[Dovecot] Has anyone ever seen outlook do single sign on with dovecot/etc?
Hey all, I'm curious, has anyone been able to get outlook to do single sign on with a linux IMAP/SMTP back end? I have it doing NTLM authentication via the dovecot winbind module with Samba 3.2 just fine, but I have yet to see it try to use the cached windows logon credentials.. It appears to do an NTLM exchange with a blank password and then prompt for a password and then do an exchange with the given password. It does the same thing if PLAIN authentication is used. I'm starting to suspect MS deliberately hobbled outlook so that it uses the SSPI to exchange an entered password but not ever the logon credentials.. Does anyone know different? What a topsy-turvy world when thunderbird using SSPI works better on Windows than outlook. :| Thanks, Jason
Re: [Dovecot] Webmail app ... again.
On Aug 13, 2008, at 10:32 PM, Timo Sirainen wrote: On Aug 14, 2008, at 1:26 AM, Sean Kamath wrote: But the big killer is scaleability and handling multiple servers, which is why some sort of front end like IMAPProxy are attractive. I've heard that imapproxy isn't all that useful with Dovecot once auth cache is enabled and set large enough. It'll then just basically replace Dovecot's process fork(s) with the overhead of its own. Oops, good point, I'd forgotten about that whole discussion from a few months ago. So the only real benefit to keeping cached connections would be in saving the TCP overhead, I guess... Sean
[Dovecot] Proxy logging destuser
Hi All My first post to the list, so hello world! Having searched the list archives and the wiki for an answer to this, I don't think it is possible. However, let me ask nonetheless... Is it possible for a Dovecot proxy's login process (IMAP and POP3) to include the destuser, i.e. the uid used to authenticate to the backend IMAP/POP3 server, in its logging? %u gives me the uid provided by the client of course, but it would useful for my purposes to catch the destuser in the same log line. The only way to get the proxy to log destuser at all, as far as I can figure out, is to enable auth debug - not something I want to do in a production environment. Thanking-you, Paul New from MWEB: Cellphone and Internet bundles! Bundle your Internet access with your cellular contract from R75 per month. Call 08600 32000 or click here(http://www.mweb.co.za/productsservices/MTALKMobile/tabid/1223/Default.aspx) for more info on the great deals available. MWEB :-) JUST LIKE THAT
Re: [Dovecot] Proxy logging destuser
On Aug 14, 2008, at 2:36 AM, Paul Gamble - MWEB wrote: Is it possible for a Dovecot proxy's login process (IMAP and POP3) to include the destuser, i.e. the uid used to authenticate to the backend IMAP/POP3 server, in its logging? %u gives me the uid provided by the client of course, but it would useful for my purposes to catch the destuser in the same log line. Could you try if this patch works: http://hg.dovecot.org/dovecot-1.1/raw-rev/5d0406541434 PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Cyrus vs Dovecot
Pascal Gienger a écrit : Mathieu Kretchner [EMAIL PROTECTED] wrote: kbajwa a écrit : Cyrus = 0 Dovecot= 100 I guess you've right but I can't post this answer at Cyrus mailing list. I'm just trying to have my own opinion of imap server and I already have sarcastic answer on the cyrus mailing list ! Stop. What's this? a) crossposing content to the dovecot mailing list b) talking about sarcastic answers when users try to help you saying that migrating from an old cyrus release to a new one is easier then migrating to a new system? c) many users here have described their running configuration to help you. d) starting an advocacy war? What are you trying to do? Sorry but your manners on cyrus list have been disrespectful and hurt me... I do not want an advocacy war so I'll stop here this discussion and focus on technical aspect. begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2007 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX email;internet:[EMAIL PROTECTED] tel;work:04 92 38 76 67 x-mozilla-html:FALSE version:2.1 end:vcard
Re: [Dovecot] Proxy logging destuser
Hi Timo Thanks very much, hadn't finished my morning coffee and already a patch :) The patch does the trick: - My dovecot.conf for the proxy: ... login_log_format_elements = pid=%p user=%u method=%m rsock=%r:%b lsock=%l:%a proto=%s %c login_log_format = MYPROXY %s %$: ... - gives me, via syslog: Aug 14 10:14:03 withnail dovecot: imap-login: MYPROXY pid=6516, [EMAIL PROTECTED], method=PLAIN, rsock=127.0.0.1:48157, lsock=127.0.0.1:1143, proto=IMAP, secured proxy([EMAIL PROTECTED]): started proxying to 127.0.0.1:143/pgamble*master: Aug 14 10:26:02 withnail dovecot: pop3-login: MYPROXY pid=6514, [EMAIL PROTECTED], method=PLAIN, rsock=127.0.0.1:55991, lsock=127.0.0.1:1110, proto=POP3, secured proxy([EMAIL PROTECTED]): started proxying to 127.0.0.1:110/pgamble*master: This is just on a dev box, hence the odd IP's, log format, etc. I'm using master authentication for the backend auth and so the the master user and separator character are imbedded in the backend user, i.e. client-proxy_user, (pgamble*master above) and it would be convenient to have them available separately, but I can live with it as-is. So...great stuff, thanks very much! What is your approach with regards to incorporating these kinds of patches (in response to ad-hoc user requests) into your main development tree? It would obviously be nice to know that this will be incorporated at some point... Would it be feasible to add a config variable for this (along the lines of %u, %p, %s, etc, etc)? Regards, Paul Gamble -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Timo Sirainen Sent: 14 August 2008 09:12 AM To: Paul Gamble - MWEB Cc: dovecot@dovecot.org Subject: Re: [Dovecot] Proxy logging destuser On Aug 14, 2008, at 2:36 AM, Paul Gamble - MWEB wrote: Is it possible for a Dovecot proxy's login process (IMAP and POP3) to include the destuser, i.e. the uid used to authenticate to the backend IMAP/POP3 server, in its logging? %u gives me the uid provided by the client of course, but it would useful for my purposes to catch the destuser in the same log line. Could you try if this patch works: http://hg.dovecot.org/dovecot-1.1/raw-rev/5d0406541434 New from MWEB: Cellphone and Internet bundles! Bundle your Internet access with your cellular contract from R75 per month. Call 08600 32000 or click here(http://www.mweb.co.za/productsservices/MTALKMobile/tabid/1223/Default.aspx) for more info on the great deals available. MWEB :-) JUST LIKE THAT
Re: [Dovecot] Cyrus vs Dovecot
Ed W a écrit : Mathieu Kretchner wrote: kbajwa a écrit : Hello: I think you are missing a point which is most important, i.e., what type of support Cyrus vs Dovecot offers. In my experience: Cyrus = 0 Dovecot= 100 My personal experience. Kirt I guess you've right but I can't post this answer at Cyrus mailing list. I'm just trying to have my own opinion of imap server and I already have sarcastic answer on the cyrus mailing list ! Reading the cyrus list I think the above quote might be a bit unfair and accidently crossposted? In any case I only have experience of dovecot and it's used in some larger installs such as the old webmail.us, now 11 (I believe). I think your installation is probably large enough that you might want to do a trial migration of a couple of accounts and see if migration is a problem. I'm trying to migrate my own account from cyrus to dovecot with the 2 tools which seems to fit the most my needs : cyrus2courier : Work fast and well but I must use cyrus2courier-1.5.ts and I have 2 problems with it : falg unseen (or seen if I want) for all e-mail / Sub folders of Inbox are invisibles (I see them on the File System) ! imapsync : Must add a transition configuration to dovecot in order to have user passdb file (or master user) but once done it's ok and work correctly. I've just tested a transition and I'm happy to see it keeps all flags (seen/unseen too) and timestamp but as cyrus2courier, I can't see my inbox sub folders although I could see them (full) on the File System? Certainly for all new servers I would STRONGLY recommend some sort of virtualisation option (I use linux vservers, lots of other options available). This makes it fantasically easy to boot up (say) three instances of your target software installation, perhaps all with different configuration options and compare them easily. I used this as a solution to migrate from Courier and also recently when I was migrating from 32bit to 64bit guests - essentially you spin up your new guest, get it all ready, test it like made and then in a couple of seconds you can down the live guest and boot up the new guest. I separate out all signficant data from the guest partition so try to keep the actual installations under a couple hundred MB each (even that feels bloated, but hey) and this makes it simple to boot up a copy of a guest to test some change without having to copy too much I personally picked dovecot because I worried about the horror stories I read about with cyrus. However, both are clearly the two best options available for opensource solutions right now and both are used in large installations so you should be very happy with either. With regards to functionality it would appear (I don't use cyrus) that cyrus has more admin tools to do stuff, but Dovecot is built to be more hackable, for example you can easily run a script before each (imap, etc) login and hence do some very advanced stuff through that route. Plugins also appear to be quite easy to write to extend dovecot in new directions On the cyrus list they mentioned email retention policies. Now some people are going to say that this is really a job for the MTA (postfix/sendmail/etc). However, you have some plugins which might get you partly towards solving that need, but nothing out of the box which would give you a cast iron (stand up in court) kind of archiving control. However, you can get close I think Ed W begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2007 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX email;internet:[EMAIL PROTECTED] tel;work:04 92 38 76 67 x-mozilla-html:FALSE version:2.1 end:vcard
Re: [Dovecot] Cyrus vs Dovecot
* Mathieu Kretchner [EMAIL PROTECTED]: Ed W a écrit : Mathieu Kretchner wrote: kbajwa a écrit : Hello: I think you are missing a point which is most important, i.e., what type of support Cyrus vs Dovecot offers. In my experience: Cyrus = 0 Dovecot= 100 My personal experience. Kirt I guess you've right but I can't post this answer at Cyrus mailing list. I'm just trying to have my own opinion of imap server and I already have sarcastic answer on the cyrus mailing list ! Reading the cyrus list I think the above quote might be a bit unfair and accidently crossposted? In any case I only have experience of dovecot and it's used in some larger installs such as the old webmail.us, now 11 (I believe). I think your installation is probably large enough that you might want to do a trial migration of a couple of accounts and see if migration is a problem. I'm trying to migrate my own account from cyrus to dovecot with the 2 tools which seems to fit the most my needs : cyrus2courier : Work fast and well but I must use cyrus2courier-1.5.ts and I have 2 problems with it : falg unseen (or seen if I want) for all e-mail / Sub folders of Inbox are invisibles (I see them on the File System) ! imapsync : Must add a transition configuration to dovecot in order to have user passdb file (or master user) but once done it's ok and work correctly. I've just tested a transition and I'm happy to see it keeps all flags (seen/unseen too) and timestamp but as cyrus2courier, I can't see my inbox sub folders although I could see them (full) on the File System? If you serve Outlook Clients and use imapsynv check that they don't see all mails with the same delivery date. There's a script on the imapsync website that fixes this problem. [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563
Re: [Dovecot] Cyrus vs Dovecot
In any case I only have experience of dovecot and it's used in some larger installs such as the old webmail.us, now 11 (I believe). I think your installation is probably large enough that you might want to do a trial migration of a couple of accounts and see if migration is a problem. I'm trying to migrate my own account from cyrus to dovecot with the 2 tools which seems to fit the most my needs : cyrus2courier : Work fast and well but I must use cyrus2courier-1.5.ts and I have 2 problems with it : falg unseen (or seen if I want) for all e-mail / Sub folders of Inbox are invisibles (I see them on the File System) ! imapsync : Must add a transition configuration to dovecot in order to have user passdb file (or master user) but once done it's ok and work correctly. I've just tested a transition and I'm happy to see it keeps all flags (seen/unseen too) and timestamp but as cyrus2courier, I can't see my inbox sub folders although I could see them (full) on the File System? If you serve Outlook Clients and use imapsynv check that they don't see all mails with the same delivery date. There's a script on the imapsync website that fixes this problem. [EMAIL PROTECTED] We are using thunderbird here, but I'm glad to have your advice. begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2007 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX email;internet:[EMAIL PROTECTED] tel;work:04 92 38 76 67 x-mozilla-html:FALSE version:2.1 end:vcard
Re: [Dovecot] Webmail app ... again.
Chris Wakelin wrote: Another persistent IMAP Webmail app may be Web-Alpine from UW, but I haven't tried it out yet. If it's expecting to be talking to UW-IMAP it'll need to use persistent connections! While it's not free, a really nice webmail that does a lot of smart things (persistent imap connections, ldap connection pooling, and one of the best interfaces I've seen) is Nitido's PIM http://www.nitido.com/products/index.shtml?web_pim . It's used by a few of the larger US/Canadian ISPs for their webmail, as well as some big hosted email resellers. A bright group of guys too.
Re: [Dovecot] restricting shared folders access
Hi Timo, Thanks for your reply. How exactly are you changing virtual users' groups? You said you're using a single UID and GID, so from the OS point of view there's only a single user. Makes sense. Either that or use a different UID for all users (or the staff users). With ACLs you could create dovecot-acl file with either: a) Listing all the users who have access to it and their permissions b) List staff group's access, and have your userdb return acl_groups=staff extra field for the staff users. This will work only with v1.1. I'm running 1.0.10 so I tried option 'a' using global ACLs. However, I have a number of problems: I'm unable to grant permissions on the whole namespace, only per folder. Is this normal? Is it possible to grant permissions to a folder and all of it's subfolders? I gave a user the permission to create subfolders of a folder, but it looks like I need to create a new ACL for every subfolder created, otherwise it won't be visible. When I enabled the ACL plugin my other public namespace became inaccessible. When I try to access any of it's folders with Thunderbird I get Mailbox doesn't exist error. Is it possible to allow access by default unless there is an ACL that says otherwise? The basic thing that I'm trying to do is to have two namespaces. One public, shared between all users with read-write permission. And the other accessible only to a small group of staff users. In both cases users need to be able to create and access any subfolders without my intervention. If I change the UID of the staff users then they won't be able to access the public namespace, so this isn't great either. Is there any way I can get this working with dovecot? Many thanks, Andrew
Re: [Dovecot] restricting shared folders access
Hi Timo, Thanks for your reply. How exactly are you changing virtual users' groups? You said you're using a single UID and GID, so from the OS point of view there's only a single user. Makes sense. Either that or use a different UID for all users (or the staff users). With ACLs you could create dovecot-acl file with either: a) Listing all the users who have access to it and their permissions b) List staff group's access, and have your userdb return acl_groups=staff extra field for the staff users. This will work only with v1.1. I'm running 1.0.10 so I tried option 'a' using global ACLs. However, I have a number of problems: I'm unable to grant permissions on the whole namespace, only per folder. Is this normal? Is it possible to grant permissions to a folder and all of it's subfolders? I gave a user the permission to create subfolders of a folder, but it looks like I need to create a new ACL for every subfolder created, otherwise it won't be visible. When I enabled the ACL plugin then my other public namespace became inaccessible. When I try to access any of it's folders with Thunderbird I get Mailbox doesn't exist error. Is it possible to allow access by default unless there is an ACL that says otherwise? The basic thing that I'm trying to do is to have two namespaces. One public, shared between all users with read-write permission. And the other accessible only to a small group of staff users. In both cases users need to be able to create and access any subfolders without my intervention. If I change the UID of the staff users then they won't be able to access the public namespace, so this isn't great either. Is there any way I can get this working with Dovecot? Many thanks, Andrew
Re: [Dovecot] Yea[h]
But Timo walks through the valley of the shadow for us all.so maybe he's entitled. Timo Sirainen wrote: On Aug 13, 2008, at 5:24 PM, Chris Wakelin wrote: Timo Sirainen wrote: Yea, ... I've been meaning to tell you that should be Yeah for an informal version of Yes, otherwise it's a very archaic form of Yes or Indeed as in Yea, though I walk in the valley of the shadow of death! Hmm. I've never paid attention to that. Grepping my IRC logs I seem to have used that since the beginning. But I can also see a lot of other people are saying yea (but no idea if they're native english speakers). Wikipedia says it's a common misspelling. Perhaps I should try to change it. :) -- Stewart Dean, Unix System Admin, Henderson Computer Resources Center of Bard College, Annandale-on-Hudson, New York 12504 [EMAIL PROTECTED] voice: 845-758-7475, fax: 845-758-7035
Re: [Dovecot] Corrupted index cache files
On 8/13/2008, Mike Abbott ([EMAIL PROTECTED]) wrote: Post your dovecot -n output? Here's some of it. Not very enlightening. Why just some of it? Its not like its that much, and what you may *think* is irrelevant, may in fact be *very* relevant... -- Best regards, Charles
Re: [Dovecot] Corrupted index cache files
I re-ran imaptest on an empty mail store, single client, multiple users, using your dovecot-crlf input file, for a couple hours. Here's the distribution of errors that imaptest reports: 100 Error: user%d[%d]: ...: Header DELIVERED-TO changed 167 Error: user%d[%d]: ...: Header CC changed 417 Error: user%d[%d]: ...: Header TO changed 438 Error: user%d[%d]: ...: Header IN-REPLY-TO changed 445 Error: user%d[%d]: ...: Header REFERENCES changed 485 Error: user%d[%d]: ...: Header FROM changed 503 Error: user%d[%d]: ...: Header SUBJECT changed 544 Error: user%d[%d]: ...: Header MESSAGE-ID changed 764 Error: user%d[%d]: UID=%d INTERNALDATE changed 823 Error: user%d[%d]: UID %d changed 1040 Error: user%d[%d]: uid=%d ...: BODY changed 1052 Error: user%d[%d]: uid=%d ...: BODYSTRUCTURE changed 1546 Error: user%d[%d]: uid=%d ...: ENVELOPE changed 1833 Error: user%d[%d]: uid=%d ...: RFC822.SIZE size changed 3493 Error: user%d[%d]: uid=%d ...: BODY[] size changed 3691 Error: user%d[%d]: uid=%d ...: BODY[HEADER] size changed 3695 Error: user%d[%d]: uid=%d ...: BODY[TEXT] size changed 3880 Error: user%d[%d]: uid=%d ...: BODY[%d] size changed 376365 Error: UIVALIDITY changed: %d - %d During that time dovecot reported no corruption errors. What does it mean that imaptest is having such trouble?
Re: [Dovecot] Corrupted index cache files
On Aug 14, 2008, at 9:56 AM, Mike Abbott wrote: I re-ran imaptest on an empty mail store, single client, multiple users, using your dovecot-crlf input file, for a couple hours. Here's the distribution of errors that imaptest reports: 100 Error: user%d[%d]: ...: Header DELIVERED-TO changed .. During that time dovecot reported no corruption errors. What do you need to do to get corruption errors? Is multiple clients enough? What does it mean that imaptest is having such trouble? I think it just means that imaptest's support for multiple users is broken. I always test it only using a single test user. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Cyrus vs Dovecot
On Thu, 14 Aug 2008 10:42:49 +0200, Mathieu Kretchner [EMAIL PROTECTED] wrote: Ed W a écrit : Mathieu Kretchner wrote: kbajwa a écrit : Hello: I think you are missing a point which is most important, i.e., what type of support Cyrus vs Dovecot offers. In my experience: Cyrus = 0 Dovecot= 100 My personal experience. Kirt I guess you've right but I can't post this answer at Cyrus mailing list. I'm just trying to have my own opinion of imap server and I already have sarcastic answer on the cyrus mailing list ! Reading the cyrus list I think the above quote might be a bit unfair and accidently crossposted? In any case I only have experience of dovecot and it's used in some larger installs such as the old webmail.us, now 11 (I believe). I think your installation is probably large enough that you might want to do a trial migration of a couple of accounts and see if migration is a problem. I'm trying to migrate my own account from cyrus to dovecot with the 2 tools which seems to fit the most my needs : cyrus2courier : Work fast and well but I must use cyrus2courier-1.5.ts and I have 2 problems with it : falg unseen (or seen if I want) for all e-mail / Sub folders of Inbox are invisibles (I see them on the File System) ! imapsync : Must add a transition configuration to dovecot in order to have user passdb file (or master user) but once done it's ok and work correctly. I've just tested a transition and I'm happy to see it keeps all flags (seen/unseen too) and timestamp but as cyrus2courier, I can't see my inbox sub folders although I could see them (full) on the File System? You need to subscribe to the folders on the new server. Certainly for all new servers I would STRONGLY recommend some sort of virtualisation option (I use linux vservers, lots of other options available). This makes it fantasically easy to boot up (say) three instances of your target software installation, perhaps all with different configuration options and compare them easily. I used this as a solution to migrate from Courier and also recently when I was migrating from 32bit to 64bit guests - essentially you spin up your new guest, get it all ready, test it like made and then in a couple of seconds you can down the live guest and boot up the new guest. I separate out all signficant data from the guest partition so try to keep the actual installations under a couple hundred MB each (even that feels bloated, but hey) and this makes it simple to boot up a copy of a guest to test some change without having to copy too much I personally picked dovecot because I worried about the horror stories I read about with cyrus. However, both are clearly the two best options available for opensource solutions right now and both are used in large installations so you should be very happy with either. With regards to functionality it would appear (I don't use cyrus) that cyrus has more admin tools to do stuff, but Dovecot is built to be more hackable, for example you can easily run a script before each (imap, etc) login and hence do some very advanced stuff through that route. Plugins also appear to be quite easy to write to extend dovecot in new directions On the cyrus list they mentioned email retention policies. Now some people are going to say that this is really a job for the MTA (postfix/sendmail/etc). However, you have some plugins which might get you partly towards solving that need, but nothing out of the box which would give you a cast iron (stand up in court) kind of archiving control. However, you can get close I think Ed W
[Dovecot] Plugin when downloading mail
Is there a way to modify mail messages when they are downloaded using a special login. eg. my normal login for dovecot is [EMAIL PROTECTED] but when I log in using [EMAIL PROTECTED] I would like to download my mail which are processed using a Perl script. The Perl script will modify the content of the message (the message body). So I don't want to change the header or IMAP flags. Martijn
Re: [Dovecot] Cyrus vs Dovecot
You need to subscribe to the folders on the new server. I find it just a few time after my mail but anyway thank you for your answer ! begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2007 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX email;internet:[EMAIL PROTECTED] tel;work:04 92 38 76 67 x-mozilla-html:FALSE version:2.1 end:vcard
Re: [Dovecot] Plugin when downloading mail
On Aug 14, 2008, at 11:12 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Is there a way to modify mail messages when they are downloaded using a special login. In theory, yes. eg. my normal login for dovecot is [EMAIL PROTECTED] but when I log in using [EMAIL PROTECTED] I would like to download my mail which are processed using a Perl script. The Perl script will modify the content of the message (the message body). So I don't want to change the header or IMAP flags. There are some problems with that. You'd have to have separate index files for the accounts so that Dovecot won't return wrong cached values (or disable indexes for the other login). I think the plugin could work very much like the zlib plugin works now (override struct mail.get_stream()). Just make sure it always returns exactly the same output, because IMAP guarantees that the messages are immutable (and e.g. fetching RFC822.SIZE must match your modified message's size). PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Plugin when downloading mail
Timo Sirainen wrote: On Aug 14, 2008, at 11:12 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Is there a way to modify mail messages when they are downloaded using a special login. In theory, yes. eg. my normal login for dovecot is [EMAIL PROTECTED] but when I log in using [EMAIL PROTECTED] I would like to download my mail which are processed using a Perl script. The Perl script will modify the content of the message (the message body). So I don't want to change the header or IMAP flags. There are some problems with that. You'd have to have separate index files for the accounts so that Dovecot won't return wrong cached values (or disable indexes for the other login). I think the plugin could work very much like the zlib plugin works now (override struct mail.get_stream()). Just make sure it always returns exactly the same output, because IMAP guarantees that the messages are immutable (and e.g. fetching RFC822.SIZE must match your modified message's size). Another solution would be to maintain parallel mailboxes by whatever means and keep them in sync. This may not be as hard as it sounds depending on requirements? I think the log module might provide a starting point to make this really watertight? Have you more details on your requirements? Is it a low bandwidth problem? In my solution we simply enable a filter on incoming email and then keep a copy of the old email in an Archive folder http://www.mailasail.com Good luck Ed W
[Dovecot] dovecot performance
Hello All, I've been studying dovecot for replacing my company's current system and I got a little worried about an aspect of the dovecot's design. I was surprised that dovecot doesn't use prefork for its mail processes, forking a new processes for each new client connection. Talking in the #dovecot channel I was gave a scenario of a system supporting ~40k users with 4 servers just fine. I wonder how well dovecot would scale if we increase this number of users by some order of magnitude like, say, 4M users. It is well known that preforking is a good pratice if you want to achieve a higher performance. When I was asked about it I readily answered: of course it does. For my surprise later, i doesn't. Do you have any plans to support preforking in the near future? Best regards, giorgenes
Re: [Dovecot] dovecot performance
Words by Giorgenes Gelatti [Thu, Aug 14, 2008 at 03:38:50PM -0300]: Hello All, I've been studying dovecot for replacing my company's current system and I got a little worried about an aspect of the dovecot's design. I was surprised that dovecot doesn't use prefork for its mail processes, forking a new processes for each new client connection. Talking in the #dovecot channel I was gave a scenario of a system supporting ~40k users with 4 servers just fine. I wonder how well dovecot would scale if we increase this number of users by some order of magnitude like, say, 4M users. Well, we have 8 servers for that amount of users. It is well known that preforking is a good pratice if you want to achieve a higher performance. Some say it's premature optimization. When I was asked about it I readily answered: of course it does. For my surprise later, i doesn't. Do you have any plans to support preforking in the near future? -- Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc One man’s theology is another man’s belly laugh. -- Robert A. Heinlein
Re: [Dovecot] dovecot performance
Woa!! Do you have statistics of access/min for pop3? Indeed it could be premature since I didn't measure any real bottleneck. Just something that got my attention. []'s giorgenes 2008/8/14 Jose Celestino [EMAIL PROTECTED]: Words by Giorgenes Gelatti [Thu, Aug 14, 2008 at 03:38:50PM -0300]: Hello All, I've been studying dovecot for replacing my company's current system and I got a little worried about an aspect of the dovecot's design. I was surprised that dovecot doesn't use prefork for its mail processes, forking a new processes for each new client connection. Talking in the #dovecot channel I was gave a scenario of a system supporting ~40k users with 4 servers just fine. I wonder how well dovecot would scale if we increase this number of users by some order of magnitude like, say, 4M users. Well, we have 8 servers for that amount of users. It is well known that preforking is a good pratice if you want to achieve a higher performance. Some say it's premature optimization. When I was asked about it I readily answered: of course it does. For my surprise later, i doesn't. Do you have any plans to support preforking in the near future? -- Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc One man's theology is another man's belly laugh. -- Robert A. Heinlein
[Dovecot] Migrating mbox to maildir
Sorry to bother everyone but I was wondering if it is possible for Dovecot to handle mbox AND maildir at the same time? Example: I want to convert from UW Imap using mbox to Dovecot using maildir. Do I need to convert ALL my users mbox mailboxes to maildir right away or can I convert them one at a time? I'd like to use maildir with all my new users, but I'd like to be able to continue using mbox for my old users and slowly convert them as I get time. Is this possible? I know Dovecot supports both formats, I just couldn't find anything in the install notes about using both at the same time. Thank you, mike
Re: [Dovecot] dovecot performance
Words by Giorgenes Gelatti [Thu, Aug 14, 2008 at 04:46:04PM -0300]: Woa!! Do you have statistics of access/min for pop3? No, but I 'greped' 2300 logins/minute peak for a given day for *IMAP*. Indeed it could be premature since I didn't measure any real bottleneck. Just something that got my attention. []'s giorgenes 2008/8/14 Jose Celestino [EMAIL PROTECTED]: Words by Giorgenes Gelatti [Thu, Aug 14, 2008 at 03:38:50PM -0300]: Hello All, I've been studying dovecot for replacing my company's current system and I got a little worried about an aspect of the dovecot's design. I was surprised that dovecot doesn't use prefork for its mail processes, forking a new processes for each new client connection. Talking in the #dovecot channel I was gave a scenario of a system supporting ~40k users with 4 servers just fine. I wonder how well dovecot would scale if we increase this number of users by some order of magnitude like, say, 4M users. Well, we have 8 servers for that amount of users. It is well known that preforking is a good pratice if you want to achieve a higher performance. Some say it's premature optimization. When I was asked about it I readily answered: of course it does. For my surprise later, i doesn't. Do you have any plans to support preforking in the near future? -- Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc One man’s theology is another man’s belly laugh. -- Robert A. Heinlein
Re: [Dovecot] dovecot performance
On Aug 14, 2008, at 2:38 PM, Giorgenes Gelatti wrote: I've been studying dovecot for replacing my company's current system and I got a little worried about an aspect of the dovecot's design. I was surprised that dovecot doesn't use prefork for its mail processes, forking a new processes for each new client connection. Login processes are preforked and they can also be configured to keep reusing existing processes. But yes, post-login imap/pop3 processes aren't preforked because it would require a larger redesign of the master process. Which is actually what I have been planning on doing for v2.0 for a long time now. But there are even some theoretical problems with preforking. For example the most secure way to set up your users is to use a different UNIX UID for each user. So for preforking that means your preforked processes must run as root until they receive the information about which UID they need to run as. And the code running as root should be minimized.. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Migrating mbox to maildir
On Aug 14, 2008, at 3:46 PM, Mike Hobbs wrote: Sorry to bother everyone but I was wondering if it is possible for Dovecot to handle mbox AND maildir at the same time? Sure. I'd like to use maildir with all my new users, but I'd like to be able to continue using mbox for my old users and slowly convert them as I get time. Here are some possibilities: a) Let Dovecot auto-detect the mailbox location by leaving mail_location setting empty. If ~/Maildir exists it's used, if not mbox is used (assuming you're using a standard ~/mail location or such). b) Explicitly specify mail_location for each user in userdb. This requires that you use a userdb that allows extra fields (so passwd won't work) and remember to update it after each user is converted. c) Like a) but do the auto-detection yourself using post-login scripting: http://wiki.dovecot.org/PostLoginScripting. This won't work if you're using Dovecot's deliver though. d) Let Dovecot do the conversion for you. When a user logs in, his/her mails are converted. http://wiki.dovecot.org/Plugins/Convert It's even possible for the same user to use both mbox and maildir at the same time using namespaces. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Proxy logging destuser
On Aug 14, 2008, at 4:42 AM, Paul Gamble - MWEB wrote: Aug 14 10:14:03 withnail dovecot: imap-login: MYPROXY pid=6516, [EMAIL PROTECTED], method=PLAIN, rsock=127.0.0.1:48157, lsock=127.0.0.1:1143, proto=IMAP, secured proxy([EMAIL PROTECTED]): started proxying to 127.0.0.1:143/pgamble*master: Aug 14 10:26:02 withnail dovecot: pop3-login: MYPROXY pid=6514, [EMAIL PROTECTED], method=PLAIN, rsock=127.0.0.1:55991, lsock=127.0.0.1:1110, proto=POP3, secured proxy([EMAIL PROTECTED]): started proxying to 127.0.0.1:110/pgamble*master: This is just on a dev box, hence the odd IP's, log format, etc. I'm using master authentication for the backend auth and so the the master user and separator character are imbedded in the backend user, i.e. client-proxy_user, (pgamble*master above) and it would be convenient to have them available separately, but I can live with it as-is. So...great stuff, thanks very much! What is your approach with regards to incorporating these kinds of patches (in response to ad-hoc user requests) into your main development tree? It would obviously be nice to know that this will be incorporated at some point... The URL I gave was to the main v1.1 tree. So this feature will be in v1.1.3. Would it be feasible to add a config variable for this (along the lines of %u, %p, %s, etc, etc)? That is getting a bit crowded already. And that's proxy-specific thing so you should then have variables for the destination host and port as well. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] dovecot performance
2008/8/14 Timo Sirainen [EMAIL PROTECTED]: But there are even some theoretical problems with preforking. For example the most secure way to set up your users is to use a different UNIX UID for each user. So for preforking that means your preforked processes must run as root until they receive the information about which UID they need to run as. And the code running as root should be minimized.. True, but it's a common scenario to have thousands of users, in which case they usually have all the same UID. []'s
Re: [Dovecot] dovecot performance
On Aug 14, 2008, at 4:25 PM, Giorgenes Gelatti wrote: 2008/8/14 Timo Sirainen [EMAIL PROTECTED]: But there are even some theoretical problems with preforking. For example the most secure way to set up your users is to use a different UNIX UID for each user. So for preforking that means your preforked processes must run as root until they receive the information about which UID they need to run as. And the code running as root should be minimized.. True, but it's a common scenario to have thousands of users, in which case they usually have all the same UID. I'm hoping that'll change some day in future when there are better tools to easily support UID-per-user. :) PGP.sig Description: This is a digitally signed message part
[Dovecot] Request queue is full
Hello all, Today I had problems on one of the servers. Dovecot stopped working and I got lots of Request queue is full on logs. Aug 14 16:49:45 mailserver03 dovecot: auth(default): ldap([EMAIL PROTECTED]): Request queue is full Aug 14 16:49:45 mailserver03 dovecot: auth(default): ldap([EMAIL PROTECTED]): Request queue is full Aug 14 16:49:45 mailserver03 dovecot: auth(default): ldap([EMAIL PROTECTED],10.0.3.1): Request queue is full Only after a restart on dovecot daemon the services worked again. Does anyone know how can I fix this problem? The server were with about 900 imap connections and 300 pop3 connections. # 1.1.1: /etc/dovecot//dovecot.conf syslog_facility: local1 protocols: imap pop3 ssl_disable: yes disable_plaintext_auth: no shutdown_clients: no login_dir: /usr//var/run/dovecot/login login_executable(default): /usr//libexec/dovecot/imap-login login_executable(imap): /usr//libexec/dovecot/imap-login login_executable(pop3): /usr//libexec/dovecot/pop3-login login_process_per_connection: no login_greeting_capability(default): yes login_greeting_capability(imap): yes login_greeting_capability(pop3): no login_process_size: 128 login_processes_count: 30 login_max_processes_count: 1024 login_max_connections: 512 max_mail_processes: 10240 mail_max_userip_connections(default): 20 mail_max_userip_connections(imap): 20 mail_max_userip_connections(pop3): 10 mail_uid: 1033 mail_gid: 1033 mail_location: maildir:%h/Maildir mail_executable(default): /usr//libexec/dovecot/imap mail_executable(imap): /usr//libexec/dovecot/imap mail_executable(pop3): /usr//libexec/dovecot/pop3 mail_plugins(default): quota imap_quota autocreate mail_plugins(imap): quota imap_quota autocreate mail_plugins(pop3): quota mail_plugin_dir(default): /usr//lib/dovecot/imap mail_plugin_dir(imap): /usr//lib/dovecot/imap mail_plugin_dir(pop3): /usr//lib/dovecot/pop3 pop3_no_flag_updates(default): no pop3_no_flag_updates(imap): no pop3_no_flag_updates(pop3): yes pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %f pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls namespace: type: private prefix: INBOX. inbox: yes list: yes subscriptions: yes auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: prefetch userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen master: path: /var/run/dovecot/auth-master mode: 438 plugin: quota: maildir quota_rule: *:bytes=10240 quota_rule2: *:messages=3 quota_rule3: Trash:bytes=10%% autocreate: SPAM.E Spam autocreate2: SPAM.Marcar Spam autocreate3: SPAM autocreate4: SPAM.Desmarcar Spam []s, Raphael Costa attachment: dovecot.png
[Dovecot] Stateful Webmail
Hello, I'm a developer on the Orbited project (http://www.orbited.org), which provides a TCPSocket interface in javascript (emulated over HTTP using ajax and comet.) This TCPSocket allows true bi-directional communication between a web browser and an arbitrary tcp server. One of the other developers pointed me to a recent dovecot thread about webmail. Sorry for the new thread (I just joined this list and couldn't reply to the old emails). Timo Sirainen wrote Wed Aug 13 23:37:11 EEST 2008: I wrote this a while ago: http://imapwiki.org/ClientImplementation One thing that would be nice, that pretty much no webmail does, is to keep a stateful connection open all the time (or at least some of the time) instead of creating tons of short-lived connections that ask the same stuff over and over again. With a stateful connection you could basically run IDLE and wait for changes there instead of asking all the time is there new mail? is there new mail now? what about now?. Coincidentally, we have just began work on a JavaScript IMAP client. With it, building a webmail app should be *entirely* a UI concern. The good news is that our Socket interface is very stable and is being used in production for protocols like IRC for webchat. The bad news is that none of the the Orbited developers have experience with the IMAP protocol. We are putting all of our protocol implementations in the soon-to-launch js.io project (www.js.io). As soon as we have any kind of IMAP client prototype, I'll let you know. In the meantime, would anyone be interesting in helping us develop the imap client? Its 100% pure JavaScript, and will greatly ease the development of feature-rich webmail, as a webmail deployment will become a matter of simply running Dovecot, the js.io.imap client, and an HTML gui. -Michael Carter
Re: [Dovecot] Stateful Webmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 14 Aug 2008 13:51:20 -0700, Michael Carter [EMAIL PROTECTED] wrote: I'm a developer on the Orbited project (http://www.orbited.org), which provides a TCPSocket interface in javascript (emulated over HTTP using ajax and comet.) This TCPSocket allows true bi-directional communication between a web browser and an arbitrary tcp server. Interesting... TCP over HTTP over TCP ;) Coincidentally, we have just began work on a JavaScript IMAP client. With it, building a webmail app should be *entirely* a UI concern. The good news is that our Socket interface is very stable and is being used in production for protocols like IRC for webchat. The bad news is that none of the the Orbited developers have experience with the IMAP protocol. We are putting all of our protocol implementations in the soon-to-launch js.io project (www.js.io). As soon as we have any kind of IMAP client prototype, I'll let you know. In the meantime, would anyone be interesting in helping us develop the imap client? Its 100% pure JavaScript, and will greatly ease the development of feature-rich webmail, as a webmail deployment will become a matter of simply running Dovecot, the js.io.imap client, and an HTML gui. Maybe you can have a look at http://decimail.org/index.html - I never tried it though. Somebody posted a link to it on the Roundcube Webmail mailing list (http://lists.roundcube.net/mail-archive/dev/2008-07/023.html), that's how it got my attention. Patrick. - -- STAR Software (Shanghai) Co., Ltd. http://www.star-group.net/ Phone:+86 (21) 3462 7688 x 826 Fax: +86 (21) 3462 7779 PGP key: E883A005 https://stshacom1.star-china.net/keys/patrick_nagel.asc Fingerprint: E09A D65E 855F B334 E5C3 5386 EF23 20FC E883 A005 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: http://getfiregpg.org iEYEARECAAYFAkik1v4ACgkQ7yMg/OiDoAUnrACdExgaUxOVXBaHQ8ZXGKg0pSi3 Mg4AnijrxRfaY5PEMI6lR5e7stgdpqyr =JHZl -END PGP SIGNATURE-
Re: [Dovecot] Webmail app ... again.
On Thursday, August 14 at 07:01 AM, quoth Eric Toczek: While it's not free, a really nice webmail that does a lot of smart things (persistent imap connections, ldap connection pooling, and one of the best interfaces I've seen) is Nitido's PIM http://www.nitido.com/products/index.shtml?web_pim . It's used by a few of the larger US/Canadian ISPs for their webmail, as well as some big hosted email resellers. A bright group of guys too. Do they have some better screenshots or a live demo anywhere? ~Kyle -- Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian Kernighan signature.asc Description: Digital signature