[Dovecot] sieve.before script is taking preceedence over user defined rules
Hello,
In my current setup, I have a spam filter upstream that adds a
specific header - X-Spam-Level on every incoming mail. Based on this
level, the mail will be moved to the user spam folder using sieve by
doing fileinto :create 'spam';
Unfortunately, some legitimate email may end up in this spam folder,
so I have kind of a whitelist that performs an explicit keep over
specific trusted domains. So, my complete spam filtering rule is :
if address :domain :contains From [mycompany.tld, trusted.tld ]{
keep;
elseif header :contains X-Spam-Level [0,1,2] {
fileinto :create __spam__;
}
This rule is stored in /var/lib/dovecot/sieve/before.sieve, which is
my sieve_before file as defined in /etc/dovecot/conf.d/90-sieve.conf
This works as expected except that it doesn't take into account users
filtering for domains that were matched for the explicit keep. For
example, I have the following rule :
if address :domain From trusted.tld {
fileinto trusted
}
But mail coming from that domain are still delivered in my mailbox.
Is there something I'm missing here? I guess yes, otherwise it would
work as I want ^_^
Any help/comment is appreciated
Thanks!
Alexis
Re: [Dovecot] director lmtp - smtp problem
Hi, On 15.3.2012, at 3.24, Jim Lawson wrote: We have a 2-node director setup which front-ends for 4 nodes which share a clustered filesystem (GFS). All nodes run Dovecot 2.0.18. .. Mar 14 20:40:38 imapdir2 dovecot: lmtp(10692): Panic: file lmtp-proxy.c: line 376 (lmtp_proxy_output_timeout): assertion failed: (proxy-data_input -eof) I pretty much rewrote the LMTP proxying code in v2.1, so there's a very good chance that it's already been fixed.
[Dovecot] firefox dovecot-sieve
Send this to dovecot@dovecot.org, not dovecot-ow...@dovecot.org
On 14.3.2012, at 4.45, paul wrote:
HI. I have just started to play with sieve and everything seems ok
when
logging on using telnet localhost 4190 and an encoded
username/password.
If I try to connect with firefox at localhost:4190 I get
IMPLEMENTATION Dovecot Pigeonhole
SIEVE fileinto reject envelope encoded-character vacation
subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date ihave
NOTIFY mailto
SASL PLAIN LOGIN
STARTTLS
VERSION 1.0
OK Dovecot ready.
NO Error in MANAGESIEVE command received by server.
NO Error in MANAGESIEVE command received by server.
NO Invalid characters in atom
BYE Too many invalid MANAGESIEVE commands.
my dovecot -n shows
# 2.0.18: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.42.9-1.fc15.i686.PAE i686 Fedora release 15
(Lovelock)
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
mbox_write_locks = fcntl
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap pop3 lmtp sieve
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert = /etc/pki/dovecot/certs/dovecot.pem
ssl_key = /etc/pki/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
Have I missed something obvious or does Firefox clash with
Managesieve?
Thanks. Paul
[Dovecot] Login Failed
Hi; We are using scripts for login successes. Is there a feature for login failed status or can it be developed? Regards -- *Aydın Demirel Endersys Ltd. Sistem Destek Mühendisi/ System Support Engineer* * *Endersys is the first Advanced Business Partner of Red Hat in Turkey! http://www.europe.redhat.com/partners/endersys/ Phone : +90 216 470 9423 | GSM : +90 530 401 8203 Fax : +90 216 470 9508 | Web : http://www.endersys.com http://www.endersys.com/ Blog : http://blog.endersys.com http://blog.endersys.com/ Twitter : http://www.twitter.com/endersys LPI : The #1 Linux Certification for IT Professionals LPI (Linux Professional Institute) Turkey http://www.lpi-turkey.com http://www.lpi-turkey.com/
Re: [Dovecot] .mailboxlist - .subscriptions
On 2012-03-14 3:53 PM, Steve Campbell campb...@cnpapers.com wrote: I'm not sure these are virtual users, so that link may have confused me. All accounts on these servers have real unix accounts. Their inbox is /var/spool/mail/unix-user-name. Doesn't matter, the same thing applies... don't put mail directly in their 'home' folder, put it in a subfolder (ie, /home/user/mail)... You *will* have problems if you leave those as they are... -- Best regards, Charles
Re: [Dovecot] .mailboxlist - .subscriptions
On Wed, 2012-03-14 at 10:46 -0400, Steve Campbell wrote: I've mostly finished a conversion from an old Centos 3 UW-Imap server to a new Centos 6 dovecot server. This is messy stuff to do. There are ways you could make Dovecot behave identically to UW-IMAP (mail_full_filesystem_access=yes), but for future and for security it's better if you don't do that. I did not copy the old ~/.mailboxlist file to ~/mail/.subscriptions file, but notice some users have the latter file now. These are all mbox folders on the old and new server. Copying it for users who haven't already readded their subscriptions would be a good idea. Over the years, some imap accounts had their folders directly in their home directory and the contents of the .mailboxlist file would have an entry with just the name of the folder in it (Trash, eg), and most had the folders in their ~/mail folder with an entry like mail/Trash. Our webmail app, Horde/Imp, always seemed to take care of this. If I create the .subscription file for the users during the move to the new server, should I move the folders to the mail directory and amend their .subscriptions file to reflect that change on these odd ball accounts, and will that affect how their client is seeing these? Yes, move all of the mboxes to mail/ directory. With the compatibility namespaces it should work so that clients don't notice changes: http://wiki2.dovecot.org/Namespaces - Backwards Compatibility There are also a few old mailing list threads detailing all kinds of issues and solutions related to UW-IMAP - Dovecot migration..
Re: [Dovecot] Login Failed
On Thu, 2012-03-15 at 12:09 +0200, Aydın Demirel wrote: We are using scripts for login successes. Is there a feature for login failed status or can it be developed? Login failures are only visible in auth and login processes. Probably better to implement it in auth process. And there it depends on what passdb you use. You could for example switch to passdb checkpassword, which allows you to easily run scripts for both success and failure.
Re: [Dovecot] Just in time AV scanning
On Wed, 2012-03-14 at 16:51 -0700, Kelsey Cummings wrote: I'm curious if anyone has any plugins for AV integration directly into dovecot. Our old pop servers have been scanning messges as they're moved from new-cur in the inbox and, at least where user's aren't poping every few seconds, there is occasionally enough time between scanning through the MXs to message retreval to snag a few more virues with updated definitions before they reach customers. Anyone doing anything similar? http://dovecot.org/patches/2.1/mail-filter.tar.gz allows you to run a script that modifies a mail while it's being read. You could make it run a virus check, and if that happens you could change the virus MIME part to be full of spaces (better not to change message size, line count or MIME structure).
Re: [Dovecot] firefox dovecot-sieve
Op 3/15/2012 1:29 AM, paul schreef: Send this to dovecot@dovecot.org, not dovecot-ow...@dovecot.org On 14.3.2012, at 4.45, paul wrote: HI. I have just started to play with sieve and everything seems ok when logging on using telnet localhost 4190 and an encoded username/password. If I try to connect with firefox at localhost:4190 I get IMPLEMENTATION Dovecot Pigeonhole SIEVE fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave NOTIFY mailto SASL PLAIN LOGIN STARTTLS VERSION 1.0 OK Dovecot ready. NO Error in MANAGESIEVE command received by server. NO Error in MANAGESIEVE command received by server. NO Invalid characters in atom BYE Too many invalid MANAGESIEVE commands. Have I missed something obvious or does Firefox clash with Managesieve? Yes you have :). Firefox speaks HTTP (and quite a few other protocols), but not ManageSieve. You'll need to run a Sieve editor on your webserver if you want to edit Sieve scripts using your browser. Regards, Stephan.
[Dovecot] 2.1: timeout waiting for lock?
Mar 15 09:46:11 postamt dovecot: pop3(username): Error: Couldn't open INBOX: Timeout while waiting for lock Mar 15 09:46:11 postamt dovecot: pop3(username): Couldn't open INBOX top=0/0, retr=0/0, del=0/0, size=0 Mar 15 09:47:26 postamt dovecot: pop3(username): Error: Couldn't open INBOX: Timeout while waiting for lock Mar 15 09:47:26 postamt dovecot: pop3(username): Couldn't open INBOX top=0/0, retr=0/0, del=0/0, size=0 Mar 15 09:51:01 postamt dovecot: pop3(username): Error: Couldn't open INBOX: Timeout while waiting for lock Mar 15 09:51:01 postamt dovecot: pop3(username): Couldn't open INBOX top=0/0, retr=0/0, del=0/0, size=0 during that time, I wasn't able to access the mailbox using imap. I then issued doveadm kick username and all over sudden the mailbox was accessible (via IMAP) # doveadm kick username kicked connections from the following users: username # /usr/local/scripts/find_abnormal_imap Mar 15 11:38:48 postamt dovecot: imap: Warning: Killed with signal 15 (by pid=24545 uid=0 code=kill) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] 2.1: timeout waiting for lock?
On Thu, 2012-03-15 at 11:44 +0100, Ralf Hildebrandt wrote: Mar 15 09:46:11 postamt dovecot: pop3(username): Error: Couldn't open INBOX: Timeout while waiting for lock Mar 15 09:46:11 postamt dovecot: pop3(username): Couldn't open INBOX top=0/0, retr=0/0, del=0/0, size=0 during that time, I wasn't able to access the mailbox using imap. I then issued Maildir? doveadm kick username and all over sudden the mailbox was accessible (via IMAP) So one of them had the INBOX locked. Do you have pop3_lock_session=yes?
Re: [Dovecot] Multiple locations, 2 servers - planning questions...
On 2012-03-01 8:38 PM, Stan Hoeppner s...@hardwarefreak.com wrote: Get yourself a qualified network architect. Pay for a full network traffic analysis. He'll attach sniffers at multiple points in your network to gather traffic/error/etc data. Then you'll discuss the new office, which employees/types with move there, and you'll be able to know almost precisely the average and peak bandwidth needs over the MAN link. He'll very likely tell you the same thing I have, that a single gigabit MAN link is plenty. If you hire him to do the work, he'll program the proper QOS setup to match the traffic patterns gleaned from the sniffers. Finally had time to properly review your answers here Stan. The time you took for the in-depth reply is very much appreciated - and I'm sure you got a kick out of the level of my ignorance... ;) As for hiring a network architect, I will absolutely be doing as you recommend (was already planning on it), but with the information I'm now armed with, at least I'll have a better chance of knowing if they know what they are doing/talking about... I'm still planning for the two physical servers (one at each location), but you have convinced me that trying to run two live mail systems is an unnecessary and even unwanted level of complexity. The DC VM will still be hot (it is always best to have two DCs in a windows domain environment anyway) so I'll get automatic real time off site backup of all of the users data (since it will all be on DFS), but for the mail services, I'll just designate one as live, and one as the hot/standby that is kept in sync using dsync. This way I'll automatically get off site back up for each site for the users data stored in the DFS, and have a second mail system ready to go if something happens to the primary. Again, thanks Stan... I am constantly amazed at the level of expertise and quality of advice available *for free* in the open source world, as is available on these lists. -- Best regards, Charles
Re: [Dovecot] 2.1: timeout waiting for lock?
* Timo Sirainen t...@iki.fi: On Thu, 2012-03-15 at 11:44 +0100, Ralf Hildebrandt wrote: Mar 15 09:46:11 postamt dovecot: pop3(username): Error: Couldn't open INBOX: Timeout while waiting for lock Mar 15 09:46:11 postamt dovecot: pop3(username): Couldn't open INBOX top=0/0, retr=0/0, del=0/0, size=0 during that time, I wasn't able to access the mailbox using imap. I then issued Maildir? Yep. doveadm kick username and all over sudden the mailbox was accessible (via IMAP) So one of them had the INBOX locked. Do you have pop3_lock_session=yes? Yes. # makes Dovecot lock the mailbox for the whole session pop3_lock_session = yes Shouldn't be doing this I guess? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] 2.1: timeout waiting for lock?
On Thu, 2012-03-15 at 12:01 +0100, Ralf Hildebrandt wrote: Mar 15 09:46:11 postamt dovecot: pop3(username): Error: Couldn't open INBOX: Timeout while waiting for lock Mar 15 09:46:11 postamt dovecot: pop3(username): Couldn't open INBOX top=0/0, retr=0/0, del=0/0, size=0 So one of them had the INBOX locked. Do you have pop3_lock_session=yes? Yes. # makes Dovecot lock the mailbox for the whole session pop3_lock_session = yes Shouldn't be doing this I guess? If you do it then a single POP3 session can keep the mailbox locked pretty much forever. If you don't do it, you're violating POP3 RFC, but I don't think anyone really cares about that.. I guess this setting should really use a separate POP3-only lock when it's enabled.
Re: [Dovecot] sieve.before script is taking preceedence over user defined rules
Op 3/15/2012 10:48 AM, Alexis Lelion schreef:
Hello,
In my current setup, I have a spam filter upstream that adds a
specific header - X-Spam-Level on every incoming mail. Based on this
level, the mail will be moved to the user spam folder using sieve by
doing fileinto :create 'spam';
Unfortunately, some legitimate email may end up in this spam folder,
so I have kind of a whitelist that performs an explicit keep over
specific trusted domains. So, my complete spam filtering rule is :
require [fileinto, mailbox];
if address :domain :contains From [mycompany.tld, trusted.tld ] {
keep;
} elsif header :contains X-Spam-Level [0,1,2] {
fileinto :create __spam__;
}
Fixed a few syntax issues there before I could test this.
This rule is stored in /var/lib/dovecot/sieve/before.sieve, which is
my sieve_before file as defined in /etc/dovecot/conf.d/90-sieve.conf
What version are you using? The above statement hints that it is recent,
probably Dovecot v2.1 with matching Pigeonhole.
This works as expected except that it doesn't take into account users
filtering for domains that were matched for the explicit keep. For
example, I have the following rule :
if address :domain From trusted.tld {
fileinto trusted
}
But mail coming from that domain are still delivered in my mailbox.
At my end, this is correctly delivered in the trusted folder, provided
that this folder exists. Are you sure that the user's personal script
even executes correctly? For example, the above script omits a ';'. The
script also fails when there is n no trusted folder. Check the log
files for errors. The default action in the event of an error is to
store the message in INBOX, which may well be what you're seeing here.
Regards,
Stephan.
Re: [Dovecot] problems with SSH-based clustering dovecot 2.1.1
On 2012-03-14 5:51 PM, Michael Grimm trash...@odo.in-berlin.de wrote: You misunderstood. I was referring to system cronjob's mail reports from cron.daily jobs like security reports et al. Those reports normally run at identical times. But are these really 'duplicate' mails? It sounds to me like they are individual to each system. I'm also confused - are you actually delivering the exact *same* mail to two (or multiple) *different* servers simultaneously? If only one copy of the mail gets delivered, regardless of which server it gets delivered to, when dsync runs, there would be no duplicates, right? I'm asking for clarification because I was considering a similar setup. -- Best regards, Charles
Re: [Dovecot] .mailboxlist - .subscriptions
On 3/14/2012 7:33 PM, Joseph Tam wrote:
Steve Campbell campb...@cnpapers.com writes:
Their imap folders, the ones that they create using an imap client or
webmail, are either in ~ or ~/mail. Their original .mailboxlist is
always in ~. Based on that, I should probably copy any imap folders not
in ~/mail to that folder, duplicate ~/.mailboxlist to the file
~/mail/.subscriptions, and amend any .subscriptions file contents to
just have the name of the folders (without any mail/folder reference
in it).
My example would then be as follows
/home/steve=folder
/home/steve/Drafts = original folder
/home/steve/AnyFolder = original folder
/home/steve/.mailboxlist=original file
/home/steve/mail= folder (either original or created)
/home/steve/mail/.subscriptions= copied contents of .mailboxlist
file
/home/steve/mail/Drafts =copied folder of original
/home/steve/mail/AnyFolder= copied folder of original
Contents of original .mailboxlist and new .subscriptions:
Drafts
AnyFolder
If the imap folders were in ~/mail, then the original .mailboxlist would
have been
mail/Drafts
mail/AnyFolder
but after the corrections to the .subscriptions file, they would be as
above (without reference to the mail folder).
Is this correct?
That depends -- are you aliasing namespaces so that prefix={,
mail/, etc.} all map to a user's ~/mail folder? You may be creating a
confusing situation where a client with a null IMAP prefix has 2 copies
of a mailbox.
Joseph Tam jtam.h...@gmail.com
I have the following set:
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
namespace {
type = private
separator = /
prefix = #mbox/
location = mbox:~/mail:INBOX=/var/mail/%u
inbox = yes
hidden = yes
list = no
}
namespace {
type = private
separator = /
prefix = mail/
hidden = yes
list = no # for v1.1+
}
namespace {
type = private
separator = /
prefix = ~/mail/
hidden = yes
list = yes # for v1.1+
location = mbox:~/mail:INBOX=/var/mail/%u
}
namespace {
type = private
separator = /
prefix = ~%u/mail/
hidden = yes
list = no # for v1.1+
}
These are mostly what's defined as the Backward Compatability
namespaces in the wiki.
Are you saying that I should probably have something like the following
then:
namespace {
type = private
separator = /
prefix =
location = mbox:~/mail:INBOX=/var/mail/%u
inbox = yes
hidden = yes
list = no
}
And is the multiple inbox = yes in the differing namespaces a no-no?
Based on the comments in the 10-mail.conf file, it seems to say it is a
problem, but if a user has any prefix defined, even the blank prefix,
wouldn't that mean they use only that set of parameters defined in the
namespace being used?
So far, I've only changed one prefix in the building to the #mbox prefix
and that was because of the weird layout of files they had.
I'm hoping one day to understand all of this. Dovecot, as I stated
before, is much more complex that the imap server used previously. It
allows one to use all of the facilities of the imap protocol, and much
more, but unfortunately, for admins like me that are just moving to
these new imap servers, most of those extras were either unknown to me
or unused.
Again, thanks all for the patience and help.
steve
Re: [Dovecot] sieve.before script is taking preceedence over user defined rules
Hello Stephan,
Thanks for your answer, and sorry for forgetting to specify which
dovecot version I was using :-/
I'm using Dovecot 2.0.15, with PigeonHole.
The syntax issues are some typos I made while writing this email, I
double checked, and indeed, my production script was slightly
different from what I wrote in the first place. I can confirm that the
scripts compile properly with sievec, and also that the folder does
exist, but just to be sure this is not an issue, I added the :create
option to the user's fileinto.
I have no errors in my logs, the only thing displayed is
tThbJ1myYU+ZPwAA6RJXdw: sieve: msgid=unspecified: stored mail into
mailbox 'INBOX'
Is there any way to increase verbosity for sieve only?
Thanks
On Thu, Mar 15, 2012 at 12:11 PM, Stephan Bosch step...@rename-it.nl wrote:
Op 3/15/2012 10:48 AM, Alexis Lelion schreef:
Hello,
In my current setup, I have a spam filter upstream that adds a
specific header - X-Spam-Level on every incoming mail. Based on this
level, the mail will be moved to the user spam folder using sieve by
doing fileinto :create 'spam';
Unfortunately, some legitimate email may end up in this spam folder,
so I have kind of a whitelist that performs an explicit keep over
specific trusted domains. So, my complete spam filtering rule is :
require [fileinto, mailbox];
if address :domain :contains From [mycompany.tld, trusted.tld ] {
keep;
} elsif header :contains X-Spam-Level [0,1,2] {
fileinto :create __spam__;
}
Fixed a few syntax issues there before I could test this.
This rule is stored in /var/lib/dovecot/sieve/before.sieve, which is
my sieve_before file as defined in /etc/dovecot/conf.d/90-sieve.conf
What version are you using? The above statement hints that it is recent,
probably Dovecot v2.1 with matching Pigeonhole.
This works as expected except that it doesn't take into account users
filtering for domains that were matched for the explicit keep. For
example, I have the following rule :
if address :domain From trusted.tld {
fileinto trusted
}
But mail coming from that domain are still delivered in my mailbox.
At my end, this is correctly delivered in the trusted folder, provided
that this folder exists. Are you sure that the user's personal script even
executes correctly? For example, the above script omits a ';'. The script
also fails when there is n no trusted folder. Check the log files for
errors. The default action in the event of an error is to store the message
in INBOX, which may well be what you're seeing here.
Regards,
Stephan.
Re: [Dovecot] director lmtp - smtp problem
On 3/15/12 6:02 AM, Timo Sirainen wrote: Hi, On 15.3.2012, at 3.24, Jim Lawson wrote: We have a 2-node director setup which front-ends for 4 nodes which share a clustered filesystem (GFS). All nodes run Dovecot 2.0.18. .. Mar 14 20:40:38 imapdir2 dovecot: lmtp(10692): Panic: file lmtp-proxy.c: line 376 (lmtp_proxy_output_timeout): assertion failed: (proxy-data_input -eof) I pretty much rewrote the LMTP proxying code in v2.1, so there's a very good chance that it's already been fixed. I'll give it a shot. For the purposes of doing a rolling upgrade, is it reasonable to expect a 2.0.18 director to peer with a 2.1.1 director for the duration, or should I split-brain them during the upgrade? Jim
Re: [Dovecot] 2.1: timeout waiting for lock?
* Timo Sirainen t...@iki.fi: On Thu, 2012-03-15 at 12:01 +0100, Ralf Hildebrandt wrote: Mar 15 09:46:11 postamt dovecot: pop3(username): Error: Couldn't open INBOX: Timeout while waiting for lock Mar 15 09:46:11 postamt dovecot: pop3(username): Couldn't open INBOX top=0/0, retr=0/0, del=0/0, size=0 So one of them had the INBOX locked. Do you have pop3_lock_session=yes? Yes. # makes Dovecot lock the mailbox for the whole session pop3_lock_session = yes Shouldn't be doing this I guess? If you do it then a single POP3 session can keep the mailbox locked pretty much forever. If you don't do it, you're violating POP3 RFC, but I don't think anyone really cares about that.. Indeed. All I care about is that the user gets his/her mail. Which he didn't. I disabled it. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] .mailboxlist - .subscriptions
On 3/15/2012 6:29 AM, Timo Sirainen wrote: On Wed, 2012-03-14 at 10:46 -0400, Steve Campbell wrote: I've mostly finished a conversion from an old Centos 3 UW-Imap server to a new Centos 6 dovecot server. This is messy stuff to do. There are ways you could make Dovecot behave identically to UW-IMAP (mail_full_filesystem_access=yes), but for future and for security it's better if you don't do that. I did not copy the old ~/.mailboxlist file to ~/mail/.subscriptions file, but notice some users have the latter file now. These are all mbox folders on the old and new server. Copying it for users who haven't already readded their subscriptions would be a good idea. Over the years, some imap accounts had their folders directly in their home directory and the contents of the .mailboxlist file would have an entry with just the name of the folder in it (Trash, eg), and most had the folders in their ~/mail folder with an entry like mail/Trash. Our webmail app, Horde/Imp, always seemed to take care of this. If I create the .subscription file for the users during the move to the new server, should I move the folders to the mail directory and amend their .subscriptions file to reflect that change on these odd ball accounts, and will that affect how their client is seeing these? Yes, move all of the mboxes to mail/ directory. With the compatibility namespaces it should work so that clients don't notice changes: http://wiki2.dovecot.org/Namespaces - Backwards Compatibility There are also a few old mailing list threads detailing all kinds of issues and solutions related to UW-IMAP - Dovecot migration.. I'd replied to an earlier thread, and in it, I'd asked a question about a blank prefix namespace and the backward compatability namespaces. I'm not sure whether my mail_location takes precedence over namespaces (with or without a location parm), especially since I don't define a blank prefix defined. It's been working, or at least I'm not getting calls, so maybe I'm OK. In any event, I believe if I move all of these folders to ~/mail, ensure the .subscriptions file is matching, that at least people using Thunderbird will re-read the file and set their folders properly. Not sure about other clients. Thanks for the help. steve
Re: [Dovecot] Shared folder prefix listed multiple times with dovecot 2.1.1
On Thu, 2012-03-08 at 21:36 +0200, Timo Sirainen wrote: On 8.3.2012, at 21.18, Markus Petri wrote: after upgrading from 2.0.18 to 2.1.1 I noticed that I could not use shared folders with mutt anymore. 2.1 lists the shared namespace prefix once per user sharing an folder in LIST %. I also noticed, that with 2.1 the user folder (Shared/username) is no longer tagged as \NoSelect. Is this the intended behaviour and mutt simply cannot cope with it or is it a dovecot problem? Both. Dovecot shouldn't send duplicates, but mutt shouldn't break even if it did. This is a bit difficult to fix. I'll probably leave it until v2.2. Also Dovecot probably should add \Noselect, especially if the mailbox isn't really selectable (there's some weirdness between shared/user being equal to shared/user/INBOX, but I'm not sure what to do about it). These should fix this: http://hg.dovecot.org/dovecot-2.1/rev/65a75939ac2c http://hg.dovecot.org/dovecot-2.1/rev/55586f4a86f1
Re: [Dovecot] director lmtp - smtp problem
On Thu, 2012-03-15 at 07:50 -0400, Jim Lawson wrote: On 3/15/12 6:02 AM, Timo Sirainen wrote: Hi, On 15.3.2012, at 3.24, Jim Lawson wrote: We have a 2-node director setup which front-ends for 4 nodes which share a clustered filesystem (GFS). All nodes run Dovecot 2.0.18. .. Mar 14 20:40:38 imapdir2 dovecot: lmtp(10692): Panic: file lmtp-proxy.c: line 376 (lmtp_proxy_output_timeout): assertion failed: (proxy-data_input -eof) I pretty much rewrote the LMTP proxying code in v2.1, so there's a very good chance that it's already been fixed. I'll give it a shot. For the purposes of doing a rolling upgrade, is it reasonable to expect a 2.0.18 director to peer with a 2.1.1 director for the duration, or should I split-brain them during the upgrade? I'm almost certain that v2.1.1 talks compatible protocol with v2.0. The current hg version has some extra features, but it doesn't use them until all of the directors have upgraded to the new version.
Re: [Dovecot] Dovecot 2.1 with custom OpenSSL fails to build
On Mon, 2012-03-05 at 00:32 +, Andreas M. Kirchwitz wrote: Thanks for this patch. I've applied it to the dovecot-20120303 nightly snapshot. The good news is, compilation works fine. The bad news is, the libraries and binaries don't work because they don't find the custom SSL libraries. .. $ patch -p1 -s ../dovecot-20120303-e540404debb7.patch $ env SSL_CFLAGS=-I/usr/local/ssl/include SSL_LIBS=-L/usr/local/ssl/lib -Wl,-R/usr/local/ssl/lib -lcrypto -lssl ./configure --prefix=/usr/local/Dovecot-20120303 --with-ssl=openssl --with-ssldir=/usr/local/Dovecot-20120303/etc/dovecot/certs make make install You would have needed to run autogen.sh again. It works with me now that I tried in a test server with OpenSSL in non-standard dir.
[Dovecot] dovecot and systemd
Hi all, dovecot supports systemd socket activation. Together with standard unit activation (like old sysv init script), there are two ways how to configure dovecot(only interface:port, not whole configuration). This can result in situation where those configurations does not say the same. Question is what should happen then? For example, lets have dovecot configured to listen for imap(s) and lets have systemd dovecot socket configured to listen for all protocols - pop3(s) and imap(s). When dovecot is configured to start on boot, systemd will start it and dovecot will listen on imap(s) ports. But when dovecot.socket is enabled, it'll listen on pop3(s) too and when new pop3 connection comes, it'll pass it to dovecot and dovecot will serve it. The question is: Should this happen? What exactly should happen when dovecot.conf does not match dovecot.socket configuration? Michal
Re: [Dovecot] Shared folder prefix listed multiple times with dovecot 2.1.1
On Thu, 15 Mar 2012 14:22:11 +0200 Timo Sirainen t...@iki.fi wrote: Also Dovecot probably should add \Noselect, especially if the mailbox isn't really selectable (there's some weirdness between shared/user being equal to shared/user/INBOX, but I'm not sure what to do about it). These should fix this: http://hg.dovecot.org/dovecot-2.1/rev/65a75939ac2c http://hg.dovecot.org/dovecot-2.1/rev/55586f4a86f1 Yes, those fix the problem. Thanks.
Re: [Dovecot] problems with SSH-based clustering dovecot 2.1.1
Hi -- On 15.03.2012 12:21, Charles Marcus wrote: On 2012-03-14 5:51 PM, Michael Grimm trash...@odo.in-berlin.de wrote: You misunderstood. I was referring to system cronjob's mail reports from cron.daily jobs like security reports et al. Those reports normally run at identical times. But are these really 'duplicate' mails? It sounds to me like they are individual to each system. I'm also confused - are you actually delivering the exact *same* mail to two (or multiple) *different* servers simultaneously? If only one copy of the mail gets delivered, regardless of which server it gets delivered to, when dsync runs, there would be no duplicates, right? Well, let me explain it in more detail: Given there are two servers called mx1 and mx2. They both have cron.daily jobs running, and let's say those cronjobs are meant to create at 3:00 a postfix-logwatch report on every server. Thus, the cronjob at mx1 sends his final report to the admin of mx1, and the one at mx2 to the admin of mx2. I happen to be the one who will finally receive those reports, and therefore I did tell sieve to drop them into some folder of mine, let's say REPORTS. Thus, at 3:01 one report from mx1 will be delivered at mx1 into mailfolder REPORTS and at 3:01 one report from mx2 will be delivered at mx2 into the mailfolder REPORTS. Important: both mails are different but they arrive in the mailfolder REPORTS at the same time, one at mx1 the other at mx2. And, let's call the report from mx1 cronjob mx1-report and that from mx2 mx2-report. I had dsync running every minute. Thus at 3:00 the final sync has been initiated, and at 3:01 dsync will find two mails to sync in REPORTS. In 99.9% of all synchronizations the final result at both server's REPORTS mailbox is as expected and as follows: mx1-report 3:01 mx2-report 3:01 But occasionally, and what I refer to as duplicates, I did find either ... mx1-report 3:01 mx1-report 3:01 mx2-report 3:01 ... or ... mx1-report 3:01 mx2-report 3:01 mx2-report 3:01 Actually, that was when I started to investigate how dsync will behave when many mails arrive at two servers simultaneously with identical final mailboxes. The day I switched to the new replicator/dsync technique, those duplicates are history, but I'm still able to produce duplicates (and multiples) if I simultaneously produce *many* mails at every server with identical mailbox destinations in a minute (see my other report a couple of days ago). Timo is suspecting the combination of arriving mails while running dsync to be a possible cause of such duplicates, if I didn't get him wrong. Again, if your servers aren't receiving loads of mails for the very same mailboxes within very short time, the current dsync/replicator works great. HTH and regards, Michael
Re: [Dovecot] doveadm -A stops processing at first uidfirst_valid_uid
On Mon, 2012-03-05 at 18:01 -0800, Joseph Tam wrote: On Sun, 4 Mar 2012, Timo Sirainen writes: I would like to run various doveadm commands that involves all (mail) users like doveadm expunge -A mailbox Trash savedbefore 30d but any doveadm command that uses -A to iterate through all users will stop processing at the first account with UIDfirst_valid_uid. What userdb are you using? userdb passwd should already skip users that aren't in the valid range. And what Dovecot version are you using? passwd-file under dovecot 2.0.16. Ah. The skipping only works in v2.1. Also you mean you're using passwd-file for /etc/passwd? You shouldn't really be doing that.
Re: [Dovecot] problems with SSH-based clustering dovecot 2.1.1
On 2012-03-15 9:46 AM, Michael Grimm trash...@odo.in-berlin.de wrote: Thus, at 3:01 one report from mx1 will be delivered at mx1 into mailfolder REPORTS and at 3:01 one report from mx2 will be delivered at mx2 into the mailfolder REPORTS. Important: both mails are different but they arrive in the mailfolder REPORTS at the same time, one at mx1 the other at mx2. And, let's call the report from mx1 cronjob mx1-report and that from mx2 mx2-report. so these are LOCAL mails delivered to local user accounts? The easiest thing to do for this is simply alias the local address(es) so that they all go to one single server/account (I would use only virtual, but you can do it with system accounts too). I see lots of potential problems doing it the way you are doing it. -- Best regards, Charles
Re: [Dovecot] dovecot and systemd
On Thu, 2012-03-15 at 14:34 +0100, Michal Hlavinka wrote: What exactly should happen when dovecot.conf does not match dovecot.socket configuration? Dovecot's systemd code was written by one of you Redhat guys. I had some similar thoughts when I applied the patch, but didn't really know what to do about it, so I didn't do anything. So: I don't know. Maybe some other project has solved this somehow already? Dovecot anyway needs its own internal UNIX listeners. Should all internal inet listeners be disabled? Could Dovecot somehow talk to systemd and ask what listeners it's using for Dovecot and log warnings if they don't match?
Re: [Dovecot] sieve.before script is taking preceedence over user defined rules
On 3/15/2012 12:42 PM, Alexis Lelion wrote:
Hello Stephan,
Thanks for your answer, and sorry for forgetting to specify which
dovecot version I was using :-/
I'm using Dovecot 2.0.15, with PigeonHole.
The syntax issues are some typos I made while writing this email, I
double checked, and indeed, my production script was slightly
different from what I wrote in the first place. I can confirm that the
scripts compile properly with sievec, and also that the folder does
exist, but just to be sure this is not an issue, I added the :create
option to the user's fileinto.
I have no errors in my logs, the only thing displayed is
tThbJ1myYU+ZPwAA6RJXdw: sieve: msgid=unspecified: stored mail into
mailbox 'INBOX'
Is there any way to increase verbosity for sieve only?
You can test Sieve outside normal delivery using the sieve-test tool;
include the global sieve_before script using a -s argument.
Alternatively, you can use the vnd.dovecot.debug extension as follows:
require [fileinto, mailbox, vnd.dovecot.debug];
if address :domain From trusted.tld {
fileinto :create trusted;
debug_log Tried to save in \trusted\;
}
You need to add the vnd.dovecot.debug extension to sieve_extensions in your
90-sieve.conf, e.g.:
sieve_extensions = +vnd.dovecot.debug
This will produce the following output in the user's personal sieve log
(typically ~/.dovecot.sieve.log):
sieve: info: started log at Mar 15 15:13:29.
main_script: line 5: info: DEBUG: Tried to save in trusted.
info: msgid=unspecified: stored mail into mailbox 'trusted'.
If the DEBUG line is missing at your end, the fileinto is not executed at all.
If it is, and things are still delivered in INBOX, something else is going on.
Regards,
Stephan.
Re: [Dovecot] problems with SSH-based clustering dovecot 2.1.1
Hi -- On 15.03.2012 15:04, Charles Marcus wrote: On 2012-03-15 9:46 AM, Michael Grimm trash...@odo.in-berlin.de wrote: Thus, at 3:01 one report from mx1 will be delivered at mx1 into mailfolder REPORTS and at 3:01 one report from mx2 will be delivered at mx2 into the mailfolder REPORTS. Important: both mails are different but they arrive in the mailfolder REPORTS at the same time, one at mx1 the other at mx2. And, let's call the report from mx1 cronjob mx1-report and that from mx2 mx2-report. so these are LOCAL mails delivered to local user accounts? All locally produced mails are aliased to the very same virtual user, namely myself. The easiest thing to do for this is simply alias the local address(es) so that they all go to one single server/account (I would use only virtual, but you can do it with system accounts too). That is exactly what I'm doing, I'm running virtual, only. No local user accounts here. Every locally produced system mail end in virtual mailboxes of myself. In the given example mx1-report is delivered to REPORTS@mx1 and mx2-report to REPORTS@mx2. Now, I want to access them via IMAP for instance at my mx1 mail account. Without dsync I would only be able to access mx1-report, thus I do need to sync REPORTS to see both at mx1. I see lots of potential problems doing it the way you are doing it. Hmm, now, I don't understand you. Regards, Michael
Re: [Dovecot] sieve.before script is taking preceedence over user defined rules
Thanks for this useful information, I will give it a try
On Thu, Mar 15, 2012 at 3:17 PM, Stephan Bosch step...@rename-it.nl wrote:
On 3/15/2012 12:42 PM, Alexis Lelion wrote:
Hello Stephan,
Thanks for your answer, and sorry for forgetting to specify which
dovecot version I was using :-/
I'm using Dovecot 2.0.15, with PigeonHole.
The syntax issues are some typos I made while writing this email, I
double checked, and indeed, my production script was slightly
different from what I wrote in the first place. I can confirm that the
scripts compile properly with sievec, and also that the folder does
exist, but just to be sure this is not an issue, I added the :create
option to the user's fileinto.
I have no errors in my logs, the only thing displayed is
tThbJ1myYU+ZPwAA6RJXdw: sieve: msgid=unspecified: stored mail into
mailbox 'INBOX'
Is there any way to increase verbosity for sieve only?
You can test Sieve outside normal delivery using the sieve-test tool;
include the global sieve_before script using a -s argument.
Alternatively, you can use the vnd.dovecot.debug extension as follows:
require [fileinto, mailbox, vnd.dovecot.debug];
if address :domain From trusted.tld {
fileinto :create trusted;
debug_log Tried to save in \trusted\;
}
You need to add the vnd.dovecot.debug extension to sieve_extensions in your
90-sieve.conf, e.g.:
sieve_extensions = +vnd.dovecot.debug
This will produce the following output in the user's personal sieve log
(typically ~/.dovecot.sieve.log):
sieve: info: started log at Mar 15 15:13:29.
main_script: line 5: info: DEBUG: Tried to save in trusted.
info: msgid=unspecified: stored mail into mailbox 'trusted'.
If the DEBUG line is missing at your end, the fileinto is not executed at
all. If it is, and things are still delivered in INBOX, something else is
going on.
Regards,
Stephan.
[Dovecot] v2.1.2 released
http://dovecot.org/releases/2.1/dovecot-2.1.2.tar.gz
http://dovecot.org/releases/2.1/dovecot-2.1.2.tar.gz.sig
There are a ton of proxying related improvements in this release. You
should now be able to do pretty much anything you want with Dovecot
proxy/director.
This release also includes the initial version of dsync-based
replication. I'm already successfully using it for @dovecot.fi mails,
but it still has some problems. See
http://dovecot.org/list/dovecot/2012-March/064243.html for some details
how to configure it.
+ Initial implementation of dsync-based replication. For now this
should be used only on non-critical systems.
+ Proxying: POP3 now supports sending remote IP+port from proxy to
backend server via Dovecot-specific XCLIENT extension.
+ Proxying: proxy_maybe=yes with host=hostname (instead of IP)
works now properly.
+ Proxying: Added auth_proxy_self setting
+ Proxying: Added proxy_always extra field (see wiki docs)
+ Added director_username_hash setting to specify what part of the
username is hashed. This can be used to implement per-domain
backends (which allows safely accessing shared mailboxes within
domain).
+ Added a session ID string for imap/pop3 connections, available
in %{session} variable. The session ID passes through Dovecot
IMAP/POP3 proxying to backend server. The same session ID is can be
reused after a long time (currently a bit under 9 years).
+ passdb checkpassword: Support credentials lookups (for
non-plaintext auth and for lmtp_proxy lookups)
+ fts: Added fts_index_timeout setting to abort search if indexing
hasn't finished by then (default is to wait forever).
- doveadm sync: If mailbox was expunged empty, messages may have
become back instead of also being expunged in the other side.
- director: If user logged into two directors while near user
expiration, the directors might have redirected the user to two
different backends.
- imap_id_* settings were ignored before login.
- Several fixes to mailbox_list_index=yes
- Previous v2.1.x didn't log all messages at shutdown.
- mbox: Fixed accessing Dovecot v1.x mbox index files without errors.
[Dovecot] v2.0.19 released
http://dovecot.org/releases/2.0/dovecot-2.0.19.tar.gz http://dovecot.org/releases/2.0/dovecot-2.0.19.tar.gz.sig Hopefully one of the last v2.0.x releases. - IMAP: ENABLE CONDSTORE/QRESYNC + STATUS for a mailbox might not have seen latest external changes to it, like new mails. - imap_id_* settings were ignored before login. - doveadm altmove did too much work sometimes, retrying moves it had already done. - mbox: Fixed accessing Dovecot v1.x mbox index files without errors.
[Dovecot] Compiler warnings in dovecot-2.1.2 and pigeonhole 0.3.0
I'm seeing a few warnings emitted when building for x86. They're pretty obvious, but if you want the configure options etc, I can provide those. In Dovecot 2.1.2 (I also see some of these in 2.1.1): 1) src/lib-index/mail-cache-fields.c (comparison between two last_used fields) mail-cache-fields.c: In function 'mail_cache_header_fields_read': mail-cache-fields.c:406: warning: comparison between signed and unsigned 2) src/director/user-directory.c (comparison with ioloop_time) user-directory.c: In function 'user_directory_user_is_recently_updated': user-directory.c:147: warning: comparison between signed and unsigned 3) src/replication/replicator/replicator-brain.c (comparison with ioloop_time) replicator-brain.c: In function 'doveadm_replicate': replicator-brain.c:113: warning: comparison between signed and unsigned 4) src/replication/replicator/replicator-queue.c (comparison with ioloop_time) replicator-queue.c: In function 'replicator_queue_pop': replicator-queue.c:201: warning: comparison between signed and unsigned In Pigeonhole 0.3.0: 5) src/managesieve-login/client-authenticate.c (passing size_t * not uoff_t *) client-authenticate.c: In function 'managesieve_client_auth_read_response': client-authenticate.c:214: warning: passing argument 3 of 'i_stream_get_size' from incompatible pointer type
Re: [Dovecot] Compiler warnings in dovecot-2.1.2 and pigeonhole 0.3.0
On 15.3.2012, at 18.04, Tom Talpey wrote: I'm seeing a few warnings emitted when building for x86. They're pretty obvious, but if you want the configure options etc, I can provide those. In Dovecot 2.1.2 (I also see some of these in 2.1.1): Thanks, fixed in hg. I guess I should add x86 vm building these nightly as well..
Re: [Dovecot] [Dovecot-news] v2.1.2 released
On Mac OS X 10.5.8 / darwin 9.8.0, I'm getting this error on startup again:
dovecot[74267]: master: Fatal: kevent(EV_ADD, READ, 19) failed: Invalid argument
dovecot.conf contains:
service stats {
fifo_listener stats-mail {
mode = 0
}
}
which fixed the issue with 2.1.1
adding the following seems to have fixed things:
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0
}
}
from looking at config/all-settings.c it looks like I should maybe also add the
following (but I have not tried it).
service director {
fifo_listener login/proxy-notify {
mode = 0
}
}
It would be really nice if this failed more gracefully so the config tweaks
weren't necessary. (I can work on a patch if it's something that would be
accepted and if someone can point me in the right direction).
--
Daniel J. Luke
++
| * dl...@geeklair.net * |
| *-- http://www.geeklair.net -* |
++
| Opinions expressed are mine and do not necessarily |
| reflect the opinions of my employer. |
++
[Dovecot] replication howto
Hello, excuse me but there is some documentation about replication now?
I dont' understand where i must put the lines below (dovecot.conf? , 20-imap?)
Excuse but it's not so clear for me cause i'm a new dovecot user.
Another question, i use virtual users on mysql backend , so for
replication i need to give ssh at every virtual users?
Or i can use a only use a system ssh user?
Thank's
service aggregator {
# give enough permissions for mail processes
fifo_listener replication-notify-fifo {
user = vmail
mode = 0600
}
unix_listener replication-notify {
user = vmail
mode = 0600
}
}
service replicator {
# start replication at startup
process_min_avail = 1
}
plugin {
# host1 replicates to host2
mail_replica = remote:vmail at host2.example.com
# host2 replicates to host1
#mail_replica = remote:vmail at host1.example.com
}
#dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
-l%{lock_timeout} -n%{namespace}
service doveadm {
# if you're using a single virtual user, set this to
# start ssh as vmail (not root)
user = vmail
}
--
Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
**
Ing. Matteo Cazzador
Email: mcazza...@gmail.com
**
Re: [Dovecot] replication howto
Hi --
On 15.03.2012, at 17:42, Matteo Cazzador wrote:
Hello, excuse me but there is some documentation about replication now?
Not that I'm aware of.
I dont' understand where i must put the lines below (dovecot.conf? ,
20-imap?)
You can put them wherever you wish, as long as you include that part
of your configuration. Myself, I'm still using a single dovecot.conf,
only.
Another question, i use virtual users on mysql backend , so for
replication i need to give ssh at every virtual users?
Or i can use a only use a system ssh user?
If I'm not mistaken, you can use a single ssh user, and you could use
the vmail user for instance. That's what I do, and I'm using sqlite for
userdb.
Here's my configuration:
---
If you choose to run ssh on a different port from the default one, you need:
## ssh command line used in dsync replication (ssh port added)
#
dsync_remote_cmd = ssh -p 1234 -l%{login} %{host} doveadm dsync-server -u%u
-l%{lock_timeout} -n%{namespace}
If not, you can start here:
## --- DSYNC REPLICATION
#
# aggregator, replicator, doveadm, and config needed, and
# dsync_remote_cmd if running ssh via non-default port
#
service aggregator {
# give enough permissions for mail processes
#
fifo_listener replication-notify-fifo {
user = vmail
mode = 0600
}
unix_listener replication-notify {
user = vmail
mode = 0600
}
}
service replicator {
# start replication at startup
#
process_min_avail = 1
}
service doveadm {
# if you're using a single virtual user, set this to start ssh as vmail
# (not root)
#
user = vmail
}
service config {
# needed to grant access to /var/run/dovecot/config for service doveadm
#
unix_listener config {
user = vmail
}
}
The following part is for server 1, only:
## --- PLUGINS
#
# dsync replication plugin
#
plugin {
# this host replicates to remote host
#
mail_replica = remote:vmail@server2.domain
# run full synchronization mode every other hour
# (default is every 24 hours)
#
replication_full_sync_interval = 1 hours
}
The following part is for server 2, only:
## --- PLUGINS
#
# dsync replication plugin
#
plugin {
# this host replicates to remote host
#
mail_replica = remote:vmail@server1.domain
# run full synchronization mode every other hour
# (default is every 24 hours)
#
replication_full_sync_interval = 1 hours
}
HTH,
Michael
Re: [Dovecot] replication howto
Hi, thank's a lot! for your detailed answer.
About ssh (excuse for my english) i think you correctly understand
what is my problem
with virtual user (i have no system user ) and there are not ssh
account. So i must use a dedicate account for replication (ssh)
that must act sync for all virtual mail account.
Thank' s i try you suggest now!
Il 15 marzo 2012 18:09, Michael Grimm trash...@odo.in-berlin.de ha scritto:
Hi --
On 15.03.2012, at 17:42, Matteo Cazzador wrote:
Hello, excuse me but there is some documentation about replication now?
Not that I'm aware of.
I dont' understand where i must put the lines below (dovecot.conf? ,
20-imap?)
You can put them wherever you wish, as long as you include that part
of your configuration. Myself, I'm still using a single dovecot.conf,
only.
Another question, i use virtual users on mysql backend , so for
replication i need to give ssh at every virtual users?
Or i can use a only use a system ssh user?
If I'm not mistaken, you can use a single ssh user, and you could use
the vmail user for instance. That's what I do, and I'm using sqlite for
userdb.
Here's my configuration:
---
If you choose to run ssh on a different port from the default one, you need:
## ssh command line used in dsync replication (ssh port added)
#
dsync_remote_cmd = ssh -p 1234 -l%{login} %{host} doveadm dsync-server -u%u
-l%{lock_timeout} -n%{namespace}
If not, you can start here:
## --- DSYNC REPLICATION
#
# aggregator, replicator, doveadm, and config needed, and
# dsync_remote_cmd if running ssh via non-default port
#
service aggregator {
# give enough permissions for mail processes
#
fifo_listener replication-notify-fifo {
user = vmail
mode = 0600
}
unix_listener replication-notify {
user = vmail
mode = 0600
}
}
service replicator {
# start replication at startup
#
process_min_avail = 1
}
service doveadm {
# if you're using a single virtual user, set this to start ssh as vmail
# (not root)
#
user = vmail
}
service config {
# needed to grant access to /var/run/dovecot/config for service doveadm
#
unix_listener config {
user = vmail
}
}
The following part is for server 1, only:
## --- PLUGINS
#
# dsync replication plugin
#
plugin {
# this host replicates to remote host
#
mail_replica = remote:vmail@server2.domain
# run full synchronization mode every other hour
# (default is every 24 hours)
#
replication_full_sync_interval = 1 hours
}
The following part is for server 2, only:
## --- PLUGINS
#
# dsync replication plugin
#
plugin {
# this host replicates to remote host
#
mail_replica = remote:vmail@server1.domain
# run full synchronization mode every other hour
# (default is every 24 hours)
#
replication_full_sync_interval = 1 hours
}
HTH,
Michael
--
Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
**
Ing. Matteo Cazzador
Email: mcazza...@gmail.com
**
Re: [Dovecot] director lmtp - smtp problem
On 3/15/12 8:25 AM, Timo Sirainen wrote: On Thu, 2012-03-15 at 07:50 -0400, Jim Lawson wrote: On 3/15/12 6:02 AM, Timo Sirainen wrote: Hi, On 15.3.2012, at 3.24, Jim Lawson wrote: We have a 2-node director setup which front-ends for 4 nodes which share a clustered filesystem (GFS). All nodes run Dovecot 2.0.18. .. Mar 14 20:40:38 imapdir2 dovecot: lmtp(10692): Panic: file lmtp-proxy.c: line 376 (lmtp_proxy_output_timeout): assertion failed: (proxy-data_input -eof) I pretty much rewrote the LMTP proxying code in v2.1, so there's a very good chance that it's already been fixed. I'll give it a shot. For the purposes of doing a rolling upgrade, is it reasonable to expect a 2.0.18 director to peer with a 2.1.1 director for the duration, or should I split-brain them during the upgrade? I'm almost certain that v2.1.1 talks compatible protocol with v2.0. The current hg version has some extra features, but it doesn't use them until all of the directors have upgraded to the new version. Trying with v2.1.2 (peer is v2.0.18): Mar 15 13:15:53 imapdir2 dovecot: director: Panic: file director.c: line 295 (director_sync): assertion failed: (!dir-ring_synced || (dir-left == NULL dir-right == NULL)) Mar 15 13:15:53 imapdir2 dovecot: director: Fatal: master: service(director): child 513 killed with signal 6 (core not dumped) Mar 15 13:15:53 imapdir2 dovecot: director: Error: Director 132.198.100.149:9090/right disconnected Which is OK, I can run them split-brained (rules in iptables to prevent directors from talking) while I move users around. It'll mean poor performance for GFS for the duration, but that's better than an outage. The good news is, the lmtp problem I wrote about above appears to be fixed. Thanks !!! Jim
Re: [Dovecot] replication howto
Hi --
On 15.03.2012, at 18:16, Matteo Cazzador wrote:
with virtual user (i have no system user ) and there are not ssh
account. So i must use a dedicate account for replication (ssh)
that must act sync for all virtual mail account.
Yes, that's what I use. I did create a dedicated account for vmail
with all the necessary ssh stuff in ~vmail/.ssh
One remark I forgot to mention in my last mail:
service doveadm {
# if you're using a single virtual user, set this to start ssh as
vmail
# (not root)
#
user = vmail
}
This part is only needed, if you choose to run device doveadm as user
vmail like I do.
service config {
# needed to grant access to /var/run/dovecot/config for service
doveadm
#
unix_listener config {
user = vmail
}
}
Regards,
Michael
Re: [Dovecot] problems with SSH-based clustering dovecot 2.1.1
The day I switched to the new replicator/dsync technique, those duplicates are history, but I'm still able to produce duplicates (and multiples) if Hello, Can you get a little bit more in details about this replicator/dsync techique? As my main problem is that EVERYTHING (that gets created on different servers in the same time) gets duplicated. I only do replication using the doveadm sync command. My servers are geographically distributed as you might remember from previous posts so I run doveadm every 5 minutes, and only 1 instance of doveadm runs at any given times (so let's say that due to a HUGE volume the doveamd take 30 minutes to complete, then all in-between 5minutes are skipped). Thnx, Andrei
Re: [Dovecot] director lmtp - smtp problem
On 15.3.2012, at 19.23, Jim Lawson wrote: I'm almost certain that v2.1.1 talks compatible protocol with v2.0. The current hg version has some extra features, but it doesn't use them until all of the directors have upgraded to the new version. Trying with v2.1.2 (peer is v2.0.18): Mar 15 13:15:53 imapdir2 dovecot: director: Panic: file director.c: line 295 (director_sync): assertion failed: (!dir-ring_synced || (dir-left == NULL dir-right == NULL)) This points to a more generic problem. How did this happen? You have two directors, stopped upgraded one, started it up and it crashed?
Re: [Dovecot] problems with SSH-based clustering dovecot 2.1.1
On 15.3.2012, at 19.49, Michescu Andrei wrote: Can you get a little bit more in details about this replicator/dsync techique? As my main problem is that EVERYTHING (that gets created on different servers in the same time) gets duplicated. I only do replication using the doveadm sync command. Try at least v2.1.2 first, since it has some fixes. Also post your doveconf -n output.
Re: [Dovecot] director lmtp - smtp problem
On 3/15/12 1:52 PM, Timo Sirainen wrote: On 15.3.2012, at 19.23, Jim Lawson wrote: I'm almost certain that v2.1.1 talks compatible protocol with v2.0. The current hg version has some extra features, but it doesn't use them until all of the directors have upgraded to the new version. Trying with v2.1.2 (peer is v2.0.18): Mar 15 13:15:53 imapdir2 dovecot: director: Panic: file director.c: line 295 (director_sync): assertion failed: (!dir-ring_synced || (dir-left == NULL dir-right == NULL)) This points to a more generic problem. How did this happen? You have two directors, stopped upgraded one, started it up and it crashed? That's correct. Configs are the same between directors (same as I sent in the original msg) Jim
Re: [Dovecot] replication howto
Hi, yes it'a good idea but i'm using now root i hope this not invalid all
I obtain this error but maybe i need some pause
Mar 15 18:55:28 Gentoo_cyrus_imap dovecot:
dsync-local(matteo@netlite.locale): Error: remote: bash: doveadm:
command not found
Mar 15 18:55:28 Gentoo_cyrus_imap dovecot:
dsync-local(matteo@netlite.locale): Error: read() from worker server
failed: EOF
Thank's a lot!
Il 15 marzo 2012 18:28, Michael Grimm trash...@odo.in-berlin.de ha scritto:
Hi --
On 15.03.2012, at 18:16, Matteo Cazzador wrote:
with virtual user (i have no system user ) and there are not ssh
account. So i must use a dedicate account for replication (ssh)
that must act sync for all virtual mail account.
Yes, that's what I use. I did create a dedicated account for vmail
with all the necessary ssh stuff in ~vmail/.ssh
One remark I forgot to mention in my last mail:
service doveadm {
# if you're using a single virtual user, set this to start ssh as
vmail
# (not root)
#
user = vmail
}
This part is only needed, if you choose to run device doveadm as user
vmail like I do.
service config {
# needed to grant access to /var/run/dovecot/config for service
doveadm
#
unix_listener config {
user = vmail
}
}
Regards,
Michael
--
Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
**
Ing. Matteo Cazzador
Email: mcazza...@gmail.com
**
[Dovecot] Lack of external documentation?
Firstly, this isn't meant to be critical, and I realize the subject line probably suggest criticism, so... I was sort of forced into using dovecot as my imap/pop server due to upgrading 3 versions of OS on my mail servers. So far, that's not bad. What surprises me is that one of the first things I usually do whenever I start using different software is to purchase a book that seems to suit me. Searching all of the common places like amazon, ebay, etc for manuals turned up little to nothing on dovecot. I'm wondering why and is this so new that people just haven't written books about it yet? The one thing I'm a little critical of, though, is that trying to make heads or tails of dovecot by following the online documentation is a little problematic. I'm constantly jumping to another page and then back to the original page, and for the most part, I just don't know enough about it all yet to know what I'm looking for. Does anyone know of any manuals/books that have been written that might introduce me to most of the stuff in dovecot? So far, the list has been great, but once the dsync threads started popping up, I find there's even more I don't know about. Thanks for all the help I've received so far and I think I'm really going to like dovecot. Once I get the hang of it, I'll probably reduce the amount of noise on the list by half. steve campbell
Re: [Dovecot] Lack of external documentation?
On 03/15/2012 03:06 PM, Steve Campbell wrote: Firstly, this isn't meant to be critical, and I realize the subject line probably suggest criticism, so... I was sort of forced into using dovecot as my imap/pop server due to upgrading 3 versions of OS on my mail servers. So far, that's not bad. What surprises me is that one of the first things I usually do whenever I start using different software is to purchase a book that seems to suit me. Searching all of the common places like amazon, ebay, etc for manuals turned up little to nothing on dovecot. I'm wondering why and is this so new that people just haven't written books about it yet? The one thing I'm a little critical of, though, is that trying to make heads or tails of dovecot by following the online documentation is a little problematic. I'm constantly jumping to another page and then back to the original page, and for the most part, I just don't know enough about it all yet to know what I'm looking for. The best docs are on the wiki and this mailing list. If you find the information in the wiki to be lacking, the best thing you can do is find the solution yourself and/or on this mailing list, and then make a wiki entry so the next person will know how to solve the same problem you had. Dovecot is a complex piece of software, and understanding some functionality requires reading the wiki, asking on the mailing list and/or examining the source code. You can also obtain paid support from these companies: http://dovecot.org/support.html I'll be the first to admit that complex and specialized configurations are sometimes difficult to figure out, however this list has always been a tremendous amount of help. Terry
Re: [Dovecot] Multiple locations, 2 servers - planning questions...
On 3/15/2012 5:51 AM, Charles Marcus wrote: On 2012-03-01 8:38 PM, Stan Hoeppner s...@hardwarefreak.com wrote: Get yourself a qualified network architect. Pay for a full network traffic analysis. He'll attach sniffers at multiple points in your network to gather traffic/error/etc data. Then you'll discuss the new office, which employees/types with move there, and you'll be able to know almost precisely the average and peak bandwidth needs over the MAN link. He'll very likely tell you the same thing I have, that a single gigabit MAN link is plenty. If you hire him to do the work, he'll program the proper QOS setup to match the traffic patterns gleaned from the sniffers. Finally had time to properly review your answers here Stan. The time you took for the in-depth reply is very much appreciated - and Multi-site setups can be tricky as they often temp folks to do unnecessary things they otherwise would not. Just trying to help keep your sails pointed in the right direction. :) #1 rule when building a multi-site network: only duplicate hardware and services at the remote site(s) when absolutely necessary. I'm sure you got a kick out of the level of my ignorance... ;) Not at all. I'm sure there is some subject or another where you would demonstrate my ignorance. From another perspective, if there was no ignorance left on the planet then there would be nothing left for anyone to learn. That would make for a boring world. As for hiring a network architect, I will absolutely be doing as you recommend (was already planning on it), but with the information I'm now armed with, at least I'll have a better chance of knowing if they know what they are doing/talking about... Now that you are aware of network analysis using sniffers, allow me to throw you a curve ball. For a network of your size, less than 70 users IIRC, with a typical application mix but with SMB/NFS traffic/file sizes a little above 'average', a qualified engineer probably won't need to plug sniffers into your network to determine the size MAN pipe and what traffic shaping you'll need. He'll have already done a near identical setup dozens of times. The good news is this saves you a few grand. Analysis with sniffers ain't cheap, even for small networks. And sniffers are normally only deployed to identify the cause of network problems, not very often for architectural or capacity planning. But, asking him about doing a full analysis using sniffers, and hearing his response, may lead to a valuable discussion nonetheless. Have your MAN and internet providers' (if not the same company) pricing sheet(s) in hand when you meet with the engineer. Depending on fast ethernet MAN, GbE MAN, and internet pipe pricing, he may have some compelling options/recommendations for you, possibly quite different, less costly, and more redundant than what you have been considering up to this point. I'm still planning for the two physical servers (one at each location), Again, if you don't _need_ hardware and services at the 2nd site to achieve the current service level at the primary site, do not add these things to the 2nd site. I really want to put a bunch of exclamation points here but I hate exclamation points in technical emails--actually I just hate them, period. ;) but you have convinced me that trying to run two live mail systems is an unnecessary and even unwanted level of complexity. Running an active/active Dovecot cluster doesn't guarantee an unnecessary nor unwanted additional complexity. The need for clustering should go through a justification process just like anything else: what's the benefit, total 'cost', what's the ROI, etc. Lots of people here do active/active clustering every day with great success. Connecting the cluster nodes over a MAN link, however, does introduce unnecessary complexity. Locating one node in another building many blocks away is unnecessary. Putting the nodes in the same rack/room is smart, and easily accomplished in your environment, gives you the redundancy above, but without the potentially problematic MAN link as the cluster interconnect. Granted you'll need to build two new (preferably identical) systems from scratch and setup shared storage (DRBD or a SAN array) and GFS2 or OCFS, etc. Given your environment, there are only two valid reasons for locating equipment and duplicating data and services at a remote site: 1. Unrecoverable network failure (due to single MAN link) 2. Unrecoverable primary site failure (natural or man made disaster) #1 is taken care of by redundant MAN links #2 you've never planned for to this date (probability is *low*) and you need _everything_ duplicated at the remote site Duplicating servers for high(er) user throughput/lower latency to/from servers isn't a valid reason for remote site duplication in your case because you are able to afford plenty of bandwidth and link redundancy between the sites. The relative low cost and high
Re: [Dovecot] v2.1.2 released
On Thu, 15 Mar 2012 16:53:53 +0200, Timo Sirainen t...@iki.fi wrote:
http://dovecot.org/releases/2.1/dovecot-2.1.2.tar.gz
http://dovecot.org/releases/2.1/dovecot-2.1.2.tar.gz.sig
There are a ton of proxying related improvements in this release. You
should now be able to do pretty much anything you want with Dovecot
proxy/director.
This release also includes the initial version of dsync-based
replication. I'm already successfully using it for @dovecot.fi mails,
but it still has some problems. See
http://dovecot.org/list/dovecot/2012-March/064243.html for some details
how to configure it.
+ Initial implementation of dsync-based replication. For now this
should be used only on non-critical systems.
+ Proxying: POP3 now supports sending remote IP+port from proxy to
backend server via Dovecot-specific XCLIENT extension.
+ Proxying: proxy_maybe=yes with host=hostname (instead of IP)
works now properly.
+ Proxying: Added auth_proxy_self setting
+ Proxying: Added proxy_always extra field (see wiki docs)
+ Added director_username_hash setting to specify what part of the
username is hashed. This can be used to implement per-domain
backends (which allows safely accessing shared mailboxes within
domain).
+ Added a session ID string for imap/pop3 connections, available
in %{session} variable. The session ID passes through Dovecot
IMAP/POP3 proxying to backend server. The same session ID is can be
reused after a long time (currently a bit under 9 years).
+ passdb checkpassword: Support credentials lookups (for
non-plaintext auth and for lmtp_proxy lookups)
+ fts: Added fts_index_timeout setting to abort search if indexing
hasn't finished by then (default is to wait forever).
- doveadm sync: If mailbox was expunged empty, messages may have
become back instead of also being expunged in the other side.
- director: If user logged into two directors while near user
expiration, the directors might have redirected the user to two
different backends.
- imap_id_* settings were ignored before login.
- Several fixes to mailbox_list_index=yes
- Previous v2.1.x didn't log all messages at shutdown.
- mbox: Fixed accessing Dovecot v1.x mbox index files without errors.
Are there any performance metrics around dsync replication, such as how
many users this has been tested on, or how long the replication take to
occur? Also I have not been able to determine from reading the mailinglist
whether or not dsync replication works with different types of mailboxes
(maildir, dbox, mbox), what is supported?
Re: [Dovecot] v2.1.2 released
On 15.3.2012, at 21.48, l...@airstreamcomm.net l...@airstreamcomm.net wrote: Are there any performance metrics around dsync replication, such as how many users this has been tested on, or how long the replication take to occur? The performance isn't optimal yet. You can probably replicate some hundreds of users ok, maybe thousands, but depends. Also I have not been able to determine from reading the mailinglist whether or not dsync replication works with different types of mailboxes (maildir, dbox, mbox), what is supported? Maildir and dbox is supported, mbox probably works okayish but since it doesn't have proper message GUIDs you could run into trouble.
Re: [Dovecot] Compiler warnings in dovecot-2.1.2 and pigeonhole 0.3.0
On 3/15/2012 12:25 PM, Timo Sirainen wrote: On 15.3.2012, at 18.04, Tom Talpey wrote: I'm seeing a few warnings emitted when building for x86. They're pretty obvious, but if you want the configure options etc, I can provide those. In Dovecot 2.1.2 (I also see some of these in 2.1.1): Thanks, fixed in hg. I guess I should add x86 vm building these nightly as well.. Confirmed, Dovecot builds cleanly for me now. Thanks Timo! The pigeonhole warning appears to be harmless and I'll wait for Stefan to confirm/address.
Re: [Dovecot] Lack of external documentation?
On 15/03/2012 19:27, Terry Carmen wrote: On 03/15/2012 03:06 PM, Steve Campbell wrote: Firstly, this isn't meant to be critical, and I realize the subject line probably suggest criticism, so... I was sort of forced into using dovecot as my imap/pop server due to upgrading 3 versions of OS on my mail servers. So far, that's not bad. What surprises me is that one of the first things I usually do whenever I start using different software is to purchase a book that seems to suit me. Searching all of the common places like amazon, ebay, etc for manuals turned up little to nothing on dovecot. I'm wondering why and is this so new that people just haven't written books about it yet? The one thing I'm a little critical of, though, is that trying to make heads or tails of dovecot by following the online documentation is a little problematic. I'm constantly jumping to another page and then back to the original page, and for the most part, I just don't know enough about it all yet to know what I'm looking for. The best docs are on the wiki and this mailing list. If you find the information in the wiki to be lacking, the best thing you can do is find the solution yourself and/or on this mailing list, and then make a wiki entry so the next person will know how to solve the same problem you had. Dovecot is a complex piece of software, and understanding some functionality requires reading the wiki, asking on the mailing list and/or examining the source code. You can also obtain paid support from these companies: http://dovecot.org/support.html I'll be the first to admit that complex and specialized configurations are sometimes difficult to figure out, however this list has always been a tremendous amount of help. Terry What he said +1. I don't want to be-little IMAP software or the work that Timo has done to get dovecot to the IMAP server world, but IMAP in general is a small enough subject to only really warrant two maybe three books - the most recent of which was written 5-7 years ago. The original release of dovecot was around 2002, but I don't think it became as widely adopted as Courier / Cyrus until around 2010. I wouldn't be surprised that if there is a next edition of The Book of IMAP or the O'reilly Managing IMAP that there would probably be an equal share section on dovecot than any other server out there. smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] Lack of external documentation?
On Thu, 15 Mar 2012 15:27:37 -0400 Terry Carmen articulated: On 03/15/2012 03:06 PM, Steve Campbell wrote: Firstly, this isn't meant to be critical, and I realize the subject line probably suggest criticism, so... I was sort of forced into using dovecot as my imap/pop server due to upgrading 3 versions of OS on my mail servers. So far, that's not bad. What surprises me is that one of the first things I usually do whenever I start using different software is to purchase a book that seems to suit me. Searching all of the common places like amazon, ebay, etc for manuals turned up little to nothing on dovecot. I'm wondering why and is this so new that people just haven't written books about it yet? The one thing I'm a little critical of, though, is that trying to make heads or tails of dovecot by following the online documentation is a little problematic. I'm constantly jumping to another page and then back to the original page, and for the most part, I just don't know enough about it all yet to know what I'm looking for. The best docs are on the wiki and this mailing list. If you find the information in the wiki to be lacking, the best thing you can do is find the solution yourself and/or on this mailing list, and then make a wiki entry so the next person will know how to solve the same problem you had. Dovecot is a complex piece of software, and understanding some functionality requires reading the wiki, asking on the mailing list and/or examining the source code. You can also obtain paid support from these companies: http://dovecot.org/support.html I'll be the first to admit that complex and specialized configurations are sometimes difficult to figure out, however this list has always been a tremendous amount of help. The lack of truly informative documentation has been the Achilles' heel of open-source software since its inception. I feel your pain. I have always loved a hard copy, i.e. book documenting the subject I am studying. Jumping from screen to screen sucks, plus how do I highlight a passage on the monitor for future reference? There have been a few books written to document Postfix, but to the best of my knowledge, none exist for Dovecot. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __
Re: [Dovecot] 2.1.1: doveadm backup errors
On 14.03.2012 20:33, wrote e-frog: On 14.03.2012 14:41, wrote Timo Sirainen: With latest hg version it should work. Hi Timo, The can't delete mailbox INBOX error is gone now with changeset c077ca9bc306 and it's working successfully on the account from yesterday where it also worked with mailbox_list_index=no. However using a different account (more mail and mailboxes) I'm seeing dbox corruption errors. I have tested with mailbox_list_index=yes and no and it's the same for both. So this might be unrelated to this setting. Attached are logs from doveadm backup runs. First to an empty directory and 2 consecutive runs. Further testing (now with 2.1.2) shows it only seems to work for a single mailbox. e.g. doveadm -v backup -u testuser@ubuntu-test.localdomain -m 'INBOX' mdbox:/tmp/backup dsync(testuser@ubuntu-test.localdomain): Info: INBOX: only in source (guid=c63f581c030b774b572aec8d17cd) - no errors This works for every single mailbox in this account. The errors only occur without -m 'mailbox'. Using maildir as destination format however seems to work fine on the whole account. doveadm -v backup -u testuser@ubuntu-test.localdomain maildir:/tmp/backup - no errors Thanks, e-frog
Re: [Dovecot] replication howto
Hi -- On 15.03.2012, at 18:57, Matteo Cazzador wrote: Hi, yes it'a good idea but i'm using now root i hope this not invalid all Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail. I obtain this error but maybe i need some pause ;-) Mar 15 18:55:28 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: remote: bash: doveadm: command not found root doesn't not find doveadm at the remote server. As mentioned above you better create an account for vmail and allow that user to find doveadm in its path. Mar 15 18:55:28 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: read() from worker server failed: EOF That's an error due to not finding doveadm at the remote site. Regards, Michael
Re: [Dovecot] problems with SSH-based clustering dovecot 2.1.1
Hi -- On 15.03.2012, at 18:49, Michescu Andrei wrote: Can you get a little bit more in details about this replicator/dsync techique? http://blog.dovecot.org/2012/02/dovecot-clustering-with-dsync-based.html and http://www.dovecot.org/img/dsync-director-replication-ssh.png helped me a lot understand the idea behind it. As my main problem is that EVERYTHING (that gets created on different servers in the same time) gets duplicated. As Timo recommended already, you better upgrade to 2.1.2 first. I can confirm that he fixed a lot compared to older dsync versions. Regards, Michael
Re: [Dovecot] Lack of external documentation?
On 15.3.2012, at 21.06, Steve Campbell wrote: The one thing I'm a little critical of, though, is that trying to make heads or tails of dovecot by following the online documentation is a little problematic. I'm constantly jumping to another page and then back to the original page, and for the most part, I just don't know enough about it all yet to know what I'm looking for. Perhaps it would be helpful to have some more talkative howtos for some of the typical configurations, that don't only list the options that are given but actually talks about why things are done the way they are? I've tried to avoid duplication of text in wiki, because if something changes it's difficult to update it everywhere, but in howtos I guess it wouldn't be too bad. Or maybe the wiki could be restructured in some way to make it easier to follow. I think I'm the worst possible person to figure out anything like that, because I don't know what the difficult parts are. I'd think the Dovecot wiki is good if you know what you want to do and just want to know some specifics, but I guess it can be difficult to figure things out otherwise. Does anyone know of any manuals/books that have been written that might introduce me to most of the stuff in dovecot? A few people have talked about writing a Dovecot book and I've promised to help them, but no one's actually written one as far as I know. So far, the list has been great, but once the dsync threads started popping up, I find there's even more I don't know about. Features that aren't yet even fully implemented don't really have documentation for them.
Re: [Dovecot] replication howto
On 15.3.2012, at 22.48, Michael Grimm wrote: On 15.03.2012, at 18:57, Matteo Cazzador wrote: Hi, yes it'a good idea but i'm using now root i hope this not invalid all Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail. Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
Re: [Dovecot] Lack of external documentation?
On 3/15/12 4:46 PM, Jerry wrote: On Thu, 15 Mar 2012 15:27:37 -0400 Terry Carmen articulated: On 03/15/2012 03:06 PM, Steve Campbell wrote: Firstly, this isn't meant to be critical, and I realize the subject line probably suggest criticism, so... I was sort of forced into using dovecot as my imap/pop server due to upgrading 3 versions of OS on my mail servers. So far, that's not bad. What surprises me is that one of the first things I usually do whenever I start using different software is to purchase a book that seems to suit me. Searching all of the common places like amazon, ebay, etc for manuals turned up little to nothing on dovecot. I'm wondering why and is this so new that people just haven't written books about it yet? The one thing I'm a little critical of, though, is that trying to make heads or tails of dovecot by following the online documentation is a little problematic. I'm constantly jumping to another page and then back to the original page, and for the most part, I just don't know enough about it all yet to know what I'm looking for. The best docs are on the wiki and this mailing list. If you find the information in the wiki to be lacking, the best thing you can do is find the solution yourself and/or on this mailing list, and then make a wiki entry so the next person will know how to solve the same problem you had. Dovecot is a complex piece of software, and understanding some functionality requires reading the wiki, asking on the mailing list and/or examining the source code. You can also obtain paid support from these companies: http://dovecot.org/support.html I'll be the first to admit that complex and specialized configurations are sometimes difficult to figure out, however this list has always been a tremendous amount of help. The lack of truly informative documentation has been the Achilles' heel of open-source software since its inception. I feel your pain. I have always loved a hard copy, i.e. book documenting the subject I am studying. Jumping from screen to screen sucks, plus how do I highlight a passage on the monitor for future reference? There have been a few books written to document Postfix, but to the best of my knowledge, none exist for Dovecot. I like books, but, especially in the case of actively developed software such as Dovecot, they become outdated very quickly. I have two editions of the Unix System Administration Handbook (can't remember the last time I looked at them), and two editions of Backup Recovery. I use Amanda for backup. It has been developed actively over the last several years, and the Backup Recovery chapter on Amanda is sorely out of date. The wiki, the users mailing list, and the man pages are the only way to really be up-to-date. With the book, you won't know anything about any changes or additions since the book was written, which would have been at least many months before it was published. I'm into online documentation every day. I'm a Solaris admin, but I've been jumping from Solaris 10 to Ubuntu without any books, and I've been jumping from ZFS to LVM without any books. That's a significant transition. But it seems I can find almost everything online. Sometimes another admin gives me an explanation and a link. It's just the way things are. The digital world is moving too fast to be frozen in print. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst hoogen...@bio.umass.edu --- Erdös 4
Re: [Dovecot] Dovecot 2.1 with custom OpenSSL fails to build
Timo Sirainen t...@iki.fi wrote: $ patch -p1 -s ../dovecot-20120303-e540404debb7.patch $ env SSL_CFLAGS=-I/usr/local/ssl/include SSL_LIBS=-L/usr/local/ssl/lib -Wl,-R/usr/local/ssl/lib -lcrypto -lssl ./configure --prefix=/usr/local/Dovecot-20120303 --with-ssl=openssl --with-ssldir=/usr/local/Dovecot-20120303/etc/dovecot/certs make make install You would have needed to run autogen.sh again. It works with me now that I tried in a test server with OpenSSL in non-standard dir. Sorry, I didn't know that with autogen.sh. Just grabbed Dovecot 2.1.2 (which is all properly set up - so I couldn't do anything wrong ;-) and compiled it. Compilation works. Great! The binaries find all their libraries. But two libraries are not quite okay. They don't find their SSL libs: libdovecot-lda.so libdovecot-storage.so Since libdovecot-lda.so doesn't contain the words libssl or libcrypto, I guess that ldd just complains because it uses libdovecot-storage.so. Thus, libdovecot-storage.so is the (only) one left with an incomplete library search path. Luckily, all binaries use some additional libraries which come with a proper library path. So the whole things works, but it's more like some kind of magic. It would be great if libdovecot-storage.so could be fixed as well to make things finally perfect. Thanks for all your effort. (I know this isn't top priority as most people use precompiled stuff and never run into such kind of things.) Greetings, Andreas
Re: [Dovecot] Lack of external documentation?
* Jerry dovecot@dovecot.org: On Thu, 15 Mar 2012 15:27:37 -0400 Terry Carmen articulated: On 03/15/2012 03:06 PM, Steve Campbell wrote: Firstly, this isn't meant to be critical, and I realize the subject line probably suggest criticism, so... I was sort of forced into using dovecot as my imap/pop server due to upgrading 3 versions of OS on my mail servers. So far, that's not bad. What surprises me is that one of the first things I usually do whenever I start using different software is to purchase a book that seems to suit me. Searching all of the common places like amazon, ebay, etc for manuals turned up little to nothing on dovecot. I'm wondering why and is this so new that people just haven't written books about it yet? The one thing I'm a little critical of, though, is that trying to make heads or tails of dovecot by following the online documentation is a little problematic. I'm constantly jumping to another page and then back to the original page, and for the most part, I just don't know enough about it all yet to know what I'm looking for. The best docs are on the wiki and this mailing list. If you find the information in the wiki to be lacking, the best thing you can do is find the solution yourself and/or on this mailing list, and then make a wiki entry so the next person will know how to solve the same problem you had. Dovecot is a complex piece of software, and understanding some functionality requires reading the wiki, asking on the mailing list and/or examining the source code. You can also obtain paid support from these companies: http://dovecot.org/support.html I'll be the first to admit that complex and specialized configurations are sometimes difficult to figure out, however this list has always been a tremendous amount of help. The lack of truly informative documentation has been the Achilles' heel of open-source software since its inception. I feel your pain. I have always loved a hard copy, i.e. book documenting the subject I am studying. Jumping from screen to screen sucks, plus how do I highlight a passage on the monitor for future reference? There have been a few books written to document Postfix, but to the best of my knowledge, none exist for Dovecot. Dovecot is a moving target and it is hard to produce any print that represents what Dovecot can do when the print finally will be released. I know, because I am one of the two authors who wrote The Book of Postfix and we found it hard if almost impossible to keep up with Wietse's pace when he wrote major parts of Postfix. For now, I believe, the wiki and the mailing list is as good as it gets. Later when Dovecot settles a book might be something to write and something to spend money on because it lasts for a while. man pages would be a good thing, but given Dovecots configuration syntax and flexibility this might be an even harder task. Its probably easier to describe certain aspects of configuration or use cases than list all options and their possible occurences. p@rick -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: [Dovecot] replication howto
in ~privilgeduser/.ssh/authorized keys: from=list of hosts key is valid for cmd=dsync.sh pubkey... On 03/15/2012 05:05 PM, Timo Sirainen wrote: Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
Re: [Dovecot] problems with SSH-based clustering dovecot 2.1.1
Hello Timo,
I have update the repository with hg pull -u, recompiled and redeployed
and somehow the dovecot -n still shows 2.1.1... :(
I ran exactly the same test: starting for 1 clean user1, I create 2
emails, one on mx1.a and one on mx2.a and I sync them with doveadm.
The output is exactly as previously sent :(
Here is my conf:
# 2.1.1: /etc/dovecot/dovecot/dovecot.conf
# OS: Linux 2.6.38-b i686 Slackware 13.0.0.0.0
auth_debug = yes
auth_debug_passwords = yes
auth_default_realm = a
first_valid_gid = 89
first_valid_uid = 89
last_valid_gid = 89
last_valid_uid = 89
listen = *
log_path = /dev/stderr
login_greeting = WebMail MX1.A
login_trusted_networks = 192.168.20.64/26
mail_debug = yes
mail_gid = vchkpw
mail_location = maildir:~/Maildir
mail_privileged_group = vchkpw
mail_uid = vpopmail
passdb {
driver = vpopmail
}
protocols = imap pop3
service auth-worker {
unix_listener auth-worker {
user = vpopmail
}
user = vpopmail
}
service auth {
user = vpopmail
}
service imap-login {
user = vpopmail
}
service pop3-login {
user = vpopmail
}
ssl = no
userdb {
driver = vpopmail
}
Thank you,
Andrei
On 15.3.2012, at 19.49, Michescu Andrei wrote:
Can you get a little bit more in details about this replicator/dsync
techique? As my main problem is that EVERYTHING (that gets created on
different servers in the same time) gets duplicated.
I only do replication using the doveadm sync command.
Try at least v2.1.2 first, since it has some fixes. Also post your
doveconf -n output.
!DSPAM:4f622cb881591647615726!
Re: [Dovecot] replication howto
Plus the scripts that 1) when calling ssh dsync first writes the username to stdout (before dsync starts communicating) and 2) dsync.sh on remote first reads the username from stdin, before execing dsync itself Because it's not possible to give -u $username parameter in the authorized_keys cmd itself. That's the only changing parameter that is needed. On 15.3.2012, at 23.49, David Ford wrote: in ~privilgeduser/.ssh/authorized keys: from=list of hosts key is valid for cmd=dsync.sh pubkey... On 03/15/2012 05:05 PM, Timo Sirainen wrote: Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
Re: [Dovecot] Compiler warnings in dovecot-2.1.2 and pigeonhole 0.3.0
On 3/15/2012 9:23 PM, Tom Talpey wrote: On 3/15/2012 12:25 PM, Timo Sirainen wrote: On 15.3.2012, at 18.04, Tom Talpey wrote: I'm seeing a few warnings emitted when building for x86. They're pretty obvious, but if you want the configure options etc, I can provide those. In Dovecot 2.1.2 (I also see some of these in 2.1.1): Thanks, fixed in hg. I guess I should add x86 vm building these nightly as well.. Confirmed, Dovecot builds cleanly for me now. Thanks Timo! The pigeonhole warning appears to be harmless and I'll wait for Stefan to confirm/address. Thanks, fixed: http://hg.rename-it.nl/dovecot-2.1-pigeonhole/rev/75c1a2fd9b26 Regards, Stephan.
Re: [Dovecot] problems with SSH-based clustering dovecot 2.1.1
hello,
So I upgraded to 2.1.2 (not from repository because that one still says
2.1.1, but from the release).
I ran exactly the same test with exactly the same behaviour. (new account,
synced successfully on 2 servers, deliver 1 email to each server, run
doveadm sync)...
Please find below the dovecot-uidlists:
on mx1.a:
3 V1331851700 N1 Gc9e2a526b471624f7076498f706b
1 :1331852540.19862.mx2,S=272
2 G1331852540.19862.mx2,S=272 :1331852573.M89342P19877.mx2,S=272
3 :1331852488.30409.mx1,S=268
on mx2.a:
3 V1331851700 N1 Gc9e2a526b471624f7076498f706b
1 :1331852488.30409.mx1,S=268
2 :1331852540.19862.mx2,S=272
3 G1331852488.30409.mx1,S=268 :1331852572.M622052P30410.mx1,S=268
As you can see both servers duplicated the email that was delivered first
to them (1 in both cases, because the user1 is a clean account). There is
the same effect in the folders: initial there is only one file on each
server and after sync there are 3 files instead of only 2...
Also, after the sync, there should be 2 new emails (N2 if I interpret
correctly that N1 means only one new).
Thank you.
Andrei
PS: also I need to run dsync twice, because first time I receive:
dsync-local(user1@a): Info: INBOX: Ignored 1 modseq changes
dsync-local(user1@a): Info: INBOX: Couldn't keep all uids
dsync-local(user1@a): Warning: Mailbox changes caused a desync. You may
want to run dsync again.
The config is below:
# 2.1.2: /etc/dovecot/dovecot/dovecot.conf
# OS: Linux 2.6.38-b i686 Slackware 13.0.0.0.0
auth_debug = yes
auth_debug_passwords = yes
auth_default_realm = a
first_valid_gid = 89
first_valid_uid = 89
last_valid_gid = 89
last_valid_uid = 89
listen = *
log_path = /dev/stderr
login_greeting = WebMail MX1.A
login_trusted_networks = 192.168.20.64/26
mail_debug = yes
mail_gid = vchkpw
mail_location = maildir:~/Maildir
mail_privileged_group = vchkpw
mail_uid = vpopmail
passdb {
driver = vpopmail
}
protocols = imap pop3
service auth-worker {
unix_listener auth-worker {
user = vpopmail
}
user = vpopmail
}
service auth {
user = vpopmail
}
service imap-login {
user = vpopmail
}
service pop3-login {
user = vpopmail
}
ssl = no
userdb {
driver = vpopmail
}
Re: [Dovecot] IMAP to Maildir Migration preserving UIDs?
On 01/28/2012 12:45 PM, Timo Sirainen wrote: On 27.1.2012, at 2.00, Gedalya wrote: Starting program: /usr/bin/doveadm -o imapc_user=j...@example.com -o imapc_password= backup -u j...@example.com -R imapc: Program received signal SIGSEGV, Segmentation fault. mailbox_log_iter_open_next (iter=0x80cbd90) at mailbox-log.c:213 213mailbox-log.c: No such file or directory. in mailbox-log.c This crash is now fixed, so there's no need to give /tmp/imapc path anymore: http://hg.dovecot.org/dovecot-2.1/rev/7b94d1c8a6e7 Timo, we have a problem, somewhere between 2.1.rc7 and 2.1.1. Current versions are putting the body of the last message in Sent Items in place of every single email in INBOX. In other words, for every email that sits in INBOX in the source, I get a copy of the last email in Sent Items instead. This happens for every account I try to migrate. Very strange. I noticed this only now, and the last package I have left in the local apt cache which still works is 2.1.rc7-0~auto+0.
Re: [Dovecot] [Dovecot-news] v2.1.2 released
Le jeudi 15 mars 2012 à 16:53 +0200, Timo Sirainen a écrit :
http://dovecot.org/releases/2.1/dovecot-2.1.2.tar.gz
http://dovecot.org/releases/2.1/dovecot-2.1.2.tar.gz.sig
There are a ton of proxying related improvements in this release. You
should now be able to do pretty much anything you want with Dovecot
proxy/director.
This release also includes the initial version of dsync-based
replication. I'm already successfully using it for @dovecot.fi mails,
but it still has some problems. See
http://dovecot.org/list/dovecot/2012-March/064243.html for some details
how to configure it.
+ Initial implementation of dsync-based replication. For now this
should be used only on non-critical systems.
+ Proxying: POP3 now supports sending remote IP+port from proxy to
backend server via Dovecot-specific XCLIENT extension.
+ Proxying: proxy_maybe=yes with host=hostname (instead of IP)
works now properly.
+ Proxying: Added auth_proxy_self setting
+ Proxying: Added proxy_always extra field (see wiki docs)
+ Added director_username_hash setting to specify what part of the
username is hashed. This can be used to implement per-domain
backends (which allows safely accessing shared mailboxes within
domain).
+ Added a session ID string for imap/pop3 connections, available
in %{session} variable. The session ID passes through Dovecot
IMAP/POP3 proxying to backend server. The same session ID is can be
reused after a long time (currently a bit under 9 years).
+ passdb checkpassword: Support credentials lookups (for
non-plaintext auth and for lmtp_proxy lookups)
+ fts: Added fts_index_timeout setting to abort search if indexing
hasn't finished by then (default is to wait forever).
- doveadm sync: If mailbox was expunged empty, messages may have
become back instead of also being expunged in the other side.
- director: If user logged into two directors while near user
expiration, the directors might have redirected the user to two
different backends.
- imap_id_* settings were ignored before login.
- Several fixes to mailbox_list_index=yes
- Previous v2.1.x didn't log all messages at shutdown.
- mbox: Fixed accessing Dovecot v1.x mbox index files without errors.
i build with succes the last release for centos 5
work fine and best
ns.fakessh.eu/rpms/dovecot-2.1.2-1.centme.el5.src.rpm
thanks Timo
--
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC2626742
gpg --keyserver pgp.mit.edu --recv-key C2626742
http://urlshort.eu fakessh @
http://gplus.to/sshfake
http://gplus.to/sshswilting
http://gplus.to/john.swilting
https://lists.fakessh.eu/mailman/
This list is moderated by me, but all applications will be accepted
provided they receive a note of presentation
signature.asc
Description: Ceci est une partie de message numériquement signée
Re: [Dovecot] Lack of external documentation?
Quoting Jerry je...@seibercom.net: On Thu, 15 Mar 2012 15:27:37 -0400 Terry Carmen articulated: On 03/15/2012 03:06 PM, Steve Campbell wrote: Firstly, this isn't meant to be critical, and I realize the subject line probably suggest criticism, so... I was sort of forced into using dovecot as my imap/pop server due to upgrading 3 versions of OS on my mail servers. So far, that's not bad. What surprises me is that one of the first things I usually do whenever I start using different software is to purchase a book that seems to suit me. Searching all of the common places like amazon, ebay, etc for manuals turned up little to nothing on dovecot. I'm wondering why and is this so new that people just haven't written books about it yet? The one thing I'm a little critical of, though, is that trying to make heads or tails of dovecot by following the online documentation is a little problematic. I'm constantly jumping to another page and then back to the original page, and for the most part, I just don't know enough about it all yet to know what I'm looking for. The best docs are on the wiki and this mailing list. If you find the information in the wiki to be lacking, the best thing you can do is find the solution yourself and/or on this mailing list, and then make a wiki entry so the next person will know how to solve the same problem you had. Dovecot is a complex piece of software, and understanding some functionality requires reading the wiki, asking on the mailing list and/or examining the source code. You can also obtain paid support from these companies: http://dovecot.org/support.html I'll be the first to admit that complex and specialized configurations are sometimes difficult to figure out, however this list has always been a tremendous amount of help. The lack of truly informative documentation has been the Achilles' heel of open-source software since its inception. I feel your pain. I have always loved a hard copy, i.e. book documenting the subject I am studying. Jumping from screen to screen sucks, plus how do I highlight a passage on the monitor for future reference? There have been a few books written to document Postfix, but to the best of my knowledge, none exist for Dovecot. -- Jerry â Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ So many great replies, but I'll pick this one to use as my reply-to since it mirrors mostly how I feel about my experiences so far when it comes to learning Dovecot. I installed a new server, going from Centos 3 to Centos 6. I found that Postfix was the preferred SMTP server and Dovecot was the preferred imap/pop server. I gave Postfix my best shot, but didn't really have it tested well enough to stick with it, so I dropped back to Sendmail, something I'm somewhat familiar with. I've read multiple versions of O'Reilly's Sendmail books along with the Sendmail Cookbook. I have to admit that it was these books that made me realize the power of Sendmail. Post l website to further learn, but I had to get the basics first to do what needed to be done to get the job into a working server. Dovecot is an application that probably would work out of the box for me if I didn't have to use data from the previous server. So I had to use more than the standard options to make this work. Finding those options was the main gripe I had with the wiki - there are just so many options to make Dovecot the complete server. That's a good thing. Just remember, us noobies-to-Dovecot have to discover all of those options. I mentioned that I was happy with the wiki and the list when it comes to answering my questions. But I'm sure the list will get tired of me asking what must appear to be redundant, simple, obnoxious questions. The index-like wiki page is most helpful. I knew dovecot has been around for a while, but didn't know how mature it was. The fact that Centos/Red Hat uses it as a default says quite a bit about it's reliability, so I'll stick with it. One of the the things I was planning on doing was combining two servers, which services one domain on one server and services two other domains on the other, into one server, and have the other as a server-in-waiting. So along comes this dsync thread, and now it appears that Dovecot might make that all easier. I see all the potential Dovecot has, but learning it is a little difficult for us new users. Once I get the hang of it, I'm sure I want need to search for the things I need to find, but for now, a good book would have been nice and a lot easier. I give all the praise to Timo that he deserves. (I'm guessing he's either the developer, the lead guru on the list or something of that stature). I like what I'm seeing, I'm just not always seeing what I need. Again, this is not
