Re: [Dovecot] Dovecot handling of over quota messages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 26 Jan 2009, Andrzej Adam Filip wrote: Wasn't the socket map also (mainly?) used for verifying if a user exists? That I have been planning on implementing some day (for last 5 years or so). AFAIR Socket map was originally intended to allow stable sendmail code integration of multitude of databases (mysql,oracle,postgress,...). Which is running pretty well. I'm running my virtuser and Aliases with a socket map server querying (and caching) LDAP and Postgres databases and mangle our myriads of domain aliases. It may be used to: 1a) ask mailbox server with virtual domain (e.g. dovecot) which domain it wants/handles at sendmail daemon startup 1b) reject messages to overquota mailboxes in reply to RCPT TO: (4??/5???) [Cyrus IMAP does not try to detect this message will cross quota] At this point I made no success. The problem I encountered is that with aliases and forwards I don't know the point when to return the failure, meaning there could a another user resolution step to forward the mail along. E.g. .forward files come last, out of reach of the socket map server. 1c) implement aliases It should allow per virtual domain email administrators implemented in dovecot. 1d) allow users to specify at 'RCPT TO:' sieve scripts ?? Huh, Sieve scripts at RCPT TO phase? After modification of sendmail source code socket map may be used to pass to sendmail information about virtual users (uid,gid,$HOME). It should allow: 2a) supporting .forward files *for virtual users* (e.g. ~/.forward.user) You mean by to extend the map-scheme to getpwnam() ? 2b) making sendmail execute deliver program with uid and gid of virtual user - Consider also implementing support for (simple) saslauth protocol together with socket map = it will allow sendmail (without dovecot sasl support) to use/check passwords stored by dovecot in SMTP AUTH. Dunno, but there is already a simple saslauth protocol sendmail can use: IN lenusernamelenpasswordlenservicelenrealm OUT lencode code: OK [reason] NO [reason] Googling for it I found a comment about its history: http://www.opensource.apple.com/darwinsource/10.3/passwordserver_sasl-14/cyrus_sasl/saslauthd/saslauthd.c But as you already pointed out, one needs a getpw*(), too. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSX7HP3WSIuGy1ktrAQLrmQf+MFSGjIIU3S5qP4sursOWDkRmIyj91DW6 qVADgtk0xaYyvWdqKEY4tezWjtBZjsOEiKZOh/RZa47oinlWgUTwDr3peIpGJOTW 5kl/LrtU635pkxXkafqNOeSszNs/GNslIOZbSG9Z6vY05I2hIc4w613UzWQe78JO Xu0PpFcGsvxw3DOHBlXZqQZ4bYAVXfLl0Rqkv9VDI6vE34i9+/T1FzGCFPLtrmCQ sRwr5Tvtn154jQanxGCaOf3CVay4UZZUvFRTvzAxw6P+etRC0fq6HesJsvBWDqOS oinS3jkjgZ1jW/lXIaHQnPx/NJWyW7YuCJ3PfVk2x9ENAn5Gxn4tNA== =L7lG -END PGP SIGNATURE-
[Dovecot] Symlink shared mailboxes and system_user extra field
Hello, I'm trying to set up, as explained in the wiki, shared mailboxes with symlink. I'm running dovecot-1.1.8 with LDAP pass/userdb. The Maildir layout goes like this : /courriel/boites/foobar : Maildir of user foobar (nfs) /courriel/meta/foobar : control files of user foobar (nfs) /var/dovecot/indexes : indexes (locally stored) I created : /courriel/boites/doveshared/.box/ : the Maildir I want to share /courriel/boites/foobar/.box - /courriel/boites/doveshared/.box (symlink) /courriel/boites/foobaz/.box - /courriel/boites/doveshared/.box (symlink) the unix and LDAP group doveshared, so /etc/group holds : doveshared:*:gid:foobar,foobaz the permissions on the real Maildir are ok for that group : drwxrwx--- 3 root doveshared 4096 Jan 26 18:58 /courriel/boites/doveshared drwxrwx--- 5 root doveshared 4096 Jan 26 18:58 .box (in /courriel/boites) I made the userdb (prefetch) return the system_user extra_field (for now, I'm using an used LDAP attribute - I will create a new attribute in my schema later) : pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,,,uidNumber=userdb_uid,gidNumber=userdb_gid,shadowMax=userdb_system_user and it seems to be actually returned : Jan 27 09:34:10 munster3 dovecot: auth(default): ldap(foobar,157.99.64.42): result: uid(user)=foobar uidNumber(userdb_uid)=xxx gidNumber(userdb_gid)=xxx homeDirectory(userdb_home)=/home1/xxx/foobar userPassword(password)=hidden shadowMax(userdb_system_user)=380 But I can't subscribe to the mailbox : stat(/courriel/boites/doveshared/.box/tmp) failed: Permission denied (euid=xxx egid=primary gid) as a matter of fact, the egid seems to be the primary gid. What am I missing ? Thanks. -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Symlink shared mailboxes and system_user extra field
On Tue, Jan 27, 2009 at 09:51:51AM +0100, Thomas Hummel wrote: What am I missing ? Or maybe it's because I cannot implement symlink shared mailboxes without using ACL (I thought ACL were used to fine tune what unix permissions allowed to to) ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
[Dovecot] Dovecot 1.1.10 and chroot
As it's been a while since I upgraded (1.1rc10, jump to 1.1.10), this might be present in earlier versions as well. Anyway, if one enables mail_chroot in global config file, dovecot will try to access /tmp there. Per-user overrides behave correctly. For example, with: mail_chroot=/home/vmail dovecot will abort with: Fatal: chdir(/home/vmail/tmp) failed with uid 65534: No such file or directory Error: imap dump-capability process returned 89 Fatal: Invalid configuration in /etc/dovecot.conf
Re: [Dovecot] Symlink shared mailboxes and system_user extra field
On Tue, Jan 27, 2009 at 09:51:51AM +0100, Thomas Hummel wrote: pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,,,uidNumber=userdb_uid,gidNumber=userdb_gid,shadowMax=userdb_system_user is it the correct way to pass userdb extra field other than home, uid and gid ? Is it supposed to work with prefetch userdb as well ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Dovecot handling of over quota messages
Steffen Kaiser skdove...@smail.inf.fh-brs.de wrote: On Mon, 26 Jan 2009, Andrzej Adam Filip wrote: Wasn't the socket map also (mainly?) used for verifying if a user exists? That I have been planning on implementing some day (for last 5 years or so). AFAIR Socket map was originally intended to allow stable sendmail code integration of multitude of databases (mysql,oracle,postgress,...). Which is running pretty well. I'm running my virtuser and Aliases with a socket map server querying (and caching) LDAP and Postgres databases and mangle our myriads of domain aliases. It may be used to: 1a) ask mailbox server with virtual domain (e.g. dovecot) which domain it wants/handles at sendmail daemon startup 1b) reject messages to overquota mailboxes in reply to RCPT TO: (4??/5???) [Cyrus IMAP does not try to detect this message will cross quota] At this point I made no success. The problem I encountered is that with aliases and forwards I don't know the point when to return the failure, meaning there could a another user resolution step to forward the mail along. E.g. .forward files come last, out of reach of the socket map server. You can use post aliases/forwards rule set (rule set localaddr=5). Make sure sendmail select mailer with F=A (aliasing) and F=5 (use rule set 5). Be warned sendmail *IGNORES* temp codes (4??) generated in this rule set. 1c) implement aliases It should allow per virtual domain email administrators implemented in dovecot. 1d) allow users to specify at 'RCPT TO:' sieve scripts ?? Huh, Sieve scripts at RCPT TO phase? There will be no headers to check, and no body to redirect but IMHO it makes a perfect sense to allow end user *reject* messages at this point using personalized rules. After modification of sendmail source code socket map may be used to pass to sendmail information about virtual users (uid,gid,$HOME). It should allow: 2a) supporting .forward files *for virtual users* (e.g. ~/.forward.user) You mean by to extend the map-scheme to getpwnam() ? Sendmail supports mailbox databases interface with currently provided getpwnam and LDAP incarnations. The best way wild be to code new mbdb taking user data in getpwnam format from sendmail.cf rule set [ the rule set may call socket map]. 2b) making sendmail execute deliver program with uid and gid of virtual user - Consider also implementing support for (simple) saslauth protocol together with socket map = it will allow sendmail (without dovecot sasl support) to use/check passwords stored by dovecot in SMTP AUTH. Dunno, but there is already a simple saslauth protocol sendmail can use: IN lenusernamelenpasswordlenservicelenrealm OUT lencode code: OK [reason] NO [reason] Googling for it I found a comment about its history: http://www.opensource.apple.com/darwinsource/10.3/passwordserver_sasl-14/cyrus_sasl/saslauthd/saslauthd.c But as you already pointed out, one needs a getpw*(), too. I was thinking about allowing cyrus sasl used by sendmail to query dovecot about SMTP AUTH passwords validity using the protocol you have mentioned. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu We fight only when there is no other choice. We prefer the ways of peaceful contact. -- Kirk, Spectre of the Gun, stardate 4385.3
Re: [Dovecot] dovecot 1.2 virtual folders question
Hi Timo Timo Sirainen schrieb: On Jan 26, 2009, at 7:45 PM, Robert Schetterer wrote: is this possible a possible setup ? for downloading imap folders ( including inbox ) with pop3 controlled by a a dovecot-virtual file in usr/local/virtual/%d/%u/ Place that in to e.g.: /etc/dovecot/virtual/INBOX Ahhh understand, done *g namespace private { prefix = virtual/ separator = / location = virtual:/usr/local/virtual/%d/%u:LAYOUT=maildir++ inbox = no } For pop3 to use virtual mailbox you must use something like: namespace private { prefix = virtual/ separator = / location = virtual:/etc/dovecot/virtual:INDEX=~/virtual subscriptions = no } Ok done understand namespace private { separator = / prefix = location=maildir:/usr/local/virtual/%d/%u/:CONTROL=/usr/local/virtual/%d/%u/:INDEX=/usr/local/virtual/%d/%u/ inbox = yes subscriptions = yes list = yes list = no here. done } Then depending on if user is logging in with imap or pop3, set inbox=yes to one of those namespaces. What userdb are you using? You'll anyway need to return something like namespace_0_inbox=yes or ..1.._inbox=yes i am not clear here, you mean i have to change inbox=yes in namespace depend on pop3 or imap login? so this means some split at login process by script etc? like i.e. http://wiki.dovecot.org/PostLoginScripting?highlight=(login) i use sql backend, and have no fields relate to imap or pop3 like this driver = mysql connect = host=localhost dbname=... user=... password=... default_pass_scheme = PLAIN password_query = \ SELECT password \ FROM mailbox WHERE username = '%u' AND active = '1' user_query = SELECT concat('/usr/local/virtual/', maildir) AS home, \ concat('*:bytes=', mailbox.quota) AS quota_rule, \ #when saving to Trash mailbox the user gets additional 50MB Trash:storage=50240 AS quota_rule2, \ #when saving to Sent mailbox the user gets additional 50MB Sent:storage=50240 AS quota_rule3, \ #when saving to Drafts mailbox the user gets additional 50MB Drafts:storage=50240 AS quota_rule4, \ #when saving to Templates mailbox the user gets additional 50MB Templates:storage=50240 AS quota_rule5, \ #when saving to Junk mailbox the user gets additional 50MB Junk:storage=50240 AS quota_rule6, \ #ignore quota on shared #shared:ignore AS quota_rule7, \ concat('maildir:/usr/local/virtual/', maildir) AS mail, \ 1001 AS uid, 1001 AS gid FROM mailbox WHERE username = '%u' AND active = '1' -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] help writeing rule for preventin spam
Charles Marcus wrote: On 1/26/2009 11:51 PM, Sophia Alikhani wrote: Hi I installed qmail-jms1-7.07 + domainkey-patch + simscan + clamav+ dovecot-1.1.7+ vpopmail+ spamassassin I also used Bayes + AWL as database connection in local.cf I don't know how can i stop these type of spam at MTA level (qmail) i wrote a rule in .dovecot.sieve if header :contains [From,To] [%...@mydomain] { discard; stop; } In the real i nedd to stop any mail from a virtual user to him/her self. Again... this is NOT a dovecot problem, it is an MTA (in your case, qmail) problem. You'll need to ask on one of their support lists... I agree with Charles. Though i though about giving you a hint. If you're using jms patch, you might want to look at it's greeting delay and greylist functionalities. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt ap...@fct.unl.pt ci.fct.unl.pt:~# _
[Dovecot] Vacation: Missing file .dovecot.lda-dupes ?
Hello I'm using the vacation feature, but the vacation reply is sent when ever a mail is received. What I want is, that the reply should only be sent one time to each user. My understanding is, that a list of people who have received the vacation message should be stored in the file .dovecot.lda-dupes in the users folder. This file is not present in my users fould. I have tried creating the file, but this makes no difference. Any ideas? Output from dovecot -n: # 1.0.10: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap listen: localhost:143 ssl_listen: *:993 ssl_cert_file: /etc/ssl/certs/XX.crt ssl_key_file: /etc/ssl/private/XX.key ssl_key_password: disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_greeting: System ready. login_process_per_connection: no valid_chroot_dirs: /home/vmail mail_extra_groups: mail mail_location: maildir:/home/vmail/%n/mail:INDEX=/var/indexes/%n maildir_copy_with_hardlinks: yes mail_plugins: quota imap_quota trash imap_client_workarounds: delay-newmail auth default: username_format: %n verbose: yes debug: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth-client mode: 432 user: postfix group: vmail master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: vmail plugin: quota: maildir:storage=10485760 quota2: maildir:user quota trash: /etc/dovecot/dovecot-trash.conf sieve: /home/vmail/%n/.dovecot.sieve Thanks, Tobias
Re: [Dovecot] Symlink shared mailboxes and system_user extra field
On Tue, Jan 27, 2009 at 09:51:51AM +0100, Thomas Hummel wrote: I'm trying to set up, as explained in the wiki, shared mailboxes with symlink. Ok, I'm trying with namespaces and ACL now (it will be cleaner anyway than symlinks) but I'm still missing something : I'm still running dovecot-1.1.8 with LDAP pass/userdb. - The Maildir layout for the private namespace goes like this : /courriel/boites/foobar : Maildir of user foobar (nfs) /courriel/meta/foobar : control files of user foobar (nfs) /var/dovecot/indexes/f/foobar : indexes for user foobar (locally stored) - In the Public/ namespace : /courriel/boites/public/.box/ is the Maildir I want to share - I created the unix and LDAP group doveshared, so /etc/group holds : doveshared:*:gid:foobar,foobaz - The permissions on the Maildir I want to share seem ok for that group : drwxrwx--- 3 root doveshared 4096 Jan 26 18:58 /courriel/boites/public drwxrwx--- 5 root doveshared 4096 Jan 26 18:58 /courriel/boites/public/.box - I made the userdb (prefetch) return the system_user and acl_groups extra fields [temporary hijacking 2 unused LDAP attributes (shadowMax and title)] : pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,,,uidNumber=userdb_uid,gidNumber=userdb_gid,shadowMax=userdb_system_user,title=userdb_acl_groups - the title LDAP attributes holds a comma separated list of groups, one beeing the doveshared group : title: xxx,doveshared - the maildir I want to share holds 2 files : -rwxrwx--- 1 root doveshared28 Jan 27 11:35 dovecot-acl -rwxrwx--- 1 root doveshared 0 Jan 26 18:25 dovecot-shared with dovecot-acl holding : group=doveshared lrwstiekxa Here are the relevant part of my dovecot.conf : namespace public { separator = / prefix = Public/ location = maildir:/courriel/boites/public/.box inbox = no hidden = no list = yes subscriptions = yes } That setup doesn't seem to work (I just see the Public folder in the Thunderbird subscrition list but that'all). I have several questions : 1) is the namespace prefix case sensitive (i.e. does the unix corresponding directory have to match its case ? It seems to me it isn't. 2) is the way I return userdb (which is prefetch) system_user and acl_groups correct ? 3) is my location correct (it points to the maildir itself instead of the public directory) ? 4) what did I miss : opendir(/courriel/boites/public/.box) failed: Permission denied Thanks -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] v1.1.10 released
Timo Sirainen wrote: http://dovecot.org/releases/1.1/dovecot-1.1.10.tar.gz http://dovecot.org/releases/1.1/dovecot-1.1.10.tar.gz.sig v1.1.9 wasn't such a great release. Once again: Would be great if someone started a proper testing suite so releases could be tested.. - Maildir: Keyword handling was somewhat broken in v1.1.9 - userdb prefetch was broken with blocking passdbs in v1.1.9 - dict process didn't always die with the rest of Dovecot - dict quota was somewhat broken with pgsql Version 1.1.10 fixed the problem I was seeing. Thanks! -- Love feeling your best ever, all day, every day? Click http://RadicalHealth.com/join for the easy way.
Re: [Dovecot] No Spaces in Directory names
Matt Rude wrote, On 1/25/09 10:49 PM: How can I make it so my users can not create folders with spaces in them? Or allow them to create such folders but rewrite them on the hardrive with a _ or some other symbol. I have looked threw the wiki but couldn't find anything about folder name restrictions or folder name rewriting (rewrite the space to a _). That is probably in large part due to it being a very bad idea. As the first break point for that approach: what happens when a user wants to put a real '_' in a name? Im having problems with some of the expire and compress scripts when it hits these types of folders. You need to fix those scripts. Breaking because a file or directory name has a space in it is a warning sign about the care taken in a script and it is almost certain that if those scripts don't work with spaces in names, they will also break with other technically achievable names. There's a real chance that the breakage is an exploitable weakness in the scripts, with spaces in names being the most benign attack.
Re: [Dovecot] managesieve proxy cyrus
Mathieu Kretchner wrote: Hello all, I've configured a dovecot server in proxy mode. It seems to work well but. I've tested managesieve with squirrelmail and it's working correctly but I can't connect to cyrus sieve server : timsieved First of all, what versions are you using? How is it all configured? Do the Dovecot and Cyrus logs contain anything useful? Does anybody here have configure a sieve proxy to do this ? Your setup is a bit odd. I haven't tried this ever and doubt anyone else has. The proxying feature is mainly implemented with Dovecot back-ends in mind. In an ideal world this should work however, so there is a possibility that the Dovecot proxy is not working properly. Or is it a normal behavior and dovecot sieve proxy can't speak with cyrus sieve ? Theoretically, this setup should be possible. However, the protocol specification is unfortunately not always followed to the letter. Also, Cyrus possibly does not allow you to login with the SASL PLAIN mechanism (the only one supported for proxying now). This seems unlikely though, since the IMAP proxy does work. Without more information I can only guess what is going on. Could you sniff the communication between Dovecot and Cyrus (e.g. using ngrep)? Perhaps, if it is not too much trouble, I can make it work... Regards, Stephan
[Dovecot] discrete passdb lookups for dovecot-auth
hi- i'm using ldap for user authentication, and would like to use different ldap lookups for authentication happening via postfix (smtp auth) vs. authentication happening through dovecot (imap logins). how can this be done, without running multiple instances? thanks! -bt
Re: [Dovecot] managesieve proxy cyrus
On Tue, 2009-01-27 at 18:04 +0100, Mathieu Kretchner wrote: I think you've right, I've done some tcpdump and don't see a lot of thing but there is some data on the 2000 port of my cyrus server. But I realy wonder if the SASL PLAIN mechanism is the key of the problem ? telnet imap-serv sieve Trying 138.XX.XX.XX... Connected to imap-serv. Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v2.2.12 SASL PLAIN SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex STARTTLS OK If I configure my remote squirrelmail to directly access to my cyrus server, it works ! But as soon as I plug squirrelmail on the proxy it's crashing ... Does Squirrelmail try to use STARTTLS? Having full session traffic logs of when Squirrelmail is logging into Dovecot proxy and when logging into Cyrus proxy would be helpful (ngrep, wireshark, etc). If Squirrelmail uses STARTTLS, this doesn't really work though (but at least the logs will reveal that it is doing STARTTLS). Also if it is doing that, perhaps the issue is SASL PLAIN after all, since Dovecot proxy won't do STARTTLS to the Cyrus. Also if you set auth_debug=yes, what do you see in Dovecot logs when attempting to log in? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] managesieve proxy cyrus
I've tried to take some data with tethereal : The only data I'm able to see between cyrus and dovecot (without protocol noise) : Data (41 bytes) 41 55 54 48 45 4e 54 49 43 41 54 45 20 22 50 4c AUTHENTICATE PL 0010 41 49 4e 22 20 22 41 47 6c 74 59 58 41 79 41 47 AIN AGltYXAyAG 0020 6c 74 59 58 41 79 22 0d 0altYXAy.. Data (22 bytes) 4f 4b 20 22 4c 6f 67 6f 75 74 20 43 6f 6d 70 6c OK Logout Compl 0010 65 74 65 22 0d 0a ete.. As you told me, the problem seems to be at authentication time. Whereas I've found this in my imapd.conf of cyrus server : # for sieveshell sasl_mech_list: PLAIN And in order to have a reference: between dovecot proxy and imap dovecot : Data (41 bytes) 41 55 54 48 45 4e 54 49 43 41 54 45 20 22 50 4c AUTHENTICATE PL 0010 41 49 4e 22 20 22 41 47 6c 74 59 58 41 78 41 47 AIN AGltYXAxAG 0020 6c 74 59 58 41 78 22 0d 0altYXAx.. Data (17 bytes) 4f 4b 20 22 4c 6f 67 67 65 64 20 69 6e 2e 22 0d OK Logged in.. 0010 0a. Data (12 bytes) 43 41 50 41 42 49 4c 49 54 59 0d 0a CAPABILITY.. Mathieu Kretchner wrote: Stephan Bosch wrote: Mathieu Kretchner wrote: Hello all, I've configured a dovecot server in proxy mode. It seems to work well but. I've tested managesieve with squirrelmail and it's working correctly but I can't connect to cyrus sieve server : timsieved First of all, what versions are you using? How is it all configured? Do the Dovecot and Cyrus logs contain anything useful? I've to do a migration between cyrus and dovecot so we have choosen to use dovecot (1.1.8) proxy in front of an old cyrus 2.2.12 and our new dovecot server. Does anybody here have configure a sieve proxy to do this ? Your setup is a bit odd. I haven't tried this ever and doubt anyone else has. The proxying feature is mainly implemented with Dovecot back-ends in mind. In an ideal world this should work however, so there is a possibility that the Dovecot proxy is not working properly. Or is it a normal behavior and dovecot sieve proxy can't speak with cyrus sieve ? Theoretically, this setup should be possible. However, the protocol specification is unfortunately not always followed to the letter. Also, Cyrus possibly does not allow you to login with the SASL PLAIN mechanism (the only one supported for proxying now). This seems unlikely though, since the IMAP proxy does work. I think you've right, I've done some tcpdump and don't see a lot of thing but there is some data on the 2000 port of my cyrus server. But I realy wonder if the SASL PLAIN mechanism is the key of the problem ? telnet imap-serv sieve Trying 138.XX.XX.XX... Connected to imap-serv. Escape character is '^]'. IMPLEMENTATION Cyrus timsieved v2.2.12 SASL PLAIN SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex STARTTLS OK If I configure my remote squirrelmail to directly access to my cyrus server, it works ! But as soon as I plug squirrelmail on the proxy it's crashing ... Thank you for your help Without more information I can only guess what is going on. Could you sniff the communication between Dovecot and Cyrus (e.g. using ngrep)? Perhaps, if it is not too much trouble, I can make it work... Regards, Stephan begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2004 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX email;internet:mathieu.kretch...@sophia.inria.fr tel;work:04 92 38 76 67 x-mozilla-html:FALSE version:2.1 end:vcard
Re: [Dovecot] v1.1.10 released
On Tue, 2009-01-27 at 11:21 -0600, Eric Rostetter wrote: Quoting Timo Sirainen t...@iki.fi: Something automated. There are several different testing possibilities actually. Unit tests is one thing. Last time I brought this up, it lead to so much endless arguing/debate over what type of testing to use, what toolset to use, etc. that nothing ever happened. Why don't I remember the arguing? :) Maybe I was just following to see what's going to be the result and it eventually died out and I thought people just lost interest. I'd still be willing to do unit tests, if there is no longer any arguments from others to stop it. I'm open to suggestions as to tools to use and such as long as it isn't a flame war... I've already written some unit tests in src/tests/. I don't really care if you continue them the way I started or use some other toolset. And unless someone else is also willing to actually write the tests, I don't think you should care all that much about their arguing. signature.asc Description: This is a digitally signed message part
[Dovecot] (imap) killed with signal 9 on Linux/OpenVZ VPS
I'm trying to get dovecot running on my VPS and the main imap process is receiving a SIGKILL from what I presume to be the Linux Kernel and/or OpenVZ. This happens after I login and my client(s) just sit their idling. The mailbox is empty. I'm not running out of memory. stracing the process doesn't show anything interesting... ... gettimeofday({1233024777, 844804}, {420, 0}) = 0 gettimeofday({1233024777, 844912}, NULL) = 0 poll([{fd=4, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=2, events=POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 3, 1) = -1 EINTR (Interrupted system call) +++ killed by SIGKILL +++ This is on a CentOS 5.2 VPS. I haven't changed much other than installing a few packages. I've also had this exact same problem on Debian 4.0 VPS (OpenVZ) under the same machine. Turning off SSL and logging in plain old IMAP didn't change anything. Under the Debian installation I tried the latest version of dovecot (1.1.8 or so), different I/O loop methods, turning them off, on, etc. The only other reference via Google I can find to this sort of problem is: http://www.dovecot.org/list/dovecot/2007-December/027440.html But that was with the login process, whereas mine is with the imap daemon. Any help is greatly appreciated. Adam # uname -a Linux npjh.com 2.6.18-ovz028stab039.1-smp #1 SMP Tue Jul 24 12:12:48 MSD 2007 i686 i686 i386 GNU/Linux # dovecot -n # 1.0.7: /etc/dovecot.conf log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-info.log protocols: imaps ssl_cert_file: /etc/ssl/certs/mail.pem ssl_key_file: /etc/ssl/private/mail.key disable_plaintext_auth: yes login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login login_processes_count: 2 mail_location: maildir:~/Maildir maildir_copy_with_hardlinks: yes namespace: type: private separator: . prefix: INBOX. inbox: yes auth default: mechanisms: digest-md5 cram-md5 login plain passdb: driver: passwd-file args: /etc/dovecot/passwd userdb: driver: static args: uid=vmail gid=vmail home=/home/vmail/%u socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 user: postfix group: postfix # free total used free sharedbuffers cached Mem:256000 75100 180900 0 0 0 -/+ buffers/cache: 75100 180900 Swap:0 0 0
Re: [Dovecot] (imap) killed with signal 9 on Linux/OpenVZ VPS
On Mon, 2009-01-26 at 22:07 -0500, Adam Flott wrote: I'm trying to get dovecot running on my VPS and the main imap process is receiving a SIGKILL from what I presume to be the Linux Kernel and/or OpenVZ. This happens after I login and my client(s) just sit their idling. The mailbox is empty. See if it helps to set mail_process_size=0 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] discrete passdb lookups for dovecot-auth
On Tue, 2009-01-27 at 11:54 -0500, benjamin thielsen wrote: hi- i'm using ldap for user authentication, and would like to use different ldap lookups for authentication happening via postfix (smtp auth) vs. authentication happening through dovecot (imap logins). how can this be done, without running multiple instances? Unfortunately currently you can't. The best you can do is to use %s in the ldap filters or base, but that probably won't be enough for you. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v1.1.10 released
As someone once pointed out to me when I was on a jihad for error-checking/returning in a code development project, it's the things that you *know* might break that you can slow down your code by putting RC evals (evals are always very, very slow) to report on, but you generally check for them *anyway* in your testing process...so why put them in?it's the stuff that you never thought of (and couldn't put RC checking in for) that will break and bite you in the ass and leave you wondering WTF is going on Timo Sirainen wrote: On Tue, 2009-01-27 at 11:21 -0600, Eric Rostetter wrote: Quoting Timo Sirainen t...@iki.fi: Something automated. There are several different testing possibilities actually. Unit tests is one thing. Last time I brought this up, it lead to so much endless arguing/debate over what type of testing to use, what toolset to use, etc. that nothing ever happened. Why don't I remember the arguing? :) Maybe I was just following to see what's going to be the result and it eventually died out and I thought people just lost interest. I'd still be willing to do unit tests, if there is no longer any arguments from others to stop it. I'm open to suggestions as to tools to use and such as long as it isn't a flame war... I've already written some unit tests in src/tests/. I don't really care if you continue them the way I started or use some other toolset. And unless someone else is also willing to actually write the tests, I don't think you should care all that much about their arguing. -- Once upon a time, the Internet was a friendly, neighbors-helping-neighbors small town, and no one locked their doors. Now it's like an apartment in Bed-Stuy: you need three heavy duty pick-proof locks, one of those braces that goes from the lock to the floor, and bars on the windows Stewart Dean, Unix System Admin, Bard College, New York 12504 sd...@bard.edu voice: 845-758-7475, fax: 845-758-7035
Re: [Dovecot] dotlock timestamp trouble
Looks like bad news. :( I've run nfstest to look for problems. The output is attached. I'm not sure, but it looks like a bad nfs environment. 2009/1/25 Timo Sirainen t...@iki.fi 2.6.9 is old and there are several NFS bugs in older 2.6 kernels. So I'd try upgrading. I've really no idea what else could be the problem. On Fri, 2009-01-23 at 11:29 -0200, Giorgenes Gelatti wrote: Is there any know issue about it on kernel 2.6.9 (centos)? Any other mount options I could try? Thank you. 2009/1/21 Giorgenes Gelatti giorge...@gmail.com Dovecot is running on a linux machine (2.6 kernel). The nfs was mounted as: nfs rw,vers=3,proto=tcp,intr,nolock,noexec,rsize=8192,wsize=8192 0 0 After your hint we added the noac flag: nfs rw,vers=3,proto=tcp,intr,nolock,noexec,noac,rsize=8192,wsize=8192 0 0 But the error continues with differences of 120 and 60 seconds. Thanks for the reply, gpg 2009/1/20 Timo Sirainen t...@iki.fi On Tue, 2009-01-20 at 14:36 -0200, Giorgenes Gelatti wrote: Created dotlock file's timestamp is different than current time (1232468644 vs 1232468524): /path/to/dovecot.index.log The IT guy swears the clocks are sincronized. the difference in the above message is exactly 120 seconds. Are they all 120 seconds? I'm using dovecot 1.1.6 over NFS. Any thoughts? What OS are you using on the NFS clients? Perhaps this is a caching issue, have you tried changing/disabling attribute cache timeouts? # ./nfstest 7070 /nfs/mail01ns03/arquivo Listening for client on port 7070.. Connected: Acting as test server Listening for client on port 7070.. # ./nfstest 10.235.200.126 7070 /nfs/mail01ns03/arquivo Connected: Acting as test client EIO errors happen on read() - fchown() returned ESTALE O_EXCL appears to be working, but this could be just faked by NFS client timestamps resolution: seconds Testing file attribute cache.. Attr cache flush open+close: OK Attr cache flush close+open: OK Attr cache flush fchown(-1, -1): failed Attr cache flush fchown(uid, -1): OK Attr cache flush fchmod(mode): OK Attr cache flush chown(-1, -1): failed Attr cache flush chown(uid, -1): OK Attr cache flush chmod(mode): OK Attr cache flush rmdir(): failed Attr cache flush rmdir(parent dir): failed Attr cache flush dup+close: OK Attr cache flush fcntl(shared): OK Attr cache flush fcntl(exclusive): OK Attr cache flush flock(shared): failed Attr cache flush flock(exclusive): failed Attr cache flush fsync(): failed Attr cache flush fcntl(O_SYNC): failed Attr cache flush O_DIRECT: failed Testing data cache.. Data cache flush no caching: failed Data cache flush open+close: failed Data cache flush close+open: failed Data cache flush fchown(-1, -1): failed Data cache flush fchown(uid, -1): failed Data cache flush fchmod(mode): failed Data cache flush chown(-1, -1): failed Data cache flush chown(uid, -1): failed Data cache flush chmod(mode): failed Data cache flush rmdir(): failed Data cache flush rmdir(parent dir): failed Data cache flush dup+close: failed Data cache flush fcntl(shared): OK Data cache flush fcntl(exclusive): OK Data cache flush flock(shared): failed Data cache flush flock(exclusive): failed Data cache flush fsync(): failed Data cache flush fcntl(O_SYNC): failed Data cache flush O_DIRECT: OK Testing write flushing.. Write flush no caching: failed Write flush open+close: OK Write flush close+open: OK Write flush fchown(-1, -1): failed Write flush fchown(uid, -1): OK Write flush fchmod(mode): OK Write flush chown(-1, -1): failed Write flush chown(uid, -1): OK Write flush chmod(mode): OK Write flush rmdir(): failed Write flush rmdir(parent dir): failed Write flush dup+close: OK Write flush fcntl(shared): OK Write flush fcntl(exclusive): OK Write flush flock(shared): failed Write flush flock(exclusive): failed Write flush fsync(): OK Write flush fcntl(O_SYNC): failed Write flush O_DIRECT: OK Testing partial writing.. Failed at [0] Testing file handle cache.. File handle cache flush no caching: failed File handle cache flush open+close: failed File handle cache flush close+open: failed File handle cache flush fchown(-1, -1): failed File handle cache flush fchown(uid, -1): OK File handle cache flush fchmod(mode): OK File handle cache flush chown(-1, -1): failed File handle cache flush chown(uid, -1): OK File handle cache flush chmod(mode): OK File handle cache flush rmdir(): failed File handle cache flush rmdir(parent dir): failed File handle cache flush dup+close: failed File handle cache flush fcntl(shared): failed fcntl(setlk, write) failed: Bad file descriptor File handle cache flush fcntl(exclusive): failed File handle cache flush flock(shared): failed File handle cache flush flock(exclusive): failed File handle cache flush fsync(): failed File handle cache flush fcntl(O_SYNC): failed fcntl(/nfs/mail01ns03, O_DIRECT) failed: Invalid argument File handle cache flush O_DIRECT: failed Testing negative file
Re: [Dovecot] (imap) killed with signal 9 on Linux/OpenVZ VPS
On Tue, 27 Jan 2009, Timo Sirainen wrote: On Mon, 2009-01-26 at 22:07 -0500, Adam Flott wrote: I'm trying to get dovecot running on my VPS and the main imap process is receiving a SIGKILL from what I presume to be the Linux Kernel and/or OpenVZ. This happens after I login and my client(s) just sit their idling. The mailbox is empty. See if it helps to set mail_process_size=0 Still no luck. Also, /proc/user_beancounters (http://wiki.openvz.org/Proc/user_beancounters), shows 0 for all the failcnts.
Re: [Dovecot] imap flags - \* - dovecot 1.1.{8,9}
On Monday 26 of January 2009, Arkadiusz Miskiewicz wrote: Isn't \* supposed to be (almost always) in flags after SELECT command in dovecot imap? According to source code it should be there if mailbox is writtable and mine is (20 OK [READ-WRITE] Select completed.). Something broken there? # dovecot -n # 1.1.10: /etc/dovecot/dovecot.conf Warning: fd limit 1024 is lower than what Dovecot can use under full load (more than 2304). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: Linux 2.6.25.12-1 x86_64 xfs protocols: imap imaps pop3 pop3s listen(default): *:143 listen(imap): *:143 listen(pop3): *:10110 ssl_listen(default): *:993 ssl_listen(imap): *:993 ssl_listen(pop3): *:10995 ssl_cert_file: /etc/openssl/certs/cert.pem ssl_key_file: /etc/openssl/certs/key.pem disable_plaintext_auth: no shutdown_clients: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib64/dovecot/imap-login login_executable(imap): /usr/lib64/dovecot/imap-login login_executable(pop3): /usr/lib64/dovecot/pop3-login login_greeting: Mail server ready. max_mail_processes: 2048 verbose_proctitle: yes first_valid_uid: 1500 first_valid_gid: 1500 mail_location: maildir:/var/mail/%Lu:CONTROL=/var/lib/dovecot/control/%Lu fsync_disable: yes mail_executable(default): /usr/lib64/dovecot/imap mail_executable(imap): /usr/lib64/dovecot/imap mail_executable(pop3): /usr/lib64/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): zlib mail_plugin_dir(default): /usr/lib64/dovecot/plugins/imap mail_plugin_dir(imap): /usr/lib64/dovecot/plugins/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/plugins/pop3 imap_client_workarounds(default): outlook-idle imap_client_workarounds(imap): outlook-idle imap_client_workarounds(pop3): pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %Mf pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh namespace: type: private separator: . prefix: INBOX. inbox: yes list: yes subscriptions: yes auth default: mechanisms: plain login digest-md5 cram-md5 ntlm rpa apop user: nobody username_chars: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz01234567890...@= username_translation: @= passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen master: path: /var/run/dovecot/auth-master mode: 432 user: mail group: mail plugin: quota: fs:User quota:user quota2: fs:Group quota:group -- Arkadiusz MiśkiewiczPLD/Linux Team arekm / maven.plhttp://ftp.pld-linux.org/
Re: [Dovecot] (imap) killed with signal 9 on Linux/OpenVZ VPS
On Tue, 2009-01-27 at 14:13 -0500, Adam Flott wrote: On Tue, 27 Jan 2009, Timo Sirainen wrote: On Mon, 2009-01-26 at 22:07 -0500, Adam Flott wrote: I'm trying to get dovecot running on my VPS and the main imap process is receiving a SIGKILL from what I presume to be the Linux Kernel and/or OpenVZ. This happens after I login and my client(s) just sit their idling. The mailbox is empty. See if it helps to set mail_process_size=0 Still no luck. Does dmesg show anything? If not, I've no idea. signature.asc Description: This is a digitally signed message part
[Dovecot] Old Thunderbird problem - need a fix
I've been having a Dovecot/Thunderbird problem for about a year now and I need a fix. When I restart dovecot everything is fine but as the day progresses thing start deteriorating. When I empty my trash folder it doesn't empty. I get an indication that email has arrived in my inbox by the unread message count but can't access it. Messages arrive by appear to be empty. Folders that should be empty still have message counts showing. With all of the above problems - restarting dovecot make them all go away. I am doing something unusual in that I use Exim to directly deliver (maildir) to the inbox and other folders. And I have processes that take email out of certain folders (spam learning). Whatever the problem is I think that when I restart Dovecot I'm forcing Thunderbird to reconnect. Perhaps the solution is to somehow force Thunderbird to have to reconnect every time rather than have a persistent connection? Looking for suggestions. Thanks in advance.
Re: [Dovecot] imap flags - \* - dovecot 1.1.{8,9}
On Tue, 2009-01-27 at 20:14 +0100, Arkadiusz Miskiewicz wrote: On Monday 26 of January 2009, Arkadiusz Miskiewicz wrote: Isn't \* supposed to be (almost always) in flags after SELECT command in dovecot imap? According to source code it should be there if mailbox is writtable and mine is (20 OK [READ-WRITE] Select completed.). Something broken there? Fixed: http://hg.dovecot.org/dovecot-1.1/rev/741b32441131 Wonder if I should do yet another release because of this.. Maybe I'll wait a few more days in case other bugs pop up. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v1.1.10 released
Quoting Timo Sirainen t...@iki.fi: I've already written some unit tests in src/tests/. I don't really care if you continue them the way I started or use some other toolset. And What branch(es) should I write them for (1.0, 1.1, and/or 1.2). If multiple branches, which is most important? unless someone else is also willing to actually write the tests, I don't think you should care all that much about their arguing. How to submit them (mercurial access, patches to you or the list, or some other way). I check out the mercurial repos and see what is there, and see what I can do... -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns!
Re: [Dovecot] v1.1.10 released
On Tue, 2009-01-27 at 14:20 -0600, Eric Rostetter wrote: Quoting Timo Sirainen t...@iki.fi: I've already written some unit tests in src/tests/. I don't really care if you continue them the way I started or use some other toolset. And What branch(es) should I write them for (1.0, 1.1, and/or 1.2). If multiple branches, which is most important? v1.2, since that's where all the new code goes. I guess they could be backported to v1.1 also but I don't see it as important. I'm hoping for a soonish v1.2.0 release and after that v1.1 won't have as much changes anymore. unless someone else is also willing to actually write the tests, I don't think you should care all that much about their arguing. How to submit them (mercurial access, patches to you or the list, or some other way). hg export patches or hg bundles would be best I think. I'm not sure if they should go to list or not. Depends on if anyone else wants to see them, but since there's already dovecot-cvs list I'm guessing private mails to me would be ok.. Or perhaps the first few could be sent to this list in case someone has suggestions how something could be done better. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] deliver and qmail
On Tue, 2009-01-27 at 12:05 -0800, Tim Traver wrote: Timo or anyone, any insight into this??? Not really. There is currently no parameter to set home directory, maybe v1.3's config rewrite could help in future. I really just want to tell dovecot's deliver where the home directory is without having to fork another process to do it. I may be able to create a shell script that set the env variable and then launched deliver, but that's another fork that I'd rather not have, and since I already know the home dir when I set up the .qmail-user file, I'd rather just set it... A shell script doesn't have to fork deliver, just exec it. help... Tim. Tim Traver wrote: Hi all, ok, after looking at all of the posts that I've found, and trying numerous settings, I am a little stumped as to how to set up the deliver program with qmail to get everything correct. Ultimately, I really don't want to do a lookup of the home dir if I don't have to. I'd rather specify the stuff in the .qmail-user file for that particular user to avoid the extra step. In looking in the wiki, it says for users without a lookup to use HOME=/path/to/user/homedir deliver -f $FROM_ENVELOPE but I can't do that in the .qmail file, which would normally look something like this : |/var/qmail/bin/preline -f /usr/local/libexec/dovecot/deliver -f ${SENDER:-} I would rather not do the master authentication socket as described for obvious reasons. is there a format in the .qmail file that I can use with deliver to achieve what I want??? Thanks, Tim. signature.asc Description: This is a digitally signed message part
[Dovecot] Config rewrite for v1.3
Still broken, but I committed the current changes to http://hg.dovecot.org/dovecot-config-rewrite/ The idea is something like: - src/config/ contains a doveconf binary which can be used to dump the current configuration. It's the only binary that reads dovecot.conf directly. Currently the code is kind of ugly because I wanted it to be able to parse the existing v1.2 dovecot.conf which required some kludging around. Perhaps in v2.0 the dovecot.conf could have larger changes and these kludges could be removed. - master currently executes doveconf 3 times: for default settings, for imap settings, for pop3 settings. The result is saved into an array of KEY=value pairs in an array. Eventually they're still sent to child processes via environment. This sending via environment is again mainly for backwards compatibility with post-login scripts. Although they are useful there, so I'm not sure if it should be kept that way. Although post-login scripting doesn't really work anymore with Apple's multiple-connections-per-mail-process code, so perhaps that needs some rethinking in any case.. - deliver also currently forks and executes doveconf. I hate this. But I don't like the alternative of having a libconfig that deliver could use to read the configuration inside the binary as is done now, because then it's not as easy anymore to update the doveconf binary (or replace it entirely). But I'm thinking about making doveconf a long running process and deliver could ask configuration from it via UNIX socket if it's running and fallback to forking doveconf. The last possibility would be not to fork, but instead just have doveconf exec() deliver, so either something like doveconf -e deliver -deliver-params or if calling deliver directly it could exec() doveconf which would then exec() deliver back. Hmm. Perhaps this is actually better than forking? - %variable expansion is somewhat broken with imap/pop3, but works with deliver. The annoying thing about this is that %vars from doveconf should be expanded, but if userdb returns anything containing %vars they shouldn't be (because e.g. home directory could contain %). So either master should expand everything internally or it should somehow tell child processes about what to expand and what not. It can't really expand everything because it doesn't know all the settings that should be expanded. So that only leaves the possibility of telling child process what to expand. One possibility is to prefix each environment with e.g. 0 or 1 specifying if it should be expanded. This would break all existing postlogin scripts and in general would make it kind of ugly. Another possibility would be to have an environment that lists the settings that shouldn't be expanded. Perhaps that would work better, although if postlogin script changes/adds environments they'd also potentially have to modify that environment too. - Plugins will probably have to keep using something similar to getenv() to get their settings. It would be possible to have them use the nice new pre-filled settings structures, but that would require configuration changes. For example instead of quota=.. quota2=.. you'd have two quota {} blocks. Probably better to leave that change to v2.0. - I'm not entirely sure where all the setting verifications should go. Having them done by master when starting up is nice because it can give error messages immediately and write them to screen, instead of having to look them up from the log. Or when reloading configuration it can cancel it if the new configuration isn't ok. Maybe doveconf could do the checks. Maybe the verifications could go to all the different *settings.c files where they logically belong to, and then the build scripts would copy those functions to doveconf code where it could check all of them when the config is being read. The only annoying thing is that this then required doveconf to be run as root so that it can do all the access() etc. checks. But maybe that's not too bad. signature.asc Description: This is a digitally signed message part