Re: [Dovecot] Released Sieve v0.1.11 and ManageSieve v0.11.8 for Dovecot v1.2.3
Hello Dovecot users, Hi, Apart from unfinished development of the date extension, this is a set of bug-fix releases. A few portability issues were found, a few stupidities were fixed and the ManageSieve proxy now also works with TLS. Most notably, the include extension had an issue regarding the expansion of $HOME in the personal include path. I've built a project site at: http://pigeonhole.dovecot.org Changelog Sieve v0.1.11: + Built skeleton implementation for the date extension (RFC5260). It compiles, but it does not do anything useful yet. Therefore, it is not part of the default compilation. - Fixed ARM portability issues caused by char type not being signed on that platform. Reading optional operands from a binary would fail for action side effects. Also, an accidental mixup of an int return type with bool caused the interpreter to continue on ARM even though an error occured. - Removed direct stdint.h includes to prevent portability issues. - Fixed segfault bug in the handling of script open failures. - Include: improved user error messages and system log messages. - Fixed copy-paste mixup between sieve_after and sieve_before settings in the LDA Sieve plugin. If only a sieve_after script was active, nothing would have been executed. Patch by Mike Abbott. - Include: fixed a bug in HOME substitution in the sieve_dir path. Surfaced in ManageSieve. ... Have fun testing the new releases and don't hesitate to notify me when there are problems. build process for Sieve fails when --with-unfinished-features option is set: ... make[2]: Entering directory `/home/mihl/myroot/job/cvsf/dovecot/devel/dovecot-1.2.3/dovecot-1.2- sieve-0.1.11' make[2]: *** No rule to make target `doc/man/sieve-filter.1', needed by `all- am'. Stop. without this it works. Regards, Michal Hlavinka
[Dovecot] how secure is Dovecot when exposed to the Internet?
$ dovecot -n # 1.1.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.28-11-server x86_64 Ubuntu 9.04 protocols: imap imaps managesieve I need to make an IMAP (actually imaps) server available over the Internet. Unfortunately, VPN is not available (not all clients support VPN), so I will have to expose the imaps port to the Internet. My question is: how reliable is Dovecot in such a setup? I am not talking about encryption (protecting the traffic between server and client). I am talking about having the daemon exposed to anything coming in from the Internet, buffer overflows and stuff like that. What's the security history of this software in situations like this? -- Florin Andrei http://florin.myip.org/
Re: [Dovecot] how secure is Dovecot when exposed to the Internet?
On Aug 10, 2009, at 2:55 AM, Florin Andrei wrote: My question is: how reliable is Dovecot in such a setup? I am not talking about encryption (protecting the traffic between server and client). I am talking about having the daemon exposed to anything coming in from the Internet, buffer overflows and stuff like that. What's the security history of this software in situations like this? http://dovecot.org/security.html
Re: [Dovecot] how secure is Dovecot when exposed to the Internet?
Timo Sirainen wrote: http://dovecot.org/security.html OK, that's pretty convincing. Thanks. -- Florin Andrei http://florin.myip.org/
Re: [Dovecot] Released Sieve v0.1.11 and ManageSieve v0.11.8 for Dovecot v1.2.3
On Mon, 10 Aug 2009, Michal Hlavinka wrote: build process for Sieve fails when --with-unfinished-features option is set: ... make[2]: Entering directory `/home/mihl/myroot/job/cvsf/dovecot/devel/dovecot-1.2.3/dovecot-1.2- sieve-0.1.11' make[2]: *** No rule to make target `doc/man/sieve-filter.1', needed by `all- am'. Stop. I have added a dummy sieve-filter.1 file to get it going. See the attachment. -- Wolfgang Friebel Deutsches Elektronen-Synchrotron DESY Phone/Fax: +49 33762 77372/216Platanenallee 6 Mail: Wolfgang.Friebel AT desy.de D-15738 Zeuthen Germany.TH SIEVE-FILTER 1 8 August 2009 .SH NAME sieve-filter \- Sieve filter for the Dovecot secure IMAP server .SH SYNOPSIS sieve-filter [\fB-c\fR] [\fB-m\fR \fIdefault-mailbox\fR] [\fB-s\fR \fIscript-file\fR] [\fB-x\fR \fIextension extension ...\fR] \fIscript-file\fR \fImail-store\fR \fI[dest-mail-store]\fR .SH DESCRIPTION .PP The \fBsieve-filter\fP command is part of the Sieve implementation for the Dovecot secure IMAP server. Sieve (RFC 5228) is a simple and highly extensible language for filtering e-mail messages. It can be implemented for any type of mail access protocol, mail architecture and operating system. The language cannot execute external programs and in its basic form it does not provide the means to cause infinite loops, making it suitable for running securely on mail servers where mail users have no permission run arbitrary programs. .PP Using the \fBsieve-filter\fP command, bla bla (to be done) .SH OPTIONS .TP \fB-c\fP Force compilation. By default, the compiled binary is stored on disk. When this binary is found during the next execution of \fBsieve-filter\fP and its modification time is more recent than the script file, it is used and the script is not compiled again. This option forces the script to be compiled, thus ignoring any present binary. Refer to \fBsievec\fP(1) for more information about Sieve compilation. .TP \fB-m\fP \fIdefault-mailbox\fP The mailbox where the keep action stores the message. This is INBOX by default. \fB-s\fP \fIscript-file\fP Specify additional scripts to be executed before the main script. Multiple \fB-s\fP arguments are allowed and the specified scripts are executed sequentially in the order specified at the command line. .TP \fB-x\fP \fIextension extension ...\fP Set the available extensions. The parameter is a space-separated list of the active extensions. By prepending the extension identifiers with \fB+\fP or \fB-\fP, extensions can be included or excluded relative to the default set of extensions. If no extensions have a \fB+\fP or \fB-\fP prefix, only those extensions that are explicitly listed will be enabled. Unknown extensions are ignored and a warning is produced. By default, all supported extensions are available, except for deprecated extensions or those that are still under development. For example \fB-x\fP +imapflags -enotify will enable the deprecated imapflags extension along with all extensions that are available by default, except for the enotify extension. .SH DEBUG SUPPORT .PP To improve script debugging, the Sieve command line tools such as \fBsieve-filter\fP support a custom Sieve language extension called 'vnd.dovecot.debug'. It adds the \fBdebug_print\fP command that allows printing debug messages to \fBstdout\fP. .PP Example: .PP require vnd.dovecot.debug; .PP if header :contains subject hello { .PP debug_print Subject header contains hello!; .PP } .PP Other tools like \fBsievec\fP and \fBsieved\fP also recognize the vnd.dovecot.debug extension. In contrast, the actual Sieve plugin for the Dovecot LDA does not allow the use of the debug extension. So, keep in mind that scripts and compiled binaries that refer to de debug extension will fail to be run by the Sieve plugin itself. .PP Note that it is not necessary to enable nor possible to disable the availability of the debug extension with the \fB-x\fP option. .SH AUTHOR .PP The Sieve implementation for Dovecot was written by Stephan Bosch step...@rename-it.nl. .PP Dovecot was written by Timo Sirainen t...@iki.fi. .SH SEE ALSO .BR sievec (1), .BR sieved (1)
Re: [Dovecot] More effective mailbox fetching over high RTT link
Timo Sirainen t...@iki.fi wrote: On Sun, 2009-08-09 at 22:20 +0200, Andrzej Adam Filip wrote: Could you offer some suggestion how to fetch mailbox content over high RTT link (with negligible packet loss)? Currently I use IMAP+IDLE *but* it fails to use full available bandwidth due to high RTT and send command wait for response nature of POP3 and IMAP4 protocols. I'm not entirely sure what you want. Download all new messages automatically whenever they show up? It is maximum version of what I would like to get. ( maximum: IMAP+IDLE equivalent, acceptable: faster POP3) And by mailbox do you mean user or folder? So would you want to download all new mails in all folders? One folder is acceptable. All folders would be nice. And is it ok to create your own software to do the downloading? I was thinking about creating perl script for the task. If all of them were yes, the best you could right now would be to set up a virtual all mailbox containing all mailboxes. Then in IDLE you'd see whenever new messages pop up and then issue FETCH n:* BODY.PEEK[] or whatever. There's also IMAP NOTIFY extension that would allow your client to ask server to immediately send the message body instead of the client having to ask for it. But Dovecot doesn't currently support that. Or if you just always wanted to download all mails, again a virtual mailbox and FETCH 1:* BODY.PEEK[] gives you all mails. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Men never make passes at girls wearing glasses. -- Dorothy Parker
Re: [Dovecot] virtual plugin and ACL
On Fri, 07 Aug 2009 15:23:32 -0400 Timo Sirainen t...@iki.fi wrote: That's because in private namespaces user owns the mails, and authenticated doesn't reduce the user's privileges. You could use owner instead. Also I don't think you should use ACLs at all here. It's easier and more secure to just make /var/mail/virtual non-writable to imap process. For example change file/dir owners to root and make them world-readable. Thank you, Timo. Both variants are working fine for me.
[Dovecot] inconsistency with expire-tool and expire dict
Hi! Here is the problem: passdb: daniell:*::user=daniell2 userdb: daniell2::uid:gid:gecos:home:: dovecot.conf: plugin { expire = SA.* 1 # (There are SA.HAM and SA.SPAM directories) } When copying a message to eg. the SA.HAM directory, then dovecot inserts this into my expires table: dovecot=# select * from expires ; username | mailbox | expire_stamp -+-+-- daniell | SA.HAM | 1249976454 ^^^ wrong username This causes an error when running expire-tool (after changing expire_stamp): # /usr/local/sbin/dovecot --exec-mail ext /usr/local/libexec/dovecot/expire- tool --test Info: User lookup failed: daniell Info: daniell/SA.HAM: no messages left If I change the username field in the expires table... : # UPDATE expires SET username = 'daniell2'; UPDATE 1 ... expire-tool is fine: # /usr/local/sbin/dovecot --exec-mail ext /usr/local/libexec/dovecot/expire- tool --test Info: daniell2/SA.HAM: timestamp 1249880093 (Mon Aug 10 06:54:53 2009) - 1249976454 (Tue Aug 11 09:40:54 2009) Daniel -- LÉVAI Dániel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
Re: [Dovecot] Released Sieve v0.1.11 and ManageSieve v0.11.8 for Dovecot v1.2.3
Michal Hlavinka wrote: Hello Dovecot users, Hi, Have fun testing the new releases and don't hesitate to notify me when there are problems. build process for Sieve fails when --with-unfinished-features option is set: ... make[2]: Entering directory `/home/mihl/myroot/job/cvsf/dovecot/devel/dovecot-1.2.3/dovecot-1.2- sieve-0.1.11' make[2]: *** No rule to make target `doc/man/sieve-filter.1', needed by `all- am'. Stop. Fixed: http://hg.rename-it.nl/dovecot-1.2-sieve/rev/03cb0e6d4a35 Regards, Stephan
Re: [Dovecot] Listing shared mailboxes with a domainpart
Hy! Am Freitag, den 07.08.2009, 14:13 -0400 schrieb Timo Sirainen: On Fri, 2009-08-07 at 13:29 +0200, Mathias Tausig wrote: I am currently configuring a new mailserver using postfix and dovecot 1.2.1. The filesystem strucutre in my spool directory is user1/ user2/ domain/info/ domain/office/ I configured a shared namespace: namespace shared { separator = / prefix = shared/%%d/%%n/ location = maildir:/var/spool/vmaildir/%%d/%%n/ I don't think you should use a shared namespace for this. You just want everything in domain/ to be shared to users in that domain? Not neccesarily everything. I want to be able to share i...@domain to user1 and off...@domain to user2. Do you have multiple domains? Yes. Do user1 and user2 contain @domain? No. They can receive mails under various domains which are aggregated into one domainless account. [...] If that doesn't do what you want, explain more clearly what you need. I hope I was able to clarify my (desired) setup now. Thanks for trying to help me. cheers Mathias
Re: [Dovecot] Mail not begin processed
Thank you for the response postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 header_checks = regexp:/etc/postfix/header_checks html_directory = no inet_interfaces = all local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man mydestination = localhost mydomain = paranoidandroid.co.za myhostname = mail.paranoidandroid.co.za mynetworks_style = host myorigin = $myhostname newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_recipient_limit = 500 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf virtual_mailbox_base = / virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf virtual_transport = dovecot master.cf: -- pickupfifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scacheunix - - n - 1 scache dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} Many thanx Timo Sirainen wrote: On Sat, 2009-08-08 at 14:57 +0200, André Labuschagné wrote: Aug 8 14:55:02 li73-31 postfix/qmgr[20163]: warning: connect to transport private/dovecot: Connection refused What does master.cf contain? Or postconf -n? This is anyway Postfix configuration problem, nothing really to do with Dovecot (your transport name just happens to be dovecot).
Re: [Dovecot] GSSAPI Authentication in v1.2.1
Phillip Macey wrote: In the release notes for v1.2.2, Timo said: Found and fixes several v1.2-specific bugs. Hopefully it's now stable for most people's usage. * GSSAPI: More changes to authentication. Hopefully good now. What were the GSSAPI changes? I am having problems with _some_ of my users using GSSAPI auth. I am using version 1.2.1. The client (thunderbird) reports that the server does not support 'secure authentication'. When I switch on auth_debug in dovecot, I see errors such as these in the logs: Aug 3 16:45:57 fury dovecot: auth(default): client in: AUTH1 GSSAPI service=imaplip=10.1.0.20 rip=10.8.5.72 lport=143 rport=4027 Aug 3 16:45:57 fury dovecot: auth(default): gssapi(?,10.8.5.72): Using all keytab entries Aug 3 16:45:57 fury dovecot: auth(default): client out: CONT 1 Aug 3 16:45:57 fury dovecot: imap-login: Disconnected: Input buffer full (auth failed, 1 attempts): method=GSSAPI, rip=10.8.5.72, lip=10.1.0.20 Other users work perfectly (eg. all of the user accounts I tested against). Would this have been a bug that was fixed in 1.2.2 or is it something else? If it is most likely something else, I will post `dovecot -n`. Same here (1.2.3), it's been working fine adding all possible principals to the keytab and setting: auth_gssapi_hostname = $ALL There are all sorts of resolvers out there that seem to mess with principal name selection on the clients all the time. Weird thing is this particular one didn't happen with 1.1.x -- Angel Marin http://anmar.eu.org/
Re: [Dovecot] sieve vacation response
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 7 Aug 2009, Timo Sirainen wrote: On Fri, 2009-08-07 at 20:26 +0200, Jure Pečar wrote: On Fri, 07 Aug 2009 13:57:57 -0400 Timo Sirainen t...@iki.fi wrote: Currently, you need to add all allowed aliases to the :addresses argument of the vacation command. My TODO list contains a new feature that lets you extract additional valid aliases directly from a dictionary (e.g. an SQL database). It is not at the top of my TODO list yet, but since you are not the only one needing this, I'll give it some more priority. I don't think the above really needs a dict? Rather maybe there's a way to have the script check the original unexpanded address. Is it stored in some specific header, or how would Dovecot/Sieve know about it? I agree - for example, we have X-Original-To. I'll suggest our team to match against that header. What about Delivered-To? Not all MTAs add this header, e.g. stock sendmail. In case of a stock sendmail installation there is _no_ evidence of the RCPT TOs at all, if there is not exactly one recipient. I would re-raise my suggestion to have: localPart -or- localp...@* matches any domain or - if I just read it, I prefer this - an admin-defined list of domains. This would at least won't require a dict and will fail, if one hosts at least two distinct domains and a mail is sent to localp...@example.com explicitly, but localp...@example.net implicitly (same local part, domain clash). Moreover, locally I have users, who do selectivly pick particular (recipient) domains, which to respond to, whereas others want that it just works. To trigger to fetch aliases from the dict should be controllable by each user, e.g. an empty :addresses list or a * in the list pulls the default from there or something like that. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSn/f0nWSIuGy1ktrAQJYxwf/eMrxbmKcxbAUphVjzMh7Nit6GuTEi2+W 3zdX3cOIxl8IZrSZWD+cxlS27AYrbwKBy2g5nL6v6fuwO+a24mfmgYbzzsPJxpvl zexldhqiEzlqtikuEUcMv0FBMqI9DJIIWTueENsN9PH0/GtfVk0gY0erbi2MW7I7 mwD9xbMvN2wnkG4Fe2bBcLBaneP0E2QJBZ3sniDfAIkrjdjrnmJbkWLRIOX3zleV WuXd343vmQ8JRYPriSpLqdBhmBCLJA/lyMGLJI3VrzFDxR/pGhCROoaRNydxEzmH p+tLTdiDHuFc3bmqI/iedTOicSUjM+PuHxIXMI8RhgDaioGaEKapiw== =8Ftl -END PGP SIGNATURE-
[Dovecot] getmail and Dovecot LDA deliver
Hello, my first post in this list. Hope it's the right place.:-) I'm having a problem running getmail together with Dovecot LDA for virtual users. To achive this I let getmail run under the user that owns the virtual email accounts-root. The problem is that getmail is running under the user vmail and therefore the emails received will be put into vmail's mailbox. But the emails getmail collected are actually for a virtual Dovecot user which has its maildir in a subdirectory of vmails home. The settings for the virtual users seem to be okay: I can login on Dovecot with virtual user account and I can send emails to Postfix for the virtual user. Postfix correctly uses devlier with the name of the virtual user and so the emails are going to the correct directory. For me it seems that getmail always uses the username under which getmail is currently running. As this must be a local user, getmails always announces this local user to deliver and deliver therefore puts the emails into the wrong account. My question is: How do I let deliver know that it should use a virtual user? I tried with the -d agrument in my getmail rc File, but deliver never accepts the parameter -d (always says unknown parameter -d). I tried as well to let getmail or deliver to be run as root, but then the emails will be delivered to roots home, which is not the goal too... Does anyone know a way how I can set getmail to handle emails for a virtual account properly? Any hint is appreciated as it already costed me hours of try-and-error Regards tobi -- View this message in context: http://www.nabble.com/getmail-and-Dovecot-LDA-deliver-tp24896318p24896318.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] getmail and Dovecot LDA deliver
On Aug 10, 2009, at 4:50 AM, spacejam wrote: My question is: How do I let deliver know that it should use a virtual user? I tried with the -d agrument in my getmail rc File, but deliver never accepts the parameter -d (always says unknown parameter -d). Either you're using some really ancient deliver version or the error message comes from getmail or something else besides deliver. So, what Dovecot version do you use? And also copypaste the exact error message (and maybe other messages too) that you get. And the getmailrc could help too.
Re: [Dovecot] getmail and Dovecot LDA deliver
Timo Sirainen wrote: On Aug 10, 2009, at 4:50 AM, spacejam wrote: My question is: How do I let deliver know that it should use a virtual user? I tried with the -d agrument in my getmail rc File, but deliver never accepts the parameter -d (always says unknown parameter -d). Either you're using some really ancient deliver version or the error message comes from getmail or something else besides deliver. So, what Dovecot version do you use? And also copypaste the exact error message (and maybe other messages too) that you get. And the getmailrc could help too. I compiled deliver from Dovecot-1.0.15 The -d parameter is accepted by deliver if Postfix invokes the mailbox_command to deliver emails to virtual accounts. The error message from deliver is something like deliver unknown argument -d username (I will check the exact message this evening after work). As well I will post the content of the destination section from my rc file which tries so invoke deliver for mail delivery to virtual account. I'm pretty sure that the error message comes from deliver as the program name (deliver) is mentioned in the logfiles with the error message -- View this message in context: http://www.nabble.com/getmail-and-Dovecot-LDA-deliver-tp24896318p24896701.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] Mail archive
ferna...@dfcom.com.br schrieb: Hi, I´m using dovecot at our storages, accounts is distributed among many storages (not entire domain), all of them with compression (when message 30Kb), nightly crontab script. Even though compression and many storages, we always have problems with disk space and need to migrate accounts. Have you ever implemented any archive solution working with dovecot ? Regards, Fernando you might give more info what kind of archive you exactly mean meanwhile study http://wiki.dovecot.org/HowTo/ReadOnlyArchive http://wiki.dovecot.org/Plugins/Zlib http://wiki.dovecot.org/Plugins/Expire Alternative dbox directory expiration -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] Mail archive
I would like 'some process' to store old mails at a cheap storage. I know how to do it with symlinks, but I don´t know if it is the best option. So, I´m asking if dovecot improves it somehow. Fernando fernando at dfcom.com.br schrieb: Hi, I´m using dovecot at our storages, accounts is distributed among many storages (not entire domain), all of them with compression (when message 30Kb), nightly crontab script. Even though compression and many storages, we always have problems with disk space and need to migrate accounts. Have you ever implemented any archive solution working with dovecot ? Regards, Fernando you might give more info what kind of archive you exactly mean meanwhile study http://wiki.dovecot.org/HowTo/ReadOnlyArchive http://wiki.dovecot.org/Plugins/Zlib http://wiki.dovecot.org/Plugins/Expire Alternative dbox directory expiration -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] Mail archive
ferna...@dfcom.com.br schrieb: I would like 'some process' to store old mails at a cheap storage. I know how to do it with symlinks, but I don´t know if it is the best option. So, I´m asking if dovecot improves it somehow. have you read ? http://wiki.dovecot.org/Plugins/Expire Alternative dbox directory expiration Fernando fernando at dfcom.com.br schrieb: Hi, I´m using dovecot at our storages, accounts is distributed among many storages (not entire domain), all of them with compression (when message 30Kb), nightly crontab script. Even though compression and many storages, we always have problems with disk space and need to migrate accounts. Have you ever implemented any archive solution working with dovecot ? Regards, Fernando you might give more info what kind of archive you exactly mean meanwhile study http://wiki.dovecot.org/HowTo/ReadOnlyArchive http://wiki.dovecot.org/Plugins/Zlib http://wiki.dovecot.org/Plugins/Expire Alternative dbox directory expiration -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] expire plugin no delete 1.2.1 / 1.2.2 / 1.2.3
Robert Schetterer schrieb: Timo Sirainen schrieb: On Tue, 2009-08-04 at 10:22 +0200, Robert Schetterer wrote: Info: maildir: data=/usr/local/virtual//root/:CONTROL=/usr/local/virtual//root/:INDEX=/usr/local/virtual//root/:INBOX=/usr/local/virtual//root/ Oh, right, this is the problem. You can't use %variables in mail_location setting. They get expanded too early. Since you're returning home anyway, use: mail_location = maildir:~/ HI Timo, ok i try this and report Hi, Timo sorry to say setting mail_location = maildir:~/ does not change anything mail is still not deleted, latest test were with 1.2.3 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] expire plugin no delete 1.2.1 / 1.2.2 / 1.2.3
On Aug 10, 2009, at 11:17 AM, Robert Schetterer wrote: Info: maildir: data=/usr/local/virtual//root/:CONTROL=/usr/local/virtual// root/:INDEX=/usr/local/virtual//root/:INBOX=/usr/local/virtual// root/ .. setting mail_location = maildir:~/ does not change anything mail is still not deleted, latest test were with 1.2.3 What does it log now?
Re: [Dovecot] rename() non-atomic on HFS? (was: Dovecot-1.1.15 panics)
On Aug 10, 2009, at 8:59 AM, Edgar Fuß wrote: [...] mv foo.tmp foo [...] [...] So, apparently HFS+'s rename() isn't really atomic after all.. Are you sure OS X's mv(1) simply calls rename(2)? Maybe some magic in mv(1) for ._xxx resource forks or directory hardlinks? I also wrote a C program that used rename() to verify it. Anyway, I heard it was also verified by Apple's HFS+ people.
Re: [Dovecot] getmail and Dovecot LDA deliver
Robert Schetterer wrote: just as an idea it may work using postfix sendmail [destination] type = MDA_external path = /path/to/sendmail ( parameters ) That was the idea. First I tried to use getmail_fetch which allows to specify a virtual username on the command line. It received the emails and put them into the virtual users Maildir. But with getmail_fetch I could not see to integrate the email received into Spamassassins scannig process. So the idea with sendmail was just the one which works as wished. So my rc File (dest part) looks like that [destination] type = MDA_external path = /usr/syno/mailstation/sbin/sendmail arguments = (vu...@virtual-domain.tld,) I know that I should update the dovecot as well but my system is a NAS system. And as I use this system for my email accounts I don't want to risk to update the dovecot. But next week I will receive a second NAS server which I will use for backups. But before I will try to install an up-to-date Dovecot-Version and see if everything works fine with the firmware from the manufactor. Best regards tobi -- View this message in context: http://www.nabble.com/getmail-and-Dovecot-LDA-deliver-tp24896318p24903371.html Sent from the Dovecot mailing list archive at Nabble.com.
[Dovecot] v2.0 configuration parsing
I'm trying to figure out how exactly v2.0 should be parsing configuration files. The most annoying part is if it should always just use whatever comes first in config or try some kind of a use most specific rule. The most specific kind of makes more sense initially, but then you start wondering how to handle e.g.: 1) User logs in to imap from 192.168.0.1. What is foo's value? protocol imap { remote_ip 192.168.0.0/16 { foo = foo } } remote_ip 192.168.0.0/24 { foo = bar } 2) User logs in from 192.168.0.1 to 10.1.2.3. What is foo's value? local_ip 192.168.0.1 { remote_ip 10.1.2.0/24 { foo = foo } } remote_ip 10.1.2.3 { local_ip 192.168.0.0/24 { foo = bar } } Any thoughts? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v2.0 configuration parsing
Timo Sirainen wrote: I'm trying to figure out how exactly v2.0 should be parsing configuration files. The most annoying part is if it should always just use whatever comes first in config or try some kind of a use most specific rule. The most specific kind of makes more sense initially, but then you start wondering how to handle e.g.: 1) User logs in to imap from 192.168.0.1. What is foo's value? protocol imap { remote_ip 192.168.0.0/16 { foo = foo } } remote_ip 192.168.0.0/24 { foo = bar } 2) User logs in from 192.168.0.1 to 10.1.2.3. What is foo's value? local_ip 192.168.0.1 { remote_ip 10.1.2.0/24 { foo = foo } } remote_ip 10.1.2.3 { local_ip 192.168.0.0/24 { foo = bar } } Any thoughts? I think the easiest scheme to keep in my brain would be to evaluate the blocks, in order, as if they were branches in code. Fooling around with an arbitrary order of evaluation/specificity would be a recipe for disaster (see, for example, any CSS engine). So, something like, protocol imap { remote_ip 192.168.0.0/16 { foo = foo } } would translate to, if (protocol == imap) { if (remote_ip matches 192.168.0.0/16) { foo = foo } } and then later, remote_ip 192.168.0.0/24 { foo = bar } would set the value of 'foo' to 'bar', since it would evaluate in a similar fashion, and comes later in the config file. It's easy to explain, easy to implement, and easy to debug. Ultimately, the users are going to have to understand how it works in order to configure Dovecot properly. Put the most general rules first, and then override them is a practice with which most of us are already familiar.
Re: [Dovecot] v2.0 configuration parsing
Hi Timo, What's your thought on the 'precedence order' (hope it make sense), on protocol, remote_ip, local_ip? From your sample 1, it would read equals (to most technical people) to protocol imap { remote_ip 192.168.0.0/16 { foo = foo } } protocol ALL { remote_ip 192.168.0.0/24 { foo = bar } } If follow this syntax, sample 1's answer would be foo = foo, assuming specific rules overwrite general rules, and assuming protocol is the first order. Sample 2 is tough, that's why I asked what's your thought on precedence order. Restricting syntax to only remote before local (or vice versa) should resolve it. Joseph On 10-Aug-09, at 1:57 PM, Timo Sirainen wrote: I'm trying to figure out how exactly v2.0 should be parsing configuration files. The most annoying part is if it should always just use whatever comes first in config or try some kind of a use most specific rule. The most specific kind of makes more sense initially, but then you start wondering how to handle e.g.: 1) User logs in to imap from 192.168.0.1. What is foo's value? protocol imap { remote_ip 192.168.0.0/16 { foo = foo } } remote_ip 192.168.0.0/24 { foo = bar } 2) User logs in from 192.168.0.1 to 10.1.2.3. What is foo's value? local_ip 192.168.0.1 { remote_ip 10.1.2.0/24 { foo = foo } } remote_ip 10.1.2.3 { local_ip 192.168.0.0/24 { foo = bar } } Any thoughts?
Re: [Dovecot] v2.0 configuration parsing
On Aug 10, 2009, at 11:57 AM, Timo Sirainen wrote: I'm trying to figure out how exactly v2.0 should be parsing configuration files. The most annoying part is if it should always just use whatever comes first in config or try some kind of a use most specific rule. The most specific kind of makes more sense initially, but then you start wondering how to handle e.g.: 1) User logs in to imap from 192.168.0.1. What is foo's value? protocol imap { remote_ip 192.168.0.0/16 { foo = foo } } remote_ip 192.168.0.0/24 { foo = bar } 2) User logs in from 192.168.0.1 to 10.1.2.3. What is foo's value? local_ip 192.168.0.1 { remote_ip 10.1.2.0/24 { foo = foo } } remote_ip 10.1.2.3 { local_ip 192.168.0.0/24 { foo = bar } } Any thoughts? Figure out that they intersect and return an error! Aria Stewart aredri...@nbtsc.org
Re: [Dovecot] More effective mailbox fetching over high RTT link
On Sun, 09 Aug 2009 22:20:41 +0200 Andrzej Adam Filip andrzej.fi...@gmail.com wrote: Could you offer some suggestion how to fetch mailbox content over high RTT link (with negligible packet loss)? Currently I use IMAP+IDLE *but* it fails to use full available bandwidth due to high RTT and send command wait for response nature of POP3 and IMAP4 protocols. The entire purpose of the command tag in IMAP is to facilitate batching or concurrent commands. See RFC3501 section 5.5. It shouldn't be too difficult to batch requests for new messages, or even select all the new messages in one request for a single folder. -- Ben Winslow r...@bluecherry.net
Re: [Dovecot] v2.0 configuration parsing
Timo Sirainen wrote: I'm trying to figure out how exactly v2.0 should be parsing configuration files. The most annoying part is if it should always just use whatever comes first in config or try some kind of a use most specific rule. The most specific kind of makes more sense initially, but then you start wondering how to handle e.g.: 1) User logs in to imap from 192.168.0.1. What is foo's value? protocol imap { remote_ip 192.168.0.0/16 { foo = foo } } remote_ip 192.168.0.0/24 { foo = bar } make it protocols { imap { remote_ip x/16 { foo = foo } } all { remote_ip x/24 { foo = bar } } } 2) User logs in from 192.168.0.1 to 10.1.2.3. What is foo's value? local_ip 192.168.0.1 { remote_ip 10.1.2.0/24 { foo = foo } } remote_ip 10.1.2.3 { local_ip 192.168.0.0/24 { foo = bar } } I'd strongly suggest to use the same approach as firewalls (or exim): first match wins. I love exim because I can configure it much like my firewalls routers, and the fall through until something matches syntax that most firewalls/ACLs use is well-understood flexible. Kind regards, Felix -- Felix Schüren Head of Network --- Host Europe GmbH - http://www.hosteurope.de Welserstraße 14 - 51149 Köln - Germany Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*) HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678 Geschäftsführer: Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller (*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
Re: [Dovecot] v2.0 configuration parsing
On Mon, 2009-08-10 at 14:33 -0400, Joseph Yee wrote: Hi Timo, What's your thought on the 'precedence order' (hope it make sense), on protocol, remote_ip, local_ip? I'm not sure if there is one. Sample 2 is tough, that's why I asked what's your thought on precedence order. Restricting syntax to only remote before local (or vice versa) should resolve it. Actually I don't think it would really solve much either. local_ip 192.168.0.1 { remote_ip 10.1.2.0/24 { foo = foo } } remote_ip 10.1.2.3 { local_ip 192.168.0.0/24 { foo = bar } } You could write this as: local_ip 192.168.0.1 { remote_ip 10.1.2.0/24 { foo = foo } } local_ip 192.168.0.0/24 { remote_ip 10.1.2.3 { foo = bar } } You'd still have to decide if local_ip is more important than remote_ip, or if it should just be done in order and it should always use either first or last. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v2.0 configuration parsing
On Mon, 2009-08-10 at 20:47 +0200, Felix Schueren wrote: make it protocols { imap { remote_ip x/16 { foo = foo } } all { remote_ip x/24 { foo = bar } } } That's just a syntax change. The question is still about if it should match the first one or the most specific one. I'd strongly suggest to use the same approach as firewalls (or exim): first match wins. I love exim because I can configure it much like my firewalls routers, and the fall through until something matches syntax that most firewalls/ACLs use is well-understood flexible. Yeah, I'm beginning to think something like this would be good, with perhaps some restrictions in how the configuration blocks could be used. But is it better to use the first or the last match?.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v2.0 configuration parsing
Timo Sirainen wrote: On Mon, 2009-08-10 at 20:47 +0200, Felix Schueren wrote: make it protocols { imap { remote_ip x/16 { foo = foo } } all { remote_ip x/24 { foo = bar } } } That's just a syntax change. The question is still about if it should match the first one or the most specific one. I'd strongly suggest to use the same approach as firewalls (or exim): first match wins. I love exim because I can configure it much like my firewalls routers, and the fall through until something matches syntax that most firewalls/ACLs use is well-understood flexible. Yeah, I'm beginning to think something like this would be good, with perhaps some restrictions in how the configuration blocks could be used. But is it better to use the first or the last match?.. If at all possible, I would much rather see an error thrown than choosing which one to accept. To me, having Dovecot tolerate broken configurations is less desirable than giving clear feedback for the user to fix it. Anything from: foo is defined more than once overlapping ip declarations remote_ip declaration in protocol imap conflicts with remote_ip declaration in protocol all I suppose if you really want to tolerate the brokenness - at least include the error as a logged warning. -- Daniel
Re: [Dovecot] v2.0 configuration parsing
On Mon, 2009-08-10 at 12:09 -0700, Daniel L. Miller wrote: If at all possible, I would much rather see an error thrown than choosing which one to accept. To me, having Dovecot tolerate broken configurations is less desirable than giving clear feedback for the user to fix it. Anything from: foo is defined more than once overlapping ip declarations remote_ip declaration in protocol imap conflicts with remote_ip declaration in protocol all It's not necessarily a broken configuration. For example you could have: disable_plaintext_auth = yes # default also remote_ip 192.168.0.0/16 { # allow plaintext auth from intranet disable_plaintext_auth = no } That's an ok configuration, right? But then again, maybe one of those IPs is a proxy to outside world and you don't want plaintext auth from there: remote_ip 192.168.123.44 { disable_plaintext_auth = yes } But I guess if there truly are some conflicts it could warn about them .. although that might be more work than it's worth. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v2.0 configuration parsing
Timo Sirainen wrote: On Mon, 2009-08-10 at 12:09 -0700, Daniel L. Miller wrote: If at all possible, I would much rather see an error thrown than choosing which one to accept. To me, having Dovecot tolerate broken configurations is less desirable than giving clear feedback for the user to fix it. Anything from: foo is defined more than once overlapping ip declarations remote_ip declaration in protocol imap conflicts with remote_ip declaration in protocol all It's not necessarily a broken configuration. For example you could have: disable_plaintext_auth = yes # default also remote_ip 192.168.0.0/16 { # allow plaintext auth from intranet disable_plaintext_auth = no } That's an ok configuration, right? But then again, maybe one of those IPs is a proxy to outside world and you don't want plaintext auth from there: remote_ip 192.168.123.44 { disable_plaintext_auth = yes } But I guess if there truly are some conflicts it could warn about them .. although that might be more work than it's worth. :) Well - if those are not broken configs, then I guess I misunderstood the question. I would expect the most restrictive test to govern, so: remote_ip 192.168.0.0/16 { # allow plaintext auth from intranet disable_plaintext_auth = no } remote_ip 192.168.10.0/8 { # allow plaintext auth from intranet disable_plaintext_auth = yes } remote_ip 192.168.0.1 { # allow plaintext auth from intranet disable_plaintext_auth = no } connecting from 192.168.0.1 should result in disable_plaintext_auth = no. -- Daniel-5276
Re: [Dovecot] More effective mailbox fetching over high RTT link
Ben Winslow r...@bluecherry.net wrote: On Sun, 09 Aug 2009 22:20:41 +0200 Andrzej Adam Filip andrzej.fi...@gmail.com wrote: Could you offer some suggestion how to fetch mailbox content over high RTT link (with negligible packet loss)? Currently I use IMAP+IDLE *but* it fails to use full available bandwidth due to high RTT and send command wait for response nature of POP3 and IMAP4 protocols. The entire purpose of the command tag in IMAP is to facilitate batching or concurrent commands. See RFC3501 section 5.5. It shouldn't be too difficult to batch requests for new messages, or even select all the new messages in one request for a single folder. Could you recommend tool/client program capable to use IMAP pipelining? -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Virtue does not always demand a heavy sacrifice -- only the willingness to make it when necessary. -- Frederick Dunn
Re: [Dovecot] v2.0 configuration parsing
On 8/10/2009, Timo Sirainen (t...@iki.fi) wrote: Yeah, I'm beginning to think something like this would be good, with perhaps some restrictions in how the configuration blocks could be used. But is it better to use the first or the last match? For a filter (like a firewall), it makes sense to have the first match win. For config stuff, I think the LAST should win... at least, thats how postfix works... Or maybe even better, if you have the same setting defined twice, you could also detect this and issue a warning, like you do now for fd's set too low... -- Best regards, Charles
Re: [Dovecot] v2.0 configuration parsing
On 8/10/2009, Michael Orlitzky (mich...@orlitzky.com) wrote: It's easy to explain, easy to implement, and easy to debug. Ultimately, the users are going to have to understand how it works in order to configure Dovecot properly. Put the most general rules first, and then override them is a practice with which most of us are already familiar. One thing I'd like is to sort the simple one line foo = bar settings first (before the blocks) - in alphabetcial order. If it makes more sense to keep the blocks in a specific order, thats fine, otherwise you could alphabetize them too. Right now, if you have a lot of settings, finding any particular setting (ie, when troubleshooting) is much more difficult than it should be, especially for someone new to dovecot. -- Best regards, Charles
Re: [Dovecot] expire plugin no delete 1.2.1 / 1.2.2 / 1.2.3
Timo Sirainen schrieb: On Mon, 2009-08-10 at 20:04 +0200, Robert Schetterer wrote: as far i remember there was root .. yes of course i am having variables in namespaces i think i need them for my setup expire-tool is currently incompatible with variables anywhere. v2.0 fixes this, but with v1.x you can't use them. namespace private { separator = / prefix = location = maildir:/usr/local/virtual/%d/%u/:CONTROL=/usr/local/virtual/%d/%u/:INDEX=/usr/local/virtual/%d/%u/:INBOX=/usr/local/virtual/$ location = maildir:~/ should work here just fine. All of your directories point to the same one, so there's no need to specify them separately. list = yes hidden = no subscriptions = yes } namespace private { prefix = virtual/ separator = / location = virtual:/etc/dovecot/virtual:LAYOUT=maildir++ This is ok as it is. hidden = yes list = no subscriptions= no } namespace private { prefix = RealMails/ separator = / list = no hidden = yes location = maildir:/usr/local/virtual/%d/%u/:CONTROL=/usr/local/virtual/%d/%u/:INDEX=/usr/local/virtual/%d/%u/:INBOX=/usr/local/virtual/$ } Here again it's the same. Actually you should just remove the location setting from both RealMails/ and namespaces, so it'll just default to mail_location setting. only in the first default namespace, changing others may crash with pop3 downloading special imap folders As long as home points to the right directory there shouldn't be any problems. ok i ll try, and report -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] v2.0 configuration parsing
On 8/10/2009, Charles Marcus (cmar...@media-brokers.com) wrote: One thing I'd like is to sort the simple one line foo = bar settings first (before the blocks) - in alphabetcial order. Of course, I meant with respect to doveconf -n output... or did you decide yet on the new command(s)? -- Best regards, Charles
Re: [Dovecot] v2.0 configuration parsing
Daniel L. Miller wrote: Timo Sirainen wrote: On Mon, 2009-08-10 at 12:09 -0700, Daniel L. Miller wrote: If at all possible, I would much rather see an error thrown than choosing which one to accept. To me, having Dovecot tolerate broken configurations is less desirable than giving clear feedback for the user to fix it. Anything from: foo is defined more than once overlapping ip declarations remote_ip declaration in protocol imap conflicts with remote_ip declaration in protocol all It's not necessarily a broken configuration. For example you could have: disable_plaintext_auth = yes # default also remote_ip 192.168.0.0/16 { # allow plaintext auth from intranet disable_plaintext_auth = no } That's an ok configuration, right? But then again, maybe one of those IPs is a proxy to outside world and you don't want plaintext auth from there: remote_ip 192.168.123.44 { disable_plaintext_auth = yes } But I guess if there truly are some conflicts it could warn about them .. although that might be more work than it's worth. :) Well - if those are not broken configs, then I guess I misunderstood the question. I would expect the most restrictive test to govern, so: remote_ip 192.168.0.0/16 { # allow plaintext auth from intranet disable_plaintext_auth = no } remote_ip 192.168.10.0/8 { # allow plaintext auth from intranet disable_plaintext_auth = yes } remote_ip 192.168.0.1 { # allow plaintext auth from intranet disable_plaintext_auth = no } connecting from 192.168.0.1 should result in disable_plaintext_auth = no. I agree - however, it makes the config harder to read, and you pretty much need something like dovecotctl -acl -dump or an equivalent to netstat -r or iptables -L to display them in the correct order if the ruleset becomes complex. By using a first-match wins syntax, you make the actual config file much simpler to read, as it maps to the running process. kind regards, Felix -- Felix Schüren Head of Network --- Host Europe GmbH - http://www.hosteurope.de Welserstraße 14 - 51149 Köln - Germany Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*) HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678 Geschäftsführer: Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller (*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
Re: [Dovecot] Scalability plans: Abstract out filesystem and make it someone else's problem
Timo Sirainen wrote: This is something I figured out a few months ago, mainly because this one guy at work (hi, Stu) kept telling me my multi-master replication plan sucked and we should use some existing scalable database. (I guess it didn't go exactly like that, but that's the result anyway.) Ick, some people (myself included) hate the idea of storing mail in a database versus simple and almost impossible to screw up plain text files of maildir. Cyrus already does the whole mail-in-database thing. ~Seth
Re: [Dovecot] Scalability plans: Abstract out filesystem and make it someone else's problem
On Mon, 2009-08-10 at 14:33 -0700, Seth Mattinen wrote: Timo Sirainen wrote: This is something I figured out a few months ago, mainly because this one guy at work (hi, Stu) kept telling me my multi-master replication plan sucked and we should use some existing scalable database. (I guess it didn't go exactly like that, but that's the result anyway.) Ick, some people (myself included) hate the idea of storing mail in a database versus simple and almost impossible to screw up plain text files of maildir. Nothing forces you to switch from maildir, if you're happy with it :) But if you want to support millions of users, it's simpler to distribute the storage and disk I/O evenly across hundreds of servers using a database that was designed for it. And by databases I mean here some of those key/value-like databases, not SQL. (What's a good collective name for those dbs anyway? BASE and NoSQL are a couple names I've seen.) Cyrus already does the whole mail-in-database thing. No, Cyrus's mail database is very similar to how Dovecot works. Both have somewhat similar index files, both store one mail/file (with dbox/maildir). But Cyrus then also has some additional databases that screw up things.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v2.0 configuration parsing
On Mon, 2009-08-10 at 13:57 -0400, Timo Sirainen wrote: I'm trying to figure out how exactly v2.0 should be parsing configuration files. The most annoying part is if it should always just use whatever comes first in config or try some kind of a use most specific rule. I think it's possible to do both: Use the most specific rule, but if it's also not the first rule, it's a broken configuration and it'll fail. If there are ambiguity in specificity, it's also an error. (I'm also wondering about if it should be the first rule. Somehow to me it comes more naturally that last settings always override previous settings. If we really want to make first settings come first, then the default settings must be at the bottom of dovecot.conf, or they'd need some exception.) Require the nesting to be in order: local_ip { remote_ip { protocol {} } } Any of the levels could be dropped out, but the ordering couldn't be switched. Then we'll basically require that more specific blocks need to be before less specific blocks, or the configuration reading will fail. (Or vice versa? It somehow seems more natural to me..) The block specificity is determined by the nesting order. 1) Simple example: # allow plaintext auth from intranet, except from .123.1 remote_ip 192.168.123.1 { disable_plaintext_auth = yes } remote_ip 192.168.0.0/16 { disable_plaintext_auth = no } disable_plaintext_auth = yes If the remote_ip blocks were switched, it would give an error. 2) More complex example: Client connecting 192.168.0.1 - 10.1.2.3. # this first match is used local_ip 192.168.0.1/31 { remote_ip 10.1.2.0/24 { foo = foo } } # ok, exact match (handle the same as duplicate settings in root, # maybe optionally give a warning about them) local_ip 192.168.0.1/31 { remote_ip 10.1.2.0/24 { foo = foo2 } } # error, local_ip more specific local_ip 192.168.0.1 { foo = xx } # ok, local_ip less specific, remote_ip less specific local_ip 192.168.0.0/16 { remote_ip 10.1.2.0/23 { foo = bar } } # error, remote_ip more or equal specific local_ip 192.168.0.0/16 { remote_ip 10.1.2.3 { foo = baz1 } remote_ip 10.1.2.0/24 { foo = baz2 } } # error, protocol more specific local_ip 192.168.0.0/16 { protocol imap { foo = x } } signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v2.0 configuration parsing
On Mon, 2009-08-10 at 17:59 -0400, Timo Sirainen wrote: (I'm also wondering about if it should be the first rule. Somehow to me I think first rule match is best approach, as someone else pointed out, its how many things that most people here would work with daily work, be it a server daemon configuration, iptables, or Cisco routers. The only exceptions that I can think of immediately is Apache, ircu, and DNews where last (entered in order) matching rule wins. Noel
Re: [Dovecot] v2.0 configuration parsing
On Tue, 2009-08-11 at 09:20 +1000, Noel Butler wrote: On Mon, 2009-08-10 at 17:59 -0400, Timo Sirainen wrote: (I'm also wondering about if it should be the first rule. Somehow to me I think first rule match is best approach, as someone else pointed out, its how many things that most people here would work with daily work, be it a server daemon configuration, iptables, or Cisco routers. Can you give me some other examples than firewalls or routing? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v2.0 configuration parsing
On Mon, 2009-08-10 at 19:28 -0400, Timo Sirainen wrote: On Tue, 2009-08-11 at 09:20 +1000, Noel Butler wrote: On Mon, 2009-08-10 at 17:59 -0400, Timo Sirainen wrote: (I'm also wondering about if it should be the first rule. Somehow to me I think first rule match is best approach, as someone else pointed out, its how many things that most people here would work with daily work, be it a server daemon configuration, iptables, or Cisco routers. Can you give me some other examples than firewalls or routing? Postfix, (and as mentioned by another poster Exim never used it myself tho), and I think Sendmail as well, MailScanner, and I was wrong about Apache, first vhost matches (I just threw an alias into a 3 vhosts and it went to the first matching vhost) Noel
[Dovecot] QUOTA not appearing in CAPA
Hi, ok, I've compiled it a few times, and made sure all of my settings are correct, but the QUOTA is not appearing in the opening CAPA that comes with the greeting. I have it configured in the dovecot.conf like so: protocol imap { mail_plugins = quota imap_quota } and I can see when turning debugging on that the following is spit out when starting : Starting DovecotILoading modules from directory: /usr/local/lib/dovecot/imap IModule loaded: /usr/local/lib/dovecot/imap/lib10_quota_plugin.so IModule loaded: /usr/local/lib/dovecot/imap/lib11_imap_quota_plugin.so IEffective uid=65534, gid=65534, home=/tmp IQuota root: name= backend=maildir args= IEffective uid=65534, gid=65534, home=/tmp and then I see the following in the dovecot logs : Aug 10 17:35:10 IMAP(xx...@simplenet.com): Info: Module loaded: /usr/local/lib/dovecot/imap/lib10_quota_plugin.so Aug 10 17:35:10 IMAP(xx...@simplenet.com): Info: Module loaded: /usr/local/lib/dovecot/imap/lib11_imap_quota_plugin.so when I log into the IMAP port, I get the following greeting : * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. So it seems there is no QUOTA support for the IMAP server to query for the quota file... can someone help me as to a direction to go here??? The reason I need it is because I believe the web client relies on the QUOTA being in the CAPA in order to show it... Thanks, Tim.
Re: [Dovecot] QUOTA not appearing in CAPA
On Mon, 2009-08-10 at 17:43 -0700, Tim Traver wrote: when I log into the IMAP port, I get the following greeting : * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. So it seems there is no QUOTA support for the IMAP server to query for the quota file... The greeting capability lists only capabilities relevant to pre-login session. You'll get the full list with either CAPABILITY command or automatically after logging in. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] QUOTA not appearing in CAPA
Timo, ok, upon further examination, I found that a later CAPABILITY command did indeed return QUOTA in its line... But I also looked in the code to find out what happens when a command is sent to get the quota like this : QUOT1 GETQUOTAROOT INBOX and I get the following back : * QUOTAROOT INBOX QUOT1 OK Getquotaroot completed. But I don't see a quota value in there anywhere. The maildirquota file is in place in the maildir, and has all of the correct permissions, unless you restrict it to have particular permissions before you read it... Thanks, Tim. Timo Sirainen wrote: On Mon, 2009-08-10 at 17:43 -0700, Tim Traver wrote: when I log into the IMAP port, I get the following greeting : * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. So it seems there is no QUOTA support for the IMAP server to query for the quota file... The greeting capability lists only capabilities relevant to pre-login session. You'll get the full list with either CAPABILITY command or automatically after logging in.
Re: [Dovecot] QUOTA not appearing in CAPA
On Mon, 2009-08-10 at 18:01 -0700, Tim Traver wrote: and I get the following back : * QUOTAROOT INBOX QUOT1 OK Getquotaroot completed. But I don't see a quota value in there anywhere. That means you either have unlimited quota or you don't have quota configured at all. Have you set up quota and quota_rule settings? http://wiki.dovecot.org/Quota/1.1 should explain them, if it doesn't help show your dovecot -n output. signature.asc Description: This is a digitally signed message part
[Dovecot] sieve/managesieve and spam filtering
Hello all, I've got a test environment setup in preparation for a move from qmail/vpopmail/courier to postfix/padmin/dovecot. I have a number of questions that seem to span multiple pieces of software, and this is one of them... Our policy with spam filtering is that a user should be able to turn it off (ie: not put tagged spam into a spam folder, but deliver to their inbox) if they want to. Currently qmailadmin and a custom squirrelmail plugin give people the option to do this by dumping a .qmail file in their directory that calls a common maildrop script that will deliver spam to the spam folder. It looks like I can emulate this with sieve and something that can speak to Dovecot's managesieve server. Where I'm stuck is that if I want users to be able to do other custom filtering using sieve, how do I go about making sure that my common spam delivery rule does not get clobbered? This really has me a bit stumped. I see there's a global sieverc that can be included, but I need something along the lines of a per-user include that brings in the spam filtering rule that will stick until the user explicitly deletes it. Any ideas? Thanks, Charles ___ Charles Sprickman NetEng/SysAdmin Bway.net - New York's Best Internet - www.bway.net sp...@bway.net - 212.655.9344
Re: [Dovecot] v2.0 configuration parsing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I completely agree with Michael's opinion. Patrick. On 2009-08-11 02:22, Michael Orlitzky wrote: Timo Sirainen wrote: I'm trying to figure out how exactly v2.0 should be parsing configuration files. The most annoying part is if it should always just use whatever comes first in config or try some kind of a use most specific rule. The most specific kind of makes more sense initially, but then you start wondering how to handle e.g.: [...] I think the easiest scheme to keep in my brain would be to evaluate the blocks, in order, as if they were branches in code. Fooling around with an arbitrary order of evaluation/specificity would be a recipe for disaster (see, for example, any CSS engine). So, something like, protocol imap { remote_ip 192.168.0.0/16 { foo = foo } } would translate to, if (protocol == imap) { if (remote_ip matches 192.168.0.0/16) { foo = foo } } and then later, remote_ip 192.168.0.0/24 { foo = bar } would set the value of 'foo' to 'bar', since it would evaluate in a similar fashion, and comes later in the config file. It's easy to explain, easy to implement, and easy to debug. Ultimately, the users are going to have to understand how it works in order to configure Dovecot properly. Put the most general rules first, and then override them is a practice with which most of us are already familiar. - -- STAR Software (Shanghai) Co., Ltd. http://www.star-group.net/ Phone:+86 (21) 3462 7688 x 826 Fax: +86 (21) 3462 7779 PGP key: E883A005 https://stshacom1.star-china.net/keys/patrick_nagel.asc Fingerprint: E09A D65E 855F B334 E5C3 5386 EF23 20FC E883 A005 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkqA5IEACgkQ7yMg/OiDoAWaiQCgk1S6lu6JQTcg5VXzwzJxrjCG AXcAoLD2xvbfFoMUrSW+3JrC+PA7c8Fz =jChR -END PGP SIGNATURE-
Re: [Dovecot] Scalability plans: Abstract out filesystem and make it someone else's problem
Timo Sirainen wrote: On Mon, 2009-08-10 at 14:33 -0700, Seth Mattinen wrote: Timo Sirainen wrote: This is something I figured out a few months ago, mainly because this one guy at work (hi, Stu) kept telling me my multi-master replication plan sucked and we should use some existing scalable database. (I guess it didn't go exactly like that, but that's the result anyway.) Ick, some people (myself included) hate the idea of storing mail in a database versus simple and almost impossible to screw up plain text files of maildir. Nothing forces you to switch from maildir, if you're happy with it :) But if you want to support millions of users, it's simpler to distribute the storage and disk I/O evenly across hundreds of servers using a database that was designed for it. And by databases I mean here some of those key/value-like databases, not SQL. (What's a good collective name for those dbs anyway? BASE and NoSQL are a couple names I've seen.) Why is a database a better choice than a clustered filesystem? It seems that you're adding a huge layer of complexity (a database) for something that's already solved (clusters). Queue directories and clusters don't mix well, but a read-heavy maildir/dbox environment shouldn't suffer the same problem. ~Seth
Re: [Dovecot] Scalability plans: Abstract out filesystem and make it someone else's problem
Seth Mattinen wrote: Ick, some people (myself included) hate the idea of storing mail in a database versus simple and almost impossible to screw up plain text files of maildir. Cyrus already does the whole mail-in-database thing. Why do you think 'maildir' isn't a database? Or to you does 'database' only mean SQL database? A database is a collection of information that is organized so that it can easily be accessed, managed, and updated. -- Curtis Maloney
Re: [Dovecot] Scalability plans: Abstract out filesystem and make it someone else's problem
Curtis Maloney wrote: Seth Mattinen wrote: Ick, some people (myself included) hate the idea of storing mail in a database versus simple and almost impossible to screw up plain text files of maildir. Cyrus already does the whole mail-in-database thing. Why do you think 'maildir' isn't a database? Or to you does 'database' only mean SQL database? Please, don't put words in my mouth. I'm not stupid. ~Seth
Re: [Dovecot] Scalability plans: Abstract out filesystem and make it someone else's problem
On Aug 11, 2009, at 12:41 AM, Seth Mattinen wrote: Nothing forces you to switch from maildir, if you're happy with it :) But if you want to support millions of users, it's simpler to distribute the storage and disk I/O evenly across hundreds of servers using a database that was designed for it. And by databases I mean here some of those key/value-like databases, not SQL. (What's a good collective name for those dbs anyway? BASE and NoSQL are a couple names I've seen.) Why is a database a better choice than a clustered filesystem? Show me a clustered filesystem that can guarantee that each file is stored in at least 3 different data centers and can scale linearly by simply adding more servers (let's say at least up to thousands). Clustered filesystems are also complex. They're much more complex than what Dovecot really requires.
Re: [Dovecot] QUOTA not appearing in CAPA
Timo Sirainen wrote: On Mon, 2009-08-10 at 18:01 -0700, Tim Traver wrote: and I get the following back : * QUOTAROOT INBOX QUOT1 OK Getquotaroot completed. But I don't see a quota value in there anywhere. That means you either have unlimited quota or you don't have quota configured at all. Have you set up quota and quota_rule settings? http://wiki.dovecot.org/Quota/1.1 should explain them, if it doesn't help show your dovecot -n output. Timo, I figured out something...The issue appeared to have been that no maildirsize file existed. Once I put the maildirsize file in there, then it sent back the quota parameters. But, isn't it supposed to create that file if it does not exist??? Or at least on delivery isn't it supposed to get created??? (I have quota plugin enabled in the lda as well) Thanks, Tim.
Re: [Dovecot] QUOTA not appearing in CAPA
On Aug 11, 2009, at 1:35 AM, Tim Traver wrote: I figured out something...The issue appeared to have been that no maildirsize file existed. Once I put the maildirsize file in there, then it sent back the quota parameters. But, isn't it supposed to create that file if it does not exist??? Or at least on delivery isn't it supposed to get created??? (I have quota plugin enabled in the lda as well) It sounds like you didn't set quota_rule.
Re: [Dovecot] QUOTA not appearing in CAPA
Timo Sirainen wrote: On Aug 11, 2009, at 1:35 AM, Tim Traver wrote: I figured out something...The issue appeared to have been that no maildirsize file existed. Once I put the maildirsize file in there, then it sent back the quota parameters. But, isn't it supposed to create that file if it does not exist??? Or at least on delivery isn't it supposed to get created??? (I have quota plugin enabled in the lda as well) It sounds like you didn't set quota_rule. Ok, that's a point of confusion then... I send back the accounts quota value from my custom checkpasswd routine, and want to us maildir quotas only. So what would my quota_rule look like? I have the following for the checkpasswd passdb checkpassword { # Path for checkpassword binary args = /bin/checkpassword_dovecot_auth } quota = maildir would it look like this : quota_rule = maildir: ? Thanks, Tim.