Re: [Dovecot] Dovecot/postfix to do 'copy to sent' ?
Personally I don't like fake senderbcc address for every user. This my catch a lots of spam in sent folders. you are confusing sender bcc with virtual aliases. What about spam with a faked FROM address which seems to be from a local user? I think the point is that this strategy can cause a copy of the spam to end up being added as a sent item. The extra header field was being added presumably to identify real sent mail from faked spam and hence only add real sent messages to the sent folder? Ed W
[Dovecot] IMAP, Shared folders, symlinks and permissions
Greetings Using FC7, dovecot-1.0.3-6.fc6 and maildir I have a recurring problem with permissions. We have a (real) account on the system called custs. Within the email account for custs there exists some 300 folders, one for each customer. This worked okay originally with mbox. Everyone had access to their own email folders and they all had access to the custs account. They only problem is that to find one folder (customers)'s emails, you had to scroll through 300+ folders. For the people who need access to all of the custs' folders, there was no problem (apart from a real estate one of scrolling which sometimes caused people to drag and drop into the wrong folders). The problem is that around 16 staff need only access to a subset of customers (i.e. the ones they manage - around 20 each) while the rest of the staff need access to the lot. What we did was to convert everything to Maildir so that we could use symlinks. So far so good. We created symlinks from /home/custs/Maildir/customer1 to /home/manager1/Maildir/customer1 and from /home/custs/Maildir/customer2 to /home/manager2/Maildir/customer2. Again, so far, so good. Manager 1 gets access to Customer 1 and Manager 2 gets access to Customer 2. The problem comes when someone who ONLY has access to the custs account drops an email into Customer 1. The file dovecot-uidlist gets created and suddenly Manager 1 cannot see the folder. We changed (in desperation) the group owner of custs/Maildir to common (which everyone is a member of) and did a chmod g+s from the custs/Maildir down. e even set the permissions of the custs/Maildir/* to 777 to watch what was happening. It appears that the permissions on the file dovecot-uidlist is set to 600 every time someone drops an email into the folder. Then when someone else tries to access the folder they get a permission denied error on dovecot-uidlist. Can anyone explain to me how to: Change the way dovecot creates the dovecot-uid files so that the permissions are set to 660 or 666 or Set this up better so that we can share all these folders. Any suggestions, questions, comments will be (very) gratefully accepted. Rgds Nigel. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [Dovecot] IMAP, Shared folders, symlinks and permissions
Nigel Allen wrote: Can anyone explain to me how to: Change the way dovecot creates the dovecot-uid files so that the permissions are set to 660 or 666 or Set this up better so that we can share all these folders. According to the wiki, http://wiki.dovecot.org/SharedMailboxes , I think you need to create a dovecot-shared file with the permissions that you want. I never tried this, though. Anders.
Re: [Dovecot] Dovecot/postfix to do 'copy to sent' ?
Ed W wrote: Personally I don't like fake senderbcc address for every user. This my catch a lots of spam in sent folders. you are confusing sender bcc with virtual aliases. What about spam with a faked FROM address which seems to be from a local user? I think the point is that this strategy can cause a copy of the spam to end up being added as a sent item. there are two cases: - you enforce authentication and sender-login match. in this case, you detect forgeries - you don't. in this case, you can't detect forgeries. and a header won't help. the whole approach breaks. The extra header field was being added presumably to identify real sent mail from faked spam and hence only add real sent messages to the sent folder? and how do you add a header only to really sent mail? and anyway, how do you deliver a _copy_? remember that this is outgoing mail and won't naturally go through dovecot.
Re: [Dovecot] Dovecot/postfix to do 'copy to sent' ?
Ed W wrote: mouss wrote: there are two cases: - you enforce authentication and sender-login match. in this case, you detect forgeries Lots of people like to allow authenticated users to send messages out with their own choice of FROM address (you paid for an smtp service - my opinion is that you should be allowed to use it for all your messages...). Possibly I misunderstand sender-login maps on postfix though and this is actually allowed (does it work by stopping you pretending to be another local user, but NOT limiting you from being a random other user, eg [EMAIL PROTECTED] ?) you can use a map of allowed (login, sender) pairs. so a single login can have many authorized addresses. if you allow any address, then that user can forge the address of someone else (including in yahoo, hotmail, ...). in this case, smtp is not the right way to implement the copy to Sent feature under discussion. - you don't. in this case, you can't detect forgeries. and a header won't help. the whole approach breaks. His point was that the header could be added at the client end - not all that scalable, but a good idea. headers may be forged, so it's not secure either. but even if this is not a concern, you are asking users to add a header in their MUA! That's beyond the capacities of most users. What seems to be missing from postfix (my understanding), but would be very useful, is a map which is based on authenticated sender name (we have maps based on FROM, but not authenticated user...) - this would allow stuff like more flexible restrictions on what a user can do based on the user themselves rather than the FROM address they are using... Possibly my misunderstanding though? if you want access per login, then you need to implement this in a policy service. but in general, you don't want to allow a user to use an arbitrary sender address. in an ISP environment, it is easier to setup multiple MSAs to implement different user classes. The extra header field was being added presumably to identify real sent mail from faked spam and hence only add real sent messages to the sent folder? and how do you add a header only to really sent mail? and anyway, how do you deliver a _copy_? remember that this is outgoing mail and won't naturally go through dovecot. Perhaps I misunderstand the idea - but what I think was wanted was that every sent email from an authenticated sender would be bcc'd back to the person it came from. Then when it's being delivered back to the person who sent it (ie deliberate mail loop back) we detect that it's our own message bouncing back and stick it in the sent items folder instead of the inbox. The finesse is then reliably detecting which is which if mail is delivered to Sent folder instead of intended recipients, users will break your bones. you can try whatever approach, but a COPY is needed so that the message goes both to the intended recipient AND to the Sent folder. and since the folder depends on the sender address, you need either sender bcc or pass all mail to a script or an LDA that will do the copy and resubmit the mail. but resubmitting mail this way is suboptimal. The point raised later in the thread is that it's quite hard to detect mail being bcc'd back to us for putting in sent items and mail being dropped onto the server with a forged FROM address. As you correctly point out some restrictions on authenticated user help. The previous poster pointed out that hard to guess client headers inserted in all genuine email are also useful you can put a header to detect forgeries if you like, but you should still use sender bcc to create a copy of outgoing mail.
[Dovecot] how add size and vsize filed to a maildir filename ?
Hi to all, I'm a sys admin in a college, and we're using Dovecot as IMAP/POP3 server and delivery; we're also patch dovecot to add managesieve capability. I've a question: I've read on dovecot's wiki, that is possible improve the performance on maildir file by adding ,S=size,W=vsize fields on filename. How is possible to do that ? I've search on all the wiki and on the mailing list, but I didn't find nothing about modify the maildir file name. Someone can help me ? Best regards, Marco
[Dovecot] Problem with virtual mail user login users uid not permitted
Hello,
I am trying to run exim 4.68 and dovecot 1.0.13 on Solaris 10 x86 5/08
using dovecot lda and sieve with virtual users and domains, tls and
ssl. At the moment certificates are from my internal CA Exim and
Dovecot, dovecot lda and dovecot sieve were downloaded and installed
from Blastwave. Mail delivery (ie from Exim to dovecot via dovecot
lda) is working correctly but when I try to access mail using imap
from a client (eg. Thunderbird) the login fails. My mail user for
accessing virtual user mail is vmail (uid=954, gid=954). I have
attached the messages from dovecot.log and the output of dovecot -n
below as well as contents from the passdb file.
Can anyone point me to where I've gone wrong, I've had this working
fine on Linux but Solaris just doesn't seem to want to play :-)
Thanks,
Neil
--
E [EMAIL PROTECTED]
My passdb file contents:
lothar# cat /opt/csw/etc/vmail/comms.neologix/passwd
neil:{MD5-CRYPT}$1$Lik.5MFj$PJKYoXEfADgTiK1PI6aa01:954:954::/export/
home/vmail/comms.neologix/users/
neil::userdb_quota=maildir:storage=10240
mail_plugins=cmusieve,quota,imap_quota sieve=.dovecot.sieve
Contents of dovecot.log:
dovecot: May 12 15:13:45 Info: auth(default): passwd-file /opt/csw/etc/
vmail/comms.neologix/passwd: Read 2 users
dovecot: May 12 15:13:45 Info: auth(default): passwd-file([EMAIL PROTECTED]
,192.168.1.100): lookup: user=neil file=/opt/csw/etc/vmail/
comms.neologix/passwd
dovecot: May 12 15:13:45 Info: auth(default): client out: OK
1 [EMAIL PROTECTED]
mail_plugins=cmusieve,quota,imap_quota sieve=.dovecot.sieve
dovecot: May 12 15:13:45 Error: user [EMAIL PROTECTED]: Logins with
login_user's UID 954 not permitted (see http://wiki.dovecot.org/
UserIds).
dovecot: May 12 15:13:45 Info: auth(default): master in:
REQUEST1 16850 1
dovecot: May 12 15:13:45 Info: auth(default):
passwd([EMAIL PROTECTED],192.168.1.100): lookup
dovecot: May 12 15:13:45 Info: auth(default):
passwd([EMAIL PROTECTED],192.168.1.100): unknown user
dovecot: May 12 15:13:45 Info: auth(default): passwd-file([EMAIL PROTECTED]
,192.168.1.100): lookup: user=neil file=/opt/csw/etc/vmail/
comms.neologix/passwd
dovecot: May 12 15:13:45 Info: auth(default): master out: USER
1 [EMAIL PROTECTED] uid=954 gid=954 home=/export/home/
vmail/comms.neologix/users/neil quota=maildir:storage=10240
dovecot: May 12 15:13:45 Info: imap-login: Internal login failure:
user=[EMAIL PROTECTED], method=PLAIN, rip=192.168.1.100,
lip=192.168.1.229, TLS
The output from dovecot -n is:
lothar# dovecot -n
# 1.0.13: /opt/csw/etc/dovecot.conf
base_dir: /opt/csw/var/run/dovecot/
log_path: /opt/csw/var/log/dovecot.log
ssl_cert_file: /opt/csw/ssl/certs/dovecot-cert.pem
ssl_key_file: /opt/csw/ssl/private/dovecot-key-np.pem
verbose_ssl: yes
login_dir: /opt/csw/var/run/dovecot//login
login_executable: /opt/csw/libexec/dovecot/imap-login
login_user: vmail
first_valid_uid: 900
last_valid_uid: 1900
first_valid_gid: 900
last_valid_gid: 1900
mail_location: maildir:%h/Maildir
mail_debug: yes
auth default:
username_format: %Lu
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: passwd-file
args: /opt/csw/etc/vmail/%d/passwd
userdb:
driver: passwd
userdb:
driver: passwd-file
args: /opt/csw/etc/vmail/%d/passwd
socket:
type: listen
client:
path: /opt/csw/var/run/dovecot/auth-client
mode: 432
master:
path: /opt/csw/var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
plugin:
sieve: %h/.dovecot.sieve
quota: maildir
[Dovecot] imapsync
Hi All, I'm trying out the imapsync migration tool, migrating user mails from cyrus IMAP to Dovecot IMAP. In order to avoid knowing about each of the users password, I use the cyrus admin user in the cyrus end. Is there such a thing as the dovecot admin user, or is that simply the root user? Any input appreciated /Lars
Re: [Dovecot] imapsync
El Lunes, 12 de Mayo de 2008 a las 14:01, Lars Stavholm escribió: Hi All, I'm trying out the imapsync migration tool, migrating user mails from cyrus IMAP to Dovecot IMAP. In order to avoid knowing about each of the users password, I use the cyrus admin user in the cyrus end. Is there such a thing as the dovecot admin user, or is that simply the root user? You can use a master user http://wiki.dovecot.org/Authentication/MasterUsers HTH -- Joseba Torre. CIDIR Bizkaia. signature.asc Description: This is a digitally signed message part.
[Dovecot] Automounted home dirs not working
I'm testing Dovecot as a possible replacement for UW. In my environment the home directories are automounted via NFS from a NetApp. In general this works fine, but Dovecot isn't picking up the automounted directories. Consider the case of Arthur Dent, test user: May 12 10:30:24 testbed dovecot: [ID 107833 mail.info] imap-login: Login: user=adent, method=PLAIN, rip=xxx.xxx.xxx.242, lip=xxx.xxx.xxx.242, secured May 12 10:30:24 testbed dovecot: [ID 107833 mail.error] IMAP(adent): mkdir_parents(/home/adent/Mail) failed: No such file or directory May 12 10:30:24 testbed dovecot: [ID 107833 mail.error] IMAP(adent): Mail storage creation failed with mail_location: mbox:/home/adent/Mail:INBOX=/var/mail/adent May 12 10:30:24 testbed dovecot: [ID 961074 mail.error] child 21816 (imap) returned error 89 (if however I make sure that /home/adent is mounted at the server (eg. cd /home/adent) prior to starting the mail client this error does not occur) Why isn't the automount succeeding? This is Dovecot Version 1.0.13. I'm running under Solaris 10. Thanks! Roy PS: [EMAIL PROTECTED] /var/log ]# dovecot -n # 1.0.13: /etc/dovecot.conf base_dir: /var/run/dovecot/ protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/ssl/certs/imapd.pem ssl_key_file: /etc/ssl/private/imapd.pem disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login verbose_proctitle: yes mail_privileged_group: mail mail_location: mbox:~/Mail:INBOX=/var/mail/%u mmap_disable: yes dotlock_use_excl: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xv%08Xu auth default: mechanisms: plain login passdb: driver: pam passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: passwd userdb: driver: ldap args: /etc/dovecot-ldap.conf -- Roy McMorran Systems Administrator MDI Biological Laboratory [EMAIL PROTECTED]
Re: [Dovecot] imap memory footprint rather large
also sprach Timo Sirainen [EMAIL PROTECTED] [2007.08.13.2324 +0100]: Is there a way to vacuum/reduce/optimise the cache? You can always delete it, but if your client wants the same information all over again it gets grown to the same size. Probably it doesn't after the initial mailbox load. Dovecot should also drop unused fields from it after a week or so, but currently this isn't done. Any news on that front? -- martin | http://madduck.net/ | http://two.sentenc.es/ frank harris has been received in all the great houses -- once! -- oscar wilde spamtraps: [EMAIL PROTECTED] digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Re: [Dovecot] imapsync
On Mon, 2008-05-12 at 14:01 +0200, Lars Stavholm wrote: I'm trying out the imapsync migration tool, migrating user mails from cyrus IMAP to Dovecot IMAP. BTW. Another possibility is cyrus2courier that can quickly do a Cyrus to maildir migration. I did recently some changes to it when someone complained that the official version wasn't working with new Cyrus versions. http://dovecot.org/tools/cyrus2courier-1.5.ts.tar.gz should work with Cyrus 2.2 and 2.3, hopefully also with older versions. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Automounted home dirs not working
On Mon, 2008-05-12 at 10:46 -0400, Roy McMorran wrote: I'm testing Dovecot as a possible replacement for UW. In my environment the home directories are automounted via NFS from a NetApp. In general this works fine, but Dovecot isn't picking up the automounted directories. Consider the case of Arthur Dent, test user: May 12 10:30:24 testbed dovecot: [ID 107833 mail.info] imap-login: Login: user=adent, method=PLAIN, rip=xxx.xxx.xxx.242, lip=xxx.xxx.xxx.242, secured May 12 10:30:24 testbed dovecot: [ID 107833 mail.error] IMAP(adent): mkdir_parents(/home/adent/Mail) failed: No such file or directory May 12 10:30:24 testbed dovecot: [ID 107833 mail.error] IMAP(adent): Mail storage creation failed with mail_location: mbox:/home/adent/Mail:INBOX=/var/mail/adent May 12 10:30:24 testbed dovecot: [ID 961074 mail.error] child 21816 (imap) returned error 89 Does this happen only for your LDAP users or also passwd users? Before the above mkdir() Dovecot should chdir() to user's home directory. So if LDAP returns user's home directory, I'd think the chdir() causes automount? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Automounted home dirs not working
Timo Sirainen wrote: On Mon, 2008-05-12 at 10:46 -0400, Roy McMorran wrote: May 12 10:30:24 testbed dovecot: [ID 107833 mail.info] imap-login: Login: user=adent, method=PLAIN, rip=xxx.xxx.xxx.242, lip=xxx.xxx.xxx.242, secured May 12 10:30:24 testbed dovecot: [ID 107833 mail.error] IMAP(adent): mkdir_parents(/home/adent/Mail) failed: No such file or directory May 12 10:30:24 testbed dovecot: [ID 107833 mail.error] IMAP(adent): Mail storage creation failed with mail_location: mbox:/home/adent/Mail:INBOX=/var/mail/adent May 12 10:30:24 testbed dovecot: [ID 961074 mail.error] child 21816 (imap) returned error 89 Does this happen only for your LDAP users or also passwd users? Before the above mkdir() Dovecot should chdir() to user's home directory. So if LDAP returns user's home directory, I'd think the chdir() causes automount? This seems to have been a Solaris issue. I've applied some recent patches to my test machine and it seems to be resolved. You're right Timo about the chdir - I ran a truss and that was where it was initially failing (with ENOENT). Now it works: ... 6983: seteuid(20025) = 0 6983: alarm(30) = 0 6983: chdir(/home/adent)= 0 6983: alarm(0)= 30 6983: seteuid(0) = 0 ... Thanks for the help! Cheers, -- Roy McMorran Systems Administrator MDI Biological Laboratory [EMAIL PROTECTED]
[Dovecot] Dovecot - MySQL Virtual User Virtual Domains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i wrote a mini quick and dirty how to install dovecot from mercurial with mysql support to use virtual users and virtual domains. The tutorial doesnt cover much, but still someone could find some help at this. http://ebalaskas.gr/wk/dovecot/dovecotsqlauth any comments (good or bad) can addressed to my email address Evaggelos Balaskas - http://ebalaskas.gr/wk Unix System Engineer Informatics Engineer Technological Education -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIKKTqWIK+Pe9twhoRAgPiAJ0drcy9TYkCYyNY+5cHh+H/If1RJQCgt4bX JZs12hgvVyBrkQq3PTtFAy8= =Tafd -END PGP SIGNATURE-
Re: [Dovecot] Automounted home dirs not working
Roy McMorran wrote: Timo Sirainen wrote: Does this happen only for your LDAP users or also passwd users? Before the above mkdir() Dovecot should chdir() to user's home directory. So if LDAP returns user's home directory, I'd think the chdir() causes automount? This seems to have been a Solaris issue. I've applied some recent patches to my test machine and it seems to be resolved. Arrgh, I spoke too soon. It worked once right after the reboot. Now it's gone south again. Here's the same bit of truss output: 16016: setegid(1032) = 0 16016: seteuid(20025) = 0 16016: alarm(30) = 0 16016: chdir(/home/adent)Err#2 ENOENT 16016: alarm(0)= 30 16016: seteuid(0) = 0 I can't imagine why a simple chdir is failing. From the shell (on the same server) cd /home/adent works fine (i.e. the automount happens). $ cd /home/adent $ df -k . Filesystem 1K-blocks Used Available Use% Mounted on jeltz:/vol/vol4/home/adent 1073741824 904942140 168799684 85% /home/adent This is weird. To answer your question Timo, these are all LDAP users. In truth I don't have any passwd users, but I could try creating a local test user. Thanks for your help. Best wishes, Roy -- Roy McMorran Systems Administrator MDI Biological Laboratory [EMAIL PROTECTED]
Re: [Dovecot] unix style mbox and vmail maildir on the same server
On Sat, 2008-05-10 at 16:10 -0400, Charles Marcus wrote: Glen Lee Edwards wrote: Hi, I'm new to dovecott. Using version 1.0.rc15. You'd be doing yourself a favor by upgrading first - this is a very old/buggy version... The 1.1 release is imminent (at rc5 stage now), so personally I'd move to that. You'll have to enable one of the at repositories, but it is available... I'm afraid that's easier said than done. Debian as a rule uses older packages in their stable version. I just tried to install 1.1.rc5, but can't: checking for mysql_init in -lmysqlclient... no configure: error: Can't build with MySQL support: libmysqlclient not found Directory: ~/downloads/dovecot-1.1.rc5 $ locate libmysqlclient /usr/lib/libmysqlclient_r.so.15 /usr/lib/libmysqlclient_r.so.15.0.0 /usr/lib/libmysqlclient.so.15 /usr/lib/libmysqlclient.so.15.0.0 Long story short...I don't have the time to make individual customizations to the system so that one program will work only if I make wholesale changes to the sytem. If this would have been a simple .configure, make, make-install, then I'd do it. But it looks like I'm going to have to upgrade mysql, which will require other manual upgrades. Glen
Re: [Dovecot] unix style mbox and vmail maildir on the same server
On Mon, 2008-05-12 at 11:27 -0500, Glen Lee Edwards wrote: On Sat, 2008-05-10 at 16:10 -0400, Charles Marcus wrote: Glen Lee Edwards wrote: Hi, I'm new to dovecott. Using version 1.0.rc15. You'd be doing yourself a favor by upgrading first - this is a very old/buggy version... The 1.1 release is imminent (at rc5 stage now), so personally I'd move to that. You'll have to enable one of the at repositories, but it is available... I'm afraid that's easier said than done. Debian as a rule uses older packages in their stable version. I just tried to install 1.1.rc5, but can't: checking for mysql_init in -lmysqlclient... no configure: error: Can't build with MySQL support: libmysqlclient not found Directory: ~/downloads/dovecot-1.1.rc5 $ locate libmysqlclient /usr/lib/libmysqlclient_r.so.15 /usr/lib/libmysqlclient_r.so.15.0.0 /usr/lib/libmysqlclient.so.15 /usr/lib/libmysqlclient.so.15.0.0 Long story short...I don't have the time to make individual customizations to the system so that one program will work only if I make wholesale changes to the sytem. If this would have been a simple .configure, make, make-install, then I'd do it. But it looks like I'm going to have to upgrade mysql, which will require other manual upgrades. Glen Guess I spoke too soon: apt-get install libmysqlclient15-dev was all I needed to do. Glen
