date:20120103

Re: [Dovecot] GPFS for mail-storage (Was: Re: Compressing existing maildirs)

2012-01-03 Thread Jan-Frode Myklebust

On Wed, Jan 04, 2012 at 12:09:39AM -0600, l...@airstreamcomm.net wrote:
> Could you remark on GPFS services hosting mail storage over a WAN between
> two geographically separated data centers?

I haven't tried that, but know the theory quite well. There are 2 or 3 options:

1 - shared SAN between the data centers. Should work the same as
a single data center, but you'd want to use disk quorum or
a quorum node on a 3. site to avoid split brain.

2 - different SANs on the two sites. Disks on SAN1 would belong
to failure group 1 and disks on SAN2 would belong to failure
group 2. GPFS will write every block to disks in different
failure groups. Nodes on location 1 will use SAN1 directly,
and write to SAN2 via tcp/ip to nodes on location 2 (and vica
versa). It's configurable if you want to return success when
first block is written (asyncronous replication), or if you
need both replicas to be written. Ref: mmcrfs -K:

http://publib.boulder.ibm.com/infocenter/clresctr/vxrx/index.jsp?topic=%2Fcom.ibm.cluster.gpfs.v3r4.gpfs300.doc%2Fbl1adm_mmcrfs.html

With asyncronous replication it will try to allocate both
replicas, but if it fails you can re-establish the
replication level later using "mmrestripefs".

Reading will happen from a direct attached disk if possible,
and over tcp/ip if there are no local replica of the needed
block.

Again you'll need a quorum node on a 3. site to avoid split brain.

3 - GPFS multi-cluster. Separate GPFS clusters on the two
locations. Let them mount each others filesystems over IP,
and access disks over either SAN or IP network. Each cluster is
managed locally, if one site goes down the other site also
loses access to the fs.

I don't have any experience with this kind of config, but believe
it's quite popular to use to share fs between HPC-sites.

http://www.ibm.com/developerworks/systems/library/es-multiclustergpfs/index.html

http://www.cisl.ucar.edu/hss/ssg/presentations/storage/NCAR-GPFS_Elahi.pdf

-jf

Re: [Dovecot] GPFS for mail-storage (Was: Re: Compressing existing maildirs)

2012-01-03 Thread l...@airstreamcomm.net

Great information, thank you.  Could you remark on GPFS services hosting mail 
storage over a WAN between two geographically separated data centers?

- Reply message -
From: "Jan-Frode Myklebust" 
To: "Stan Hoeppner" 
Cc: "Timo Sirainen" , 
Subject: [Dovecot] GPFS for mail-storage (Was: Re: Compressing existing 
maildirs)
Date: Tue, Jan 3, 2012 2:14 am

On Sat, Dec 31, 2011 at 01:54:32AM -0600, Stan Hoeppner wrote:
> Nice setup.  I've mentioned GPFS for cluster use on this list before,
> but I think you're the only operator to confirm using it.  I'm sure
> others would be interested in hearing of your first hand experience:
> pros, cons, performance, etc.  And a ball park figure on the licensing
> costs, whether one can only use GPFS on IBM storage or if storage from
> others vendors is allowed in the GPFS pool.

I used to work for IBM, so I've been a bit uneasy about pushing GPFS too
hard publicly, for risk of being accused of being biased. But I changed job in
November, so now I'm only a satisfied customer :-)

Pros:
Extremely simple to configure and manage. Assuming root on all
nodes can ssh freely, and port 1191/tcp is open between the
nodes, these are the commands to create the cluster, create a
NSD (network shared disks), and create a filesystem:

# echo hostname1:manager-quorum > NodeFile  # "manager" 
means this node can be selected as filesystem manager
# echo hostname2:manager-quorum >> NodeFile # "quorum" 
means this node has a vote in the quorum selection
# echo hostname3:manager-quorum >> NodeFile # all my nodes 
are usually the same, so they all have same roles.
# mmcrcluster  -n  NodeFile  -p $(hostname) -A

### sdb1 is either a local disk on hostname1 (in which case the 
other nodes will access it over tcp to
### hostname1), or a SAN-disk that they can access directly 
over FC/iSCSI.
# echo sdb1:hostname1::dataAndMetadata:: > DescFile # This disk 
can be used for both data and metadata
# mmcrnsd -F DescFile

# mmstartup -A  # starts GPFS services on all nodes
# mmcrfs /gpfs1 gpfs1 -F DescFile
# mount /gpfs1

You can add and remove disks from the filesystem, and change most
settings without downtime. You can scale out your workload by adding
more nodes (SAN attached or not), and scale out your disk performance
by adding more disks on the fly. (IBM uses GPFS to create
scale-out NAS solutions 
http://www-03.ibm.com/systems/storage/network/sonas/ ,
which highlights a few of the features available with GPFS)

There's no problem running GPFS on other vendors disk systems. I've 
used Nexsan
SATAboy earlier, for a HPC cluster. One can easily move from one 
disksystem to
another without downtime.

Cons:
It has it's own page cache, staticly configured. So you don't get the 
"all
available memory used for page caching" behaviour as you normally do on 
linux.

There is a kernel module that needs to be rebuilt on every
upgrade. It's a simple process, but it needs to be done and means we
can't just run "yum update ; reboot" to upgrade.

% export SHARKCLONEROOT=/usr/lpp/mmfs/src
% cp /usr/lpp/mmfs/src/config/site.mcr.proto 
/usr/lpp/mmfs/src/config/site.mcr
% vi /usr/lpp/mmfs/src/config/site.mcr # correct GPFS_ARCH, 
LINUX_DISTRIBUTION and LINUX_KERNEL_VERSION
% cd /usr/lpp/mmfs/src/ ; make clean ; make World
% su - root
# export SHARKCLONEROOT=/usr/lpp/mmfs/src
# cd /usr/lpp/mmfs/src/ ; make InstallImages

> 
> To this point IIRC everyone here doing clusters is using NFS, GFS, or
> OCFS.  Each has its downsides, mostly because everyone is using maildir.
>  NFS has locking issues with shared dovecot index files.  GFS and OCFS
> have filesystem metadata performance issues.  How does GPFS perform with
> your maildir workload?

Maildir is likely a worst case type workload for filesystems. Millions
of tiny-tiny files, making all IO random, and getting minimal controller
read cache utilized (unless you can cache all active files). So I've
concluded that our performance issues are mostly design errors (and the
fact that there were no better mail storage formats than maildir at the
time these servers were implemented). I expect moving to mdbox will 
fix all our performance issues.

I *think* GPFS is as good as it gets for maildir storage on clusterfs,
but have no number to back that up ... Would be very interesting if we
could somehow compare numbers for a few clusterfs'. 

I believe our main limitation in this setup is the iops we can get from
the backend storage system. It's hard to balance the IO over enough
RAID arrays (the fs is spread over 11 RAID5 arrays o

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread WJCarpenter


On 1/3/2012 5:25 PM, Charles Marcus wrote:
I think ya'll are missing the point... not sure, because I'm still not 
completely sure that this is saying what I think it is saying (that's 
why I asked)...


I'm sure I'm not missing the point.  My comment was that password length 
and complexity are probably more important than bcrypt versus sha1, and 
you've already addressed those.  Given that you use strong 15-character 
passwords, pretty much all hash functions are already out of reach for 
brute force.  bcrypt is probably better in the same sense that it's 
harder to drive a car to Saturn than it is to drive to Mars.

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread Michael Orlitzky


On 01/03/2012 08:25 PM, Charles Marcus wrote:


What I'm worried about is the worst case scenario of someone getting
ahold of the entire user database of *stored* passwords, where they can
then take their time and brute force them at their leisure, on *their*
*own* systems, without having to hammer my server over smtp/imap and
without the automated limit of *my* fail2ban getting in their way.


To prevent rainbow table attacks, salt your passwords. You can make them 
a little bit more difficult in plenty of ways, but salt is the /solution/.




As for people writing their passwords down... our policy is that it is a
potentially *firable* *offense* (never even encountered one case of
anyone posting their password, and I'm on these systems off and on all
the time) if they do post these anywhere that is not under lock and key.
Also, I always set up their email clients for them (on their
workstations and on their phones - and of course tell it to remember the
password, so they basically never have to enter it.


You realize they're just walking around with a $400 post-it note with 
the password written on it, right?

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread David Ford

On 01/03/2012 08:25 PM, Charles Marcus wrote:
>
> I think ya'll are missing the point... not sure, because I'm still not
> completely sure that this is saying what I think it is saying (that's
> why I asked)...
>
> I'm not worried about *active* brute force attacks against my server
> using the standard smtp or imap protocols - fail2ban takes care of
> those in a hurry.
>
> What I'm worried about is the worst case scenario of someone getting
> ahold of the entire user database of *stored* passwords, where they
> can then take their time and brute force them at their leisure, on
> *their* *own* systems, without having to hammer my server over
> smtp/imap and without the automated limit of *my* fail2ban getting in
> their way.
>
> As for people writing their passwords down... our policy is that it is
> a potentially *firable* *offense* (never even encountered one case of
> anyone posting their password, and I'm on these systems off and on all
> the time) if they do post these anywhere that is not under lock and
> key. Also, I always set up their email clients for them (on their
> workstations and on their phones - and of course tell it to remember
> the password, so they basically never have to enter it.

perhaps.  part of my point along that of brute force resistance, is that
when security becomes onerous to the typical user such as requiring
non-repeat passwords of "10 characters including punctuation and mixed
case", even stalwart policy followers start tending toward avoiding it. 
if anyone has a stressful job, spends a lot of time working, missing
sleep, is thereby prone to memory lapse, it's almost a sure guarantee
they *will* write it down/store it somewhere -- usually not in a
password safe.  or, they'll export their saved passwords to make a
backup plain text copy, and leave it on their Desktop folder but coyly
named and prefixed with a few random emails to grandma, so mr. sysadmin
doesn't notice it.

on a tangent, you should worry about active brute force attacks. 
fail2ban and iptables heuristics become meaningless when the brute
forcing is done by bot nets which is more and more common than
single-host attacks these days.  one IP per attempt in a 10-20 minute
window will probably never trigger any of these methods.

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread Charles Marcus


On 2012-01-03 6:12 PM, WJCarpenter  wrote:

On 1/3/2012 2:38 PM, Simon Brereton wrote:

http://xkcd.com/936/


As they saying goes, entropy ain't what it used to be.

https://www.grc.com/haystack.htm

However, both links actually illustrate the same point: once you get
past dictionary attacks, the length of the password is dominant factor
in the strength of the password against brute force attack.


I think ya'll are missing the point... not sure, because I'm still not 
completely sure that this is saying what I think it is saying (that's 
why I asked)...


I'm not worried about *active* brute force attacks against my server 
using the standard smtp or imap protocols - fail2ban takes care of those 
in a hurry.


What I'm worried about is the worst case scenario of someone getting 
ahold of the entire user database of *stored* passwords, where they can 
then take their time and brute force them at their leisure, on *their* 
*own* systems, without having to hammer my server over smtp/imap and 
without the automated limit of *my* fail2ban getting in their way.


As for people writing their passwords down... our policy is that it is a 
potentially *firable* *offense* (never even encountered one case of 
anyone posting their password, and I'm on these systems off and on all 
the time) if they do post these anywhere that is not under lock and key. 
Also, I always set up their email clients for them (on their 
workstations and on their phones - and of course tell it to remember the 
password, so they basically never have to enter it.


--

Best regards,

Charles

Re: [Dovecot] Problem with huge IMAP Archive after Courier migration

2012-01-03 Thread Gedalya


On 01/03/2012 05:48 PM, Dennis Guhl wrote:

On Tue, Jan 03, 2012 at 11:55:27AM -0600, Stan Hoeppner wrote:

[..]


I would suggest you thoroughly remove the Wheezy 2.0.15 package and

Not to use the Wheezy package might be wise.


install the 1.2.15-7 STABLE package.  Read the documentation for 1.2.x

Alternatively you could use Stephan Bosch's repository:

deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.0 main

Despite the warning at
http://wiki2.dovecot.org/PrebuiltBinaries#Automatically_Built_Packages
they work very stable.


and configure it properly.  Then things will likely work as they should.

Dennis

See http://www.prato.linux.it/~mnencia/debian/dovecot-squeeze/
and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592959

I have the packages from this repository running in production on a 
squeeze system, working fine.

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread WJCarpenter


On 1/3/2012 2:38 PM, Simon Brereton wrote:

http://xkcd.com/936/


As they saying goes, entropy ain't what it used to be.

https://www.grc.com/haystack.htm

However, both links actually illustrate the same point: once you get 
past dictionary attacks, the length of the password is dominant factor 
in the strength of the password against brute force attack.

Re: [Dovecot] Problem with huge IMAP Archive after Courier migration

2012-01-03 Thread Dennis Guhl

On Tue, Jan 03, 2012 at 11:55:27AM -0600, Stan Hoeppner wrote:

[..]

> I would suggest you thoroughly remove the Wheezy 2.0.15 package and

Not to use the Wheezy package might be wise.

> install the 1.2.15-7 STABLE package.  Read the documentation for 1.2.x

Alternatively you could use Stephan Bosch's repository:

deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.0 main

Despite the warning at
http://wiki2.dovecot.org/PrebuiltBinaries#Automatically_Built_Packages
they work very stable.

> and configure it properly.  Then things will likely work as they should.

Dennis

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread Simon Brereton

On 3 January 2012 17:30, Charles Marcus  wrote:
> On 2012-01-03 5:10 PM, WJCarpenter  wrote:
>>
>> In his description, he uses the example of passwords which are
>> "lowercase, alphanumeric, and 6 characters long" (and in another place
>> the example is "lowercase, alphabetic passwords which are ≤7
>> characters", I guess to illustrate that things have gotten faster).  If
>> you are allowing your users to create such weak passwords, using bcrypt
>> will not save you/them.  Attackers will just be wasting more of your CPU
>> time making attempts.  If they get a copy of your hashed passwords,
>> they'll likely be wasting their own CPU time, but they have plenty of
>> that, too.
>
>
> I require strong passwords of 15 characters in length. Whats more, they are
> assigned (by me), and the user cannot change it. But, he isn't talking about
> brute force attacks against the server. He is talking about if someone
> gained access to the SQL database where the passwords are stored (as has
> happened countless times in the last few years), and then had the luxury of
> brute forcing an attack locally (on their own systems) against your password
> database.

24+ would be better..

http://xkcd.com/936/

Simon

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread David Ford


On 01/03/2012 05:30 PM, Charles Marcus wrote:
> On 2012-01-03 5:10 PM, WJCarpenter  wrote:
>> In his description, he uses the example of passwords which are
>> "lowercase, alphanumeric, and 6 characters long" (and in another place
>> the example is "lowercase, alphabetic passwords which are ≤7
>> characters", I guess to illustrate that things have gotten faster).  If
>> you are allowing your users to create such weak passwords, using bcrypt
>> will not save you/them.  Attackers will just be wasting more of your CPU
>> time making attempts.  If they get a copy of your hashed passwords,
>> they'll likely be wasting their own CPU time, but they have plenty of
>> that, too.
>
> I require strong passwords of 15 characters in length. Whats more,
> they are assigned (by me), and the user cannot change it. But, he
> isn't talking about brute force attacks against the server. He is
> talking about if someone gained access to the SQL database where the
> passwords are stored (as has happened countless times in the last few
> years), and then had the luxury of brute forcing an attack locally (on
> their own systems) against your password database.

when it comes to brute force, passwords like "51k$jh#21hiaj2" are
significantly weaker than "wePut85umbrellasIn2shoes".  considerably
difficult for humans which makes them far more likely to write it on a
sticky and make it handily available.

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread Charles Marcus


On 2012-01-03 5:10 PM, WJCarpenter  wrote:

In his description, he uses the example of passwords which are
"lowercase, alphanumeric, and 6 characters long" (and in another place
the example is "lowercase, alphabetic passwords which are ≤7
characters", I guess to illustrate that things have gotten faster).  If
you are allowing your users to create such weak passwords, using bcrypt
will not save you/them.  Attackers will just be wasting more of your CPU
time making attempts.  If they get a copy of your hashed passwords,
they'll likely be wasting their own CPU time, but they have plenty of
that, too.


I require strong passwords of 15 characters in length. Whats more, they 
are assigned (by me), and the user cannot change it. But, he isn't 
talking about brute force attacks against the server. He is talking 
about if someone gained access to the SQL database where the passwords 
are stored (as has happened countless times in the last few years), and 
then had the luxury of brute forcing an attack locally (on their own 
systems) against your password database.


--

Best regards,

Charles

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread Charles Marcus


On 2012-01-03 4:03 PM, David Ford  wrote:

md5 is deprecated, *nix has used sha1 for a while now


That link lumps sha1 in with MD5 and others:

"Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}?"

--

Best regards,

Charles

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread WJCarpenter




Was just perusing this article about how trivial it is to decrypt
passwords that are stored using most (standard) encryption methods (like
MD5), and was wondering - is it possible to use bcrypt with
dovecot+postfix+mysql (or posgres)?


Ooop... forgot the link:

http://codahale.com/how-to-safely-store-a-password/


AFAIK, that web page is correct in a relative sense, but getting bcrypt 
support might not be the most urgent priority.


In his description, he uses the example of passwords which are 
"lowercase, alphanumeric, and 6 characters long" (and in another place 
the example is "lowercase, alphabetic passwords which are ≤7 
characters", I guess to illustrate that things have gotten faster).  If 
you are allowing your users to create such weak passwords, using bcrypt 
will not save you/them.  Attackers will just be wasting more of your CPU 
time making attempts.  If they get a copy of your hashed passwords, 
they'll likely be wasting their own CPU time, but they have plenty of 
that, too.


There are plenty of recommendations for what makes a good password / 
passphrase.  If you are not already enforcing such rules (perhaps also 
with a lookaside to one or more of the leaked tables of passwords 
floating around), then IMHO that's much more urgent.  (One of the best 
twists I read somewhere [sorry, I forget where] was to require at least 
one uppercase and one digit, but to not count them as fulfilling the 
requirement if they were used as the first or last character.)


Side note, but for the sake of precision ... attackers are not literally 
decrypting passwords.  They are guessing passwords and then performing a 
one-way hash to see if they guessed correctly.  As a practical matter, 
that means that you have to ask your users to update their passwords any 
time you change the password storage scheme.  (I don't know enough about 
bcrypt to know if that would be required if you wanted to simply 
increase the work factor.)

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread David Ford

md5 is deprecated, *nix has used sha1 for a while now

Re: [Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread Charles Marcus


On 2012-01-03 3:40 PM, Charles Marcus  wrote:

Hi everyone,

Was just perusing this article about how trivial it is to decrypt
passwords that are stored using most (standard) encryption methods (like
MD5), and was wondering - is it possible to use bcrypt with
dovecot+postfix+mysql (or posgres)?


Ooop... forgot the link:

http://codahale.com/how-to-safely-store-a-password/

But after perusing the wiki:

http://wiki2.dovecot.org/Authentication/PasswordSchemes

it appears not?

Timo - any chance for adding support for it? Or is that web page incorrect?

--

Best regards,

Charles

[Dovecot] Storing passwords encrypted... bcrypt?

2012-01-03 Thread Charles Marcus


Hi everyone,

Was just perusing this article about how trivial it is to decrypt 
passwords that are stored using most (standard) encryption methods (like 
MD5), and was wondering - is it possible to use bcrypt with 
dovecot+postfix+mysql (or posgres)?


--

Best regards,

Charles

Re: [Dovecot] Maildir migration and uids

2012-01-03 Thread David Jonas

On 12/29/11 5:35 AM, Timo Sirainen wrote:
> On 22.12.2011, at 3.52, David Jonas wrote:
> 
>> I'm in the process of migrating a large number of maildirs to a 3rd
>> party dovecot server (from a dovecot server). Tests have shown that
>> using imap to sync the accounts doesn't preserve the uidl for pop3 access.
>>
>> My current attempt is to convert the maildir to mbox and add an X-UIDL
>> header in the process. Run a second dovecot that serves the converted
>> mbox. But dovecot's docs say, "None of these headers are sent to
>> IMAP/POP3 clients when they read the mail".
> 
> That's rather complex.

Thanks, Timo. Unfortunately I don't have shell access at the new dovecot
servers. They have a migration tool that doesn't keep the uids intact
when I sync via imap. Looks like I'm going to have to sync twice, once
with POP3 (which maintains uids) and once with imap skipping the inbox.
Ugh.

>> Is there any way to sync these maildirs to the new server and maintain
>> the uids?
> 
> What Dovecot versions? dsync could do this easily. You could simply install 
> the dsync binary even if you're using Dovecot v1.x.

Good idea with dsync though, I had forgotten about that. Perhaps they'll
do something custom for me.

> You could also log in with POP3 and get the UIDL list and write a script to 
> add them to dovecot-uidlist.
>

Re: [Dovecot] Deliver all addresses to the same mdbox:?

2012-01-03 Thread Ralf Hildebrandt

* Timo Sirainen :
> On 3.1.2012, at 20.09, Ralf Hildebrandt wrote:
> 
> > For archiving purposes I'm delivering all addresses to the same mdbox:
> > like this:
> > 
> > passdb {
> >  driver = passwd-file
> >  args = username_format=%u /etc/dovecot/passwd
> > }
> > 
> > userdb {
> >  driver = static
> >  args = uid=1000 gid=1000 home=/home/copymail allow_all_users=yes
> > }
> 
> allow_all_users=yes is used only when the passdb is incapable of telling if 
> the user exists or not.

Ah, damn :|

> Fails because user doesn't exist in passwd-file, I guess.

Indeed.
 
> Maybe use passdb static? 

Right now I simply solved it by using + addressing like this:

Jan  3 19:42:49 mail postfix/lmtp[2728]: 3THkfd20f1zFvlF: 
to=,
relay=mail.charite.de[private/dovecot-lmtp], delay=0.01, delays=0.01/0/0/0, 
dsn=2.0.0, status=sent (250 2.0.0
 IHdDM9VLA0/aCwAAY73zkw Saved)

Call me lazy :)

> If you also need authentication to work, put passdb static in protocol
> lmtp {} and passdb passwd-file in protocol !lmtp {}

Ah yes, good idea.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

46 matches

Mail list logo