Re: [Dovecot] Default mail folders.
On 09/09/2013 11:56 PM Bruce Markey wrote: Just want to make sure before I set this up. I read that the autocreate plugin is deprecated and to use Mailbox settings as listed here http://wiki2.dovecot.org/MailboxSettings. If that is correct then do I just add those mailbox blocks in /etc/dovecot/conf.d/10-mail.conf? Lastly, will sent items auto populate with sent items or is there something else that needs to be done. … As mentioned by Steffen, you could create your own/additionally .conf files. You may also have a look at http://hg.dovecot.org/dovecot-2.2/file/tip/doc/example-config/conf.d/15-mailboxes.conf It shows also an example for the 'sent' mailbox. Regards, Pascal -- The trapper recommends today: decade.1325...@localdomain.org
Re: [Dovecot] Default mail folders.
Thanks for all the help everyone. Bruce Pascal Volk user+dove...@localhost.localdomain.org wrote: On 09/09/2013 11:56 PM Bruce Markey wrote: Just want to make sure before I set this up. I read that the autocreate plugin is deprecated and to use Mailbox settings as listed here http://wiki2.dovecot.org/MailboxSettings. If that is correct then do I just add those mailbox blocks in /etc/dovecot/conf.d/10-mail.conf? Lastly, will sent items auto populate with sent items or is there something else that needs to be done. … As mentioned by Steffen, you could create your own/additionally .conf files. You may also have a look at http://hg.dovecot.org/dovecot-2.2/file/tip/doc/example-config/conf.d/15-mailboxes.conf It shows also an example for the 'sent' mailbox. Regards, Pascal Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com
Re: [Dovecot] Vacation message and DMARC validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerson Moraes wrote: I would like to know if a patch to the main project would be appreciated. Could you also please confirm if there are any future plans involving this feature, like an optional configuration for custom envelope-from? how do you prevent loops, e.g. both sides have an autoresponder activated? Does the custom env-from is dropped by the MTA, if it arrives from the outside? IMHO, one should not assume that another side does honor Preference: bulk/auto. - -- Steffen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUi+CK13r2wJMiz2NAQLTDQgAwtMy0en9r30rdliywECXCE7Fr0Rt6bFM 9BQcxnVZ5T3YJRxGoNJ1Za/hxwzQzULtO/a3VhBJ4g4fwyfuf2zuF9W2ZM7bQxR5 ECTLwrXxH/TwBO9MwurwVzk6AY7cpKs8LrfnVEt1qB1m7bRnJU/OPA6rVCsXzOsv cIqJRvJ5jw+1StCgsiyutMWAhdd8BWS76BnoswmLchCxiimLIJM8hMVa1meT0+Dx r2YcDVq/Z+B2r1f8MZ3vStnSjWsQabfHdg6gUETZhHCdgJ+A7BUDjb19K9VRGNQ+ Jqt25bNFRekwIFZYnqch7wZqjZddWjd5vM1fNZtZ9gUnsRTmxKuwLw== =H5eP -END PGP SIGNATURE-
[Dovecot] slow dict lookups?
Hi, I am beginning to see many entries like: Sep 10 21:32:06 mail1 dovecot: imap(us...@example1.com): Warning: read(/var/run/dovecot/dict): dict lookup took 20 seconds Sep 10 21:32:11 mail1 dovecot: imap(us...@example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 25 seconds Sep 10 21:32:16 mail1 dovecot: imap(us...@example3.com): Warning: read(/var/run/dovecot/dict): dict lookup took 30 seconds Sep 10 21:32:21 mail1 dovecot: imap(us...@example3.com): Error: read(/var/run/dovecot/dict) failed: Timeout after 30 seconds Sep 10 21:32:21 mail1 dovecot: imap(us...@example1.com): Warning: read(/var/run/dovecot/dict): dict lookup took 25 seconds Sep 10 21:32:21 mail1 dovecot: imap(us...@example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 24 seconds Sep 10 21:32:26 mail1 dovecot: imap(us...@example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 29 seconds What is the best way to look into making dict lookups faster? In my case the dict is use for user / domain quotas and is looked up via Postgres (on another host). Is there further logging I can enable to see where the problem is? Thanks, Anand
[Dovecot] Need help with Replication
Hi!
I set up two mail servers with Postfix and Dovecot and I would like to sync
all mails between the servers. So I set up replication.
Now I'm still getting the following errors:
===Server 1===
Sep 11 13:43:52 mx0 dovecot: master: Dovecot v2.1.7 starting up (core dumps
disabled)
Sep 11 13:43:52 mx0 dovecot: auth-worker(4245): mysql(127.0.0.1): Connected
to database mailserver
Sep 11 13:43:52 mx0 dovecot: dsync-local(us...@domain.com): Error:
stat(/var/mail/vhosts/domain.com/user1/.dovecot.sieve/tmp) failed: Not a
directory
Sep 11 13:43:52 mx0 dovecot: dsync-local(us...@domain.com): Error: Failed
to sync mailbox dovecot.sieve: Internal error occurred. Refer to server log
for more information. [2013-09-11 13:43:52]
===Server 2===
Sep 11 13:45:30 mx1 dovecot: master: Dovecot v2.1.7 starting up (core dumps
disabled)
Sep 11 13:45:32 mx1 dovecot: auth-worker(30031): mysql(127.0.0.1):
Connected to database mailserver
Sep 11 13:45:34 mx1 dovecot: dsync-local(us...@domain.com): Error: remote:
dsync-remote(us...@domain.com): Error: stat(/var/mail/vhosts/
domain.com/user1/.dovecot.sieve/tmp) failed: Not a directory
Sep 11 13:45:34 mx1 dovecot: doveadm: Error: dsync-remote(us...@domain.com):
Error: Failed to sync mailbox dovecot.sieve: Internal error occurred. Refer
to server log for more information. [2013-09-11 13:45:33]
Sep 11 13:45:34 mx1 dovecot: doveadm: Error: dsync-remote(us...@domain.com):
Error: command BOX-LIST failed
Sep 11 13:45:34 mx1 dovecot: dsync-local(us...@domain.com): Error: Worker
server's mailbox iteration failed
Currently Server 1 holds all mails. Server 2 has no mails.
Dovecot Version: 2.1.7 on both servers.
===Dovecot Config Server 1===
root@mx0:/home/mine# dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-686-pae i686 Debian 7.1 ext4
auth_mechanisms = plain login
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_plugins = notify replication
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave imapflags
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
antispam_backend = dspam
antispam_dspam_args = --deliver;--user;%u
antispam_dspam_binary = /usr/bin/dspam
antispam_signature = X-DSPAM-Signature
antispam_signature_missing = move
antispam_spam = Spam
antispam_trash = trash;Trash;Deleted Items;Deleted Messages
mail_replica = remote:vm...@mx1.neurohr.at
replication_full_sync_interval = 1 hours
sieve = ~/.dovecot.sieve
sieve_before = /etc/sieve/conf.d/before
sieve_dir = ~/sieve
sieve_extensions = +imapflags
}
protocols = imap pop3 lmtp sieve
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0600
user = vmail
}
unix_listener replication-notify {
mode = 0600
user = vmail
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service config {
unix_listener config {
user = vmail
}
}
service dict {
unix_listener dict {
user = vmail
}
}
service doveadm {
user = vmail
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service replicator {
process_min_avail = 1
}
ssl = required
ssl_ca = /etc/ssl/private/mailserver/ca-bundle.crt
ssl_cert = /etc/ssl/private/mailserver/mx0.neurohr.at.pem
ssl_key = /etc/ssl/private/mailserver/mx0.neurohr.at.key
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol lmtp {
mail_plugins = sieve
}
protocol lda {
mail_plugins = sieve
}
protocol imap {
mail_plugins = antispam
}
===
===Dovecot Config Server 2===
root@mx1:/home/mine# dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.6.11+ armv6l Debian 7.1 ext4
auth_mechanisms = plain login
dsync_remote_cmd = ssh -p -l%{login} %{host} doveadm dsync-server -u%u
-l%{lock_timeout} -n%{namespace}
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress
[Dovecot] Antispam plugin / sa-learn
Hello,
Sorry for posting on both list spamassassin and dovecot : my question is
on dovecot antispam plugin, used to learn spamassassin with sa-learn.
I wonder if there is a way to confirme sa-learn is correctly feeded by
the antispam plugin.
dovecot version : 2.1.7
spamassassin version : 3.3.2
(both packaged in debian stable, with postfix and amavis)
i configured dovecot's antispam plugin this way :
plugin {
...
#Antispam
antispam_debug_target = syslog
antispam_verbose_debug = 1
antispam_backend = pipe
antispam_trash = Trash
antispam_spam = Junk
antispam_allow_append_to_spam = no
antispam_pipe_program = /srv/datadisk01/bin/sa-learn-pipe.sh
antispam_pipe_program_spam_arg = --spam
antispam_pipe_program_notspam_arg = --ham
}
refering to : http://wiki2.dovecot.org/Plugins/Antispam
using that script to pipe message to sa-learn :
#!/bin/sh
echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ;
echo $$-start ($*) /tmp/sa-learn-pipe.log ;
#echo $* /tmp/sendmail-parms.txt ;
cat0 /tmp/sendmail-msg-$$.txt ;
/usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ;
rm -f /tmp/sendmail-msg-$$.txt ;
echo $$-end /tmp/sa-learn-pipe.log ;
exit 0;
here is what i got when i move a mail to Junk folder :
Sep 11 18:10:10 effraie01 imap: antispam: plugin initialising
(2.0-notgit)
Sep 11 18:10:10 effraie01 imap: antispam: verbose debug enabled
Sep 11 18:10:10 effraie01 imap: antispam: Junk is exact match spam
folder
Sep 11 18:10:10 effraie01 imap: antispam: no unsure folders
Sep 11 18:10:10 effraie01 imap: antispam: Trash is exact match trash
folder
Sep 11 18:10:10 effraie01 imap: antispam: pipe backend spam argument =
--spam
Sep 11 18:10:10 effraie01 imap: antispam: pipe backend not-spam argument
= --ham
Sep 11 18:10:10 effraie01 imap: antispam: pipe backend program
= /srv/datadisk01/bin/sa-learn-pipe.sh
Sep 11 18:10:10 effraie01 imap: antispam: pipe backend tmpdir /tmp
Sep 11 18:11:10 effraie01 imap: antispam: plugin initialising
(2.0-notgit)
Sep 11 18:11:10 effraie01 imap: antispam: verbose debug enabled
Sep 11 18:11:10 effraie01 imap: antispam: Junk is exact match spam
folder
Sep 11 18:11:10 effraie01 imap: antispam: no unsure folders
Sep 11 18:11:10 effraie01 imap: antispam: Trash is exact match trash
folder
Sep 11 18:11:10 effraie01 imap: antispam: pipe backend spam argument =
--spam
Sep 11 18:11:10 effraie01 imap: antispam: pipe backend not-spam argument
= --ham
Sep 11 18:11:10 effraie01 imap: antispam: pipe backend program
= /srv/datadisk01/bin/sa-learn-pipe.sh
Sep 11 18:11:10 effraie01 imap: antispam: pipe backend tmpdir /tmp
Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_unsure(Junk): 0
Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_trash(INBOX): 0
Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_trash(Junk): 0
Sep 11 18:12:04 effraie01 imap: antispam: mail copy: from trash: 0, to
trash: 0
Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_spam(INBOX): 0
Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_spam(Junk): 1
Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_unsure(INBOX): 0
Sep 11 18:12:04 effraie01 imap: antispam: mail copy: src spam: 0, dst
spam: 1, src unsure: 0
Sep 11 18:12:04 effraie01 imap: antispam: running mailtrain backend
program /srv/datadisk01/bin/sa-learn-pipe.sh
Sep 11 18:12:04 effraie01 imap: antispam: running mailtrain backend
program /srv/datadisk01/bin/sa-learn-pipe.sh
Sep 11 18:12:04 effraie01 imap: antispam: running mailtrain backend
program parameter 1 --spam
and here is what i got in /tmp/sa-learn-pipe.log:
10545-start (--spam)
10545-end
For me, it's working, but when i run sa-learn --backup, i just get
this :
v 3 db_version # this must be the first line!!!
v 0 num_spam
v 0 num_nonspam
it's probably cause i'm using ***STANDARD-ANTI-UBE-TEST-EMAIL*** wich
probably teach nothing to sa-learn, but i wonder if i can find somewher
a log or something confirming sa-learn correctly get the email i pipe to
it.
thanks a lot in advance
--
Mathieu
Re: [Dovecot] dovecot and PFS
Am 11.09.2013 19:10, schrieb Frank Behrens:
Hi Emmanuel!
Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus:
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern
browsers to adopt 256 bit PFS ciphers, while keeping backward
compatibility with older browsers and avoiding BEAST attack:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLHonorCipherOrder is not yet supported in dovecot. I use the following
hack/patch:
--- src/login-common/ssl-proxy-openssl.c.orig 2013-08-05 18:08:13.0
+0200
+++ src/login-common/ssl-proxy-openssl.c2013-09-09 18:20:05.184890563
+0200
@@ -1276,6 +1276,7 @@ ssl_server_context_init(const struct log
ctx-cipher_list, ssl_last_error());
}
SSL_CTX_set_options(ssl_ctx,
openssl_get_protocol_options(ctx-protocols));
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
if (ssl_proxy_ctx_use_certificate_chain(ctx-ctx, ctx-cert) != 1) {
i_fatal(Can't load ssl_cert: %s,
that looks interesting, whats Timos meaning to that patch ?
SSLCipherSuite
ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
-SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
dovecot does not care about BEAST, since attacker cannot inject
trafic. Therefore the cipher list get simplier in dovecot.conf:
ssl_cipher_list =
ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:!MD5:!DES:!aNULL
:!eNULL
But that list is good for browsers. I am not aware of documentation
about what ciphers are advertised by various mail client. How can I
know if that setting has some success pushing PFS? How can I
discover which clients fail to negociate PFS ciphers?
I have in my dovecot.conf:
login_log_format_elements = user=%u method=%m rip=%r lip=%l %c %k
The %k writes the negotiated cipher into the log, see also
http://wiki2.dovecot.org/Variables
Regards,
Frank
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] dovecot and PFS
Hi Emmanuel!
Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus:
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern
browsers to adopt 256 bit PFS ciphers, while keeping backward
compatibility with older browsers and avoiding BEAST attack:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLHonorCipherOrder is not yet supported in dovecot. I use the following
hack/patch:
--- src/login-common/ssl-proxy-openssl.c.orig 2013-08-05 18:08:13.0
+0200
+++ src/login-common/ssl-proxy-openssl.c2013-09-09 18:20:05.184890563
+0200
@@ -1276,6 +1276,7 @@ ssl_server_context_init(const struct log
ctx-cipher_list, ssl_last_error());
}
SSL_CTX_set_options(ssl_ctx,
openssl_get_protocol_options(ctx-protocols));
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
if (ssl_proxy_ctx_use_certificate_chain(ctx-ctx, ctx-cert) != 1) {
i_fatal(Can't load ssl_cert: %s,
SSLCipherSuite
ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
-SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
dovecot does not care about BEAST, since attacker cannot inject
trafic. Therefore the cipher list get simplier in dovecot.conf:
ssl_cipher_list =
ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:!MD5:!DES:!aNULL
:!eNULL
But that list is good for browsers. I am not aware of documentation
about what ciphers are advertised by various mail client. How can I
know if that setting has some success pushing PFS? How can I
discover which clients fail to negociate PFS ciphers?
I have in my dovecot.conf:
login_log_format_elements = user=%u method=%m rip=%r lip=%l %c %k
The %k writes the negotiated cipher into the log, see also
http://wiki2.dovecot.org/Variables
Regards,
Frank
--
Frank Behrens
Osterwieck, Germany
[Dovecot] Quota question.
I have quotas setup with dovecot. Everything seems to be running fine. Values show up fine in mysql. I set up Roundcube to show quota amounts, this also works. For some reason it's showing the old value, I had upped a quot I assume that dovecot is reporting this wrong since roundcube talks to dovecot for its info. Imap debug info: [11-Sep-2013 15:57:47 +]: [5986] S: A0003 OK List completed. [11-Sep-2013 15:57:47 +]: [5986] C: A0004 GETQUOTAROOT INBOX [11-Sep-2013 15:57:47 +]: [5986] S: * QUOTAROOT INBOX User quota [11-Sep-2013 15:57:47 +]: [5986] S: * QUOTA User quota (STORAGE 81 256000) [11-Sep-2013 15:57:47 +]: [5986] S: A0004 OK Getquotaroot completed. [11-Sep-2013 15:57:47 +]: [5986] C: A0005 LOGOUT I'm not sure where next to look. I made sure I didn't have a hard defaut value set in 90-quota.conf. Thank you Bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com
Re: [Dovecot] Quota question.
I think it's something more. Apparently it's not even looking at the database. Not sure what I didn't do. If anyone can point me to a good dovecot / mysql quota how to that would be helpful. Thank you bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com
Re: [Dovecot] Vacation message and DMARC validation
Hi Stephan, how do you prevent loops, e.g. both sides have an autoresponder activated? We use the parameter days available for setting the frequency of vacation messages. For example, if days is set to 1, only one auto-response will be generated for the same e-mail per day. So, it prevents loops correctly. Does the custom env-from is dropped by the MTA, if it arrives from the outside? IMHO, one should not assume that another side does honor Preference: bulk/auto. I did not understand what you meant. Can you give an example? Regards, Gerson
[Dovecot] Double Maildir folders.
Somehow in setting up quotas and sieve I somehow doubled my maildir. I
noticed that when I logged into my webmail I didn't see the folders I
created. I went to the actual location and noticed this.
Mail location is set correctly in 10-mail.conf
mail_location = maildir:/var/vmail/%d/%n/Maildir
So I went to /var/vmail/domain/user and saw:
drwx-- 8 vmail vmail 4.0K Sep 11 22:08 .
drwx-- 4 vmail vmail 4.0K Sep 10 18:40 ..
drwx-- 5 vmail vmail 4.0K Sep 11 22:04 .Sent
lrwxrwxrwx 1 vmail vmail 21 Sep 11 15:44 .dovecot.sieve -
sieve/roundcube.sieve
-rw--- 1 vmail vmail 199 Sep 11 15:45 .dovecot.svbin
drwx-- 10 vmail vmail 4.0K Sep 11 18:40 Maildir
drwx-- 2 vmail vmail 4.0K Sep 11 19:46 cur
-rw--- 1 vmail vmail 51 Sep 11 19:47 dovecot-uidlist
-rw--- 1 vmail vmail8 Sep 11 19:47 dovecot-uidvalidity
-r--r--r-- 1 vmail vmail0 Sep 11 19:46 dovecot-uidvalidity.5230c8a2
-rw--- 1 vmail vmail 248 Sep 11 19:47 dovecot.index.log
-rw--- 1 vmail vmail 24 Sep 11 19:47 dovecot.mailbox.log
-rw--- 1 vmail vmail 15 Sep 11 22:08 maildirsize
drwx-- 2 vmail vmail 4.0K Sep 11 19:46 new
drwx-- 3 vmail vmail 4.0K Sep 11 15:44 sieve
-rw--- 1 vmail vmail5 Sep 11 19:47 subscriptions
drwx-- 2 vmail vmail 4.0K Sep 11 19:46 tmp
Which I shouldn't see correct? Because then in
/var/vmail/domain/user/Maildir I see.
drwx-- 10 vmail vmail 4.0K Sep 11 18:40 .
drwx-- 8 vmail vmail 4.0K Sep 11 22:08 ..
drwx-- 5 vmail vmail 4.0K Sep 10 00:23 .Drafts
drwx-- 5 vmail vmail 4.0K Sep 11 15:45 .Sent
drwx-- 5 vmail vmail 4.0K Sep 10 01:08 .Spam
drwx-- 5 vmail vmail 4.0K Sep 11 15:46 .Test Folder
drwx-- 5 vmail vmail 4.0K Sep 11 15:57 .Trash
drwx-- 2 vmail vmail 4.0K Sep 11 01:37 cur
-rw--- 1 vmail vmail 52 Sep 11 09:17 dovecot-uidlist
-rw--- 1 vmail vmail8 Sep 11 15:45 dovecot-uidvalidity
-r--r--r-- 1 vmail vmail0 Sep 10 00:17 dovecot-uidvalidity.522e6523
-rw--- 1 vmail vmail 600 Sep 10 23:08 dovecot.index
-rw--- 1 vmail vmail 39K Sep 11 01:37 dovecot.index.cache
-rw--- 1 vmail vmail 21K Sep 11 09:17 dovecot.index.log
-rw--- 1 vmail vmail 120 Sep 11 15:44 dovecot.mailbox.log
-rw--- 1 vmail vmail 20 Sep 11 18:40 maildirsize
drwx-- 2 vmail vmail 4.0K Sep 11 00:16 new
-rw--- 1 vmail vmail 35 Sep 11 15:44 subscriptions
drwx-- 2 vmail vmail 4.0K Sep 11 00:13 tmp
I went through all the conf files under /etc/dovecot/conf. and made sure
I hadn't missed something. As above the maildir is correct.
The only two places I can think are 90-plugin.conf which are my sieve
settings.
plugin {
# The location of the user's active script:
sieve = ~/.dovecot.sieve
# If the user has no personal active script (i.e. if the file
# indicated in sieve= does not exist), use this one:
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
# The include extension fetches the :personal scripts from this
# directory. When ManageSieve is used, this is also where scripts
# are uploaded.
sieve_dir = ~/sieve
# The include extension fetches the :global scripts from this
# directory.
sieve_global_dir = /var/lib/dovecot/sieve/global/
}
But I don't see how that would affect it.
And the password and user queries were changed for the quotas.
password_query = SELECT username AS user, password,CONCAT('/var/vmail/',
maildir) AS userdb_home,\
'5000' AS userdb_uid, '5000' AS userdb_gid,\
concat('*:storage=', quota) AS userdb_quota_rule\
FROM mailbox WHERE username='%u' AND domain='%d' AND active=1
user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 'maildir:~/'
as mail, '5000' AS uid,'5000' AS gid,\
concat('*:storage=', quota) AS quota_rule\
FROM mailbox WHERE username='%u' AND domain='%d' AND active=1
maildir in the mailbox is domain/user/ - do I have to concat on
Maildir in the query?
Thanks
Bruce
--
Please use PGP, ENCRYPT everything.
For information about acquiring a secryption.com account, email me.
My public key: https://www.secryption.com/BruceMarkey.asc or
https://keyserver.pgp.com
Re: [Dovecot] How to disable SSL and TLSv1.1?
On 9/9/2013 4:09 PM, Reindl Harald wrote: Am 09.09.2013 22:56, schrieb Darren Pilgrim: I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 or are there additional settings I need to specify? and what clients do you imagine to connect? Thunderbird and a Webmail app. on most widely used distributions you even have no openssl version supporting TLS 1.2 and so you lock them all out OpenSSL 1.0.1 supports TLS 1.2. So does Windows 7/8 and MacOS X. Mozilla NSS 3.15 does 1.2. FWIW, I was able to get it working with the following: ssl_protocols = !SSLv2 !SSLv3 !TLSv1 ssl_cipher_list = ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:@STRENGTH The above disables SSLv2, v3 and TLSv1.0, leaving only TLSv1.1 with AES/Camellia/3DES and TLSv1.2 with AES/AES-GCM. Dovecot lacks the ability to disable TLS 1.1 or 1.2. Adding support for specifying TLSv1.1 and TLSv1.2 in ssl_protocols looks pretty straight forward: add 0x08 and 0x10 to the enum in src/lib-ssl-iostream/iostream-openssl-common.c and expand the various tests to include the appropriate strings. Would a user-submitted patch to add TLSv1.1 and TLSv1.2 support to ssl_protocols be appreciated? -- Please reply on list.
Re: [Dovecot] How to disable SSL and TLSv1.1?
Am 12.09.2013 00:46, schrieb Darren Pilgrim: On 9/9/2013 4:09 PM, Reindl Harald wrote: Am 09.09.2013 22:56, schrieb Darren Pilgrim: I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 or are there additional settings I need to specify? and what clients do you imagine to connect? Thunderbird and a Webmail app in that special case you may be lucky on most widely used distributions you even have no openssl version supporting TLS 1.2 and so you lock them all out OpenSSL 1.0.1 supports TLS 1.2 and that is why i said most widely used does not RHEL5: openssl-0.9.8e RHEL6: openssl-1.0.0 Fedora 17: openssl-1.0.0k Fedora 18: openssl-1.0.1e if you have only a few users where you know OS and mail-client this is doable, for any server with customers it is a no-go signature.asc Description: OpenPGP digital signature
[Dovecot] question about dovecot-auth
hello :
i'm new to dovecot-list:
i have a question about dovecot auth:
the database of dovecot-auth is memcached, when i test 200 users login by imap
at the same time, there are some error like this: Is there any Parameter
matches wrong ?
=error=
Sep 12 10:14:15 IMAP(q...@t.com): Info: Quota warning: bytes=1048471142 (90%)
messages=0 command=/opt/email/bin/dovecot-quota-warning.sh 90 q...@t.com
Sep 12 10:14:15 IMAP(q...@t.com): Info: Quota warning: bytes=1106719539 (95%)
messages=0 command=/opt/email/bin/dovecot-quota-warning.sh 95 q...@t.com
Sep 12 10:14:16 auth(default): Info: !:id:22 OK
q...@t.com username=q...@t.com
password={CRYPT}$1$711536ed$Q4xYrsYOS6bVq9mJvNoc40 home=/opt/mail
mail=maildir:/opt/mail/t.com/q148/ quota_rule2=*:messages=
quota_rule=*:bytes=1164967936 line: OK q...@t.com username=q...@t.com
password={CRYPT}$1$711536ed$Q4xYrsYOS6bVq9mJvNoc40 home=/opt/email
mail=maildir:/opt/email/t.com/q148/ quota_rule2=*:messages=
quota_rule=*:bytes=1164967936 request:23
Sep 12 10:14:16 auth(default): Error: BUG: Worker sent reply with id 22,
expected 23
Sep 12 10:14:16 auth(default): Error: worker-server(q...@t.com,127.0.0.1):
Aborted: Worker is buggy
Sep 12 10:14:16 auth(default): Info: !:id:7 OK
q...@t.com {CRYPT}$1$557ecad6$SOQhh76yfMx4zAIp3KKX61 home=/opt/mail
mail=maildir:/opt/mail/t.com/q32 quota_rule2=*:messages=
quota_rule=*:bytes=1164967936 username=q...@t.com line: OK q...@t.com
{CRYPT}$1$557ecad6$SOQhh76yfMx4zAIp3KKX61 home=/opt/mail
mail=maildir:/opt/mail/t.com/q32 quota_rule2=*:messages=
quota_rule=*:bytes=1164967936 username=q...@t.com request:7
Sep 12 10:14:16 IMAP(q...@t.com): Info: Namespace: type=private, prefix=,
sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes
Sep 12 10:14:16 IMAP(q...@t.com): Info: maildir:
data=/opt/email/t.com/q156/...ep 12 10:14:21 auth(default): Info: new auth
connection: pid=14558
Sep 12 10:14:22 imap-login: Info: Aborted login (auth failed, 1 attempts):
user=q...@t.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Sep 12 10:14:23 auth(default): Info: new auth connection: pid=14562
Sep 12 10:17:14 imap-login: Info: Disconnected: Inactivity (auth failed, 1
attempts): user=q...@t.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1,
secured
Sep 12 10:17:15 auth(default): Info: new auth connection: pid=14601
==concurrent-script
my concurrent-login script is:
use strict;
use warnings;
use Net::IMAP::Client;
use Getopt::Long;
use threads;
my %opt = ();
GetOptions(\%opt, 'pth_num|n=s');
my $pths = $opt{pth_num};
my $t1 = 0;
my $passwd = qwer1234;
sub thread_fun
{
my $j = 0;
my $count = 2;
my $k = $_[0];
my $pid = threads-self()-tid();
while ($count != 0){
my $username = q$k\@t.com;
print #$pid $username $passwd #\n;
my $imap = Net::IMAP::Client-new(
server = '127.0.0.1',
user = $username,
password = $passwd,
)or die can not connect:$@;
$imap-login($username, $passwd) or die ('login failed!'.
$imap-last_error);
$imap-noop;
$imap-select('INBOX');
$imap-noop;
$imap-noop;
$imap-noop;
$imap-noop;
$imap-logout;
print $username logout--\n;
$count--;
sleep(1);
}
print \n
}
my $i = 1;
while($pths){
$t1 = threads-create(\thread_fun, $i);
if($pths != 1){
$t1-detach();
}
print create $pths\'s threads\n;
$i++; $pths--;
}
my $ret = $t1-join();
=dovecot.conf==
my dovecot.conf about auth is:log_path = /var/log/maillog
login_processes_count = 128 #listen_start_process
login_max_processes_count = 128
login_max_connections = 128
#login_max_connections = 256
max_mail_processes = 1024disable_plaintext_auth =
nologin_process_per_connection=yes thanks amandy
[Dovecot] Where's Dovecot's ports?
Dear all, I installed dovecot dovecoot-mysql postfix and postfix-mysql from debian repository 7. I start them with /etc/init.d/postfix start and /etc/init.d/dovecot start but When i use nmap localhost I see the following output: root@sito:/etc/dovecot# nmap localhost Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-12 07:35 IRDT Nmap scan report for localhost (127.0.0.1) Host is up (0.030s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 3128/tcp open squid-http 3306/tcp open mysql My Question is , Where's dovecot ? i don't see its' ports
Re: [Dovecot] Where's Dovecot's ports?
But When i use netsta -anp |egrep -i dovecot i get the following output: root@sito:/home/mohsen# netstat -nap |egrep -i dovecot unix 2 [ ACC ] STREAM LISTENING 69634 18414/dovecot /var/run/dovecot/anvil unix 2 [ ACC ] STREAM LISTENING 69638 18414/dovecot /var/run/dovecot/anvil-auth-penalty unix 2 [ ACC ] STREAM LISTENING 65456 18414/dovecot /var/run/dovecot/stats unix 2 [ ACC ] STREAM LISTENING 65459 18414/dovecot /var/run/dovecot/login/ssl-params unix 2 [ ACC ] STREAM LISTENING 65463 18414/dovecot /var/run/dovecot/replicator unix 2 [ ACC ] STREAM LISTENING 65467 18414/dovecot /var/run/dovecot/replication-notify unix 2 [ ACC ] STREAM LISTENING 65472 18414/dovecot /var/run/dovecot/log-errors unix 2 [ ACC ] STREAM LISTENING 65476 18414/dovecot /var/run/dovecot/ipc unix 2 [ ACC ] STREAM LISTENING 65478 18414/dovecot /var/run/dovecot/login/ipc-proxy unix 2 [ ACC ] STREAM LISTENING 65482 18414/dovecot /var/run/dovecot/indexer-worker unix 2 [ ACC ] STREAM LISTENING 65486 18414/dovecot /var/run/dovecot/indexer unix 2 [ ACC ] STREAM LISTENING 65490 18414/dovecot /var/run/dovecot/doveadm-server unix 2 [ ACC ] STREAM LISTENING 65494 18414/dovecot /var/run/dovecot/dns-client unix 2 [ ACC ] STREAM LISTENING 65496 18414/dovecot /var/run/dovecot/login/dns-client unix 2 [ ACC ] STREAM LISTENING 65500 18414/dovecot /var/run/dovecot/director-admin unix 2 [ ACC ] STREAM LISTENING 65504 18414/dovecot /var/run/dovecot/director-userdb unix 2 [ ACC ] STREAM LISTENING 65508 18414/dovecot /var/run/dovecot/dict unix 2 [ ACC ] STREAM LISTENING 65512 18414/dovecot /var/run/dovecot/config unix 2 [ ACC ] STREAM LISTENING 65514 18414/dovecot /var/run/dovecot/login/login unix 2 [ ACC ] STREAM LISTENING 65518 18414/dovecot /var/run/dovecot/auth-login unix 2 [ ACC ] STREAM LISTENING 65522 18414/dovecot /var/run/dovecot/auth-client unix 2 [ ACC ] STREAM LISTENING 65526 18414/dovecot /var/run/dovecot/auth-userdb unix 2 [ ACC ] STREAM LISTENING 65530 18414/dovecot /var/run/dovecot/auth-master unix 2 [ ACC ] STREAM LISTENING 65534 18414/dovecot /var/run/dovecot/auth-worker unix 3 [ ] STREAM CONNECTED 65453 18414/dovecot unix 3 [ ] STREAM CONNECTED 65452 18414/dovecot unix 2 [ ] DGRAM65448 18414/dovecot On Thu, 2013-09-12 at 07:49 +0430, Mohsen Pahlevanzadeh wrote: Dear all, I installed dovecot dovecoot-mysql postfix and postfix-mysql from debian repository 7. I start them with /etc/init.d/postfix start and /etc/init.d/dovecot start but When i use nmap localhost I see the following output: root@sito:/etc/dovecot# nmap localhost Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-12 07:35 IRDT Nmap scan report for localhost (127.0.0.1) Host is up (0.030s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 3128/tcp open squid-http 3306/tcp open mysql My Question is , Where's dovecot ? i don't see its' ports
Re: [Dovecot] Quota question.
Check if new quota is recognized using 'doveadm quota get -u username' If it does then there is some other issue... It is hard to tell without knowing how it is setup. Thanks VIjay On Thu, Sep 12, 2013 at 12:35 AM, Bruce Markey br...@secryption.com wrote: I think it's something more. Apparently it's not even looking at the database. Not sure what I didn't do. If anyone can point me to a good dovecot / mysql quota how to that would be helpful. Thank you bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/**BruceMarkey.aschttps://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com
[Dovecot] SOLVED: dovecot-2.2.5 build failed if openssl 0.9.8
Hello, to build dovecot-2.2.5 on a system based on openssl-0.9.7 I had to apply the attached patch. Maybe it could be applied in the next versions Thanks. -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen Index: dovecot-2.2.5/src/lib-ssl-iostream/iostream-openssl-context.c === --- dovecot-2.2.5.orig/src/lib-ssl-iostream/iostream-openssl-context.c 2013-09-02 16:57:18.0 +0200 +++ dovecot-2.2.5/src/lib-ssl-iostream/iostream-openssl-context.c 2013-09-02 17:05:46.0 +0200 @@ -444,7 +444,7 @@ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback); -#if !defined(OPENSSL_NO_ECDH) +#if !defined(OPENSSL_NO_ECDH) OPENSSL_VERSION_NUMBER = 0x00908000L /* In the non-recommended situation where ECDH cipher suites are being used instead of ECDHE, do not reuse the same ECDH key pair for different sessions. This option improves forward secrecy. */ Index: dv-dovecot-2.2.5/src/login-common/ssl-proxy-openssl.c === --- dovecot-2.2.5.orig/src/login-common/ssl-proxy-openssl.c 2013-09-02 17:06:07.0 +0200 +++ dovecot-2.2.5/src/login-common/ssl-proxy-openssl.c 2013-09-02 17:06:39.0 +0200 @@ -1023,7 +1023,7 @@ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback); -#if !defined(OPENSSL_NO_ECDH) +#if !defined(OPENSSL_NO_ECDH) OPENSSL_VERSION_NUMBER = 0x00908000L /* In the non-recommended situation where ECDH cipher suites are being used instead of ECDHE, do not reuse the same ECDH key pair for different sessions. This option improves forward secrecy. */
