Re: [Dovecot] Can Dovecot do this...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 30 Mar 2010, Robert Lopez wrote: First, the From: information and Reply-To: information will be re-written from what ever they may be to become that person's college email address. Second, the email will then be routed to an intended recipient be it within our community or outside of our community. Third, the envelop sender (MAIL FROM in SMTP protocol) is to be rewritten. Is if this senario is possible? Yes. Would postfix on the new system do the address re-writes or would Dovecot do it? postfix, because this is a service of a MTA. Postfix needs SASL to authentificate users, then an user DB to get the user information (aka mail address) from. What would store the information necessary for the reply routing? I don't understand this. You have to configure postfix, to replace header information. IMHO Postfix should not care about whether this is reply information or anything else. What would happen in one internal address to many external address situations? You meddle with sender information in all situations (VIP - internal, VIP - external), so no problem. If the project was simplified by removing the ability to reply to an email; so it was only a way to route external to external with rewrite is is then possible? It makes no difference, per RFC nobody has the right to send mails without the ability to reply on except for DSNs. ;-) I cannot help you with your postfix configuration, because I don't use it. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS7MQd7+Vh58GPL/cAQJUAAf/YX+QRx79bPYaLAsuOAZ+5Mrr0ioghHxj 71gblT2gJOHqYTVkTmnv4Pv/38OY7QdYvxZr7xtY21JhhOJdoFaRRgWwj7xGi30J I6+bZ3Vp528ukVRrTJjgHhSro/ovARovkFHSBzkXFUiMlHEuxpMXKvUMUHWCm71v QcKrTnSEcnFHwBS67Dd1uivPjpRYui4A/rCNdYHkVqa/bHGbcGzKPNAMezqg4NKV qs+5PKUMSe5L7vl6f6/Lqn1wkverTTQJ251HyXIHEshasLQ4ISVtSrSKiGZm7s3O Fwp8rX8+z0qZo7aK0zfKRSsQZ8hWpj+tK/f3KTygS+oIEa8HNMkIKg== =TXM6 -END PGP SIGNATURE-
Re: [Dovecot] Can Dovecot do this...
On Tue, Mar 30, 2010 at 11:50:42AM -0600, Robert Lopez wrote: It is now proposed that certain staff members should be allowed to be at some remote location and compose an email which will be sent to SOMETHING at our college which will then cause two things to happen. First, the From: information and Reply-To: information will be re-written from what ever they may be to become that person's college email address. Second, the email will then be routed to an intended recipient be it within our community or outside of our community. Well, this is all stuff which happens on receipt of mail to someth...@yourcollege. The best place to do this is in the MTA. Postfix might be able to do this; exim definitely can (it's the Swiss army knife of MTAs :-). Certainly any header and envelope rewriting you want can be done, and it can be database-driven. But have you thought, how is the intended recipient going to be decided? Via telepathy perhaps? :-) Consider: the president (sending from her hotmail account, hot...@hotmail.com) wants to send a mail to f...@example.com. She could send a mail to presidents-rewri...@college.com, but then the rewriter would have no idea that it was for f...@example.com. You could go back to the 1980's and use source-routed addresses like fred%example@president.college.com I suspect she wouldn't like having to do that. Or you could get the president to configure her account to send all outbound mail via your SMTP server, and use SMTP AUTH to identify herself. The mail server knows her identity so can then rewrite her From: header appropriately before relaying it. But if you're going to all that trouble to configure her MUA, you could also configure her MUA to send the correct From: header too, which makes the whole exercise pointless. If the requirement is for the president to be able to send mails from a cybercafe, maybe you should just set up your own webmail service she can login to. There are many webmail frontends which can talk IMAP to Dovecot. Is if this senario is possible? Based on the above, I think you need to make your requirements clearer :-) Would postfix on the new system do the address re-writes or would Dovecot do it? Header rewriting and mail delivery is nothing to do with Dovecot. (Well, there is Dovecot LDA with Sieve filtering, which can do a very limited series of actions just before the mail gets added to the mailbox, but I don't think that's what you want) What would store the information necessary for the reply routing? That could be in a flat file, or a .db file, or custom attributes in an LDAP database, or SQL, or ... Regards, Brian.
[Dovecot] Dovecot+LDAP issues
Dear list members, I am having some problems with a LDAP passdb authentication on Dovecot. Before I forget, the specs: it's a Ubuntu 7.10 server running Dovecot 1.0.5 connecting to 2 different machines running LDAP servers: gold with OpenLDAP 2.4.19 and extra with OpenLDAP 2.4.9 (extra is a replication slave of gold). The initial setup of dovecot was with a MySQL passdb, which is still the first passdb, now followed by my new LDAP passdb, all with a static userdb. Here is my dovecot-ldap.conf (the LDAP passdb) (I switched the domain with example.com for privacy sake): - #Servidor hosts = gold.example.com extra.example.com tls = yes ldap_version = 3 base = ou=people,dc=example,dc=com scope = onelevel #uid/gid user_global_uid = 5000 user_global_gid = 5000 #Bind para ler coisas dn = cn=dovecot,ou=people,dc=example,dc=com dnpass = secret sasl_bind = no sasl_mech = #passdb: usar password lookups para autenticar utilizadores auth_bind = no pass_attrs =userPassword=password #, =userdb_home=/home/vmail/%d/%n pass_filter = ((maildrop=%u)(mailacceptinguser=1)) default_pass_scheme = PLAIN-MD5 - This setup is currently working for some tests users (the others are still being auth'ed with the old MySQL passdb). Unfortunately, I seemed to have run into a big problem on an occasion when dovecot was unable to connect my first server (gold) and hence went to the second one (extra). Backtracking from the logs (starting with dovecot-error.log): Mar 31 13:11:50 bunker dovecot: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server Mar 31 13:11:50 bunker dovecot: auth-worker(default): LDAP: ldap_result() failed: Can't contact LDAP server This is when the users stopped being able to login via imap, with the following message being shown on dovecot-info.log: Mar 31 13:13:00 bunker dovecot: auth(default): ldap(u...@domain.com,xxx.xxx.xxx.xxx): unknown user (I know, an auth_debug log would be handy here, but it wasn't activated at the time). I went on to investigate and from the slapd logs I noticed that the second LDAP server (extra) was being contacted for the passdb lookups, thus proving that dovecot considered the gold to be dead (it wasn't, but that's a different matter). Anyway, the problem is that dovecot doesn't seem to be able to retrieve the user information from extra. As the slapd log shows: Mar 31 13:41:37 extra slapd[31473]: conn=4 op=140 SRCH base=ou=people,dc=example,dc=com scope=1 deref=0 filter=((?=undefined)(?=undefined)) Mar 31 13:41:37 extra slapd[31473]: conn=4 op=140 SRCH attr=userPassword Mar 31 13:41:37 extra slapd[31473]: conn=4 op=140 SEARCH RESULT tag=101 err=0 nentries=0 text= For some reason, dovecot sends an undefined filter to extra, even though the same filter works without issues with gold (and remember they are clones). I just can't see how this is caused by any of my configurations! Any ideas? Thanks in advance, -- Daniel Gomes
[Dovecot] Managing IMAP ACL from script
I need to change ALC for mailboxes from a script on my server. As I understand now I can correctly change ACL only via telnet using IMAP commands. And moreover I need to know user's password for it. Is there any plans to add inheritance of ACL and ability to manage it directly from a server? And if it is in which version? Will 2.0 fully support ACL? Now I use Dovecot 1.2.10.
Re: [Dovecot] Dovecot+LDAP issues
On 03/31/2010 02:59 PM, Daniel Gomes wrote: Dear list members, I am having some problems with a LDAP passdb authentication on Dovecot. Before I forget, the specs: it's a Ubuntu 7.10 server running Dovecot 1.0.5 connecting to 2 different machines running LDAP servers: gold with OpenLDAP 2.4.19 and extra with OpenLDAP 2.4.9 (extra is a replication slave of gold). The initial setup of dovecot was with a MySQL passdb, which is still the first passdb, now followed by my new LDAP passdb, all with a static userdb. Here is my dovecot-ldap.conf (the LDAP passdb) (I switched the domain with example.com for privacy sake): - #Servidor hosts = gold.example.com extra.example.com tls = yes ldap_version = 3 base = ou=people,dc=example,dc=com scope = onelevel #uid/gid user_global_uid = 5000 user_global_gid = 5000 #Bind para ler coisas dn = cn=dovecot,ou=people,dc=example,dc=com dnpass = secret sasl_bind = no sasl_mech = #passdb: usar password lookups para autenticar utilizadores auth_bind = no pass_attrs =userPassword=password #, =userdb_home=/home/vmail/%d/%n pass_filter = ((maildrop=%u)(mailacceptinguser=1)) default_pass_scheme = PLAIN-MD5 - This setup is currently working for some tests users (the others are still being auth'ed with the old MySQL passdb). Unfortunately, I seemed to have run into a big problem on an occasion when dovecot was unable to connect my first server (gold) and hence went to the second one (extra). Backtracking from the logs (starting with dovecot-error.log): Mar 31 13:11:50 bunker dovecot: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server Mar 31 13:11:50 bunker dovecot: auth-worker(default): LDAP: ldap_result() failed: Can't contact LDAP server This is when the users stopped being able to login via imap, with the following message being shown on dovecot-info.log: Mar 31 13:13:00 bunker dovecot: auth(default): ldap(u...@domain.com,xxx.xxx.xxx.xxx): unknown user (I know, an auth_debug log would be handy here, but it wasn't activated at the time). I went on to investigate and from the slapd logs I noticed that the second LDAP server (extra) was being contacted for the passdb lookups, thus proving that dovecot considered the gold to be dead (it wasn't, but that's a different matter). Anyway, the problem is that dovecot doesn't seem to be able to retrieve the user information from extra. As the slapd log shows: Mar 31 13:41:37 extra slapd[31473]: conn=4 op=140 SRCH base=ou=people,dc=example,dc=com scope=1 deref=0 filter=((?=undefined)(?=undefined)) Mar 31 13:41:37 extra slapd[31473]: conn=4 op=140 SRCH attr=userPassword Mar 31 13:41:37 extra slapd[31473]: conn=4 op=140 SEARCH RESULT tag=101 err=0 nentries=0 text= For some reason, dovecot sends an undefined filter to extra, even though the same filter works without issues with gold (and remember they are clones). I just can't see how this is caused by any of my configurations! Any ideas? Thanks in advance, Hi Daniel, Are you using by any chance the slapo-rwm overlay? There is mention in openldap 2.4.13 changelog that prior versions would rewrite an undefined filter. Have you tried issuing the exact search on both servers, using ldapseach for instance, and see if they both return the same information? Regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
[Dovecot] Shared mailboxes unix permissions
Hello Timo, I'm running dovecot-1.2.11/Maildir and plan to migrate to single UID mailboxes some day, but for now, I've got system users and I'm testing permissions handling in order to set up shared mailboxes. The private namespace mailboxes location is location = maildir:/courriel/boites/%u:CONTROL=/courriel/meta/%u:INDEX=/var/dovecot-test/indexes/%1u/%u I've . created a 'doveshared' unix group . added 'mail_access_groups = doveshared' . chmod/chgrp the maildir and control dirs like this : drwxrws--- 7 doveimap doveshared 4096 Mar 31 18:47 /courriel/boites/doveimap drwxrws--- 5 doveimap doveshared 4096 Mar 31 18:47 /courriel/meta/doveimap [which were empty] . added 'acl_shared_dict = file:/var/dovecot-test/dict/shared-mailboxes' with drwxrwxs-- 2 root doveshared 512 Mar 31 18:44 /var/dovecot-test/dict [which were empty] Everything gets created with the permission I was expecting, except : -rw--- 1 doveimap doveshared 8 Mar 31 18:47 /courriel/meta/doveimap/dovecot-uidvalidity -rw--- 1 doveimap doveshared 0 Mar 31 18:44 /courriel/meta/doveimap/dovecot-uidvalidity.4bb37be4 and -rw--- 1 doveimap doveshared 0 Mar 31 18:44 /var/dovecot-test/dict/shared-mailboxes I can't see the explanation in http://wiki.dovecot.org/SharedMailboxes/Permissions and the 'dovecot-shared' file doesn't help (besides, my understanding is that in 1.2x, it's for backward compatibility reason). Any idea ? Thanks -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
[Dovecot] New install authentication probs
Hi, Im attempting to configure dovecot for the first time, Im trying to use a MySQL DB that is currently used by tpop3d as Ive read they support the same password format. My main prob currently, apart from that it doesnt work lol, is that Ive enabled the following debugging in dovecot.conf auth_debug = yes auth_debug_passwords = yes auth_verbose = yes But Im getting basically zero info on why my authentication is failing. In my log (which for testing Ive defined as a file in /tmp to make sure Im getting all the info logged to one place) I see just: Mar 31 19:00:17 dovecot: Info: Dovecot v1.2.10 starting up Mar 31 19:00:17 auth-worker(default): Info: mysql: Connected to localhost (ukgri d_vmail) Mar 31 19:00:18 auth(default): Info: new auth connection: pid=64188 Mar 31 19:00:18 auth(default): Info: new auth connection: pid=64186 Mar 31 19:00:18 auth(default): Info: new auth connection: pid=64187 each time I attempt to connect via IMAP it adds another new auth connection line to the log but doesnt tell me anything else :(. So Im stuck debugging my authentication due to lack of info. BTW Im testing IMAP via telnet, telnet to IMAP port and attempt LOGIN (I have this working to a courier IMAP installation). Have I done something wrong? Any help appreciated! thanks Andy.
Re: [Dovecot] New install authentication probs
On Mar 31, 2010, at 11:18 AM, Andy Smith wrote: Hi, Im attempting to configure dovecot for the first time, Im trying to use a MySQL DB that is currently used by tpop3d as Ive read they support the same password format. My main prob currently, apart from that it doesnt work lol, is that Ive enabled the following debugging in dovecot.conf auth_debug = yes auth_debug_passwords = yes auth_verbose = yes But Im getting basically zero info on why my authentication is failing. In my log (which for testing Ive defined as a file in /tmp to make sure Im getting all the info logged to one place) I see just: Mar 31 19:00:17 dovecot: Info: Dovecot v1.2.10 starting up Mar 31 19:00:17 auth-worker(default): Info: mysql: Connected to localhost (ukgri d_vmail) Mar 31 19:00:18 auth(default): Info: new auth connection: pid=64188 Mar 31 19:00:18 auth(default): Info: new auth connection: pid=64186 Mar 31 19:00:18 auth(default): Info: new auth connection: pid=64187 each time I attempt to connect via IMAP it adds another new auth connection line to the log but doesnt tell me anything else :(. So Im stuck debugging my authentication due to lack of info. BTW Im testing IMAP via telnet, telnet to IMAP port and attempt LOGIN (I have this working to a courier IMAP installation). Have I done something wrong? Any help appreciated! thanks Andy. Pleas post the result of: # dovecot -n // Brad
Re: [Dovecot] New install authentication probs
Hi Brad, thanks for the reply, here is the output: dovecot -n # 1.2.10: /usr/local/etc/dovecot.conf # OS: FreeBSD 6.1-RELEASE i386 nfs log_path: /tmp/dovecot.log protocols: imap ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login verbose_proctitle: yes first_valid_uid: 1000 first_valid_gid: 1000 mail_privileged_group: mail mail_location: maildir:/var/spool/mail/%d/%u mail_debug: yes imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep lda: sendmail_path: /usr/sbin/sendmail auth default: mechanisms: plain digest-md5 cram-md5 username_format: %Lu verbose: yes debug: yes debug_passwords: yes passdb: driver: sql args: /usr/local/etc/dovecot-sql.conf userdb: driver: passwd args: blocking=yes userdb: driver: sql args: /usr/local/etc/dovecot-sql.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 master: path: /var/run/dovecot/auth-master mode: 384
Re: [Dovecot] New install authentication probs
Ola Daniel, thanks for the idea, but actually within the config file the settings are not within the auth default section, its just shown that way from the output of dovecot -n cheers Andy. Quoting Daniel Gomes daniel.go...@ist.utl.pt: Hey Andy, I might be way over my head here, but unlike you, in my setup I set auth_debug, auth_verbose and auth_debug_password to yes outside the auth default section. Try that and see if you get the verbose logging you're looking for! Cheers, On 31-03-2010 19:46, Andy Smith wrote: Hi Brad, thanks for the reply, here is the output: dovecot -n # 1.2.10: /usr/local/etc/dovecot.conf # OS: FreeBSD 6.1-RELEASE i386 nfs log_path: /tmp/dovecot.log protocols: imap ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login verbose_proctitle: yes first_valid_uid: 1000 first_valid_gid: 1000 mail_privileged_group: mail mail_location: maildir:/var/spool/mail/%d/%u mail_debug: yes imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep lda: sendmail_path: /usr/sbin/sendmail auth default: mechanisms: plain digest-md5 cram-md5 username_format: %Lu verbose: yes debug: yes debug_passwords: yes passdb: driver: sql args: /usr/local/etc/dovecot-sql.conf userdb: driver: passwd args: blocking=yes userdb: driver: sql args: /usr/local/etc/dovecot-sql.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 master: path: /var/run/dovecot/auth-master mode: 384 -- Daniel Gomes, 55350