Dovecot 2.3.18 and OpenMetrics-Prometheus problem
Hi,
I have defined several metrics in Dovecot and activated the metrics service.
After the I tried to include this in Prometheues, but I get strange errors. I
gave up now after several hours in the hope that this might be a bug. So I ask
for help here:
Distribution: Rocky 8
Official Dovecot Repo
Version: 2.3.18
Config for metrics, service and events:
-
metric auth_success {
exporter = log
filter = event=auth_request_finished AND success=yes
}
metric auth_failures {
exporter = log
filter = event=auth_request_finished AND NOT success=yes
}
metric auth_client_userdb {
filter = event=auth_client_userdb_lookup_finished
}
metric auth_master {
exporter = log
filter = event=auth_master_client_login_finished
}
metric client_connected {
filter = event=client_connection_connected
}
metric client_disconnected {
filter = event=client_connection_disconnected
group_by = reason
}
metric imap_command {
filter = event=imap_command_finished
group_by = cmd_name tagged_reply_state
}
metric lmtp_command {
filter = event=smtp_server_command_finished AND protocol=lmtp
group_by = cmd_name status_code duration:exponential:1:5:10
}
metric imap_hibernate {
filter = event=imap_client_hibernated
group_by = error
}
metric imap_unhibernate {
filter = event=imap_client_hibernated
group_by = reason error
}
metric mail_delivery {
filter = event=mail_delivery_finished
group_by = duration:exponential:1:5:10
}
metric sql_query {
filter = event=sql_query_finished
group_by = error_code
}
metric sieve_actions {
filter = event=sieve_action_finished
group_by = action_name error
}
metric managesieve {
filter = event=managesieve_command_finished
group_by = script_name
}
metric dict_lookups {
filter = event=dict_lookup_finished
group_by = driver error
}
service stats {
inet_listener http {
port = 9900
}
}
event_exporter log {
format = json
format_args = time-rfc3339
transport = log
}
-
Shortened curl output:
-
# HELP process_start_time_seconds Timestamp of service start
# TYPE process_start_time_seconds gauge
process_start_time_seconds 1645743604
# HELP dovecot_build Dovecot build information
# TYPE dovecot_build info
dovecot_build_info{version="2.3.18",revision="9dd8408c18"} 1
# HELP dovecot_auth_success Total number of all events of this kind
# TYPE dovecot_auth_success counter
dovecot_auth_success_total 1669
# HELP dovecot_auth_success_duration_seconds Total duration of all events of
this kind
# TYPE dovecot_auth_success_duration_seconds counter
dovecot_auth_success_duration_seconds_total 1.317570
# HELP dovecot_auth_failures Total number of all events of this kind
# TYPE dovecot_auth_failures counter
dovecot_auth_failures_total 1
# HELP dovecot_auth_failures_duration_seconds Total duration of all events of
this kind
# TYPE dovecot_auth_failures_duration_seconds counter
...
# EOF
-
Prometheus yml config snippet:
-
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: dovecot_exporter
static_configs:
- targets:
- 172.30.10.1:9900
-
Prometheus (Docker stable latest) with debug level show these lines:
-
prometheus_1 | ts=2022-02-25T10:22:00.840Z caller=scrape.go:1307
level=debug component="scrape manager" scrape_pool=dovecot_exporter
target=http://172.30.10.1:9900/metrics msg="Append failed" err="expected label
name or left brace, got \"INVALID\""
-
Therefor the service is considered as being down.
I really have no ide, what I can do here.
Thanks for any help in advance
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
Re: Dovecot 2.3.18 and OpenMetrics-Prometheus problem
Hi Aki,
> Am 25.02.2022 um 11:34 schrieb Aki Tuomi :
>
>>
>> On 25/02/2022 12:23 Christian Rößner wrote:
>>
>>
>> Hi,
>>
>> I have defined several metrics in Dovecot and activated the metrics service.
>> After the I tried to include this in Prometheues, but I get strange errors.
>> I gave up now after several hours in the hope that this might be a bug. So I
>> ask for help here:
>>
>> Distribution: Rocky 8
>> Official Dovecot Repo
>> Version: 2.3.18
>>
>> Config for metrics, service and events:
>>
>
> Can you include the full metrics output, please?
Yes
--
support@mx ~ » curl "http://localhost:9900/metrics";
# HELP process_start_time_seconds Timestamp of service start
# TYPE process_start_time_seconds gauge
process_start_time_seconds 1645743604
# HELP dovecot_build Dovecot build information
# TYPE dovecot_build info
dovecot_build_info{version="2.3.18",revision="9dd8408c18"} 1
# HELP dovecot_auth_success Total number of all events of this kind
# TYPE dovecot_auth_success counter
dovecot_auth_success_total 1843
# HELP dovecot_auth_success_duration_seconds Total duration of all events of
this kind
# TYPE dovecot_auth_success_duration_seconds counter
dovecot_auth_success_duration_seconds_total 1.424372
# HELP dovecot_auth_failures Total number of all events of this kind
# TYPE dovecot_auth_failures counter
dovecot_auth_failures_total 1
# HELP dovecot_auth_failures_duration_seconds Total duration of all events of
this kind
# TYPE dovecot_auth_failures_duration_seconds counter
dovecot_auth_failures_duration_seconds_total 3.917099
# HELP dovecot_auth_client_userdb Total number of all events of this kind
# TYPE dovecot_auth_client_userdb counter
dovecot_auth_client_userdb_total 30882
# HELP dovecot_auth_client_userdb_duration_seconds Total duration of all events
of this kind
# TYPE dovecot_auth_client_userdb_duration_seconds counter
dovecot_auth_client_userdb_duration_seconds_total 35.746910
# HELP dovecot_auth_master Total number of all events of this kind
# TYPE dovecot_auth_master counter
dovecot_auth_master_total 1843
# HELP dovecot_auth_master_duration_seconds Total duration of all events of
this kind
# TYPE dovecot_auth_master_duration_seconds counter
dovecot_auth_master_duration_seconds_total 1.029899
# HELP dovecot_client_connected Total number of all events of this kind
# TYPE dovecot_client_connected counter
dovecot_client_connected_total 10591
# HELP dovecot_client_connected_duration_seconds Total duration of all events
of this kind
# TYPE dovecot_client_connected_duration_seconds counter
dovecot_client_connected_duration_seconds_total 0.359288
# HELP dovecot_client_disconnected Total number of all events of this kind
# TYPE dovecot_client_disconnected counter
dovecot_client_disconnected_total{reason="Connection closed"} 7173
dovecot_client_disconnected_total{reason="Deinitializing"} 3418
dovecot_client_disconnected_count 10591
# HELP dovecot_client_disconnected_duration_seconds Total duration of all
events of this kind
# TYPE dovecot_client_disconnected_duration_seconds counter
dovecot_client_disconnected_duration_seconds_total{reason="Connection closed"}
146.829269
dovecot_client_disconnected_duration_seconds_total{reason="Deinitializing"}
72.953468
dovecot_client_disconnected_duration_seconds_sum 219.782730
# HELP dovecot_imap_command Total number of all events of this kind
# TYPE dovecot_imap_command counter
dovecot_imap_command_total{cmd_name="unknown"} 94
dovecot_imap_command_total{cmd_name="unknown",tagged_reply_state="OK"} 75
dovecot_imap_command_total{cmd_name="FETCH"} 720
dovecot_imap_command_total{cmd_name="FETCH",tagged_reply_state="OK"} 720
dovecot_imap_command_total{cmd_name="IDLE"} 5076
dovecot_imap_command_total{cmd_name="IDLE",tagged_reply_state="OK"} 1555
dovecot_imap_command_total{cmd_name="UID FETCH"} 2473
dovecot_imap_command_total{cmd_name="UID FETCH",tagged_reply_state="OK"} 2473
dovecot_imap_command_total{cmd_name="UID SEARCH"} 7402
dovecot_imap_command_total{cmd_name="UID SEARCH",tagged_reply_state="OK"} 7400
dovecot_imap_command_total{cmd_name="UID SEARCH",tagged_reply_state="BAD"} 2
dovecot_imap_command_total{cmd_name="LOGOUT"} 1112
dovecot_imap_command_total{cmd_name="LOGOUT",tagged_reply_state="OK"} 1112
dovecot_imap_command_total{cmd_name="LIST"} 5942
dovecot_imap_command_total{cmd_name="LIST",tagged_reply_state="OK"} 5942
dovecot_imap_command_total{cmd_name="GETQUOTAROOT"} 88
dovecot_imap_command_total{cmd_name="GETQUOTAROOT",tagged_repl
Re: Dovecot 2.3.18 and OpenMetrics-Prometheus problem
Am 25.02.2022 um 11:50 schrieb Christian Rößner :
>
> Hi Aki,
>
>> Am 25.02.2022 um 11:34 schrieb Aki Tuomi :
>>
>>>
>>> On 25/02/2022 12:23 Christian Rößner wrote:
>>>
>>>
>>> Hi,
>>>
>>> I have defined several metrics in Dovecot and activated the metrics
>>> service. After the I tried to include this in Prometheues, but I get
>>> strange errors. I gave up now after several hours in the hope that this
>>> might be a bug. So I ask for help here:
>>>
>>> Distribution: Rocky 8
>>> Official Dovecot Repo
>>> Version: 2.3.18
>>>
>>> Config for metrics, service and events:
>>>
>>
>> Can you include the full metrics output, please?
>
> Yes
>
> --
> support@mx ~ » curl "http://localhost:9900/metrics";
> # HELP process_start_time_seconds Timestamp of service start
> # TYPE process_start_time_seconds gauge
> process_start_time_seconds 1645743604
> # HELP dovecot_build Dovecot build information
> # TYPE dovecot_build info
> dovecot_build_info{version="2.3.18",revision="9dd8408c18"} 1
> # HELP dovecot_auth_success Total number of all events of this kind
> # TYPE dovecot_auth_success counter
> dovecot_auth_success_total 1843
> # HELP dovecot_auth_success_duration_seconds Total duration of all events of
> this kind
> # TYPE dovecot_auth_success_duration_seconds counter
> dovecot_auth_success_duration_seconds_total 1.424372
> # HELP dovecot_auth_failures Total number of all events of this kind
> # TYPE dovecot_auth_failures counter
> dovecot_auth_failures_total 1
> # HELP dovecot_auth_failures_duration_seconds Total duration of all events of
> this kind
> # TYPE dovecot_auth_failures_duration_seconds counter
> dovecot_auth_failures_duration_seconds_total 3.917099
> # HELP dovecot_auth_client_userdb Total number of all events of this kind
> # TYPE dovecot_auth_client_userdb counter
> dovecot_auth_client_userdb_total 30882
> # HELP dovecot_auth_client_userdb_duration_seconds Total duration of all
> events of this kind
> # TYPE dovecot_auth_client_userdb_duration_seconds counter
> dovecot_auth_client_userdb_duration_seconds_total 35.746910
> # HELP dovecot_auth_master Total number of all events of this kind
> # TYPE dovecot_auth_master counter
> dovecot_auth_master_total 1843
> # HELP dovecot_auth_master_duration_seconds Total duration of all events of
> this kind
> # TYPE dovecot_auth_master_duration_seconds counter
> dovecot_auth_master_duration_seconds_total 1.029899
> # HELP dovecot_client_connected Total number of all events of this kind
> # TYPE dovecot_client_connected counter
> dovecot_client_connected_total 10591
> # HELP dovecot_client_connected_duration_seconds Total duration of all events
> of this kind
> # TYPE dovecot_client_connected_duration_seconds counter
> dovecot_client_connected_duration_seconds_total 0.359288
> # HELP dovecot_client_disconnected Total number of all events of this kind
> # TYPE dovecot_client_disconnected counter
> dovecot_client_disconnected_total{reason="Connection closed"} 7173
> dovecot_client_disconnected_total{reason="Deinitializing"} 3418
> dovecot_client_disconnected_count 10591
> # HELP dovecot_client_disconnected_duration_seconds Total duration of all
> events of this kind
> # TYPE dovecot_client_disconnected_duration_seconds counter
> dovecot_client_disconnected_duration_seconds_total{reason="Connection
> closed"} 146.829269
> dovecot_client_disconnected_duration_seconds_total{reason="Deinitializing"}
> 72.953468
> dovecot_client_disconnected_duration_seconds_sum 219.782730
> # HELP dovecot_imap_command Total number of all events of this kind
> # TYPE dovecot_imap_command counter
> dovecot_imap_command_total{cmd_name="unknown"} 94
> dovecot_imap_command_total{cmd_name="unknown",tagged_reply_state="OK"} 75
> dovecot_imap_command_total{cmd_name="FETCH"} 720
> dovecot_imap_command_total{cmd_name="FETCH",tagged_reply_state="OK"} 720
> dovecot_imap_command_total{cmd_name="IDLE"} 5076
> dovecot_imap_command_total{cmd_name="IDLE",tagged_reply_state="OK"} 1555
> dovecot_imap_command_total{cmd_name="UID FETCH"} 2473
> dovecot_imap_command_total{cmd_name="UID FETCH",tagged_reply_state="OK"} 2473
> dovecot_imap_command_total{cmd_name="UID SEARCH"} 7402
> dovecot_imap_command_total{cmd_name="UID SEARCH",tagged_reply_state="OK"} 7400
> dovecot_imap_command_total{cmd_name="UID SEARC
Re: Dovecot 2.3.18 and OpenMetrics-Prometheus problem
Hi,
> Am 17.03.2022 um 10:43 schrieb Eirik Rye :
>
> On 25/02/2022 11:50, Christian Rößner wrote:
>> dovecot_sieve_actions_total{"duration_10001_10"} 88
>
> This label specification is invalid (it's missing the label name).
>
> Everything else seems valid, so I assume a workaround may be to comment out
> the "sieve_actions" metric you have declared.
thank you very much. Indeed that helped me a lot. @Aki: So this seems really to
be a bug in Dovecot. Can you confirm this?
Regards
Christian
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
Overquota flag and auth caching
Hello, I like the over quota flag mechanism in Dovecot. I found out that I get in trouble if a user gets over quota and I have turned on auth caching, because the cache does not automatically invalidate a user while toggling the flag. The cache still serves the old state. The result is that mails are still accepted, even a user went over quota resulting in bounces. Workaround is to flush a user from inside the toggle script, which solves the bounce problem, but it prevents the user from getting under quota before the user is flushed from the cache again. What is the correct way to use the over quota flag and which solutions can be taken to invalidate the user? Is it possible to do this in a Lua user backend? Any other method? Thanks in advance Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Karl-Bröger-Str. 10, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
Re: [Dovecot] DKIM Verification failures
Hello, First of all: I am really, really sorry for all of you that got DKIM failure reports from my server! That was never my intention! I had some feedback from one of the Dovecot's users who contacted me and informed me about this circumstances. As soon as I new about it, I disabled the reports feature. It seems that there do exist problems with DKIM and some mailing lists. Not only with my mail server. I have found several SSL errors, when OpenDKIM tries to verify signatures that came from a mailing list. And in turn my MTA tried to send a report to focus on that problem. Yet I can not say, what is going wrong here, but OpenDKIM is really sensitive, if something is wrong with a signature. So as of writing this, you do not get any further report messages. For those of you, who would like to find out, what caused these reports are welcome to contact me. Maybe we can find the problem and eliminate it (maybe a bug in OpenDKIM, mailman, whatever. I don't think it's part of my configuration and therefor several other people might have this problem as well). Thanks in advance Christian Roessner Am 15.12.11 23:54 schrieb "Robert Schetterer" unter : >Am 15.12.2011 23:25, schrieb Nikolaos Milas: >> Hi, >> >> -- This message refers to the maillist itself rather than to dovecot >> software -- >> >> I have noticed that when I post to this list (only), I get DKIM >> Verification failure reports from: >> >> r...@moncton.sidefx.com (e.g. for my last post: "DKIM failure report >> for job 4D27B5DC4E on mail.sidefx.com") >> r...@mail.rmacd.com (e.g. for my last post: "DKIM failure report for job >> B69B3187F1 on mail.rmacd.com") > >> r...@mx0.roessner-net.de (e.g. for my last post: "DKIM failure report >> for job 6103B52092 on mx0.roessner-net.de") > > > > > >whois roessner-net.de > >and search the list archive for > >roessner mail address, guess it will no problem to contact and debug > >> >> I have not had other DKIM failure reports from anywhere and I know that >> we should not have issues with it. An example from gmail: >> >> Authentication-Results: mx.google.com; spf=pass (google.com: best guess >> record for domain of nmi...@noa.gr designates 195.251.204.235 as >> permitted sender) smtp.mail=nmi...@noa.gr; dkim=pass header.i=@noa.gr >> >> So, whom should I contact to investigate this problem? >> >> Thanks, >> Nick >
[Dovecot] File/folder permission issues in 2.1.3
Hi,
I figured out that Dovecot does not honer secondary groups with
auth/auth-worker (??), if doing LDAP/TLS stuff. I had to use file system acls
to add the user "vmail" to /etc/ssl/private and to the corresponding key file:
doveconf -n
# 2.1.3: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-40-generic-pae i686 Ubuntu 10.04.4 LTS
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
hostname = mail.roessner-net.de
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_access_groups = vmail
mail_gid = vmail
mail_location = mdbox:~/mdbox
mail_plugins = autocreate quota acl fts fts_solr zlib mail_log notify
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace {
list = children
location = mdbox:%%h/mdbox
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox "Deleted Messages" {
special_use = \Trash
}
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
mailbox junkmail {
special_use = \Junk
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db
autocreate = Trash
autocreate2 = Sent
autocreate3 = Drafts
autocreate4 = junkmail
autosubscribe = Trash
autosubscribe2 = Sent
autosubscribe3 = Drafts
autosubscribe4 = junkmail
fts = solr
fts_solr = break-imap-search url=http://localhost:8080/solr/
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
quota = dict:User quota::file:%h/mdbox/dovecot-quota
quota_rule = *:storage=300M:messages=2
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
zlib_save = gz
zlib_save_level = 6
}
protocols = imap pop3 lmtp sieve
service auth-worker {
unix_listener auth-worker {
user = vmail
}
user = vmail
}
service auth {
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = vmail
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service lmtp {
inet_listener lmtp {
address = ::1
port = 24
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = dovecot
}
ssl_ca = ldap://ldap0.roessner-net.de/ ldap://db.roessner-net.de/
sasl_bind = yes
sasl_mech = EXTERNAL
tls = yes
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
tls_cert_file = /etc/ssl/certs/mx0.roessner-net.de.pem
tls_key_file = /etc/ssl/private/mx0.roessner-net.de.key.pem
tls_require_cert = hard
base = ou=people,ou=it,dc=roessner-net,dc=de
user_attrs = rnsMSQuota=quota_rule=*:storage=%$,rnsMSMailboxHome=home
user_filter = (&(objectClass=rnsMSDovecotAccount)(rnsMSRecipientAddress=%u))
pass_attrs = rnsMSDeliverToAddress=user,userPassword=password
pass_filter =
(&(objectClass=rnsMSDovecotAccount)(rnsMSRecipientAddress=%u)(rnsMSEnableDovecot=TRUE))
iterate_attrs = rnsMSDovecotUser=user
iterate_filter = (objectClass=rnsMSDovecotAccount)
default_pass_scheme = CRYPT
Thanks in advance.
-Christian
---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81, 35390 Gießen
F: +49 641 5879091, M: +49 176 93118939
USt-IdNr.: DE225643613
http://www.roessner-network-solutions.com
smime.p7s
Description: S/MIME cryptographic signature
Re: [Dovecot] Shared INBOX change in v2.1.6?
Hi, > * LIST (\HasNoChildren) "/" "shared/tss2/INBOX" I only use these ones. So it would break my setup either. -Christian Rößner --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
[Dovecot] doveadm not working
root ssl-cert 1679 2012-03-29 10:03 /etc/ssl/private/mail.roessner-net.de.key.pem -Christian Rößner --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] doveadm not working
> doveadm quota get -A > doveadm(root): Error: User listing returned failure > doveadm: Error: Failed to iterate through some users > Username Quota name Type Value Limit >% > > All I see in the logs is: > > May 13 13:03:20 mx0 dovecot: auth: Error: auth worker: Aborted request: > Lookup timed out > May 13 13:03:21 mx0 dovecot: auth-worker(26753): Error: LDAP: > ldap_start_tls_s() failed: Connect error > May 13 13:03:21 mx0 dovecot: auth-worker(26753): Error: LDAP: > ldap_start_tls_s() failed: Can't contact LDAP server I just enabled Stats in both LDAP servers. When doing a doveadm quota get -A there does not happen any LDAP connection to one of my servers. If I do a "telnet -4/-6 ... 389" to each of them, I can see the ACCEPT stats. So why does doveadm not connect with LDAP, while the service dovecot works perfectly? How can I debug this? -Christian Rößner --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] doveadm not working
>> May 13 13:03:20 mx0 dovecot: auth: Error: auth worker: Aborted request:
>> Lookup timed out
>> May 13 13:03:21 mx0 dovecot: auth-worker(26753): Error: LDAP:
>> ldap_start_tls_s() failed: Connect error
>> May 13 13:03:21 mx0 dovecot: auth-worker(26753): Error: LDAP:
>> ldap_start_tls_s() failed: Can't contact LDAP server
>>
>> Dovecot itself works. Only doveadm does not.
>
> User iteration is done via auth-worker process, because it can take a
> long time. Regular passdb/userdb lookups are done via auth process,
> because they are fast. So:
>
>> service auth-worker {
>> unix_listener auth-worker {
>>user = vmail
>> }
>> user = vmail
>> }
>> service auth {
>> extra_groups = ssl-cert
>> unix_listener auth-userdb {
>>mode = 0600
>>user = vmail
>> }
>> user = vmail
>> }
>
> I guess you need to add extra_groups=ssl-cert to auth-worker as well.
Unfortunately I already tested this (and also once again after your answer).
Changed the setting, stopped dovecot and restart it. After that doing doveadm
qutoa get -A stalls.
What I do not understand is that I can not see any connection attempts to the
LDAP servers. If it had problems with the certificates I would expect to see
the connection and then a failure in the starttls process.
I alos did chmod o+rx to the folder /etc/ssl/private and also to the private
key. So I think it has nothing to do with the privileges of the certificates,
does it?
-Christian Rößner
---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81, 35390 Gießen
F: +49 641 5879091, M: +49 176 93118939
USt-IdNr.: DE225643613
http://www.roessner-network-solutions.com
smime.p7s
Description: S/MIME cryptographic signature
Re: [Dovecot] [SOLVED] doveadm not working
Am 14.05.2012 um 18:36 schrieb Timo Sirainen:
> #debug_level = 0
>
> Also make sure that the auth and auth-worker processes have the same
> permissions:
>
> doveconf service/auth > a
> doveconf service/auth-worker > b
> diff -u a b
Okay, for some reason it is working again. I had removed the unix_listener
service auth-worker {
unix_listener auth-worker {
mode = 0600
user = vmail
#group =
}
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
user = vmail
extra_groups = ssl-cert
}
This version shown here now works for me. Thanks again for your help. :-)
-Christian Rößner
---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81, 35390 Gießen
F: +49 641 5879091, M: +49 176 93118939
USt-IdNr.: DE225643613
http://www.roessner-network-solutions.com
smime.p7s
Description: S/MIME cryptographic signature
[Dovecot] 2.1.7 TLS issues
Hi, I have an interesting problem: I am building dovecot packages for Ubuntu since 10.04. Never had bigger trouble with it. Now since 2.1.6 or 2.1.7 (I can not say more precisely), Thunderbird 10ESR and Outlook 2010 can no longer use 143/TLS correctly. Automx delvers 143/TLS and Outlook tells me that it can not create a secure connection. I changed automx to use 993/SSL and everything works. Under Thunderbird 10ESR, I get a box that tells me that I need to change settings. When I sent mail, TB told me that it could not copy the mail to the sent folder. I also changed to 993/SSL and everything is perfect. At the other and, Apples Mail.app and iOS devices work perfectly over 143/TLS. So my guess is that it has to do with OpenSSL. Did something change in dovecot concerning TLS? Can I change options in the built process? Thanks in advance -Christian Rößner --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] 2.1.7 TLS issues
> Maybe related to the OpenSSL bug that caused the problem (it sometimes helps > to read/search emails on this list before posting) discussed just yesterday > in this thread: > > http://www.mail-archive.com/dovecot@dovecot.org/msg45828.html well, the packages I built are still running under 10.04 and therefor the library has not been upgraded to 1.0.1. This is the reason for this post. My question is, if doevcot got some code or anything else that focuses on the newer 1.0.1 library, and maybe broke something in older versions? -Christian Rößner --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] 2.1.7 TLS issues
>> I have an interesting problem: I am building dovecot packages for Ubuntu >> since 10.04. Never had bigger trouble with it. Now since 2.1.6 or 2.1.7 (I >> can not say more precisely), Thunderbird 10ESR and Outlook 2010 can no >> longer use 143/TLS correctly. Automx delvers 143/TLS and Outlook tells me >> that it can not create a secure connection. I changed automx to use 993/SSL >> and everything works. Under Thunderbird 10ESR, I get a box that tells me >> that I need to change settings. When I sent mail, TB told me that it could >> not copy the mail to the sent folder. I also changed to 993/SSL and >> everything is perfect. >> >> At the other and, Apples Mail.app and iOS devices work perfectly over >> 143/TLS. So my guess is that it has to do with OpenSSL. Did something change >> in dovecot concerning TLS? Can I change options in the built process? > > What was the Dovecot version you were using previously which worked? I am not sure which version worked. My best guess is 2.1.4 or 2.1.5, because I skipped 2.1.6. But 2.1.6 has the same issues, as my friend Uwe did report the same issues with that one. @Robert: I am talking about Ubuntu 10.04, so this can not be a problem with openssl itself, as that did not change -Christian Rößner --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] 2.1.7 TLS issues
> I have an interesting problem: I am building dovecot packages for Ubuntu since 10.04. Never had bigger trouble with it. Now since 2.1.6 or 2.1.7 (I can not say more precisely), Thunderbird 10ESR and Outlook 2010 can no longer use 143/TLS correctly. Automx delvers 143/TLS and Outlook tells me that it can not create a secure connection. I changed automx to use 993/SSL and everything works. Under Thunderbird 10ESR, I get a box that tells me that I need to change settings. When I sent mail, TB told me that it could not copy the mail to the sent folder. I also changed to 993/SSL and everything is perfect. At the other and, Apples Mail.app and iOS devices work perfectly over 143/TLS. So my guess is that it has to do with OpenSSL. Did something change in dovecot concerning TLS? Can I change options in the built process? >>> >>> What was the Dovecot version you were using previously which worked? >> >> I am not sure which version worked. My best guess is 2.1.4 or 2.1.5, because >> I skipped 2.1.6. But 2.1.6 has the same issues, as my friend Uwe did report >> the same issues with that one. >> >> @Robert: I am talking about Ubuntu 10.04, so this can not be a problem with >> openssl itself, as that did not change > > I've seen problems with all kinds of clients and servers, even with Dovecot > 1.x where TLS/Auto settings fail and I simply always instruct end users to > explicitly choose 993/SSL to get a good TLS connection reliably. > > It seems like it might not be so version-specific or even anything wrong at > the server end. I never had such problems before. When I was coding automx, all tests succeeded with Dovecot and Outlook 2007/2010 and also Thunderbird was working perfectly. So in my opinion this is a version specific problem, as it started somewhere in 2.1.4+. I am using Dovecot since 1.0 (something like this) and never had 143/TLS problems Best regards Christian smime.p7s Description: S/MIME cryptographic signature
[Dovecot] some mdbox mails get lost each day
Hi, I have a strange problem here. I had installed Dovecot-2.1.6 on a customers setup. They have 102 mail accounts on the server. The started using this dovecot version on the 20th June. One mailbox suddenly started expunging mails. Not from the current day, but one week back in the past. First I thought about an Outlook issue. Some filter or archieving thing, but we did a test and on one day, the curstomer did not start Outlook first; instead he checked his mails with the SOGo-webinterface. We saw that mails got deleted again. I checked for sieve filters. None. I upgraded dovecot to 2.1.7, as I have not done any newer packages yet for Ubuntu (using my own PPA). Same problem one day later. I tested with telnet locally. Same result as in the client. I also did doveadm dump -t log and index and saw that there had been expunged mails. Yesterday I asked the customer to backup all his mails in Outlook. After that I renamed the whole mdbox folder of this account on the server and sent one test mail to recreate the mailbox. After that her restored his mail in Outlook. This morning her contacted me and said that all mails are ok right now and no mails have been erased anymore. Coud this been a corrupted index? I also chekced the storage/-folder and see that all mails are still on disk. Now he asked me if there is any way to get all the lost messaged back? It would be okay for him, if all mails since June are sent again, as he can clean his mailbox afterwards. So does somebody have an idea on how to solve this? Maybe scripting something in python and using local sendmail command? Or is there some doveadm voodoo to repair the index or unexpunge all mails? Thanks in advance -Christian Rößner --- Rößner-Network-Solutions Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 7882340-0 F: +49 6631 7882340-9 M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] some mdbox mails get lost each day
Hi, > cp mdbox ~/mdbox-backup done > rm -rf ~/mdbox-backup/storage/dovecot.map* ~/mdbox-backup/mailboxes/ done > doveadm import mdbox:~/mdbox-backup all-mails all problem I tried so, but this does not work here: doveadm -Dv import -u foo@example.com mdbox:/srv/mail/foo@example.com-backup all-mails ALL doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/lib20_mail_log_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_lookup (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_list_backend (this is usually intentional, so just ignore this message) doveadm(root): Debug: Effective uid=0, gid=0, home=/root doveadm(root): Debug: fs: root=/srv/mail/foo@example.com-backup, index=, control=, inbox=, alt= doveadm(root): Debug: Namespace : Using permissions from /srv/mail/foo@example.com-backup: mode=0700 gid=-1 doveadm(foo@example.com): Debug: Effective uid=5000, gid=5000, home=/srv/mail/foo@example.com doveadm(foo@example.com): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/srv/mail/foo@example.com doveadm(foo@example.com): Debug: fs: root=/srv/mail/foo@example.com, index=, control=, inbox=, alt= doveadm(foo@example.com): Debug: Namespace : Using permissions from /srv/mail/foo@example.com: mode=0700 gid=-1 The mail box is under: /srv/mail/foo@example.com The backup is under: /srv/mail/foo@example.com-backup It does nothing. The command directly returns. No copied mails. So what am I missing here? Current version here is Dovecot 2.1.7. Thanks in advance -Christian Rößner --- Rößner-Network-Solutions Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 7882340-0 F: +49 6631 7882340-9 M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] some mdbox mails get lost each day
Hi, > >>> doveadm import mdbox:~/mdbox-backup all-mails all >> >> problem >> >> I tried so, but this does not work here: > > I thought I'd make things easier by skipping the index rebuild, because I > thought doveadm import does it automatically, but I guess it doesn't notice > the problem: > > doveadm -o mail=mdbox:~/mdbox-backup force-resync INBOX > done And this created several folders under mailboxes again, but still the import command does not import anything. What am I missing here? -Christian Rößner --- Rößner-Network-Solutions Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 7882340-0 F: +49 6631 7882340-9 M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] some mdbox mails get lost each day
Hi, >>>> doveadm import mdbox:~/mdbox-backup all-mails all >>> >>> problem >>> >>> I tried so, but this does not work here: >> >> I thought I'd make things easier by skipping the index rebuild, because I >> thought doveadm import does it automatically, but I guess it doesn't notice >> the problem: >> >> doveadm -o mail=mdbox:~/mdbox-backup force-resync INBOX >> > done > > And this created several folders under mailboxes again, but still the import > command does not import anything. What am I missing here? > I tested today with Dovecot 2.1.9. Still not getting mails imported :-( How can I see, if the force-resync stuff was successful? Is there any doveadm dump -t index/log variable name that tells me, there do exist XYZ number of mails in the backup mail folder? Many thanks in advance -Christian Rößner --- Rößner-Network-Solutions Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 7882340-0 F: +49 6631 7882340-9 M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] some mdbox mails get lost each day
Hi, >>>>> doveadm import mdbox:~/mdbox-backup all-mails all >>>> >>>> problem >>>> >>>> I tried so, but this does not work here: >>> >>> I thought I'd make things easier by skipping the index rebuild, because I >>> thought doveadm import does it automatically, but I guess it doesn't notice >>> the problem: >>> >>> doveadm -o mail=mdbox:~/mdbox-backup force-resync INBOX >>> >> done >> >> And this created several folders under mailboxes again, but still the import >> command does not import anything. What am I missing here? >> > I tested today with Dovecot 2.1.9. Still not getting mails imported :-( > > How can I see, if the force-resync stuff was successful? Is there any doveadm > dump -t index/log variable name that tells me, there do exist XYZ number of > mails in the backup mail folder? > > Many thanks in advance sorry for bumping, but I am stuck at the moment. -Christian Rößner --- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 176 93118939 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] some mdbox mails get lost each day
Am 16.08.2012 um 10:20 schrieb Timo Sirainen: > On 16.8.2012, at 11.15, Christian Rößner wrote: > >>>>>>> doveadm import mdbox:~/mdbox-backup all-mails all >>>>>> >>>>>> problem >>>>>> >>>>>> I tried so, but this does not work here: >>>>> >>>>> I thought I'd make things easier by skipping the index rebuild, because I >>>>> thought doveadm import does it automatically, but I guess it doesn't >>>>> notice the problem: >>>>> >>>>> doveadm -o mail=mdbox:~/mdbox-backup force-resync INBOX >>>>> >>>> done >>>> >>>> And this created several folders under mailboxes again, but still the >>>> import command does not import anything. What am I missing here? >>>> >>> I tested today with Dovecot 2.1.9. Still not getting mails imported :-( >>> >>> How can I see, if the force-resync stuff was successful? Is there any >>> doveadm dump -t index/log variable name that tells me, there do exist XYZ >>> number of mails in the backup mail folder? >>> >>> Many thanks in advance >> >> >> sorry for bumping, but I am stuck at the moment. > > 1) Can you read mails from the resynced mdbox? For example: > > doveadm -o mail=mdbox:/anothermdbox fetch uid all > doveadm -o mail=mdbox:/srv/mail/foo@example.com-backup fetch uid all | grep uid | wc -l 949 There seem to be mails. At least I get several lines with uid: > 2) Is the problem just the doveadm import? Can you import anything to > anything at all? What does it say with -v parameter? It seems, it is just the import thing. doveadm -Dv import -u foo@example.com mdbox:/srv/mail/foo@example.com-backup all-mails ALL doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/lib20_mail_log_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_lookup (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_list_backend (this is usually intentional, so just ignore this message) doveadm(root): Debug: Effective uid=0, gid=0, home=/root doveadm(root): Debug: fs: root=/srv/mail/foo@example.com-backup, index=, control=, inbox=, alt= doveadm(root): Debug: Namespace : Using permissions from /srv/mail/foo@example.com-backup: mode=0700 gid=-1 doveadm(foo@example.com): Debug: Effective uid=5000, gid=5000, home=/srv/mail/foo@example.com doveadm(foo@example.com): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/srv/mail/foo@example.com doveadm(foo@example.com): Debug: fs: root=/srv/mail/foo@example.com, index=, control=, inbox=, alt= doveadm(foo@example.com): Debug: Namespace : Using permissions from /srv/mail/foo@example.com: mode=0700 gid=-1 Thanks in advance -Christian Rößner --- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 176 93118939 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] some mdbox mails get lost each day
Hi, >> doveadm -Dv import -u foo@example.com >> mdbox:/srv/mail/foo@example.com-backup all-mails ALL > > I find this strange. Does the mdbox size on filesystem get increased at all? > (You sure it's not just that they're not visible in your IMAP client?) > I find that strange, either :-) I have done: tree . ├── Drafts │ └── dbox-Mails │ └── dovecot.index.log ├── Gel&APY-schte Elemente │ └── dbox-Mails │ ├── dovecot.index.cache │ └── dovecot.index.log ├── Gesendete Elemente │ └── dbox-Mails │ ├── dovecot.index │ ├── dovecot.index.backup │ ├── dovecot.index.cache │ └── dovecot.index.log ├── INBOX │ └── dbox-Mails │ ├── dovecot.index │ ├── dovecot.index.backup │ ├── dovecot.index.cache │ └── dovecot.index.log ├── Junk │ └── dbox-Mails │ └── dovecot.index.log ├── Junk-E-Mail │ └── dbox-Mails │ └── dovecot.index.log ├── Sent │ └── dbox-Mails │ └── dovecot.index.log └── Trash └── dbox-Mails └── dovecot.index.log 16 directories, 15 files So at least I should see a folder called all-mail, don't I? If nothing helps, I create a new user called foo@example.com-backup and ask the customer to include that account as well just for importing stuff, he still needs. On the perspective of being a developer, too, I am interested why this does not work. So if you like to dig deeper into this, I gonna help you as much as I can. -Christian Rößner --- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 176 93118939 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
[Dovecot] OT: z-Push
Hi, just a short question: I have installed and configured z-Push to use BackendIMAP. On my iPhone I have created an account and I can see my mails. Also sending works. So far so good. Now the question: When I create a new folder i.e. Test under the root (/), then I get an error. And after resyncing the folder has been created not under /, but under /0/Test. Also I can not remove that folder over ActiveSync. Does somebody have z-Push fully working with Dovecot or is z-Push designed for Cyrus and only some features are working with Dovecot? So at the moment folder create/move/delete does not work here with z-Push-2.0.3 and Dovecot 2.1.9 Thanks in advance -Christian Rößner --- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 176 93118939 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com
Re: [Dovecot] OT: z-Push
Hi, > just a short question: > > I have installed and configured z-Push to use BackendIMAP. On my iPhone I > have created an account and I can see my mails. Also sending works. So far so > good. Now the question: > > When I create a new folder i.e. Test under the root (/), then I get an error. > And after resyncing the folder has been created not under /, but under > /0/Test. > > Also I can not remove that folder over ActiveSync. > > Does somebody have z-Push fully working with Dovecot or is z-Push designed > for Cyrus and only some features are working with Dovecot? > > So at the moment folder create/move/delete does not work here with > z-Push-2.0.3 and Dovecot 2.1.9 unfortunately z-Push is much too buggy here. So I dropped it in favor of standard IMAP. Best wishes -Christian Rößner --- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 176 93118939 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com
Re: [Dovecot] Help!
Hi, >> I have installed sendmail, dovecot, and squirrel mail. The squirrel >> mail portion of it works just fine, but I would like to have Mozilla >> Thunderbird as a client. Whenever I try and connect to the server it >> says "Thunderbird failed to find the settings for your email account." >> We do have an MX record in DNS pointing to our server. We are using >> Ubuntu 12.0.4.1, and have Dovecot 2.2.6 sendmail version 8.14.4-2ubuntu2 >> We are doing this for a class project and it is due by Tuesday 10/16/2012.. > > I have found Thunderbird's automatic setting detection mechanism to be > rather unreliable. > > Try entering the settings manually. I am one of the automx developers. Have a look at http://www.automx.org. It is open source. I also finished setting up a test server, so you can try with mail address aut...@automx.org, pw: automx and see how it works. Kind regards -Christian Rößner --- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 176 93118939 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com
[Dovecot] copymail deleted
Hi, I had enabled an option in dovecot. mail_attachment_dir = /var/mail/virtual/copymail/attachments After a while I checked /var/mail/virtual and did some cleanup. I did not remember that copymail was specified in dovecot and erased it. Oct 30 10:56:05 mx0 dovecot: imap(hidden): Error: file_istream.stat(/var/mail/virtual/copymail/attachments/6a/50/6a506530265ef7c9feb396410eaf6946036e9a79-b034401e794009503a042cb72ff6) failed: No such file or directory Oct 30 10:56:05 mx0 dovecot: imap(hidden): Error: istream-concat: Failed to get size of stream /var/mail/virtual/copymail/attachments/6a/50/6a506530265ef7c9feb396410eaf6946036e9a79-b034401e794009503a042cb72ff6 Oct 30 10:56:05 mx0 dovecot: imap(hidden): Error: read() failed: Invalid argument (FETCH for mailbox INBOX UID 196) Oct 30 10:56:05 mx0 dovecot: imap(hidden): Disconnected: Internal error occurred. Refer to server log for more information. [2012-10-30 10:56:05] in=150 out=950 I have Bacula and have restored most of the stuff, but obviously not all files. That is not too important. But I do not know, how to tell dovecot that it may "forget" about files that produce a "No such file or directory" error. Can I do some "rescan/rebuild" in dovecot? Kind regards -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] copymail deleted
> The format is: > > 1*( ) > > If the options="-" then the byte count is the final size. If options="B" then > byte count is the base64-encoded size while the original file has to be > base64-decoded size. Ok, so far I have "grep'ed" this here: msg.ext-ref = 83713 1282212 B76 6a/50/6a506530265ef7c9feb396410eaf6946036e9a79-b034401e794009503a042cb72ff6 1443213 550635 B76 56/f2/56f25e225385902f3fc5185dc3d0103f59b34d14-b134401e794009503a042cb72ff6 1994019 477177 B76 c4/36/c436874b56cf3cd105e82f9243c7eac53c467f32-b234401e794009503a042cb72ff6 2561522 1075531 B76 77/af/77af1045a783308dbbf2f8a464c5136a0407e720-b334401e794009503a042cb72ff6 3715582 1195635 B76 99/33/99339b17a21ce052cd8f47f1d88c6e869cc1650b-b434401e794009503a042cb72ff6 4966686 715386 B76 fe/df/fedf23091720d3fa649af3bd6537e66304b8061a-b534401e794009503a042cb72ff6 5805913 788086 B76 ab/36/ab36f53a443f1855bc13caaba9e01e9464b2921f-b634401e794009503a042cb72ff6 6684258 906273 B76 10/70/1070d21039bc3f305bb948315a01344eefb2a465-b734401e794009503a042cb72ff6 7590707 204613 B76 39/44/394402c057791482f79351363f025ae0a7caf1b0-b834401e794009503a042cb72ff6 7795492 1349911 B76 41/bd/41bd01b4880065e5136cafbd1d191a1f8a1ead55-b934401e794009503a042cb72ff6 9271435 1504539 B76 c6/71/c671c1367e843741a2cc8f083a37231522d37640-ba34401e794009503a042cb72ff6 10877759 357555 B76 58/f5/58f582d2644025b843cf991f5cf783d27f9d90c9-bb34401e794009503a042cb72ff6 11826037 890683 B76 82/da/82dabbe06f269e7c79417db3b570246a648d2139-bc34401e794009503a042cb72ff6 msg.ext-ref = 118947 317624 B76 ad/9b/ad9be52e11433cd0337cda13bf0a458fd0fd948d-df905c0cd33d0950ae782cb72ff6 436770 139669 B76 78/15/781526d896a0530a5e76ebce65f2eb690d102dd3-e0905c0cd33d0950ae782cb72ff6 576610 457829 B76 61/3a/613a70c8515c572a04211fb0c63828d9c9acfb70-e1905c0cd33d0950ae782cb72ff6 1107667 410786 B76 7f/6b/7f6b7ee9b08a73600d98e8583aae343a90e76b96-e2905c0cd33d0950ae782cb72ff6 1611186 816686 B76 ff/ff/9362c5356d8bedb17bd56edf0524bd0ae7b3-e3905c0cd33d0950ae782cb72ff6 2516232 643918 B76 4f/aa/4faa153fada5ceea79016cf2eadc1d05110f3f2e-e4905c0cd33d0950ae782cb72ff6 3291363 1036359 B76 e6/f3/e6f342bf28e8edfd3214666aaa52f0c067bae22b-e5905c0cd33d0950ae782cb72ff6 4418344 668813 B76 20/78/2078c98fb9bcadeeaa49bc38dc31548142fc71b1-e6905c0cd33d0950ae782cb72ff6 5154786 502218 B76 40/f4/40f4af3ad2077493caa34faabb201531609b50c4-e7905c0cd33d0950ae782cb72ff6 5782912 628591 B76 cc/a9/cca98a2a325f1be9a398d62890836cf11f267c4b-e8905c0cd33d0950ae782cb72ff6 6518382 526201 B76 17/47/1747a90b58c50c3d01da7f3a6601f7073cd5b163-e9905c0cd33d0950ae782cb72ff6 7140759 517776 B76 04/af/04afe7deb8e6ee99153433d2845da417e54cd042-ea905c0cd33d0950ae782cb72ff6 7769983 2317979 B76 05/13/0513bcfceff303125f233ad2c01c5ba2ed96c6a2-eb905c0cd33d0950ae782cb72ff6 10214312 3097649 B76 35/e4/35e46902b3e6473b9689a92acd71e58fb7165a8f-ec905c0cd33d0950ae782cb72ff6 msg.ext-ref = 75027 1291257 B76 b9/dc/b9dcd6899ae65e5c11b122d7bfc3be9fefc21024-5df010068b3f0950c27d2cb72ff6 1441078 1131344 B76 f6/e6/f6e63f000d6501be472629747448057b122104c1-5ef010068b3f0950c27d2cb72ff6 2572595 2218094 B76 93/96/9396c5eaeac2615119e55c67fa8f010332ba0fd3-5ff010068b3f0950c27d2cb72ff6 4790862 2211695 B76 cc/a5/cca5607fb739306f3628a19575dc41432f74a22d-60f010068b3f0950c27d2cb72ff6 7002730 2614603 B76 66/10/661002c8039997174e34b9ef31d0e693a556eebe-61f010068b3f0950c27d2cb72ff6 9617506 2760312 B76 8c/65/8c656fe835af26c175337cd318daca8ae8e00369-62f010068b3f0950c27d2cb72ff6 12377991 2341764 B76 19/c8/19c83e0bf1284e74e49feecaf95506266201551d-63f010068b3f0950c27d2cb72ff6 15209343 406758 B76 b6/62/b66216837cc48422e22e7a9a22631f840a49ef78-64f010068b3f0950c27d2cb72ff6 15616301 136877 B76 06/9f/069f5ab86dc9e8e9972f3f5c0dda03c1f3103730-65f010068b3f0950c27d2cb72ff6 15753350 971075 B76 a7/7c/a77c36690ff0f0f774b82efaf15f93535ba027e9-66f010068b3f0950c27d2cb72ff6 16849194 1197333 B76 4f/28/4f2881be6d0e8a7f53c0e226c0dbb148b05674c7-67f010068b3f0950c27d2cb72ff6 18168424 850768 B76 92/72/9272e1ea7ceb79df6222686bf157f957fa9851c1-68f010068b3f0950c27d2cb72ff6 19019393 135641 B76 60/fd/60fdcd7851c8f0a21f342aaafce9e49a3e00e1aa-69f010068b3f0950c27d2cb72ff6 19155207 897179 B76 63/59/6359abf4f9e806e3990e0d6590e519924c838fa5-6af010068b3f0950c27d2cb72ff6 20169966 1022612 B76 f8/65/f8654367f5df050d23565644e83c8c50abb69c39-6bf010068b3f0950c27d2cb72ff6 But I did not understand the base64 explanation. Sorry :) For me it seems all "options" are B-prefixed. So they are all base64? But which value is now the size and how do I create the missing files now? Using dd? Can you give me an example from the output above? That would help me. Thanks a lot Kind regards -Christian Rößner -- [*] sys4 AG http://sys4.de, +
Re: [Dovecot] copymail deleted
Hi, >> msg.ext-ref = 83713 1282212 B76 >> 6a/50/6a506530265ef7c9feb396410eaf6946036e9a79-b034401e794009503a042cb72ff6 > >> But I did not understand the base64 explanation. Sorry :) For me it seems >> all "options" are B-prefixed. So they are all base64? But which value is now >> the size and how do I create the missing files now? Using dd? Can you give >> me an example from the output above? That would help me. > > They are all base64 yes, the B76 means that all the encoded lines will be 76 > chars long. So the file size above needs to be 1282212, divided by 77 (76+LF) > = 16652 full lines and 8 bytes over. Base64 encodes 3 byte blocks into 4 byte > chars, so the original data has (16652*76+8)/4*3 = 949170 bytes (or 1-2 bytes > less, but that makes no difference because it's padded anyway). > > So if you create > /attachments/6a/50/6a506530265ef7c9feb396410eaf6946036e9a79-b034401e794009503a042cb72ff6 > that is 949170 bytes long, and do the same for the rest of the attachments, > you should be able to read this mail without errors. > > You can easily create the files without wasting space with: > dd if=/dev/zero of=foo bs=1 seek=949169 count=1 Thanks. I have calculated both other files and recreated zero padded files. Now I am going to watch the log file and see, if errors are gone. One last question: If the user now opens a mail, where the attachments are broken and he/she removes the mail, are the created hand-made files be removed automatically? Thanks in advance Kind regards -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
[Dovecot] Quota
Hi, is it possible to ask Dovecot for a users quota by talking to the Dovecot server over TCP? I know about doveadm quota -u , but I would like to know, if I can query for that over a network connection (on the Postfix ML they suggested writing a policy service that checks quota. Postfix is not always on the same server as Dovecot is). Does the LMTP protocol give that information somehow? I am not so familiar with LMTP. Or some Unix-Socket to query that could also be configured as inet_listener? Thanks in advance -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] Quota
Hi > perl: IMAP::Admin->get_quotaroot > php: imap_get_quota > ruby: Net::IMAP::MailboxQuota python-imaplib in my case ;) If connecting from the policy service, can I use Dovecot master password to get quota over IMAP? Thanks again Christian > > Regards > Daniel > -- > https://plus.google.com/103021802792276734820
Re: [Dovecot] Quota
Hi, >> If connecting from the policy service, can I use Dovecot master password to >> get quota over IMAP? > > Yes, I think a master user login should work as if the user has logged in. > > If you store quota in a database, the policy service could query the database. thanks a lot for your information. I have written a policy service in python for Postfix that can check "over quota" in Dovecot. Using IMAPS and the master user to check quota. If someone is interested, I can send a copy off list. -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
[Dovecot] sieve
Hi, is there a sieve option that can reject a mail directly without creating a new mail and sending that out? I know about reject "Reject message goes here"; but I am looking for a mechanism that can reject Mail. Postfix can use reject_unverified_recipient to connect to LMTP and ask if a mail would successfully be enqueued and will return the status gotten from the LMTP server if not. Chances are high that the mechanism would work, too, if Dovecot would know about the sieve rule, while getting a connection on LMTP. Does Dovecot know all rules at this point or is sieve handled after the mail has already been accepted? Kind regards -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] sieve
Hi, >> but I am looking for a mechanism that can reject Mail. Postfix can >> use reject_unverified_recipient to connect to LMTP and ask if a mail >> would successfully be enqueued and will return the status gotten from >> the LMTP server if not. Chances are high that the mechanism would >> work, too, if Dovecot would know about the sieve rule, while getting >> a connection on LMTP. Does Dovecot know all rules at this point or is >> sieve handled after the mail has already been accepted? >> > > I have no idea if your above idea would actually work, but having > followed your questions on the postfix ml and your interests in using > reject_unverified_recipient and its cache with lmtp, it would be very > unwise to cache deliverability on the postfix side based on sieve > results, since sieve is able to reject/bounce on any part of the message > including message body contents and such. yes I know what you mean. The problem is that a user can decide to "reject" not based on "from" leading in rejects to other mails coming in to the same user. Probably a problem. The idea came up, as I work for a little ISP/ESP here. Sometimes I get calls, where I get asked if I could reject mails from "xyz". And with a robut good working mechanism, where people could reject on their on decisions would make things easier. So I thought about sieve as being a workable solution. Another solution would be to write some kind of milter/policy-service with a web-interface, where people can reject mails directly on the postfix side. But this is a lot of work. Kind regards -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] sieve
Hi, >> Another solution would be to write some kind of milter/policy-service with a >> web-interface, where people can reject mails directly on the postfix side. >> But this is a lot of work. > > Use a web interface that requires auth. But I'd not use a milter/policy > service--too complicated and unnecessary. Just use a regular access(5) > table in db format. Simply write your script to append new addresses or > domains to the table with a REJECT action. Then add to main.cf an > appropriate restriction such as check_sender_access. Changes are picked > up automatically each time a new smtpd is fired so no postmap command is > required to make the change active. thanks to all of you. I think I have enough feedback and now I can decide what to do. Kind regards -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] 2.1.12: Panic: file solr-connection.c: line 547 (solr_connection_post_more)
> solr setup: > Java: icedtea 6.1.11.5 > Solr: 3.6.2 running in tomcat 7.0.32 I am running solr on Tomcat 6. > complete dovecot log: > doveadm(my@user): Error: fts_solr: Invalid XML input at 85:198: mismatched > tag (near: Apache Tomcat/7.0.32-gentoo - Error > report
Re: [Dovecot] 2.1.12: Panic: file solr-connection.c: line 547 (solr_connection_post_more)
Am 02.01.2013 um 17:57 schrieb Marc Schiffbauer : >> status 500. Internal server error? Do you have entries in Apache error.log? > > My /var/log/tomcat-7/* does not contain any other message. sorry, my fault. Dovecot connects directly to Tomcat, yes. I have tried to reproduce this here on Ubuntu 10.04 with indexing all users INBOXes, but that succeeds. So currently I have no further idea. -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
[Dovecot] Installing Dovecot on Gentoo
torage=300M:messages=2
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
zlib_save = gz
zlib_save_level = 6
}
protocols = imap pop3 lmtp sieve
service auth-worker {
extra_groups = ssl-cert
unix_listener auth-worker {
mode = 0600
user = vmail
}
user = vmail
}
service auth {
extra_groups = ssl-cert
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = vmail
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service lmtp {
unix_listener /var/spool/postfix/private/lmtp-dovecot {
group = postfix
mode = 0666
user = postfix
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = dovecot
}
ssl_ca = ldap://db.roessner-net.de/ ldap://roessner1.roessner-net.de/
sasl_bind = yes
sasl_mech = EXTERNAL
tls = yes
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
tls_cert_file = /etc/ssl/certs/mx0.roessner-net.de.pem
tls_key_file = /etc/ssl/private/mx0.roessner-net.de.key.pem
tls_require_cert = hard
debug_level = 7
base = ou=people,ou=it,dc=roessner-net,dc=de
user_attrs = rnsMSQuota=quota_rule=*:storage=%$,rnsMSMailboxHome=home
user_filter =
(&(objectClass=rnsMSDovecotAccount)(|(rnsMSRecipientAddress=%u)(uniqueIdentifier=%u)))
pass_attrs = rnsMSDeliverToAddress=user,userPassword=password
pass_filter =
(&(objectClass=rnsMSDovecotAccount)(|(rnsMSRecipientAddress=%u)(uniqueIdentifier=%u))(rnsMSEnableDovecot=TRUE))
iterate_attrs = rnsMSDovecotUser=user
iterate_filter = (objectClass=rnsMSDovecotAccount)
default_pass_scheme = PLAIN
---
Some portage information
---
[ebuild R] net-nds/openldap-2.4.30 USE="berkdb crypt ipv6 minimal sasl
ssl syslog tcpd -cxx -debug -experimental -gnutls -icu -iodbc -kerberos -odbc
-overlays -perl -samba (-selinux) -slp -smbkrb5passwd" 0 kB
[ebuild R] dev-libs/cyrus-sasl-2.1.25-r3:2 USE="berkdb gdbm ldapdb
openldap pam ssl urandom -authdaemond -java -kerberos -mysql -postgres -sample
-sqlite -srp -static-libs" 0 kB
[ebuild R ~] net-mail/dovecot-2.1.13::croessner USE="bzip2 caps imapc ipv6
ldap maildir managesieve mbox mdbox pam pop3c sdbox sieve solr sqlite ssl suid
zlib -cydir -doc -kerberos -lucene -mysql -postgres (-selinux) -static-libs
-vpopmail" 0 kB
---
As you can see, I have spent some time on this without luck and currently I
have no idea, what the problem is.
Any ideas on that?
Thanks in advance
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] Installing Dovecot on Gentoo
> In the logs it looks like this:
>
> ---
> Jan 13 15:22:30 mx0 dovecot: master: Dovecot v2.1.13 starting up (core dumps
> disabled)
> Jan 13 15:23:11 mx0 dovecot: auth: Debug: Loading modules from directory:
> /usr/lib64/dovecot/auth
> Jan 13 15:23:11 mx0 dovecot: auth: Debug: passwd-file
> /etc/dovecot/master-users: Read 1 users in 0 secs
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_extended_operation_s
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_extended_operation
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_send_initial_request
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_new_connection 1 1 0
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_int_open_connection
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_connect_to_host: TCP
> db.roessner-net.de:389
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_new_socket: 17
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_prepare_socket: 17
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_connect_to_host: Trying
> 193.239.107.37:389
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_pvt_connect: fd: 17 tm: -1
> async: 0
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_open_defconn: successful
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_send_server_request
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_result ld 0x35d6dd481c0 msgid 1
> Jan 13 15:23:11 mx0 dovecot: auth: Error: wait4msg ld 0x35d6dd481c0 msgid 1
> (infinite timeout)
> Jan 13 15:23:11 mx0 dovecot: auth: Error: wait4msg continue ld 0x35d6dd481c0
> msgid 1 all 1
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ** ld 0x35d6dd481c0 Connections:
> Jan 13 15:23:11 mx0 dovecot: auth: Error: * host: db.roessner-net.de port:
> 389 (default)
> Jan 13 15:23:11 mx0 dovecot: auth: Error: refcnt: 2 status: Connected
> Jan 13 15:23:11 mx0 dovecot: auth: Error: last used: Sun Jan 13 15:23:11
> 2013
> Jan 13 15:23:11 mx0 dovecot: auth: Error:
> Jan 13 15:23:11 mx0 dovecot: auth: Error:
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ** ld 0x35d6dd481c0 Outstanding
> Requests:
> Jan 13 15:23:11 mx0 dovecot: auth: Error: * msgid 1, origid 1, status
> InProgress
> Jan 13 15:23:11 mx0 dovecot: auth: Error:outstanding referrals 0, parent
> count 0
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ld 0x35d6dd481c0 request count 1
> (abandoned 0)
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ** ld 0x35d6dd481c0 Response Queue:
> Jan 13 15:23:11 mx0 dovecot: auth: Error:Empty
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ld 0x35d6dd481c0 response count 0
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_chkResponseList ld
> 0x35d6dd481c0 msgid 1 all 1
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_chkResponseList returns ld
> 0x35d6dd481c0 NULL
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_int_select
> Jan 13 15:23:11 mx0 dovecot: auth: Error: read1msg: ld 0x35d6dd481c0 msgid 1
> all 1
> Jan 13 15:23:11 mx0 dovecot: auth: Error: read1msg: ld 0x35d6dd481c0 msgid 1
> message type extended-result
> Jan 13 15:23:11 mx0 dovecot: auth: Error: read1msg: ld 0x35d6dd481c0 0 new
> referrals
> Jan 13 15:23:11 mx0 dovecot: auth: Error: read1msg: mark request completed,
> ld 0x35d6dd481c0 msgid 1
> Jan 13 15:23:11 mx0 dovecot: auth: Error: request done: ld 0x35d6dd481c0
> msgid 1
> Jan 13 15:23:11 mx0 dovecot: auth: Error: res_errno: 0, res_error: <>,
> res_matched: <>
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_free_request (origid 1, msgid
> 1)
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_parse_extended_result
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_parse_result
> Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_msgfree
>
>
> Jan 13 15:23:11 mx0 dovecot: auth: Error: TLS: could not use key file
> `/etc/ssl/private/mx0.roessner-net.de.key.pem'.
> Jan 13 15:23:11 mx0 dovecot: auth: Error: TLS: error:0200100D:system
> library:fopen:Permission denied bss_file.c:398
> Jan 13 15:23:11 mx0 dovecot: auth: Error: TLS: error:20074002:BIO
> routines:FILE_CTRL:system lib bss_file.c:400
> Jan 13 15:23:11 mx0 dovecot: auth: Error: TLS: error:140B0002:SSL
> routines:SSL_CTX_use_PrivateKey_file:system lib ssl_rsa.c:648
strace shows also the permission problem:
6536 1020 munmap(0x769b665ae000, 4096) = 0
6537 1020 open("/etc/ssl/private/mx0.roessner-net.de.key.pem", O_RDONLY) = -1
EACCES (Permission denied)
6538 1020 write(2, "TLS: could not use key file `/et"..., 76) = 76
6539 991 <... epoll_wait resumed> {{EPOLLIN, {u32=2782493808,
u64=17315795663984}}}, 27, -1) = 1
6540 1020 write(2, "TLS: error:0200100D:system libra"..., 74
6541 991 gettimeofday(
6542 1020 <... write resumed> ) = 74
6543
Re: [Dovecot] [SOLVED] Installing Dovecot on Gentoo
Am 13.01.2013 um 18:13 schrieb Christian Rößner :
> 6537 1020 open("/etc/ssl/private/mx0.roessner-net.de.key.pem", O_RDONLY) =
> -1 EACCES (Permission denied)
I had messed up ACLs for this file. After creating private and key again with
correct setfacl command, everything works as expected. Sorry for the noice, but
this was really hard to find out.
Wrong:
getfacl private/
# file: private
# owner: root
# group: ssl-cert
# flags: -s-
user::rwx
user:amavis:r-x
group::---
mask::r-x
other::---
Right:
getfacl private/
# file: private/
# owner: root
# group: ssl-cert
user::rwx
user:amavis:r-x
group::r-x
mask::r-x
other::---
So as you can see the group settings got lost…
Thanks
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
[Dovecot] 2.2.1 and quota-status
Hi,
maybe this question already came up and I missed it in my mails, but if not… :
I have configured Quota for Dovecot since decades and now with the new policy
service, I wanted to include this into Postfix. I have followed Ralf's Blog and
there a two Problems:
I need to do this:
ls -la /var/run/dovecot/config
srw--- 1 root root 0 May 14 11:06 /var/run/dovecot/config
chown vmail /var/run/dovecot/config
ls -la /var/run/dovecot/config
srw--- 1 vmail root 0 May 14 11:06 /var/run/dovecot/config
Where can I tell Dovecot to set user vmail here? If I do not do this, I get the
following error in the logs:
May 14 10:54:50 mx0 dovecot: quota-status(c...@roessner-network-solutions.com):
Error: user c...@roessner-network-solutions.com: Error reading configuration:
net_connect_unix(/var/run/dovecot/config) failed: Permission denied
Also the following test does not succeed:
telnet localhost 12340
Trying ::1...
Connected to localhost.
Escape character is '^]'.
request=smtpd_access_policy
sender=f...@bar.tld
recipient=c...@roessner-network-solutions.com
size=100
action=
^]
telnet> quit
Connection closed.
Nothing in the logs. Just an empty answer.
Here is my config:
doveconf -n
# 2.2.1: /etc/dovecot/dovecot.conf
# OS: Linux 3.8.6-hardened x86_64 Gentoo Base System release 2.2
auth_master_user_separator = *
auth_mechanisms = plain login cram-md5 digest-md5 ntlm
auth_verbose = yes
hostname = mail.roessner-net.de
lda_mailbox_autosubscribe = yes
mail_access_groups = vmail
mail_attachment_dir = /var/mail/virtual/copymail/attachments
mail_gid = vmail
mail_location = mdbox:~/mdbox
mail_plugins = quota acl fts fts_solr zlib
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
mdbox_rotate_size = 128 M
namespace {
list = children
location = mdbox:%%h/mdbox
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox "Deleted Messages" {
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk-E-Mail {
special_use = \Junk
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox junkmail {
auto = subscribe
special_use = \Junk
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db
fts = solr
fts_solr = break-imap-search url=http://localhost:8080/solr/
quota = dict:User quota::file:%h/mdbox/dovecot-quota
quota_rule = *:storage=300M:messages=2
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
zlib_save = gz
zlib_save_level = 6
}
protocols = imap pop3 lmtp sieve
service auth-worker {
extra_groups = ssl-cert
unix_listener auth-worker {
mode = 0600
user = vmail
}
user = vmail
}
service auth {
extra_groups = ssl-cert
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = vmail
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service lmtp {
unix_listener /var/spool/postfix/private/lmtp-dovecot {
group = postfix
mode = 0666
user = postfix
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12340
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = dovecot
}
ssl_ca = http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] 2.2.1 and quota-status
> ls -la /var/run/dovecot/config
> srw--- 1 root root 0 May 14 11:06 /var/run/dovecot/config
>
> chown vmail /var/run/dovecot/config
>
> ls -la /var/run/dovecot/config
> srw--- 1 vmail root 0 May 14 11:06 /var/run/dovecot/config
thanks to e-frog, this part of the problem is solved by adding:
service config {
unix_listener config {
mode = 0600
user = vmail
}
}
to 10-master.conf
But the service itself still is not working here.
Kind regards
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] 2.2.1 and quota-status
Hi, Am 15.05.2013 um 13:28 schrieb Timo Sirainen : > On 14.5.2013, at 12.20, Christian Rößner wrote: > >> Also the following test does not succeed: >> >> telnet localhost 12340 >> Trying ::1... >> Connected to localhost. >> Escape character is '^]'. >> request=smtpd_access_policy >> sender=f...@bar.tld >> recipient=c...@roessner-network-solutions.com >> size=100 >> >> action= > > http://hg.dovecot.org/dovecot-2.2/rev/03aac782261e should help. > telnet localhost 12340 Trying ::1... Connected to localhost. Escape character is '^]'. request=smtpd_access_policy sender=f...@bar.tld recipient=c...@roessner-network-solutions.com size=100 action=552 5.2.2 Mailbox is full ^] telnet> quit Connection closed. Works :) Thanks -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
[Dovecot] file descriptor errors
Hi,
I use dovecot 2.2.9 on Gentoo Linux and I get lots of these erors in my log
file:
Dec 4 08:53:37 mx dovecot: auth: Error: close failed in file object destructor:
Dec 4 08:53:37 mx dovecot: auth: Error: IOError: [Errno 9] Bad file descriptor
What could cause these error messages?
My mailboxes are stored on an ext4 filesystem:
/dev/vdb1 on /srv/mail type ext4 (rw,noatime)
doveconf -n:
# OS: Linux 3.11.2-hardened x86_64 Gentoo Base System release 2.2 ext4
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_access_groups = mail
mail_attachment_dir = /srv/mail/copymail/attachments
mail_gid = mail
mail_location = maildir:/srv/mail/virtual/%d/%n
mail_plugins = quota acl zlib mail_log notify
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk-E-Mail {
auto = subscribe
special_use = \Junk
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix = INBOX.
}
passdb {
args = /usr/local/sbin/ispcp-decrypt.py
driver = checkpassword
}
plugin {
acl = vfile
acl_shared_dict = file:/srv/mail/virtual/shared-mailboxes.db
quota = dict:User quota::file:/srv/mail/virtual/%d/%n/dovecot-quota
quota_rule = *:storage=300M:messages=2
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = postmas...@deltaweb.de
protocols = imap pop3 lmtp sieve
service auth-worker {
extra_groups = ssl-cert
unix_listener auth-worker {
mode = 0600
user = vmail
}
user = vmail
}
service auth {
extra_groups = ssl-cert
unix_listener /var/spool/postfix.relay/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
mode = 0660
user = vmail
}
user = vmail
}
service config {
unix_listener config {
mode = 0600
user = vmail
}
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
inet_listener lmtp {
address = ::1
port = 24
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12340
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = dovecot
}
ssl_cert = http://www.roessner-network-solutions.com
smime.p7s
Description: S/MIME cryptographic signature
[Dovecot] file descriptor errors
Hi,
I use dovecot 2.2.9 on Gentoo Linux and I get lots of these erors in my log
file:
Dec 4 08:53:37 mx dovecot: auth: Error: close failed in file object destructor:
Dec 4 08:53:37 mx dovecot: auth: Error: IOError: [Errno 9] Bad file descriptor
What could cause these error messages?
My mailboxes are stored on an ext4 filesystem:
/dev/vdb1 on /srv/mail type ext4 (rw,noatime)
doveconf -n:
# OS: Linux 3.11.2-hardened x86_64 Gentoo Base System release 2.2 ext4
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_access_groups = mail
mail_attachment_dir = /srv/mail/copymail/attachments
mail_gid = mail
mail_location = maildir:/srv/mail/virtual/%d/%n
mail_plugins = quota acl zlib mail_log notify
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk-E-Mail {
auto = subscribe
special_use = \Junk
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix = INBOX.
}
passdb {
args = /usr/local/sbin/ispcp-decrypt.py
driver = checkpassword
}
plugin {
acl = vfile
acl_shared_dict = file:/srv/mail/virtual/shared-mailboxes.db
quota = dict:User quota::file:/srv/mail/virtual/%d/%n/dovecot-quota
quota_rule = *:storage=300M:messages=2
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = postmas...@deltaweb.de
protocols = imap pop3 lmtp sieve
service auth-worker {
extra_groups = ssl-cert
unix_listener auth-worker {
mode = 0600
user = vmail
}
user = vmail
}
service auth {
extra_groups = ssl-cert
unix_listener /var/spool/postfix.relay/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
mode = 0660
user = vmail
}
user = vmail
}
service config {
unix_listener config {
mode = 0600
user = vmail
}
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
inet_listener lmtp {
address = ::1
port = 24
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12340
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = dovecot
}
ssl_cert = http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
signature.asc
Description: Message signed with OpenPGP using GPGMail
Re: [Dovecot] file descriptor errors
Hi,
just a short question: I had sent exactly this same email with a wrong email
address (not the c...@sys4.de) and unfortunately I was to late deleting it in
Mailman. Now I get replies to the c...@roessner-network-solutions.com address,
which will not succeed at the moment, because of DMARC policy. So if you
already sent answers, could you please email it again to the c...@sys4.de mail.
Thanks a lot in advance
Am 04.12.2013 um 10:50 schrieb Christian Rößner :
> Hi,
>
> I use dovecot 2.2.9 on Gentoo Linux and I get lots of these erors in my log
> file:
>
> Dec 4 08:53:37 mx dovecot: auth: Error: close failed in file object
> destructor:
> Dec 4 08:53:37 mx dovecot: auth: Error: IOError: [Errno 9] Bad file
> descriptor
>
> What could cause these error messages?
>
> My mailboxes are stored on an ext4 filesystem:
> /dev/vdb1 on /srv/mail type ext4 (rw,noatime)
>
> doveconf -n:
> # OS: Linux 3.11.2-hardened x86_64 Gentoo Base System release 2.2 ext4
> auth_master_user_separator = *
> auth_mechanisms = plain login
> auth_verbose = yes
> disable_plaintext_auth = no
> imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> mail_access_groups = mail
> mail_attachment_dir = /srv/mail/copymail/attachments
> mail_gid = mail
> mail_location = maildir:/srv/mail/virtual/%d/%n
> mail_plugins = quota acl zlib mail_log notify
> mail_privileged_group = mail
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date ihave
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Junk-E-Mail {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix = INBOX.
> }
> passdb {
> args = /usr/local/sbin/ispcp-decrypt.py
> driver = checkpassword
> }
> plugin {
> acl = vfile
> acl_shared_dict = file:/srv/mail/virtual/shared-mailboxes.db
> quota = dict:User quota::file:/srv/mail/virtual/%d/%n/dovecot-quota
> quota_rule = *:storage=300M:messages=2
> quota_status_nouser = DUNNO
> quota_status_overquota = 552 5.2.2 Mailbox is full
> quota_status_success = DUNNO
> quota_warning = storage=95%% quota-warning 95 %u
> quota_warning2 = storage=80%% quota-warning 80 %u
> sieve = ~/.dovecot.sieve
> sieve_dir = ~/sieve
> zlib_save = gz
> zlib_save_level = 6
> }
> postmaster_address = postmas...@deltaweb.de
> protocols = imap pop3 lmtp sieve
> service auth-worker {
> extra_groups = ssl-cert
> unix_listener auth-worker {
> mode = 0600
> user = vmail
> }
> user = vmail
> }
> service auth {
> extra_groups = ssl-cert
> unix_listener /var/spool/postfix.relay/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> unix_listener auth-userdb {
> mode = 0660
> user = vmail
> }
> user = vmail
> }
> service config {
> unix_listener config {
> mode = 0600
> user = vmail
> }
> }
> service dict {
> unix_listener dict {
> mode = 0600
> user = vmail
> }
> }
> service imap-login {
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> }
> service lmtp {
> inet_listener lmtp {
> address = ::1
> port = 24
> }
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> inet_listener sieve_deprecated {
> port = 2000
> }
> }
> service pop3-login {
> inet_listener pop3s {
> port = 995
> ssl = yes
> }
> }
> service quota-status {
> client_limit = 1
> executable = quota-status -p postfix
> inet_listener {
> port = 12340
> }
> }
> service quota-warning {
> executable = script /usr/local/bin/quota-warning.sh
> unix_listener quota-warning {
> user = vmail
> }
> user = dovecot
> }
> ssl_cert = ssl_key = userdb {
> args = /etc/dovecot/dovecot-sql.conf.ext
> driver = sql
> }
> protocol lmtp {
> mail_plugins = quota acl zlib mail_log notify sieve
> }
> protocol lda {
> mail_plugins = quota acl zlib mail_log notify sieve
> }
> protocol imap {
> mail_max_userip_connec
Re: [Dovecot] file descriptor errors
Hi,
Am 04.12.2013 um 10:50 schrieb Christian Rößner :
> Hi,
>
> I use dovecot 2.2.9 on Gentoo Linux and I get lots of these erors in my log
> file:
>
> Dec 4 08:53:37 mx dovecot: auth: Error: close failed in file object
> destructor:
> Dec 4 08:53:37 mx dovecot: auth: Error: IOError: [Errno 9] Bad file
> descriptor
>
I found the problem, but do not know, if my solution is okay. It is the
checkpassword script that I wrote in python:
…
# Return data to Dovecot
try:
fd = os.fdopen(dovecot_out, "w")
except:
sl.syslog(sl.LOG_ERR,
"Can not write to FD 4")
sys.exit(1)
os.write(fd.fileno(),
"\tuserdb_uid=%i"
"\tuserdb_gid=%i"
% (uid, gid))
#os.close(fd.fileno())
try:
os.putenv('USER', username)
os.putenv('HOME', local_part_dir)
except:
sl.syslog(sl.LOG_WARN,
"Can not set environment variables“)
…
When it comes to the os.close(fd.fileno()) call dovecot throws an error. So for
now, I leave the file descriptor open and wait for the script to terminate. I
thought, I would have to close the descriptor after using it, do I?
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Dovecot] SOLR quick and dirty how to - needs review/testing
Hi, I just wrote a quick and dirty how to. But not sure, if that is done the way it should. So any kind of feedback is welcome. http://www.roessner-network-solutions.com/?p=1127 At least the stuff does not break things here :-) Kind regards -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein signature.asc Description: Message signed with OpenPGP using GPGMail
[Dovecot] Errors in log file
Hi,
just wonder about some errors I found with:
doveadm log errors:
…
Dec 16 17:21:55 imap(roessner@): Error:
stat(/srv/mail/virtual/*/roessner/.dovecot.sieve/tmp) failed: Not a
directory
…
And this is correct, it is a link:
.dovecot.sieve -> sieve/default.sieve
I do not see, where I have an error in my config ;)
root@mx ~ # doveconf -n
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.11.2-hardened x86_64 Gentoo Base System release 2.2 ext4
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
default_vsz_limit = 512 M
disable_plaintext_auth = no
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k
mail_access_groups = mail
mail_attachment_dir = /srv/mail/copymail/attachments
mail_gid = mail
mail_location = maildir:/srv/mail/virtual/%d/%n
mail_plugins = quota acl fts fts_lucene zlib mail_log notify listescape
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace {
list = children
location = maildir:%%h
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk-E-Mail {
auto = subscribe
special_use = \Junk
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /usr/local/sbin/ispcp-decrypt.py
driver = checkpassword
}
plugin {
acl = vfile
acl_shared_dict = file:/srv/mail/virtual/shared-mailboxes.db
fts = lucene
fts_autoindex = yes
fts_lucene = whitespace_chars=@.
quota = dict:User quota::file:/srv/mail/virtual/%d/%n/dovecot-quota
quota_grace = 10%%
quota_rule = *:storage=2G:messages=2
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=100%% quota-warning below %u
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = postmas...@deltaweb.de
protocols = imap pop3 lmtp sieve
service auth-worker {
extra_groups = ssl-cert
unix_listener auth-worker {
mode = 0600
user = vmail
}
user = vmail
}
service auth {
extra_groups = ssl-cert
unix_listener /var/spool/postfix.relay/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
mode = 0660
user = vmail
}
user = vmail
}
service config {
unix_listener config {
mode = 0600
user = vmail
}
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
inet_listener lmtp {
address = ::1
port = 24
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12340
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
user = vmail
}
ssl_cert = http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
signature.asc
Description: Message signed with OpenPGP using GPGMail
Re: [Dovecot] Errors in log file
Hi, >> Dec 16 17:21:55 imap(roessner@): Error: >> stat(/srv/mail/virtual/*/roessner/.dovecot.sieve/tmp) failed: Not a >> directory > > This is why it's not a good idea to use home as the Maildir root directory. > You can work around this by setting maildir_stat_dirs=yes (minor performance > hit). A bigger problem comes if a user creates a "dovecot/sieve" folder. I fully agree. The mailboxes are historical from an old Courier-IMAP server. Maybe more than 5 years ago. I switched to Dovecot in the past. Probably I will write a little script and rearrange the directory structure. The workaround is okay for now. Thanks a lot Enjoy the holidays -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [Dovecot] [SOLVED] Errors in log file
Hi >>> Dec 16 17:21:55 imap(roessner@): Error: >>> stat(/srv/mail/virtual/*/roessner/.dovecot.sieve/tmp) failed: Not a >>> directory >> >> This is why it's not a good idea to use home as the Maildir root directory. >> You can work around this by setting maildir_stat_dirs=yes (minor performance >> hit). A bigger problem comes if a user creates a "dovecot/sieve" folder. > > I fully agree. The mailboxes are historical from an old Courier-IMAP server. > Maybe more than 5 years ago. I switched to Dovecot in the past. > > Probably I will write a little script and rearrange the directory structure. Solved! 15.000 lines bash script and now I have a perfect clean directory structure and all problems are gone Happy holidays Christian
Re: [Dovecot] [SOLVED] Errors in log file
Hi,
>>>> This is why it's not a good idea to use home as the Maildir root
>>>> directory. You can work around this by setting maildir_stat_dirs=yes
>>>> (minor performance hit). A bigger problem comes if a user creates a
>>>> "dovecot/sieve" folder.
>
>>> I fully agree. The mailboxes are historical from an old Courier-IMAP
>>> server. Maybe more than 5 years ago. I switched to Dovecot in the past.
>>>
>>> Probably I will write a little script and rearrange the directory structure.
>
>> Solved! 15.000 lines bash script and now I have a perfect clean directory
>> structure and all problems are gone
>
> Care to share the script? I collect cool little things like this in case I
> ever need something like it...
Of course. This script is a python script that generates the bash script. It
assumes that the maildir is directly und a users home and that also the sieve
folder lives inside the maildir. But the script is very simple, so you can
adopt it to your needs:
Second, it looks for a sieve script called default.sieve, which I told
roundcube to use as a name. So maybe you need to adjust this as well.
#!/usr/bin/python2.7
import os
import sys
import glob
def main():
path_prefix = "/srv/mail/virtual"
prefix = "${P}"
print("#!/bin/bash\n")
print("P=%s\n" % path_prefix)
print("umask 077\n")
for directory in glob.iglob(path_prefix + "/*/*"):
dir_local = directory.split("/")[-1]
dir_domain = directory.split("/")[-2]
print("mv %s/%s/%s %s/%s/__maildir__%s__"
% (prefix, dir_domain, dir_local, prefix, dir_domain, dir_local))
print("mkdir %s/%s/%s" % (prefix, dir_domain, dir_local))
print("chown vmail:mail %s/%s/%s" % (prefix, dir_domain, dir_local))
print("mv %s/%s/__maildir__%s__ %s/%s/%s/maildir"
% (prefix, dir_domain, dir_local, prefix, dir_domain, dir_local))
print("mkdir %s/%s/%s/sieve" % (prefix, dir_domain, dir_local))
print("chown vmail:mail %s/%s/%s/sieve"
% (prefix, dir_domain, dir_local))
print("if [[ -f %s/%s/%s/maildir/sieve/default.sieve ]]; then"
% (prefix, dir_domain, dir_local))
print("\tmv %s/%s/%s/maildir/sieve/default.sieve %s/%s/%s/sieve/"
% (prefix, dir_domain, dir_local, prefix, dir_domain, dir_local))
print("\ttest -f %s/%s/%s/maildir/.dovecot.svbin && \\\n\t\tmv %s/%s/%s/maildir/.dovecot.svbin %s/%s/%s/"
% (prefix, dir_domain, dir_local, prefix, dir_domain, dir_local, prefix, dir_domain, dir_local))
print("\ttest -f %s/%s/%s/maildir/.dovecot.lda-dupes && \\\n\t\tmv %s/%s/%s/maildir/.dovecot.lda-dupes %s/%s/%s/"
% (prefix, dir_domain, dir_local, prefix, dir_domain, dir_local, prefix, dir_domain, dir_local))
print("\ttest -f %s/%s/%s/maildir/.dovecot.sieve.log && \\\n\t\tmv %s/%s/%s/maildir/.dovecot.sieve.log %s/%s/%s/"
% (prefix, dir_domain, dir_local, prefix, dir_domain, dir_local, prefix, dir_domain, dir_local))
print("\t( cd %s/%s/%s; ln -s sieve/default.sieve .dovecot.sieve )"
% (prefix, dir_domain, dir_local))
print("\trm -f %s/%s/%s/maildir/.dovecot.sieve"
% (prefix, dir_domain, dir_local))
print("fi")
print("rm -rf %s/%s/%s/maildir/sieve" % (prefix, dir_domain, dir_local))
print
print("exit 0")
return 0
if __name__ == "__main__":
sys.exit(main())
# vim: ts=4 sw=4 expandtab
The result looks something like:
#!/bin/bash
P=/srv/mail/virtual
umask 077
…
mv ${P}/deltaweb.de/cr ${P}/deltaweb.de/__maildir__cr__
mkdir ${P}/deltaweb.de/cr
chown vmail:mail ${P}/deltaweb.de/cr
mv ${P}/deltaweb.de/__maildir__cr__ ${P}/deltaweb.de/cr/maildir
mkdir ${P}/deltaweb.de/cr/sieve
chown vmail:mail ${P}/deltaweb.de/cr/sieve
if [[ -f ${P}/deltaweb.de/cr/maildir/sieve/default.sieve ]]; then
mv ${P}/deltaweb.de/cr/maildir/sieve/default.sieve
${P}/deltaweb.de/cr/sieve/
test -f ${P}/deltaweb.de/cr/maildir/.dovecot.svbin && \
mv ${P}/deltaweb.de/cr/maildir/.dovecot.svbin
${P}/deltaweb.de/cr/
test -f ${P}/deltaweb.de/cr/maildir/.dovecot.lda-dupes && \
mv ${P}/deltaweb.de/cr/maildir/.dovecot.lda-dupes
${P}/deltaweb.de/cr/
test -f ${P}/deltaweb.de/cr/maildir/.dovecot.sieve.log && \
mv ${P}/deltaweb.de/cr/maildir/.dovecot.sieve.log
${P}/deltaweb.de/cr/
( cd ${P}/deltaweb.de/cr; ln -s sieve/default.sieve .dov
[Dovecot] German Umlauts in folder name and sieve
Hi,
I had created an imap folder that has German Umlauts in it:
„RA Rößner - Merle“
When finished, the result looks like this on filesystem:
drwx-- 3 vmail vmail 4096 Dec 27 11:02 RA Ro&AwgA3w-ner - Merle/
I wrote this sieve script (with SOGo):
if anyof (address :regex "from" "@.*\\.ra-roessner-merle\\.de") {
fileinto "RA Ro&AwgA3w-ner - Merle";
stop;
}
That creates a new IMAP folder with exactly this strange name.
Can I change this somehow?
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.11.2-hardened x86_64 Gentoo Base System release 2.2
auth_master_user_separator = *
auth_mechanisms = plain login cram-md5 digest-md5 ntlm
auth_verbose = yes
default_vsz_limit = 512 M
hostname = mail.roessner-net.de
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k
mail_access_groups = vmail
mail_attachment_dir = /var/mail/virtual/copymail/attachments
mail_gid = vmail
mail_location = mdbox:~/mdbox
mail_plugins = quota acl fts fts_lucene zlib mail_log notify
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
mdbox_rotate_size = 128 M
namespace {
list = children
location = mdbox:%%h/mdbox
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox "Deleted Messages" {
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk-E-Mail {
auto = subscribe
special_use = \Junk
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox junkmail {
special_use = \Junk
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db
fts = lucene
fts_autoindex = yes
fts_lucene = whitespace_chars=@.
quota = dict:User quota::file:%h/mdbox/dovecot-quota
quota_grace = 10%%
quota_rule = *:storage=300M:messages=2
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=100%% quota-warning below %u
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
zlib_save = gz
zlib_save_level = 6
}
protocols = imap pop3 lmtp sieve
service auth-worker {
extra_groups = ssl-cert
unix_listener auth-worker {
mode = 0600
user = vmail
}
user = vmail
}
service auth {
extra_groups = ssl-cert
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = vmail
}
service config {
unix_listener config {
mode = 0600
user = vmail
}
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service lmtp {
unix_listener /var/spool/postfix/private/lmtp-dovecot {
group = postfix
mode = 0666
user = postfix
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12340
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
user = vmail
}
ssl_cert = http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
signature.asc
Description: Message signed with OpenPGP using GPGMail
Re: [Dovecot] German Umlauts in folder name and sieve
Hi,
>> if anyof (address :regex "from" "@.*\\.ra-roessner-merle\\.de") {
>> fileinto "RA Ro&AwgA3w-ner - Merle";
>> stop;
>> }
>
> You need to put the imap folder name (fileinto "RA Rößner - Merle";) instead
> of directory name into your sieve script. More info in documentaton:
thank you very much. So this is a SOGo bug, as the folder gets listed in a pull
down menu ;-)
Kind regards
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Dovecot] pop3 rate limit
Hi, we have customers with Exchange servers that are polling for new mail every minute with dozens of pop3 accounts. I am looking for a mechanism to rate limit this per user. So what I am looking for is a way to block users from polling, if a user asks for new mail more than every 5 minutes (for example). Is this possible? Can this be achieved within Dovecot or does it need external scripting? (I thought about fail2ban, but also want IPv6 support) Thanks in advance -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [Dovecot] pop3 rate limit
Hi, >>> policyd can rate limit dovecot POP3 users? > >> sure :) > >> i just think dovecot does it better > >> last resort would be ip6table/iptable > > We're talking Dovecot, not Postfix. Policyd AFAIK is ran as a policy > from within Postfix. That would be over SMTP and not POP3. > > If there is some config within Dovecot to allow usage of policys > written for Postfix, please point that out. > > Searching the policyd.org site for terms like 'POP3' or 'Dovecot' > yield no results. That’s what I thought ;-) In fact I would have to write an external policy service that really counts user/time. But as Robert said, there seems not to be a bigger problem with lots of connections, so I do not try to find a solution here anymore :-) Thanks everybody -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Adding extra fields from an external source
> Am 02.12.2014 um 01:02 schrieb Ian Allison : > > Hi, > > I have an existing (Open)LDAP which I'm using with dovecot and I would > like to implement quotas. I have global quotas working, but I would like > per user quotas similar to what is described in the wiki > (http://wiki2.dovecot.org/Quota/Configuration#LDAP) My problem is that > there is no obvious attribute in the schemas shipped in the RHEL/Centos > 6 to hold the quota string. > > Is it possible to get User database extra fields from an external > source? e.g. flat file or MySQL table. I would like to pull everything > else from LDAP but just fill out quota_rule from a different source. > > I realize I could expand my LDAP but I'm wary of just importing some > random schema. I've had mixed results doing that in the past (the qmail > schema (http://www.zytrax.com/books/ldap/ape/qmail.html) was > incompatible with my existing structure, and at the moment I'm using a > hacked version of the linux quota project's LDAP schema > (http://sourceforge.net/projects/linuxquota/) - I'd rather have > something a bit more official). If there is a recommended schema that > you guys use which is stable and works well I would like to give that a > try. You could write your own schema. I have done so for my OpenLDAP. You can make it AUXILIARY and make attributes MAY. Example from my file: # RNS - 1.3.6.1.4.1.31612 # LDAP - 1.3.6.1.4.1.31612.1 # Mail 1.3.6.1.4.1.31612.1.2 # Attributes - 1.3.6.1.4.1.31612.1.2.1 # ObjectClasses - 1.3.6.1.4.1.31612.1.2.2 … attributetype ( 1.3.6.1.4.1.31612.1.1.1.6 NAME 'rnsMSQuota' DESC 'An integer that represents the quota on a mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) … objectclass ( 1.3.6.1.4.1.31612.1.1.2.2 NAME 'rnsMSDovecotAccount' DESC 'Dovecot account for virtual domain mailboxes' SUP top AUXILIARY MAY ( ... $ rnsMSQuota $ ... $ ) ) … Christian -- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com signature.asc Description: Message signed with OpenPGP using GPGMail
Submission and TLS client certificate
Hi, is there some configuration parameter in Dovecot, which sends a TLS client certificate to the SMTP server? I would need this to have XCLIENT enabled and TLS with Postfix. This way I could permit sending based on the certificates fingerprint. Thanks in advance Christian Von unterwegs aus gesendet -- Rößner-Network-Solutions Karl-Bröger-Str. 10, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP Fingerprint: 8FB3 132F 85D8 C9C7 A9F1 9A3F 5183 D46C B885 897E
Re: Submission and TLS client certificate
Hi, > Am 18.08.2019 um 16:52 schrieb Stephan Bosch via dovecot > : > > > >>> On 18/08/2019 10:09, Christian Rößner via dovecot wrote: >> Hi, >> is there some configuration parameter in Dovecot, which sends a TLS client >> certificate to the SMTP server? I would need this to have XCLIENT enabled >> and TLS with Postfix. This way I could permit sending based on the >> certificates fingerprint. > > Can you elaborate? Are you talking about the submission relay service or > submission of outgoing messages from e.g. Sieve? The submission relay service. I like the idea of this service. Currently I did not activate the relay trust option, because I have no idea on how I could give permissions on the Postfix side. If Dovecot would send the certificate as reply to the smtpd_ask_ccert option, I could turn on XCLIENT in Dovecot and give permission based on the certificate fingerprint. At the moment I do STARTTLS from Dovecot to Postfix and have added Dovecot‘s IP to mynetworks in Postfix. But I would prefer XCLIENT. Thanks in advance Christian > > Regards, > > Stephan. > >> Thanks in advance >> Christian >> Von unterwegs aus gesendet >> -- >> Rößner-Network-Solutions >> Karl-Bröger-Str. 10, 36304 Alsfeld >> Fax: +49 6631 78823409 , Mobil: +49 171 9905345 >> >> USt-IdNr.: DE225643613, https://roessner.website <https://roessner.website/> >> PGP Fingerprint: 8FB3 132F 85D8 C9C7 A9F1 9A3F 5183 D46C B885 897E
Is XOAUTH2 support broken in 2.3.21?
Hi, I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20, but broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so it is introduced in the newer release. Error (2.3.21): ``` Oct 4 11:03:57 mx dovecot[558531]: imap-login: Disconnected: Connection closed (client didn't finish SASL auth, waited 1 secs): user=, orig_user=, method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, TLS, TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) ``` Here is an example with 2.3.20: Success (2.3.20): ``` Oct 4 11:17:21 mx dovecot[889914]: imap-login: Login: user=, orig_user=, method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, mpid=891874, TLS, TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) ``` Kind regards Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Karl-Bröger-Str. 10, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Is XOAUTH2 support broken in 2.3.21?
Hi, > Am 04.10.2023 um 12:56 schrieb Arjen de Korte : > > Citeren Christian Rößner via dovecot : > >> Hi, >> >> I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20, but >> broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so it is >> introduced in the newer release. >> >> Error (2.3.21): >> ``` >> Oct 4 11:03:57 mx dovecot[558531]: imap-login: Disconnected: Connection >> closed (client didn't finish SASL auth, waited 1 secs): >> user=, orig_user=, >> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, TLS, TLSv1.3 with cipher >> TLS_AES_256_GCM_SHA384 (256/256 bits) >> ``` >> >> Here is an example with 2.3.20: >> >> Success (2.3.20): >> ``` >> Oct 4 11:17:21 mx dovecot[889914]: imap-login: Login: >> user=, orig_user=, >> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, mpid=891874, TLS, TLSv1.3 >> with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) >> ``` > > Searching the archives might give a lead to what's going on (and a possible > workaround): > > https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/RR2GXLOAS6U3MZCQCA4T4S6QXCRV5GST I get a different error from RC: ``` Oct 04 12:08:48 node1 8868c38d7990[158494]: errors: <48ea0f68> IMAP Error: Login failed for christian@roessner.email against mail.roessner-net.de from 192.168.32.1 (X-Real-IP: 2003:a:a05:a600:858:7851:547f:8aed,X-Forwarded-For: 2003:a:a05:a600:858:7851:547f:8aed). AUTHENTICATE XOAUTH2: A0001 NO [AUTHENTICATIONFAILED] Authentication failed. in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 211 (GET /index.php/login/oauth?code=ory_ac_L5_NrO7EjgIccmV-_Tq1Y1_vls6i9NS8lbO7mHYwVeQ.maAkpsqdG95hkLutiDi4aB2KDPvj_pQ65qD-tuY9zBI&scope=openid+offline_access+profile+email+dovecot&state=J3WpRsBcOrnw) ``` And changing the introspection_url parameter did not change anything. Thanks in advance Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Karl-Bröger-Str. 10, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Karl-Bröger-Str. 10, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Is XOAUTH2 support broken in 2.3.21?
Hi again, > Am 04.10.2023 um 12:56 schrieb Arjen de Korte : > > Citeren Christian Rößner via dovecot : > >> Hi, >> >> I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20, but >> broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so it is >> introduced in the newer release. >> >> Error (2.3.21): >> ``` >> Oct 4 11:03:57 mx dovecot[558531]: imap-login: Disconnected: Connection >> closed (client didn't finish SASL auth, waited 1 secs): >> user=, orig_user=, >> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, TLS, TLSv1.3 with cipher >> TLS_AES_256_GCM_SHA384 (256/256 bits) >> ``` >> >> Here is an example with 2.3.20: >> >> Success (2.3.20): >> ``` >> Oct 4 11:17:21 mx dovecot[889914]: imap-login: Login: >> user=, orig_user=, >> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, mpid=891874, TLS, TLSv1.3 >> with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) >> ``` > I thought it would be oviously what is going wrong, so I did not show any configuration stuff. Here are some more details from the dovecot configuration: ``` tokeninfo_url = https://oauth.authserv.me:/userinfo?access_token= introspection_url = https://oauth.authserv.me:4445/admin/oauth2/introspect introspection_mode = post force_introspection = yes scope = email username_attribute = email username_format = %Lu active_attribute = active active_value = true openid_configuration_url = https://oauth.authserv.me:/.well-known/openid-configuration pass_attrs = \ dovecot_user=user \ dovecot_mailbox_home=userdb_home \ dovecot_mailbox_path=userdb_mail max_parallel_connections = 10 tls_allow_invalid_cert = yes ``` The OAuth2/OIDC server is Ory-hydra. The authentication backend is https://authserv.io <https://authserv.io/>, my own OpenSource project. Kind regards Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Karl-Bröger-Str. 10, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Is XOAUTH2 support broken in 2.3.21?
Hi, > Am 04.10.2023 um 14:31 schrieb Aki Tuomi : > >> >> On 04/10/2023 15:13 EEST Christian Rößner via dovecot >> wrote: >> >> >> Hi, >> >>> Am 04.10.2023 um 12:56 schrieb Arjen de Korte : >>> >>> Citeren Christian Rößner via dovecot : >>> >>>> Hi, >>>> >>>> I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20, but >>>> broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so it is >>>> introduced in the newer release. >>>> >>>> Error (2.3.21): >>>> ``` >>>> Oct 4 11:03:57 mx dovecot[558531]: imap-login: Disconnected: Connection >>>> closed (client didn't finish SASL auth, waited 1 secs): >>>> user=, orig_user=, >>>> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, TLS, TLSv1.3 with cipher >>>> TLS_AES_256_GCM_SHA384 (256/256 bits) >>>> ``` >>>> >>>> Here is an example with 2.3.20: >>>> >>>> Success (2.3.20): >>>> ``` >>>> Oct 4 11:17:21 mx dovecot[889914]: imap-login: Login: >>>> user=, orig_user=, >>>> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, mpid=891874, TLS, >>>> TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) >>>> ``` >>> >>> Searching the archives might give a lead to what's going on (and a possible >>> workaround): >>> >>> https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/RR2GXLOAS6U3MZCQCA4T4S6QXCRV5GST >> >> I get a different error from RC: >> >> ``` >> Oct 04 12:08:48 node1 8868c38d7990[158494]: errors: <48ea0f68> IMAP Error: >> Login failed for christian@roessner.email against mail.roessner-net.de from >> 192.168.32.1 (X-Real-IP: 2003:a:a05:a600:858:7851:547f:8aed,X-Forwarded-For: >> 2003:a:a05:a600:858:7851:547f:8aed). AUTHENTICATE XOAUTH2: A0001 NO >> [AUTHENTICATIONFAILED] Authentication failed. in >> /var/www/html/program/lib/Roundcube/rcube_imap.php on line 211 (GET >> /index.php/login/oauth?code=ory_ac_L5_NrO7EjgIccmV-_Tq1Y1_vls6i9NS8lbO7mHYwVeQ.maAkpsqdG95hkLutiDi4aB2KDPvj_pQ65qD-tuY9zBI&scope=openid+offline_access+profile+email+dovecot&state=J3WpRsBcOrnw) >> ``` >> >> And changing the introspection_url parameter did not change anything. >> >> Thanks in advance >> >> Christian Rößner >> -- > > Can you provide auth_debug=yes logs? Turning n debug showed the problem: ``` Oct 4 14:50:31 mx dovecot[1302421]: auth: Debug: oauth2(christian@roessner.email,192.168.0.4,<3kfgc+MGeuXAqAAE>): oauth2 active_attribute "active" is not present in the oauth2 server's response ``` In earlier configuration tests I had an 'active' claim. Dovecot prior 2.3.21 seems to had ignored a missing field, while newer version expect it to be present if configured. Thanks. Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Karl-Bröger-Str. 10, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: [EXT] Is XOAUTH2 support broken in 2.3.21?
Hi,
well I fear there is still something wrong.
> Am 04.10.2023 um 15:05 schrieb Aki Tuomi via dovecot :
>
>>
>> On 04/10/2023 16:02 EEST Christian Rößner wrote:
>>
>>
>> Hi,
>>
>>> Am 04.10.2023 um 14:31 schrieb Aki Tuomi :
>>>
>>>>
>>>> On 04/10/2023 15:13 EEST Christian Rößner via dovecot
>>>> wrote:
>>>>
>>>>
>>>> Hi,
>>>>
>>>>> Am 04.10.2023 um 12:56 schrieb Arjen de Korte
>>>>> :
>>>>>
>>>>> Citeren Christian Rößner via dovecot :
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20, but
>>>>>> broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so it is
>>>>>> introduced in the newer release.
>>>>>>
>>>>>> Error (2.3.21):
>>>>>> ```
>>>>>> Oct 4 11:03:57 mx dovecot[558531]: imap-login: Disconnected: Connection
>>>>>> closed (client didn't finish SASL auth, waited 1 secs):
>>>>>> user=, orig_user=,
>>>>>> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, TLS, TLSv1.3 with
>>>>>> cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
>>>>>> ```
>>>>>>
>>>>>> Here is an example with 2.3.20:
>>>>>>
>>>>>> Success (2.3.20):
>>>>>> ```
>>>>>> Oct 4 11:17:21 mx dovecot[889914]: imap-login: Login:
>>>>>> user=, orig_user=,
>>>>>> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, mpid=891874, TLS,
>>>>>> TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
>>>>>> ```
>>>>>
>>>>> Searching the archives might give a lead to what's going on (and a
>>>>> possible workaround):
>>>>>
>>>>> https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/RR2GXLOAS6U3MZCQCA4T4S6QXCRV5GST
>>>>
>>>> I get a different error from RC:
>>>>
>>>> ```
>>>> Oct 04 12:08:48 node1 8868c38d7990[158494]: errors: <48ea0f68> IMAP Error:
>>>> Login failed for christian@roessner.email against mail.roessner-net.de
>>>> from 192.168.32.1 (X-Real-IP:
>>>> 2003:a:a05:a600:858:7851:547f:8aed,X-Forwarded-For:
>>>> 2003:a:a05:a600:858:7851:547f:8aed). AUTHENTICATE XOAUTH2: A0001 NO
>>>> [AUTHENTICATIONFAILED] Authentication failed. in
>>>> /var/www/html/program/lib/Roundcube/rcube_imap.php on line 211 (GET
>>>> /index.php/login/oauth?code=ory_ac_L5_NrO7EjgIccmV-_Tq1Y1_vls6i9NS8lbO7mHYwVeQ.maAkpsqdG95hkLutiDi4aB2KDPvj_pQ65qD-tuY9zBI&scope=openid+offline_access+profile+email+dovecot&state=J3WpRsBcOrnw)
>>>> ```
>>>>
>>>> And changing the introspection_url parameter did not change anything.
>>>>
>>>> Thanks in advance
>>>>
>>>> Christian Rößner
>>>> --
>>>
>>> Can you provide auth_debug=yes logs?
>>
>> Turning n debug showed the problem:
>>
>> ```
>> Oct 4 14:50:31 mx dovecot[1302421]: auth: Debug:
>> oauth2(christian@roessner.email,192.168.0.4,<3kfgc+MGeuXAqAAE>): oauth2
>> active_attribute "active" is not present in the oauth2 server's response
>> ```
>>
>> In earlier configuration tests I had an 'active' claim. Dovecot prior 2.3.21
>> seems to had ignored a missing field, while newer version expect it to be
>> present if configured.
>>
>> Thanks.
>>
>> Christian Rößner
>> --
>
> Yes, this was a bug that was fixed, that the active attribute is now actually
> checked.
I thought I had mistakenly removed the active field, but I did not:
```
curl -X POST -d 'scope=email&token=HIDDEN***'
https://oauth.authserv.me:4445/admin/oauth2/introspect
{"active":true,"scope":"openid profile email groups dovecot offline
offline_access","client_id":"718f4a52-e1a8-431d-9146-15809cfe3240","sub":"977c6572-d017-103b-836b-b5fc6e126160","exp":1696442299,"iat":1696438699,"nbf":1696438699,"aud":[],"iss":"https://oauth.authserv.me:","token_type":"Bearer","token_use":"access_token"}
```
As you can see, the 'active' f
Re: [EXT] Is XOAUTH2 support broken in 2.3.21?
Hi, > Am 05.10.2023 um 08:22 schrieb Aki Tuomi via dovecot : > > You seem to be using userinfo and not introspect endpoint in your > configuration. Does userinfo return active too? tokeninfo_url = https://oauth.authserv.me:/userinfo?access_token= introspection_url = https://oauth.authserv.me:4445/admin/oauth2/introspect I consider tokeninfo_url to be a userinfo URL and introspection_url for introspection ;-) The curl command I showed is against the introspection endpoint. The userinfo endpoint does not list the active flag. Christian > > Aki > >> On 04/10/2023 20:05 EEST Christian Rößner via dovecot >> wrote: >> >> >> Hi, >> >> well I fear there is still something wrong. >> >>> Am 04.10.2023 um 15:05 schrieb Aki Tuomi via dovecot : >>> >>>> >>>> On 04/10/2023 16:02 EEST Christian Rößner wrote: >>>> >>>> >>>> Hi, >>>> >>>>> Am 04.10.2023 um 14:31 schrieb Aki Tuomi : >>>>> >>>>>> >>>>>> On 04/10/2023 15:13 EEST Christian Rößner via dovecot >>>>>> wrote: >>>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>>> Am 04.10.2023 um 12:56 schrieb Arjen de Korte >>>>>>> : >>>>>>> >>>>>>> Citeren Christian Rößner via dovecot : >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20, >>>>>>>> but broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so it >>>>>>>> is introduced in the newer release. >>>>>>>> >>>>>>>> Error (2.3.21): >>>>>>>> ``` >>>>>>>> Oct 4 11:03:57 mx dovecot[558531]: imap-login: Disconnected: >>>>>>>> Connection closed (client didn't finish SASL auth, waited 1 secs): >>>>>>>> user=, orig_user=, >>>>>>>> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, TLS, TLSv1.3 with >>>>>>>> cipher TLS_AES_256_GCM_SHA384 (256/256 bits) >>>>>>>> ``` >>>>>>>> >>>>>>>> Here is an example with 2.3.20: >>>>>>>> >>>>>>>> Success (2.3.20): >>>>>>>> ``` >>>>>>>> Oct 4 11:17:21 mx dovecot[889914]: imap-login: Login: >>>>>>>> user=, orig_user=, >>>>>>>> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, mpid=891874, TLS, >>>>>>>> TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) >>>>>>>> ``` >>>>>>> >>>>>>> Searching the archives might give a lead to what's going on (and a >>>>>>> possible workaround): >>>>>>> >>>>>>> https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/RR2GXLOAS6U3MZCQCA4T4S6QXCRV5GST >>>>>> >>>>>> I get a different error from RC: >>>>>> >>>>>> ``` >>>>>> Oct 04 12:08:48 node1 8868c38d7990[158494]: errors: <48ea0f68> IMAP >>>>>> Error: Login failed for christian@roessner.email against >>>>>> mail.roessner-net.de from 192.168.32.1 (X-Real-IP: >>>>>> 2003:a:a05:a600:858:7851:547f:8aed,X-Forwarded-For: >>>>>> 2003:a:a05:a600:858:7851:547f:8aed). AUTHENTICATE XOAUTH2: A0001 NO >>>>>> [AUTHENTICATIONFAILED] Authentication failed. in >>>>>> /var/www/html/program/lib/Roundcube/rcube_imap.php on line 211 (GET >>>>>> /index.php/login/oauth?code=ory_ac_L5_NrO7EjgIccmV-_Tq1Y1_vls6i9NS8lbO7mHYwVeQ.maAkpsqdG95hkLutiDi4aB2KDPvj_pQ65qD-tuY9zBI&scope=openid+offline_access+profile+email+dovecot&state=J3WpRsBcOrnw) >>>>>> ``` >>>>>> >>>>>> And changing the introspection_url parameter did not change anything. >>>>>> >>>>>> Thanks in advance >>>>>> >>>>>> Christian Rößner >>>>>> -- >>>>> >>>>> Can you provide auth_debug=yes logs? >>>> >>>> Turning n debug showed the problem: >>>> >>>> ``` >>>> Oct 4 14:50:31 mx dovecot[1302421]: auth: D
Re: [EXT] Is XOAUTH2 support broken in 2.3.21?
> Am 05.10.2023 um 09:08 schrieb Christian Rößner :
>
> Hi,
>
>> Am 05.10.2023 um 08:22 schrieb Aki Tuomi via dovecot :
>>
>> You seem to be using userinfo and not introspect endpoint in your
>> configuration. Does userinfo return active too?
>
> tokeninfo_url = https://oauth.authserv.me:/userinfo?access_token=
> introspection_url = https://oauth.authserv.me:4445/admin/oauth2/introspect
>
Here is an example of the userinfo results (I have a test client for this):
```json
{
"OAuth2Token": {
"access_token": "ory_at_***HIDDEN***",
"token_type": "bearer",
"refresh_token": "ory_rt_***HIDDEN***",
"expiry": "2023-10-05T10:09:52.394731+02:00"
},
"IDTokenClaims": {
"at_hash": "6UQR9dqFoaH1a-ztuZsmfg",
"aud": [
"718f4a52-e1a8-431d-9146-15809cfe3240"
],
"auth_time": 1696489790,
"dovecot_mailbox_path":
"sdbox:~/sdbox:VOLATILEDIR=/srv/vmail/volatile/%2.256Nu/%Lu:LISTINDEX=/srv/vmail/listindex/%2.256Nu/%Lu/dovecot.list.index",
"dovecot_user": "de10...@srvint.net",
"email": "christian@roessner.email",
"exp": 1696493393,
"family_name": "Rößner",
"given_name": "Christian",
"groups": [
"admin",
"user",
"superadmin",
"familie",
"kanzlei"
],
"iat": 1696489793,
"iss": "https://oauth.authserv.me:";,
"jti": "***",
"name": "Christian Rößner",
"nickname": "croessner",
"nonce": "***",
"preferred_username": "croessner",
"rat": 1696489779,
"sid": "***",
"sub": "977c6572-d017-103b-836b-b5fc6e126160"
}
}
```
I do not see something like an active flag.
Christian
>>
>> Aki
>>
>>> On 04/10/2023 20:05 EEST Christian Rößner via dovecot
>>> wrote:
>>>
>>>
>>> Hi,
>>>
>>> well I fear there is still something wrong.
>>>
>>>> Am 04.10.2023 um 15:05 schrieb Aki Tuomi via dovecot :
>>>>
>>>>>
>>>>> On 04/10/2023 16:02 EEST Christian Rößner wrote:
>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>>> Am 04.10.2023 um 14:31 schrieb Aki Tuomi :
>>>>>>
>>>>>>>
>>>>>>> On 04/10/2023 15:13 EEST Christian Rößner via dovecot
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>> Am 04.10.2023 um 12:56 schrieb Arjen de Korte
>>>>>>>> :
>>>>>>>>
>>>>>>>> Citeren Christian Rößner via dovecot :
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20,
>>>>>>>>> but broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so it
>>>>>>>>> is introduced in the newer release.
>>>>>>>>>
>>>>>>>>> Error (2.3.21):
>>>>>>>>> ```
>>>>>>>>> Oct 4 11:03:57 mx dovecot[558531]: imap-login: Disconnected:
>>>>>>>>> Connection closed (client didn't finish SASL auth, waited 1 secs):
>>>>>>>>> user=,
>>>>>>>>> orig_user=, method=XOAUTH2,
>>>>>>>>> rip=192.168.0.4, lip=192.168.0.2, TLS, TLSv1.3 with cipher
>>>>>>>>> TLS_AES_256_GCM_SHA384 (256/256 bits)
>>>>>>>>> ```
>>>>>>>>>
>>>>>>>>> Here is an example with 2.3.20:
>>>>>>>>>
>>>>>>>>> Success (2.3.20):
>>>>>>>>> ```
>>>>>>>>> Oct 4 11:17:21 mx dovecot[889914]: imap-login: Login:
>>>>>>>>> user=,
>>>>>>>>> orig_user=, method=XOAUTH2,
>>>>>>>>> rip=192.168.0.4, lip=192.168.0.2, mpid=891874, TLS, TLSv1.3 with
>>>>>>>>> cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
>>>>>>>>> ```
>>>>>>>>
>>>>>>>> Searching the archives might give a lead to wh
Re: [EXT] Is XOAUTH2 support broken in 2.3.21?
On 5 Oct 2023, at 9:26, Aki Tuomi wrote:
> Ok, i guess the problem is that it's somehow thinking it got everything
> already from the tokeninfo endpoint. Can you try enabling forced
> introspection?
It is already forced :-)
Christian
>
> Aki
>
>> On 05/10/2023 10:13 EEST Christian Rößner wrote:
>>
>>
>>> Am 05.10.2023 um 09:08 schrieb Christian Rößner :
>>>
>>> Hi,
>>>
>>>> Am 05.10.2023 um 08:22 schrieb Aki Tuomi via dovecot :
>>>>
>>>> You seem to be using userinfo and not introspect endpoint in your
>>>> configuration. Does userinfo return active too?
>>>
>>> tokeninfo_url = https://oauth.authserv.me:/userinfo?access_token=
>>> introspection_url = https://oauth.authserv.me:4445/admin/oauth2/introspect
>>>
>> Here is an example of the userinfo results (I have a test client for this):
>>
>> ```json
>> {
>> "OAuth2Token": {
>> "access_token": "ory_at_***HIDDEN***",
>> "token_type": "bearer",
>> "refresh_token": "ory_rt_***HIDDEN***",
>> "expiry": "2023-10-05T10:09:52.394731+02:00"
>> },
>> "IDTokenClaims": {
>> "at_hash": "6UQR9dqFoaH1a-ztuZsmfg",
>> "aud": [
>> "718f4a52-e1a8-431d-9146-15809cfe3240"
>> ],
>> "auth_time": 1696489790,
>> "dovecot_mailbox_path":
>> "sdbox:~/sdbox:VOLATILEDIR=/srv/vmail/volatile/%2.256Nu/%Lu:LISTINDEX=/srv/vmail/listindex/%2.256Nu/%Lu/dovecot.list.index",
>> "dovecot_user": "de10...@srvint.net",
>> "email": "christian@roessner.email",
>> "exp": 1696493393,
>> "family_name": "Rößner",
>> "given_name": "Christian",
>> "groups": [
>> "admin",
>> "user",
>> "superadmin",
>> "familie",
>> "kanzlei"
>> ],
>> "iat": 1696489793,
>> "iss": "https://oauth.authserv.me:";,
>> "jti": "***",
>> "name": "Christian Rößner",
>> "nickname": "croessner",
>> "nonce": "***",
>> "preferred_username": "croessner",
>> "rat": 1696489779,
>> "sid": "***",
>> "sub": "977c6572-d017-103b-836b-b5fc6e126160"
>> }
>> }
>> ```
>>
>> I do not see something like an active flag.
>>
>> Christian
>>
>>>>
>>>> Aki
>>>>
>>>>> On 04/10/2023 20:05 EEST Christian Rößner via dovecot
>>>>> wrote:
>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> well I fear there is still something wrong.
>>>>>
>>>>>> Am 04.10.2023 um 15:05 schrieb Aki Tuomi via dovecot
>>>>>> :
>>>>>>
>>>>>>>
>>>>>>> On 04/10/2023 16:02 EEST Christian Rößner wrote:
>>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>> Am 04.10.2023 um 14:31 schrieb Aki Tuomi :
>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 04/10/2023 15:13 EEST Christian Rößner via dovecot
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>>> Am 04.10.2023 um 12:56 schrieb Arjen de Korte
>>>>>>>>>> :
>>>>>>>>>>
>>>>>>>>>> Citeren Christian Rößner via dovecot :
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20,
>>>>>>>>>>> but broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so
>>>>>>>>>>> it is introduced in the newer release.
>>>>>>>>>>>
>>>>>>>>>>> Error (2.3.21):
>>>>>>>>>>> ```
>>>>>>>>>>> Oct 4 11:03:57 mx dovecot[558531]: imap-login: Disconnected:
>>>
How can I override settings in a dovecot protocol section?
Hi,
I have defined a service and a protocol that shall honor quota, but in an
non-enforcing mode (required).
Therefr I have done this on a test-server:
```
protocols = lmtp lmtp_noenforcing imap pop3
service lmtp_noenforcing {
executable = lmtp
inet_listener lmtp_noenforcing {
port = 24000
}
protocol = lmtp_noenforcing
}
protocol lmtp_noenforcing {
postmaster_address = postmaster@
mail_plugins = quota sieve fts fts_solr
# Just for testing, if this works.
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
override_fields = quota=count:User quota:noenforcing
skip = never
result_success = continue
result_failure = return-fail
}
# Just for testing, if this works.
userdb {
driver = lua
args = file=/etc/dovecot/userdb.lua blocking=yes
override_fields = quota=count:User quota:noenforcing
result_success = return-ok
result_failure = continue
result_internalfail = continue
}
# Preferred
plugin {
quota = count:User quota:noenforcing
}
}
```
I tried with and without userdbs. With and without plugin{}. It seems that this
whole section is never used. I removed "quota" from the mail_plugins parameter,
but that seems to show me that the section is not used, because it always fails
in a local swaks-test. The test shows that quota is exceeded. I would expect
that the quota is ignored. One or the other hand.
So why is the protocol not used for this service?
We currently use Dovecot 2.3.20 from your repos.
Kind regards and thanks in advance
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: How can I override settings in a dovecot protocol section?
Hi,
is there somebody who can help me here?
Thanks in advance
Christian
> Am 19.03.2024 um 10:54 schrieb Christian Rößner via dovecot
> :
>
> Hi,
>
> I have defined a service and a protocol that shall honor quota, but in an
> non-enforcing mode (required).
>
> Therefr I have done this on a test-server:
>
> ```
> protocols = lmtp lmtp_noenforcing imap pop3
>
> service lmtp_noenforcing {
> executable = lmtp
>
> inet_listener lmtp_noenforcing {
>port = 24000
> }
>
> protocol = lmtp_noenforcing
> }
>
> protocol lmtp_noenforcing {
> postmaster_address = postmaster@
> mail_plugins = quota sieve fts fts_solr
>
> # Just for testing, if this works.
> userdb {
>driver = ldap
>args = /etc/dovecot/dovecot-ldap.conf.ext
>override_fields = quota=count:User quota:noenforcing
>skip = never
>result_success = continue
>result_failure = return-fail
> }
>
> # Just for testing, if this works.
> userdb {
>driver = lua
>args = file=/etc/dovecot/userdb.lua blocking=yes
>override_fields = quota=count:User quota:noenforcing
>result_success = return-ok
>result_failure = continue
>result_internalfail = continue
> }
>
> # Preferred
> plugin {
>quota = count:User quota:noenforcing
> }
> }
> ```
>
> I tried with and without userdbs. With and without plugin{}. It seems that
> this whole section is never used. I removed "quota" from the mail_plugins
> parameter, but that seems to show me that the section is not used, because it
> always fails in a local swaks-test. The test shows that quota is exceeded. I
> would expect that the quota is ignored. One or the other hand.
>
> So why is the protocol not used for this service?
>
> We currently use Dovecot 2.3.20 from your repos.
>
> Kind regards and thanks in advance
>
> Christian Rößner
> --
> Rößner-Network-Solutions
> Zertifizierter ITSiBe / CISO
> Karl-Bröger-Str. 10, 36304 Alsfeld
> Fax: +49 6631 78823409, Mobil: +49 171 9905345
> USt-IdNr.: DE225643613, https://roessner.website
> PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
>
> ___
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
lda-dupes-file not updated, when user over quota and sieve vacation enabled
Hi, we have encountered an interesting behavior with users that have their mailboxes over quota while having sieve-vacation enabled. We do a temp fail, if a mailbox is over quota. Problem: If a remote sender sends an email to such a user (over quota + vacation), Dovecot directly creates a response message and sends it back to the sender. So far so good. At the same time the original email cannot be stored in the users INBOX, which leads to a temp fail action. Now the email remains in a queue and whenever the queue manager tries to deliver the email again, the behavior starts again. Send vacation response and temp fail, until either the queue life time exceeds or the user has cleaned up his/her mailbox and the message can be stored. For the remote sender it means getting lots of vacation emails from the same recipient. For each retry one vacation message. Tracing: We dig a little bit deeper and turned on logging to see what happens. Because the email cannot be put into the users INBOX, it keeps in a failure state. And because of this, the dupes-file is not updated for this particular sender. We are not sure, if this is a wanted behavior or not. But for a sender, it is really annoying to receive vacation messages on and on. Solution: - Unfortunately we could not find any settings to change this. So I come here and ask for your kindly help. At the moment of this writing I can not provide a doveconf -n output, but I hope you trust me that we have not done too many things wrong ;-) Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Karl-Bröger-Str. 10, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
[Off-topic] ANN: Nauthilus
Today I am pleased to announce the Nauthilus software. Nauthilus (N-Auth-ilus) is a centralized authentication server with a comprehensive policy engine. The idea behind this project is to connect services centrally in one place and perform extensive tests during authentication. # What can Nauthilus do and what problems does it solve? Many services on the Internet require authentication. Each application must then be connected to databases and must implement its own protective measures to ward off attackers. Every installation carries the risk of compromisation and therefore also access to the databases. With Nauthilus, the task is centralized in one place. Nauthilus is essentially an HTTP REST server that can be accessed by any application. It takes on the role of a guardian. Nauthilus integrates very well with Dovecot and Postfix. # Authentication process Nauthilus uses several authentication steps: ## 1. features Features include tests such as TLS verification, relay domains (is the system even responsible for the requested domain?), blocklists, RBLs and freely definable Lua features. Nauthilus has a powerful brute force concept with buckets to detect even slow attacks over days and weeks. It offers a bucket system for this purpose. ## 2. backend authentication Nauthilus includes LDAP support and Lua to perform the authentication itself. A large library of predefined functions is available in Lua, including SQL support. ## 3 Policies Policies are run through after authentication. Despite a successful login, the system can reject the login (or, conversely, allow it!). There is also space here for GeoIP lookups, etc. ## 4. Post-processing After the 3rd point, authentication has been completed, but at this point further tests can run in the background such as: * Check password policy and take action * Consult the Haveibeenpwnd network * GeoIP tracking across national borders and much more. ## Miscellaneous Nauthilus allows the free definition of so-called hooks. Each hook listens for a specific URI (callback) in the HTTP request. These callbacks are written by the administrator in Lua. In an initial proof of concept, Nauthilus can take on the role of a Dovecot director. This has already been tested with version 2.4.0. Currently, Nauthilus can dynamically delegate incoming connections to backends. The hooks concept is used here as an example. # Final words By integrating a Lua VM into the server, Nauthilus can be integrated and customized in almost any setup. See also the other Nauthilus-related projects listed in the appendix. To enable single sign-on (SSO), it can be operated with an Ory-Hydra server or the sister project nauthilus-keycloak can be used as a custom authenticator in Keycloak. 100% Open-Source 100% Community # Project https://github.com/croessner/nauthilus # Sub projects https://github.com/croessner/nauthilus-demo https://github.com/croessner/nauthilus-keycloak https://github.com/croessner/pfxhttp https://github.com/croessner/geoip-policyd # Mailing lists: https://lists.nauthilus.org N.B.: In the future, announcements are sent over the nauthilus-announce ML. This is just a hello world! Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Marburger Str. 70a, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: [Off-topic] ANN: Nauthilus
> Am 31.01.2025 um 18:47 schrieb Marc via dovecot : > > First when I read this, how is this different from keycloak? It’s about the authentication process in your business. With the Lua integration in Nauthilus, you can nearly do everting what you want in the authentication process. If you dive deeper in Nauthilus, you will see the differences 😊 Feel free to ask questions on the users mailing list… Regards Christian ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Why does metrics exporter not work anymore?
Hi, > Am 27.01.2025 um 15:42 schrieb Armin Tüting via dovecot : > > On Mon, 2025-01-27 at 14:50 +0100, Christian Rößner via dovecot wrote: >> mail_home = /srv/mail/%Ln > This can't be right. Yes, that was wrong (thank you), but not causing any issues. I fixed it, but still no events... Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Marburger Str. 70a, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Why does metrics exporter not work anymore?
Hi,
I am trying to get the metrics exporter to work in 2.4.0, but for some reason,
I do not see any connection attempts to the named http server nor do I get any
errors:
$ doveconf -n
# 2.4.0 (daeb6bc59c): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.0 (1b2d5bb9)
# OS: Linux 6.10.14-linuxkit x86_64 Debian 12.9
# Hostname: b7638a15bee0
dovecot_config_version = 2.4.0
auth_allow_cleartext = yes
auth_cache_verify_password_with_worker = yes
auth_failure_delay = 0 secs
auth_mechanisms =
auth_mechanisms {
plain = yes
login = yes
}
auth_username_format = %{user | username | lower}
debug_log_path = /dev/stdout
default_internal_group = vmail
default_internal_user = vmail
default_login_user = vmail
dovecot_storage_version = 2.4.0
first_valid_uid = 1000
imap_id_retain = yes
info_log_path = /dev/stdout
last_valid_uid = 1000
listen =
listen {
* = yes
}
lmtp_proxy = yes
log_path = /dev/stdout
mail_debug = yes
mail_driver = sdbox
mail_gid = vmail
mail_home = /srv/mail/%Ln
mail_path = ~/Mail
mail_uid = vmail
protocols {
imap = yes
pop3 = yes
lmtp = yes
}
ssl = no
verbose_proctitle = yes
namespace inbox {
inbox = yes
separator = /
}
service lmtp {
inet_listener lmtp {
port = 24
ssl = no
}
}
service imap-login {
client_limit = 100
process_min_avail = 1
restart_request_count = unlimited
inet_listener imap {
port = 143
}
}
service pop3-login {
client_limit = 100
process_min_avail = 1
restart_request_count = unlimited
inet_listener pop3 {
port = 110
}
}
event_exporter log {
driver = log
format = json
time_format = rfc3339
}
event_exporter conn_state {
driver = http-post
format = json
http_post_url = http://nauthilus:8080/api/v1/custom/dovecot-session-cleaner
time_format = rfc3339
http_client_request_absolute_timeout = 5sec
}
metric client_disconnect_http {
exporter = conn_state
exporter_include =
exporter_include {
name = yes
hostname = yes
timestamps = yes
categories = yes
fields = yes
}
filter = event=mail_user_session_finished AND (category=imap OR category=pop3
OR category=lmtp OR category=sieve)
}
metric imap_noop {
exporter = conn_state
exporter_include =
exporter_include {
name = yes
hostname = yes
timestamps = yes
categories = yes
fields = yes
}
filter = event=imap_command_finished AND cmd_name=NOOP
}
passdb lua {
lua_file = /etc/dovecot/auth.lua
}
userdb prefetch {
}
userdb lua {
auth_verbose = no
lua_file = /etc/dovecot/auth.lua
result_failure = return-fail
result_internalfail = return-fail
result_success = continue-ok
skip = never
}
It is an example Docker setup found here:
https://github.com/croessner/nauthilus-demo
There are no error logs in dovecot.
Thanks in advance
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Marburger Str. 70a, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: [Dovecot-news] Dovecot v2.4.0 released
Hi,
I have ported my Lua backend to fit with Dovecot version 2.4.0. I encountered
minor issues:
Could you please add the configuration docs for the dovecot-http-client or
point me to the location, where I can find it? It seems, "debug", "timeout" and
"max_attempts" have been dropped or renamed.
Secondly:
request.service is always nil and is no longer set to the current service name
like imap, pop3, ...
Thanks in advance
Christian Rößner
> Am 24.01.2025 um 11:42 schrieb Aki Tuomi via Dovecot-news
> :
>
> Signierter PGP-Teil
> Hi all,
>
> after a very long wait we are finally happy to release Dovecot v2.4.0!
>
> Some IMPORTANT things to notice:
>
> - We have changed the signing key for 2.4 going forward, releases are signed
> with EF0882079FD4ED32BF8B23B2A1B09EF84EDC5219, which can be found at
> https://repo.dovecot.org/DOVECOT-REPO-GPG-2.4 and is signed with the previous
> key.
>
> The old key has been renamed to https://repo.dovecot.org/DOVECOT-REPO-GPG-2.3.
>
> - New 2.4 packages **are not** compatible with old 2.3 configuration, please
> carefully review
> https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html before
> installing the new packages.
>
> - We are happy to provide experimental arm64 support in the form of a Docker
> image.
>
> - Docker images are now ran rootless, with UID 1000 as vmail using built
> sources. Please take this into consideration when upgrading. Latest 2.3 image
> can be used with tag 2.3-latest, if you are not ready for this change.
>
> We won't be sending separate mail about Pigeonhole anymore as we will release
> one anyways when we release Dovecot, and Pigeonhole versioning has been
> changed to match Dovecot versioning.
>
> Source codes available at
>
> - https://www.dovecot.org/releases/2.4/dovecot-2.4.0.tar.gz
> - https://www.dovecot.org/releases/2.4/dovecot-2.4.0.tar.gz.sig
> - https://pigeonhole.dovecot.org/releases/2.4/dovecot-pigeonhole-2.4.0.tar.gz
> -
> https://pigeonhole.dovecot.org/releases/2.4/dovecot-pigeonhole-2.4.0.tar.gz.sig
>
> Binary packages in https://repo.dovecot.org/
> Docker images in https://hub.docker.com/r/dovecot/dovecot
>
> Kind regards,
> Aki Tuomi
> Open-Xchange oy
> ---
>
> Dovecot Core NEWS
> -
> * config: dovecot_config_version must be the first non-comment
> line in configuration file.
> * config: dovecot_storage_version must be in the configuration
> file.
> * config: Many configuration options have changed so old configuration
> files do not work without rewrite. See
> https://doc.dovecot.org/main/installation/upgrade/2.3-to-2.4.html
> * config: New variable expansion syntax has been introduced, see
> https://doc.dovecot.org/main/core/settings/variables.html
> * config: Some default settings have changed.
> * config: plugin {} section has been removed.
> * *-login: With ssl=required, connections from login_trusted_networks
> are now also required to be SSL/TLS encrypted.
> * acl: Use ACL settings instead of Global ACL Directories.
> * auth-worker: auth_worker_max_count is replaced with
> service auth-worker { process_limit }.
> * auth: Weak password schemes are disabled by default, use
> auth_allow_weak_schemes to enable them.
> * auth_debug, mail_debug: Use log_debug filter instead.
> * config: All sections require a name, for example passdb/userdb:
> passdb static {
> password=secret
> }
> * db2: Remove Berkeley DB support.
> * dict-memcached: This is removed, use Redis instead.
> * director: Feature has been removed. See potential replacement at
> https://github.com/dovecot/tools/blob/main/director.lua
> * doveadm: USER environment variable is only supported with
> --no-userdb-lookup. One of -u, -F or -A must be used
> otherwise.
> * doveconf: Option -n is now default when running doveconf.
> * dsync: Use doveadm sync instead, legacy symlink has been removed.
> * fs-sis: Feature is now deprecated and has been made read-only.
> It will be removed in future release.
> * fts-lucene, fts-squat: These have been removed, use fts-flatcurve or
> fts-solr instead.
> * imap-login: IMAP compression is now handled in proxies.
> * imap_quota: SETQUOTA / quota_set has been removed.
> * imap_zlib: This plugin is no longer needed, it's always enabled.
> * imapc: All features are enabled by default, imapc_features can be used
> to explicitly disable features that are not wanted.
> * lib-storage: mbox driver is now frozen.
> * mail_compress: XZ and LZMA algorithm support has been removed.
> * mailbox-alias: Plugin has been removed.
> * old_stats, auth_stats: These have been removed.
> * openssl: Minimum supported version of OpenSSL is no
[BUG] Re: Why does metrics exporter not work anymore?
I double checked with settings from 2.3.21. The old version is working. The new
one does not.
So I update this question to be a bug.
Thanks
Christian
> Am 27.01.2025 um 14:50 schrieb Christian Rößner via dovecot
> :
>
> Hi,
>
> I am trying to get the metrics exporter to work in 2.4.0, but for some
> reason, I do not see any connection attempts to the named http server nor do
> I get any errors:
>
> $ doveconf -n
> # 2.4.0 (daeb6bc59c): /etc/dovecot/dovecot.conf
> # Pigeonhole version 2.4.0 (1b2d5bb9)
> # OS: Linux 6.10.14-linuxkit x86_64 Debian 12.9
> # Hostname: b7638a15bee0
> dovecot_config_version = 2.4.0
> auth_allow_cleartext = yes
> auth_cache_verify_password_with_worker = yes
> auth_failure_delay = 0 secs
> auth_mechanisms =
> auth_mechanisms {
> plain = yes
> login = yes
> }
> auth_username_format = %{user | username | lower}
> debug_log_path = /dev/stdout
> default_internal_group = vmail
> default_internal_user = vmail
> default_login_user = vmail
> dovecot_storage_version = 2.4.0
> first_valid_uid = 1000
> imap_id_retain = yes
> info_log_path = /dev/stdout
> last_valid_uid = 1000
> listen =
> listen {
> * = yes
> }
> lmtp_proxy = yes
> log_path = /dev/stdout
> mail_debug = yes
> mail_driver = sdbox
> mail_gid = vmail
> mail_home = /srv/mail/%Ln
> mail_path = ~/Mail
> mail_uid = vmail
> protocols {
> imap = yes
> pop3 = yes
> lmtp = yes
> }
> ssl = no
> verbose_proctitle = yes
> namespace inbox {
> inbox = yes
> separator = /
> }
> service lmtp {
> inet_listener lmtp {
>port = 24
>ssl = no
> }
> }
> service imap-login {
> client_limit = 100
> process_min_avail = 1
> restart_request_count = unlimited
> inet_listener imap {
>port = 143
> }
> }
> service pop3-login {
> client_limit = 100
> process_min_avail = 1
> restart_request_count = unlimited
> inet_listener pop3 {
>port = 110
> }
> }
> event_exporter log {
> driver = log
> format = json
> time_format = rfc3339
> }
> event_exporter conn_state {
> driver = http-post
> format = json
> http_post_url = http://nauthilus:8080/api/v1/custom/dovecot-session-cleaner
> time_format = rfc3339
> http_client_request_absolute_timeout = 5sec
> }
> metric client_disconnect_http {
> exporter = conn_state
> exporter_include =
> exporter_include {
>name = yes
>hostname = yes
>timestamps = yes
>categories = yes
>fields = yes
> }
> filter = event=mail_user_session_finished AND (category=imap OR
> category=pop3 OR category=lmtp OR category=sieve)
> }
> metric imap_noop {
> exporter = conn_state
> exporter_include =
> exporter_include {
>name = yes
>hostname = yes
>timestamps = yes
>categories = yes
>fields = yes
> }
> filter = event=imap_command_finished AND cmd_name=NOOP
> }
> passdb lua {
> lua_file = /etc/dovecot/auth.lua
> }
> userdb prefetch {
> }
> userdb lua {
> auth_verbose = no
> lua_file = /etc/dovecot/auth.lua
> result_failure = return-fail
> result_internalfail = return-fail
> result_success = continue-ok
> skip = never
> }
>
> It is an example Docker setup found here:
>
> https://github.com/croessner/nauthilus-demo
>
> There are no error logs in dovecot.
>
> Thanks in advance
>
> Christian Rößner
> --
> Rößner-Network-Solutions
> Zertifizierter ITSiBe / CISO
> Marburger Str. 70a, 36304 Alsfeld
> Fax: +49 6631 78823409, Mobil: +49 171 9905345
> USt-IdNr.: DE225643613, https://roessner.website
> PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
>
> ___
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Marburger Str. 70a, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Why does metrics exporter not work anymore?
> Am 28.01.2025 um 14:51 schrieb Timo Sirainen via dovecot > : > > Anyway, like I mentioned in my other email, I think the problem here is > simply that the events should be configured to Dovecot backend, not to > Dovecot proxy. But this would track sessions on the backends and not the ones on the proxy. How else can I see "disconnects" and "established-connections" on the proxy side? Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Marburger Str. 70a, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Why does metrics exporter not work anymore?
a connection (1 queues linked, 0 connections left, 0 connections pending, 0 requests pending, 0 requests urgent) director | Jan 28 12:39:50 auth-worker(16): Debug: http-client: conn 172.22.0.4:8080 [1]: Retrying pending requests director | Jan 28 12:39:50 auth-worker(16): Debug: http-client: conn 172.22.0.4:8080 [1]: Connection close director | Jan 28 12:39:50 auth-worker(16): Debug: http-client: conn 172.22.0.4:8080 [1]: Connection destroy director | Jan 28 12:39:50 auth-worker(16): Debug: http-client[1]: peer 172.22.0.4:8080: No requests to service for this peer (0 connections exist, 0 pending) director | Jan 28 12:39:50 auth-worker(16): Debug: http-client[1]: peer 172.22.0.4:8080: Dropping peer now director | Jan 28 12:39:50 auth-worker(16): Debug: http-client[1]: peer 172.22.0.4:8080: Peer close director | Jan 28 12:39:50 auth-worker(16): Debug: http-client[1]: peer 172.22.0.4:8080: Peer disconnect director | Jan 28 12:39:50 auth-worker(16): Debug: http-client[1]: peer 172.22.0.4:8080: Peer destroy director | Jan 28 12:39:50 auth-worker(16): Debug: http-client: peer 172.22.0.4:8080: Peer pool destroy director | Jan 28 12:39:50 auth-worker(16): Debug: http-client: peer 172.22.0.4:8080 (shared): Peer destroy director | Jan 28 12:39:50 imap-login: Debug: auth-client: conn unix:login (pid=7,uid=1000): Disconnected: Connection closed (fd=13) director | Jan 28 12:39:50 auth: Debug: conn unix:login (pid=9,uid=1000) [1]: Disconnected: Connection closed (fd=18) Further information: docker exec -it nauthilus bash 044510af705c:/usr/app$ ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:16:00:04 inet addr:172.22.0.4 Bcast:172.22.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:883 errors:0 dropped:0 overruns:0 frame:0 TX packets: errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:88062 (85.9 KiB) TX bytes:76751 (74.9 KiB) eth1 Link encap:Ethernet HWaddr 02:42:AC:17:00:03 inet addr:172.23.0.3 Bcast:172.23.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:69 errors:0 dropped:0 overruns:0 frame:0 TX packets:75 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5399 (5.2 KiB) TX bytes:7397 (7.2 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:494 errors:0 dropped:0 overruns:0 frame:0 TX packets:494 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:34887 (34.0 KiB) TX bytes:34887 (34.0 KiB) 044510af705c:/usr/app$ netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.11:386530.0.0.0:* LISTEN - tcp0 0 :::8080 :::*LISTEN 1/nauthilus udp0 0 127.0.0.11:504360.0.0.0:* - 044510af705c:/usr/app$ ping -c1 nauthilus PING nauthilus (172.22.0.4): 56 data bytes 64 bytes from 172.22.0.4: seq=0 ttl=42 time=0.024 ms --- nauthilus ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.024/0.024/0.024 ms 044510af705c:/usr/app$ curl http://localhost:8080/ping pong Why is this temporary error? Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Marburger Str. 70a, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Why does metrics exporter not work anymore?
> Am 27.01.2025 um 21:22 schrieb Timo Sirainen via dovecot
> :
>
> On 27. Jan 2025, at 15.50, Christian Rößner via dovecot
> wrote:
>>
>> event_exporter conn_state {
>> driver = http-post
>> format = json
>> http_post_url = http://nauthilus:8080/api/v1/custom/dovecot-session-cleaner
>> time_format = rfc3339
>> http_client_request_absolute_timeout = 5sec
>> }
>> metric client_disconnect_http {
>> exporter = conn_state
>> exporter_include =
>> exporter_include {
>> name = yes
>> hostname = yes
>> timestamps = yes
>> categories = yes
>> fields = yes
>> }
>> filter = event=mail_user_session_finished AND (category=imap OR
>> category=pop3 OR category=lmtp OR category=sieve)
>> }
>> metric imap_noop {
>> exporter = conn_state
>> exporter_include =
>> exporter_include {
>> name = yes
>> hostname = yes
>> timestamps = yes
>> categories = yes
>> fields = yes
>> }
>> filter = event=imap_command_finished AND cmd_name=NOOP
>> }
>
> These seem to work fine with me. I copy&pasted them to my config except
> changed it to connect to localhost. Then did a test session:
>
> % nc localhost 143
> * OK [CAPABILITY IMAP4rev1 LOGIN-REFERRALS ID ENABLE IDLE SASL-IR LITERAL+
> STARTTLS AUTH=PLAIN] Dovecot ready.
> x login tss pass
> x OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT
> SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND
> URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED
> I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH
> LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE
> SAVEDATE COMPRESS=DEFLATE INPROGRESS NOTIFY SPECIAL-USE LITERAL+] Logged in
> x select inbox
> * FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
> * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags
> permitted.
> * 0 EXISTS
> * 0 RECENT
> * OK [UIDVALIDITY 1738009228] UIDs valid
> * OK [UIDNEXT 1] Predicted next UID
> x OK [READ-WRITE] Select completed (0.008 + 0.000 + 0.008 secs).
> x noop
> x OK NOOP completed (0.001 + 0.000 secs).
> x logout
> * BYE Logging out
> x OK Logout completed (0.001 + 0.000 secs).
>
> It tried to connect on NOOP and LOGOUT commands as expected:
>
> 2025-01-27T22:20:25.683680+02:00 ubuntu dovecot: imap-login: Logged in:
> user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=1297445,
> secured, session=
> 2025-01-27T22:20:29.252767+02:00 ubuntu dovecot: stats: Error: Failed to
> export event via HTTP POST: 9003 connect(127.0.0.1:8080) failed: Connection
> refused
> 2025-01-27T22:20:48.469938+02:00 ubuntu dovecot:
> imap(tss)<1297445>: Disconnected: Logged out in=30 out=858
> deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0
> body_bytes=0
> 2025-01-27T22:20:48.470406+02:00 ubuntu dovecot: stats: Error: Failed to
> export event via HTTP POST: 9003 connect(127.0.0.1:8080) failed: Connection
> refused
> ___
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
And here is the same from my system:
The "director"-part (I know there does not exist a director anymore. Nauthilus
replaces it in some way concerning the server-part of Dovecot):
director | Jan 28 09:23:48 auth-worker(94): Info: request=passdb protocol=imap
proxy_host=backend-1 auth_status_code=200 auth_status_message=
nauthilus_session=2sFfQiOh7OJYFYbFu11OnEVrCAx
director | Jan 28 09:23:48 imap-login: Info:
proxy(testaccount,backend-1[172.22.0.5]:143): Started proxying to remote host
(0.015 secs): user=, method=PLAIN, rip=172.22.0.1, lip=172.22.0.3,
session=
director | Jan 28 09:24:02 imap-login: Info:
proxy(testaccount,backend-1[172.22.0.5]:143): Disconnected by server (0s idle,
in=298, out=1019): user=, method=PLAIN, rip=172.22.0.1,
lip=172.22.0.3, session=
The tshark-Output from the same container:
69 405.512799379 172.22.0.3 → 172.22.0.4 HTTP 525 POST
/api/v1/auth/header HTTP/1.1
71 405.517035967 172.22.0.4 → 172.22.0.3 HTTP 335 HTTP/1.1 200 OK
Do connection to /api/v1/custom/dovecot-session-cleaner
As configured in the event exporter.
From my computer testing it:
telnet localhost 1430
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LOGIN-REFERRALS ID ENABLE IDLE SASL-IR LITERAL+
AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
. login testuser testpassword
. OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTI
Re: Why does metrics exporter not work anymore?
> Am 28.01.2025 um 10:30 schrieb Christian Rößner : > > Do connection to /api/v1/custom/dovecot-session-cleaner Not Do! I mean No! Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Marburger Str. 70a, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Why does metrics exporter not work anymore?
> Am 28.01.2025 um 13:47 schrieb Christian Rößner via dovecot > : > > > >> Am 28.01.2025 um 12:43 schrieb Timo Sirainen via dovecot >> : >> >> log_debug = category=debug > > Here is the debug output: > > director | Jan 28 12:38:18 master: Info: Dovecot v2.4.0 (daeb6bc59c) > starting up for imap, pop3, lmtp (core dumps disabled) > director | Jan 28 12:38:18 imap-login: Debug: conn unix:stats-writer: > Connecting > director | Jan 28 12:38:18 imap-login: Debug: conn unix:stats-writer > (pid=7,uid=1000): Client connected (fd=10) > director | Jan 28 12:38:18 imap-login: Debug: conn unix:stats-writer > (pid=7,uid=1000): Sending version handshake > director | Jan 28 12:38:18 pop3-login: Debug: conn unix:stats-writer: > Connecting > director | Jan 28 12:38:18 pop3-login: Debug: conn unix:stats-writer > (pid=7,uid=1000): Client connected (fd=10) > director | Jan 28 12:38:18 pop3-login: Debug: conn unix:stats-writer > (pid=7,uid=1000): Sending version handshake > director | Jan 28 12:38:18 anvil: Debug: conn anvil: Server accepted > connection (fd=8) > director | Jan 28 12:38:18 anvil: Debug: conn anvil: Server accepted > connection (fd=9) > director | Jan 28 12:38:18 stats: Debug: conn unix:stats (pid=9,uid=1000): > Server accepted connection (fd=13) > director | Jan 28 12:38:18 stats: Debug: conn unix:stats (pid=9,uid=1000): > Sending version handshake > director | Jan 28 12:38:18 stats: Debug: conn unix:stats (pid=10,uid=1000): > Server accepted connection (fd=14) > director | Jan 28 12:38:18 stats: Debug: conn unix:stats (pid=10,uid=1000): > Sending version handshake > director | Jan 28 12:38:18 imap-login: Debug: conn unix:anvil: Connecting > director | Jan 28 12:38:18 imap-login: Debug: conn unix:anvil > (pid=7,uid=1000): Client connected (fd=12) > director | Jan 28 12:38:18 imap-login: Debug: conn unix:anvil > (pid=7,uid=1000): Sending version handshake > director | Jan 28 12:38:18 pop3-login: Debug: conn unix:anvil: Connecting > director | Jan 28 12:38:18 pop3-login: Debug: conn unix:anvil > (pid=7,uid=1000): Client connected (fd=12) > director | Jan 28 12:38:18 pop3-login: Debug: conn unix:anvil > (pid=7,uid=1000): Sending version handshake > director | Jan 28 12:38:18 anvil: Debug: conn unix:anvil (pid=9,uid=1000): > Server accepted connection (fd=15) > director | Jan 28 12:38:18 anvil: Debug: conn unix:anvil (pid=10,uid=1000): > Server accepted connection (fd=16) > director | Jan 28 12:38:18 pop3-login: Debug: auth-client: conn unix:login: > Connecting > director | Jan 28 12:38:18 pop3-login: Debug: auth-client: conn unix:login > (pid=7,uid=1000): Client connected (fd=13) > director | Jan 28 12:38:18 imap-login: Debug: auth-client: conn unix:login: > Connecting > director | Jan 28 12:38:18 imap-login: Debug: auth-client: conn unix:login > (pid=7,uid=1000): Client connected (fd=13) > director | Jan 28 12:38:18 auth: Debug: conn unix:/run/dovecot/stats-writer: > Connecting > director | Jan 28 12:38:18 auth: Debug: conn unix:/run/dovecot/stats-writer > (pid=7,uid=1000): Client connected (fd=7) > director | Jan 28 12:38:18 auth: Debug: conn unix:/run/dovecot/stats-writer > (pid=7,uid=1000): Sending version handshake > director | Jan 28 12:38:18 stats: Debug: conn unix:stats (pid=15,uid=1000): > Server accepted connection (fd=15) > director | Jan 28 12:38:18 stats: Debug: conn unix:stats (pid=15,uid=1000): > Sending version handshake > director | Jan 28 12:38:18 auth: Debug: conn unix:anvil-auth-penalty: > Connecting > director | Jan 28 12:38:18 auth: Debug: conn unix:anvil-auth-penalty > (pid=7,uid=1000): Client connected (fd=15) > director | Jan 28 12:38:18 auth: Debug: conn unix:anvil-auth-penalty > (pid=7,uid=1000): Sending version handshake > director | Jan 28 12:38:18 anvil: Debug: conn unix:anvil (pid=15,uid=1000): > Server accepted connection (fd=17) > director | Jan 28 12:38:18 auth: Debug: Wrote new auth token secret to > /run/dovecot/auth-token-secret.dat > director | Jan 28 12:38:18 auth: Debug: conn unix:login (pid=9,uid=1000) > [1]: Server accepted connection (fd=18) > director | Jan 28 12:38:18 auth: Debug: conn unix:login (pid=10,uid=1000) > [2]: Server accepted connection (fd=19) > director | Jan 28 12:38:18 auth: Debug: conn unix:login (pid=9,uid=1000) > [1]: auth client connected (pid=9) > director | Jan 28 12:38:18 auth: Debug: conn unix:login (pid=10,uid=1000) > [2]: auth client connected (pid=10) > director | Jan 28 12:38:50 imap-login: Debug: auth-client: request [1]: > Started request > director | Jan 28 12:38:50 auth: Debug: conn unix:login (pid=9,uid=1000) > [1]: client in: AUTH 1 PLAIN protocol=imap final-resp-
Re: Why does metrics exporter not work anymore?
> Am 28.01.2025 um 14:00 schrieb Aki Tuomi via dovecot : > > >> On 28/01/2025 14:47 EET Christian Rößner via dovecot >> wrote: >> >> >>> Am 28.01.2025 um 12:43 schrieb Timo Sirainen via dovecot >>> : >>> >>> log_debug = category=debug >> >> Here is the debug output: >> > > director | Jan 28 12:39:50 auth-worker(16): Debug: http-client: conn > 172.22.0.4:8080 [1]: Aborting connection with temporary error: Connection > lost: read((conn:172.22.0.4:8080,id=1)) failed: EOF (No requests, last input > 0 secs ago, connected 60.121 secs ago) > > You sure the remote end didn't just crash? Yes Steps to reproduce: git clone https://github.com/croessner/nauthilus-demo docker compose up -d ./nauthilus-test.sh docker compose logs director docker compose logs nauthilus You will see 2 errors in Nauthilus, but they do not matter (and have been fixed in main). I have the same setup running on Rocky Linux 8 with Dovecot 2.3.21.1 (repo.dovecot.org). And as I have Loki in place, I see that the /api/v1/custom/dovecot-session/cleaner URL is called frequently over time. So the general setup is working since months. I only discovered this issue right now with Docker. Even with older Docker image 2.3-latest, the problem exists. So my guessing is the docker image. Or a very hard to find config error. But I do not know which mistake I could have done. Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Marburger Str. 70a, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Why does metrics exporter not work anymore?
> Am 28.01.2025 um 22:20 schrieb Timo Sirainen via dovecot > : > > proxy_session_finished events. With remote_ip and remote_port as tracking criteria. Thank you very much. I was on the wrong path, because my Rocky 8 still used proxy_maybe being always the same host as the proxy itself. So I thought it was working. The Docker stack in fact used different machines. And obviously I did not test it well enough. I will fix it soon. Then this will become an alternative for Director setups with dynamic backend routing. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
2.4.0 missing fields in documentation for event smtp_server_transaction_finished
Hi, Event: smtp_server_transaction_finished remote_ip and remote_port are also available Feature-request: Please also add user to the fields, as lmtp_proxy=yes does a userdb lookup and is aware of the user. Would make things much easier... Regards Christian Rößner -- Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Marburger Str. 70a, 36304 Alsfeld Fax: +49 6631 78823409, Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
