Re: Setting up public mailboxes - user not found

[Marti Markov]

Hey, 

I actually went with the method suggested by Steffen Kaiser of creating a 
separate userdb because I use LDAP and I have an OU which contains all the 
public mailboxes and was just easier. I setup the userdb like so:

userdb {
  args = /etc/dovecot/dovecot-ldap-shared_mailboxes.conf.ext
  driver = ldap
  override_fields = mail=maildir:/home/vmail/Public/.%n
}

Now when I send an email to offi...@xxx.com I don’t get any errors and it 
delivers the message to the offi...@xxx.com:

root@mail:~# ls /home/vmail/Public/.office3/new/
1458427035.M781836P21781.mail.xxx.com,S=2571,W=2630  
1458427705.M750112P23338.mail.xxx.com,S=2501,W=2559


But from any mail client I try I don’t seem to be able to list anything in the 
Public directory. 

Am I missing something in the configuration?


Here is the public namespace configuration:

namespace {
  list = yes
  location = maildir:/home/vmail/Public:INDEXPVT=~/Maildir/Public
  prefix = Public/
  separator = /
  subscriptions = yes
  type = public
}

> On 17 Mar 2016, at 08:35, Burckhard Schmidt  wrote:
> 
> hello Marti,
> 
> Am 17.03.2016 um 06:18 schrieb Marti Markov:
>> First of all thanks for the reply Burckhard.
>> When you say:
>>> You can use a "normal" user who has a sieve script:
> 
> Normal user that's an account with one or more email aliasses.
> So this "user" can receive emails like any other user. This I called "normal" 
> user. But this ist not of interest in our case.
> So you don't get an "user not found".
> 
> Next you will add an appropriate email alias to the account if necessary (our 
> accounts are cryptic).
> 
> Now you have an account/user and you can write a sieve script for that user 
> to deliver all emails into one public folder or into different folders. 
> Public subfolders are possible too, if you like or are able to distinguish 
> incomming emails.
> 
> In your case it is not necessary to have an user/account "office3". This name 
> you would only use in that sieve script with "fileinto".
> 
> Regards!
> 
> Burckhard
> 
>> what would that user be in my case? office3? Because I don’t really see how 
>> it will solve the problem of getting the error 550 user not found when 
>> making the LDAP search.
>> 
>>> On 10 Mar 2016, at 08:50, Burckhard Schmidt  
>>> wrote:
>>> 
>>> Am 09.03.2016 um 20:02 schrieb Marti Markov:
 Hi all,
 
 This is the first time I use the dovecot mail list so I’m sorry if I 
 forget something.
 
 My problem is that for some reason I can get public mailboxes to work. I 
 have setup the directory Public, the folders and the cur,tmp and new 
 folder in them:
 
 Public
 |
 |- .office3
   |
   |- cur
   |- tmp
   |- new
   |- dovecot-acl
 
 
 Here is my dovecot conf:
 
>>> 
 namespace {
   list = yes
   location = maildir:/home/vmail/xxx.com/Public:INDEXPVT=~/Maildir/Public
   prefix = Public/
   separator = /
   subscriptions = yes
   type = public
 }
>>> 
>>> You can use a "normal" user who has a sieve script:
>>> require ...
>>> any filter if necessary
>>> fileinto "Public";
>>> discard;
>>> ...
>>> 
>>> "Public" is your prefix
>>> I have several subfolder so I use: fileinto "Public/subfolder1";
>>> 
>>> You would have
>>> /home/vmail/xxx.com/Public/subfolder1
>>> with cur new tmp
>>> and a file "dovecot-acl" containing anyone lrs
>>> 
>>> --
>>> Burckhard Schmidt
>> 
> 
> 
> -- 
> Mit freundlichen Grüßen --- Burckhard Schmidt
> 
> Abteilung Systemsoftware und Kommunikation
> ZE Computer- und Medienservice der Humboldt-Universität zu Berlin
> Postanschrift: Unter den Linden 6, 10099 Berlin
> Standort:  Rudower Chaussee 26; 12489 Berlin
> Tel.:  +49-30-2093-70058  Fax: +49-30-2093-70199
> Mail:  bschm...@cms.hu-berlin.de 

Re: [Dovecot] Replication and public namespaces

[Georg Schuetze]

Hi,

i have the same problem with the current dovecot version 2.2.22.
I wonder that nobody else seems to have run into this, since this thread
is quite old.

Did i miss something and does one need a special configuration for
syncing public namespaces?

Markus, do you still use your patch or did you encounter some problems
with it?
I just tested it and it still seems to work: the logs have many "Error:
Couldn't create lock /[..]/dovecot-sync.lock: Permission denied" entries
now, which is always better than thousands of duplicate mails ...

Best,
  Georg.

Re: Trouble getting vnd.dovecot.filter and filter visible/usable...

[Stephan Bosch]

Op 3/17/2016 om 8:04 PM schreef Tolbert, Joshua P:
> Hello,
>
> I’m trying to make vnd.dovecot.filter available both globally and for users 
> through sieve, but I haven’t had much luck getting things to work right. 
> Sieve scripts won’t validate and vnd.dovecot.filter never shows up in the 
> managesieve capability list. I’ve spent lots of time looking for where 
> problems could be, but I’m out of ideas…So I’m asking you guys.
>
> In the protocol lmtp section, I’m defining mail_plugins = $mail_plugins 
> sieve, however I’ve tried it without $mail_plugins too…No luck that way 
> either.
>
> Any help/advice would be much appreciated. Thanks!

Then don't put it in sieve_global_extensions. That setting overrides the
sieve_extensions setting and restricts all listed extensions to global
context only; this way these extensions are only available from
sieve_before, sieve_after, and sieve_global Sieve scripts. User scripts
will not accept it in that case.

Regards,

Stephan

Re: spamc during dovecot-smtp delivery?

[madd...@madduck.net]

[cc'ing the list for posterity]

also sprach Tolbert, Joshua P  [2016-03-16 21:46 +0100]:
> I’ve been working on a Postfix/Dovecot/sieve mail server migration
> (from Sendmail/Dovecot/procmail) and ran in to a similar problem
> to one you talked about a while ago on the dovecot mailing lists.
> Did you ever find a good solution for running spamc as the
> destination user in sieve? If you did, mind sharing? Thanks!

I've never had a problem again since upgrading to Debian jessie, but
I also think that the problem's solution was installing a NSS cache,
because the deadlocks seemed to take place between Spamassassin and
libnss-pgsql2.

Transport from Postfix to Dovecot is lmtp:unix:private/dovecot-lmtp
(no idea how to do that with Sendmail or why you'd want to use
Sendmail) and then Dovecot's sieve is configured to run a filter
using /etc/dovecot/sieve.before.d:

  require [ "vnd.dovecot.filter"];
  filter "spamc" [ "--no-safe-fallback" ];

which is enabled in conf.d/90-sieve.conf with

  sieve_before = /etc/dovecot/sieve.before.d
  sieve_global_extensions = +vnd.dovecot.filter
  sieve_plugins = sieve_extprograms

and in conf.d/90-sieve-extprograms.conf

  sieve_filter_bin_dir = /etc/dovecot/sieve-filter

and then I made a simple symlink from

  /etc/dovecot/sieve-filter → /usr/bin/spamc

Spamassassin starts with
  --create-prefs --helper-home-dir --allow-tell

and the final step is to integrate the mail user database (vmm in my
case) with libnss to provide spamassassin with a way to identify
home directories. I use libnss-pgsql2. The /etc/nss-pgsql.conf file I use is
available here:

  http://bugs.debian.org/818465

A successful delivery then looks like this:

  postfix/smtpd[29778]: connect from mail1.smtp.mailserver4.de[62.216.179.241]
  postfix/smtpd[29778]: 6D2F74024E: 
client=mail1.smtp.mailserver4.de[62.216.179.241]
  postfix/cleanup[32593]: 6D2F74024E: 
message-id=<@x>
  postfix/smtpd[29778]: disconnect from 
mail1.smtp.mailserver4.de[62.216.179.241]
  dovecot: lmtp(3570): Connect from local
  spamd[2140]: spamd: connection from localhost [::1]:57032 to port 783, fd 6
  spamd[2140]: spamd: setuid to xxx%yy.zz succeeded
  spamd[2140]: spamd: processing message 
<@x> for 
xxx%.zz:70032
  spamd[2140]: spamd: clean message (-1.9/5.0) for xxx%.zz:70032 in 
3.0 seconds, 10222 bytes.
  spamd[2140]: spamd: result: . -1 - 
BAYES_00,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_DNSWL_NONE
 
scantime=3.0,size=10222,user=xxx%.zz,uid=70032,required_score=5.0,rhost=localhost,raddr=::1,rport=57032,mid=<@x>,bayes=0.00,autolearn=ham
 autolearn_force=no
  dovecot: lmtp(3570, ...@.zz): copy from (file): box=INBOX, 
uid=30613, msgid=<@x>, 
size=10945
  dovecot: lmtp(3570, ...@.zz): QLZ6IoJ/6lbyDQAARsnb6w: sieve: 
msgid=<@x>: stored mail 
into mailbox 'INBOX'
  postfix/lmtp[3569]: 6D2F74024E: to=<...@.zz>, 
orig_to=, 
relay=ambassador.madduck.net[private/dovecot-lmtp], delay=5, 
delays=2/0.02/0.01/3, dsn=2.0.0, status=sent (250 2.0.0 <...@.zz> 
QLZ6IoJ/6lbyDQAARsnb6w Saved)
  dovecot: lmtp(3570): Disconnect from local: Successful quit

Hope this helps…

-- 
@martinkrafft | http://madduck.net/ | http://two.sentenc.es/
 
"the public is wonderfully tolerant.
 it forgives everything except genius."
-- oscar wilde
 
spamtraps: madduck.bo...@madduck.net


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: dovecot-sieve in ports?

[@lbutlr]

On Mar 19, 2016, at 4:35 PM, Larry Rosenman  wrote:
> mail/dovecot2-pigeonhole is what you want.

Thank you.

-- 
"Alas, earwax."

Re: lmtp timeout, locks and crashes

[Tom Sommer]

On 2016-03-15 10:53, Tom Sommer wrote:
I'm seeing some problems on accounts which get a lot of spam (like, a 
lot).


I did an "strace" on one of the hundreds of lmtp processes.

It's doing stat() on all files in the new folder for the receiver:

stat("/var/mail/dovecot///new/xx.xxx...com", 
{st_mode=S_IFREG|0600, st_size=15505, ...}) = 0


etc.

The "new" folder contains hundreds of thousands of files.

Is there any way to prevent all these stat() calls? It seems like 
something there would be an index or cache for?


Thanks

// Tom

Re: dovecot-sieve in ports?

[Larry Rosenman]

mail/dovecot2-pigeonhole is what you wanr.

Larry Rosenman
maintainer


On Sat, Mar 19, 2016 at 5:25 PM, @lbutlr  wrote:

> # portmaster mail/dovecot-sieve
>
> ===>>> The dependency for mail/dovecot
>   seems to be handled by dovecot2-2.2.22
>
> ===>>> Initial dependency check complete for mail/dovecot-sieve
>
>
> ===>>> Starting build for mail/dovecot-sieve <<<===
>
> ===>>> All dependencies are up to date
>
> ===>  Cleaning for dovecot-sieve-1.2+0.1.19_2
> ===>>> Waiting on fetch & checksum for mail/dovecot-sieve <<<===
> ===>  License LGPL21 accepted by the user
> ===>   dovecot-sieve-1.2+0.1.19_2 depends on file: /usr/local/sbin/pkg -
> found
> ===> Fetching all distfiles required by dovecot-sieve-1.2+0.1.19_2 for
> building
>
> ===>  dovecot-1.2.17_6 conflicts with installed package(s):
>  dovecot2-2.2.22
>
> Sooo… Is dovecot-sieve for dovecot 1.x only? Or is the ports tree wonky?
>
> --
> 2+2=5 for sufficiently large values of 2.
>



-- 
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com
US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961

dovecot-sieve in ports?

# portmaster mail/dovecot-sieve 

===>>> The dependency for mail/dovecot
  seems to be handled by dovecot2-2.2.22

===>>> Initial dependency check complete for mail/dovecot-sieve


===>>> Starting build for mail/dovecot-sieve <<<===

===>>> All dependencies are up to date

===>  Cleaning for dovecot-sieve-1.2+0.1.19_2
===>>> Waiting on fetch & checksum for mail/dovecot-sieve <<<===
===>  License LGPL21 accepted by the user
===>   dovecot-sieve-1.2+0.1.19_2 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by dovecot-sieve-1.2+0.1.19_2 for building

===>  dovecot-1.2.17_6 conflicts with installed package(s): 
 dovecot2-2.2.22

Sooo… Is dovecot-sieve for dovecot 1.x only? Or is the ports tree wonky?

-- 
2+2=5 for sufficiently large values of 2.

Allowing for multiple recipient_delimiter characters?

[Aaron Lindsay]

Postfix allows the recipient_delimiter configuration parameter to
contain multiple characters, splitting on the first such character it
encounters. For example, if using 'recipient_delimiter=+-' both
aaron+...@example.com and aaron-...@example.com would be delivered to
aa...@example.com.

Is anyone opposed to changing dovecot's handling of
recipient_delimiter so that it's the same as that of postfix? If not,
I am willing to rebase/merge/address review comments on Lennart
Weller's patch[1] to get this functionality upstream.

While I think aligning with postfix' behaviour would be convenient for
those of us who run a server using both dovecot and postfix, would
this break any other common use cases I'm not aware of?

Thanks!

-Aaron

[1] - http://dovecot.org/pipermail/dovecot/2015-February/099660.html
(I've talked with Lennart off-list, and he's OK with me working to get
his patch merged, as long as I attribute his work to him, but doesn't
have the time to work on it himself right now)

Re: v2.2.22 released

[Nagy, Attila]

On 03/16/16 09:27, Timo Sirainen wrote:

http://dovecot.org/releases/2.2/dovecot-2.2.22.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.22.tar.gz.sig

  + Added doveadm HTTP API: See
http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP
  + virtual plugin: Mailbox filtering can now be done based on the
mailbox metadata. See http://wiki2.dovecot.org/Plugins/Virtual
  + stats: Added doveadm stats reset to reset global stats.
  + stats: Added authentication statistics if auth_stats=yes.
  + dsync, imapc, pop3c & pop3-migration: Many optimizations,
improvements and error handling fixes.

Any chances of this fixed in this release?
http://dovecot.org/list/dovecot/2016-February/103251.html

Re: Dovecot LDA with OpenSMTPD

[Eugene V. Kravtsoff]

read doc  keywords opensmtpd "deliver to lmtp" and  dovecot LMTP

18-03-2016 10:06, Eric Kom написав:

Good day,
Can any one help on how to get Dovecot LDA work with OpenSMTPD?


--
With best regards,
Eugene V. Kravtsoff

TLS handshake issue

[John Oliver]

dovecot-2.0.9 on CentOS 6.7

The system in question is not connected to the Internet, so I can't
copy-and-paste.  I have to type anything required :-(

Brand-new out-of-the-box install with a really minimal dovecot.conf
including:

service imap-login {
  inet_listener imaps {
address = 192.168.1.10
port = 143
ssl = yes
  }
}

ssl_cert=http://www.john-oliver.net/ *
* *
***

Re: lmtp timeout, locks and crashes

[Tom Sommer]

On 2016-03-17 13:41, Tom Sommer wrote:

On 2016-03-15 10:53, Tom Sommer wrote:
I'm seeing some problems on accounts which get a lot of spam (like, a 
lot).


I did an "strace" on one of the hundreds of lmtp processes.

It's doing stat() on all files in the new folder for the receiver:

stat("/var/mail/dovecot///new/xx.xxx...com",
{st_mode=S_IFREG|0600, st_size=15505, ...}) = 0

etc.

The "new" folder contains hundreds of thousands of files.

Is there any way to prevent all these stat() calls? It seems like
something there would be an index or cache for?


Seems like it might be due to maildir quota-recalculation?

Re: TLS handshake issue

[Jerry]

On Thu, 17 Mar 2016 13:56:22 -0700, John Oliver replied:

> With our old mail server, it "just works"... after going through the
> mail setup, we don't need to do anything fancy.  I can't help but
> imagine that there's some other difference in the default configs.
> I'll have to dump the configs of both and do a diff and hope there
> aren't so many differences I can't pick out what may be relevant
> here...


Could you post the unobfuscated output of "dovecot -n" so we can see
what your actual configuration is?

-- 
Jerry

Question: encrypt/decrypt with plugin mail_filter

[Zhang Huangbin]

Dear all,

I'm trying to encrypt/decrypt mail body with Dovecot plugin 'mail_filter':
http://wiki2.dovecot.org/Plugins/MailFilter

I wrote a Python script to read mail body and encrypt it, the 
encryption/decryption part is working as expected, but Dovecot always fail to 
write modified email on disk:

Error: Cached message size smaller than expected (1575 < 1644)
Error: Maildir filename has wrong S value, renamed the file from 
/var/vmail/domain.com/user/cur/1458165453.M632521P17600.c7.iredmail.org,S=1575:2,
 to 
/var/vmail/domain.com/user/cur/1458165453.M632521P17600.c7.iredmail.org,S=1575:2,
Error: Corrupted index cache file 
/var/vmail/domain.com/user/dovecot.index.cache: Broken physical size for mail 
UID 4
Error: read() failed: Invalid argument (uid=4)

I know this behave is clearly explained in Dovecot wiki page, the question is, 
is there any way to overcome this and let Dovecot correctly handle the 
encrypted/decrypted mail?

Thanks. :)

[Dovecot-news] Xi has a new home

[Stephan Bosch]

Hi,

The automatic package builder Xi has moved to system within the Dovecot 
infrastructure. This also means that the repositories are available at a 
new host name: xi.dovecot.fi. The old host name still works and is a 
CNAME pointing to the new venue. I expect the old domain to be active 
for years to come. So, there is no need to update your 
/etc/apt/sources.list right away. Still, it is a good idea to do so. 
I've updated the wiki accordingly.


Regards,

Stephan.
___
Dovecot-news mailing list
Dovecot-news@dovecot.org
http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news

Re: [Dovecot] Replication and public namespaces

[Georg Schuetze]

Hi,
since the maillist threading works only within the current month, i'll
attach the original message from 2014 from Markus Weippert.

In my setup i can reproduce this issue with only one message in a shared
folder:
Everytime when the (new) replication client is started for the first
time, the initial replication takes place and there the message in the
shared folder gets duplicated thousands of times.

Best, Georg.
> On 13.01.2014 12:48, Markus Weippert wrote:
> >/Hi, />//>/I'm having some issues with replicating public namespaces. 
> >Everything />/seems to work fine for private namespaces, but while importing 
> >some huge />/mailboxes (many small mails) into a public namespace via 
> >imapsync, />/something goes wrong. />//>/The expected mail flow is: 
> >/>/old-server (imapsync)> new-server1 (replication)> new-server2 />//>/But 
> >then, dovecot seems to run into race conditions when the />/replications 
> >process tries to sync the same public mailbox under two or />/more different 
> >users at the same time. As a result, messages get />/duplicated, new-server2 
> >sends those back to new-server1 which then />/starts to produce duplicates 
> >too. If I don't kill the processes in time />/and delete the faulty mailbox, 
> >they start to produce thousands of mails. />/In fact, server2 should not 
> >export messages at all, since it's not />/productive yet and does not get 
> >any mail except from the replication. />//>/The only thing getting logged 
> >(only few compared to the huge amount of />/duplicates produced): 
> >/>/"dsync-server(user at example.com
> ): Warning:
> Maildir /...: Expunged message />/reappeared, giving a new UID" />//>/Is 
> there any way to fix this? />//>/Regards, />/Markus /
> I looked into this a bit more. The problem seems to be, replication
> locking is only done at user level. For public namespaces, this allows
> two replication processes to sync the same mailbox in parallel. So I did
> a (poor) implementation for mailbox level locking. It locks the mailbox
> with a lock file in the control directory on both sides (not sure if
> that's necessary) and skips locked mailboxes instantly, because they are
> currently being synced anyway.
> It actually works in my setup. The duplicate messages are gone. It logs
> some warnings when two replication processes try to access the same
> mailbox at once, which seems to happen quite frequently in public
> namespaces.
>
> Maybe someone more experienced can clean this up and adopt it to
> upstream? I really like the replication idea and it would be nice if it
> were as stable for shared/public namespaces as it is for private ones...
>
> Regards,
> Markus
>
>
> P.S.:
> >/replication_dsync_parameters = -d -l 60 -N -x virtual -x ns_public -U 
> >/Typo, actually looks like this:
> replication_dsync_parameters = -d -l 60 -N -x virtual -x legacy -U
> -- next part --
> A non-text attachment was scrubbed...
> Name: dsync-lock.patch
> Type: text/x-patch
> Size: 5672 bytes
> Desc: not available
> URL: 
> 

Re: dsync and ProxyAUTH

[Timo Sirainen]

> On 16 Mar 2016, at 20:04, Giovanni Mancuso  wrote:
> 
> Il 16/03/2016 07:15, Timo Sirainen ha scritto:
>> On 15 Mar 2016, at 21:00, Giovanni Mancuso  wrote:
>>> Hi,
>>> 
>>> can i use dync to migrate a mailboxes through PROX-AUTH?
>>> 
>>> Could It be an attractive feature for you?
>> Do you mean the Sun/Oracle/whatever server's PROXYAUTH command? Already 
>> done: 
>> https://github.com/dovecot/core/commit/bd06c77a12bb02871b25dceb749fa955f4a272ff
> Good News!!! :-) :-)
> 
> This feature isn't documented :-) :-)
> 
> Thank you very much

Added: http://wiki2.dovecot.org/MailboxFormat/imapc

Re: Crash when setting quota = count:User quota

[Tom Sommer]

Actually it also happens with just "quota_vsizes = true"

Mar 19 17:37:55 lmtp(x...@xxx.xx): Panic: file file-lock.c: line 269: 
unreached
Mar 19 17:37:55 lmtp(x...@.xxx): Error: Raw backtrace: 
/usr/lib/dovecot/libdovecot.so.0 [0x35f647e07a] -> 
/usr/lib/dovecot/libdovecot.so.0 [0x35f647e0e6] -> 
/usr/lib/dovecot/libdovecot.so.0 [0x35f647d4ac] -> 
/usr/lib/dovecot/libdovecot.so.0 [0x35f6481edf] -> 
/usr/lib/dovecot/libdovecot.so.0(file_wait_lock_error+0x3a) 
[0x35f648205a] -> 
/usr/lib/dovecot/libdovecot.so.0(file_try_lock_error+0x13) 
[0x35f6482123] -> 
/usr/lib/dovecot/libdovecot.so.0(file_create_locked+0x284) 
[0x35f647f7a4] -> /usr/lib/dovecot/libdovecot-storage.so.0 
[0x35f6068ec4] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(index_mailbox_vsize_update_wait_lock+0xe) 
[0x35f6068f2e] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(index_mailbox_get_virtual_size+0x3d) 
[0x35f606919d] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(index_mailbox_get_metadata+0x321) 
[0x35f606fcd1] -> /usr/lib/dovecot/libdovecot-storage.so.0 
[0x35f60485a0] -> /usr/lib/dovecot/libdovecot-storage.so.0 
[0x35f60593ce] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_get_metadata+0x6e) 
[0x35f603404e] -> 
/usr/lib/dovecot/lib10_quota_plugin.so(quota_count+0xe7) 
[0x2b3e7464c417] -> /usr/lib/dovecot/lib10_quota_plugin.so 
[0x2b3e7464d89d] -> /usr/lib/dovecot/lib10_quota_plugin.so 
[0x2b3e7464dba5] -> 
/usr/lib/dovecot/lib10_quota_plugin.so(quota_get_resource+0x77) 
[0x2b3e7464a4b7] -> 
/usr/lib/dovecot/lib10_quota_plugin.so(quota_test_alloc+0x191) 
[0x2b3e7464a8f1] -> /usr/lib/dovecot/lib10_quota_plugin.so 
[0x2b3e746505f5] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_save_begin+0x5e) 
[0x35f6032eae] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mail_storage_copy+0x66) 
[0x35f602ac26] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(maildir_copy+0x56) 
[0x35f60435d6] -> /usr/lib/dovecot/lib10_quota_plugin.so 
[0x2b3e7465071d] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_copy+0x7a) 
[0x35f6032cea] -> 
/usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver_save+0x1ba) 
[0x35f680813a] -> 
/usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0xf3) [0x35f68084c3] 
-> dovecot/lmtp [DATA 172.17.165.5 x...@.xx] [0x40645c]


// Tom

Re: subscribe users mailbox with non-valid mutf7 chars

[Matthias Lay]

did some more testing on this and encoutnered its even not working when
using filesystem links AND encoding the username in mutf7.

it ends up in the same error than doveadm subscribe.



what i tried:

* renamed public folder on FS to mutf7:

"a & p products group" => "a &- p products group"

* created link in the users Maildir:

private/franzf/Maildir# ll public/a\ \&-\ p\ products\ group/
total 8K
drwxr-xr-x 2 vmail vmail 4096 Mar 16 15:09 .
drwxr-xr-x 5 vmail vmail 4096 Mar 16 15:06 ..
lrwxrwxrwx 1 vmail vmail   56 Mar 16 15:09 LTA
-> /var/data/vmail/public/a &- p products group/Maildir/LTA


* trying to select the folder in imap:



4 select "public/a &- p products group/LTA/forever"
imap(franzf): Debug: fs: root=/var/data/vmail/public/a &- p products
group/Maildir, index=, indexpvt=, control=,
inbox=/var/data/vmail/public/a &- p products group/Maildir/INBOX, alt=
imap(franzf): Debug: acl: initializing backend with data:
vfile:/etc/dovecot/acls/acl-defaults imap(franzf): Debug: acl: acl
username = a &- p products group imap(franzf): Debug: acl: owner = 1
imap(franzf): Debug: acl vfile: Global ACL
file: /etc/dovecot/acls/acl-defaults imap(franzf): Debug: fs:
root=/var/data/vmail/public/a &- p products group/Maildir, index=,
indexpvt=, control=, inbox=/var/data/vmail/public/a &- p products
group/Maildir/INBOX, alt= imap(franzf): Debug: acl: initializing
backend with data: vfile:/etc/dovecot/acls/acl-defaults imap(franzf):
Debug: acl: acl username = franzf imap(franzf): Debug: acl: owner = 0
imap(franzf): Debug: acl vfile: Global ACL
file: /etc/dovecot/acls/acl-defaults 4 NO [CANNOT] Invalid mailbox name
'public/a & p products group/LTA/forever': Missing namespace prefix
'public/a &- p products group/' (0.000 secs).




the same procedure works great with every Ascii Username.



On Tue, 9 Feb 2016 12:31:31 +0100
Matthias Lay  wrote:

> 
> Hi all,
> 
> I got a question if its possible to subscribe a mailbox from another
> user, who contains non mutf7 valid chars in his mailbox path.
> 
> 
> I have a private namespace which can subscribe to mailboxes of a
> shared namespace with public/ prefix
> 
> in this example
> username in private namespace is johnd
> public username is "a & p products group"
> 
> 
> when I try the subscription I get this one:
> 
> 
> # doveadm mailbox subscribe -u johnd "public/a & p products
> group/INBOX" doveadm(johnd): Error: Can't public/a & p products
> group/INBOX mailbox subscribe to: Invalid mailbox name 'public/a & p
> products group/INBOX': Missing namespace prefix 'public/a &- p
> products group/' 
> 
> 
> is there a way to work around this? (except for not to use usernames
> like this)
> 
> 
> 
> greetz matze

Re: v2.2.22 released

[Gerhard Wiesinger]

On 16.03.2016 09:27, Timo Sirainen wrote:

http://dovecot.org/releases/2.2/dovecot-2.2.22.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.22.tar.gz.sig

  - Expunges were forgotten in some situations, for example when
pipelining multiple IMAP MOVE commands.




Ad Expunge: I'm using Thunderbird latest with Xpunge Addon: 
http://www.theodoretegos.net/mozilla/tb/index.html


Since some time I'm having the problem that when I press "XPUNGE" I get 
the following error message: "Some folders (e.g. foldername) cannot be 
compacted because there is not enough free disk space. Please delete 
some files and try again."


I was hoping it was fixed with 2.2.22.

Diskspace is of course enough available (locally and on imap server), 
using Maildir.


Anyone having the same issues or any ideas?

Thnx.

Ciao,
Gerhard

https://www.wiesinger.com/

Re: lmtp timeout, locks and crashes

[Tom Sommer]

On 2016-03-18 08:11, Steffen Kaiser wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 17 Mar 2016, Tom Sommer wrote:

On 2016-03-17 13:41, Tom Sommer wrote:

On 2016-03-15 10:53, Tom Sommer wrote:
I'm seeing some problems on accounts which get a lot of spam (like, 
a lot).


I did an "strace" on one of the hundreds of lmtp processes.

It's doing stat() on all files in the new folder for the receiver:

stat("/var/mail/dovecot///new/xx.xxx...com",
{st_mode=S_IFREG|0600, st_size=15505, ...}) = 0

etc.

The "new" folder contains hundreds of thousands of files.

Is there any way to prevent all these stat() calls? It seems like
something there would be an index or cache for?


Seems like it might be due to maildir quota-recalculation?


Yes possibly. But also in order to update the index files.


Seems the use of Maildir++ quota was the problem in this case.


For all I know this should happen only, if the mtime of the directory
changes. Is there some external programm manipulating files in the
new/cur directories bypassing Dovecot? E.g. a rm on command line?


Nope

// Tom

Crash when setting quota = count:User quota

[Tom Sommer]

Mar 19 16:54:37 lmtp(x...@xxx.xxx): Panic: file file-lock.c: line 269: 
unreached
Mar 19 16:54:37 lmtp(x...@xxx.xxx): Error: Raw backtrace: 
/usr/lib/dovecot/libdovecot.so.0 [0x35f647e07a] -> 
/usr/lib/dovecot/libdovecot.so.0 [0x35f647e0e6] -> 
/usr/lib/dovecot/libdovecot.so.0 [0x35f647d4ac] -> 
/usr/lib/dovecot/libdovecot.so.0 [0x35f6481edf] -> 
/usr/lib/dovecot/libdovecot.so.0(file_wait_lock_error+0x3a) 
[0x35f648205a] -> 
/usr/lib/dovecot/libdovecot.so.0(file_try_lock_error+0x13) 
[0x35f6482123] -> 
/usr/lib/dovecot/libdovecot.so.0(file_create_locked+0x284) 
[0x35f647f7a4] -> /usr/lib/dovecot/libdovecot-storage.so.0 
[0x35f6068ec4] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(index_mailbox_vsize_update_wait_lock+0xe) 
[0x35f6068f2e] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(index_mailbox_get_virtual_size+0x3d) 
[0x35f606919d] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(index_mailbox_get_metadata+0x321) 
[0x35f606fcd1] -> /usr/lib/dovecot/libdovecot-storage.so.0 
[0x35f60485a0] -> /usr/lib/dovecot/libdovecot-storage.so.0 
[0x35f60593ce] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_get_metadata+0x6e) 
[0x35f603404e] -> 
/usr/lib/dovecot/lib10_quota_plugin.so(quota_count+0xe7) 
[0x2b45f03b9417] -> /usr/lib/dovecot/lib10_quota_plugin.so 
[0x2b45f03b94fb] -> 
/usr/lib/dovecot/lib10_quota_plugin.so(quota_get_resource+0x77) 
[0x2b45f03b74b7] -> 
/usr/lib/dovecot/lib10_quota_plugin.so(quota_test_alloc+0x191) 
[0x2b45f03b78f1] -> /usr/lib/dovecot/lib10_quota_plugin.so 
[0x2b45f03bd5f5] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_save_begin+0x5e) 
[0x35f6032eae] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mail_storage_copy+0x66) 
[0x35f602ac26] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(maildir_copy+0x56) 
[0x35f60435d6] -> /usr/lib/dovecot/lib10_quota_plugin.so 
[0x2b45f03bd71d] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_copy+0x7a) 
[0x35f6032cea] -> 
/usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver_save+0x1ba) 
[0x35f680813a] -> 
/usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0xf3) [0x35f68084c3] 
-> dovecot/lmtp [DATA 172.0.0.0 x...@xxx.xxx] [0x40645c] -> dovecot/lmtp 
[DATA 172.0.0.0 x...@xxx.xxx] [0x406bd6]


Only happens when I set "quota = count:User quota"

--
Tom Sommer

How to delete Dovecot users when using Single Instance Storage

[Jesus Cea]

In case somebody find this useful:

https://blog.jcea.es/posts/20160211-delete_users_dovecot.html

-- 
Jesús Cea Avión _/_/  _/_/_/_/_/_/
j...@jcea.es - http://www.jcea.es/ _/_/_/_/  _/_/_/_/  _/_/
Twitter: @jcea_/_/_/_/  _/_/_/_/_/
jabber / xmpp:j...@jabber.org  _/_/  _/_/_/_/  _/_/  _/_/
"Things are not so easy"  _/_/  _/_/_/_/  _/_/_/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/_/_/_/  _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot-news] Xi has a new home

[Eric Kom]

On 2016/03/17 3:38 PM, Stephan Bosch wrote:
> Hi,
Good day dear,
Thanks for the UPDATE.
The xi.dovecot.fi host name route to www.dovecot.nl
They is no direct access to it via HTTP/FTP?
>
> The automatic package builder Xi has moved to system within the
> Dovecot infrastructure. This also means that the repositories are
> available at a new host name: xi.dovecot.fi. The old host name still
> works and is a CNAME pointing to the new venue. I expect the old
> domain to be active for years to come. So, there is no need to update
> your /etc/apt/sources.list right away. Still, it is a good idea to do
> so. I've updated the wiki accordingly.
>
> Regards,
>
> Stephan.
> ___
> Dovecot-news mailing list
> dovecot-n...@dovecot.org
> http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news

[Dovecot-news] Released Pigeonhole v0.4.13 for Dovecot v2.2.22.

[Stephan Bosch]

Hello Dovecot users,

Here is the final v0.4.13 release of Pigeonhole for Dovecot v2.2.22.
Nothing changed since the RC.

Changelog v0.4.13:

* redirect action: Added the list-id header to the duplicate ID for
  mail loop prevention. This means that the message sent directly to
  the user and the message coming through the mailing list itself are
  treated as different messages by the loop detection of the redirect
  command, even though their Message-ID may be identical.
* Changed the Sieve number type to uint64_t, which means that Sieve
  numbers can now technically range up to 2^64. Some other Sieve
  implementation allowed this, making this change necessary for
  successful migration.
+ Implemented the sieve_implicit_extensions setting. The extensions
  listed in this setting do not need to be enabled explicitly using the
  Sieve "require" command. This behavior directkly violates the
  standard, but can be necessary for compatibility with some existing
  implementations of Sieve. Do not use this setting unless you really
  need to!
- redirect action: Made mail loop detection more robust by forcibly
  adding a Message-ID header if it is missing.
- Prevent logging a useless "script not found" error message for LDAP
  scripts for which the entry exists but no attribute containing a
  script. This is not necessarily an error.
- extprograms plugin: Changed the communication channel between parent
  and child process for a directly forked program from a socketpair to
  a double pipe. Linux does not support /dev/stdin, /dev/stdout and
  friends for sockets. For some shell program authors this may be
  confusing, so that is why it is changed. When using the script
  service, these device nodes are still not usable though.

The release is available as follows:

http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.13.tar.gz
http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.13.tar.gz.sig

Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for
more information. Have fun testing this release and don't hesitate to
notify me when there are any problems.

Regards,

-- 
Stephan Bosch
step...@rename-it.nl











___
Dovecot-news mailing list
Dovecot-news@dovecot.org
http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news

Re: overview zlib efficiency? Summary and added note

[Harald Leithner]

In the vmail directory are only attachment stored which are smaller then 
64k every attachment that is bigger get into the SIS store.


The SIS store has no compression but it seams that attachments are 
stored in raw and not base64 encoded so its saves 30%? on binary data.


Also I wrote that 'du -l' maybe not the correct way to count 
de-duplication.


It seams that every attachment has minimum 2 hardlinks in the SIS, I 
missed that before I wrote the other mail. That also explains why 
storage uses so much more space then the counted mail size ;-)


I think ignoring the hashes folder in the sis would give better results:

find vmail_sis -type f -printf '%s %p\n' | grep -v hashes | awk 
'{s+=$1}END{printf("%.2fMB\n", s/1024/1024);}'


In my case this is:

142922.29MB (So forget 209G from my previous mail.)

doveadm -f table fetch -A "size.physical" ALL | awk 
'{s+=$2}END{printf("%.2fMB\n", s/1024/1024);}'


195861.12MB

du -sh vmail

56G (it also seams that mdbox tricked me with spare file size)

Mails in mdbox storage compressed without index/logs

find vmail -type f -printf '%s %p\n' | grep "/storage/m." | awk 
'{s+=$1}END{printf("%.2fMB\n", s/1024/1024);}'

4776.51MB

index/logs

find vmail -type f -printf '%s %p\n' | grep -v "/storage/m." | awk 
'{s+=$1}END{printf("%.2fMB\n", s/1024/1024);}'

224.40MB

So in the end I use 146,7 Storage + 224,4 index/logs/metadata/overhead 
with 191,27 GB Plain E-Mails


I still can't tell you how much compression begins in because SIS is not 
compressed ;-)


So some without SIS and mdbox have to do this test.

bye



Am 16.03.2016 um 11:52 schrieb Haravikk:

Not sure how you’re seeing such a high ratio; I tried the same commands on my 
system (thanks for these btw) and my savings from compression are around 5% =D

That said I’m dealing with a much smaller volume (3gb) and I’ve only identified 
a half dozen or so attachments that don’t have some kind of compression 
already; most modern mail programs will compress common types like images by 
default, and many modern file-formats have compression built in, and can give 
better results than zlib anyway.

My biggest savings are on mailing list messages (I filter these into their own 
mailbox) since they tend to be longer than typical messages, especially with 
auto-quoting, they also tend to be very busy mailboxes, but I also don’t keep 
them forever.

As an experiment I also tried moving my (uncompressed) messages to a 
compressing file-system (ZFS using lz4) but the savings were similarly small; I 
assume they were probably a bit better, but the extra overhead of the 
file-system eroded it since the savings are so small in my case. I think if 
you’re serious about compression then a compressing file-system is the way to 
go though, but in my case I’m on virtual hosting so there’s not much point in 
layering a ZFS volume on top of shared storage (since it’s ZFS based already 
for integrity/redundancy).

I just thought I’d mention my experience since people are quoting big savings 
that I haven’t seen; I wouldn’t consider my usage all that unusual, maybe some 
of you are receiving a lot more newsletter type traffic (these messages can be 
quite large), uncompressed document type files, or are less selective in which 
messages are retained forever? Just a caution that people looking at 
compression may not see the same savings depending upon their actual content.

Spam is another bad category for compression I’ve found; at least in my case 
the messages are usually very short, and/or contain randomised junk to try to 
confound filters, though I’m pretty aggressive about clearing them (I discard 
messages outright above a certain threshold, and use a script to expunge spam 
messages so that I can expunge messages with higher spam ratings faster (so 
possible false positives stick around longer so they can be caught).


On 16 Mar 2016, at 09:48, Harald Leithner  wrote:

Hi,

use "doveadm" to get all real message

doveadm -f table fetch -A "size.physical" ALL | awk 
'{s+=$2}END{printf("%.2fMB\n", s/1024/1024);}'

189247.67MB .. 185G

use "du" to get size on disc:

In my case
with deduplication:

/srv/stroage/# du -s -h *
53G vmail
75G vmail_sis

without deduplication

/srv/stroage/# du -s -h -l *
53G vmail
209Gvmail_sis

j4i, SIS can't use the zlib plugin so the 75G in my case are not compressed (I 
haven't a filesystem that I trust and has a compression feature). Anyway it has 
a 3:1 ratio in my case.

Maybe I interpret the SIS wrong and SIS couldn't be counted with du -l (count 
links).

But if someone doesn't have SIS this values should be point you into the right 
direction.

bye

Harald

Am 16.03.2016 um 08:50 schrieb Götz Reinicke - IT Koordinator:

Am 15.03.16 um 16:01 schrieb Götz Reinicke - IT Koordinator:

Hi,

may be someone has already done that: Do you have a script(?) tool which
shows the efficiency of the mail compression if zlib is used?

Something that shows the 

Xi has a new home

[Stephan Bosch]

Hi,

The automatic package builder Xi has moved to system within the Dovecot 
infrastructure. This also means that the repositories are available at a 
new host name: xi.dovecot.fi. The old host name still works and is a 
CNAME pointing to the new venue. I expect the old domain to be active 
for years to come. So, there is no need to update your 
/etc/apt/sources.list right away. Still, it is a good idea to do so. 
I've updated the wiki accordingly.


Regards,

Stephan.

Problem configuring sieve

[Jerry]

This is a fresh installation of dovecot on a FreeBSD 11 system. Trying
to run the following command produces this error:

sievec ./default.sieve
sievec(root): Debug: Loading modules from directory: /usr/local/lib/dovecot
sievec(root): Error: Couldn't load required plugin 
/usr/local/lib/dovecot/lib90_sieve_plugin.so: Can't load plugin sieve_plugin: 
Plugin is intended to be used only by binaries: lda lmtp (we're sievec)
sievec(root): Fatal: Internal error occurred. Refer to server log for more 
information.
*** Error code 89

This is my configuration:

# 2.2.22 (fe789d2): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.12 (c1c0a23)
# OS: FreeBSD 11.0-CURRENT amd64  zfs
auth_mechanisms = plain login
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:/var/mail/vmail/%d/gerard
mail_plugins = sieve
mail_save_crlf = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
auto = subscribe
special_use = \Drafts
  }
  mailbox Junk {
auto = subscribe
special_use = \Junk
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox "Sent Messages" {
auto = subscribe
special_use = \Sent
  }
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  prefix =
}
passdb {
  args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users/passwd
  driver = passwd-file
}
plugin {
  sieve_default = /usr/local/etc/dovecot/sieve/default.sieve
}
postmaster_address = postmas...@seibercom.net
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
  unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
  }
}
service dict {
  unix_listener dict {
group = vmail
mode = 0600
user = vmail
  }
}
ssl_cert = 

Dovecot LDA with OpenSMTPD

[Eric Kom]

Good day,
Can any one help on how to get Dovecot LDA work with OpenSMTPD?

Re: Looking for way to monitor dsync, confirm it is or isn't running

[Michael Grimm]

Rich Wales  wrote:

> As a followup question:  If "doveadm replicator status" shows problems,
> are there any commands available to pinpoint exactly which request(s)
> is/are causing the problem(s)?

Not to my knowledge.

> One of the sites I am administering, for example, has been reporting
> 1 "queued 'full resync' requests" and 9 "waiting 'failed' requests" for
> the past couple of days.  But I have no idea how to resolve the issue.
> Suggestions welcome.

Normally those messages do not persist for days at my site; I do only see them 
for an hour, longest. 

That hour may coincide with my setting:
replication_full_sync_interval = 1 hours
But that is a guess of mine, I do not know enough about replicator to answer 
your questions. Others should jump in here.

Anyway: Did you try "doveadm -D replicator replicate '*'"?

Regards,
Michael

Re: TLS handshake issue

[John Oliver]

On Thu, Mar 17, 2016 at 08:30:32PM +0300, Andrey Fesenko wrote:
> May be use -starttls imap or 993 port and more logs verbose_ssl=yes

I am using verbose_ssl = yes

Dovecot is currently working with SSL on 143, and I'm trying to not
change current client config.

As for '-starttls', in what context?

-- 
***
* John Oliver http://www.john-oliver.net/ *
* *
***

Re: NetApp NFS vs. ZFS and NFS for Maildir

[James]

On 19/03/2016 08:11, Stephan von Krawczynski wrote:


Obviously you must work for people that have not the slightest idea about
using hardware ...


So you have UPSes, power supplies and motherboards that never fail. Good 
luck to you, you are running on it.


For everyone else reading this, do not set sync off. If sync writes are 
taking 3 seconds, or more than a few milliseconds, there is something 
else that needs fixing.

Dumb question: dovecot include file

[Jerry]

Dovecot has an include file option. What I am not sure of is why those
files use both a *.conf and *.conf.ext extension. I assume both types
are included by using the !include .conf or !include
.conf.ext syntax.

-- 
Jerry

Re: NetApp NFS vs. ZFS and NFS for Maildir

[Noel Butler]

On 14/03/2016 18:49, Stephan von Krawczynski wrote:




and you've never seen these cause problems with FS?  then you must be 
a

newbie, in over 25 years I've seen it happen several times - yes even
after an apparent controlled shutdown.


Maybe you're doing something wrong then. because in my last 21 years 
working
exactly in this business I've not seen a single deadly fs-crash because 
of a

power-outage. Not one. And we had of course several, all backed by UPS.


Consider yourself lucky, Most network admins whove been around large 
busy ISP DC's have seen this in their lifetime, to not have seen one is 
rare, go buy yourself a lotto ticket :)




If your servers get drowned with water during a fire your fs is 
probably the

least of your worries. You don't really plan to re-enable servers with
water- or fire-damage, do you? That's probably why there shouldn't be a
fireman pouring water in the first place.


This shows you dont understand structural engineering, the fire does not 
have to be on your floor, it can be far away as two or so levels above, 
with the high pressure water used - equating to a shitload of water, 
there are ducts, shafts, other risers and so on that with a shit-tone of 
water can easily penetrate fireblocks of floors below - dont take my 
work,  go ask a fireman, or maybe watch the nightly news sometime 
(building fire - many levels water affected blah blah blah)... so 
keeping those boxes on via UPS's is asking for lots of charcoaled boards 
and fried drives. IOW, total stupidity.


Should those machines be depowered as required by our building codes, 
well, might take a few days of drying out but at least they will power 
back up without error - yes, done it in risk assessments.




--
If you have the urge to reply to all rather than reply to list, you best
first read  http://members.ausics.net/qwerty/

Re: NetApp NFS vs. ZFS and NFS for Maildir

[Stephan von Krawczynski]

On Sat, 19 Mar 2016 17:37:04 +1000
Noel Butler  wrote:

> On 14/03/2016 18:49, Stephan von Krawczynski wrote:
> > 
> >> 
> >> and you've never seen these cause problems with FS?  then you must be 
> >> a
> >> newbie, in over 25 years I've seen it happen several times - yes even
> >> after an apparent controlled shutdown.
> > 
> > Maybe you're doing something wrong then. because in my last 21 years 
> > working
> > exactly in this business I've not seen a single deadly fs-crash because 
> > of a
> > power-outage. Not one. And we had of course several, all backed by UPS.
> 
> Consider yourself lucky, Most network admins whove been around large 
> busy ISP DC's have seen this in their lifetime, to not have seen one is 
> rare, go buy yourself a lotto ticket :)
> 
> > 
> > If your servers get drowned with water during a fire your fs is 
> > probably the
> > least of your worries. You don't really plan to re-enable servers with
> > water- or fire-damage, do you? That's probably why there shouldn't be a
> > fireman pouring water in the first place.
> 
> This shows you dont understand structural engineering, the fire does not 
> have to be on your floor, it can be far away as two or so levels above, 
> with the high pressure water used - equating to a shitload of water, 
> there are ducts, shafts, other risers and so on that with a shit-tone of 
> water can easily penetrate fireblocks of floors below - dont take my 
> work,  go ask a fireman, or maybe watch the nightly news sometime 
> (building fire - many levels water affected blah blah blah)... so 
> keeping those boxes on via UPS's is asking for lots of charcoaled boards 
> and fried drives. IOW, total stupidity.
> 
> Should those machines be depowered as required by our building codes, 
> well, might take a few days of drying out but at least they will power 
> back up without error - yes, done it in risk assessments.

Obviously you must work for people that have not the slightest idea about
using hardware in a correct way and don't know when the time has come to throw
it away. Man, there is no way to let a drowned box survive. It is not back to
normal when it is dry. If you don't get that I am pretty happy to be no
customer. This can only be an idea born in the sick mind of a controller who
didn't want to pay insurance in the first place. We are talking about serious
corrosion effects here let alone that you have a hard time even knowning when
your boxes are really dry. Your fireman on the other hand seem to be stuck in
the 80ths. Today there are solar panels almost everywhere _which you cannot
turn off_. Sure you have a switch somewhere, but it does not help you for the
space between the switch and the roof (which can be a pretty long distance).
Really, sorry, I don't want to listen to more horror stories from you
operating drowned equipment. 
And in the end: considering your "large busy ISP DC's" they should have backup
DCs located elsewhere with mirrored data, right? 
Lets please end that now and for all.

-- 
Regards,
Stephan

talloc access after free error ntlmssp_server.c:457

[J Landwehr]

Our new/fresh dovecot imap installation on CentOS (latest from yum repository, 
which is 2.2.10) is locking up with a panic on a consistent basis and denying 
service to subsequent clients.  The behavior is repeatable.  Have spent weeks 
debugging and trying different configurations with no success.

Specific /var/log/maillog error messages are:

12:06:54 dovecot: auth: Error: talloc: access after free error - first free may 
be at ../auth/ntlmssp/ntlmssp_server.c:457
12:06:54 dovecot: auth: Error: Bad talloc magic value - access after free
12:06:54 dovecot: auth: Error: PANIC (pid 2570): Bad talloc magic value - 
access after free

Our configuration is based on the instructions for NTLM authentication with our 
Windows 2012R2 AD/Domain server:
http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm 


Here are the steps to reproduce:

1. Fresh boot of CentOS server, only configured for postfix/dovecot
2. Connect with Outlook 2016 12.0.4312.1000 32bit on Win7 via IMAP to this 
dovecot server
3. Any existing and new mail loads in OK to inbox - so authentication is 
working OK to AD domain server

4. Send an email to someone from Outlook
5. SMTP process completes, message is delivered - 

6. dovecot immediately panics on servers, Authentication to dovecot no longer 
works
7.  will hang until a  on the 
“dovecot/auth” PID is performed

The issue is with steps 6/7 immediately after 4/5- and is intermittent.
Steps 1-3 always work OK, as do 4-5.
Further, inbound emails received on this server when no IMAP client is running 
are always received just fine and dovecot doesn’t hang.

Sometimes I have to send a few email messages with steps 4/5 before the issue 
with 6/7 happens.

If I tail -f /var/log/maillog on the server, I can usually determine when 6/7 
will fail because there is a line or two with:
"dovecot: map: Disconnected: logged out message” 
being shown, even though the Outlook client is still open.
After I see that Outlook closed an IMAP session, even though outlook is still 
running, I can send a message from Outlook and after it appears in my inbox, 
dovecot panics/hangs immediately

Authentication is otherwise working, e.g. test with:
/usr/bin/ntlm_auth —username=alice
occasionally takes several seconds to respond, but is usually immediate
response is always NT_STATUS_OK: Success (0x0)

(I welcome tips to make ntlm_auth always respond more quickly!)

I have tried adding lines to smb.conf like:
win bind cache time = 300
win bind offline login = true
No success

I have also looked further into the detailed debugging logs and there is:

dovecot: auth: Error: Go user=[alice] domain=[OFFICE] workstation=[pc1] len1=24 
len2=290
dovecot: auth: error: login for user [OFFICE]\[alice]@[pc1] failed due to 
[Wrong Password]
dovecot: auth: Error: GENSEC login failed: NT_STATUS_LOGON_FAILURE
dovecot: auth: winbind(?,x.x.x.x,): user not authetnicated: 
NT_STATUS_LOGON_FAILURE

But I am not sure why there would be that error, since earlier IMAP sessions 
are working just fine with the same exact domain/username and password.  

It seems to be something about Outlook quickly opening up new simultaneous IMAP 
sessions with a CONT command, and NTLM authentication somehow fails with one of 
them, and panics.  It always seems to be when sending an email.  Like the 
process of either receiving a new msg in the inbox and/or also posting the just 
sent message into the Sent Items folder via IMAP (perhaps when it happens 
simultaneously, as in a message you cc yourself on) is somehow triggering this.

Here is more detailed information that can hopefully help track this down.  
Thank you!

dovecot -n
# 2.2.10: /etc/dovecot/dovecot.conf

CentOS 7.2.1511

auth_mechanisms = ntlm
auth_use_winbind = yes
auth_username_format = %n
mbox_write_locks = fcntl

passdb {
 drive = pam
}

protocols = imap

service auth {
 user = root
}
userdb {
 driver = passwd
}

/etc/samba/smb.conf
workgroup = OFFICE
realm = OFFICE.LOCAL
security = ADS
local master = no
preferred master = no
dns proxy = no
idmap uid = 1-2
idmap gid = 1-2
password server = win2012r2
encrypt passwords = no
kerberos method = system keytab
winbind use_default_domain = yes
winbind offline login = true
winbind separator = +

ERROR MESSAGE

12:00:10 dovecot: imap(alice): Disconnected: logged out in=398 out=4368
12:05:52 postfix/smtpd: connect from pc1
12:05:52 postfix/smtpd: client=pc1
12:05:52 postfix/cleanu: message-id=
12:05:52 postfix/qmgr: from=alice, size=5925, nrcpt=1 (queue active)
12:05:53 postfix/smtp: to=bob, relay=mailserver, delay=0.93, dsn=2.0.0, 
status=send (250 ok: Message accepted)
12:06:53 postfix/qmgr: removed
12:06:54 dovecot: auth: Debug: Loading modules from directory: 
/usr/lib64/dovecot/auth
12:06:54 dovecot: auth: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_sqlite.so
12:06:54 dovecot: auth: Debug: Read auth token secret from 

Trouble getting vnd.dovecot.filter and filter visible/usable...

[Tolbert, Joshua P]

Hello,

I’m trying to make vnd.dovecot.filter available both globally and for users 
through sieve, but I haven’t had much luck getting things to work right. Sieve 
scripts won’t validate and vnd.dovecot.filter never shows up in the managesieve 
capability list. I’ve spent lots of time looking for where problems could be, 
but I’m out of ideas…So I’m asking you guys.

In the protocol lmtp section, I’m defining mail_plugins = $mail_plugins sieve, 
however I’ve tried it without $mail_plugins too…No luck that way either.

Any help/advice would be much appreciated. Thanks!

Cheers,

Josh
# 2.2.21 (5345f22): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.12 (c1c0a23)
# OS: FreeBSD 10.2-RELEASE-p9 amd64  
auth_mechanisms = plain login
auth_username_format = %n
mail_location = maildir:~/Maildir
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
  separator = /
}
passdb {
  driver = pam
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_extensions = +vnd.dovecot.filter
  sieve_filter_bin_dir = /usr/local/libexec/dovecot/sieve-filter
  sieve_global_extensions = +vnd.dovecot.filter
  sieve_plugins = sieve_extprograms
}
protocols = imap pop3 lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
}
ssl_cert = 

Re: [Dovecot-news] Xi has a new home

[Eric Kom]

On 17/03/2016 16:39, Stephan Bosch wrote:



Op 17-3-2016 om 15:09 schreef Eric Kom:


On 2016/03/17 3:38 PM, Stephan Bosch wrote:

Hi,

Good day dear,
Thanks for the UPDATE.
The xi.dovecot.fi host name route to www.dovecot.nl
They is no direct access to it via HTTP/FTP?


Xi has no main page, so it redirects to the dovecot community website. 
The repositories are - as always - available under 
http://xi.dovecot.fi/debian. There is no FTP access.



Thanks for the update

The wiki has all the information you need.

Regards,

Stephan.


The automatic package builder Xi has moved to system within the
Dovecot infrastructure. This also means that the repositories are
available at a new host name: xi.dovecot.fi. The old host name still
works and is a CNAME pointing to the new venue. I expect the old
domain to be active for years to come. So, there is no need to update
your /etc/apt/sources.list right away. Still, it is a good idea to do
so. I've updated the wiki accordingly.

Regards,

Stephan.
___
Dovecot-news mailing list
dovecot-n...@dovecot.org
http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news

Re: overview zlib efficiency?

[Sven Hartge]

Teemu Huovila  wrote:
> On 15.03.2016 21:45, Sven Hartge wrote:
 
>> And gzip (or lz4 of implemented someday) (or even blosc:
> liblz4 has been supported since 2.2.11+ http://wiki2.dovecot.org/Plugins/Zlib

Hmm, yes. I don't know how I missed this when I looked at that page
last night. Must have been a coffein underflow error.

S°

-- 
Sigmentation fault. Core dumped.

Re: VS: Re: TLS handshake issue

[John Oliver]

On Thu, Mar 17, 2016 at 08:38:55PM +0200, Aki Tuomi wrote:
> openssl s_client -connect host:143 -starttls imap 

Why?  'openssl' works just fine, it shows me the certificate and the
IMAP banner, and I can log in and list mail.

-- 
***
* John Oliver http://www.john-oliver.net/ *
* *
***

Re: TLS handshake issue

[Andrey Fesenko]

On Thu, Mar 17, 2016 at 8:18 PM, John Oliver  wrote:
> dovecot-2.0.9 on CentOS 6.7
>
> The system in question is not connected to the Internet, so I can't
> copy-and-paste.  I have to type anything required :-(
>
> Brand-new out-of-the-box install with a really minimal dovecot.conf
> including:
>
> service imap-login {
>   inet_listener imaps {
> address = 192.168.1.10
> port = 143
> ssl = yes
>   }
> }
>
> ssl_cert= ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
> ssl_key =
>
> That's very, very similar to an existing dovecot server on an old VM I
> need to replace.  Certs are self-signed, I know that's a horrible thing
> to do, but right now we don't have any choice.  I'm connecting with
> Apple Mail 8.2 running on OS X 10.10.5, another thing we have no choice
> about :-/  The Apple Mail just sits there stupidly.  It's "Connection
> Doctor" just helpfully reports that it can't establish a connection.  I
> can use 'openssl s_client -showcerts -connect mail:143' and see what I
> expect to see.  The dovecot log with lots of verbosity enabled tells me:
>
> imap-login: Info: Disconnected (no auth attempts): rip=192.168.1.200,
> lip=192.168.1.10, TLS handshaking: Disconnected
> auth: Debug: auth client connected (pid=21006)
> imap-login: Warning: SSL: where=0x10, ret=1: before/accept
> initialization [192.168.1.200]
> imap-login: Warning: SSL: where=0x2001, ret=1: before/accept
> initialization [192.168.1.200]
> imap-login: Warning: SSL: where=0x2002, ret=1: SSLv2/v3 read client
> hello A [192.168.1.200]
>
>
> And that's it... those lines get repeated every minute that Mail is
> running.  I'm not seeing anything in any logs that even hints at what
> it's unhappy about, or any way to increase verbosity any more.
>
> Any hints appreciated!
>
> --
> ***
> * John Oliver http://www.john-oliver.net/ *
> * *
> ***

May be use -starttls imap or 993 port and more logs verbose_ssl=yes

Re: TLS handshake issue

[John Oliver]

On Thu, Mar 17, 2016 at 08:04:26PM +, Ron Leach wrote:
> On 17/03/2016 17:18, John Oliver wrote:
> >The dovecot log with lots of verbosity enabled tells me:
> >
> >imap-login: Info: Disconnected (no auth attempts): rip=192.168.1.200,
> >lip=192.168.1.10, TLS handshaking: Disconnected
> 
> 
> 'no auth attempts' has been reported on the list a few times before 
> and, in some cases, it means what it says - the  MUA made no attempt 
> to authenticate with username and password.  I think authentication is 
> a different activity from setting up an encrypted comms channel.
> 
> Two ideas:
> 
> Is the MUA set up to use a login?
> 
> And, as part of the secure connection, is the MUA setup to use 'starttls'?

Unfortunately, as the MUA is Apple Mail, that answer is hard to
determine.  Have I configured a login?  Sure.  have I checked "Use SSL"?
Yup.  Do those settings mean anything?  Who knows?

With our old mail server, it "just works"... after going through the
mail setup, we don't need to do anything fancy.  I can't help but
imagine that there's some other difference in the default configs.  I'll
have to dump the configs of both and do a diff and hope there aren't so
many differences I can't pick out what may be relevant here...

-- 
***
* John Oliver http://www.john-oliver.net/ *
* *
***

Re: TLS handshake issue

[Ron Leach]

On 17/03/2016 17:18, John Oliver wrote:

The dovecot log with lots of verbosity enabled tells me:

imap-login: Info: Disconnected (no auth attempts): rip=192.168.1.200,
lip=192.168.1.10, TLS handshaking: Disconnected



'no auth attempts' has been reported on the list a few times before 
and, in some cases, it means what it says - the  MUA made no attempt 
to authenticate with username and password.  I think authentication is 
a different activity from setting up an encrypted comms channel.


Two ideas:

Is the MUA set up to use a login?

And, as part of the secure connection, is the MUA setup to use 'starttls'?

hth Ron

poppassd

[Adrian Minta]

Hello,
does anyone of you knows a poppassd implementation compatible with 
dovecot mysql or ldap backends ?


--
Best regards,
Adrian Minta

Re: lmtp timeout, locks and crashes

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 17 Mar 2016, Tom Sommer wrote:

On 2016-03-17 13:41, Tom Sommer wrote:

On 2016-03-15 10:53, Tom Sommer wrote:
I'm seeing some problems on accounts which get a lot of spam (like, a 
lot).


I did an "strace" on one of the hundreds of lmtp processes.

It's doing stat() on all files in the new folder for the receiver:

stat("/var/mail/dovecot///new/xx.xxx...com",
{st_mode=S_IFREG|0600, st_size=15505, ...}) = 0

etc.

The "new" folder contains hundreds of thousands of files.

Is there any way to prevent all these stat() calls? It seems like
something there would be an index or cache for?


Seems like it might be due to maildir quota-recalculation?


Yes possibly. But also in order to update the index files.

For all I know this should happen only, if the mtime of the directory 
changes. Is there some external programm manipulating files in the new/cur 
directories bypassing Dovecot? E.g. a rm on command line?


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBVuuqPHz1H7kL/d9rAQIEFggAmwDF11PTTIUOZ66udkcfxjZ944MvFBE0
I5jgSe/qRwSchfPE/leyc15uEC477YdJavbOv8TtsdZQVgUcWZgM7Wdtn0iCNWsT
LttwfEp2Ft0swdtwE5948Swt2P99UHi6KVC7XkOHm/uH8O3zLRNMo8h04IYkwhV+
zCz0FAEF57opFATpoJ1VPJE01PslKBEo5sublCaA2c35kE0ukDnNOsocJkiIw8+t
ax85THVWFjIv2ybBbjYIIYFipkIo1vxzYaxfKnrLg9OdbUPceVaL0yL/WXm44wP7
Yoouoh+42E8jDvCHSCWmyBjXUw0CvmKExMSwigwNYYYhabCpYmEctg==
=LQdS
-END PGP SIGNATURE-