[Dovecot] Error in imap_address_arg_append
Hi Function imap_envelope_parse return incorrect result for addresses with groups due to error in imap_address_arg_append because of with , is added after group name and before first mailbox. Patch for dovecot v2.1 in attach. imap-envelope.patch Description: imap-envelope.patch
Re: [Dovecot] Gettings mails recently moved to a folder
Am Montag, 2. Dezember 2013, 20:26:13 schrieb Timo Sirainen: On 2.12.2013, at 16.24, Florian Lindner mailingli...@xgm.de wrote: doveadm(mailingli...@xgm.de): Error: user mailingli...@xgm.de: Initialization failed: Namespace '': Mail storage autodetection failed with home=/home/flindner/Mail/mailingli...@xgm.de doveadm(mailingli...@xgm.de): Fatal: User init failed Which seems to be another problem. IMAP and POP3 work fine, but on occasions like that dovecot fails to detect that it is a maildir. If something works fine for imap and pop3, but not for doveadm (for the same user), then the difference is that imap/pop3 sees different settings (e.g. in protocol imap {}). Actually there isn't a protocol imap {} section. Or am I missing something? Thanks, Florian # doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 auth_mechanisms = plain login digest-md5 cram-md5 ntlm namespace inbox { inbox = yes location = mailbox Drafts { auto = create special_use = \Drafts } mailbox Junk { auto = create special_use = \Junk } mailbox Sent { auto = create special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Spam { special_use = \Junk } mailbox Trash { auto = create special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl_cert = /etc/ssl/astarte.centershock.net.cert ssl_key = /etc/ssl/astarte.centershock.net.key userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql }
Re: [Dovecot] proxy, userdb and passdb
Dear Alex et al Did you happen to have this working? Could you share how? So far it's not working yet. We are currently exploring more recent dovecot versions (2.2.9 AFAIR) but had to do some other work to keep the mailsystem running. Now we have more time to work on migration and will post any useful results (or more questions, whatever comes first). Cheers! -- j.hofmüller Optimism doesn't alter the laws of physics. - Subcommander T'Pol signature.asc Description: OpenPGP digital signature
Re: [Dovecot] imap-login hangs after receiving revoked SSL certificate
Hello again 03.12.2013 00:41, Алексей Прокопчук пишет: I have own test CA based on EJBCA. Server and all client certificates which I tried to test were issued by this CA. Freshest CRL is embedded into ca.pem file which used as ca certificate in dovecot.conf. Now I'm quite confused: apache works with these certificates as expected: accepts valid and refuses revoked. But with dovecot which yesterday accepts at least one certificate (which I revoked for testing) today rejects all others from same CA. Thanks for attention and excuse me that occupied your time. The problem was in CRL generated by EJBCA. Apparently, EJBCA and openSSL is not entirely compatible. When I remove CRL distribution point field from my EJBCA generated CRL, all works as expected: valid certificates accepted, revoked certificates rejected. And no problem with CRL scope, so fix from first reply doesn't needed, all works with initially installed openssl-1.0.1c With regard to apache I think it checks certificate validity with OCSP. And I doesn't embed CRL in ca certificate for apache. Perhaps it would be nice to implement OCSP validity checking together with embedded CRL with possibility to choose which one will be used. Thanks again, especially for a hint about openssl scope loop problem. With best regards, Alexey Prokopchuk (AP8686-RIPE)
[Dovecot] disconnecting (disconnected by server)
Hi all, I just recognized a lot of log entries like this on my proxy: Dec 03 13:50:54 imap-login: Info: proxy(m...@example.com): disconnecting 1.2.3.4 (Disconnected by server): user=m...@example.com, method=PLAIN, rip=1.2.3.4, lip=2.4.6.8, TLS, session=qk02v6DsJwBTlUQX There are no similar entries on the backends. What does this mean? Something I have to worry about? Regards Patrick # 2.2.7: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 auth_mechanisms = plain login default_process_limit = 150 director_mail_servers = 172.17.1.2 172.17.1.1 director_servers = 172.17.1.3 172.17.1.4 director_user_expire = 5 mins lmtp_proxy = yes log_path = /var/log/dovecot.log managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { user = dovecot } } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { address = 172.17.1.3 port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service lmtp { inet_listener lmtp { address = 172.17.1.3 port = 24 } } service managesieve-login { executable = managesieve-login director inet_listener sieve { port = 4190 } } service pop3-login { executable = pop3-login director } ssl_cert = /etc/ssl/certs/wildcard.example.com.crt ssl_key = /etc/ssl/private/wildcard.example.com.key protocol !smtp { passdb { args = proxy=y nopassword=y starttls=any-cert driver = static } } protocol smtp { passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } } protocol lmtp { auth_socket_path = director-userdb } # 2.2.2: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 auth_mechanisms = plain login disable_plaintext_auth = no dotlock_use_excl = no hostname = mb01.example.com listen = 172.17.1.1 log_path = /var/log/dovecot.log login_trusted_networks = 172.17.1.3 172.17.1.4 mail_fsync = always mail_gid = vmail mail_home = /var/mail/%d/%n mail_location = maildir:~/Maildir mail_plugins = quota mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spamverdacht { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX. separator = . type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = dict:User quota::file:%h/Maildir/dovecot-quota quota_rule2 = INBOX.Trash:ignore quota_warning = storage=90%% quota-warning 90 %u quota_warning2 = storage=75%% quota-warning 75 %u sieve = ~/.dovecot.sieve sieve_after = /usr/local/etc/dovecot/sieve/sieve_after.sieve sieve_default = /usr/local/etc/dovecot/sieve/default.sieve sieve_dir = ~/sieve } postmaster_address = postmas...@example.com protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { mode = 0666 user = vmail } } service lmtp { inet_listener lmtp { address = 172.17.1.1 port = 24 } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/etc/dovecot/quota_warning.sh unix_listener quota-warning { user = vmail } user = root } ssl_cert = /etc/ssl/certs/mb01.example.com.crt ssl_key = /etc/ssl/private/mb01.example.com.key submission_host = mf01.wk-serv.net userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = quota sieve } protocol imap { mail_max_userip_connections = 30 mail_plugins = quota imap_quota }
[Dovecot] Possible managesieve bug.
Hi, I'm migrating from from 1.1 to 2.2. Currently I am doing test to ensure I'm doing it right. On the old server the managesieve config says: sieve = /correo/%d/%u/dovecot.sieve sieve_dir = /correo/%d/%u/Sieve and is working fine. But the same config on the new server is not working. I have activated verbose logging and this is the result: Dec 3 09:59:41 imap-01 dovecot: managesieve-login: Login: user=x...@ubu.es, method=LOGIN, rip=10.145.4.65, lip=10.145.4.45, mpid=29855, session=T7hfhJ3s+QAKkQRB Dec 3 09:59:41 imap-01 dovecot: managesieve(x...@ubu.es): Error: sieve-storage: Performing readlink() on active sieve symlink '/correo/ubu.es/x...@ubu.es/dovecot.sieve' failed: Permission denied Dec 3 09:59:41 imap-01 dovecot: managesieve(x...@ubu.es): Error: sieve-storage: Failed to stat active sieve script symlink (/correo/ubu.es/x...@ubu.es/dovecot.sieve): Permission denied. Dec 3 09:59:41 imap-01 dovecot: managesieve(x...@ubu.es): Disconnected: Logged out bytes=120/331 Dec 3 09:59:51 imap-01 dovecot: managesieve-login: Login: user=pe...@ubu.es, method=LOGIN, rip=10.145.4.65, lip=10.145.4.45, mpid=29858, session=6bDthJ3s+wAKkQRB Dec 3 09:59:51 imap-01 dovecot: managesieve(x...@ubu.es): Error: sieve-storage: Performing readlink() on active sieve symlink '/correo/ubu.es/x...@ubu.es/dovecot.sieve' failed: Permission denied Dec 3 09:59:51 imap-01 dovecot: managesieve(x...@ubu.es): Disconnected: Logged out bytes=44/199 Permissions are ok. I modified the permissions using 0777 but the error message is the same. I have made other tests to see if I can find the problem, and I made it work if I delete %d from config, this way: sieve = /correo/%u/dovecot.sieve sieve_dir = /correo/%u/Sieve I have copied all filters preserving permissions, and with the same file permissions is working. If I add the '%d' to the path error comes again. Can anyone tell me if this is the normal behavior or is a bug? Thanks, Pedro -- Pedro R. Benito da Rocha - Servicio de Informatica - Area de Sistemas Universidad de Burgos (España) E-mail: pe...@ubu.es Tel: +34 947258845
[Dovecot] Complete migration from Cyrus on remote server
Hi All! I am working on a complete migration from an old solaris machine running Cyrus IMAP v2.3.14 and wish to migrate all users to a new ubuntu vm running Dovecot 2.0.19. What I have so far is a fully functional dovecot installation with LDAP / Dovecot SASL auth using Maildir++. My plan is to use Perdition IMAP proxy on a third host and migrate users a few at a time (see attached picture of my whiteboard). The proxy is in place and already used by webmail clients to connect to the old server, shortly I will change the dns to point smtp.domain.com and imap.domain.com etc to the proxy instead of the old server but I haven't finished testing yet. Once that is done it is a simple matter of changing the proxy configuration per user to make them hit the new server instead. The problem I am having with this is that I am using Imapsync (http://imapsync.lamiral.info) to perform the initial synchronization (i have scripted it to maintain sync every 10 minutes with the addtion of --maxage 1 option) using the following command line options: /usr/local/bin/imapsync --noreleasecheck --useheader ALL --delete2 --expunge2 --tmpdir /var/vmail/cache --subscribe --subscribed --tls1 --tls2 --usecache --nofoldersizes --nocheckmessageexists --host1 oldserver.domain.com --authuser1 adminuser --user1 testu...@domain.com --authmech1 PLAIN --password1 HIDDEN --host2 newserver.domain.com --authuser2 adminuser --user2 testu...@domain.com --authmech2 PLAIN --password2 HIDDEN All email is copied over and stored in dovecot as you would expect. Then I switch the user to the new server on the imapproxy and restart the client (thunderbird or whatever). This is where all email headers are downloaded again as if they were new! There are *Many* users here who would complain intensely if this happened and I was really wanting the migration to be as invisible as possible. Is there a way to do what I have described without the clients redownloading headers / full messages? I have been working on this for some time now but have hit a roadblock and don't know where to turn, any help would be really appreciated! Notes: * The proxy is not used during imapsync. * Some users have 20 years worth of mail running into 10's of GB * I have looked at dsync but the docs state that the mailbox should not be accessed during sync, this is not possible for me (it doesn't say why this is the case however)
Re: [Dovecot] Possible managesieve bug.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 3 Dec 2013, Pedro R. Benito da Rocha wrote: sieve = /correo/%d/%u/dovecot.sieve sieve_dir = /correo/%d/%u/Sieve and is working fine. But the same config on the new server is not working. I have activated verbose logging and this is the result: Dec 3 09:59:41 imap-01 dovecot: managesieve-login: Login: user=x...@ubu.es, method=LOGIN, rip=10.145.4.65, lip=10.145.4.45, mpid=29855, session=T7hfhJ3s+QAKkQRB Dec 3 09:59:41 imap-01 dovecot: managesieve(x...@ubu.es): Error: sieve-storage: Performing readlink() on active sieve symlink '/correo/ubu.es/x...@ubu.es/dovecot.sieve' failed: Permission denied What are the filesystem permissions of /correo/ubu.es, /correo/ubu.es/x...@ubu.es and /correo ? Permissions are ok. I modified the permissions using 0777 but the error message is the same. I have made other tests to see if I can find the problem, and I made it work if I delete %d from config, this way: sieve = /correo/%u/dovecot.sieve sieve_dir = /correo/%u/Sieve I have copied all filters preserving permissions, and with the same file permissions is working. If I add the '%d' to the path error comes again. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUp3tKl3r2wJMiz2NAQJL5Qf7B5JTl8Q5mRXWwRUhOg4psIuBrR+ZOc65 U03+De115SwuzZpHfHeK4y+5jDsZx+7c5h3OeGYUP2A9IqH+BXvhZwt4rj/enmrZ AaB34JqWZEJ+J2IQI8u7ZdtO0acrWPG/bXcAentjWWKDl5fihgOad91w1GsABi3L 2ocYTS9HHkrJe1Ge4sDdUEc9B4Ej7X2w4yOaKeKbsiZLsidLSrgMx09KSkCl2qrP NTRUEKplxyt7Vw7rSnkPRP8zIe6cDpNf4OSPtUjtpqRFu70Yl7Uhf2yKru34csmp 8RlMtqtp+rjPnvf9GvyygAiKmTxmO7rGJT0QE2YcFD9c+IZggo3S3g== =1z9a -END PGP SIGNATURE-
[Dovecot] Different settings for SSL/non-SSL protocols
Good time of the day! It is possible to setup dovecot with different requirements for SSL and non-SSL protocols? What would I like to do: pop3/imap non-SSL = allowed plain text authentication. pop3/imap with SSL = allowed plain text authentication with required valid SSL certificates. I need to allow access from any IP address for first group of users, which have valid SSL certificates. And allow access from only local IP addresses for second group of users which doesn't have SSL certificates at all. I tried to setup dovecot for such task. SSL and non-SSL pop3/imap works together fine, but without require valid SSL certificates. If I set auth_ssl_require_client_cert = yes, non-SSL pop3/imap refuses authentication without valid SSL certificate. I tried to use different sections for protocol pop3 {} and protocol pop3s {} (and imap/imaps) but this seems doesn't work. Is there any way to solve this? Thanks for attention, with best regards, Alexey Prokopchuk (AP8686-RIPE)
Re: [Dovecot] Complete migration from Cyrus on remote server
Zitat von Alan McGinlay - SICS al...@sics.se: Hi All! I am working on a complete migration from an old solaris machine running Cyrus IMAP v2.3.14 and wish to migrate all users to a new ubuntu vm running Dovecot 2.0.19. What I have so far is a fully functional dovecot installation with LDAP / Dovecot SASL auth using Maildir++. My plan is to use Perdition IMAP proxy on a third host and migrate users a few at a time (see attached picture of my whiteboard). The proxy is in place and already used by webmail clients to connect to the old server, shortly I will change the dns to point smtp.domain.com and imap.domain.com etc to the proxy instead of the old server but I haven't finished testing yet. Once that is done it is a simple matter of changing the proxy configuration per user to make them hit the new server instead. The problem I am having with this is that I am using Imapsync (http://imapsync.lamiral.info) to perform the initial synchronization (i have scripted it to maintain sync every 10 minutes with the addtion of --maxage 1 option) using the following command line options: /usr/local/bin/imapsync --noreleasecheck --useheader ALL --delete2 --expunge2 --tmpdir /var/vmail/cache --subscribe --subscribed --tls1 --tls2 --usecache --nofoldersizes --nocheckmessageexists --host1 oldserver.domain.com --authuser1 adminuser --user1 testu...@domain.com --authmech1 PLAIN --password1 HIDDEN --host2 newserver.domain.com --authuser2 adminuser --user2 testu...@domain.com --authmech2 PLAIN --password2 HIDDEN All email is copied over and stored in dovecot as you would expect. Then I switch the user to the new server on the imapproxy and restart the client (thunderbird or whatever). This is where all email headers are downloaded again as if they were new! There are *Many* users here who would complain intensely if this happened and I was really wanting the migration to be as invisible as possible. Is there a way to do what I have described without the clients redownloading headers / full messages? I have been working on this for some time now but have hit a roadblock and don't know where to turn, any help would be really appreciated! Notes: * The proxy is not used during imapsync. * Some users have 20 years worth of mail running into 10's of GB * I have looked at dsync but the docs state that the mailbox should not be accessed during sync, this is not possible for me (it doesn't say why this is the case however) Sounds like you have not adjusted the message UID to not change on the new server? http://wiki2.dovecot.org/Migration Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] BUG: Authentication client sent unknown handshake command
Emmanuel Dreyfus m...@netbsd.org wrote: Nov 29 16:56:01 volanges dovecot: auth: Error: BUG: Authentication client sent unknown handshake command: REQUEST?6970356762?616?6?235264ef69dbd1665538af54... I have real trouble to debug that one. I had a look at wiki2.dovecot.org/Design/AuthProtocol, and if I understand correctly, the auth server receives data from the master where it awaits data from the auth client. That suggests some confusion with file descriptors somewhere. Where are the pipe() invocation to create these two pipe sets? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org
Re: [Dovecot] Gettings mails recently moved to a folder
On 12/03/2013 10:40 AM Florian Lindner wrote: Actually there isn't a protocol imap {} section. Or am I missing something? Thanks, Florian # doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 auth_mechanisms = plain login digest-md5 cram-md5 ntlm namespace inbox { inbox = yes location = mailbox Drafts { auto = create special_use = \Drafts } mailbox Junk { auto = create special_use = \Junk } mailbox Sent { auto = create special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Spam { special_use = \Junk } mailbox Trash { auto = create special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl_cert = /etc/ssl/astarte.centershock.net.cert ssl_key = /etc/ssl/astarte.centershock.net.key userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } Let me repeat myself: Set a mail_location http://dovecot.org/list/dovecot/2013-November/093607.html Regards, Pascal -- The trapper recommends today: f007ba11.1333...@localdomain.org
Re: [Dovecot] BUG: Authentication client sent unknown handshake command
On 29.11.2013, at 18.54, Emmanuel Dreyfus m...@netbsd.org wrote: After upgrading the kernel, everything is fine, except dovecot authentication. I get this trange thing (data after REQUEST? changed just in case it contains anything sensitive): Nov 29 16:56:01 volanges dovecot: auth: Error: BUG: Authentication client sent unknown handshake command: REQUEST?6970356762?616?6?235264ef69dbd1665538af54d12fdaea?session_pid=453?req... I think net_getunixname() no longer works correctly. src/auth/main.c uses it to figure out what each socket is.
Re: [Dovecot] Complete migration from Cyrus on remote server
On 3.12.2013, at 16.01, Alan McGinlay - SICS al...@sics.se wrote: I am working on a complete migration from an old solaris machine running Cyrus IMAP v2.3.14 and wish to migrate all users to a new ubuntu vm running Dovecot 2.0.19. v2.0 is rather old. All email is copied over and stored in dovecot as you would expect. Then I switch the user to the new server on the imapproxy and restart the client (thunderbird or whatever). This is where all email headers are downloaded again as if they were new! There are *Many* users here who would complain intensely if this happened and I was really wanting the migration to be as invisible as possible. Is there a way to do what I have described without the clients redownloading headers / full messages? I don’t think imapsync supports Dovecot’s dovecot-uidlist, so it can’t preserve the IMAP UIDs. * I have looked at dsync but the docs state that the mailbox should not be accessed during sync, this is not possible for me (it doesn't say why this is the case however) dsync is intended for these kinds of migrations. I’m not sure where you read that mailbox shouldn’t be accessed during it? Anyway v2.0 dsync is rather bad. Even if you end up using Dovecot v2.0, for the migration you could use Dovecot v2.2 dsync binary (installed e.g. under /tmp/dovecot-2.2). v2.2.9 dsync+imapc performance is very good when mail_prefetch_count=10 (or more).
Re: [Dovecot] disconnecting (disconnected by server)
On 3.12.2013, at 14.55, Patrick Westenberg p...@wk-serv.de wrote: I just recognized a lot of log entries like this on my proxy: Dec 03 13:50:54 imap-login: Info: proxy(m...@example.com): disconnecting 1.2.3.4 (Disconnected by server): user=m...@example.com, method=PLAIN, rip=1.2.3.4, lip=2.4.6.8, TLS, session=qk02v6DsJwBTlUQX There are no similar entries on the backends. What does this mean? Something I have to worry about? See the session ID “qk02v6DsJwBTlUQX”. Find the disconnection message from the backend server’s logs by grepping it.
Re: [Dovecot] Error in imap_address_arg_append
On 3.12.2013, at 11.18, Potapov Sergey s.pota...@rambler-co.ru wrote: Function imap_envelope_parse return incorrect result for addresses with groups due to error in imap_address_arg_append because of with , is added after group name and before first mailbox. Patch for dovecot v2.1 in attach. Committed to v2.2: http://hg.dovecot.org/dovecot-2.2/rev/342f6962390e
Re: [Dovecot] disconnecting (disconnected by server)
Timo Sirainen schrieb: See the session ID “qk02v6DsJwBTlUQX”. Find the disconnection message from the backend server’s logs by grepping it. There is only the login entry: Dec 03 13:50:53 imap-login: Info: Login: user=m...@example.com, method=PLAIN, rip=1.2.3.4, lip=2.3.4.5, mpid=3707, TLS, session=qk02v6DsJwBTlUQX
Re: [Dovecot] disconnecting (disconnected by server)
On 3.12.2013, at 22.15, Patrick Westenberg p...@wk-serv.de wrote: Timo Sirainen schrieb: See the session ID “qk02v6DsJwBTlUQX”. Find the disconnection message from the backend server’s logs by grepping it. There is only the login entry: Dec 03 13:50:53 imap-login: Info: Login: user=m...@example.com, method=PLAIN, rip=1.2.3.4, lip=2.3.4.5, mpid=3707, TLS, session=qk02v6DsJwBTlUQX Oh, right, Adding %{session} to mail_log_prefix is useful. Maybe I’ll make it the default some day.
Re: [Dovecot] disconnecting (disconnected by server)
Timo Sirainen schrieb: On 3.12.2013, at 22.15, Patrick Westenberg p...@wk-serv.de wrote: Timo Sirainen schrieb: See the session ID “qk02v6DsJwBTlUQX”. Find the disconnection message from the backend server’s logs by grepping it. There is only the login entry: Dec 03 13:50:53 imap-login: Info: Login: user=m...@example.com, method=PLAIN, rip=1.2.3.4, lip=2.3.4.5, mpid=3707, TLS, session=qk02v6DsJwBTlUQX Oh, right, Adding %{session} to mail_log_prefix is useful. Maybe I’ll make it the default some day. Now I see more, but the logout seems quite normal: Dec 03 21:39:07 imap-login: Info: proxy(m...@example.com): disconnecting 2.4.6.8 (Disconnected by server): user=m...@example.com, method=PLAIN, rip=2.4.6.8, lip=2.3.4.5, TLS, session=eaeiR6fs1gBUdqox Dec 03 21:39:07 eaeiR6fs1gBUdqox -- imap(m...@example.com): Info: Disconnected: Logged out in=63 out=778
Re: [Dovecot] disconnecting (disconnected by server)
On 3.12.2013, at 22.43, Patrick Westenberg p...@wk-serv.de wrote: Now I see more, but the logout seems quite normal: Dec 03 21:39:07 imap-login: Info: proxy(m...@example.com): disconnecting 2.4.6.8 (Disconnected by server): user=m...@example.com, method=PLAIN, rip=2.4.6.8, lip=2.3.4.5, TLS, session=eaeiR6fs1gBUdqox Dec 03 21:39:07 eaeiR6fs1gBUdqox -- imap(m...@example.com): Info: Disconnected: Logged out in=63 out=778 Right, I guess that’s then what it always does. Logout sequence goes: C: a LOGOUT S: * Bye S: a OK S: disconnect The server doesn’t wait for client to disconnect. So proxy sees that server does the disconnection. The other possibility would have been that it saw client disconnecting.
[Dovecot] Panic in indexer-worker
Hi, I did a fresh installation of 2.2.9 in my test environment and enabled fts_autoindex=yes. I'm using a solr-server for FTS. I got this error, just once until now: _=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_= == dovecot-lmtp-errors.log == Dec 03 16:15:06 lmtp(30601, usern...@domain.de): Error: Timeout (29s) while waiting for lock for transaction log file /maildata/domain.de/username/maildir/dovecot.list.index.log == dovecot-lmtp.log == Dec 03 16:15:06 lmtp(30601, usern...@domain.de): Info: h2jGC1j1nVKJdwAAwaC1kQ: sieve: msgid=20131203151436.962c06b...@monitoring01.domain.de: stored mail into mailbox 'Trash' Dec 03 16:15:06 lmtp(30601): Info: Disconnect from 10.0.0.3: Successful quit == dovecot.log == Dec 03 16:15:06 indexer-worker(usern...@domain.de): Panic: file http-client-request.c: line 521 (http_client_request_send_more): assertion failed: (req-payload_input != NULL) Dec 03 16:15:06 indexer-worker(usern...@domain.de): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x66ab1) [0x7fc60fe2eab1] - /usr/local/lib/dovecot/libdovecot.so.0(+0x66b8e) [0x7fc60fe2eb8e] - /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fc60fdea3ce] - /usr/local/lib/dovecot/libdovecot.so.0(http_client_request_send_more+0x2ed) [0x7fc60fe0406d] - /usr/local/lib/dovecot/libdovecot.so.0(http_client_request_send+0x1e1) [0x7fc60fe042a1] - /usr/local/lib/dovecot/libdovecot.so.0(http_client_connection_next_request+0x120) [0x7fc60fe06720] - /usr/local/lib/dovecot/libdovecot.so.0(+0x3f6b7) [0x7fc60fe076b7] - /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handle_timeouts+0xbf) [0x7fc60fe3e9af] - /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x94) [0x7fc60fe3f7d4] - /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fc60fe3e628] - /usr/local/lib/dovecot/libdovecot.so.0(+0x3bb3f) [0x7fc60fe03b3f] - /usr/local/lib/dovecot/lib21_fts_solr_plugin.so(solr_connection_post_end+0x61) [0x7fc60f1d5421] - /usr/local/lib/dovecot/lib21_fts_solr_plugin.so(+0x4388) [0x7fc60f1d2388] - /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_backend_update_deinit+0x29) [0x7fc60f3dfd29] - /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xbb7c) [0x7fc60f3e4b7c] - /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xc982) [0x7fc60f3e5982] - /usr/local/lib/dovecot/lib10_quota_plugin.so(+0xb584) [0x7fc60f5f6584] - /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x90927) [0x7fc61012a927] - /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit_get_changes+0x3f) [0x7fc6101162cf] - /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit+0xe) [0x7fc61011636e] - dovecot/indexer-worker [usern...@domain.de Trash]() [0x4024f6] - /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x27) [0x7fc60fe3ea87] - /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7fc60fe3f817] - /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fc60fe3e628] - /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fc60fdef5c3] - dovecot/indexer-worker [usern...@domain.de Trash](main+0xe3) [0x401f03] - /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7fc60fa21de5] - dovecot/indexer-worker [usern...@domain.de Trash]() [0x401fc2] Dec 03 16:15:13 indexer: Error: Indexer worker disconnected, discarding 1 requests for usern...@domain.de Dec 03 16:15:13 indexer-worker(usern...@domain.de): Fatal: master: service(indexer-worker): child 30611 killed with signal 6 (core dumped) _=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_=_= This happend when LMTP received a mail, and because of fts_autoindex=yes it should be sent to the solr server. Is this normal when waiting for lock on transaction log file times out, or should there be something more graceful, maybe just skip it or so? I already tried to reproduce, but I cannot. I will check the logfiles if it happens again. Regards Michael
Re: [Dovecot] Complete migration from Cyrus on remote server
On 12/ 3/13 02:17 PM, Timo Sirainen wrote: On 3.12.2013, at 16.01, Alan McGinlay - SICS al...@sics.se wrote: * I have looked at dsync but the docs state that the mailbox should not be accessed during sync, this is not possible for me (it doesn't say why this is the case however) dsync is intended for these kinds of migrations. I’m not sure where you read that mailbox shouldn’t be accessed during it? http://wiki2.dovecot.org/Migration/Dsync The source IMAP/POP3 mailboxes shouldn't be modified while dsync is running.
Re: [Dovecot] Complete migration from Cyrus on remote server
On 3.12.2013, at 23.55, Oscar del Rio del...@mie.utoronto.ca wrote: On 12/ 3/13 02:17 PM, Timo Sirainen wrote: On 3.12.2013, at 16.01, Alan McGinlay - SICS al...@sics.se wrote: * I have looked at dsync but the docs state that the mailbox should not be accessed during sync, this is not possible for me (it doesn't say why this is the case however) dsync is intended for these kinds of migrations. I’m not sure where you read that mailbox shouldn’t be accessed during it? http://wiki2.dovecot.org/Migration/Dsync The source IMAP/POP3 mailboxes shouldn't be modified while dsync is running.” I’m not sure why I wrote that. Maybe it didn’t work as well in earlier versions. I removed the text now from the page.
Re: [Dovecot] [PATCH] lib-sql/driver-mysql.c - Add support for enabling MYSQL_OPT_SSL_VERIFY_SERVER_CERT
Timo, Were there any further changes you wanted made to the patch? It now defaults to having ssl_verify_server_cert enabled. On Fri, 2013-11-22 at 13:52 +0200, Timo Sirainen wrote: On 22.11.2013, at 9.22, Patrick Ben Koetter p...@sys4.de wrote: * Timo Sirainen dovecot@dovecot.org: On 22.11.2013, at 0.35, Gareth Palmer gar...@acsdata.co.nz wrote: The following patch adds support for enabling MYSQL_OPT_SSL_VERIFY_SERVER_CERT. It makes the mysql client library check that the commonName in the server's SSL certificate matches the host name provided to mysql_real_connect() and aborts the connection if the name doesn't match. If someone goes through the trouble of using SSL with MySQL .. should this even be optional? I guess I shouldn’t break any v2.2 installations even accidentally, but for v2.3 I don’t really see any point of not having this enabled unconditionally. It should be optional or it will break other running systems when the update/upgrade. But perhaps it should break (in v2.3.0)? Otherwise it’s not really running securely anyway. At least the default should be to verify the cert. diff -urN dovecot-20131120.orig/config.h.in dovecot-20131120/config.h.in --- dovecot-20131120.orig/config.h.in 2013-11-25 10:32:38.182706916 +1300 +++ dovecot-20131120/config.h.in 2013-11-25 10:33:50.689323470 +1300 @@ -251,6 +251,10 @@ /* Define if your MySQL library supports setting cipher */ #undef HAVE_MYSQL_SSL_CIPHER +/* Define if your MySQL library supports verifying the name in the SSL + certificate */ +#undef HAVE_MYSQL_SSL_VERIFY_SERVER_CERT + /* Define if you don't have C99 compatible vsnprintf() call */ #undef HAVE_OLD_VSNPRINTF diff -urN dovecot-20131120.orig/configure.ac dovecot-20131120/configure.ac --- dovecot-20131120.orig/configure.ac 2013-11-25 10:32:38.262705729 +1300 +++ dovecot-20131120/configure.ac 2013-11-25 10:33:50.689323470 +1300 @@ -2282,6 +2282,15 @@ mysql_set_ssl(0, 0, 0, 0, 0, 0); ], [ AC_DEFINE(HAVE_MYSQL_SSL_CIPHER,, Define if your MySQL library supports setting cipher) + + AC_TRY_COMPILE([ + $ssl_define + #include mysql.h + ], [ + int i = MYSQL_OPT_SSL_VERIFY_SERVER_CERT; + ], [ + AC_DEFINE(HAVE_MYSQL_SSL_VERIFY_SERVER_CERT,, Define if your MySQL library supports verifying the name in the SSL certificate) + ]) ]) ]) diff -urN dovecot-20131120.orig/doc/example-config/dovecot-sql.conf.ext dovecot-20131120/doc/example-config/dovecot-sql.conf.ext --- dovecot-20131120.orig/doc/example-config/dovecot-sql.conf.ext 2013-11-25 10:32:38.266705653 +1300 +++ dovecot-20131120/doc/example-config/dovecot-sql.conf.ext 2013-11-25 10:34:05.037049830 +1300 @@ -47,13 +47,15 @@ # host, port, user, password, dbname # # But also adds some new settings: -# client_flags- See MySQL manual -# ssl_ca, ssl_ca_path - Set either one or both to enable SSL -# ssl_cert, ssl_key - For sending client-side certificates to server -# ssl_cipher - Set minimum allowed cipher security (default: HIGH) -# option_file - Read options from the given file instead of -# the default my.cnf location -# option_group- Read options from the given group (default: client) +# client_flags - See MySQL manual +# ssl_ca, ssl_ca_path- Set either one or both to enable SSL +# ssl_cert, ssl_key - For sending client-side certificates to server +# ssl_cipher - Set minimum allowed cipher security (default: HIGH) +# ssl_verify_server_cert - Verify that the name in the server SSL certificate +# matches the host (default: yes) +# option_file- Read options from the given file instead of +# the default my.cnf location +# option_group - Read options from the given group (default: client) # # You can connect to UNIX sockets by using host: host=/var/run/mysql.sock # Note that currently you can't use spaces in parameters. diff -urN dovecot-20131120.orig/src/lib-sql/driver-mysql.c dovecot-20131120/src/lib-sql/driver-mysql.c --- dovecot-20131120.orig/src/lib-sql/driver-mysql.c 2013-11-25 10:32:38.190706907 +1300 +++ dovecot-20131120/src/lib-sql/driver-mysql.c 2013-11-25 10:34:28.584598986 +1300 @@ -28,6 +28,7 @@ pool_t pool; const char *user, *password, *dbname, *host, *unix_socket; const char *ssl_cert, *ssl_key, *ssl_ca, *ssl_ca_path, *ssl_cipher; + int ssl_verify_server_cert; const char *option_file, *option_group; unsigned int port, client_flags; time_t last_success; @@ -104,6 +105,10 @@ , db-ssl_cipher #endif ); +#ifdef HAVE_MYSQL_SSL_VERIFY_SERVER_CERT + mysql_options(db-mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + db-ssl_verify_server_cert); +#endif db-ssl_set = TRUE; #else i_fatal(mysql: SSL support not compiled in @@ -152,6 +157,7 @@ const
[Dovecot] Multi-master Replication?
Will the replication method described at http://wiki2.dovecot.org/Replication support a master/master/master configuration to keep three replicas in sync? Thanks
Re: [Dovecot] BUG: Authentication client sent unknown handshake command
Timo Sirainen t...@iki.fi wrote: I think net_getunixname() no longer works correctly. src/auth/main.c uses it to figure out what each socket is. Indeed, when the auth process calls net_getunixname(), getsockname() fills the name buffer with garbage. That happens with fd 7 for instance, and inspecting the process with fstat(1) I see no fd 7. I am not yet sure if it is closed before or after getsockname() # ps -axp 6025 6025 ? I0:00.02 dovecot/auth -w # fstat -p 6025 USER CMD PID FD MOUNT INUM MODE SZ|DV R/W root auth6025 wd / 636320 drwxr-xr-x1024 r root auth60250 / 68173 crw-rw-rw-null w root auth60251 / 68173 crw-rw-rw-null w root auth60252* pipe 0xc732d254 - 0xc710c010 w root auth60253* pipe 0xc725e310 - 0xc70b330c w root auth60254 / 545650 -rw-r--r-- 121 r root auth60255* pipe 0xc725ecd0 - 0xc710c0d0 wn root auth60256* pipe 0xc7be385c - 0xc79b885c w root auth60255* misc 0xc67dff18 root auth60259* pipe 0xc7057f04 - 0xc618f000 rn root auth6025 10* pipe 0xc618f000 - 0xc7057f04 wn root auth60254* kqueue pending 0 root auth60254* kqueue pending 0 root auth6025 13 / 545650 -rw-r--r-- 121 r root auth6025 14* internet stream tcp 192.0.2.16:636 - 192.0.2.26:62473 root auth6025 15* unix stream - /var/run/dovecot/auth-worker root auth6025 130 / 545650 -rw-r--r-- 121 r The other auth process has it as a Unix socket like we expect: # ps -axp 17204 PID TTY STATTIME COMMAND 17204 ? I0:00.02 dovecot/auth # fstat -p 17204 USER CMD PID FD MOUNT INUM MODE SZ|DV R/W root auth 17204 wd / 636320 drwxr-xr-x1024 r root auth 172040 / 68173 crw-rw-rw-null w root auth 172041 / 68173 crw-rw-rw-null w root auth 172042* pipe 0xc725e250 - 0xc618ee40 w root auth 172043* pipe 0xc725e310 - 0xc70b330c w root auth 172044 / 545650 -rw-r--r-- 121 r root auth 172045* pipe 0xc7058184 - 0xc710c9d0 wn root auth 172046* pipe 0xc7be385c - 0xc79b885c w root auth 172047* unix stream - /var/run/dovecot/login/login root auth 172048* unix stream - /var/run/dovecot/token-login/tokenlogin root auth 172049* unix stream - /var/run/dovecot/auth-login root auth 17204 10* unix stream - /var/run/dovecot/auth-client root auth 17204 11* unix stream - /var/run/dovecot/auth-userdb root auth 17204 12* unix stream - /var/run/dovecot/auth-master root auth 172045* misc 0xc67dff60 root auth 17204 14* unix stream - c71b6e14 root auth 172044* kqueue pending 0 root auth 17204 16* pipe 0xc70b36cc - 0xc7058244 rn root auth 17204 17* pipe 0xc7058244 - 0xc70b36cc wn root auth 172044* kqueue pending 0 root auth 17204 19 / 545650 -rw-r--r-- 121 r root auth 17204 20* internet stream tcp 192.0.2.15:636 - 192.0.2.26:62459 root auth 17204 22* unix stream - c60cb974 root auth 17204 130 / 545650 -rw-r--r-- 121 r -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org
Re: [Dovecot] BUG: Authentication client sent unknown handshake command
Emmanuel Dreyfus m...@netbsd.org wrote: Indeed, when the auth process calls net_getunixname(), getsockname() fills the name buffer with garbage. I checked with a test program: on a non open, or closed socket, getsockname() returns -1. However on a socket that was not bound, it returns 0 and fills the buffer with garbage. I suspect this is a kernel bug, but how do we reach that situation? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org
Re: [Dovecot] Possible managesieve bug.
Hello, Permissions are: * /correo: 0777 (rwxrwxrwx) * /correo/ubu.es: 0770 (rwxrwx---) * /correo/ubu.es/x...@ubu.es: 0777 (rwxrwxrwx) All users belong to the same group. If I change /correo/ubu.es permissions to 0777 (rwxrwxrwx) it works again. I have checked old server config again an I realize that it is using another group for mail access, so is a permissions issue. But if If change permissions to 0777 on user's directory and files an error occurs. If I change to 0770 it works fine. Thank you for the tip, I was blocked :) Pedro El 03/12/13 15:39, Steffen Kaiser escribió: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 3 Dec 2013, Pedro R. Benito da Rocha wrote: sieve = /correo/%d/%u/dovecot.sieve sieve_dir = /correo/%d/%u/Sieve and is working fine. But the same config on the new server is not working. I have activated verbose logging and this is the result: Dec 3 09:59:41 imap-01 dovecot: managesieve-login: Login: user=x...@ubu.es, method=LOGIN, rip=10.145.4.65, lip=10.145.4.45, mpid=29855, session=T7hfhJ3s+QAKkQRB Dec 3 09:59:41 imap-01 dovecot: managesieve(x...@ubu.es): Error: sieve-storage: Performing readlink() on active sieve symlink '/correo/ubu.es/x...@ubu.es/dovecot.sieve' failed: Permission denied What are the filesystem permissions of /correo/ubu.es, /correo/ubu.es/x...@ubu.es and /correo ? Permissions are ok. I modified the permissions using 0777 but the error message is the same. I have made other tests to see if I can find the problem, and I made it work if I delete %d from config, this way: sieve = /correo/%u/dovecot.sieve sieve_dir = /correo/%u/Sieve I have copied all filters preserving permissions, and with the same file permissions is working. If I add the '%d' to the path error comes again. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUp3tKl3r2wJMiz2NAQJL5Qf7B5JTl8Q5mRXWwRUhOg4psIuBrR+ZOc65 U03+De115SwuzZpHfHeK4y+5jDsZx+7c5h3OeGYUP2A9IqH+BXvhZwt4rj/enmrZ AaB34JqWZEJ+J2IQI8u7ZdtO0acrWPG/bXcAentjWWKDl5fihgOad91w1GsABi3L 2ocYTS9HHkrJe1Ge4sDdUEc9B4Ej7X2w4yOaKeKbsiZLsidLSrgMx09KSkCl2qrP NTRUEKplxyt7Vw7rSnkPRP8zIe6cDpNf4OSPtUjtpqRFu70Yl7Uhf2yKru34csmp 8RlMtqtp+rjPnvf9GvyygAiKmTxmO7rGJT0QE2YcFD9c+IZggo3S3g== =1z9a -END PGP SIGNATURE- -- Pedro R. Benito da Rocha - Servicio de Informatica - Area de Sistemas Universidad de Burgos (España) E-mail: pe...@ubu.es Tel: +34 947258845