Disabling auth fallback to PAM
Hi folks, According to the wiki,¹ it's considered a feature of Dovecot and its ability to support multiple authentication sources that "if the password doesn't match in the first database, it checks the next one". ¹) http://wiki.dovecot.org/Authentication/MultipleDatabases I think it's great that Dovecot allows auth sources to be stacked like this, but I am not sold on the idea that the next database ought to be tried when a *password* does not match. Let me elaborate: If the first database has knowledge of a user, then it can (should) be considered authoritative, and if the provided password does not match, it's an authentication error right away. Only if the first source does not posess any knowledge about a given user, then should Dovecot proceed to query/check with the next database. Can this be configured somehow? If not, would it make sense to make this behaviour configurable? Thanks, -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ "the ships hung in the sky in much the same way that bricks don't." -- hitchhiker's guide to the galaxy spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: Disabling auth fallback to PAM
also sprach Timo Sirainen [2015-11-21 14:14 +1300]: > Well, your topic is PAM. Is it? My point is that PAM should not even be asked if an authentication source beforehand knows about a user but the password cannot be verified. > But.. Right now passdb has result_success, result_failure and > result_internalfail. I suppose it should be possible to add > result_user_unknown there that defaults to result_failure if it's > not explicitly set. result_user_known should be resturned when the authentication source does not know about a user. If the authentication source knows a user but fails to authenticate him/her due to a password mismatch, the result should rather be result_auth_failure. Those two should really replace result_failure and the dovecot authentication stack should only continue on result_user_known or result_internalfail. If we get result_success or result_auth_failure, then authentication is done and no further sources should be considered. -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ only by counting could humans demonstrate their independence of computers. -- douglas adams, "the hitchhiker's guide to the galaxy" spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Let lmtp create target directories
Hello, we're using vmm¹ to manage our postfix+dovecot virtual mail setup, which allows us to give every virtual user a separate EUID and every domain a separate EGID for additional security (vs. handling all virtual mail with a single "vmail" user). As a consequence, however, vmm must itself create the user directories with the appropriate owners, and to do so, it requires root rights. I am trying to investigate getting rid of this need³. Since Dovecot quite happily creates ~/Maildir when necessary, couldn't it also create parents? The home directory should be trivial (same EUID/EGID), but grandparents etc. might need a different policy (e.g. 0/EGID for the grandparent, 0/0 for great-grandparents, etc.). Is this something that could fall within the realm of Dovecot's lmtp? Or is the lmtp invoked as the user and doesn't actually drop root? If so, might there be another way? ¹) http://vmm.localdomain.org/² ²) Hallo Pascal ³) http://bugs.debian.org/804382 Thanks, -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ "perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." -- antoine de saint-exupéry spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] imap memory footprint rather large
also sprach Timo Sirainen <[EMAIL PROTECTED]> [2007.08.13.2324 +0100]: > > Is there a way to vacuum/reduce/optimise the cache? > > You can always delete it, but if your client wants the same > information all over again it gets grown to the same size. > Probably it doesn't after the initial mailbox load. Dovecot should > also drop unused fields from it after a week or so, but currently > this isn't done. Any news on that front? -- martin | http://madduck.net/ | http://two.sentenc.es/ "frank harris has been received in all the great houses -- once!" -- oscar wilde spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] imap memory footprint rather large
also sprach Timo Sirainen <[EMAIL PROTECTED]> [2008.05.12.1813 +0100]: > v1.1 drops fields that aren't accessed after 30 days. And that interval is hardcoded or configurable? Also, do you have an ETA on the 1.1 release? As you may know, we're freezing Debian stable in August or September and it would be good to get 1.1 in with enough time for testing beforehand. -- martin | http://madduck.net/ | http://two.sentenc.es/ "ist gott eine erfindung des teufels?" - friedrich nietzsche spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
[Dovecot] child xxxxx (imap) returned error 83 (Out of memory)
Hi list, > Jul 17 12:15:10 seamus dovecot: IMAP([EMAIL PROTECTED]): block_alloc(): Out > of memory > Jul 17 12:15:10 seamus dovecot: child 26181 (imap) returned error 83 (Out of > memory) I found those two entries in the logs this morning. The system has ample free memory. What's going on? -- martin | http://madduck.net/ | http://two.sentenc.es/ "i wish i hadn't slept all day, it's really lowered my productivity" -- robert mcqueen spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] child xxxxx (imap) returned error 83 (Out of memory)
also sprach Timo Sirainen <[EMAIL PROTECTED]> [2008.07.17.1355 +0200]: > > I found those two entries in the logs this morning. The system has > > ample free memory. What's going on? > > If you have huge mailboxes, increase mail_process_size setting or set it > to zero. The mailbox in question is 137Mb in size, according to du. The mail_process_size default seems to be 256, according to the comment in the configuration. Is that correct? What's the default? -- martin | http://madduck.net/ | http://two.sentenc.es/ the only secure micro$oft software is what's still shrink-wrapped in the warehouse. spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] BUG: messages created with permissions not respecting
also sprach Timo Sirainen <[EMAIL PROTECTED]> [2006.12.22.2225 +0100]: > On 19.12.2006, at 11.45, Thomas Vander Stichele wrote: > > umask is set to 0007. This should ensure directories and files get > > created with read/write permissions for both user and group. > > umask setting isn't really working that well, since sometimes files > are created with 0600 mode, sometimes 0660 and yet sometimes 0666.. > I'll see if I can get this fixed before v1.0. Any news on this? deliver still forces the mode of files to 0600. -- martin | http://madduck.net/ | http://two.sentenc.es/ a qui sait comprendre, peu de mots suffisent. -- intelligenti pauca spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
[Dovecot] rejecting mail due to quota exceeded
Hi, we are using dovecot's deliver to deliver mails to a virtual mailbox tree owned by the vmail user, by piping the message to the following command spawned by vmail: /usr/bin/env HOME=/srv/vmail/mydomain.ch/myaccount /usr/lib/dovecot/deliver When a message is delivered to an account that has reached its quotum, deliver issues a failure message saying: From: Mail Delivery Subsystem <[EMAIL PROTECTED]> To: $ENVELOPE_SENDER Message-ID: <[EMAIL PROTECTED]> Subject: Automatically rejected mail Your message to was automatically rejected: Quota exceeded The original message is attached, which is nice, however, I don't like the dovecot rejection message for two reasons: 1. there was no message to sent, dovecot should use the envelope recipient considering that it doesn't know the envelope recipient, this would best be solved by 2. don't accept the mail and send out a rejection, just exit 69 and write the reason to stderr! Did I miss something and is this already possible with dovecot's deliver in a virtual setting? Thanks, -- martin | http://madduck.net/ | http://two.sentenc.es/ "how do you feel about women's rights?" "i like either side of them." -- groucho marx spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] rejecting mail due to quota exceeded
also sprach Ulrich Zehl <[EMAIL PROTECTED]> [2008.09.17.1031 +0100]:
> To exit with EX_TEMPFAIL instead of sending a rejection message,
> use deliver's -e flag and the following dovecot.conf snippet,
> taken straight from our mail server.
Now I also found it on the wiki, and it works... well, I don't know
exactly what quota_full_tempfail does, because deliver now exits
with 77, but since I am calling it from procmail anyway, I now just
do:
:0 w
|/usr/bin/env HOME=$HOME $DELIVER -d $RECIPIENT -e
:0 e
{
EXITCODE=75
LOG="LDA failed with exit code $? for $RECIPIENT"
HOST
}
and that works, although I will need to polish the output a bit.
Thanks a lot,
--
martin | http://madduck.net/ | http://two.sentenc.es/
"a woman begins by resisting a man's advances and ends by blocking
his retreat."
-- oscar wilde
spamtraps: [EMAIL PROTECTED]
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
[Dovecot] Timeout during APPEND
Dear list, I am running dovecot 1.2.15 on a Debian server. One user reports continuous problems synchronising her mailbox via IMAP (offlineimap, via SSH tunnel or SSL socket). It seems that she has a large, locally-created message, but the uplink bandwidth seems to be not enough to push it before dovecot times out the APPEND command. The error/exception happens inside offlineimap's Python imaplib2.py file: APPEND => no response after 30.0 secs I do not know the IMAP protocol all that well, but it seems to me like this is broken somewhere. Could you please help me figure out the problem? -- martin | http://madduck.net/ | http://two.sentenc.es/ "man sagt nicht 'nichts!', man sagt dafür 'jenseits' oder 'gott'." - friedrich nietzsche spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Timeout during APPEND
also sprach martin f krafft [2011.06.13.1002 +0200]: > One user reports continuous problems synchronising her mailbox via > IMAP (offlineimap, via SSH tunnel or SSL socket). It seems that she > has a large, locally-created message, but the uplink bandwidth seems > to be not enough to push it before dovecot times out the APPEND > command. Upon further inspection, we found that the message *does* get saved remotely. Hence, this seems like an offlineimap problem, timing out because it receives no responses to APPEND (because the transfer takes so long). The transfer actually completes, but offlineimap will have given up by then already. Has anyone else seen this? Can you confirm this behaviour? What should offlineimap be doing differently? Thanks, -- martin | http://madduck.net/ | http://two.sentenc.es/ because light travels faster than sound, some people appear to be intelligent, until you hear them speak. spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Timeout during APPEND
also sprach Timo Sirainen [2011.06.13.1444 +0200]: > Timing out after only 30 seconds seems a bit aggressive to me, > especially if you're uploading a large message over a slow network > connection. Isn't it configurable? Not that I can see, but I will check out the code later too. The question is whether IMAP really limits us to using something silly as timeouts. Couldn't the server keep sending BUSY messages, or the like? How could the client distinguish between an upload progressing, and the connection having stalled. Does it look at the flow rate of data, or how does IMAP cater for this requirement? -- martin | http://madduck.net/ | http://two.sentenc.es/ an egg has the shortest sex-life of all: if gets laid once; it gets eaten once. it also has to come in a box with 11 others, and the only person who will sit on its face is its mother. spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Timeout during APPEND
also sprach Timo Sirainen [2011.06.13.1623 +0200]: > It could, and Dovecot does that for several commands. But I'm a bit > afraid of adding such code for APPEND, because it could easily break > some clients. I know an old version of Evolution broke if it got any > extra data during APPEND. Couldn't the client signal to the server that it wants/expects such data, and only then does dovecot send such pings? -- martin | http://madduck.net/ | http://two.sentenc.es/ "...the prevailing catholic odor - incense, wax, centuries of mild bleating from the lips of the flock." -- thomas pynchon, gravity's rainbow spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Timeout during APPEND
also sprach Timo Sirainen [2011.06.14.1454 +0200]: > > Couldn't the client signal to the server that it wants/expects > > such data, and only then does dovecot send such pings? > > Good luck getting any client to implement something like that. FYI: http://bugs.debian.org/630444 -- martin | http://madduck.net/ | http://two.sentenc.es/ no cat has eight tails. a cat has one tail more than no cat. therefore, a cat has nine tails. spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
[Dovecot] Running spamc during LMTP delivery
Hello list, we are using dovecot-lmtp for delivery to virtual users, and vmm[1] to manage them. 1. http://vmm.localdomain.org/ One nice feature of vmm is that every virtual user has their own UID/GID on the UNIX filesystem. There is no passwd entry, so no shell login, but each user effectively has a home directory and can run commands in isolation and with lowered privileges. This requires dovecot-lmtp because only the LMTP LDA runs with root rights and can drop privileges to become the specific user for which it is delivering mail. We would now like to run SpamAssassin with the possibility of using the antispam plugin to enable virtual users to train their databases. Do you have an idea how I could let dovecot-lmtp invoke spamc? Or an external command as a filter, to be run by the final user? Thanks, -- martin | http://madduck.net/ | http://two.sentenc.es/ "truth is stranger than fiction, but it is because fiction is obliged to stick to possibilities; truth isnt." -- mark twain spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Running spamc during LMTP delivery
also sprach Daniel Piddock [2012.08.08.1201 +0200]: > Have you taken a look at Pigeonhole and Sieve? There's experimental > support for running spam filters and external commands. You'll need at > least 0.3.0 which requires Dovecot 2.1. > > http://wiki2.dovecot.org/Pigeonhole/Sieve I have found this since and am working on it. Thanks! This looks like the ticket, and I will post back when I know more… -- martin | http://madduck.net/ | http://two.sentenc.es/ "we all know linux is great... it does infinite loops in 5 seconds." -- linus torvalds spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Running spamc during LMTP delivery
also sprach Timo Sirainen [2012.08.08.1509 +0200]: > > Do you have an idea how I could let dovecot-lmtp invoke spamc? Or an > > external command as a filter, to be run by the final user? > > Use spampd LMTP proxy? That's a system-wide filtering daemon, it does not run per-user. Since spam is a subjective classification, especially as soon as you add training to the mix, we require per-user configuration. -- martin | http://madduck.net/ | http://two.sentenc.es/ warning: dates in calendar are closer than they appear. spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Running spamc during LMTP delivery
also sprach Daniel Piddock [2012.08.08.1201 +0200]: > Have you taken a look at Pigeonhole and Sieve? There's > experimental support for running spam filters and external > commands. You'll need at least 0.3.0 which requires Dovecot 2.1. Dear list, here is an update. Indeed, the pigeonhole filters suggested by Daniel were the ticket. It took me a while to figure it all out though. Therefore, for posterity, at least for those running Debian systems: First, I compiled the extprograms plugin, running into a segfault, which Stephan helped me solve. Essentially, the extprograms are not in Debian, but everything else is (install dovecot-dev!), so I checked out revision 058de395713a [1], ran ./configure --with-dovecot=/usr/lib/dovecot --with-pigeonhole=/usr/include/dovecot/sieve --with-prefix=/usr/local/stow/pigeonhole-extprograms make make install cd /usr/local/stow/ stow pigeonhole-extprograms 1. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684271#10 Since dovecot only allows a single plugin dir to be specified, I had to hack around this by creating a symlink: ln -s /usr/local/lib/dovecot/sieve /usr/lib/dovecot/modules Now, after enabling the following in /etc/dovecot/conf.d/90-sieve: sieve_extensions = +vnd.dovecot.filter sieve_plugins = sieve_extprograms you should see 'vnd.dovecot.filter' in the dovecot -n output: dovecot -n | grep vnd.dovecot managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave vnd.dovecot.filter ^^ I used sieve_global_extensions instead, because I wanted to enable spamc globally for all users using the dovecot LDA, which includes all virtual users on this machine. I also set (in 90-sieve.conf) sieve_before = /etc/dovecot/sieve.before.d and then put the following sieve script into /etc/dovecot/sieve.before.d/spamassassin.sieve: require [ "vnd.dovecot.filter" ]; filter "spamc" [ "--no-safe-fallback" ]; and then ran sievec spamassassin.sieve && chmod 444 spamassassin.svbin To tell the LDA where to find the spamc filter, I added (to 90-sieve.conf): sieve_filter_bin_dir = /etc/dovecot/sieve-filter and symlinked spamc there ln -s /usr/bin/spamc /etc/dovecot/sieve-filter/spamc So far so good, this now works for real system users, but it would not work for virtual users. The reason for that is that while vmm uses UIDs/GIDs above 7 to tighten permissions per-virtual-user, spamc and spamd were unable to deal with the lack of libnss integration. Stephan suggested simply to let libnss know about the virtual mail accounts, and I did. After installing libnss-pgsql2 and extending /etc/nsswitch.conf to read passwd: compat pgsql group: compat pgsql I wrote the attached configuration file (/etc/nss-pgsql.conf), which I will submit to the vmm project. The advantage is that now, while the users cannot log in, their UIDs/GIDs on the filesystems are properly mapped, and root *can* /bin/su to them (using -s to override the shell). After a restart of spamd and dovecot, spamc is now run for every user as part of the LDA process before the user's sieve script runs. Thanks to Stephan for his help. Comments welcome. I hope I did not forget anything. PS: I know there are good reasons against running a spamfilter post-queue. There are also several reasons for that. The most important for me is that spam is subjective, especially in combination with training, and I never want to reject spam for fear of false positives, and since I do not want to overload the queues of mail servers (like debian.org) that forward to my account. -- martin | http://madduck.net/ | http://two.sentenc.es/ "the unexamined life is not worth living" -- platon spamtraps: madduck.bo...@madduck.net connectionstring= hostaddr=127.0.0.1 dbname=vmm user=nss password=5ecr41 connect_timeout=1 getgroupmembersbygid= SELECT local_part||'@'||domainname AS name FROM users JOIN domain_name USING (gid) WHERE gid = $1 AND is_primary = 't' getpwnam = SELECT local_part||'@'||domainname AS name, '*' AS passwd, 'vmm virtual mail account' AS gecos, domaindir ||'/'||uid AS homedir, '/bin/true' AS shell, uid, gid FROM users JOIN domain_data USING (gid) JOIN domain_name USING (gid) WHERE local_part = split_part($1, '@', 1) AND domainname = split_part($1, '@', 2) AND is_primary = 't' getpwuid = SELECT local_part||'@'||domainname AS name, '*' AS passwd, 'vmm virtual mail account' AS gecos, domaindir ||'/'||uid AS homedir, '/bin/true' AS shell, uid, gid FROM users JOIN domain_data USING (gid) JOIN domain_name USING (gid) WHERE uid = $1 AND is_primary = 't' allusers = SELECT local_part||'@'||domainname AS name, '*' AS passwd, 'vmm virtual
Re: [Dovecot] Running spamc during LMTP delivery
also sprach martin f krafft [2012.08.09.1423 +0200]:
> and then put the following sieve script into
> /etc/dovecot/sieve.before.d/spamassassin.sieve:
>
> require [ "vnd.dovecot.filter" ];
> filter "spamc" [ "--no-safe-fallback" ];
>
> and then ran
>
> sievec spamassassin.sieve && chmod 444 spamassassin.svbin
>
> To tell the LDA where to find the spamc filter, I added (to
> 90-sieve.conf):
>
> sieve_filter_bin_dir = /etc/dovecot/sieve-filter
>
> and symlinked spamc there
>
> ln -s /usr/bin/spamc /etc/dovecot/sieve-filter/spamc
Btw, this won't work reliably. The reason is that vnd.dovecot.filter
currently requires the filter executable to soak up all of the input
before it even bothers reading its output. Under certain conditions,
however — for instance when the input is larger than the
SpamAssassin max_size setting, spamc just pipes input to output,
without buffering. This would yield a deadlock because
vnd.dovecot.filter would not be reading output yet but still be
writing input, whereas spamc would no longer be willing to handle
input while its output was not being read.
Stephan Bosch has indicated a solution to this problem (asynchronous
IO), but until that's in place, I simply put the following shell
script in place:
-8<8<8<-
#!/bin/sh
set -eu
TMPFILE=$(tempfile -p spamc)
cleanup() { rm -f $TMPFILE; trap - EXIT; }
trap cleanup EXIT
cat > $TMPFILE
spamc -x < $TMPFILE
cleanup
-8<8<8<-
This is ugly because Dovecot itself may already have spooled the
mail message to disk (if it was too large for in-memory buffering),
and now we're spooling it a second time. Asynchronous IO will
alleviate this need for the second roundtrip via the filesystem.
Hope this helps,
--
.''`. martin f. krafft Related projects:
: :' : proud Debian developer http://debiansystem.info
`. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org
`- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
[Dovecot] Sieve's spamtest always returns 0
I am a bit at a loss here with Sieve (pigeonhole) and the spamtest extension. I am using Dovecot 2.1.7 (backported to Debian squeeze), which comes with Pigeonhole 0.3.0. Messages are scanned with SpamAssassin, which adds a header like X-Spam-Status: Yes, score=84.6 required=5.0 tests=… and so I configured spamtest in conf.d/90-plugin.conf like so: sieve_spamtest_status_type = score sieve_spamtest_status_header = X-Spam-Status: [^,]*, score=(-?[[:digit:]]+\.[[:digit:]]).* sieve_spamtest_max_header = X-Spam-Status: [^,]*, score=[^[:space:]]+ required=(-?[[:digit:]]+\.[[:digit:]]).* I tested those regular expressions with sed -r, e.g. % sed -rne "s@^X-Spam-Status: [^,]*, score=-?[[:digit:]]+\.[[:digit:]] required=(-?[[:digit:]]+\.[[:digit:]]).*@\1@p" mailfile 5.0 and they work. Unfortunately, in sieve scripts, the spamtest value is always 0, which is indicative of the spamtest "not having run", which in this case I assume means that the regular expression didn't match. Am I right in assuming that the matching happens at the time of evaluation, and so adding the headers using vnd.dovecot.filter just before works? Or does the spamtest matching happen before the sieve scripts are executed? Can you see any other reason why spamtest always yields a value of 0? Thanks, -- martin | http://madduck.net/ | http://two.sentenc.es/ "those who are faithful know only the trivial side of love: it is the faithless who know love's tragedies." -- oscar wilde spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Sieve's spamtest always returns 0
also sprach martin f krafft [2013-12-27 18:04 +1300]: > I tested those regular expressions with sed -r, e.g. > > % sed -rne "s@^X-Spam-Status: [^,]*, score=-?[[:digit:]]+\.[[:digit:]] > required=(-?[[:digit:]]+\.[[:digit:]]).*@\1@p" mailfile > 5.0 > > and they work. > > Unfortunately, in sieve scripts, the spamtest value is always 0, > which is indicative of the spamtest "not having run", which in this > case I assume means that the regular expression didn't match. The documentation talks about "POSIX regular expressions", but the examples use extended regexps. This should probably be clarified. However, even if I remove the -r in the above sed call and escape the characters +?(), it does not work. Character classes, such as [:digit:] are available in regular POSIX regexps, to my knowledge. So: the documentation needs clarification, but my problem remains. Yes, I could just "text"-match against X-Spam-Flag (which I now do), but I'd prefer it if the user could match against a spam probability, e.g. already filter if SpamAssassin assigns 6 out of 10 required points. Thanks, -- martin | http://madduck.net/ | http://two.sentenc.es/ "geld ist das brecheisen der macht." - friedrich nietzsche spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Sieve's spamtest always returns 0
also sprach Stephan Bosch [2013-12-28 08:31 +1300]:
> This configuration is incomplete. Your logs should show an error about
> that. Testing with sieve-test shows:
Oh, thank you for introducing me to sieve-test, somehow I have
missed that. Sorry!
And thank you also for your quick reply!
Unfortunately, the problem remains, and sieve-test is not as helpful
as I had hoped. My script is attached, as well as the wrapper I use
for spamc.
Here is the output generated by sieve-test. The spam message is
bare and does *not* contain the wanted headers, because those are
added by vnd.dovecot.filter invoking spamc:
% sieve-test -D -t- -Tlevel=matching -x +spamtest /tmp/spam.sieve
/tmp/spam.msg
sieve-test(madduck): Debug: sieve: include: sieve_global_dir is not set; it
is currently not possible to include `:global' scripts.
sieve-test(madduck): Debug: sieve: Pigeonhole Sieve Extprograms plugin
version 0.1.0 loaded
debug: script binary /tmp/spam.svbin successfully loaded.
debug: binary save: not saving binary /tmp/spam.svbin, because it is already
stored.
## Started executing script 'spam'
6: filter action
6: execute program `spamc'
debug: filter action: piping message to program: spamc.
debug: filter action: running program: spamc.
debug: filter action: piping data to forked program
`/etc/dovecot/sieve-filter/spamc'.
6: executed program successfully
6: changed message
8: header test
8: starting `:contains' match with `i;ascii-casemap' comparator:
8: extracting `X-Spam-Status' headers from message
8: matching value `Yes, score=66.5/5.0 tests=ADVANCE_FEE_2_NEW_FORM,
ADVANCE_FEE_2_NEW_FRM_MNY,A...'
8: with key `score' => 1
8: finishing match with result: matched
8: jump if result is false
8: not jumping
9: debug_log "X-Spam-Score header present and contains 'score'"
spam: line 9: info: DEBUG: X-Spam-Score header present and contains 'score'.
12: spamtest test [percent=false]
12: spamtest: header 'X-Spam-Status' not found in message
12: starting `:value-eq' match with `i;ascii-numeric' comparator:
12: matching value `0'
12: with key `0' => 1
12: finishing match with result: matched
12: jump if result is false
12: not jumping
13: debug_log "spamtest found no match!"
spam: line 13: info: DEBUG: spamtest found no match!.
13: jumping to line 51
## Finished executing script 'spam'
Performed actions:
(none)
Implicit keep:
* store message in folder: INBOX
sieve-test(madduck): Info: final result: success
So, as I had suspected in the original message, spamtest seems to
look at the original message, not the one returned from the
vnd.dovecot.filter. The regular sieve header match, however, *does*
consult the filtered output.
So I think that in addition to the clarification about regular vs.
extended expressions in the docs, this is also a bug in need of
fixing…
… or am I still doing something wrong?
--
martin | http://madduck.net/ | http://two.sentenc.es/
"a man's very highest moment is, i have no doubt at all, when he
kneels in the dust, and beats his breast, and tells all the sins of
his life."
-- oscar wilde
spamtraps: madduck.bo...@madduck.net
#!/bin/sh
set -eu
if find /tmp/dovecot-hack -mmin -1 | grep -q /; then
exit 1
fi
# HACK because vnd.dovecot.filter needs the filter to soak up all input before
# it will even start reading its output.
TMPFILE=$(tempfile -p spamc)
cleanup() { rm -f $TMPFILE; trap - EXIT; }
trap cleanup EXIT
cat > "$TMPFILE"
spamc "$@" < "$TMPFILE"
cleanup
require [ "vnd.dovecot.filter"];
require [ "spamtest", "relational", "comparator-i;ascii-numeric" ];
require [ "fileinto", "mailbox" ];
require [ "vnd.dovecot.debug" ];
filter "spamc" [ "--no-safe-fallback" ];
if header :contains "X-Spam-Status" "score" {
debug_log "X-Spam-Status header present and contains 'score'";
}
if spamtest :value "eq" :comparator "i;ascii-numeric" "0" {
debug_log "spamtest found no match!";
}
elsif spamtest :value
"ge" :comparator "i;ascii-numeric" "2" {
if spamtest :value "eq" :comparator "i;ascii-numeric" "1" { debug_log
"spamtest value == 1"; }
if spamtest :value "eq" :comparator "i;ascii-numeric" "2" { debug_log
"spamtest value == 2"; }
if spamtest :value "eq" :comparator "i;ascii-numeric" "3" { debug_log
"spamtest value == 3"; }
if spamtest :value "eq" :comparator "i;ascii-numeric" "4" { debug_log
"spamtest value == 4"; }
if spamtest :value "eq" :comparator "i;ascii-numeric" "5" { debug_log
"spamtest value == 5"; }
if spamtest :value "eq" :comparator "i;ascii-numeric" "6" { debug_log
"spamtest value == 6"; }
if spamtest :value "eq" :comparator "i;ascii-numeric" "7" { debug_log
"spamtest value == 7"; }
if spamtest :value "eq" :comparator "i;ascii-numeric" "8" { debug_log
"spamtest value == 8"; }
if spamtest :value "eq" :comparator "i;asc
Re: [Dovecot] Looking for HowTo Postifx, Dovecot and PostgreSQL
also sprach Frank Lanitz [2014-02-10 10:14 +0100]: > I know it's a bit a n00bish question, but I'm a little confused about > this many different ways on setting up dovecot with postfix and using a > PostgreSQL backend for virtual hosts. I've found this one quiet helpful: > http://wiki2.dovecot.org/HowTo/DovecotPostgresql > even it seems to be little outdated for recent versions of dovecot (the > auth part of dovecot.conf). Also its lagging some inforamtions I wasn't > able to find on my own (e.g. how to set password for a imap account). I suggest to have a look at http://vmm.localdomain.org/index.html -- martin | http://madduck.net/ | http://two.sentenc.es/ "if I can't dance, i don't want to be part of your revolution." - emma goldman spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Looking for HowTo Postifx, Dovecot and PostgreSQL
also sprach Frank Lanitz [2014-02-10 11:56 +0100]: > Looks nice -- any experince using it with tine20 later? I have no idea what tine20 is and the website only contains buzzwords, sorry. vmm is pretty flexible how the underlying data representation in pgsql, so you can probably tweak anything. -- martin | http://madduck.net/ | http://two.sentenc.es/ "out of the crooked timber of humanity, no straight thing was ever made." -- imanuel kant spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
[Dovecot] per-user delivery to commands
Hi, we are using dovecot IMAP in a complex virtual setup with almost 4000 accounts; postfix hands over to deliver for local delivery into a home directory as stored in the SQL database. That's /srv/vmail/$DOMAIN/$LOCALPART for most of them, but I'd rather not hardcode this scheme anywhere as it's in SQL. By a policy change, we need to insert a filter in this chain and the filter must be called in such a way that it knows where to find the "home" directory since the command needs to read a configuration file in ~/.mailfilt.rc. Thus I am looking for a way to make deliver pass incoming messages via this filter, but I cannot find any way to do that. Ideally I want this to happen before the LDA runs the mail through sieve. As an alternative, is there a command I can call to make dovecot look up $HOME for me so that I can use the dovecot data in the SQL database without making assumptions about the representation? A command that would proxy and convert my request into an SQL select as per dovecot.conf and feed back the result? Then I could use a Maildir delivery programme or even procmail to do the delivery according to the dovecot configruation. Thanks for any insights, hints, tips, help, jokes, flames, and useful information. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] spamtraps: [EMAIL PROTECTED] will kill for oil! signature.asc Description: Digital signature (GPG/PGP)
Re: [Dovecot] per-user delivery to commands
also sprach martin f krafft <[EMAIL PROTECTED]> [2007.05.20.1843 +0200]: > Hi, we are using dovecot IMAP in a complex virtual setup with almost > 4000 accounts; postfix hands over to deliver for local delivery into > a home directory as stored in the SQL database. That's > /srv/vmail/$DOMAIN/$LOCALPART for most of them, but I'd rather not > hardcode this scheme anywhere as it's in SQL. /srv/vmail/$DOMAIN/$LOCALPART/Maildir/ since … > By a policy change, we need to insert a filter in this chain and the > filter must be called in such a way that it knows where to find the > "home" directory since the command needs to read a configuration > file in ~/.mailfilt.rc. /srv/vmail/$DOMAIN/$LOCALPART/ is the home directory allowing for such things as sieve scripts etc for virtual users. I am not sure whether this actually works yet. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] spamtraps: [EMAIL PROTECTED] "first get your facts; then you can distort them at your leisure." -- mark twain signature.asc Description: Digital signature (GPG/PGP)
[Dovecot] lda: vacation auto-reply for a virtual address
Hi, I am using Dovecot to manage a complex virtual mailbox setup. It's all working splendidly, thanks to the Dovecot LDA. This morning, however, I needed to create a vacation-style autoreply for one of the virtual addresses. I made use of cmusieve, authored a little sieve script, and had it working in no time... until I discovered how limited sieve's vacation module is. Most importantly: it's hardcoded to use the Return-Path of a message, but in this very case, I need to actually use the address in the from header. So I had to give up on sieve and am now looking for another solution, but without much success. Given that mail is delivered by the Dovecot LDA, is there any way to make deliver pass it off to e.g. procmail in such a way that $HOME is set to /srv/vmail/domain.org/localpart, so that procmail can find the .procmailrc? Cheers, -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "we are trapped in the belly of this horrible machine, and the machine is bleeding to death." -- godspeed you black emperor! spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] lda: vacation auto-reply for a virtual address
also sprach Steffen Kaiser <[EMAIL PROTECTED]> [2007.08.08.1458 +0200]: > > until I discovered how limited sieve's vacation module is. Most > > importantly: it's hardcoded to use the Return-Path of a message, but > > in this very case, I need to actually use the address in the from > > What's the reason of not using Return-Path? The mailbox receives mail sent from a web interface not in our control. We know From is verified because else the user could not have used the web interface, but Return-Path is always set to the person running the web service. > When it is missing, you can search the archives for a patch of > mine, that uses the -f argument in this case. -> And the reply, > why NOT to use From for sending replies ;-) I am aware of reasons not to use them. In this case it's a non-public address used only by the web interface. > > Given that mail is delivered by the Dovecot LDA, is there any > > way to make deliver pass it off to e.g. procmail in such a way > > that $HOME is set to /srv/vmail/domain.org/localpart, so that > > procmail can find the .procmailrc? > > Of course, you could patch Dovecot LDA. It is rather straight > forward. As a long-time Debian user, I'd really rather not patch anything. :) > Another idea is to setup your MTA to deliver each mail to two > maildrops, traditionally this is called ".forward" files, because > in sendmail you can create a file ".forward" in the user's homedir > and put all the mail forwards there, e.g.: Virtual users don't really have home directories and postfix's virtual delivery agent doesn't call them anyway. But yes, if dovecot's LDA would honour something like .forward files, I'd be happy. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "no problem is so formidable that you can't just walk away from it." -- c. schulz spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] lda: vacation auto-reply for a virtual address
also sprach Joseba Torre <[EMAIL PROTECTED]> [2007.08.09.1251 +0200]: > As long as nothing depends on whatever you patch, you can do it > with no problem. And I don't think that anything depends on > dovecot. You just won't get security updates anymore. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "even if you persuade me, you won't persuade me." -- aristophanes spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] lda: vacation auto-reply for a virtual address
also sprach Steffen Kaiser <[EMAIL PROTECTED]> [2007.08.09.0902 +0200]: > Sendmail uses different mailers (exim calls them transports, if > I remember correctly) for the two different maildrops, "scripts" > are invoked by the virtual "*prog*" mailer, whereas the spooling > into a local mailbox is performed by the "local" mailer, which is > bound to e.g. Dovecot deliver. But postfix's local transport cannot deliver to virtual mailboxes, and the virtual transport does not provide for command execution: virtual(8): This delivery agent only delivers mail. Other features such as mail forwarding, out-of-office notifications, etc., must be configured via virtual_alias maps or via similar lookup mechanisms. So yes, if I find a suitable virtual delivery agent or a way to pass the maildir location from postfix to e.g. procmail, I'll have it solved. But right now it does not look like it's possible. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "we should have a volleyballocracy. we elect a six-pack of presidents. each one serves until they screw up, at which point they rotate." -- dennis miller spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
[Dovecot] [solved] lda: vacation auto-reply for a virtual address
also sprach martin f krafft <[EMAIL PROTECTED]> [2007.08.09.1319 +0200]:
> So yes, if I find a suitable virtual delivery agent or a way to pass
> the maildir location from postfix to e.g. procmail, I'll have it
> solved. But right now it does not look like it's possible.
I can report success. This solution requires me to take the
performance hit due to procmail, but it also gives me a lot of
flexibility. I might replace the procmailrc with a POSIX shell
script if it's less resource-hungry that way.
/etc/postfix/master.cf:
vprocmail unix - n n - 5 pipe
flags=DRhu user=vmail:vmail argv=/usr/bin/procmail -a ${recipient}
/etc/postfix/main.cf
virtual_transport = vprocmail
virtual_mailbox_maps = pgsql:$conf_dir/pgsql_virtual_mailbox_maps
virtual_mailbox_base = /srv/vmail # (== ~vmail)
virtual_minimum_uid = 6 # (== vmail)
virtual_uid_maps = static:6
virtual_gid_maps = static:6
vprocmail_destination_concurrency_limit = 5
vprocmail_destination_recipient_limit = 1
cat ~vmail/.procmailrc
BIFF=no
COMSAT=no
NICE='nice -20'
RECIPIENT="$1"
MAILBOX="`$NICE /usr/sbin/postmap -q $RECIPIENT
pgsql:/etc/postfix/conf/pgsql_vi
HOME="$HOME/$MAILBOX"
ORGMAIL="$HOME/.maildir/"
# http://bugs.debian.org/387883 requires us to create the directory
# as the vmail user because otherwise it will be owned by root
# (which is how spamd does it)
MKDIR=`$NICE install -d "$HOME"/.spamassassin`
UMASK=0007
# and we might just as well create a .procmailrc which is writeable by the
# group so that ACLs work
RC=`touch "$HOME"/.procmailrc`
:0 fw
|$NICE /usr/bin/spamc -x -u "$RECIPIENT"
INCLUDERC="$HOME/.procmailrc"
:0
|$NICE /usr/lib/dovecot/deliver -d "$RECIPIENT"
Cheers,
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]
chaos reigns within.
reflect, repent, reboot.
order shall return.
spamtraps: [EMAIL PROTECTED]
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
[Dovecot] status of APPENDUID: returning a UID in response to APPEND
# dovecot-related content below, this one for debian bug tracking
# system:
retitle 435959 Please support RFC4315 UIDPLUS extension in APPEND reply
severity 435959 wishlist
thanks
[please keep [EMAIL PROTECTED] on Cc.]
Hi there,
I am working on
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=435959, which is
a performance problem that offlineimap has on large mailboxes. We
think that a simple patch to dovecot could cure this problem. I am
willing to write the patch but would really like to get your opinion
first.
In order to keep track of which IMAP message is stored in which
local file, offlineimap uses the message UID, which is guaranteed to
be unique in the directory, but constant across sessions.
When uploading a new message to the IMAP server with APPEND,
offlineimap then has to run a SEARCH to obtain said UID for the
message it just uploaded. This takes ages on larger mailboxes, as
the way offlineimap identifies the message is via a header that's
not indexed by dovecot.
The solution I found in RFC4315 ("UIDPLUS";
http://www1.tools.ietf.org/html/rfc4315) and then I saw
http://www.dovecot.org/list/dovecot/2004-July/003993.html, and now
I am wondering: is anyone else interested in APPENDUID? What's the
status of an implementation, if any?
Newer Courier IMAP server implementation support UIDPLUS and
offlineimap will likely obtain this functionality soon.
Cheers,
[please keep [EMAIL PROTECTED] on Cc.]
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]
"by accepting this brick through your window, you accept it as is
and agree to my disclaimer of all warranties, express or implied,
as well as disclaimers of all liability, direct, indirect,
consequential or incidental, that may arise from the installation
of this brick into your building." -- seen on irc
spamtraps: [EMAIL PROTECTED]
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
[Dovecot] imap memory footprint rather large
Dear list, I am experimenting with a new mail handling setup and it involves a single IMAP folder with just under 70'000 messages. When OfflineIMAP connects to the server, the imap process starts to eat up a lot of memory: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 15607 madduck 35 19 283m 244m 239m D 16.9 49.3 0:09.96 imap On the contrary, when "online" client, such as Thunderbird connect, memory usage is around 10m, which is entirely acceptable. The way offlineimap reads may is by FETCHing metadata, then APPENDing new local mail, SEARCHing for the UIDs of each uploaded mail, and finally FETCHing new remote mail. Memory use seems to be O(n) in the size of the folder. On the folder with 70k messages, dovecot seems to allocate 280m of memory, which it then fills to about 70% during the metadata FETCH, and then keeps growing while APPEND/SEARCHing the new local messages. The 70k mailbox is just short of 600Mb in size on disk. Dovecot uses 280Mb to serve it. Is it possible that dovecot is reading too much into memory, or over-optimising? Can I somehow tweak this to lower the memory footprint? Cheers, -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "the unexamined life is not worth living" -- platon spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] imap memory footprint rather large
also sprach martin f krafft <[EMAIL PROTECTED]> [2007.08.13.2259 +0200]: > Memory use seems to be O(n) in the size of the folder. On the folder > with 70k messages, dovecot seems to allocate 280m of memory, which I just saw in the logs: mmap() failed with index cache file /home/madduck/.maildir/.store/dovecot.index.cache: Cannot allocate memory and looking at the file, it's in fact 280m in size. Does dovecot need to read/mmap the entire file? Is there a way to vacuum/reduce/optimise the cache? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] this message represents the official view of the voices in my head. spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] imap memory footprint rather large
also sprach Timo Sirainen <[EMAIL PROTECTED]> [2007.08.14.0028 +0200]:
> What exactly do you mean by FETCHing metadata? Something like ENVELOPE
> or BODYSTRUCTURE? And this is fetched for all messages instead of just
> new ones? That could easily explain why cache is so large.
The code is:
response = imapobj.fetch('1:%d' % maxmsgid, '(FLAGS UID INTERNALDATE)')[1]
meaning that it obtains (FLAGS UID INTERNALDATE) for all messages in
a folder every time.
It needs to do this to be able to synchronise flags. But does it
mean that the server has to keep it all in memory? I am not sure...
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]
"never eat more than you can lift."
-- miss piggy
spamtraps: [EMAIL PROTECTED]
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] status of APPENDUID: returning a UID in response to APPEND
also sprach Timo Sirainen <[EMAIL PROTECTED]> [2007.08.14.0018 +0200]: > Dovecot v1.1 supports UIDPLUS already. I wouldn't bother backporting it > to v1.0. It requires several API changes to do it properly which in turn > breaks plugins and so on. This is great news. Thanks, Timo. -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems "education is an admirable thing, but it is well to remember from time to time that nothing that is worth knowing can be taught." -- oscar wilde digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] imap memory footprint rather large
also sprach Timo Sirainen <[EMAIL PROTECTED]> [2007.08.14.1358 +0200]: > So I guess most of the data in your dovecot.index.cache file came from > some initial FETCH ENVELOPE/BODYSTRUCTURE/etc. for all messages. If you > delete it, it won't probably get as large anymore. This is true, I deleted it and it went back to 12 Mb, taking most of our performance problems with it. > I'm not sure if there's anything I can do on Dovecot's side to > make this work better. This shouldn't be a problem except for > large mailboxes that are accessed with Dovecot for the first time. > There the possibilities are to cache wanted data immediately so > that it can be accessed fast the next time, or not cache it at all > the first time and if it's needed again doing the whole thing all > over again. Well, that, and dovecot could expire data in the cache after a while, right? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] a gourmet concerned about calories is like a punter eyeing the clock. spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
[Dovecot] use of deliver from procmail advisable?
Hi list, I understand that dovecot's deliver does a little more than deliver: it also updates the dovecot metadata stored with each Maildir. Thus, if I use deliver as opposed to procmail's internal Maildir delivery, it seems that the IMAP server later has less work to do since the metadata is can use are up to date. Doing this, however, incurs an extra process for each mail delivered. I thus wonder whether the two balance each other out, or whether there is a strong difference. What do you think will be less resource-heavy: calling deliver for every mail received *in addition to* procmail, or letting the IMAP server update the metadata on access? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] use of deliver from procmail advisable?
also sprach Kyle Wheeler <[EMAIL PROTECTED]> [2007.08.14.1833 +0200]: >> I understand that dovecot's deliver does a little more than >> deliver: > > It also understands the 'seive' filter language (an alternative to > procmail). I don't consider it an alternative to procmail because you cannot pass mail to external programmes, like spamassassin or vacation. Sure, sieve has its own vacation module, but I find that to be rather limited. See this thread: http://dovecot.org/list/dovecot/2007-August/024686.html >> What do you think will be less resource-heavy: calling deliver >> for every mail received *in addition to* procmail, or letting the >> IMAP server update the metadata on access? > > Unless you're cutting it close to the limit on what your server > can handle, that's probably the wrong question to ask. A better > question is: which gives my users better performance? Good point. The users, however, as far as I know, all use tools like offlineimap to synchronise in the background, so it hardly matters. > your users aren't paying attention. Dovecot will *seem* snappier > if you do the indexing work on delivery rather than on access, > even though it may spend more CPU cycles overall to do so. Does anyone have hard facts on how much the server process loses if it encounters a folder with an index inconsistency? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] mulutlitithtrhreeaadededd s siigngnatatuurere spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] use of deliver from procmail advisable?
also sprach Charles Marcus <[EMAIL PROTECTED]> [2007.08.14.2028 +0200]: >> Well, the whole point of sieve, I believe, is to make it something that an >> admin would want to let arbitrary users modify on their own recognizance, >> and the ability to specify arbitrary programs to run would be just *asking* >> to be hacked. > > Wouldn't a decent, secure alternative to procmail be sieve+amavisd-new? Except it's not really possible to make amavisd-new do per-user spam filtering. And it's even more of a performance hog. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "all language designers are arrogant. goes with the territory..." -- larry wall spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] imap memory footprint rather large
also sprach martin f krafft <[EMAIL PROTECTED]> [2007.08.14.1552 +0200]:
> > So I guess most of the data in your dovecot.index.cache file
> > came from some initial FETCH ENVELOPE/BODYSTRUCTURE/etc. for all
> > messages. If you delete it, it won't probably get as large
> > anymore.
>
> This is true, I deleted it and it went back to 12 Mb, taking most
> of our performance problems with it.
I found the file to be ever growing, so when it had grown back to
160Mb in a single day, I decided to employ cron on the mail server:
11 4 * * * find $HOME/.maildir -type f -name dovecot.index.cache -exec rm {}
\;
Since my mail is fetched in the background anyway, I am happy to
take the performance hit first thing in the morning.
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]
"moderation is a fatal thing. enough is as bad as a meal. more than
enough is as good as a feast."
-- oscar wilde
spamtraps: [EMAIL PROTECTED]
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] use of deliver from procmail advisable?
also sprach Jerry Yeager <[EMAIL PROTECTED]> [2007.08.15.1758 +0200]: > a) Postfix milter to run ClamAv, eh something like this (for Linux fans) > b) then use the regular Postfix <--> SpamAssassin <--> LDA (with sieve) > setup (message routing via Postfix master.cf) so that individual users can > set their own SA rules and vacation stuff. This is exactly how I used to have it but then the need for a vacation autoresponse to the From: address (as opposed to Return-Path) arose and I had to switch to procmail: http://dovecot.org/list/dovecot/2007-August/024766.html Before that, I was using spamc with --pipe-to, but always had a bad feeling about that, since the manpage says: Note that there is a very slight chance mail will be lost here, because if the fork-and-exec fails there’s no place to put the mail message. and my message to SA-users on this was never answered[0]. 0. http://marc.info/?l=spamassassin-users&m=115185095923772&w=2 Now I am using procmail and at least now that failure will cause postfix to defer a message. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] half a bee, philosophically, must ipso facto half not be. but half the bee has got to be, vis-a-vis its entity. you see? but can a bee be said to be or not to be an entire bee, when half the bee is not a bee, due to some ancient injury? -- monty python spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
[Dovecot] removing IMAP keywords?
Hi there, I found that with an IMAP command like STORE 1 +FLAGS (testflag) I can set arbitrary flags on mails through the dovecot IMAP daemon. This rules. Now I wonder, however, how I can remove those flags, which become properties of the folder, really. For instance, after the above, SELECT on the containing folder gives: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft testflag) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft testflag \*)] Flags permitted. Even if I remove the flag from all messages or even delete all messages in the folder, the flag stays on the folder. Is there an IMAP way of removing flags from a folder? Also, does someone know where I can find specification on what characters are allowed for keywords? RFC 3501 is strangely quiet on this, or I am blind. Thanks, -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "gilmour's guitar sounds good whether you've got a bottle of cider in your hand or a keyboard and a mouse." -- prof. bruce maxwell spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] removing IMAP keywords?
also sprach Kyle Wheeler <[EMAIL PROTECTED]> [2007.08.23.2103 +0200]:
> Check out section 9, Formal Syntax. Specifically, "flag-keyword", which is
> defined to be an "atom", which is a sequence of ANY character except the
> "atom-specials". In other words, a flag-keyword is a string of one or more
> characters, not including (, ), {, " ", control characters, %, *, ", \, and
> ].
So this would mean we could use UTF-7 (RFC 2152) to encode pretty
much anything in those tags.
Is there a maximum length? I could not tell from the document.
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]
the images rushed around his mind and tried
to find somewhere to settle down and make sense.
-- douglas adams, "the hitchhiker's guide to the galaxy"
spamtraps: [EMAIL PROTECTED]
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] removing IMAP keywords?
also sprach Julian Cowley <[EMAIL PROTECTED]> [2007.08.23.2228 +0200]: > Funny, I just went through this moments before I saw this message. > As far as I know, there is no way to do it other than to delete > the dovecot.index files on the server. If you don't have access > to the server, then there probably is no way given the current > IMAP protocol. Ouch. Thanks for taking the time to respond. We're discussing how to do general (semantic) mail tags in such a way that they're client and server independent. In case you're interested, please check out the archives of the list and consider signing up: http://lists.madduck.net/mailman/listinfo/mailtags -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "never trust a woman who wears mauve, whatever her age may be, or a woman over thirty-five who is fond of pink ribbons. it always means they have a history." -- oscar wilde spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] removing IMAP keywords?
also sprach Timo Sirainen <[EMAIL PROTECTED]> [2007.08.24.1654 +0100]: > It could be a good idea to talk about it first in imap-protocol list to > see if other people have better ideas. This is a good idea. However, in a thread on the mailtags mailing list, the Mail.app MailTags author raised some concerns with using IMAP keywords for mail tags [0], which need to be addressed/discussed first. Basically, using an RFC821 header to store tags in the message is a considerable contender with a major performance downside, but it would solve the challenge of storing tags locally in a way that *all* mail clients could use. 0. http://lists.madduck.net/pipermail/mailtags/2007-August/38.html -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] microsoft: for when quality, reliability, and security just aren't that important! spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Separators and shared namespaces
Hello,
I am running Dovcecot 2.3.19 on Debian, and I am trying to get
shared to work.
It's working if I do this:
```
namespace {
type = shared
separator = /
prefix = Team/%%u/
location =
maildir:%%h/Maildir:INDEX=%h/Maildir/Team/%%u:INDEXPVT=%h/Maildir/Team/%%u
subscriptions = no
list = children
}
```
After setting some ACLs, I now have the following in `LIST` output:
```
…
. LIST "" *
* LIST (\HasNoChildren) "/" INBOX
[…]
* LIST (\Noselect \HasChildren) "/" Team/rechnungseing...@example.org
* LIST (\HasNoChildren) "/" "Team/rechnungseing...@example.org/Archiv bearbeitete
Rechnungen"
. OK List completed (0.003 + 0.000 + 0.007 secs).
```
However, since I am using Maildir, the default separator is `.`, and
so I have to change the separator for the `inbox` namespace, which
makes me feel uneasy. The system still uses `.dotted.notation` on
the filesystem despite the namespace change, and subfolders and all
still work, but it still rubs me the wrong way to do this.
And yet, when I try to use `.` like this:
```
separator = .
prefix = Team.%%u.
location =
maildir:%%h/Maildir:INDEX=%h/Maildir/.Team,%%u:INDEXPVT=%h/Maildir/.Team.%%u
```
then nothing shows up in `LIST` output. Any idea why this might be?
Thanks,
--
martin krafft | https://matrix.to/#/#madduck:madduck.net
"den stil verbessern, das heißt den gedanken verbessern."
- friedrich nietzsche
{: .blockquote }
spamtraps: madduck.bo...@madduck.net
{: .hidden }
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Separators and shared namespaces
Regarding the following, written by "Aki Tuomi" on 2023-09-27 at 13:09 Uhr
+0300:
The physical (file system) separator and hierachy separator are not related.
You can safely change the hierarchy separator to / .
Okay, so what is it used for?
The shared namespace should have list=children, and you will not
see anything by default, unless you have acl_shared_dict and have
actually shared a folder.
Yeah, I have all of that. It works with `/`, but when I use `.`, it
stops working. ACLs/sharing stays the same.
Best,
--
martin krafft | https://matrix.to/#/#madduck:madduck.net
"glaube heißt nicht wissen wollen, was wahr ist."
- friedrich nietzsche
{: .blockquote }
spamtraps: madduck.bo...@madduck.net
{: .hidden }
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
