Re: spool move/rename question
On 10/8/23 20:40, Michael Orlitzky wrote: We have an existing user with a lot of mail that we need to move from one domain to another. Our mail system is database-backed so changing the account is trivial, but can I just move the directory from the structure above from one directory to another and expect everything to be ok? Or is there a better approach? (of course I'll do a backup first) Moving the directory works fine. Perfect, that's exactly what I needed to know. Thanks! The database part can be trickier than it seems at first. Don't forget to update the aliases both to and from the renamed user. You might also need to update the databases for any webmail or caldav/carddav applications you run. And if you're using mysql, I haven't checked in a few years, but it didn't used to enforce foreign key constraints or support cascading updates, so beware that updating one table may not automatically update dependent tables. The database part isn't an issue; I designed the schema. Thanks for the heads-up though. Thanks, -Dave -- Dave McGuire, AK4HZ New Kensington, PA ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: spool move/rename question
On 10/8/23 11:27, Dave McGuire wrote: Hi folks. Our mail server's spools are structured like this: /var/mail// We have an existing user with a lot of mail that we need to move from one domain to another. Our mail system is database-backed so changing the account is trivial, but can I just move the directory from the structure above from one directory to another and expect everything to be ok? Or is there a better approach? (of course I'll do a backup first) I probably should've mentioned that the only thing that touches the spools is dovecot; I'm using dovecot's lda for receiving mail. -Dave -- Dave McGuire, AK4HZ New Kensington, PA ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
spool move/rename question
Hi folks. Our mail server's spools are structured like this: /var/mail// We have an existing user with a lot of mail that we need to move from one domain to another. Our mail system is database-backed so changing the account is trivial, but can I just move the directory from the structure above from one directory to another and expect everything to be ok? Or is there a better approach? (of course I'll do a backup first) Thanks, -Dave -- Dave McGuire, AK4HZ New Kensington, PA ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Pay Someone to Take My Online Course?1
On 10/5/23 20:27, N wrote: I hope you guys took care of the spam from Xotawa earlier today. Also just as an FYI it looks like google is going to be changing their requirements for bulk-mail and mailing list senders effective February 2024. They have a notice on their blog with the specific requirements in the support knowledgebase (linked from their blog post). Also, randomly some of the responses from this mailing list are regularly hitting my spam folder. I count 3 from today, Ironically Xotawa was the only one that got through. Mailing list maintainers, if you aren't already using their postmaster tools you should check out https://support.google.com/mail/answer/9981691 In our experience their postmaster tools, registration, etc etc do absolutely nothing. They're getting the point across loud and clear that they want our mail to data-mine too. Their users are, for the most part, blissfully ignorant of this BS. All they know is "I get very little spam", while legitimate email gets ditched, and complaints fall on deaf ears. They have no motivation whatsoever to be a better player. 20+ years ago, us ISP network admins would sit around and daydream about what would happen if Google ever turned evil. Now we know. -Dave -- Dave McGuire, AK4HZ New Kensington, PA ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot username with domain
On 9/19/23 16:34, Michael Grant wrote:
Heya mgrant, been a long time!
Very! Will hit you off-list.
:-)
If you're using a database for authentication, you can do this sort of
translation past using stored functions in MySQL. Queries look something
like this:
password_query = SELECT userid AS username, domain, password FROM mail_users
WHERE userid = addr_to_uname('%u') AND domain =
addr_to_domain_or_default('%u', 'domain.com')
...
Thanks, I was hoping for something less complicated. I found
auth_username_format %n
which drops the domain if supplied. Unfortunately my imap username
isn't 'mgrant'. Probably i could make this work if there was no other
way. This forces me to have my IMAP password the same as my unix
password.
I probably should move to virtual users for everyone on my box but
that's not so easy. I was hoping there was some way i could translate
individual users which would make this transition easier.
You can use that technique, though, to implement any sort of
translation table that you could build into an SQL query. Just a
suggestion.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot username with domain
On 9/19/23 15:51, Michael Grant via dovecot wrote:
I've been using dovecot using system usernames (my unix uname as my
IMAP username). But today I tried New Outlook which requires the imap
username match my email address.
Is there some way to tell dovecot that username@host is the same as uname?
(where username@host is an email address and uname is a unix login
which might be completely different).
Heya mgrant, been a long time!
If you're using a database for authentication, you can do this sort
of translation past using stored functions in MySQL. Queries look
something like this:
password_query = SELECT userid AS username, domain, password FROM
mail_users WHERE userid = addr_to_uname('%u') AND domain =
addr_to_domain_or_default('%u', 'domain.com')
One of the functions is something like this:
DELIMITER ?
CREATE FUNCTION addr_to_domain_or_default (userid VARCHAR(255),
default_domain VARCHAR(255)) RETURNS VARCHAR(255) DETERMINISTIC
BEGIN
DECLARE at_pos INT;
DECLARE addr_out VARCHAR(255);
SELECT LOCATE('@', userid) INTO at_pos;
IF at_pos = 0 THEN
CASE userid
WHEN 'user1' THEN SET addr_out = 'domain1.com';
WHEN 'user2' THEN SET addr_out = 'domain2.com';
ELSE SET addr_out = default_domain;
END CASE;
ELSE
SELECT SUBSTRING(userid, at_pos + 1) INTO addr_out;
END IF;
RETURN addr_out;
END ?
DELIMITER ;
--
This isn't exactly the functionality you want, but it illustrates the
kinds of translations that can easy be done on the database side. I've
been using a scheme like this for many years with great results.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Roundcube
On 9/7/23 17:00, joe a wrote: Any known issues with installing/running roundcube and dovecot on the same server? I'm running two such installations; no difficulty. -Dave -- Dave McGuire, AK4HZ New Kensington, PA ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: The end of Dovecot Director?
It would certainly be a shame if that sort of thing started happening with Dovecot. Since day one, the Dovecot community has always been very pleasant, friendly, and drama-free. If forks start happening due to profiteering, that will irrevocably change the Dovecot community, with feelings of broken trust. That would be a shame. No one decries the commercial side of Dovecot wanting to make money. Timo and others have worked very hard on this project for many years. I was a very early adopter of Dovecot, a refugee from (the awful) Cyrus IMAP server, and I watched it grow up to be a highly useful and widely respected package. Creating a commercial version to reward the developers and fund future development is fine; I applaud it. But it really smells like the current move with Director is crossing a line. Those in charge of making this decision would do well to pay very close attention here. -Dave On 11/2/22 12:46, Jan Hugo Prins wrote: I think the only thing they will gain is a community that is angry and will in the end leave the product / fork the complete product. Jan Hugo On November 2, 2022 5:39:53 PM GMT+01:00, Brad Schuetz wrote: On 11/2/22 03:54, Aki Tuomi wrote: On 02/11/2022 11:55 EET Frank Wall wrote: On 2022-11-02 09:11, Aki Tuomi wrote: You can also see the email sent by others which shows how you can do this without replication, using proxy and passdb to direct users to right backend. Which is basically what director does. It's not the same thing. It is not critical functionality. You can feasibly run a two-node dovecot system on NFS without having director. It seems to be critical enough to offer a replacement for paying customers, while at the same time leaving the community edition with no valid replacement. Ciao - Frank Can you tell me what kind of functionality you are unable to achieve with the passdb solution? Aki Can you tell us what you are gaining (other than monitarily) by removing a completely functionally working feature that numerous people are using? Adding new paid features is one thing (i.e. nginx), taking away a feature to replace it with a paid feature is something completely different. -- Brad -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Dave McGuire, AK4HZ New Kensington, PA
Re: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
On 10/11/22 07:42, hi@zakaria.website wrote: Another update yet with a solution. I found the causing issue with DKIM and DMARC failure when a signed email pass through mailing list such as dovecot as I expected, it has nothing to do with the mailing list but it's to do with DKIM signing headers set. It's due to one of or several headers in the DKIM signing set, getting added or modified after signing at dovecot end. Anyhow, here is the DKIM signing headers set in this mailing list, that it should work and it will prevent the batch of DMARC emails and bad signature from happening again. from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references Please forgive me for jumping in, but I just noticed this. I (like many others) have issues with mailing lists and the flurry of DMARC emails after posting. I'm using OpenDKIM. There's a lot of material out there about proper configuration of DKIM, but nothing really definitive, with lots of "it depends on your requirements" type of noncommittal crap. Email use cases don't differ THAT much. So does what you said above mean that you've come up with a working configuration to address the issue of mailing lists causing DKIM to barf due to header modifications? If so, can you tell me more about specifically what you're doing, like which headers you're signing and how? I've been at my wits' end with this for some time; DKIM (and SPF etc etc) seem to be really quite awful overall. Thanks, -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: [EXTERNAL] Re: Client for a Windows User ?
"Windows" and "behave" in the same sentence is pretty funny to begin with. Millions of people use Thunderbird with Dovecot with no issues, myself included, at this very moment. (are you the same Dan White who used to work for me, by the way?) -Dave On 9/13/22 12:10, White, Daniel E. (GSFC-770.0)[AEGIS] wrote: Not helpful. Which ones, if any, behave with Dovecot ? I notice that Thunderbird is not listed. From: dovecot on behalf of Narcis Garcia Date: Tuesday, September 13, 2022 at 12:07 To: Dovecot SPM Subject: [EXTERNAL] Re: Client for a Windows User ? https://gcc02.safelinks.protection.outlook.com/?url=https://en.wikipedia.org/wiki/Category:Windows_email_clientsdata=05|01|daniel.e.wh...@nasa.gov|b3ca2f99a64e42c46b5308da95a219e6|7005d45845be48ae8140d43da96dd17b|0|0|637986820715805399|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||sdata=ImhiXM1VB6jZv1juiyg0lFeCvD9Izft27B74qyfVFZ8=reserved=0 Narcis Garcia __ I'm using this dedicated address because personal addresses aren't masked enough at this mail public archive. Public archive administrator should fix this against automated addresses collectors. El 13/9/22 a les 18:01, White, Daniel E. (GSFC-770.0)[AEGIS] ha escrit: Specifically, Windows 2016 server I suggested Thunderbird. Is there anything else ? Is this current ? https://gcc02.safelinks.protection.outlook.com/?url=https://wiki.dovecot.org/Clientsdata=05|01|daniel.e.wh...@nasa.gov|b3ca2f99a64e42c46b5308da95a219e6|7005d45845be48ae8140d43da96dd17b|0|0|637986820715805399|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||sdata=pKJenoDD3uT9v9e1izVN1DFdHNZqfpGkNYiM3EO5OmM=reserved=0 -- Dave McGuire, AK4HZ New Kensington, PA
Re: banning, was Re: Non-user logins?
On 1/8/22 12:12 PM, John Fawcett wrote: On 08/01/2022 17:22, Dave McGuire wrote: On 1/8/22 8:57 AM, John Fawcett wrote: yes, blocking on the first wrong password sounds like overkill. But it does depend on user base. For a small mail server with few known users it could be workable. It may be overkill for your network, but it's not overkill for mine. But even on small servers I'd recommend blocking for a small time (like up to an hour) after a small number of failures (example 3). Then if this pattern repeats (for example 3 times) within a longer period (for example up to a day), blocking for a longer period (example 1 week) using the recidive jail. My mail server is a small one with about 135 users, a corporate network. NONE of them actually type their password when they're checking their mail. They type it exactly once when they set up the account in their mail client(s), like everyone else in the world for the past decade or more. Mileage will vary depending on user base and number of support requests generated. The point about fail2ban is that it slows down attackers stopping infinite and fast repeating attacks from the same ip. That should be in combination with a good password policy which reduces the probability of any single attack guessing the password. It doesn't necessarily have to zero out attacks. As Dave has experimented, to bypass fail2ban all the attacker has to do is use a different ip. 10-15K blocks in place at any time seem very high compared to the few attacks I see. Sigh. I don't "experiment" with production networks. I set up a banning policy that works for the attack patterns that I see in my logs, and that work with my user base. As I explained to the other guy who decided that how I run my network is wrong, I'm not new at this. Any attack mitigation strategy has to begin with observation and rational thought. Network security is no place for guesswork or assumptions. I'd hazard a guess that the restrictive fail2ban policy is causing the attacker(s) to try immediately from a new ip and isn't generating a great deal more security than a slightly less restrictive policy which lures the attacker into trying a few times more from the same ip with longer intervals between the attempts. I wasn't asking for a critique of my configuration; I explained my approach to a new user who came here looking for help. Which is the last time I'll do THAT on this list, by the way. But since you brought it up, the attack pattern that I see most frequently is a single IP address trying different, obviously algorithmically-generated usernames at long intervals, many seconds to many hours, and in some cases a day or more. This started around 2014 or so, and has persisted and grown. The approach that you describe above seems to make sense on the surface, but looking at actual logs doesn't support the idea. The "attackers" in this case are almost exclusively little programs thrown together by kids and run from zombie Windows boxes on clueless users' home networks organized as botnets. This pattern is visible when the same sequences of generated usernames start appearing from different IP addresses within hours of each other. Some of the more advanced stuff has the adaptive behaviors that you describe, but not many. These script k1ddiez are trolling for low-hanging fruit to get bank account info etc out of peoples' mail accounts. These are almost never focused attacks from one motivated, knowledgeable person trying hard to get into one user's mail. So, hazard all the guesses you like, I will continue to develop banning strategies for my servers which fit the attacks that I observe through direct analysis of my logs. Now, please don't misunderstand, I actually do appreciate the thought and intention behind your unsolicited advice. But, for future reference, don't assume that someone doesn't know what they're doing just because their approach differs from either your approach for your own network, or your guesses about theirs. -Dave, pre-coffee Dave no one is telling you how to run your server or offering you unsolicited advice but on a public mailing list there can be multiple points of view about a topic and there may be not be a single right way to do something. There is no reason then to take this as someone telling you that how you run your network is wrong or to avoid participating in future. Well thanks for that, but perhaps you should re-read what you sent that prompted my (admittedly rather sour) reply. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Can't log in from Evolution or Roundcube
On 1/8/22 3:04 PM, William Edwards wrote: After that's working, then move on to Roundcube. Look in Roundcube's config.inc.php file. Where that file is located is system-dependend; mine is in /opt/local/etc/roundcube, which is specific to SmartOS. Parameter "$config['db_dsnw']" is the DSN for your database connection. This is the format of that configuration variable: $config['db_dsnw'] = 'mysql://USERNAME:PASSWORD@SERVER/DATABASE'; You're running MariaDB, which is a fork of MySQL, so I'm guessing that Roundcube doesn't differentiate between the two, so the "mysql" above is probably correct. Check the docs if that fails. Obviously, the words in uppercase must be correct for your installation. "SERVER" might be "localhost" for you. (it isn't for me) AFAIK, the error "Connection to storage server failed" only occurs when Roundcube can't connect to IMAP (in this case, Dovecot). If there's a database issue, Roudcube should show the message "Unable to connect to the database!". Rummaging through the source code, I see that you are indeed correct. Thank you for that clarification. One quick thing to check: Did you issue a "flush privileges" command to MariaDB after creating the account for Roundcube to use? FWIW, that hasn't been needed for quite some time when not directly manipulating mysql.users (i.e. using `CREATE USER`). I had heard that, but not knowing: - what release of MySQL obviated that long-standing requirement - when MariaDB forked from MySQL - what release of anything the OP is running - how the OP chose to manipulate the grant tables ...I chose to make the recommendation for the sake of safety, as it's cheap to try. Now maybe we can get back to the OP's actual problems, which nobody else seems to be interested in today. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Can't log in from Evolution or Roundcube
On 1/8/22 11:27 AM, Ken Wright wrote: MariaDB. Now it's time for me to clarify. The "source stream returned no data" error is in Evolution; the "connection to storage server failed" is in Roundcube. So I'm seeing similar errors in two different email clients trying to get to the same server. I know there are any number of reasons for a failed connection to Dovecot, but I just don't have the experience to figure this one out. Understood. There's enough expertise here to get you going. First, ignore the superficial similarity of the errors and diagnose/address them individually. Get one mail client working via IMAP. For Evolution's "source stream returned no data", ignore my previous suggestion about web browser SSL vs. non-SSL, as that's not relevant to Evolution. The error looked very familiar to me at first; it probably came from the same library as whatever I was working with when I hit that. (probably libssl) Go into the mail account configuration in Evolution and check the settings there. I don't use Evolution so I can't direct you more specifically, but what to pay attention to here is the connection settings and port numbers. I'm guessing (hazardously) that the port number or SSL method is incorrect. Make sure to distinguish between SSL and TLS (STARTTLS). Concentrate on getting that working first; don't get distracted from it. After that's working, then move on to Roundcube. Look in Roundcube's config.inc.php file. Where that file is located is system-dependend; mine is in /opt/local/etc/roundcube, which is specific to SmartOS. Parameter "$config['db_dsnw']" is the DSN for your database connection. This is the format of that configuration variable: $config['db_dsnw'] = 'mysql://USERNAME:PASSWORD@SERVER/DATABASE'; You're running MariaDB, which is a fork of MySQL, so I'm guessing that Roundcube doesn't differentiate between the two, so the "mysql" above is probably correct. Check the docs if that fails. Obviously, the words in uppercase must be correct for your installation. "SERVER" might be "localhost" for you. (it isn't for me) One quick thing to check: Did you issue a "flush privileges" command to MariaDB after creating the account for Roundcube to use? See how far that gets you and report back. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
banning, was Re: Non-user logins?
On 1/8/22 8:57 AM, John Fawcett wrote: yes, blocking on the first wrong password sounds like overkill. But it does depend on user base. For a small mail server with few known users it could be workable. It may be overkill for your network, but it's not overkill for mine. But even on small servers I'd recommend blocking for a small time (like up to an hour) after a small number of failures (example 3). Then if this pattern repeats (for example 3 times) within a longer period (for example up to a day), blocking for a longer period (example 1 week) using the recidive jail. My mail server is a small one with about 135 users, a corporate network. NONE of them actually type their password when they're checking their mail. They type it exactly once when they set up the account in their mail client(s), like everyone else in the world for the past decade or more. Mileage will vary depending on user base and number of support requests generated. The point about fail2ban is that it slows down attackers stopping infinite and fast repeating attacks from the same ip. That should be in combination with a good password policy which reduces the probability of any single attack guessing the password. It doesn't necessarily have to zero out attacks. As Dave has experimented, to bypass fail2ban all the attacker has to do is use a different ip. 10-15K blocks in place at any time seem very high compared to the few attacks I see. Sigh. I don't "experiment" with production networks. I set up a banning policy that works for the attack patterns that I see in my logs, and that work with my user base. As I explained to the other guy who decided that how I run my network is wrong, I'm not new at this. Any attack mitigation strategy has to begin with observation and rational thought. Network security is no place for guesswork or assumptions. I'd hazard a guess that the restrictive fail2ban policy is causing the attacker(s) to try immediately from a new ip and isn't generating a great deal more security than a slightly less restrictive policy which lures the attacker into trying a few times more from the same ip with longer intervals between the attempts. I wasn't asking for a critique of my configuration; I explained my approach to a new user who came here looking for help. Which is the last time I'll do THAT on this list, by the way. But since you brought it up, the attack pattern that I see most frequently is a single IP address trying different, obviously algorithmically-generated usernames at long intervals, many seconds to many hours, and in some cases a day or more. This started around 2014 or so, and has persisted and grown. The approach that you describe above seems to make sense on the surface, but looking at actual logs doesn't support the idea. The "attackers" in this case are almost exclusively little programs thrown together by kids and run from zombie Windows boxes on clueless users' home networks organized as botnets. This pattern is visible when the same sequences of generated usernames start appearing from different IP addresses within hours of each other. Some of the more advanced stuff has the adaptive behaviors that you describe, but not many. These script k1ddiez are trolling for low-hanging fruit to get bank account info etc out of peoples' mail accounts. These are almost never focused attacks from one motivated, knowledgeable person trying hard to get into one user's mail. So, hazard all the guesses you like, I will continue to develop banning strategies for my servers which fit the attacks that I observe through direct analysis of my logs. Now, please don't misunderstand, I actually do appreciate the thought and intention behind your unsolicited advice. But, for future reference, don't assume that someone doesn't know what they're doing just because their approach differs from either your approach for your own network, or your guesses about theirs. -Dave, pre-coffee -- Dave McGuire, AK4HZ New Kensington, PA
banning, was Re: Non-user logins?
On 1/8/22 8:26 AM, dc...@dvl.werbittewas.de wrote: trying to mess with other peoples' stuff. I run fail2ban to catch those log entries and block the source IP address for a month on the first failed login. At any one time I have between 12,000 and 15,000 well, I don't know how _your_ users are connected to the internet, but in germany most people has at least daily changing IPs out of larger pools (when connected via xDSL) or even sometimes shares ip-addresses with others (when connected via tv-cable or mobile - having a private network-address, which is natted), so it's possible to get/use an IP, which was used before by some script-kiddies... Obviously. However, my users are nearly all on static IP addresses. btw.: setting up a new mail-client and making any mistake by reading it from old install or writing it into new install also leads to a months-blocking with above restrictive handling... (any may drive this user mad) Again, "obviously". May mail server is not new; I was not the OP on this thread who came here looking for help. so anyone, who has no experience with blocking should be really careful with it. That's good advice for everything, not just blocking. My first experience with blocking was on a Cisco AGS in 1994, buddy. Not a n00b. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Can't log in from Evolution or Roundcube
On 1/8/22 12:28 AM, Ken Wright wrote:
When I try to log in to my mail server (ubuntu 20.04, Postfix
3.4.13, Dovecot 2.3.7.2) I get a response saying "Source stream
returned no data”. At least to me, that's not particularly
informative. Is it any more informative to anyone else?
The last time I hit that, I'm pretty sure it was because I
was going to port 80 instead of port 443 to reach Roundcube.
I'm using port 143 for receiving and 587 for sending; I didn't
think 443 was for email. Am I mistaken? (Not at all unlikely!)
Nono, for your web browser's connection to Roundcube. I could be
barking up the wrong tree here, but I'm pretty sure that's the error
I hit.
Thanks for the clarification. I just tried Roundcube again, and got
the error "Connection to storage server failed." I also checked the
nginx script for Roundcube and commented out the references to port 80,
then restarted nginx. Same error. So I tend to think it's a server
issue, not a client issue. Does that make any sense?
It makes sense, but that's a different error than the one you got
before. This new error looks like a Roundcube configuration problem,
having to do with either its connection to Dovecot or possibly a
back-end database server. (MySQL?)
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
Re: Can't log in from Evolution or Roundcube
On 1/7/22 11:58 PM, Ken Wright wrote: When I try to log in to my mail server (ubuntu 20.04, Postfix 3.4.13, Dovecot 2.3.7.2) I get a response saying "Source stream returned no data”. At least to me, that's not particularly informative. Is it any more informative to anyone else? The last time I hit that, I'm pretty sure it was because I was going to port 80 instead of port 443 to reach Roundcube. I'm using port 143 for receiving and 587 for sending; I didn't think 443 was for email. Am I mistaken? (Not at all unlikely!) Nono, for your web browser's connection to Roundcube. I could be barking up the wrong tree here, but I'm pretty sure that's the error I hit. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Can't log in from Evolution or Roundcube
On 1/7/22 11:46 PM, Ken Wright wrote: When I try to log in to my mail server (ubuntu 20.04, Postfix 3.4.13, Dovecot 2.3.7.2) I get a response saying "Source stream returned no data”. At least to me, that's not particularly informative. Is it any more informative to anyone else? The last time I hit that, I'm pretty sure it was because I was going to port 80 instead of port 443 to reach Roundcube. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Non-user logins?
On 1/7/22 11:35 PM, Ken Wright wrote: My Dovecot issues continue. Right now I see at least two issues: first, my logs consistently show non-users trying (and failing) to log in, and I'm still unable to log in from my email client (Evolution or Roundcube, either one). I'll post about the second issue later; right now I wonder why I'm getting so many non-users trying to log in. Am I the subject of concerted hacking attacks, or is there something else going on? Some of the attempted logins are more-or-less random names claiming to be @mydomain, but at least one is a username that's really on my server, to wit: Jan 7 22:52:01 grace dovecot: lmtp(776281): Error: lmtp-server: conn unix:pid=776262,uid=117 [3]: rcpt www-d...@mydomain.com: Failed to lookup user www-d...@mydomain.com: Internal error occurred. Refer to server log for more information. (Another quick question: which server log should I check?) So, if anyone can tell me what's going on with all these logins, I'd be much obliged! I see them all the time on the mail servers I run. Typical kids trying to mess with other peoples' stuff. I run fail2ban to catch those log entries and block the source IP address for a month on the first failed login. At any one time I have between 12,000 and 15,000 addresses in my blocked list for IMAP. Dave, that's exactly the kind of answer I was looking for. Fail2ban, huh? I'll have to check that out. I run it under Solaris (SmartOS), but it's available on most platforms now. Thanks again! I'm happy to be of assistance. Good luck. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Non-user logins?
On 1/7/22 11:24 PM, Ken Wright wrote: My Dovecot issues continue. Right now I see at least two issues: first, my logs consistently show non-users trying (and failing) to log in, and I'm still unable to log in from my email client (Evolution or Roundcube, either one). I'll post about the second issue later; right now I wonder why I'm getting so many non-users trying to log in. Am I the subject of concerted hacking attacks, or is there something else going on? Some of the attempted logins are more-or-less random names claiming to be @mydomain, but at least one is a username that's really on my server, to wit: Jan 7 22:52:01 grace dovecot: lmtp(776281): Error: lmtp-server: conn unix:pid=776262,uid=117 [3]: rcpt www-d...@mydomain.com: Failed to lookup user www-d...@mydomain.com: Internal error occurred. Refer to server log for more information. (Another quick question: which server log should I check?) So, if anyone can tell me what's going on with all these logins, I'd be much obliged! I see them all the time on the mail servers I run. Typical kids trying to mess with other peoples' stuff. I run fail2ban to catch those log entries and block the source IP address for a month on the first failed login. At any one time I have between 12,000 and 15,000 addresses in my blocked list for IMAP. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Looking for a guide to collect all e-mail from the ISP mail server
On 10/26/20 11:24 AM, Gregory Heytings wrote: Your data is stored confidentially by Google, obviously. Otherwise nobody would use their services. My keyboard is now COMPLETELY saturated with coffee. Some hit my display this time, too. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Looking for a guide to collect all e-mail from the ISP mail server
On 10/26/20 11:07 AM, Marc Roos wrote: > It's hard to imagine anyone being that dumb, but then this society has been surprising me a lot in recent years. If I tell some woman in the store that she is about to buy an energy drink promoted by/having a picture of a convicted rapist. They look at me weird and the most stupid response I got was 'but I am not buying it for myself'. coffee -> keyboard -- Dave McGuire, AK4HZ New Kensington, PA
Re: Looking for a guide to collect all e-mail from the ISP mail server
On 10/26/20 11:09 AM, Gregory Heytings wrote: I too would strongly advise you to use Google Workspace (the recent new name for G Suite, previously known as Google Apps). It's cheap, very reliable, and has all features you can dream of, including an autoresponder. It's unrealistic to think that it's possible to beat a service that costs a mere USD 6 / user / month (and is free for nonprofits!). You're advocating I'm not advocating, I give the OP an advice, which he is (and you are) free to ignore. And now you're splitting hairs on terminology. This suggests a particular approach to an disagreement, and is not doing you any good. storing confidential business or personal data on the servers of the world's largest data mining company, and one that is rapidly becoming quite evil. That's nonsense. I will give one example: Airbus, the European aerospace corporation, uses Google Workspace. If there is one single company in the world that would have every possible reason to not store their "confidential business data" on the servers of an American company, it's Airbus. Yet they do it. I'm sure they do. Are you now suggesting that mega-corporations only ever do things in the best or smartest way? I can point out examples of people and corporations doing stupid things all day long. There are LOTS of examples, everywhere. This doesn't mean they're not stupid. I'm sorry buddy, your credibility hit rock bottom in your first post, and your subsequent posts aren't helping. Have a nice day. *plonk* -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Looking for a guide to collect all e-mail from the ISP mail server
On 10/26/20 10:26 AM, Gregory Heytings wrote: I too would strongly advise you to use Google Workspace (the recent new name for G Suite, previously known as Google Apps). It's cheap, very reliable, and has all features you can dream of, including an autoresponder. It's unrealistic to think that it's possible to beat a service that costs a mere USD 6 / user / month (and is free for nonprofits!). You're advocating storing confidential business or personal data on the servers of the world's largest data mining company, and one that is rapidly becoming quite evil. It's hard to imagine anyone being that dumb, but then this society has been surprising me a lot in recent years. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: File manager or browser for IMAP?
On 9/23/19 8:36 PM, Steve Litt via dovecot wrote: > Thunderbird is an absolute pig, taking hours to load my Dovecot IMAP. > Claws-mail is good, but I have some problems with it. Alpine appears > not to be ready for prime time to act as a window into IMAP. Same with > the rest I've tried. Wha...? Alpine/Pine have implemented IMAP for decades; that was one of the first IMAP implementations to see widespread use. In what way does it appear to "not be ready for prime time"? -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: mremap_anon() failed: Not enough space
On 6/20/19 6:07 AM, @lbutlr via dovecot wrote: >> Jun 19 14:47:31 dovecot: [ID 583609 local0.error] >> imap(): Error: >> mremap_anon(/var/mail///mailboxes/INBOX/Trash/dbox-Mails/dovecot.index.cache, >> 27632) failed: Not enough space >> >> I'm running 2.2.36.1 under Solaris 10 (patched to current) on >> UltraSPARC. There's plenty of memory, plenty of swap, and plenty of >> disk, but this is a fairly busy mail server. > > Are you sure there is plenty of space on /var/mail/ ? Because that should > only show up when the mount point is full. Yes, there's about 3TB available there. > Also, what is your definition of “plenty”? (I have some index files in the > 50MB range, and I am sure there are people with indexes much larger than > that). The index file in question was 255MB. In desperation, and watching the other thread going on about index files, I moved dovecot.index.cache aside and let it be re-created. No further issues have appeared in the log, and the new dovecot.index.cache file (created yesterday) has grown to about 120KB. The spool in question was about 3GB, with about 100K messages in it. I've never seen a dovecot.index.cache file grow so large; does that seem reasonable to you? -Dave -- Dave McGuire, AK4HZ New Kensington, PA
mremap_anon() failed: Not enough space
Hey folks. Suddenly I'm getting lots and lots of messages like this
in my logs:
Jun 19 14:47:31 dovecot: [ID 583609 local0.error]
imap(): Error:
mremap_anon(/var/mail///mailboxes/INBOX/Trash/dbox-Mails/dovecot.index.cache,
27632) failed: Not enough space
I'm running 2.2.36.1 under Solaris 10 (patched to current) on
UltraSPARC. There's plenty of memory, plenty of swap, and plenty of
disk, but this is a fairly busy mail server.
Can anyone point me in the right direction? I'm guessing I have to
increase a vsz_limit somewhere, but where? It's not clear to me exactly
what is running out of what here. The output of doveconf -n is pasted
below.
Thanks,
-Dave
--
$ doveconf -n
# 2.2.36.1 (5d621cf65): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
# OS: SunOS 5.10 sun4v
# Hostname: mail.neurotica.com
auth_failure_delay = 5 secs
auth_mechanisms = plain login
base_dir = /var/run/dovecot/
debug_log_path = /var/log/dovecot-debug
disable_plaintext_auth = no
first_valid_uid = 200
login_access_sockets = tcpwrap
mail_fsync = never
mail_plugins = fts fts_solr
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext editheader
mdbox_rotate_size = 64 M
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox uncaught-spam {
auto = subscribe
special_use = \Junk
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
fts = solr
fts_solr = break-imap-search url=http://localhost:8983/solr/
sieve = /var/sieve-scripts/%u.sieve
sieve_dir = ~/sieve
sieve_extensions = +editheader
sieve_global_dir = /var/lib/dovecot/sieve/global/
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
}
protocols = imap pop3 sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
process_min_avail = 10
service_count = 10
vsz_limit = 512 M
}
service imap {
executable = /usr/local/libexec/dovecot/imap
vsz_limit = 512 M
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
process_min_avail = 1
service_count = 1
vsz_limit = 64 M
}
service managesieve {
process_limit = 10
}
service pop3-login {
process_min_avail = 10
service_count = 10
vsz_limit = 512 M
}
service pop3 {
executable = /usr/local/libexec/dovecot/pop3
}
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
ssl_cert =
Re: Storing Messages in the cloud
On 07/10/2018 09:23 AM, dcl...@list.jmatt.net wrote:
>> A colleague asked me if it was possible for Dovecot to store messages
>> in the cloud.
>
> Does he have a more specific description of what he wants than “in the
> cloud”, or does he just like using buzzwords? From a user perspective,
> I would say that Dovecot, or any other IMAP server, already stores
> messages “in the cloud”. They are on a remote server, accessible from
> any location by any device that has a functional IMAP client.
I'm glad someone else said it. ;) When I read the OP's message I just
sat there shaking my head. As for his colleague, the local McDonald's
is hiring.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
Re: questions about maildir to mdbox migration
On 09/28/2017 04:00 PM, Вадим Бажов wrote: > Hi there ! Please tell how did you do the migration ? I tried to do > this with dsync and performance was far from 'smooth and great'. I used dsync, and had no difficulties. Here is an excerpt from my notes: To change mail spool format for user@domain: Change spool type in dovecot.conf or in database, making note of original (current) spool type. Then: dsync -u "user@domain" mirror "spooltype:/spool/location" dsync -u "user@domain" mirror "spooltype:/spool/location" (repeat, to pick up any changes since first run) ---- -Dave -- Dave McGuire, AK4HZ New Kensington, PA
questions about maildir to mdbox migration
Hi folks! I converted some of the spools on my mail server from maildir to mdbox. It went smoothly and the performance has been great. However, I have two questions regarding the process. First, I failed to notice the fairly low default mdbox_rotate_size, and I changed it in dovecot.conf after the migration. Is it possible to somehow make that change retroactive, to coalesce the couple thousand "storage/m.*" files that are anywhere from a few hundred bytes up to a few megabytes, into a smaller number of larger files, without re-doing the migration? Second, I'd like to delete the old maildir files and directories to reclaim the space in the filesystem, but it's not clear to me which ones I can safely delete, i.e. ones upon which my new mdbox-based spools no longer depend. I know maildir uses new, tmp, and cur directories, but in the spool directory there are also files like dovecot-uidlist, dovecot-uidvalidity, dovecot.index.cache, dovecot.index.log, dovecot.mailbox.log, as well as separate directories for each of my mail folders containing their own new, tmp, and cur directories and their own dovecot* files. Can someone offer some guidance regarding which ones I can safely remove? Thanks, -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Minor patches for builds against ancient platforms
On 06/09/2017 05:13 PM, M. Balridge wrote: > I do know that this little box of horrors has 200-300MB mbox INBOXes on an > ext3 filesystem formatted in 2005. I am very nervous about converting them to > Maildir at this point. If I could get someone (or something) to the site and > replace it with something much more suitable, I could have these people join > the 21st Century. I for one am finding this thread extremely entertaining. I have to wonder how you'd sound if you came across a machine that was actually OLD. ;) -Dave -- Dave McGuire, AK4HZ New Kensington, PA
change mdbox rotation size?
Hey folks. Is it possible/advisable to change the mdbox rotation size on an operational mdbox spool? If so, is there any way to "repackage" (for the lack of a better term) an existing mdbox spool to a different rotation size? Thanks, -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Compiling Dovecot on Solaris 10
On 02/03/2017 03:22 PM, KSB wrote: A bit offtopic, but I'm interested what's the point of using so old OS (support still exists though)? Short version: It works. Long version: Solaris 10 is still supported; the production systems here are patched up to current as of last week. So while the base release is quite a few years old, the OS installed on these systems is considered current. When support and a current patch stream are no longer available, we will revisit our configuration. For these production systems, there is currently no need for any capability or feature that exists only in "newer" OS releases. When that changes, we will revisit our configuration. Until then, it's rock solid and does everything required of it. There are no problems to be addressed. At least here, we don't fix things that aren't broken. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Compiling Dovecot on Solaris 10
Same here Sun compiler v5.12 on SPARC. Built cleanly this morning. I'll be upgrading from 2.2.18 this afternoon. :) -Dave On 02/03/2017 05:36 AM, Martin Preen wrote: Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin Mantas Gegužis wrote: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me? -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen -- Dave McGuire, AK4HZ New Kensington, PA
Re: two listeners with different "driver = " configs
An elderly neighbor used to say crap like that to me every now and
then. On one particular occasion, I pointed out that I had conversed
with more than a dozen friends in half a dozen countries before
breakfast that day.
He doesn't say that anymore.
-Dave
On 01/01/2017 04:10 PM, Charles Marcus wrote:
> Or. maybe it is the holidays and people actually have a life?
>
> On December 31, 2016 4:38:53 AM EST, mj <li...@merit.unu.edu> wrote:
>> Hi,
>>
>> Does the lack of replies mean that what I'm asking is not possible?
>>
>> (or am I missing something SO obvious that nobody bothers to point it
>> out..?)
>>
>> MJ
>>
>> On 12/29/2016 09:23 PM, mj wrote:
>>> Hi,
>>>
>>> I would like to have two seperate imap listeners, with different
>>> authentication settings, but the mailstore and userbase etc will be
>>> identical.
>>>
>>> I know I can do this:
>>>
>>>> service imap-login {
>>>>inet_listener imap {
>>>> port = 143
>>>>}
>>>>inet_listener imap2 {
>>>> port = 144
>>>>}
>>>> }
>>>
>>> But I'm unsure how to configure imap/143 with "driver = ldap" and
>>> imap2/144 with "driver = pam"
>>>
>>> Just to explain why i would like this:
>>>
>>> I am using pam-script-saml (https://github.com/ck-ws/pam-script-saml)
>> to
>>> enable saml-based access to dovecot. I would like to have one
>> listener
>>> 144 to only serve this saml authentication listener, and the regular
>> 143
>>> listener with driver = ldap.
>>>
>>> Is that config possible?
>>>
>>> Best regards,
>>> MJ
>
--
Dave McGuire, AK4HZ
New Kensington, PA
Re: To what extent does/will Dovecot depend on systemd? was systemd changes...
On 02/22/2016 01:27 PM, aki.tu...@dovecot.fi wrote: >>>>> [snip] >>>>> >>>>>> The PID-File seems to be expected under yet another sub-dir >>>>>> of /var/run/dovecot. >>>>> I wasn't aware that any Dovecot functionalities have become dependent >>>>> on systemd. Is this discussion simply about the unit file and PID file >>>>> location for Dovecot under systemd's process manager, or is Dovecot >>>>> starting to acquire systemd dependencies that will make it difficult to >>>>> run without systemd in the future? >>>>> >>>>> February 2016 featured book: The Key to Everyday Excellence >>>>> http://www.troubleshooters.com/key >>>> We do not depend on systemd, but unit files are provided and >>>> automatically installed if enabled. >>> >>> That's excellent news, because hell will freeze over before systemd is >>> introduced to official slackware releases >> >> Or Solaris, for that matter. > > Thank you for your feedback on this matter. We will keep this in mind. Thank you Aki. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: To what extent does/will Dovecot depend on systemd? was systemd changes...
On 02/22/2016 06:31 AM, Noel Butler wrote: >>>> https://github.com/dovecot/core/commit/53cc71cae88ee81fd7eae47aed743496f8c884a2 >>>> >>> [snip] >>> >>>> The PID-File seems to be expected under yet another sub-dir >>>> of /var/run/dovecot. >>> I wasn't aware that any Dovecot functionalities have become dependent >>> on systemd. Is this discussion simply about the unit file and PID file >>> location for Dovecot under systemd's process manager, or is Dovecot >>> starting to acquire systemd dependencies that will make it difficult to >>> run without systemd in the future? >>> >>> February 2016 featured book: The Key to Everyday Excellence >>> http://www.troubleshooters.com/key >> We do not depend on systemd, but unit files are provided and >> automatically installed if enabled. > > That's excellent news, because hell will freeze over before systemd is > introduced to official slackware releases Or Solaris, for that matter. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: Thanks for Dovecot
On 10/13/2015 05:04 PM, Gedalya wrote: >> Thanks for making Dovecot. >> >> I just transitioned from Debian Wheezy to Void Linux. It was fairly >> easy to get Dovecot working on my Void box, and having Dovecot makes >> all of my email activities easier by doing one thing and doing it right. >> >> Thank you for such great software. >> >> SteveT > > Hey, you know what? It's never a bad time to join in and say a simple: > Thank you! Agreed! Thank you! -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: IP drop list
On 03/04/2015 02:12 PM, Michael Orlitzky wrote: I would like to reiterate Reindl Harald's point above, since subsequent discussion has gotten away from it. If Dovecot had DNS RBL support similar to Postfix, I think quite a few people would use it, and thereby defeat the scanners far more effectively than any other method. It is good that other people are suggesting things that will work today, but in terms of what new feature would be the best solution, I can't think of one better than a DNS RBL. Please add this support to iptables instead of Dovecot. It's a waste of effort to code it into every application that listens on the network. head explodes Would you care to integrate it into IOS on my Cisco as well? There are things connected to the Internet that aren't PCs running Linux, you know. It may be hard to accept, but that's the way it is. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: IP drop list
On 03/04/2015 03:37 PM, Oliver Welter wrote: I would like to reiterate Reindl Harald's point above, since subsequent discussion has gotten away from it. If Dovecot had DNS RBL support similar to Postfix, I think quite a few people would use it, and thereby defeat the scanners far more effectively than any other method. It is good that other people are suggesting things that will work today, but in terms of what new feature would be the best solution, I can't think of one better than a DNS RBL. Please add this support to iptables instead of Dovecot. It's a waste of effort to code it into every application that listens on the network. head explodes Would you care to integrate it into IOS on my Cisco as well? There are things connected to the Internet that aren't PCs running Linux, you know. It may be hard to accept, but that's the way it is. I assume your dovecot runs on some kind of *nix Of course. I run it under Solaris. so there should be some sort of netfilter available which you can put in front of your listening ports. There is. But I already have a firewall, running on bulletproof hardware that doesn't depend on spinning disks. I don't want to add ANOTHER firewall when I already have a perfectly good one. Besides, my mail server is built for...serving mail. Not being a firewall. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: IP drop list
On 03/04/2015 03:51 PM, Oliver Welter wrote: I would like to reiterate Reindl Harald's point above, since subsequent discussion has gotten away from it. If Dovecot had DNS RBL support similar to Postfix, I think quite a few people would use it, and thereby defeat the scanners far more effectively than any other method. It is good that other people are suggesting things that will work today, but in terms of what new feature would be the best solution, I can't think of one better than a DNS RBL. Please add this support to iptables instead of Dovecot. It's a waste of effort to code it into every application that listens on the network. head explodes Would you care to integrate it into IOS on my Cisco as well? There are things connected to the Internet that aren't PCs running Linux, you know. It may be hard to accept, but that's the way it is. I assume your dovecot runs on some kind of *nix Of course. I run it under Solaris. so there should be some sort of netfilter available which you can put in front of your listening ports. There is. But I already have a firewall, running on bulletproof hardware that doesn't depend on spinning disks. I don't want to add ANOTHER firewall when I already have a perfectly good one. Besides, my mail server is built for...serving mail. Not being a firewall. Well, from an academic point of view, a network service that denies connection on the ip layer is also an ip firewall. In a real-world datacenter at 3AM, academic points of view seldom, if ever, come into play. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: IP drop list
On 03/04/2015 04:33 PM, Professa Dementia wrote: On 3/4/2015 12:45 PM, Dave McGuire wrote: There is. But I already have a firewall, running on bulletproof hardware that doesn't depend on spinning disks. I don't want to add ANOTHER firewall when I already have a perfectly good one. Besides, my mail server is built for...serving mail. Not being a firewall. You can implement whatever type of security you are comfortable with, however, best practices is to have layered security, also known as the belt and suspenders method of keeping your pants up. A perimeter firewall and local firewalls (iptables usually) on each machine is the minimum level of security I set up. A perimeter firewall alone does not protect you from an attacker who is able to compromise one machine and install a scanner which then scan all the systems on your internal network looking for exploitable weaknesses. All the while the perimeter firewall is oblivious to the attack going on internally and utterly incapable of mitigating it even if it were aware. Yes, I have some experience in these matters, thank you. You've made my point for me. This is why I want Dovecot to handle the next layer, either via big flat files, a mysql/pgsql table, or DNS queries. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: IP drop list
On 03/02/2015 09:41 PM, Joseph Tam wrote: then setup fail2ban to manage extrafields Now that's a very interesting idea, thank you! I will investigate this. If you don't expect yor firewall to handle 45K+ IPs, I'm not how you expect dovecot will handle a comma separated string with 45K+ entries any better. My firewall can handle that without breaking a sweat. I just haven't found a way (that I'm comfortable with) to automatically inject rules into it from a machine on the network. Doing it via a DNSBL is an elegant solution to the problem, IMO. I'm agnostic as far as which method you want to use. All I'm saying is that using dovecot's allow_net facility is as difficult, if not more so, than letting your firewall handle it. I'm not disagreeing with you. As I stated above, getting new rules into my firewall in an automated way is not something I've found a good way to do yet. Granted, it has been a couple of years since I've googled around to see if anyone has been able to do it in a reasonably secure way. (Perhaps it's time for me to revisit that.) -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: IP drop list
On 03/02/2015 05:34 AM, Joseph Tam wrote: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets then setup fail2ban to manage extrafields Now that's a very interesting idea, thank you! I will investigate this. If you don't expect yor firewall to handle 45K+ IPs, I'm not how you expect dovecot will handle a comma separated string with 45K+ entries any better. My firewall can handle that without breaking a sweat. I just haven't found a way (that I'm comfortable with) to automatically inject rules into it from a machine on the network. Doing it via a DNSBL is an elegant solution to the problem, IMO. It offloads the IP address indexing to the DNS server; BIND (and most anything else I'd imagine, but I run BIND) uses a pretty respectable in-memory btree system which gives fast lookups. (well, at least that's what it used the last time I looked at its internals) I myself just want a mechanism to deny certain IP addresses when I spot them, regardless of the implementation. But anything that offloads my mail servers from anything that doesn't involve serving mail makes me happy. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: IP drop list
On 03/01/2015 06:34 PM, Benny Pedersen wrote: The other side of this equation, Postfix, has had this capability for years. Why it hasn't been added to dovecot is a mystery. It's the only thing (really, the ONLY thing!) that I dislike about dovecot. http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets then setup fail2ban to manage extrafields Now that's a very interesting idea, thank you! I will investigate this. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: IP drop list
On 03/02/2015 02:38 AM, Oliver Welter wrote: Guys, dovecot is open source - if you desire a feature that the upstream programmer did not include, pay him a bounty to do so or send him a patch to be included. Period. We can discuss and mightbe somebody will fork if he is not willing to accept such a solutuion for any political reason. I am really tired of reading this kind of complaints on OSS lists. and this is perhaps the second most predictable knee-jerk response. I am certainly capable of writing such a patch, but there is no point in expending the effort if it would not be included in the code base. The extreme negative reactions to this idea from people in this community, every time it has come up over the years, with almost rabid ramming of fail2ban down posters' throats (Benny Pedersen's excellent suggestion not included) suggests that a patch implementing such functionality would not be well received. The idea here is not to whine until somebody pops up and assumes that I don't know how the open-source software world works. I assure you that I do. The idea is to mention, vocally, a different use case in which fail2ban (again, excepting Benny Pedersen's excellent suggestion) is not an appropriate solution, as many times as it takes to make people realize that some networks aren't exactly like theirs. In the 1980s and 1990s, we fought the great assumption of all the world's a VAX running BSD, in which programmers everywhere wrote code that assumed EVERYONE was running that platform. Today we fight the all the world's an x86_64 box with a gazillibyte of memory running Linux mentality in exactly the same way. It's not any more palatable now than it was then. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: IP drop list
On 03/01/2015 04:25 AM, Reindl Harald wrote: I wonder if there is an easy way to provide dovecot a flat text file of ipv4 #'s which should be ignored or dropped? I have accumulated 45,000+ IPs which routinely try dictionary and 12345678 password attempts. The file is too big to create firewall drops, and I don't want to compile with wrappers *if* dovecot has an easy ability to do this. If dovecot could parse a flat text file of IPs and drop connections it would sure put a dent in these attempts. hence i asked month ago for RBL support because such lists are easy to feed into http://www.corpit.ru/mjt/rbldnsd.html - sadly i got no reply than use fail2ban and what not irrelevant if there is already a local dnsbl i guess for a C-programmer it takes not much more than 10 minutens include a config option to list rbl servers and close connections absed on the DNS responses I've been asking for this off-and-on for years, and people immediately parrot back just use fail2ban. I think fail2ban is a nice idea and all, but that suggestion assumes that I use iptables (I don't), I run firewalls on my servers (I don't; I run them on routers) and that I run Linux on my mail server (I don't). The other side of this equation, Postfix, has had this capability for years. Why it hasn't been added to dovecot is a mystery. It's the only thing (really, the ONLY thing!) that I dislike about dovecot. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: usenet/imap
On 09/12/2014 06:33 AM, Edwardo Garcia wrote: Depending on your news feed that will get huge over time, and if you try get a back feed of existing posts, thats even crazier, my upstream feeds me over FORTY THOUSAND text newsgroups. thats unrealistic to How much of these group are active? Or how many post a day on average you get? I realize you weren't asking me, but just to give you another data point, my server receives about 23,000 articles per day. This is nearly all groups minus the binaries. feed into imap, just advertise your news server, or if you dont have one, set up inn on a spare machine, hell for a couple thousand users, We looked at inn, it is, to be blunt, a diabolical mess , the access file is nightmare, it no limit user concurrency or daily limit by default without write external code, if inn is typical, is no wonder usenet is not as popular this days. With respect, this a load of crap. I was a commercial INN admin for many years, and I run it on my own network to this day. It's a fine piece of software, does its job very well, is easy to manage, and generally gives no guff. (Of course this is coming from the perspective of someone who ran C-news, and before that, B-news. B was mostly shell scripts!) Just try not to look at it as a mail server, because it isn't, and you'll be fine with INN. And for the record, Usenet is not as popular these days because most of the current inhabitants of the Internet are drooling morons who think the Internet and the WWW are the same thing, and that it's all one big TV. They'd never understand the concepts of Usenet in the first place. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: usenet/imap
On 09/11/2014 07:21 AM, Edwardo Garcia wrote: Has anyones had experiences with feeding usenet into imap folders, we like to have some group for all user, any problem with message limit? We only want the text newsgroups? I haven't, but I'm intrigued by the concept. Please summarize back here if you make any progress on this. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA
Re: [Dovecot] OT: Large corporate email systems - Exchange vs open source *nix based
On 12/11/2013 06:36 AM, Graham Leggett wrote: On 11 Dec 2013, at 12:36 PM, Stan Hoeppner s...@hardwarefreak.com wrote: The decision whether to stick with FLOSS or move to Exchange boils down to a few things, assuming management is making the decision, not the IT department. Why would you hire an IT department but then not allow the IT department to be making the IT decisions? Suits...they do it all the time. I usually quit when crap like that happens, but I seem in the small minority, being willing to compromise on my financial security before my principles. So most people put up with it, so suits keep doing it. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: [Dovecot] FTS what to use ?
On 01/15/2013 01:51 AM, Timo Sirainen wrote: NOTE: The squat code is quite slow for large mailboxes. There are also a few bugs that are unlikely to be fixed. In v2.1+ it's recommended to use fts-lucene instead. I'm running 2.1 and have just set up fts_solr. Should I scrap that and move to Lucene? -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: [Dovecot] FTS what to use ?
On 01/16/2013 12:17 AM, Timo Sirainen wrote: NOTE: The squat code is quite slow for large mailboxes. There are also a few bugs that are unlikely to be fixed. In v2.1+ it's recommended to use fts-lucene instead. I'm running 2.1 and have just set up fts_solr. Should I scrap that and move to Lucene? No, Solr is even better. Excellent, that's what I thought. Thank you. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: [Dovecot] Mark Crispin - RIP
On 01/09/2013 12:22 PM, Robert Moskowitz wrote: 'Father' of the IMAP protocol. Died Dec 28. http://en.wikipedia.org/wiki/Mark_Crispin :-( Had a TOPS-20 in his basement that did a great job of keeping the house warm in the cool months (I remember one BAR bof where he extoled the benefits of this form of home heating). Yup, and I agree with him! You can turn your electricity/gas/etc into heat in something boring like a furnace, or in something interesting like a big computer. I've yet to turn on my building's main gas feed this winter, because I'm running a VAX-7000 and a few big PDP-11s in here. The DECsystem-2020s are next. It's good for the soul. RIP Mark Crispin. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: [Dovecot] Anybody recognize these log lines?
On 10/21/2012 09:14 PM, Knute Johnson wrote: WARN: Duplicate profile 'Dovecot POP3', using last found WARN: Duplicate profile 'Dovecot Secure POP3', using last found WARN: Duplicate profile 'Dovecot IMAP', using last found WARN: Duplicate profile 'Dovecot Secure IMAP', using last found Anybody know if these are dovecot generated? Looks like output from the ufw firewall package. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: [Dovecot] testing fts-solr?
On 03/02/2012 05:13 PM, Robin wrote: On 3/2/2012 4:40 AM, Charles Marcus wrote: Please respond... I need to know whether or not I need to pursue this, since we use Thunderbird in house and will be switching soon to dovecot... This mailing list is for dovecot, not Thunderbird support. The lack of replies to Thunderbird usage questions no doubt reflects this. Please forgive me for jumping in, but I believe this is very much on-topic. It isn't a matter of Thunderbird support, it's a matter of Dovecot interoperability. Please DO keep stuff like this on-list. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
Re: [Dovecot] Thunderbird caching problem
On 08/31/2011 02:59 PM, Chris Cappuccio wrote: Using a fairly simple dovecot config (which obviously needs some max limit tweaking) we have problems with IMAP synchronization between thunderbird clients. Two TB clients in the same IMAP mailbox will, from time to time, show different views of the same INBOX folders, when TB caching is enabled. The only fix is to right-click on the folder, go to Properties and use the Repair Folder option which repairs the local TB .msf cache file. Is there any server-side fix/workaround that would keep TB from regularly going out-of-sync ? This happens with TB3 and newer versions, in concert with either dovecot 1 or 2. I ran into exactly this problem as well, it is infuriating. A workaround was discussed here awhile back. Sticking this in the protocol imap block of dovecot.conf solved the problem completely: imap_capability = IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDP LUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS That should all be one line; watch for wrappage. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] mail spool filesystem
On 08/19/2011 02:45 PM, Felipe Scarel wrote: I'm testing out ZFS-fuse on my new install (talked about it on the other thread), no issues so far. The builtin deduplication and compression sure do help a lot, roughly 30% less storage space required so far. They don't advertise it as exactly production quality, but I'm willing to try it out, we're doing regular backups. The mail system hasn't gone live yet though, so I'm a bit uneasy on the performance side of things under heavy load. You are aware that there's a real in-kernel ZFS implementation under Linux now, right? See http://zfsonlinux.org/. I've done some very basic testing with it, and so far, it works. Going through FUSE is slower than pissing tar; this implementation won't have that problem. FUSE is useful for many things. Performance-sensitive filesystems on production servers is oh-so-NOT one of them. ;) -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] mail spool filesystem
Good luck! FYI, my mail spools are on ZFS filesystems under Solaris on UltraSPARC. It is lightning fast with 100+ dovecot imap processes pounding away. I've not yet enabled compression and done the copy/recopy dance, though. -Dave On 08/19/2011 02:57 PM, Felipe Scarel wrote: I was not aware of that... I went with FUSE to test the deduplication feature of ZFS. I'll check out this link you've provided, many thanks Dave. :) On Fri, Aug 19, 2011 at 15:48, Dave McGuiremcgu...@neurotica.com wrote: On 08/19/2011 02:45 PM, Felipe Scarel wrote: I'm testing out ZFS-fuse on my new install (talked about it on the other thread), no issues so far. The builtin deduplication and compression sure do help a lot, roughly 30% less storage space required so far. They don't advertise it as exactly production quality, but I'm willing to try it out, we're doing regular backups. The mail system hasn't gone live yet though, so I'm a bit uneasy on the performance side of things under heavy load. You are aware that there's a real in-kernel ZFS implementation under Linux now, right? See http://zfsonlinux.org/. I've done some very basic testing with it, and so far, it works. Going through FUSE is slower than pissing tar; this implementation won't have that problem. FUSE is useful for many things. Performance-sensitive filesystems on production servers is oh-so-NOT one of them. ;) -Dave -- Dave McGuire Port Charlotte, FL -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] mail spool filesystem
On 08/19/2011 03:07 PM, Felipe Scarel wrote: Thanks, I've read some of the FAQ and install instructions and it seems pretty straightforward... I wish I could use Solaris but we're virtualizing everything on our Dell blade through VMWare ESXi and it's somewhat of a company policy to use the template Debian that's maintained by the senior sysadmin. Ahh, company policies...restricting innovation and hampering productivity and efficiencty for decades! About the compression, I've read some benchmarks/tests and the default lzjb algorithm seems to be a good cost/benefit for the usual applications. Without many reads to the filesystem, gzip compresses a whole lot better tho. I agree. I'm running a biggish Usenet news server in a similar configuration, but with compression enabled. I'm getting compression ratios of 1.26x with a ~12GB news spool, using gzip compression. I was expecting a bit more compression, but I'm certainly not complaining. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] thunderbird not receiving new incoming mail: Timeout while waiting for lock for transaction log file
On 6/12/11 12:34 AM, Noah Garrett Wallach wrote: I am running dovecot 1.0.10 and thunderbird 3.1.10 for OSX 10.6.7 and I am finding that new imap mail is not coming into my INBOX folder on thunderbird. there is an error message Timeout while waiting for lock for transaction log file in the syslog here is my INBOX .imap dir ~/mail/.imap/INBOX$ ls -l total 75100K -rw--- 1 blah blah 1462024 Jun 11 20:17 dovecot.index -rw--- 1 blah blah 75153408 Jun 11 20:17 dovecot.index.cache -rw--- 1 blah blah 1464 Jun 11 20:17 dovecot.index.log -rw--- 1 blah blah 195812 Jun 11 17:23 dovecot.index.log.2 what is the best way to troubleshoot this problem? what else can I look at? Hey there Noah, long time no see! Here, if I'm not mistaken, one imap process is waiting for a lock on dovecot.index.log while another imap process already has it locked. Are your spools on an NFS-mounted filesystem? That dovecot.index.cache file is gigantic; how big is the spool itself? If it's big, and it's in mbox format, and the machine is swamped, that sync could easily take long enough to cause another imap process to time out waiting for the lock. Man, can you imagine how awesome our mail servers would've been if we had Dovecot back in the Digex days in the mid-90s? Oh, to have a time machine.. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Question about Outlook workarounds
On 4/18/11 4:42 PM, Scott Silva wrote: Do the Outlook workarounds in Dovecot 1.x still apply to current versions of Outlook? Or has Microsoft fixed Outlook such that workarounds are no longer needed in Dovecot (and if so, after what version of Outlook can I remove the workaround settings in my dovecot.conf file)? According to Microsoft, Outlook isn't broken, the rest of the world is wrong... So no, they haven't fixed it. There's a reason the civilized world calls it LookOut! -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] RFE: IMAP LIST Extension for Special-Use Mailboxes
On 3/11/11 5:54 PM, Dennis Guhl wrote: would you consider adding support for IMAP LIST Extension for Special-Use Mailboxeshttp://www.rfc-editor.org/rfc/rfc6154.txt any time near in the future? I would really love to get rid of all those folders created by all those different mail clients just because they can't agree to use the same folder for special purpose. I would strongly endorse this request. Right there with you on that. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Multiple Concurrent IMAP Connections For Same User
On 3/6/11 10:22 AM, Timo Sirainen wrote: Obviously there's a difference in behaviour for some reason when TB3 interacts with Cyrus IMAP as it seems not to have a problem with that IMAP server. It's almost as if TB3 expects to be informed when there has been a deletion. (TB3 will notice other status changes such as a message being read etc.) You could try if setting imap_capabilities to everything except QRESYNC and CONDSTORE would make a difference. The wiki page I found on this is a little hazy; would this simply be a matter of: imap_capability = -QRESYNC -CONDSTORE ? -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Multiple Concurrent IMAP Connections For Same User
On 3/6/11 6:30 PM, Ed W wrote: No, only the OK Still here notifications are timed like that. If you have inotify/dnotify/kqueue enabled, Dovecot sends the actual mailbox changes to clients immediately when they happen. OK, but following that thought, it still seems possible for three connections behind a NAT to end up with one of them becoming disconnected due to a NAT timeout if the other connections aren't making changes which cause anything to trigger on the IDLE background process? (for ref, router is an Airport Extreme. Believed to have around a 30 min NAT timeout?) Someone doing stuff would cause the OK Still here to get backed up for all clients behind the NAT. The NAT will timeout outbound connections individually, so one user keeping their outbound connection alive could cause other connections to die due to backed up Still here to that IP? I guess I could try patching the hash to be less granular - would you be kind enough to remind me where in the code that hash is please? I'm reasonably sure there is a problem here, just not debugged it enough to capture the problem... It's been a longstanding pain in the arse, just not got serious enough vs the debugging effort that I've tried to tackle it... Note, in my case I have two machines with TB condstore disabled and they don't show problems, my machine enables condstore and I only believe the problem is on my machine. Hence I think condstore is part of the problem (but that seems consistent with the above theory). Also I only notice the problem when I have not used email for some time, but the other two folks have been... Nat? In my case, yes, both clients (iPhone and Thunderbird) are behind NAT from the perspective of the mail server. That said, I've been testing Timo's imap_capabilities suggestion for about the past 45mins, and it seems to solve the problem for me, at least so far. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Multiple Concurrent IMAP Connections For Same User
On 3/6/11 6:46 PM, Timo Sirainen wrote: That said, I've been testing Timo's imap_capabilities suggestion for about the past 45mins, and it seems to solve the problem for me, at least so far. So it sounds like there's a bug in someone's QRESYNC code. Either Dovecot or Thunderbird, but could be a bit difficult to find out whose.. A reproducible test case would of course be best. That'd be tough; it's definitely not repeatable here. It happens maybe 1/3 of the time. I hate that kind of bug. :-( -Dave -- Dave McGuire Port Charlotte, FL
[Dovecot] deleted messages not going away in Thunderbird?
Hi folks. This may be a dumb question, but I can't seem to find a clue. I'm running Dovecot v1.2.9 and Thunderbird v3.1.7. If I delete messages using a different IMAP client (I also use an iPhone and occasionally SquirrelMail), I would expect those messages to disappear from Thunderbird the next time I start it or click on Get Mail. In fact, they do...most of the time. Sometimes, however, they just stick around. If I do a Repair Folder on the inbox in Thunderbird, the messages go away. Is this a known issue? My gut tells me there's some Thunderbird option to make it follow inbox contents with more attention but I've not been able to find it. Thanks, -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Multiple Concurrent IMAP Connections For Same User
Ok, this is too weird. Not ten seconds ago I sent a message to the list about what could be exactly this problem. I'd been fighting with it for ages but only today became annoyed enough to send a message about it. So telling Thunderbird to only use one server connection solves this problem? -Dave On 3/5/11 11:04 AM, Stephen Usher wrote: I know that this is a somewhat old thread but I do have some useful input. Basically, this seems to be a Thunderbird problem (or at least an interaction problem between Thunderbird and Dovecot). Before Thunderbird version 3 there wasn't a problem, the mailbox within Thunderbird would sync correctly. As of version 3 they seem to have changed their mailbox header list caching code and it gets horribly confused when mails disappear from the mailbox without it doing so. The only way to fix the view within the program is the rebuild the (Thunderbird) index. This is not the only problem TB3 has with Dovecot. Quite often if there are large attachments TB doesn't fully load the attachments (and sometimes not even the mail itself). I've found changing TBs setting so that it only uses one connection to the server rather than the default 5 helps mitigate this. I'm not sure why TB3 has such a hard time when talking to Dovecot as no other clients have any difficulty and TB2 never did. Steve P.S. Our system is a Solaris 10 x86 box running Dovecot 1.2.x with Maildir++ folders. -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Best (fastest + most stable) search config...
On 11/5/10 9:17 AM, Ed W wrote: compare. Unfortunately I don't have a test system available to do all the mailbox types. I can only test mbox on my production system. That When you rebuild your server, switch to some kind of virtualisation option! Never again will you not have a test architecture or any issue in spinning out a quick system to try something out. With so many quite simple to use options available these days there is really near zero reason not to use virtualisation on your next server? Just to put a stake in the ground - I have had very good success with linux-vservers. These are effectively a kind of chroot on steroids and similar to lxc containers, etc. This type of virtualisation is very lightweight (and not really a proper virtualisation to be fair) and it's extremely straightforward to migrate machines between real hardware, copy a machine for testing, backup, etc (takes around 1-3 mins to duplicate most of my virtualised machines - some might argue that's slow, but it's good enough for me) I'm sure there are a bunch of reasons you can't use this today, but hopefully something to plan ahead for? I have to second this recommendation. For what little x86-based stuff I do, I've gleefully gulped down the VMware ESXi kool-aid and absolutely love it. For bigger stuff, Solaris 10 on big multiprocessor UltraSPARCs with Zones virtualization is wonderful. It's extremely handy to be able to fire up a new system at any time, even as a temporary sandbox on a whim just to try something out. -Dave -- Dave McGuire Port Charlotte, FL
[Dovecot] Converting layouts, was Re: LAYOUT=maildir++ under mbox?
On 9/6/10 12:30 PM, Timo Sirainen wrote: Under LAYOUT=fs perhaps the default_separator ought to be '.', and under LAYOUT=maildir++ perhaps the default_separator ought to be '/', regardless of the mailbox format :-) It works like that, except the opposite way. With LAYOUT=fs the default separator is '/' because the hierarchies are separated by the '/' directory separator. With Maildir++ it's '.', because the separator in disk is '.'. So only the layout determines what hierarchy separator is in use. Of course, each mailbox format has their default layout. This is only tangentially related, please forgive me for that, but is there any automated way to convert an existing hierarchy of '.'-separated folders to a LAYOUT=fs configuration? -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] OT list modification Re: nfs director
On 8/27/10 11:15 PM, Noel Butler wrote: I dont think we are living in the 19th century now, I think its time for the html to txt conversion to be scrapped, its screwed up the paragraph formatting ( and few other things in recent times I've seen) more than once, making it look like an a5 size book page. how about it? Oh right, the 20th century is the century of protocol abuse for people who think everything on the network should be a web page, and everything on the net should be accessed with a web browser. If this change is made, I for one will ditch this list and just rely on searching the archives. I get enough HTML garbage from clueless morons all day long, I don't need more of it from a supposedly clueful group. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] v2.0.0 released
On 8/16/10 10:49 AM, Timo Sirainen wrote: As promised last Friday, here's the v2.0.0 release finally. Congratulations, Timo! -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] v2.0.0 released
On 8/16/10 6:25 PM, Dennis Clarke wrote:
pool_vfuncs {..} v, unsigned int alloconly_pool :1, unsigned int
datastack_pool :1}, pointer to const struct imap_match_glob
{pointer to struct pool {..} pool, pointer to struct
imap_match_pattern {..} patterns, char sep, array[-1] of char
patterns_data}) returning pointer to struct imap_match_glob
{pointer to struct pool {..} pool, pointer to struct
imap_match_pattern {..} patterns, char sep, array[-1] of char
patterns_data}
previous: function(pointer to struct pool {pointer to const struct
pool_vfuncs {..} v, unsigned int alloconly_pool :1, unsigned int
datastack_pool :1}, pointer to const struct imap_match_glob
{pointer to struct pool {..} pool, pointer to struct
imap_match_pattern {..} patterns, char sep, array[-1] of char
patterns_data}) returning pointer to struct imap_match_glob
{pointer to struct pool {..} pool, pointer to struct
imap_match_pattern {..} patterns, char sep, array[-1] of char
patterns_data} : imap-match.h, line 33
imap-match.c, line 214: identifier redeclared: imap_match_globs_equal
current : function(pointer to const struct imap_match_glob
{pointer to struct pool {..} pool, pointer to struct
imap_match_pattern {..} patterns, char sep, array[-1] of char
patterns_data}, pointer to const struct imap_match_glob {pointer
to struct pool {..} pool, pointer to struct imap_match_pattern
{..} patterns, char sep, array[-1] of char patterns_data})
returning _Bool
previous: function(pointer to const struct imap_match_glob
{pointer to struct pool {..} pool, pointer to struct
imap_match_pattern {..} patterns, char sep, array[-1] of char
patterns_data}, pointer to const struct imap_match_glob {pointer
to struct pool {..} pool, pointer to struct imap_match_pattern
{..} patterns, char sep, array[-1] of char patterns_data})
returning _Bool : imap-match.h, line 36
cc: acomp failed for imap-match.c
gmake[3]: *** [imap-match.lo] Error 1
gmake[3]: Leaving directory
`/export/medusa/dclarke/build/dovecot/sparc/dovecot-2.0.0-sparcv8-001/src/lib-imap'
gmake[2]: *** [all-recursive] Error 1
gmake[2]: Leaving directory
`/export/medusa/dclarke/build/dovecot/sparc/dovecot-2.0.0-sparcv8-001/src'
gmake[1]: *** [all-recursive] Error 1
gmake[1]: Leaving directory
`/export/medusa/dclarke/build/dovecot/sparc/dovecot-2.0.0-sparcv8-001'
gmake: *** [all] Error 2
[mimas]
So that stops me while I figure out what the issue is with imap-match.h
and/or imap-match.c in the Solaris world while using Sun Studio 11.
Works fine here with the 12.1 compiler. Solaris 10 on UltraSPARC,
current patches, on both the OS and the compilers. My CFLAGS:
-fast -xtarget=ultra3 -m32 -xarch=sparcvis2
-Dave
--
Dave McGuire
Port Charlotte, FL
Re: [Dovecot] v2.0.0 released
On 8/16/10 8:38 PM, Dennis Clarke wrote: Works fine here with the 12.1 compiler. Solaris 10 on UltraSPARC, current patches, on both the OS and the compilers. My CFLAGS: -fast -xtarget=ultra3 -m32 -xarch=sparcvis2 The is ye ol'production Solaris 8 and thus Sun Studio 11 is needed. Oh. Eeeew. :) Problem solved simply by using GCC 4.5.1 from Blastwave ( of course ). I wonder how GCCFSS would do. Will it even run under Solaris 8? Question for you: why would you use -m32 with an -xarch=sparcvis2 ? Why not go for greatest possible portability and range of processors with something like this : CFLAGS=-m32 -Qy -Xa -xbuiltin=%none -xnolibmil -xnolibmopt -xcode=pic32 -xildoff -xregs=no%appl -xs -xstrconst -D_TS_ERRNO Because I don't intend to run it on a range of processors. =) If you feel like some optimization then chuck in -xO3 and -xdepend however I'd test the resultant bins from a basic compile first. Just my 0.02 Fair enough, and I appreciate your advice. My goal in this case is to generate the fastest binaries possible on the machine it's being built on, which is identical to the machine it's going to be run on. There's zero need for portable binaries in this particular installation. -Dave -- Dave McGuire Port Charlotte, FL
[Dovecot] need convert-tool advice
Hi folks,
I've got a few thousand accounts that I'd like to convert from mbox to
maildir. I'm looking at using convert-tool from the command line to do
this, but I'm uncertain about the command line syntax, so I hope someone
can take a moment to go over this with me.
I'm running dovecot 1.1.6 on this system. Mail accounts are not tied
to UNIX system accounts, I'm using the dovecot LDA, users do not have
home directories, everything is controlled from a database, and mail
directories take the form of:
/var/spool/mail/domainname/username/...
The mail directories contain mbox-style spool files, including inbox
and any user-created mbox-format folders. The entire hierarchy is owned
by vmail.vmail.
I'd like to batch-convert these offline in such a way that it's
transparent to users. Here's what I have so far:
mv ${user} ${user}-mbox
convert_tool ${user} \
/var/spool/mail/${domain}/${user} \
mbox:/var/spool/mail/${domain}/${user}-mbox:\
INBOX=/var/spool/mail/${domain}/${user}-mbox/inbox \
maildir:/var/spool/mail/${domain}/${user}
(sorry about that incomprehensibly long command line, I tried to break
it intelligently)
...then I'll change the mail field returned by the database query to
include maildir instead of mbox. I'll wrap the whole thing in a script
and do it in one run.
Is this correct usage of convert_tool's command line options? The
thing that confuses me is the home directory command line option, not
sure what that's for, as my mail users don't have home directories...at
least not in the UNIX sense, does it mean something else? Will the
users notice anything different here, with respect to UIDs, indices, or
anything like that?
If this is completely the wrong way to do it, I'm not opposed to using
a different tool like mb2md.pl, but I looked at that and couldn't quite
figure out how to make it work within my current directory structure.
Thanks,
-Dave
--
Dave McGuire
Port Charlotte, FL
Re: [Dovecot] SQL Server
On 5/22/10 9:59 PM, Michael Orlitzky wrote: If you can access the Microsoft SQL Server from the machine hosting Dovecot, there should be no problem at all. I have used Microsoft's SQL sever for for several projects and it is an extremely fast and robust piece of software. Perhaps you could post a clearer picture of exactly what you are attempting to accomplish. Sorry. I should have been more specific. I want to use SQL Server for the userdb and password database. I looked through the wiki and did a number of searches but could not find an answer. If I were to use sqlite, mysql, or pgsql, these would be listed under driver = in the dovecot-sql.conf (or whatever you want to name it). How would you go about using SQL Server? There is no sql-server driver as far as I know. I have and am currently using dovecot from passwd files and from sqlite databases so I am pretty familiar with how everything works. I am just not sure how to go about this for SQL Server. Thank you. You can specify arbitrary .NET DLL functions to be executed from triggers in Microsoft SQL Server, and there are .NET libraries to talk to Postgres, so just do it the other way around: run Dovecot off of a local Postgres install, and feed it data from Microsoft SQL every time something changes. ... [excellent example snipped] Wow, very nice. This'll give you the benefit of not having your mail system go down every time Windows blows up. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Regarding: **OFF LIST** subject declaration
On Feb 24, 2010, at 2:06 PM, Jerry wrote: Seriously, I just have to ask this question. Why mark via the subject line a message as OFF LIST and then send it via the normal list framework. Doing so only insures that the message is actually ON LIST irregardless of what nomenclature is used in the subject line. If a message is truly supposed to be OFF LIST, then why not send it directly to its intended recipient(s)? If, on the other hand, it is meant for general review by the groups members, then why mark it OFF LIST to begin with? Um, wow. Like you've never intended to send someone an off-list message, got finished typing it, then forgot to change the To: line? -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Regarding: **OFF LIST** subject declaration
On Feb 24, 2010, at 2:39 PM, Jerry wrote: Seriously, I just have to ask this question. Why mark via the subject line a message as OFF LIST and then send it via the normal list framework. Doing so only insures that the message is actually ON LIST irregardless of what nomenclature is used in the subject line. If a message is truly supposed to be OFF LIST, then why not send it directly to its intended recipient(s)? If, on the other hand, it is meant for general review by the groups members, then why mark it OFF LIST to begin with? Um, wow. Like you've never intended to send someone an off-list message, got finished typing it, then forgot to change the To: line? Not that I am aware of Well, you're less error-prone than I, then. I've been doing email for upwards of thirty years and still make that mistake from time to time. and why would I put a declaration like that in the subject line if I was sending it directly to its intended recipient? That's simple list(member) etiquette. When you see a message pop into your inbox with the same (or similar) subject as a list thread, it's natural to assume that it's a list message. When replying, one might be tempted to set the reply to the list. If the person sending the off list message doesn't want that information to accidentally become public, that person should say so. In any case, I certainly would not follow it up with an ON LIST declaration. Admit it, it does seem rather absurd. Well, the on list part is kinda obvious. ;) -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] scalability
On Feb 12, 2010, at 4:57 PM, Jonathan Tripathy wrote: How scalable is dovecot. Do you think a machine with a dual core 2.8Ghz processor and 2GB of RAM would do a business with 600 users? This server will have a 100Mbps link to the net, however it will be access by the business using a couple of ADSL lines (Roughly 7Mbps each). I'm running about twice that (though mostly low-traffic users) on about 2/3 of a machine at one site. Dovecot is VERY fast. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] mdbox, dsync
On Jan 29, 2010, at 11:59 AM, Frank Cusack wrote: Anyway, let's hope it doesn't now corru. d...@...x. LOST CARRIER huh? soda - keyboard -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] maildir on zfs (was: mailbox format w/ separate headers/data)
On Jan 22, 2010, at 9:22 PM, Frank Cusack wrote: but I wonder if anyone here is running lots of Maildirs on zfs? When you say lots of Maildirs I assume you mean filesystem-per-user? You can of course use lots of Maildirs yet have only a single zfs filesystem but that doesn't seem to me to be worth questioning. I am running that way but it's less than 100 users so probably not what you would consider lots. I'm in the same usage range for my ZFS-backed mail server. I'd seen some comments here in the past that zfs+maildirs = bad. I can't imagine why that would be the case. There are some problem loads for zfs (zfs-backed NFS writes, e.g.) but why maildir would be particularly singled out I wouldn't know. I'm doing everything on ZFS now (database loads, web services, etc) and will never go back to UFS. (or ext3, etc) Zero problems, with anything, ever. For filesystem-per-user, if by lots you mean 1000 or 1000s then you have the problem that it takes forever to mount all of those filesytems on reboot. That's not a maildir-specific problem though. I'm running filesystem-per-domain; I've found that's a good way to do it for my situation. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Max IMAP fodlers
On Dec 8, 2009, at 2:26 PM, Timo Sirainen wrote: # v1.1+ only: mail_location = maildir:~/Maildir:LAYOUT=fs Can I just change for that user and it will convert it? or does the folders have to by physically moved as well. I don't think the convert plugin would do this, With v2.0 dsync could do this :) dsync convert 'maildir:~/Maildir-fs:LAYOUT=fs' I think convert-tool could also do it, but it wouldn't preserve UIDs. And I'm not sure if it would actually copy or hard link the files. In any case neither would do just simple renaming.. Would this just be a matter of creating subdirs and moving the files? If there are no other concerns, a simple awk script could to that pretty easily. -Dave -- Dave McGuire Port Charlotte, FL
[Dovecot] 1.1 - 1.2 upgrade?
Hey folks. I'm currently running Dovecot v1.1.6, and would like to move to 1.2.x soon. I'm using MySQL-backed LDA and fully virtualized mailboxes. Are there any upgrade gotchas I should be aware of? How much config file hacking should I expect? Thanks, -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] 1.1 - 1.2 upgrade?
On Dec 4, 2009, at 1:11 PM, Timo Sirainen wrote: Hey folks. I'm currently running Dovecot v1.1.6, and would like to move to 1.2.x soon. I'm using MySQL-backed LDA and fully virtualized mailboxes. Are there any upgrade gotchas I should be aware of? How much config file hacking should I expect? http://wiki.dovecot.org/Upgrading/1.2 lists everything you need to know about. Ahh, I should've looked there first. Perfect...thanks! -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] busy / developers documentation
On Dec 1, 2009, at 6:39 PM, Timo Sirainen wrote: Just thought I'd mention that I probably won't be answering mails very actively this week while I'm in San Antonio (and I was kind of busy last week too). Hopefully I'll get back to answering/bugfixing next week.. Have a good trip! I also started writing developers documentation to http:// wiki.dovecot.org/Design. Comments welcome. Some things I had planned next: - istream internals - lib-storage API docs - ..? This is great news, thanks! One thing in particular that I'd like to see is something on writing plugins. I have several ideas of plugins I'd like to write but have hesitated to get started due to not wanting to basically dig through tons of source to figure out how to interface to Dovecot's internals. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] busy / developers documentation
On Dec 2, 2009, at 6:54 PM, Timo Sirainen wrote: Actually my current ideas have nothing to do with storage; I want to be able to access messages (including body text) during the delivery process. It's possible that you still should be using lib-storage to do whatever you wanted to do, because the incoming message gets put into internal raw storage. But then again, maybe you need to do something similar to Sieve and set deliver_mail variable to point to your own function (and then call the original if necessary). Hmm, ok. I'll go over the docs. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Problem compiling dovecot 1.2.8 on Solaris 10?
On Nov 20, 2009, at 2:40 PM, Drew Schatt wrote: I've got an issue using Sun's compilers on Solaris 10 - it appears that dovecot is trying to use the getopt function, that's part of GNU's glibc, and, therefore, not present when using Sun's compilers. Any ideas on how to resolve? cc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib- auth -I../../src/lib-mail -I../../src/lib-imap -I../../src/lib- index -I../../src/lib-storage/index/maildir -I../../src/auth - DPKG_RUNDIR=\/usr/local/var/run/dovecot\ -I/usr/local/include - I/usr/local/ssl/include -D_XPG6 -L/usr/local/lib -L/usr/local/ssl/ lib -KPIC -lm -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -xc99 -I/ usr/local/include -I/usr/local/ssl/include -L/usr/local/lib -L/usr/ local/ssl/lib -D_XPG6 -xstrconst -KPIC -lm -D_LARGEFILE_SOURCE - D_FILE_OFFSET_BITS=64 -c authtest.c authtest.c, line 164: warning: implicit function declaration: getopt authtest.c, line 167: undefined symbol: optarg authtest.c, line 167: warning: improper pointer/integer combination: op = authtest.c, line 170: warning: improper pointer/integer combination: op = authtest.c, line 176: undefined symbol: optind authtest.c, line 178: undefined symbol: optind cc: acomp failed for authtest.c Hey Drew, fancy meeting you here. ;) Building 1.2.x under Solaris is on my to-do list for this weekend, so if nobody has any suggestions today, I'll figure it out. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] compiling issue 1.2.6 - Solaris
On Oct 6, 2009, at 10:21 AM, Bruce Bodger wrote: Same type of problem here on OS X 10.5.8 Server. Command line to configure: ./configure --with-ssldir=/System/ Library/OpenSSL --with-ssl=openssl .. Undefined symbols: _SSL_get_current_compression, referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl- proxy-openssl.o) _SSL_COMP_get_name, referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl- proxy-openssl.o) What OpenSSL version do you have? I thought those compression functions were new enough that everyone would have them by now.. bash-3.2# /usr/bin/OpenSSL version OpenSSL 0.9.7l 28 Sep 2006 A bit of oddity I just discovered by viewing source code at http:// www.opensource.apple.com/ OS X 10.5.8 - OpenSSL 0.9.7l 28 Sep 2006 OS X 10.6.0 - OpenSSL 0.9.6l 04 Nov 2003 OS X 10.6.1 - OpenSSL 0.9.6l 04 Nov 2003 Looks like they moved back to 0.96l in later versions. A SIX YEAR OLD release?! -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] compiling issue 1.2.6 - Solaris
On Oct 6, 2009, at 11:32 AM, Axel Luttgens wrote: [...] A bit of oddity I just discovered by viewing source code at http://www.opensource.apple.com/ OS X 10.5.8 - OpenSSL 0.9.7l 28 Sep 2006 OS X 10.6.0 - OpenSSL 0.9.6l 04 Nov 2003 OS X 10.6.1 - OpenSSL 0.9.6l 04 Nov 2003 Looks like they moved back to 0.96l in later versions. A SIX YEAR OLD release?! Doing a openssl version here on 10.6.1, I get: OpenSSL 0.9.8k 25 Mar 2009 Looks like there's an error in the web page on Apple's OpenSource site. Ahh, whew. That is a relief. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] dsync - one or two ways?
On Jul 17, 2009, at 2:47 PM, Timo Sirainen wrote: dsync in Dovecot v2.0 tree is a new utility for syncing a mailbox in two locations. Some things it can be used for: - Initially transfer a mailbox to another server via SSH - A faster sync done to an existing mailbox, sending only changes - A superfast sync based on modification sequences. - Source and destination mailboxes can use different formats (convert-tool will be history) dsync can handle all kinds of conflicts in mailboxes, handle mailbox deletions, renames, etc. So it's safe to sync even if both source and destination mailboxes have had all kinds of changes. Wow, that will be very handy! Thanks!! Now, the question is: Does anyone want dsync to only sync changes from source to destination, instead of doing a full two-way sync? I think in typical cases where you'd think you would want only one-way sync are also the cases where there's no changes coming the other way in any case. I think a two-way sync would be useful functionality to have, perhaps tied to a command line option, at least for the sake of completeness. It would also open up possibilities for having an offline IMAP server, which might be useful for mobile workgroups and such that may not always have full connectivity. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Lots of pop3-logins
On Jun 25, 2009, at 10:07 AM, Rodman Frowert wrote: Doing a ps aux on my Slackware box, I have approx 100 PID's of pop3-login's going on. This is a production mail server, but it is getting VERY low traffic. In fact, only 3 people can pop3 into it. I've check their e-mail clients, and they are not checking mail any more often than every 5 minutes. This is a new installation and I've had the server up and running since Sunday. If it matters, I'm using Postfix for the MTA and using the Dovecot SASL library to AUTH SMTP. Is this a cause for concern? Why does Dovecot need this many processes? Take a look at your log file. Is there a dictionary attack taking place? I get this all the time. I want to find these little cracker kiddies and break their fingers. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Lots of pop3-logins
On Jun 25, 2009, at 3:46 PM, Timo Sirainen wrote: You can also just decrease login_process_max_count. If Dovecot reaches the limit, it'll just start killing off old connections that haven't logged in. I don't see this option in my dovecot.conf. Was it added after 1.1.6? -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Dovecot + FreeBSD-7.2 + ZFS ?
For what it's worth, I've been running Dovecot (and a whole slew of other stuff) on ZFS for about a year now, but under Solaris, not FreeBSD. Very fast, no stability problems. It's being hit pretty hard and handles it well. Just FYI. -Dave On Jun 8, 2009, at 6:01 AM, Frank Bonnet wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Thanks for the feedback ! I'll plan to run it at 7.2 and of course certainly not on a production server without numerous tests ! Dino Ming wrote: Just to let you guys know, I have nightmare with FreeBSD 7.0- RELEASE + ZFS. It brought to me an unrecoverable filesystem error. It is a good technology. But I would wait for it to be more mature before production. I would highly suggest to run a stress test if you really bring it to production state. Dino. Frank Bonnet wrote: Geoffroy Desvernay wrote: Frank Bonnet a écrit : Hello Anyons has tested this configuration with success ? I'll test it in few days and I am wondering if I am alone :-) Not ZFS, but various combinations of dovecot 1.1.15+FreeBSD(7.1 and 7.2)+(NFS and UFS). No problem for us® ;) Yes I too , just curious about ZFS -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.11 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkos4ZIACgkQ6f7UMO5oSsXUjACeJCrMjVvQwh7sW6h5Vaw6vMqN HRQAoJR7j0jSPtxsBzntaBzZgc4JAJe1 =gVum -END PGP SIGNATURE- -- Dave McGuire Port Charlotte, FL
[Dovecot] plugin API docs?
Is there any documentation for the plugin API? A cursory glance through the docs didn't turn up anything. Thanks, -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] plugin API docs?
On May 28, 2009, at 5:35 PM, Timo Sirainen wrote: Is there any documentation for the plugin API? A cursory glance through the docs didn't turn up anything. There isn't really even a plugin API. Plugins use the same API as the rest of the Dovecot. Although there are a few hooks that plugins typically use. If you're doing anything mail related the important places to look at are src/lib-storage/mail-storage*.h. Currently there isn't really any more documentation. http://wiki.dovecot.org/Design may help a bit. Understood, thanks! I'll check them out. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Compiling v1.3 on different OSes
On Apr 6, 2009, at 2:08 PM, Timo Sirainen wrote: I was hoping to finally get shared libdovecot.so and libdovecot-storage.so libraries for v1.3, so Sieve (and maybe others) could link against them. But I'm running into trouble getting it to compile in Solaris 10. Could you non-Linux users test if this compiles with you? http://dovecot.org/tmp/dovecot-1.3.UNSTABLE.tar.gz Or if anyone has ideas why this happens, I'd like to know: libtool: link: gcc -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes - Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 - Wbad-function-cast -Wstrict-aliasing=2 -I/home/cras/include - o .libs/rawlog rawlog.o ../lib-dovecot/.libs/libdovecot.so -lrt - lsocket -lsendfile -Wl,-rpath -Wl,/usr/local/lib/dovecot ../lib-dovecot/.libs/libdovecot.so: undefined reference to `dler...@sunw_1.22' ../lib-dovecot/.libs/libdovecot.so: undefined reference to `dlo...@sunw_1.22' ../lib-dovecot/.libs/libdovecot.so: undefined reference to `dl...@sunw_1.22' ../lib-dovecot/.libs/libdovecot.so: undefined reference to `dlcl...@sunw_1.22' If I disable plugins (so dl*() functions aren't used) it compiles, so it's only those functions that are problematic. pvs -s /lib/libc.so lists the dl* functions under SUNW_1.22 so I'd think that should have worked.. I don't see -ldl in there anywhere.. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Dovecot 1.2 beta1 in Solaris 10 for sparc, error reading maildir format?
On Mar 25, 2009, at 12:35 PM, Timo Sirainen wrote: Timo, well i have change this (to erase optimization flags): CFLAGS='-xtarget=ultra3 -xarch=v8plusa -fast' to this: CFLAGS='-xtarget=ultra3 -xarch=v8plusa -pipe' Then recompile everything (dovecot 1.2beta2 with dovecot-1.2.beta1- managesieve-0.11.3.diff.gz patch, dovecot-1.2-sieve-0.1.3 and dovecot-1.2-managesieve-0.11.3.(same versions as before) Now it is working right, can it be something is this optimization flag (-fast) that it is breaking something. It wouldn't be the first time when Sun CC's optimizer bug has broken Dovecot. I guess it might even be the same bug. -fast is a macro option that expands to several optimization flags, and the flags to which it expands are dependent upon the version of the compiler. When something like this happens, it is useful to obtain the expansion of -fast from the compiler documentation and try the options individually, and determine which one is breaking the compiled code. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] mailing lists and Dovecot deliver (lda)
On Feb 10, 2009, at 4:24 PM, Roderick A. Anderson wrote:
I'm trying to figure out a way, or if it is even possible, to use
mailing list software (majordomo2) on a Postfix + Dovecot + virtual
mailboxes system. And where I should be looking.
The examples on the Postfix site don't seem to address a purely
virtual mailboxes system and I haven't found anything about doing
it with deliver.
I think I'm at the wrong tree (Dovecot deliver) and should be
pestering the Postfix list.
FTR, I host some sites for not-for-profits and they have asked
about setting up lists. So far I've dodged the question but would
like to attempt it now.
I have done this with great success. I must be brief as I'm in a
rush, but here's the basic overview:
- Create a new transport in master.cf, I called it mailman. It
looks like this:
---
mailman unix - n n - - pipe
flags=FR user=mailman:nobody
argv=/usr/local/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
---
The postfix-to-mailman.py script can be found via google. I had
to make some minor changes to the one I found; I can send you mine if
you get stuck.
- Create a pseudo-subdomain (not in DNS) for Mailman, I used
lists.domainname.
- Set the transport for the lists.domainname to be mailman:
in your transport map.
- Rewrite all relevant listaddress@domainname addresses (-
admin, -request, etc) into the lists subdomain of the form
listaddress@lists.domainname using virtual aliases.
If you run into trouble, contact me off-list and I'll try to help.
-Dave
--
Dave McGuire
Port Charlotte, FL
Re: [Dovecot] v1.1.11 released
On Feb 7, 2009, at 12:06 PM, Brad wrote: On Saturday 07 February 2009 04:02:56 Frank Cusack wrote: Well now, there's lot of code you might see which isn't correct, e.g. the very common #!/bin/sh but the code is actually a bash script. Being someone that has to fix this stuff I see A LOT of people improperly writting bash scripts and 99% of the time the bash-isms are not necessary at all. Yup, I run across that with some frequency myself. It's pretty annoying. The basic assumption seems to be that /bin/sh is always bash. In the 1980s, the annoying assumption was all the world's a VAX. Now, it's all the world's a PC running Linux. *grumble* -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Firewalls are [essentially] free - WAS: Re: Source patches from Apple
On Dec 14, 2008, at 11:22 AM, Charles Marcus wrote: and I'm not interested in running a firewall on my mail server. Wow.. I can't imagine NOT running a mail server without a firewall... you put in so many negatives there that the meaning came out the opposite of what you wanted, I suppose. Two is not 'so many'... the meaning is plain (for anyone who understands english)... But I think, like Zed, this thread is dead. Ahh, one of my favorite movies. :) -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Firewalls are [essentially] free - WAS: Re: Source patches from Apple
On Dec 14, 2008, at 11:57 AM, Giuliano Gavazzi wrote: and I'm not interested in running a firewall on my mail server. Wow.. I can't imagine NOT running a mail server without a firewall... you put in so many negatives there that the meaning came out the opposite of what you wanted, I suppose. Two is not 'so many'... the meaning is plain (for anyone who understands english)... you make my point, as the negatives were three (can not - NOT - with no) for anyone understanding english... so the meaning was reversed (unless you meant otherwise...). But I think, like Zed, this thread is dead. uh? who is this Zed? My remark was just a frivolous post mortem then. It's a reference to a movie entitled Pulp Fiction. -Dave -- Dave McGuire Port Charlotte, FL
