Re: [Dovecot] dovecot-uidlist crashing and re retriving messages by pop3 clients
I configure director temporary in some tricky way because I have to serve md5 and ntlm authentication method and I do not want reconfigure pop/imap servers.
Can you confirm I done all ok becouse I have that issue:
# doveadm director map doveadm(root): Error: User listing returned failure doveadm(root): Error: user listing failed user mail server ip expire time <unknown> 192.168.111.24 2013-02-14 00:57:34 <unknown> 192.168.111.21 2013-02-14 00:57:46
yet everything else works ok
My password_query: password_query = SELECT clear AS password, 'Y' as proxy, '%u' AS destuser, clear AS pass FROM postfix_users WHERE email = '%u'
My director server config (dovecot -n):
# dovecot -n # 2.1.13: /etc/dovecot/dovecot.conf # OS: Linux 3.7.1-hardened-r2 x86_64 Gentoo Base System release 2.1 auth_mechanisms = plain login digest-md5 cram-md5 ntlm apop auth_verbose = yes default_client_limit = 10000 default_process_limit = 10000 default_vsz_limit = 512 M deliver_log_format = from=%f, msgid=%m, psize=%p: %$ director_mail_servers = 192.168.111.21 192.168.111.22 192.168.111.23 192.168.111.24 192.168.111.25 192.168.111.26 director_servers = 195.78.67.29 director_user_expire = 2 hours disable_plaintext_auth = no passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = box msgid from size } protocols = imap pop3 service auth { client_limit = 10000 unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service director { inet_listener { port = 9090 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service pop3-login { executable = pop3-login director } ssl_ca =
I apologize for asking a question too fast without checking , I forgot look at logs.
Of course missing iterate_query
iterate_query = SELECT email AS user FROM postfix_users
On Wed, 2013-02-13 at 23:43 +0100, Piotr Rotter wrote:
I configure director temporary in some tricky way because I have to serve md5 and ntlm authentication method and I do not want reconfigure pop/imap servers.
Can you confirm I done all ok becouse I have that issue:
# doveadm director map doveadm(root): Error: User listing returned failure doveadm(root): Error: user listing failed user
All is working. If you want "doveadm director map" command to work you need to either:
a) Make "doveadm user '*'" command work by providing appropriate userdb configuration or
b) use doveadm director map -f userdb parameter where userdb is a file that lists all the usernames you have.
There's no need to use doveadm director map command at all though.
Thank you for your assistant.
Broken uidlist errors appears more than 10 time less frequently then in the past and still reduce.
I have question about director and no plain text auth methods. Now I have tricky query in director configuration. password_query = SELECT clear AS password, 'Y' as proxy, '%u' AS destuser, clear AS pass FROM postfix_users WHERE email = '%u'
Is there some method to make it better. Master password is a bit dangerous ( man in the middle ). Is director can relay no plain text authorization with out checking.
I have one more question, which is not concerned subject above. Is there any chance to set dovecot to be policy demon for postfix to check mailbox quota before mail are checking by (amavis, spamassassin, clamav) and before it is sending by lmtp. I think that it could reduce load.
On 16.2.2013, at 23.41, Piotr Rotter piotr.rotter@active24.pl wrote:
Thank you for your assistant.
Broken uidlist errors appears more than 10 time less frequently then in the past and still reduce.
I have question about director and no plain text auth methods. Now I have tricky query in director configuration. password_query = SELECT clear AS password, 'Y' as proxy, '%u' AS destuser, clear AS pass FROM postfix_users WHERE email = '%u'
Is there some method to make it better.
%u as destuser isn't necessary, since it's the default.
Master password is a bit dangerous ( man in the middle ). Is director can relay no plain text authorization with out checking.
If you set NULL as password, director won't verify the password. You could even use passdb static. But this increases director's memory usage since users are verified by backends and director needs to remember all the unknown user login attempts (from brute force bots).
If you want non-plaintext auth:
Master password is slightly annoying, but you can set up the system so that director won't accept it and backends can't be connected directly.
It would also in theory be possible to use a per-user master password by using e.g. md5(username | master_password) as the password, so the master password would never be actually visible in the network (actually adding some non-plaintext SASL auth client support for Dovecot would basically do that).
Or the director <-> backend auth could simply have its own list of randomly generated passwords for users.
I have one more question, which is not concerned subject above. Is there any chance to set dovecot to be policy demon for postfix to check mailbox quota before mail are checking by (amavis, spamassassin, clamav) and before it is sending by lmtp. I think that it could reduce load.
That's something I'm planning on creating.
participants (2)
-
Piotr Rotter
-
Timo Sirainen