Re: [Dovecot] Dovecot + Sieve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 4 Sep 2007, Marcin Michal Jessa wrote: The naming of the Sieve script and the configuration variables is explained here: http://wiki.dovecot.org/LDA/Sieve Note: The change of the name of global script path. script path refers to a filename, not just the directory of the .dovecot-sieve file. BTW: Because the script is compiled into a byte code representation, everybody needs write permission to the directory of the script (creates .tmp file, on success renames into script pathc ). If you force the compilation process using sievec, no write permission is required, e.g.: scriptpath=absolute filename/path of your Sieve script /usr/local/libexec/dovecot/sievec $scriptpath ${scriptpath}c Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRt5UJC9SORjhbDpvAQKhDgf9G88Cfz02N/oZmvTsgB7mAIhnO1B36Bou hM1toYuPS0Om95b6N3AjPBjlFizYPaQrJLApwXLWGnqPr4vLZmX3vJ71Lc0w4VUr CkpDKMlrL3ip6Z0v1w7MqsIcFK1PInCZ+qFDA9IHGlNWMMOiTxTKai0Uj+0zIv2c GeIo3zL6KoBirXs+WiAw2EN/0jJCq6W/yV/+DECyOTJEhwigcMliGI46pIAv2l6i a6r8sIbQB4y7d3eoei/M+DkPYH9emuKPIxB7RDEAdKN1WDyPe4S7JPFEYghiQzLd qY4pcU/y+UbnWEyQHQAhkWoonFyW9rgACtCe4OOcwgZsKqz81xkkWQ== =kPwA -END PGP SIGNATURE-
Re: [Dovecot] Dovecot + Sieve
On Wed, 5 Sep 2007 09:00:49 +0200 (CEST), Steffen Kaiser [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 4 Sep 2007, Marcin Michal Jessa wrote: The naming of the Sieve script and the configuration variables is explained here: http://wiki.dovecot.org/LDA/Sieve Note: The change of the name of global script path. script path refers to a filename, not just the directory of the .dovecot-sieve file. BTW: Because the script is compiled into a byte code representation, everybody needs write permission to the directory of the script (creates .tmp file, on success renames into script pathc ). If you force the compilation process using sievec, no write permission is required, e.g.: scriptpath=absolute filename/path of your Sieve script /usr/local/libexec/dovecot/sievec $scriptpath ${scriptpath}c I just ran a test defining sieve_global_dir = /usr/local/etc/sieve/ in my dovecot.conf and commenting global_script_path = Then I renamed my sieve script to .dovecot-sieve in that dir. And nothing happened. It was not compiled and used. I had to define global_script_path = again and then I could as well give the script a more reasonable name like Junk since it takes care of filtering of junk mail. Any idea why it does not work as you say? BTW, http://wiki.dovecot.org/LDA/Sieve should have things mentioned for global users as well since I overlooked that part from Per-user Sieve script location thinking it did not consider users of global scripts. Marcin.
Re: [Dovecot] Dovecot + Sieve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Sep 2007, Marcin M. Jessa wrote: script path refers to a filename, not just the directory of the .dovecot-sieve file. I just ran a test defining sieve_global_dir = /usr/local/etc/sieve/ Er, you missed the script path refers to a filename, didn't you? See, get_sieve_path(void) in cmusieve's source ball src/cmusieve-plugin.c The value of sieve per user or sieve_global_dir is a filename, not a directory. Only if none of them is defined, .dovecot-sieve comes into play. script a more reasonable name like Junk since it takes care of filtering of You can give the script any name you like. Personally I wouldn't name it Junk, because there is exactly one Sieve script and you cannot specify another one. BTW, http://wiki.dovecot.org/LDA/Sieve should have things mentioned for global users as well since I overlooked that part from Per-user Sieve script location thinking it did not consider users of global scripts. I would think, the sections Configuring and Compiling and errors apply to you. The Per-user section really is dealing with the configuration per user, whether or not you return the same value for all users. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRt5why9SORjhbDpvAQIDTwgAwscv4Xo9lLWssDEkEseMLgYY7TC6mxWF gWrgcT8G6ofRcuUmwxgsSYwAaYwD3Ae3P5H6dTJGE5SF+I/moyf28RzOyzO77DNK fSrj10r4K1VGHva5nu5NoIcY5v/OIiiq8QtElZORDeB+70eiMugQG99T82Hh26XR vPSPdVw/jQf7iudn+dNw3UxTnQoyLJ6oi0IbIF5QR9ppnWLFa+p5n4iPx/03nat/ pfxd7oZ8xTO8DwwbqMgk9rvq2uMjsINEFHjm5jVzneVMGELevYfm9weIgsAFfJpQ F8cgDKtt5GYDkEDmdjmV+3PLcEUyUo5j7y1S0oFNZ/WnR9BY91WkRg== =8ZGb -END PGP SIGNATURE-
[Dovecot] Timeout while waiting for lock for transaction log file
I have a user that gets client timeout errors when he tries to delete/clean up his massive Spam folder (many thousands of mail messages). He uses Thunderbird and has it configured to use Move to Trash when he deletes messages. I find the following in Dovecot's log file when it happens: Aug 28 10:38:22 ifm.liu.se dovecot: [ID 107833 mail.error] IMAP(bpn): Timeout while waiting for lock for transaction log file /home/bpn/Maildir/.Trash/dovecot.index.log Aug 28 10:38:24 ifm.liu.se dovecot: [ID 107833 mail.info] IMAP(bpn): Disconnected Any suggestions on what I can tuned/fix in Dovecot to solve this issue? We're using Dovecot 1.0.3 with Maildirs. This is the only user (so far) where we are seeing this. - Peter signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Dovecot + Sieve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Sep 2007, Marcin M. Jessa wrote: This is is also what the example on http://wiki.dovecot.org/LDA/Sieve says. There is only sieve_global_dir = /etc/dovecot/sieve/ there. You wrote in your first post, you're using v1.0.3, the section with this line applies to v1.1. In v1.0 you have this: # If there is no user-specific Sieve-script, global Sieve script is # executed if set. (v1.0.1 and older used global_script_path) #sieve_global_path = Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRt62gy9SORjhbDpvAQIlRQf/YXHocYLlXnLwd91AbQ1M0CqnL0d3aRxf wcFZpFEwbqKsD8E5YBF+4Uy1xOMHX5LDBtoQwBddP7ww48yBPpHuIGFnX6pphvN3 didwF+jGMNo8WirNwPpagUOBAD/xVxzkxKX293TXekAZFmZ7m95UU6Q2nNpAuTsG rxA7lkIvbElgMU27DLy3hnTRhUl1ziOgzWFe+CQUnuvVPbUAT1MIeptytyj0Tdj6 8PUZxUIfLL/VOi3NSxsfve5xLJdQF3m4PfuKn+sFlUshRAmrQxQsK7ivPgyiSKER fYVMrN9OAQPU/LTGZlcv/Doir7H5IY7toccn2J4GNBlexkQLVz/iLQ== =Idjo -END PGP SIGNATURE-
[Dovecot] alert function (possible WIBNI)
The imapd spec has a provision for an alert pop-up of any ASCII text message contained in /etc/imapd.alert on the IMAP server. Can I assume this is implemented on DC? It'd be real nice if in addition to the current all-users message, it was possible to do a per-user alert...but I guess that would be something for IMAP standards... -- Stewart Dean, Unix System Admin, Henderson Computer Resources Center of Bard College, Annandale-on-Hudson, New York 12504 [EMAIL PROTECTED] voice: 845-758-7475, fax: 845-758-7035
Re: [Dovecot] o/s tuning for imap
Marcin Michal Jessa wrote: Russell E. Meek wrote: Quoting Ken A [EMAIL PROTECTED]: I'm switching from a pop3 only dovecot install to a pop3/imap install and I'm wondering how many connections every 100 'normal' imap users might have/keep open? I'm wondering if I need to tweak any o/s related things, like time_wait, etc. Any pointers would be greatly appreciated. Thanks, Ken A. OS related tweaks, probably not. However you could utilize a imap proxy such as up-imapproxy which if using FreeBSD is in ports. A propos proxy. Is it possible to run dovecot as an IMAP proxy with load balancing the same way it is possible with Courier and Cyrus? If not, is it on the TODO list? http://wiki.dovecot.org/HowTo/ImapProxy Works quite well here.
[Dovecot] Dovecot Imap Stopped working
Dovecot has been working fine for months. We are using 1.0. Come in to work today and dovecot quit working POP3 and IMAP. I restarted the service and everything started working except IMAP? We use Dovecot as an authentication method for outgoing mail and it works. I can't telnet to myhostname.com 143, Squirrelmail will NOT work either. Where is a good place to start looking for signs of the problem. When we restart we get no errors, which is strange? K
Re: [Dovecot] Dovecot + Sieve
Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 4 Sep 2007, Marcin Michal Jessa wrote: The naming of the Sieve script and the configuration variables is explained here: http://wiki.dovecot.org/LDA/Sieve Note: The change of the name of global script path. script path refers to a filename, not just the directory of the .dovecot-sieve file. BTW: Because the script is compiled into a byte code representation, everybody needs write permission to the directory of the script (creates .tmp file, on success renames into script pathc ). If you force the compilation process using sievec, no write permission is required, e.g.: scriptpath=absolute filename/path of your Sieve script /usr/local/libexec/dovecot/sievec $scriptpath ${scriptpath}c I've tried manually compiling the script. I now have a sieve and a sievec in my mail folder, and the sieve variable in dovecot.conf (1.0.3) is set to /var/mail/%d/%u/sieve (The filename specified should be the script source, not the compiled version, correct?). I receive no errors from deliver using this method - but no evidence that the script is being followed, either. I thought I'd start with something simple - when that didn't work I added a global fileinto directive - still not doing anything. Do I need to set execute permissions or turn off world-readable permissions on the script or compiled version? require [fileinto]; if header :contains [From,To] [[EMAIL PROTECTED],[EMAIL PROTECTED]] { fileinto System-Messages; } fileinto System-Messages; -- Daniel
[Dovecot] auth_default_realm for different listeners
We provide POP3 service for several realms, each of which has a substantial number of users logging in with no realm (bare username). We would like to use Dovecot, but I haven't been able to findout how to vary auth_default_realm for each listener. My most recent attempt was to set up one auth {} block for each realm with a different auth_default_realm and socket master path. I then set up one protocol pop3 {} block for each realm, listening on different IP addresses and with a auth_socket_path corresponding to the auth block for that listener. I'm not sure if I'm on the right track here, but I'm seeing two problems: 1. When dovecot starts, I get: Sep 5 18:32:21 pop01 dovecot: auth(otherdomain): Socket already exists: /var/run/dovecot/auth-otherdomain for each additional auth {} block. 2. dovecot won't start with auth_socket_path specified in a protocl pop3 {} block: Error in configuration file /etc/dovecot/dovecot.conf line 654: Unknown setting: socket_path Is there a way to vary auth_default_realm for each listener, so I can have multiple realms log in with bare usernames? thanks, john -- John Morrissey _o/\ __o [EMAIL PROTECTED]_- \_ / \ \, www.horde.net/__(_)/_(_)/\___(_) /_(_)__
Re: [Dovecot] o/s tuning for imap
http://wiki.dovecot.org/HowTo/ImapProxy Works quite well here. This is very interesting Does it work ok if you want to have one machine handle the nearly all the normal IMAP traffic, but it has the ability to proxy a few users to a different server? ie do you need to set it up as a proxy in front of another server, or can you have a hybrid server? In conjuction with some kind of imap folder sync this would be quite cool in a multi-office setup where you can then easily move users mailbox to the closest server where they are working and a few DNS tricks would allow them to turn up in any office and immediately start working. Ed W
[Dovecot] securing dovecot proxy connections
The wiki http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy page says this: The connections created to the destination server can't be TLS/SSL encrypted.. Hrmm. Right now, with perdition, I'm forcing the use of STARTTLS on the internal connections. I'd just as soon get rid of perdition (to have one less moving part in my architecture), but I need the secure connections. Is there a way to configure dovecot's internal proxy connections to use STARTTLS or some other SSL/TLS level of security? (Without a bunch more research, I don't know what the interaction is between the real client, the dovecot proxy, and the destination server.) -- [EMAIL PROTECTED] (WJCarpenter)PGP 0x91865119 38 95 1B 69 C9 C6 3D 2573 46 32 04 69 D6 ED F3
[Dovecot] Quota bug in deliver?
Hi, I may be wrong, but I suspect a bug in dovecot deliver when using quotas. I've put some mails into a mailbox and then reduced the quota, to have the mailbox be over quota - here's the quota informaiton: [...] 2 getquotaroot INBOX * QUOTAROOT INBOX * QUOTA (STORAGE 880 5) 2 OK Getquotaroot completed. [...] When I have a setup with quotas only in the database, everything works as expected and deliver denies the message: Sep 5 21:50:14 ms4 deliver([EMAIL PROTECTED]): msgid=[EMAIL PROTECTED]: save failed to INBOX: Quota exceed ed Sep 5 21:50:14 ms4 deliver([EMAIL PROTECTED]): msgid=[EMAIL PROTECTED]: Rejected: Quota exceeded When I put a standard quota into the config as follows, the delivery succeeds (apparently deliver checks the standard quota, while IMAP correctly checks the quota from the database if it is returned. Sep 5 21:46:11 ms4 deliver([EMAIL PROTECTED]): msgid=[EMAIL PROTECTED]: saved mail to INBOX The mailbox is still over quota here, but deliver does not seem to notice. == standard quota in the config plugin { quota = maildir:storage=102400:messages=1000 [...] } In case I've overlooked something, please let me know. Otherwise let me know if you need some more information. Baltasar _ FORMER 03 GmbH _ www.former03.de _ fon 089.322112.0 PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Dovecot + Sieve
pod wrote: DM == Daniel L Miller [EMAIL PROTECTED] writes: DM I've tried manually compiling the script. I now have a sieve DM and a sievec in my mail folder, and the sieve variable in DM dovecot.conf (1.0.3) is set to /var/mail/%d/%u/sieve (The filename DM specified should be the script source, not the compiled version, DM correct?). DM I receive no errors from deliver using this method - but no DM evidence that the script is being followed, either. I thought I'd DM start with something simple - when that didn't work I added a DM global fileinto directive - still not doing anything. Do I need DM to set execute permissions or turn off world-readable permissions DM on the script or compiled version? Create the following config file or something similar: log_path = /dev/stderr info_log_path = /dev/stderr mail_debug = yes mail_location = maildir:%h/tmp/Maildir protocol lda { postmaster_address = [EMAIL PROTECTED] mail_plugins = cmusieve } put it in, say, ~/tmp/dovecot.lda-debug.conf. Directly invoke deliver as a regular user with the -c option pointing to this config file, e.g. [EMAIL PROTECTED] date | /usr/libexec/dovecot/deliver -c ~/tmp/dovecot.lda-debug.conf Observe the output. Thank you for that extremely detailed debugging procedure. Resulting output is below: deliver(vmail): Sep 05 13:05:28 Info: Loading modules from directory: /usr/lib/dovecot/modules/lda deliver(vmail): Sep 05 13:05:28 Info: Module loaded: /usr/lib/dovecot/modules/lda/lib90_cmusieve_plugin.so deliver(vmail): Sep 05 13:05:28 Info: maildir: data=/var/mail/amfes.com/dmiller deliver(vmail): Sep 05 13:05:28 Info: maildir: root=/var/mail/amfes.com/dmiller, index=/var/mail/amfes.com/dmiller, control=, inbox= deliver(vmail): Sep 05 13:05:28 Info: msgid=: saved mail to INBOX Based on this, the sieve script is not being executed at all. My temp config is: log_path = /dev/stderr info_log_path = /dev/stderr mail_debug = yes mail_location = maildir:/var/mail/amfes.com/dmiller protocol lda { postmaster_address = [EMAIL PROTECTED] mail_plugins = cmusieve sieve = /var/mail/%d/%u/sieve } I did make a discovery - hardcoding the sieve path, without variables, e.g. sieve = /var/mail/amfes.com/dmiller/sieve - worked! Is there a problem using the domain / user variables in the configuration file? DM require [fileinto]; DM if header :contains [From,To] [[EMAIL PROTECTED],[EMAIL PROTECTED]] { DM fileinto System-Messages; DM } DM fileinto System-Messages; I think you ought to consider using an ADDRESS test rather than a HEADER test for this sort of match, thus if address :is :all [from, to] [[EMAIL PROTECTED], [EMAIL PROTECTED]] { # ... etc } which will do proper address matching (i.e. phrase or comment parts in headers won't match) against a reasonable set of sender and recipient headers (for example a CC header). I appreciate the assistance with the script as well - I obviously need to learn the sieve language. -- Daniel
Re: [Dovecot] Quota bug in deliver?
bc When I put a standard quota into the config as follows, the bc delivery succeeds (apparently deliver checks the standard quota, bc while IMAP correctly checks the quota from the database if it is bc returned. Sep 5 21:46:11 ms4 bc The mailbox is still over quota here, but deliver does not seem to bc notice. I recently debugged that situation in my own configuration. Are you using prefetches for your user query? If you are using prefetch for your userdb lookups, you still need a separate user query to be used by deliver (it doesn't do the password query). The wiki pages show a configuration for keeping the prefetch for IMAP but having a user query for deliver. I don't know if that works since I simply got rid of my prefetch completely and moved on to a different problem when that cured it. (I plan to try to put the prefetch back in later when I get some spare time.) -- [EMAIL PROTECTED] (WJCarpenter)PGP 0x91865119 38 95 1B 69 C9 C6 3D 2573 46 32 04 69 D6 ED F3
Re: [Dovecot] Dovecot Imap Stopped working
Duracom Lists wrote: Dovecot has been working fine for months. We are using 1.0. Come in to work today and dovecot quit working POP3 and IMAP. I restarted the service and everything started working except IMAP? We use Dovecot as an authentication method for outgoing mail and it works. I can't telnet to myhostname.com 143, Squirrelmail will NOT work either. Where is a good place to start looking for signs of the problem. When we restart we get no errors, which is strange? K What's in your protocols line in dovecot.conf? -- Daniel
Re: [Dovecot] securing dovecot proxy connections
wjc Is there a way to configure dovecot's internal proxy connections wjc to use STARTTLS or some other SSL/TLS level of security? wjc (Without a mmj Just create encrypted tunnel between the peers and send your mmj traffic through it. IPSec, ssh etc.. Thanks for the suggestion. I had thought of that, but all my front-end servers are also back-end servers. (I'm just letting the users come in on any server -- usually the correct one -- and want to transparently connect them to the correct back-end if they happen to come into the wrong server.) So, even with just 5 servers, that's 20 tunnels to keep afloat through reboots, etc. In principle no problem, but it's a lot of balls in the air.
[Dovecot] OT Project idea: IMAP plugin for Google Desktop
Posting here, as Dovecot seems to be the premier IMAP server available. In case anyone is looking for something to work on, I found today that Google Desktop only understands email clients that keep mail on the client, and it would be nice if there was a plugin that understood IMAP. Here's a site that seems to explain how to write such plugins: http://www.plugindevelopment.com/
Re: [Dovecot] Quota bug in deliver?
Hi, On 05.09.2007, at 22:19, WJCarpenter wrote: bc When I put a standard quota into the config as follows, the bc delivery succeeds (apparently deliver checks the standard quota, bc while IMAP correctly checks the quota from the database if it is bc returned. Sep 5 21:46:11 ms4 bc The mailbox is still over quota here, but deliver does not seem to bc notice. I recently debugged that situation in my own configuration. Are you using prefetches for your user query? If you are using prefetch for your userdb lookups, you still need a separate user query to be used by deliver (it doesn't do the password query). The wiki pages show a configuration for keeping the prefetch for IMAP but having a user query for deliver. I don't know if that works since I simply got rid of my prefetch completely and moved on to a different problem when that cured it. (I plan to try to put the prefetch back in later when I get some spare time.) I do use prefetch, I have an separate query, too. Without that the quota fails completely. Having both statements and prefetch, the quota works fine with IMAP and deliver when I have no quota line in the plugin section, when I add the line (see !!MARK!! below), the deliver takes the quota from that line instead of the database information. IMAP uses the information from the database all the time, no matter if I have a quota line in the config. ### SNIP /etc/dovecot/dovecot.conf protocol imap { mail_plugins = quota trash imap_quota } protocol pop3 { pop3_uidl_format = %08Xu%08Xv pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { postmaster_address = postmaster@mydomain auth_socket_path = /var/run/dovecot/auth-master mail_plugins = cmusieve quota } auth default { mechanisms = plain digest-md5 cram-md5 ntlm rpa passdb sql { args = /etc/dovecot/dovecot-sql.conf } userdb prefetch { } userdb sql { args = /etc/dovecot/dovecot-sql.conf } user = _dcauth socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail group = mail } } } plugin { # !!MARK!! # deliver seems to use the userdb quota only when I don't have the following line quota = maildir:storage=102400:messages=1000 acl = vfile:/etc/dovecot/acls trash = /etc/dovecot/dovecot-trash.conf } ### SNIP _ FORMER 03 GmbH _ www.former03.de PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Dovecot Imap Stopped working
Duracom Lists wrote: protocols = imap imaps pop3 pop3s -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel L. Miller Sent: Wednesday, September 05, 2007 3:23 PM To: Dovecot Mailing List Subject: Re: [Dovecot] Dovecot Imap Stopped working Duracom Lists wrote: Dovecot has been working fine for months. We are using 1.0. Come in to work today and dovecot quit working POP3 and IMAP. I restarted the service and everything started working except IMAP? We use Dovecot as an authentication method for outgoing mail and it works. I can't telnet to myhostname.com 143, Squirrelmail will NOT work either. Where is a good place to start looking for signs of the problem. When we restart we get no errors, which is strange? K What's in your protocols line in dovecot.conf? Anything strange in the logfile during Dovecot startup? -- Daniel
[Dovecot] passdb/userdb args
I'm a bit unclear on these - give me a moment to ramble on. I should mention I'm using version 1.0.3, my primary backend is LDAP, and I do NOT want to store user mail folders in my LDAP directory. I currently have the following: default_mail_env = maildir:/var/mail/%d/%n passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } # Instructions for deliver state a userdb is still required if using prefetch userdb ldap { args = /etc/dovecot/dovecot-ldap.conf } userdb prefetch { } My dovecot-ldap.conf is pretty simple - the trimmed version is: hosts = localhost auth_bind = no user_attrs = %d/%n=mail user_filter = (mail=%u) pass_attrs = ((userPassword=password)(mail=%u)) user_global_uid = 5000 user_global_gid = 8 I recognize that the pass_attrs is incorrect for a prefetch config - but I couldn't get it to work. My mail folder structure is /var/mail/domain/username. If, under 1.0.3, I can't use the %d/%n variables to build the user/home/mail parameters in the LDAP config, can I do it in the configuration stanza? Something like: passdb ldap{ args = home=%dn/%n mail=%d/%n /etc/dovecot/dovecot.conf } -- Daniel
Re: [Dovecot] passdb/userdb args
Hi, I was face with a similar problem a couple of month ago. If I recall correctly, the system needed the home variable but it was empty because it could not be retrieved in the Actuve Directory tree. Here is what I did (adapted to your setup. I think) In my ldap setup I set pass_attrs = mail=userdb_home In the main conf file I did mail_executable = /usr/libexec/dovecot/special.sh And in special.sh I put #!/bin/sh myuser=`echo $HOME|sed s/@.*$//` domain=`echo $HOME|sed s/^.*@//` export USER=$HOME export HOME=/var/mail/${domain}/${myuser} export MAIL=maildir:${HOME} exec /usr/libexec/dovecot/imap Voila! Make sure that special.sh is where mail_executable says it is And don't forget to chmod a+x it. Hope this helps François On Thursday 06 September 2007 06:20, Daniel L. Miller wrote: I'm a bit unclear on these - give me a moment to ramble on. I should mention I'm using version 1.0.3, my primary backend is LDAP, and I do NOT want to store user mail folders in my LDAP directory. I currently have the following: default_mail_env = maildir:/var/mail/%d/%n passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } # Instructions for deliver state a userdb is still required if using prefetch userdb ldap { args = /etc/dovecot/dovecot-ldap.conf } userdb prefetch { } My dovecot-ldap.conf is pretty simple - the trimmed version is: hosts = localhost auth_bind = no user_attrs = %d/%n=mail user_filter = (mail=%u) pass_attrs = ((userPassword=password)(mail=%u)) user_global_uid = 5000 user_global_gid = 8 I recognize that the pass_attrs is incorrect for a prefetch config - but I couldn't get it to work. My mail folder structure is /var/mail/domain/username. If, under 1.0.3, I can't use the %d/%n variables to build the user/home/mail parameters in the LDAP config, can I do it in the configuration stanza? Something like: passdb ldap{ args = home=%dn/%n mail=%d/%n /etc/dovecot/dovecot.conf }
Re: [Dovecot] securing dovecot proxy connections
ka per another current thread (o/s tuning for imap), I've installed ka imapproxy, and it supports starttls to the backend imap server. It ka doesn't use encryption on the incoming connections though, since ka they are presumably from localhost (squirrelmail). Ken That's an interesting thought. Have you actually gotten its STARTTLS to work? I tried it a couple days ago with no luck, but maybe I just didn't try hard enough. -- [EMAIL PROTECTED] (WJCarpenter)PGP 0x91865119 38 95 1B 69 C9 C6 3D 2573 46 32 04 69 D6 ED F3
Re: [Dovecot] Quota bug in deliver?
FORMER 03 | Baltasar Cevc wrote: Hi, On 05.09.2007, at 22:19, WJCarpenter wrote: bc When I put a standard quota into the config as follows, the bc delivery succeeds (apparently deliver checks the standard quota, bc while IMAP correctly checks the quota from the database if it is bc returned. Sep 5 21:46:11 ms4 bc The mailbox is still over quota here, but deliver does not seem to bc notice. I recently debugged that situation in my own configuration. Are you using prefetches for your user query? If you are using prefetch for your userdb lookups, you still need a separate user query to be used by deliver (it doesn't do the password query). The wiki pages show a configuration for keeping the prefetch for IMAP but having a user query for deliver. I don't know if that works since I simply got rid of my prefetch completely and moved on to a different problem when that cured it. (I plan to try to put the prefetch back in later when I get some spare time.) I do use prefetch, I have an separate query, too. Without that the quota fails completely. Having both statements and prefetch, the quota works fine with IMAP and deliver when I have no quota line in the plugin section, when I add the line (see !!MARK!! below), the deliver takes the quota from that line instead of the database information. IMAP uses the information from the database all the time, no matter if I have a quota line in the config. [...] plugin { # !!MARK!! # deliver seems to use the userdb quota only when I don't have the following line quota = maildir:storage=102400:messages=1000 acl = vfile:/etc/dovecot/acls trash = /etc/dovecot/dovecot-trash.conf } I discovered something similar. User's quota from the DB was not used when the user's quota was over the limit of the plugin part. According to the docs the db quota values should always come first before the plugin part but it does not. Marcin.
Re: [Dovecot] securing dovecot proxy connections
WJCarpenter wrote: wjc Is there a way to configure dovecot's internal proxy connections wjc to use STARTTLS or some other SSL/TLS level of security? wjc (Without a mmj Just create encrypted tunnel between the peers and send your mmj traffic through it. IPSec, ssh etc.. Thanks for the suggestion. I had thought of that, but all my front-end servers are also back-end servers. (I'm just letting the users come in on any server -- usually the correct one -- and want to transparently connect them to the correct back-end if they happen to come into the wrong server.) So, even with just 5 servers, that's 20 tunnels to keep afloat through reboots, etc. In principle no problem, but it's a lot of balls in the air. In that case you could add VLAN trunks between them to separate connections from the rest of the network. You would tunnel your server traffic in VLANs and noone would be able to sniff it. This is probably the quickest and most robust way to do this on a LAN not involving any security protocols. Marcin.