tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH tls_fast_shutdown_enable = yes tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH tls_legacy_public_key_fingerprints = no tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH tls_null_cipherlist = eNULL:!aNULL tls_preempt_cipherlist = no tls_random_bytes = 32 tls_random_exchange_name = ${data_directory}/prng_exch tls_random_prng_update_period = 3600s tls_random_reseed_period = 3600s tls_random_source = dev:/dev/urandom tls_server_sni_maps = hash:/etc/postfix/vmail_ssl tls_session_ticket_cipher = aes-256-cbc tls_ssl_options = tls_wildcard_matches_multiple_labels = yes tlsmgr_service_name = tlsmgr tlsproxy_client_CAfile = $smtp_tls_CAfile tlsproxy_client_CApath = $smtp_tls_CApath tlsproxy_client_cert_file = $smtp_tls_cert_file tlsproxy_client_chain_files = $smtp_tls_chain_files tlsproxy_client_dcert_file = $smtp_tls_dcert_file tlsproxy_client_dkey_file = $smtp_tls_dkey_file tlsproxy_client_eccert_file = $smtp_tls_eccert_file tlsproxy_client_eckey_file = $smtp_tls_eckey_file tlsproxy_client_enforce_tls = $smtp_enforce_tls tlsproxy_client_fingerprint_digest = $smtp_tls_fingerprint_digest tlsproxy_client_key_file = $smtp_tls_key_file tlsproxy_client_level = $smtp_tls_security_level tlsproxy_client_loglevel = $smtp_tls_loglevel tlsproxy_client_loglevel_parameter = smtp_tls_loglevel tlsproxy_client_per_site = $smtp_tls_per_site tlsproxy_client_policy = $smtp_tls_policy_maps tlsproxy_client_scert_verifydepth = $smtp_tls_scert_verifydepth tlsproxy_client_use_tls = $smtp_use_tls tlsproxy_enforce_tls = $smtpd_enforce_tls tlsproxy_service_name = tlsproxy tlsproxy_tls_CAfile = $smtpd_tls_CAfile tlsproxy_tls_CApath = $smtpd_tls_CApath tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth tlsproxy_tls_cert_file = $smtpd_tls_cert_file tlsproxy_tls_chain_files = $smtpd_tls_chain_files tlsproxy_tls_ciphers = $smtpd_tls_ciphers tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest tlsproxy_tls_key_file = $smtpd_tls_key_file tlsproxy_tls_loglevel = $smtpd_tls_loglevel tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols tlsproxy_tls_protocols = $smtpd_tls_protocols tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert tlsproxy_tls_security_level = $smtpd_tls_security_level tlsproxy_use_tls = $smtpd_use_tls tlsproxy_watchdog_timeout = 10s trace_service_name = trace transport_maps = transport_retry_time = 60s trigger_timeout = 10s undisclosed_recipients_header = unknown_address_reject_code = 450 unknown_address_tempfail_action = $reject_tempfail_action unknown_client_reject_code = 450 unknown_helo_hostname_tempfail_action = $reject_tempfail_action unknown_hostname_reject_code = 450 unknown_local_recipient_reject_code = 550 unknown_relay_recipient_reject_code = 550 unknown_virtual_alias_reject_code = 550 unknown_virtual_mailbox_reject_code = 550 unverified_recipient_defer_code = 450 unverified_recipient_reject_code = 450 unverified_recipient_reject_reason = unverified_recipient_tempfail_action = $reject_tempfail_action unverified_sender_defer_code = 450 unverified_sender_reject_code = 450 unverified_sender_reject_reason = unverified_sender_tempfail_action = $reject_tempfail_action verp_delimiter_filter = -=+ virtual_alias_address_length_limit = 1000 virtual_alias_domains = $virtual_alias_maps virtual_alias_expansion_limit = 1000 virtual_alias_maps = hash:/etc/postfix/virtual virtual_alias_recursion_limit = 1000 virtual_delivery_slot_cost = $default_delivery_slot_cost virtual_delivery_slot_discount = $default_delivery_slot_discount virtual_delivery_slot_loan = $default_delivery_slot_loan virtual_delivery_status_filter = $default_delivery_status_filter virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit virtual_destination_concurrency_limit = $default_destination_concurrency_limit virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback virtual_destination_rate_delay = $default_destination_rate_delay virtual_destination_recipient_limit = $default_destination_recipient_limit virtual_extra_recipient_limit = $default_extra_recipient_limit virtual_gid_maps = virtual_initial_destination_concurrency = $initial_destination_concurrency virtual_mailbox_base = virtual_mailbox_domains = $virtual_mailbox_maps virtual_mailbox_limit = 51200000 virtual_mailbox_lock = fcntl, dotlock virtual_mailbox_maps = virtual_minimum_delivery_slots = $default_minimum_delivery_slots virtual_minimum_uid = 100 virtual_recipient_limit = $default_recipient_limit virtual_recipient_refill_delay = $default_recipient_refill_delay virtual_recipient_refill_limit = $default_recipient_refill_limit virtual_transport = virtual virtual_transport_rate_delay = $default_transport_rate_delay virtual_uid_maps = ############################# dovecot config: ############################# doveconf # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 4.18.0-425.3.1.el8.x86_64 x86_64 Rocky Linux release 8.7 (Green Obsidian) # Hostname: m13.domain.tld # NOTE: Send doveconf -n output instead when asking for help. auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_cache_verify_password_with_worker = no auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain login auth_policy_check_after_auth = yes auth_policy_check_before_auth = yes auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_log_only = no auth_policy_reject_on_fail = no auth_policy_report_after_auth = yes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s session_id=%{session} auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url = auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_stats = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 1 mins default_internal_group = dovecot default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_flush_socket = director_mail_servers = director_max_parallel_kicks = 100 director_max_parallel_moves = 100 director_output_buffer_size = 10 M director_ping_idle_timeout = 30 secs director_ping_max_timeout = 1 mins director_servers = director_user_expire = 15 mins director_user_kick_delay = 2 secs director_username_hash = %u disable_plaintext_auth = no dotlock_use_excl = yes doveadm_allowed_commands = doveadm_api_key = doveadm_http_rawlog_dir = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_ssl = no doveadm_username = doveadm doveadm_worker_count = 0 dsync_alt_char = _ dsync_commit_msgs_interval = 100 dsync_features = dsync_hashed_headers = Date Message-ID dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 1 first_valid_uid = 1000 haproxy_timeout = 3 secs haproxy_trusted_networks = hostname = imap_capability = imap_client_workarounds = imap_fetch_failure = disconnect-immediately imap_hibernate_timeout = 0 imap_id_log = imap_id_retain = no imap_id_send = name * imap_idle_notify_interval = 2 mins imap_literal_minus = no imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes} imap_max_line_length = 64 k imap_metadata = no imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imapc_cmd_timeout = 5 mins imapc_connection_retry_count = 1 imapc_connection_retry_interval = 1 secs imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_max_line_length = 0 imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_sasl_mechanisms = imapc_ssl = no imapc_ssl_verify = yes imapc_user = import_environment = TZ CORE_OUTOFMEM CORE_ERROR info_log_path = instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/libexec/dovecot listen = *, :: lmtp_add_received_header = yes lmtp_client_workarounds = lmtp_hdr_delivery_address = final lmtp_proxy = no lmtp_proxy_rawlog_dir = lmtp_rawlog_dir = lmtp_rcpt_check_quota = no lmtp_save_to_detail_mailbox = no lmtp_user_concurrency_limit = 0 lock_method = fcntl log_core_filter = log_debug = log_path = syslog log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}> login_plugin_dir = /usr/lib64/dovecot/login login_plugins = login_proxy_max_disconnect_delay = 0 login_proxy_max_reconnects = 3 login_proxy_notify_path = proxy-notify login_proxy_timeout = 30 secs login_source_ips = login_trusted_networks = mail_access_groups = mail_always_cache_fields = mail_attachment_detection_options = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_attribute_dict = mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = maildir:~/Maildir:INDEX=/var/lib/dovecot-virtualmin/index/%u:CONTROL=/var/lib/dovecot-virtualmin/control/%u mail_log_prefix = "%s(%u)<%{pid}><%{session}>: " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib64/dovecot mail_plugins = mail_prefetch_count = 0 mail_privileged_group = mail_save_crlf = no mail_server_admin = mail_server_comment = mail_shared_explicit_inbox = no mail_sort_max_read_count = 0 mail_temp_dir = /tmp mail_temp_scan_interval = 1 weeks mail_uid = mail_vsize_bg_after_count = 0 mailbox_idle_check_interval = 30 secs mailbox_list_index = yes mailbox_list_index_include_inbox = no mailbox_list_index_very_dirty_syncs = no maildir_broken_filename_sizes = no maildir_copy_with_hardlinks = yes maildir_empty_new = no maildir_stat_dirs = no maildir_very_dirty_syncs = no managesieve_client_workarounds = managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 64 k managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_md5 = apop3d mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 10 M mmap_disable = no namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Drafts } mailbox Junk { auto = subscribe autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Junk } mailbox Sent { auto = subscribe autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Sent } mailbox "Sent Messages" { auto = no autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Sent } mailbox Trash { auto = subscribe autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Trash } mailbox spam { auto = subscribe autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Junk } order = 0 prefix = separator = subscriptions = yes type = private } old_stats_carbon_interval = 30 secs old_stats_carbon_name = old_stats_carbon_server = old_stats_command_min_time = 1 mins old_stats_domain_min_time = 12 hours old_stats_ip_min_time = 12 hours old_stats_memory_limit = 16 M old_stats_session_min_time = 15 mins old_stats_user_min_time = 1 hours passdb { args = auth_verbose = default default_fields = deny = no driver = pam master = no mechanisms = name = override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never username_filter = } plugin { imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/learn-spam.sieve imapsieve_mailbox1_causes = COPY APPEND FLAG imapsieve_mailbox1_name = spam imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = spam imapsieve_mailbox2_name = * imapsieve_mailbox3_before = file:/var/lib/dovecot/sieve/learn-spam.sieve imapsieve_mailbox3_causes = COPY APPEND FLAG imapsieve_mailbox3_name = Junk imapsieve_mailbox4_before = file:/var/lib/dovecot/sieve/learn-ham.sieve imapsieve_mailbox4_causes = COPY imapsieve_mailbox4_from = Junk imapsieve_mailbox4_name = * quota = fs:user userquota quota_grace = 100M quota_warning = storage=95%% quota-warning 95 %n %d quota_warning2 = storage=90%% quota-warning 90 %n %d quota_warning3 = storage=80%% quota-warning 80 %n %d sieve = file:~/sieve;active=~/.dovecot.sieve sieve_before = /var/lib/dovecot/sieve/before-global.sieve sieve_extensions = +vacation-seconds sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug sieve_pipe_bin_dir = /var/lib/dovecot/sieve sieve_plugins = sieve_extprograms sieve_imapsieve sieve_vacation_default_period = 10d sieve_vacation_max_period = 30d sieve_vacation_min_period = 1h } pop3_client_workarounds = pop3_delete_type = default pop3_deleted_flag = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_duplicates = allow pop3_uidl_format = %08Xu%08Xv pop3c_features = pop3c_host = pop3c_master_user = pop3c_password = pop3c_port = 110 pop3c_quick_received_date = no pop3c_rawlog_dir = pop3c_ssl = no pop3c_ssl_verify = yes pop3c_user = %u postmaster_address = postmaster@%{if;%d;ne;;%d;%{hostname}} protocols = imap pop3 lmtp sieve quota_full_tempfail = no rawlog_dir = recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s replication_dsync_parameters = -d -N -l 30 -U replication_full_sync_interval = 1 days replication_max_conns = 10 replicator_host = replicator replicator_port = 0 sendmail_path = /usr/sbin/sendmail service aggregator { chroot = . client_limit = 0 drop_priv_before_exec = no executable = aggregator extra_groups = fifo_listener replication-notify-fifo { group = mode = 0600 user = } group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replication-notify { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = worker unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 0 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = $default_internal_user } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0666 user = $default_internal_user } unix_listener login/login { group = mode = 0666 user = } unix_listener token-login/tokenlogin { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict-async { chroot = client_limit = 0 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict-async { group = $default_internal_group mode = 0660 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = $default_internal_group mode = 0660 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = . client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs inet_listener { address = haproxy = no port = 0 reuse_port = no ssl = no } privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener director-userdb { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns-client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } unix_listener login/dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service health-check { chroot = client_limit = 1 drop_priv_before_exec = yes executable = script -p health-check.sh extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = user = $default_internal_user vsz_limit = 18446744073709551615 B } service imap-hibernate { chroot = client_limit = 0 drop_priv_before_exec = no executable = imap-hibernate extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 0 type = unix_listener imap-hibernate { group = $default_internal_group mode = 0660 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = haproxy = no port = 143 reuse_port = no ssl = no } inet_listener imaps { address = haproxy = no port = 993 reuse_port = no ssl = yes } privileged_group = process_limit = 0 process_min_avail = 5 protocol = imap service_count = 0 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-login { chroot = token-login client_limit = 0 drop_priv_before_exec = no executable = imap-urlauth-login extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login unix_listener imap-urlauth { group = mode = 0666 user = } user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth-worker extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener imap-urlauth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service imap-urlauth { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener token-login/imap-urlauth { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service imap { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 400 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener imap-master { group = mode = 0600 user = } unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service indexer-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = indexer-worker extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 10 process_min_avail = 0 protocol = service_count = 0 type = worker unix_listener indexer-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service indexer { chroot = client_limit = 0 drop_priv_before_exec = no executable = indexer extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service ipc { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = ipc extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener ipc { group = mode = 0600 user = $default_internal_user } unix_listener login/ipc-proxy { group = mode = 0600 user = $default_login_user } user = $default_internal_user vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 1 drop_priv_before_exec = no executable = lmtp extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 01224 user = postfix } unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log unix_listener log-errors { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service managesieve-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = managesieve-login extra_groups = group = idle_kill = 0 inet_listener sieve { address = haproxy = no port = 4190 reuse_port = no ssl = no } privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service managesieve { chroot = client_limit = 1 drop_priv_before_exec = no executable = managesieve extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = unix_listener login/sieve { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service old-stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = old-stats extra_groups = fifo_listener old-stats-mail { group = mode = 0600 user = } fifo_listener old-stats-user { group = mode = 0600 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener old-stats { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = haproxy = no port = 110 reuse_port = no ssl = no } inet_listener pop3s { address = haproxy = no port = 995 reuse_port = no ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = no executable = pop3 extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 200 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service quota-warning { chroot = client_limit = 0 drop_priv_before_exec = no executable = script /var/lib/dovecot/quota-warning.sh extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener quota-warning { group = dovecot mode = 0666 user = dovecot } user = vsz_limit = 18446744073709551615 B } service replicator { chroot = client_limit = 0 drop_priv_before_exec = no executable = replicator extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replicator-doveadm { group = mode = 00 user = $default_internal_user } unix_listener replicator { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service stats { chroot = client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats-reader { group = mode = 0600 user = } unix_listener stats-writer { group = $default_internal_group mode = 0660 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service submission-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = submission-login extra_groups = group = idle_kill = 0 inet_listener submission { address = haproxy = no port = 587 reuse_port = no ssl = no } privileged_group = process_limit = 0 process_min_avail = 0 protocol = submission service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service submission { chroot = client_limit = 1 drop_priv_before_exec = no executable = submission extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = submission service_count = 1 type = unix_listener login/submission { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_alt_cert = ssl_alt_key = ssl_ca = ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_cert_username_field = commonName ssl_cipher_list = PROFILE=SYSTEM ssl_cipher_suites = ssl_client_ca_dir = ssl_client_ca_file = ssl_client_cert = ssl_client_key = ssl_client_require_valid_cert = yes ssl_crypto_device = ssl_curve_list = ssl_dh = ssl_key = # hidden, use -P to show it ssl_key_password = ssl_min_protocol = TLSv1.2 ssl_options = ssl_prefer_server_ciphers = no ssl_require_crl = yes ssl_verify_client_cert = no state_dir = /var/lib/dovecot stats_http_rawlog_dir = stats_writer_socket_path = stats-writer submission_client_workarounds = submission_host = submission_logout_format = in=%i out=%o submission_max_mail_size = 0 submission_max_recipients = 0 submission_relay_command_timeout = 5 mins submission_relay_connect_timeout = 30 secs submission_relay_host = submission_relay_master_user = submission_relay_max_idle_time = 29 mins submission_relay_password = submission_relay_port = 25 submission_relay_rawlog_dir = submission_relay_ssl = no submission_relay_ssl_verify = yes submission_relay_trusted = no submission_relay_user = submission_ssl = no submission_timeout = 30 secs syslog_facility = mail userdb { args = auth_verbose = default default_fields = driver = passwd name = override_fields = result_failure = continue result_internalfail = continue result_success = return-ok skip = never } valid_chroot_dirs = verbose_proctitle = no verbose_ssl = no version_ignore = no protocol lmtp { mail_plugins = " sieve" userdb { args = username_format=%n /etc/passwd driver = passwd-file name = } } protocol imap { mail_plugins = " imap_quota imap_sieve quota" } local_name sub.domain.tld { ssl_cert = </etc/pki/dovecot/certs/sub.domain.tld.pem ssl_key = # hidden, use -P to show it } local_name othersub.domain.tld { ssl_cert = </etc/dovecot/cert.othersub.domain.tld.pem ssl_key = # hidden, use -P to show it } ############################# /etc/passwd ############################# test@s32.someteststring.ml:x:14127:3625:fsadf:/home/s32/homes/test:/dev/null test-s32.someteststring.ml:x:14127:3625:fsadf:/home/s32/homes/test:/dev/null ############################# /etc/postfix/virtual ############################# test(a)s32.someteststring.ml test-s32.someteststring.ml #############################

1 0

submissiond xoauth2 authentication: line too long
by Tobias Florek 04 Jan '23

04 Jan '23

Hi, I am running the latest container image which has dovecot-submissiond 2:2.3.20-3+debian11 I am running into the following problem. I have successfully set up xoauth2 for IMAP and ManageSieve. Now when roundcube tries to send email to submissiond it fails with 500 5.5.2 Line too long This happens right after roundcube sends AUTH XOAUTH2 dXNlcj10ZkBzY2hhZWZmZXItYWcu[...] (a line of length 2149 characters). Reading RFC 4954, section 4 I suppose that this does not look standard compliant. Am I correct? I will raise this issue with roundcube as well. Cheers, Tobi

1 1

CRAM MD5 passwd db permission issue
by Gerben Wierda 04 Jan '23

04 Jan '23

I am busy migrating. I am moving from macOS+MacPorts to Ubuntu+Docker On the old system, I have this in the dovecot config: mail_uid = _dovecot mail_gid = mail mail_privileged_group = mail mail_access_groups = mail This seems weird to me, I think the dovecot user should be in group dovecot only if I understand the docs. On the old system dovecot, postfix, dovenull and rspamd are all members of the mail group. On that system, the cram md5 passwd database (file) has these permissions: drwxr-xr-x 3 root wheel 96 Feb 2 2021 . drwxr-xr-x 22 root admin 704 Jan 4 15:17 .. -rw-r----- 1 root mail 1234 Feb 2 2021 cram-md5.pwd and that has worked like that for many years, basically starting with Mac OS X Server, surviving all kinds of macOS migrations. On my new Ubuntu system I've copied this setup over: drwxr-xr-x 2 root root 4096 Jan 4 09:49 . drwxr-xr-x 7 root root 4096 Jan 4 15:21 .. -rw-r----- 1 root mail 1234 Feb 2 2021 cram-md5.pwd mail_uid = dovecot mail_gid = mail mail_privileged_group = mail mail_access_groups = mail But: Jan 04 15:40:08 auth: Error: passwd-file /etc/dovecot/etc/cram-md5.pwd:open(/etc/dovecot/etc/cram-md5.pwd) failed: Permission denied (euid=91(dovecot) egid=91(dovecot) missing +r perm: /etc/dovecot/etc/cram-md5.pwd, we're not in group 8(mail), dir owned by 0:0 mode=0755) And really, dovecot is in group mail. From /etc/group: mail:x:8:postfix,dovecot dovenull:x:90: dovecot:x:91: And from /etc/passwd: dovenull:x:90:90::/home/dovenull:/usr/sbin/nologin dovecot:x:91:91::/home/dovecot:/usr/sbin/nologin So, that I get this error baffles me. Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>) R&A IT Strategy <https://ea.rna.nl/> (main site) Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

2 1

doveadm proxy list has strange entries
by Tobias Florek 02 Jan '23

02 Jan '23

Hi! I am using dovecot from the latest docker image: Version 2:2.3.20-3+debian11 When getting the proxy list I get the following entries. # doveadm -f flow proxy list username=user(a)example.com proto=imap src ip=10.254.0.13 dest ip=172.23.6.194 port=143 username=username proto=service src ip=src-ip dest ip=dest-ip port=dest-port username=user2(a)example.com proto=imap src ip=10.254.0.13 dest ip=172.23.6.194 port=143 username=username proto=service src ip=src-ip dest ip=dest-ip port=dest-port username=user3(a)example.com proto=imap src ip=10.254.0.13 dest ip=172.23.6.194 port=143 username=username proto=service src ip=src-ip dest ip=dest-ip port=dest-port ... These correspond to the http API's response: # curl -H "Authorization: X-Dovecot-API $(echo -n MY_API_KEY|base64 -w0)" http://localhost:8080/doveadm/v1 -H "Content-Type: application/json" -d '[["proxyList",{},"tag1"]]' | jq [ [ "doveadmResponse", [ { "username": "user(a)example.com", "service": "imap", "src-ip": "10.254.0.13", "dest-ip": "172.23.6.194", "dest-port": "143" }, { "username": "username", "service": "service", "src-ip": "src-ip", "dest-ip": "dest-ip", "dest-port": "dest-port" }, ... ], "tag1" ] ] This does not look right. Cheers, Tobias Florek

3 2

Error: Failed to get quota resource STORAGE: quota-fs: quotactl(Q_GETQUOTA, NFS:/home) failed: No such file or directory
by Jorge Concha C. 01 Jan '23

01 Jan '23

Hello everyone, I'm migrating my dovecot (imap) server from CentOS-6 to RockyLinux-9, but I can't get the QUOTA-FS plugin to work. When trying the "doveadm quota get -u user" command, it returns an error "doveadm(user): Error: Failed to get quota resource STORAGE: quota-fs: quotactl(Q_GETQUOTA, nfs:/home) failed: No such file or directory" If the user has his "$home" on a local drive, everything works fine, but if the user has his $home on a nfs-filesystem, it throws that error. On CentOS-6, everything works fine, with the same users on the same nfs-filesystem. I don't know if it is the product of the OS change or the dovecot version change. CentOS6 -> Dovecot 2.2.10 RockyLinux-9 -> Dovecot 2.3.16 Does anyone have any ideas? Thanks -- Jorge Concha C. Área de Sistemas - CEC U. de Chile

3 12