2.1 to 2.2 server migration Qs: sanity check, config ?
I have an old Centos 6 running dovecot 2.1.17 with Postfix 2.1x, mysql virtual domains, in the process of setting a new Centos 7 to migrate, copied /etc/dovecot, made some minor edits to get rid of errors, added Letsencrypt in place of self certified certs, it seems to work, using mail client I can log on StartSSL/110/143, TLS/995/993 with no visible errors when login on
is there any other sanity checks I should do ? before I start putting users on it ?
attaching dovecot.conf at the end, appreciate any suggestion or correction
I see a lot of these warning, are they benign?
#grep Warning /var/log/dovecot.log | wc 74 1102 6900 # wc /var/log/dovecot.log 174 2299 19716 /var/log/dovecot.log
Dec 16 00:57:12 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Dec 16 00:57:52 auth: Warning: auth client 0 disconnected with 1 pending requests: EOF Dec 16 00:57:59 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer
( as I've re used an old host name, I can see some users already trying to connect, they must've never removed this server name when it was shut down, perhaps they're generating these errors, repeatedly logging on ?)
# doveadm who username # proto (pids) (ips) five@aaa.com.au 1 imap (9047) (35.196.255.170) seven@aaa.com.au 1 imap (9056) (104.196.21.108) eight@aaa.com.au 1 imap (9062) (35.196.255.170) five@aa.com.au 2 imap (9240 9044) (203.194.43.48 35.196.255.170) six@aa.com.au 2 imap (9248 9063) (203.194.43.48 35.185.44.87) postbox@aa.com.au 1 imap (9057) (104.196.178.232) eight@aa.com.au 2 imap (9244 9050) (203.194.43.48 35.196.255.170) seven@aa.com.au 2 imap (9055 9242) (104.196.21.108 203.194.43.48) six@aaa.com.au 1 imap (9054) (35.185.44.87)
doveconf -n -c /etc/dovecot/test/dovecot.conf > /etc/dovecot/test/dovecot.conf.new
# cat dovecot.conf.new
# 2.2.33.2 (d6601f4ec): /etc/dovecot/test/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * log_path = /var/log/dovecot.log mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ mail_plugins = quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-master-users-password driver = passwd-file master = yes } plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk quota = dict:user::proxy::quotadict quota_rule = *:storage=1G quota_warning = storage=85%% quota-warning 85 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = /%Lh/sieve/dovecot.sieve sieve_dir = /%Lh/sieve sieve_global_dir = /var/vmail/sieve sieve_global_path = /var/vmail/sieve/dovecot.sieve } protocols = pop3 imap sieve service auth { unix_listener /var/spool/postfix/dovecot-auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { process_limit = 500 service_count = 1 } service pop3-login { service_count = 1 } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert =
Please read between the lines =)
at least you should remove autocreate plugin.
On December 15, 2017 at 4:47 PM voytek@sbt.net.au wrote:
I have an old Centos 6 running dovecot 2.1.17 with Postfix 2.1x, mysql virtual domains, in the process of setting a new Centos 7 to migrate, copied /etc/dovecot, made some minor edits to get rid of errors, added Letsencrypt in place of self certified certs, it seems to work, using mail client I can log on StartSSL/110/143, TLS/995/993 with no visible errors when login on
is there any other sanity checks I should do ? before I start putting users on it ?
attaching dovecot.conf at the end, appreciate any suggestion or correction
I see a lot of these warning, are they benign?
#grep Warning /var/log/dovecot.log | wc 74 1102 6900 # wc /var/log/dovecot.log 174 2299 19716 /var/log/dovecot.log
Dec 16 00:57:12 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Dec 16 00:57:52 auth: Warning: auth client 0 disconnected with 1 pending requests: EOF Dec 16 00:57:59 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer
( as I've re used an old host name, I can see some users already trying to connect, they must've never removed this server name when it was shut down, perhaps they're generating these errors, repeatedly logging on ?)
# doveadm who username # proto (pids) (ips) five@aaa.com.au 1 imap (9047) (35.196.255.170) seven@aaa.com.au 1 imap (9056) (104.196.21.108) eight@aaa.com.au 1 imap (9062) (35.196.255.170) five@aa.com.au 2 imap (9240 9044) (203.194.43.48 35.196.255.170) six@aa.com.au 2 imap (9248 9063) (203.194.43.48 35.185.44.87) postbox@aa.com.au 1 imap (9057) (104.196.178.232) eight@aa.com.au 2 imap (9244 9050) (203.194.43.48 35.196.255.170) seven@aa.com.au 2 imap (9055 9242) (104.196.21.108 203.194.43.48) six@aaa.com.au 1 imap (9054) (35.185.44.87)
doveconf -n -c /etc/dovecot/test/dovecot.conf > /etc/dovecot/test/dovecot.conf.new
# cat dovecot.conf.new
# 2.2.33.2 (d6601f4ec): /etc/dovecot/test/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * log_path = /var/log/dovecot.log mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
The INDEX= is redundant.
mail_plugins = quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
You should read https://wiki.dovecot.org/SharedMailboxes/Shared
prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-master-users-password driver = passwd-file master = yes } plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk
autocreate & autosubscribe should be converted into
namespace { mailbox INBOX { auto = subscribe # (or just create if subscribing is not required) } }
quota = dict:user::proxy::quotadict quota_rule = *:storage=1G quota_warning = storage=85%% quota-warning 85 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = /%Lh/sieve/dovecot.sieve sieve_dir = /%Lh/sieve sieve_global_dir = /var/vmail/sieve sieve_global_path = /var/vmail/sieve/dovecot.sieve } protocols = pop3 imap sieve service auth { unix_listener /var/spool/postfix/dovecot-auth { group = postfix mode = 0666 user = postfix }
This could be mode = 0600
unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } }
You sure you need these?
service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { process_limit = 500 service_count = 1 } service pop3-login { service_count = 1 } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert =
should not be needed
lda_mailbox_autocreate = yes log_path = /var/log/sieve.log mail_plugins = quota sieve autocreate postmaster_address = root } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_max_userip_connections = 60 mail_plugins = quota imap_quota } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } #
Aki
On Sat, December 16, 2017 2:34 am, Aki Tuomi wrote:
Please read between the lines =)
at least you should remove autocreate plugin.
Aki, thanks.
I forgot to write this is meant as a plain vanilla pop/imap multi user/multi domain server, no special requirements or deviations should be needed
mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
The INDEX= is redundant.
so I go from mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ to mail_location = maildir:/%Lh/Maildir/
private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
You should read https://wiki.dovecot.org/SharedMailboxes/Shared
(not sure whether I might have tried shareing my mailbox across two domains for myself once?...maybe that's why it's there... not sure)
so I just remove this whole block:
namespace { type = shared separator = / prefix = Shared/%%u/ location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u # this namespace should handle its own subscriptions or not. subscriptions = yes list = children }
thanks again, sorry for dumb questions
Voytek
On December 16, 2017 at 1:44 AM voytek@sbt.net.au wrote:
On Sat, December 16, 2017 2:34 am, Aki Tuomi wrote:
Please read between the lines =)
at least you should remove autocreate plugin.
Aki, thanks.
I forgot to write this is meant as a plain vanilla pop/imap multi user/multi domain server, no special requirements or deviations should be needed
mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
The INDEX= is redundant.
so I go from mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ to mail_location = maildir:/%Lh/Maildir/
you could use
mail_location = maildir:~/Maildir
You can use mail_home (or home) to specify homedir, such as
/var/mail/%Ld/%Ln to get lowercase path.
private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
You should read https://wiki.dovecot.org/SharedMailboxes/Shared
(not sure whether I might have tried shareing my mailbox across two domains for myself once?...maybe that's why it's there... not sure)
so I just remove this whole block:
namespace { type = shared separator = / prefix = Shared/%%u/ location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u # this namespace should handle its own subscriptions or not. subscriptions = yes list = children }
thanks again, sorry for dumb questions
Voytek
No problem, it's better to ask than not. =)
Aki
participants (2)
-
Aki Tuomi
-
voytek@sbt.net.au