strange interaction with MacOSX calendar server

2016-01-07 Thread Jim Reid 
I’ve installed and configured Apple’s calendar server. It seems to be working 
just fine.

However it keeps trying to speak to my IMAP server — don’t know why — and the 
authentication attempts fail every 30 seconds or so.

Here’s what’s in the calendar server logs:
2016-01-07 22:42:38+ [-] [caldav-1]  [IMAP4DownloadProtocol 
(TLSMemoryBIOProtocol),client] 
[txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error] 
IMAP login failed for com.apple.calendarserver
2016-01-07 22:43:08+ [-] [caldav-1]  [IMAP4DownloadProtocol 
(TLSMemoryBIOProtocol),client] 
[txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error] 
IMAP login failed for com.apple.calendarserver
2016-01-07 22:43:39+ [-] [caldav-1]  [IMAP4DownloadProtocol 
(TLSMemoryBIOProtocol),client] 
[txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error] 
IMAP login failed for com.apple.calendarserver

And in dovecot’s logs I see:
Jan  7 22:47:43 hutch dovecot[63067]: imap-login: Disconnected (auth failed, 2 
attempts in 4 secs): user=, method=PLAIN, 
rip=195.54.233.70, lip=195.54.233.70, TLS, session=
Jan  7 22:48:10 hutch dovecot[63067]: auth-worker(65378): Error: 
pam(com.apple.calendarserver,195.54.233.70): pam_acct_mgmt() failed: permission 
denied
Jan  7 22:48:14 --- last message repeated 1 time ---
Jan  7 22:48:14 hutch dovecot[63067]: imap-login: Disconnected (auth failed, 2 
attempts in 4 secs): user=, method=PLAIN, 
rip=195.54.233.70, lip=195.54.233.70, TLS, session=
Jan  7 22:48:40 hutch dovecot[63067]: auth-worker(65378): Error: 
pam(com.apple.calendarserver,195.54.233.70): pam_acct_mgmt() failed: permission 
denied
Jan  7 22:48:44 --- last message repeated 1 time —

I tweaked dovecot to use AUTH PLAIN as well as CRAM-MD5. [The MD5 stuff has 
always worked fine for SMTP and IMAP over TLS.] I think /etc/pam.d/dovecot is 
OK too:

% cat /etc/pam.d/dovecot 
#
#   as documented on Dovecot wiki
auth   required   pam_opendirectory.so try_first_pass
accountrequired   pam_nologin.so
accountrequired   pam_opendirectory.so
password   required   pam_opendirectory.so

Here’s my dovecot.conf:

# 2.2.5: dovecot.conf
# OS: Darwin 12.5.0 x86_64  
auth_mechanisms = plain login cram-md5
base_dir = /var/run/dovecot/
listen = *, [::]
mail_debug = yes
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
  hidden = yes
  inbox = yes
  list = no
  location = mbox:~/mail:INBOX=/var/mail/%u
  prefix = "#mbox/"
  separator = /
  type = private
}
namespace {
  inbox = no
  list = yes
  location = maildir:/var/imap/%u:LAYOUT=fs
  prefix = 
  separator = /
  type = private
}
passdb {
  driver = pam
  args = failure_show_msg=yes
}
passdb {
  args = /usr/local/etc/dovecot-md5
  driver = passwd-file
}
protocols = imap
service auth {
  executable = /usr/local/libexec/dovecot/auth
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  user = root
}
service imap-login {
  client_limit = 32
  executable = /usr/local/libexec/dovecot/imap-login
  inet_listener imap {
port = 0
  }
  process_limit = 128
  process_min_avail = 3
  service_count = 1
  vsz_limit = 64 M
}
service imap {
  executable = /usr/local/libexec/dovecot/imap
  process_limit = 32
}
service pop3-login {
  client_limit = 32
  process_limit = 128
  process_min_avail = 3
  service_count = 1
  vsz_limit = 64 M
}
service pop3 {
  process_limit = 32
}
ssl_cert =

Re: doveadm search -A tries to create mailboxes

2016-01-07 Thread Bill Shirley 

Yes, I have:
  mailbox Trash {
special_use = \Trash
auto= subscribe
# next needs dovecot 2.2.20
#autoexpunge= 2 weeks
  }
  mailbox SystemFolders {
auto= create
#auto   = subscribe
  }


However, I would think that only applies to mail delivery or POP3/IMAP access.  Are you saying that all doveadm -A commands will 
create Maildir and 'auto=create/subscribe' folders?  Why did it not create '~/Maildir/SystemFolders'?  I did hit Ctrl-C as soon 
as I saw what doveadm was doing.


Again, I don't think SEARCH should create any directories.  Maybe have a doveadm CREATE for that purpose?  I am not the creator 
nor a developer of Dovecot; just one user with an opinion.  If they think this is the correct behavior I'm fine with that.


Bill


On 1/7/2016 2:22 AM, Steffen Kaiser wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 6 Jan 2016, Bill Shirley wrote:


The man page doesn't mention that 'search' updates anything.


SEARCH has to open the Maildir. Dovecot has the feature to create mailboxes on 
the fly on access, not only on write accesses. If
Dovecot wouldn't, you would get lots of "Invalid Mailbox" errors, because -A 
enumerates users, you want to skip.

Actually, if you cannot limit -A with Timo's hints, you might try to override 
the userdb setting via -o command line options
with a passwd-file, in which you list only "valid" users.


BTW, now I have:
/var/cache/akmods/Maildir/.Trash


you probably have autocreate for Trash? But you will see Maildir for all users 
anyway.

- -- Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBVo4SM3z1H7kL/d9rAQJtRwgAiCprUdix0RuNeeET9eL/LiKhJi2bc8nV
tX4VXXzCmFnhq8NkWnEOj24aFVeHNxPMXqdbDdIiEQ5zecGQhDxF02VYwTSkOdme
PmSxtf8hHUWUtqx8Lqv99hz6fV+OEHHTG7Q2/ZAUHDLuDTsiARTyntZKCjKwpigb
RHLJxxN8tDdtdb8Re6eN8GybyPgGIaGh+T7+oY30LeGFEO/JuQ+twmp8KxK5Zq8z
Ejjk/m+QrP2uQWRG+xptzIPX10jsCsF1mPNNX/8hXJcWdQ+ohmHFRZMuHntNOTsa
SNNfUuvvXl/tTtn+f25oy6qJEhlOFnj9pLVWQhS/kT+Bw/9GX7cSbA==
=3mLB
-END PGP SIGNATURE-