Re: [Dovecot] slow dict lookups?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 11 Sep 2013, Anand Kumria wrote: Sep 10 21:32:06 mail1 dovecot: imap(us...@example1.com): Warning: read(/var/run/dovecot/dict): dict lookup took 20 seconds Sep 10 21:32:11 mail1 dovecot: imap(us...@example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 25 seconds Sep 10 21:32:16 mail1 dovecot: imap(us...@example3.com): Warning: read(/var/run/dovecot/dict): dict lookup took 30 seconds Sep 10 21:32:21 mail1 dovecot: imap(us...@example3.com): Error: read(/var/run/dovecot/dict) failed: Timeout after 30 seconds Sep 10 21:32:21 mail1 dovecot: imap(us...@example1.com): Warning: read(/var/run/dovecot/dict): dict lookup took 25 seconds Sep 10 21:32:21 mail1 dovecot: imap(us...@example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 24 seconds Sep 10 21:32:26 mail1 dovecot: imap(us...@example2.com): Warning: read(/var/run/dovecot/dict): dict lookup took 29 seconds What is the best way to look into making dict lookups faster? In my case the dict is use for user / domain quotas and is looked up via Postgres (on another host). Is there further logging I can enable to see where the problem is? There is a timeout, the server did not send the reply in less than 32s. You have to look into client - network - server - postgres - network - - client chain. Maybe network problems, postgres server overload, bad SQL queries, ... . - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUjFbQ13r2wJMiz2NAQIOBwgArn+4ov5H909ksmK1xc/+kw/HlNip/G5M BySv+bhSmH0V0g58AYdc3cPD4YgZGJKn2+ecIGxaatQyUvyxDr8tcaojkBp6cWrr eGejSTuFMsSe8iMUKycs3+3UfC3UD1UzUSME/hCROMkgw64c4T1Dma0KyBICvLkp vSF2+maKNcmhiUa2J4AwG532ePKw/+OcCatcTQHeUVLBqSI2VROLyRYQIhzcl4PR wQDFOqtjZerWblwe9XG0lxtd8iaEglKLA12Tf/PVhX8UXw5pFdljxKr8G/e17N9v ZMqW+z27rZX7xOiEeKkS2NRhe+Ift9Bj6Gi50V7xkPwX/MA4e27F5Q== =n5E2 -END PGP SIGNATURE-
Re: [Dovecot] Quota question.
Hi Bruce, please follow the Dovecot Mailing List guidelines and post your output of doveconf -n Also have a look in the List Archives. There has been a similar quota question in the last few days. Regards Daniel
Re: [Dovecot] Antispam plugin / sa-learn
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 11 Sep 2013, Mathieu R. wrote: Sorry for posting on both list spamassassin and dovecot : my question is on dovecot antispam plugin, used to learn spamassassin with sa-learn. I wonder if there is a way to confirme sa-learn is correctly feeded by the antispam plugin. using that script to pipe message to sa-learn : #!/bin/sh echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; echo $$-start ($*) /tmp/sa-learn-pipe.log ; #echo $* /tmp/sendmail-parms.txt ; cat0 /tmp/sendmail-msg-$$.txt ; /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; rm -f /tmp/sendmail-msg-$$.txt ; echo $$-end /tmp/sa-learn-pipe.log ; exit 0; above script is missing important log information: the current uid and $HOME; also sa-learn knows -D I would change for a testing period: #!/bin/sh echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; echo $$-start ($*) /tmp/sa-learn-pipe.log ; #echo $* /tmp/sendmail-parms.txt ; cat0 /tmp/sendmail-msg-$$.txt ; /usr/bin/sa-learn -D $* /tmp/sendmail-msg-$$.txt /tmp/sa-learn-pipe.$$.tmp 21; echo $$ sa-learn rc=$? id=$(id) HOME=$HOME /tmp/sa-learn-pipe.log while read line; do echo $$-sa-learn $line /tmp/sa-learn-pipe.log done /tmp/sa-learn-pipe.$$.tmp rm -f /tmp/sendmail-msg-$$.txt /tmp/sa-learn-pipe.$$.tmp echo $$-end /tmp/sa-learn-pipe.log ; exit 0; For me, it's working, but when i run sa-learn --backup, i just get this : v 3 db_version # this must be the first line!!! v 0 num_spam v 0 num_nonspam Read man sa-learn section MIGRATION: Note that if you have individual user databases you will have to perform a similar procedure for each one of them. sa-learn --backup backup.txt backups the database of one particular user, I assume you use root to issue the command? But is the antispam learning script above runs as root, too? I assume you need some --username=username and/or --prefspath=file setting. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUjFfvF3r2wJMiz2NAQIzIwgAt3414bPm+imJkaocSJRgfveJGCDnSnKB hRZNbXuA9qpQwOUpoKSwoUTi4oXoS/Jh0mhHZkumKLp6NXNym99IhezWjmw54vV4 nwWQ8ZJI6JCeR2y6i+/QHmQipUH1/8sYez3ouFyR+8kBck6ZkywPnntB/FiiOwY0 uLRPErefGQ2xQdkN5L4nTeCVcS4IarEL9W6pUQKhA9wgBhqNzf8ocM1riwauuWMr Y6YSagSnOx/89q1/XCpb8YMO+ZDYY4cbMPVR9AlHW1XwT7f0QWY/8Ztjo9fC3m0K HTC4+NRkiFBp1ept6Qs5Itb0z9n//lz7V2bXgThcWloTmcOScqZ2kQ== =blum -END PGP SIGNATURE-
Re: [Dovecot] Where's Dovecot's ports?
Hi Mohsen, please post the output of doveconf -n Regards Daniel
Re: [Dovecot] SOLVED: dovecot-2.2.5 build failed if openssl 0.9.8
0.9.7? that was released in 2001 IIRC, and ceased being supported in 2005, that's 8 years ago, are you really suggesting dovecot be patched to process something that's so old, you likely have far more problems, of a security nature that is. On Thu, 2013-09-12 at 07:45 +0200, Andreas Schulze wrote: Hello, to build dovecot-2.2.5 on a system based on openssl-0.9.7 I had to apply the attached patch. Maybe it could be applied in the next versions Thanks. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] How to disable SSL and TLSv1.1?
On Wed, 2013-09-11 at 15:46 -0700, Darren Pilgrim wrote: on most widely used distributions you even have no openssl version supporting TLS 1.2 and so you lock them all out OpenSSL 1.0.1 supports TLS 1.2. So does Windows 7/8 and MacOS X. Mozilla NSS 3.15 does 1.2. FWIW, I was able to get it working with the following: ssl_protocols = !SSLv2 !SSLv3 !TLSv1 ssl_cipher_list = ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:@STRENGTH The above disables SSLv2, v3 and TLSv1.0, leaving only TLSv1.1 with AES/Camellia/3DES and TLSv1.2 with AES/AES-GCM. Dovecot lacks the ability to disable TLS 1.1 or 1.2. Adding support for specifying TLSv1.1 and TLSv1.2 in ssl_protocols looks pretty straight forward: add 0x08 and 0x10 to the enum in src/lib-ssl-iostream/iostream-openssl-common.c and expand the various tests to include the appropriate strings. Would a user-submitted patch to add TLSv1.1 and TLSv1.2 support to ssl_protocols be appreciated? Frankly I think your idea is crazy :) But if your in a closed network and known all clients, including mobiles and tablets etc will work with what you want, well, your network, your rules. I'm always of the belief that if one person wants a feature, they might be the only vocal person, but they are never really alone, so post your patch, Timo can only either pull it in, or decline it, as for its useful for others, only time will tell, but not even god will help those who use it on a commercial network with paying customers - thats just plain professional suicide. Cheers signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Quota question.
On Wed, 2013-09-11 at 15:05 -0400, Bruce Markey wrote: I think it's something more. Apparently it's not even looking at the database. Not sure what I didn't do. If anyone can point me to a good dovecot / mysql quota how to that would be helpful. Thank you bruce signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Where's Dovecot's ports?
On Thu, 2013-09-12 at 08:33 +0200, Daniel Parthey wrote:
Hi Mohsen,
please post the output of doveconf -n
Regards
Daniel
i attached my doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
ssl_cert = /etc/dovecot/dovecot.pem
ssl_key = /etc/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
Re: [Dovecot] How to disable SSL and TLSv1.1?
Hi Noel, On 09/12/2013 08:54 AM, Noel Butler wrote: [snip] I'm always of the belief that if one person wants a feature, they might be the only vocal person, but they are never really alone, so post your patch, Timo can only either pull it in, or decline it, as for its useful for others, only time will tell, but not even god will help those who use it on a commercial network with paying customers - thats just plain professional suicide. Unless it was clearly stated what the requirements are when they sign up. With NIST sleeping at the helm and the NSA having a field day it would not surprise me if businesses understand the importance of stronger encryption. Regards, Patrick
Re: [Dovecot] 2.2.4 + metadata plugin: autoconf failed
Am 23.07.2013 07:32 schrieb Andreas Schulze:
sles9: (autoconf-2.59)
--
autoreconf: /usr/bin/autoconf failed with exit status: 1
sles10: (autoconf-2.59)
---
autoreconf: /usr/bin/autoconf failed with exit status: 1
sles11: (autoconf-2.63)
---
autoreconf: automake failed with exit status: 1
openSUSE_Factory: (autoconf-2.69)
-
autoreconf: automake failed with exit status: 1
Hello,
Now I finaly had success compiling the metadata plugin on archaic systems.
First I had to include dovecot.m4 in my dovecot-devel package.
This is unnessesary when building the pigeonhole plugin and so I did not notice
my packaging fault.
After that I had to apply two patches to the metadata source.
1. Fix configure.ac
- lower needed autoconf version
- lower needed automake version
- add libtool
- don't use C99 extension
2. As my system have no C99 capable compiler I had to adjust the source
to move the declaration of loop variables outside the loops.
patch compile install work
Thanks to all pointing me in the right direction...
Andreas
--
Andreas Schulze
Internetdienste | P252
DATEV eG
90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg
Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
Dipl.-Kfm. Dr. Robert Mayr
Jörg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen
Index: dovecot-2.2-metadata/configure.ac
===
--- dovecot-2.2-metadata.orig/configure.ac 2013-09-03 08:38:54.0 +0200
+++ dovecot-2.2-metadata/configure.ac 2013-09-03 11:31:34.0 +0200
@@ -1,16 +1,17 @@
-AC_PREREQ(2.65)
+AC_PREREQ(2.59)
AC_INIT([dovecot-metadata],[14],[devuran...@gmx.net])
-AM_INIT_AUTOMAKE([1.10 foreign])
+AM_INIT_AUTOMAKE([1.8 foreign])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES])
+AC_PROG_LIBTOOL
+
LT_INIT
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_SRCDIR([src])
-AC_PROG_CC_C99
AS_IF([test x$ac_cv_prog_cc_c99 = xno],
[AC_MSG_ERROR([C99 support required])]
)
Index: dovecot-2.2-metadata/src/metadata-entry.c
===
--- dovecot-2.2-metadata.orig/src/metadata-entry.c 2013-09-03 08:38:54.0 +0200
+++ dovecot-2.2-metadata/src/metadata-entry.c 2013-09-03 08:41:52.0 +0200
@@ -36,6 +36,8 @@
static
enum metadata_entry_scope
parse_scope(const char *name) {
+ int i;
+
if (name == NULL)
return ENTRY_SCOPE_INVALID;
@@ -51,7 +53,7 @@
name++;
/* scope is the first component */
- for (int i = 0; i ENTRY_SCOPE_MAX; i++) {
+ for (i = 0; i ENTRY_SCOPE_MAX; i++) {
if (strncasecmp(entry_scopes[i], name, strlen(entry_scopes[i])) == 0)
return i;
}
@@ -70,6 +72,8 @@
static
enum metadata_entry_type
parse_type(const char *name) {
+ int i;
+
/* lazy evaluation of scope existance */
if (name == NULL || *name++ != '/')
return ENTRY_TYPE_INVALID;
@@ -79,7 +83,7 @@
if (name++ == NULL)
return ENTRY_TYPE_NONE;
- for (int i = 0; i ENTRY_TYPE_MAX; i++) {
+ for (i = 0; i ENTRY_TYPE_MAX; i++) {
if (strncasecmp(entry_types[i], name, strlen(entry_types[i])) == 0)
return i;
}
Index: dovecot-2.2-metadata/src/imap-metadata-plugin.c
===
--- dovecot-2.2-metadata.orig/src/imap-metadata-plugin.c 2013-09-03 08:42:03.0 +0200
+++ dovecot-2.2-metadata/src/imap-metadata-plugin.c 2013-09-03 10:43:06.0 +0200
@@ -155,12 +155,13 @@
bool
is_valid_rfc5464_entry_name(const char *name) {
const char *lastslash = NULL;
+ const char *c;
if (name == NULL || *name != '/') {
return false;
}
- for (const char *c = name; *c != '\0'; c++) {
+ for (c = name; *c != '\0'; c++) {
// Must not be a command character
if (*c = 0x00 *c = 0x19) {
return false;
@@ -195,8 +196,9 @@
bool
is_valid_rfc5464_vendor_name(const char *name) {
int num_components = 3; // vendor/ already includes the slash of component No3
+ const char *c;
- for (const char *c = name; *c != '\0'; c++) {
+ for (c = name; *c != '\0'; c++) {
if (*c == '/') {
num_components++;
}
@@ -211,10 +213,11 @@
bool
is_valid_rfc5464_subtype_name(const char *name, enum metadata_entry_subject subject) {
bool found_subtype = false;
+ const char **subtype;
i_assert(subject 0 subject ENTRY_SUBJECT_MAX);
- for (const char **subtype = entry_subtypes_rfc[subject]; *subtype != NULL; subtype++) {
+ for (*subtype = entry_subtypes_rfc[subject]; *subtype != NULL; subtype++) {
size_t subtype_len = strlen(*subtype);
if (strncasecmp(name, *subtype, subtype_len) == 0
@@ -231,7 +234,9 @@
static ATTR_NONNULL(1)
enum
Re: [Dovecot] How to disable SSL and TLSv1.1?
Hi Patrick, On Thu, 2013-09-12 at 09:23 +0200, Patrick Lists wrote: Hi Noel, On 09/12/2013 08:54 AM, Noel Butler wrote: [snip] I'm always of the belief that if one person wants a feature, they might be the only vocal person, but they are never really alone, so post your patch, Timo can only either pull it in, or decline it, as for its useful for others, only time will tell, but not even god will help those who use it on a commercial network with paying customers - thats just plain professional suicide. Unless it was clearly stated what the requirements are when they sign up. With NIST sleeping at the helm and the NSA having a field day it would not surprise me if businesses understand the importance of stronger encryption. Yeah, but you wont have many customers, or keep them if you inflict that much pain, I'm well known for being pretty anal about security policies, but not even I would contemplate that on a commercial (isp/web-host) scale, on corporate LAN, there will also always be one who wont support it, and its likely going to be the CEO's mobile device hah. Which reminds me, if the OP is interested in knowing how many and who wants it, they could always email the NSA ans GCHQ, if your American, Brittish, or your data traverses the US or UK, they I'm sure will have a record of who ;) Cheers -- CZlY6zU4Hd4O9ciGSQTwDs/l82IexuIWo4MUSMBVfeyXfdO/fDnk99mA0H3tVduiHm7RsdUtxO9wjiBrMM7BCgoTRdnqeax/3o1W0iXU29/B+vs/eHYH6O81yhe5mNe7SUuWStEdfEavy3ZqCCzOh2JNwbpO6iLXn8Q/Jc0qDM5SidAl0Rg7i8tYx+T2oD+y1UK8JB6pE= attachment: face-wink.png signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Where's Dovecot's ports?
Mohsen Pahlevanzadeh wrote: On Thu, 2013-09-12 at 08:33 +0200, Daniel Parthey wrote: Hi Mohsen, please post the output of doveconf -n Regards Daniel i attached my doveconf -n maybe dovecot is not using the ports on localhost but on the interface ip adress itself. So nmap ipadres would show other things than nmap localhost. regards Johan
Re: [Dovecot] Where's Dovecot's ports?
I tested but i got such as nmap localhost On Thu, 2013-09-12 at 12:20 +0200, Johan Hendriks wrote: Mohsen Pahlevanzadeh wrote: On Thu, 2013-09-12 at 08:33 +0200, Daniel Parthey wrote: Hi Mohsen, please post the output of doveconf -n Regards Daniel i attached my doveconf -n maybe dovecot is not using the ports on localhost but on the interface ip adress itself. So nmap ipadres would show other things than nmap localhost. regards Johan
[Dovecot] DH Parameter
Hi! Is there any possibility to let dovecot serve 1024 Bit DH Parameters at SSL/TLS-connections? Is it possible to replace /var/lib/dovecot/ssl-parameters.ssl with DH-parameter generated by openssl? If not: Are there any plans to implement that? Thank you!
Re: [Dovecot] Where's Dovecot's ports?
What does netstat -tunplo say? Am 12.09.2013 12:44, schrieb Mohsen Pahlevanzadeh: I tested but i got such as nmap localhost On Thu, 2013-09-12 at 12:20 +0200, Johan Hendriks wrote: Mohsen Pahlevanzadeh wrote: On Thu, 2013-09-12 at 08:33 +0200, Daniel Parthey wrote: Hi Mohsen, please post the output of doveconf -n Regards Daniel i attached my doveconf -n maybe dovecot is not using the ports on localhost but on the interface ip adress itself. So nmap ipadres would show other things than nmap localhost. regards Johan
[Dovecot] Dsync error: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default
Hi, Introduction: There are two domains, for example (aaa.com, bbb.com). In the aaa.com domain two users (b...@aaa.com, a...@aaa.com). In the bbb.com domain there are no users. In time full sync replication (replication_full_sync_interval) operations in logs appear errors: dovecot: dsync-local(b...@aaa.com): Error: Mailbox INBOX: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default: Invalid value for default sieve attribute dovecot: dsync-remote(b...@aaa.com): Error: Mailbox INBOX: Failed to set attribute vendor/vendor.dovecot/pvt/sieve/default: Invalid value for default sieve attribute One more error: dovecot: auth-worker(46263): sql(b...@bbb.com): unknown user dovecot: auth-worker(46263): sql(b...@bbb.com): Unknown user dovecot: auth-worker(46263): sql(bob): unknown user dovecot: auth-worker(46263): sql(bob): Unknown user dovecot: auth-worker(46263): sql(a...@aaa.com): unknown user dovecot: auth-worker(46263): sql(a...@aaa.com): Unknown user dovecot: auth-worker(46263): sql(alex): unknown user dovecot: auth-worker(46263): sql(alex): Unknown user Command: doveadm user '*' b...@aaa.com a...@aaa.com dovecot --build-options Build options: ioloop=kqueue notify=kqueue ipv6 openssl io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail SQL drivers: mysql Passdb: checkpassword pam passwd passwd-file sql Userdb: checkpassword nss passwd prefetch passwd-file sql dovecot --version 2.2.5 Somebody faced this problem? -- Best regards, Aleksey Tsvetkov System Administrator Company Grand Vision tel. +7(495)933-39-79, ext. 184
[Dovecot] Problem getting a dovecot proxy to connect to another dovecot machine via STARTTLS
Hi, I'm having a bit of a problem trying to setup a dovecot proxy. I have a setup with two nodes. One is a working Dovecot/Postfix mail server (node a). The other is running a dovecot proxy and roundcube webmail. Currently I can telnet to port 143 (or openssl s_client to port 993) to localhost on node b. I can then login to a test account on node a. This all works. However, once I instruct the proxy to use SSL or TLS my problems start. When I try to login on node b (both on port 143 and 993), it will send two TCP packets on port 993 to node a. There is no TLS handshake. Consequently, my telnet session will just hang until dovecot reaches a timeout. It will then disconnect me for inactivity. I can not find any information in the logs. To clarify, the dialog: Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login at...@company.nl test123 * BYE Disconnected for inactivity. I have tried to use the following values in my proxy database: ssl='any-cert', starttls='Y' ssl='any-cert', starttls='any-cert' ssl=NULL, starttls='any-cert' Here is a strace of the imap-login process on node B: http://dpaste.com/1377232/ The illegal seek on line 30 of the strace looked suspicious to me. Here is the corresponding lsof: http://dpaste.com/1377239/ Here is node A's config: http://dpaste.com/1377247/ And here is node B's: http://dpaste.com/1377241/ This is node B's password query: password_query = SELECT NULL AS password, 'Y' AS nopassword, host, 'Y' as proxy, starttls, `ssl`, 10 AS proxy_timeout FROM proxy WHERE domain = '%d' The logs tell me the password query succeeds: Sep 12 16:32:35 auth-worker: Debug: sql(at...@company.nl,127.0.0.1): query: SELECT NULL AS password, 'Y' AS nopassword, host, 'Y' as proxy, starttls, `ssl`, 10 AS proxy_timeout FROM proxy WHERE domain = 'company.nl' Sep 12 16:32:35 auth: Debug: client out: OK 1 user= at...@company.nl host=31.CENCOR p roxystarttls=Yt ssl=any-certproxy_timeout=10pass=test123 Nothing after that. Node A's log gives me this: 2013-09-12 16:26:51 imap-login: Info: Disconnected (no auth attempts): rip=149.CENCORED, lip=31.CENCORED, TLS handshaking: Disconnected I'm running out of ideas. If anyone would be able to help I would be extremely grateful. Regards, Arnoud van Heuvelen
Re: [Dovecot] How to disable SSL and TLSv1.1?
Patrick Lists schreef op 2013-09-12 09:23: Hi Noel, On 09/12/2013 08:54 AM, Noel Butler wrote: [snip] I'm always of the belief that if one person wants a feature, they might be the only vocal person, but they are never really alone, so post your patch, Timo can only either pull it in, or decline it, as for its useful for others, only time will tell, but not even god will help those who use it on a commercial network with paying customers - thats just plain professional suicide. Unless it was clearly stated what the requirements are when they sign up. With NIST sleeping at the helm and the NSA having a field day it would not surprise me if businesses understand the importance of stronger encryption. Why not turn it around? Why not tell the paying customer he is using an unencrypted connection or with options that are insecure. Parse the logfiles and make an additional section on the website where he/she can see from where he/she had a successful login and the security level? Make it red for unencrypted, orange/amber for insecure and green for a secure connection. Most people like to have everything in the green and you give them a choice what to do. Also the cost is almost nothing for doing this. You could even make it a service for companies who get a weekly/monthly PDF with an overview. For now only Dovecot tells if it is a TLS-connection or not. Postfix for example already tells if it is TLSv1 connection and the cipher. If this could be extended then sysadmins have a way to make a decision about the path to follow or to advise to management. Hans
[Dovecot] Plugin antispam - mailtrain realtime sa-learn
Hi,
On Dovecot Wiki2[1] it is written that you need a wrapper script for
sa-learn as it shouldn't support pipped input, but that is supported
since SpamAssassin 2.6 at least. As far as I can see and test, the
following config makes it work without a wrapper script. Can someone
confirm it before the wiki is updated?
plugins {
antispam_backend = pipe
antispam_trash = Trash
antispam_spam = Junk
antispam_mail_spam = --spam
antispam_mail_notspam = --ham
antispam_mail_sendmail = /usr/bin/sa-learn
}
Hans
[1] http://wiki2.dovecot.org/Plugins/Antispam
Re: [Dovecot] Where's Dovecot's ports?
On 09/12/2013 03:19 AM Mohsen Pahlevanzadeh wrote: Dear all, I installed dovecot dovecoot-mysql postfix and postfix-mysql from debian repository 7. I start them with /etc/init.d/postfix start and /etc/init.d/dovecot start but When i use nmap localhost I see the following output: root@sito:/etc/dovecot# nmap localhost Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-12 07:35 IRDT Nmap scan report for localhost (127.0.0.1) Host is up (0.030s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 3128/tcp open squid-http 3306/tcp open mysql My Question is , Where's dovecot ? i don't see its' ports If you want to use/serve … imap/imaps: install dovecot-imapd pop3/pop3s: install dovecot-pop3d lmtp: install dovecot-lmtpd sieve: install dovecot-managesieved Regards, Pascal -- The trapper recommends today: defaced.1325...@localdomain.org
Re: [Dovecot] Antispam plugin / sa-learn
Le 12/09/2013 08:31, Steffen Kaiser a écrit : above script is missing important log information: the current uid and $HOME; also sa-learn knows -D I would change for a testing period: #!/bin/sh echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; echo $$-start ($*) /tmp/sa-learn-pipe.log ; #echo $* /tmp/sendmail-parms.txt ; cat0 /tmp/sendmail-msg-$$.txt ; /usr/bin/sa-learn -D $* /tmp/sendmail-msg-$$.txt /tmp/sa-learn-pipe.$$.tmp 21; echo $$ sa-learn rc=$? id=$(id) HOME=$HOME /tmp/sa-learn-pipe.log while read line; do echo $$-sa-learn $line /tmp/sa-learn-pipe.log done /tmp/sa-learn-pipe.$$.tmp rm -f /tmp/sendmail-msg-$$.txt /tmp/sa-learn-pipe.$$.tmp echo $$-end /tmp/sa-learn-pipe.log ; exit 0; thank you a lot, i tried this, and here is what i got in the log : 22:00 root@effraie01 ~ # cat /tmp/sa-learn-pipe.log ... 4933-start (--ham) 4933 sa-learn rc=0 id=uid=3000(vmail) gid=3000(vmail) groups=3000(vmail) HOME= 4933-end 4953-start (--spam) 4953 sa-learn rc=0 id=uid=3000(vmail) gid=3000(vmail) groups=3000(vmail) HOME= 4953-end so i tried 22:01 root@effraie01 ~ # sa-learn --username=vmail --backup v 3 db_version # this must be the first line!!! v 0 num_spam v 0 num_nonspam Read man sa-learn section MIGRATION: Note that if you have individual user databases you will have to perform a similar procedure for each one of them. sa-learn --backup backup.txt backups the database of one particular user, I assume you use root to issue the command? But is the antispam learning script above runs as root, too? if i correctly understood what you told me, the sa-learn-pipe (and so sa-learn itself) run as vmail, wich is the global user i use for email. and there is still nothing in sa-learn database. (i dod not have many spam on that server, but still have passed a few to sa-learn via that dovecot-antispam plugin). Maybe everything is normal, but with my low level spamassassin/dovecot comprehension, i think i would have something in sa-learn db. -- Mathieu R.
[Dovecot] adding user for maildir and mail_location
Dear all,
I install
postfix ,postfix-mysql,dovecot-core,dovecot-mysql,dovecot-pop3,dovecot-imapd
and postfixadmin form debian repo.
Also i configured postfixadmin.
It work fine with mbox storage, But i need to change it to my
path/domain/users
i saw devecot have mail_location directive.
i changed it to :
mail_location = maildir:/var/pool/%d/%u
My questions are:
1. how can i assign mail_location directive to a maildir storage
according to my path and domain/user , such as qmail?
2. i want to mysql, i need to write bash script to add/delete/update for
doing them ? or dovecot provides them with command line?
3. What's permission of path in mail_location ?
4. How can i enable mysql in dovecot?
My dovceconf -n is:
//
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 ext4
mail_location = maildir:/var/pool/Maildir/%d/%u
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3
ssl_cert = /etc/dovecot/dovecot.pem
ssl_key = /etc/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
/
Yours,
Mohsen
Re: [Dovecot] Where's Dovecot's ports?
Thank you with installation of other packages such as dovecot-pop3 and dovecot-imapd my problem was solved. On Thu, 2013-09-12 at 19:40 +, Pascal Volk wrote: On 09/12/2013 03:19 AM Mohsen Pahlevanzadeh wrote: Dear all, I installed dovecot dovecoot-mysql postfix and postfix-mysql from debian repository 7. I start them with /etc/init.d/postfix start and /etc/init.d/dovecot start but When i use nmap localhost I see the following output: root@sito:/etc/dovecot# nmap localhost Starting Nmap 6.00 ( http://nmap.org ) at 2013-09-12 07:35 IRDT Nmap scan report for localhost (127.0.0.1) Host is up (0.030s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 3128/tcp open squid-http 3306/tcp open mysql My Question is , Where's dovecot ? i don't see its' ports If you want to use/serve … imap/imaps: install dovecot-imapd pop3/pop3s: install dovecot-pop3d lmtp: install dovecot-lmtpd sieve: install dovecot-managesieved Regards, Pascal
[Dovecot] Change mail_location for one user?
Hello, I'm running the latest version of dovecot on Linux with mbox
mailboxes. Everything works fine. So in my dovecot config I have
mail_location = mbox:~/mail:INBOX=/var/mail/%u
I would like to now change the mail_location for one user in an attempt
to slowly migrate to Maildir format. I'm confused how to do this. I'm
running shadow passwords:
$: doveconf -n passdb
passdb {
driver = shadow
}
Testing any given user gives:
$: dovecot user sarah
field value
uid 1478
gid 116
home/home/sarah
mailmbox:~/mail:INBOX=/var/mail/sarah
system_groups_user sarah
What would I have to do to make only sarah's mail_location ~/Maildir
now? My userdb is:
$: doveconf -n userdb
userdb {
driver = passwd
}
I tried following the wiki's but its confusing. Thanks for any help or
tips.
