[Dovecot] Maildir locking by LDA of dovecot
Hi all! First of all, I want ti thank the whole Dovecot community (developers for developing and fast responses, users for populating and responses too). Dovecot is a really good and fast IMAP server - it serves near 3000 in our installation. Now I have a problem and request community's help its resolving;) Dovecot version: 1.0.13, compiled with vpopmail support. I have an account [EMAIL PROTECTED] (:-), in which we put all our spam (we gather statistic later). There can be 10 and more delivery attempts in a second to maildir of this account during the spam attacks on our server. The queue of our server can grow up to 20k messages, and all of these messages are sent to [EMAIL PROTECTED] I found a lot of such strings in dovecot.log file during such DoS attack: dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:18:48 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:18:59 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:20:06 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:20:14 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:20:50 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:21:00 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:21:01 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:22:32 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:22:45 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:22:45 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock dovecot.log:deliver([EMAIL PROTECTED]): May 16 04:23:08 Info: msgid=[EMAIL PROTECTED]: save failed to INBOX: Timeout while waiting for lock What can I do for resolving this locks? The queue of my server becomes really big! May be, while looking into uidlist file, can dovecot LDA lock it? And other deliver processes can't open it and wait for him? $ dovecot --version 1.0.13 # dovecot -n # 1.0.13: /etc/dovecot.conf log_path: /var/log/dovecot.log protocols: imap pop3 ssl_disable: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_greeting: Server is ready. login_process_per_connection: no login_greeting_capability(default): yes login_greeting_capability(imap): yes login_greeting_capability(pop3): no login_max_connections: 1024 first_valid_uid: 39 last_valid_uid: 39 first_valid_gid: 39 last_valid_gid: 39 fsync_disable: yes maildir_copy_with_hardlinks: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: mechanisms: plain login cram-md5 default_realm: tversu.ru cache_size: 10240 user: vpopmail username_format: %Lu passdb: driver: vpopmail args: cache_key=%u dovecot userdb: driver: vpopmail socket: type: listen client: path: /var/spool/postfix/private/auth mode: 438 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 438 plugin: quota: maildir:ignore=Trash --- WBR, Mike Grozak, TvSU IC
Re: [Dovecot] Maildir locking by LDA of dovecot
On 5/22/2008, Mike Grozak ([EMAIL PROTECTED]) wrote: First of all, I want ti thank the whole Dovecot community (developers for developing and fast responses, users for populating and responses too). Dovecot is a really good and fast IMAP server - it serves near 3000 in our installation. What filesystem is this on? -- Best regards, Charles
Re: [Dovecot] Maildir locking by LDA of dovecot
Charles Marcus wrote: On 5/22/2008, Mike Grozak ([EMAIL PROTECTED]) wrote: First of all, I want ti thank the whole Dovecot community (developers for developing and fast responses, users for populating and responses too). Dovecot is a really good and fast IMAP server - it serves near 3000 in our installation. What filesystem is this on? ext3. How can I escape dovecot-uidlist locking? it really locks my system! --- WBR, Mike Grozak, TvSU IC
[Dovecot] auth_socket_path permissiones
Hello, I'm using dovecot 1.0 under debian etch. The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth But this gives me the error: net_connect(/var/spool/postfix/private/auth) failed: Permission denied I suppose deliver is run as dovecot user. I read about running deliver as root with the suid bit set. I'm not quite sure if this is a good solution. Is there any other way. In the wiki says: Most MTAs won't let you run deliver as root, so for now you'll need to make it setuid root. However deliver isn't designed to be run as setuid-root My MTA is postfix, does someone know if postfix let me run deliver as root? If not, should I go to the setuid option? Thank you. -- Adrián Ribao Martínez signature.asc Description: This is a digitally signed message part.
[Dovecot] Sort output of dovecot -n alphabetically?
Is there a way? Postfix does this by default, and it makes it much less likely to miss/overlook a setting... If there is no way, any chance to modify it so that it does? Thanks for dovecot! Really looking forward to 1.1 release! -- Best regards, Charles
Re: [Dovecot] Maildir locking by LDA of dovecot
On 5/22/2008 7:06 AM, Mike Grozak wrote: First of all, I want ti thank the whole Dovecot community (developers for developing and fast responses, users for populating and responses too). Dovecot is a really good and fast IMAP server - it serves near 3000 in our installation. What filesystem is this on? ext3. How can I escape dovecot-uidlist locking? it really locks my system! Have you read closely this page? http://wiki.dovecot.org/MailboxFormat/Maildir It discusses how to properly use dovecot-uidlist.lock For example: The dovecot-uidlist file doesn't need to be locked for reading. When writing dovecot-uidlist.lock file needs to be created. The dovecot-uidlist file must never be directly modified, it can only be replaced with rename() call. and Because Dovecot uses its own non-standard locking (dovecot-uidlist.lock dotlock file), other MUAs accessing the maildir don't support it. This means that if another MUA is updating messages' flags or expunging messages, Dovecot might temporarily lose some message. After the next sync when it finds it again, an error message may be written to log and the message will receive a new UID. It may be a vpopmail issue, but I don't that... Otherwise, I guess you'll have to wait to see if Timo can help... -- Best regards, Charles
Re: [Dovecot] auth_socket_path permissiones
On 5/22/2008, Adrián Ribao Martínez ([EMAIL PROTECTED]) wrote: The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth But this gives me the error: net_connect(/var/spool/postfix/private/auth) failed: Permission denied Please provide full dovecot -n output, not snips from config files (dovecot may not be using the setting you think it is)... -- Best regards, Charles
Re: [Dovecot] auth_socket_path permissiones
Hi. --On Thursday, May 22, 2008 02:32:06 PM +0200 Adrián Ribao Martínez [EMAIL PROTECTED] wrote: The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth If you need the auth socket only for one user, just set the correct permissions. Postfix can run the deliver process as the dovecot user. For more info see http://wiki.dovecot.org/LDA/Postfix. My MTA is postfix, does someone know if postfix let me run deliver as root? If not, should I go to the setuid option? It depends on your setup, I guess. Another feasible option might be using filesystem ACLs for the auth socket. Greetings, Jens
Re: [Dovecot] Sort output of dovecot -n alphabetically?
--On Thursday, May 22, 2008 08:46:15 AM -0400 Charles Marcus [EMAIL PROTECTED] wrote: Is there a way? Postfix does this by default, and it makes it much less likely to miss/overlook a setting... Just pipe it through sort: dovecot -n | sort That should even be possible with Windows. Greetings, Jens
Re: [Dovecot] auth_socket_path permissiones
El Jueves, 22 de Mayo de 2008, Charles Marcus escribió: On 5/22/2008, Adrián Ribao Martínez ([EMAIL PROTECTED]) wrote: The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth But this gives me the error: net_connect(/var/spool/postfix/private/auth) failed: Permission denied Please provide full dovecot -n output, not snips from config files (dovecot may not be using the setting you think it is)... Here you go: # /etc/dovecot/dovecot.conf Warning: mail_extra_groups setting was often used insecurely so it is now deprecated, use mail_access_groups or mail_privileged_group instead log_timestamp: %Y-%m-%d %H:%M:%S protocols: pop3 imap login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_extra_groups: mail mail_access_groups: mail mail_location: mbox:~/mail/%n:INBOX=~/mail/%n/%n mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv auth default: realms: adrima.es universoheroes.com passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 438 user: postfix group: postfix master: -- Adrián Ribao Martínez signature.asc Description: This is a digitally signed message part.
Re: [Dovecot] Sort output of dovecot -n alphabetically?
On 5/22/2008 8:57 AM, Jens Dönhoff wrote: Is there a way? Postfix does this by default, and it makes it much less likely to miss/overlook a setting... Just pipe it through sort: dovecot -n | sort But then *everything* gets sorted (I tried before posting), so its not acceptable solution: host ~ # dovecot -n | sort # 1.1.rc5: /etc/dovecot/dovecot.conf args: * auth default: driver: pam driver: passwd listen: [::] login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login mail_location: maildir:~/.maildir passdb: ssl_cert_file: /etc/ssl/dovecot/server.pem ssl_key_file: /etc/ssl/dovecot/server.key userdb: And no, this is not complete output... -- Best regards, Charles
[Dovecot] Problems with apple'mail client
hi all I use dovecot for smtp authentication this works ok for thunderbird and for outlook express but not for apple'mail client. my config is as follow postfx main.cf . . #authentication smtpd_sasl_auth_enable = yes #smtpd_sasl_local_domain= $myhostname smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients= yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth # TLS parameters . . Dovecot dovecot.conf ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key mail_location = maildir:/var/vmail/%d/%u/Maildir mail_extra_groups = mail first_valid_uid = 5000 last_valid_uid = 5000 maildir_copy_with_hardlinks = yes disable_plaintext_auth = no mail_debug = no dotlock_use_excl=yes protocols = imap pop3 protocol imap { mail_plugins = quota imap_quota imap_client_workarounds = outlook-idle delay-newmail } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } protocol lda { postmaster_address = [EMAIL PROTECTED] mail_plugins = quota log_path = /var/log/dovecot-deliver.log info_log_path = /var/log/dovecot-deliver.log } auth default { mechanisms = plain login passdb sql { args = /usr/dovecot/etc/sql.conf } # userdb prefetch { # } userdb sql { args = /usr/dovecot/etc/sql.conf } user = nobody socket listen { master { path = /usr/dovecot/var/run/dovecot/auth-master mode = 0660 user = vmail group = mail } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = mail } } } dict { } plugin { } Thanks
[Dovecot] dovecot-sieve on freebsd
Hi,I need some help. I use dovecot and dovecot-sieve on a freebsd 7.0-release. everything worked fine without dovecot sieve. I want to deliver amavisd spam marked messages to the 'spam' folder of the user. the system uses virtual environment with multiple domains (and users).all want is a global sieve, to all users, all domains.I googled, but I cannot find the problem,my protocol lda section:protocol lda {nbsp;nbsp;nbsp; log_path = /usr/local/vmail/dovecot-deliver.lognbsp;nbsp;nbsp; sieve_global_dir = /usr/local/vmail/globalsievercnbsp;nbsp;nbsp; mail_plugins = cmusievenbsp;nbsp;nbsp; mail_debug = yesnbsp;nbsp;nbsp; log_path = /var/log/dovecot-delivernbsp; nbsp; info_log_path = /var/log/dovecot-deliver nbsp; nbsp; postmaster_address = [EMAIL PROTECTED]nbsp; nbsp; mail_plugin_dir = /usr/local/lib/dovecot/ldanbsp; nbsp; sendmail_path = /usr/sbin/sendmail}globalsieverc:require fileinto;if header :contains X-Spam-Flag YES {nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; fileinto Spam;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; stop;}thank you for your help,and sorry for my bad english.t
Re: [Dovecot] Problems with apple'mail client
On 5/22/2008, Osvaldo Alvarez Pozo ([EMAIL PROTECTED]) wrote: my config is as follow logs? -- Best regards, Charles
Re: [Dovecot] Sort output of dovecot -n alphabetically?
On Thu, May 22, 2008 at 09:08:13AM -0400, Charles Marcus wrote: On 5/22/2008 8:57 AM, Jens Dönhoff wrote: Is there a way? Postfix does this by default, and it makes it much less likely to miss/overlook a setting... Just pipe it through sort: dovecot -n | sort But then *everything* gets sorted (I tried before posting), so its not acceptable solution: host ~ # dovecot -n | sort # 1.1.rc5: /etc/dovecot/dovecot.conf args: * auth default: driver: pam driver: passwd listen: [::] login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login mail_location: maildir:~/.maildir passdb: ssl_cert_file: /etc/ssl/dovecot/server.pem ssl_key_file: /etc/ssl/dovecot/server.key userdb: And no, this is not complete output... The following seems to work reasonably well: dovecot -n | sed -n '1h;2,$H;${g;s/\n /xnlx/g;p}' | sort | sed 's/xnlx/\n/g' Not my invention though, just got this contraption from somewhere else.. regards, Bjorge
Re: [Dovecot] procmail -- deliver question
On Thu, 22 May 2008, Ben Budts wrote: Hi there, I use dovecot-1.1-rc4, got imap, imaps, pop3 pop3s working fine with the mbox format. I use sendmail-8.14.2 as an MTA, sendmail uses procmail as an LDA. Does it run it as the user in question, or as root? I migrated to maildir format now, and pipe all my mail to deliver right now to be able to make use of the indexing etc... Problem is I run into some errors : #My .procmailrc PATH=/usr/bin:/usr/local/bin:/usr/sbin SHELL=/bin/bash SENDMAIL=sendmail -oi -t DELIVER=/opt/dovecot/libexec/dovecot/deliver LOGFILE=$HOME/procmail.log #/dev/null VERBOSE=on LOGABSTRACT = all #DEFAULT=$HOME/Maildir/ #MAILDIR=$HOME/Maildir/ :0 w | $DELIVER # Is that /etc/procmailrc or .procmailrc? If it's /etc/procmailrc, add this to the start: DROPPRIVS=YES And remove that setuid stuff from deliver, I'd say. (These are local UNIX users, right?) -- Asheesh. -- QOTD: What I like most about myself is that I'm so understanding when I mess things up.
Re: [Dovecot] Disallow folder delete
On Wednesday, May 21, 2008 7:00 AM -0400 Charles Marcus [EMAIL PROTECTED] wrote: On 5/20/2008 9:53 PM, Kenneth Porter wrote: It might be nice to have a mode that disallows deletion of *non-empty* folders. In order for a user to delete the folder, the folder must first be emptied and purged. Alas, deleting messages can be undone, but folders can't be, and the UI of a client doesn't necessarily make this obvious. Actually, a properly configured client will simply move the folder to the Trash - where the user can recover it if it was a mistake, unless/until the trash is empty. This depends on the storage type. mbox can't hold a folder in a folder, so where do you put a deleted folder if Trash is an mbox? I looked at the 1.0.13 source and found that deleting a non-empty mbox folder-to-hold-folders will fail (see mbox_mailbox_delete() in mbox-storage.c), but a non-empty folder-to-hold-messages will succeed. I think adding this to cmd-delete.c after the client workaround part should prevent this. The message is taken from mbox_mailbox_delete but without the folder name. struct mailbox_status status; if (mailbox_get_status(mailbox, 0, status) 0) { return FALSE; } if (status.messages 0) { client_send_tagline(cmd, NO Folder isn't empty, can't delete it.); return TRUE; }
Re: [Dovecot] Searching the Archives (was: Re: dovecot developer documentation)
On Wednesday, May 21, 2008 11:49 PM -0400 John Simpson [EMAIL PROTECTED] wrote: how would somebody who has an existing mailing list (managed by ezmlm-idx) set up IMAP access to their list archives like this? That would make a nice HOWTO for the wiki. I'd also like to see the answer for a mailman system.
Re: [Dovecot] Sort output of dovecot -n alphabetically?
On 5/22/2008, Bjorge Dijkstra ([EMAIL PROTECTED]) wrote: The following seems to work reasonably well: dovecot -n | sed -n '1h;2,$H;${g;s/\n /xnlx/g;p}' | sort | sed 's/xnlx/\n/g' Sorry... this shoul dbe done as part of the command itself - I don't fancy using a hack like that... I'll wait and see if Timo is willing to do it - hopefully he'll see the value - if not... -- Best regards, Charles