[sieve] Restrict redirects to own domain only

[Yassine Chaouche]

Hello list,

I'd like to let my colleagues redirect mail automatically (via a sieve
filter) to other mailboxes within the same domain, but deny redirects to
outside domains (gmail, yahoo etc.) since this could lead to blacklisting
(forwarding spam for example).

If I set sieve_max_redirect to 0 then no redirect is allowed, at all. I
wish to let redirects to internal mailboxes still possible. Ideas ?

Yassine.

[sieve] Restrict redirects to only own domain

[Yassine Chaouche]

Hello list,

I'd like to let my colleagues redirect mail automatically (via a sieve 
filter) to other mailboxes within the same domain, but deny redirects to 
outside mailboxes (gmail, yahoo etc.) since this is considered bad 
practice and could lead to blacklisting (forwarding spam for example).


If I set sieve_max_redirect to 0 then no redirect is allowed, at all. I 
wish to let redirects to internal mailboxes still possible.


Ideas ?

Yassine.

Re: [sieve] Restrict redirects to own domain only

[Yassine Chaouche]

Thanks Ralph but I don't fully understand how could this prevent them 
from forwarding to any other domain by other means, for example by using 
a managesieve-able client


Yassine.


On 10/16/18 12:37, Ralph Seichter wrote:

On 16.10.18 12:48, Yassine Chaouche wrote:


I'd like to let my colleagues redirect mail automatically (via a sieve
filter) to other mailboxes within the same domain, but deny redirects
to outside domains [...] Ideas ?

Set up a simple internal web application or some other mechanism that
allows your colleagues to enter the local address part for forwarding
only. Use backend logic to generate a sieve script containing

   redirect :copy "localp...@yourdomain.tld";

or whatever suits your needs.

-Ralph

Re: Problem enabling the mail_log plugin

[Yassine Chaouche]

I have expunge in mail_log_events

  mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename



Yassine

Le 2/8/21 à 5:03 AM, Mike Quigley a écrit :


I need to track some issues with deleted messages so I have been 
trying to set up the mail_log plugin.  I have Dovecot v2..27 running 
on Debian 9.  I have configured /etc/dovecot/conf.d/10-logging.conf, 
20-imap.conf, and 20-lmtp.conf and restarted dovecot, but I see so 
difference in /var/log/mail.info & /var/log/syslog when I delete a 
message from my Inbox in Roundcube.  Here is the abbreviated output 
from doveconf -n:


# 2.2.27 (): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 ()
# OS: Linux 4.9.0-14-amd64 x86_64 Debian 9.13 ext4

plugin {
mail_log_events = delete undelete mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
sieve = ~/.dovecot.sieve
sieve_after = /etc/dovecot/sieve-after
sieve_dir = ~/sieve
}

protocols = " imap lmtp sieve pop3"

protocol lmtp {
mail_plugins = " sieve notify mail_log"
}

protocol imap {
mail_max_userip_connections = 50
mail_plugins = " notify mail_log"
}

What am I missing?

Re: Problem enabling the mail_log plugin

[Yassine Chaouche]

Le 2/9/21 à 11:41 AM, Yassine Chaouche a écrit :

I have expunge in mail_log_events

  mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename



Yassine

Oh yes and copy, because when you delete mail in roundcube it actually
copies it to the trash then expunge it from where it was, so you
should look after these two

Yassine.

Re: Problem enabling the mail_log plugin

[Yassine Chaouche]

Le 2/8/21 à 5:03 AM, Mike Quigley a écrit :


 I see so difference in /var/log/mail.info & /var/log/syslog


Did you configure it to use syslog ? my config puts dovecot logs in 
/var/log/dovecot


Yassine.

Re: Messages sent to alias+detail end up in INBOX

[Yassine Chaouche]

Yo Denis,

As bjoern and Anton already said, you need a sieve script
that has a rule that says every mail that has the "detail"
keyword in the "to" header must go to the "detail" folder.

It works with static values. But I don't know if you can
dynmicaly create folders with the "detail" part put in a
variable for example, ask the sieve to create it if it
doesn't exist, then deliver mail to it.

Yassine

Le 2/18/21 à 1:27 PM, Bjoern Franke a écrit :

Hi,


So, there is now way that Dovecot can create folders with "detail" name for mail sent to 
"alias+detail" address?


did you take a look into the logs? E.g. in my setup, dovecot complains
when sieve should put the message into a folder which does not exist.

Maybe it logs something also in your case why it does not create the folder.

Regards
Bjoern

Re: Messages sent to alias+detail end up in INBOX

[Yassine Chaouche]

Le 2/18/21 à 2:08 PM, Darac Marjal a écrit :

What I use is:
if envelope :detail :regex "to" "(.+)" {
     set :upperfirst :lower "detail" "${1}";
     fileinto :create "Tagged/${detail}";
     stop;
}

Which says "if the envelope detail is not empty, copy it to a variable
called 'detail' and titlecase it, then file the message into
Tagged/$detail, creating that if necessary". I think the most relevant
part here is using a regex to match on the detail - that copies the
value of the detail into $1, which you can then use as you see fit.


Excellent ! thanks for sharing. This was added to my info.txt file.

Yassine -- admin sysweb.

Re: Messages sent to alias+detail end up in INBOX

[Yassine Chaouche]

Could it be postfix's cleanup / trivial-rewrite getting in
the way and rewriting headers  ?

Yassine -- admin sysweb.

Le 2/18/21 à 9:10 PM, m...@shadrinden.ru a écrit :

On Thu, 18 Feb 2021 14:57:19 -0500
Daryl Richards  wrote:


Do you have propagate_unmatched_extensions turned on?

http://www.postfix.org/aliases.5.html shows that has to be on
otherwise it could drop the +detail part...

On my machine it is by default set to

propagate_unmatched_extensions = canonical, virtual

According to man pages, the behavior of these values (canonical and virtual) in 
this regard seems to be identical:

"  When a mail address localpart contains the optional recipient delimiter
(e.g.,  user+foo@domain),  the  lookup  order becomes: user+foo@domain,
user@domain, user+foo, user, and @domain."

--
Respectfully,
Denis Shadrin

Re: Messages sent to alias+detail end up in INBOX

[Yassine Chaouche]

Did you disable enable_original_recipient and have postfix <= 3.2 ?
(I had to do this for a deduplication problem)

http://www.postfix.org/postconf.5.html#enable_original_recipient

Yassine -- admin sysweb.


Le 2/21/21 à 10:22 AM, Yassine Chaouche a écrit :

Could it be postfix's cleanup / trivial-rewrite getting in
the way and rewriting headers  ?

Yassine -- admin sysweb.

Le 2/18/21 à 9:10 PM, m...@shadrinden.ru a écrit :

On Thu, 18 Feb 2021 14:57:19 -0500
Daryl Richards  wrote:


Do you have propagate_unmatched_extensions turned on?

http://www.postfix.org/aliases.5.html shows that has to be on
otherwise it could drop the +detail part...

On my machine it is by default set to

propagate_unmatched_extensions = canonical, virtual

According to man pages, the behavior of these values (canonical and 
virtual) in this regard seems to be identical:


"  When a mail address localpart contains the optional recipient 
delimiter
    (e.g.,  user+foo@domain),  the  lookup  order becomes: 
user+foo@domain,

    user@domain, user+foo, user, and @domain."

--
Respectfully,
Denis Shadrin

Re: migrating users to new server, dsync ?

[Yassine Chaouche]

Le 3/2/21 à 2:48 AM, Voytek Eymont a écrit :
> I have Dovecot 2.3.13 on new server, 2.3.11 on 'old' server,Centos 6,
> old server still has a couple domains and about a dozen users, what's a
> the best way to migrate user mailboxes to new server (Maildir), use
> 'dsync' , is that the way to do it ?

> TIA,
> V

Hello Voytek,

I have already used rsync succesfully to move users and their mails.
I still use rsync to make periodic and automated backups of their e-mails.
Maildir here too. You might want to fine-tune it to avoid copying
temporary files and locks cause they disappear quick and make rsync
complain it couldn't transfer all the files because they disappeared in
the meantime.

-- Yassine

Re: t/s expired cert error

[Yassine Chaouche]

Looks fine from my side, both on pop3s


ychaouche#ychaouche-PC 13:58:25 ~ $ openssl s_client -connect 
103.106.168.105:*995* -CApath /etc/ssl/certs

CONNECTED(0003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = emu.sbt.net.au
verify return:1
---
Certificate chain
 0 s:/CN=emu.sbt.net.au
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-BEGIN CERTIFICATE-
[...]
-END CERTIFICATE-
subject=/CN=emu.sbt.net.au
issuer=/C=US/O=Let's Encrypt/CN=R3
---
[...]
    Start Time: 1614694135
    Timeout   : 300 (sec)
*Verify return code: 0 (ok)*
---
+OK Dovecot ready.
^C
ychaouche#ychaouche-PC 15:09:01 ~ $



and on pop3 with starttls




ychaouche#ychaouche-PC 15:14:28 ~ $ openssl s_client*-starttls pop3* 
-connect 103.106.168.105*:pop3* -CApath /etc/ssl/certs

CONNECTED(0003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = emu.sbt.net.au
verify return:1
---
Certificate chain
 0 s:/CN=emu.sbt.net.au
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-BEGIN CERTIFICATE-
[...]
-END CERTIFICATE-
subject=/CN=emu.sbt.net.au
issuer=/C=US/O=Let's Encrypt/CN=R3
---
[...]
    Start Time: 1614694499
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
+OK Dovecot ready.
^C
ychaouche#ychaouche-PC 15:15:04 ~ $






Le 3/2/21 à 1:41 PM, Erwan David a écrit :

Le 02/03/2021 à 13:29, Voytek Eymont a écrit :

since a couple of days one of users reported getting expired certificate
error in TB, looking at the log, I can see like:

Mar 02 21:46:24 pop3-login: Info: Disconnected (no auth attempts in 0
secs): user=<>, rip=111.222.333.444, lip=103.106.168.105, TLS: SSL_read
failed: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired: SSL alert number 45, session=<...>


Here it is the certificate presented on the pop3 port (either port 110
with a STLS command or port 995)



but, looking at server with
https://ssl-tools.net/mailservers/emu.sbt.net.au it says 'valid' as does
certbot tool


Here it seems te site tests the smtp server (on port 25), which is not
handled by dovecot. You probably have different certificates on both.

Re: t/s expired cert error

[Yassine Chaouche]

Le 3/2/21 à 9:04 PM, Arjen de Korte a écrit :

Citeren Voytek Eymont :


On Wed, March 3, 2021 1:17 am, Yassine Chaouche wrote:
hmm, just tried this, 110/143 gives error, 995/993 doesn't:

I'll try changing in TB to SSL/TLS not StartTLS, 995 or 993, etc, 
and, see

if error goes

# echo | openssl s_client -connect emu.sbt.net.au:110 2>/dev/null |
openssl x509 -noout
 -enddate


On port 110/143 you need to tell the POP3/IMAP server to upgrade the 
connection to TLS. In that case, it will work just fine:


# echo | openssl s_client -connect emu.sbt.net.au:110 -starttls pop3 
2>/dev/null | openssl x509 -noout -enddate

notAfter=Apr 27 12:11:32 2021 GMT

#echo | openssl s_client -connect emu.sbt.net.au:143 -starttls imap 
2>/dev/null | openssl x509 -noout -enddate

notAfter=Apr 27 12:11:32 2021 GMT

Remember that there is a difference between connections that are 
upgraded to TLS (110/143) and connections that use SSL by default 
(995/993). If you don't tell the first that you want to use TLS, the 
server will not present the certificate, unlike the latter.


Regards, Arjen


*tl;dr *: use*-starttls *if you want TLS on a non-TLS port.

-- Yassine

Re: t/s expired cert error

[Yassine Chaouche]

Le 3/2/21 à 9:02 PM, Matthias Kneer a écrit :

# echo | openssl s_client -connect emu.sbt.net.au:110 2>/dev/null |
openssl x509 -noout
 -enddate
unable to load certificate
139830305752976:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE



Your test does not use starttls on port 110, could you retry like this?:
echo | openssl s_client -connect emu.sbt.net.au:110 -starttls pop3 
2>/dev/null | openssl x509 -noout -enddate


Is the clients time / date properly configured? For me all your 
pop3s/imaps/smtps ports answer fine.

I am intrigued about the function of echo in that command line ?

-- Yassine.

Re: Why Last-login?

[Yassine Chaouche]

Le 3/3/21 à 12:57 PM, @lbutlr a écrit :

I've noticed several threads over the last year or so about last-login, and I 
was curious WHY people care about tracking this in the database. I can see 
wanting to know if a user has logged in recently, but this seems quite easy to 
tell by simply looking at the time stamp and/or contents of the mail spool for 
the user.

For example, on my system I can look at the timestamps on the 'new' folders in 
the user's maildir to see if they are getting mail, and if the folders are 
empty, I have a time stamp of when they last checked that mailbox, giving me a 
pretty accurate time for when they last logged in.

For example, looking at one user:

  # ls -lsdtr /path/to/user/maildir/{new,.**/new}

I can see that the most recent "new" mailboxes were accessed on 02 Mar 14:25 
and 03 Mar 01:45, and I can see that the latter mailbox has files in it and the former 
mailbox does not (just by the size, without doing an extra ls of those directories), so I 
know that the last time the user logged in was about 14:25 or later yesterday and that 
they definitely have not logged in in the last 3h05, which seems close enough to me.

Am I missing some reason I would need/want to keep track of that specific login 
time separately?


What about mbox files ?

-- Yassine.

Re: Why Last-login?

[Yassine Chaouche]

Le 3/3/21 à 1:33 PM, Yassine Chaouche a écrit :

What about mbox files ?

-- Yassine.


An alternative would be looking into the dovecot logs, but those are 
neceassrily time bound.
So either keep very large amounts of logs, or store just the login info 
(much shorter) in the

db.

-- Yassine.

Re: Why Last-login?

[Yassine Chaouche]

Le 3/3/21 à 8:16 PM, @lbutlr a écrit :

On 03 Mar 2021, at 05:33, Yassine Chaouche  wrote:

Am I missing some reason I would need/want to keep track of that specific login 
time separately?

What about mbox files ?

Is anyone foolish enough to use mbox in 2021?

You also have dovecot's variant dbox, both in its single and multi
variants.It's also handy to download a single .mbox file from your
gmail account and open it in your mail client. So mbox isn't
really totally dead. Oh, and in addition to mail for system users
which is also typically mbox.

-- Yassine.

Re: Why Last-login?

[Yassine Chaouche]

Le 3/4/21 à 10:00 AM, Greg Wildman a écrit :

E.g. inspecting a mailbox config ('X' used to replace private data)
  Mailbox :   xx...@xxx.co.za
  Created :   2020-08-18 17:45:34
  Description :    X
Quota :   8G, used 6.3 GiB (78%)
   SMTP Limit :   100 per hour

Addresses :   x, xxx, xx

 Can receive mail :   YES

Can send mail :   YES
Can download mail :   YES
  Can filter mail :   YES
   Has IM account :   NO
 Catchall :   NO

Last Modified :   2020-08-18 19:46:12

Last IMAP :   2021-03-04 10:52:03
Last POP3 :   None
Last Delivery :   2021-03-04 10:26:49

 Home :   /srv/hosting/x/x/xx.co.za/mail/xx003

  Sieve rules :   roundcube ACTIVE

  Default
  

This is pretty wild. Is that perl sorcery ?

-- Yassine

Re: Mailbox configuration questions

[Yassine Chaouche]

Le 3/6/21 à 8:36 PM, justina colmena ~biz a écrit :

KMail always seems to put sent mail into a local "sent-mail" folder, rather
than the IMAP Sent folder associated with the sending account. (KMail and
Thunderbird have a more POP-oriented architecture for the desktop, whereas
Trojitá is exclusively IMAP.)


I used both KMail and Thundebird with IMAP quite well. The save sent mail
folder is configurable in both software.

-- Yassine.

Re: cannot see my mails

[Yassine Chaouche]

Le 4/26/21 à 10:22 AM, Jean-Max Reymond a écrit :

> Hi,
> After a change of server, I cannot see my mails. postfix is OK and I
> receive emails. If I send emails, with roundcube or thunderbird, I
> can seethese new sent emails. Access rights seems OK. Dovecot with
> debug trace does not complain. Any tips ?

Hello Jean-Max

You see sent mails but not received mails ?
You see new mails but not old mails ? as if your inbox has just been
created ?


-- Yassine

Re: cannot see my mails

[Yassine Chaouche]

Le 4/26/21 à 10:22 AM, Jean-Max Reymond a écrit :
> After a change of server

When you changed servers, did you copy the contents of (probably)
/var/vmail/ from the old server to the new server ? this is usually
where e-mails are stored.

You can also use imap-sync from old to new server. This should
automatically transfer your old mail there (if old server is still
operationnal)

-- Yassine

Re: Sieve Auth failing (ignore previous message please)

[Yassine Chaouche]

Le 4/28/21 à 7:42 AM, Dan Egli a écrit :


For some reason my sieve daemon won't allow people to log on.
Dan Egli >From my Test Server


1/ Are dovecot-sieve and dovecot-managesieved installed ?

# dpkg-query -W  dovecot-managesieved dovecot-sieve

2/ Is there something listening on the sieve port ?

$ lsof -i :sieve -n

3/ if not, is sieve enabled ?

/etc/dovecot/conf.d/20-lmtp.conf: mail_plugins = $mail_plugins sieve quota

You can start with these 3 points and go from there.
Report back in case you still can't get it to work.

-- Yassine

Re: Problem with Log-File

[Yassine Chaouche]

Le 5/3/21 à 4:19 AM, Volf, Ronald (IRV) a écrit :

Our Dir-Structure is: (for testing, we changed all to mod 777)
    2021-05-03 04:29:32 IRV-20210501-V02-rvh:~ # dir -d /var/  
/var/log/ /var/log/IRV_MdM/ /var/log/IRV_MdM/Dovecot_main.log

    drwxrwxrwx 11 root    root 4096 2021-04-30 20:36:51 /var/
    drwxrwxrwx 21 root    root 4096 2021-05-03 02:53:34 /var/log/
    drwxrwxrwx  4 IRV_MdM IRV_MdMG 4096 2021-05-03 04:28:09 
/var/log/IRV_MdM/
    -rwxrwxrwx  1 IRV_MdM IRV_MdMG   14 2021-05-03 01:36:18 
/var/log/IRV_MdM/Dovecot_main.log

    2021-05-03 04:29:48 IRV-20210501-V02-rvh:~ #

Hello,

You can replace that with namei. For example :

ychaouche#ychaouche-PC 11:39:17 ~ $ namei -l /var/log/dmesg
f: /var/log/dmesg
drwxr-xr-x root root   /
drwxr-xr-x root root   var
drwxrwxr-x root syslog log
-rw-r- root adm    dmesg
ychaouche#ychaouche-PC 11:39:30 ~ $

-- Yassine.

Re: disable pop3 ports?

[Yassine Chaouche]

Le 5/4/21 à 9:25 AM, Christian Kivalo a écrit :



On 2021-05-04 10:20, Dan Egli wrote:

Already did all of that. like I said, EVERY instance of pop3 in the
entire config set is commented out.
Then please post the output of doveconf -n. Seems there is still 
something left.


The list of installed dovecot packages would also be help.


Commenting out is letting the defaults take precedence, not disabling.

-- Yassine

Re: Can't figure out why managesieve (pigeonhole) can't connect

[Yassine Chaouche]

hello Colin,

is anything listening on that port?
you might find lsof and netstat helpful.
also, if roundcube and dovecot are on different servers, you might want to  
check a network cnx to the managesieve port.
cnx refused often means nothing is listening or firewall is filtering.

Yassine.




Le 22 novembre 2022 6:03:08 PM GMT+01:00, co...@colinlikesfood.com a écrit :
>
>
>Subject line says it all?  I am using Roundcube, and every time i click on 
>"filters" i get RC's "unable to connect to server" message.
>
>This might be an SQL error, but i can't figure out how to pull the relevant 
>logs yet.  Please see below and any advice you have is so very appreciated
>
>SYSLOG:
>---
>Nov 22 10:29:27 mail roundcube[66295]:  PHP Error: Connection 
>refused (GET /index.php?_task=settings&_action=plugin.managesieve)
>Nov 22 10:29:27 mail roundcube[66295]:  PHP Error: Unable to connect 
>to managesieve on obfuscated.domain:4190 in 
>/usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
> on line 221 (GET /index.php?_task=settings&_action=plugin.managesieve)
>Nov 22 10:29:27 mail roundcube[66295]:  PHP Error: Not currently in 
>AUTHORISATION state (GET /index.php?_task=settings&_action=plugin.managesieve)
>Nov 22 10:29:27 mail php[66295]:  PHP Error: Not currently connected 
>(GET /index.php?_task=settings&_action=plugin.managesieve)
>Nov 22 10:29:31 mail roundcube[66295]:  PHP Error: Connection 
>refused (GET 
>/index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide)
>Nov 22 10:29:31 mail roundcube[66295]:  PHP Error: Unable to connect 
>to managesieve on obfuscated.domain:4190 in 
>/usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
> on line 221 (GET 
>/index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide)
>Nov 22 10:29:31 mail php[66295]:  PHP Error: Not currently connected 
>(GET 
>/index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide)
>Nov 22 10:29:43 mail roundcube[71055]:  PHP Error: Connection 
>refused (POST /?_task=settings&_action=plugin.managesieve-save)
>Nov 22 10:29:43 mail roundcube[71055]:  PHP Error: Unable to connect 
>to managesieve on obfuscated.domain:4190 in 
>/usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
> on line 221 (POST /?_task=settings&_action=plugin.managesieve-save)
>Nov 22 10:29:43 mail roundcube[71055]: PHP Warning:  Trying to access array 
>offset on value of type null in 
>/usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
> on line 1065
>Nov 22 10:29:43 mail php[71055]:  PHP Error: Not currently connected 
>(POST /?_task=settings&_action=plugin.managesieve-save)
>
>DOVECOT.LOG:
>---
>Nov 22 10:28:58 mail roundcube[66297]:  [43CD] C: A0008 LOGOUT
>Nov 22 10:28:58 mail dovecot[8514]: 
>imap(obfusca...@user.name)<8609>: Disconnected: Logged out 
>in=219 out=1045 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 
>body_count=0 body_bytes=0
>Nov 22 10:28:58 mail roundcube[66297]:  [43CD] S: * BYE Logging out
>Nov 22 10:28:58 mail roundcube[66297]:  [43CD] S: A0008 OK Logout 
>completed (0.001 + 0.000 secs).
>Nov 22 10:29:25 mail roundcube[66295]:  [1] SELECT "vars", "ip", 
>"changed", datetime('now') AS ts, CASE WHEN "changed" < datetime('now', '-600 
>seconds') THEN 1 ELSE 0 END AS expired FROM "session" WHERE "sess_id" = 
>'keirks4pbepr17um9mvj1qsvt2';
>Nov 22 10:29:25 mail roundcube[66295]:  [2] SELECT * FROM "users" 
>WHERE "user_id" = '2';
>Nov 22 10:29:25 mail roundcube[66295]:  [3] UPDATE "session" SET 
>"changed" = datetime('now'), "vars" = 
>'bGFuZ3VhZ2V8czo1OiJlbl9VUyI7aW1hcF9uYW1lc3BhY2V8YTo0OntzOjg6InBlcnNvbmFsIjthOjE6e2k6MDthOjI6e2k6MDtzOjA6IiI7aToxO3M6MToiLyI7fX1zOjU6Im90aGVyIjtOO3M6Njoic2hhcmVkIjtOO3M6MTA6InByZWZpeF9vdXQiO3M6MDoiIjt9aW1hcF9kZWxpbWl0ZXJ8czoxOiIvIjtpbWFwX2xpc3RfY29uZnxhOjI6e2k6MDtOO2k6MTthOjA6e319dXNlcl9pZHxpOjI7dXNlcm5hbWV8czoyNDoiY29saW5AY29saW5saWtlc2Zvb2QuY29tIjtzdG9yYWdlX2hvc3R8czoxODoiY29saW5saWtlc2Zvb2QuY29tIjtzdG9yYWdlX3BvcnR8aToxNDM7c3RvcmFnZV9zc2x8czozOiJ0bHMiO3Bhc3N3b3JkfHM6NDQ6ImNYOCt0VmJXV010VEMxRTlXQVB4ZjVOSlU1bWlKa2ZveC8xRWpuZVB2Ym89Ijtsb2dpbl90aW1lfGk6MTY2OTA2MzM4OTt0aW1lem9uZXxzOjE1OiJBbWVyaWNhL0NoaWNhZ28iO2F1dGhfc2VjcmV0fHM6MjY6ImNHdkc4ZWR5QmFmNWJITVpISG5sTEY3ZmpZIjtyZXF1ZXN0X3Rva2VufHM6MzI6IkM5VXlNNVBMUnhSeERiVm9HTlNMNjdVZ05NaWE4WVZGIjt0YXNrfHM6ODoic2V0dGluZ3MiO3NraW5fY29uZmlnfGE6Nzp7czoxNzoic3VwcG9ydGVkX2xheW91dHMiO2E6MTp7aTowO3M6MTA6IndpZGVzY3JlZW4iO31zOjIyOiJqcXVlcnlfdWlfY29sb3JzX3RoZW1lIjtzOjk6ImJvb3RzdHJhcCI7czoxODoiZW1iZWRfY3NzX2xvY2F0aW9uIjtzOjE3OiIvc3R5bGVzL2VtYmVkLmNzcyI7c
>zoxOToiZWRpdG9yX2Nzc19sb2NhdGlvbiI7czoxNzoiL3N0eWxlcy9lbWJlZC5jc3MiO3M6MTc6ImRhcmtfbW9kZV9zdXBwb3J0IjtiOjE7czoyNjoibWVkaWFfYnJvd3Nlcl9jc3NfbG9jYXRpb24iO3M6NDoibm9uZSI7czoyMToiYWRkaXRpb25hbF9sb2dvX3R5cGVzIjthOjM6e2k6MDtzOjQ6ImRhcmsiO2k6MTtzOjU6InNtYWxsIjtpOjI7czoxMDoic21hbGwtZGFyayI7fX1pbWFwX2hvc3R8czoxODoiY29saW5saWtlc2Zvb2Q

Re: Can't figure out why managesieve (pigeonhole) can't connect

[Yassine Chaouche]

also make sure your are editing config.php and not config.inc.php (which you 
pasted)

Yassine.

Le 23 novembre 2022 8:30:36 PM GMT+01:00, Yassine Chaouche 
 a écrit :
>good. we have established that the problem shouldn't be on dovecot's side. i 
>suspect roundcube is misconfigured or can't connect for some reason. I believe 
>someone mentioned SSL and TLS support problem in RC for a specific version? 
>can you try without? also can you paste RC config? 
>
>Yassine.
>

Re: Can't figure out why managesieve (pigeonhole) can't connect

[Yassine Chaouche]

good. we have established that the problem shouldn't be on dovecot's side. i 
suspect roundcube is misconfigured or can't connect for some reason. I believe 
someone mentioned SSL and TLS support problem in RC for a specific version? can 
you try without? also can you paste RC config? 

Yassine.


Le 23 novembre 2022 4:44:23 PM GMT+01:00, co...@colinlikesfood.com a écrit :
>
>
>thanks for your reply - dovecot and roundcube are on the same server, and i am 
>able to authenticate both a telnet and an openssl connection with manageseieve 
>on that port from both the same machine and another machine, so i think that 
>has to mean managesieve is listening, correct?
>
>On 2022-11-23 04:09, Yassine Chaouche wrote:
>
>> hello Colin,
>> 
>> is anything listening on that port?
>> you might find lsof and netstat helpful.
>> also, if roundcube and dovecot are on different servers, you might want to 
>> check a network cnx to the managesieve port.
>> cnx refused often means nothing is listening or firewall is filtering.
>> 
>> Yassine.
>> 
>> Le 22 novembre 2022 6:03:08 PM GMT+01:00, co...@colinlikesfood.com a écrit :
>> 
>>> Subject line says it all?  I am using Roundcube, and every time i click on 
>>> "filters" i get RC's "unable to connect to server" message.
>>> 
>>> This might be an SQL error, but i can't figure out how to pull the relevant 
>>> logs yet.  Please see below and any advice you have is so very appreciated
>>> 
>>> SYSLOG:
>>> ---
>>> Nov 22 10:29:27 mail roundcube[66295]:  PHP Error: Connection 
>>> refused (GET /index.php?_task=settings&_action=plugin.managesieve)
>>> Nov 22 10:29:27 mail roundcube[66295]:  PHP Error: Unable to 
>>> connect to managesieve on obfuscated.domain:4190 in 
>>> /usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
>>>  on line 221 (GET /index.php?_task=settings&_action=plugin.managesieve)
>>> Nov 22 10:29:27 mail roundcube[66295]:  PHP Error: Not currently 
>>> in AUTHORISATION state (GET 
>>> /index.php?_task=settings&_action=plugin.managesieve)
>>> Nov 22 10:29:27 mail php[66295]:  PHP Error: Not currently 
>>> connected (GET /index.php?_task=settings&_action=plugin.managesieve)
>>> Nov 22 10:29:31 mail roundcube[66295]:  PHP Error: Connection 
>>> refused (GET 
>>> /index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide)
>>> Nov 22 10:29:31 mail roundcube[66295]:  PHP Error: Unable to 
>>> connect to managesieve on obfuscated.domain:4190 in 
>>> /usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
>>>  on line 221 (GET 
>>> /index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide)
>>> Nov 22 10:29:31 mail php[66295]:  PHP Error: Not currently 
>>> connected (GET 
>>> /index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide)
>>> Nov 22 10:29:43 mail roundcube[71055]:  PHP Error: Connection 
>>> refused (POST /?_task=settings&_action=plugin.managesieve-save)
>>> Nov 22 10:29:43 mail roundcube[71055]:  PHP Error: Unable to 
>>> connect to managesieve on obfuscated.domain:4190 in 
>>> /usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
>>>  on line 221 (POST /?_task=settings&_action=plugin.managesieve-save)
>>> Nov 22 10:29:43 mail roundcube[71055]: PHP Warning:  Trying to access array 
>>> offset on value of type null in 
>>> /usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
>>>  on line 1065
>>> Nov 22 10:29:43 mail php[71055]:  PHP Error: Not currently 
>>> connected (POST /?_task=settings&_action=plugin.managesieve-save)
>>> 
>>> DOVECOT.LOG:
>>> ---
>>> Nov 22 10:28:58 mail roundcube[66297]:  [43CD] C: A0008 LOGOUT
>>> Nov 22 10:28:58 mail dovecot[8514]: 
>>> imap(obfusca...@user.name)<8609>: Disconnected: Logged 
>>> out in=219 out=1045 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 
>>> body_count=0 body_bytes=0
>>> Nov 22 10:28:58 mail roundcube[66297]:  [43CD] S: * BYE Logging 
>>> out
>>> Nov 22 10:28:58 mail roundcube[66297]:  [43CD] S: A0008 OK Logout 
>>> completed (0.001 + 0.000 secs).
>>> Nov 22 10:29:25 mai

Re: Can't figure out why managesieve (pigeonhole) can't connect

[Yassine Chaouche]

  
  
Le 11/23/22 à 11:27 PM, Benny Pedersen a
  écrit :

Yassine Chaouche skrev den 2022-11-23 20:35:

  
  also make sure your
  are editing config.php and not config.inc.php
  
  (which you pasted)
  

  
roundcube uses default.inc.php < dont edit this one, and
config.inc.php < edit this one

  

Ah indeed! thanks for catching this.
  
  Best,
  
  -- 
  Yassine -- sysadm
  
  
  

  

Re: Can't figure out why managesieve (pigeonhole) can't connect

[Yassine Chaouche]

tls -p 4190 10.0.0.91
Processed 142 CA certificate(s).
Resolving '10.0.0.91:4190'...
Connecting to '10.0.0.91:4190'...
  - Simple Client Mode:
  "IMPLEMENTATION" "dovecot"
"SIEVE" "fileinto reject envelope encoded-character vacation
subaddress comparator-i;ascii-numeric relational regex
imap4flags copy include variables body enotify environment
mailbox date index ihave duplicate mime foreverypart
extracttext"
"NOTIFY" "mailto"
"SASL" "CRAM-MD5"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."
STARTTLS
OK "Begin TLS negotiation now."
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=obfuscated.domain.com', issuer `CN=R3,O=Let's
Encrypt,C=US', serial xx, RSA key 2048 bits,
signed using RSA-SHA256, activated `-mm-dd 17:48:15 UTC',
expires `-mm-dd 17:48:14 UTC',
pin-sha256="xx"
        Public Key ID:
                sha1:xx
                sha256:xx
        Public Key PIN:
                pin-sha256:xx
  - Certificate[1] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root
X1,O=Internet Security Research Group,C=US', serial
xx, RSA key 2048 bits, signed using
RSA-SHA256, activated `-mm-dd 00:00:00 UTC', expires
`-mm-dd 16:00:00 UTC', pin-sha256="xx"
- Certificate[2] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research
Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust
Co.', serial -mm-dd, RSA key 4096 bits, signed using
RSA-SHA256, activated `-mm-dd 19:14:03 UTC', expires
`-mm-dd 18:14:03 UTC', pin-sha256="xx"
- Status: The certificate is NOT trusted. The name in the
certificate does not match the expected.
*** PKI verification of server certificate failed...
Host 10.0.0.91 (sieve) has never been contacted before.
Its certificate is valid for 10.0.0.91.
Are you sure you want to trust it? (y/N): y
- Description:
    (TLS1.3-X.509)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
- Session ID: xx:yy:xx:yy:xx:yy...
- Options:
"IMPLEMENTATION" "dovecot"
"SIEVE" "fileinto reject envelope encoded-character vacation
subaddress comparator-i;ascii-numeric relational regex
imap4flags copy include variables body enotify environment
mailbox date index ihave duplicate mime foreverypart
extracttext"
"NOTIFY" "mailto"
"SASL" "CRAM-MD5"
"VERSION" "1.0"
OK "TLS negotiation successful."
  
  
  
  
  On 2022-11-23 13:35, Yassine Chaouche wrote:
  
also make sure your are editing config.php and not
  config.inc.php (which you pasted)
  
  Yassine.
  
  Le 23 novembre 2022 8:30:36 PM GMT+01:00, Yassine Chaouche
  <a.chaou...@algerian-radio.dz>
  a écrit :
  good. we have established that
the problem shouldn't be on dovecot's side. i suspect
roundcube is misconfigured or can't connect for some reason.
I believe someone mentioned SSL and TLS support problem in
RC for a specific version? can you try without? also can you
paste RC config? 

Yassine.

  

  
  


  

Re: Can't figure out why managesieve (pigeonhole) can't connect

[Yassine Chaouche]

  
  

Le 11/27/22 à
3:48 PM, Yassine Chaouche a écrit :


  
  
  [...]

Here's what works for me : 

  
In particular : 

 root@messagerie-principale[10.10.10.19]
/var/www/roundcubemail-1.2.4/plugins/managesieve #
pretty.remove.blanks+comments config.inc.php

[...]
$config['managesieve_usetls'] = false;
$config['managesieve_conn_options'] = null;
[...]
root@messagerie-principale[10.10.10.19]
/var/www/roundcubemail-1.2.4/plugins/managesieve #

  
Best,
-- 
Yassine -- sysadm
57 33
  

Re: Shared mailbox listing not working

[Yassine Chaouche]

Le 9/11/23 à 16:04, exactoph via dovecot a écrit :

Hi there,

Having trouble with shared mailboxes. Followed the documentation, but the IMAP LIST 
doesn't work for mailboxes besides "INBOX" etc.
In the meantime I've switched from file based acl_shared_dict to DB based as 
some people had problems with it. However still no success.

I can see entries in the DB, doveadm acl get ... returns that the mailbox is 
shared, but it is not listed in doveadm mailbox list ...
My configuration: https://pastebin.com/aWnMXJ4J

Help would be very appreciated!
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org



If you made sure that the mailbox is shared,
maybe the other mailbox who wants to access it needs to subscribe first.

Best,

--
Yassine -- sysadm
57 33
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

SQL Authentication when the password contains spaces

[Yassine Chaouche]

Dear list,

I created a dovecot mysql user with a password containing spaces.
When I try to run doveadm fetch (to test the sql authentication),
I get the following error message in the logs:


Feb 11 17:37:32 auth: Fatal: sqlpool: Missing value in connect string: xxx

the connect line was:

connect = "host=localhost dbname=mail user=dovecot password=xxx xxx xxx"

The following code source
taken from dovecot's github repo[1],
suggests that the parsing relies on spaces as field separators.



static int driver_mysql_parse_connect_string(struct mysql_db *db,
 const char *connect_string,
 const char **error_r)
{
const char *const *args, *name, *value;
const char **field;

db->ssl_cipher = "HIGH";
db->ssl_verify_server_cert = 1;
db->connect_timeout = SQL_CONNECT_TIMEOUT_SECS;
db->read_timeout = MYSQL_DEFAULT_READ_TIMEOUT_SECS;
db->write_timeout = MYSQL_DEFAULT_WRITE_TIMEOUT_SECS;

args = t_strsplit_spaces(connect_string, " ");
for (; *args != NULL; args++) {
value = strchr(*args, '=');
if (value == NULL) {
*error_r = t_strdup_printf("Missing value in connect string: 
%s",
   *args);
return -1;
}
[...]




How do I supply the connection string in a suitable way?


References:

[1] dovecot source code on github
https://github.com/dovecot/core/blob/main/src/lib-sql/driver-mysql.c#L194


Troubleshooting info:

Dovecot v2.3.19.1 (9b53102964) starting up for imap, lmtp, pop3 (core dumps 
disabled)
on Debian 12


--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: SQL Authentication when the password contains spaces

[Yassine Chaouche]

Le 2/12/24 à 06:18, Aki Tuomi via dovecot a écrit :


Would it be possible to use a password without spaces?


Sure.
I just wanted to check with you (the list)
that I'm not missing an undocumented feature.

Best,

--
Yassine -- sysadm
53 46
023 50 01 11
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Using SHA256/512 for SQL based password

[Yassine Chaouche via dovecot]

On 2/12/19 5:05 PM, Robert Moskowitz via dovecot wrote:
I have trying to find how to set the dovecot-sql.conf for using 
SHA256/512.  I am going to start clean with the stronger format, not 
migrate from the old MD5.  It seems all I need is:

[...] default_pass_scheme = SHAxxx-CRYPT [...]


How do your users change their password ?

Here's how I configured my roundcube's password plugin to keep things 
together ($roundcubefolder/plugins/password/config.php)


$config['password_algorithm']    = 'dovecot';

$config['password_algorithm_prefix'] = '{SHA512-CRYPT}';

$config['password_dovecotpw_method'] = 'SHA512-CRYPT';

$config['password_query']    = "UPDATE mail.users SET password=%P WHERE 
email=%u LIMIT 1";

I left other fields alone.

Yassine.

Re: Error sending email from client

[Yassine Chaouche via dovecot]

On 2/18/19 2:29 PM, Latin Bishop via dovecot wrote:


Feb 18 08:26:41 pepino postfix/smtps/smtpd[5328]: warning: unknown smtpd restriction: 
"permit_ssl_authenticated"


Try to change

permit_ssl_authenticated

to

permit_s*a*sl_authenticated

(+a)

But as Sami said this is a postfix issue and you should have more 
replies in the postfix list instead.


Yassine.

Re: Using SHA256/512 for SQL based password

[Yassine Chaouche via dovecot]

On 2/20/19 3:28 PM, Robert Moskowitz via dovecot wrote:


Here's how I configured my roundcube's password plugin to keep things 
together ($roundcubefolder/plugins/password/config.php)


$config['password_algorithm']    = 'dovecot';
$config['password_algorithm_prefix'] = '{SHA512-CRYPT}';
$config['password_dovecotpw_method'] = 'SHA512-CRYPT';
$config['password_query']    = "UPDATE mail.users SET password=%P WHERE 
email=%u LIMIT 1";

I left other fields alone.

Yassine.

Thanks much better info than I was seeing in my googling.  Except I 
would not use %p:


// The SQL query used to change the password.
// The query can contain the following macros that will be expanded as 
follows:

// %p is replaced with the plaintext new password
// %c is replaced with the crypt version of the new password, MD5 if 
available

// otherwise DES.
// %D is replaced with the dovecotpw-crypted version of the new password
[...]

%D seems to be what I want...

the rcmail_config[] syntax you pasted in your mail indicates you're 
using a very old version of roundcube. Here's the relevant content of my 
version of the password plugin :


// The SQL query used to change the password.

// The query can contain the following macros that will be expanded as follows:

//  %p is replaced with the plaintext new password

//  %P is replaced with the crypted/hashed new password

// according to configured password_method
[...}

// Deprecated macros:

//  %c is replaced with the crypt version of the new password, MD5 if 
available

// otherwise DES. More hash function can be enabled using the 
password_crypt_hash

// configuration parameter.

//  %D is replaced with the dovecotpw-crypted version of the new password
[...]


Notice the difference b/w %p and %P. Also notice that %D is marked as 
deprecated.




And in mysql, I believe the table is mailbox.

Oh that depends entirely on your choice of naming and what table 
structure you have chosen.


I got from: 
https://kaworu.ch/blog/2016/04/20/strong-crypt-scheme-with-dovecot-postfixadmin-and-roundcube/



Ah, it seems Aki and I have already visited this link before ^^'

Yassine.

Re: Linking mailboxes

[Yassine Chaouche via dovecot]

Hello Kunal,

I've done this once, and it was for bakcup mail too :) in this page 
(https://ychaouche.informatick.net/dovecotsharefolders) I describe how I 
shared folders between main e-mail account and backup e-mail account 
with symlinks and dovecot-acl files pretty easily.


Yassine.

On 2/24/19 6:57 PM, Aki Tuomi via dovecot wrote:


On 24 February 2019 18:17 "Kunal A. via dovecot" 
 wrote:



Hi,
I am new to Dovecot and I am trying to link an email account folder 
to another Maildir(its a backup of the older email). I want the email 
account to be able to access the older emails.

I am assuming this is done by creating a symlink?

Currently reading instructions on this page:-
https://wiki.dovecot.org/SharedMailboxes/Symlinks

At the moment I have the folder:-
/var/mail/vhosts/ example.com/email1/Maildir/.INBOX.newfolder 



Inside the folder:-

drwx--. 2 vmail vmail 4096 Feb 23 13:39 cur
-rw---. 1 vmail vmail  232 Feb 23 13:43 dovecot.index.log
-rw---. 1 vmail vmail   51 Feb 23 13:43 dovecot-uidlist
-rw---. 1 vmail vmail    0 Feb 23 13:39 maildirfolder
drwx--. 2 vmail vmail 4096 Feb 23 13:39 new
lrwxrwxrwx. 1 root  root    45 Feb 23 13:46 Other -> 
/run/media/computer/Storage/Email/mail/Other

drwx--. 2 vmail vmail 4096 Feb 23 13:39 tmp
lrwxrwxrwx. 1 root  root 5 Feb 23 13:46 Users -> Users

I am not able to access the folders in the Other folder 
structure(inside other there are other email inboxes ie( 
ema...@example.com , ema...@example.com 
,etc.). I want to get access to all the 
email subfolders. Could someone here advise how to do this or point 
me to some tutorials for this. Sincere apologies for this and many 
thanks in advance for helping...



Dovecot -n output :-

# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
# OS: Linux 4.20.10-200.fc29.x86_64 x86_64 Fedora release 29 (Twenty 
Nine)

# Hostname: computer
auth_mechanisms = plain login
mail_location = maildir:~/Maildir
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
postmaster_address = postmaster at example.com 
protocols = imap pop3
service auth-worker {
  user = vmail
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = dovecot
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
ssl = required
ssl_cert = 

Try setting mail_debug=yes and provide logs. This gives better insight 
as to what happens.


---
Aki Tuomi

Re: Linking mailboxes

[Yassine Chaouche via dovecot]

So did you get everything fixed up ?

> doveadm(lightdm): Error: Can't open mailbox Storage/Email: 
stat(/run/media/computer/Storage/Email/tmp) failed: Permission denied 
(euid=976(lightdm) egid=976(lightdm) missing +x perm: 
/run/media/computer/Storage/Email, dir owned by 5000:5000 mode=0700)


Now it's another user that needs to access that directory (lightdm, 
euid=976). I would add lightdm to the vmail group and make the directory 
group readable and accessible, so chmod g+rx 
/run/media/computer/Storage/Email and any other folder it's complaining 
about.


Yassine.

Re: Dovecot Logging and Shell Script Hang

[Yassine Chaouche via dovecot]

On 2/27/19 7:00 PM, Aki Tuomi via dovecot wrote:


On 27 February 2019 18:49 Asai via dovecot  wrote:


Greetings,

We have a PHP based shell script that runs a doveadm backup routine.

[...] the shell script would run for a few minutes and then hang, as it added 
more log messages to the dsync STDOUT.


You might want to enable mail_log plugin for imap/pop3 protocols only.


I would also log what the backup script is doing and go from there ?

If PHP supports signal handling, you could also try to see if there's 
traceback library for PHP and attach the traceback functions to a system 
signal like SIGUSR1 in your backup script. You can send that signal from 
the command line (with kill) whenever you script hangs. This would give 
you the exact stack of function calls that lead to the hangup.


If you want, you can check this archived page (https://archive.li/bi3rZ) 
(skip to Where was the program hanging ?). Although it's written for a 
python program, you can apply the same principles for PHP.


Yassine.

Re: readonly archive folders using squashfs

[Yassine Chaouche via dovecot]

For every u...@domain.tld I created a u...@backup.domain.tld where he 
could look up deleted messages (archive).


I then made u...@backup.domain.tld's cur directory a shared directory to 
u...@domain.tld but only with read privileges. So, anytime the user 
wants to read his old messages, he only needs to read his .archive 
folder, which is u...@backup.domain.tld's cur. No need to make the 
filesystem read-only.


The difficulty is to make sure that every e-mail, sent or received, gets 
backed up properly before being deleted. Relying on cron jobs is not an 
option since the e-mail can be deleted and expunged before the script 
has a chance to get executed and do the backup. So what I did is to 
create a hidden sieve filter for every user's **main** mailbox 
(u...@domain.tld) that automatically creates a copy of every incoming 
message to the u...@backup.domain.tld mailbox. For outgoing e-mail, one 
can do a bcc map in postfix (or the equivalent in other SMTP software) 
that ensures that every sent mail is also sent to 
user+s...@backup.domain.tld, then you can create a filter in the user's 
**backup** mailbox (u...@backup.domain.tld) that filters on the 
user+sent part of the e-mail and stores every e-mail sent to that e-mail 
address to the .Sent directory in the u...@backup.domain.tld mailbox.



Finally, the backup.domain.tld doesn't even have to be declared in the 
DNS nor in /etc/hosts and can be entirely virtual to the MTA (for ex. in 
postfix that would only be added to virtual_mailbox_domains)


Yassine.

On 3/8/19 12:49 AM, Natu via dovecot wrote:

I have a dovecot server running under CentOS using maildir format.  Due
to the issue with minimum blocksize for files I would like to offer some
kind of readonly archive using something like the compressed squashfs
where I would move messages to be archived to a maildir folder and then
convert "cur" directory into a squashfs and mount it in place of the
original directory so my biggest users could have readonly access to
older messages without it using so much disk space.

Has anyone tried anything like this before and is dovecot likely to
complain about the readonly cur directory?  If the complaints are
minimal and didn't cause other problems it might be ok.  Any better
ideas to implement something like this?

Thank You,

Natu

Re: sieve vacation to an alias group

[Yassine Chaouche via dovecot]

On 3/9/19 12:41 PM, Monis Monther via dovecot wrote:


Hi,

We have an alias group named x...@example.com , 
this alias group has 3 actual users a...@example.com 
, b...@example.com  and 
c...@example.com 


We set vacation rule on the generic sieve rule, the problem is that 3 
responses are sent to the original sender. (obviously because the rule 
is being executed with each user in the alias group)


Is it possible to set auto response only once, we tried the ( :days 1) 
option but still all 3 respond back.


How can such a setup be achieved. (Single auto response to an alias group)

CentOS 7.5
dovecot-pigeonhole-2.3.4.1-1.x86_64
dovecot-2.3.4.1-1.x86_64
postfix 2.10-1


--
Best Regards
Monis


Hello Monis,

As a workaround, you can turn x...@example.com into an actual mailbox and 
give a...@example.com, b...@example.com and c...@example.com read-only shared 
folder access.


Yassine.

Re: sieve vacation to an alias group

[Yassine Chaouche via dovecot]

On 3/10/19 9:07 AM, Yassine Chaouche via dovecot wrote:


On 3/9/19 12:41 PM, Monis Monther via dovecot wrote:


Hi,

We have an alias group named x...@example.com 
<mailto:x...@example.com>, this alias group has 3 actual users 
a...@example.com <mailto:a...@example.com>, b...@example.com 
<mailto:b...@example.com> and c...@example.com <mailto:c...@example.com>


We set vacation rule on the generic sieve rule, the problem is that 3 
responses are sent to the original sender. (obviously because the 
rule is being executed with each user in the alias group)


Is it possible to set auto response only once, we tried the ( :days 
1) option but still all 3 respond back.


How can such a setup be achieved. (Single auto response to an alias 
group)


CentOS 7.5
dovecot-pigeonhole-2.3.4.1-1.x86_64
dovecot-2.3.4.1-1.x86_64
postfix 2.10-1


--
Best Regards
Monis


Hello Monis,

As a workaround, you can turn x...@example.com into an actual mailbox 
and give a...@example.com, b...@example.com and c...@example.com read-only 
shared folder access.


Yassine.



As a request for comments and improvements, here's a my script to share 
folders via acl files and symlinks (dovecot must be configured 
accordingly) :


root@messagerie[10.10.10.19] /usr/local/scripts/mail # cat 
sharemailbox.single

#!/bin/bash

function create_link {
    l_src=$1
    l_dst=$2
    l_maildir=$3
    t_maildir=$(echo "$3" | tr . ․)
    t_dst="$l_dst"/.shared."$t_maildir"
    echo pointing "$t_dst" to "$l_src"
    echo ln -s "$l_src/" "$t_dst"
    ln -s "$l_src/" "$t_dst"

}


function verifier_email {
    l_email=$1
    if ! searchmailbox.strict.sql $l_email > /dev/null
    then
    echo "l'utilisateur $l_email n'a pas pu être trouvé dans la 
base de données." >&2

    return 1
    fi
    return 0
}

function set_acl {
    l_maildir=$1
    l_email=$2
    echo "giving $l_email access to $l_maildir"
    if [ ! -d $l_maildir ]
    then
    #.Sent isn't there yet.
    return
    fi
    acl_file="$l_maildir/dovecot-acl"
    echo "echo user=$l_email lr >> $acl_file"
    echo user="$l_email" lr >> "$acl_file"
    chown vmail:vmail "$acl_file"
}


if [ "$#" -lt 2 ]
then
    echo "usage : $0 part...@domain.com us...@domain.com 
us...@domain.com ... "

    exit 1
fi

email="$1"
inbox="${email%@*}"
domain="${email#*@}"
src="/var/vmail/$domain/$inbox"
if ! verifier_email "$email"
then
    echo "exit at 1"
    exit 1
fi


shift
for share_email in $@
do
    if ! verifier_email $share_email
    then
    continue
    fi
    share_inbox="${share_email%@*}"
    share_domain="${share_email#*@}"
    share_maildir=/var/vmail/"$share_domain"/"$share_inbox"
    #echo grep "$share_email" "$src"/dovecot-acl
    if grep "$share_email" "$src"/dovecot-acl > /dev/null 2>&1
    then
    # then is executed when exit status is 0
    # exist status is 0 when there is a match
    echo "$share_email" has already access to "$email"
    else
    set_acl $src $share_email
    create_link $src $share_maildir $inbox
    fi
done
root@messagerie[10.10.10.19] /usr/local/scripts/mail #

Re: sieve vacation to an alias group

[Yassine Chaouche via dovecot]

I am curious to know how did you define the filter on an alias in the 
first place ? is it a filter defined globaly in dovecot ? I don't see 
how it can be defined in any individual mailbox. Can you show the 
dovecot/sieve configuration to achieve this ?


Yassine.

On 3/10/19 11:40 AM, Monis Monther via dovecot wrote:

Hi Yassine,

Thanks for the effort, unfortunately, we cannot turn it into an actual 
mailbox, this is a long story that I don't want to include here. but 
it would not be a valid option in our environment. Any other ideas


Is it possible to do it with vacation? Is there another auto responder 
or plugin that can achieve this? How do ticketing systems handle this?


Thanks
Monis

On Sun, Mar 10, 2019 at 11:13 AM Yassine Chaouche via dovecot 
mailto:dovecot@dovecot.org>> wrote:



On 3/10/19 9:07 AM, Yassine Chaouche via dovecot wrote:


On 3/9/19 12:41 PM, Monis Monther via dovecot wrote:


Hi,

We have an alias group named x...@example.com
<mailto:x...@example.com>, this alias group has 3 actual users
a...@example.com <mailto:a...@example.com>, b...@example.com
<mailto:b...@example.com> and c...@example.com <mailto:c...@example.com>

We set vacation rule on the generic sieve rule, the problem is
that 3 responses are sent to the original sender. (obviously
because the rule is being executed with each user in the alias
group)

Is it possible to set auto response only once, we tried the (
:days 1) option but still all 3 respond back.

How can such a setup be achieved. (Single auto response to an
alias group)

CentOS 7.5
dovecot-pigeonhole-2.3.4.1-1.x86_64
dovecot-2.3.4.1-1.x86_64
postfix 2.10-1


-- 
Best Regards

Monis


Hello Monis,

As a workaround, you can turn x...@example.com
<mailto:x...@example.com> into an actual mailbox and give
a...@example.com <mailto:a...@example.com>, b...@example.com
<mailto:b...@example.com> and c...@example.com <mailto:c...@example.com>
read-only shared folder access.

Yassine.



As a request for comments and improvements, here's a my script to
share folders via acl files and symlinks (dovecot must be
configured accordingly) :

root@messagerie[10.10.10.19] /usr/local/scripts/mail # cat
sharemailbox.single
#!/bin/bash

function create_link {
    l_src=$1
    l_dst=$2
    l_maildir=$3
    t_maildir=$(echo "$3" | tr . ․)
    t_dst="$l_dst"/.shared."$t_maildir"
    echo pointing "$t_dst" to "$l_src"
    echo ln -s "$l_src/" "$t_dst"
    ln -s "$l_src/" "$t_dst"

}


function verifier_email {
    l_email=$1
    if ! searchmailbox.strict.sql $l_email > /dev/null
    then
    echo "l'utilisateur $l_email n'a pas pu être trouvé dans
la base de données." >&2
    return 1
    fi
    return 0
}

function set_acl {
    l_maildir=$1
    l_email=$2
    echo "giving $l_email access to $l_maildir"
    if [ ! -d $l_maildir ]
    then
    #.Sent isn't there yet.
    return
    fi
    acl_file="$l_maildir/dovecot-acl"
    echo "echo user=$l_email lr >> $acl_file"
    echo user="$l_email" lr >> "$acl_file"
    chown vmail:vmail "$acl_file"
}


if [ "$#" -lt 2 ]
then
    echo "usage : $0 part...@domain.com
<mailto:part...@domain.com> us...@domain.com
<mailto:us...@domain.com> us...@domain.com
<mailto:us...@domain.com> ... "
    exit 1
fi

email="$1"
inbox="${email%@*}"
domain="${email#*@}"
src="/var/vmail/$domain/$inbox"
if ! verifier_email "$email"
then
    echo "exit at 1"
    exit 1
fi


shift
for share_email in $@
do
    if ! verifier_email $share_email
    then
    continue
    fi
    share_inbox="${share_email%@*}"
    share_domain="${share_email#*@}"
share_maildir=/var/vmail/"$share_domain"/"$share_inbox"
    #echo grep "$share_email" "$src"/dovecot-acl
    if grep "$share_email" "$src"/dovecot-acl > /dev/null 2>&1
    then
    # then is executed when exit status is 0
    # exist status is 0 when there is a match
    echo "$share_email" has already access to "$email"
    else
    set_acl $src $share_email
    create_link $src $share_maildir $inbox
    fi
done
root@messagerie[10.10.10.19] /usr/local/scripts/mail #



--
Best Regards
Monis

Re: sieve vacation to an alias group

[Yassine Chaouche via dovecot]

Since sending to the alias will send to a, b and c, just define the 
filter on one mailbox only instead of making it global I guess.


Yassine.

On 3/10/19 11:51 AM, Yassine Chaouche via dovecot wrote:


I am curious to know how did you define the filter on an alias in the 
first place ? is it a filter defined globaly in dovecot ? I don't see 
how it can be defined in any individual mailbox. Can you show the 
dovecot/sieve configuration to achieve this ?


Yassine.

On 3/10/19 11:40 AM, Monis Monther via dovecot wrote:

Hi Yassine,

Thanks for the effort, unfortunately, we cannot turn it into an 
actual mailbox, this is a long story that I don't want to include 
here. but it would not be a valid option in our environment. Any 
other ideas


Is it possible to do it with vacation? Is there another auto 
responder or plugin that can achieve this? How do ticketing systems 
handle this?


Thanks
Monis

On Sun, Mar 10, 2019 at 11:13 AM Yassine Chaouche via dovecot 
mailto:dovecot@dovecot.org>> wrote:



On 3/10/19 9:07 AM, Yassine Chaouche via dovecot wrote:


On 3/9/19 12:41 PM, Monis Monther via dovecot wrote:


Hi,

We have an alias group named x...@example.com
<mailto:x...@example.com>, this alias group has 3 actual users
a...@example.com <mailto:a...@example.com>, b...@example.com
<mailto:b...@example.com> and c...@example.com <mailto:c...@example.com>

We set vacation rule on the generic sieve rule, the problem is
that 3 responses are sent to the original sender. (obviously
because the rule is being executed with each user in the alias
group)

Is it possible to set auto response only once, we tried the (
:days 1) option but still all 3 respond back.

How can such a setup be achieved. (Single auto response to an
alias group)

CentOS 7.5
dovecot-pigeonhole-2.3.4.1-1.x86_64
dovecot-2.3.4.1-1.x86_64
postfix 2.10-1


-- 
Best Regards

Monis


Hello Monis,

As a workaround, you can turn x...@example.com
<mailto:x...@example.com> into an actual mailbox and give
a...@example.com <mailto:a...@example.com>, b...@example.com
<mailto:b...@example.com> and c...@example.com <mailto:c...@example.com>
read-only shared folder access.

Yassine.



As a request for comments and improvements, here's a my script to
share folders via acl files and symlinks (dovecot must be
configured accordingly) :

root@messagerie[10.10.10.19] /usr/local/scripts/mail # cat
sharemailbox.single
#!/bin/bash

function create_link {
    l_src=$1
    l_dst=$2
    l_maildir=$3
    t_maildir=$(echo "$3" | tr . ․)
    t_dst="$l_dst"/.shared."$t_maildir"
    echo pointing "$t_dst" to "$l_src"
    echo ln -s "$l_src/" "$t_dst"
    ln -s "$l_src/" "$t_dst"

}


function verifier_email {
    l_email=$1
    if ! searchmailbox.strict.sql $l_email > /dev/null
    then
    echo "l'utilisateur $l_email n'a pas pu être trouvé dans
la base de données." >&2
    return 1
    fi
    return 0
}

function set_acl {
    l_maildir=$1
    l_email=$2
    echo "giving $l_email access to $l_maildir"
    if [ ! -d $l_maildir ]
    then
    #.Sent isn't there yet.
    return
    fi
    acl_file="$l_maildir/dovecot-acl"
    echo "echo user=$l_email lr >> $acl_file"
    echo user="$l_email" lr >> "$acl_file"
    chown vmail:vmail "$acl_file"
}


if [ "$#" -lt 2 ]
then
    echo "usage : $0 part...@domain.com
<mailto:part...@domain.com> us...@domain.com
<mailto:us...@domain.com> us...@domain.com
<mailto:us...@domain.com> ... "
    exit 1
fi

email="$1"
inbox="${email%@*}"
domain="${email#*@}"
src="/var/vmail/$domain/$inbox"
if ! verifier_email "$email"
then
    echo "exit at 1"
    exit 1
fi


shift
for share_email in $@
do
    if ! verifier_email $share_email
    then
    continue
    fi
    share_inbox="${share_email%@*}"
    share_domain="${share_email#*@}"
share_maildir=/var/vmail/"$share_domain"/"$share_inbox"
    #echo grep "$share_email" "$src"/dovecot-acl
    if grep "$share_email" "$src"/dovecot-acl > /dev/null 2>&1
    then
    # then is executed when exit status is 0
    # exist status is 0 when there is a match
    echo "$share_email" has already access to "$email"
    else
    set_acl $src $share_email
    create_link $src $share_maildir $inbox
    fi
done
root@messagerie[10.10.10.19] /usr/local/scripts/mail #



--
Best Regards
Monis

Re: sieve vacation to an alias group

[Yassine Chaouche via dovecot]

On 3/10/19 12:35 PM, Monis Monther via dovecot wrote:

[...]

This is actually what I have done now, but I want it to be more 
robust, if this user quits, then I must have someone else in the group 
with the rule.

[...]


Yeah, a multipurpose, reusable notificati...@domain.tld fake / bot email 
account :)


Yassine.

Re: Unable to set quota-fs plugin

[Yassine Chaouche via dovecot]

On 3/13/19 10:14 AM, Eric Grammatico via dovecot wrote:

[...]
Mar 11 17:56:20 mail.xxx.xx dovecot[4923]: 
imap()<4939>: Error: Failed to get quota 
resource STORAGE: quota-fs: quotactl(Q_GETQUOTA, /dev/vda1) failed: No 
such file or directory


That's odd, I usually see s*da (not *v*da) in most systems I've worked 
with, as in *S*csi Drive A.


Yassine.

Re: Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart

[Yassine Chaouche via dovecot]

The general answere here is try and see, as you could totally test it on 
your own. The certificate is read at startup and put in memory for the 
rest of the execution time. Dovecot won't monitor the file for changes 
on disk, as this would waste CPU cycles and make dovecot only slower for 
no reason. The process (or person) that changes the file is responsible 
to restart dovecot to reload the new certificate in memory.


Yassine.

On 3/14/19 9:14 AM, Guido Goluke, MajorLabel via dovecot wrote:
Running dovecot 2.2, apologies if this question has been asked before: 
I've done the research but couldn't find anything.


I run a server that uses dovecot as a MUA for Postfix and have a Let's 
Encrypt certificate that auto-renews through certbot on Ubuntu server 
16.04. Dovecot did not pick up on the new certificate for the 
hostname. It did after a restart. To be clear: Let's Encrypt 
overwrites the previous certificate using the same path and filename. 
Am I right to assume that Dovecot needs a reload/restart after the 
certificate has been renewed in order to 'pick up' on the new 
certificate and if so, would I require a reload or a restart?


Thank you in advance

Re: Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart

[Yassine Chaouche via dovecot]

On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote:
The general answere here is try and see, as you could totally test it 
on your own. The certificate is read at startup and put in memory for 
the rest of the execution time. Dovecot won't monitor the file for 
changes on disk, as this would waste CPU cycles and make dovecot only 
slower for no reason. The process (or person) that changes the file is 
responsible to restart dovecot to reload the new certificate in memory.


Yassine.


I should mention that this is also true for Apache and postfix.

Yassine.

Re: Unable to set quota-fs plugin

[Yassine Chaouche via dovecot]

On 3/13/19 2:10 PM, Eric Grammatico via dovecot wrote:

Thanks Aki,

Please find attached strace for imap and quota-status which report an error at 
the end.

Regards,


write(2, "/usr/libexec/dovecot/quota-statu"..., 
57/usr/libexec/dovecot/quota-status: invalid option -- 'u'


Please retry with the good options (-u is invalid)

Yassine.

Re: Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart

[Yassine Chaouche via dovecot]

On 3/14/19 9:55 AM, Patrick Cernko via dovecot wrote:

[...] the way we have configured exim, it neither needs reload or 
restart but reads the certificate file every time it has to use it.


What happens if you goof off in the middle of an opeartion, temporarily 
putting a wrong file instead of the new certificate, and exim starts 
delivering the new broken certificate right away ? or breaks ? or 
clients can't connect anymore with TLS ? or don't connect at all if you 
don't allow non-TLS connexions ?


Yassine.

Re: Unable to set quota-fs plugin

[Yassine Chaouche via dovecot]

On 3/14/19 9:53 AM, Yassine Chaouche via dovecot wrote:


On 3/13/19 2:10 PM, Eric Grammatico via dovecot wrote:

Thanks Aki,

Please find attached strace for imap and quota-status which report an 
error at the end.


Regards,


write(2, "/usr/libexec/dovecot/quota-statu"..., 
57/usr/libexec/dovecot/quota-status: invalid option -- 'u'


Please retry with the good options (-u is invalid)

Yassine.


Ah, that seems to be the service that is called by the MTA before 
delivering the mail to the LDA, in case the user is over quota, so that 
the MTA may bounce the e-mail right away instead of accepting it first 
then bouncing afterwards (after the LDA refuses the message).


But according to the error message you posted on your first e-mail, the 
error happens with imap, I don't know if quota-status is involved here 
(might be) ?


In any case, I would concentrate on imap and not quota-status. Nothing 
in the imap strace shows any trace of errors. Particulary, I was looking 
for a quotactl line in the strace, but I couldn't find it.


In the other hand, it is present in the doveadm quota strace, and has 
completed successfully


dovecot.strace:quotactl(QCMD(Q_GETQUOTA, USRQUOTA), "/dev/vda1", 1000, 
{dqb_bhardlimit=4194304, dqb_bsoftlimit=3170304, dqb_curspace=638853120, 
dqb_ihardlimit=0, dqb_isoftlimit=0, dqb_curinodes=12784, ...}) = 0


Someone has to tell us under what conditions will the imap daemon check 
for quota (at login ? at delivery or any other action involving moving 
mail around like copying or expunging ?)



For the quota-status libexec, I have set it to run with quota-status -f 
postfix but your setup may vary (if it's every configured).  If it is 
running, you can just grep it's pid with pgrep quota-status then strace 
-p $PID and see how it behaves (wait until a quota operation is needed).



Yassine.

Re: regarding ssl certificates

[Yassine Chaouche via dovecot]

On 3/14/19 11:46 AM, mick crane via dovecot wrote:

Excuse dopey question.
I'm not exactly clear about certificates.
Apache2 default install has this snake oil certificate
Can make a new one for apache
Can make one for dovecot
Can make one for ssl
Is there supposed to be the one (self signed ) certificate pair in one 
place for the machine that each process hands out ?

Can they be moved to another machine ?

mick


Not a dovecot specific question, but I use the same certificate for 
apache, dovecot and postfix, for my domain name, on any number of 
machines, except they must all have the same hostname (they don't all 
have the same name at the same time).


I see no difference between a self-signed certificate and a broken 
certificate. In both cases you have warnings in the browser/mail client. 
In both cases you need to hit the "accept anyway" button.


Yassine.

Re: Unable to set quota-fs plugin

[Yassine Chaouche via dovecot]

On 3/14/19 3:40 PM, Eric Grammatico via dovecot wrote:

Hi there,

Well.. I didn't find a way to strace imap. If I well understood, the faulty IMAP is 
launched by dovecot from or after a succesfull imap-login process. I have executed 
manually '/usr/libexec/dovecot/imap -u eric' and typed getquotaroot "INBOX" 
which didn't reproduce the error seen in the dovecot logs and reported the correct quota.

Any idea how to find the imap command generating the error

imap(eric)<3085>: Error: Failed to get quota resource 
STORAGE: quota-fs: quotactl(Q_GETQUOTA, /dev/vda1) failed: No such file or directory

Thanks and regards,
-
Eric Grammatico _/)


How did you get that error in the first place ? :p

Yassine.

Re: Unable to set quota-fs plugin

[Yassine Chaouche via dovecot]

How I'd love if I could just launch dovecot (with symbols) in a 
debugger, set a breakpoint in the right function call, and login from 
Rainloop. Then I could run the process one step at a time and inspect 
everything...


Yassine.

On 3/14/19 3:59 PM, Eric Grammatico via dovecot wrote:

The error is generated when a user get connect from a client (RainLoop, a web 
UI). I don't know if the client request the quota or if it's automagically 
pushed from the imap process. I'd say the client requests. My problem is the 
process imap generating the error is launched just before and stopped right 
after the error is raised and thus quite difficult to trace the process.

-
Eric Grammatico _/)


14 mars 2019 15:46 "Yassine Chaouche via dovecot"  a écrit:

On 3/14/19 3:40 PM, Eric Grammatico via dovecot wrote:


Hi there,

Well.. I didn't find a way to strace imap. If I well understood, the faulty 
IMAP is launched by
dovecot from or after a succesfull imap-login process. I have executed manually
'/usr/libexec/dovecot/imap -u eric' and typed getquotaroot "INBOX" which didn't 
reproduce the error
seen in the dovecot logs and reported the correct quota.

Any idea how to find the imap command generating the error

imap(eric)<3085>: Error: Failed to get quota resource 
STORAGE: quota-fs:
quotactl(Q_GETQUOTA, /dev/vda1) failed: No such file or directory

Thanks and regards,
-
Eric Grammatico _/)

How did you get that error in the first place ? :p

Yassine.

Re: Unable to set quota-fs plugin [fixed]

[Yassine Chaouche via dovecot]

I'm happy you fixed it ! how did you figure that out ?

Yassine.

On 3/15/19 10:16 AM, Eric Grammatico via dovecot wrote:

The issue was in the systemd service file. The option PrivateDevices was 
setted. It prevents the service to have access to physical devices. I removed 
this option and from there, quota is reported without errors.

Thanks for your support

Regards,

-
Eric Grammatico _/)


14 mars 2019 16:42 "Eric Grammatico"  a écrit:

Sure !!

I got it ! I have connected with kmail, which keeps the imap opened and which 
has generated the
error several times during the session. Please find attached the strace.

Not sure this strace will help. I executed '/usr/libexec/dovecot/imap -u eric' 
and typed the same
command as in the strace and it worked

Could someone have a look in the strace and suggest some ideas to progress ?

Thanks and best regards,

-
Eric Grammatico _/)

14 mars 2019 16:08 "Yassine Chaouche via dovecot"  a écrit:


How I'd love if I could just launch dovecot (with symbols) in a debugger, set a 
breakpoint in the
right function call, and login from Rainloop. Then I could run the process one 
step at a time and
inspect everything...

Yassine.

On 3/14/19 3:59 PM, Eric Grammatico via dovecot wrote:


The error is generated when a user get connect from a client (RainLoop, a web 
UI). I don't know if
the client request the quota or if it's automagically pushed from the imap 
process. I'd say the
client requests. My problem is the process imap generating the error is 
launched just before and
stopped right after the error is raised and thus quite difficult to trace the 
process.

-
Eric Grammatico _/)

14 mars 2019 15:46 "Yassine Chaouche via dovecot"  a écrit:

On 3/14/19 3:40 PM, Eric Grammatico via dovecot wrote:


Hi there,

Well.. I didn't find a way to strace imap. If I well understood, the faulty 
IMAP is launched by
dovecot from or after a succesfull imap-login process. I have executed manually
'/usr/libexec/dovecot/imap -u eric' and typed getquotaroot "INBOX" which didn't 
reproduce the error
seen in the dovecot logs and reported the correct quota.

Any idea how to find the imap command generating the error

imap(eric)<3085>: Error: Failed to get quota resource 
STORAGE: quota-fs:
quotactl(Q_GETQUOTA, /dev/vda1) failed: No such file or directory

Thanks and regards,
-
Eric Grammatico _/)

How did you get that error in the first place ? :p

Yassine.

Re: How to create sent items, drafts and so on

[Yassine Chaouche via dovecot]

On 3/17/19 8:59 AM, Sakuma, Koshiro via dovecot wrote:

Hello,
I've setup Dovecot and Postfix mailing systems.  The protocol is 
imap.  Now, I've realized that there are no "sent items, drafts" boxed 
under Maildir for each users.  I would like to take back up Inbox, 
sent items, draft boxes.  For sent items box, it seems to be stored in 
outlook client file which is "ost".  The configuration parameters and 
version is as follows.  I can see that "namespace" has been 
configured.  How can I setup to see these folders?


Thank you for your support!


I believe these folders (sent, draft etc.) are created by the MUA on 
first IMAP connexion. Can you confirm that these folders are created 
when you connect to your IMAP account for the first via a mail client ?


If you are accessing your e-mail via a webmail, make sure to configure 
your webmail to create those folders for you. For example, with 
roundcube the config is :


$config['drafts_mbox']    = 'INBOX.Drafts';
$config['junk_mbox']  = 'INBOX.Junk';
$config['sent_mbox']  = 'INBOX.Sent';
$config['trash_mbox'] = 'INBOX.Trash';
$config['create_default_folders'] = true;

Yassine.

Re: testing dovecot LMTP with postfix/spamassassin

[Yassine Chaouche via dovecot]

On 3/16/19 3:49 PM, Marek Kozlowski via dovecot wrote:
Can I test local mail delivery by dovecot LMTP manually? I mean: to 
simulate "I'm the Postfix" and produce for some testing e-mail the 
same effect as postfix granting it via `local_transport' to dovecot?


Best regards,
Marek


You can use dovecot-lda like this :

cat <

Re: testing dovecot LMTP with postfix/spamassassin

[Yassine Chaouche via dovecot]

On 3/17/19 11:10 AM, Marek Kozlowski via dovecot wrote:


Thank you but...
Please mind that I'm planning to use dovecot LMTP rather than LDA.

Best regards,
Marek 


There's /usr/lib/dovecot/lmtp too

Yassine.

Re: testing dovecot LMTP with postfix/spamassassin

[Yassine Chaouche via dovecot]

On 3/17/19 11:59 AM, Yassine Chaouche via dovecot wrote:

On 3/17/19 11:10 AM, Marek Kozlowski via dovecot wrote:


Thank you but...
Please mind that I'm planning to use dovecot LMTP rather than LDA.

Best regards,
Marek 


There's /usr/lib/dovecot/lmtp too

Yassine.


Here's a bad example :

root@messagerie[10.10.10.19] ~ # /usr/lib/dovecot/lmtp
220 messagerie.algerian-radio.dz Dovecot ready.
Info: Connect from local
EHLO
502 5.5.2 Unknown command
HELO
502 5.5.2 Unknown command
LHLO localhost
250-messagerie.algerian-radio.dz
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 PIPELINING
TO:a.chaouche
502 5.5.2 Unknown command
MAIL FROM:ush...@us.gov
501 5.5.4 Invalid parameters
MAIL FROM:
250 2.1.0 OK
RCPT TO:a.chaou...@algerian-radio.dz
501 5.5.4 Invalid parameters
RCPT TO:
250 2.1.5 OK
DATA
354 OK
Subject: Just a test

This is the body of the mail

.
lmtp(11746, a.chaou...@algerian-radio.dz): Info: copy from : 
box=INBOX, uid=12210, msgid=, from=, subject=Just a test
lmtp(11746, a.chaou...@algerian-radio.dz): Info: dzRBHgkqjlziLQAArJM0yg: 
sieve: <>:Just a test stored mail into mailbox 'INBOX'

250 2.0.0  dzRBHgkqjlziLQAArJM0yg Saved


It's missing a lot of important fields I guess, but it made it to my 
inbox ^^'

Re: Dovecot quota and Postfix smtpd_recipient_restrictions?

[Yassine Chaouche via dovecot]

On 3/19/19 6:00 PM, Davide Marchi via dovecot wrote:

[...] is not clear for me if I need to tell Postfix to communicate 
with the service in /etc/postfix/main.cf as here:



smtpd_recipient_restrictions =
    ...
    check_policy_service inet:mailstore.example.com:12340

Davide


Hey Davide,

You don't *have* to, but you can. Now whether you should or shouldn't is 
up to you. The downside of enabling this is that if John is over quota, 
then if you try to send a mail to three recipients John, Mary and 
Socrates postfix will refuse to relay mail for any of them, even if only 
John is over quota. This has confused my users who couldn't understand 
why things were like this, but apparently this is how postfix is 
designed to work ? (or is it a protocol limitation ?)


I don't know if other people here can testify of this or have they found 
a way to circumvent this ? (or more likely is it simply a bad 
configuration on my part ^:^' ?)


Yassine.

Re: dovecot.sieve shows up as a mailbox

[Yassine Chaouche via dovecot]

On 3/21/19 3:57 PM, Aki Tuomi via dovecot wrote:

This because you have a very common misconfiguration, which is that your 
mail_home and mail_location are pointing to same directory, and that lead into 
this problem.

Solution is of course to use:

mail_home = /var/mail/vmail/%d/%n
mail_location = maildir:~/Mail

Aki


While not very intuitive, I have :

mail_home = /var/mail/vmail/%d/%n/dovecot
mail_location = maildir:~/..

Which works for me ^^'

Yassine.

Re: dovecot.sieve shows up as a mailbox

[Yassine Chaouche via dovecot]

On 3/21/19 4:13 PM, Aki Tuomi via dovecot wrote:

On 21 March 2019 17:05 Yassine Chaouche via dovecot  wrote:

[...]
While not very intuitive, I have :

mail_home = /var/mail/vmail/%d/%n/dovecot
mail_location = maildir:~/..

Which works for me ^^'

Yassine.

Except it would have the same problem, but with 'dovecot' as folder under some 
configurations.

Aki


Well, none of my users have reported they can see that folder. I myself 
use webmail, thunderbird on my PC and k9 mail on my phone and don't see 
that folder in any of these clients.


Yassine.

Re: Dovecot quota and Postfix smtpd_recipient_restrictions?

[Yassine Chaouche via dovecot]

On 3/21/19 10:17 PM, Davide Marchi via dovecot wrote:



I've a doubt (again): Is it correct the the space between 
"[..]service" and "inet[..]"? As suggested here: 
https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html


I've run:

postconf smtpd_recipient_restrictions=check_policy_service 
inet:mailstore.example.com:12340


but obtain the error:

postconf: fatal: missing '=' after attribute name: 
"inet:mailstore.example.com:12340"


Please, which is the correct syntax? :-)


Thanks again!

Davide


Davide,

I think this is the shell that is giving three arguments to postconf 
instead of just one (beacuse of the space). In order to disable this, 
you might want to try to put the whole argument between quotes. You also 
forgot to give the command the -e switch in order to edit the main.cf 
file. Try :


postconf -e smtpd_recipient_restrictions="check_policy_service 
inet:mailstore.example.com:12340"


Yassine.

Re: dovecot sasl support

[Yassine Chaouche via dovecot]

On 3/24/19 10:01 AM, Wojciech Puchar via dovecot wrote:




so it will listen on the same socket.


the effect with sendmail is as below

Mar 23 21:23:29 <2.3> puchar dovecot: auth: Error: Authentication 
client not compatible with this server (mixed old and new binaries?)



do i need to specify something while compiling sendmail to make it 
compatible?



solved by setting saslauthd to authenticate over imap - through 
dovecot server.

testsaslauthd shows it works fine.


The optimum setup though would be to auth directly against dovecot. A 
redirection through saslauthd seems unnecessary.


> but it seems sendmail strips domain name from entered login.

What backend do you use for authentication ? (system / virtual users ?)

Yassine.

auth-worker doesn't systematically log the IP

[Yassine Chaouche via dovecot]

Dear list,

look at this grep auth-worker | nl output from my dovecot log :

   166  Jul 22 15:49:47 auth-worker(24409): Info: 
sql(hakim.boukha...@domain.tld): unknown user
   167  Jul 22 15:49:47 auth-worker(13026): Info: sql(p...@domain.tld): unknown 
user
   168  Jul 22 15:53:00 auth-worker(13026): Info: 
sql(feriel.ab...@domain.tld,10.10.10.19): Password mismatch
   169  Jul 22 15:53:15 auth-worker(13026): Info: 
sql(feriel.ab...@domain.tld,10.10.10.19): Password mismatch
   170  Jul 22 15:55:26 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   171  Jul 22 15:59:30 auth-worker(13026): Info: 
sql(radioaintemouchent.domain.tld,10.10.10.19): unknown user
   172  Jul 22 15:59:43 auth-worker(13026): Info: 
sql(mouadouss...@radioalgerie.dz): unknown user
   173  Jul 22 16:00:38 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   174  Jul 22 16:00:58 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   175  Jul 22 16:02:01 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   176  Jul 22 16:09:35 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   177  Jul 22 16:09:42 auth-worker(13026): Info: sql(p...@domain.tld): unknown 
user
   178  Jul 22 16:10:11 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   179  Jul 22 16:15:37 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   180  Jul 22 16:26:55 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   181  Jul 22 16:32:01 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   182  Jul 22 16:35:37 auth-worker(19555): Info: sql(it_...@domain.tld): 
unknown user

As you can see,
sometimes the IP addresses of the dubious login attempts are noted,
other times this crucial piece of evidence is conspicuously absent.

I am wondering what is the source of all those login attempts?
or could those be mere username lookups instead to test for mail deliverability?

Many thanks,

--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: auth-worker doesn't systematically log the IP

[Yassine Chaouche via dovecot]

Le 7/22/24 à 18:53, Aki Tuomi via dovecot a écrit :


You would probably want to use the new event based system for these logs:

event_exporter log {
   format = json
   format_args = time-rfc3339
   transport = log
}

metric auth_failed {
   event=filter=auth_request_finished and not success=yes
   exporter=log
}

Aki



Many thanks for the suggestion Aki.

Best,

--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Dovecot trying to fetch a directory that contains a typo, couldn't figure out where to fix it

[Yassine Chaouche via dovecot]

Dear list,

I am encountering an unusual issue where Thunderbird is incorrectly accessing my 
"Messagerie" folder.
While there are no visible errors within Thunderbird,
Dovecot logs reveal several permission-denied messages linked to the folder 
structure.

Sep 29 16:45:20 imap(a.chaou...@domain.tld): Debug: acl vfile: file 
/var/vmail/domain.tld/a.chaouche/dovecot/../.Messagerie/dovecot-acl not found
Sep 29 16:45:20 imap(a.chaou...@domain.tld): Error: 
open(/var/vmail/domain.tld/a.chaouche/dovecot/../.Messagerie/cur/-Tlevel=matching)
 failed: Permission denied (euid=1001(vmail) egid=1001(vmail) missing +r perm: 
/var/vmail/a
lgerian-radio.dz/a.chaouche/dovecot/../.Messagerie/cur/-Tlevel=matching)
Sep 29 16:45:20 imap(a.chaou...@domain.tld): Error: 
open(/var/vmail/domain.tld/a.chaouche/dovecot/../.Messagerie/cur/-Tlevel=matching)
 failed: Permission denied (euid=1001(vmail) egid=1001(vmail) missing +r perm: 
/var/vmail/a
lgerian-radio.dz/a.chaouche/dovecot/../.Messagerie/cur/-Tlevel=matching)
Sep 29 16:45:20 imap(a.chaou...@domain.tld): Info: Disconnected: Internal error 
occurred. Refer to server log for more information. [2024-09-29 16:45:20] 
in=1215 out=278901
Sep 29 16:45:20 imap(a.chaou...@domain.tld): Debug: acl vfile: file 
/var/vmail/domain.tld/a.chaouche/dovecot/../.Drafts/dovecot-acl not found


Notably, the path includes a suspicious "-Tlevel=matching" string, which seems 
to have originated from a typo during the use of a sieve-test command I recently used, 
something like this:

$ sieve-test -Tlevel=matching ../../dovecot/sieve/perso.sieve 
./1727184793.M761376P16269.messagerie-prep\,S=4871\,W=5001\:2\,Sb -t -

Despite a thorough search on all the Dovecot configuration directory,
no such entry for "matching" exists.

root@messagerie-prep[10.10.10.19] /var/vmail/algerian-radio.dz/a.chaouche # 
grep matching  -r dovecot/
root@messagerie-prep[10.10.10.19] /var/vmail/algerian-radio.dz/a.chaouche #

This issue appears exclusive to Thunderbird,
as the webmail client Roundcube functions normally,
indicating a client-specific error.

Any insights on resolving this discrepancy would be greatly appreciated.
Config below:

doveconf -n

root@messagerie-prep[10.10.10.19] /var/vmail/algerian-radio.dz/a.chaouche # 
doveconf -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11
auth_mechanisms = plain login
auth_verbose = yes
deliver_log_format = <%f>:%s %$
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l lport=%a 
service=%s ssl=%k
mail_debug = yes
mail_location = Maildir:~/../
mail_plugins = " quota acl notify mail_log"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave editheader
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = INBOX.
  separator = .
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  acl = vfile
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename 
append
  mail_log_fields = uid box msgid from subject
  quota = maildir:User quota
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full
  quota_status_success = DUNNO
  quota_warning = storage=95%% quota-socket 95 %u
  quota_warning2 = storage=80%% quota-socket 80 %u
  sieve = ~/.dovecot.sieve
  sieve_before = /var/vmail/mailfilters/spam.sieve
  sieve_before2 = ~/backup.sieve
  sieve_dir = ~/sieve
  sieve_extensions = +editheader
  sieve_global_dir = /var/vmail/mailfilters/
  sieve_max_redirects = 0
}
postmaster_address = r...@algerian-radio.dz
protocols = " imap lmtp sieve pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
mode = 0666
  }
}
service imap-postlogin {
  executable = script-login /var/vmail/mailfilters/postlogin
  user = root
}
service imap {
  executable = imap
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
service quota-script {
  executable = script /root/SCRIPTS/MAIL/quotawarning.sh
  unix_listener quota-socket {
user = vmail
  }
  user = root
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  unix_listener /var/spool/postfix/private/quota-status-socket {
group = postfix
mode = 0600
user = postfix
  }
}
ssl_cert = :%s %$
dict_db_config =
director_doveadm_port = 0
director_mail_servers =
director_servers =
director_user_expire = 15 mins
director_username_hash = %u
disable_plaintext_auth = no
dotlock_use_excl = yes
doveadm_allowed_co