[Dovecot] dovecot + LDAP-SASL ?
Hi, just a question: I know that dovecot supports SASL authentication and supports LDAP. Which means that dovecot performs the SASL methods itself and stores the plaintext secret on LDAP. But it is also possible to have the LDAP do the SASL work and dovecot just pass SASL messages through? Even when the LDAP server uses a proprietary SASL method not supported by dovecot? regards Hadmut
Re: [Dovecot] dovecot + LDAP-SASL ?
Hi Hadmut,
You can keep crypted passwords in LDAP also. See man (8) slappasswd:
-h scheme
If -h is specified, one of the following RFC 2307 schemes may be
specified: {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. The
default is {SSHA}.
Note that scheme names may need to be protected, due to { and },
from expansion by the user's command interpreter.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), the lat-
ter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the latter
with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should be added to
userPassword as clear text.
Tuesday, August 7, 2007, 9:38:20 AM, you wrote:
Hi,
just a question:
I know that dovecot supports SASL authentication and supports LDAP.
Which means that dovecot performs the SASL methods itself and stores the
plaintext secret on LDAP.
But it is also possible to have the LDAP do the SASL work and dovecot just
pass SASL messages through? Even when the LDAP server uses a proprietary
SASL method not supported by dovecot?
regards
Hadmut
--
Sergey
Re: [Dovecot] Subfolders
Hello Azher, Azher Amin, 05.08.2007 (d.m.y): Thnx for the replies. I am using 1.0.2 and mbox, but from which option you choose that this folder will have subfolders or will it contain only files ?? I used the New SubFolder Option. Our mail server is running with mbox files. Whenever I want to create a folder that is designated to contain subfolders, its (the folder's) name needs to end with a trailing slash. Tested with Thunderbird and Outlook. Gruss/Regards, Christian Schmidt -- No violence, gentlemen -- no violence, I beg of you! Consider the furniture! -- Sherlock Holmes
Re: [Dovecot] dovecot + LDAP-SASL ?
On Tue, 2007-08-07 at 08:38 +0200, Hadmut Danisch wrote: Hi, just a question: I know that dovecot supports SASL authentication and supports LDAP. Which means that dovecot performs the SASL methods itself and stores the plaintext secret on LDAP. But it is also possible to have the LDAP do the SASL work and dovecot just pass SASL messages through? Even when the LDAP server uses a proprietary SASL method not supported by dovecot? For plaintext authentication you can use authentication binds and have the password stored on LDAP side in any way you want. For non-plaintext authentication Dovecot needs the secret in plaintext or some other specific format. LDAP doesn't support SASL forwarding. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Ideas for Webmail/OTP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 23 Jul 2007, Frank Behrens wrote: Solution 1: When PAM is configured for IMAP the user can use a one-time-password in the same way as before. The problem is, that the user must know the sequence number for the password (otp challenge), so we need a way to display it. The PAM module supplies the otp challenge in the conversation function, but the challenge is not processed by the IMAP server. My proposal: The IMAP server stores the challenge from the conversation function and includes it in the LOGIN response, when the login was not successful. So a user can try a login with a wrong dummy password and get knowlegdge about the current otp sequence. You mean, the client issues LOGIN (with a dummy password), because Dovecot needs to aquire the OTP challenge first, this LOGIN attempt is failed, but the username can be used to aquire the OTP challenge. It is reported back, via the LOGIN failure string and, secondly, another LOGIN attempt is sent, this time with the same username and a real password. I guess, you'll need to tweak the webmail interface a bit, that this sequence is working well. There are time-related OTPs, where the sequence number is derived from the current time. When a client tries a logon, the server calculates plenty of OTPs in the near of the current time and adjust itself to the client, in case the device's clock is running too slow or fast. I would say, this kind is more suitable for this purpose. However, one requires some sort of electronical device for it. Solution 2: Webmail clients do not use persistent connections in most cases. A OTP login needs different passwords for every displayed web page. My proposal: Use dovecot's login cache and do not ask the os for every login. :-) This will definitely a must then. Solution 3: My proposal: Create a new IMAP command XSETREMOTEIP. With this IMAP extension a client can set the real IP address of remote client. The access to this command is restricted to the webserver with a new configuration parameter trusted clients, which holds an IP address with mask. Hmm, any clients accessing webmail via the same proxy or from the same NATed organisation will use the same IP, dial-up IPs switch the users more often than anything else. I don't think that restricting by IPs you have no knowlegde about is save. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRrgspy9SORjhbDpvAQIJmAgA06boNvZrFTS4kNyky6ywUiYv9CHu99tI GT4iQNezyZz0PensPgGJp6ZAJGDdlAZ1ZxWBth1JCvpVZSBCwnbmbEbWnYtCi9OR v/eynzRFta/11nFy0+AB1Pf2BuoFFPtXy+hC6DnpPcLutD4Q+bvm3Kqdry72PmyQ lBUg8TxTwuDZ0sY0TTAP6VaJCmTG1RvnC5dZp4f6C3yN7kwXbcgS1rkHGr8V6Frs z9ZXMkRYUCpG/ufCQqFB9YTAAOxWM8DrKsmQZNClmkypc+q+v0w11BfcF6SK7v9I cdQqSca7AmXR4q2UYoyvAGGn7rF0cDJJXKI0iQWfWr2nchnx0/PoUA== =wZxi -END PGP SIGNATURE-
Re: [Dovecot] NFS rquota support
Le 06.08.2007 18:08, Timo Sirainen a écrit : So both http://hg.dovecot.org/dovecot/rev/078d9dde99c8 and http://hg.dovecot.org/dovecot/rev/abec53314897 are needed to have rquota support with 1.0.x or is there anything else ? Thanks -- Nico
Re: [Dovecot] NFS rquota support
On Tue, 2007-08-07 at 10:29 +0200, Nicolas STRANSKY wrote: Le 06.08.2007 18:08, Timo Sirainen a écrit : So both http://hg.dovecot.org/dovecot/rev/078d9dde99c8 and http://hg.dovecot.org/dovecot/rev/abec53314897 are needed to have rquota support with 1.0.x or is there anything else ? http://hg.dovecot.org/dovecot/rev/0dda1f746d63 also. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] A few dovecot 1.1 bugs - sort, flag reset and etc.
On Sat, 2007-08-04 at 11:25 -0400, wenjie zheng wrote: BUG #2: Some flags are reset after they were set a while ago, like messages that has been read are randomly becoming unread again. Fixed: http://hg.dovecot.org/dovecot/rev/65e12fa51d4d signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Ideas for Webmail/OTP
Steffen Kaiser [EMAIL PROTECTED] wrote on 7 Aug 2007 10:26: You mean, the client issues LOGIN (with a dummy password), because Dovecot needs to aquire the OTP challenge first, this LOGIN attempt is failed, but the username can be used to aquire the OTP challenge. It is reported back, via the LOGIN failure string and, secondly, another LOGIN attempt is sent, this time with the same username and a real password. Yes, this was my intention. I guess, you'll need to tweak the webmail interface a bit, that this sequence is working well. It's easy: If a login fails the webmailer has to write an error message in any case. Simply include the IMAP error response. There are time-related OTPs, where the sequence number is derived from the current time. When a client tries a logon, the server calculates plenty of OTPs in the near of the current time and adjust itself to the client, in case the device's clock is running too slow or fast. Of course, this is more sophisticated and more expensive. My proposol uses OPIE - One- time Passwords In Everything. But remember: With my proposal you use always the login configuration from operating system. If you have a pam module for an electronic one-time password generator you can use it with IMAP and webmail without additional changes in IMAP- or webmail-server. Solution 3: My proposal: Create a new IMAP command XSETREMOTEIP. With this IMAP extension a client can set the real IP address of remote client. The access to this command is restricted to the webserver with a new configuration parameter trusted clients, which holds an IP address with mask. Hmm, any clients accessing webmail via the same proxy or from the same NATed organisation will use the same IP, dial-up IPs switch the users more often than anything else. I don't think that restricting by IPs you have no knowlegde about is save. I meant it inversely. You can allow the usage of normal passwords for all IMAP and webmail clients in local network and restrict external clients to OTP. With pam configuration you make this decision for all logins (ssh, ftp), not only for IMAP with dovecot. Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.
Re: [Dovecot] OT: Re: Ideas for Webmail/OTP
On Tue, 2007-08-07 at 11:54 +0200, Steffen Kaiser wrote: configuration from operating system. If you have a pam module for an electronic one-time password generator you can use it with IMAP and webmail without additional changes in IMAP- or webmail-server. without additional changes Then no change would be required in Dovecot ;-) Well, http://hg.dovecot.org/dovecot/rev/a9c934833374 signature.asc Description: This is a digitally signed message part
[Dovecot] Dovecot 1.0.3: mbox problems for newly created users
Hi, I am having problems with Dovecot 1.0.3 and Thunderbird 2.0.0.6 when using a new user account without any mbox files present. Directory /home/$user/.imap_mail/ does not exist when Thunderbird first tries to login using IMAP to the account. On login this directory is created with a zero byte Trash file and .subscriptions containing string Trash, so far, so good. Now I create a new message in Thunderbird and save it as draft. A zero byte file Drafts is created in /home/$user/.imap_mail/ but the message I wanted to save got _lost_, /home/$user/.imap_mail/Drafts stays at zero bytes. The next message I try to save as draft finds its way to the Drafts mbox however. Please note that no /home/$user/.imap_mail/inbox has been created although a inbox is shown in Thunderbird. When I move the saved message from Drafts to the inbox folder shown in Thunderbird, it gets saved in /var/mail/$user instead of /home/$user/.imap_mail/inbox, I guess this is due to the use of the mbox_snarf plugin, right? /home/$user/.imap_mail/inbox is the maildrop for Exim, which handles incoming mails, but in this scenario the user did not receive any emails yet. If I manually create /home/$user/.imap_mail/inbox, then moving a message from Drafts to the Thunderbird-displayed inbox works. How to fix this problem? Especially messages getting lost is really bad because I am in the process of changing our mail server setup from Exim/UW-Imapd to Exim/Dovecot, where I have to move 100+ /var/mail/$user mbox files to /home/$user/.imap_mail/inbox. But when Dovecot can not properly save files to previous non-existing mbox files, like Drafts, this is really a problem. Greetings, Bernd Kuhls PS: Here are the Dovecot settings: # dovecot -n # 1.0.3: /etc/dovecot/dovecot.conf log_path: /var/log/dovecot/dovecot.main log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_extra_groups: mail mail_location: mbox:~/.imap_mail:INBOX=/var/mail/%u:INDEX=/var/mail/indexes/%u mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mbox_snarf mail_plugins(imap): quota imap_quota mbox_snarf mail_plugins(pop3): mbox_snarf mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(imap): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(pop3): outlook-idle pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv auth default: passdb: driver: pam userdb: driver: passwd plugin: quota: fs mbox_snarf: ~/.imap_mail/inbox
Re: [Dovecot] NFS rquota support
Le 07.08.2007 10:36, Timo Sirainen a écrit : On Tue, 2007-08-07 at 10:29 +0200, Nicolas STRANSKY wrote: Le 06.08.2007 18:08, Timo Sirainen a écrit : So both http://hg.dovecot.org/dovecot/rev/078d9dde99c8 and http://hg.dovecot.org/dovecot/rev/abec53314897 are needed to have rquota support with 1.0.x or is there anything else ? http://hg.dovecot.org/dovecot/rev/0dda1f746d63 also. OK, thanks for the answer, but unfortunately, these don't apply well to 1.0.3.. -- Nico
[Dovecot] v1.1.alpha2 released
http://dovecot.org/releases/1.1/alpha/dovecot-1.1.alpha2.tar.gz http://dovecot.org/releases/1.1/alpha/dovecot-1.1.alpha2.tar.gz.sig Hopefully the next release can be v1.1.beta1. I'm not aware of any major problems and I think I'm pretty much done with new features (except for dbox). The largest changes since alpha1: * Removed THREAD indexing. It's a bit buggy and I think there's a better chance of releasing a bugfree v1.1 soon if it's not included. I'll fix it after v1.1. * Removed THREAD=X-REFERENCES2 also because it wasn't as easy to implement with the old threading code. I might put this back though if there's enough interest. * PAM always works in blocking=yes mode now. If you have problems with memory leaks, change auth_worker_max_request_count setting. + Filesystem quota backend supports inode limits, group quota and RPC quota for NFS. + SEARCH and SORT finally compare all characters case-insensitively. We use i;unicode-casemap algorithm. + Config files support splitting values to multiple lines with \ + Winbind NTLM and GSS-SPNEGO mechanism patches by Dmitry Butskoy. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot + LDAP-SASL ?
Timo Sirainen wrote: For plaintext authentication you can use authentication binds and have the password stored on LDAP side in any way you want. For non-plaintext authentication Dovecot needs the secret in plaintext or some other specific format. LDAP doesn't support SASL forwarding. Neither one doesn't help in this particular case. I need to port a proprietary, non-publish one time password authentication method (not compatible with opie/skey) from older software into SASL or LDAP, to make it available for several unix applications. The current plan is to implement a plugin for cyrus-sasl which is used by most sasl-aware applications, and thus to have the openldap server accept sasl authentication for those applications which allow to authenticate against an LDAP server, not just with plaintext passwords, but with SASL as well. As far as I know dovecot does (or version 1.1) will support SASL methods, but does implement them itself, so does not work with a cyrus-sasl plugin and does not work against an LDAP server. Since SASL authentication is implemented as a communication protocol passing opaque byte sequences between client and servers, the idea was whether dovecot could act like a SASL proxy, i.e. passing the SASL traffic between the IMAP client on one side and the LDAP server on the other side just through without touching it and waiting for the result of the authentication process. A second method intended to be implemented is to pass web authentication (e.g. if a user authenticatis with SSL client certificates over HTTPS) through webserver - webmailer - IMAP Server -Authentication database which could also be implemented as a SASL plugin. Therefore would be nice to have a SASL pass through without the need to modify dovecot or teach dovecot new authentication methods regards Hadmut
[Dovecot] Maildir Skeleton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm setting up a new mailserver with postfix and Dovecot. I'd like to prepare a skeleton for the users maildir to create i.e. a spam folder and a sieve file per default. Is there any chance to realize this with dovecot? Regards Sebastian - -- Sebastian Ganschow Königsberger Str. 17 45770 Marl Germany Phone: +49 2365 9 24 96 76 Mobile: +49 172 2 47 41 44 Mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuGdvKWhY+QthhLYRArCQAKCKLAaWetcu84vqnlr+a31K1qhKNgCfVtGL 71lFFadsY+9U1vIdNdhIcZE= =biAm -END PGP SIGNATURE-
Re: [Dovecot] Latest 1.1 tree build failure
On Tue, 2007-08-07 at 07:23 -0500, David Favor wrote: Suggestions of how to fix this? mkdir -p /build/work/dovecot-1.1-alpha1 cd /build/work/dovecot-1.1-alpha1 export LDFLAGS='-L/common/pkgs/sqlite-3.4.1.1/lib64 -R/common/pkgs/sqlite-3.4.1.1/lib64' export CPPFLAGS='-pipe -O2 -I/common/pkgs/sqlite-3.4.1.1/include' unset CDPATH make distclean ./configure --prefix=/common/pkgs/dovecot-1.1-alpha1 --disable-nls --disable-ipv6 --with-db --with-sql=plugin --with-sqlite --with-mysql --with-postgresql --with-ssl=openssl --with-ssldir=/etc/pki/dovecot --with-notify=inotify --with-ioloop=epoll --without-vpopmail --with-ldap=plugin --without-gssapi make ... ... ... mv -f .deps/auth-master-listener.Tpo .deps/auth-master-listener.Po make[3]: *** No rule to make target `auth-module.o', needed by `dovecot-auth'. Stop. I guess you're trying to build from hg and not the real alpha1 tarball? auth-module.c was just removed, so it sounds like you have a problem with updating dependencies.. Try deleting the whole source tree and starting from a new one. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] NFS rquota support
Sorry to be so clueless, but all the activity about rquotad drives me to admit my puzzlement (or ignorance)... I run rquotad on my mail server that also runs DCrquotad is used by the other 3 hosts (a login/FTP server, a mailing list server and a user mgmnt server) that NFS mount the folder and inbox filesystem...which are under filesystem quota on the mail server where they are physically resident. AFAIK it is not queried on the mail server...after all, filesystem quota is running there. How/why does DC need/use rquotad? Timo Sirainen wrote: On Tue, 2007-08-07 at 10:29 +0200, Nicolas STRANSKY wrote: Le 06.08.2007 18:08, Timo Sirainen a écrit : So both http://hg.dovecot.org/dovecot/rev/078d9dde99c8 and http://hg.dovecot.org/dovecot/rev/abec53314897 are needed to have rquota support with 1.0.x or is there anything else ? http://hg.dovecot.org/dovecot/rev/0dda1f746d63 also. -- Stewart Dean, Unix System Admin, Henderson Computer Resources Center of Bard College, Annandale-on-Hudson, New York 12504 [EMAIL PROTECTED] voice: 845-758-7475, fax: 845-758-7035
Re: [Dovecot] Latest 1.1 tree build failure
Timo Sirainen wrote: On Tue, 2007-08-07 at 07:23 -0500, David Favor wrote: Suggestions of how to fix this? mkdir -p /build/work/dovecot-1.1-alpha1 cd /build/work/dovecot-1.1-alpha1 export LDFLAGS='-L/common/pkgs/sqlite-3.4.1.1/lib64 -R/common/pkgs/sqlite-3.4.1.1/lib64' export CPPFLAGS='-pipe -O2 -I/common/pkgs/sqlite-3.4.1.1/include' unset CDPATH make distclean ./configure --prefix=/common/pkgs/dovecot-1.1-alpha1 --disable-nls --disable-ipv6 --with-db --with-sql=plugin --with-sqlite --with-mysql --with-postgresql --with-ssl=openssl --with-ssldir=/etc/pki/dovecot --with-notify=inotify --with-ioloop=epoll --without-vpopmail --with-ldap=plugin --without-gssapi make ... ... ... mv -f .deps/auth-master-listener.Tpo .deps/auth-master-listener.Po make[3]: *** No rule to make target `auth-module.o', needed by `dovecot-auth'. Stop. I guess you're trying to build from hg and not the real alpha1 tarball? auth-module.c was just removed, so it sounds like you have a problem with updating dependencies.. Try deleting the whole source tree and starting from a new one. Yes. Remove tree + hg clone http://hg.dovecot.org/dovecot + ./autogen.sh + build works now. -- Like feeling your best ever, all day, every day? Email [EMAIL PROTECTED] for the easy way.
[Dovecot] Best way to change PACKAGE_STRING VERSION_STRING
Let me know the best way to change the source tree to add in a time to be output from 'dovecot --version'. I've tried the following with no success: mkdir -p /build/work/dovecot-1.1alpha2 cd /build/work/dovecot-1.1alpha2 export LDFLAGS='-L/common/pkgs/sqlite-3.4.1.1/lib64 -R/common/pkgs/sqlite-3.4.1.1/lib64' export PACKAGE_STRING='dovecot 1.1alpha2-2007-08-07' export PACKAGE_VERSION='1.1alpha2-2007-08-07' export CPPFLAGS='-pipe -O2 -I/common/pkgs/sqlite-3.4.1.1/include' unset CDPATH make distclean ./configure --prefix=/common/pkgs/dovecot-1.1alpha2 --disable-nls --disable-ipv6 --with-db --with-sql=plugin --with-sqlite --with-mysql --with-postgresql --with-ssl=openssl --with-ssldir=/etc/pki/dovecot --with-notify=inotify --with-ioloop=epoll --without-vpopmail --with-ldap=plugin --without-gssapi make -e make check rm -rf /common/pkgs/dovecot-1.1alpha2 make install Thanks. -- Like feeling your best ever, all day, every day? Email [EMAIL PROTECTED] for the easy way.
Re: [Dovecot] NFS rquota support
Greetings - On 7 Aug 2007, at 13:54, Stewart Dean wrote: Sorry to be so clueless, but all the activity about rquotad drives me to admit my puzzlement (or ignorance)... I run rquotad on my mail server that also runs DCrquotad is used by the other 3 hosts (a login/FTP server, a mailing list server and a user mgmnt server) that NFS mount the folder and inbox filesystem...which are under filesystem quota on the mail server where they are physically resident. AFAIK it is not queried on the mail server...after all, filesystem quota is running there. How/ why does DC need/use rquotad? I think you have answered your own questions actually! ... rquotad is used to allow other machines that NFS-mount a filestore. The rquotad daemon runs on the machine serving up the filestore to the other clients. You say that your mail filestore physically resides on your mail server. That means it is a locally attached disk (not mounted using NFS from some other server), and so Dovecot can, and does, obtain quotas directly from it: it does not need to ask an rquotad daemon. In contrast here we have the mailstore on a NetApp filer, and mount it over NFS on our machines running Dovecot. In this case Dovecot cannot query the quota directly because the filestore isn't on locally attached disk. Instead it must use an RPC (Remote Procedure Call) to ask the rquotad daemon running on the file server (in this case the NetApp filer) what the quota usage and limits are. Cheers, Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
Re: [Dovecot] Maildir Skeleton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 7 Aug 2007, Sebastian Ganschow wrote: I'd like to prepare a skeleton for the users maildir to create i.e. a spam folder and a sieve file per default. Is there any chance to realize this with dovecot? Try: http://wiki.dovecot.org/PostLoginScripting But the script runs for each login. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRrhy2i9SORjhbDpvAQIZiAgAlo6RC/39/mMj+rKiZ9i15fc6PF0lrK4X bvPTyhSSngC1Eeq3Ozc76J5Y4OCw4eKp9ouBECu840v81zRMe01An0zJjmrf/tjx yyWE/aJiGg4yOk3oP2pdfv8+MYawYxb6EPW+NmEyCr/6LHDfONa4PWC76iT6XZsF HOAxXE99qm4Kv9jGINKsRL1+OK+KWWzplF6hVtsrY7+8D+zk2YiQtFCKFK5SnpdA X2IMUfrYVovIJAUGPdzrLOVgeJxQJbXTqkG5dhqHZnYc6mEcrwsvRzavExz1qjmx 6uPUA7UsG/DM0Xj4rBoPXT9m+jwSouEUyM1lKNPzUsq8RyvhxOSN/g== =9nBa -END PGP SIGNATURE-
Re: [Dovecot] Best way to change PACKAGE_STRING VERSION_STRING
On Tue, 2007-08-07 at 07:58 -0500, David Favor wrote: Let me know the best way to change the source tree to add in a time to be output from 'dovecot --version'. I think the only way to do that is to modify config.h after configure is run. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Maildir Skeleton
If your OS uses /etc/skel to build new users from (many do), you can create it there. Most OSs that use /etc/skel merely copy files from there, then chown them to the appropriate user and group. Perms shouldn't be modified. On 2007 Aug 07 (Tue) at 14:37:03 +0200 (+0200), Sebastian Ganschow wrote: :-BEGIN PGP SIGNED MESSAGE- :Hash: SHA1 : :Hi, : :I'm setting up a new mailserver with postfix and Dovecot. : :I'd like to prepare a skeleton for the users maildir to create i.e. a spam :folder and a sieve file per default. : :Is there any chance to realize this with dovecot? : :Regards :Sebastian :- -- :Sebastian Ganschow :K??nigsberger Str. 17 :45770 Marl :Germany : :Phone: +49 2365 9 24 96 76 :Mobile: +49 172 2 47 41 44 :Mail: [EMAIL PROTECTED] :-BEGIN PGP SIGNATURE- :Version: GnuPG v1.4.7 (MingW32) :Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org : :iD8DBQFGuGdvKWhY+QthhLYRArCQAKCKLAaWetcu84vqnlr+a31K1qhKNgCfVtGL :71lFFadsY+9U1vIdNdhIcZE= :=biAm :-END PGP SIGNATURE- : -- A sine curve goes off to infinity or at least the end of the blackboard. -- Prof. Steiner
Re: [Dovecot] Maildir Skeleton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Hessler schrieb: If your OS uses /etc/skel to build new users from (many do), you can create it there. Most OSs that use /etc/skel merely copy files from there, then chown them to the appropriate user and group. Perms shouldn't be modified. It would work if the users weren't virtual. There are only virtual users on the mail system. Sebastian - -- Sebastian Ganschow Königsberger Str. 17 45770 Marl Germany Phone: +49 2365 9 24 96 76 Mobile: +49 172 2 47 41 44 Mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuItoKWhY+QthhLYRAmdGAKCgbg2mvg8dUh14AqvMFJKnBp5YigCfWyXX 17qBtdCdl4j2q7AvuBq1jKY= =Jo8x -END PGP SIGNATURE-
Re: [Dovecot] NFS rquota support
Greetings - On 7 Aug 2007, at 14:36, Nicolas STRANSKY wrote: In fact the patch applies well, dovecot compiles well, but rquota is still not functionnal. I have this in config.log: HAVE_RQUOTA_FALSE='#' HAVE_RQUOTA_TRUE='' #define HAVE_RQUOTA But there is no RPC string in quota-fs.o. Where am I wrong ? Try a different check: search through your config.h for RQUOTA. If all is well you should have #define HAVE_RQUOTA in there. If it's not then the rquota code isn't going to get included. (Well, that's based on my empirical observations here.) If it's not there then try the sequence below... This is what I did to get the build to include the rquota code: 0. Apply the patches. 1. cd to the top level of the distribution directory tree (above src) 2. Run: autoconf 3. Run: autoheader 4. Run: automake 5. Run: configure 6. Compile I think the following is right (forgive me if there's anything wrong)... autoconf does various tests to see if it is possible to use the rquota code (eg, required configuration files and the rpcgen command are all available); it builds the configure script from configure.in autoheader uses configure.in to build config.h.in automake builds the various Makefile.in files from the corresponding Makefile.am files. configure then builds config.h from config.h.in, and the various Makefile files from the Makefile.in files Then you are ready to compile. When I first tried using the patches I simply did autoconf then automake and found, like you, that the rquota code wasn't included in the compilation. However adding the autoheader step fixed this. Cheers, Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
Re: [Dovecot] Maildir Skeleton
* Sebastian Ganschow [EMAIL PROTECTED]: Peter Hessler schrieb: If your OS uses /etc/skel to build new users from (many do), you can create it there. Most OSs that use /etc/skel merely copy files from there, then chown them to the appropriate user and group. Perms shouldn't be modified. It would work if the users weren't virtual. There are only virtual users on the mail system. That's no problem either. The question is: Are you looking for an automated process or does cp -a template_maildir/ /srv/mail/newuser/ the job? [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563
Re: [Dovecot] Maildir Skeleton
That's no problem either. The question is: Are you looking for an automated process or does cp -a template_maildir/ /srv/mail/newuser/ the job? It should be automated. A possible solution would be a cronjob, which checks every few minutes if there is a new user without a maildir. But this requires that the user hasn't logged on before the cronjob is executed. Another approach is to check every maildir for an existing .Spam folder and a .dovecot.sieve file and create both if they don't exist. If dovecot couldn't do this by itself, I'm going to realize it with a cronjob. Why not just do this with a post-logon script? http://wiki.dovecot.org/PostLoginScripting -- Best regards, Charles
Re: [Dovecot] Maildir Skeleton
Sebastian Ganschow spake the following on 8/7/2007 9:38 AM: Patrick Ben Koetter schrieb: * Sebastian Ganschow [EMAIL PROTECTED]: Peter Hessler schrieb: If your OS uses /etc/skel to build new users from (many do), you can create it there. Most OSs that use /etc/skel merely copy files from there, then chown them to the appropriate user and group. Perms shouldn't be modified. It would work if the users weren't virtual. There are only virtual users on the mail system. That's no problem either. The question is: Are you looking for an automated process or does cp -a template_maildir/ /srv/mail/newuser/ the job? It should be automated. A possible solution would be a cronjob, which checks every few minutes if there is a new user without a maildir. But this requires that the user hasn't logged on before the cronjob is executed. Another approach is to check every maildir for an existing .Spam folder and a .dovecot.sieve file and create both if they don't exist. If dovecot couldn't do this by itself, I'm going to realize it with a cronjob. Sebastian What are you using to create users? MAybe you could add something to the user creation system. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't
Re: [Dovecot] vfile ACL's
On Sun, 5 Aug 2007, Timo Sirainen wrote: On Fri, 2007-08-03 at 09:34 -0400, Benjamin R. Haskell wrote: (Sorry for the impatience. This was one of several questions in my email from yesterday. I thought I might have better luck being more direct.) Is there a way to set ACL's, using the vfile backend, on a truly global basis? or hierarchically (i.e. .Maildir.Sub inherits from .Maildir)? I thought there was something like that, but looks like not. I don't remember if this is because there was a problem with adding support for them or if I simply haven't gotten around to implementing them yet. Thanks for the response. I worked around the actual problem (in [Dovecot] Shared folder hierarchies, multiple groups) with the following patch: http://benizi.com/dovecot-1.0.1-namespace-hack.patch It's probably not the correct thing to do. (Hence -hack.) But, it did seem to be the minimal set of changes required to accomplish what I wanted (shared folders implemented via namespaces with permissions controlled by the namespace INBOX's group). It changes the following: 1. src/imap/cmd-list.c - list_namespace_init In the IMAP LIST command, when checking namespace INBOX'es, if the INBOX folder's path exists and is not readable, it doesn't list it. 2. src/lib-storage/index/maildir/maildir-list.c - maildir_fill_readdir If it fails to open the directory because permission was denied, it sets an open_flag, but doesn't set_critial, and returns false. 3. src/lib-storage/index/maildir/maildir-list.c - maildir_mailbox_list_init If maildir_fill_readdir fails, and the HIDEYHACK flag is set, it returns in the same place as a failure would, but doesn't set .failed on the context. 4. src/lib-storage/index/maildir/maildir-storage.c - verify_inbox Checks permissions on the directory path. If the folder exists, but is unreadable, it returns 0 (= verifies OK), but logs an error to assist in actual-error debugging. If there's anything *glaringly* wrong with this approach, please let me know. Best, Ben
Re: [Dovecot] OpenBSD and too many open files
On Aug 1, 2007, at 4:22 PM, Bryan Vyhmeister wrote: On Aug 1, 2007, at 11:09 AM, Quentin Garnier wrote: Well, the problem is Christos did some other stuff in that commit than just fixing the bug. Try the attached patch. Thank you for the patch. It applied cleanly and I have a kernel that reflects the patch running right now. So far so good. I will report back if anything unusual happens. Otherwise, I will report back first thing next week if everything works fine from here on out. Thank you all for your help. Well, I have not had a single instance of the Too many files error since. Everything is working smoothly. I'll see about getting the patch into OpenBSD if possible. I'll get that tutorial done as well. Bryan
Re: [Dovecot] Maildir Skeleton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott Silva schrieb: What are you using to create users? MAybe you could add something to the user creation system. I'm using postfixAdmin but I don't want to modify it. Sebastian - -- Sebastian Ganschow Königsberger Str. 17 45770 Marl Germany Phone: +49 2365 9 24 96 76 Mobile: +49 172 2 47 41 44 Mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuKoBKWhY+QthhLYRAgeYAKCHRZiLW/wjQ/SjpFuM+PoLSO2NUACeP0OO YEXvoEgBTB0wLA64NP9FukU= =xgOo -END PGP SIGNATURE-
Re: [Dovecot] Maildir Skeleton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Marcus schrieb: Why not just do this with a post-logon script? http://wiki.dovecot.org/PostLoginScripting This would only work, if the user logs in before he gets the first mail. Sebastian - -- Sebastian Ganschow Königsberger Str. 17 45770 Marl Germany Phone: +49 2365 9 24 96 76 Mobile: +49 172 2 47 41 44 Mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuKpYKWhY+QthhLYRAugAAKCKto8coVYvONIYLpZ7r+/0crDZcwCgjHuC rqSurMbqtYCoWO0xtqM4shs= =9lc4 -END PGP SIGNATURE-
Re: [Dovecot] Maildir Skeleton
On Tue, 2007-08-07 at 19:22 +0200, Sebastian Ganschow wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Marcus schrieb: Why not just do this with a post-logon script? http://wiki.dovecot.org/PostLoginScripting This would only work, if the user logs in before he gets the first mail. Hmm, dovecot is all about retrieving received mail. If you need things to be done before a user retrieves mail initially, you _need_ to do it either via postfixadmin (don't know that piece) or using the LDA you are using to route the mail to the fitting (virtual) user. procmail for example could make you happy here (man procmailex). major drawback however for all those operations is that things are checked over and over again for each mail received. another (more sane) option would be to write the list of newly created users into a file/database/... and have a cronjob loop over this list, create the skeleton things you need and finally remove the user if the creation was successfull. Yet keep in mind that cron jobs are executed once a minute at most, so the time between creating the user and the cronjob running might cause some mails getting in before your user has been correctly initialized. -- Udo Rader bestsolution.at EDV Systemhaus GmbH http://www.bestsolution.at signature.asc Description: This is a digitally signed message part
Re: [Dovecot] What would you tell the CIO in an ABCs of Email overview?
The article is live... as part 1, anyway. As you'll soon see, it was impossible to do an ABCs of Email that covered both technology and people issues. So I've split these into two articles. I'll do the POP vs IMAP stuff separately... as soon as I recover from this one. I tried to make this document the one you want to print out and slap on an exec's desk when they do something totally dumb. (This way it's not YOU saying they were clueless.) Feel free to post anywhere you like... I'm such a slut for pageviews. Comments and corrections are welcome, particularly if they also include praise. :-) ABC: An Introduction to E-mail Management Helping nontechnical managers calibrate expectations, learn the key issues in e-mail management and identify issues in setting corporate e-mail policies. http://www.cio.com/article/128450/ ABC_An_Introduction_to_E_mail_Management Esther Schindler senior online editor, CIO.com On May 7, 2007, at 12:37 PM, Esther Schindler wrote: One of the key points that came up when I researched and wrote the Five Things CIOs Should Know about Fighting Spam article (http:// www.cio.com/article/28830) was that they should know the basics of how email works. Otherwise, said plenty of techies, the CIO won't have the first idea of what the email admin is complaining about. So I'm going to do my part. I'm going to write an ABCs of Email article (to accompany the many other ABCs articles we have on CIO.com, at http://www.cio.com/article/40242 ). I'd like your input on the topics that should be included, keeping in mind the fact that the target reader is a CIO, IT manager, or someone who wants to understand the basics, *not* actively get involved in email management. You don't need to write an essay for me or inundate me with links (though hey, if you want to make my life easier I shall not complain). What I'm looking for, primarily, are the categories of information that I should cover. In other words, if your CIO had an email ephiphany and asked you to give a half-hour presentation, what would you include? This won't be an Expert says... article nor will it be Geek on the street says I intend to compile and research the least you need to know for the not-necessarily-techie bosses out there. And hopefully the end result will be that you have one less dumb question to deal with in your life. So: any suggestions? (You can reply privately if you prefer.) Esther Schindler senior online editor, CIO.com her blog: http://advice.cio.com/taxonomy/term/34
Re: [Dovecot] OpenBSD and too many open files
On Tue, 7 Aug 2007 10:05:32 -0700 Bryan Vyhmeister [EMAIL PROTECTED] wrote: On Aug 1, 2007, at 4:22 PM, Bryan Vyhmeister wrote: On Aug 1, 2007, at 11:09 AM, Quentin Garnier wrote: Well, the problem is Christos did some other stuff in that commit than just fixing the bug. Try the attached patch. Thank you for the patch. It applied cleanly and I have a kernel that reflects the patch running right now. So far so good. I will report back if anything unusual happens. Otherwise, I will report back first thing next week if everything works fine from here on out. Thank you all for your help. Well, I have not had a single instance of the Too many files error since. Everything is working smoothly. I'll see about getting the patch into OpenBSD if possible. I'll get that tutorial done as well. Bryan I already passed this around for review and it has been commited. http://marc.info/?l=openbsd-cvsm=118648637312063w=2
Re: [Dovecot] OpenBSD and too many open files
On Aug 7, 2007, at 11:15 AM, Brad wrote: I already passed this around for review and it has been commited. http://marc.info/?l=openbsd-cvsm=118648637312063w=2 Great! Thank you very much. Bryan
Re: [Dovecot] Maildir Skeleton
Why not just do this with a post-logon script? http://wiki.dovecot.org/PostLoginScripting This would only work, if the user logs in before he gets the first mail. Ahh, right, sorry... this would not be the best way anyway, since as someone else pointed out, the script would run every time the user logged in. Then as someone else pointed out, the best way would be the user creation utility, or maybe the LDA... what do you use for deliver? -- Best regards, Charles
Re: [Dovecot] Maildir Skeleton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Udo Rader schrieb: procmail for example could make you happy here (man procmailex). May be, but I'm using dovecots deliver. another (more sane) option would be to write the list of newly created users into a file/database/... and have a cronjob loop over this list, create the skeleton things you need and finally remove the user if the creation was successfull. Yet keep in mind that cron jobs are executed once a minute at most, so the time between creating the user and the cronjob running might cause some mails getting in before your user has been correctly initialized. If the cronjob will be executed every minute, the chance for some mails getting in before the maildir has been created will be very low, because the created alias has to be synchronized to the mailrelay first. This happens every 15 minutes. I think the cronjob approach will be the best solution. - -- Sebastian Ganschow Königsberger Str. 17 45770 Marl Germany Phone: +49 2365 9 24 96 76 Mobile: +49 172 2 47 41 44 Mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuMbIKWhY+QthhLYRAr0oAJ95wCphT67fVKJUZS05mxKqBVlKkwCdG1IG /ble5it+wMW7rF7YVxKps9Q= =WkL8 -END PGP SIGNATURE-
Re: [Dovecot] Maildir Skeleton
Sebastian Ganschow wrote: If the cronjob will be executed every minute, the chance for some mails getting in before the maildir has been created will be very low, because the created alias has to be synchronized to the mailrelay first. This happens every 15 minutes. I think the cronjob approach will be the best solution. am i missing something ? i am using postfixadmin+dovecot+dovecot-LDA and i thought the spam-folder gets created the moment there's spam to be delivered in the spam-folder so why not just simply have a global sieve-file ? i used these 2 pages for my setup : http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL http://workaround.org/articles/ispmail-etch/#sieve-filtering-out-spam
Re: [Dovecot] Maildir Skeleton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 albinootje schrieb: am i missing something ? i am using postfixadmin+dovecot+dovecot-LDA and i thought the spam-folder gets created the moment there's spam to be delivered in the spam-folder so why not just simply have a global sieve-file ? i used these 2 pages for my setup : http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL http://workaround.org/articles/ispmail-etch/#sieve-filtering-out-spam The global sieve-filter file won't work on my system, but if I configure a per user sieve-file with the rule, the spam folder will be created. If I'll get the global filter working, it would the perfect solution. Sebastian - -- Sebastian Ganschow Königsberger Str. 17 45770 Marl Germany Phone: +49 2365 9 24 96 76 Mobile: +49 172 2 47 41 44 Mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuNYcKWhY+QthhLYRAjqwAJ9Rmup8RLg+M7oI3z7PguqTX2onagCeOi3t 5jAKwRFdZ5sMptklNZ7zl90= =y837 -END PGP SIGNATURE-
Re: [Dovecot] Maildir Skeleton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastian Ganschow schrieb: albinootje schrieb: am i missing something ? i am using postfixadmin+dovecot+dovecot-LDA and i thought the spam-folder gets created the moment there's spam to be delivered in the spam-folder so why not just simply have a global sieve-file ? i used these 2 pages for my setup : http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL http://workaround.org/articles/ispmail-etch/#sieve-filtering-out-spam The global sieve-filter file won't work on my system, but if I configure a per user sieve-file with the rule, the spam folder will be created. If I'll get the global filter working, it would the perfect solution. Sebastian so do you have any idea why global sieve-filter file does not work with your system? - -- Mit freundlichen Gruessen Best Regards Robert Schetterer Germany/Bavaria/Munich -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGuNbdfGH2AvR16oERAu6gAJ9opSqXewNY/1tEbm5/NBTjIFU5BwCaA02Z LV5ZxJbfjAOKCGk8QHls5Ik= =12WU -END PGP SIGNATURE-
Re: [Dovecot] Maildir Skeleton
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Schetterer schrieb:
so do you have any idea why global sieve-filter file
does not work with your system?
No I've got no idea.
dovecot.conf:
snip
protocol lda {
mail_plugin= quota, cmusieve
global_script_path = /var/vmail/globalsieverc
}
/snip
/var/vmal/globalsieverc:
require [fileinto];
# Move spam to spam folder
if exists X-Spam-Flag {
fileinto spam;
# Stop here so that we do not reply on spams
stop;
}
Is there anything else I need to configure?
Sebastian
- --
Sebastian Ganschow
Königsberger Str. 17
45770 Marl
Germany
Phone: +49 2365 9 24 96 76
Mobile: +49 172 2 47 41 44
Mail: [EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGuNppKWhY+QthhLYRAoaZAKCWkYT9G9saoQrzzEAwFWW3x1JLvACglvdL
Z0bDAOsI3Zji4/U2bQu0eCY=
=vQOu
-END PGP SIGNATURE-
[Dovecot] dovecot-sieve vacation changes
I'd like to put forward the following patch for dovecot-sieve.
Essentially this just merges in some changes made in CMU sieve 2.3.8 and
as such brings the behaviour more in line with RFC 3834 Recommendations
for Automatic Responses to Electronic Mail:
- fixes erroneous sender -request substring match
- checks for existence of a selection of list-* headers
- expands named-as-recipient header checks to Resent-To, Resent-CC
and Resent-BCC fields. Note that the appended patch also includes a
fix for some missing parentheses in the resent-to test which resulted
in some extra work being done but was otherwise harmless. The fix has
been sent to [EMAIL PROTECTED]
- prefixes subject in response with Auto: rather than (non-expanding)
Re:
I also, mostly for kicks, attach two sieve-like scripts that attempt to
encapsulate the when-not-to-respond logic as implemented (if the patch
were to be applied) and as advised by RFC 3834 respectively. I wrote
these as an exercise to help me gain a better understanding of sieve and
the CMU implementation. I'm not sure they are otherwise useful.
#
# An attempt to render, as SIEVE, the actions of shouldRespond() from CMU
# sieve/bc_eval.c as distributed with cyrus-imapd 2.3.8
#
# This is not valid SIEVE; The following expansions must first be
# performed:
#
# - %myaddrs% list of valid recipient addresses
# - %envrcpt% the actual envelope recipient
#
# Example:
#
# sed -e 's/%myaddrs%/[[EMAIL PROTECTED], [EMAIL PROTECTED]]/' \
# -e 's/%envrcpt%/[EMAIL PROTECTED]/' vacation.sieve.in
#
require [envelope];
if anyof ( exists list-id,
exists list-help,
exists list-subscribe,
exists list-unsubscribe,
exists list-post,
exists list-owner,
exists list-archive,
# XXX bc_eval.c also skips leading whitespace
not header :is auto-submitted no,
# XXX bc_eval.c also skips leading whitespace
header :is precedence [junk, bulk, list],
# XXX does this really catch null sender?
envelope :all :is from ,
# envelope sender equals envelope recipient; redundant if we assume
# %envrcpt% is an element in %myaddrs%
envelope :all :is from %envrcpt%,
envelope :all :is from %myaddrs%,
envelope :localpart :is from [mailer-daemon,
listserv,
majordomo],
envelope :comparator i;octet
:localpart :matches from [*-request,
owner-*],
not address :all :is [to,
cc,
bcc,
resent-to,
resent-cc,
resent-bcc] %myaddrs%
) {
discard;
}
#
# An attempt to render, as SIEVE, the advice from RFC 3834 section 2 When
# (not) to send automatic responses. Assumes we are a Personal
# Responder.
#
# This is not valid SIEVE; The following expansions must first be
# performed:
#
# - %myaddrs%list of valid recipient addresses
# - %untrusted% list of untrusted envelope senders
#
# Example:
#
# sed -e 's/%myaddrs%/[[EMAIL PROTECTED], [EMAIL PROTECTED]]/' \
# -e 's/%untrusted%/[[EMAIL PROTECTED]]/' rfc3834.sieve.in
#
require [envelope];
if anyof ( # Fails to account for syntax defined in section 5.1
# SHOULD NOT
not header :is auto-submitted no,
# SHOULD NOT
not address :all :is [to,
cc,
bcc,
resent-to,
resent-cc,
resent-bcc] %myaddrs%,
# MAY
envelope :all :is from %untrusted%,
# XXX Not clear if this correctly expresses a null sender
# MUST NOT
envelope :all :is from ,
# Strictly speaking localparts are case-sensitive hence the
# use of :comparator. In reality the default i;ascii-casemap
# comparator almost certainly make more sense.
# MAY
envelope :comparator i;octet
:localpart :is from [MAILER-DAEMON],
envelope :comparator i;octet
:localpart :matches from [*-request,
owner-*],
# XXX no such recommendation is actually made
# MAY
header :is precedence list,
# Mentions List-* and references RFC2369. Not possible to
# express list-* as a header match in sieve. Instead just
# enumerate the RFC2369 and RFC2919 (List-ID) defined headers.
# MAY
exists list-help,
exists list-unsubscribe,
exists list-subscribe,
exists
