Re: Dovecot on Ubuntu 20.04

[Plutocrat]

On 21/08/2020 02.53, spamv...@googlemail.com wrote:
> is anyone using the "Bionic (18.04 LTS)" packages on  Focal Fossa (20.04 LTS) 
> ?
> I'm not sure if its working after the upgrade

Not quite sure what you're saying here, but if you ran the "sudo 
do-release-upgrade -d" command, then it will have upgraded your dovecot 
packages to the current version of Ubuntu 20. 

https://packages.ubuntu.com/search?suite=default§ion=all&arch=any&keywords=dovecot-core&searchon=names

If I read that correctly, your dovecot version will have jumped from 2.2.33 to 
2.3.7
What does "apt-cache policy dovecot-core" say?

Usually, during the upgrade it will ask you if you want to keep the existing 
configuration. Generally a good idea to do that (!) and then review the config 
afterwards for possible changes. Some items will be introduced, some will be 
depracated. 

Maybe others in this forum can comment on any major changes between 2.2.33 and 
2.3.7. 

Any clues in the logs? /var/log/dovecot.log, and 'systemctl status dovecot'

P.

Re: Dovecot on Ubuntu 20.04

[Plutocrat]

On 21/08/2020 19.28, spamv...@googlemail.com wrote:
> I'm on Ubuntu 18.04 and using the latest packages from repo.dovecot.com 
> 
> 
> But these are only available for bionic, not focal.
> So I'm not sure if the bionic packages are working under focal.

I don't know if these will work during a major version upgrade, but you might 
like to investigate

1) Stopping a package from upgrading with sudo apt-mark hold 

2) apt 'pinning' by editing apt config files. 

3) Installing a specific version with sudo apt-get install =

P.

Re: Feature request.

[Plutocrat]

On 09/10/2020 4:16 pm, Rogier Wolff wrote:
> It turns out that dovecot had been running uninterrupted since august
> 13th, the certificate was renewed on september 7th and I suspect it
> expired on october 7th.

I guess you could do a few things yourself to make sure the cert is valid. 
Thinking out loud:

- Blunt instrument approach: Just restart/reload Dovecot once a week via a cron 
job. Letsencrypt will renew certs with less than 15 days to go, so once a week 
should catch it. 

- Check certificate validity with openssl command line client via a script. I 
wrote one that goes around all the websites under my care and checks. Should be 
possible to do it for mail servers too? 

- Check manually with a tool like this https://ssl-tools.net/mailservers/

P.

Re: Spam learning for rspamd

[Plutocrat]

On 14/10/2020 4:23 am, Dan Egli wrote:
> How can I explain to rspamd and/or sieve that a message that
> was delivered, but marked as spam is in fact NOT spam?

Perhaps you're after a fully automated solution but you might try this. 

 - Set up folders in your account or accounts who you want to be able to decide 
what is Ham and what is Spam. 
eg. NotSpam and NotHam

 - When you find a mis-classified Spam/Ham drop it in the correct folder. 

 - Run a script over the folders which calls rspamc learn_ham or learn_spam on 
the mails therein. 

eg 
for MAIL in /your/mail/domain.com/user/.NotSpam/cur/* ; do
 rspamc learn_ham < $MAIL;
done

Probably more suitable for the rspamd forum ... 

P.

Re: Recommended Protocols?

[Plutocrat]

On 10/11/2020 13.42, Raymond Herrera wrote:
> I am preparing a new server, with Dovecot 2.2.36 and would like to know the 
> currently recommended protocols. Should I stick to what I have? I would 
> prefer to start with the easiest configuration possible, which I will revise 
> later.

This is a pretty useful resource, I've found. 
https://ssl-config.mozilla.org/

You can choose a level of strictness to suit your environment, dovecot version 
etc. 

P.

Re: A probably dumb question, but I'm stumped

[Plutocrat]

On 30/11/2020 04.31, Christy S wrote:
> Your message was sent but a copy was not placed in your sent folder (Sent) 
> due to network or file access errors.

When I've had this error in Thunderbird before it was because I was out of disk 
space (actually this was a POP account, so it was disk space on my local 
computer)

So my guess would be check disk space and permissions wherever Thunderbird is 
trying to write a Sent message. 

P,.

Re: follow up to my mail issues I posted about

[Plutocrat]

On 03/12/2020 11.22, Christy S wrote:
> "Anything interesting in the dovecot logs at the time when you check?"
> 
> So I looked up dovecot logs on google, and what I'm seeing is that dovecot 
> generally writes to mail logs under /var/log. The stuff I sent in my first 
> email came from mail.err in that folder. The only other file I could find was 
> mail.log. 

Unusual. You can find out the location of the log file with 
doveconf log_path
Mine is /var/log/dovecot.log, but this will vary with OS. 

Incidentally you can also use doveconf to see the current values of all config 
items, which means that 
doveconf -a > 201203_backup.conf 
will give you a reference backup, and 
doveconf -a | grep search_term 
will let you look for the current value of likely items, try "dh" or "ssl"

But the definitive way to backup config would be to take a copy of 
/etc/dovecot/ to make sure you get everything in the same layout. 

> "google can also be out of date I'd recommend using a date filter when using 
> it for checking configurations and limit it only to the last 1-2 years as you 
> will get more relevant information typically."

Once you've done a search: Tools > Any Time > Past Year

P.

Re: Disallow acces via imap, but keep lmtp running

[Plutocrat]

On 16/12/2020 06.16, Julian Kippels wrote:
> what is the best way to temporarily disable access to a mailbox via
> imap, but keep it possible to deliver to the mailbox via lmtp?

Block IMAP ports on the firewall? 

P.

Re: mail-crypt when using passwd-file driver

[Plutocrat]

On 17/12/2020 19.17, Adam Gould wrote:
> I am looking for a solution to encrypt email using a mechanism that increases 
> the difficulty of decrypting my email. For example, having a plain-text 
> decryption key on disk would not be suitable.  From what I understand 
> mail-crypt supports using the user password supplied via IMAP to decrypt 
> email.  Can someone explain how this technically works? i.e. is the private 
> key encrypted in disk and then unlocked using the supplied password?

I can't offer any solutions, but maybe I can help by asking what scenarios are 
you trying to protect against? So obviously emails in transit between the 
server will be protected by SSL encryption. And as you mention IMAP, I think 
you intend all the emails to stay on the server. So now what does that leave?

 - You want to protect against an attacker who gains access to the server 
(how?) and can escalate privileges and read mails on the disk?
 - You want to protect against an ISP/Data center employee who can get hold of 
a copy of your VM and read emails from it?
 - You want to protect data stored in backups? 
 - Other ... 

So maybe by understanding your fears, it might be possible to suggest 
solutions. One more random thought. It seems what you're trying to do is like 
what Lavabit did. They've opensourced their magma server on github, so it might 
be worth looking at that, if you haven't already 100 committed to dovecot. 
Possibly not a popular comment in this forum, but I'll risk it! 

Happy New Year everyone. It is upon us. 

P.

Mass Stripping Attachments by Directory, Age, Size

[Plutocrat]

Hi,

I've been looking around for a solution to this problem. I want to prune down the attachments on a 
server before a migration. Some of the emails are 7 years old and have 40Mb attachments, so this 
seems like a good opportunity to rationalize things. So perhaps I'd like to "Remove all 
attachments from emails older than 2 years, in the .Sent directory", or "Attachments over 
10Mb anywhere in the mail tree"

I've found the strip_attachments.pl script here 
 which works 
fine on mbox (as tested on my local Thunderbird mboxes), but not on maildir which is 
on the dovecot server. My Perl isn't strong enough to re-purpose it.

I've looked at ripmime and mpack/munpack, and although they seem like useful 
tools to do the job of deconstructing the mail into its constituent parts, it 
doesn't seem to help in re-building the email. I think they could be used with 
a bit of study into mail MIME structure, and used with a helper script.

So before I take a deep dive into scripting my own solution, I just wanted to check if 
anyone else on the list has been through this and has some resources or pointers they can 
share, or maybe even someone to tell me "Duh, you can do it with doveadm of 
course".

P.

Re: Mass Stripping Attachments by Directory, Age, Size

[Plutocrat]

On 18/03/2021 16.52, Steven Varco wrote:
> I would like such a feature too, but instead of deleting the atatchment
files, I would like to „detach“ the files and save them into a sperate
directory, which could be on a different storage like a share in the users
home directory or even S3 and then replace the attachment in the Mail with
a LINK to that file.
> Thunderbird does this quite well with its „Detach Attachment“ feature;
the MIME part looks like this after that:

I'm familiar with the Thunderbird implementation. I'd like it if the
attachment name was preserved in there too. Saving it to a directory would
be nice, but not require for my needs.

> I know that for MS Exchange / Outlook some external archiving solutions
as components do exist and looking for something similar to offload
attachments with dovecot. :)

I forgot to mention before, the ImapSize utility, which will help for
single accounts, for which the login and password are known.
https://broobles.com/imapsize/

But what I'm really looking for is something that I can script on a server.
I'll let you know what I come up with.

P.

On Thu, Mar 18, 2021 at 4:53 PM Steven Varco 
wrote:

> I would like such a feature too, but instead of deleting the atatchment
> files, I would like to „detach“ the files and save them into a sperate
> directory, which could be on a different storage like a share in the users
> home directory or even S3 and then replace the attachment in the Mail with
> a LINK to that file.
> Thunderbird does this quite well with its „Detach Attachment“ feature; the
> MIME part looks like this after that:
>
> 
> Content-Type: image/png;
> name="funny-picture.png"
> Content-Disposition: attachment; filename="funny-picture.png"
> X-Mozilla-External-Attachment-URL:
> file:/fileserver/home/svarco/mail/attachments/funny-picture.png
> X-Mozilla-Altered: AttachmentDetached; date="Thu Mar 18 09:44:37 2021"
>
> You deleted an attachment from this message. The original MIME headers for
> the attachment were:
> Content-Transfer-Encoding: base64
> Content-Disposition: inline;
> filename=funny-picture.png
> Content-Type: image/png;
> name="funny-picture.png"
> 
>
> I know that for MS Exchange / Outlook some external archiving solutions as
> components do exist and looking for something similar to offload
> attachments with dovecot. :)
>
> Steven
>
> --
> https://steven.varco.ch/
>
> > Am 18.03.2021 um 08:31 schrieb Plutocrat :
> >
> > Hi,
> >
> > I've been looking around for a solution to this problem. I want to prune
> down the attachments on a server before a migration. Some of the emails are
> 7 years old and have 40Mb attachments, so this seems like a good
> opportunity to rationalize things. So perhaps I'd like to "Remove all
> attachments from emails older than 2 years, in the .Sent directory", or
> "Attachments over 10Mb anywhere in the mail tree"
> >
> > I've found the strip_attachments.pl script here <
> https://fossies.org/linux/Mail-Box/examples/strip-attachments.pl> which
> works fine on mbox (as tested on my local Thunderbird mboxes), but not on
> maildir which is on the dovecot server. My Perl isn't strong enough to
> re-purpose it.
> >
> > I've looked at ripmime and mpack/munpack, and although they seem like
> useful tools to do the job of deconstructing the mail into its constituent
> parts, it doesn't seem to help in re-building the email. I think they could
> be used with a bit of study into mail MIME structure, and used with a
> helper script.
> >
> > So before I take a deep dive into scripting my own solution, I just
> wanted to check if anyone else on the list has been through this and has
> some resources or pointers they can share, or maybe even someone to tell me
> "Duh, you can do it with doveadm of course".
> >
> > P.
>
>

Re: Mass Stripping Attachments by Directory, Age, Size

[Plutocrat]

On 19/03/2021 07.31, Joseph Tam wrote:
>> I've found the strip_attachments.pl script here <
https://fossies.org/linux/Mail-Box/examples/strip-attachments.pl> which
works fine on mbox (as tested on my local Thunderbird mboxes), but not on
maildir which is on the dovecot server. My Perl isn't strong enough to
re-purpose it.
>
> It you have anything that works on mbox, it will probably work on Maildir
> as each file can be considered a single message mbox.  You can combine
> the script with
>
>  find ~user/MailDir -type f ... -exec /path/to/mbox-strip {} \;

I thought that too, but my initial test on a single message file didn't
work like that. I think I got a zero length file. I'll dig into the code to
see if I can figure it out, although my Perl hasn't been used for 20 years
or so ...

> The ... can be replaced with more file tests (like minimum size or age or
only within */cur/) to cut down on processing.

Sure. I'm quite handy with find, sed, awk and all that bash malarkey. I was
actually wondering if it could be done with those alone, but it would make
more sense to use a library which understands mime already, and does the
heavy lifting. This approach might be good as a last resort.

> MIMEDefang may help.
Nice. Thanks for the pointer.

P.

On Fri, Mar 19, 2021 at 7:31 AM Joseph Tam  wrote:

> On Thu, 18 Mar 2021, Plutocrat wrote:
>
> > I've been looking around for a solution to this problem. I want to prune
> down
> > the attachments on a server before a migration. Some of the emails are 7
> > years old and have 40Mb attachments, so this seems like a good
> opportunity to
> > rationalize things. So perhaps I'd like to "Remove all attachments from
> > emails older than 2 years, in the .Sent directory", or "Attachments over
> 10Mb
> > anywhere in the mail tree"
> >
> > I've found the strip_attachments.pl script here
> > <https://fossies.org/linux/Mail-Box/examples/strip-attachments.pl>
> which
> > works fine on mbox (as tested on my local Thunderbird mboxes), but not
> on
> > maildir which is on the dovecot server. My Perl isn't strong enough to
> > re-purpose it.
>
> It you have anything that works on mbox, it will probably work on Maildir
> as each file can be considered a single message mbox.  You can combine
> the script with
>
> find ~user/MailDir -type f ... -exec /path/to/mbox-strip {} \;
>
> The ... can be replaced with more file tests (like minimum size or age
> or only within */cur/) to cut down on processing.
>
> I wrote a gawk script to slim down a multi-Gb Outlook mbox
> for a user, but it wasn't really complicated, just matching for
> /^Content-Transfer-Encoding:.*base64/i header (virtually all bulky data
> will be encoded this way), buffering the base64 data part, then outputting
> it if it was small, or deleting/replacing/extracting it otherwise.
>
> It was a one-off discarded tool but I can hunt for it if you're hard up.
>
> > I've looked at ripmime and mpack/munpack, and although they seem like
> useful
> > tools to do the job of deconstructing the mail into its constituent
> parts, it
> > doesn't seem to help in re-building the email. I think they could be
> used
> > with a bit of study into mail MIME structure, and used with a helper
> script.
> >
> > So before I take a deep dive into scripting my own solution, I just
> wanted to
> > check if anyone else on the list has been through this and has some
> resources
> > or pointers they can share, or maybe even someone to tell me "Duh, you
> can do
> > it with doveadm of course".
>
> MIMEDefang may help.
>
> Joseph Tam 
>

Re: Mass Stripping Attachments by Directory, Age, Size

[Plutocrat]

Still can't find the magic solution to this.

- My PERL isn't good enough to re-purpose strip-attachments.pl so it works on 
individual emails.
- ripmime works to extract attachments only
- altermime looked good and would delete all attachments from a directory of 
emails. However it messed up the structure somehow so they wouldn't display in 
an email client (Thunderbird, Roundcube).
- mimeDEFANG looked possible, but couldn't figure out how to use that as a 
standalone script.
- PHP solutions including the promising 
https://github.com/php-mime-mail-parser/php-mime-mail-parser seem only to be 
able to save attachments from the email, not delete it.

I'll keep going I guess. I can't believe I'm the only person in the world to 
want to do this though ...

P.

On 19/03/2021 07.31, Joseph Tam wrote:

On Thu, 18 Mar 2021, Plutocrat wrote:


I've been looking around for a solution to this problem. I want to prune down the attachments on a 
server before a migration. Some of the emails are 7 years old and have 40Mb attachments, so this 
seems like a good opportunity to rationalize things. So perhaps I'd like to "Remove all 
attachments from emails older than 2 years, in the .Sent directory", or "Attachments over 
10Mb anywhere in the mail tree"

I've found the strip_attachments.pl script here 
<https://fossies.org/linux/Mail-Box/examples/strip-attachments.pl> which works 
fine on mbox (as tested on my local Thunderbird mboxes), but not on maildir which is 
on the dovecot server. My Perl isn't strong enough to re-purpose it.


It you have anything that works on mbox, it will probably work on Maildir
as each file can be considered a single message mbox.  You can combine
the script with

 find ~user/MailDir -type f ... -exec /path/to/mbox-strip {} \;

The ... can be replaced with more file tests (like minimum size or age
or only within */cur/) to cut down on processing.

I wrote a gawk script to slim down a multi-Gb Outlook mbox
for a user, but it wasn't really complicated, just matching for
/^Content-Transfer-Encoding:.*base64/i header (virtually all bulky data
will be encoded this way), buffering the base64 data part, then outputting
it if it was small, or deleting/replacing/extracting it otherwise.

It was a one-off discarded tool but I can hunt for it if you're hard up.


I've looked at ripmime and mpack/munpack, and although they seem like useful 
tools to do the job of deconstructing the mail into its constituent parts, it 
doesn't seem to help in re-building the email. I think they could be used with 
a bit of study into mail MIME structure, and used with a helper script.

So before I take a deep dive into scripting my own solution, I just wanted to check if 
anyone else on the list has been through this and has some resources or pointers they can 
share, or maybe even someone to tell me "Duh, you can do it with doveadm of 
course".


MIMEDefang may help.

Joseph Tam 

Re: Mass Stripping Attachments by Directory, Age, Size

[Plutocrat]

  
  
OK, an update on the progress with this. 

I finally settled on a python script which does the stripping
  based on code here: 
    
http://code.activestate.com/recipes/302086-strip-attachments-from-an-email-message/

And then a bash script using find that allows me to select
  candidate files with 'find' and pass them to the python script,
  eg. 
  
      find $DIR -type f -mtime +$OLDERTHANDAYS -size +$LARGERTHAN !
  -name 'dovecot*'
After a bit of debugging to do with UTF characters etc, I seem to
  have got the script working and it will process a directory or
  entire account without complaining. My coding is not good, but if
  anyone wants a copy, contact me off list, to spare my blushes. 

I'm now experiencing an issue when I go to check the emails,
  using Thunderbird IMAP. The mails were cached in Thunderbird, and
  indexed by dovecot on the server. I've been trying to figure out
  the minimum I need to do to get Thunderbird to pick up the
  changes. 


  'doveadm force-resync -u u...@domain.com INBOX' seemed like an
option, but didn't actually seem to do much. 
  
  deleting all the dovecot.* files in the user directory on the
server, seemed like a harsher option, but again didn't really
fix things. 
  
  On the Thunderbird end, deleting the INBOX.msf file, didn't do
anything, and deleting the INBOX and INBOX.msf files, still
meant the wrong versions of the mails were coming down with
attachments, and then disconnecting when it created an error. 
  

Errors in the logs were
Apr 05 12:15:33 imap(u...@domain.com) Error: Corrupted record in
  index cache file /mail/path/dovecot.index.cache: UID 1298: Broken
  physical size in mailbox INBOX:
read(/mail/path/cur/1615880838.M742750P25731.mail.domain.com,S=12893560,W=13061037:2,Se)
  failed: Cached message size larger than expected (12893560 >
  2937, box=INBOX, UID=1298)
  Apr 05 12:15:33 imap(u...@domain.com): Info: FETCH read() failed
  in=10718 out=7471947 deleted=0 expunged=0 trashed=0 hdr_count=1647
  hdr_bytes=645910 body_count=448 body_bytes=6371591
  Apr 05 12:15:36 imap(u...@domain.com): Error: Corrupted record in
  index cache file /mail/path/dovecot.index.cache: UID 1298: Broken
  physical size in mailbox INBOX:
read(/mail/path/cur/1615880838.M742750P25731.mail.domain.com,S=12893560,W=13061037:2,Se)
  failed: Cached message size larger than expected (12893560 >
  2937, box=INBOX, UID=1298)
It seems the only way to do this is to disconnect, delete all
  dovecot.* files on the server, delete all Thunderbird cache files
  on the PC, and then reconnect and wait for them to figure it out.
  Does that seem correct? 



Finally, and relatedly, the maildir files on the server are
  tagged with a size field eg S=12893560.  Is it possible to
  regenerate them with the new correct file sizes? 
  If I leave them alone, will it affect anything?
P.

  

Re: debug SMTP commands sent/received to/from the submission service

[Plutocrat]

On 09/04/2021 15.13, Victor Sudakov wrote:

I'd use Wireshark but the communication between SMTP clients and Dovecot is 
encrypted
after STARTTLS, so Wireshark is pretty useless here.


You might get some useful information connecting with openssl s_client

Here's a page googled at random.
https://halon.io/blog/how-to-test-smtp-servers-using-the-command-line/

And man page.
https://linux.die.net/man/1/s_client

P

Doveadm sync verbose not working?

[Plutocrat]

Hi

Was trying a sync with eg this. old is a host set up in my ssh config file. the 
user exists on both sides.
The sync completes correctly copying mails back and forth, but offers no 
feedback.
doveadm sync -u u...@domain.com -f -R remote:old

If I add -v I don't get any more information. Am I missing something? The 
manual says its meant to give more info and progress.
doveadm -v sync -u u...@domain.com -f -R remote:old

Putting -v elsewhere on the commandline results in an error, so I think its in 
the right place.

However -D works, but its a bit too verbose ...
doveadm -D sync -u u...@domain.com -f -R remote:old

dovecot --version
2.3.7.2 (3c910f64b)

P.

Dovecot Stats for Logwatch

[Plutocrat]

Hi all,

I run logwatch on a few servers and the script on there which parses the 
dovecot logs provides waay too much detail, and contains a bunch of stuff 
I'm not interested in. There's not much point in having a log summary if its 
100Kb long! The one for exim is also terrible, but I've replaced that with 
eximstats, and a bit of bash scripting and have something I can work with. I 
might at some point look at replacing that too.

Now to my question. I haven't found anything in the dovecot family which 
compares to eximstats. I was wondering if there possibly is a report tool, or a 
way of extracting stats from doveadm just for key metrics such as 'number of 
POP logins in the last 24 hours', number of failed passwords, etc. Things that 
might be interesting on a logwatch report. Or maybe someone has written a 
script already that can  be used in logwatch in perl, python, bash, whatever. 
Any pointers, suggestions, or ideas for useful summary metrics to pull out of 
the logfiles are appreciated.

I suspect I might end up writing one myself anyway, but I'm just keen to see 
what already exists, get the benefit of anyone else's experiences in this 
matter before I start.

P.

Re: Dovecot Stats for Logwatch

[Plutocrat]

OK, so I started playing with this. I'm running dovecot 2.3.7 on this server 
(Ubuntu 20.04 LTS), so when I created a conf.d/95-plugins.conf file with the 
content below, it wasn't  happy about the metric stanza. However I dug around 
in the documentation and found another few metrics to get going with that my 
older version was happy with. I left it overnight.

When I came back in the morning, doveadm stats dump gave me ... a big line of 
zeros! Oh.

Looking around further, I found that I needed to enable the mail_plugins 
variable, both in the main config, and also under the imap and pop protocols. 
So that looked like this:

# In 10-master.conf
mail_plugins = stats

# In 20-imap.conf
protocol imap {
  #mail_plugins = quota imap_quota
  mail_plugins = $mail_plugins quota imap_quota
}
So now a config dump gives
protocol imap {
  mail_plugins = stats quota imap_quota
... and then the same edit in 20-pop.conf

Right. Restarted the server, all looking good, but now 'doveadm stats dump' 
gives me
Fatal: Plugin 'stats' not found from directory /usr/lib/dovecot/modules

And sure enough, the stats plugin isn't there. And systemctl status dovecot 
shows there is no stats daemon running.

Now the strange bit. I can't apt install dovecot-stats, because there doesn't 
seem to be a dovecot-stats package available for Ubuntu!

Not sure how to proceed here. Will start looking for another repo, but at this 
point, I've already spend a few hours hacking around. I could have knocked up 
some log processing bash script in half that time! Isn't that always the way ...

P.

On 24/05/2021 15.52, Aki Tuomi wrote:



On 24/05/2021 10:20 Plutocrat  wrote:

  
Hi all,


I run logwatch on a few servers and the script on there which parses the 
dovecot logs provides waay too much detail, and contains a bunch of stuff 
I'm not interested in. There's not much point in having a log summary if its 
100Kb long! The one for exim is also terrible, but I've replaced that with 
eximstats, and a bit of bash scripting and have something I can work with. I 
might at some point look at replacing that too.

Now to my question. I haven't found anything in the dovecot family which 
compares to eximstats. I was wondering if there possibly is a report tool, or a 
way of extracting stats from doveadm just for key metrics such as 'number of 
POP logins in the last 24 hours', number of failed passwords, etc. Things that 
might be interesting on a logwatch report. Or maybe someone has written a 
script already that can  be used in logwatch in perl, python, bash, whatever. 
Any pointers, suggestions, or ideas for useful summary metrics to pull out of 
the logfiles are appreciated.

I suspect I might end up writing one myself anyway, but I'm just keen to see 
what already exists, get the benefit of anyone else's experiences in this 
matter before I start.

P.


with recent 2.3.14

metric auth_failed {
filter=event=auth_request_finished and (not success=yes)
group_by = service
}

service stats {
inet_listener http {
  port = 9900
}
}

should produce

auth_failed_pop3 etc. which you can collect with prometheus, or you can use 
`doveadm stats dump`

Aki

Re: [EXT] Re: Dovecot Stats for Logwatch

[Plutocrat]

On 26/05/2021 14.33, Aki Tuomi wrote:

I am not sure what is not working for you...
does `doveadm stats dump` work?


a) Before any stats config it works without error, but gives no output.
doveadm stats dump
metric_name field   count   sum min max avg median  stddev  
%95

b) If I then enable conf.d/95-stats.conf containing
service stats {
   inet_listener http {
 port = 9900
   }
}

metric client_connections {
  filter = event=client_connection_finished
}

metric auth_success {
  filter = (event=auth_request_finished AND success=yes)
}

metric mail_delivery {
  filter = event=mail_delivery_finished
}

... it works but doesn't seem to collect any data, even if left for 24 hours
doveadm stats dump
metric_name field   count   sum min max avg median  stddev  
%95
client_connections  duration0   0   0   0   0.00
0   0.000
auth_successduration0   0   0   0   0.000   
0.000
mail_delivery   duration0   0   0   0   0.000   
0.000

c) If I then enable the bits of config that I'm informed will populate the data 
repository:

# In 10-master.conf
mail_plugins = stats

# In 20-imap.conf
protocol imap {
mail_plugins = $mail_plugins quota imap_quota
}

# In 20-pop.conf
protocol pop3 {
mail_plugins = $mail_plugins quota
}
... it then complains
doveadm stats dump
Fatal: Plugin 'stats' not found from directory /usr/lib/dovecot/modules

d) I just changed the in in 10-master-conf to reference old-stats instead of 
stats, based on my new knowledge and it doesn't complain about the missing 
module any more. But I'm still not collecting data after 30 mins.
doveadm stats dump
metric_name field   count   sum min max avg median  stddev  
%95
client_connections  duration0   0   0   0   0.00
0   0.000
auth_successduration0   0   0   0   0.000   
0.000
mail_delivery   duration0   0   0   0   0.000   
0.000

I can do wget http://localhost:9900/metrics and I just get a file that says
VERSION stats-reader-server 2   0

At this point I'm thinking I'll just write a bash script to parse the logs, but 
thought I'd see it through as it might help other intrepid dovecot users.

P.

Re: [EXT] Re: Dovecot Stats for Logwatch

[Plutocrat]

On 26/05/2021 15.53, Aki Tuomi wrote:
 
I am no longer sure what version you are running, but the filter syntax you are using is 2.3.12+. 
OpenMetrics support is also 2.3.12 (iirc) so it needs new version too.

old-stats has nothing in common with the new stats, so it has no effect on 
anything.
If you are using 2.3.7 still, the metric filter syntax is wrong, and there is 
no openmetrics support.


Yes, 2.3.7, the default package for Ubuntu 20.04, as previously stated.

OK, so if old-stats is not the one to use, and using stats throws a "Can't find 
Module" error, then we're at a bit of an impasse. I think I'll admit defeat then. 
Thanks for your help.

P.

Re: Dovecot Stats for Logwatch

[Plutocrat]

Well I didn't really find what I was looking for around the web, so I just sat 
down and hacked out an attempt in bash which gives me a starting point. I guess 
I'll add things when I need them and fix things when it breaks.

Its here if anyone can use it. Any suggestions for improvement welcome. Use at 
your own risk etc.

https://gist.github.com/plutocrat/8a2033923e14670dd13611fc0b51fc0f

To add to logwatch you
 - put it in the scripts dir as eg 
/etc/logwatch/scripts/services/dovecot_summary
 - add a config file in /etc/logwatch/conf/services/dovecot_summary.conf
 - Add a line in /etc/logwatch/conf/logwatch.conf like "Service = 
dovecot_summary"

P.


I run logwatch on a few servers and the script on there which parses the dovecot logs 
provides waay too much detail, and contains a bunch of stuff I'm not interested 
in. There's not much point in having a log summary if its 100Kb long! The one for 
exim is also terrible, but I've replaced that with eximstats, and a bit of bash 
scripting and have something I can work with. I might at some point look at replacing 
that too>> Now to my question. I haven't found anything in the dovecot family 
which compares to eximstats. I was wondering if there possibly is a report tool, or a 
way of extracting stats from doveadm just for key metrics such as 'number of POP 
logins in the last 24 hours', number of failed passwords, etc. Things that might be 
interesting on a logwatch report. Or maybe someone has written a script already that 
can  be used in logwatch in perl, python, bash, whatever. Any pointers, suggestions, 
or ideas for useful summary metrics to pull out of the logfiles are appreciated.

I suspect I might end up writing one myself anyway, but I'm just keen to see 
what already exists, get the benefit of anyone else's experiences in this 
matter before I start.

Re: Dovecot Stats for Logwatch

[Plutocrat]

Sure, it was meant to be a quick and dirty solution for my particular needs, 
and I'm sure there are many things that could be done better, neater, tidier. 
But I just thought I'd stick it up there in case it helped anyone.

For handling both compressed and uncompressed files, I believe you can use 
'zcat -f', which might be easier. In my particular case, I have weekly log 
rotation, so I only needed the two named ones to guarantee 24 hours of logs.

Fair commend about the TEMPFILE. Must have pasted an older version to the one I 
eventually used on the server. Will correct it.

Aki, I did look at the dovecot stats module, but after spending a few hours 
without success, I decided to take the path of least resistance and just hack 
up a script which probably took me an hour. Anyway thanks for your help and 
patience on that. I'd probably persevere with that approach if I was in 
corporate mode, and especially if I needed historical / comparative data.

P.

On 02/06/2021 16.41, @lbutlr wrote:

On 02 Jun 2021, at 02:10, Plutocrat  wrote:

Its here if anyone can use it. Any suggestions for improvement welcome. Use at 
your own risk etc.

https://gist.github.com/plutocrat/8a2033923e14670dd13611fc0b51fc0f


This looks good. My only comment is the script doesn't account for compressed 
logs.

LOG1="/var/log/dovecot.log.0.bz2"
LOG2="/var/log/dovecot.log"
bzcat $LOG1 | sed "0,/^$STARTTIME/d" > $TEMPFILE
cat $LOG2 >> $TEMPFILE

Well, another comment, I think you meant these tow lines to read like this:

STARTDATE=$(head -n 1 $TEMPFILE | awk '{print $1 " " $2 " " $3 }')
ENDDATE=$(tail -n 1 $TEMPFILE | awk '{print $1 " " $2 " " $3 }')

Though I don't think the awk is necessary, the first 15 characters of the first 
and last lines contain the info you want to display.

Of course, it would begetter to handle this all transparently, but … meh.

Re: Major upgrade of mail server

[Plutocrat]

First thing to note is that Ubuntu 18.04 is a Long Term Service release, and 
will be supported until 2023. So no matter how naggy Ubuntu is, you don't 
actually HAVE to upgrade at this point. You may disable the prompt if if 
bothers you: just remove or comment out the relevant file in /etc/update-motd.d/

Now the pressure is off, and you have a bit more time, maybe the best idea 
would be to build and configure a new server using Ubuntu 20, or any other 
distro, and then migrate the data over to it with dsync. That affords you an 
opportunity to test the new config before one final sync, and switching the MX 
records to point to the new server.

If for any reason you are locked into upgrading the current server, the only 
advice I can offer from a recent dovecot migration between an Ubuntu 18 server 
and a Ubuntu 20 server, was that the default SSL settings are considerably 
improved, which meant that a lot of the clients, who were using ancient 
versions of Outlook, were unable to connect. I needed to downgrade the security 
(against my better judgement) in order to let them connect, commenting out the 
line
# ssl_min_protocol=TLSv1.2
so that it defaulted to TLSv1. You might wish to bear this in mind, although 
any modern email client won't have any problems.

Good luck!

P.

On 08/07/2021 09.15, Shawn Heisey wrote:

I have a mail server in AWS that is currently running Ubuntu 18.  Every time I 
log in, I am reminded that I can upgrade to Ubuntu 20.

On Ubuntu 18, the dovecot version is 3.3.0-1ubuntu0.3.  On Ubuntu 20, it is 
2.3.7.2-1ubuntu3.  Many other packages, probably including the mysql server, 
would also be upgraded.

Dovecot and Postfix use a postfixadmin database in mysql for users, and postfix 
is using dovecot-lda to deliver mail.  I am using managesieve from dovecot on 
roundcube webmail.  As far as I know, my own user is the only one with sieve 
scripts actually in use ... and I have a LOT of filters/folders for various 
mailing lists.

I've been a little bit terrified of doing an upgrade, because I do have a 
couple of people using my mail server for real work email and I don't want to 
disrupt them.

I'm writing today to find out what are the likely pain points I might encounter 
when doing this kind of major upgrade, and if there is any helpful information 
that can help me get through those problems.  I'm hoping that it will go 
smoothly and everything just works.

Here's the doveconf -n output:
https://apaste.info/FUgF

If I have been silly enough to include sensitive data from the config, I would 
appreciate a heads up so I know what passwords to change.  I did a quick glance 
and didn't see anything.

Thanks,
Shawn

Nabble

[Plutocrat]

Not sure if this is an issue, but Nabble seems to have stopped archiving this 
newsgroup around 22 Jun.
http://dovecot.2317879.n4.nabble.com/

Thought I should probably tell someone

P.

Re: TLS Security

[Plutocrat]

I've found this resource useful in the past

https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d&guideline=5.6

P.

Re: function for whitelisting IPs

[Plutocrat]

On 15/07/2021 20.03, Gerald Galster wrote:

I have a better idea:
Have a function for whitelisting IPs, possible /24's or similiar, where a 
login to roundcube or other webmail client (with 2FA) will add the IP onto a 
whitelist for that account.


You could do that with fail2ban. eg
https://www.the-art-of-web.com/system/fail2ban-action-whitelist/

P.

Re: Containerize dovecot?

[Plutocrat]

On 25/08/2021 06.46, William Edwards wrote:

I think the general concensus is that containerisation isn't always better than 
'normal' VMs. 'Easy deployment & scaling' is also perfectly possible without 
containers.


I've had a few discussions with clients who are dead-set on running a docker 
this, or a snap that, or whatever container they just read about. But they want 
to run it on a VM in the cloud. To me it seems weird. In your cloud VM you 
already have an environment which you can configure exactly how you like it. 
You can resize it, clone it, snapshot it. Running a docker container inside 
this VM just seems to be adding an extra level of complexity to things, 
probably resulting in worse performance.

I can see docker containers have their uses, especially for development 
environments, but I don't think it makes sense in a lot of cases. Feel free to 
persuade me otherwise! I'm keen to hear counter arguments!

P.

Re: Exporting a mailbox over IMAP.

[Plutocrat]

I don't have any direct answer to your question, but wanted to make sure you 
were aware of these tools, which are built to safely merge two IMAP mailboxes 
together with no loss. They might provide an alternative strategy.

Imapsync: https://github.com/imapsync/imapsync

Offlineimap: https://github.com/OfflineIMAP/offlineimap

P.

Re: Recovering deleted messages?

[Plutocrat]

On 05/11/2021 07.01, Sean McBride wrote:

But now I have a user who accidentally used a POP client, and it deleted all 
his email.  He told me this only days later, and it's now been days later 
still, and so of course he has sent and received email since.  I have backups 
of course, but it is a feasible thing to 'merge' the deleted emails from the 
backup into his current mailboxes?


Personally, I'd restore them to another, temporary account set up for the 
purpose. Then I'd either use

- dovecot sync,
- imapsync, or
- manual drag and drop from one account to the other in Thunderbird

to put the mails back in place, depending on volume of mail involved and 
personal whim. The Thunderbird route would be easiest for a user to do 
themselves once set up. However as mail is downloaded from the server to the 
desktop and then back up to the server, it would take a while if there were 
lots of messages to deal with.

P.

Re: Moving old emails to Gmail

[Plutocrat]

Wouldn't

doveadm user myaddr...@domain.com

tell you the mail directory?


On 06/11/2021 11.10, Rob Campbell wrote:

I have a backup of mail messages I have from back when i was in school using 
pine and I want to have them imported to my Gmail.  So I set up dovecot and my 
Gmail can access it just fine but it can't find anything except my inbox (which 
I can't even find).  I've moved my mail directory and I can view the emails 
using alpine but I cannot view my inbox using alpine.  Also, although Gmail can 
get my new test messages, it can't find the messages in ~/mail where I am 
viewing them with alpine.  How do I make it so Gmail can pull from ~/mail or 
~/Maildir because I also converted the messages in ~/mail to ~/Maildir format 
but although I've tried
mail_location = mbox:~/mail
mail_location = mbox:~/Maildir
mail_location = maildir:~/mail
and
mail_location = maildir:~/Maildir

None of this worked but mail_location = maildir:~/Maildir is the only one that 
will at least allow me to get test messages in my inbox which Gmail can then 
pull.

How do I resolve these issues?

~
In all things, Be Intentional.

Re: Retrieive vsz_limit programatically

[Plutocrat]

There's a doveconf command that will get that for you eg

doveconf default_vsz_limit
=> default_vsz_limit = 256 M


On 21/11/2021 02.34, William Edwards wrote:



Op 20 nov. 2021 om 18:23 heeft Joan Moreau  het volgende 
geschreven:



Hello


How to get, programatically (C/C++), the value of teh dovecot.conf file of 
vsz_limit and default_vsz_limit ?


Parse doveconf?


Thank you

Re: Spam Folder

[Plutocrat]

You don't say if you're connecting Thunderbird with POP or IMAP.

With IMAP  you need to 'subscribe' to folders. You can do this within the email 
client manually. Or you can put autosubscribe in the namespace eg.

  mailbox Spam {
    auto = subscribe
    autoexpunge = 0
    autoexpunge_max_mails = 0
    comment =
    driver =
  }

On 22/11/2021 07.58, bobby wrote:

I have been following the tutorial here: 
https://www.linuxbabe.com/mail-server/block-email-spam-check-header-body-with-postfix-spamassassin
 

I notice that when I log into my mail via nextcloud mail, there is no spam 
folder.  Is there something further I need to do so it is generated?

Re: silly quesiton

[Plutocrat]

On 28/01/2022 13.34, Stephane Magnier wrote:

I using sendmail, but this is not clear how to share the same passwrd file, 
than Dovecot.. to be honest I should be able to get a file to manage on 
Sendmail, login and passwrd attached to the mailbox... Nb1


Not sure if this helps, but a server I run shares login info between exim and 
dovecot in plain text files.

In dovecot these are referenced with:
passdb {
  driver = passwd-file
  args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd
}

userdb {
  driver = passwd-file
  args = username_format=%n /etc/exim4/domains/%d/passwd
}

In exim the lookup function is a bit more complicated eg.
user = 
${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd

I imagine sendmail would have a similar sort of co-existence with dovecot.

P.

Re: Certificate and showing a sign-cert not there

[Plutocrat]

  
  
Random addition to this thread, in case it helps ... recently had
  a client reporting certificate problems after Letsencrypt changed
  their root certificate late last year. Long story short: it boiled
  down to the fact he was using an ancient version of Outlook which
  didn't have the necessary root certificates to verify the new
  Letsencrypt cross-signed root cert. More recent versions of
  Outlook were fine. So maybe that's another line of inquiry? 

P.

On 09/02/2022 09.56, justina colmena
  ~biz wrote:


  
  
  You shouldn't need a root in the full
  chain, because the client already has to have the root cert, but
  you do need all the links in the chain up to the root.
  
  On February 8, 2022 4:13:06 PM AKST,
Wayne Spivak  wrote:

  
Justina,
 
The vendor I have, which is having the
  difficulty is still saying he gets a self-signed cert… but
  as I showed in my last email after I added Intermediate to
  the certificate, everything was ok.
 
So ServerCert, Intermediate, Root in
  same file should solve this?
 
Wayne

  
From: dovecot
   On Behalf Of justina
  colmena ~biz
  Sent: Tuesday, February 8, 2022 2:44 PM
  To: dovecot@dovecot.org
  Subject: Re: Certificate and showing a
  sign-cert not there
  

 
In
  general:
  
  Lots of mail servers out in the wild do not require TLS or
  even bother to verifying TLS certificates when connecting
  to a remote server on port 25.
  
  However, desktop and mobile email *clients* tend to be
  much stricter about verifying server certificates when
  connecting via SSL or TLS, mainly to protect user
  passwords.
  
  Sometimes the server certificate needs to be presented
  with a "full chain" appended to it for verification. That
  has been an issue before when I've used some certs,
  particularly StartSSL before Letsencrypt started offering
  free certs.

  On February 8, 2022 5:53:34 AM AKST,
Wayne Spivak 
wrote:
  
Hi –
 
I am running Postfix 3.6.4 with
  Dovecot 2.3.17.1 (476cd46418).
 
I have a multi-signed cert from
  Entrust.
 
The cert works fine on port 25.
 
However, on Port 587 I get an
  error: c
 
[root@mcq wbs]# openssl s_client
  -connect mcq.sbanetweb.com:993 -servername
  mcq.sbanetweb.com
CONNECTED(0003)
depth=0 C = US, ST = New York, L =
  Bellmore, O = SBA  Consulting LTD, CN =
  mcq.sbanetweb.com
verify error:num=20:unable to get
  local issuer certificate
verify return:1
depth=0 C = US, ST = New York, L =
  Bellmore, O = SBA  Consulting LTD, CN =
  mcq.sbanetweb.com
verify error:num=21:unable to
  verify the first certificate
verify return:1
depth=0 C = US, ST = New York, L =
  Bellmore, O = SBA  Consulting LTD, CN =
  mcq.sbanetweb.com
verify return:1
---
Certificate chain
0 s:C = US, ST = New York, L =
  Bellmore, O = SBA  Consulting LTD, CN =
  mcq.sbanetweb.com

     i:C = US, O = "Entrust, Inc.",
OU = See www.entrust.net/legal-terms,
OU = "(c) 2012 Entrust, Inc. - for authorized use
only", CN = Entrust Certification Authority - L1K

 
 
[root@mcq wbs]# dovecot -n
# 2.3.17.1 (476cd46418):
  /etc/dovecot/dovecot.conf
# OS: Linux 5.16.5-200.fc35.x86_64
  x86_64 Fedora release 35 (Thirty Five)
# Hostname: mcq.sbanetweb.com
auth_mechanisms = plain login
disable_plaintext_auth = no
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    spec

Re: Backup procedures

[Plutocrat]

I've had some success with restic to create incremental backups of mail 
directories on external storage. Very space efficient, and restic will handle 
all the de-duplication, pruning etc.

You could write a filter to exclude the dovecot index files, or just restore to 
a different directory before copying the mails you want back to their 
destination.

P.

On 12/02/2022 00.55, Stephane Magnier wrote:

Why not doing an rsync of the folders ? Will it damage the index file ?

On 2/11/22 12:33, Jorge Bastos wrote:


Howdy,

I have a particular situation where I have about 5 users using a large account 
in IMAP, and I have the need to backup the account daily or weekly or so.
I was thinking about to copy the whole directory, each email is a file, it 
could probably work, but the dovecot index files would be damaged/wrong.

Is there a tool that could perform a backup (ex: yesterday), and when I 
inserted that backup, it just insert the emails and folders that were deleted 
today?

Thanks in advanced,
Jorge




.

Re: 2FA for Dovecot

[Plutocrat]

You don't say what sort of 2FA you're considering, but wouldn't you just tell 
Dovecot to use PAM, and then extend PAM to use a 2FA module. For example 
there's a Google Auth one available in the second link below.

https://doc.dovecot.org/configuration_manual/authentication/pam/
https://github.com/google/google-authenticator-libpam

P. 
(Not a dovecot expert, although I know a fair amount about Linux)

On 06/01/2020 19.58, Kees de Jong wrote:
> My goal is to protect my mail account with 2FA, which isn't a crazy
> idea in 2020. Therefore, I would like to know the possibilities of
> configuring 2FA for Dovecot. In the documentation there are some hints
> of e.g. OTP in Dovecot [1] and using FreeIPA with Dovecot [2], where
> FreeIPA has the ability to enable OTP per user [3].
> 
> But I can't really find much practical information about such a setup.
> The documentation of Dovecot is quite silent about the OTP
> authentication mechanism and the same goes for the FreeIPA and Dovecot
> combination with OTP.
> 
> So my question is; is this even a supported setup? And if so, where is
> the documentation? And if not, what's the recommended method to secure
> your mail setup?




signature.asc
Description: OpenPGP digital signature

Re: [v 2.3.4.1][quota] recalculation

[Plutocrat]

On 11/02/2020 17.23, Sami Ketola wrote:
> Does thunderbird even delete the mail from storage if you delete it from UI?

You have to right click on Trash and select Empty Trash to force it. 

In the Trash Folder Properties, you can also select a Retention Policy (eg 30 
days, 2000 messages). 

P.

Dovecot "User-Agent" equivalent

[Plutocrat]

Hi,

I was trying to debug an IMAP connection problem. The client accesses an 
account via webmail, mobile phone, and desktop. I was wondering if there was a 
way of determining which of these they were using at a given time. 

My googling turned up the following settings in the imap{} section:

protocol imap {
  imap_id_log = *
  imap_id_send = "name" * "version" *
}

... but setting these didn't seem to log any more information that I could use. 

Have I misunderstood the usage of these settings? Shouldn't they log a "user 
agent" type information in /var/log/dovecot.log ?

Or are there any other ways I can get information on the client? 

P.

Re: doveadm backup from gmail with imapc

[Plutocrat]

On 08/04/2020 19.14, Ben Mulvihill wrote:
> Thanks for the suggestion. I think my next step will be to investigate
> imapsync, or maybe isync, which also looks promising.

I've recently migrated a server with imapsync with 150Gb of email and 200+ 
accounts. I found the trick with this was the run imapsync in several runs: 
Messages older than 1 year; messages older than 6 months; messages older than 1 
week, for example. Then just keep running the full sync after that until you're 
ready to switch. If you've just got one email then this should be easy. With 
many addresses, there is a bit of scripting to do first to get it all set up. 

One gotcha, which I never solved, (mainly due to the fact I had to do the whole 
migration in under a week as an emergency). I could never figure out how to get 
the dovecot indexes correct, so that when the client connected to the new 
server via POP, it didn't re-download all the messages. IMAP was OK though. 

P. 

Re: Recommendations on intrusion prevention/detection?

[Plutocrat]

On 22/04/2020 20.29, Johannes Rohr wrote:
> Is there a reasonable way of detecting and preventing logins from
> unusual IP ranges? Or are there other strategies you would recommend?

I'd generally set up a short ban on logins originally, and then a second, 
longer ban for 'repeat offenders'. You basically look through the fail2ban log, 
and if an IP has been banned, say, 5 times in 24 hours, then you ban it for a 
much longer time.

Here's one example. There are others. 
https://github.com/mitchellkrogza/Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning

P.



signature.asc
Description: OpenPGP digital signature

Re: doveadm sync backup from old to new server

[Plutocrat]

I struggled with this at one time, and with the lack of examples around the 
internet. In fact, I might have written this very post myself at one point! In 
the end, the penny dropped when I saw that the format was 

(command on local server) + (stuff you need to connect over ssh) + (command on 
remote server)

So what worked for me was:

doveadm backup -u u...@domain.com \
   ssh -p  (+ other ssh options) r...@remoteserver.com \
   doveadm dsync-server -u us...@domain2.com 

If you get 
dsync-remote(us...@domain2.com): Error: Mailbox INBOX sync: mailbox_delete 
failed: INBOX can't be deleted
... you'll need to clear the remote directory first! Or maybe try sync instead 
of backup?

I found that running as root on the remote server was necessary in my case, due 
to the permissions on the remote directory. You might want to check permissions 
on remote directory are writable by the user in your ssh command. 

If still no joy you can run 
doveadm user u...@domain.com on your local server and
doveadm user us...@domain2.com on your remote server 
and dovecot will tell you where its synching from and to.

Finally, this solution is a 'push' from source server to target. You may 'pull' 
the other way if that makes more sense in your environment with -R 

Those pieces were enough for me to get it to work ... 

P.

PS. For the record, on the original job I was under time pressure, and yes, I 
did use imapsync to get it done in the end. I got this to work later on when I 
had more time to tinker. 

On 14/05/2020 09.09, Gregory Sloop wrote:
> So I've done quite a lot of searching on the list and on the web - and 
> perhaps my google-fu is really bad - but I can't find any real recipes on how 
> to sync mail from the old server to the new.
> 
> As an FYI - the old server is a CPanel/WHM setup on a VPS.
> The new is mailcow - which uses docker.
> 
> However, I don't think either of these platforms is what's causing the issue 
> - but I'm certainly not sure of that.
> 
> ---
> I've tried several things - but have lost track of all the things I've tried.
> This seemed like the best of all the things I've tried.
> 
> This particular mailbox/user+domain is setup on both servers.
> 
> doveadm backup -D -u mc-u...@abc.net ssh r...@abc.net -p2200 doveadm 
> dsync-server -u cp-u...@abc.net
> 
> mc-u...@abc.net is the MC/NEW mailbox/domain
> cp-u...@abc.net is the CPanel/OLD user/domain account
> The SSH server of the remote system is running on port 2200.
> 
> However when I try this, I get:
> WARNING: The WATCHDOG_NOTIFY_EMAIL variable is not set. Defaulting to a blank 
> string.
> dsync-local(u...@abc.net): Error: read(remote) 
> failed: EOF (version not received)
> doveadm(u...@abc.net): Fatal: execvp(ssh) failed: No such file or directory
> 
> The process appears to hang, and a Ctrl+C stops it.
> 
> I'd love to get pointed at a reasonable recipe on how to make this work.
> 
> I don't really get/understand the docs much at all.
> [And either everyone else understands it just fine, and never thinks to write 
> a document on how to do it - or, and I think this is a lot more likely - 
> they're using something like imapsync to do it. I found numerous places where 
> others were, essentially, "Dovecot's tool is way too complicated and I can't 
> get it to work right, so I used imapsync." I suppose I should probably just 
> do that too, but it does seem a shame to do that when the dovecot tool is 
> almost certainly the best tool for the job, but I can't figure out how to use 
> it.]
> 
> If someone can help me grok what's going on, I'm glad to write it up for the 
> list and or a blog entry so it's more accessible.
> 
> TIA
> -Greg

Re: doveadm sync backup from old to new server

[Plutocrat]

So specifically in your case:

On 14/05/2020 09.09, Gregory Sloop wrote:
> doveadm backup -D -u mc-u...@abc.net ssh r...@abc.net -p2200 doveadm 
> dsync-server -u cp-u...@abc.net
> 
> mc-u...@abc.net is the MC/NEW mailbox/domain
> cp-u...@abc.net is the CPanel/OLD user/domain account
> The SSH server of the remote system is running on port 2200.

If you're running this on your source server, I think you have the accounts the 
wrong way around. Try

doveadm backup -u cp-u...@abc.net \
  ssh -p 2200 r...@abc.net \
  doveadm dsync-server -u mc-u...@abc.net

Or, if you're running it on your target server, maybe you'll have to pull, 
using the -R switch.

P. 

Re: doveadm sync backup from old to new server

[Plutocrat]

I'm not clear myself on the difference myself between 
dsync
doveadm sync
doveadm dsync-server
... perhaps someone here can explain? However what worked for me was using 
doveadm dsync-server on the 'receive' end. Maybe that puts it in 'listen' mode? 
So maybe try
doveadm backup -u u...@abc.net \
  ssh r...@po.abc.net \
  docker exec b3093cxx doveadm dsync-server -u u...@abc.net

I've tried to get along with docker before, but it always just seems to add 
another level of complexity into everything, so thus far I've managed to avoid 
it apart from general experiments! 

P.

On 15/05/2020 07.00, Gregory Sloop wrote:
> So that was really helpful for me to understand that a lot more clearly.
> Thanks! [Many, many thanks @Plutocrat!!]
> 
> But I'm still getting a similar failure.
> Let me give the command I'm using.
> 
> doveadm backup -D -u u...@abc.net \
> ssh r...@po.abc.net \
> docker exec b3093cxx doveadm sync -D -u u...@abc.net
> 
> The "local" server is where the data/mail currently is.
> The remote or docker container/volume is where dovecot is installed. (The 
> data is in a different docker container.)
> 
> So, I think I'm "backing up" the data from the local machine and pushing that 
> "backed up" data via SSH to the dovecot install in docker and attempting to 
> "sync" that data to the remote dovecot install.
> 
> However, I immediately get
> "Error: read(remote) failed: EOF (version not received)"
> 
> The connection hangs. If I wait a while - perhaps 30-60s, it kills the SSH 
> connection and aborts the process.
> 
> Is there a way I can test the remote end's ability to accept the data.
> [i.e. Can I do something like
> ssh r...@po.abc.net \
> docker exec b3093cxx doveadm sync -D -u u...@abc.net
> 
> And see if it would accept the data. [In short, do I have a local end problem 
> or a remote end problem - and being able to test both parts individually 
> would probably help me figure out what's broken. That still won't fix it, but 
> at least I'll know which end I need to concentrate on.]
> 
> I'd guess this will all seem pretty obvious in retrospect, but for the life 
> of me, I'm completely lost and really don't have any idea where to start to 
> break it down better so I can see how each piece is working or not.
> 
> TIA
> -Greg
> 
> 
> *P> I struggled with this at one time, and with the lack of examples
> P> around the internet. In fact, I might have written this very post
> P> myself at one point! In the end, the penny dropped when I saw that the 
> format was
> 
> P> (command on local server) + (stuff you need to connect over ssh) + 
> (command on remote server)
> 
> P> So what worked for me was:
> 
> P> doveadm backup -u *u...@domain.com <mailto:u...@domain.com>* \
> P>    ssh -p  (+ other ssh options) *r...@remoteserver.com 
> <mailto:r...@remoteserver.com>* \
> P>    doveadm dsync-server -u *us...@domain2.com <mailto:us...@domain2.com>* 
> 
> P> If you get
> P> dsync-remote(*us...@domain2.com <mailto:us...@domain2.com>*): Error: 
> Mailbox INBOX sync:
> P> mailbox_delete failed: INBOX can't be deleted
> P> ... you'll need to clear the remote directory first! Or maybe try sync 
> instead of backup?
> 
> P> I found that running as root on the remote server was necessary in
> P> my case, due to the permissions on the remote directory. You might
> P> want to check permissions on remote directory are writable by the user in 
> your ssh command.
> 
> P> If still no joy you can run
> P>         doveadm user *u...@domain.com <mailto:u...@domain.com>* on your 
> local server and
> P>         doveadm user *us...@domain2.com <mailto:us...@domain2.com>* on 
> your remote server
> P> and dovecot will tell you where its synching from and to.
> 
> P> Finally, this solution is a 'push' from source server to target.
> P> You may 'pull' the other way if that makes more sense in your environment 
> with -R
> 
> P> Those pieces were enough for me to get it to work ...
> 
> P> P.
> 
> P> PS. For the record, on the original job I was under time pressure,
> P> and yes, I did use imapsync to get it done in the end. I got this
> P> to work later on when I had more time to tinker.
> 
> P> On 14/05/2020 09.09, Gregory Sloop wrote:
>>> So I've done quite a lot of searching on the list and on the web - and 
>>> perhaps my google-fu is really bad - but I can't find any real recipes on 
>>> how to sync mail from the old 

Re: doveadm sync backup from old to new server

[Plutocrat]

On 15/05/2020 10.56, Gregory Sloop wrote:
> IMAP sync looks better and better. I'm a little puzzled why I don't just give 
> up walking on the broken glass and use it - but it just bugs the heck out of 
> me.

If you can get the dovecot native sync to work, it seems to be a better option, 
as it understands all the dovecot index formats etc, and will transfer those 
correctly. Imapsync doesn't, and when I did that I had a few problems with POP 
email clients re-downloading their entire Inbox, which produced a few groans. 
Your mileage may vary. 

Another option for you, if you have the time and energy would be to set up 
proper replication between the two servers. Then any changes made would be 
synced in real time, until the cutoff, when you just shut down the old server 
and the new one is already up to date. But if you can't get a simple sync 
happening then that might be a bit of over-reach. 

My suspicions on your current situation would center around the complications 
introduced by docker, and on file/container permissions, environment variables, 
paths etc. 

How about if you just try a simple doveadm command over ssh from the remote 
server to make sure that works. eg. from "Sending" server do

ssh r...@po.abc.net \
 docker exec b3093cxx doveadm user u...@abc.net

That should execute the doveadm user command on the remote (receiving) server. 
If that works, then at least you can satisfy yourself that the docker bit is 
working correctly. Not sure why I'm getting involved in someone else's 
troubleshooting nightmare! ;-) 

P. 

Re: dsync multiple mailboxes per connection?

[Plutocrat]

On 20/05/2020 22.47, Sami Ketola wrote:
> We’re transferring users between servers and want to use dsync to transfer 
> the mail; ideally we’d like to avoid creating a separate TCP connection per 
> user.

Would writing a script to process each user sequentially be an option? 

Like ... 

for USER in user1 user2 user3 user4 
do 
doveadm sync -u $USER ssh u...@remoteserver.com doveadmn dsync-server 
-u $USER 
done

Or if that's not possible, just write them out longhand:

doveadm sync -u user1 ssh u...@remoteserver.com doveadmn dsync-server -u 
otheruser1
doveadm sync -u user2 ssh u...@remoteserver.com doveadmn dsync-server -u 
otheruser2
doveadm sync -u user3 ssh u...@remoteserver.com doveadmn dsync-server -u 
otheruser3

P.

Re: fail2ban setup centos 7 not picking auth fail?

[Plutocrat]

Just to add another alternative while we're discussing the subject, I've got a 
soft spot for CSF as a replacement for fail2ban, and it has a lot of additional 
features as well. 

https://www.configserver.com/cp/csf.html

P.  

On 22/05/2020 18.32, Jerry wrote:
> On Thu, 21 May 2020 23:22:04 -0700, lists stated:
>> I use SSHGuard on well ssh (doh!), but supposedly you can use it for
>> postfix and dovecot also. I can tell you it is well supported.  I am
>> on Centos 7 using firewalld.
> 
> SSHGuard works fairly well with Postfix; however, it is virtually
> useless with Dovecot. It never picks up on "auth fail" and a few
> others. I have submitted documentation and requests to SSHGuard, but
> they have never acted upon them, other than to say that they will look
> into it.
> 



signature.asc
Description: OpenPGP digital signature

Re: missing man page for “doveadm dsync-server”?

[Plutocrat]

On 25/05/2020 03.00, Felipe Gasper wrote:
> Is there a man page for this command? I don’t see one in the repository. 
> Given its utility in, e.g., syncing mailboxes via SSH, it seems like 
> documentation for this command would be useful?

I think this is what you need. As far as I can gather, "doveadm sync" is an 
equivalent way of invoking the command. 

 https://wiki2.dovecot.org/Tools/Doveadm/Sync

You may also get some utility out of "Replication"

P

Re: Error deleting INBOX when doing an imap sync

[Plutocrat]

On 03/06/2020 18.17, Des Magner wrote:
>     dsync([user]): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX 
> can't be deleted.

Pretty sure I experienced this. I think what its telling you is the destination 
mailbox already exists, and it doesn't want to delete it. This is probably 
because you tried some syncs before, maybe unsuccessfully. 

So, if you clear out the destination mail directory and re-try the backup, it 
should work. Or maybe if you've already backed up a load of emails into the 
destination, you might like to look at one-way sync instead? I haven't tried 
this myself, and don't know if it works, so will defer to other far wiser 
people on this list. 

P. 

Re: SV: handling spam from gmail.

[Plutocrat]

On 11/06/2020 16.26, Marc Roos wrote:
> I know it is not dovecot who should fix this. But anyone using dovecot 
> is using an MTA, and receiving spam ;) I know how to look at email 
> headers. Spf and dkim is not solving anything here.

You can configure this sort of thing in postfix, exim etc. The part of the mail 
system to do with RECEIVING emails. Not really a dovecot function. 

Look at greylisting as an option. That's basically delaying email from unknown 
senders. 
Also blocklists
Also consider setting up rules in spamassassin / rspamd

Re: log failed plaintext password for specific user only

[Plutocrat]

On 23/03/2022 19.30, mj wrote:

Op 23-03-2022 om 12:29 schreef Aki Tuomi:


1. Try hashing possible password candidates and compare
2. Temporarily log everyone's passwords and then sanitize logs after you're 
done.

No way to enable that option for a single user.


While there is no way to enable that option for a single user, setting the 
following:

auth_debug = yes
auth_debug_passwords = yes

Will enable it for all users. Possibly your concern is that you don't want to 
see legitimate users' passwords? In which case, you can rest assured that you 
only see the FAILED passwords for all users, not the CORRECT ones.

If you decide this is something you want to do, then you can find the culprits by 
grepping for "MD5" in the dovecot log, and then revert your configuration when 
you've collected enough info.

P.

Re: Sieve configuration for roundcube

[Plutocrat]

On 05/06/2022 10.27, Jeremy Hansen wrote:

Any pointers to get dovecot configured with sieve for Roundcube filters?  
Things I’ve found through search seem a bit all over the place. I’m using 
CentOS 8/Rocky Linux hosts.


There's a script used by Hestia Control panel to do this. Although its for 
debian/ubuntu, you might be able to infer the steps from it.

https://github.com/hestiacp/hestiacp/blob/fe68ebe0b66962470a529393ad913069fbfe53a1/install/upgrade/manual/install_sieve.sh

P.

Re: One-off backup

[Plutocrat]

Depending on your setup, abilities and intended results, you might also wish 
consider offlineimap and imapsync, with which you could maintain an updated 
offsite copy going forwards.

P.

On 10/10/22 22:57, Ian Evans wrote:

I run a small email server for me and the missus. Six dovecot users.

Our host is migrating our server instance. They usually (99.% lol) go off 
without a hitch.

As we don't have dovecot running elsewhere, I'm assuming doveadm is the wrong 
tool.

If we want to make a one-off backup prior to the migration, is shutting down 
postfix and running
tar czf mailstorage.tgz /path/to/mail okay?

Thanks.

Re: adding caldav/carddav next to dovecot

[Plutocrat]

I think rather than Sabre's DAV, you're after their Baikal server.

    https://sabre.io/baikal/

Sabre is also the guts behind Nextcloud's Contacts and Calendar dav sync, which 
you might want to look into, especially if you can see a need for sharing 
contacts among a group of people, as well as files, group chat and all the 
other features of Nextcloud. To bring it back onto topic, Nextcloud can also be 
used as a webmail interface to dovecot, of course.

    https://nextcloud.com/

P.

Re: Pigeonhole Sieve Vacation Reply-To peculiarity with inbound AWS-SES

[Plutocrat]

On 2/8/23 05:33, jeremy ardley wrote:


- AWS throttles but does not block traffic to a *destination* port 25.


I set one up last week and can confirm that port 25 outbound was definitely 
blocked rather than throttled. However there's a form you can fill in to get it 
unblocked, and it only takes a day or so.

P.

Dovecot UIDs and POP.

[Plutocrat via dovecot]

Hi,

I recently performed a mail server migration for a client under fairly serious 
time constraints (ahem, yes one of those jobs). I would normally use imapsync 
to get all the mail copied to the new server, but under the circumstances, I 
had to write a script to rsync each of the mailboxes over ssh, from one server 
to another. 

This all worked fine, except for the fact that if a client was using a POP 
email client, when they connected to the new server, they re-downloaded all 
their mail, creating duplicates of everything in their Outlook client. Of 
course they weren't happy about this. IMAP email clients were OK. No 
duplicates, and everything was fine. 

So while I was migrating the mail, I did try for a while to understand the 
format of the UID files, but failed to do so in the available time, so the 
client just had to deal with duplicate emails. But now the smoke has cleared, 
I'd like to understand the problem a little better, and I was hoping someone on 
this forum could explain it to me, and the changes I'd need to make to the 
files so that the POP client DIDN'T download the duplicate emails. 

Here's what I understand. The list of dovecot files in an account looks like 
this:
-rw-r-   1 admin mail0 Jul 11  2018 dovecot-acl-list
-rw-r-   1 admin mail  14K Sep 20 08:36 dovecot.index
-rw-r-   1 admin mail 216K Sep 20 17:24 dovecot.index.cache
-rw-r-   1 admin mail  29K Sep 20 17:24 dovecot.index.log
-rw-r-   1 admin mail  388 Dec 17  2017 dovecot.list.index
-rw-r-   1 admin mail 1.6K Jul 11  2018 dovecot.list.index.log
-rw-r-   1 admin mail   24 Jul 11  2018 dovecot.mailbox.log
-rw-r-   1 admin mail   53 Sep 12 09:42 dovecot-quota
-rw-r-   1 admin mail  52K Sep 20 17:24 dovecot-uidlist
-rw-r-   1 admin mail8 Jul 11  2018 dovecot-uidvalidity
-rw-r-   1 admin mail0 Jul  4  2016 dovecot-uidvalidity.5779bbeb

It seems that the dovecot-uidlist is an index of all the mail files in the 
account. As far as I can gather, this should be the same on both servers after 
I've rsynced them over ssh: The files and the list of them in dovecot-uidlist 
should correspond. 
So what is it that the POP client looks at and decides to re-download all the 
emails? 
And how could I have stopped it from doing that, and get it to realize that the 
list of emails it holds internally is the same as the list on the server? What 
would I need to change in the dovecot files?

Thanks for any insight into the process. 

As a secondary question -- and perhaps I should put this in a separate message 
-- I did notice that "doveadm sync" would apparently have helped me with this, 
but I wasn't able to get that to work either. I believe it was something to do 
with the fact that all the mailboxes were under the same linux user account on 
the target server, and I couldn't figure out all the paths and permissions in 
time. Would 'doveadm sync' have fixed all the UID and duplicate POP email 
issues? 

P.

Re: Dovecot UIDs and POP.

[Plutocrat via dovecot]

On 22/09/2019 4:08 AM, @lbutlr via dovecot wrote:
>> So while I was migrating the mail, I did try for a while to understand the 
>> format of the UID files, but failed to do so in the available time, so the 
>> client just had to deal with duplicate emails. But now the smoke has 
>> cleared, I'd like to understand the problem a little better, and I was 
>> hoping someone on this forum could explain it to me, and the changes I'd 
>> need to make to the files so that the POP client DIDN'T download the 
>> duplicate emails.
> 
> Did you check ? It has a lot of info on 
> this.

I did see that page, but was unable to figure out which of the three UID 
related files I needed to keep, and which to edit in order to 'trick' the email 
client into not re-downloading the mails. 

The migration was from dovecot 2.x to 2.x, so I don't think there was any 
translation issue between servers. The POP clients were Outlook (my old 
nemesis). The only information I could find is that the dovecot UIDL format is 
pop3_uidl_format = %v.%u
But that didn't really take me anywhere. So its all a bit of a mystery. I was 
hoping there would be a UID guru on this list who could walk me through it, or 
point me to some reference. 

> Don’t know, but dsync says it does this: 
> "The pop3-migration plugin is used to preserve POP3 UIDLs. When dsync is 
> handling IMAP INBOX and requests a POP3 UIDL, the plugin connects to the POP3 
> server and figures out which IMAP messages match which POP3 messages and then 
> returns the appropriate POP3 UIDL.”
> Trouble is, if you are migrating POP and the server is not up, I am not sure 
> what you can do with dsync?

I did try to use dsync (aka doveadm sync) for a few hours, but couldn't get a 
test account to migrate across. It seems like this would have been the solution 
but I was unable to confirm. At times it seemed to login and complete without 
error, but I could never find where it had put the mail! Other times it refused 
to login or gave permission errors. I looked around for real life examples, but 
wasn't able to find any. 

Had I got it to work, I could maybe have figured out the UID problem. Maybe 
that will be a project for me in the future, when I have a spare few hours!

Maybe if I gave a few details of the directory structure that would help. I was 
migrating from a Cpanel installation to a standalone mail server. 
In Cpanel, there was the admin account login, and under that 
~/mail/domain1.com/mailbox1
~/mail/domain1.com/mailbox2
~/mail/domain2.com/mailbox1
~/mail/domain2.com/mailbox2

On the target server the same structure existed. One login, admin, and under 
that account 
~/mail/domain1.com/mailbox1
~/mail/domain1.com/mailbox2
~/mail/domain2.com/mailbox1
~/mail/domain2.com/mailbox2
All files and directories were chown admin:mail 

The command I used was 
doveadm sync -u t...@domain.com ssh -i id_rsa -o "StrictHostKeyChecking=no" 
admin@100.110.120.130

I tried a few options to tell it where to put the mail, but dovecot on the 
target server didn't seem to know where each account was located. 

P.

Spam Blocking by filtering on username / id

[Plutocrat via dovecot]

This is probably quite an easy question, but I haven't been able to find the 
answer. I'm running a server where all the email addresses are in the format 
"u...@domain.com". I've noticed that a large number of fake login attempts use 
the format "user" eg. reception, service, root, admin. 

Is it possible to prevent any such logins to these email users without an 
@domain.com? Or maybe ignore them. Or drop them from the logging. 

P.

Re: Dovecot UIDs and POP.

[Plutocrat via dovecot]

On 23/09/2019 5:01 PM, Sami Ketola wrote:
> doveadm backup -u t...@domain.com  -R ssh 
> sshu...@remote.com  "sudo /usr/bin/doveadm 
> dsync-server -u t...@domain.com "
> run this on the target system to which you are migrating to.

Seems counter-intuitive to run the command on the target system! Pull, rather 
than push. However that wasn't an option for me at the time. I could only make 
a connection outbound from the source server, as ssh was locked down, and I was 
forced to use Cpanel's 'Terminal' App. 

So maybe that was the problem them. I could only push and not pull. 

P.

Re: Spam Blocking by filtering on username / id

[Plutocrat via dovecot]

Hi,

Sorry for the delay in replying. Been having a few mail problems ironically! 
Gmail smtp server stopped working! 

On 23/09/2019 4:13 PM, Bernd Petrovitsch via dovecot wrote:
> It's not directly a solution within dovecot but "fail2ban" exists.

Yes, I have fail2ban, but that bans based on IP address. And most mail password 
attacks these days are distributed, and although fail2ban will try to spot them 
it doesn't do a very good job. I thought denying any logins without the 
@domain.com part would be an additional layer. I understand that there's no way 
these attempts could log in, its just that there are so many attempts logged, 
that it fills up 90% of my logs with noise, and prevents me from seeing the 
other important events. 

> Are users able to login without the @domain part?

No. All valid mail accounts are in the form u...@domain.com 

> There is also sshguard that will do the same thing.
> One of these should probably be running anyway as they help mitigate issues 
> where someone keep hammering on your system, however in the days of DDOS, 
> they are less helpful than they used to be.

I'll take a look at sshguard, although it looks like its retroactive too: it 
waits for the events to be logged and then bans based on what it finds in the 
logs. I was intending to do something more proactive, at the dovecot layer, and 
ideally just silently drop them. Or throw the attempts into a different log 
perhaps. Just thinking out loud at this point. 
For the sake of completeness, there's also my personal favourite, CSF, which in 
my opinion does a better job than fail2ban, but still not exactly what I 
envisaged. 

> you can add username_filter = *@domain.com
> or deny-passdb before actual passdb with username_filter = !*@domain.com
> https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/

This is more like what I had in mind. Let me try this out and I'll report back. 

P.

Re: Dovecot UIDs and POP.

[Plutocrat via dovecot]

On 24/09/2019 10:14 PM, @lbutlr via dovecot wrote:
> Did the target machine already have the user setup? I think dsync wants to 
> sync mailboxes between configured and working servers with users already 
> defined.

Yes, of course. And the directory structure was pretty much identical between 
the two. Which was how I was able to write and run the rsync script. 

I think at this point, I'm past the dsync problems. That window has closed, and 
the migration is done, albeit with this irritating re-downloading of email with 
POP problem. However I'm still keen to get to the bottom of how this whole 
UID/UIDL/POP3 transaction takes place, so I can understand it for the future, 
and prevent it happening again. I'm guessing it would be a useful addition to 
the dovecot documentation as well. 

P.

Re: dovecot disk space settings

[Plutocrat via dovecot]

On 22/10/2019 6:38 PM, Marc Roos via dovecot wrote:
> Ok, what about placing a dummy file of 5GB or so on the partition, that 
> you can remove when necessary?

I recently wrote a script to check disk space every week and email me an alert 
if there was less than 5G. Would that be an approach for you? Enclosing below 
as an example. You'd need to adapt to your own environment. 

#!/bin/bash

MAILSPACE=$( df -h | grep "/dev/sdd" | awk '{ print $4 }' | sed 's/G//g' )

if [ "$MAILSPACE" -lt "5" ] ; then
MESSAGE="Alert, only $MAILSPACE Gb of space left on Mail Drive"
df -h > /tmp/diskalert.txt
mutt -s "$MESSAGE" m...@example.com < /tmp/diskalert.txt 
else
# Uncomment to debug 
MESSAGE="Safe for now: $MAILSPACE Gb of space left on Mail Drive"
#echo $MESSAGE
fi

Re: newbie question on a dovecot buffer

[Plutocrat via dovecot]

On 06/11/2019 01.41, Richard Bown via dovecot wrote:
 > Can I use Dovecot as a buffer between my mail providers Dovecot servers
> and the several IMAP mail clients on my own network ? 
> ie,  so Dovecot would mirror the mail on my account with my mail provider, So 
> my local dovecot server downloads mail and caches/stores on the local SBC and 
> all the local users use IMAP from that, instead of from my mail provider.

I'm by no means an expert, but I've seen this mentioned before, and it seems 
that you may be asking about this:

https://wiki.dovecot.org/Replication

P.