Re: When will passdb callback to mechanism yield PASSDB_RESULT_NEXT?

2017-05-29 Thread Aki Tuomi 


On 27.05.2017 23:02, Peter Mogensen wrote:
> Hi,
>
> code question...
>
> I've been trying to figure out the implications of the new
> "noauthenticate" passdb field.
>
> Internally it causes a passdb to result in PASSDB_RESULT_NEXT.
>
> When a SASL mechanism calls
> auth_request_lookup_credentials(...,callback) the passdb result is
> passed to the callback.
>
> But I can't really figure out when that result will ever be
> PASSDB_RESULT_NEXT. It seems the passdb fallthrough resolver will
> always replace it with PASSDB_RESULT_INTERNAL_FAILURE if it ends up
> being the last result.
>
> Can it ever leak into the callback or is it an internal intermediate
> value or the passdb resolver?
>
> /Peter

Hi!

PASSDB_RESULT_NEXT is internal result, that should not go out. It's
intention is to point out that authentication is done by next passdb,
and if there is no next passdb, it should fail because no one was able
to authenticate the user (or noauthenticate was seen).

Aki

user-defined special-use folders

2017-05-29 Thread Fabian Schmidt 


I plan to define SPECIAL-USE mailboxes and think about defining per user 
special-use folders for those who don't use the default folder names. Is 
this possible in dovecot?


What I try:
$ doveadm exec imap
* PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT 
MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS 
LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN 
CONTEXT=SEARCH LIST-STATUS BINARY MOVE SEARCH=FUZZY METADATA SPECIAL-USE] 
Logged in as fschmidt

a1 SETMETADATA "sent-mail" (/private/specialuse "\\Sent")
a1 NO [CANNOT] The /private/specialuse attribute cannot be changed (0.008 
+ 0.000 + 0.008 secs).


using dovecot 2.2.29.1, following the example in RFC 6154, sect. 5.4

(How is MAIL_ATTRIBUTE_INTERNAL_RANK_AUTHORITY defined or set?)

Fabian.

Re: user-defined special-use folders

2017-05-29 Thread Teemu Huovila 


On 29.05.2017 12:31, Fabian Schmidt wrote:
> 
> I plan to define SPECIAL-USE mailboxes and think about defining per user 
> special-use folders for those who don't use the default folder names. Is this 
> possible in dovecot?
> 
> What I try:
> $ doveadm exec imap
> * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT 
> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS 
> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN 
> CONTEXT=SEARCH LIST-STATUS BINARY MOVE SEARCH=FUZZY METADATA SPECIAL-USE] 
> Logged in as fschmidt
> a1 SETMETADATA "sent-mail" (/private/specialuse "\\Sent")
> a1 NO [CANNOT] The /private/specialuse attribute cannot be changed (0.008 + 
> 0.000 + 0.008 secs).
Dovecot does not currently support setting SPECIAL-USE metadata. There are some 
plans to change this, but no firm timeline.

br,
Teemu

> 
> using dovecot 2.2.29.1, following the example in RFC 6154, sect. 5.4
> 
> (How is MAIL_ATTRIBUTE_INTERNAL_RANK_AUTHORITY defined or set?)
> 
> Fabian.

SSL problem - no banner

2017-05-29 Thread Marcio Merlone 

Hi,

I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has 
a valid Letsencrypt certificate but the problem also happens with a 
self-digned one.


Only openssl s_client -connect localhost:993 works fine and fast, while 
all MUA's and telnet does not. Telnet timeouts waiting for banner after 
a minute or so:


root@netuno:~# openssl s_client -connect localhost:993
CONNECTED(0003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
(...)
Start Time: 1496081321
Timeout   : 300 (sec)
Verify return code: 0 (ok)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

0 logout
* BYE Logging out
0 OK Logout completed.
closed

root@netuno:~# telnet localhost 993
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
(about 1 minute later...)
Connection closed by foreign host.
root@netuno:~#

I Have enabled verbose_ssl = yes and mail_debug = yes but no useful info 
got to logs. Has anyone seen this? Any hint?


Thanks, best regards.

--
*Marcio Merlone*

Re: SSL problem - no banner

2017-05-29 Thread Aki Tuomi 

> On May 29, 2017 at 9:27 PM Marcio Merlone  wrote:
> 
> 
> Hi,
> 
> I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has 
> a valid Letsencrypt certificate but the problem also happens with a 
> self-digned one.
> 
> Only openssl s_client -connect localhost:993 works fine and fast, while 
> all MUA's and telnet does not. Telnet timeouts waiting for banner after 
> a minute or so:
> 
> root@netuno:~# openssl s_client -connect localhost:993
> CONNECTED(0003)
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify return:1
> (...)
>  Start Time: 1496081321
>  Timeout   : 300 (sec)
>  Verify return code: 0 (ok)
> ---
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
> IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
> 0 logout
> * BYE Logging out
> 0 OK Logout completed.
> closed
> 
> root@netuno:~# telnet localhost 993
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> (about 1 minute later...)
> Connection closed by foreign host.
> root@netuno:~#
> 
> I Have enabled verbose_ssl = yes and mail_debug = yes but no useful info 
> got to logs. Has anyone seen this? Any hint?
> 
> Thanks, best regards.
> 
> -- 
> *Marcio Merlone*

It is not exactly obvious what you are expecting to happen. You won't get plain 
text banner out of port 993, if you want to use STARTTLS, use port 143.

Aki

Re: MySQL issue

2017-05-29 Thread Amaechi Janneh 
Yes it is.

On Mon, May 29, 2017 at 12:28 AM, Luigi Rosa  wrote:

> Amaechi Janneh wrote on 29/05/2017 02:47:
>
> May 28 20:20:32 AmaechiJ dovecot[10516]: auth-worker(10892): Error: sql(
>> a...@example.com,): User query failed: Table 'mailserver.users' doesn't
>> exist
>>
>
> Start MySQL command line interface with the same username/password you use
> in Dovecot and do the same query Dovecot does.
>
> "mailserver" is the database name?
>
>
>
> --
>
>
> Ciao,
> luigi
>
> /
> +--[Luigi Rosa]--
> \
>
> Never ascribe to malice that which is caused by greed and ignorance.
> --Cal Keegan
>

Re: MySQL issue

2017-05-29 Thread Odhiambo Washington 
On 29 May 2017 at 03:47, Amaechi Janneh  wrote:

> Hello.
>
> It appears that I have an issue with my dovecot setup. When trying to
> authenticate, i get this error:
>
> May 28 20:18:26 AmaechiJ dovecot[10516]: imap-login: Login: user=<
> a...@example.com>, method=PLAIN, rip=, lip=, mpid=10879, TLS,
> ses...QOQBg9rlR>
> May 28 20:18:42 AmaechiJ dovecot[10516]: imap(a...@example.com): Connection
> closed in=116 out=1311
> May 28 20:20:32 AmaechiJ dovecot[10516]: auth-worker(10892): Warning:
> mysql: Query failed, retrying: Table 'mailserver.users' doesn't exist
> May 28 20:20:32 AmaechiJ dovecot[10516]: auth-worker(10892): Error: sql(
> a...@example.com,): User query failed: Table 'mailserver.users' doesn't
> exist
> May 28 20:20:32 AmaechiJ dovecot[10516]: imap-login: Login: user=<
> a...@example.com>, method=PLAIN, rip=, lip=, mpid=10894, TLS,
> ses...QZwBg9rlR>
>
> But I already have the users data under virtual_users. So what should I do?
>
> Regards,
>
> Amaechi Janneh
>
> I am running dovecot 2.2.13 Debian 8
>

What does virtual_users have to do with a table named 'users' in the
database named  'mailserver'?

I fear the Debian split configs, but maybe you should check your
configuration in etc/dovecot/dovecot-sql.conf.ext or something close? Make
sure the params there match what you want in terms of MySQL db and tables.



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

Re: MySQL issue

2017-05-29 Thread Luigi Rosa 

If you put the database name in the connect string you can omit it in the query

Append at the end of the connect string "dbname=mailserver" and remove 
"mailserver." from the table name


Of course the user you are using must have at least SELECT access to db 
mailserver



Amaechi Janneh wrote on 29/05/2017 22:30:

Yes it is.

On Mon, May 29, 2017 at 12:28 AM, Luigi Rosa > wrote:


Amaechi Janneh wrote on 29/05/2017 02:47:

May 28 20:20:32 AmaechiJ dovecot[10516]: auth-worker(10892): Error: sql(
a...@example.com ,): User query failed: Table
'mailserver.users' doesn't exist


Start MySQL command line interface with the same username/password you use
in Dovecot and do the same query Dovecot does.

"mailserver" is the database name?




--


Ciao,
luigi

/
+--[Luigi Rosa]--
\

If you rely only on your eyes, your other senses weaken.
--Frank Herbert, "Dune"