On 18.10.2018 21.24, J. de Meijer wrote:
On 16.10.2018 21.32, J. de Meijer wrote:
I'm still trying to fix this problem. Hopefully someone can help.

I've upgraded dovecot to 2.3.3
# dovecot --version
2.3.3 (dcead646b)

That didn't help.

Next I switched 10-auth.conf to use a local password file (instead of
LDAP)
Can you provide doveconf -n please?

Aki
Here it is. Hopefully you can find what's wrong.

# dovecot -n
# 2.3.3 (dcead646b): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.3 (f018bbab)
# OS: FreeBSD 11.2-RELEASE-p4 amd64
# Hostname: mailserver
auth_debug = yes
imap_idle_notify_interval = 29 mins
mail_debug = yes
mail_fsync = never
mail_location = maildir:~/Maildir
mail_plugins = " fts fts_solr"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
  inbox = yes
  location =
  mailbox Archive {
    auto = subscribe
    special_use = \Archive
  }
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
  separator = /
}
passdb {
  args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  fts = solr
  fts_autoindex = yes
  fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
  imapsieve_mailbox1_before =
file:/usr/local/etc/dovecot/sieve/report-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox2_before =
file:/usr/local/etc/dovecot/sieve/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Spam
  imapsieve_mailbox2_name = *
  recipient_delimiter = +
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_after = /usr/local/etc/dovecot/sieve-after.d
  sieve_before = /usr/local/etc/dovecot/sieve-before.d
  sieve_global_extensions = +vnd.dovecot.pipe
  sieve_pipe_bin_dir = /usr/local/etc/dovecot/sieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
  sieve_quota_max_storage = 50M
}
postmaster_address = webmaster@example.com
protocols = imap pop3 lmtp sieve
service auth {
  client_limit = 1600
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    address = 127.0.0.1, ::1
  }
  process_min_avail = 3
  service_count = 1
}
service imap {
  process_min_avail = 3
  service_count = 256
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service pop3-login {
  inet_listener pop3 {
    address = 127.0.0.1, ::1
  }
  service_count = 1
}
ssl = required
ssl_cert = </usr/local/etc/ssl/mail.demeijer.com.dovecot.crt
ssl_cipher_list =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
userdb {
  args = /usr/local/etc/dovecot/dovecot-ldap-user.conf.ext
  driver = ldap
}
protocol imap {
  mail_max_userip_connections = 50
  mail_plugins = " fts fts_solr imap_sieve"
}
protocol lmtp {
  lmtp_save_to_detail_mailbox = yes
  mail_fsync = optimized
  mail_plugins = " fts fts_solr quota sieve"
}



Hi!

You can't set

service imap {
 service_count = 256
}

if you are using multiple system UIDs. See https://wiki.dovecot.org/Services#imap.2C_pop3.2C_submission.2C_managesieve

service_count can be changed from 1 if only a single UID is used for mail users. This is improves performance, but it's less secure, because bugs in code may leak email data from another user's earlier connection.

Aki