[Dovecot] LDAP as password database - some problems / suggestions
Hi all, Using dovecot-1.2.6, I use dovecot with an LDAP backend for user authentication. In general this works ok, but I have some issues with this... In LDAP, I have users like this: dn:cn=user1,ou=users,dc=kapott,dc=org dn:cn=user2,ou=users,dc=kapott,dc=org etc. When authenticating users, I explicitely want to use the AUTH_BIND feature (and NOT lookup passwords). My problem: not ALL users from the LDAP system should be allowed to use the IMAP server. Currently, I have defined an auth_bind_userdn of cn=%u,ou=users,dc=kapott,dc=org in dovecot-ldap.conf, but with this, user1 AND user2 could login (but I don't want user2 to be able to use dovecot). Because the LDAP system is used in a larger environment, it is NOT possible to re-arrange the users like this: cn=user1,ou=dovecot,ou=users,dc=kapott,dc=org cn=user2,ou=not_dovecot,ou=users,dc=kapott,dc=org So my question: are there any plans to support group-based LDAP authentication? For several other application, I have something like this: dn:cn=dovecot,ou=groups,dc=kapott,dc=org objectclass:groupOfNames member:cn=user1,ou=users,dc=kapott,dc=org So I can define groups of user accounts - one group per application. A nice solution for this in dovecot would be, if I could mix password lookup and authentication bind: First, a search query should be used to find a valid DN to bind as. In my case, the search query could look like this: base=ou=groups,dc=kapott.org filter=((cn=dovecot)(member=cn=%u,ou=users,dc=kapott,dc=org)) result_attribute=member After finding a DN this way (via attribute member), I want to use auth_bind to use this DN for password verification... Any hints how to solve this? Any plans to support this in the future? Thanks and regards -stefan-
Re: [Dovecot] revision control on maildir possible?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 14 Feb 2010, Markus Beyer wrote: I was wondering if it is possible to put a dovecot managed maildir under a vcs like system, for example git or bzr. I'd like to have a seamless history of all mail going in and out of my mailboxes, so a vcs like system seams a good choice for me. I'm not quite sure however if that would cause any problems to dovecot and what the best way of handling commits would be. Hmm, + avoid to create .* files in your Maildir base directory. I don't know bzr, but IMHO git creates a single .git directory, hence, you should create the repo at the same level as the Maildir, e.g.: .git/ Maildir/ Maildir/new Maildir/cur Maildir/tmp Subversion won't work, because it creates a .SVN directory in each versioned directory. They will be misunderstood as mailbox. + avoid to version the index files, they are binary anyway. + avoid the content of all tmp/ dirs. + Maybe: instead of to blacklist files, use a whitelist: anything in cur/ and new/, subscriptions, maildirfolder, dovecot-uidlist, dovecot-keywords, others like .dovecot-shared, .dovecot-acl, sieve/ ... + message files are renamed, when their status or keywords / labels / tags change, either you live with these duplicates or you need to keep track of the filename changes by looking at the filename stem (up to, but not including the colon); some VCSs can keep track of filename changes. The same applies when messages are seen and moved from new/ to cur/. + when you move/copy messages around, you could track them by their message id, in order to avoid duplicates. + You can use a script to wrap deliver to trigger add/remove for the Maildir. But I think to schedule the sync would be better. IMHO, if you want to avoid duplicates, a VCS does not seem to fit. Or you could delay the checkin for, say, one day, one could argue that then the messages are read, spooled in the final mailbox, tagged a.s.o. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS3z92r+Vh58GPL/cAQJrWQgAuO3Y/e48wZZKLk6XDd8SZfLUrDfl22Pr JSh/vTvf2LAK2qtI3l7H+c2VccDJpYkng4KZ0Qgb0Ty3F3Ws/siumB81uIrEHu4Y CoTg3h1TMi+HYhizGF4OQ6f2YB4ELkioE3h1qReYRN4YGemzlbLYQNbOBpo/8jkD AxVRmXwJC47Us9Q9Vf8zyL0SARkeRU5X1OJ4c4z7owp8PpG1zuquEjxjVSiGwzNi p8CW2fRlB9PIrMemENhnj9THCTKHW6EMcGf89BU1t2RxEOkGf9Y7EK0z9lRh3JpB rQJER6p4y61mGAoo5air70CIq50+xeJsyppNbCFaVYBJSTzHNKFD0Q== =arzl -END PGP SIGNATURE-
Re: [Dovecot] LDAP as password database - some problems / suggestions
Stefan Palme schrieb: Hi all, Using dovecot-1.2.6, I use dovecot with an LDAP backend for user authentication. In general this works ok, but I have some issues with this... In LDAP, I have users like this: dn:cn=user1,ou=users,dc=kapott,dc=org dn:cn=user2,ou=users,dc=kapott,dc=org Because the LDAP system is used in a larger environment, it is NOT possible to re-arrange the users like this: cn=user1,ou=dovecot,ou=users,dc=kapott,dc=org cn=user2,ou=not_dovecot,ou=users,dc=kapott,dc=org Isn't it possible to just give the each allowed IMAP Users a attribute like imap=1 ? If you really need to do it with the groups, the SUN DSSE Ldap has features like ROLES or COSes where you can set attributes for an entry based on a internal search. Regards, Oliver
Re: [Dovecot] Feature request? Make deliver quota inclusive!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 14 Feb 2010, Joachim Boltz wrote: This is a important for me because sometimes users are lazy. They think oh, still 10% left, no reason to delete mail while in the meantime large messages are already bounced, while some small ones arrive in the Can you increase the quota of the INBOX, e.g. like Trash here http://wiki.dovecot.org/Quota/1.1 ? Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS3z/e7+Vh58GPL/cAQLPFwf/aUCES5WrlBjMBIjLi91hHJcFWUYj2Hmk iJSPgGrrnqis/N4TzvVdtL8JfCRc3eozAykOgxj2/acCcAbj1UCE+oqAeBEYll2n xPNhgopKeO6+nEl84lhFV9xibndURdMGlHYppUoKnSMrYQyHWBa17xpm+ie9bz4L 4WlLFAU14j3Jwusxk409CZwuJDgEkdwV+erFiDV+tr98sMFrd2RfVVOnPDPyt36W Yv8ZQ6Fv0u69lKe4s9ZHmBJUnYeo4gA7ZgV5M6pHCGiYqnD79ID+xkmPyCac5RCh TYiNtQ67/c/iTe6zC0uP5JdK6cZ/ONNoVYIifIsxGDBw5XgdccoHUA== =dqBa -END PGP SIGNATURE-
Re: [Dovecot] LDAP as password database - some problems / suggestions
On 02/18/2010 09:45 AM, Oliver Eales wrote: Isn't it possible to just give the each allowed IMAP Users a attribute like imap=1 ? Yes, it would. But this would also require me to use PASSWORD LOOKUP (e.g. with a filter like '((objectclass=person)(imap=1))'), but I do not want to use password lookups, but auth binding with a given DN, which is derived from the username. If you really need to do it with the groups, the SUN DSSE Ldap has features like ROLES or COSes where you can set attributes for an entry based on a internal search. Same as above - this approach only makes sense when using password lookups. What I need is a combination of lookup and auth_bind. The lookup is needed to find a DN to authenticate as, after that I want to use this DN for LDAP based authentication... -stefan-
Re: [Dovecot] LDAP as password database - some problems / suggestions
Em 18/2/2010 06:19, Stefan Palme escreveu: In LDAP, I have users like this: dn:cn=user1,ou=users,dc=kapott,dc=org dn:cn=user2,ou=users,dc=kapott,dc=org etc. (...) My problem: not ALL users from the LDAP system should be allowed to use the IMAP server. Currently, I have defined an auth_bind_userdn of cn=%u,ou=users,dc=kapott,dc=org in dovecot-ldap.conf, but with this, user1 AND user2 could login (but I don't want user2 to be able to use dovecot). I use LDAP on PAM, and dovecot uses PAM as auth method, so I can have a separeted /etc/ldap_dovecot.conf wich filters nss_base_passwd ou=People,dc=xxx?one?objectClass=mailUser (I have a postfix.schema I downloaded somewhere that implements mailUser, you may use whatever objectclass you find best). That /etc/ldap_dovecot.conf is read by /etc/pam.d/dovecot wich is used by dovecot. This may be tweaked to solve your needs. Regards, -- Marcio Merlone attachment: marcio_merlone.vcf
[Dovecot] using signed certificates for TLS/SSL
Hi, I have, in one customer, a web server running on a Verisign-signed certificate SSL certificate. Everything works fine, IE and Firefox connects on https without asking anything, which usually happens on self-signed certificates. I'm trying to use that certificate on dovecot, but clients (Thunderbird basically) keeps saying the certificate is not valid. yes i'm using, when configuring Thunderbird, the same CN that was signed by Verisign for the web usage i've enabled verbose_ssl and got when thunderbird tries to connect: Feb 18 12:32:02 correio dovecot: imap-login: Disconnected (no auth attempts): rip=201.86.xxx.xxx, lip=192.168.1.2, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca unknown CA ??? is that Thunderbird that is not recognizing the Verisign-signed certificate ? Do i need to, somehow, install some Verisign CA certificate in dovecot.conf ? when using a self-signed certificate, i also get an SSL_accept failed, but with different message: Feb 18 12:41:45 correio dovecot: imap-login: Disconnected (no auth attempts): rip=201.86.191.114, lip=192.168.1.2, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate despite the fact my certificates were generated for use with Apache, i can 'print' them, both of them, with the same commands i use to print dovecot generated certificates, with mkcert.sh. So, it seems they are compatible. if i click OK on Thunderbird, when using my Verisign-signed certificates, everything works and i do got TLS logs: Feb 18 12:23:36 correio dovecot: imap-login: Login: user=u...@domain.com.br, method=PLAIN, rip=201.86.xx.xx, lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Feb 18 12:31:43 correio dovecot: imap-login: Login: user=u...@domain.com.br, method=PLAIN, rip=201.86.xx.xx, lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) what am i doing wrong ?? or using a signed-certificate for WEB usage is not possible on dovecot ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] using signed certificates for TLS/SSL
Torsdag 18 februar 2010 14:47:03 skrev Leonardo Rodrigues : Hi, I have, in one customer, a web server running on a Verisign-signed certificate SSL certificate. Everything works fine, IE and Firefox connects on https without asking anything, which usually happens on self-signed certificates. I'm trying to use that certificate on dovecot, but clients (Thunderbird basically) keeps saying the certificate is not valid. yes i'm using, when configuring Thunderbird, the same CN that was signed by Verisign for the web usage i've enabled verbose_ssl and got when thunderbird tries to connect: Feb 18 12:32:02 correio dovecot: imap-login: Disconnected (no auth attempts): rip=201.86.xxx.xxx, lip=192.168.1.2, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca unknown CA ??? is that Thunderbird that is not recognizing the Verisign-signed certificate ? Do i need to, somehow, install some Verisign CA certificate in dovecot.conf ? when using a self-signed certificate, i also get an SSL_accept failed, but with different message: Feb 18 12:41:45 correio dovecot: imap-login: Disconnected (no auth attempts): rip=201.86.191.114, lip=192.168.1.2, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate despite the fact my certificates were generated for use with Apache, i can 'print' them, both of them, with the same commands i use to print dovecot generated certificates, with mkcert.sh. So, it seems they are compatible. if i click OK on Thunderbird, when using my Verisign-signed certificates, everything works and i do got TLS logs: Feb 18 12:23:36 correio dovecot: imap-login: Login: user=u...@domain.com.br, method=PLAIN, rip=201.86.xx.xx, lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Feb 18 12:31:43 correio dovecot: imap-login: Login: user=u...@domain.com.br, method=PLAIN, rip=201.86.xx.xx, lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) what am i doing wrong ?? or using a signed-certificate for WEB usage is not possible on dovecot ? I'm using the same certificate for dovecot and https. My settings in dovecot.conf are; ssl_cert_file = /etc/ssl/certs/hostname.pem ssl_key_file = /etc/ssl/private/hostname.key This part from the user guide is very important if you received a bundle / chain of CA certificates from Verisign; Chained SSL certificates Put all the certificates in the ssl_cert_file file. For example when using a certificate signed by TDC the correct order is: 1. Dovecot's public certificate 2. TDC SSL Server CA 3. TDC Internet Root CA 4. Globalsign Partners CA Arne -- Arne K. Haaje | www.drlinux.no T: 69 51 15 52 | M: 92 88 44 66
Re: [Dovecot] using signed certificates for TLS/SSL
and another interesting information . Thunderbird claims the certificate is not valid, but Windows Mail accepts it without any warnings and works just fine. I've tested on a new machine just to make sure i havent previously accepted it on that machine/Windows Mail. another minor difference is that when logging from Windows Mail and Thunderbird, the cipher used seems to be a little different Windows Mail - AES128-SHA Feb 18 12:56:04 correio dovecot: imap-login: Login: user=dom...@user.com.br, method=PLAIN, rip=201.86.xx.xx, lip=192.168.1.2, TLS, TLSv1 with cipher AES128-SHA (128/128 bits) Thunderbird 3.0.1 - DHE-RSA-AES256-SHA Feb 18 12:58:41 correio dovecot: imap-login: Login: user=dom...@user.com.br, method=PLAIN, rip=201.86.xx.xx, lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) if it works flawlessly on Windows Mail, i think i should point now my searching to Thunderbird . what do you think on that ? Em 18/02/2010 11:58, Arne K. Haaje escreveu: Put all the certificates in the ssl_cert_file file. For example when using a certificate signed by TDC the correct order is: 1. Dovecot's public certificate 2. TDC SSL Server CA 3. TDC Internet Root CA 4. Globalsign Partners CA -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Feature request? Make deliver quota inclusive!
On 2010-02-18 3:51 AM, Steffen Kaiser wrote: On Sun, 14 Feb 2010, Joachim Boltz wrote: This is a important for me because sometimes users are lazy. They think oh, still 10% left, no reason to delete mail while in the meantime large messages are already bounced, while some small ones arrive in the Personally I think the best way would be, if the user isn't over quota at the time of a message delivery, deliver that message, *regardless* of whether or not it puts the user over quota. Then, obviously, from that point on, delivery will fail until the user deals with their over quota issue. -- Best regards, Charles
Re: [Dovecot] using signed certificates for TLS/SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 18 Feb 2010, Arne K. Haaje wrote: I'm using the same certificate for dovecot and https. My settings in dovecot.conf are; ssl_cert_file = /etc/ssl/certs/hostname.pem ssl_key_file = /etc/ssl/private/hostname.key This part from the user guide is very important if you received a bundle / chain of CA certificates from Verisign; Chained SSL certificates Put all the certificates in the ssl_cert_file file. For example when using a certificate signed by TDC the correct order is: 1. Dovecot's public certificate 2. TDC SSL Server CA 3. TDC Internet Root CA 4. Globalsign Partners CA Do I assume that the Verisign CA's root cert is part ofThunderbird by default? Otherwise you would need to add the root cert manually. Also, I have explicitly set the CA file in Dovecot: ssl_ca_file = Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS31Jmr+Vh58GPL/cAQJfBwf9Fg6ItLJxj09RHCY/dp9nIMiAGsDEHGsQ kS6p7iyOZSfxGPJcovTHU85lgZqF2VUWWhgpTfVp2xAm1XoNTDYz5sdErWkckBmf iqWYkQl8kYChl3lQLcJMrN4Fv2t6Cp+IkaKaMVa7bo5pAX0byq2DatGfWSiUvrk3 BEOEoTrFz2DAk27TnzLNWuQ1CtyHlxDDjFSOJH1g1HoCeit6f4Vyc7p1llCV6P1r 6/IOcdLByeX/m38FJiP1/rhpv8O1zEfyGJuY0oL1nSF62wosMLXzZUkYwK6IN7cm CytCyodEloKQhu0XzFHA0EJQ2eXWLsp8sCVt0GTymQaTURazgQ9aoQ== =7FhN -END PGP SIGNATURE-
[Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
On Thu, 2010-02-18 at 09:05 -0500, Charles Marcus wrote: Personally I think the best way would be, if the user isn't over quota at the time of a message delivery, deliver that message, *regardless* of whether or not it puts the user over quota. Wonder if there's anyone who wouldn't want this behavior? One exception could be that if mail is larger than the user's entire quota limit, it wouldn't be accepted. And this would happen only for deliver/lmtp, not imap append (because it would give user an error message directly). signature.asc Description: This is a digitally signed message part
Re: [Dovecot] quota problem
On Wed, 2010-02-17 at 15:26 +0100, Andre Hübner wrote: my user_query: user_query = SELECT home, uid, gid, concat('*:storage=', quota_bytes,'M') AS quota_rule FROM mail_users WHERE login = '%u' Do you really want quota_bytes number of megabytes? If not, change the ,'M' part to ,'B'. quota = dirsize:user I hope you're not using Maildir? I have no idea why its not working. Set auth_debug=yes and mail_debug=yes and show logs. Full dovecot -n output might also be helpful. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
On 18 February 2010 16:20, Timo Sirainen t...@iki.fi wrote: Wonder if there's anyone who wouldn't want this behavior? One exception could be that if mail is larger than the user's entire quota limit, it wouldn't be accepted. And this would happen only for deliver/lmtp, not imap append (because it would give user an error message directly). I am not sure how much work it would involve but I would prefer to have a config option to either disable or enable the behaviour. Much like Exim's 'quota_is_inclusive' transport setting. With this setting set to false, Exim accepts all messages until the quota has been exceeded. When set to true (default setting) it calculates the current message size and rejects it if it pushes the user over quota. .warren
Re: [Dovecot] LDAP as password database - some problems / suggestions
On Thu, 2010-02-18 at 09:19 +0100, Stefan Palme wrote: base=ou=groups,dc=kapott.org filter=((cn=dovecot)(member=cn=%u,ou=users,dc=kapott,dc=org)) result_attribute=member After finding a DN this way (via attribute member), I want to use auth_bind to use this DN for password verification... How about if it worked like: pass_attrs = member=bind_dn, ... pass_filter = .. ? Attached patch does that. If it works, I'll commit it. diff -r 1ff706e7d95f src/auth/passdb-ldap.c --- a/src/auth/passdb-ldap.c Sun Feb 07 01:55:06 2010 +0200 +++ b/src/auth/passdb-ldap.c Thu Feb 18 16:38:24 2010 +0200 @@ -74,17 +74,23 @@ } static void -ldap_query_save_result(struct ldap_connection *conn, - LDAPMessage *entry, struct auth_request *auth_request) +ldap_query_save_result(struct ldap_connection *conn, LDAPMessage *entry, + struct auth_request *auth_request, + const char **bind_dn_r) { struct db_ldap_result_iterate_context *ldap_iter; const char *name, *value; + *bind_dn_r = NULL; ldap_iter = db_ldap_result_iterate_init(conn, entry, auth_request, conn-pass_attr_map); while (db_ldap_result_iterate_next(ldap_iter, name, value)) { - auth_request_set_field(auth_request, name, value, - conn-set.default_pass_scheme); + if (strcmp(name, ldap_dn) == 0) + *bind_dn_r = t_strdup(value); + else { + auth_request_set_field(auth_request, name, value, + conn-set.default_pass_scheme); + } } } @@ -97,7 +103,7 @@ struct auth_request *auth_request = request-auth_request; enum passdb_result passdb_result; LDAPMessage *entry; - const char *password, *scheme; + const char *password, *scheme, *bind_dn; int ret; entry = handle_request_get_entry(conn, auth_request, ldap_request, res); @@ -108,7 +114,7 @@ passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; password = NULL; - ldap_query_save_result(conn, entry, auth_request); + ldap_query_save_result(conn, entry, auth_request, bind_dn); if (ldap_next_entry(conn-ld, entry) != NULL) { auth_request_log_error(auth_request, ldap, pass_filter matched multiple objects, aborting); @@ -217,6 +223,7 @@ struct ldap_request_bind *brequest; struct auth_request *auth_request = ldap_request-auth_request; LDAPMessage *entry; + const char *bind_dn; char *dn; entry = handle_request_get_entry(conn, auth_request, @@ -224,7 +231,7 @@ if (entry == NULL) return; - ldap_query_save_result(conn, entry, auth_request); + ldap_query_save_result(conn, entry, auth_request, bind_dn); /* convert search request to bind request */ brequest = passdb_ldap_request-request.bind; @@ -234,7 +241,9 @@ /* switch the handler to the authenticated bind handler */ dn = ldap_get_dn(conn-ld, entry); - brequest-dn = p_strdup(auth_request-pool, dn); + if (bind_dn == NULL) + bind_dn = dn; + brequest-dn = p_strdup(auth_request-pool, bind_dn); ldap_memfree(dn); ldap_auth_bind(conn, brequest); signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
On Thu, 2010-02-18 at 16:29 +0200, Warren Baker wrote: I am not sure how much work it would involve but I would prefer to have a config option to either disable or enable the behaviour. It's not about how much work adding that setting is. It's that I don't think there should be settings for stuff that (almost) everyone sets only one way. Useless extra settings cause bugs and bloat, both to code and documentation. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
On Thu, 2010-02-18 at 09:05 -0500, Charles Marcus wrote: Personally I think the best way would be, if the user isn't over quota at the time of a message delivery, deliver that message, *regardless* of whether or not it puts the user over quota. Wonder if there's anyone who wouldn't want this behavior? One exception could be that if mail is larger than the user's entire quota limit, it wouldn't be accepted. And this would happen only for deliver/lmtp, not imap append (because it would give user an error message directly). Over quota is over quota... Perhaps it's better to drop a line in the user's inbox e.g. 'mail from m...@address.com rejected because there was not enough space in your inbox...' or something else. So both sender AND recipient are informed and I'm sure the owner will THEN tidy up his mailbox.
Re: [Dovecot] 2nd REPOST: mbox vs maildir
On Wed, 2010-02-17 at 08:46 -0700, Ashley M. Kirchner wrote: namespace private { separator = / prefix = mail/ Things would probably be simpler if you used prefix= here. location = mbox:~/mail:INBOX=/var/mail/%u So you've mboxes.. namespace private { separator = / prefix = mail-Archives/ location = maildir:~/mail-Archives:LAYOUT=fs Are these really maildirs? Seems like exactly the opposite of what they're good at :) (Maildir is good for active mails, mbox for unchanging archives.) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 18 Feb 2010, Sven Eulberg wrote: Over quota is over quota... Perhaps it's better to drop a line in the user's inbox e.g. 'mail from m...@address.com rejected because there was not enough space in your inbox...' or something else. So both sender AND recipient are informed and I'm sure the owner will THEN tidy up his mailbox. :-) Well, wait long enough and those messages fill the partition. Moreover, if it is spooled, the message gets delivered more than once. jokeOne could count the unique, failed messages and then display a virtual message: Since you've last read this notification message at 2010-02-13 23:23, 327 messages could not spooled into your INBOX, because you are over quota. When it is read (not seen), the count resets./joke But I'd like the deliver a message if user is under quota and the message is smaller than quota. Or an option deliver may exceed the quota by X, sort of like the quota_rules for Trash, but for the service. Possible not all scenarios can tweak a special .conf for deliver containing increased quota_rules. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS31Vab+Vh58GPL/cAQIZaggAgkRAjrNbYLSSddqMmVLoV+IvBZuqPfpq TzOdDRE2BOndvKWhxf3qnZxw5gwYImfDRUYD9//GfKFR1jEjJ3Nd8kobdsY5g4Px WIfvzPoYtcsemeWDI4PNnJJsSa/gozUVRMdtjUrVF4/Pj9rD04uevGLJfNRdnHbW RNYD511UW96nkgV7iHlfk7rvQremVaShLadHlcBAITDH58xPl8YO+wjNmHaBF+hU BMiiufOHdpMb2DnONhpJkNFZCo53uQ3KXRhZeMsUFj0yIcJKFKhetDl9CZ51P0L8 jYznDTbQzxzPVwn/S5cI4IA7m0kYTEIFwTpuoZQJsmgIvphwhyZaBQ== =M9kd -END PGP SIGNATURE-
Re: [Dovecot] Dovecot design-question
On Wed, 2010-02-17 at 17:55 +0100, Werner wrote: 2010-02-17 17:52:21 deliver(wer...@example.com): Error: Corrupted transaction log file /mailhome/wernertest/dovecot.index.log seq 24: Invalid transaction log size (67988 vs 68080): /mailhome/wernertest/dovecot.index.log (sync_offset=67988) Is this something to worry about ? Probably not. You might lose the latest change from index, but then again since you're using Maildir, Dovecot finds out about the change soon anyway. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
On Thu, 2010-02-18 at 15:57 +0100, Steffen Kaiser wrote: But I'd like the deliver a message if user is under quota and the message is smaller than quota. The current behavior? Is that what you really meant? Or an option deliver may exceed the quota by X, sort of like the quota_rules for Trash, but for the service. That should be possible already. But it's not really the same as allow one mail to exceed quota. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Courier-Dovecot Migration Issue
On Wed, 2010-02-17 at 11:31 -0500, Tony Rutherford wrote: The last three entries exist in the Courier IMAP file, but NOT the Courier POP file. The resulting dovecot-uidlist format is different, but to be honest, I haven't been able to find the exact specification for the format of the dovecot-uidlist file (if it exists). .- During the migration, it appears that the emphasis is placed on maintaining the Pop3 message sequence...at the cost of possibly changing IMAP UIDs. Well, with v1.1+ it's possible to preserve both POP3 and IMAP UIDs (each line is IMAP uid PPOP3 UIDL :filename). I guess the script doesn't merge IMAP and POP3 messages well enough. Feel free to fix the script ;) Here's a question though. If the dovecot-uidlist file is deleted (for whatever reason), it gets rebuilt by Dovecot. But, how does it get rebuilt? It does not appear to generate uids based on the date of messages...I believe that to be true. Is there any flag/option in Dovecot to build the uidlist file based on message date (uids ordered by date)? The added mails are ordered by their filename. The filename typically begins with timestamp of when the message was received, so it's practically in the same order as mails were received. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] configuring overquota message
On Tue, 2010-02-16 at 15:18 -0200, Leonardo Rodrigues wrote: but i havent found, in all the sources, where the QUOTA_EXCEEDED_MESSAGE is feeded by something from dovecot.conf or anywhere else. plugin { quota_exceeded_message = stuff } I guess I should put that somewhere.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot 1.2.8 problem on AIX
On Tue, 2010-02-16 at 07:41 -0500, Jonathan Siegle wrote: Running revision 9492:3efdbaab2960(Mon Nov 23) on AIX 5.3. I run dovecot out of inetd. Every once in a while I get the following error: Dovecot is already running with PID 2592842 (read from /usr/ladmin/dovecot-1.2.8/var/run/dovecot/master.pid) when I try to connect to the imap port. Is there a reason why you're running it from inetd? I wasn't really planning on preserving inetd support in v2.0. Way too much trouble. (Did I already ask you this?) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] auth processes
On Tue, 2010-02-16 at 08:16 -0600, Stan Hoeppner wrote: With 1.0.15 my configuration I a single dovecot-auth process, which is what I want now. Since upgrading to 1.2.10 I have two such processes: root 16992 16990 0 Feb15 ?00:00:00 dovecot-auth root 16997 16990 0 Feb15 ?00:00:00 dovecot-auth -w I can't seem to tweak dovecot.conf to get this down to one auth process again. Are you using passwd/pam combination? The second process is auth worker, which does blocking passdb/userdb lookups. The v1.0 behavior was causing bugs. Given my IMAP user load, I know for a fact that I should only need one auth process, and for that matter, given my load, Currently there's no way to avoid that, except if you switch from PAM to e.g. shadow. v2.0 stops idling processes after a minute (but there are a some other new long running processes, and also it looks like that idle-stopping isn't currently working for some reason). running all the dovecot processes from inetd is even a valid option, although I've not yet attempted that. That won't help anyway. You'd still have the same processes. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot-sieve vacation vs qmail-ldap
On Tue, 2010-02-16 at 13:34 +0100, Lazy wrote: lda is executed as exec /var/qmail/bin/preline -f /usr/local/dovecot/libexec/dovecot/deliver -s .. + /* if DTLINE (qmail Delivered-To: header) is not null use it as a destination address */ + if (destaddr == NULL) { + destaddr = getenv(DTLINE); + if (destaddr != NULL) { + if (strlen(destaddr) 18 ) + destaddr = i_strdup(address_sanitize(destaddr+14)); + else + destaddr = NULL; + } + } Isn't it possible to use deliver -a $DTLINE or something? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Problem with allow_nets passdb parameter and Postfix
On Mon, 2010-02-15 at 14:00 +0300, Неворотин Вадим wrote: allow_nets check failed: Remote IP not known Problem is clear: smtpd don't send client IP to dovecot authentication socket. Yep. The only way you can get Postfix to send IP to Dovecot is by patching Postfix sources. But I need to limit the ability of connection to users only from specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot 1.0.15 and Postfix 2.5.5 on Debian Lenny. Do you mean all users must connect from only specific IP, or is it a per-user configuration? If all users, maybe you can do this on Postfix side some other way. Or require clients to use submission port or a different IP and use a firewall. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Anyone successfully setup Continous Backup of mailboxes using rsync ?
On Thu, 2010-02-11 at 10:46 +0500, CoolAtt NNA wrote: from the wiki of Lazy Expunge: The plugin is configured by defining namespaces where the mails are moved. You can decide if you want the namespaces to be visible to clients, or if you want to show them only via some special webmail interface. You can use either one or three namespaces How do I access the namespaces(the back up mailboxes) ? Well, a) You can make the namespaces visible (list=yes) and they'll show up just like regular mailboxes. Might confuse users. b) You make the namespaces hidden (list=no, hidden=yes) and the only way to access them is by explicitly configuring client's namespace path to that. That's of course a pretty painful thing to do. Maybe by using two different accounts that would be slightly better. But the main reason for lazy_expunge is to allow a) custom-built webmails or b) sysadmins to do the unexpunging. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] quick question
On Wed, 2010-02-10 at 15:15 -0800, Brandon Davidson wrote: rip=67.223.67.45, pid=12881: Timeout while waiting for lock for transaction log file /home6/pellerin/.imapidx/.INBOX/dovecot.index.log That's fcntl lock I guess. You could always try lock_method=dotlock.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot v1.2.10 + unknown mail_uid parameter
On Fri, 2010-02-12 at 13:04 -0200, maximatt wrote: in dovecot.conf, i set the user mail: mail_uid= 72940 mail_gid= 72941 but when i try to start dovecot i have the following error: # sbin/dovecot Error: Error in configuration file /etc/dovecot/etc/dovecot.conf line 962: Unknown setting: mail_uid Fatal: Invalid configuration in /etc/dovecot/etc/dovecot.conf # sbin/dovecot --version 1.2.10 i try, but i dont know how to fix them :( I copypasted those lines to dovecot.conf and started v1.2.10 without errors. Did you put them inside some section (auth?) where they don't belong to? They belong to root level. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Problem with allow_nets passdb parameter and Postfix
Well, I've asked this question in Postfix mail list and after discussion as I understand Postfix 2.7 send all necessary client information to Dovecot socket. But I haven't try this solution yet. 2010/2/18 Timo Sirainen t...@iki.fi On Mon, 2010-02-15 at 14:00 +0300, Неворотин Вадим wrote: allow_nets check failed: Remote IP not known Problem is clear: smtpd don't send client IP to dovecot authentication socket. Yep. The only way you can get Postfix to send IP to Dovecot is by patching Postfix sources. But I need to limit the ability of connection to users only from specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot 1.0.15 and Postfix 2.5.5 on Debian Lenny. Do you mean all users must connect from only specific IP, or is it a per-user configuration? If all users, maybe you can do this on Postfix side some other way. Or require clients to use submission port or a different IP and use a firewall.
Re: [Dovecot] deliver problem ( Error: file_dotlock_create )
On Fri, 2010-02-12 at 17:05 +0100, Frank Bonnet wrote: deliver(): Error: file_dotlock_create(/var/mail/) failed: Permission denied (euid=3003() egid=3010(smig) missing +w perm: /var/mail) (set mail_privileged_group=mail) Doea this means I have to chmod 777 the /var/mail directory ? See http://wiki.dovecot.org/MailLocation/Mbox#Locking And especially: NOTE: With deliver the mail_privileged_group setting unfortunately doesn't work, so you'll have to use the sticky bit or disable dotlocking completely. With v2.0 LMTP server makes this easier. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 18 Feb 2010, Timo Sirainen wrote: On Thu, 2010-02-18 at 15:57 +0100, Steffen Kaiser wrote: But I'd like the deliver a message if user is under quota and the message is smaller than quota. The current behavior? Is that what you really meant? Oh, I left out one word: if the user is under quota currently aka before delivery. Actually your idea. I just rephrased to emphase, that now the before-deliver situation is tested and not the final one and that you have already forseen the case, that a message is unable to fit into the mailbox at all. Latter reminds me to possibly change my over quota reply into: user over quota or message too large. Or an option deliver may exceed the quota by X, sort of like the quota_rules for Trash, but for the service. That should be possible already. But it's not really the same as allow one mail to exceed quota. I think not. You can craft a special .conf for deliver, but you can increase the quota programmatically only in SQL or in dovecot.conf, but not for the other user DBs. And because of Sieve's fileinto, you cannot add a quota_rule just for INBOX, but you would need to alter (increase) the general, basic quota. It's not the same, but it would come close enough :) When the service deliver has a quota exception, an user cannot exploit the exception directly. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS31f9r+Vh58GPL/cAQKjQQf/cb8KOJj96JzCZXKNAZtkOeoTb9bMErft +T+V0oO+mXoir66uHOakMDSlGRV4avUhkyo0vGTdqPNVqJjluvoyPbf/+RBgcImx wJX7apv5S8ve/++etCLUiPV5IFcqi+IYrQqbsBuoqFfoCd7I4eBBBz3U+3og5WzY djxW3GCNeVsO4sLGNk6sa/bJPAEQq2emDbQr2GeUwQgQrX8RRHG9yQqGO4izi4r1 +zIdghqn4C+SILTa4jpUFgzhoup5DdVdX8+biliQ3RoVGSRQ2fqftzzWkQ7+ZFvt JPT30C/axteE3qJWxKsp4nXL/tSgzxet3Gj5HNvBC2BeMTLGzQvDNg== =kkmZ -END PGP SIGNATURE-
Re: [Dovecot] Problem with allow_nets passdb parameter and Postfix
Oh. I actually checked v2.7 code before replying, but I was stupidly searching only for a full rip word, while the code had \trip :) On Thu, 2010-02-18 at 18:41 +0300, Неворотин Вадим wrote: Well, I've asked this question in Postfix mail list and after discussion as I understand Postfix 2.7 send all necessary client information to Dovecot socket. But I haven't try this solution yet. 2010/2/18 Timo Sirainen t...@iki.fi On Mon, 2010-02-15 at 14:00 +0300, Неворотин Вадим wrote: allow_nets check failed: Remote IP not known Problem is clear: smtpd don't send client IP to dovecot authentication socket. Yep. The only way you can get Postfix to send IP to Dovecot is by patching Postfix sources. But I need to limit the ability of connection to users only from specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot 1.0.15 and Postfix 2.5.5 on Debian Lenny. Do you mean all users must connect from only specific IP, or is it a per-user configuration? If all users, maybe you can do this on Postfix side some other way. Or require clients to use submission port or a different IP and use a firewall. signature.asc Description: This is a digitally signed message part
[Dovecot] OT: best linux imap client for dovecot
Hi, I'm a long term dovecot user, packager and believer, but on the other side of the wire I've been a mutt user for longer than I can think. Which modern email client under Linux is working best with dovecot? I just did a grep on User-Agent:/X-Mailer: on my dovecot archive (which goes back to 2004) and found that the top ten are: 28% Thunderbird 25% Evolution 9% Apple Mail 9% Mutt 5% Mozilla 3% KMail 2% Outlook 2% SquirrelMail 1% Alpine 1% Mulberry ... So it looks like most Linux people here like to use Thunderbird and Evolution. This is not a my-email-client-is-better-than-your-email-client thread, I just want to know which client(s) make proper use of imap features for fast searches/copies/deletions etc. Thanks! -- Axel.Thimm at ATrpms.net pgpYOsYdKv7jJ.pgp Description: PGP signature
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
On 2010-02-18 9:57 AM, Steffen Kaiser wrote: But I'd like the deliver a message if user is under quota and the message is smaller than quota. Or an option deliver may exceed the quota by X, sort of like the quota_rules for Trash, but for the service. Possible not all scenarios can tweak a special .conf for deliver containing increased quota_rules. As long as this is configurable, that should be enough to make everyone happy, but why complicate things unnecessarily? It is really simple... User has quota assigned User allows mail to pile up Eventually, a message is delivered that puts user over quota Mail is rejected until user deals with over quota state Why put the LDA to all the work of calculating if one message will cause user to go over quota but not another? Even worse is calculating a certain 'allowance' of over quota... The only time I can see this being an issue is when the quota in question is ridiculously low (10MB?), where the user could receive a whole lot of tiny text messages, but one message with a fairly large attachment could take up the whole quota. But in the modern age, just delivering mail until the quota is exceeded then rejecting seems to be the simplest thing to do, and imo should be the default...
Re: [Dovecot] OT: best linux imap client for dovecot
On Thu, 2010-02-18 at 17:45 +0200, Axel Thimm wrote: Which modern email client under Linux is working best with dovecot? I just did a grep on User-Agent:/X-Mailer: on my dovecot archive (which goes back to 2004) and found that the top ten are: 28% Thunderbird 25% Evolution 9% Apple Mail I wouldn't be surprised if 90% of Evolution and Apple mail mails came from me. :) This is not a my-email-client-is-better-than-your-email-client thread, I just want to know which client(s) make proper use of imap features for fast searches/copies/deletions etc. I think they all suck. If I ever have too much time on my hands, I might try to continue http://trojita.flaska.net/. Its design looks good, but unfortunately it's nowhere near being actually usable and its development seems dead. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Problem in sharing mailboxes across users
On Fri, 2010-02-12 at 12:31 +0100, Rampage wrote: i applied the modifications to the dovecot.conf file as you suggested but now i'm experiencing duplicated folders. namespace private { separator = / prefix = INBOX/ inbox = yes hidden = yes list=no here. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 18 Feb 2010, Charles Marcus wrote: But in the modern age, just delivering mail until the quota is exceeded then rejecting seems to be the simplest thing to do, and imo should be the default... You change the quota from a (hard) limit to a (soft) suggestion that way. As I said, I agree with you. happy, but why complicate things unnecessarily? It is really simple... Actually, I once had a system where the request was we do not send over quota notices, all mails have to arrive. Hence, deliver should have no quota - well, a very high quota actually -, but a quite strick IMAP quota. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS31mJ7+Vh58GPL/cAQLLLQf/Vxy0mIxhXqq/0aJZyUmFRvax5XWs47TD G09OElD2V/TKg7JTlkINDfpxputjhXH7uVoZ7+Hza2KPimdokdO12zh6XoBLnpFp QStHyh/gADcBFISDxslVGdwVwXUT9pN8Ou22NEHgU/J8klscxS3yhBKZVt5HwfOQ W+vZfPwgq/iYSRCyZOUEcFnRQxgqhLXny0dv6opfChBW2x/ubGkqMoBGSB1u0gTN KVfOKkV3C5Qz5RfxalV5J4g9oVo8XTTgy4Jf4T+dPtzK59OQ/sHPP/F04RyODGS8 f+Mjulzh6u4ZDvfpWkUdkB4FAh4TeYHmec/H+ecefdga4qUz7NdAsA== =+CFH -END PGP SIGNATURE-
Re: [Dovecot] GlusterFs - Any new progress reports?
Original-Nachricht Datum: Wed, 17 Feb 2010 21:25:46 -0600 Von: Eric Rostetter rostet...@mail.utexas.edu An: dovecot@dovecot.org Betreff: Re: [Dovecot] GlusterFs - Any new progress reports? Quoting Ed W li...@wildgooses.com: Anyone had success using some other clustered/HA filestore with dovecot who can share their experience? (OCFS/GFS over DRBD, etc?) GFS2 over DRBD in an active-active setup works fine IMHO. Not perfect, but it was cheap and works well... Let's me reboot machines with no downtime which was one of my main goals when implementing it... My interest is more in bootstrapping a more highly available system from lower quality (commodity) components than very high end use GFS+DRBD should fit the bill... You need several nics and cables, but they are dirt cheap... Just 2 machines with the same disk setup, and a handful of nics and cables, and you are off and running... Can you easy scale that GFS2+DRBD to have more then just 2 nodes? Is it possible to aggregate the speed when using many nodes? Can all the nodes at the same time be active or is one node always the master and the other a hot spare that kicks in when the master is down? Thanks Ed W -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns! -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser
Re: [Dovecot] 1.2 , mail_location mbox_snarf
On Thu, 2010-02-11 at 14:54 +0100, Laurent Moineau wrote: I've read carefully the wiki page Upgrading Dovecot v1.1 to v1.2 and a few messages concerning mail_location parameter but I still don't know what to change in my configuration in order to keep it working after the upgrade. Nothing? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] How to configure Lazyexpunge plugin?
On Thu, 2010-02-11 at 12:34 +0500, CoolAtt NNA wrote: Hi, I tried the plugin but it is not working. Why not? I added the following in dovecot.conf then restarted dovecot. Please guide me to the correct configuration. ## namespace private { ... dovecot -n output would be helpful instead of copypasting. plugin { lazy_expunge = .EXPUNGED/ } This works only with v1.2.9+. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Get some headers Variables
On Wed, 2010-02-10 at 14:19 -0200, Alex Baule wrote: example, I have the header: X-ThereisMy: yes How can I get this value inside a plugin ? There is something like getHeaderVar(X-ThereisMy) ? If you haven't found out yet, one of these should help: /* Get value for single header field, or NULL if header wasn't found. Returns 1 if header was found, 0 if not, -1 if error. */ int mail_get_first_header(struct mail *mail, const char *field, const char **value_r); /* Like mail_get_first_header(), but decode MIME encoded words to UTF-8. Also multiline headers are returned unfolded. */ int mail_get_first_header_utf8(struct mail *mail, const char *field, const char **value_r); /* Return a NULL-terminated list of values for each found field. */ int mail_get_headers(struct mail *mail, const char *field, const char *const **value_r); /* Like mail_get_headers(), but decode MIME encoded words to UTF-8. Also multiline headers are returned unfolded. */ int mail_get_headers_utf8(struct mail *mail, const char *field, const char *const **value_r); signature.asc Description: This is a digitally signed message part
Re: [Dovecot] configuring overquota message
Em 18/02/2010 13:10, Timo Sirainen escreveu: On Tue, 2010-02-16 at 15:18 -0200, Leonardo Rodrigues wrote: but i havent found, in all the sources, where the QUOTA_EXCEEDED_MESSAGE is feeded by something from dovecot.conf or anywhere else. plugin { quota_exceeded_message = stuff } Yeah ... it worked. Thanks. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Virtual mailboxes show up twice
On Mon, 2010-02-08 at 13:08 +0100, Matthijs Kooijman wrote: This makes somewhat sense, since my virtual namespace is a subdir of my default namespace: mail_location = Maildir:~/Mail:LAYOUT=fs .. namespace private { location = virtual:~/Mail/virtual:LAYOUT=fs } Now, should dovecot handle this configuration transparently by hiding the virtual directory from the default namespace, or is this configuration just not supported and should the virtual directory be outside of ~/Mail? It's just not supported. Probably too much trouble to try to fix it. The current wiki documentation on the virtual plugin currently does suggest this configuration, its examples point to ~/Maildir/virtual. That works because it uses LAYOUT=maildir++, which is the default. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Courier-Dovecot Migration Issue
Timo Sirainen wrote: On Wed, 2010-02-17 at 11:31 -0500, Tony Rutherford wrote: The last three entries exist in the Courier IMAP file, but NOT the Courier POP file. The resulting dovecot-uidlist format is different, but to be honest, I haven't been able to find the exact specification for the format of the dovecot-uidlist file (if it exists). .- During the migration, it appears that the emphasis is placed on maintaining the Pop3 message sequence...at the cost of possibly changing IMAP UIDs. Well, with v1.1+ it's possible to preserve both POP3 and IMAP UIDs (each line is IMAP uid PPOP3 UIDL :filename). I guess the script doesn't merge IMAP and POP3 messages well enough. Feel free to fix the script ;) Here's a question though. If the dovecot-uidlist file is deleted (for whatever reason), it gets rebuilt by Dovecot. But, how does it get rebuilt? It does not appear to generate uids based on the date of messages...I believe that to be true. Is there any flag/option in Dovecot to build the uidlist file based on message date (uids ordered by date)? The added mails are ordered by their filename. The filename typically begins with timestamp of when the message was received, so it's practically in the same order as mails were received. Yes, unless you're unfortunate enough to be supporting a non-standard legacy message name format based on uuidgen!I did see the function where it attempts to compare based on the standard filename format...but again, unfortunately I have to deal with non-standard as well as the standard format :( Thanks, Tony
Re: [Dovecot] Virtual POP3 Inbox question
On Sun, 2010-02-07 at 15:10 +0100, Josephus wrote: Hi, I'm having trouble implementing the virtual pop3 inbox solution in Dovecot 1.2.x. As the following wiki page describes (http://wiki.dovecot.org/Plugins/Virtual) one should only set the inbox=yes flag for the virtual namespace Yes. which then flattens all mailboxes in the realmails/ prefix. Huh? No.. In the above example when I set the inbox=yes flag for the virtual namespace, the inbox in the realmails/ prefix gets left out for obvious reasons. I think you're misunderstanding/misinterpreting something, but I can't really think of what.. INBOX is a special mailbox. Setting inbox=yes changes nothing except where INBOX's location is looked up from. No other mailboxes are affected. Listing/opening RealMails/INBOX might or might not work, depending on configuration. But that shouldn't be an issue, since INBOX is accessed directly as INBOX. signature.asc Description: This is a digitally signed message part
[Dovecot] Disabling Keywords
Is there a correct way to tell the client we don't want, and don't support Keywords via a configuration option? If there's no configuration option, would I override allow_new_keywords to just return FALSE? Thanks, Tony
Re: [Dovecot] GlusterFs - Any new progress reports?
On Wed, Feb 17, 2010 at 11:55 AM, Steve stev...@gmx.net wrote: Original-Nachricht Datum: Wed, 17 Feb 2010 20:15:30 +0100 Von: alex handle alex.han...@gmail.com An: Dovecot Mailing List dovecot@dovecot.org Betreff: Re: [Dovecot] GlusterFs - Any new progress reports? Anyone had success using some other clustered/HA filestore with dovecot who can share their experience? (OCFS/GFS over DRBD, etc?) My interest is more in bootstrapping a more highly available system from lower quality (commodity) components than very high end use we use drbd with ext3 in a active/passive setup for more than 1 mailboxes. works like a charm! I'm not really trusting cluster filesystems and most cluster filesystems are not made for small files. I use GlusterFS with Dovecot and it works without issues. The GlusterFS team has made huge progress since 2.0 and with the new 3.0 version they have again proved that GlusterFS can get better. Alex Steve Hi Steve, I was wondering if perhaps I might snag a copy of your glusterfs server/client configs to see what you are doing? I am interested in using it in our mail setup, but last I tried a little over a month ago I got a bunch of corrupted mails, so far I am only using for a web cluster and that seems to be working but different use case I guess. Thanks! Brandon
Re: [Dovecot] Courier-Dovecot Migration Issue
On Thu, 2010-02-18 at 11:26 -0500, Tony Rutherford wrote: Well, with v1.1+ it's possible to preserve both POP3 and IMAP UIDs (each line is IMAP uid PPOP3 UIDL :filename). I guess the script doesn't merge IMAP and POP3 messages well enough. Feel free to fix the script ;) Yes, unless you're unfortunate enough to be supporting a non-standard legacy message name format based on uuidgen! I've no idea what uuidgen is, but.. I did see the function where it attempts to compare based on the standard filename format...but again, unfortunately I have to deal with non-standard as well as the standard format :( No, it works with everything with Dovecot v1.1+. Like it says above, you can have in dovecot-uidlist: 1 Phello-world :12345.blah.host:2, Now when opening such mailbox with POP3 and issuing UIDL command, you actually get: 1 hello-world signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Disabling Keywords
On Thu, 2010-02-18 at 11:33 -0500, Tony Rutherford wrote: Is there a correct way to tell the client we don't want, and don't support Keywords via a configuration option? Why? If there's no configuration option, would I override allow_new_keywords to just return FALSE? Yes. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] 2nd REPOST: mbox vs maildir
Timo Sirainen wrote: Things would probably be simpler if you used prefix= here. The reason I used a prefix is for the way things show up in Thunderbird and Outlook. Without the prefix, it all falls under the same tree as their INBOX. By adding the prefix, they get an extra level called 'mail' where everything lives in. It's a visual thing. namespace private { separator = / prefix = mail-Archives/ location = maildir:~/mail-Archives:LAYOUT=fs Are these really maildirs? Seems like exactly the opposite of what they're good at :) (Maildir is good for active mails, mbox for unchanging archives.) I guess this is where I'm confused and would love a primer on what the differences are, and when to use what. In our setup, we have: /var/mail/%u where the user's INBOX resides /home/%u/mail/ where all the *active* mailboxes are, for example things they pull out of INBOX and put in these boxes for short term and they refer to them daily /home/%u/mail-Archives/ this is where long term archives are, this is stuff that comes OUT of their /home/%u/mail/ and put here, and always stored in a yearly hierarchy, for example: /home/%u/mail-Archives/2009/Ashley/Ashley-Dec09 /home/%u/mail-Archives/2009/Ashley/Ashley-Nov09 /home/%u/mail-Archives/2010/Ashley/Ashley-Jan10 etc. So, am I using the wrong setup for the namespaces? Possibly, I went by what I found online. This is the first time I've ever tried to run Dovecot. Previously we ran uw-imap. A
Re: [Dovecot] dovecot and firstname.initial.lastname mbox format archive
Quoting Timo Sirainen, who wrote on Thu, Feb 18, 2010 at 05:26:54PM +0200 .. On Mon, 2010-02-15 at 19:13 +0100, Wilko Bulte wrote: - On my new system I have dovecot v 1.2.8 which refuses to handle these dot-seperated files. I get the somewhat familiar Mailbox doesn't allow inferior mailboxes. I have attached the dovecot -n from my dovecot 1.2.8 which does not want to accept firstname.initial.lastname. This is the dovecot128.conf file. I don't see anything obviously wrong. Try talking IMAP protocol directly, maybe your client is doing something wrong. http://wiki.dovecot.org/TestInstallation After login try something like: a create foo.bar.baz b select foo.bar.baz If that succeeds, it's probably client issue. Recreating the account Looks like this is working just fine: a login wb foo a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH] Logged in a create foo.bar.baz a OK Create completed. b select foo.bar.baz * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1266511425] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest b OK [READ-WRITE] Select completed. as it resulted in the creation of foo.bar.baz like so: -rw--- 1 wb wb 0 Feb 18 17:43 foo.bar.baz Hm... fascinating.. I'll investigate further, thanks for your kind help sofar! Wilko
Re: [Dovecot] Courier-Dovecot Migration Issue
Timo Sirainen wrote: On Thu, 2010-02-18 at 11:26 -0500, Tony Rutherford wrote: Well, with v1.1+ it's possible to preserve both POP3 and IMAP UIDs (each line is IMAP uid PPOP3 UIDL :filename). I guess the script doesn't merge IMAP and POP3 messages well enough. Feel free to fix the script ;) Yes, unless you're unfortunate enough to be supporting a non-standard legacy message name format based on uuidgen! I've no idea what uuidgen is, but.. I did see the function where it attempts to compare based on the standard filename format...but again, unfortunately I have to deal with non-standard as well as the standard format :( No, it works with everything with Dovecot v1.1+. Like it says above, you can have in dovecot-uidlist: 1 Phello-world :12345.blah.host:2, Now when opening such mailbox with POP3 and issuing UIDL command, you actually get: 1 hello-world uuidgen generates a random unique identifier with no way of gathering a date/time stamp from it. Here's an example filename: ffad8168_ce4b_4d25_a54d_290ed9b3a7f6:2,S It's not ideal for many, many reasons... Tony
Re: [Dovecot] Disabling Keywords
Timo Sirainen wrote: On Thu, 2010-02-18 at 11:33 -0500, Tony Rutherford wrote: Is there a correct way to tell the client we don't want, and don't support Keywords via a configuration option? Why? Nothing to do with Dovecot...but we have other ancillary systems in play that don't deal with them very well. If there's no configuration option, would I override allow_new_keywords to just return FALSE? Yes. Thanks.
Re: [Dovecot] 2nd REPOST: mbox vs maildir
On Thu, 2010-02-18 at 09:52 -0700, Ashley M. Kirchner wrote: Timo Sirainen wrote: Things would probably be simpler if you used prefix= here. The reason I used a prefix is for the way things show up in Thunderbird and Outlook. Without the prefix, it all falls under the same tree as their INBOX. By adding the prefix, they get an extra level called 'mail' where everything lives in. It's a visual thing. I'd think other people would also hate that. I would. :) Anyway, if it's intentional then be sure to set subscriptions=yes for that namespace too (although I think it's default anyway). namespace private { separator = / prefix = mail-Archives/ location = maildir:~/mail-Archives:LAYOUT=fs Are these really maildirs? Seems like exactly the opposite of what they're good at :) (Maildir is good for active mails, mbox for unchanging archives.) I guess this is where I'm confused and would love a primer on what the differences are, and when to use what. mbox and maildir are completely different mailbox formats. In mbox a single file contains all messages, while in maildir each message is in a different file. /home/%u/mail-Archives/ this is where long term archives are, this is stuff that comes OUT of their /home/%u/mail/ and put here, and always stored in a yearly hierarchy, for example: /home/%u/mail-Archives/2009/Ashley/Ashley-Dec09 So Ahsley-Dec09 is a file? It sounds like you're using mbox, so you should use: location = mbox:~/Mail-Archives (the :LAYOUT=fs is unnecessary, because it's the default with mboxes anyway.) So, am I using the wrong setup for the namespaces? Possibly, I went by what I found online. This is the first time I've ever tried to run Dovecot. Previously we ran uw-imap. It's probably a good use of namespaces, although it would be simpler if you just put archives under ~/mail/Archives/. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Courier-Dovecot Migration Issue
On Thu, 2010-02-18 at 11:26 -0500, Tony Rutherford wrote: Here's a question though. If the dovecot-uidlist file is deleted (for whatever reason), it gets rebuilt by Dovecot. But, how does it get rebuilt? It does not appear to generate uids based on the date of messages...I believe that to be true. Is there any flag/option in Dovecot to build the uidlist file based on message date (uids ordered by date)? The added mails are ordered by their filename. The filename typically begins with timestamp of when the message was received, so it's practically in the same order as mails were received. Yes, unless you're unfortunate enough to be supporting a non-standard legacy message name format based on uuidgen!I did see the function where it attempts to compare based on the standard filename format...but again, unfortunately I have to deal with non-standard as well as the standard format :( Oh, this was for the above question. I was mixing it up with the other one. Right, yeah, doesn't look like it's all that great then. But you're kind of in the minority. :) And this shouldn't be a real problem typically in any case. Only in the migration case, and the migration script could be fixed for that. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] GlusterFs - Any new progress reports?
Original-Nachricht Datum: Thu, 18 Feb 2010 08:36:36 -0800 Von: Brandon Lamb brandonl...@gmail.com An: Dovecot Mailing List dovecot@dovecot.org Betreff: Re: [Dovecot] GlusterFs - Any new progress reports? On Wed, Feb 17, 2010 at 11:55 AM, Steve stev...@gmx.net wrote: Original-Nachricht Datum: Wed, 17 Feb 2010 20:15:30 +0100 Von: alex handle alex.han...@gmail.com An: Dovecot Mailing List dovecot@dovecot.org Betreff: Re: [Dovecot] GlusterFs - Any new progress reports? Anyone had success using some other clustered/HA filestore with dovecot who can share their experience? (OCFS/GFS over DRBD, etc?) My interest is more in bootstrapping a more highly available system from lower quality (commodity) components than very high end use we use drbd with ext3 in a active/passive setup for more than 1 mailboxes. works like a charm! I'm not really trusting cluster filesystems and most cluster filesystems are not made for small files. I use GlusterFS with Dovecot and it works without issues. The GlusterFS team has made huge progress since 2.0 and with the new 3.0 version they have again proved that GlusterFS can get better. Alex Steve Hi Steve, I was wondering if perhaps I might snag a copy of your glusterfs server/client configs to see what you are doing? I am interested in using it in our mail setup, but last I tried a little over a month ago I got a bunch of corrupted mails, so far I am only using for a web cluster and that seems to be working but different use case I guess. Server part: volume gfs-srv-ds type storage/posix option directory /mnt/glusterfs/mailstore01 end-volume volume gfs-srv-ds-locks type features/locks option mandatory-locks off subvolumes gfs-srv-ds end-volume volume gfs-srv-ds-remote type protocol/client option transport-type tcp # option username # option password option remote-host 192.168.0.142 option remote-port 6998 option frame-timeout 600 option ping-timeout 10 option remote-subvolume gfs-srv-ds-locks end-volume volume gfs-srv-ds-replicate type cluster/replicate option data-self-heal on option metadata-self-heal on option entry-self-heal on # option read-subvolume gfs-srv-ds-locks # option favorite-child option data-change-log on option metadata-change-log on option entry-change-log on option data-lock-server-count 1 option metadata-lock-server-count 1 option entry-lock-server-count 1 subvolumes gfs-srv-ds-locks gfs-srv-ds-remote end-volume volume gfs-srv-ds-io-threads type performance/io-threads option thread-count 16 subvolumes gfs-srv-ds-replicate end-volume volume gfs-srv-ds-write-back type performance/write-behind option cache-size 64MB option flush-behind on # opiton disable-for-first-nbytes 1 # option enable-O_SYNC false subvolumes gfs-srv-ds-io-threads end-volume volume gfs-srv-ds-io-cache type performance/io-cache option cache-size 32MB option priority *:0 option cache-timeout 2 subvolumes gfs-srv-ds-write-back end-volume volume gfs-srv-ds-server type protocol/server option transport-type tcp option transport.socket.listen-port 6998 option auth.addr.gfs-srv-ds-locks.allow 192.168.0.*,127.0.0.1 option auth.addr.gfs-srv-ds-io-threads.allow 192.168.0.*,127.0.0.1 option auth.addr.gfs-srv-ds-io-cache.allow 192.168.0.*,127.0.0.1 subvolumes gfs-srv-ds-io-cache end-volume Client part: volume gfs-cli-ds-client type protocol/client option transport-type tcp # option remote-host gfs-vu-mailstore-c01.vunet.local option remote-host 127.0.0.1 option remote-port 6998 option frame-timeout 600 option ping-timeout 10 option remote-subvolume gfs-srv-ds-io-cache end-volume #volume gfs-cli-ds-write-back # type performance/write-behind # option cache-size 64MB # option flush-behind on # # opiton disable-for-first-nbytes 1 # # option enable-O_SYNC false # subvolumes gfs-cli-ds-client #end-volume #volume gfs-cli-ds-io-cache # type performance/io-cache # option cache-size 32MB # option priority *:0 # option cache-timeout 1 # subvolumes gfs-cli-ds-write-back #end-volume Thanks! Brandon -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/atbrowser
Re: [Dovecot] Disabling Keywords
On Thu, 2010-02-18 at 12:02 -0500, Tony Rutherford wrote: If there's no configuration option, would I override allow_new_keywords to just return FALSE? Yes. Thanks. It's mainly about telling clients that they aren't supported. I'm not sure if the current code actually tries to prevent them from working if clients tries to set them anyway. I don't know if any clients try to do that. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] 2nd REPOST: mbox vs maildir
Timo Sirainen wrote: location = mbox:~/Mail-Archives (the :LAYOUT=fs is unnecessary, because it's the default with mboxes anyway.) Made the above change as you suggested. That turned my namespaces into: namespace private { separator = / prefix = mail/ location = mbox:~/mail:INBOX=/var/mail/%u inbox = yes hidden = no list = no # for v1.1+ } namespace private { separator = / prefix = mail-Archives/ location = mbox:~/mail-Archives inbox = no hidden = no list = yes subscriptions = yes } Now when I open Outlook, I get nothing except the INBOX. I can't see anything else. When I go into 'IMAP Folders' and hit refresh, I see the INBOX file, and the tree for 'mail-Archives', but I can't see any files (mailboxes) within that tree, so I can't subscribe to anything. The 'mail/' namespace doesn't seem to exist since it doesn't show up at all. Checking Thunderbird, I can see and subscribe to anything in 'mail/', but like Outlook I can only see the tree in 'mail-Archives' but I can't see the individual files (mailboxes) within the folders to be able to subscribe to them. It's probably a good use of namespaces, although it would be simpler if you just put archives under ~/mail/Archives/. That was done for remote backup purposes. This way we can backup the user's ~mail/ folder every night, and the ~mail-Archives/ once a month. -- W | It's not a bug - it's an undocumented feature. + Ashley M. Kirchner mailto:ash...@pcraft.com . 303.442.6410 x130 IT Director / SysAdmin / Websmith . 800.441.3873 x130 Photo Craft Imaging . 2901 55th Street http://www.pcraft.com . . .. Boulder, CO 80301, U.S.A.
Re: [Dovecot] LDAP as password database - some problems / suggestions
Attached updated patch that actualy uses bind_dn, as pointed out by Edgar Fuß. On Thu, 2010-02-18 at 16:38 +0200, Timo Sirainen wrote: On Thu, 2010-02-18 at 09:19 +0100, Stefan Palme wrote: base=ou=groups,dc=kapott.org filter=((cn=dovecot)(member=cn=%u,ou=users,dc=kapott,dc=org)) result_attribute=member After finding a DN this way (via attribute member), I want to use auth_bind to use this DN for password verification... How about if it worked like: pass_attrs = member=bind_dn, ... pass_filter = .. ? Attached patch does that. If it works, I'll commit it. diff -r 1ff706e7d95f src/auth/passdb-ldap.c --- a/src/auth/passdb-ldap.c Sun Feb 07 01:55:06 2010 +0200 +++ b/src/auth/passdb-ldap.c Thu Feb 18 19:20:28 2010 +0200 @@ -74,17 +74,23 @@ } static void -ldap_query_save_result(struct ldap_connection *conn, - LDAPMessage *entry, struct auth_request *auth_request) +ldap_query_save_result(struct ldap_connection *conn, LDAPMessage *entry, + struct auth_request *auth_request, + const char **bind_dn_r) { struct db_ldap_result_iterate_context *ldap_iter; const char *name, *value; + *bind_dn_r = NULL; ldap_iter = db_ldap_result_iterate_init(conn, entry, auth_request, conn-pass_attr_map); while (db_ldap_result_iterate_next(ldap_iter, name, value)) { - auth_request_set_field(auth_request, name, value, - conn-set.default_pass_scheme); + if (strcmp(name, bind_dn) == 0) + *bind_dn_r = t_strdup(value); + else { + auth_request_set_field(auth_request, name, value, + conn-set.default_pass_scheme); + } } } @@ -97,7 +103,7 @@ struct auth_request *auth_request = request-auth_request; enum passdb_result passdb_result; LDAPMessage *entry; - const char *password, *scheme; + const char *password, *scheme, *bind_dn; int ret; entry = handle_request_get_entry(conn, auth_request, ldap_request, res); @@ -108,7 +114,7 @@ passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; password = NULL; - ldap_query_save_result(conn, entry, auth_request); + ldap_query_save_result(conn, entry, auth_request, bind_dn); if (ldap_next_entry(conn-ld, entry) != NULL) { auth_request_log_error(auth_request, ldap, pass_filter matched multiple objects, aborting); @@ -217,6 +223,7 @@ struct ldap_request_bind *brequest; struct auth_request *auth_request = ldap_request-auth_request; LDAPMessage *entry; + const char *bind_dn; char *dn; entry = handle_request_get_entry(conn, auth_request, @@ -224,7 +231,7 @@ if (entry == NULL) return; - ldap_query_save_result(conn, entry, auth_request); + ldap_query_save_result(conn, entry, auth_request, bind_dn); /* convert search request to bind request */ brequest = passdb_ldap_request-request.bind; @@ -234,7 +241,9 @@ /* switch the handler to the authenticated bind handler */ dn = ldap_get_dn(conn-ld, entry); - brequest-dn = p_strdup(auth_request-pool, dn); + if (bind_dn == NULL) + bind_dn = dn; + brequest-dn = p_strdup(auth_request-pool, bind_dn); ldap_memfree(dn); ldap_auth_bind(conn, brequest); signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot-sieve and ldap user
On Sat, 2010-01-30 at 23:06 +0100, spamv...@googlemail.com wrote: userdb: driver: passwd userdb: driver: ldap args: /etc/dovecot-ldap.conf Note the extra userdb passwd. I'd guess you don't want that. Does the sieve plugin use the home_dir returned from the ldap ? Yes, but in the above configuration only if passwd didn't also contain the user. And is it ok to use the deliver in master.cf and or do i have to set mailbox_command = /usr/lib/dovecot/deliver ? They're different ways to set it up. Typically mailbox_command is for system users, while master.cf is for virtual users. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Highly Performance and Availability
Quoting Stan Hoeppner s...@hardwarefreak.com: - Add redundancy to the storage using DRDB (I believe a successful strategy with Dovecot is pairs of servers, replicated to each other - run each at 50% capacity and if one dies the other picks up the slack) DRDB is alright for a couple of replicated hosts with moderate volume. Not sure how you define moderate load... Seems like in a 2 node cluster it does a nice job for fairly high load, as long as it is setup correctly. Kind of like what you say about the SAN though, the faster the DRBD interconnect, the better it can handle the load (100Mb, 1Gb, 10Gb, other methods, etc). If you run two load balanced hot hosts with DRDB, and your load increases to the point you need more capacity, a 3rd hot host, expanding with DRDB gets a bit messy. Very much so... I'm running GFS on them, and if I need to add more hosts I'll probably do it via GNBD instead of adding more DRBD connections... Growing by adding more DRBD doesn't seem desirable in most cases, but growing by sharing the existing 2 DRBD machines out (NFS, GNBD, Samba, iSCSI, etc) seems easy, and if the additional machines don't need to raw disk speed it should work fine. If the new machines need the same raw disk speed, well, then you either are going to have to do a complex DRBD setup, or go with a more proper SAN setup. With an iSCSI or FC SAN you merely plug in a 3rd host, install and configure the cluster FS software, expose the shared LUN to the host, and basically you're up and running in little time. Not much different in effort/complexity than my solution of using GFS+GNDB to grow it... But surely better in terms of disk performance to the newly added machine... RedHat claims GNBD scales well, but I've not yet been able to prove that. All 3 hosts share the exact same data on disk, so you have no replication issues If you have no replication issues, you have a single point of failure... Which is why most SAN's support replication of some sort... no matter how many systems you stick into the cluster. The only limitation is the throughput of your SAN array. Or licensing costs in some cases... Eric Rostetter is already using GFS2 over DRDB with two hot nodes. IIRC he didn't elaborate a lot on the performance or his hardware config. He seemed to think the performance was more than satisfactory. I've posted the hardware config to the list many times in the past... The performance is very good, but due to price restrictions it is not great. That is because the cost of building it with 15K SAS drives was 3x the cost of using SATA drives, so I'm stuck with SATA drives... And the cost of faster CPU's would have pushed it over budget also... The SATA drives are okay, but will never give the performance of the SAS drives, and hence my cluster is not what I would call very fast. But it is fast enough for our use, which is all that matters. If we need in the future, we can swap the SATA out for SAS, but that probably won't happen unless the price of SAS comes way down, and/or capacity goes way up... Eric, can you tell us more about your setup, in detail? I promise I'll sit quiet and just listen. Everyone else may appreciate your information. I have two clusters... One is a SAN, the other is a mail cluster. I'll describe the Mail cluster here, not the SAN. They are the same exact hardware except for the (number, size, configuration) of disks... I get educational pricing, so your costs may vary, but for us this fit the budget and a proper SAN didn't. 2 Dell PE 2900, dual quad-core E5410 Xeons at 2.33 GHz (8 cores), 8GB RAM, Perc 6/i Raid Controller, 8 SATA disks (2 RAID-1, 4 RAID 10, 1 JBOD, and 1 Global Hot Spare), 6 1Gb nics (we use nic bonding so the mail connections use one bond pair, and the DRBD traffic uses another bond pair... the other two are for clustering and admin use). Machines mirror shared GFS2 storage with DRBD. Local storage is ext3. OS is CentOS 5.x. Email software is sendmail+procmail+spamassassin+clamav, mailman, and of course dovecot. Please don't flame me for using sendmail instead of your favorite MTA... The hardware specs are such that we intend to use this for about 10 years... In case you think that is funny, I'm still running Dell PE 2300 machines in production here that we bought in 1999/2000... We get a lot of years from our machines here... We have a third machine in the cluster acting as a webmail server (apache, Horde software). It doesn't share any storage though, but it is part of the cluster (helps with split-brain, etc). It is a Dell PE 2650 with dual 3.2 Ghz Xeons, 3GB RAM, SCSI with Software Raid also running CentOS 5. Both of the above machines mount home directories off the NAS/SAN I mentioned. So the webmail only has the OS and stuff local, the Mail cluster has all the inboxes and queues local (but not other folders), and the NAS/SAN has all the home directories (which includes mail folders other than
[Dovecot] improved create dovecot certificate script
If anybody is interested, which they are probably not, here is an improved and more rigorous version of mkcert.sh #! /bin/sh #*# #| #| file : /root/apps/share/sh/create_dovecot_certificate #| #*---*# BELL=\007 DOVECOT_DIR=${DOVECOT_DIR-/var/lib/dovecot} OPENSSL=${OPENSSL-openssl} OPENSSL_CONF=${OPENSSL_CONF-/etc/dovecot/dovecot-openssl.cnf} #.# certificates_dir=${DOVECOT_DIR}/certificates echo=/bin/echo -e error=${BELL}%ERROR - #*---*# check_directory () { directory=${1} #.# if [ \( ! \( -d ${directory} \) \) ] then mkdir -m 700 ${directory} 2 /dev/null status=${?} if [ ${status} -ne 0 ] then ${echo} ${error} directory ${directory} cannot be created! 2 exit 2 fi chgrp dovecot ${directory} fi #.# return 0 } #*---*# check_executable () { executable=${1} #.# if [ \( ! \( -x `which ${executable} 2 /dev/null` \) \) ] then ${echo} ${error} executable ${executable} could not be found! 2 exit 1 fi #.# return 0 } #*---*# check_exists () { file=${1} description=${2} #.# if [ -e ${file} ] then test ${description} = public certificate echo ${echo} \ ${error} ${description} file ${file} already exists! 2 test ${description} = public certificate \ show_certificate ${certificate} exit 6 fi #.# return 0 } #*---*# check_file () { file=${1} description=${2} #.# if [ \( ! \( -e ${file} \) \) ] then ${echo} ${error} ${description} file ${file} does not exist! 2 exit 3 fi if [ \( ! \( -f ${file} \) \) ] then ${echo} ${error} ${description} ${file} is not a file! 2 exit 4 fi if [ \( ! \( -s ${file} \) \) ] then ${echo} ${error} ${description} file ${file} is empty! 2 exit 5 fi #.# return 0 } #*---*# create_certificate () { configuration=${1} directory=${2} #.# name=`hostname -f | tr '[A-Z]' '[a-z]' | tr '.' '_'`-dovecot certificate=${directory}/${name}.crt check_exists ${certificate} public certificate key=${directory}/${name}.pem check_exists ${key} private key #.# ${echo} \nCreating new X509 certificate\n\ with configuration ${configuration}\nfor ${name} ...\n ${OPENSSL} req -new -x509 -nodes -config ${configuration} \ -days 365 -out ${certificate} -keyout ${key} status=${?} if [ ${status} -ne 0 ] then ${echo} ${error} ${OPENSSL} failed with exit status ${status}! 2 exit 7 fi #.# chmod 0400 ${key} chmod 0444 ${certificate} #.# return 0 } #*---*# show_certificate () { certificate=${1} #.# echo ${OPENSSL} x509 -in ${certificate} -noout -dates echo ${OPENSSL} x509 -in ${certificate} -noout -serial echo ${OPENSSL} x509 -in ${certificate} -noout -subject echo #.# return 0 } #*---*# check_executable ${OPENSSL} check_file ${OPENSSL_CONF} openssl configuration check_directory ${DOVECOT_DIR} check_directory ${certificates_dir} create_certificate ${OPENSSL_CONF} ${certificates_dir} #.# exit 0 #*#
Re: [Dovecot] 2nd REPOST: mbox vs maildir
Timo Sirainen wrote: Well, clients can become confused a bit too easily. Try talking IMAP protocol directly: http://wiki.dovecot.org/TestInstallation After logging in, the important commands to try would be: a LIST * b LSUB * c SELECT mail-Archive/something-that-actually-exists d SUBSCRIBE mail-Archive/something-that-actually-exists Where does it fail? Ok, we're getting closer. It failed when selecting a mailbox, permission denied. And I figured out why ... for some reason when the user was cloned from the old server to this one, their -x bit didn't stick for that mail-Archives/ folder. Now that that's fixed, I *can* see and *can* subscribe to the individual mailboxes within any of the archived folders. But, there's a big difference between how Thunderbird sees things and what Outlook sees, and I'm almost certain it's a problem with the client: Thunderbird will see exactly what I have subscribed to, stuff in mail/ and stuff in mail-Archives/. Outlook will *not* see mail/, at all. And it *will* see *everything* that's in mail-Archives/, whether I'm subscribed to it or not, it shows up. That's ... kind of annoying to say the least.
Re: [Dovecot] 2nd REPOST: mbox vs maildir
On Thu, 2010-02-18 at 11:06 -0700, Ashley M. Kirchner wrote: Thunderbird will see exactly what I have subscribed to, stuff in mail/ and stuff in mail-Archives/. Outlook will *not* see mail/, at all. And it *will* see *everything* that's in mail-Archives/, whether I'm subscribed to it or not, it shows up. That's ... kind of annoying to say the least. Deleting and recreating the Outlook account might be the easiest fix. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] LDAP as password database - some problems / suggestions
Hi, On Thu, 2010-02-18 at 11:36 -0200, Marcio Merlone wrote: I use LDAP on PAM, and dovecot uses PAM as auth method, ... Thanks for the tip. This way (dovecot - PAM - LDAP (with a dedicated ldap-configuration for the dovecot PAM service)) works for me. Regards -stefan-
Re: [Dovecot] LDAP as password database - some problems / suggestions
On Thu, 2010-02-18 at 16:38 +0200, Timo Sirainen wrote: How about if it worked like: pass_attrs = member=bind_dn, ... pass_filter = .. Have already solved it via PAM. But will nevertheless try this solution too. But this has to wait until weekend :-) Thanks for support! -stefan-
Re: [Dovecot] 2nd REPOST: mbox vs maildir
Ashley M. Kirchner wrote: Timo Sirainen wrote: Deleting and recreating the Outlook account might be the easiest fix Ok, that solved the seeing everything problem. But Outlook still won't see the user's 'mail/' folder with mailboxes in it. Could that be because I don't have a 'subscriptions=' line in that namespace? It works fine for Thunderbird ... Actually, I take that back. For a few reasons: a) I had 'list = no' in the 'mail/' namespace. Setting it to 'yes' allows Outlook to now see that namespace correctly. However, b) Every time Outlook gets launched, both the 'mail/' and 'mail-Archives/' show up briefly, then disappear. I have to hit a 'Update Folder List' for them to re-appear. The last issue I'm not sure is actually a Dovecot problem though. But if anyone else is having this behavior, I would love to hear if there's a solution. -- W | It's not a bug - it's an undocumented feature. + Ashley M. Kirchner mailto:ash...@pcraft.com . 303.442.6410 x130 IT Director / SysAdmin / Websmith . 800.441.3873 x130 Photo Craft Imaging . 2901 55th Street http://www.pcraft.com . . .. Boulder, CO 80301, U.S.A.
Re: [Dovecot] 2nd REPOST: mbox vs maildir
Spoke too fast. I can't move mailboxes across namespaces. Is that a limitation? For example, if I have a mailbox in 'mail/' that I want to move into 'mail-Archives/' I get an error saying: The current command did not succeed. The mail server responded: Can't rename mailbox to another storage type. This is through Thunderbird. I was able to do this with uw-imap. -- W | It's not a bug - it's an undocumented feature. + Ashley M. Kirchner mailto:ash...@pcraft.com . 303.442.6410 x130 IT Director / SysAdmin / Websmith . 800.441.3873 x130 Photo Craft Imaging . 2901 55th Street http://www.pcraft.com . . .. Boulder, CO 80301, U.S.A.
Re: [Dovecot] 2nd REPOST: mbox vs maildir
On Thu, 2010-02-18 at 11:40 -0700, Ashley M. Kirchner wrote: Spoke too fast. I can't move mailboxes across namespaces. Is that a limitation? For example, if I have a mailbox in 'mail/' that I want to move into 'mail-Archives/' I get an error saying: The current command did not succeed. The mail server responded: Can't rename mailbox to another storage type. Yeah, Dovecot v1.2 doesn't like this. v2.0 allows it though. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] auth processes
Timo Sirainen put forth on 2/18/2010 9:17 AM: On Tue, 2010-02-16 at 08:16 -0600, Stan Hoeppner wrote: With 1.0.15 my configuration I a single dovecot-auth process, which is what I want now. Since upgrading to 1.2.10 I have two such processes: root 16992 16990 0 Feb15 ?00:00:00 dovecot-auth root 16997 16990 0 Feb15 ?00:00:00 dovecot-auth -w I can't seem to tweak dovecot.conf to get this down to one auth process again. Are you using passwd/pam combination? The second process is auth worker, which does blocking passdb/userdb lookups. The v1.0 behavior was causing bugs. Yep: auth default: worker_max_count: 1 process_size: 16 passdb: driver: pam userdb: driver: passwd If this is what the worker does, what does the master do? Currently there's no way to avoid that, except if you switch from PAM to e.g. shadow. v2.0 stops idling processes after a minute (but there are a some other new long running processes, and also it looks like that idle-stopping isn't currently working for some reason). IIRC both dovecot-auth processes are staying resident even with no clients connected. running all the dovecot processes from inetd is even a valid option, although I've not yet attempted that. That won't help anyway. You'd still have the same processes. It's not that big a deal. I just didn't realize this had changed since 1.0.15, so I thought I just needed to tweak something to ditch the extra process. If both auth processes are required for pam/passwd to function correctly in 1.2.10 then that's fine by me. Thanks Timo. -- Stan
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
On 18 February 2010 16:41, Timo Sirainen t...@iki.fi wrote: It's not about how much work adding that setting is. It's that I don't think there should be settings for stuff that (almost) everyone sets only one way. Useless extra settings cause bugs and bloat, both to code and documentation. Understood and in agreement. Since I always switch it on in my MTA, I vote to make deliver quota inclusive. .warren
Re: [Dovecot] 2nd REPOST: mbox vs maildir
Timo Sirainen wrote: Yeah, Dovecot v1.2 doesn't like this. v2.0 allows it though. In that case, Timo you have solved all of my configuration problems today. With Dovecot 2.0 still in beta, I'll just sit back and wait. Thank you very much for all your help today! My next task? Figuring out mail quotas ... just my kinda day.
Re: [Dovecot] auth processes
On Thu, 2010-02-18 at 12:47 -0600, Stan Hoeppner wrote: Are you using passwd/pam combination? The second process is auth worker, which does blocking passdb/userdb lookups. The v1.0 behavior was causing bugs. Yep: auth default: worker_max_count: 1 process_size: 16 passdb: driver: pam userdb: driver: passwd If this is what the worker does, what does the master do? With v1.0 each PAM lookup caused dovecot-auth to fork a new process, which then did the PAM stuff and then exited. With v1.1+ the auth worker process does this so that there's no need for the forking (that caused problems with some nss/pam combinations). So dovecot-auth master gets the actual auth requests and starts handling them. When it needs to do a blocking passdb/userdb lookup, it connects to auth worker, which then does the actual (potentially long running) lookup. If you've enough load, more auth worker processes are created as necessary. Hmm. You could try setting auth_worker_max_request_count=1 to see if that gets rid of the processes after they've handled the request. Currently there's no way to avoid that, except if you switch from PAM to e.g. shadow. v2.0 stops idling processes after a minute (but there are a some other new long running processes, and also it looks like that idle-stopping isn't currently working for some reason). IIRC both dovecot-auth processes are staying resident even with no clients connected. Yes, only v2.0 has the idle-stopping feature. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
On 2010-02-18 11:09 AM, Steffen Kaiser wrote: Actually, I once had a system where the request was we do not send over quota notices, all mails have to arrive. Hence, deliver should have no quota - well, a very high quota actually -, but a quite strick IMAP quota. So simply leaving everything in the INBOX defeats the quota?
Re: [Dovecot] dovecot and firstname.initial.lastname mbox format archive
Quoting Wilko Bulte, who wrote on Thu, Feb 18, 2010 at 05:53:10PM +0100 .. Quoting Timo Sirainen, who wrote on Thu, Feb 18, 2010 at 05:26:54PM +0200 .. On Mon, 2010-02-15 at 19:13 +0100, Wilko Bulte wrote: - On my new system I have dovecot v 1.2.8 which refuses to handle these dot-seperated files. I get the somewhat familiar Mailbox doesn't allow inferior mailboxes. I have attached the dovecot -n from my dovecot 1.2.8 which does not want to accept firstname.initial.lastname. This is the dovecot128.conf file. I don't see anything obviously wrong. Try talking IMAP protocol directly, maybe your client is doing something wrong. http://wiki.dovecot.org/TestInstallation After login try something like: a create foo.bar.baz b select foo.bar.baz If that succeeds, it's probably client issue. Recreating the account Looks like this is working just fine: a login wb foo a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH] Logged in a create foo.bar.baz a OK Create completed. b select foo.bar.baz * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1266511425] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest b OK [READ-WRITE] Select completed. as it resulted in the creation of foo.bar.baz like so: -rw--- 1 wb wb 0 Feb 18 17:43 foo.bar.baz Hm... fascinating.. I'll investigate further, thanks for your kind help sofar! While talking to the same dovecot 1.2.8 server: Mutt 1.5.18 (2008-05-17) works OK with first.initial.last mboxes and Mutt 1.5.20 (2009-06-14) does NOT work with first.initial.last mboxes So it looks like I was totally offtrack in assuming dovecot was at fault. My apologies. I'll see if I can find out more Wilko
Re: [Dovecot] dovecot and firstname.initial.lastname mbox format archive
Quoting Wilko Bulte, who wrote on Thu, Feb 18, 2010 at 08:14:55PM +0100 .. Quoting Wilko Bulte, who wrote on Thu, Feb 18, 2010 at 05:53:10PM +0100 .. Quoting Timo Sirainen, who wrote on Thu, Feb 18, 2010 at 05:26:54PM +0200 .. On Mon, 2010-02-15 at 19:13 +0100, Wilko Bulte wrote: - On my new system I have dovecot v 1.2.8 which refuses to handle these dot-seperated files. I get the somewhat familiar Mailbox doesn't allow inferior mailboxes. I have attached the dovecot -n from my dovecot 1.2.8 which does not want to accept firstname.initial.lastname. This is the dovecot128.conf file. I don't see anything obviously wrong. Try talking IMAP protocol directly, maybe your client is doing something wrong. http://wiki.dovecot.org/TestInstallation After login try something like: a create foo.bar.baz b select foo.bar.baz If that succeeds, it's probably client issue. Recreating the account Looks like this is working just fine: a login wb foo a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH] Logged in a create foo.bar.baz a OK Create completed. b select foo.bar.baz * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1266511425] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest b OK [READ-WRITE] Select completed. as it resulted in the creation of foo.bar.baz like so: -rw--- 1 wb wb 0 Feb 18 17:43 foo.bar.baz Hm... fascinating.. I'll investigate further, thanks for your kind help sofar! While talking to the same dovecot 1.2.8 server: Mutt 1.5.18 (2008-05-17) works OK with first.initial.last mboxes raw logging gives me: a0003 CAPABILITY a0004 LIST a0005 STATUS postponed (MESSAGES) a0006 SELECT INBOX a0007 FETCH 1:41 (UID FLAGS INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIELDS (DATE FROM SUBJECT TO CC MESSAGE-ID REFERENCES CONTENT-TYPE CONTENT-DESCRIPT ION IN-REPLY-TO REPLY-TO LINES LIST-POST X-LABEL)]) a0008 CLOSE a0009 STATUS postponed (MESSAGES) a0010 SELECT foo.bar.baz a0011 FETCH 1:1 (UID FLAGS INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIELDS (DATE FROM SUBJECT TO CC MESSAGE-ID REFERENCES CONTENT-TYPE CONTENT-DESCRIPTI ON IN-REPLY-TO REPLY-TO LINES LIST-POST X-LABEL)]) a0012 CLOSE a0013 LOGOUT and Mutt 1.5.20 (2009-06-14) does NOT work with first.initial.last mboxes raw logging gives me: Oa0003 CAPABILITY a0004 LIST a0005 STATUS mail/postponed (MESSAGES) a0006 SELECT INBOX a0007 FETCH 1:41 (UID FLAGS INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIELDS (DATE FROM SUBJECT TO CC MESSAGE-ID REFERENCES CONTENT-TYPE CONTENT-DESCRIPT ION IN-REPLY-TO REPLY-TO LINES LIST-POST X-LABEL)]) a0008 CLOSE a0009 STATUS mail/postponed (MESSAGES) a0010 SELECT mail/foo/bar/baz a0011 LOGOUT If I understand this correctly the newer mutt version is explicitely asking for a / seperated hierarchical mailbox? thanks, Wilko
Re: [Dovecot] GlusterFs - Any new progress reports?
Quoting Steve stev...@gmx.net: My interest is more in bootstrapping a more highly available system from lower quality (commodity) components than very high end use GFS+DRBD should fit the bill... You need several nics and cables, but they are dirt cheap... Just 2 machines with the same disk setup, and a handful of nics and cables, and you are off and running... Can you easy scale that GFS2+DRBD to have more then just 2 nodes? Is Not really, no. You can have those two nodes distribute it out via gnbd though... Red Hat claims it scales well, but I've not yet tested it... Can all the nodes at the same time be active or is one node always the master and the other a hot spare that kicks in when the master is down? The free version of DRBD only supports max 2 nodes. They can be active-active or active-passive. The non-free version is supposed to support 3 nodes, but I've heard conflicting reports on what the 3rd node can do... You'd have to investigate that yourself... I'm not interested in it, since I don't want to pay for it... (Though I am willing to donate to the project) My proposed solution to the more-than-two-nodes is gnbd... If that doesn't meet your needs, then DRBD probably isn't the proper choice. You didn't mention anything about number of nodes in your original post, IIRC. Thanks Ed W -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns!
Re: [Dovecot] GlusterFs - Any new progress reports?
Original-Nachricht Datum: Thu, 18 Feb 2010 13:51:33 -0600 Von: Eric Rostetter rostet...@mail.utexas.edu An: dovecot@dovecot.org Betreff: Re: [Dovecot] GlusterFs - Any new progress reports? Quoting Steve stev...@gmx.net: My interest is more in bootstrapping a more highly available system from lower quality (commodity) components than very high end use GFS+DRBD should fit the bill... You need several nics and cables, but they are dirt cheap... Just 2 machines with the same disk setup, and a handful of nics and cables, and you are off and running... Can you easy scale that GFS2+DRBD to have more then just 2 nodes? Is Not really, no. You can have those two nodes distribute it out via gnbd though... Red Hat claims it scales well, but I've not yet tested it... I have already installed GFS on a cluster in the past, but never on DRBD. Can all the nodes at the same time be active or is one node always the master and the other a hot spare that kicks in when the master is down? The free version of DRBD only supports max 2 nodes. They can be active-active or active-passive. The non-free version is supposed to support 3 nodes, but I've heard conflicting reports on what the 3rd node can do... You'd have to investigate that yourself... I'm not interested in it, since I don't want to pay for it... (Though I am willing to donate to the project) Hmm... when I started with GlusterFS I thought that using more then two nodes is something that I will never need. But now that I have GlusterFS up and running and I am using more then two nodes I really see a benefit in being able to use more then two nodes. For me this is a big advantage of GlusterFS compared to DRBD. My proposed solution to the more-than-two-nodes is gnbd... Never heard of it before. Don't like the fact that I need to patch the Kernel in order to get it working. If that doesn't meet your needs, then DRBD probably isn't the proper choice. You didn't mention anything about number of nodes in your original post, IIRC. I did not post the original post. I just responded to the original post saying that GlusterFS works for me. Thanks Ed W -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns! -- NEU: Mit GMX DSL über 1000,- ¿ sparen! http://portal.gmx.net/de/go/dsl02
Re: [Dovecot] auth processes
Timo Sirainen put forth on 2/18/2010 12:54 PM: Hmm. You could try setting auth_worker_max_request_count=1 to see if that gets rid of the processes after they've handled the request. Restarting IMAP/POP3 mail server: dovecotError: Error in configuration file /etc/dovecot/dovecot.conf line 1: Unknown setting: worker_max_request_count Fatal: Invalid configuration in /etc/dovecot/dovecot.conf FYI I'm running 1.2.10 -- Stan
Re: [Dovecot] GlusterFs - Any new progress reports?
Quoting Steve stev...@gmx.net: I have already installed GFS on a cluster in the past, but never on DRBD. Me too (I did in on a real physical SAN before). Hmm... when I started with GlusterFS I thought that using more then two nodes is something that I will never need. GlusterFS is really designed to allow such things... So is GFS. But these are filesystems... DRBD isn't really designed to scale this way. A SAN or NAS is. But now that I have GlusterFS up and running and I am using more then two nodes I really see a benefit in being able to use more then two nodes. For me this is a big advantage of GlusterFS compared to DRBD. You are comparing filesystems to storage/mirroring systems. Not a valid comparison... My proposed solution to the more-than-two-nodes is gnbd... Never heard of it before. Don't like the fact that I need to patch the Kernel in order to get it working. GNDB is a standard part of GFS. No more patching than GFS or DRBD in any case... Red Hat and clones all come with support for GFS and GNDB built in. DRBD is another issue... GNDB should be known to anyone using GFS, since it is part of the standard reading (manual, etc) for GFS. If that doesn't meet your needs, then DRBD probably isn't the proper choice. You didn't mention anything about number of nodes in your original post, IIRC. I did not post the original post. I just responded to the original post saying that GlusterFS works for me. I didn't mean to single you out in my reply... Assume the you is a generic you, not specifically aimed at any one individual... Sorry if I miss-attributed anything to you... Very busy, and trying to reply to these emails as fast as I can when I get a minute or two of time, so I may make some mistakes as to who said what... I'm not trying to convert or convince any one... I'm just replying and expressing my experiences and thoughts... If glusterfs works for you, then great. If not, there are alternatives... I happen to champion some, others champion others... Personally, I like SAN storage, but the price has always kept me from using it (except once, when I was setting it up on someone else's SAN). -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns!
Re: [Dovecot] auth processes
Quoting Stan Hoeppner s...@hardwarefreak.com: Timo Sirainen put forth on 2/18/2010 12:54 PM: Hmm. You could try setting auth_worker_max_request_count=1 to see if that gets rid of the processes after they've handled the request. Restarting IMAP/POP3 mail server: dovecotError: Error in configuration file /etc/dovecot/dovecot.conf line 1: Unknown setting: worker_max_request_count Fatal: Invalid configuration in /etc/dovecot/dovecot.conf FYI I'm running 1.2.10 -- Stan Could be a typo, could be your problem, but: auth_worker_max_request_count != worker_max_request_count (i.e., did you forget the auth_ at the start?) -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns!
Re: [Dovecot] GlusterFs - Any new progress reports?
Dare I ask...(as it's not exactly clear from the Gluster docs) If I take 5 storage servers to house my /mail can my cluster of 5 front end dovecot servers all mount/read/write to /mail. The reason I ask is the docs seem to suggest I should be doing 5 servers, having 5 partitions, one for each mail server? Any clues? Regards John
Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]
On Thu, 2010-02-18 at 16:20 +0200, Timo Sirainen wrote: On Thu, 2010-02-18 at 09:05 -0500, Charles Marcus wrote: Personally I think the best way would be, if the user isn't over quota at the time of a message delivery, deliver that message, *regardless* of whether or not it puts the user over quota. Wonder if there's anyone who wouldn't want this behavior? One exception could be that if mail is larger than the user's entire quota limit, it wouldn't be accepted. And this would happen only for deliver/lmtp, not imap append (because it would give user an error message directly). I certainly wouldn't want to accept a message in this case, user might be 1K under quota, but get 20m file now that might be a whoopie doo :) but what if 130K users did same. -- Kind Regards, SSA Noel Butler L.C.P No. 251002 This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate or reveal any part to anyone without the authors express written authority to do so. If you are not the intended recipient, please notify the sender and delete all relevance of this message including any attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF and ODF documents are accepted, do not send Microsoft proprietary formatted documents.
Re: [Dovecot] auth processes
Eric Rostetter put forth on 2/18/2010 3:21 PM: Quoting Stan Hoeppner s...@hardwarefreak.com: Timo Sirainen put forth on 2/18/2010 12:54 PM: Hmm. You could try setting auth_worker_max_request_count=1 to see if that gets rid of the processes after they've handled the request. Restarting IMAP/POP3 mail server: dovecotError: Error in configuration file /etc/dovecot/dovecot.conf line 1: Unknown setting: worker_max_request_count Fatal: Invalid configuration in /etc/dovecot/dovecot.conf FYI I'm running 1.2.10 -- Stan Could be a typo, could be your problem, but: auth_worker_max_request_count != worker_max_request_count (i.e., did you forget the auth_ at the start?) I think it's sad that sometimes some sysadmins assume their fellow sysadmins are less than capable, to put it politely. [02:55:20][r...@greer]/home/stan$ dovecot -a|grep auth_worker_max_request_count [02:55:26][r...@greer]/home/stan$ man dovecot [02:56:36][r...@greer]/home/stan$ man dovecot.conf No manual entry for dovecot.conf [02:56:40][r...@greer]/home/stan$ vi /etc/dovecot/dovecot.conf [03:02:06][r...@greer]/home/stan$ dovecot restart Usage: dovecot [-F] [-c config file] [-p] [-n] [-a] [--version] [--build-options] [--exec-mail protocol [args]] Fatal: Unknown argument: restart [03:02:11][r...@greer]/home/stan$ /etc/init.d/dovecot Usage: /etc/init.d/dovecot {start|stop|restart|force-reload|status} [03:02:41][r...@greer]/home/stan$ /etc/init.d/dovecot status dovecot is running. [03:03:10][r...@greer]/home/stan$ /etc/init.d/dovecot restart Restarting IMAP/POP3 mail server: dovecotError: Error in configuration file /etc/dovecot/dovecot.conf line 868: Unknown setting: worker_max_request_count Fatal: Invalid configuration in /etc/dovecot/dovecot.conf failed! [03:04:33][r...@greer]/home/stan$ vi /etc/dovecot/dovecot.conf [03:06:09][r...@greer]/home/stan$ /etc/init.d/dovecot restart Restarting IMAP/POP3 mail server: dovecotError: Error in configuration file /etc/dovecot/dovecot.conf line 1: Unknown setting: worker_max_request_count Fatal: Invalid configuration in /etc/dovecot/dovecot.conf failed! [03:06:50][r...@greer]/home/stan$ vi /etc/dovecot/dovecot.conf [03:07:38][r...@greer]/home/stan$ /etc/init.d/dovecot restart Restarting IMAP/POP3 mail server: dovecot. Now, does that string of actions look to you like I fucked up, didn't verify my edits and results, before reporting back? Pristine? No. Perfect? No. _Thorough_? YES. Dovecot strips the auth_ portion of the parameter name in that error message. I don't know why. Do you? If you're running 1.2.10 or prior on one of your systems, insert that parameter into dovecot.conf, do a restart or force reload, and report back the error message, if any, that you receive. Maybe then you might have a constructive, positive comment for me. -- Stan
Re: [Dovecot] GlusterFs - Any new progress reports?
Original-Nachricht Datum: Thu, 18 Feb 2010 21:32:46 + Von: John Lyons j...@support.nsnoc.com An: Dovecot Mailing List dovecot@dovecot.org Betreff: Re: [Dovecot] GlusterFs - Any new progress reports? Dare I ask...(as it's not exactly clear from the Gluster docs) If I take 5 storage servers to house my /mail can my cluster of 5 front end dovecot servers all mount/read/write to /mail. Yes. That's the beauty of GlusterFS. The reason I ask is the docs seem to suggest I should be doing 5 servers, having 5 partitions, one for each mail server? You can do that. But with GlusterFS and Dovecot you don't need to. You can mount read/write the same GlusterFS share on all the mail servers. Dovecot will usually add the hostname of the delivering system into the maildir file name. As long as the delivery is collision free in terms of file names then you can scale up as many read/write nodes you like. Any clues? Regards John Steve -- NEU: Mit GMX DSL über 1000,- ¿ sparen! http://portal.gmx.net/de/go/dsl02
Re: [Dovecot] dovecot and firstname.initial.lastname mbox format archive
On 18.2.2010, at 21.31, Wilko Bulte wrote: Mutt 1.5.20 (2009-06-14) does NOT work with first.initial.last mboxes raw logging gives me: Oa0003 CAPABILITY a0004 LIST a0005 STATUS mail/postponed (MESSAGES) a0006 SELECT INBOX a0007 FETCH 1:41 (UID FLAGS INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIELDS (DATE FROM SUBJECT TO CC MESSAGE-ID REFERENCES CONTENT-TYPE CONTENT-DESCRIPT ION IN-REPLY-TO REPLY-TO LINES LIST-POST X-LABEL)]) a0008 CLOSE a0009 STATUS mail/postponed (MESSAGES) a0010 SELECT mail/foo/bar/baz a0011 LOGOUT If I understand this correctly the newer mutt version is explicitely asking for a / seperated hierarchical mailbox? Right. Looks like a bug, or possibly a wrongly cached separator.
Re: [Dovecot] auth processes
On 18.2.2010, at 23.08, Stan Hoeppner wrote: Timo Sirainen put forth on 2/18/2010 12:54 PM: Hmm. You could try setting auth_worker_max_request_count=1 to see if that gets rid of the processes after they've handled the request. Restarting IMAP/POP3 mail server: dovecotError: Error in configuration file /etc/dovecot/dovecot.conf line 1: Unknown setting: worker_max_request_count Fatal: Invalid configuration in /etc/dovecot/dovecot.conf FYI I'm running 1.2.10 Oh, right, it changed in v1.2 to: passdb pam { args = max_requests=1 }
Re: [Dovecot] GlusterFs - Any new progress reports?
On 19.2.2010, at 0.37, Steve wrote: You can do that. But with GlusterFS and Dovecot you don't need to. You can mount read/write the same GlusterFS share on all the mail servers. Dovecot will usually add the hostname of the delivering system into the maildir file name. As long as the delivery is collision free in terms of file names then you can scale up as many read/write nodes you like. This has the same problems as with NFS (assuming the servers aren't only delivering mails, without updating index files). http://wiki.dovecot.org/NFS
Re: [Dovecot] GlusterFs - Any new progress reports?
Original-Nachricht Datum: Fri, 19 Feb 2010 03:02:48 +0200 Von: Timo Sirainen t...@iki.fi An: Dovecot Mailing List dovecot@dovecot.org Betreff: Re: [Dovecot] GlusterFs - Any new progress reports? On 19.2.2010, at 0.37, Steve wrote: You can do that. But with GlusterFS and Dovecot you don't need to. You can mount read/write the same GlusterFS share on all the mail servers. Dovecot will usually add the hostname of the delivering system into the maildir file name. As long as the delivery is collision free in terms of file names then you can scale up as many read/write nodes you like. This has the same problems as with NFS (assuming the servers aren't only delivering mails, without updating index files). http://wiki.dovecot.org/NFS Except that NFS is not so flexible as GlusterFS. In GlusterFS I can replicate, stripe, aggregate, etc... All things that I can't do with NFS. -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/atbrowser
Re: [Dovecot] GlusterFs - Any new progress reports?
On Fri, 2010-02-19 at 03:12 +0100, Steve wrote: This has the same problems as with NFS (assuming the servers aren't only delivering mails, without updating index files). http://wiki.dovecot.org/NFS Except that NFS is not so flexible as GlusterFS. In GlusterFS I can replicate, stripe, aggregate, etc... All things that I can't do with NFS. Sure .. but you can break the index files in exactly the same way as with NFS. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] GlusterFs - Any new progress reports?
Original-Nachricht Datum: Fri, 19 Feb 2010 04:37:04 +0200 Von: Timo Sirainen t...@iki.fi An: dovecot@dovecot.org Betreff: Re: [Dovecot] GlusterFs - Any new progress reports? On Fri, 2010-02-19 at 03:12 +0100, Steve wrote: This has the same problems as with NFS (assuming the servers aren't only delivering mails, without updating index files). http://wiki.dovecot.org/NFS Except that NFS is not so flexible as GlusterFS. In GlusterFS I can replicate, stripe, aggregate, etc... All things that I can't do with NFS. Sure .. but you can break the index files in exactly the same way as with NFS. :) That is right :) -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser