Re: [Dovecot] error in logs, but system appears to work
Chris Hoogendyk writes: So, looking at my other system that has been running dovecot for over a year, I see that the entries are mostly 0600, but there are a few 0660. The system I was just implementing has mostly 0660, but some 0600. We had seen occasional similar errors on the other system. Been there, done that. Timo already gave an explanation of why 0600 gets rid of the problem. I'll add a reminder that you'll need to track down the reason why mailboxes are created user:mail/0660 in the first place. It's usually done by the LDA when creating a brand new mailbox (for example, Solaris's mail.local). If you've replaced your LDA with Dovecot's deliver, then this won't be a problem anymore. You may also have to scour your userbase's personal mail collection for mailboxes that has 1) mode 0660, and 2) group membership the user is not a part of, and fix up the permissions. Such a thing could happen if you've reassigned a user's GID. Joseph Tam
Re: [Dovecot] Quotas not recalculating
On 9/6/2011 2:17 PM, Tobias Hachmer wrote: On Tue, 6 Sep 2011 23:08:37 +0300, Timo Sirainen wrote: On 6.9.2011, at 23.01, Tobias Hachmer wrote: On Mon, 5 Sep 2011 08:39:39 +0300, Timo Sirainen wrote: On 5.9.2011, at 4.28, Kyle Brantley wrote: Okay, something else isn't cooperating with this at all. I reconfigured it to use dirsize just to test (quota = dirsize:User quota in 90-quota.conf instead of quota = maildir:User quota), and it is still trying to use maildir quotas: Your user_query in dovecot-sql.conf overrides the quota setting. Same problem here. But how can I use maildirsize quota && user_query in dovecot-slq.conf ? I want to manage my users in a sql table and use maildirsize quota. There's nothing special in that. Just about all the examples in wiki assume you want to do that. http://wiki2.dovecot.org/Quota/Configuration#Per-user_quota OK, thanks. Removing "CONCAT('*:bytes=', CAST(quota AS CHAR)) AS userdb_quota_rule" from user_query as well as from password_query in dovecot-sql.conf worked for me. Greetz, Tobias I was migrating from 1.x to 2.x and manually rebuilt everything with respect to the configs... except for my queries. In my case, luckily, it was as easy as changing the column returned from "quota" to "quota_rule" and replacing the "maildir:storage=" with "*:storage=." Thanks for the help, all. --Kyle
Re: [Dovecot] dumb Q: how to search for email hack attempts ?
Quoting Voytek : one of the users thinks someone hacked his email, I don't have time this morning to analyze mail logs in detail, but does some one has some tips to simply searching mail logs for multiple log in attempts, etc, I'd appreciate some grepping for failed logins show give some clues ? # - one of these IPs is not like the others.. grep $username /var/log/maillog | grep -v "no auth|failed" | awk '{print $13}' |sort |uniq Rick
[Dovecot] dumb Q: how to search for email hack attempts ?
one of the users thinks someone hacked his email, I don't have time this morning to analyze mail logs in detail, but does some one has some tips to simply searching mail logs for multiple log in attempts, etc, I'd appreciate some grepping for failed logins show give some clues ?
Re: [Dovecot] Quotas not recalculating
On Tue, 6 Sep 2011 23:08:37 +0300, Timo Sirainen wrote: On 6.9.2011, at 23.01, Tobias Hachmer wrote: On Mon, 5 Sep 2011 08:39:39 +0300, Timo Sirainen wrote: On 5.9.2011, at 4.28, Kyle Brantley wrote: Okay, something else isn't cooperating with this at all. I reconfigured it to use dirsize just to test (quota = dirsize:User quota in 90-quota.conf instead of quota = maildir:User quota), and it is still trying to use maildir quotas: Your user_query in dovecot-sql.conf overrides the quota setting. Same problem here. But how can I use maildirsize quota && user_query in dovecot-slq.conf ? I want to manage my users in a sql table and use maildirsize quota. There's nothing special in that. Just about all the examples in wiki assume you want to do that. http://wiki2.dovecot.org/Quota/Configuration#Per-user_quota OK, thanks. Removing "CONCAT('*:bytes=', CAST(quota AS CHAR)) AS userdb_quota_rule" from user_query as well as from password_query in dovecot-sql.conf worked for me. Greetz, Tobias
Re: [Dovecot] error in logs, but system appears to work
On 6.9.2011, at 23.09, Chris Hoogendyk wrote: > > > On 9/6/11 3:51 PM, Timo Sirainen wrote: >> On 6.9.2011, at 22.35, Chris Hoogendyk wrote: >> >>> -rw-rw 1 ebradley mail 9484323 Sep 6 15:16 /var/mail/ebradley >> Is there any reason for this to be 0660? Most likely not, so your problem >> goes away simply with chmod 0600 /var/mail/* and at the same time makes your >> system more secure. > > So, looking at my other system that has been running dovecot for over a year, > I see that the entries are mostly 0600, but there are a few 0660. The system > I was just implementing has mostly 0660, but some 0600. We had seen > occasional similar errors on the other system. > > If I change both systems so that all the directories in /var/mail are 0600, > then everything will be happy? Yep. Basically the problem is that Dovecot thinks they are shared mailboxes and the "mail" group is supposed to have access to them, so it tries to use the mail group for the index files as well, but the process doesn't belong to mail group so it fails.
Re: [Dovecot] error in logs, but system appears to work
On 9/6/11 3:51 PM, Timo Sirainen wrote: On 6.9.2011, at 22.35, Chris Hoogendyk wrote: -rw-rw 1 ebradley mail 9484323 Sep 6 15:16 /var/mail/ebradley Is there any reason for this to be 0660? Most likely not, so your problem goes away simply with chmod 0600 /var/mail/* and at the same time makes your system more secure. So, looking at my other system that has been running dovecot for over a year, I see that the entries are mostly 0600, but there are a few 0660. The system I was just implementing has mostly 0660, but some 0600. We had seen occasional similar errors on the other system. If I change both systems so that all the directories in /var/mail are 0600, then everything will be happy? -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology& Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: [Dovecot] Quotas not recalculating
On 6.9.2011, at 23.01, Tobias Hachmer wrote: > On Mon, 5 Sep 2011 08:39:39 +0300, Timo Sirainen wrote: >> On 5.9.2011, at 4.28, Kyle Brantley wrote: >> >>> Okay, something else isn't cooperating with this at all. I reconfigured it >>> to use dirsize just to test (quota = dirsize:User quota in 90-quota.conf >>> instead of quota = maildir:User quota), and it is still trying to use >>> maildir quotas: >> >> Your user_query in dovecot-sql.conf overrides the quota setting. > > Same problem here. > But how can I use maildirsize quota && user_query in dovecot-slq.conf ? > > I want to manage my users in a sql table and use maildirsize quota. There's nothing special in that. Just about all the examples in wiki assume you want to do that. http://wiki2.dovecot.org/Quota/Configuration#Per-user_quota
Re: [Dovecot] Quotas not recalculating
On Mon, 5 Sep 2011 08:39:39 +0300, Timo Sirainen wrote: On 5.9.2011, at 4.28, Kyle Brantley wrote: Okay, something else isn't cooperating with this at all. I reconfigured it to use dirsize just to test (quota = dirsize:User quota in 90-quota.conf instead of quota = maildir:User quota), and it is still trying to use maildir quotas: Your user_query in dovecot-sql.conf overrides the quota setting. Same problem here. But how can I use maildirsize quota && user_query in dovecot-slq.conf ? I want to manage my users in a sql table and use maildirsize quota. Greetz, Tobias
Re: [Dovecot] error in logs, but system appears to work
On 6.9.2011, at 22.35, Chris Hoogendyk wrote: > -rw-rw 1 ebradley mail 9484323 Sep 6 15:16 /var/mail/ebradley Is there any reason for this to be 0660? Most likely not, so your problem goes away simply with chmod 0600 /var/mail/* and at the same time makes your system more secure.
[Dovecot] error in logs, but system appears to work
I'm bringing up a system with dovecot that has been running for years with uw-imap. In making the switch, I put a tail on the log file, made the switch, and sent a test mail and received it. I was able to receive mail with no apparent difficulties, but the log file was disconcerting. A number of users connected during the few minutes I had it running, and for each of them there was an error, e.g., "chown ~user/mail/.imap/INBOX failed: Operation not permitted" and "mkdir ~user/mail/.imap/INBOX failed: not owner". But those directories and files appeared to have been made. The first of those errors finishes with "group based on /var/mail/user". That makes no sense. I'm hoping someone can give me an idea what might cause this. Here are the log entries in debug mode and the directories for one such user: Sep 2 17:31:33 eclogite dovecot: [ID 583609 local2.info] auth(default): new auth connection: pid=7248 Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] auth(default): client in: AUTH1 PLAIN service=pop3secured lip=128.119.45.20 rip=128.119.45.9lport=995 rport=53865 resp=AGVicmFkbGV5AFJvd2luZzEzKg== Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] auth(default): shadow(ebradley,128.119.45.9): lookup Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] auth(default): client out: OK 1 user=ebradley Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] auth(default): master in: REQUEST 37 72481 Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] auth(default): passwd(ebradley,128.119.45.9): lookup Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] auth(default): master out: USER 37 ebradleysystem_groups_user=ebradley uid=6633gid=100 home=/u1/home/grad/ebradley Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] POP3(ebradley): Effective uid=6633, gid=100, home=/u1/home/grad/ebradley Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] POP3(ebradley): mbox: data=~/mail:INBOX=/var/mail/ebradley Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] POP3(ebradley): fs: root=/u1/home/grad/ebradley/mail, index=, control=, inbox=/var/mail/ebradley Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] POP3(ebradley): Namespace : Using permissions from /u1/home/grad/ebradley/mail: mode=0700 gid=-1 Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.error] POP3(ebradley): chown(/u1/home/grad/ebradley/mail/.imap/INBOX, -1, 6(mail)) failed: Operation not permitted (egid=100(geolgrad), group based on /var/mail/ebradley) Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.error] POP3(ebradley): mkdir(/u1/home/grad/ebradley/mail/.imap/INBOX) failed: Not owner Sep 2 17:31:43 eclogite dovecot: [ID 583609 local2.info] pop3-login: Login: user=, method=PLAIN, rip=128.119.45.9, lip=128.119.45.20, TLS When I looked at their home directory, I found: drwx-- 4 ebradley geolgrad 512 Jul 28 2009 /u1/home/grad/ebradley drwx-- 4 ebradley geolgrad 512 Sep 2 17:31 /u1/home/grad/ebradley/mail drwx-- 3 ebradley geolgrad 512 Sep 2 17:31 /u1/home/grad/ebradley/mail/.imap drwxrwx--- 2 ebradley geolgrad 512 Sep 2 17:31 /u1/home/grad/ebradley/mail/.imap/INBOX -rw-rw 1 ebradley mail 9484323 Sep 6 15:16 /var/mail/ebradley My dovecot configuration is at the end. The other pieces are sendmail, milter-greylist, mimedefang, etc. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology& Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4 # dovecot -a # 1.2.17: /usr/local/etc/dovecot.conf Warning: fd limit 256 is lower than what Dovecot can use under full load (more than 768). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: SunOS 5.9 sun4u base_dir: /var/run/dovecot/ log_path: info_log_path: log_timestamp: %b %d %H:%M:%S syslog_facility: local2 protocols: imaps pop3s listen: * ssl_listen: * ssl: required ssl_ca_file: /etc/mail/certs/ca-bundle.crt ssl_cert_file: /etc/mail/certs/sendmail.pem ssl_key_file: /etc/mail/certs/sendmail.pem ssl_key_password: ssl_parameters_regenerate: 168 ssl_cipher_list: ssl_cert_username_field: commonName ssl_verify_client_cert: no disable_plaintext_auth: yes verbose_ssl: no shutdown_clients: yes nfs_check: yes version_ignore: no login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_user: dovecot login_greeting: ready. login_log_format_elements: user=<%u> method=%m rip=%r lip=%l %c login_log_format: %$: %s login_process_per_connection: yes login_chroot: yes login_trusted_networks: login_process_size: 64 login_processes_count: 3 login_max_proces
Re: [Dovecot] Sieve "header :value" test does not work
On 06/09/11 21:11, Tom Hendrikx wrote: > hi, > > After following some examples and searching for sieve samples in this ml > history, I'm quite sure that the following sieve snippet should give no > surprises: > > if header :value "ge" :comparator "i;ascii-numeric" "X-Header-Name" > "0.99" { /* do something */ } > > However the Pigeonhole Sieve 0.2.3 on dovecot 2.0.14 gives me following > error: > > test: line 3: error: unknown tagged argument ':value' for the header > test (reported only once at first occurence). > test: error: validation failed. > > What obvious mistake am I failing to see here? > To answer my own question (which was found by grepping through /usr/share/doc/dovecot-2.0.14/sieve/rfc/*bz2): including the "relational" extension in the "require" statement adds support for this test. Sorry for the noise :/ -- Tom
[Dovecot] Sieve "header :value" test does not work
hi, After following some examples and searching for sieve samples in this ml history, I'm quite sure that the following sieve snippet should give no surprises: if header :value "ge" :comparator "i;ascii-numeric" "X-Header-Name" "0.99" { /* do something */ } However the Pigeonhole Sieve 0.2.3 on dovecot 2.0.14 gives me following error: test: line 3: error: unknown tagged argument ':value' for the header test (reported only once at first occurence). test: error: validation failed. What obvious mistake am I failing to see here? -- Tom
[Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap
Hello, I spend a couple of days configurating a new installation of dovecot 2.0.14 with virtual accounts and NFS storage for maildir home/mail directories. At this point I need shared mailboxes but since user mail/home locations are ldap attributes, how is it supposed I must configure this for shared mailboxes? for the users' mail/home directories I set this line: user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home creating a namespace like the below one for shared mbx throw a lot of errors: namespace { type = shared separator = / prefix = shared/%%u/ subscriptions = no list = children #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u location = mailbox=mail=maildir:/var/maildir/%$ } I would like to hear if anyone has this configuration running. Thank you. /--/ uris = ldap://ldap.example.com dn = cn=user,ou=People,dc=example,dc=com dnpass = secret sasl_bind = no tls = no auth_bind = yes ldap_version = 3 base = dc=example,dc=com deref = never scope = subtree user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home user_filter = (&(objectClass=CourierMailAccount)(uid=%u)) pass_filter = (&(objectClass=CourierMailAccount)(uid=%u)) # dovecot -n # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain base_dir = /var/run/dovecot/ disable_plaintext_auth = no mail_debug = yes mail_fsync = always mail_gid = 5000 mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = acl mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mmap_disable = yes namespace { list = children location = mailbox=mail=maildir:/var/maildir/%$ prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { inbox = yes location = prefix = INBOX. separator = . } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap ssl = no userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_proctitle = yes protocol imap { mail_max_userip_connections = 100 mail_plugins = acl imap_acl autocreate }