Re: [Dovecot] behavior of dovecot with Openldap
El Martes, 20 de Enero de 2009 a las 08:47, geoffroy desvernay escribió: Here we use uris parameter instead of hosts, and we seems to have expected behaviour: dovecot is always using the first listed uri except if it doesn't respond (switch to the second) Same experience here (RHEL4 and several dovecot versions). Dovecot only uses the 1st ldap server in the uris variable, and only tries the other ones when this doesn't respond: we've had some problems with the primary server taking like 1 minute for each answer and dovecot didn't switch to the next one. -- Joseba Torre. CIDIR Bizkaia. signature.asc Description: This is a digitally signed message part.
Re: [Dovecot] Authentication cache, failure to login after changed password
Timo Sirainen wrote:
On Mon, 2009-01-05 at 14:33 +0100, Tom Sommer wrote:
Sorry to bump this, but I can still reproduce it - I have enabled
auth_debug now to attempt to provide some more details.
Actually enable auth_debug_passwords=yes. It then also logs what's seen
in the cache entries.
dovecot: Jan 20 09:01:18 Info: auth(default):
cache(u...@example.com,127.0.0.1): miss
dovecot: Jan 20 09:01:18 Info: auth-worker(default):
sql(u...@example.com,127.0.0.1): query: SELECT username as user,
plainpassword as password, nopassword FROM cyrususers WHERE username =
'u...@example.com' AND password = PASSWORD('SECRET') AND active = 1
dovecot: Jan 20 09:01:18 Info: auth-worker(default):
sql(u...@example.com,127.0.0.1): unknown user
dovecot: Jan 20 09:01:20 Info: auth(default): client out: FAIL 1
user=u...@example.com
dovecot: Jan 20 09:01:20 Info: imap-login: Disconnected (auth failed, 1
attempts): user=u...@example.com, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.2
dovecot: Jan 20 09:01:32 Info: auth(default):
cache(u...@example.com,127.0.0.1): hit:
dovecot: Jan 20 09:01:32 Info: auth(default):
cache(u...@example.com,127.0.0.1): User unknown
dovecot: Jan 20 09:01:34 Info: auth(default): client out: FAIL 1
user=u...@example.com
It appears the user missed the cache, a SQL lookup is performed (which
returns 1 record, I tested the query directly) - however for some reason
the lookup is set as Unknown User, a state which it then keeps.
Obviously I can adjust this with auth_cache_negative_ttl, but I presumed
the default value was always 0
Setting auth_cache_negative_ttl = 0 now and awaiting results
--
Tom Sommer
Re: [Dovecot] troubles with 1.1.8 and squirrelmail over HTTPS
Timo Sirainen wrote: On Thu, 2009-01-15 at 16:25 +0100, Frank Bonnet wrote: I had to increase the max_mail_processes to 8192 to have a functionnal IMAP server with normal clients AND squirrelmail clients 8192 sounds enormous to me , any infos welcome ! How many imap processes have you running typically? Did you found any explaination to this problem ? Do you think it could be a Linux problem or a Dovecot problem ? Thanks
[Dovecot] Dovecot optimisation
Hello all.
We start to use Dovecot at our email production but it runs not such
fast as we expect.
We use Dell 2950 with 4GbRAM at FreeBSD-7.0-p9 - load avarage never
upper a 0.5
We have about 500 clients most of it use Outlook 2007 via IMAP.
We run in this problems:
1) Sync of imap folder is really slow(I think it is Outlook problem)
2) Time after time we got Sync error from outlook
3) Time after time our monitoring system says what IMAP port not answer
in 10 sec. In real life it start to answer in 15-20 sec what is not
really good - client thinks what server don`t work. If I restart dovecot
- it start to answer in 1-3 sec.
I think problem in my conf, may be I need tune it?
*dovecot -n don`t give full conf so i use this:*
mail# grep -v '#' /usr/local/etc/dovecot.conf | egrep -v '^$'
base_dir = /var/run/dovecot/
protocols = imap imaps pop3 pop3s managesieve
listen = *
disable_plaintext_auth = yes
shutdown_clients = yes
log_path = /var/log/dovecot/dovecot.log
info_log_path = /var/log/dovecot/dovecot.log
log_timestamp = %b %d %H:%M:%S
syslog_facility = mail
ssl_disable = no
ssl_cert_file = /usr/local/etc/certs/fxclub_org.crt
ssl_key_file = /usr/local/etc/certs/fxclub_org.key
ssl_ca_file = /usr/local/etc/certs/GlobalSignCA.crt
ssl_verify_client_cert = no
ssl_parameters_regenerate = 168
ssl_cipher_list = ALL:!LOW:!SSLv2
verbose_ssl = no
login_dir = /var/run/dovecot/login
login_user = dovecot
login_process_size = 64
login_process_per_connection = yes
login_processes_count = 10
login_max_processes_count = 128
login_greeting = Dovecot ready.
login_log_format_elements = user=%u method=%m rip=%r lip=%l %c
login_log_format = %$: %s
mail_location = maildir:/var/spool/dovecot/domains/%d/%n/
mail_uid = dmail
mail_gid = dmail
mail_privileged_group = mail
mail_full_filesystem_access = no
mail_debug = no
mail_log_prefix = %Us(%u):
mail_log_max_lines_per_sec = 10
mmap_disable = no
dotlock_use_excl = yes
fsync_disable = no
mail_nfs_storage = no
mail_nfs_index = no
lock_method = fcntl
mail_drop_priv_before_exec = no
verbose_proctitle = yes
first_valid_uid = 500
first_valid_gid = 0
max_mail_processes = 512
mail_process_size = 256
mail_max_keyword_length = 50
mail_cache_min_mail_count = 0
mailbox_idle_check_interval = 30
mail_save_crlf = no
maildir_stat_dirs = no
maildir_copy_with_hardlinks = yes
maildir_copy_preserve_filename = no
mbox_read_locks = fcntl
mbox_write_locks = dotlock fcntl
mbox_lock_timeout = 300
mbox_dotlock_change_timeout = 120
mbox_min_index_size = 0
protocol imap {
login_executable = /usr/local/libexec/dovecot/imap-login
mail_executable = /usr/local/libexec/dovecot/imap
imap_max_line_length = 65536
mail_max_userip_connections = 10
mail_plugins = quota imap_quota autocreate
mail_plugin_dir = /usr/local/lib/dovecot/imap
login_greeting_capability = yes
imap_logout_format = bytes=%i/%o
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
}
protocol pop3 {
login_executable = /usr/local/libexec/dovecot/pop3-login
mail_executable = /usr/local/libexec/dovecot/pop3
pop3_enable_last = no
pop3_lock_session = no
pop3_uidl_format = %08Xu%08Xv
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
mail_max_userip_connections = 3
mail_plugins = quota
mail_plugin_dir = /usr/local/lib/dovecot/pop3
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = postmas...@fxclub.org
hostname = mail.fxclub.org
mail_plugins = cmusieve quota
mail_plugin_dir = /usr/local/lib/dovecot/lda
quota_full_tempfail = yes
deliver_log_format = msgid=%m: %$
log_path = /var/log/dovecot/deliver.log
info_log_path = /var/log/dovecot/deliver.log
sendmail_path = /usr/sbin/sendmail
rejection_reason = Your message to %t was automatically rejected:%n%r
auth_socket_path = /var/run/dovecot/auth-master
sieve_global_path = /var/spool/dovecot/global.sieve
}
protocol managesieve {
listen = *:2000
login_executable = /usr/local/libexec/dovecot/managesieve-login
mail_executable = /usr/local/libexec/dovecot/managesieve
managesieve_max_line_length = 65536
sieve_storage = %
sieve = ~/.dovecot.sieve
mail_location =
managesieve_implementation_string = dovecot
}
auth_executable = /usr/local/libexec/dovecot/dovecot-auth
auth_process_size = 256
auth_cache_size = 0
auth_cache_ttl = 3600
auth_cache_negative_ttl = 3600
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_verbose = yes
auth_debug = no
auth_debug_passwords = no
auth_worker_max_count = 100
auth_failure_delay = 2
auth default {
mechanisms = plain login
passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
userdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
user = dovecot-auth
count = 1
ssl_require_client_cert = no
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = dmail
}
client {
path = /var/run/dovecot/auth-client
mode = 0660
user = exim
}
}
}
dict {
}
[Dovecot] Migration dbmail - dovecot.
Hi i want to migrate from dbmail to dovecot, the main problem is passwords. dbmail uses md5-hash wich crypt 111 to $1$tZNR7pR4$jMuuKWm7ljRyL8iEMfjep.. Tried all dovecot pass schemes thru `dovecotpw` and no one matches. The main question is how to migrate dbmail - dovecot.
Re: [Dovecot] deliver: command died with signal 6
On 2009-01-13, Timo Sirainen t...@iki.fi wrote:
Reading your old mails: are you still using GPFS? This crash just
shouldn't be happening, so perhaps something randomly breaks with it.
Are you using mmap_disable=3Dyes? Multiple servers can access the same
user's mails at the same time?
I tried setting mmap_disable=yes today, but got two new failures 2.5
hours later :-(
Jan 20 10:38:32 smtp2.ulh.myinternaldomain.net
deliver(quarant...@mydomain.net): Raw backtrace:
/usr/local/dovecot/libexec/dovecot/deliver(i_syslog_panic_handler+0x1c)
[0x45577c] - /usr/local/dovecot/libexec/dovecot/deliver [0x45537c] -
/usr/local/dovecot/libexec/dovecot/deliver(mail_index_sync_update_index+0x86f)
[0x43eb8f] -
/usr/local/dovecot/libexec/dovecot/deliver(mail_index_sync_begin+0x245)
[0x43c6e5] -
/usr/local/dovecot/libexec/dovecot/deliver(maildir_sync_index_begin+0x45)
[0x4162d5] -
/usr/local/dovecot/libexec/dovecot/deliver(maildir_transaction_save_commit_pre+0x68)
[0x41c638] -
/usr/local/dovecot/libexec/dovecot/deliver(maildir_transaction_commit+0x70)
[0x417320] - /usr/local/dovecot-1.0.15/lib/dovecot/lda/lib10_quota_plugin.so
[0x2a9557d3a8] -
/usr/local/dovecot/libexec/dovecot/deliver(deliver_save+0x136) [0x410856] -
/usr/local/dovecot/libexec/dovecot/deliver(main+0x1023) [0x411c43] -
/lib64/tls/libc.so.6(__libc_start_main+0xdb) [0x322e11c40b] - /u
sr/local/dovecot/libexec/dovecot/deliver [0x40ffaa]
Jan 20 10:38:32 smtp2.ulh.myinternaldomain.net
deliver(quarant...@mydomain.net): file mail-index-sync-update.c: line 854
(mail_index_sync_update_index): assertion failed: (view-hdr.messages_count ==
map-hdr.messages_count)
Jan 20 10:30:10 smtp1.ulh.myinternaldomain.net
deliver(quarant...@mydomain.net): Raw backtrace:
/usr/local/dovecot/libexec/dovecot/deliver(i_syslog_panic_handler+0x1c)
[0x45577c] - /usr/local/dovecot/libexec/dovecot/deliver [0x45537c] -
/usr/local/dovecot/libexec/dovecot/deliver(mail_index_sync_update_index+0x86f)
[0x43eb8f] -
/usr/local/dovecot/libexec/dovecot/deliver(mail_index_sync_begin+0x245)
[0x43c6e5] -
/usr/local/dovecot/libexec/dovecot/deliver(maildir_sync_index_begin+0x45)
[0x4162d5] -
/usr/local/dovecot/libexec/dovecot/deliver(maildir_transaction_save_commit_pre+0x68)
[0x41c638] -
/usr/local/dovecot/libexec/dovecot/deliver(maildir_transaction_commit+0x70)
[0x417320] - /usr/local/dovecot-1.0.15/lib/dovecot/lda/lib10_quota_plugin.so
[0x2a9557d3a8] -
/usr/local/dovecot/libexec/dovecot/deliver(deliver_save+0x136) [0x410856] -
/usr/local/dovecot/libexec/dovecot/deliver(main+0x1023) [0x411c43] -
/lib64/tls/libc.so.6(__libc_start_main+0xdb) [0x3cbd81c40b] - /u
sr/local/dovecot/libexec/dovecot/deliver [0x40ffaa]
Jan 20 10:30:10 smtp1.ulh.myinternaldomain.net
deliver(quarant...@mydomain.net): file mail-index-sync-update.c: line 854
(mail_index_sync_update_index): assertion failed: (view-hdr.messages_count ==
map-hdr.messages_count)
This is with the following config. Any other suggestions for what
we should try ?
protocols = imap pop3
protocol imap {
listen = *:143
}
protocol pop3 {
listen = *:110
}
disable_plaintext_auth = no
ssl_disable = yes
login_user = dovecot
max_mail_processes = 512
namespace private {
prefix = INBOX.
inbox = yes
}
mmap_disable = yes
protocol imap {
mail_plugins = quota imap_quota
imap_client_workarounds = outlook-idle delay-newmail
}
protocol pop3 {
mail_plugins = quota
pop3_uidl_format = UID%u-%v
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = mailer-dae...@mydomain.net
mail_plugins = quota
auth_socket_path = /var/run/dovecot/auth-master
sendmail_path = /usr/sbin/sendmail
}
auth default {
mechanisms = plain
passdb sql {
args = /usr/local/dovecot/etc/dovecot-sql.conf
}
userdb sql {
args = /usr/local/dovecot/etc/dovecot-sql.conf
}
user = dovecot-auth
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = root
group = atmail
}
}
}
auth_verbose = yes
% dovecot -n
# 1.0.15: /usr/local/dovecot-1.0.15/etc/dovecot.conf
protocols: imap pop3
listen(default): *:143
listen(imap): *:143
listen(pop3): *:110
ssl_disable: yes
disable_plaintext_auth: no
login_dir: /usr/local/dovecot-1.0.15/var/run/dovecot/login
login_executable(default): /usr/local/dovecot-1.0.15/libexec/dovecot/imap-login
login_executable(imap): /usr/local/dovecot-1.0.15/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/dovecot-1.0.15/libexec/dovecot/pop3-login
max_mail_processes: 512
mmap_disable: yes
mail_executable(default): /usr/local/dovecot-1.0.15/libexec/dovecot/imap
mail_executable(imap): /usr/local/dovecot-1.0.15/libexec/dovecot/imap
mail_executable(pop3): /usr/local/dovecot-1.0.15/libexec/dovecot/pop3
mail_plugins(default): quota imap_quota
[Dovecot] Broken dovecot-uidlist files
I have just upgraded to 1.1.8, hoping to fix these types of errors: Jan 20 10:39:27 laura deliver(xxx...@example.net): Broken file /srv/storage/mail/store/net/example/xx/xx/Maildir/dovecot-uidlist line 156: Invalid data: Jan 20 10:41:19 laura dovecot: POP3(yy...@example.at): Broken file /srv/storage/mail/store/at/example/yy.yy/Maildir/dovecot-uidlist line 2: Invalid data: Unfortunately, they still pop up. Since I suspect these errors to be responsible for customers complaining about downloading mails twice, I'd like to fix them. Our setup has multiple servers sharing the same NFS-mounted directory for maildirs and indexes; we have set mmap_disable = yes dotlock_use_excl = yes fsync_disable = no mail_nfs_index = yes lock_method = fcntl As far as I can tell, for at least one of these errors, there was no concurrent access to the mailbox in question. What can I do to solve this problem, or to analyze it further? Ulrich
Re: [Dovecot] Dovecot optimisation
On 1/20/2009 4:10 AM, Proskurin Kirill wrote: We use Dell 2950 with 4GbRAM at FreeBSD-7.0-p9 - load avarage never upper a 0.5 You don't give dovecot version... don't you think that might be important? We have about 500 clients most of it use Outlook 2007 via IMAP. We run in this problems: 1) Sync of imap folder is really slow(I think it is Outlook problem) Yes, Outlook is a notoriously bad IMAP client, but 2007 is supposed to be a bit better behaved than previous versions... *dovecot -n don`t give full conf so i use this:* If dovecot -n doesn't give expected results, that may be a clue... doevecot -n gives the config that the running version of dovecot is actually USING - so if it contradcits what you expect, then you are most likely editing the wrong config file. Please provide FULL dovecot -n output always, then copy/paste the stuff that isn't included (like the contents of dovecot-sql.conf if using it, etc)... -- Best regards, Charles
Re: [Dovecot] deliver: command died with signal 6
On 1/20/2009, Jan-Frode Myklebust (janfr...@tanso.net) wrote: % dovecot -n # 1.0.15: /usr/local/dovecot-1.0.15/etc/dovecot.conf Maybe try latest stable version? -- Best regards, Charles
Re: [Dovecot] deliver: command died with signal 6
On 2009-01-20, Jan-Frode Myklebust janfr...@tanso.net wrote: I tried setting mmap_disable=yes today, but got two new failures 2.5 hours later :-( I check the logs for the last failure, and see that at the same second two servers were trying to deliver separate messages to the same account. I'll try avoiding a bit of these parallell deliveries by changing MX to prefer one host. That might help as a workaround, but might fail next time this preferred host is too busy to process all requests.. -jf
Re: [Dovecot] Dovecot optimisation
Charles Marcus wrote: On 1/20/2009 4:10 AM, Proskurin Kirill wrote: We use Dell 2950 with 4GbRAM at FreeBSD-7.0-p9 - load avarage never upper a 0.5 You don't give dovecot version... don't you think that might be important? We have about 500 clients most of it use Outlook 2007 via IMAP. We run in this problems: 1) Sync of imap folder is really slow(I think it is Outlook problem) Yes, Outlook is a notoriously bad IMAP client, but 2007 is supposed to be a bit better behaved than previous versions... *dovecot -n don`t give full conf so i use this:* If dovecot -n doesn't give expected results, that may be a clue... doevecot -n gives the config that the running version of dovecot is actually USING - so if it contradcits what you expect, then you are most likely editing the wrong config file. Please provide FULL dovecot -n output always, then copy/paste the stuff that isn't included (like the contents of dovecot-sql.conf if using it, etc)... Sorry - you a right. But dovecot -n don`t show things like a login_max_processes_count and other thing what I think must be a bootle neck. mail# dovecot -n # 1.1.8: /usr/local/etc/dovecot.conf # OS: FreeBSD 7.0-RELEASE-p9 i386 ufs base_dir: /var/run/dovecot/ log_path: /var/log/dovecot/dovecot.log info_log_path: /var/log/dovecot/dovecot.log protocols: imap imaps pop3 pop3s managesieve listen(default): * listen(imap): * listen(pop3): * listen(managesieve): *:2000 ssl_ca_file: /usr/local/etc/certs/GlobalSignCA.crt ssl_cert_file: /usr/local/etc/certs/fxclub_org.crt ssl_key_file: /usr/local/etc/certs/fxclub_org.key ssl_cipher_list: ALL:!LOW:!SSLv2 login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login login_greeting_capability(default): yes login_greeting_capability(imap): yes login_greeting_capability(pop3): no login_greeting_capability(managesieve): no login_processes_count: 10 mail_max_userip_connections(default): 10 mail_max_userip_connections(imap): 10 mail_max_userip_connections(pop3): 3 mail_max_userip_connections(managesieve): 10 verbose_proctitle: yes first_valid_gid: 0 mail_privileged_group: mail mail_uid: dmail mail_gid: dmail mail_location(default): maildir:/var/spool/dovecot/domains/%d/%n/ mail_location(imap): maildir:/var/spool/dovecot/domains/%d/%n/ mail_location(pop3): maildir:/var/spool/dovecot/domains/%d/%n/ mail_location(managesieve): mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve mail_plugins(default): quota imap_quota autocreate mail_plugins(imap): quota imap_quota autocreate mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve imap_client_workarounds(default): delay-newmail tb-extra-mailbox-sep imap_client_workarounds(imap): delay-newmail tb-extra-mailbox-sep imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): sieve_storage(default): sieve_storage(imap): sieve_storage(pop3): sieve_storage(managesieve): % sieve(default): sieve(imap): sieve(pop3): sieve(managesieve): ~/.dovecot.sieve auth default: mechanisms: plain login user: dovecot-auth username_format: %Lu verbose: yes worker_max_count: 100 passdb: driver: ldap args: /usr/local/etc/dovecot-ldap.conf userdb: driver: ldap args: /usr/local/etc/dovecot-ldap.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 user: exim master: path: /var/run/dovecot/auth-master mode: 384 user: dmail plugin: quota: maildir quota_rule: *:storage=1024M quota_rule2: Trash:storage=1256M quota_rule3: SPAM:ignore quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80 autocreate: Trash autocreate2: Sent autocreate3: Spam autosubscribe: Trash autosubscribe2: Sent autosubscribe3: Spam mail# grep -v '#' /usr/local/etc/dovecot-ldap.conf | egrep -v '^$' hosts = 127.0.0.1 dn = cn=root,dc=CAS dnpass = secret tls = no auth_bind = no ldap_version = 3 base = dc=CAS deref = never scope = subtree user_attrs = mailQuotaSize=quota_rule=*:storage=%$M ,=uid=1002,=gid=1002,=home=/var/spool/dovecot/domains/%d/%n user_filter = ((objectClass=mailUser)(mail=%u)) pass_attrs = userPassword=password pass_filter =
Re: [Dovecot] Dovecot discards mail over quota
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 19 Jan 2009, Charles Marcus wrote: On 1/18/2009 5:47 PM, Gary V wrote: The only functional difference I can see (at least as far as 'over quota' is concerned) is who sends the bounce (and subsequently - what message the bounce contains). If that's the case, it's a matter of which notification the mail admin prefers. Again... the only unit responsible for sending actual bounce messages is the SENDERS MTA. Your (receiving) MTA should only either ACCEPT (if so, NEVER generate a 'bounce' later), DEFER or REJECT. That's wrong. To accept means to take over the responsibility to deliver the mail and/or notify the sender about its forthcoming. A failed delivery is just a DSN as read or delivered DSNs are. RFC2821 sec 2.1 In either case, a formal handoff of responsibility for the message occurs: the protocol requires that a server accept responsibility for either delivering a message or properly reporting the failure to do so. either to deliver or to report failure. Once SMTP dialogue is over, to report failure means sent a DSN aka bounce message. RFC2821 sec 2.4 in context of garbled message content Delivery SMTP systems MAY reject (bounce) such messages rather than deliver them. The MTA may decide to not deliver, but bounce in that case. RFC2821 sec 3.7 about relaying explicitly states bounces, too, RC2821 sec 4.2.5 Reply Codes After DATA and the Subsequent CRLF.CRLF When an SMTP server returns a positive completion status (2yz code) after the DATA command is completed with CRLF.CRLF, it accepts responsibility for: - delivering the message (if the recipient mailbox exists), or - if attempts to deliver the message fail due to transient conditions, retrying delivery some reasonable number of times at intervals as specified in section 4.5.4. - if attempts to deliver the message fail due to permanent conditions, or if repeated attempts to deliver the message fail due to transient conditions, returning appropriate notification to the sender of the original message (using the address in the SMTP MAIL command). permanent failure = appropriate notification of sender Because no MTA I'm aware of delivers during SMTP DATA phase, permanently failed delivery attempts have to generate a bounce message per RFC. If the MTA can detect the temp or perm problem, if it will try to deliver the mail into the pysical mailbox later, fine - it can send a 4xy or 5xy response for DATA, but the lag between the detection and the actual delivery, esp. if the mail is sent to more than one recipient or an aliase / list, may result in a failed delivery attempt, although the test in DATA phase succeeded. Actually it would be a GoodThing, if failed delivery attempts could be routed to another account, e.g. local Postmaster, if a specific condition is fullfilled, e.g. a is-SPAM tag is present. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSXWxDHWSIuGy1ktrAQIAbggAt431hphUNLlhZn9M/kundiaqzFChjuTS LxtsOa5csFFLwbLK+wy+G6tZXMZp/mcd2N8EzAeDz3VnZ8FrpZuMw4X2CxRz86ou g1grQroWvBHAFJrMMQmjS9Nc8szWTFxo0cpjJ2nqCKs/bQ/ExDLOQd2XQxu4W0nd CAYWKpB5CcfTJSEQ9FKY0W1Nx8OE1FbT6JX7fTnDWhPthcZXR2L5i3O/cAJl9TRu rs2d7+/K4k3O8luDF+d47+uNXc5w/y2tPXcJs9AV+P4MkJkcMOPpsAeX7K54XVcm JAKXYABbQC/QFr6LNY96BkW6wsW7IRSCTUHJrCrKBqBZI9+jwLVcig== =XzBE -END PGP SIGNATURE-
Re: [Dovecot] Migration dbmail - dovecot.
Nice, but how i can use it in migration ? i mean how to make dovecot use passwords in this format ? And i just surprised by fact that google says You`re fist one who want to migrate from dbmail to dovecot Pascal Volk пишет: On 20.01.2009 10:42 Андрей Юртайкин wrote: Hi i want to migrate from dbmail to dovecot, the main problem is passwords. dbmail uses md5-hash wich crypt 111 to $1$tZNR7pR4$jMuuKWm7ljRyL8iEMfjep.. Tried all dovecot pass schemes thru `dovecotpw` and no one matches. The main question is how to migrate dbmail - dovecot. Hm, it's a simple md5 crypt hash, that stores it salt at the beginning of the hash. How to reproduce: ,--[ Python ]-- | In [29]: import crypt | In [30]: clear, salt = '111', '$1$tZNR7pR4$' | In [31]: crypt.crypt(clear, salt) | Out[31]: '$1$tZNR7pR4$jMuuKWm7ljRyL8iEMfjep.' `-- Regards, Pascal -- С уважением, Юртайкин Андрей системный администратор, ЗАО ИСКРАТЕЛЕКОМ тел.: +7 495 287 45 45, доб. 070 f...@corp.iskratelecom.ru, http://www.iskratelecom.ru
[Dovecot] NFS group RQUOTA
Hi All. Linux have EXT_RQUOTAPROG (Extended (LINUX) RPC quota program). Does anybody know how to implement dovecot GROUP NFS quota-fs? =kostik
Re: [Dovecot] deliver rejection bounces
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 19 Jan 2009, Seth Mattinen wrote: Postfix. Will it do it out of the box? No. You can add hooks to Postfix using the pre-queue content filter, milter, access policy delegation or patches so So your answer is wrong, Postfix _doesn't_ do it. You can hack it to do so. So you can hack sendmail. Exim, too, if I remember correctly. qmail cannot, unless they changed the innerworkings. Many mail setups cannot because they have a specific mail filter machine (e.g. blackbox / hardware appliance) in front of their delivery MTA. I'm sure there are tools out there developed to take advantage of these interfaces that do what I'm alluding to, but I don't know any off the top of my head and I can't share mine. MIMEDefang is a very flexible milter (for sendmail). There had been one or two requests like this on the list, but I did not see any success story, yet. For simple to one physical mailbox messages it would be fairly easy with MIMEDefang actually (the theoretical framework, if it would work is another story). The most important part then would be to determine the actual recipient for sure, e.g. milter gets the RCPT TO value, one has to apply any processing in milter. Then you have to call the LDA and process its results properly. Here you have the security itch that milter and LDA usualy do not run with the same user id, hence, the LDA must be set-uid root or something like that. If the SMTP transaction does not time out - this point is quite problematic if you count mail scanning (virus/SPAM) and delivery (with possible user scripts) together, you can return a 4xy or 5xy reply on failure, or 2xy and discard on success. Actually, I tried to catch out-going DSNs in MIMEDefang, but failed, because they are not passed through milter (in sendmail anyway). Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSXW3wHWSIuGy1ktrAQIREgf/bl0kb+FffJopFuxOumcKfVNcmjK0x02b GueXYxjnHqN9lyjvcDy8blqd1gDpvCWWqk7LlVLxiMnAiRApsC3FlgbvT1iMX0ad MoeFTEXZyDENOWJgqBJJwn6SJrwqJMcvgW8O8yWL6XoXLw3tX5c43196Re3wevBg ahfKkda65t2Zp02DBCxlNC0GHTXbooAPoeoChemdPV7HiYlxjHLPF6H+24RE+IOU O8DsZcYwbQZE2LZtedBafgGe6v7gGUAXl86jz/GOAwdQyu4HtLkJ9gKOcK9F+5cL SpIQJOueDJ9mvOKN24uMm5yuV8nz1z8S6Jh2DJndeR7pzaC/8l2wsg== =SOfv -END PGP SIGNATURE-
Re: [Dovecot] Dovecot optimisation
On 1/20/2009, Proskurin Kirill (proskurin...@fxclub.org) wrote: But dovecot -n don`t show things like a login_max_processes_count and other thing what I think must be a bootle neck. I was aware it left out config info from other external files (like dovecot-sql configs) - but I thought thiall other settings should show... maybe this is a bug? -- Best regards, Charles
Re: [Dovecot] Dovecot discards mail over quota
On 1/20/2009 6:10 AM, Steffen Kaiser wrote: Again... the only unit responsible for sending actual bounce messages is the SENDERS MTA. Your (receiving) MTA should only either ACCEPT (if so, NEVER generate a 'bounce' later), DEFER or REJECT. That's wrong. To accept means to take over the responsibility to deliver the mail and/or notify the sender about its forthcoming. A failed delivery is just a DSN as read or delivered DSNs are. Correct - this is what I said. Reject is a failed delivery, while a defer will be retried until max retires is reached. either to deliver or to report failure. Once SMTP dialogue is over, to report failure means sent a DSN aka bounce message. A DSN is NOT a bounce message - it is an smtp transaction. The actual BOUNCE message is GENERATED by the ORIGINATING server. 'Bounces' from servers other than the originating server (the server that the original sender used to send the message) are called BACKSCATTER. RFC2821 sec 2.4 in context of garbled message content Delivery SMTP systems MAY reject (bounce) such messages rather than deliver them. The MTA may decide to not deliver, but bounce in that case. The word 'bounce' is NOT the primary word used - reject is. The word 'bounce' (in parenthesis), in my opinion, shouldn't be included here, as it is responsible for the confusion surrounding the difference between smtp transaction responses (ie reject or defer) and an actual EMAIL BONCE message, that many people confuse with it. permanent failure = appropriate notification of sender Correct... but the only responsibility of the receiving server is to reject the message appropriately. It is the responsibility of the originating (sending) server to inform the SENDER with the NDR/Bounce email. Because no MTA I'm aware of delivers during SMTP DATA phase, permanently failed delivery attempts have to generate a bounce message per RFC. But that is my point. The DESTINATION server does NOT generate THE BOUNCE - it only rejects the message with the appropriate smtp reject code. The ORIGINATING (SENDING) server generates the actual BOUNCE message (the email the sender gets informing them of the failed delivery). -- Best regards, Charles
Re: [Dovecot] Dovecot discards mail over quota
Hi Steffen, Steffen Kaiser schrieb: On Mon, 19 Jan 2009, Charles Marcus wrote: On 1/18/2009 5:47 PM, Gary V wrote: The only functional difference I can see (at least as far as 'over quota' is concerned) is who sends the bounce (and subsequently - what message the bounce contains). If that's the case, it's a matter of which notification the mail admin prefers. Again... the only unit responsible for sending actual bounce messages is the SENDERS MTA. Your (receiving) MTA should only either ACCEPT (if so, NEVER generate a 'bounce' later), DEFER or REJECT. That's wrong. To accept means to take over the responsibility to deliver the mail and/or notify the sender about its forthcoming. A failed delivery is just a DSN as read or delivered DSNs are. RFC2821 sec 2.1 In either case, a formal handoff of responsibility for the message occurs: the protocol requires that a server accept responsibility for either delivering a message or properly reporting the failure to do so. either to deliver or to report failure. Once SMTP dialogue is over, to report failure means sent a DSN aka bounce message. RFC2821 sec 2.4 in context of garbled message content Delivery SMTP systems MAY reject (bounce) such messages rather than deliver them. The MTA may decide to not deliver, but bounce in that case. RFC2821 sec 3.7 about relaying explicitly states bounces, too, RC2821 sec 4.2.5 Reply Codes After DATA and the Subsequent CRLF.CRLF When an SMTP server returns a positive completion status (2yz code) after the DATA command is completed with CRLF.CRLF, it accepts responsibility for: - delivering the message (if the recipient mailbox exists), or - if attempts to deliver the message fail due to transient conditions, retrying delivery some reasonable number of times at intervals as specified in section 4.5.4. - if attempts to deliver the message fail due to permanent conditions, or if repeated attempts to deliver the message fail due to transient conditions, returning appropriate notification to the sender of the original message (using the address in the SMTP MAIL command). permanent failure = appropriate notification of sender Because no MTA I'm aware of delivers during SMTP DATA phase, permanently failed delivery attempts have to generate a bounce message per RFC. If the MTA can detect the temp or perm problem, if it will try to deliver the mail into the pysical mailbox later, fine - it can send a 4xy or 5xy response for DATA, but the lag between the detection and the actual delivery, esp. if the mail is sent to more than one recipient or an aliase / list, may result in a failed delivery attempt, although the test in DATA phase succeeded. Actually it would be a GoodThing, if failed delivery attempts could be routed to another account, e.g. local Postmaster, if a specific condition is fullfilled, e.g. a is-SPAM tag is present. anyway by this rfc discussion, this feature would be a very nice to have ! Bye, -- Steffen Kaiser -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] Dovecot optimisation
On Jan 20, 2009, at 6:05 AM, Proskurin Kirill wrote: But dovecot -n don`t show things like a login_max_processes_count and other thing what I think must be a bootle neck. It doesn't show it, because you're using the default value for it. Anyway if you think login processes is the bottleneck, you can try if setting login_process_per_connection=no helps. http://wiki.dovecot.org/LoginProcess
Re: [Dovecot] Dovecot discards mail over quota
Steffen Kaiser: RFC2821 sec 2.1 Just as a side note (since Charles made his point very clear - to which I completely agree BTW): RFC 2821 is obsoleted by RFC 5321. Regards mks
Re: [Dovecot] deliver: command died with signal 6
On Jan 20, 2009, at 5:35 AM, Jan-Frode Myklebust wrote: On 2009-01-20, Jan-Frode Myklebust janfr...@tanso.net wrote: I tried setting mmap_disable=yes today, but got two new failures 2.5 hours later :-( I check the logs for the last failure, and see that at the same second two servers were trying to deliver separate messages to the same account. I'll try avoiding a bit of these parallell deliveries by changing MX to prefer one host. That might help as a workaround, but might fail next time this preferred host is too busy to process all requests.. That really sounds like the problem then is with GPFS, perhaps it has some internal caching that doesn't work as Dovecot expects.. Maybe Dovecot v1.1 with mail_nfs_*=yes settings would fix it too (I know it helps FUSE filesystems like glusterfs).
Re: [Dovecot] Coding question again...
On Jan 20, 2009, at 2:38 AM, Stefan Jurisch wrote: Yet I do not know, what functionality the 1.2 provides. In fact I just need an implementation of the 4 IMAP commands MYRIGHTS, GETACL, SETACL and DELETEACL and the ability for the user to share mailboxes himself by using these commands. .. The description of the ACL-feature in the table of 1.2 on the roadmap was not completely comprehendible for me, so I've been not quite sure, if dovecot can do these things above. But if you say, it can do, I would be able to stop the extra work and focus our work on building the mail system on basis of dovecot 1.2. v1.2 does support all the IMAP ACL commands that you need.
Re: [Dovecot] behavior of dovecot with Openldap
On Tue, 2009-01-20 at 13:53 +0900, Masaharu Kawada wrote: -2008/11/16 The customer updated openldap package openldap-2.2.13-6.4E ⇒ openldap-2.2.13-12.el4 .. For this reason, the customer wants to know why dovecot accessed only server2 since ldap package was updated on 2008/11/16 and also wants to know why replication had been failed after updating the package. Any idea what Dovecot version? rhel4 had 1.0.rc15 I think? I know there were some LDAP bugs in it, but I don't really remember anymore. Did Dovecot really try to access the server2, or was it simply unable to reconnect to the LDAP server at all? If the latter, it's probably just rc15 bug. As you said, if both ldap servers are used ramdomly, That was only a guess. If the problem was with reconnection, it is (was) a Dovecot bug. If the problem is something else, it's because of OpenLDAP library which I don't really know much about. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Shared Mailboxes (symlink) and kmail: known issues?
On Tue, 2009-01-20 at 07:21 +0100, Wilhelm Meier wrote: Hi, Am Montag 19 Januar 2009 schrieb Timo Sirainen: On Mon, 2009-01-19 at 18:32 +0100, Wilhelm Meier wrote: kmail instead seems to have some problems: if I save a mail into the shared-folder, the other users are seeing this new mail almost immediately. But if I delete(!) a mail from the shared-folder, the list of the other kmails remains untouch. Refreshing does nothing. I have to close kmail and restart. Is this related to some sort of wrong config of the shared mailboxes or is this a (known) dovecot - kmail problem? My guess is that kmail assumes it's the only client accessing the mailbox and doesn't bother handling IMAP notifications about expunged messages. If I delete the mail via kmail, the mail gets the T flag, but the mail-file remains there and the other kmail shows the mail (strange?). If I afterwards open the mailfolder via e.g. squirrelmail, the mail-file gets deleted, and it vanishes from the kmail list, if I refresh the view in kmail. OK, so what you're saying is that you're only marking messages with \Deleted flag, you're not really expunging them from disk. And kmail ignores flag changes done by other clients (or does it see if another client changes e.g. \Seen flag?) kmail notices the EXPUNGEs anyway. So what the kmail users would need to do is to trigger the EXPUNGE using kmail somehow, there's probably a expunge, compact or something like that somewhere. The difference is, that squirrelmail does a login/logout every time it looks for mails. kmail stays logged in. What squirrelmail probably does is a real EXPUNGE instead of only marking the messages as \Deleted. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Authentication cache, failure to login after changed password
On Tue, 2009-01-20 at 09:53 +0100, Tom Sommer wrote:
sql(u...@example.com,127.0.0.1): query: SELECT username as user,
plainpassword as password, nopassword FROM cyrususers WHERE username =
'u...@example.com' AND password = PASSWORD('SECRET') AND active = 1
dovecot: Jan 20 09:01:18 Info: auth-worker(default):
sql(u...@example.com,127.0.0.1): unknown user
..
It appears the user missed the cache, a SQL lookup is performed (which
returns 1 record, I tested the query directly) - however for some reason
the lookup is set as Unknown User, a state which it then keeps.
It's most likely set to unknown user because the password=PASSWORD()
check fails and no rows are returned. If you're already returning
plainpassword for Dovecot, why do you do the password check also in the
SQL query? That doesn't allow Dovecot to differentiate between unknown
user and invalid password.
Obviously I can adjust this with auth_cache_negative_ttl, but I presumed
the default value was always 0
Nope, 3600.
signature.asc
Description: This is a digitally signed message part
Re: [Dovecot] Authentication cache, failure to login after changed password
Timo Sirainen wrote:
On Tue, 2009-01-20 at 09:53 +0100, Tom Sommer wrote:
sql(u...@example.com,127.0.0.1): query: SELECT username as user,
plainpassword as password, nopassword FROM cyrususers WHERE username =
'u...@example.com' AND password = PASSWORD('SECRET') AND active = 1
dovecot: Jan 20 09:01:18 Info: auth-worker(default):
sql(u...@example.com,127.0.0.1): unknown user
..
It appears the user missed the cache, a SQL lookup is performed (which
returns 1 record, I tested the query directly) - however for some reason
the lookup is set as Unknown User, a state which it then keeps.
It's most likely set to unknown user because the password=PASSWORD()
check fails and no rows are returned. If you're already returning
plainpassword for Dovecot, why do you do the password check also in the
SQL query? That doesn't allow Dovecot to differentiate between unknown
user and invalid password.
No I ran the query manually afterwards and it returned 1 row.
The reason I'm using plainpassword, PASSWORD() and nopassword, etc. is
because not all users have a plainpassword - yet - as time progress more
and more users will return plainpassword and nopassword=NULL
That's how you fix design flaws without forcing all users to change
passwords :)
auth_cache_negative_ttl seems like a good source for user flaws (login attempt
before account is created = you cant log in for 3600 seconds even after the
account is valid), gonna go with 0 on all servers.
Thanks
--
Tom Sommer
[Dovecot] dovecot 1.2 latest copy delete etc perfomance slowed down extremly works partly
Hi Timo, with dovecot 1.2 copy delete etc imap funktions get slow down extremly log shows that the copy command is done right but takes extremly log to perform sometimes goes into timeout --log dovecot: Jan 20 15:48:48 Info: IMAP(hu...@schetterer.com): copy: uid=5, box=Drafts, dest=Trash, msgid=20090120140432.51606236...@master.schetterer.com, size=748 dovecot: Jan 20 15:48:48 Info: auth(default): new auth connection: pid=28816 Timeout leak: 0x80a9720 --- after restart dovecot the imap function i.e. delete is done and deleted mails are shown up in i.e the trash folder any idea whats happening after the last patcheswhich might be envolved? any hint to get more info out of the logs for debug ? client was latest thunderbird stable -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] dovecot 1.2 latest copy delete etc perfomance slowed down extremly works partly, with disable imap quota it works
Robert Schetterer schrieb: Hi Timo, with dovecot 1.2 copy delete etc imap funktions get slow down extremly log shows that the copy command is done right but takes extremly log to perform sometimes goes into timeout --log dovecot: Jan 20 15:48:48 Info: IMAP(hu...@schetterer.com): copy: uid=5, box=Drafts, dest=Trash, msgid=20090120140432.51606236...@master.schetterer.com, size=748 dovecot: Jan 20 15:48:48 Info: auth(default): new auth connection: pid=28816 Timeout leak: 0x80a9720 --- after restart dovecot the imap function i.e. delete is done and deleted mails are shown up in i.e the trash folder any idea whats happening after the last patcheswhich might be envolved? any hint to get more info out of the logs for debug ? client was latest thunderbird stable Hi Timo, looking about last patches ( dict quota quota code ) imap copy delete etc works nice again by disabling imap quota so you may have a look about your last quota dict patches -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] Dovecot optimisation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 20 Jan 2009, Proskurin Kirill wrote: Problem what I don`t know were is a bottle neck and I don`t know how to find it. I turn on mail_debug and all other but it not show anything what I look. Does these problems occure all the time, e.g. if you restart the Dovecot demon and there are just a bunch of users on it. Do you have a file descriptor limit for the demon process? Do you have some security stuff running, a BSD-equivalent of SELinux or AppArmour? Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSXXuLHWSIuGy1ktrAQL0BAf/TrQe4KWHHmSrlUoH2Kp4kj503cAJTBHt XwMbrek1K75BVseCfOZl36uHhkWzXULkhJOinN9cgsRG9yfYWfxj6bOguD+bsMp4 mhql4zkrl/w7yuUHqtGnekzNqFYiBDpkWxYWC3y1jOLEI7SLWcc9k/9AqM3l4cx1 KFEMoDJLJvl7BtSI2iMSgBNSbMyAgESxBQfg6MYqfY5kKSwQ7jkzZjmGLcZaCnV5 2VKzhyKIOC0E+h5xVWNX4GJ2jPJgZOX42FzrtiveIhGW96dF8G6Z8YARJuoaYrX6 KEyVgakMigbxixSIc4HWvbocuTqDtf6Xn99VMfte7NKwvak3a01SQA== =rSna -END PGP SIGNATURE-
[Dovecot] Errmsgs b4 and after migration DC V1.0.15 to V1.1.8
Last Wednesday at 12:21 I made this switch, which seemed to be uneventful. In any case, no user has reported problems since the migration. Not content to leave well enough alone, this morning I scanned the syslog and maillog for dovecot related errors. What I found was that: Before the Migration=== I saw a lot of SSL errors that look like this: Jan 14 11:49:23 mercury mail:warn|warning dovecot: imap-login: SSL_read() syscall failed: Connection reset by peer [69.180.200.184] Jan 14 11:52:28 mercury mail:warn|warning dovecot: imap-login: SSL_read() syscall failed: Connection reset by peer [68.6.82.45] Which l took to be breakin attempts of some sort, except that I haven't seen any since the migration! After the migration I see errors like this: Jan 14 12:21:45 mercury mail:err|error dovecot: IMAP(eg115): Corrupted index cache file /var/dcindx/eg115/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 1934 Jan 14 12:21:46 mercury mail:err|error dovecot: IMAP(alexande): Corrupted index cache file /var/dcindx/alexande/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 132641 Jan 14 12:21:46 mercury mail:err|error dovecot: IMAP(ls454): Corrupted index cache file /var/dcindx/ls454/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 47 Jan 14 12:21:46 mercury mail:err|error dovecot: IMAP(tr489): Corrupted index cache file /var/dcindx/tr489/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 1 Jan 14 12:21:54 mercury mail:err|error dovecot: IMAP(bh265): Corrupted index cache file /var/dcindx/bh265/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 2 Jan 14 12:22:01 mercury mail:err|error dovecot: IMAP(crouch): Corrupted index cache file /var/dcindx/crouch/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 4863 It appears that this error appears the first time a folder is referenced, then not again (I think but am not absolutely positive). Did the indexing method/format change in some way that would cause this (and Dovecot heals itself!) ? Is there any continuing problem inherent in this that needs to be dealt with? Thanks! -- Eppur si muove. (But Still it moves) Galileo, leaving the Inquisition, after buckling under the threat of torture and excommunication and recanting from his proof that the heavens do not revolve around the earth -- Stewart Dean, Unix System Admin, Henderson Computer Center, Bard College, Annandale, New York 12504 sd...@bard.edu voice: 845-758-7475, fax: 845-758-7035
Re: [Dovecot] Errmsgs b4 and after migration DC V1.0.15 to V1.1.8
On Tue, 2009-01-20 at 10:52 -0500, Stewart Dean wrote: Jan 14 11:49:23 mercury mail:warn|warning dovecot: imap-login: SSL_read() syscall failed: Connection reset by peer [69.180.200.184] Jan 14 11:52:28 mercury mail:warn|warning dovecot: imap-login: SSL_read() syscall failed: Connection reset by peer [68.6.82.45] Which l took to be breakin attempts of some sort, except that I haven't seen any since the migration! That just means you set verbose_ssl=yes and the client disconnected without sending a SSL BYE command. This is normal. Maybe v1.1 hides these useless messages (I did something related to that at some point). After the migration I see errors like this: Jan 14 12:21:45 mercury mail:err|error dovecot: IMAP(eg115): Corrupted index cache file /var/dcindx/eg115/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 1934 Jan 14 12:21:46 mercury mail:err|error dovecot: IMAP(alexande): Corrupted index cache file /var/dcindx/alexande/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 132641 Jan 14 12:21:46 mercury mail:err|error dovecot: IMAP(ls454): Corrupted index cache file /var/dcindx/ls454/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 47 Jan 14 12:21:46 mercury mail:err|error dovecot: IMAP(tr489): Corrupted index cache file /var/dcindx/tr489/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 1 Jan 14 12:21:54 mercury mail:err|error dovecot: IMAP(bh265): Corrupted index cache file /var/dcindx/bh265/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 2 Jan 14 12:22:01 mercury mail:err|error dovecot: IMAP(crouch): Corrupted index cache file /var/dcindx/crouch/.imap/INBOX/dovecot.index.cache: Broken MIME parts for mail UID 4863 It appears that this error appears the first time a folder is referenced, then not again (I think but am not absolutely positive). If it happens only once then don't worry about it. Or perhaps you could just go and delete all dovecot.index.cache files to avoid these errors (but that again makes the performance worse temporarily for those whose files are already fixed). Did the indexing method/format change in some way that would cause this (and Dovecot heals itself!) ? Maybe, but I can't really think of any specific reason right now. Is there any continuing problem inherent in this that needs to be dealt with? Hopefully not :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot optimisation
On 1/20/2009, Timo Sirainen (t...@iki.fi) wrote: It doesn't show it, because you're using the default value for it. Ahh... Which brings up a repeat request for alphabetical sorting of the output of dovecot -n and dovecot -a (makes it very easy to find settings and to make sure you aren't missing something), and for a new -d option to output only the default settings (as opposed to ALL), to make it easy to clean up redundant settings (setting something explicitly that has the value you are setting it to as the default), which makes for clean -n output. -- Best regards, Charles
Re: [Dovecot] Dovecot discards mail over quota
On 1/20/2009, Steffen Kaiser (skdove...@smail.inf.fh-brs.de) wrote: In order to handle Charles's idea, Dovecot deliver is to return No error and send no DSN in case of failure. ? Not sure where you got that idea... If Timos idea was in fact to 'pass-thru' these status codes, I'm all in favor of it... My point was the distinction between a BOUNCE message, and an smtp REJECT. -- Best regards, Charles
Re: [Dovecot] Dovecot optimisation
On Tue, 2009-01-20 at 11:09 -0500, Charles Marcus wrote: On 1/20/2009, Timo Sirainen (t...@iki.fi) wrote: It doesn't show it, because you're using the default value for it. Ahh... Which brings up a repeat request for alphabetical sorting of the output of dovecot -n and dovecot -a (makes it very easy to find settings and to make sure you aren't missing something), and for a new -d option to output only the default settings (as opposed to ALL), to make it easy to clean up redundant settings (setting something explicitly that has the value you are setting it to as the default), which makes for clean -n output. I'm now working on configuration handling rewrite for v1.3. Maybe for that. :) signature.asc Description: This is a digitally signed message part
[Dovecot] dotlock timestamp trouble
Hi there, I'm getting a lot of this message in production log: Created dotlock file's timestamp is different than current time (1232468644 vs 1232468524): /path/to/dovecot.index.log The IT guy swears the clocks are sincronized. Whe even have made a test in the machine running dovecot, inside the user's mailbox: # foo; ls -l --time-style=full-iso foo; date -rw-r--r-- 1 root root 0 2009-01-19 17:40:55.00085 + foo Mon Jan 19 17:40:55 UTC 2009 The timestamps seems to match. I'm using dovecot 1.1.6 over NFS. Any thoughts? Thanks in advance, gpg
Re: [Dovecot] dotlock timestamp trouble
On Tue, 2009-01-20 at 14:36 -0200, Giorgenes Gelatti wrote: Created dotlock file's timestamp is different than current time (1232468644 vs 1232468524): /path/to/dovecot.index.log The IT guy swears the clocks are sincronized. the difference in the above message is exactly 120 seconds. Are they all 120 seconds? I'm using dovecot 1.1.6 over NFS. Any thoughts? What OS are you using on the NFS clients? Perhaps this is a caching issue, have you tried changing/disabling attribute cache timeouts? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot optimisation
On 1/20/2009 11:23 AM, Timo Sirainen wrote: Which brings up a repeat request for alphabetical sorting of the output of dovecot -n and dovecot -a (makes it very easy to find settings and to make sure you aren't missing something), and for a new -d option to output only the default settings (as opposed to ALL), to make it easy to clean up redundant settings (setting something explicitly that has the value you are setting it to as the default), which makes for clean -n output. I'm now working on configuration handling rewrite for v1.3. Maybe for that. :) Somehow I'm not surprised... ;) -- Best regards, Charles
Re: [Dovecot] Shared Mailboxes (symlink) and kmail: known issues? [partly solved]
Am Dienstag 20 Januar 2009 schrieb Timo Sirainen: On Tue, 2009-01-20 at 07:21 +0100, Wilhelm Meier wrote: Hi, Am Montag 19 Januar 2009 schrieb Timo Sirainen: On Mon, 2009-01-19 at 18:32 +0100, Wilhelm Meier wrote: kmail instead seems to have some problems: if I save a mail into the shared-folder, the other users are seeing this new mail almost immediately. But if I delete(!) a mail from the shared-folder, the list of the other kmails remains untouch. Refreshing does nothing. I have to close kmail and restart. Is this related to some sort of wrong config of the shared mailboxes or is this a (known) dovecot - kmail problem? My guess is that kmail assumes it's the only client accessing the mailbox and doesn't bother handling IMAP notifications about expunged messages. If I delete the mail via kmail, the mail gets the T flag, but the mail-file remains there and the other kmail shows the mail (strange?). If I afterwards open the mailfolder via e.g. squirrelmail, the mail-file gets deleted, and it vanishes from the kmail list, if I refresh the view in kmail. OK, so what you're saying is that you're only marking messages with \Deleted flag, you're not really expunging them from disk. And kmail ignores flag changes done by other clients (or does it see if another client changes e.g. \Seen flag?) kmail notices the EXPUNGEs anyway. So what the kmail users would need to do is to trigger the EXPUNGE using kmail somehow, there's probably a expunge, compact or something like that somewhere. Thanks for this hint: the problem is partly solved: kmail has a flag auto-expunge. I set this to true and then kmail asynchronously does the expunge. It seems that selecting INBOX in kmail triggers this event. Refreshing the folder or retrieving new messages doesn't! Other question: is it save with respect to dovecot to remove the T-flagged messages in the maildir, e.g. per inotify? Yes, this is a hack, I know. The difference is, that squirrelmail does a login/logout every time it looks for mails. kmail stays logged in. What squirrelmail probably does is a real EXPUNGE instead of only marking the messages as \Deleted. -- Wilhelm
Re: [Dovecot] Dovecot optimisation
Proskurin Kirill wrote: Timo Sirainen wrote: On Jan 20, 2009, at 6:05 AM, Proskurin Kirill wrote: But dovecot -n don`t show things like a login_max_processes_count and other thing what I think must be a bootle neck. It doesn't show it, because you're using the default value for it. Anyway if you think login processes is the bottleneck, you can try if setting login_process_per_connection=no helps. http://wiki.dovecot.org/LoginProcess Problem what I don`t know were is a bottle neck and I don`t know how to find it. I turn on mail_debug and all other but it not show anything what I look. I just increes all things what may be was a bottle neck and... seams to fix it. But I really want to know what it is was. Setting login_process_per_connection = no is much more scalable for large environments. Obviously there is a slight security trade off. You can confirm if it's a login bottleneck by looking to see if you have the maximum number of imap-login processes (default is 128) rather than just arbitrarily increasing everything. ~Seth
Re: [Dovecot] Dovecot optimisation
On 1/20/2009 11:23 AM, Timo Sirainen wrote: Which brings up a repeat request for alphabetical sorting of the output of dovecot -n and dovecot -a (makes it very easy to find settings and to make sure you aren't missing something), and for a new -d option to output only the default settings (as opposed to ALL), to make it easy to clean up redundant settings (setting something explicitly that has the value you are setting it to as the default), which makes for clean -n output. I'm now working on configuration handling rewrite for v1.3. Maybe for that. :) While we're on the subject, and since you're already working on a (total?) rewrite of the config handling... ;) To continue to borrow from postfix, how about adding some additional parameters - or at least coding to allow for their addition later if it is a lot of work now? Suggestions: Change command from 'dovecot -n[d][a]' to 'doveconf -n[d][a]' etc... Allow config parameters to be added/edited via the commandline ala postfix, for example: doveconf -e mail_executable=/usr/libexec/dovecot/imap would edit (-e) the config file and add this parameter setting doveconf mail_executable would show the current setting for mail_executable etc... Obviously, I like the way postfix works... :) -- Best regards, Charles
Re: [Dovecot] redirecting temp email files to another directory
Hi Timo, I believe disabling file locking will fix the problem. I have search other sites about file locking and sendmail, file locking may cause sendmail to do Denial of Service. I have to get people to use the new squirrelmail + Dovecot server again. Is there a great chance the files would get corrupted because I do not have file locking enabled in Dovecot? As for the _298392349394823908user temp file this is created by, the pop3 server I have, this cause any problems. Thanks! jane - Original Message - From: Timo Sirainen t...@iki.fi Date: Sunday, January 18, 2009 10:45 pm Subject: Re: [Dovecot] redirecting temp email files to another directory To: Dovecot Mailing List dovecot@dovecot.org On Jan 19, 2009, at 1:40 AM, JANE CUA wrote: sample temp files that gets create in /var/spool/mail -rw-- jane mail _43398509485894865jane I'm certain Dovecot didn't create this file at least directly. -rw-- jane mail jane.lock This is a dotlock and it can be created by Dovecot. You could also probably disable it. http://wiki.dovecot.org/MboxLocking http://wiki.dovecot.org/MailboxFormat/mbox other users create these files randomly as well in /var/spool/mail, / var/spool/mail is an NFS mount. Hmm. NFS is a pretty good suspect here. I know that in some situations it creates such temp files, although they're usually named .nfs.something. Are those files deleted or are they just lying around? What size do they have?
Re: [Dovecot] Dovecot discards mail over quota
It's simply a fact these days that people find backscatter and misdirected bounces annoying. In many cases they end up at a forged address that had nothing to do with the original transaction. A well behaved receiver will make decisions during the SMTP transactions with appropriate response codes. It should never accept and generate a message later. It's not a matter of mincing what an RFC says or does not say, it's about not being a dick on the internet and respecting your virtual neighbors. It's like if you were to go through your postal mail box, separate the junk mail and throw it into your neighbor's yard. ~Seth
Re: [Dovecot] redirecting temp email files to another directory
On Tue, 2009-01-20 at 11:00 -0800, JANE CUA wrote: Hi Timo, I believe disabling file locking will fix the problem. I have search other sites about file locking and sendmail, file locking may cause sendmail to do Denial of Service. I have to get people to use the new squirrelmail + Dovecot server again. Is there a great chance the files would get corrupted because I do not have file locking enabled in Dovecot? If the locking doesn't work right then yes, the mbox files will easily get corrupted. So you should make sure all programs accessing the mbox also lock it using fcntl locking before removing the dotlock. But the dotlocks should normally work fine too. Like I said before, check if you have errors in Dovecot's logs. Maybe they'll reveal a larger problem and after you solve that the dotlock problems will be gone as well. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot discards mail over quota
On 1/20/2009, Seth Mattinen (se...@rollernet.us) wrote: It's simply a fact these days that people find backscatter and misdirected bounces annoying. In many cases they end up at a forged address that had nothing to do with the original transaction. A well behaved receiver will make decisions during the SMTP transactions with appropriate response codes. It should never accept and generate a message later. Well, its also about the fact that if one engages in such behavior, one will quickly find one's mailserver/IP address on numerous blacklists that are a pain to get off of, IF you can get off of them. -- Best regards, Charles
Re: [Dovecot] Dovecot discards mail over quota
Charles Marcus wrote: On 1/20/2009, Seth Mattinen (se...@rollernet.us) wrote: It's simply a fact these days that people find backscatter and misdirected bounces annoying. In many cases they end up at a forged address that had nothing to do with the original transaction. A well behaved receiver will make decisions during the SMTP transactions with appropriate response codes. It should never accept and generate a message later. Well, its also about the fact that if one engages in such behavior, one will quickly find one's mailserver/IP address on numerous blacklists that are a pain to get off of, IF you can get off of them. Merely a reinforcement by the people who find backscatter unacceptable directed at people who can't take a hint. ;) ~Seth
Re: [Dovecot] Dovecot optimisation
Timo Sirainen пишет: On Tue, 2009-01-20 at 11:09 -0500, Charles Marcus wrote: On 1/20/2009, Timo Sirainen (t...@iki.fi) wrote: It doesn't show it, because you're using the default value for it. Ahh... Which brings up a repeat request for alphabetical sorting of the output of dovecot -n and dovecot -a (makes it very easy to find settings and to make sure you aren't missing something), and for a new -d option to output only the default settings (as opposed to ALL), to make it easy to clean up redundant settings (setting something explicitly that has the value you are setting it to as the default), which makes for clean -n output. I'm now working on configuration handling rewrite for v1.3. Maybe for that. :) Heh... We so much wating for 2.0 :-) -- Best regards, Proskurin Kirill
Re: [Dovecot] Dovecot optimisation
Steffen Kaiser пишет: Does these problems occure all the time, e.g. if you restart the Dovecot demon and there are just a bunch of users on it. After restart - it work for some time, but it is just because no all connect to it again. Do you have a file descriptor limit for the demon process? System limit? 512mb. It not run on this. Do you have some security stuff running, a BSD-equivalent of SELinux or AppArmour? Nope. As I sad before - i just increase *all* thing what can be a bottleneck twice. And seems to fix it. But it makes me think what it is real will be good if dovecot can say in debuging loging what he reach some limits from his config. It will make finding a bottleneck such easy.. heh. I just what to know - were was a problem, but seam to i don`t have any tool for this. Any way - dovecot is a great and i glad what i migrate from a Cyrus. ;-) -- Best regards, Proskurin Kirill
Re: [Dovecot] Dovecot optimisation
On Tue, 2009-01-20 at 22:52 +0300, Proskurin Kirill wrote: But it makes me think what it is real will be good if dovecot can say in debuging loging what he reach some limits from his config. Pretty much everything such thing does log an error/warning, except when login process max count is reached. I guess this should be fixed. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot optimisation
Proskurin Kirill wrote: Steffen Kaiser пишет: Does these problems occure all the time, e.g. if you restart the Dovecot demon and there are just a bunch of users on it. After restart - it work for some time, but it is just because no all connect to it again. Do you have a file descriptor limit for the demon process? System limit? 512mb. It not run on this. Do you have some security stuff running, a BSD-equivalent of SELinux or AppArmour? Nope. As I sad before - i just increase *all* thing what can be a bottleneck twice. And seems to fix it. But it makes me think what it is real will be good if dovecot can say in debuging loging what he reach some limits from his config. It will make finding a bottleneck such easy.. heh. I just what to know - were was a problem, but seam to i don`t have any tool for this. ps ax | grep imap-login | wc -l ~Seth
Re: [Dovecot] multiple passwords in different schemes
On Tue, 2009-01-20 at 21:02 +0100, Maciej Uhlig wrote: Timo wrote : In future it's possible that Dovecot could support multiple passwords in different schemes for a single user.. Is it planned in the nearest future? :-) I've implemented it (or actually something that's a bit more generic) this far: http://dovecot.org/patches/1.2/auth-multi-password.diff But IIRC it's still missing things and I decided it's not worth the effort right now. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] multiple passwords in different schemes
Timo Sirainen wrote: I've implemented it (or actually something that's a bit more generic) this far: http://dovecot.org/patches/1.2/auth-multi-password.diff But IIRC it's still missing things and I decided it's not worth the effort right now. I see. FYI I'd like to allow an user to authenticate for postfix: at work using PLAIN (with TLS) and at home using CRAM-MD5, while different scheme passwords are stored in LDAP directory. Would your auth-multi-password patch be enough for this purpose? Best regards, MU
Re: [Dovecot] multiple passwords in different schemes
On Tue, 2009-01-20 at 21:15 +0100, Maciej Uhlig wrote: Timo Sirainen wrote: I've implemented it (or actually something that's a bit more generic) this far: http://dovecot.org/patches/1.2/auth-multi-password.diff But IIRC it's still missing things and I decided it's not worth the effort right now. I see. FYI I'd like to allow an user to authenticate for postfix: at work using PLAIN (with TLS) and at home using CRAM-MD5, while different scheme passwords are stored in LDAP directory. Would your auth-multi-password patch be enough for this purpose? If the password is the same in both cases, you can simply use a single CRAM-MD5 scheme. Dovecot can do plaintext authentication against all schemes just fine. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] multiple passwords in different schemes
Timo Sirainen: If the password is the same in both cases, you can simply use a single CRAM-MD5 scheme. Dovecot can do plaintext authentication against all schemes just fine. Actually I happen not to understand the above :-( I thought PLAIN is a plaintext schema while CRAM-MD5 is non-plaintext schema and it's impossible to have the same password in mixed schemas stored in one database used for different authentication mechanisms (i.e. PLAIN and CRAM-MD5). Moreover there is no fallback using mechanism other than PLAIN. What am I missing here? Yes, the password is the same in both cases, but it is stored twice: as a MD5 hash and as a CRAM-MD5 hash. Best regards, MU
Re: [Dovecot] multiple passwords in different schemes
On Tue, 2009-01-20 at 21:42 +0100, Maciej Uhlig wrote: Timo Sirainen: If the password is the same in both cases, you can simply use a single CRAM-MD5 scheme. Dovecot can do plaintext authentication against all schemes just fine. Actually I happen not to understand the above :-( I thought PLAIN is a plaintext schema while CRAM-MD5 is non-plaintext schema and it's impossible to have the same password in mixed schemas stored in one database used for different authentication mechanisms (i.e. PLAIN and CRAM-MD5). Moreover there is no fallback using mechanism other than PLAIN. What am I missing here? Yes, it's not possible to store two different schemas. But the point is that plaintext authentication (PLAIN or LOGIN auth mechanism) can verify the password against ANY schema. Yes, the password is the same in both cases, but it is stored twice: as a MD5 hash and as a CRAM-MD5 hash. Just don't store the MD5 hash, it's unnecessary. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] multiple passwords in different schemes
Timo Sirainen: But the point is that plaintext authentication (PLAIN or LOGIN auth mechanism) can verify the password against ANY schema. I see. Many thanks for this explanation :-) Best regards, MU
[Dovecot] Move from 1.0.rc29 to 1.1.7?
Hello! I am moving my mail from the old server with 1.0.rc29 to a brand new server with 1.1.7. I use Maildir in both servers. A few questions: 1) The new server has another name, can I just copy the mail files as-is, will the server name in the file names matter? 2) The new server has a different architecture and different endian, so I plan not to copy the index and cache files; they seem to have become broken from time to time in the old server anyway. Dovecot will also re-create them when needed. Ok? 3) 1.0.rc29 did not store the message size in the file name as later versions. When will Dovecot do the check and rename the files to include the message size? There are some folders with quite large number of messages, the largest is some 45,000 messages. TIA, /Peter -- Peter Lindgren http://www.norrskenkonsult.com
[Dovecot] userdb didn't return a home directory with v1.1.7
Hi all, I am running Dovecot v1.1.7 in a relatively quiet and calm environment. Suddenly overnight cron job has started throwing out errors like: /usr/sbin/dovecot --exec-mail ext /usr/lib/dovecot/expire-tool Error: userdb(us...@mail.example) didn't return a home directory Error: userdb(us...@mail.example) didn't return a home directory Indeed, running this command produces: - $ sudo /usr/sbin/dovecot --exec-mail ext /usr/lib/dovecot/expire-tool --test Error: userdb(us...@mail.example) didn't return a home directory Info: User lookup failed: us...@mail.example Error: userdb(us...@mail.example) didn't return a home directory Info: User lookup failed: us...@mail.example - Yet these mailboxes are valid, corresponding users can login, send and receive mail. Other mailboxes are OK, too. Where to to start looking? I found that similar error message with v1.1.6 is fixed in v1.1.7, but I am running v.1.1.7 already. Please see dovecot configuration below. Thank you for your time, Ivars # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.27-9-server i686 Ubuntu 8.10 ext3 base_dir: /var/run/dovecot/ syslog_facility: local1 protocols: imap imaps pop3 pop3s managesieve ssl_cert_file: /etc/certs/mail.mail.example.crt ssl_key_file: /etc/certs/mail.mail.example.key disable_plaintext_auth: no login_dir: /var/run/dovecot//login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_user: postfix login_greeting: VDEAVK epasta serveris. login_processes_count: 2 first_valid_uid: 107 mail_location: maildir:/home/vmail/%d/%n mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): expire fts fts_squat antispam mail_plugins(imap): expire fts fts_squat antispam mail_plugins(pop3): expire mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve managesieve_implementation_string(default): dovecot managesieve_implementation_string(imap): dovecot managesieve_implementation_string(pop3): dovecot managesieve_implementation_string(managesieve): Cyrus timsieved v2.2.13 sieve_storage(default): sieve_storage(imap): sieve_storage(pop3): sieve_storage(managesieve): /etc/dovecot/sieve/ sieve(default): sieve(imap): sieve(pop3): sieve(managesieve): /home/vmail/sieve-scripts/%u.sieve auth default: mechanisms: PLAIN LOGIN user: vmail username_format: %...@mail.example verbose: yes passdb: driver: sql args: /etc/dovecot/dovecot-mysql.conf userdb: driver: sql args: /etc/dovecot/dovecot-mysql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: sieve: /home/vmail/sieve-scripts/%u.sieve expire: Trash 30 Trash/* 30 Spam 60 expire_dict: proxy::expire fts: squat antispam_signature: X-DSPAM-Signature antispam_trash: trash;Trash;Deleted Items antispam_spam: Spam antispam_dspam_binary: /usr/bin/dspam antispam_dspam_args: --deliver=;--user;%u;-s antispam_mail_tmpdir: /tmp antispam_mail_sendmail: /usr/sbin/sendmail antispam_mail_spam: spam...@mail.example antispam_mail_notspam: notspam...@mail.example antispam_crm_binary: /bin/false dict: expire: mysql:/etc/dovecot/dovecot-dict-expire.conf r...@mail:~# cat /etc/dovecot/dovecot-dict-expire.conf connect = host=127.0.0.1 dbname=postfix user=postfix password=removed table = expire select_field = timestamp where_field = path username_field = username r...@mail:~# # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.27-9-server i686 Ubuntu 8.10 ext3 base_dir: /var/run/dovecot/ syslog_facility: local1 protocols: imap imaps pop3 pop3s managesieve ssl_cert_file: /etc/certs/mail.mail.example.crt ssl_key_file: /etc/certs/mail.mail.example.key disable_plaintext_auth: no login_dir: /var/run/dovecot//login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_user: postfix login_greeting: VDEAVK epasta serveris. login_processes_count: 2 first_valid_uid: 107 mail_location: maildir:/home/vmail/%d/%n mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): expire fts
Re: [Dovecot] Move from 1.0.rc29 to 1.1.7?
On Tue, 2009-01-20 at 22:35 +0100, Peter Lindgren wrote: Timo Sirainen skrev: On Tue, 2009-01-20 at 22:04 +0100, Peter Lindgren wrote: 3) 1.0.rc29 did not store the message size in the file name as later versions. When will Dovecot do the check and rename the files to include the message size? There are some folders with quite large number of messages, the largest is some 45,000 messages. It doesn't rename anything and it also doesn't require sizes in the file names. The new server seems to have this function on by default, can I force this renaming (by will or by mistake)? Dovecot v1.1 will add the ,W= file sizes to file names always, it's not configurable. But it works fine even if the sizes don't exist all files. signature.asc Description: This is a digitally signed message part
[Dovecot] dovecot bulletins?
As a long term user of qpopper with bulletins, I'd like to know if the bulletin feature is planned for dovecot? I really miss bulletins :-), this is very convenient way of providing information to users. Best regards, MU
Re: [Dovecot] dovecot bulletins?
On Tue, 2009-01-20 at 22:57 +0100, Maciej Uhlig wrote: As a long term user of qpopper with bulletins, I'd like to know if the bulletin feature is planned for dovecot? I really miss bulletins :-), this is very convenient way of providing information to users. What exactly are they? I guess a global file that is served as a message for all users? That's more difficult to implement with IMAP than with POP3. One possibility would be to use v1.2 and its virtual mailboxes. Create a virtual INBOX from user's real INBOX and the global bulletin mailbox. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot bulletins?
Timo Sirainen: What exactly are they? I guess a global file that is served as a message for all users? Right. With POP3 it is served once - after first user login after the message was placed in bulletin database (just a plaintext file in a directory, for instance). That's more difficult to implement with IMAP than with POP3. You know better, but... just place incoming (bulletin) mail in INBOX. One possibility would be to use v1.2 and its virtual mailboxes. Create a virtual INBOX from user's real INBOX and the global bulletin mailbox. Sounds promising. We'll give it a try some day :-) Best regards, MU
[Dovecot] Imap auth problems
Hi, We're having some really weird auth problems trying to setup a very basic dovecot imap server. Even stranger is that we don't see any of the debug information in the logs even though we've set all the debug options to true. Can anybody provide some suggestions. Thanks, -Noah -- Our log files just show this: dovecot: Jan 20 14:09:20 Info: imap-login: Disconnected (no auth attempts): rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx dovecot: Jan 20 14:09:20 Info: imap-login: Disconnected (no auth attempts): rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx dovecot: Jan 20 14:09:21 Info: auth(default): new auth connection: pid=14706 dovecot: Jan 20 14:09:21 Info: auth(default): new auth connection: pid=14707 Our dovecot -n is: # 1.1.8: /usr/local/etc/dovecot.conf # OS: FreeBSD 6.2-RC2 i386 log_path: /var/log/dovecot info_log_path: /var/log/dovecot protocols: imap pop3 ssl_disable: yes verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login first_valid_gid: 0 mail_location: maildir:~/Maildir mail_debug: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape- eoh tb-extra-mailbox-sep imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(pop3): auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: /usr/local/etc/dovecot.passwd userdb: driver: passwd-file args: username_format=%n /usr/local/etc/dovecot.passwd smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] dovecot bulletins?
On Tue, 2009-01-20 at 23:18 +0100, Maciej Uhlig wrote: Timo Sirainen: What exactly are they? I guess a global file that is served as a message for all users? Right. With POP3 it is served once - after first user login after the message was placed in bulletin database (just a plaintext file in a directory, for instance). That's more difficult to implement with IMAP than with POP3. You know better, but... just place incoming (bulletin) mail in INBOX. Well, okay, I was thinking about a way to not duplicate the message to everyone's mailbox. And I guess with virtual mailboxes there's the problem that users can't then delete the message (or it gets deleted for everyone). So what you want is a mailing list for your users without actually going through MTA. Shouldn't be too difficult to implement as a plugin I guess. You'd mainly just need to somehow keep track of what messages have been delivered to the user. You could maybe even implement this as a shell script with http://wiki.dovecot.org/PostLoginScripting although of course then users who have long running imap sessions won't see the bulletins until they reconnect. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Imap auth problems
On Tue, 2009-01-20 at 14:19 -0800, Noah Silverman wrote: Even stranger is that we don't see any of the debug information in the logs even though we've set all the debug options to true. .. dovecot: Jan 20 14:09:20 Info: imap-login: Disconnected (no auth attempts): rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx The client simply disconnects without even attempting to log in. ssl_disable: yes The client has no way of logging in, because you you've disabled SSL and by default plaintext authentication is also disabled. You probably want to set disable_plaintext_auth=no. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Imap auth problems
That makes a lot of sense. Thanks!! -N On Jan 20, 2009, at 2:37 PM, Timo Sirainen wrote: On Tue, 2009-01-20 at 14:19 -0800, Noah Silverman wrote: Even stranger is that we don't see any of the debug information in the logs even though we've set all the debug options to true. .. dovecot: Jan 20 14:09:20 Info: imap-login: Disconnected (no auth attempts): rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx The client simply disconnects without even attempting to log in. ssl_disable: yes The client has no way of logging in, because you you've disabled SSL and by default plaintext authentication is also disabled. You probably want to set disable_plaintext_auth=no. smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] dovecot bulletins?
On Wed, 2009-01-21 at 08:28, Timo Sirainen wrote: On Tue, 2009-01-20 at 23:18 +0100, Maciej Uhlig wrote: Timo Sirainen: What exactly are they? I guess a global file that is served as a message for all users? Right. With POP3 it is served once - after first user login after the message was placed in bulletin database (just a plaintext file in a directory, for instance). That's more difficult to implement with IMAP than with POP3. You know better, but... just place incoming (bulletin) mail in INBOX. Not exactly the same, but vpopmail does similar, one real message file and every user gets a symlink to it, that way the user gets the message but only that users symlink is removed in delete.
Re: [Dovecot] dovecot bulletins?
On 1/20/2009 5:44 PM, Timo Sirainen wrote: Well, okay, I was thinking about a way to not duplicate the message to everyone's mailbox. And I guess with virtual mailboxes there's the problem that users can't then delete the message (or it gets deleted for everyone). A shared mailbox named 'Bulletins' that has unique seen flags would accomplish this... except for being able to actually delete them... no? Or being visible to POP3 users. Oh, right... haven't used POP (why would anyone choose to?) in so long I keep forgetting about all of its limitations... -- Best regards, Charles
[Dovecot] Dovecot shared quota with Maildir
Hello list, We are in the process of exploring the idea of moving from UFS with fs-quota to using softquotas in Dovecot (probably Maildir type, stored in LDAP, all ontop of NFS). I have it setup, and it works rather well so far. But there is one situation we can currently support, which I can not see a solution for with soft-quotas. Generally customers get 1 email, with 1 quota. But it is also possible for customers to get 1 quota, but create multiple mail accounts, all sharing the same quota. This is done by using the same UID for each account when using fs-quota. (It is not that each account gets a fraction of the quota, but that all accounts add up to the one quota). Is this still possible to do with soft-quotas. To share one set. Dovecot would have to go count files in multiple mail-directories so I would guess no. Lund -- Jorgen Lundman | lund...@lundman.net Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo| +81 (0)90-5578-8500 (cell) Japan| +81 (0)3 -3375-1767 (home)
[Dovecot] Active Directory authentication
Hello all I would like to ask if there is adequate mechanism to authenticate users through POP3 against Active Directory by Outlook Express so that users will authenticate seamlessly using logon credentials. I have implemented LDAP authentication but users must supply their credentials to Outlook Express although they have logged on to Windows (AD). the ntlm auth in Dovecot 1.1 (windind) satisies this requirement (no credentials in Outlook)? thanks Dimitrios
Re: [Dovecot] Active Directory authentication
On Wed, Jan 21, 2009 at 08:26:37AM +0200, Dimitrios Karapiperis wrote: I would like to ask if there is adequate mechanism to authenticate users through POP3 against Active Directory by Outlook Express so that users will authenticate seamlessly using logon credentials. I have implemented LDAP authentication but users must supply their credentials to Outlook Express although they have logged on to Windows (AD). the ntlm auth in Dovecot 1.1 (windind) satisies this requirement (no credentials in Outlook)? I don't know about Outlook Express, but I was unable to get Outlook 2007 to use login credentials, and my dovecot is configured to support NTLM, SPNEGO and GSSAPI :( Thunderbird on Windows will use the login credentials if dovecot supports GSSAPI and has the proper kerberos setup. Check use secure authentication or somesuch. Jason
Re: [Dovecot] deliver rejection bounces
On T 20 Jan, 2009, at 12:38 , Steffen Kaiser wrote: So you can hack sendmail. Exim, too, if I remember correctly. I would not call that hack in exim case though. It is possible to avoid all backscatter, first of all by avoiding delivery by an external programme*. This will still leave the possibility of a failure in forwarding, but by changing the envelope sender to the local administrator address (setting errors_to in the delivering routers) even a failure in forwarding will only cause a locally delivered failure report. There is no excuse for backscatter and whoever causes it will likely and rightly end up in some blacklist, local or distributed, sooner or later. Giuliano
Re: [Dovecot] help on writing a rule for perventing spam
On W 21 Jan, 2009, at 06:34 , Sophia Alikhani wrote: Hi I used qmail + dovecot-1.1.7 + dovecot-sieve + now everything works well but there are many spam in Bulk folders from every user address to their address for example from us...@mydomain to us...@mydomain in the real the sender and reciever are the same . they are spam but since everyday , everyvirtual user has many of these spams in their Bulk i need a rule in dovecot.sieve to prevent them Can anybody help me for writing this rule. you are much better off rejecting those even before seing the DATA, if that address is in the envelope sender, or after, if it is only in the From: message header. No need to accept them, so no need for dovecot to even see them. So this is an issue you should take, if necessary, to the mailing list of your MTA of choice. Giuliano
