Re: [Dovecot] Default mail folders.
On 09/09/2013 11:56 PM Bruce Markey wrote: Just want to make sure before I set this up. I read that the autocreate plugin is deprecated and to use Mailbox settings as listed here http://wiki2.dovecot.org/MailboxSettings. If that is correct then do I just add those mailbox blocks in /etc/dovecot/conf.d/10-mail.conf? Lastly, will sent items auto populate with sent items or is there something else that needs to be done. … As mentioned by Steffen, you could create your own/additionally .conf files. You may also have a look at http://hg.dovecot.org/dovecot-2.2/file/tip/doc/example-config/conf.d/15-mailboxes.conf It shows also an example for the 'sent' mailbox. Regards, Pascal -- The trapper recommends today: decade.1325...@localdomain.org
Re: [Dovecot] Default mail folders.
Thanks for all the help everyone. Bruce Pascal Volk user+dove...@localhost.localdomain.org wrote: On 09/09/2013 11:56 PM Bruce Markey wrote: Just want to make sure before I set this up. I read that the autocreate plugin is deprecated and to use Mailbox settings as listed here http://wiki2.dovecot.org/MailboxSettings. If that is correct then do I just add those mailbox blocks in /etc/dovecot/conf.d/10-mail.conf? Lastly, will sent items auto populate with sent items or is there something else that needs to be done. … As mentioned by Steffen, you could create your own/additionally .conf files. You may also have a look at http://hg.dovecot.org/dovecot-2.2/file/tip/doc/example-config/conf.d/15-mailboxes.conf It shows also an example for the 'sent' mailbox. Regards, Pascal Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com
Re: [Dovecot] Vacation message and DMARC validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerson Moraes wrote: I would like to know if a patch to the main project would be appreciated. Could you also please confirm if there are any future plans involving this feature, like an optional configuration for custom envelope-from? how do you prevent loops, e.g. both sides have an autoresponder activated? Does the custom env-from is dropped by the MTA, if it arrives from the outside? IMHO, one should not assume that another side does honor Preference: bulk/auto. - -- Steffen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUi+CK13r2wJMiz2NAQLTDQgAwtMy0en9r30rdliywECXCE7Fr0Rt6bFM 9BQcxnVZ5T3YJRxGoNJ1Za/hxwzQzULtO/a3VhBJ4g4fwyfuf2zuF9W2ZM7bQxR5 ECTLwrXxH/TwBO9MwurwVzk6AY7cpKs8LrfnVEt1qB1m7bRnJU/OPA6rVCsXzOsv cIqJRvJ5jw+1StCgsiyutMWAhdd8BWS76BnoswmLchCxiimLIJM8hMVa1meT0+Dx r2YcDVq/Z+B2r1f8MZ3vStnSjWsQabfHdg6gUETZhHCdgJ+A7BUDjb19K9VRGNQ+ Jqt25bNFRekwIFZYnqch7wZqjZddWjd5vM1fNZtZ9gUnsRTmxKuwLw== =H5eP -END PGP SIGNATURE-
[Dovecot] slow dict lookups?
Hi, I am beginning to see many entries like: Sep 10 21:32:06 mail1 dovecot: imap(us...@example1.com): Warning: read(/var/run/dovecot/dict): dict lookup took 20 seconds Sep 10 21:32:11 mail1 dovecot: imap(us...@example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 25 seconds Sep 10 21:32:16 mail1 dovecot: imap(us...@example3.com): Warning: read(/var/run/dovecot/dict): dict lookup took 30 seconds Sep 10 21:32:21 mail1 dovecot: imap(us...@example3.com): Error: read(/var/run/dovecot/dict) failed: Timeout after 30 seconds Sep 10 21:32:21 mail1 dovecot: imap(us...@example1.com): Warning: read(/var/run/dovecot/dict): dict lookup took 25 seconds Sep 10 21:32:21 mail1 dovecot: imap(us...@example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 24 seconds Sep 10 21:32:26 mail1 dovecot: imap(us...@example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 29 seconds What is the best way to look into making dict lookups faster? In my case the dict is use for user / domain quotas and is looked up via Postgres (on another host). Is there further logging I can enable to see where the problem is? Thanks, Anand
[Dovecot] Need help with Replication
Hi! I set up two mail servers with Postfix and Dovecot and I would like to sync all mails between the servers. So I set up replication. Now I'm still getting the following errors: ===Server 1=== Sep 11 13:43:52 mx0 dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled) Sep 11 13:43:52 mx0 dovecot: auth-worker(4245): mysql(127.0.0.1): Connected to database mailserver Sep 11 13:43:52 mx0 dovecot: dsync-local(us...@domain.com): Error: stat(/var/mail/vhosts/domain.com/user1/.dovecot.sieve/tmp) failed: Not a directory Sep 11 13:43:52 mx0 dovecot: dsync-local(us...@domain.com): Error: Failed to sync mailbox dovecot.sieve: Internal error occurred. Refer to server log for more information. [2013-09-11 13:43:52] ===Server 2=== Sep 11 13:45:30 mx1 dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled) Sep 11 13:45:32 mx1 dovecot: auth-worker(30031): mysql(127.0.0.1): Connected to database mailserver Sep 11 13:45:34 mx1 dovecot: dsync-local(us...@domain.com): Error: remote: dsync-remote(us...@domain.com): Error: stat(/var/mail/vhosts/ domain.com/user1/.dovecot.sieve/tmp) failed: Not a directory Sep 11 13:45:34 mx1 dovecot: doveadm: Error: dsync-remote(us...@domain.com): Error: Failed to sync mailbox dovecot.sieve: Internal error occurred. Refer to server log for more information. [2013-09-11 13:45:33] Sep 11 13:45:34 mx1 dovecot: doveadm: Error: dsync-remote(us...@domain.com): Error: command BOX-LIST failed Sep 11 13:45:34 mx1 dovecot: dsync-local(us...@domain.com): Error: Worker server's mailbox iteration failed Currently Server 1 holds all mails. Server 2 has no mails. Dovecot Version: 2.1.7 on both servers. ===Dovecot Config Server 1=== root@mx0:/home/mine# dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.1 ext4 auth_mechanisms = plain login mail_location = maildir:/var/mail/vhosts/%d/%n mail_plugins = notify replication mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { antispam_backend = dspam antispam_dspam_args = --deliver;--user;%u antispam_dspam_binary = /usr/bin/dspam antispam_signature = X-DSPAM-Signature antispam_signature_missing = move antispam_spam = Spam antispam_trash = trash;Trash;Deleted Items;Deleted Messages mail_replica = remote:vm...@mx1.neurohr.at replication_full_sync_interval = 1 hours sieve = ~/.dovecot.sieve sieve_before = /etc/sieve/conf.d/before sieve_dir = ~/sieve sieve_extensions = +imapflags } protocols = imap pop3 lmtp sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0600 user = vmail } unix_listener replication-notify { mode = 0600 user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service config { unix_listener config { user = vmail } } service dict { unix_listener dict { user = vmail } } service doveadm { user = vmail } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } service replicator { process_min_avail = 1 } ssl = required ssl_ca = /etc/ssl/private/mailserver/ca-bundle.crt ssl_cert = /etc/ssl/private/mailserver/mx0.neurohr.at.pem ssl_key = /etc/ssl/private/mailserver/mx0.neurohr.at.key userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocol lmtp { mail_plugins = sieve } protocol lda { mail_plugins = sieve } protocol imap { mail_plugins = antispam } === ===Dovecot Config Server 2=== root@mx1:/home/mine# dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.6.11+ armv6l Debian 7.1 ext4 auth_mechanisms = plain login dsync_remote_cmd = ssh -p -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace} mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress
[Dovecot] Antispam plugin / sa-learn
Hello, Sorry for posting on both list spamassassin and dovecot : my question is on dovecot antispam plugin, used to learn spamassassin with sa-learn. I wonder if there is a way to confirme sa-learn is correctly feeded by the antispam plugin. dovecot version : 2.1.7 spamassassin version : 3.3.2 (both packaged in debian stable, with postfix and amavis) i configured dovecot's antispam plugin this way : plugin { ... #Antispam antispam_debug_target = syslog antispam_verbose_debug = 1 antispam_backend = pipe antispam_trash = Trash antispam_spam = Junk antispam_allow_append_to_spam = no antispam_pipe_program = /srv/datadisk01/bin/sa-learn-pipe.sh antispam_pipe_program_spam_arg = --spam antispam_pipe_program_notspam_arg = --ham } refering to : http://wiki2.dovecot.org/Plugins/Antispam using that script to pipe message to sa-learn : #!/bin/sh echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; echo $$-start ($*) /tmp/sa-learn-pipe.log ; #echo $* /tmp/sendmail-parms.txt ; cat0 /tmp/sendmail-msg-$$.txt ; /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; rm -f /tmp/sendmail-msg-$$.txt ; echo $$-end /tmp/sa-learn-pipe.log ; exit 0; here is what i got when i move a mail to Junk folder : Sep 11 18:10:10 effraie01 imap: antispam: plugin initialising (2.0-notgit) Sep 11 18:10:10 effraie01 imap: antispam: verbose debug enabled Sep 11 18:10:10 effraie01 imap: antispam: Junk is exact match spam folder Sep 11 18:10:10 effraie01 imap: antispam: no unsure folders Sep 11 18:10:10 effraie01 imap: antispam: Trash is exact match trash folder Sep 11 18:10:10 effraie01 imap: antispam: pipe backend spam argument = --spam Sep 11 18:10:10 effraie01 imap: antispam: pipe backend not-spam argument = --ham Sep 11 18:10:10 effraie01 imap: antispam: pipe backend program = /srv/datadisk01/bin/sa-learn-pipe.sh Sep 11 18:10:10 effraie01 imap: antispam: pipe backend tmpdir /tmp Sep 11 18:11:10 effraie01 imap: antispam: plugin initialising (2.0-notgit) Sep 11 18:11:10 effraie01 imap: antispam: verbose debug enabled Sep 11 18:11:10 effraie01 imap: antispam: Junk is exact match spam folder Sep 11 18:11:10 effraie01 imap: antispam: no unsure folders Sep 11 18:11:10 effraie01 imap: antispam: Trash is exact match trash folder Sep 11 18:11:10 effraie01 imap: antispam: pipe backend spam argument = --spam Sep 11 18:11:10 effraie01 imap: antispam: pipe backend not-spam argument = --ham Sep 11 18:11:10 effraie01 imap: antispam: pipe backend program = /srv/datadisk01/bin/sa-learn-pipe.sh Sep 11 18:11:10 effraie01 imap: antispam: pipe backend tmpdir /tmp Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_unsure(Junk): 0 Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_trash(INBOX): 0 Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_trash(Junk): 0 Sep 11 18:12:04 effraie01 imap: antispam: mail copy: from trash: 0, to trash: 0 Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_spam(INBOX): 0 Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_spam(Junk): 1 Sep 11 18:12:04 effraie01 imap: antispam: mailbox_is_unsure(INBOX): 0 Sep 11 18:12:04 effraie01 imap: antispam: mail copy: src spam: 0, dst spam: 1, src unsure: 0 Sep 11 18:12:04 effraie01 imap: antispam: running mailtrain backend program /srv/datadisk01/bin/sa-learn-pipe.sh Sep 11 18:12:04 effraie01 imap: antispam: running mailtrain backend program /srv/datadisk01/bin/sa-learn-pipe.sh Sep 11 18:12:04 effraie01 imap: antispam: running mailtrain backend program parameter 1 --spam and here is what i got in /tmp/sa-learn-pipe.log: 10545-start (--spam) 10545-end For me, it's working, but when i run sa-learn --backup, i just get this : v 3 db_version # this must be the first line!!! v 0 num_spam v 0 num_nonspam it's probably cause i'm using ***STANDARD-ANTI-UBE-TEST-EMAIL*** wich probably teach nothing to sa-learn, but i wonder if i can find somewher a log or something confirming sa-learn correctly get the email i pipe to it. thanks a lot in advance -- Mathieu
Re: [Dovecot] dovecot and PFS
Am 11.09.2013 19:10, schrieb Frank Behrens: Hi Emmanuel! Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus: Hi Is there known advices on how to favor PFS with dovecot? In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLHonorCipherOrder is not yet supported in dovecot. I use the following hack/patch: --- src/login-common/ssl-proxy-openssl.c.orig 2013-08-05 18:08:13.0 +0200 +++ src/login-common/ssl-proxy-openssl.c2013-09-09 18:20:05.184890563 +0200 @@ -1276,6 +1276,7 @@ ssl_server_context_init(const struct log ctx-cipher_list, ssl_last_error()); } SSL_CTX_set_options(ssl_ctx, openssl_get_protocol_options(ctx-protocols)); + SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); if (ssl_proxy_ctx_use_certificate_chain(ctx-ctx, ctx-cert) != 1) { i_fatal(Can't load ssl_cert: %s, that looks interesting, whats Timos meaning to that patch ? SSLCipherSuite ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL dovecot does not care about BEAST, since attacker cannot inject trafic. Therefore the cipher list get simplier in dovecot.conf: ssl_cipher_list = ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:!MD5:!DES:!aNULL :!eNULL But that list is good for browsers. I am not aware of documentation about what ciphers are advertised by various mail client. How can I know if that setting has some success pushing PFS? How can I discover which clients fail to negociate PFS ciphers? I have in my dovecot.conf: login_log_format_elements = user=%u method=%m rip=%r lip=%l %c %k The %k writes the negotiated cipher into the log, see also http://wiki2.dovecot.org/Variables Regards, Frank Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] dovecot and PFS
Hi Emmanuel! Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus: Hi Is there known advices on how to favor PFS with dovecot? In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLHonorCipherOrder is not yet supported in dovecot. I use the following hack/patch: --- src/login-common/ssl-proxy-openssl.c.orig 2013-08-05 18:08:13.0 +0200 +++ src/login-common/ssl-proxy-openssl.c2013-09-09 18:20:05.184890563 +0200 @@ -1276,6 +1276,7 @@ ssl_server_context_init(const struct log ctx-cipher_list, ssl_last_error()); } SSL_CTX_set_options(ssl_ctx, openssl_get_protocol_options(ctx-protocols)); + SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); if (ssl_proxy_ctx_use_certificate_chain(ctx-ctx, ctx-cert) != 1) { i_fatal(Can't load ssl_cert: %s, SSLCipherSuite ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL dovecot does not care about BEAST, since attacker cannot inject trafic. Therefore the cipher list get simplier in dovecot.conf: ssl_cipher_list = ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:!MD5:!DES:!aNULL :!eNULL But that list is good for browsers. I am not aware of documentation about what ciphers are advertised by various mail client. How can I know if that setting has some success pushing PFS? How can I discover which clients fail to negociate PFS ciphers? I have in my dovecot.conf: login_log_format_elements = user=%u method=%m rip=%r lip=%l %c %k The %k writes the negotiated cipher into the log, see also http://wiki2.dovecot.org/Variables Regards, Frank -- Frank Behrens Osterwieck, Germany
[Dovecot] Quota question.
I have quotas setup with dovecot. Everything seems to be running fine. Values show up fine in mysql. I set up Roundcube to show quota amounts, this also works. For some reason it's showing the old value, I had upped a quot I assume that dovecot is reporting this wrong since roundcube talks to dovecot for its info. Imap debug info: [11-Sep-2013 15:57:47 +]: [5986] S: A0003 OK List completed. [11-Sep-2013 15:57:47 +]: [5986] C: A0004 GETQUOTAROOT INBOX [11-Sep-2013 15:57:47 +]: [5986] S: * QUOTAROOT INBOX User quota [11-Sep-2013 15:57:47 +]: [5986] S: * QUOTA User quota (STORAGE 81 256000) [11-Sep-2013 15:57:47 +]: [5986] S: A0004 OK Getquotaroot completed. [11-Sep-2013 15:57:47 +]: [5986] C: A0005 LOGOUT I'm not sure where next to look. I made sure I didn't have a hard defaut value set in 90-quota.conf. Thank you Bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com
Re: [Dovecot] Quota question.
I think it's something more. Apparently it's not even looking at the database. Not sure what I didn't do. If anyone can point me to a good dovecot / mysql quota how to that would be helpful. Thank you bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com
Re: [Dovecot] Vacation message and DMARC validation
Hi Stephan, how do you prevent loops, e.g. both sides have an autoresponder activated? We use the parameter days available for setting the frequency of vacation messages. For example, if days is set to 1, only one auto-response will be generated for the same e-mail per day. So, it prevents loops correctly. Does the custom env-from is dropped by the MTA, if it arrives from the outside? IMHO, one should not assume that another side does honor Preference: bulk/auto. I did not understand what you meant. Can you give an example? Regards, Gerson
[Dovecot] Double Maildir folders.
Somehow in setting up quotas and sieve I somehow doubled my maildir. I noticed that when I logged into my webmail I didn't see the folders I created. I went to the actual location and noticed this. Mail location is set correctly in 10-mail.conf mail_location = maildir:/var/vmail/%d/%n/Maildir So I went to /var/vmail/domain/user and saw: drwx-- 8 vmail vmail 4.0K Sep 11 22:08 . drwx-- 4 vmail vmail 4.0K Sep 10 18:40 .. drwx-- 5 vmail vmail 4.0K Sep 11 22:04 .Sent lrwxrwxrwx 1 vmail vmail 21 Sep 11 15:44 .dovecot.sieve - sieve/roundcube.sieve -rw--- 1 vmail vmail 199 Sep 11 15:45 .dovecot.svbin drwx-- 10 vmail vmail 4.0K Sep 11 18:40 Maildir drwx-- 2 vmail vmail 4.0K Sep 11 19:46 cur -rw--- 1 vmail vmail 51 Sep 11 19:47 dovecot-uidlist -rw--- 1 vmail vmail8 Sep 11 19:47 dovecot-uidvalidity -r--r--r-- 1 vmail vmail0 Sep 11 19:46 dovecot-uidvalidity.5230c8a2 -rw--- 1 vmail vmail 248 Sep 11 19:47 dovecot.index.log -rw--- 1 vmail vmail 24 Sep 11 19:47 dovecot.mailbox.log -rw--- 1 vmail vmail 15 Sep 11 22:08 maildirsize drwx-- 2 vmail vmail 4.0K Sep 11 19:46 new drwx-- 3 vmail vmail 4.0K Sep 11 15:44 sieve -rw--- 1 vmail vmail5 Sep 11 19:47 subscriptions drwx-- 2 vmail vmail 4.0K Sep 11 19:46 tmp Which I shouldn't see correct? Because then in /var/vmail/domain/user/Maildir I see. drwx-- 10 vmail vmail 4.0K Sep 11 18:40 . drwx-- 8 vmail vmail 4.0K Sep 11 22:08 .. drwx-- 5 vmail vmail 4.0K Sep 10 00:23 .Drafts drwx-- 5 vmail vmail 4.0K Sep 11 15:45 .Sent drwx-- 5 vmail vmail 4.0K Sep 10 01:08 .Spam drwx-- 5 vmail vmail 4.0K Sep 11 15:46 .Test Folder drwx-- 5 vmail vmail 4.0K Sep 11 15:57 .Trash drwx-- 2 vmail vmail 4.0K Sep 11 01:37 cur -rw--- 1 vmail vmail 52 Sep 11 09:17 dovecot-uidlist -rw--- 1 vmail vmail8 Sep 11 15:45 dovecot-uidvalidity -r--r--r-- 1 vmail vmail0 Sep 10 00:17 dovecot-uidvalidity.522e6523 -rw--- 1 vmail vmail 600 Sep 10 23:08 dovecot.index -rw--- 1 vmail vmail 39K Sep 11 01:37 dovecot.index.cache -rw--- 1 vmail vmail 21K Sep 11 09:17 dovecot.index.log -rw--- 1 vmail vmail 120 Sep 11 15:44 dovecot.mailbox.log -rw--- 1 vmail vmail 20 Sep 11 18:40 maildirsize drwx-- 2 vmail vmail 4.0K Sep 11 00:16 new -rw--- 1 vmail vmail 35 Sep 11 15:44 subscriptions drwx-- 2 vmail vmail 4.0K Sep 11 00:13 tmp I went through all the conf files under /etc/dovecot/conf. and made sure I hadn't missed something. As above the maildir is correct. The only two places I can think are 90-plugin.conf which are my sieve settings. plugin { # The location of the user's active script: sieve = ~/.dovecot.sieve # If the user has no personal active script (i.e. if the file # indicated in sieve= does not exist), use this one: sieve_global_path = /var/lib/dovecot/sieve/default.sieve # The include extension fetches the :personal scripts from this # directory. When ManageSieve is used, this is also where scripts # are uploaded. sieve_dir = ~/sieve # The include extension fetches the :global scripts from this # directory. sieve_global_dir = /var/lib/dovecot/sieve/global/ } But I don't see how that would affect it. And the password and user queries were changed for the quotas. password_query = SELECT username AS user, password,CONCAT('/var/vmail/', maildir) AS userdb_home,\ '5000' AS userdb_uid, '5000' AS userdb_gid,\ concat('*:storage=', quota) AS userdb_quota_rule\ FROM mailbox WHERE username='%u' AND domain='%d' AND active=1 user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 'maildir:~/' as mail, '5000' AS uid,'5000' AS gid,\ concat('*:storage=', quota) AS quota_rule\ FROM mailbox WHERE username='%u' AND domain='%d' AND active=1 maildir in the mailbox is domain/user/ - do I have to concat on Maildir in the query? Thanks Bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com
Re: [Dovecot] How to disable SSL and TLSv1.1?
On 9/9/2013 4:09 PM, Reindl Harald wrote: Am 09.09.2013 22:56, schrieb Darren Pilgrim: I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 or are there additional settings I need to specify? and what clients do you imagine to connect? Thunderbird and a Webmail app. on most widely used distributions you even have no openssl version supporting TLS 1.2 and so you lock them all out OpenSSL 1.0.1 supports TLS 1.2. So does Windows 7/8 and MacOS X. Mozilla NSS 3.15 does 1.2. FWIW, I was able to get it working with the following: ssl_protocols = !SSLv2 !SSLv3 !TLSv1 ssl_cipher_list = ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:@STRENGTH The above disables SSLv2, v3 and TLSv1.0, leaving only TLSv1.1 with AES/Camellia/3DES and TLSv1.2 with AES/AES-GCM. Dovecot lacks the ability to disable TLS 1.1 or 1.2. Adding support for specifying TLSv1.1 and TLSv1.2 in ssl_protocols looks pretty straight forward: add 0x08 and 0x10 to the enum in src/lib-ssl-iostream/iostream-openssl-common.c and expand the various tests to include the appropriate strings. Would a user-submitted patch to add TLSv1.1 and TLSv1.2 support to ssl_protocols be appreciated? -- Please reply on list.
Re: [Dovecot] How to disable SSL and TLSv1.1?
Am 12.09.2013 00:46, schrieb Darren Pilgrim: On 9/9/2013 4:09 PM, Reindl Harald wrote: Am 09.09.2013 22:56, schrieb Darren Pilgrim: I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 or are there additional settings I need to specify? and what clients do you imagine to connect? Thunderbird and a Webmail app in that special case you may be lucky on most widely used distributions you even have no openssl version supporting TLS 1.2 and so you lock them all out OpenSSL 1.0.1 supports TLS 1.2 and that is why i said most widely used does not RHEL5: openssl-0.9.8e RHEL6: openssl-1.0.0 Fedora 17: openssl-1.0.0k Fedora 18: openssl-1.0.1e if you have only a few users where you know OS and mail-client this is doable, for any server with customers it is a no-go signature.asc Description: OpenPGP digital signature
[Dovecot] question about dovecot-auth
hello : i'm new to dovecot-list: i have a question about dovecot auth: the database of dovecot-auth is memcached, when i test 200 users login by imap at the same time, there are some error like this: Is there any Parameter matches wrong ? =error= Sep 12 10:14:15 IMAP(q...@t.com): Info: Quota warning: bytes=1048471142 (90%) messages=0 command=/opt/email/bin/dovecot-quota-warning.sh 90 q...@t.com Sep 12 10:14:15 IMAP(q...@t.com): Info: Quota warning: bytes=1106719539 (95%) messages=0 command=/opt/email/bin/dovecot-quota-warning.sh 95 q...@t.com Sep 12 10:14:16 auth(default): Info: !:id:22 OK q...@t.com username=q...@t.com password={CRYPT}$1$711536ed$Q4xYrsYOS6bVq9mJvNoc40 home=/opt/mail mail=maildir:/opt/mail/t.com/q148/ quota_rule2=*:messages= quota_rule=*:bytes=1164967936 line: OK q...@t.com username=q...@t.com password={CRYPT}$1$711536ed$Q4xYrsYOS6bVq9mJvNoc40 home=/opt/email mail=maildir:/opt/email/t.com/q148/ quota_rule2=*:messages= quota_rule=*:bytes=1164967936 request:23 Sep 12 10:14:16 auth(default): Error: BUG: Worker sent reply with id 22, expected 23 Sep 12 10:14:16 auth(default): Error: worker-server(q...@t.com,127.0.0.1): Aborted: Worker is buggy Sep 12 10:14:16 auth(default): Info: !:id:7 OK q...@t.com {CRYPT}$1$557ecad6$SOQhh76yfMx4zAIp3KKX61 home=/opt/mail mail=maildir:/opt/mail/t.com/q32 quota_rule2=*:messages= quota_rule=*:bytes=1164967936 username=q...@t.com line: OK q...@t.com {CRYPT}$1$557ecad6$SOQhh76yfMx4zAIp3KKX61 home=/opt/mail mail=maildir:/opt/mail/t.com/q32 quota_rule2=*:messages= quota_rule=*:bytes=1164967936 username=q...@t.com request:7 Sep 12 10:14:16 IMAP(q...@t.com): Info: Namespace: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes Sep 12 10:14:16 IMAP(q...@t.com): Info: maildir: data=/opt/email/t.com/q156/...ep 12 10:14:21 auth(default): Info: new auth connection: pid=14558 Sep 12 10:14:22 imap-login: Info: Aborted login (auth failed, 1 attempts): user=q...@t.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Sep 12 10:14:23 auth(default): Info: new auth connection: pid=14562 Sep 12 10:17:14 imap-login: Info: Disconnected: Inactivity (auth failed, 1 attempts): user=q...@t.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Sep 12 10:17:15 auth(default): Info: new auth connection: pid=14601 ==concurrent-script my concurrent-login script is: use strict; use warnings; use Net::IMAP::Client; use Getopt::Long; use threads; my %opt = (); GetOptions(\%opt, 'pth_num|n=s'); my $pths = $opt{pth_num}; my $t1 = 0; my $passwd = qwer1234; sub thread_fun { my $j = 0; my $count = 2; my $k = $_[0]; my $pid = threads-self()-tid(); while ($count != 0){ my $username = q$k\@t.com; print #$pid $username $passwd #\n; my $imap = Net::IMAP::Client-new( server = '127.0.0.1', user = $username, password = $passwd, )or die can not connect:$@; $imap-login($username, $passwd) or die ('login failed!'. $imap-last_error); $imap-noop; $imap-select('INBOX'); $imap-noop; $imap-noop; $imap-noop; $imap-noop; $imap-logout; print $username logout--\n; $count--; sleep(1); } print \n } my $i = 1; while($pths){ $t1 = threads-create(\thread_fun, $i); if($pths != 1){ $t1-detach(); } print create $pths\'s threads\n; $i++; $pths--; } my $ret = $t1-join(); =dovecot.conf== my dovecot.conf about auth is:log_path = /var/log/maillog login_processes_count = 128 #listen_start_process login_max_processes_count = 128 login_max_connections = 128 #login_max_connections = 256 max_mail_processes = 1024disable_plaintext_auth = nologin_process_per_connection=yes thanks amandy
[Dovecot] Where's Dovecot's ports?
Dear all, I installed dovecot dovecoot-mysql postfix and postfix-mysql from debian repository 7. I start them with /etc/init.d/postfix start and /etc/init.d/dovecot start but When i use nmap localhost I see the following output: root@sito:/etc/dovecot# nmap localhost Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-12 07:35 IRDT Nmap scan report for localhost (127.0.0.1) Host is up (0.030s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 3128/tcp open squid-http 3306/tcp open mysql My Question is , Where's dovecot ? i don't see its' ports
Re: [Dovecot] Where's Dovecot's ports?
But When i use netsta -anp |egrep -i dovecot i get the following output: root@sito:/home/mohsen# netstat -nap |egrep -i dovecot unix 2 [ ACC ] STREAM LISTENING 69634 18414/dovecot /var/run/dovecot/anvil unix 2 [ ACC ] STREAM LISTENING 69638 18414/dovecot /var/run/dovecot/anvil-auth-penalty unix 2 [ ACC ] STREAM LISTENING 65456 18414/dovecot /var/run/dovecot/stats unix 2 [ ACC ] STREAM LISTENING 65459 18414/dovecot /var/run/dovecot/login/ssl-params unix 2 [ ACC ] STREAM LISTENING 65463 18414/dovecot /var/run/dovecot/replicator unix 2 [ ACC ] STREAM LISTENING 65467 18414/dovecot /var/run/dovecot/replication-notify unix 2 [ ACC ] STREAM LISTENING 65472 18414/dovecot /var/run/dovecot/log-errors unix 2 [ ACC ] STREAM LISTENING 65476 18414/dovecot /var/run/dovecot/ipc unix 2 [ ACC ] STREAM LISTENING 65478 18414/dovecot /var/run/dovecot/login/ipc-proxy unix 2 [ ACC ] STREAM LISTENING 65482 18414/dovecot /var/run/dovecot/indexer-worker unix 2 [ ACC ] STREAM LISTENING 65486 18414/dovecot /var/run/dovecot/indexer unix 2 [ ACC ] STREAM LISTENING 65490 18414/dovecot /var/run/dovecot/doveadm-server unix 2 [ ACC ] STREAM LISTENING 65494 18414/dovecot /var/run/dovecot/dns-client unix 2 [ ACC ] STREAM LISTENING 65496 18414/dovecot /var/run/dovecot/login/dns-client unix 2 [ ACC ] STREAM LISTENING 65500 18414/dovecot /var/run/dovecot/director-admin unix 2 [ ACC ] STREAM LISTENING 65504 18414/dovecot /var/run/dovecot/director-userdb unix 2 [ ACC ] STREAM LISTENING 65508 18414/dovecot /var/run/dovecot/dict unix 2 [ ACC ] STREAM LISTENING 65512 18414/dovecot /var/run/dovecot/config unix 2 [ ACC ] STREAM LISTENING 65514 18414/dovecot /var/run/dovecot/login/login unix 2 [ ACC ] STREAM LISTENING 65518 18414/dovecot /var/run/dovecot/auth-login unix 2 [ ACC ] STREAM LISTENING 65522 18414/dovecot /var/run/dovecot/auth-client unix 2 [ ACC ] STREAM LISTENING 65526 18414/dovecot /var/run/dovecot/auth-userdb unix 2 [ ACC ] STREAM LISTENING 65530 18414/dovecot /var/run/dovecot/auth-master unix 2 [ ACC ] STREAM LISTENING 65534 18414/dovecot /var/run/dovecot/auth-worker unix 3 [ ] STREAM CONNECTED 65453 18414/dovecot unix 3 [ ] STREAM CONNECTED 65452 18414/dovecot unix 2 [ ] DGRAM65448 18414/dovecot On Thu, 2013-09-12 at 07:49 +0430, Mohsen Pahlevanzadeh wrote: Dear all, I installed dovecot dovecoot-mysql postfix and postfix-mysql from debian repository 7. I start them with /etc/init.d/postfix start and /etc/init.d/dovecot start but When i use nmap localhost I see the following output: root@sito:/etc/dovecot# nmap localhost Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-12 07:35 IRDT Nmap scan report for localhost (127.0.0.1) Host is up (0.030s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 3128/tcp open squid-http 3306/tcp open mysql My Question is , Where's dovecot ? i don't see its' ports
Re: [Dovecot] Quota question.
Check if new quota is recognized using 'doveadm quota get -u username' If it does then there is some other issue... It is hard to tell without knowing how it is setup. Thanks VIjay On Thu, Sep 12, 2013 at 12:35 AM, Bruce Markey br...@secryption.com wrote: I think it's something more. Apparently it's not even looking at the database. Not sure what I didn't do. If anyone can point me to a good dovecot / mysql quota how to that would be helpful. Thank you bruce -- Please use PGP, ENCRYPT everything. For information about acquiring a secryption.com account, email me. My public key: https://www.secryption.com/**BruceMarkey.aschttps://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com
[Dovecot] SOLVED: dovecot-2.2.5 build failed if openssl 0.9.8
Hello, to build dovecot-2.2.5 on a system based on openssl-0.9.7 I had to apply the attached patch. Maybe it could be applied in the next versions Thanks. -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen Index: dovecot-2.2.5/src/lib-ssl-iostream/iostream-openssl-context.c === --- dovecot-2.2.5.orig/src/lib-ssl-iostream/iostream-openssl-context.c 2013-09-02 16:57:18.0 +0200 +++ dovecot-2.2.5/src/lib-ssl-iostream/iostream-openssl-context.c 2013-09-02 17:05:46.0 +0200 @@ -444,7 +444,7 @@ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback); -#if !defined(OPENSSL_NO_ECDH) +#if !defined(OPENSSL_NO_ECDH) OPENSSL_VERSION_NUMBER = 0x00908000L /* In the non-recommended situation where ECDH cipher suites are being used instead of ECDHE, do not reuse the same ECDH key pair for different sessions. This option improves forward secrecy. */ Index: dv-dovecot-2.2.5/src/login-common/ssl-proxy-openssl.c === --- dovecot-2.2.5.orig/src/login-common/ssl-proxy-openssl.c 2013-09-02 17:06:07.0 +0200 +++ dovecot-2.2.5/src/login-common/ssl-proxy-openssl.c 2013-09-02 17:06:39.0 +0200 @@ -1023,7 +1023,7 @@ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback); -#if !defined(OPENSSL_NO_ECDH) +#if !defined(OPENSSL_NO_ECDH) OPENSSL_VERSION_NUMBER = 0x00908000L /* In the non-recommended situation where ECDH cipher suites are being used instead of ECDHE, do not reuse the same ECDH key pair for different sessions. This option improves forward secrecy. */