Re: [Dovecot] dovecot: imap-login: Error: net_connect_unix(imap) failed: Resource temporarily unavailable
El Tuesday 01 February 2011, Kurt Hockenbury khock...@stevens.edu dijo: That's what is shipping with RHEL 6. We've been trying to keep the system as close to stock RH as possible, to make support easier. We are in a similar situation (using RH and not moving too much from that), but using an up to date version of dovecot. After all, when you are having problems with dovecot you're not calling redhat for support. If you're coming to this list, it makes more sense to use the version this list recommends. HTH -- Joseba Torre. Vicegerencia de TICs, área de Explotación
Re: [Dovecot] Maintaining data integrity through proper power supplies (slightly referencing Best filesystem)
At 23:43 + 1/2/11, Ron Leach wrote: Since the HDs can be considered 'secure' (well, something v close to 100% available), data can be that secure 'provided' it is written to the HD. Since failures can occur at any time, the smaller the time that data exists that is 'not' on the HD, compared to the time that data 'is' on the HD, the less 'likely' that data will be lost when one of these unpreventable system failures occurs. In filesystems that immediately write data to the HD there is, in principle, no period when data is 'unwritten'. But, (and you can see what's coming), with filesystems that wait 30 seconds before writing to disk the data that the application 'thinks' has been safely written, then there is a 30 second 'window' of vulnerability to one of these events. On a large system with a lot of transactions, there might 'always' be some data that's sitting waiting to be written, and therefore whenever one of these 'uneliminatable' events occurs, data will be lost. Let's assume, for a moment, there is a message every 5 seconds, so there are 6 email messages waiting to go to disk in each 30 second window. (For a very large corporation, the email arrival rate may be much larger, of course.) As Stan says, strictly, any buffering delay in writing is independent of filesystem. It depends on the operating system and the drivers supplied for the filesystem. In practice, the access provided to the filesystem by the operating system may force a link between filesystem choice and delayed writes. The Unix Sync flush to disc is traditionally performed every 30 secs - by the wall-clock, not 30 secs after the data was queued to write. This means that the mean (average?) delay is 15 secs not 30. UPSs are a great help, but they are not failure-immune. They too, can fail, and will fail. They may just suddenly switch off, or they may fail to provide the expected duration of service, or they may fail to operate when the reticulated power does fail. We can add their failure rate into the calculations. I haven't any figures for them, but I'd guess at 3 years MTBF, so let's say another 0.3 events per year. We could redo the calculations above, with 1.5, now, instead of 1.2 - but I don't think we need to, on this list. (Of course, if we don't use a UPS, we'll have a seriously high event rate with every power glitch or drop wreaking havoc, so the lost message calculation would be much greater.) That's why the more expensive machines have multiple power supplies. Dual power supplies fed by two UPSs from different building feeds greatly reduce the chance of failure due to PSU, UPS or local power distribution board failure. One power distribution company client even had the equivalent of two power stations, but not many can manage that. David -- David Ledger - Freelance Unix Sysadmin in the UK. HP-UX specialist of hpUG technical user group (www.hpug.org.uk) david.led...@ivdcs.co.uk www.ivdcs.co.uk
[Dovecot] Improving lmtp performance
Hi, yesterday I migrated and old version with sendmail + courier to a virtual machine (vmware) with postfix and dovecot 2.0.9. Everything worked fine, but with a more or less default setup for both dovecot and postfix, lmtp performance was pretty bad: a message was written to an inbox every 2 or 3 seconds. With that rate and a 5000+ and growing mail queue mail delivery was really slow. After searching both the wiki and this list I didn't find anything related to this. I tried a couple of things, and finally added process_min_avail = 10 to service lmtp entry in 10-master.conf and local_destination_concurrency_limit = 10 in postfix's main.cf Now mail delivery is really fast, and my mail queue was delivered in a very sort time. Is this the right solution, or there's a better setup to improve mail delivery performance? Also, if this is a common problem, may be something should appear in http://wiki2.dovecot.org/LMTP Thanks. -- Joseba Torre. Vicegerencia de TICs, área de Explotación
[Dovecot] Backtrace:dovecot/imap with 2.0.9 hg checkout from 1st of Febrauary
It's actually 4 crashes in the same minute:
Date: Wed, 02 Feb 2011 04:28:35 +0100
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type show copying
and show warranty for details.
This GDB was configured as i486-linux-gnu.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /usr/dovecot-2/libexec/dovecot/imap...done.
Reading symbols from /usr/dovecot-2/lib/dovecot/libdovecot-storage.so.0...done.
Loaded symbols for /usr/dovecot-2/lib/dovecot/libdovecot-storage.so.0
Reading symbols from /usr/dovecot-2/lib/dovecot/libdovecot.so.0...done.
Loaded symbols for /usr/dovecot-2/lib/dovecot/libdovecot.so.0
Reading symbols from /lib/i686/cmov/libc.so.6...Reading symbols from
/usr/lib/debug/lib/i686/cmov/libc-2.11.2.so...done.
(no debugging symbols found)...done.
Loaded symbols for /lib/i686/cmov/libc.so.6
Reading symbols from /lib/i686/cmov/libdl.so.2...Reading symbols from
/usr/lib/debug/lib/i686/cmov/libdl-2.11.2.so...done.
(no debugging symbols found)...done.
Loaded symbols for /lib/i686/cmov/libdl.so.2
Reading symbols from /lib/i686/cmov/librt.so.1...Reading symbols from
/usr/lib/debug/lib/i686/cmov/librt-2.11.2.so...done.
(no debugging symbols found)...done.
Loaded symbols for /lib/i686/cmov/librt.so.1
Reading symbols from /lib/ld-linux.so.2...Reading symbols from
/usr/lib/debug/lib/ld-2.11.2.so...done.
(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/i686/cmov/libpthread.so.0...Reading symbols from
/usr/lib/debug/lib/i686/cmov/libpthread-2.11.2.so...done.
(no debugging symbols found)...done.
Loaded symbols for /lib/i686/cmov/libpthread.so.0
Reading symbols from /usr/dovecot-2/lib/dovecot/lib10_quota_plugin.so...done.
Loaded symbols for /usr/dovecot-2/lib/dovecot/lib10_quota_plugin.so
Reading symbols from
/usr/dovecot-2/lib/dovecot/lib11_imap_quota_plugin.so...done.
Loaded symbols for /usr/dovecot-2/lib/dovecot/lib11_imap_quota_plugin.so
Reading symbols from /usr/dovecot-2/lib/dovecot/lib11_trash_plugin.so...done.
Loaded symbols for /usr/dovecot-2/lib/dovecot/lib11_trash_plugin.so
Reading symbols from /usr/dovecot-2/lib/dovecot/lib15_notify_plugin.so...done.
Loaded symbols for /usr/dovecot-2/lib/dovecot/lib15_notify_plugin.so
Reading symbols from /usr/dovecot-2/lib/dovecot/lib20_fts_plugin.so...done.
Loaded symbols for /usr/dovecot-2/lib/dovecot/lib20_fts_plugin.so
Reading symbols from /usr/dovecot-2/lib/dovecot/lib20_mail_log_plugin.so...done.
Loaded symbols for /usr/dovecot-2/lib/dovecot/lib20_mail_log_plugin.so
Reading symbols from /usr/dovecot-2/lib/dovecot/lib20_zlib_plugin.so...done.
Loaded symbols for /usr/dovecot-2/lib/dovecot/lib20_zlib_plugin.so
Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/libbz2.so.1.0...(no debugging symbols found)...done.
Loaded symbols for /lib/libbz2.so.1.0
Reading symbols from
/usr/dovecot-2/lib/dovecot/lib21_fts_squat_plugin.so...done.
Loaded symbols for /usr/dovecot-2/lib/dovecot/lib21_fts_squat_plugin.so
Reading symbols from /usr/lib/gconv/ISO8859-1.so...Reading symbols from
/usr/lib/debug/usr/lib/gconv/ISO8859-1.so...done.
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gconv/ISO8859-1.so
Reading symbols from /lib/libgcc_s.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libgcc_s.so.1
Core was generated by `dovecot/imap'.
Program terminated with signal 6, Aborted.
#0 0xb772b430 in __kernel_vsyscall ()
#0 0xb772b430 in __kernel_vsyscall ()
No symbol table info available.
#1 0xb74cd751 in *__GI_raise (sig=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = value optimized out
pid = -1218555916
selftid = 4889
#2 0xb74d0b82 in *__GI_abort () at abort.c:92
act = {__sigaction_handler = {sa_handler = 0xbfa6ff70,
sa_sigaction = 0xbfa6ff70}, sa_mask = {__val = {3077746096,
3215392580, 3077788226, 3215392564, 3076492800, 3215392552,
3077868116, 0, 3076431144, 1, 0, 1, 3077745656, 37, 3215392472,
3076718496, 3076713323, 3076932840, 3215392556, 3072362840, 0,
3215392624, 3215392552, 3215392564, 3076718189, 3077745656, 0,
1733, 3215392584, 3076518647, 3215392556, 10}},
sa_flags = -1079574620, sa_restorer = 0xb76659cc pid.3441}
sigs = {__val = {32, 0 repeats 31 times}}
#3 0xb7630875 in default_fatal_finish (type=value optimized out,
status=value optimized out) at failures.c:187
backtrace = 0xb7208148
/usr/dovecot-2/lib/dovecot/libdovecot.so.0(+0x3b861) [0xb7630861] -
/usr/dovecot-2/lib/dovecot/libdovecot.so.0(+0x3b8cf) [0xb76308cf] -
Re: [Dovecot] automated mailbox trimming?
:2011-01-31T20:10:Monique Y. Mudama: On Tue, Feb 1 at 3:07, Timo Sirainen penned: What's the best way to go about mailbox trimming with dovecot's implementation of maildir? http://wiki.dovecot.org/Plugins/Expire although it's a bit annoyingly complex with v1.x. I'm guessing you don't have all that many users, so v2.0 would make this simpler. I was thinking of writing a script to simply move or delete old files, but would I mess up dovecot's expectations for directory/file structure that way? There's v1.0 cronjob equivalent in the wiki page too. It'll work fine, no messing up Dovecot. Thank you. You're correct about all that many users - with a whopping two users, the cronjob looks good to me =) I have my own approach and just thought I give it here in case anyone is interested. http://codemages.net/archive_mail-1.0.tar.bz2 Contains: archive_mail.sh - the core script moveme - support script for final movement - used to do some hash checking etc... but now it's a cp rm archmail.sh - the script I use to run archive_mail.sh What the script does is: You have INBOX it will each time is run check for any messages based on fs mtime that is older than N days and will store those messages into: .archive.year.month I run this daily and it helps keep all the mails down to a managable level. Hopefully it helps someone. -- Andraž 'ruskie' Levstik Source Mage GNU/Linux Games/Xorg grimoire guru Re-Alpine Coordinator http://sourceforge.net/projects/re-alpine/ Geek/Hacker/Tinker Be sure brain is in gear before engaging mouth.
Re: [Dovecot] Logging on syslog and selected dovecot files at the sametime
On 2011-02-02 7:19 AM, Antonio Perez-Aranda wrote: Is it possible to send logs to syslog and files set by log_path and log_info_path on config? Just two logs at the same time (not realtime). This would need to be done by your syslogger... syslog-ng can do this easily... -- Best regards, Charles
Re: [Dovecot] Logging on syslog and selected dovecot files at the sametime
Greats, Thanks 2011/2/2 Charles Marcus cmar...@media-brokers.com: On 2011-02-02 7:19 AM, Antonio Perez-Aranda wrote: Is it possible to send logs to syslog and files set by log_path and log_info_path on config? Just two logs at the same time (not realtime). This would need to be done by your syslogger... syslog-ng can do this easily... -- Best regards, Charles -- Antonio Pérez-Aranda Alcaide aperezara...@yaco.es Yaco Sistemas S.L. http://www.yaco.es/ C/ Rioja 5, 41001 Sevilla Teléfono +34 954 50 00 57 Fax +34 954 50 09 29
[Dovecot] UIDPLUS in the wiki
Hi, Isn't the stuff in the wiki about UIDPLUS being disabled because of maildir outdated? http://wiki.dovecot.org/FeatUIDPLUS http://wiki2.dovecot.org/FeatUIDPLUS /Peter
Re: [Dovecot] UIDPLUS in the wiki
On 2.2.2011, at 16.22, Peter Mogensen wrote: Isn't the stuff in the wiki about UIDPLUS being disabled because of maildir outdated? Yes. http://wiki.dovecot.org/FeatUIDPLUS http://wiki2.dovecot.org/FeatUIDPLUS Something should be done about the Feat* pages. My vote would be to just remove them. Maybe make one single page listing everything and have those items link to their configuration pages in wiki (rather than separate Feat* pages). But what items should be listed anyway?.. Anyone want to start cleaning those up (e.g. to http://wiki2.dovecot.org/Features)?
Re: [Dovecot] Splitting up mail_location setting?
El Tuesday 01 February 2011, Timo Sirainen t...@iki.fi dijo: Below are the setting names I thought about using: a) mail_location = maildir:~/Maildir:INBOX=~/Maildir/.INBOX:INDEX=~/indexes:CONTROL=~/control :LAYOUT=fs:SUBSCRIPTIONS=courier-subscriptions mail_format = maildir mail_root_path = ~/Maildir mail_inbox_path = ~/Maildir/.INBOX mail_index_path = ~/indexes mail_control_path = ~/control mail_directory_layout = fs mail_subscriptions_fname = courier-subscriptions b) mail_location = mdbox:~/mdbox:ALT=/alt/%u:LAYOUT=fs:DIRNAME=dbox-Mails:MAILBOXDIR=mailboxe s mail_format = mdbox mail_root_path = ~/mdbox mail_alt_path = /alt/%u mail_dir_name = dbox-Mails mail_mailboxes_dir_name = mailboxes Thoughts? Personally, I like the current setting. For me, if the current setting is misunderstood sometimes, the proposed one with two overlapping settings for the same attribute, with values sometimes read from external BBDD sounds pretty error prone. Maybe call mail_location advanced setup and the other ones basic setup, and make them mutually exclusive (I mean something like: if mail_format is used only mail_* attributes are used, and if it's not only mail_location). Otherwise very strange problems may appear. Bye. -- Joseba Torre. Vicegerencia de TICs, área de Explotación
Re: [Dovecot] UIDPLUS in the wiki
On Wed, 2 Feb 2011 09:04:25 -0600, Timo Sirainen said: On 2.2.2011, at 16.22, Peter Mogensen wrote: Isn't the stuff in the wiki about UIDPLUS being disabled because of maildir outdated? Yes. http://wiki.dovecot.org/FeatUIDPLUS http://wiki2.dovecot.org/FeatUIDPLUS Something should be done about the Feat* pages. My vote would be to just remove them. Maybe make one single page listing everything and have those items link to their configuration pages in wiki (rather than separate Feat* pages). But what items should be listed anyway?.. Anyone want to start cleaning those up (e.g. to http://wiki2.dovecot.org/Features)? I volunteer to consolidate these pages (I count 18 of them on each of the 1.x and the 2.0 wikis) into a single Features page. Can the contents of the 1.x wiki be easily copied to the same page on the wiki2 site? Might take a week or so, but it looks like these pages don't change often. There is alredy a DovecotFeatures page. Should this be a separate page? I think so, and DovecotFeatures should probably link to this new page. ~David Klann Airstream Communications Wisconsin USA
Re: [Dovecot] UIDPLUS in the wiki
On 2.2.2011, at 17.33, David Klann wrote: Something should be done about the Feat* pages. My vote would be to just remove them. Maybe make one single page listing everything and have those items link to their configuration pages in wiki (rather than separate Feat* pages). But what items should be listed anyway?.. Anyone want to start cleaning those up (e.g. to http://wiki2.dovecot.org/Features)? I volunteer to consolidate these pages (I count 18 of them on each of the 1.x and the 2.0 wikis) into a single Features page. Can the contents of the 1.x wiki be easily copied to the same page on the wiki2 site? Might take a week or so, but it looks like these pages don't change often. What do you mean? The Feat* pages are already in wiki2 and they're the same as in wiki1. I don't think the wiki1 pages really need to be touched, since wiki2 is the future. :) I also wouldn't worry much about the contents of the Feat* subpages themselves, since they're mostly one liners or out of date. So I can just delete them later. There is alredy a DovecotFeatures page. Should this be a separate page? I think so, and DovecotFeatures should probably link to this new page. That page is also out of date and it contains a lot of really specific information that I don't think belongs there. The About Dovecot looks like it's (mostly) copypasted from an old dovecot.org main page, which was rewritten for a reason.. I don't much like having duplicate information all around, it just makes it easier to get out of date when it's forgotten about, and even when not forgotten about it's more work to keep updating it.
[Dovecot] Resource temporarily unavailable
On very high traffic in POP3 I have flood of messages in my log:
Feb 2 16:32:17 pp4 dovecot: pop3: Error:
net_connect_unix(/var/run/dovecot/auth-master) failed: Resource
temporarily unavailable
What a Terrible Failure (WTF)?
Can You help me resolve this problem?
I've not found any info about auth-master problem :/
My settings:
default_process_limit = 2000
default_client_limit = 4096
service pop3-login {
service_count = 0
vsz_limit = 128M
process_min_avail = 8
}
FD limit in system = 32000
8 cpu, 28GB RAM
about 50 login per second
Different Error messages I've when set service_count = 1.
Feb 2 10:21:29 pp4 dovecot: pop3-login: (5052) Disconnected: Connection
queue full (no auth attempts)
--
Len7hir
Re: [Dovecot] Maintaining data integrity through proper power supplies (slightly referencing Best filesystem)
If you have a proper-sized UPS, combined with notification from the UPS to the servers to perform orderly shutdowns - including telling the application servers to shutdown prior to the storage servers, etc. - doesn't that render the (possibly more than theoretical) chances of data loss due to power interruption a moot point? UPSs are a great help, but they are not failure-immune. They too, can fail, and will fail. They may just suddenly switch off, or they may fail to provide the expected duration of service, or they may fail to operate when the reticulated power does fail. We can add their failure rate into the calculations. I haven't any figures for them, but I'd guess at 3 years MTBF, so let's say another 0.3 events per year. We could redo the calculations above, with 1.5, now, instead of 1.2 - but I don't think we need to, on this list. (Of course, if we don't use a UPS, we'll have a seriously high event rate with every power glitch or drop wreaking havoc, so the lost message calculation would be much greater.) Daniel, I'm delighted but not in the least surprised that you haven't lost a message. But I fully expect you will sometime in your operation's life unless you use (a) redundant equipment (eg RAID) with (b) very minimal windows of vulnerability (which, following that other thread, means a filesystem that does immediately write to disk when it is asked to do so and, seemingly, not all high-performance filesystems do). Just to add a note about power and 'knowledge' - I built my first OpenSolaris server with a decent size ZFS array, re-using a 'retired' case and power supply a couple years ago. It drove me crazy at first - I didn't even have it in production and ZFS kept failing random disks at random intervals. I happened to stumble across a post of another user who had the same problem and it turned out to be a 'poor' power supply. Sure enough, a brand new power supply 'fixed' the problem. Did I lose any data in the past? I have no idea, maybe it was temp data, maybe it culminated in a Windows crash or odd OS error. All I know is ZFS, in a round about way, found a problem I would have never known I had. I love ZFS, it's snapshots are the closest thing I've found to my beloved Novel's Salvage command ;) Rick
Re: [Dovecot] override not working
Solved:
Initially it was not working because I use prefetch and since prefetch gets
the variables from the password_query it was not working because the
password_query was not configured correctly. I was using as_mail_plugins
when I should have been using as userdb_mail_plugins. Hope this helps
someone.
password_query = SELECT username as user, password,
if('%d'='virttest2.xxx.com', 'quota imap_quota trash expire autocreate acl
imap_acl',null) as userdb_mail_plugins, concat('/var/vmail/%d/', maildir) as
userdb_home, concat('maildir:/var/vmail/%d/', maildir) as userdb_mail, 101
as userdb_uid, 502 as userdb_gid, CONCAT('*:bytes=', CAST(quota AS CHAR)) AS
quota_rule FROM mailbox WHERE username = '%u'
paul
-Original Message-
From: dovecot-bounces+razor=meganet@dovecot.org
[mailto:dovecot-bounces+razor=meganet@dovecot.org] On Behalf Of Paul A
Sent: Tuesday, February 01, 2011 11:59 AM
To: 'Dovecot Mailing List'
Subject: [Dovecot] override not working
Hi, I'm using dovecot 2.x and I'm using override so that only certain
domains are allowed to use ACLs, however it does seem to be working even
though I see the mail_plugins override in the logs.
In the config file I have
protocol imap {
mail_plugins = quota imap_quota trash expire autocreate
}
Using the following password/user queries:
password_query = SELECT username as user, password,
if('%d'='virttest2.xxx.net', 'acl imap_acl',null) as mail_plugins,
concat('/var/vmail/%d/', maildir) as userdb_home,
concat('maildir:/var/vmail/%d/', maildir) as userdb_mail, 101 as userdb_uid,
502 as userdb_gid, CONCAT('*:bytes=', CAST(quota AS CHAR)) AS quota_rule
FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, if('%d'='virttest2.xxx.net', 'acl
imap_acl',null) as mail_plugins, 101 AS uid, 502 AS gid, CONCAT('*:bytes=',
CAST(quota AS CHAR)) AS quota_rule FROM mailbox WHERE username = '%u' AND
active = '1'
Now in n the log I do see the mail_plugins override but for some reason I
get an IMAP error when trying to share folders.
out: OK1 user=use...@virttest2.xxx.net mail_plugins=acl
imap_acl quota_rule=*:bytes=51200
ERROR:
IMAP server does not support the ACL capability, sorry.
[Dovecot] Can´t move folders in Outlook
Hi, this is my first time in a mailing list, so I don´t know if I´m doing it right. My problem is that I cannot move a folder into another one, I can create them, move messages, etc, but I can´t move a folder, no matter what folder. It works fine With Thunderbird, but in Outlook Express or WLive Mail2009 it just doesn´t go! Must be something wrong with my .conf. I hope someone can help me please. dovecot --version 1.0.15 dovecot -n # 1.0.15: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap listen: 192.168.10.2:210 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/var/mail/%u auth default: passdb: driver: pam userdb: driver: passwd
[Dovecot] Signal 11 on deliver
I just installed Postfix, MySQL, and Dovecot. Everything is working great (IMAP, POP, SMTP) except that I can't get incoming mail to deliver properly. Incoming mail logs the following: Feb 2 13:23:52 mail postfix/qmgr[2187]: CE0D41F0263: from=mhoppes@[redacted], size=650, nrcpt=1 (queue active) Feb 2 13:23:52 mail postfix/pipe[3594]: CE0D41F0263: to=mhoppes@[redacted], relay=dovecot, delay=0.32, delays=0.3/0/0/0.01, dsn=5.3.0, status=bounced (Command died with signal 11: /usr/libexec/dovecot/deliver) Running /usr/libexec/dovecot/deliver -d mhoppes@[redacted] results in an e-mail being delivered to the recipient. Any thoughts on what my issue is?
Re: [Dovecot] Signal 11 on deliver
OK, I've been working on this all day... after I sent the message I just finally solved it. Why is it that dovecot crashes when the first option in the dovecot.conf file is something=no? On Wed, Feb 2, 2011 at 2:25 PM, Matt mhop...@gmail.com wrote: I just installed Postfix, MySQL, and Dovecot. Everything is working great (IMAP, POP, SMTP) except that I can't get incoming mail to deliver properly. Incoming mail logs the following: Feb 2 13:23:52 mail postfix/qmgr[2187]: CE0D41F0263: from=mhoppes@[redacted], size=650, nrcpt=1 (queue active) Feb 2 13:23:52 mail postfix/pipe[3594]: CE0D41F0263: to=mhoppes@[redacted], relay=dovecot, delay=0.32, delays=0.3/0/0/0.01, dsn=5.3.0, status=bounced (Command died with signal 11: /usr/libexec/dovecot/deliver) Running /usr/libexec/dovecot/deliver -d mhoppes@[redacted] results in an e-mail being delivered to the recipient. Any thoughts on what my issue is?
[Dovecot] Reproducable hang caused by IMAP server
Hello,
I have problems with Dovecot 2.0.9 (and 2.0.8) under NetBSD/amd64 5.1.
mutt hangs when I try to quit it after accessing a folder via IMAP.
I can reproduce the problem with these steps:
1.) I run mutt -f =foo to access folder foo via IMAP. The folder
contains about 10 messages in my case.
2.) I tag two of the messages and then save them to a *non existent*
folder. When mutt asks whether the folder should be created
I confirm the action.
3.) Finally I exit mutt and confirm the question whether the messages
marked as deleted (by the save in step 2) should be deleted.
4.) mutt now hangs indefinitely.
I've attached a packet capture of the above steps to this e-mail. As far
as I can tell from the packet capture and debugging mutt with gdb
it waits for the IMAP server to confirm the logout which never happens.
I've never seen this problem with Dovecot 1.2.16.
Here is the requested debugging information:
Output of dovecot --version:
2.0.9
Output of doveconf -n:
# 2.0.9: /etc/pkg/dovecot/dovecot.conf
# OS: NetBSD 5.1_STABLE amd64
auth_mechanisms = cram-md5 digest-md5 plain login
listen = *, [::]
mail_debug = yes
mail_location = mbox:~/Mail:INBOX=/var/mail/%u
passdb {
args = /etc/pkg/dovecot/passwd
driver = passwd-file
}
pop3_uidl_format = %08Xv%08Xu
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = /etc/openssl/certs/dovecot.pem
ssl_key = /etc/openssl/private/dovecot.pem
userdb {
driver = passwd
}
Kind regards
--
Matthias Scheler http://zhadum.org.uk/
imap.pcap
Description: Binary data
[Dovecot] Quota ignore issue
Hi Timo,
ok, in my dovecot setup, I have a setting to ignore messages in the Spam
folder (I will put my dovecot -n at the end of the message), and a
strange thing appears to be happening.
If I do a quota recalc on an account, It creates the maildirsize file
correctly, without the contents of the Spam folder calculated into the
total used.
But, it looks like when a new spam email is delivered, before the sieve
rules in the lda can move it into the spam folder, it is added to the
maildirsize file. Then, once it is moved into the Spam folder, if it is
directly expunged from the folder, it isn't subtracted from maildirsize
file.
I am using roundcube as a webmail solution, and it recognizes the Spam
folder and lets users directly empty the Spam folder instead of moving
it to the trash, and then removing it. If I do move the mail from the
Spam folder to the Trash folder, and then empty the trash, it then puts
the subtraction in the maildirsize folder.
So, either it shouldn't add it in the first place, or even though it is
deleted directly from the Spam folder, it should be subtracted from the
maildirsize folder, right?
Hmmm...maybe its the structure of the default sieve command that I have
that is making it want to add it?
here is the default sieve script that I use in the sieve_after field :
require fileinto;
# rule:[Spam and Virus Tag]
if anyof (header :contains Subject [VIRUS-TAG],
header :contains Subject [SPAM-TAG])
{
fileinto Spam;
stop;
}
Essentially, what is happening is that users are getting their quota
filled up for messages that were in their Spam folder...
Thanks,
Tim.
and here is my dovecot -n output :
# 2.0.7: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 8.1-STABLE i386
auth_username_format = %Lu
auth_username_translation = %@
auth_verbose = yes
disable_plaintext_auth = no
dotlock_use_excl = yes
first_valid_uid = 100
listen = *
lock_method = dotlock
log_path = /local/logs/dovecot.errors
mail_fsync = always
mail_gid = 100
mail_location = maildir:%h/Maildir
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = quota
mail_uid = 100
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date imapflags notify
mmap_disable = yes
passdb {
args = /bin/checkpassword_dovecot_auth
driver = checkpassword
}
plugin {
quota = maildir:User quota
quota_rule = Trash:storage=+100M
quota_rule2 = Spam:ignore
sieve = ~/.dovecot.sieve
sieve_after = /home/mailboxes/sieve/to_spam_folder.sieve
sieve_dir = ~/Maildir/sieve
sieve_extensions = +notify +imapflags
}
protocols = imap pop3 sieve
service auth {
unix_listener auth-userdb {
group = sn
mode = 0600
user = sn
}
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = prefetch
}
userdb {
args = /bin/checkpassword_dovecot_deliver
driver = checkpassword
}
verbose_proctitle = yes
verbose_ssl = yes
protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
info_log_path = /local/logs/dovecot-deliver.log
log_path = /local/logs/dovecot-deliver-errors.log
mail_plugins = quota sieve
}
protocol imap {
mail_plugins = quota imap_quota
}
protocol sieve {
managesieve_sieve_capability = comparator-i;ascii-numeric fileinto
reject vacation imap4flags notify include envelope body relational regex
subaddress copy
}
[Dovecot] STARTTLS problem
Hi,
We try to configure dovecot as usual (all our servers have
dovecot+vpopmail+qmail or postfix).
We set up dovecot with the next outcome:
- imap ok
- imaps ok
- imap STARTTLS NOT OK
Debug:
root@s13:/home/lucas# gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip'...
- Simple Client Mode:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
*** Starting TLS handshake
*** Non fatal error: Resource temporarily unavailable, try again.
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
Same result with thunderbird and openssl.
Log:
Feb 2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x10,
ret=1: before/accept initialization [83.61.13.57]
Feb 2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: before/accept initialization [83.61.13.57]
Feb 2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv2/v3 read client hello A [83.61.13.57]
Feb 2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read client hello A [83.61.13.57]
Feb 2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write server hello A [83.61.13.57]
Feb 2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write certificate A [83.61.13.57]
Feb 2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write server done A [83.61.13.57]
Feb 2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 flush data [83.61.13.57]
Feb 2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [83.61.13.57]
Feb 2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [83.61.13.57]
Feb 2 20:27:34 s13 dovecot: imap-login: Warning: SSL failed:
where=0x2002: SSLv3 read client certificate A [83.61.13.57]
Feb 2 20:27:34 s13 dovecot: imap-login: Disconnected (no auth
attempts): rip=83.61.13.57, lip=109.200.5.221, TLS handshaking: Disconnected
My config:
# 2.0.9: /opt/dovecot/etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-27-server x86_64 Ubuntu 8.04
auth_mechanisms = plain login cram-md5
default_login_user = vpopmail
disable_plaintext_auth = no
first_valid_gid = 89
first_valid_uid = 89
last_valid_gid = 89
last_valid_uid = 89
listen = ip
mail_debug = yes
mail_gid = 89
mail_uid = 89
passdb {
driver = vpopmail
}
plugin {
quota = maildir:User quota
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
setting_name = quota, trash
}
protocols = imap pop3
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service imap {
process_limit = 1024
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service pop3 {
process_limit = 1024
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = vpopmail
}
verbose_ssl = yes
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
}
protocol pop3 {
mail_max_userip_connections = 3
pop3_client_workarounds = outlook-no-nuls ,oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
Any clue?
Thank you in advanced,
Lucas
Re: [Dovecot] Signal 11 on deliver
On Wed, 2011-02-02 at 14:36 -0500, Matt wrote: OK, I've been working on this all day... after I sent the message I just finally solved it. Why is it that dovecot crashes when the first option in the dovecot.conf file is something=no? It's actually glibc that crashes. Fixed in newer glibc and Dovecot v2.0.
Re: [Dovecot] STARTTLS problem
On Wed, 2011-02-02 at 21:28 +0100, Lucas -LandM- wrote: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. *** Starting TLS handshake You're starting it too early. Give x starttls command first.
[Dovecot] LDAP and GSSAPI problems
This is a continuation of a problem I have been having. Samba 4 has recently changed to require binds. I need LDAP to verify users exist. I am using Kerberos (GSSAPI) as the passdb. Samba can handle GSSAPI/Kerberos SASL binds. I have the following in my dovecot-ldap setup for userdb: dn = smtp/mailhost.example@example.org sasl_bind = yes sasl_mech = GSSAPI sasl_realm = EXAMPLE.ORG sasl_authz_id = smtp/mailhost.example@example.org Which gives me the following error. Debug: ldap(trever): user search: base=dc=example,dc=org scope=subtree filter=((objectClass=person)(|(mail=trever)(sAMAccountName=trever)(userPrincipalName=trever))) fields=userPrincipalName dovecot: auth: Error: LDAP: binding failed (dn smtp/mailhost.example@example.org): Local error, SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_97' not found) Additionally, I have auth_krb5_keytab = /etc/dovecot/krb5.keytab setup for the GSSAPI user login. The credential cache should be that file should it not? If not, how do I go about setting that up so that it will work. Thank you, Trever -- The only true happiness comes from squandering ourselves for a purpose. -- William Cowper signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Quota ignore issue
On Wed, 2011-02-02 at 11:54 -0800, Tim Traver wrote:
But, it looks like when a new spam email is delivered, before the sieve
rules in the lda can move it into the spam folder, it is added to the
maildirsize file. Then, once it is moved into the Spam folder, if it is
directly expunged from the folder, it isn't subtracted from maildirsize
file.
I can't reproduce this, it's never added to quota when delivering to
Spam. Try to reproduce with a simpler setup.
Hmmm...maybe its the structure of the default sieve command that I have
that is making it want to add it?
It should happen only when the message is actually saved somewhere (you
sure there's not a copy saved to some archive/something?)
plugin {
quota = maildir:User quota
quota_rule = Trash:storage=+100M
quota_rule2 = Spam:ignore
sieve = ~/.dovecot.sieve
sieve_after = /home/mailboxes/sieve/to_spam_folder.sieve
sieve_dir = ~/Maildir/sieve
sieve_extensions = +notify +imapflags
}
Try:
1) removing the sieve_* settings
2) Use a simple Sieve script for a test user:
require fileinto;
fileinto Spam;
stop;
3) Run from command line:
doveadm quota get -u username
echo Hello world | /usr/local/libexec/dovecot/dovecot-lda -d username
doveadm quota get -u username
With these and latest v2.0 from hg (but I don't remember any related
fixes for a long time) the quota never increased.
Re: [Dovecot] LDAP and GSSAPI problems
On Wed, 2011-02-02 at 14:29 -0700, Trever L. Adams wrote:
dn = smtp/mailhost.example@example.org
sasl_bind = yes
sasl_mech = GSSAPI
sasl_realm = EXAMPLE.ORG
sasl_authz_id = smtp/mailhost.example@example.org
LDAP SASL authentication goes through Cyrus SASL library, nothing
Dovecot can do about it, except for me to write my own LDAP library.
Additionally, I have auth_krb5_keytab = /etc/dovecot/krb5.keytab setup
for the GSSAPI user login.
So this setting is never used. If that's the problem, you could try if
you can work around it in a bit kludgy way:
service auth {
executable = /usr/local/bin/auth-wrapper.sh
}
Which contains:
#!/bin/sh
export KRB5_KTNAME=/etc/dovecot/krb5.keytab
exec /usr/local/libexec/dovecot/auth -k
Re: [Dovecot] STARTTLS problem
Hi Tio, Thank you very much for your quick answer. Same error: gnutls-cli --starttls -p 143 ip Resolving 'ip'... Connecting to 'ip:143'... - Simple Client Mode: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. 9 STARTTLS 9 OK Begin TLS negotiation now. *** Starting TLS handshake *** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed root@s13:/home/lucas# gnutls-cli --starttls -p 143 ip Resolving 'ip'... Connecting to 'ip:143'... - Simple Client Mode: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. *** Starting TLS handshake 2 STARTTLS *** Non fatal error: Resource temporarily unavailable, try again. *** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed Any other test? Regards, Lucas On 02/02/2011 22:16, Timo Sirainen wrote: On Wed, 2011-02-02 at 21:28 +0100, Lucas -LandM- wrote: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. *** Starting TLS handshake You're starting it too early. Give x starttls command first.
Re: [Dovecot] Reproducable hang caused by IMAP server
On Wed, 2011-02-02 at 19:45 +, Matthias Scheler wrote: 2.) I tag two of the messages and then save them to a *non existent* folder. When mutt asks whether the folder should be created I confirm the action. Thanks, fixed: http://hg.dovecot.org/dovecot-2.0/rev/826981b2c5c4 Stupid gcc didn't give a warning here.. I should create some nightly run that emails me if clang gives any warnings on latest hg (it would have caught this).
Re: [Dovecot] STARTTLS problem
On Wed, 2011-02-02 at 22:47 +0100, Lucas -LandM- wrote: Same error: gnutls-cli --starttls -p 143 ip Resolving 'ip'... Connecting to 'ip:143'... - Simple Client Mode: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. 9 STARTTLS 9 OK Begin TLS negotiation now. *** Starting TLS handshake *** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed Try connecting from localhost. Maybe you have a broken proxy/firewall in the middle.
Re: [Dovecot] STARTTLS problem
Hi Timo again, It works right now, but only in command line approach: gnutls-cli --starttls -p 143 ip Resolving 'ip'... Connecting to 'ip:143'... - Simple Client Mode: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. 1 starttls 1 OK Begin TLS negotiation now. *** Starting TLS handshake - Ephemeral Diffie-Hellman parameters - Using prime: 1024 bits - Secret key: 1023 bits - Peer's public key: 1021 bits - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=SP,ST=Madrid,L=Madrid,O=Dclient,OU=IMAP server,CN=imap.client.com,EMAIL=postmas...@client.com', issuer `C=SP,ST=Madrid,L=Madrid,O=Dclient,OU=IMAP server,CN=imap.client.com,EMAIL=postmas...@client.com', RSA key 1024 bits, signed using RSA-SHA, activated `2011-02-02 18:46:20 UTC', expires `2021-01-30 18:46:20 UTC', SHA-1 fingerprint `17861d69831182042fbc1544a30cf33c4059ff06' - The hostname in the certificate does NOT match 'client' Thunderbird loops Checking mail server capabilities for ever. server log: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [83.61.13.57] Feb 2 22:01:55 s13 dovecot: imap-login: Disconnected (no auth attempts): rip=83.61.13.57, lip=ip, TLS handshaking: Disconnected Any other suggestion? Thank you, Lucas On 02/02/2011 22:16, Timo Sirainen wrote: On Wed, 2011-02-02 at 21:28 +0100, Lucas -LandM- wrote: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. *** Starting TLS handshake You're starting it too early. Give x starttls command first.
Re: [Dovecot] STARTTLS problem
Hi Timo, From other server: gnutls-cli --starttls -p 143 ip Resolving 'ip'... Connecting to 'ip:143'... - Simple Client Mode: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. 9 starttls 9 OK Begin TLS negotiation now. *** Starting TLS handshake - Ephemeral Diffie-Hellman parameters - Using prime: 1032 bits - Secret key: 1016 bits - Peer's public key: 1024 bits - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: # The hostname in the certificate does NOT match 'ip'. Server log: Feb 2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [83.170.89.109] Feb 2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [83.170.89.109] Feb 2 22:10:07 s13 dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read certificate verify A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [83.170.89.109] Feb 2 22:10:08 s13 dovecot: imap-login: Disconnected (no auth attempts): rip=83.170.89.109, lip=109.200.5.221, TLS: Disconnected Same error in thunderbird :( Feb 2 22:12:44 s13 dovecot: imap-login: Disconnected (no auth attempts): rip=83.61.13.57, lip=ip, TLS handshaking: Disconnected Regards, Lucas On 02/02/2011 23:03, Timo Sirainen wrote: On Wed, 2011-02-02 at 22:47 +0100, Lucas -LandM- wrote: Same error: gnutls-cli --starttls -p 143 ip Resolving 'ip'... Connecting to 'ip:143'... - Simple Client Mode: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. 9 STARTTLS 9 OK Begin TLS negotiation now. *** Starting TLS handshake *** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed Try connecting from localhost. Maybe you have a broken proxy/firewall in the middle.
Re: [Dovecot] Resource temporarily unavailable
On Wed, 2011-02-02 at 17:09 +0100, Len7hir wrote: Feb 2 16:32:17 pp4 dovecot: pop3: Error: net_connect_unix(/var/run/dovecot/auth-master) failed: Resource temporarily unavailable auth process isn't responding fast enough. My settings: Full doveconf -n output please. Different Error messages I've when set service_count = 1. Feb 2 10:21:29 pp4 dovecot: pop3-login: (5052) Disconnected: Connection queue full (no auth attempts) That's expected. If you set service_count=1 you need to increase the process_limit.
Re: [Dovecot] Reproducable hang caused by IMAP server
On Thu, Feb 03, 2011 at 12:02:40AM +0200, Timo Sirainen wrote: On Wed, 2011-02-02 at 19:45 +, Matthias Scheler wrote: 2.) I tag two of the messages and then save them to a *non existent* folder. When mutt asks whether the folder should be created I confirm the action. Thanks, fixed: http://hg.dovecot.org/dovecot-2.0/rev/826981b2c5c4 Yes, that fixes the problem. Thanks a lot. Stupid gcc didn't give a warning here.. I should create some nightly run that emails me if clang gives any warnings on latest hg (it would have caught this). clang can warn about such things? That is useful. The amount of automated cast that C(++) does is a never ending source of problems. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: [Dovecot] Backtrace:dovecot/imap with 2.0.9 hg checkout from 1st of Febrauary
On Wed, 2011-02-02 at 09:59 +0100, Ralf Hildebrandt wrote:
#8 squat_trie_build_more (ctx=0x9ef10a8, uid=37,
type=SQUAT_INDEX_TYPE_HEADER,
input=0xb719e008 \037\357\277\275\b\b?C\357\277\275L2,S\n\020H!
\357\277\275\060 \314\203\357\277\275-!\026\341\222\215\357\277
\275{\357\277\275~\357\277\275I\357\277\275R\357\277\275W\337\275U\357
\277\275*\357\277\275$\032\005\036WIF=\025\037\031\357\277\275\067S
\006\357\277\275FM\357\277\275\352\231\200\035\357\277\275\\\357\277
\275\034\357\277\275\\#\357\277\275G:\357\277\275\070\357\277\275\017#
\323\215R\357\277\275H#\357\277\275@\002\357\277\275~\357\277\275\065
\357\277\275\b\357\277\275K\357\277\275\023\357\277\275.VM\357\277
\275Q\357\277\275\061\035G\357\277\275\033\336\243\027\357\277\275OBQ
\357\277\275\t\aJ\357\277\275@\357\277\275I\357\277\275...,
size=139516) at squat-trie.c:963
You have some message where there's some garbage data in header? Or
probably in some MIME part header. And the header is over 130kB long?
That's a bit weird. My guess is it's a broken mail.
There's anyway a bug since it shouldn't be crashing even with garbage
input.
Do you still have this message available? You can probably find it with:
doveadm fetch -u username 'mailbox size.virtual' uid 37
And seeing if that's a 130k message somewhere in the list. If that's a
spam or otherwise a message you can send me, it would help fixing this.
Re: [Dovecot] Reproducable hang caused by IMAP server
On Wed, 2011-02-02 at 22:20 +, Matthias Scheler wrote: Stupid gcc didn't give a warning here.. I should create some nightly run that emails me if clang gives any warnings on latest hg (it would have caught this). clang can warn about such things? That is useful. The amount of automated cast that C(++) does is a never ending source of problems. Hmm. Actually looks like this is only a problem when returning _Bool. Neither warn about that and both warn if it's int. Lets see if I can get either of them to change their minds about this.
Re: [Dovecot] Quota ignore issue
Timo,
ok, I found the issue. Config problem on some servers that were
delivering the mail. We have separate servers delivering outside mail to
the Maildirs, and a set of servers that do the IMAP, POP, Webmail, etc...
Seems the delivery servers didn't have the ignore the Spam folder
directive. I tested, and all is well...
Sorry about that one, I hate not catching those before I ask you and the
group, but i appreciate your work.
Tim.
On 2/2/2011 1:33 PM, Timo Sirainen wrote:
On Wed, 2011-02-02 at 11:54 -0800, Tim Traver wrote:
But, it looks like when a new spam email is delivered, before the sieve
rules in the lda can move it into the spam folder, it is added to the
maildirsize file. Then, once it is moved into the Spam folder, if it is
directly expunged from the folder, it isn't subtracted from maildirsize
file.
I can't reproduce this, it's never added to quota when delivering to
Spam. Try to reproduce with a simpler setup.
Hmmm...maybe its the structure of the default sieve command that I have
that is making it want to add it?
It should happen only when the message is actually saved somewhere (you
sure there's not a copy saved to some archive/something?)
plugin {
quota = maildir:User quota
quota_rule = Trash:storage=+100M
quota_rule2 = Spam:ignore
sieve = ~/.dovecot.sieve
sieve_after = /home/mailboxes/sieve/to_spam_folder.sieve
sieve_dir = ~/Maildir/sieve
sieve_extensions = +notify +imapflags
}
Try:
1) removing the sieve_* settings
2) Use a simple Sieve script for a test user:
require fileinto;
fileinto Spam;
stop;
3) Run from command line:
doveadm quota get -u username
echo Hello world | /usr/local/libexec/dovecot/dovecot-lda -d username
doveadm quota get -u username
With these and latest v2.0 from hg (but I don't remember any related
fixes for a long time) the quota never increased.
Re: [Dovecot] LDAP and GSSAPI problems
On 02/02/2011 02:38 PM, Timo Sirainen wrote:
On Wed, 2011-02-02 at 14:29 -0700, Trever L. Adams wrote:
dn = smtp/mailhost.example@example.org
sasl_bind = yes
sasl_mech = GSSAPI
sasl_realm = EXAMPLE.ORG
sasl_authz_id = smtp/mailhost.example@example.org
LDAP SASL authentication goes through Cyrus SASL library, nothing
Dovecot can do about it, except for me to write my own LDAP library.
Ok. I can understand that.
Additionally, I have auth_krb5_keytab = /etc/dovecot/krb5.keytab setup
for the GSSAPI user login.
So this setting is never used. If that's the problem, you could try if
you can work around it in a bit kludgy way:
service auth {
executable = /usr/local/bin/auth-wrapper.sh
}
Which contains:
#!/bin/sh
export KRB5_KTNAME=/etc/dovecot/krb5.keytab
exec /usr/local/libexec/dovecot/auth -k
I thought I saw a patch on the mailing list in 2007 that set KRB5_KTNAME
if auth_krb5_keytab was set in the configuration. I guess it was either
ntlm specific or was not accepted.
Postfix (the other half of my solution -- though the version I am using
doesn't do SASL LDAP yet, but 2.9.x does) allows you, in the
configuration, to set what environment variables it should not unset and
even define new ones (an example -- import_environment =
KRB5_KTNAME=/etc/dovecot/krb5.keytab). This may be a good solution for
Dovecot specifically for things like this.
I would rather not have to run bash or any other shell just to set the
environment variable. I will for the time being.
Thank you, as always,
Trever
--
signature.asc
Description: OpenPGP digital signature
Re: [Dovecot] LDAP and GSSAPI problems
On Wed, 2011-02-02 at 16:13 -0700, Trever L. Adams wrote: #!/bin/sh export KRB5_KTNAME=/etc/dovecot/krb5.keytab exec /usr/local/libexec/dovecot/auth -k I thought I saw a patch on the mailing list in 2007 that set KRB5_KTNAME if auth_krb5_keytab was set in the configuration. I guess it was either ntlm specific or was not accepted. It does set that, but only on first GSSAPI authentication. I guess it wouldn't hurt moving it to do it always. If that script helps you, I can do this change. Postfix (the other half of my solution -- though the version I am using doesn't do SASL LDAP yet, but 2.9.x does) allows you, in the configuration, to set what environment variables it should not unset and even define new ones (an example -- import_environment = KRB5_KTNAME=/etc/dovecot/krb5.keytab). This may be a good solution for Dovecot specifically for things like this. Maybe.. But there haven't really been all that many uses for it.
Re: [Dovecot] LDAP and GSSAPI problems
On Thu, Feb 03, 2011 at 01:17:02AM +0200, Timo Sirainen wrote: Postfix (the other half of my solution -- though the version I am using doesn't do SASL LDAP yet, but 2.9.x does) allows you, in the configuration, to set what environment variables it should not unset and even define new ones (an example -- import_environment = KRB5_KTNAME=/etc/dovecot/krb5.keytab). This may be a good solution for Dovecot specifically for things like this. Maybe.. But there haven't really been all that many uses for it. Windows AD's LDAP server behaves by default in the same way, in that all LDAP must be authenticated - this makes alot of sense, IMHO. It would be nice to have LDAP out of the box support kerberos authentication using the machine principle setup by samba. Jason
[Dovecot] EUID not changing when delivering to a mailbox
Hello,
I've set up virtual mailboxes and I'm using one uid/gid pair
(mail/mail) to deliver almost all messages. Some accounts I'd like to
have accessible by local Linux accounts as well, so postfix is
delivering them using separate uids (gid stays the same). But I run
into a problem when dovecot auth correctly fetches uid/gid from MySQL
database, but still uses general mail uid to access the mailbox
instead of user uid.
This is what I have in dovecot log:
dovecot: auth(default): client in: AUTH 1 PLAIN service=imap
secured lip=myipaddrrip=myipaddrlport=143
rport=55513
dovecot: auth(default): client out: CONT 1
dovecot: auth(default): client in: CONThidden
dovecot: auth-worker(default): sql(j...@mydomain.com,myipaddr): query:
SELECT CONCAT('/var/mail/', maildir) AS userdb_home, username as user,
password, CONCAT('*:bytes=', quota) AS userdb_quota_rule, uid, gid
FROM mailbox WHERE username = 'j...@mydomain.com' AND active = 1
dovecot: auth(default): client out: OK 1 user=j...@mydomain.com
uid=1000gid=12
dovecot: auth(default): master in: REQUEST 11 17252 1
dovecot: auth(default): prefetch(j...@mydomain.com,myipaddr): success
dovecot: auth(default): master out: USER 11 j...@mydomain.com
home=/var/mail/mydomain.com/joe/quota_rule=*:bytes=-1
dovecot: imap-login: Login: user=j...@mydomain.com, method=PLAIN,
rip=myipaddr, lip=myipaddr, TLS
dovecot: IMAP(j...@mydomain.com):
opendir(/var/mail/mydomain.com/joe/Maildir) failed: Permission denied
(euid=8(mail) egid=12(mail) missing +r perm:
/var/mail/mydomain.com/joe/Maildir)
dovecot: IMAP(j...@mydomain.com):
stat(/var/mail/mydomain.com/joe/indexes/.INBOX) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +x perm:
/var/mail/mydomain.com/joe/indexes)
dovecot: IMAP(j...@mydomain.com):
file_dotlock_create(/var/mail/mydomain.com/joe/Maildir/dovecot-uidlist)
failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm:
/var/mail/mydomain.com/joe/Maildir)
dovecot: IMAP(j...@mydomain.com):
opendir(/var/mail/mydomain.com/joe/Maildir/new) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +r perm:
/var/mail/mydomain.com/joe/Maildir/new)
dovecot: IMAP(j...@mydomain.com):
stat(/var/mail/mydomain.com/joe/indexes/.INBOX) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +x perm:
/var/mail/mydomain.com/joe/indexes)
dovecot: IMAP(j...@mydomain.com):
file_dotlock_create(/var/mail/mydomain.com/joe/Maildir/dovecot-uidlist)
failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm:
/var/mail/mydomain.com/joe/Maildir)
ricola dovecot: IMAP(j...@mydomain.com):
opendir(/var/mail/mydomain.com/joe/Maildir/new) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +r perm:
/var/mail/mydomain.com/joe/Maildir/new)
dovecot: IMAP(j...@mydomain.com): Disconnected: Logged out bytes=171/775
My configuration is:
# 1.2.16: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.36-hardened-r6 x86_64 Gentoo Base System release 2.0.1 ext4
listen: *, [::]
ssl_cert_file: /etc/ssl/dovecot/server.pem
ssl_key_file: /etc/ssl/dovecot/server.key
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
first_valid_uid: 8
last_valid_uid: 1999
first_valid_gid: 12
last_valid_gid: 12
mail_privileged_group: mail
mail_uid: 8
mail_gid: 12
mail_location: maildir:/var/mail/%d/%n/Maildir/:INDEX=/var/mail/%d/%n/indexes
lda:
postmaster_address: postmas...@mydomain.com
mail_plugins: quota
auth default:
mechanisms: plain login
user: nobody
verbose: yes
debug: yes
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: prefetch
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: mail
group: mail
I'm not sure if I got the concept correctly, but I was expecting that
dovecot will use uid from the database. I was not able to find any
relevant information in the archives. If it was explained already in
the past, please send me some keywords that would help me find it.
Thank you,
Rastislav Wartiak
Re: [Dovecot] Improving lmtp performance
Joseba Torre put forth on 2/2/2011 4:14 AM: yesterday I migrated and old version with sendmail + courier to a virtual machine (vmware) with postfix and dovecot 2.0.9. Everything worked fine, but with a more or less default setup for both dovecot and postfix, lmtp performance was pretty bad: a message was written to an inbox every 2 or 3 seconds. With that rate and a 5000+ and growing mail queue mail delivery was really slow. snip Now mail delivery is really fast, and my mail queue was delivered in a very sort time. Is this the right solution, or there's a better setup to improve mail delivery performance? You've posted no log data. It's pretty difficult to diagnose problems without log entries. Do you just want us to guess? Also, if this is a common problem, may be something should appear in http://wiki2.dovecot.org/LMTP That's a bit premature. The problem could just as likely be a Postfix configuration error. Get us some logs from both Postfix and Dovecot for the previous configuration with the slow performance. Are both Postfix and Dovecot running in the same VM guest OS instance or two separate VM guests? Are you running elaborate Sieve scripts? Are you running AV/AS in Dovecot? Anything relatively CPU heavy in Dovecot on a per message basis? -- Stan
