[Dovecot] Patch for Dovecot's quota policy daemon
Hi Timo,
we wrote a simple Patch for the Dovecot quota policy daemon.
If a user is over quota, I prefer blocking the user sending e-mails, so
I need a policy daemon, that's able to use the envelope or sasl sender
as lookup key.
I'd be happy if that patch can become part of the normale Dovecot releases.
Peer
Original-Nachricht
Betreff: Re: Fwd: Quota-Patch
Datum: Wed, 11 Dec 2013 17:33:45 +0100
Von: Stephan Seitz s.se...@heinlein-support.de
Organisation: Heinlein Support GmbH
An: Peer Heinlein p.heinl...@heinlein-support.de
Parameter r
Code ENUM QUOTA_MATCH_RECIPIENT
Stringmatch recipient=
${recipient}
This macro expands to the complete recipient
address.
A command-line argument that contains
${recipient} expands to as many command-line
arguments as there are recipients.
This information is modified by the hqu
flags for quoting and case folding.
Parameter S
Code ENUM QUOTA_MATCH_SASLSENDER
Stringmatch sasl_sender=
${sasl_sender}
This macro expands to the SASL sender name
(i.e. the original submitter as per RFC
4954) in the MAIL FROM command when the
Postfix SMTP server received the message.
This feature is available as of Postfix 2.2.
Parameter U
Code ENUM QUOTA_MATCH_SASLUSER
Stringmatch sasl_username=
${sasl_username}
This macro expands to the SASL user name in
the AUTH command when the Postfix SMTP
server received the message.
This feature is available as of Postfix 2.2.
Parameter s
Code ENUM QUOTA_MATCH_SENDER
Stringmatch sender=
${sender}
This macro expands to the envelope sender
address. By default, the null sender address
expands to MAILER-DAEMON; this can be
changed with the null_sender attribute, as
described above.
This information is modified by the q flag
for quoting.
--
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-42
Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin
diff -urH dovecot-2.2.4/src/plugins/quota/quota-status.c ../workspace/dovecot/src/plugins/quota/quota-status.c
--- dovecot-2.2.4/src/plugins/quota/quota-status.c 2013-06-16 23:04:28.0 +0200
+++ ../workspace/dovecot/src/plugins/quota/quota-status.c 2013-07-15 22:43:10.059402790 +0200
@@ -18,14 +18,26 @@
QUOTA_PROTOCOL_POSTFIX
};
+enum quota_user_match {
+ QUOTA_MATCH_UNDEF = 0,
+ QUOTA_MATCH_RECIPIENT,
+ QUOTA_MATCH_SENDER,
+ QUOTA_MATCH_SASLUSER,
+ QUOTA_MATCH_SASLSENDER
+};
+
struct quota_client {
struct connection conn;
- char *recipient;
+ char *recipient; // recipient=
+ char *sender; // sender=
+ char *sasluser; // sasl_username=
+ char *saslsender; // sasl_sender=
uoff_t size;
};
static enum quota_protocol protocol;
+static enum quota_user_match matches;
static struct mail_storage_service_ctx *storage_service;
static struct connection_list *clients;
static char *nouser_reply;
@@ -43,6 +55,9 @@
static void client_reset(struct quota_client *client)
{
i_free_and_null(client-recipient);
+ i_free_and_null(client-sender);
+ i_free_and_null(client-sasluser);
+ i_free_and_null(client-saslsender);
}
static int
@@ -84,13 +99,23 @@
const char *value = NULL, *error;
int ret;
- if (client-recipient == NULL) {
+ if (((matches QUOTA_MATCH_RECIPIENT) client-recipient == NULL) ||
+ ((matches QUOTA_MATCH_SENDER) client-sender == NULL) ||
+ ((matches QUOTA_MATCH_SASLUSER) client-sasluser == NULL) ||
+ ((matches QUOTA_MATCH_SASLSENDER) client-saslsender == NULL)) {
o_stream_send_str(client-conn.output, action=DUNNO\n\n);
return;
}
memset(input, 0, sizeof(input));
- input.username = client-recipient;
+ if (matches QUOTA_MATCH_RECIPIENT)
+ input.username = client-recipient;
+ else if (matches QUOTA_MATCH_SENDER)
+ input.username = client-sender;
+ else if (matches QUOTA_MATCH_SASLUSER)
+ input.username = client-sasluser;
+ else if (matches QUOTA_MATCH_SASLSENDER)
+ input.username = client-saslsender;
ret = mail_storage_service_lookup_next(storage_service, input,
service_user, user, error);
@@ -134,9 +159,18 @@
client_reset(client);
return 1;
}
- if (client-recipient == NULL
+ if ((matches QUOTA_MATCH_RECIPIENT) client-recipient == NULL
strncmp(line, recipient=, 10) == 0)
client-recipient = i_strdup(line + 10);
+ else if ((matches QUOTA_MATCH_SENDER)
[Dovecot] dovecot-postfix stack imap_client_workarounds
To use dovecot-postfix stack with thunderbird, do I put the
configuration into /usr/share/dovecot/protocols.d/impad.protocol? That
would seem to be how the stack is configured.
Thunderbird
To use with Thunderbird, edit the file /etc/dovecot/dovecot.conf:
protocol imap {
...
login_greeting_capability = yes
imap_client_workarounds = tb-extra-mailbox-sep
}
https://help.ubuntu.com/community/Dovecot
thufir@dur:~$
thufir@dur:~$ cat /usr/share/dovecot/protocols.d/imapd.protocol
protocols = $protocols imap
thufir@dur:~$
thufir@dur:~$ dovecot -n
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.5.0-44-generic i686 Ubuntu 12.04.3 LTS
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap pop3 sieve
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_max_userip_connections = 10
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = postmaster
quota_full_tempfail = yes
rejection_reason = Your message to %t was automatically rejected:%n%r
}
thufir@dur:~$
thufir@dur:~$
thanks,
Thufir
[Dovecot] Thunderbird message cache out of sync after repetitive rsyncs...
Ok, hopefully there is a solution to this. I've been experimenting with multiple rsyncs in preparation for pulling the trigger on the mail server switch, but have a problem that I really want to fox before doing so. Apparently something causes Thunderbirds local message cache to get out of sync with dovecot after a sync. Here is the series of commands I'm running: 1. stop postfix, stop dovecot on new server 2. rsync -rltgovDHP --delete --exclude-from 'excludes.txt' /path/to/vmail/example.com/ /var/vmail/example.com/ 3. chown vmail:vmail /var/vmail 4. start dovecot, start postfix ls -al /var/vmail/example.com/user/cur shows all of the messages that should be there, and all perms are correct. Go to my account that is pointed to this mail server/account, and none of the new messages show up. Also, some messages are still showing up that shouldn't. I've tried compacting the folders, closing/relaunching Thunderbird, but nothing helps. The only way to get them to show up is to go to the local Thunderbird cache for the account, and delete the files associated with the folder having the problem. The problem is, ALL folders will have this problem, which means that everyone will need to delete ALL of their local cahced folders. This will be a major support problem. Anyone have any ideas? -- Best regards, */Charles/*
Re: [Dovecot] Thunderbird message cache out of sync after repetitive rsyncs...
Am 24.12.2013 18:02, schrieb Charles Marcus: Ok, hopefully there is a solution to this. I've been experimenting with multiple rsyncs in preparation for pulling the trigger on the mail server switch, but have a problem that I really want to fox before doing so. Apparently something causes Thunderbirds local message cache to get out of sync with dovecot after a sync that is not dovecot specific and a thunderbird problem right click on the folder - properties - repair it happens from time to time that after that messages re-appear and this happens on any mailserver, not only dovecot signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Thunderbird message cache out of sync after repetitive rsyncs...
On 2013-12-24 12:04 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 24.12.2013 18:02, schrieb Charles Marcus: Apparently something causes Thunderbirds local message cache to get out of sync with dovecot after a sync that is not dovecot specific and a thunderbird problem right click on the folder - properties - repair it happens from time to time that after that messages re-appear and this happens on any mailserver, not only dovecot Thanks, that won't be quite so bad - except for people who have dozens (some almost a hundred) folders... I think it might be better to just delete the local cached copies of everything. Do you know if there is an open bug for Thunderbird for this? -- Best regards, */Charles/*
Re: [Dovecot] Thunderbird message cache out of sync after repetitive rsyncs...
Am 24.12.2013 18:16, schrieb Charles Marcus: On 2013-12-24 12:04 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 24.12.2013 18:02, schrieb Charles Marcus: Apparently something causes Thunderbirds local message cache to get out of sync with dovecot after a sync that is not dovecot specific and a thunderbird problem right click on the folder - properties - repair it happens from time to time that after that messages re-appear and this happens on any mailserver, not only dovecot Thanks, that won't be quite so bad - except for people who have dozens (some almost a hundred) folders... I think it might be better to just delete the local cached copies of everything. * stop thunderbird * delete any .msf file you find * you are done i am doing this once a year as well as for the global-messages-db.sqlite after i archive my current message structure below 2013 at the end of the year and let rebuild the whole caches Do you know if there is an open bug for Thunderbird for this? i doubt there is a way to debug this predictable it happens AFAIK when different clients are changing the mailbox state at the same time and i doubt this only affects thunderbird, but only for thundebrir dteh global fix is possible that easy signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Thunderbird message cache out of sync after repetitive rsyncs...
On 12/24/2013 11:02 AM, Charles Marcus wrote: Ok, hopefully there is a solution to this. I've been experimenting with multiple rsyncs in preparation for pulling the trigger on the mail server switch, but have a problem that I really want to fox before doing so. Apparently something causes Thunderbirds local message cache to get out of sync with dovecot after a sync. Here is the series of commands I'm running: 1. stop postfix, stop dovecot on new server 2. rsync -rltgovDHP --delete --exclude-from 'excludes.txt' /path/to/vmail/example.com/ /var/vmail/example.com/ 3. chown vmail:vmail /var/vmail 4. start dovecot, start postfix ls -al /var/vmail/example.com/user/cur shows all of the messages that should be there, and all perms are correct. Go to my account that is pointed to this mail server/account, and none of the new messages show up. Also, some messages are still showing up that shouldn't. I've tried compacting the folders, closing/relaunching Thunderbird, but nothing helps. The only way to get them to show up is to go to the local Thunderbird cache for the account, and delete the files associated with the folder having the problem. The problem is, ALL folders will have this problem, which means that everyone will need to delete ALL of their local cahced folders. This will be a major support problem. Anyone have any ideas? The source of the problem is almost certainly out of sync Dovecot index files between the old and new servers, and thus TBird. After an rsync copy of the mails the new server must create the indexes on-the-fly when TBird connects, and the resulting new indexes are likely not identical to the old server. Thus TBird is seeing a different mailbox view. TBird keeps its own indexes for all IMAP folders. It has nothing little or nothing to do with local cached copies of folders. I don't use GLODA and I don't cache locally, but I still have a .msf file for each Dovecot IMAP folder, some of them multiple MBs in size. These are strictly indexes. It's these local indexes not being in sync with your new Dovecot server indexes that I'm pretty sure is the cause of your problem. If the mailbox contents are identical before/after the copy, you might try copying the indexes over from the old mail server, preserving permissions, creation time, atime, etc. If the server indexes are identical before/after the rsync you should avoid this problem, assuming everything else is identical, including server hostnames, IP addresses, encryption key, etc, etc. TBird tracks mailboxes by server name in Account Settings after all. If the server name changes that'll cause TBird to create an alternate local folder hierarchy in the profile directory. And that'll wreak havoc on your indexes, mailbox view, etc. -- Stan
[Dovecot] SHA512-CRYPT scheme fails password verification
Hello,
If I try to use the crypt schemes provided by libc. I fail as follows:
jnikula@jlaptop:~/$ doveadm pw -s SHA512-CRYPT -p 123456
{SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u.
jnikula@jlaptop:~/$ doveadm pw -t
{SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u.
-p 123456
doveadm(jnikula): Fatal: reverse password verification check failed:
Password mismatch
Using SHA512 sum scheme (-s SHA512) works ok in the same manner.
I have dovecot version 2.2.9 on Linux 3.11.0-14-generic x86_64 Ubuntu
13.10 and I get the same results on 32-bit Debian as well. Does anyone
have idea what's wrong?
Thanks in advance,
Jouko Nikula
Re: [Dovecot] SHA512-CRYPT scheme fails password verification
On 12/24/2013 7:16 PM, Jouko Nikula wrote:
Hello,
If I try to use the crypt schemes provided by libc. I fail as follows:
jnikula@jlaptop:~/$ doveadm pw -s SHA512-CRYPT -p 123456
{SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u.
jnikula@jlaptop:~/$ doveadm pw -t
{SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u.
-p 123456
doveadm(jnikula): Fatal: reverse password verification check failed:
Password mismatch
Using SHA512 sum scheme (-s SHA512) works ok in the same manner.
I have dovecot version 2.2.9 on Linux 3.11.0-14-generic x86_64 Ubuntu
13.10 and I get the same results on 32-bit Debian as well. Does anyone
have idea what's wrong?
You're being bitten by shell interpretation/expansion. You need to make
the hash an uninterpretted literal (in bourne-type shells, wrap it in
single quotes):
# doveadm pw -s SHA512-CRYPT -p 123456
{SHA512-CRYPT}$6$ZmAHfx//YBcuQdpt$/vUoc3G7y/v9JMSfrz0zhdBTs2U5ZmyLZbB6BEpV3BBi8f9N70kNf6xZWAnhE.hQn46pQhpIwnziIdNfjlAKu1
# doveadm pw -t
{SHA512-CRYPT}$6$ZmAHfx//YBcuQdpt$/vUoc3G7y/v9JMSfrz0zhdBTs2U5ZmyLZbB6BEpV3BBi8f9N70kNf6xZWAnhE.hQn46pQhpIwnziIdNfjlAKu1
-p 123456
doveadm(root): Fatal: reverse password verification check failed:
Password mismatch
# doveadm pw -t
'{SHA512-CRYPT}$6$ZmAHfx//YBcuQdpt$/vUoc3G7y/v9JMSfrz0zhdBTs2U5ZmyLZbB6BEpV3BBi8f9N70kNf6xZWAnhE.hQn46pQhpIwnziIdNfjlAKu1'
-p 123456
{SHA512-CRYPT}$6$ZmAHfx//YBcuQdpt$/vUoc3G7y/v9JMSfrz0zhdBTs2U5ZmyLZbB6BEpV3BBi8f9N70kNf6xZWAnhE.hQn46pQhpIwnziIdNfjlAKu1
(verified)
[Dovecot] LMTP with virtual and system users
Hi,
I have a mailsystem where i have some local users with shell access and
full home dirs which receive mail and also several SQL virtual users
only for mail.
With the virtual users, everything works fine. Mail is delivered via
LMTP and also sieve works :)
The SQL Lookup knows what to do with usern...@domain.com
The problem is the system user. If exim delivers the mail to the lmtp
socket, the LMTPd can't find usern...@local.host
I would be able to specify the global auth_username_format=%n but then
my SQL queries break and I like the possibility to have x...@domain1.com
and x...@domain2.com routed to two different accounts.
As I have seen in the source, I can't specify username_format=%n in the
passdb { driver = pam } backend. Do you have any suggestion how to
solve this issue?
thanks
Philipp
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-686-pae i686 Debian 7.3
auth_debug = yes
auth_verbose = yes
first_valid_uid = 100
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_debug = yes
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
driver = pam
}
plugin {
mail_log_fields = uid box msgid size from subject flags
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
postmaster_address = postmas...@rudolfina.at
protocols = imap lmtp sieve
service auth {
unix_listener auth-client {
group = Debian-exim
mode = 0660
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
process_min_avail = 0
service_count = 1
vsz_limit = 64 M
}
ssl_cert = /etc/exim4/exim.crt
ssl_key = /etc/exim4/exim.key
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
userdb {
driver = passwd
}
protocol lmtp {
mail_plugins = quota sieve
}
protocol lda {
mail_plugins = sieve
}
protocol imap {
mail_plugins = quota
}
protocol sieve {
mail_max_userip_connections = 10
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
}
user_query = \
SELECT concat('maildir:/var/spool/virtual_mail/', mailbox,'/Maildir/') as
mail, \
concat('/var/spool/virtual_mail/', mailbox,'/') as home, \
100 as uid, 102 as gid \
FROM email \
WHERE mailbox = '%u'
password_query = \
SELECT mailbox as user, \
boxpass as password \
FROM email \
WHERE mailbox = '%u'
Re: [Dovecot] SHA512-CRYPT scheme fails password verification
On Wed, Dec 25, 2013 at 2:07 PM, Darren Pilgrim list_dove...@bluerosetech.com wrote: You're being bitten by shell interpretation/expansion. You need to make the hash an uninterpretted literal (in bourne-type shells, wrap it in single quotes): Ah, yes of course. Works now. Thanks!
