- dovecot - dovecot.org

Debug: open(/proc/self/io) failed: Permission denied
by se＠maildaddy.eu 01 Jun '24

01 Jun '24

Tried all kinds of user setup, and read what I found on different foras, but still get: "Debug: open(/proc/self/io) failed: Permission denied" Is anyone able to spot the misconfig? Thanks in advance! This is my dovecot -n: # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 () # OS: Linux 5.4.70-050470-generic x86_64 Ubuntu 20.04.6 LTS # Hostname: host auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_username_format = %Ln mail_location = maildir:~/Maildir mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { auto = create special_use = \Drafts } mailbox Junk { auto = create special_use = \Junk } mailbox Sent { auto = create special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = create special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 lmtp imap lmtp pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = </etc/letsencrypt/live/mail.spijoing.com/fullchain.pem ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes userdb { driver = passwd }

2 2

problem setting sieve_vacation_send_from_recipient = yes
by schuerbel＠vodafonemail.de 01 Jun '24

01 Jun '24

Hello, dovecot sieve sends vacation replies with an empty FROM: field by default. Sadly my provider rejects such emails. I tried to change this behavior by adding sieve_vacation_send_from_recipient = yes to the plugin section in dovecot.conf. But still vacation replies are send with empty FROM: fields. Is there any further setting i have to change ? My Version is dovecot 2.3.16 (7e2e900c1a) on Ubuntu 22.04 . Here is my setting from dovecot -n : log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:~/Maildir mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_vacation_send_from_recipient = yes } protocols = imap sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } user = root } ssl_cert = </etc/ssl/localcerts/servercert_pub.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = # hidden, use -P to show it userdb { driver = passwd } userdb { driver = passwd } verbose_ssl = yes protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = torben(a)garfield.no-work.to quota_full_tempfail = yes rejection_reason = Your message to <%t> was automatically rejected:%n%r } regards TS

1 0

sasl database
by Jeff P 01 Jun '24

01 Jun '24

Hello, Is there a guide for using a customized SASL database for dovecot? for example, SQLite. Thanks in advance.

3 2

Pigenohole bad commands limits and proposed minor patch
by John Fawcett 01 Jun '24

01 Jun '24

Hi I was looking into Pigeonhole behaviour in the case of managesieve receiving invalid input either before or after login. I can see that there are hard coded limits after 3 sequential bad commands prior to authentication and 20 after authentication. I was wondering if there is a reason for those values. Sieve is a protocol that is used with software and except for the limited use case of testing it is not used by people typing manually. I don't know of a lot of sieve clients. Unfortunately the one I used in Thunderbird is no longer maintained, so I only have roundcube. But do legitimate sieve clients in general make a lot of mistakes? An additional doubt about errors that I am seeing is that differently to imap and pop3 there doen't appear to be a dedicated ssl port. I only have starttls configured. I do see what look like people trying to connect with ssl directly on port 4190, which with my configuration is never going to be valid. I am attaching a very simple proposed patch to make the error limits configurable via the following settings in conf.d/20-managesieve.conf with defaults as per the existing hard coded ones: managesieve_max_command_errors = 20 managesieve_login_max_command_errors = 3 I have similar doubts about imap error limits but I'll start with sieve ones. John

1 0

Unable to get quotas working
by Adam Miller 01 Jun '24

01 Jun '24

Ubuntu Version: Linux 6.2.0-1017-aws x86_64 Ubuntu 22.04.4 LTS nfs4 Postfix: Version: 3.6.4 Dovecot Version: 2.3.16 (7e2e900c1a) Pigeonhole Version: 0.5.16 (09c29328) Rspamd Version: 3.8.4 Protocols: IMAP, LMTP, SMTP Setup: I have an email server running with virtual domains and virtual mailboxes that is currently hosting about 10GB of email across 15 domains and 8 mailboxes which will expand drastically once I get this to work. The server is an AWS EC2 instance with an AWS RDS instance for the database and using AWS EFS for storage. Everything works quite well except quotas! Problem: I am having an issue with getting quotas to work. When using “doveadm”, I can list the mailboxes however the “Limit” column is just a hyphen “-“ like there is no limit even though every account is set to 10GB for their limit in the database. At the same time, the actual used storage and messages is not getting updated in the database either yet there are no errors from what I can see in the logging. Configuration from “dovecot -n”: auth_debug = yes auth_mechanisms = plain login auth_verbose = yes auth_worker_max_count = 5 base_dir = /var/run/dovecot debug_log_path = /var/log/dovecot/debug.log default_internal_group = ardaemail default_internal_user = ardaemail dict { quota = mysql:/etc/dovecot/inc.d/inc.quota.user.sql.conf } info_log_path = /var/log/dovecot/info.log instance_name = ec2-us-east-1a-arda-mail-001.ardaemail.com listen = 172.16.0.200 log_path = /var/log/dovecot/general.log login_greeting = Welcome to ArdaEmail mail_debug = yes mail_gid = ardaemail mail_location = maildir:/mnt/mail/%d/%n mail_plugins = " quota" mail_uid = ardaemail maildir_stat_dirs = yes namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = no special_use = \Drafts } mailbox Junk { auto = no autoexpunge = 30 days special_use = \Junk } mailbox "Junk E-mail" { auto = no autoexpunge = 30 days special_use = \Junk } mailbox "Junk Email" { auto = no autoexpunge = 30 days special_use = \Junk } mailbox Sent { auto = no special_use = \Sent } mailbox "Sent Items" { auto = no special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = subscribe autoexpunge = 30 days special_use = \Junk } mailbox Trash { auto = no autoexpunge = 30 days special_use = \Trash } prefix = } passdb { args = /etc/dovecot/inc.d/inc.sql.conf driver = sql } plugin { imapsieve_mailbox1_before = file:/etc/dovecot/sieve.d/spam/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Junk imapsieve_mailbox2_before = file:/etc/dovecot/sieve.d/spam/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Junk imapsieve_mailbox2_name = * quota = dict:quota::proxy::quota quota_exceeded_message = 452 4.2.2 Mailbox is full and cannot receive any more emails recipient_delimiter = + sieve_after = /etc/dovecot/sieve.d/after/ sieve_before = /etc/dovecot/sieve.d/before/ sieve_extensions = +spamtest +spamtestplus +virustest +notify +imapflags sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /etc/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms sieve_quota_max_storage = 0 sieve_spamtest_max_header = X-Spam-Score: -?[[:digit:]]+\.[[:digit:]]+ / (-?[[:digit:]]+\.[[:digit:]]) sieve_spamtest_status_header = X-Spam-Score: (-?[[:digit:]]+\.[[:digit:]]+) / -?[[:digit:]]+\.[[:digit:]] sieve_spamtest_status_type = score } protocols = imap lmtp service auth-worker { group = ardaemail user = ardaemail } service auth { group = ardaemail unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = ardaemail mode = 0666 user = ardaemail } user = ardaemail } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service imap { group = ardaemail user = ardaemail } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 } } service submission-login { inet_listener submission { port = 0 } } ssl = required ssl_cert = </etc/letsencrypt/live/mail.ardaemail.com/fullchain.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes userdb { args = /etc/dovecot/inc.d/inc.sql.conf driver = sql } verbose_ssl = yes protocol imap { mail_plugins = " quota imap_sieve imap_quota quota" } protocol lmtp { mail_plugins = " quota sieve imap_quota quota" } Configuration for “/etc/dovecot/inc.d/inc.quota.user.sql.conf”: connect = host=mydb dbname=mydb user=mydbuser password=mydbpass map { pattern = priv/quota/storage table = mailbox username_field = email value_field = size } map { pattern = priv/quota/limit/storage table = mailbox username_field = email value_field = quota } map { pattern = priv/quota/messages table = mailbox username_field = email value_field = size_messages } map { pattern = priv/quota/limit/storage table = mailbox username_field = email value_field = quota_messages } Configuration from “/etc/dovecot/inc.d/inc.sql.conf”: driver = mysql connect = host=mydb dbname=mydb user=mydbuser password=mydbpass default_pass_scheme = BLF-CRYPT password_query = SELECT email AS user, password FROM mailbox WHERE email = '%u'; user_query = SELECT maildir AS home, 10000 AS uid, 10000 AS gid, 'dict:quota::proxy::quota' AS quota FROM mailbox WHERE email = '%u'; iterate_query = SELECT email AS username, size, 'dict:quota::proxy::quota' AS quota FROM mailbox ORDER BY domainName ASC, email ASC; Database Table: “mailbox” CREATE TABLE `mailbox` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `uuid` varchar(36) NOT NULL, `domainUuid` varchar(36) NOT NULL, `domainName` varchar(96) DEFAULT NULL, `username` varchar(96) NOT NULL DEFAULT '', `password` varchar(128) NOT NULL, `firstname` varchar(32) NOT NULL, `lastname` varchar(32) NOT NULL, `email` varchar(192) NOT NULL DEFAULT '', `maildir` text NOT NULL, `quota` bigint(24) NOT NULL DEFAULT 0, `quota_messages` bigint(24) NOT NULL DEFAULT 0, `size` bigint(24) NOT NULL DEFAULT 0, `size_messages` bigint(24) NOT NULL DEFAULT 0, `isActive` tinyint(1) NOT NULL DEFAULT 1, `createdAt` datetime NOT NULL DEFAULT current_timestamp(), `updatedAt` datetime NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(), PRIMARY KEY (`id`), UNIQUE KEY `UNIQUE_UUID` (`uuid`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; Where “username” is the first part of the email address and “email” is the full email address. I need to query using the full email address because of possible cross domain email addresses. Output from “doveadm quota get -A”: Username Quota name Type Value Limit % HIDDEN quota STORAGE 570742 - 0 HIDDEN quota MESSAGE 0 - 0 HIDDEN quota STORAGE 1 - 0 HIDDEN quota MESSAGE 0 - 0 HIDDEN quota STORAGE 1 - 0 HIDDEN quota MESSAGE 0 - 0 HIDDEN quota STORAGE 1068 - 0 HIDDEN quota MESSAGE 0 - 0 HIDDEN quota STORAGE 462 - 0 HIDDEN quota MESSAGE 0 - 0 HIDDEN quota STORAGE 41165 - 0 HIDDEN quota MESSAGE 0 - 0 HIDDEN quota STORAGE 1598246 - 0 HIDDEN quota MESSAGE 0 - 0 HIDDEN quota STORAGE 695776 - 0 HIDDEN quota MESSAGE 0 - 0 I have no idea what is wrong and I have been at this for over 12 hours trying to get the quotas to work. What I am expecting us when emails are delivered for the “quota” and “messages” columns in the “mailbox” table to be updated and when I run “doveadm quota get -A” to show me the current usages and limits for each mailbox. Once I have that working, I will move on to actually rejecting emails via Postfix + Dovecot LMTP when a users mailbox is full but right now, I am just trying to get this to work. Any help is greatly appreciated. Also, I tried creating an account for the mailing list but never received the email. Thank you!

3 5

Gather statistics to check effectivity of spam filter?
by Camilo Sperberg 30 May '24

30 May '24

Hi list :) We want to make some changes to our spam filter, but we first want to be able to check if what we do does have any effect. So I was thinking of storing in our statistics if somebody moves an email to their Junk folder (or even better: vice versa). I have created the following metric for this: metric imap_command_move { filter = event=imap_command_finished AND cmd_name="UID MOVE" AND (cmd_args = "* Junk" OR cmd_args = "* INBOX") group_by = cmd_args } And when I move something to the Junk folder I get the following after a doveadm stats dump: (...) imap_command_move duration 5 252529 27061 124989 50505.80 34476 37503.81 124989 imap_command_move_15_Junk duration 1 124989 124989 124989 124989.00 124989 0.00 124989 imap_command_move_14_Junk duration 1 38725 38725 38725 38725.00 38725 0.00 38725 imap_command_move_12_INBOX duration 1 27061 27061 27061 27061.00 27061 0.00 27061 imap_command_move_13_INBOX duration 1 27278 27278 27278 27278.00 27278 0.00 27278 imap_command_move_3_INBOX duration 1 34476 34476 34476 34476.00 34476 0.00 34476 In my example, I moved 6 messages: 2 from INBOX to Junk, 1 from INBOX to a separate folder, 2 from Junk back to INBOX and 1 from the separate folder back to INBOX. However, because I'm grouping by cmd_args, it includes the full parameters: IMAP command’s full parameters (e.g. 1:* FLAGS) https://doc.dovecot.org/admin_manual/list_of_events/#imap-command Is there a way to filter out the first part so that I ideally get a stat named imap_command_move_Junk & imap_command_move_INBOX? Is there perhaps a way to get to know specifically the from and to folders the user is moving the mail from and to? Thanks!

1 0

mbox parsing failed and crashed
by runtomaker＠gmail.com 28 May '24

28 May '24

In below data getting from Postfix. Dovecot imap protocol when fetching mails returns no data. So program crashing when parsing mbox file. Mbox file: "From info(a)asd.com Tue May 28 14:53:11 2024 Return-Path: <info(a)asd.com> X-Original-To: test(a)example.com Delivered-To: test(a)example.com Subject: asd " Error: "Panic: file istream-header-filter.c: line 663 (i_stream_header_filter_snapshot_free): assertion failed: (snapshot->mstream->snapshot_pending)"

1 1

Oauth2 MFA config
by Scott Q. 24 May '24

24 May '24

Anyone managed to get Dovecot working as smoothly with OAUTH2 as Gmail has with Outlook ? So that for example when you add the account up in Outlook it performs all the required steps for saving the device, getting tokens, etc. Ideally with a custom ID provider, not Google as described here: https://doc.dovecot.org/configuration_manual/authentication/oauth2/

2 1

I can't configure shared mailbox ACLs using LDAP information
by moso.mosoleu＠gmail.com 24 May '24

24 May '24

It shouldn't be impossible, but I've tried countless ways and not even ChatGPT 4o was able to help me! :D I use three LDIF files to get OpenLDAP ready for testing. In the first LDIF I just modify the schema to add the associatedDomain attributes (then I could configure the server to serve more than one domain). The second LDIF is to add 4 objects to the schema that I use to differentiate accounts that actually receive/send emails and have a password; another thing done in it is to add a "groupOfUniqueNamesWithMail" object that allows the "mail" and "mailEnabled" attributes that are then necessary to use in the entries created in the "shared-mailboxes" OU. Finally, the third LDIF populates the LDAP by creating OUs, user accounts and creating entries in "shared-mailboxes" that serve to say which user accounts have access to which other user accounts. When I start the email server, sending and receiving emails works perfectly. And mailbox shares work as expected if I manually use, for each share, the command: doveadm acl set -u admin(a)mydomain.com.br INBOX user=user.1(a)mydomain.com.br lookup read write write-seen write-deleted insert post expunge create delete But just as authentication works perfectly via LDAP, I believe there must be a way to configure Dovecot to dynamically adjust ACLs via LDAP. The configuration in principle would be this: acl_search_base = ou=shared-mailboxes,dc=mydomain,dc=com,dc=br acl_search_filter = (&(objectClass=groupOfUniqueNamesWithMail)(|(uniqueMember=mail=%u,ou=system-accounts,dc=mydomain,dc=com,dc=br)(uniqueMember=mail=%u,ou=department-accounts ,dc=mydomain,dc=com,dc=br)(uniqueMember=mail=%u,ou=mailing-accounts,dc=mydomain,dc=com,dc=br)(uniqueMember=mail=%u,ou=person -accounts,dc=mydomain,dc=com,dc=br))) acl_user = %u Testing this filter on the command line with "ldapsearch" the expected results are returned. I mean, I enter an email address from a user account and the result is all the other user account email addresses that the first one would have access to. Any charitable soul who is willing to help and needs more information, just say what you need and I will try to respond as quickly as possible. I will place the content of the three LDIFs below. [ 01-modify_domain.ldif ] dn: dc=mydomain,dc=com,dc=br changetype: modify add: objectClass objectClass: domainRelatedObject - add: associatedDomain associatedDomain: mydomain.com.br - add: associatedDomain associatedDomain: anotherdomain.com.br [ 02-add_my_object_classes_to_schema.ldif ] # Object class for system user accounts dn: cn=SystemAccount,cn=schema,cn=config objectClass: olcSchemaConfig cn: SystemAccount olcObjectClasses: ( 1.3.6.1.4.1.99999.1.1 NAME 'SystemAccount' DESC 'Object class for system accounts' SUP top AUXILIARY ) # Object class for department user accounts dn: cn=DepartmentAccount,cn=schema,cn=config objectClass: olcSchemaConfig cn: DepartmentAccount olcObjectClasses: ( 1.3.6.1.4.1.99999.1.2 NAME 'DepartmentAccount' DESC 'Object class for department accounts' SUP top AUXILIARY ) # Object class for mailing user accounts dn: cn=MailingAccount,cn=schema,cn=config objectClass: olcSchemaConfig cn: MailingAccount olcObjectClasses: ( 1.3.6.1.4.1.99999.1.3 NAME 'MailingAccount' DESC 'Object class for mailing accounts' SUP top AUXILIARY ) # Object class for person user accounts dn: cn=PersonAccount,cn=schema,cn=config objectClass: olcSchemaConfig cn: PersonAccount olcObjectClasses: ( 1.3.6.1.4.1.99999.1.4 NAME 'PersonAccount' DESC 'Object class for person accounts' SUP top AUXILIARY ) # Object class that allows groupOfUniqueNames to have a mail attribute dn: cn=groupOfUniqueNamesWithMail,cn=schema,cn=config objectClass: olcSchemaConfig cn: groupOfUniqueNamesWithMail olcObjectClasses: ( 1.3.6.1.4.1.99999.1.5 NAME 'groupOfUniqueNamesWithMail' SUP groupOfUniqueNames STRUCTURAL MAY ( mail $ mailEnabled ) ) [ 03-initialize_mydomain.com.br.ldif ] ### Create organizaitonal units dn: ou=system-accounts,dc=mydomain,dc=com,dc=br ou: system-accounts objectClass: organizaitonalUnit objectClass: top dn: ou=department-accounts,dc=mydomain,dc=com,dc=br ou: department-accounts objectClass: organizaitonalUnit objectClass: top dn: ou=mailing-accounts,dc=mydomain,dc=com,dc=br ou: mailing-accounts objectClass: organizaitonalUnit objectClass: top dn: ou=person-accounts,dc=mydomain,dc=com,dc=br ou: person-accounts objectClass: organizaitonalUnit objectClass: top dn: ou=shared-mailboxes,dc=mydomain,dc=com,dc=br ou: shared-mailboxes objectClass: organizaitonalUnit objectClass: top ################################################################################ ## Create System User Accounts # not related to a person # can be accessed directly or indirectly by more than one person dn: mail=admin(a)mydomain.com.br,ou=system-accounts,dc=mydomain,dc=com,dc=br uid: admin userPassword: {SSHA} displayName: My Domain - Admin givenName: System sn: Admin cn: System Admin mail: admin(a)mydomain.com.br mailAlias: root(a)mydomain.com.br mailAlias: postmaster(a)mydomain.com.br mailEnabled: TRUE mailUidNumber: 5000 mailGidNumber: 5000 mailHomeDirectory: /var/mail/mydomain.com.br/system-accounts/admin/ mailStorageDirectory: maildir:/var/mail/mydomain.com.br/system-accounts/admin/ descripiton: My Domain - Admin (root/postmaster) objectClass: PostfixBookMailAccount objectClass: SystemAccount objectClass: inetOrgPerson objectClass: organizaitonalPerson objectClass: person objectClass: top dn: mail=smtp(a)mydomain.com.br,ou=system-accounts,dc=mydomain,dc=com,dc=br uid: smtp userPassword: {SSHA} displayName: My Domain - SMTP givenName: System sn: SMTP cn: System SMTP mail: smtp(a)mydomain.com.br mailAlias: no-reply(a)mydomain.com.br mailEnabled: TRUE mailUidNumber: 5000 mailGidNumber: 5000 mailHomeDirectory: /var/mail/mydomain.com.br/system-accounts/smtp/ mailStorageDirectory: maildir:/var/mail/mydomain.com.br/system-accounts/smtp/ descripiton: My Domain - System SMTP objectClass: PostfixBookMailAccount objectClass: SystemAccount objectClass: inetOrgPerson objectClass: organizaitonalPerson objectClass: person objectClass: top dn: mail=smtp-auditor(a)mydomain.com.br,ou=system-accounts,dc=mydomain,dc=com,dc=br uid: smtp-auditor userPassword: {SSHA} displayName: My Domain - SMTP Auditor givenName: System sn: SMTP Auditor cn: System SMTP Auditor mail: smtp-auditor(a)mydomain.com.br mailEnabled: TRUE mailUidNumber: 5000 mailGidNumber: 5000 mailHomeDirectory: /var/mail/mydomain.com.br/system-accounts/smtp-auditor/ mailStorageDirectory: maildir:/var/mail/mydomain.com.br/system-accounts/smtp-auditor/ descripiton: My Domain - System SMTP Auditor objectClass: PostfixBookMailAccount objectClass: SystemAccount objectClass: inetOrgPerson objectClass: organizaitonalPerson objectClass: person objectClass: top ################################################################################ ## Create Department User Accounts # not related to a person # can be accessed directly or indirectly by more than one person dn: mail=it(a)mydomain.com.br,ou=department-accounts,dc=mydomain,dc=com,dc=br uid: it userPassword: {SSHA} displayName: My Domain - Information Technology givenName: My Domain sn: IT cn: My Domain - IT mail: it(a)mydomain.com.br mailAlias: information.technology(a)mydomain.com.br mailEnabled: TRUE mailUidNumber: 5000 mailGidNumber: 5000 mailHomeDirectory: /var/mail/mydomain.com.br/department-accounts/it/ mailStorageDirectory: maildir:/var/mail/mydomain.com.br/department-accounts/it/ descripiton: My Domain - Information Technology (IT) objectClass: PostfixBookMailAccount objectClass: DepartmentAccount objectClass: inetOrgPerson objectClass: organizaitonalPerson objectClass: person objectClass: top ################################################################################ ## Create Mailing User Accounts # not related to a person # can be accessed directly or indirectly by more than one person dn: mail=everyone(a)mydomain.com.br,ou=mailing-accounts,dc=mydomain,dc=com,dc=br uid: everyone userPassword: {SSHA} displayName: My Domain - Everyone givenName: My Domain sn: everyone cn: My Domain - Everyone mail: everyone(a)mydomain.com.br mailAlias: everyone(a)mydomain.com.br mailEnabled: TRUE mailUidNumber: 5000 mailGidNumber: 5000 mailHomeDirectory: /var/mail/mydomain.com.br/mailing-accounts/everyone/ mailStorageDirectory: maildir:/var/mail/mydomain.com.br/mailing-accounts/everyone/ descripiton: My Domain - Everyone mailing list objectClass: PostfixBookMailAccount objectClass: MailingAccount objectClass: inetOrgPerson objectClass: organizaitonalPerson objectClass: person objectClass: top dn: mail=mailing.list.1(a)mydomain.com.br,ou=mailing-accounts,dc=mydomain,dc=com,dc=br uid: mailing.list.1 userPassword: {SSHA} displayName: My Domain - Mailing List 1 givenName: My Domain sn: Mailing List 1 cn: My Domain - Mailing List 1 mail: mailing.list.1(a)mydomain.com.br mailAlias: ml.1(a)mydomain.com.br mailEnabled: TRUE mailUidNumber: 5000 mailGidNumber: 5000 mailHomeDirectory: /var/mail/mydomain.com.br/mailing-accounts/mailing.list.1/ mailStorageDirectory: maildir:/var/mail/mydomain.com.br/mailing-accounts/mailing.list.1/ descripiton: My Domain - Mailing List 1 objectClass: PostfixBookMailAccount objectClass: MailingAccount objectClass: inetOrgPerson objectClass: organizaitonalPerson objectClass: person objectClass: top dn: mail=mailing.list.2(a)mydomain.com.br,ou=mailing-accounts,dc=mydomain,dc=com,dc=br uid: mailing.list.2 userPassword: {SSHA} displayName: My Domain - Mailing List 2 givenName: My Domain sn: Mailing List 2 cn: My Domain - Mailing List 2 mail: mailing.list.2(a)mydomain.com.br mailEnabled: TRUE mailUidNumber: 5000 mailGidNumber: 5000 mailHomeDirectory: /var/mail/mydomain.com.br/mailing-accounts/mailing.list.2/ mailStorageDirectory: maildir:/var/mail/mydomain.com.br/mailing-accounts/mailing.list.2/ descripiton: My Domain - Mailing List 2 objectClass: PostfixBookMailAccount objectClass: MailingAccount objectClass: inetOrgPerson objectClass: organizaitonalPerson objectClass: person objectClass: top ################################################################################ ## Create Person User Accounts dn: mail=user.1(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br uid: user.1 userPassword: {SSHA} displayName: User 1 givenName: User sn: 1 cn: User 1 mail: user.1(a)mydomain.com.br mailAlias: user.one(a)mydomain.com.br mailEnabled: TRUE mailUidNumber: 5000 mailGidNumber: 5000 mailHomeDirectory: /var/mail/mydomain.com.br/person-accounts/user.1/ mailStorageDirectory: maildir:/var/mail/mydomain.com.br/person-accounts/user.1/ descripiton: My Domain - User 1 objectClass: PostfixBookMailAccount objectClass: PersonAccount objectClass: inetOrgPerson objectClass: organizaitonalPerson objectClass: person objectClass: top dn: mail=user.2(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br uid: user.2 userPassword: {SSHA} displayName: User 2 givenName: User sn: 2 cn: User 2 mail: user.2(a)mydomain.com.br mailAlias: user.two(a)mydomain.com.br mailEnabled: TRUE mailUidNumber: 5000 mailGidNumber: 5000 mailHomeDirectory: /var/mail/mydomain.com.br/person-accounts/user.2/ mailStorageDirectory: maildir:/var/mail/mydomain.com.br/person-accounts/user.2/ descripiton: My Domain - User 2 objectClass: PostfixBookMailAccount objectClass: PersonAccount objectClass: inetOrgPerson objectClass: organizaitonalPerson objectClass: person objectClass: top dn: mail=user.3(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br uid: user.3 userPassword: {SSHA} displayName: User 3 givenName: User sn: 3 cn: User 3 mail: user.3(a)mydomain.com.br mailAlias: user.three(a)mydomain.com.br mailEnabled: TRUE mailUidNumber: 5000 mailGidNumber: 5000 mailHomeDirectory: /var/mail/mydomain.com.br/person-accounts/user.3/ mailStorageDirectory: maildir:/var/mail/mydomain.com.br/person-accounts/user.3/ descripiton: My Domain - User 3 objectClass: PostfixBookMailAccount objectClass: PersonAccount objectClass: inetOrgPerson objectClass: organizaitonalPerson objectClass: person objectClass: top ################################################################################ ## for Shared System User Accounts dn: cn=admin(a)mydomain.com.br,ou=shared-mailboxes,dc=mydomain,dc=com,dc=br mail: admin(a)mydomain.com.br mailEnabled: TRUE uniqueMember: mail=user.1(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br objectClass: groupOfUniqueNames objectClass: groupOfUniqueNamesWithMail objectClass: top ## for Shared Department User Accounts dn: cn=it(a)mydomain.com.br,ou=shared-mailboxes,dc=mydomain,dc=com,dc=br mail: it(a)mydomain.com.br mailEnabled: TRUE uniqueMember: mail=user.1(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br objectClass: groupOfUniqueNames objectClass: groupOfUniqueNamesWithMail objectClass: top ## for Shared Mailing User Accounts dn: cn=everyone(a)mydomain.com.br,ou=shared-mailboxes,dc=mydomain,dc=com,dc=br mail: everyone(a)mydomain.com.br mailEnabled: TRUE uniqueMember: mail=user.1(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br uniqueMember: mail=user.2(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br uniqueMember: mail=user.3(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br objectClass: groupOfUniqueNames objectClass: groupOfUniqueNamesWithMail objectClass: top dn: cn=mailing.list.1(a)mydomain.com.br,ou=shared-mailboxes,dc=mydomain,dc=com,dc=br mail: mailing.list.1(a)mydomain.com.br mailEnabled: TRUE uniqueMember: mail=user.2(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br uniqueMember: mail=user.3(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br objectClass: groupOfUniqueNames objectClass: groupOfUniqueNamesWithMail objectClass: top dn: cn=mailing.list.2(a)mydomain.com.br,ou=shared-mailboxes,dc=mydomain,dc=com,dc=br mail: mailing.list.2(a)mydomain.com.br mailEnabled: TRUE uniqueMember: mail=user.1(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br objectClass: groupOfUniqueNames objectClass: groupOfUniqueNamesWithMail objectClass: top ## for Shared User Accounts dn: cn=user.2(a)mydomain.com.br,ou=shared-mailboxes,dc=mydomain,dc=com,dc=br mail: user.2(a)mydomain.com.br mailEnabled: FALSE uniqueMember: mail=user.1(a)mydomain.com.br,ou=person-accounts,dc=mydomain,dc=com,dc=br objectClass: groupOfUniqueNames objectClass: groupOfUniqueNamesWithMail objectClass: top

3 3

Command "doveadm director kick ...." doesn't work
by g.carabella＠panservice.it 23 May '24

23 May '24

Hi, I have a Dovecot installation (version 2.3.16) with 3 directors and 4 backend servers. Three backend servers have the director_tag 'new', one has the director_tag 'old'. The users are on the DB, the director_tag is a table field. I want to migrate mailboxes from the old backend (Maildir format) to the new (mdbox format). For the migration I use the "doveadm backup" command and everything works fine. The problem I'm having is that I can't kick the user (if logged in). Once the migration is done (as indicated https://doc.dovecot.org/3.0/man/doveadm-sync.1/) I modify the user's home, mail_location and director_tag and then execute the command "doveadm director kick ..." but the connection on the directors is not killed. Why does this problem occur? Could it be due to the use of the director_tag and the fact that for the command "doveadm director kick ..." it is not possible to specify it? Even if I run the command "doveadm director move mailbox_account new_backend_server", the director adds a new connection but does not kill the previous one, with the result that there are two connections for the same user, one on the new backend and one on the old one. I also tried to configure the director_tag only for the 3 new servers, but the "director kick" still doesn't work.

1 0