Limit IMAP/IMAPS listening IPs
Hello list.
I am running dovecot v2.2.13 on debian 8.8;
I tried to add a "address =" statement for only localhost and one private IP, but then I got a complaint from system:
dovecot[20515]: Error: systemd listens on port 143, but it's not configured in Dovecot. Closing.
What is the proper way to resolve this?
TIA & Regards,
Dudi
On 2017-06-24 17:59, Dudi Goldenberg wrote:
$ mkdir -p /etc/systemd/system/dovecot.socket.d $ vim /etc/systemd/system/dovecot.socket.d/ports.conf
content:
[Socket]
unset all ports defined in the global file
ListenStream=
add our new ports
ListenStream=[1.2.3.4]:143
$ systemctl daemon-reload $ systemctl restart dovecot.socket dovecot.service
-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org
This is why sane admins don't use the *EVIL* systemd
Thankfully there are still some modern distros that refuse to touch it.
Name sounds cute, the idea sounded OK, but the reality is, its a _REDACTED_ useless pile of REDACTED REDACTED REDACTED
On Sun, Jun 25, 2017 at 3:59 AM, Dudi Goldenberg <dudi@kolcore.com> wrote:
Hi,
I'm confused about FTS. https://wiki.dovecot.org/Tools/Doveadm/Index say's:
"Messages can also be added automatically to full text search index using:
plugin { ... fts_autoindex = yes }"
So I added "fts_autoindex = yes" into dovecot.conf (I'm using single config file). That's it? How to test FTS? Or I still must use some external indexing server?
-- Mart
Hi Mart,
I think it’s a bit more… you might want to refer to https://wiki.dovecot.org/Plugins/FTS <https://wiki.dovecot.org/Plugins/FTS>
You only mentioned the function to automatically start indexing. Nothing about were this should actually happen. We are using Solr…
mail_plugins = $mail_plugins fts fts_solr
and: plugin { fts = solr fts_solr = url=http://solr.example.org:8983/solr/ }
The autoindex does nothing more than automatically sending incoming mails to the FTS index system. Solr is external while Lucene is library based and saved inside the mailbox hierarchy. There even is an implementation for Elasticsearch.
For all options… you might want to observe the logs once it has been enabled.
Philon
Hi,
Noticed with latest v2.3.3 some new warning in logs, for example:
dovecot: auth: Warning: Event 0x80a6fc0 leaked (parent=(nil)): auth-client-connection.c:338: 1 Time(s) dovecot: auth: Warning: Event 0x80aa1c8 leaked (parent=(nil)): auth-client-connection.c:338: 1 Time(s) dovecot: auth: Warning: Event 0x80aa718 leaked (parent=(nil)): auth-client-connection.c:338: 1 Time(s) dovecot: auth: Warning: Event 0x80adac0 leaked (parent=(nil)): auth-client-connection.c:338: 1 Time(s) dovecot: auth: Warning: Event 0x80b6c38 leaked (parent=(nil)): auth-client-connection.c:338: 1 Time(s) dovecot: auth: Warning: Event 0x80c0e00 leaked (parent=(nil)): auth-client-connection.c:338: 1 Time(s) dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: EOF: 12 Time(s)
What are they?
-- Mart
Hi,
FYI, this is not fixed in v2.3.4:
Nov 23 16:03:24 xxx dovecot: master: Dovecot v2.3.4 (0ecbaf23d) starting up for imap, pop3, lmtp (core dumps disabled) Nov 23 16:03:53 xxx dovecot: auth: Warning: Event 0x80c2f28 leaked (parent=(nil)): auth-client-connection.c:338 Nov 23 16:03:53 xxx dovecot: auth: Warning: Event 0x80d71e0 leaked (parent=(nil)): auth-client-connection.c:338 Nov 23 16:03:53 xxx dovecot: auth: Warning: Event 0x80c3220 leaked (parent=(nil)): auth-client-connection.c:338
...
Aki Tuomi wrote:
-- Mart
On November 23, 2018 at 7:06 AM Mart Pirita <sysadmin@e-positive.ee> wrote:
FYI, this is not fixed in v2.3.4:
Correct. This is not a critical issue, so it will be fixed eventually but was not a priority for this release.
michael
Hi,
Build options - --sysconfdir=/etc/dovecot
doveconf -Pn > dovecot-new.conf doveconf: Fatal: open(/etc/dovecot/dovecot/dovecot.conf) failed: No such file or directory
I can make a symlink, but first I'd like to know is this a bug or misconfiguration.
-- Mart
On 3 Nov 2018, at 17.41, Mart Pirita <sysadmin@e-positive.ee> wrote:
Actually this specific event leak isn't a known issue. I don't really understand how it could happen. These event leaks are supposed to be checked only at process deinit. Is the auth process constantly being shutdown and restarted? What's your doveconf -n? Are you using Dovecot for SMTP authentication or some other external auth?
Hi,
Auth process is not constantly being shutdown and/or restarted and Dovecot is used for SMTP authentication (Postfix).
Checked few servers logs, they are running v2.3.3, for example latest (some day none, some day a lot, some day few) logs:
Nov 25 18:48:11 server1 dovecot: auth: Warning: Event 0x2b79250f15f0 leaked (parent=(nil)): auth-client-connection.c:338 Nov 25 18:48:11 server1 dovecot: auth: Warning: Event 0x2b79250ddc50 leaked (parent=(nil)): auth-client-connection.c:338 Nov 25 22:55:38 server1 dovecot: auth: Warning: Event 0x2b374a7bafb0 leaked (parent=(nil)): auth-client-connection.c:338 Nov 26 03:08:24 server1 dovecot: auth: Warning: Event 0x2b9b89e79040 leaked (parent=(nil)): auth-client-connection.c:338
Nov 25 04:38:04 server2 dovecot: auth: Warning: Event 0x2b4afb1ac370 leaked (parent=(nil)): auth-client-connection.c:338 Nov 25 04:38:04 server2 dovecot: auth: Warning: Event 0x2b4afb18eeb0 leaked (parent=(nil)): auth-client-connection.c:338 Nov 25 04:38:04 server2 dovecot: auth: Warning: Event 0x2b4afb183490 leaked (parent=(nil)): auth-client-connection.c:338 Nov 25 04:38:04 server2 dovecot: auth: Warning: Event 0x2b4afb18a900 leaked (parent=(nil)): auth-client-connection.c:338 Nov 25 04:38:04 server2 dovecot: auth: Warning: Event 0x2b4afb193d20 leaked (parent=(nil)): auth-client-connection.c:338
Conf:
2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
OS: Linux 2.6.18-419.el5 x86_64 CentOS release 5.11 (Final)
auth_cache_size = 1 k auth_failure_delay = 1 mins auth_mechanisms = plain login base_dir = /var/run/dovecot/ disable_plaintext_auth = no listen = * login_log_format_elements = %u %r %m %c mail_location = maildir:~/Maildir mail_log_prefix = "%s(%u): " mail_plugins = " mail_log notify" mbox_very_dirty_syncs = yes passdb { args = cache_key=#hidden_use-P_to_show# * driver = pam } plugin { autocreate = Drafts autocreate2 = Sent Items autosubscribe = Drafts autosubscribe2 = Sent Items fts_autoindex = yes mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size from subject vsize flags } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_ca = </etc/ssl/certs/mail.ca.crt ssl_cert = </etc/ssl/certs/mail.fullchain.cer ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes state_dir = /var/run/dovecot userdb { driver = passwd } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep delay-newmail imap_logout_format = %{rip}, bytes=%i/%o, del=%{deleted} mail_max_userip_connections = 90 } protocol pop3 { mail_max_userip_connections = 9 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_logout_format = bytes=%i/%o, del=%d/%m, size=%s }
Timo Sirainen wrote:
-- Mart
On 26 Nov 2018, at 13.16, Mart Pirita <sysadmin@e-positive.ee> wrote:
I suppose these are happening because of:
dovecot: auth: Warning: auth client 0 disconnected with 1 pending requests: EOF: 12 Time(s)
Which probably happens when Postfix disconnects from Dovecot before the authentication has finished.
I can reproduce these if I set up PAM authentication and then do:
doveadm auth test testuser wrongpass <ctrl-c>
Repeat the above a few times. Each time logs:
Nov 26 13:36:13.588354 auth: Warning: auth client 0 disconnected with 1 pending requests: EOF
Then stop Dovecot (or auth process at least):
Nov 26 13:36:23.403778 auth: Warning: Event 0x561565277db0 leaked (parent=(nil)): auth-client-connection.c:338
Hmm, can this be related to SMTP brute force attack attempts and Postfix, using conf:
smtpd_junk_command_limit = 2 smtpd_error_sleep_time = 15s smtpd_soft_error_limit = 5 smtpd_hard_error_limit = 10 smtpd_client_connection_count_limit = 5 smtpd_client_connection_rate_limit = 30
cuts connection and Dovecot gives error. But since Postfix conf have been same for a long time and these errors came with Dovecot 2.3.3, then seems I just must ignore them, however the error type is a bit spooky (like debug message), so maybe some human readable explanation in logs would be better. :).
Timo Sirainen wrote:
-- Mart
participants (9)
-
Aki Tuomi
-
Dudi Goldenberg
-
Hajo Locke
-
Marcus Rueckert
-
Mart Pirita
-
Michael Slusarz
-
Nick Edwards
-
Philon
-
Timo Sirainen