Re: [Dovecot] IMAPS: Disable SSL connection without client certificate

2013-07-02 Thread Charles Marcus

Please do not top-post in an inline thread...

On 2013-06-29 2:38 AM, Ireneusz Szcześniak irek.szczesn...@gmail.com 
wrote:

On 28.06.2013 23:34, Reindl Harald wrote:


Am 28.06.2013 23:31, schrieb Ireneusz Szcześniak:
I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. 
It works great.  Dovecot serves IMAPS only,

and I'm using Thunderbird to access my mail.

I configured Dovecot to allow clients that present a valid 
certificate when establishing SSL connection.  I
configure my Thunderbird for SSL/TLS connection with normal 
password.  It works fine.


However, with my config anybody can connect to my server without 
presenting a certificate


google dovecot ssl client certificate leads to
http://wiki.dovecot.org/SSL/DovecotConfiguration

well, this is for dovecot 1.x, but have you tried it?

Client certificate verification/authentication
If you want to require clients to present a valid SSL certificate, 
you'll need these settings:


ssl_ca_file = /etc/ssl/ca.pem
ssl_verify_client_cert = yes
auth default {
   ssl_require_client_cert = yes
   ..
}


Thanks for your email.  Yes, I looked before at that website before. 
I'm using these options with Dovecot 2.1.8, among others:


auth_ssl_require_client_cert = yes
ssl_verify_client_cert = yes
ssl_ca = /etc/ssl/certs/cacertcrl.pem


I'm not sure why Reindl pointed you to the 1.x docs when you are using 
2.x...


The setting has apparently changed in 2.x (note the addition of 'auth_' 
to the 'require' setting):


From the wiki2 page:

Client certificate verification/authentication

If you want to require clients to present a valid SSL certificate, 
you'll need these settings:


ssl_ca = /etc/ssl/ca.pem
ssl_verify_client_cert = yes

auth_ssl_require_client_cert = yes
#ssl_username_from_cert = yes

Linked: http://wiki2.dovecot.org/SSL/DovecotConfiguration

--

Best regards,

Charles




Re: [Dovecot] IMAPS: Disable SSL connection without client certificate

2013-07-02 Thread Reindl Harald


Am 29.06.2013 15:54, schrieb Charles Marcus:
 well, this is for dovecot 1.x, but have you tried it?

 Client certificate verification/authentication
 If you want to require clients to present a valid SSL certificate, you'll 
 need these settings:

 ssl_ca_file = /etc/ssl/ca.pem
 ssl_verify_client_cert = yes
 auth default {
ssl_require_client_cert = yes
..
 }
 
 Thanks for your email.  Yes, I looked before at that website before. I'm 
 using these options with Dovecot 2.1.8,
 among others:

 auth_ssl_require_client_cert = yes
 ssl_verify_client_cert = yes
 ssl_ca = /etc/ssl/certs/cacertcrl.pem
 
 I'm not sure why Reindl pointed you to the 1.x docs when you are using 2.x...

because it is a good start-point and i do not need the feature
and in this case it should be enough that i start to google
for others at all

however, if you would have followed this thread you would have
realized that the OP demaned technical impossible things like
uhm openssl should reject the connction without cert before
running any dovecot code



signature.asc
Description: OpenPGP digital signature


[Dovecot] Dovecot METADATA plugin configuration

2013-07-02 Thread Sergey Sidlyarenko

Debian Wheezy
dovecot 2.2.4 (deb http://xi.rename-it.nl/debian/ 
stable-auto/dovecot-2.2.patched main)

dovecot-metadata-plugin v14

/var/lib/dovecot 777 dovecot:dovecot
/var/lib/dovecot/shared-metadata 700 dovecot:dovecot
/var/run/dovecot 777 dovecot:dovecot
/var/run/divecot/dict666 mail:dovecot


Test1 - create calendar  UTF7 mailbox (no errors in dovecot-error.log):

[02-Jul-2013 15:47:51 +0400]: [4419] S: * OK [CAPABILITY IMAP4rev1 
LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN 
AUTH=LOGIN] Welcome to TU FKP IMAP server.
[02-Jul-2013 15:47:51 +0400]: [4419] C: A0001 ID (name Roundcube 
version 1.0-git php 5.4.4-14+deb7u2 os Linux command 
/?_task=calendar_action=calendar)

[02-Jul-2013 15:47:51 +0400]: [4419] S: * ID (name Dovecot)
[02-Jul-2013 15:47:51 +0400]: [4419] S: A0001 OK ID completed.
[02-Jul-2013 15:47:51 +0400]: [4419] C: A0002 AUTHENTICATE PLAIN
[02-Jul-2013 15:47:51 +0400]: [4419] S: A0002 OK [CAPABILITY IMAP4rev1 
LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY 
THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND 
URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED 
I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN 
CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE METADATA 
ANNOTATEMORE] Logged in
[02-Jul-2013 15:47:51 +0400]: [4419] C: A0003 CREATE 
BCAEMAQxBD4ERwQ4BDk-

[02-Jul-2013 15:47:51 +0400]: [4419] S: A0003 OK Create completed.
[02-Jul-2013 15:47:51 +0400]: [4419] C: A0004 SUBSCRIBE 
BCAEMAQxBD4ERwQ4BDk-

[02-Jul-2013 15:47:51 +0400]: [4419] S: A0004 OK Subscribe completed.
[02-Jul-2013 15:47:51 +0400]: [4419] C: A0005 SETMETADATA 
BCAEMAQxBD4ERwQ4BDk- (/shared/vendor/kolab/folder-type event 
/private/vendor/kolab/folder-type NIL)
[02-Jul-2013 15:47:51 +0400]: [4419] S: A0005 NO Mailbox does not 
exist.
[02-Jul-2013 15:47:51 +0400]: [4419] C: A0006 SETMETADATA 
BCAEMAQxBD4ERwQ4BDk- (/private/vendor/kolab/folder-type event)
[02-Jul-2013 15:47:51 +0400]: [4419] S: A0006 NO Mailbox does not 
exist.
[02-Jul-2013 15:47:51 +0400]: [4419] C: A0007 LIST  
BCAEMAQxBD4ERwQ4BDk-/*

[02-Jul-2013 15:47:51 +0400]: [4419] S: A0007 OK List completed.
[02-Jul-2013 15:47:51 +0400]: [4419] C: A0008 DELETE 
BCAEMAQxBD4ERwQ4BDk-

[02-Jul-2013 15:47:51 +0400]: [4419] S: A0008 OK Delete completed.
[02-Jul-2013 15:47:51 +0400]: [4419] C: A0009 UNSUBSCRIBE 
BCAEMAQxBD4ERwQ4BDk-

[02-Jul-2013 15:47:51 +0400]: [4419] S: A0009 OK Unsubscribe completed.
[02-Jul-2013 15:47:51 +0400]: [4419] C: A0010 LOGOUT
[02-Jul-2013 15:47:51 +0400]: [4419] S: * BYE Logging out
[02-Jul-2013 15:47:51 +0400]: [4419] S: A0010 OK Logout completed.


Test2 - create calendar ASCII mailbox:
[02-Jul-2013 15:51:20 +0400]: [2611] S: * OK [CAPABILITY IMAP4rev1 
LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN 
AUTH=LOGIN] Welcome to TU FKP IMAP server.
[02-Jul-2013 15:51:20 +0400]: [2611] C: A0001 ID (name Roundcube 
version 1.0-git php 5.4.4-14+deb7u2 os Linux command 
/?_task=calendar_action=calendar)

[02-Jul-2013 15:51:20 +0400]: [2611] S: * ID (name Dovecot)
[02-Jul-2013 15:51:20 +0400]: [2611] S: A0001 OK ID completed.
[02-Jul-2013 15:51:20 +0400]: [2611] C: A0002 AUTHENTICATE PLAIN
[02-Jul-2013 15:51:20 +0400]: [2611] S: A0002 OK [CAPABILITY IMAP4rev1 
LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY 
THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND 
URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED 
I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN 
CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE METADATA 
ANNOTATEMORE] Logged in

[02-Jul-2013 15:51:20 +0400]: [2611] C: A0003 CREATE Work
[02-Jul-2013 15:51:20 +0400]: [2611] S: A0003 OK Create completed.
[02-Jul-2013 15:51:20 +0400]: [2611] C: A0004 SUBSCRIBE Work
[02-Jul-2013 15:51:20 +0400]: [2611] S: A0004 OK Subscribe completed.
[02-Jul-2013 15:51:20 +0400]: [2611] C: A0005 SETMETADATA Work 
(/shared/vendor/kolab/folder-type event 
/private/vendor/kolab/folder-type NIL)

[02-Jul-2013 15:51:50 +0400]: [2611] S: A0005 NO Setting entry failed.
[02-Jul-2013 15:51:50 +0400]: [2611] C: A0006 SETMETADATA Work 
(/private/vendor/kolab/folder-type event)

[02-Jul-2013 15:52:20 +0400]: [2611] S: A0006 NO Setting entry failed.
[02-Jul-2013 15:52:20 +0400]: [2611] C: A0007 LIST  Work/*
[02-Jul-2013 15:52:20 +0400]: [2611] S: A0007 OK List completed.
[02-Jul-2013 15:52:20 +0400]: [2611] C: A0008 DELETE Work
[02-Jul-2013 15:52:20 +0400]: [2611] S: A0008 OK Delete completed.
[02-Jul-2013 15:52:20 +0400]: [2611] C: A0009 UNSUBSCRIBE Work
[02-Jul-2013 15:52:20 +0400]: [2611] S: A0009 OK Unsubscribe completed.
[02-Jul-2013 15:52:20 +0400]: [2611] C: A0010 LOGOUT
[02-Jul-2013 15:52:20 +0400]: [2611] S: * BYE Logging out
[02-Jul-2013 15:52:20 +0400]: [2611] S: A0010 OK Logout completed.
root@mail:/var/log/dovecot# cat dovecot-errors.log
2013-07-02 15:51:50 imap(ad...@tufkp.ru): 

Re: [Dovecot] namespace delivery question

2013-07-02 Thread Steffen Kaiser

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 27 Jun 2013, Laszlo Kiraly wrote:


i...@domain.com - public, readable by user2
us...@domain.com - private
us...@domain.com - private

The mailboxes are virtual, authentication through pam (kerberos).
The public mailbox doesn't have valid kerberos account.

I couldn't find solution in the documentation, how can I manage the email
delivery to the public namespace?

There is a -m option in the lda delivery where you can give namespace prefix.
Maybe it's good for this, but I couldn't find any information how can I do
this with lmtp?


If you set:

lmtp_save_to_detail_mailbox = yes
recipient_delimiter = #

you could alias i...@domain.com to user#public.mailbox.fol...@domain.com 
. 1st option tells LMTP to use the detail (subaddress) as default mailbox, 
which is essentially the same as the -m option of the LDA. 2nd options 
sets the delimiter of user and detail. user must habe write permission 
to the folder.


Regards,

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUdLHeV3r2wJMiz2NAQJp/Qf+JG6RYpMbgP9K+POoaP4mFHPNr2NXcLlK
RhO7GtOimZpyQZPeofStxJQwY4clRdKpKsmpMlhb1muXyvoHkB6Tn5TDO18Anqlq
/Yp8li53rsx4hVptqI84tiZrPiPX52U7FJmM/j95a+gFelTOgOPFwNoTaIIMAQau
qn1rVa4BYIhMUQTP4WJDnj+gs8Fd1LapajBcVR0yaMGkWKRLKjsOrgFzDaxQqpxk
8erJnGV68p+wEl0jnWEF2+U8XubvhqHJTbkrcBC7DsqONBzlXC7mc+xyycb+0okD
54dHI6YcSLvzDEI3uaOqoBxad4e2fvziEgYJ7Ph78aH80psAWNmu3A==
=rJPs
-END PGP SIGNATURE-


Re: [Dovecot] namespace delivery question

2013-07-02 Thread Laszlo Kiraly
  There is a -m option in the lda delivery where you can give namespace 
prefix.
  Maybe it's good for this, but I couldn't find any information how can I do
  this with lmtp?
 
 If you set:
 
 lmtp_save_to_detail_mailbox = yes
 recipient_delimiter = #
 
 you could alias i...@domain.com to 

What kind of alias do you think? At smtp time, like in the /etc/aliases?
Eventually, i can configure exim to accept the # and / chars in the email 
address.

 user#public.mailbox.fol...@domain.com . 1st option tells LMTP to 
 use the detail (subaddress) as default mailbox, which is essentially 
 the same as the -m option of the LDA. 2nd options sets the delimiter 
 of user and detail. user must habe write permission to the folder.
 
 Regards,
 
 - -- 
 Steffen Kaiser

Best regards: Király László


Re: [Dovecot] namespace delivery question

2013-07-02 Thread Steffen Kaiser

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 2 Jul 2013, Laszlo Kiraly wrote:


There is a -m option in the lda delivery where you can give namespace

prefix.

Maybe it's good for this, but I couldn't find any information how can I do
this with lmtp?


If you set:

lmtp_save_to_detail_mailbox = yes
recipient_delimiter = #

you could alias i...@domain.com to


What kind of alias do you think? At smtp time, like in the /etc/aliases?
Eventually, i can configure exim to accept the # and / chars in the email
address.


Yes, SMTP time aliases - exim aliases for a local address. I do this 
often.
Actually, exim might use '+' or '-' as delimiter already, I'm not sure. No 
need to use # exactly.



user#public.mailbox.fol...@domain.com . 1st option tells LMTP to
use the detail (subaddress) as default mailbox, which is essentially
the same as the -m option of the LDA. 2nd options sets the delimiter
of user and detail. user must habe write permission to the folder.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUdLZd13r2wJMiz2NAQIICAf7BsJ2o8uUutSFCxk5gftAfRbFBWbnLrEz
i4/NVueVZLl1AyOZ5GujLDmPhvPPNS8mL9+wMs1qKT1rrJz7q5BatDCj/LMp0YVr
8d/HM6g/8U4pwjZxq54S15fs0nZDR+XmPg+q4RcB8lAU+ns36rXEDb6EZ7M2b/RM
vdNqJYWs9kVZe9WkUKrWv/scZh04dI3iutgdCkc+iMcJsSJw4TWM61RgolzN2+wd
iowUbc6X9HTNnDWziaPt78HMLNVh70BOE8uMiJtcPytxpCmMWZo48lds79i3CKdc
SLFI3oXH5P0hkHbUymCVNhI3aSJQwlu514VlVEVp9lTleH//f5C5JQ==
=9ZIT
-END PGP SIGNATURE-


Re: [Dovecot] flat file in tmpfs for dict quota

2013-07-02 Thread Steffen Kaiser

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 27 Jun 2013, Ken A wrote:


I'm using dict quota like so:

quota = dict:User quota::file:/[path]/quotas/%u

[path]/quotas/ is a tmpfs.

The idea is to do less work on disk. Other than forcing dovecot to
rebuild quotas on a reboot, are there any downsides?


I would say no, but to recalc the quota file might be more difficult that 
you think, make sure no logins or deliveries or automatic scripts change 
the content of the mail storage.


Regards,

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUdLaGl3r2wJMiz2NAQI43QgApVYnrUwp7bUNlPPvYIKhl+3H/5PcZHBX
hLysrAEKN96Zx7kMFwmpNvfk0UIiAN9ON1n8F9OjJNTpmgsp8+VkDgn7BaKFHsWT
BfJBYbxsiDwRk8tl3UJY/sdA/sReyZZpOttPJB+Rk37warF/W40BSzyS/+gWosJW
/T9ptJwZixVQTLd0jQnjlZhC83ssRHiEBer49dXKmfdxQA3U8cTaRObHbd/eJV25
0blwBIlW8ueuGqwNEk6e/ja2nT1wvZwkzTvxAwnSLquj2DYwkNLd6DvfXXXoE1FN
LBVMYHvJ3Yk2AkONytTpjbP+JyjSwWnyeI+NfTDmlQYp44XQ1+DkBw==
=3ubQ
-END PGP SIGNATURE-


[Dovecot] lmtp: Disable Delivered-To header

2013-07-02 Thread Micha Krause
Hi,

using LMTP, is it possible to disable the addition of the Delivered-To
header to messages?

Micha Krause


Re: [Dovecot] lmtp: Disable Delivered-To header

2013-07-02 Thread Pascal Volk
On 07/02/2013 04:14 PM Micha Krause wrote:
 Hi,
 
 using LMTP, is it possible to disable the addition of the Delivered-To
 header to messages?

Maybe by reverting parts of this changeset:
http://hg.dovecot.org/dovecot-2.2/rev/61c3124bba93

There is no configuration setting to accomplish that.


Regards,
Pascal
-- 
The trapper recommends today: c01dcofe.1318...@localdomain.org


[Dovecot] LMTP Proxy

2013-07-02 Thread Cassidy Larson
Trying to figure out Proxying with LMTP to a few back end storage servers
for quota checking before accepting email delivery on the front end nodes.

If I connect to the back end server directly via telnet, everything works
great.

If I use a front-end server to proxy to the back end server, I don't get
the same result.

Running 2.2.4 on both front and back end servers.

Any help would be appreciated.

--
backend dovecot.log:
dovecot: lmtp(72274): Error: userdb lookup(user@host*masteruser):
Disconnected unexpectedly
dovecot: auth: Fatal: master: service(auth): child 72272 killed with signal
11 (core not dumped)

--
front end dovecot.log:
dovecot: lmtp(7495): Debug: auth input:
user=user@host.comnopassword=hidden host=backend_server_ip
destuser=
u...@host.com*masteruser nologin=Y nodelay=Y proxy=Y pass=hidden port=2525

--
front end dovecot.conf:
lmtp_proxy = yes
protocols = lmtp

protocol lmtp {
   postmaster_address = postmas...@mydomain.com
   mail_plugins = quota

  passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf
driver = sql
  }
}

service lmtp {
  client_limit = 5
  executable = lmtp
  idle_kill = 0
  process_limit = 0
  process_min_avail = 0
  protocol = lmtp
  service_count = 0
  inet_listener lmtp {
address = frontend_server_ip
port = 2525
  }
}
--
backend dovecot.conf:
auth_master_user_separator = *
lmtp_rcpt_check_quota = yes
passdb {
  args = /usr/local/etc/dovecot/dovecot-sql.conf
  driver = sql
  master = yes
}
userdb {
  args = /usr/local/etc/dovecot/dovecot-sql.conf
  driver = sql
}
service lmtp {
  client_limit = 5
  executable = lmtp -L
  idle_kill = 0
  process_limit = 0
  process_min_avail = 0
  protocol = lmtp
  service_count = 0
  inet_listener lmtp {
address = backend_server_ip
port = 2525
  }
}

protocol lmtp {
   info_log_path = /var/log/dovecot-lmtp.log
   postmaster_address = postmas...@infowest.com
   mail_plugins = quota
}


Re: [Dovecot] LMTP Proxy

2013-07-02 Thread Reindl Harald


Am 03.07.2013 02:20, schrieb Cassidy Larson:
 Trying to figure out Proxying with LMTP to a few back end storage servers
 for quota checking before accepting email delivery on the front end nodes

how does LMTP proxy help here?

you need a policyd at the MTA which rejects the message directly
from the client by knowing about quota of the target because after
the MTA has accepted it *always* results in a bounce and incoming
mailflow is hardly via LMTP

google: dovceot quota policyd postfix
http://www.dovecot.org/list/dovecot/2009-June/040400.html



signature.asc
Description: OpenPGP digital signature


Re: [Dovecot] dovecot corrupted transaction log

2013-07-02 Thread John Fawcett
On 13/06/13 08:50, John Fawcett wrote:
 On 13/06/13 04:31, Timo Sirainen wrote:
 On Tue, 2013-06-11 at 00:34 +0200, John Fawcett wrote:
 Hi I came across this error which happend immedately after a mail
 delivery to the inbox. Should I look for the problem externally to
 dovecot (ie. file system, operating system) or within dovecot? I never
 saw this error before installing 2.2.1, with 2.2.2 I seemed to get even
 more of them so currently back on 2.2.1

 Jun 11 00:00:05 rosalia dovecot: imap(myemail@mydomain): Error:
 Corrupted transaction log file
 /var/vmail/mydomain/myemail@mydomain/dovecot.index.log seq 311: file
 size shrank (1184  1304) (sync_offset=1304)
 Are you using NFS or some other cluster filesystem with multiple
 servers? If yes, see http://wiki2.dovecot.org/NFS. If not, show doveconf
 -n and describe the setup more.


 TImo

 thanks for your response. There is no NFS involved. The file system
 seems to  be reiserfs (as reported by df -T) thogh I wonder why
 fsck reports it would use fsck.ext2 (which I did not run).

 It is a single server vpn container hosting a few sites and
 low volume mail service. The operating system is centos 6.4

 The setup is with postfix, amavisd and dovecot using sieve. Dovecot and
 sieve are built from source

 Clients are roundcube and usual mail clients mainly thunderbird.

 I cannot link the errors to anything specific, except that they started
 happening 5 minutes after upgrade to 2.2.1 from 2.1.5. The error happens on
 multiple mailboxes. I never saw the error prior to that, looking at logs
 back to
 version 2.1.7.

 Below is the dovecot -n output

 Thanks
 John

 dovecot -n
 # 2.2.1: /etc/dovecot/dovecot.conf
 # OS: Linux 2.6.18-028stab092.1 x86_64 CentOS release 6.4 (Final)
 auth_mechanisms = plain login
 dict {
   expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
   quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
 }
 first_valid_uid = 200
 listen = 80.237.194.64
 mail_plugins = quota expire
 managesieve_notify_capability = mailto
 managesieve_sieve_capability = fileinto reject envelope
 encoded-character vacation subaddress comparator-i;ascii-numeric
 relational regex imap4flags copy include variables body enotify
 environment mailbox date ihave
 passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
 }
 plugin {
   expire = Trash
   expire2 = Trash/*
   expire3 = Spam
   expire4 = Postmaster
   expire_dict = proxy::expire
   fts = squat
   fts_squat = partial=4 full=10
   quota = dict:User quota::proxy::quota
   quota_rule = *:storage=1G
   quota_rule2 = Trash:storage=+100M
   sieve = ~/sieve/.dovecot.sieve
   sieve_dir = ~/sieve
 }
 protocols = imap pop3 lmtp sieve
 service auth-worker {
   user = $default_internal_user
 }
 service auth {
   unix_listener auth-userdb {
 group = mail
 mode = 0660
   }
 }
 service dict {
   unix_listener dict {
 group = mail
 mode = 0660
   }
 }
 service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
 group = postfix
 mode = 0660
 user = postfix
   }
 }
 ssl_cert = /etc/ssl/extcerts/mail.erba.tv.dovecot-bundle.crt
 ssl_key = /etc/ssl/extcerts/mail.erba.tv.dovecot.nopass.key
 userdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
 }
 protocol lmtp {
   mail_plugins = quota expire sieve
 }
 protocol lda {
   mail_plugins = quota expire sieve
 }
 protocol imap {
   mail_plugins = quota expire imap_quota fts fts_squat
 }


The log corruptions are continuing, I now have 2.2.4 installed. They always
seem to happen in proximty to a mail delivery.

Is there anything that anyone can suggest for how to get
a step closer to diagnoising the cause? Is there some debugging I can
put on that would be useful?

Thanks
John





Re: [Dovecot] dovecot corrupted transaction log

2013-07-02 Thread Timo Sirainen
On 3.7.2013, at 4.10, John Fawcett john...@erba.tv wrote:

 Jun 11 00:00:05 rosalia dovecot: imap(myemail@mydomain): Error:
 Corrupted transaction log file
 /var/vmail/mydomain/myemail@mydomain/dovecot.index.log seq 311: file
 size shrank (1184  1304) (sync_offset=1304)
 Are you using NFS or some other cluster filesystem with multiple
 servers? If yes, see http://wiki2.dovecot.org/NFS. If not, show doveconf
 -n and describe the setup more.
 thanks for your response. There is no NFS involved. The file system
 seems to  be reiserfs (as reported by df -T) thogh I wonder why
 fsck reports it would use fsck.ext2 (which I did not run).
 The log corruptions are continuing, I now have 2.2.4 installed. They always
 seem to happen in proximty to a mail delivery.
 
 Is there anything that anyone can suggest for how to get
 a step closer to diagnoising the cause? Is there some debugging I can
 put on that would be useful?

If this problem is happening only because of reiserfs (and it kind of seems 
that way), I don't think there's anything that can be done except to move away 
from it. It's been a long time since I've heard of any problems related to 
Dovecot's handling of index files that didn't involve some non-POSIX 
filesystem, so I'm kind of thinking the problem has more to do with reiserfs 
than Dovecot.

You could of course keep the maildirs in reiserfs and just move Dovecot's index 
files to tmpfs. That would work well as long as you didn't have to reboot 
(after reboot your performance would be more or less bad for a while).



Re: [Dovecot] lmtp: Disable Delivered-To header

2013-07-02 Thread Timo Sirainen
On 2.7.2013, at 17.14, Micha Krause mi...@krausam.de wrote:

 using LMTP, is it possible to disable the addition of the Delivered-To
 header to messages?

No. But why?



[Dovecot] dnsbl feature for dovecot

2013-07-02 Thread John Fawcett
dnsbl's are a popular method to prevent listed ips from making
connections to mta software.

cf. postscreen_dnsbl_sites in postfix

Would it be possible to introduce such a feature in dovecot, so that
connections can be denied
based on a dnsbl lookup (where the precise dnsbls used are configurable)?

John


Re: [Dovecot] LMTP Proxy

2013-07-02 Thread Timo Sirainen
On 3.7.2013, at 3.20, Cassidy Larson alanda...@gmail.com wrote:

 dovecot: auth: Fatal: master: service(auth): child 72272 killed with signal
 11 (core not dumped)

A crash is always a bug. It would be nice to be able to fix it. A gdb backtrace 
would be the easiest way to fix it. One possibility would be to a get a core 
dump, which could be kind of annoyingly difficult since it didn't already 
happen. One hopefully easier way would be to:

1. telnet localhost 143
2. In another terminal run: ps aux | grep dovecot/auth; gdb -p pid of that 
auth process
cont
do whatever to get the process to crash
bt full



Re: [Dovecot] dnsbl feature for dovecot

2013-07-02 Thread Timo Sirainen
On 3.7.2013, at 4.21, John Fawcett john...@erba.tv wrote:

 dnsbl's are a popular method to prevent listed ips from making
 connections to mta software.
 
 cf. postscreen_dnsbl_sites in postfix
 
 Would it be possible to introduce such a feature in dovecot, so that
 connections can be denied
 based on a dnsbl lookup (where the precise dnsbls used are configurable)?

You're talking about IMAP/POP3 connections?

Possible, yeah .. possibly even without code changes by using tcpwrappers.



Re: [Dovecot] dnsbl feature for dovecot

2013-07-02 Thread Professa Dementia
On 7/2/2013 6:21 PM, John Fawcett wrote:
 dnsbl's are a popular method to prevent listed ips from making
 connections to mta software.
 
 cf. postscreen_dnsbl_sites in postfix
 
 Would it be possible to introduce such a feature in dovecot, so that
 connections can be denied
 based on a dnsbl lookup (where the precise dnsbls used are configurable)?
 
 John
 

Let's back up a bit.  This does not seem like a feature that Dovecot needs.

Rather, what problem are you trying to solve?  Maybe there is an
existing or better way to accomplish it.

Dem


Re: [Dovecot] LMTP Proxy

2013-07-02 Thread Cassidy Larson
Timo,

Does this give you what you need?

#0  0x131bbdd4 in strcmp () from /lib/libc.so.7
No symbol table info available.
#1  0x0040d0af in auth_find_service ()
No symbol table info available.
#2  0x00413b38 in auth_request_set_login_username ()
No symbol table info available.
#3  0x00413c72 in auth_request_set_username ()
No symbol table info available.
#4  0x0040eedf in ?? ()
No symbol table info available.
#5  0x0040f855 in ?? ()
No symbol table info available.
#6  0x108c7a16 in io_loop_call_io () from
/usr/local/lib/dovecot/libdovecot.so.0
No symbol table info available.
#7  0x108c89d6 in io_loop_handler_run () from
/usr/local/lib/dovecot/libdovecot.so.0
No symbol table info available.
#8  0x108c79bd in io_loop_run () from
/usr/local/lib/dovecot/libdovecot.so.0
No symbol table info available.
#9  0x1087e443 in master_service_run () from
/usr/local/lib/dovecot/libdovecot.so.0
No symbol table info available.
#10 0x0041bb90 in main ()
No symbol table info available.


On Tue, Jul 2, 2013 at 7:25 PM, Timo Sirainen t...@iki.fi wrote:

 On 3.7.2013, at 3.20, Cassidy Larson alanda...@gmail.com wrote:

  dovecot: auth: Fatal: master: service(auth): child 72272 killed with
 signal
  11 (core not dumped)

 A crash is always a bug. It would be nice to be able to fix it. A gdb
 backtrace would be the easiest way to fix it. One possibility would be to a
 get a core dump, which could be kind of annoyingly difficult since it
 didn't already happen. One hopefully easier way would be to:

 1. telnet localhost 143
 2. In another terminal run: ps aux | grep dovecot/auth; gdb -p pid of
 that auth process
 cont
 do whatever to get the process to crash
 bt full




Re: [Dovecot] dnsbl feature for dovecot

2013-07-02 Thread Stan Hoeppner
On 7/2/2013 8:32 PM, Professa Dementia wrote:
 On 7/2/2013 6:21 PM, John Fawcett wrote:
 dnsbl's are a popular method to prevent listed ips from making
 connections to mta software.

 cf. postscreen_dnsbl_sites in postfix

 Would it be possible to introduce such a feature in dovecot, so that
 connections can be denied
 based on a dnsbl lookup (where the precise dnsbls used are configurable)?

 John

 
 Let's back up a bit.  This does not seem like a feature that Dovecot needs.
 
 Rather, what problem are you trying to solve?  Maybe there is an
 existing or better way to accomplish it.

Based on John's recent thread on postfix-users on the same general
subject, I'd guess he's trying to stop rouge/malicious connections.

-- 
Stan



Re: [Dovecot] dnsbl feature for dovecot

2013-07-02 Thread Professa Dementia
On 7/2/2013 7:11 PM, Stan Hoeppner wrote:
 On 7/2/2013 8:32 PM, Professa Dementia wrote:
 On 7/2/2013 6:21 PM, John Fawcett wrote:
 dnsbl's are a popular method to prevent listed ips from making
 connections to mta software.

 cf. postscreen_dnsbl_sites in postfix

 Would it be possible to introduce such a feature in dovecot, so that
 connections can be denied
 based on a dnsbl lookup (where the precise dnsbls used are configurable)?

 John


 Let's back up a bit.  This does not seem like a feature that Dovecot needs.

 Rather, what problem are you trying to solve?  Maybe there is an
 existing or better way to accomplish it.
 
 Based on John's recent thread on postfix-users on the same general
 subject, I'd guess he's trying to stop rouge/malicious connections.
 

That's my point.  A self run IP blackhole list is almost useless.
Distributed RBLs are much more effective.  However, existing ones are
based on spam sources, not malicious connections to POP or IMAP servers.

Knowing the problem would be beneficial in determining a good solution.
 For certain types of connection abuse, Fail2Ban works remarkably well.
 But, without knowing his exact problem, it may not be the correct solution.

Dem