[Dovecot] Patch for Dovecot's quota policy daemon
Hi Timo, we wrote a simple Patch for the Dovecot quota policy daemon. If a user is over quota, I prefer blocking the user sending e-mails, so I need a policy daemon, that's able to use the envelope or sasl sender as lookup key. I'd be happy if that patch can become part of the normale Dovecot releases. Peer Original-Nachricht Betreff: Re: Fwd: Quota-Patch Datum: Wed, 11 Dec 2013 17:33:45 +0100 Von: Stephan Seitz s.se...@heinlein-support.de Organisation: Heinlein Support GmbH An: Peer Heinlein p.heinl...@heinlein-support.de Parameter r Code ENUM QUOTA_MATCH_RECIPIENT Stringmatch recipient= ${recipient} This macro expands to the complete recipient address. A command-line argument that contains ${recipient} expands to as many command-line arguments as there are recipients. This information is modified by the hqu flags for quoting and case folding. Parameter S Code ENUM QUOTA_MATCH_SASLSENDER Stringmatch sasl_sender= ${sasl_sender} This macro expands to the SASL sender name (i.e. the original submitter as per RFC 4954) in the MAIL FROM command when the Postfix SMTP server received the message. This feature is available as of Postfix 2.2. Parameter U Code ENUM QUOTA_MATCH_SASLUSER Stringmatch sasl_username= ${sasl_username} This macro expands to the SASL user name in the AUTH command when the Postfix SMTP server received the message. This feature is available as of Postfix 2.2. Parameter s Code ENUM QUOTA_MATCH_SENDER Stringmatch sender= ${sender} This macro expands to the envelope sender address. By default, the null sender address expands to MAILER-DAEMON; this can be changed with the null_sender attribute, as described above. This information is modified by the q flag for quoting. -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin diff -urH dovecot-2.2.4/src/plugins/quota/quota-status.c ../workspace/dovecot/src/plugins/quota/quota-status.c --- dovecot-2.2.4/src/plugins/quota/quota-status.c 2013-06-16 23:04:28.0 +0200 +++ ../workspace/dovecot/src/plugins/quota/quota-status.c 2013-07-15 22:43:10.059402790 +0200 @@ -18,14 +18,26 @@ QUOTA_PROTOCOL_POSTFIX }; +enum quota_user_match { + QUOTA_MATCH_UNDEF = 0, + QUOTA_MATCH_RECIPIENT, + QUOTA_MATCH_SENDER, + QUOTA_MATCH_SASLUSER, + QUOTA_MATCH_SASLSENDER +}; + struct quota_client { struct connection conn; - char *recipient; + char *recipient; // recipient= + char *sender; // sender= + char *sasluser; // sasl_username= + char *saslsender; // sasl_sender= uoff_t size; }; static enum quota_protocol protocol; +static enum quota_user_match matches; static struct mail_storage_service_ctx *storage_service; static struct connection_list *clients; static char *nouser_reply; @@ -43,6 +55,9 @@ static void client_reset(struct quota_client *client) { i_free_and_null(client-recipient); + i_free_and_null(client-sender); + i_free_and_null(client-sasluser); + i_free_and_null(client-saslsender); } static int @@ -84,13 +99,23 @@ const char *value = NULL, *error; int ret; - if (client-recipient == NULL) { + if (((matches QUOTA_MATCH_RECIPIENT) client-recipient == NULL) || + ((matches QUOTA_MATCH_SENDER) client-sender == NULL) || + ((matches QUOTA_MATCH_SASLUSER) client-sasluser == NULL) || + ((matches QUOTA_MATCH_SASLSENDER) client-saslsender == NULL)) { o_stream_send_str(client-conn.output, action=DUNNO\n\n); return; } memset(input, 0, sizeof(input)); - input.username = client-recipient; + if (matches QUOTA_MATCH_RECIPIENT) + input.username = client-recipient; + else if (matches QUOTA_MATCH_SENDER) + input.username = client-sender; + else if (matches QUOTA_MATCH_SASLUSER) + input.username = client-sasluser; + else if (matches QUOTA_MATCH_SASLSENDER) + input.username = client-saslsender; ret = mail_storage_service_lookup_next(storage_service, input, service_user, user, error); @@ -134,9 +159,18 @@ client_reset(client); return 1; } - if (client-recipient == NULL + if ((matches QUOTA_MATCH_RECIPIENT) client-recipient == NULL strncmp(line, recipient=, 10) == 0) client-recipient = i_strdup(line + 10); + else if ((matches QUOTA_MATCH_SENDER)
[Dovecot] dovecot-postfix stack imap_client_workarounds
To use dovecot-postfix stack with thunderbird, do I put the configuration into /usr/share/dovecot/protocols.d/impad.protocol? That would seem to be how the stack is configured. Thunderbird To use with Thunderbird, edit the file /etc/dovecot/dovecot.conf: protocol imap { ... login_greeting_capability = yes imap_client_workarounds = tb-extra-mailbox-sep } https://help.ubuntu.com/community/Dovecot thufir@dur:~$ thufir@dur:~$ cat /usr/share/dovecot/protocols.d/imapd.protocol protocols = $protocols imap thufir@dur:~$ thufir@dur:~$ dovecot -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-44-generic i686 Ubuntu 12.04.3 LTS mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } ssl_cert = /etc/ssl/certs/dovecot.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = /etc/ssl/private/dovecot.pem userdb { driver = passwd } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = postmaster quota_full_tempfail = yes rejection_reason = Your message to %t was automatically rejected:%n%r } thufir@dur:~$ thufir@dur:~$ thanks, Thufir
[Dovecot] Thunderbird message cache out of sync after repetitive rsyncs...
Ok, hopefully there is a solution to this. I've been experimenting with multiple rsyncs in preparation for pulling the trigger on the mail server switch, but have a problem that I really want to fox before doing so. Apparently something causes Thunderbirds local message cache to get out of sync with dovecot after a sync. Here is the series of commands I'm running: 1. stop postfix, stop dovecot on new server 2. rsync -rltgovDHP --delete --exclude-from 'excludes.txt' /path/to/vmail/example.com/ /var/vmail/example.com/ 3. chown vmail:vmail /var/vmail 4. start dovecot, start postfix ls -al /var/vmail/example.com/user/cur shows all of the messages that should be there, and all perms are correct. Go to my account that is pointed to this mail server/account, and none of the new messages show up. Also, some messages are still showing up that shouldn't. I've tried compacting the folders, closing/relaunching Thunderbird, but nothing helps. The only way to get them to show up is to go to the local Thunderbird cache for the account, and delete the files associated with the folder having the problem. The problem is, ALL folders will have this problem, which means that everyone will need to delete ALL of their local cahced folders. This will be a major support problem. Anyone have any ideas? -- Best regards, */Charles/*
Re: [Dovecot] Thunderbird message cache out of sync after repetitive rsyncs...
Am 24.12.2013 18:02, schrieb Charles Marcus: Ok, hopefully there is a solution to this. I've been experimenting with multiple rsyncs in preparation for pulling the trigger on the mail server switch, but have a problem that I really want to fox before doing so. Apparently something causes Thunderbirds local message cache to get out of sync with dovecot after a sync that is not dovecot specific and a thunderbird problem right click on the folder - properties - repair it happens from time to time that after that messages re-appear and this happens on any mailserver, not only dovecot signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Thunderbird message cache out of sync after repetitive rsyncs...
On 2013-12-24 12:04 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 24.12.2013 18:02, schrieb Charles Marcus: Apparently something causes Thunderbirds local message cache to get out of sync with dovecot after a sync that is not dovecot specific and a thunderbird problem right click on the folder - properties - repair it happens from time to time that after that messages re-appear and this happens on any mailserver, not only dovecot Thanks, that won't be quite so bad - except for people who have dozens (some almost a hundred) folders... I think it might be better to just delete the local cached copies of everything. Do you know if there is an open bug for Thunderbird for this? -- Best regards, */Charles/*
Re: [Dovecot] Thunderbird message cache out of sync after repetitive rsyncs...
Am 24.12.2013 18:16, schrieb Charles Marcus: On 2013-12-24 12:04 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 24.12.2013 18:02, schrieb Charles Marcus: Apparently something causes Thunderbirds local message cache to get out of sync with dovecot after a sync that is not dovecot specific and a thunderbird problem right click on the folder - properties - repair it happens from time to time that after that messages re-appear and this happens on any mailserver, not only dovecot Thanks, that won't be quite so bad - except for people who have dozens (some almost a hundred) folders... I think it might be better to just delete the local cached copies of everything. * stop thunderbird * delete any .msf file you find * you are done i am doing this once a year as well as for the global-messages-db.sqlite after i archive my current message structure below 2013 at the end of the year and let rebuild the whole caches Do you know if there is an open bug for Thunderbird for this? i doubt there is a way to debug this predictable it happens AFAIK when different clients are changing the mailbox state at the same time and i doubt this only affects thunderbird, but only for thundebrir dteh global fix is possible that easy signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Thunderbird message cache out of sync after repetitive rsyncs...
On 12/24/2013 11:02 AM, Charles Marcus wrote: Ok, hopefully there is a solution to this. I've been experimenting with multiple rsyncs in preparation for pulling the trigger on the mail server switch, but have a problem that I really want to fox before doing so. Apparently something causes Thunderbirds local message cache to get out of sync with dovecot after a sync. Here is the series of commands I'm running: 1. stop postfix, stop dovecot on new server 2. rsync -rltgovDHP --delete --exclude-from 'excludes.txt' /path/to/vmail/example.com/ /var/vmail/example.com/ 3. chown vmail:vmail /var/vmail 4. start dovecot, start postfix ls -al /var/vmail/example.com/user/cur shows all of the messages that should be there, and all perms are correct. Go to my account that is pointed to this mail server/account, and none of the new messages show up. Also, some messages are still showing up that shouldn't. I've tried compacting the folders, closing/relaunching Thunderbird, but nothing helps. The only way to get them to show up is to go to the local Thunderbird cache for the account, and delete the files associated with the folder having the problem. The problem is, ALL folders will have this problem, which means that everyone will need to delete ALL of their local cahced folders. This will be a major support problem. Anyone have any ideas? The source of the problem is almost certainly out of sync Dovecot index files between the old and new servers, and thus TBird. After an rsync copy of the mails the new server must create the indexes on-the-fly when TBird connects, and the resulting new indexes are likely not identical to the old server. Thus TBird is seeing a different mailbox view. TBird keeps its own indexes for all IMAP folders. It has nothing little or nothing to do with local cached copies of folders. I don't use GLODA and I don't cache locally, but I still have a .msf file for each Dovecot IMAP folder, some of them multiple MBs in size. These are strictly indexes. It's these local indexes not being in sync with your new Dovecot server indexes that I'm pretty sure is the cause of your problem. If the mailbox contents are identical before/after the copy, you might try copying the indexes over from the old mail server, preserving permissions, creation time, atime, etc. If the server indexes are identical before/after the rsync you should avoid this problem, assuming everything else is identical, including server hostnames, IP addresses, encryption key, etc, etc. TBird tracks mailboxes by server name in Account Settings after all. If the server name changes that'll cause TBird to create an alternate local folder hierarchy in the profile directory. And that'll wreak havoc on your indexes, mailbox view, etc. -- Stan
[Dovecot] SHA512-CRYPT scheme fails password verification
Hello, If I try to use the crypt schemes provided by libc. I fail as follows: jnikula@jlaptop:~/$ doveadm pw -s SHA512-CRYPT -p 123456 {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u. jnikula@jlaptop:~/$ doveadm pw -t {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u. -p 123456 doveadm(jnikula): Fatal: reverse password verification check failed: Password mismatch Using SHA512 sum scheme (-s SHA512) works ok in the same manner. I have dovecot version 2.2.9 on Linux 3.11.0-14-generic x86_64 Ubuntu 13.10 and I get the same results on 32-bit Debian as well. Does anyone have idea what's wrong? Thanks in advance, Jouko Nikula
Re: [Dovecot] SHA512-CRYPT scheme fails password verification
On 12/24/2013 7:16 PM, Jouko Nikula wrote: Hello, If I try to use the crypt schemes provided by libc. I fail as follows: jnikula@jlaptop:~/$ doveadm pw -s SHA512-CRYPT -p 123456 {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u. jnikula@jlaptop:~/$ doveadm pw -t {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u. -p 123456 doveadm(jnikula): Fatal: reverse password verification check failed: Password mismatch Using SHA512 sum scheme (-s SHA512) works ok in the same manner. I have dovecot version 2.2.9 on Linux 3.11.0-14-generic x86_64 Ubuntu 13.10 and I get the same results on 32-bit Debian as well. Does anyone have idea what's wrong? You're being bitten by shell interpretation/expansion. You need to make the hash an uninterpretted literal (in bourne-type shells, wrap it in single quotes): # doveadm pw -s SHA512-CRYPT -p 123456 {SHA512-CRYPT}$6$ZmAHfx//YBcuQdpt$/vUoc3G7y/v9JMSfrz0zhdBTs2U5ZmyLZbB6BEpV3BBi8f9N70kNf6xZWAnhE.hQn46pQhpIwnziIdNfjlAKu1 # doveadm pw -t {SHA512-CRYPT}$6$ZmAHfx//YBcuQdpt$/vUoc3G7y/v9JMSfrz0zhdBTs2U5ZmyLZbB6BEpV3BBi8f9N70kNf6xZWAnhE.hQn46pQhpIwnziIdNfjlAKu1 -p 123456 doveadm(root): Fatal: reverse password verification check failed: Password mismatch # doveadm pw -t '{SHA512-CRYPT}$6$ZmAHfx//YBcuQdpt$/vUoc3G7y/v9JMSfrz0zhdBTs2U5ZmyLZbB6BEpV3BBi8f9N70kNf6xZWAnhE.hQn46pQhpIwnziIdNfjlAKu1' -p 123456 {SHA512-CRYPT}$6$ZmAHfx//YBcuQdpt$/vUoc3G7y/v9JMSfrz0zhdBTs2U5ZmyLZbB6BEpV3BBi8f9N70kNf6xZWAnhE.hQn46pQhpIwnziIdNfjlAKu1 (verified)
[Dovecot] LMTP with virtual and system users
Hi, I have a mailsystem where i have some local users with shell access and full home dirs which receive mail and also several SQL virtual users only for mail. With the virtual users, everything works fine. Mail is delivered via LMTP and also sieve works :) The SQL Lookup knows what to do with usern...@domain.com The problem is the system user. If exim delivers the mail to the lmtp socket, the LMTPd can't find usern...@local.host I would be able to specify the global auth_username_format=%n but then my SQL queries break and I like the possibility to have x...@domain1.com and x...@domain2.com routed to two different accounts. As I have seen in the source, I can't specify username_format=%n in the passdb { driver = pam } backend. Do you have any suggestion how to solve this issue? thanks Philipp # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.3 auth_debug = yes auth_verbose = yes first_valid_uid = 100 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_debug = yes mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { driver = pam } plugin { mail_log_fields = uid box msgid size from subject flags sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmas...@rudolfina.at protocols = imap lmtp sieve service auth { unix_listener auth-client { group = Debian-exim mode = 0660 } } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } ssl_cert = /etc/exim4/exim.crt ssl_key = /etc/exim4/exim.key userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } userdb { driver = passwd } protocol lmtp { mail_plugins = quota sieve } protocol lda { mail_plugins = sieve } protocol imap { mail_plugins = quota } protocol sieve { mail_max_userip_connections = 10 managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 } user_query = \ SELECT concat('maildir:/var/spool/virtual_mail/', mailbox,'/Maildir/') as mail, \ concat('/var/spool/virtual_mail/', mailbox,'/') as home, \ 100 as uid, 102 as gid \ FROM email \ WHERE mailbox = '%u' password_query = \ SELECT mailbox as user, \ boxpass as password \ FROM email \ WHERE mailbox = '%u'
Re: [Dovecot] SHA512-CRYPT scheme fails password verification
On Wed, Dec 25, 2013 at 2:07 PM, Darren Pilgrim list_dove...@bluerosetech.com wrote: You're being bitten by shell interpretation/expansion. You need to make the hash an uninterpretted literal (in bourne-type shells, wrap it in single quotes): Ah, yes of course. Works now. Thanks!