[Dovecot] namespace subscription problem
Hi all,
my problem seems to be a cosmetic one (again).
According to the docs:
subscriptions: "yes" (default) if this namespace should handle its own
subscriptions. If "no", then the first parent namespace with
subscriptions=yes will handle it.
Therefore is no way to create the following scenario:
three namespaces (private, shared, public)
the private namespace has to handle its own subscriptions
the private namespace setup with "prefix = INBOX."
the both shared and public namespace setup with "subscriptions = no"
cause there is no so called "parent" namespace. Private namespace setup
with "prefix = " works fine, but that's not what I want.
namespace {
type = public
separator = .
prefix = public.
location = maildir:/var/spool/dovecot/vmail/public
subscriptions = no
}
namespace inbox {
type = private
separator = .
prefix = INBOX.
inbox = yes
}
namespace {
type = shared
separator = .
prefix = user.%%u.
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
subscriptions = no
list = children
}
Any chance that the private namespace can subscribe to shared mailboxes
with the principals above?
...
Few hours later. Added a default namespace without any prefix:
namespace {
prefix =
separator = .
hidden = yes
subscriptions = yes
}
Subscriptions works as expected, but when I telnet to dovecot now the
LSUB command shows all boxes beneath the INBOX as well as without the
prefix:
b lsub "" *
* LSUB () "." "Sent"
* LSUB () "." "Templates"
* LSUB () "." "Trash"
* LSUB () "." "Drafts"
* LSUB () "." "INBOX.Sent"
* LSUB () "." "INBOX.Templates"
* LSUB () "." "INBOX.Trash"
* LSUB () "." "INBOX.Drafts"
* LSUB () "." "INBOX.user.bar.Sent"
* LSUB () "." "user.bar.Sent"
b OK Lsub completed.
Completely stuck
Holgert
Re: [Dovecot] imap-login - where does the user get filled in from?
j...@rahul.net (Jeff Lacki) wrote: > Yes, it can be done. You just put the file in a place in the browser, > then go to it and it asks you to install it on the phone. So I did > that and it shows that its installed. > > As I said, I was able to connect to my server and login with: > > openssl s_client -connect myhost.com:993 > > successfully, so I am assuming its a config issue somewhere else, > though Im still too new to how this works to understand things fully yet. > Ok I believe its solved, and it was my fault of course. I hadnt entirely setup the directory structure on my filesystem for the mailbox stuff. Once I cleaned up all the errors that I found using the openssl command above and logging in etc manually, it now seems to work. Sorry if this was wasted bandwidth, maybe it will help someone else later. Thanks for your help! Jeff /mf/home/jeep/shell/.signature
Re: [Dovecot] imap-login - where does the user get filled in from?
Ben Morrow wrote: > > An iPhone won't accept a self-signed certificate unless you install it > in the system trusted certificate list. I don't know how you do that, or > even if it's possible... > > Ben Yes, it can be done. You just put the file in a place in the browser, then go to it and it asks you to install it on the phone. So I did that and it shows that its installed. As I said, I was able to connect to my server and login with: openssl s_client -connect myhost.com:993 successfully, so I am assuming its a config issue somewhere else, though Im still too new to how this works to understand things fully yet. /mf/home/jeep/shell/.signature
Re: [Dovecot] imap-login - where does the user get filled in from?
At 3PM -0800 on 6/12/12 Jeff Lacki wrote: > Ben Morrow wrote: > > > > imap-login: Disconnected (no auth attempts in 60 secs): user=<>, > > > rip=192.168.1.1, lip=192.168.1.22, TLS handshaking: Disconnected > > > > Just to be sure: you have replaced the self-signed certificate Dovecot > > installs with one which is signed by a public CA? > > I created my own self-signed certificate with mkcert.sh that comes with > dovecot. Changed my hostname to mail.myhostname.com and the other > stuff, installed etc. An iPhone won't accept a self-signed certificate unless you install it in the system trusted certificate list. I don't know how you do that, or even if it's possible... Ben
Re: [Dovecot] imap-login - where does the user get filled in from?
At 2PM -0800 on 6/12/12 Jeff Lacki wrote: > > Sorry to ask such a basic question, but I finally got some major > hurdles working for imaps on port 993 and Im getting the following > when I try to connect from my iphone: > > imap-login: Disconnected (no auth attempts in 60 secs): user=<>, > rip=192.168.1.1, lip=192.168.1.22, TLS handshaking: Disconnected Just to be sure: you have replaced the self-signed certificate Dovecot installs with one which is signed by a public CA? Ben
Re: [Dovecot] imap-login - where does the user get filled in from?
Reindl Harald wrote: > > check the auth-mech configured on the phone and > which methods your server configuration supports > > long before the login the server offers auth methods and > if the client is configured to a unsupported it closes > the connection and apple devices are really braindead > in this context > I have dovecot setup for: auth_mechanisms = plain login The iphone offers the following: - password - Apple Token - MD5 Challenge-Response - NTLM - HTTP MD5 Digest Im set for password, which I assumed was plaintext which should match my plain mechanism. Im using an AES_DECRYPT in my SQL statement to get the password however, maybe this is part of my issue: password_query = SELECT AES_DECRYPT(password, 'xxx') AS password, \ userid AS user \ FROM users WHERE userid='%u' AND AES_DECRYPT(password, 'xxx')='%w' This is the first time Im attempting to use SQL with SSL. /mf/home/jeep/shell/.signature
Re: [Dovecot] imap-login - where does the user get filled in from?
Am 06.12.2012 23:45, schrieb Jeff Lacki: > Reindl Harald wrote: > >> Am 06.12.2012 23:25, schrieb Jeff Lacki: >>> >>> Sorry to ask such a basic question, but I finally got some major >>> hurdles working for imaps on port 993 and Im getting the following >>> when I try to connect from my iphone: >>> >>> imap-login: Disconnected (no auth attempts in 60 secs): user=<>, >>> rip=192.168.1.1, lip=192.168.1.22, TLS handshaking: Disconnected >>> >>> Im using SQL and SSL over 993. I cant seem to find where my user >>> comes from that its blank? >> >> the client disconnects due TLS/SSL handshake >> at this time no user could be known at all >> maybe a bad connection >> > > Odd, its coming from my iphone and the user is filled out. that does not matter in any way you refused to understand that if a connection is closed for whateever reason due ssl handshake there is no data information exchanged between client and server > Ill try > deleting it on the phone and re-trying check the auth-mech configured on the phone and which methods your server configuration supports long before the login the server offers auth methods and if the client is configured to a unsupported it closes the connection and apple devices are really braindead in this context signature.asc Description: OpenPGP digital signature
Re: [Dovecot] imap-login - where does the user get filled in from?
Reindl Harald wrote: > Am 06.12.2012 23:25, schrieb Jeff Lacki: > > > > Sorry to ask such a basic question, but I finally got some major > > hurdles working for imaps on port 993 and Im getting the following > > when I try to connect from my iphone: > > > > imap-login: Disconnected (no auth attempts in 60 secs): user=<>, > > rip=192.168.1.1, lip=192.168.1.22, TLS handshaking: Disconnected > > > > Im using SQL and SSL over 993. I cant seem to find where my user > > comes from that its blank? > > the client disconnects due TLS/SSL handshake > at this time no user could be known at all > maybe a bad connection > Odd, its coming from my iphone and the user is filled out. Ill try deleting it on the phone and re-trying. Thanks /mf/home/jeep/shell/.signature
Re: [Dovecot] Message Flag definitions
On 12/06/2012 11:27 PM Chris Dutton wrote: > Hello, > > I am in charge of migrating our mail system from dovecot to another server, > and I am having to write a script to do this as tools like imapsync are too > slow. > > What I am trying to find is the definitions of the flags that dovecot adds to > the Maildir file name it uses for the IMAP messages. > > For example what the a and b mean in the following: > > 1176236036.P7260Q1438.sucia:2,RSab > > I am looking for all definitions not just a and b. > > Thanks > > Chris > ch...@rosepointnav.com > The wiki page http://wiki2.dovecot.org/MailboxFormat/Maildir provides some information and related links. Regards Pascal -- The trapper recommends today: beeffeed.1234...@localdomain.org
Re: [Dovecot] imap-login - where does the user get filled in from?
Am 06.12.2012 23:25, schrieb Jeff Lacki: > > Sorry to ask such a basic question, but I finally got some major > hurdles working for imaps on port 993 and Im getting the following > when I try to connect from my iphone: > > imap-login: Disconnected (no auth attempts in 60 secs): user=<>, > rip=192.168.1.1, lip=192.168.1.22, TLS handshaking: Disconnected > > Im using SQL and SSL over 993. I cant seem to find where my user > comes from that its blank? the client disconnects due TLS/SSL handshake at this time no user could be known at all maybe a bad connection signature.asc Description: OpenPGP digital signature
[Dovecot] Message Flag definitions
Hello, I am in charge of migrating our mail system from dovecot to another server, and I am having to write a script to do this as tools like imapsync are too slow. What I am trying to find is the definitions of the flags that dovecot adds to the Maildir file name it uses for the IMAP messages. For example what the a and b mean in the following: 1176236036.P7260Q1438.sucia:2,RSab I am looking for all definitions not just a and b. Thanks Chris ch...@rosepointnav.com
[Dovecot] imap-login - where does the user get filled in from?
Sorry to ask such a basic question, but I finally got some major hurdles working for imaps on port 993 and Im getting the following when I try to connect from my iphone: imap-login: Disconnected (no auth attempts in 60 secs): user=<>, rip=192.168.1.1, lip=192.168.1.22, TLS handshaking: Disconnected Im using SQL and SSL over 993. I cant seem to find where my user comes from that its blank? Your help is appreciated. Thanks /mf/home/jeep/shell/.signature
[Dovecot] During FTS reindexing, search commands unceremoniously exit
Is this intentional? Closing the connection without warning doesn't seem like the best response... --8<---cut here---start->8--- % printf "1 select \"INBOX\"\n2 search body quack\n3 logout\n" | /opt/local/libexec/dovecot/imap * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE SEARCH=FUZZY] Logged in as dave * FLAGS (\Answered \Flagged \Deleted \Seen \Draft gnus-forward gnus-expire) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft gnus-forward gnus-expire \*)] Flags permitted. * 31 EXISTS * 0 RECENT * OK [UIDVALIDITY 1349969399] UIDs valid * OK [UIDNEXT 1376] Predicted next UID * OK [HIGHESTMODSEQ 2908] Highest 1 OK [READ-WRITE] Select completed. imap(dave): Info: Connection closed in=45 out=2027404 % --8<---cut here---end--->8--- -- Dave Abrahams BoostPro Computing Software DevelopmentTraining http://www.boostpro.com Clang/LLVM/EDG Compilers C++ Boost
Re: [Dovecot] How can I force FTS reindexing?
on Thu Dec 06 2012, Dave Abrahams wrote: > I threw out my lucene-indexes folder because it seemed to be missing > something, and I figured it would get regenerated. Unfortunately, > dovecot is only FTS-indexing new mails that come in. Is there a way to > get it to reindex everything? Experimentation shows "doveadm fts rescan" seeming to work. Did I guess right? -- Dave Abrahams BoostPro Computing Software DevelopmentTraining http://www.boostpro.com Clang/LLVM/EDG Compilers C++ Boost
[Dovecot] How can I force FTS reindexing?
I threw out my lucene-indexes folder because it seemed to be missing something, and I figured it would get regenerated. Unfortunately, dovecot is only FTS-indexing new mails that come in. Is there a way to get it to reindex everything? -- Dave Abrahams BoostPro Computing Software DevelopmentTraining http://www.boostpro.com Clang/LLVM/EDG Compilers C++ Boost
Re: [Dovecot] imap-login hanging when firewall blocks ssl handshaking
At 2PM + on 6/12/12 Ben Morrow wrote:
>
> +if (connect(ret, &so.sa, &addrlen) >= 0)
> +i_panic("dummy connect to detect DEFUNCT socket succeeded");
> +if (errno == EOPNOTSUPP)
> +return -1;
Ack, forgot to close the new socket...
if (errno == EOPNOTSUPP) {
close(ret);
return -1;
}
Sorry about that...
Ben
[Dovecot] Update configuration for separate mail directory
I have a small mail server with virtual users. In my /etc/dovecot/conf.d/10- mail.conf I have this setting: mail_location = maildir:/var/mail/vhosts/%d/%u which is also the home location of each user. Now I learned that this is not the prefered configuration, and in fact some of my sieve subdirectories are mistaken as mail directories. While I understand that I have to create separate mail subdirectories in each user folder, I am not sure where I have to adapt the dovecot configuration files. I could not find a guide, only some scattered hints and of course http://wiki2.dovecot.org/VirtualUsers/Home I guess I have to shut down the server for the reconfiguration, or is there a way to do it on a life system? Eggert -- View this message in context: http://dovecot.2317879.n4.nabble.com/Update-configuration-for-separate-mail-directory-tp39163.html Sent from the Dovecot mailing list archive at Nabble.com.
[Dovecot] [BUMP] When are search indexes updated?
There are still quite a few mysteries in here. Can you help me solve them? on Tue Dec 04 2012, Dave Abrahams wrote: >>> 2. "doveadm search text SOMETHINGthatWONTbeFOUND" takes a long time and >>> finds stuff without crashing, but doesn't seem to create the >>> lucene-indexes/ directory in my mdbox, and it takes a long time the >>> next time around. Is "doveadm search" intended to update the FTS >>> indexes if they're missing? >> >> Yes. It should trigger the same doveadm index -q code. Maybe you have >> a (permission) problem connecting to indexer process. It should write >> about that to stderr. > > Well, I'm not seeing anything like that :( > > I just stopped dovecot, removed my lucene-indexes, started dovecot up > again, and issued "doveadm index -q / imap SEARCH body asdfg" > It came back immediately with a prompt, there was no output, and I don't > see an indexer-helper process. In fact, the behavior is the same > without "-q" > >>> 3. Performing a search on a large mailbox through IMAP takes a long time >>> the first time around, during which "top" shows the big cpu hog is >>> /opt/local/libexec/dovecot/indexer-worker, lucene-indexes/ is >>> created, and subsequent searches go quickly. Nice! Is there a >>> reasonably easy way to start such a search on all my mailboxes from >>> the command line by using doveadm or the preauth tunnel? >> >> doveadm index -q / imap SEARCH body asdfg > > This looks completely unlike anything I can find in "man doveadm-index"; > are you sure it's right? I can delete any number of arguments after the > "/" without seeming to affect its behavior. -- Dave Abrahams BoostPro Computing Software DevelopmentTraining http://www.boostpro.com Clang/LLVM/EDG Compilers C++ Boost
Re: [Dovecot] "no longer mounted" warnings
on Tue Dec 04 2012, Dave Abrahams wrote: > Dovecot seems to be warning about every volume it's ever seen in the > past. Is this normal? Can I make it stop? > > 12/4/12 12:33:38.148 PM dovecot[2658]: master: Warning: /Volumes/fs is > no longer mounted. See http://wiki2.dovecot.org/Mountpoints Ugh, I feel like an idiot; the answer is right there in the log message. Sorry :( -- Dave Abrahams BoostPro Computing Software DevelopmentTraining http://www.boostpro.com Clang/LLVM/EDG Compilers C++ Boost
Re: [Dovecot] imap-login hanging when firewall blocks ssl handshaking
At 9PM -0800 on 5/12/12 Erik A Johnson wrote:
> On December 4, 2012 at 4:43:53 AM PST, Ben Morrow wrote:
> >
> > So, it looks to me as though you have a firewall problem. You may be
> > able to get more information by setting the kern.ipc.sodefunctlog sysctl
> > to 1: this should make the kernel log to syslog (or wherever the OSX
> > kernel logs go) when sockets are made DEFUNCT and when reads fail for
> > that reason.
>
> sudo sysctl -w kern.ipc.sodefunctlog=1 gives the following in the log:
>
> 12/5/12 9:10:00.000 PM kernel[0]: sosetdefunct[60169]: (target pid
> 60169 level 0) so 0xff803159c738 [2,1] marked as defunct
> 12/5/12 9:10:00.000 PM kernel[0]: sodefunct[60169]: (target pid 60169
> level 0) so 0xff803159c738 [2,1] is now defunct [rcv_si 0x0,
> snd_si 0x0, rcv_fl 0x9400, snd_fl 0x1400]
> 12/5/12 9:10:00.000 PM kernel[0]: soreceive[60169]: defunct so
> 0xff803159c738 [2,1] (57)
>
> The last line is repeated about once every 4 microseconds until I kill it.
OK, so this at least confirms I'm right about what's going on. (I'm
assuming 60169 was the pid of the stuck imap-login process?)
At 8PM -0800 on 5/12/12 Erik A Johnson wrote:
> On December 5, 2012 2:07:14 AM PST, Ben Morrow wrote:
> >
> > Well, they're certainly different. Are you sure the second trace
> > (withoutpatches) was of a session which went into an infinite loop?
> > The only thing peculiar about that trace is that the server closes the
> > connection after receiving the first packet from the client, but it does
> > so perfectly properly: it ACKs the client's data packet, and does the
> > FIN-FIN/ACK exchance properly. You will notice there are no [R] packets,
> > which indicate something odd is happening at the server end.
>
> I'm pretty sure, but I've run it again, confirmed that the imap-login
> process is using 100% of a CPU until I kill it, and have attached the
> tcpdump. Looks like one packet from SERVER to CLIENT shifted slightly
> in chronology, but otherwise the same.
OK.
> > At 1AM -0800 on 5/12/12 Erik A Johnson wrote:
> >>
> >> Nope, SO_ISDEFUNCT isn't defined.
> >
> > Oh, sorry, that needs
> >
> >#include
> >
> > at the top. If that doesn't work, then which version of the OS are you
> > building for? AFAICT the DEFUNCT socket flag has been present since at
> > least 10.5, but the SO_ISDEFUNCT option was only introduced in 10.7.
> > This is irritating, actually: it means that to properly fix this on all
> > versions of Mac OS Dovecot would need to include the previous ENOTCONN
> > code #ifndef SO_ISDEFUNCT.
>
> I've got both 10.7 and 10.8 SDKs in Xcode and neither have
> SO_ISDEFUNCT defined in sys/socket.h (or anywhere else in the
> usr/include directories) -- there's a SS_DEFUNCT mask defined in
> sys/socketvar.h -- is that what you're looking for?
No, it's not: that's the kernel-internal flag, which can't be read from
userland.
http://opensource.apple.com/source/xnu/xnu-2050.18.24/bsd/sys/socket.h
(which is supposedly for 10.8.2) has SO_ISDEFUNCT in among all the other
SO_* constants, but I've just noticed it's under #ifndef PRIVATE so
maybe it gets removed from the published SDK. I don't really know how
Apple system headers get produced.
OK, so testing directly isn't going to work. However, I still don't
really like the idea of relying on select never to return early during
connection setup, nor do I much like testing for this condition every
time we try to read. So, how about this (assuming you're not fed up with
testing things yet...)
Ben
--- src/lib/network.c~ 2012-12-06 14:19:33.786585330 +
+++ src/lib/network.c 2012-12-06 14:27:46.643586910 +
@@ -515,6 +515,22 @@
else
return -2;
}
+
+#ifdef __APPLE__
+/* Some Apple firewalls appear to be able to disable a socket
+ * immediately after accepting, by marking it DEFUNCT. Reads on
+ * such a socket return immediately with ENOTCONN, which causes
+ * loops since ENOTCONN is supposed to mean 'wait for the
+ * connection to finish'. This state can be detected by calling
+ * connect(): a valid accepted socket will fail with EISCONN, a
+ * DEFUNCT socket will fail with EOPNOTSUPP.
+ */
+if (connect(ret, &so.sa, &addrlen) >= 0)
+i_panic("dummy connect to detect DEFUNCT socket succeeded");
+if (errno == EOPNOTSUPP)
+return -1;
+#endif
+
if (so.sin.sin_family == AF_UNIX) {
if (addr != NULL)
memset(addr, 0, sizeof(*addr));
[Dovecot] Documentation of Redis and Memcache Backends
Hi, in the release notes of 2.1.9 I read that dovecot supports memcache and redis backends for userdb/passdb authentication. This is very interesting for me and should reduce queries and database load of our mysql servers. My idea is to use memcache or redis in our IMAP/POP3 proxies in front of our backend servers. So I would like to try out if it's possible to store proxy information of our backends. For example the backend ip adress. But in the wiki I found only a few configuration settings for redis backend. http://master.wiki2.dovecot.org/AuthDatabase/Dict Also the mentioned example config file "dovecot-dict-auth.conf.ext" with full list of configuration options does not exits in the source of 2.1.11. Have you any idea where I can find the full info or any howtos? Many thanks and regards Urban
