Re: [Dovecot] How to seperate pop3 and imap user lookup?
Timo Sirainen wrote: On Wed, 2008-06-18 at 13:05 +0800, Zhang Huangbin wrote: Hi, all. I have two column in MySQL user table: - enablepop (NOT NULL default '1') - enableimap (NOT NULL default '1') How can i config dovecot to seperate pop user lookup and imap user lookup? Use %s which expands to IMAP or POP3 in the query. See http://wiki.dovecot.org/Variables for list of all variables. Hi, Timo. It works now. Thanks :) for mysql query(MySQL column: enablepop3, enableimap): 8 user_query = SELECT xxx FROM mailbox WHERE username='%u' AND active='1' AND enable%Ls='1' 8 for LDAP query(LDAP attr: enablePOP3, enableIMAP): 8 user_filter = ((mail=%u)(xxx other filter here)(enable%Us=yes)) 8 -- Best Regards. Zhang Huangbin - Mail Server Solution for Red Hat(R) Enterprise Linux CentOS 5.x: http://rhms.googlecode.com/
[Dovecot] don't follow symlinks when creating mailbox list
Hi, this issue was discussed here twice in the not so far history (http://www.dovecot.org/list/dovecot/2008-January/028317.html, http://www.dovecot.org/list/dovecot/2008-February/029147.html), but I need to open it again as it makes problems for our users on one side and on the other side we don't want to diverge from the upstream sources in our packages. I agree with Timo that simply disabling the symlink following in creating the mailbox list can give a false sense of security so the question is whether a permanent solution can be developed and how it should look like? Regards, Dan -- Fedora and Red Hat package maintainer
Re: [Dovecot] dovecot as gmail imap proxy
On Tue, Jun 17, 2008 at 03:37:30PM -0700, Peter Hessler wrote: I 3 mutt. Easy enough, but lots of power is available. Yes, mutt is great! :-) Btw, you can use mutt with dovecot without running dovecot as a daemon/server, by putting this in your .muttrc: set tunnel=MAIL=/home/geert/mbox /usr/pkg/libexec/dovecot/imap (adapt paths for your own system) This way mutt will talk to the dovecot imap binary via stdin/stdout. This will also work over ssh. This way you don't need to run dovecot as a server and you still benefit from eg. the cache etc. Geert
Re: [Dovecot] dovecot as gmail imap proxy
On Wed, 2008-06-18 at 10:32 +0200, Geert Hendrickx wrote: On Tue, Jun 17, 2008 at 03:37:30PM -0700, Peter Hessler wrote: I 3 mutt. Easy enough, but lots of power is available. Yes, mutt is great! :-) Btw, you can use mutt with dovecot without running dovecot as a daemon/server, by putting this in your .muttrc: set tunnel=MAIL=/home/geert/mbox /usr/pkg/libexec/dovecot/imap dovecot --exec-mail imap is better. Then it uses the settings from dovecot.conf as well as the proper default settings. With the above you're for example using mbox_lazy_writes=no signature.asc Description: This is a digitally signed message part
[Dovecot] quota attribute for ldap.
I want to manage quotas and I want to manage quota limit with ldap. I use debian etch with slapd version 2.3 as ldap server. I see that in the schemas that comes with openLDAP debian distribution there are no quota attributes. How you have solved it?
Re: [Dovecot] v1.2 development tree started
Updates: On Mon, 2008-06-09 at 05:51 +0300, Timo Sirainen wrote: I merged all the new features and latest v1.1 changes under one tree: http://hg.dovecot.org/dovecot-1.2/ Nightly snapshots are also from v1.2 code tree nowadays. 1. CONDSTORE extension is probably the largest change. It adds new modification sequences for messages that increase whenever the message's metadata changes. I'll probably have to reimplement the way modseqs are calculated, because modseqs will be very useful when implementing replication and the current way just doesn't work with it. If modseq-supporting clients see the current modseqs and later the server gets upgraded to new modseqs, the clients will most likely break. So this change should be done for v1.2. Modseq changes are implemented. The only issue with CONDSTORE is that STORE UNCHANGEDSINCE command doesn't atomically check-and-update. Implementing the atomicity should be pretty easy since there is a similar check already in the code. The largest issue with it is changing APIs enough to support returning back which messages failed the STORE. Still should be pretty easy. 4. Virtual mailboxes should work fast after mailbox is opened. The initial opening could use several optimizations though. It could probably share some code with QRESYNC to avoid the full initial search (storing each backend's modseq to index header). Also if search parameters don't contain any dynamically changing data, there's no point in searching the old messages. Implemented initial opening optimizations. I haven't done much testing though, other than it appears not to crash and appears to work with simple tests. :) So the current implementation should be as fast as it's possible to make it. The current design doesn't allow changing the search parameters or list of mailboxes, otherwise it breaks more or less badly. I guess I could add code to check if the dovecot-virtual file's mtime has changed and if so make it do a full resync. This anyway means that there's no way to support wildcard mailbox names (e.g. all mailboxes). But does anyone really want that (yet)? It'll anyway be faster/easier to implement once mailbox list indexes are implemented. Changing mailbox list is now detected and handled, as well as UIDVALIDITY changing in mailboxes. Mailbox list wildcards wouldn't be all that difficult to implement anymore if someone wants them, but until then I don't think I'll bother. Changing search parameters still isn't detected though. Maybe it could store a MD5 sum of the search parameters in the header and if it changes rebuild the entire mailbox. I'll still have to add a new X-MAILBOX search parameter which can be used to test what the backend mailbox name is. This will be especially useful with INTHREAD extension. I guess it wouldn't hurt to have FETCH X-MAILBOX if someone wants it. Oh, almost forgot about this one. 6. INTHREAD extension isn't started yet, but I'll start it soon. Hopefully won't be too tricky to get it working with virtual mailboxes and CONTEXT=SEARCH.. This one is the last major unimplemented v1.2 feature. After that I'll start finishing, optimizing and stabilizing the features for a v1.2 release (as well as start v2.0/replication coding). I'm hoping for v1.2.0 release by the end of this summer. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] don't follow symlinks when creating mailbox list
On Wed, 2008-06-18 at 09:35 +0200, Dan Horák wrote: this issue was discussed here twice in the not so far history (http://www.dovecot.org/list/dovecot/2008-January/028317.html, http://www.dovecot.org/list/dovecot/2008-February/029147.html), but I need to open it again as it makes problems for our users on one side and on the other side we don't want to diverge from the upstream sources in our packages. I agree with Timo that simply disabling the symlink following in creating the mailbox list can give a false sense of security so the question is whether a permanent solution can be developed and how it should look like? Permanent solution would be to put your mailboxes in a separate directory where users preferrably don't even have write access, so they can't create broken symlinks. Other than that, I see only kludgy solutions. Although I suppose I could consider including a check that keeps track of which directories are scanned and stops if it encounters a loop. Is your problem with loops or just that symlinks point to huge directory structures outside home dir? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot-uidlist cleanup
* Timo Sirainen, 2008-06-18 07:43 BTW. If anything except SEARCH takes more than an instant in a mailbox smaller than 10k messages on a non-loaded server, it's most likely a bug. And I just guessed that 10k value because that's how large many of my mailboxes are on a 10 years old server, probably 30-50k messages should still be ok. Thanks for the hint, I'll keep that in mind. :-) Bye, Thomas
Re: [Dovecot] dovecot as gmail imap proxy
Asheesh Laroia wrote: On Tue, 17 Jun 2008, Farkas Levente wrote: hi, may be this is a bit of topic, but i hope not. it's always a big question which is the better to choose a hosting provider to keep and manage you mail or setup your own mail server, hosting, virus and spam filter etc.. now as more and more people and company move to gmail or google apps mail service it seems google can't handle the load and it's getting more and more slower. what's more not just the imap interface but nowadays the web interface used to be hang or even stop working. it's getting more and more annoying that the speed is worst than in a 10 years ago. i thing about how can this be solved without totally give up gmail as a mail service provider (and may be they can solve it in a few months/years:-). would it be possible to create a dovecot server as an imap proxy for gmail and google apps? What I have is: * rose, my primary server (but far away) * supercore, another server at my parents' house rose is the primary MX. I run offlineimap on supercore to sync a local Maildir on supercore with rose's IMAP - that way, my parents can use a server with 1ms ping, and as they use Dovecot to modify the local Maildir on supercore, a minute later offlineimap will wake up and create IMAP operations to synchronize rose with the state on supercore. i'm just look into offlineimap. half of the code for ui, another part to implement maildir and imap. so it seems for me there is only a little code which do the synchronization. Timo what do you think how much work would be add such a middleware imap server capabilities (ie. imap backend) to dovecot? -- Levente Si vis pacem para bellum!
Re: [Dovecot] don't follow symlinks when creating mailbox list
Timo Sirainen píše v St 18. 06. 2008 v 12:38 +0300: On Wed, 2008-06-18 at 09:35 +0200, Dan Horák wrote: this issue was discussed here twice in the not so far history (http://www.dovecot.org/list/dovecot/2008-January/028317.html, http://www.dovecot.org/list/dovecot/2008-February/029147.html), but I need to open it again as it makes problems for our users on one side and on the other side we don't want to diverge from the upstream sources in our packages. I agree with Timo that simply disabling the symlink following in creating the mailbox list can give a false sense of security so the question is whether a permanent solution can be developed and how it should look like? Permanent solution would be to put your mailboxes in a separate directory where users preferrably don't even have write access, so they can't create broken symlinks. Yes, that's true :-) Other than that, I see only kludgy solutions. Although I suppose I could consider including a check that keeps track of which directories are scanned and stops if it encounters a loop. Is your problem with loops or just that symlinks point to huge directory structures outside home dir? The main problem are loops that are taking the imap process into endless search. The February thread contains your workaround (patch) that blocks all symlinks which means even the harmless ones. Dan -- Fedora and Red Hat package maintainer
Re: [Dovecot] don't follow symlinks when creating mailbox list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 18 Jun 2008, Dan Horák wrote: The main problem are loops that are taking the imap process into endless search. The February thread contains your workaround (patch) that blocks all symlinks which means even the harmless ones. Some people use symlinks to get Shared Folders, therefore I suggest to not ignore symlinks in Dovecot by default. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD4DBQFIWRVOVJMDrex4hCIRAmFoAJUXwhkD9BnF3VV+l/fb1Yql6aohAJ4243mL ri+o6HK60I9sRkWxGLtPZg== =Go0q -END PGP SIGNATURE-
[Dovecot] Migrate to 1.1 from 1.0.14
Hello. I see dovecot 1.1 will be release very soon. I'm thinking about a migration from my 1.0.14. The migration job will be hard/long? I see in http://wiki.dovecot.org/Upgrading/1.1 that dovecot-uidlist file are in a new format. It will be problem for Courier (pop/imap) upgrades? (today, I often upgrade old mailboxes in Courier to my Dovecot server). Best regards, -- - Nicolas.
Re: [Dovecot] v1.2 development tree started
Hi Timo, First of all, dovecot is great! :) Question on CONDSTORE. I haven't re-read RFC to confirm, isn't CONDSTORE operates under switch mode with command ENABLE? So that IMAP client needs to request such capability. Maybe I mixed up with another IMAP command. Thanks Joseph Timo Sirainen wrote: Updates: On Mon, 2008-06-09 at 05:51 +0300, Timo Sirainen wrote: I merged all the new features and latest v1.1 changes under one tree: http://hg.dovecot.org/dovecot-1.2/ Nightly snapshots are also from v1.2 code tree nowadays. 1. CONDSTORE extension is probably the largest change. It adds new modification sequences for messages that increase whenever the message's metadata changes. I'll probably have to reimplement the way modseqs are calculated, because modseqs will be very useful when implementing replication and the current way just doesn't work with it. If modseq-supporting clients see the current modseqs and later the server gets upgraded to new modseqs, the clients will most likely break. So this change should be done for v1.2. Modseq changes are implemented. The only issue with CONDSTORE is that STORE UNCHANGEDSINCE command doesn't atomically check-and-update. Implementing the atomicity should be pretty easy since there is a similar check already in the code. The largest issue with it is changing APIs enough to support returning back which messages failed the STORE. Still should be pretty easy. 4. Virtual mailboxes should work fast after mailbox is opened. The initial opening could use several optimizations though. It could probably share some code with QRESYNC to avoid the full initial search (storing each backend's modseq to index header). Also if search parameters don't contain any dynamically changing data, there's no point in searching the old messages. Implemented initial opening optimizations. I haven't done much testing though, other than it appears not to crash and appears to work with simple tests. :) So the current implementation should be as fast as it's possible to make it. The current design doesn't allow changing the search parameters or list of mailboxes, otherwise it breaks more or less badly. I guess I could add code to check if the dovecot-virtual file's mtime has changed and if so make it do a full resync. This anyway means that there's no way to support wildcard mailbox names (e.g. all mailboxes). But does anyone really want that (yet)? It'll anyway be faster/easier to implement once mailbox list indexes are implemented. Changing mailbox list is now detected and handled, as well as UIDVALIDITY changing in mailboxes. Mailbox list wildcards wouldn't be all that difficult to implement anymore if someone wants them, but until then I don't think I'll bother. Changing search parameters still isn't detected though. Maybe it could store a MD5 sum of the search parameters in the header and if it changes rebuild the entire mailbox. I'll still have to add a new X-MAILBOX search parameter which can be used to test what the backend mailbox name is. This will be especially useful with INTHREAD extension. I guess it wouldn't hurt to have FETCH X-MAILBOX if someone wants it. Oh, almost forgot about this one. 6. INTHREAD extension isn't started yet, but I'll start it soon. Hopefully won't be too tricky to get it working with virtual mailboxes and CONTEXT=SEARCH.. This one is the last major unimplemented v1.2 feature. After that I'll start finishing, optimizing and stabilizing the features for a v1.2 release (as well as start v2.0/replication coding). I'm hoping for v1.2.0 release by the end of this summer.
[Dovecot] Dovecot index, NFS, and multiple architectures
Hi all, I crawled through the archives for a bit but didn't see anything helpful, so I apologize if this has already been addressed. We've been dying to move from Courier to Dovecot across our whole infrastructure for quite some time, but until recently our setup wasn't possible until this happened: Dovecot allows mailboxes and their indexes to be modified by multiple computers at the same time, while still performing well. This means that Dovecot works with NFS and clustered filesystems. Now that NFS is officially supported, we figured why not make the switch. All of our mail touches NFS in some way, so we need to check on the stability before completely migrating. In test trials we're having issues with the NFS'd index becoming corrupted. Here's the setup: * Linux workstations running Fedora 8/9 i386 and a locally called Dovecot 1.0.14 * NFS'd homedir with Maildir setup * NFS is on Solaris 9 sparcv9 (64bit) running Dovecot 1.0.14 Now this setup is just a test example and not exactly what we'll be running in production, but it tipped up the problem either way. Since the index is shared by both the Linux i386 machine and the sparc64 Solaris machine, if mail is accessed from both, lets say with Pine for example, the index becomes corrupted and breaks. As long as only one architecture only ever touches it there are no issues. I'm assuming this is an endian issue, which would make the most sense. Is there a way around this with flags or server options? Is this something that has maybe been addressed in 1.1.0? Unfortunately, we are not going to be able to move to Dovecot across all of our systems until this is no longer an issue. We run a lot of mixed environments that have everything from Linux i386/x86_64 to Solaris 9 64 to Windows. If a user accesses IMAP from a Windows box, then logs into the front end which is a Linux x86_64 box and runs Pine, and all of this is on a Solaris sparc NFS system, we're going to have serious issues with the index. ;) Any help would be appreciated. Thanks, -Dave -- David Halik System Administrator OIT-CSS Rutgers University [EMAIL PROTECTED] http://www.digitalruin.net
Re: [Dovecot] Dovecot index, NFS, and multiple architectures
On 6/18/2008, David Halik ([EMAIL PROTECTED]) wrote: * Linux workstations running Fedora 8/9 i386 and a locally called Dovecot 1.0.14 * NFS'd homedir with Maildir setup * NFS is on Solaris 9 sparcv9 (64bit) running Dovecot 1.0.14 NFS is only fully supported on 1.1+. This is why you're having trouble. 1.1rc10 is the latest, and the stable release is imminent, so you should have no trouble moving to it. -- Best regards, Charles
Re: [Dovecot] Using checkpassword to block ips?
--
Message: 1
Date: Sun, 15 Jun 2008 19:04:05 -0400
From: Larry Ludwig [EMAIL PROTECTED]
Subject: [Dovecot] Using checkpassword to block ips?
To: dovecot@dovecot.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii
Hi new to the list, but we are a long time user of Dovecot
via DirectAdmin
control panel.
We, like everyone else, are seeing an increase in dictionary
attacks of
POP/IMAP. We want to block them.
I've searched the mailing list and found a few recommended
fail2ban, which
really won't work for our case. We need to do this over many
machines and
not one or two. We also like to gather info at the network
wide level.
Hackers know about attacking specific server/ips too often
and we've seen
much more distributed attacks that go under the radar of one server
monitoring setup.
We've designed our own system and use a local RBL to
distribute the blocked
IPs. For ftp and ssh attacks it's worked very well. We
would like to use
the RBL to do the same with dovecot.
From my research it appears the best way to do this (and
only currently) is
with the checkpassword option. I haven't gotten it to work
yet. We have:
passdb checkpassword {
args = /usr/local/bin/checkpassword
deny = yes
}
As the first auth.. This should reject the connection if the
IP matches.
checkpassword can see TCPREMOTEIP enviornmental variable.
In the checkpassword script we have:
#!/usr/bin/perl
sub read_uinfo {
my($user,$passwd,$apop_ts);
open X,=3 or exit 111;
$_ = X;
# ugly; should use sysread instead
($user,$passwd,$apop_ts) = /^(.*)\0(.*)\0(.*)\0/;
while (X) {};
close X;
return ($user,$passwd,$apop_ts);
}
($user,$passwd,$apop_ts)=$debug?(shift,shift,shift):read_uinfo;
$ipaddr=$ENV{TCPREMOTEIP};
$result=system(/usr/sbin/checkdnsbl $ipaddr);
if ( $result == 0) {
@ENV{SHELL,USER,HOME} = ($shell,$user,$home);
exit 0;
}
else {
exit 1;
}
My questions are as follows:
- Can the deny = yes be used with checkpassword?
- What am I doing wrong with the script? It should reject only the
connections that are in the RBL. It blocks all
Bump..
No one can help with this setup or issue?
-L
--
Larry Ludwig
Empowering Media
1-866-792-0489 x600
Managed and Unmanaged Xen VPSes
http://www.hostcube.com/
Re: [Dovecot] Dovecot index, NFS, and multiple architectures
Gee, I've been running for a year now, albeit in an NFS environment where there are only four machines, 3 AIX (A master where the files are resident and 2 other machines as NFS clients...a mailing list server (which can write heavily to the mounts) and a login server (which writes lightly if at all)) and one Linux Fedora (reading only). I only use fcntl locks and no caching on the clients. Knock on wood, but we've had no corruption Charles Marcus wrote: On 6/18/2008, David Halik ([EMAIL PROTECTED]) wrote: * Linux workstations running Fedora 8/9 i386 and a locally called Dovecot 1.0.14 * NFS'd homedir with Maildir setup * NFS is on Solaris 9 sparcv9 (64bit) running Dovecot 1.0.14 NFS is only fully supported on 1.1+. This is why you're having trouble. 1.1rc10 is the latest, and the stable release is imminent, so you should have no trouble moving to it. -- Stewart Dean, Unix System Admin, Henderson Computer Resources Center of Bard College, Annandale-on-Hudson, New York 12504 [EMAIL PROTECTED] voice: 845-758-7475, fax: 845-758-7035
Re: [Dovecot] Dovecot index, NFS, and multiple architectures
On 6/18/2008, Stewart Dean ([EMAIL PROTECTED]) wrote: Gee, I've been running for a year now, Note I said *fully* supported. Specifically - Timo recommends to use 1.1 if you're using NFS... but by all means, do what ever you like... :) -- Best regards, Charles
Re: [Dovecot] dovecot as gmail imap proxy
On Jun 18, 2008, at 2:59 PM, Farkas Levente wrote: Timo what do you think how much work would be add such a middleware imap server capabilities (ie. imap backend) to dovecot? I think it would be quite a lot of work. Definitely a lot more than I have time for currently. The most difficult thing is probably writing IMAP parsing and event handling for it. I've written such code for my imaptest tool already though, maybe at some point they could be more or less merged to a common lib-imap-client. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Dovecot index, NFS, and multiple architectures
When I opened your message, before I could even read it, NFS failed and corrupted everything. Shades of Shroedinger's Cat! Just kidding (I hope) :) Charles Marcus wrote: On 6/18/2008, Stewart Dean ([EMAIL PROTECTED]) wrote: Gee, I've been running for a year now, Note I said *fully* supported. Specifically - Timo recommends to use 1.1 if you're using NFS... but by all means, do what ever you like... :) -- Stewart Dean, Unix System Admin, Henderson Computer Resources Center of Bard College, Annandale-on-Hudson, New York 12504 [EMAIL PROTECTED] voice: 845-758-7475, fax: 845-758-7035
[Dovecot] debugging dovecot and sieve
I have install dovecot and sieve and it doesn't appear to be working.
Below is my dovecot.conf
Are there some debugging settings I can use to test if dovecot is
linking with sieve properly.
Nothing appears to show up in the logs
start dovecot.conf
===
cat /usr/local/etc/dovecot.conf
base_dir = /var/run/dovecot/
auth_verbose=yes
auth_debug=yes
mail_debug=yes
auth_debug_passwords=yes
disable_plaintext_auth=no
protocols = imap imaps pop3 pop3s
protocol imap {
mail_plugins = quota imap_quota
imap_client_workarounds = outlook-idle delay-newmail
}
protocol pop3 {
mail_plugins = quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xx
}
protocol lda {
postmaster_address = [EMAIL PROTECTED]
mail_plugins = quota cmusieve
log_path = /var/log/vmail/dovecot-deliver.log
info_log_path = /var/log/vmail/dovecot-deliver.log
}
##
## Logging
##
# Log file to use for error messages, instead of sending them to syslog.
# /dev/stderr can be used to log into stderr.
log_path = /var/log/dovecot/error_log
# Log file to use for informational and debug messages.
# Default is the same as log_path.
info_log_path = /var/log/dovecot/general_log
# Prefix for each line written to log file. % codes are in strftime(3)
# format.
#log_timestamp = %b %d %H:%M:%S
# Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use mail, you'll use local0..local7. Also other standard
# facilities are supported.
#syslog_facility = mail
#ssl_listen =
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem
#ssl_key_password =
#ssl_ca_file =
#ssl_verify_client_cert = no
#ssl_parameters_regenerate = 168
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW
# Show protocol level SSL errors.
#verbose_ssl = no
#ssl_ca_file = /etc/pki/dovecot/certs/ca-bundle.crt
mail_location = maildir:/var/vmail/%d/%u
mail_extra_groups = mail
first_valid_uid = 601
last_valid_uid = 601
maildir_copy_with_hardlinks = yes
auth default {
mechanisms = plain
passdb sql {
args = /etc/dovecot/sql.conf
}
userdb sql {
args = /etc/dovecot/sql.conf
}
userdb prefetch {
}
user = nobody
socket listen {
master {
# path = /var/run/dovecot/auth-master
path = /usr/local/var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = mail
}
}
}
dict {
}
plugin {
quota = maildir:storage=10240:messages=1000
acl = vfile:/etc/dovecot/acls
trash = /etc/dovecot/trash.conf
sieve = /var/vmail/%d/%u/.dovecot.sieve
}
=
end dovecot.conf
Thanks
vfclists
Re: [Dovecot] Using checkpassword to block ips?
On Sun, 2008-06-15 at 19:04 -0400, Larry Ludwig wrote:
if ( $result == 0) {
@ENV{SHELL,USER,HOME} = ($shell,$user,$home);
exit 0;
}
else {
exit 1;
}
1) If you want to allow the user, deny=yes passdb check must fail. So
exit with 1 in that case.
2) With deny=yes Dovecot doesn't care about shell or home. USER is most
likely also useless unless your check changes it.
3) If you want to block the user, the checkpassword must succeed. exit 0
doesn't mean success. You have to execute the checkpassword-reply binary
as specified by http://wiki.dovecot.org/PasswordDatabase/CheckPassword
signature.asc
Description: This is a digitally signed message part
[Dovecot] v1.1.rc11 released
http://dovecot.org/releases/1.1/rc/dovecot-1.1.rc11.tar.gz http://dovecot.org/releases/1.1/rc/dovecot-1.1.rc11.tar.gz.sig This is the final v1.1 RC. Tomorrow I'll change only the version number, update the documentation and call it v1.1.0. But please test this anyway to make sure I didn't happen to break anything since rc10 :) - dovecot-uidlist is now recreated if it results in file shrinking over 25%. - Some other minor fixes signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v1.1.rc11 released
Hi All, I could build and install on Linux and HP-UX machines successfully with gcc, but I failed on an AIX machine with gcc. So may I ask you some advice on making on AIX? The environment is as follows (`gcc -v`): Using built-in specs. Target: powerpc-ibm-aix5.3.0.0 Configured with: ../gcc-4.1.1/configure --disable-nls Thread model: aix gcc version 4.1.1 Firstly, make failed with the following messages: [Snip] Making all in lib make all-am gcc -DHAVE_CONFIG_H -I. -I../.. -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer -arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 -MT restrict-access.o -MD -MP -MF .deps/restrict -access.Tpo -c -o restrict-access.o restrict-access.c In file included from /usr/include/grp.h:57, from restrict-access.c:13: /usr/local/lib/gcc/powerpc-ibm-aix5.3.0.0/4.1.1/include/stdio.h:501: error: conflicting types for 'fgetpos64' /usr/local/lib/gcc/powerpc-ibm-aix5.3.0.0/4.1.1/include/stdio.h:310: error: previous declaration of 'fgetpos64' was here /usr/local/lib/gcc/powerpc-ibm-aix5.3.0.0/4.1.1/include/stdio.h:504: error: conflicting types for 'fseeko64' /usr/local/lib/gcc/powerpc-ibm-aix5.3.0.0/4.1.1/include/stdio.h:441: error: previous declaration of 'fseeko64' was here /usr/local/lib/gcc/powerpc-ibm-aix5.3.0.0/4.1.1/include/stdio.h:505: error: conflicting types for 'fsetpos64' /usr/local/lib/gcc/powerpc-ibm-aix5.3.0.0/4.1.1/include/stdio.h:312: error: previous declaration of 'fsetpos64' was here /usr/local/lib/gcc/powerpc-ibm-aix5.3.0.0/4.1.1/include/stdio.h:506: error: conflicting types for 'ftello64' /usr/local/lib/gcc/powerpc-ibm-aix5.3.0.0/4.1.1/include/stdio.h:442: error: previous declaration of 'ftello64' was here make: 1254-004 The error code from the last command is 1. After some googling on this problem, I found that adding `#include stdio.h' before other includes in ./src/lib/restrict-access.c. After that, I met other errors like the following: [Snip] gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-dict -I../../../src/lib-index -I../../../src/lib-ma il -I../../../src/lib-storage -I../../../src/lib-storage/index -I../../../src/lib-storage/index/maildir -std=gnu99 -g -O2 -Wa ll -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-a liasing=2 -MT quota-count.lo -MD -MP -MF .deps/quota-count.Tpo -c quota-count.c -DPIC -o .libs/quota-count.o mv -f .deps/quota-count.Tpo .deps/quota-count.Plo rpcgen -h /usr/include/rpcsvc/rquota.x rquota.h /bin/sh ../../../libtool --tag=CC--mode=compile gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../ ../src/lib-dict -I../../../src/lib-index -I../../../src/lib-mail -I../../../src/lib-storage -I../../../src/lib-storage/in dex -I../../../src/lib-storage/index/maildir -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpoin ter-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 -MT quota-fs.lo -MD -MP -MF .deps/quota-fs.Tp o -c -o quota-fs.lo quota-fs.c gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-dict -I../../../src/lib-index -I../../../src/lib-ma il -I../../../src/lib-storage -I../../../src/lib-storage/index -I../../../src/lib-storage/index/maildir -std=gnu99 -g -O2 -Wa ll -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-a liasing=2 -MT quota-fs.lo -MD -MP -MF .deps/quota-fs.Tpo -c quota-fs.c -DPIC -o .libs/quota-fs.o In file included from quota-fs.c:28: rquota.h:8: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'xdr_getquota_args' rquota.h:13: error: expected specifier-qualifier-list before 'bool_t' rquota.h:24: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'xdr_rquota' rquota.h:32: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'xdr_gqr_status' rquota.h:42: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'xdr_getquota_rslt' quota-fs.c: In function 'do_rquota': quota-fs.c:287: error: storage size of 'call_status' isn't known quota-fs.c:288: error: 'CLIENT' undeclared (first use in this function) quota-fs.c:288: error: (Each undeclared identifier is reported only once quota-fs.c:288: error: for each function it appears in.) quota-fs.c:288: error: 'cl' undeclared (first use in this function) quota-fs.c:309: warning: implicit declaration of function 'clnt_create' quota-fs.c:317: warning: implicit declaration of function 'auth_destroy' quota-fs.c:318: warning: implicit declaration of function 'authunix_create_default' quota-fs.c:326: warning: implicit declaration of function 'clnt_call' quota-fs.c:327: error: 'xdrproc_t' undeclared (first use in this function) quota-fs.c:327: error: expected ')' before 'xdr_getquota_args' quota-fs.c:333: warning:
Re: [Dovecot] v1.1.rc11 released
On Wed, 2008-06-18 at 21:10 -0700, Woonsan Ko wrote: After some googling on this problem, I found that adding `#include stdio.h' before other includes in ./src/lib/restrict-access.c. Done. rpcgen -h /usr/include/rpcsvc/rquota.x rquota.h Here it generates the rquota.h In file included from quota-fs.c:28: rquota.h:8: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'xdr_getquota_args' rquota.h:13: error: expected specifier-qualifier-list before 'bool_t' rquota.h:24: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'xdr_rquota' rquota.h:32: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'xdr_gqr_status' rquota.h:42: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'xdr_getquota_rslt' But for some reason it can't use it. I don't really know why. I suppose it's missing some include file? Does it include rpc/rpc.h itself? If not, does it help to include it? quota-fs.c:478: warning: implicit declaration of function 'quotactl' http://hg.dovecot.org/dovecot-1.1/rev/2b0432ec7c7c probably fixes this. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v1.1.rc11 released
Hello Timo! Anything changed since 1.1rc9 regarding the mbox issue? Did you have a look at the file I sent you? Thnx. Ciao, Gerhard Timo Sirainen wrote: http://dovecot.org/releases/1.1/rc/dovecot-1.1.rc11.tar.gz http://dovecot.org/releases/1.1/rc/dovecot-1.1.rc11.tar.gz.sig This is the final v1.1 RC. Tomorrow I'll change only the version number, update the documentation and call it v1.1.0. But please test this anyway to make sure I didn't happen to break anything since rc10 :) - dovecot-uidlist is now recreated if it results in file shrinking over 25%. - Some other minor fixes
Re: [Dovecot] v1.1.rc11 released
On Thu, 2008-06-19 at 06:56 +0200, Gerhard Wiesinger wrote: Hello Timo! Anything changed since 1.1rc9 regarding the mbox issue? Did you have a look at the file I sent you? Not yet. I've been trying to avoid spending time on debugging difficult things recently. Time to write some new code for a change. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] FTS/squat search indexes built when?
On Sat, 2008-06-14 at 07:56 -0400, Jay Levitt wrote: But what I'm not clear about: Does it then get updated on every delivery by LDA? Or does the index also need to get updated when I do a search, assuming there's been at least one message delivered since the last search? Currently it gets updated only when searching. I wanted to have it updated immediately (optionally) while mails are being delivered, but never got around to implementing it. signature.asc Description: This is a digitally signed message part
