> On 28/09/2025 04:36 EEST John via dovecot <dovecot@dovecot.org> wrote:
>
>
> Debian dovecot 2.4.1 /etc/dovecot/conf.d/20-lmtp.conf has the lines
> "mail_plugin" and "sieve = yes" commented-out by default.
>
> dovecot.conf should have a line at the bottom "!include_try local.conf".
> Uncomment this line. Place the above lines in /etc/dovecot/local.conf.
>
> Always run doveconf for syntax correctness. Invalid syntax in dovecot.conf
> will log.
>
> FYI: Many dovecot sections and variables can be overridden by later
> occurrences, but some are not. I run dovecot on Debian. Debian dovecot.conf
> concatenates conf.d/* into one file. The "passwd pam" { ... } cannot be
> overridden.
> Always run doveconf to see how many passwd and userdb sections show-up.
>
> Pro-tip: Remove the include conf.d/* lines in dovecot.conf. and just manually
> concatenate the conf.d/* lines in dovecot.conf. Everything in one place and
> your configuration won't break when an upgrade occurs. Do you want to have
> many changes in multiple files under conf.d/*?
>
> I filed a security bug with dovecot 2.4.1. I have not heard back. I read that
> I am supposed to file this kind of bug with the Linux Distro, Debian. The bug
> is 2.4.1 will give the same uid/gid to any account after the first
> authentication. Everyone else gets the same uid/gid and all clients start
> downloading the folders/email of this first uid/gid.
>
> 2.4.1 is not production ready.
>
> Stay with 2.3.+ until it is ready.
Such bug has not been reported to us yet, but it sounds overly broad. Lets see
if someone sends this to our way as well.
Aki
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
