dovecot-2-2-pigeonhole-92405f753f6a - 77e6a42bff9b

[Tamsy]

Just a report to Stephan:

I tried to compile two builds from the Mercurial:
- dovecot-2-2-pigeonhole-92405f753f6a
- dovecot-2-2-pigeonhole-77e6a42bff9b

Both builds fail to compile with the same following error:

 8< 
../../src/lib-sieve-tool/.libs/libsieve-tool.a(sieve-tool.o): In
function `sieve_tool_open_output_stream':
/usr/local/src/dovecot-2-2-pigeonhole-77e6a42bff9b/src/lib-sieve-tool/sieve-tool.c:518:
undefined reference to `o_stream_create_fd_autoclose'
../../src/lib-sieve/.libs/libdovecot-sieve.so: undefined reference to
`i_stream_create_fd_autoclose'
collect2: ld returned 1 exit status
make[3]: *** [sievec] Error 1
make[3]: Leaving directory
`/usr/local/src/dovecot-2-2-pigeonhole-77e6a42bff9b/src/sieve-tools'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory
`/usr/local/src/dovecot-2-2-pigeonhole-77e6a42bff9b/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/usr/local/src/dovecot-2-2-pigeonhole-77e6a42bff9b'
make: *** [all] Error 2

Server OS: 2 servers, both running on Ubuntu 10.04 32 Bit

Rgds
Tamsy

Re: identify MUA connecting?

[Joseph Tam]

Juan Pablo  writes:


That is what I was not sure. I did not know what information was
possible available. I was thinking or hoping something same as http logs


My dovecot 2 installation logs this information.  E.g.

Jul 26 07:13:02 server dovecot: imap(user): ID sent: name=iPad
Mail, version=11D201, os=iOS, os-version=7.1.1 (11D201)
Jul 26 07:13:38 server dovecot: imap-login: ID sent:
name=com.google.android.email, os=android, os-version=4.4.4;
KTU84P, vendor=LGE, x-android-device-model=Nexus 4,
x-android-mobile-net-operator=Koodo, AGUID=...: user=<>,
rip={client-ip}, lip={server-ip}, TLS, 
session=

If you want this info, upgrade, as a later poster suggests.

Joseph Tam 

Re: Dovecot pigeonhole help sought

[Daniel Parthey]

Timothy Murphy wrote:
> I'm running postfix + dovecot + dovecot-pigeonhole
> on my CentOS-7 home server.
> I would like spam to end up in ~/Maildir/.Spam/ .
> Spam is being marked, but is not separated -
> it ends up with all the other email in ~/Maildir/cur/ .
> Evidently there is some step I have omitted to take.

You need to pass your mail through dovecot-lda or lmtp
in order to make the SIEVE filters work.

Postfix may not write directly to ~/Maildir/cur/.

Regards
Daniel

Exit status code 134; what is it, in the context of Dovecot Antispam plug-in?

[Ben Johnson]

Hello!

I just migrated from Ubuntu 12.04 LTS to 14.04 LTS and thereby from
Dovecot 2.0.19 to 2.2.9.

I've been using dovecot-antispam plugin with great success for the past
year with 2.0.19, but after this migration, I've been seeing the exit
status code 134 in the syslog when attempting to debug the Dovecot
Antispam plugin not working after the migration.

I have some debugging output in my pipe script; the output looks
something like this:

Copying message contents to temporary file for debugging purposes; file
is: /tmp/sendmail-msg-7662.txt
Checking if the command-line input argument string (--spam) contains the
string "ham" or "spam"
Mode is "SPAM"
Calling (as user vmail) '/usr/lib/dovecot/deliver -d
"sa-train...@example.com" -m "Training.SPAM" -p
"/tmp/sendmail-msg-7662.txt"'
Exit status was 134

Yet, I'm able to copy the above command and execute it manually, via the
command-line, and it works (and by "works", I mean to say that the
behavior is correct and exactly as expected; I receive the "Spam" email
at the designated mailbox). Here's how I'm calling it when it works
perfectly well (as "root"):

# su -c '/usr/lib/dovecot/deliver -d "sa-train...@example.com" -m
"Training.HAM" -p "/tmp/sendmail-msg-7460.txt"' vmail

Any idea what status 134 might be or how to work around it? It looks to
be some kind of "temporary failure exception", but that is less than
informative in this context.

"doveconf -n" output is appended.

Thanks for any help!

-Ben

# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-32-generic x86_64 Ubuntu 14.04.1 LTS
auth_mechanisms = plain login
disable_plaintext_auth = no
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_privileged_group = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  antispam_backend = pipe
  antispam_debug_target = syslog
  antispam_pipe_program = /bin/bash
  antispam_pipe_program_args = /usr/local/bin/sa-learn-pipe.sh
  antispam_pipe_program_notspam_arg = --ham
  antispam_pipe_program_spam_arg = --spam
  antispam_pipe_tmpdir = /tmp
  antispam_spam_pattern_ignorecase = SPAM;JUNK
  antispam_trash_pattern_ignorecase = trash;Deleted *
  antispam_verbose_debug = 1
  quota = dict:user::file:/var/vmail/%d/%n/.quotausage
  quota_rule2 = Trash:storage=+100M
  quota_rule3 = Junk:ignore
  quota_rule4 = INBOX:storage=+100M
  quota_warning = storage=100%% quota-reached 100 %u %d
  quota_warning2 = storage=95%% quota-warning 95 %u %d
  quota_warning3 = storage=80%% quota-warning 80 %u %d
  quota_warning4 = -storage=100%% quota-below below %u %d
  sieve = /var/vmail/%d/%n/.sieve
}
postmaster_address = postmas...@example.com
protocols = imap pop3 sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
  }
  user = root
}
service config {
  unix_listener config {
group = vmail
mode = 0600
user = vmail
  }
}
service imap-login {
  client_limit = 1000
  process_limit = 500
}
service quota-below {
  executable = script /usr/local/bin/quota-below.sh
  unix_listener quota-below {
group = vmail
mode = 0666
user = vmail
  }
  user = vmail
}
service quota-reached {
  executable = script /usr/local/bin/quota-reached.sh
  unix_listener quota-reached {
group = vmail
mode = 0666
user = vmail
  }
  user = vmail
}
service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  unix_listener quota-warning {
group = vmail
mode = 0666
user = vmail
  }
  user = vmail
}
ssl_cert = 

Re: Error after Upgrade

[Daniel Parthey]

Hi Jim,

Jim Knuth wrote:
> Jul 25 11:03:01 server2 dovecot: lmtp(25638): Fatal: master: service(lmtp): 
> child 25638 killed with signal 11 (core dumps disabled)

You should try to get a core dump and a gdb backtrace
with debug symbols package installed.

The following article describes how to get one:
http://www.dovecot.org/bugreport.html

Regards
Daniel

Re: "Corrupted dbox file [...] purging found mismatched offsets"

[Jesus Cea]

On 29/07/14 01:21, Daniel Parthey wrote:
> Are you using dovecot director and a shared filesystem like NFS?
> 
> You not only need to run imap and pop3 service via director,
> but also the doveadm service, otherwise different hosts might
> access the mdbox simultaneously, which will corrupt your index
> files and you will lose flags.

No, this is a dovecot server running in my own laptop. I guess some
computer crash left the mail in an inconsistent state, and I need to
assert the extend of the problem. A well designed system should not lose
email, even when crashes are involved.

-- 
Jesús Cea Avión _/_/  _/_/_/_/_/_/
j...@jcea.es - http://www.jcea.es/ _/_/_/_/  _/_/_/_/  _/_/
Twitter: @jcea_/_/_/_/  _/_/_/_/_/
jabber / xmpp:j...@jabber.org  _/_/  _/_/_/_/  _/_/  _/_/
"Things are not so easy"  _/_/  _/_/_/_/  _/_/_/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/_/_/_/  _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz




signature.asc
Description: PGP signature


signature.asc
Description: OpenPGP digital signature

Re: Multiple servers and NFS

[Daniel Parthey]

Nick Edwards wrote:
> On 7/26/14, Robert Schetterer  wrote:
> > Am 25.07.2014 um 16:12 schrieb Eduardo Ramos:
> >> I did not understand what the advantage of use dovecot LMTP with
> >> director too.
> >
> > in "very short" words...
> > with nfs ,the director should avoid concurrent events
> > which may happen with lmtp too, depending to multiple server setup
> 
> using director was considered in risk assessment as its another point
> of failure, and weighed against its claimed benefit, the decision was
> made its not justified.
> 
> mail_location = maildir:/mail/%1n/%1.1n/%2.1n/%n/Maildir:INDEX=MEMORY

With maildir you won't have data-loss without the director,
since the index files are auto-regenerated without any problem.

With mdbox on NFS and no director, you will have data-loss sooner or later:

http://wiki2.dovecot.org/MailboxFormat/dbox


One of the main reasons for dbox's high performance is that it uses Dovecot's
index files as the only storage for message flags and keywords, so the indexes
don't have to be "synchronized". Dovecot trusts that they're always up-to-date
(unless it sees that something is clearly broken). This also means that you
must not lose the dbox index files, they can't be regenerated without data
loss.


Regards
Daniel

Re: Segfault dovecot 2.2.9

[Daniel Parthey]

Simon Gareste wrote:
> This outdated version is the one packaged in Ubuntu LTS 14.04.1,
> which I believe I'm not the only one using. Updating the dovecot packages
> provided by Ubuntu would certainly help.

If Ubuntu packages segfault, you should file a bug report at Ubuntu Launchpad:

https://help.ubuntu.com/community/ReportingBugs

Regards
Daniel

Re: identify MUA connecting?

[Reindl Harald]

Am 28.07.2014 22:40, schrieb Peter Chiochetti:
> Am 2014-07-28 um 21:15 schrieb Reindl Harald:
>> Am 28.07.2014 20:57, schrieb Rick Romero:
 Am 28.07.2014 19:58, schrieb Juan Pablo:
> The reason I am wanting to do this is I would like to know if people
> are getting their email on personal devices
> instead of work secured / standardized phones
>>>
>>> IMHO, client certificates would work work well here.  I think Dovecot
>>> supports it
>>
>> yes, but you accept them or not
>> that's a different story than "log the MUA information"
> 
> Yes, it is a means to stop people from using insecure devices.

a client certificate hadrly makes a device secure
if the device is compromised your cert is gone

> So possibly a useful hint the OP may be interested in! Might well be that 
> its the reason for learning which MUA was used?

well, "what client is used" is impossible

there is no user-agent like HTTP and even for HTTP the header is not
mandatory and rqeuire it will break your web-app for anybody who cares
for privacy while gain nothing





signature.asc
Description: OpenPGP digital signature

Re: Multiple passwords with sql authentication

[BlackVoid]

On 2014-07-28 16:51, Timo Sirainen wrote:
> On 23 Jul 2014, at 18:49, BlackVoid  wrote:
> 
>> I'm currently working on a control panel which is using postfix, dovecot
>> and other applications and I want to add application specific passwords
>> to increase security.
>>
>> I found one solution [1], however it requires the password to be
>> included in the query which is something I do not want to do, because
>> the query may be written in clear-text to log-files. So I'm wondering if
>> there is a way to have multiple passwords with dovecot without risking
>> passwords being leakied in clear-text to log-files.
> 
> There's an old patch to support this, but it was never finished: 
> http://dovecot.org/patches/2.0/auth-multi-password-2.0.diff
> 
> I had a newer idea about encoding the passwords into a single field, such as 
> {MULTI}hash1:hash2:hash3 but that doesn't exist either yet.
> 
> For now the only possibility would be to create multiple passdbs, each one 
> returning a different password field. That could work if you have only a 
> couple of different passwords.
> 

Well that's unfortunate. Looks like I have to scrap the idea until
either the old patch or your idea is implemented. I don't think having
multiple passdbs is a choice, because the amount of application specific
passwords a user can have is not finite.

Thanks for the help though.

doveadm json formatter

[James Devine]

Any thoughts to adding a json formatter to the doveadm output?

Re: identify MUA connecting?

[Peter Chiochetti]

Am 2014-07-28 um 21:15 schrieb Reindl Harald:

Am 28.07.2014 20:57, schrieb Rick Romero:

Am 28.07.2014 19:58, schrieb Juan Pablo:

The reason I am wanting to do this is I would like to know if people
are getting their email on personal devices
instead of work secured / standardized phones


IMHO, client certificates would work work well here.  I think Dovecot
supports it


yes, but you accept them or not
that's a different story than "log the MUA information"


Yes, it is a means to stop people from using insecure devices.

So possibly a useful hint the OP may be interested in! Might well be 
that its the reason for learning which MUA was used?


--
peter

Re: identify MUA connecting?

[Reindl Harald]

Am 28.07.2014 20:57, schrieb Rick Romero:
>  Quoting Reindl Harald :
> 
>> Am 28.07.2014 19:58, schrieb Juan Pablo:
>>> Hello I am using dovecot 1.2.15 on ubuntu.
>>>
>>> Is it possible to somehow log the MUA information that is connecting to
>>> Dovecot?
>>>
>>> The reason I am wanting to do this is I would like to know if people
>>> are getting their email on personal devices
>>> instead of work secured / standardized phones
>>
>> from where should that information come?
>>
>> dovecot has IP, auth-method, username, passwword, TLS
>> that is logged - there is no more information available
>>
>> grep the logs and analyze IP'sreslove the PTR's and you get some useful
>> informations
> 
> IMHO, client certificates would work work well here.  I think Dovecot
> supports it

yes, but you accept them or not

that's a different story than "log the MUA information"



signature.asc
Description: OpenPGP digital signature

Migration from mbox/maildir++ to mdbox

[Nima Saed-Samii]

Dear list,

dovecot version: 2.1.7

I have an old mail server that uses mboxes for the INBOX and
maildirs for subfolders. I want to migrate our mail handling
to a new setup using mdboxes for everything.

The current config looks like this:

# 2.1.7: /etc/dovecot/dovecot.conf
doveconf: Warning: service anvil { client_limit=1000 } is lower than
required under max. load (1127)
# OS: Linux 3.2.0-0.bpo.4-686-pae i686 Debian 6.0.10 
auth_mechanisms = plain login
disable_plaintext_auth = no
first_valid_uid = 114
log_path = /var/log/dovecot.log
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = mbox:~/Mail/MBox:INBOX=/var/mail/%u
mail_max_userip_connections = 30
mail_privileged_group = mail
namespace {
  hidden = yes
  inbox = yes
  list = no
  location = 
  prefix = "#mbox/"
  separator = /
}
namespace {
  location = maildir:~/Mail/Maildir
  prefix = 
  separator = /
}
passdb {
  args = dovecot
  driver = pam
}
protocols = imap
service auth {
  client_limit = 1024
  user = root
}
service imap-login {
  inet_listener imap {
port = 0
  }
  process_limit = 1024
}
ssl_cert = 

Re: identify MUA connecting?

[Rick Romero]

 Quoting Reindl Harald :


Am 28.07.2014 19:58, schrieb Juan Pablo:

Hello I am using dovecot 1.2.15 on ubuntu.

Is it possible to somehow log the MUA information that is connecting to
Dovecot?

The reason I am wanting to do this is I would like to know if people
are getting their email on personal devices
instead of work secured / standardized phones


from where should that information come?

dovecot has IP, auth-method, username, passwword, TLS
that is logged - there is no more information available

grep the logs and analyze IP'sreslove the PTR's and you get some useful
informations


IMHO, client certificates would work work well here.  I think Dovecot
supports it.

Rick

Re: identify MUA connecting?

[Pascal Volk]

On 07/28/2014 06:38 PM, Pascal Volk wrote:
> In the Dovecot v2.0 tree there was the following commit:
> 
>   changeset:   9123:edcafb3efbbf
>   branch:  HEAD
>   user:Timo Sirainen 
>   date:Thu Apr 16 19:14:23 2009 -0400
>   summary: Added imap_idle_notify_interval setting.
> …

Oops, that was the wrong one. :-) Bad grep-voodoo, sorry.
So you will need Dovecot v2.1.1 at least.


Regards,
Pascal
-- 
The trapper recommends today: beeffeed.1420...@localdomain.org

Re: identify MUA connecting?

[Pascal Volk]

On 07/28/2014 05:58 PM, Juan Pablo wrote:
> Hello I am using dovecot 1.2.15 on ubuntu.

UPGRADE! Dovecot < 2.x is no longer supported.


> Is it possible to somehow log the MUA information that is connecting to 
> Dovecot?

In the Dovecot v2.0 tree there was the following commit:

changeset:   9123:edcafb3efbbf
branch:  HEAD
user:Timo Sirainen 
date:Thu Apr 16 19:14:23 2009 -0400
summary: Added imap_idle_notify_interval setting.

Some time later in the v2.1 tree there was fix:

changeset:   14197:32ffa616f249
user:Timo Sirainen 
date:Sat Feb 25 07:29:15 2012 +0200
summary: imap-login: imap_id_* settings were ignored pre-login.

So, if you would use Dovecot v2.1.x you would be able to log some
information about the connected client. BUT not all mail clients are
supporting RFC2971 [http://tools.ietf.org/html/rfc2971].

The settings for this feature are configured in conf.d/20-imap.conf:

* imap_id_log
* imap_id_send

> The reason I am wanting to do this is I would like to know if people are 
> getting their email on personal devices instead of work secured / 
> standardized phones.

That depends on the used software, see above


Regards,
Pascal
-- 
The trapper recommends today: beeffeed.1420...@localdomain.org

Re: identify MUA connecting?

[Juan Pablo]

On 2014-07-28 18:14, Reindl Harald wrote:

from where should that information come?


That is what I was not sure. I did not know what information was
possible available. I was thinking or hoping something same as http logs


dovecot has IP, auth-method, username, passwword, TLS
that is logged - there is no more information available


I see unfortunate but thank you for this information


grep the logs and analyze IP's
reslove the PTR's and you get some useful informations


not of use as their business device can be used from home where also 
their personal device may be

Re: identify MUA connecting?

[Reindl Harald]

Am 28.07.2014 19:58, schrieb Juan Pablo:
> Hello I am using dovecot 1.2.15 on ubuntu.
> 
> Is it possible to somehow log the MUA information that is connecting to 
> Dovecot?
> 
> The reason I am wanting to do this is I would like to know if people are 
> getting their email on personal devices
> instead of work secured / standardized phones

from where should that information come?

dovecot has IP, auth-method, username, passwword, TLS
that is logged - there is no more information available

grep the logs and analyze IP's
reslove the PTR's and you get some useful informations




signature.asc
Description: OpenPGP digital signature

identify MUA connecting?

[Juan Pablo]

Hello I am using dovecot 1.2.15 on ubuntu.

Is it possible to somehow log the MUA information that is connecting to 
Dovecot?


The reason I am wanting to do this is I would like to know if people are 
getting their email on personal devices instead of work secured / 
standardized phones.

Re: Multiple passwords with sql authentication

[Timo Sirainen]

On 23 Jul 2014, at 18:49, BlackVoid  wrote:

> I'm currently working on a control panel which is using postfix, dovecot
> and other applications and I want to add application specific passwords
> to increase security.
> 
> I found one solution [1], however it requires the password to be
> included in the query which is something I do not want to do, because
> the query may be written in clear-text to log-files. So I'm wondering if
> there is a way to have multiple passwords with dovecot without risking
> passwords being leakied in clear-text to log-files.

There's an old patch to support this, but it was never finished: 
http://dovecot.org/patches/2.0/auth-multi-password-2.0.diff

I had a newer idea about encoding the passwords into a single field, such as 
{MULTI}hash1:hash2:hash3 but that doesn't exist either yet.

For now the only possibility would be to create multiple passdbs, each one 
returning a different password field. That could work if you have only a couple 
of different passwords.

Re: ACLs on Top level mailboxes.

[Timo Sirainen]

On 24 Jul 2014, at 01:22, Dan Carroll  wrote:

> I’m in the process of migrating a mail server to new hardware.   At the same 
> time, I’ve made the decision to switch from courier to dovecot (v2.2.13) and 
> from what I have seen so far I’m pretty happy.
> I have two questions for the list.
> 
> I’d like my users mailboxes (Maildir format) to look like this:
> 
> Inbox
> UserCreatedSubFolder1
> UserCreatedSubFolder2
> …
> Sent
> UserCreatedSubFolder3
> Drafts
> Trash
> Junk
> Archives
> 
> 
> The Top level folders (Sent, Drafts etc) are all “Special” and I do not wish 
> the users to be able to delete them.
> I also don’t want them to create new Top level folders.
> 
> This will force all custom folders to be under a Top Level folder.
..
> I also tried some global-acl file settings but I could not make that work 
> either.


I think global ACL file would work. Use something like:

* 
INBOX.* 

(I don't remember the rights strings exactly now.)

> My second question relates to migration.Is it enough that I copy the 
> Maildir structure and simply delete the courier files or is it a lot better 
> to use a courier->dovecot migration tool?
> I realise folder subscriptions would be lost but that’s OK, I’ll recreate 
> them manually anyway.

IMAP clients will redownload their local mail cache if you don't use migration 
tool. Doesn't necessarily matter with few users.

Re: Multiple servers and NFS

[Timo Sirainen]

On 24 Jul 2014, at 20:09, Nathan Schultheiss  wrote:

> When I go on Roundcube with a mailbox who I've 96000 in the INBOX "cur" 
> folder, the first time I need 1 minutes waiting.
> The second time it's a little more quick 10 seconds... But when I go back 
> again (after a few hours) it's slow again... And we'are just 5 users at the 
> moment for test...

See if maildir_very_dirty_syncs=yes helps.

Re: After upgrade from 2.1 to 2.2.13 clients can create folders with names containing slash character on a Linux system

[Timo Sirainen]

On 24 Jul 2014, at 17:30, David Davidov  wrote:

> We have following issue: After upgrade from 2.1 to 2.2.13 clients can create 
> folders with names containing slash character.
> This was not possible with our previous version 2.1. Tested.

Oops, fixed: http://hg.dovecot.org/dovecot-2.2/rev/4b8a098a70b7

Re: [pigeonhole] disregards --with-ldap=no during compilation

[Michael Grimm]

On 2014-07-28 9:29, Stephan Bosch wrote:

On 7/27/2014 2:21 PM, Michael Grimm wrote:


I can't get current dovecot and pigeonhole compiled; compilation stops 
with:


| sieve-ldap-db.h:19:10: fatal error: 'ldap.h' file not found



Fixed:

http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/5117ffc8b151


Yep. I can confirm that "--wiht-ldap=no" is regarded, now.

Thanks and regards,
Michael

Re: Multiple servers and NFS

[Robert Schetterer]

Am 28.07.2014 um 13:09 schrieb Nick Edwards:
> On 7/26/14, Robert Schetterer  wrote:
>> Am 25.07.2014 um 16:12 schrieb Eduardo Ramos:
>>> I did not understand what the advantage of use dovecot LMTP with
>>> director too.
>>
>> in "very short" words...
>> with nfs ,the director should avoid concurrent events
>> which may happen with lmtp too, depending to multiple server setup
>>
> 
> A few of us run large NFS based systems without director, however
> mostly 99% pop3, not using director on imap has little impact either
> from our tests, remember, director is only a couple years at most old,
> people have been doing NFS mailstorage for decades, and with relation
> to dovecot, ten years or so, the sky never collapsed back then, it
> hasnt now either thus far :->
> using director was considered in risk assessment as its another point
> of failure, and weighed against its claimed benefit, the decision was
> made its not justified.
> 
> note: we dont use lmtp, each mx mounts/stores directly to EMC storgage
> with dovecot-lda, 14 front ends = 14 direct storages, sure, means
> dovecot needs to be installed on each mx (but not listening), but it
> eliminates the need for dedicated back ends to send to, each mx is
> that backend.
> 
> 12 pop3 servers, of note however, we use index:memory on pop3 and smtp's
> 
> mail_location = maildir:/mail/%1n/%1.1n/%2.1n/%n/Maildir:INDEX=MEMORY
> 
> only 3 imaps one of which is webmail, and of course we do not use
> index:memory on them, these are behind real (serveriron's) load
> balancers, so if using pretend load balancers :-> YMMV
> 

That looks fine
but now whats the problem ?
For sure there are many ways to goal. do what you like.
I also have no director setup using cluster file systems with
loadbalancers working fine.


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: Multiple servers and NFS

[Nick Edwards]

On 7/26/14, Robert Schetterer  wrote:
> Am 25.07.2014 um 16:12 schrieb Eduardo Ramos:
>> I did not understand what the advantage of use dovecot LMTP with
>> director too.
>
> in "very short" words...
> with nfs ,the director should avoid concurrent events
> which may happen with lmtp too, depending to multiple server setup
>

A few of us run large NFS based systems without director, however
mostly 99% pop3, not using director on imap has little impact either
from our tests, remember, director is only a couple years at most old,
people have been doing NFS mailstorage for decades, and with relation
to dovecot, ten years or so, the sky never collapsed back then, it
hasnt now either thus far :->
using director was considered in risk assessment as its another point
of failure, and weighed against its claimed benefit, the decision was
made its not justified.

note: we dont use lmtp, each mx mounts/stores directly to EMC storgage
with dovecot-lda, 14 front ends = 14 direct storages, sure, means
dovecot needs to be installed on each mx (but not listening), but it
eliminates the need for dedicated back ends to send to, each mx is
that backend.

12 pop3 servers, of note however, we use index:memory on pop3 and smtp's

mail_location = maildir:/mail/%1n/%1.1n/%2.1n/%n/Maildir:INDEX=MEMORY

only 3 imaps one of which is webmail, and of course we do not use
index:memory on them, these are behind real (serveriron's) load
balancers, so if using pretend load balancers :-> YMMV

Re: Segfault dovecot 2.2.9

[Reindl Harald]

Am 28.07.2014 12:33, schrieb Simon Gareste:
> Le 28/07/2014 12:14, Reindl Harald a écrit :
>> Am 28.07.2014 09:44, schrieb Simon Gareste:
>>> When trying to set up dovecot, I somehow managed to get a segfault. Trying 
>>> to launch dovecot from command line
>>> (simply execute 'dovecot') results in the error message:
>>> Segmentation fault (core dumped)
>>>
>>> Trying dovecot -n results in pretty much the same:
>>> # 2.2.9: /etc/dovecot/dovecot.conf
>>> Segmentation fault (core dumped)
>>>
>>> Looking at syslog, I see
>>> doveconf[3676]: segfault at 200 ip 7fbb93c4fcb3 sp 7fff005b4c10 
>>> error 4 in
>>> libc-2.19.so[7fbb93c04000+1bc000]
>> current is 2.2.13
>>
>> so don't report problems with a outdated version instead
>> just upgrade - there where bugfixes between 2.2.9 and
>> 2.2.13 in context of segfaults here and there
>>
> Thank you. This outdated version is the one packaged in Ubuntu
> LTS 14.04.1, which I believe I'm not the only one using

that's the problem with all that LTS packages

nobody knows what fixes they may have backported and
what are missing, so the version number no longer says
anything which makes it also impossible for the upstream
developer to know the patchlevel

that's why i build packages for server software the last
7 years on my own infrastructure from upstream sources

Updating the dovecot packages provided by Ubuntu would certainly help. I 
understand that the version I'm
> using is roughly 9 months old, but then the LTS was released 3 months ago, 
> why doesn't it include the 2.2.11 or
> 2.2.12?
> 
> And I found the solution in the end, the problem comes from 
> auth_debug_passwords=yes being the right thing, and
> auth_debug_passwords=plain being source of segfault. I don't know where I got 
> the "plain" value in the first place,
> but I certainly should have read more carefully some docs. I also don't know 
> if this was fixed later, but shouldn't
> there be a verification on some values of some variables, when there are 
> limited values to which they can be defined?

http://comments.gmane.org/gmane.mail.imap.dovecot/76231



signature.asc
Description: OpenPGP digital signature

Re: Segfault dovecot 2.2.9

[Simon Gareste]

Le 28/07/2014 12:14, Reindl Harald a écrit :

Am 28.07.2014 09:44, schrieb Simon Gareste:

When trying to set up dovecot, I somehow managed to get a segfault. Trying to 
launch dovecot from command line
(simply execute 'dovecot') results in the error message:
Segmentation fault (core dumped)

Trying dovecot -n results in pretty much the same:
# 2.2.9: /etc/dovecot/dovecot.conf
Segmentation fault (core dumped)

Looking at syslog, I see
doveconf[3676]: segfault at 200 ip 7fbb93c4fcb3 sp 7fff005b4c10 error 4 
in libc-2.19.so[7fbb93c04000+1bc000]

current is 2.2.13

so don't report problems with a outdated version instead
just upgrade - there where bugfixes between 2.2.9 and
2.2.13 in context of segfaults here and there

Thank you. This outdated version is the one packaged in Ubuntu LTS 
14.04.1, which I believe I'm not the only one using. Updating the 
dovecot packages provided by Ubuntu would certainly help. I understand 
that the version I'm using is roughly 9 months old, but then the LTS was 
released 3 months ago, why doesn't it include the 2.2.11 or 2.2.12?


And I found the solution in the end, the problem comes from 
auth_debug_passwords=yes being the right thing, and 
auth_debug_passwords=plain being source of segfault. I don't know where 
I got the "plain" value in the first place, but I certainly should have 
read more carefully some docs. I also don't know if this was fixed 
later, but shouldn't there be a verification on some values of some 
variables, when there are limited values to which they can be defined?


Anyway, dovecot is running, all my apologizes for the unwanted spam.

Simon

Re: Segfault dovecot 2.2.9

[Reindl Harald]

Am 28.07.2014 09:44, schrieb Simon Gareste:
> One difference I noticed between the two servers is that on the failing one, 
> there is 
> no /var/run/dovecot. I presume this folder and its files are created once 
> dovecot is 
> launched, so that's why it's not present, and is only a symptom of the 
> failure, 
> not a cause?

no, it is supposed to be created by package install
and on modern systems where /var/run is a symlink
to /run which is a tmpfs everytime at boot

[root@mail:~]$ cat /usr/lib/tmpfiles.d/dovecot.conf
d /run/dovecot 0755 root dovecot -








signature.asc
Description: OpenPGP digital signature

Re: Segfault dovecot 2.2.9

[Reindl Harald]

Am 28.07.2014 09:44, schrieb Simon Gareste:
> When trying to set up dovecot, I somehow managed to get a segfault. Trying to 
> launch dovecot from command line
> (simply execute 'dovecot') results in the error message:
> Segmentation fault (core dumped)
> 
> Trying dovecot -n results in pretty much the same:
> # 2.2.9: /etc/dovecot/dovecot.conf
> Segmentation fault (core dumped)
> 
> Looking at syslog, I see
> doveconf[3676]: segfault at 200 ip 7fbb93c4fcb3 sp 7fff005b4c10 error 
> 4 in libc-2.19.so[7fbb93c04000+1bc000]

current is 2.2.13

so don't report problems with a outdated version instead
just upgrade - there where bugfixes between 2.2.9 and
2.2.13 in context of segfaults here and there



signature.asc
Description: OpenPGP digital signature

Segfault dovecot 2.2.9

[Simon Gareste]

Hi all,

When trying to set up dovecot, I somehow managed to get a segfault. 
Trying to launch dovecot from command line (simply execute 'dovecot') 
results in the error message:

Segmentation fault (core dumped)

Trying dovecot -n results in pretty much the same:
# 2.2.9: /etc/dovecot/dovecot.conf
Segmentation fault (core dumped)

Looking at syslog, I see
doveconf[3676]: segfault at 200 ip 7fbb93c4fcb3 sp 7fff005b4c10 
error 4 in libc-2.19.so[7fbb93c04000+1bc000]


I tried but couldn't find the core dump anywhere on the server. Any help 
on this would be appreciated too.


I (trying to ) run it with postfix, on an Ubuntu 14.04 (Linux 
mail2.arturia.com 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 
UTC 2014 x86_64 x86_64 x86_64 GNU/Linux), brand new server. What 
troubles me even more is that I just set up successfully another mail 
server a week ago, with the same configuration (diffing the conf 
folders) except for log or mailbox paths (driver and stuff are the same).


In the google search I've done, I saw some stuff about openssl: both 
servers are running 1.0.1f, since one is running fine, I guess this is 
not the culprit.


One difference I noticed between the two servers is that on the failing 
one, there is no /var/run/dovecot. I presume this folder and its files 
are created once dovecot is launched, so that's why it's not present, 
and is only a symptom of the failure, not a cause?


Thanks for your help, and please tell me what other information I could 
provide to help.


Simon

Re: Disconnected (no auth attempts)

[Reindl Harald]

Am 28.07.2014 11:01, schrieb Michael Pierce:
> Firstly, I'd like to apologise if this is really simple or the answers
> available easily.  I have searched and tried to solve this alone but with
> no success.
> 
> I'm having an issue with dovecot to which its reporting "Disconnected (no
> auth attempts)" in the info log file.  From what I understand this is
> usually due to SSL not being enabled (however, ssl = required is in the
> config).  I hope someone can help.  I have included config file, and log
> file information below.

the client did not make any auth attempt
dovecot just logs what is happening

mostly when that happens the client is configured for a auth mech like
CRAM-MD5 and the server does not support it, so the client connects, get
from the server the list of supported auth-mechs and says "hm it don't
support what the user configured, bye"

> ps, apologies if I was supposed to pastebin these, I was not sure.
> *dovecot -n*
> # 2.0.9: /etc/dovecot/dovecot.conf
> # OS: Linux 3.10.9--grs-ipv6-64 x86_64 CentOS release 6.5 (Final)
> auth_debug_passwords = yes
> base_dir = /var/run/dovecot/
> disable_plaintext_auth = no
> first_valid_uid = 200
> info_log_path = /var/log/dovecot-info.log
> log_path = /var/log/dovecot.log
> mail_gid = 12
> mail_uid = 200
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> protocols = imap
> ssl = required
> ssl_cert =  ssl_key =  userdb {
>   driver = prefetch
> }
> userdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> 
> *dovecot-sql.conf*
> driver = mysql
> connect = host=/var/run/mysqld/mysqld.sock dbname=mailreader_mail
> user=[removed] password=[removed]
> default_pass_scheme = SHA512
> password_query = SELECT email as user, password,
> 'maildir:/home/mail'||maildir as userdb_mail FROM users WHERE email = '%u'
> 
> dovecot-info.conf
> Jul 28 10:58:50 master: Info: Dovecot v2.0.9 starting up (core dumps
> disabled)
> Jul 28 10:58:59 auth: Debug: Loading modules from directory:
> /usr/lib64/dovecot/auth
> Jul 28 10:58:59 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libauthdb_ldap.so
> Jul 28 10:58:59 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_mysql.so
> Jul 28 10:58:59 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_sqlite.so
> Jul 28 10:58:59 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libmech_gssapi.so
> Jul 28 10:58:59 auth: Debug: auth client connected (pid=22493)
> Jul 28 10:59:00 imap-login: Info: Disconnected (no auth attempts):
> rip=[removed], lip=[removed]
> 

-- 

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33
icq: 154546673, http://www.thelounge.net/

http://www.thelounge.net/signature.asc.what.htm



signature.asc
Description: OpenPGP digital signature

Fwd: Disconnected (no auth attempts)

[Michael Pierce]

Hi,

Firstly, I'd like to apologise if this is really simple or the answers
available easily.  I have searched and tried to solve this alone but with
no success.

I'm having an issue with dovecot to which its reporting "Disconnected (no
auth attempts)" in the info log file.  From what I understand this is
usually due to SSL not being enabled (however, ssl = required is in the
config).  I hope someone can help.  I have included config file, and log
file information below.

Please and Thanks,
Michael Pierce

ps, apologies if I was supposed to pastebin these, I was not sure.
*dovecot -n*
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.9--grs-ipv6-64 x86_64 CentOS release 6.5 (Final)
auth_debug_passwords = yes
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
first_valid_uid = 200
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_gid = 12
mail_uid = 200
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
protocols = imap
ssl = required
ssl_cert = 

Re: [pigeonhole] disregards --with-ldap=no during compilation

[Stephan Bosch]

On 7/27/2014 2:21 PM, Michael Grimm wrote:
> Hi --
>
> I can't get current dovecot and pigeonhole compiled; compilation stops with:
>
> | sieve-ldap-db.h:19:10: fatal error: 'ldap.h' file not found
>
> Ok, because my dovecot isn't compiled with ldap (--without-ldap), I tried to 
> apply "--with-ldap=no" with configure as advertised in the INSTALL file of 
> pigeonhole, but without success:
>
> [...]
> | ./sieve-ldap-db.h:19:10: fatal error: 'ldap.h' file not found
> | #include 
> |  ^
> | 1 error generated.
> | gmake[5]: *** [sieve-ldap-db.lo] Error 1
> | gmake[5]: Leaving directory 
> `/usr/local/etc/dovecot/SOURCE/dovecot-2.2-pigeonhole/src/lib-sieve/storage/ldap'
> [...]
> | gmake: *** [all] Error 2
>
> My configure run logfile shows:
>
> [...]
> | config.status: creating src/lib-sieve/storage/ldap/Makefile
> [...]
> | script drivers . : file dict
> |  : -ldap
>
> This happens at FreeBSD-STABLE (clang 3.4.1, gmake 3.82) with dovecot at 
> 2d2d75ac6715 and pigeonhole at 1475892e8cff.
>
> Any ideas what went wrong?

Me not paying attention with adding new features as it seems.

> (I'm back to pigeonhole 0.4.3 (1c6130ff5dd6) for the time being.)

Fixed:

http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/5117ffc8b151

Regards,

Stephan.