[Dovecot] dsync replication errors
Hi
I'm trying to build a cluster of two servers with dsync replication
(based on http://wiki2.dovecot.org/Replication). My test setup works
fine for very simple tests, I can log in to both servers, copy a
message to one of the servers and it successfully apperars in the other
account. But, if I try to copy a large amount of messages at once to
one of the accounts, my maillogs get flodded with errors(see below) and
the mailboxes seem to get out of sync and messages are duplicated over
and over again (I originally copied 100 messages and ended up with
thousands in both mailboxes until I killed dovecot)
I'd appreciate if someone could have a look at my config and tell me
what I did wrong.
dovecot.conf of both servers, they are identical except for the target
ip in mail_replica:
dovecot -n
# 2.2.beta1 (070ca24e5846+): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.19.1.el6.x86_64 x86_64 CentOS release 6.3
(Final) disable_plaintext_auth = no
mail_plugins = " notify replication"
namespace {
inbox = yes
location =
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
mail_replica = remote:vmail@192.168.23.62
}
protocols = pop3 imap
service aggregator {
fifo_listener replication-notify-fifo {
user = vmail
}
unix_listener replication-notify {
user = vmail
}
}
service auth {
unix_listener auth-master {
group = vmail
mode = 0660
user = vmail
}
user = root
}
service replicator {
process_min_avail = 1
}
ssl = no
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
Log on server1 after I copied 100 messages to an account on that server:
Jan 31 10:41:04 doco1 dovecot: imap-login: Login: user=, method=PLAIN,
rip=192.168.23.130, lip=192.168.23.61, mpid=1432, session=
Jan 31 10:42:12 doco1 dovecot: doveadm: Error: dsync-remote(user1): Warning:
Maildir /mailstore/user1/maildir: Expunged message reappeared, giving a new UID
(old uid=72, file=1359625327.M621257P1432.doco1,S=2472,W=2547:2,)
Jan 31 10:42:12 doco1 dovecot: dsync-local(user1): Error: Recent flags state
corrupted for mailbox INBOX
Jan 31 10:42:12 doco1 dovecot: doveadm: Error: dsync-remote(user1): Warning:
Maildir /mailstore/user1/maildir: Expunged message reappeared, giving a new UID
(old uid=73, file=1359625327.M740847P1432.doco1,S=2417,W=2492:2,)
Jan 31 10:42:12 doco1 dovecot: doveadm: Error: dsync-remote(user1): Warning:
Maildir /mailstore/user1/maildir: Expunged message reappeared, giving a new UID
(old uid=74, file=1359625328.M206735P1432.doco1,S=2400,W=2474:2,)
Jan 31 10:42:12 doco1 dovecot: doveadm: Error: dsync-remote(user1): Warning:
Maildir /mailstore/user1/maildir: Expunged message reappeared, giving a new UID
(old uid=75, file=1359625328.M668118P1432.doco1,S=2421,W=2496:2,)
Jan 31 10:42:12 doco1 dovecot: doveadm: Error: dsync-remote(user1): Warning:
Maildir /mailstore/user1/maildir: Expunged message reappeared, giving a new UID
(old uid=76, file=1359625329.M167578P1432.doco1,S=2480,W=2559:2,)
Jan 31 10:42:13 doco1 dovecot: doveadm: Error: dsync-remote(user1): Warning:
Maildir /mailstore/user1/maildir: Expunged message reappeared, giving a new UID
(old uid=77, file=1359625329.M520528P1432.doco1,S=2525,W=2604:2,)
Jan 31 10:42:14 doco1 dovecot: doveadm(user1): Warning:
/mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 132:
1359625329.M520528P1432.doco1,S=2525,W=2604 (uid 77 -> 133)
Jan 31 10:42:14 doco1 dovecot: doveadm(user1): Warning:
/mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 133:
1359625327.M621257P1432.doco1,S=2472,W=2547 (uid 72 -> 134)
Jan 31 10:42:14 doco1 dovecot: doveadm(user1): Warning:
/mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 134:
1359625327.M740847P1432.doco1,S=2417,W=2492 (uid 73 -> 135)
Jan 31 10:42:14 doco1 dovecot: doveadm(user1): Warning:
/mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 135:
1359625328.M206735P1432.doco1,S=2400,W=2474 (uid 74 -> 136)
Jan 31 10:42:14 doco1 dovecot: doveadm(user1): Warning:
/mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 136:
1359625328.M668118P1432.doco1,S=2421,W=2496 (uid 75 -> 137)
Jan 31 10:42:14 doco1 dovecot: doveadm(user1): Warning:
/mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 137:
1359625329.M167578P1432.doco1,S=2480,W=2559 (uid 76 -> 138)
Jan 31 10:42:14 doco1 dovecot: doveadm(user1): Warning:
/mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 139:
1359625329.M782065P1432.doco1,S=2461,W=2539 (uid 78 -> 140)
Jan 31 10:42:14 doco1 dovecot: doveadm(user1): Warning:
/mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 140:
1359625329.M973834P1432.doco1,S=2523,W=2602 (uid 79 -> 141)
Jan 31 10:42:14 doco1 dovecot: doveadm(user1): Warning:
/mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 141:
1359625330.M114922P1432.doco1,S=2546,W=2626 (
Re: [Dovecot] dsync replication errors
On 31.1.2013, at 12.27, Oli Schacher wrote: > I'm trying to build a cluster of two servers with dsync replication > (based on http://wiki2.dovecot.org/Replication). My test setup works > fine for very simple tests, I can log in to both servers, copy a > message to one of the servers and it successfully apperars in the other > account. But, if I try to copy a large amount of messages at once to > one of the accounts, my maillogs get flodded with errors(see below) and > the mailboxes seem to get out of sync and messages are duplicated over > and over again (I originally copied 100 messages and ended up with > thousands in both mailboxes until I killed dovecot) .. > Jan 31 10:42:12 doco1 dovecot: doveadm: Error: dsync-remote(user1): Warning: > Maildir /mailstore/user1/maildir: Expunged message reappeared, giving a new > UID (old uid=72, file=1359625327.M621257P1432.doco1,S=2472,W=2547:2,) Looks like some bug. Possibilities: a) Use mdbox format instead of maildir. It works better with dsync. b) Switch to v2.2 (latest hg version). It has a rewritte dsync that works better. Ideally do both. :)
Re: [Dovecot] dsync replication errors
> a) Use mdbox format instead of maildir. It works better with dsync. ok, I'll try that (although I was hoping I could avoid migrating all boxes on the server I was planning to use this feature) > > b) Switch to v2.2 (latest hg version). It has a rewritte dsync that > works better. the testsetup is already on 2.2 hg Thanks -- message transmitted on 100% recycled electrons
Re: [Dovecot] dsync replication errors
On 31.1.2013, at 14.06, Oli Schacher wrote: >> b) Switch to v2.2 (latest hg version). It has a rewritte dsync that >> works better. > > the testsetup is already on 2.2 hg Oh. But it's still beta1. There are several fixes done to dsync since beta1, including a fix for these maildir errors. I should release beta2 or maybe rc1 soon.
Re: [Dovecot] dsync replication errors
On Thu, 31 Jan 2013 14:27:08 +0200 Timo Sirainen wrote: > Oh. But it's still beta1. There are several fixes done to dsync since > beta1, including a fix for these maildir errors. I should release > beta2 or maybe rc1 soon. > hmm.. actually I think I built it from the latest hg (but I must admit I'm not really familiar with mercurial, so maybe I f*ckd up) dovecot -n tells me # 2.2.beta1 (070ca24e5846+): /etc/dovecot/dovecot.conf and 070ca24e5846 seems to be the latest commit according to http://hg.dovecot.org/dovecot-2.2/ (14 hours ago). not exactly sure why it says something about beta1. I tried with mdbox now.. same problem, although I don't see "Expunged message reappeared" anymore , but still tons of these: Server1: Jan 31 13:38:05 doco1 dovecot: doveadm: Error: dsync-remote(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=caec8e2a84650a518107960042f4 (UID=136) Jan 31 13:38:05 doco1 dovecot: doveadm: Error: dsync-remote(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=cbec8e2a84650a518107960042f4 (UID=135) Jan 31 13:38:05 doco1 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=caec8e2a84650a518107960042f4 (UID=148) Jan 31 13:38:05 doco1 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=caec8e2a84650a518107960042f4 (UID=156) Jan 31 13:38:05 doco1 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=cbec8e2a84650a518107960042f4 (UID=147) [...] Server2: Jan 31 13:38:03 doco2 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=caec8e2a84650a518107960042f4 (UID=80) Jan 31 13:38:03 doco2 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=cbec8e2a84650a518107960042f4 (UID=79) Jan 31 13:38:04 doco2 dovecot: doveadm: Error: dsync-remote(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=d0ec8e2a84650a518107960042f4 (UID=81) Jan 31 13:38:05 doco2 dovecot: doveadm: Error: dsync-remote(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=d0ec8e2a84650a518107960042f4 (UID=119) Jan 31 13:38:05 doco2 dovecot: doveadm: Error: dsync-remote(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=d0ec8e2a84650a518107960042f4 (UID=128) Jan 31 13:38:05 doco2 dovecot: doveadm: Error: dsync-remote(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=d0ec8e2a84650a518107960042f4 (UID=130) Jan 31 13:38:05 doco2 dovecot: doveadm: Error: dsync-remote(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=d0ec8e2a84650a518107960042f4 (UID=112) Jan 31 13:38:05 doco2 dovecot: doveadm: Error: dsync-remote(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=d3ec8e2a84650a518107960042f4 (UID=133) Jan 31 13:38:05 doco2 dovecot: doveadm: Error: dsync-remote(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=d2ec8e2a84650a518107960042f4 (UID=131) Jan 31 13:38:05 doco2 dovecot: doveadm: Error: dsync-remote(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=d1ec8e2a84650a518107960042f4 (UID=132) Jan 31 13:38:06 doco2 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=caec8e2a84650a518107960042f4 (UID=136) Jan 31 13:38:06 doco2 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=cbec8e2a84650a518107960042f4 (UID=135) [...] -- message transmitted on 100% recycled electrons
Re: [Dovecot] dsync replication errors
On 31.1.2013, at 14.46, Oli Schacher wrote: > On Thu, 31 Jan 2013 14:27:08 +0200 > Timo Sirainen wrote: > >> Oh. But it's still beta1. There are several fixes done to dsync since >> beta1, including a fix for these maildir errors. I should release >> beta2 or maybe rc1 soon. >> > > hmm.. actually I think I built it from the latest hg (but I must admit > I'm not really familiar with mercurial, so maybe I f*ckd up) > > dovecot -n tells me > # 2.2.beta1 (070ca24e5846+): /etc/dovecot/dovecot.conf > > and 070ca24e5846 seems to be the latest commit according to > http://hg.dovecot.org/dovecot-2.2/ (14 hours ago). not exactly sure why > it says something about beta1. So it seems. Looks like I've been browsing through your mails too quickly to pay attention. :) > I tried with mdbox now.. same problem, although I don't see "Expunged > message reappeared" anymore , but still tons of these: > > Server1: > Jan 31 13:38:05 doco1 dovecot: doveadm: Error: dsync-remote(user1): Error: > Mailbox INBOX: Remote didn't send mail GUID=caec8e2a84650a518107960042f4 > (UID=136) But there's no duplication now and it gets fixed eventually, right? And you can easily reproduce this by simply copying 100 mails from one folder to another? I'll see if I can reproduce.
Re: [Dovecot] dsync replication errors
> > I tried with mdbox now.. same problem, although I don't see > > "Expunged message reappeared" anymore , but still tons of these: > > > > Server1: > > Jan 31 13:38:05 doco1 dovecot: doveadm: Error: dsync-remote(user1): > > Error: Mailbox INBOX: Remote didn't send mail > > GUID=caec8e2a84650a518107960042f4 (UID=136) > > But there's no duplication now and it gets fixed eventually, right? > there's still duplication and it doesn't seem to get fixed (I have to kill dovecot eventually to make sure my disk doesn't get filled) > And you can easily reproduce this by simply copying 100 mails from > one folder to another? I'll see if I can reproduce. > yes. these are the steps to reproduce: start with a empty /mailstore on both server1 and server2 (configuration in dovecot-sql.conf: SELECT '/mailstore/%u' as home, 'mdbox:/mailstore/%u/mdbox' as mail, 500 as uid, 500 as gid FROM users WHERE username = '%u' ) start dovecot on server1 result: obviously, dovecot complains that the initial sync can't start since server2 is not yet running, but starts ok start dovecot on server2 result: all ok, no errors connect thunderbird to account user1 on server1 result: login ok, mdbox visible on disk, 0 messages in thunderbird copy exactly 100 messages from a spambox to user1's inbox on server1 result: maillog errors start popping up after a few seconds, message count in thunderbird goes way beyond 100 wait about 30 sec result: >10'000 messages in both boxes Let me know if you need more info. And thanks for looking into this! -- message transmitted on 100% recycled electrons
Re: [Dovecot] dsync replication errors
On 31.1.2013, at 15.10, Oli Schacher wrote: > connect thunderbird to account user1 on server1 > result: login ok, mdbox visible on disk, 0 messages > > in thunderbird copy exactly 100 messages from a spambox to user1's > inbox on server1 spambox not being in server1? So not IMAP COPY command, but APPEND?
Re: [Dovecot] dsync replication errors
On Thu, 31 Jan 2013 15:24:06 +0200 Timo Sirainen wrote: > On 31.1.2013, at 15.10, Oli Schacher wrote: > > > connect thunderbird to account user1 on server1 > > result: login ok, mdbox visible on disk, 0 messages > > > > in thunderbird copy exactly 100 messages from a spambox to user1's > > inbox on server1 > > spambox not being in server1? So not IMAP COPY command, but APPEND? > yes APPEND, the spambox where I got the messages from is on a completely different server. sorry for not mentioning that earlier.
[Dovecot] sieve_max_redirects=0 not working as documented
Hello
I'm trying to keep my users from using the "redirect" action with
pigeonhole from dovecot 2.0.21. As documented in
http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration I configured
sieve like this:
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_max_redirects = 0
}
(and doveconf indeed shows the new setting for sieve_max_redirects)
Unfortunately I can still use the redirect action:
lda(du...@univ-nantes.fr): Debug: sieve: executing script from
/vmail/d/u/dummy/.dovecot.svbin
lda(du...@univ-nantes.fr): sieve:
msgid=<510a758d.1030...@univ-nantes.fr>: forwarded to
what could I have missed?
Thanks,
Arnaud
--
Arnaud Abélard (jabber: arnaud.abel...@univ-nantes.fr)
Administrateur Système - Responsable Services Web
Direction des Systèmes d'Informations
Université de Nantes
-
ne pas utiliser: trapem...@univ-nantes.fr
[Dovecot] Dovecot 2.2.beta1 errors
From the command
>doveadm log errors
we get
Jan 31 15:41:12 imap(): Panic: Buffer full (8221 > 8192, pool
) Jan 31 15:41:12 imap(): Error: Raw backtrace:
/usr/local/lib/dovecot/libdovecot.so.0(+0x5b83a) [0x7ffbaa3a783a] ->
/usr/local/lib/dovecot/libdovecot.so.0(+0x5b886) [0x7ffbaa3a7886] ->
/usr/local/lib/dovecot/libdovecot.so.0(i_error+0) [0x7ffbaa36adaf] ->
/usr/local/lib/dovecot/libdovecot.so.0(+0x57cfc) [0x7ffbaa3a3cfc] ->
/usr/local/lib/dovecot/libdovecot.so.0(+0x5134f) [0x7ffbaa39d34f] ->
/usr/local/lib/dovecot/libdovecot.so.0(+0x4a02d) [0x7ffbaa39602d] ->
/usr/local/lib/dovecot/libdovecot.so.0(+0x4a0ca) [0x7ffbaa3960ca] ->
/usr/local/lib/dovecot/libdovecot.so.0(i_stream_read+0x64)
[0x7ffbaa3af924] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x6844c)
[0x7ffbaa3b444c] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x685f1)
[0x7ffbaa3b45f1] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x686d0)
[0x7ffbaa3b46d0] ->
/usr/local/lib/dovecot/libdovecot.so.0(i_stream_read+0x64)
[0x7ffbaa3af924] ->
/usr/local/lib/dovecot/libdovecot.so.0(i_stream_read_data+0x52)
[0x7ffbaa3afc32] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0x987ba)
[0x7ffbaa69a7ba] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_mail_get_binary_stream+0x135)
[0x7ffbaa69ac45] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mail_get_binary_stream+0x61)
[0x7ffbaa674481] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(imap_msgpart_open+0xb0)
[0x7ffbaa6cf980] -> dovecot/imap() [0x418619] -> dovecot/imap()
[0x4166e2] -> dovecot/imap(imap_fetch_more+0x31) [0x416911] ->
dovecot/imap(cmd_fetch+0x41f) [0x40cd9f] ->
dovecot/imap(command_exec+0x3d) [0x414e2d] -> dovecot/imap()
[0x41402e] -> dovecot/imap(client_handle_input+0x11d) [0x41431d] ->
dovecot/imap(client_input+0x6f) [0x41468f] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36)
[0x7ffbaa3b5fe6] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7)
[0x7ffbaa3b7027] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x28)
[0x7ffbaa3b5f88] Jan 31 15:41:12 imap(): Fatal: master:
service(imap): child 2236 killed with signal 6 (core dumped)
where is the offending user name. The error repeats at random intervals, I
guess related to the activity.
Since we are using Horde 5 on the front end we get the following errors from it:
Jan 31 15:02:59 thalia HORDE: [imp] Mail server closed the connection
unexpectedly. [pid 6402 on line 390 of
"/sys-data/WebData/horde/imp/lib/Imap.php"] Jan 31 15:02:59 thalia
HORDE: [imp] Operation failed due to a lack of a secure connection.
[pid 6402 on line 390 of "/sys-data/WebData/horde/imp/lib/Imap.php"]
Jan 31 15:02:59 thalia HORDE: [imp] Operation failed due to a lack of
a secure connection. [pid 6402 on line 390 of
"/sys-data/WebData/horde/imp/lib/Imap.php"] Jan 31 15:02:59 thalia
HORDE: [imp] Operation failed due to a lack of a secure connection.
[pid 6402 on line 94 of
"/sys-data/WebData/horde/imp/lib/Imap/Exception.php"]
We believe these are related to the above Dovecot error since they happens
together.
Is this a Dovecot problem?
Config attached.
Thanx
--
Andreas Kasenides
Senior IT Officer
Dept. of Computer Science,
University of Cyprus
Tel: 22892714, Fax: 22892701
# 2.2.beta1: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.19.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) nfs
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_first_valid_uid = 500
auth_gssapi_hostname =
auth_krb5_keytab =
auth_last_valid_uid = 0
auth_master_user_separator =
auth_mechanisms = plain
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation =
auth_verbose = yes
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /usr/local/var/run/dovecot
config_cache_size = 1 M
debug_log_path =
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_doveadm_port = 0
director_mail_servers =
director_servers =
director_user_expire = 15 mins
director_username_hash = %Lu
disable_plaintext_auth = no
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_password =
doveadm_proxy_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
dsync_alt_char = _
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
-l%{lock_timeout} -n%{namespace}
first_valid_gid = 1
first_valid_uid = 200
hostname =
imap_capability =
imap_c
Re: [Dovecot] sieve_max_redirects=0 not working as documented
Op 1/31/2013 2:59 PM, Arnaud Abélard schreef:
Hello
I'm trying to keep my users from using the "redirect" action with
pigeonhole from dovecot 2.0.21. As documented in
http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration I configured
sieve like this:
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_max_redirects = 0
}
(and doveconf indeed shows the new setting for sieve_max_redirects)
Unfortunately I can still use the redirect action:
lda(du...@univ-nantes.fr): Debug: sieve: executing script from
/vmail/d/u/dummy/.dovecot.svbin
lda(du...@univ-nantes.fr): sieve:
msgid=<510a758d.1030...@univ-nantes.fr>: forwarded to
what could I have missed?
Wiki is wrong (which I fixed). For your version, 0 means unlimited. :/
Regards,
Stephan.
Re: [Dovecot] Dovecot 2.2.beta1 errors
On 31.1.2013, at 16.53, Andreas Kasenides wrote: >> Jan 31 15:41:12 imap(): Panic: Buffer full (8221 > 8192, pool ) >> Jan 31 15:41:12 imap(): Error: Raw backtrace: >> /usr/local/lib/dovecot/libdovecot.so.0(+0x5b83a) [0x7ffbaa3a783a] -> .. >> master: service(imap): child 2236 killed with signal 6 (core dumped) > where is the offending user name. The error repeats at random intervals, > I guess related to the activity. Could you get a gdb backtrace for this? It says "core dumped", so there should be a core file in that user's home directory. Then do: gdb /usr/local/libexec/dovecot/imap /home/user/core bt full There are also a bunch of fixes since beta1, so this crash might have also been fixed. Although I don't specifically remember fixing this one.
Re: [Dovecot] dsync replication errors
On 31.1.2013, at 15.36, Oli Schacher wrote: > On Thu, 31 Jan 2013 15:24:06 +0200 > Timo Sirainen wrote: > >> On 31.1.2013, at 15.10, Oli Schacher wrote: >> >>> connect thunderbird to account user1 on server1 >>> result: login ok, mdbox visible on disk, 0 messages >>> >>> in thunderbird copy exactly 100 messages from a spambox to user1's >>> inbox on server1 >> >> spambox not being in server1? So not IMAP COPY command, but APPEND? >> > > yes APPEND, the spambox where I got the messages from is on a completely > different server. sorry for not mentioning that earlier. See if http://hg.dovecot.org/dovecot-2.2/rev/1d88f01ba2aa helps?
Re: [Dovecot] dsync replication errors
On Thu, 31 Jan 2013 17:09:20 +0200 Timo Sirainen wrote: > > See if http://hg.dovecot.org/dovecot-2.2/rev/1d88f01ba2aa helps? > I updated to the latest hg, including the "remote cmd exit wait" update. It looks better now, but I still manage to break things :-) # test 1: append 1000 messages messages with thunderbird, mdbox -> ok, no more errors, sync ok # test 2: append only 100 messages, but use maildir again instead of mdbox. still produces errors and starts duplicating, even saw an assertion error this time, but I can't reproduce it always Jan 31 16:57:34 doco1 dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.23.130, lip=192.168.23.61, mpid=2684, session=<4tper5fU8gDAqBeC> Jan 31 16:57:35 doco1 dovecot: doveadm: Error: dsync-remote(user1): Panic: file dsync-mailbox-tree-fill.c: line 72 (dsync_mailbox_tree_add): assertion failed: (status.uidvalidity != 0) Jan 31 16:57:35 doco1 dovecot: doveadm: Error: dsync-remote(user1): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x5ce8a) [0x7f65aa39de8a] -> /usr/lib64/dovecot/libdovecot.so.0(default_fatal_handler+0x32) [0x7f65aa39df72] -> /usr/lib64/dovecot/libdovecot.so.0(+0x1f55a) [0x7f65aa36055a] -> /usr/bin/doveadm(dsync_mailbox_tree_fill+0x4cf) [0x42f5cf] -> /usr/bin/doveadm(dsync_brain_mailbox_trees_init+0x180) [0x428630] -> /usr/bin/doveadm(dsync_brain_run+0x393) [0x426033] -> /usr/bin/doveadm() [0x426331] -> /usr/bin/doveadm() [0x434780] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f65aa3aca16] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x7f65aa3adaa7] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f65aa3ac9b8] -> /usr/bin/doveadm() [0x424114] -> /usr/bin/doveadm() [0x40fe4f] -> /usr/bin/doveadm() [0x41067d] -> /usr/bin/doveadm(doveadm_mail_try_run+0x141) [0x410ba1] -> /usr/bin/doveadm(main+0x3f1) [0x417ba1] -> /lib64/libc.so.6(__libc_start_main+0xfd) [0x7f65a9fcccdd] -> /usr/bin/doveadm() [0x40f839] Jan 31 16:57:35 doco1 dovecot: dsync-local(user1): Error: read(vmail@192.168.23.62) failed: EOF Jan 31 16:57:35 doco1 dovecot: dsync-local(user1): Error: Remote command returned error 255 Jan 31 16:58:06 doco1 dovecot: dsync-local(user1): Error: Recent flags state corrupted for mailbox INBOX Jan 31 16:58:06 doco1 dovecot: doveadm(user1): Warning: /mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 59: 1359647883.M823994P2684.doco1,S=2483,W=2562 (uid 18 -> 58) Jan 31 16:58:06 doco1 dovecot: doveadm(user1): Warning: /mailstore/user1/maildir/dovecot-uidlist: Duplicate file entry at line 60: 1359647883.M382644P2684.doco1,S=2533,W=2610 (uid 15 -> 59) [...] # test 3: mdbox again, append 1000 messages with claws mail, but have thunderbird connected at the same time to both accounts while doing so. this leads to the same problem as before (duplication, errors). I guess thunderbird wants to set a seen flag and modifying the mailbox while it's being synced is probably is a bad idea, but you never know what users are going to do :-) Jan 31 17:13:11 doco1 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=33dabe0f11980a51200c960042f4 (UID=104) Jan 31 17:13:11 doco1 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=33dabe0f11980a51200c960042f4 (UID=114) Jan 31 17:13:11 doco1 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=33dabe0f11980a51200c960042f4 (UID=118) Jan 31 17:13:11 doco1 dovecot: dsync-local(user1): Error: Mailbox INBOX: Remote didn't send mail GUID=33dabe0f11980a51200c960042f4 (UID=123) Let me know if you need more info/tests. -- message transmitted on 100% recycled electrons
Re: [Dovecot] dsync replication errors
On 31.1.2013, at 18.37, Oli Schacher wrote: > I updated to the latest hg, including the "remote cmd exit wait" update. > > It looks better now, but I still manage to break things :-) > > # > test 2: append only 100 messages, but use maildir again instead of > mdbox. > still produces errors and starts duplicating, even saw an > assertion error this time, but I can't reproduce it always > > Jan 31 16:57:34 doco1 dovecot: imap-login: Login: user=, > method=PLAIN, rip=192.168.23.130, lip=192.168.23.61, mpid=2684, > session=<4tper5fU8gDAqBeC> > Jan 31 16:57:35 doco1 dovecot: doveadm: Error: dsync-remote(user1): > Panic: file dsync-mailbox-tree-fill.c: line 72 > (dsync_mailbox_tree_add): assertion failed: (status.uidvalidity != 0) http://hg.dovecot.org/dovecot-2.2/rev/86629f621fe4 should fix this crash. The duplication happens because maildir somehow messes up itself. I guess I should look into it. > test 3: mdbox again, append 1000 messages with claws mail, but have > thunderbird connected at the same time to both accounts while doing so. > this leads to the same problem as before (duplication, errors). I guess > thunderbird wants to set a seen flag and modifying the mailbox while > it's being synced is probably is a bad idea, but you never know > what users are going to do :-) > > Jan 31 17:13:11 doco1 dovecot: dsync-local(user1): Error: Mailbox > INBOX: Remote didn't send mail GUID=33dabe0f11980a51200c960042f4 > (UID=104) All of the clients and changes are done only to one side, not to both sides?
Re: [Dovecot] dsync replication errors
On Thu, 31 Jan 2013 18:49:18 +0200 Timo Sirainen wrote: > > http://hg.dovecot.org/dovecot-2.2/rev/86629f621fe4 should fix this > crash. > > The duplication happens because maildir somehow messes up itself. I > guess I should look into it. > thanks, much appreciated! > > test 3: mdbox again, append 1000 messages with claws mail, but have > > thunderbird connected at the same time to both accounts while doing > > so. this leads to the same problem as before (duplication, errors). > > I guess thunderbird wants to set a seen flag and modifying the > > mailbox while it's being synced is probably is a bad idea, but you > > never know what users are going to do :-) > > > > Jan 31 17:13:11 doco1 dovecot: dsync-local(user1): Error: Mailbox > > INBOX: Remote didn't send mail GUID=33dabe0f11980a51200c960042f4 > > (UID=104) > > All of the clients and changes are done only to one side, not to both > sides? > In my previous tests I had thunderbird connected to both servers, without actually doing anything, just watching the mailbox unread counter go up. It could be it tried to update both mailboxes. I don't know what thunderbird does in the background when you're not actually clicking on a mailbox. The errors were visible in both maillogs (server1 and server2). But I can reproduce the problem by connecting only to server1, in that case, the errors show up in server1's log only: the current test scenario looks like: - both servers empty mail store, configuration set to mdbox - start server 1 - start server 2 - connect claws mail to server1 - connect thunderbird to server1 too - in claws mail copy a few hundred mails from a remote box to server1 - I can see the unread counter go up in thunderbird - "Remote didn't send mail" errors start popping up, but only in server1's maillog this time - mails are duplicated in one testrun I also saw the assert failure below, but again, I can't reproduce this one : Jan 31 18:10:11 doco1 dovecot: doveadm: Error: dsync-remote(user1): Panic: file dsync-mailbox-import.c: line 1080 (dsync_mailbox_import_change): assertion failed: (change->type == DSYNC_MAIL_CHANGE_TYPE_SAVE) Jan 31 18:10:11 doco1 dovecot: doveadm: Error: dsync-remote(user1): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x5ce8a) [0x7f0ac3602e8a] -> /usr/lib64/dovecot/libdovecot.so.0(default_fatal_handler+0x32) [0x7f0ac3602f72] -> /usr/lib64/dovecot/libdovecot.so.0(+0x1f55a) [0x7f0ac35c555a] -> /usr/bin/doveadm(dsync_mailbox_import_change+0x501) [0x42c631] -> /usr/bin/doveadm(dsync_brain_sync_mails+0x3a2) [0x4290a2] -> /usr/bin/doveadm(dsync_brain_run+0x169) [0x425e09] -> /usr/bin/doveadm() [0x426360] -> /usr/bin/doveadm() [0x434780] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f0ac3611a16] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x7f0ac3612aa7] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f0ac36119b8] -> /usr/bin/doveadm() [0x424114] -> /usr/bin/doveadm() [0x40fe4f] -> /usr/bin/doveadm() [0x41067d] -> /usr/bin/doveadm(doveadm_mail_try_run+0x141) [0x410ba1] -> /usr/bin/doveadm(main+0x3f1) [0x417ba1] -> /lib64/libc.so.6(__libc_start_main+0xfd) [0x7f0ac3231cdd] -> /usr/bin/doveadm() [0x40f839] -- message transmitted on 100% recycled electrons
[Dovecot] Dovecot Director Doveadm fails when there are a lot of output information
Hi,
we are running dovecot 2.1.13
We have 2 proxies with director and 4 mail servers. we use LDAP
when we execute doveadm-quota -A and doveadm with few output lines, its works
fine.
When we use doveadm-search or doveadm-mailbox with a lot of output information
the command stops the execution and the command no ends.
The connection to one of the 4 mailserver has finished at this moment.
I have made some tests and i have found that if we use only one mailserver the
commands works fine.
I put the gdm bt output hope it help you. (the proxy thats executes the command)
(gdb) bt full
#0 0x003872ee86f3 in __epoll_wait_nocancel () from /lib64/libc.so.6
No symbol table info available.
#1 0x003873a534b8 in io_loop_handler_run (ioloop=0x2364120)
at ioloop-epoll.c:181
ctx = 0x236b080
events =
event =
list =
io =
tv = {tv_sec = 59, tv_usec = 389208}
msecs = 59390
ret =
i =
call =
#2 0x003873a52488 in io_loop_run (ioloop=0x2364120) at ioloop.c:398
No locals.
#3 0x003873a3de43 in master_service_run (service=0x2363fd0,
callback=) at master-service.c:544
No locals.
#4 0x00413d6e in doveadm_server_flush_one ()
No symbol table info available.
#5 0x00414741 in doveadm_mail_server_user ()
No symbol table info available.
---Type to continue, or q to quit---
#6 0x0040e6bc in doveadm_mail_next_user ()
No symbol table info available.
#7 0x0040ed7c in doveadm_mail_cmd ()
No symbol table info available.
#8 0x0040f00c in doveadm_mail_try_run ()
No symbol table info available.
#9 0x004162b1 in main ()
No symbol table info available.
Thanks in advance!
--
--
Ramon Frontera
Universitat de les Illes Balears
Re: [Dovecot] dsync replication errors
On 31.1.2013, at 19.41, Oli Schacher wrote: >>> Jan 31 17:13:11 doco1 dovecot: dsync-local(user1): Error: Mailbox >>> INBOX: Remote didn't send mail GUID=33dabe0f11980a51200c960042f4 >>> (UID=104) I guess there's some bug that causes this to happen in some situations.. But the reason for mail duplication should be fixed by: http://hg.dovecot.org/dovecot-2.2/rev/138f1c76c0ec Except that shouldn't have been necessary. doveadm-server returns success before it has finished running dsync. Not sure why, need to debug it further. > in one testrun I also saw the assert failure below, but again, I can't > reproduce this one : > > Jan 31 18:10:11 doco1 dovecot: doveadm: Error: dsync-remote(user1): > Panic: file dsync-mailbox-import.c: line 1080 > (dsync_mailbox_import_change): assertion failed: (change->type == > DSYNC_MAIL_CHANGE_TYPE_SAVE) Related to incremental syncing. Have to debug it further also.
Re: [Dovecot] dsync replication errors
On Thu, 2013-01-31 at 21:51 +0200, Timo Sirainen wrote: > On 31.1.2013, at 19.41, Oli Schacher wrote: > > >>> Jan 31 17:13:11 doco1 dovecot: dsync-local(user1): Error: Mailbox > >>> INBOX: Remote didn't send mail GUID=33dabe0f11980a51200c960042f4 > >>> (UID=104) > > I guess there's some bug that causes this to happen in some situations.. But > the reason for mail duplication should be fixed by: > http://hg.dovecot.org/dovecot-2.2/rev/138f1c76c0ec > > Except that shouldn't have been necessary. doveadm-server returns success > before it has finished running dsync. Not sure why, need to debug it further. Fixed with a bit of a kludge: http://hg.dovecot.org/dovecot-2.2/rev/e9e6a95cea21
[Dovecot] Userdb passwd and 'nologin' users
I am running Dovecot with system users (userdb passwd), but some of
those users don't have shell accounts on the IMAP server so their shell
on that machine is set to /usr/sbin/nologin. Currently I am using
maildirs and this is not a problem, but I am in the process of switching
to dbox which means I will need a cronjob running 'doveadm purge -A'.
During testing I found that those users with a 'nologin' shell are not
included in the list returned by the userdb iterator, and that the
iterator doesn't honour the first/last_valid_uid settings. This
inconsistency seems undesirable, so the attached patch
- makes lookup perform the same checks as iteration,
- makes the 'nologin' check configurable,
- adds a new optional check that the user owns their home directory.
The last check was the one performed by qmail, and seems to me to be a
more reliable 'is this a real user' check than a nologin shell.
If this patch is applied, the release notes for the next release should
probably mention that system users with a 'nologin' shell will no longer
be allowed to log in to IMAP until the 'auth_check_nologin' setting is
changed from true to false.
Also, there seem to be two first/last_valid_uid settings:
first_valid_uid itself, which is honoured by the storage subsystem, and
auth_first_valid_uid, which is honoured by the 'passwd' userdb. Is this
intentional?
Ben
diff -r bf80034a547d src/auth/auth-settings.c
--- a/src/auth/auth-settings.c Thu Jan 31 18:27:22 2013 +0200
+++ b/src/auth/auth-settings.c Thu Jan 31 22:11:31 2013 +
@@ -202,6 +202,8 @@
DEF(SET_TIME, failure_delay),
DEF(SET_UINT, first_valid_uid),
DEF(SET_UINT, last_valid_uid),
+DEF(SET_BOOL, check_nologin),
+DEF(SET_BOOL, check_homedir),
DEF(SET_BOOL, verbose),
DEF(SET_BOOL, debug),
@@ -241,6 +243,8 @@
.failure_delay = 2,
.first_valid_uid = 500,
.last_valid_uid = 0,
+.check_nologin = TRUE,
+.check_homedir = FALSE,
.verbose = FALSE,
.debug = FALSE,
diff -r bf80034a547d src/auth/auth-settings.h
--- a/src/auth/auth-settings.h Thu Jan 31 18:27:22 2013 +0200
+++ b/src/auth/auth-settings.h Thu Jan 31 22:11:31 2013 +
@@ -40,6 +40,8 @@
unsigned int failure_delay;
unsigned int first_valid_uid;
unsigned int last_valid_uid;
+bool check_nologin;
+bool check_homedir;
bool verbose, debug, debug_passwords;
const char *verbose_passwords;
diff -r bf80034a547d src/auth/userdb-passwd.c
--- a/src/auth/userdb-passwd.c Thu Jan 31 18:27:22 2013 +0200
+++ b/src/auth/userdb-passwd.c Thu Jan 31 22:11:31 2013 +
@@ -10,6 +10,8 @@
#include "time-util.h"
#include "userdb-template.h"
+#include
+
#define USER_CACHE_KEY "%u"
#define PASSWD_SLOW_WARN_MSECS (10*1000)
#define PASSWD_SLOW_MASTER_WARN_MSECS 50
@@ -76,6 +78,41 @@
}
}
+static bool
+passwd_want_pw(struct passwd *pw, const struct auth_settings *set)
+{
+ /* skip entries not in valid UID range.
+ they're users for daemons and such. */
+ if (pw->pw_uid < (uid_t)set->first_valid_uid)
+return FALSE;
+ if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0)
+return FALSE;
+
+if (set->check_nologin) {
+/* skip entries that don't have a valid shell.
+ they're again probably not real users. */
+if (strcmp(pw->pw_shell, "/bin/false") == 0 ||
+strcmp(pw->pw_shell, "/sbin/nologin") == 0 ||
+strcmp(pw->pw_shell, "/usr/sbin/nologin") == 0)
+return FALSE;
+}
+
+if (set->check_homedir) {
+int err = errno;
+struct stat st;
+int ok;
+
+/* skip users who don't own their homedirs */
+ok = (stat(pw->pw_dir, &st) >= 0 &&
+S_ISDIR(st.st_mode) &&
+st.st_uid == pw->pw_uid);
+errno = err;
+if (!ok) return FALSE;
+}
+
+ return TRUE;
+}
+
static void passwd_lookup(struct auth_request *auth_request,
userdb_callback_t *callback)
{
@@ -106,6 +143,13 @@
return;
}
+if (!passwd_want_pw(&pw, auth_request->set)) {
+auth_request_log_info(auth_request, "passwd",
+ "user has bad uid or homedir");
+callback(USERDB_RESULT_USER_UNKNOWN, auth_request);
+return;
+}
+
auth_request_set_field(auth_request, "user", pw.pw_name, NULL);
auth_request_init_userdb_reply(auth_request);
@@ -137,25 +181,6 @@
return &ctx->ctx;
}
-static bool
-passwd_iterate_want_pw(struct passwd *pw, const struct auth_settings *set)
-{
- /* skip entries not in valid UID range.
- they're users for daemons and such. */
- if (pw->pw_uid < (uid_t)set->first_valid_uid)
- return FALSE;
- if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0)
- return FALSE;
-
- /* skip entries that don't have a valid
Re: [Dovecot] Reviewing end-user ham/spam submissions before feeding them to sa-learn via Dovecot Antispam plug-in
On 1/17/2013 4:31 AM, Steffen Kaiser wrote:
> On Wed, 16 Jan 2013, Ben Johnson wrote:
>
>> Currently, I'm using the Dovecot Antispam plug-in with great
>> success. Everything works as expected.
>
>> However, I would like to change the plug-in's behavior such that
>> it simply sends a copy of a message that is moved from Inbox ->
>> Junk (or Junk -> Inbox) to an administrator, instead of calling
>> sa-learn (I'm using SpamAssassin) automatically.
>
>> Basically, I would like to be able to review messages that
>> end-users submit for training before they are actually fed to
>> sa-learn.
>
> Hmm, if you use Maildir:
>
> plugin { antispam_backend = spool2dir antispam_allow_append_to_spam
> = true [snip] antispam_spool2dir_spam =
> /path/to/admin/Maildir/.TrainingReview.spam/new/%%020lu-%%05lu
> antispam_spool2dir_notspam =
> /path/to/admin/Maildir/.TrainingReview.not_spam/new/%%020lu-%%05lu
> }
>
> any of your mail users need write permission those directories, the
> admin needs read permissions for the spooled files, you need some
> method to pass the reviewed messages to sa-learn.
>
> IMHO, for 3rd step: I would either flag messages to be learned or
> move them into another folder. And a cron job feeds them to
> sa-learn, so they do not get into the message queue again and are
> probably re-filterred or modified before sa-learn picks them up.
>
> If you do not have Maildir to drop the files to or get problems,
> because the messages appear in "new" before they are spooled on
> disk and hence they may get indexed wrongly, because their content
> changes (which is forbidden in IMAP), you could spool them into
>
> antispam_spool2dir_spam = /tmp/spamspool/spam/%%020lu-%%05lu-%u
> antispam_spool2dir_notspam = /tmp/spamspool/ham/%%020lu-%%05lu-%u
> -or- antispam_spool2dir_spam = /tmp/spamspool/%%020lu-%%05lu-%u-S
> antispam_spool2dir_notspam = /tmp/spamspool/%%020lu-%%05lu-%u-H
>
> and have another cron job or inotify-wrapper move the messages to
> the reviewer's mailbox. In this case, you can make use of the "%u"
> component, which is expanded by the username, who spooled the
> message. So you could ignore messages of some users and/or ... .
>
> Kind regards,
>
> -- Steffen Kaiser
>
Steffen, thank you very much for the thorough reply. I apologize for
taking so long to digest it and respond.
I am using the Maildir format indeed.
>> any of your mail users need write permission those directories,
>> the admin needs read permissions for the spooled files,
By "mail users", do you mean, e.g., the "vmail" user account (I'm on
Debian/Ubuntu)? My understanding is that the "vmail" user account
handles all IMAP transactions; if this is true, then are you saying
that the only requisite to your suggestions is that the "vmail" user
has read/write access to the following two directories?
/path/to/admin/Maildir/.TrainingReview.spam/new/
and
/path/to/admin/Maildir/.TrainingReview.not_spam/new/
>> you need some method to pass the reviewed messages to sa-learn.
In the past, I have simply sorted the messages into "Ham" and "Spam"
sub-folders of the admin's training Inbox, and called sa-learn, with
the appropriate --ham/--spam switch on each, using a cron job. It
sounds as though this is what you are suggesting, and I can continue
with this approach.
I went ahead and tried to reconfigure Dovecot's Antispam plug-in to
use the spool2dir backend, but I'm receiving a less-than-helpful
message from the plug-in when I try to move a message from Inbox to
Junk or vice versa: "CANNOT: antispam plugin not configured".
Initially, I was using paths to the admin's mailbox, as demonstrated
in your initial response, but I simplified the spool location in order
to eliminate permission problems.
Please note that I am using Dovecot 1.2.9 in Ubuntu 10.04 LTS. By
extension, I am using the Antispam plug-in for Dovecot 1 (not 2), the
manpage for which is at
http://manpages.ubuntu.com/manpages/lucid/man7/dovecot-antispam.7.html
. So, the configuration option names and expected values differ
slightly from those in your example.
These are the only configuration directives that I am using:
-
plugin {
# Unrelated plugin options here [...]
antispam_spam_pattern_ignorecase = SPAM;JUNK
# Is this next directive actually required for this approach?
antispam_allow_append_to_spam = yes
antispam_spool2dir_spam = /tmp/spamspool/%%020lu-%u-%%05lus
antispam_spool2dir_notspam = /tmp/spamspool/%%020lu-%u-%%05luh
}
-
The spool directory that is specified exists and, for testing
purposes, has 0777 permissions:
# ls -lah /tmp | grep "spamspool"
drwxrwxrwx 2 root root 4.0K Jan 31 14:22 spamspool
Based on the above-cited manpage, these are be the only options that
are required (perhaps with the exception of
antispam_allow_append_to_spam).
What have I overlooked here?
Thanks again for all your help!
-Ben
Re: [Dovecot] Userdb passwd and 'nologin' users
On 1.2.2013, at 0.35, Ben Morrow wrote:
> I am running Dovecot with system users (userdb passwd), but some of
> those users don't have shell accounts on the IMAP server so their shell
> on that machine is set to /usr/sbin/nologin. Currently I am using
> maildirs and this is not a problem, but I am in the process of switching
> to dbox which means I will need a cronjob running 'doveadm purge -A'.
>
> During testing I found that those users with a 'nologin' shell are not
> included in the list returned by the userdb iterator, and that the
> iterator doesn't honour the first/last_valid_uid settings. This
> inconsistency seems undesirable, so the attached patch
>
>- makes lookup perform the same checks as iteration,
Hmmh. You could also just have them aliased to other users, so this wouldn't be
necessary..
>- makes the 'nologin' check configurable,
>- adds a new optional check that the user owns their home directory.
These settings are passwd-specific, so they would have to something like:
userdb {
driver = passwd
args = check-nologin=n check-home=y
}
> The last check was the one performed by qmail, and seems to me to be a
> more reliable 'is this a real user' check than a nologin shell.
It also performs disk I/O, slowing down the lookup.
> If this patch is applied, the release notes for the next release should
> probably mention that system users with a 'nologin' shell will no longer
> be allowed to log in to IMAP until the 'auth_check_nologin' setting is
> changed from true to false.
The default will in any case be the same as it is now.
> Also, there seem to be two first/last_valid_uid settings:
> first_valid_uid itself, which is honoured by the storage subsystem, and
> auth_first_valid_uid, which is honoured by the 'passwd' userdb. Is this
> intentional?
Nope, that's a bug. Fixed that in v2.2:
http://hg.dovecot.org/dovecot-2.2/rev/18661d1d6ed0
Re: [Dovecot] Userdb passwd and 'nologin' users
Hi Ben,
Ben Morrow wrote:
> +if (set->check_nologin) {
> +/* skip entries that don't have a valid shell.
> + they're again probably not real users. */
> +if (strcmp(pw->pw_shell, "/bin/false") == 0 ||
> +strcmp(pw->pw_shell, "/sbin/nologin") == 0 ||
> +strcmp(pw->pw_shell, "/usr/sbin/nologin") == 0)
> +return FALSE;
> +}
Valid shells are defined in /etc/shells and "locked" users, I would
strongly discourage from hardcoding a list of no-login shells here.
Users locked with "passwd -l" can also be detected by a ! at
the beginning of the password hash.
Regards
Daniel
--
https://plus.google.com/103021802792276734820
