Hi,
Trying to get rawlog working on dovecot 2.2.31 configured as per
https://wiki2.dovecot.org/Debugging/Rawlog
but
a) it doesnt appear to be loggin anything b) rawlog_dir which is supposed to be v2.2.26+ seems no where in site .. in fact complains about unknown variable
So does rawlog still do anything ???? Or am I missing something ... config is below ....
# 2.2.19: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.9 (357ac0a0e68b+) doveconf: Warning: service auth { client_limit=30000 } is lower than required under max. load (150032) doveconf: Warning: service anvil { client_limit=22000 } is lower than required under max. load (50027) # OS: Linux 3.10.0-327.4.4.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) auth_cache_negative_ttl = 2 mins auth_cache_size = 10 M auth_cache_ttl = 10 mins auth_master_user_separator = * auth_mechanisms = plain login auth_worker_max_count = 10000 default_client_limit = 50000 default_process_limit = 50000 disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags imap_hibernate_timeout = 1 mins imap_idle_notify_interval = 1 mins login_greeting = IMAP/POP3 ready - dev-dh-ro-ms-001-b mail_attachment_dir = /var/lib/dovecot/attachments/%Ld mail_cache_min_mail_count = 5 mail_plugins = " notify replication quota virtual" mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate vacation-seconds spamtest spamtestplus editheader mbox_write_locks = fcntl mmap_disable = yes namespace { inbox = yes list = yes location = mailbox Archive { auto = create special_use = \Archive } mailbox Drafts { auto = create special_use = \Drafts } mailbox Sent { auto = create special_use = \Sent } mailbox Spam { auto = create special_use = \Junk } mailbox Trash { auto = create special_use = \Trash } prefix = INBOX/ separator = / type = private } namespace { list = no location = virtual:/var/lib/dovecot/virtual:INDEXPVT=~/virtual prefix = virtual/ separator = / type = private } passdb { args = /etc/dovecot/sql_users.conf driver = sql } plugin { mail_log_events = delete expunge mail_log_fields = uid box msgid size mail_replica = tcp:dev-ms-001-a:4000 quota = dict:UserQuota::file:%h/dovecot-quota quota_rule2 = INBOX/Trash:storage=+10%% sieve = file:~/sieve/user;active=~/.dovecot.sieve sieve_default = file:/var/lib/dovecot/sieve/default.sieve sieve_default_name = default sieve_editheader_max_header_size = 1k sieve_extensions = +spamtest +spamtestplus +editheader +vacation-seconds sieve_global = file:/var/lib/dovecot/sieve sieve_quota_max_scripts = 5 sieve_spamtest_max_value = 200 sieve_spamtest_status_header = X-Spam-score-int: -?([[:digit:]]+) sieve_spamtest_status_type = score sieve_vacation_default_period = 10d sieve_vacation_max_period = 30d sieve_vacation_min_period = 1s } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_fast_size_lookups = yes protocols = imap pop3 lmtp sieve replication_dsync_parameters = -d -n INBOX -l 30 -U service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service anvil { client_limit = 22000 } service auth-worker { user = $default_internal_user } service auth { client_limit = 30000 unix_listener auth_client { mode = 0660 user = exim } } service doveadm { client_limit = 1 inet_listener { address = * port = 4000 } process_limit = 80 process_min_avail = 8 service_count = 10 } service imap-hibernate { client_limit = 8000 process_limit = 8 process_min_avail = 8 service_count = 0 unix_listener imap-hibernate { group = vmail mode = 0660 } } service imap-login { client_limit = 8000 inet_listener imap { port = 143 } process_limit = 8 process_min_avail = 8 service_count = 0 } service imap { client_limit = 1 process_limit = 50000 service_count = 100 } service managesieve-login { client_limit = 1000 inet_listener sieve { port = 4190 } process_limit = 8 process_min_avail = 8 service_count = 0 } service managesieve { process_limit = 1024 } service pop3-login { client_limit = 1000 inet_listener pop3 { port = 110 } process_limit = 8 process_min_avail = 8 service_count = 0 } service pop3 { process_limit = 10000 } service postlogin { executable = script-login -d rawlog unix_listener postlogin { group = atmail mode = 0660 } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = atmail mode = 0660 } } shutdown_clients = no ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { driver = prefetch } userdb { args = /etc/dovecot/sql_users.conf driver = sql } protocol imap { mail_max_userip_connections = 30000 mail_plugins = " notify replication quota virtual imap_quota" } protocol pop3 { mail_max_userip_connections = 30000 mail_plugins = " notify replication quota virtual" } protocol lmtp { auth_username_format = %Lu mail_plugins = " notify replication quota virtual sieve quota" postmaster_address = mailer-daemon }
Am 03.08.2017 um 01:04 schrieb Matt Bryant:
Hi,
Trying to get rawlog working on dovecot 2.2.31 configured as per
https://wiki2.dovecot.org/Debugging/Rawlog
but
a) it doesnt appear to be loggin anything b) rawlog_dir which is supposed to be v2.2.26+ seems no where in site .. in fact complains about unknown variable
So does rawlog still do anything ???? Or am I missing something ... config is below ....
# 2.2.19: /etc/dovecot/dovecot.conf
You run dovecot 2.2.19, not v2.2.26+.
From where did you take that specific version? CentOS 7 ships dovecot 2.2.10. I can recommend the usage of the dovecot packages from the ghettoforge.org repository. Then you are current (2.2.31 actually).
# Pigeonhole version 0.4.9 (357ac0a0e68b+) doveconf: Warning: service auth { client_limit=30000 } is lower than required under max. load (150032) doveconf: Warning: service anvil { client_limit=22000 } is lower than required under max. load (50027) # OS: Linux 3.10.0-327.4.4.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core)
Please, keep your systems up to date! At least your kernel is terribly out of date.
Regards
Alexander
On August 3, 2017 at 8:57 PM Alexander Dalloz <ad+lists@uni-x.org> wrote:
Am 03.08.2017 um 01:04 schrieb Matt Bryant:
Hi,
Trying to get rawlog working on dovecot 2.2.31 configured as per
https://wiki2.dovecot.org/Debugging/Rawlog
but
a) it doesnt appear to be loggin anything b) rawlog_dir which is supposed to be v2.2.26+ seems no where in site .. in fact complains about unknown variable
So does rawlog still do anything ???? Or am I missing something ... config is below ....
# 2.2.19: /etc/dovecot/dovecot.conf
You run dovecot 2.2.19, not v2.2.26+.
From where did you take that specific version? CentOS 7 ships dovecot 2.2.10. I can recommend the usage of the dovecot packages from the ghettoforge.org repository. Then you are current (2.2.31 actually).
# Pigeonhole version 0.4.9 (357ac0a0e68b+) doveconf: Warning: service auth { client_limit=30000 } is lower than required under max. load (150032) doveconf: Warning: service anvil { client_limit=22000 } is lower than required under max. load (50027) # OS: Linux 3.10.0-327.4.4.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core)
Please, keep your systems up to date! At least your kernel is terribly out of date.
Regards
Alexander
Most common mistake with rawlogs is to assume that the target directory gets created. It doesn't.
You need to make sure the target directory exists fully expanded, e.g. if you have target directory /tmp/rawlogs/%u, you need to create /tmp/rawlogs/victim and chmod it to 0777.
Aki
Sigh ... one issue was misconfig kinda forgot to add the script into imap service .. the other is I thought I had updated the dovecot package but that was on another instance to rawlog_dir wouldnt have been in that version. Rats .. its a shame there is not auto create though mis-read that one.
rgds
Matt
Aki Tuomi <mailto:aki.tuomi@dovecot.fi> 4 August 2017 at 4:05 am
Most common mistake with rawlogs is to assume that the target directory gets created. It doesn't.
You need to make sure the target directory exists fully expanded, e.g. if you have target directory /tmp/rawlogs/%u, you need to create /tmp/rawlogs/victim and chmod it to 0777.
Aki Alexander Dalloz <mailto:ad+lists@uni-x.org> 4 August 2017 at 3:57 am Am 03.08.2017 um 01:04 schrieb Matt Bryant:
Hi,
Trying to get rawlog working on dovecot 2.2.31 configured as per
https://wiki2.dovecot.org/Debugging/Rawlog
but
a) it doesnt appear to be loggin anything b) rawlog_dir which is supposed to be v2.2.26+ seems no where in site .. in fact complains about unknown variable
So does rawlog still do anything ???? Or am I missing something ... config is below ....
# 2.2.19: /etc/dovecot/dovecot.conf
You run dovecot 2.2.19, not v2.2.26+.
From where did you take that specific version? CentOS 7 ships dovecot 2.2.10. I can recommend the usage of the dovecot packages from the ghettoforge.org repository. Then you are current (2.2.31 actually).
# Pigeonhole version 0.4.9 (357ac0a0e68b+) doveconf: Warning: service auth { client_limit=30000 } is lower than required under max. load (150032) doveconf: Warning: service anvil { client_limit=22000 } is lower than required under max. load (50027) # OS: Linux 3.10.0-327.4.4.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core)
Please, keep your systems up to date! At least your kernel is terribly out of date.
Regards
Alexander Matt Bryant <mailto:devops@atmail.com> 3 August 2017 at 9:04 am Hi,
Trying to get rawlog working on dovecot 2.2.31 configured as per
https://wiki2.dovecot.org/Debugging/Rawlog
but
a) it doesnt appear to be loggin anything b) rawlog_dir which is supposed to be v2.2.26+ seems no where in site .. in fact complains about unknown variable
So does rawlog still do anything ???? Or am I missing something ... config is below ....
# 2.2.19: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.9 (357ac0a0e68b+) doveconf: Warning: service auth { client_limit=30000 } is lower than required under max. load (150032) doveconf: Warning: service anvil { client_limit=22000 } is lower than required under max. load (50027) # OS: Linux 3.10.0-327.4.4.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) auth_cache_negative_ttl = 2 mins auth_cache_size = 10 M auth_cache_ttl = 10 mins auth_master_user_separator = * auth_mechanisms = plain login auth_worker_max_count = 10000 default_client_limit = 50000 default_process_limit = 50000 disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags imap_hibernate_timeout = 1 mins imap_idle_notify_interval = 1 mins login_greeting = IMAP/POP3 ready - dev-dh-ro-ms-001-b mail_attachment_dir = /var/lib/dovecot/attachments/%Ld mail_cache_min_mail_count = 5 mail_plugins = " notify replication quota virtual" mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate vacation-seconds spamtest spamtestplus editheader mbox_write_locks = fcntl mmap_disable = yes namespace { inbox = yes list = yes location = mailbox Archive { auto = create special_use = \Archive } mailbox Drafts { auto = create special_use = \Drafts } mailbox Sent { auto = create special_use = \Sent } mailbox Spam { auto = create special_use = \Junk } mailbox Trash { auto = create special_use = \Trash } prefix = INBOX/ separator = / type = private } namespace { list = no location = virtual:/var/lib/dovecot/virtual:INDEXPVT=~/virtual prefix = virtual/ separator = / type = private } passdb { args = /etc/dovecot/sql_users.conf driver = sql } plugin { mail_log_events = delete expunge mail_log_fields = uid box msgid size mail_replica = tcp:dev-ms-001-a:4000 quota = dict:UserQuota::file:%h/dovecot-quota quota_rule2 = INBOX/Trash:storage=+10%% sieve = file:~/sieve/user;active=~/.dovecot.sieve sieve_default = file:/var/lib/dovecot/sieve/default.sieve sieve_default_name = default sieve_editheader_max_header_size = 1k sieve_extensions = +spamtest +spamtestplus +editheader +vacation-seconds sieve_global = file:/var/lib/dovecot/sieve sieve_quota_max_scripts = 5 sieve_spamtest_max_value = 200 sieve_spamtest_status_header = X-Spam-score-int: -?([[:digit:]]+) sieve_spamtest_status_type = score sieve_vacation_default_period = 10d sieve_vacation_max_period = 30d sieve_vacation_min_period = 1s } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_fast_size_lookups = yes protocols = imap pop3 lmtp sieve replication_dsync_parameters = -d -n INBOX -l 30 -U service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service anvil { client_limit = 22000 } service auth-worker { user = $default_internal_user } service auth { client_limit = 30000 unix_listener auth_client { mode = 0660 user = exim } } service doveadm { client_limit = 1 inet_listener { address = * port = 4000 } process_limit = 80 process_min_avail = 8 service_count = 10 } service imap-hibernate { client_limit = 8000 process_limit = 8 process_min_avail = 8 service_count = 0 unix_listener imap-hibernate { group = vmail mode = 0660 } } service imap-login { client_limit = 8000 inet_listener imap { port = 143 } process_limit = 8 process_min_avail = 8 service_count = 0 } service imap { client_limit = 1 process_limit = 50000 service_count = 100 } service managesieve-login { client_limit = 1000 inet_listener sieve { port = 4190 } process_limit = 8 process_min_avail = 8 service_count = 0 } service managesieve { process_limit = 1024 } service pop3-login { client_limit = 1000 inet_listener pop3 { port = 110 } process_limit = 8 process_min_avail = 8 service_count = 0 } service pop3 { process_limit = 10000 } service postlogin { executable = script-login -d rawlog unix_listener postlogin { group = atmail mode = 0660 } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = atmail mode = 0660 } } shutdown_clients = no ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { driver = prefetch } userdb { args = /etc/dovecot/sql_users.conf driver = sql } protocol imap { mail_max_userip_connections = 30000 mail_plugins = " notify replication quota virtual imap_quota" } protocol pop3 { mail_max_userip_connections = 30000 mail_plugins = " notify replication quota virtual" } protocol lmtp { auth_username_format = %Lu mail_plugins = " notify replication quota virtual sieve quota" postmaster_address = mailer-daemon }
participants (3)
-
Aki Tuomi
-
Alexander Dalloz
-
Matt Bryant