Re: dovecot-lmtp
On 07/01/2015 02:28 PM, Steven Hopps wrote: Hi, I'm trying to use dovecot-lmtp so that I can filter messages with sieve, however it doesn't appear to be working. I followed the instructions on wiki2.dovecot.org. I'm running Debian Wheezy. I've got runit configured to execute postfix and dovecot, which may be the source of the problem (runit executes /usr/sbin/dovecot -F). I've got mail_debug turned on and there is nothing in the mail log about lmtp. Any help would be appreciated. `postconf virtual_transport mailbox_transport`? `doveconf -n`? Regards, Pascal -- The trapper recommends today: c01dcafe.1518...@localdomain.org
Re: dovecot-lmtp
I tried copying virtual_transport to mailbox_transport and started receiving user unknown and no such user errors. Current configuration output follows: virtual_transport = lmtp:unix:private/dovecot-lmtp mailbox_transport = # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 auth_mechanisms = plain login mail_debug = yes mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/Maildir/filters.sieve } protocols = lmtp imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix user = postfix } } ssl_cert = /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key = /etc/ssl/private/ssl-cert-snakeoil.key userdb { driver = passwd } protocol lmtp { hostname = domain.com mail_plugins = sieve postmaster_address = postmas...@domain.com } Steven Hopps || sho...@pridetechdesign.com 424-888-0443 || http://www.pridetechdesign.com = Ask about my Security Tune-Up 24/7 Server Monitoring! = On 7/1/2015 12:17, Pascal Volk wrote: On 07/01/2015 02:28 PM, Steven Hopps wrote: Hi, I'm trying to use dovecot-lmtp so that I can filter messages with sieve, however it doesn't appear to be working. I followed the instructions on wiki2.dovecot.org. I'm running Debian Wheezy. I've got runit configured to execute postfix and dovecot, which may be the source of the problem (runit executes /usr/sbin/dovecot -F). I've got mail_debug turned on and there is nothing in the mail log about lmtp. Any help would be appreciated. `postconf virtual_transport mailbox_transport`? `doveconf -n`? Regards, Pascal
Re: Dovecot deleting files and directories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 1 Jul 2015, Jan Ekholm wrote: The log file is not really too informative, mostly lines of this form: Jul 01 14:00:36 imap(operators-east@east.domain.x): Debug: Namespace : /opt/mail/operators-east doesn't exist yet, using default permissions Jul 01 14:00:36 imap(operators-east@east.domain.x): Debug: Namespace : /opt/mail/operators-east doesn't exist yet, using default permissions Below is the used config file. I can’t see anything that would trigger deletions and there is no logging or similar about it. To me it’s quite serious that an IMAP server randomly deletes mails and its own files. the config looks like you've copied it from some files, please do: + restart dovecot (service dovecot restart or /etc/init.d/dovecot restart or whatever is appropriate on your system) + run: doveconf -n and post its output. + Also run: doveadm user -u operators-east@east.domain.x # we're using maildir without any extra folders in the user's home directory (set in userdb) mail_location = maildir:~ # user database userdb { driver = static args = uid=navie gid=users home=/opt/mail/maildir/%n } ### Anything obviously wrong? I’ve seen that mail_location and mail_home should not be the same, but using mail_location = maildir:~/mail The log entries does not fit the configuration shown, therefore I suspect that Dovecot is using another config. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVZPdpXz1H7kL/d9rAQLPqAf/T98U5F6TWYuSb+ccX5NGXlLrw79hu0q1 +D+RmWFiLpwk3S5Q+I7nZ9++zVPdCSkAkS4cis4DyvkNbn43GBx0HvWV9H9zFMsh NvTnHlv4nTZcf+5W0PIpstjIBlMzjZd5hc4V5Xo5srsoP7kH/gaHTX/OsBfskavU qHimGb4ArJS1nVliLhPJTmpEW7hpfS6yBViSLhqpt1eLMnwCjir5IirPUNvg+BKY WmIRRHSLYRu0o8IkPmbyghE4pJ8Zu61Z3MOmBpcRFDGf/UUkbUmbS2OdWCFgP2Z9 JhEcvkpHuamwYDLMD+isTz14aLjRDu15QB8nURmlmkGXhxAVn5IxhA== =UIYT -END PGP SIGNATURE-
dovecot-lmtp
Hi, I'm trying to use dovecot-lmtp so that I can filter messages with sieve, however it doesn't appear to be working. I followed the instructions on wiki2.dovecot.org. I'm running Debian Wheezy. I've got runit configured to execute postfix and dovecot, which may be the source of the problem (runit executes /usr/sbin/dovecot -F). I've got mail_debug turned on and there is nothing in the mail log about lmtp. Any help would be appreciated. -- Steven Hopps || sho...@pridetechdesign.com 424-888-0443 || http://www.pridetechdesign.com = Ask about my Security Tune-Up 24/7 Server Monitoring! =
Dovecot deleting files and directories
Hi, I’m a new Dovecot user and using version 2.2.18 on an OpenSuse system. In general it all works quite nicely and clients can connect to Dovecot and manage mails normally. The layout used is maildir. The users are all virtual, i.e. they do not exist on the Linux system. They all log in without any authentication due to a very specialized and internal setup. However, sometimes Dovecot simply deletes mails from the maildir structure. It also seems to delete entire users too. This is not a simple case of clients deleting mails, but the entire folder for the user seems to sometimes get nuked. I’ve also seen that only the mails and Dovecot’s admin files (indexes etc) are deleted. The log file is not really too informative, mostly lines of this form: Jul 01 14:00:36 imap(firstname.lastname@domain.x): Info: Disconnected: IMAP session state is inconsistent, please relogin. in=781 out=2630 Jul 01 14:00:36 imap(operators-east@east.domain.x): Debug: Namespace : /opt/mail/operators-east doesn't exist yet, using default permissions Jul 01 14:00:36 imap(operators-east@east.domain.x): Debug: Namespace : /opt/mail/operators-east doesn't exist yet, using default permissions Jul 01 14:00:36 imap(operators-east@east.domain.x): Debug: Namespace : Using permissions from /opt/mail/operators-east: mode=0700 gid=default Jul 01 14:00:36 imap(firstname.lastname@domain.x): Debug: Namespace : /opt/mail/firstname.lastname doesn't exist yet, using default permissions Jul 01 14:00:36 imap(firstname.lastname@domain.x): Debug: Namespace : /opt/mail/firstname.lastname doesn't exist yet, using default permissions Jul 01 14:00:36 imap(firstname.lastname@domain.x): Debug: Namespace : Using permissions from /opt/mail/firstname.lastname: mode=0700 gid=default Jul 01 14:01:03 imap-login: Info: Login: user=firstname.lastname@domain.x, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=9326, secured, session=2+YiPc4ZGwB/AAAB Jul 01 14:01:03 imap(firstname.lastname@domain.x): Debug: Effective uid=1001, gid=100, home=/opt/mail/firstname.lastname Jul 01 14:01:03 imap(firstname.lastname@domain.x): Debug: maildir++: root=/opt/mail/firstname.lastname, index=, indexpvt=, control=, inbox=/opt/mail/firstname.lastname, alt= Jul 01 14:01:07 imap-login: Info: Login: user=operators-east@east.domain.x, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=9333, secured, session=11NpPc4ZHAB/AAAB Jul 01 14:01:07 imap(operators-east@east.domain.x): Debug: Effective uid=1001, gid=100, home=/opt/mail/operators-east Jul 01 14:01:07 imap(operators-east@east.domain.x): Debug: maildir++: root=/opt/mail/operators-east, index=, indexpvt=, control=, inbox=/opt/mail/operators-east, alt= I’ve changed the name and domain. Not sure if the namespace complaints have anything to do with the directories on disk, but normally they are there when the logging comes. Below is the used config file. I can’t see anything that would trigger deletions and there is no logging or similar about it. To me it’s quite serious that an IMAP server randomly deletes mails and its own files. ### # support only IMAP, no pop3 protocols = imap # listen only on IPv4 (the default is: * ::) listen = * # where logging gets sent log_path = /var/log/dovecot.log # disable SSL ssl = no disable_plaintext_auth = no # we're using maildir without any extra folders in the user's home directory (set in userdb) mail_location = maildir:~ # user ids default_login_user= dovenull default_internal_user = dovecot # auth config auth_verbose = yes auth_mechanisms = plain # password scheme. Uses an external Python application to verify the password. It gets # sent the username and password and can perform authentication. The current one # simply accepts anything. passdb { driver = checkpassword args = /opt/dovecot-2.2.18/bin/checkpassword.py } # user database userdb { driver = static args = uid=navie gid=users home=/opt/mail/maildir/%n } ### Anything obviously wrong? I’ve seen that mail_location and mail_home should not be the same, but using mail_location = maildir:~/mail gives the exact same behavior. Best regards, Jan Ekholm
Using PAM and passwdfile together
Dovecot 2.0.9 on Centos 6.6 I have some local users and some Postfix virtual mailboxes. The config currently has: # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.12.2.el6.x86_64 x86_64 CentOS release 6.6 (Final) first_valid_uid = 190 log_path = /var/log/dovecot.log mail_access_groups = mail mail_location = mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks = fcntl passdb { driver = pam } passdb { args = scheme=MD5 username_format=%u /etc/dovecot/auth/%d.passwd driver = passwd-file } protocols = imap pop3 ssl_ca = /etc/pki/tls/certs/ca-bundle.crt ssl_cert = /etc/pki/dovecot/certs/mailcert.pem ssl_key = /etc/pki/dovecot/private/mailkey.pem ssl_parameters_regenerate = 48 userdb { driver = passwd } userdb { args = uid=199 gid=199 home=/var/mail/vhosts/%d/%n mail=mbox:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/%n/mail driver = static } Each time a virtual mailbox user logs in, PAM writes a set of Authentication Failure messages to /var/log/secure when it attempts to find the virtual user, which it then successfully authenticates in the passwd-file. Is there a way to prevent PAM from loggin this spurious error and having dovecot log an authentication failure only if BOTH methods fail? -- Jim Garrison (j...@acm.org) PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88
Re: dovecot-lmtp
I apologize for the multiple emails, I forgot to mention that when I added a mailbox_transport line, suddenly the log started showing lmtp entries, however everything was bouncing (I did mention the bouncing.) When I removed that line, it works again, but now the log does not show any lmtp entries, same as before. I should point out that this email server has been functional for a long while. Steven Hopps || sho...@pridetechdesign.com 424-888-0443 || http://www.pridetechdesign.com = Ask about my Security Tune-Up 24/7 Server Monitoring! = On 7/1/2015 12:17, Pascal Volk wrote: On 07/01/2015 02:28 PM, Steven Hopps wrote: Hi, I'm trying to use dovecot-lmtp so that I can filter messages with sieve, however it doesn't appear to be working. I followed the instructions on wiki2.dovecot.org. I'm running Debian Wheezy. I've got runit configured to execute postfix and dovecot, which may be the source of the problem (runit executes /usr/sbin/dovecot -F). I've got mail_debug turned on and there is nothing in the mail log about lmtp. Any help would be appreciated. `postconf virtual_transport mailbox_transport`? `doveconf -n`? Regards, Pascal
Re: dovecot-lmtp
I have solved the issue, I had to add mailbox_transport to main.cf, and I had to add auth_username_format = %Ln to dovecot.conf to fix the Unrecognized User errors. It's now working! Steven Hopps || sho...@pridetechdesign.com 424-888-0443 || http://www.pridetechdesign.com = Ask about my Security Tune-Up 24/7 Server Monitoring! = On 7/1/2015 10:28, Steven Hopps wrote: Hi, I'm trying to use dovecot-lmtp so that I can filter messages with sieve, however it doesn't appear to be working. I followed the instructions on wiki2.dovecot.org. I'm running Debian Wheezy. I've got runit configured to execute postfix and dovecot, which may be the source of the problem (runit executes /usr/sbin/dovecot -F). I've got mail_debug turned on and there is nothing in the mail log about lmtp. Any help would be appreciated.
Re: Dovecot auth username mapping
Le 1 juil. 2015 à 04:38, Laz C. Peterson a écrit : I have an interesting case here … Virtual mailboxes, domain/username/aliases stored in MySQL, authentication done using PAM. PAM authenticates through Kerberos, which are internal realms and not the email domains — for example, my username would be laz@PARAVIS.LOCAL mailto:laz@PARAVIS.LOCAL and my email address would be l...@paravis.net mailto:l...@paravis.net. All of this works just fine. But what I want to do is allow the users to log in using their email address and not their full Kerberos name. It is becoming laborious to help the users understand the difference between their username@LOCAL.REALM and username@email.address mailto:username@email.address and why we have to have two separate identities that mean the same thing. I have the SQL statements to convert either the Kerberos login or the email address to the actual Kerberos login (so they may use either). But I cannot seem to figure out how to get Dovecot to acknowledge this as the mapped username. I’m sure there has to be a way. Any help will be greatly appreciated. Thank you! Hello Laz, I fear you’ll have to resort to CheckPassword (http://wiki2.dovecot.org/AuthDatabase/CheckPassword) or something similar. Indeed, your MySql database may contain everything needed to convert email addresses to kerb login (and vice-versa), but Dovecot’s PAM interface understandably just knows about a (login, password) pair, where the login is the one provided by the user wanting to log in. That said, I hope to be wrong, Axel
duplicate namespace prefix
Hello, I am in the process of setting up a server that is running to invocations of dovecot. One of the invocations is acting as a backend and the other as a Director. I believe I have most of the configuration complete but I keep running into the following error: Jul 01 14:17:04 lda(postmas...@mydomain.com: Error: user postmas...@mydomain.com: Initialization failed: namespace configuration error: Duplicate namespace prefix: Jul 01 14:17:04 lda(postmaster@åmydomain.com: Fatal: Invalid user settings. Refer to server log for more information. Not sure where to go from here and most of my searches on the error have lead me to dead ends hoping someone can help me out. Thanks.
Re: Dovecot auth username mapping
Thank you for the response Axel. I will look into that. I did attempt to switch the PAM/Kerberos authentication to Dovecot LDAP authentication, but now performance is unbelievably slow. For example, with PAM/Kerberos, a user can log into webmail and have all of their emails/folders showing almost immediately. When using Dovecot LDAP, it takes literally 8-10 seconds to see the same thing. I was hoping that was a possible replacement for this, but my goodness it was so incredibly slow! This would definitely be an option though, as it does serve the purpose. I just can’t figure out how to fix the performance issue. Any thoughts to this? ~ Laz Peterson Paravis, LLC Ph: 951.319.3240 x201 On Jul 1, 2015, at 3:24 PM, Axel Luttgens axel.luttg...@skynet.be wrote: Le 1 juil. 2015 à 04:38, Laz C. Peterson a écrit : I have an interesting case here … Virtual mailboxes, domain/username/aliases stored in MySQL, authentication done using PAM. PAM authenticates through Kerberos, which are internal realms and not the email domains — for example, my username would be laz@PARAVIS.LOCAL mailto:laz@PARAVIS.LOCAL and my email address would be l...@paravis.net mailto:l...@paravis.net. All of this works just fine. But what I want to do is allow the users to log in using their email address and not their full Kerberos name. It is becoming laborious to help the users understand the difference between their username@LOCAL.REALM and username@email.address mailto:username@email.address and why we have to have two separate identities that mean the same thing. I have the SQL statements to convert either the Kerberos login or the email address to the actual Kerberos login (so they may use either). But I cannot seem to figure out how to get Dovecot to acknowledge this as the mapped username. I’m sure there has to be a way. Any help will be greatly appreciated. Thank you! Hello Laz, I fear you’ll have to resort to CheckPassword (http://wiki2.dovecot.org/AuthDatabase/CheckPassword) or something similar. Indeed, your MySql database may contain everything needed to convert email addresses to kerb login (and vice-versa), but Dovecot’s PAM interface understandably just knows about a (login, password) pair, where the login is the one provided by the user wanting to log in. That said, I hope to be wrong, Axel
Re: Dovecot auth username mapping
It’s actually unbelievable how much slower LDAP auth is than PAM. Does anyone have any suggestions how I can improve Dovecot LDAP auth? I have tried caching authentications and that doesn’t help either. ~ Laz Peterson Paravis, LLC Ph: 951.319.3240 x201 On Jul 1, 2015, at 4:41 PM, Laz C. Peterson l...@paravis.net wrote: Thank you for the response Axel. I will look into that. I did attempt to switch the PAM/Kerberos authentication to Dovecot LDAP authentication, but now performance is unbelievably slow. For example, with PAM/Kerberos, a user can log into webmail and have all of their emails/folders showing almost immediately. When using Dovecot LDAP, it takes literally 8-10 seconds to see the same thing. I was hoping that was a possible replacement for this, but my goodness it was so incredibly slow! This would definitely be an option though, as it does serve the purpose. I just can’t figure out how to fix the performance issue. Any thoughts to this? ~ Laz Peterson Paravis, LLC Ph: 951.319.3240 x201 On Jul 1, 2015, at 3:24 PM, Axel Luttgens axel.luttg...@skynet.be wrote: Le 1 juil. 2015 à 04:38, Laz C. Peterson a écrit : I have an interesting case here … Virtual mailboxes, domain/username/aliases stored in MySQL, authentication done using PAM. PAM authenticates through Kerberos, which are internal realms and not the email domains — for example, my username would be laz@PARAVIS.LOCAL mailto:laz@PARAVIS.LOCAL and my email address would be l...@paravis.net mailto:l...@paravis.net. All of this works just fine. But what I want to do is allow the users to log in using their email address and not their full Kerberos name. It is becoming laborious to help the users understand the difference between their username@LOCAL.REALM and username@email.address mailto:username@email.address and why we have to have two separate identities that mean the same thing. I have the SQL statements to convert either the Kerberos login or the email address to the actual Kerberos login (so they may use either). But I cannot seem to figure out how to get Dovecot to acknowledge this as the mapped username. I’m sure there has to be a way. Any help will be greatly appreciated. Thank you! Hello Laz, I fear you’ll have to resort to CheckPassword (http://wiki2.dovecot.org/AuthDatabase/CheckPassword) or something similar. Indeed, your MySql database may contain everything needed to convert email addresses to kerb login (and vice-versa), but Dovecot’s PAM interface understandably just knows about a (login, password) pair, where the login is the one provided by the user wanting to log in. That said, I hope to be wrong, Axel