My plea to readers:

2 Oct 2013 · *getmail*


      Hi!
My plea to readers:
Pls., people who only want strictly technical issues to read, and frown
at any
broader context regardless how intrinsically related, but not strictly
technically related, it might be, skip all the way, all the way to,
search for
exact words: "strictly technical" or visually, find two lines of sole
"==="
characters.  Thank you!
Upon umptieth failure, and having cloned the system onto another same
arch,
much more: same MBO-model box (cloning and restoring clean is my
defence to get
the system into as clean a state as can be, after any longer time
online --I
had had systems comprimised, and now I am a little paranoid)...
So, after weeks of some failures in some phases of installations of
dovecot and
friends (as explained further in this text), I cloned the same system,
but from
previously taken clean backup, used it some time, and now I want to
update the
mailbox back because now the first system is in clean state, having I
restored from clean backup...
This is a Debian weekly testing install, which I clone btwn two same
MBO-model
boxes to keep it as clean as a non-expert user like me can have it...
To a
large extent I do trust installing and update/upgrading my systems from
the
weekly builds (but hey, why don't they PGP-sign those as kernel
tarballs and as
Grsecurity or Tor-browser tarballs are signed? any Debian developer
reading
this, why not?)... because I can check with some trust the weekly
builds' sums
for integrity, but how and why could or would I trust simply installing
anything straight from the internet?
By cloning (I used to dd disk dump when cloning, but nowadays it seems
faster
and reliable enough with Sysresccd's fsarchiver, so I dd just the small
boot
partition), by cloning I keep the system as close to clean as those
non-pgp-signed weekly builds allow...
Now add to that that the real FFmpeg is not allowed into Debian, and I
am a fan
of it (I very much use it, it's running almost all the time, on some or
other
of my systems), but you have to get it through deb-multimedia.org if
you want
it on Debian (what freedom is that, banning programs from official
repositories?!)...  and add to that that I want Grsecurity/Pax at all
cost, in
my system, and not:
http://www.nsa.gov/research/selinux/
which I don't want in my system, at all cost, but to which the Debian
current
leadership seems to be total-blind-fidelity bound to...
Add those and you get pretty much all the basic ingredients of my fight
for
freedom and true privacy which are layed siege onto in the GNU/Linux
Operating
System and the few related other free OS's, in most of its flavors and
branches
and deployments of the day, from the outside and also from the inside.
Because even with the long-delayed-in-updating gNewSense, for
insufficient
developer power (I mean: too few), probably, what's the use of the fine
deblobbed kernel if they put SELinux into it? Where's freedom with what
I
suspect can not be other than fake security with surreptitious
surveillance?
(BTW, go and ask people, but not loudly, who compile their Gentoo's
--there' a
link to my short post on forums.gentoo.org a few lines below-- like I
compile
(on other systems of mine), only a minority of very uninformed or some
special
entities' aficionados use anything other than Grsecurity on their
Hardened
Gentoos --and Gentoo is unquestionably the leader in hardening-- it's
not just
me, it's only that I am loud about it)...
But I also tried to call this issue to GNU-freedom seeking people's
attention
such as here:
https://lists.nongnu.org/archive/html/gnewsense-users/2013-09/msg00001.html
and entire thread: Grsecurity on gNewSense, but for real?
I didn't mean to dwell on these issues here, and it is not the reason I
write
my messege to dovecot-mailing list, but this is the broad perspective
of my,
and I am sure not only my case, of my deployment of dovecot and broadly
these
are the reasons why I deploy it on my system.
No, this broader picture I don't think is not off-topic. I did think
hard about
it...  No, I believe it is good to mention these issues in this
post-Snowden
era when the scale and scope of total surveillance can not be
successfully
sneered and scoffed at and dismissed, like some "exceptional" (Obama
talking to
the U.S. of A. nation in September 2013, in his quest for support,
thankfully
lacking, of then being planned Iraq-2003-like-in-pretence-and-lies
attack-to-be
on Syria)... like some "exceptional" people would want it (that's the
Gentoo
Forum's link mentioned above)...
http://forums.gentoo.org/viewtopic-t-967806.html
A case of actual protection of my Gentoo box by Grsecurity
At least these issues should not be anymore successfully sneered and
scoffed at
and dismissed, but we're all less and less free as mankind...
And, since I don't connect to my SOHO network the box which I open to
the
internet, I have mails to refilter into the very probably clean cloned
box...
And I need to refilter using dovecot (which I finally got to work)...
These lines, all the dozen or so paragraphs from the beginning up unto
here, do
appear first for reading, but are written just about all the very last,
after
the rest of the text below has already been written, except the final
proofreading notes intersparsed).
=============================================================================
Now nearly only strictly technical I go, for the sake of people who
prefer so.
That maildir mailbox being all poorly sorted (I must have made other
mistakes,
I am just still new and generally lack expertise in all these true
mailer
tools; but very impressed I am with them! thanks Sirainen, thanks
Varshavchik,
thanks MuttDude, thanks Venema, and all, I admire you people!), so I
removed
the old Maildir and I made this scriptlet:
This is my configuration:
me@mybox:# dovecot -n
# 2.1.17: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.9-grsec-130827 x86_64 Debian jessie/sid
auth_debug = yes
mail_debug = yes
mail_location = maildir:~/Maildir:LAYOUT=fs
mail_plugins = acl quota
mail_privileged_group = mail
namespace {
hidden = yes
inbox = yes
list = no
location = mbox:~/mail:INBOX=/var/mail/%u
prefix = "#mbox/"
separator = /
}
namespace {
location = maildir:~/Maildir
prefix =
separator = /
}
passdb {
args = dovecot
driver = pam
}
protocols = " imap"
ssl_cert = 
cd ~
maildirmake  Maildir
maildirmake -f Drafts Maildir/
maildirmake -f Sent Maildir/
maildirmake -f someFolder1 Maildir/
maildirmake -f someFolder2 Maildir/
maildirmake -f someFolder2.Facebk Maildir/
One note: pls. don't get me wrong, I hate Stasibook (Facebk above is
less
typing, but it's for Facebook mail), I just would like to learn enough
to teach
and get at least some of my friends who "socialize" there out of reach
of those
stasi-like entities that Zuck and his Gang serve all the "socializing"
users'
data to, which is so hard a task for me to do, but which desire keeps
me moving
in this steep-learning-curve quest of mine that got me this far where I
am now,
with dovecot and other tools. That is the reason I am still subscribed
there,
to be able to follow what my people do, occasionally. I'm not logging
into that
walled-off sewage-like stasi hole featuring as virtual garden!
I saved that scriplet as maildirmake_00.sh, then
$ chmod 755 maildirmake_00.sh
and ran it.
me@mybox:~$ ./maildirmake_00.sh
And I have, I guess so far, all correct:
me@mybox:~$ ls -la Maildir/
total 40
drwx------ 10 mr mr 4096 Oct  1 23:06 .
drwxr-xr-x 33 mr mr 4096 Oct  1 23:06 ..
drwx------  2 mr mr 4096 Oct  1 23:06 cur
drwx------  5 mr mr 4096 Oct  1 23:06 .Drafts
drwx------  5 mr mr 4096 Oct  1 23:06 .someFolder1
drwx------  5 mr mr 4096 Oct  1 23:06 .someFolder2
drwx------  5 mr mr 4096 Oct  1 23:06 .someFolder2.Facebk
drwx------  2 mr mr 4096 Oct  1 23:06 new
drwx------  5 mr mr 4096 Oct  1 23:06 .Sent
drwx------  2 mr mr 4096 Oct  1 23:06 tmp
me@mybox:~$
I really hope no mistake I made so far.
someFolder1 and someFolder2 are for two different servers I get my mail
from.
Will probably need to tell some more about them later if the thread
develops,
when the problems I have are more fully explained/solved/expanded.
Now the dovecot. It has, in Debian, and I'm on weekly testing branch,
currently
up to date, actually last week's, that's just a little behind...  It
has
15-mailboxes.conf like this (only pasting non-commented lines),
/etc/dovecot/conf.d/15-mailboxes.conf
namespace inbox {
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
mailbox Sent {
special_use = \Sent
}
}
[ here is a time lapse of cca 5-10 hours ]
Well, since I began writing, I realized that I can get the namespace to
work
properly, but exactly only without the above:
/etc/dovecot/conf.d/15-mailboxes.conf
(I mean with all the lines above commented out)
It kept telling me this (in the logs I find):
Error: user me: Initialization failed: namespace configuration error:
Duplicate
namespace prefix
Let me first say that it's I finally got closer to solution, and saw
directories with mutt as ~/Maildir/this/that instead of what maildirs
are:
~/Maildir/.this.that only after getting the following in the
10-mail.conf
/etc/dovecot/conf.d/10-mail.conf:
mail_location = maildir:~/Maildir:LAYOUT=fs
mail_plugins = acl quota
namespace {
separator = /
location = mbox:~/mail:INBOX=/var/mail/%u
inbox = yes
hidden = yes
list = no
}
namespace {
separator = /
prefix =
location = maildir:~/Maildir
}
It's what is recommended in  on the wiki and maybe
other places.
But only after the 15-mailboxes.conf was completely commented out.
Now I can view my mailbox from anywhere on my network, I guess (tried
from the other
box and from the same box with mutt, it works!).
So namespace is solved I guess.
However, for my mail system to completely function in the right
GNU/Linux way,
I have to get more GNU good things together in harmony. Naming some of
the
other dovecot friends:
*getmail*, which hands on to *maildrop* for delivery...
And *postfix* with TLS for sending mail, via 465 port, *stunnel*...
That bit feels
daunting to me, really...
This namespace thing also cost me a few ounces of raw nerves and some
occasional darkness in feelings...
The worse is still before my mind constantly: still not being able to
send mail
the normal way, since the normal way is simply not in cleartext
anymore... I
probably could just fine sent to port 25, but after all the political
persecution and censorship that as homeland-living dissident I suffered
and
still suffer, I don't see that as a solution at all...
The obscured morale that I was upon me for a while is due to that
stunnel
connection not being yet set up... So, sending this from the web yet, I
guess
(prepared upfront, jealous of my time fixing systems that suffer from
strange
behavior or break whenever I'm longer online)...
However, since I have been writing this not really hoping to get the
namespace
working in the process (quite a few days I spent on it, and weeks on
mail
system altogether, I can only hope to get the stunnel right if I really
study
it as if attending university classes, I'm afraid, just like the
hurdles that I
went finally past cost me real studying your manuals, my GNU freedom
heros!)...
...And this message I having had started some five or ten hours ago [
before
the final broader picture paragraphs that are all in the beginning part
of the
message; this very note is at the time of the very last proofreading ],
now I
see that I went different direction before discovering the setup for
namespace
that worked for me.
How I used maildirmake (it's the maildrop's not the dovecot's one) I
thought
but now see doesn't probably have much to do with the solution for
namespace I
found.
I leave it there though, because I need to fix the mailbox by
refiltering it,
with the aid of the dovecot server, similar to how it is explained in:
http://wiki.dovecot.org/HowTo/RefilterMail
Because I got some syntax wrong in ~/.mailfiler for the maildrop MDA,
and then
I got some of those wrongly named (numbered, no a-z, only 0-9 digits in
names)
fake mailing-list folders that can be seen in my post on mutt
mailing-list:
http://marc.info/?l=mutt-users&m=138021971816188&w=2
(the .muttrc however is completely different now, sure, than in that
link)
I hope the main, the namespace dovecot part of this message may elicit
someone's advice, if they got past that phase with the
15-mailboxes.conf at its
default. Or it is explained in the manuals I need to give a second or a
third
read to understand them...
And I'll be back to report if I made ordered mails in my Maildir right
with the
refiltering. Just pls. allow time, I'm a late adopter, I'm 56 years of
age,
can't make these things as quick as you youngsters do it.
Thanks for the fine Dovecot mail server!
Miroslav Rovis
Zagreb, Croatia

[Dovecot] Dovecot namespace solved while writing; preparing to refilter

miro.rovis＠croatiafidelis.hr

My plea to readers:

=============================================================================

tags

participants (1)