Share Website certificate with SSL/STL Dovecot IMAP and Postifix SMTP
Hi guys, I've bought a certificate from the authority for my website to use to access in https mode. Is it possible to share the same pairs to authenticate the emails sent by postfix and Dovecot in order to avoid that client as Hotmail.it or Gmail intercept these as Spam? Thank you
How to apply the patch for disable SSL3 on Dovecot 2.0.9
Hi,I see on Dovecot 2.0.9 is no possibile disable SSL3 Until I wait the panel of my server will look into this issue and maybe put a more updated version, how I can fix this?I found on the Internet http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 also link to the patch http://www.mail-archive.com/dovecot@dovecot.org/msg59945.html I don't know what to do for fix the SSL 3 Issue I AM On CentoOs 6.3Thanks.
Re: [Dovecot] Mail lost - maybe a bug???
Hello Timo of course we have entries: grep 'pop3.*mmanzoni.*del=0.*' deliver.log* |grep "Dec 12" deliver.log.2:Dec 12 13:13:19 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=23/2025701, del=0/3920, size=700800292 deliver.log.2:Dec 12 13:46:02 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=1/475746, del=0/3921, size=701276018 deliver.log.2:Dec 12 14:58:08 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=8/911587, del=0/3929, size=702187446 deliver.log.2:Dec 12 14:58:09 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3929, size=702187446 deliver.log.2:Dec 12 15:55:24 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=1/936418, del=0/3930, size=703123844 deliver.log.2:Dec 12 16:40:59 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=1/421415, del=0/3931, size=703545240 deliver.log.2:Dec 12 16:43:23 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 17:37:21 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 17:44:38 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 18:14:29 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 18:17:50 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 Also what kind of tools are ever accessing mails? Is it just Dovecot LDA + IMAP + POP3? No doveadm or any external tools? yes, only LDA + IMAP + POP3, no external tools I hope you have some ideas Kind regards Marco carcano
[Dovecot] No ports listening
Please forgive my newbie post but this has me stumped. I've been a happy
Dovecot 0.X and 1.X admin for years but something in my first 2.X
configuration is oddly broken. It loads fine, logs no errors, but
doesn't listen to any network ports! Thanks in advance for any help.
Marco
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.35.14 x86_64 Ubuntu 10.10 ext4
auth_debug = yes
auth_mechanisms = plain login
first_valid_gid = 111
first_valid_uid = 111
login_greeting = example.com pop/imap ready
mail_location = mbox:/var/mail/%u.imap:INBOX=/var/mail/%u
passdb {
args = scheme=CRYPT username_format=%u /etc/dovecot/users
driver = passwd-file
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0666
}
}
service imap-login {
inet_listener imap {
address = *
port = 143
}
inet_listener imaps {
address = *
port = 993
}
process_limit = 50
}
service pop3-login {
inet_listener pop3 {
address = *
port = 110
}
inet_listener pop3s {
address = *
port = 995
}
process_limit = 50
}
ssl_cert =
[Dovecot] Dovecot LDA LDAP lookups on samba4 server ends very often in timeouts
I hope that someone will be so kind to help me into solving this really strange thing (don't know if it is a bug or not) I have a samba4 server and want to use postfix+dovecot - dovecot version is 2.0.11 as for the postfix side everything is OK (all the LDAP lookups works without any error, tested also manually with postmap -q) the real pain is with dovecot deliver: it seems that sometimes lda tries to lookup to the LDPA (samba 4) server, got a reply, an then report(after 2 minutes) a lookup timeout error the really strange thing is that (very seldom) lda works, but most of the times I got the timeout error. The strange thing is that if I use ldapsearch I never got timeout neither late replies, and even postfix performs its lookups without any issue it seems something related to lda itself (I do not know if I have a wrong configuration, but I think this is not a configuration issue, otherwise it should not work at all) here are the information logged when it does not work - after this log you will find the one when I got the failure (if needed I can provide a .pcap file too) (trailing and leading spaces of AT charcater has been added by me) ## FAULTY DELIVER LOG # Feb 20 12:20:50 sng02 postfix/smtpd[8928]: connect from localhost[127.0.0.1] Feb 20 12:21:14 sng02 postfix/smtpd[8928]: A38D4407F5: client=localhost[127.0.0.1] Feb 20 12:21:20 sng02 postfix/cleanup[8891]: A38D4407F5: warning: header Subject: prova from localhost[127.0.0.1]; from=senderdomain.tld> to= proto=SMTP helo= Feb 20 12:21:20 sng02 postfix/cleanup[8891]: A38D4407F5: message-id=<20130220112114.A38D4407F5 @ srv01.mydomain.local> Feb 20 12:21:20 sng02 postfix/qmgr[8889]: A38D4407F5: from=senderdomain.tld>, size=371, nrcpt=1 (queue active) Feb 20 12:21:20 sng02 dovecot: lda: Debug: Loading modules from directory: /usr/lib64/dovecot Feb 20 12:21:20 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Feb 20 12:21:20 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib20_expire_plugin.so Feb 20 12:21:20 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_simple_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_sasl_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_send_initial_request Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_new_connection 1 1 0 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_int_open_connection Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_connect_to_host: TCP localhost:389 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_new_socket: 16 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_prepare_socket: 16 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_connect_to_host: Trying ::1 389 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_pvt_connect: fd: 16 tm: -1 async: 0 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_open_defconn: successful Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_send_server_request Feb 20 12:21:20 sng02 dovecot: auth: Debug: master in: USER#0111#011marco.carcano#011service=lda Feb 20 12:21:20 sng02 dovecot: auth: Debug: password(marco.carcano): passdb doesn't support credential lookups Feb 20 12:21:20 sng02 dovecot: auth: Error: static(marco.carcano): passdb doesn't support lookups, can't verify user's existence Feb 20 12:21:20 sng02 dovecot: auth: Debug: ldap(marco.carcano): user search: base=DC=mydomain,DC=local scope=subtree filter=(sAMAccountname=marco.carcano) fields=Mailbox,dovecotMailQuota Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_result ld 0x6cba60 msgid -1 Feb 20 12:21:20 sng02 dovecot: auth: Error: wait4msg ld 0x6cba60 msgid -1 (timeout 0 usec) Feb 20 12:21:20 sng02 dovecot: auth: Error: wait4msg continue ld 0x6cba60 msgid -1 all 0 Feb 20 12:21:20 sng02 dovecot: auth: Error: ** ld 0x6cba60 Connections: Feb 20 12:21:20 sng02 dovecot: auth: Error: * host: localhost port: 389 (default) Feb 20 12:21:20 sng02 dovecot: auth: Error: refcnt: 2 status: Connected Feb 20 12:21:20 sng02 dovecot: auth: Error: last used: Wed Feb 20 12:21:20 2013 Feb 20 12:21:20 sng02 dovecot: auth: Error: Feb 20 12:21:20 sng02 dovecot: auth: Error: Feb 20 12:21:20 sng02 dovecot: auth:
Re: [Dovecot] Dovecot LDA LDAP lookups on samba4 server ends very often in timeouts
just to complete the informations of this thread, here is the log of a mail delivered succesfully (trailing and leading spaces of AT charcater has been added by me) ## MAIL SUCCEFFULLY DELIVERED LOG # Feb 19 17:41:01 sng02 postfix/smtpd[4006]: connect from localhost[127.0.0.1] Feb 19 17:41:28 sng02 postfix/smtpd[4006]: 95659407F5: client=localhost[127.0.0.1] Feb 19 17:41:36 sng02 postfix/cleanup[4011]: 95659407F5: warning: header Subject: prova from localhost[127.0.0.1]; from=senderdomain.tld> to= proto=SMTP helo= Feb 19 17:41:36 sng02 postfix/cleanup[4011]: 95659407F5: message-id=<20130219164128.95659407F5 @ srv01.mydomain.local> Feb 19 17:41:36 sng02 postfix/qmgr[3992]: 95659407F5: from=senderdomain.tld>, size=371, nrcpt=1 (queue active) Feb 19 17:41:36 sng02 dovecot: lda: Debug: Loading modules from directory: /usr/lib64/dovecot Feb 19 17:41:36 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Feb 19 17:41:36 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib20_expire_plugin.so Feb 19 17:41:36 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so Feb 19 17:41:36 sng02 dovecot: auth: Debug: master in: USER#0111#011marco.carcano#011service=lda Feb 19 17:41:36 sng02 dovecot: auth: Debug: password(marco.carcano): passdb doesn't support credential lookups Feb 19 17:41:36 sng02 dovecot: auth: Error: static(marco.carcano): passdb doesn't support lookups, can't verify user's existence Feb 19 17:41:36 sng02 dovecot: auth: Debug: ldap(marco.carcano): user search: base=DC=mydomain,DC=local scope=subtree filter=(sAMAccountname=marco.carcano) fields=Mailbox,dovecotMailQuota Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap(marco.carcano): Connection appears to be hanging, reconnecting Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_unbind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_request (origid 2, msgid 3) Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_request (origid 2, msgid 2) Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection 1 1 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_unbind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection: actually freed Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection 1 1 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_unbind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection: actually freed Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_create Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_bind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_simple_bind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_sasl_bind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_initial_request Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_new_connection 1 1 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_int_open_connection Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_connect_to_host: TCP localhost:389 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_new_socket: 16 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_prepare_socket: 16 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_connect_to_host: Trying ::1 389 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_pvt_connect: fd: 16 tm: -1 async: 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_open_defconn: successful Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_server_request Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_result ld 0x666a60 msgid -1 Feb 19 17:41:36 sng02 dovecot: auth: Error: wait4msg ld 0x666a60 msgid -1 (timeout 0 usec) Feb 19 17:41:36 sng02 dovecot: auth: Error: wait4msg continue ld 0x666a60 msgid -1 all 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ** ld 0x666a60 Connections: Feb 19 17:41:36 sng02 dovecot: auth: Error: * host: localhost port: 389 (default) Feb 19 17:41:36 sng02 dovecot: auth: Error: refcnt: 2 status: Connected Feb 19 17:41:36 sng02 dovecot: auth: Error: last used: Tue Feb 19 17:41:36 2013 Feb 19 17:41:36 sng02 dovecot: auth: Error: Feb 19 17:41:36 sng02 dovecot: auth: Error: Feb 19 17:41:36 sng02 dovecot: auth: Error: ** ld 0x666a60 Outstanding Requests: Feb 19 17:41:36 sng02 dovecot: auth: Error: * msgid 1, origid 1, status InProgress Feb 19 17:41:36 sng02 dovecot: auth: Error:outstanding referrals 0, parent count 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ld 0x666a60 request count 1 (abandoned 0) Feb 19 17:41:36 sng02 dovecot: auth: Error: ** ld 0x666a60 Response Queue: Feb 19 17:41:36 sng02 dovecot: auth: Error:Empty Feb 19 17:41:36 sng02 dovecot: auth: Error: ld 0x666a60 response count 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_chkResponseList ld 0x666a60 msgid -1 all 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_chkResponseList returns ld 0x666a60 NULL Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_int_select Feb 19 17:41:36 sng02 dovecot: auth: Error:
[Dovecot] Grant access for Unix-User _and_ virtual Users
Hi group, I have installed a postfix as an MTA and configured two "main" domains as well as two virtual mailbox domains. Normal unix users have their maildir in their homes (/home/%u) and the virtual mailboxes are located in /var/mail/vhosts. It works well, I only have a problem configuring dovecot. I wondered if it's possible to configure it in a way that both, unix users and virtual users, can access their mailboxes. I found some tutorials but they either give access to the "normal" unix users or to virtual users who are defined in a text file. Here some system infos: - Ubuntu 12.04.2 LTS (Kernel Version: 3.2.0-23) - Dovecot Version: 2.0.19 Hope you understand my problem. Cheers, Marco PS: It's the very first time I use a mailing list, so I hope you can forgive me possible beginner's mistakes.
Re: [Dovecot] Grant access for Unix-User _and_ virtual Users
Hi,
In Dovecot you configure one or more password databases and one or
more user databases.
s. http://wiki2.dovecot.org/Authentication/MultipleDatabases
that covers system user + virtual users.
Thank you very much. That is exactly that I searched for.
Or you can use the "static" userdb for virtual users and "passwd"
userdb for system users, but place userdb passwd { } before userdb
static { }.
I think the static version is comfortable for me. Thanks again for your
advice.
Later, when you know more about Dovecot, you can make the config more
efficient.
I hope so. This whole mailserver issue is very interesting but also
difficult for beginners.
Cheers, Marco
[BUG] dovecot 2.3.0 - service(lmtp) killed with signal 11 when user is overquota
Hi,
I'm using dovecot 2.3.0 installed on a new CentOS 7.4 with rpm from
Dovecot repo. When I use LMTP to deliver an email to an overquota user,
lmtp service hangs with a segfault:
Jan 17 13:39:45 server-02.example.com kernel: lmtp[5099]: segfault at 0
ip 563599e372c2 sp 7ffeaa4fdc80 error 4 in lmtp[563599e31000+b000]
Jan 17 13:39:45 server-02.example.com dovecot[5089]: lmtp(5099): Fatal:
master: service(lmtp): child 5099 killed with signal 11 (core dumped)
If I try to deliver a mail with 'dovecot-lda' on the same overquota
user, email was rejected, as expected:
Jan 17 13:38:26 server-02.example.com dovecot[6773]:
lda(USERNAME)<6773>: Debug: Mailbox stdin:
Opened mail UID=1 because: copying
Jan 17 13:38:26 server-02.example.com dovecot[6773]:
lda(USERNAME)<6773>: msgid=unspecified: save
failed to INBOX: Quota exceeded (mailbox for user is full)
Jan 17 13:38:26 server-02.example.com dovecot[6773]:
lda(USERNAME)<6773>: msgid=unspecified:
rejected: Quota exceeded (mailbox for user is full)
Jan 17 13:38:26 server-02.example.com dovecot[6773]:
lda(USERNAME)<6773>: msgid=: Return-Path
missing, rejection reason: Quota exceeded (mailbox for user is full)
If user is no more overquota, LTMP delivery works:
Jan 17 14:13:16 server-02.example.com dovecot[8651]:
lmtp(usern...@example.com)<8665>: Debug: Mailbox
: Opened mail UID=1 because: copying
Jan 17 14:13:16 server-02.example.com dovecot[8651]:
lmtp(usern...@example.com)<8665>: Debug: INBOX:
Mailbox opened because: quota count
Jan 17 14:13:16 server-02.example.com dovecot[8651]:
lmtp(usern...@example.com)<8665>: sieve:
msgid=<151619479629.10128.16766154794856971...@client.example.com>:
stored mail into mailbox 'INBOX'
Attached my dovecot configuration and a backtrace from gdb.
Thanks,
Marco
--
#0 lmtp_local_rcpt_reply_overquota (rcpt=rcpt@entry=0x55ee1015b400,
error=0x55ee101835c0 "Quota exceeded (mailbox for user is full)") at
lmtp-local.c:136
address =
lda_set =
#1 0x55ee0dff5652 in lmtp_local_rcpt_check_quota (rcpt=0x55ee1015b400) at
lmtp-local.c:231
box = 0x55ee10176ef8
status = {messages = 0, recent = 0, unseen = 0, uidvalidity = 0,
uidnext = 0, first_unseen_seq = 0, first_recent_uid = 0, last_cached_seq = 0,
highest_modseq = 0,
highest_pvt_modseq = 0, keywords = 0x0, permanent_flags = 0, flags =
0, permanent_keywords = false, allow_new_keywords = false, nonpermanent_modseqs
= false,
no_modseq_tracking = false, have_guids = true, have_save_guids =
true, have_only_guid128 = false}
mail_error = MAIL_ERROR_NOQUOTA
ret =
client =
address = 0x55ee10150770
user = 0x55ee101613e8
ns =
error = 0x55ee101835c0 "Quota exceeded (mailbox for user is full)"
#2 lmtp_local_rcpt_anvil_finish (rcpt=rcpt@entry=0x55ee1015b400) at
lmtp-local.c:287
cmd = 0x55ee10150638
#3 0x55ee0dff5bf8 in lmtp_local_rcpt (client=client@entry=0x55ee10135aa8,
cmd=cmd@entry=0x55ee10150638, data=data@entry=0x55ee10150728,
username=,
detail=0x7f6aa397e4c8 "") at lmtp-local.c:400
conn =
address = 0x55ee10150770
trans =
rcpt = 0x55ee1015b400
input = {parent_event = 0x0, module = 0x55ee0dff7dc3 "lmtp", service =
0x55ee0dff7dc3 "lmtp", username = 0x55ee100f4210 "usern...@example.com",
session_id = 0x55ee10150af0 "pWtqHtE7X1rqEwAASpDaHg",
session_id_prefix = 0x0, session_create_time = 0, local_ip = {family = 2, u =
{ip6 = {__in6_u = {
__u6_addr8 = "\223z\v\205", '\000' ,
__u6_addr16 = {31379, 34059, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {2232122003, 0,
0, 0}}}, ip4 = {
s_addr = 2232122003}}}, remote_ip = {family = 2, u = {ip6 =
{__in6_u = {__u6_addr8 = "\223z\030.", '\000' , __u6_addr16 =
{31379, 11800,
0, 0, 0, 0, 0, 0}, __u6_addr32 = {773356179, 0, 0, 0}}},
ip4 = {s_addr = 773356179}}}, local_port = 24, remote_port = 47292,
userdb_fields = 0x0,
Missing separate debuginfos, use: debuginfo-install
cyrus-sasl-lib-2.1.26-21.el7.x86_64 dovecot-pigeonhole-2.3.0-4.x86_64
glibc-2.17-196.el7_4.2.x86_64 keyutils-libs-1.5.8-3.el7.x86_64
krb5-libs-1.15.1-8.el7.x86_64 libcom_err-1.42.9-10.el7.x86_64
libselinux-2.5-11.el7.x86_64 nspr-4.13.1-1.0.el7_3.x86_64
nss-3.28.4-15.el7_4.x86_64 nss-softokn-freebl-3.28.3-8.el7_4.x86_64
nss-util-3.28.4-3.el7.x86_64 openldap-2.4.44-5.el7.x86_64
openssl-libs-1.0.2k-8.el7.x86_64 pcre-8.32-17.el7.x86_64
zlib-1.2.7-17.el7.x86_64
flags_override_add = (unknown: 0), flags_override_remove = (unknown:
0), no_userdb_lookup = false, debug = false, conn_secured = true,
conn_ssl_secured = false}
service_user = 0x55ee10150dc8
session_id = 0x55ee10150af0 "pWtqHtE7X1rqE
Re: [BUG] dovecot 2.3.0 - service(lmtp) killed with signal 11 when user is overquota
On 2018-01-18 08:01, Aki Tuomi wrote: Hi! This is fixed with https://github.com/dovecot/core/commit/2bf919786518d138cc07d9cc21e14ad5e07e5e56.patch Aki Tuomi yes, it works. Thanks, Marco --
Dovecot 2.3.0, Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL)
Hi at all, I have a RHEL7 server with Dovecot 2.3.0 (new installation). I've a problem when trying to dsync from a Dovecot 2.2.24 server. If I try to sync any user with a folder with ACL, dsycn crash with panic: Source server: dsync-local(USERNAME): Debug: sieve: file storage: sync: Synchronization active dovecot: dsync-local(USERNAME): Debug: acl vfile: reading file /var/spool/mail/U/USERNAME/dovecot-acl dsync-local(USERNAME): Error: read(DEST_SERVER.example.com) failed: EOF (last sent=mail_change (EOL), last recv=mailbox) Destination server: Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL) Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xc8cc4) [0x7fa861bc0cc4] -> /usr/lib64/dovecot/libdovecot.so.0(+0xc8d7e) [0x7fa861bc0d7e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7fa861b34190] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x55cbc) [0x7fa861ec1cbc] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_mailbox_import_attribute+0x4d) [0x55b9d4ce215d] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_sync_mails+0x2ef) [0x55b9d4cddbdf] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_run+0x2b0) [0x55b9d4cd93e0] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x43a10) [0x55b9d4cd9a10] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x5837f) [0x55b9d4cee37f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x28369) [0x55b9d4cbe369] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x29c07) [0x55b9d4cbfc07] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x3f969) [0x55b9d4cd5969] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fa861b56b23] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](main+0x1b6) [0x55b9d4cb0536] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fa861756c05] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x1a5f5) [0x55b9d4cb05f5] Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Fatal: master: service(doveadm): child 2149 killed with signal 6 (core dumped) Coredump and configuration attached. On source server I run this command: # doveadm -D backup -f -u USERNAME -x 'Archives*' tcp:DEST_SERVER.example.com but same panic if try to sync from destination server: # doveadm -D backup -fR -u USERNAME -x 'Archives*' tcp:SOURCE_SERVER.example.com Same panic also syncing any user with acl and using different acl_shared_dict (file or fs:posix) in dovecot configuration. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244 # 2.3.0 (c8b89eb): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.0.1 (d33dca2) # OS: Linux 3.10.0-693.17.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) auth_master_user_separator = * auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = sha1:6 doveadm_password = # hidden, use -P to show it doveadm_port = 26001 first_valid_uid = 200 hostname = server-02.example.com imap_client_workarounds = delay-newmail imapc_features = rfc822.size fetch-headers imapc_host = posta-01.example.com imapc_master_user = dovesuper imapc_password = # hidden, use -P to show it imapc_user = %u lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = Delivered-To listen = * lmtp_hdr_delivery_address = original lmtp_lhlo_dsn = yes lmtp_rcpt_check_quota = yes login_trusted_networks = 10.0.0.172/30 10.0.0.212/30 10.0.0.0/23 mail_fsync = always mail_gid = vmail mail_home = /srv/mail/%1n/%n mail_location = mdbox:~/dbox:
Re: Dovecot 2.3.0, Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL)
Hi, If I downgrade to Dovecot 2.2.33.2, there are no problems to sync users with ACL Thanks, Marco On 2018-02-02 14:39, Marco Giunta wrote: Hi at all, I have a RHEL7 server with Dovecot 2.3.0 (new installation). I've a problem when trying to dsync from a Dovecot 2.2.24 server. If I try to sync any user with a folder with ACL, dsycn crash with panic: Source server: dsync-local(USERNAME): Debug: sieve: file storage: sync: Synchronization active dovecot: dsync-local(USERNAME): Debug: acl vfile: reading file /var/spool/mail/U/USERNAME/dovecot-acl dsync-local(USERNAME): Error: read(DEST_SERVER.example.com) failed: EOF (last sent=mail_change (EOL), last recv=mailbox) Destination server: Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL) Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xc8cc4) [0x7fa861bc0cc4] -> /usr/lib64/dovecot/libdovecot.so.0(+0xc8d7e) [0x7fa861bc0d7e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7fa861b34190] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x55cbc) [0x7fa861ec1cbc] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_mailbox_import_attribute+0x4d) [0x55b9d4ce215d] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_sync_mails+0x2ef) [0x55b9d4cddbdf] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_run+0x2b0) [0x55b9d4cd93e0] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x43a10) [0x55b9d4cd9a10] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x5837f) [0x55b9d4cee37f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x28369) [0x55b9d4cbe369] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x29c07) [0x55b9d4cbfc07] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x3f969) [0x55b9d4cd5969] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fa861b56b23] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](main+0x1b6) [0x55b9d4cb0536] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fa861756c05] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x1a5f5) [0x55b9d4cb05f5] Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Fatal: master: service(doveadm): child 2149 killed with signal 6 (core dumped) Coredump and configuration attached. On source server I run this command: # doveadm -D backup -f -u USERNAME -x 'Archives*' tcp:DEST_SERVER.example.com but same panic if try to sync from destination server: # doveadm -D backup -fR -u USERNAME -x 'Archives*' tcp:SOURCE_SERVER.example.com Same panic also syncing any user with acl and using different acl_shared_dict (file or fs:posix) in dovecot configuration. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Re: Re: Bug in dovecot 2.3 virtual plugin
Hi, did you have time to investigate about 'Panic: file unichar.c' bug ? Because I have the same problem with a 2.3.0 installation without virtual plugin. Thanks, Marco On 2018-01-03 16:52, Aki Tuomi wrote: This is not a bug in virtual plugin, but in some email which contains invalid unicode sequence somehow. Can you send me a core file? This should not have occured ofc but would be nice to know how it ended up here. Aki On January 3, 2018 at 5:35 PM Jakobus Schürz wrote: Hi there! I compiled dovecot 2.3 from git. Because there is already a bug in virtual-plugin, and i hoped, it get fixed... but it doesn't. So this is the error-message from the log Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476>: Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion failed: (uni_is_valid_ucs4(chr)) Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8299eec481] -> /usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0) [0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0) [0x7f8299f5b5e0] -> /usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5) [0x7f8299f5b775] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27) [0x7f82990aeca7] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9) [0x7f82990acc39] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) [0x7f82958e316a] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) [0x7f82958e316a] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e) [0x7f829a2641be] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](+0x2533) [0x562227882533] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f8299f91bf9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f8299f93499] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f8299f91d02] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f8299f91f18] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](main+0xe7) [0x562227881f47] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f8299b352b1] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](_start+0x2a) [0x56222788201a] Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer worker disconnected, discarding 1 requests for jakob Jän 03 16:27:08 aldebaran dovecot[26460]: imap(jakob)<26472>: Error: indexer failed to index mailbox Synoptic/AKTUELL Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476>: Fatal: master: service(indexer-worker): child 26476 killed with signal 6 (core dumps disabled) Jän 03 16:27:09 aldebaran dovecot[26460]: indexer-worker(jakob)<26484>: Error: lucene index /var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes: IndexWriter() failed (#1): Lock obtain timed out Jän 03 16:27:10 aldebaran dovecot[26460]: indexer-worker(jakob)<26484>: Error: Mailbox Synoptic/AKTUELL: Transaction commit failed: BUG: Unknown internal error (attempted to index 1488 messages (UIDs 15214..16775)) Jän 03 16:27:10 aldebaran dovecot[26460]: imap(jakob)<26480>: Error: indexer failed to index mailbox Synoptic/AKTUELL Jän 03 16:27:11 aldebaran dovecot[26460]: imap(jakob)<26472>: Panic: file mail-index.c: line 793 (mail_index_close): assertion failed: (index->open_count > 0) Jän 03 16:27:11 aldebaran dovecot[26460]: imap(jakob)<26472>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fb0fbd3a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fb0fbd3a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fb0fbcac481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8) [0x7fb0fc0d99a8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1) [0x7fb0fc0bf2d1] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363) [0x7fb0fc0bf363] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0x9) [0x7fb0fc0b0f39] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd05a4) [0x7fb0fc0b65a4] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x19) [0x7fb0fc030c99] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xabdc) [0x7fb0f729bbdc] -> /usr/local/lib/dovecot/lib20_virtual_plugin
BUG: panic when using fs:posix as dict for acl_shared_dict
Hi,
I'm using Dovecot 2.2.33.2 on a RHEL 7, new installation. When I use
fs:posix as dict for acl_shared_dict, like in Dovecot wiki
(https://wiki.dovecot.org/SharedMailboxes/ClusterSetup), doveadm-server
crash with error:
# doveadm acl set -u USERNAME FOLDER user=DEST_USERNAME lookup read
write-seen
doveadm(USERNAME): Panic: file dict-fs.c: line 127
(fs_dict_iterate_init): assertion failed: ((flags &
DICT_ITERATE_FLAG_RECURSE) == 0)
doveadm(USERNAME): Error: Raw backtrace:
/usr/lib64/dovecot/libdovecot.so.0(+0x9f3de) [0x7f0e4a4b23de] ->
/usr/lib64/dovecot/libdovecot.so.0(default_fatal_handler+0x2a)
[0x7f0e4a4b244a] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0)
[0x7f0e4a44377c] -> /usr/lib64/dovecot/libdovecot.so.0(+0x31688)
[0x7f0e4a444688] ->
/usr/lib64/dovecot/libdovecot.so.0(dict_iterate_init_multiple+0x4d)
[0x7f0e4a47cadd] ->
/usr/lib64/dovecot/libdovecot.so.0(dict_iterate_init+0x29)
[0x7f0e4a47cb89] ->
/usr/lib64/dovecot/lib01_acl_plugin.so(acl_lookup_dict_rebuild+0x3e1)
[0x7f0e49a40371] ->
/usr/lib64/dovecot/lib01_acl_plugin.so(acl_backend_vfile_acllist_rebuild+0x488)
[0x7f0e49a3dd18] ->
/usr/lib64/dovecot/lib01_acl_plugin.so(acl_backend_vfile_object_update+0x3c7)
[0x7f0e49a3e867] ->
/usr/lib64/dovecot/lib01_acl_plugin.so(acl_mailbox_update_acl+0x68)
[0x7f0e49a41e28] ->
/usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so(+0x2c11)
[0x7f0e48da1c11] ->
/usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so(+0x3060)
[0x7f0e48da2060] -> doveadm(+0x2b41c) [0x556f1280b41c] ->
doveadm(+0x2c01a) [0x556f1280c01a] ->
doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x23b) [0x556f1280ce7b] ->
doveadm(doveadm_cmd_run_ver2+0x50c) [0x556f1281c73c] ->
doveadm(doveadm_cmd_try_run_ver2+0x37) [0x556f1281c7d7] ->
doveadm(main+0x1e4) [0x556f127fb944] ->
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7f0e4a071c05] ->
doveadm(+0x1bd35) [0x556f127fbd35]
Aborted
Attached coredump and configuration.
I'm not a programmer, but seems that assert is raised by
'fs_dict_iterate_init' function inside 'src/lib-dict-extra/dict-fs.c':
static struct dict_iterate_context *
fs_dict_iterate_init(struct dict *_dict, const char *const *paths,
enum dict_iterate_flags flags)
{
...
/* these flags are not supported for now */
i_assert((flags & DICT_ITERATE_FLAG_RECURSE) == 0);
...
because it is called by 'acl_lookup_dict_iterate_read' function in file
'src/plugins/acl/acl-lookup-dict.c'
static void acl_lookup_dict_iterate_read(struct acl_lookup_dict_iter *iter)
{
...
dict_iter = dict_iterate_init(iter->dict->dict, prefix,
DICT_ITERATE_FLAG_RECURSE);
...
with DICT_ITERATE_FLAG_RECURSE set.
Same problem also with Dovecot 2.3.0.
Thanks,
Marco
--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 3.10.0-693.17.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708
(Core)
auth_debug = yes
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = sha1:6
doveadm_password = # hidden, use -P to show it
doveadm_port = 26001
first_valid_uid = 200
hostname = hostname.example.com
imap_client_workarounds = delay-newmail
imapc_features = rfc822.size fetch-headers
imapc_host = hostname.example.com
imapc_master_user = dovesuper
imapc_password = # hidden, use -P to show it
imapc_user = %u
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = Delivered-To
listen = *
lmtp_hdr_delivery_address = original
lmtp_rcpt_check_quota = yes
login_trusted_networks = 10.0.0.0/30 10.0.0.0/30 10.0.0.0/23
mail_fsync = always
mail_gid = vmail
mail_home = /srv/mail/%1n/%n
mail_location =
mdbox:~/dbox:ALT=/srv/archives/%1n/%n/dbox:INDEX=/srv/indexes/%1n/%n:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n
mail_plugins = acl mailbox_alias quota fts fts_solr
mail_prefetch_count = 20
mail_server_admin = mailto:postmas...@example.com
mail_shared_explicit_inbox = yes
mail_uid = vmail
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext vacation-seconds spamtest spamtestplus editheader
imapflags notify
mbox_write_locks = fcntl
mdbox_rotate_interval = 1 days
mdbox_rotate_size = 64 M
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Archives {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mail
Re: BUG: panic when using fs:posix as dict for acl_shared_dict
On 2018-02-07 13:23, Aki Tuomi wrote: Maybe you can use sqlite3 instead as workaround? Ok, I try it and let you know. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Re: BUG: panic when using fs:posix as dict for acl_shared_dict
On 2018-02-07 13:23, Aki Tuomi wrote: Maybe you can use sqlite3 instead as workaround? Ok, I've done what you suggested; I had some permissions problems on sqlite file/directory, but now it seems to work. Thanks for your advice, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
deny passdb match messages logged only with auth_verbose=yes
Hi at all, using deny passwd to restrict IMAP/POP3 access (https://wiki.dovecot.org/Authentication/RestrictAccess), I get deny passdb match messages: Feb 13 16:09:33 server-02 dovecot: auth: passwd-file(USERNAME,10.10.10.46,<9hzaYRllbsCTehgu>): User found from deny passdb only with auth_verbose=yes, sets global or defined in passdb block. But if I set auth_verbose=yes, for every user not present in passwd-file, Dovecot logs: Feb 13 16:09:57 server-02 dovecot: auth: passwd-file(USERNAME,10.10.10.46,<9hzaYRllbsCTehgu>): unknown user I know that if the account does not exist in the first passdb (deny passdb), then the error occur, even if it exists in the other passdb. This is normal, but auth_verbose shouldn't be used only to " Log unsuccessful authentication attempts and the reasons why they failed." ?? Again, I'm not a programmer, but 'auth_request_log_info' function in 'https://github.com/dovecot/core/blob/release-2.2.33/src/auth/auth-request.c' seems to log events only when 'auth_verbose=yes'. Is there another way to get deny passdb match messages, without enable verbose log ? Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
BUG: Error: dovecot.index.pvt reset, view is now inconsistent when shared folder is new and empty
Hi,
I'm using Dovecot 2.2.33.2 on a RHEL 7, new installation. My log is full
of :
Error: INDEX_FOLDER/dovecot.index.pvt reset, view is now inconsistent
or
Error: INDEX_FOLDER/dovecot.index.pvt view is inconsistent
when shared folder is never touched and empty.
UserA share X folder with UserB, if X folder is new (never
touched) and empty every time UserB looks in that folder, an error
appears in log file. If UserA copy a mail in X folder, no more
errors. If UserA (or UserB) delete all mails in X folder (the folder
is empty again), no more errors.
So the errors appear when UserB access a new (never touched) shared
empty folder; if the folder is empty, but not new (p.e. UserA has
already copied and deleted mails in that folder) error is logged only once.
Attached my configuration.
Thanks,
Marco
--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 3.10.0-693.17.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708
(Core)
auth_debug = yes
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = sha1:6
doveadm_password = # hidden, use -P to show it
doveadm_port = 26001
first_valid_uid = 200
hostname = hostname.example.com
imap_client_workarounds = delay-newmail
imapc_features = rfc822.size fetch-headers
imapc_host = hostname.example.com
imapc_master_user = dovesuper
imapc_password = # hidden, use -P to show it
imapc_user = %u
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = Delivered-To
listen = *
lmtp_hdr_delivery_address = original
lmtp_rcpt_check_quota = yes
login_trusted_networks = 10.0.0.0/30 10.0.0.0/30 10.0.0.0/23
mail_fsync = always
mail_gid = vmail
mail_home = /srv/mail/%1n/%n
mail_location =
mdbox:~/dbox:ALT=/srv/archives/%1n/%n/dbox:INDEX=/srv/indexes/%1n/%n:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n
mail_plugins = acl mailbox_alias quota fts fts_solr
mail_prefetch_count = 20
mail_server_admin = mailto:postmas...@example.com
mail_shared_explicit_inbox = yes
mail_uid = vmail
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext vacation-seconds spamtest spamtestplus editheader
imapflags notify
mbox_write_locks = fcntl
mdbox_rotate_interval = 1 days
mdbox_rotate_size = 64 M
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Archives {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
}
namespace others {
list = children
location =
mdbox:%%h/dbox:ALT=/srv/archives/%%1n/%%n/dbox:INDEX=/srv/indexes/%%1n/%%n:INDEXPVT=/srv/indexes/%1n/%n/shared/%%n:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n/shared/%%n
prefix = Other Users/%%n/
separator = /
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/passwd.masterusers
default_fields = userdb_master_user=%{login_user}
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.masterusers.acl
default_fields = userdb_acl_defaults_from_inbox=yes
userdb_mail=mdbox:/srv/mail/%1{login_user}/%{login_user}/dbox:ALT=/srv/archives/%1{login_user}/%{login_user}/dbox:INDEX=/srv/indexes/%1{login_user}/%{login_user}:INDEXPVT=/srv/indexes/%1n/%n/master/%{login_user}:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n/master/%{login_user}
driver = ldap
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.masterusers.noacl
default_fields = userdb_master_user=%{login_user}
userdb_mail=mdbox:/srv/mail/%1{login_user}/%{login_user}/dbox:ALT=/srv/archives/%1{login_user}/%{login_user}/dbox:INDEX=/srv/indexes/%1{login_user}/%{login_user}:INDEXPVT=/srv/indexes/%1n/%n/master/%{login_user}:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n/master/%{login_user}
driver = ldap
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile:/srv/shared/dovecot/global-acls:cache_secs=300
acl_shared_dict = fs:posix:prefix=/srv/shared/dovecot/shared-acls/
fts = solr
fts_autoindex = yes
fts_autoindex_max_recent_msgs = 20
fts_index_timeout = 60
fts_solr = url=http://localhost:8983/solr/dovecot/
last_login_dict = fs:posix:prefix=~/
last_login_key = lastlogin
mail_log_events = delete undelete expunge copy mailbox_d
Re: dovecot.index.pvt reset, view is now inconsistent
Fun, I didn't read your message yesterday, but today I send an email like yours !!! Cheers, Marco On 2018-02-27 19:02, Rupert Gallagher wrote: Problem solved by going in manually. The log message appears for empty "public" folders. Say, you have a folder X with subfolder Y, where X does not contain any e-mail. The log message disappears if you drop an email into X, then remove it. Puf, gone! So, there seems to be a baby bug in how dovecot manages the index in this case. -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Re: Shared mailboxes, index files and 'per-user-seen' flags
Hi Thomas,
it is a known problem:
https://www.dovecot.org/pipermail/dovecot/2018-February/111057.html
Try the solution suggested in above mail; it works for me.
Thanks,
Marco
On 2018-06-06 13:53, Thomas Robers wrote:
> Hello,
>
> i have a dovecot server version 2.3.1 under CentOS 6.9 and we're
> using shared mailboxes with index files shared. With this configuration
> I can see a lot of error messages like:
>
> Jun 6 13:20:31 mail dovecot: Error: imap(us...@tutech.de)<4513>
> : /export/home/imap/us...@tutech.de/shared
> /us...@tutech.de/folder/dovecot.index.pvt view is inconsistent
>
> In 10-mail.conf the location setting is:
>
> location = maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u
>
> I thought setting the index files to "not shared" might help to
> get rid of the errors, so I changed the setting to:
>
> location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:INDEXPVT=%h
> /shared/%%u
>
> like it's mentioned in the Dovecot wiki. But that doesn't work as
> I expected, because the 'per-user-seen' flags do not work correctly
> anymore, i think. If UserA, who has UserB as shared mailbox,
> changes the seen flags of UserBs INBOX, UserBs seen flags are also
> changed. The other way, if UserB changes seen flags in his INBOX
> they are not changed in the shared view of UserA. Is this the
> supposed way to work or do i have an error in the configuration?
>
> Any help is appreciated.
>
> Thanks, Thomas.
>
> Here's my currently used configuration:
>
> # 2.3.1 (c5a5c0c82): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.devel (61b47828)
> # OS: Linux 2.6.32-696.23.1.el6.x86_64 x86_64 CentOS release 6.9 (Final)
> ext4
> # Hostname: mail.tutech.de
> auth_master_user_separator = *
> auth_mechanisms = plain login
> auth_verbose = yes
> disable_plaintext_auth = no
> doveadm_password = # hidden, use -P to show it
> doveadm_port = 12345
> imap_max_line_length = 2 M
> mail_debug = yes
> mail_location = maildir:/export/home/imap/%Lu/Maildir
> mail_plugins = acl zlib mail_log notify
> mail_prefetch_count = 1
> mailbox_idle_check_interval = 10 secs
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart
> extracttext
> namespace {
> hidden = no
> ignore_on_failure = no
> inbox = no
> list = children
> location = maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u
> prefix = shared/%%u/
> separator = /
> subscriptions = yes
> type = shared
> }
> namespace inbox {
> hidden = no
> inbox = yes
> list = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix = INBOX/
> separator = /
> type = private
> }
>
> passdb {
> args = /etc/dovecot/master-users
> driver = passwd-file
> master = yes
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> plugin {
> acl = vfile:/etc/dovecot/global-acls:cache_secs=300
> acl_shared_dict = file:/export/home/shared-db/shared-mailboxes
> mail_log_events = append delete undelete expunge copy mailbox_delete
> mailbox_rename flag_change
> mail_log_fields = uid box msgid size from flags
> mail_replica = tcp:mail2.tutech.de
> sieve = ~/.dovecot.sieve
> sieve_dir = ~/sieve
> sieve_global = /var/lib/dovecot/sieve/global/
> sieve_user_log = ~/.dovecot.sieve.log
> zlib_save = gz
> zlib_save_level = 6
> }
> protocols = imap pop3 lmtp sieve sieve
> service aggregator {
> fifo_listener replication-notify-fifo {
> mode = 0666
> user = vmail
> }
> unix_listener replication-notify {
> mode = 0666
> user = vmail
> }
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> mode = 0666
> }
> unix_listener auth-userdb {
> group = vmail
> mode = 0660
> user = vmail
> }
> }
> service config {
> unix_listener config {
> user = vmail
> }
> }
> service doveadm {
> inet_listener {
> port = 12345
> }
> user = vmail
> }
> service imap-login {
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> process_limit = 500
> pr
Re: Set X-Original-To based an ORCPT?
Hi,
to get a 'Delivered-to' header based on ORCPT, I wrote a patch
(attached) to force Dovecot lmtp to advertise DSN after a LHLO command.
In this way, Postfix add an ORCPT to the RCTP command
(http://postfix.1071664.n5.nabble.com/pipe-flags-vs-lmtp-td11587.html#a11596).
Be carefully: in this way DSN notification is broken, but they were
broken in any case at the time I wrote the patch (read the entire post
linked above).
The first patch is for Dovecot 2.2.x: after apply, you cannot disable
the DSN advertisement. The other is for Dovecot 2.3.0: you can
enable/disable the advertisement using the new bool parameter
'lmtp_lhlo_dsn'.
I'm using it for the past two years, without any problem.
Thanks,
Marco
On 2018-08-07 11:48, Tom Sommer wrote:
> On 2015-09-02 22:01, Peer Heinlein wrote:
>> Since
>>
>> http://dovecot.org/pipermail/dovecot-cvs/2014-November/025241.html
>>
>> Dovecot's LMTP does support ORCPT.
>>
>> Is it possible to set X-Original-To-Header based on that ORCPT?
>
> Any news or response on this? I too am in need of this header being
> passed and saved correctly.
>
> Thanks.
>
> --
> Tom
>
--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244
--- dovecot-2.2.24/src/lmtp/commands.c.orig 2016-04-26 15:01:21.0 +0200
+++ dovecot-2.2.24/src/lmtp/commands.c 2017-02-16 16:01:39.091220376 +0100
@@ -82,7 +82,8 @@
client_send_line(client, "250-XCLIENT ADDR PORT TTL TIMEOUT");
client_send_line(client, "250-8BITMIME");
client_send_line(client, "250-ENHANCEDSTATUSCODES");
- client_send_line(client, "250 PIPELINING");
+ client_send_line(client, "250-PIPELINING");
+ client_send_line(client, "250 DSN");
i_free(client->lhlo);
client->lhlo = i_strdup(str_c(domain));
@@ -200,6 +201,11 @@
client->state.mail_body_7bit = TRUE;
else if (strcasecmp(*argv, "BODY=8BITMIME") == 0)
client->state.mail_body_8bitmime = TRUE;
+ /* Skip unsupported DSN parameters */
+ else if (strncasecmp(*argv, "RET=", 4) == 0)
+ continue;
+ else if (strncasecmp(*argv, "ENVID=", 6) == 0)
+ continue;
else {
client_send_line(client,
"501 5.5.4 Unsupported options");
@@ -638,9 +644,12 @@
argv = t_strsplit(params, " ");
for (; *argv != NULL; argv++) {
- if (strncasecmp(*argv, "ORCPT=", 6) == 0) {
+ if (strncasecmp(*argv, "ORCPT=", 6) == 0)
rcpt->params.dsn_orcpt = parse_xtext(client, *argv + 6);
- } else {
+ /* Skip unsupported DSN parameter */
+ else if (strncasecmp(*argv, "NOTIFY=", 7) == 0)
+ continue;
+ else {
client_send_line(client, "501 5.5.4 Unsupported options");
return 0;
}
diff -up dovecot-2.3.0/src/lmtp/client.c.orig dovecot-2.3.0/src/lmtp/client.c
--- dovecot-2.3.0/src/lmtp/client.c.orig 2018-01-05 07:45:36.0 +0100
+++ dovecot-2.3.0/src/lmtp/client.c 2018-01-16 08:55:49.437006465 +0100
@@ -151,6 +151,8 @@ struct client *client_create(int fd_in,
SMTP_CAPABILITY_ENHANCEDSTATUSCODES |
SMTP_CAPABILITY_8BITMIME |
SMTP_CAPABILITY_CHUNKING;
+ if (client->lmtp_set->lmtp_lhlo_dsn)
+ lmtp_set.capabilities |= SMTP_CAPABILITY_DSN;
if (!conn->ssl && master_service_ssl_is_enabled(master_service))
lmtp_set.capabilities |= SMTP_CAPABILITY_STARTTLS;
lmtp_set.hostname = client->unexpanded_lda_set->hostname;
diff -up dovecot-2.3.0/src/lmtp/lmtp-settings.c.orig dovecot-2.3.0/src/lmtp/lmtp-settings.c
--- dovecot-2.3.0/src/lmtp/lmtp-settings.c.orig 2018-01-05 07:45:36.0 +0100
+++ dovecot-2.3.0/src/lmtp/lmtp-settings.c 2018-01-16 08:53:13.513920390 +0100
@@ -62,6 +62,7 @@ static const struct setting_define lmtp_
DEF(SET_BOOL, lmtp_proxy),
DEF(SET_BOOL, lmtp_save_to_detail_mailbox),
DEF(SET_BOOL, lmtp_rcpt_check_quota),
+ DEF(SET_BOOL, lmtp_lhlo_dsn),
DEF(SET_UINT, lmtp_user_concurrency_limit),
DEF(SET_ENUM, lmtp_hdr_delivery_address),
DEF(SET_STR_VARS, login_greeting),
@@ -74,6 +75,7 @@ static const struct lmtp_settings lmtp_d
.lmtp_proxy = FALSE,
.lmtp_save_to_detail_mailbox = FALSE,
.lmtp_rcpt_check_quota = FALSE,
+ .lmtp_lhlo_dsn = FALSE,
.lmtp_user_concurrency_limit = 0,
.lmtp_hdr_delivery_address = "final:none:original",
.login_greeting = PACKAGE_NAME" ready.",
diff -up dovecot-2.3.0/src/lmtp/lmtp-settings.h.orig dovecot-2.3.0/src/lmtp/lmtp-settings.h
--- dovecot-2.3.0/src/lmtp/lmtp-settings.h.orig 2018-01-05 07:45:36.0 +0100
+++ dovecot-2.3.0/src/lmtp/lmtp-settings.h 2018-01-16 08:57:18.505887547 +0100
@@ -16,6 +16,7 @@ struct lmtp_settings {
bool lmtp_proxy;
bool lmtp_save_to_detail_mailbox;
bool lmtp_rcpt_check_quota;
+ bool lmtp_lhlo_dsn;
unsigned int lmtp_user_concurrency_limit;
const char *lmtp_hdr_delivery_address;
const char *login_greeting;
"no shared cypher", no matter what I try
Greetings,
I have had to reinstall my email server on another Linux (centos 7.6)
VPS, with a newer version of dovecot, other software and a brand new
letsencrypt certificate just for email withpostfix and dovecot (that
certificate works fine with postfix). Output of dovecot --version and
dovecot -n on the new server is below.
Now, messages ARE delivered in the right IMAP mailboxes, but when I
try to connect with Mutt from my home computer, mutt says, before
prompting for a password:
gnutls_handshake: A TLS fatal alert has been received.(Handshake failed)
the corresponding output of dovecot in /var/log/maillog is below. The
gist of it **seems** to me to be the "no shared cipher" part, but I
may be wrong. In any case, I have already tried to search online for
that string, and other relevant parts of the log, without success. All
I have found is suggestions to change the values of ssl_protocols
and/or ssl_cipher_list to some non-default value, but I have tried all
those tips without success. Current values of those variables are
these:
grep -v ^# /etc/dovecot/conf.d/10-ssl.conf
ssl_cert = ,
rip=47.53.159.60, lip=116.202.20.216, TLS handshaking: SSL_accept()
failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
cipher, session=
Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Loading modules
from directory: /usr/lib64/dovecot/auth
Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Read auth token
secret from /var/run/dovecot/auth-token-secret.dat
Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: passwd-file
/etc/imap.v_users: Read 1 users in 0 secs
#
dovecot --version
2.2.36 (1f10bfa63)
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release
7.6.1810 (Core) ext4
# Hostname: MYSERVERNAME
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
mail_location = maildir:/var/mail//base/
passdb {
args = /etc/imap.v_users
driver = passwd-file
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
ssl = required
userdb {
args = /etc/imap.v_users
driver = passwd-file
}
verbose_ssl = yes
Re: "no shared cypher", no matter what I try
hello, and some update
short version: the error is still there, but I have some more data to
share, thanks in advance for further advice
first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is
not an obsolete version.
second... at the moment I can send email through postfix on the same
server, with the
same certificates (almost: I still have to fix some stuff, but is NOT
related to SSL/TLS, e.g
reverse DNS).
However, running openssl as requested returns "no peer certificate
available", and when
I connect with mutt to dovecot I still get the "no shared cipher"
error. These are the permissions
on the certificate files:
ls -l /etc/letsencrypt/archive//fullchain1.pem
/etc/letsencrypt/archive//privkey1.pem
-r. 1 root root 3546 Dec 7 11:59
/etc/letsencrypt/archive//fullchain1.pem
-r. 1 root root 1704 Dec 7 11:59
/etc/letsencrypt/archive//privkey1.pem
output of openssl, dovecot -n, its current SSL settings and excerpt of
the log file are all below.
openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993
CONNECTED(0003)
140141825717912:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher:
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1544521696
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
current SSL dovecot settings in conf.d/10-ssl.conf
ssl = yes
ssl_prefer_server_ciphers = yes
ssl_dh_parameters_length = 2048
sl_min_protocol = TLSv1.2
ssl_cert = /fullchain1.pem
ssl_key = /privkey1.pem
ssl_cipher_list = ALL
output of dovecot -n:
# OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release
7.6.1810 (Core) ext4
# Hostname: SERVER NAME
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
mail_location = maildir:/var/mail/mymail_storage/base/
passdb {
args = /etc/imap.v_users
driver = passwd-file
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
ssl = required
userdb {
args = /etc/imap.v_users
driver = passwd-file
}
verbose_ssl = yes
this is the error message I get by when I tried to connect with mutt:
Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63)
starting up for imap, pop3, lmtp (core dumps disabled)
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10,
ret=1: before/accept initialization [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: before/accept initialization [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv2/v3 read client hello A
[my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert:
where=0x4008, ret=552: fatal handshake failure [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error:
SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected
(disconnected before auth was ready, waited 0 secs): user=<>,
rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands
haking: SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared cipher,
session=
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret
from /var/run/dovecot/auth-token-secret.dat
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file
/etc/imap.v_users: Read 1 users in 0 secs
Re: "no shared cypher", no matter what I try
Hello Aki,
maybe I misunderstood you, but both adding an "ssl = yes" line to this
section of dovecot.conf, and commenting out the whole "four lines
starting at "inet_listener imaps" do not have any effect :
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
this is the error I still get after restarting dovecot, and trying
again to connect with mutt:
ogin: Debug: SSL: where=0x10, ret=1: before/accept initialization
[my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: before/accept initialization [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv2/v3 read client hello A
[my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Warning: SSL alert:
where=0x4008, ret=552: fatal handshake failure [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL error:
SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared cipher
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Disconnected
(disconnected before auth was ready, waited 0 secs): user=<>,
rip=my.home.ip.address, lip=server.ip.address, TLS handshaking:
SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared cipher,
session=
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Read auth token
secret from /var/run/dovecot/auth-token-secret.dat
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: passwd-file
/etc/imap.v_users: Read 1 users
Il giorno mar 11 dic 2018 alle ore 11:01 Aki Tuomi
ha scritto:
>
> Hi!
>
> You have misconfigured service imap-login, remove the 993 listener
> config (it's there by default) or add ssl = yes to it.
>
> Aki
>
> On 11.12.2018 11.58, Marco Fioretti wrote:
> > hello, and some update
> > short version: the error is still there, but I have some more data to
> > share, thanks in advance for further advice
> >
> > first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is
> > not an obsolete version.
> > second... at the moment I can send email through postfix on the same
> > server, with the
> > same certificates (almost: I still have to fix some stuff, but is NOT
> > related to SSL/TLS, e.g
> > reverse DNS).
> >
> > However, running openssl as requested returns "no peer certificate
> > available", and when
> > I connect with mutt to dovecot I still get the "no shared cipher"
> > error. These are the permissions
> > on the certificate files:
> >
> > ls -l /etc/letsencrypt/archive//fullchain1.pem
> > /etc/letsencrypt/archive//privkey1.pem
> > -r. 1 root root 3546 Dec 7 11:59
> > /etc/letsencrypt/archive//fullchain1.pem
> > -r. 1 root root 1704 Dec 7 11:59
> > /etc/letsencrypt/archive//privkey1.pem
> >
> > output of openssl, dovecot -n, its current SSL settings and excerpt of
> > the log file are all below.
> >
> > openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993
> > CONNECTED(0003)
> > 140141825717912:error:14077410:SSL
> > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> > failure:s23_clnt.c:769:
> > ---
> > no peer certificate available
> > ---
> > No client certificate CA names sent
> > ---
> > SSL handshake has read 7 bytes and written 305 bytes
> > ---
> > New, (NONE), Cipher is (NONE)
> > Secure Renegotiation IS NOT supported
> > Compression: NONE
> > Expansion: NONE
> > No ALPN negotiated
> > SSL-Session:
> > Protocol : TLSv1.2
> > Cipher:
> > Session-ID:
> > Session-ID-ctx:
> > Master-Key:
> > Key-Arg : None
> > PSK identity: None
> > PSK identity hint: None
> > SRP username: None
> > Start Time: 1544521696
> > Timeout : 300 (sec)
> > Verify return code: 0 (ok)
> > ---
> >
> > current SSL dovecot settings in conf.d/10-ssl.conf
> >
> > ssl = yes
> >
> > ssl_prefer_server_ciphers = yes
> >
> > ssl_dh_parameters_length = 2048
> >
> > sl_min_pr
Re: "no shared cypher", no matter what I try
The problem is solved, thanks to Aki. I was missing the "include" directive in dovecot.conf, because it was not needed in the dovecot version I was using previously. Now I have a related question, and... another problem :-) The question: what is a safer/more sensible value for ssl_cipher_list than the current "ALL"? The problem: now that I can login, a permission/ownership problem came out. In the old server, the mailboxes were owned by user mail_manager, group mail_management In the new server I recreated those users, copied the mailboxes as they were. Postfix / procmail are using that userid, and can write successfully to the mailboxes. Dovecot, instead, cannot. Even if I added the dovecot user to the mail_management group, it keeps generating plenty of errors like this Dec 11 12:34:13 SERVERNAME dovecot: imap(USERNAME): Error: file_dotlock_create(/var/mail/mymail_storage/base/.archive.2018.12/dovecot-uidlist) failed: Permission denied (euid=5000() egid=5000(mail_management) missing +w perm: /var/mail/mymail_storage/base/.archive.2018.12, dir owned by 1001:5000 mode=0755) of course it cannot create the log file because the owner is the mail_manager user (euid 5000) so the question is: what is the good/best practice now? Make dovecot run as user mail_manager? And if yes, how? Or should I change the permissions of all the mailboxes and mail files with chmod -r 775 ? Thanks, Marco
dovecot user id and mail folder permissions, was "no shared cipher"
Greetings, I thought it may be better to start a separate thread now that the cipher problem is solved. Background: I have had to recreate from scratch, and without notice, a working server to a new VPS, with different versions of dovecot and other software. Now I am having problems with accessing the imap folders from home. Now I have postfix/procmail successfully delivering email to the right IMAP folders. Problem is, postfix/procmail run as user mail_manager, group mail_management, and the permissions on those folders are currently all set to 755. The consequence is that dovecot, running as user "dovecot", extra group mail_management, cannot modify those folders and their indexes. What is the best/safest configuration in these cases? 1) run dovecot too as user "mail_manager"? (if yes, how, with dovecot 2.2.36?) 2) recursively change permissions of ALL the mail folders and files to 775? 3) both 1) and 2) ? 4) other (e.g. certain permissions for folders, others for specific files? Thanks in advance for any advice! Marco
connection closes every 10 minutes
Greetings, I use mutt on Ubuntu to access my IMAP mailboxes, on my Centos email server that runs dovecot. Everything has worked without problems for years. About one week ago, the connection between mutt and dovecot became unstable. Before, I could leave mutt connected for days in a row, no problem. Now, everything still works fine, except... I get every ten minutes I get "connection timed out" in Mutt's status line, and hundreds of messages like Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 out=757 what puzzles me is that I did not touch anything both on my server and on my desktop, except an "apt-get update" some days before this started. But cannot see how it would be related anyway, nor have I found anything online like this. Any help to understand what happened and fix it is very welcome. Marco
connection closed every ten minutes
Greetings, I use mutt on Ubuntu to access my IMAP mailboxes, on my Centos email server that runs dovecot. Everything has worked without problems for years. About one week ago, the connection between mutt and dovecot became unstable. Before, I could leave mutt connected for days in a row, no problem. Now, everything still works fine, except... I get every ten minutes I get "connection timed out" in Mutt's status line, and hundreds of messages like Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 out=757 what puzzles me is that I did not touch anything both on my server and on my desktop, except an "apt-get update" some days before this started. But cannot see how it would be related anyway, nor have I found anything online like this. Any help to understand what happened and fix it is very welcome. Marco
Re: connection closes every 10 minutes
update on this: to make a long story short 1) I did run mutt with debug enabled , but could not recognize anything useful 2) I had the same problem with mutt from my laptop 3) a few days ago I received a new modem from my ISP, as part of their network upgrade operations 4) more or less in the same moment the problem I reported here disappeared. Now mutt stays connected even 24 hours without losing connection. I am NOT 100% sure that the problem disappeared AFTER the change of modem. That happened during a few chaotic days, both work- and family-wise, so I did not take notes. And modems may have nothing to do at all with the disconnections. But now the problem is not there anymore, I have no clue what may have happened, and if anybody can guess... thanks in advance. Il giorno lun 12 apr 2021 alle ore 16:47 Marco Fioretti ha scritto: > > Greetings, > > I use mutt on Ubuntu to access my IMAP mailboxes, on my Centos email > server that runs dovecot. Everything has worked without problems for > years. About one week ago, the connection between mutt and dovecot > became unstable. > > Before, I could leave mutt connected for days in a row, no problem. > Now, everything still works fine, except... I get every ten minutes I > get "connection timed out" in Mutt's status line, and hundreds of > messages like > > Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 > out=757 > > what puzzles me is that I did not touch anything both on my server and > on my desktop, except an "apt-get update" some days before this > started. > > But cannot see how it would be related anyway, nor have I found > anything online like this. > > Any help to understand what happened and fix it is very welcome. > > Marco
Re: connection closes every 10 minutes
Hi, I honestly don't know if the old modem had an integrated router, and I have already disposed of it. What I am sure of is that I had NOT changed anything in its settings for many months, if not years, and everything was working without problems until a few weeks ago, when I posted here. Marco Il giorno mar 27 apr 2021 alle ore 23:49 Joseph Tam ha scritto: > > On Mon, 26 Apr 2021, Marco Fioretti wrote: > > > 3) a few days ago I received a new modem from my ISP, as part of their > > network upgrade operations > > > > 4) more or less in the same moment the problem I reported here > > disappeared. Now mutt stays connected even 24 hours without losing > > connection. > > > > I am NOT 100% sure that the problem disappeared AFTER the change of > > modem. That happened during a few chaotic days, both work- and > > family-wise, so I did not take notes. And modems may have nothing to > > do at all with the disconnections. But now the problem is not there > > anymore, I have no clue what may have happened, and if anybody can > > guess... thanks in advance. > > Does this modem also have an integrated router? These units tend to > act as NAT gateways/firewalls that keep track of "active" sessions by > tracking external/interface NAT address mappings. Cheap or older one > could have TTL on these entries i.e. if no traffic is detected within > a time window, it is discarded, and appearing as if the endpoints had > disconnected. I guess it could also happen if the state tracking > tables has limited memory and your internal network is busy, like a family > member opening up a P2P application. > > Just a hypothesis. > > >> Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 > >> out=757 > > However, my hypothesis wouldn't produce this. This is a active > logout. > > Joseph Tam
Correct procedure to convert Maildir format to Mdbox
Hi, I need to migrate mail from a shared hosting that stores mail in the Maildir format to another one that uses the Mdbox format. Both hosts use Dovecot, though I don't know what version, because neither has Dovecot command line/ssh utilities available. So I installed Debian 10.9 + Dovecot-imapd (ver.2.3.4.1 stable), then in "/etc/dovecot/conf.d/10-mail.conf" I changed "mail_location = mbox:~/mail:INBOX=/var/mail/%u" to "mail_location = mdbox:~/mdbox" and "#separator =" to "separator = /" . I moved the contents of the folder containing the mail in Maildir format to ~/Maildir/ and then I ran "dsync -v -u user mirror maildir:~/Maildir/". The only users on the system are root and a limited priviledges user, but on the Debian server I didn't recreate any mail account/user that existed on the source server. The conversion command is executed without showing errors: the resulting ~/mdbox folder has a size of 370 MB while the ~/Maildir/ folder was 456 MB. I would like to know if the procedure I followed is correct and if the absence of errors when the command is executed means that the conversion was successful, or if I need to do some other test/check to make sure the whole conversion process is ok. Thank you.
Maildir to Mdbox and folder structure after the conversion
Using the dsync command I've converted a Dovecot mail folder from Maildir to Mdbox format. (see https://dovecot.org/pipermail/dovecot/2021-June/122304.html) The folder resulting from the conversion (see https://pastebin.com/6U4CDTQi ), however, has a completely different directory structure from the one used by the destination server where it will be transferred (see https://pastebin.com/nMEvqmqp ) What do I have to do to make the folder obtained after the conversion have a directory structure identical to the one used by the destination server ? Thank You.
Re: Maildir to Mdbox and folder structure after the conversion
Il mercoledì 9 giugno 2021, 13:37:51 CEST, Aki Tuomi ha scritto: Maildir and mdbox have different directory structure. You cannot get them to be identical. Aki Yes I know, but the directory structure of the two pastebin links are both in Mdbox format ! What can be the cause of the different directory structure: a different version of Mdbox format or a different server configuration ?
Re: Maildir to Mdbox and folder structure after the conversion
Il giovedì 10 giugno 2021, 13:12:09 CEST, Josef 'Jeff' Sipek ha scritto: If I'm understanding you correctly, it looks like you have a different mail_location set on the two servers. In one case it appears to have a mail// sort of format, and on the other... well, I have no idea but it looks like it is only mail/ or something similarly incorrect :) Exactly, the different structure seems to be due to a different configuration of the mail servers. In the end, having no experience with Dovecot and its migration utilities, I found it much easier to use Imapsync.
sharing INBOX with ACL -> share all folders
Hi at all,
I have a problem with ACL; I want to share INBOX and Sent folder to an
other user, but when I configure ACL on INBOX, all folders are shared
(Sent, Junk, Draft, Trash, etc)
# doveadm acl get -u janedoe INBOX
ID Global Rights
user=johndoeexpunge insert lookup post read write write-deleted
write-seen
# doveadm acl get -u janedoe Sent
ID Global Rights
user=johndoeexpunge insert lookup post read write write-deleted
write-seen
# doveadm acl get -u janedoe Trash
ID Global Rights
# doveadm acl get -u janedoe Drafts
ID Global Rights
# doveadm acl get -u janedoe Junk
ID Global Rights
# doveadm mailbox list -u johndoe
Trash
Junk
Drafts
Sent
Archives
Archives.2015
Other Users
Other Users.janedoe
Other Users.janedoe.Junk
Other Users.janedoe.Drafts
Other Users.janedoe.Sent
Other Users.janedoe.Trash
Other Users.janedoe.INBOX
INBOX
If I remove the INBOX ACL, only 'Sent' folder is shared, as expected:
# doveadm acl delete -u janedoe INBOX johndoe
# doveadm mailbox list -u provahe
Trash
Trash.saved-messages
Junk
Drafts
Sent
INBOX_spam
Archives
Archives.2015
Archives.2015.INBOX_spam
Other Users
Other Users.janedoe
Other Users.janedoe.Sent
INBOX
My Dovecot instance use a single user, and all my mailboxes use standard
maildir files:
drwx-- 9 vmail mail0 Jul 28 10:59 .
drwx-- 12 vmail mail 3864 Jul 28 09:39 ..
drwx-- 2 vmail mail0 Jul 28 09:51 cur
-rw--- 1 vmail mail0 Jul 28 10:59 dovecot-acl
-rw--- 1 vmail mail 16 Jul 28 10:59 dovecot-acl-list
-rw--- 1 vmail mail 1448 Jul 28 09:51 dovecot.index.cache
-rw--- 1 vmail mail 1016 Jul 28 09:52 dovecot.index.log
-rw--- 1 vmail mail 113 Jul 28 09:51 dovecot-uidlist
-rw--- 1 vmail mail8 Jul 28 09:39 dovecot-uidvalidity
-r--r--r-- 1 vmail mail0 Jul 28 09:39 dovecot-uidvalidity.55b731ac
drwx-- 5 vmail mail0 Jul 28 09:39 .Drafts
lrwxrwxrwx 1 vmail mail5 Jul 28 09:39 .INBOX_spam -> .Junk
drwx-- 5 vmail mail0 Jul 28 09:39 .Junk
-rw--- 1 vmail mail 16 Jul 28 09:39 maildirsize
drwx-- 2 vmail mail0 Jul 28 09:51 new
drwx-- 5 vmail mail0 Jul 28 09:50 .Sent
-rw--- 1 vmail mail 37 Jul 28 09:39 subscriptions
drwx-- 2 vmail mail0 Jul 28 09:51 tmp
drwx-- 5 vmail mail0 Jul 28 09:39 .Trash
any clue to solve my problem ?? I've already try to play with
'acl_defaults_from_inbox' setting, but no way ..
Thank you,
Marco
# 2.2.15: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.6 (3e924b1b6c5c+)
# OS: Linux 2.6.18-400.1.1.el5 x86_64 Red Hat Enterprise Linux Server
auth_master_user_separator = *
auth_mechanisms = plain login
disable_plaintext_auth = no
doveadm_password =
doveadm_port = 12345
first_valid_uid = 200
hostname = xxx.sissa.it
imap_client_workarounds = delay-newmail
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = X-Original-To
listen = *
login_log_format_elements = user=<%u> PID=%p method=%m rip=%r lip=%l %c
login_trusted_networks = XXX.XXX.1.172/30 XXX.XXX.24.0/23
mail_gid = mail
mail_home = /var/spool/mail/%1n/%n
mail_location =
maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n
mail_plugins = acl fts fts_solr mailbox_alias quota
mail_shared_explicit_inbox = yes
mail_uid = vmail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate imapflags notify
mbox_write_locks = fcntl
mmap_disable = yes
namespace archives {
hidden = no
inbox = no
list = children
location =
maildir:/var/spool/archives/%1n/%n:INDEX=/var/shared/indexes/%1n/%n/archives
mailbox 2015 {
auto = subscribe
special_use = \Archive
}
prefix = Archives.
separator = .
subscriptions = no
type = private
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox INBOX_spam {
auto = subscribe
special_use = \Junk
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = .
}
namespace others {
list = children
location =
maildir:/var/spool/mail/%%1n/%%n:INDEXPVT=/var/shared/indexes/%1n/%n/shared/%%n
prefix = Other Users.%%n.
separator = .
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
acl_defaults_from_inbox = no
acl_shared_dict = file:/var/shared/d
Re: sharing INBOX with ACL -> share all folders
Hi Chris,
fortunately I've solved the problem with INBOX sharing: there is a bug
with option 'acl_defaults_from_inbox'. When you define it with ANY value
('yes', 'no', 'whatyouwant', 'xxx') it acts like the value is ALWAYS
'yes', the only way to disable it, is comment it or delete from
configuration file.
> My Maildir directories and files are all owned by the UNIX user that
owns the file.
to avoid problems with acl, mailbox sharing and so on, I've changed my
configuration from different UNIX users to a single virtual user some
years ago
> Is having it all running as one [UNIX] user a typical configuration
for dovecot2? Or just typical of installations using ACLs?
I don't know if is typical or not, but it is very simple, and till now I
didn't seen any particular problem
My configuration is attached in the first email; if you need some
explanation, let me know.
Marco
On 2015-07-28 16:38, Chris Ross wrote:
On Jul 28, 2015, at 05:13, Marco Giunta wrote:
Hi at all,
I have a problem with ACL; I want to share INBOX and Sent folder to an other
user, but when I configure ACL on INBOX, all folders are shared (Sent, Junk,
Draft, Trash, etc)
Hello, Marco. Unfortunately I don’t know why you are seeing the behavior
you are, and hope that someone else will be able to help.
However, you seem to have accomplished something I’m wanting to do, and have
as yet been unable to get working. I have a Users INBOX that I want to share
to other users, but something is wrong with the way I’ve configured ACLs and
sharing.
Perhaps we could discuss off-list more of what your configuration looks
like, and how you got there? I’m running on FreeBSD with the ports system
version of dovecot2 2.2.16, currently, although I think I’m due an upgrade.
You say you’re have "My Dovecot instance use a single user”, and I think
that’s different than I. My Maildir directories and files are all owned by the UNIX
user that owns the file. Maybe this is causing me the permissions problems I’m
seeing. Is having it all running as one [UNIX] user a typical configuration for
dovecot2? Or just typical of installations using ACLs?
Thank you.
- Chris
--
---
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265 |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503 |
|Fax: +39-040-3787-244 |
|e-mail: giu...@sissa.it|
---
bug in acl_defaults_from_inbox option
Hi at all,
there is a bug in in acl_defaults_from_inbox option: if you define it
with ANY value ('yes', 'no', 'whatyouwant', 'xxx') it acts like the
value is ALWAYS 'yes', and Dovecot enable it; the only way to disable
it, is comment it or delete from configuration file.
With 'acl_defaults_from_inbox = no', or 'acl_defaults_from_inbox =
whatyouwant', all my folders get ACLs from INBOX; in my case I want to
only share INBOX, but also all other folders were shared.
When you comment 'acl_defaults_from_inbox', Dovecot works like expected.
Marco
# 2.2.15: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.6 (3e924b1b6c5c+)
# OS: Linux 2.6.18-400.1.1.el5 x86_64 Red Hat Enterprise Linux Server
auth_master_user_separator = *
auth_mechanisms = plain login
disable_plaintext_auth = no
doveadm_password =
doveadm_port = 12345
first_valid_uid = 200
hostname = xxx.sissa.it
imap_client_workarounds = delay-newmail
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = X-Original-To
listen = *
login_log_format_elements = user=<%u> PID=%p method=%m rip=%r lip=%l %c
login_trusted_networks = XXX.XXX.1.172/30 XXX.XXX.24.0/23
mail_gid = mail
mail_home = /var/spool/mail/%1n/%n
mail_location =
maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n
mail_plugins = acl fts fts_solr mailbox_alias quota
mail_shared_explicit_inbox = yes
mail_uid = vmail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate imapflags notify
mbox_write_locks = fcntl
mmap_disable = yes
namespace archives {
hidden = no
inbox = no
list = children
location =
maildir:/var/spool/archives/%1n/%n:INDEX=/var/shared/indexes/%1n/%n/archives
mailbox 2015 {
auto = subscribe
special_use = \Archive
}
prefix = Archives.
separator = .
subscriptions = no
type = private
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox INBOX_spam {
auto = subscribe
special_use = \Junk
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = .
}
namespace others {
list = children
location =
maildir:/var/spool/mail/%%1n/%%n:INDEXPVT=/var/shared/indexes/%1n/%n/shared/%%n
prefix = Other Users.%%n.
separator = .
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
acl_defaults_from_inbox = no
acl_shared_dict = file:/var/shared/dovecot/shared-mailboxes.dict
fts = solr
fts_autoindex = yes
fts_autoindex_max_recent_msgs = 20
fts_solr = url=http://solr.localdomain:8080/solr/
mailbox_alias_new = INBOX_spam
mailbox_alias_old = Junk
quota = maildir:User quota:ns=
quota2 = maildir:Archive quota:ns=Archives.
quota2_rule = *:storage=20GB
quota2_warning = storage=95%% quota2-warning 95 %u
quota2_warning2 = storage=90%% quota2-warning 90 %u
quota2_warning3 = storage=80%% quota2-warning 80 %u
quota_rule = *:storage=5GB
quota_rule2 = Trash:storage=+20%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Quota exceeded (mailbox for user
is full)
quota_status_success = DUNNO
quota_warning = storage=100%% quota-warning 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=80%% quota-warning 80 %u
sieve = file:~/sieve;active=~/sieve/.dovecot.sieve
sieve_default = /etc/dovecot/sieve/dovecot.sieve
sieve_extensions = +notify +imapflags
sieve_max_redirects = 16
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = postmas...@sissa.it
protocols = imap pop3 lmtp sieve
rejection_reason = Your message to <%t> was automatically rejected for
the following reason: %n%n%r
service auth {
inet_listener {
port = 49494
}
unix_listener auth-userdb {
user = vmail
}
}
service dict {
unix_listener dict {
user = vmail
}
}
service doveadm {
inet_listener {
port = 26001
}
}
service imap-login {
process_min_avail = 16
service_count = 0
}
service imap {
process_limit = 2048
}
service lmtp {
inet_listener lmtp {
port = 24
}
process_min_avail = 5
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
process_min_av
Re: bug in acl_defaults_from_inbox option
On 2015-09-07 23:10, Timo Sirainen wrote:
This happens to all boolean settings inside plugin {}. Not ideal, but
also not something that will get fixed without some larger settings code
changes.
ok, no problem, but I didn't find this note on Dovecot wiki; maybe it is
better to add it on a general page about configuration, to save future
sysadmin headaches ;-)
--
---
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265 |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503 |
|Fax: +39-040-3787-244 |
|e-mail: giu...@sissa.it|
---
Re: Multiple passwords for a user (SQL)
I managed to write a ugly but working checkpassword script for dovecot, having multiple passwords for a user. But now I found this: https://github.com/dweuthen/roundcube-application_passwords I think this is the better way to go. the crypt passwords are the biggest problem because you need the stored hash to generate the input hash. I know this is safer, but in my opinion SHA2 or what ever is best available hash in mysql something should do it as well. having application passwords is a bigger security advantage than having stronger hashes in the database. correct me if I'm wrong :-) best regards Marco On 06.10.2014 16:46, Marco Fretz wrote: > > Thank you Steffen, > > This sounds like a plan. checkpassword looks quite simple to use and I > could still use default userdb with dovecot-sql for userhome, quota, etc. > I'll give this a try. > > thanks > Marco > > Am 06.10.2014 13:52, schrieb Steffen Kaiser: > > On Mon, 6 Oct 2014, Marco Fretz wrote: > > >> corresponding user in the users table - one use has many passwords > (1:n). > >> for dovecot this means that it will get multiple rows with passwords > >> back from the "password_query". is there a way to tell dovecot to check > >> all those returned passwords and "pass" the request if one of those > >> passwords match? > > > I think no, but you could craft a PAM module and use the pam passdb or > supply a checkpassword script: > > > http://wiki2.dovecot.org/PasswordDatabase > > > -- Steffen Kaiser >
Re: distuguish between different domains
Hi Andreas, I'm not 100% sure what you're trying to accomplish. smtp_server in roundcube is the outgoing server (submission server, i.e. postfix). Mailbox is IMAP (dovecot). You can easily spawn 2 instances of dovecot, one serving aaa.de and one serving bbb.de on different IPs. What exactly is the problem with 2 domains on one dovecot? I mean user @aaa.de usually does not have the password for @bbb.de and vise versa. About the sending server in roundcube: I don't think there is a way to have a different submission server for different sender domains in roundcubde. But you could use the postfix configuration to map sender domains to different outgoing connection IPs. Does this help? If not, please tell us more about what you're trying to do. regards Marco On 27.09.2015 19:53, Andreas Meyer wrote: > Hello! > > I asked myself wether it is possible to distinguish between > different doamins in dovecot so that a user only sees his > mailbox when he is connecting with us...@aaa.de specifying > the server with mail.aaa.de for example. > > So the server does not handout the mailbox for us...@bbb.de > when the client connects to mail.aaa.de as us...@bbb.de > > I have this problem with roundcube. Dovecot is responisble > for two domains. With roundcube I can login as us...@aaa.de > altough the client is configured like so: > $config['smtp_server'] = 'tls://mail.bbb.de'; > and I am landing in the mailbox of us...@aaa.de > > Is there a way to striktly differentiate between doamins? > Both domains have their own IP-addresses. > > Regards > > Andreas
Re: Sieve and forward
Hi, I think the problem is you cannot resign the forwarded message... and if you keep the original sender domain it looses the signature? I'm not a DKIM guru though :-) Maybe just forward it as attachment from the users address... regards Marco On 18.09.2015 00:36, Il Neofita wrote: > Hi > I have already posted to the postfix group, however, I believe that sieve > and dovecot should be able to fix this problem. > When I receive a message from yahoo and the user forward it to a gmail or > yahoo acount this email is considered as spam or rejected. > From yahoo is rejected since it seems that I am try to send spam since the > email should be signed with dkim. > Is there a way to encpuslated or sign in some way. > > Thank you
Re: Problem with SHA2/Geotrust and dovecot 2.0.9
Hi, does the cert work if you open and output it as text with openssl command? not sure if 2.0.9 does support sha2, I think it should - I guess it actually depends on openssl libs not dovecot. On 08.09.2015 15:17, Il Neofita wrote: > Hi > I have renew my geotrust certificate using sha2, and I have problem with > Dovecot 2.0.9 and redhat 6.7. > The same certificate is working in Apache. > > The error is > > dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM > certificate. > > and the configuration file is > > ssl_cert= ssl_key = ssl_ca = > What I should do?
Re: distuguish between different domains
On 28.09.2015 10:48, Andreas Meyer wrote: > Hello! > > Marco Fretz schrieb am 28.09.15 um 08:29:59 Uhr: > >> Hi Andreas, >> >> I'm not 100% sure what you're trying to accomplish. >> >> smtp_server in roundcube is the outgoing server (submission server, i.e. >> postfix). Mailbox is IMAP (dovecot). >> You can easily spawn 2 instances of dovecot, one serving aaa.de and one >> serving bbb.de on different IPs. > How do I do this? http://wiki2.dovecot.org/RunningDovecot I do this by creating a 2nd startup script / systemd service you can then use another dovecot config file and specify different listen IPs (and Ports). This is also useful for different SSL certs per domain / ip, etc. > >> What exactly is the problem with 2 domains on one dovecot? I mean user >> @aaa.de usually does not have the password for @bbb.de and vise versa. > What is irritating me is that when there are two domains served by > dovecot, in the client I can specify server.aaa.de although I have > an email-address u...@bbb.de and connect as such. > > For my understanding it should not be possible to connect to server > server.aaa.de with an address line u...@bbb.de and dovecot serves > the mailbox of that user. the dovecot service does not care about the server dns name. the dns name resolves to the IP address on the client (roundcube) and the client connects to the server. if the same dovecot instance listens to all / both IP address, client will end up on this dovecot instance and all valid user-password combinations are authorized. that's the way it has to be, otherwise virtual / mass virtual domain hosting would not be possible as you cannot spawn 1000 instances on the same machine (ok, in theory you could do that :D) > >> About the sending server in roundcube: I don't think there is a way to >> have a different submission server for different sender domains in >> roundcubde. But you could use the postfix configuration to map sender >> domains to different outgoing connection IPs. > Postfix is not the problem. It's the login into the IMAP-server that > is irritating me. Or am I completely wrong? > > Regards > > Andreas
BUG: service(auth) crash when quota-status lookup an address with local-part starting with auth_master_user_separator
ERMIT Internal error occurred. Refer to server log for more information. request=smtpd_access_policy sender=john...@example.com recipient=;jane...@example.com size=1 action=DEFER_IF_PERMIT Internal error occurred. Refer to server log for more information. and server log: Sep 29 10:20:00 my_server dovecot: auth: userdb(?): Username character disallowed by auth_username_chars: 0x2a (username: *@example.com) Sep 29 10:20:31 my_server dovecot: auth: userdb(?): Username character disallowed by auth_username_chars: 0x2a (username: *jane...@example.com) Sep 29 10:20:54 my_server dovecot: auth: Panic: file auth-request.c: line 1252 (auth_request_set_login_username): assertion failed: (*username != '\0') Sep 29 10:20:54 my_server dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a7126a] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a712d6] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a70cac] -> dovecot/auth [0x4131eb] -> dovecot/auth(auth_request_set_username+0x94) [0x413284] -> dovecot/auth [0x40dc4c] -> dovecot/auth [0x40e60b] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x3d70a82699] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd5) [0x3d70a83a55] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x3d70a82739] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x3d70a829b8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x3d70a29233] -> dovecot/auth(main+0x383) [0x41cfc3] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3302e1d9f4] -> dovecot/auth [0x40b5f9] Sep 29 10:20:54 my_server dovecot: quota-status: Error: userdb lookup(;@example.com): Disconnected unexpectedly Sep 29 10:20:54 my_server dovecot: auth: Fatal: master: service(auth): child 19941 killed with signal 6 (core dumps disabled) Sep 29 10:21:15 my_server dovecot: auth: Panic: file auth-request.c: line 1252 (auth_request_set_login_username): assertion failed: (*username != '\0') Sep 29 10:21:15 my_server dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a7126a] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a712d6] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a70cac] -> dovecot/auth [0x4131eb] -> dovecot/auth(auth_request_set_username+0x94) [0x413284] -> dovecot/auth [0x40dc4c] -> dovecot/auth [0x40e60b] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x3d70a82699] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd5) [0x3d70a83a55] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x3d70a82739] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x3d70a829b8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x3d70a29233] -> dovecot/auth(main+0x383) [0x41cfc3] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3302e1d9f4] -> dovecot/auth [0x40b5f9] Sep 29 10:21:15 my_server dovecot: quota-status: Error: userdb lookup(;jane...@example.com): Disconnected unexpectedly Sep 29 10:21:15 my_server dovecot: auth: Fatal: master: service(auth): child 20758 killed with signal 6 (core dumps disabled) of course, I don't have any address '*@example.com' or '*jane...@example.com', but some bot in internet try to send emails to these addresses, and my Postfix ask my dovecot server for the quota of '*' or '*janedoe' user. I've solved the problem adding a REJECT rule to Postfix to discard the mail to '*@example.com' before the quota check, but this problem should be solved in Dovecot. thank you, Marco My configuration: # 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 2.6.18-406.el5 x86_64 Red Hat Enterprise Linux Server release 5.11 (Tikanga) ext3 auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = sha1 disable_plaintext_auth = no doveadm_password = XXX doveadm_port = 12345 first_valid_uid = 200 hostname = myserver.example.com imap_client_workarounds = delay-newmail lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = X-Original-To listen = * login_log_format_elements = user=<%u> PID=%p method=%m rip=%r lip=%l %c login_trusted_networks = XXX.XXX.XXX.XXX mail_gid = mail mail_home = /var/spool/mail/%1n/%n mail_location = maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n mail_plugins = acl mailbox_alias quota mail_shared_explicit_inbox = yes mail_uid = vmail maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate vacation-seconds
Re: BUG: service(auth) crash when quota-status lookup an address with local-part starting with auth_master_user_separator
On 2015-09-29 11:06, Timo Sirainen wrote:
On 29 Sep 2015, at 11:36, Marco Giunta wrote:
>
but a better fix would be to disale the separator for these lookups. I think
something like this would work:
auth_master_user_separator = *
protocol quota-status {
# disable
auth_master_user_separator =
}
Thank you Timo, this works like a charms on 2.2.16; I'm waiting 2.2.19
to update my servers.
Marco
--
---
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265 |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503 |
|Fax: +39-040-3787-244 |
|e-mail: giu...@sissa.it|
---
Re: distuguish between different domains
>> the dovecot service does not care about the server dns name. the dns >> name resolves to the IP address on the client (roundcube) and the client >> connects to the server. if the same dovecot instance listens to all / >> both IP address, client will end up on this dovecot instance and all >> valid user-password combinations are authorized. that's the way it has >> to be, otherwise virtual / mass virtual domain hosting would not be >> possible as you cannot spawn 1000 instances on the same machine (ok, in >> theory you could do that :D) > No, it's only impossible if you are using passdb or otherwise > authenticating against real users of the system. If you are using > virtual users (SQL, LDAP, etc.), you can include the domain name in the > auth lookups. > > Andreas was asking about the fqdn where the imap client is connecting to, not the user name / e-mail address. you can use localpart and domain from the email address in passdb / userdb lookups but dovecot (imap) is nothing like http where you send the a hostname of the site you're conncting to in the header.
Re: mirroring one domain.tld to domain.tld.au
On 28.09.2015 16:47, voy...@sbt.net.au wrote: > I have Postfix/Dovecot/postfixadmin/MySQL with several virtual mailbox > domains > > one of the domains is like aname.com.au, the user also now has aname.com, > and, would like to 'mirror' most of the addresses to be u...@aname.com, > THOUGH, some are to remain as us...@aname.com.au I usually do this by having 4 tables in mysql: hosting (links everything together, links to a product table, quota, what ever) domains (domainnames) accounts (homedir, password, etc.) usernames - one hosting has many accounts - one hosting has many domains (domain aliases) - one account has many usernames (localpart aliases for same account) then you can match like anything you want out of this and you use similar queries for postfix and dovecot. in the domains table you could have a column boolean "maindomain" and in the account table you have a column "maindomain_only"... for my use, users don't care if there are other alias combinations - they just don't use it then. but they can login with any combination of @ and it's still only one mail directory per account. it's also a good idea to name the maildirectory like /, so you don't have the domain / username hardcoded anywhere. just some thoughts, works great for me - but depends on your exact use case. you can do like anything you want in SQL for postfix and dovecot keep performance in mind though :-) > > so, both u...@aname.com as well as u...@aname.com.au should be one user > > the users retrive emails as u...@aname.com.au > > longer term... some would want to use aname.com.au. some, aname.com > > what's the best/proper way to do so in Dovecot ? > > I think I can do Postfix with postfixadmin to "Mirror addresses of one of > your domains to another." > > but what do I do at the Dovecot end...? > > thanks for any pointers, suggestions or advice
Re: separate passdb for unix_listener
You can have a separate dovecot instance for smtp-auth and use that
socket in postfix config.
Just use a small config like the one below for the "auth only instance"
and fire it up with "dovecot -F -c /etc/dovecot/dovecot-auth.conf"
you can then copy and adapt the systemd script or what ever to start it
automatically. in that sql-conf you just need a password_query, no
user_query.
---
base_dir = /var/run/dovecot-auth
instance_name = dovecot-auth
passdb {
driver = sql
args = /etc/dovecot/dovecot-auth-sql.conf.ext
}
# disable listeners
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 0
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
service auth {
unix_listener auth-userdb {
#mode = 0666
#user =
#group = virtual_mail
}
# Postfix smtp-auth socket
unix_listener /var/spool/postfix/private/auth-smtp {
mode = 0660
group = virtual_mail
}
# Auth process is run as this user.
#user = $default_internal_user
}
---
On 06.10.2015 17:53, Damon wrote:
> I want to use a separate passed for the unix_listener (postfix smtp-auth) so
> i can limit access to the smtp server by user/domain using the postfixadmin
> database.
> I want to let users access map to receive email but not be able to send.
>
> Any ideas?
>
> Thanks
> Damon
Re: Re: Accessing to mail as another user
Hi,
we have such configuration in our Dovecot; it is configured with virtual
users and acl. To enable access of userA mailbox to userB, first I have
to add userB to userA acl, and then I put userA username in an
ARBITRARY_FIELD of userB record in our ldap (if you use a db for your
account, the configuration could be more simple). We use the
ARBITRARY_FIELD to limit the access of other users mailboxes: the field
is not writable by the user, only by administrators.
Our config files:
/etc/dovecot/conf.d/auth-master.conf.ext
...
passdb {
driver = ldap
master = yes
args = /etc/dovecot/dovecot-ldap.conf.masterusers
pass = yes
default_fields =
userdb_mail=maildir:/path_to_mailboxes/%1{login_user}/%{login_user}:INDEXPVT=/path_to_indexes/%1n/%n/shared/%{login_user}
}
and in /etc/dovecot/dovecot-ldap.conf.masterusers
...
pass_attrs = uid=user,userPassword=password
pass_filter =
(&(uid=%n)(accountStatus=active)(ARBITRARY_FIELD=%{login_user}))
to login, you have to use the same way of a masteruser:
Login: userA*userB
Password: userB_password
Cheers,
Marco
On 2016-02-10 07:49, Angel L. Mateo wrote:
El 09/02/16 a las 13:44, Matthias Fechner escribió:
do you maybe mean shared mailboxes:
http://wiki.dovecot.org/SharedMailboxes
I don't want shared mailboxes. I have to access the other mailbox
as a complete separate account from my personal one.
I think I can achive this with master user, but I need to found a
way to configure permissions so the real user has access to all folders
in the other mailbox.
--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244
problem with Sieve Duplicate Extension when used together with fileinto
m>: stored mail into
mailbox 'mail01'
Apr 21 08:49:22 smtp-server dovecot: lmtp(use...@example.com):
rSM3And3GFdFaQAAIDyJFw: sieve:
msgid=<20160421064922.26919.68...@myhost.example.com>: stored mail into
mailbox 'mail02'
Apr 21 08:49:22 smtp-server dovecot: lmtp(use...@example.com):
YVCsNPJ3GFd1dgAAIDyJFw: sieve:
msgid=<20160421064922.26919.68...@myhost.example.com>: marked message to
be discarded if not explicitly delivered (discard action)
Apr 21 08:49:23 smtp-server dovecot: lmtp(use...@example.com):
bSaBBU53GFdhbwAAIDyJFw: sieve:
msgid=<20160421064922.26919.68...@myhost.example.com>: marked message to
be discarded if not explicitly delivered (discard action)
Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com):
fSOyOtV3GFcmdAAAIDyJFw: sieve:
msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into
mailbox 'mail01'
Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com):
sSM3And3GFdFaQAAIDyJFw: sieve:
msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into
mailbox 'mail01'
Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com):
sSM3And3GFdFaQAAIDyJFw: sieve:
msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into
mailbox 'mail02'
Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com):
fSOyOtV3GFcmdAAAIDyJFw: sieve:
msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into
mailbox 'mail02'
Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com):
ZVCsNPJ3GFd1dgAAIDyJFw: sieve:
msgid=<20160421064927.26926.28...@myhost.example.com>: marked message to
be discarded if not explicitly delivered (discard action)
As you can see, the message ID of a single sent, is the same, so the
duplicate extension should work. If I replace the 'fileinto' rule with,
for example, a 'setflag' rule:
-------
require ["fileinto", "duplicate", "imap4flags"];
if duplicate {
discard;
stop;
}
if address :is :all "to" "mai...@example.com" {
setflag "\\seen";
}
if address :is :all "to" "mai...@example.com" {
setflag "\\seen";
}
--
it works like a charm: for every mail sent, the duplicate extension works.
What is it wrong ? someone has any clue ?
Cheers,
Marco
--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244
Re: Re: Setting lmtp_user_concurrency_limit causes anvil permission error
Same problem here: Apr 26 15:01:37 posta-01 dovecot: lmtp(2432): Error: net_connect_unix(/var/run/dovecot/anvil) failed: Permission denied # ls -l /var/run/dovecot/anvil srw--- 1 root root 0 Apr 26 15:08 /var/run/dovecot/anvil but I don't use 'lmtp_rcpt_check_quota'. Marco On 2016-04-07 14:39, Tom Sommer wrote: On 2016-04-07 13:41, Tom Sommer wrote: I've set lmtp_user_concurrency_limit to 5 and now LMTP throws this at me for every delivery: Apr 07 13:38:33 lmtp(4434): Error: net_connect_unix(/var/run/dovecot/anvil) failed: Permission denied ls -l /var/run/dovecot/anvil srw--- 1 root root 0 Apr 7 13:32 /var/run/dovecot/anvil If I set lmtp_user_concurrency_limit to 0, the error goes away. Hrm, if I disable lmtp_rcpt_check_quota, then the error goes away as well. Very confusing. -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Migrate email account from Dovecot to Dovecot servers
Hello, 1) I needto migrate some mbox imap email accounts from a shared webhosting provider toanother one. 2) Bothservers seem to use Devecot, as a telnet command on port 143 shows an identicalresponse:* OK[CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACESTARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 3) I don'tknow Dovecot version because I don't have access to "dovecot --version"command. 4) I can'tuse "doveadm-sync" because the command is not available on my sharedhosting account. 5) I preferto leave imapsync perl script as the last option because I want to preserve theUID. So, I needto know what migration procedure can be adopted: if I copythe /home/user/mail/ directory containing all email account from the sourceserver to the destination server, can I expect to see all accounts working withall the emails transferred ? Should I firstcreate from cPanel all the email account with identical names and password onthe destination server ? Anysuggestion will be much appreciated. Thanks in advance!
Migrate Dovecot email archive
Yesterday I'vemigrated Dovecot mail archive between two servers using the procedure below: 1) Createon the new server the same email accounts existing on the old server. 2) Transferthe "tarred" mail folder from the old to the new server. For testingpurposes, on Outlook 2007 I've deleted a .pst cache file, forcing the client todownload all emails again. The switchwas absolutely transparent without any problem. All the emails were availableand Outlook 2007 noticed no changes. Can Iconsider this a correct procedure or should I use some tools like Dsync ?
Re: Migrate Dovecot email archive
Yes, infact it's working: after thecopy I've switched mx record and server address on the email client so, the oldmailbox is not used. Mailstorage format was the same on both servers (mbox). I'vepreferred this approach than the use of Dsync or Imapsync tools. Il Lunedì 20 Giugno 2016 9:14, Steffen Kaiser ha scritto: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 19 Jun 2016, Marco Usai wrote: > Yesterday I'vemigrated Dovecot mail archive between two servers using the > procedure below: > 1) Createon the new server the same email accounts existing on the old server. > 2) Transferthe "tarred" mail folder from the old to the new server. > For testingpurposes, on Outlook 2007 I've deleted a .pst cache file, forcing > the client todownload all emails again. > > The switchwas absolutely transparent without any problem. All the emails were > availableand Outlook 2007 noticed no changes. > Can Iconsider this a correct procedure or should I use some tools like Dsync ? If you do not change the mail storage format (Maildir -> dbox, or something like that), do not change 32bit -> 64bit, big / little endian a.s.o. and if you make sure the old mailbox is not accessed, while you copy the data over, it should work :-) In fact, I use "rsync". - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBV2eXs3z1H7kL/d9rAQKUUQf/WebZz4IiJogPyWO0vCvJVomDl12E/1cX fDz0FW7wceJrKIYmLfIJa5S4L2r1bimdfVimiPbs3ORMbBV37TXH8lErbLZMSrEi gjn7FI1Q6hF97Lrc1YSn9UkENp9M7bXpXsDPiuOn++KXZ+fM5QkSzKxV2F9YAoap J/efjEo/cliOiSYWC5R4yZ8bIY45x83kxMhWctH3ZQ/dCGWdiAgGxg0l+bP0AurV 7vEJhfhJxdV2FnaQtnhHHRuOFcIVBSyvDWkx9iQZ5ZiTnE9NDsVYf5gkPy+2dkrf XvtZ+G9HRaBGrCkqGJxWZTRzjgtnBYx6lxz+9zPgRVGpguKFR7Qnkg== =2W8A -END PGP SIGNATURE-
[Dovecot] Mail lost - maybe a bug???
Hello everybody I'm struggling against what seems a really serious trouble: sometimes mail get lost I did all the possible checks, but they seems really lost - I know is absurd, but it seems so it has been noticed by two users on my server: intially I tought that was their mistake (mail deleted, mail into spam, ecc), but it wasn't I deeply checked mail logs, and it seems that mail are delivered (the path is postfix->amavis->dovecotlda) - log files says that messages are delivered, but sometimes we lost a message. I also tried to get into the Maildir and grep the subject of the lost email: if it was addressed to more recipients I'm able to get it on some of them, but not to all (look at the example below) I hope I have clearly explained everything, otherwise let me knowmydomain now an extract from the log file: Oct 27 11:20:29 srv001 postfix/smtpd[24562]: connect from usstlz- psecap06.emerson.com[144.191.128.17] Oct 27 11:20:30 srv001 postfix/smtpd[24562]: CE0B74E4A9F: client=usstlz-psecap06.emerson.com[144.191.128.17] Oct 27 11:20:31 srv001 postfix/cleanup[25157]: CE0B74E4A9F: warning: header Subject: =?utf-8?B? RW1lcnNvbiBHbG9iYWwgVXNlcnMgRXhjaGFuZ2UgMjAxMiBpbiBEw7xzc2VsZG9yZiA6IFJlaWNoZW4gU2llIGpldHp0IElocmUgUHLDpHNlbnRhdGlvbmVuIGVpbg ==?= from usstlz-psecap06.emerson.com[144.191.128.17]; from=> to= proto=ESMTP helo= Oct 27 11:20:31 srv001 postfix/cleanup[25157]: CE0B74E4A9F: message- id= Oct 27 11:20:31 srv001 postfix/qmgr[11827]: CE0B74E4A9F: from=>, size=22689, nrcpt=3 (queue active) Oct 27 11:20:33 srv001 dovecot: imap(lromano): Disconnected: Logged out bytes=632/34319 Oct 27 11:20:34 srv001 postfix/smtpd[25162]: connect from localhost.localdomain[127.0.0.1] Oct 27 11:20:34 srv001 postfix/smtpd[25162]: B16284E4AA2: client=localhost.localdomain[127.0.0.1] Oct 27 11:20:34 srv001 postfix/cleanup[25157]: B16284E4AA2: message- id= Oct 27 11:20:34 srv001 postfix/qmgr[11827]: B16284E4AA2: from=>, size=23094, nrcpt=3 (queue active) Oct 27 11:20:34 srv001 amavis[22923]: (22923-01) Passed CLEAN, [144.191.128.17] [155.177.20.144] -> ,,, Message-ID: >, mail_id: 6rtF4927FAjt, Hits: -0.518, size: 22687, queued_as: B16284E4AA2, 3293 ms Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=>, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=>, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/lmtp[25158]: CE0B74E4A9F: to=>, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=0.95/0.01/0.01/3.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B16284E4AA2) Oct 27 11:20:34 srv001 postfix/qmgr[11827]: CE0B74E4A9F: removed Oct 27 11:20:34 srv001 dovecot: lda(user1): msgid=>: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25165]: B16284E4AA2: to=>, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 dovecot: lda(user2): msgid=>: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25168]: B16284E4AA2: to=>, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 dovecot: lda(user3): msgid=>: saved mail to INBOX Oct 27 11:20:34 srv001 postfix/pipe[25170]: B16284E4AA2: to=>, relay=dovecot, delay=0.05, delays=0.01/0.02/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 27 11:20:34 srv001 postfix/qmgr[11827]: B16284E4AA2: removed Oct 27 11:20:36 srv001 postfix/smtpd[24562]: disconnect from usstlz- psecap06.emerson.com[144.191.128.17] as you can see there was a message for o...@mydomain.ch (I obviously changed the domain for privacy) - logs says that all the three users got the email, but the third user didn't. I do not know why and when it happens, but seldom we have this issue maybe is there some kind of bug in the maildrop version I use? by the way, I had this issue also before installing amavisd-new now some infos: CentOS 5.3 postfix-2.3.3-2.1.el5_2 amavisd-new-2.6.6-1.el5.rf dovecot-2.0.11-1_126 dovecot-managesieve-0.2.2-15 dovecot-pigeonhole-0.2.2-15 users are on a Kerberized OpenLDAP please help me because this is really driving me crazy - don't leave me alone, please Marco Carcano
Re: [Dovecot] Mail lost - maybe a bug???
postfix/pipe[1445]: 244774E4AA2: to=>, relay=dovecot, delay=0.08, delays=0.01/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 dovecot: lda(theuser): msgid=<899eab831ea7414f994704db43677a140450e...@npicmail.npic.com.sa >: saved mail to INBOX Nov 12 08:48:06 srv001 postfix/pipe[1447]: 244774E4AA2: to=>, relay=dovecot, delay=0.09, delays=0.01/0.01/0/0.07, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 dovecot: lda(user4): msgid=<899eab831ea7414f994704db43677a140450e...@npicmail.npic.com.sa >: saved mail to INBOX Nov 12 08:48:06 srv001 postfix/pipe[1450]: 244774E4AA2: to=>, relay=dovecot, delay=0.26, delays=0.01/0.02/0/0.23, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 postfix/qmgr[4876]: 244774E4AA2: removed Nov 12 08:48:08 srv001 postfix/smtpd[1430]: disconnect from mail.tasnee.com[62.3.52.58] as you can see again, the mail seems delivered, but is not I really think is some kind of misconfiguration of mine, may you help me, please? Just tell me what pieces of config to show (just not to flood the whole config) thank you Marco Carcano
Re: [Dovecot] Mail lost - maybe a bug???
Hello Timo and Urban, and thank you for the very quick reply I have already thought about these things: I have already disabled mailbox deletion from POP3 clients, that actually just leave the messages on the server however, this time noone of the 4 recipients got the email - so it is really strange that all che clients deleted the same message and left all the others we can notice this only a few days after the issue, because customers send us a reminder forwarding the lost mail Il giorno 17/nov/11, alle ore 18:34, Timo Sirainen ha scritto: On 17.11.2011, at 18.47, Marco Carcano wrote: Oct 27 11:20:34 srv001 dovecot: lda(user3): msgid= : saved mail to INBOX If Dovecot logs this, then the message definitely was saved to INBOX. it is exactly what I told to my colleagues, but belive me, sometime some mail get lost - Most likely reason for this is that the user's client deletes the message. Possibly an automatic client side filter or some UI issue that causes user to accidentally delete a mail. The mail_log plugin's logging would have showed if this was the case. I suspect however that could be mine misconfiguration somewhere, so that lda sometimes write the email not in the right place, but elsewhere, and just write the phrase " saved mail to INBOX in the logs (however I'm wondering why sometimes?!?) I can't think of any reason why it would randomly write to a wrong place. maybe something related to LDAP lookups? what can happen if for some reason the LDAP server does not reply to the lookup? Timo, belive to me, I use dovecot since 3 years, and I am one of the thousands of happy user, I really can't explain what is happening on this server I'll do this trial: I'll enable lda debug logging ont a file on a USB hard disk - in order to know where exactly messages are stored, and enable also maillog too I'll keep you informed on what I'll find - maybe it will take some days, as I told it happens quite seldom thank you I tried to find the missed email in the Maildir, but have not been able to get it - the commands used are cd /home/mailboxstore/theuser/Maildir grep "629222" */* |grep "RE:" grep "629222" .Drafts/* |grep "RE:" grep "629222" .Drafts/*/* |grep "RE:" grep "629222" .Junk/* |grep "RE:" grep "629222" .Posta\ eliminata/* |grep "RE:" grep "629222" .Posta\ indesiderata/* |grep "RE:" grep "629222" .Posta\ inviata/* |grep "RE:" grep "629222" .Sent/* |grep "RE:" grep "629222" .Templates/* |grep "RE:" grep "629222" .Trash/* |grep "RE:" Only the grep "629222" .Drafts/*/* |grep "RE:" was grepping from mail files. Easier would be just: grep -r "RE:.*629222" . I really think is some kind of misconfiguration of mine, may you help me, please? Just tell me what pieces of config to show (just not to flood the whole config) I doubt this is related to configuration. But you could enable http://wiki2.dovecot.org/Plugins/Lazyexpunge so that messages won't be lost if they are expunged. The next time a message is lost, you would most likely find it from the lazy-expunge namespace. (Then you could write a script that deletes e.g. >1 week old files nightly.)
Re: [Dovecot] Mail lost - maybe a bug???
now it seems absurd, but mmanzoni has not received the message - I tried also "grepping" for the object in the maildir, but haven't been able to get it what do you think about this? I really do not know where this issue can be - the only componet I suppose could have some kind of problem is in the LDA phase, but I'm just supposing do you want to give a look to my config files? If so, which one could be interesting to post? kind regards Marco Carcano Il giorno 17/nov/11, alle ore 18:34, Timo Sirainen ha scritto: On 17.11.2011, at 18.47, Marco Carcano wrote: Oct 27 11:20:34 srv001 dovecot: lda(user3): msgid= : saved mail to INBOX If Dovecot logs this, then the message definitely was saved to INBOX. it is exactly what I told to my colleagues, but belive me, sometime some mail get lost - Most likely reason for this is that the user's client deletes the message. Possibly an automatic client side filter or some UI issue that causes user to accidentally delete a mail. The mail_log plugin's logging would have showed if this was the case. I suspect however that could be mine misconfiguration somewhere, so that lda sometimes write the email not in the right place, but elsewhere, and just write the phrase " saved mail to INBOX in the logs (however I'm wondering why sometimes?!?) I can't think of any reason why it would randomly write to a wrong place. I tried to find the missed email in the Maildir, but have not been able to get it - the commands used are cd /home/mailboxstore/theuser/Maildir grep "629222" */* |grep "RE:" grep "629222" .Drafts/* |grep "RE:" grep "629222" .Drafts/*/* |grep "RE:" grep "629222" .Junk/* |grep "RE:" grep "629222" .Posta\ eliminata/* |grep "RE:" grep "629222" .Posta\ indesiderata/* |grep "RE:" grep "629222" .Posta\ inviata/* |grep "RE:" grep "629222" .Sent/* |grep "RE:" grep "629222" .Templates/* |grep "RE:" grep "629222" .Trash/* |grep "RE:" Only the grep "629222" .Drafts/*/* |grep "RE:" was grepping from mail files. Easier would be just: grep -r "RE:.*629222" . I really think is some kind of misconfiguration of mine, may you help me, please? Just tell me what pieces of config to show (just not to flood the whole config) I doubt this is related to configuration. But you could enable http://wiki2.dovecot.org/Plugins/Lazyexpunge so that messages won't be lost if they are expunged. The next time a message is lost, you would most likely find it from the lazy-expunge namespace. (Then you could write a script that deletes e.g. >1 week old files nightly.)
Re: [Dovecot] Mail lost - maybe a bug???
Hello Timo
and thanks again for the ultra quick reply!
Enabling mail_log plugin and/or lazy_expunge plugin would have helped
more (both mentioned in my previous mail).
Sorry - I thought I have enabled it, but maybe I did something wrong
with the configuration and it was not enabled:
here is what I did in order to enable mail_log:
syslog_facility = local5
mail_debug = yes
plugin {
# Events to log. Also available: flag_change append
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
# Group events within a transaction to one line.
#mail_log_group_events = no
# Available fields: uid, box, msgid, from, subject, size, vsize,
flags
# size and vsize are available only for expunge and copy events.
#mail_log_fields = uid box msgid size
}
There's really nothing in the LDA log that could explain why the
message
gets lost. It most likely was successfully delivered by LDA, but got
deleted afterwards for some reason.
You mean that this user's mails are never supposed to be deleted via
POP3? Verify that with:
yes, you got it - it is never supposed only because we are debugging ;O)
grep 'pop3.*mmanzoni.*del=[^0]' /var/log/dovecot.log
or wherever those POP3 disconnection messages are logged, i.e. you
should find lots of messages with:
grep 'pop3.*mmanzoni.*del=0' /var/log/dovecot.log
OK, tried the following - I have varoius log files
grep 'pop3.*mmanzoni.*del=[^0]' deliver.log*
and got nothing
grep 'pop3.*criva.*del=[^0]' deliver.log*
and got
deliver.log.1:Dec 15 12:26:16 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=1/8147, del=1613/1613,
size=619997598
deliver.log.1:Dec 15 12:27:39 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=200/50212479, del=200/200,
size=50208702
deliver.log.1:Dec 15 12:29:08 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=600/203527129, del=600/600,
size=203515938
deliver.log.1:Dec 15 12:30:49 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=1000/310592896, del=1000/1000,
size=310574037
deliver.log.1:Dec 15 12:31:10 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=399/44426198, del=399/399,
size=44418942
deliver.log.2:Dec 15 00:11:09 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=10530/1684049964,
del=10530/10530, size=1683854308
so yes, I'm pretty sure that mmanzoni never deletes messages
belive to me - usually I try to solve problems myself without
disturbing anyone else, but this time is really hard and I do not know
if I could face it alone
I hope you can help
kind regards
Marco Carcano
Re: [Dovecot] mail server management
On Mon, Feb 18, 2008 at 12:35:01PM -0500, Paul A wrote: > Hi, this is sort of off topic but I'm using dovecot with postfix on centos 5 > and I have multiple virtual domains and I want to be able to have virtual > admin's add/remove mappings/users for their own domains. > I have looked around and haven't found many solutions just wondering what > everyone is using for virtual mail management. we use http://panda-admin.sf.net It is a postfix+postgres+dovecot system with php frontend. Pro: cool ;-) Con: need more documentation, it is in italian only Bye -- ----- |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | [EMAIL PROTECTED] | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: Digital signature
[Dovecot] how add size and vsize filed to a maildir filename ?
Hi to all, I'm a sys admin in a college, and we're using Dovecot as IMAP/POP3 server and delivery; we're also patch dovecot to add managesieve capability. I've a question: I've read on dovecot's wiki, that is possible improve the performance on maildir file by adding ,S=,W= fields on filename. How is possible to do that ? I've search on all the wiki and on the mailing list, but I didn't find nothing about modify the maildir file name. Someone can help me ? Best regards, Marco
[Dovecot] how add size (, S=size) and virtual size (, W=vsize) fields to a maildir filename ?
Hi to all, I'm a sys admin in a college, and we're using Dovecot as IMAP/POP3 server and delivery; we're also patch dovecot to add managesieve capability. I've a question: I've read on dovecot's wiki, that is possible improve the performance on maildir files by adding ,S=,W= fields on filename. How is possible to do that ? I've search on all the wiki and on the mailing list, but I didn't find nothing about modify the maildir file name. Someone can help me ? Best regards, Marco
Re: [Dovecot] how add size (, S=size) and virtual size (, W=vsize) fields to a maildir filename ?
Thank you Timo, I'll use quota plugin on delivery. Timo Sirainen wrote: On Tue, 2008-05-13 at 08:36 +0200, Marco Giunta wrote: Hi to all, I'm a sys admin in a college, and we're using Dovecot as IMAP/POP3 server and delivery; we're also patch dovecot to add managesieve capability. I've a question: I've read on dovecot's wiki, that is possible improve the performance on maildir files by adding ,S=,W= fields on filename. Only in some specific situations. Do you use Maildir++ quota? S= is useful only with it. Do you use Dovecot's deliver? It adds S= automatically if you use quota plugin. W= isn't added automatically by v1.0, but v1.1 adds it (actually I just noticed that the code was accidentally commented out, I enabled it again so the next release will have it). But as long as you're using index files (and you should be), W= doesn't really provide any performance benefits. -- --- |Marco Giunta - SISSA Computer Staff| |Via Beirut, 2-4| |34014 - Trieste, Italy| |Tel: +39-40-3787-503 | |Fax: +39-040-3787-528 | |e-mail: [EMAIL PROTECTED]| ---
[Dovecot] Dovecot doesn't read users and passwords from config files
Greetings,
I am setting up Dovecot 1.0.15 on my home Fedora Core 8 pc ONLY to
access my mail archives across several mail clients. No access from
the internet is possible or needed here.
I cannot log in with any client, the login always fails. The reason,
as I understand, is that when dovecot starts it doesn't read any user
name from the userdb file, so when I try to login it doesn't recognize
my name and so doesn't even try to verify the password:
maillog excerpt:
Aug 3 00:06:11 polaris dovecot: Dovecot v1.0.15 starting up
Aug 3 00:06:11 polaris dovecot: auth(default): passwd-file
/etc/local_dovecot_passwords: Read 0 users
Aug 3 00:06:11 polaris dovecot: auth(default): passwd-file
/etc/local_dovecot_users: Read 0 users
Aug 3 00:06:12 polaris dovecot: auth(default): new auth connection: pid=5150
Aug 3 00:06:12 polaris dovecot: auth(default): new auth connection: pid=5148
Aug 3 00:06:12 polaris dovecot: auth(default): new auth connection: pid=5149
Aug 3 00:06:26 polaris dovecot: auth(default): client in:
AUTH#0111#011PLAIN#011service=IMAP#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011resp=AG1hcmNvAGdpZ2V0dG8=
Aug 3 00:06:26 polaris dovecot: auth(default): passwd-file(marco,127.0.0.1):
lookup: user=marco file=/etc/local_dovecot_passwords
Aug 3 00:06:26 polaris dovecot: auth(default): passwd-file(marco,127.0.0.1):
unknown user
Aug 3 00:06:27 polaris dovecot: auth(default): client out:
FAIL#0111#011user=marco
Aug 3 00:06:27 polaris dovecot: imap-login: Disconnected: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
the dovecot.conf file, purged by comments, is below. What am I
missing?
TIA,
Marco
##
protocols = imap
listen = localhost:143
mail_location = maildir:/home/marco/.MAIL/home_imap/
protocol imap {
}
protocol pop3 {
}
protocol lda {
postmaster_address = [EMAIL PROTECTED]
}
auth_debug = yes
auth_debug_passwords = yes
auth default {
mechanisms = plain login
passdb passwd-file {
args = /etc/local_dovecot_passwords
}
userdb passwd-file {
args = /etc/local_dovecot_users
}
user = root
}
dict {
}
plugin {
}
###
the local_dovecot_passwords and local_dovecot_users files are
identical, and have permission 644:
marco:{PLAIN}thepassword:500:500::/home/marco/.MAIL/home_imap/
--
Reality is for those who lack imagination
Re: [Dovecot] Dovecot doesn't read users and passwords from config files
On Sun, Aug 03, 2008 00:18:34 AM +0200, Marco Fioretti wrote: > Greetings, > > I am setting up Dovecot 1.0.15 on my home Fedora Core 8 pc ONLY to > access my mail archives across several mail clients. No access from > the internet is possible or needed here. > > I cannot log in with any client, the login always fails. I forgot to add that, _before_ I changed the password and user files to what I reported, that is when the defaults in dovecot.conf were for authorization with system usernames and passwords, everything was fine. Is when I changed the auth mechanism that problem started. Marco
[Dovecot] Solution???: Dovecot doesn't read users and passwords from config files
On Sun, Aug 03, 2008 00:18:34 AM +0200, Marco Fioretti wrote:
> Greetings,
>
> I am setting up Dovecot 1.0.15 on my home Fedora Core 8 pc ONLY to
> access my mail archives across several mail clients. No access from
> the internet is possible or needed here.
>
> I cannot log in with any client, the login always fails. The reason,
> as I understand, is that when dovecot starts it doesn't read any user
> name from the userdb file, so when I try to login it doesn't recognize
> my name and so doesn't even try to verify the password:
>
> maillog excerpt:
>
> Aug 3 00:06:11 polaris dovecot: Dovecot v1.0.15 starting up
> Aug 3 00:06:11 polaris dovecot: auth(default): passwd-file
> /etc/local_dovecot_passwords: Read 0 users
>
> local_dovecot_passwords:
> marco:{PLAIN}thepassword:500:500::/home/marco/.MAIL/home_imap/
adding a newline to the line above solves the problem...
Marco
[Dovecot] path of folder relative to mail_location??
On Sun, Aug 03, 2008 00:18:34 AM +0200, Marco Fioretti wrote: > Greetings, > > I am setting up Dovecot 1.0.15 on my home Fedora Core 8 pc ONLY to > access my mail archives across several mail clients. It's me again. Now that authentication is solved, I have a problem with this: > mail_location = maildir:~/.MAIL/home_imap/ what I meant is that, if I log in with Kmail and create with it a new , say TEMP_ARCHIVE, at the same level as INBOX it should appear in the filesystem at /home/marco/.MAIL/home_imap/.TEMP_ARCHIVE instead I just realized that it is at /home/marco/.MAIL/home_imap/.MAIL/home_imap/.TEMP_ARCHIVE what's happening?? is it a dovecot problem, and if yes how to fix it, or it is a kmail bug? TIA, Marco
Re: [Dovecot] path of folder relative to mail_location??
On Mon, Aug 04, 2008 01:14:42 AM +0300, Timo Sirainen wrote:
> On Aug 3, 2008, at 1:52 AM, Marco Fioretti wrote:
>
>>> marco:{PLAIN}thepassword:500:500::/home/marco/.MAIL/home_imap/
>
> This says your home directory is /home/marco/.MAIL/home_imap/.
whoops... for some reason, I had assumed that the last field in this
passwd file, which is needed only for imap management, had to be the
home of the **imap folders**, instead of the home directory of their
**user**. So your suggestion (I cannot check it now as must leave in
a minute):
> So probably change the home dir in your passwd-file to be just
> /home/marco
must be certainly right, even if I cannot check it now as must leave
in a minute. I'll let you know if there are further problems, but
almost certainly this is the right solution. Silly me! :-)
Thanks,
Marco
--
There is more to life than increasing its speed. -- Mahatma Gandhi
[Dovecot] server is not imap4 compatible
hello, i have a problem with my dovecot installation. sometimes, the thunderbird clients on windows machines complains about: "server is not imap4 compatible". on the server, at the same time, i found this error: Apr 20 16:21:17 harlock dovecot: imap-login: Disconnected: Shutting down: rip=192.168.0.194, lip=10.70.0.1, TLS handshake the imap server is behind a dmz which sometimes drops connections. the server ran without problem until i upgraded from 1.0.rc15 to 1.0.15. after the upgrade i was forced to enhance the proc.sys.fs.inotify.max_user_instances = 1024 because i had error messages about "Inotify instance limit for user exceeded" my question is: does the upgrade triggered a new way of communication between clients and server that exacerbates the problem of dropped connections from the DMZ server? p.s. the dovecot configuration is: $ sudo dovecot -n # 1.0.15: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/ssl/certs/harlock_digicert_2009.pem ssl_key_file: /etc/ssl/private/harlock_digicert_2009.key login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_max_processes_count: 256 mail_privileged_group: mail mail_location: maildir:/var/mail/vhosts/turboden.net/%n/ mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): tb-extra-mailbox-sep imap_client_workarounds(imap): tb-extra-mailbox-sep imap_client_workarounds(pop3): outlook-idle pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv auth default: mechanisms: plain login default_realm: DOMAIN.LOCAL username_format: %...@%ud passdb: driver: pam userdb: driver: static args: uid=5000 gid=5000 socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix
Re: [Dovecot] server is not imap4 compatible
On Tue, Apr 21, 2009 at 12:26:38PM -0400, Timo Sirainen wrote: > On Apr 21, 2009, at 9:28 AM, marco ghidinelli wrote: > >> on the server, at the same time, i found this error: >> >> Apr 20 16:21:17 harlock dovecot: imap-login: Disconnected: Shutting >> down: rip=192.168.0.194, lip=10.70.0.1, TLS handshake > > "Shutting down" means that Dovecot really is being shut down or > restarted. Is this not an expected restart? Does it happen at the same > time always? Maybe it's some cron job. no, of course this was NOT an expected restart. i thought that it was a normal disconnection between the client and the server. the "shutting down" messages appeared even on the previous 1.0.rc15 version, but not the "server not imap4 compatible" error. or maybe my users didn't tell me. :) any idea?
Re: [Dovecot] server is not imap4 compatible
On Wed, Apr 22, 2009 at 10:25:41AM -0400, Timo Sirainen wrote:
> On Apr 22, 2009, at 4:12 AM, marco ghidinelli wrote:
>
>>>> Apr 20 16:21:17 harlock dovecot: imap-login: Disconnected: Shutting
>>>> down: rip=192.168.0.194, lip=10.70.0.1, TLS handshake
>>>
>>> "Shutting down" means that Dovecot really is being shut down or
>>> restarted. Is this not an expected restart? Does it happen at the
>>> same
>>> time always? Maybe it's some cron job.
>>
>> no, of course this was NOT an expected restart.
>> i thought that it was a normal disconnection between the client and
>> the server.
>>
>> the "shutting down" messages appeared even on the previous 1.0.rc15
>> version, but not the "server not imap4 compatible" error.
>>
>> or maybe my users didn't tell me. :)
>>
>> any idea?
>
> My idea is still the same: Client gets unexpectedly disconnected due to
> Dovecot restart and the client thinks it's not connected to IMAP4
> server. Try to figure out why Dovecot is getting restarted.
dovecot doesn't restart, and nothing try to restart it.
> It's not doing it alone.
maybe it's not a 'whole' restart, but just it drops some connections.
> Do you see "starting up" lines in logs showing that the
> whole Dovecot was restarted?
no
> If not, do you see any "killed by signal"
> lines in logs?
no. i got those lines only when i issue the
/etc/init.d/postfix {start|restart}
commands.
> Perhaps the whole Dovecot isn't being restarted, but just
> some buggy script/program is sending SIGTERMs to imap-login processes
> more or less randomly for some reason..
i looked at the dovecot sources now, and i saw that:
# vi master/login-process.c +738
static int login_group_start_missings(struct login_group *group)
{
if (group->set->login_process_per_connection &&
group->processes >= group->set->login_max_processes_count &&
group->listening_processes == 0) {
/* destroy the oldest listening process. non-listening
processes are logged in users who we don't want to kick out
because someone's started flooding */
if (group->oldest_prelogin_process != NULL &&
group->oldest_prelogin_process->initialized)
login_process_destroy(group->oldest_prelogin_process);
}
my login_max_processes_count was 256, and my imap-login process is
about 240, now i enhanced it to 512.
am i going into the right direction?
[Dovecot] Unexplainable problem with POP3 quotas
uota-warning.sh 80 /mnt/maildir/_HIDDEN_DOMAIN_/USER/r/ra/rasrcb...@_hidden_domain_ rasrcbldg _HIDDEN_DOMAIN_ Apr 28 10:32:13 mgo2-popimap-v01._HIDDEN_DOMAIN_ dovecot: POP3(rasrcb...@_hidden_domain_): maildir: data=/mnt/maildir/_HIDDEN_DOMAIN_/USER/r/ra/rasrcb...@_hidden_domain_/Maildir Apr 28 10:32:13 mgo2-popimap-v01._HIDDEN_DOMAIN_ dovecot: POP3(rasrcb...@_hidden_domain_): maildir++: root=/mnt/maildir/_HIDDEN_DOMAIN_/USER/r/ra/rasrcb...@_hidden_domain_/Maildir, index=, control=, inbox=/mnt/maildir/_HIDDEN_DOMAIN_/USER/r/ra/rasrcb...@_hidden_domain_/Maildir Apr 28 10:32:13 mgo2-popimap-v01._HIDDEN_DOMAIN_ dovecot: pop3-login: Login: user=, method=PLAIN, rip=_HIDDEN_ADDRESS_, lip=192.168.207.16 Note that having this user's quota the same as the default quota is just an incident, if a user has a quota different from the default, the actual quota it is reported correctly in the logs. What are we doing wrong? Thanks for your help Kind Regards --Marco
Re: [Dovecot] Unexplainable problem with POP3 quotas
Hello there I did some more research in the last two days, unfortunately without any result. First thing, I looked up all the relevant documentation and reviewed our configuration, in particular the directives regarding the quota configuration for POP3. Unless I overlooked something, it looked substantially correct to me. I also verified that the maildirsize file is updated the way I expected, and it is. I then focused on our quota-warning.sh script. I wanted to check if something was going wrong during the execution, so I added two logger commands in it. Now the script logs any execution attempt. Moreover, if it fails to inject a message into the mailbox, it logs the failure. After some debugging, I had it logging into /var/log/debug via syslog (see attachment). The script is in place since hours. Despite the fact that I deliberately triggered a warning condition on an account[*], nothing was logged, so it seems that the quota warning is never issued. And I can't make sense of it, because quota warnings seem to work regualrly via IMAP... Any clues? Pointers? Whatever? Are we missing something? Please don't let the Warnock Dilemma eat me! ;-) Ciao --bronto > r...@mgo2-popimap-v01:/usr/local/dovecot/etc# ../sbin/dovecot -n > # 1.1.7: /usr/local/dovecot_1.1.7/etc/dovecot.conf > Warning: fd limit 1024 is lower than what Dovecot can use under full > load (more than 16384). Either grow the limit or change > login_max_processes_count and max_mail_processes settings > # OS: Linux 2.6.24.5-smp i686 Slackware 11.0.0 > base_dir: /var/run/dovecot/ > protocols: imap pop3 > listen(default): mgo2-popimap-v01:143 > listen(imap): mgo2-popimap-v01:143 > listen(pop3): mgo2-popimap-v01:110 > ssl_disable: yes > disable_plaintext_auth: no > shutdown_clients: no > login_dir: /var/run/dovecot/login > login_executable(default): /usr/local/dovecot/libexec/dovecot/imap-login > login_executable(imap): /usr/local/dovecot/libexec/dovecot/imap-login > login_executable(pop3): /usr/local/dovecot/libexec/dovecot/pop3-login > login_greeting: POP/IMAP Server! > login_max_processes_count: 4096 > max_mail_processes: 8192 > first_valid_uid: 4000 > first_valid_gid: 4000 > mail_location: maildir:%h/Maildir > mail_debug: yes > mmap_disable: yes > mail_nfs_storage: yes > mail_nfs_index: yes > mail_executable(default): /usr/local/dovecot/libexec/dovecot/imap > mail_executable(imap): /usr/local/dovecot/libexec/dovecot/imap > mail_executable(pop3): /usr/local/dovecot/libexec/dovecot/pop3 > mail_plugins(default): quota imap_quota > mail_plugins(imap): quota imap_quota > mail_plugins(pop3): quota > mail_plugin_dir(default): /usr/local/dovecot/lib/dovecot/imap > mail_plugin_dir(imap): /usr/local/dovecot/lib/dovecot/imap > mail_plugin_dir(pop3): /usr/local/dovecot/lib/dovecot/pop3 > imap_client_workarounds(default): outlook-idle > imap_client_workarounds(imap): outlook-idle > imap_client_workarounds(pop3): > pop3_uidl_format(default): %08Xu%08Xv > pop3_uidl_format(imap): %08Xu%08Xv > pop3_uidl_format(pop3): %v-%u > pop3_client_workarounds(default): > pop3_client_workarounds(imap): > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh > auth default: > passdb: > driver: sql > args: /usr/local/dovecot/etc/dovecot-sql.conf > userdb: > driver: sql > args: /usr/local/dovecot/etc/dovecot-sql.conf > plugin: > quota: maildir:User quota > quota_rule: ?:storage=100M > quota_warning: storage=95%% /usr/local/dovecot/bin/quota-warning.sh > 95 %h %n %d > quota_warning2: storage=80%% /usr/local/dovecot/bin/quota-warning.sh > 80 %h %n %d > > r...@mgo2-popimap-v01:/usr/local/dovecot/etc# grep -v '^ *\(#.*\)\?$' > dovecot-sql.conf > driver = pgsql > connect = host=172.30.213.10 dbname=postfix user=postfix > password=_HIDDEN_PASSWORD_ > default_pass_scheme = SHA1 > password_query = SELECT username, password FROM postfix.accounts WHERE > (username = '%u' OR username = '%...@_hidden_domain_') AND ( > user_status_id = 0 or user_status_id = 2 ); > user_query = SELECT maildir AS home, uid, gid, '*:storage=' || > max_quota || 'B' AS quota_rule FROM postfix.accounts WHERE (username = > '%u' OR username = '%...@_hidden_domain_') AND ( user_status_id = 2 OR > user_status_id = 0 ) > > > The log says: > > Apr 28 10:32:13 mgo2-popimap-v01._HIDDEN_DOMAIN_ dovecot: > POP3(rasrcb...@_hidden_domain_): Loading modules from directory: > /usr/local/dovecot/lib/dovecot/pop3 > Apr 28 10:32:13 mgo2-popimap-v01._HIDDEN_DOMAIN_ dovecot: > POP3(rasrcb...@_hidden_domain_): Module loaded: > /usr/local/dovecot/lib/dovecot/pop3/lib10_quota_plugin.so > Apr 28 10:32:13 mgo2-popimap-v01._HIDDEN_DOMAIN_ dovecot: > POP3(rasrcb...@_hidden_domain_): Effective uid=10812, gid=5008 > Apr 28 10:32:13 mgo2-popimap-v01._HIDDEN_DOMAIN_ dovecot: > POP3(rasrcb...@_hidden_domain_): Quota root: name=User quota > backend=maildir args= > Apr 28 10:32:13 mgo2-popimap-v01._HIDDEN_DOMAIN_ dovecot: > POP3(rasrcb...@_hidden_domain_): Quota rule: root=User quota mailbox=* > bytes=104857600 (0%)
Re: [Dovecot] Unexplainable problem with POP3 quotas
Hello Rick, and thanks for replying First of all, the attached script had an error (I attached the wrong one :-\, the "export" line reads: export PATH="/usr/bin:/bin" 2009/4/30 : > > It's a dumb question, but you are running the script via cron or manually > right? (dovecot doesn't execute it in it's own). >From the documentation, I'd expect it does. In http://wiki.dovecot.org/Quota/1.1 I read: >>>You can configure Dovecot to run an external command when user's quota >>>exceeds a specified limit. so I expect that it will run the script. Am I wrong? Ciao --bronto
Re: [Dovecot] Unexplainable problem with POP3 quotas
Hi > From the documentation, I'd expect it does. In > http://wiki.dovecot.org/Quota/1.1 I read: > >>>>You can configure Dovecot to run an external command when user's quota >>>>exceeds a specified limit. > > so I expect that it will run the script. Am I wrong? Forgot to say: http://wiki.dovecot.org/Quota/1.1 also says: >>> Note that the warning is ONLY executed at the exact time when the limit is >>> being crossed, so when you're testing it you have to do it by crossing the >>> limit by saving a new mail. and, of course, that's the way we test it: * get the size of the Maildir from the "Disconnected" * add some bytes (e.g.: 3000) to the aforementioned size and divide that number by 0.8 * set this number as quota. Now we are under the 80% warning limit. * send a message slightly smaller than the number of bytes added at step 2 (e.g., 2000); we are still under the 80% limit * log in via POP to make dovecot update maildirsize * log out, send another message to cross the 80% quota limit * log in again via POP and log out. Dovecot updates maildirsize and should notice we have passed the limit It should, but it doesn't, and the quota-warning.sh script is not executed, and no warning messages are injected into the maildir. Any clues? Ciao and thanks --Marco
Re: [Dovecot] Unexplainable problem with POP3 quotas
2009/5/1 Timo Sirainen :
> On Thu, 2009-04-30 at 17:36 +0200, Marco Marongiu wrote:
>> * send a message slightly smaller than the number of bytes added at
>> step 2 (e.g., 2000); we are still under the 80% limit
>> * log in via POP to make dovecot update maildirsize
>
> This is the problem. Your MDA should enforce the quota usage. There's no
> guarantees that Dovecot updates maildirsize after the Maildir has been
> modified externally. Even when it updates it, it uses a different code
> path ("quota recalculation"), which doesn't trigger quota warnings.
>
> So use Dovecot's deliver and it'll do the quota enforcing and warnings.
Thanks Timo, we just reviewed the information in
http://wiki.dovecot.org/LDA and http://wiki.dovecot.org/LDA/Postfix
and we'll begin to test a new configuration shortly.
I hope to be back with good news soon ;)
Ciao
--bronto
Re: [Dovecot] Unexplainable problem with POP3 quotas
2009/5/1 Timo Sirainen :
> On Thu, 2009-04-30 at 17:36 +0200, Marco Marongiu wrote:
>> * send a message slightly smaller than the number of bytes added at
>> step 2 (e.g., 2000); we are still under the 80% limit
>> * log in via POP to make dovecot update maildirsize
>
> This is the problem. Your MDA should enforce the quota usage. There's no
> guarantees that Dovecot updates maildirsize after the Maildir has been
> modified externally. Even when it updates it, it uses a different code
> path ("quota recalculation"), which doesn't trigger quota warnings.
>
> So use Dovecot's deliver and it'll do the quota enforcing and warnings.
May 5 16:22:51 posta-st-mda-v01 deliver(facca...@posta.staging):
quota: Executing warning: /usr/local/dovecot/bin/quota-warning.sh 80
/mnt/maildir/posta.staging/USER/f/fa/facca...@posta.staging faccalai
posta.staging
It worked!!! Thank you!
What I did is:
* recompiling a dovecot anew with support for raw storage, and deliver
(the initial one didn't have them)
* configured dovecot as per documentation (Quota 1.1, LDA, LDA/Postfix) so that:
* it just serverd for authentication purposes (protocols = none)
* it has a protocol lda section, with mail_plugins = quota
* configured the auth default to create the master socket
* changed postfix's main.cf and master.cf as per documentation
* set a user's quota near the 80% limit and started testing
Thanks a lot again
Ciao
--bronto
>
>
>
[Dovecot] multiple users to same e-mail account with ldap authentication
Hi, I was looking for a particular case of dovecot configuration I cannot find anywhere. Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? For example I want to extend AD schema to let users have 10 email accounts (with multiple domain support). If they are private accounts I think there is no problem at all. But if I want two or more users to access the same mail account what happens? Can I do it with dovecot? Or should I create AD groups and add members to that, to let user access the same mail account? Cheers -- Marco
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Robert Schetterer : > Am 13.11.2012 11:35, schrieb Marco Gatti: >> Hi, I was looking for a particular case of dovecot configuration I >> cannot find anywhere. >> Is there a way dovecot can authenticate via ldap different windows >> 2008 AD users that have access to the same e-mail account (like user >> authorization in ms exchange)? >> For example I want to extend AD schema to let users have 10 email >> accounts (with multiple domain support). If they are private accounts >> I think there is no problem at all. But if I want two or more users to >> access the same mail account what happens? Can I do it with dovecot? >> Or should I create AD groups and add members to that, to let user >> access the same mail account? >> Cheers >> > > there may more ways to goal this, for short looking one, way is > described here > > http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > > using ldap might be better > > look i.e > > http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/ > http://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x > > > for ideas > > Best Regards > MfG Robert Schetterer > > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstraße 15, 81669 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer > Aufsichtsratsvorsitzender: Joerg Heidrich Thank you Robert for the quick reply. I'm aware of the links you sent me, however they don't give me a clue if what I was asking may me done. I'll try to give more details. I have to build a multiple domain mail server with the use of windows AD authentication. I've managed to add some extra filed in the AD schema like this: mail1: accou...@example1.com box1: /example1.com/account1/ enabled1: TRUE quota1: 100 mail2: accou...@example2.com box2: /example2.com/account2/ enabled2: TRUE quota2: 100 There could be 10 or 50 of them for each AD user. If I use NTLM or PAM authentication (after joining the AD) I have to use AD usernames to login with dovecot and I don't know how then to deal with different email addresses configured per user. If I use LDAP lookup I have to use the email address as username but then if different AD users have to access the same email account how dovecot can manage it??? For example the LDAP configuration for user and password lookup may be something like this: user_attrs = sAMAccountName=mail=maildir:/var/mail/%d/%n,=uid=102,=gid=10050 user_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE)) (&(mail2=%u)(enabled2=TRUE pass_attrs = userPassword=password pass_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE)) (&(mail2=%u)(enabled2=TRUE I think I may be missing something important in how dovecot works, but cannot find any documentation about it. Regards -- Marco
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Robert Schetterer : > Am 13.11.2012 14:56, schrieb Marco Gatti: >> 2012/11/13 Robert Schetterer : >>> Am 13.11.2012 11:35, schrieb Marco Gatti: >>>> Hi, I was looking for a particular case of dovecot configuration I >>>> cannot find anywhere. >>>> Is there a way dovecot can authenticate via ldap different windows >>>> 2008 AD users that have access to the same e-mail account (like user >>>> authorization in ms exchange)? >>>> For example I want to extend AD schema to let users have 10 email >>>> accounts (with multiple domain support). If they are private accounts >>>> I think there is no problem at all. But if I want two or more users to >>>> access the same mail account what happens? Can I do it with dovecot? >>>> Or should I create AD groups and add members to that, to let user >>>> access the same mail account? >>>> Cheers >>>> >>> >>> there may more ways to goal this, for short looking one, way is >>> described here >>> >>> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm >>> >>> using ldap might be better >>> >>> look i.e >>> >>> http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/ >>> http://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x >>> >>> >>> for ideas >>> >>> Best Regards >>> MfG Robert Schetterer >>> >>> -- >>> [*] sys4 AG >>> >>> http://sys4.de, +49 (89) 30 90 46 64 >>> Franziskanerstraße 15, 81669 München >>> >>> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 >>> Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer >>> Aufsichtsratsvorsitzender: Joerg Heidrich >> >> >> Thank you Robert for the quick reply. >> I'm aware of the links you sent me, however they don't give me a clue >> if what I was asking may me done. >> I'll try to give more details. >> I have to build a multiple domain mail server with the use of windows >> AD authentication. >> I've managed to add some extra filed in the AD schema like this: >> >> mail1: accou...@example1.com >> box1: /example1.com/account1/ >> enabled1: TRUE >> quota1: 100 >> >> mail2: accou...@example2.com >> box2: /example2.com/account2/ >> enabled2: TRUE >> quota2: 100 >> >> There could be 10 or 50 of them for each AD user. >> If I use NTLM or PAM authentication (after joining the AD) I have to >> use AD usernames to login with dovecot and I don't know how then to >> deal with different email addresses configured per user. >> If I use LDAP lookup I have to use the email address as username but >> then if different AD users have to access the same email account how >> dovecot can manage it??? >> For example the LDAP configuration for user and password lookup may be >> something like this: >> >> user_attrs = sAMAccountName=mail=maildir:/var/mail/%d/%n,=uid=102,=gid=10050 >> user_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE)) >> (&(mail2=%u)(enabled2=TRUE >> pass_attrs = userPassword=password >> pass_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE)) >> (&(mail2=%u)(enabled2=TRUE >> >> I think I may be missing something important in how dovecot works, but >> cannot find any documentation about it. >> Regards >> > > hm thats complex, however i would not > recommand trying change exchange/active dir schemas > however the only reason i can think of for what you want is using > dovecot as proxy? > > so what about this ? > > http://wiki2.dovecot.org/HowTo/ImapcProxy > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > http://wiki2.dovecot.org/Director Hmm I don't know honestly. I'll give it a try. -- Marco
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Ben Morrow : > At 2PM +0100 on 13/11/12 you (Marco Gatti) wrote: >> 2012/11/13 Robert Schetterer : >> > Am 13.11.2012 11:35, schrieb Marco Gatti: >> >> Hi, I was looking for a particular case of dovecot configuration I >> >> cannot find anywhere. >> >> Is there a way dovecot can authenticate via ldap different windows >> >> 2008 AD users that have access to the same e-mail account (like user >> >> authorization in ms exchange)? >> >> For example I want to extend AD schema to let users have 10 email >> >> accounts (with multiple domain support). If they are private accounts >> >> I think there is no problem at all. But if I want two or more users to >> >> access the same mail account what happens? Can I do it with dovecot? >> >> Or should I create AD groups and add members to that, to let user >> >> access the same mail account? > >> I'll try to give more details. >> I have to build a multiple domain mail server with the use of windows >> AD authentication. >> I've managed to add some extra filed in the AD schema like this: >> >> mail1: accou...@example1.com >> box1: /example1.com/account1/ >> enabled1: TRUE >> quota1: 100 >> >> mail2: accou...@example2.com >> box2: /example2.com/account2/ >> enabled2: TRUE >> quota2: 100 > > This isn't a good schema to use for this. The mail1, mail2 &c attributes > represent the same property of different addresses, so they should be > the same attribute on different objects. > > I don't know much about AD's LDAP server, is it straightforward to > create brand new objectclasses? If I were doing this in an ordinary LDAP > server I might create a class of objects which looked like > > mailboxAddr: accou...@example1.com > mailboxLocation: /example1/account1 > mailboxEnabled: TRUE > mailboxQuota: 100 > > with mailboxAddr as the RDN, and then give each user a multi-valued > mailbox attribute with the addresses that user has access to. You mean multi-valued mailboxAddr, mailboxLocation, and so on? How can I extract a single one and be sure it's correct? >> There could be 10 or 50 of them for each AD user. >> If I use NTLM or PAM authentication (after joining the AD) I have to >> use AD usernames to login with dovecot and I don't know how then to >> deal with different email addresses configured per user. >> If I use LDAP lookup I have to use the email address as username but >> then if different AD users have to access the same email account how >> dovecot can manage it??? > > If you want the user to be able to log in and see just one address at a > time you have to have the user tell dovecot which user and which address > they want when they log in. Since (usually) the only fields you have are > 'user' and 'password', they will need to stuff both components into the > user field somehow; perhaps by logging on with a user name of > > u...@domain.ad!accou...@example.com > > You would then need (probably) to write a checkpassword userdb script to > split this into username and account name, verify the user is authorized > for the account, look up the mailbox location using the account name, > and pass the username back to be checked against the password. So, it > could be done, but it would be messy and users would get it wrong all > the time. Since users don't configure mail clients on their own it could be a solution! > Alternatively, you could have the user log in with their ordinary AD > account name, and then present them with *all* the email accounts they > have access to, as separate (trees of) folders. You can do this with a > post-login script which sets up a namespace for each account: see the > example at the bottom of http://wiki2.dovecot.org/PostLoginScripting for > something vaguely similar. You would need to use Net::LDAP (or some > equivalent in some other language) to look up the user's accounts in the > AD, and then create the relevant environment variables. > > (I'm not sure what to do about INBOX in a setup like this: I don't think > you're allowed to *not* have an INBOX. Probably each user should have > one 'canonical' private account, which contains their IMAP INBOX. If you > didn't want to do this I expect you could set up a default namespace > which is read-only, with just an empty INBOX in it.) > > If you want to try this, and you're having trouble getting the scripting > right, I'd be happy to help you through it if you can post enough > information about the LDAP schema you eventually decide on. > > Ben > All accounts in a tree sounds bad since users won't clearly understand which is which. Thank you Ben! -- Marco
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Willie Gillespie : > On 11/13/2012 03:35 AM, Marco Gatti wrote: >> >> Is there a way dovecot can authenticate via ldap different windows >> 2008 AD users that have access to the same e-mail account (like user >> authorization in ms exchange)? > > > Symlinks on the Dovecot maildirs? You'd have to read up on the caveats of > that: http://wiki.dovecot.org/SharedMailboxes/Symlinks I would like to keep the configuration of new accounts on the Windows AD only and not to deal with links every time. But the problem I have is at authentication time: avoiding the "matched multiple objects" or a general authentication failure. Cheers -- Marco
[Dovecot] problems with quota and clients
Hi, I had configured dovecot in a pretty standard way and had it working
nicely enough with maildir quotas (no tests done apart for reaching the
quota and looking at mails coming back). Still I wanted to have the
quota and the actual quota usage displayed in postfixadmin (3.5) but I
think I messed with something. Now I can connect to the mailbox, send
mail, receive mail, see the quota usage in postfixadmin but:
* thunderbird: can create a subfolder if i do so by hand from the
client. But if I try sending a mail i get a [TRYCREATE] mailbox error as
it seems that thunderbird can't create the Sent box anymore by its own;
* thunderbird: when i delete mail, it goes in the trash folder. I try
then to delete it from there. In thunderbird indeed I see no mail
anymore but the quota level remain the same. Then I try to browser the
mail directory and... yep, all the messages are still there! How come?
This is the output of dovecot -n and the relevant sql configuration :
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-33-generic i686 Ubuntu 12.04.1 LTS ext4
auth_mechanisms = plain login
auth_realms = y.it aaa.com x.it
auth_verbose_passwords = plain
debug_log_path = syslog
dict {
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
first_valid_uid = 150
info_log_path = /var/log/syslog
last_valid_uid = 150
listen = *
mail_debug = yes
mail_gid = mail
mail_location = maildir:/var/vmail/%d/%u
mail_plugins = " quota"
mail_uid = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box msgid size
quota = dict:User quota::proxy::sqlquota
quota_rule = *:storage=50M
quota_rule2 = Trash:storage=+10M
}
postmaster_address = x...@y.it
protocols = " imap pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = mail
mode = 0600
user = vmail
}
}
service dict {
unix_listener dict {
group = mail
mode = 0660
user = vmail
}
}
ssl_cert = >grep -v '^ *\(#.*\)\?$' dovecot-dict-sql.conf.ext
connect = host=127.0.0.1 dbname=mail user=mail password=xxx
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}
>>grep -v '^ *\(#.*\)\?$' dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=mail user=mail password=xxx
default_pass_scheme = MD5-CRYPT
password_query = \
SELECT username as user, password, '/var/vmail/%d/%u' as userdb_home, \
'maildir:/var/vmail/%d/%u' as userdb_mail, 150 as userdb_uid, 8 as
userdb_gid \
FROM mailbox WHERE username = '%u' AND active = '1'
user_query = \
SELECT '/var/vmail/%d/%u' as home, 'maildir:/var/vmail/%d/%u' as mail, \
150 AS uid, 8 AS gid, CONCAT('*:storage=',ROUND(mailbox.quota /
1024)) AS quota_rule \
FROM mailbox WHERE username = '%u' AND active = '1'
iterate_query = SELECT username AS user FROM mailbox
--
--
Questo messaggio è di carattere riservato ed è indirizzato esclusivamente al
destinatario specificato. L'accesso, la divulgazione, la copia o la diffusione
sono vietate a chiunque altro ai sensi delle normative vigenti, e possono
costituire una violazione penale. Nel caso abbiate ricevuto questo messaggio
per errore siete tenuti a cancellarlo immediatamente confermando al mittente, a
mezzo e-mail, l'avvenuta cancellazione. (Legge Italiana 196/2003).
[Dovecot] dovecot 2.1.13, proxy and nologin extras field
/lib64/dovecot/auth/libauthdb_ldap.so
Jan 22 18:28:32 localhost dovecot: auth: Debug: auth client connected
(pid=3178)
Jan 22 18:28:32 localhost dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011lip=192.168.129.109#011rip=192.168.44.31#
011lport=143#011rport=53218
Jan 22 18:28:32 localhost dovecot: auth: Debug: client out: CONT#0111#011
Jan 22 18:28:32 localhost dovecot: auth: Debug: client in:
CONT#0111#011AHByb3ZhZm0AY2hlcGFsbGU=
Jan 22 18:28:32 localhost dovecot: auth: Debug:
ldap(prova,192.168.44.31): pass search: base=ou=People,dc=example,dc=it
scope=subtree filt
er=(&(objectClass=qmailUser)(uid=prova)(accountStatus=active))
fields=uid,userPassword,uidNumber,gidNumber
Jan 22 18:28:32 localhost dovecot: auth: Debug:
auth(prova,192.168.44.31): allow_nets: Matching for network 127.0.0.0/8
Jan 22 18:28:32 localhost dovecot: auth: passdb(prova,192.168.44.31):
allow_nets check failed: IP not in allowed networks
Jan 22 18:28:32 localhost dovecot: auth: Debug:
ldap(prova,192.168.44.31): result: uid=prova uidNumber=2944
gidNumber=650 userPassword={MD5}BjbsTtSovGGs1csswBTI7Q==
Jan 22 18:28:34 localhost dovecot: auth: Debug: client out:
FAIL#0111#011user=prova
I don't understand what is wrong with my configuration with 'nologin'.
Do someone have any clue ??
Cheers,
Marco
Re: [Dovecot] dovecot 2.1.13, proxy and nologin extras field
On 2013-01-24 09:07, Thomas Leuxner wrote: It needs to be either 'nologin=y' notice the y passed or 'allow_nets='. The problem is that even if I configure 'pass_attrs' to return always 'nologin=y' : pass_attrs = uid=user,userPassword=password,\ =userdb_home=/var/spool/mail/%1u/%u,uidNumber=userdb_uid,gidNumber=userdb_gid,\ =proxy=y,=host=imap.sissa.it,\ =nologin=y,=reason=Reason users are allowed to login: Jan 23 09:16:33 localhost dovecot: auth: Debug: client passdb out: OK#0111#011user=prova#011proxy#011host=imap.example.it#011nologin#011hostip=192.168.11.136#011pass=password It is something wrong in my 'pass_attrs' ??? Marco
Re: [Dovecot] dovecot 2.1.13, proxy and nologin extras field
On 2013-01-24 11:59, Timo Sirainen wrote: On Wed, 2013-01-23 at 13:44 +0100, Marco Giunta wrote: Hi at all, in our test environment, I'm playing with dovecot 2.1.13 configured as imap/pop/managesieve proxy. It is configured to authenticate users with ldap and it works very well. Now, I'd like to temporary disable some users's login, because we are moving to another storage, and I wouldn't stop imap service at all. I've found on Dovecot wiki that I could use 'nologin' extra field, but I wasn't been able to get it work. My dovecot configuration is: nologin field doesn't work with proxying. You'd have to return neither "proxy" nor "host" field. With host+nologin it would be treated as a login referral: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Host Of course it would be possible to add yet another check where proxy+host +nologin returned would be treated in yet another way, but that gets too confusing.. I guess it was a mistake to use "nologin" for login referrals in the first place. And I guess just about no one uses them anyway. So them, so it would be possible to change this behavior.. Ok, thank you for the explanation. In this case, I'll use a 'deny' passdb or a different ldap filter ... Cheers, Marco -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
[Dovecot] statistics on proxy ???
Hi at all,
could I have imap statistics on my dovecot proxy server ??
Here my config:
# 2.1.13: /etc/dovecot/dovecot.conf
...
mail_plugins = stats
...
plugin {
...
stats_refresh = 30 secs
stats_track_cmds = yes
}
...
service stats {
fifo_listener stats-mail {
mode = 0666
}
}
...
protocol imap {
...
mail_plugins = stats imap_stats
}
File '/var/run/dovecot/stats' is always 0 byte:
# ls -la /var/run/dovecot/stats
srw---. 1 root root 0 Feb 18 14:24 /var/run/dovecot/stats
and 'dovecotadm' say always:
# doveadm stats dump session
doveadm(root): Info: no statistics available
Is there something wrong in my config, or stats are not available on
proxy ???
Cheers,
Marco
Re: [Dovecot] statistics on proxy ???
On 2013-02-18 15:15, Timo Sirainen wrote: Nope, sorry. Dovecot proxy is very dummy and can't provide any but the most basic statistics, like number of connections, which you can get another way. are you talking about 'doveadm proxy list' or I'm missing something ??? Marco -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
Re: [Dovecot] Dovecot LDA LDAP lookups on samba4 server ends very often in timeouts (Christian Wiese)
Dear Christian thank you very much - you got it at the very first shot: modified /etc/ openldap/ldap.conf adding REFERRALS off en everything works without issues now many thanks Marco Carcano
Re: [Dovecot] Per-user seen flags for public read-only mailboxes
On 2013-03-25 09:11, Guido Berhoerster wrote: How can I get per-user SEEN flags to work? Hi, You have to create an empty file named '**dovecot-shared' in your '/srv/mail/public/' directory. Here the reference on dovecot wiki: http://wiki2.dovecot.org/SharedMailboxes/Public?highlight=%28dovecot-shared%29#Maildir:_Per-user_.2BAFw-Seen_flag I've waste a lot of time first time I've configure the same thing on our server Cheers, Marco -- ------- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
Re: [Dovecot] Per-user seen flags for public read-only mailboxes
On 2013-03-25 11:07, Guido Berhoerster wrote:
Anything else I have to do
to allow seen flags to be set?
I've the same configuration and it works like expected :
mail_uid = vmail
mail_gid = mail
namespace public {
separator = /
prefix = Public/
location = maildir:/path/to/public:INDEX=/path/to/indexes/%u/public
subscriptions = no
list = children
}
Which are the permissions of file '/srv/mail/public/dovecot-shared' ???
Did you try with a new user ??
Marco
--
---
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265 |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503 |
|Fax: +39-040-3787-244 |
|e-mail: marco.giunta AT sissa.it |
---
Re: [Dovecot] Per-user seen flags for public read-only mailboxes
On 2013-03-25 11:59, Guido Berhoerster wrote: Is "authenticated lrs" in the dovecot-acl correct for a read-only mailbox for which only the seen flag can be set? We are using 'anyone' instead of 'authenticated', but I don't think this could be the problem: # cat |/path/to/public/dovecot-acl| anyone lrs user=johndoe lrwstipekxa -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
Re: [Dovecot] Debian Unstable Packages
Sabahattin Gucukoglu ha scritto: > Hi all, > > Speaking of Debian, what relative position are the Debian Unstable > (Sid) packages in to the latest "Bleeding edge" builds of RCS-based > releases from the Wiki? If using Unstable is it recommended to stay > or use the newer ones? I'd say it was production, yes, but I'm > forgiving of problems in the latest releases, so long as they aren't > meant to be beta (i.e., known breakages). > In the next few days a preliminary 2.0 package will be uploaded to experimental. We (the Debian Dovecot Maintainers) plan to avoid uploading the 2.0 package to unstable until it is released stable and has at least one bug-fix release. Kind regards, Marco -- ----- |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] dovecot user
Timo Sirainen ha scritto: > On Fri, 2010-03-26 at 20:01 +1000, Noel Butler wrote: >>>>> "dovehole" - you go inside dovecot via a hole, right? >>>> That is downright pornographic. "dovehole" - "lovehole"? >>>> >>>> "dovenest" isn't totally horrible (close), but "dovehole" is ... >>>> just not >>>> right at all. >>> dovetail >> +1 > > Tail just doesn't make much sense to me. Also it's not completely free > of pornographic associations either. :) > > So my last idea: doveless. "It's less of a dovecot process." To me it > seems closer to perfect as anything I've seen so far. I don't remember if 'dove-nil', 'dovenil' or 'dovenull' were suggested by anyone. If not please consider them. Kind regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] v1.2.4 released
Christian Felsing ha scritto:
dovecot-1.2-managesieve-0.11.8 fails to compile with dovecot 1.2.4 and
sieve 0.1.11, following versions were used:
drwxrwxrwx 4 root root 4096 18. Aug 07:31 dovecot-1.2.4
drwxrwxrwx 4 root root 4096 18. Aug 07:34
dovecot-1.2-managesieve-0.11.8
drwxrwxrwx 6 root root 4096 18. Aug 07:33 dovecot-1.2-sieve-0.1.11
Attached you can found a patch to managesieve to make it working.
Marco
--
-
|Marco Nenciarini| Debian/GNU Linux Developer - Plug Member |
| mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia |
-
Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
diff -burN dovecot-1.2-managesieve-0.11.8.orig/src/managesieve-login/client-authenticate.c dovecot-1.2-managesieve-0.11.8/src/managesieve-login/client-authenticate.c
--- dovecot-1.2-managesieve-0.11.8.orig/src/managesieve-login/client-authenticate.c 2009-08-08 02:00:45.0 +0200
+++ dovecot-1.2-managesieve-0.11.8/src/managesieve-login/client-authenticate.c 2009-08-19 18:28:42.0 +0200
@@ -167,6 +167,7 @@
const char *key, *value, *p;
enum login_proxy_ssl_flags ssl_flags = 0;
unsigned int port = 2000;
+ unsigned int proxy_timeout_msecs = 0;
bool proxy = FALSE, temp = FALSE, nologin = !success;
bool authz_failure = FALSE;
@@ -200,6 +201,8 @@
destuser = value;
else if (strcmp(key, "pass") == 0)
pass = value;
+ else if (strcmp(key, "proxy_timeout") == 0)
+ proxy_timeout_msecs = 1000*atoi(value);
else if (strcmp(key, "master") == 0)
master_user = value;
else if (strcmp(key, "ssl") == 0) {
@@ -230,7 +233,7 @@
if (!success)
return FALSE;
if (managesieve_proxy_new(client, host, port, destuser, master_user,
- pass, ssl_flags) < 0)
+ pass, ssl_flags, proxy_timeout_msecs) < 0)
client_auth_failed(client, TRUE);
return TRUE;
}
diff -burN dovecot-1.2-managesieve-0.11.8.orig/src/managesieve-login/managesieve-proxy.c dovecot-1.2-managesieve-0.11.8/src/managesieve-login/managesieve-proxy.c
--- dovecot-1.2-managesieve-0.11.8.orig/src/managesieve-login/managesieve-proxy.c 2009-08-08 02:00:45.0 +0200
+++ dovecot-1.2-managesieve-0.11.8/src/managesieve-login/managesieve-proxy.c 2009-08-19 18:28:42.0 +0200
@@ -454,7 +454,8 @@
int managesieve_proxy_new(struct managesieve_client *client, const char *host,
unsigned int port, const char *user, const char *master_user,
- const char *password, enum login_proxy_ssl_flags ssl_flags)
+ const char *password, enum login_proxy_ssl_flags ssl_flags,
+ unsigned int connect_timeout_msecs)
{
i_assert(user != NULL);
i_assert(!client->destroyed);
@@ -489,6 +490,7 @@
}
client->proxy = login_proxy_new(&client->common, host, port, ssl_flags,
+ connect_timeout_msecs,
proxy_input, client);
if (client->proxy == NULL) {
client_send_noresp(client, "TRYLATER", AUTH_TEMP_FAILED_MSG);
diff -burN dovecot-1.2-managesieve-0.11.8.orig/src/managesieve-login/managesieve-proxy.h dovecot-1.2-managesieve-0.11.8/src/managesieve-login/managesieve-proxy.h
--- dovecot-1.2-managesieve-0.11.8.orig/src/managesieve-login/managesieve-proxy.h 2009-05-17 19:33:23.0 +0200
+++ dovecot-1.2-managesieve-0.11.8/src/managesieve-login/managesieve-proxy.h 2009-08-19 18:28:42.0 +0200
@@ -8,6 +8,7 @@
int managesieve_proxy_new(struct managesieve_client *client, const char *hosts,
unsigned int port, const char *user, const char *master_user,
- const char *password, enum login_proxy_ssl_flags ssl_flags);
+ const char *password, enum login_proxy_ssl_flags ssl_flags,
+ unsigned int connect_timeout_msecs);
#endif
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Mark Sapiro ha scritto: I have been running Dovecot 1.2.5 since Sept 14. Beginning at about 03:28 on Sept 21 for no apparent (to me) reason and continuing through the present, I am seeing log messages like the following and am experiencing delays logging in. Same problem here, after about the same time from last server re start. Last restart log is: Sep 14 19:05:07 server dovecot: Dovecot v1.2.5 starting up (core dumps disabled) First failure is: Sep 23 06:26:14 server dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted After the attached piece of log, the mail log is full of the same failure, and no customer can login using pop3 (imap works with no problems) After a server restart the problem was vanished. May be there is some kind of resource leakage. Marco P.S: This is my configuration is # 1.2.5: /etc/dovecot/dovecot.conf # OS: Linux 2.6.26-2-xen-amd64 x86_64 Debian 5.0.3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s managesieve ssl_cert_file: /etc/ssl/certs/server.pem ssl_key_file: /etc/ssl/private/server.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login first_valid_uid: 2000 last_valid_uid: 2000 first_valid_gid: 2000 last_valid_gid: 2000 mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota expire trash mail_plugins(imap): quota imap_quota expire trash mail_plugins(pop3): quota expire mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): delay-newmail imap_client_workarounds(imap): delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_save_uidl(default): no pop3_save_uidl(imap): no pop3_save_uidl(pop3): yes pop3_save_uidl(managesieve): no pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %f pop3_uidl_format(managesieve): %08Xu%08Xv pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): namespace: type: private separator: . inbox: yes list: yes subscriptions: yes namespace: type: private separator: . prefix: INBOX. hidden: yes list: no subscriptions: yes lda: postmaster_address: postmas...@xcon.it mail_plugins: quota sieve expire auth_socket_path: /var/run/dovecot/auth-master auth default: mechanisms: plain login passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: quota: dict:user::proxy::quota quota2: dict:domain:%d:proxy::quota_domain trash: /etc/dovecot/dovecot-trash.conf expire: Trash 7 Trash/* 7 Cestino 7 Cestino/* 7 Junk 30 Spam 30 expire_dict: proxy::expire sieve: ~/.dovecot.sieve sieve_dir: ~/sieve dict: quota: pgsql:/etc/dovecot/dovecot-dict-quota.conf quota_domain: pgsql:/etc/dovecot/dovecot-dict-quota-domain.conf expire: pgsql:/etc/dovecot/dovecot-dict-expire.conf -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 Sep 23 06:26:12 server dovecot: pop3-login: Login: user=, method=PLAIN, rip=11.22.33.44 lip=11.22.33.44 TLS Sep 23 06:26:13 server dovecot: POP3(x...@xxx.xx): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Sep 23 06:26:14 server dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted Sep 23 06:26:14 server dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Sep 23 06:26:14 server dovecot: POP3(x...@xxx.xx): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Sep 23 06:26:15 server dovecot: pop3-login: Login: user=, method=PLAIN, rip=11.22.33.44 lip=11.22.33.44 TLS Sep 23 06:26:15 server
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: On Sep 23, 2009, at 11:27 AM, Timo Sirainen wrote: On Sep 23, 2009, at 11:17 AM, Marco Nenciarini wrote: First failure is: Sep 23 06:26:14 server dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted That's really the first one, and there's no kind of an error from dovecot master process? This sounds like wrong fd is being passed to pop3-login, but why it's being done only randomly I can't really think of.. It could be useful to know what the fd actually is. See what it logs with the attached patch? Patch applied, now we must wait until the problem will show itself again (may be a week or so). Marco -- ----- |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Marco Nenciarini ha scritto: Patch applied, now we must wait until the problem will show itself again (may be a week or so). The patch does not compile, need another parameter (may be 1024?) Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto:
On Sep 23, 2009, at 11:27 AM, Timo Sirainen wrote:
On Sep 23, 2009, at 11:17 AM, Marco Nenciarini wrote:
First failure is:
Sep 23 06:26:14 server dovecot: pop3-login: Fatal:
io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted
That's really the first one, and there's no kind of an error from
dovecot master process? This sounds like wrong fd is being passed to
pop3-login, but why it's being done only randomly I can't really think
of..
It could be useful to know what the fd actually is. See what it logs
with the attached patch?
The problem happened again.
Sep 30 06:26:15 server dovecot: pop3-login: Fatal: io_loop_handle_add:
epoll_ctl(1, 5): Operation not permitted
There is no additional information from Timo's patch, but if you compare
it with the last one you can see a weird match on both time and weekday:
Sep 23 06:26:14 server dovecot: pop3-login: Fatal: io_loop_handle_add:
epoll_ctl(1, 5): Operation not permitted
After some investigation I've found that the daily cron scripts are
executed every day at 6:25 and the only thing related to dovecot in
/etc/cron.daily is the call to expire plugin
-
server:~# cat /etc/cron.dailyclean-expired-messages
#!/bin/sh
dovecot --exec-mail ext /usr/lib/dovecot/expire-tool.sh
server:~# cat /usr/lib/dovecot/expire-tool.sh
#!/bin/bash
MAIL_PLUGINS=${MAIL_PLUGINS//imap_quota/}
MAIL_PLUGINS=${MAIL_PLUGINS//mail_log/}
exec ${0%.sh} "$@"
-
Moreover my expire plugin configuration is
expire: Trash 7 Trash/* 7 Cestino 7 Cestino/* 7 Junk 30 Spam 30
so the weekly periodicity can be explained with something happened in a
Trash mailbox.
My configuration is
-
# 1.2.5: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-2-xen-amd64 x86_64 Debian 5.0.3
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap imaps pop3 pop3s managesieve
ssl_cert_file: /etc/ssl/certs/delta01.pem
ssl_key_file: /etc/ssl/private/delta01.key
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
first_valid_uid: 2000
last_valid_uid: 2000
first_valid_gid: 2000
last_valid_gid: 2000
mail_privileged_group: mail
mail_location: maildir:~/Maildir
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_plugins(default): quota imap_quota expire trash
mail_plugins(imap): quota imap_quota expire trash
mail_plugins(pop3): quota expire
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
imap_client_workarounds(default): delay-newmail
imap_client_workarounds(imap): delay-newmail
imap_client_workarounds(pop3):
imap_client_workarounds(managesieve):
pop3_save_uidl(default): no
pop3_save_uidl(imap): no
pop3_save_uidl(pop3): yes
pop3_save_uidl(managesieve): no
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %f
pop3_uidl_format(managesieve): %08Xu%08Xv
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve):
namespace:
type: private
separator: .
inbox: yes
list: yes
subscriptions: yes
namespace:
type: private
separator: .
prefix: INBOX.
hidden: yes
list: no
subscriptions: yes
lda:
postmaster_address: postmas...@xcon.it
mail_plugins: quota sieve expire
auth_socket_path: /var/run/dovecot/auth-master
auth default:
mechanisms: plain login
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: prefetch
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
plugin:
quota: dict:user::proxy::quota
quota2: dict:domain:%d:proxy::quota_domain
trash: /etc/dovecot/dovecot-trash.conf
expire: Trash 7 Trash/* 7 Cestino 7 Cestino/* 7 Junk 30 Spam 30
expire_dict: proxy::expire
sieve: ~/.dovecot.sieve
sieve_dir: ~/sieve
dict:
quota: pgsql:/etc/dovecot/dovecot-dict-quota.conf
quota_domain: pgsql:/etc/dovecot/dovecot-dict-quota-domain.conf
expire: pgs
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: On Wed, 2009-09-30 at 10:16 +0200, Marco Nenciarini wrote: Sep 30 06:26:15 server dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted There is no additional information from Timo's patch, Oh, annoying. There was a bug in the function it used, this fixes it: http://hg.dovecot.org/dovecot-1.2/rev/401e023c8c29 > > [snip] The only thing related I can think of is http://hg.dovecot.org/dovecot-1.2/rev/0f04c7da33f1 - did you have that patch applied? Although I couldn't reproduce the problem even with that reverted. Another day, another failure, now with both patches applied. Oct 1 06:26:14 server dovecot: pop3-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Oct 1 06:26:14 server dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Oct 1 06:26:14 server dovecot: dovecot: child 17609 (login) killed with signal 6 (core dumps disabled) Please note that the time is the same of previous days (just after daily cron execution) Regards, Marco -- ----- |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
