Re: [Dovecot] Dovecot + Sieve
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 4 Sep 2007, Marcin Michal Jessa wrote:
The naming of the Sieve script and the configuration variables is
explained here:
http://wiki.dovecot.org/LDA/Sieve
Note: The change of the name of global script path.
script path refers to a filename, not just the directory of the
.dovecot-sieve file.
BTW: Because the script is compiled into a byte code representation,
everybody needs write permission to the directory of the script (creates
.tmp file, on success renames into script pathc ).
If you force the compilation process using sievec, no write permission
is required, e.g.:
scriptpath=absolute filename/path of your Sieve script
/usr/local/libexec/dovecot/sievec $scriptpath ${scriptpath}c
Bye,
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRt5UJC9SORjhbDpvAQKhDgf9G88Cfz02N/oZmvTsgB7mAIhnO1B36Bou
hM1toYuPS0Om95b6N3AjPBjlFizYPaQrJLApwXLWGnqPr4vLZmX3vJ71Lc0w4VUr
CkpDKMlrL3ip6Z0v1w7MqsIcFK1PInCZ+qFDA9IHGlNWMMOiTxTKai0Uj+0zIv2c
GeIo3zL6KoBirXs+WiAw2EN/0jJCq6W/yV/+DECyOTJEhwigcMliGI46pIAv2l6i
a6r8sIbQB4y7d3eoei/M+DkPYH9emuKPIxB7RDEAdKN1WDyPe4S7JPFEYghiQzLd
qY4pcU/y+UbnWEyQHQAhkWoonFyW9rgACtCe4OOcwgZsKqz81xkkWQ==
=kPwA
-END PGP SIGNATURE-
Re: [Dovecot] Dovecot + Sieve
On Wed, 5 Sep 2007 09:00:49 +0200 (CEST), Steffen Kaiser
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 4 Sep 2007, Marcin Michal Jessa wrote:
The naming of the Sieve script and the configuration variables is
explained here:
http://wiki.dovecot.org/LDA/Sieve
Note: The change of the name of global script path.
script path refers to a filename, not just the directory of the
.dovecot-sieve file.
BTW: Because the script is compiled into a byte code representation,
everybody needs write permission to the directory of the script (creates
.tmp file, on success renames into script pathc ).
If you force the compilation process using sievec, no write permission
is required, e.g.:
scriptpath=absolute filename/path of your Sieve script
/usr/local/libexec/dovecot/sievec $scriptpath ${scriptpath}c
I just ran a test defining sieve_global_dir = /usr/local/etc/sieve/
in my dovecot.conf and commenting global_script_path =
Then I renamed my sieve script to .dovecot-sieve in that dir.
And nothing happened. It was not compiled and used.
I had to define global_script_path = again and then I could as well give
the
script a more reasonable name like Junk since it takes care of filtering of
junk mail.
Any idea why it does not work as you say?
BTW, http://wiki.dovecot.org/LDA/Sieve should have things mentioned for
global users as well
since I overlooked that part from Per-user Sieve script location thinking
it did
not consider users of global scripts.
Marcin.
Re: [Dovecot] Dovecot + Sieve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Sep 2007, Marcin M. Jessa wrote: script path refers to a filename, not just the directory of the .dovecot-sieve file. I just ran a test defining sieve_global_dir = /usr/local/etc/sieve/ Er, you missed the script path refers to a filename, didn't you? See, get_sieve_path(void) in cmusieve's source ball src/cmusieve-plugin.c The value of sieve per user or sieve_global_dir is a filename, not a directory. Only if none of them is defined, .dovecot-sieve comes into play. script a more reasonable name like Junk since it takes care of filtering of You can give the script any name you like. Personally I wouldn't name it Junk, because there is exactly one Sieve script and you cannot specify another one. BTW, http://wiki.dovecot.org/LDA/Sieve should have things mentioned for global users as well since I overlooked that part from Per-user Sieve script location thinking it did not consider users of global scripts. I would think, the sections Configuring and Compiling and errors apply to you. The Per-user section really is dealing with the configuration per user, whether or not you return the same value for all users. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRt5why9SORjhbDpvAQIDTwgAwscv4Xo9lLWssDEkEseMLgYY7TC6mxWF gWrgcT8G6ofRcuUmwxgsSYwAaYwD3Ae3P5H6dTJGE5SF+I/moyf28RzOyzO77DNK fSrj10r4K1VGHva5nu5NoIcY5v/OIiiq8QtElZORDeB+70eiMugQG99T82Hh26XR vPSPdVw/jQf7iudn+dNw3UxTnQoyLJ6oi0IbIF5QR9ppnWLFa+p5n4iPx/03nat/ pfxd7oZ8xTO8DwwbqMgk9rvq2uMjsINEFHjm5jVzneVMGELevYfm9weIgsAFfJpQ F8cgDKtt5GYDkEDmdjmV+3PLcEUyUo5j7y1S0oFNZ/WnR9BY91WkRg== =8ZGb -END PGP SIGNATURE-
[Dovecot] Timeout while waiting for lock for transaction log file
I have a user that gets client timeout errors when he tries to delete/clean up his massive Spam folder (many thousands of mail messages). He uses Thunderbird and has it configured to use Move to Trash when he deletes messages. I find the following in Dovecot's log file when it happens: Aug 28 10:38:22 ifm.liu.se dovecot: [ID 107833 mail.error] IMAP(bpn): Timeout while waiting for lock for transaction log file /home/bpn/Maildir/.Trash/dovecot.index.log Aug 28 10:38:24 ifm.liu.se dovecot: [ID 107833 mail.info] IMAP(bpn): Disconnected Any suggestions on what I can tuned/fix in Dovecot to solve this issue? We're using Dovecot 1.0.3 with Maildirs. This is the only user (so far) where we are seeing this. - Peter signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Dovecot + Sieve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Sep 2007, Marcin M. Jessa wrote: This is is also what the example on http://wiki.dovecot.org/LDA/Sieve says. There is only sieve_global_dir = /etc/dovecot/sieve/ there. You wrote in your first post, you're using v1.0.3, the section with this line applies to v1.1. In v1.0 you have this: # If there is no user-specific Sieve-script, global Sieve script is # executed if set. (v1.0.1 and older used global_script_path) #sieve_global_path = Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRt62gy9SORjhbDpvAQIlRQf/YXHocYLlXnLwd91AbQ1M0CqnL0d3aRxf wcFZpFEwbqKsD8E5YBF+4Uy1xOMHX5LDBtoQwBddP7ww48yBPpHuIGFnX6pphvN3 didwF+jGMNo8WirNwPpagUOBAD/xVxzkxKX293TXekAZFmZ7m95UU6Q2nNpAuTsG rxA7lkIvbElgMU27DLy3hnTRhUl1ziOgzWFe+CQUnuvVPbUAT1MIeptytyj0Tdj6 8PUZxUIfLL/VOi3NSxsfve5xLJdQF3m4PfuKn+sFlUshRAmrQxQsK7ivPgyiSKER fYVMrN9OAQPU/LTGZlcv/Doir7H5IY7toccn2J4GNBlexkQLVz/iLQ== =Idjo -END PGP SIGNATURE-
[Dovecot] alert function (possible WIBNI)
The imapd spec has a provision for an alert pop-up of any ASCII text message contained in /etc/imapd.alert on the IMAP server. Can I assume this is implemented on DC? It'd be real nice if in addition to the current all-users message, it was possible to do a per-user alert...but I guess that would be something for IMAP standards... -- Stewart Dean, Unix System Admin, Henderson Computer Resources Center of Bard College, Annandale-on-Hudson, New York 12504 [EMAIL PROTECTED] voice: 845-758-7475, fax: 845-758-7035
Re: [Dovecot] o/s tuning for imap
Marcin Michal Jessa wrote: Russell E. Meek wrote: Quoting Ken A [EMAIL PROTECTED]: I'm switching from a pop3 only dovecot install to a pop3/imap install and I'm wondering how many connections every 100 'normal' imap users might have/keep open? I'm wondering if I need to tweak any o/s related things, like time_wait, etc. Any pointers would be greatly appreciated. Thanks, Ken A. OS related tweaks, probably not. However you could utilize a imap proxy such as up-imapproxy which if using FreeBSD is in ports. A propos proxy. Is it possible to run dovecot as an IMAP proxy with load balancing the same way it is possible with Courier and Cyrus? If not, is it on the TODO list? http://wiki.dovecot.org/HowTo/ImapProxy Works quite well here.
[Dovecot] Dovecot Imap Stopped working
Dovecot has been working fine for months. We are using 1.0. Come in to work today and dovecot quit working POP3 and IMAP. I restarted the service and everything started working except IMAP? We use Dovecot as an authentication method for outgoing mail and it works. I can't telnet to myhostname.com 143, Squirrelmail will NOT work either. Where is a good place to start looking for signs of the problem. When we restart we get no errors, which is strange? K
Re: [Dovecot] Dovecot + Sieve
Steffen Kaiser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 4 Sep 2007, Marcin Michal Jessa wrote:
The naming of the Sieve script and the configuration variables is
explained here:
http://wiki.dovecot.org/LDA/Sieve
Note: The change of the name of global script path.
script path refers to a filename, not just the directory of the
.dovecot-sieve file.
BTW: Because the script is compiled into a byte code representation,
everybody needs write permission to the directory of the script
(creates .tmp file, on success renames into script pathc ).
If you force the compilation process using sievec, no write
permission is required, e.g.:
scriptpath=absolute filename/path of your Sieve script
/usr/local/libexec/dovecot/sievec $scriptpath ${scriptpath}c
I've tried manually compiling the script. I now have a sieve and a
sievec in my mail folder, and the sieve variable in dovecot.conf
(1.0.3) is set to /var/mail/%d/%u/sieve (The filename specified should
be the script source, not the compiled version, correct?).
I receive no errors from deliver using this method - but no evidence
that the script is being followed, either. I thought I'd start with
something simple - when that didn't work I added a global fileinto
directive - still not doing anything. Do I need to set execute
permissions or turn off world-readable permissions on the script or
compiled version?
require [fileinto];
if header :contains [From,To] [[EMAIL PROTECTED],[EMAIL PROTECTED]] {
fileinto System-Messages;
}
fileinto System-Messages;
--
Daniel
[Dovecot] auth_default_realm for different listeners
We provide POP3 service for several realms, each of which has a substantial
number of users logging in with no realm (bare username). We would like to
use Dovecot, but I haven't been able to findout how to vary
auth_default_realm for each listener.
My most recent attempt was to set up one auth {} block for each realm with a
different auth_default_realm and socket master path. I then set up one
protocol pop3 {} block for each realm, listening on different IP addresses
and with a auth_socket_path corresponding to the auth block for that
listener.
I'm not sure if I'm on the right track here, but I'm seeing two problems:
1. When dovecot starts, I get:
Sep 5 18:32:21 pop01 dovecot: auth(otherdomain): Socket already exists:
/var/run/dovecot/auth-otherdomain
for each additional auth {} block.
2. dovecot won't start with auth_socket_path specified in a protocl pop3 {}
block:
Error in configuration file /etc/dovecot/dovecot.conf line 654: Unknown
setting: socket_path
Is there a way to vary auth_default_realm for each listener, so I can have
multiple realms log in with bare usernames?
thanks,
john
--
John Morrissey _o/\ __o
[EMAIL PROTECTED]_- \_ / \ \,
www.horde.net/__(_)/_(_)/\___(_) /_(_)__
Re: [Dovecot] o/s tuning for imap
http://wiki.dovecot.org/HowTo/ImapProxy Works quite well here. This is very interesting Does it work ok if you want to have one machine handle the nearly all the normal IMAP traffic, but it has the ability to proxy a few users to a different server? ie do you need to set it up as a proxy in front of another server, or can you have a hybrid server? In conjuction with some kind of imap folder sync this would be quite cool in a multi-office setup where you can then easily move users mailbox to the closest server where they are working and a few DNS tricks would allow them to turn up in any office and immediately start working. Ed W
[Dovecot] securing dovecot proxy connections
The wiki http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy page says this: The connections created to the destination server can't be TLS/SSL encrypted.. Hrmm. Right now, with perdition, I'm forcing the use of STARTTLS on the internal connections. I'd just as soon get rid of perdition (to have one less moving part in my architecture), but I need the secure connections. Is there a way to configure dovecot's internal proxy connections to use STARTTLS or some other SSL/TLS level of security? (Without a bunch more research, I don't know what the interaction is between the real client, the dovecot proxy, and the destination server.) -- [EMAIL PROTECTED] (WJCarpenter)PGP 0x91865119 38 95 1B 69 C9 C6 3D 2573 46 32 04 69 D6 ED F3
[Dovecot] Quota bug in deliver?
Hi,
I may be wrong, but I suspect a bug in dovecot deliver when using
quotas.
I've put some mails into a mailbox and then reduced the quota, to
have the mailbox be over quota - here's the quota informaiton:
[...]
2 getquotaroot INBOX
* QUOTAROOT INBOX
* QUOTA (STORAGE 880 5)
2 OK Getquotaroot completed.
[...]
When I have a setup with quotas only in the database, everything
works as expected and deliver denies the message:
Sep 5 21:50:14 ms4 deliver([EMAIL PROTECTED]):
msgid=[EMAIL PROTECTED]: save failed
to INBOX: Quota exceed
ed
Sep 5 21:50:14 ms4 deliver([EMAIL PROTECTED]):
msgid=[EMAIL PROTECTED]: Rejected:
Quota exceeded
When I put a standard quota into the config as follows, the delivery
succeeds (apparently deliver checks the standard quota, while IMAP
correctly checks the quota from the database if it is returned.
Sep 5 21:46:11 ms4 deliver([EMAIL PROTECTED]):
msgid=[EMAIL PROTECTED]: saved mail
to INBOX
The mailbox is still over quota here, but deliver does not seem to
notice.
== standard quota in the config
plugin {
quota = maildir:storage=102400:messages=1000
[...]
}
In case I've overlooked something, please let me know. Otherwise let
me know if you need some more information.
Baltasar
_ FORMER 03 GmbH
_ www.former03.de
_ fon 089.322112.0
PGP.sig
Description: This is a digitally signed message part
Re: [Dovecot] Dovecot + Sieve
pod wrote:
DM == Daniel L Miller [EMAIL PROTECTED] writes:
DM I've tried manually compiling the script. I now have a sieve
DM and a sievec in my mail folder, and the sieve variable in
DM dovecot.conf (1.0.3) is set to /var/mail/%d/%u/sieve (The filename
DM specified should be the script source, not the compiled version,
DM correct?).
DM I receive no errors from deliver using this method - but no
DM evidence that the script is being followed, either. I thought I'd
DM start with something simple - when that didn't work I added a
DM global fileinto directive - still not doing anything. Do I need
DM to set execute permissions or turn off world-readable permissions
DM on the script or compiled version?
Create the following config file or something similar:
log_path = /dev/stderr
info_log_path = /dev/stderr
mail_debug = yes
mail_location = maildir:%h/tmp/Maildir
protocol lda {
postmaster_address = [EMAIL PROTECTED]
mail_plugins = cmusieve
}
put it in, say, ~/tmp/dovecot.lda-debug.conf. Directly invoke deliver as
a regular user with the -c option pointing to this config file, e.g.
[EMAIL PROTECTED] date | /usr/libexec/dovecot/deliver -c
~/tmp/dovecot.lda-debug.conf
Observe the output.
Thank you for that extremely detailed debugging procedure. Resulting
output is below:
deliver(vmail): Sep 05 13:05:28 Info: Loading modules from directory:
/usr/lib/dovecot/modules/lda
deliver(vmail): Sep 05 13:05:28 Info: Module loaded:
/usr/lib/dovecot/modules/lda/lib90_cmusieve_plugin.so
deliver(vmail): Sep 05 13:05:28 Info: maildir:
data=/var/mail/amfes.com/dmiller
deliver(vmail): Sep 05 13:05:28 Info: maildir:
root=/var/mail/amfes.com/dmiller, index=/var/mail/amfes.com/dmiller,
control=, inbox=
deliver(vmail): Sep 05 13:05:28 Info: msgid=: saved mail to INBOX
Based on this, the sieve script is not being executed at all. My temp
config is:
log_path = /dev/stderr
info_log_path = /dev/stderr
mail_debug = yes
mail_location = maildir:/var/mail/amfes.com/dmiller
protocol lda {
postmaster_address = [EMAIL PROTECTED]
mail_plugins = cmusieve
sieve = /var/mail/%d/%u/sieve
}
I did make a discovery - hardcoding the sieve path, without variables,
e.g. sieve = /var/mail/amfes.com/dmiller/sieve - worked!
Is there a problem using the domain / user variables in the
configuration file?
DM require [fileinto];
DM if header :contains [From,To] [[EMAIL PROTECTED],[EMAIL
PROTECTED]] {
DM fileinto System-Messages;
DM }
DM fileinto System-Messages;
I think you ought to consider using an ADDRESS test rather than a HEADER
test for this sort of match, thus
if address :is :all [from, to] [[EMAIL PROTECTED], [EMAIL PROTECTED]] {
# ... etc
}
which will do proper address matching (i.e. phrase or comment parts in
headers won't match) against a reasonable set of sender and recipient
headers (for example a CC header).
I appreciate the assistance with the script as well - I obviously need
to learn the sieve language.
--
Daniel
Re: [Dovecot] Quota bug in deliver?
bc When I put a standard quota into the config as follows, the bc delivery succeeds (apparently deliver checks the standard quota, bc while IMAP correctly checks the quota from the database if it is bc returned. Sep 5 21:46:11 ms4 bc The mailbox is still over quota here, but deliver does not seem to bc notice. I recently debugged that situation in my own configuration. Are you using prefetches for your user query? If you are using prefetch for your userdb lookups, you still need a separate user query to be used by deliver (it doesn't do the password query). The wiki pages show a configuration for keeping the prefetch for IMAP but having a user query for deliver. I don't know if that works since I simply got rid of my prefetch completely and moved on to a different problem when that cured it. (I plan to try to put the prefetch back in later when I get some spare time.) -- [EMAIL PROTECTED] (WJCarpenter)PGP 0x91865119 38 95 1B 69 C9 C6 3D 2573 46 32 04 69 D6 ED F3
Re: [Dovecot] Dovecot Imap Stopped working
Duracom Lists wrote: Dovecot has been working fine for months. We are using 1.0. Come in to work today and dovecot quit working POP3 and IMAP. I restarted the service and everything started working except IMAP? We use Dovecot as an authentication method for outgoing mail and it works. I can't telnet to myhostname.com 143, Squirrelmail will NOT work either. Where is a good place to start looking for signs of the problem. When we restart we get no errors, which is strange? K What's in your protocols line in dovecot.conf? -- Daniel
Re: [Dovecot] securing dovecot proxy connections
wjc Is there a way to configure dovecot's internal proxy connections wjc to use STARTTLS or some other SSL/TLS level of security? wjc (Without a mmj Just create encrypted tunnel between the peers and send your mmj traffic through it. IPSec, ssh etc.. Thanks for the suggestion. I had thought of that, but all my front-end servers are also back-end servers. (I'm just letting the users come in on any server -- usually the correct one -- and want to transparently connect them to the correct back-end if they happen to come into the wrong server.) So, even with just 5 servers, that's 20 tunnels to keep afloat through reboots, etc. In principle no problem, but it's a lot of balls in the air.
[Dovecot] OT Project idea: IMAP plugin for Google Desktop
Posting here, as Dovecot seems to be the premier IMAP server available. In case anyone is looking for something to work on, I found today that Google Desktop only understands email clients that keep mail on the client, and it would be nice if there was a plugin that understood IMAP. Here's a site that seems to explain how to write such plugins: http://www.plugindevelopment.com/
Re: [Dovecot] Quota bug in deliver?
Hi,
On 05.09.2007, at 22:19, WJCarpenter wrote:
bc When I put a standard quota into the config as follows, the
bc delivery succeeds (apparently deliver checks the standard quota,
bc while IMAP correctly checks the quota from the database if it is
bc returned. Sep 5 21:46:11 ms4
bc The mailbox is still over quota here, but deliver does not seem to
bc notice.
I recently debugged that situation in my own configuration. Are you
using prefetches for your user query?
If you are using prefetch for your userdb lookups, you still need a
separate user query to be used by deliver (it doesn't do the password
query). The wiki pages show a configuration for keeping the prefetch
for IMAP but having a user query for deliver. I don't know if that
works since I simply got rid of my prefetch completely and moved on to
a different problem when that cured it. (I plan to try to put the
prefetch back in later when I get some spare time.)
I do use prefetch, I have an separate query, too. Without that the
quota fails completely.
Having both statements and prefetch, the quota works fine with IMAP
and deliver when I have no quota line in the plugin section, when I
add the line (see !!MARK!! below), the deliver takes the quota from
that line instead of the database information. IMAP uses the
information from the database all the time, no matter if I have a
quota line in the config.
### SNIP /etc/dovecot/dovecot.conf
protocol imap {
mail_plugins = quota trash imap_quota
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = postmaster@mydomain
auth_socket_path = /var/run/dovecot/auth-master
mail_plugins = cmusieve quota
}
auth default {
mechanisms = plain digest-md5 cram-md5 ntlm rpa
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb prefetch {
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = _dcauth
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
group = mail
}
}
}
plugin {
# !!MARK!!
# deliver seems to use the userdb quota only when I don't have the
following line
quota = maildir:storage=102400:messages=1000
acl = vfile:/etc/dovecot/acls
trash = /etc/dovecot/dovecot-trash.conf
}
### SNIP
_ FORMER 03 GmbH
_ www.former03.de
PGP.sig
Description: This is a digitally signed message part
Re: [Dovecot] Dovecot Imap Stopped working
Duracom Lists wrote: protocols = imap imaps pop3 pop3s -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel L. Miller Sent: Wednesday, September 05, 2007 3:23 PM To: Dovecot Mailing List Subject: Re: [Dovecot] Dovecot Imap Stopped working Duracom Lists wrote: Dovecot has been working fine for months. We are using 1.0. Come in to work today and dovecot quit working POP3 and IMAP. I restarted the service and everything started working except IMAP? We use Dovecot as an authentication method for outgoing mail and it works. I can't telnet to myhostname.com 143, Squirrelmail will NOT work either. Where is a good place to start looking for signs of the problem. When we restart we get no errors, which is strange? K What's in your protocols line in dovecot.conf? Anything strange in the logfile during Dovecot startup? -- Daniel
[Dovecot] passdb/userdb args
I'm a bit unclear on these - give me a moment to ramble on. I should
mention I'm using version 1.0.3, my primary backend is LDAP, and I do
NOT want to store user mail folders in my LDAP directory.
I currently have the following:
default_mail_env = maildir:/var/mail/%d/%n
passdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
# Instructions for deliver state a userdb is still required if using
prefetch
userdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
userdb prefetch {
}
My dovecot-ldap.conf is pretty simple - the trimmed version is:
hosts = localhost
auth_bind = no
user_attrs = %d/%n=mail
user_filter = (mail=%u)
pass_attrs = ((userPassword=password)(mail=%u))
user_global_uid = 5000
user_global_gid = 8
I recognize that the pass_attrs is incorrect for a prefetch config - but
I couldn't get it to work. My mail folder structure is
/var/mail/domain/username.
If, under 1.0.3, I can't use the %d/%n variables to build the
user/home/mail parameters in the LDAP config, can I do it in the
configuration stanza? Something like:
passdb ldap{
args = home=%dn/%n mail=%d/%n /etc/dovecot/dovecot.conf
}
--
Daniel
Re: [Dovecot] passdb/userdb args
Hi,
I was face with a similar problem a couple of month ago. If I recall
correctly, the system needed the home variable but it was empty because it
could not be retrieved in the Actuve Directory tree.
Here is what I did (adapted to your setup. I think)
In my ldap setup I set
pass_attrs = mail=userdb_home
In the main conf file I did
mail_executable = /usr/libexec/dovecot/special.sh
And in special.sh I put
#!/bin/sh
myuser=`echo $HOME|sed s/@.*$//`
domain=`echo $HOME|sed s/^.*@//`
export USER=$HOME
export HOME=/var/mail/${domain}/${myuser}
export MAIL=maildir:${HOME}
exec /usr/libexec/dovecot/imap
Voila!
Make sure that special.sh is where mail_executable says it is And don't
forget to chmod a+x it.
Hope this helps
François
On Thursday 06 September 2007 06:20, Daniel L. Miller wrote:
I'm a bit unclear on these - give me a moment to ramble on. I should
mention I'm using version 1.0.3, my primary backend is LDAP, and I do
NOT want to store user mail folders in my LDAP directory.
I currently have the following:
default_mail_env = maildir:/var/mail/%d/%n
passdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
# Instructions for deliver state a userdb is still required if using
prefetch
userdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
userdb prefetch {
}
My dovecot-ldap.conf is pretty simple - the trimmed version is:
hosts = localhost
auth_bind = no
user_attrs = %d/%n=mail
user_filter = (mail=%u)
pass_attrs = ((userPassword=password)(mail=%u))
user_global_uid = 5000
user_global_gid = 8
I recognize that the pass_attrs is incorrect for a prefetch config - but
I couldn't get it to work. My mail folder structure is
/var/mail/domain/username.
If, under 1.0.3, I can't use the %d/%n variables to build the
user/home/mail parameters in the LDAP config, can I do it in the
configuration stanza? Something like:
passdb ldap{
args = home=%dn/%n mail=%d/%n /etc/dovecot/dovecot.conf
}
Re: [Dovecot] securing dovecot proxy connections
ka per another current thread (o/s tuning for imap), I've installed ka imapproxy, and it supports starttls to the backend imap server. It ka doesn't use encryption on the incoming connections though, since ka they are presumably from localhost (squirrelmail). Ken That's an interesting thought. Have you actually gotten its STARTTLS to work? I tried it a couple days ago with no luck, but maybe I just didn't try hard enough. -- [EMAIL PROTECTED] (WJCarpenter)PGP 0x91865119 38 95 1B 69 C9 C6 3D 2573 46 32 04 69 D6 ED F3
Re: [Dovecot] Quota bug in deliver?
FORMER 03 | Baltasar Cevc wrote:
Hi,
On 05.09.2007, at 22:19, WJCarpenter wrote:
bc When I put a standard quota into the config as follows, the
bc delivery succeeds (apparently deliver checks the standard quota,
bc while IMAP correctly checks the quota from the database if it is
bc returned. Sep 5 21:46:11 ms4
bc The mailbox is still over quota here, but deliver does not seem to
bc notice.
I recently debugged that situation in my own configuration. Are you
using prefetches for your user query?
If you are using prefetch for your userdb lookups, you still need a
separate user query to be used by deliver (it doesn't do the password
query). The wiki pages show a configuration for keeping the prefetch
for IMAP but having a user query for deliver. I don't know if that
works since I simply got rid of my prefetch completely and moved on to
a different problem when that cured it. (I plan to try to put the
prefetch back in later when I get some spare time.)
I do use prefetch, I have an separate query, too. Without that the
quota fails completely.
Having both statements and prefetch, the quota works fine with IMAP
and deliver when I have no quota line in the plugin section, when I
add the line (see !!MARK!! below), the deliver takes the quota from
that line instead of the database information. IMAP uses the
information from the database all the time, no matter if I have a
quota line in the config.
[...]
plugin {
# !!MARK!!
# deliver seems to use the userdb quota only when I don't have the
following line
quota = maildir:storage=102400:messages=1000
acl = vfile:/etc/dovecot/acls
trash = /etc/dovecot/dovecot-trash.conf
}
I discovered something similar. User's quota from the DB was not used
when the user's quota was over the limit of the plugin part.
According to the docs the db quota values should always come first
before the plugin part but it does not.
Marcin.
Re: [Dovecot] securing dovecot proxy connections
WJCarpenter wrote: wjc Is there a way to configure dovecot's internal proxy connections wjc to use STARTTLS or some other SSL/TLS level of security? wjc (Without a mmj Just create encrypted tunnel between the peers and send your mmj traffic through it. IPSec, ssh etc.. Thanks for the suggestion. I had thought of that, but all my front-end servers are also back-end servers. (I'm just letting the users come in on any server -- usually the correct one -- and want to transparently connect them to the correct back-end if they happen to come into the wrong server.) So, even with just 5 servers, that's 20 tunnels to keep afloat through reboots, etc. In principle no problem, but it's a lot of balls in the air. In that case you could add VLAN trunks between them to separate connections from the rest of the network. You would tunnel your server traffic in VLANs and noone would be able to sniff it. This is probably the quickest and most robust way to do this on a LAN not involving any security protocols. Marcin.
