Re: [Dovecot] nfs director
Brandon, I just fail to see why adding more complexity, and essentially making $9K load balancers redundant, is the way of the future, Timo has said its very safe for index's if non dovecot programs write to the maildir, so why the hell is it deliberately left risky using dovecots deliver, I've seen this all before in other setups/software, adding extras that depend on this that and whatever, to make it nifty and play nice when it can be done a simpler way, and it always leads to higher downtime in the end, hence my refusal to go the director way, the simplest and easiest out is to stop using deliver and use postfix's virtual which is what Ill look at if it gives us problems that way there will be no risk (according to Timo) and without added programs running and depending on each other, thus keeping our points of failure low which is why our mail servers have not had one single bit of downtime since I took over. point in case is with hte OP's initial comment: if director service assign 60K user to each front end, how it handle if 5K simultaneous user login, but all 5K happen to be assign to that one machine, it do all work whilst other 7 server sit there do nothing negating what the LB is design for? makes perfect sense if he is that big that it assings 60K to each director that in peak periods theres a real risk, no mater how low, that everyone logging in, is in one particular directors list, flooring that box with I/O whilst his others sit there with one or two users on it. I really thought we got over the NFS corruption stuff when Daniel wrote Maildir ... *sigh* On Thu, 2010-08-26 at 22:28 -0700, Brandon Davidson wrote: Noel, On 8/26/10 9:59 PM, Noel Butler noel.but...@ausics.net wrote: I fail to see advantage if anything it add in more point of failure, with i agree with this and it is why we dont use it we use dovecots deliver with postfix and have noticed no problems, not to say there was none, but if so, we dont notice it. We might be a slightly larger install than you (60k users, mail on FAS 3170 Metrocluster), but we have noticed corruption issues and the director is definitely going to see use in our shop. We still use Sendmail+procmail for delivery, so no issue there... but we've got hordes of IMAP users that will leave a client running at home, at their desk, on their phone, and then will use Webmail on their laptop. Without the director, all of these sessions end up on different backend mailservers, and it's basically a crapshoot which Dovecot instance notices a new message first. NFS locking being what it is, odds are an index will get corrupted sooner or later, and when this happens the user's mail 'disappears' until Dovecot can reindex it. The users inevitably freak out and call the helpdesk, who tells them to close and reopen their mail client. Maybe you're small enough to not run into problems, or maybe your users just have lower expectations or a higher pain threshold than ours. Either way, it's unpleasant for everyone involved, and quite easy to solve with the director proxy. Timo has been saying for YEARS that you need user-node affinity if you're doing NFS, and now he's done something about it. If you've already got a load balancer, then just point the balancer at a pool of directors, and then point the directors at your existing mailserver pool. shameless plug For health monitoring on the directors, check out: http://github.com/brandond/poolmon /shameless plug -Brad
[Dovecot] Some questions about Shared mailboxes
Hi, again. 1. Can somebody explain me about dovecot's shared mailboxes? 2. What does it do while searching shared mailboxes (debug_log cannot explain it)? What files is it looking for? 3. Need i set dovecot-shared file into directory which are shared (if i want to have separate flags for separate users)? 4. Some errors are hard to understand. For example, # pwd /var/spool/vmail/domains/badmltd.dn.ua # ls -l drwx-- 3 mailnull mail 4096 Авг 27 09:24 admin drwx-- 3 mailnull mail 4096 Июн 3 10:51 exim drwx-- 3 mailnull mail 4096 Мар 26 15:08 iif drwx-w 3 mailnull mail 4096 Мар 11 15:53 jack drwx-- 2 mailnull mail 4096 Авг 27 09:28 Maildir drwx-w 3 mailnull mail 4096 Авг 27 09:25 test Why did dovecot create Maildir folder??? And what mean this lines at the end of debug.log. Aug 27 09:28:42 imap(za...@badmltd.dn.ua): Debug: Namespace : type=shared, prefix=shared/%n/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no Aug 27 09:28:42 imap(za...@badmltd.dn.ua): Debug: shared: root=/var/run/dovecot, index=, control=, inbox= Aug 27 09:28:42 imap(za...@badmltd.dn.ua): Debug: acl: initializing backend with data: vfile Aug 27 09:28:42 imap(za...@badmltd.dn.ua): Debug: acl: acl username = za...@badmltd.dn.ua Aug 27 09:28:42 imap(za...@badmltd.dn.ua): Debug: acl: owner = 0 Aug 27 09:28:42 imap(za...@badmltd.dn.ua): Debug: acl vfile: Global ACL directory: (null) Aug 27 09:28:46 imap(za...@badmltd.dn.ua): Debug: Namespace : Using permissions from /var/spool/vmail/domains/badmltd.dn.ua/zakaz/Maildir: mode=0700 gid=-1 Aug 27 09:28:46 imap(za...@badmltd.dn.ua): Debug: acl vfile: file /var/spool/vmail/domains/badmltd.dn.ua/zakaz/Maildir/dovecot-acl not found Aug 27 09:28:46 imap(za...@badmltd.dn.ua): Debug: maildir++: root=/var/spool/vmail/domains/badmltd.dn.ua//Maildir, index=/var/spool/vmail/domains/badmltd.dn.ua/zakaz/shared/@badmltd.dn.ua, control=, inbox=/var/spool/vmail/domains/badmltd.dn.ua//Maildir Aug 27 09:28:46 imap(za...@badmltd.dn.ua): Debug: Namespace shared//: Permission lookup failed from /var/spool/vmail/domains/badmltd.dn.ua//Maildir Aug 27 09:28:46 imap(za...@badmltd.dn.ua): Debug: Namespace shared//: Using permissions from /var/spool/vmail/domains/badmltd.dn.ua//Maildir: mode=0700 gid=-1 Thanks.
Re: [Dovecot] (Single instance) attachment storage
Some interesting reading on SHA256 checksum http://blogs.sun.com/bonwick/entry/zfs_dedup http://blogs.sun.com/darren/entry/improving_zfs_dedup_performance_via
Re: [Dovecot] nfs director
On Fri, Aug 27, 2010 at 2:59 PM, Noel Butler noel.but...@ausics.net wrote: On Fri, 2010-08-27 at 08:54 +1000, Edward avanti wrote: Halo, Please can you explain why this is advantage over a hardware load balancer. it is no advantage over a dedicated hardware solution, but director does not do the exact same thing. I fail to see advantage if anything it add in more point of failure, with i agree with this and it is why we dont use it we use dovecots deliver with postfix and have noticed no problems, not to say there was none, but if so, we dont notice it. postfix looks up the user, it determines if it accepts the mail, if it does, it queues it for mailscanner to do its stuff, then gives it back to postfix, which is then told to give it to dovecots deliver, it makes I have offlist discussion with Timo, he said help with I/O, you make good case, not more I/O intense than scanning mail, delivery just like router no sense to me that it should then be sent to another machine just to be stored on a remote file server, the same remote file server the initial server assigned that conenction by a true load balancer has mounted and would store it to as well would be miuch easier to have deliver ignore the index file by an option, eliminating the corruption risks to the index file and just storing the darm thing. or am i only one who thinks mail systems do not need to be complex to run faultlessly, I think those who feel the need to make it very complex are not only looking for trouble, but further trying to justify their position to their employer that they are indispensable. If operation is simple, is little to go wrong, when nothing go wrong, boss happy and my job safe if director service assign 60K user to each front end, how it handle if 5K simultaneous user login, but all 5K happen to be assign to that one machine, that would be rare, but, technically speaking, if you are that large in user numbers, it is a possible scenario We have 418K mailbox users Is it really worth it? Do we really need this, or just let foundry switch handle it as it does now. We also have 24 front end SMTP server, these deliver mail to netapp filer, all 24 plus 8 pop3 server and 2 webmail imap server all mount /vmail, so all access same maildir. it seem work very effective thus far and for many many Sounds similar setup to us, smtp, pop3 and webmail all mounting /var/vmail/ on a FAS2050, I've asked if it can avoid touching the index files before (see a thread as recent as a few weeks back), Timo is just not interested, to much work apparently for so little users Oh my, so i waste time talking asking him for extra switch to deliver to ignore indexing, drat. (although I never in all hte years ive been on this list, ever seen a poll taken/question asked to users - about it, plus, well, every single dovecot user is on this list, right? sarcasm anyway, mostly I guess although it has risks, it seems to work for everyone who uses NFS anyway and has done for very many years :) , maybe one day when Timo is so bored and cant think of anything to add, he will give us an option, or a dedicated deliver binary separate to normal deliver that does this) Maybe not many people here use time proven setup /rant ( but its nice to know im not the only one here who feels this way) Cheers
Re: [Dovecot] nfs director
On Fri, Aug 27, 2010 at 3:28 PM, Brandon Davidson brand...@uoregon.eduwrote: Noel, On 8/26/10 9:59 PM, Noel Butler noel.but...@ausics.net wrote: I fail to see advantage if anything it add in more point of failure, with i agree with this and it is why we dont use it we use dovecots deliver with postfix and have noticed no problems, not to say there was none, but if so, we dont notice it. We might be a slightly larger install than you (60k users, mail on FAS 3170 Metrocluster), but we have noticed corruption issues and the director is definitely going to see use in our shop. We still use Sendmail+procmail for delivery, so no issue there... but we've got hordes of IMAP users that will leave a client running at home, at their desk, on their phone, and then will use Webmail on their laptop. Sendmail and procmail? This mean you use mbox? This always bad for NFS anyway Without the director, all of these sessions end up on different backend mailservers, and it's basically a crapshoot which Dovecot instance notices a backend is not problem. it front end it where mail arrives, these are server we should be able turn off indexing, other front end type server for pop3, can have index on since no multi login allowed new message first. NFS locking being what it is, odds are an index will get corrupted sooner or later, and when this happens the user's mail 'disappears' until Dovecot can reindex it. The users inevitably freak out and call the helpdesk, who tells them to close and reopen their mail client. Maybe you're small enough to not run into problems, or maybe your users just have lower expectations or a higher pain threshold than ours. Either way, it's unpleasant for everyone involved, and quite easy to solve with the director proxy. Timo has been saying for YEARS that you need user-node affinity if you're doing NFS, and now he's done something about it. If you've already got a load balancer, then just point the balancer at a pool of directors, and then point the directors at your existing mailserver pool. shameless plug For health monitoring on the directors, check out: http://github.com/brandond/poolmon /shameless plug -Brad
[Dovecot] Is there a way to catch mailbox and message flag changes?
Guys, We have been trying to establish if there is a way to get some type of notification from Dovecot when a message is appended to a mailbox or when a message has its flags updated. These are the 2 use cases: A message is appended to the mailbox /Watch, we want to trigger processing of the message immediately it arrives. A message in the Inbox has its status changed from Unseen to Seen, we want to trigger some code to indicate the message has been processed. Regards, John
Re: [Dovecot] nfs director
Noel, On 8/26/10 11:28 PM, Noel Butler noel.but...@ausics.net wrote: I just fail to see why adding more complexity, and essentially making $9K load balancers redundant, is the way of the future. To each their own. If your setup works without it, then fine, don't use it... but I don't see why you feel the need to disparage it either. It's hardly bloat; those of us with larger installations do find it useful. IIRC it was sponsored development, and was running in production for a large ISP from the very moment it was released. -Brad
Re: [Dovecot] Can't get dovecot to see email folders
Blaster wrote: Wiki seems to think you are running an older version and therefore very little of it applies. Are you looking at the wiki for dovecot 1 or 2? At the very top of the wiki for v1 (http://wiki.dovecot.org), it tells you about the page for v2 (http://wiki2.dovecot.org/) -- Best regards, Charles
Re: [Dovecot] Can't get dovecot to see email folders
On 2010-08-26 7:34 PM, Brian Hayden b...@machinehum.com wrote: Dovecot makes the sort of thing you're talking about very easy if you familiarize yourself with namespaces first. It can overcome most of the problems caused by historical poor choices in client configuration. http://wiki2.dovecot.org/Namespaces -- Best regards, Charles
Re: [Dovecot] nfs director
On 27.8.2010, at 5.59, Noel Butler wrote:
I've asked if it can avoid touching
the index files before (see a thread as recent as a few weeks back),
You can avoid touching indexes:
protocol lda {
mail_location = maildir:~/Maildir:INDEX=MEMORY
}
But you still have the problem of dovecot-uidlist file that gets updated. Well
.. maybe you could do something ugly like:
protocol lda {
mail_location = maildir:~/Maildir:INDEX=MEMORY:CONTROL=/tmp/controls/%u
}
And then once in a while rm -rf /tmp/controls, but I don't know how badly
that'll work out. I guess it's possible that LDA even goes and scans through
the existing cur/ directory to build a new dovecot-uidlist.
Re: [Dovecot] Can't get dovecot to see email folders
On 2010-08-26 11:18 PM, Blaster blas...@556nato.com wrote: Thanks for the tip. I saw the section on converting from uw-imap, but it's still not working. I still can not get to my mail folders, other than INBOX. I think the problem goes back to Dovecot can't determine the home directory? ug 26 22:08:36 gremlin dovecot: [ID 583609 mail.debug] imap(id): Debug: Effective uid=5002, gid=6, home= I don't think home= should be blank? Yet it is trying to create .subscription files and .ima directories, but I have no clue why I can't get raw logging working. I didn't see a userdb setting in your doveconf -n output, so how are you storing/looking up users/setting the users home directory? Assuming you're using Virtual users: http://wiki2.dovecot.org/VirtualUsers -- Best regards, Charles
[Dovecot] vpopmail auth always return unknown user
Hi,
I'm working on a setup of dovecot 2 + netqmail + vpopmail 5.5 but auth
doesn't works :(
dovecot -n
# 2.0.1: /etc/dovecot/dovecot/dovecot.conf
# OS: Linux 2.6.35.1-rscloud x86_64 Ubuntu 10.04.1 LTS
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login cram-md5
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
log_path = /var/log/dovecot/dovecot.log
login_greeting = Dovecot ready.
mail_debug = yes
passdb {
driver = vpopmail
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = vpopmail
}
verbose_ssl = yes
LOG:
--
Aug 27 14:11:55 auth: Debug: client in: AUTH 1 PLAIN service=imap
secured lip=184.106.217.69 rip=178.32.33.247 lport=143 rport=33875
Aug 27 14:11:55 auth: Debug: client out: CONT 1
Aug 27 14:11:56 auth: Debug: client in: CONT 1
AHRvb3JvcEByZXNwdWJsaWNhLmZyAG11cnBoeTI1
Aug 27 14:11:56 auth: Debug:
vpopmail(too...@respublica.fr,178.32.33.247): lookup user=toorop
domain=respublica.fr
Aug 27 14:11:56 auth: Info:
vpopmail(too...@respublica.fr,178.32.33.247): unknown user
Aug 27 14:11:58 auth: Debug: client out: FAIL 1
user=too...@respublica.fr
Aug 27 14:11:58 auth: Debug: client in: AUTH 2 PLAIN service=imap
secured lip=184.106.217.69 rip=178.32.33.247 lport=143 rport=33875
resp=AHRvb3JvcEByZXNwdWJsaWNhLmZyAG11cnBoeTI1
Aug 27 14:12:02 auth: Debug:
vpopmail(too...@respublica.fr,178.32.33.247): lookup user=toorop
domain=respublica.fr
Aug 27 14:12:02 auth: Info:
vpopmail(too...@respublica.fr,178.32.33.247): unknown user
Aug 27 14:12:04 auth: Debug: client out: FAIL 2
user=too...@respublica.fr
-
./vuserinfo too...@respublica.fr
name: toorop
passwd: $1$sOC22F4C$8.ciZmdTZkNnFLFB8EsZm0
clear passwd: clearpass
comment/gecos: toorop
uid:1
gid:0
flags: 0
gecos: toorop
limits: No user limits set.
dir: /home/vpopmail/domains/respublica.fr/toorop
quota: NOQUOTA
usage: 0% (8487 byte(s) in 3 file(s))
Any idea ?
Thanks.
--
Toorop
«Ils ne savaient pas que c'était impossible, alors ils l'ont fait.»
Mark Twain
[Dovecot] LDAP static userdb
hi..
im just testing 2.0 before upgrading to v1.2 :)
in auth-ldap.conf.ext i found
# If you don't have any user-specific settings, you can avoid the userdb LDAP
# lookup by using userdb static instead of userdb ldap, for example:
# doc/wiki/UserDatabase.Static.txt
#userdb {
#driver = static
#args = uid=vmail gid=vmail home=/var/vmail/%u
#}
On 1.2 im using LDAP lookup and everthing works like a charm.
user_attrs = homeDirectory=home,uid=mail=maildir:/home/MAILBOXES/%$/mail
On 2.0 is now tried to use this option cause all my mail are stored in
/home/MAILBOXES/%uid/mail
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/mail
}
and that doesnt work
log say:
dovecot: imap(hpeter): Error: user hpeter: Initialization failed:
mail_location not set and autodetection failed: Mail storage
autodetection failed with home=/home/MAILBOXES/hpeter/mail
Hans
Re: [Dovecot] LDAP static userdb
no idea if it matters but
the static userdb sets only the home=.
is it possible to set home= and mail=
because both souldnt be the same as Timo mentioned a few days ago
2010/8/27 spamv...@googlemail.com:
hi..
im just testing 2.0 before upgrading to v1.2 :)
in auth-ldap.conf.ext i found
# If you don't have any user-specific settings, you can avoid the userdb LDAP
# lookup by using userdb static instead of userdb ldap, for example:
# doc/wiki/UserDatabase.Static.txt
#userdb {
#driver = static
#args = uid=vmail gid=vmail home=/var/vmail/%u
#}
On 1.2 im using LDAP lookup and everthing works like a charm.
user_attrs = homeDirectory=home,uid=mail=maildir:/home/MAILBOXES/%$/mail
On 2.0 is now tried to use this option cause all my mail are stored in
/home/MAILBOXES/%uid/mail
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/mail
}
and that doesnt work
log say:
dovecot: imap(hpeter): Error: user hpeter: Initialization failed:
mail_location not set and autodetection failed: Mail storage
autodetection failed with home=/home/MAILBOXES/hpeter/mail
Hans
Re: [Dovecot] LDAP static userdb
ive added args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/ mail=/home/MAILBOXES/%u/mail and it work. Im not really sure about the hole LDAP thing :) my conf: uris = ldaps://ldap.example.org:636 dn = cn=dovecot server,ou=people,ou=Server,dc=example,dc=org dnpass = hiddenpw auth_bind = yes ldap_version = 3 base = dc=example,dc=org scope = subtree user_attrs = homeDirectory=home,uid=mail=maildir:/home/%$/mail user_filter = ((objectClass=gosaMailAccount)(|(mail=%u)(gosaMailAlternateAddress=%u)(uid=%u))) pass_attrs = uid=user,userPassword=password pass_filter = ((objectClass=gosaMailAccount)(uid=%u)) (yea on 1.2 my home was /home/%uid but that suxx and i want to move it to /home/MAILBOXES/%uid) 1) I have a user that can read the PW so i dont need auth_bind = yes, right? 2) user_* and pass_* i dont need them anymore cause its always: home=/home/MAILBOXES/%u/ mail=/home/MAILBOXES/%u/mail 2010/8/27 Mihajlin Evgenij skywor...@ooobadm.dp.ua: В сообщении от 27 августа 2010 17:32:04 автор spamv...@googlemail.com написал: log say: dovecot: imap(hpeter): Error: user hpeter: Initialization failed: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/MAILBOXES/hpeter/mail may be try to set into 10-mail.conf or in namespace private (if you have such) mail_localtion = ~/Maildir
[Dovecot] doveadm expunge -A mailbox Trash savedbefore 30d
In the shell: ,doveadm(root): Error: User listing returned failure,doveadm: Error: Failed to iterate through some users In the log: dovecot: auth: Error: sql: Iterate query failed: Table 'mail.users' doesn't exist (using built-in default iterate_query: SELECT username, domain FROM users) Why is dovecot trying to select username, domain from users when the service auth is setup to select homedir, maildir, sieve_dir, from MAILBOXES the same with the password query except for selecting password from mail.mailboxes. The expire dictionary is EXACTLY like the example you posted in the wiki2. I can't remember whether I posted this thread before or not; I remember writing it two days ago but I'm not sure if I sent it as I can't find it in this mailing lists folder. Jerrale G. SC Senior Admin
Re: [Dovecot] vpopmail auth always return unknown user
On Fri, 27 Aug 2010 16:15:42 +0200, Toorop too...@toorop.fr wrote:
Hi,
I'm working on a setup of dovecot 2 + netqmail + vpopmail 5.5 but
auth doesn't works :(
dovecot -n
# 2.0.1: /etc/dovecot/dovecot/dovecot.conf
# OS: Linux 2.6.35.1-rscloud x86_64 Ubuntu 10.04.1 LTS
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login cram-md5
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
log_path = /var/log/dovecot/dovecot.log
login_greeting = Dovecot ready.
mail_debug = yes
passdb {
driver = vpopmail
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = vpopmail
}
verbose_ssl = yes
dovecot -n is very very simplistic
thanks more work itself
Re: [Dovecot] doveadm expunge -A mailbox Trash savedbefore 30d
On 27.08.2010 17:16, wrote Jerrale G: In the shell: ,doveadm(root): Error: User listing returned failure,doveadm: Error: Failed to iterate through some users In the log: dovecot: auth: Error: sql: Iterate query failed: Table 'mail.users' doesn't exist (using built-in default iterate_query: SELECT username, domain FROM users) Why is dovecot trying to select username, domain from users when the service auth is setup to select homedir, maildir, sieve_dir, from MAILBOXES the same with the password query except for selecting password from mail.mailboxes. The expire dictionary is EXACTLY like the example you posted in the wiki2. I can't remember whether I posted this thread before or not; I remember writing it two days ago but I'm not sure if I sent it as I can't find it in this mailing lists folder. Jerrale G. SC Senior Admin You need to adjust iterate_query setting in /etc/dovecot/dovecot-sql.conf.ext to your needs See also: http://wiki2.dovecot.org/Tools/Doveadm/Expunge?highlight=(iterate_query)
Re: [Dovecot] (Single instance) attachment storage
On 8/24/2010 4:35 PM, Timo Sirainen wrote: On 24.8.2010, at 23.16, Ed W wrote: At the moment I would claim that you are just automatically generating a very complicated filename. If you never trust your hash then you might as well instead simply use one of the existing GUID algorithms, if you trust your hash then you use that. I don't really see the point of a halfway house really? Oh and this current scheme of hash-guid + hashes/hash hard linking is required in any case to keep track of reference counting. Unconditionally trusting the hash wouldn't make it any simpler. With key-value databases you'd have to figure out some other way to keep track of how many references there are to the attachment. Can you append some trivial information from the data file to the hash in generating the file name to help ensure uniqueness? Like filesize, mimetype, and/or date? -- Daniel
Re: [Dovecot] (Single instance) attachment storage
On 8/24/2010 4:19 PM, Timo Sirainen wrote: It depends on your configuration.. The attachment directory is a setting. I was thinking that it it would typically be the same for all users, so if you have two filesystems, you'd need to decide which one will have the /attachments directory. Dunno if I can come up with a use case immediately, but I'll bet someone will. Would making the attachments folder a userdb option be a pain? -- Daniel
Re: [Dovecot] dovecot - mac firewall problem
Patrick Fay put forth on 8/26/2010 10:21 PM: Hi, I am running dovecot 1.2.11 on mac osx 1.5.8. Everything works perfectly with the application-level firewall off, but enabling the application firewall prevents dovecot connections. I have tried explicitly authorizing dovecot in the firewall, but it does not work. I have searched everywhere I can think of to look, and haven't found a solution, but have seen a couple other reports of what seems to be the same problem. The firewall logs the activity with what looks like a corrupt process name: a typical appfirewall.log entry looks like: Aug 26 20:43:45 hostname Firewall[55]: Deny ^L connecting from XX.XX.XX.XX:37310 uid = 0 proto=6 Aug 26 20:43:53 hostname Firewall[55]: Deny ^H�^U���^Z connecting from XX.XX.XX.XX:37310 uid = 0 proto=6 Aug 26 20:44:09 hostname Firewall[55]: Deny ^L connecting from XX.XX.XX.XX:37310 uid = 0 proto=6 Aug 26 20:44:34 hostname Firewall[55]: Deny ^L connecting from XX.XX.XX.XX:37312 uid = 0 proto=6 Aug 26 20:44:45: --- last message repeated 6 times --- where hostname is my server name and the XX's are my client's IP address. For all of the other services I've used, the process name (e.g. dovecot) should appear after Deny when blocking traffic, instead of the funny characters. Any advice on how I could resolve this issue would be greatly appreciated. Thanks! The application level firewall in OSX is aimed at _client_ use, not server use. It's similar to Novell's AppArmor, etc. Leave it turned off. Simply because a piece of software (in this case an OS) offers any given option does not mean every system needs it. Can you offer a compelling reason why you _need_ the OSX application level firewall enabled? Please point us to documentation that advises using it for any of your services/daemons. -- Stan
[Dovecot] (no subject)
Hi,
I'd like to use Global ACLs to limit user's access to individual folders (e.g.
read only).
The dovecot-acl file limiting my user test:
user=test lr
works fine when I put it into the user's mailbox
/home/vmail/test/Maildir/.Records
but gets ignored in
/etc/dovecot/acls/Records
Bellow is my dovecot -n output:
# 2.0.0: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-194.11.1.el5 i686 CentOS release 5.5 (Final)
auth_master_user_separator = *
auth_mechanisms = plain ntlm
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
mail_plugins = acl
passdb {
args = /etc/dovecot/users
driver = passwd-file
}
plugin {
acl = vfile:/etc/dovecot/acls
}
protocols = imap
userdb {
args = uid=vmail gid=vmail home=/home/vmail/%u allow_all_users=yes
driver = static
}
protocol imap {
mail_plugins = $mail_plugins imap_acl
}
Any help will be appreciated.
Thanks, Alex
Re: [Dovecot] pigeonhole needs to ship doc/man/{reporting-bugs.inc, sed.sh}
Paul Howarth wrote:
A tarball created from current pigeonhole hg using make dist doesn't
include the files doc/man/{reporting-bugs.inc,sed.sh} and fails to
build as a result. Attached patch works for me.
Paul
Fixed:
http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/241651833da4
Regards,
Stephan.
Re: [Dovecot] Roff typo in sievec.1.in
Mike Abbott wrote: There is a roff typo in pigeonhole's sievec.1.in. Roff treats the leading apostrophe on line 54 as an invalid command and produces bad output: dump to be written to stdout. The out-file argument may also be omitted, which has the same effect as for a com- piled Sieve binary file. Note that this option is not The output should be: dump to be written to stdout. The out-file argument may also be omitted, which has the same effect as '-'. The output is identical to what the sieve-dump(1) command pro- duces for a compiled Sieve binary file. Note that this Here is a patch Applied: http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/5f800639ee17 Thanks! Regards, Stephan.
[Dovecot] MainConfig for dovecot 2.0
Hey, for dovecot 1.2 there is a very good reference page for all options. http://wiki.dovecot.org/MainConfig is there a reference for dovecot 2.0 in the new wiki? If not, when will be this page online? Thanks a lot. -- Gruß Sascha
Re: [Dovecot] vpopmail auth always return unknown user
On Fri, 27 Aug 2010 16:15:42 +0200, Toorop too...@toorop.fr wrote:
Hi,
I'm working on a setup of dovecot 2 + netqmail + vpopmail 5.5 but
auth doesn't works :(
dovecot -n
# 2.0.1: /etc/dovecot/dovecot/dovecot.conf
# OS: Linux 2.6.35.1-rscloud x86_64 Ubuntu 10.04.1 LTS
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login cram-md5
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
log_path = /var/log/dovecot/dovecot.log
login_greeting = Dovecot ready.
mail_debug = yes
passdb {
driver = vpopmail
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = vpopmail
}
verbose_ssl = yes
you send my dovecot -n for inspiration
consult the archive of the ml
it's full documented
[r...@r13151 ~]# /usr/sbin/dovecot -n
# 2.0.0: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32.2--grs-ipv4-32 i686 CentOS release 5.5 (Final)
auth_mechanisms = plain login
base_dir = /var/run/dovecot/
listen = [::]
log_path = /var/log/maillog
log_timestamp = %Y-%m-%d %H:%M:%S
login_log_format_elements = user=%u method=%m rip=%r lip=%l %c
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = comparator-i;octet
comparator-i;ascii-casemap fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex
imap4flags copy include variables body enotify environment mailbox date
spamtest spamtestplus virustest
passdb {
driver = pam
}
plugin {
plugin = autocreate managesieve sieve
sieve = ~/.dovecot.sieve
sieve_before = /var/sieve-scripts/roundcube.sieve
sieve_dir = ~/sieve
sieve_global_path = whatever
}
protocols = sieve imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-master {
mode = 0666
}
vsz_limit = 256
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
address = *
port = 993
}
process_limit = 128
vsz_limit = 64
}
service managesieve-login {
inet_listener managesieve-login {
address = *
port = 2000
}
process_limit = 128
vsz_limit = 64
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
address = *
port = 995
}
process_limit = 128
vsz_limit = 64
}
ssl_ca = /etc/pki/tls/certs/root.crt
ssl_cert = /etc/pki/tls/certs/r13151.ovh.net.crt
ssl_key = /etc/pki/tls/private/r13151.ovh.net.key
ssl_verify_client_cert = yes
userdb {
driver = passwd
}
version_ignore = yes
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
imap_max_line_length = 65536
mail_plugins = autocreate
}
protocol pop3 {
mail_plugins = autocreate
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
}
protocol lda {
hostname = r13151.ovh.net
mail_plugins = autocreate sieve
postmaster_address = postmas...@fakessh.eu
sendmail_path = /usr/lib/sendmail
}
protocol sieve {
managesieve_implementation_string = dovecot
managesieve_logout_format = bytes ( in=%i : out=%o )
managesieve_max_line_length = 65536
}
Re: [Dovecot] nfs director
On Fri, 2010-08-27 at 04:04 -0700, Brandon Davidson wrote: To each their own. If your setup works without it, then fine, don't use it... but I don't see why you feel the need to disparage it either. It's I'll some it up put well by someone who mailed me offlist... mx-in-1 gets the connection, postfix looks up user in mysql, mysql says hey i know him posfix says to sender send away, then, postfix applies its filters/clamav/spamassassin,(so by now all the REAL hard work has been done) so now postfix says OK dovecot-lda here it is so you can deliver to the NFS mounted dir, but WAIT says dovecot-lda, my director says no i'm not the driveway you want, pop over and drive in using to mx-in-2, so that server then gets it and whatever else it wants to do with it now before giving it off to hte same NFS server that mx-in-1 had.. now., this might not be so funny when you have two boxes, but if you have many, or 20 or so like the OP... *shakes head* All they are doing FFS is passing it along. regardless of if mx-in-2 does anything else with it, it seems kinda strange and very backward routing mail to another server, just to deliver on yet another device, double handling comes to mind, even if it doesnt rescan msg and go through all the filters again, its still an unnecessary step to send it to another box, just to be stored on, yet another... I'd like someone to sanely justify that to me. hardly bloat; those of us with larger installations do find it useful. IIRC I dont know how large your operation is, but I suspect my 118K mailbox's and yours together still dont match the OP's 400K And anything that adds to requirements of a server that is not needed in other aspects, is bloat, maybe some setups this is fine, I can not justify modifying mine to include extra points of failure when it all works fine. If it becomes a problem all I need to do is modify all MTA postfix main.cf's to not use dovecot as virtual delivery, thats commenting out one single line, thats it, (tested already), the only difference is postfix is still in dark ages and uses Maildir, not Maildir++, but that is hardly a problem :) ah well, its the weekend, so i'm out of this madness now for a few days.
[Dovecot] OT list modification Re: nfs director
I dont think we are living in the 19th century now, I think its time for the html to txt conversion to be scrapped, its screwed up the paragraph formatting ( and few other things in recent times I've seen) more than once, making it look like an a5 size book page. how about it? On Sat, 2010-08-28 at 13:11 +1000, Noel Butler wrote: On Fri, 2010-08-27 at 04:04 -0700, Brandon Davidson wrote: To each their own. If your setup works without it, then fine, don't use it... but I don't see why you feel the need to disparage it either. It's I'll some it up put well by someone who mailed me offlist... mx-in-1 gets the connection, postfix looks up user in mysql, mysql says hey i know him posfix says to sender send away, then, postfix applies its filters/clamav/spamassassin,(so by now all the REAL hard work has been done) so now postfix says OK dovecot-lda here it is so you can deliver to the NFS mounted dir, but WAIT says dovecot-lda, my director says no i'm not the driveway you want, pop over and drive in using to mx-in-2, so that server then gets it and whatever else it wants to do with it now before giving it off to hte same NFS server that mx-in-1 had.. now., this might not be so funny when you have two boxes, but if you have many, or 20 or so like the OP... *shakes head* All they are doing FFS is passing it along. regardless of if mx-in-2 does anything else with it, it seems kinda strange and very backward routing mail to another server, just to deliver on yet another device, double handling comes to mind, even if it doesnt rescan msg and go through all the filters again, its still an unnecessary step to send it to another box, just to be stored on, yet another... I'd like someone to sanely justify that to me. hardly bloat; those of us with larger installations do find it useful. IIRC I dont know how large your operation is, but I suspect my 118K mailbox's and yours together still dont match the OP's 400K And anything that adds to requirements of a server that is not needed in other aspects, is bloat, maybe some setups this is fine, I can not justify modifying mine to include extra points of failure when it all works fine. If it becomes a problem all I need to do is modify all MTA postfix main.cf's to not use dovecot as virtual delivery, thats commenting out one single line, thats it, (tested already), the only difference is postfix is still in dark ages and uses Maildir, not Maildir++, but that is hardly a problem :) ah well, its the weekend, so i'm out of this madness now for a few days.
Re: [Dovecot] OT list modification Re: nfs director
On 8/27/10 11:15 PM, Noel Butler wrote: I dont think we are living in the 19th century now, I think its time for the html to txt conversion to be scrapped, its screwed up the paragraph formatting ( and few other things in recent times I've seen) more than once, making it look like an a5 size book page. how about it? Oh right, the 20th century is the century of protocol abuse for people who think everything on the network should be a web page, and everything on the net should be accessed with a web browser. If this change is made, I for one will ditch this list and just rely on searching the archives. I get enough HTML garbage from clueless morons all day long, I don't need more of it from a supposedly clueful group. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] OT list modification Re: nfs director
Dave McGuire put forth on 8/27/2010 10:43 PM: If this change is made, I for one will ditch this list and just rely on searching the archives. I get enough HTML garbage from clueless morons all day long, I don't need more of it from a supposedly clueful group. I use 'mailnews.display.prefer_plaintext;true' and I never see HTML formatted emails. Once this feature started working reliably (years ago) in Thunderbird, I stopped posting complaints such as yours to the lists I participate in. At one point I was a text-only zealot like you. MUA technology solved the problem for me. You might try it. :) There will be no HTML everywhere conversion in the future. The internet and the web are both built upon RFCs. There is even an RFC defining the format of RFCs. They are to be plain text only, formatted with exactly x columns and rows per page, fixed 10 point type, courier--ASCII. If the HTML zealots ever attempt an overthrow of the net, the Sun will go supernova and destroy the Earth, and there will be no one left to worry about it. So feel safe in knowing that text only will survive forever in many corners of the web, and the world. :) -- Stan
