[Dovecot] namespace public / namespace shared - question
After looking through wiki/config/list I'm still not sure, what exactly is the difference between those two. Even all the examples in dovecot's wiki don't have a single namespace shared anywhere. And there's only short mention about the difference in dovecot.conf . Peeking into rfc2342 - would shared namespace relate to Other Users' Namespace(s) and public namespace to Shared Namespace(s) ? Does perhaps the difference only lie on the client side, depending on the namespace it's asking, while functionally it's the same from the perspective of dovecot ?
Re: [Dovecot] v1.1.6 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 20 Nov 2008, John Gray wrote: I see this from time to time too. But if right click on the folder in thunderbird, select properties from the context menu, and hit rebuild index in the properties dialog, it fixes it. It crops up for me several Ah, cool! It works. It's named Offline | Download now in my revision of Thunderbird. I just clicked the get messages button with no luck, as well as switching folders. So propably it's a caching problem only? Because I usually use Alpine, I do not see the problem often, however, some tasks are pain in Pine. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJJnqSVJMDrex4hCIRAhsjAKCyEhb50Q8l6kiwtQ2ksUVu+ySjggCgxaM9 u0pC8kNNYeCJ3nj0FH82Rus= =Htel -END PGP SIGNATURE-
[Dovecot] two dovecot server using the same file system
Hi all. I want to use two servers with dovecot using a common file system with drbd. So I have several questions. If one server write a mail to th file system he will use his name as part of the mail identification. the second server will use his own name. Each server will generate it own mail numbers . When an imap or pop user will consult the mails i shoul be confusion. Am I correct. is there a way of solving this issue?? Thanks
Re: [Dovecot] v1.1.6 released
On 11/21/2008 4:08 AM, Steffen Kaiser wrote: On Thu, 20 Nov 2008, John Gray wrote: I see this from time to time too. But if right click on the folder in thunderbird, select properties from the context menu, and hit rebuild index in the properties dialog, it fixes it. It crops up for me several Ah, cool! It works. It's named Offline | Download now in my revision of Thunderbird. I just clicked the get messages button with no luck, as well as switching folders. So propably it's a caching problem only? ? weird... In my Thunderbird, the only way to get to the 'Rebuild Index' function/button is: right-click a folder 'Properties' 'General Information' tab Did you try to simply right-click a folder and click 'Compact'? Maybe that will work too, as I would think it would also have to rebuild the index. -- Best regards, Charles
Re: [Dovecot] two dovecot server using the same file system
Osvaldo Alvarez Pozo schrieb: Hi all. I want to use two servers with dovecot using a common file system with drbd. So I have several questions. If one server write a mail to th file system he will use his name as part of the mail identification. the second server will use his own name. Each server will generate it own mail numbers . When an imap or pop user will consult the mails i shoul be confusion. Am I correct. is there a way of solving this issue?? Thanks Hi Oswaldo, i will test all this during next weeks i had positv reports with ocfs2 and iSCSI so it should work with drbd and ocfs2 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
[Dovecot] [PATCH] drop root privileges on solaris, request for testing
Hello all, this patch allows master process to drop more root priveleges under Solaris. My limited testing shows that code works, but I'm not sure that defined privilege set is permissive enough for dovecot. Unfortunately I have no root access to our Solaris servers to really test it. So if someone is ready to test this patch please do it :) Best regards. diff -r 8f41c9f3f392 configure.in --- a/configure.in Wed Nov 19 16:11:01 2008 +0200 +++ b/configure.in Wed Nov 19 14:31:56 2008 + @@ -461,7 +461,8 @@ AC_CHECK_FUNCS(fcntl flock lockf inet_at setrlimit setproctitle seteuid setreuid setegid setresgid \ strtoull strtoll strtouq strtoq \ setpriority quotactl getmntent kqueue kevent backtrace_symbols \ - walkcontext dirfd clearenv malloc_usable_size clock_gettime) + walkcontext dirfd clearenv malloc_usable_size clock_gettime \ + setppriv) dnl strtoimax and strtoumax are macros in HP-UX, so inttypes.h must be included AC_MSG_CHECKING([for strtoimax]) diff -r 8f41c9f3f392 src/master/Makefile.am --- a/src/master/Makefile.amWed Nov 19 16:11:01 2008 +0200 +++ b/src/master/Makefile.amWed Nov 19 14:18:36 2008 + @@ -22,6 +22,7 @@ dovecot_SOURCES = \ auth-process.c \ askpass.c \ capabilities-posix.c \ + capabilities-solaris.c \ child-process.c \ dict-process.c \ dup2-array.c \ diff -r 8f41c9f3f392 src/master/capabilities.h --- a/src/master/capabilities.h Wed Nov 19 16:11:01 2008 +0200 +++ b/src/master/capabilities.h Wed Nov 19 14:18:38 2008 + @@ -1,7 +1,7 @@ #ifndef CAPABILITIES_H #define CAPABILITIES_H -#if defined(HAVE_LIBCAP) +#if defined(HAVE_LIBCAP) || defined(HAVE_SETPPRIV) void drop_capabilities(void); diff -r 8f41c9f3f392 src/master/capabilities-solaris.c --- /dev/null Thu Jan 01 00:00:00 1970 + +++ b/src/master/capabilities-solaris.c Wed Nov 19 14:18:39 2008 + @@ -0,0 +1,54 @@ +/* Copyright (c) 2008 Dovecot authors, see the included COPYING file */ + +#include common.h +#include capabilities.h + +#ifdef HAVE_SETPPRIV + +#include priv.h + +void drop_capabilities(void) +{ + static const char* privs[] = { + PRIV_PROC_FORK, + PRIV_PROC_EXEC, + PRIV_FILE_CHOWN, + PRIV_PROC_SETID, + PRIV_PROC_CHROOT, + PRIV_NET_PRIVADDR, + PRIV_FILE_DAC_READ, + PRIV_FILE_DAC_WRITE, + NULL + }, **p; + priv_set_t *priv_set; + int ret; + + priv_set = priv_allocset(); + if (priv_set == NULL) { + i_warning(Can't allocate memory for privilege set: %m); + return; + } + + priv_emptyset(priv_set); + + for (p = privs; *p != NULL; p++) { + ret = priv_addset(priv_set, *p); + if (ret != 0) { + i_warning(Can't drop %s from privilege set: %m, *p); + } + } + + ret = setppriv(PRIV_SET, PRIV_PERMITTED, priv_set); + if (ret) { + i_warning(Can't set %s privelege set: %m, PERMITTED); + } + + ret = setppriv(PRIV_SET, PRIV_EFFECTIVE, priv_set); + if (ret) { + i_warning(Can't set %s privelege set: %m, EFFECTIVE); + } + + priv_freeset(priv_set); +} + +#endif
Re: [Dovecot] userdb, Dovecot LDA not using mail_location config properly?
On Fri, 2008-11-21 at 08:06 -0300, k bah wrote: (#1) host deliver([EMAIL PROTECTED]): auth input: user=person~mydomain.com .. What I don't get is that since I use userdb (read mail log lines marked (#0-3) and the mail_location option from dovecot.conf), mail should be saved to person~mydomain.com and not [EMAIL PROTECTED] on the disk(?). deliver currently ignores if userdb returns user. Hmm. I guess I could finally fix this for v1.2. The only problem left to figure out is if the log line prefix should then be changed also. I guess it should. Done: http://hg.dovecot.org/dovecot-1.2/rev/ed4d6f6e4da7 Won't help with v1.1 though.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] namespace public / namespace shared - question
On Fri, 2008-11-21 at 09:45 +0100, Michal Soltys wrote: After looking through wiki/config/list I'm still not sure, what exactly is the difference between those two. Even all the examples in dovecot's wiki don't have a single namespace shared anywhere. And there's only short mention about the difference in dovecot.conf . Peeking into rfc2342 - would shared namespace relate to Other Users' Namespace(s) and public namespace to Shared Namespace(s) ? Does perhaps the difference only lie on the client side, depending on the namespace it's asking, while functionally it's the same from the perspective of dovecot ? Shared namespace is about getting access to other users' messages. Public namespace is about getting access to .. well .. public mailboxes, or mailboxes that were made shared by sysadmin. In any case not other users' mailboxes. Dovecot before v1.2 makes no difference between shared and public namespaces. The next v1.2 release finally supports users' shared mailboxes so there's a big difference between handling shared and public namespaces. I've no idea if clients treat shared and public namespaces differently. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] %d in deliver
On Thu, 2008-11-20 at 11:05 +, Mark Zealey wrote: I run a system that has a lot of virtual users. We invoke deliver from exim and pass the directory to deliver into using the HOME environment variable, so deliver doesn't do any database lookups during the delivery process. The exim pipe environment is described at http://exim.org/exim-html-current/doc/html/spec_html/index.html#toc0239, but basically I'd like to know the domain as well as the user, however deliver doesn't seem to pick this up. Is there any way that you could extend deliver to make it either pick up the domain (or correct username) from the command line, but not do an authdb lookup; or get it to read the domain from an environment variable (or be able to print the contents of an arbitrary environment variable in a formatted string)? If you set USER environment to [EMAIL PROTECTED], the domain is picked up. Dovecot in general doesn't handle domains specially. There's only the username and only in certain specific situations the user and domain parts in it are handled specially. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Compilation of 1.1.6 fails on HP-UX 11.31
On Thu, 2008-11-06 at 16:32 +0100, Marc Beyer wrote: Compilation fails, output of configure and make are given below. The cause of this is almost certainly that this version of HP-UX does define the QCMD macro in sys/quota.h (checked in the ifdef line 26 dovecot-1.1.6/src/plugins/quota/quota-fs.h) as well as the dqblk struct, but the latter with different fields than the Linux version. Older versions of HP-UX seem not to have contained this macro(? can't check this at the moment), which is probably why it was used to distinguish between HP-UX and Linux in quota-fs.h. Does the new HP-UX version happen to support also group quotas? If so, I could make it use the Linux code by just disabling the inode quotas. But I'd guess the QCMD macro was added just for making it easier to compile Linux code and trying to use group quotas would fail. So perhaps the HP-UX vs. Linux check could just be changed. Does the patch below help? diff -r ed4d6f6e4da7 src/plugins/quota/quota-fs.h --- a/src/plugins/quota/quota-fs.h Fri Nov 21 14:35:46 2008 +0200 +++ b/src/plugins/quota/quota-fs.h Fri Nov 21 14:58:03 2008 +0200 @@ -23,7 +23,7 @@ #ifdef HAVE_QUOTACTL # ifdef HAVE_SYS_QUOTA_H -#ifdef QCMD +#ifndef _HPUX_SOURCE # define FS_QUOTA_LINUX #else # define FS_QUOTA_HPUX signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Auth Issues - Urgent - Help!
No one else with opinions on this? Dave Quoting David Cunningham [EMAIL PROTECTED]: Yes, i telnet to port 143 and enter everything manually. Dave Quoting Charles Marcus [EMAIL PROTECTED]: On 11/19/2008 10:17 PM, David Cunningham wrote: Well, most of my issues are gone with adding auth cache. However, I am having an issue. Sometimes, even though cache incorrect passwords is disabled, new passwords do not work. It would seem that once a user logs in with one password successfully the cache does not automatically retry if the user tries a different passwords. I would think that the auth cache should check to see if the password changed on the ldap server if something other than the cached password is entered. Is this something wrong with my configuraiton, or the auth code itself? Maybe it is the mail client doing the caching... have you tested this on the command line? -- Best regards, Charles
Re: [Dovecot] v1.1.6 released
On Wednesday, November 19 at 10:56 AM, quoth Adam McDougall: Just wanted to mention that 1.1.6 seems fine so far in our testing, and I think the lack of reported problems on the mailing list is probably a very good sign! For whatever reason, we ran into the userdb didn't return a home directory problem with 1.1.6, and quickly downgraded back to 1.1.5. http://thread.gmane.org/gmane.mail.imap.dovecot/34008/focus=34009 It's rather silly too, since the userdb *does* return a home directory (which is why I'm skeptical of the fix mentioned there that forces a default home directory of /tmp). Here's hoping 1.1.7 (whenever it comes out) is a smoother upgrade. ~Kyle -- History will be kind to me, for I intend to write it. -- Winston Churchill pgpCoEIFBXAaL.pgp Description: PGP signature
[Dovecot] sieve-body extension support for deliver LDA's sieve plugin
Hello, I just read your message about sieve and body-extension in Dovecot. Do you have news on that topic? I just have to filter mails containing a particular text fragment, and I cannot do without sieve body, I think.. Thank you for any clue you'd be able to give me ! Regards, Bruno --- Hi Timo Co, Is there any time frame for updating the deliver LDA's sieve plugin code to that from Cyrus IMAPd v2.3.x? I ask as I'm looking for the functionality of the sieve-body extension, as described here: http://www.ietf.org/internet-drafts/draft-ietf-sieve-body-06.txt This requirement has come up as we're upgrading from a Courier-IMAP/maildrop configuration that has some filtering based on message body content. As an aside, if that time frame is undefined or will be long, if I use maildrop instead as my LDA, will I loose the instant delivery notification via IMAP IDLE? Thanks very much, Scott
Re: [Dovecot] sieve-body extension support for deliver LDA's sieve plugin
On Fri, 2008-11-21 at 15:52 +0100, BrunoM wrote: Hello, I just read your message about sieve and body-extension in Dovecot. Do you have news on that topic? I just have to filter mails containing a particular text fragment, and I cannot do without sieve body, I think.. Thank you for any clue you'd be able to give me ! Dovecot Sieve v1.1 supports body extension (requires Dovecot v1.1+). signature.asc Description: This is a digitally signed message part
Re: [Dovecot] folder deletion response problem
On Fri, 2008-11-21 at 10:19 -0800, Amr Shahin wrote: the problem is that when i try to delete an existing directory in a mailbox, it gets actually deleted, but the response says that the mailbox does not exist, please check this log: Thanks, fixed: http://hg.dovecot.org/dovecot-1.1/rev/940fc5bdebf1 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Auth Issues - Urgent - Help!
On Wed, 2008-11-19 at 22:17 -0500, David Cunningham wrote: Well, most of my issues are gone with adding auth cache. However, I am having an issue. Sometimes, even though cache incorrect passwords is disabled, Do you mean auth_cache_negative_ttl=0 by this? It only affects user not found caching. new passwords do not work. It would seem that once a user logs in with one password successfully the cache does not automatically retry if the user tries a different passwords. I would think that the auth cache should check to see if the password changed on the ldap server if something other than the cached password is entered. Is this something wrong with my configuraiton, or the auth code itself? The way it should work is that: 1) User logs in with password X which succeeds. 2) Password is changed to Y. 3) User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth succeeded, so it'll do an auth lookup, sees that the password was changed and caches it. But this can also happen: 1) User logs in with password X which succeeds. 2) Password is changed to Y. 3) User logs in with password X, which succeeds. Or: 1) User logs in with password X which succeeds. 2) User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth succeeded, so it'll do an auth lookup and sees that the password wasn't changed. 3) Password is changed to Y. 4) User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth failed, so it doesn't bother doing another lookup. Can you consistently make Dovecot behave differently as described above? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Auth Issues - Urgent - Help!
On Fri, 2008-11-21 at 21:38 +0200, Timo Sirainen wrote: On Wed, 2008-11-19 at 22:17 -0500, David Cunningham wrote: Well, most of my issues are gone with adding auth cache. However, I am having an issue. Sometimes, even though cache incorrect passwords is disabled, Do you mean auth_cache_negative_ttl=0 by this? It only affects user not found caching. new passwords do not work. It would seem that once a user logs in with one password successfully the cache does not automatically retry if the user tries a different passwords. I would think that the auth cache should check to see if the password changed on the ldap server if something other than the cached password is entered. Is this something wrong with my configuraiton, or the auth code itself? The way it should work is that: I also added these to Wiki with slightly better wording: http://wiki.dovecot.org/Authentication/Caching signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Auth Issues - Urgent - Help!
I think the last thing you say is exactly what is happening to me. I think the user is updating the password, but a slight delay in my LDAP replication is causing them to try the new password before it is actually the new password. Yes, I was refering to auth_cache_negative_ttl=0. I didn't realize that was user not found only. Is there any way to force the cache to check the password for anything that was not previously cached as being the correct password? Dave Quoting Timo Sirainen [EMAIL PROTECTED]: On Wed, 2008-11-19 at 22:17 -0500, David Cunningham wrote: Well, most of my issues are gone with adding auth cache. However, I am having an issue. Sometimes, even though cache incorrect passwords is disabled, Do you mean auth_cache_negative_ttl=0 by this? It only affects user not found caching. new passwords do not work. It would seem that once a user logs in with one password successfully the cache does not automatically retry if the user tries a different passwords. I would think that the auth cache should check to see if the password changed on the ldap server if something other than the cached password is entered. Is this something wrong with my configuraiton, or the auth code itself? The way it should work is that: 1) User logs in with password X which succeeds. 2) Password is changed to Y. 3) User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth succeeded, so it'll do an auth lookup, sees that the password was changed and caches it. But this can also happen: 1) User logs in with password X which succeeds. 2) Password is changed to Y. 3) User logs in with password X, which succeeds. Or: 1) User logs in with password X which succeeds. 2) User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth succeeded, so it'll do an auth lookup and sees that the password wasn't changed. 3) Password is changed to Y. 4) User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth failed, so it doesn't bother doing another lookup. Can you consistently make Dovecot behave differently as described above?
Re: [Dovecot] Error message in logs since 1.1.6 upgrade
On Fri, 2008-11-14 at 16:10 +, Guy wrote: Hi, I've got two imap boxes, one is running 1.1.5 and hasn't exhibited the error below, but the one that's been upgraded to 1.1.6 is showing them. Nov 14 16:06:31 mink dovecot: imap-login: Disconnected (no auth attempts): rip=x.x.x.x, lip=x.x.x.x, TLS handshaking: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac There weren't any SSL related changes between v1.1.5 and v1.1.6. Perhaps you upgraded OpenSSL library or you compiled Dovecot differently? You could verify this not being directly Dovecot's problem by recompiling v1.1.5 and seeing if the same problem happens there now too. Or are you sure this is really even a problem? The above shows the reason why client was disconnected, it doesn't necessarily mean that there's anything wrong on the server side. Perhaps before you just didn't have any broken clients then? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Auth Issues - Urgent - Help!
On Fri, 2008-11-21 at 14:50 -0500, David Cunningham wrote: Is there any way to force the cache to check the password for anything that was not previously cached as being the correct password? Nope. Hmm. Perhaps there should be a different TTL for that. I don't really like adding new settings though. For now you can at least do it by modifying sources: src/auth/passdb-cache.c: if (ret == 0 node-last_success) { Change it to: if (ret == 0) { signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Auth Issues - Urgent - Help!
Wowa, that's easy enough. I will do that the next time that I upgrade in a few weeks. Dave Quoting Timo Sirainen [EMAIL PROTECTED]: On Fri, 2008-11-21 at 14:50 -0500, David Cunningham wrote: Is there any way to force the cache to check the password for anything that was not previously cached as being the correct password? Nope. Hmm. Perhaps there should be a different TTL for that. I don't really like adding new settings though. For now you can at least do it by modifying sources: src/auth/passdb-cache.c: if (ret == 0 node-last_success) { Change it to: if (ret == 0) {
Re: [Dovecot] Disconnecting without unbinding?
On Tue, 2008-11-18 at 15:41 -0500, Maykel Moya wrote: Timo Please have a look at this short thread[1]. That message stops appearing whenever I shutdown dovecot. Dovecot never disconnects LDAP connections. Even when it does that when shutting down, it uses ldap_unbind() to do it. I've no idea why Dovecot would cause those messages to appear in your LDAP server. Perhaps there's a firewall or something in the middle that keeps disconnecting it? Dovecot v1.0 unfortunately doesn't log anything if it loses connection to LDAP server, v1.1+ does. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] PLAIN password scheme question
On Fri, 2008-11-14 at 23:29 +0300, Dmitri V. Ivanov wrote: On Thu, Nov 13, 2008 at 08:16:17PM +0200, Timo Sirainen wrote: v1.1+ supports {plain.b64} or {plain.hex}. As far as I can see (well - grep is used) You are implemented something (I don't untderstand code jet - just from comments within src/auth/password-scheme.c). It seems like to look for .hex,.b64 and .base64, But I'm wrong to find anything about it from wiki or NEWS. I just never remembered to announce it anywhere. Added now to http://wiki.dovecot.org/Authentication/PasswordSchemes signature.asc Description: This is a digitally signed message part
Re: [Dovecot] expire-tool fails if mail_location contains %h
On Tue, 2008-11-04 at 17:36 +0100, Thorsten Vollmer wrote: Hi Timo, not long ago you fixed a bug regarding the expansion of ~/ in mail_location that prevented expire-tool from working correctly. A similar problem exists if mail_location contains %h: expire-tool will use the wrong path to access the mailbox. After replacing %h with ~, expire-tool works as expected. Why are there two variables for the home directory? Maybe the use of %h could be discouraged, sparing you some problems. In earlier versions ~/ expansion didn't work everywhere so %h is used in examples because of that. But nowadays ~/ expansion does work everywhere, so %h is a bit pointless in most places. Also the %h (just like all %variable) expansion happens early in the configuration parsing, so expire-tool can't really be fixed to handle %h. Well, I added a note now to http://wiki.dovecot.org/Variables and removed %h from http://wiki.dovecot.org/MailLocation. I don't really have better ideas how to discourage it. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] make archive emails undeletable?
On Fri, 2008-10-31 at 22:36 -0500, Rob Nichols wrote: I've been using dovecot for a year or two now, and really like it. I have a fairly simple setup, but I think it's time to get a little more advanced. I keep an archive of all my email, both sent and received. Every once in a while I get confused, and accidentally delete something from my archive. I also worry that I'll misconfigure a mail client some day and accidentally wipe out my trash folder. I would like some way to prevent deletion in several mailboxes. Is that possible? It looks like ACL could do this, but I can't quite figure out where to start. Any pointers would be greatly appreciated. There are no recursive ACLs currently, so you'd have to create dovecot-acl file for each mailbox containing something like: owner lrwstipka i.e. removed 'e' and 'x' rights. http://wiki.dovecot.org/ACL tells some more. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Problem witch dovecot-auth continue
On Fri, 2008-11-07 at 11:17 +0100, Grzegorz Zalewski wrote: I`m forgot paste rest of the log: dovecot: 2008-11-07 10:16:44 Panic: auth(default): file auth-worker-server.c: line 54 (auth_worker_idle_timeout): assertion failed: (array_count(conn-requests) == 0) Thanks, this should fix it: http://hg.dovecot.org/dovecot-1.2/rev/b64fb26e3b6f signature.asc Description: This is a digitally signed message part
Re: [Dovecot] mail_privileged_group not working for dotlock files (1.1.6)
Running dovecot 1.1.6 on centOS 5 and RHEL 5. With the settings: pop3_lock_session = yes mail_privileged_group = mail mail_location = mbox:~/:INBOX=/var/spool/mail/%u mbox_read_locks = fcntl mbox_write_locks = dotlock fcntl and /var/spool/mail permissions: drwxrwx--x 2 root mail4096 Nov 19 10:16 mail/ Trying to connect via POP3 results in this error: --- Nov 19 09:31:01 lexiconn2 dovecot: child 32127 (pop3) killed with signal 11 Nov 19 09:31:01 lexiconn2 dovecot: POP3(cerberus): file_lock_dotlock() failed with mbox file /var/spool/mail/xxx: Permission denied Nov 19 09:31:01 lexiconn2 dovecot: pop3-login: Login: user=xxx, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, secured --- The docs seem to indicate the above config / settings should work. Is this a bug? The reason we have dotlock as the primary format is due to procmail LDA from sendmail: --- procmail -v 21|grep Locking Locking strategies: dotlocking, fcntl() --- I assume we have to make the mbox_write_locks match the procmail locking... We can use the workaround: mail_access_groups = mail But we'd prefer to use the safer method of mail_privileged_group to get dotlocking and POP3 mbox working with our current permissions. Just want to make sure we have things setup correctly. Thanks. Rob
Re: [Dovecot] mail_privileged_group not working for dotlock files (1.1.6)
On Fri, 2008-11-21 at 15:45 -0500, Rob Mangiafico wrote: Running dovecot 1.1.6 on centOS 5 and RHEL 5. With the settings: pop3_lock_session = yes mail_privileged_group = mail mail_location = mbox:~/:INBOX=/var/spool/mail/%u What does ~/ expand to? What does mail_debug=yes show? The privileged locking isn't used if INBOX appears under the mail root directory. So if ~/ expands to /, /var, /var/spool or /var/spool/mail, the privileged locking isn't done. Nov 19 09:31:01 lexiconn2 dovecot: child 32127 (pop3) killed with signal 11 Could you get gdb backtrace of this crash? See http://dovecot.org/bugreport.html The reason we have dotlock as the primary format is due to procmail LDA from sendmail: --- procmail -v 21|grep Locking Locking strategies: dotlocking, fcntl() --- I assume we have to make the mbox_write_locks match the procmail locking... Actually it's not necessary. You'll need to have at least one common locking mechanism. Using only fcntl Dovecot would be enough if procmail also uses fcntl. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] nfs_flush_fcntl failed: No locks available
On Mon, 2008-11-10 at 13:32 +, Mark Zealey wrote: Hi there, I've been seeing this error in our logs quite frequently on our nfs storage (v3): 2008-11-10T13:24:26+00:00 mail8 dovecot: IMAP([EMAIL PROTECTED]): nfs_flush_fcntl: fcntl(/var/spool/mail/XXX/Maildir/dovecot.index.cache, F_RDLCK) failed: No locks available Which is because we don't run lockd on our servers. Why is dovecot trying to use fcntl() ? I explicitly set it to use dotlocks in the dovecot config: mail_nfs_*=yes settings try to use fcntl for flushing data cache. There's really no other way to do it on Linux. Although having nano/microsecond resolution timestamps on NFS server probably would make it irrelevant. Hmm. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Occasional messages cause Thunderbird to loop
On Tue, 2008-11-11 at 12:52 -0500, Allen Belletti wrote: I'm not sure if this is something which crept into a recent release of Dovecot, or a problem with T'bird, or something else entirely. I had suspected corrupt messages the first time or two, and was once able to copy such a message into my own Maildir/cur directory and have it fail for me. Since then I've not been able to replicate this feat. I also thought that it might have been the Dovecot indices becoming corrupt but today I tried purging them for an affected user, and the problem still showed up. In addition, for the first time today that user reported a message which originally (as of 6 Nov. 2008) worked fine but today demonstrates the issue. If there's a problem with indexes, Dovecot most likely would have logged an error message. Do you see any errors logged? If anyone has seen anything like this or has suggestions to try, please let me know. If necessary I can go to full debug-logging with Dovecot but I'd prefer to avoid that if possible :) Knowing what Thunderbird and Dovecot talk to each others would be pretty much the only way to know what's going on. http://wiki.dovecot.org/Debugging/Rawlog would help. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Separate quotas not displayed correctly
On Mon, 2008-11-03 at 10:56 +0100, Laurent Blume wrote: Timo Sirainen a écrit : I guess it's more like a non-implemented feature. I'll add to my TODO. Any ETA for it? Even a rough guesstimate. It's part of our requirements for deployment of a new version, just need to reschedule it differently if it's going to be available only a la later date Sorry, I can't really give any dates. It's a very low priority to me. Maybe if/when I happen to do changes there for other reasons.. I almost thought that I would have done it today because getting quota working with shared mailboxes was somewhat related to this, but looks like it wasn't necessary after all. I think it's not going to be a simple code change since there's currently no mailbox - quota root mapping, and this pretty much would require that. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] expire-tool fails if mail_location contains %h
On Fri, 2008-11-21 at 22:26 +0200, Timo Sirainen wrote: On Tue, 2008-11-04 at 17:36 +0100, Thorsten Vollmer wrote: not long ago you fixed a bug regarding the expansion of ~/ in mail_location that prevented expire-tool from working correctly. A similar problem exists if mail_location contains %h: expire-tool will use the wrong path to access the mailbox. After replacing %h with ~, expire-tool works as expected. Why are there two variables for the home directory? Maybe the use of %h could be discouraged, sparing you some problems. In earlier versions ~/ expansion didn't work everywhere so %h is used in examples because of that. But nowadays ~/ expansion does work everywhere, so %h is a bit pointless in most places. Also the %h (just like all %variable) expansion happens early in the configuration parsing, so expire-tool can't really be fixed to handle %h. Well, I added a note now to http://wiki.dovecot.org/Variables and removed %h from http://wiki.dovecot.org/MailLocation. I don't really have better ideas how to discourage it. I think this is sufficient. Thanks for the explanation. Thorsten signature.asc Description: This is a digitally signed message part
Re: [Dovecot] mail_privileged_group not working for dotlock files (1.1.6)
On Fri, 2008-11-21 at 15:45 -0500, Rob Mangiafico wrote: Running dovecot 1.1.6 on centOS 5 and RHEL 5. With the settings: pop3_lock_session = yes mail_privileged_group = mail mail_location = mbox:~/:INBOX=/var/spool/mail/%u What does ~/ expand to? What does mail_debug=yes show? The privileged locking isn't used if INBOX appears under the mail root directory. So if ~/ expands to /, /var, /var/spool or /var/spool/mail, the privileged locking isn't done. From the log file: --- Nov 21 20:29:43 ssy dovecot: auth(default): new auth connection: pid=23472 Nov 21 20:29:46 ssy dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3secured lip=127.0.0.1 rip=127.0.0.1 lport=110 rport=44480 resp=hidden Nov 21 20:29:46 ssy dovecot: auth(default): shadow(rlm,127.0.0.1): lookup Nov 21 20:29:46 ssy dovecot: auth(default): client out: OK 1 user=rlm Nov 21 20:29:46 ssy dovecot: auth(default): master in: REQUEST 2 23349 1 Nov 21 20:29:46 ssy dovecot: auth(default): passwd(rlm,127.0.0.1): lookup Nov 21 20:29:46 ssy dovecot: auth(default): master out: USER2 rlm system_user=rlm uid=500 gid=500 home=/home/rlm Nov 21 20:29:46 ssy dovecot: child 23475 (pop3) killed with signal 11 Nov 21 20:29:46 ssy dovecot: POP3(rlm): Effective uid=500, gid=500 Nov 21 20:29:46 ssy dovecot: POP3(rlm): mbox: data=~/mail:INBOX=/var/spool/mail/rlm Nov 21 20:29:46 ssy dovecot: POP3(rlm): fs: root=/home/rlm/mail, index=, control=, inbox=/var/spool/mail/rlm Nov 21 20:29:46 ssy dovecot: POP3(rlm): file_lock_dotlock() failed with mbox file /var/spool/mail/rlm: Permission denied Nov 21 20:29:46 ssy dovecot: pop3-login: Login: user=rlm, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured ls -al /var/spool/mail/ drwxrwx--x 2 root mail 4096 Nov 21 19:58 ./ dovecot -n # 1.1.6: /usr/local/etc/dovecot.conf # OS: Linux 2.6.20.1 i686 CentOS release 4.7 (Final) protocols: imap imaps pop3 pop3s ssl_cert_file: /usr/share/ssl/certs/sendmail.pem ssl_key_file: /usr/share/ssl/certs/sendmail.pem ssl_cipher_list: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 disable_plaintext_auth: no login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login mail_privileged_group: mail mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u mail_debug: yes mail_full_filesystem_access: yes mmap_disable: yes fsync_disable: yes mail_drop_priv_before_exec: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %08Xv%08Xu auth default: mechanisms: plain login verbose: yes debug: yes passdb: driver: shadow userdb: driver: passwd Could you get gdb backtrace of this crash? See http://dovecot.org/bugreport.html I do not think it is crashing, as no matter what I do, I cannot get core dumps (in /tmp, home dir, etc...): ulimit -c unlimited cat /proc/sys/kernel/core_pattern /tmp/%p The reason we have dotlock as the primary format is due to procmail LDA from sendmail: --- procmail -v 21|grep Locking Locking strategies: dotlocking, fcntl() --- I assume we have to make the mbox_write_locks match the procmail locking... Actually it's not necessary. You'll need to have at least one common locking mechanism. Using only fcntl Dovecot would be enough if procmail also uses fcntl. Ah, ok. I thought the docs implied they had to match exactly. Since we use procmail as an LDA, and occasionally pine (from uw-imap) which I believe supports fcntl, and openwebmail (not sure if fcntl is supported), I think we'll be safe with fcntl locking. Correct? If you need me to test anything else, please let me know. Thanks! Rob
Re: [Dovecot] folder deletion response problem
Wow, That was fast, thanks a lot Timo, it worked fine :) Timo Sirainen wrote: On Fri, 2008-11-21 at 10:19 -0800, Amr Shahin wrote: the problem is that when i try to delete an existing directory in a mailbox, it gets actually deleted, but the response says that the mailbox does not exist, please check this log: Thanks, fixed: http://hg.dovecot.org/dovecot-1.1/rev/940fc5bdebf1 -- Ala'a A. Ibrahim http://www.maktoob.com
[Dovecot] OT: Run Sieve On A Mailbox Manually
(Apologies for being offtopic.) The subject basically says it all...does anyone know of a tool to run a sieve script on a mailbox (in particular, Maildirs) manually? Ideally, I'd like to do it without adding a bunch of new headers to the mail. So, could I just do a find (or for-loop, if it was just one maildir) command and pipe all the mails into deliver..? Thanks, Neil.