[Dovecot] namespace public / namespace shared - question

[Michal Soltys]

After looking through wiki/config/list I'm still not sure, what exactly 
is the difference between those two. Even all the examples in dovecot's 
wiki don't have a single namespace shared anywhere. And there's only 
short mention about the difference in dovecot.conf .


Peeking into rfc2342 - would shared namespace relate to Other Users' 
Namespace(s) and public namespace to Shared Namespace(s) ?


Does perhaps the difference only lie on the client side, depending on 
the namespace it's asking, while functionally it's the same from the 
perspective of dovecot ?

Re: [Dovecot] v1.1.6 released

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 20 Nov 2008, John Gray wrote:


I see this from time to time too.  But if right click on the folder in
thunderbird, select properties from the context menu, and hit rebuild
index in the properties dialog, it fixes it.  It crops up for me several


Ah, cool! It works. It's named Offline | Download now in my revision of 
Thunderbird. I just clicked the get messages button with no luck, as 
well as switching folders. So propably it's a caching problem only?


Because I usually use Alpine, I do not see the problem often, however, 
some tasks are pain in Pine.


Bye,

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJJnqSVJMDrex4hCIRAhsjAKCyEhb50Q8l6kiwtQ2ksUVu+ySjggCgxaM9
u0pC8kNNYeCJ3nj0FH82Rus=
=Htel
-END PGP SIGNATURE-

[Dovecot] two dovecot server using the same file system

[Osvaldo Alvarez Pozo]

Hi all.

 I want to use two servers with dovecot using a common file system with drbd.
So I have several questions.
 If one server write a mail to th file system he will use his name as
part of the mail identification.
the second server will use his own name. Each server will generate it
own mail numbers . When an imap or pop user will consult the mails i
shoul be confusion. Am I correct. is there a way of solving this
issue??


Thanks

Re: [Dovecot] v1.1.6 released

[Charles Marcus]

On 11/21/2008 4:08 AM, Steffen Kaiser wrote:
 On Thu, 20 Nov 2008, John Gray wrote:
 
 I see this from time to time too.  But if right click on the folder in
 thunderbird, select properties from the context menu, and hit rebuild
 index in the properties dialog, it fixes it.  It crops up for me several

 Ah, cool! It works. It's named Offline | Download now in my revision
 of Thunderbird. I just clicked the get messages button with no luck,
 as well as switching folders. So propably it's a caching problem only?

? weird...

In my Thunderbird, the only way to get to the 'Rebuild Index'
function/button is:

right-click a folder  'Properties'  'General Information' tab

Did you try to simply right-click a folder and click 'Compact'? Maybe
that will work too, as I would think it would also have to rebuild the
index.

-- 

Best regards,

Charles

Re: [Dovecot] two dovecot server using the same file system

[Robert Schetterer]

Osvaldo Alvarez Pozo schrieb:
 Hi all.
 
  I want to use two servers with dovecot using a common file system with drbd.
 So I have several questions.
  If one server write a mail to th file system he will use his name as
 part of the mail identification.
 the second server will use his own name. Each server will generate it
 own mail numbers . When an imap or pop user will consult the mails i
 shoul be confusion. Am I correct. is there a way of solving this
 issue??
 
 
 Thanks

Hi Oswaldo,
 i will test all this during next weeks
i had positv reports with ocfs2 and iSCSI
so it should work with drbd and ocfs2

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

[Dovecot] [PATCH] drop root privileges on solaris, request for testing

[Andrey Panin]

Hello all,

this patch allows master process to drop more root priveleges under
Solaris. My limited testing shows that code works, but I'm not sure
that defined privilege set is permissive enough for dovecot.

Unfortunately I have no root access to our Solaris servers to really
test it. So if someone is ready to test this patch please do it :)

Best regards.
diff -r 8f41c9f3f392 configure.in
--- a/configure.in  Wed Nov 19 16:11:01 2008 +0200
+++ b/configure.in  Wed Nov 19 14:31:56 2008 +
@@ -461,7 +461,8 @@ AC_CHECK_FUNCS(fcntl flock lockf inet_at
   setrlimit setproctitle seteuid setreuid setegid setresgid \
   strtoull strtoll strtouq strtoq \
   setpriority quotactl getmntent kqueue kevent backtrace_symbols \
-  walkcontext dirfd clearenv malloc_usable_size clock_gettime)
+  walkcontext dirfd clearenv malloc_usable_size clock_gettime \
+  setppriv)
 
 dnl strtoimax and strtoumax are macros in HP-UX, so inttypes.h must be included
 AC_MSG_CHECKING([for strtoimax])
diff -r 8f41c9f3f392 src/master/Makefile.am
--- a/src/master/Makefile.amWed Nov 19 16:11:01 2008 +0200
+++ b/src/master/Makefile.amWed Nov 19 14:18:36 2008 +
@@ -22,6 +22,7 @@ dovecot_SOURCES = \
auth-process.c \
askpass.c \
capabilities-posix.c \
+   capabilities-solaris.c \
child-process.c \
dict-process.c \
dup2-array.c \
diff -r 8f41c9f3f392 src/master/capabilities.h
--- a/src/master/capabilities.h Wed Nov 19 16:11:01 2008 +0200
+++ b/src/master/capabilities.h Wed Nov 19 14:18:38 2008 +
@@ -1,7 +1,7 @@
 #ifndef CAPABILITIES_H
 #define CAPABILITIES_H
 
-#if defined(HAVE_LIBCAP)
+#if defined(HAVE_LIBCAP) || defined(HAVE_SETPPRIV)
 
 void drop_capabilities(void);
 
diff -r 8f41c9f3f392 src/master/capabilities-solaris.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +
+++ b/src/master/capabilities-solaris.c Wed Nov 19 14:18:39 2008 +
@@ -0,0 +1,54 @@
+/* Copyright (c) 2008 Dovecot authors, see the included COPYING file */
+
+#include common.h
+#include capabilities.h
+
+#ifdef HAVE_SETPPRIV
+
+#include priv.h
+
+void drop_capabilities(void)
+{
+   static const char* privs[] = {
+   PRIV_PROC_FORK,
+   PRIV_PROC_EXEC,
+   PRIV_FILE_CHOWN,
+   PRIV_PROC_SETID,
+   PRIV_PROC_CHROOT,
+   PRIV_NET_PRIVADDR,
+   PRIV_FILE_DAC_READ,
+   PRIV_FILE_DAC_WRITE,
+   NULL
+   }, **p;
+   priv_set_t *priv_set;
+   int ret;
+
+   priv_set = priv_allocset();
+   if (priv_set == NULL) {
+   i_warning(Can't allocate memory for privilege set: %m);
+   return;
+   }
+
+   priv_emptyset(priv_set);
+
+   for (p = privs; *p != NULL; p++) {
+   ret = priv_addset(priv_set, *p);
+   if (ret != 0) {
+   i_warning(Can't drop %s from privilege set: %m, *p);
+   }
+   }
+
+   ret = setppriv(PRIV_SET, PRIV_PERMITTED, priv_set);
+   if (ret) {
+   i_warning(Can't set %s privelege set: %m, PERMITTED);
+   }
+
+   ret = setppriv(PRIV_SET, PRIV_EFFECTIVE, priv_set);
+   if (ret) {
+   i_warning(Can't set %s privelege set: %m, EFFECTIVE);
+   }
+
+   priv_freeset(priv_set);
+}
+
+#endif

Re: [Dovecot] userdb, Dovecot LDA not using mail_location config properly?

[Timo Sirainen]

On Fri, 2008-11-21 at 08:06 -0300, k bah wrote:
 (#1) host deliver([EMAIL PROTECTED]): auth input: user=person~mydomain.com
..
  What I don't get is that since I use userdb (read mail log lines marked 
 (#0-3) and the mail_location option from dovecot.conf), mail should be 
 saved to person~mydomain.com and not [EMAIL PROTECTED] on the disk(?).

deliver currently ignores if userdb returns user. Hmm. I guess I could
finally fix this for v1.2. The only problem left to figure out is if the
log line prefix should then be changed also. I guess it should.

Done: http://hg.dovecot.org/dovecot-1.2/rev/ed4d6f6e4da7

Won't help with v1.1 though..



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] namespace public / namespace shared - question

[Timo Sirainen]

On Fri, 2008-11-21 at 09:45 +0100, Michal Soltys wrote:
 After looking through wiki/config/list I'm still not sure, what exactly 
 is the difference between those two. Even all the examples in dovecot's 
 wiki don't have a single namespace shared anywhere. And there's only 
 short mention about the difference in dovecot.conf .
 
 Peeking into rfc2342 - would shared namespace relate to Other Users' 
 Namespace(s) and public namespace to Shared Namespace(s) ?
 
 Does perhaps the difference only lie on the client side, depending on 
 the namespace it's asking, while functionally it's the same from the 
 perspective of dovecot ?

Shared namespace is about getting access to other users' messages.
Public namespace is about getting access to .. well .. public mailboxes,
or mailboxes that were made shared by sysadmin. In any case not other
users' mailboxes.

Dovecot before v1.2 makes no difference between shared and public
namespaces. The next v1.2 release finally supports users' shared
mailboxes so there's a big difference between handling shared and public
namespaces.

I've no idea if clients treat shared and public namespaces differently.


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] %d in deliver

[Timo Sirainen]

On Thu, 2008-11-20 at 11:05 +, Mark Zealey wrote:
 I run a system that has a lot of virtual users. We invoke deliver from
 exim and pass the directory to deliver into using the HOME environment
 variable, so deliver doesn't do any database lookups during the delivery
 process. The exim pipe environment is described at
 http://exim.org/exim-html-current/doc/html/spec_html/index.html#toc0239,
 but basically I'd like to know the domain as well as the user, however
 deliver doesn't seem to pick this up. Is there any way that you could
 extend deliver to make it either pick up the domain (or correct
 username) from the command line, but not do an authdb lookup; or get it
 to read the domain from an environment variable (or be able to print the
 contents of an arbitrary environment variable in a formatted string)?

If you set USER environment to [EMAIL PROTECTED], the domain is picked up.

Dovecot in general doesn't handle domains specially. There's only the
username and only in certain specific situations the user and domain
parts in it are handled specially.


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Compilation of 1.1.6 fails on HP-UX 11.31

[Timo Sirainen]

On Thu, 2008-11-06 at 16:32 +0100, Marc Beyer wrote:
 Compilation fails, output of configure and make are given below. The
 cause of this is almost certainly that this version of HP-UX does define
 the QCMD macro in sys/quota.h (checked in the ifdef line 26
 dovecot-1.1.6/src/plugins/quota/quota-fs.h) as well as the dqblk struct,
 but the latter with different fields than the Linux version. Older
 versions of HP-UX seem not to have contained this macro(? can't check
 this at the moment), which is probably why it was used to distinguish
 between HP-UX and Linux in quota-fs.h.

Does the new HP-UX version happen to support also group quotas? If so, I
could make it use the Linux code by just disabling the inode quotas.

But I'd guess the QCMD macro was added just for making it easier to
compile Linux code and trying to use group quotas would fail. So perhaps
the HP-UX vs. Linux check could just be changed. Does the patch below
help?

diff -r ed4d6f6e4da7 src/plugins/quota/quota-fs.h
--- a/src/plugins/quota/quota-fs.h  Fri Nov 21 14:35:46 2008 +0200
+++ b/src/plugins/quota/quota-fs.h  Fri Nov 21 14:58:03 2008 +0200
@@ -23,7 +23,7 @@
 
 #ifdef HAVE_QUOTACTL
 #  ifdef HAVE_SYS_QUOTA_H
-#ifdef QCMD
+#ifndef _HPUX_SOURCE
 #  define FS_QUOTA_LINUX
 #else
 #  define FS_QUOTA_HPUX



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Auth Issues - Urgent - Help!

[David Cunningham]

No one else with opinions on this?

Dave


Quoting David Cunningham [EMAIL PROTECTED]:


Yes, i telnet to port 143 and enter everything manually.

Dave

Quoting Charles Marcus [EMAIL PROTECTED]:


On 11/19/2008 10:17 PM, David Cunningham wrote:

Well, most of my issues are gone with adding auth cache.  However, I am
having an issue.  Sometimes, even though cache incorrect passwords is
disabled, new passwords do not work.  It would seem that once a user
logs in with one password successfully the cache does not automatically
retry if the user tries a different passwords.  I would think that the
auth cache should check to see if the password changed on the ldap
server if something other than the cached password is entered.

Is this something wrong with my configuraiton, or the auth code itself?


Maybe it is the mail client doing the caching... have you tested this on
the command line?

--

Best regards,

Charles

Re: [Dovecot] v1.1.6 released

[Kyle Wheeler]

On Wednesday, November 19 at 10:56 AM, quoth Adam McDougall:
Just wanted to mention that 1.1.6 seems fine so far in our testing, and I 
think the lack of reported problems on the mailing list is probably a 
very good sign!


For whatever reason, we ran into the userdb didn't return a home 
directory problem with 1.1.6, and quickly downgraded back to 1.1.5. 
http://thread.gmane.org/gmane.mail.imap.dovecot/34008/focus=34009


It's rather silly too, since the userdb *does* return a home directory 
(which is why I'm skeptical of the fix mentioned there that forces a 
default home directory of /tmp). Here's hoping 1.1.7 (whenever it 
comes out) is a smoother upgrade.


~Kyle
--
History will be kind to me, for I intend to write it.
  -- Winston Churchill


pgpCoEIFBXAaL.pgp
Description: PGP signature

[Dovecot] sieve-body extension support for deliver LDA's sieve plugin

[BrunoM]

Hello, I just read your message about sieve and body-extension in Dovecot. Do 
you have news on that topic?
I just have to filter mails containing a particular text fragment, and I cannot 
do without sieve body, I think..
Thank you for any clue you'd be able to give me !

Regards,

Bruno


---

Hi Timo  Co,

Is there any time frame for updating the deliver LDA's sieve plugin 
code to that from Cyrus IMAPd v2.3.x?


I ask as I'm looking for the functionality of the sieve-body 
extension, as described here:

http://www.ietf.org/internet-drafts/draft-ietf-sieve-body-06.txt

This requirement has come up as we're upgrading from a 
Courier-IMAP/maildrop configuration that has some filtering based on 
message body content.


As an aside, if that time frame is undefined or will be long, if I 
use maildrop instead as my LDA, will I loose the instant delivery 
notification via IMAP IDLE?


Thanks very much,

Scott

Re: [Dovecot] sieve-body extension support for deliver LDA's sieve plugin

[Timo Sirainen]

On Fri, 2008-11-21 at 15:52 +0100, BrunoM wrote:
 Hello, I just read your message about sieve and body-extension in Dovecot. Do 
 you have news on that topic?
 I just have to filter mails containing a particular text fragment, and I 
 cannot do without sieve body, I think..
 Thank you for any clue you'd be able to give me !

Dovecot Sieve v1.1 supports body extension (requires Dovecot v1.1+).



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] folder deletion response problem

[Timo Sirainen]

On Fri, 2008-11-21 at 10:19 -0800, Amr Shahin wrote:
 the problem is that when i try to delete an existing directory in a
 mailbox, it gets actually deleted, but the response says that the
 mailbox does not exist, please check this log:

Thanks, fixed: http://hg.dovecot.org/dovecot-1.1/rev/940fc5bdebf1



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Auth Issues - Urgent - Help!

[Timo Sirainen]

On Wed, 2008-11-19 at 22:17 -0500, David Cunningham wrote:
 Well, most of my issues are gone with adding auth cache.  However, I  
 am having an issue.  Sometimes, even though cache incorrect passwords  
 is disabled, 

Do you mean auth_cache_negative_ttl=0 by this? It only affects user not
found caching.

 new passwords do not work.  It would seem that once a  
 user logs in with one password successfully the cache does not  
 automatically retry if the user tries a different passwords.  I would  
 think that the auth cache should check to see if the password changed  
 on the ldap server if something other than the cached password is  
 entered.
 
 Is this something wrong with my configuraiton, or the auth code itself?

The way it should work is that:

1) User logs in with password X which succeeds.
2) Password is changed to Y.
3) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth succeeded, so it'll do an auth lookup, sees that
the password was changed and caches it.

But this can also happen:

1) User logs in with password X which succeeds.
2) Password is changed to Y.
3) User logs in with password X, which succeeds.

Or:

1) User logs in with password X which succeeds.
2) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth succeeded, so it'll do an auth lookup and sees
that the password wasn't changed.
3) Password is changed to Y.
4) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth failed, so it doesn't bother doing another
lookup.

Can you consistently make Dovecot behave differently as described above?


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Auth Issues - Urgent - Help!

[Timo Sirainen]

On Fri, 2008-11-21 at 21:38 +0200, Timo Sirainen wrote:
 On Wed, 2008-11-19 at 22:17 -0500, David Cunningham wrote:
  Well, most of my issues are gone with adding auth cache.  However, I  
  am having an issue.  Sometimes, even though cache incorrect passwords  
  is disabled, 
 
 Do you mean auth_cache_negative_ttl=0 by this? It only affects user not
 found caching.
 
  new passwords do not work.  It would seem that once a  
  user logs in with one password successfully the cache does not  
  automatically retry if the user tries a different passwords.  I would  
  think that the auth cache should check to see if the password changed  
  on the ldap server if something other than the cached password is  
  entered.
  
  Is this something wrong with my configuraiton, or the auth code itself?
 
 The way it should work is that:

I also added these to Wiki with slightly better wording:
http://wiki.dovecot.org/Authentication/Caching



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Auth Issues - Urgent - Help!

[David Cunningham]

I think the last thing you say is exactly what is happening to me.  I  
think the user is updating the password, but a slight delay in my LDAP  
replication is causing them to try the new password before it is  
actually the new password.


Yes, I was refering to auth_cache_negative_ttl=0.  I didn't realize  
that was user not found only.  Is there any way to force the cache to  
check the password for anything that was not previously cached as  
being the correct password?


Dave

Quoting Timo Sirainen [EMAIL PROTECTED]:


On Wed, 2008-11-19 at 22:17 -0500, David Cunningham wrote:

Well, most of my issues are gone with adding auth cache.  However, I
am having an issue.  Sometimes, even though cache incorrect passwords
is disabled,


Do you mean auth_cache_negative_ttl=0 by this? It only affects user not
found caching.


new passwords do not work.  It would seem that once a
user logs in with one password successfully the cache does not
automatically retry if the user tries a different passwords.  I would
think that the auth cache should check to see if the password changed
on the ldap server if something other than the cached password is
entered.

Is this something wrong with my configuraiton, or the auth code itself?


The way it should work is that:

1) User logs in with password X which succeeds.
2) Password is changed to Y.
3) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth succeeded, so it'll do an auth lookup, sees that
the password was changed and caches it.

But this can also happen:

1) User logs in with password X which succeeds.
2) Password is changed to Y.
3) User logs in with password X, which succeeds.

Or:

1) User logs in with password X which succeeds.
2) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth succeeded, so it'll do an auth lookup and sees
that the password wasn't changed.
3) Password is changed to Y.
4) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth failed, so it doesn't bother doing another
lookup.

Can you consistently make Dovecot behave differently as described above?

Re: [Dovecot] Error message in logs since 1.1.6 upgrade

[Timo Sirainen]

On Fri, 2008-11-14 at 16:10 +, Guy wrote:
 Hi,
 
 I've got two imap boxes, one is running 1.1.5 and hasn't exhibited the
 error below, but the one that's been upgraded to 1.1.6 is showing
 them.
 
 Nov 14 16:06:31 mink dovecot: imap-login: Disconnected (no auth
 attempts): rip=x.x.x.x, lip=x.x.x.x, TLS handshaking: SSL_accept()
 failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed
 or bad record mac

There weren't any SSL related changes between v1.1.5 and v1.1.6. Perhaps
you upgraded OpenSSL library or you compiled Dovecot differently?

You could verify this not being directly Dovecot's problem by
recompiling v1.1.5 and seeing if the same problem happens there now too.

Or are you sure this is really even a problem? The above shows the
reason why client was disconnected, it doesn't necessarily mean that
there's anything wrong on the server side. Perhaps before you just
didn't have any broken clients then?



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Auth Issues - Urgent - Help!

[Timo Sirainen]

On Fri, 2008-11-21 at 14:50 -0500, David Cunningham wrote:
 Is there any way to force the cache to  
 check the password for anything that was not previously cached as  
 being the correct password?

Nope. Hmm. Perhaps there should be a different TTL for that. I don't
really like adding new settings though.

For now you can at least do it by modifying sources:
src/auth/passdb-cache.c:

if (ret == 0  node-last_success) {

Change it to:

if (ret == 0) {



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Auth Issues - Urgent - Help!

[David Cunningham]

Wowa, that's easy enough.  I will do that the next time that I upgrade  
in a few weeks.


Dave

Quoting Timo Sirainen [EMAIL PROTECTED]:


On Fri, 2008-11-21 at 14:50 -0500, David Cunningham wrote:

Is there any way to force the cache to
check the password for anything that was not previously cached as
being the correct password?


Nope. Hmm. Perhaps there should be a different TTL for that. I don't
really like adding new settings though.

For now you can at least do it by modifying sources:
src/auth/passdb-cache.c:

if (ret == 0  node-last_success) {

Change it to:

if (ret == 0) {

Re: [Dovecot] Disconnecting without unbinding?

[Timo Sirainen]

On Tue, 2008-11-18 at 15:41 -0500, Maykel Moya wrote:
 Timo
 
 Please have a look at this short thread[1]. That message stops appearing
 whenever I shutdown dovecot.

Dovecot never disconnects LDAP connections. Even when it does that when
shutting down, it uses ldap_unbind() to do it.

I've no idea why Dovecot would cause those messages to appear in your
LDAP server. Perhaps there's a firewall or something in the middle that
keeps disconnecting it? Dovecot v1.0 unfortunately doesn't log anything
if it loses connection to LDAP server, v1.1+ does.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] PLAIN password scheme question

[Timo Sirainen]

On Fri, 2008-11-14 at 23:29 +0300, Dmitri V. Ivanov wrote:
 On Thu, Nov 13, 2008 at 08:16:17PM +0200, Timo Sirainen wrote:
  
  v1.1+ supports {plain.b64} or {plain.hex}.
  
 
 As far as I can see (well - grep is used) You are implemented something
 (I don't untderstand code jet - just from comments within
 src/auth/password-scheme.c). It seems like to look for .hex,.b64 and .base64,
 But I'm wrong to find anything about it from wiki or NEWS.

I just never remembered to announce it anywhere. Added now to
http://wiki.dovecot.org/Authentication/PasswordSchemes



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] expire-tool fails if mail_location contains %h

[Timo Sirainen]

On Tue, 2008-11-04 at 17:36 +0100, Thorsten Vollmer wrote:
 Hi Timo,
 
 not long ago you fixed a bug regarding the expansion of ~/ in
 mail_location that prevented expire-tool from working correctly. A
 similar problem exists if mail_location contains %h: expire-tool will
 use the wrong path to access the mailbox. After replacing %h with ~,
 expire-tool works as expected.
 
 Why are there two variables for the home directory? Maybe the use of %h
 could be discouraged, sparing you some problems.

In earlier versions ~/ expansion didn't work everywhere so %h is used in
examples because of that. But nowadays ~/ expansion does work
everywhere, so %h is a bit pointless in most places. Also the %h (just
like all %variable) expansion happens early in the configuration
parsing, so expire-tool can't really be fixed to handle %h.

Well, I added a note now to http://wiki.dovecot.org/Variables and
removed %h from http://wiki.dovecot.org/MailLocation. I don't really
have better ideas how to discourage it.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] make archive emails undeletable?

[Timo Sirainen]

On Fri, 2008-10-31 at 22:36 -0500, Rob Nichols wrote:
 I've been using dovecot for a year or two now, and really like it.  I have a
 fairly simple setup, but I think it's time to get a little more advanced.  I
 keep an archive of all my email, both sent and received.  Every once in a
 while I get confused, and accidentally delete something from my archive.  I
 also worry that I'll misconfigure a mail client some day and accidentally
 wipe out my trash folder.  I would like some way to prevent deletion in
 several mailboxes.  Is that possible?  It looks like ACL could do this, but
 I can't quite figure out where to start.  Any pointers would be greatly
 appreciated.

There are no recursive ACLs currently, so you'd have to create
dovecot-acl file for each mailbox containing something like:

owner lrwstipka

i.e. removed 'e' and 'x' rights. http://wiki.dovecot.org/ACL tells some
more.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Problem witch dovecot-auth continue

[Timo Sirainen]

On Fri, 2008-11-07 at 11:17 +0100, Grzegorz Zalewski wrote:
 I`m forgot paste rest of the log:
 
 dovecot: 2008-11-07 10:16:44 Panic: auth(default): file
 auth-worker-server.c: line 54 (auth_worker_idle_timeout): assertion failed:
 (array_count(conn-requests) == 0)

Thanks, this should fix it:
http://hg.dovecot.org/dovecot-1.2/rev/b64fb26e3b6f



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] mail_privileged_group not working for dotlock files (1.1.6)

[Rob Mangiafico]

Running dovecot 1.1.6 on centOS 5 and RHEL 5.

With the settings:
pop3_lock_session = yes
mail_privileged_group = mail
mail_location = mbox:~/:INBOX=/var/spool/mail/%u
mbox_read_locks = fcntl
mbox_write_locks = dotlock fcntl

and /var/spool/mail permissions:
drwxrwx--x   2 root   mail4096 Nov 19 10:16 mail/

Trying to connect via POP3 results in this error:
---
Nov 19 09:31:01 lexiconn2 dovecot: child 32127 (pop3) killed with signal 11

Nov 19 09:31:01 lexiconn2 dovecot: POP3(cerberus): file_lock_dotlock() failed 
with mbox file /var/spool/mail/xxx: Permission denied


Nov 19 09:31:01 lexiconn2 dovecot: pop3-login: Login: user=xxx, 
method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, secured

---

The docs seem to indicate the above config / settings should work. Is this a 
bug?


The reason we have dotlock as the primary format is due to procmail LDA from 
sendmail:

---
procmail -v 21|grep Locking
Locking strategies: dotlocking, fcntl()
---

I assume we have to make the mbox_write_locks match the procmail locking...


We can use the workaround:
mail_access_groups = mail

But we'd prefer to use the safer method of mail_privileged_group to get 
dotlocking and POP3 mbox working with our current permissions. Just want 
to make sure we have things setup correctly. Thanks.


Rob

Re: [Dovecot] mail_privileged_group not working for dotlock files (1.1.6)

[Timo Sirainen]

On Fri, 2008-11-21 at 15:45 -0500, Rob Mangiafico wrote:
  Running dovecot 1.1.6 on centOS 5 and RHEL 5.
 
  With the settings:
  pop3_lock_session = yes
  mail_privileged_group = mail
  mail_location = mbox:~/:INBOX=/var/spool/mail/%u

What does ~/ expand to? What does mail_debug=yes show? The privileged
locking isn't used if INBOX appears under the mail root directory. So if
~/ expands to /, /var, /var/spool or /var/spool/mail, the privileged
locking isn't done.

  Nov 19 09:31:01 lexiconn2 dovecot: child 32127 (pop3) killed with signal 11

Could you get gdb backtrace of this crash? See
http://dovecot.org/bugreport.html

  The reason we have dotlock as the primary format is due to procmail LDA 
  from 
  sendmail:
  ---
  procmail -v 21|grep Locking
  Locking strategies: dotlocking, fcntl()
  ---
 
  I assume we have to make the mbox_write_locks match the procmail 
  locking...

Actually it's not necessary. You'll need to have at least one common
locking mechanism. Using only fcntl Dovecot would be enough if procmail
also uses fcntl.


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] nfs_flush_fcntl failed: No locks available

[Timo Sirainen]

On Mon, 2008-11-10 at 13:32 +, Mark Zealey wrote:
 Hi there,
 
 I've been seeing this error in our logs quite frequently on our nfs
 storage (v3):
 
 2008-11-10T13:24:26+00:00 mail8 dovecot: IMAP([EMAIL PROTECTED]):
 nfs_flush_fcntl: fcntl(/var/spool/mail/XXX/Maildir/dovecot.index.cache,
 F_RDLCK) failed: No locks available
 
 Which is because we don't run lockd on our servers. Why is dovecot
 trying to use fcntl() ? I explicitly set it to use dotlocks in the
 dovecot config:

mail_nfs_*=yes settings try to use fcntl for flushing data cache.
There's really no other way to do it on Linux. Although having
nano/microsecond resolution timestamps on NFS server probably would make
it irrelevant. Hmm.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Occasional messages cause Thunderbird to loop

[Timo Sirainen]

On Tue, 2008-11-11 at 12:52 -0500, Allen Belletti wrote:
 I'm not sure if this is something which crept into a recent release of 
 Dovecot, or a problem with T'bird, or something else entirely.  I had 
 suspected corrupt messages the first time or two, and was once able to 
 copy such a message into my own Maildir/cur directory and have it fail 
 for me.  Since then I've not been able to replicate this feat.  I also 
 thought that it might have been the Dovecot indices becoming corrupt but 
 today I tried purging them for an affected user, and the problem still 
 showed up.  In addition, for the first time today that user reported a 
 message which originally (as of 6 Nov. 2008) worked fine but today 
 demonstrates the issue.

If there's a problem with indexes, Dovecot most likely would have logged
an error message. Do you see any errors logged?

 If anyone has seen anything like this or has suggestions to try, please 
 let me know.  If necessary I can go to full debug-logging with Dovecot 
 but I'd prefer to avoid that if possible :)

Knowing what Thunderbird and Dovecot talk to each others would be pretty
much the only way to know what's going on.
http://wiki.dovecot.org/Debugging/Rawlog would help.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Separate quotas not displayed correctly

[Timo Sirainen]

On Mon, 2008-11-03 at 10:56 +0100, Laurent Blume wrote:
 Timo Sirainen a écrit :
  I guess it's more like a non-implemented feature. I'll add to my TODO.
 
 Any ETA for it? Even a rough guesstimate.
 It's part of our requirements for deployment of a new version, just need
 to reschedule it differently if it's going to be available only a la
 later date

Sorry, I can't really give any dates. It's a very low priority to me.
Maybe if/when I happen to do changes there for other reasons.. I almost
thought that I would have done it today because getting quota working
with shared mailboxes was somewhat related to this, but looks like it
wasn't necessary after all.

I think it's not going to be a simple code change since there's
currently no mailbox - quota root mapping, and this pretty much would
require that.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] expire-tool fails if mail_location contains %h

[Thorsten Vollmer]

On Fri, 2008-11-21 at 22:26 +0200, Timo Sirainen wrote:
 On Tue, 2008-11-04 at 17:36 +0100, Thorsten Vollmer wrote:
  not long ago you fixed a bug regarding the expansion of ~/ in
  mail_location that prevented expire-tool from working correctly. A
  similar problem exists if mail_location contains %h: expire-tool will
  use the wrong path to access the mailbox. After replacing %h with ~,
  expire-tool works as expected.
  
  Why are there two variables for the home directory? Maybe the use of %h
  could be discouraged, sparing you some problems.
 
 In earlier versions ~/ expansion didn't work everywhere so %h is used in
 examples because of that. But nowadays ~/ expansion does work
 everywhere, so %h is a bit pointless in most places. Also the %h (just
 like all %variable) expansion happens early in the configuration
 parsing, so expire-tool can't really be fixed to handle %h.
 
 Well, I added a note now to http://wiki.dovecot.org/Variables and
 removed %h from http://wiki.dovecot.org/MailLocation. I don't really
 have better ideas how to discourage it.

I think this is sufficient.

Thanks for the explanation.

Thorsten



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] mail_privileged_group not working for dotlock files (1.1.6)

[Rob Mangiafico]

On Fri, 2008-11-21 at 15:45 -0500, Rob Mangiafico wrote:

Running dovecot 1.1.6 on centOS 5 and RHEL 5.

With the settings:
pop3_lock_session = yes
mail_privileged_group = mail
mail_location = mbox:~/:INBOX=/var/spool/mail/%u


What does ~/ expand to? What does mail_debug=yes show? The privileged
locking isn't used if INBOX appears under the mail root directory. So if
~/ expands to /, /var, /var/spool or /var/spool/mail, the privileged
locking isn't done.



From the log file:

---
Nov 21 20:29:43 ssy dovecot: auth(default): new auth connection: pid=23472
Nov 21 20:29:46 ssy dovecot: auth(default): client in: AUTH 1 
PLAIN   service=pop3secured lip=127.0.0.1   rip=127.0.0.1 
lport=110   rport=44480 resp=hidden

Nov 21 20:29:46 ssy dovecot: auth(default): shadow(rlm,127.0.0.1): lookup
Nov 21 20:29:46 ssy dovecot: auth(default): client out: OK  1 
user=rlm
Nov 21 20:29:46 ssy dovecot: auth(default): master in: REQUEST  2 
23349   1

Nov 21 20:29:46 ssy dovecot: auth(default): passwd(rlm,127.0.0.1): lookup
Nov 21 20:29:46 ssy dovecot: auth(default): master out: USER2 
rlm system_user=rlm uid=500 gid=500 home=/home/rlm

Nov 21 20:29:46 ssy dovecot: child 23475 (pop3) killed with signal 11
Nov 21 20:29:46 ssy dovecot: POP3(rlm): Effective uid=500, gid=500
Nov 21 20:29:46 ssy dovecot: POP3(rlm): mbox: 
data=~/mail:INBOX=/var/spool/mail/rlm
Nov 21 20:29:46 ssy dovecot: POP3(rlm): fs: root=/home/rlm/mail, index=, 
control=, inbox=/var/spool/mail/rlm
Nov 21 20:29:46 ssy dovecot: POP3(rlm): file_lock_dotlock() failed with 
mbox file /var/spool/mail/rlm: Permission denied
Nov 21 20:29:46 ssy dovecot: pop3-login: Login: user=rlm, method=PLAIN, 
rip=127.0.0.1, lip=127.0.0.1, secured



ls -al /var/spool/mail/
drwxrwx--x   2 root  mail 4096 Nov 21 19:58 ./

dovecot -n
# 1.1.6: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.20.1 i686 CentOS release 4.7 (Final)
protocols: imap imaps pop3 pop3s
ssl_cert_file: /usr/share/ssl/certs/sendmail.pem
ssl_key_file: /usr/share/ssl/certs/sendmail.pem
ssl_cipher_list: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
disable_plaintext_auth: no
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_privileged_group: mail
mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u
mail_debug: yes
mail_full_filesystem_access: yes
mmap_disable: yes
fsync_disable: yes
mail_drop_priv_before_exec: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_lock_session(default): no
pop3_lock_session(imap): no
pop3_lock_session(pop3): yes
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %08Xv%08Xu
auth default:
  mechanisms: plain login
  verbose: yes
  debug: yes
  passdb:
driver: shadow
  userdb:
driver: passwd



Could you get gdb backtrace of this crash? See
http://dovecot.org/bugreport.html


I do not think it is crashing, as no matter what I do, I cannot get core 
dumps (in /tmp, home dir, etc...):

ulimit -c
unlimited

cat /proc/sys/kernel/core_pattern
/tmp/%p


The reason we have dotlock as the primary format is due to procmail LDA from
sendmail:
---
procmail -v 21|grep Locking
Locking strategies: dotlocking, fcntl()
---

I assume we have to make the mbox_write_locks match the procmail locking...


Actually it's not necessary. You'll need to have at least one common
locking mechanism. Using only fcntl Dovecot would be enough if procmail
also uses fcntl.


Ah, ok. I thought the docs implied they had to match exactly. Since we use 
procmail as an LDA, and occasionally pine (from uw-imap) which I believe 
supports fcntl, and openwebmail (not sure if fcntl is supported), I think 
we'll be safe with fcntl locking. Correct?


If you need me to test anything else, please let me know. Thanks!

Rob

Re: [Dovecot] folder deletion response problem

[Ala'a A. Ibrahim]

Wow,
That was fast, thanks a lot Timo, it worked fine :)

Timo Sirainen wrote:
 On Fri, 2008-11-21 at 10:19 -0800, Amr Shahin wrote:
   
 the problem is that when i try to delete an existing directory in a
 mailbox, it gets actually deleted, but the response says that the
 mailbox does not exist, please check this log:
 

 Thanks, fixed: http://hg.dovecot.org/dovecot-1.1/rev/940fc5bdebf1

   

-- 
Ala'a A. Ibrahim
http://www.maktoob.com

[Dovecot] OT: Run Sieve On A Mailbox Manually

[Neil]

(Apologies for being offtopic.)

The subject basically says it all...does anyone know of a tool to run  
a sieve script on a mailbox (in particular, Maildirs) manually?   
Ideally, I'd like to do it without adding a bunch of new headers to  
the mail.


So, could I just do a find (or for-loop, if it was just one maildir)  
command and pipe all the mails into deliver..?


Thanks,
Neil.