sieve vacation to an alias group
Hi, We have an alias group named x...@example.com, this alias group has 3 actual users a...@example.com, b...@example.com and c...@example.com We set vacation rule on the generic sieve rule, the problem is that 3 responses are sent to the original sender. (obviously because the rule is being executed with each user in the alias group) Is it possible to set auto response only once, we tried the ( :days 1) option but still all 3 respond back. How can such a setup be achieved. (Single auto response to an alias group) CentOS 7.5 dovecot-pigeonhole-2.3.4.1-1.x86_64 dovecot-2.3.4.1-1.x86_64 postfix 2.10-1 -- Best Regards Monis
Re: Upgrading to 2.3
Hi, @lbutlr via dovecot, 08.03.19: On 8 Mar 2019, at 05:54, Aki Tuomi via dovecot wrote: https://wiki.dovecot.org/Upgrading Duh. I wasn't looking for a URL that was specific. https://wiki2.dovecot.org/Upgrading/2.3 ;-) Kind Regards Christian -- No signature available. smime.p7s Description: S/MIME Cryptographic Signature
Re: sieve vacation to an alias group
On Sat, 9 Mar 2019 at 14:41, Monis Monther via dovecot wrote: > Hi, > > We have an alias group named x...@example.com, this alias group has 3 > actual users a...@example.com, b...@example.com and c...@example.com > > We set vacation rule on the generic sieve rule, the problem is that 3 > responses are sent to the original sender. (obviously because the rule is > being executed with each user in the alias group) > > Is it possible to set auto response only once, we tried the ( :days 1) > option but still all 3 respond back. > > How can such a setup be achieved. (Single auto response to an alias group) > > CentOS 7.5 > dovecot-pigeonhole-2.3.4.1-1.x86_64 > dovecot-2.3.4.1-1.x86_64 > postfix 2.10-1 > > > -- > Best Regards > Monis > If the whole "group" (alias) isn't on vacation, then why are you doing this? Let a,b or c activate their rules individually. K.I.S.S principle. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)
Re: sieve vacation to an alias group
Because its not actually a vacation, we are using it as an auto response feature. Its a support group that should auto respond to the customer automatically for the first time. If there is another method to achieve this, then we are more than happy to change our setup. Thanks Monis On Sat, Mar 9, 2019 at 4:36 PM Odhiambo Washington wrote: > > > On Sat, 9 Mar 2019 at 14:41, Monis Monther via dovecot < > dovecot@dovecot.org> wrote: > >> Hi, >> >> We have an alias group named x...@example.com, this alias group has 3 >> actual users a...@example.com, b...@example.com and c...@example.com >> >> We set vacation rule on the generic sieve rule, the problem is that 3 >> responses are sent to the original sender. (obviously because the rule is >> being executed with each user in the alias group) >> >> Is it possible to set auto response only once, we tried the ( :days 1) >> option but still all 3 respond back. >> >> How can such a setup be achieved. (Single auto response to an alias group) >> >> CentOS 7.5 >> dovecot-pigeonhole-2.3.4.1-1.x86_64 >> dovecot-2.3.4.1-1.x86_64 >> postfix 2.10-1 >> >> >> -- >> Best Regards >> Monis >> > > If the whole "group" (alias) isn't on vacation, then why are you doing > this? Let a,b or c activate their rules individually. K.I.S.S principle. > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft.", grep ^[^#] :-) > -- Best Regards Monis
Re: sieve vacation to an alias group
On 9 Mar 2019, at 06:43, Monis Monther via dovecot wrote: > Because its not actually a vacation, we are using it as an auto response > feature. Have you considered that your users hate auto-response messages and that "we got your mail" is basically saying "we'll get around to it in a much longer amount of time than seems reasonable, so we’re trying to placate you by sending you a useless auto-response"? I mean, that's how I view auto-responses; they instantly lower my perception of the company. -- Real magic is the hand around the bandsaw, the thrown spark in the powder keg, the dimension-warp linking you straight into the heart of a star, the flaming sword that burns all the way to the pommel. --Moving Pictures
Auto MX Email Client configuration, the right way?
Hi Friends! An opinion. I would like to facilitate the configuration of one's mail client (desktop or mobile) to my users server. Some time ago I asked the same question and you suggested me to use "Automx". So I started of good will and I looked for the Automx documentation. And here the problems started as I found several inconsistencies, even parameters (in official documentation) that produce Apache errors.. to complicate things, different path between deb packages and official version :-) Now I've seen the new RFC 6186 specification (https://tools.ietf.org/html/rfc6186) that describe a "DNS way" to achieve the same goal. [..] 4. Guidance for MUAs By using SRV records as above, MUAs need initially only to prompt the user for their email address [RFC5322]. The "local-part" and "domain" portions are then extracted from the email address by the MUA. The MUA uses the "domain" portion as the service domain to perform SRV lookups for the services it wants to configure. If the SRV lookup is successful, the target FQDN and port for the service can be determined and used to complete MUA configuration. If an SRV record is not found, the MUA will need to prompt the user to enter the FQDN and port information directly, or use some other heuristic. In the case of multiple SRV records returned for a particular service, the MUA MUST use the priority and weight fields in the record to determine which one to use (as per [RFC2782]). [..] again: [..] When a user identifier is required, MUAs MUST first use the full email address provided by the user, and if that results in an authentication failure, SHOULD fall back to using the "local- part" extracted from the email address. This is in line with the guidance outlined in Section 5. If both these user identifiers result in authentication failure, the MUA SHOULD prompt the user for a valid identifier. [..] here I have the biggest doubt, in fact Thunderbird often uses only the username and not the whole email address, both for incoming and outgoing server... Is any of you using this second way? And possibly, do you kniw if it works with different clients (desktop and mobile)? Many many thanks! Davide
Re: sieve vacation to an alias group
Actually our customers feel the exact opposite and feel very happy when receiving the email, it tells customers that we did receive your request and someone has already seen it. If they don't receive this email they will start calling on the call center and asking if anyone has seen their email. This is similar to any ticketing system, It there a way to achieve this? Thanks Monis On Sat, Mar 9, 2019 at 9:29 PM @lbutlr via dovecot wrote: > On 9 Mar 2019, at 06:43, Monis Monther via dovecot > wrote: > > Because its not actually a vacation, we are using it as an auto response > feature. > > Have you considered that your users hate auto-response messages and that > "we got your mail" is basically saying "we'll get around to it in a much > longer amount of time than seems reasonable, so we’re trying to placate you > by sending you a useless auto-response"? > > I mean, that's how I view auto-responses; they instantly lower my > perception of the company. > > -- > Real magic is the hand around the bandsaw, the thrown spark in the > powder keg, the dimension-warp linking you straight into the heart of a > star, the flaming sword that burns all the way to the pommel. --Moving > Pictures > > -- Best Regards Monis
Re: Auto MX Email Client configuration, the right way?
On 09.03.19 19:43, Davide Marchi via dovecot wrote: > Hi Friends! > An opinion. > > I would like to facilitate the configuration of one's mail client > (desktop or mobile) to my users server. > Some time ago I asked the same question and you suggested me to use > "Automx". > > So I started of good will and I looked for the Automx documentation. And > here the problems started as I found several inconsistencies, even > parameters (in official documentation) that produce Apache errors.. > to complicate things, different path between deb packages and official > version :-) > > Now I've seen the new RFC 6186 specification > (https://tools.ietf.org/html/rfc6186) that describe a "DNS way" to > achieve the same goal. > > [..] > 4. Guidance for MUAs > > By using SRV records as above, MUAs need initially only to prompt the > user for their email address [RFC5322]. The "local-part" and > "domain" portions are then extracted from the email address by the > MUA. The MUA uses the "domain" portion as the service domain to > perform SRV lookups for the services it wants to configure. If the > SRV lookup is successful, the target FQDN and port for the service > can be determined and used to complete MUA configuration. If an SRV > record is not found, the MUA will need to prompt the user to enter > the FQDN and port information directly, or use some other heuristic. > In the case of multiple SRV records returned for a particular > service, the MUA MUST use the priority and weight fields in the > record to determine which one to use (as per [RFC2782]). > > [..] > > again: > [..] > When a user identifier is required, MUAs MUST first > use the full email address provided by the user, and if that results > in an authentication failure, SHOULD fall back to using the "local- > part" extracted from the email address. This is in line with the > guidance outlined in Section 5. If both these user identifiers > result in authentication failure, the MUA SHOULD prompt the user for > a valid identifier. > [..] > > here I have the biggest doubt, in fact Thunderbird often uses only the > username and not the whole email address, both for incoming and outgoing > server... > Is any of you using this second way? And possibly, do you kniw if it > works with different clients (desktop and mobile)? > > > Many many thanks! > > Davide > > > Thunderbrid als support this own way: https://wiki.mozilla.org/Thunderbird:Autoconfiguration
Re: Auto MX Email Client configuration, the right way?
On 09.03.19 19:43, Davide Marchi via dovecot wrote: > Hi Friends! > An opinion. > > I would like to facilitate the configuration of one's mail client > (desktop or mobile) to my users server. > Some time ago I asked the same question and you suggested me to use > "Automx". > > So I started of good will and I looked for the Automx documentation. And > here the problems started as I found several inconsistencies, even > parameters (in official documentation) that produce Apache errors.. > to complicate things, different path between deb packages and official > version :-) > > Now I've seen the new RFC 6186 specification > (https://tools.ietf.org/html/rfc6186) that describe a "DNS way" to > achieve the same goal. > > [..] > 4. Guidance for MUAs > > By using SRV records as above, MUAs need initially only to prompt the > user for their email address [RFC5322]. The "local-part" and > "domain" portions are then extracted from the email address by the > MUA. The MUA uses the "domain" portion as the service domain to > perform SRV lookups for the services it wants to configure. If the > SRV lookup is successful, the target FQDN and port for the service > can be determined and used to complete MUA configuration. If an SRV > record is not found, the MUA will need to prompt the user to enter > the FQDN and port information directly, or use some other heuristic. > In the case of multiple SRV records returned for a particular > service, the MUA MUST use the priority and weight fields in the > record to determine which one to use (as per [RFC2782]). > > [..] > > again: > [..] > When a user identifier is required, MUAs MUST first > use the full email address provided by the user, and if that results > in an authentication failure, SHOULD fall back to using the "local- > part" extracted from the email address. This is in line with the > guidance outlined in Section 5. If both these user identifiers > result in authentication failure, the MUA SHOULD prompt the user for > a valid identifier. > [..] > > here I have the biggest doubt, in fact Thunderbird often uses only the > username and not the whole email address, both for incoming and outgoing > server... > Is any of you using this second way? And possibly, do you kniw if it > works with different clients (desktop and mobile)? > > > Many many thanks! > > Davide > > > Thunderbrid als support this own way: https://wiki.mozilla.org/Thunderbird:Autoconfiguration
GSSAPI and usernames, not Kerberos ticket names
Hi all,
I've got a Dovecot v2.3.3 IMAP with GSSAPI auth set up.
This server is in main domain, 'contoso.com'. I also have several
subdomains.
My problem is usernames with GSSAPI authentication:
When I try to login as 'user' or as 'u...@contoso.com' - everything
works. But, 'u...@contoso.com' auth fails.
But when I try to login as subdomain user, 'user2' - it fails to login.
'us...@sub.contoso.com' fails also.
However, 'us...@sub.contoso.com' works ok.
It looks like PAM uses domain part of login as Kerberos realm name,
regardless of Kerberos domain-realm mapping. Also, if domain part is not
specified, PAM (Kerberos?) fails to determine non-default realm.
What am I missing?
Is there a way to use traditional 'user@domain' login names with
PAM/GSSAPI, instead of Kerberos ticket names?
Or maybe to tell PAM module to convert domain part of username to
uppercase before using?
Thanks on any help or advice.
= dovecot.conf: =
auth_mechanisms = gssapi plain login external
auth_gssapi_hostname = "$ALL"
auth_krb5_keytab = /etc/krb5.keytab
auth_default_realm =
passdb {
driver = pam
args = cache_key=%d%r%n failure_show_msg=yes dovecot
}
userdb {
driver = static
args = uid=502 gid=502
home=/var/vmail/%L{auth_domain}/%L{auth_username}
mail=maildir:/var/vmail/%L{auth_domain}/%L{auth_username}/Maildir
allow_all_users=yes
}
=
= pam.d/dovecot: =
authsufficientpam_krb5.so use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
passwordsufficientpam_krb5.so use_authtok
session optional pam_krb5.so
=
= krb5.conf: =
[libdefaults]
default_realm = CONTOSO.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
CONTOSO.COM = {
kdc = dc.contoso.com:88
admin_server = dc.contoso.com:749
}
[domain_realm]
contoso.com = CONTOSO.COM
.contoso.com = CONTOSO.COM
sub.contoso.com = CONTOSO.COM
.sub.contoso.com = CONTOSO.COM
SUB.CONTOSO.COM = CONTOSO.COM
.SUB.CONTOSO.COM = CONTOSO.COM
[appdefaults]
pam = {
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
= klist server
Default principal: imap/mail2.contoso@contoso.com
= klist client
Default principal: us...@sub.contoso.com
= Logging in with us...@sub.contoso.com - OK: =
auth: Debug: client in: AUTH1 GSSAPI service=imap
secured=tls session=
auth: Debug: gssapi(?,192.168.,): Using all
keytab entries
auth: Debug: client passdb out: CONT1
auth: Debug: client in: CONT
auth: Debug:
gssapi(us...@sub.contoso.com,192.168,): security
context state completed.
auth: Debug: client passdb out: CONT1 YIGVB
auth: Debug: client in: CONT
auth: Debug:
gssapi(us...@sub.contoso.com,192.168.,):
Negotiated security layer
auth: Debug: client passdb out: CONT1 BQQF/.
auth: Debug: client in: CONT
auth: Debug:
pam(us...@sub.contoso.com,192.168.,): passdb
doesn't support credential lookups
auth: Debug:
gssapi(us...@sub.contoso.com,192.168.,): skipping
passdb: mechanism filtered
auth: Debug: client passdb out: OK 1
user=us...@sub.contoso.comoriginal_user=us...@sub.contoso.com
= Logging in with us...@sub.contoso.com - FAIL: =
auth: Debug: client in: AUTH1 GSSAPI service=imap
secured=tls session=...
auth: Debug: gssapi(?,192.168,): Using all keytab
entries
auth: Debug: client passdb out: CONT1
auth: Debug: client in: CONT
auth: Debug:
gssapi(us...@sub.contoso.com,192.168,): security
context state completed.
auth: Debug: client passdb out: CONT1 YIGVB.
auth: Debug: client in: CONT
auth: Debug:
gssapi(us...@sub.contoso.com,192.168,): Negotiated
security layer
auth: Debug: client passdb out: CONT1 BQQF/.
auth: Debug: client in: CONT
auth: Debug:
pam(us...@sub.contoso.com,192.168.,): passdb
doesn't support credential lookups
auth: Debug:
gssapi(us...@sub.contoso.com,192.168.,): skipping
passdb: mechanism filtered
auth: Debug: client passdb out: FAIL1
user=us...@sub.contoso.comoriginal_user=us...@sub.contoso.com
Re: Assistance with doveadm backup...
Okay, apparently I’m just a complete idiot. Why doesn’t this work? doveadm -Dv backup -u user Maildir:/mnt/maelstrombackups/vmailbackup With user being the actual user name. No backup is created, it just shows me the usage text. Jeff > On Feb 20, 2019, at 10:11 PM, SH Development > wrote: > > I am having trouble locating examples of how to use doveadm backup. All the > examples I see are for sync. I simply want to create a backup to a network > volume of the email server's vmail folders. The goal here is to have a > reasonably current backup should the main drive on the email server go south. > > We currently authenticate our users from a mysql database. User’s mailboxes > are stored as domainname/username/Maildir > > I assume what I will wind up on the network volume is a duplicate directory > structure as the vmail folder on the email server? > > Can someone help get me started here? > > Jeff
Re: Assistance with doveadm backup...
What version are you using? Aki On 10 March 2019 00:40 SH Development via dovecot < dovecot@dovecot.org> wrote: Okay, apparently I’m just a complete idiot. Why doesn’t this work? doveadm -Dv backup -u user Maildir:/mnt/maelstrombackups/vmailbackup With user being the actual user name. No backup is created, it just shows me the usage text. Jeff On Feb 20, 2019, at 10:11 PM, SH Development < listacco...@starionline.com> wrote: I am having trouble locating examples of how to use doveadm backup. All the examples I see are for sync. I simply want to create a backup to a network volume of the email server's vmail folders. The goal here is to have a reasonably current backup should the main drive on the email server go south. We currently authenticate our users from a mysql database. User’s mailboxes are stored as domainname/username/Maildir I assume what I will wind up on the network volume is a duplicate directory structure as the vmail folder on the email server? Can someone help get me started here? Jeff --- Aki Tuomi
Re: readonly archive folders using squashfs
For every u...@domain.tld I created a u...@backup.domain.tld where he could look up deleted messages (archive). I then made u...@backup.domain.tld's cur directory a shared directory to u...@domain.tld but only with read privileges. So, anytime the user wants to read his old messages, he only needs to read his .archive folder, which is u...@backup.domain.tld's cur. No need to make the filesystem read-only. The difficulty is to make sure that every e-mail, sent or received, gets backed up properly before being deleted. Relying on cron jobs is not an option since the e-mail can be deleted and expunged before the script has a chance to get executed and do the backup. So what I did is to create a hidden sieve filter for every user's **main** mailbox (u...@domain.tld) that automatically creates a copy of every incoming message to the u...@backup.domain.tld mailbox. For outgoing e-mail, one can do a bcc map in postfix (or the equivalent in other SMTP software) that ensures that every sent mail is also sent to user+s...@backup.domain.tld, then you can create a filter in the user's **backup** mailbox (u...@backup.domain.tld) that filters on the user+sent part of the e-mail and stores every e-mail sent to that e-mail address to the .Sent directory in the u...@backup.domain.tld mailbox. Finally, the backup.domain.tld doesn't even have to be declared in the DNS nor in /etc/hosts and can be entirely virtual to the MTA (for ex. in postfix that would only be added to virtual_mailbox_domains) Yassine. On 3/8/19 12:49 AM, Natu via dovecot wrote: I have a dovecot server running under CentOS using maildir format. Due to the issue with minimum blocksize for files I would like to offer some kind of readonly archive using something like the compressed squashfs where I would move messages to be archived to a maildir folder and then convert "cur" directory into a squashfs and mount it in place of the original directory so my biggest users could have readonly access to older messages without it using so much disk space. Has anyone tried anything like this before and is dovecot likely to complain about the readonly cur directory? If the complaints are minimal and didn't cause other problems it might be ok. Any better ideas to implement something like this? Thank You, Natu
