Re: [Dovecot] how to separate virtual delivery and authentication?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 30 Dec 2013, Mihai Badici wrote: I have a pure ldap setting with postfix and dovecot. When using dovecot delivery, the recipient is checked via ldap. The same ldap query is used when authenticate. So, if I want to authenticate with the uid , I can't use a filter like uid=%u because the delivery will fail. I don't want to use %nor something else because I could use multiple e-mail addresses on a single account. I actually use a filter like ( mail=%u)|(uid=%u) but I think for more complex situations should be better to have two separate filters, one for authentication and the other for the delivery. What is your oppinion? There are two filters already: 1) the passdb filter which is used to find users during authentication 2) the userdb filter which is used to get the information about users, e.g. after auth and for delivery The responses of both queries are cached, too. Where / how would you like to have another filter? What is to get better? If you want to make the LDAP search more efficient, you could add another LDAP attribute, index it, add all writings of the users there, e.g.: dn: uid=user, uid: user mail: forename.surn...@example.com maildrop: user maildrop: u...@host.sub.example.org maildrop: forename.surn...@example.com maildrop: forename.surn...@example2.com maildrop: forename.oldsurn...@example.com maildrop: al...@part.aliasdomain.net However, the values of maildrop must be unique among all users. The passdb filter uses uid only, userdb uses maildrop only. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUsu0D13r2wJMiz2NAQJhEQf/ZJbC3z4XlMHrkae1yeWN4M4sWAFV7K8Y +PewH7IIZMwOvx2uiJXKFdhVqoPkseidwKEYJC2e0mSqAAE+wCiqqRj6Oeo1kAKt tVn6EofgabABf03SCULU3YfCITt2F7GBAyMv4kxEMH1WKxdBiABcTmRXhWJzyWPl aMLc+Z4Jqaedq6m8/efR2JlLsCYflmeeCk8vNNguqXifcnUwqTSRvwGnwn+Ny7Eq lgGCbIYNHZVXcUelRmsJ+F4p1ed6rYX1me/+Q8QgQBCKSWaWiBTslgBLpHhdM4+d ISqIcJcV1djlqT6NA3TpMuicv4RkglzvRl07DbvTKzDmhOB8pKdb6g== =HD5o -END PGP SIGNATURE-
Re: [Dovecot] using OR in doveadm search query
This works for me (at least with tcsh): $ doveadm search mailbox shared/* OR (SUBJECT a) (SUBJECT b) doveadm does not complain anymore but it does not find anything. I guess because now the query has become a mailbox name that does not exist. ( I am using dovecot 2.2.9) -- Willem-Jan de Hoog
Re: [Dovecot] how to separate virtual delivery and authentication?
On Tuesday 07 January 2014 09:00:15 you wrote: On Mon, 30 Dec 2013, Mihai Badici wrote: I have a pure ldap setting with postfix and dovecot. When using dovecot delivery, the recipient is checked via ldap. The same ldap query is used when authenticate. So, if I want to authenticate with the uid , I can't use a filter like uid=%u because the delivery will fail. I don't want to use %nor something else because I could use multiple e-mail addresses on a single account. I actually use a filter like ( mail=%u)|(uid=%u) but I think for more complex situations should be better to have two separate filters, one for authentication and the other for the delivery. What is your oppinion? There are two filters already: 1) the passdb filter which is used to find users during authentication 2) the userdb filter which is used to get the information about users, e.g. after auth and for delivery The passdb filter uses uid only, userdb uses maildrop only. There is not the efficiency , but the flexibility who interest me. There are two sepparate processes: delivery and authentication. During delivery, dovecot will check if the mailbox exists and where it is located; it is not important how the user is authenticated. During authentication, there is user, pasword and mailbox location, iti is not important if the user has an valid e-mail address. When the filter is accessed by the delivery module, the query string must be the e-mail ( all other solutions will fail when multiple e-mail addresses and non-standard uid are used). When the filter is accessed via the authentication module, the query will contain the username, not the e-mail . So basically there is not the same string provided as argument for the query filter. We need all sort of workarounds to solve this dilema, like the or between mail and uid , split the e-mail address as %u and % d and so on With two query strings, one for authentication and the other for delivery I think it could be more elegant and clear. -- Steffen Kaiser -- Mihai Bădici http://mihai.badici.ro
Re: [Dovecot] how to separate virtual delivery and authentication?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 7 Jan 2014, Mihai Badici wrote: On Tuesday 07 January 2014 09:00:15 you wrote: On Mon, 30 Dec 2013, Mihai Badici wrote: I have a pure ldap setting with postfix and dovecot. When using dovecot delivery, the recipient is checked via ldap. The same ldap query is used when authenticate. So, if I want to authenticate with the uid , I can't use a filter like uid=%u because the delivery will fail. I don't want to use %nor something else because I could use multiple e-mail addresses on a single account. I actually use a filter like ( mail=%u)|(uid=%u) but I think for more complex situations should be better to have two separate filters, one for authentication and the other for the delivery. What is your oppinion? There are two filters already: 1) the passdb filter which is used to find users during authentication 2) the userdb filter which is used to get the information about users, e.g. after auth and for delivery The passdb filter uses uid only, userdb uses maildrop only. There is not the efficiency , but the flexibility who interest me. There are two sepparate processes: delivery and authentication. During delivery, dovecot will check if the mailbox exists and where it is located; it is not important how the user is authenticated. During authentication, there is user, pasword and mailbox location, iti is not important if the user has an valid e-mail address. When the filter is accessed by the delivery module, the query string must be the e-mail ( all other solutions will fail when multiple e-mail addresses and non-standard uid are used). When the filter is accessed via the authentication module, the query will contain the username, not the e-mail . So basically there is not the same string provided as argument for the query filter. We need all sort of workarounds to solve this dilema, like the or between mail and uid , split the e-mail address as %u and % d and so on With two query strings, one for authentication and the other for delivery I think it could be more elegant and clear. IMHO, exactly that works with the maildrop LDAP attribute. You enumerate all mail addresses into maildrop. Use maildrop in userdb filter only. If you like to use uid on command line of doveadm, you need to add the uid to maildrop as well, otherwise have the passdb return another username, e.g. the mail LDAP attribute to convert the uid into mail adress. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUsvRMV3r2wJMiz2NAQIMfAf9F1juWY2KOGkYYPeKcpIZXrJqH3goyCX1 D7+a8Vl4vWMimjpGq13sVB4yrRwnOLViGHGQNcuZtx/sI75hFUqrd93WufYsShiv VyfIeOdPbsBE9M0wje2z8conH3GX0clo/5vPhftgFe+NYQTvrJct8is2N2RPyqrE 8p9SzmjH3mhB0dAoZOeCdxeFWIGqNP59uTGSowRWQH5CX4zCi0IJWWiP6I39ffiV mG5OMdY1bbCCLJQDGwfz9VGeRQ5Gpua5LDThq8QJKzASwkw6G3KtKr0wfGUOkijt gXyFIQEI8QeXvd2xLrEwnmlW/HFETVZnyTQk21n9pq/T0c18lIUqXg== =wTnt -END PGP SIGNATURE-
Re: [Dovecot] Panic: file mailbox-list-maildir.c: line 133: unreached
Citando Robert Schetterer r...@sys4.de: 2.0.9 is old what about upgrade to recent 2.1.x, 2.2.x the latest patchlevel of 2.0.x is 2.0.21 so minimum try upgrade to this, your problem may allready got fixed Upgrading to version 2.2.7 solved the problem. Thank you for the advice. Best Regards, -- Raúl Brás Instituto Superior de Economia e Gestão Universidade de Lisboa
Re: [Dovecot] LMTP with virtual and system users
Hi Adrian,
thanks for your reply. I have also thought in this direction already but
I didn't want to have lda SUID root...
I saw that the Passwd-file passdb supports username_format as argument.
Would it be possible to add this feature also to the LMTP passdb driver?
thanks
Philipp
On 01/01/14 18:25, Adrian Zaugg wrote:
Hi Philipp
You are completely right, the proposed solution doesn't work. It seems
exim always qualifies an address without a domain, I believe this is
because LMTP requiers to get only qualified addresses (LMTP is based on
SMTP and the RFC, if I read it correctly specifies it like this).
So, another solution would be to use LDA for your local users and LMTP
for the rest. The configuration for exim would be: a router and a
transport for your local users using LDA, and your virtual users setup
as you have it using LMTP.
local_user:
debug_print = R: local_user for $local_part@$domain
driver = accept
domains = @ : localhost : ${primary_hostname}
check_local_user
transport = dovecot_lda
cannot_route_message = Unknown user
dovecot_lda:
driver = pipe
command = /usr/lib/dovecot/dovecot-lda \
-f $sender_address \
-a $original_local_part@$original_domain
log_output
delivery_date_add
return_path_add
envelope_to_add
user = $local_part
group = mail
temp_errors = 64 : 69 : 70 : 71 : 72 : 73 : 74 : 75 : 78
Please check man dovecot-lda and the dovecot wiki
(http://wiki2.dovecot.org/LDA/Exim) for details. Also check the
permissions you need for dovecot-lda to write to your mailspool (user
and group options from the transport).
I haven't tried the above, but I think it works like this ...
Best regards, Adrian.
Am 30.12.13 09:40 schrieb Philipp Kolmann:
Hi Adrian,
Am 26.12.2013 12:20, schrieb Adrian Zaugg:
You can use exim to prepare the address as you wish: only the user name
for pam users and the full address for virtual users.
Configure a new router to strip the domain part for pam users:
local_pam_users:
debug_print = R: strip domain for local pam users
driver = redirect
check_local_user
domains = @ : localhost : ${primary_hostname}
data = ${local_part}
redirect_router = local_user
I'm not 100% sure of the domains condition; it should restrict the
router to your domain(s) where your pam users receive their email. The
redirect_router designates the router which routes your local deliveries
to your lmtp transport. Place the new router to run just before your
local_user router.
Since your config works for your virtual users, you don't need to do
anything in addition.
I had tried this once already. I have used your snipplet and attached
the debug output from exim. Sadly it didn't work, because the mtp
process got the foll email again and not just the username.
thanks
Philipp
--
---
DI Mag. Philipp Kolmann mail: kolm...@zid.tuwien.ac.at
Technische Universitaet Wien web: www.zid.tuwien.ac.at
Zentraler Informatikdienst (ZID) tel: +43(1)58801-42011
Wiedner Hauptstr. 8-10, A-1040 WienDVR: 0005886
---
Re: [Dovecot] how to separate virtual delivery and authentication?
IMHO, exactly that works with the maildrop LDAP attribute. You enumerate all mail addresses into maildrop. Use maildrop in userdb filter only. If you like to use uid on command line of doveadm, you need to add the uid to maildrop as well, otherwise have the passdb return another username, e.g. the mail LDAP attribute to convert the uid into mail adress. -- Steffen Kaiser This is also a workaround, adding uid to maildrop. Think at, for example, using Active Directory with dovecot ( I do not recommend that :) ) I wonder if I could use only passdb filter for authentication (and let userdb for delivery) , this could be far better.But I think this is a design issue. -- Mihai Bădici http://mihai.badici.ro
Re: [Dovecot] how to separate virtual delivery and authentication?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 7 Jan 2014, Mihai Badici wrote: IMHO, exactly that works with the maildrop LDAP attribute. You enumerate all mail addresses into maildrop. Use maildrop in userdb filter only. If you like to use uid on command line of doveadm, you need to add the uid to maildrop as well, otherwise have the passdb return another username, e.g. the mail LDAP attribute to convert the uid into mail adress. This is also a workaround, adding uid to maildrop. Think at, for example, using Active Directory with dovecot ( I do not recommend that :) ) I don't know what that means. I wouldn't name it workaround. I wonder if I could use only passdb filter for authentication (and let userdb for delivery) , this could be far better.But I think this is a design issue. Remember: passdb is for authentificating users; userdb is for getting user information. When an user auth's for IMAP, passdb verifies the password and probably overrides the username, in the second step the userdb is queried for the user data. If you use prefetch userdb and provide different passdb and userdb queries, I would not expect a clean run. Maybe, it's better you give a detailed example, which makes your idea more visible. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUsv6nF3r2wJMiz2NAQI5NwgApS5GzJh+0Ywg8WIsVKqzK/B6LJxLBH8B WlnfxBo4Vc6+7j3CdgiIPVPxRXHKCgp0N8uNcafbYTAXjkV5kemhrBD2XqTeFeYC Osg1QjQOhuAHB/G/WSSLB1vRaOy/G1gFN/Y4ZWijabBTIJ1hi9VArraE1JPNzR+u MxoRMJneX5nU5dTbvKs3+YErs54jZubeobctsLpr/JpK6erFUaRcccNvmD/ZGJTc rLErV8GojSbayWExYItwDVlxolbXC4d9ZLA64AMHUqpdyULWP4N9WlyhcCXtJ1zz wgvZEzlcoGw7aaq4EPfmrMyFiRNM702KWsa8Ut8w6iSYc38R7M6SOA== =UU93 -END PGP SIGNATURE-
Re: [Dovecot] Question re: filesystem permissions
* Charles Marcus cmar...@media-brokers.com 2014.01.06 21:23: Hi Charles, /var/vmail/example1.com 777 $ ls -al /var/vmail/domains/leuxner.net/ drwx--S--- 4 vmail vmail 4096 Sep 8 18:22 tlx Suffices to have rwx for the 'vmail' user only IMHO. Note the 'setgid bit (2700) inheriting the group 'vmail' across dirs. Regards Thomas signature.asc Description: Digital signature
Re: [Dovecot] Question re: filesystem permissions
On 2014-01-07 8:42 AM, Thomas Leuxner t...@leuxner.net wrote: * Charles Marcus cmar...@media-brokers.com 2014.01.06 21:23: Hi Charles, /var/vmail/example1.com 777 $ ls -al /var/vmail/domains/leuxner.net/ drwx--S--- 4 vmail vmail 4096 Sep 8 18:22 tlx Suffices to have rwx for the 'vmail' user only IMHO. Note the 'setgid bit (2700) inheriting the group 'vmail' across dirs. Ok, thanks Thomas... but I'm really looking for what Timo says is the correct and proper permissions for a virtual setup like this. I also really think this should be fully documented on the wiki... -- Best regards, Charles
Re: [Dovecot] Question re: filesystem permissions
* Charles Marcus cmar...@media-brokers.com 2014.01.07 15:05: Ok, thanks Thomas... but I'm really looking for what Timo says is the correct and proper permissions for a virtual setup like this. I suggest you don't start posts 'Hi all' then going forward. Anyway this is the default for Dovecot quite some time, so reckon someone gave it a thought... signature.asc Description: Digital signature
Re: [Dovecot] Dovecot deliver into folder question
Marc Perkel skrev den 2014-01-06 21:33: when specifying the mailbox - how do you specify a subfolder? Do you use a / separator? try create a folder in webmail, then see how its done in filesystem later, is this clear now ? seperate chars is imho not hardcoded, thats why i answer as above
Re: [Dovecot] Dovecot deliver into folder question
Steffen Kaiser skrev den 2014-01-07 08:28: separator = . - -m shared.sub1.sub2.sub3 When I used Dovecot LDA, the first variant worked. is separator not a glue here ? :) i think separator = / is a very very bad idea
Re: [Dovecot] inotify max_user instances
Charles Marcus skrev den 2014-01-06 19:33: echo 1024 /proc/sys/fs/inotify/max_user_instances Suggestions? add this to sysctl.conf no need to hack init scripts :)
[Dovecot] Assertion failed with imapc after upgrading Dovecot from 2.1.7 to 2.2.9
Hi !
I have an old Courier IMAP and in front of it, I have put a proxy cache
with Dovecot/imapc.
I use Debian Wheezy (stable) which package Dovecot in version 2.1.7.
I have tested the upgrade to Debian Jessie (testing) which package Dovecot
in version 2.2.9 but an assertion is thrown :
dovecot: imap(xxx): Panic: file imapc-list.c: line 499
(imapc_list_delete_unused_indexes): assertion failed: (strncmp(vname,
fs_list-ns-prefix, fs_list-ns-prefix_len) == 0)
I have checked source code and have seen that if *imapc_list_prefix* is not
set, assertion will not be walked. It's works but special inbox aren't
detected correctly in email clients.
If I understand the meaning of *vname* variable, it is because our Courier
IMAP send us INBOX which is the value of my *imapc_list_prefix* and thus,
assertion is thrown.
Here some details of my tests :
Courier IMAP :
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP
ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for
distribution information.
a login xxx xxx
a OK LOGIN Ok.
a list *
* LIST (\HasNoChildren) . INBOX.Drafts
* LIST (\HasNoChildren) . INBOX.Trash
* LIST (\HasNoChildren) . INBOX.test
* LIST (\HasNoChildren) . INBOX.Sent
* LIST (\HasNoChildren) . INBOX.Junk
* LIST (\Unmarked \HasChildren) . INBOX
a OK LIST completed
Dovecot version 2.1.7 :
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login xxx xxx
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT
CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC
ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE]
Logged in
a list *
* LIST (\HasChildren) . INBOX
* LIST (\HasNoChildren \Drafts) . INBOX.Drafts
* LIST (\HasNoChildren \Trash) . INBOX.Trash
* LIST (\HasNoChildren) . INBOX.test
* LIST (\HasNoChildren \Sent) . INBOX.Sent
* LIST (\HasNoChildren \Junk) . INBOX.Junk
a OK List completed.
Dovecot version 2.2.9 :
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login xxx xxx
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT
MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS
LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN
CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE] Logged in
a list *
Connection closed by foreign host.
And the dovecot configuration relative to the inbox :
imapc_list_prefix = INBOX
namespace inbox {
inbox = yes
separator = .
prefix = INBOX.
}
Any help will be welcome :)
Sylvain
Re: [Dovecot] Question re: filesystem permissions
On 2014-01-07 9:30 AM, Thomas Leuxner t...@leuxner.net wrote: * Charles Marcus cmar...@media-brokers.com 2014.01.07 15:05: Ok, thanks Thomas... but I'm really looking for what Timo says is the correct and proper permissions for a virtual setup like this. I suggest you don't start posts 'Hi all' then going forward. Well, that wasn't really necessary was it? This isn't my personal support line to Timo, it is a mail list. When I said 'what Timo says', I was actually hoping this was already documented somewhere and someone else (without having to bother Timo) could point me to the wiki page where this is laid out. I just don't want to take some $random_user's word for it, if you understand my meaning... no offense intended. Anyway this is the default for Dovecot quite some time, so reckon someone gave it a thought... *What* is the default. Are you saying all of the permissions I showed are correct except the ones you mentioned? But most importantly - *where is this documented*??? -- Best regards, Charles
[Dovecot] BUG report: doveadm HEADER field pattern when concatenating with another Search key
Hey there, I'm pretty sure I've found a bug with doveadm when concatenating with another search key. While doveadm HEADER field pattern works fine when not using additional search keys, it doesn't work properly when concatenating with other serarch keys - it then simply seems to ignore the additional HEADER field pattern search key. It's reproduceable, also with different user accounts on 2 different productive systems. Testing it on latest dovecot-ee 2.2.9.2 and 2.2.5.5. I think it's best explained with showing some examples: doveadm search -u exampleuser SUBJECT Silvester (outputs correctly 10 matches) 5a09f50926daef51b50e25ab05f8 1106 5a09f50926daef51b50e25ab05f8 1107 5a09f50926daef51b50e25ab05f8 1579 5a09f50926daef51b50e25ab05f8 4092 5a09f50926daef51b50e25ab05f8 5330 5a09f50926daef51b50e25ab05f8 9773 5a09f50926daef51b50e25ab05f8 11460 5a09f50926daef51b50e25ab05f8 12718 5a09f50926daef51b50e25ab05f8 15653 5a09f50926daef51b50e25ab05f8 15697 doveadm search -u exampleuser SUBJECT Silvester HEADER Return-Path someu...@example.com (gives exactly the same output - but this is WRONG, as the given Subject AND Return-Path is really only found in 1 Message - uid 15697) 5a09f50926daef51b50e25ab05f8 1106 5a09f50926daef51b50e25ab05f8 1107 5a09f50926daef51b50e25ab05f8 1579 5a09f50926daef51b50e25ab05f8 4092 5a09f50926daef51b50e25ab05f8 5330 5a09f50926daef51b50e25ab05f8 9773 5a09f50926daef51b50e25ab05f8 11460 5a09f50926daef51b50e25ab05f8 12718 5a09f50926daef51b50e25ab05f8 15653 5a09f50926daef51b50e25ab05f8 15697 doveadm search -u exampleuser HEADER Return-Path someu...@example.com (showing that Return-Path as standalone search key is working fine - note that message uid 15697 with subject Silvester is also found of course. I manually checked all Mails showing up here, they all contained the Return-Path someu...@example.com as they should): 5a09f50926daef51b50e25ab05f8 14080 5a09f50926daef51b50e25ab05f8 14814 5a09f50926daef51b50e25ab05f8 14815 5a09f50926daef51b50e25ab05f8 14820 5a09f50926daef51b50e25ab05f8 14825 5a09f50926daef51b50e25ab05f8 14830 5a09f50926daef51b50e25ab05f8 14832 5a09f50926daef51b50e25ab05f8 14833 5a09f50926daef51b50e25ab05f8 15427 5a09f50926daef51b50e25ab05f8 15428 5a09f50926daef51b50e25ab05f8 15430 5a09f50926daef51b50e25ab05f8 15431 5a09f50926daef51b50e25ab05f8 15697 Further testing with: doveadm search -u exampleuser HEADER Return-Path completegarbageforsurenotinheaders (Correctly no output was given.) doveadm search -u exampleuser SUBJECT Silvester HEADER Return-Path completegarbageforsurenotinheaders (again ignoring the additional HEADER and showing all uids which just match the SUBJECT) 5a09f50926daef51b50e25ab05f8 1106 5a09f50926daef51b50e25ab05f8 1107 5a09f50926daef51b50e25ab05f8 1579 5a09f50926daef51b50e25ab05f8 4092 5a09f50926daef51b50e25ab05f8 5330 5a09f50926daef51b50e25ab05f8 9773 5a09f50926daef51b50e25ab05f8 11460 5a09f50926daef51b50e25ab05f8 12718 5a09f50926daef51b50e25ab05f8 15653 5a09f50926daef51b50e25ab05f8 15697 Moreove, when playing with HEADER Reply-To it shows some strange behaviour, note the differences with the : : doveadm search -u exampleuser SUBJECT blubbs HEADER Reply-to ka...@example.com f64cf50926daef51b50e25ab05f8 2231 f64cf50926daef51b50e25ab05f8 2781 5a09f50926daef51b50e25ab05f8 13620 5a09f50926daef51b50e25ab05f8 15763 doveadm search -u exampleuser SUBJECT blubbs HEADER Reply-to: ka...@example.com f64cf50926daef51b50e25ab05f8 2231 5a09f50926daef51b50e25ab05f8 13620 Can you please have a look at this and fix it? Thanks in advance, Megodin -- mailstorage @ NFS with nfsvers=3 (NetApp) # 2.2.5.5 (e5350245ad9b): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.23.2.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.4 (Santiago) nfs import_environment = TZ DEBUG_OUTOFMEM DOVECOT_HOSTDOMAIN # 2.2.9.2 (8d71ef248a6e): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.23.2.el6.x86_64 x86_64 CentOS release 6.5 (Final) nfs _ Send and receive anonymous emails to your inbox with InboxAlias. http://www.inboxalias.com
Re: [Dovecot] how to separate virtual delivery and authentication?
O
userdb for delivery) , this could be far better.But I think this is a
design issue.
Remember: passdb is for authentificating users; userdb is for getting user
information. When an user auth's for IMAP, passdb verifies the password
and probably overrides the username, in the second step the userdb is
queried for the user data. If you use prefetch userdb and provide
different passdb and userdb queries, I would not expect a clean run.
Maybe, it's better you give a detailed example, which makes your idea more
visible.
--
Steffen Kaiser
Ok, an example is better.
let's say I use dovecot with postfix and I have in postfix/master.cf :
dovecot unix - n n - - pipe
flags=DRhu user=mailbox:mailbox
argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
I use two e-mail addresses, mi...@example.org and mih...@example.org
My uid is mihai.badici ( I choose it not related to e-mail address)
So, the deliver service will query ldap in order to find the mailbox.
We need to put mail=%u or maildrop=%u, depends on schema.
On the other hand, the authentication will fail if I use uid, because it use
the same query.
I can put|(mail=%u)(uid=%u) and it's work, but is rather strange.
I can, indeed, use maildrop to canonify the mailbox in postfix before
delivery, and I think will work too.
But I think is more elegant to separate the delivery query and authentication
query. I'm not sure if is not possible to use only passdb query for
authentication.
--
Mihai Bădici
http://mihai.badici.ro
[Dovecot] Mailbox autocreate feature cannot create folders
Hello, The new way of creating default mailboxes doesn't work for us. There seems to be a permission problem. We get this in the logs: imap(testu...@domain.com): Error: nfs_flush_file_handle_cache_dir: rmdir(/var/mail) failed: Device busy That error message has nothing to do with NFS (not used) or /var/mail and appears every time an app is requesting a list of folders via IMAP and only if we enable the autocreate feature. We're using mdbox, emails are delivered via LDA and the folder permissions look like this: # la /home/user/imap/domain.com/testuser/mdbox/mailboxes/ total 5 drwx-- 3 user mail 3B Jan 5 19:33 INBOX drwx-- 3 user mail 3B Jan 5 19:33 . drwx-- 4 user mail 8B Jan 7 02:43 .. The mailbox definitions used come straight from the wiki: http://wiki2.dovecot.org/MailboxSettings I've enabled debugging, but there is no mention of the mailboxes to create: Debug: dict quota... Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox Debug: fs:... Debug: acl:... ... Here is what works: - Autocreate plugin - Creating folders via various clients So, it seems Dovecot can create folders, just not using that feature. If that's not a bug, would there be a way to make it work without altering permissions? Cheers, Olivier
Re: [Dovecot] using OR in doveadm search query
This works for me (at least with tcsh): $ doveadm search mailbox shared/* OR (SUBJECT a) (SUBJECT b) doveadm does not complain anymore but it does not find anything. I guess because now the query has become a mailbox name that does not exist. ( I am using dovecot 2.2.9) Each search token ought to be a command line argument to doveadm, so if you're looking for all message with the string a or b in the subject in mailboxes shared/*, then this should be the correct syntax, with all arguments sufficiently escaped from shell interpretation: doveadm search mailbox shared/\* \( SUBJECT a OR SUBJECT b \) (Delete OR if both strings must be in the subject: expressions are implicitly AND'd if not OR'd. In fact, you can also remove the parenthesis since precedence doesn't matter anymore.) You can check the search query by fetching some values using the same query: doveadm fetch 'mailbox hdr' mailbox shared/\* \( SUBJECT a OR SUBJECT b \) Joseph Tam jtam.h...@gmail.com
[Dovecot] Dovecot can't find CLucene's libstemmer on FreeBSD
Hello, A set of patches was created by Lawrence Chen for the Dovecot2 port so that it could recognise and use libstemmer and libexttextcat. They can't be used as is as he's replacing statements with something that works only on FreeBSD, but I think it would be a good idea to try and include some of his fixes. http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/175813 Cheers, Olivier
Re: [Dovecot] Dovecot LMTP does not pass envelope recipient +detail to sieve
On Mon, 6 Jan 2014, I wrote:
I found this[1] thread that describes the same problem with dovecot-LDA,
but the solution (add X-Original-To: header) has no effect with LMTP.
My sendmail LMTP configuration:
FEATURE(`local_lmtp',`[IPC]',`FILE /var/run/dovecot/lmtp')
Sendmail's address test indicates that sendmail is providing user+detail
to LMTP (see below). Except for this problem, dovecot, LMTP, and sieve
are all working perfectly. Is there something I'm missing, or is this a
bug?
[1] http://dovecot.org/pipermail/dovecot/2012-July/136987.htm
It seems I was mistaken. By tracing the LMTP session between dovecot and
sendmail I found that sendmail does _not_ include the +detail in RCPT TO:.
I also determined that dovecot LMTP will in fact extract the +detail from
a X-Original-To: header, but only if one defines
lda_original_recipient_header.
So for the archives, to get sieve's envelope :detail ... working with
sendmail and dovecot LMTP, do the following:
1) Add lda_original_recipient_header = X-Original-To to 15-lda.conf
2) Add the following rule to sendmail.mc to add a X-Original-To: header
to every message:
LOCAL_CONFIG
H?${u}?X-Original-To: $u
--
Greg Rivers
Re: [Dovecot] BUG report: doveadm HEADER field pattern when concatenating with another Search key
On Wed, 8 Jan 2014, dovecot-requ...@dovecot.org wrote: doveadm search -u exampleuser SUBJECT Silvester (outputs correctly 10 matches) ... doveadm search -u exampleuser SUBJECT Silvester HEADER Return-Path someu...@example.com (gives exactly the same output - but this is WRONG, as the given Subject AND Return-Path is really only found in 1 Message - uid 15697) I couldn't recreate this with 2.1.16. Also, my version of doveadm search does not accept missing header patterns. Is this corroborated by dumping out the header with this same search query? doveadm fetch -u exampleuser hdr SUBJECT Silvester \ HEADER Return-Path someu...@example.com Joseph Tam jtam.h...@gmail.com
Re: [Dovecot] how to separate virtual delivery and authentication?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 7 Jan 2014, Mihai Badici wrote:
userdb for delivery) , this could be far better.But I think this is a
design issue.
Remember: passdb is for authentificating users; userdb is for getting user
information. When an user auth's for IMAP, passdb verifies the password
and probably overrides the username, in the second step the userdb is
queried for the user data. If you use prefetch userdb and provide
different passdb and userdb queries, I would not expect a clean run.
Maybe, it's better you give a detailed example, which makes your idea more
visible.
Ok, an example is better.
let's say I use dovecot with postfix and I have in postfix/master.cf :
dovecot unix - n n - - pipe
flags=DRhu user=mailbox:mailbox
argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
I use two e-mail addresses, mi...@example.org and mih...@example.org
My uid is mihai.badici ( I choose it not related to e-mail address)
So, the deliver service will query ldap in order to find the mailbox.
We need to put mail=%u or maildrop=%u, depends on schema.
On the other hand, the authentication will fail if I use uid, because it use
the same query.
I can put|(mail=%u)(uid=%u) and it's work, but is rather strange.
I can, indeed, use maildrop to canonify the mailbox in postfix before
delivery, and I think will work too.
But I think is more elegant to separate the delivery query and authentication
query. I'm not sure if is not possible to use only passdb query for
authentication.
That's what I meant in my second reply with otherwise have the passdb
return another username, e.g. the mail LDAP attribute to convert the uid
into mail adress.
See: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields?highlight=user
You use only uid in passdb query, but return a field user to override
the username, e.g.:
pass_attrs = uid=user
change uid to the attribute that holds your primary address.
Use the attribute in the userdb query that enumerate all mail addresses.
However, this has the drawback, IMHO, that you need to type a mail address
with doveadm's -u switch.
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUs0A9F3r2wJMiz2NAQIlDAgArtE42Fn7a2hTt/tqdOHR8NaGCHC3V1Vo
LqbXZ0fp3KnZBzyzT+NY6o4j6XbfBVAbYtwxTFe/auD1SI/BEXcnBWx5Yc/beA6Y
CbR6UE+AZl1/JatWF0hck/tNveuRwuHxWdJG2cpXInEdQgDC/UNlvahVMbQC1LLN
PK0UBebi0vwWZJFXo2ZrrvjHJPYZHkKmgebKEjxkh91vR8uE9+q8F1tbaJBuKifW
iKz4fPCf70OfivoLr3G37WtbclDnzA16pqEaJAolQzJKyE4QMcg3vsXzsavpeNP8
5xUCo7cIeOVdk3PTjmFsS/5LBxP8fjdjkd2aLIZ4y5aWIFwsHzmWBw==
=e+qJ
-END PGP SIGNATURE-
