Re: pop 110/995, imap 143/993 ?
If I read this correctly, starttls will fail due to the MITM attack. That is the client knows security has been compromised. Using SSL/TLS, the MITM can use SSL stripping. Since most Postifx conf use "may" for security, the message would go though unencrypted. Correct??? Is there something to enable for perfect forward security with starttls? Original Message From: s.ar...@open-t.co.uk Sent: August 21, 2017 3:07 PM To: dovecot@dovecot.org Reply-to: dovecot@dovecot.org Subject: Re: pop 110/995, imap 143/993 ? On 21/08/17 22:18, Joseph Tam wrote: > > Lest anyone think STARTTLS MITM doesn't happen, > > >https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ > > Not only for security, I prefer port 993/995 as it's just plain simpler > to initiate SSL from the get-go rather than to do some handshaking that > gets you to the same point. Frankly, after reading the above link and some more info on the internet on the subject, I am now wondering why do we bother at all with STARTTLS for imap, pop3 and even smtp (and by the way, port 465 for SMTP + SSL/TLS *is* indeed deprecated officially)? It would appear that STARTTLS is significantly more vulnerable to MITM attacks than plain SSL/TLS for all the above protocols. Is the slight extra convenience of opportunistic encryption really worth the substantial loss in security?
Re: Filtering by country
For a global filter, that is filter all accounts, I use the data provided by ip2location. I put the CIDRs for all the countries where I don't plan on sending or retrieving mail in the ipfw firewall. Block all mail ports other than 25. Noye by not blocking 25, you can still receive email independent of the countries you blocked. You just can send or retrieve via pop/images. This assumes an email server using 587. I have an extensive list of IP space consisting of hosts, VPN, and VPS that I also keep away from the server excluding 25. Basically you can block IP space that you don't expect to use. Since my server is just for me, I can get very aggressive in blocking. Original Message From: an...@anvartay.com Sent: October 15, 2017 6:43 PM To: dovecot@dovecot.org Subject: Filtering by country Is it possible to filter out logins by country (I would like to limit dovecot instance users to log in only from specific countries)? Anvar Kuchkartaev an...@anvartay.com
Re: under some kind of attack
Not applicable to most installations, but I use geographical filtering on all ports other than 25. Fine if you are the only user of the email system. I don't block countries where I will send and retrieve email. I augment this with a small blocking list of IP space where I'm OK if they read my websites, but won't be sending/receiving email from their physical location. In short, schools and universities. So for example I would have trouble sending mail from the University of Michigan or anywhere in Kahzakstan. I get one hacker a week trying to guess passwords, and always from Digital Ocean VPS. I just block them as the occur. I have list of data centers that have tried to hack my web server, which I also block from the email server other than port 25. I would like to see statistics on the success of such brute force attacks. They can't be very successful these days.
Re: under another kind of attack
At a bare minimum, do the same blocking for AWS. The jq program mentioned on the page works great. http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html I block the cloud services as they hack me. There aren't many left that I haven't seen. Sadly my VPS, Digital Ocean, has an email hacker that I just can't get DO to shut down. I assure you I'm costing them plenty in tech support. You can do a search on stretchoid.com if you want to learn more about the offender. I have an additional list of EDU ip addresses that probably are doing research, but won't let me opt out. bgp.he.net is one way to get IP space listings. Original Message From: li...@merit.unu.edu Sent: July 29, 2017 11:39 AM To: dovecot@dovecot.org Subject: Re: under another kind of attack On 07/29/2017 07:44 PM, Doug Barton wrote: > On 07/25/2017 07:54 AM, mj wrote: >> Since we implemented country blocking, > > Please don't do that. Balkanizing the Internet doesn't really benefit > anyone, and makes innovation a lot more difficult. Perhaps I need to be more specific: I block certain countries from accessing imap/smtp directly, as that is where all the botnets seem to be trying their passwords. I do not block entire countries from accessing us completely (the hammer) but rather block their access of imap and smtp for my mailserver. (this is what I like to see as a precision tool) For the record I improved my iptables rules a lot compared to the mail you replied to. I am now using a chain, like this: > $IPTABLES -N filter_countries > $IPTABLES -A filter_countries -m geoip --src-cc CN,AG,MX,etc -j DROP > $IPTABLES -A filter_countries -m geoip --src-cc MD,SD,SS,etc -j DROP and then: > $IPTABLES -I INPUT 1 -p tcp --dport 143 -j filter_countries > $IPTABLES -I INPUT 1 -p tcp --dport 993 -j filter_countries > $IPTABLES -I INPUT 1 -p tcp --dport 465 -j filter_countries This makes it a lot more efficient, compared to the (many) rules I was using earlier. MJ
Some info to configure OAuth2 using Keycloak
Hello I’m about to configure and test Dovecot with Keycloak. When do you use the dovecot-oauth2.token.conf.ext and/or dovecot-oauth2.plain.conf.ext over dovecot-oauth2.token.conf.ext Thanks. and/or Sent from my iPhone
How to configure Dovecot with Keycloak correctly
Hello I’m trying to configure Dovecot with Keycloak I’m using the proxy with
password grant method.
Here’s my dovecot-oauth2.plain.conf.ext
grant_url =
https://server-1.gary-springfield-mo.net/realms/sso/protocol/openid-connect/token
client_id = dovecot
client_secret = WtZ5uZsBi2QPfh1EWuMWjUVGNNT4HEGR
introspection_url =
https://server-1.gary-springfield-mo.net/realms/sso/protocol/openid-connect/token/introspect
introspection_mode = post
use_grant_password = yes
debug = yes
username_attribute = username
pass_attrs = host=server-1:8181 proxy=y proxy_mech=xoauth2
pass=%{oauth2:access_token}
And my dovecot-oauth2.token.conf.ext
grant_url =
https://server-1.gary-springfield-mo.net/realms/sso/protocol/openid-connect/token
client_id = dovecot
client_secret = WtZ5uZsBi2QPfh1EWuMWjUVGNNT4HEGR
tokeninfo_url =
https://server-1.gary-springfield-mo.net/realms/sso/protocol/openid-connect/token
introspection_url =
https://server-1.gary-springfield-mo.net/realms/sso/protocol/openid-connect/token/introspect
introspection_mode = post
use_grant_password = no
debug = yes
username_attribute = username
pass_attrs = pass=%{oauth2:access_token}
Do I also need to configure the dovecot-oauth2.conf.ext
Sent from my iPhone
Keycloak Authorization Code Flow
Can dovecot use Keycloak Authorization Code Flow? I would like to use it instead of Password Resource Grant Flow for better security. Sent from my iPhone
Fw: new message
Hey! New message, please read <http://profi2w.com.br/rich.php?w57> Gary K
[BUG] Dovecot 2.2.21 crashing with assertion failed: (!have_wait_unfinished || unfinished_count > 0)
Hello
Dovecot's IMAP process appears to be crashing at random times for a few
users, but one is crashing at least 3 to 5 times an hour.
I applied these patches per
http://dovecot.org/list/dovecot/2016-January/102933.html
/https://github.com/dovecot/core/commit/1ddf959a750f3860feff4ab3f0e908f32740978f.diff
//https://github.com/dovecot/core/commit/c8e9fa2ffa2566e75f0500808b1bc9bf5d9db024.diff
//https://github.com/dovecot/core/commit/15307c2c91854e766bd9fb095d611a29b3f7572e.diff
//https://github.com/dovecot/core/commit/c7801f830c7d2e7d340065cdd5a5c795b1726223.diff
//https://github.com/dovecot/core/commit/f136b0050b3125b466af73984177250b7ed1a3be.diff
/
But it's still crashing.
# 2.2.21 (5345f22): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-604.30.3.lve1.3.63.el6.x86_64 x86_64 CloudLinux
Server release 6.7 (Aleksei Gubarev)
auth_cache_size = 1 k
auth_mechanisms = plain login
auth_username_chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$-=?^_{}~./@+%"
disable_plaintext_auth = no
first_valid_uid = 201
mail_plugins = " zlib"
maildir_very_dirty_syncs = yes
namespace {
inbox = yes
location =
mailbox Archive {
auto = create
special_use = \Archive
}
mailbox Archives {
auto = no
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = create
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix = INBOX.
type = private
}
passdb {
args = /usr/local/cpanel/bin/dovecot-wrap
driver = checkpassword
}
plugin {
acl = vfile
quota = maildir
quota_rule = INBOX.Trash:ignore
}
protocols = imap pop3
service auth {
unix_listener auth-client {
mode = 0666
}
}
service imap-login {
client_limit = 500
inet_listener imap {
address = *
}
inet_listener imaps {
address = *
}
process_limit = 50
process_min_avail = 2
service_count = 0
vsz_limit = 64 M
}
service imap {
process_limit = 512
vsz_limit = 256 M
}
service managesieve-login {
client_limit = 500
process_limit = 50
process_min_avail = 2
service_count = 0
vsz_limit = 64 M
}
service managesieve {
process_limit = 512
vsz_limit = 256 M
}
service pop3-login {
client_limit = 500
inet_listener pop3 {
address = *
}
inet_listener pop3s {
address = *
}
process_limit = 50
process_min_avail = 2
service_count = 0
vsz_limit = 64 M
}
service pop3 {
process_limit = 512
vsz_limit = 256 M
}
ssl_cert = ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_key = pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s,
bytes=%i/%o
pop3_uidl_format = UID%u-%v
}
protocol lda {
postmaster_address = postmas...@example.com
}
1 18:23:54 gw-ud3 dovecot: imap(x...@.com): Panic: file
imap-client.c: line 849 (client_check_command_hangs): assertion failed:
(!have_wait_unfinished || unfinished_count > 0)
Feb 11 18:23:54 gw-ud3 dovecot: imap(x...@.com): Error: Raw
backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x8096a) [0x7f996c47e96a]
-> /usr/lib64/dovecot/libdovecot.so.0(+0x809d6) [0x7f996c47e9d6]$
Feb 11 18:23:55 gw-ud3 dovecot: imap(x...@.com): Fatal: master:
service(imap): child 329519 killed with signal 6 (core dumped)
Here's the backtrace:
(gdb) bt full
#0 0x7f046eb2e625 in raise (sig=) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = 0
pid = 98454
selftid = 98454
#1 0x7f046eb2fe05 in abort () at abort.c:92
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x2, sa_sigaction =
0x2}, sa_mask = {__val = {139657018134932, 1, 18488448, 0,
139657017886537, 139657017552035, 139657017530872, 206158430224,
140725557583888,
140725557583680, 4362456, 140725557583788, 18440536, 0,
0, 6717455502603727992}}, sa_flags = 1635021663, sa_restorer =
0x7ffd38dee060}
sigs = {__val = {32, 0 }}
#2 0x7f046ef10a60 in default_fatal_finish (type=out>, status=0) at failures.c:201
backtrace = 0x1196158
"/usr/lib64/dovecot/libdovecot.so.0(+0x80a6a) [0x7f046ef10a6a] ->
/usr/lib64/dovecot/libdovecot.so.0(+0x80ad6
Re: [BUG] Dovecot 2.2.21 crashing with assertion failed: (!have_wait_unfinished || unfinished_count > 0)
On 2/11/16 3:46 PM, Timo Sirainen wrote: On 11 Feb 2016, at 20:53, Gary Stanley wrote: Hello Dovecot's IMAP process appears to be crashing at random times for a few users, but one is crashing at least 3 to 5 times an hour. I applied these patches per http://dovecot.org/list/dovecot/2016-January/102933.html /https://github.com/dovecot/core/commit/1ddf959a750f3860feff4ab3f0e908f32740978f.diff //https://github.com/dovecot/core/commit/c8e9fa2ffa2566e75f0500808b1bc9bf5d9db024.diff //https://github.com/dovecot/core/commit/15307c2c91854e766bd9fb095d611a29b3f7572e.diff //https://github.com/dovecot/core/commit/c7801f830c7d2e7d340065cdd5a5c795b1726223.diff //https://github.com/dovecot/core/commit/f136b0050b3125b466af73984177250b7ed1a3be.diff / But it's still crashing. https://github.com/dovecot/core/commit/759a60c896270a74ef4a94ad348fe3722f183608.diff is still missing at least. I'm not sure if there was one more. To clarify, You want me to add that patch on top of the others ones?
Re: [Dovecot] sieve on debian squeeze
On 7/27/11, Andrea Ganduglia wrote: > Hi. I have a quite problem with dovecot and sieve on Debian Squeeze. > > I'm trying to enable sieve plugin into dovecot, but something is > deeply wrong. I hope that this is the right place to give some help. > > There are no errors or warning messages, simply sieve don't works. > > For the big picture about my mail server you can follow this link > http://www.linux-archive.org/debian-user/76-postfix-virtual_transport-maildrop.html > > and here there is my specific request on Debian User List > http://www.linux-archive.org/debian-user/557551-sieve-dovecot-squeeze-help.html > > here my dovecot -n output > > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.1 ext3 > log_timestamp: %Y-%m-%d %H:%M:%S > protocols: imap imaps pop3 pop3s lda > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable(default): /usr/lib/dovecot/imap-login > login_executable(imap): /usr/lib/dovecot/imap-login > login_executable(pop3): /usr/lib/dovecot/pop3-login > first_valid_uid: 102 > mail_privileged_group: mail > mail_location: maildir:/home/vmail/%d/%n > mbox_write_locks: fcntl dotlock > mail_executable(default): /usr/lib/dovecot/imap > mail_executable(imap): /usr/lib/dovecot/imap > mail_executable(pop3): /usr/lib/dovecot/pop3 > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 > lda: > log_path: /var/vmail/dovecot-deliver.log > postmaster_address: info@**.it > auth_socket_path: /var/run/dovecot/auth-master > mail_plugins: cmusieve > auth default: > mechanisms: cram-md5 plain login > debug: yes > passdb: > driver: sql > args: /etc/dovecot/dovecot-mysql.conf > userdb: > driver: sql > args: /etc/dovecot/dovecot-mysql.conf > socket: > type: listen > client: > path: /var/spool/postfix/private/auth > mode: 432 > user: postfix > group: postfix > master: > path: /var/run/dovecot/auth-master > mode: 384 > user: postfix > plugin: > sieve_global_path: /var/vmail/globalsieverc > sieve_dir: ~/sieve > sieve: ~/.dovecot.sieve > sieve_global_dir: /var/vmail/sieve > sieve_maxscriptsize: 128 > > Any suggestions? Thanks in advance! > > -Andrea > I think you need to change: mail_plugins: cmusieve to: mail_plugins: sieve -- Gary V
Re: [Dovecot] sieve on debian squeeze
>> Is this helping you?
>>
>> http://tech.groups.yahoo.com/group/postfix-users/message/274981
>
>
> OK. I tried all. It just doesn't works. virtual_transport = dovecot
> (or maildrop) return relay=none. Now I want work out how I can add a
> relay into chain, I think that is the base of this issue.
>
> Step one. This is my main.cf ... someone look errors?
>
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> biff = no
> append_dot_mydomain = no
> readme_directory = no
> smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_use_tls=yes
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> myhostname = domain.net
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> myorigin = /etc/mailname
> mydestination = domain.net, localhost.net, localhost
> relayhost =
> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
> mailbox_size_limit = 0
> recipient_delimiter = +
> inet_interfaces = all
> virtual_transport = virtual
> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
> virtual_gid_maps = static:105
> virtual_mailbox_base = /home/vmail/
> virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
> virtual_minimum_uid = 102
> virtual_uid_maps = static:102
> broken_sasl_auth_clients = yes
> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_non_fqdn_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unauth_destination,
> reject_unauth_pipelining,
> reject_invalid_hostname
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
> header_checks = regexp:/etc/postfix/header_checks
>
I use virtual virtual_transport = dovecot
In master.cf I have:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} -e
--
Gary V
Re: [Dovecot] sieve on debian squeeze
>> Is this helping you?
>>>
>>> http://tech.groups.yahoo.com/group/postfix-users/message/274981
>>
>>
>> OK. I tried all. It just doesn't works. virtual_transport = dovecot
>> (or maildrop) return relay=none. Now I want work out how I can add a
>> relay into chain, I think that is the base of this issue.
>>
>> Step one. This is my main.cf ... someone look errors?
>>
>> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
>> biff = no
>> append_dot_mydomain = no
>> readme_directory = no
>> smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
>> smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
>> smtpd_use_tls=yes
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>> myhostname = domain.net
>> alias_maps = hash:/etc/aliases
>> alias_database = hash:/etc/aliases
>> myorigin = /etc/mailname
>> mydestination = domain.net, localhost.net, localhost
>> relayhost =
>> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
>> mailbox_size_limit = 0
>> recipient_delimiter = +
>> inet_interfaces = all
>> virtual_transport = virtual
>> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
>> virtual_gid_maps = static:105
>> virtual_mailbox_base = /home/vmail/
>> virtual_mailbox_domains =
>> mysql:/etc/postfix/mysql_virtual_domains_maps.cf
>> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
>> virtual_minimum_uid = 102
>> virtual_uid_maps = static:102
>> broken_sasl_auth_clients = yes
>> smtpd_recipient_restrictions =
>> permit_mynetworks,
>> permit_sasl_authenticated,
>> reject_non_fqdn_hostname,
>> reject_non_fqdn_sender,
>> reject_non_fqdn_recipient,
>> reject_unauth_destination,
>> reject_unauth_pipelining,
>> reject_invalid_hostname
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain = $myhostname
>> smtpd_sasl_security_options = noanonymous
>> header_checks = regexp:/etc/postfix/header_checks
>>
>
> I use virtual virtual_transport = dovecot
>
> In master.cf I have:
> dovecot unix - n n - - pipe
> flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
> -e
Note that your user:group may differ
Also:
I also use this in main.cf:
dovecot_destination_concurrency_limit = 2
dovecot_destination_recipient_limit = 1
As far as SASL goes (unrelated to the LDA or Sieve issue), mine
differs from yours also, I have added:
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
under auth default in dovecot.conf I also have differences:
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
--
Gary V
[Dovecot] default_pass_scheme = PLAIN and blank password
I'm using Dovecot 1.2.15 on Ubuntu, but I think this applies to other versions as well. I store user info and passwords in MySQL. It appears 'default_pass_scheme = PLAIN' allows blank passwords. My question is: Is this a bug or is this by design? If it is by design, is there a setting that I'm not aware of that changes this behavior? Of course let me know if you need additional info on the setup I'm using. Thank you, Gary V
[Dovecot] lmtp logging incomplete (does not tell what mailbox mail is actually being saved to!)
We created a new virtual domain and created a user in that domain in our pgsql database. Instead of creating any directory structure in /home/virtual/mail//, I just sent a test email to see if dovecot's lmtp would autocreate. And it did! And mail appears to be delivered to an inbox.. but, logging is weird and I'm not sure everything is working as it should because: Dec 20 23:01:28 mx dovecot: lmtp(21458, u...@example.com): lUDFG8tZ8U7SUwAAO3tENA: msgid=<20111221040122.gp13...@hostname.example.org>: saved mail to . so why doesn't dovecot log where mail is stored/saved? thanks, Gary
Re: [Dovecot] lmtp logging incomplete (does not tell what mailbox mail is actually being saved to!)
On Wed, Dec 21, 2011 at 1:29 AM, Timo Sirainen wrote: > On 21.12.2011, at 6.09, Gary Chodos wrote: > >> We created a new virtual domain and created a user in that domain in >> our pgsql database. Instead of creating any directory structure in >> /home/virtual/mail//, I just sent a test email to see if >> dovecot's lmtp would autocreate. And it did! And mail appears to be >> delivered to an inbox.. but, logging is weird and I'm not sure >> everything is working as it should because: >> >> Dec 20 23:01:28 mx dovecot: lmtp(21458, u...@example.com): >> lUDFG8tZ8U7SUwAAO3tENA: >> msgid=<20111221040122.gp13...@hostname.example.org>: saved mail to >> >> . so why doesn't dovecot log where mail is stored/saved? > > That's a bug. Fixed by http://hg.dovecot.org/dovecot-2.0/rev/6d188f4e8e6a > > The empty string anyway means INBOX. a, thanks Timo!
[Dovecot] corrupted index?
We're seeing the following sporadically in the log file (single line broken into separate lines for readability): Corrupted index cache file /home/user/mail/.index/.imap/INBOX/dovecot.index.cache: invalid record size We're running dovecot-1.0.7-2.fc8. The imap directory is in the user's NFS-mounted /home directory, but doveot is running on the same host as the /home filesystem. There's plenty of disk space and no other significant system problems. The mail index directory we rm'd a week/so ago, so doveoct has had the opportunity to rebuild it. Any ideas on what might be causing this? Is this issue anything to worry about? thanks.
Re: [Dovecot] corrupted index?
On 02/02/08 12:27:14, Ronald MacDonald wrote: > On 02/02/2008, Gary Funck <[EMAIL PROTECTED]> wrote: > > Corrupted index cache file > > /home/user/mail/.index/.imap/INBOX/dovecot.index.cache: > > invalid record size > > > First of all, being NFS, I presume the system does not support > locking. Might it be an idea to check that the user isn't using two > clients at the same time? I found that this became a problem over NFS > when a user was using both a webmail interface and a standard client > eg Thunderbird on the same account. The user is using two clients (Live Mail(tm) and Apple Mail, IIRC), and might have them both running on different computers. His mailbox is also 380 Megs., fyi. Regarding NFS, although /home is exported via NFS, it is a local ext3 partition on the server where dovecot is running, and dovecot runs only on that server. Mail is delivered locally to /home/$user/mail/inbox via sendmail+procmail. Reading the wiki, this sort of configuration shouldn't cause locking problems. > > Where does Dovecot put the INDEX? My problem disappeared as soon as I > set INDEX=MEMORY. Hmmm, didn't know about that option, but see it described here: http://wiki.dovecot.org/MailLocation Does this mean that as long as the dovecot server is long-running that it will cache indexes into local memory? Or is the index kept in memory only for the per-client connection?
[Dovecot] Error: sieve_execute_bytecode(/var/sieve/global.sievec) failed
I'm just getting familiar with Dovecot. I get this error when I send
mail to a mailbox that is over quota. I have no problem with the way
quota is working and I have no problem with the sieve script detecting
spam and delivering it to the Spam folder. Just trying to figure out
why I get this error when quota is involved:
Error: sieve_execute_bytecode(/var/sieve/global.sievec) failed
See logs at:
http://www200.pair.com/mecham/spam/sieve-error.txt
---
/var/sieve/global.sieve:
require "fileinto";
if header :contains "X-Spam-Flag" "YES" {
fileinto "Spam";
}
---
# 1.1.8: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-1-686 i686 Debian 5.0 ext3
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap imaps pop3 pop3s
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
first_valid_uid: 6060
mail_privileged_group: mail
mail_location: maildir:/var/vmail/%d/%n
mail_debug: yes
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugins(default): autocreate quota imap_quota
mail_plugins(imap): autocreate quota imap_quota
mail_plugins(pop3): quota
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
auth default:
mechanisms: plain login cram-md5
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
passdb:
driver: sql
args: /etc/dovecot/dovecot-crammd5.conf
userdb:
driver: passwd
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
plugin:
quota: maildir:User quota
autocreate: Spam
autosubscribe: Spam
---
driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=pfix_password
default_pass_scheme = MD5-CRYPT
password_query = SELECT password FROM mailbox WHERE username = '%u'
AND active = '1'
user_query = SELECT CONCAT('/var/vmail/',maildir) AS home, 6060 AS
uid, 6060 AS gid FROM mailbox WHERE username = '%u' AND active = '1'
---
Thanks much,
--
Gary V
[Dovecot] Dovecot discards mail over quota
I'm new to Dovecot, using 1.1.8 and I just wanted to verify that what I am observing is the intended behavior. I'm using Maildir++ quota. When a message is delivered to a mailbox that cannot accept the message because it would place them over the quota limit, deliver states to the MTA that the messsage was delivered successfully (example using postfix): Jan 17 12:05:31 msa postfix/pipe[13983]: 088C5B9D47: to=, relay=dovecot, delay=0.72, delays=0.34/0.02/0/0.36, dsn=2.0.0, status=sent (delivered via dovecot service) But in actuality the mail is discarded (dropped). Then a bounce is created stating the mail was rejected: Your message to was automatically rejected: Quota exceeded (mailbox for user is full). Question: is it possible (without changing code) to alter this to where deliver would instead tempfail or something. Somehow it seems wrong to me to tell the MTA that everything is good, and then silently discard messages - regardless of the fact dovecot creates a bounce. This is not necessarily ideal either, but I _am_ wondering if this is configurable or not. deliver(t...@example.com): 2009-01-17 12:05:31 Info: msgid=<1293474859.20090117120...@example.com>: save failed to INBOX: Quota exceeded (mailbox for user is full) deliver(t...@example.com): 2009-01-17 12:05:31 Info: sieve runtime error: Keep: Generic Error deliver(t...@example.com): 2009-01-17 12:05:31 Error: sieve_execute_bytecode(/var/sieve/global.sievec) failed deliver(t...@example.com): 2009-01-17 12:05:31 Info: msgid=<1293474859.20090117120...@example.com>: rejected: Quota exceeded (mailbox for user is full) deliver(ga...@example.com): 2009-01-17 12:05:31 Info: msgid=: saved mail to INBOX -- Gary V
Re: [Dovecot] Dovecot discards mail over quota
On 1/17/09, Timo Sirainen wrote: > On Jan 17, 2009, at 2:36 PM, Gary V wrote: > > > Then a bounce is created stating the mail was rejected: > > > > Your message to was automatically rejected: > > Quota exceeded (mailbox for user is full). > > > > Question: is it possible (without changing code) to alter this to > > where deliver would instead tempfail or something. Somehow it seems > > wrong to me to tell the MTA that everything is good, and then silently > > discard messages - regardless of the fact dovecot creates a bounce. > > This is not necessarily ideal either, but I _am_ wondering if this is > > configurable or not. > > > > a) deliver -e > > b) quota_full_tempfail=yes > > c) a+b > Thank you, this helped to point me to the pertinent pages in the Wiki. -- Gary V
Re: [Dovecot] Dovecot discards mail over quota
On 1/17/09, Timo Sirainen wrote: > On Jan 17, 2009, at 2:36 PM, Gary V wrote: > > Then a bounce is created stating the mail was rejected: > > > > Your message to was automatically rejected: > > Quota exceeded (mailbox for user is full). > > > > Question: is it possible (without changing code) to alter this to > > where deliver would instead tempfail or something. Somehow it seems > > wrong to me to tell the MTA that everything is good, and then silently > > discard messages - regardless of the fact dovecot creates a bounce. > > This is not necessarily ideal either, but I _am_ wondering if this is > > configurable or not. > > > > a) deliver -e > > b) quota_full_tempfail=yes > > c) a+b > Just as a matter of interest. On my Postfix system: a) Using deliver -e, Postfix bounces the message immediately 5.7.0 -> Subject: Undelivered Mail Returned to Sender. Partial body: ": permission denied. Command output: Quota exceeded (mailbox for user is full)". Postfix does not retain the message. b) quota_full_tempfail=yes: defers the message with 4.3.0. If the user makes room for the message, then it will eventually be delivered. If they don't, then _eventually_ a bounce will be sent. In this case the bounce is less informative. Partial body: ": temporary failure". In the case where the message is not delivered, using default settings in Postfix, the sender will be notified 5 days after they sent the message. c) For over quota with a+b, it behaves the same way as b, but the bounce notice will be more informative: Partial body: ": temporary failure. Command output: Quota exceeded (mailbox for user is full)". I would say this is expected. Each of the four possibilites has advantages and disadvantages, and personally I think a) might be closest to "doing the right thing", but it would be cool to have the option of deferring the mail (using option a+b) and additionally have deliver immediately send a message to the sender notifying them that their mail has been delayed due to the recipient being over quota. Something like: ___ Mail Delay Notification Your message to has been delayed because the recipient's maibox is full. Your message will be retained on our server for an unspecified amount of time and a number delivery attemps may be made on your behalf. If delivery eventually fails, you will be sent a notification via email that delivery failed - or that your message was undeliverable. Note: notifications of this type are often identified as Junk Mail or Spam by mail systems! This aspect is beynd our control, so it may be in your best interest to contact the recipient by some other means and let them know you received this message. ___ Of course, one big problem would be to only send the message once, and not each time a delivery was attempted. No doubt there would be other issues. I'm just throwing this out there as a thought. I have no idea if would even be possible to implement something like this, or whether there is any interest or not. -- Gary V
Re: [Dovecot] Dovecot discards mail over quota
On 1/18/09, Sahil Tandon wrote: > On Sun, 18 Jan 2009, Gary V wrote: > > > On 1/17/09, Timo Sirainen wrote: > > > On Jan 17, 2009, at 2:36 PM, Gary V wrote: > > > > Then a bounce is created stating the mail was rejected: > > > > > > > > Your message to was automatically rejected: > > > > Quota exceeded (mailbox for user is full). > > > > > > > > Question: is it possible (without changing code) to alter this to > > > > where deliver would instead tempfail or something. Somehow it seems > > > > wrong to me to tell the MTA that everything is good, and then silently > > > > discard messages - regardless of the fact dovecot creates a bounce. > > > > This is not necessarily ideal either, but I _am_ wondering if this is > > > > configurable or not. > > > > > > > > > > a) deliver -e > > > > > > b) quota_full_tempfail=yes > > > > > > c) a+b > > > > > > > Just as a matter of interest. On my Postfix system: > > > > a) Using deliver -e, Postfix bounces the message immediately 5.7.0 -> > > Subject: Undelivered Mail Returned to Sender. Partial body: > > ": permission denied. Command output: Quota exceeded > > (mailbox for user is full)". Postfix does not retain the message. > > > > b) quota_full_tempfail=yes: defers the message with 4.3.0. If the user > > makes room for the message, then it will eventually be delivered. If > > they don't, then _eventually_ a bounce will be sent. In this case the > > bounce is less informative. Partial body: ": > > temporary failure". In the case where the message is not delivered, > > using default settings in Postfix, the sender will be notified 5 days > > after they sent the message. > > > > c) For over quota with a+b, it behaves the same way as b, but the > > bounce notice will be more informative: Partial body: > > ": temporary failure. Command output: Quota exceeded > > (mailbox for user is full)". > > > > I would say this is expected. > > > > Each of the four possibilites has advantages and disadvantages, and > > personally I think a) might be closest to "doing the right thing", but > > it would be cool to have the option of deferring the mail (using > > option a+b) and additionally have deliver immediately send a message > > to the sender notifying them that their mail has been delayed due to > > the recipient being over quota. Something like: > > I prefer a) because it does not involve backscatter in the case of spoofed > sender addresses. > > -- > Sahil Tandon > Hmm, in my test, mail is not rejected during smtp conversation, so as far as I can see, there is no prevention of backscatter. Posftix creates a bounce after the fact and sends it to whomever the sender is (or at least attempts to). As a side note: It looks like Couier/Maildrop uses the functional equivilent of a+b. At least when using Postfix, the message is deferred with a descriptive error: "temporary failure. Command output: maildrop: maildir over quota." I have not looked to see if this is configurable or not. I would assume it is, but have not checked into it. -- Gary V
Re: [Dovecot] Dovecot discards mail over quota
> a) Using deliver -e, Postfix bounces the message immediately 5.7.0 -> > Subject: Undelivered Mail Returned to Sender. Partial body: > ": permission denied. Command output: Quota exceeded > (mailbox for user is full)". Postfix does not retain the message. > > Each of the four possibilites has advantages and disadvantages, and > > personally I think a) might be closest to "doing the right thing"... Assuming one chooses a) as a preference, the current default is not far from a). The only functional difference I can see (at least as far as 'over quota' is concerned) is who sends the bounce (and subsequently - what message the bounce contains). If that's the case, it's a matter of which notification the mail admin prefers. -- Gary V
Re: [Dovecot] deliver rejection bounces
On 1/18/09, Timo Sirainen wrote: > Is there any reason not to make (for v1.2) > > 1) deliver -e behavior the defaut? > > 2) not even provide the option for the current default (have deliver send > bounces itself)? > > The only reason it even works like it does currently is because I just > mostly copied what Cyrus did. > I think doing so would make the system less flexible, and may make unexpected changes to the way a system is currently working. Some may prefer the flexibility of being able to customize the bounce. Recipients may have made rules in their MUAs based on text in current bounces. -- Gary V
Re: [Dovecot] Dovecot discards mail over quota
On 1/19/09, Ulrich Zehl wrote: > On Sun, Jan 18, 2009 at 12:26:46PM -0700, Gary V wrote: > > Just as a matter of interest. On my Postfix system: > > > > a) Using deliver -e, Postfix bounces the message immediately 5.7.0 -> > > Subject: Undelivered Mail Returned to Sender. Partial body: > > ": permission denied. Command output: Quota exceeded > > (mailbox for user is full)". Postfix does not retain the message. > > > > b) quota_full_tempfail=yes: defers the message with 4.3.0. If the user > > makes room for the message, then it will eventually be delivered. If > > they don't, then _eventually_ a bounce will be sent. In this case the > > bounce is less informative. Partial body: ": > > temporary failure". In the case where the message is not delivered, > > using default settings in Postfix, the sender will be notified 5 days > > after they sent the message. > > > > c) For over quota with a+b, it behaves the same way as b, but the > > bounce notice will be more informative: Partial body: > > ": temporary failure. Command output: Quota exceeded > > (mailbox for user is full)". > > > > I would say this is expected. > > You can also quota_exceeded_message to something like "4.2.2 Mailbox full" > (or "5.2.2 ..."). This works whenever -e is specified, i.e. for a) and c), > and you use Postfix 2.3 or later (see pipe(8)). > > > Each of the four possibilites has advantages and disadvantages, and > > personally I think a) might be closest to "doing the right thing", but > > it would be cool to have the option of deferring the mail (using > > option a+b) and additionally have deliver immediately send a message > > to the sender notifying them that their mail has been delayed due to > > the recipient being over quota. Something like: > > This is also easy with Postfix, if you use delay_warning_time (see > postconf(5)). > Right, thank you so much. I thought there was something like delay_warning_time that could make c) a workable choice. In fact, now I remember setting that up on my production server (when I had one a year ago) so senders would get notified their mail was still queued: This is the mail system at host msa.example.com. # THIS IS A WARNING ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. # Your message could not be delivered for more than 1 hour(s). It will be retried until it is 3 day(s) old. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : temporary failure. Command output: Quota exceeded (mailbox for user is full) -- Gary V
Re: [Dovecot] Dovecot discards mail over quota
> Right, thank you so much. I thought there was something like > delay_warning_time that could make c) a workable choice. In fact, now > I remember setting that up on my production server (when I had one a > year ago) so senders would get notified their mail was still queued: But then this creates an additional bounce message and Charles makes a valid point: > Again... the only unit responsible for sending actual bounce messages is > the SENDERS MTA. Your (receiving) MTA should only either ACCEPT (if so, > NEVER generate a 'bounce' later), DEFER or REJECT. However, I remember setting delay_warning_time for the benefit of local domain senders, so they would get notification of delayed delivery. If this is added, bounces to non-local domain sender would be a side effect of deferring over-quota messages. At any rate, thanks. I now have a good picture of what all the options are. -- Gary V
Re: [Dovecot] dovecot with IMAP and POP3 mixed
On 3/21/09, Seth Mattinen wrote: > Bill Cole wrote: > > Andreas Meyer wrote, On 3/21/09 11:16 AM: > >> Hello! > >> > >> I tried to setup dovecot to work with IMAP and POP3 but when I connect > >> with Squirrelmail, I get an error saying CREATE "INBOX.Sent" > >> reason: Mailbox doesn't allow inferior mailboxes > > > > That's for user7, right? > > > > The cause of that error is SquirrelMail (using IMAP) is trying to create > > a mailbox as a child of INBOX, but since user7 is defined as using mbox > > format, that fails. If you use mbox storage, an IMAP folder can have > > either messages or subfolders but never both, because when using mbox an > > IMAP folder containing messages is a file, while an IMAP folder > > containing subfolders is a directory. See > > http://wiki.dovecot.org/MailboxFormat/mbox for more info. > > > > There *should* be some way to make SquirrelMail stop trying to create > > its folders under INBOX, but I have no idea if there actually *is* one. > > Some IMAP servers only allow the creation of folders as children of > > INBOX, and as a result some (broken) IMAP clients only know how to > > create folders that way. You can accommodate such software in Dovecot by > > using namespaces. > > > > Run the squirrelmail configure program and change the "default folder > prefix" to blank under "folder defaults". > > ~Seth > When I set up a squirrellmail with Dovecot, on the configuration pade id option D. D. Set pre-defined settings for specific IMAP servers I write in 'dovecot', and it sets a number of setting for me, for example: Please select your IMAP server: bincimap= Binc IMAP server courier = Courier IMAP server cyrus = Cyrus IMAP server dovecot = Dovecot Secure IMAP server exchange= Microsoft Exchange IMAP server hmailserver = hMailServer macosx = Mac OS X Mailserver mercury32 = Mercury/32 uw = University of Washington's IMAP server quit= Do not change anything Command >> dovecot imap_server_type = dovecot default_folder_prefix = trash_folder = Trash sent_folder = Sent draft_folder = Drafts show_prefix_option = false default_sub_of_inbox = false show_contain_subfolders_option = false optional_delimiter = detect delete_folder = false -- Gary V
[Dovecot] INBOX empty after dsync
After hearing so many good things about mdbox, I am testing it. I
moved my Maildir to a test box, and did the conversion with dsync
which reported no errors and appeared to go fine after I set:
namespace {
separator = /
inbox = yes
}
and changed mail_location=mdbox:~/mdbox
But the problem is that the Inbox now is empty in my imap client.
What did I do wrong? I can see the emails are there if I grep for
subject lines I know exist in my inbox within ~/mdbox, but in the imap
client it is as if inbox is totally empty. All the other folders
appear fine in imap client.
Re: [Dovecot] INBOX empty after dsync
Nevermind. After resyncing my maildir and using the full sync flag
with dsync, the INBOX is there. Sorry for the noise
On Sun, Apr 10, 2011 at 9:15 PM, Gary Chodos wrote:
> After hearing so many good things about mdbox, I am testing it. I
> moved my Maildir to a test box, and did the conversion with dsync
> which reported no errors and appeared to go fine after I set:
>
> namespace {
> separator = /
> inbox = yes
> }
>
> and changed mail_location=mdbox:~/mdbox
>
> But the problem is that the Inbox now is empty in my imap client.
> What did I do wrong? I can see the emails are there if I grep for
> subject lines I know exist in my inbox within ~/mdbox, but in the imap
> client it is as if inbox is totally empty. All the other folders
> appear fine in imap client.
>
[Dovecot] logs show two connections to database even though using static driver
hi,
im using:
---
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%d/ mail=mdbox:/home/vmail/%d/%n
}
--
this works fine on a test machine but i still see *2* instead of 1
connections to the pgsql db before a successful login is logged.. how
can i avoid these extra connections?:
Apr 17 11:34:49 merlin dovecot: auth: pgsql(localhost): Connected to
database users
Apr 17 11:34:50 merlin dovecot: auth: pgsql(localhost): Connected to
database users
Apr 17 11:34:50 merlin dovecot: imap-login: Login: user=, ...
Re: [Dovecot] logs show two connections to database even though using static driver
On Wed, Apr 20, 2011 at 11:19 AM, Timo Sirainen wrote:
> On Sun, 2011-04-17 at 11:41 -0400, Gary Chodos wrote:
>> passdb {
>> driver = sql
>> args = /etc/dovecot/dovecot-sql.conf.ext
>> }
>>
>> this works fine on a test machine but i still see *2* instead of 1
>> connections to the pgsql db before a successful login is logged.. how
>> can i avoid these extra connections?:
>
> What Dovecot version? What is in dovecot-sql.conf.ext's connect setting?
It's 2.0.11 but I cannot reproduce the problem after returning to this
issue today... sorry for the noise.
[Dovecot] How to stop mail_executable from cwd to ~home
In our environment home directories are auto-mounted via /home/
including on the server provided mail.
Within the various mail services though we try to isolate
and override with local /mail/home/
Works well except that dovecot still wants to cd to the real home
triggering a useless and potentially hindering automount
when it invokes the imap or pop3 process specified by mail_executable,
ie an lsof of the process shows cwd of /home/ and the automounted home.
It does this even though home is properly overridden within.
I suspect this is part of changing to invoke as the user
as the *-login process are ok but then they are still running as dovecot.
Various recent attempts to explicitly respecify HOME for mail_executable
via a wrapper script or using env have been to no avail
(as seen below).
How can I resolve?
And no I don't just want to override /home at the system level.
Thanks
-- Gary
# 1.0.9: /etc/dovecot.conf
base_dir: /var/run/dovecot/
syslog_facility: local1
protocols: imap imaps pop3 pop3s
listen(default): *:143
listen(imap): *:143
listen(pop3): *:110
ssl_listen(default): *:993
ssl_listen(imap): *:993
ssl_listen(pop3): *:995
ssl_ca_file: /etc/ssl/certs/gd_bundle.crt
ssl_cert_file: /etc/ssl/certs/engr.uvic.ca.crt
ssl_key_file: /etc/ssl/private/engineeringwildcard.key
ssl_parameters_regenerate: 24
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_log_format_elements: %u [%r] %c
login_process_size: 32
login_processes_count: 8
login_max_processes_count: 150
verbose_proctitle: yes
first_valid_uid: 100
default_mail_env:
mbox:/mail/home/%u/mail/:INBOX=/mail/boxes/%u:INDEX=/mail/indexes/%u
mail_location:
mbox:/mail/home/%u/mail/:INBOX=/mail/boxes/%u:INDEX=/mail/indexes/%u
mbox_read_locks: fcntl dotlock
mbox_write_locks: fcntl dotlock
mail_executable(default): /bin/env 'HOME=/mail/home/$USER'
/usr/libexec/dovecot/imap
mail_executable(imap): /bin/env 'HOME=/mail/home/$USER'
/usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3-home
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh
tb-extra-mailbox-sep
imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh
tb-extra-mailbox-sep
imap_client_workarounds(pop3): outlook-idle
pop3_uidl_format(default):
pop3_uidl_format(imap):
pop3_uidl_format(pop3): %v.%u
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): oe-ns-eoh outlook-no-nuls
auth default:
passdb:
driver: pam
userdb:
driver: passwd
args: home=/mail/home/%u
plugin:
home: /mail/home/%u
[Dovecot] Integrating Dovecot with Amazon Web Services
I did some searching in the mail archives and didn't see any discussion of integration with AWS, so I wanted to through out my thoughts/plans and see if it has been done before. I am setting up my own personal website on EC2 along with an email server, and I really don't like the idea of using the disk drive as permanent mail storage. EBS is too small instance storage is ephermeral. Looking over the docs, the dbox format seems most easily copied for my needs. http://wiki2.dovecot.org/MailboxFormat/dbox To make life easy, I'll stick with just single-dbox as a start, however multi-dbox would be doable. With dbox, the only thing that I need to change is the alternate storage model: "An upshot of the way alternate storage works is that any given storage file (mailboxes//dbox-Mails/u.* (sdbox) or storage/m.* (mdbox)) can only appear *either* in the primary storage area *or* the alternate storage area but not both — if the corresponding file appears in both areas then there is an inconsistency." First I want to add AWS S3 as a storage option for alternate storage. Then instead of the above model, the new model would be that email is always stored in alternate storage, and may be in primary storage. So, when mail comes in, I'd have Dovecot save the email to the alternate storage S3 bucket and update the indexs and other information[ideally, for convenience purposes, a few bits of relevant indexing information can be stored as metadata in the S3 object - sufficient so that instead of retrieving the entire S3 object, just the meta data can be pulled to build indexes. When a client attempts to retrieve an email message, Dovecot would check primary storage as it does now, if the message is not found than it will retrieve it from the alternate storage system AND store a copy in the primary storage. Primary storage can be periodically purged, have quota's to keep it from growing too large, etc. In this way, primary storage can be viewed as a message cache, just keeping the messages that are currently of interest, while S3 is the real data. [Ideally, this can be expanded so that when a message comes in, in addition to storing a copy in S3, an AWS SNS notification can be issued so if multiple IMAP servers are running, they can all subscribe to the same SNS channel and update themselves as needed]. This give me unlimited disk storage at S3 prices, I would even like to be able to set a few options based on the folder, so I can enable versioning on important message folders, use the even cheaper reduced redundancy storage for archives, and set expiration dates on email in the trash and spam folders so S3 will automatically purge the messages after a month. Secondly, I'd like to replace the Mysql database usage with a simpleDB database. While simpleDB lacks much of MySQL's sophistication, it doesn't seem that Dovecot is really using any of that, so simpleDB can be functionally equivalent. The primary purpose of using simpleDB is that this way the entire Dovecot system can be ephermeral. When a properly configured dovecot AMI is launched, it will start up, pull it's config data from an S3 bucket, subscribe to the SNS channel for new updates, and then start the Dovecot server. It won't care if it is the only Dovecot server, or if there are 500 other servers running. They all share the same simpleDB database. Whenever any change is made that is relevant to server configuration, a notice is generated to SNS, and all the email is stored in S3. As a starting point, I'm thinking the best place for me to start coding is the single-s3-dbox message store as it has the least moving parts[mainly just fix up the save function to run the way I need it to, and the retrieve function to make a local copy of any incoming email...additional metadata functionality can be added later]. Has anyone else been working on something similar? -Gary
Re: [Dovecot] Integrating Dovecot with Amazon Web Services
On Thu, Jun 28, 2012 at 1:14 PM, Timo Sirainen wrote: > On 28.6.2012, at 17.43, Gary Mort wrote: > > First I want to add AWS S3 as a storage option for alternate storage. > > > > Then instead of the above model, the new model would be that email is > > always stored in alternate storage, and may be in primary storage. So, > > when mail comes in, I'd have Dovecot save the email to the alternate > > storage S3 bucket and update the indexs and other information[ideally, > for > > convenience purposes, a few bits of relevant indexing information can be > > stored as metadata in the S3 object - sufficient so that instead of > > retrieving the entire S3 object, just the meta data can be pulled to > build > > indexes. > > The indexes have to be in primary storage. > > True, but the data they are based on I'm assuming does not include the full email message, just a few key pieces: uniqueid, subject, from, to, etc. For an always running server, the indexes are always up to date in primary. For a server starting up with no index data, it will need to rebuild the index information[or for a second server running when new email has been delivered]. As such, rather then download every single email message just for a few bits of key info, I can run a re-index process to pull just the meta information and grab the data from there. > > When a client attempts to retrieve an email message, Dovecot would check > > primary storage as it does now, if the message is not found than it will > > retrieve it from the alternate storage system AND store a copy in the > > primary storage. > > I think the storing wouldn't be very useful. Most clients download the > message once. There's no reason to cache it if it doesn't get downloaded > again. The way it should work that new mails are immediately delivered to > both primary and alt storage. > > I've got tons of space - so I don't mind having 750MB or so for primary email message storage. If I can track how many times a message was actually read, over time I can get an idea of how I use it and setup the primary storage purge rules accordingly. > > Secondly, I'd like to replace the Mysql database usage with a simpleDB > > database. While simpleDB lacks much of MySQL's sophistication, it > doesn't > > seem that Dovecot is really using any of that, so simpleDB can be > > functionally equivalent. > > Dovecot will probably get Redis and/or memcache backend for passdb+userdb. > If simpledb is similar key-value database I guess the same code could be > used partially. > > simpleDB is more like SQLLITE: "Amazon SimpleDB is a highly available and flexible non-relational data store that offloads the work of database administration. Developers simply store and query data items via web services requests and Amazon SimpleDB does the rest." http://aws.amazon.com/simpledb/ Data model: http://docs.amazonwebservices.com/AmazonSimpleDB/latest/DeveloperGuide/DataModel.html Domain == Table Item == row ItemName == primary key Attributes == column Value == data in column[multi value, so there can be multiple values for an attribute of an item] There is no built in key relationship between data, it's just one big flat table. Columns/Attributes only have 2 types, string or integer You query the data like an SQL table: http://docs.amazonwebservices.com/AmazonSimpleDB/latest/DeveloperGuide/UsingSelect.html Because there are no dates, it's best to store dates as UTC timestamps which are integers and can then be compared against numerically. The datastore is spread over multiple Amazon data servers and can take up to a second to sync, so there are two methods of querying the data. Default: eventually consistent read: get the data quickly Optional: consistent read: check /all/ datastores and get the latest data Since the data in simpleDB may not be updated frequently, a simple hack using the notification system could be: Before updating simpleDB send SNS notice that the data is being updated and where[domain, user, config] Update Data After updating simpleDB send SNS notice that the update is complete Other servers running can record data updating notices in memory and expire them in about 15 seconds. For any queries they want to make for that type of data in the next 15 seconds, they will use consistent read. The nice thing about using S3 and simpleDB is that I can completely skip a lot of steps in replication/distributed services as it is all handled already. And one can always take one set of api calls and substitute another for a different notification system, distributed database, and cloud file storage.
Re: [Dovecot] Integrating Dovecot with Amazon Web Services
On Thu, Jun 28, 2012 at 1:21 PM, Timo Sirainen wrote: > On 28.6.2012, at 20.14, Timo Sirainen wrote: > > >> "An upshot of the way alternate storage works is that any given storage > >> file (mailboxes//dbox-Mails/u.* (sdbox) or storage/m.* (mdbox)) > can > >> only appear *either* in the primary storage area *or* the alternate > storage > >> area but not both — if the corresponding file appears in both areas then > >> there is an inconsistency." > > > > Whoever wrote that wasn't exactly correct (or clear). There's no problem > having the same file in both primary and alt storage. Only if the files are > different there's a problem, but that shouldn't happen.. > > Hmm. Although looking at the mdbox index rebuilding code: > >/* duplicate file. either readdir() returned it twice > (unlikely) or it exists in both alt and primary storage. > to make sure we don't lose any mails from either of the > files, give this file a new ID and rename it. */ > > It probably shouldn't be doing that. sdbox isn't doing that: > >/* we were supposed to open the file in alt storage, but it > exists in primary storage as well. skip it to avoid > adding > it twice. */ > > That's probably due to the different structures they use. sdbox can safely use either because each email message has a unique filename, and if it exists in both places it doesn't matter. mdbox though is different, multiple messages are stored in a single file. The index indicates in which file each message is located. When the data is moved to alt storage, the filename can change in which case the index is updated. IE: Primary/Msg06282012 -- contains Msg007, Msg008, Msg009 Primary/Msg06272012 -- contains Msg004, Msg005, Msg006 Primary/Msg06262012 -- contains Msg001, Msg002, Msg003 along comes archiving and the new format is: Primary/Msg06292012 -- contains Msg010, Msg011, Msg012 Primary/Msg06282012 -- contains Msg007, Msg009 Primary/Msg06272012 -- contains Msg004, Msg006 Primary/Msg06262012 -- contains Msg003 Alt/Msg06292012 00 contains Msg001, Msg002, Msg005, Msg008 Since the archive rules can be based on a lot of different scenarios[and a message can even be archived from the command line], the filenames between Primary and Alternate are not the same - and in fact the same filename in each place could have different messages. For example: if messages are archived when a user sets an imap flag on them. So with the way it's written now, it's not possible to have a simple fallback by filename. It would be possible if the naming convention was strictly enforced, ie after archiving you have: Primary/Msg06292012 -- contains Msg010, Msg011, Msg012 Primary/Msg06282012 -- contains Msg007, Msg009 Primary/Msg06272012 -- contains Msg004, Msg006 Primary/Msg06262012 -- contains Msg003 Alt/Msg06282012 -- contains Msg008 Alt/Msg06272012 -- contains Msg005 Alt/Msg06262012 -- contains Msg001, Msg002 Now the index can simply say what file a message is in and doesn't have to specify primary or secondary, and the primary file with that name can be checked first, and then if it is not there check the alternate.
[Dovecot] postfix/sendmail configuration
Hi all I have searched the net and cant find anything relating to this. In 15-lda.conf, the default sendmail is used to send messges from Dovecot, such as "out of hours" and "redirected" emails controlled by sieves. However, postfix/sendmail is looking in /etc/postfix/main.cf for the configuration file (as logged in /var/log/maillog), but I have the config file elsewhere, and I even have MAIL_CONFIG setup to point to the true config directory. Is there a method of setting 15-lda.conf sendmail config to ensure it uese the correct postfix config file? Thanks in advance Gary
Re: [Dovecot] segfault in Debian Squeeze + Dovecot 2.1.10
On Sat, Sep 22, 2012 at 1:57 PM, Joe Auty wrote: > Hello, > > I'm seeing a lot of these in my /var/log/messages in Debian Squeeze, I > suspect this might be causing performance issues. Any suggestions what I can > try to fix this? > >> [7236671.301179] imap-login[9306]: segfault at 28 ip 7f9ff83c7e14 sp >> 7fff49d385c0 error 4 in libdovecot.so.0.0.0[7f9ff837c000+8b000] > > > I'm using the 2.1.10 packages obtained with the following in my > sources.list: > > deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.1 main > > > I need to use Dovecot 2.1.x because I need to support handling multiple SSL > certs. May not be related at all, but when I see segfaults on Debian, the first thing I try is to switch to bash as the default system shell: dpkg-reconfigure dash Answer: Use dash as the default system shell (/bin/sh)? -- Gary V
Re: [Dovecot] dovecot.conf: mechanisms = plain login cram-md5 | Windows Live Mail: CRAM-MD5 authentication failed. This could (NOT) be due to a lack of memory on your system
On 8/7/10, Jerrale G wrote:
> /etc/dovecot.conf:
>
> auth default {
> mechanisms=plain login cram-md5
>passdb {
> #..
>
> Windows Live Mail:
> CRAM-MD5 authentication failed. This could be due to a lack of memory on
> your system.
> Your IMAP command could not be sent to the server, due to non-network
> errors. This could, for example, indicate a lack of memory on your system.
>
> Configuration:
> Account: Sheltoncomputers (testuser)
> Server: mail.sheltoncomputers.com
> User name: testu...@sheltoncomputers.com
> Protocol: IMAP
> Port: 993
> Secure(SSL): 1
> Code: 800cccdf
>
> The console I'm using is 4 GB ram; so, this dumb error of windoze dead mail
> is irrelevant. The other mechanisms of TLS/no tls plain login work fine. The
> passwords are stored in mysql as md5(password) but this works on others not
> using cram-md5 (secure login of the client). I'm trying to support a
> plethora of mechanisms for the convenience of the customer and .
>
> Jerrale G.
> Senior Admin
>
I'm no expert, but if I'm not mistaken, cram-md5 requires a plain text
shared secret. I quote from
http://www.sendmail.org/~ca/email/cyrus2/components.html:
"Shared Secret Mechanisms - For these mechanisms, such as CRAM-MD5,
DIGEST-MD5, and SRP, there is a shared secret between the server and
client (e.g. a password). However, in this case the password itself
does not travel on the wire. Instead, the client passes a server a
token that proves that it knows the secret (without actually sending
the secret across the wire). For these mechanisms, the server
generally needs a plaintext equivalent of the secret to be in local
storage (not true for SRP)."
The auth default section of my dovecot.conf looks like:
auth default {
mechanisms = plain login cram-md5
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
passdb sql {
args = /etc/dovecot/dovecot-crammd5.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = root
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
With an /etc/dovecot/dovecot-crammd5.conf that might look something like this:
driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=password
default_pass_scheme = PLAIN
password_query = SELECT clear AS password FROM mailbox WHERE username
= '%u' AND active = '1'
With an added field to store a plain text password (I called it "clear").
--
Gary V
[Dovecot] Gotchas in switching from one server to another without impacting users?
We have to replace one mail store (foo.example.org) with another (bar.example.org). I rsync'd the maildirs from foo to bar today and the plan is to hold all delivery (in the SMTP server) on foo over the weekend, rsync again (this time it should be much faster since the large xfer already occurred today), then flush the SMTP queue on foo towards bar, direct all new deliveries to bar.example.org. Users currently access their IMAP mailboxes via imap.example.org. I plan to just 'flip the switch' at DNS so imap.example.org points to bar.example.org (instead of foo.example.org) so users don't have to change anything on their end and should not even notice this change. Is there anything else I should think about to mitigate users noticing a change? Does the fact that the mail filenames include 'foo.example.org' in the file name (while new deliveries to bar.example.org will include that new hostname) spell trouble later on or can I ignore it? Is there a more efficient way to achieve my goal? And finally, dovecot on foo.example.org is 1.1.7 while the new server is running 1.1.16. I don't think that should be an issue, but mentioning it just in case. Thanks! -- GC
Re: [Dovecot] Gotchas in switching from one server to another without impacting users?
On Fri, Aug 14, 2009 at 5:17 PM, Sahil Tandon wrote: > On Fri, 14 Aug 2009, Timo Sirainen wrote: > >> On Aug 14, 2009, at 12:36 AM, Gary Chodos wrote: >> >>> We have to replace one mail store (foo.example.org) with another >>> (bar.example.org). I rsync'd the maildirs from foo to bar today and >>> the plan is to hold all delivery (in the SMTP server) on foo over the >>> weekend, rsync again (this time it should be much faster since the >>> large xfer already occurred today), then flush the SMTP queue on foo >>> towards bar, direct all new deliveries to bar.example.org. Users >>> currently access their IMAP mailboxes via imap.example.org. I plan to >>> just 'flip the switch' at DNS so imap.example.org points to >>> bar.example.org (instead of foo.example.org) so users don't have to >>> change anything on their end and should not even notice this change. >> >> And I guess you also thought about the DNS cache TTLs? > > The OP should also consider killing dovecot during the rsync (similar to what > another member of this list suggested). Then restart with a new > configuration that proxies incoming IMAP connections towards the new server > in case some clients still hit the old server before full DNS propagation. To make the proxy feature work I had to allow plaintext auth on 143 from old -> new server. I use firewall rules to prohibit anyone except the old server from accessing the new one on port 143. Does this pose a security issue? Is there something else I should do to prevent security holes?
[Dovecot] is there a script to find a message from a given username easily?
Hello people,
I used primarily mutt and sendmail for many years. (And elm
before mutt.) All my mail was saved into ~/Mail. Messages
from, say, sm...@foo.ber were stored in ~/Mail/smith; all mail
from smith was catenated into one file, and if I wanted to
find something that smith had written, I would just cd to
~/Mail and grep or egrep on a likely word or phrase.
Is there a script that can reach into my server into My
maildirectory and cp or symlink (say) ~/Maildir/smith's files:
2 -rw--- 1 kline kline 780 Apr 18 2008
1208585354.91013_3.aristotle:2,S
2 -rw--- 1 kline kline 731 May 15 2008
1210901757.55602_4.aristotle:2,S
2 -rw--- 1 kline kline 566 May 18 2008
1211140486.77700_3.aristotle:2,S
2 -rw--- 1 kline kline 578 May 20 2008
1211326880.95596_4.aristotle:2,S
2 -rw--- 1 kline kline 578 May 21 2008 1211393732.2283_3.aristotle:2,S
2 -rw--- 1 kline kline 673 Apr 13 2009 1239636788.1457_3.aristotle:2,S
6 -rw--- 1 kline kline 4242 Apr 14 2009
1239748901.16354_4.aristotle:2,S
into somthing named ~/Mail/smith, with all files catted
together?
tia,
gary kline
--
Gary Kline kl...@thought.org http://www.thought.org Public Service Unix
http://jottings.thought.org http://transfinite.thought.org
The 7.31a release of Jottings: http://jottings.thought.org/index.php
[Dovecot] How do i translate the old default_mail_env setting?
Hi,
First, I am new to dovecot. Before my Jan '08 meltdown,
sendmail was sufficient. A friend set up dovecot and since
things just-worked, I was happy with that. Now I have a new
mailserver and what was installed nearly two years ago fails.
My pal installed things in dovecot.conf this way:
default_mail_env = maildir:~/Maildir
but the new mail environment is too different to be readily
understood. --At least for me!-- The "%u" variable is
confusing; so in the "%h" ($HOME [?]) variable...
Would the following edit work on my old conf file:
mail_location = maildir:~/Maildir ?
tia,
gary kline
--
Gary Kline kl...@thought.org http://www.thought.org Public Service Unix
http://jottings.thought.org http://transfinite.thought.org
The 7.31a release of Jottings: http://jottings.thought.org/index.php
Re: [Dovecot] How do i translate the old default_mail_env setting?
On Sun, Dec 06, 2009 at 07:52:44PM -0500, Timo Sirainen wrote: > On Dec 6, 2009, at 3:37 PM, Gary Kline wrote: > > > My pal installed things in dovecot.conf this way: > > > > default_mail_env = maildir:~/Maildir > > > > but the new mail environment is too different to be readily > > understood. --At least for me!-- The "%u" variable is > > confusing; so in the "%h" ($HOME [?]) variable... > > %h is exactly the same as ~. > > > Would the following edit work on my old conf file: > > > > > > mail_location = maildir:~/Maildir ? > > Yes, that would work. Appreciate it. Is there an overview of your IMAP/POP3 server? Overview, tuturial, what dovecot does? newest features, etc? The fellow who set up dovecoat origially has [ what I believe to be] an unnecessary SASL service. I would like to avoid all redundancies, save CPU, troubles, and so on. ... thanks much, gary -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.31a release of Jottings: http://jottings.thought.org/index.php
Re: [Dovecot] How do i translate the old default_mail_env setting?
On Mon, Dec 07, 2009 at 11:35:43AM -0500, Timo Sirainen wrote: > On Sun, 2009-12-06 at 17:13 -0800, Gary Kline wrote: > > Appreciate it. Is there an overview of your IMAP/POP3 server? > > Overview, tuturial, what dovecot does? newest features, etc? > > Well, there's http://wiki.dovecot.org/MailServerOverview and > http://dovecot.org/talks/ > > > The fellow who set up dovecoat origially has [ what I believe > > to be] an unnecessary SASL service. I would like to avoid all > > redundancies, save CPU, troubles, and so on. ... > > Your SMTP server might be authenticating using the SASL service. Yes, but because much of this was new I simply followed my friend's guidelines blindly. Here are what I did (cut-and-pasted) without understand much: +++ Configuring Mail Services Now we will begin with configuring the Sendmail SMTP server, with SMTP-AUTH. When we compile Sendmail, we want it to recognize that we will use SASL2 for smtp authentication. So, we need to add these items to the file /etc/make.conf: SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 Now, compile sasl2 and sasl2-saslauthd (in 1 operation): # cd /usr/ports/security/cyrus-sasl2-saslauthd; make install clean Check the contents of /usr/local/lib/sasl2/Sendmail.conf, make sure it says: pwcheck_method: saslauthd # cat /usr/local/lib/sasl2/Sendmail.conf pwcheck_method: saslauthd Configure saslauthd to load at boot. Add this to the end of /etc/rc.conf: saslauthd_enable="YES" Start saslauthd # /usr/local/etc/rc.d/saslauthd start Now its time to recompile sendmail with SASL2 support. # cd /usr/src/lib/libsm; make clean; make obj; make depend; make # cd /usr/src/lib/libsmutil; make clean; make obj; make depend; make # cd /usr/src/usr.sbin/sendmail; make clean; make obj; make depend; make; make install +++ This is from Jon Horne's own wiki pages, http://dfwlpiki.dfwlp.org/index.php/Deploying_a_FreeBSD_6.2_Server from 2007. Am I right that I no longer need the "cyrus-sasl2-saslauthd" daemon and can get rid of it? I plan to use Jon's wiki page and update using dovecot alone for my own how-to on building a mail server. --It is one of three howto writeups I am working on. In short, I want especially mail to be lean and *correct*. Mostly correct! -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.31a release of Jottings: http://jottings.thought.org/index.php
[Dovecot] Want to simplify [Was:Re: How do i translate the old default_mail_env setting?]
On Mon, Dec 07, 2009 at 03:29:44PM -0800, Gary Kline wrote: > On Mon, Dec 07, 2009 at 11:35:43AM -0500, Timo Sirainen wrote: > > On Sun, 2009-12-06 at 17:13 -0800, Gary Kline wrote: > > > Appreciate it. Is there an overview of your IMAP/POP3 server? > > > Overview, tuturial, what dovecot does? newest features, etc? > > > > Well, there's http://wiki.dovecot.org/MailServerOverview and > > http://dovecot.org/talks/ > > > > > The fellow who set up dovecoat origially has [ what I believe > > > to be] an unnecessary SASL service. I would like to avoid all > > > redundancies, save CPU, troubles, and so on. ... > > > > Your SMTP server might be authenticating using the SASL service. > > Yes, but because much of this was new I simply followed my > friend's guidelines blindly. Here are what I did (cut-and-pasted) > without understand much: > Let me rephrase my previous post: I had installed the cyrus-sasl2 port. Can I safely remove this now and reply on the builtin dovecot SASL? -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.31a release of Jottings: http://jottings.thought.org/index.php
Re: [Dovecot] Want to simplify [Was:Re: How do i translate the old default_mail_env setting?]
On Wed, Dec 09, 2009 at 02:08:34PM -0500, Timo Sirainen wrote: > On Wed, 2009-12-09 at 10:39 -0800, Gary Kline wrote: > > > > Your SMTP server might be authenticating using the SASL service. > .. > > Let me rephrase my previous post: I had installed the > > cyrus-sasl2 port. Can I safely remove this now and reply on > > the builtin dovecot SASL? > > You said you built Sendmail with SASL support. Sendmail doesn't support > Dovecot SASL. So you need to keep using Cyrus SASL. > Thanks much. I thought this might be the case; and, looking over my friend's write-up, I see that he links cyrus into things-sendmail. ---I've used sendmail for too long to give it up now. But a final question: do you ever think that dovecot might integrate sendmail?? -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.31a release of Jottings: http://jottings.thought.org/index.php
Re: [Dovecot] irregular problem on outlook + imap
On Wed, Dec 09, 2009 at 02:52:00PM -0500, Timo Sirainen wrote:
> On Tue, 2009-12-01 at 16:19 +0100, Michele Petrazzo - Unipex wrote:
> > * LSUB () "." " folder.with.dots and spaces and numbers"
>
Hi Folks,
This may relate to one of the few problems I see with dovecot.
This had nothing to do with outlook; rather mutt or kmail.
A couple years ago, sendmail delivered my mail to
~/Mail/ and I could cd to ~/Mail and grep and find the
string(s) sought.
Dovecot seems to save its mail on my mailserver as
~/Mailbox//*. What do I change in the conf file to
get rid of the directory DOT prefixes?
If there is any documentation on this, please point me at it?
tia.
> This means it's in the subscriptions file.
>
> > lylu APPEND "folder.with.dots and spaces and numbers" (\Seen)
> > "30-Nov-2009 10:34:00 +0100" {280844}
> > lylu NO [TRYCREATE] Mailbox doesn't exist: folder.with.dots and spaces
> > and numbers
>
> This means it doesn't really exist, even though it's subscribed.
>
> > On the maildir home (maildir:~/mail/), it's present the folder.with.dots
> > and spaces and numbers and the same into the "subscriptions" file
>
> Are you sure it's really in the ~/mail/ directory exactly the same? You
> could try also talking IMAP directly:
>
> telnet localhost 143
> a login user pass
> b list "" "folder.with.dots*"
>
> Is it listed?
>
> Anyway it should work fine:
>
> a create "folder.with.dots and spaces and num1234"
> a OK Create completed.
> b append "folder.with.dots and spaces and num1234" {10}
> + OK
> From: foo
>
> b OK Append completed.
--
Gary Kline kl...@thought.org http://www.thought.org Public Service Unix
http://jottings.thought.org http://transfinite.thought.org
The 7.31a release of Jottings: http://jottings.thought.org/index.php
Re: [Dovecot] irregular problem on outlook + imap
On Wed, Dec 09, 2009 at 03:21:54PM -0500, Timo Sirainen wrote: > On Wed, 2009-12-09 at 12:16 -0800, Gary Kline wrote: > > A couple years ago, sendmail delivered my mail to > > ~/Mail/ and I could cd to ~/Mail and grep and find the > > string(s) sought. > > > > Dovecot seems to save its mail on my mailserver as > > ~/Mailbox//*. What do I change in the conf file to > > get rid of the directory DOT prefixes? > > What do you mean by ? You mean different mailboxes? That depends upon the definition of mailbox. Mail to me from, say, "smith" was stored as ~/Mail/smith; mail from "jones" was stored as ~/Mail/jones. In early '08, using dovecot, that became ~Maildir/.smith/* and ~/Maildir/.jones/*. It would be nice to get rid of the leading dot. > > > If there is any documentation on this, please point me at it? > > Apparently you want LAYOUT=fs, not Maildir++. Hm, I have no clue; I'm too new right now. > http://wiki.dovecot.org/MailLocation/Maildir#Directory_layout thanks much; i'll check this page. > -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.31a release of Jottings: http://jottings.thought.org/index.php
Re: [Dovecot] Want to simplify [Was:Re: How do i translate the old default_mail_env setting?]
On Wed, Dec 09, 2009 at 02:28:19PM -0500, Timo Sirainen wrote: > On Wed, 2009-12-09 at 11:26 -0800, Gary Kline wrote: > > Thanks much. I thought this might be the case; and, looking > > over my friend's write-up, I see that he links cyrus into > > things-sendmail. ---I've used sendmail for too long to give > > it up now. But a final question: do you ever think that > > dovecot might integrate sendmail?? > > I've no idea. Sendmail people are free to add Dovecot support if they > want to, but I've no interest in doing that work. > All right, then it's an MTA-side issue. Maybe I'll hack in the Dovecot support then. Dovecot is just waaay to outstanding to be unsupported. -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.31a release of Jottings: http://jottings.thought.org/index.php
[Dovecot] Integrating dovecot 1.01 into CentOS-3.8 systemw with chroot passwd dirs?
Hello. I'm administrating a CentOS 3.8 linux system (RHEL3) and I just replaced the imap-2002d-12 package that came with the system, with a dovecot 1.01 package I obtained through the dovecot home page. The problem I have, is that many of my POP3 users have jailed user accounts set up through wu-ftpd, where the dir field is of the form /home/group/./pop/user, and wu-ftpd chroots them from /home/group but then places them into their home directories, in this case /home/group/pop/user. dovecot can't seem to locate their mail directory. Can anyone offer any advice on this situation? Please respond to my email address if you could. --- Here are some relevant stats: example user: lda01 home directory (in /etc/passwd: /home/lda/./pop/lda01 mail folder directory: /home/lda/pop/lda01/mail INBOX: /home/mail/lda01 (/var/mail, /var/spool/mail symlinked to /home/mail.) dovecot 1.01 output of dovecot -n: #1.0.1: /etc/dovecot.conf base_dir: /var/run/dovecot log_path: /var/log/dovecot.log protocols: imap imaps pop3 pop3s ssl_disable: yes ssl_cert_file: /usr/share/ssl/certs/dovecot.pem ssl_key_file: /usr/share/ssl/certs/dovecot.pem login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_greeting: mail.digimark.net ready. valid_chroot_dirs: /var/mail:/var/spool/mail:/home/mail:/home mail_extra_groups: mail mail_location: mbox:~/mail:INBOX=/home/mail/%u mail_debug: yes mail_full_filesystem_access: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xv%08Xu auth default: passdb: driver: pam args: blocking=yes dovecot userdb: driver: passwd attempt to login using a Squirrelmail (webmail) client gave these entries in the dovecot.log error log: dovecot: Jul 12 16:22:50 Info: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured dovecot: Jul 12 16:22:50 Info: IMAP(lda01): Effective uid=10572, gid=510, home=/pop/lda01 dovecot: Jul 12 16:22:50 Info: IMAP(lda01): mbox: data=/pop/lda01/mail:INBOX=/home/mail/lda01 dovecot: Jul 12 16:22:50 Info: IMAP(lda01): mbox: root=/pop/lda01/mail, index=/pop/lda01/mail, inbox=/home/mail/lda01 dovecot: Jul 12 16:23:04 Error: IMAP(lda01): open(/home/mail/lda01, O_CREAT) failed: No such file or directory dovecot: Jul 12 16:23:04 Error: IMAP(lda01): access() failed with mbox file /home/mail/lda01: No such file or directory dovecot: Jul 12 16:23:04 Error: IMAP(lda01): stat() failed with mbox file /home/mail/lda01: No such file or directory dovecot: Jul 12 16:23:58 Info: IMAP(lda01): Disconnected: Logged out -- -- "Outside of a dog, a book is a man's best friend. -- Inside of a dog, it is too dark to read." -- Groucho Marx. Gary Goldberg KA3ZYW <[EMAIL PROTECTED]> V:301/249-6501 F:301/390-1955 AIM:OgGreeb Digital Marketing/Bowie MD/Systems & Networks Consult <http://www.digimark.net/>
Re: [Dovecot] Integrating dovecot 1.01 into CentOS-3.8 systemw with chroot passwd dirs?
On Fri, 13 Jul 2007, Timo Sirainen wrote: Dovecot chroots the users as well then. Thanks for the reply; That's good news. mail_location: mbox:~/mail:INBOX=/home/mail/%u Change this to: mail_location: mbox:~/mail:INBOX=~/%u Does it work then? Wouldn't that parse to $HOME/$USER for each inbox? Currently sendmail/procmail delivers mail to /var/mail, which is symlinked to /home/mail in my system. -- -- "Outside of a dog, a book is a man's best friend. -- Inside of a dog, it is too dark to read." -- Groucho Marx. Gary Goldberg KA3ZYW <[EMAIL PROTECTED]> V:301/249-6501 F:301/390-1955 AIM:OgGreeb Digital Marketing/Bowie MD/Systems & Networks Consult <http://www.digimark.net/>
Re: [Dovecot] Integrating dovecot 1.01 into CentOS-3.8 systemw with chroot passwd dirs?
I dug deep into the documentation and I think I understand what's happening, but I have no idea what to do about it. I also took a moment and moved the user INBOX files back from /home/mail to /var/mail, so that wouldn't confuse anything. (My mail_location is set tomail_location: mbox:~/mail:INBOX=/var/mail/%u ) I have two types of users on my system -- those with home directories (set in /etc/passwd) of the form /home/group/pop/user who are allowed to access the file system, and /home/group/./pop/user who are chrooted to their home directories for things like ftp. dovecot appears to be working fine with those users without /./ in their password directory fields. When dovecot gets the user home directory field from PAM, if it sees the /./, it chroots them so that their home directory is /pop/user, and their mail subdirectory is /pop/user/mail. But I can't see how dovecot would then access their INBOX, which is located outside the chroot in /var/mail/%u. For example: dovecot: Jul 13 10:59:13 Info: pop3-login: Login: user=, method=PLAIN, rip=70.21.123.223, lip=64.191.213.14 dovecot: Jul 13 10:59:13 Info: POP3(lda07): Effective uid=10578, gid=510 dovecot: Jul 13 10:59:13 Info: POP3(lda07): mbox: data=/pop/lda07/mail:INBOX=/var/mail/lda07 dovecot: Jul 13 10:59:13 Info: POP3(lda07): mbox: root=/pop/lda07/mail, index=/pop/lda07/mail, inbox=/var/mail/lda07 dovecot: Jul 13 10:59:13 Error: POP3(lda07): open(/var/mail/lda07, O_CREAT) failed: No such file or directory dovecot: Jul 13 10:59:13 Error: POP3(lda07): access() failed with mbox file /var/mail/lda07: No such file or directory dovecot: Jul 13 10:59:13 Error: POP3(lda07): stat() failed with mbox file /var/mail/lda07: No such file or directory dovecot: Jul 13 10:59:13 Error: POP3(lda07): Couldn't init INBOX: Internal error occurred. Refer to server log for more information. [2007-07-13 10:59:13] dovecot: Jul 13 10:59:13 Info: POP3(lda07): Mailbox init failed top=0/0, retr=0/0, del=0/0, size=0 Any thoughts? Thanks. -Gary -- -- "Outside of a dog, a book is a man's best friend. -- Inside of a dog, it is too dark to read." -- Groucho Marx. Gary Goldberg KA3ZYW <[EMAIL PROTECTED]> V:301/249-6501 F:301/390-1955 AIM:OgGreeb Digital Marketing/Bowie MD/Systems & Networks Consult <http://www.digimark.net/> On Fri, 13 Jul 2007, Timo Sirainen wrote: On 13.7.2007, at 3.57, Gary Goldberg wrote: mail_location: mbox:~/mail:INBOX=/home/mail/%u Change this to: mail_location: mbox:~/mail:INBOX=~/%u Does it work then? Wouldn't that parse to $HOME/$USER for each inbox? Currently sendmail/procmail delivers mail to /var/mail, which is symlinked to /home/mail in my system. Yes, but $HOME expands to / since you have the chroot.
Re: [Dovecot] Integrating dovecot 1.01 into CentOS-3.8 systemw with chroot passwd dirs?
On Fri, 13 Jul 2007, Sophie Nicoud wrote: I had this error, it was a problem of mailbox size from procmail+postfix I add this to /etc/postfix/mainc.cf file, in order to set the max size of inbos at 1Go : mailbox_size_limit = 1073741824 virtual_mailbox_limit = 1073741824 Thank you for the feedback. I wasn't able to locate a place to implement this change, because all of the mailboxes have less than 50MB in them, and I'm using sendmail 9.3 plus procmail as the delivery agent. It's defintely clear that if I remove the chroot /./ from the users' passwd file, then everything works fine. I'm going to temporarily remove the /./ from each mail users' account, but I'm still hoping for some insight into a proper fix. -Gary -- -- "Outside of a dog, a book is a man's best friend. -- Inside of a dog, it is too dark to read." -- Groucho Marx. Gary Goldberg KA3ZYW <[EMAIL PROTECTED]> V:301/249-6501 F:301/390-1955 AIM:OgGreeb Digital Marketing/Bowie MD/Systems & Networks Consult <http://www.digimark.net/>
[Dovecot] High cpu usage OpenSolaris
Hi, I've built 64-bit dovecot 1.0.2 on Opensolaris to replace version 1.0.0rc10. It functions fine, but when I connect, it eats up all available cpu. My guess is that the poll thread is running continuously. Any ideas on what I should do to verify this or does anyone know of a fix? Thanks, Gary begin:vcard fn:Gary Gendel n:Gendel;Gary org:IC Manage, Inc adr:Suite 17;;101 Church Street;Los Gatos;CA;95030;USA email;internet:[EMAIL PROTECTED] title:Chief Software Architect tel;work:908-369-0334 tel;home:908-369-5496 url:http://www.icmanage.com version:2.1 end:vcard
[Dovecot] High cpu usage OpenSolaris
All, Nevermind... I discovered the problem. It was in the Solaris Sun Studio 12 compiler. I created a debug version to begin testing, but that version worked without sucking up the cpu. So it looks like the optimizer messed up. If I used the -fast optimization, it sucks up cpu, but with -xO5 all is well. Gary - Hi, I've built 64-bit dovecot 1.0.2 on Opensolaris to replace version 1.0.0rc10. It functions fine, but when I connect, it eats up all available cpu. My guess is that the poll thread is running continuously. Any ideas on what I should do to verify this or does anyone know of a fix? Thanks, Gary begin:vcard fn:Gary Gendel n:Gendel;Gary org:IC Manage, Inc adr:Suite 17;;101 Church Street;Los Gatos;CA;95030;USA email;internet:[EMAIL PROTECTED] title:Chief Software Architect tel;work:908-369-0334 tel;home:908-369-5496 url:http://www.icmanage.com version:2.1 end:vcard
[Dovecot] Plugin development question
Hello, >From what I have read on the dovecot site, it's possible to create a plugin for a custom data store format. We have emails in a custom format in a database and would like to create a plugin for accessing these emails through dovecot. Is there any supporting documentation from creating a plugin like this? Are there any samples? TIA, Gary
Re: [Dovecot] Plugin development question
> I think you should begin with Dovecot v1.1 code which makes it a lot > easier. It has Cydir format that is really simple and serves as a > pretty good example of how to implement a new backend. > > Cydir is a mail_storage backend, but you'll probably need to also > implement mailbox_list backend. Shouldn't be too difficult by looking > at FS and Maildir++ backends I think. > > By database do you mean SQL or something else? I've beginnings of SQL > backend plugin already, but I don't remember if it was for v1.0 code or > some version of v1.1. http://dovecot.org/patches/mail-sql.tar.gz Timo, Thanks for the information. I can't go too much into the project but yes, SQL is one of the stores. This will definitely be helpful. I will download the 1.1 codebase and also take a look at your mail-sql patch as a foundation for what I'm doing. Gary
Re: [Dovecot] Plugin development question
> I think you should begin with Dovecot v1.1 code which makes it a lot > easier. It has Cydir format that is really simple and serves as a > pretty good example of how to implement a new backend. I've been digging though the cydir format. It looks fairly simple. Basically, the short gist of it is that I will be replacing some of the service calls (that retrieve data) with web service calls (to retrieve data). The data for the messages themselves (i.e. the envelope) is stored in a database. So looking into the cydir, I see the retrieval and storage functions. Since this is read only, this part is pretty simple, I think. But the Maildir list functions seem a little more complicated. I'm walking through them right now. From looking into it, it seems there are several functions that I will need to define in my own class to handle/override the existing core functions. Where can I get a list of all of the virtual functions that can be derived from, without digging through the code completely. Also, keeping in mind that everything is basically read only from a client perspective, can I only implement the read functions and still end up with a working system? Please bear in mind that my C skills are 10 years old, so a lot of this is a learning experience :). BTW, you mentioned the FS backend. I didn't see that under lib-storage/*. Gary > > Cydir is a mail_storage backend, but you'll probably need to also > implement mailbox_list backend. Shouldn't be too difficult by looking > at FS and Maildir++ backends I think.
Re: [Dovecot] Plugin development question
> But the Maildir list functions seem a little more complicated. I'm > walking through them right now. From looking into it, it seems there > are several functions that I will need to define in my own class to > handle/override the existing core functions. Where can I get a list of > all of the virtual functions that can be derived from, without digging > through the code completely. Somehow I missed all of the lib-storage/list/* files. I've seem to have found most of what I'm looking for. I also discovered the *_vfuncs declarations that list everything that needs overriding. My intent now is to build out a shell wrapper for my plugins. My only other question for the time being would be the minimal implementation for functions that do nothing. That is, all of the write functions. Do I need to pass down to a base class or just return a default success value (or whatever the return type would be)? > BTW, you mentioned the FS backend. I didn't see that under > lib-storage/*. > > Gary
Re: regarding ssl certificates
Is there some reason to use a mail.domain.com cert for mail rarher than just using domain.com for everything? Historically the subdomain were used because they were on different hardware. That is www was on one machine and mail was on another. Original Message From: dovecot@dovecot.org Sent: March 14, 2019 3:56 PM To: dovecot@dovecot.org Reply-to: jtam.h...@gmail.com Subject: Re: regarding ssl certificates mick crane wrote: > Apache2 default install has this snake oil certificate > Can make a new one for apache I won't go over some of the excellent points in previous posts, but I will mention SAN as a third type of certificate you can make. LetsEncrypt supports this type of certificate. This is halfway between single CN and wildcard certificate where you can combine many hostnames (up to 1000?) into one certificate. This may be useful if you want the convenience of handling fewer certificates, without having an unbounded wildcard certificate (the latter also requires control over your DNS). I use this for SMTPAUTH, POP3, IMAP and webmail services since they are all on one server. Then Stephan von Krawczynski wrote: > Sorry I have to write this, but this is again pointing people in a fake > security direction. > The only valid authority for a certificate is the party using it. Any third > party with unknown participants cannot be a "Certificate Authority" in its > true sense. This is why you should see "Let's Encrypt" simply as a cheap way > to fake security. It is a US entity, which means it _must_ hand out all > necessary keys to fake certificates to the US authorities _by law_. > Now probably you can imagine why they are giving the certificates out for > free. US authorities can compromise all of them - without any "open > knowledge". Wow, you packed a lot of fear, uncertainty and doubt (and some misinformation) into one paragraph. I'll leave it at that. Joseph Tam
Re: regarding ssl certificates
I do whatever Google requires not to look like spam. Fortunately the don't insist on DANE. I was just concerned about the encryption being secure. I used to use a self signed cert until Google made it to your advantage to use encryption on websites. Once I set up Let's Encrypt, it seemed dumb to use the self signed cert. On a quarterly basis the email agents warns about the cert change. If Let's Encrypt goes to monthly cert renewal, this is going to get a little tiresome. I recently modified the bash based ACME to reload Dovecot and Postfix. The programs eventually adjusted to the cert update, but the email agents weren't happy for an hour or two. The GitHub documentation for the ACME script indicates how to do this. Original Message From: dovecot@dovecot.org Sent: March 15, 2019 12:07 AM To: dovecot@dovecot.org Reply-to: mpet...@domblogger.net Subject: Re: regarding ssl certificates With PKIX validation the certificate should match the hostname. With SMTP, the hostname should match the reverse IP though often it does not. Using subdomains gives you flexibility. with DANE validation, it is DNSSEC that validates the fingerprint to the hostname so I do not believe there is a need for the hostname in the cert to match anything, but DANE validation is currently not used by any mail user agents, only PKIX validation is used by mail user agents. DANE is used to MTA to MX quite frequently however, so it may come to mail user agents in the near future (near being within a decade or so). On 3/14/19 10:03 PM, Gary via dovecot wrote: > Is there some reason to use a mail.domain.com cert for mail rarher than just > using domain.com for everything? > > Historically the subdomain were used because they were on different hardware. > That is www was on one machine and mail was on another. > > > > > > Original Message > > > > From: dovecot@dovecot.org > Sent: March 14, 2019 3:56 PM > To: dovecot@dovecot.org > Reply-to: jtam.h...@gmail.com > Subject: Re: regarding ssl certificates > > > mick crane wrote: > >> Apache2 default install has this snake oil certificate >> Can make a new one for apache > > I won't go over some of the excellent points in previous posts, > but I will mention SAN as a third type of certificate you can make. > LetsEncrypt supports this type of certificate. > > This is halfway between single CN and wildcard certificate where you can > combine many hostnames (up to 1000?) into one certificate. This may > be useful if you want the convenience of handling fewer certificates, > without having an unbounded wildcard certificate (the latter also requires > control over your DNS). I use this for SMTPAUTH, POP3, IMAP and webmail > services since they are all on one server. > > Then Stephan von Krawczynski wrote: > >> Sorry I have to write this, but this is again pointing people in a fake >> security direction. >> The only valid authority for a certificate is the party using it. Any third >> party with unknown participants cannot be a "Certificate Authority" in its >> true sense. This is why you should see "Let's Encrypt" simply as a cheap way >> to fake security. It is a US entity, which means it _must_ hand out all >> necessary keys to fake certificates to the US authorities _by law_. >> Now probably you can imagine why they are giving the certificates out for >> free. US authorities can compromise all of them - without any "open >> knowledge". > > Wow, you packed a lot of fear, uncertainty and doubt (and some > misinformation) into one paragraph. I'll leave it at that. > > Joseph Tam >
