Re: Accessing to mail as another user

[Angel L. Mateo]

	I have this configuration running, except for the ACL. The problem I'm 
having with ACLs is that I have to manually create the ACL for each 
folder userB has and if userB creates a new folder, then it is forbidden 
for userA until I update the ACL.


How do you solve this?

El 15/02/16 a las 09:18, Marco Giunta escribió:

Hi,
we have such configuration in our Dovecot; it is configured with virtual
users and acl. To enable access of userA mailbox to userB, first I have
to add userB to userA acl, and then I put userA username in an
ARBITRARY_FIELD of userB record in our ldap (if you use a db for your
account, the configuration could be more simple). We use the
ARBITRARY_FIELD to limit the access of other users mailboxes: the field
is not writable by the user, only by administrators.


Our config files:

/etc/dovecot/conf.d/auth-master.conf.ext
...
passdb {
   driver = ldap
   master = yes

   args = /etc/dovecot/dovecot-ldap.conf.masterusers
   pass = yes
   default_fields =
userdb_mail=maildir:/path_to_mailboxes/%1{login_user}/%{login_user}:INDEXPVT=/path_to_indexes/%1n/%n/shared/%{login_user}

}

and in /etc/dovecot/dovecot-ldap.conf.masterusers
...
pass_attrs = uid=user,userPassword=password
pass_filter =
(&(uid=%n)(accountStatus=active)(ARBITRARY_FIELD=%{login_user}))


to login, you have to use the same way of a masteruser:

Login: userA*userB
Password: userB_password


Cheers,
   Marco



On 2016-02-10 07:49, Angel L. Mateo wrote:

El 09/02/16 a las 13:44, Matthias Fechner escribió:


do you maybe mean shared mailboxes:
http://wiki.dovecot.org/SharedMailboxes


 I don't want shared mailboxes. I have to access the other mailbox
as a complete separate account from my personal one.

 I think I can achive this with master user, but I need to found a
way to configure permissions so the real user has access to all folders
in the other mailbox.





--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868887590
Fax: 86337

Re: Pigeonhole and duplicate checking

[Dan Ragle]

Perfect!

Using the "auth" trick and appropriate "discard" statements allowed me 
to get the scripts setup exactly as I had originally intended. Thanks!


Dan

On 2/15/2016 8:29 PM, Stephan Bosch wrote:

Op 2/16/2016 om 1:32 AM schreef Dan Ragle:

In my prior procmail setup, I auto-forwarded all my SPAM E-mail to a
separate user on the system with their own account (called spamuser).
In the Pigeonhole setup it looks like I have to redirect those
messages (i.e., redirect "spamu...@mydomain.com";). That works, but
I'm having issues with "duplicate" messages getting delivered directly
to my inbox instead of getting redirected. IOW, my regular user's
.dovecot.sieve has:

 if header :contains "X-Spam-Flag" "YES" {
 redirect "spamu...@mydomain.com";
 stop;
 }

and the spamuser's .dovecot.sieve has:

 require ["imap4flags"];
 setflag "\\seen";

(this system is entirely for personal use, no concerns with a user's
Spam being seen via the separate spamuser account).

Now, the problem I'm having is that sometimes a message arrives with a
duplicate message-ID. Here's an abbreviated example from my maillog:

   Feb 15 00:30:46 myhost sendmail[26844]: u1F5UeBP026844:
from=, size=613, class=0, nrcpts=1,
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>,
proto=SMTP, daemon=MTA,
relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may
be forged)
   Feb 15 00:31:05 myhost dovecot: lmtp(26856): Connect from local
   Feb 15 00:31:07 myhost sendmail[26867]: u1F5UvFi026867:
from=, size=613, class=0, nrcpts=1,
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>,
proto=SMTP, daemon=MTA,
relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may
be forged)
   Feb 15 00:31:10 myhost dovecot: lmtp(26856, dmr):
7Hj/LoBiwVboaAAACXJZQA: sieve:
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>:
forwarded to 
   Feb 15 00:31:10 myhost dovecot: lmtp(26856): Disconnect from local:
Client quit
   Feb 15 00:31:10 myhost dovecot: lmtp(26893): Connect from local
   Feb 15 00:31:10 myhost dovecot: lmtp(26893, spamuser):
9TPnN55iwVYNaQAACXJZQA: sieve:
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>:
stored mail into mailbox 'INBOX'
   Feb 15 00:31:11 myhost dovecot: lmtp(26893): Disconnect from local:
Client quit
   Feb 15 00:31:18 myhost dovecot: lmtp(26893): Connect from local
   Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr):
+TPnN55iwVYNaQAACXJZQA: sieve:
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>:
discarded duplicate forward to 
   Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr):
+TPnN55iwVYNaQAACXJZQA: sieve:
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>:
stored mail into mailbox 'INBOX'

So the first message comes in and is redirected properly to my
spamuser and stored in the inbox. The second one comes in, pigeonhole
sees it's a duplicate, refuses to redirect it, and stores it in my
inbox instead.


This expected behavior.


I tried forcing the .dovecot.lda-dupes file to be a symlink to
/dev/null just to see if it would work, but unfortunately dovecot just
recreates it as a normal file the next time it delivers to that user.


Exactly.


Ideally, I'd like to just discard the duplicates. It looks like there
is duplicate testing functionality available, but not until later
versions of Dovecot/Pigeonhole.


Yes, but you will not need that.


Is there anyway I can either just discard the duplicates, or get them
to be redirected to the spamuser?


What happens is that the redirect action is ignored the second time,
which means that the implicit keep is not canceled
(https://tools.ietf.org/html/rfc5228#section-2.10.2). Upon executing
"stop;", the script ends and the implicit keep is executed, hence the
message is stored in "INBOX".

So, what you need to do is cancel the implicit keep, no matter what
redirect does. This can be achieved as follows:

 if header :contains "X-Spam-Flag" "YES" {
 redirect "spamu...@mydomain.com";
 discard;
 stop;
 }

The discard action will cancel the implicit keep. It will not affect the
redirect action in any way. If you're a bit scared of the discard
action, you can also replace the it with some other action that cancels
the implicit keep, such as "fileinto" to put duplicates in their own
little black hole folder.


Also, some other questions I came up with along the way:

Is there any way I can force a message to fileinto a different user's
Mailbox? I'm guessing no since it appears that the lmtp drops root
privileges before the global sieve script is interpreted, but thought
I'd ask anyway. I did try:

 fileinto "/var/mail/spamuser";

But Dovecot complained, something about the mailbox pattern being
invalid. If it were possible, I 

Re: Pigeonhole and duplicate checking

[Stephan Bosch]

Op 2/16/2016 om 1:32 AM schreef Dan Ragle:
> In my prior procmail setup, I auto-forwarded all my SPAM E-mail to a
> separate user on the system with their own account (called spamuser).
> In the Pigeonhole setup it looks like I have to redirect those
> messages (i.e., redirect "spamu...@mydomain.com";). That works, but
> I'm having issues with "duplicate" messages getting delivered directly
> to my inbox instead of getting redirected. IOW, my regular user's
> .dovecot.sieve has:
>
> if header :contains "X-Spam-Flag" "YES" {
> redirect "spamu...@mydomain.com";
> stop;
> }
>
> and the spamuser's .dovecot.sieve has:
>
> require ["imap4flags"];
> setflag "\\seen";
>
> (this system is entirely for personal use, no concerns with a user's
> Spam being seen via the separate spamuser account).
>
> Now, the problem I'm having is that sometimes a message arrives with a
> duplicate message-ID. Here's an abbreviated example from my maillog:
>
>   Feb 15 00:30:46 myhost sendmail[26844]: u1F5UeBP026844:
> from=, size=613, class=0, nrcpts=1,
> msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>,
> proto=SMTP, daemon=MTA,
> relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may
> be forged)
>   Feb 15 00:31:05 myhost dovecot: lmtp(26856): Connect from local
>   Feb 15 00:31:07 myhost sendmail[26867]: u1F5UvFi026867:
> from=, size=613, class=0, nrcpts=1,
> msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>,
> proto=SMTP, daemon=MTA,
> relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may
> be forged)
>   Feb 15 00:31:10 myhost dovecot: lmtp(26856, dmr):
> 7Hj/LoBiwVboaAAACXJZQA: sieve:
> msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>:
> forwarded to 
>   Feb 15 00:31:10 myhost dovecot: lmtp(26856): Disconnect from local:
> Client quit
>   Feb 15 00:31:10 myhost dovecot: lmtp(26893): Connect from local
>   Feb 15 00:31:10 myhost dovecot: lmtp(26893, spamuser):
> 9TPnN55iwVYNaQAACXJZQA: sieve:
> msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>:
> stored mail into mailbox 'INBOX'
>   Feb 15 00:31:11 myhost dovecot: lmtp(26893): Disconnect from local:
> Client quit
>   Feb 15 00:31:18 myhost dovecot: lmtp(26893): Connect from local
>   Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr):
> +TPnN55iwVYNaQAACXJZQA: sieve:
> msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>:
> discarded duplicate forward to 
>   Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr):
> +TPnN55iwVYNaQAACXJZQA: sieve:
> msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>:
> stored mail into mailbox 'INBOX'
>
> So the first message comes in and is redirected properly to my
> spamuser and stored in the inbox. The second one comes in, pigeonhole
> sees it's a duplicate, refuses to redirect it, and stores it in my
> inbox instead.

This expected behavior.

> I tried forcing the .dovecot.lda-dupes file to be a symlink to
> /dev/null just to see if it would work, but unfortunately dovecot just
> recreates it as a normal file the next time it delivers to that user.

Exactly.

> Ideally, I'd like to just discard the duplicates. It looks like there
> is duplicate testing functionality available, but not until later
> versions of Dovecot/Pigeonhole.

Yes, but you will not need that.

> Is there anyway I can either just discard the duplicates, or get them
> to be redirected to the spamuser?

What happens is that the redirect action is ignored the second time,
which means that the implicit keep is not canceled
(https://tools.ietf.org/html/rfc5228#section-2.10.2). Upon executing
"stop;", the script ends and the implicit keep is executed, hence the
message is stored in "INBOX".

So, what you need to do is cancel the implicit keep, no matter what
redirect does. This can be achieved as follows:

if header :contains "X-Spam-Flag" "YES" {
redirect "spamu...@mydomain.com";
discard;
stop;
}

The discard action will cancel the implicit keep. It will not affect the
redirect action in any way. If you're a bit scared of the discard
action, you can also replace the it with some other action that cancels
the implicit keep, such as "fileinto" to put duplicates in their own
little black hole folder.

> Also, some other questions I came up with along the way:
>
> Is there any way I can force a message to fileinto a different user's
> Mailbox? I'm guessing no since it appears that the lmtp drops root
> privileges before the global sieve script is interpreted, but thought
> I'd ask anyway. I did try:
>
> fileinto "/var/mail/spamuser";
>
> But Dovecot complained, something about the mailbox pattern being
> invalid. If it were possible, I would think it would want something like
>
> fileinto "spamuser:INBOX";
>
> 

Re: the prefix number of the configuration filename

[David Bishop]

At a guess, the directory gets listed, the names get sorted numerically,
and then read in order low-to-high. In theory, the end result will be the
same regardless of what order stuff gets read in, but doing it in a
deterministic order makes troubleshooting easier.

On Mon, Feb 15, 2016 at 7:31 PM, Dogz  wrote:

> Hi all,
>
> I am very curious about the prefix number of the configuration
> filename, such as 10-auth.conf
> 10-director.conf
> 10-logging.conf
> 10-mail.conf
> 10-master.conf
> 10-ssl.conf
> 15-lda.conf
> 15-mailboxes.conf
> 20-imap.conf
> 20-lmtp.conf
> 20-managesieve.conf
> 20-pop3.conf
> 90-acl.conf
> 90-plugin.conf
> 90-quota.conf
> 90-sieve.conf
> 90-sieve-extprograms.conf
>
> What are those meanings of 10,15,20 and 90 ?
>
> Please advise me and thank you in advance.
>
> --
> Best Regards,
> Dogz
>

Re: the prefix number of the configuration filename

[Rich Wales]

> Hi all, I am very curious about the prefix number of the configuration
> filename, such as 10-auth.conf  What are those meanings of 10,15,20
> and 90 ?

The configuration files are read and processed according to the sorting
order of their names.  Adding the numeric prefixes allows the order in
which the files are processed to be determined independently of their names.

So, in this case, the config files with names starting with 10 are read
first (i.e., 10-director.conf is processed first).  If the number
prefixes weren't there, then the "acl.conf" file would be processed
first (instead of near the end).

It matters what order the configuration files are processed in because
later files can override parameters set by earlier files.

Rich Wales
ri...@richw.org

Pigeonhole and duplicate checking

[Dan Ragle]

I spent some time setting up Dovecot LMTP with Pigeonhole this weekend. 
I got most of the things I wanted to working but have a few issues that 
I'm hoping that someone might be able to help with.


First, I'm running the stock version of the tools from the core repos 
for CentOS/6, which means Dovecot 2.0.9 and Pigeonhole 0.2.2. 
Unfortunately, I don't expect to be able to upgrade those anytime soon, 
so I'm hoping I can find workarounds for my existing versions.


My mailserver is sendmail, I linked to Dovecot LMTP by adding:

FEATURE(`local_lmtp', `[IPC]', `FILE /var/run/dovecot/lmtp')dnl

to my sendmail.mc.

In my prior procmail setup, I auto-forwarded all my SPAM E-mail to a 
separate user on the system with their own account (called spamuser). In 
the Pigeonhole setup it looks like I have to redirect those messages 
(i.e., redirect "spamu...@mydomain.com";). That works, but I'm having 
issues with "duplicate" messages getting delivered directly to my inbox 
instead of getting redirected. IOW, my regular user's .dovecot.sieve has:


if header :contains "X-Spam-Flag" "YES" {
redirect "spamu...@mydomain.com";
stop;
}

and the spamuser's .dovecot.sieve has:

require ["imap4flags"];
setflag "\\seen";

(this system is entirely for personal use, no concerns with a user's 
Spam being seen via the separate spamuser account).


Now, the problem I'm having is that sometimes a message arrives with a 
duplicate message-ID. Here's an abbreviated example from my maillog:


  Feb 15 00:30:46 myhost sendmail[26844]: u1F5UeBP026844: 
from=, size=613, class=0, nrcpts=1, 
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>, 
proto=SMTP, daemon=MTA, 
relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may 
be forged)

  Feb 15 00:31:05 myhost dovecot: lmtp(26856): Connect from local
  Feb 15 00:31:07 myhost sendmail[26867]: u1F5UvFi026867: 
from=, size=613, class=0, nrcpts=1, 
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>, 
proto=SMTP, daemon=MTA, 
relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may 
be forged)
  Feb 15 00:31:10 myhost dovecot: lmtp(26856, dmr): 
7Hj/LoBiwVboaAAACXJZQA: sieve: 
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: 
forwarded to 
  Feb 15 00:31:10 myhost dovecot: lmtp(26856): Disconnect from local: 
Client quit

  Feb 15 00:31:10 myhost dovecot: lmtp(26893): Connect from local
  Feb 15 00:31:10 myhost dovecot: lmtp(26893, spamuser): 
9TPnN55iwVYNaQAACXJZQA: sieve: 
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: 
stored mail into mailbox 'INBOX'
  Feb 15 00:31:11 myhost dovecot: lmtp(26893): Disconnect from local: 
Client quit

  Feb 15 00:31:18 myhost dovecot: lmtp(26893): Connect from local
  Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr): 
+TPnN55iwVYNaQAACXJZQA: sieve: 
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: 
discarded duplicate forward to 
  Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr): 
+TPnN55iwVYNaQAACXJZQA: sieve: 
msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: 
stored mail into mailbox 'INBOX'


So the first message comes in and is redirected properly to my spamuser 
and stored in the inbox. The second one comes in, pigeonhole sees it's a 
duplicate, refuses to redirect it, and stores it in my inbox instead.


I tried forcing the .dovecot.lda-dupes file to be a symlink to /dev/null 
just to see if it would work, but unfortunately dovecot just recreates 
it as a normal file the next time it delivers to that user.


Ideally, I'd like to just discard the duplicates. It looks like there is 
duplicate testing functionality available, but not until later versions 
of Dovecot/Pigeonhole.


Is there anyway I can either just discard the duplicates, or get them to 
be redirected to the spamuser?


Also, some other questions I came up with along the way:

Is there any way I can force a message to fileinto a different user's 
Mailbox? I'm guessing no since it appears that the lmtp drops root 
privileges before the global sieve script is interpreted, but thought 
I'd ask anyway. I did try:


fileinto "/var/mail/spamuser";

But Dovecot complained, something about the mailbox pattern being 
invalid. If it were possible, I would think it would want something like


fileinto "spamuser:INBOX";

instead, but I don't know if that is even possible.

In a global sieve script, is there anyway to know/test which system user 
is the targeted user for delivery? So in a global sieve_before script I 
could test the target user, and if it's spamuser just file it 
immediately and stop with no further testing?


Thanks for any assistance!

Dan

the prefix number of the configuration filename

[Dogz]

Hi all,

I am very curious about the prefix number of the configuration
filename, such as 10-auth.conf
10-director.conf
10-logging.conf
10-mail.conf
10-master.conf
10-ssl.conf
15-lda.conf
15-mailboxes.conf
20-imap.conf
20-lmtp.conf
20-managesieve.conf
20-pop3.conf
90-acl.conf
90-plugin.conf
90-quota.conf
90-sieve.conf
90-sieve-extprograms.conf

What are those meanings of 10,15,20 and 90 ?

Please advise me and thank you in advance.

-- 
Best Regards,
Dogz

Health check for dsync?

[Rich Wales]

I am syncing two Dovecot sites using dsync.  Are there any tools
available to confirm that dsync is (or is not) running properly between
the two sites?  (E.g., something I could run periodically in Nagios?)

Rich Wales
ri...@richw.org

doveadm backup to local drive

[Terry Barnum]

I'm trying to get doveadm to backup all users to a local drive without any luck.

$ sudo doveadm backup -A /Volumes/mail_bak/mailstore_backup/
Error: User listing returned failure
doveadm: Error: Failed to iterate through some users

The doveadm-backup man page has the instruction to make sure the iterate query 
matches the database layout but I'm not sure what that means.

If the user_query in dovecot-sql.conf.ext looks like this, what should the 
iterate_query look like?

user_query = \
  SELECT '/opt/local/virtual/%d/%n/mail' as home, \
  'maildir:/opt/local/virtual/%d/%n/mail' as mail, 501 as uid, \
  501 as gid, concat("*:storage=", quota) AS quota \
  FROM mailbox WHERE username = "%u" AND active = "1"

# Query to get a list of all usernames.
iterate_query = SELECT username AS user FROM users

Thanks,
-Terry

Terry Barnum
digital OutPost
Carlsbad, CA

http://www.dop.com
800/464-6434

Re: Redundant and Geobalancing setup

[Cedric Malitte]

Hi Daniel,

I do already have a backup server where I replicate the mails every 4 hours
using imapsync.
Not the best, but this is workable.
The one time I redirected to backup server, people where complaining that
they were having duplicate mails ( this was pop access )
I also have mx backup with easydns, was part of the plan so I use it.

We have three main offices, a few on the road managers and many dealers.
Dealers run their own business under our trademark, and use the same
domains for mails as ours (head offices).
I mean every mailbox is on the same server.
May be not the best.

I have the mandate to get everything running smooth.
There can be outages, but not too long.
One hour is too long for some

It will also be to educated people here and there.
I understand that what they want costs money, but I'm not able to make them
understand that what they want is not plug and play cheap solution.

But, I'm going to test on VMs dovecot on glusterfs with dovecot director if
I manage to get it working properly.
Might be a challenge, but who knows, it might work :)

Best regards,

Cedric

2016-02-15 4:16 GMT-05:00 Daniel Tröder :

> On 02/13/2016 04:00 AM, Cedric Malitte wrote:
> > Hi,
> >
> > I use dovecot for a long time now, but only as a single isolated server
> > each time.
> >
> > I joined a company a few years back. We had trouble with compagnies
> hosting
> > our mail, supposedly full redundant and so on.
> >
> > The company is small, but we have many dealers around the world, and it's
> > growing.
> >
> > Mail became the fist choice for clients to contact the dealers.
> > No mail, and we loose sales.
> >
> > For now we have a single server ( with a backup ) on east coast.
> > And sometimes peoples from EU complain about speed ah users :)
> >
> > What I'd like to implement is a redundant system with 2 servers, one in
> NA,
> > one in EU.
> > And I'd also like to be able to add another server if needed on the west
> > coast.
> >
> > Idea is, that if a server goes down, the users will be able to still
> > receive and send mails, and never loose mails.
> >
> > For geobalacing and failover, I read that I can do it with DNS ( I'm with
> > easydns ).
> >
> > I'm at the first stage where I collect informations that I try to
> > understand and foresee a solution.
> >
> > First idea is to set up servers with a mysql master, slaves and a
> glusterfs
> > in replica mode on the servers.
> > I tried glusterfs on FreeBSD and OMG, it's slow as hell ! ( well maybe
> it's
> > a trouble on the VMs nics )
> > On centos it's way better.
> > But I read there might be trouble/index corruption for the mail storage
> on
> > "shared" space using maildir.
> >
> > I also had a look at dsync, but I wonder if it can be used on more than 2
> > servers.
> >
> > I found many pages on dovecot clusters using shared storage NFS mounted,
> > but I feel it's not really what I need as the servers will be in
> different
> > datacenters.
> >
> > So any guide, clue hint would be really appreciated for me to do my
> > homework !
> >
> > Regards.
> >
> > Cedric
>
> Hi Cedric,
>
> I think a simpler solution will not just be cheaper but less complex -
> and with that more reliable:
>
> The speed problem of the EU users is probably just feeling. You should
> quantify it for both SMTP and IMAP. Collect that data for the scenarios
> that your users complain about (is it to a partner or inter-office?).
> Only then can you work on a solution that you will be able to prove to
> them, is better. This is paramount.
>
> My suggestions:
> * Server on the east cost is good for both NA and EU.
> * Good (better?) internet connection for the EU office, prioritize SMTP
> vs HTTP in router/firewall (fast internet is WAY cheaper than cluster
> setups plus administrators)
> * SMTP relay in EU _office_, so that _sending_ mails is with LAN speed
> for users
>
> Create a redundant setup for SMTP and IMAP together on the east cost.
> You'll get redundancy without the WAN problem.
>
> Setup a secondary MX in a different data center for uber-redundency. It
> will not enable your users to read their mail in case the 1st data
> center is on fire, but no client mails will get lost, as they will be
> queued on the 2nd MX - better read client mails late then never!
>
> Setup a clone of the primary server at the 2nd MX and sync mails &
> backup there on a hourly basis. If the 1st data center is not back in an
> hour, you can still switch DNS to the 2nd site and your users will have
> had a very short downtime.
>
> The result is not a top-notch 100% solution, but it is simple and
> everything is implemented on application layer. That gives you freedom
> to switch products, hardware, platform and administrators(!).
>
> Ask your customer/supervisor what uptime is necessary and how much they
> are willing to pay. The SLAs of MS/Google/etc offer up to 99.9% (~9
> hours downtime per year). If that is the goal, then they should pay the
> price for 

Get mailbox from its guid through IMAP

[Peter Chiochetti]

In the shell I'do:

   doveadm fetch -u bob mailbox mailbox-guid $box uid 1

Is there a way through IMAP to get the same?

--
peter

Streaming MOVE commands

[Emilio Jesús Gallego Arias]

Dear Dovecot devs,

is streaming multiple MOVE commands by clients allowed?

I am getting duplicated messages with the GNUS mail client, the
interchange looks like this:

*stream two moves to different folders*
> 9019 UID MOVE 4062,4066,4068 "folder0"
> 9020 UID MOVE 4063:4064,4067,4069:4072 "folder1"
*the messages are copied*
> * OK [COPYUID 1424475218 4062,4066,4068 376:378] Moved UIDs.
> * OK [COPYUID 1424475231 4063:4064,4067,4069:4072 26:32] Moved UIDs.
*however expunge fails to clean 4063, 4064, and 4067*
> * VANISHED 4062,4066,4068:4072

thus 4063, 4064, and 4067 end both in inbox and folder1 producing
duplicate messages (more details at [1]).

At the GNUS mailing list, we were wondering about what should be the
correct reading of RFC6851.

Version and config information below.

Best regards,
Emilio

[1] More details in the thread
http://permalink.gmane.org/gmane.emacs.gnus.general/86813

[2] Version
$ /usr/sbin/dovecot --version
2.2.13

[3] Config

$ /usr/sbin/dovecot -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 8.3 ext4
mail_location = maildir:/home/%u/Maildir
managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope
  encoded-character vacation subaddress comparator-i;ascii-numeric
  relational regex imap4flags copy include variables body enotify
  environment mailbox date ihave

namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = " imap sieve"
ssl_cert = ...
ssl_key  = ...
userdb {
  driver = passwd
}

Re: Redundant and Geobalancing setup

[Daniel Tröder]

On 02/13/2016 04:00 AM, Cedric Malitte wrote:
> Hi,
> 
> I use dovecot for a long time now, but only as a single isolated server
> each time.
> 
> I joined a company a few years back. We had trouble with compagnies hosting
> our mail, supposedly full redundant and so on.
> 
> The company is small, but we have many dealers around the world, and it's
> growing.
> 
> Mail became the fist choice for clients to contact the dealers.
> No mail, and we loose sales.
> 
> For now we have a single server ( with a backup ) on east coast.
> And sometimes peoples from EU complain about speed ah users :)
> 
> What I'd like to implement is a redundant system with 2 servers, one in NA,
> one in EU.
> And I'd also like to be able to add another server if needed on the west
> coast.
> 
> Idea is, that if a server goes down, the users will be able to still
> receive and send mails, and never loose mails.
> 
> For geobalacing and failover, I read that I can do it with DNS ( I'm with
> easydns ).
> 
> I'm at the first stage where I collect informations that I try to
> understand and foresee a solution.
> 
> First idea is to set up servers with a mysql master, slaves and a glusterfs
> in replica mode on the servers.
> I tried glusterfs on FreeBSD and OMG, it's slow as hell ! ( well maybe it's
> a trouble on the VMs nics )
> On centos it's way better.
> But I read there might be trouble/index corruption for the mail storage on
> "shared" space using maildir.
> 
> I also had a look at dsync, but I wonder if it can be used on more than 2
> servers.
> 
> I found many pages on dovecot clusters using shared storage NFS mounted,
> but I feel it's not really what I need as the servers will be in different
> datacenters.
> 
> So any guide, clue hint would be really appreciated for me to do my
> homework !
> 
> Regards.
> 
> Cedric

Hi Cedric,

I think a simpler solution will not just be cheaper but less complex -
and with that more reliable:

The speed problem of the EU users is probably just feeling. You should
quantify it for both SMTP and IMAP. Collect that data for the scenarios
that your users complain about (is it to a partner or inter-office?).
Only then can you work on a solution that you will be able to prove to
them, is better. This is paramount.

My suggestions:
* Server on the east cost is good for both NA and EU.
* Good (better?) internet connection for the EU office, prioritize SMTP
vs HTTP in router/firewall (fast internet is WAY cheaper than cluster
setups plus administrators)
* SMTP relay in EU _office_, so that _sending_ mails is with LAN speed
for users

Create a redundant setup for SMTP and IMAP together on the east cost.
You'll get redundancy without the WAN problem.

Setup a secondary MX in a different data center for uber-redundency. It
will not enable your users to read their mail in case the 1st data
center is on fire, but no client mails will get lost, as they will be
queued on the 2nd MX - better read client mails late then never!

Setup a clone of the primary server at the 2nd MX and sync mails &
backup there on a hourly basis. If the 1st data center is not back in an
hour, you can still switch DNS to the 2nd site and your users will have
had a very short downtime.

The result is not a top-notch 100% solution, but it is simple and
everything is implemented on application layer. That gives you freedom
to switch products, hardware, platform and administrators(!).

Ask your customer/supervisor what uptime is necessary and how much they
are willing to pay. The SLAs of MS/Google/etc offer up to 99.9% (~9
hours downtime per year). If that is the goal, then they should pay the
price for their equipment and staff. For anything less my argument is
less complexity for higher reliability.

Greetings
Daniel



signature.asc
Description: OpenPGP digital signature

Re: Re: Accessing to mail as another user

[Marco Giunta]

Hi,
we have such configuration in our Dovecot; it is configured with virtual 
users and acl. To enable access of userA mailbox to userB, first I have 
to add userB to userA acl, and then I put userA username in an 
ARBITRARY_FIELD of userB record in our ldap (if you use a db for your 
account, the configuration could be more simple). We use the 
ARBITRARY_FIELD to limit the access of other users mailboxes: the field 
is not writable by the user, only by administrators.



Our config files:

/etc/dovecot/conf.d/auth-master.conf.ext
...
passdb {
  driver = ldap
  master = yes

  args = /etc/dovecot/dovecot-ldap.conf.masterusers
  pass = yes
  default_fields = 
userdb_mail=maildir:/path_to_mailboxes/%1{login_user}/%{login_user}:INDEXPVT=/path_to_indexes/%1n/%n/shared/%{login_user}

}

and in /etc/dovecot/dovecot-ldap.conf.masterusers
...
pass_attrs = uid=user,userPassword=password
pass_filter = 
(&(uid=%n)(accountStatus=active)(ARBITRARY_FIELD=%{login_user}))



to login, you have to use the same way of a masteruser:

Login: userA*userB
Password: userB_password


Cheers,
  Marco



On 2016-02-10 07:49, Angel L. Mateo wrote:

El 09/02/16 a las 13:44, Matthias Fechner escribió:


do you maybe mean shared mailboxes:
http://wiki.dovecot.org/SharedMailboxes


 I don't want shared mailboxes. I have to access the other mailbox
as a complete separate account from my personal one.

 I think I can achive this with master user, but I need to found a
way to configure permissions so the real user has access to all folders
in the other mailbox.



--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244