Re: creation of ssl-parameters fails

2018-08-20 Thread Kai Schaetzl 
Aki Tuomi wrote on Sun, 19 Aug 2018 20:56:28 +0300 (EEST):

> openssl gendh 4096 > params.pem

Ok. I then misunderstood what's written at
https://wiki.dovecot.org/SSL/DovecotConfiguration

I thought I need to create dh.pem in two steps:

1. openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
2. dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl 
dhparam -inform der > /etc/dovecot/dh.pem

That's what I did on the first installation. ssl-parameters.dat already 
existed and I just used the second command to transform it. Now I thought 
I must have had generated ssl-parameters.dat with the first command back 
then. But apparently I haven't.

Now I was trying to make steps 1 and 2 and that fails because the 
generated ssl-parameters.dat is apparently not the format expected.

Basically
openssl dhparam 4096 > /etc/dovecot/dh.pem
would do the trick? I misread that from the wiki.

Before reading your reply I checked
https://www.openssl.org/docs/man1.0.2/apps/dhparam.html
and tried this command:
openssl dhparam -outform DER -out /etc/dovecot/dh-new.pem -2 4096
(after reading Alexander's reply).
It just finished and dovecot seems to be working with it, although it's 
got no DH header line. At least dovecot doesn't complain when starting up.
Anyway, I'll now reuse the dh.pem from no. 1 on the other machines.

Thanks for the help!

Kai

systemd also listening on imaps port

2018-08-20 Thread Kai Schaetzl 
I noticed that most of the time with dovecot 2.3 I get this output, 
showing systemd listening on the port as well:

lsof -i TCP:993
systemd 1 root   38u  IPv4 3388360574  0t0  TCP *:imaps (LISTEN)
systemd 1 root   41u  IPv6 3388360575  0t0  TCP *:imaps (LISTEN)
dovecot 11607 root5u  IPv4 3388360574  0t0  TCP *:imaps (LISTEN)
dovecot 11607 root6r  IPv6 3388360575  0t0  TCP *:imaps (LISTEN)

Sometimes I don't get the extra systemd lines, but I can't reproduce it 
now. It's only for port 143 and 993. Other ports show only two dovecot 
processes. Operation seems to be normal.

Is this how it is supposed to be with dovecot 2.3?
This is Ubuntu 16.04.

Re: Does domain quota work and how?

2018-08-20 Thread Kai Schaetzl 
So, is this config correct for domain quota dictionary-based and how 
should it work?

Kai

Re: systemd also listening on imaps port

2018-08-20 Thread Aki Tuomi 



On 20.08.2018 14:32, Kai Schaetzl wrote:
> I noticed that most of the time with dovecot 2.3 I get this output, 
> showing systemd listening on the port as well:
>
> lsof -i TCP:993
> systemd 1 root   38u  IPv4 3388360574  0t0  TCP *:imaps (LISTEN)
> systemd 1 root   41u  IPv6 3388360575  0t0  TCP *:imaps (LISTEN)
> dovecot 11607 root5u  IPv4 3388360574  0t0  TCP *:imaps (LISTEN)
> dovecot 11607 root6r  IPv6 3388360575  0t0  TCP *:imaps (LISTEN)
>
> Sometimes I don't get the extra systemd lines, but I can't reproduce it 
> now. It's only for port 143 and 993. Other ports show only two dovecot 
> processes. Operation seems to be normal.
>
> Is this how it is supposed to be with dovecot 2.3?
> This is Ubuntu 16.04.
>
>
>

This is due to dovecot.socket file telling systemd to listen on these,
and spawn dovecot if a connection comes in.

Aki

Re: imapsieve: Change message flags on COPY

2018-08-20 Thread Leandro Lucarella 
On Friday 17 August 2018 22:27:05 CEST Stephan Bosch wrote:
> Op 17/08/2018 om 19:44 schreef Leandro Lucarella:
> > On Friday 17 August 2018 01:41:39 CEST Stephan Bosch wrote:
> >> dovecot -n
> 
> I tried your configuration here with your Sieve script. It works here as
> expected with or without the fileinto action (so also with only
> setflag).
> 
> I changed your script a little to detect "INBOX/Archive" rather than
> just "Archive" to match my setup.
> 
> Testing looked as follows (using /usr/lib/dovecot/imap from command
> line):
[snip working test]
> 
> You can try this at your end. If it really doesn't work, you may need to
> upgrade. I am not sure, but quite a few IMAPSieve bugs were fixed in
> the last year or so.

OK, thanks for trying this out. I did a quick check by connecting to the 
server manually and issuing the IMAP commands myself (COPY of a message 
without flags and then check the flags in the new folder) and I verified 
in my case the flags are not set properly.

I guess that test is enough to conclude that probably the version I'm 
using (the one in Ubuntu 18.04.1) is buggy, right?

Is there some mode you are using to run a test server and issue the 
commands to do the testing, or is it just some manual work to set up a new 
server with a test account etc. you are using?

Thanks again a lot for the testing.

PS: Removing the !SSLv2 removed the warning too. Thanks!

-- 
Leandro Lucarella (Luca)
https://llucax.com

signature.asc
Description: This is a digitally signed message part.

Re: creation of ssl-parameters fails

2018-08-20 Thread Aki Tuomi 



On 20.08.2018 14:32, Kai Schaetzl wrote:
> Aki Tuomi wrote on Sun, 19 Aug 2018 20:56:28 +0300 (EEST):
>
>> openssl gendh 4096 > params.pem
> Ok. I then misunderstood what's written at
> https://wiki.dovecot.org/SSL/DovecotConfiguration
>
> I thought I need to create dh.pem in two steps:
>
> 1. openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
> 2. dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl 
> dhparam -inform der > /etc/dovecot/dh.pem
>
> That's what I did on the first installation. ssl-parameters.dat already 
> existed and I just used the second command to transform it. Now I thought 
> I must have had generated ssl-parameters.dat with the first command back 
> then. But apparently I haven't.
>
> Now I was trying to make steps 1 and 2 and that fails because the 
> generated ssl-parameters.dat is apparently not the format expected.
>
> Basically
> openssl dhparam 4096 > /etc/dovecot/dh.pem
> would do the trick? I misread that from the wiki.

Yes. ssl-parameters.dat is a file which contains the generated
parameters, and the dd trick is to just to save some time, it basically
extracts the DER formatted parameters there and convert them into PEM.
ssl-parameters.dat file is not used by Dovecot in any way after 2.3.0

Aki

> Before reading your reply I checked
> https://www.openssl.org/docs/man1.0.2/apps/dhparam.html
> and tried this command:
> openssl dhparam -outform DER -out /etc/dovecot/dh-new.pem -2 4096
> (after reading Alexander's reply).
> It just finished and dovecot seems to be working with it, although it's 
> got no DH header line. At least dovecot doesn't complain when starting up.
> Anyway, I'll now reuse the dh.pem from no. 1 on the other machines.
>
> Thanks for the help!
>
> Kai
>
>

Re: Does domain quota work and how?

2018-08-20 Thread Aki Tuomi 



On 20.08.2018 14:32, Kai Schaetzl wrote:
> So, is this config correct for domain quota dictionary-based and how 
> should it work?
>
> Kai
>
>
>
We are still investigating your issue.

Aki

Strange problem on lmtp with dovecot 2.3.2.1

2018-08-20 Thread davide marchi 
Hi to all i have compiled and installed dovecot 2.3.2.1 on debian 6 with
success but now i'm facing a strange problem on communication from postfix
installed on server A with dovecot installed on server B (which version is
2.3.2.1). All incoming emails delivered from esternal from server A to
server B with LMTP is rejected with this message error

"smtpgw postfix/lmtp[1772]: 6194CA00B3: to=,
relay=192.168.10.50[192.168.10.50]:24, delay=0.02, delays=0/0.01/0.01/0,
dsn=5.5.4, status=undeliverable (host 192.168.10.50[192.168.10.50] said:
501 5.5.4 Invalid FROM: Missing domain (in reply to MAIL FROM command))"

I cant identify what is the problem , for now i have bypassed lmtp using
smtp but my goal is returning to lmtp that i have used since old versions
of dovecot.

Re: systemd also listening on imaps port

2018-08-20 Thread Kai Schaetzl 
Ok, thanks!

Kai

Re: Strange problem on lmtp with dovecot 2.3.2.1

2018-08-20 Thread Stephan Bosch 

Hi,

Op 20/08/2018 om 18:01 schreef davide marchi:
Hi to all i have compiled and installed dovecot 2.3.2.1 on debian 6 
with success but now i'm facing a strange problem on communication 
from postfix installed on server A with dovecot installed on server B 
(which version is 2.3.2.1). All incoming emails delivered from 
esternal from server A to server B with LMTP is rejected with this 
message error


"smtpgw postfix/lmtp[1772]: 6194CA00B3: 
to=mailto:x...@mail.cgilfe.it>>, 
relay=192.168.10.50[192.168.10.50]:24, delay=0.02, 
delays=0/0.01/0.01/0, dsn=5.5.4, status=undeliverable (host 
192.168.10.50[192.168.10.50] said: 501 5.5.4 Invalid FROM: Missing 
domain (in reply to MAIL FROM command))"


I cant identify what is the problem , for now i have bypassed lmtp 
using smtp but my goal is returning to lmtp that i have used since old 
versions of dovecot.


Dovecot v2.2. was extremely permissive regarding address syntax. Dovecot 
v2.3+ tends to be more strict, but if there's really an interoperability 
problem we can implement a workaround. First I'd like to know what 
exactly is going on. For some reason, your incoming mails have an 
envelope "from" address without a domain part, which is normally not 
allowed and makes little sense for messages exchanged on the internet. 
Any idea why that may be happening?


Regards,

Stephan.

iOS Mail Client Not Copying to Sent Folder

2018-08-20 Thread Asai 
Greetings,

We have many iOS clients, and some report that they’re having problems with iOS 
mail copying messages to their Sent folder.  This happens 2 - 3 times per day, 
and the phone just says Sending and the client never knows if it sends.  Client 
says apparently email DOES go out, but there is no recording of it.  This is 
usually on our LAN.

We’re not sure if this is solved via Postfix or Dovecot, or maybe something 
else, so I’m posting this message on both forums as a start.  Can anyone point 
us in the right direction here?

Running Postfix 2.11.1 and Dovecot ee 2.2.18.2

see doveconf -n below:

# 2.2.18.2 (866bffbafde7): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8 (73d4f6cd676a)
# OS: Linux 2.6.32-358.el6.x86_64 x86_64 CentOS release 6.4 (Final) ext4
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
deliver_log_format = msgid=%m: from=%f: %$
lock_method = dotlock
mail_home = /vmail/%d/%n/home
mail_location = maildir:/vmail/%d/%n
mail_plugins = " notify"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate
namespace {
  inbox = yes
  location =
  prefix =
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
plugin {
  mail_log_events = delete expunge copy mailbox_delete flag_change append 
mailbox_rename
  mail_log_fields = box msgid from flags
  sieve = /vmail/%d/%n/home/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve/junk-spam.sieve
  sieve_default = /etc/dovecot/sieve/junk-spam.sieve
  sieve_dir = /vmail/%d/%n/home/sieve
}
protocols = imap lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
  unix_listener auth-master {
group = vmail
mode = 0660
user = vmail
  }
  unix_listener auth-userdb {
mode = 0660
user = vmail
  }
  user = root
}
service imap-login {
  process_limit = 200
  process_min_avail = 16
  service_count = 0
  vsz_limit = 0
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  process_min_avail = 0
  service_count = 1
  vsz_limit = 64 M
}
ssl_cert =