On Thu, Jan 09, 2020 at 06:51:36PM +0200, Aki Tuomi wrote:
> You can do it using replication,
> https://wiki.dovecot.org/Replication
Last time I tried, it did not work with mbox. Did that change? The
document does not tell about the format.
--
Emmanuel Dreyfus
m...@netbsd.org
On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
> Replication is not supported with mbox. Most features are not.
It would be nice if the document about replication could tell
what setup works.
--
Emmanuel Dreyfus
m...@netbsd.org
update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
--
Emmanuel Dreyfus
m...@netbsd.org
168 I use:
ssl_dh_parameters_length = 4096
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
You may want to disable 3DES nowadays.
--
Emmanuel Dreyfus
m...@netbsd.org
Hello
mail_log_events is handy to track what happened to a given message.
Unfortunatly, it seems dsync activity is not captured. This causes
messages to appear or vanish without a log trace.
Did I miss a setting to get it? How should I track how something went
wrong with dsync?
--
Emmanuel
run ()
from /usr/pkg/lib/dovecot/libdovecot.so.0
#25 0x004205b2 in ?? ()
#26 0x00422754 in ?? ()
#27 0x00423074 in ?? ()
#28 0x004238d1 in doveadm_mail_try_run ()
#29 0x0045182a in main ()
Any hint?
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
m...@netbsd.org
e.net
> sync -d -u jdoe
https://ftp.espci.fr/shadow/manu/sync.log
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
m...@netbsd.org
ver, I understand some had a better experience with it. I am curious
if someone will fork dovecot and restore the beloved feature.
--
Emmanuel Dreyfus
m...@netbsd.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dove
ULL
I only had a single report of an old client being locked out. Oddly it
was a recent Windows Phone that was perfectly capable of using
latest protocol and ciphers.
While there, I will self advertise my own paper on TLS hardening:
http://arxiv.org/abs/1407.2168
--
Emmanuel Dreyfus
m...@netbsd.org
27;:' '\n' |sort> manu
$ openssl ciphers ECDH@STRENGTH:DH@STRENGTH:HIGH |tr ':' '\n' |sort > adrian
$ join export manu
(nothing)
$ join export adrian
EXP-ADH-DES-CBC-SHA
EXP-ADH-RC4-MD5
EXP-EDH-DSS-DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
--
Emmanuel Dreyfus
m...@netbsd.org
= ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
ssl_dh_parameters_length = 4096
Kissing SSLv3 good bye did not cause harm to clients. Next to be phased
out is 3DES which accounts for 0.25% o the connexions according to the
logs. I suspect the offending clients could do better.
--
corrupted index.
The workaround for now is to detect the situation in the logs and to remove
corrupted indexes when the problem arise.
A better fix would be to sanity check all user's index on startup. Is
there a command line tool to do this?
--
Emmanuel Dreyfus
m...@netbsd.org
?
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
m...@netbsd.org
p daemon operating
on the bigger mbox (easy to spot looking at the process uid)
--
Emmanuel Dreyfus
m...@netbsd.org
e used to have in MUA-based filtering.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
m...@netbsd.org
; and fqrdns.pcre, which rejects based on consumer/dynamic looking rDNS.
I use that in order to decide the greylisting delay: suspect IP get a
12 hours greylist, everyone else gets 15 mn, or 0 if whitelisted by
recipeients. It works quite well.
--
Emmanuel Dreyfus
m...@netbsd.org
inless.
--
Emmanuel Dreyfus
m...@netbsd.org
lookup.
--
Emmanuel Dreyfus
m...@netbsd.org
Morten Stevens wrote:
> So it is now RFC compliant. Anyway I think delaying mail traffic is not
> a good solution.
This is why whitelists and autowhilists are used in greylist filters.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
m...@netbsd.org
/
#define MASTER_AUTH_COOKIE_SIZE (128/8)
/* LOGIN_MAX_INBUF_SIZE should be based on this.*/
-#define MASTER_AUTH_MAX_DATA_SIZE 1024
+#define MASTER_AUTH_MAX_DATA_SIZE 4096
#define MASTER_AUTH_ERRMSG_INTERNAL_FAILURE \
"Internal error occurred. Refer to server log for more
information."
Emm
_SIZE 4096
#define MASTER_AUTH_ERRMSG_INTERNAL_FAILURE \
"Internal error occurred. Refer to server log for more
information."
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
m...@netbsd.org
d out (waiting for MSG-GET
message from remote)
And this:
dsync-local(user): Error: read() from worker server failed: EOF
And generally speaking ,how good is dsync? is it usabel in production?
This is on dovecot 2.1.7
--
Emmanuel Dreyfus
m...@netbsd.org
Hi
Is there a way to set environment variables for the auth process? All
I found for now is to replace it by a shell script that sets variables
and then launch the real auth, but I wonder if there is a better way.
--
Emmanuel Dreyfus
m...@netbsd.org
support NetBSD libquota:
http://ftp.espci.fr/shadow/manu/dovecot-libquota.tgz
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
m...@netbsd.org
void auth_worker_client_destroy(struct auth_worker_client **client);
void auth_worker_client_unref(struct auth_worker_client **client);
--
Emmanuel Dreyfus
m...@netbsd.org
On Wed, Jun 24, 2009 at 02:21:50PM -0400, Timo Sirainen wrote:
> There's no real reason to keep it at 1 kB. I probably didn't even think
> about it much when I added it. I increased it to 8192 now.
Thanks a lot!
--
Emmanuel Dreyfus
m...@netbsd.org
uth.h
--
Emmanuel Dreyfus
m...@netbsd.org
e webmail sends a signed SAML assertion as the
password, and the PAM module validates it.
You did support in in 1.x and it did not harm anyone...
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
m...@netbsd.org
component that choose the authentication. The webmail
does. Squirrelmail does not support PLAIN.
> > You did support in in 1.x and it did not harm anyone?
> It does make it easier to waste the (pre-login!) process memory usage.
Perhaps it could be configurable?
--
Emmanuel Dreyfus
m...@netbsd.org
On Thu, Apr 11, 2013 at 12:57:45PM +, Emmanuel Dreyfus wrote:
> Perhaps [MASTER_AUTH_MAX_DATA_SIZE] could be configurable?
I tried to add a configuration option for that, but dovecot design
makes a good job at separating master and login structures, hence
The Right Way is not obvious.
On Mon, Apr 15, 2013 at 07:16:44PM +0300, Timo Sirainen wrote:
> Glusterfs isn't really object storage (unless they've changed since I
> last looked at them),
I did not test it, but object storage was added in 3.3, IIRC.
--
Emmanuel Dreyfus
m...@netbsd.org
Hi
After upgrading to 2.2, I get this:
Warning: autocreate plugin is deprecated, use mailbox { auto } setting
instead
I found no documentation on mailbox { auto }. Where should it go in the
config file?
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
m...@netbsd.org
ota
quota_warning = storage=95%% quota-warning %u
}
namespace inbox {
mailbox INBOX {
auto = create
}
}
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
m...@netbsd.org
= 0)
Apr 29 09:39:17 danceny dovecot: dsync-local(jdoe): Fatal: master:
service(doveadm): child 23443 killed with signal 6 (core not dumped - set
service doveadm { drop_priv_before_exec=yes })
--
Emmanuel Dreyfus
m...@netbsd.org
}
}
doveadm_port = 12345
ssl_client_ca_file = /etc/openssl/certs/ca.crt
doveadm_proxy_port = 0
--- cut here ---
--
Emmanuel Dreyfus
m...@netbsd.org
5 < 24440)
May 4 21:15:17 volanges dovecot: imap(jdoe): Error: Corrupted index
cache file /mail/indexes/jdoe/mail/.imap/Commandes/dovecot.index.cache:
Broken physical size for mail UID 680
Does that ring a bell? I am tempted to downgrade to 2.1.13. Does it
makes sense? Is it safe to do so?
t ring a bell? I am tempted to downgrade to 2.1.13. Does it
> >makes sense? Is it safe to do so?
>
> This bug has been fixed with dovecot 2.1.14.
But I am running 2.2.0 ...
--
Emmanuel Dreyfus
m...@netbsd.org
On Mon, May 06, 2013 at 01:52:55PM -0400, Oscar del Rio wrote:
> Have you tried 2.2.1?
Will do, but since the problem cannot be reliabily reproduced,
I have no way of knowing it is fixed. Is there anything in 2.2.1
changelog that hints it could be fixed?
--
Emmanuel Dreyfus
m...@netbsd.org
On Wed, May 15, 2013 at 02:50:55PM +0300, Timo Sirainen wrote:
> There are some locking code changes between v2.1 and v2.2, which
> I guess might be buggy. But I can't reproduce any corruption with
> stress testing. What's your doveconf -n output? Are you delivering
> mails via dovecot-lda or somet
ile = /etc/openssl/certs/tcs-chain.crt
doveadm_proxy_port = 0
--
Emmanuel Dreyfus
m...@netbsd.org
anation: everything worked fine for years.
--
Emmanuel Dreyfus
m...@netbsd.org
it would have on user mailboxes
location? If it does, do we have documentation on this?
--
Emmanuel Dreyfus
m...@netbsd.org
?
--
Emmanuel Dreyfus
m...@netbsd.org
ernel fixed the problem, but I have not been
able to spot what the problem was. Any idea?
--
Emmanuel Dreyfus
m...@netbsd.org
Emmanuel Dreyfus wrote:
> Nov 29 16:56:01 volanges dovecot: auth: Error: BUG: Authentication client
> sent unknown handshake command:
> REQUEST?6970356762?616?6?235264ef69dbd1665538af54...
I have real trouble to debug that one. I had a look at
wiki2.dovecot.org/Design/AuthProtocol,
t; 0xc70b36cc wn
root auth 172044* kqueue pending 0
root auth 17204 19 / 545650 -rw-r--r-- 121 r
root auth 17204 20* internet stream tcp 192.0.2.15:636 <->
192.0.2.26:62459
root auth 17204 22* unix stream <-> c60cb974
root auth
Emmanuel Dreyfus wrote:
> Indeed, when the auth process calls net_getunixname(), getsockname() fills the
> name buffer with garbage.
I checked with a test program: on a non open, or closed socket,
getsockname() returns -1. However on a socket that was not bound, it
returns 0 and fil
Emmanuel Dreyfus wrote:
> I checked with a test program: on a non open, or closed socket,
> getsockname() returns -1. However on a socket that was not bound, it
> returns 0 and fills the buffer with garbage.
Wrong diagnostic. I am now tracking synchronisation problems between
auth
On Fri, Sep 26, 2014 at 03:03:13PM +1200, Mark Davies wrote:
> dovecot 2.2.13 works very nicely here via pkgsrc on NetBSD.
Same here, works fine on NetBSD.
--
Emmanuel Dreyfus
m...@netbsd.org
49 matches
Mail list logo
