Re: dovecot-lmtp
On 07/01/2015 02:28 PM, Steven Hopps wrote: Hi, I'm trying to use dovecot-lmtp so that I can filter messages with sieve, however it doesn't appear to be working. I followed the instructions on wiki2.dovecot.org. I'm running Debian Wheezy. I've got runit configured to execute postfix and dovecot, which may be the source of the problem (runit executes /usr/sbin/dovecot -F). I've got mail_debug turned on and there is nothing in the mail log about lmtp. Any help would be appreciated. `postconf virtual_transport mailbox_transport`? `doveconf -n`? Regards, Pascal -- The trapper recommends today: c01dcafe.1518...@localdomain.org
Re: dovecot-lmtp
I tried copying virtual_transport to mailbox_transport and started
receiving user unknown and no such user errors. Current configuration
output follows:
virtual_transport = lmtp:unix:private/dovecot-lmtp
mailbox_transport =
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8
auth_mechanisms = plain login
mail_debug = yes
mail_location = maildir:~/Maildir
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = file:~/sieve;active=~/Maildir/filters.sieve
}
protocols = lmtp imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
user = postfix
}
}
ssl_cert = /etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key = /etc/ssl/private/ssl-cert-snakeoil.key
userdb {
driver = passwd
}
protocol lmtp {
hostname = domain.com
mail_plugins = sieve
postmaster_address = postmas...@domain.com
}
Steven Hopps || sho...@pridetechdesign.com
424-888-0443 || http://www.pridetechdesign.com
= Ask about my Security Tune-Up 24/7 Server Monitoring! =
On 7/1/2015 12:17, Pascal Volk wrote:
On 07/01/2015 02:28 PM, Steven Hopps wrote:
Hi, I'm trying to use dovecot-lmtp so that I can filter messages with
sieve, however it doesn't appear to be working.
I followed the instructions on wiki2.dovecot.org. I'm running Debian
Wheezy. I've got runit configured to execute postfix and dovecot, which
may be the source of the problem (runit executes /usr/sbin/dovecot -F).
I've got mail_debug turned on and there is nothing in the mail log about
lmtp.
Any help would be appreciated.
`postconf virtual_transport mailbox_transport`?
`doveconf -n`?
Regards,
Pascal
Re: Dovecot deleting files and directories
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 1 Jul 2015, Jan Ekholm wrote:
The log file is not really too informative, mostly lines of this form:
Jul 01 14:00:36 imap(operators-east@east.domain.x): Debug: Namespace :
/opt/mail/operators-east doesn't exist yet, using default permissions
Jul 01 14:00:36 imap(operators-east@east.domain.x): Debug: Namespace :
/opt/mail/operators-east doesn't exist yet, using default permissions
Below is the used config file. I can’t see anything that would trigger
deletions and there is no logging or similar
about it. To me it’s quite serious that an IMAP server randomly deletes mails
and its own files.
the config looks like you've copied it from some files, please do:
+ restart dovecot (service dovecot restart or /etc/init.d/dovecot restart
or whatever is appropriate on your system)
+ run: doveconf -n
and post its output.
+ Also run: doveadm user -u operators-east@east.domain.x
# we're using maildir without any extra folders in the user's home directory
(set in userdb)
mail_location = maildir:~
# user database
userdb {
driver = static
args = uid=navie gid=users home=/opt/mail/maildir/%n
}
###
Anything obviously wrong? I’ve seen that mail_location and mail_home should not
be the same, but using
mail_location = maildir:~/mail
The log entries does not fit the configuration shown, therefore I suspect
that Dovecot is using another config.
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEVAwUBVZPdpXz1H7kL/d9rAQLPqAf/T98U5F6TWYuSb+ccX5NGXlLrw79hu0q1
+D+RmWFiLpwk3S5Q+I7nZ9++zVPdCSkAkS4cis4DyvkNbn43GBx0HvWV9H9zFMsh
NvTnHlv4nTZcf+5W0PIpstjIBlMzjZd5hc4V5Xo5srsoP7kH/gaHTX/OsBfskavU
qHimGb4ArJS1nVliLhPJTmpEW7hpfS6yBViSLhqpt1eLMnwCjir5IirPUNvg+BKY
WmIRRHSLYRu0o8IkPmbyghE4pJ8Zu61Z3MOmBpcRFDGf/UUkbUmbS2OdWCFgP2Z9
JhEcvkpHuamwYDLMD+isTz14aLjRDu15QB8nURmlmkGXhxAVn5IxhA==
=UIYT
-END PGP SIGNATURE-
dovecot-lmtp
Hi, I'm trying to use dovecot-lmtp so that I can filter messages with sieve, however it doesn't appear to be working. I followed the instructions on wiki2.dovecot.org. I'm running Debian Wheezy. I've got runit configured to execute postfix and dovecot, which may be the source of the problem (runit executes /usr/sbin/dovecot -F). I've got mail_debug turned on and there is nothing in the mail log about lmtp. Any help would be appreciated. -- Steven Hopps || sho...@pridetechdesign.com 424-888-0443 || http://www.pridetechdesign.com = Ask about my Security Tune-Up 24/7 Server Monitoring! =
Dovecot deleting files and directories
Hi,
I’m a new Dovecot user and using version 2.2.18 on an OpenSuse system. In
general it all works
quite nicely and clients can connect to Dovecot and manage mails normally. The
layout used is
maildir. The users are all virtual, i.e. they do not exist on the Linux system.
They all log in
without any authentication due to a very specialized and internal setup.
However, sometimes Dovecot simply deletes mails from the maildir structure. It
also seems
to delete entire users too. This is not a simple case of clients deleting
mails, but the entire
folder for the user seems to sometimes get nuked. I’ve also seen that only the
mails and
Dovecot’s admin files (indexes etc) are deleted.
The log file is not really too informative, mostly lines of this form:
Jul 01 14:00:36 imap(firstname.lastname@domain.x): Info: Disconnected: IMAP
session state is inconsistent, please relogin. in=781 out=2630
Jul 01 14:00:36 imap(operators-east@east.domain.x): Debug: Namespace :
/opt/mail/operators-east doesn't exist yet, using default permissions
Jul 01 14:00:36 imap(operators-east@east.domain.x): Debug: Namespace :
/opt/mail/operators-east doesn't exist yet, using default permissions
Jul 01 14:00:36 imap(operators-east@east.domain.x): Debug: Namespace : Using
permissions from /opt/mail/operators-east: mode=0700 gid=default
Jul 01 14:00:36 imap(firstname.lastname@domain.x): Debug: Namespace :
/opt/mail/firstname.lastname doesn't exist yet, using default permissions
Jul 01 14:00:36 imap(firstname.lastname@domain.x): Debug: Namespace :
/opt/mail/firstname.lastname doesn't exist yet, using default permissions
Jul 01 14:00:36 imap(firstname.lastname@domain.x): Debug: Namespace : Using
permissions from /opt/mail/firstname.lastname: mode=0700 gid=default
Jul 01 14:01:03 imap-login: Info: Login: user=firstname.lastname@domain.x,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=9326, secured,
session=2+YiPc4ZGwB/AAAB
Jul 01 14:01:03 imap(firstname.lastname@domain.x): Debug: Effective uid=1001,
gid=100, home=/opt/mail/firstname.lastname
Jul 01 14:01:03 imap(firstname.lastname@domain.x): Debug: maildir++:
root=/opt/mail/firstname.lastname, index=, indexpvt=, control=,
inbox=/opt/mail/firstname.lastname, alt=
Jul 01 14:01:07 imap-login: Info: Login: user=operators-east@east.domain.x,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=9333, secured,
session=11NpPc4ZHAB/AAAB
Jul 01 14:01:07 imap(operators-east@east.domain.x): Debug: Effective uid=1001,
gid=100, home=/opt/mail/operators-east
Jul 01 14:01:07 imap(operators-east@east.domain.x): Debug: maildir++:
root=/opt/mail/operators-east, index=, indexpvt=, control=,
inbox=/opt/mail/operators-east, alt=
I’ve changed the name and domain. Not sure if the namespace complaints have
anything to do with the directories on disk,
but normally they are there when the logging comes.
Below is the used config file. I can’t see anything that would trigger
deletions and there is no logging or similar
about it. To me it’s quite serious that an IMAP server randomly deletes mails
and its own files.
###
# support only IMAP, no pop3
protocols = imap
# listen only on IPv4 (the default is: * ::)
listen = *
# where logging gets sent
log_path = /var/log/dovecot.log
# disable SSL
ssl = no
disable_plaintext_auth = no
# we're using maildir without any extra folders in the user's home directory
(set in userdb)
mail_location = maildir:~
# user ids
default_login_user= dovenull
default_internal_user = dovecot
# auth config
auth_verbose = yes
auth_mechanisms = plain
# password scheme. Uses an external Python application to verify the password.
It gets
# sent the username and password and can perform authentication. The current one
# simply accepts anything.
passdb {
driver = checkpassword
args = /opt/dovecot-2.2.18/bin/checkpassword.py
}
# user database
userdb {
driver = static
args = uid=navie gid=users home=/opt/mail/maildir/%n
}
###
Anything obviously wrong? I’ve seen that mail_location and mail_home should not
be the same, but using
mail_location = maildir:~/mail
gives the exact same behavior.
Best regards,
Jan Ekholm
Using PAM and passwdfile together
Dovecot 2.0.9 on Centos 6.6
I have some local users and some Postfix virtual mailboxes. The config
currently has:
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-504.12.2.el6.x86_64 x86_64 CentOS release 6.6 (Final)
first_valid_uid = 190
log_path = /var/log/dovecot.log
mail_access_groups = mail
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mbox_write_locks = fcntl
passdb {
driver = pam
}
passdb {
args = scheme=MD5 username_format=%u /etc/dovecot/auth/%d.passwd
driver = passwd-file
}
protocols = imap pop3
ssl_ca = /etc/pki/tls/certs/ca-bundle.crt
ssl_cert = /etc/pki/dovecot/certs/mailcert.pem
ssl_key = /etc/pki/dovecot/private/mailkey.pem
ssl_parameters_regenerate = 48
userdb {
driver = passwd
}
userdb {
args = uid=199 gid=199 home=/var/mail/vhosts/%d/%n
mail=mbox:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/%n/mail
driver = static
}
Each time a virtual mailbox user logs in, PAM writes a set of
Authentication Failure messages to /var/log/secure when it attempts
to find the virtual user, which it then successfully authenticates
in the passwd-file. Is there a way to prevent PAM from loggin this
spurious error and having dovecot log an authentication failure only if
BOTH methods fail?
--
Jim Garrison (j...@acm.org)
PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88
Re: dovecot-lmtp
I apologize for the multiple emails, I forgot to mention that when I added a mailbox_transport line, suddenly the log started showing lmtp entries, however everything was bouncing (I did mention the bouncing.) When I removed that line, it works again, but now the log does not show any lmtp entries, same as before. I should point out that this email server has been functional for a long while. Steven Hopps || sho...@pridetechdesign.com 424-888-0443 || http://www.pridetechdesign.com = Ask about my Security Tune-Up 24/7 Server Monitoring! = On 7/1/2015 12:17, Pascal Volk wrote: On 07/01/2015 02:28 PM, Steven Hopps wrote: Hi, I'm trying to use dovecot-lmtp so that I can filter messages with sieve, however it doesn't appear to be working. I followed the instructions on wiki2.dovecot.org. I'm running Debian Wheezy. I've got runit configured to execute postfix and dovecot, which may be the source of the problem (runit executes /usr/sbin/dovecot -F). I've got mail_debug turned on and there is nothing in the mail log about lmtp. Any help would be appreciated. `postconf virtual_transport mailbox_transport`? `doveconf -n`? Regards, Pascal
Re: dovecot-lmtp
I have solved the issue, I had to add mailbox_transport to main.cf, and I had to add auth_username_format = %Ln to dovecot.conf to fix the Unrecognized User errors. It's now working! Steven Hopps || sho...@pridetechdesign.com 424-888-0443 || http://www.pridetechdesign.com = Ask about my Security Tune-Up 24/7 Server Monitoring! = On 7/1/2015 10:28, Steven Hopps wrote: Hi, I'm trying to use dovecot-lmtp so that I can filter messages with sieve, however it doesn't appear to be working. I followed the instructions on wiki2.dovecot.org. I'm running Debian Wheezy. I've got runit configured to execute postfix and dovecot, which may be the source of the problem (runit executes /usr/sbin/dovecot -F). I've got mail_debug turned on and there is nothing in the mail log about lmtp. Any help would be appreciated.
Re: Dovecot auth username mapping
Le 1 juil. 2015 à 04:38, Laz C. Peterson a écrit : I have an interesting case here … Virtual mailboxes, domain/username/aliases stored in MySQL, authentication done using PAM. PAM authenticates through Kerberos, which are internal realms and not the email domains — for example, my username would be laz@PARAVIS.LOCAL mailto:laz@PARAVIS.LOCAL and my email address would be l...@paravis.net mailto:l...@paravis.net. All of this works just fine. But what I want to do is allow the users to log in using their email address and not their full Kerberos name. It is becoming laborious to help the users understand the difference between their username@LOCAL.REALM and username@email.address mailto:username@email.address and why we have to have two separate identities that mean the same thing. I have the SQL statements to convert either the Kerberos login or the email address to the actual Kerberos login (so they may use either). But I cannot seem to figure out how to get Dovecot to acknowledge this as the mapped username. I’m sure there has to be a way. Any help will be greatly appreciated. Thank you! Hello Laz, I fear you’ll have to resort to CheckPassword (http://wiki2.dovecot.org/AuthDatabase/CheckPassword) or something similar. Indeed, your MySql database may contain everything needed to convert email addresses to kerb login (and vice-versa), but Dovecot’s PAM interface understandably just knows about a (login, password) pair, where the login is the one provided by the user wanting to log in. That said, I hope to be wrong, Axel
duplicate namespace prefix
Hello, I am in the process of setting up a server that is running to invocations of dovecot. One of the invocations is acting as a backend and the other as a Director. I believe I have most of the configuration complete but I keep running into the following error: Jul 01 14:17:04 lda(postmas...@mydomain.com: Error: user postmas...@mydomain.com: Initialization failed: namespace configuration error: Duplicate namespace prefix: Jul 01 14:17:04 lda(postmaster@åmydomain.com: Fatal: Invalid user settings. Refer to server log for more information. Not sure where to go from here and most of my searches on the error have lead me to dead ends hoping someone can help me out. Thanks.
Re: Dovecot auth username mapping
Thank you for the response Axel. I will look into that. I did attempt to switch the PAM/Kerberos authentication to Dovecot LDAP authentication, but now performance is unbelievably slow. For example, with PAM/Kerberos, a user can log into webmail and have all of their emails/folders showing almost immediately. When using Dovecot LDAP, it takes literally 8-10 seconds to see the same thing. I was hoping that was a possible replacement for this, but my goodness it was so incredibly slow! This would definitely be an option though, as it does serve the purpose. I just can’t figure out how to fix the performance issue. Any thoughts to this? ~ Laz Peterson Paravis, LLC Ph: 951.319.3240 x201 On Jul 1, 2015, at 3:24 PM, Axel Luttgens axel.luttg...@skynet.be wrote: Le 1 juil. 2015 à 04:38, Laz C. Peterson a écrit : I have an interesting case here … Virtual mailboxes, domain/username/aliases stored in MySQL, authentication done using PAM. PAM authenticates through Kerberos, which are internal realms and not the email domains — for example, my username would be laz@PARAVIS.LOCAL mailto:laz@PARAVIS.LOCAL and my email address would be l...@paravis.net mailto:l...@paravis.net. All of this works just fine. But what I want to do is allow the users to log in using their email address and not their full Kerberos name. It is becoming laborious to help the users understand the difference between their username@LOCAL.REALM and username@email.address mailto:username@email.address and why we have to have two separate identities that mean the same thing. I have the SQL statements to convert either the Kerberos login or the email address to the actual Kerberos login (so they may use either). But I cannot seem to figure out how to get Dovecot to acknowledge this as the mapped username. I’m sure there has to be a way. Any help will be greatly appreciated. Thank you! Hello Laz, I fear you’ll have to resort to CheckPassword (http://wiki2.dovecot.org/AuthDatabase/CheckPassword) or something similar. Indeed, your MySql database may contain everything needed to convert email addresses to kerb login (and vice-versa), but Dovecot’s PAM interface understandably just knows about a (login, password) pair, where the login is the one provided by the user wanting to log in. That said, I hope to be wrong, Axel
Re: Dovecot auth username mapping
It’s actually unbelievable how much slower LDAP auth is than PAM. Does anyone have any suggestions how I can improve Dovecot LDAP auth? I have tried caching authentications and that doesn’t help either. ~ Laz Peterson Paravis, LLC Ph: 951.319.3240 x201 On Jul 1, 2015, at 4:41 PM, Laz C. Peterson l...@paravis.net wrote: Thank you for the response Axel. I will look into that. I did attempt to switch the PAM/Kerberos authentication to Dovecot LDAP authentication, but now performance is unbelievably slow. For example, with PAM/Kerberos, a user can log into webmail and have all of their emails/folders showing almost immediately. When using Dovecot LDAP, it takes literally 8-10 seconds to see the same thing. I was hoping that was a possible replacement for this, but my goodness it was so incredibly slow! This would definitely be an option though, as it does serve the purpose. I just can’t figure out how to fix the performance issue. Any thoughts to this? ~ Laz Peterson Paravis, LLC Ph: 951.319.3240 x201 On Jul 1, 2015, at 3:24 PM, Axel Luttgens axel.luttg...@skynet.be wrote: Le 1 juil. 2015 à 04:38, Laz C. Peterson a écrit : I have an interesting case here … Virtual mailboxes, domain/username/aliases stored in MySQL, authentication done using PAM. PAM authenticates through Kerberos, which are internal realms and not the email domains — for example, my username would be laz@PARAVIS.LOCAL mailto:laz@PARAVIS.LOCAL and my email address would be l...@paravis.net mailto:l...@paravis.net. All of this works just fine. But what I want to do is allow the users to log in using their email address and not their full Kerberos name. It is becoming laborious to help the users understand the difference between their username@LOCAL.REALM and username@email.address mailto:username@email.address and why we have to have two separate identities that mean the same thing. I have the SQL statements to convert either the Kerberos login or the email address to the actual Kerberos login (so they may use either). But I cannot seem to figure out how to get Dovecot to acknowledge this as the mapped username. I’m sure there has to be a way. Any help will be greatly appreciated. Thank you! Hello Laz, I fear you’ll have to resort to CheckPassword (http://wiki2.dovecot.org/AuthDatabase/CheckPassword) or something similar. Indeed, your MySql database may contain everything needed to convert email addresses to kerb login (and vice-versa), but Dovecot’s PAM interface understandably just knows about a (login, password) pair, where the login is the one provided by the user wanting to log in. That said, I hope to be wrong, Axel
