Re: Moving from one Dovecot server to another Dovecot server
Quoting Jiri Bourek bou...@thinline.cz: On 27.8.2014 15:25, Michael wrote: Quoting Philipp Faeustlin philipp.faeust...@uni-hohenheim.de: Am 27.08.2014 um 14:52 schrieb Michael: I've already been aware of this web site. I saw that they offer only packages for Ubuntu 12.04. I'm Using Ubuntu 14.04. I know that often it's not a problem to take packages from another version. But I'm not sure if there are some conflicts to be expected. So I wrote an e-mail to the contact but did not get an answer yet. Do you have any information if this repo can also be used on Ubuntu 14.04 without problems? No I haven't, but I think it is better to have the latest version of Dovecot, especially with Ubuntu because not long ago I found this: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3430.html I'm not sure how to judge this message but it doesn't sounds very good. You are right. According to [1] it doesn't look to be fixed in the most recent package provided by Ubuntu. It is fixed in version 2.2.13~rc1-1 which is not available for Ubuntu. I thought security issues will be fixed ASAP by the maintainer... [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747549 Michael Both Debian and Ubuntu usually stay on specific version of the software in their stable branches and only backport fixes, mostly security related ones. The package you are looking for in Ubuntu is 1:2.2.9-1ubuntu2.1 . See changelog for that package - http://changelogs.ubuntu.com/changelogs/binary/d/dovecot-core/1:2.2.9-1ubuntu2.1/changelog . According to this CVE-2014-3430 was fixed in may. In Debian it's 1:2.1.7-7+deb7u1 , fixed in june Good to see that they fixed it within 5 days. Thanks for the URL. Michael
Dovecot Enterprize repository access
Hello all, in regards to the Enterprise repository access : 1. There's no version of v7.x for CentOS 2. There's no download section anywhere Any ideas ? s.
Re: Dovecot Enterprize repository access
Hello On 08/28/2014 02:35 PM, Spyros Tsiolis wrote: in regards to the Enterprise repository access : 1. There's no version of v7.x for CentOS There are indeed not yet CentOS 7 nor Ubuntu 14.04 packages available. Work on those builds is ongoing, but I can not say when they will be officially supported. 2. There's no download section anywhere There should be some instructions visible on the Download tab of the http://shop.dovecot.fi/home/8-dovecot-ee-repository-access.html item. Basically, the repository access requires going through the purchase process, to obtain the access credentials. br, Teemu Huovila
Re: Fatal: master: service(imap): child 28145 killed with signal 11 (core dumped) -- started happening after upgrade last night
On 8/20/2014 5:37 AM, Timo Sirainen wrote: On 18 Aug 2014, at 17:30, Ben Johnson b...@indietorrent.org wrote: Ironically, the very reason for which I replaced my distro's source repos with deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2 main deb-src http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2 main These are just nightly builds and there's a good chance they break randomly. Maybe the problem in your case is that the antispam plugin just wasn't recompiled after some changes that required recompiling. I'm not sure. In any case a better working repository is here: http://shop.dovecot.fi/home/8-dovecot-ee-repository-access.html (It's free even though it still says $99 in the main page. Everyone's too busy to bother changing the web.) Thank you for the clarification, Timo. I was able to get the repository access squared-away via the Dovecot store. The price does in fact reflect $0, so, somebody took the initiative to correct that recently. :) When I start dovecot, there is a mismatch between ABI versions when the plugin is loaded: Aug 27 09:22:11 local dovecot: imap: Error: Module is for different ABI version 2.2.ABIv13.2(2.2.13) (we have 2.2.ABIv13(2.2.13.8)): /usr/lib/dovecot/modules/lib90_antispam_plugin.so Aug 27 09:22:11 local dovecot: imap: Fatal: Couldn't load required plugins In retrospect, this is probably what has been happening all along (with dovecot-deliver exiting with code 134); previously, I failed to notice the message about the ABI mismatch immediately after Dovecot is started. Does this mean that the plugin source code has not been updated to function with dovecot-2.2.13.8? If so, would I need to downgrade the dovecot version to 2.2.13 for the plugin to work? Or should this message be interpreted in some other way? For the sake of thoroughness, and to ensure that I didn't botch the procedure in any way, I have included at the bottom of this message the exact steps that I took. Thank you for any help, -Ben 1.) Added to /etc/apt/sources.list: deb https://user:p...@apt.dovecot.fi/ubuntu/precise/2.2 precise main 2.) Installed dovecot from EE package repository: # apt-get remove dovecot # apt-get update # apt-get install dovecot-ee-core dovecot-ee-imapd dovecot-ee-pop3d dovecot-ee-sieve dovecot-ee-managesieved dovecot-ee-mysql dovecot-ee-dbg dovecot-ee-dev 3.) Checked-out latest Antispam plugin source: # hg clone http://hg.dovecot.org/dovecot-antispam-plugin 4.) Built and installed plugin: # cd dovecot-antispam-plugin # sh ./autogen.sh *info* running aclocal (-I m4) *info* running autoheader *info* running autoconf # ./configure --with-dovecot=/usr/lib/dovecot checking for tput... /usr/bin/tput checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking whether we need an implib... no checking for shared library system... GNU checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking how to run the C preprocessor... gcc -E checking whether ln -s works... yes checking for a BSD-compatible install... /usr/bin/install -c checking for /usr/lib/dovecot/dovecot-config... /usr/lib/dovecot/dovecot-config checking whether OS supports plugin dependencies... yes checking for dovecot tree type... installed configure: touching .deps files configure: creating ./config.status config.status: creating buildsys.mk config.status: creating extra.mk config.status: creating config.h # make Entering directory src. Successfully compiled antispam-plugin.c (plugin). Successfully compiled aux.c (plugin). Successfully compiled backends.c (plugin). crm114.c: In function ‘call_reaver’: crm114.c:73:7: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result] write(pipes[1], signature_hdr, strlen(signature_hdr)); ^ crm114.c:74:7: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result] write(pipes[1], : , 2); ^ crm114.c:75:7: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result] write(pipes[1], signature, strlen(signature)); ^ crm114.c:76:7: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result] write(pipes[1], \r\n\r\n, 4); ^ Successfully compiled crm114.c (plugin). Successfully compiled dspam.c (plugin). Successfully compiled mailbox.c (plugin). Successfully compiled mailtrain.c (plugin). Successfully compiled signature-log.c (plugin). Successfully compiled signature.c (plugin). Successfully compiled spool2dir.c (plugin).
POP/IMAP HA solution for 5k users
Hello, I want to build simple, cheap HA solution for 5000 users with postfix/dovecot. Each user will have 1.3 GB mailbox (maildir) storage quota. All of the users will use POP and also plus half of them will use IMAP from smart phones. Sometimes they will hit webmail (squirrelmail). I plan that every user will send 20 and receive 20 mails per day. I have 3 locations, but electricity are not very stable there. We have outages for couple of hours 3-4 times per year. So I plan distribute all servers (it's more like good PC's) across locations. I'm very tied on budget also. Or maybe I could say I don't have it and I'm forced to use hardware equipment which is given. We are talking about quite pour HA solution here. Don't judge me please. I start to plan architecture and I would be very thankful for all your thoughts. I'm not expert in this area, but I need to learn, fire up email system and manage it. I will have SMTP server (smtp.example.com) which will filter mail with Clam, Spamassasin, Greylisting and forward emails to IMAP/ POP3/webmail server (mail.example.com). Mail.example.com will sync all user and mail changes to the third server mail2.example.com. Mail2.example.com server is just stand by, hot backup server in cases if main mail server or smtp will not be reachable. Locations of servers are in different cities: Locations #1 - SMTP servers as virtual machines (vmware server or virtualbox), with CPU i3, 6GB RAM, SSD, Centos 6, Virtualmin Location #2 - Dovecot/webmail server: CPU i5, 16GB RAM, HDD 1SSD for OS/dovecot indexes and SATA 2TBx4 LVM (total 8TB) for Maildir's, Centos 6, Virtualmin Location #3 HOT BACKUP (always online) server in case of mail.example.com or smtp.example.com failure, electricity outage and etc. It contains Dovecot/webmail server: CPU i3, 8GB RAM, HDD 1SSD for OS/dovecot indexes and SATA 2x4TB LVM (total 8TB), Centos 6, Virtualmin DNS configuration (and location number): IN MX 10 smpt.example.com. (#1) IN MX 20 mail.example.com. (#2) IN MX 30 mail2.example.com. (#3) smtp IN A aa.aa.aa.aa mail IN A bb.bb.bb.bb mail2 IN A cc.cc.cc.cc So I need to solve SMTP, POP, IMAP high availability tasks. SMTP I think will be ok for external users. SMTP feature has all three servers. If smtp.example.com server is offline mail is sent to mail.example.com If mail.example.com is offline, then mail is sent to mail2.example.com If mail2.example.com is offline, the senders SMTP server will hold an email in a queue by default for 3 days (in most cases) and will try to deliver in some intervals. Local (users of domain example.com) SMTP/POP/IMAP users will have problems, because their domain server will be dead. This means that connections from user MTA agents (outlook POP) could not be delivered because DNS A type record pointing to a degraded server. When problem with server mail.example.com (POP/IMAP/webmail) connectivity will happen, I think to login to DNS server and point record (A type) to a working server. So if server in location #2 mail.example.com is dead, I will change mail IN A bb.bb.bb.bb cc.cc.cc.cc The same with the server smtp.example.com. If it's down, I will change mail IN A aa.aa.aa.aa cc.cc.cc.cc I know that this method is not perfect because of ISP DNS caching around the globe, but this the only option I have. Most of my users use ISP that refresh DNS in a period of 30 minutes so it won't be very terrible to half of hour to wait for the connection. My questions: 1. Is this infrastructure is ok for 5000 users? If you think it's not, please write how many users it will serve normally? Or maybe I it could handle and 10 000 users load? 2. Is the logic of all setup is right in such situation like mine? What other problems could arise? 3. I prefer to create users from one server. So the LDAP option is the best for me? In case of LDAP it will be on server #2 and I need to replicate it to #3. Is it rigth? Then server #2 will be offline does #3 LDAP will take place? Or should I better use batch command to create user in each server per single command? Actually I do not want to manage and LDAP as extra service. I don't have experience with it. 4. The main problem is to synchronize maildir of POP/IMAP/webmail servers. Because of distance I do not want to use DRBD. It's not suitable for WAN connections. GlusterFS seems an option but.. I saw on internet users also having problems with it performance. Sometimes gluster hang and all cluster must be restarted. Maybe I can sync /home with gluster where maildir resides, but we need to take care of dovecot index and control files synchronization also. The performance of retrieving index'es by several thousands users every 2-5 minutes must be excellent. The only option I found is Dovecot Dsync (or newer Doveadm) command. I made initial tests on two servers, but only to get work with SSH command. The method using TCP connection doesn't work for me. So
Dovecot Master User
Hi, I'm trying to use imapsync to migrate my accounts and mailbox (mbox) of an server A (Postfix + Dovecot) to a Server B (Zimbra), without having to change user passwords on the server A, using a master user account. I'm using this paper http://wiki2.dovecot.org/Authentication/MasterUsers as guidance. The Dovecot server A, is not letting me authenticate. Follow the testing and debug below: Testing: # telnet ip_address 8143 Trying ip_address... Connected to ip_address. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a login mailadm*masteruser masterpass a NO [AUTHENTICATIONFAILED] Authentication failed. b logout * BYE Logging out b OK Logout completed. Connection closed by foreign host. Debug: /var/log/maillog: Aug 28 10:29:51 centosVM dovecot: master: Dovecot v2.0.9 starting up (core dumps disabled) Aug 28 10:30:02 centosVM dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Aug 28 10:30:02 centosVM dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Aug 28 10:30:02 centosVM dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Aug 28 10:30:02 centosVM dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Aug 28 10:30:02 centosVM dovecot: auth: Debug: passwd-file /etc/dovecot/passwd.masterusers: Read 1 users Aug 28 10:30:02 centosVM dovecot: auth: Debug: auth client connected (pid=4693) Aug 28 10:30:27 centosVM dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011lip=10.0.2.15#011rip=10.0.2.2#011lport=143#011rport=59847#011resp=hidden Aug 28 10:30:27 centosVM dovecot: auth: Debug: auth(masteruser,10.0.2.2,master): Master user lookup for login: mailadm Aug 28 10:30:27 centosVM dovecot: auth: Debug: passwd-file(masteruser,10.0.2.2,master): lookup: user=masteruser file=/etc/dovecot/passwd.masterusers Aug 28 10:30:27 centosVM dovecot: auth: passwd-file(masteruser,10.0.2.2,master): unknown user Aug 28 10:30:29 centosVM dovecot: auth: Debug: client out: FAIL#0111#011user=masteruser What can be happening? Thanks, Clóvis -- Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola Administrador de Redes - Secao de Informatica (SINFO) E-mail: clo...@feagri.unicamp.br http://www.feagri.unicamp.br MSN: clovis_trista...@hotmail.com Fone: 55(19) 35211031-35211038-35211047-91173116
About Dovecot cluster and filesystems...
Hi all! Does dovecot cluster (with Proxy/Director) work only distributed filesystems (like NFS) ? Is Dovecot-replication + Ext4 recommended for production environments? Thanks! -- Thiago Henrique
Re: Dovecot Enterprize repository access
Hi I'm using Enterprise repository for centos 6 and works perfectly but upgrading packages there is not changelog or other info I don't have idea what's changed on every update Can you post somewhere changelog info or include in rpms? thank you On Thu, 28 Aug 2014 14:43:33 +0300, Teemu Huovila wrote: Hello On 08/28/2014 02:35 PM, Spyros Tsiolis wrote: in regards to the Enterprise repository access : 1. There's no version of v7.x for CentOS There are indeed not yet CentOS 7 nor Ubuntu 14.04 packages available. Work on those builds is ongoing, but I can not say when they will be officially supported. 2. There's no download section anywhere There should be some instructions visible on the Download tab of the http://shop.dovecot.fi/home/8-dovecot-ee-repository-access.html item. Basically, the repository access requires going through the purchase process, to obtain the access credentials. br, Teemu Huovila
Postfix + dovecot setup
I'm trying to clarify the various ways in which I could set up Postfix + Dovecot + SpamAssassin under CentOS-7, and I'd welcome any comments on the following remarks. As far as I can see there are 3 standard ways of setting this up: 1. Use amavisd 2. Use dovecot + pigeonhole/sieve 3. Use spamass-milter At present I'm following (2), but am thinking of going over to (1), since this seems simpler. (Amavisd wasn't available when I set up CentOS-7, so I didn't consider it then.) It seems to me that (2) is using dovecot in a slightly odd way, since as far as I can see dovecot normally takes email from ~/Maildir/cur/ and then moves marked spam. I'm not quite sure if (3) is a genuine alternative, or if it is why it is not the standard? -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland
Re: Postfix + dovecot setup
Am 29.08.2014 um 01:33 schrieb Timothy Murphy: I'm trying to clarify the various ways in which I could set up Postfix + Dovecot + SpamAssassin under CentOS-7, and I'd welcome any comments on the following remarks. As far as I can see there are 3 standard ways of setting this up: 1. Use amavisd 2. Use dovecot + pigeonhole/sieve 3. Use spamass-milter At present I'm following (2), but am thinking of going over to (1), since this seems simpler. (Amavisd wasn't available when I set up CentOS-7, so I didn't consider it then.) It seems to me that (2) is using dovecot in a slightly odd way, since as far as I can see dovecot normally takes email from ~/Maildir/cur/ and then moves marked spam. not dovecot related - it's a matter of reject or accept spam you are talking about spam filtering and forgot to mention that in the subject - in general dovecot should not have to deal with the topic spam filer because it should not see it at all I'm not quite sure if (3) is a genuine alternative, or if it is why it is not the standard? define standard - but amavis or spamass-milter are not topic of your subject - in general if you service mail for others you need to reject spam or have to deliver it and so you need a before-queue or become backcatter if you drop it after accept the drawback of a milter is that filtering happens while the dilvering client is still connected and you have limited ressources in most cases with a well configured postscreen and RBL scroing that should not be a problem until you have a really lot incoming legit mail flow signature.asc Description: OpenPGP digital signature
Re: Postfix + dovecot setup
TM I'm trying to clarify the various ways in which I could set up TM Postfix + Dovecot + SpamAssassin under CentOS-7, TM and I'd welcome any comments on the following remarks. TM As far as I can see there are 3 standard ways of setting this up: TM 1. Use amavisd TM 2. Use dovecot + pigeonhole/sieve TM 3. Use spamass-milter TM At present I'm following (2), but am thinking of going over to (1), TM since this seems simpler. TM (Amavisd wasn't available when I set up CentOS-7, so I didn't consider it TM then.) TM It seems to me that (2) is using dovecot in a slightly odd way, TM since as far as I can see dovecot normally takes email from ~/Maildir/cur/ TM and then moves marked spam. TM I'm not quite sure if (3) is a genuine alternative, TM or if it is why it is not the standard? --- spampd [I'm doing it under Ubuntu, but used to do it under RHEL] spdmpd is a pre-accept daemon that processes for SA - where you can simply reject mail with SA scores higher than X, instead of simply tagging them as spam. Typical is: Score above 10, reject before MTA acceptance. Score from 5-10, tag as spam, but accept for delivery. --- However, I'm working on moving to amavisd instead of spampd. But it's almost no extra work to use spampd vs SA alone and amavisd seems like more work than spampd. [It's certainly more complex.] YMMV. -Greg
