Re: [Dovecot] New server missing auth-worker entries in logs
On 2013-12-21 4:59 PM, Timo Sirainen t...@iki.fi wrote: On 21.12.2013, at 23.24, Charles Marcus cmar...@media-brokers.com wrote: I've looked everywhere, compared settings, etc, and can't seem to find why I get this line on the old server and odn't on the new one. http://hg.dovecot.org/dovecot-2.2/rev/33e78edac8f5 Do you never sleep Timo??? Anyway, thanks for the quick fix! -- Best regards, */Charles/*
[Dovecot] Duplicated (but only for unread) messages after second rsync pass...
Ok, I know I should probably be using dsync for this, but I'm more familiar with rsync, and didn't think this would be a problem. Here is what I am doing, and what is apparently happening (only done this once, but I'm guessing it will happen each time): rsync -avHP /mnt/vmail/example.com/user1/ /var/vmail/example.com/user1/ chown -R vmail:vmail /var/vmail/example.com Ok, so far so good, everything works fine accessing the mails (I'm using Thunderbird). Now I do another rsync, but this time I did the entire mailstore: rsync -avHP /mnt/vmail/example.com/ /var/vmail/example.com/ chown -R vmail:vmail /var/vmail/example.com Right after I started up dovecot again, I hot a bunch of these in the logs: 2013-12-22T09:52:51-05:00 newhost dovecot: imap(us...@example.com): Warning: Maildir /var/vmail/example.com/user1/: Expunged message reappeared, giving a new UID (old uid=45516, file=1387468268.Vfe02Ic1343fM845754.oldhost.sub.example.com:2,ST) 2013-12-22T09:52:51-05:00 newhost dovecot: imap(us...@example.com): Warning: Maildir /var/vmail/example.com/user1/: Expunged message reappeared, giving a new UID (old uid=45518, file=1387468645.Vfe02Ic73e0eM530539.oldhost.sub.example.com:2,ST) The problem is, it looks like every single message that was flagged as unread is now duplicated on the new system. Also - not that this is a problem, but all of the old messages have the fqdn of the old server in the individual email file names - oldhost.sub.example.com - while the new ones only have the local hostname (newhost) Did I do something wrong? Or is this going to be an unavoidable problem if I want to use rsync to do the final migration that using dsync would avoid? Thanks, -- Best regards, */Charles /*
Re: [Dovecot] Duplicated (but only for unread) messages after second rsync pass...
On 22.12.2013, at 17.13, Charles Marcus cmar...@media-brokers.com wrote: Ok, I know I should probably be using dsync for this, but I'm more familiar with rsync, and didn't think this would be a problem. Here is what I am doing, and what is apparently happening (only done this once, but I'm guessing it will happen each time): rsync -avHP /mnt/vmail/example.com/user1/ /var/vmail/example.com/user1/ chown -R vmail:vmail /var/vmail/example.com Ok, so far so good, everything works fine accessing the mails (I'm using Thunderbird). Now I do another rsync, but this time I did the entire mailstore: rsync -avHP /mnt/vmail/example.com/ /var/vmail/example.com/ chown -R vmail:vmail /var/vmail/example.com Right after I started up dovecot again, I hot a bunch of these in the logs: 2013-12-22T09:52:51-05:00 newhost dovecot: imap(us...@example.com): Warning: Maildir /var/vmail/example.com/user1/: Expunged message reappeared, giving a new UID (old uid=45516, file=1387468268.Vfe02Ic1343fM845754.oldhost.sub.example.com:2,ST) 2013-12-22T09:52:51-05:00 newhost dovecot: imap(us...@example.com): Warning: Maildir /var/vmail/example.com/user1/: Expunged message reappeared, giving a new UID (old uid=45518, file=1387468645.Vfe02Ic73e0eM530539.oldhost.sub.example.com:2,ST) The problem is, it looks like every single message that was flagged as unread is now duplicated on the new system. Also - not that this is a problem, but all of the old messages have the fqdn of the old server in the individual email file names - oldhost.sub.example.com - while the new ones only have the local hostname (newhost) The hostname doesn't matter. Did I do something wrong? Or is this going to be an unavoidable problem if I want to use rsync to do the final migration that using dsync would avoid? Use rsync --delete to get rid of the extra mails in destination. And of course don't deliver any new mails to destination before that is done. :)
[Dovecot] 'unknown user' using dovecot LDA
Ok, one more issue to resolve.
The old server was still using the postfix/virtual for delivery, but the
new one is using the dovecot LDA.
Now, when an email generated locally by a cron job is delivered, this
shows in the log:
2013-12-22T10:29:55-05:00 host postfix/pickup[31400]: C67FD90F676B2:
uid=0 from=newsrv+rkhun...@example.com
2013-12-22T10:29:55-05:00 host postfix/cleanup[22349]: C67FD90F676B2:
message-id=20131222152955.c67fd90f67...@smtp2.example.com
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2:
from=newsrv+rkhun...@example.com, size=1555, nrcpt=1 (queue active)
2013-12-22T10:29:55-05:00 host dovecot: auth-worker(22365):
passwd(us...@example.com): unknown user
2013-12-22T10:29:55-05:00 host dovecot: lda(us...@example.com):
msgid=20131222152955.c67fd90f67...@smtp2.example.com: saved mail to INBOX
2013-12-22T10:29:55-05:00 host postfix/pipe[22361]: C67FD90F676B2:
to=user1+rkhunter-rep...@example.com, relay=dovecot, delay=0.06,
delays=0.02/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2: removed
The mail was delivered (as the log also clearly shows), but what is with
the 'unknown user'?
I'm not sure how I can test my maps with dovecot, but testing with
postfix shows:
# postmap -q us...@example.com mysql:/etc/postfix/maps/mysql/vmm.cf
example.com/user1/
Which is correct.
And my dovecot-sql-conf.ext contains:
driver = mysql
connect = host=localhost dbname=db_name user=dbuser password=password
default_pass_scheme = CRYPT
password_query = \
SELECT username AS user, password \
FROM mailbox WHERE username = '%u'
user_query = \
SELECT CONCAT('/var/vmail/', maildir) AS home \
FROM mailbox WHERE username = '%u'
iterate_query = SELECT username AS user FROM mailbox
I confirmed the db info is identical to what postfix is using.
Oh - and in order to make sure that all usernames are lowercased,
shouldn't I change '%u' above to '%Lu'?
Appreciate any suggestions on where to go next... thanks
--
Best regards,
*/Charles/*
Re: [Dovecot] Duplicated (but only for unread) messages after second rsync pass...
On 2013-12-22 10:37 AM, Timo Sirainen t...@iki.fi wrote: Use rsync --delete to get rid of the extra mails in destination. I wondered if that would do it... thanks. And of course don't deliver any new mails to destination before that is done.:) Well, at least I knew not to do that... ;) Thanks Timo. -- Best regards, */Charles/*
Re: [Dovecot] 'unknown user' using dovecot LDA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 22-12-13 16:43, Charles Marcus wrote:
Ok, one more issue to resolve.
The old server was still using the postfix/virtual for delivery,
but the new one is using the dovecot LDA.
Now, when an email generated locally by a cron job is delivered,
this shows in the log:
2013-12-22T10:29:55-05:00 host postfix/pickup[31400]:
C67FD90F676B2: uid=0 from=newsrv+rkhun...@example.com
2013-12-22T10:29:55-05:00 host postfix/cleanup[22349]:
C67FD90F676B2:
message-id=20131222152955.c67fd90f67...@smtp2.example.com
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2:
from=newsrv+rkhun...@example.com, size=1555, nrcpt=1 (queue
active) 2013-12-22T10:29:55-05:00 host dovecot:
auth-worker(22365): passwd(us...@example.com): unknown user
This is an error from the passwd authentication backend, not from the
mysql one you're checking below. Seems that you have 2 auth backends
enabled in dovecot...
2013-12-22T10:29:55-05:00 host dovecot: lda(us...@example.com):
msgid=20131222152955.c67fd90f67...@smtp2.example.com: saved mail
to INBOX 2013-12-22T10:29:55-05:00 host postfix/pipe[22361]:
C67FD90F676B2: to=user1+rkhunter-rep...@example.com,
relay=dovecot, delay=0.06, delays=0.02/0/0/0.04, dsn=2.0.0,
status=sent (delivered via dovecot service)
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2:
removed
The mail was delivered (as the log also clearly shows), but what is
with the 'unknown user'?
I'm not sure how I can test my maps with dovecot, but testing with
postfix shows:
# postmap -q us...@example.com
mysql:/etc/postfix/maps/mysql/vmm.cf example.com/user1/
Which is correct.
And my dovecot-sql-conf.ext contains:
driver = mysql connect = host=localhost dbname=db_name user=dbuser
password=password default_pass_scheme = CRYPT password_query = \
SELECT username AS user, password \ FROM mailbox WHERE username =
'%u' user_query = \ SELECT CONCAT('/var/vmail/', maildir) AS home
\ FROM mailbox WHERE username = '%u' iterate_query = SELECT
username AS user FROM mailbox
I confirmed the db info is identical to what postfix is using.
Oh - and in order to make sure that all usernames are lowercased,
shouldn't I change '%u' above to '%Lu'?
Appreciate any suggestions on where to go next... thanks
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJStwoaAAoJEJPfMZ19VO/1MkIQAK2u3lQOUI6zHGQzoO7iNjQP
OAHmFyn/QnPSRGd7O+EAHSG6vvz6QBgf0qpUSym8nPu+jDaG564eZwqfQu1cIa2c
uerz0ZDYk8hu4XqKHP83c/A5SsoG8QbmO0LTwr3wSSvmvOS4G1agMqpZt2r5r2pG
aiAbHgQYWbp906F0absak/W4XAIJltqiIxQ1QcFhhXjovmiQTxugiCgx7RhxY5dx
Li1KWzGZbl9cANQvUn8Sy7UIkYtu40qcZn150DYq3iKKT2cA18PSSPA8Rur/zigT
vidhIB+h0p+qNlGKs1rUlKifX2fD9JhGa/GinotBi33PTZPsTzVzYESgBYR9/nFH
ekgraAJ+xHva2K0dKartzzddHvweAub0PxXn4YZw5X4fxYyITGuWqDBsB2Pn38XW
xQRjWQ2nnjNH7YHrCiwAcykU71jT6kYJwSBp1SxkWRHlk9HTDPKH0P+SRJJ03Bri
2CfkutX8GNVNXlME2G1yqDhV03XOPziEwdRUSB5t2jgZWrMYTE21zfpLLLUYhNKa
JYnShmpEkRk9VpGquk1fCTMZNtTIomdcqwtfd0r0cPwXFx2KVTBJfkvwR8CCX850
QgiwlTARaLrF8VVT9ujLP2uBieoeDOIJOEAFs86BxQVmLqBkZJVn3raJikhzoHJo
pxe1lAFyeF5C7zjD1i5x
=rG+d
-END PGP SIGNATURE-
Re: [Dovecot] Duplicated (but only for unread) messages after second rsync pass...
Am 22.12.2013 16:44, schrieb Charles Marcus: On 2013-12-22 10:37 AM, Timo Sirainen t...@iki.fi wrote: Use rsync --delete to get rid of the extra mails in destination. I wondered if that would do it... thanks in case of a 1:1 rsync you always want the parameters below to include any sort of links, permissions and attributes [harry@srv-rhsoft:~]$ which rsync.sh /usr/local/bin/rsync.sh [harry@srv-rhsoft:~]$ cat /usr/local/bin/rsync.sh #!/bin/bash # -z compress # -t timestamps # -P progress # -r recursive # -l links # -H hard-links # -p permissions # -o owner # -g group # -E executability # -A acls # -X xtended attributes # Sicherstellen dass Source UND Target uebergeben wurden if [ $1 == ] || [ $2 == ] || [ $1 == $2 ]; then echo USAGE: rsync.sh source target [bwlimit] exit fi # Standard-Parameter RSYNC_PARAMS=--no-motd --force --delete-after --devices --specials --sparse -tPrlHpogEAX # Wenn in einem der beiden Paramneter ein @ vorkommt Komprimierung einschalten # Ansonsten handelt es sich um zwei lokale Ordner und rsync wuerde die # Daten ohne Sinn komprimieren if [ `grep '@' $1` ] || [ `grep '@' $2` ]; then RSYNC_PARAMS=--compress --sockopts=SO_SNDBUF=32768,SO_RCVBUF=32768 $RSYNC_PARAMS fi if [ $3 != ]; then RSYNC_PARAMS=--bwlimit=$3 $RSYNC_PARAMS fi # Eigentliches Kommando ausfuehren nice -n 19 rsync $RSYNC_PARAMS --rsync-path='nice -n 19 rsync' $1 $2 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] 'unknown user' using dovecot LDA
On 2013-12-22 10:49 AM, Tom Hendrikx t...@whyscream.net wrote:
On 22-12-13 16:43, Charles Marcus wrote:
2013-12-22T10:29:55-05:00 host postfix/pickup[31400]:
C67FD90F676B2: uid=0 from=newsrv+rkhun...@example.com
2013-12-22T10:29:55-05:00 host postfix/cleanup[22349]:
C67FD90F676B2:
message-id=20131222152955.c67fd90f67...@smtp2.example.com
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2:
from=newsrv+rkhun...@example.com, size=1555, nrcpt=1 (queue
active) 2013-12-22T10:29:55-05:00 host dovecot:
auth-worker(22365): passwd(us...@example.com): unknown user
This is an error from the passwd authentication backend, not from the
mysql one you're checking below. Seems that you have 2 auth backends
enabled in dovecot...
Ah, right you are, thanks!
Missed that (it was staring me in the face) - doveconf -n shows:
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
One thing about dovecots config I've learned during this process... it
is confusing sometimes to determine where any given setting is coming
from, given the number of different default config files..
Grepping of course will help you find it, but it would be nice if there
was some way to simplify this...
Maybe cut down on the number of different config files (ie, combine all
of the different auth-* files into one)?
Or maybe a verbose flag you could pass to doveconf -n - ie, 'doveconf
-nv' - that would sort the output based on the config file that each
group of settings came from, with a comment above each group of
settings, ie:
doveconf -nv
...
# from /etc/dovecot/conf.d/auth-system.conf.ext
userdb {
driver = passwd
}
# from /etc/dovecot/conf.d/auth-sql.conf.ext
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
But, like I said, it isn't all that difficult to find them so not a huge
deal.
Anyway, problem solved - thanks again Tom...
--
Best regards,
*/Charles/*
Re: [Dovecot] 'unknown user' using dovecot LDA
Am 22.12.2013 17:24, schrieb Charles Marcus:
One thing about dovecots config I've learned during this process... it is
confusing sometimes to determine where
any given setting is coming from, given the number of different default
config files..
Grepping of course will help you find it, but it would be nice if there was
some way to simplify this...
Maybe cut down on the number of different config files
you are free to use only one config file as below and
a second one /etc/dovecot/sql.conf referred there
contains the sensible autentication configuration
hence my RPM-SPEC does not include a single config file
[root@testserver:~]$ cat /etc/dovecot/dovecot.conf
# provided services
protocols = imap pop3
# configure ssl
ssl= yes
ssl_cert = /etc/postfix/certs/localhost.pem
ssl_key= /etc/postfix/certs/localhost.pem
ssl_cipher_list=
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
ssl_prefer_server_ciphers = yes
ssl_parameters_regenerate = 0
# configure imap-proxy
service imap-login {
inet_listener imap {
address= **.**.**.**
port = 143
}
inet_listener imaps {
address= **.**.**.**
port = 993
}
vsz_limit= 128M
service_count= 0
process_min_avail= 1
process_limit= 1
client_limit = 200
}
# configure pop3-proxy
service pop3-login {
inet_listener pop3 {
address= **.**.**.**
port = 110
}
inet_listener pop3s {
address= **.**.**.**
port = 995
}
vsz_limit= 128M
service_count= 0
process_min_avail= 1
process_limit= 1
client_limit = 200
}
# default settings
imap_capability= IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT IDLE
login_greeting =
login_log_format_elements = %u %r %m %k
login_log_format = %{login_status}: %s
mail_max_userip_connections= 100
auth_mechanisms= CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP LOGIN
PLAIN
disable_plaintext_auth = no
shutdown_clients = no
version_ignore = yes
# Logging
syslog_facility= mail
# authentication process
auth_worker_max_count = 50
auth_cache_size= 1024
auth_cache_ttl = 600
auth_cache_negative_ttl= 600
auth_username_chars=
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation =
%@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
# debug options
auth_debug = no
auth_debug_passwords = no
auth_verbose = no
mail_debug = no
verbose_ssl= no
# configure proxy-database
passdb {
driver= sql
args = /etc/dovecot/sql.conf
}
# we are not using local users
userdb {
driver= static
args = static uid=1 gid=1 home=/dev/null
}
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group= postfix
}
}
signature.asc
Description: OpenPGP digital signature
Re: [Dovecot] 'unknown user' using dovecot LDA
On 2013-12-22 11:29 AM, Reindl Harald h.rei...@thelounge.net wrote: Am 22.12.2013 17:24, schrieb Charles Marcus: One thing about dovecots config I've learned during this process... it is confusing sometimes to determine where any given setting is coming from, given the number of different default config files.. Grepping of course will help you find it, but it would be nice if there was some way to simplify this... Maybe cut down on the number of different config files you are free to use only one config file as below and a second one /etc/dovecot/sql.conf referred there contains the sensible autentication configuration I know this, and indeed I do this myself. I wasn't talking about your RPM-SPEC file, I was talking about the numerous dovecot config files that are installed in a new default installation. It is very confusing for people new to dovecot (I didn't have any major problems, because I'm not new, but installing it fresh gave me a new perspective). -- Best regards, */Charles/*
Re: [Dovecot] search gives variable/different results
Hi,
Still having search troubles. I expect to get 9 results in two
mailboxes, 3 in the first one and six in de second one. Total mailboxes
in shared/ is around 1100.
doveadm search mailbox shared/Products/VIP* TO stromvers
- all expected results
doveadm search mailbox shared/Products/VIP/* TO stromvers
- first 3 ok, from last box only the last 3.
doveadm search mailbox shared/Products* TO stromvers
- sometimes last 2 from 1st mailbox, last 4 from 2nd mailbox
sometimes no results at all
doveadm search mailbox shared/Products/* TO stromvers
- some results from 2nd mailbox
Is the search syntax O use wrong?
I added some printf statements to see what is going on. It seems to walk
all mailboxes. Unfortunately I don't know how to have doveadm use the
lib21_fts_squat_plugin.so I build. It always loads the one from /usr/libs.
$ dovecot -n
# 2.2.9 (5c170e0786f3): /etc/dovecot/dovecot.conf
# OS: Linux 3.12.0-031200-generic x86_64 Ubuntu 13.10
auth_verbose = yes
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
mail_debug = yes
mail_plugins = fts fts_squat
mail_privileged_group = mail
namespace {
hidden = yes
inbox = yes
list = no
location = mbox:~/mail:INBOX=/var/mail/%u
prefix = #mbox/
separator = /
}
namespace {
list = yes
location = sdbox:/home/imapshared-sdbox
prefix = shared/
separator = /
subscriptions = no
type = public
}
namespace inbox {
location = sdbox:~/sdboxmail
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
}
passdb {
driver = pam
}
plugin {
fts = squat
fts_autoindex = yes
fts_squat = partial=4 full=10
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
verbose_ssl = yes
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
}
--
Willem-Jan de Hoog
[Dovecot] Dovecot proxying with LDAP - an example?
Hi all, I have been struggling trying to understand the syntax to configure dovecot as a proxy against an LDAP server. As a single server dovecot works great. Now I want to add the mailHost attribute which, if present, should indicate the DNS name of the host that contains the person's mailbox. If the mailHost matches the local hostname, the mailbox should be served locally as it already does now. If the mailHost is not the local hostname, dovecot should proxy the request to the given server using SSL on port 993. The docs at http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy suggest that proxy_always is what I am looking for, but I cannot find any worked examples of how this might work. Has anyone attempted this before? What I have so far is this, but no proxying seems to take place: pass_attrs = mail=user,userPassword=password,\ mailMessageStore=userdb_mail,=proxy_always=y,mailHost=host,=ssl=yes Can anyone confirm? I am using dovecot v2.0.9 as provided out the box by RHEL6. Regards, Graham --
Re: [Dovecot] Duplicated (but only for unread) messages after second rsync pass...
On 2013-12-22 10:37 AM, Timo Sirainen t...@iki.fi wrote: Use rsync --delete to get rid of the extra mails in destination. And of course don't deliver any new mails to destination before that is done. :) Thanks Timo - but I'm curious why this only affected UNREAD messages? Even ones that were not new since the first rsync (some were over a month old, but still marked as unread, and those were duplicated too). -- Best regards, */Charles/*
[Dovecot] TLS SNI with Dovecot
Hi!
I've been using Dovecot for one single Domain with SSL certificates.
Now I would like to use Dovecot with several Domains and proper SSL
certificates. I tried to setup TLS SNI but it does not work. What I
basically did was just adding
local_name imap.samsoft.at {
ssl_cert = /etc/ssl/private/mailserver/imap.samsoft.at.crt
ssl_key = /etc/ssl/private/mailserver/imap.samsoft.at.key
}
for the additional domain.
When trying to login via IMAP, I see the following lines in the log file:
===
Dec 22 21:01:05 mx0 dovecot: imap-login: Warning: SSL alert:
where=0x4004, ret=554: fatal bad certificate [151.236.5.22]
Dec 22 21:01:05 mx0 dovecot: imap-login: Warning: SSL failed:
where=0x2002: SSLv3 read client certificate A [151.236.5.22]
Dec 22 21:01:05 mx0 dovecot: imap-login: Disconnected (no auth attempts
in 0 secs): user=, rip=151.236.5.22, lip=151.38.7.25, TLS handshaking:
SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
alert bad certificate: SSL alert number 42, session=Rg5EzyXutgCX7AaF
===
The actual Dovecot config is pasted below.
How can I solve that and server different certificates on the same IP
Address?
Thanks,
Michael
doveconf -n
# 2.2.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-042stab076.8 i686 CentOS release 6.5 (Final) simfs
auth_mechanisms = plain login
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_plugins = notify
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave imapflags
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
antispam_backend = dspam
antispam_dspam_args = --source=error;--signature=%%s;--user;%u
antispam_dspam_binary = /usr/bin/dspam
antispam_signature = X-DSPAM-Signature
antispam_signature_missing = move
antispam_spam = Spam
antispam_trash = trash;Trash;Deleted Items;Deleted Messages
sieve = /var/mail/vhosts/sieve-scripts/%d/%n/.dovecot.sieve
sieve_before = /var/mail/vhosts/sieve-scripts/before
sieve_dir = /var/mail/vhosts/sieve-scripts/%d/%n/sieve
sieve_extensions = +imapflags
}
postmaster_address = postmas...@changed.at
protocols = imap pop3 lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service dict {
unix_listener dict {
user = vmail
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl = required
ssl_ca = /etc/ssl/private/mailserver/ca-bundle.crt
ssl_cert = /etc/ssl/private/mailserver/mx0.domain1.at.pem
ssl_key = /etc/ssl/private/mailserver/mx0.domain1.at.key
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol lmtp {
mail_plugins = sieve
}
protocol lda {
mail_plugins = sieve
}
protocol imap {
mail_plugins = antispam
}
local_name imap.samsoft.at {
ssl_cert = /etc/ssl/private/mailserver/imap.samsoft.at.crt
ssl_key = /etc/ssl/private/mailserver/imap.samsoft.at.key
}
Re: [Dovecot] TLS SNI with Dovecot
Am 22.12.2013 22:07, schrieb Michael Neurohr: I've been using Dovecot for one single Domain with SSL certificates. Now I would like to use Dovecot with several Domains and proper SSL certificates. I tried to setup TLS SNI but it does not work. What I basically did was just adding forget it - SNI is relevant for webservers because different vhosts with different contents, typically not for mailservers why do you start the burden of different certs instead mail.your-company.tld and give that hostname to any user? __ there are good reasons that other hosters are doing the same http://www.df.eu/at/service/df-faq/e-mail/pop3-imap-postfaecher/mail-programme/ unencrypted: imap.your-domain.tld encrypted: sslmailpool.ispgateway.de while the unencrpyted from is also stupid from maintaince point of view we did that for some years and it did not work out in any sense signature.asc Description: OpenPGP digital signature
Re: [Dovecot] TLS SNI with Dovecot
On 12/22/2013 04:26 PM, Reindl Harald wrote: forget it - SNI is relevant for webservers because different vhosts with different contents, typically not for mailservers why do you start the burden of different certs instead mail.your-company.tld and give that hostname to any user? While it's true that there is no strictly technical benefit to SNI in IMAP, it can perhaps have benefits in terms of presentability. Hosted domain customers might want to be able to use their own certificates issued to them rather than using Subject Alternate Names etc, for purely cosmetic reasons.
Re: [Dovecot] TLS SNI with Dovecot
Am 22.12.2013 23:09, schrieb Gedalya: On 12/22/2013 04:26 PM, Reindl Harald wrote: forget it - SNI is relevant for webservers because different vhosts with different contents, typically not for mailservers why do you start the burden of different certs instead mail.your-company.tld and give that hostname to any user? While it's true that there is no strictly technical benefit to SNI in IMAP, it can perhaps have benefits in terms of presentability. Hosted domain customers might want to be able to use their own certificates issued to them rather than using Subject Alternate Names etc, for purely cosmetic reasons. hopefully they pay for that cosmetic reasons or leave technical things to techs keep in mind that you need a certificate with each used domain as SAN (subject alternative name) which means each time you host a new domain you need to change the certificate - Thawte calculates 169,- per jear and SAN - have fun :-) then there are mail-clients - which of them do not support SNI, or in case of mail clients which of them do support it properly and how is the presentability in case of certificate warnings for the one which does not 169,- for cosmetic reasons - well, i would prefer a chiropody instead. signature.asc Description: OpenPGP digital signature
[Dovecot] move mailbox to LAYOUT=fs
Hello, I think about migrating small servers storage to LAYOUT=fs (http://wiki2.dovecot.org/MailLocation/Maildir#Directory_layout) Is there a smooth way to adjust the existing folders? Andreas
[Dovecot] auth: Error: net_accept() failed: Too many open files
Hi All,
I got below errors when I do some 2000 users concurrency test against
dovecot 2.1.7.
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
Dec 23 10:18:52 auth: Error: net_accept() failed: Too many open files
I seems the auth process become the bottleneck as there is only one auth
process.
service auth-worker {
process_limit = 1000
}
service imap-login {
process_min_avail = 48
service_count = 0
}
service imap {
process_limit = 10240
process_min_avail = 8
}
I find that the auth process does not open too many files with lsof, and my
limit is very big(100).
How to fix this?
Thanks!
Re: [Dovecot] Horde + dovecot metadata support
Am 19.12.2013 11:23 schrieb Andreas Schulze: Horde (http://horde.org) has the ability to store its preferences direct into a users imap mailbox using imap metadata extension. There are two implementations of the imap extension. 1. a dovecot plugin: http://hg.dovecot.org/dovecot-metadata-plugin 2. dovecot itself: http://www.dovecot.org/list/dovecot/2013-November/093243.html Hello, thanks to Timo to fix the issue in Version dovecot-2.2.10. With minimal configuration¹ Horde-5.1.5 can now store its preferences in an IMAP folder. ¹ in dovecot.conf: imap_metadata = yes mail_attribute_dict = file:Maildir/dovecot-metadata -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
Re: [Dovecot] [dovecot-2.2.5] Duplicates in mdbox
Hi, radek radekbu...@tlen.pl escribió: Hi I have strange situation with one of mailboxes in mdbox format. Some messages are duplicated, not all. I am sure that is not sieve or another mail client issue, because access is via roundcube without sieve plugin. In maillog I have not found any suspicious information about this problem and i can see that from postfix do dovecot-lda was piped only one copy of message. I have a similar problem, but not the same (if this could give you a clue). In my case I think that is fault of the email client (thunderbird). I have some users with a lot of emails in some folders. These emails are received from web applications that send a lot of of them. In my case, the user receives them in his inbox folder and with a filter in his client they are moved to another folder. This is where I think that duplication are done (since one user move the filter from his client to a sieve script in the server, there are no more duplications ) -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337
