Re: moving only new mails from one server to another
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On 12/11/18 9:29 pm, Nicolas wrote:
> Hello,
>
> I think it is not really the right place to post about that, but
> lot of dovecot experts there ;)
>
> Basically, I have a server with dovecot 2.2.9 that has new
> (unread) mails (because of a bad DNS config at a migration time).
>
> Is there an easy way to move only these unread mails to a another
> server ? (no perms trouble here : all vmail:vmail)
>
> Though to iterate through all /var/vmail/*/*/Maildir/new and
> scp/rsync them.
>
> Would that work ?
TMPFILE=$(mktemp)
cd /
tar cf "${TMPFILE}" \
./var/vmail/*/Maildir/new/1* \
./var/vmail/*/Maildir/.*/new/1*
scp -p "${TMPFILE}" remoteserver:/tmp/
Login to remote server:
cd /
tar xf /tmp/NAME_OF_TAR_FILE
Cheers
A.
-BEGIN PGP SIGNATURE-
iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW+mMjAAKCRCoFmvLt+/i
+7W0AP9eMmwwOihJAppUjcaf5lN8bsst2CtAmNSAtAm0dZmnDQEAznuJsw7nORui
WWYlMSiE35eHSTXZV6UvgEPxsZROhfs=
=2drw
-END PGP SIGNATURE-
Re: Email Server Backup Strategy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 10/2/20 4:59 am, Francis Augusto Medeiros-Logeay wrote: > What I do: > > 1 - I ran a maildirlock command to my mail folder 2 - I then rsync > the folder where my maildirs are, as well as the indexes, to a > remote location If rsync is not fast... then how about doing a snapshot and then rsync off the snapshot? (I do rsync over lvm snapshots to back up file systems cleanly) and, btw, perform file system dumps [ufsdump / ufsrestore like, but dump and restore on Linux] of *non-mounted* backup file systems fwiw. I have other rsyncs that happen via rsnapshot during the day, I don't worry about snapshotting them though, but I probably should > 3 - I tar.gz the daily backup 4 - I kill the maildirlock process > > I also use replication of my server so that I keep getting mail > when my main server isn't available. You mean backup mx? > As for postfix, I backup the database once a week, since it doesn't > get changed that often. > > Hope that helps! > > Best, > > Francis > > > > > On 09.02.2020 18:26, Esteban L wrote: >> Hello, >> >> Was thinking it would be wise to backup my server, in case >> anything "bad" ever happened, so that I could quickly get up to >> speed. >> >> 1. clone the whole drive -- which might be the best to ensure I >> keep the whole system working. >> >> 2. But, what about, if I just wanted to backup my Email server >> components? Postfix - which I think is just config files, and >> Dovecot - I think there is a doveadm backup for doing such >> things. >> >> What do you guys do, recommend for backups?? >> >> Thanks Cheers - -- Andrew McGlashan -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXkBKkAAKCRCoFmvLt+/i +811AQCmzZtw7SLsKHi9bNybOtsuQwT/qqZ9GppCXJWAtRYzkQD+M3ZlXR6v3g9U 5Px4Aayix3mQyil0q7MZIYpNyrBWEjw= =YOGn -END PGP SIGNATURE- 0xA8166BCBB7EFE2FB.asc Description: application/pgp-keys
Re: a question about certificates from letsencrypt
Hi Andreas, On 19/08/2016 10:11 PM, Andreas Meyer wrote: > Hello! > > Certificates from letsencrypt are renewed every three months. > > Does that mean a MUA has to accept the renewed certificates manually > everytime it is renewed? No, if the certificate is not a self-signed one, and if the MUA can follow the normal CA path, then there is no need to "accept" certs (same as in the browser). Cheers AndrewM signature.asc Description: OpenPGP digital signature
Re: Self-Signed Certificate issue
On 24/09/16 03:07, Darryl Baker wrote: > I am running a small email site which I am moving from uw-imapd and Solaris > to Ubuntu and Dovecot imaps and pop3s. I am trying to use a self-signed > certificate for this site. I am using Thunderbird as the test client. I've > tried both the pre-built snakeoil certificate and building a special one > for dovecot. In /var/log/mail.err I keep getting what I am interpreting as > a missing CA cert. The message is: Why? You can get a "proper" certificate with Letsencrypt and never have to worry about all the issues with self-signed certificates ever again! Kind Regards AndrewM signature.asc Description: OpenPGP digital signature
Re: Updated my Dovecot certificate for the first time
On 25/11/16 02:37, Steve Litt wrote: >> "sees the self-signed cert"? >> Did you've added it as trusted to the CA as Greg said and wrote what >> to do? > > No. I don't want to deal with a third party "Trusted Party": I want it > self-signed. What I was looking for was a way Alpine could be set to > check for a cert, warn if the cert is conflicting, but not warn if it's > self-signed. I used self-signed certs for ages, when I did so, I installed MY OWN root CA in to various machines as needed -- sometimes that meant in multiple locations (one for IE and Chrome in Winblows world and another place for Firefox). Anyway, that has all stopped now as I use Let's Encrypt certs everywhere without any problems. My exim4 has the updated cert, the same cert goes to my webserver and gets pointed to for dovecot. No more issues of self-signed certs, I can every have lots of related sub-domains to make it even better without needing lots of different certs. There is one advantage of using self-signed, that is, you get to trust yourself and the certs 100%, but others won't do so; so, all in all, it is better to use official certs that are widely accepted. I sure understand that the world of zillions of CAs to trust is a woeful one, but it works better than the trouble of using self-signed certs. NB: I don't do full auto certs, I have a process where I put servers in maintenance mode and manually update the certs, put them in place and restart all the services that use them apache2, exim4, dovecot, ejabber -- all using LE certs. Cheers AndrewM signature.asc Description: OpenPGP digital signature
Setup changes 1.x to 2.x -- custom POP3 account handling required.
Hi,
Previously I did /special/ processing for some email accounts; if a
particular file existed in the user's home directory, then I caused the
account to use /var/mail/$USER file for POP -- otherwise it used IMAP.
Now, because I adjusted the setup for POP only, IMAP still worked
perfectly well. Some users have both POP and IMAP access for various
reasons.
The special POP processing was done using a shell script [1] in place of:
/usr/lib/dovecot/pop3
- which in turn called the normal binary once setting up the
environment.
Now, I have been forced to upgrade my Debian from squeeze-lts to wheezy
and the dovecot setup is quite different.
How can I implement my /wrapper/ script for POP handling now?
Here is my current setup with dovecot -n ...
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-xen-amd64 x86_64 Debian 7.9
mail_location = maildir:~/Maildir
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Items" {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = " imap pop3"
service imap-login {
inet_listener imap {
port = 0
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
}
ssl = required
ssl_cert = > /var/log/usr-lib-dovecot--pop3-affinity.log
fi
fi
else
if [ -d $HOME/Maildir ]; then
export MAIL=Maildir:$HOME/Maildir
else
export MAIL=mbox:$HOME/mail:INBOX=/var/mail/$USER
fi
fi
# Finally execute the imap/pop3. If you use both, you'll need two scripts.
# - this customization just for POP3S ...
exec /usr/lib/dovecot/pop3
Thanks
AndrewM
Re: Setup changes 1.x to 2.x -- custom POP3 account handling required.
No help? Is this possible to do as I had done before but with the newer
version?
Thanks
A.
On 22/02/2016 5:52 PM, Andrew McGlashan wrote:
> Hi,
>
> Previously I did /special/ processing for some email accounts; if a
> particular file existed in the user's home directory, then I caused the
> account to use /var/mail/$USER file for POP -- otherwise it used IMAP.
>
> Now, because I adjusted the setup for POP only, IMAP still worked
> perfectly well. Some users have both POP and IMAP access for various
> reasons.
>
> The special POP processing was done using a shell script [1] in place of:
>/usr/lib/dovecot/pop3
> - which in turn called the normal binary once setting up the
>environment.
>
> Now, I have been forced to upgrade my Debian from squeeze-lts to wheezy
> and the dovecot setup is quite different.
>
> How can I implement my /wrapper/ script for POP handling now?
>
> Here is my current setup with dovecot -n ...
>
> # 2.1.7: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-5-xen-amd64 x86_64 Debian 7.9
> mail_location = maildir:~/Maildir
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Items" {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> driver = pam
> }
> plugin {
> sieve = ~/.dovecot.sieve
> sieve_dir = ~/sieve
> }
> protocols = " imap pop3"
> service imap-login {
> inet_listener imap {
> port = 0
> }
> }
> service pop3-login {
> inet_listener pop3 {
> port = 0
> }
> }
> ssl = required
> ssl_cert = ssl_key = userdb {
> driver = passwd
> }
>
>
> [1] This is the content of the original wrapper script:
>
> #!/bin/sh
>
> if [ -f $HOME/.use-mbox-for-pop3s ]; then
> export MAIL=mbox:$HOME/mail:INBOX=/var/mail/$USER
> export USER_INBOX=/var/mail/$USER
> if [ -f $USER_INBOX ]
> then
> export USER_INBOX_GROUP=$(stat -c %G $USER_INBOX)
> if [ $USER_INBOX_GROUP != $USER ]
> then
> (
> date
> ls -l $USER_INBOX
> chown Debian-exim:$USER $USER_INBOX
> ls -l $USER_INBOX
> ) >> /var/log/usr-lib-dovecot--pop3-affinity.log
> fi
> fi
> else
> if [ -d $HOME/Maildir ]; then
> export MAIL=Maildir:$HOME/Maildir
> else
> export MAIL=mbox:$HOME/mail:INBOX=/var/mail/$USER
> fi
> fi
>
> # Finally execute the imap/pop3. If you use both, you'll need two scripts.
> # - this customization just for POP3S ...
> exec /usr/lib/dovecot/pop3
>
>
>
> Thanks
> AndrewM
Require different setting for mail_location for each of POP3S and IMAPS protocols
Okay, Let's try this a different way. I've been able to configure past dovecot to have a different mail_location setting for the same user, but with different protocols. When the user requests POP3S, I adjusted the mail_location to /var/mail/$USER (with mbox in use). When that *same* user requested IMAPS protocol, the required mail_location is the Maildir folder. This allows for independent two mail storage locations, one for the use of mbox and the other for the use of Maildir *and* for the same user. Some users only require mbox with others only requiring Maildir. So, I need to cater for each of these situations. How might I adjust current dovecot configuration to provide different mail_location settings for different protocols? Old dovecot allowed me to run a script before POP3S processing that gave me the chance to adjust the mail_location variable. That is what I need now, just for POP3S. Thanks AndrewM
Re: Require different setting for mail_location for each of POP3S and IMAPS protocols
On 23/02/2016 6:45 PM, Steffen Kaiser wrote: > Did you already tried: > http://wiki2.dovecot.org/PostLoginScripting > e.g. for service pop3 ? > > Depending on your userdb, you can make use of the %s variable in lookups. Just a quick thank you. > -- Steffen Kaiser Looks like that is the way to go. Kind Regards AndrewM
Re: Ubuntu packages
On 5/03/2016 5:15 AM, Peter Chiochetti wrote: > Since dovecot put up packages on their own repo, bigmichi stopped > providing his'. I guess this is not Stephan; Would the kind person > update ppa.launchpad.net/bigmichi1 ? Trusting ppas not for me. Running somebody elses' ppa on your system can be a serious security risk; you really have to trust those giving you the ppa access. Cheers A.
Re: Implementation of TLS OCSP Stapling
On 3/03/2016 11:58 PM, aki.tu...@dovecot.fi wrote: > We will take this feature under consideration and see if it can be implemented > in future release. Thank you for your suggestion! As much as I hate Outlook (Look Out!), there are loads of people using really old versions; 2003 is no longer supported, but loads of people use 2007. Thunderbird can be expected to be far more up to date. Implementing features to work with older clients will always be a problem. Just a simple example, almost unrelated here, but this is either wrong by TB or wrong by Outlook (versions 2007, 2010 and 2013 that I know of). When the IMAP server sends a message, OL will pop up a window that requires the user to acknowledge the message via a popup. TB just pops up the message in the normal 'new mail' notify if that is configured and it might be lost if notify isn't set to show. Either way, the implementation is different b/w the two client products. Is OL right or is TB right... IMAP doco says that the message should be made to be acknowledged by the client; OL's version can't easily be ignored or missed, but TB's can easily be missed. But TB's implementation is more user friendly if the server wants to keep sending messages from time to time. I considered using this for MOTD type stuff and maybe random inspirational or motivational messages; even to remind or inform users to do certain things [one example in the dovecot wiki is to advise that the vacation message is still active]. A TB notification is next to harmless, but an OL one needs to be acknowledged every time, which would be very painful. Anyway, the point is that if a feature is added for OCSP stabling support, you couldn't really expect older versions of Look Out to comply with it (even though M$ could patch it easily, they care less about older versions than getting people to subscribe to Office 365 these days). Cheers A.
Re: Ubuntu packages
On 6/03/2016 8:16 PM, aki.tu...@dovecot.fi wrote: > Stephan, for Jessie you should compile with systemd support enabled and leave > the init.d link out completely. You can enable the ProtectFull=yes in the > systemd file. Many of us Debian users hate the fact that systemd even exists. for now we can run servers without systemd, but who knows in a few years or a couple of releases. systemd is a cancer, that's been said before and it will be long time, if ever, before it is not said regularly. Cheers A.
Re: questions regarding zlib plugin
Hi, On 8/03/2016 12:13 AM, Alessio Cecchi wrote: > Il 04/03/2016 14:35, Götz Reinicke - IT Koordinator ha scritto: >> Hi, >> >> faced with a current space problem on our dovecot 2.2.18 server, I >> thought about using the zlib plugin. >> >> My questions: >> >> - is it really as simple as adding the options to the conf files as >> described in the docs :) ? http://wiki2.dovecot.org/Plugins/Zlib > > Yes, we had enable it on Maildir/ without problems. Okay, I like the idea of saving messages in compressed format, My exim4 on Debian with split config doesn't create files with the size tag, ala: maildir_tag = ,S=$message_size Where should I put this to make it active for exim4 on Debian? I've tried a couple of different config locations, but I can't get it to create new files with ,S=$message_size in the file names. AIUI, the message size component of the file name is required to use gzip method on files. I've also adjusted the dovecot config due to this requirement: "If you want to use dsync to convert to a compressed Maildir you may need -o maildir_copy_with_hardlinks=no (this is set to yes by default and will prevent compression). " Would I normally need this setting like that as well? Kind Regards AndrewM
Re: Troubleshooting mailbox problems
If they are using POP to download messages from any client, make sure the client does a leave on server for at least long enough for other client devices to download the messages. Cheers A.
dovecot wiki...
Hi, Just want to know if this is a problem at my end (in my browser), or if it is something else. When I copy text from the wiki, the page changes to an edit one; that is very, very annoying. How can I stop this if it is normal dovecot wiki behaviour and what do you think I might look at in my browser if it isn't? I'm never likely to want to edit the wiki any time soon. Thanks AndrewM
Re: dovecot wiki...
On 16/03/2016 12:09 AM, bOnK wrote: > On 15-3-2016 14:05, Andrew McGlashan wrote: >> How can I stop this if it is normal dovecot wiki > > Turn of JavaScript. Thanks, I use policeman to control what web pages can do, scripts turned off. Gave up on noscript a good while ago, for various reasons. Much prefer policeman controls on my web. Cheers AndrewM
Re: overview zlib efficiency?
On 16/03/2016 2:01 AM, Götz Reinicke - IT Koordinator wrote: > Hi, > > may be someone has already done that: Do you have a script(?) tool which > shows the efficiency of the mail compression if zlib is used? > > Something that shows the uncompressed size vrs. the compressed. Remember one thing; emails are stored in plain text, the same text that they are normally transmitted b/w servers. With that in mind, text, particularly with repeating and common things like headers (and other things), then you should get significant reduction in size. The exception of the size benefits (storage), is when you have emails that are less than the file system block size (4k ext4 perhaps). So many emails are smaller than a block size and for those, zipping is not much benefit as it won't make a scrap of difference to storage. However, when you have users that send attachments and sometimes very large attachments, well, it will save loads of storage on those emails. Next, if you have a CPU bottleneck, then the extra overhead of compression may also be an issue; but unless your server is working hard, compression isn't likely to tax the CPU a great deal. Cheers Andrewm signature.asc Description: OpenPGP digital signature
Re: overview zlib efficiency?
On 16/03/2016 9:07 AM, micah wrote: > Andrew McGlashan writes: > >> On 16/03/2016 2:01 AM, Götz Reinicke - IT Koordinator wrote: >>> Hi, >>> >>> may be someone has already done that: Do you have a script(?) tool which >>> shows the efficiency of the mail compression if zlib is used? >>> >>> Something that shows the uncompressed size vrs. the compressed. >> >> Remember one thing; emails are stored in plain text, the same text that >> they are normally transmitted b/w servers. > > Emails are not stored in plaintext if you are using dbox/mdbox. I think it is the best way to store them in pure form. A.
Re: Email hosting provider
I love this on your about page: On 27/03/2016 3:14 PM, Noel Butler wrote: > I don't need to understand German law, thats what my Frankfurt lawyers > do, I'd trust our data privacy far more in our Frankfurt site, then I > would ever trust US or UK, or AU. "Ausics.* services are purely free and non commercial offerings, run and funded by Brisbanite Noel Butler as a hobbyist service, it remains separate from any commercial services, hosting or otherwise, and is maintained by only a small group of people who may or may not have a life, so just in case, please be patient if you need to contact us. " .. but "All key services are in-house in Brisbane " I was wondering about your preference for German servers / services. ? Cheers A.
Re: Save UID & metadata of mail in mysql table
On 2/04/2016 6:09 AM, use experience wrote: > UID means unique identification number used to store mail. Any help is > appreciated?. There are UIDs and there are UIDs. I think that you will find a unique ID in the email header, if you are processing other metadata from the header, this will be there too. The UID in the dovecot-uidlist file may or may not be useful; but the ID in the email header should be. Cheers AndrewM
Maildir P flag?
Hi, I use Thunderbird with a mailredirect addon. It used to show me which emails were redirected. I believe it used the "P" Maildiir flag for this status. Now it seems that none of my email store has any file with a flag of P. Is this something that dovecot may have adjusted with my mail store? And if so, why? If not, any ideas where I might look for the next "culprit"? ;-) Thanks AndrewM signature.asc Description: OpenPGP digital signature
Redirect indicator issue in Maildir flag seems to be an issue [missing?]
Hi, I've got an issue with the latest Thunderbird, although I'm not sure this is when the problem started (version 45.0) it has an add-on "mailredirect (version 0.8.7)". In the past I've been able to redirect mail (bounce them) and I get a nice little green arrow like indicator (in TB) to show that I redirected the particular email. Now, that green arrow appears briefly, then it goes away and I can no longer tell by looking at my email list if the email has, in fact, been bounced or not. I suspect it is dovecot on the Debian server: dovecot-common 1:2.1.7-7+deb7u1 dovecot-core 1:2.1.7-7+deb7u1 dovecot-imapd 1:2.1.7-7+deb7u1 dovecot-pop3d 1:2.1.7-7+deb7u1 It isn't just Thunderbird though, as I just tried to redirect using a Squirrelmail plugin, and it gives me the same problem; so I don't think it is at the MUA end of the deal. It /may/ be that TB is setting the flag and resetting it or dovecot is resetting it Any ideas? Nobody else has seen this yet? Thanks AndrewM signature.asc Description: OpenPGP digital signature
Re: same account imap and pop3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 2/3/19 3:39 pm, James via dovecot wrote: > I have an imap and pop3 for the same account. When I delete a > message from imap and then fetch the mail from the pop3 account, it > retrieves the deleted message. I am using thunderbird for the MTA. > Does anyone know why it happens? It could be a timing issue. Well... I used to have a setup, years ago, that would store incoming messages to Maildir and also to mbox -- I had it setup so that POP3 worked as well as IMAP (independently). This also allowed the POP to just accumulate messages as a "backup" of sorts whilst I actively used IMAP usually. I could always POP down messages. So, it depends for your setup; perhaps the two retrieval methods are actually using separate email stores as well (like I had). I gave up on the idea of using dual POP3 and IMAP long ago now. Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXHqNvAAKCRCoFmvLt+/i +6lRAQDKHNFUDOhzEcNBIew4z9TfDpxNIKpXL3rKsyJWjipisQD/Swwb97bpPlzs cfCVkMWl2+h0R7gSkDsgE3QYQTCVYhI= =ED7O -END PGP SIGNATURE-
