[Dovecot] v2.0.beta4 released
http://dovecot.org/releases/2.0/beta/dovecot-2.0.beta4.tar.gz http://dovecot.org/releases/2.0/beta/dovecot-2.0.beta4.tar.gz.sig
I think this release is finally feature complete. There are still some bugs left to be fixed, but it's mainly in the dsync/mdbox area. v2.0.rc1 should hopefully be out in a couple of weeks. After that v2.0.0 will be released after no serious bugs have been found for a couple of weeks.
Major changes since beta3:
auth process now runs as $dovecot_internal_user ("dovecot") by default. Auth worker processes still run as root by default, so this won't break PAM etc, but it could break passwd-file configurations.
It can now read v1.2's dovecot.conf file. If you find that it won't read your config, let me know and I'll see about adding code to fix it. It'll log warnings about each obsolete setting it sees. The easiest way to get rid of the warnings is to just translate your old config to v2.0: doveconf -n -c old.conf > new.conf
auth passdb/userdb configuration in example-config is now a bit different .. hopefully less confusing to new people than the old one.
added support for auth settings (including passdb/userdb) inside protocol sections, so it'll affect only those protocols
mail_plugins can now be set more easily. you can have a single global mail_plugins and then add more plugins to it like protocol imap { mail_plugins = $mail_plugins imap_quota }
doveconf finally shows all settings, including all protocol, local and remote sections
doveadm quota get|recalc command added. This is a plugin (yeah, doveadm now supports plugins!), so you must have a global mail_plugins=quota setting for the command to show up.
doveadm kick user/network to kick out logged in users (by sending TERM signal to processes). This was written by Pascal Volk.
and of course tons and tons of fixes all around
On Mon, Mar 22, 2010 at 02:11:35AM +0200, Timo Sirainen wrote:
I think this release is finally feature complete. There are still some bugs left to be fixed, but it's mainly in the dsync/mdbox area. v2.0.rc1 should hopefully be out in a couple of weeks. After that v2.0.0 will be released after no serious bugs have been found for a couple of weeks.
Hi,
when you say feature complete, has the "--exec-mail" option been dropped?
Regards Thomas
On 03/22/2010 09:37 AM Thomas Leuxner wrote:
Hi,
when you say feature complete, has the "--exec-mail" option been dropped?
--exec-mail is no longer needed. If you want for example start a imap session, just enter the command: /usr/local/libexec/dovecot/imap And you will see:
- PREAUTH [CAPABILITY IMAP4rev1 … Logged in as $USER
Regards, Pascal
The trapper recommends today: cafebabe.1008109@localdomain.org
On Mon, Mar 22, 2010 at 09:48:21AM +0100, Pascal Volk wrote:
--exec-mail is no longer needed. If you want for example start a imap session, just enter the command: /usr/local/libexec/dovecot/imap And you will see:
- PREAUTH [CAPABILITY IMAP4rev1 … Logged in as $USER
Fair enough, thanks :)
On 22.3.2010, at 10.48, Pascal Volk wrote:
On 03/22/2010 09:37 AM Thomas Leuxner wrote:
Hi,
when you say feature complete, has the "--exec-mail" option been dropped?
--exec-mail is no longer needed. If you want for example start a imap session, just enter the command: /usr/local/libexec/dovecot/imap And you will see:
- PREAUTH [CAPABILITY IMAP4rev1 … Logged in as $USER
Right. Although now that you mentioned it .. Maybe there should be -u parameter also for imap/pop3/etc which also does a userdb lookup so that it'll then be identical to actually logging in.
Am 22.03.2010 um 10:42 schrieb Timo Sirainen:
--exec-mail is no longer needed. If you want for example start a imap session, just enter the command: /usr/local/libexec/dovecot/imap And you will see:
- PREAUTH [CAPABILITY IMAP4rev1 … Logged in as $USER
Right. Although now that you mentioned it .. Maybe there should be -u parameter also for imap/pop3/etc which also does a userdb lookup so that it'll then be identical to actually logging in.
Let's say I trigger an ACL change by manually setting an administrative user (a permission). Doing so the 'dovecot-acl' file gets owned by the system user who triggered the change, in this case 'root'. Is this intended, as it will break the files OS permissions?
printf "1 setacl Public/Mailing-Lists/Mutt-Users tlx@leuxner.net +k\n" | USER=tlx@leuxner.net /usr/lib/dovecot/imap
- PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in as tlx@leuxner.net 1 OK Setacl complete. Info: Connection closed bytes=60/354 [21:30] root spectre:/var/vmail/public/Mailing-Lists/Mutt-Users# l total 256 drwx--S--- 2 vmail vmail 147456 2010-03-22 19:30 cur -rw------- 1 root vmail 59 2010-03-22 21:30 dovecot-acl -rw------- 1 vmail vmail 101 2010-03-22 18:46 dovecot-keywords -rw------- 1 vmail vmail 0 2010-03-21 22:18 dovecot-shared -rw------- 1 vmail vmail 88120 2010-03-22 19:27 dovecot-uidlist drwx--S--- 2 vmail vmail 4096 2010-03-22 19:30 new drwx--S--- 2 vmail vmail 4096 2010-03-22 19:27 tmp
Regards Thomas
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 22 Mar 2010, Thomas Leuxner wrote:
--exec-mail is no longer needed. If you want for example start a imap session, just enter the command: /usr/local/libexec/dovecot/imap And you will see:
- PREAUTH [CAPABILITY IMAP4rev1 … Logged in as $USER
Right. Although now that you mentioned it .. Maybe there should be -u parameter also for imap/pop3/etc which also does a userdb lookup so that it'll then be identical to actually logging in.
Let's say I trigger an ACL change by manually setting an administrative user (a permission). Doing so the 'dovecot-acl' file gets owned by the system user who triggered the change, in this case 'root'. Is this intended, as it will break the files OS permissions?
IMHO, I interprete it as "post AUTH" IMAP, meaning the process after auth had taken place. The user id had been changed earlier in the Dovecot process, hence, you need to su before.
http://www.mail-archive.com/dovecot%40dovecot.org/msg16350.html
last lines:
sudo -u test -H /usr/sbin/dovecot --exec-mail imap
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS6h/Tb+Vh58GPL/cAQK3qwgAvb3OKhfpPb/gbX9Dn8yJKuC/Dqbq804U bmV2a+e6CCFntPeLjcffSagCEidPvOtqX/fmc5RpbdlvYObUSQQDrjmfTgb+Gpn3 xBxURhmJ8t/Xo9XwiQv22k7vMlvcT1cvNyFQR0wbyCcazFfSEe1mOXY4NC1uhkod mXcBly5eJL8cNyhYEFDYcwSfYCCvP+QFivA6E6k4Af7xkIVyRGKqs4k7Cvnokg/2 Le+2+f90ArT1ORKlDu5emUgLyjubmjl0Ay+3RQxk2QLcmU9yRw8Yjq/f8nVaHTry yMWZDjZGTZ5llmf0pQ28i0AC8aCTlD/bkJ1aTYKza5rgH8K0V1ZA4Q== =ysPQ -----END PGP SIGNATURE-----
On 22/03/2010 01:11, Timo Sirainen wrote:
http://dovecot.org/releases/2.0/beta/dovecot-2.0.beta4.tar.gz http://dovecot.org/releases/2.0/beta/dovecot-2.0.beta4.tar.gz.sig
I think this release is finally feature complete. There are still some bugs left to be fixed, but it's mainly in the dsync/mdbox area. v2.0.rc1 should hopefully be out in a couple of weeks. After that v2.0.0 will be released after no serious bugs have been found for a couple of weeks.
In my (autoconverted) config, I have: service auth { unix_listener /var/run/dovecot/auth-client { mode = 0666 } user = _exim }
Which is the only place auth-client appears. However, dovecot is unable to start and logs this: 2010-03-24_13:26:41.22996 Fatal: Failed to start listeners 2010-03-24_13:26:42.26488 Error: service(auth): Socket already exists: /var/run/dovecot/auth-client
Whether I remove the socket or not, the socket is recreated and the error appears again.
If I remove the aforementioned conf snippet, then dovecot starts just fine and still creates the socket (but unwriteable from _exim user).
On Wed, 2010-03-24 at 14:31 +0100, Renaud Allard wrote:
In my (autoconverted) config, I have: service auth { unix_listener /var/run/dovecot/auth-client {
Could you send me your original dovecot.conf? Also what $prefix was it compiled into?
Anyway, you probably should remove /var/run/dovecot/ from the above path. But it should have done that automatically, so I'm not really sure what's going on.
Timo Sirainen tss@iki.fi writes:
On Wed, 2010-03-24 at 14:31 +0100, Renaud Allard wrote:
In my (autoconverted) config, I have: service auth { unix_listener /var/run/dovecot/auth-client {
Could you send me your original dovecot.conf? Also what $prefix was it compiled into?
Anyway, you probably should remove /var/run/dovecot/ from the above path. But it should have done that automatically, so I'm not really sure what's going on.
If this is supposed to be done by the fix_file_listener_paths routine in master-settings.c, it won't:
array_foreach(l, sets) { struct file_listener_settings *set = *sets;
expand_user(&set->user, master_set);
if (*set->path != '/') {
set->path = p_strconcat(pool, master_set->base_dir, "/",
set->path, NULL);
} else if (strncmp(set->path, master_set->base_dir,
base_dir_len) == 0 &&
set->path[base_dir_len] == '/') {
i_warning("You should remove base_dir prefix from "
"unix_listener: %s", set->path);
}
array_append(all_listeners, &set->path, 1);}
Based on reading through the code, I believe what's going on here is as follows: Listening on auth-client is something the program does by default. Because of the leading base_dir, the duplicates checking code in setting_link_add (lib-settings/settings-parser.c) doesn't detect that the explicit definition above is actually a duplicate definition. Because of the duplicate, the routine which is supposed to create 'unix listener sockets' will try to create the same socket twice which causes the observed failure.
Removing the base_dir prefix will cause the duplicate definition to be dropped. But this means that the OP will have to live with the default permissions for the auth-client socket which are 0600 and not 0666 as he wanted them to be. A better idea might be to support 'merging' duplicate socket definitions so that the second one would change the permissions for the first. This could be implemented with the help of an optional 'merge function pointer' in the list definition which would be called with the old and new 'property records' when a duplicate has been found. A related idea would be to also add an optional fixup routine pointer which could be used to do string transformations on the input data prior to the duplicates check.
NB: Each factual claim in this text is a conjecture.
On Wed, 2010-03-24 at 20:40 +0100, Rainer Weikusat wrote:
} else if (strncmp(set->path, master_set->base_dir, base_dir_len) == 0 && set->path[base_dir_len] == '/') { i_warning("You should remove base_dir prefix from " "unix_listener: %s", set->path); } .. Based on reading through the code, I believe what's going on here is as follows: Listening on auth-client is something the program does by default. Because of the leading base_dir, the duplicates checking code in setting_link_add (lib-settings/settings-parser.c) doesn't detect that the explicit definition above is actually a duplicate definition. Because of the duplicate, the routine which is supposed to create 'unix listener sockets' will try to create the same socket twice which causes the observed failure.
Yes, this is why there's the warning about removing base_dir prefix. So if there are both auth-client and /base_dir/auth-client, it'll first log the warning and then the duplicate error. So that hopefully tells the user something.. (There was a bug where the warning didn't get reported if base_dir ended with '/'.)
Removing the base_dir prefix will cause the duplicate definition to be dropped. But this means that the OP will have to live with the default permissions for the auth-client socket which are 0600 and not 0666 as he wanted them to be. A better idea might be to support 'merging' duplicate socket definitions so that the second one would change the permissions for the first.
It actually works like that! But that merging is in the config parsing code. So I didn't bother doubling the merging code, especially because at duplicate checking time it's not known which one of the duplicates comes first in the config.
A related idea would be to also add an optional fixup routine pointer which could be used to do string transformations on the input data prior to the duplicates check.
This is also possible. There's a check_func() callback. But it has the same problem as above, it's called too late.
participants (6)
-
Pascal Volk
-
Rainer Weikusat
-
Renaud Allard
-
Steffen Kaiser
-
Thomas Leuxner
-
Timo Sirainen