Re: [Dovecot] setgid error
On 23. mai. 2009, at 22.46, Timo Sirainen wrote: On May 23, 2009, at 9:14 AM, Roy Sigurd Karlsbakk wrote: deliver(r...@somedomain.com): 2009-05-23 15:02:52 Fatal: setgid(115) failed with euid=115, gid=114, egid=114: Operation not permitted You start deliver with wrong group (114 instead of 115). What does your Postfix configuration for deliver look like? See postfix config below. Postfix seems to be run by the postfix user (not mail, as I thought). How can I change deliver to be run as the right group? roy smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no append_dot_mydomain = no myhostname = eventchief.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = localhost.localdomain, localhost.localdomain, localhost, eventchief.com mynetworks = 127.0.0.0/8 mailbox_command = procmail -a $EXTENSION mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all mailbox_transport = dovecot local_recipient_maps = smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_recipient, reject_unauth_destination, check_policy_service inet:127.0.0.1:6 permit -- Roy Sigurd Karlsbakk (+47) 97542685 / 98013356 r...@karlsbakk.net http://blogg.karlsbakk.net/ -- I all pedagogikk er det essensielt at pensum presenteres intelligibelt. Det er et elementært imperativ for alle pedagoger å unngå eksessiv anvendelse av idiomer med fremmed opprinnelse. I de fleste tilfeller eksisterer adekvate og relevante synonymer på norsk.
[Dovecot] Some questions about deliver
While investigating Dovecot's deliver with Postfix, I encountered some behaviors making me wonder whether I really understand the purpose of that binary. So, if you allow... This is from Postfix' main.cf: mailbox_command = /usr/local/dovecot/libexec/dovecot/deliver -e -n This is my quick setup for Dovecot: # 1.2.rc4: /usr/local/etc/dovecot.conf # OS: Darwin 9.7.0 i386 protocols: pop3 ssl: no disable_plaintext_auth: no login_dir: /usr/local/var/run/dovecot/login login_executable: /usr/local/dovecot-1.2.rc4/libexec/dovecot/pop3- login first_valid_uid: 2001 mail_location: mbox:~/_mailboxes:INBOX=~/_inbox/mailspool mbox_read_locks: flock mbox_write_locks: flock dotlock mail_executable: /usr/local/dovecot-1.2.rc4/libexec/dovecot/pop3 mail_plugin_dir: /usr/local/dovecot-1.2.rc4/lib/dovecot/pop3 pop3_lock_session: yes pop3_uidl_format: %08Xv%08Xu auth default: passdb: driver: pam args: * userdb: driver: passwd Here is an excerpt from mail.log: postfix/smtpd[4117]: connect from localhost[127.0.0.1] postfix/smtpd[4117]: 163E1CA2675: client=localhost[127.0.0.1] postfix/cleanup[4120]: 163E1CA2675: message-id=27002a3f-af44-410d-a500-368d04f5f...@almbp.local postfix/qmgr[3232]: 163E1CA2675: from=testu...@almbp.local, size=2650, nrcpt=1 (queue active) dovecot[4129]: deliver(www): mail_location: mbox: mkdir(/Library/ WebServer/_mailboxes) failed: Permission denied (euid=70(_www) egid=70(_www) missing +w perm: /Library/WebServer) dovecot[4129]: deliver(www): Fatal: Namespace initialization failed postfix/local[4122]: 163E1CA2675: to=w...@almbp.local, relay=local, delay=0.09, delays=0.02/0/0/0.07, dsn=4.3.0, status=deferred (temporary failure) postfix/smtpd[4117]: disconnect from localhost[127.0.0.1] 1. Shouldn't deliver honor the first_valid_uid setting? After all, if some user isn't allowed to login, is that user supposed to receive mail? 2. What exactly is the -e option supposed to do? User _www clearly isn't configured for receiving mail, but Postfix will nevertheless try to deliver the message until maximal_queue_lifetime has expired. From the log excerpt, it appears that Postfix has been led to consider a temporary failure; unless I'm wrong, that's because Postfix didn't receive neither a D.S.N text string nor an EX_* fatal return code. From deliver.c, it seems that many calls to i_fatal() are liable to be executed before the -e option is taken into account (through the local variable stderr_rejection). As a result, I'm wondering under which circumstances exactly deliver is liable to return EX_NOPERM, so that Postfix may consider a permanent failure and bounce the message. Note that the question may somehow be re-phrased as: when invoked without the -e option, under which circumstances will deliver send a rejection message? 3. Doesn't failure_exit_callback() in deliver.c tend to merge many (possibly dissimilar) errors into the single EX_TEMPFAIL one? And BTW, is that function guaranteed to be always called with an EX_* value? Seems to be the case, but... ;-) TIA for your patience, Axel
[Dovecot] Dovecot Max Connections mbox vs. maildir format - Recommendations?
I had big issues with timeouts until I realize the the imap and mbox format isnt a good choice if your users have huge naiboxes. At my server there were users with mailboxes arount 700MB to over 1GB. each time one of those users checked their email the imap server had to open this huge file and parse it, causing I/O issues. The only solution I found it was switch from mbox format to maildir format. I am changing the subject line to reflect the discussion. I too have a similar case with large mailboxes. My user mix is 70% POP3 vs. 30% IMAP. Would maildir still be the best recommended format? What is the opinion of the experts here? The reason I am asking is that I am preparing to upgrade my mail server to RHEL 5.3. That would mean my Dovecot will be atleast 1.0.7, which should not be bad. If the recommendation is that I go from mbox format to Maildir, I want to plan that as well. However I don't want to land up in a situation where, I have to move back from Maildir to mbox again. So please do advice me on the best. BTW one question: Assuming that my server has enough resources, ( 8 CPU @ 3.0GHz, 8GB RAM, 2Gbps FC Storage directly attached to the server Gigabit NIC) what is the maximum number of concurrent connections that Dovecot can handle POP3 + IMAP combined? And I am asking for all the processes combined: POP3-login processes IMAP-login processes POP3 sessions IMAP sessions Any TCP/IP kernel parameters to be tuned? or maybe in dovecot.conf? Any advice will be immensely valuable to me while doing the migration. Thanks and Regards V S Rao
Re: [Dovecot] Dovecot Max Connections mbox vs. maildir format - Recommendations?
On 24. mai. 2009, at 20.13, V S Rao wrote: I am changing the subject line to reflect the discussion. I too have a similar case with large mailboxes. My user mix is 70% POP3 vs. 30% IMAP. Would maildir still be the best recommended format? What is the opinion of the experts here? The reason I am asking is that I am preparing to upgrade my mail server to RHEL 5.3. That would mean my Dovecot will be atleast 1.0.7, which should not be bad. If the recommendation is that I go from mbox format to Maildir, I want to plan that as well. However I don't want to land up in a situation where, I have to move back from Maildir to mbox again. So please do advice me on the best. IIRC RHEL only supports EXT3, not XFS/JFS and so on. ext3 is nice with large directories only if dir_index is enabled (tune2fs -O dir_index / dev/something). If dir_index is not enabled, ext3 will perform quite terribly with some 1000+ files in a directory. Apart from that, I would guess maildir would be best both for IMAP and POP. roy -- Roy Sigurd Karlsbakk (+47) 97542685 / 98013356 r...@karlsbakk.net http://blogg.karlsbakk.net/ -- I all pedagogikk er det essensielt at pensum presenteres intelligibelt. Det er et elementært imperativ for alle pedagoger å unngå eksessiv anvendelse av idiomer med fremmed opprinnelse. I de fleste tilfeller eksisterer adekvate og relevante synonymer på norsk.
[Dovecot] creating skeleton Maildir
Dear all, when I had a courier installation still in place I used to create the Maildir tree for a new user using its maildirmake (IIRC) utility. Now that I had to rebuild a server from scratch, and using dovecot did not install courier, I have to create Maildirs without that utility. I seem to remember that libexec/imap could be called in a way to create the Maildir and its required subfolders (.Sent, .Drafts, etc). Do I remember correctly? If so what are the command line options? I cannot find pointers in the wiki or elsewhere. If not, I will just create a template and script the whole process. Thanks Giuliano
Re: [Dovecot] [bug] dovecot 1.1.15: segfault after message move
On Wed, 2009-05-20 at 13:47 +0200, Juergen Daubert wrote: May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client-mailbox != NULL) Does this help? http://hg.dovecot.org/dovecot-1.1/rev/68a7068c7675 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] setgid error
On Sun, 2009-05-24 at 12:17 +0200, Roy Sigurd Karlsbakk wrote: mailbox_command = procmail -a $EXTENSION mailbox_transport = dovecot I guess the mailbox_command is ignored and it really uses dovecot transport? What does the dovecot line look like in master.cf? signature.asc Description: This is a digitally signed message part
[Dovecot] Converting mbox files with dots in names to Maildir
I tried to run convert-tool from dovecot-1.2-0.rc2 on a tree of mbox files with some containing dots in the filenames and got this failure: # /usr/libexec/dovecot/convert-tool ken /home/ken mbox:/home/ken/mail maildir:/home/ken/Maildir Error: Mailbox conversion: Couldn't create mailbox Lists.WINE.patches: Mailbox already exists Error: Internal failure *** glibc detected *** /usr/libexec/dovecot/convert-tool: double free or corruption (fasttop): 0x08ce6cc8 *** The directory in question contains these files: # ls Lists/WINE/ announce bugs cvs devel patches patches.20050130 Will I need to go through the (large) file tree and rename all files with dots in the names? If so, anyone have a script that will do that? (Changing the dot to dash would be fine with me.)