Re: imap_metadata plugin panic
Hello You have a missing argument variable in your prepared statement: SELECT meta_key FROM metadata WHERE meta_key LIKE AND username = ? should be SELECT meta_key FROM metadata WHERE meta_key LIKE ? AND username = ? Kind regards, Christian Mack Am 15.11.21 um 19:27 schrieb Elisamuel Resto: > Hello, > > This may be covered somewhere but recently I enabled the metadata plugin > to work with sieve as part of some updates I did a while back and I > hadn't checked my logs for any issues with it and so far they're not > completely taking my system down. > > Right now, upon trying to delete a folder I noticed the following in my > logs... what am I missing? I see the broken SQL query, but I don't know > enough about the dict system or the metadata plugin to know how to add > the missing information or fix it otherwise. > > Regards, > Elisamuel Resto > > > Nov 15 12:19:19 wyvern dovecot[461]: dict(51438): Panic: lib-sql: Too > many bind args (2) for statement: SELECT meta_key FROM metadata WHERE > meta_key LIKE AND username = ? > Nov 15 12:19:19 wyvern dovecot[461]: dict(51438): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x43) [0x7f449789d073] > -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x20) [0x7f449789d190] > -> /usr/lib/dovecot/libdovecot.so.0(+0xfaf1f) [0x7f44978a9f1f] -> > /usr/lib/dovecot/libdovecot.so.0(+0xfafb1) [0x7f44978a9fb1] -> > /usr/lib/dovecot/libdovecot.so.0(+0x4cd20) [0x7f44977fbd20] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](+0x875a) [0x555e60d7775a] -> dovecot/dict [0 clients, 0 > lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](sql_statement_query+0x42) [0x555e60d7f262] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](+0xd97f) [0x555e60d7c97f] -> > /usr/lib/dovecot/libdovecot.so.0(dict_iterate_values+0x25) > [0x7f4497868615] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](+0xa929) [0x555e60d79929] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](+0xb224) [0x555e60d7a224] -> dovecot/dict [0 clients, 0 > lookups:0/0/0/0, 0 iters:0/0/0/0, 0 commits:0/0/0/0](+0xb381) > [0x555e60d7a381] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](dict_command_input+0xd9) > [0x555e60d7a579] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](+0x95b8) [0x555e60d785b8] -> > /usr/lib/dovecot/libdovecot.so.0(connection_input_default+0x15e) > [0x7f44978a16ce] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x6b) [0x7f44978bfebb] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x13b) > [0x7f44978c15cb] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x51) > [0x7f44978bff61] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x41) > [0x7f44978c0131] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x14) > [0x7f4497831f74] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](main+0x189) [0x555e60d78139] -> > /usr/lib/libc.so.6(__libc_start_main+0xd5) [0x7f44972cfb25] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](_start+0x2e) [0x555e60d7819e] > Nov 15 12:19:19 wyvern dovecot[461]: > imap(s...@samresto.dev)<51449><+BGq2NfQM/7Pisr9>: Error: Mailbox > Trash/Processed: dict_iterate(priv/c841ad0291c27461ac670100a07d9965/) > failed: Connection closed (reply took 0.204 secs (0.204 in dict wait, > 0.000 in other ioloops, 0.000 in locks)) > Nov 15 12:19:19 wyvern dovecot[461]: dict(51438): Fatal: master: > service(dict): child 51438 killed with signal 6 (core dumped) > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Dovecot and certificates/keys on PKCS11 smartcards/HSMs
Hi all, To configure SSL on dovecot using certificates and keys in files on disk, you specify the following: # Preferred permissions: root:root 0400 ssl_cert = https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslcertificatefile: # Example use of a certificate and private key from a PKCS#11 token: SSLCertificateFile "pkcs11:token=My%20Token%20Name;id=45” Regards, Graham —
Re: Subfolder in sieve not working as expected
On 15-11-2021 23:04, dove...@ptld.com wrote:
On 11-15-2021 3:46 pm, Kees van Vloten wrote:
I am trying to move incoming mails into subfolders with this sieve script:
require ["fileinto", "variables", "mailbox"];
if header :matches "Delivered-To" "*@*"
{
fileinto :create "INBOX/${2}";
}
I am not using variables and my folders are pre-created. But just to give you a
starting point, this is what works using maildir++ format with default
directory layout.
https://doc.dovecot.org/configuration_manual/mail_location/Maildir/
require ["fileinto"];
# rule:[Dovecot]
if header :contains "sender" "@dovecot.org"
{
fileinto "INBOX.Dovecot";
}
ok, I am trying to start simple:
- removed the mail_plugin "listescape"
- set mail_location = maildir:%h/%d/%n/Maildir
- and changed the sieve script into:
require ["fileinto", "variables", "mailbox"];
if header :contains "Delivered-To" "@example.com"
{
fileinto :create "INBOX.example";
}
Running sieve from the cmdline returns:
error: msgid=<76c62f93-527a-d8d9-f787-65926d9c3...@domain.com>: fileinto
action: failed to store into mailbox 'INBOX.example': Character not
allowed in mailbox name: '.'.
sieve-filter(vmail): Info: sieve:
msgid=<76c62f93-527a-d8d9-f787-65926d9c3...@domain.com>: left message in
mailbox 'INBOX'
For some reason the :create seems to have a problem with the folder
separator '.'
Any clue how to get '.example' recognized as a subfolder?
- Kees
Help needed for OAuth and WSO2 Identity Server
As outlined here:
https://doc.dovecot.org/configuration_manual/authentication/oauth2/
Can Postman https://identity.foo.mylocal:9443/oauth2/token OK.
Using this command to generate the base64 token: echo -en
'n,a=t...@foo.com,\001host=localhost\001port=143\001auth=Bearer
S3cure!Password\001\001' | base64 -w0; echo
I telnet to localhost 143, and run 01 AUTHENTICATE OAUTHBEARER {TOKEN}.
Get 'User id is not available for user: FOO.MYLOCAL/test@carbon.super'
(HTTP 500). It could be because Dovecot is just sending a username instead
of the full email address? I can generate the same 500 error by just
sending the username in Postman.
***dovecot-oauth.conf.ext***
introspection_mode = post
introspection_url = https://adminusername:adminpassw...@identity.foo.mylocal
:9443/oauth2/introspect
username_attribute = username
tls_allow_invalid_cert = yes
active_attribute = active
active_value = true
use_grant_password = yes
# Have tried this, no change.
#username_format = %n
client_id = {CLIENTID}
client_secret = {CLIENTSECRET}
grant_url = https://identity.foo.mylocal:9443/oauth2/token
tokeninfo_url = https://identity.foo.mylocal:9443/oauth2/tokeninfo?oauth=
pass_attrs = pass=%{oauth2:access_token}
***dovecot.conf***
auth_mechanisms = $auth_mechanisms oauthbearer xoauth2
passdb {
driver = oauth2
mechanisms = xoauth2 oauthbearer
args = /etc/dovecot/dovecot-oauth2.conf.ext
}
bug report: lmtp fails on root-squashed NFS filesystem
Hi, all.
I'm trying to set up Postfix with dovecot LTMP delivery
on a host where the user files (/var/spool/mail as well as
home directories) are on NFS filesystems, which are exported
root-squashed to the mail server. I definitely don't want to
give the mail server root permissions on the user files.
LMTP delivery fails with this logged message (e.g.):
Nov 16 17:51:36 lust dovecot: lmtp(anne)<16830>:
msgid=<20262229.1agmtfao024...@vindemiatrix.encs.concordia.ca>: save failed
to INBOX: Read-only mbox
I found this posting where someone else had a similar problem
and traced it in some detail back in 2019:
https://dovecot.org/list/dovecot/2019-February/114611.html
but apparently no one answered the fellow.
In order to check that this is indeed the same problem,
I temporarily changed the INBOX definition to make it write
into /var/tmp/ (on a local filesystem), and delivery worked.
I then temporarily changed the INBOX definition to make it
write into an NFS filesystem with root NOT squashed, and again
it worked (after I chmodded the directory to 1777 to allow
any user to create a file).
I believe that the person who wrote the above posting is
correct: at some point, file access is (incorrectly) checked
as root instead of as the target user.
This is a bit of a showstopper for me. Any plans to address this?
I attach the output of "dovecot -n", fwiw, but I don't think
that this is a configuration problem...
Anne.
--
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
a...@encs.concordia.ca+1 514 848-2424 x2285
# 2.3.16 (7e2e900c1a): /local/pkg/dovecot-2.3.16/root/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 ()
# OS: Linux 3.10.0-1160.45.1.el7.x86_64 x86_64 Scientific Linux release 7.9
(Nitrogen)
# Hostname: lust.encs.concordia.ca
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /local/data/dovecot/this_host.d/imap.keytab
auth_mechanisms = plain login gssapi
auth_username_format = %Ln
auth_verbose = yes
default_login_user = nul-dove
first_valid_uid = 200
listen = *
lmtp_hdr_delivery_address = original
login_access_sockets = tcpwrap
mail_attachment_fs = posix
mail_fsync = always
mail_location =
mbox:~/mail:INBOX=/var/spool/mail/%1u/%u:INDEX=/local/data/dovecot/indexes/mail/%1u/%u
mail_plugin_dir = /local/lib/dovecot
mail_server_admin = mailto:serviced...@encs.concordia.ca
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /local/pkg/dovecot-CURRENT/root/etc/dovecot/encs.d/ldap.EXTRA
driver = ldap
}
plugin {
mail_log_events = mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
}
protocols = imap submission lmtp
service imap-postlogin {
executable = script-login /local/bin/imap-wrapper
user = $default_internal_user
}
service imap {
executable = imap imap-postlogin
process_limit = 8192
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
ssl_cert =
Postfix -> bogogilter -> Dovecot -> Sieve
I've been trying to work out how to get postfix to accept mail, send it to bogofilter, then deliver using dovecot while allowing a global sieve filter and users able to filter mail based on the bogofilter header. I've been successful at getting it to add the bogofilter header as needed, but don't understand what I need to do in order to have it get routed to sieve. Anyone do anything like this already and have a working config? I THINK I need to make dovecot deliver mail locally using lmtp or lda, but I'm not exactly sure. Thanks for any thoughts or ideas that you might have to accomplish this. Mike.
Re: Postfix -> bogogilter -> Dovecot -> Sieve
> Op 17 nov. 2021 om 06:10 heeft Mike het volgende > geschreven: > > > I've been trying to work out how to get postfix to accept mail, send it to > bogofilter, then deliver using dovecot while allowing a global sieve filter > and users able to filter mail based on the bogofilter header. > > I've been successful at getting it to add the bogofilter header as needed, > but don't understand what I need to do in order to have it get routed to > sieve. Dovecot takes care of that. > > Anyone do anything like this already and have a working config? > > I THINK I need to make dovecot deliver mail locally using lmtp or lda, but > I'm not exactly sure. This is documented: https://doc.dovecot.org/configuration_manual/sieve/troubleshooting/ > Thanks for any thoughts or ideas that you might have to accomplish this. > > > Mike. >
