Re: [Dovecot] Permissions when running `dovecot --exec-mail imap`
On 22.1.2013, at 21.44, Tim Marston t...@ed.am wrote: On Tue, Jan 15, 2013 at 11:33:08PM +, Tim Marston wrote: Would it be acceptable to setgid the dovecot executable and change it's group to mail (i.e., `chgrp mail dovecot` and `chmod g+s dovecot`)? Would this pose some kind of security risk? Would this actualy do what I want, or am I missing a bigger picture? Just to confirm, doing the following fixed the problem for me: # chgrp mail /usr/bin/dovecot # chmod g+s /usr/bin/dovecot I am still able to use IMAP normally, and I am now also able to set up mutt with the following: You've now basically given any user ability to run any process with mail group privileges. My INBOX in no longer occasionally read-only, and I no longer get the following error in /var/log/mail.err: Jan 22 08:48:59 mailhost IMAP(user): : file_dotlock_create(/var/mail/user) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /var/mail) (set mail_privileged_group=mail) Other possibilities: a) Deliver mails elsewhere than /var/mail/ (under each user's home dir) b) Don't use dotlocking: mbox_write_locks = fcntl c) Make /var/mail/ 01777 permissions
Re: [Dovecot] dovecot nightly 20130117: dsync does returns Name or service not known
Should work now with latest hg (tomorrow's nightly build). No, it doesn't. After update to 20130123: doveadm(vmail): Debug: Loading modules from directory: /usr/lib64/dovecot doveadm(vmail): Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so doveadm(vmail): Debug: Loading modules from directory: /usr/lib64/dovecot/doveadm doveadm(vmail): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) doveadm(vmail): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) doveadm(vmail): Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so doveadm(vmail): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) doveadm(u...@example.org): Debug: auth input: u...@example.org home=/var/vmail/example.org/user/ quota2_rule=*:storage=40M nodelay=Y uid=999 gid=999 doveadm(u...@example.org): Debug: Added userdb setting: plugin/nodelay=Y doveadm(u...@example.org): Debug: Added userdb setting: plugin/quota2_rule=*:storage=40M doveadm(u...@example.org): Debug: Effective uid=999, gid=999, home=/var/vmail/example.org/user/ doveadm(u...@example.org): Debug: Quota root: name=Domain quota backend=dict args=example.org:redis:host=127.0.0.1:prefix=domain/ doveadm(u...@example.org): Debug: Quota rule: root=Domain quota mailbox=* bytes=0 messages=0 doveadm(u...@example.org): Debug: Quota rule: root=Domain quota mailbox=Trash bytes=0 (5%) messages=0 doveadm(u...@example.org): Debug: Quota root: name=User quota backend=dict args=:redis:host=127.0.0.1:prefix=user/ doveadm(u...@example.org): Debug: Quota rule: root=User quota mailbox=* bytes=41943040 messages=0 doveadm(u...@example.org): Debug: Quota rule: root=User quota mailbox=Trash bytes=+2097152 (5%) messages=0 doveadm(u...@example.org): Debug: dict quota: user=example.org, uri=redis:host=127.0.0.1:prefix=domain/, noenforcing=0 doveadm(u...@example.org): Debug: dict quota: user=u...@example.org, uri=redis:host=127.0.0.1:prefix=user/, noenforcing=0 doveadm(u...@example.org): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/var/vmail/example.org/user:INDEX=/var/vmail_indexes/example.org/user/ doveadm(u...@example.org): Debug: fs: root=/var/vmail/example.org/user, index=/var/vmail_indexes/example.org/user, indexpvt=, control=, inbox=, alt= doveadm(u...@example.org): Debug: Namespace : Using permissions from /var/vmail/example.org/user: mode=0700 gid=default dsync(u...@example.org): Debug: Effective uid=999, gid=999, home=/var/vmail/example.org/user/ dsync(u...@example.org): Debug: Quota root: name=Domain quota backend=dict args=example.org:redis:host=127.0.0.1:prefix=domain/ dsync(u...@example.org): Debug: Quota rule: root=Domain quota mailbox=* bytes=0 messages=0 dsync(u...@example.org): Debug: Quota rule: root=Domain quota mailbox=Trash bytes=0 (5%) messages=0 dsync(u...@example.org): Debug: Quota root: name=User quota backend=dict args=:redis:host=127.0.0.1:prefix=user/ dsync(u...@example.org): Debug: Quota rule: root=User quota mailbox=* bytes=41943040 messages=0 dsync(u...@example.org): Debug: Quota rule: root=User quota mailbox=Trash bytes=+2097152 (5%) messages=0 dsync(u...@example.org): Debug: dict quota: user=example.org, uri=redis:host=127.0.0.1:prefix=domain/, noenforcing=0 dsync(u...@example.org): Debug: dict quota: user=u...@example.org, uri=redis:host=127.0.0.1:prefix=user/, noenforcing=0 dsync(u...@example.org): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=imapc: dsync(u...@example.org): Debug: imapc: root=, index=, indexpvt=, control=, inbox=, alt= dsync(u...@example.org): Debug: imapc(imap.example.org:143): Looking up IP address dsync(u...@example.org): Debug: imapc(imap.example.org:143): Connecting to 111.222.333.444:143 dsync(u...@example.org): Debug: imapc(imap.example.org:143): Server capabilities: IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=LOGIN AUTH=SRP SASL-IR dsync(u...@example.org): Debug: imapc(imap.example.org:143): Authenticating as u...@example.org dsync(u...@example.org): Debug: imapc(imap.example.org:143): Server capabilities: IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH
Re: [Dovecot] speed up dovecot IMAP server
Hello stan Did you performed any troubleshooting, any investigation, of your own, before upgrading to 2.1.7? Yes, I try this: http://wiki.dovecot.org/PerformanceTuning If fsync disabled speed up a litle, but it's not secure permanently. Do note the latency could very well be an issue with Kmail and not Dovecot. Kmail? I use Roundcube and Thunderbird. Typical load: 0.5 Memory usage: 1.2 Gbyte of 6 Gbyte (Can I increase cache memory size for Dovecot?) IOtop Disk read: 1.200 k/sec Gabor 2013-01-14 20:00 időpontban Stan Hoeppner ezt írta: On 1/14/2013 4:36 AM, Bernics Gábor | Penta Unió Zrt. wrote: I upgraded my dovecot server (1.2 - 2.1), from debian backport because it was a little slow (wait 5-6 sec) when I opened some mail (but not every mail). Unfortunately, the mail open speed didn't increase. I think it's an index problem. Have you idea for fixing? You have provided insufficient detail to troubleshoot a performance problem of this nature. Do note the latency could very well be an issue with Kmail and not Dovecot. Did you performed any troubleshooting, any investigation, of your own, before upgrading to 2.1.7?
Re: [Dovecot] speed up dovecot IMAP server
On 1/23/2013 2:59 AM, Bernics Gábor | Penta Unió Zrt. wrote: I use Roundcube and Thunderbird. Do both clients experience the 5-6 second delay? Memory usage: 1.2 Gbyte of 6 Gbyte (Can I increase cache memory size for Dovecot?) No, but you should change to: mmap_disable=no and add: maildir_very_dirty_syncs=yes which should help a bit. You're already indexing with lmtp and using sieve, so your indexes 'should' be current. However, you said the delay is in opening individual messages, not siimply listing them, which doesn't involve the indexes, but the message files. If this happens with Tbird but not RC it may be a duplex mismatch or other network issue. If it happens with both then there's something else going on, maybe with Dovecot, maybe with Linux, maybe with the disk or disk controller. Do you have any errors in your Dovecot log files? How about disk related errors in dmesg? Tbird activity manager? You're not giving us enough information upon which to troubleshoot. -- Stan
[Dovecot] dovecot 2.1.13, proxy and nologin extras field
Hi at all, in our test environment, I'm playing with dovecot 2.1.13 configured as imap/pop/managesieve proxy. It is configured to authenticate users with ldap and it works very well. Now, I'd like to temporary disable some users's login, because we are moving to another storage, and I wouldn't stop imap service at all. I've found on Dovecot wiki that I could use 'nologin' extra field, but I wasn't been able to get it work. My dovecot configuration is: # 2.1.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.19.1.el6.x86_64 x86_64 ... auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no listen = * mail_debug = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } ssl = no ssl_cert = /etc/pki/dovecot/certs/dovecot.pem ssl_key = /etc/pki/dovecot/private/dovecot.pem userdb { driver = prefetch } and my 'dovecot-ldap.conf.ext' is: uris = ldap://ldap.example.it/ dn = cn=Reader,dc=example,dc=it dnpass = password base = ou=People,dc=example,dc=it pass_attrs = uid=user,userPassword=password,\ =userdb_home=/var/spool/mail/%1u/%u,uidNumber=userdb_uid,gidNumber=userdb_gid,\ =proxy=y,=host=imap.example.it,\ =nologin=y pass_filter = ((objectClass=qmailUser)(uid=%u)(accountStatus=active)) With this configuration, all users can login, and log said: Jan 23 09:16:18 localhost dovecot: master: Dovecot v2.1.13 starting up (core dumps disabled) Jan 23 09:16:33 localhost dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jan 23 09:16:33 localhost dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jan 23 09:16:33 localhost dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jan 23 09:16:33 localhost dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jan 23 09:16:33 localhost dovecot: auth: Debug: auth client connected (pid=3660) Jan 23 09:16:33 localhost dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011session=PsbzT/DT+gCTeiwf#011lip=192.168.129.109#011rip=192.168.44.31#011lport=143#011rport=53754 Jan 23 09:16:33 localhost dovecot: auth: Debug: client passdb out: CONT#0111#011 Jan 23 09:16:33 localhost dovecot: auth: Debug: client in: CONT#0111#011AHByb3ZhZm0AY2hlcGFsbGU= Jan 23 09:16:33 localhost dovecot: auth: Debug: ldap(prova,147.122.44.31,PsbzT/DT+gCTeiwf): pass search: base=ou=People,dc=example,dc=it scope=subtree filter=((objectClass=qmailUser)(uid=prova)(accountStatus=active)) fields=uid,userPassword,uidNumber,gidNumber,uid,uid Jan 23 09:16:33 localhost dovecot: auth: Debug: ldap(prova,192.168.44.31,PsbzT/DT+gCTeiwf): result: uid=prova uidNumber=2944 gidNumber=650 userPassword={MD5}BjbsTtSovVAs1csswBTI7Q== Jan 23 09:16:33 localhost dovecot: auth: Debug: client passdb out: OK#0111#011user=prova#011proxy#011host=imap.example.it#011nologin#011hostip=192.168.11.136#011pass=password Jan 23 09:16:33 localhost dovecot: imap-login: proxy(prova): started proxying to imap.example.it:143: user=prova, method=PLAIN, rip=192.168.44.31, lip=192.168.129.109, session=PsbzT/DT+gCTeiwf As you can see 'nologin' field is present in 'passdb' answer, but it doesn't seem to work. If instead I try to disable login with 'allow_nets' extra field, it works as expected: 'dovecot-ldap.conf.ext': ... pass_attrs = uid=user,userPassword=password,\ =userdb_home=/var/spool/mail/%1u/%u,uidNumber=userdb_uid,gidNumber=userdb_gid,\ =proxy=y,=host=imap.example.it,\ =allow_nets=127.0.0.0/8 dovecot log: Jan 22 18:28:19 localhost dovecot: master: Dovecot v2.1.13 starting up (core dumps disabled) Jan 22 18:28:32 localhost dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jan 22 18:28:32 localhost dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Jan 22 18:28:32 localhost dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Jan 22 18:28:32 localhost dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jan 22 18:28:32 localhost dovecot: auth: Debug: Loading modules from directory:
Re: [Dovecot] speed up dovecot IMAP server
No, sorry it's RC bug/problem. Open messages with TB immediately. I will tune up my RC installation. Thanks a lot Best regards, Gabor 2013-01-23 12:01 időpontban Stan Hoeppner ezt írta: On 1/23/2013 2:59 AM, Bernics Gábor | Penta Unió Zrt. wrote: I use Roundcube and Thunderbird. Do both clients experience the 5-6 second delay? Memory usage: 1.2 Gbyte of 6 Gbyte (Can I increase cache memory size for Dovecot?) No, but you should change to: mmap_disable=no and add: maildir_very_dirty_syncs=yes which should help a bit. You're already indexing with lmtp and using sieve, so your indexes 'should' be current. However, you said the delay is in opening individual messages, not siimply listing them, which doesn't involve the indexes, but the message files. If this happens with Tbird but not RC it may be a duplex mismatch or other network issue. If it happens with both then there's something else going on, maybe with Dovecot, maybe with Linux, maybe with the disk or disk controller. Do you have any errors in your Dovecot log files? How about disk related errors in dmesg? Tbird activity manager? You're not giving us enough information upon which to troubleshoot. --
Re: [Dovecot] warning regarding quota and mboxes
if you're getting errors, then quotas are probably not working. as timo suggested, maildir only works with maildir but your mail location shows MBox and Maildir formats use Dict quota as it works with both MBox and Maildir I don't know enough about dovecot to know why you'd have two formats, MBox and Maildir, defined for mail_location. And it seems odd that your mail_home is under /var/spool. I was under the impression that /var/spool was for temporary data. Are you actually keeping mailboxes there? On Tue, Jan 15, 2013 at 11:25 AM, Andreas Meyer anme...@anup.de wrote: Hello! Timo Sirainen t...@iki.fi wrote: On Thu, 2013-01-10 at 16:45 +0100, Andreas Meyer wrote: Hello! We drive mboxes and maildirs and the dovecot-server is running very well and everthing is fine, but I get the following warning in the dovecot-lda-errors.log when a mail is delivered to a mbox. Jan 10 16:29:24 lda(arc...@bitcorner.de): Warning: quota: Namespace '' is not Maildir, skipping for Maildir++ quota This is what I defined in the dovecot.conf: mail_home = /var/spool/vhosts/%d/%n mail_location = mbox:~/:maildir:~/ How is that setting even working? You're using some early v2.0? It's supposed to fail: # dovecot --version 2.1.7 I was told to define mail_location, if I remember right it was when I changed to dovecot-lda instead of letting postfix deliver dircetly to the maildirs and mailboxes. Error: user x: Initialization failed: Namespace '': Unknown setting: maildir I have no errors like this in the logs. Everthing is working flawless. How can I know, what namespaces are defined? # doveconf -d namespace # doveconf -n namespace give not output. I fear to do something wrong, when I define incomplete namespaces. mail_plugins = quota plugin { quota = maildir:User quota quota_rule = *:storage=500MB quota_rule2 = Trash:storage=+10%% } Can I avoid the error above somehow? Namespaces are a bit mysterious for me at the moment. Maildir++ quota works only when delivering to Maildir. If you want to use some quota backend that works with both mboxes and maildirs, you could use dict file: http://wiki2.dovecot.org/Quota/Dict ok, I'll live with the warning in the log for now. Andreas
Re: [Dovecot] Permissions when running `dovecot --exec-mail imap`
Hi, On Wed, Jan 23, 2013 at 10:03:50AM +0200, Timo Sirainen wrote: On 22.1.2013, at 21.44, Tim Marston t...@ed.am wrote: # chgrp mail /usr/bin/dovecot # chmod g+s /usr/bin/dovecot I am still able to use IMAP normally, and I am now also able to set up mutt with the following: You've now basically given any user ability to run any process with mail group privileges. OK, I've un-done that. Thanks. :o) Just out of interest, if I did this: # chgrp mail /usr/lib/dovecot/imap # chmod g+s /usr/lib/dovecot/imap and set up mutt to run that insead, would that be any better? Other possibilities: b) Don't use dotlocking: mbox_write_locks = fcntl OK, this looks like a good solution. I will look in to this. Thanks very much for the help. :o) All the best, -- Tim Marston ed.am