Re: [Dovecot] Shared mailboxes errors
On Tue, 03 Aug 2010 23:16:38 +0200 Leander S. wrote: Hi Nikita Koshikov, when I googled for my SERVERBUG which I'm having right now I found your configuration. I'm trying to make use of the antispam plugin as you do. Unfortunately I'm always getting a [SERVERBUG] error mesage with my MTC when I try moving mails. The antispam debug.log doesn't really tell a lot of more: ### Dovecot AntiSpam ### # mail signature (used with any backend requiring a signature) #antispam_signature = X-Spam-Status #antispam_signature_missing = move antispam_mail_sendmail = /usr/local/bin/sa-learn antispam_mail_sendmail_args = --username=%u;--debug;all antispam_mail_spam = --spam antispam_mail_notspam = --ham antispam_mail_tmpdir = /tmp antispam_spam = Spam antispam_unsure = Virus antispam_trash = Trash First of all - what OS is this ? BSD ? And how did you install your spamassassin (ports\compiling from source)? Show your local.cf file (/etc/mail/spamassassin or /usr/local/etc/mail/spamassasin). After reading perldoc Mail::SpamAssassin::Conf add to your local.cf for debugging: bayes_file_mode 0777 bayes_path /tmp/.spamassassin/bayes Create folder /tmp/.spamassassin and set permitions 777. Restart spamd with dovecot and try it. I also read through the sa-learn script but wasn't able to figure out where this number 9 is coming from ;/ ... SIGKILL 9 Term Kill signal - but where from ?! sa-learn has lots of die() function, this should be enough for raising SIGKILL. Do you maybe have any idea? I tried different Dovecot versions already - alwys the same ... Might there maybe somethign wrong with my syntax? Any way - thanks a lot in advance regards If you stuck after all, remember that sa-learn has -D key, it generate tons of output. Create wrapper and run sa-learn with -D keyword from dovecot, save result and have fun.
[Dovecot] Dovecot 2.0.rc3 Capability response
Hi I have a question regarding the IMAP CAPABILITY command behavior of Dovecot 2.0.rc3. While connecting to a Dovecot 1.2.4 server and requesting the supported capabilities, Dovecot returns all capabilities: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot ready. a1 CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH ACL RIGHTS=texk QUOTA AUTH=PLAIN AUTH=CRAM-MD5 a1 OK Capability completed. Doing the same on 2.0.rc3, will return only a limited set of supported capabilities: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot ready. a1 CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN a1 OK Capability completed. However after a user has logged in, Dovecot 2.0.rc3 returns all supported capabilities: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot ready. a1 login u...@example.com pass a1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in a2 CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk a2 OK Capability completed So what's the idea behind the change of this behavior? Is it planned to support different capabilities per user in the future? The reason behind my question is, that the Open-Xchange IMAP client implementation relies on the presence of the ACL capability presented before the actual login took place. Thanks for any clarifications. Regards Christian
[Dovecot] Impossible to share INBOX with other users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, i am currently testing Dovecot 2.0 rc3 with Maildir format, and it seems _again_ impossible to share the Inbox of one user with another user. user1 shares Inbox with user2 user2 makes List command: 1 login user2 password * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk 1 OK You are so in 2 list * * LIST (\HasNoChildren) / Sent * LIST (\HasNoChildren) / Trash * LIST (\HasNoChildren) / Drafts * LIST (\HasNoChildren) / INBOX * LIST (\Noselect \HasChildren) / FremdeOrdner * LIST (\Noselect \HasChildren) / FremdeOrdner/user1 * LIST (\Noselect \HasChildren) / FremdeOrdner/user1/INBOX * LIST (\HasNoChildren) / FremdeOrdner/user1/INBOX/unterInbox * LIST (\HasNoChildren) / FremdeOrdner/user1/testordner * LIST (\HasChildren) / FremdeOrdner/user1/INBOX 2 OK List completed. The Problem is the following line: * LIST (\Noselect \HasChildren) / FremdeOrdner/user1/INBOX which causes Thunderbird NOT to subscribe and ignore INBOX of user1. There is no difference, if the shared INBOX has any subfolders. Any Ideas on how to solve this? Regards, Daniel Stoye -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxZPmUACgkQwloC3PARqmhhQACeKOa3g9ec2G25uqYVpkp8sVlc zNYAnR6IU376m8JF2PkaXwvK7qsjC6I/ =u+IR -END PGP SIGNATURE-
Re: [Dovecot] Dovecot 2.0.rc3 Capability response
Doing the same on 2.0.rc3, will return only a limited set of supported capabilities: Looking at the RFC.. and if dovecot is doing this then its going against the RFC and doing it wrong. As it says This listing of capabilities is not dependent upon connection state or user. http://tools.ietf.org/search/rfc1730#section-6.1.1 http://tools.ietf.org/search/rfc2060#section-6.1.1 The CAPABILITY command requests a listing of capabilities that the server supports. The server MUST send a single untagged CAPABILITY response with IMAP4 as the first listed capability before the (tagged) OK response. This listing of capabilities is not dependent upon connection state or user. It is therefore not necessary to issue a CAPABILITY command more than once in a session. So what's the idea behind the change of this behavior? Is it planned to support different capabilities per user in the future? The reason behind my question is, that the Open-Xchange IMAP client implementation relies on the presence of the ACL capability presented before the actual login took place. Thanks for any clarifications. Regards Christian
Re: [Dovecot] OT dovecot w/postfix, mysql , postfix does unnecessary lookups
On 2010-08-03 6:53 PM, Noel Butler noel.but...@ausics.net wrote: Just an update for archives in case anyone else comes across it whilst debugging, they can just shrug it off as a postfix anomaly, I only had two replies to this post, but both of them are also seeing the same as I do, so nothing to worry about until postfix one decade accepts this as a bug :) Wietse takes bugs very seriously. He does however require actual proof, in the form of hard evidence, before he will take a bug report seriously. I'll wager it is not a bug, but more likely a misunderstanding on your part as to how postfix works, and postfix is doing precisely what you are telling it to do. Since postfix does not do SQL lookups directly, you need to execute the commands that postfix will use to access your maps, provide *full* config details, and finally full log examples of 'the anomalous behavior' - otherwise it is just noise. -- Best regards, Charles
Re: [Dovecot] Dovecot 2.0.rc3 Capability response
On 04.08.2010 12:25, Craig Whitmore wrote: Looking at the RFC.. and if dovecot is doing this then its going against the RFC and doing it wrong. As it says This listing of capabilities is not dependent upon connection state or user. http://tools.ietf.org/search/rfc1730#section-6.1.1 http://tools.ietf.org/search/rfc2060#section-6.1.1 Timo will know better. Just want to say, that this sentence has been removed in RFC3501. -- Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252 LAN Management System Developer http://lms.org.pl Roundcube Webmail Developer http://roundcube.net
Re: [Dovecot] Dovecot 2.0.rc3 Capability response
Christian Affolter wrote: Hi I have a question regarding the IMAP CAPABILITY command behavior of Dovecot 2.0.rc3. While connecting to a Dovecot 1.2.4 server and requesting the supported capabilities, Dovecot returns all capabilities: Timo's last response to this - and there have been a few others since this changes made (yes, it was intentional, and yes, per user capabilities are a future possibility): On 2010-04-07 9:38 PM, Timo Sirainen t...@iki.fi wrote: This is pretty much intentional, because v1.x used to do horrible horrible things to get the capability line. I was hoping to avoid that in v2.0. This works for the most commonly used IMAP clients, so I don't think I'm going to change this. It's time to get the clients fixed instead. :) Besides, it's possible to support per-user capabilities, and presenting capabilities before login makes this impossible. Dovecot v2.0 presents capabilities in two possible ways, depending on if client sent a CAPABILITY command: a) the right way (use CAPABILITY imap resp code): * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot ready. x login user pass x OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in b) the wrong way (use untagged CAPABILITY), which is required to make it work with Outlook etc.: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot ready. a capability * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN a OK Capability completed. b login user pass * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS b OK Logged in -- Best regards, Charles
[Dovecot] doveadm director remove error
Hi, with the version 2.0.rc3, when I try to remove a mail server from director list, get this error: doveadm director remove 10.180.188.21 (null): doesn't exist but the other commands are working without problem ... doveadm director status mail server ip vhosts users 10.180.188.21 100 2 10.180.188.22 100 3 thanks Xavier
Re: [Dovecot] Dovecot 2.0.rc3 Capability response
On 4.8.2010, at 12.27, Charles Marcus wrote: I have a question regarding the IMAP CAPABILITY command behavior of Dovecot 2.0.rc3. While connecting to a Dovecot 1.2.4 server and requesting the supported capabilities, Dovecot returns all capabilities: Timo's last response to this - and there have been a few others since this changes made (yes, it was intentional, and yes, per user capabilities are a future possibility): Not just a future possibility, but they already are possible. Just have userdb return different mail_plugins setting for different users.
[Dovecot] mobile phone access to dovecot
I didn't find anything interesting in the search, so I just wanted to see what other people have done (or thought about doing). I'd like to be able to access my dovecot server via IMAP, from the Internet, using the integrated e-mail client from a smart phone. I'm very concerned about security and don't feel comfortable just poking holes into the firewall for direct access from the Internet. Is there a better way to do this? Thanks. -- View this message in context: http://old.nabble.com/mobile-phone-access-to-dovecot-tp29342338p29342338.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] mobile phone access to dovecot
On Qua, 04 Ago 2010, casanova99 wrote: I didn't find anything interesting in the search, so I just wanted to see what other people have done (or thought about doing). I'd like to be able to access my dovecot server via IMAP, from the Internet, using the integrated e-mail client from a smart phone. I'm very concerned about security and don't feel comfortable just poking holes into the firewall for direct access from the Internet. Is there a better way to do this? The IMAP server is in your home machine, not a dedicated server, right? Anyway, if you need to access it, you'll need to open your machine up for connections. If you can isolate the IPs you'd be connecting from, you can restrict access to them. -- QOTD: When she hauled ass, it took three trips. Eduardo M KALINOWSKI edua...@kalinowski.com.br
Re: [Dovecot] Dovecot 2.0.rc3 Capability response
On Wed, 2010-08-04 at 12:50 +0200, A.L.E.C wrote: On 04.08.2010 12:25, Craig Whitmore wrote: Looking at the RFC.. and if dovecot is doing this then its going against the RFC and doing it wrong. As it says This listing of capabilities is not dependent upon connection state or user. http://tools.ietf.org/search/rfc1730#section-6.1.1 http://tools.ietf.org/search/rfc2060#section-6.1.1 Timo will know better. Just want to say, that this sentence has been removed in RFC3501. Sorry.. I didn't go far enough forward :-) Thanks
Re: [Dovecot] Dovecot 2.0.rc3 Capability response
Timo Sirainen wrote: On 4.8.2010, at 12.27, Charles Marcus wrote: yes, per user capabilities are a future possibility): Not just a future possibility, but they already are possible. Just have userdb return different mail_plugins setting for different users. I stand pleasantly corrected... :) Not sure I'll ever need/use them, but nice to know it is possible...
Re: [Dovecot] IMAP access to dovecot list archives?
Timo Sirainen wrote: On 3.8.2010, at 21.46, Charles Marcus wrote: Before I go file a bug for Thunderbird, can you confirm that IMAP access to the dovecot mail list archives should still be working? Looks to me like it's working. Authentication worked and I could select dovecot mailbox and read the last mail. Can't get this to work in Thunderbird... According to the status bar info, it seems to connect, seems to authenticate (although I see two separate 'Sending Login Information' notifications back to back), and no errors - but no messages show up in the Inbox, and no other folders show up as subscribable... Any ideas?
Re: [Dovecot] doveadm director remove error
On Wed, 2010-08-04 at 13:23 +0200, Xavier Pons wrote: Hi, with the version 2.0.rc3, when I try to remove a mail server from director list, get this error: doveadm director remove 10.180.188.21 (null): doesn't exist Whops. Fixed: http://hg.dovecot.org/dovecot-2.0/rev/9cf0d33f3fe9
Re: [Dovecot] IMAP access to dovecot list archives?
On Wed, 2010-08-04 at 08:46 -0400, Charles Marcus wrote: Timo Sirainen wrote: On 3.8.2010, at 21.46, Charles Marcus wrote: Before I go file a bug for Thunderbird, can you confirm that IMAP access to the dovecot mail list archives should still be working? Looks to me like it's working. Authentication worked and I could select dovecot mailbox and read the last mail. Can't get this to work in Thunderbird... Works ok in 3.0.6+build2+nobinonly-0ubuntu0.10.04.1
Re: [Dovecot] Dovecot 2.0.rc3 Capability response
A.L.E.C a...@alec.pl writes: On 04.08.2010 12:25, Craig Whitmore wrote: Looking at the RFC.. and if dovecot is doing this then its going against the RFC and doing it wrong. As it says This listing of capabilities is not dependent upon connection state or user. http://tools.ietf.org/search/rfc1730#section-6.1.1 http://tools.ietf.org/search/rfc2060#section-6.1.1 Timo will know better. Just want to say, that this sentence has been removed in RFC3501. I agree this wording has quite explicitly been removed from RFC 3501. Maybe Timo can point to some explicit wording which I have been unable to find but my reading of various bits of RFC 3501 (which btw obsoletes 2060 which in turn obsoletes 1730, i.e. 3501 is _the_ reference) seems to suggest that doing a CAPABILITY (or the moral equivalent of recognizing a CAPABILITY response) after both STARTTLS and AUTHENTICATE is in fact necessary. I don't see why it would be important to add these CAPABILITY responses unless the expectation is that the CAPABILITY response is now different as a result of the STARTTLS, AUTHENTICATE or indeed LOGIN. The case seems clear for STARTTLS; you advertise only non-plaintext AUTH mechanisms and LOGINDISABLED initially and after successful STARTTLS you can advertise plaintext AUTH mechanisms and remove LOGINDISABLED. I must confess I am having trouble untangling the precise meaning of the text related to AUTHENTICATE though. For reference some selected text from RFC 3501: 6.2.1. STARTTLS Command [...] Once [TLS] has been started, the client MUST discard cached information about server capabilities and SHOULD re-issue the CAPABILITY command. This is necessary to protect against man-in- the-middle attacks which alter the capabilities list prior to STARTTLS. The server MAY advertise different capabilities after STARTTLS. [...] 6.2.2. AUTHENTICATE Command [...] A server MAY include a CAPABILITY response code in the tagged OK response of a successful AUTHENTICATE command in order to send capabilities automatically. It is unnecessary for a client to send a separate CAPABILITY command if it recognizes these automatic capabilities. This should only be done if a security layer was not negotiated by the AUTHENTICATE command, because the tagged OK response as part of an AUTHENTICATE command is not protected by encryption/integrity checking. [SASL] requires the client to re-issue a CAPABILITY command in this case. [...] B. Changes from RFC 2060 [...] 77) Add optional CAPABILITY response code in the initial OK or PREAUTH. 78) Add note that server can send an untagged CAPABILITY command as part of the responses to AUTHENTICATE and LOGIN. 79) Remove statement about it being unnecessary to issue a CAPABILITY command more than once in a connection. That statement is no longer true. [...] 83) Clarify that an untagged CAPABILITY response to an AUTHENTICATE command should only be done if a security layer was not negotiated. [...] 91) Change recommendation of optional automatic capabilities in LOGIN and AUTHENTICATE to use the CAPABILITY response code in the tagged OK. This is more interoperable than an unsolicited untagged CAPABILITY response.
Re: [Dovecot] IMAP access to dovecot list archives?
Timo Sirainen wrote: On Wed, 2010-08-04 at 08:46 -0400, Charles Marcus wrote: Timo Sirainen wrote: On 3.8.2010, at 21.46, Charles Marcus wrote: Before I go file a bug for Thunderbird, can you confirm that IMAP access to the dovecot mail list archives should still be working? Looks to me like it's working. Authentication worked and I could select dovecot mailbox and read the last mail. Can't get this to work in Thunderbird... Works ok in 3.0.6+build2+nobinonly-0ubuntu0.10.04.1 Hmmm... I'm using 3.1.1... Can you confirm the Server Settings? Type: IMAP Server Name: dovecot.org Port: 143 Username: anonymous Connection Security: None Auth method: Password, transmitted insecurely Advanced: IMAP Server Directory: blank Show only subscribed: unchecked
Re: [Dovecot] Dovecot 2.0.rc3 Capability response
On Wed, 2010-08-04 at 14:04 +0100, pod wrote: The case seems clear for STARTTLS; you advertise only non-plaintext AUTH mechanisms and LOGINDISABLED initially and after successful STARTTLS you can advertise plaintext AUTH mechanisms and remove LOGINDISABLED. Yes. I must confess I am having trouble untangling the precise meaning of the text related to AUTHENTICATE though. Some auth mechanisms like GSSAPI and DIGEST-MD5 can add encryption/integrity protection to the stream. So in case of MITM attacks, the attacker could alter the CAPABILITY list before AUTHENTICATE, but not after it. I think RFC 3501 primarily talks about capability changing because of this. RFC 3501 isn't fully clear that clients should update their capabilities when a CAPABILITY resp-code is sent on LOGIN, but this does strongly hint that: A server MAY include a CAPABILITY response code in the tagged OK response to a successful LOGIN command in order to send capabilities automatically. It is unnecessary for a client to send a separate CAPABILITY command if it recognizes these automatic capabilities.
Re: [Dovecot] IMAP access to dovecot list archives?
On Wed, 2010-08-04 at 09:38 -0400, Charles Marcus wrote: Can you confirm the Server Settings? Type: IMAP Server Name: dovecot.org Port: 143 Username: anonymous Connection Security: None Auth method: Password, transmitted insecurely Advanced: IMAP Server Directory: blank Show only subscribed: unchecked Looks correct.
[Dovecot] LMTP: Rejecting unknown users
Hi!
I'm using static results in LDAP-lookups:
uris = ldap://127.0.0.1
dn = x
dnpass =
tls = no
ldap_version = 3
base = x
user_attrs =
=home=/mail/%d/%n,=uid=1,=gid=1,jpberlinMailQuota=quota_rule=*:storage=%$B
user_filter = (email=%u)
pass_attrs = userPassword=password
pass_filter = (email=%u)
default_pass_scheme = PLAIN
Unfortunately, LMTP accepts mail for *all* users, even for those users,
that doesn't exist in LDAP at all:
010-08-04 12:27:58 auth: Debug: Loading modules from
directory: /usr/lib/dovecot/modules/auth
2010-08-04 12:27:58 auth: Debug: auth client connected (pid=10049)
2010-08-04 12:27:58 lmtp(10054): Debug: none: root=, index=, control=,
inbox=
2010-08-04 12:27:58 auth: Debug: master in: USER1
tessdfdfgd...@example.org service=lmtplip=(null) r
ip=(null)
2010-08-04 12:27:58 auth: Debug:
ldap(tessdfdfgd...@example.org,0.0.0.0): user search:
base=xxx
2010-08-04 12:27:58 auth: Debug:
ldap(tessdfdfgd...@example.org,0.0.0.0): no fields returned by the
server
2010-08-04 12:27:58 auth: Debug: master out: USER 1
tessdfdfgd...@example.org home=/mail/example.org/tessdfdfgd
sftuid=1 gid=1
2010-08-04 12:27:58 lmtp(10054): Debug: auth input:
tessdfdfgd...@example.org home=/mail/example.org/tessdfdfgdsft
uid=1 gid=
1
2010-08-04 12:27:58 lmtp(10054, tessdfdfgd...@example.org): Debug:
Effective uid=1, gid=1, home=/mail/example.org/tessdfd
fgdsft
2010-08-04 12:27:58 lmtp(10054, tessdfdfgd...@example.org): Debug:
Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no
, list=yes, subscriptions=yes
2010-08-04 12:27:58 lmtp(10054, tessdfdfgd...@example.org): Debug:
maildir++: root=/mail/example.org/tessdfdfgdsft/Maildir, index
=, control=, inbox=/mail/example.org/tessdfdfgdsft/Maildir
2010-08-04 12:27:58 lmtp(10054, tessdfdfgd...@example.org): Debug:
Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, h
idden=no, list=children, subscriptions=no
2010-08-04 12:27:58 lmtp(10054, tessdfdfgd...@example.org): Debug:
shared: root=/var/run/dovecot, index=, control=, inbox=
Looks like the allow_all_users-Problem from the static database. :-)
How can I tell LMTP do reject Mails to users, that doesn't exist in the
database/LDAP?
It's much better to do this in Dovecot/LMTP then in Postfix-Relay (which
can then use LMTP for dynamic address verification).
Peer
--
Heinlein Professional Linux Support GmbH
Linux: Akademie - Support - Hosting
http://www.heinlein-support.de
Tel: 030-405051-42
Fax: 030-405051-19
Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin
# 2.0.rc3 (d5a923df60d4): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-ac x86_64 Debian 5.0.5
auth_debug = yes
auth_mechanisms = plain login cram-md5 digest-md5 apop
auth_username_translation = %Lu
auth_verbose = yes
debug_log_path = /tmp/log
disable_plaintext_auth = no
listen = *
log_timestamp = %Y-%m-%d %H:%M:%S
mail_debug = yes
mail_gid = vmail
mail_location = maildir:~/Maildir
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date spamtest spamtestplus virustest
namespace {
inbox = yes
list = yes
location =
prefix =
separator = /
subscriptions = yes
type = private
}
namespace {
list = children
location = maildir:%%h:INDEX=~/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_max_redirects = 10
}
protocols = lmtp imap
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
verbose_proctitle = yes
Re: [Dovecot] LMTP: Rejecting unknown users
On Wed, 2010-08-04 at 15:37 +0200, Peer Heinlein wrote: user_attrs = =home=/mail/%d/%n,=uid=1,=gid=1,jpberlinMailQuota=quota_rule=*:storage=%$B user_filter = (email=%u) Looks ok.. Unfortunately, LMTP accepts mail for *all* users, even for those users, that doesn't exist in LDAP at all: Shouldn't happen.. 2010-08-04 12:27:58 auth: Debug: master in: USER1 tessdfdfgd...@example.org service=lmtplip=(null) r ip=(null) The lip=(null) rip=(null) here is a bug (fixed by http://hg.dovecot.org/dovecot-2.0/rev/10c4c9d5fb5b) but I don't think that matters. 2010-08-04 12:27:58 auth: Debug: ldap(tessdfdfgd...@example.org,0.0.0.0): user search: base=xxx 2010-08-04 12:27:58 auth: Debug: ldap(tessdfdfgd...@example.org,0.0.0.0): no fields returned by the server 2010-08-04 12:27:58 auth: Debug: master out: USER 1 tessdfdfgd...@example.org home=/mail/example.org/tessdfdfgd sftuid=1 gid=1 It looks like LDAP still sent a reply. Otherwise it would do that it does with me: Aug 04 15:24:57 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Aug 04 15:24:57 auth: Debug: master in: USER1 t...@example.com service=lmtplip=::1 rip=::1 Aug 04 15:24:57 auth: Debug: ldap(t...@example.com,::1): user search: base=ou=people,dc=example,dc=com scope=subtree filter=(mail=...@example.com) fields=uidNumber Aug 04 15:24:57 auth: Info: ldap(t...@example.com,::1): unknown user Aug 04 15:24:57 auth: Debug: master out: NOTFOUND 1 BTW. You should be able to test this more easily with doveadm user f...@example.org. It should also return unknown user.
Re: [Dovecot] LMTP: Rejecting unknown users
Am Mittwoch 04 August 2010 schrieb Timo Sirainen: Unfortunately, LMTP accepts mail for *all* users, even for those users, that doesn't exist in LDAP at all: Shouldn't happen.. Okay, so I'm hopefully not t stupid :-) BTW. You should be able to test this more easily with doveadm user f...@example.org. It should also return unknown user. Oh, I'm not used to the new features :-) But even if doveadm user denies the existence of my dummy-user: r...@mail-archiv:/etc/dovecot# doveadm user hgjhg...@example.org userdb lookup: user hgjhg...@example.org doesn't exist Aug 4 14:30:49 mail-archiv dovecot: auth: ldap(hgjhg...@example.org): unknown user ...it's still possible to send him e-mails... r...@mail-archiv:/etc/dovecot# echo hhh | sendmail hgjhg...@example.org r...@mail-archiv:/etc/dovecot# grep hgjhg...@example.org /var/log/mail.info Aug 4 14:31:07 mail-archiv postfix/smtp[11471]: 1EB2C8115: to=hgjhg...@example.org, relay=127.0.0.1[127.0.0.1]:7123, delay=0.37, delays=0.07/0.01/0.05/0.25, dsn=2.0.0, status=sent (250 Message requeued) Aug 4 14:31:07 mail-archiv dovecot: lmtp(10423, hgjhg...@example.org): GFarClBFWUy3KAAA/hwkHw: msgid=20100804123107.1eb2c8...@mail-archiv.heinlein-support.test: saved mail to INBOX Aug 4 14:31:07 mail-archiv postfix/lmtp[11477]: 6026A8111: to=hgjhg...@example.org, relay=mail-archiv.heinlein-support.test[private/dovecot-lmtp], delay=0.13, delays=0.11/0.02/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 hgjhg...@example.org GFarClBFWUy3KAAA/hwkHw Saved) 2010-08-04 14:34:41 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth 2010-08-04 14:34:41 auth: Debug: auth client connected (pid=11517) 2010-08-04 14:34:41 lmtp(11522): Debug: none: root=, index=, control=, inbox= 2010-08-04 14:34:41 auth: Debug: master in: USER1 hgjhg...@example.orgservice=lmtplip=(null) rip=(null) 2010-08-04 14:34:41 auth: Debug: ldap(hgjhg...@example.org,0.0.0.0): user search: base=ou=domain,dc=heinlein-support,dc=de scope=subtree filter=(email=hgjhg...@example.org) fields=jpberlinMailQuota 2010-08-04 14:34:41 auth: Debug: ldap(hgjhg...@example.org,0.0.0.0): no fields returned by the server 2010-08-04 14:34:41 auth: Debug: master out: USER 1 hgjhg...@example.orghome=/mail/example.org/hgjhgjhg uid=1 gid=1 2010-08-04 14:34:41 lmtp(11522): Debug: auth input: hgjhg...@example.org home=/mail/example.org/hgjhgjhg uid=1 gid=1 2010-08-04 14:34:41 lmtp(11522, hgjhg...@example.org): Debug: Effective uid=1, gid=1, home=/mail/example.org/hgjhgjhg 2010-08-04 14:34:41 lmtp(11522, hgjhg...@example.org): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes 2010-08-04 14:34:41 lmtp(11522, hgjhg...@example.org): Debug: maildir++: root=/mail/example.org/hgjhgjhg/Maildir, index=, control=, inbox=/mail/example.org/hgjhgjhg/Maildir 2010-08-04 14:34:41 lmtp(11522, hgjhg...@example.org): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no 2010-08-04 14:34:41 lmtp(11522, hgjhg...@example.org): Debug: shared: root=/var/run/dovecot, index=, control=, inbox= Peer Heinlein -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030-405051-42 Fax: 030-405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
Re: [Dovecot] LMTP: Rejecting unknown users
On Wed, 2010-08-04 at 16:35 +0200, Peer Heinlein wrote: But even if doveadm user denies the existence of my dummy-user: r...@mail-archiv:/etc/dovecot# doveadm user hgjhg...@example.org userdb lookup: user hgjhg...@example.org doesn't exist Aug 4 14:30:49 mail-archiv dovecot: auth: ldap(hgjhg...@example.org): unknown user What are the full debug logs for this lookup? (What's different in them compared to doveadm user?) ...it's still possible to send him e-mails... LMTP and doveadm user should send the same command to auth process and they should be processed identically.
[Dovecot] listen=*, :: broken?
Hi, the default: listen = *, :: should work and should open port 143 on IPv4 and IPv6. In my setup it looks broken: r...@mail-archiv:/etc/dovecot# doveconf | grep ^listen listen = *, :: r...@mail-archiv:/etc/dovecot# /etc/init.d/dovecot restart Restarting mail server: dovecotError: service(imap-login): listen(::, 143) failed: Address already in use Fatal: Failed to start listeners r...@mail-archiv:/etc/dovecot# But it's working with listen = *: r...@mail-archiv:/etc/dovecot# doveconf | grep ^listen listen = * r...@mail-archiv:/etc/dovecot# /etc/init.d/dovecot restart Restarting mail server: dovecot. r...@mail-archiv:/etc/dovecot# Peer Heinlein -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030-405051-42 Fax: 030-405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
Re: [Dovecot] expire plugin
Timo Sirainen wrote:
On Tue, 2010-08-03 at 10:59 +0200, Arnaud2 bali wrote:
expire: .Trash 1 .Trash/* 1 .Spam 2
Remove '.' before the mailbox names.
That good
Thank you very much
# 1.2.11: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-2-amd64 x86_64 Debian 5.0.5
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap imaps pop3s managesieve
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
mail_privileged_group: mail
*mail_location: maildir:~
*mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_plugins(default): quota expire imap_quota autocreate
mail_plugins(imap): quota expire imap_quota autocreate
mail_plugins(pop3): quota expire autocreate
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
lda:
postmaster_address: arn...@ungi.net
mail_plugins: quota expire sieve autocreate
auth_socket_path: /var/run/dovecot/auth-master
auth default:
mechanisms: plain login
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
plugin:
quota: maildir
expire: Trash 1 Trash/* 1 Spam 2
expire_dict: proxy::expire
sieve: ~/.dovecot.sieve
sieve_after: /home/vmail/sieve/default.sieve
autocreate: Trash
autocreate2: Spam
autocreate3: Sent
autocreate4: Inbox
autocreate5: Drafts
autocreate6: Templates
autosubscribe: Trash
autosubscribe2: Spam
autosubscribe3: Sent
autosubscribe4: Inbox
autosubscribe5: Drafts
autosubscribe6: Templates
dict:
expire: mysql:/etc/dovecot/dovecot-dict-expire.conf
# cat /etc/dovecot/dovecot-dict-expire.conf
connect = host=localhost user=xx password=x dbname=postfixadmin
map {
pattern = /home/vmail/homes/$user/$mailbox
#shared/expire/$user/$mailbox
table = dovecot_expires
value_field = expire_stamp
fields {
username = $user
mailbox = $mailbox
}
}
mysql desc dovecot_expires;
+--+--+--+-+-+---+
| Field| Type | Null | Key | Default | Extra |
+--+--+--+-+-+---+
| username | varchar(255) | NO | PRI | NULL| |
| mailbox | varchar(255) | NO | PRI | NULL| |
| expire_stamp | int(11) | NO | | NULL| |
+--+--+--+-+-+---+
# cat /etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=localhost user=xxx password=xxx dbname=postfixadmin
user_query = SELECT CONCAT('/home/vmail/homes/',maildir) AS *home,*
65500 AS uid, 65500 AS gid, \
CONCAT('*:bytes=', CAST(quota AS CHAR)) AS quota_rule \
FROM mailbox WHERE username = %u AND active=1
password_query = SELECT username as user, password, maildir as
userdb_home, 65500 as userdb_uid, 65500 as userdb_gid FROM mailbox WHERE
username = '%u' AND active=1
Re: [Dovecot] listen=*, :: broken?
On Wed, 2010-08-04 at 16:47 +0200, Peer Heinlein wrote: Restarting mail server: dovecotError: service(imap-login): listen(::, 143) failed: Address already in use .. But it's working with listen = *: r...@mail-archiv:/etc/dovecot# doveconf | grep ^listen listen = * r...@mail-archiv:/etc/dovecot# /etc/init.d/dovecot restart Restarting mail server: dovecot. Does listen = * also make it listen on IPv6? Sounds like you've enabled some IPv6 binds listen for IPv4 too feature. What OS is this? Does compiling this program give the blah error on your system? #include sys/socket.h #include netinet/in.h #include netdb.h #include arpa/inet.h #ifdef IPV6_V6ONLY # error blah #endif
Re: [Dovecot] listen=*, :: broken?
On 2010-08-04 16:47:10 +0200, Peer Heinlein wrote: listen = *, :: what os/distro? there is this ipv6-mapped-v4 stuff (:::), which might cause trouble here. But it's working with listen = *: r...@mail-archiv:/etc/dovecot# doveconf | grep ^listen listen = * how does the netstat -tuplen | grep 143 look like with this? darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org
Re: [Dovecot] LMTP: Rejecting unknown users
Am Mittwoch 04 August 2010 schrieb Timo Sirainen: What are the full debug logs for this lookup? (What's different in them compared to doveadm user?) ...it's still possible to send him e-mails... LMTP and doveadm user should send the same command to auth process and they should be processed identically. Strange: r...@mail-archiv:/etc/dovecot# doveadm user notexist...@example.org userdb lookup: user notexist...@example.org doesn't exist r...@mail-archiv:/etc/dovecot# echo h | sendmail notexist...@example.org r...@mail-archiv:/etc/dovecot# doveadm user notexist...@example.org userdb: notexist...@example.org home : /mail/example.org/notexistent uid : 1 gid : 1 r...@mail-archiv:/etc/dovecot# But the user still exists if his Maildir is deleted: r...@mail-archiv:/mail/example.org# rm -R /mail/example.org/notexistent/ r...@mail-archiv:/mail/example.org# doveadm user notexist...@example.org userdb: notexist...@example.org home : /mail/example.org/notexistent uid : 1 gid : 1 ...and the user still exists after a complete restart of Dovecot?! Peer Heinlein -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030-405051-42 Fax: 030-405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin 2010-08-04 14:48:36 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth 2010-08-04 14:48:36 auth: Debug: master in: USER1 notexist...@example.org service=doveadm 2010-08-04 14:48:36 auth: Debug: ldap(notexist...@example.org): user search: base=ou=domain,dc=heinlein-support,dc=de scope=subtree filter=(email=notexist...@example.org) fields=jpberlinMailQuota 2010-08-04 14:48:36 auth: Debug: master out: NOTFOUND 1 2010-08-04 14:48:46 auth: Debug: auth client connected (pid=11786) 2010-08-04 14:48:46 lmtp(11788): Debug: none: root=, index=, control=, inbox= 2010-08-04 14:48:46 auth: Debug: master in: USER1 notexist...@example.org service=lmtplip=(null) rip=(null) 2010-08-04 14:48:46 auth: Debug: ldap(notexist...@example.org,0.0.0.0): user search: base=ou=domain,dc=heinlein-support,dc=de scope=subtree filter=(email=notexist...@example.org) fields=jpberlinMailQuota 2010-08-04 14:48:46 auth: Debug: ldap(notexist...@example.org,0.0.0.0): no fields returned by the server 2010-08-04 14:48:46 auth: Debug: master out: USER 1 notexist...@example.org home=/mail/example.org/notexistent uid=1 gid=1 2010-08-04 14:48:46 lmtp(11788): Debug: auth input: notexist...@example.org home=/mail/example.org/notexistent uid=1 gid=1 2010-08-04 14:48:46 lmtp(11788, notexist...@example.org): Debug: Effective uid=1, gid=1, home=/mail/example.org/notexistent 2010-08-04 14:48:46 lmtp(11788, notexist...@example.org): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes 2010-08-04 14:48:46 lmtp(11788, notexist...@example.org): Debug: maildir++: root=/mail/example.org/notexistent/Maildir, index=, control=, inbox=/mail/example.org/notexistent/Maildir 2010-08-04 14:48:46 lmtp(11788, notexist...@example.org): Debug: Namespace : Permission lookup failed from /mail/example.org/notexistent/Maildir 2010-08-04 14:48:46 lmtp(11788, notexist...@example.org): Debug: Namespace : Using permissions from /mail/example.org/notexistent/Maildir: mode=0700 gid=-1 2010-08-04 14:48:46 lmtp(11788, notexist...@example.org): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no 2010-08-04 14:48:46 lmtp(11788, notexist...@example.org): Debug: shared: root=/var/run/dovecot, index=, control=, inbox= 2010-08-04 14:48:49 auth: Debug: master in: USER1 notexist...@example.org service=doveadm 2010-08-04 14:48:49 auth: Debug: ldap(notexist...@example.org): user search: base=ou=domain,dc=heinlein-support,dc=de scope=subtree filter=(email=notexist...@example.org) fields=jpberlinMailQuota 2010-08-04 14:48:49 auth: Debug: ldap(notexist...@example.org): no fields returned by the server 2010-08-04 14:48:49 auth: Debug: master out: USER 1 notexist...@example.org home=/mail/example.org/notexistent uid=1 gid=1 2010-08-04 14:53:14 auth: Debug: master in: USER1 notexist...@example.org service=doveadm 2010-08-04 14:53:14 auth: Debug: ldap(notexist...@example.org): user search: base=ou=domain,dc=heinlein-support,dc=de scope=subtree filter=(email=notexist...@example.org) fields=jpberlinMailQuota 2010-08-04 14:53:14 auth: Debug: ldap(notexist...@example.org): no fields returned by the server 2010-08-04 14:53:14 auth: Debug: master out: USER 1 notexist...@example.org home=/mail/example.org/notexistent uid=1 gid=1 2010-08-04 14:53:28 auth: Debug: Loading
Re: [Dovecot] LMTP: Rejecting unknown users
On Wed, 2010-08-04 at 17:00 +0200, Peer Heinlein wrote: r...@mail-archiv:/etc/dovecot# doveadm user notexist...@example.org userdb lookup: user notexist...@example.org doesn't exist What if you run this twice, does the second one say it doesn't exist or does it then return the user? But the user still exists if his Maildir is deleted: Yeah, that isn't checked. ...and the user still exists after a complete restart of Dovecot?! Sounds like LDAP server starts returning different replies. Restarting it probably resets it? You should be able to reproduce the doveadm user lookup the same way with ldapsearch by giving the same search queries etc. So to me this sounds like something weird going on with your LDAP server..
Re: [Dovecot] IMAP access to dovecot list archives?
Timo Sirainen wrote: On Wed, 2010-08-04 at 09:38 -0400, Charles Marcus wrote: Can you confirm the Server Settings? Type: IMAP Server Name: dovecot.org Port: 143 Username: anonymous Connection Security: None Auth method: Password, transmitted insecurely Advanced: IMAP Server Directory: blank Show only subscribed: unchecked Looks correct. So, you just see one folder (Inbox) and all of the messages there? Any chance you could test with 3.1.1 (*lots* of IMAP fixes, so maybe that is causing a problem)? No hurry of course...
Re: [Dovecot] IMAP access to dovecot list archives?
On Wed, 2010-08-04 at 11:09 -0400, Charles Marcus wrote: So, you just see one folder (Inbox) and all of the messages there? No, INBOX is empty. But: x login anonymous foo x OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH SEARCHRES WITHIN CONTEXT=SEARCH] Logged in x list * * LIST (\NoInferiors \Marked) / dovecot * LIST (\NoInferiors \Marked) / dovecot-cvs * LIST (\NoInferiors \Marked) / dovecot-news * LIST (\HasNoChildren \UnMarked) / INBOX x OK List completed. x lsub * * LSUB () / dovecot-news * LSUB () / dovecot * LSUB () / dovecot-cvs x OK Lsub completed. Any chance you could test with 3.1.1 (*lots* of IMAP fixes, so maybe that is causing a problem)? No hurry of course... Way too much trouble to install extra software without apt-get :) But dunno, maybe there is some bug. It's running v1.2.alpha4.. I guess I should at least upgrade to v1.2 hg and maybe some day to v2.0.
Re: [Dovecot] IMAP access to dovecot list archives?
On Wed, 2010-08-04 at 16:19 +0100, Timo Sirainen wrote: But dunno, maybe there is some bug. It's running v1.2.alpha4.. I guess I should at least upgrade to v1.2 hg and maybe some day to v2.0. Upgraded to v1.2 hg. See if it happens to work now?
Re: [Dovecot] [INVALID] LMTP: Rejecting unknown users
Am Mittwoch 04 August 2010 schrieben Sie: Okay, sorry, I **AM** to stupid. I just learned, that someone has implemented a stupid autolearn-function in a mailfilter that adds anknown recipients to the ldap-directory. My whole problem has nothing to do with dovecot. Dovecot is right: the notexistent-User *does* exist in the ldap-directory. Same with my IPv4/IPv6-problem with listen. On a *real* Debian Lenny system it's working fine. On our appliance system a listen = * opens IPv4 and IPv6. I haven't found the reason yet, there's nothing strange in /etc/sysctl.conf, but it looks like somebody has implemented a cool killer feature several years ago. I'll find it (and maybe him!), but it's not a dovecot-problem. Sorry for wasting your time. Dovecot works fine and great like always. I just learned that our base-system isn't that plain vanilla as I always thought and they always told me. Sorry, I haven't checked that possibility hard enough before sending to the list. Peer Heinlein -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030-405051-42 Fax: 030-405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
Re: [Dovecot] Dovecot 1.2.13 intermittent authentication failures
On Tue, 2010-08-03 at 21:18 -0500, C. Bensend wrote: Well, I cranked the debug back up all the way and captured the password. After whipping up a quick perl script to decode it, it gives me my username and password, end-to-end, no delimiter. Both the username and password are correct, and are the correct case. If that is the correct format for the Base 64-encoded string, it seems to be the right content. So it's either NUL username NUL password or username NUL username NUL password ? So. Uh. Why is dovecot giving back a password mismatch ? I don't believe it's the system's authentication mechanism doing anything weird, I have yet to fail a single SSH authentication (and yes, I do use both password and key-based auth). Wonder if it has to do with a single process doing multiple lookups. That's the main difference compared to SSH and pretty much everything else.
Re: [Dovecot] IMAP IDLE, Virtual mailboxes
Here: http://hg.dovecot.org/dovecot-2.0/rev/eb1f471a924d
Re: [Dovecot] Dovecot 1.2.13 intermittent authentication failures
So it's either NUL username NUL password or username NUL username NUL password It's username then password. Wonder if it has to do with a single process doing multiple lookups. That's the main difference compared to SSH and pretty much everything else. I upgraded the server again today to the latest and greatest snapshot of both OpenBSD and the packages, with no change in behavior. This is crippling me... This morning, I wasn't able to authenticate at *all* to my email, via either Squirrelmail or via IMAPS (my Droid smartphone). After rebooting the system, it worked again while randomly failing. Should I try the straight dovecot package instead of the postgresql flavor? I'm not *using* PostgreSQL to authenticate, but it could cause an issue I guess... One more thing - I ktraced the dovecot processes, and caught the failure: 24165 dovecot-auth CALL lstat(0xcfbbff58,0xcfbbfd00) 24165 dovecot-auth NAMI /usr/libexec/auth/login_passwd 24165 dovecot-auth RET lstat 0 24165 dovecot-auth CALL socketpair(0x1,0x1,0,0xcfbbfeec) 24165 dovecot-auth RET socketpair 0 24165 dovecot-auth CALL fork() 24165 dovecot-auth RET fork 22689/0x58a1 24165 dovecot-auth CALL close(0xe) 24165 dovecot-auth RET close 0 24165 dovecot-auth CALL write(0xd,0x8357d0fc,0x1) 24165 dovecot-auth GIO fd 13 wrote 1 bytes \0 24165 dovecot-auth RET write 1 24165 dovecot-auth CALL write(0xd,0x860dc66c,0x9) 24165 dovecot-auth GIO fd 13 wrote 9 bytes OBSCURED\0 24165 dovecot-auth RET write 9 24165 dovecot-auth CALL read(0xd,0x8550e034,0x2000) 24165 dovecot-auth PSIG SIGCHLD caught handler=0x1c02a8f0 mask=0x0 24165 dovecot-auth RET read -1 errno 4 Interrupted system call 24165 dovecot-auth CALL write(0x8,0xcfbbfa77,0x1) 24165 dovecot-auth GIO fd 8 wrote 1 bytes \0 Does that help at all? Thank you so much! Benny -- Something's going on in this house - last night, I saw a face! Did it have a nose? Yes! That sounds like a face all right. -- Scary Movie 4
[Dovecot] IMAP/POP3 Proxy Redundancy
Looking over the list archives and Wiki there doesn't seem to be any sort of built-in host redundancy with the proxy. I would prefer to use a built in though it doesn't look like this is possible. One of the suggestions that I found in the list archives was to write a script which checks the health of the hosts and adjusts the MySQL table accordingly. Has anyone done anything like this in production? Thanks, Cory Here is a sample of what I'm testing the proxy with. CREATE TABLE `users` ( `user` varchar(255) NOT NULL, `filesystem` varchar(5) NOT NULL, PRIMARY KEY (`user`), UNIQUE KEY `idx_user` (`user`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 CREATE TABLE `hostmap` ( `id` int(11) NOT NULL auto_increment, `filesystem` varchar(5) NOT NULL COMMENT 'Filesystem identifier', `ip` int(10) unsigned NOT NULL, `alive` tinyint(1) NOT NULL default '1', PRIMARY KEY (`id`), UNIQUE KEY `idx_hostmap` (`filesystem`,`ip`) ) ENGINE=MyISAM AUTO_INCREMENT=103 DEFAULT CHARSET=latin1 password_query = SELECT user,NULL as password, INET_NTOA(hostmap.ip) as host, 'Y' AS proxy_maybe from users left join hostmap on users.filesystem=hostmap.filesystem where hostmap.alive=1 and users.user='%u' limit 1;
Re: [Dovecot] Dovecot 1.2.13 intermittent authentication failures
On Wed, 2010-08-04 at 11:07 -0500, C. Bensend wrote: So it's either NUL username NUL password or username NUL username NUL password It's username then password. What about the NUL characters in the middle? Those are important. Should I try the straight dovecot package instead of the postgresql flavor? I'm not *using* PostgreSQL to authenticate, but it could cause an issue I guess... I doubt that makes a difference. One more thing - I ktraced the dovecot processes, and caught the failure: 24165 dovecot-auth RET write 9 24165 dovecot-auth CALL read(0xd,0x8550e034,0x2000) 24165 dovecot-auth PSIG SIGCHLD caught handler=0x1c02a8f0 mask=0x0 24165 dovecot-auth RET read -1 errno 4 Interrupted system call 24165 dovecot-auth CALL write(0x8,0xcfbbfa77,0x1) 24165 dovecot-auth GIO fd 8 wrote 1 bytes \0 Does that help at all? That code is OpenBSD's auth_userokay() call in libc. I don't know if its behavior is correct or not.
Re: [Dovecot] IMAP/POP3 Proxy Redundancy
On Wed, 2010-08-04 at 11:14 -0500, Cory wrote: Looking over the list archives and Wiki there doesn't seem to be any sort of built-in host redundancy with the proxy. I would prefer to use a built in though it doesn't look like this is possible. One of the suggestions that I found in the list archives was to write a script which checks the health of the hosts and adjusts the MySQL table accordingly. Has anyone done anything like this in production? Are you using NFS or some other shared filesystem? Then you should probably use the new director service in v2.0: http://blog.dovecot.org/2010/05/new-director-service-in-v20-for-nfs.html It doesn't support automatic failover yet either, but it's much easier to implement to it.
Re: [Dovecot] Dovecot and Active Directory separate domain data stores.
On Tue, 2010-07-27 at 16:35 +1200, Andrew Bruce wrote: We run a flat domain for AD (lets call it newzealand.local), and then under each users account that gets email, in the E-mail field in AD, they have an email address like us...@auckland, us...@wellington, us...@chch and so on. So I guess this is all you need.. This was done using a query filter that returned a person's email address from AD, chopped it into separate user/domain parts around the '@' symbol and using these to determine where the mail should be stored. But now I need to get Dovecot to be able to do the same thing in order to present the email to the user. Dovecot can do that easily internally already. I guess what you want is: pass_attrs = email=user, .. user_attrs = email=user, .. mail_location = maildir:/mail/%d/%n/Maildir or something.
Re: [Dovecot] Impossible to share INBOX with other users
On Wed, 2010-08-04 at 12:18 +0200, Daniel Stoye wrote: The Problem is the following line: * LIST (\Noselect \HasChildren) / FremdeOrdner/user1/INBOX which causes Thunderbird NOT to subscribe and ignore INBOX of user1. Yes. There is no difference, if the shared INBOX has any subfolders. You mean if INBOX doesn't have any shared subfolders? Anyway, I couldn't reproduce this. What's your dovecot -n output now? What's the minimal sharing setup you can reproduce this with? (User foo sees shared mailboxes - SETACL INBOX foo +lr - foo now sees \Noselect shared INBOX?)
Re: [Dovecot] Impossible to share INBOX with other users
On Wed, 2010-08-04 at 17:40 +0100, Timo Sirainen wrote: Anyway, I couldn't reproduce this. What's your dovecot -n output now? What's the minimal sharing setup you can reproduce this with? (User foo sees shared mailboxes Uh. User foo sees NO shared mailboxes - SETACL INBOX foo +lr - foo now sees \Noselect shared INBOX?)
Re: [Dovecot] Dovecot 1.2.13 intermittent authentication failures
username NUL username NUL password It's username then password. What about the NUL characters in the middle? Those are important. U... I wrote a quick perl script to decrypt the string and print it out... I'll have to look at how to tell if there are NUL chars in there. 24165 dovecot-auth RET write 9 24165 dovecot-auth CALL read(0xd,0x8550e034,0x2000) 24165 dovecot-auth PSIG SIGCHLD caught handler=0x1c02a8f0 mask=0x0 24165 dovecot-auth RET read -1 errno 4 Interrupted system call 24165 dovecot-auth CALL write(0x8,0xcfbbfa77,0x1) 24165 dovecot-auth GIO fd 8 wrote 1 bytes \0 That code is OpenBSD's auth_userokay() call in libc. I don't know if its behavior is correct or not. Ugh, crap, I meant to include more of the output, I'm sorry. Immediately following the above: 24165 dovecot-auth RET write 1 24165 dovecot-auth CALL sigreturn(0xcfbbfa9c) 24165 dovecot-auth RET sigreturn JUSTRETURN 24165 dovecot-auth CALL close(0xb) 24165 dovecot-auth RET close 0 24165 dovecot-auth CALL wait4(0x5d89,0xcfbbfef4,0,0) 24165 dovecot-auth RET wait4 23945/0x5d89 24165 dovecot-auth CALL write(0x2,0x80d53468,0x2e) 24165 dovecot-auth GIO fd 2 wrote 46 bytes \^AIbsdauth(benny,127.0.0.1): password mismatch 24165 dovecot-auth RET write 46/0x2e 24165 dovecot-auth CALL gettimeofday(0x860dc648,0) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL gettimeofday(0xcfbc0674,0) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL kevent(0x6,0,0,0x8bc58600,0x8,0xcfbc066c) 24165 dovecot-auth RET kevent 1 24165 dovecot-auth CALL gettimeofday(0x3c016f5c,0x3c016f64) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL sigprocmask(0x1,0x) 24165 dovecot-auth RET sigprocmask 0 24165 dovecot-auth CALL read(0x7,0xcfbc05e8,0x40) 24165 dovecot-auth GIO fd 7 read 1 bytes \0 24165 dovecot-auth RET read 1 24165 dovecot-auth CALL sigprocmask(0x3,0) 24165 dovecot-auth RET sigprocmask -65793/0xfffefeff 24165 dovecot-auth CALL wait4(0x,0xcfbbf5b8,0x1,0) 24165 dovecot-auth RET wait4 -1 errno 10 No child processes 24165 dovecot-auth CALL gettimeofday(0xcfbc0674,0) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL kevent(0x6,0,0,0x8bc58600,0x8,0xcfbc066c) 23502 dovecot RET kevent 1 23502 dovecot CALL gettimeofday(0x3c00bd04,0x3c00bd0c) 23502 dovecot RET gettimeofday 0 23502 dovecot CALL read(0x11,0x86d50901,0x2ff) 23502 dovecot GIO fd 17 read 46 bytes \^AIbsdauth(benny,127.0.0.1): password mismatch 23502 dovecot RET read 46/0x2e 23502 dovecot CALL gettimeofday(0xcfbbfdc8,0) 23502 dovecot RET gettimeofday 0 23502 dovecot CALL sendto(0x5,0xcfbbfe78,0x57,0,0,0) 23502 dovecot GIO fd 5 wrote 87 bytes 22Aug 4 07:18:01 dovecot: auth(default): bsdauth(benny,127.0.0.1): \ password mismatch 23502 dovecot RET sendto 87/0x57 23502 dovecot CALL gettimeofday(0xcfbc0c34,0) 23502 dovecot RET gettimeofday 0 23502 dovecot CALL kevent(0xc,0,0,0x86cbd600,0xd,0xcfbc0c2c) 24165 dovecot-auth RET kevent 0 24165 dovecot-auth CALL gettimeofday(0x3c016f5c,0x3c016f64) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL gettimeofday(0xcfbc0674,0) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL kevent(0x6,0,0,0x8bc58600,0x8,0xcfbc066c) 23502 dovecot RET kevent 0 23502 dovecot CALL gettimeofday(0x3c00bd04,0x3c00bd0c) 23502 dovecot RET gettimeofday 0 23502 dovecot CALL socketpair(0x1,0x1,0,0xcfbc0b8c) 23502 dovecot RET socketpair 0 23502 dovecot CALL fcntl(0x12,0x1,0) 23502 dovecot RET fcntl 0 23502 dovecot CALL fcntl(0x12,0x2,0x1) 23502 dovecot RET fcntl 0 23502 dovecot CALL fcntl(0x17,0x1,0) I have more if it would be helpful... I'm not skilled enough in debugging compiled programs to effectively interpret what I see above. Gut instinct - do you think this might be a problem with OpenBSD's lib, or Dovecot, or .. ? I think my configuration is OK, I have tried with both the previous version (that was running under the older Dovecot) as well as migrating my settings to the new Dovecot's version of the configuration. I *really* appreciate all your help. Benny -- Something's going on in this house - last night, I saw a face! Did it have a nose? Yes! That sounds like a face all right. -- Scary Movie 4
Re: [Dovecot] error 89 when loading plugin
On Mon, 2010-08-02 at 20:42 +1000, John O'Brien wrote: As a result of a suggestion from Pascal late last week I spent today loading 2.0.rc3 and converting the plugin to the new form. What a nightmare. Is there an easy way to have a plugin included in the configuration and built as part of the make and make install? Everything has changed. I was previously happily generating a .so and putting it the right directory. I know this is the wrong way to do it, but I was doing something like this. It should work the same way in v2.0 as it was working in v1.x.. Although there's now also an easier way: eval `cat /usr/local/lib/dovecot/dovecot-config` gcc -fPIC -shared -DHAVE_CONFIG_H \ `echo $DOVECOT_CFLAGS $LIBDOVECOT_INCLUDE $LIBDOVECOT_STORAGE_INCLUDE` \ foo-plugin.c -o foo.so
Re: [Dovecot] Dovecot 1.2.13 intermittent authentication failures
On Wed, 2010-08-04 at 11:49 -0500, C. Bensend wrote: username NUL username NUL password It's username then password. What about the NUL characters in the middle? Those are important. U... I wrote a quick perl script to decrypt the string and print it out... I'll have to look at how to tell if there are NUL chars in there. less would show them as ^@ in reverse, or hexdump would work too. That code is OpenBSD's auth_userokay() call in libc. I don't know if its behavior is correct or not. Ugh, crap, I meant to include more of the output, I'm sorry. Immediately following the above: .. Still the important code that appears to fail is in OpenBSD. I don't know what it does or how it does it.. 24165 dovecot-auth RET write 1 24165 dovecot-auth CALL sigreturn(0xcfbbfa9c) 24165 dovecot-auth RET sigreturn JUSTRETURN 24165 dovecot-auth CALL close(0xb) 24165 dovecot-auth RET close 0 24165 dovecot-auth CALL wait4(0x5d89,0xcfbbfef4,0,0) 24165 dovecot-auth RET wait4 23945/0x5d89 dovecot-auth code doesn't call wait*(), so up to here it's executing in libc. 24165 dovecot-auth CALL write(0x2,0x80d53468,0x2e) 24165 dovecot-auth GIO fd 2 wrote 46 bytes \^AIbsdauth(benny,127.0.0.1): password mismatch Then the first thing dovecot-auth itself does it just log this error message. 24165 dovecot-auth RET write 46/0x2e 24165 dovecot-auth CALL gettimeofday(0x860dc648,0) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL gettimeofday(0xcfbc0674,0) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL kevent(0x6,0,0,0x8bc58600,0x8,0xcfbc066c) 24165 dovecot-auth RET kevent 1 24165 dovecot-auth CALL gettimeofday(0x3c016f5c,0x3c016f64) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL sigprocmask(0x1,0x) 24165 dovecot-auth RET sigprocmask 0 24165 dovecot-auth CALL read(0x7,0xcfbc05e8,0x40) 24165 dovecot-auth GIO fd 7 read 1 bytes \0 24165 dovecot-auth RET read 1 24165 dovecot-auth CALL sigprocmask(0x3,0) 24165 dovecot-auth RET sigprocmask -65793/0xfffefeff 24165 dovecot-auth CALL wait4(0x,0xcfbbf5b8,0x1,0) 24165 dovecot-auth RET wait4 -1 errno 10 No child processes 24165 dovecot-auth CALL gettimeofday(0xcfbc0674,0) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL kevent(0x6,0,0,0x8bc58600,0x8,0xcfbc066c) 23502 dovecot RET kevent 1 23502 dovecot CALL gettimeofday(0x3c00bd04,0x3c00bd0c) 23502 dovecot RET gettimeofday 0 23502 dovecot CALL read(0x11,0x86d50901,0x2ff) 23502 dovecot GIO fd 17 read 46 bytes \^AIbsdauth(benny,127.0.0.1): password mismatch Above it's no longer fork()ing, but it still tries to wait for some child process. That's a possible bug I guess. Gut instinct - do you think this might be a problem with OpenBSD's lib, or Dovecot, or .. ? I think my configuration is OK, I have tried with both the previous version (that was running under the older Dovecot) as well as migrating my settings to the new Dovecot's version of the configuration. My guess is that OpenBSD's auth code somehow doesn't like running inside dovecot-auth. But the specifics can be tricky to figure out.
[Dovecot] v2.0.rc4 released
http://dovecot.org/releases/2.0/rc/dovecot-2.0.rc4.tar.gz http://dovecot.org/releases/2.0/rc/dovecot-2.0.rc4.tar.gz.sig I'm planning to release rc5 maybe this Friday or weekend, and if there are no serious bugs just change the version number to v2.0.0 a day or two later. Largest changes since rc3: + director: Added director_doveadm_port for accepting doveadm TCP connections. + doveadm: Added client/server architecture support for running mail commands. Enable this by setting doveadm_worker_count to non-zero. + mail-log: Added support for mailbox_create event. + imap_capability = +XFOO BAR can be used to add capabilities instead of replacing the whole capability string. + virtual storage: Added support for IDLE notifications. - doveadm mailbox status: Fixed listing non-ASCII mailbox names. - doveadm fetch: Fixed output when fetching message header or body - doveadm director map/add/remove: Fixed handling IP address as parameter. - dsync: A few more fixes
Re: [Dovecot] IMAP access to dovecot list archives?
Timo Sirainen wrote: On Wed, 2010-08-04 at 16:19 +0100, Timo Sirainen wrote: But dunno, maybe there is some bug. It's running v1.2.alpha4.. I guess I should at least upgrade to v1.2 hg and maybe some day to v2.0. Upgraded to v1.2 hg. See if it happens to work now? You da man! Working fine now... Now I'll go see if I still have the same problem setting up the account from scratch (maybe that problem was related)... Many thanks!
Re: [Dovecot] AntiSpam Plugin
Dovcot AntiSpam Errors: - [SERVERBUG] failed to send mail -- Thunderbird response when move from ANY to spam and the other way arround. - [CANNOT] Cannot copy to unsure folder -- Thunderbird response when move from ANY to unsure and the other way arround. - run program failed with exit code 9 -- debug.log output from antispam plugin. ^^ Maybe someone will find this in an archive and saves himself a _freakn_lot_of_time_ ;) Hi Nikita Koshikov, first of all: Thanks for your reply - much apreciated! ;) It wasn't a problem of user rights - that's for sure now. second: @Tom Hendriks: Thanks for the script hint!! ... but still ... very weired - actually extremely weired, cause if I invoke the script it works perfectly - don't ask me why - it's still a mystery to me since there is acutally no difference to how sa-learn is invoked: script: server [~]# cat /script.sh #!/usr/local/bin/bash # # - must be bash, cause I was not able to make it log stdout/stderror/stdin into a file ... # - $1,$2,$3,$4 puts all the 4 given parameters/args by dovecot into the sa-learn command. # - make sure to chmod 0777 /DoveDamnAntispam.log # ### /usr/local/bin/sa-learn $1 $2 $3 $4 /DoveDamnAntispam.log server [~]# Antispam part of dovecot.conf: ### Dovecot AntiSpam ### # mail signature (used with any backend requiring a signature) #antispam_signature = X-Spam-Status #antispam_signature_missing = move antispam_mail_sendmail = /script.sh #antispam_mail_sendmail = /usr/local/bin/sa-learn antispam_mail_sendmail_args = --username=%u;--debug;all antispam_mail_spam = --spam antispam_mail_notspam = --ham antispam_mail_tmpdir = /tmp antispam_spam = Spam antispam_unsure = Virus antispam_trash = Trash I mean there is not a difference at all to me compared to what I've had before?! But what ever - I got it working - that's the most important ;) So, thanks alot, hey! Best regards! Am 04.08.10 08:35, schrieb Nikita Koshikov: On Tue, 03 Aug 2010 23:16:38 +0200 Leander S. wrote: Hi Nikita Koshikov, when I googled for my SERVERBUG which I'm having right now I found your configuration. I'm trying to make use of the antispam plugin as you do. Unfortunately I'm always getting a [SERVERBUG] error mesage with my MTC when I try moving mails. The antispam debug.log doesn't really tell a lot of more: ### Dovecot AntiSpam ### # mail signature (used with any backend requiring a signature) #antispam_signature = X-Spam-Status #antispam_signature_missing = move antispam_mail_sendmail = /usr/local/bin/sa-learn antispam_mail_sendmail_args = --username=%u;--debug;all antispam_mail_spam = --spam antispam_mail_notspam = --ham antispam_mail_tmpdir = /tmp antispam_spam = Spam antispam_unsure = Virus antispam_trash = Trash First of all - what OS is this ? BSD ? And how did you install your spamassassin (ports\compiling from source)? Show your local.cf file (/etc/mail/spamassassin or /usr/local/etc/mail/spamassasin). After reading perldoc Mail::SpamAssassin::Conf add to your local.cf for debugging: bayes_file_mode 0777 bayes_path /tmp/.spamassassin/bayes Create folder /tmp/.spamassassin and set permitions 777. Restart spamd with dovecot and try it. I also read through the sa-learn script but wasn't able to figure out where this number 9 is coming from ;/ ... SIGKILL 9 Term Kill signal - but where from ?! sa-learn has lots of die() function, this should be enough for raising SIGKILL. Do you maybe have any idea? I tried different Dovecot versions already - alwys the same ... Might there maybe somethign wrong with my syntax? Any way - thanks a lot in advance regards If you stuck after all, remember that sa-learn has -D key, it generate tons of output. Create wrapper and run sa-learn with -D keyword from dovecot, save result and have fun. On 03/08/10 23:17, Leander S. wrote: Am 03.08.10 22:53, schrieb Gregory Finch: On 2010-08-03 1:41 PM, Leander S. wrote: Am 28.07.10 23:43, schrieb Harlan Stenn: Figure out exactly what script is running and see if it says why it would return with a status of 9. If that is because of a SIGKILL, it is because some process is sending that signal. You are gonna get to figure out what debug knobs to crank to figure out why this is going on. Can you invoke any of this stuff manually from the command line to see what messages may come up? h Hi, unfortunately I still wasn't able to figure out what's going on. I tried to debug the sa-learn perl script and I wasn't able to find any hint to that code. (I'm not a beginner) But I guess that this is not an issue of sa-learn. Why? Because sa-learn does as I asked it to. sa-learn writes everything into the SQL DB as wanted - but the mail is not being copied to the destination plus the
Re: [Dovecot] [INVALID] LMTP: Rejecting unknown users
Peer Heinlein wrote: I just learned, that someone has implemented a stupid autolearn-function in a mailfilter that adds anknown recipients to the ldap-directory. Yikes! Hopefully you explained to them why that is such a really, really bad idea and disabled it?
Re: [Dovecot] IMAP access to dovecot list archives?
On Wed, 2010-08-04 at 14:48 +0100, Timo Sirainen wrote: On Wed, 2010-08-04 at 09:38 -0400, Charles Marcus wrote: Can you confirm the Server Settings? Type: IMAP Server Name: dovecot.org Port: 143 Username: anonymous Connection Security: None Auth method: Password, transmitted insecurely Advanced: IMAP Server Directory: blank Show only subscribed: unchecked Looks correct. Works perfect here, so its not a Dovecot problem (i'd repl;y to OP but did not see charles's post, in fact not seen his posts for some time, must be eaten by SA)
Re: [Dovecot] IMAP access to dovecot list archives?
Noel Butler wrote: Works perfect here, so its not a Dovecot problem That's because Timo already fixed it (updated the dovecot servering serving them up from 1.2a4 to latest 1.2hg)... (i'd repl;y to OP but did not see charles's post, in fact not seen his posts for some time, must be eaten by SA) So fix your spamassassin...
Re: [Dovecot] mobile phone access to dovecot
Dovecot runs on its own VM in my environment. I considered MAC address filtering at the firewall but wanted to see if there was any IMAP proxy or IMAP forwarding piece that could sit in a DMZ. The IMAP server is in your home machine, not a dedicated server, right? Anyway, if you need to access it, you'll need to open your machine up for connections. If you can isolate the IPs you'd be connecting from, you can restrict access to them. -- View this message in context: http://old.nabble.com/mobile-phone-access-to-dovecot-tp29342338p29351527.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] IMAP IDLE, Virtual mailboxes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Timo, On 2010-08-04 23:54, Timo Sirainen wrote: Here: http://hg.dovecot.org/dovecot-2.0/rev/eb1f471a924d Thanks, that's great! Now dovecot enables people who sort server-side and want IDLE notifications for all those mailboxes, but do not want to keep many IDLE connections open. They can now create a virtual mailbox that contains all mail-receiving mailboxes' mail (lets call it vinbox), and put their IDLE connection on that vinbox. Neat. I'll update to 2.0 ASAP :) Patrick. - -- Key ID: 0x86E346D4http://patrick-nagel.net/key.asc Fingerprint: 7745 E1BE FA8B FBAD 76AB 2BFC C981 E686 86E3 46D4 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxaMoYACgkQyYHmhobjRtT2XQCdH1IZsNl+cLGVvLJCNaZTbf3d h5UAoIuOMMtsTAWGI76MkOU6X4yxQaS3 =xXls -END PGP SIGNATURE-
Re: [Dovecot] v2.0.rc4 released
On Aug 4, 2010, at 12:35 PM, Timo Sirainen wrote: http://dovecot.org/releases/2.0/rc/dovecot-2.0.rc4.tar.gz http://dovecot.org/releases/2.0/rc/dovecot-2.0.rc4.tar.gz.sig The configure script allows for user override with MYSQL_CONFIG but does not use the value in two places. -MYSQL_INCLUDE=`mysql_config --include` -MYSQL_LIBS=`mysql_config --libs` +MYSQL_INCLUDE=`$MYSQL_CONFIG --include` +MYSQL_LIBS=`$MYSQL_CONFIG --libs` Regards, Bradley Giesbrecht patch-configure.diff Description: Binary data
