Please read between the lines =)
at least you should remove autocreate plugin.
On December 15, 2017 at 4:47 PM voytek@sbt.net.au wrote:
I have an old Centos 6 running dovecot 2.1.17 with Postfix 2.1x, mysql virtual domains, in the process of setting a new Centos 7 to migrate, copied /etc/dovecot, made some minor edits to get rid of errors, added Letsencrypt in place of self certified certs, it seems to work, using mail client I can log on StartSSL/110/143, TLS/995/993 with no visible errors when login on
is there any other sanity checks I should do ? before I start putting users on it ?
attaching dovecot.conf at the end, appreciate any suggestion or correction
I see a lot of these warning, are they benign?
#grep Warning /var/log/dovecot.log | wc 74 1102 6900
wc /var/log/dovecot.log
174 2299 19716 /var/log/dovecot.log
Dec 16 00:57:12 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Dec 16 00:57:52 auth: Warning: auth client 0 disconnected with 1 pending requests: EOF Dec 16 00:57:59 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer
( as I've re used an old host name, I can see some users already trying to connect, they must've never removed this server name when it was shut down, perhaps they're generating these errors, repeatedly logging on ?)
doveadm who
username # proto (pids) (ips) five@aaa.com.au 1 imap (9047) (35.196.255.170) seven@aaa.com.au 1 imap (9056) (104.196.21.108) eight@aaa.com.au 1 imap (9062) (35.196.255.170) five@aa.com.au 2 imap (9240 9044) (203.194.43.48 35.196.255.170) six@aa.com.au 2 imap (9248 9063) (203.194.43.48 35.185.44.87) postbox@aa.com.au 1 imap (9057) (104.196.178.232) eight@aa.com.au 2 imap (9244 9050) (203.194.43.48 35.196.255.170) seven@aa.com.au 2 imap (9055 9242) (104.196.21.108 203.194.43.48) six@aaa.com.au 1 imap (9054) (35.185.44.87)
doveconf -n -c /etc/dovecot/test/dovecot.conf > /etc/dovecot/test/dovecot.conf.new
cat dovecot.conf.new
2.2.33.2 (d6601f4ec): /etc/dovecot/test/dovecot.conf
Pigeonhole version 0.4.21 (92477967)
OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 CentOS Linux release
7.4.1708 (Core) auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * log_path = /var/log/dovecot.log mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
The INDEX= is redundant.
mail_plugins = quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
You should read https://wiki.dovecot.org/SharedMailboxes/Shared
prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-master-users-password driver = passwd-file master = yes } plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk
autocreate & autosubscribe should be converted into
namespace { mailbox INBOX { auto = subscribe # (or just create if subscribing is not required) } }
quota = dict:user::proxy::quotadict quota_rule = *:storage=1G quota_warning = storage=85%% quota-warning 85 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = /%Lh/sieve/dovecot.sieve sieve_dir = /%Lh/sieve sieve_global_dir = /var/vmail/sieve sieve_global_path = /var/vmail/sieve/dovecot.sieve } protocols = pop3 imap sieve service auth { unix_listener /var/spool/postfix/dovecot-auth { group = postfix mode = 0666 user = postfix }
This could be mode = 0600
unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } }
You sure you need these?
service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { process_limit = 500 service_count = 1 } service pop3-login { service_count = 1 } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert = </etc/letsencrypt/..fullchain.pem ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol lda { auth_socket_path = /var/run/dovecot/auth-master
should not be needed
lda_mailbox_autocreate = yes log_path = /var/log/sieve.log mail_plugins = quota sieve autocreate postmaster_address = root } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_max_userip_connections = 60 mail_plugins = quota imap_quota } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv }
Aki