Re: where shall I enforce sieve and quota plugins

[Odhiambo Washington via dovecot]

 MDA== LDA

On Wed, 3 Apr 2019 at 06:20, luckydog xf via dovecot 
wrote:

> Hello, guys,
>
>I'm going to using sieve and quota plugins, but I'm not sure where
> shall I enforce against properly?
>
>I see somebody uses them against 20-imap.conf, 15-lda.conf, or
> 20-lmtp.conf
>
>I use LMTP as MDA, so where is the correct location to call these
> plugins and why?
>
>Thanks,
>
>
>

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)

Re: sieve scripts not synching for 2.3.5.1 pre-built

[Marc Weustink via dovecot]

Timo Sirainen via dovecot wrote:
On 2 Apr 2019, at 22.37, Timo Sirainen via dovecot > wrote:


On 2 Apr 2019, at 17.03, Jan-Pieter Cornet via dovecot 
mailto:dovecot@dovecot.org>> wrote:


Hi,

We're synching mailboxes, changing format from maildir to mdbox, 
using doveadm backup/doveadm sync.


When still running 2.2.36, 'doveadm backup' also synched the sieve 
scripts, without issues.


After the upgrade to 2.3.5.1, the sieve sync stopped working. We're 
using the pre-built 2.3 packages from 
https://repo.dovecot.org/ce-2.3-latest/debian/stretch


Looks like this is trivial to reproduce. It used to work still in 
v2.3.1, but then something broke it. Tracking internally in DOP-1062.


Reverting 
https://github.com/dovecot/pigeonhole/commit/479c5e57046dec76078597df844daccbfc0eb75f fixes 
this.




This is a change where strncmp() gets replaced by str_begins(). IMO a 
good change, however in src/lib-sieve/storage/file/sieve-file-storage-save.c


 strncmp(scriptname, fstorage->active_fname, namelen)

gets replaced by

 str_begins(fstorage->active_fname, scriptname)

Note that the arguments are swapped here, giving a false result.

Marc

Re: sieve scripts not synching for 2.3.5.1 pre-built

[Jan-Pieter Cornet via dovecot]

On 2-4-19 21:51, Timo Sirainen via dovecot wrote:

Looks like this is trivial to reproduce. It used to work still in v2.3.1, but 
then something broke it. Tracking internally in DOP-1062.


Reverting 
https://github.com/dovecot/pigeonhole/commit/479c5e57046dec76078597df844daccbfc0eb75f
 fixes this.


Looks like that last patch segments puts the arguments to str_begin in the 
wrong order...
strncmp(prefix, MAILBOX_ATTRIBUTE_PREFIX_SIEVE, strlen(prefix)) == 0
should be translated to:
str_begins(MAILBOX_ATTRIBUTE_PREFIX_SIEVE, prefix)

--
Jan-Pieter Cornet 
Systeembeheer XS4ALL Internet bv
www.xs4all.nl



signature.asc
Description: OpenPGP digital signature

Re: FTS delays

[Joan Moreau via dovecot]

Example from real life 

From Roubdcube, I serach "milan" in full message (body & headers) 


Logs : 


Apr 3 10:24:01 gjserver dovecot[29778]:
imap(j...@grosjo.net)<30311><4pACp52FfCF/AAAB>: Query : ( bcc:milan OR
body:milan OR cc:milan OR from:milan OR message-id:milan OR
subject:milan OR to:milan OR uid:milan )
Apr 3 10:24:01 gjserver dovecot[29778]:
imap(j...@grosjo.net)<30311><4pACp52FfCF/AAAB>: Query: 81 results in 2 ms


81 results is correct 

but Roundcube times out 

from command line, I do : 

doveadm search -u j...@grosjo.net mailbox inbox text milan 

output 


doveadm(j...@grosjo.net): Info: Query : ( bcc:inbox OR body:inbox OR
cc:inbox OR from:inbox OR message-id:inbox OR subject:inbox OR to:inbox
OR uid:inbox ) AND ( bcc:milan OR body:milan OR cc:milan OR from:milan
OR message-id:milan OR subject:milan OR to:milan OR uid:milan )
doveadm(j...@grosjo.net): Info: Query: 1 results in 1 ms
d82b4b0f550d3859364495331209 847
d82b4b0f550d3859364495331209 1569
d82b4b0f550d3859364495331209 2260
d82b4b0f550d3859364495331209 2575
d82b4b0f550d3859364495331209 2811
d82b4b0f550d3859364495331209 2885
d82b4b0f550d3859364495331209 3038
d82b4b0f550d3859364495331209 3121
d82b4b0f550d3859364495331209 3170 

1 - The query is wrong 

2 - teh last line "d8...209 3170" gets repeated for ages 


On 2019-04-02 16:30, Timo Sirainen wrote:

On 2 Apr 2019, at 6.38, Joan Moreau via dovecot  wrote: 


Further on this topic:

When choosing any headers in the search box, dovecot core calls the plugin 
TWICE (and returns the results quickly, but not immediatly after getting the 
IDs from the plugins)

When choosing the BODY search, dovecot core calls the plugin ONCE (and never 
returns) (whereas the plugins returns properly the IDs)


If we simplify this, do you mean this calls it once and is fast:

doveadm search -u user@domain mailbox inbox body helloworld

But this calls twice and is slow:

doveadm search -u user@domain mailbox inbox text helloworld

And what about searching e.g. subject? :

doveadm search -u user@domain mailbox inbox subject helloworld

And does the slowness depend on whether there were any matches or not?


This is based on GIT version. (previous versions were working properly)


Previous versions were fast? Do you mean v2.3.5?

Re: FTS delays

[@lbutlr via dovecot]

On 3 Apr 2019, at 04:30, Joan Moreau via dovecot  wrote:
> doveadm search -u j...@grosjo.net mailbox inbox text milan

Did that search over my list mail and got 83 results, not able to duplicate 
your issue.

What version of dovecot and have you tried to reindex?

dovecot-2.3.5.1 here.


-- 
There is a tragic flaw in our precious Constitution, and I don't know
what can be done to fix it. This is it: Only nut cases want to be
president.

Re: FTS delays

[Joan Moreau via dovecot]

issue seems in the Git version : 

FTS search in teh body ends up with looping 

Other search call twice the FTS plugin (for no reason) 


On 2019-04-03 18:58, @lbutlr via dovecot wrote:

On 3 Apr 2019, at 04:30, Joan Moreau via dovecot  wrote: 


doveadm search -u j...@grosjo.net mailbox inbox text milan


Did that search over my list mail and got 83 results, not able to duplicate 
your issue.

What version of dovecot and have you tried to reindex?

dovecot-2.3.5.1 here.

doveadm backup + ISO 8859-1 mailbox name

[Michael Goth via dovecot]

Hi!

I'm trying to migrate a mailbox from an old IMAP server (not Dovecot) to 
a new Dovecot server with 'doveadm backup'. The command fails because of 
an unexpected character in a mailbox name:



doveadm -o imapc_user=a...@example.org \
-o imapc_password=XXX \
-o imapc_host=old-mailserver.webflow.de \
-o imapc_port=993 \
-o imapc_ssl=imaps \
-o imapc_ssl_verify=no \
-o imapc_features=rfc822.size,fetch-headers \
-o ssl_client_ca_dir=/etc/ssl \
backup -R -f -x ~* -u migration...@example.org imapc:

dsync(migration...@example.org): Info: 
imapc(old-mailserver.webflow.de:993): Connected to 1.1.1.1:993 (local 
2.2.2.2:46154)
dsync(migration...@example.org): Error: Failed to access mailbox 
Entw?rfe: mailbox does not exist



The problem is with "Entw?rfe" here. It's actually Entw<0xfc>rfe, which 
translates to "Entwürfe" in ISO-8859-1.


Why can't doveadm find that mailbox? Is the old mailserver misbehaving 
(I hope not because I have no idea how to change that...), or does this 
happen on the new server? Can I tell doveadm something that makes this work?



Thank you

Michael



--
Michael Goth

.webflow GmbH

Geschäftsführer: Andreas Schrei
Wasserburger Straße 4
D - 83352 Altenmarkt a. d. Alz

Amtsgericht Traunstein HRB 18537

E-Mail:   m...@webflow.de
Tel:  +49 (0) 8621 - 99989 - 26
Fax:  +49 (0) 8621 - 99989 - 28
Web:  www.webflow.de

Re: doveadm backup + ISO 8859-1 mailbox name

[Sami Ketola via dovecot]

> On 3 Apr 2019, at 13.40, Michael Goth via dovecot  wrote:
> 
> Hi!
> 
> I'm trying to migrate a mailbox from an old IMAP server (not Dovecot) to a 
> new Dovecot server with 'doveadm backup'. The command fails because of an 
> unexpected character in a mailbox name:
> 
> 
> doveadm -o imapc_user=a...@example.org \
>-o imapc_password=XXX \
>-o imapc_host=old-mailserver.webflow.de \
>-o imapc_port=993 \
>-o imapc_ssl=imaps \
>-o imapc_ssl_verify=no \
>-o imapc_features=rfc822.size,fetch-headers \
>-o ssl_client_ca_dir=/etc/ssl \
>backup -R -f -x ~* -u migration...@example.org imapc:
> 
> dsync(migration...@example.org): Info: imapc(old-mailserver.webflow.de:993): 
> Connected to 1.1.1.1:993 (local 2.2.2.2:46154)
> dsync(migration...@example.org): Error: Failed to access mailbox Entw?rfe: 
> mailbox does not exist
> 
> 
> The problem is with "Entw?rfe" here. It's actually Entw<0xfc>rfe, which 
> translates to "Entwürfe" in ISO-8859-1.
> 
> Why can't doveadm find that mailbox? Is the old mailserver misbehaving (I 
> hope not because I have no idea how to change that...), or does this happen 
> on the new server? Can I tell doveadm something that makes this work?
> 

Can you log on the remote imap server with telnet or nc and ask for: A LIST "" 
"*"

I think your legacy server does not encode the folder names correctly.

Sami

Re: TFA authentication in dovecot, using XMPP and RFC 4226

[Michael Peddemors via dovecot]

The issue related to plugins that use or advertise other capabilities, 
is that is has to have a hook to modify what's advertised. We are having 
that same challenge where we use CLIENTID as a component for two factor 
as well, but of course the important thing before we can release the 
plugin, is for the ability for plugins to "advertise" capabilities.


Still waiting for that to get the green light on our patch, so we can 
publish some of our plugins related to this, and other things that 
require the ability to advertise the capability string.


Variable Capabilities Patch
https://github.com/dovecot/core/pull/86

As an aside, another aggressive botnet launched on April 1st, trying to 
test all the information in the large breached data, appears to be 
'verifications.io' breach.. As long as these types of breaches occur, we 
need more universal methods for two factor.. hoping to see movement on 
that pull request, so we can share more of what we are doing in our 
custom environments.


On 2019-04-02 11:16 p.m., André Rodier via dovecot wrote:

Hello,

I would like to implement some kind of two factors authentication, in
Dovecot.

I am thinking about using the post login script, to check for unusual
behaviour, like say, a different country / IP address or an unusual
hour.

I already wrote a simple shell script that check these factors, but
now, I have some options for the following, and I need to know your
opinion if this is feasible or not.

I want to use google authenticator Debian package (support the HMAC-
Based One-time Password (HOTP) algorithm specified in RFC 4226 and the
Time-based One-time Password (TOTP))

The challenge would be send via XMPP. This second part is fairly easy
to do, I have all the packages on Debian, for instance sendxmpp. The
first tests are promising.

In case of success, the IP address is added to the list, let's say for
one month...

My back-end for authentication is OpenLDAP.

My questions are:

- Do you see any performance issues for other users or login processes,
if I implement this?
- I am planning to use a timeout, for instance one minute to confirm
the connection. Does Dovecot have a timeout on its side, that would
abort the connection before?

Otherwise:

- Is it possible to have multiple authentication back-ends in Dovecot?
For instance LDAP and/or OTP?
- I think to have seen some TFA options in Dovecot, but AFAICS, they
are mandatory.

Thanks for your insights, and this fabulous software.





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

Re: Using lmtp to authenticate email users

[Tanstaafl via dovecot]

On Thu Mar 28 2019 17:04:37 GMT-0400 (Eastern Standard Time), Patrick
Mahan via dovecot  wrote:
> Hmm, actually it is set -
> 
> root@ns:/usr/local/etc/dovecot # dovecot -a | grep auth_username_format
> auth_username_format = %Ln

Use doveconf, not dovecot (although they may do the same thing).

doveconf -a just shows you ALL settings, regardless of whether or not
they are set in your particular config.

doveconf -n shows you the settings that your running dovecot is actually
using.

SMTPUTF8 support

[sylvhem--- via dovecot]

Hi,

I'm currently trying to set up SMTPUTF8 on my mail stack, but I can't 
find any information on Dovecot's RFC 6531 support. Has it been 
implemented yet? If so, does anyone know how to activate it?

Regards.

--
Sylvhem

Re: [BUG?] Double quota calulation when special folder is present

[Mark Moseley via dovecot]

On Wed, Mar 20, 2019 at 2:13 PM Mark Moseley  wrote:

> Just hoping to get some dev eyes on this. I'm incredibly reluctant to
> throw the word 'bug' around
> (since 99 times out of 100, it's not -- it's almost always the config),
> but I can't think of any way
> that this could be a config issue, esp when the pre-2.2.34 version works
> as expected.
>
> I noticed during troubleshooting that dovecot errors out if I try to
> create a subfolder called
> 'INBOX' but it'll happily create a subfolder called INBOX.SomethingElse
> (i.e. a folder called
> INBOX.INBOX.SomethingElse - resulting in a directory called
> .INBOX.SomethingElse on the
> filesystem, and leading to the problem described below). Is that
> sub-subfolder creation (where
> the top level subfolder matches the namespace name) supposed to be
> allowed? It seems
> odd that 'INBOX' (as a subfolder of INBOX) would be blocked but
> INBOX.SomethingElse (as
> a subfolder of INBOX) would be allowed. I'd expect INBOX.SomethingElse
> (i.e.
> INBOX.INBOX.SomethingElse) would be blocked as well.
>
>
> On Wed, Mar 13, 2019 at 4:46 AM Bernd Wurst via dovecot <
> dovecot@dovecot.org> wrote:
>
>> Hello,
>>
>> we're operating dovecot on a small server. Some years ago, we migrated
>> from courier IMAP to dovecot. Therefore, we defined our default
>> Namespace "inbox" with prefix "INBOX." to have this compatible. I found
>> this in some migration docs those days. Generally, everything worked as
>> expected.
>>
>> Our only namespace is configured like this:
>>
>> namespace inbox {
>>  separator = .
>>   prefix = INBOX.
>>   inbox = yes
>> }
>>
>> Regularly, there is no folder named INBOX or .INBOX in the file system,
>> I suppose this is correct.  But I found a special corner case today when
>> it comes to quota calculation.
>>
>> When - for whatever reason - a folder .INBOX.foo (for arbitrary values
>> of foo) exists, the whole mailbox is counted twice in quota
>> recalculation. Just creating .INBOX does nothing but a subfolder
>> triggers the problem.
>>
>> This is my shell view (replaced username and file path and deleted
>> unnecessary debug output)
>>
>> $ cat maildirsize
>> 268435456S
>> 14697 17
>> $ maildirmake .INBOX.foo
>> $ sudo doveadm -D quota recalc -u 
>> [...]
>> doveadm(): Debug: Namespace inbox: type=private, prefix=INBOX.,
>> sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes
>> location=maildir:/home/.../test
>> doveadm(): Debug: maildir++: root=/home/.../test, index=,
>> indexpvt=, control=, inbox=/home/.../test, alt=
>> doveadm(): Debug: Namespace : type=private, prefix=, sep=,
>> inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none
>> doveadm(): Debug: none: root=, index=, indexpvt=, control=,
>> inbox=, alt=
>> doveadm(): Debug: quota: quota_over_flag check: quota_over_script
>> unset - skipping
>> doveadm(): Debug: Quota root User quota: Recalculated relative
>> rules with bytes=268435456 count=0. Now grace=26843545
>> doveadm(): Debug: Namespace INBOX.: Using permissions from
>> /home/.../test: mode=0700 gid=default
>>
>> $ cat maildirsize
>> 268435456S
>> 29394 34
>>
>>
>> So the used quota has exactly been doubled by just creating an empty
>> subfolder.
>>
>> Do you have any pointers for fixing my configuration or is this a bug in
>> dovecot?
>>
>>
> I coincidentally resurrected a months-old thread with this same issue a
> few days ago. I'm seeing the exact same after upgrading from 2.2.32 to
> 2.2.36.
>
> The original poster (who also narrowed it down to something in 2.2.34)
> mentioned a workaround that does indeed work, namely setting
> mailbox_list_index=no:
>
> > doveadm -o 'mailbox_list_index=no' quota recalc -u myuser
>
> I've been staring at diffs of 2.2.33 and 2.2.34 without anything jumping
> out at me (not a C guy, sadly). Maybe src/lib-storage/index/index-storage.c
> or src/lib-storage/list/mailbox-list-fs-iter.c or
> src/lib-storage/list/mailbox-list-index-iter.c
> or src/lib-storage/list/mailbox-list-index.c?
>
> The latter few have some added strcmp's against "INBOX". Then again,
> there's a lot of new code in the diffs under src/lib-storage that
> references INBOX specifically.
>

Can the Dovecot team confirm whether this is indeed a bug or not?  I've not
yet been able to test 2.3.x to see if the problem exists there as well.

Re: SMTPUTF8 support

[Michael Slusarz via dovecot]

> On April 3, 2019 at 10:12 PM sylvhem--- via dovecot  
> wrote:
> 
> I'm currently trying to set up SMTPUTF8 on my mail stack, but I can't 
> find any information on Dovecot's RFC 6531 support. Has it been 
> implemented yet? 

No.

michael

Re: SMTPUTF8 support

[sylvhem--- via dovecot]

Le 2019-04-04 01:36, Michael Slusarz a écrit :
On April 3, 2019 at 10:12 PM sylvhem--- via dovecot 
 wrote:


I'm currently trying to set up SMTPUTF8 on my mail stack, but I can't
find any information on Dovecot's RFC 6531 support. Has it been
implemented yet?


No.

michael

Thank you for the answer Michael.
Does anybody know if it's been worked on?

--
Sylvhem