Re: [Dovecot] bzip2 compression bug
On Wed, 24 Jun 2009 23:08:43 -0300 (BRT) ferna...@dfcom.com.br wrote: Hi, I compressed many files using bzip2, but in some cases it crashes. I believe that it is related to dovecot indexes. How to reproduce: Inside a Maildir folder without any indexes yet, compress a message with bzip2 and tryes to access it. At my server is showed the error: Jun 24 00:18:20 maildev dovecot: IMAP(x...@xxx): FETCH for mailbox Trash UID 1 failed to read message input: No such file or directory Jun 24 00:18:20 maildev dovecot: IMAP(x...@xxx): Disconnected: BUG: Unknown internal error bytes=329/1050 When I did the same with gzip compression it works as expected (opening the message and creating dovecot indexes). (version, 1.1.16) Compression bzlib/bzip2 supported since version v1.1.2+, as wiki say: Zlib plugin can be used to read compressed mbox and maildir files. Zlib plugin supports compression using zlib/gzip and bzlib/bzip2 (v1.1.2+). Best Regards, Fernando
Re: [Dovecot] dovecot 1.2rc5 fails to authenticate user via GSSAPI
On Thursday 25 June 2009 06:54:48 Michal Hlavinka wrote: On Wednesday 24 June 2009 17:15:31 Timo Sirainen wrote: On Jun 24, 2009, at 9:38 AM, Michal Hlavinka wrote: we're facing problem where dovecot 1.2rc5 is not able to authenticate user via gssapi. (I'm forwarding information from red hat's bugzilla) I guess it has to be because of these patches: http://hg.dovecot.org/dovecot-1.2/rev/ff6378d7b209 http://hg.dovecot.org/dovecot-1.2/rev/601e0382b442 Could you try reverting them and see if it helps? ok, I'll try it asap when I revert those two patches, it works
Re: [Dovecot] Spliting Folders for Efficiency
Timo Sirainen wrote: On Thu, 2007-10-11 at 10:00 +0100, Daniel Watts wrote: .Folder__1.new .Folder__1.cur .Folder__1.tmp and .Folder__2.new .Folder__2.cur .Folder__2.tmp with Dovecot merging them before display as just Folder within the mail client. Virtual folders would enable this, if they're implemented one day.. This could be further extended so that Dovecot could be configured to store 'old' message folders in a separate location. We could then have slower+cheaper+larger storage mounted so that 'old mail' does not take up the expensive local SCSI disks on the machine. Mail from 2 years ago is much less likely to be accessed than mail from the last week. dbox format will support this soon. So that you can configure two (or more) directories for it and then Dovecot will look up the mail files from each of them in order. It would also support automatically moving non-recently accessed mails to the slower dirs. The current dbox implementation in v1.1 supports only one-message-per-file mode so it's quite similar to maildir. The main problem with implementing fast/slow storage for maildir is that the maildir filenames change all the time, so it would waste the slow storage's I/O all the time when trying to figure out if a file is there or not. dbox doesn't have this problem. Hi Timo! Digging up this thread from 2007. Just had another conversation in my company about how to spread old non-accessed files to cheaper slower storage. Is this now feasible? I noticed dbox is now v2.0 but see no reference to virtual folders or auto-archiving etc. Hope you're having a good time State-side! Best wishes, Dan
[Dovecot] Dovecot v1.2rc6 dict-server socket path problem pgsql crash
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I find this in the logs:
2009-06-25 14:10:37 IMAP(dvtest) [29566]: Error:
net_connect_unix(/usr/local/dovecot-1.2.rc6acl-hook2/var/run/dovecot/dict-server)
failed: Permission denied
2009-06-25 14:10:37 IMAP(dvtest) [29566]: Error: acl: dict iteration
failed, can't update dict
although base_dir is just /var/run/dovecot/ .
Dovecot v1.2 changeset: 9157:d14e8b8df025
Conf is attached.
I am trying to get ACL's shared dictionary running:
acl_shared_dict: proxy::acl
dict:
acl:
pgsql:/usr/local/dovecot-1.2.rc6acl-hook2/etc/dovecot-dict-acl-sql.conf
I created the symlink to get map /var/run/dovecot under $install_dir,
then I get a crash:
2009-06-25 14:26:53 dict: Error: pgsql: Connect failed to dovecot: could
not open certificate file /root/.postgresql/postgresql.crt: No such file
or directory
== /var/log/postgresql/postgresql-8.1-main.log ==
2009-06-25 14:26:53 CEST LOG: could not accept SSL connection: peer did
not return a certificate
== /var/log/dovecot/dovecot-1.2.log ==
2009-06-25 14:26:58 dict: Error: pgsql: Connect failed to dovecot: could
not open certificate file /root/.postgresql/postgresql.crt: No such file
or directory
== /var/log/postgresql/postgresql-8.1-main.log ==
2009-06-25 14:26:58 CEST LOG: could not accept SSL connection: peer did
not return a certificate
== /var/log/dovecot/dovecot-1.2.log ==
2009-06-25 14:27:03 dict: Error: dict sql iterate failed: Not connected to
database
2009-06-25 14:27:03 IMAP(dvtest) [29801]: Error:
read(/usr/local/dovecot-1.2.rc6acl-hook2/var/run/dovecot/dict-server)
failed: Remote disconnected
2009-06-25 14:27:03 IMAP(dvtest) [29801]: Error: acl: dict commit failed
2009-06-25 14:27:03 dovecot: Error: child 29802 (dict) killed with signal
11 (core dumps disabled)
My sql-dict.conf is:
connect = host=localhost dbname=dovecot user=dovecot # password=pass
[CUT samples for quota expire]
# CREATE TABLE user_shares (
# from_user varchar(100) not null,
# to_user varchar(100) not null,
# primary key (from_user, to_user)
# );
map {
pattern = shared/shared-boxes/user/$to/$from
table = user_shares
fields {
from_user = $from
to_user = $to
}
}
==
So I changed the connect line into:
connect = dbname=dovecot user=dovecot
into forcing to use the local socket, which seems to work:
2009-06-25 14:37:24 dict: Info: pgsql: Connected to dovecot
but:
2009-06-25 14:37:24 dovecot: Error: child 29986 (dict) killed with signal
11 (core dumped)
2009-06-25 14:37:24 IMAP(dvtest) [29985]: Error:
read(/usr/local/dovecot-1.2.rc6acl-hook2/var/run/dovecot/dict-server)
failed: Remote disconnected
2009-06-25 14:37:24 IMAP(dvtest) [29985]: Error: acl: dict commit failed
== /var/log/postgresql/postgresql-8.1-main.log ==
2009-06-25 14:37:24 CEST LOG: unexpected EOF on client connection
The core's bt full of this latter crash is:
Core was generated by `dict'.
Program terminated with signal 11, Segmentation fault.
#0 0xb7ebe463 in strlen () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt full
#0 0xb7ebe463 in strlen () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#1 0x08065072 in str_append (str=0x806c168, cstr=0x0) at str.c:91
No locals.
#2 0x080509ef in sql_dict_set_query (build=0xbffe8c34) at dict-sql.c:536
dict = (struct sql_dict *) 0x8076e08
sql_fields = value optimized out
extra_values = value optimized out
i = 0
prefix = (string_t *) 0x806c168
suffix = (string_t *) 0x806c1d8
__PRETTY_FUNCTION__ = sql_dict_set_query
#3 0x080518a4 in sql_dict_set (_ctx=0x8080028, key=0x806c032
shared/shared-boxes/user/dvtest2/dvtest, value=0x806c05a 1) at
dict-sql.c:648
build = {dict = 0x8076e08, fields = {arr = {buffer = 0x806c130,
element_size = 8}, v = 0x806c130, v_modifiable = 0x806c130},
extra_values = 0xbffe8c50, key1 = 115 's', inc = false}
field = {map = 0x8076ed8, value = 0x806c05a 1}
query = value optimized out
_data_stack_cur_id = 4
ctx = value optimized out
dict = value optimized out
map = value optimized out
values = {arr = {buffer = 0x806c0f0, element_size = 4}, v =
0x806c0f0, v_modifiable = 0x806c0f0}
#4 0x08052460 in dict_set (ctx=0x8080028, key=0x806c032
shared/shared-boxes/user/dvtest2/dvtest, value=0x806c05a 1) at
dict.c:168
__PRETTY_FUNCTION__ = dict_set
#5 0x0804f355 in cmd_set (conn=0x8075bc8, line=0x8075df8
2\tshared/shared-boxes/user/dvtest2/dvtest\t1) at dict-server.c:288
trans = (struct dict_server_transaction *) 0x8080118
#6 0x0804fbf9 in dict_client_connection_input (conn=0x8075bc8) at
dict-server.c:458
_data_stack_cur_id = 3
line = 0x8075df7 S2\tshared/shared-boxes/user/dvtest2/dvtest\t1
i = 6
ret = value optimized out
#7 0x0805e2d0 in io_loop_handler_run (ioloop=0x8074a38) at
ioloop-epoll.c:208
ctx = value
Re: [Dovecot] Dovecot v1.2rc6 dict-server socket path problem pgsql crash (crash source found)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 25 Jun 2009, Steffen Kaiser wrote:
2009-06-25 14:27:03 IMAP(dvtest) [29801]: Error: acl: dict commit failed
2009-06-25 14:27:03 dovecot: Error: child 29802 (dict) killed with signal
11 (core dumps disabled)
Ah, the crash is resulted from omitting value_field.
I changed the conf as follows:
map {
pattern = shared/shared-boxes/user/$to/$from
table = user_shares
value_field = dummy
fields {
from_user = $from
to_user = $to
}
}
and added the column dummy with type TEXT.
Regards,
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSkN8wnWSIuGy1ktrAQLtqwf9GfO4UEwWrG/1ZdaWlRlHpNtcbewwQ6VK
PIfIVnyBosbQR+gDtmRrKEQCs3GUXAuHkdujUJZ9kckivXE/5x0m6ouT/ypeh+TJ
z3aWjpKR/Vny7kZ7YccuO0W2+0MMU3I+iQDj1f8g3kIM36UfKMdPWmpxWXioOkE2
HGBboSQ2bLUZhOlVTN4FM16VBDI77meW1dCw9l0TxyNpjbnJXctva4JARVCFU8r+
m3I6pldyZaxcMZpaXQNBJy6SRJjI3BnoV2EpbEIQuGUMakYxrA2cz5nE3+MJ+QFl
5gRKWhjYNLNEQIZd0ltd6AH0lN/D4qRb5DCFMB9BxyVlLFb2vVcD+Q==
=W3H+
-END PGP SIGNATURE-
[Dovecot] Dovecot v1.2 ACL shared-boxes users in SQL, how to remove entries?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I noticed that entries added to the ACL dict are not removed, when an user no longer has explicit ACLs to another user, e.g.: [at the beginning no ACLs for user] 1 login testuser pwd 2 setacl INBOX user lp 3 deleteacl INBOX user Although user has no ACLs of mailfolders of testuser, the user-testuser relation is still in the DB and upon login of user the ACLs in user's Maildir is consulted. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSkN+VHWSIuGy1ktrAQLR8ggAjmyUvByjz/acGoQzXahh4dr4/+FT9bx+ FU9ze1dK9ZgFWW+SkBrgmMW6ayu77rHG3Qp66ONAgJFRmBv+w6G8IJA8yueD/8z4 ZsGN1ekQxBwqAJWnGyMAVNiksRwE0SFUNAoTIKfjOLE21fQhiI6aGpdFWqP89/Vb jITOQ0+woAm2g2DvCBEMRXRZoFZGO8UCX6RCXaaqGV0c7mEkwRn/cSB/EimTTHr1 lkGXtjpJJ7u9d5apSK2TX5FFKPmKgU9G4rCzMvG9sNB808dwvtnaNBCii3btlxRT 5UBIji4PBx7zs6APctIjfsuMg5yiMg92ip9SBMYnBZ2BmmCMzDu9iA== =gAST -END PGP SIGNATURE-
[Dovecot] Sieve/ManageSieve integration into pkgsrc
I'm integrating Sieve (the new one) and ManageSieve into wip/dovecot. Currently, this works as dovecot options because dovecot must be built before sieve can be configured and sieve must be built before managesieve can be configured/built. Now, the question arose what the long-term solution (in pkgsrc) should be. To my understanding, with dovecot 2.0, ManageSieve will no longer need to patch dovecot. But what about both Sieve and ManageSieve depending on doevcot sources in order to build (or on libraries dovecot only builds internally)? The preferred way (for pkgsrc) would be if both Sieve and ManageSieve could be built as stand-alone packages and not needing a dovecot source tree to build. What's the long-term plan for Sieve/ManageSieve in this respect? The pkgsrc infrastructure (intentionally) doesn't like a package depending on anothers package working directory in order to build. So with these cross-dependencies, the only pkgsrc ways to go would be either to build it all as one package with options (that's what I currently do) or extract, patch, configure and build dovecot inside a sieve package.
[Dovecot] Lots of pop3-logins
Hello, Doing a ps aux on my Slackware box, I have approx 100 PID's of pop3-login's going on. This is a production mail server, but it is getting VERY low traffic. In fact, only 3 people can pop3 into it. I've check their e-mail clients, and they are not checking mail any more often than every 5 minutes. This is a new installation and I've had the server up and running since Sunday. If it matters, I'm using Postfix for the MTA and using the Dovecot SASL library to AUTH SMTP. Is this a cause for concern? Why does Dovecot need this many processes? Thanks! Rodman
Re: [Dovecot] Lots of pop3-logins
On Qui, 2009-06-25 at 09:07 -0500, Rodman Frowert wrote: Hello, Doing a ps aux on my Slackware box, I have approx 100 PID's of pop3-login's going on. This is a production mail server, but it is getting VERY low traffic. In fact, only 3 people can pop3 into it. I've check their e-mail clients, and they are not checking mail any more often than every 5 minutes. This is a new installation and I've had the server up and running since Sunday. If it matters, I'm using Postfix for the MTA and using the Dovecot SASL library to AUTH SMTP. Is this a cause for concern? Why does Dovecot need this many processes? Because dovecot preforks the *-login processes to speed-up the login. No need to worry. -- Jose Celestino SAPO.pt::Systems http://www.sapo.pt - * Progress (n.): The process through which Usenet has evolved from smart people in front of dumb terminals to dumb people in front of smart terminals.
Re: [Dovecot] Sieve/ManageSieve integration into pkgsrc
On Thu, Jun 25, 2009 at 03:43:09PM +0200, Edgar Fuß wrote: I'm integrating Sieve (the new one) and ManageSieve into wip/dovecot. Currently, this works as dovecot options because dovecot must be built before sieve can be configured and sieve must be built before managesieve can be configured/built. Now, the question arose what the long-term solution (in pkgsrc) should be. To my understanding, with dovecot 2.0, ManageSieve will no longer need to patch dovecot. But what about both Sieve and ManageSieve depending on doevcot sources in order to build (or on libraries dovecot only builds internally)? The preferred way (for pkgsrc) would be if both Sieve and ManageSieve could be built as stand-alone packages and not needing a dovecot source tree to build. What's the long-term plan for Sieve/ManageSieve in this respect? The pkgsrc infrastructure (intentionally) doesn't like a package depending on anothers package working directory in order to build. So with these cross-dependencies, the only pkgsrc ways to go would be either to build it all as one package with options (that's what I currently do) or extract, patch, configure and build dovecot inside a sieve package. See also http://www.dovecot.org/list/dovecot/2007-August/024504.html which enabled pkgsrc to build the dovecot-sieve plugin (the old one) against an installed dovecot instance with only liblib.a installed additionally. Geert -- Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F This e-mail was composed using 100% recycled spam messages!
Re: [Dovecot] Lots of pop3-logins
Jose, Thank you for your reply. Makes me feel better everything is working properly and resources aren't being wasted. Thank you! Rodman - Original Message - From: Jose Celestino j...@co.sapo.pt To: Rodman Frowert rod...@thefrowerts.com Cc: dovecot@dovecot.org Sent: Thursday, June 25, 2009 9:34 AM Subject: Re: [Dovecot] Lots of pop3-logins On Qui, 2009-06-25 at 09:07 -0500, Rodman Frowert wrote: Hello, Doing a ps aux on my Slackware box, I have approx 100 PID's of pop3-login's going on. This is a production mail server, but it is getting VERY low traffic. In fact, only 3 people can pop3 into it. I've check their e-mail clients, and they are not checking mail any more often than every 5 minutes. This is a new installation and I've had the server up and running since Sunday. If it matters, I'm using Postfix for the MTA and using the Dovecot SASL library to AUTH SMTP. Is this a cause for concern? Why does Dovecot need this many processes? Because dovecot preforks the *-login processes to speed-up the login. No need to worry. -- Jose Celestino SAPO.pt::Systems http://www.sapo.pt - * Progress (n.): The process through which Usenet has evolved from smart people in front of dumb terminals to dumb people in front of smart terminals.
[Dovecot] dovecot-acl-list not honouring owner / permissions that are set on dovecot-shared
Hi, I've just upgraded our dovecot installation from 1.0.15 to 1.1.13. This went smoothly and just worked -- thank you very much for writing such a high performance and robust piece of software. However, we have a shared mailbox that people can subscribe to. After upgrading to 1.1.13 ... dovecot tries to create a dovecot-acl-list file in the top level of this ... but it creates it chown'd to the first logged in user with a umask of -rw- --- --- A. -rw--- 1 userA shared 17179 2009-06-25 11:10 /home/imapshared/SharedMaildir/dovecot-acl-list Everyone else who tried to access the shared folder (and hence dovecot tried to read / update the dovecot-acl-list file) caused an error to be logged to the error.log I changed the permissions (once I realised what had gone wrong) to match those on the dovecot-shared file and all was well as everyone can now read/update it. B. -rw-rw 1 imapshared shared 17179 2009-06-25 11:19 /home/imapshared/SharedMaildir/dovecot-acl-list -rw-rw 1 imapshared shared 0 2008-04-25 13:20 /home/imapshared/SharedMaildir/dovecot-shared Also from time to time the permissions seem to get changed back on dovecot-acl-list inexplicably to those in situation A -- usually following a restart of dovecot but I haven't been able to reproduce this reliably. This seems like a bug to me ... do you agree / is there a sensible work-around? The declaration in dovecot.conf for the shared namespace sets user specific CONTROL and INDEX locations so that users can independently subscribe to folders and mark messages as read on an individual basis. Many thanks, Stu.
Re: [Dovecot] Lots of pop3-logins
Hello, Doing a ps aux on my Slackware box, I have approx 100 PID's of pop3-login's going on. This is a production mail server, but it is getting VERY low traffic. In fact, only 3 people can pop3 into it. I've check their e-mail clients, and they are not checking mail any more often than every 5 minutes. This is a new installation and I've had the server up and running since Sunday. If it matters, I'm using Postfix for the MTA and using the Dovecot SASL library to AUTH SMTP. Is this a cause for concern? Why does Dovecot need this many processes? Because dovecot preforks the *-login processes to speed-up the login. No need to worry. 100 login sessions for just 3 connections? That is not right, no matter what. There is definitely some issue. Once the load increases the system will start timing out on POP3 connections or other network connections, such as IMAP, SSH etc. Better check out the system logs, utilization etc. for any abnormal values. Regards Rao
Re: [Dovecot] dovecot-acl-list not honouring owner / permissions that are set on dovecot-shared
On Thu, 2009-06-25 at 12:07 +0100, Stuart Rowan wrote: However, we have a shared mailbox that people can subscribe to. After upgrading to 1.1.13 ... dovecot tries to create a dovecot-acl-list file in the top level of this ... but it creates it chown'd to the first logged in user with a umask of -rw- --- --- A. -rw--- 1 userA shared 17179 2009-06-25 11:10 /home/imapshared/SharedMaildir/dovecot-acl-list See if setting umask = 0007 to dovecot.conf helps? With v1.2+ this is no longer necessary. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Lots of pop3-logins
On Qui, 2009-06-25 at 10:01 -0700, V S Rao wrote: Hello, Doing a ps aux on my Slackware box, I have approx 100 PID's of pop3-login's going on. This is a production mail server, but it is getting VERY low traffic. In fact, only 3 people can pop3 into it. I've check their e-mail clients, and they are not checking mail any more often than every 5 minutes. This is a new installation and I've had the server up and running since Sunday. If it matters, I'm using Postfix for the MTA and using the Dovecot SASL library to AUTH SMTP. Is this a cause for concern? Why does Dovecot need this many processes? Because dovecot preforks the *-login processes to speed-up the login. No need to worry. 100 login sessions for just 3 connections? That is not right, no matter what. No, login_processes_count matters. -- Jose Celestino SAPO.pt::Systems http://www.sapo.pt - * Progress (n.): The process through which Usenet has evolved from smart people in front of dumb terminals to dumb people in front of smart terminals.
Re: [Dovecot] Dovecot v1.2 ACL shared-boxes users in SQL, how to remove entries?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 25 Jun 2009, Steffen Kaiser wrote: I noticed that entries added to the ACL dict are not removed, when an user no longer has explicit ACLs to another user, e.g.: [at the beginning no ACLs for user] 1 login testuser pwd 2 setacl INBOX user lp 3 deleteacl INBOX user Although user has no ACLs of mailfolders of testuser, the user-testuser relation is still in the DB and upon login of user the ACLs in user's Maildir is consulted. Can/should remove Dovecot the dict entry, if user logins and Dovecot detects that there are no ACLs on mailfolders of testuser for user? Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSkOr53WSIuGy1ktrAQLFqwf/cgjgbEAuVqgCkyjcVOiPMPkVkQ7dn63Z Rd9FqPKPSUd8T3fR9uRwfOCz6KGUpESX9TqzFxuEYVbooTMZijQQ9p1lL1sFY7dD 9ScFaZoGzmV8QyZEYOIzWyU29GztGUqfMbLld6WI2nSsLuxHWryx6J/Gq44jAiVp WVUK8efUtNqubYre770gO5NrrzFNnJEgnjIvhyBZKikw8GnY10MwFfDP/+VGMmUZ F4sbFoZwOH1WfYAZtph7FhPF7uEMcHtT/9Uez3egV+v1sBzP59EtErUh0a9Vrjef l76OyYpzuXtDGar/e1suARnAXt9Q/vuvGygvtagFu2xqRb3ZEoE6VQ== =rgCG -END PGP SIGNATURE-
Re: [Dovecot] Lots of pop3-logins
On Jun 25, 2009, at 10:07 AM, Rodman Frowert wrote: Doing a ps aux on my Slackware box, I have approx 100 PID's of pop3-login's going on. This is a production mail server, but it is getting VERY low traffic. In fact, only 3 people can pop3 into it. I've check their e-mail clients, and they are not checking mail any more often than every 5 minutes. This is a new installation and I've had the server up and running since Sunday. If it matters, I'm using Postfix for the MTA and using the Dovecot SASL library to AUTH SMTP. Is this a cause for concern? Why does Dovecot need this many processes? Take a look at your log file. Is there a dictionary attack taking place? I get this all the time. I want to find these little cracker kiddies and break their fingers. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] dovecot-acl-list not honouring owner / permissions that are set on dovecot-shared
Timo Sirainen wrote: On Thu, 2009-06-25 at 12:07 +0100, Stuart Rowan wrote: However, we have a shared mailbox that people can subscribe to. After upgrading to 1.1.13 ... dovecot tries to create a dovecot-acl-list file in the top level of this ... but it creates it chown'd to the first logged in user with a umask of -rw- --- --- A. -rw--- 1 userA shared 17179 2009-06-25 11:10 /home/imapshared/SharedMaildir/dovecot-acl-list See if setting umask = 0007 to dovecot.conf helps? With v1.2+ this is no longer necessary. Well that problem has not reoccurred yet today but I've made the change you suggest anyway. Now we're on to: dovecot: 2009-06-25 18:50:15 Error: IMAP(strr): fchown() failed with file /home/local/strr/Maildir/index/Archive/.junk/dovecot.index.log: Operation not permitted dovecot: 2009-06-25 18:54:15 Error: IMAP(strr): fchown() failed with file /home/local/strr/Maildir/index/Archive/.junk/dovecot.index.log: Operation not permitted Bizarrely the similarly placed .junk-2008 folder has no problems creating the 'strr' specific index files. I've tried deleting the folders / files and chowning/chmodding until I'm blue in the face and since the umask change they are now created with a umask of 0007 ... but the error keeps coming back in the logs. Let me know if you need more information Cheers, Stu.
Re: [Dovecot] dovecot-acl-list not honouring owner / permissions that are set on dovecot-shared
On Thu, 2009-06-25 at 19:01 +0100, Stuart Rowan wrote: dovecot: 2009-06-25 18:50:15 Error: IMAP(strr): fchown() failed with file /home/local/strr/Maildir/index/Archive/.junk/dovecot.index.log: Operation not permitted Do you have .junk/dovecot-shared file? It tries to preserve its group in all created files. Setting g+s to it makes it not to preserve the group. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Lots of pop3-logins
Doing a ps aux on my Slackware box, I have approx 100 PID's of pop3-login's going on. This is a production mail server, but it is getting VERY low traffic. In fact, only 3 people can pop3 into it. I've check their e-mail clients, and they are not checking mail any more often than every 5 minutes. This is a new installation and I've had the server up and running since Sunday. If it matters, I'm using Postfix for the MTA and using the Dovecot SASL library to AUTH SMTP. Is this a cause for concern? Why does Dovecot need this many processes? Because dovecot preforks the *-login processes to speed-up the login. No need to worry. 100 login sessions for just 3 connections? That is not right, no matter what. No, login_processes_count matters. How? If my understanding is correct, you have extra 3 login processes created to cater to new connections. So with only 3 POP3 users, why should so many login processes be spawned? I can understand 10-15. But 100 definitely indicates either the processes are not dying or something else happening on the system which is causing such high number of login processes. The system definitely needs to be checked for some kind of attack, a rogue process running on the system or something else. Regards --Rao
Re: [Dovecot] Capability COMPRESS implemented?
Nikolay Shopik wrote: To make it easy for people search which standards TB is supported I've keep updated wiki page. https://wiki.mozilla.org/MailNews:Supported_IMAP_extensions This is very interesting - thanks! Some really good stuff on the cusp of making it into TB. I really like the look of XLIST - this solves a minor issue which has come up a few times on the list, mainly with naming of Sent vs Sent Items folders. Timo normally chimes in pretty fast on these types of questions - Any chance of a yay/nay on the COMPRESS option Timo? Cheers Ed W
Re: [Dovecot] Capability COMPRESS implemented?
On 25.06.2009 23:16, Ed W wrote: I really like the look of XLIST - this solves a minor issue which has come up a few times on the list, mainly with naming of Sent vs Sent Items folders. This is something what should be in IMAP since 90s when it was growing up. Still XLIST not even RFC yet, but already solves probably one of biggest downside of IMAP.
Re: [Dovecot] Lots of pop3-logins
You can also just decrease login_process_max_count. If Dovecot reaches the limit, it'll just start killing off old connections that haven't logged in. And yeah, some day I should also make Dovecot kill some of the login processes after many of them have been idling for a while. On Thu, 2009-06-25 at 14:33 -0500, Rodman Frowert wrote: Well, after going through my log files, I was hit with a dictionary based attack. My maillog is full of about 20,000 lines of crap like this: Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=warren, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=williams, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=www, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 Jun 21 23:06:05 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=wilson, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 Jun 21 23:06:05 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=willy, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 Jun 21 23:06:05 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=valerie, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 Starts with A and runs all the way to Z. The IP traces back to cable modem subscriber on Cox Communications out of Arizona. I'll shoot them off my standard attack e-mail. In the meantime, I need to modify fail2ban so that it checks the maillog for failed pop3 auth logins and bans IP's so this won't happen again. Rodman - Original Message - From: V S Rao viriy...@yahoo.com To: dovecot@dovecot.org Sent: Thursday, June 25, 2009 1:15 PM Subject: Re: [Dovecot] Lots of pop3-logins Doing a ps aux on my Slackware box, I have approx 100 PID's of pop3-login's going on. This is a production mail server, but it is getting VERY low traffic. In fact, only 3 people can pop3 into it. I've check their e-mail clients, and they are not checking mail any more often than every 5 minutes. This is a new installation and I've had the server up and running since Sunday. If it matters, I'm using Postfix for the MTA and using the Dovecot SASL library to AUTH SMTP. Is this a cause for concern? Why does Dovecot need this many processes? Because dovecot preforks the *-login processes to speed-up the login. No need to worry. 100 login sessions for just 3 connections? That is not right, no matter what. No, login_processes_count matters. How? If my understanding is correct, you have extra 3 login processes created to cater to new connections. So with only 3 POP3 users, why should so many login processes be spawned? I can understand 10-15. But 100 definitely indicates either the processes are not dying or something else happening on the system which is causing such high number of login processes. The system definitely needs to be checked for some kind of attack, a rogue process running on the system or something else. Regards --Rao signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot-acl-list not honouring owner / permissions that are set on dovecot-shared
Timo Sirainen wrote: On Thu, 2009-06-25 at 19:01 +0100, Stuart Rowan wrote: dovecot: 2009-06-25 18:50:15 Error: IMAP(strr): fchown() failed with file /home/local/strr/Maildir/index/Archive/.junk/dovecot.index.log: Operation not permitted Do you have .junk/dovecot-shared file? It tries to preserve its group in all created files. Setting g+s to it makes it not to preserve the group. It had a group of root instead of the correct group (stupid me for not spotting this all day) ... having just done chgrp all is well. Timo, thank you -- that's what I call support :-) Cheers, Stu.
Re: [Dovecot] Lots of pop3-logins
I'll go ahead and lower that limit to something that fits my usage better. Thanks Timo! You built a hell of a mail server. Rodman - Original Message - From: Timo Sirainen t...@iki.fi To: Rodman Frowert rod...@thefrowerts.com Cc: dovecot@dovecot.org Sent: Thursday, June 25, 2009 2:46 PM Subject: Re: [Dovecot] Lots of pop3-logins
Re: [Dovecot] Lots of pop3-logins
On Jun 25, 2009, at 3:46 PM, Timo Sirainen wrote: You can also just decrease login_process_max_count. If Dovecot reaches the limit, it'll just start killing off old connections that haven't logged in. I don't see this option in my dovecot.conf. Was it added after 1.1.6? -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] Capability COMPRESS implemented?
Timo Sirainen wrote: On Thu, 2009-06-25 at 20:16 +0100, Ed W wrote: Timo normally chimes in pretty fast on these types of questions - Any chance of a yay/nay on the COMPRESS option Timo? Maybe. I'm kind of busy with other stuff though.. Understood Please take it as a +1 interested here. I guess you don't take external paid work now... Cheers Ed W
Re: [Dovecot] Lots of pop3-logins
On Qui, 2009-06-25 at 11:15 -0700, V S Rao wrote: Doing a ps aux on my Slackware box, I have approx 100 PID's of pop3-login's going on. This is a production mail server, but it is getting VERY low traffic. In fact, only 3 people can pop3 into it. I've check their e-mail clients, and they are not checking mail any more often than every 5 minutes. This is a new installation and I've had the server up and running since Sunday. If it matters, I'm using Postfix for the MTA and using the Dovecot SASL library to AUTH SMTP. Is this a cause for concern? Why does Dovecot need this many processes? Because dovecot preforks the *-login processes to speed-up the login. No need to worry. 100 login sessions for just 3 connections? That is not right, no matter what. No, login_processes_count matters. How? If my understanding is correct, you have extra 3 login processes created to cater to new connections. So with only 3 POP3 users, why should so many login processes be spawned? I can understand 10-15. But 100 definitely indicates either the processes are not dying or something else happening on the system which is causing such high number of login processes. The system definitely needs to be checked for some kind of attack, a rogue process running on the system or something else. If you don't change the defaults that's right. But the *-login processes will never be less than login_processes_count so it does matter. And, as timo pointed out, you can put a upper limit with login_max_processes_count. My idle box has 64 imap-login processes and no, I'm not under a dictionary attack :) -- Jose Celestino SAPO.pt::Systems http://www.sapo.pt - * Progress (n.): The process through which Usenet has evolved from smart people in front of dumb terminals to dumb people in front of smart terminals.
Re: [Dovecot] Capability COMPRESS implemented?
On Thu, 2009-06-25 at 21:49 +0100, Ed W wrote: Timo normally chimes in pretty fast on these types of questions - Any chance of a yay/nay on the COMPRESS option Timo? Maybe. I'm kind of busy with other stuff though.. Understood Please take it as a +1 interested here. I guess you don't take external paid work now... Yeah, not for next half a year at least. Anyway, it would basically need istream and ostream implementations for zlib. istream implementation kind of already exists in zlib plugin, except it's using gz*() functions instead of doing everything in memory. So: - create zlib istream using zlib's deflate*() functions (I think?) and which takes another istream as input - convert zlib plugin to use that stream instead - implement zlib ostream - create yet another proxy to login processes. Probably some day I should combine all of them to one that only proxies i/ostreams. Although implementing SSL i/ostreams could be a bit difficult. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Lots of pop3-logins
On Thu, 2009-06-25 at 15:46 -0400, Timo Sirainen wrote: You can also just decrease login_process_max_count. If Dovecot reaches the limit, it'll just start killing off old connections that haven't logged in. What would be nice is, an anti brute force option, like xinetd, X-number of connections from Y i.p. in Z seconds (optional setting of course) or maybe a way to extend that to detect if the same i.p is retrying constantly using different usernames on every new connection within X seconds, come to think of it, that way would be much cooler :) Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=warren, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=williams, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=www, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2
Re: [Dovecot] Capability COMPRESS implemented?
Timo Sirainen wrote: On Thu, 2009-06-25 at 21:49 +0100, Ed W wrote: Timo normally chimes in pretty fast on these types of questions - Any chance of a yay/nay on the COMPRESS option Timo? Maybe. I'm kind of busy with other stuff though.. Understood Please take it as a +1 interested here. I guess you don't take external paid work now... Yeah, not for next half a year at least. Anyway, it would basically need istream and ostream implementations for zlib. istream implementation kind of already exists in zlib plugin, except it's using gz*() functions instead of doing everything in memory. So: I might have missed the subtleties since it's a while since I wrote anything against the gz interface, but there shouldn't be much difference between interfaces I think? The only difference is where the buffering is going surely? The naive implementation would flush whenever you would normally flush the net buffers, but the notes in the RFC point out that you can in fact shoot for some clever stuff and vary your compression params according to the type of data. Having tried all this stuff a bunch I can say that it's a good thought, but unless you are hyper bandwidth constrained then zlib uses such small buffers that it's really not likely to make more than a tiny difference... (and if you are mega bandwidth constrained then don't use IMAP at all...) Hope you will put it on your TODO anyway... (pretty please...) FWIW I notice a significant speedup using our compressing proxy over even a 10mbit connection, so I am pretty sure this will lead to a significant improvement in response speeds for a lot of folks Ed W
Re: [Dovecot] Lots of pop3-logins
--On Friday, June 26, 2009 8:48 AM +1000 Noel Butler noel.but...@ausics.net wrote: What would be nice is, an anti brute force option, like xinetd, X-number of connections from Y i.p. in Z seconds (optional setting of course) or maybe a way to extend that to detect if the same i.p is retrying constantly using different usernames on every new connection within X seconds, come to think of it, that way would be much cooler :) Some good discussion about fighting dictionary attacks here: http://www.codinghorror.com/blog/archives/001206.html
Re: [Dovecot] Lots of pop3-logins
On Fri, 2009-06-26 at 07:48 +1000, Noel Butler wrote: What would be nice is, an anti brute force option, like xinetd, X-number of connections from Y i.p. in Z seconds (optional setting of course) or maybe a way to extend that to detect if the same i.p is retrying constantly using different usernames on every new connection within X seconds, come to think of it, that way would be much cooler :) v2.0 makes it possible in a lot easier way. Maybe I'll get it implemented there. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Lots of pop3-logins
On Thu, 2009-06-25 at 18:31 -0400, Timo Sirainen wrote: On Fri, 2009-06-26 at 07:48 +1000, Noel Butler wrote: What would be nice is, an anti brute force option, like xinetd, X-number of connections from Y i.p. in Z seconds (optional setting of course) or maybe a way to extend that to detect if the same i.p is retrying constantly using different usernames on every new connection within X seconds, come to think of it, that way would be much cooler :) v2.0 makes it possible in a lot easier way. Maybe I'll get it implemented there. That would be awesome :) Cheers
