doveadm stateful backup
Hi all,
first: I'm using version 2.3.4.1
I manage some rather large imap mailboxes which I want to backup on a
regular basis. Some of them have relatively heavy traffic and one of
them is greater than 30GB in size.
I studied the docs for doveadm backup
(https://wiki2.dovecot.org/Tools/Doveadm/Sync) and even did some code
research to better understand the process.
The docs state that using stateful synchronization is the most efficient
way to synchronize mailboxes, therefore I chose this approach.
Highlevel overview:
- store a copy of the whole maildir in a separate directory
(/var/vmail/backup)
- backup to this directory once a minute (trying to make most use of
transaction logs) using the last state stored within a file
- create a backup once a day using tar (full, differential and
incremental ones) blocking the backup process of the before mentioned step
I quite often receive notifications that doveadm backup returned an exit
code of 2, which should be quite normal. These notifications look like that:
dsync(another_address@my.domain): Warning: Failed to do incremental sync
for mailbox INBOX, retry with a full sync (Modseq 171631 no longer in
transaction log (highest=177818, last_common_uid=177308, nextuid=177309))
dsync(another_address@my.domain): Warning: Mailbox changes caused a
desync. You may want to run dsync again: Remote lost mailbox GUID
e9149d0ae4e02d53250526ca4352 (maybe it was just deleted?)
Synced another_address@my.domain successfully but missing some changes.
Took 3 seconds. Starting retry 1...
The first message seems to point out that the transaction log got rolled
and no more contains the messages from the backup dir, right? I thought
about setting mail_index_log_rotate_min_age to 1hour to prevent rolling
transaction logs too often, but abandoned this thought and increased the
backup interval to once a minute. The warnings still appear so maybe my
thoughts about transactions logs are wrong. The second message seems
less alarming to me.
How does doeveadm backup behave in such situations? Does it directly
fall back to a less efficient way of syncing mails? Does the state store
the information "retry with a full sync" and the next run uses this
mode? To investigate on this I simply measured runtimes an saw that the
second/retry run takes a bit longer (up to about 15 seconds) to sync the
dir.
I'm afraid of losing messages using my approach. Is it safe to always
use doveadm backup -s $state? Simply counting one maildirs files within
the live directory and the backup copy shows a 100 fewer files within
the backup dir although the script runs only since a few days.
For reference, see my backup script below.
Regards
Christian
#!/bin/bash
# * * * * * /root/bin/backup.sh --sync-only
# 12 2 1-7 * * test $(date +\%u) -eq 6 && /root/bin/backup.sh --full
# 12 2 8-31 * * test $(date +\%u) -eq 6 && /root/bin/backup.sh
--differential
# 12 2 * * * test $(date +\%u) -ne 6 && /root/bin/backup.sh
synconly=0
differential=0
fullbackup=0
if [ $# -gt 0 ] ; then
if [ "$1" == "--sync-only" ] ; then
synconly=1
elif [ "$1" == "--differential" ] ; then
differential=1
elif [ "$1" == "--full" ] ; then
fullbackup=1
fi
fi
basedir="/var/vmail/backup"
targetdir="/var/vmail/backup/done"
mailaddresses="one_address@my.domain another_address@my.domain
yet_another@my.domain"
if [ ! -d "$basedir" ] ; then
mkdir -p "$basedir"
chown vmail:vmail "$basedir"
fi
if [ ! -d "$targetdir" ] ; then
mkdir -p "$targetdir"
chown vmail:vmail "$targetdir"
fi
for mailaddr in ${mailaddresses} ; do
#echo "Creating backup for $mailaddr."
domainpart=${mailaddr#*@}
localpart=${mailaddr%%@*}
lockfile="$basedir/$mailaddr.lock"
statefile="$basedir/$mailaddr.state"
backupdir="$domainpart/$localpart/Maildir"
snapshotfile_full="$basedir/$mailaddr.full.snar"
snapshotfile="$basedir/$mailaddr.snar"
backup_basename="$basedir/${mailaddr}_$(date '+%Y%m%d_%H%M%S')"
(
if [ $synconly -eq 1 ] ; then
flock -xn 200
if [ $? -eq 1 ] ; then
# failed to acquire lock. Skip mailbox silently.
exit
fi
fi
# try to acquire exclusive lock for one minute
flock -xw 60 200
if [ $? -eq 1 ] ; then
echo "Failed to acquire write lock within 60 seconds. Skipping
$mailaddr."
exit
fi
retries=0
retval=1
until [ $retval -eq 0 ] || [ $retries -ge 3 ] ; do
let 'retries++'
if [ -f "$statefile" ] ; then
oldstate=$(head -1 "$statefile")
else
oldstate=""
fi
start_time=$(date +%s)
ERROR=$((doveadm backup -u "$mailadd
Re: doveadm stateful backup
Hi all,
just wanted to mention that the backup process described below seems to
work. The 100 files gap is still about the same and I further
investigated the cause. It is related to the meta information like
indices and caches that are present in some but not all folders.
Counting only files that contain the sequence ,S= and even summing all
file sizes led to the same number and the exactly same size of raw mail
data.
I also didn't receive any notification about really failed backups,
therefore I believe that the backup works correctly.
Regards
Christian
On 09.01.2022 21:57, Christian wrote:
Hi all,
first: I'm using version 2.3.4.1
I manage some rather large imap mailboxes which I want to backup on a
regular basis. Some of them have relatively heavy traffic and one of
them is greater than 30GB in size.
I studied the docs for doveadm backup
(https://wiki2.dovecot.org/Tools/Doveadm/Sync) and even did some code
research to better understand the process.
The docs state that using stateful synchronization is the most
efficient way to synchronize mailboxes, therefore I chose this approach.
Highlevel overview:
- store a copy of the whole maildir in a separate directory
(/var/vmail/backup)
- backup to this directory once a minute (trying to make most use of
transaction logs) using the last state stored within a file
- create a backup once a day using tar (full, differential and
incremental ones) blocking the backup process of the before mentioned
step
I quite often receive notifications that doveadm backup returned an
exit code of 2, which should be quite normal. These notifications look
like that:
dsync(another_address@my.domain): Warning: Failed to do incremental
sync for mailbox INBOX, retry with a full sync (Modseq 171631 no
longer in transaction log (highest=177818, last_common_uid=177308,
nextuid=177309))
dsync(another_address@my.domain): Warning: Mailbox changes caused a
desync. You may want to run dsync again: Remote lost mailbox GUID
e9149d0ae4e02d53250526ca4352 (maybe it was just deleted?)
Synced another_address@my.domain successfully but missing some
changes. Took 3 seconds. Starting retry 1...
The first message seems to point out that the transaction log got
rolled and no more contains the messages from the backup dir, right? I
thought about setting mail_index_log_rotate_min_age to 1hour to
prevent rolling transaction logs too often, but abandoned this thought
and increased the backup interval to once a minute. The warnings still
appear so maybe my thoughts about transactions logs are wrong. The
second message seems less alarming to me.
How does doeveadm backup behave in such situations? Does it directly
fall back to a less efficient way of syncing mails? Does the state
store the information "retry with a full sync" and the next run uses
this mode? To investigate on this I simply measured runtimes an saw
that the second/retry run takes a bit longer (up to about 15 seconds)
to sync the dir.
I'm afraid of losing messages using my approach. Is it safe to always
use doveadm backup -s $state? Simply counting one maildirs files
within the live directory and the backup copy shows a 100 fewer files
within the backup dir although the script runs only since a few days.
For reference, see my backup script below.
Regards
Christian
#!/bin/bash
# * * * * * /root/bin/backup.sh --sync-only
# 12 2 1-7 * * test $(date +\%u) -eq 6 && /root/bin/backup.sh --full
# 12 2 8-31 * * test $(date +\%u) -eq 6 && /root/bin/backup.sh
--differential
# 12 2 * * * test $(date +\%u) -ne 6 && /root/bin/backup.sh
synconly=0
differential=0
fullbackup=0
if [ $# -gt 0 ] ; then
if [ "$1" == "--sync-only" ] ; then
synconly=1
elif [ "$1" == "--differential" ] ; then
differential=1
elif [ "$1" == "--full" ] ; then
fullbackup=1
fi
fi
basedir="/var/vmail/backup"
targetdir="/var/vmail/backup/done"
mailaddresses="one_address@my.domain another_address@my.domain
yet_another@my.domain"
if [ ! -d "$basedir" ] ; then
mkdir -p "$basedir"
chown vmail:vmail "$basedir"
fi
if [ ! -d "$targetdir" ] ; then
mkdir -p "$targetdir"
chown vmail:vmail "$targetdir"
fi
for mailaddr in ${mailaddresses} ; do
#echo "Creating backup for $mailaddr."
domainpart=${mailaddr#*@}
localpart=${mailaddr%%@*}
lockfile="$basedir/$mailaddr.lock"
statefile="$basedir/$mailaddr.state"
backupdir="$domainpart/$localpart/Maildir"
snapshotfile_full="$basedir/$mailaddr.full.snar"
snapshotfile="$basedir/$mailaddr.snar"
backup_basename="$basedir/${mailaddr}_$(date '+%Y%m%d_%H%M%S')"
(
if [ $synconly -eq 1 ] ; then
flock -xn 200
if [ $? -eq 1 ] ; then
Options to track performance?
Hi there, after upgrading my dovecot on a bookworm container, I now have a weird delay when imap clients like Evolution connect the first time. Is there any performance logging configuration I could enable, to see what dovecot is doing in which timing? I suspect some timeout or delay somewhere, but unable to find it so far. Kind regards Chris ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Options to track performance?
Hi there, after upgrading my dovecot on a bookworm container, I now have a weird delay when imap clients like Evolution connect the first time. Is there any performance logging configuration I could enable, to see what dovecot is doing in which timing? I suspect some timeout or delay somewhere, but unable to find it so far. Kind regards Chris ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Unable to build sieve plugin
Am 30. November 2017 18:20:58 MEZ schrieb Mark Foley : >I'm wanting to experiment with sieve processing for the first time. >Having some trouble getting >started. I googled to page, https://wiki2.dovecot.org/Pigeonhole/Sieve, >went to the "Download >and Installation" link, then the "Pigeonhole download page" link and >downloaded >dovecot-2.2-pigeonhole-0.4.21.tar.gz (I have Dovecot version 2.2.15). I >untarred, ran >./configure (which appeared to run OK), then `make` and got the >following erro: > >make[4]: Entering directory >'/user/util/src/dovecot/dovecot-2.2-pigeonhole-0.4.21/src/lib-sieve/util' >/bin/sh ../../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H >-I. -I../../.. -I/usr/local/include/dovecot >-DMODULEDIR=\""/usr/local/lib/dovecot"\" -std=gnu99 -g -O2 -Wall -W >-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith >-Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime >-Wstrict-aliasing=2 -I../../.. -MT edit-mail.lo -MD -MP -MF >.deps/edit-mail.Tpo -c -o edit-mail.lo edit-mail.c >libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. >-I/usr/local/include/dovecot -DMODULEDIR=\"/usr/local/lib/dovecot\" >-std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations >-Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast >-fno-builtin-strftime -Wstrict-aliasing=2 -I../../.. -MT edit-mail.lo >-MD -MP -MF .deps/edit-mail.Tpo -c edit-mail.c -fPIC -DPIC -o >.libs/edit-mail.o >edit-mail.c: In function 'edit_mail_get_special': >edit-mail.c:1592:8: error: 'MAIL_FETCH_STORAGE_ID' undeclared (first >use in this function) > case MAIL_FETCH_STORAGE_ID: >^ >edit-mail.c:1592:8: note: each undeclared identifier is reported only >once for each function it appears in > >This was followed by several more errors and the make failed. > >What did I do wrong? You need the current dovecot version for the current Pigeonhole version. For dovecot 2.2.15 you probably need to go back to pigeonhole 0.4.7 or even 0.4.5 to get it to compile without errors, see the release notes on the mailing list. >--Mark -- Christian Kivalo
Re: My Solr FTS problem
t [Req1: GET
>http://127.0.0.1:8983/solr/dovecot/select?fl=uid&rows=1&sort=uid+desc&q=box:8864fa1d51ea1d5a7b1296a1aaf8+AND+user:fail2...@mydomain.com]:
>
>Submitted
>doveadm(fail2...@mydomain.com): Debug: http-client: Waiting for 1
>requests to finish
>doveadm(fail2...@mydomain.com): Debug: http-client: peer
>127.0.0.1:8983:
>Creating 1 new connections to handle requests (already 0 usable,
>connecting to 0, closing 0)
>doveadm(fail2...@mydomain.com): Debug: http-client: peer
>127.0.0.1:8983:
>Making new connection 1 of 1
>doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983
>
>[0]: HTTP connection created (1 parallel connections exist)
>doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983
>
>[0]: Connected
>doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983
>
>[0]: Ready for requests
>doveadm(fail2...@mydomain.com): Debug: http-client: peer
>127.0.0.1:8983:
>Successfully connected (connections=1)
>doveadm(fail2...@mydomain.com): Debug: http-client: peer
>127.0.0.1:8983:
>Using 1 idle connections to handle 1 requests (1 total connections
>ready)
>doveadm(fail2...@mydomain.com): Debug: http-client: queue
>http://127.0.0.1:8983: Connection to peer 127.0.0.1:8983 claimed
>request
>[Req1: GET
>http://127.0.0.1:8983/solr/dovecot/select?fl=uid&rows=1&sort=uid+desc&q=box:8864fa1d51ea1d5a7b1296a1aaf8+AND+user:fail2...@mydomain.com]
>
>
>doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983
>
>[0]: Claimed request [Req1: GET
>http://127.0.0.1:8983/solr/dovecot/select?fl=uid&rows=1&sort=uid+desc&q=box:8864fa1d51ea1d5a7b1296a1aaf8+AND+user:fail2...@mydomain.com]
>doveadm(fail2...@mydomain.com): Debug: http-client: request [Req1: GET
>http://127.0.0.1:8983/solr/dovecot/select?fl=uid&rows=1&sort=uid+desc&q=box:8864fa1d51ea1d5a7b1296a1aaf8+AND+user:fail2...@mydomain.com]:
>
>Sent header
>doveadm(fail2...@mydomain.com): Debug: http-client: peer
>127.0.0.1:8983:
>No more requests to service for this peer (1 connections exist)
>doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983
>
>[0]: Got 200 response for request [Req1: GET
>http://127.0.0.1:8983/solr/dovecot/select?fl=uid&rows=1&sort=uid+desc&q=box:8864fa1d51ea1d5a7b1296a1aaf8+AND+user:fail2...@mydomain.com]
>
>(took 3 ms + 2 ms in queue)
>doveadm(fail2...@mydomain.com): Error: fts_solr: Invalid XML input at
>1:0: not well-formed (invalid token) (near: {
> "responseHeader":{
> "status":0,
> "QTime":1,
> "params":{
> "q":"box:8864fa1d51ea1d5a7b1296a1aaf8 AND user:fa)
>doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983
>
>[0]: Response payload stream destroyed (0 ms after initial response)
>doveadm(fail2...@mydomain.com): Debug: http-client: request [Req1: GET
>http://127.0.0.1:8983/solr/dovecot/select?fl=uid&rows=1&sort=uid+desc&q=box:8864fa1d51ea1d5a7b1296a1aaf8+AND+user:fail2...@mydomain.com]:
>
>Finished
>doveadm(fail2...@mydomain.com): Debug: http-client: queue
>http://127.0.0.1:8983: Dropping request [Req1: GET
>http://127.0.0.1:8983/solr/dovecot/select?fl=uid&rows=1&sort=uid+desc&q=box:8864fa1d51ea1d5a7b1296a1aaf8+AND+user:fail2...@mydomain.com]
>doveadm(fail2...@mydomain.com): Debug: http-client: host 127.0.0.1:
>Host
>is idle (timeout = 100 msecs)
>doveadm(fail2...@mydomain.com): Debug: http-client: request [Req1: GET
>http://127.0.0.1:8983/solr/dovecot/select?fl=uid&rows=1&sort=uid+desc&q=box:8864fa1d51ea1d5a7b1296a1aaf8+AND+user:fail2...@mydomain.com]:
>
>Free (requests left=1)
>doveadm(fail2...@mydomain.com): Debug: http-client: All requests
>finished
>doveadm(fail2...@mydomain.com): Error: Mailbox INBOX: Status lookup
>failed: Internal error occurred. Refer to server log for more
>information. [2017-11-30 13:13:57]
>doveadm(fail2...@mydomain.com): Debug: http-client: peer
>127.0.0.1:8983:
>Peer close
>doveadm(fail2...@mydomain.com): Debug: http-client: peer
>127.0.0.1:8983:
>Peer disconnect
>doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983
>
>[0]: Peer closed
>doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983
>
>[0]: Connection disconnect
>doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983
>
>[0]: Connection destroy
>doveadm(fail2...@mydomain.com): Debug: http-client: peer
>127.0.0.1:8983:
>Peer destroy
>doveadm(fail2...@mydomain.com): Debug: http-client: host 127.0.0.1:
>Host
>destroy
>doveadm(fail2...@mydomain.com): Debug: http-client: queue
>http://127.0.0.1:8983: Destroy
--
Christian Kivalo
lda: Warning: Failed to parse return-path header: Invalid character in localpart
Hello, Sometimes, when delivering mails, this warning appears in my syslog: > lda(...): Warning: Failed to parse return-path header: Invalid character in localpart dovecot-lda still exits with 0 and the mail is inserted into my inbox. Looking at the mails in question, I determined that the error is caused by a multiline Return-Path header. Here's a testcase: --- snip --- Return-Path: From: "Nowhere" To: redac...@example.com Subject: Testcase for lda warnings Date: Wed, 31 Jan 2018 12:00:00 + This is a message body. --- snap --- Copy into a file, with \r\n line endings, then run something like this: > cat testcase.txt | /usr/lib/dovecot/dovecot-lda -e -d '' with a username recognized by your running dovecot installation. The header is 'Return-Path:', \r\n, two spaces, '<...>', \r\n According to rfc2822 folding rules, that should be valid - the Return-Path header allows CFWS at that location. The error message originates in lib-lda/mail-deliver.c in mail_deliver_get_return_address(), while the invalid character message seems to originate from one of several places in lib-lda/mail-deliver.c Ciao, Christian Authmann
Re: lda: Warning: Failed to parse return-path header: Invalid character in localpart
Hello, On 31.01.2018 22:35, Stephan Bosch wrote: Op 1/31/2018 om 6:17 PM schreef Christian Authmann: Hello, Sometimes, when delivering mails, this warning appears in my syslog: lda(...): Warning: Failed to parse return-path header: Invalid character in localpart dovecot-lda still exits with 0 and the mail is inserted into my inbox. Looking at the mails in question, I determined that the error is caused by a multiline Return-Path header. Here's a testcase: --- snip --- Return-Path: From: "Nowhere" To: redac...@example.com Subject: Testcase for lda warnings Date: Wed, 31 Jan 2018 12:00:00 + This is a message body. --- snap --- Copy into a file, with \r\n line endings, then run something like this: cat testcase.txt | /usr/lib/dovecot/dovecot-lda -e -d '' with a username recognized by your running dovecot installation. The header is 'Return-Path:', \r\n, two spaces, '<...>', \r\n According to rfc2822 folding rules, that should be valid - the Return-Path header allows CFWS at that location. The error message originates in lib-lda/mail-deliver.c in mail_deliver_get_return_address(), while the invalid character message seems to originate from one of several places in lib-lda/mail-deliver.c This is Dovecot v2.3.0 right? Regards, Stephan. yes, 2.3.0 (c8b89eb), archlinux, x64. Sorry for not mentioning it earlier. Ciao, Christian
Re: dovecot-lda won't cause mail to be filtered by sieve
On February 3, 2018 3:39:56 AM GMT+01:00, Volker Wysk
wrote:
>Hi
>
>I'm changing from fetchmail to getmail, in order to fetch my mail from
>several mail servers and deliver it to my local dovecot server.
>Fetchmail supports LMTP, getmail doesn't. So I'm making getmail call
>dovecot-lda for delivering the mail. But now, the incoming mail doesn't
>get filtered through sieve any longer.
>
>However, this command works:
>
>sieve-filter -v -u v ~v/.dovecot.sieve INBOX -e -W expunge
>
>Any ideas?
>
>Greetings
>V.W.
You need to enable the sieve plugin for LDA. Look at the 15-lda.conf config
file.
At the end of the file you should have
protocol lda {
mail_plugins = $mail_plugins sieve
}
--
Christian Kivalo
Re: Marks as read on mover to Archive
On 2018-05-12 08:55, @lbutlr wrote:
How would I setup dovecot so that when messages are moved to the
Archive mailbox, they are marked as read?
Would it be similar to the imap-sieve for spam tagging?
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before =
file:/usr/lib/dovecot/sieve/report-spam.sieve
Or is there a simpler method?
I'm using that apporach to mark every mail that's moved to trash as
read:
imapsieve_mailbox1_name = Trash
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before =
file:/srv/sieve/imapsieve/setflag-seen.sieve
## setflag-seen.sieve
# set flag "\\seen"
require ["imap4flags"];
setflag "\\seen";
If it matters:
mailbox Archive {
auto = subscribe
special_use = \Archive
--
Christian Kivalo
Re: Maillog warning
On 2018-05-16 19:16, for...@mehl-family.fr wrote: I have comment the line... But now I see other warning : _WARNING: /ETC/DOVECOT/CONF.D/OLD-90-QUOTA.CONF LINE 39: GLOBAL SETTING MAIL_PLUGINS WON'T CHANGE THE SETTING INSIDE AN EARLIER FILTER AT /ETC/DOVECOT/CONF.D/15-LDA.CONF LINE 13 (IF THIS IS INTENTIONAL, AVOID THIS WARNING BY MOVING THE GLOBAL SETTING BEFORE /ETC/DOVECOT/CONF.D/15-LDA.CONF LINE 13)_ AND... I see an error message : _ERROR: COULDN'T LOAD REQUIRED PLUGIN /USR/LIB/DOVECOT/MODULES/LIB11_IMAP_QUOTA_PLUGIN.SO: PLUGIN QUOTA MUST BE LOADED ALSO (YOU MUST SET: MAIL_PLUGINS=$MAIL_PLUGINS QUOTA)_ The output of doveconf -n would help to see what plugins you are trying to load -- Christian Kivalo
Re: Maillog warning
On 2018-05-16 21:07, for...@mehl-family.fr wrote: OK. I renamed "conf.d/90-quota.conf" to "conf.d/13-quota.conf" and I have no more this message. This doesn't really fix your problem, you just removed the signs of it. The order of the files in /etc/dovecot/conf.d matters. Please provide the following: doveconf -n grep -B2 -A1 'mail_plugins =' /etc/dovecot/conf.d/*` shows the unexpanded mail_plugins settings from your config. -- Christian Kivalo
Re: External Program for Authentication?
On 2018-05-16 21:18, Marc Perkel wrote: Is it possible to run a bash script for authentication where a 0 exit code indicates success and a non-zero is failure? What I'm trying to do is create a shadow IMAP server that authenticates against a different server. That way my server will use the same passwords as an existing server. So what I would need is for dovecot to pass the username and password to my script, I attempt to log in remotely and if I succeed I allow access on my side. My side will be used to configure black lists and where spam is dragged from their side to my side. (I'm a spam filtering company) Have you looked at the checkpassword [1] and imap [2] authdatbase descriptions in the wiki? [1] https://wiki2.dovecot.org/AuthDatabase/CheckPassword [2] https://wiki2.dovecot.org/PasswordDatabase/IMAP -- Christian Kivalo
Re: Maillog warning
On 2018-05-16 21:53, for...@mehl-family.fr wrote:
# DOVECOT -N
==> see attachment
This looks overly complicated for a doveconf-n output but it seems to
work...
# GREP -B2 -A1 'MAIL_PLUGINS =' /ETC/DOVECOT/CONF.D/*
/etc/dovecot/conf.d/10-mail.conf-#auth_socket_path =
/var/run/dovecot/auth-userdb
/etc/dovecot/conf.d/10-mail.conf-#mail_plugin_dir =
/usr/lib/dovecot/modules
/etc/dovecot/conf.d/10-mail.conf:#mail_plugins =
^^ uncomment this line and add quota to the end. This is the global
mail_plugins setting that's included as mail_plugins = $mail_plugins in
all protocol sections
/etc/dovecot/conf.d/10-mail.conf-#mailbox_list_index = no
--
rename the file back to 90-quota.conf and comment or remove the lines
marked below
/etc/dovecot/conf.d/13-quota.conf-}
/etc/dovecot/conf.d/13-quota.conf-
/etc/dovecot/conf.d/13-quota.conf:mail_plugins = $mail_plugins quota
^^ comment / remove thie above line
/etc/dovecot/conf.d/13-quota.conf-
/etc/dovecot/conf.d/13-quota.conf-protocol imap {
/etc/dovecot/conf.d/13-quota.conf: mail_plugins = $mail_plugins
imap_quota
/etc/dovecot/conf.d/13-quota.conf-}
^^ comment / remove the above 3 lines (the whole protocol imap block),
the protocol imap block is defined in 20-imap.conf
--
/etc/dovecot/conf.d/15-lda.conf-#lda_mailbox_autosubscribe = no
/etc/dovecot/conf.d/15-lda.conf-protocol lda {
/etc/dovecot/conf.d/15-lda.conf: mail_plugins = $mail_plugins sieve
/etc/dovecot/conf.d/15-lda.conf-}
--
/etc/dovecot/conf.d/20-imap.conf-#imap_urlauth_host =
/etc/dovecot/conf.d/20-imap.conf-protocol imap {
/etc/dovecot/conf.d/20-imap.conf: #mail_plugins = $mail_plugins quota
^^ uncomment the above line
/etc/dovecot/conf.d/20-imap.conf- #mail_max_userip_connections = 10
--
/etc/dovecot/conf.d/20-managesieve.conf- #managesieve_max_line_length
= 65536
/etc/dovecot/conf.d/20-managesieve.conf- #mail_max_userip_connections
= 10
/etc/dovecot/conf.d/20-managesieve.conf: #mail_plugins =
/etc/dovecot/conf.d/20-managesieve.conf- #managesieve_logout_format =
bytes=%i/%o
--
/etc/dovecot/conf.d/20-pop3.conf-protocol pop3 {
/etc/dovecot/conf.d/20-pop3.conf- # Space separated list of plugins
to load (default is global mail_plugins).
/etc/dovecot/conf.d/20-pop3.conf: #mail_plugins = $mail_plugins
/etc/dovecot/conf.d/20-pop3.conf-
With those four changes your warning should be gone.
--
Christian Kivalo
Re: dovecot-pigeonhole Missing sieve_imapsieve Plugin?
On June 7, 2018 6:47:54 PM GMT+02:00, Will Foster wrote:
>Hi Folks,
>
>I am having a problem configuring imapsieve via dovecot-pidgeonhole on
>CentOS7.
>
>After following the docs here:
>
>https://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/IMAPSieve
>
>I get:
>
>dovecot[22026]: managesieve: Fatal: Plugin 'sieve_imapsieve' not found
>from directory /usr/lib64/dovecot/sieve
>dovecot[22026]: doveconf: Error: managesieve-login: dump-capability
>process returned 89
>
>There doesn't seem to be that plugin present or provided by
>dovecot-pigeonhole
>
># ls -lah /usr/lib64/dovecot/sieve/
>total 56K
>drwxr-xr-x. 2 root root 46 Jun 5 12:16 .
>drwxr-xr-x. 7 root root 4.0K Jun 5 12:16 ..
>-rwxr-xr-x. 1 root root 52K Aug 3 2017
>lib90_sieve_extprograms_plugin.so
>
>Am I doing something wrong? This is provided via the CentOS EPEL
>package
>
>Here's my system details:
>
>* dovecot-pigeonhole-2.2.10-8.el7.x86_64
>* CentOS 7.5 on XFS
>* Rainloop Webmail / Mutt / IMAP access
As written on the imapsieve wiki page you linked above, the imapsieve plugin is
available with pigeonhole 0.4.14 which requires dovecot 2.2.24.
>Here's my dovecot -n
>
>
>
># 2.2.10: /etc/dovecot/dovecot.conf
>managesieve(root): Fatal: Plugin 'sieve_imapsieve' not found from
>directory /usr/lib64/dovecot/sieve
>doveconf: Error: managesieve-login: dump-capability process returned 89
># OS: Linux 3.10.0-862.2.3.el7.x86_64 x86_64 CentOS Linux release
>7.5.1804 (Core)
>first_valid_uid = 1000
>info_log_path = /var/log/dovecot-info.log
>log_path = /var/log/dovecot.log
>mail_location = mbox:~/Mail:INBOX=/home/%u/Mail/INBOX_MAIL
>mail_privileged_group = mail
>mbox_write_locks = fcntl
>namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
>special_use = \Drafts
> }
> mailbox Junk {
>special_use = \Junk
> }
> mailbox Sent {
>special_use = \Sent
> }
> mailbox "Sent Messages" {
>special_use = \Sent
> }
> mailbox Trash {
>special_use = \Trash
> }
> prefix =
>}
>passdb {
> args = %s
> driver = pam
>}
>passdb {
> driver = pam
>}
>plugin {
> imapsieve_url = sieve://localhost:4190
> sieve = file:~/sieve;active=~/.dovecot.sieve
> sieve_after = /etc/dovecot/sieve-after
> sieve_dir = ~/sieve
> sieve_plugins = sieve_imapsieve sieve_extprograms
> sieve_user_log = ~/.dovecot.sieve.log
>}
>protocols = imap sieve sieve
>service imap-login {
> inet_listener imap {
>port = 143
> }
> inet_listener imaps {
>port = 993
>ssl = yes
> }
>}
>service managesieve-login {
> inet_listener sieve {
>port = 4190
> }
> process_min_avail = 0
> service_count = 1
> vsz_limit = 64 M
>}
>ssl = required
>ssl_cert = ssl_key = userdb {
> driver = passwd
>}
>userdb {
> driver = passwd
>}
>protocol lmtp {
> mail_plugins = " sieve"
>}
>protocol lda {
> mail_plugins = " sieve"
>}
>protocol imap {
> mail_plugins = " imap_sieve"
>}
>
>-
>
>Thanks for any guidance here.
>
>
>--
>@sadsfae // gpg: A31F27E0 // irc: sadsfae
>come have a squat at https://hobo.house
--
Christian Kivalo
Re: best practices for migrating to new dovecot version
>At this time, I have not deployed Solr as the search engine for >dovecot, >but as I am heavily involved with that community, I probably should. If >there are any guides about switching an existing setup over to Solr, >please point me at them. There where some links to dovecot / solr guides posted to this list in the last months. One of those helped me to switch from solr v3 to solr v7 but I don't currently recall which one. Searching the list archives should bring up those links. -- Christian Kivalo
Re: Dovecot - being dropped
On September 9, 2018 2:38:11 PM GMT+02:00, Maurizio Caloro
wrote:
>
>
>>>After i restart the Dovecot Service it will go forrwarda and
>running.. but
>i can fix this that don't appair any more.
>
>>>because, i'am traveling alot and i can connect to the Server.
>
>>>Regards
>
>
>
>
>
>Hello
>
>Yesterday, I could not receive an email anymore when I looked in the
>logs
>found the following errors:
>
>
>
>* Sep 7 06:04:44 mail dovecot: master: Warning: service(imap-login):
>process_limit (100) reached, client connections are being dropped
>* Sep 7 06:06:41 mail dovecot: master: Warning: service(imap-login):
>process_limit (100) reached, client connections are being dropped
>
>
>
>If show the config i dont see any process_limits
>
>
100 is the default process limit, see https://wiki.dovecot.org/LoginProcess for
how to change
>
>Dovecot 2.2.13
>
>
>
>root@mail:/var/log# dovecot -n
>
># 2.2.13: /etc/dovecot/dovecot.conf
>
># OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11
>
>auth_mechanisms = plain login
>
>auth_verbose = yes
>
>disable_plaintext_auth = no
>
>info_log_path = /var/log/mail.log
>
>log_timestamp = %b %d %H:%M:%S Dovecot/
>
>mail_access_groups = vmail
>
>mail_location = maildir:~/Maildir
>
>managesieve_notify_capability = mailto
>
>managesieve_sieve_capability = fileinto reject envelope
>encoded-character
>vacation subaddress comparator-i;ascii-numeric relational regex
>imap4flags
>copy include variables body enotify vironment mailbox date ihave
>
>namespace inbox {
>
> inbox = yes
>
> location =
>
> mailbox Drafts {
>
>special_use = \Drafts
>
> }
>
> mailbox Junk {
>
>special_use = \Junk
>
> }
>
> mailbox Sent {
>
>special_use = \Sent
>
> }
>
> mailbox "Sent Messages" {
>
>special_use = \Sent
>
> }
>
> mailbox Trash {
>
>special_use = \Trash
>
> }
>
> prefix =
>
>}
>
>passdb {
>
> args = /etc/dovecot/dovecot-sql.conf.ext
>
> driver = sql
>
>}
>
>plugin {
>
> sieve = ~/sieve/.dovecot.sieve
>
> sieve_dir = ~/sieve
>
>}
>
>postmaster_address = admin@
>
>protocols = imap pop3 lmtp
>
>service auth {
>
> unix_listener /var/spool/postfix/private/auth {
>
>group = postfix
>
>mode = 0660
>
>user = postfix
>
> }
>
> unix_listener auth-client {
>
>mode = 0660
>
>user = mail
>
> }
>
>}
>
>service lmtp {
>
> inet_listener lmtp {
>
>address = 127.0.0.1
>
>port = 24
>
> }
>
>}
>
>ssl_cert =
>ssl_key =
>userdb {
>
> args = /etc/dovecot/dovecot-sql.conf.ext
>
> driver = sql
>
>}
>
>protocol lda {
>
> mail_plugins = " quota sieve"
>
>}
>
>protocol imap {
>
> mail_plugins = " quota imap_quota"
>
>}
>
>root@mail:/var/log#
--
Christian Kivalo
Problems with qouta_clone plugin
Hello
I'm having troubles getting the quota_clone plugin to work for me.
iø, trying to put the quota values into to to fields, messages and
usage_in_bytes, in the mysql database.
The quotas are getting written to the maildirsize file and can be
updated with the doveadm quota recalc -A or -u "*" command
But i can't seem to get it to trigger the quota_clone plugin, not even
an error or a warning.. At this point a crash would be preferred since
it might yield some information :)
It is probably something simple but apparantly i'm failing to see it :)
Hope someone can help.
-
dovecot --version
2.3.2.1 (0719df592)
cat dovecot-quota-clone-sql.conf.ext
connect =
map {
pattern = priv/quota/storage
table = virtual_users
value_field = usage_in_bytes
username_field = email
}
map {
pattern = priv/quota/messages
table = virtual_users
value_field = messages
username_field = email
}
# 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-862.11.6.el7.x86_64 x86_64 CentOS Linux release
7.5.1804 (Core) nfs4
# Hostname: imap01.ltmail.dk
auth_debug = yes
dict {
lastlogin = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
quotaclone = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
doveadm_password = # hidden, use -P to show it
lock_method = dotlock
login_trusted_networks = 192.168.100.11/32 192.168.100.16/32
mail_fsync = always
mail_location = maildir:/storage/vmail/%d/%n
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = " quota notify replication"
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
last_login_dict = proxy::lastlogin
last_login_key = last-login/%u
mail_replica = tcp:imapb01.litmail.dk:12345
quota = maildir:User quota
quota_clone_dict = proxy::quotaclone
quota_grace = 10%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
}
protocols = imap
replication_max_conns = 100
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
user = vmail
}
unix_listener replication-notify {
mode = 0666
user = vmail
}
}
service auth-worker {
user = $default_internal_user
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
}
user = $default_internal_user
}
service config {
unix_listener config {
user = vmail
}
}
service dict {
unix_listener dict {
group = vmail
mode = 0600
user = vmail
}
}
service doveadm {
group = vmail
inet_listener {
port = 12345
}
user = vmail
}
service imap-login {
inet_listener imap {
port = 143
}
process_min_avail = 10
service_count = 0
}
service quota-status {
client_limit = 1
executable = /usr/libexec/dovecot/quota-status -p postfix
inet_listener {
port = 12340
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0666
}
}
service stats {
unix_listener stats-writer {
mode = 0600
user = vmail
}
}
ssl_cert =
Re: Problems with qouta_clone plugin
On Mon, 2018-10-15 at 15:31 +0300, Aki Tuomi wrote:
> You should add quota_clone to mail plugins.
>
> Aki
>
>
> On 15.10.2018 15:28, Christian Ejlertsen wrote:
> > Hello
> >
> > I'm having troubles getting the quota_clone plugin to work for me.
> > iø, trying to put the quota values into to to fields, messages and
> > usage_in_bytes, in the mysql database.
> >
> > The quotas are getting written to the maildirsize file and can be
> > updated with the doveadm quota recalc -A or -u "*" command
> >
> > But i can't seem to get it to trigger the quota_clone plugin, not
> > even
> > an error or a warning.. At this point a crash would be preferred
> > since
> > it might yield some information :)
> >
> > It is probably something simple but apparantly i'm failing to see
> > it :)
> >
> > Hope someone can help.
> >
> > -
> >
> > dovecot --version
> > 2.3.2.1 (0719df592)
> >
> > cat dovecot-quota-clone-sql.conf.ext
> > connect =
> >
> > map {
> >pattern = priv/quota/storage
> >table = virtual_users
> >value_field = usage_in_bytes
> >username_field = email
> > }
> >
> > map {
> >pattern = priv/quota/messages
> >table = virtual_users
> >value_field = messages
> >username_field = email
> > }
> >
> > # 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
> > # OS: Linux 3.10.0-862.11.6.el7.x86_64 x86_64 CentOS Linux release
> > 7.5.1804 (Core) nfs4
> > # Hostname: imap01.ltmail.dk
> > auth_debug = yes
> > dict {
> > lastlogin = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
> > quotaclone = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
> > }
> > doveadm_password = # hidden, use -P to show it
> > lock_method = dotlock
> > login_trusted_networks = 192.168.100.11/32 192.168.100.16/32
> > mail_fsync = always
> > mail_location = maildir:/storage/vmail/%d/%n
> > mail_nfs_index = yes
> > mail_nfs_storage = yes
> > mail_plugins = " quota notify replication"
> > mmap_disable = yes
> > namespace inbox {
> > inbox = yes
> > location =
> > mailbox Drafts {
> > special_use = \Drafts
> > }
> > mailbox Junk {
> > special_use = \Junk
> > }
> > mailbox Sent {
> > special_use = \Sent
> > }
> > mailbox "Sent Messages" {
> > special_use = \Sent
> > }
> > mailbox Trash {
> > special_use = \Trash
> > }
> > prefix =
> > }
> > passdb {
> > args = /etc/dovecot/dovecot-sql.conf.ext
> > driver = sql
> > }
> > plugin {
> > last_login_dict = proxy::lastlogin
> > last_login_key = last-login/%u
> > mail_replica = tcp:imapb01.litmail.dk:12345
> > quota = maildir:User quota
> > quota_clone_dict = proxy::quotaclone
> > quota_grace = 10%%
> > quota_status_nouser = DUNNO
> > quota_status_overquota = 552 5.2.2 Mailbox is full
> > quota_status_success = DUNNO
> > }
> > protocols = imap
> > replication_max_conns = 100
> > service aggregator {
> > fifo_listener replication-notify-fifo {
> > mode = 0666
> > user = vmail
> > }
> > unix_listener replication-notify {
> > mode = 0666
> > user = vmail
> > }
> > }
> > service auth-worker {
> > user = $default_internal_user
> > }
> > service auth {
> > unix_listener /var/spool/postfix/private/auth {
> > group = postfix
> > mode = 0666
> > user = postfix
> > }
> > unix_listener auth-userdb {
> > group = vmail
> > mode = 0666
> > user = vmail
> > }
> > user = $default_internal_user
> > }
> > service config {
> > unix_listener config {
> > user = vmail
> > }
> > }
> > service dict {
> > unix_listener dict {
> > group = vmail
> > mode = 0600
> > user = vmail
> > }
> > }
> > service doveadm {
> > group = vmail
> > inet_listener {
> > port = 12345
> > }
> > user = vmail
> > }
> > service imap-login {
> > inet_listener imap {
> > port = 143
> > }
> > process_min_avail = 10
> > service_count = 0
> > }
> > service quota-status {
> > client_limit = 1
> > executable = /usr/libexec/dovecot/quota-status -p postfix
> > inet_listener {
> > port = 12340
> > }
> > }
> > service replicator {
> > process_min_avail = 1
> > unix_listener replicator-doveadm {
> > mode = 0666
> > }
> > }
> > service stats {
> > unix_listener stats-writer {
> > mode = 0600
> > user = vmail
> > }
> > }
> > ssl_cert = > ssl_dh = # hidden, use -P to show it
> > ssl_key = # hidden, use -P to show it
> > userdb {
> > args = /etc/dovecot/dovecot-sql.conf.ext
> > driver = sql
> > }
> > protocol imap {
> > mail_max_userip_connections = 1000
> > mail_plugins = " quota notify replication imap_quota last_login
> > quota_clone"
> > }
> > protocol submission {
> > mail_max_userip_connections = 1000
> > }
> >
> >
> > --
> >
> > Christian Ejlertsen
>
>
It is :)
> protocol imap {
> mail_max_userip_connections = 1000
> mail_plugins = " quota notify replication imap_quota last_login
> quota_clone"
> }
--
Christian Ejlertsen
Re: Problems with qouta_clone plugin
On Mon, 2018-10-15 at 15:36 +0300, Aki Tuomi wrote:
>
> >
> > It is :)
> >
> > > protocol imap {
> > > mail_max_userip_connections = 1000
> > > mail_plugins = " quota notify replication imap_quota last_login
> > > quota_clone"
> > > }
>
> But that will only affect imap protocol. You should add it globally,
> otherwise quota updates do not happen for LMTP/LDA.
>
> Aki
Hello Aki
I tried it like the config suggests, in the global conttext, with same
result no updates in the database and no indication in the log that it
is trying to write or fails in any way.
- Christian
# 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-862.11.6.el7.x86_64 x86_64 CentOS Linux release
7.5.1804 (Core) nfs4
# Hostname: imap01.ltmail.dk
auth_debug = yes
auth_verbose = yes
dict {
lastlogin = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
quotaclone = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
doveadm_password = # hidden, use -P to show it
lock_method = dotlock
login_trusted_networks = 192.168.100.11/32 192.168.100.16/32
mail_debug = yes
mail_fsync = always
mail_location = maildir:/storage/vmail/%d/%n
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = " quota quota_clone notify replication"
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
last_login_dict = proxy::lastlogin
last_login_key = last-login/%u
mail_replica = tcp:imapb01.litmail.dk:12345
quota = maildir:User quota
quota_clone_dict = proxy::quotaclone
quota_grace = 10%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
}
protocols = imap
replication_max_conns = 100
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
user = vmail
}
unix_listener replication-notify {
mode = 0666
user = vmail
}
}
service auth-worker {
user = $default_internal_user
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
}
user = $default_internal_user
}
service config {
unix_listener config {
user = vmail
}
}
service dict {
unix_listener dict {
group = vmail
mode = 0600
user = vmail
}
}
service doveadm {
group = vmail
inet_listener {
port = 12345
}
user = vmail
}
service imap-login {
inet_listener imap {
port = 143
}
process_min_avail = 10
service_count = 0
}
service quota-status {
client_limit = 1
executable = /usr/libexec/dovecot/quota-status -p postfix
inet_listener {
port = 12340
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0666
}
}
service stats {
unix_listener stats-writer {
mode = 0600
user = vmail
}
}
ssl_cert =
Strange log message with dovecot-2.3.3
Hi,
# dovecot --version
2.3.3 (dcead646b)
# doveinfo
Nombre d'utilisateurs : 1151
Sockets IMAP : 4356
Process dovecot/imap : 4357
Process dovecot/imap-login : 1339
Process dovecot/pop3 : 0
Process dovecot/pop3-login : 0
Process dovecot/auth : 1
Process dovecot/auth -w: 2
Process dovecot/anvil : 1
Process dovecot/log: 1
Process dovecot/config : 1
Process dovecot/stats : 1
Since I am using dovecot 2.3.X I got the following messages
/var/log/dovecot-20180930:Sep 28 17:33:38 balcha dovecot: master:
Warning: service(stats): client_limit (1000) reached, client connections
are being dropped
Users complain the system became slow.
I happen when dovecot/imap process grows above 1000.
With 2.2.X no default were defined (#default_client_limit = 1000) and I
have no such log and no performance problems.
With 2.3.3 I first increase default_client_limit to 4096
but the following message come again when dovecot/imap grow above
4096
==
Nov 6 12:09:12 balcha dovecot: master: Warning: service(stats):
client_limit (4096) reached, client connections are being dropped
Nov 6 12:09:25 balcha dovecot: imap: Error:
net_connect_unix(/var/run/dovecot//stats-writer) failed: Resource
temporarily unavailable
... many same lines as above
==
Now 8192 solve my problem
default_client_limit = 8192
I don't understand why the first Warning is related to service(stats)
instead of service(imap)
and why the socket stats-writer became temporarily unavailable
# ls -l /var/run/dovecot/stats-writer
srw-rw 1 root dovecot 0 Nov 8 02:44 /var/run/dovecot/stats-writer
PS.
# dovecot --version
2.3.3 (dcead646b)
# dovecot -n
# 2.3.3 (dcead646b): /usr/local/dovecot-2.3.3/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.3 (f018bbab)
# OS: Linux 2.6.32-696.30.1.el6.x86_64 x86_64 Red Hat Enterprise Linux
Server release 6.9 (Santiago)
# Hostname: balcha.onera
base_dir = /var/run/dovecot/
default_client_limit = 8192 <<< default with dovecot 2.2.X changed to
4096 then 8192
disable_plaintext_auth = no
listen = *
mail_location = maildir:~/Maildir:INDEX=~/Maildir:CONTROL=~/Maildir
mail_plugins = quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext
mbox_write_locks = fcntl
passdb {
args = %s
driver = pam
}
plugin {
quota = maildir:User quota
quota_grace = 6%%
quota_rule = ?:storage=6G
quota_rule2 = Trash:storage=+5%%
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = file:~/sieve;active=~/.dovecot.sieve
}
postmaster_address = postmas...@onera.fr
quota_full_tempfail = yes
rejection_reason = Votre message à <%t> est mis en attente; raison : %n%
r
rejection_subject = Message (Objet: %s) mis en attente de livraison
service anvil {
client_limit = 4299
}
service auth {
client_limit = 5320
}
service imap-login {
client_limit = 8192
process_limit = 4096
}
service imap {
process_limit = 8192
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
group = root
mode = 0666
user = root
}
user = root
}
ssl_cert =
Re: Errors wih fts-solr
On November 30, 2018 4:13:40 PM GMT+01:00, Riccardo Bicelli wrote: >Thanks, >but how? I looked through solr documentation and found anything useful. See for example this thread where its described how to change the query response writer in solr http://dovecot.2317879.n4.nabble.com/Solr-7-td61467.html >For now got it working setting up nginx and strip down the header, but >I >think it isn't the proper solution. > >Cheers > > >Il giorno ven 30 nov 2018 alle ore 09:48 Aki Tuomi < >aki.tu...@open-xchange.com> ha scritto: > >> >> On 28.11.2018 9.52, Riccardo Bicelli wrote: >> > Hello, >> > I recently upgraded my solr installation to 6.6.5 >> > >> > When searching through dovecot solr throws this this error: >> > >> > solr Bad contentType for search handler :text/xml >> > >> > I'm running dovecot 2.2.10 on CentOS 7.5. >> > >> > Regards >> > Riccardo >> > >> >> Configure your solr to use XML instead of JSON. >> >> Aki >> >> -- Christian Kivalo
Dovecot no logs by sieve user script
Dear mailinglist,
I have the problem that I had to migrate a setup and since then my user's sieve
script does
no longer log anything.
I have sieve_user_log unset and sieve points to a folder (ready for
ManageSievev service).
In the old config I had sieve point to the symlink and sieve_dir point to the
folder of all
scripts. As sieve_dir is deprecated I use the sieve directive only (see below).
According to my understanding of https://wiki2.dovecot.org/Pigeonhole/Sieve/
Configuration this should result in user logging in ~/.dovecot.sieve.log. This
file is never
generated by dovecot and if I create it manually, it is not filled.
Can you tell me, what I am missing here in order to get the per-user logs
running?
Thank you very much
Christian
# dovecot --version
# dovecot -n # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version
0.4.16
(fed8554) # OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6 auth_mechanisms = plain
login
disable_plaintext_auth = no mail_location = maildir:~/Mailbox
managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto
reject
envelope encoded-character vacation subaddress comparator-i;ascii-numeric
relational
regex imap4flags copy include variables body enotify environment mailbox date
index
ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes
location =
mailbox Drafts {auto = createspecial_use = \Drafts } mailbox Junk {
auto =
subscribespecial_use = \Junk } mailbox Sent {auto = subscribe
special_use = \Sent }
mailbox Trash {special_use = \Trash } prefix = } passdb { driver = pam
} passdb { args
= scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file }
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve } postmaster_address =
postmaster@wolf-
stuttgart.net protocols = " imap sieve sieve" service auth { unix_listener
/var/spool/postfix/
private/auth {mode = 0666 } } service managesieve-login { inet_listener
sieve {port =
4190 } } ssl = required ssl_cert =
Re: Dovecot no logs by sieve user script
Dear Stephan, Am 06.01.19 um 19:07 schrieb Stephan Bosch: Can you enable mail_debug=yes and look at your debug log. Sieve will tell you what directories files are being used. I did this already in the past without insight. Maybe I miss something. I put the relevant lines from my system mail logs to https://gist.github.com/christianlupus/0dc7007c00551e15130c91a02a42e9b2. Remember I am looking for a way to allow my users to see their filtering results/logs/errors without need to access the system wide logs. In my "old" setup this worked flawlessly. Thanks Christian
Re: Dovecot no logs by sieve user script [SOLVED]
Dear mailing list, I have to admit, I was mislead: I thought that some messages should be logged anyway. But in fact sieve only logs errors by default. So I had to introduce a intended error in my sieve script, trigger it by sending a mail and voi-là: the log got its error messages. So this topic can be seen as solved. Thanks anyways Christian
Re: Dovecot serving incorrect certificate
On 2020-07-25 23:31, Antonio Leding wrote: CORRECTION: Just discovered that actually the Postfix cert is being sent to the client regardless of the configuration…so now the remaining question is why would is the PF cert sent rather than the cert I have configured in the dovecot.conf file? Because the file containes the wrong certificate. -- Christian Kivalo
2.3.11.3 on 32bit platforms
See also the 32bit build failures on Debian:
https://buildd.debian.org/status/package.php?p=dovecot
There are some compiler warnings on 32bit architectures in test-mech.c
test-mech.c: In function ‘test_mechs’:
test-mech.c:326:61: warning: format ‘%lu’ expects argument of type
‘long unsigned int’, but argument 4 has type ‘unsigned int’
[-Wformat=]
326 | const char *testname = t_strdup_printf("auth mech %s %d/%lu",
| ~~^
| |
|
long unsigned int
| %u
test-mech.c:338:12: warning: passing argument 2 of
‘test_mech_construct_apop_challenge’ from incompatible pointer type
[-Wincompatible-pointer-types]
338 |&test_case->len);
|^~~
||
|size_t * {aka unsigned int *}
test-mech.c:195:77: note: expected ‘long unsigned int *’ but argument
is of type ‘size_t *’ {aka ‘unsigned int *’}
195 | test_mech_construct_apop_challenge(unsigned int connect_uid,
unsigned long *len_r)
|
~~~^
But the unit test still fails after a commit like:
diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c
index cf05370..90c2215 100644
--- a/src/auth/test-mech.c
+++ b/src/auth/test-mech.c
@@ -192,7 +192,7 @@ static void test_mech_handle_challenge(struct
auth_request *request,
}
static inline const unsigned char *
-test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned
long *len_r)
+test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r)
{
string_t *apop_challenge = t_str_new(128);
@@ -323,7 +323,7 @@ static void test_mechs(void)
struct test_case *test_case = &tests[running_test];
const struct mech_module *mech = test_case->mech;
struct auth_request *request;
- const char *testname = t_strdup_printf("auth mech %s %d/%lu",
+ const char *testname = t_strdup_printf("auth mech %s %d/%zu",
mech->mech_name,
running_test+1,
N_ELEMENTS(tests));
Re: Sieve scripts replication not working
>Thank you for information. I am using dovecot packaged for debian >stable release, and I like having updates managed by package system. You could use the packages provided by dovecot. See https://repo.dovecot.org for more information. -- Christian Kivalo
Re: Outlook with Dovecot
Elise, 13.12.20: I think the origin of this issue is caused by Outlook itself. Setting up a new account in Outlook, one has to provide an email address instead of a user name. With using BSD usermanager, adding a user named 'i...@mydomain.com' is converted automatically to user 'ilse'. I am not expecting that Microsoft will solve this issue on short term though. Good old "Control Panel" -> "Mail" offers some more detailed configuration options. Just use this way to set up mail accounts instead of doing it with Outlook. Mit freundlichen Grüßen / Kind Regards Christian Schmidt -- Signature not available. smime.p7s Description: S/MIME Cryptographic Signature
Re: LDA ignores virtual mailbox settings
Hi,
Toni Mueller, 27.12.20:
16:04:16 dovecot: lda(u...@example.com)<5291>: Error:
Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX:
open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox)
egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by
0:8 mode=0775)
16:04:16 dovecot: lda(u...@example.com)<5291>:
msgid=<20201226224933.014...@laptop.example.com>: save failed to open mailbox INBOX:
Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/u...@example.com)
failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail,
we're not in group 8(mail), dir owned by 0:8 mode=0775)
16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=,
orig_to=, relay=dovecot, delay=62083, delays=62083/0.04/0/0.04,
dsn=4.3.0, status=deferred (temporary failure)
In /etc/postfix/master.cf, I have this to call it:
dovecot unix - n n - - pipe
flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d
${user}@${domain} -a ${recipient}
I've tried strace-ing dovecot-lda, but it didn't really help me to
understand why it discards the result of the userdb lookup.
Can anyone please provide a cluebat, please?
I'd change the setup towards postfix handing over the messages to
dovecot via lmtp.
You can easily achive this by setting
relay_domains = btree:/etc/postfix/relay-transport
in your postfix configuration and creating a file
/etc/postfix/relay-transport:
your_mail_domain lmtp:unix:private/lmtp-dovecot
Mit freundlichen Grüßen
Christian Schmidt
--
No signature available.
Re: doveadm backup only working once?
ox:
>
>> type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
>> subscriptions=yes
>>
>location=mbox:~/mail/mailboxes:INBOX=/var/mail/synctest:DIRNAME=mBoX-MeSsAgEs:INDEX=~/mail/index:CONTROL=~/mail/control
>> doveadm(synctest): Debug: remote(192.168.3.1:12345): fs:
>> root=/home/synctest/mail/mailboxes, index=/home/synctest/mail/index,
>> indexpvt=, control=/home/synctest/mail/control,
>> inbox=/var/mail/synctest, alt=
>> doveadm(synctest): Debug: Effective uid=1006, gid=100,
>home=/home/synctest
>> doveadm(synctest): Debug: Namespace inbox: type=private, prefix=,
>> sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes
>>
>location=mbox:~/mail/mailboxes:INBOX=/var/mail/synctest:DIRNAME=mBoX-MeSsAgEs:INDEX=~/mail/index:CONTROL=~/mail/control
>> doveadm(synctest): Debug: fs: root=/home/synctest/mail/mailboxes,
>> index=/home/synctest/mail/index, indexpvt=,
>> control=/home/synctest/mail/control, inbox=/var/mail/synctest, alt=
>> doveadm(synctest): Debug: brain M: Namespace has location
>>
>mbox:~/mail/mailboxes:INBOX=/var/mail/synctest:DIRNAME=mBoX-MeSsAgEs:INDEX=~/mail/index:CONTROL=~/mail/control
>> doveadm(synctest): Debug: Namespace :
>> /home/synctest/mail/mailboxes/INBOX doesn't exist yet, using default
>> permissions
>> doveadm(synctest): Debug: Namespace : Using permissions from
>> /home/synctest/mail/mailboxes: mode=0700 gid=default
>> dsync-local(synctest): Debug: brain M: Local
>> mailbox tree: INBOX guid=f8ecea204a65f05fea46b4581695
>> uid_validity=1609590090 uid_next=9 subs=no last_change=0 last_subs=0
>> dsync-local(synctest): Debug: brain M: Remote
>
>> mailbox tree: INBOX guid=f8ecea204a65f05fea46b4581695
>> uid_validity=1609590090 uid_next=9 subs=no last_change=0 last_subs=0
>> dsync-local(synctest): Debug: brain M:
>Mailbox
>> INBOX: local=f8ecea204a65f05fea46b4581695/0/1,
>> remote=f8ecea204a65f05fea46b4581695/0/1: Mailboxes are equal
>> dsync-local(synctest): Debug: Namespace :
>> /home/synctest/mail/mailboxes/INBOX doesn't exist yet, using default
>> permissions
>> dsync-local(synctest): Debug: Namespace :
>> Using permissions from /home/synctest/mail/mailboxes: mode=0700
>> gid=default
>> dsync-local(synctest): Debug: brain M: Import
>
>> INBOX: Import change type=expunge GUID= UID=1 hdr_hash=
>> result=Expunged mail has no GUID, can't verify it
>> dsync-local(synctest): Debug: brain M: Import
>
>> INBOX: Import change type=expunge GUID= UID=2 hdr_hash=
>> result=Expunged mail has no GUID, can't verify it
>> dsync-local(synctest): Debug: brain M: Import
>
>> INBOX: Import change type=expunge GUID= UID=3 hdr_hash=
>> result=Expunged mail has no GUID, can't verify it
>> dsync-local(synctest): Debug: brain M: Import
>
>> INBOX: Import change type=expunge GUID= UID=4 hdr_hash=
>> result=Expunged mail has no GUID, can't verify it
>> dsync-local(synctest): Debug: brain M: Import
>
>> INBOX: Import change type=expunge GUID= UID=5 hdr_hash=
>> result=Expunged mail has no GUID, can't verify it
>> dsync-local(synctest): Debug: brain M: Import
>
>> INBOX: Import change type=expunge GUID= UID=6 hdr_hash=
>> result=Expunged mail has no GUID, can't verify it
>> dsync-local(synctest): Warning: Deleting
>> mailbox 'INBOX': UID=7 already exists locally for a different mail:
>> Headers hashes don't match (9fc2f2229a1a2a8d5f12304cb5287f97 vs
>> b62e0281b4f375a45040c552b55ab31a)
>> dsync-local(synctest): Debug: brain M: Import
>
>> INBOX: Import change type=save GUID=8bce3bc615e7f2a1dfad970a3cd36bdb
>> UID=7 hdr_hash=9fc2f2229a1a2a8d5f12304cb5287f97 result=Headers hashes
>
>> don't match (9fc2f2229a1a2a8d5f12304cb5287f97 vs
>> b62e0281b4f375a45040c552b55ab31a)
>> dsync-local(synctest): Debug: brain M: Import
>
>> INBOX: Saved UIDs:
>> dsync-local(synctest): Debug: doveadm-sieve:
>> Iterating Sieve mailbox attributes
>> dsync-local(synctest): Debug: sieve:
>> Pigeonhole version 0.5.4 () initializing
>> dsync-local(synctest): Debug: sieve: include:
>
>> sieve_global is not set; it is currently not possible to include
>> `:global' scripts.
>> dsync-local(synctest): Debug: sieve: file
>> storage: Using active Sieve script path:
>/home/synctest/.dovecot.sieve
>> dsync-local(synctest): Debug: sieve: file
>> storage: Using script storage path: /home/synctest/sieve
>> dsync-local(synctest): Debug: sieve: file
>> storage: Using permissions from /home/synctest/sieve: mode=0700
>gid=-1
>> dsync-local(synctest): Debug: sieve: file
>> storage: Relative path to sieve storage in active link: sieve/
>> dsync-local(synctest): Debug: sieve: file
>> storage: sync: Synchronization active
>> dsync-local(synctest): Error: Couldn't delete
>
>> mailbox INBOX: Permission denied
>>
>> root@server2:/home/synctest/mail# dovecot -n
>> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.5.4 ()
>> # OS: Linux 4.19.0-12-amd64 x86_64 Debian 10.6
>> # Hostname: server2.fritz.box
>> auth_username_format = %Ln
>> doveadm_password = # hidden, use -P to show it
>> lda_mailbox_autocreate = yes
>> login_trusted_networks = 192.168.3.0/24
>> mail_location =
>>
>mbox:~/mail/mailboxes:INBOX=/var/mail/%u:DIRNAME=mBoX-MeSsAgEs:INDEX=~/mail/index:CONTROL=~/mail/control
>> mail_privileged_group = mail
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope
>> encoded-character vacation subaddress comparator-i;ascii-numeric
>> relational regex imap4flags copy include variables body enotify
>> environment mailbox date index ihave duplicate mime foreverypart
>> extracttext
>> namespace inbox {
>> inbox = yes
>> location =
>> mailbox Drafts {
>> special_use = \Drafts
>> }
>> mailbox Junk {
>> special_use = \Junk
>> }
>> mailbox Sent {
>> special_use = \Sent
>> }
>> mailbox "Sent Messages" {
>> special_use = \Sent
>> }
>> mailbox Trash {
>> special_use = \Trash
>> }
>> prefix =
>> }
>> passdb {
>> driver = pam
>> }
>> plugin {
>> sieve = ~/.dovecot.sieve
>> sieve_default = /var/lib/dovecot/sieve/default.sieve
>> sieve_dir = ~/sieve
>> }
>> postmaster_address = postmaster@"domain"
>> protocols = imap pop3 lmtp
>> service doveadm {
>> inet_listener {
>> port = 12345
>> }
>> }
>> service managesieve-login {
>> inet_listener sieve {
>> port = 4190
>> }
>> }
>> ssl_cert = > ssl_dh = # hidden, use -P to show it
>> ssl_key = # hidden, use -P to show it
>> userdb {
>> driver = passwd
>> }
>> protocol lmtp {
>> mail_plugins = " sieve"
>> }
>> protocol lda {
>> mail_plugins = " sieve"
>> }
>>
--
Christian Kivalo
Re: New dovecot server, authentication confusion
status 1 Jan 24 17:35:43 nantes-m1 postfix/master[1634]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling So I'm failing to connect, but the error about private/auth is quite unclear to me. I think what I've configured is that plaintext auth is disabled unless on a SSL/TLS connection, and SSL/TLS connections are required, so plaintext over SSL/TLS is the rule. There's an error related to smtpd startup, though I'm unclear what that means, since postfix is running. I think it means it can't run smtpd to send the mail, but why and where configured is unclear to me. -- Christian Kivalo
json_parse_number broken by compiler optimization
he parsing itself is messed up by optimization. We already know from the above that reducing just this function to -O1 or less avoids the issue. But what is it really - I don't know? Maybe you have a better idea what is going on, the issue should be reproducible when building dovecot with the toolchain present on the latest Ubuntu being 21.04 (Hirsute) right now. -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd
Re: json_parse_number broken by compiler optimization
On Tue, Mar 30, 2021 at 9:21 PM Josef 'Jeff' Sipek
wrote:
>
> On Tue, Mar 30, 2021 at 13:34:54 -0400, Josef 'Jeff' Sipek wrote:
> > On Tue, Mar 30, 2021 at 17:53:27 +0200, Christian Ehrhardt wrote:
> > > Hi,
> > > the recent Ubuntu (re)builds uncovered an issue with dovecot
> > > 1:2.3.13+dfsg1-1
> > > build log:
> > > https://launchpadlibrarian.net/529849650/buildlog_ubuntu-hirsute-amd64.dovecot_1%3A2.3.13+dfsg1-1build1_BUILDING.txt.gz
> > > A coworker tried 2.3.14 but got the same result.
> > >
> > > What fails is the json_parser build time test like:
> > > test-json-parser.c:161: Assert(#25) failed:
> > > null_strcmp(json_output[pos].value, value) == 0
> > >
> > > I was looking into that a bit more and what I found is that it is
> > > dependent on the new toolchain
> > > of gcc 10.2.0-1.
> >
> > FWIW, I managed to reproduce it on FreeBSD with gcc 11, so the good news for
> > you is that it isn't Ubuntu specific :)
> >
> > I'll debug further.
>
> The culprit seems to be LTO. If you disable LTO, everything should work
> just fine.
I've had LTO disabled and it has still shown the same effect (with my
gcc 10.2.0-1).
I'll give it a non-LTO retry and double check if it really changed the
compile options accordingly.
I'll let you know about that later on.
> So, I think that'll be the "official" workaround - and a much
> better one than disabling optimization completely.
Well, "completely" is a bit hard, as I only disabled it on a single
function and not the full build :-)
But yeah if it really turns out to be LTO then disabling that will be
fine as an avoidance until we've found the underlying root cause.
> Now, the big question is, is something in the test breaking or is the parser
> itself somehow triggering this.
>
> Jeff.
>
> >
> > Thanks again for the report,
> >
> > Jeff.
> >
> > >
> > > Not all calls to json_parse_* fail, e.g. the first one looks all good and
> > > passes
> > > I was iterating the tests using a report function defined like
> > >
> > > (gdb) define repcon
> > > >c
> > > >p pos
> > > >p json_output[pos].type
> > > >p type
> > > >p json_output[pos].value
> > > >p value
> > > >call null_strcmp(json_output[pos].value, value)
> > > >end
> > >
> > > The first one to be bad was:
> > > Breakpoint 2, test_json_parser_success (full_size=) at
> > > test-json-parser.c:161
> > > 161 test_assert_idx(null_strcmp(json_output[pos].value, value) == 0, pos);
> > > $84 = 25
> > > $85 = JSON_TYPE_NUMBER
> > > $86 = JSON_TYPE_NUMBER
> > > $87 = 0x55633b25 "-12.456"
> > > $88 = 0x55693110 ""
> > > $89 = 45
> > >
> > > Earlier and later parsing was happy, for example
> > >
> > > Breakpoint 2, test_json_parser_success (full_size=) at
> > > test-json-parser.c:161
> > > 161 test_assert_idx(null_strcmp(json_output[pos].value, value) == 0, pos);
> > > $90 = 27
> > > $91 = JSON_TYPE_NUMBER
> > > $92 = JSON_TYPE_NUMBER
> > > $93 = 0x55633b32 "12.456e9"
> > > $94 = 0x55693110 "12.456e9"
> > > $95 = 0
> > > (gdb)
> > >
> > >
> > > We have two things we compare here.
> > > 1. json_output[] which is a static define and for this value is
> > >67 »···{ JSON_TYPE_NUMBER, "-12.456" },
> > > 2. the return value that json_parse_next returns.
> > >25 »···" \"sub2\":-12.456,\n"
> > > 148 »···»···»···»···ret = json_parse_next(parser, &type, &value);
> > >
> > > I tried a non negative number and got success which is suspicious
> > >
> > > Breakpoint 5, test_json_parser_success (full_size=) at
> > > test-json-parser.c:164
> > > 164 test_assert_idx(null_strcmp(json_output[pos].value, value) == 0, pos);
> > > $122 = 25
> > > $123 = JSON_TYPE_NUMBER
> > > $124 = JSON_TYPE_NUMBER
> > > $125 = 0x55633b2c "12.456"
> > > $126 = 0x55693110 "12.456"
> > > $127 = 0
> > > (gdb)
> > >
> > >
> > > Also the return value otherwise LGTM, it is recognized as a number:
> > > 540 } else if ((ret = json_parse_number(parser, value_r)) >= 0) {
> > > (gdb) n
> > > 541 *type_r = JSON_TYPE_NUMBER;
> > >
Re: json_parse_number broken by compiler optimization
On Wed, Mar 31, 2021 at 8:46 AM Christian Ehrhardt wrote: > > On Tue, Mar 30, 2021 at 9:21 PM Josef 'Jeff' Sipek > wrote: > > > > On Tue, Mar 30, 2021 at 13:34:54 -0400, Josef 'Jeff' Sipek wrote: > > > On Tue, Mar 30, 2021 at 17:53:27 +0200, Christian Ehrhardt wrote: > > > > Hi, > > > > the recent Ubuntu (re)builds uncovered an issue with dovecot > > > > 1:2.3.13+dfsg1-1 > > > > build log: > > > > https://launchpadlibrarian.net/529849650/buildlog_ubuntu-hirsute-amd64.dovecot_1%3A2.3.13+dfsg1-1build1_BUILDING.txt.gz > > > > A coworker tried 2.3.14 but got the same result. > > > > > > > > What fails is the json_parser build time test like: > > > > test-json-parser.c:161: Assert(#25) failed: > > > > null_strcmp(json_output[pos].value, value) == 0 > > > > > > > > I was looking into that a bit more and what I found is that it is > > > > dependent on the new toolchain > > > > of gcc 10.2.0-1. > > > > > > FWIW, I managed to reproduce it on FreeBSD with gcc 11, so the good news > > > for > > > you is that it isn't Ubuntu specific :) > > > > > > I'll debug further. > > > > The culprit seems to be LTO. If you disable LTO, everything should work > > just fine. > > I've had LTO disabled and it has still shown the same effect (with my > gcc 10.2.0-1). > I'll give it a non-LTO retry and double check if it really changed the > compile options accordingly. > I'll let you know about that later on. Indeed, I wonder what I tried yesterday in regard to LTO then .. :-/ I can confirm that disabling LTO fixes the issue for me as well and for now that should be a good mitigation until the root cause is found and fixed. Since it might help debugging the underlying problem with LTO here is another data point. With LTO enabled (and skipping the json-parser issues with my optimization trick) there is another testcase later that fails (but works with LTO disabled): test-istream-attachment.c:354: Assert failed: memcmp(data + sizeof(BINARY_TEXT_LONG)-1, BINARY_TEXT_SHORT, strlen(BINARY_TEXT_SHORT)) == 0 istream attachment ... : FAILED Panic: file test-istream-attachment.c: line 395 (test_istream_attachment_extractor_one): assertion failed: (size >= prefix_len && memcmp(data, mail_broken_input_body_prefix, prefix_len) == 0) Error: Raw backtrace: ./test-istream-attachment(+0x4cd95) [0x55c0db91bd95] -> ./test-istream-attachment(backtrace_get+0x75) [0x55c0db91bf65] -> ./test-istream-attachment(+0x2a7fb) [0x55c0db8f97fb] -> ./test-istream-attachment(+0x2a837) [0x55c0db8f9837] -> ./test-istream-attachment(+0x13c5c) [0x55c0db8e2c5c] -> ./test-istream-attachment(+0x12d39) [0x55c0db8e1d39] -> ./test-istream-attachment(+0x1cca3) [0x55c0db8ebca3] -> ./test-istream-attachment(+0x2424d) [0x55c0db8f324d] -> ./test-istream-attachment(test_run+0x63) [0x55c0db8f32f3] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xd5) [0x7f60d232d565] -> ./test-istream-attachment(_start+0x2e) [0x55c0db8e7c2e] /bin/bash: line 1: 1650909 Aborted (core dumped) ./$bin > > So, I think that'll be the "official" workaround - and a much > > better one than disabling optimization completely. > > Well, "completely" is a bit hard, as I only disabled it on a single > function and not the full build :-) > But yeah if it really turns out to be LTO then disabling that will be > fine as an avoidance until we've found the underlying root cause. > > > Now, the big question is, is something in the test breaking or is the parser > > itself somehow triggering this. > > > > Jeff. > > > > > > > > Thanks again for the report, > > > > > > Jeff. > > > > > > > > > > > Not all calls to json_parse_* fail, e.g. the first one looks all good > > > > and passes > > > > I was iterating the tests using a report function defined like > > > > > > > > (gdb) define repcon > > > > >c > > > > >p pos > > > > >p json_output[pos].type > > > > >p type > > > > >p json_output[pos].value > > > > >p value > > > > >call null_strcmp(json_output[pos].value, value) > > > > >end > > > > > > > > The first one to be bad was: > > > > Breakpoint 2, test_json_parser_success (full_size=) at > > > > test-json-parser.c:161 > > > > 161 test_assert_idx(null_strcmp(json_output[pos].value, value) == 0,
Re: Search seems slow with apache solr
On 2021-04-04 18:24, Steve Dondley wrote: I'm experimenting with Apache Solr and Dovecot. As far as I can tell, I have dovecot working with Apache Solr as demonstrated by this output: a search text "cash" * SEARCH 4 8 26 35 45 52 54 55 63 a OK Search completed (0.356 + 0.001 + 0.068 secs). However, when using the roundcube search bar and search all messages on a single word, it takes about 18 seconds. This seems slow as I only have about 4300 message in all my folders. But I'm not sure as I have nothing to compare it to. This does seem slow. I just searched for a single word on a folder with ~52000 mails and it took about 4 seconds including the time to display the resulting list of ~600 mails in roundcube. Searching directly via imap is way faster: b OK Search completed (0.149 + 0.000 + 0.120 secs). Not much i can help besides it should be faster i think. Does you server have enough ram? Whats your dovecot configuration? You can get that with doveconf -n Is there a way I can test whether roundcube is using solr to perform searches? Roundcube uses the imap search provided by dovecot so if dovecot is using solr, roundcube does too. You could tcpdump the connection between dovecot and solr while searching in roundcube, this would tell you if dovecot really searches with solr. -- Christian Kivalo
Re: disable pop3 ports?
On 2021-05-04 10:20, Dan Egli wrote: Already did all of that. like I said, EVERY instance of pop3 in the entire config set is commented out. Then please post the output of doveconf -n. Seems there is still something left. The list of installed dovecot packages would also be help. -- Christian Kivalo
Re: disable pop3 ports?
On 2021-05-04 10:29, Dan Egli wrote:
For gentoo, there is only one package. And here's your output:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7
xfs
# Hostname: jupiter.newideatest.site
and yet if I do doveconf protocols:
# doveconf protocols
protocols = imap pop3 lmtp
In dovecot.conf i have a line that enables the protocols.
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
This is on debian where every protocol is a separate package to install.
This could also just be:
protocols = imap lmtp pop3
Remove pop3 from there and you should be good. You can even have the
config in place.
The other option to disable the pop3 listeners is to set the port = 0
From 10-master.conf (when using split config files)
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
ssl = yes
}
}
This disables pop3 listeners even when the pop3 protocol is enabled.
--
Christian Kivalo
Adding virtual folders to an existing dovecot installation
Hello dear dovecot mailinglist,
I am having a dovecot installation that is working so far (together with sieve
and managesieve).
Now, I found the possibility to add a virtual folder to the server promising.
I sort various mails using a per-user sieve script into subfolders. This works
well on the latop but the mobile device does not like too many folders to
check. So, I wanted to create a virtual inbox that holds all unread messages.
I found this documentation:
https://doc.dovecot.org/configuration_manual/virtual_plugin/
Now, I have first one question: When I use the virtual folder and read a
message/mark it as read, will this be reflected on the underlaying folder or
will it cause trouble on dovecot?
As far as I understand, usage of sieve filtering and the virtual plugin is
considered critical as mentioned in the documentation. This is due to the
fact, that the virtual mailboxes are read-only by default (unless a folder is
prefixed with a !-symbol). Sieve will try to filter the virtual folder as well
be default and moving a message to another folder will fail the read-only
assumption.
Honestly, I do not get the content of https://doc.dovecot.org/
configuration_manual/virtual_plugin/#sieve-filters-with-virtual-mailboxes by
100%. The first paragraph indicates that sieve plus virtual mailboxes are a
complete no-go, while the second indicates that a safe configuration is needed.
Could someone please elaborate this a bit more?
I have not yet changed anything as I did not want blindly break my production
mail system. The current (unaltered) configuration I will attach below.
Bonus question: Is it possible to restrict the effect of the virtual plugin to
certain (virtual) user accounts?
Thank you very much
Christian
# dovecot --version
2.3.13 (89f716dc2)
#dovecot -n
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.11.2-arch1-1 x86_64
# Hostname: server-hh.hh.lupus
auth_mechanisms = plain login
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Templates {
auto = subscribe
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = scheme=PLAIN username_format=%n /home/.vmail/%d/etc/shadow
driver = passwd-file
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
stats_refresh = 30 secs
stats_track_cmds = yes
}
protocols = imap lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service stats {
fifo_listener stats-mail {
mode = 0600
user = vmail
}
}
ssl = required
ssl_cert =
Re: v2.3.16 released
On August 8, 2021 2:54:30 AM GMT+02:00, dove...@ptld.com wrote: >Was the update issue sorted? Is it safe to update or was/is there a >glitch? Had no problem upgrading here. -- Christian Kivalo
Re: SSL TLS SNI error certificate is empty
On August 16, 2021 3:03:22 AM GMT+02:00, sil...@datavenia.nl wrote:
>Hello,
>
>
>
>I’ve tried implementing TLS SNI for my Postfix/Dovecot setup. I have it
>working in Postfix, but this example for Dovecot:
>https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#with-client-tls-sni-server-name-indication-support
> doesn’t seem to work for me.
>
>
>
>I’m using LetsEncrypt certificates. They work without a problem with the
>regular ssl_cert and ssl_key settings like this:
>
>
>
>ssl_cert =
>
>ssl_key =
>
>
>
>… but as soon as I put them in local_name blocks like this:
>
>
>
>local_name datavenia.nl {
>
> ssl_cert =
>
> ssl_key =
>
>}
>
>
>
>local_name verovia.nl {
>
> ssl_cert =
>
> ssl_key =
>
>}
>
>
>
>and restart dovecot I get the following error:
>
>
>
>dovecot: imap-login: Error: Failed to initialize SSL server context: Can't
>load SSL certificate (ssl_cert setting): The certificate is empty: user=<>,
>rip=213.127.63.224, lip=142.93.135.7, session=
>
You still need a default ssl_cert outside the local ... block.
This is noted in the section about different certs for different IPs just
before the section about SNI
-> Note
-> You will still need a top-level default ssl_key and ssl_cert as well, or you
will receive errors.
That default cert ia used as fallback for clients that don't do SNI.
>
>I have verified that the certificate paths are correct, the files have
>content. I’ve already checked permissions (chmodded 777 to debug), as well as
>the that these are actually symlinks (updated the config to point to the real
>files) but nothing so far seems to change anything. I have also recreated my
>dh.pem (4096).
>
>
>
>I’m hoping anyone has any idea where I might be going wrong.
>
>
>
>Kind regards,
>
>Silvan
>
>
>
>Output of dovecot -n:
>
>
>
># 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
>
># Pigeonhole version 0.5.13 (cdd19fe3)
>
># OS: Linux 5.11.0-25-generic x86_64 Ubuntu 21.04 ext4
>
># Hostname: azrael00
>
>auth_mechanisms = plain login
>
>mail_location = maildir:/var/mail/vhosts/%d/%n
>
>mail_privileged_group = mail
>
>namespace inbox {
>
> inbox = yes
>
> location =
>
> mailbox Drafts {
>
>special_use = \Drafts
>
> }
>
> mailbox Junk {
>
>special_use = \Junk
>
> }
>
> mailbox Sent {
>
>special_use = \Sent
>
> }
>
> mailbox "Sent Messages" {
>
>special_use = \Sent
>
> }
>
> mailbox Trash {
>
>special_use = \Trash
>
> }
>
> prefix =
>
>}
>
>passdb {
>
> args = /etc/dovecot/dovecot-sql.conf.ext
>
> driver = sql
>
>}
>
>postmaster_address = postmas...@datavenia.nl <mailto:postmas...@datavenia.nl>
>
>protocols = imap lmtp
>
>service auth-worker {
>
> user = vmail
>
>}
>
>service auth {
>
> unix_listener /var/spool/postfix/private/auth {
>
>group = postfix
>
>mode = 0666
>
>user = postfix
>
> }
>
> unix_listener auth-userdb {
>
>mode = 0666
>
>user = vmail
>
> }
>
> user = dovecot
>
>}
>
>service imap-login {
>
> inet_listener imap {
>
>port = 0
>
> }
>
>}
>
>service lmtp {
>
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>
>group = postfix
>
>mode = 0600
>
>user = postfix
>
> }
>
>}
>
>ssl = required
>
>ssl_dh = # hidden, use -P to show it
>
>userdb {
>
> args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
>
> driver = static
>
>}
>
>local_name datavenia.nl {
>
> ssl_cert =
>
> ssl_key = # hidden, use -P to show it
>
>}
>
>local_name verovia.nl {
>
> ssl_cert =
>
> ssl_key = # hidden, use -P to show it
>
>}
>
--
Christian Kivalo
auth-worker looses MySQL connection and doesn't reconnect when MySQL/MariaDB has been restarted
Hey, I have MariaDB 10.5.10 and Dovecot 2.3.14.1 right now but it's broken since a few months already. I don't remember when it started and what versions I had running of both. As stated in the subject, the Dovecot auth-worker looses connection during a MySQL/MariaDB restart, which is ok so far, but it doesn't reconnect for some reason and instead all further actions fail because of it, like doveadm or IMAP login / commands etc. Aug 15 13:21:28 thor dovecot[20862]: auth-worker(24450): Warning: sqlpool(mysql): Query failed, retrying: Connection was killed Aug 15 13:21:28 thor dovecot[20862]: auth-worker(24450): Error: conn unix:auth-worker (pid=24449,uid=97): auth-worker<376>: sql(u...@example.com,::1,): Password query failed: Connection was killed Aug 15 13:21:30 thor dovecot[20862]: imap-login: Disconnected (auth service reported temporary failure): user=, method=PLAIN, rip=::1, lip=::1, secured, session= This repeats basically for every command / action I do until I restart dovecot or kill the auth-worker process. Both works. dovecot-sql.conf.ext: driver = mysql connect = host=/run/mysqld/mysqld.sock dbname=mail user=dovecot password=SOMEPW Steps to reproduce: Use MySQL in Dovecot Restart MySQL while Dovecot is running Do either some doveadm commands or try to login e.g. using IMAP or just try to navigate through your mailbox See errors / logs pkill -f 'dovecot/auth worker' Try doveadm etc. again Works -- Regards, Christian Ruppert
Problem with copy e-mails via doveadm
z_limit = 2 G
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
}
}
service lmtp {
inet_listener lmtp {
address = 192.168.0.21
port = 24
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
group = vmail
mode = 0660
user = vmail
}
}
service stats {
inet_listener http {
address = 192.168.0.21
port = 9900
}
}
ssl = no
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
verbose_proctitle = yes
protocol lmtp {
mail_plugins = " zlib quota notify replication sieve"
}
protocol imap {
mail_max_userip_connections = 100
mail_plugins = " zlib quota notify replication imap_zlib"
}
protocol sieve {
mail_max_userip_connections = 10
}
protocol pop3 {
mail_max_userip_connections = 10
mail_plugins = " zlib quota notify replication"
}
Kind regards,
Christian Küppers
Expert Administrator
onOffice GmbH
Charlottenburger Allee 5 | 52068 Aachen
Tel. +49 (0)241 446 86-0 | Fax. +49 (0)241 446 86-250
E-Mail: c.kuepp...@onoffice.de | Web: www.onOffice.com
Registergericht: Amtsgericht Aachen, HRB 21420
Geschäftsführer: Dipl.-Kfm. Stefan Mantl
Prokuristen: Janosch Reuschenbach, Kristina Andresen, Christian Mähringer
AW: Problem with copy e-mails via doveadm
Try to republish due to unreadable message (in html format) in mailing list
archive
maybe someone can take a better look at it now
---
Hi,
i want to copy e-mails from user "source_user_shard1" and folder
"source_folder" lying on backend servers (shard1) to another
user "dest_user_shard2" and folder "dest_folder" lying on different backend
servers (shard2) via command line tool doveadm copy
executed on dovecot proxy&director servers. But doveadm seems to look only on
"dest_user_shard2"'s backend for folder "source_folder"
of user "source_user_shard1" and can not find it. To confirm this, i've checked
directories on filesystem on backend of "dest_user_shard2"
and a folder for "source_user_shard1" was created including one folder "mdbox"
and only one file "dovecot.list.index.log" in it. Folder and file
timestamps match the command debug output time.
"doveadm list" executed for both users show the right folders (source_folder
and dest_folder exist in respective mailbox).
Is it a bug or wrong usage of tool? Please advice.
command executed on dovecot proxy&director server with debug output:
/usr/bin/doveadm -Dv copy -u "dest_user_shard2" "dest_folder" user
"source_user_shard1" mailbox "source_folder" ALL
Aug 17 10:22:05 Debug: Loading modules from directory: /usr/lib/dovecot/modules
Aug 17 10:22:05 Debug: Module loaded:
/usr/lib/dovecot/modules/lib10_quota_plugin.so
Aug 17 10:22:05 Debug: Loading modules from directory:
/usr/lib/dovecot/modules/doveadm
Aug 17 10:22:05 Debug: Skipping module doveadm_acl_plugin, because dlopen()
failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so:
undefined symbol: acl_user_module (this is usually intentional, so just ignore
this message)
Aug 17 10:22:05 Debug: Module loaded:
/usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so
Aug 17 10:22:05 Debug: Module loaded:
/usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so
Aug 17 10:22:05 Debug: Skipping module doveadm_fts_plugin, because dlopen()
failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so:
undefined symbol: fts_user_get_language_list (this is usually intentional, so
just ignore this message)
Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: passdb
lookup(dest_user_shard2): Started passdb lookup
Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: conn
unix:/var/run/dovecot/director-userdb: Connecting
Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: conn
unix:/var/run/dovecot/director-userdb (pid=647,uid=0): Client connected
(fd=9)
Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: passdb
lookup(dest_user_shard2): auth PASS input: user=dest_user_shard2 proxy=y
director_tag=shard2 proxy_refresh=450 host=192.168.0.21
Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: passdb
lookup(dest_user_shard2): Finished passdb lookup (user=dest_user_shard2
proxy=y director_tag=shard2 proxy_refresh=450 host=192.168.0.21)
Aug 17 10:22:05 doveadm(dest_user_shard2): Error: remote(192.168.0.21:24245):
Mailbox source_folder: Mailbox sync failed:
Mailbox doesn't exist: source_folder
Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: conn
unix:/var/run/dovecot/director-userdb (pid=647,uid=0): Disconnected:
Connection closed (fd=9)
dovecot configuration on dovecot proxy&director servers:
# 2.3.15.1 (b52083c4e8): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.15 (e6a84e31)
# OS: Linux 5.4.0-81-generic x86_64 Ubuntu 20.04.2 LTS
auth_mechanisms = plain login
auth_verbose = yes
default_process_limit = 250
director_mail_servers = 192.168.0.11@shard1 192.168.0.12@shard1
192.168.0.21@shard2 192.168.0.22@shard2 192.168.0.31@shard3
192.168.0.32@shard3 192.168.0.41@shard4 192.168.0.42@shard4
director_servers = 192.168.0.101 192.168.0.102 192.168.0.103
disable_plaintext_auth = no
doveadm_api_key = # hidden, use -P to show it
doveadm_password = # hidden, use -P to show it
doveadm_port = 24245
imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged}
trashed=%{trashed}
lmtp_proxy = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_plugins = " quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext
metric auth_success {
filter = (event=auth_request_finished AND success=yes)
}
metric client_connections {
filter = event=client_connection_finished
}
metric imap_command {
filter = event=imap_command_finished
group_by = cmd_name tagged_reply_state
}
metric mail_delivery {
filter = event=mail_delivery_finished
group_by = duration:exponential:1:5:10
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
Re: AW: Problem with copy e-mails via doveadm
Maybe i missunderstood this message. For me this indicates that doveadm is searching on the wrong server (backend) for "source_user_shard1" 's and folder "source_folder". From my understanding doveadm has to look on 192.168.0.11 or 192.168.0.12 (according to provided configuration), but the message says 192.168.0.21 which is backend for "dest_user_shard2". - Ursprüngliche Nachricht - Von: Aki Tuomi aki.tu...@open-xchange.com Gesendet: Freitag, 20. August 2021 08:39:41 An: c.kuepp...@onoffice.de, dovecot@dovecot.org Betreff: Re: AW: Problem with copy e-mails via doveadm Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: passdb lookup(dest_user_shard2): Finished passdb lookup (user=dest_user_shard2 proxy=y director_tag=shard2 proxy_refresh=450 host=192.168.0.21) Aug 17 10:22:05 doveadm(dest_user_shard2): Error: remote(192.168.0.21:24245): Mailbox source_folder: Mailbox sync failed: Mailbox doesn't exist: source_folder Does this help? Aki > On 20/08/2021 09:12 Christian Küppers c.kuepp...@onoffice.de wrote: > > > Try to republish due to unreadable message (in html format) in mailing list archive > maybe someone can take a better look at it now > > --- > > Hi, > > i want to copy e-mails from user "source_user_shard1" and folder "source_folder" lying on backend servers (shard1) to another > user "dest_user_shard2" and folder "dest_folder" lying on different backend servers (shard2) via command line tool doveadm copy > executed on dovecot proxy&director servers. But doveadm seems to look only on "dest_user_shard2"'s backend for folder "source_folder" > of user "source_user_shard1" and can not find it. To confirm this, i've checked directories on filesystem on backend of "dest_user_shard2" > and a folder for "source_user_shard1" was created including one folder "mdbox" and only one file "dovecot.list.index.log" in it. Folder and file > timestamps match the command debug output time. > "doveadm list" executed for both users show the right folders (source_folder and dest_folder exist in respective mailbox). > > Is it a bug or wrong usage of tool? Please advice. > > command executed on dovecot proxy&director server with debug output: > /usr/bin/doveadm -Dv copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > Aug 17 10:22:05 Debug: Loading modules from directory: /usr/lib/dovecot/modules > Aug 17 10:22:05 Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so > Aug 17 10:22:05 Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm > Aug 17 10:22:05 Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: > undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) > Aug 17 10:22:05 Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so > Aug 17 10:22:05 Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so > Aug 17 10:22:05 Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: > undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) > Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: passdb lookup(dest_user_shard2): Started passdb lookup > Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: conn unix:/var/run/dovecot/director-userdb: Connecting > Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: conn unix:/var/run/dovecot/director-userdb (pid=647,uid=0): Client connected > (fd=9) > Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: passdb lookup(dest_user_shard2): auth PASS input: user=dest_user_shard2 proxy=y > director_tag=shard2 proxy_refresh=450 host=192.168.0.21 > Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: passdb lookup(dest_user_shard2): Finished passdb lookup (user=dest_user_shard2 > proxy=y director_tag=shard2 proxy_refresh=450 host=192.168.0.21) > Aug 17 10:22:05 doveadm(dest_user_shard2): Error: remote(192.168.0.21:24245): Mailbox source_folder: Mailbox sync failed: > Mailbox doesn't exist: source_folder > Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: conn unix:/var/run/dovecot/director-userdb (pid=647,uid=0): Disconnected: > Connection closed (fd=9) > > dovecot configuration on dovecot proxy&director servers: > # 2.3.15.1 (b52083c4e8): /etc/dovecot/dovecot.conf > # Pigeonhole version
Re: AW: Problem with copy e-mails via doveadm
mail because: copying Aug 20 08:56:11 doveadm(dest_user_shard2): Debug: Mailbox dest_folder: saving UID 3: Opened mail Aug 20 08:56:11 doveadm(dest_user_shard2): Debug: Mailbox source_folder: UID 4: Opened mail because: copying Aug 20 08:56:11 doveadm(dest_user_shard2): Debug: Mailbox dest_folder: saving UID 4: Opened mail Aug 20 08:56:11 doveadm(dest_user_shard2): Debug: Mailbox source_folder: UID 5: Opened mail because: copying Aug 20 08:56:11 doveadm(dest_user_shard2): Debug: Mailbox dest_folder: saving UID 5: Opened mail Aug 20 08:56:11 doveadm(dest_user_shard2): Debug: replication: Replication requested by 'cmd_copy_box', priority=2 Aug 20 08:56:11 doveadm(dest_user_shard2): Error: Syncing mailbox 'dest_folder' failed: BUG: Unknown internal error Aug 20 08:56:11 doveadm(dest_user_shard2): Debug: imapc(:143): Disconnected Aug 20 08:56:11 doveadm(dest_user_shard2): Debug: imapc(:143): Disconnected Aug 20 08:56:11 doveadm(2446702): Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=2630417,uid=0): Disconnected: Connection closed (fd=9) This time e-mails get copied in source_user_shard1 from source_folder to dest_folder although dest_user_shard2 is given in doveadm command and is different from source_user_shard1. It is not what I expected and desired. So yeah i haven't get the whole picture right now. Maybe you can give me some details. Christian - Ursprüngliche Nachricht - Von: Aki Tuomi aki.tu...@open-xchange.com Gesendet: Freitag, 20. August 2021 09:06:31 An: c.kuepp...@onoffice.de Cc: dovecot@dovecot.org Betreff: Re: AW: Problem with copy e-mails via doveadm The copy command gets proxied to the remote server because you used proxy=y. To do this kind of copying, you need to specify mail_location=imapc: and target to the director. Aki > On 20/08/2021 09:53 Christian Küppers c.kuepp...@onoffice.de wrote: > > > Maybe i missunderstood this message. For me this indicates that doveadm is searching on the wrong server (backend) for "source_user_shard1" 's and > folder "source_folder". From my understanding doveadm has to look on 192.168.0.11 or 192.168.0.12 (according to provided configuration), but the > message says 192.168.0.21 which is backend for "dest_user_shard2". > > > > - Ursprüngliche Nachricht - > Von: Aki Tuomi aki.tu...@open-xchange.com > Gesendet: Freitag, 20. August 2021 08:39:41 > An: c.kuepp...@onoffice.de, dovecot@dovecot.org > Betreff: Re: AW: Problem with copy e-mails via doveadm > > Aug 17 10:22:05 doveadm(dest_user_shard2): Debug: auth-master: passdb > lookup(dest_user_shard2): Finished passdb lookup (user=dest_user_shard2 > proxy=y director_tag=shard2 proxy_refresh=450 host=192.168.0.21) > Aug 17 10:22:05 doveadm(dest_user_shard2): Error: > remote(192.168.0.21:24245): Mailbox source_folder: Mailbox sync failed: > Mailbox doesn't exist: source_folder > > Does this help? > > Aki > > > On 20/08/2021 09:12 Christian Küppers c.kuepp...@onoffice.de wrote: > > > > > > Try to republish due to unreadable message (in html format) in mailing > list archive > > maybe someone can take a better look at it now > > > > > --- > > > > Hi, > > > > i want to copy e-mails from user "source_user_shard1" and folder > "source_folder" lying on backend servers (shard1) to another > > user "dest_user_shard2" and folder "dest_folder" lying on different > backend servers (shard2) via command line tool doveadm copy > > executed on dovecot proxy&director servers. But doveadm seems to look only > on "dest_user_shard2"'s backend for folder "source_folder" > > of user "source_user_shard1" and can not find it. To confirm this, i've > checked directories on filesystem on backend of "dest_user_shard2" > > and a folder for "source_user_shard1" was created including one folder > "mdbox" and only one file "dovecot.list.index.log" in it. Folder and file > > timestamps match the command debug output time. > > "doveadm list" executed for both users show the right folders > (source_folder and dest_folder exist in respective mailbox). > > > > Is it a bug or wrong usage of tool? Please advice. > > > > command executed on dovecot proxy&director server with debug output: > > /usr/bin/doveadm -Dv copy -u "dest_user_shard2" "dest_folder" user > "source_user_shard1" mailbox "source_folder" ALL > > Aug 17 10:22:05 Debug: Loading modules from directory: > /usr/lib/dovecot/modules > > Aug 17 10:22:05 Debug: Module loaded:
Re: AW: Problem with copy e-mails via doveadm
Please explain in more detail how I can do this. > Try targeting your director instead. in cmd of director /usr/bin/doveadm -Dv -o mail_location=imapc: -o imapc_host= -o imapc_user="source_user_shard1" -o imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL does no change, like i said. in cmd of backend shard2 /usr/bin/doveadm -Dv -o mail_location=imapc: -o imapc_host= -o imapc_user="source_user_shard1" -o imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL results in same output than targeting backend shard1 direct. > The problem actually is that you are now targeting the source user into the > source user as well. You need to, somehow, make dovecot return mail=imapc: > for the target user. Or you can try to do the copying on the target backend > instead, so that you can return `mail=whatever your mail location is` from > userdb lookup easier. mysql dovecot configuration part: user_query = SELECT '/vmail/%Ld/%Ln' AS home, 1 AS uid, 1 AS gid FROM users WHERE email = '%Lu' password_query = SELECT email AS user, password, 1 AS userdb_uid, 1 AS userdb_gid, '/vmail/%Ld/%Ln' AS userdb_home FROM users WHERE email = '%Lu' AND active = '1' Isn't my described attempt on backend of dest_user_shard2 exactly what you described as possible next try? If not what has to be changed? Christian - Ursprüngliche Nachricht - Von: Aki Tuomi aki.tu...@open-xchange.com Gesendet: Freitag, 20. August 2021 12:14:54 An: ckuepp...@onoffice.de, dovecot@dovecot.org Betreff: Re: AW: Problem with copy e-mails via doveadm The problem actually is that you are now targeting the source user into the source user as well. You need to, somehow, make dovecot return mail=imapc: for the target user. Or you can try to do the copying on the target backend instead, so that you can return `mail=whatever your mail location is` from userdb lookup easier. Aki > On 20/08/2021 13:09 Aki Tuomi aki.tu...@open-xchange.com wrote: > > > Try targeting your director instead. > > Aki > > > On 20/08/2021 12:45 Christian Küppers c.kuepp...@onoffice.de wrote: > > > > > > Okay, i need some further help. > > > > What i've tried with your hint: > > > > Executing on cmd of director&proxy server: > > /usr/bin/doveadm -Dv -o mail_location=imapc: copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > > /usr/bin/doveadm -Dv -o mail_location=imapc: -o imapc_host= -o imapc_user="source_user_shard1" -o imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > > > > I've also tried to execute "doveadm -c" with copied and modified configuration on director&proxy server without "'y' AS proxy" in sql password_query configuration part - without luck. > > This leads all to same debug output and result as command in first post. > > > > After that i changed to cmd of backend server of dest_user_shard2 and tried: > > /usr/bin/doveadm -Dv -o mail_location=imapc: -o imapc_host= -o imapc_user="source_user_shard1" -o imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > > [..] > > Aug 20 08:52:38 doveadm(source_user_shard1)<2442101>: Debug: imapc(:143): Authenticated successfully > > Aug 20 08:52:38 doveadm(source_user_shard1)<2442101>: Debug: imapc: root=, index=, indexpvt=, control=, inbox=, alt= > > Aug 20 08:52:38 doveadm(source_user_shard1)<2442101>: Debug: quota: quota_over_flag check: quota_over_script unset - skipping > > Aug 20 08:52:38 doveadm(dest_user_shard2): Debug: Mailbox dest_folder: Mailbox opened because: copy > > Aug 20 08:52:38 doveadm(dest_user_shard2): Debug: Mailbox source_folder: Mailbox opened because: copy > > Aug 20 08:52:38 doveadm(dest_user_shard2): Debug: Mailbox source_folder: UID 1: Opened mail because: copying > > Aug 20 08:52:38 doveadm(dest_user_shard2): Error: Copying message UID 1 from 'source_folder' failed: Mailbox doesn't exist: dest_folder (0.001 + 0.000 secs). > > Aug 20 08:52:38 doveadm(dest_user_shard2): Debug: Mailbox source_folder: UID 2: Opened mail because: copying > > Aug 20 08:52:38 doveadm(dest_user_shar
Re: AW: Problem with copy e-mails via doveadm
That doesn't work / has no visible effect. mail/location/mail_location gets overwritten by "-o mail_location=imapc:" in doveadm command. Is it possible to "bind" options/values to users in doveadm command, like "doveadm -o target_mail_location=imapc: -o source_mail_location=mbox:~/mail:INBOX=/var/mail/user -o target_mail_host= ..."? Other optional way: Is doveadm capable of handling different configurations (e.g. backends, received from userdb) for different given users in one command? Is it possible to disable proxy of my doveadm command to backend if I run it on a production/actively used director&proxy server without changing running configuration? I tried adding "-o proxy=n" to my doveadm command but without effect. I ask these questions because from my point of view the director is the only server to run this copy command on and has the knowledge of both users servers to connect to (if command wouldn't get proxied). Christian - Ursprüngliche Nachricht - Von: Aki Tuomi aki.tu...@open-xchange.com Gesendet: Freitag, 20. August 2021 12:46:01 An: c.kuepp...@onoffice.de Cc: dovecot@dovecot.org Betreff: Re: AW: Problem with copy e-mails via doveadm Run the command on the target host, and change user_query = SELECT '/vmail/%Ld/%Ln' AS home, 'mbox:~/mail:INBOX=/var/mail/%u' AS mail, 1 AS uid, 1 AS gid FROM users WHERE email = '%Lu' Aki > On 20/08/2021 13:39 Christian Küppers c.kuepp...@onoffice.de wrote: > > > Please explain in more detail how I can do this. > > > Try targeting your director instead. > in cmd of director > /usr/bin/doveadm -Dv -o mail_location=imapc: -o imapc_host= -o imapc_user="source_user_shard1" -o imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > does no change, like i said. > > in cmd of backend shard2 > /usr/bin/doveadm -Dv -o mail_location=imapc: -o imapc_host= -o imapc_user="source_user_shard1" -o imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > results in same output than targeting backend shard1 direct. > > > The problem actually is that you are now targeting the source user into the source user as well. You need to, somehow, make dovecot return mail=imapc: for the target user. Or you can try to do the copying on the target backend instead, so that you can return `mail=whatever your mail location is` from userdb lookup easier. > > mysql dovecot configuration part: > user_query = SELECT '/vmail/%Ld/%Ln' AS home, 1 AS uid, 1 AS gid FROM users WHERE email = '%Lu' > password_query = SELECT email AS user, password, 1 AS userdb_uid, 1 AS userdb_gid, '/vmail/%Ld/%Ln' AS userdb_home FROM users WHERE email = '%Lu' AND active = '1' > > Isn't my described attempt on backend of dest_user_shard2 exactly what you described as possible next try? If not what has to be changed? > > Christian > > > > - Ursprüngliche Nachricht - > Von: Aki Tuomi aki.tu...@open-xchange.com > Gesendet: Freitag, 20. August 2021 12:14:54 > An: ckuepp...@onoffice.de, dovecot@dovecot.org > Betreff: Re: AW: Problem with copy e-mails via doveadm > > The problem actually is that you are now targeting the source user into the > source user as well. You need to, somehow, make dovecot return mail=imapc: > for the target user. Or you can try to do the copying on the target backend > instead, so that you can return `mail=whatever your mail location is` from > userdb lookup easier. > > Aki > > > On 20/08/2021 13:09 Aki Tuomi aki.tu...@open-xchange.com wrote: > > > > > > Try targeting your director instead. > > > > Aki > > > > > On 20/08/2021 12:45 Christian Küppers c.kuepp...@onoffice.de wrote: > > > > > > > > > Okay, i need some further help. > > > > > > What i've tried with your hint: > > > > > > Executing on cmd of director&proxy server: > > > /usr/bin/doveadm -Dv -o mail_location=imapc: copy -u "dest_user_shard2" > "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > > > /usr/bin/doveadm -Dv -o mail_location=imapc: -o > imapc_host= -o imapc_user="source_user_shard1" -o > imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" > "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > > > > >
Re: maildirfolder file created in maildir root during auto-creation with 2.3.4.1 but not 2.2.27
Hello,
it is now nearly 2 years later and we are running 2.3.13 with this bug
still present.
Would be nice if it were acknowledged at least if not even fixed.
And it was confirmed by other people who contacted me directly after
seeing the original report here.
Regards,
Christian
On Wed, 5 Feb 2020 16:13:37 +0900 Christian Balzer wrote:
> Hello,
>
> On Wed, 5 Feb 2020 08:58:29 +0200 Aki Tuomi wrote:
>
> > Can you provide full doveconf -n output? Also how are you delivering mail?
> >
> As pretty much implied, Exim is delivering mails, w/o problems.
> And if it gets to create the home directory, everything is fine
> and maildirsize gets put there.
>
> But if the first access is via the newer dovecot the bogus maildirfolder
> file gets created in the home directory and prevents Exim (and itself?)
> from putting a maildirsize there.
>
> My bet is that that something in the auto-create logic changed or the
> "mail_home" needing to be set explicitly instead of defaulting to
> mail_location if unset, etc.
>
> Redacted and relevant parts only:
> ---
> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.4 ()
> # OS: Linux 4.19.0-6-amd64 x86_64 Debian 10.2
> # Hostname: testbox.gol.com
> auth_default_realm = gol.com
> default_client_limit = 16384
> default_process_limit = 1024
> first_valid_uid = 8
> imap_hibernate_timeout = 30 secs
> imap_idle_notify_interval = 8 mins
> imap_logout_format = in=%i out=%o head=<%{fetch_hdr_count}> del=<%{deleted}>
> exp=<%{expunged}> trash=<%{trashed}> session=<%{session}>
> login_trusted_networks = some.net.work
> mail_gid = 8
> mail_location = maildir:%h
> mail_privileged_group = mail
> mail_uid = 8
> mailbox_idle_check_interval = 1 mins
> maildir_very_dirty_syncs = yes
>
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> plugin {
> quota = maildir:User
> quota_rule = ?:storage=200M
> quota_rule2 = Trash:storage=+50M
> sieve = file:~/sieve;active=~/.dovecot.sieve
> }
>
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> verbose_proctitle = yes
> protocol imap {
> mail_max_userip_connections = 40
> mail_plugins = quota imap_quota
> }
> protocol pop3 {
> mail_plugins = quota
> }
> ---
>
> Regards,
>
> Christian
> > Aki
> >
> > On 5.2.2020 4.24, Christian Balzer wrote:
> > >
> > > Hello,
> > >
> > > as the tin says.
> > > I have several servers running 2.2.27 (Debian stretch) and am adding new
> > > ones with 2.3.4.1 (Debian buster).
> > > The configs were upgraded where needed but neither 10-mail.conf nor
> > > 15-mailboxes.conf were changed.
> > > 15-mailboxes is all commented out (I guess the default is auto-create,
> > > which isn't documented anywhere I could find) and the only non-comments in
> > > 10-mail.conf are
> > > ---
> > > mail_location = maildir:%h
> > > mail_privileged_group = mail
> > > ---
> > >
> > > So yes, no namespaces are explicitly defined/declared.
> > >
> > >
> > > The 2.3.4.1 version wrongly creates a maildirfolder file in the home
> > > directory (maildir root), preventing exim from correctly creating/using
> > > maildirsize.
> > >
> > > a) Is this expected behavior and can it be changed?
> > > b) How can I disable inbox auto-creation if a) doesn't pan out?
> > >
> > > Thanks,
> > >
> > > Christian
> >
>
>
> --
> Christian BalzerNetwork/Systems Engineer
> ch...@gol.com Rakuten Mobile Inc.
>
--
Christian BalzerNetwork/Systems Engineer
ch...@gol.com Rakuten Communications
Re: maildirfolder file created in maildir root during auto-creation with 2.3.4.1 but not 2.2.27
Hello,
thanks for the reply.
On Thu, 2 Sep 2021 12:47:43 +0300 (EEST) Aki Tuomi wrote:
> Would it be possible to workaround this with:
>
> mail_location = maildir:~/Mail/
>
Maybe, but that is not feasible in our deployment, which is LDAP driven
and thus looks like this:
mail_location = maildir:%h
Changing this in-situ by attaching a "/Mail/" to the location for literally
hundreds of thousands mailboxes clearly is a no-go, nor would I look
forward to go fix up all the other places and scripts that assume a
certain directory structure.
Regards,
Christian
> Aki
>
> > On 02/09/2021 11:21 Christian Balzer wrote:
> >
> >
> > Hello,
> >
> > it is now nearly 2 years later and we are running 2.3.13 with this bug
> > still present.
> > Would be nice if it were acknowledged at least if not even fixed.
> > And it was confirmed by other people who contacted me directly after
> > seeing the original report here.
> >
> > Regards,
> >
> > Christian
> >
> > On Wed, 5 Feb 2020 16:13:37 +0900 Christian Balzer wrote:
> >
> > > Hello,
> > >
> > > On Wed, 5 Feb 2020 08:58:29 +0200 Aki Tuomi wrote:
> > >
> > > > Can you provide full doveconf -n output? Also how are you delivering
> > > > mail?
> > > >
> > > As pretty much implied, Exim is delivering mails, w/o problems.
> > > And if it gets to create the home directory, everything is fine
> > > and maildirsize gets put there.
> > >
> > > But if the first access is via the newer dovecot the bogus maildirfolder
> > > file gets created in the home directory and prevents Exim (and itself?)
> > > from putting a maildirsize there.
> > >
> > > My bet is that that something in the auto-create logic changed or the
> > > "mail_home" needing to be set explicitly instead of defaulting to
> > > mail_location if unset, etc.
> > >
> > > Redacted and relevant parts only:
> > > ---
> > > # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
> > > # Pigeonhole version 0.5.4 ()
> > > # OS: Linux 4.19.0-6-amd64 x86_64 Debian 10.2
> > > # Hostname: testbox.gol.com
> > > auth_default_realm = gol.com
> > > default_client_limit = 16384
> > > default_process_limit = 1024
> > > first_valid_uid = 8
> > > imap_hibernate_timeout = 30 secs
> > > imap_idle_notify_interval = 8 mins
> > > imap_logout_format = in=%i out=%o head=<%{fetch_hdr_count}>
> > > del=<%{deleted}> exp=<%{expunged}> trash=<%{trashed}> session=<%{session}>
> > > login_trusted_networks = some.net.work
> > > mail_gid = 8
> > > mail_location = maildir:%h
> > > mail_privileged_group = mail
> > > mail_uid = 8
> > > mailbox_idle_check_interval = 1 mins
> > > maildir_very_dirty_syncs = yes
> > >
> > > passdb {
> > > args = /etc/dovecot/dovecot-ldap.conf.ext
> > > driver = ldap
> > > }
> > > plugin {
> > > quota = maildir:User
> > > quota_rule = ?:storage=200M
> > > quota_rule2 = Trash:storage=+50M
> > > sieve = file:~/sieve;active=~/.dovecot.sieve
> > > }
> > >
> > > userdb {
> > > args = /etc/dovecot/dovecot-ldap.conf.ext
> > > driver = ldap
> > > }
> > > verbose_proctitle = yes
> > > protocol imap {
> > > mail_max_userip_connections = 40
> > > mail_plugins = quota imap_quota
> > > }
> > > protocol pop3 {
> > > mail_plugins = quota
> > > }
> > > ---
> > >
> > > Regards,
> > >
> > > Christian
> > > > Aki
> > > >
> > > > On 5.2.2020 4.24, Christian Balzer wrote:
> > > > >
> > > > > Hello,
> > > > >
> > > > > as the tin says.
> > > > > I have several servers running 2.2.27 (Debian stretch) and am adding
> > > > > new
> > > > > ones with 2.3.4.1 (Debian buster).
> > > > > The configs were upgraded where needed but neither 10-mail.conf nor
> > > > > 15-mailboxes.conf were changed.
> > > > > 15-mailboxes is all commented out (I guess the default is auto-create,
> > > > > which isn't documented anywhere I could find) and the only
> > > > > non-comments in
> > > > > 10-mail.conf are
> > > > > ---
> > > > > mail_location = maildir:%h
> > > > > mail_privileged_group = mail
> > > > > ---
> > > > >
> > > > > So yes, no namespaces are explicitly defined/declared.
> > > > >
> > > > >
> > > > > The 2.3.4.1 version wrongly creates a maildirfolder file in the home
> > > > > directory (maildir root), preventing exim from correctly
> > > > > creating/using
> > > > > maildirsize.
> > > > >
> > > > > a) Is this expected behavior and can it be changed?
> > > > > b) How can I disable inbox auto-creation if a) doesn't pan out?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Christian
> > > >
> > >
> > >
> > > --
> > > Christian BalzerNetwork/Systems Engineer
> > > ch...@gol.com Rakuten Mobile Inc.
> > >
> >
> >
> > --
> > Christian BalzerNetwork/Systems Engineer
> > ch...@gol.com Rakuten Communications
>
--
Christian BalzerNetwork/Systems Engineer
ch...@gol.com Rakuten Communications
Restricting commands used in http api
Hello,
is it possible to restrict api methods
(https://doc.dovecot.org/admin_manual/doveadm_http_api/#api-methods)
without restricting doveadm usage on console.
something like:
service doveadm {
unix_listener doveadm-server {
user = vmail
}
inet_listener {
port = 2425
allowed_commands = ALL
}
inet_listener http {
port = 8080
allowed_commands = fetch, copy, search
#ssl = yes # uncomment to enable https
}
}
Reason for question: We want to be able to use all commands as administrators on
console but some external software using the dovecot api should not be able to
do
admin like tasks like "doveadm director flush".
our setup:
multiple replicated dovecot backend servers
frontend with dovecot director ring and proxy enabled (provides api endpoint)
Kind regards,
Christian Küppers
Expert Administrator
onOffice GmbH
Charlottenburger Allee 5 | 52068 Aachen
Tel. +49 (0)241 446 86-0 | Fax. +49 (0)241 446 86-250
E-Mail:c.kuepp...@onoffice.de| Web:www.onOffice.com
Registergericht: Amtsgericht Aachen, HRB 21420
Geschäftsführer: Dipl.-Kfm. Stefan Mantl
Prokuristen: Janosch Reuschenbach, Kristina Andresen, Christian Mähringer
Re: AW: Problem with copy e-mails via doveadm
Further help appreciated on this topic. further question/option: If the proxy enable part in password_query is the main problem. Would it work if I create a single new dovecot instance (in new vm) with same configuration as our proxy&director instances but without the "'y' AS proxy" part? Would this change copy the e-mails from backend servers "shard1" to backend servers "shard2" without proxing command to "shard2"? Christian - Ursprüngliche Nachricht - Von: Christian Küppers Gesendet: Freitag, 20. August 2021 14:41:26 An: Cc: Betreff: Re: AW: Problem with copy e-mails via doveadm That doesn't work / has no visible effect. mail/location/mail_location gets overwritten by "-o mail_location=imapc:" in doveadm command. Is it possible to "bind" options/values to users in doveadm command, like "doveadm -o target_mail_location=imapc: -o source_mail_location=mbox:~/mail:INBOX=/var/mail/user -o target_mail_host= ..."? Other optional way: Is doveadm capable of handling different configurations (e.g. backends, received from userdb) for different given users in one command? Is it possible to disable proxy of my doveadm command to backend if I run it on a production/actively used director&proxy server without changing running configuration? I tried adding "-o proxy=n" to my doveadm command but without effect. I ask these questions because from my point of view the director is the only server to run this copy command on and has the knowledge of both users servers to connect to (if command wouldn't get proxied). Christian - Ursprüngliche Nachricht - Von: Aki Tuomi aki.tu...@open-xchange.com Gesendet: Freitag, 20. August 2021 12:46:01 An: c.kuepp...@onoffice.de Cc: dovecot@dovecot.org Betreff: Re: AW: Problem with copy e-mails via doveadm Run the command on the target host, and change user_query = SELECT '/vmail/%Ld/%Ln' AS home, 'mbox:~/mail:INBOX=/var/mail/%u' AS mail, 1 AS uid, 1 AS gid FROM users WHERE email = '%Lu' Aki > On 20/08/2021 13:39 Christian Küppers c.kuepp...@onoffice.de wrote: > > > Please explain in more detail how I can do this. > > > Try targeting your director instead. > in cmd of director > /usr/bin/doveadm -Dv -o mail_location=imapc: -o imapc_host= -o imapc_user="source_user_shard1" -o imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > does no change, like i said. > > in cmd of backend shard2 > /usr/bin/doveadm -Dv -o mail_location=imapc: -o imapc_host= -o imapc_user="source_user_shard1" -o imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > results in same output than targeting backend shard1 direct. > > > The problem actually is that you are now targeting the source user into the source user as well. You need to, somehow, make dovecot return mail=imapc: for the target user. Or you can try to do the copying on the target backend instead, so that you can return `mail=whatever your mail location is` from userdb lookup easier. > > mysql dovecot configuration part: > user_query = SELECT '/vmail/%Ld/%Ln' AS home, 1 AS uid, 1 AS gid FROM users WHERE email = '%Lu' > password_query = SELECT email AS user, password, 1 AS userdb_uid, 1 AS userdb_gid, '/vmail/%Ld/%Ln' AS userdb_home FROM users WHERE email = '%Lu' AND active = '1' > > Isn't my described attempt on backend of dest_user_shard2 exactly what you described as possible next try? If not what has to be changed? > > Christian > > > > - Ursprüngliche Nachricht - > Von: Aki Tuomi aki.tu...@open-xchange.com > Gesendet: Freitag, 20. August 2021 12:14:54 > An: ckuepp...@onoffice.de, dovecot@dovecot.org > Betreff: Re: AW: Problem with copy e-mails via doveadm > > The problem actually is that you are now targeting the source user into the > source user as well. You need to, somehow, make dovecot return mail=imapc: > for the target user. Or you can try to do the copying on the target backend > instead, so that you can return `mail=whatever your mail location is` from > userdb lookup easier. > > Aki > > > On 20/08/2021 13:09 Aki Tuomi aki.tu...@open-xchange.com wrote: > > > > > > Try targeting your director instead. > > > > Aki > > > > > On 20/08/2021 12:45 Christian Küppers c.kuepp...@onoffice.de wrote: > > > > > > > > > Okay, i need some further help. > > > > > > What i've tr
AW: Restricting commands used in http api
If this is not possible (it would be a nice feature to add this), would it
be solvable via extending the director cluster with 1 or 2 vm's only for api
usage and
set https://doc.dovecot.org/settings/core/#doveadm-allowed-commands on this
vm's from ALL to e.g. fetch, copy, search for console and api doveadm.
Dovecot configurations posted in
https://dovecot.org/pipermail/dovecot/2021-August/122862.html
Christian
- Ursprüngliche Nachricht -
Von: Christian Küppers c.kuepp...@onoffice.de
Gesendet: Montag, 6. September 2021 12:03:06
An: dovecot@dovecot.org
Betreff: Restricting commands used in http api
Hello,
is it possible to restrict api methods
(https://doc.dovecot.org/admin_manual/doveadm_http_api/#api-methods)
without restricting doveadm usage on console.
something like:
service doveadm {
unix_listener doveadm-server {
user = vmail
}
inet_listener {
port = 2425
allowed_commands = ALL
}
inet_listener http {
port = 8080
allowed_commands = fetch, copy, search
#ssl = yes # uncomment to enable https
}
}
Reason for question: We want to be able to use all commands as
administrators on
console but some external software using the dovecot api should not be able
to do
admin like tasks like "doveadm director flush".
our setup:
multiple replicated dovecot backend servers
frontend with dovecot director ring and proxy enabled (provides api
endpoint)
Kind regards,
Christian Küppers
Expert Administrator
onOffice GmbH
Charlottenburger Allee 5 | 52068 Aachen
Tel. +49 (0)241 446 86-0 | Fax. +49 (0)241 446 86-250
E-Mail:c.kuepp...@onoffice.de| Web:www.onOffice.com
Registergericht: Amtsgericht Aachen, HRB 21420
Geschäftsführer: Dipl.-Kfm. Stefan Mantl
Prokuristen: Janosch Reuschenbach, Kristina Andresen, Christian Mähringer
Re: AW: Problem with copy e-mails via doveadm
(sorry for that, missed to change from html to text version ) --- Further help appreciated on this topic. further question/option: If the proxy enable part in password_query is the main problem. Would it work if I create a single new dovecot instance (in new vm) with same configuration as our proxy&director instances but without the "'y' AS proxy" part? Would this change copy the e-mails from backend servers "shard1" to backend servers "shard2" without proxing command to "shard2"? Christian - Ursprüngliche Nachricht - Von: Christian Küppers c.kuepp...@onoffice.de Gesendet: Freitag, 20. August 2021 14:41:26 An: aki.tu...@open-xchange.com Cc: dovecot@dovecot.org Betreff: Re: AW: Problem with copy e-mails via doveadm That doesn't work / has no visible effect. mail/location/mail_location gets overwritten by "-o mail_location=imapc:" in doveadm command. Is it possible to "bind" options/values to users in doveadm command, like "doveadm -o target_mail_location=imapc: -o source_mail_location=mbox:~/mail:INBOX=/var/mail/user -o target_mail_host= ..."? Other optional way: Is doveadm capable of handling different configurations (e.g. backends, received from userdb) for different given users in one command? Is it possible to disable proxy of my doveadm command to backend if I run it on a production/actively used director&proxy server without changing running configuration? I tried adding "-o proxy=n" to my doveadm command but without effect. I ask these questions because from my point of view the director is the only server to run this copy command on and has the knowledge of both users servers to connect to (if command wouldn't get proxied). Christian - Ursprüngliche Nachricht - Von: Aki Tuomi aki.tu...@open-xchange.com Gesendet: Freitag, 20. August 2021 12:46:01 An: c.kuepp...@onoffice.de Cc: dovecot@dovecot.org Betreff: Re: AW: Problem with copy e-mails via doveadm Run the command on the target host, and change user_query = SELECT '/vmail/%Ld/%Ln' AS home, 'mbox:~/mail:INBOX=/var/mail/%u' AS mail, 1 AS uid, 1 AS gid FROM users WHERE email = '%Lu' Aki > On 20/08/2021 13:39 Christian Küppers c.kuepp...@onoffice.de wrote: > > > Please explain in more detail how I can do this. > > > Try targeting your director instead. > in cmd of director > /usr/bin/doveadm -Dv -o mail_location=imapc: -o imapc_host= -o imapc_user="source_user_shard1" -o imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > does no change, like i said. > > in cmd of backend shard2 > /usr/bin/doveadm -Dv -o mail_location=imapc: -o imapc_host= -o imapc_user="source_user_shard1" -o imapc_password="source_user_shard1_password" copy -u "dest_user_shard2" "dest_folder" user "source_user_shard1" mailbox "source_folder" ALL > results in same output than targeting backend shard1 direct. > > > The problem actually is that you are now targeting the source user into the source user as well. You need to, somehow, make dovecot return mail=imapc: for the target user. Or you can try to do the copying on the target backend instead, so that you can return `mail=whatever your mail location is` from userdb lookup easier. > > mysql dovecot configuration part: > user_query = SELECT '/vmail/%Ld/%Ln' AS home, 1 AS uid, 1 AS gid FROM users WHERE email = '%Lu' > password_query = SELECT email AS user, password, 1 AS userdb_uid, 1 AS userdb_gid, '/vmail/%Ld/%Ln' AS userdb_home FROM users WHERE email = '%Lu' AND active = '1' > > Isn't my described attempt on backend of dest_user_shard2 exactly what you described as possible next try? If not what has to be changed? > > Christian > > > > - Ursprüngliche Nachricht - > Von: Aki Tuomi aki.tu...@open-xchange.com > Gesendet: Freitag, 20. August 2021 12:14:54 > An: ckuepp...@onoffice.de, dovecot@dovecot.org > Betreff: Re: AW: Problem with copy e-mails via doveadm > > The problem actually is that you are now targeting the source user into the > source user as well. You need to, somehow, make dovecot return mail=imapc: > for the target user. Or you can try to do the copying on the target backend > instead, so that you can return `mail=whatever your mail location is` from > userdb lookup easier. > > Aki > > > On 20/08/2021 13:09 Aki Tuomi aki.tu...@open-xchange.com wrote: > > > > > > Try targeting your director instead. > > > > Aki > > > > > On 20/08/2021 12:45 Christian Küpper
Re: 2.3.17 broken on CentOS8 / bug
lain login
> auth_verbose = yes
> listen = *
> mail_gid = vmail
> mail_home = /var/vmail/mailboxes/%d/%n
> mail_location = maildir:~/mail:LAYOUT=fs
> mail_plugins = " quota fts fts_solr"
> mail_privileged_group = vmail
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
>vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
>copy include variables body enotify environment mailbox date index ihave
>duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox Spam {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix =
> separator = .
> type = private
> }
> passdb {
> args = /etc/dovecot/dovecot-sql.conf
> driver = sql
> }
> plugin {
> fts = solr
> fts_autoindex = yes
> fts_solr = url=http://localhost:/solr/dovecot/
> imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve
> imapsieve_mailbox1_causes = COPY
> imapsieve_mailbox1_name = Spam
> imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve
> imapsieve_mailbox2_causes = COPY
> imapsieve_mailbox2_from = Spam
> imapsieve_mailbox2_name = *
> quota = maildir:User quota
> quota_exceeded_message = User %u is over the storage quota
> sieve =
>file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve
> sieve_before = /var/vmail/sieve/global/spam-global.sieve
> sieve_global_extensions = +vnd.dovecot.pipe
> sieve_pipe_bin_dir = /usr/bin
> sieve_plugins = sieve_imapsieve sieve_extprograms
> }
> protocols = imap lmtp sieve
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> unix_listener auth-userdb {
> group = vmail
> mode = 0660
> user = vmail
> }
> }
> service imap-login {
> inet_listener imap {
> port = 0
> }
> inet_listener imaps {
> port = 993
> }
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0660
> user = postfix
> }
> user = vmail
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> }
> ssl = required
> ssl_ca = ssl_cert = .com_chain.crt
> ssl_cipher_list =
>TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM:@SECLEVEL=2
> ssl_client_ca_dir = /etc/ssl/certs
> ssl_client_ca_file = /etc/ssl/certs/ca-bundle.crt
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_prefer_server_ciphers = yes
> userdb {
> args = /etc/dovecot/dovecot-sql.conf
> driver = sql
> }
> protocol imap {
> imap_idle_notify_interval = 24 mins
> mail_max_userip_connections = 20
> mail_plugins = " quota fts fts_solr imap_quota imap_sieve"
> }
> protocol lmtp {
> mail_plugins = " quota fts fts_solr sieve"
> postmaster_address = postmaster@.com
> }
> local_name mail..com {
> ssl_cert = .com_chain.crt
> ssl_key = # hidden, use -P to show it
> }
> local_name mail..net {
> ssl_cert = .net_chain.crt
> ssl_key = # hidden, use -P to show it
> }
> local_name mail..com {
> ssl_cert = .com_chain.crt
> ssl_key = # hidden, use -P to show it
> }
--
Christian Kivalo
Re: imap_metadata plugin panic
Hello You have a missing argument variable in your prepared statement: SELECT meta_key FROM metadata WHERE meta_key LIKE AND username = ? should be SELECT meta_key FROM metadata WHERE meta_key LIKE ? AND username = ? Kind regards, Christian Mack Am 15.11.21 um 19:27 schrieb Elisamuel Resto: > Hello, > > This may be covered somewhere but recently I enabled the metadata plugin > to work with sieve as part of some updates I did a while back and I > hadn't checked my logs for any issues with it and so far they're not > completely taking my system down. > > Right now, upon trying to delete a folder I noticed the following in my > logs... what am I missing? I see the broken SQL query, but I don't know > enough about the dict system or the metadata plugin to know how to add > the missing information or fix it otherwise. > > Regards, > Elisamuel Resto > > > Nov 15 12:19:19 wyvern dovecot[461]: dict(51438): Panic: lib-sql: Too > many bind args (2) for statement: SELECT meta_key FROM metadata WHERE > meta_key LIKE AND username = ? > Nov 15 12:19:19 wyvern dovecot[461]: dict(51438): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x43) [0x7f449789d073] > -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x20) [0x7f449789d190] > -> /usr/lib/dovecot/libdovecot.so.0(+0xfaf1f) [0x7f44978a9f1f] -> > /usr/lib/dovecot/libdovecot.so.0(+0xfafb1) [0x7f44978a9fb1] -> > /usr/lib/dovecot/libdovecot.so.0(+0x4cd20) [0x7f44977fbd20] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](+0x875a) [0x555e60d7775a] -> dovecot/dict [0 clients, 0 > lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](sql_statement_query+0x42) [0x555e60d7f262] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](+0xd97f) [0x555e60d7c97f] -> > /usr/lib/dovecot/libdovecot.so.0(dict_iterate_values+0x25) > [0x7f4497868615] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](+0xa929) [0x555e60d79929] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](+0xb224) [0x555e60d7a224] -> dovecot/dict [0 clients, 0 > lookups:0/0/0/0, 0 iters:0/0/0/0, 0 commits:0/0/0/0](+0xb381) > [0x555e60d7a381] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](dict_command_input+0xd9) > [0x555e60d7a579] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](+0x95b8) [0x555e60d785b8] -> > /usr/lib/dovecot/libdovecot.so.0(connection_input_default+0x15e) > [0x7f44978a16ce] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x6b) [0x7f44978bfebb] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x13b) > [0x7f44978c15cb] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x51) > [0x7f44978bff61] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x41) > [0x7f44978c0131] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x14) > [0x7f4497831f74] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](main+0x189) [0x555e60d78139] -> > /usr/lib/libc.so.6(__libc_start_main+0xd5) [0x7f44972cfb25] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](_start+0x2e) [0x555e60d7819e] > Nov 15 12:19:19 wyvern dovecot[461]: > imap(s...@samresto.dev)<51449><+BGq2NfQM/7Pisr9>: Error: Mailbox > Trash/Processed: dict_iterate(priv/c841ad0291c27461ac670100a07d9965/) > failed: Connection closed (reply took 0.204 secs (0.204 in dict wait, > 0.000 in other ioloops, 0.000 in locks)) > Nov 15 12:19:19 wyvern dovecot[461]: dict(51438): Fatal: master: > service(dict): child 51438 killed with signal 6 (core dumped) > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Spam Folder
Hello
Am 22.11.21 um 00:58 schrieb bobby:
> I have been following the tutorial here:
> https://www.linuxbabe.com/mail-server/block-email-spam-check-header-body-with-postfix-spamassassin
> I notice that when I log into my mail via nextcloud mail, there is no spam
> folder. Is there something further I need to do so it is generated?
>
Dovecot will autocreate folder when you tell it to do so with "auto" option.
In my example it also automatically subscribes this folder, as most
email clients only show subscribed folders.
The special_use option will tell all email clients, that this is an
folder for Junk.
So if they have some builtin "Mark as Junk/Spam" button, it will use
that folder to move to.
In /etc/dovecot/conf.d/15-mailboxes.conf set:
"[...]
namespace inbox {
[...]
mailbox Junk {
special_use = \Junk
auto = subscribe
}
[...]"
Kind regards,
Christian Mack
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: Strange errors with Dovecot replication
Hello What have you stored in /var/www/html/ooo/its-test? Kind regards, Christian Mack Am 01.12.21 um 09:27 schrieb Claudio Corvino: > Hi, > > nobody can help here? > > Thanks > > On 02/11/21 15:47, Claudio Corvino wrote: >> >> Hi, >> >> I have two IMAP/LMTP Dovecot server in replica (version 2.3.4.1) for >> testing purposes, both connected through an IPsec tunnel, I use >> LDAP/AD for /userdb, /all seems to work fine except for these errors >> present in logs every day: >> >> NODE A: >> >> /doveadm: Error: sieve: file storage: >> utime(/var/www/html/ooo/its-test) failed: Operation not permitted: 28 >> Time(s) >> dsync-local(its-test): Error: read(xxx) >> failed: Connection reset by peer (last sent=mailbox_delete, last >> recv=handshake): 1 Time(s) >> dsync-local(its-test): Error: sieve: file >> storage: utime(/var/www/html/ooo/its-test) failed: Operation not >> permitted: 2 Time(s) >> dsync-local(its-test): Error: read(xxx) >> failed: Connection reset by peer (last sent=mailbox_delete, last >> recv=handshake): 1 Time(s) >> dsync-local(its-test2): Error: read(xxx) >> failed: Connection reset by peer (last sent=mailbox_delete, last >> recv=handshake): 1 Time(s)/ >> >> NODE B: >> >> /doveadm: Error: Couldn't lock >> /mnt/mail-storage-dev/its-test/.dovecot-sync.lock: >> fcntl(/mnt/mail-storage-dev/its-test/.dovecot-sync.lock, write-lock, >> F_SETLKW) locking failed: Timed out after 30 seconds: 2 Time(s) >> doveadm: Error: Couldn't lock >> /mnt/mail-storage-dev/its-test2/.dovecot-sync.lock: >> fcntl(/mnt/mail-storage-dev/its-test2/.dovecot-sync.lock, write-lock, >> F_SETLKW) locking failed: Timed out after 30 seconds: 1 Time(s) >> doveadm: Error: sieve: file storage: >> utime(/var/www/html/ooo/its-test) failed: Operation not permitted: 28 >> Time(s) >> dsync-local(its-test): Error: sieve: file >> storage: utime(/var/www/html/ooo/its-test) failed: Operation not >> permitted: 2 Time(s)/ >> >> What I have to do? Do I have to worry about this or I can ignore it? >> >> Thanks >> >> Regards >> >> -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Downloading mailbox from replica server
Hello Thunderbird/Outlook does that, because you change the servername in your configuration. In order to avoid that, use a reverse proxy and switch on it between your IMAP servers. You can use a dovecot director for that. In your clients you only configure the proxy. That also avoids changing configuration on all of your clients. Kind regards, Christian Mack Am 01.12.21 um 09:31 schrieb Claudio Corvino: > Hi, > > I have two IMAP/LMTP Dovecot server in replica (version 2.3.4.1) both > connected through an IPsec tunnel, I use LDAP/AD for /userdb, /all seems > to be working. > > I have a question: if I switch my Thunderbird/Outlook client to use the > other server I have to download again all the emails, about 10 GB. > > Is there any way to avoid this? Do I have to download again all the > folders every time I switch from node A to node B on my client? > > Thanks! > > Regards > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Requested CRAM-MD5 scheme, but we have only CRYPT
Hello auth_mechanisms are only for encrypting passwords while authenticating. They have nothing to do with transport encryption aka TLS and STARTTLS. You only can use CRAM-MD5 when your authentication source provides plain passwords. As you use password hashes in your authentication source, you have to disable it. Else a client will try to send you the CRAM-MD encrypted password, which you can not check for validity. Hope this clears it a bit. Kind regards, Christian Mack On 01.12.21 23:26, absolutely_f...@libero.it wrote: > Hi, > I wondering if I can simply disable CRAM-MD5 and/or DIGEST-MD5. > Are they useful in case of SSL or TLS connections? > Thankyou > >> Il 01/12/2021 18:42 Aki Tuomi ha scritto: >> >> >> auth_mechanisms = plain login digest-md5 cram-md5 >> >> You still advertise them though. >> >> Aki -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: new bee needs starter docs
Hello What you need is probably 'doveadm sync'. Check its manual with man doveadm-sync Kind regards, Christian Mack Am 01.12.21 um 23:26 schrieb Gene Heskett: > Greetings all' > > > Brand New today install of debian bullseye. > > > I have looked at you doc pages, but don't see a good tut for a newbie to use > for setting it > up the first time ever. I have version 2.3.13 (89f716dc2) from the debian > bullseye distro. > > > What I want is to pull from my ISP account, which is also running dovecot, to > a local mailfile. > Or I can do that with fetchmail, its been doing that for a decade already. > Its currently > using procmail to run stuff thru spamassassin and clamd depositing the > survivors into > a /var/mail/mailfile, which the older tde kmail then pulled and sorted into > folders holding maildirs. But I can't get tde to install on bullseye. > > > > Kudo's for any help you can supply. > > > Cheers, Gene > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: LDAP Help
Am 02.12.21 um 21:25 schrieb Günther J. Niederwimmer: > Hello Dovecot professionals, > > I have a working user authentication with LDAP, now I want to allow the users > to use mailAterneteAddress for their account, unfortunately I can't find any > filter settings for dovecot that this works? I just can't find the right > settings for LDAP (FreeIPA). > > Does anyone of you have any hints or links so that I can get on with it. > Somehow I don't understand how I can umconvigure the dovecot-ldap.conf.ext > > Thank you for your help. > You have to enhance user_filter and pass_filter in dovecot-ldap.conf.ext Something like: user_filter = (&(objectClass=inetOrgPerson)(|(uid=%Lu)(cn=%Lu)(mail=%Lu)(mailAlternateAddress=%Lu))) pass_filter = (&(objectClass=inetOrgPerson)(|(uid=%Lu)(cn=%Lu)(mail=%Lu)(mailAlternateAddress=%Lu))) Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: LDAP and user duplicated with replication
Hello Am 02.12.21 um 17:54 schrieb Claudio Corvino: > Hi, > > I have two IMAP/LMTP Dovecot server in replica (version 2.3.4.1), I use > LDAP/AD for /userdb, /replica is working. > > When I do a search like: > > /doveadm replicator status '*'/ > > I receive user duplicated, with and without the domain part, for example: > > /test/ > /t...@domain.com/ > > but they are the same user; this lead the replicator doing twice the > work of replication. > > I think this is related to //etc/dovecot/dovecot-ldap.conf/ that is > configured in this way: > > /hosts = xxx/ > > /base = dc=xxx,dc=xxx > ldap_version=3 > auth_bind = yes > dn = cn=xxx,cn=Users,dc=xxx,dc=xxx > dnpass = xxx > scope = subtree > user_attrs = > sAMAccountName=home=/mnt/mail-storage-lv0007/%$,=uid=501,=gid=501 [...] This is for sure wrong. Try: user_attrs = sAMAccountName=user,=home=/mnt/mail-storage-lv0007/%$,=uid=501,=gid=501 Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: quota warnings not sent out anymore
Hello
Just to clarify.
You only will getting an over quota once, you step over one or multiple
of those quota warning limits while storing an email.
Therefore you will not get any warning, just because you are over that
85% limit.
If you receive another email in that account, and go at least over 90%,
then dovecot will call your script once.
If you also go over 100% with that same mail, you will not get one for
90% or 95%, but only one for 100%.
You also should check, if you have any environment variables set, which
are not present, when your script is run by dovecot.
Do you have any logging in it?
Kind regards,
Christian Mack
Am 15.12.21 um 14:06 schrieb mj:
> Hi,
>
> I am still struggling with this, and would appreciate any help ayone can
> give. Let me try to explain step for step.
>
> I created a test account t...@company.com:
>
>> root@dovecot:/# doveadm quota get -u test
>> Quota name Type Value
>> Limit
>>
>> %
>> STORAGE 1209
>> 1368
>>
>> 88
>> MESSAGE 35
>> -
>>
>> 0
>
> As you can see, the test mailbox is 88% full, so it should receive
> warnings, because in dovecot.conf I have set:
>
>> plugin {
>> quota = maildir
>> quota_rule = ?:storage=5G
>> quota_rule2 = Trash:storage=+100M
>> quota_warning = storage=97%% quota-warning 97 %u
>> quota_warning2 = storage=95%% quota-warning 95 %u
>> quota_warning3 = storage=90%% quota-warning 90 %u
>> quota_warning4 = storage=85%% quota-warning 85 %u
>> quota_warning5 = storage=80%% quota-warning 80 %u
>> quota_warning6 = -storage=100%% quota-warning below %u
>> }
>
> We use a script to send out the email warnings, configured like this:
>
>> service quota-warning {
>> executable = script /usr/local/bin/quota-warning.sh
>> unix_listener quota-warning {
>> user = vmail
>> mode = 0666
>> }
>> user = vmail
>> }
>
> When running this script manually as vmail, the warning is delivered to
> the test user:
>
>> sudo -H -u vmail bash -c '/usr/local/bin/quota-warning.sh 90 test'
>
> However, in practice: dovecot never sends out any quota-warnings. It
> just starts generating delivery failures when the mailbox is over 100%.
>
> We define the per-user quota in the first line of each user's
> maildirsize file, for the test user: /var/vmail/test/Maildir/maildirsize
>
> Here is a debug=yes log file of 88% full incoming mailbox delivery:
>
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Loading modules from directory: /usr/lib/dovecot/modules
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib02_lazy_expunge_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib20_mail_log_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> auth USER input: test uid=5000 gid=5000 home=/var/vmail/test
>> Dec 15 13:56:07 mail dovecot: auth: Debug: master in:
>> USER#0111#011t...@company.com#011service=lda
>> Dec 15 13:56:07 mail dovecot: auth: Debug: userdb out:
>> USER#0111#011test#011uid=5000#011gid=5000#011home=/var/vmail/test
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> changed username to test
>> Dec 15 13:56:07 mail dovecot:
>> lda(test)<20290>: Debug: Effective uid=5000,
>> gid=5000, home=/var/vmail/test
>> Dec 15 13:56:0
Re: Permission denied
On 2021-12-29 17:51, Ken Wright wrote: On Wed, 2021-12-29 at 18:34 +0200, Aki Tuomi wrote: > On 29/12/2021 18:09 Ken Wright wrote: > > On Wed, 2021-12-29 at 09:51 +0200, Aki Tuomi wrote: > > > > > On 29/12/2021 05:22 Ken Wright wrote: > > > > > > Any further information available upon request! > > > > Maybe systemd is blocking it? > > > > If systemd unit has ProtectSystem=strict or ProtectSystem=full, > > try adding override.conf with > > > > [Service] > > ReadWritePaths=/var/mail > > I checked /etc/systemd but I can't find anything with ProtectSystem > uncommented. Am I looking in the wrong place? Try systemctl show dovecot | grep Protect Okay, I did this, and ProtectSystem=full was there. So I created override.conf in /etc/systemd as per the above and restarted Dovecot. The override.conf goes to /etc/systemd/system/dovecot.service.d/ to be included. Issue systemctl daemon-reload before restarting dovecot. systemctl cat dovecot.service shows you the content of the involved conf files No joy. Evolution is still begging for a password and Dovecot is still rejecting it. And yes, I've verified I'm using the correct password. -- Christian Kivalo
Re: TLS connection closed unexpectedly
On January 7, 2022 9:51:20 AM GMT+01:00, Ken Wright wrote: >I reinstalled Dovecot this evening, because I haven't been able to >receive emails recently. After configuring and adjusting for the use >of PostfixAdmin, I get the following error message in Evolution:; > >Failed to open folder. >The reported error was "Failed to authenticate: TLS connection closed >unexpectedly". > >Does anyone recognize this error? Do you have a connection attempt logged by dovecot? Is there anything in the logs on the server? -- Christian Kivalo
Re: lmtp_save_to_detail_mailbox
Hello Am 16.01.22 um 18:49 schrieb dove...@ptld.com: > lmtp_save_to_detail_mailbox: > " If the recipient address includes a detail element / role (as in > user+detail format), save the message to the detail mailbox. " > > Im not understanding this, what is the "detail mailbox"? > I tried testing this feature by setting "lmtp_save_to_detail_mailbox = yes" > and sending an email to user+t...@example.com. > The email still ended up in the default inbox folder. > So what does lmtp_save_to_detail_mailbox do or is there another setting that > also needs to be set to use this feature? > That means, if there is a mailbox with the same name as the used detail extension, it will move that email there. In your example: Set "lmtp_save_to_detail_mailbox = yes". Create a mailbox with name "test" in user's postbox. Then send an email to and it will end up in mailbox "test" instead of INBOX. Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
dovecot-2.3.17: "Panic: file ioloop.c: line 865"
Hello, we got the same backtrace in dovecot-ee version 2:2.3.17-8+ubuntu20.04 as Andreas Piper mentioned in November 2021 https://dovecot.org/pipermail/dovecot/2021-November/123468.html after installing dovecot package updates. Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed: (ioloop == current_ioloop) Error: Raw backtrace: #0 t_askpass[0x7fc609b0eba0] -> #1 backtrace_append[0x7fc609b0ee00] -> #2 backtrace_get[0x7fc609b0ef70] -> #3 i_syslog_error_handler[0x7fc609b1bfa0] -> #4 i_syslog_fatal_handler[0x7fc609b1c0d0] -> #5 i_panic[0x7fc609a6f1af] -> #6 i_error[0x7fc609a72906] -> #7 doveadm_http_server_deinit[0x55abd194af90] -> #8 doveadm_print_stream[0x55abd19447b0] -> #9 doveadm_print_istream[0x55abd1944810] -> #10 expunge_search_args_check[0x55abd1936a00] -> #11 expunge_search_args_check[0x55abd1935860] -> #12 doveadm_dsync_main[0x55abd1932900] -> #13 doveadm_cmd_ver2_to_mail_cmd_wrapper[0x55abd1933890] -> #14 doveadm_cmd_run_ver2[0x55abd1943fb0] -> #15 doveadm_server_deinit[0x55abd1948760] -> #16 io_loop_call_io[0x7fc609b32440] -> #17 io_loop_handler_run_internal[0x7fc609b33a00] -> #18 io_loop_handler_run[0x7fc609b32500] -> #19 io_loop_run[0x7fc609b32680] -> #20 master_service_run[0x7fc609aa4780] -> #21 main[0x55abd1923820] -> #22 __libc_start_main[0x7fc60970efc0] -> #23 _start[0x55abd1923980] Error: doveadm server disconnected before handshake: EOF Command fetch failed for : EOF We got it during doveadm fetch of a mail on multiple mailboxes. Is there any progress on this? Will it be fixed in next release? Kind regards, Christian Küppers Expert Administrator onOffice GmbH Charlottenburger Allee 5 | 52068 Aachen Tel. +49 (0)241 446 86-0 | Fax. +49 (0)241 446 86-250 E-Mail:c.kuepp...@onoffice.de| Web:www.onOffice.com Registergericht: Amtsgericht Aachen, HRB 21420 Geschäftsführer: Dipl.-Kfm. Stefan Mantl Prokuristen: Janosch Reuschenbach, Kristina Andresen, Christian Mähringer
Re: Sync via ssh fails when ssl is active
Hello Am 20.01.22 um 16:32 schrieb Johan: > > Jan 20 16:13:09 doveadm: Error: doveconf: Fatal: Error in configuration > file /etc/dovecot/conf.d/10-ssl.conf line 16: ssl_cert: Can't open file > /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem: Permission denied Check permission on /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: sieve-filter ignores -u argument
Hello What do you get for doveadm user postmas...@domain.tld Kind regards, Christian Mack Am 24.01.22 um 13:59 schrieb Андрей Куницын: > Hello > I try to test my sieve script, but found out that it is impossible to use a > sieve-filter tool with virtual mail users. It always uses a real user name > instead of passed via -u argument. > > > # sieve-filter -v -u postmas...@domain.tld ~/sieve/managesieve.sieve INBOX > sieve-filter(root): Fatal: Unknown user > > sudo -u vmail sieve-filter -u postmas...@domain.tld > ~/sieve/managesieve.sieve INBOX > sieve-filter(vmail): Fatal: Unknown user > > Also there is the same question on serverfault, but without an answer. > https://serverfault.com/questions/1055407/how-to-make-sieve-filter-use-virtual-users > > My environment is Ubuntu 20.04 > dovecot --version > 2.3.7.2 (3c910f64b) > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Errors: Failed to map transaction log, Corrupted transaction log, imeout (180s) while waiting for lock for transaction log
Hello
We only saw such errors with replication between two machines, when new
emails where errornously deliverd to both of them or clients connected
to both simultaniously.
Do you have such a setup?
Kind regards,
Christian Mack
On 26.01.22 15:48, absolutely_f...@libero.it wrote:
> Hi all,
>
> I am using dovecot-2.3.17_1 on FreeBSD system.
>
> This server offers webmail, pop3 and imap access for users.
>
> Today I am receiving several complaints from users about slowness and/or
> access issues.
>
> I checked on my /var/log/maillog and I see lots of:
>
>
> Error: Timeout (180s) while waiting for lock for transaction log file
> /var/domains/domain.it/username/Maildir/dovecot.list.index.log (WRITE lock
> held by pid 84939)
>
> Error: Corrupted transaction log file
> /var/domains/domain.it/otherusername/Maildir/dovecot.list.index.log seq 2:
> indexid changed: 1643184505 -> 1643205059 (sync_offset=0)
>
> Error: Transaction log file
> /var/domains/otherdomain.net/otheruser/Maildir/dovecot.list.index.log: marked
> corrupted
>
> Not all users seem affected. My mailbox, for example, is working fine.
>
> I checked on my disks (this is a ZFS volume) and I didn't find
> errors/warnings.
>
> Any suggestion?
>
> This is my dovecot configuration:
>
>
> # dovecot -n
> # 2.3.17 (e2aa53df5b): /usr/local/etc/dovecot/dovecot.conf
> # OS: FreeBSD 13.0-RELEASE-p6 amd64 zfs
> # Hostname: mailserver.domain.it
> auth_debug = yes
> auth_mechanisms = plain login
> auth_verbose = yes
> default_client_limit = 2000
> default_process_limit = 500
> default_vsz_limit = 512 M
> disable_plaintext_auth = no
> first_valid_gid = 125
> first_valid_uid = 125
> imap_id_log = *
> mail_gid = 1003
> mail_location = maildir:/mail/domains
> mail_privileged_group = postfix
> mail_uid = 1003
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
> driver = sql
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> unix_listener auth-userdb {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> service imap {
> process_limit = 1536
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> ssl_cert = ssl_key = # hidden, use -P to show it
> userdb {
> args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
> driver = sql
> }
> protocol imap {
> mail_max_userip_connections = 100
> }
>
> Thank you very much
>
>
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: can't authenticate
Hello
> passdb {
> driver = pam
> }
Is user fred defined on your development machine?
Does the password match the one from the production machine?
Kind regards,
Christian Mack
On 26.01.22 21:14, David Matthews wrote:
> My live mail exchanger and development machines have identical dovecot
> setups, yet I cannot login on the development machine:-
>
> dovecot --version
> 2.3.13 (89f716dc2)
>
>> telnet localhost 143
> Trying 127.0.0.1...
> Connected to bulawayo.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+
> STARTTLS AUTH=PLAIN] Dovecot (Debian) ready.
> a login fred xxx
> a NO [UNAVAILABLE] Temporary authentication failure. [bulawayo:2022-01-26
> 20:02:14]
>
> same if I try openssl s_client to 993
>
>> tail /var/log/mail.log
> Jan 26 20:03:28 bulawayo dovecot: imap-login: Disconnected (auth service
> reported temporary failure): user=, method=PLAIN, rip=127.0.0.1,
> lip=127.0.0.1, secured, session=<1MRorYHWwOp/AAAB>
>
> doveconf -n
> # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.13 (cdd19fe3)
> # OS: Linux 5.10.0-10-amd64 x86_64 Debian 11.1
> # Hostname: bulawayo
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> mail_privileged_group = mail
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> driver = pam
> }
> protocols = " imap"
> service imap-login {
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> }
> ssl_cert = ssl_client_ca_dir = /etc/ssl/certs
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> driver = passwd
> }
>
> --
> David Matthews
> m...@dmatthews.org
>
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: can't authenticate
Hello
Did the password hash algorithm change between devuan 3 and 4?
You can check that in your /etc/shadow file.
The start of the password field should be the same something like $6$...
Kind regards,
Christian Mack
On 27.01.22 13:14, David Matthews wrote:
> hi Christian
>
> Same user and password on both machines, users with shell accounts; exactly
> the same; in fact I'm struggling to see anything different that might be
> relevant. On one machine dovecot just works on the other, it stopped working
> after a dist-upgrade.
>
> One machine (where it works) is a debian 11 VPS, the other is real PC
> hardware running devuan 4, but their dovecot is a debian package. I can't see
> why either of that should matter and dovecot also just worked on the PC with
> devuan 3.
>
> I've tried purging dovecot-core and dovecot-imapd and reinstalling to no
> effect.
>
>>
>> 1. Re: can't authenticate (Christian Mack)
>>
>>
>> ------
>>
>> Message: 1
>> Date: Thu, 27 Jan 2022 11:42:22 +0100
>> From: Christian Mack >christian.m...@uni-konstanz.de>
>> To: dovecot@dovecot.org
>> Subject: Re: can't authenticate
>> Message-ID: >a2fbca25-75c7-4e19-a084-5e8d4d8cc...@uni-konstanz.de>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Hello
>>
>>> passdb {
>>> driver = pam
>>> }
>>
>> Is user fred defined on your development machine?
>> Does the password match the one from the production machine?
>>
>>
>> Kind regards,
>> Christian Mack
>>
>> On 26.01.22 21:14, David Matthews wrote:
>>> My live mail exchanger and development machines have identical dovecot
>>> setups, yet I cannot login on the development machine:-
>>>
>>> dovecot --version
>>> 2.3.13 (89f716dc2)
>>>
>>>> telnet localhost 143
>>> Trying 127.0.0.1...
>>> Connected to bulawayo.
>>> Escape character is '^]'.
>>> * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+
>>> STARTTLS AUTH=PLAIN] Dovecot (Debian) ready.
>>> a login fred xxx
>>> a NO [UNAVAILABLE] Temporary authentication failure. [bulawayo:2022-01-26
>>> 20:02:14]
>>>
>>> same if I try openssl s_client to 993
>>>
>>>> tail /var/log/mail.log
>>> Jan 26 20:03:28 bulawayo dovecot: imap-login: Disconnected (auth service
>>> reported temporary failure): user=>fred>, method=PLAIN, rip=127.0.0.1,
>>> lip=127.0.0.1, secured, session=>1MRorYHWwOp/AAAB>
>>>
>>> doveconf -n
>>> # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
>>> # Pigeonhole version 0.5.13 (cdd19fe3)
>>> # OS: Linux 5.10.0-10-amd64 x86_64 Debian 11.1
>>> # Hostname: bulawayo
>>> mail_location = mbox:~/mail:INBOX=/var/mail/%u
>>> mail_privileged_group = mail
>>> namespace inbox {
>>> inbox = yes
>>> location =
>>> mailbox Drafts {
>>> special_use = \Drafts
>>> }
>>> mailbox Junk {
>>> special_use = \Junk
>>> }
>>> mailbox Sent {
>>> special_use = \Sent
>>> }
>>> mailbox "Sent Messages" {
>>> special_use = \Sent
>>> }
>>> mailbox Trash {
>>> special_use = \Trash
>>> }
>>> prefix =
>>> }
>>> passdb {
>>> driver = pam
>>> }
>>> protocols = " imap"
>>> service imap-login {
>>> inet_listener imap {
>>> port = 143
>>> }
>>> inet_listener imaps {
>>> port = 993
>>> ssl = yes
>>> }
>>> }
>>> ssl_cert = >/etc/dovecot/private/dovecot.pem
>>> ssl_client_ca_dir = /etc/ssl/certs
>>> ssl_dh = # hidden, use -P to show it
>>> ssl_key = # hidden, use -P to show it
>>> userdb {
>>> driver = passwd
>>> }
>>>
>>> --
>>> David Matthews
>>> m...@dmatthews.org
>>>
>>
>>
>> --
>> Christian Mack
>> Universit?t Konstanz
>> Kommunikations-, Informations-, Medienzentrum (KIM)
>> Abteilung IT-Dienste Forschung und Lehre
>> 78457 Konstanz
>> +49 7531 88-4416
>>
>> -- next part --
>> A non-text attachment was scrubbed...
>> Name: smime.p7s
>> Type: application/pkcs7-signature
>> Size: 5351 bytes
>> Desc: S/MIME Cryptographic Signature
>> URL:
>> >https://dovecot.org/pipermail/dovecot/attachments/20220127/2c510097/attachment-0001.bin>
>>
>> --
>>
>> Subject: Digest Footer
>>
>> ___
>> dovecot mailing list
>> dovecot@dovecot.org
>> https://dovecot.org/mailman/listinfo/dovecot
>>
>>
>> --
>>
>> End of dovecot Digest, Vol 225, Issue 70
>>
>>
>>
>
> --
> David Matthews
> m...@dmatthews.org
>
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: can't authenticate
Hello Am 27.01.22 um 17:37 schrieb David Matthews: > hi Christian > >> Did the password hash algorithm change between devuan 3 and 4? You >> can check that in your /etc/shadow file. > > As I understand, devuan is pretty much debian without systemd? And > that if you were prepared to do a fair bit of work you could start > with debian installed, hack it about and end up with something like > devuan? > > I doubt devuan has done anything to deviate from debian at this level > and both machines were recently dist-upgraded. Dovecot needed no > tinkering with at all on the debian machine. > I never used devuan, so I can not comment on its upgrade strategies. The default in Debian has changed, but on an dist-upgrade they are not changed automatically. This would not be possible anyway, as you need the original password for generating the new hash. But you could enforce the user to change it on the next login. The hash algorithm changes, when you set a new or other password. Check also release notes of Bulseye: https://www.debian.org/releases/stable/amd64/release-notes/ch-information.de.html#pam-default-password >> The start of the password field should be the same something like >> $6$... >> > > Yes it is on devuan 4. I no longer have anything with devuan 3 to > check that, but it shouldn't have changed in a dist-upgrade? > Interestingly, although it's the same user and password on both > machines, I notice that the hashes in /etc/shadow are not identical > after the commencing $6$. But then I don't know how these hashes are > derived, so maybe that is not unexpected? > So the password algorithm didn't change. $6$ is still the old one SHA-512. The hashes are different between machines, as they are salted. The salt is stored after $6$ up till the next $ sign. As the salt differs, the hash has to be different. Thats what salts are made for :-) So you only can increase the logging in dovecot for authentication to debugging. auth_debug=yes Perhaps you also want to set auth_debug_passwords=yes for getting the actual password in plain text. (Don't forget to disable that afterwards!) Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: dovecot Digest, Vol 225, Issue 73
Hello > auth-worker: Error: fatal error: failed to reserve page summary memory You have an memory allocation problem. The only thing I can see on dovecots side is increasing vsz_limit for auth service. If that doesn't solve your Problem, please ask on a devuan site. Kind regards, Christian Mack Am 28.01.22 um 13:52 schrieb David Matthews: >> 5. Re: can't authenticate (Christian Mack) > hi Christian > > log with debugging resulting from a login attempt pasted at end - to try and > make it more readable I removed everything in each line up to "dovecot:" At > no point is a password revealed, even in hashed form. > > Should also say that the problem is identical on a backup laptop also running > devuan 4; I'm not sure if I ever used that machine with dovecot before it was > upgraded from devuan 3. Also I tried creating a new user to see if that > account could authenticate; it cannot. > >> So you only can increase the logging in dovecot for authentication to >> debugging. >> auth_debug=yes > > auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth > auth: Debug: Module loaded: > /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so > auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat > auth: Debug: auth client connected (pid=2467) > auth: Debug: client in: > AUTH#0111#011PLAIN#011service=imap#011secured#011session=osv6w6PW4tB/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=53474#011resp= > auth: Debug: pam(fred,127.0.0.1,): Performing passdb lookup > auth-worker(2469): Debug: Loading modules from directory: > /usr/lib/dovecot/modules/auth > auth-worker(2469): Debug: Module loaded: > /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so > auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): Server > accepted connection (fd=13) > dovecot: auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): > Sending version handshake > auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): > auth-worker<1>: Handling PASSV request > auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): > auth-worker<1>: pam(fred,127.0.0.1,): Performing passdb > lookup > auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): > auth-worker<1>: pam(fred,127.0.0.1,): lookup service=dovecot > auth-worker: Error: fatal error: failed to reserve page summary memory > auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): > auth-worker<1>: pam(fred,127.0.0.1,): #1/1 style=1 > msg=Password: > auth-worker: Error: > auth-worker: Error: runtime stack: > auth-worker: Error: runtime.throw(0x7f3b2a6a8292, 0x25) > auth-worker: Error: #011runtime/panic.go:1116 +0x74 fp=0x7f3b2a3b5b30 > sp=0x7f3b2a3b5b00 pc=0x7f3b2a4d6474 > auth-worker: Error: runtime.(*pageAlloc).sysInit(0x7f3b2a894428) > auth-worker: Error: #011runtime/mpagealloc_64bit.go:80 +0x185 > fp=0x7f3b2a3b5bc0 sp=0x7f3b2a3b5b30 pc=0x7f3b2a4ccb25 > auth-worker: Error: runtime.(*pageAlloc).init(0x7f3b2a894428, 0x7f3b2a894420, > 0x7f3b2a8aeb18) > auth-worker: Error: #011runtime/mpagealloc.go:317 +0x77 fp=0x7f3b2a3b5be8 > sp=0x7f3b2a3b5bc0 pc=0x7f3b2a4ca517 > auth-worker: Error: runtime.(*mheap).init(0x7f3b2a894420) > auth-worker: Error: #011runtime/mheap.go:743 +0x24b fp=0x7f3b2a3b5c10 > sp=0x7f3b2a3b5be8 pc=0x7f3b2a4c74cb > auth-worker: Error: runtime.mallocinit() > auth-worker: Error: #011runtime/malloc.go:480 +0x109 fp=0x7f3b2a3b5c38 > sp=0x7f3b2a3b5c10 pc=0x7f3b2a4acc09 > auth-worker: Error: runtime.schedinit() > auth-worker: Error: #011runtime/proc.go:563 +0x65 fp=0x7f3b2a3b5c90 > sp=0x7f3b2a3b5c38 pc=0x7f3b2a4d9e25 > auth-worker: Error: runtime.rt0_go(0x7ffd65c5e428, 0x2, 0x7ffd65c5e428, > 0x7f3b2a3b6700, 0x7f3b2af22ea7, 0x0, 0x7f3b2a3b6700, 0x7f3b2a3b6700, > 0xbe848d2612a1e5f4, 0x7ffd65c5cabe, ...) > auth-worker: Error: #011runtime/asm_amd64.s:214 +0x129 fp=0x7f3b2a3b5c98 > sp=0x7f3b2a3b5c90 pc=0x7f3b2a508c09 > auth: Error: auth worker: Aborted PASSV request for fred: Worker process died > unexpectedly > auth: Debug: pam(fred,127.0.0.1,): Finished passdb lookup > dovecot: auth: Debug: auth(fred,127.0.0.1,): Auth request > finished > auth-worker(2469): Fatal: master: service(auth-worker): child 2469 returned > error 2 > auth-worker(2471): Debug: Loading modules from directory: > /usr/lib/dovecot/modules/auth > dovecot: auth-worker(2471): Debug: Module loaded: > /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so > auth-worker(2471): Debug: conn unix:auth-worker (pid=2468,uid=118): Server > accepted conne
Re: On mailbox full, retry for 4 days or similar instead of reject
On February 7, 2022 11:41:08 PM GMT+01:00, Jorge Bastos wrote: >Howdy, > >I don't know if this is dovecot specific and i guess it may not be at >100% so I ask for help. > >I want postfix not to discard the message imediatly when a mailbox is >full, i mean when postfix tries to deliver it to dovecot lmtp. >Is it possible to change the behavior to something like what postfix >does when he tries to deliver a message to an external server and the >server is unaccessible for 4 days (the default i guess), and if in that >period discard it. How do you signal postfix that the mailbox is full? How much over quota do you want a mailbox to be allowed to go? Whats your running config, please show doveconf -n >Does this exists? At least i know gmail does something similar to this. > >I've tried to google a bit but didn't found info that could lead me to >this configuration. Dovecot quota documentation can be found here https://doc.dovecot.org/configuration_manual/quota_plugin/ >Thanks in advanced, >Jorge -- Christian Kivalo
Re: Certificate and showing a sign-cert not there
On 2022-02-08 15:53, Wayne Spivak wrote:
Hi -
I am running Postfix 3.6.4 with Dovecot 2.3.17.1 (476cd46418).
I have a multi-signed cert from Entrust.
The cert works fine on port 25.
Certificates on port 25 verify ok for me.
However, on Port 587 I get an error: c
Certificates on port 587 verify ok for me.
[root@mcq wbs]# openssl s_client -connect mcq.sbanetweb.com:993
-servername mcq.sbanetweb.com
Now you check port 993? For me the certificates also don't verify on
port 993.
Have you built your certificate file correctly?
The intermediate cert seems to be missing.
For port 25, 587 you send a chain of 3 certificates.
For port 993 you only send one certificate.
CONNECTED(0003)
depth=0 C = US, ST = New York, L = Bellmore, O = SBA Consulting LTD,
CN = mcq.sbanetweb.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = New York, L = Bellmore, O = SBA Consulting LTD,
CN = mcq.sbanetweb.com
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = US, ST = New York, L = Bellmore, O = SBA Consulting LTD,
CN = mcq.sbanetweb.com
verify return:1
---
Certificate chain
0 s:C = US, ST = New York, L = Bellmore, O = SBA Consulting LTD, CN
= mcq.sbanetweb.com
i:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms
[1], OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN =
Entrust Certification Authority - L1K
[root@mcq wbs]# dovecot -n
# 2.3.17.1 (476cd46418): /etc/dovecot/dovecot.conf
# OS: Linux 5.16.5-200.fc35.x86_64 x86_64 Fedora release 35 (Thirty
Five)
# Hostname: mcq.sbanetweb.com
auth_mechanisms = plain login
disable_plaintext_auth = no
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = postfix
mode = 0666
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service submission-login {
inet_listener submission {
port = 587
}
}
ssl = required
ssl_cert =
In what order are the certificates in here?
See
https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#id7
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_client_ca_dir = /etc/postfix/tls/
ssl_client_ca_file = ChainBundle.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
}
protocol imap {
mail_max_userip_connections = 15
}
Any ideas?
Wayne Spivak
SBANETWEB.com
Links:
--
[1] http://www.entrust.net/legal-terms
--
Christian Kivalo
Re: Different handling of upper and lower case while indexing/searching with Solr
On February 9, 2022 12:31:23 PM GMT+01:00, Patrik Peng
wrote:
>Woops, this time with better formatting.
>
>On 09.02.22 12:21, Patrik Peng wrote:
>>
>> Hello there
>>
>> We stumbled upon an user account with Solr FTS, which returned no
>> search results for any given search query.
>> Further investigation revealed an issue between indexing mails and
>> querying the index.
>> The user name contains upper and lower case characters (eg.
>> some.u...@domain.net).
>>
>> When new mail is indexed for this user, the user name used for Solr's
>> `user` and `id` fields are transformed into lowercase, as shown in the
>> Solr log:
>>
>> webapp=/solr path=/update
>> params={...}{add=[8543/426f3b0348d03451a3fb8ba2b673/some.u...@domain.net
>> (1724281617442144256), ... (162 adds)]} 0 44298
>>
>> And can be confirmed by manually querying Solr. The Solr schema in use
>> performs no transformation for the affected fields.
>> When a search request is performed via IMAP, Dovecot queries Solr with
>> the original user name:
>>
>> GET
>> /solr/dovecot_fts_popimap/select?wt=json&f...&fq=%2Bbox:1a30ec359dce3451b8e68ba2b673+%2Buser:some.u...@domain.net
>>
>> HTTP/1.1"
>>
>> Which (correctly) returns zero results.
>>
>> To summarize, I suspect dovecot transforms any user name to lower case
>> while indexing mails, but not when querying for results.
>>
>> Is this a bug, or caused by my configuration?
How are your users added to your auth backend?
Please post your doveconf -n output
>> Regards
>> Patrik
--
Christian Kivalo
Re: Replications ERROR
Hello
Am 14.02.22 um 14:41 schrieb Günther J. Niederwimmer:
> Hello,
>
> Can any Help me to find out the Problem with "sync failed"
>
> I have all disabled only one user is in the moment running?
>
> doveadm replicator status '*'
> usernamepriority fast sync full sync
> success sync failed
> g...@example.comnone 00:01:47 23:37:43
> -
> y
> gjn none 00:01:47 23:42:43 -
>
> y
>
> Could it be a Problem with this
> doveadm user '*'
> g...@example.com
>
> What is the way to become logs what is going wrong ?
>
> Could it be, I have Problems with the Dovecot Variables in the LDAP Config ?
>
> Thanks very match for a answer,
>
I would try a manual sync and see what error messages you get.
something like:
doveadm -v -D sync -u ${USER_NAME} -f tcp:${SERVERNAME_TO_SYNC_TO} 2>&1
| tee sync-error.log
Kind regards,
Christian Mack
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: Replications ERROR
Hello
Am 16.02.22 um 14:35 schrieb Günther J. Niederwimmer:
> Hallo Christian,
>
> Danke für Deine Antwort!
>
> Am Dienstag, 15. Februar 2022, 13:44:20 CET schrieb Christian Mack:
>> Hello
>>
>> Am 14.02.22 um 14:41 schrieb Günther J. Niederwimmer:
>>> Hello,
>>>
>>> Can any Help me to find out the Problem with "sync failed"
>>>
>>> I have all disabled only one user is in the moment running?
>>>
>>> doveadm replicator status '*'
>>> usernamepriority fast sync full sync
>>> success sync failed
>>> g...@example.comnone 00:01:47 23:37:43
>>> - y
>>> gjn none 00:01:47 23:42:43 -
>>> y
>>>
>>> Could it be a Problem with this
>>> doveadm user '*'
>>> g...@example.com
>>>
>>> What is the way to become logs what is going wrong ?
>>>
>>> Could it be, I have Problems with the Dovecot Variables in the LDAP Config
>>> ?
>>>
>>> Thanks very match for a answer,
>>
>> I would try a manual sync and see what error messages you get.
>> something like:
>> doveadm -v -D sync -u ${USER_NAME} -f tcp:${SERVERNAME_TO_SYNC_TO} 2>&1
> | tee sync-error.log
>
> I have this as answer
> -bash: tcp:${mx01.example.com.lan}: Falsche Variablenersetzung.
>
> olso with a IP address What is the correct syntax Thanks
>
> PS: sowas hatte ich schon gesucht, aber nicht gefunden DANKE
>
Sorry, didn't expect this to be a problem.
The ${...} are shell variables, therefore try in your case:
doveadm -v -D sync -u g...@example.com -f tcp:mx01.example.com.lan 2>&1 |
tee sync-error.log
Kind regards,
Christian Mack
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Dovecot 2.3.18 and OpenMetrics-Prometheus problem
Hi,
I have defined several metrics in Dovecot and activated the metrics service.
After the I tried to include this in Prometheues, but I get strange errors. I
gave up now after several hours in the hope that this might be a bug. So I ask
for help here:
Distribution: Rocky 8
Official Dovecot Repo
Version: 2.3.18
Config for metrics, service and events:
-
metric auth_success {
exporter = log
filter = event=auth_request_finished AND success=yes
}
metric auth_failures {
exporter = log
filter = event=auth_request_finished AND NOT success=yes
}
metric auth_client_userdb {
filter = event=auth_client_userdb_lookup_finished
}
metric auth_master {
exporter = log
filter = event=auth_master_client_login_finished
}
metric client_connected {
filter = event=client_connection_connected
}
metric client_disconnected {
filter = event=client_connection_disconnected
group_by = reason
}
metric imap_command {
filter = event=imap_command_finished
group_by = cmd_name tagged_reply_state
}
metric lmtp_command {
filter = event=smtp_server_command_finished AND protocol=lmtp
group_by = cmd_name status_code duration:exponential:1:5:10
}
metric imap_hibernate {
filter = event=imap_client_hibernated
group_by = error
}
metric imap_unhibernate {
filter = event=imap_client_hibernated
group_by = reason error
}
metric mail_delivery {
filter = event=mail_delivery_finished
group_by = duration:exponential:1:5:10
}
metric sql_query {
filter = event=sql_query_finished
group_by = error_code
}
metric sieve_actions {
filter = event=sieve_action_finished
group_by = action_name error
}
metric managesieve {
filter = event=managesieve_command_finished
group_by = script_name
}
metric dict_lookups {
filter = event=dict_lookup_finished
group_by = driver error
}
service stats {
inet_listener http {
port = 9900
}
}
event_exporter log {
format = json
format_args = time-rfc3339
transport = log
}
-
Shortened curl output:
-
# HELP process_start_time_seconds Timestamp of service start
# TYPE process_start_time_seconds gauge
process_start_time_seconds 1645743604
# HELP dovecot_build Dovecot build information
# TYPE dovecot_build info
dovecot_build_info{version="2.3.18",revision="9dd8408c18"} 1
# HELP dovecot_auth_success Total number of all events of this kind
# TYPE dovecot_auth_success counter
dovecot_auth_success_total 1669
# HELP dovecot_auth_success_duration_seconds Total duration of all events of
this kind
# TYPE dovecot_auth_success_duration_seconds counter
dovecot_auth_success_duration_seconds_total 1.317570
# HELP dovecot_auth_failures Total number of all events of this kind
# TYPE dovecot_auth_failures counter
dovecot_auth_failures_total 1
# HELP dovecot_auth_failures_duration_seconds Total duration of all events of
this kind
# TYPE dovecot_auth_failures_duration_seconds counter
...
# EOF
-
Prometheus yml config snippet:
-
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: dovecot_exporter
static_configs:
- targets:
- 172.30.10.1:9900
-
Prometheus (Docker stable latest) with debug level show these lines:
-
prometheus_1 | ts=2022-02-25T10:22:00.840Z caller=scrape.go:1307
level=debug component="scrape manager" scrape_pool=dovecot_exporter
target=http://172.30.10.1:9900/metrics msg="Append failed" err="expected label
name or left brace, got \"INVALID\""
-
Therefor the service is considered as being down.
I really have no ide, what I can do here.
Thanks for any help in advance
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
Re: Dovecot 2.3.18 and OpenMetrics-Prometheus problem
Hi Aki,
> Am 25.02.2022 um 11:34 schrieb Aki Tuomi :
>
>>
>> On 25/02/2022 12:23 Christian Rößner wrote:
>>
>>
>> Hi,
>>
>> I have defined several metrics in Dovecot and activated the metrics service.
>> After the I tried to include this in Prometheues, but I get strange errors.
>> I gave up now after several hours in the hope that this might be a bug. So I
>> ask for help here:
>>
>> Distribution: Rocky 8
>> Official Dovecot Repo
>> Version: 2.3.18
>>
>> Config for metrics, service and events:
>>
>
> Can you include the full metrics output, please?
Yes
--
support@mx ~ » curl "http://localhost:9900/metrics";
# HELP process_start_time_seconds Timestamp of service start
# TYPE process_start_time_seconds gauge
process_start_time_seconds 1645743604
# HELP dovecot_build Dovecot build information
# TYPE dovecot_build info
dovecot_build_info{version="2.3.18",revision="9dd8408c18"} 1
# HELP dovecot_auth_success Total number of all events of this kind
# TYPE dovecot_auth_success counter
dovecot_auth_success_total 1843
# HELP dovecot_auth_success_duration_seconds Total duration of all events of
this kind
# TYPE dovecot_auth_success_duration_seconds counter
dovecot_auth_success_duration_seconds_total 1.424372
# HELP dovecot_auth_failures Total number of all events of this kind
# TYPE dovecot_auth_failures counter
dovecot_auth_failures_total 1
# HELP dovecot_auth_failures_duration_seconds Total duration of all events of
this kind
# TYPE dovecot_auth_failures_duration_seconds counter
dovecot_auth_failures_duration_seconds_total 3.917099
# HELP dovecot_auth_client_userdb Total number of all events of this kind
# TYPE dovecot_auth_client_userdb counter
dovecot_auth_client_userdb_total 30882
# HELP dovecot_auth_client_userdb_duration_seconds Total duration of all events
of this kind
# TYPE dovecot_auth_client_userdb_duration_seconds counter
dovecot_auth_client_userdb_duration_seconds_total 35.746910
# HELP dovecot_auth_master Total number of all events of this kind
# TYPE dovecot_auth_master counter
dovecot_auth_master_total 1843
# HELP dovecot_auth_master_duration_seconds Total duration of all events of
this kind
# TYPE dovecot_auth_master_duration_seconds counter
dovecot_auth_master_duration_seconds_total 1.029899
# HELP dovecot_client_connected Total number of all events of this kind
# TYPE dovecot_client_connected counter
dovecot_client_connected_total 10591
# HELP dovecot_client_connected_duration_seconds Total duration of all events
of this kind
# TYPE dovecot_client_connected_duration_seconds counter
dovecot_client_connected_duration_seconds_total 0.359288
# HELP dovecot_client_disconnected Total number of all events of this kind
# TYPE dovecot_client_disconnected counter
dovecot_client_disconnected_total{reason="Connection closed"} 7173
dovecot_client_disconnected_total{reason="Deinitializing"} 3418
dovecot_client_disconnected_count 10591
# HELP dovecot_client_disconnected_duration_seconds Total duration of all
events of this kind
# TYPE dovecot_client_disconnected_duration_seconds counter
dovecot_client_disconnected_duration_seconds_total{reason="Connection closed"}
146.829269
dovecot_client_disconnected_duration_seconds_total{reason="Deinitializing"}
72.953468
dovecot_client_disconnected_duration_seconds_sum 219.782730
# HELP dovecot_imap_command Total number of all events of this kind
# TYPE dovecot_imap_command counter
dovecot_imap_command_total{cmd_name="unknown"} 94
dovecot_imap_command_total{cmd_name="unknown",tagged_reply_state="OK"} 75
dovecot_imap_command_total{cmd_name="FETCH"} 720
dovecot_imap_command_total{cmd_name="FETCH",tagged_reply_state="OK"} 720
dovecot_imap_command_total{cmd_name="IDLE"} 5076
dovecot_imap_command_total{cmd_name="IDLE",tagged_reply_state="OK"} 1555
dovecot_imap_command_total{cmd_name="UID FETCH"} 2473
dovecot_imap_command_total{cmd_name="UID FETCH",tagged_reply_state="OK"} 2473
dovecot_imap_command_total{cmd_name="UID SEARCH"} 7402
dovecot_imap_command_total{cmd_name="UID SEARCH",tagged_reply_state="OK"} 7400
dovecot_imap_command_total{cmd_name="UID SEARCH",tagged_reply_state="BAD"} 2
dovecot_imap_command_total{cmd_name="LOGOUT"} 1112
dovecot_imap_command_total{cmd_name="LOGOUT",tagged_reply_state="OK"} 1112
dovecot_imap_command_total{cmd_name="LIST"} 5942
dovecot_imap_command_total{cmd_name="LIST",tagged_reply_state="OK"} 5942
dovecot_imap_command_total{cmd_name="GETQUOTAROOT"} 88
dovecot_imap_command_total{cmd_name="GETQUOTAROOT",tagged_repl
Re: Dovecot 2.3.18 and OpenMetrics-Prometheus problem
Am 25.02.2022 um 11:50 schrieb Christian Rößner :
>
> Hi Aki,
>
>> Am 25.02.2022 um 11:34 schrieb Aki Tuomi :
>>
>>>
>>> On 25/02/2022 12:23 Christian Rößner wrote:
>>>
>>>
>>> Hi,
>>>
>>> I have defined several metrics in Dovecot and activated the metrics
>>> service. After the I tried to include this in Prometheues, but I get
>>> strange errors. I gave up now after several hours in the hope that this
>>> might be a bug. So I ask for help here:
>>>
>>> Distribution: Rocky 8
>>> Official Dovecot Repo
>>> Version: 2.3.18
>>>
>>> Config for metrics, service and events:
>>>
>>
>> Can you include the full metrics output, please?
>
> Yes
>
> --
> support@mx ~ » curl "http://localhost:9900/metrics";
> # HELP process_start_time_seconds Timestamp of service start
> # TYPE process_start_time_seconds gauge
> process_start_time_seconds 1645743604
> # HELP dovecot_build Dovecot build information
> # TYPE dovecot_build info
> dovecot_build_info{version="2.3.18",revision="9dd8408c18"} 1
> # HELP dovecot_auth_success Total number of all events of this kind
> # TYPE dovecot_auth_success counter
> dovecot_auth_success_total 1843
> # HELP dovecot_auth_success_duration_seconds Total duration of all events of
> this kind
> # TYPE dovecot_auth_success_duration_seconds counter
> dovecot_auth_success_duration_seconds_total 1.424372
> # HELP dovecot_auth_failures Total number of all events of this kind
> # TYPE dovecot_auth_failures counter
> dovecot_auth_failures_total 1
> # HELP dovecot_auth_failures_duration_seconds Total duration of all events of
> this kind
> # TYPE dovecot_auth_failures_duration_seconds counter
> dovecot_auth_failures_duration_seconds_total 3.917099
> # HELP dovecot_auth_client_userdb Total number of all events of this kind
> # TYPE dovecot_auth_client_userdb counter
> dovecot_auth_client_userdb_total 30882
> # HELP dovecot_auth_client_userdb_duration_seconds Total duration of all
> events of this kind
> # TYPE dovecot_auth_client_userdb_duration_seconds counter
> dovecot_auth_client_userdb_duration_seconds_total 35.746910
> # HELP dovecot_auth_master Total number of all events of this kind
> # TYPE dovecot_auth_master counter
> dovecot_auth_master_total 1843
> # HELP dovecot_auth_master_duration_seconds Total duration of all events of
> this kind
> # TYPE dovecot_auth_master_duration_seconds counter
> dovecot_auth_master_duration_seconds_total 1.029899
> # HELP dovecot_client_connected Total number of all events of this kind
> # TYPE dovecot_client_connected counter
> dovecot_client_connected_total 10591
> # HELP dovecot_client_connected_duration_seconds Total duration of all events
> of this kind
> # TYPE dovecot_client_connected_duration_seconds counter
> dovecot_client_connected_duration_seconds_total 0.359288
> # HELP dovecot_client_disconnected Total number of all events of this kind
> # TYPE dovecot_client_disconnected counter
> dovecot_client_disconnected_total{reason="Connection closed"} 7173
> dovecot_client_disconnected_total{reason="Deinitializing"} 3418
> dovecot_client_disconnected_count 10591
> # HELP dovecot_client_disconnected_duration_seconds Total duration of all
> events of this kind
> # TYPE dovecot_client_disconnected_duration_seconds counter
> dovecot_client_disconnected_duration_seconds_total{reason="Connection
> closed"} 146.829269
> dovecot_client_disconnected_duration_seconds_total{reason="Deinitializing"}
> 72.953468
> dovecot_client_disconnected_duration_seconds_sum 219.782730
> # HELP dovecot_imap_command Total number of all events of this kind
> # TYPE dovecot_imap_command counter
> dovecot_imap_command_total{cmd_name="unknown"} 94
> dovecot_imap_command_total{cmd_name="unknown",tagged_reply_state="OK"} 75
> dovecot_imap_command_total{cmd_name="FETCH"} 720
> dovecot_imap_command_total{cmd_name="FETCH",tagged_reply_state="OK"} 720
> dovecot_imap_command_total{cmd_name="IDLE"} 5076
> dovecot_imap_command_total{cmd_name="IDLE",tagged_reply_state="OK"} 1555
> dovecot_imap_command_total{cmd_name="UID FETCH"} 2473
> dovecot_imap_command_total{cmd_name="UID FETCH",tagged_reply_state="OK"} 2473
> dovecot_imap_command_total{cmd_name="UID SEARCH"} 7402
> dovecot_imap_command_total{cmd_name="UID SEARCH",tagged_reply_state="OK"} 7400
> dovecot_imap_command_total{cmd_name="UID SEARC
Re: mbox 2 Maildir
Hi, Tamas Hegedus, 29.01.19: * Configuration uses mail_location = mbox:~/mails * setup per-user mail location and do for each user individually in a serial manner: -- doveadm sync maildir:~/Maildir; mbox is synced to Maildir, long running time -- doveadm sync maildir:~/Maildir; rerun to do it for new messages (fast) -- add USER to userdb and set extra field to maildir:~/Maildir users not present in the userdb should default to dovcot default; conditionally optional: doveadm auth cache flush IMHO there is no need to create or change special userdb entries. See https://wiki.dovecot.org/MailLocation: "By default the mail_location setting is empty, which means that Dovecot attempts to locate automatically where your mails are." Regards, Christian -- No signature available. smime.p7s Description: S/MIME Cryptographic Signature
Re: Parsing variables in config files
On December 15, 2019 2:50:03 AM GMT+01:00, "Eudald Valcàrcel Lacasa"
wrote:
>Hello,
>I'm trying to set up a mailbox for a bunch of domains.
>To do so I'm running some docker containers (I know I can use
>multidomain
>set up and I'm doing so, but I need to have some domains on different
>containers for specific reasons).
>
>In order to keep it all clean, I want to use different PostgreSQL
>databases
>for each container, and I'm running the container with an environment
>file
>containing database parameters, such as:
>DB_USER
>DB_HOST
>DB_NAME
>I've been trying to pass these parameters to dovecot's configuration,
>but
>they don't get parsed and I end up with messages like: dovecot: auth:
>Error: pgsql(%{env:DB_HOST}): Connect failed to database %{env:DB_NAME}
>
>I've tried to pass variables alone, using import_environment = DB_HOST
>DB_NAME DB_USER, but I'm stuck at the same errors.
>
>Is there anything I could do to fix this?
There was this exact question a short time ago.
See the list archive from December 4, there is your answer.
Basically, the pgsql library will use specific env variables when they exist
and aren't set through dovecot configuration.
>Thank you!
>Eudald
--
Christian Kivalo
Sieve puts Reference:-Headers into Vacation-Reply
Hey,
I have an issue with misformatted vacation emails. Part of the initial mail
ends up in the vacation response and the headers of the vacation response
end up in the body. Which also leads to the wrong charset being used by
(some) MUAs. (Should be utf-8 but the inital mal was ascii only).
I think I narrowed the trigger of the bug down to a long Reference: header
line. It only happens if the long line is not the first one.
In the attached example I sent to the mangled mailbox mymail...@example.com.
The sieve rule triggered is this one ("äöü" are only there to demonstrate
the breaking charset):
if true
{
vacation :days 7 :addresses ["mymail...@example.com"] text:
This is an automated reply; I am away and will not be able to reply to you
immediately.I will get back to you as soon as I return.äöüß
.
;
}
Christian
--
$ dovecot --version
2.2.13
$ dovecot -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-9-amd64 x86_64 Debian 8.11
disable_plaintext_auth = no
dotlock_use_excl = no
mail_debug = yes
mail_fsync = always
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = acl lazy_expunge listescape mail_log notify
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
imapflags notify
mmap_disable = yes
namespace expunged {
hidden = yes
list = no
location = maildir:~/expunged
prefix = EXPUNGED.
separator = /
}
namespace inbox {
inbox = yes
location = maildir:~/maildir
prefix =
separator = /
}
passdb {
args = username_format=%n /etc/passwd
driver = passwd-file
}
plugin {
acl = vfile
lazy_expunge = EXPUNGED.
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box msgid size
recipient_delimiter = +
sieve = ~/sieve/dovecot.sieve
sieve_dir = ~/sieve/
sieve_extensions = fileinto reject envelope encoded-character vacation
subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave imapflags
notify
sieve_max_redirects = 20
}
protocols = imap pop3 sieve lmtp
service imap-login {
client_limit = 40
process_limit = 50
service_count = 0
vsz_limit = 512 M
}
service imap {
process_limit = 2000
vsz_limit = 512 M
}
service lmtp {
process_limit = 200
vsz_limit = 1 G
}
service managesieve-login {
inet_listener sieve {
port = 2000
}
vsz_limit = 512 M
}
service pop3-login {
client_limit = 40
process_limit = 50
service_count = 0
vsz_limit = 512 M
}
shutdown_clients = no
ssl_cert = --- Begin Message ---
This is a test Mail
--- End Message ---
--- Begin Message ---
Auto-Submitted: auto-replied (vacation)
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
This is an automated reply; I am away and will not be able to reply to you
immediately.I will get back to you as soon as I return.äöüß
--- End Message ---
Re: Strategy for fts and Replication
On February 4, 2020 11:46:31 AM GMT+01:00, Francis Augusto Medeiros-Logeay wrote: >Hi Philon, > >Thanks a lot for your thoughts! > >Can I ask you if using Solr improved things for you? I have a mailbox >with 15 years of e-mail and searching things take a long time. It a vast improvement, more or less instant results. >On 04.02.2020 09:39, Philon wrote: >> Hi Francis, >> >> next to fts-solr there was fts-lucene. But that Lucene there seems >> heavily outdated why the Dovecot docs also suggest using Solr. >> Elasticsearch probably is similar to Solr but the later is maintained >> by Dovecot team. >> >> I started with downloading the Solr binary distribution to Debian >with >> JRE preinstalled and things were running like after 10 min. Yes it’s >a >> bit more complicated to find the schema and edit things like header >> size (in tips section). It’s running quite nicely since then and has >> zero maintenance. > >I will try again - I kept getting some weird errors, so I don't know if > >that's why I wasn't seing much of improvement. >> >> As FTS indexes are separate in external Solr instance I’d guess that >> it won’t interfere with dsync. What I don’t know is if dsync’ing >would >> trigger indexing. This brings me to wonder how one could actually >> replicate the Solr instance!? > >Good question. But what I thought about doing was to install FTS on my >backup instance, and if things go fine, then I install an FTS instance >on my production server - that is, if one doesn't interfere with the >other. > >I will give Solr another shot - my worries are mostly if Solr is >supported on ARM (my prod instance is running on ARM) - I know >Elasticsearch has an ARM build. > >Ii thought about the Xapian engine, but since it requires dovecot 2.3, >I >will have to wait. > >Best, > >Francis > > >> >> Philon >> >>> On 31 Jan 2020, at 17:24, Francis Augusto Medeiros-Logeay >>> wrote: >>> >>> Hi there, >>> >>> I got successfully to replicate my mail server to another dovecot >>> install using dsync, mainly for redundancy, and it works great. >>> >>> I want to try to install fts, as some of the mailboxes have tens of >>> thousands of messages, and it takes minutes to get some results when > >>> searching via IMAP on a Roundcube interface. >>> >>> I want to experiment with fts-solr first, and firstly on my >redundant >>> server, ie., not on my main dovecot install. Is it ok to do this? I >>> ask because I am afraid of how this whole reindexing on the >redundant >>> install will affect the production server. >>> >>> Also, any tips on something else than fts-solr? I tried it once, but > >>> it was so hard to get it right, so many configurations, java, etc., >>> that I'd rather try something else. I also could try fts-elastic or >>> something like that, but, again, having to maintain an elasticsearch > >>> install might use more resources than I think is worth. Any thoughts > >>> on that? >>> >>> Best, >>> >>> -- >>> Francis >>> -- Christian Kivalo
maildirfolder file created in maildir root during auto-creation with 2.3.4.1 but not 2.2.27
Hello, as the tin says. I have several servers running 2.2.27 (Debian stretch) and am adding new ones with 2.3.4.1 (Debian buster). The configs were upgraded where needed but neither 10-mail.conf nor 15-mailboxes.conf were changed. 15-mailboxes is all commented out (I guess the default is auto-create, which isn't documented anywhere I could find) and the only non-comments in 10-mail.conf are --- mail_location = maildir:%h mail_privileged_group = mail --- So yes, no namespaces are explicitly defined/declared. The 2.3.4.1 version wrongly creates a maildirfolder file in the home directory (maildir root), preventing exim from correctly creating/using maildirsize. a) Is this expected behavior and can it be changed? b) How can I disable inbox auto-creation if a) doesn't pan out? Thanks, Christian -- Christian BalzerNetwork/Systems Engineer ch...@gol.com Rakuten Mobile Inc.
Re: maildirfolder file created in maildir root during auto-creation with 2.3.4.1 but not 2.2.27
Hello,
On Wed, 5 Feb 2020 08:58:29 +0200 Aki Tuomi wrote:
> Can you provide full doveconf -n output? Also how are you delivering mail?
>
As pretty much implied, Exim is delivering mails, w/o problems.
And if it gets to create the home directory, everything is fine
and maildirsize gets put there.
But if the first access is via the newer dovecot the bogus maildirfolder
file gets created in the home directory and prevents Exim (and itself?)
from putting a maildirsize there.
My bet is that that something in the auto-create logic changed or the
"mail_home" needing to be set explicitly instead of defaulting to
mail_location if unset, etc.
Redacted and relevant parts only:
---
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-6-amd64 x86_64 Debian 10.2
# Hostname: testbox.gol.com
auth_default_realm = gol.com
default_client_limit = 16384
default_process_limit = 1024
first_valid_uid = 8
imap_hibernate_timeout = 30 secs
imap_idle_notify_interval = 8 mins
imap_logout_format = in=%i out=%o head=<%{fetch_hdr_count}> del=<%{deleted}>
exp=<%{expunged}> trash=<%{trashed}> session=<%{session}>
login_trusted_networks = some.net.work
mail_gid = 8
mail_location = maildir:%h
mail_privileged_group = mail
mail_uid = 8
mailbox_idle_check_interval = 1 mins
maildir_very_dirty_syncs = yes
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
quota = maildir:User
quota_rule = ?:storage=200M
quota_rule2 = Trash:storage=+50M
sieve = file:~/sieve;active=~/.dovecot.sieve
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
verbose_proctitle = yes
protocol imap {
mail_max_userip_connections = 40
mail_plugins = quota imap_quota
}
protocol pop3 {
mail_plugins = quota
}
---
Regards,
Christian
> Aki
>
> On 5.2.2020 4.24, Christian Balzer wrote:
> >
> > Hello,
> >
> > as the tin says.
> > I have several servers running 2.2.27 (Debian stretch) and am adding new
> > ones with 2.3.4.1 (Debian buster).
> > The configs were upgraded where needed but neither 10-mail.conf nor
> > 15-mailboxes.conf were changed.
> > 15-mailboxes is all commented out (I guess the default is auto-create,
> > which isn't documented anywhere I could find) and the only non-comments in
> > 10-mail.conf are
> > ---
> > mail_location = maildir:%h
> > mail_privileged_group = mail
> > ---
> >
> > So yes, no namespaces are explicitly defined/declared.
> >
> >
> > The 2.3.4.1 version wrongly creates a maildirfolder file in the home
> > directory (maildir root), preventing exim from correctly creating/using
> > maildirsize.
> >
> > a) Is this expected behavior and can it be changed?
> > b) How can I disable inbox auto-creation if a) doesn't pan out?
> >
> > Thanks,
> >
> > Christian
>
--
Christian BalzerNetwork/Systems Engineer
ch...@gol.com Rakuten Mobile Inc.
Re: dovecot 2 samba ad-dc
Hi Phil, phil, 20.02.20: I try to build a mail server based on Centos 7, postfix and dovecot 2. My backend is a Samba4 ad-dc. I tried a lot and I don't know what else I could try.I'm new to this mailing list so please forgive me if I don't give right information or anything Samba4 ad-dc is up incl. dns. Win10 Client joined domain and authentication works. Postfix is up and checks against ldap whether recipient address exists. It takes mail via telnet and queues them. But can't give it to dovecot. You told postfix to hand over the messages to dovecot using dovecot-deliver. I 'm not sure which privileges are used/needed by dovecot in this case. Your dovecot has been configured to use uid/gid vmail/vmail, and maybe this causes problems. I'd give lmtp a try. Just define a "transport" for postfix which hands over messages for "local delivery" to dovecot using lmtp. From my point of view, this makes life easier qith dovecot running with vmail/vmail. You should take another look at dovecot's userdb settings as dovecot's last log line states "Userdb lookup failed". After having taken a closer look, I'm just wondering about your user_filter = (mailRoutingAddress=%u) There is no such attribute (MailRoutingAddress) in your ldapsearch results. My conclusion: dovecot is looking for something non-existant - and can't find it ;-)... I'd also recommend using a preceding "%L" to make dovecot use lowercase characters, e.g.: user_attrs = uid=%Lu,=home=/mail/%Ld/%Ln This can make life easier sometimes... Kind Regards, Christian -- No signature available. smime.p7s Description: S/MIME Cryptographic Signature
Re: problem with a public folder
ta_grace = 10%%
> quota_rule2 = Trash:ignore
> quota_status_nouser = DUNNO
> quota_status_overquota = 552 5.2.2 Mailbox is full
> quota_status_success = DUNNO
> quota_vsizes = true
> quota_warning = storage=100%% quota-exceeded 100 %u
> quota_warning2 = storage=95%% quota-warning 95 %u
> quota_warning3 = storage=90%% quota-warning 90 %u
> quota_warning4 = storage=85%% quota-warning 85 %u
> quota_warning5 = storage=75%% quota-warning 75 %u
>sieve =
>file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve
> sieve_before = /var/vmail/sieve/global/spam-global.sieve
> sieve_extensions = +notify +imapflags +spamtest +spamtestplus
>+virustest +editheader
> sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
>+vnd.dovecot.environment
> sieve_max_redirects = 30
> sieve_max_script_size = 1M
> sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
> sieve_plugins = sieve_imapsieve sieve_extprograms
> sieve_spamtest_max_header = X-Spamd-Result: default: [[:alnum:]]+
>\[-?[[:digit:]]+\.[[:digit:]]+ / (-?[[:digit:]]+\.[[:digit:]]+)\]
> sieve_spamtest_status_header = X-Spamd-Result: default: [[:alnum:]]+
>\[(-?[[:digit:]]+\.[[:digit:]]+) / -?[[:digit:]]+\.[[:digit:]]+\]
> sieve_spamtest_status_type = score
> sieve_user_log = /var/vmail/sieve/sieve_error.log
> sieve_virustest_status_header = X-Virus-Scan: Found to be (.+)\.
> sieve_virustest_status_type = text
> sieve_virustest_text_value1 = clean
> sieve_virustest_text_value5 = infected
> trash = /usr/local/etc/dovecot/trash.conf
> welcome_script = welcome %n postmaster@%d
> welcome_wait = yes
>}
>postmaster_address = postmas...@example.com
>protocols = imap lmtp sieve
>sendmail_path = /usr/local/sbin/sendmail
>service auth-worker {
> user = vmail
>}
>service auth {
> unix_listener /var/spool/postfix/private/auth {
>group = postfix
>mode = 0660
>user = postfix
> }
> unix_listener auth-userdb {
>group = vmail
>mode = 0666
>user = vmail
> }
>}
>service dict {
> unix_listener dict {
>mode = 0600
>user = vmail
> }
> user = root
>}
>service imap-login {
> inet_listener imap {
>port = 143
> }
> process_min_avail = 1
>}
>service imap {
> executable = imap
>}
>service lmtp {
> executable = lmtp
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>group = postfix
>mode = 0660
>user = postfix
> }
>}
>service managesieve-login {
> inet_listener sieve {
>address = 172.16.21.3
>port = 4190
> }
>}
>service quota-status {
> client_limit = 1
> executable = quota-status -p postfix
> unix_listener /var/spool/postfix/private/dovecot-quota {
>group = postfix
>mode = 0660
>user = postfix
> }
>}
>service quota-warning {
> executable = script /usr/local/etc/dovecot/quota-warning.sh
> unix_listener quota-warning {
>group = vmail
>mode = 0660
>user = vmail
> }
> user = vmail
>}
>service stats {
> unix_listener stats-reader {
>group = vmail
>mode = 0660
>user = vmail
> }
> unix_listener stats-writer {
>group = vmail
>mode = 0660
>user = vmail
> }
>}
>service welcome {
> executable = script /usr/local/etc/dovecot/welcome.sh
> unix_listener welcome {
>user = vmail
> }
> user = vmail
>}
>ssl = required
>ssl_cert = ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM
>ssl_curve_list = P-256
>ssl_dh = # hidden, use -P to show it
>ssl_key = # hidden, use -P to show it
>ssl_min_protocol = TLSv1.2
>ssl_options = no_ticket
>ssl_prefer_server_ciphers = yes
>userdb {
> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
> driver = sql
>}
>protocol lmtp {
> mail_fsync = optimized
> mail_plugins = acl fts fts_lucene mail_log notify quota trash
>virtual welcome zlib mail_crypt sieve
>}
>protocol lda {
> mail_fsync = optimized
> mail_plugins = acl fts fts_lucene mail_log notify quota trash
>virtual welcome zlib mail_crypt sieve
>}
>protocol imap {
> mail_max_userip_connections = 20
> mail_plugins = acl fts fts_lucene mail_log notify quota trash
>virtual welcome zlib mail_crypt imap_acl imap_quota imap_sieve
>imap_zlib last_login quota welcome
>}
>protocol sieve {
> info_log_path = /var/log/dovecot/dovecot-sieve.log
> log_path = /var/log/dovecot/dovecot-sieve-errors.log
>}
>
>mail_home = /var/vmail/mailboxes/%d/%n
>mail_location = dbox:~/mail
--
Christian Kivalo
RE: Ms Exchange vs dovecot
On May 9, 2020 1:21:09 PM GMT+02:00, Marc Roos wrote: > > >I was wondering about the sieve rules, because I thought they were >executed during mail delivery in the lmtp process. You can also 'guess' > >this a bit from syntax of the rules or the single file they are stored >in. Thus if you 'drag' messages between folders, they are not executed. > There is IMAP sieve that can execute a sieve script after an IMAP event. See https://wiki.dovecot.org/Pigeonhole/Sieve/Plugins/IMAPSieve > >Off topic: >I know Exchange is a different solution. What I think is stupid, is >that >they store mail in a database still. Making it difficult to scale. (I >wonder if they have such solution in their cloud) Better would be per >user of course. I also do not like that they try and push users to >their >cloud with all this 365 advertising in the on premises solution. Sooner > >or later on premises will be gone. > >Public folder is not removed, they were thinking of it, and community >complained (afaik), so they kept it, still there in 2019. (although >changed) > > > > >-Original Message- >From: MIhai Badici [mailto:mi...@badici.ro] >Sent: 09 May 2020 12:32 >To: dovecot@dovecot.org >Subject: Re: Ms Exchange vs dovecot > >First of all, Exchange is a complete solution. Dovecot is a imap/pop3 >server ( a good one, sure... ) > >So replacing exchange means to find an integrated solution. > >about the questions: public folder was removed in exchange. IMHO they >made the right choice :) > >There is a different thing, need different tools and different client >app. You can create shared mailboxes ( i think it's a little demand for > >that, but yes) > >Sieve rules should work ( never tried actually) > >I can see a need for an integration with folders only when you work >with >webmail (like roundcube) . In this scenario ( a liitle bit like gmail) > >is good to see the folders and attach them ( or save) > >I use the kolab plugins for roundcube and there is a sort of >integration >between the chwala ( files plugin) and any webdav capable file server ( > >I use owncloud/nextcloud). So you can share files, edit etc using >owncloud but also attach them and save them from webmail. You can find >a >lot of plugins in owncloud to deal with files, even editing with >onlyoffice . IMHO, that's the way, there is no need to create a client >app to deal with all; maybe other people will not agree but... > > > >On 5/9/20 1:07 PM, Marc Roos wrote: >> >> My, my, did not expect this discussion. It is our own fault we are >> stuck with google and microsoft monopolies. If small companies would >> combine effort (resources and cash) and would not reinvent/create the > >> wheel constantly on our own little islands, we would have much better > >> products. So respect for the dovecot team. >> >> The reason I am asking is that, the public folder solution is not as >> it was in 2000. Exchange 2016+ do not support CDO etc. Nobody >> transitioned between the two? >> >> 1. public folder can be implemented with a public mailbox? >> >> 2. authorize users via groups access to mailboxes/folders of the >> public folder/mailbox. I think I saw ACL's with dovecot, does this >> compare to 'folder permissions' >> >> 3. is it possible with sieve to apply a rule on any mailbox/folder? >> Thus if I 'drag' a message to a folder, the sieve rule is activated? >> >> -- Christian Kivalo
Re: I can no longer use TLS for Windows7 and Outlook
On May 31, 2020 6:36:52 AM GMT+02:00, Mark Constable wrote: >I currently use Ubuntu 20.04 with Dovecot 2.3.7.2 and OpenSSL 1.1.1f. > >A few months ago there was an update to all these systems and since >then I've had to talk W7 and old Mac clients through disabling ports >993/995 with TLS enabled back to ports 143/110 without SSL or they >could not pick up email. Thunderbird users (ie; me) were unaffected. > >Could anyone share a set of port 993/995 SSL settings known to work >with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ? The best would be to upgrade your clients to a more current OS that supports those ciphers or change the mail client to something that ships it's own SSL/TLS implementation like Thunderbird. I would under no circumstances allow access without TLS. You could also switch back to an older version of Ubuntu / openssl which in turn would allow the old clients to use SSL/TLS again. This would allow for an extended time period getting those clients to upgrade their OS. >Mine is currently... > >ssl_ca = ssl_cert = ssl_dh = # hidden, use -P to show it >ssl_key = # hidden, use -P to show it >ssl_options = no_compression no_ticket >ssl_prefer_server_ciphers = yes > >I have commented out ssl_cipher_list, ssl_min_protocol and others to >get back to whatever the defaults are so I am not simply guessing what >the optimal settings would be to cover Win7 and up. Nevertheless you're up to a good amount of work, for Win7 I found this [1] that links to MSDN [2] where it states: TLS 1.1 & TLS 1.2 are enabled by default on post Windows 8.1 releases. Prior to that they were disabled by default. So the administrators have to enable the settings manually via the registry. Refer this article on how to enable this protocols via registry: https://support.Microsoft.com/en-us/kb/187498 I haven't tested this as I don't have a Win7 installation available. >Yes I know Win7 is no longer supported but that does not help the 100s >of older users I have that can't/won't upgrade their computers. There will probably be more problems relating to old OS and unsupported SSL/TLS versions in the future. Good luck. [1] https://support.globalsign.com/ssl/general-ssl/tls-protocol-compatibility [2] https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/ -- Christian Kivalo
Re: Cannot log in to IMAP server and logs are unclear as to why
On 05.06.20 22:42, Scott A. Wozny wrote: Again, thanks very much for your response. Your solution of adding the colons worked. Actually, I futzed with it a little bit and it works with as few as 2 added colons. This is interesting since in the examples section ofhttps://doc.dovecot.org/configuration_manual/authentication/passwd_file/ it explicitly states: ---> This file can be used as a passdb: The error message in your log was: Jun 3 23:35:34 imap dovecot: auth: Error: passwd-file /etc/dovecot/users: User t...@test.com is missing userdb info passdb != userdb Kind Regards Christian Schmidt -- No signature available.
"Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this
Hello, this is basically a repeat of this query from last year, which unfortunately got a deafening silence for replies: --- http://dovecot.org/pipermail/dovecot/2015-August/101720.html --- I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies are also of that vintage. So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work, as per the documentation (http://wiki2.dovecot.org/SSL/DovecotConfiguration) and historically expected. Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the same parameters fails like this: --- Aug 2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibi...@gol.com): Login failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on non-secure (SSL/TLS) connections.: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, pid=16066 --- Changing things to "ssl=no" doesn't help and setting trusted networks only changes the last bit to have "secured" appended but still fails the same otherwise. I really need 2.2.x to behave the same way as before and documented. Any ideas and feedback would be most welcome. Regards, Christian -- Christian BalzerNetwork/Systems Engineer ch...@gol.com Global OnLine Japan/Rakuten Communications http://www.gol.com/
Re: "Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this
Hello, talking to oneself seems to be all the rage on this ML, so I shall join that trend. As it turns out this was a case of slightly muddled/unclear error messages, the client sees: --- -ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections. --- But the actual issue was that the newly added "login_source_ips" (the main reason for this upgrade, as we're running out of ports) was not not in the "trusted_networks" of the target mailbox server. So the failure was between proxy and mailbox server, not client and proxy. After adding that network all is working now as expected. Christian On Tue, 2 Aug 2016 16:02:34 +0900 Christian Balzer wrote: > > Hello, > > this is basically a repeat of this query from last year, which > unfortunately got a deafening silence for replies: > --- > http://dovecot.org/pipermail/dovecot/2015-August/101720.html > --- > > I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies > are also of that vintage. > > So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work, > as per the documentation > (http://wiki2.dovecot.org/SSL/DovecotConfiguration) > and historically expected. > > Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the > same parameters fails like this: > --- > Aug 2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibi...@gol.com): Login > failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on > non-secure (SSL/TLS) connections.: user=, method=PLAIN, > rip=x.x.x.x, lip=x.x.x.x, pid=16066 > --- > > Changing things to "ssl=no" doesn't help and setting trusted networks only > changes the last bit to have "secured" appended but still fails the same > otherwise. > > I really need 2.2.x to behave the same way as before and documented. > > Any ideas and feedback would be most welcome. > > Regards, > > Christian -- Christian BalzerNetwork/Systems Engineer ch...@gol.com Global OnLine Japan/Rakuten Communications http://www.gol.com/
Re: Reporting on CephFS being ready to use with Dovecot
g similar to the DRBD setup you were familiar with, that is Pacemaker and mounting RBD (and FS) from it? That should have been significantly more performant. > Our previous DRBD+Heartbeat > setup didn't allow for online maintenance and had a few problems. Now we > can do 100% online maintenance on storage without users noticing, and on > frontends with just a reconnect but without any downtime. > DRBD and Pacemaker can have issues, especially with some buggy resource agents around. Failing over a node in a controlled fashion takes a few seconds at most here, also in the "not noticeable" ballpark. Given that: a) with DRBD reads are local b) considering a) Ceph will always have the disadvantage of having to go via the net for everything and the resulting latency issues. c) to get roughly the same level of performance and reliability, one needs at least 33% more HW (storage) with Ceph and that's not including the additional frontends. So again, for the time being I'm happier to stay with DRBD pairs. Especially since we have a custom, in-house made migration system in place that will move dead-ish/large/low-usage mailboxes to slower clusters and smallish/high-usage mailboxes to faster ones. > Ceph is hard to learn at first but those with bigger setups and stronger > SLAs will want to take a look at that. I really recommend that the Dovecot > community take at look at that setup. > I agree with all parts of this, particular if you're not trying to squeeze the last ounce of speed from the least amount of rack space. There's another aspect of Ceph that may be of interest with Dovecot, using the object storage interface. However that's not supporting native Ceph interfaces and by its very nature also is slowish, but has nice scalability. Regards, Christian > Good luck! > > Best, > Daniel Colchete > > [1] http://docs.ceph.com/docs/hammer/dev/differences-from-posix/ > -- Christian BalzerNetwork/Systems Engineer ch...@gol.com Global OnLine Japan/Rakuten Communications http://www.gol.com/
Re: Automatic purging of old email in all mailboxes
On 2016-08-29 21:40, Scott W. Sander wrote:
I am using a postfix + Dovecot server as a test mail server for which
some
applications in our test environment use as a target to deliver email
so
that our real endusers don't receive messages from our test servers.
A few of the mailboxes in Dovecot receive hundreds of emails per day.
I'd
like to automatically remove all emails in all mailboxes and mailbox
folders that were received more than 90 days prior to the received
date.
As I'm a novice Dovecot administrator, I'm not exactly sure what the
best
way to accomplish this is, but I've started looking at the "doveadm
expunge" command. I figure I could create a cron job that calls this
command with the -A switch and that has a search query that finds all
emails older than 90 days.
I'm aware that I can test my query by using the "doveadm search"
command.
The problem is that when I do any sort of search query with that
command
(e.g. "doveadm search -A NEW"), I receive the following error messages:
Error: User listing returned failure
doveadm: Error: Failed to iterate through some users
You have to switch your userdb to something else than static,
passwd-file for example
http://wiki2.dovecot.org/AuthDatabase/PasswdFile
I've searched for help with this error, but most of the guidance I'm
seeing
refers to making sure that dovecot-sql is configured correctly;
however,
I'm using "passwd-file" for the passdb and not a true database.
there is the expire plugin http://wiki2.dovecot.org/Plugins/Expire
Here is doveconf -n:
---
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS ext4
auth_mechanisms = plain login
hostname = mail.domain.test
info_log_path = /var/log/dovecot.log
log_path = /var/log/dovecot.log
mail_location = maildir:/var/mail/vhosts/%d/%n
namespace inbox {
inbox = yes
location =
mailbox "Deleted Items" {
special_use = \Trash
}
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox "Junk E-Mail" {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Items" {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
driver = passwd-file
}
protocols = " imap lmtp pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl = required
ssl_cert =
--
Christian Kivalo
Re: initd script does not stop/restart all dovecot processes
On 2016-09-02 12:15, Florent B wrote: On 09/02/2016 11:57 AM, Aki Tuomi wrote: On September 2, 2016 at 12:16 PM Florent B wrote: Hi You could look under /lib/systemd/system or similar. The .in file from repo gets a sed treatment during make install. Aki Tuomi Ok, but I use 2.2.24, and when I did "make install" from source, it did not install any Dovecot service. Was it introduced in 2.2.25 ? "make install" output does not show anything with "dovecot.service.in"... i use ./configure with --with-systemdsystemunitdir=/etc/systemd/system/ and that installs the systemd.service and socket That's why I need to copy initd script by myself, and did the same with systemd unit file when you suggested me to try it. -- Christian Kivalo
Re: dovecot --hostdomain
Am 15. September 2016 16:10:02 MESZ, schrieb dove...@nspace.de: >Hi, > >I'm currently debugging replication issues and I found that both >servers >answer to a "dovecot --hostdomain" simply with > >localhost > > From what I've read, this can lead to problems. >Where do I configure the dovecot hostdomain name? The machine itself >has >a valid name in /etc/hostname Whats the output of the command `hostname`? Whats in your /etc/hosts? >Thanks, >Thomas
