2.1 to 2.2 server migration Qs: sanity check, config ?
I have an old Centos 6 running dovecot 2.1.17 with Postfix 2.1x, mysql virtual domains, in the process of setting a new Centos 7 to migrate, copied /etc/dovecot, made some minor edits to get rid of errors, added Letsencrypt in place of self certified certs, it seems to work, using mail client I can log on StartSSL/110/143, TLS/995/993 with no visible errors when login on
is there any other sanity checks I should do ? before I start putting users on it ?
attaching dovecot.conf at the end, appreciate any suggestion or correction
I see a lot of these warning, are they benign?
#grep Warning /var/log/dovecot.log | wc 74 1102 6900
wc /var/log/dovecot.log
174 2299 19716 /var/log/dovecot.log
Dec 16 00:57:12 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Dec 16 00:57:52 auth: Warning: auth client 0 disconnected with 1 pending requests: EOF Dec 16 00:57:59 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer
( as I've re used an old host name, I can see some users already trying to connect, they must've never removed this server name when it was shut down, perhaps they're generating these errors, repeatedly logging on ?)
doveadm who
username # proto (pids) (ips) five@aaa.com.au 1 imap (9047) (35.196.255.170) seven@aaa.com.au 1 imap (9056) (104.196.21.108) eight@aaa.com.au 1 imap (9062) (35.196.255.170) five@aa.com.au 2 imap (9240 9044) (203.194.43.48 35.196.255.170) six@aa.com.au 2 imap (9248 9063) (203.194.43.48 35.185.44.87) postbox@aa.com.au 1 imap (9057) (104.196.178.232) eight@aa.com.au 2 imap (9244 9050) (203.194.43.48 35.196.255.170) seven@aa.com.au 2 imap (9055 9242) (104.196.21.108 203.194.43.48) six@aaa.com.au 1 imap (9054) (35.185.44.87)
doveconf -n -c /etc/dovecot/test/dovecot.conf > /etc/dovecot/test/dovecot.conf.new
cat dovecot.conf.new
2.2.33.2 (d6601f4ec): /etc/dovecot/test/dovecot.conf
Pigeonhole version 0.4.21 (92477967)
OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 CentOS Linux release
7.4.1708 (Core) auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * log_path = /var/log/dovecot.log mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ mail_plugins = quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-master-users-password driver = passwd-file master = yes } plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk quota = dict:user::proxy::quotadict quota_rule = *:storage=1G quota_warning = storage=85%% quota-warning 85 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = /%Lh/sieve/dovecot.sieve sieve_dir = /%Lh/sieve sieve_global_dir = /var/vmail/sieve sieve_global_path = /var/vmail/sieve/dovecot.sieve } protocols = pop3 imap sieve service auth { unix_listener /var/spool/postfix/dovecot-auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { process_limit = 500 service_count = 1 } service pop3-login { service_count = 1 } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert = </etc/letsencrypt/..fullchain.pem ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol lda { auth_socket_path = /var/run/dovecot/auth-master lda_mailbox_autocreate = yes log_path = /var/log/sieve.log mail_plugins = quota sieve autocreate postmaster_address = root } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_max_userip_connections = 60 mail_plugins = quota imap_quota } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv }
Please read between the lines =)
at least you should remove autocreate plugin.
On December 15, 2017 at 4:47 PM voytek@sbt.net.au wrote:
I have an old Centos 6 running dovecot 2.1.17 with Postfix 2.1x, mysql virtual domains, in the process of setting a new Centos 7 to migrate, copied /etc/dovecot, made some minor edits to get rid of errors, added Letsencrypt in place of self certified certs, it seems to work, using mail client I can log on StartSSL/110/143, TLS/995/993 with no visible errors when login on
is there any other sanity checks I should do ? before I start putting users on it ?
attaching dovecot.conf at the end, appreciate any suggestion or correction
I see a lot of these warning, are they benign?
#grep Warning /var/log/dovecot.log | wc 74 1102 6900
wc /var/log/dovecot.log
174 2299 19716 /var/log/dovecot.log
Dec 16 00:57:12 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Dec 16 00:57:52 auth: Warning: auth client 0 disconnected with 1 pending requests: EOF Dec 16 00:57:59 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer
( as I've re used an old host name, I can see some users already trying to connect, they must've never removed this server name when it was shut down, perhaps they're generating these errors, repeatedly logging on ?)
doveadm who
username # proto (pids) (ips) five@aaa.com.au 1 imap (9047) (35.196.255.170) seven@aaa.com.au 1 imap (9056) (104.196.21.108) eight@aaa.com.au 1 imap (9062) (35.196.255.170) five@aa.com.au 2 imap (9240 9044) (203.194.43.48 35.196.255.170) six@aa.com.au 2 imap (9248 9063) (203.194.43.48 35.185.44.87) postbox@aa.com.au 1 imap (9057) (104.196.178.232) eight@aa.com.au 2 imap (9244 9050) (203.194.43.48 35.196.255.170) seven@aa.com.au 2 imap (9055 9242) (104.196.21.108 203.194.43.48) six@aaa.com.au 1 imap (9054) (35.185.44.87)
doveconf -n -c /etc/dovecot/test/dovecot.conf > /etc/dovecot/test/dovecot.conf.new
cat dovecot.conf.new
2.2.33.2 (d6601f4ec): /etc/dovecot/test/dovecot.conf
Pigeonhole version 0.4.21 (92477967)
OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 CentOS Linux release
7.4.1708 (Core) auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * log_path = /var/log/dovecot.log mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
The INDEX= is redundant.
mail_plugins = quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
You should read https://wiki.dovecot.org/SharedMailboxes/Shared
prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-master-users-password driver = passwd-file master = yes } plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk
autocreate & autosubscribe should be converted into
namespace { mailbox INBOX { auto = subscribe # (or just create if subscribing is not required) } }
quota = dict:user::proxy::quotadict quota_rule = *:storage=1G quota_warning = storage=85%% quota-warning 85 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = /%Lh/sieve/dovecot.sieve sieve_dir = /%Lh/sieve sieve_global_dir = /var/vmail/sieve sieve_global_path = /var/vmail/sieve/dovecot.sieve } protocols = pop3 imap sieve service auth { unix_listener /var/spool/postfix/dovecot-auth { group = postfix mode = 0666 user = postfix }
This could be mode = 0600
unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } }
You sure you need these?
service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { process_limit = 500 service_count = 1 } service pop3-login { service_count = 1 } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert = </etc/letsencrypt/..fullchain.pem ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol lda { auth_socket_path = /var/run/dovecot/auth-master
should not be needed
lda_mailbox_autocreate = yes log_path = /var/log/sieve.log mail_plugins = quota sieve autocreate postmaster_address = root } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_max_userip_connections = 60 mail_plugins = quota imap_quota } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv }
Aki
On Sat, December 16, 2017 2:34 am, Aki Tuomi wrote:
Please read between the lines =)
at least you should remove autocreate plugin.
Aki, thanks.
I forgot to write this is meant as a plain vanilla pop/imap multi user/multi domain server, no special requirements or deviations should be needed
mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
The INDEX= is redundant.
so I go from mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ to mail_location = maildir:/%Lh/Maildir/
private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
You should read https://wiki.dovecot.org/SharedMailboxes/Shared
(not sure whether I might have tried shareing my mailbox across two domains for myself once?...maybe that's why it's there... not sure)
so I just remove this whole block:
namespace { type = shared separator = / prefix = Shared/%%u/ location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u # this namespace should handle its own subscriptions or not. subscriptions = yes list = children }
thanks again, sorry for dumb questions
Voytek
On December 16, 2017 at 1:44 AM voytek@sbt.net.au wrote:
On Sat, December 16, 2017 2:34 am, Aki Tuomi wrote:
Please read between the lines =)
at least you should remove autocreate plugin.
Aki, thanks.
I forgot to write this is meant as a plain vanilla pop/imap multi user/multi domain server, no special requirements or deviations should be needed
mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
The INDEX= is redundant.
so I go from mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ to mail_location = maildir:/%Lh/Maildir/
you could use
mail_location = maildir:~/Maildir
You can use mail_home (or home) to specify homedir, such as
/var/mail/%Ld/%Ln to get lowercase path.
private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
You should read https://wiki.dovecot.org/SharedMailboxes/Shared
(not sure whether I might have tried shareing my mailbox across two domains for myself once?...maybe that's why it's there... not sure)
so I just remove this whole block:
namespace { type = shared separator = / prefix = Shared/%%u/ location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u # this namespace should handle its own subscriptions or not. subscriptions = yes list = children }
thanks again, sorry for dumb questions
Voytek
No problem, it's better to ask than not. =)
Aki
participants (2)
-
Aki Tuomi
-
voytek@sbt.net.au