Re: 2.3.17: Panic on LMTP deliveries
On 11/11/2021 14:20, Michael Glaus wrote: Since the doevcot update to 2.3.17 i get a panic if a mail is delivered with lmtp. In the logs i get these messages: lmtp(r...@example.com)<21067>: Error: lmtp-server: conn 10.0.0.105:52981 [1]: rcpt r...@example.com: duplicate db: User r...@example.com doesn't have home dir set, disabling duplicate database lmtp(r...@example.com)<21067>: Panic: file imem.c: line 65 (i_strconcat): assertion failed: (str1 != NULL) lmtp(r...@example.com)<21067>: Fatal: master: service(lmtp): child 21067 killed with signal 6 (core dumped) In the running config userdb does not return the field “home” and therefor a user does not have a “mail_home” only a “mail_location”. If i change the config to provide a “mail_home” it works, but due to the directory structure i can not change this yet. Problem confirmed. This is a 2.3.17 regression. Tracking internally as DOP-2659. Regards, Stephan.
IPv4/v6 based access checking and logging
Hi, I am currently using postfix/dovecot with postfix admin and I track the last login date already by using this: https://doc.dovecot.org/configuration_manual/lastlogin_plugin/ Besides last login date, I would like to also implement IPv4 and IPv6 last login tracking also and if possible, IP based login checking. Is post-login scripting the best most efficient way to go? Regards, Lefteris
RE: IPv4/v6 based access checking and logging
If yore gonna check for IP, you should do it in pre-login so you can reject the username/password combo if the registred IP of account does not match.But guess its better to write a custom login handler for that, that also checks user's ip against database, in addition to username/password, and tells client username/password is wrong if IP is unauth.. Originalmeddelande Från: Lefteris Tsintjelis Datum: 2021-11-12 18:48 (GMT+01:00) Till: dovecot@dovecot.org Ämne: IPv4/v6 based access checking and logging Hi,I am currently using postfix/dovecot with postfix admin and I track the last login date already by using this:https://doc.dovecot.org/configuration_manual/lastlogin_plugin/Besides last login date, I would like to also implement IPv4 and IPv6 last login tracking also and if possible, IP based login checking. Is post-login scripting the best most efficient way to go?Regards,Lefteris
Re: IPv4/v6 based access checking and logging
I don't suppose there is a handler already for this one? Yes, that would have been the best to also add a warning system in case of unauthorized IP access. On 12/11/2021 20:00, Sebastian Nielsen wrote: If yore gonna check for IP, you should do it in pre-login so you can reject the username/password combo if the registred IP of account does not match. But guess its better to write a custom login handler for that, that also checks user's ip against database, in addition to username/password, and tells client username/password is wrong if IP is unauth.. Originalmeddelande Från: Lefteris Tsintjelis Datum: 2021-11-12 18:48 (GMT+01:00) Till: dovecot@dovecot.org Ämne: IPv4/v6 based access checking and logging Hi, I am currently using postfix/dovecot with postfix admin and I track the last login date already by using this: https://doc.dovecot.org/configuration_manual/lastlogin_plugin/ Besides last login date, I would like to also implement IPv4 and IPv6 last login tracking also and if possible, IP based login checking. Is post-login scripting the best most efficient way to go? Regards, Lefteris
Re: IPv4/v6 based access checking and logging
Em 12/11/2021 14:47, Lefteris Tsintjelis escreveu:
Hi,
I am currently using postfix/dovecot with postfix admin and I track
the last login date already by using this:
https://doc.dovecot.org/configuration_manual/lastlogin_plugin/
Besides last login date, I would like to also implement IPv4 and IPv6
last login tracking also and if possible, IP based login checking. Is
post-login scripting the best most efficient way to go?
Regards,
Lefteris
Hi,
This is my lastlogin config to track remote ip:
dovecot.conf:
dict {
lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
}
dovecot-last-login.conf:
connect = host=127.0.0.1 port=3306 dbname=vmail user=vmailadmin
password=XXX
map {
pattern = shared/last-login/$user/$domain/$rip/$service
table = last_login
value_field = last_login
value_type = uint
fields {
username = $user
domain = $domain
rip = $rip
proto = $service
}
}
Mysql table last_login:
++--+--+-+-+---+
| Field | Type | Null | Key | Default | Extra |
++--+--+-+-+---+
| username | varchar(255) | NO | PRI | | |
| domain | varchar(255) | NO | MUL | | |
| last_login | int(11) | YES | MUL | NULL | |
| rip | varchar(16) | NO | MUL | | |
| proto | varchar(10) | NO | | NULL | |
++--+--+-+-+---+
Hope this help!
--
_Engº Julio Cesar Covolato
0v0
/(_)\ F: 55-11-99175-9260
^ ^ PSI INTERNET
--
Re: IPv4/v6 based access checking and logging
And a litle shell script to query data from db:
#!/bin/sh
#
# ex.: uso: dovecotLastLogin.sh -d 10
# dovecotLastLogin.sh -u julio
#
# For Mysql postfixadmin database
#
MYSQL="mysql --login-path=vmail -Dvmail -t -e"
case $1 in
-d)
DAYSAGO=`date --date="$2 days ago" +%s`
$MYSQL "select
username,last_login.domain,FROM_UNIXTIME(last_login) AS
last_login,rip,proto,active FROM last_login INNER JOIN mailbox USING
(username) WHERE last_login < '$DAYSAGO' ORDER BY
mailbox.active,last_login;"
;;
-u)
$MYSQL "select
username,last_login.domain,FROM_UNIXTIME(last_login) AS
last_login,rip,proto,active FROM last_login INNER JOIN mailbox USING
(username) WHERE username LIKE '%$2%' ORDER BY mailbox.active,last_login;"
;;
*)
echo
echo " USO: dovecotLastLogin.sh [-d -u] [days user]"
echo
echo " -d --> All users whith no login in N days ago, ex.:
dovecotLastLogin.sh -d 90"
echo " -u --> Last login from user, ex.: dovecotLastLogin.sh -u
u...@domain.com"
echo " List last login from ALL users from one domain:
dovecotLastLogin.sh -u domain.com"
echo " List lat login from ALL users: dovecotLastLogin.sh -u %"
exit 1
;;
esac
# End
--
_Engº Julio Cesar Covolato
0v0
/(_)\ F: 55-11-99175-9260
^ ^ PSI INTERNET
--
Em 12/11/2021 15:33, julio covolato escreveu:
Em 12/11/2021 14:47, Lefteris Tsintjelis escreveu:
Hi,
I am currently using postfix/dovecot with postfix admin and I track
the last login date already by using this:
https://doc.dovecot.org/configuration_manual/lastlogin_plugin/
Besides last login date, I would like to also implement IPv4 and IPv6
last login tracking also and if possible, IP based login checking. Is
post-login scripting the best most efficient way to go?
Regards,
Lefteris
Hi,
This is my lastlogin config to track remote ip:
dovecot.conf:
dict {
lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
}
dovecot-last-login.conf:
connect = host=127.0.0.1 port=3306 dbname=vmail user=vmailadmin
password=XXX
map {
pattern = shared/last-login/$user/$domain/$rip/$service
table = last_login
value_field = last_login
value_type = uint
fields {
username = $user
domain = $domain
rip = $rip
proto = $service
}
}
Mysql table last_login:
++--+--+-+-+---+
| Field | Type | Null | Key | Default | Extra |
++--+--+-+-+---+
| username | varchar(255) | NO | PRI | | |
| domain | varchar(255) | NO | MUL | | |
| last_login | int(11) | YES | MUL | NULL | |
| rip | varchar(16) | NO | MUL | | |
| proto | varchar(10) | NO | | NULL | |
++--+--+-+-+---+
Hope this help!
--
_ Engº Julio Cesar Covolato
0v0
/(_)\ F: 55-11-99175-9260
^ ^ PSI INTERNET
--
Re: after replication with compression quotas are wrong
On 10/11/2021 15:52, Arnaud Abélard wrote: I've just removed dummy-c-1's mailbox completely on the target server, removed the quota plugin, forced a sync for dummy-c-1 only and once it was done reactivated the quota plugins: double usage again. I also downgraded from dovecot 2.3.17 to 2.2.27 on the target server in order to have both server running the same version, without improvement. Actually, I got that wrong, test server is running dovecot 2.3.4 and production server dovecot 2.2.7. I copied the dovecot.conf file from the production server to the test one, then rsync'ed the dummy-c-1 mailbox from the production server to the test server, restarted dovecot and the quota is still 115% after recalc. The only difference now is dovecot's version. Were there any changes related to quota on dovecot 2.3? Thanks, Arnaud I'm puzzled. Is dovecot storing anything outside of the user's mailbox? Like a cache, a sqlite database of some kind somewhere? Arnaud On 08/11/2021 11:48, Arnaud Abélard wrote: On the target, I enabled the replication service without mail_replica and: doveadm replicator status 'dummy-c-1*' username priority fast sync full sync success sync failed dummy-c-1 none - - - - It only knows of dummy-c-1, no trace of his evil twin dummy-...@univ-nantes.fr. On the target, I do have the same number of files find . -type f |wc -l 8705 which is around half of what the quota is reporting (plus de index files, etc): ~# doveadm -D quota get -u dummy-c-1 Debug: Loading modules from directory: /usr/lib/dovecot/modules Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_replication_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) doveadm(dummy-c-1)<24051><>: Debug: auth USER input: dummy-c-1 home=/vmail/d/u/dummy-c-1/ quota_rule=*:backend=10S doveadm(dummy-c-1)<24051><>: Debug: Added userdb setting: plugin/quota_rule=*:backend=10S doveadm(dummy-c-1): Debug: Effective uid=5000, gid=5000, home=/vmail/d/u/dummy-c-1/ doveadm(dummy-c-1): Debug: Quota root: name=Quota Utilisateur backend=maildir args= doveadm(dummy-c-1): Debug: Quota rule: root=Quota Utilisateur mailbox=* bytes=10 messages=0 doveadm(dummy-c-1): Debug: Quota rule: root=Quota Utilisateur mailbox=INBOX.Trash bytes=+104857600 messages=0 doveadm(dummy-c-1): Debug: Quota grace: root=Quota Utilisateur bytes=1 (10%) doveadm(dummy-c-1): Debug: replication: No mail_replica setting - replication disabled doveadm(dummy-c-1): Debug: Namespace : type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/vmail/d/u/dummy-c-1/ doveadm(dummy-c-1): Debug: maildir++: root=/vmail/d/u/dummy-c-1, index=, indexpvt=, control=, inbox=/vmail/d/u/dummy-c-1, alt= doveadm(dummy-c-1): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none doveadm(dummy-c-1): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= doveadm(dummy-c-1): Debug: quota: quota_over_flag check: quota_over_script unset - skipping Quota name Type Value Limit % Quota Utilisateur STORAGE 1126751 976563 115 Quota Utilisateur MESSAGE 16686 -
Re: [SOLVED] after replication with compression quotas are wrong
Ah! At last, after comparing all default values using doveconf I found the culprit: mailbox_list_index. Default is "no" on dovecot 2.2.7, but "yes" on dovecot 2.3.4 (on debian, at least). Switching mailbox_list_index to "no" fixes my quota miscalculation problem. Arnaud On 12/11/2021 20:09, Arnaud Abélard wrote: On 10/11/2021 15:52, Arnaud Abélard wrote: I've just removed dummy-c-1's mailbox completely on the target server, removed the quota plugin, forced a sync for dummy-c-1 only and once it was done reactivated the quota plugins: double usage again. I also downgraded from dovecot 2.3.17 to 2.2.27 on the target server in order to have both server running the same version, without improvement. Actually, I got that wrong, test server is running dovecot 2.3.4 and production server dovecot 2.2.7. I copied the dovecot.conf file from the production server to the test one, then rsync'ed the dummy-c-1 mailbox from the production server to the test server, restarted dovecot and the quota is still 115% after recalc. The only difference now is dovecot's version. Were there any changes related to quota on dovecot 2.3? Thanks, Arnaud I'm puzzled. Is dovecot storing anything outside of the user's mailbox? Like a cache, a sqlite database of some kind somewhere? Arnaud On 08/11/2021 11:48, Arnaud Abélard wrote: On the target, I enabled the replication service without mail_replica and: doveadm replicator status 'dummy-c-1*' username priority fast sync full sync success sync failed dummy-c-1 none - - - - It only knows of dummy-c-1, no trace of his evil twin dummy-...@univ-nantes.fr. On the target, I do have the same number of files find . -type f |wc -l 8705 which is around half of what the quota is reporting (plus de index files, etc): ~# doveadm -D quota get -u dummy-c-1 Debug: Loading modules from directory: /usr/lib/dovecot/modules Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_replication_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) doveadm(dummy-c-1)<24051><>: Debug: auth USER input: dummy-c-1 home=/vmail/d/u/dummy-c-1/ quota_rule=*:backend=10S doveadm(dummy-c-1)<24051><>: Debug: Added userdb setting: plugin/quota_rule=*:backend=10S doveadm(dummy-c-1): Debug: Effective uid=5000, gid=5000, home=/vmail/d/u/dummy-c-1/ doveadm(dummy-c-1): Debug: Quota root: name=Quota Utilisateur backend=maildir args= doveadm(dummy-c-1): Debug: Quota rule: root=Quota Utilisateur mailbox=* bytes=10 messages=0 doveadm(dummy-c-1): Debug: Quota rule: root=Quota Utilisateur mailbox=INBOX.Trash bytes=+104857600 messages=0 doveadm(dummy-c-1): Debug: Quota grace: root=Quota Utilisateur bytes=1 (10%) doveadm(dummy-c-1): Debug: replication: No mail_replica setting - replication disabled doveadm(dummy-c-1): Debug: Namespace : type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/vmail/d/u/dummy-c-1/ doveadm(dummy-c-1): Debug: maildir++: root=/vmail/d/u/dummy-c-1, index=, indexpvt=, control=, inbox=/vmail/d/u/dummy-c-1, alt= doveadm(dummy-c-1): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none doveadm(dummy-c-1): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= doveadm(dummy-c-1): Debug: quota:
2.3.17 update breaks dsync over tcps: Received invalid SSL certificate unable to get certificate CRL
Hi,
I have updated dovecot from 2.3.16 (working flawless ) to 2.3.17 (
both Centos8 - community repo ) . Now dsync does not work anymore,
logs shows:
dovecot[30398]: doveadm(vmail): Error: Disconnected from remote:
Received invalid SSL certificate: unable to get certificate CRL:
/CN=imap.signed.with.my.own.ca(check ssl_client_ca_* settings?)
I have a certificate signed by my "own CA". Both hosts trust my CA,
and as I told previously, the configuration works just fine on 2.3.16.
I really was not expecting that a minor update would break things, but
2.3.17 appears to have broken the setup for some people here in the
maillists.
Is there a workaround for this? I have tried to set ssl_require_crl =
no , but nothing changed.
I have:
service doveadm {
inet_listener {
port = 26
ssl = yes
}
}
ssl = required
ssl_ca =
Re: IPv4/v6 based access checking and logging
Exactly what I was looking for and the script as well! Thank you very
much Julio
On 12/11/2021 20:33, julio covolato wrote:
Em 12/11/2021 14:47, Lefteris Tsintjelis escreveu:
Hi,
I am currently using postfix/dovecot with postfix admin and I track
the last login date already by using this:
https://doc.dovecot.org/configuration_manual/lastlogin_plugin/
Besides last login date, I would like to also implement IPv4 and IPv6
last login tracking also and if possible, IP based login checking. Is
post-login scripting the best most efficient way to go?
Regards,
Lefteris
Hi,
This is my lastlogin config to track remote ip:
dovecot.conf:
dict {
lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
}
dovecot-last-login.conf:
connect = host=127.0.0.1 port=3306 dbname=vmail user=vmailadmin
password=XXX
map {
pattern = shared/last-login/$user/$domain/$rip/$service
table = last_login
value_field = last_login
value_type = uint
fields {
username = $user
domain = $domain
rip = $rip
proto = $service
}
}
Mysql table last_login:
++--+--+-+-+---+
| Field | Type | Null | Key | Default | Extra |
++--+--+-+-+---+
| username | varchar(255) | NO | PRI | | |
| domain | varchar(255) | NO | MUL | | |
| last_login | int(11) | YES | MUL | NULL | |
| rip | varchar(16) | NO | MUL | | |
| proto | varchar(10) | NO | | NULL | |
++--+--+-+-+---+
Hope this help!
--
_ Engº Julio Cesar Covolato
0v0
/(_)\ F: 55-11-99175-9260
^ ^ PSI INTERNET
--
Re: IPv4/v6 based access checking and logging
Hi Lefteris.
Say thank you to Aki Tuomi, he was the one who taught me all this!!
That's the spirit of opem sourse!
--
_Engº Julio Cesar Covolato
0v0
/(_)\ F: 55-11-99175-9260
^ ^ PSI INTERNET
--
Em 12/11/2021 18:43, Lefteris Tsintjelis escreveu:
Exactly what I was looking for and the script as well! Thank you very
much Julio
On 12/11/2021 20:33, julio covolato wrote:
Em 12/11/2021 14:47, Lefteris Tsintjelis escreveu:
Hi,
I am currently using postfix/dovecot with postfix admin and I track
the last login date already by using this:
https://doc.dovecot.org/configuration_manual/lastlogin_plugin/
Besides last login date, I would like to also implement IPv4 and
IPv6 last login tracking also and if possible, IP based login
checking. Is post-login scripting the best most efficient way to go?
Regards,
Lefteris
Hi,
This is my lastlogin config to track remote ip:
dovecot.conf:
dict {
lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
}
dovecot-last-login.conf:
connect = host=127.0.0.1 port=3306 dbname=vmail user=vmailadmin
password=XXX
map {
pattern = shared/last-login/$user/$domain/$rip/$service
table = last_login
value_field = last_login
value_type = uint
fields {
username = $user
domain = $domain
rip = $rip
proto = $service
}
}
Mysql table last_login:
++--+--+-+-+---+
| Field | Type | Null | Key | Default | Extra |
++--+--+-+-+---+
| username | varchar(255) | NO | PRI | | |
| domain | varchar(255) | NO | MUL | | |
| last_login | int(11) | YES | MUL | NULL | |
| rip | varchar(16) | NO | MUL | | |
| proto | varchar(10) | NO | | NULL | |
++--+--+-+-+---+
Hope this help!
--
_ Engº Julio Cesar Covolato
0v0
/(_)\ F: 55-11-99175-9260
^ ^ PSI INTERNET
--
