- dovecot - dovecot.org

[Dovecot] Bug in 1.1.4: New line required in ACL files
by sleeper-＠gmx.net 19 Nov '08

19 Nov '08

Hello, just wanted to notify you about a bug i found in 1.1.4 ACL handling: Global ACLs are ignored, when there is no line break (i.e. "owner lr" is ignored while "owner lr\n" works). I didn't track this down to see if the same happens for per-user ACLs, but it should be quite obvious in the source anyways. Regards -- Sensationsangebot nur bis 30.11: GMX FreeDSL - Telefonanschluss + DSL für nur 16,37 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a

2 1

[Dovecot] Mail.app & Subscriptions
by Neil 19 Nov '08

19 Nov '08

Client: Mail.app v.3.5 Server: Dovecot 1.1.6 I've noticed that when I go to "Account Info" in Mail.app, and then to the "Subscription List" tab, Mail.app will spin for a bit, and then give up, without showing any folders and all the buttons are grayed out. Does anyone know if this a Mail.app issue or a Dovecot issue, if there're any work-arounds, and/or if this is something I should be concerned about? Thanks, Neil.

2 1

[Dovecot] Password authentication and character set
by Fredrik Grönqvist 19 Nov '08

19 Nov '08

Hi, I've searched in the wiki and in the mailinglist archives but haven't found anything about password character sets within the dovecot authentication deamon. My problem is that we have users with passwords containing scandinavian characters (äöå, umlauts) and the debug log shows that different clients send the password in different charsets. The passwords are stored in a Mysql table, if that makes any difference. Outlook Express with LATIN 1 (ISO-8859-1): Nov 18 16:56:39 resilar dovecot: auth-worker(default): sql(fgr-1,193.64.206.190): Password mismatch Nov 18 16:56:39 resilar dovecot: auth-worker(default): sql(fgr-1,193.64.206.190): MD5(<E4><E4>kk<F6>si<E4>) != '$1$xMPPHRdL$I0mrlPi5FMtwauSf20vjz0' MacMail UTF8: Nov 18 17:23:37 resilar dovecot: auth-worker(default): sql(fgr-1,193.64.206.190): Password mismatch Nov 18 17:23:37 resilar dovecot: auth-worker(default): sql(fgr-1,193.64.206.190): MD5(ääkkösiä12) != '$1$xMPPHRdL$I0mrlPi5FMtwauSf20vjz0' Is there a setting that "forces" the authentication daemon to convert the provided password to a specific charset before the comparison takes place, or how should one handle this? dovecot -n # 1.1.4: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s managesieve ssl_cert_file: /etc/ssl/certs/mail.crt ssl_key_file: /etc/ssl/private/mail.key ssl_cipher_list: ALL:!LOW disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_greeting: mail ready. login_process_per_connection: no mail_privileged_group: mail mail_location: maildir:~/mail mail_debug: yes mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): delay-newmail outlook-idle imap_client_workarounds(imap): delay-newmail outlook-idle imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): sieve_storage(default): sieve_storage(imap): sieve_storage(pop3): sieve_storage(managesieve): ~/ sieve(default): sieve(imap): sieve(pop3): sieve(managesieve): ~/.dovecot.sieve auth default: mechanisms: plain login username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@+ verbose: yes debug: yes debug_passwords: yes worker_max_count: 50 passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail plugin: quota: maildir Chears Fredrik -- ------------------------------------------------------------------------ Fredrik Grönqvist ------------------------------------------------------------------------

3 13

[Dovecot] pam_start() failed: system error
by Peter Orlowski 18 Nov '08

18 Nov '08

Hi, I'm using dovecot 1.1.3 on FreeBSD 6.3, x86, files are on NFS, except control and index files, which are local, on UFS2. It's moderately loaded, there are usually not more than 30 clients simultaneously. dovecot runs fine for 3-10 days, then people can't connect any more, and dovecot says: Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: reconnecting to LDAP server... Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:21:46 dizzy dovecot: auth-worker(default): pam(xxxx,xxx.xxx.xxx.xxx): pam_start() failed: system error Nov 18 13:21:46 dizzy dovecot-auth: in openpam_load_module(): no pam_permit.so found Nov 18 13:22:12 dizzy dovecot-auth: in openpam_load_module(): no pam_login_access.so found Nov 18 13:22:31 dizzy dovecot-auth: in openpam_load_module(): no pam_unix.so found Nov 18 13:22:42 dizzy dovecot-auth: in openpam_load_module(): no /usr/local/lib/pam_ldap.so found After restarting dovecot things are back to normal. I have tried different settings for worker_max_count, and I had blocking=no in the passdb config until a few day ago; changing that didn't help either. Here's my current config: # 1.1.3: /usr/local/etc/dovecot.conf protocols: imaps pop3s ssl_cert_file: /etc/ssl/certs/mailitp-chain.pem ssl_key_file: /etc/ssl/certs/mailkey2.pem login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login verbose_proctitle: yes first_valid_gid: 0 mail_privileged_group: mail mail_location: mbox:~/mail/:INDEX=/srv/dovecot/indexes/%u.oldmail:INBOX=/var/mail/%u mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugins(default): zlib mail_plugins(imap): zlib mail_plugins(pop3): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh namespace: type: private separator: / prefix: NEWmail/ location: maildir:~/Maildir/:INDEX=/srv/dovecot/indexes/%u:CONTROL=/srv/dovecot/control/%u list: yes subscriptions: yes namespace: type: private separator: / location: mbox:~/mail/:INBOX=/var/mail/%u:INDEX=/srv/dovecot/indexes/%u.oldmail:CONTROL=/srv/dovecot/control/%u.oldmail inbox: yes list: yes subscriptions: yes auth default: worker_max_count: 20 passdb: driver: pam args: blocking=yes userdb: driver: passwd Greetings, -- Peter Orlowski

2 2

[Dovecot] MESSAGE Quota not RFC2087 compliant
by Braun, Martin 18 Nov '08

18 Nov '08

Hi, the configuration of my Dovecot 1.1.3 quota plugin looks like this: quota_rule = *:storage=1G quota_rule2 = *:messages=1337 this leads to the following GETQUOTAROOT response: 01 GETQUOTAROOT INBOX * QUOTAROOT "INBOX" "mbraun quota" * QUOTA "mbraun quota" (STORAGE 6553 1048576 MESSAGES 122 1337) 01 OK Getquotaroot completed. RFC2087 (http://www.faqs.org/rfcs/rfc2087.html) describes the response like as: STORAGE: Sum of messages' RFC822.SIZE, in units of 1024 octets MESSAGE: Number of messages As you can see, the response "MESSAGES" differs from the specified "MESSAGE" which leads to parsing issues on RFC compliant IMAP client implementations. Using *:message=1337 throws a configuration error on Dovecot startup. dovecot-1.1.6/src/plugins/quota/quota.h /* Number of messages. */ #define QUOTA_NAME_MESSAGES "MESSAGES" Greetings, Martin

2 1

[Dovecot] [PATCH] dovecot-1.2: fix build with Sun C compiler
by Andrey Panin 18 Nov '08

18 Nov '08

This small patch fixes dovecot-1.2 build with Sun C compiler.

1 0

[Dovecot] ManageSieve SECURITY hole: virtual users can edit scripts of other virtual users (all versions)
by Stephan Bosch 17 Nov '08

17 Nov '08

Hello, While updating the ManageSieve implementation to the latest draft specification I noticed a major omission in the way script names are handled. Essentially, script names are directly appended to the sieve storage directory path and suffixed with '.sieve'. This does not take the use of '../' in script names into account. Therefore, clever virtual users that know the directory structure of the server can read and edit script files of other virtual users with the same system uid. The added '.sieve' suffix prevents further security breach, because only sieve scripts are accessible this way. Note that of course any publicly accessible sieve script is also affected. I am sorry to report that this bug was introduced pretty much from the start, meaning that all versions of the ManageSieve patch/package are affected. To quickly resolve this issue, I provide patches against the existing releases and I release new versions for Dovecot v1.1 through v1.2. The security patches against the existing releases are very small and should therefore also apply to older versions or can be adjusted to apply cleanly with relative ease. The security patches are available as follows: http://www.rename-it.nl/dovecot/1.0/dovecot-1.0.15-managesieve-v9.3-securit… http://www.rename-it.nl/dovecot/1.0/dovecot-1.0.15-managesieve-v9.3-securit… http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.3-security… http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.3-security… http://www.rename-it.nl/dovecot/1.2/dovecot-1.2-managesieve-0.11.0-security… http://www.rename-it.nl/dovecot/1.2/dovecot-1.2-managesieve-0.11.0-security… The security patch for v1.0 is applied against the patched Dovecot tree, while patches for v1.1 and v1.2 are applied against the ManageSieve package. The new releases are available as follows (v1.1 and v1.2 versions have additional changes, read the NEWS files for more info): http://www.rename-it.nl/dovecot/1.0/dovecot-1.0.15-MANAGESIEVE-v9.4.diff.gz http://www.rename-it.nl/dovecot/1.0/dovecot-1.0.15-MANAGESIEVE-v9.4.diff.gz… http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.4.tar.gz http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.4.tar.gz.s… http://www.rename-it.nl/dovecot/1.2/dovecot-1.2-managesieve-0.11.1.tar.gz http://www.rename-it.nl/dovecot/1.2/dovecot-1.2-managesieve-0.11.1.tar.gz.s… Refreshed ManageSieve patches for v1.1 and v1.2 are available to avoid confusion, but an existing patched Dovecot should work fine. I hope package maintainers will quickly incorporate the security patches to get rid of this stupidity as soon as possible. Don't hesitate to notify me when there are problems! Regards, -- Stephan Bosch stephan(a)rename-it.nl

1 0

[Dovecot] Dovecot error with Symbian mail client
by jeeger＠thenybble.de 17 Nov '08

17 Nov '08

Greetings list, I have recently acquired an Nokia E71 (which comes with Symbian 3rd edition, feature pack 3 I believe). Accessing my emails has worked before, but now, I cannot connect to the mail server any longer. If I enable verbose_ssl, I get the following error in the log: SSL_accept() failed: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message [141.84.69.67] I cannot access my mail, the dialog just closes and the wireless connection ends. I am using dovecot version 1.0.13 and my config is # 1.0.13: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_cert_file: /etc/dovecot/dovecot.crt ssl_key_file: /etc/dovecot/dovecot.pem verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login auth default: passdb: driver: pam userdb: driver: passwd Thanks for your answers! Regards, Jan Seeger PS: I have tested the symbian client with gmail, and it works. So the problem is probably a bug in the communication between the symbian client and dovecot.

7 8

[Dovecot] store sieve scripts with maildir
by Samuel HAMEAU 17 Nov '08

17 Nov '08

Hi, I am using dovecot 1.0.10 and pysieved, in a master/slave cluster with ldap (auth_bind=yes). For conceptuals reasons, i would like to keep on the same partition the mailstore + sieve scripts. I have try to set "sieve" and "home" variables under the "plugin" section with an absolute path, and i have tried to override home variable in user_attrs (dovecot-ldap.conf) as well with an absolute path, but in vain. Is there a solution ? sam

3 6

[Dovecot] OT: Counting emails in IMAP folders
by Nigel Allen 17 Nov '08

17 Nov '08

Greetings I have a customer who has mail server running dovecot with an IMAP account (Customers) which contains hundreds of folders (one per customer). Looks like this: Customers Fred Smith and Co Joe Blogss Cust-1 Cust-n They have a requirement to report monthly on the total number of emails added to each customers' folder during the month. Basically I need to be able to run some kind of command line query that will give me each of the sub-folder names and the number of emails added to the folder for that month (or other user-specified time period). Any ideas please? TIA Nigel.

3 3