strange interaction with MacOSX calendar server
I’ve installed and configured Apple’s calendar server. It seems to be working
just fine.
However it keeps trying to speak to my IMAP server — don’t know why — and the
authentication attempts fail every 30 seconds or so.
Here’s what’s in the calendar server logs:
2016-01-07 22:42:38+ [-] [caldav-1] [IMAP4DownloadProtocol
(TLSMemoryBIOProtocol),client]
[txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error]
IMAP login failed for com.apple.calendarserver
2016-01-07 22:43:08+ [-] [caldav-1] [IMAP4DownloadProtocol
(TLSMemoryBIOProtocol),client]
[txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error]
IMAP login failed for com.apple.calendarserver
2016-01-07 22:43:39+ [-] [caldav-1] [IMAP4DownloadProtocol
(TLSMemoryBIOProtocol),client]
[txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error]
IMAP login failed for com.apple.calendarserver
And in dovecot’s logs I see:
Jan 7 22:47:43 hutch dovecot[63067]: imap-login: Disconnected (auth failed, 2
attempts in 4 secs): user=, method=PLAIN,
rip=195.54.233.70, lip=195.54.233.70, TLS, session=
Jan 7 22:48:10 hutch dovecot[63067]: auth-worker(65378): Error:
pam(com.apple.calendarserver,195.54.233.70): pam_acct_mgmt() failed: permission
denied
Jan 7 22:48:14 --- last message repeated 1 time ---
Jan 7 22:48:14 hutch dovecot[63067]: imap-login: Disconnected (auth failed, 2
attempts in 4 secs): user=, method=PLAIN,
rip=195.54.233.70, lip=195.54.233.70, TLS, session=
Jan 7 22:48:40 hutch dovecot[63067]: auth-worker(65378): Error:
pam(com.apple.calendarserver,195.54.233.70): pam_acct_mgmt() failed: permission
denied
Jan 7 22:48:44 --- last message repeated 1 time —
I tweaked dovecot to use AUTH PLAIN as well as CRAM-MD5. [The MD5 stuff has
always worked fine for SMTP and IMAP over TLS.] I think /etc/pam.d/dovecot is
OK too:
% cat /etc/pam.d/dovecot
#
# as documented on Dovecot wiki
auth required pam_opendirectory.so try_first_pass
accountrequired pam_nologin.so
accountrequired pam_opendirectory.so
password required pam_opendirectory.so
Here’s my dovecot.conf:
# 2.2.5: dovecot.conf
# OS: Darwin 12.5.0 x86_64
auth_mechanisms = plain login cram-md5
base_dir = /var/run/dovecot/
listen = *, [::]
mail_debug = yes
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
hidden = yes
inbox = yes
list = no
location = mbox:~/mail:INBOX=/var/mail/%u
prefix = "#mbox/"
separator = /
type = private
}
namespace {
inbox = no
list = yes
location = maildir:/var/imap/%u:LAYOUT=fs
prefix =
separator = /
type = private
}
passdb {
driver = pam
args = failure_show_msg=yes
}
passdb {
args = /usr/local/etc/dovecot-md5
driver = passwd-file
}
protocols = imap
service auth {
executable = /usr/local/libexec/dovecot/auth
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service imap-login {
client_limit = 32
executable = /usr/local/libexec/dovecot/imap-login
inet_listener imap {
port = 0
}
process_limit = 128
process_min_avail = 3
service_count = 1
vsz_limit = 64 M
}
service imap {
executable = /usr/local/libexec/dovecot/imap
process_limit = 32
}
service pop3-login {
client_limit = 32
process_limit = 128
process_min_avail = 3
service_count = 1
vsz_limit = 64 M
}
service pop3 {
process_limit = 32
}
ssl_cert =
[Dovecot] getting Apple Mail and dovecot/IMAP to co-operate
Hi. I've been fighting a losing battle to get Apple Mail and dovecot to play nice. When dovecot is told to use mbox-style mailboxes, it's not possible to create child mailboxes. Apple Mail whines "The IMAP command “CREATE” failed with server error: Mailbox doesn't allow inferior mailboxes.". I've looked through the documentation, the wiki and searched the mail archives without finding a solution. Can anyone help? I've tried (and failed) to get a hybrid maildir/mbox setup to work like that shown on http://wiki.dovecot.org/Namespaces. When that gets plugged into dovecot.conf, Apple Mail blocks, with the Activity window saying "waiting for login" or something like that, even though a valid imaps connection and login has been established. There's nothing getting logged by dovecote for both of these problems, even when syslog is turned all the way to debug priority. Here's the current configuration info: shaun# dovecot -n # 1.1.16: /usr/local/etc/dovecot.conf # OS: FreeBSD 7.2-RELEASE amd64 ufs base_dir: /var/run/dovecot/ syslog_facility: local4 protocols: imaps listen: *, [::] ssl_cert_file: /usr/local/etc/ssl/certs/dovecot.pem ssl_key_file: /usr/local/etc/ssl/private/dovecot.pem ssl_cipher_list: ALL:!LOW:!SSLv2 login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login login_max_processes_count: 8 login_max_connections: 32 max_mail_processes: 32 mail_privileged_group: mail mail_location: mbox:/mail/imap/%u:INBOX=/var/mail/%u mail_debug: yes mbox_write_locks: fcntl auth default: mechanisms: cram-md5 verbose: yes debug: yes passdb: driver: pam passdb: driver: passwd-file args: /usr/local/etc/dovecot-md5 userdb: driver: passwd shaun# dovecot --version 1.1.16
Re: [Dovecot] getting Apple Mail and dovecot/IMAP to co-operate
On 8 Jul 2009, at 18:08, Timo Sirainen wrote:
On Wed, 2009-07-08 at 17:58 +0100, Jim Reid wrote:
Hi. I've been fighting a losing battle to get Apple Mail and dovecot
to play nice. When dovecot is told to use mbox-style mailboxes, it's
not possible to create child mailboxes. Apple Mail whines "The IMAP
command “CREATE” failed with server error: Mailbox doesn't allow
inferior mailboxes.". I've looked through the documentation, the wiki
and searched the mail archives without finding a solution. Can anyone
help?
If you want to create e.g. "sub/box", start from nothing. Don't create
"sub". Give the mailbox name as "sub/box". The "sub" then can't have
messages, but it can have other child mailboxes.
Thanks for the quick response Timo. Sadly, your suggestion doesn't
look as if it'll work because there are many non-empty parent
mailboxes that have to get shifted to the new dovecot server. ie There
are messages in sub as well as sub/box: too many to move to sub/
whatever. And there are many of these sorts of folders too. Some
mailboxes are even more deeply nested with subfolders: sub/box1/box2
where sub/box1 holds messages. Looks like an all-mbox solution isn't
going to be viable at all. Oh well.
I've tried (and failed) to get a hybrid maildir/mbox setup to work
like that shown on http://wiki.dovecot.org/Namespaces. When that gets
plugged into dovecot.conf, Apple Mail blocks, with the Activity
window
saying "waiting for login" or something like that, even though a
valid
imaps connection and login has been established.
I don't really know about that. What kind of a namespace configuration
exactly did you use?
Here's the last one I tried before hitting a dead end. There were
various combinations of settings for the prefix, hidden and list
variables that were tried unsuccessfully before that.
###namespace private {
### separator = /
### #prefix = "#mbox/"
### location = mbox:INBOX=/var/mail/%u
### inbox = yes
### #hidden = yes
### list = no # for v1.1+
###}
###namespace private {
### separator = /
### prefix =
### location = maildir:/mail/imap/$u:LAYOUT=fs
### inbox = no
### list = yes
###}
Re: [Dovecot] getting Apple Mail and dovecot/IMAP to co-operate
Hi Timo. Thanks again for your help. I've got things just about working as planned. There's one minor irritation however. Users see a strange mailbox icon at the top of their list of mailboxes on the dovecot server. It's called #mbox and has a > symbol next to it indicating that it contains nested mailbox(es). The icon for the mailbox not filled in, which is usually how Apple Mail indicates there's something wrong with the mailbox. In this case, it's not possible to put messages in #mbox. Is there a simple way to make this mailbox disappear from the list displayed by the client? # 1.1.16: /usr/local/etc/dovecot.conf # OS: FreeBSD 7.2-RELEASE amd64 base_dir: /var/run/dovecot/ syslog_facility: local4 protocols: imaps listen: *, [::] ssl_cert_file: /usr/local/etc/ssl/certs/dovecot.pem ssl_key_file: /usr/local/etc/ssl/private/dovecot.pem ssl_cipher_list: ALL:!LOW:!SSLv2 login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login login_max_processes_count: 8 login_max_connections: 32 max_mail_processes: 32 mail_privileged_group: mail mail_debug: yes mbox_write_locks: fcntl namespace: type: private separator: / prefix: #mbox/ location: mbox:~/mail:INBOX=/var/mail/%u inbox: yes hidden: yes list: yes subscriptions: yes namespace: type: private separator: / location: maildir:/mail/imap/%u:LAYOUT=fs list: yes subscriptions: yes auth default: mechanisms: cram-md5 verbose: yes debug: yes passdb: driver: pam passdb: driver: passwd-file args: /usr/local/etc/dovecot-md5 userdb: driver: passwd
Re: [Dovecot] getting Apple Mail and dovecot/IMAP to co-operate
On 13 Jul 2009, at 13:10, Axel Luttgens wrote: Could you try with " list = no" for your first namespace definition? Doh! This does the job!! Thanks very much Axel. I'm drinking too much coffee if I miss something that obvious :-)
Re: [Dovecot] ntpd / Time just moved backwards
On 11 Sep 2009, at 09:06, Frank Elsner wrote: Sep 10 21:21:02 seymour dovecot: dovecot: Fatal: Time just moved backwards by 434 seconds. [ ... ] Sep 10 21:50:55 seymour ntpd[9104]: time reset +434.824810 s Sep 10 21:26:36 seymour ntpd[9104]: no servers reachable What might happened? And where to ask also? This is not a dovecot problem. It's a timekeeping problem. dovecote detected that your computer went back in time and didn't like that. Check on the NTP mailing lists and web site for more information about why your time-keeping failed. It looks like you have a broken NTP setup. Your NTP daemon decided to change your computer's time by 434 seconds. This "never happens". ntpd continuously makes lots of small adjustments to the computer's time of day clock so that time always goes forward as it synchronises that clock to a more reliable and accurate time source. It usually only jumps the time by intervals of several seconds or more at boot time (or if it's run by hand and forced to do that). BTW, you seem to be running on a broken operating system too. Good ones don't permit time travel. The only way they allow the time of day back to be put back is when the system is in a privileged, single-user state. Messing with the system clock causes security holes -- eg replay attacks --and breaks application software, notably make which relies on timestamps. And as you've just found out, it breaks dovecot too.
Re: [Dovecot] Binary locations
On 6 Oct 2009, at 16:32, Timo Sirainen wrote: Where do you think the following binaries should be installed to? Hi Timo. IMO /sbin is for the dovecot daemon, /libexec/dovecot is for supporting tools & utilities /lib is for dovecot's (shared) libraries /etc is for config files
Re: [Dovecot] testing needed
Timo, you test program runs fine on MacOSX 10.5.8 (Darwin Kernel Version 9.8.0)
[Dovecot] what's wrong with this config file?
Hi. I'm setting up a new IMAPS server. Mail users don't have login access to
the box but will each have unique UNIX-style UIDs: no back-end database or LDAP
thing. So far. Their mail will get delivered to UNIX-style mailboxes in
/var/mail/%u (where %u is the UNIX username obviously). Their IMAP folders will
go in /var/imap/%u. These will contain subfolders once everyone migrates to the
new set-up and some folders will contain messages and subfolders.
I think this is what I configured in dovecot. However when I try to set up a
test account, dovecot reports the following error:
Dec 12 02:22:00 shaun dovecot: imap-login: Login: user=, method=CRAM-MD5,
rip=10.0.0.1, lip=10.1.1.1, mpid=14874, TLS, session=<8Hy1Ak3t+gDDNulD>
Dec 12 02:22:00 shaun dovecot: imap(jim): Error: user jim: Initialization
failed: namespace configuration error: Duplicate namespace prefix: ""
Dec 12 02:22:00 shaun dovecot: imap(jim): Error: Invalid user settings. Refer
to server log for more information.
I've checked and re-checked the wiki. google was unable to suggest any
explanation either. Any ideas what's wrong? There is no duplicate namespace
(and/or prefix) that I can see below.
# 2.2.9: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.2-RELEASE amd64
auth_mechanisms = cram-md5
auth_verbose = yes
base_dir = /var/run/dovecot/
default_client_limit = 120
director_username_hash = %Lu
import_environment = TZ
listen = *, [::]
mail_debug = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace {
disabled = no
hidden = yes
ignore_on_failure = no
inbox = yes
list = yes
location = mbox:~/mail:INBOX=/var/mail/%u
prefix = "#mbox/"
separator = /
subscriptions = yes
type = private
}
namespace imapstuff {
disabled = no
hidden = no
ignore_on_failure = no
inbox = no
list = yes
location = maildir:/var/imap/%u:LAYOUT=fs
prefix =
separator = /
subscriptions = yes
type = private
}
namespace inbox {
disabled = no
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = no
driver =
special_use = \Drafts
}
mailbox Junk {
auto = no
driver =
special_use = \Junk
}
mailbox Sent {
auto = no
driver =
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
driver =
special_use = \Sent
}
mailbox Trash {
auto = no
driver =
special_use = \Trash
}
prefix =
separator =
subscriptions = yes
type = private
}
passdb {
driver = pam
}
passdb {
driver = pam
}
passdb {
args = /usr/local/etc/dovecot-md5
driver = passwd-file
}
protocols = imap
service aggregator {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = aggregator
extra_groups =
fifo_listener replication-notify-fifo {
group =
mode = 0600
user =
}
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener replication-notify {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service anvil {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = anvil
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 1
protocol =
service_count = 0
type = anvil
unix_listener anvil-auth-penalty {
group =
mode = 0600
user =
}
unix_listener anvil {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service auth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = auth -w
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 1
type =
unix_listener auth-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service auth {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = auth
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-client {
group =
mode = 0600
user =
}
unix_listener auth-login {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-master {
group =
mode = 0600
user =
}
unix_listener auth-userdb {
group =
mode = 0666
user = $default_internal_user
}
unix_listener login/login {
group =
mode = 0666
user =
}
unix_listener token-login/tokenlogin {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_
