[Dovecot] password schemes in dovecot
Hey there, I'm using the latest dovecot 2.1.13 In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes BLF-CRYPT is listed, but i can't use it. doveadm pw -l doesn't show it. And i'm unsure about how I am supposed to use the different SHA schemes, since they always output different hashes for the same password. MD5 is working fine, but I'd rather not use it. Is the wiki outdated or how do i get BLF-CRYPT working? thanks, simon
Re: [Dovecot] password schemes in dovecot
On 01/26/2013 01:04 AM Public wrote: Hey there, I'm using the latest dovecot 2.1.13 In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes BLF-CRYPT is listed, but i can't use it. doveadm pw -l doesn't show it. And i'm unsure about how I am supposed to use the different SHA schemes, since they always output different hashes for the same password. MD5 is working fine, but I'd rather not use it. Is the wiki outdated or how do i get BLF-CRYPT working? Your system's libc doesn't support Blowfish crypt, as mentioned in doveadm-pw(1) http://wiki2.dovecot.org/Tools/Doveadm/Pw#section_options. The crypt-hashes are salted hashes. `doveadm pw` generates a random salt, each time it is invoked. Therefore you will see different hashes, even when you enter the same password multiple times. Regards, Pascal -- The trapper recommends today: defaced.1302...@localdomain.org
[Dovecot] doveadm user error messages
I use 'doveadm user' in some scripts and the exit codes are fine for my purposes. During tests it transpired that Dovecot 2.1 would give an error message when querying for non-existent users. Dovecot 2.2 just exits without a word. Not sure this is intended behaviour: $ doveadm user foo $ echo $? 67 $ id foo id: foo: No such user Regards Thomas signature.asc Description: Digital signature
Re: [Dovecot] Trouble with expire plugin
On 01/09/2013 08:37 AM, Gedalya wrote: On 01/09/2013 02:32 AM, Robert Schetterer wrote: my daily cron job says: #!/bin/sh doveadm expunge -A mailbox Junk savedbefore 14d doveadm expunge -A mailbox Trash savedbefore 30d doveadm expunge -A mailbox Trash.* savedbefore 30d do verbose logging during cron Best Regards MfG Robert Schetterer No need, I have indeed already gone beyond the but I made a cron job, why isn't it working point. mysql select * from expires; . . . 7 rows in set (0.00 sec) Complete doveadm output with domain masked: # doveadm -D search -A mailbox Trash savedbefore 14d doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/lib20_expire_plugin.so doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/lib20_listescape_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so doveadm(root): Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_list_backend (this is usually intentional, so just ignore this message) doveadm(root): Debug: expire: Searching only users listed in expire database doveadm(root): Debug: expire: Stopping iteration on key shared/expire/je...@xx.com/Trash (1357165578 1356528524) mysql select * from expires; . . . 6 rows in set (0.00 sec) The row being deleted: l...@xxx.com, Junk, 1350397036 (Tue Oct 16 10:17:16 EDT 2012), all others at this point in time are younger than 14 days. So far it has seemed to me that running any search or expunge has the sole effect of deleting rows matching the savedbefore criteria, regardless of the mailbox criteria. working with doveadm -omail_plugins=. leaving out expire seems to work fine. I got it working. I know this worked before, I can't specify when it stopped working, but here is the story. I have: auth_default_realm = domain.com in dovecot-sql.conf.ext I had: iterate_query = SELECT userid as user, domain FROM email where deleted=0 Now it's working when I changed it to: iterate_query = SELECT concat(userid, '@', domain) as username FROM email where deleted=0 I noticed this when running doveadm expunge (without expire plugin) and saw lines like the following: doveadm(jeremy): Info: User no longer exists, skipping This user exists, but on another domain, not the default one. Users under the default domain come up as normal: doveadm(hr): Debug: Added userdb setting: mail=maildir:/stor/mail/domains/domain.com/hr/hr/Maildir After changing iterate query all users come up as fully qualified, like doveadm(jer...@otherdomain.com): Debug: Added userdb setting: mail=maildir:/stor/mail/domains/otherdomain.com/je/jeremy/Maildir So, with regards to the expires issue, I guess the reason why the expires table wasn't working is because it contains the full email address in the username field and doveadm here was working with the userid alone. Is this a bug? The wiki clearly says that iterate_query can take the domain in a separate field, yet dovecot seems to ignore the domain field and use auth_default_realm. Thanks, Gedalya
Re: [Dovecot] password schemes in dovecot
Pascal Volk wrote: On 01/26/2013 01:04 AM Public wrote: In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes BLF-CRYPT is listed, but i can't use it. doveadm pw -l doesn't show it. And i'm unsure about how I am supposed to use the different SHA schemes, since they always output different hashes for the same password. MD5 is working fine, but I'd rather not use it. Is the wiki outdated or how do i get BLF-CRYPT working? Your system's libc doesn't support Blowfish crypt, as mentioned in doveadm-pw(1) http://wiki2.dovecot.org/Tools/Doveadm/Pw#section_options. The crypt-hashes are salted hashes. `doveadm pw` generates a random salt, each time it is invoked. Therefore you will see different hashes, even when you enter the same password multiple times. Does the doveadm pw tool provide a way to check a plaintext password against a user's hash from the passdb? This would be useful to do some security checks without actually logging the users in which would update their lastlogin timestamp. Regards Daniel -- https://plus.google.com/103021802792276734820
Re: [Dovecot] password schemes in dovecot
On 01/27/2013 11:21 PM Daniel Parthey wrote: Does the doveadm pw tool provide a way to check a plaintext password against a user's hash from the passdb? … Check `doveadm pw -h` output. If it prints [-t hash], you can do something like: doveadm pw -t '{SHA256-CRYPT}$5$rounds=1000$0123456789abcdef$K/DksR0DT01hGc8g/kt9McEgrbFMKi9qrb1jehe7hn4' Enter password to verify: 08/15!test~4711 {SHA256-CRYPT}$5$rounds=1000$0123456789abcdef$K/DksR0DT01hGc8g/kt9McEgrbFMKi9qrb1jehe7hn4 (verified) Regards, Pascal -- The trapper recommends today: f007ba11.1302...@localdomain.org
Re: [Dovecot] Duplicate supression mechanism
Timo Sirainen wrote: On 18.1.2013, at 17.36, 3.lis...@adminlinux.com.br lis...@adminlinux.com.br wrote: In a Dovecot 2.0.6 server I have an account x@domain and an alias y@domain - x@domain. When I send an email to x@domain with carbon copy to y@domain, X receives two messages on mailbox. Dovecot2 has any feature of duplicate suppression ? With v2.1 + Pigeonhole 0.3.1+ you can use vnd.dovecot.duplicate extension. http://www.ietf.org/id/draft-bosch-sieve-duplicate-00.txt Dovecot 2.1.10 and Pigeonhole 0.3.3 with the following SIEVE rules require [duplicate, fileinto, mailbox, regex,vacation,variables]; if duplicate { fileinto :create Trash/Duplicate; } results in .dovecot.sieve.log Error: sieve: info: started log at Jan 28 04:44:17. main script: line 3: error: require command: unknown Sieve capability `duplicate'. main script: line 5: error: unknown test 'duplicate' (only reported once at first occurence). main script: error: validation failed. What is wrong? Regards Daniel -- https://plus.google.com/103021802792276734820
Re: [Dovecot] Duplicate supression mechanism
On 1/22/2013 1:04 PM, Timo Sirainen wrote: On 18.1.2013, at 17.36, 3.lis...@adminlinux.com.br lis...@adminlinux.com.br wrote: In a Dovecot 2.0.6 server I have an account x@domain and an alias y@domain - x@domain. When I send an email to x@domain with carbon copy to y@domain, X receives two messages on mailbox. Dovecot2 has any feature of duplicate suppression ? With v2.1 + Pigeonhole 0.3.1+ you can use vnd.dovecot.duplicate extension. http://www.ietf.org/id/draft-bosch-sieve-duplicate-00.txt Ehmm, not that one. That is the official submission and that is not what Dovecot currently implements. You should use this as a reference for now: http://hg.rename-it.nl/dovecot-2.1-pigeonhole/raw-file/tip/doc/rfc/spec-bosch-sieve-duplicate.txt Don't forget to add vnd.dovecot.duplicate to sieve_extensions. Regards, Stephan.