Re: [Dovecot] Architecture for large Dovecot cluster

[Stan Hoeppner]

This went to me only so bringing back on list.

On 1/24/2014 11:09 AM, Tom Johnson wrote:
> Is anybody using the Object Storage plugin for large-scale
> installations?  

I've not used it.

> We're considering it, but are thinking of an in-house
> S3 storage system (riak, or ceph, or ?)   Looking to support perhaps
> 300k users.  I was thinking that if we use a bank of dovecot servers
> (with director) with ssds as cache, we might be able to consolidate
> all the storage on something like a riak cluster, which would make
> scaling simple and inexpensive - certainly much less than a NetApp
> solution.

Everything costs less than a NetApp...except an EMC.

> If anyone has any first-hand experience (or even
> off-the-top-of-their-head thoughts), I'd love to hear them)

Distributed filesystems give you the advantage of a single filesystem
namespace with massive amounts of storage, fairly easy addition of
storage space, and distributed replication to allow failure of a storage
node without service interruption.

Replication mitigates node failure, but not disk failure, so you still
need RAID in each node.  So you have RAID6 in a node and filesystem
block mirroring amongst nodes.  Thus storage utilization is -worse- than
direct attach, CFS on SAN, or NFS head attached RAID10 and far worse
than RAID6 in these 3 setups.  And if using large SSD cache you'd surely
use RAID6 with DAS, CFS, or NFS.  You'd need half as many disk drives vs
DFS.

Each DFS expansion, assuming the typical model, entails the cost of a
server, RAID HBA (unless using md) and disks, not strictly buying disks
as with DAS, CFS/SAN, or NFS filer.  Then you also need more switch
ports, more power connections, greater UPS capacity due to all the CPUs,
RAM, etc in the nodes.  And you'll have a higher electric bill.

So while a distributed filesystem storage architecture may seem less
expensive it may not be.  And just as one can build a DIY DFS cluster,
one can also build a DIY NFS cluster instead of buying a NetApp, saving
significant cash on the front end box and on disks since you'd need half
as many vs a distributed filesystem architecture, though failure of one
node may not be quite as graceful as with a NetApp losing a controller
board.

-- 
Stan

Re: [Dovecot] Architecture for large Dovecot cluster

[Stan Hoeppner]

On 1/24/2014 6:24 AM, Javier de Miguel Rodríguez wrote:
>  
> 
> Great mail, Stan 
> 
> Another trick: you can save storage (both space & iops) using mdox and
> compression. CPU power is far cheaper than iops , the less data you
> read/write, the fewer iops. 

Yeah, the cost of enterprise storage is insane.  But I'd be wary of
using compression on primary storage with 50K concurrent IMAP users plus
5K POP users.  Even with dozens of cores of horsepower it'll still add
latency.  For alt storage sure.  Using compression on primary storage
would make system sizing much more difficult WRT core counts, clock
speed, and memory requirements.  And it would need much load testing.

> You can use gzip,bzip2 or even LZMA/xz compression for LDA. If you also
> use Single Instace Storage and Alternate (cheap) storage for old mail,
> you can save a lot of money in storage. Also consider using mdbox + ssd
> for indexes (hp storevirtual VSA+ a couple of ESXi with ssd disks will
> give you real-time replicated ssd iscsi lun for indexes)

I don't know how much SIS would benefit an Australian service provider.
 I don't know the culture, people's "forwarding" habits.  If it's like
parts of The States it may help some.  Alt storage definitely would.  To
me your SSD suggestion just puts extra write wear on the SSDs.  A form
of SAN flash cache would be better.  In the case of the VSAs they have
tons of memory, 12 slots, to having fast hot indexes probably wouldn't
be an issue.  But obviously the HP gear isn't the only game in town.

-- 
Stan

Re: [Dovecot] Dovecot on Solaris 10 Segmentation Fault

[Willi Burmeister]

Hi Thomas,

> make check on Solaris 10 throws a segmentation fault.
 
in src/lib-http/test-http-url.c you will find several of these:

if (urlp->host_name == NULL || urlt->host_name == NULL) {
test_out(t_strdup_printf("url->host_name = %s", urlp->host_name),

t_strdup_printf is called with urlp->host_name which value is NULL.
So printf is called with a NULL pointer. Linux printf is mapping
the NULL pointer to the string "(null)". Solaris does the right
thing and dumps core.

I will send 3 patch files in privat email. With these it will compile
on Solaris.

I dont understand the logic of the if clauses. Maybe Timo is able
to explain :-)

Greetings

Willi

Re: [Dovecot] passphrases

[Pascal Volk]

On 01/24/2014 05:02 PM Benjamin Connelly wrote:
> Is there any way to configure the dovecot-sql.conf.ext "connect =" line to 
> use a password= string that contains spaces?
> 
> (I've tried single quotes, double quotes, escaping the space with 
> backslash. . .)
> 

The wiki  mentions
passwords containing '#'. Maybe that works also for passwords that
contains spaces. (I didn't test it.)


Regards,
Pascal
-- 
The trapper recommends today: face1e55.1402...@localdomain.org

Re: [Dovecot] questions about SETQUOTA

[Michael Cramer]

Zitat von Steffen Kaiser :


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 23 Jan 2014, Michael Cramer wrote:

i tried to setup my configuration to use the SETQUOTA command but  
the only thing i got is:


3 setquota "User quota" (storage 12345)
3 OK Setquota completed.

but nothing is changed in database.

i modified the password_query and the user_query to return the  
admin and userdb_admin field, both set to y.


all other changes that are done are like in the wiki  
http://wiki2.dovecot.org/Quota/Configuration


Please post your doveconf -n

- -- Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUuIZ1nD1/YhP6VMHAQKVCwgAgS9VVyagJLyw/1EPb/IqpQDOx20yVnzM
nX9mu0mvVpuMrCS22VXsEssMQhD2xJ7X+0fL/3eeajXHUdcbAFwTnupndf37U90y
qdi0OGzorbgzltUYDXhPx1wwTPRUs62t4PB3Nbhca/zgT5JeH0Jy2L6q9+CXsYlV
l/rA111qGNptxjjtsPACbuquctXJ1bFf3IKKmLn2GbJCruZEbFm47m3YctN3FewC
tHaTP+3j9oVu+vKlFxTo7NL60lkxPfDzi4B2fPXI3eUvP/BTrAcwgVMbvMJp0DyT
U6Mb4il1ReSsgOdqa6iwp9vff1R+FoYMUz4E6wuR7f08pGMu8n8UIw==
=xlbQ
-END PGP SIGNATURE-



# 2.2.10 (6b8ae0ba5959): /etc/dovecot/dovecot.conf
# OS: Linux 3.11.0-15-generic x86_64 Ubuntu 13.10 ext4
auth_master_user_separator = *
auth_mechanisms = plain login
debug_log_path = /var/log/dovecot/debug.log
dict {
  acl = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext
  expire = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext
  quota = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
first_valid_gid = 8
first_valid_uid = 8
imap_metadata = yes
info_log_path = /var/log/dovecot/info.log
last_valid_gid = 8
last_valid_uid = 8
log_path = /var/log/dovecot/error.log
mail_attribute_dict = file:/srv/vmail/dovecot/metadata/%d/%n/attributes
mail_gid = 8
mail_location =  
mdbox:/srv/vmail/dovecot/mail/%d/%n:INDEX=/srv/vmail/dovecot/indexes/shared/%d/%n
mail_plugins = quota zlib acl expire virtual fts fts_solr mail_log  
notify stats

mail_uid = 8
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope  
encoded-character vacation subaddress comparator-i;ascii-numeric  
relational regex imap4flags copy include variables body enotify  
environment mailbox date ihave imapflags notify

mdbox_preallocate_space = yes
mdbox_rotate_size = 10 M
namespace {
  list = children
  location =  
mdbox:/srv/vmail/dovecot/mail/%%d/%%n:INDEX=/srv/vmail/dovecot/indexes/shared/%%d/%%n:INDEXPVT=/srv/vmail/dovecot/indexes/private/%d/%n/shared/%%u

  prefix = Shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location =
  mailbox Archive {
auto = subscribe
special_use = \Archive
  }
  mailbox Drafts {
auto = subscribe
special_use = \Drafts
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox Spam {
auto = subscribe
special_use = \Junk
  }
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  mailbox virtual/All {
auto = subscribe
special_use = \All
  }
  mailbox virtual/Flagged {
auto = subscribe
special_use = \Flagged
  }
  prefix =
  separator = /
  type = private
}
namespace virtual {
  location =  
virtual:/srv/vmail/dovecot/virtual:INDEX=/srv/vmail/dovecot/indexes/shared/%d/%n/virtual

  prefix = virtual/
  separator = /
}
passdb {
  args = /etc/dovecot/dovecot-sql-master.conf.ext
  driver = sql
  master = yes
  pass = yes
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
passdb {
  args = /etc/dovecot/passwd.masterusers
  driver = passwd-file
  master = yes
  pass = yes
}
plugin {
  acl = vfile:/srv/vmail/dovecot/acl:cache_secs=300
  acl_anyone = allow
  acl_shared_dict = proxy::acl
  expire = Trash
  expire1 = Trash/*
  expire2 = Spam
  expire_dict = proxy::expire
  fts = solr
  fts_autoindex = yes
  fts_solr = break-imap-search url=http://localhost:8080/solr/dovecot/
  quota = dict:User quota::proxy::quota
  quota_set = dict:proxy::quota
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_warning3 = -storage=100%% quota-warning below %u
  sieve = /srv/vmail/dovecot/sieve/%d/%n/.dovecot.sieve
  sieve_default = /srv/vmail/dovecot/sieve/default.sieve
  sieve_dir = /srv/vmail/dovecot/sieve/%d/%n/user
  sieve_extensions = +notify +imapflags
  sieve_global_dir = /srv/vmail/dovecot/sieve/global
  stats_refresh = 30 secs
  stats_track_cmds = yes
  zlib_save = gz
  zlib_save_level = 6
}
postmaster_address = postmas...@domain.com
protocols = " imap lmtp sieve"
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
  unix_listener auth-userdb {
group = mail
mode = 0666
user = mail
  }
}
service dict {
  unix_listener dict {
group = mail
mode = 0660
user = mail
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
}
service quota-warning {
  executable = script

[Dovecot] passphrases

[Benjamin Connelly]

Is there any way to configure the dovecot-sql.conf.ext "connect =" line to 
use a password= string that contains spaces?


(I've tried single quotes, double quotes, escaping the space with 
backslash. . .)


 Ben

[Dovecot] Dovecot imap-postlogin failed

[Sayajin]

*** This is 2 posts combined into one which I had asked on linuxquestions.org
and never got an answer ***

Hi,

In short I am trying to run a bash script which will then update
a mysql database with the last login date/time & last IP for each mailbox.

I have searched google dead but still cant figure out what im doing wrong
or if there is some issue with the centos 6 rpm's for dovecot.

--

- 1st i had the default dovecot in the centos 6 repo's which is version:
2.0.9
- I read that there was an issue with the script-login binary which was
fixed in
version 2.0.14, so i updated dovecot to version 2.2.7.
- This sadly did not fix my issue with the bash script excecuting.

In my /etc/dovecot/conf.d/10-master.conf i have the following
service imap {
executable = imap imap-postlogin
}

service imap-postlogin {
executable = script-login /var/www/lighttpd/mail-admin/scripts/lastLogin.sh
}

But when i try login i still get the same error as with the previous
version:
- Nov 27 14:44:36 dovecot: imap(mail...@domain.co.za): Error:
net_connect_unix(/var/run/dovecot/imap-postlogin) failed: No such file or
directory


- One thing i did notice on the one site was that someone had a ls of their
/var/run/dovecot directory, and in there was a binary called imap-postlogin.
- But i dont have that binary anywhere on my server, with the old or new
version
of dovecot.

Please any help would be appreciated.



=
=




Ok well i tried a few other things and got it working a bit more.
So the variables that i needed are now being set correctly etc, but im
getting authentication errors now which I was not before.


my setup in 10-master.conf now looks like the following:
service imap-postlogin {
executable = script-login /var/www/lighttpd/mail-admin/scripts/lastLogin.sh
unix_listener imap-postlogin {
user = root
}
}

service imap {
executable = imap imap-postlogin
}

My lastLogin.sh bash script has the following in it for debugging
echo "$(date +%Y.%m.%d-%H:%M:%S)";
echo "User: ${USER}" >> /tmp/tracking.log 2>&1;
echo "Home: ${HOME}" >> /tmp/tracking.log 2>&1;
echo "Client IP: ${IP}" >> /tmp/tracking.log 2>&1;
echo "Server IP: ${LOCAL_IP}" >> /tmp/tracking.log 2>&1;

The output to my /tmp/tracker.log is the following
User: u...@domain.com
Home: /var/spool/mail/domain.com/user
Client IP: x.x.x.x
Server IP: y.y.y.y

The Authentication Error I am getting now
dovecot: auth: Debug: Loading modules from directory:
/usr/lib64/dovecot/auth
dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_mysql.so
dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_pgsql.so
dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
dovecot: auth: Debug: Read auth token secret from
/var/run/dovecot//auth-token-secret.dat
dovecot: auth: Debug: auth client connected (pid=25865)
dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011secured#011session=VPOQpNvsPwDELro2#011lip=X.X.X.X#011rip=Y.Y.
Y.Y#011lport=143#011rport=58175
dovecot: auth: Debug: client passdb out: CONT#0111#011
dovecot: auth: Debug: client in:
CONT#0111#011AHN1cHBvcnRAYmxhY2tsaXN0Ym94LmNvbQBzQHlAajFu (previous base64
data may contain sensitive data)
dovecot: auth-worker(25868): Debug: Loading modules from directory:
/usr/lib64/dovecot/auth
dovecot: auth-worker(25868): Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_mysql.so
dovecot: auth-worker(25868): Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_pgsql.so
dovecot: auth-worker(25868): Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
dovecot: auth-worker(25868): Debug: sql(user=u...@domain.com,Y.Y.Y.Y):
query: SELECT CONCAT(mailboxes.local_part,'@',domains.fqdn) as `user`,
mailboxes.password AS `password`,'/var/spool/mail/domain.com/user' AS
`userdb_home`, 8 AS `userdb_uid`, 12 AS `userdb_gid` FROM `mailboxes`,
`domains` WHERE mailboxes.local_part = 'user' AND mailboxes.active = 1 AND
mailboxes.domain_name = domains.fqdn AND domains.fqdn = 'domain.com' AND
domains.active = 1
dovecot: auth: Debug: client passdb out: OK#0111#011user=u...@domain.com
dovecot: auth: Debug: master in:
REQUEST#0112408185857#01125865#0111#0117b2d33b66e121f24e5393e87c3ae855f#011session_pid=25870#011requ
est_auth_token
dovecot: auth-worker(25868): Debug: sql(user=u...@domain.com,Y.Y.Y.Y):
SELECT '/var/spool/mail/domain.com/user' AS `home`, 8 AS `uid`, 12 AS `gid`
dovecot: auth: Debug: master userdb out:
USER#0112408185857#011user=u...@domain.com#011home=/var/spool/mail/domain.com/user#011uid=8#011gid=12#011auth_token=505201029f52ca4318f4a283c1ad5449afd407d3
dovecot: imap-login: Login: user=, method=PLAIN,
rip=Y.Y.Y.Y, lip=X.X.X.X, mpid=25870, TLS, session=
dovecot: imap(user=u...@domain.com): Debug: Effective uid=8, gid=12,
home=/var/spool/mail/domain.com/user
dovecot: imap(user=u...@domain.com): Debug: Namespace inbox: type=private,
prefix=, sep=, inbox=yes,

[Dovecot] Dsync Errors

[Asai]

Greetings,

I've seen something like this in another thread, about a month ago, but we're 
running into this error pretty frequently when we run dsync backup.

Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x39ccc5f1c0] -> 
/usr/lib64/dovecot/libdovecot.so.0(default_fatal_handler+0x35) [0x39ccc5f2a5] -> 
/usr/lib64/dovecot/libdovecot.so.0 [0x39ccc5ebb3] -> dsync(dsync_brain_mailbox_tree_sync_change+0x41c) 
[0x42cc0c] -> dsync(dsync_brain_recv_mailbox_tree_deletes+0x10a) [0x42be7a] -> 
dsync(dsync_brain_run+0x4fc) [0x429cdc] -> dsync [0x42885b] -> dsync [0x4119ff] -> 
dsync(doveadm_mail_try_run+0x269) [0x411e09] -> dsync(main+0x358) [0x41a2c8] -> 
/lib64/libc.so.6(__libc_start_main+0xf4) [0x3f4281d994] -> dsync [0x4111c9]

We're running Dovecot 2.2.4 and the dsync command is this:
dsync -u  backup maildir:/mnt/backups///

When this happens to a particular users account I delete the backup and let it 
rebuild, which works for awhile, but then it happens again, and it seems to 
happen to particular users.

Can you point me in the right direction to start troubleshooting this?

Thanks.

--
--Asai

Re: [Dovecot] outlook will not sync

[Reindl Harald]

Am 24.01.2014 16:25, schrieb Eric Broch:
> However, I've since removed the file manually, deleted the old folder
> and recreated it and Outlook will still not sync even in the absence of
> the above error.
> 
> Has anyone seen this issue--slow to no Outlook performance with
> dovecot--before, and/or does anyone have a solution or point me in the
> right direction? Thanks!

i had a situation where a dbmail-bugs which was long resolved
leaded to no longer see any new message in Outlook, frankly
even messages from a different folder in the one which was
displayed empty disappeared

the only solution:
remove the complete account and configure it from scratch in Outlook



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Architecture for large Dovecot cluster

[Urban Loesch]

Am 24.01.2014 16:15, schrieb Rick Romero:
>>
>> - all Backends are in HA with a passive machine and DRBD with 10GBIT
>> Cross Links
>>  
> 
> How do you do backups?
> 

The underlying storage is based on lvm. So we can take a daily snapshot on the 
passive server,
mount them readonly and have no load impact on the active machine during the 
backuptime.

Maildata etc. is synced via rsync to a small storagesystem in a seperate 
datacenter over a dedicated 1Gbit
dark fiber link. Works very well for us and is within our budget.

[Dovecot] outlook will not sync

[Eric Broch]

Dovecot users list,

I started having problems with Outlook not syncing with Dovecot a public
imap folder upon issuing a send/receive in the client; eventually
Outlook timed out, and I received the following error in the Dovecot log.

Jan 23 09:20:23 imap(u...@mydom.com): Error: FETCH [] for mailbox
projects.myfolder UID 120 got too little data: 7744 vs 7759
Jan 23 09:20:23 imap(u...@mydom.com): Error: Maildir filename has wrong
W value:
/home/vpopmail/domains/mydom.com/shared/projects/.myfolder/cur/1384292337.M440452P9788.mail.mydom.com,S=265901,W=269597:2,Sc
Jan 23 09:20:23 imap(u...@mydom.com): Error: Corrupted index cache file
/home/vpopmail/domains/mydom.com/shared/projects/.myfolder/dovecot.index.cache:
Broken virtual size for mail UID 120
Jan 23 09:20:23 imap(user@mydom): Info: Disconnected: FETCH failed
bytes=175/270387

However, I've since removed the file manually, deleted the old folder
and recreated it and Outlook will still not sync even in the absence of
the above error.

Has anyone seen this issue--slow to no Outlook performance with
dovecot--before, and/or does anyone have a solution or point me in the
right direction? Thanks!

Eric



I'm using dovecot 2.0.17 with the following configuration


# 2.0.17 (684381041dc4+): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-371.1.2.el5 x86_64 CentOS release 5.10 (Final)
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 32 M
auth_cache_ttl = 1 hours
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_first_valid_uid = 500
auth_gssapi_hostname =
auth_krb5_keytab =
auth_last_valid_uid = 0
auth_master_user_separator =
auth_mechanisms = plain login digest-md5 cram-md5
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation =
auth_verbose = no
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot
config_cache_size = 1 M
debug_log_path =
default_client_limit = 1000
default_idle_kill = 60
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_doveadm_port = 0
director_mail_servers =
director_servers =
director_user_expire = 15 mins
disable_plaintext_auth = yes
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_password =
doveadm_proxy_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
first_valid_gid = 1
first_valid_uid = 89
hostname =
imap_capability =
imap_client_workarounds =
imap_id_log =
imap_id_send =
imap_idle_notify_interval = 2 mins
imap_logout_format = bytes=%i/%o
imap_max_line_length = 64 k
import_environment = TZ
info_log_path =
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header =
libexec_dir = /usr/libexec/dovecot
listen = *, ::
lmtp_proxy = no
lmtp_save_to_detail_mailbox = no
lock_method = fcntl
log_path = /var/log/dovecot.log
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets =
login_greeting = Dovecot toaster ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
login_trusted_networks =
mail_access_groups =
mail_attachment_dir =
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot =
mail_debug = no
mail_fsync = optimized
mail_full_filesystem_access = no
mail_gid =
mail_home =
mail_location =
mail_log_prefix = "%s(%u): "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 20
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /usr/lib64/dovecot
mail_plugins =
mail_privileged_group =
mail_save_crlf = no
mail_temp_dir = /tmp
mail_uid =
mailbox_idle_check_interval = 30 secs
mailbox_list_index_disable = no
maildir_copy_with_hardlinks = yes
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
master_user_separator =
mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = dotlock fcntl
mdbox_preallocate_space = no
mdbox_rotate_interval = 0
mdbox_rotate_size = 2 M
mmap_disable = no
namespace {
  hidden = no
  inbox = yes
  list = yes
  location =
  prefix = INBOX.
  separator = .
  subscriptions = yes
  type = private
}
namespace {
  hidden = no
  inbox = no
  list = yes
  location = maildir:/home/vpopmail/domains/acemt.com/shared/projects
  prefix = projects.
  separator = .
  subscriptions = yes
  type = public
}
passdb {
  args = cache_key=%u webmail=127.0.0.1
  deny = 

Re: [Dovecot] Architecture for large Dovecot cluster

[Rick Romero]

 Quoting Urban Loesch :


Hi,


and some other Dovecot mailing list threads but I am not sure how many
users such a setup will handle.  I have a concern about the I/O
performance of
NFS in the suggested architecture above.  One possible option available
to us is to split up the mailboxes over multiple clusters with subsets
of
domains.  Is there anyone out there currently running this many users
on a Dovecot based mail cluster?  Some suggestions or advice on the
best way to
go would be greatly appreciated.


we only have running a setup with 35k Users (2000 imap and 300 pop3
sessions simultaneous).
But we split all users and domains accross 9 virtual containers. Until
now all containers are running on 1 bare metal machine, because
the server is fast enough and quite new.

- all Backends are in HA with a passive machine and DRBD with 10GBIT
Cross Links
 


How do you do backups?

Re: [Dovecot] Architecture for large Dovecot cluster

[Urban Loesch]

Hi,

> and some other Dovecot mailing list threads but I am not sure how many users 
> such a setup will handle.  I have a concern about the I/O performance of
> NFS in the suggested architecture above.  One possible option available to us 
> is to split up the mailboxes over multiple clusters with subsets of
> domains.  Is there anyone out there currently running this many users on a 
> Dovecot based mail cluster?  Some suggestions or advice on the best way to
> go would be greatly appreciated.
> 

we only have running a setup with 35k Users (2000 imap and 300 pop3 sessions 
simultaneous).
But we split all users and domains accross 9 virtual containers. Until now all 
containers are running on 1 bare metal machine, because
the server is fast enough and quite new.

In front of our backend servers we use two imap/pop3 proxies which gets their 
static routing informations for imap/pop3/smtp/lmtp from
dedicated mysql-databases (master-master mode, also multiple slaves are 
possible). Same for smtp relay.

This setup allows us to scale out as wide we need. In theory it's possible to 
use for each account a separate storage backend scaled out on
multiple servers. Connections beetween proxies and backends are made by IPv6 on 
layer2. No routers between.
So we have no problems with tight ipv4 space :-)

Some info on storage backends:
- Mailbox format is mdbox with zlib plugin. Each file hax a max of 10MB.
- Dovecot internal caches for authentication etc. doing a good job. Without the 
caches the database becomes busy.
- Central administration functions are implemented on our internal admin 
frontend to for example clear caches, change account password or get/change
user quota.
- Mailindexes are stored on RAID 1 SSD SLC disks (about 20GB now)
- Maildata is stored on RAID 10 SATA 7.2k rpm disks (10 disks)
- Incomming Mailqueue and OS for the containers on RAID 1 SAS disks (10k rpm)
- all Backends are in HA with a passive machine and DRBD with 10GBIT Cross Links

IMAP/POP3/SMTP Proxies are running on 2 dedicated mid range servers (HA):
- IMAP/POP3 Proxies are clustered and load balanced with the IPTable ClusterIP 
Module (poor man's load balancer)
- Same on SMTP relay server for outgoing email.
- MX Servers for incomming mail are load balanced by DNS priority as usual.

Each setup has his advantages and disadvantages. For example no idea how can we 
use shared folders within one domain if the accounts
are spread out on multiple backends. But at the moment we don't need that.
For our needs this setup works very good.

Also thanks to Timo for his great work on dovecot.

Regards
Urban

Re: [Dovecot] Architecture for large Dovecot cluster

[Sven Hartge]

Stan Hoeppner  wrote:

> Sven, why didn't you chime in?  Your setup is similar scale and I
> think your insights would be valuable here.  Or maybe you could repost
> your last on this topic.  Or was that discussion off list?  I can't
> recall.

Rather busy right now with a large scale Identity Management+AD rollout here, so
unfortunately not too much time to elaborate my setup in great detail.

But after testing the nothing-shared-6-node-cluster setup with imapc as
the backend for shared folders I concluded that this does not scale very
well (the imapc-part, that is) and changed my plans to an director-based
NFS-backed (Netapp 3240) setup, which is much more common.

I reckoned I'd be nearly the only one on this planet to be so crazy to
try to use a backwards-normal-user-as-master-user-for-imapc setup for
shared folders and that having anyone other than me understanding that
setup, let alone getting support for it, would be to big a hassle.

So I put the mdbox storage on two 15k-SAS-NetApp with 1TB FlashCache,
connected with 2x 10GBit to the SAN, using NFS to mount the volumes in
my 6 backend-dovecot servers, putting 2 director-dovecots in front,
which will sit behind a Linux IPVS loadbalancer. All systems are VMs on
ESX.

I recently added two more shelves with SATA drives to the NetApp to use
as storage for the alt-storage feature of dovecot to automatically
migrate mails older than 180 days to less expensive storage.

As of now, the system is not yet live (see IDM rollout above), I hope to
resume my migration in late spring, early summer.

But during initial synthetic benchmarks have show that this setup will
be more than sufficient to provide the needed oompf for my 15k users,
with enough room to grow.

Interesting datapoint: NetApp Deduplication did only recover about 1% of
storage space with mdbox-based mail storage, while on an maildir-based
mail storage, the rate was about 15%. (This was tested with a copy of
real user data, so is accurate for my workload.)

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: [Dovecot] Architecture for large Dovecot cluster

[Javier de Miguel Rodríguez]

 

Great mail, Stan 

Another trick: you can save storage (both space & iops) using mdox and
compression. CPU power is far cheaper than iops , the less data you
read/write, the fewer iops. 

You can use gzip,bzip2 or even LZMA/xz compression for LDA. If you also
use Single Instace Storage and Alternate (cheap) storage for old mail,
you can save a lot of money in storage. Also consider using mdbox + ssd
for indexes (hp storevirtual VSA+ a couple of ESXi with ssd disks will
give you real-time replicated ssd iscsi lun for indexes)

Just my 2 cents.

Regards

Javier

 

Re: [Dovecot] Architecture for large Dovecot cluster

[Stan Hoeppner]

Sven, why didn't you chime in?  Your setup is similar scale and I think
your insights would be valuable here.  Or maybe you could repost your
last on this topic.  Or was that discussion off list?  I can't recall.

Anyway, I missed this post Murray.  Thanks Ed for drudging this up.
Maybe this will give you some insight, or possibly confuse you. :)

On 1/5/2014 7:06 AM, Murray Trainer wrote:
> Hi All,
> 
> I am trying to determine whether a mail server cluster based on Dovecot
> will be capable of supporting 500,000+ mailboxes with about 50,000 IMAP
> and 5000 active POP3 connections.  I have looked at the Dovecot
> clustering suggestions here:
> 
> http://blog.dovecot.org/2012/02/dovecot-clustering-with-dsync-based.html
> 
> and some other Dovecot mailing list threads but I am not sure how many
> users such a setup will handle.  I have a concern about the I/O
> performance of NFS in the suggested architecture above.  One possible
> option available to us is to split up the mailboxes over multiple
> clusters with subsets of domains.  Is there anyone out there currently
> running this many users on a Dovecot based mail cluster?  Some
> suggestions or advice on the best way to go would be greatly appreciated.

As with MTAs Dovecot requires miniscule CPU power for most tasks.  Body
searches are the only operations that eat meaningful CPU, and only when
indexes aren't up to date.

As with MTAs, mailbox server performance is limited by disk IO, but it
is also limited by memory capacity as IMAP connections are long lived,
unlike an MTA where each lasts a few seconds.

Thus, very similar to the advice I gave you WRT MTAs, you can do this
with as few as two hosts in the cluster, or as many as you want.  You
simply need sufficient memory for concurrent user connections, and
sufficient disk IO.

The architecture of the IO subsystem depends greatly on which mailbox
format you plan to use.  Maildir is extremely metadata heavy and thus
does not perform all that well with cluster filesystems such as OCFS or
GFS, no matter how fast the SAN array controller and disks may be.  It
can work well with NFS.  Mdbox isn't metadata heavy and works much
better with cluster filesystems.

Neither NFS nor a cluster filesystem setup can match the performance of
a standalone filesystem on direct attached disk or a SAN LUN.  But
standalone filesystems make less efficient use of total storage
capacity.  And if using DAS failover, resiliency, etc are far less than
optimal.

With correct mail routing from your MTAs to your Dovecot servers, and
with Dovecot director, you can use any of these architectures.  Which
one you choose boils down to:

1.  Ease of management
2.  Budget
3.  Storage efficiency

The NFS and cluster filesystem solutions are generally significantly
more expensive than filesystem on DAS, because the NFS server and SAN
array required for 500,000 mailboxes are costly.  If you go NFS you
better get a NetApp filer.  Not just for the hardware, snapshots, etc,
but for the engineering support expertise.  They know NFS better than
the Pope knows Jesus and can get you tuned for max performance.

Standalone servers/filesystems with local disk give you dramatically
more bang for the buck.  You can handle the same load with fewer servers
and with quicker response times.  You can use SAN storage instead of
direct attach, but at cost equivalent to the cluster filesystem
architecture.  You'll then benefit from storage efficiency, PIT
snapshots, etc.

Again, random disk IOPS is the most important factor wil mailbox
storage.  With 50K logged in IMAP users and 5K POP3 users, we simply
have to guesstimate IOPS if you don't already have this data.  I assume
you don't as you didn't provide it.  It is the KEY information required
to size your architecture properly, and in the most cost effective manner.

Lets assume for argument sake that your 50K concurrent IMAP users and
your 5K POP users generate 8,000 IOPS, which is probably a high guess.
10K SAS drives do ~225 IOPS.

8000/225= 36 disks * 2 for RAID10 = 72

So as a wild ass guesstimate you'd need approximately 72 SAS drives in
multiple at 10K spindle speed for this workload.  If you need to use
high cap 7.2K SATA or SAS drives to meet your offered mailbox capacity
you'll need 144 drives.

Whether you go NFS, cluster on SAN, or standalone filesystems on SAN,
VMware with HA, Vmotion, etc, is a must, as it gives you instant host
failover and far easier management that KVM, Xen, etc.

On possible hardware solution consists of:

Qty 1.  HP 4730 SAN controller with 25x 600GB 10K SAS drives
Qty 3.  Expansion chassis for 75 drives, 45TB raw capacity, 21.6TB
net after one spare per chassis and RAID10, 8100 IOPS.
Qty 2.  Dell PowerEdge 320, 4 core Xeon and 96GB RAM, Dovecot
Qty 1.  HP ProLiant DL320e with 8GB RAM running Dovecot Director

You'd run ESX on each Dell with one Linux guest per physical box.  Each
guest would be allocated 46GB of RAM to facilitate failover.  This much
RAM is rather

Re: [Dovecot] dovecot produces messages dupes after nfs problems

[Charles Marcus]

On 2014-01-23 9:38 PM, Nick Edwards  wrote:

On 1/23/14, Charles Marcus  wrote:

On 2014-01-22 2:37 PM, Patrick Westenberg  wrote:

All duplicates have no "received from" headers. Seperate lmtp log shows
only one delivery.

As when troubleshooting anything like this, FULL logs for an event
exhibiting the problem is in order.



doubt that would work in this case


Really? Without full logs, how would you then troubleshoot ANY problem?



Since you are using NFS, and there are well known potential issues when
using NFS under certain circumstances, a more detailed description of
your (NFS) setup is in order.

never had any probems with NFS, but we dont use lmtp, we use dovecot-lda
and we dont use director either


If you have read the dovecot wiki (and the list archives), then you also 
know that with NFS, the problems are all related to setups where the NFS 
mailstore is being accessed by more than one dovecot server at a time.


That is what I was hinting at by 'a more detailed description of his 
(NFS) setup'...

[Dovecot] Shared mailbox ACL

[Alex Ferrara]

Hi everyone,

I am having some trouble with shared folders in trying to replicate how we use 
them with a Cyrus backend.

The auth database is Samba4 active directory, so I am using an LDAP lookup to 
authenticate and forcing the UID and GID to be all the same. I have a 
post-login script that sets the group ACL, and this seems to be working fine. 
/mnt/mail is an NFS mount to a FreeNAS machine, and there is only one Dovecot 
server connecting to that NFS share.

I have been able to get the inbox of the shared mailbox to appear in 
Thunderbird, but I would like to allow all subfolders to have the same ACLs. Is 
there a way to do this without having an ACL entry for each folder in the 
dovecot-acl file? I also cannot seem to create folders under the shared inbox.

Thanks.

Below is the output of /mnt/mail/acl/shared-mailboxes
shared/shared-boxes/group/accounting/accounting
1
shared/shared-boxes/group/team1/team1
1
shared/shared-boxes/group/team2/team2
1

Below is the output of dovecot -n

# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-22-pve x86_64 Debian 7.3 nfs
auth_mechanisms = plain login
auth_username_format = %n
mail_debug = yes
mail_location = 
maildir:/mnt/mail/mailboxes/%n/Maildir:INDEX=/var/local/dovecot-indexes/%n
mail_plugins = acl
mail_shared_explicit_inbox = no
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
namespace {
  list = yes
  location = 
maildir:/mnt/mail/mailboxes/%%n/Maildir:INDEX=/var/local/dovecot-shared/%%n
  prefix = ZGroup/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_defaults_from_inbox = yes
  acl_shared_dict = file:/mnt/mail/acl/shared-mailboxes
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = " imap lmtp sieve"
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
}
service imap-postlogin {
  executable = script-login /usr/local/bin/postlogin.py
  user = vmail
}
service imap {
  executable = imap imap-postlogin
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
  user = vmail
}
ssl_cert =