Re: [Dovecot] Regarding SSHA512 Password Scheme
Hi Joy, Please show doveconf -n LDAP Entry (full hash) of a test user Dovecot ErrorLogs Regards Daniel
Re: [Dovecot] dsync deleted my mailbox - what did I do wrong?
Hey Jiri. Thanks for getting back. On Friday, April 4, 2014 4:48:48 PM CEST, Jiri Bourek wrote: - where did I fail (ignoring the backups, please. That's .. something I know) From the man page: "backup - Backup mails from default mail location to location2 (or vice versa, if -R parameter is given). No changes are ever done to the source location. Any changes done in destination are discarded." Yeah, maybe. That's what I thought _after_ the fact (i.e. that was what I hinted at with 'one way sync'). But see below. The last sentence describes what happened to you: all new mail on the new machine is a "change" and was discarded (by deleting new mail.) If I'm not mistaken, this is correct behaviour for backup mode - you get exact copy of the source side (maildir:/tmp/mail_backup) on destination side (d...@darklajid.de) That would be sort of okay. Except that isn't what happened: - The target mailbox was killed completely - Nothing was restored If what you're suggesting here is true I'd expect a clean copy of my source - even if it destroys all other changes. That did NOT happen though. It nuked the target and didn't restore a thing. Plus, dsync mirror did exactly the same: Nuked the (live) mailbox once more, same error message, not a single message restored (but also no modification to the source). - Can I use dsync ... for backups? I don't think that this is a good idea after yesterday night? AFAIK you can safely use it to make the backup. I'm not sure if it can be reliably used to restore data (don't think so but I'm not an expert.) I'd use doveadm import for that. That'd be my experience at this point as well, of course. :-) The bigger question is if this is well-known / correct and if this should be documented in a better fashion. Was I really that naive to expect that to work (in that case: ignore the documentation request) or could that happen again? Ben
Re: [Dovecot] dsync replication questions
On Fri, 2014-04-04 at 15:41 +0300, Teemu Huovila wrote: > Hi > > On 04/04/2014 03:38 PM, Simon Fraser wrote: > > It does help, thank you. Do you also know what the '-f' option does? > According to the dsync-man page it: > > Makes dsync run in "full sync" mode rather than "fast sync" mode. In fast > sync mode dsync might skip syncing a mailbox, if both > locations had modified it equally many times (i.e. highest-modseqs were > equal), but with different changes. Thank you. Is it still only the changes that are synced each way, or the entire mailbox? I'm trying to gauge the performance hit for enabling this on larger mailboxes. (I could, of course, run some tests, but someone may already have done that) Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
Re: [Dovecot] dsync replication questions
On 04/07/2014 12:22 PM, Simon Fraser wrote: > Thank you. Is it still only the changes that are synced each way, or > the entire mailbox? I'm trying to gauge the performance hit for enabling > this on larger mailboxes. (I could, of course, run some tests, but > someone may already have done that) Cant say anything certain on this one. I do know that not all the messages are sent to the other side. There are optimizations in place, using the Dovecot transaction logs and some pretty complicated application login, but a lot of data still needs to be processed by the dsync "brains". I think testing with your particular setup and data would give the most accurate results. br, Teemu Huovila
Re: [Dovecot] dsync deleted my mailbox - what did I do wrong?
The last sentence describes what happened to you: all new mail on the
new machine is a "change" and was discarded (by deleting new mail.) If
I'm not mistaken, this is correct behaviour for backup mode - you get
exact copy of the source side (maildir:/tmp/mail_backup) on
destination side (d...@darklajid.de)
That would be sort of okay. Except that isn't what happened:
- The target mailbox was killed completely
- Nothing was restored
If what you're suggesting here is true I'd expect a clean copy of my
source - even if it destroys all other changes. That did NOT happen
though. It nuked the target and didn't restore a thing.
True - if we move from "problem is dsync deleted new mail" to "problem
is dsync was unable to restore the backup", the described behaviour
looks like a bug to me too. It may have something to do with the maildir
format, I recall some discussion regarding folder INBOX, which needs
special handling (because it's physically stored in maildir root,
whereas every other folder is stored in folder-named subdirectory)
That said, I tried something along what you did and it failed for me
too. So I deleted the mailbox completely, recreated it, tried again and
this time the restore succeeded. It seems the easiest possible way to
reproduce the faulty behaviour is:
1. create mailbox for testing, here t...@example.com
2. create IMAP folder under INBOX
( namespace inbox { separator = / } )
# doveadm mailbox create -u t...@example.com INBOX/test
3. attempt to restore from backup
# doveadm backup -u t...@example.com -R maildir:/mnt/mail-backups/test/
which yields (on Dovecot 2.2.12)
dsync(t...@example.com): Error: Mailbox INBOX sync: mailbox_delete
failed: INBOX can't be deleted.
Another try shows that IMAP folder created somewhere else (not under
INBOX) isn't a problem:
# doveadm mailbox create -u t...@example.com testtest
# doveadm backup -u t...@example.com -R maildir:/mnt/mail-backups/test/
This yields no output, folder testtest is deleted (as expected), INBOX
is populated from backup.
Another try, this time I used mbox instead of maildir by specifying
-o mail_location=mbox:/path/test/mail
to doveadm. Worked without error even with INBOX/test folder (which got
deleted during restore)
No idea if this can be considered as a bug, or the test does something
that is not supposed to be done in the first place (Although different
results with different storage format suggests a bug to me.)
Plus, dsync mirror did exactly the same: Nuked the (live) mailbox once
more, same error message, not a single message restored (but also no
modification to the source).
I was doing some trial and error testing with doveadm sync (should be
the same as dsync mirror.) If used on a mailbox which has seen some
changes, this sync's behaviour is just strange.
Or - to be more precise - it seems strange on first sight, but when you
think about it, it does what is supposed to do. The sync mode is (AFAIK)
designed to keep single mailbox synchronized on two hosts. If you
created new mailbox on the new host, then had some mail delivered to it
and after some time decided to add mail from old host, then you don't
have single mailbox - you have two mailboxes with the same name.
In other words this scenario is probably something dsync wasn't designed
to be used for and there's no surprise mirror mode can't handle it.
And again - I'm no expert, so it's entirely possible everything I wrote
here is complete and utter nonsense Let's hope someone more
knowledgeable corrects me if that is the case.
Re: [Dovecot] dsync deleted my mailbox - what did I do wrong?
On 7/4/2014 4:01 μμ, Jiri Bourek wrote: I was doing some trial and error testing with doveadm sync (should be the same as dsync mirror.) If used on a mailbox which has seen some changes, this sync's behaviour is just strange. I can confirm (on 2.2.12) that the behavior is the same using replication (mirroring). Creating a folder on either end, e.g. as a subfolder of Inbox, does not create an identical new folder on the other end. I would expect that the folder is replicated! Manual dsync from the CLI will not replicate folders as well. I will agree with Jiri that is a strange (wrong?) behavior in dsync. Folders should be replicated, whether new or not. If not, how message moves between older and newer folders can be replicated on the fly? Please advise on how to handle this situation because if folders are created/deleted/moved by users, dsync may lead to a chaos! Nick
[Dovecot] Dovecot LDAP issue
Dovecot version: 2.0.19 --- grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-ldap.conf hosts = server.domain.tld:389 ldap_version= 3 auth_bind = yes dn = vm...@domain.tld dnpass = somepassword base= ou=testou,dc=domain,dc=tld scope = subtree deref = never user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_attrs = userPassword=password default_pass_scheme = CRYPT user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir - I'm authenticating users through AD and it seems to work with no problems. Unfortunately, when I try to send e-mail from a user who's not in the testou container I get the following error: Sender address rejected: User unknown in virtual mailbox table> #SMTP#. I'm assuming this happens because dovecot is not able to to lookup up that user since that user is outside the testou container. A lot of the AD users are in different places inside the AD structure and I need to be able to configure dovecot to look from the root of the AD structure down. I changed the base to this: base = dc=domain,dc=tld but it simply fails to lookup any users at that point. How would I go about getting dovecot to start at the top of the domain and look at every nested OU within AD? thanks a lot D
Re: [Dovecot] Dovecot LDAP issue
On 04/ 7/14 01:46 PM, Deeztek Support wrote: I'm authenticating users through AD and it seems to work with no problems. Unfortunately, when I try to send e-mail from a user who's not in the testou container I get the following error: Sender address rejected: User unknown in virtual mailbox table> #SMTP#. Looks like a Postfix error, not Dovecot.
Re: [Dovecot] Dovecot LDAP issue
On 4/7/2014 2:08 PM, Oscar del Rio wrote: On 04/ 7/14 01:46 PM, Deeztek Support wrote: I'm authenticating users through AD and it seems to work with no problems. Unfortunately, when I try to send e-mail from a user who's not in the testou container I get the following error: Sender address rejected: User unknown in virtual mailbox table> #SMTP#. Looks like a Postfix error, not Dovecot. I don't think so. Postfix already looks from the root of the AD down and it has no problems. Dovecot does not authenticate at all if I simply put the AD root in the ldap configuration file.
Re: [Dovecot] Dovecot LDAP issue
7.04.2014 20:43, Deeztek Support: > On 4/7/2014 2:08 PM, Oscar del Rio wrote: >> >> On 04/ 7/14 01:46 PM, Deeztek Support wrote: >>> >>> I'm authenticating users through AD and it seems to work with no >>> problems. Unfortunately, when I try to send e-mail from a user who's >>> not in the testou container I get the following error: >>> >>> Sender address rejected: User unknown in virtual mailbox table> #SMTP#. >>> >> >> Looks like a Postfix error, not Dovecot. > > I don't think so. Postfix already looks from the root of the AD down and > it has no problems. Dovecot does not authenticate at all if I simply put > the AD root in the ldap configuration file. "User unknown in virtual mailbox table" is what *postfix* tells you. Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get involved at all (although this depends on your configuration). I recommend to check the restrictions you defined in your postfix configuration. Mit freundlichen Grüßen Christian Schmidt -- No signature available.
Re: [Dovecot] Dovecot LDAP issue
On 4/7/2014 4:42 PM, Christian Schmidt wrote: 7.04.2014 20:43, Deeztek Support: On 4/7/2014 2:08 PM, Oscar del Rio wrote: On 04/ 7/14 01:46 PM, Deeztek Support wrote: I'm authenticating users through AD and it seems to work with no problems. Unfortunately, when I try to send e-mail from a user who's not in the testou container I get the following error: Sender address rejected: User unknown in virtual mailbox table> #SMTP#. Looks like a Postfix error, not Dovecot. I don't think so. Postfix already looks from the root of the AD down and it has no problems. Dovecot does not authenticate at all if I simply put the AD root in the ldap configuration file. "User unknown in virtual mailbox table" is what *postfix* tells you. Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get involved at all (although this depends on your configuration). I recommend to check the restrictions you defined in your postfix configuration. Mit freundlichen Grüßen Christian Schmidt The reason I think it's Dovecot generating the error is because when the IP address of the sending server is not in the mynetworks directive of postfix I get the following error: Sender address rejected: not logged in> #SMTP# When I do add the address of the sending server in mynetworks in postfix, the email gets delivered. However, when that person tries to reply to that email, they get the following error: user unknown. Command output: doveconf: I realize that's a different error from my original message, I don't remember exactly what I did so I can duplicate the previous error, but the problem still persists. Dovecot is not able to lookup the recipient from AD because the recipient is in a different container. I simply need to find out how to get Dovecot to do LDAP lookups from the domain root. When I set the domain root in base = dovecot stops doing ldap lookups and it doesn't work at all.
Re: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb
On Tue, Apr 1, 2014 at 11:29 PM, Steffen Kaiser < skdove...@smail.inf.fh-brs.de> wrote: > > > > What's the output of: >>> >>> lsof -c dovecot|grep auth-userdb >>> >>> [root@vmail1 ~]# lsof -c dovecot|grep auth-userdb >> dovecot 3147 root 38u unix 0x88004fce0680 0t0 24739 >> /var/run/dovecot/auth-userdb >> > > Dovecot is configured to use /var/run/dovecot/auth-userdb whereas your LDA > uses /usr/local/dovecot/var/run/dovecot/auth-userdb . You do not have > symlinks to merge both locations, do you? > > Check, why the Dovecot LDA is using another config file. Found it!!! Thank youm thank you, thank you... this was delivery config in postfix that was using /usr/local/dovecot/var/run/dovecot/auth-userdb. DUH! Simon
Re: [Dovecot] Dovecot LDAP issue
Am 07.04.2014 23:47, schrieb Deeztek Support: > On 4/7/2014 4:42 PM, Christian Schmidt wrote: >> 7.04.2014 20:43, Deeztek Support: >>> On 4/7/2014 2:08 PM, Oscar del Rio wrote: On 04/ 7/14 01:46 PM, Deeztek Support wrote: > > I'm authenticating users through AD and it seems to work with no > problems. Unfortunately, when I try to send e-mail from a user who's > not in the testou container I get the following error: > > Sender address rejected: User unknown in virtual mailbox table> #SMTP#. > Looks like a Postfix error, not Dovecot. >>> >>> I don't think so. Postfix already looks from the root of the AD down and >>> it has no problems. Dovecot does not authenticate at all if I simply put >>> the AD root in the ldap configuration file. >> >> "User unknown in virtual mailbox table" is what *postfix* tells you. >> Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get >> involved at all (although this depends on your configuration). >> >> I recommend to check the restrictions you defined in your postfix >> configuration. >> > The reason I think it's Dovecot generating the error is because when the IP > address of the sending server is not in > the mynetworks directive of postfix I get the following error why in the world do you strip logs syslog contains even the process who generates a entry and so there is not much to guess if you *really* look at the log signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Dovecot LDAP issue
On 4/7/2014 6:13 PM, Reindl Harald wrote: Am 07.04.2014 23:47, schrieb Deeztek Support: On 4/7/2014 4:42 PM, Christian Schmidt wrote: 7.04.2014 20:43, Deeztek Support: On 4/7/2014 2:08 PM, Oscar del Rio wrote: On 04/ 7/14 01:46 PM, Deeztek Support wrote: I'm authenticating users through AD and it seems to work with no problems. Unfortunately, when I try to send e-mail from a user who's not in the testou container I get the following error: Sender address rejected: User unknown in virtual mailbox table> #SMTP#. Looks like a Postfix error, not Dovecot. I don't think so. Postfix already looks from the root of the AD down and it has no problems. Dovecot does not authenticate at all if I simply put the AD root in the ldap configuration file. "User unknown in virtual mailbox table" is what *postfix* tells you. Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get involved at all (although this depends on your configuration). I recommend to check the restrictions you defined in your postfix configuration. The reason I think it's Dovecot generating the error is because when the IP address of the sending server is not in the mynetworks directive of postfix I get the following error why in the world do you strip logs syslog contains even the process who generates a entry and so there is not much to guess if you *really* look at the log I'm not stripping any logs. The error I put is from the bounce message. The syslog says the following: Apr 7 17:39:39 ewa postfix/pipe[7134]: E35AE860B26: to=, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=5.1.1, status=bounced (user unknown. Command output: So mystery solved, it really is dovecot generating the error. Question remains, can someone please tell me how to get Dovecot do LDAP looks from the AD root?
Re: [Dovecot] Dovecot LDAP issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 7 Apr 2014, Deeztek Support wrote: On 4/7/2014 6:13 PM, Reindl Harald wrote: Am 07.04.2014 23:47, schrieb Deeztek Support: On 4/7/2014 4:42 PM, Christian Schmidt wrote: 7.04.2014 20:43, Deeztek Support: On 4/7/2014 2:08 PM, Oscar del Rio wrote: On 04/ 7/14 01:46 PM, Deeztek Support wrote: I'm authenticating users through AD and it seems to work with no problems. Unfortunately, when I try to send e-mail from a user who's not in the testou container I get the following error: Sender address rejected: User unknown in virtual mailbox table> #SMTP#. Looks like a Postfix error, not Dovecot. I don't think so. Postfix already looks from the root of the AD down and it has no problems. Dovecot does not authenticate at all if I simply put the AD root in the ldap configuration file. "User unknown in virtual mailbox table" is what *postfix* tells you. Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get involved at all (although this depends on your configuration). I recommend to check the restrictions you defined in your postfix configuration. The reason I think it's Dovecot generating the error is because when the IP address of the sending server is not in the mynetworks directive of postfix I get the following error why in the world do you strip logs syslog contains even the process who generates a entry and so there is not much to guess if you *really* look at the log I'm not stripping any logs. The error I put is from the bounce message. The syslog says the following: Apr 7 17:39:39 ewa postfix/pipe[7134]: E35AE860B26: to=, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=5.1.1, status=bounced (user unknown. Command output: So mystery solved, it really is dovecot generating the error. Question remains, can someone please tell me how to get Dovecot do LDAP looks from the AD root? The primary question is: Does ldapsearch -H ldap://server.domain.tld:389 \ -b dc=domain,dc=tld -D ... -W \ '(&(userPrincipalName=<>)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))' return the user? How many domain controllers to you have in the AD? Which of them holds which domains? See http://technet.microsoft.com/en-us/library/cc978012.aspx - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU0OUvXD1/YhP6VMHAQIF9AgAu2wxEpYXMoHwS1uA7fxKbMPY1tGXU2SE Ub0GVd6CZ6tUWsYW4YE7rYsyy2LFdLDlTFkeOttP30XeoLdYbvnh8QqOR+iURJx2 u2Y/x91SfTIqhRIjDLckq6pmcgugyaLngWKMBCWvkpra03GTqCUmY7Wndh9FoXRm /S1F3u/q0vID1JDEZWeoEInrpKh7KCxX4WPDiUTLUho1CwnzYiMpDlLYJMHNn7P/ K8P2ESPapFwr16tShUewXi7l2hGVGt8Eaqb/z2OqnkWEdSNILejnv5TkZif6GT6H sh8/AxPsotpmV2kEh/IjMG4mjihHCnzvxngpMu96xkTufsBcgt4RyQ== =dM6R -END PGP SIGNATURE-
Re: [Dovecot] Dovecot LDAP issue
On Monday 07 April 2014 13:46:20 Deeztek Support wrote: > Dovecot version: 2.0.19 > --- > grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-ldap.conf > > hosts = server.domain.tld:389 > ldap_version= 3 > auth_bind = yes > dn = vm...@domain.tld > dnpass = somepassword > base= ou=testou,dc=domain,dc=tld > scope = subtree > deref = never > user_filter = > (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.11 > 3556.1.4.803:=2))) pass_filter = > (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.11 > 3556.1.4.803:=2))) pass_attrs = userPassword=password > default_pass_scheme = CRYPT > user_attrs = > =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld > /%Ln/Maildir - Your %u need to be matched by the string postfix send to dovecot ( check your master.cf) As I say in a previous post, this filter is invoked from two parts, with (possible) different parameters : from authentication, with the username of the client, and from delivery, with usually the e-mail address or whatewer you set in postfix. IMHO is a bad design, but it works as is.
