Re: Dovecot and remote SASL Client via TLS
Hello,
Anyone interested, I solved it the following way:
imap server: dovecot = /bin/saslcheckpassword = local unix domain
socket for saslauthd = socat client
^
= Remote TLS connection
v
auth server: socat server = saslauthd = /etc/passwd,/etc/shadow
saslcheckpassword is based on checkpassword.sh and enhanced for SASL,
modified version attached:
https://bitbucket.org/vizovitin/dovecot-conf-examples/src/tip/checkpassword-shell/checkpassword.sh
Detailed configs below.
imap server:
touch /var/log/dovecot-saslcheckpassword.log
chown dovecot.dovecot /var/log/dovecot-saslcheckpassword.log
chmod 750 /var/log/dovecot-saslcheckpassword.log
Advantage is single authentication entity.
Works well for me for some time now.
If you have some questions feel free to ask.
Ciao,
Gerhard
IMAP server, SASL client:
cat /etc/systemd/system/multi-user.target.wants/saslclient.service
[Unit]
Description=SASL remote client for authentication, provides local unix
domain socket
After=network.target
[Service]
# Must be running under permissions for the dovecot user!
ExecStart=/usr/bin/socat -4 -ly
UNIX-LISTEN:/var/run/saslauthd/mux,fork,user=dovecot,group=dovecot
'OPENSSL:myserver:1234,verify=1,method=TLSv1,cipher=DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5,cafile=/etc/socat/mycert.crt'
[Install]
WantedBy=multi-user.target
Auth server:
cat /etc/systemd/system/multi-user.target.wants/saslserver.service
[Unit]
Description=SASL remote server for authentication
After=network.target
[Service]
ExecStart=/usr/bin/socat -4 -ly
'OPENSSL-LISTEN:,reuseaddr,fork,verify=0,method=TLSv1,cipher=DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5,cert=/etc/socat/mycert.pem,cafile=/etc/socat/mycert.crt'
/var/run/saslauthd/mux
[Install]
WantedBy=multi-user.target
Relevant dovecot config:
userdb {
args = username_format=%n /etc/dovecot/users
driver = passwd-file
}
passdb {
args = /bin/saslcheckpassword
driver = checkpassword
}
--
http://www.wiesinger.com/
On 16.07.2014 15:50, Gerhard Wiesinger wrote:
Any comments?
Thank you.
Ciao,
Gerhard
http://www.wiesinger.com/
#!/bin/bash
# Example Dovecot checkpassword script that may be used as both passdb or
userdb.
#
# Originally written by Nikolay Vizovitin, 2013.
# Enhanced by Gerhard Wiesinger, 2014.
# Assumes authentication DB is in /etc/dovecot/users, each line has
'user:password' format.
# Place this script into /etc/dovecot/checkpassword.sh file and make executable.
# Implementation guidelines at
http://wiki2.dovecot.org/AuthDatabase/CheckPassword
# The first and only argument is path to checkpassword-reply binary.
# It should be executed at the end if authentication succeeds.
CHECKPASSWORD_REPLY_BINARY=$1
# Messages to stderr will end up in mail log (prefixed with dovecot: auth:
Error:)
#LOG=/dev/stderr
# Will be e.g. /tmp/systemd-dovecot.service-XfZAUy5/tmp/saslcheckpassword.log
#LOG=/tmp/saslcheckpassword.log
# touch /var/log/dovecot-saslcheckpassword.log
# chown dovecot.dovecot /var/log/dovecot-saslcheckpassword.log
# chmod 750 /var/log/dovecot-saslcheckpassword.log
LOG=/var/log/dovecot-saslcheckpassword.log
#export default_userdb_uid=popuser
#export default_userdb_gid=popuser
export default_userdb_uid=vmail
export default_userdb_gid=vmail
export SASL=1
# User and password will be supplied on file descriptor 3.
INPUT_FD=3
# Error return codes.
ERR_PERMFAIL=1
ERR_NOUSER=3
ERR_TEMPFAIL=111
# Make testing this script easy. To check it just run:
# printf '%s\0%s\0' user password | ./checkpassword.sh test; echo $?
if [ $CHECKPASSWORD_REPLY_BINARY = test ]; then
CHECKPASSWORD_REPLY_BINARY=/bin/true
INPUT_FD=0
fi
# Credentials lookup function. Given a user name it should output
'user:password' if such
# account exists or nothing if it does not. Return non-zero code in case of
error.
credentials_lookup()
{
local db=$1
local user=$2
awk -F ':' -v USER=$user '($1 == USER) {print}' $db 2$LOG
}
# Credentials verification function. Given a user name and password it should
output non-empty
# string (this implementation outputs 'user:password') in case supplied
credentials are valid
# or nothing if they are not. Return non-zero code in case of error.
credentials_verify()
{
local db=$1
local user=$2
local pass=$3
awk -F
Re: Dovecot, Thunderbird and messages in wrong folder
Am 08.08.2014 um 07:34 schrieb Gerhard Wiesinger: Sometimes it happens that messages (e.g. one or two) appear in wrong folders in Thunderbird (latest version, also past versions, different computers, also Earlybird). When I repair the folder (folder/Settings/Repair Folder) in Thunderbird, the folder is correct then. It happens on my new server with Fedora 20, Dovecot 2.2.13 and Maildir but it also happened on my old server with Fedora 1, Dovecot 2.2.13 and mbox. Has anyone the same issue? Any guess whether it might be a thunderbird or dovecot issue? Anyone has the same issues with thunderbird and a different IMAP server (e.g. cyrus)? it's a TB problem and happens with dbmail-imapd too from time to time in fact similar things are happening for sure with Apple Mail and i would say in the one or another form it affects all clients with local caches which had to deal with connection troubles, program crashes or power outages at the wrong moment and my expierience shows that folders/accounts with a desktop MUA, 2 smartphones and a tablet are more likely affected repair folder rebuilds the .msf file once per year i stop TB and remove all .msf files from my profile interesting what like unfinished drafts and such things sometime appear :-) signature.asc Description: OpenPGP digital signature
Backtrace io_add(0x1) called twice fd= (was Exit status code 134; what is it, in the context of Dovecot Antispam plug-in?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 7 Aug 2014, Ben Johnson wrote: On 8/7/2014 11:14 AM, Steffen Kaiser wrote: one idea: http://www.tldp.org/LDP/abs/html/exitcodes.html exit code 134 would be in bash's meaning (if this website is correct all) some program died off signal 6. This would be Abort in Linux. prepend your script with exec /tmp/trace 21 set -vx that will dump anything visible into /tmp/trace - -- Steffen Kaiser Thank you for your continued assistance, Steffen. You seem to be exactly correct with the Abort signal. I prepended the values you suggested to the pipe script and here's the relevant output: + /usr/lib/dovecot/deliver -d sa-train...@example.com -m Training.SPAM ^A^H5584 prefix=lda: ^A^F5584 io_add(0x1) called twice fd=7, callback=0x7f23489fb6f0 - 0x7f23489aa530 Unfortunately the only spot found is: http://dovecot.org/pipermail/dovecot/2012-May/135636.html Is it the same fd=# always? Is it already open in your script? You could check with lsof -p $$ However, you should check if Dovecot v2.2.13 already fixes the problem. ^A^D5584 Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x5e271) [0x7f23489e9271] - /usr/lib/dovecot/libdovecot.so.0(+0x5e34e) [0x7f23489e934e] - /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f23489a4a9e] - /usr/lib/dovecot/libdovecot.so.0(ioloop_iolist_add+0x83) [0x7f23489f9533] - /usr/lib/dovecot/libdovecot.so.0(io_loop_handle_add+0x3b) [0x7f23489f9cbb] - /usr/lib/dovecot/libdovecot.so.0(io_add+0x9b) [0x7f23489f89fb] - /usr/lib/dovecot/libdovecot.so.0(master_service_io_listeners_add+0x69) [0x7f23489a9e49] - /usr/lib/dovecot/libdovecot.so.0(master_service_init_finish+0xb0) [0x7f23489a9f90] - /usr/lib/dovecot/deliver(main+0x1cb) [0x7f234939269b] - /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f23485e6ec5] - /usr/lib/dovecot/deliver(+0x31de) [0x7f23493931de] /usr/local/bin/sa-learn-pipe.sh: line 52: 5584 Aborted (core dumped) /usr/lib/dovecot/deliver -d sa-train...@example.com -m Training.$mode + echo 'Exit status was 134' Does this tell us anything more? I don't see any indication that apparmor is at play, as there is no profile that should apply in this context (and there is nothing in the relevant log file): # service apparmor status apparmor module is loaded. 8 profiles are loaded. 8 profiles are in enforce mode. /sbin/dhclient /usr/bin/freshclam /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/connman/scripts/dhclient-script /usr/sbin/clamd /usr/sbin/mysqld /usr/sbin/ntpd /usr/sbin/tcpdump 0 profiles are in complain mode. 4 processes have profiles defined. 4 processes are in enforce mode. /usr/bin/freshclam (2015) /usr/sbin/clamd (1897) /usr/sbin/mysqld (1239) /usr/sbin/ntpd (2472) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. I'll try to reproduce this on an identically-configured server. I wonder if it would be worth changing the version of Dovecot. But I hate to play whack-a-mole if a more systematic approach is to be had. Thanks again, -Ben - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU+SMkXz1H7kL/d9rAQL7owf/UoNtkoN02JU/1ODYJCaccrpZFTaW1L98 hUPs40eAkh7XsCCe8ymBlG8PzTushkDlqW1EGY2JP3qr5wFV9ACG9ga1Z2oik7CE R3ELjcB6z4D7j2gIHbSGeF+rAIwP2I8K4tVwd4bfVDm2nv+8fAC2OFo4osark1Z9 +3szhhwYIdlon3droAKkUarppXLX9AiYRHHrIpd3ITI55r1x3D6Ni8ClTmyIqKk2 fuKvrFCzU+OIkBegguLfHjhtU6iG4t6RWgb6X77YfnfNy4jHcbeHc9j0dKL4/bP8 Cy5ro1twUcqtC7qQY2kdI3Ka59+dGFhoewFczEsZ8cVOb+ivpv2MiQ== =VORN -END PGP SIGNATURE-
Re: Re: Exit status code 134; what is it, in the context of Dovecot Antispam plug-in?
On -10.01.-28163 20:59, Ben Johnson wrote: I have ensured that the pipe script is, in fact, being executed as the vmail user, by inserting the following into my debug output: CURRENT_USER=$(whoami) echo $CURRENT_USER This outputs vmail. FWIW, if a problem with identities and permissions is still a possibility, you should have a look at primary and secondary groups (e.g., output of id command) as well. And maybe also the data reported by umask, secon --self, ... Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/: Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/ Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel
Re: postfix-dovecot via lmtp
On Monday, August 04, 2014 12:14:44 PM Reindl Harald wrote:
I've been trying for some days to get postfix + dovecot + pigeonhole/sieve
working on a CentOS-7 home server.
I think I may have detected the problem; I read in /var/log/maillog
Aug 4 11:29:13 alfred postfix/lmtp[14871]: 9C04C220A99:
to=t...@localhost.gayleard.eu, orig_to=tim@localhost,
relay=alfred.gayleard.eu[private/dovecot-lmtp], delay=971,
delays=971/0.03/0.02/0.1, dsn=4.3.0, status=deferred
(host alfred.gayleard.eu[private/dovecot-lmtp] said: 451 4.3.0
t...@localhost.gayleard.eu Internal error occurred.
Refer to server log for more information. (in reply to RCPT TO
command))
Refer to server log for more information comes from dovecot lmtpd
so look there and post the output of doveconf -n
Thanks very much for your response.
The only output in /var/log/dovecot (where I send dovecot logs) is
--
Aug 04 11:29:13 lmtp(14872): Debug: none: root=, index=, indexpvt=, control=,
inbox=, alt=
Aug 04 11:29:13 lmtp(14872): Info: Connect from local
Aug 04 11:29:13 lmtp(14872): Debug: auth input:
Aug 04 11:29:13 lmtp(14872): Info: Disconnect from local: Successful quit
--
The output of doveconf -n is
--
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-123.4.4.el7.x86_64 x86_64 CentOS Linux release 7.0.1406
(Core)
debug_log_path = /var/log/dovecot
info_log_path = /var/log/dovecot
listen = *
log_path = /var/log/dovecot
login_trusted_networks = 192.168.2.0/24
mail_debug = yes
mail_gid = 1000
mail_location = maildir:~/Maildir
mail_uid = 1000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = ~/.sieve/dovecot.sieve
sieve_dir = ~/.sieve
}
protocols = imap pop3 lmtp sieve
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0777
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl = required
ssl_cert = /etc/pki/dovecot/certs/dovecot.pem
ssl_key = /etc/pki/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
protocol lmtp {
mail_plugins = sieve
}
protocol lda {
mail_plugins = sieve
}
protocol sieve {
managesieve_notify_capability = fileinto reject envelope environment mailbox
date
}
--
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin 2, Ireland
signature.asc
Description: This is a digitally signed message part.
Re: postfix-dovecot via lmtp
sod off dictator who the fuck do you think you are to tell people how to post
On 8/4/14, Reindl Harald h.rei...@thelounge.net wrote:
STOP to post HTML and convert even plaintext messages
Am 04.08.2014 um 12:50 schrieb Timothy Murphy:
On Monday, August 04, 2014 12:14:44 PM Reindl Harald wrote:
I read in /var/log/maillog
Aug 4 11:29:13 alfred postfix/lmtp[14871]: 9C04C220A99:
to=t...@localhost.gayleard.eu, orig_to=tim@localhost,
relay=alfred.gayleard.eu[private/dovecot-lmtp], delay=971,
delays=971/0.03/0.02/0.1, dsn=4.3.0, status=deferred
(host alfred.gayleard.eu[private/dovecot-lmtp] said: 451 4.3.0
t...@localhost.gayleard.eu Internal error occurred.
Refer to server log for more information. (in reply to RCPT TO
command))
Refer to server log for more information comes from dovecot lmtpd
so look there and post the output of doveconf -n
Thanks very much for your response.
The only information in /var/log/dovecot
(where I send dovecot debug and info logs) is
Aug 04 11:29:13 lmtp(14872):
Debug: none: root=, index=, indexpvt=, control=, inbox=, alt=
Aug 04 11:29:13 lmtp(14872):
Info: Connect from local
Aug 04 11:29:13 lmtp(14872):
Debug: auth input:
Aug 04 11:29:13 lmtp(14872):
Info: Disconnect from local: Successful quit
The output of doveconf -n is
-
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-123.4.4.el7.x86_64 x86_64 CentOS Linux release 7.0.1406
(Core)
debug_log_path = /var/log/dovecot
info_log_path = /var/log/dovecot
listen = *
log_path = /var/log/dovecot
login_trusted_networks = 192.168.2.0/24
mail_debug = yes
mail_gid = 1000
mail_location = maildir:~/Maildir
mail_uid = 1000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date
ihave
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = ~/.sieve/dovecot.sieve
sieve_dir = ~/.sieve
}
protocols = imap pop3 lmtp sieve
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0777
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl = required
ssl_cert = /etc/pki/dovecot/certs/dovecot.pem
ssl_key = /etc/pki/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
protocol lmtp {
mail_plugins = sieve
}
protocol lda {
mail_plugins = sieve
}
protocol sieve {
managesieve_notify_capability = fileinto reject envelope environment
mailbox date
}
-
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin 2, Ireland
Re: postfix-dovecot via lmtp
On 8.8.2014 12:08, Nick Edwards wrote: sod off dictator who the fuck do you think you are to tell people how to post A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Posting HTML e-mails to mailing lists is also generally considered bad etiquette. So is calling ppl names by the way.
Re: postfix-dovecot via lmtp
On Friday, August 08, 2014 12:27:17 PM Jiri Bourek wrote: On 8.8.2014 12:08, Nick Edwards wrote: sod off dictator who the fuck do you think you are to tell people how to post Posting HTML e-mails to mailing lists is also generally considered bad etiquette. So is calling ppl names by the way. As the OP who received this message from Reindl I must say I had no objection to it - the post was rejected by the mailing list as it was too long, because it contained a huge amount of (pointless) HTML code. I did not mean to use HTML, and it sent me on an exploration to find why this was occurring. (I found in the end there was an obscure setting in the mail client - KMail - that I was using.) But Reindl has been very helpful to me on several occasions, and his occasional acerbity is well worth the price. In my experience he always gets to the bottom of a problem, and gives precise instructions for solving it, while many, perhaps most, posters give vague or ambiguous replies. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland
Re: Backtrace io_add(0x1) called twice fd= (was Exit status code 134; what is it, in the context of Dovecot Antispam plug-in?)
On 8/8/2014 4:38 AM, Steffen Kaiser wrote: On Thu, 7 Aug 2014, Ben Johnson wrote: On 8/7/2014 11:14 AM, Steffen Kaiser wrote: one idea: http://www.tldp.org/LDP/abs/html/exitcodes.html exit code 134 would be in bash's meaning (if this website is correct all) some program died off signal 6. This would be Abort in Linux. prepend your script with exec /tmp/trace 21 set -vx that will dump anything visible into /tmp/trace - -- Steffen Kaiser Thank you for your continued assistance, Steffen. You seem to be exactly correct with the Abort signal. I prepended the values you suggested to the pipe script and here's the relevant output: + /usr/lib/dovecot/deliver -d sa-train...@example.com -m Training.SPAM ^A^H5584 prefix=lda: ^A^F5584 io_add(0x1) called twice fd=7, callback=0x7f23489fb6f0 - 0x7f23489aa530 Unfortunately the only spot found is: http://dovecot.org/pipermail/dovecot/2012-May/135636.html Is it the same fd=# always? Is it already open in your script? You could check with lsof -p $$ However, you should check if Dovecot v2.2.13 already fixes the problem. -- Steffen Kaiser So, I upgraded to Dovecot 2.2.13, and had to build the antispam plugin from source (because my distro doesn't provide pre-built binary packages for antispam that meet the dependency requirements for the Dovecot 2.2.13 packages that reside at http://xi.rename-it.nl/debian/). The make script complained that dovecot-config could not be found. Well, from what I can determine, there is no file by this name in /usr/lib/dovecot/; the file name appears to be config (not dovecot-config). I created a symlink for the name that antispam was expecting and the build process succeeded. Not sure if there was a better way to deal with that, but it seemed to work, and everything seems to be up-and-running at this point. Also, unless I'm mistaken, the pipe back-end for antispam has disappeared; I'm using mailtrain instead, which seems to work the same way. Unfortunately, despite the valiant effort, the behavior is exactly the same; still seeing exit code status 134 whenever the antispam plugin fires. :( And yes, Steffen, the fd=7 is always present and the same. Dovecot tries to be admin-friendly. Common error messages are made as easily understandable as possible. Any crash, no matter how it happened, is considered a bug that will be fixed. Have we reached this point yet? Happy to try any other suggestions... Thanks! -Ben
Throttling pop3-login connections
Hi, I have a fedora20 system with dovecot-2.2.13 running various services, including pop3. I'm noticing some users are frequently hamming pop3, and wondered if this was normal, or something I should be investigating? Aug 8 14:05:20 email dovecot: pop3-login: Login: user=user1, method=PLAIN, rip=97.77.115.121, lip=192.168.1.1, mpid=30509, session=DnRtDCIAUQBhTXN5 Aug 8 14:05:21 email dovecot: pop3(user1): Disconnected: Logged out top=0/0, retr=0/0, del=0/15, size=5693601 So it is immediately followed by a logout, but when there are 50 of them successively in a five minute period, I wondered if it is creating unnecessary overhead on the system? I suppose this most likely is how they have their email client configured, but wondered if some throttling would be necessary? Any advice would be most appreciated. Thanks, Alex
Re: Throttling pop3-login connections
On Friday 08 August 2014 14:11:21 Alex did opine And Gene did reply: Hi, I have a fedora20 system with dovecot-2.2.13 running various services, including pop3. I'm noticing some users are frequently hamming pop3, and wondered if this was normal, or something I should be investigating? Aug 8 14:05:20 email dovecot: pop3-login: Login: user=user1, method=PLAIN, rip=97.77.115.121, lip=192.168.1.1, mpid=30509, session=DnRtDCIAUQBhTXN5 Aug 8 14:05:21 email dovecot: pop3(user1): Disconnected: Logged out top=0/0, retr=0/0, del=0/15, size=5693601 So it is immediately followed by a logout, but when there are 50 of them successively in a five minute period, I wondered if it is creating unnecessary overhead on the system? I suppose this most likely is how they have their email client configured, but wondered if some throttling would be necessary? Any advice would be most appreciated. Thanks, Alex Depends on how they are accessing it. I use fetchmail here, without any working imap (so I am still a lurker trying to figure out this imap thing), and I have fetchmail set to scan each of 3 ISP accounts, sleeping 3 minutes after the scan is complete before starting the next scan. No ISP has complained in the about 8 years I have been doing it 24/7/365.25 Anybody hitting it at a noticeably higher rate should be encouraged to reconfigure their agent for a friendlier scan interval. If that doesn't work, I'd study up on tar pitting. Many email agents are essentially locked for the user while they scan for new mail, so I'm reasonably sure that would get their attention. I just noticed the rip address and the local address aren't even in the same network block, that would make me check your network as NO 192.168.xx.xx address is supposed to be accessible from a world wide address beyond your router unless you've enabled a port forward rule in the router. That would make me get out the scanner (I use the clamav kit here) looking for evidence of a powned machine. Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS
Re: Throttling pop3-login connections
Am 08.08.2014 um 22:40 schrieb Gene Heskett: On Friday 08 August 2014 14:11:21 Alex did opine I have a fedora20 system with dovecot-2.2.13 running various services, including pop3. I'm noticing some users are frequently hamming pop3, and wondered if this was normal, or something I should be investigating? Aug 8 14:05:20 email dovecot: pop3-login: Login: user=user1, method=PLAIN, rip=97.77.115.121, lip=192.168.1.1, mpid=30509, session=DnRtDCIAUQBhTXN5 Aug 8 14:05:21 email dovecot: pop3(user1): Disconnected: Logged out top=0/0, retr=0/0, del=0/15, size=5693601 i would ask the user to change at least to 3 minutes instead 1 44000 loglines per month and user is a lot if everybody would do that I just noticed the rip address and the local address aren't even in the same network block, that would make me check your network as NO 192.168.xx.xx address is supposed to be accessible from a world wide address beyond your router unless you've enabled a port forward rule in the router that's why it is the *local* IP just normal in any case of proxying signature.asc Description: OpenPGP digital signature
Re: Throttling pop3-login connections
Hi, Depends on how they are accessing it. I use fetchmail here, without any working imap (so I am still a lurker trying to figure out this imap thing), and I have fetchmail set to scan each of 3 ISP accounts, sleeping 3 minutes after the scan is complete before starting the next scan. No ISP has complained in the about 8 years I have been doing it 24/7/365.25 Anybody hitting it at a noticeably higher rate should be encouraged to reconfigure their agent for a friendlier scan interval. If that doesn't work, I'd study up on tar pitting. Many email agents are essentially locked for the user while they scan for new mail, so I'm reasonably sure that would get their attention. Okay, that makes sense, and is in line with what I was also thinking. This is like 30 concurrent requests, then nothing for a minute or two, then another 30 concurrent requests. I just noticed the rip address and the local address aren't even in the same network block, that would make me check your network as NO 192.168.xx.xx address is supposed to be accessible from a world wide address beyond your router unless you've enabled a port forward rule in the router. My apologies; this was my attempt at not disclosing the network range. It's a public range, with legitimate users accessing it from around the world. Reindl Harald wrote: i would ask the user to change at least to 3 minutes instead 1 44000 loglines per month and user is a lot if everybody would do that We're in the process of updating the user docs, so we'll add this to it. Thanks so much. Alex
Re: Sieve filter extracting wrong header value on certain mail messages
On 8/6/2014 5:56 PM, gowen (dovecot) wrote: # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 3.15.4-x86_64-linode45 x86_64 openSUSE 12.3 (x86_64) Short version: 1) I filter out spam by using a dovecot sieve filter to act based on a header inserted by bogofilter 2) In some cases, sieve fails to correctly file based on this header 3) Testing with sieve-test indicates that it's testing the wrong header 4) Suggestions? Am I doing something wrong? Is there a problem with these headers that bends test-sieve out of shape? 5) Test files from below are also available via http://www.swynwyr.com/sieve-test/ This looks like a Dovecot bug. We're working on this one. Regards, Stephan.
Re: Sieve filter extracting wrong header value on certain mail messages
On 2014-08-08 21:43, Stephan Bosch wrote: On 8/6/2014 5:56 PM, gowen (dovecot) wrote: Short version: 1) I filter out spam by using a dovecot sieve filter to act based on a header inserted by bogofilter 2) In some cases, sieve fails to correctly file based on this header 3) Testing with sieve-test indicates that it's testing the wrong header This looks like a Dovecot bug. We're working on this one. I'd be happy to help debug it if you can suggest to me how to compile so that I end up with a libdovecot-sieve that has debugging symbols in it. I've downloaded and built dovecot-2.2.13 and dovecot-2.2-pigeonhole-0.4.3, and I can get most of sieve-test built with -g so that I can run it through gdb and have insight, but I can't seem to get that library built with symbols and the interesting stuff (I'm starting with sieve-message.c) is in the library. Thanks, gowen
