AW: dovecot and ldap with problem on userdb

[in Gründung]

Hi all,
I have now tried all kind of alternatives and even setup postfix config from
scratch with a minimum setting, but still same result.

If anyone can give me a hint how to get more information on that error or
where to look at would be very helpful.
Thanks

Mit freundlichenGrüßen / Kind Regards
Kallewirsch

Re: 2.2.25 dumps core with "Panic: file imap-client.c: line 837 (client_check_command_hangs): assertion failed: (client->io != NULL)"

[Piper Andreas]

Am 01.09.2016 um 14:17 schrieb Aki Tuomi:
> 
> 
> On 01.09.2016 14:20, Piper Andreas wrote:
>> Hello Timo,
>>
>> with the newly build CSW-package the crashes still occur, today already
>> twice within two hours. The log shows always the same:
>>
>> Sep  1 11:50:13 surz113 dovecot: [ID 583609 mail.crit] imap(user):
>> Panic: file imap-client.c: line 837 (client_check_command_hangs):
>> assertion failed: (client->io != NULL)
>> Sep  1 11:50:13 surz113 dovecot: [ID 583609 mail.error] imap(user):
>> Error: Raw backtrace: 0x80ffb633d88d -> 0x80ffb636ae82 ->
>> 0x41eba0 -> 0x41ecf3 -> 0x80ffb635d248 -> 0x80ffb6350d2f ->
>> 0x80ffb63519e0 -> 0x80ffb6350dce -> 0x80ffb6350f90 ->
>> 0x80ffb62e3ebb -> 0x42f169 -> 0x41292c
>> Sep  1 11:50:13 surz113 dovecot: [ID 583609 mail.crit] imap(user):
>> Fatal: master: service(imap): child 11227 killed with signal 6 (core not
>> dumped - set service imap { drop_priv_before_exec=yes })
>>
>> This happens with different users, the last one with a relatively small
>> mailbox of 600MB.
>>
>> doveconf -n is attached.
>>
>> Dovecot 2.2.25
>> OS: Solaris 11 (SunOS 5.11 11.3 i86pc i386 i86pc)
>> Virtualization: VMware
>> Filesystem: ZFS
>> active users: ~4000
>>
>> The system was transferred at beginning of last week from an old
>> SPARC-station with Solaris 10 running dovecot-2.2.15 to this virtualized
>> platform under VMware. The mailboxes (maildir-format) were transferred
>> without change by switching the storage-hardware to the new server. I
>> had to remove all dovecot.index*-files for errors of "CPU Architecture
>> changed", but after doing this all seemed to work ok except for these
>> occasional crashes.
>>
>> If you need more information, please let me know.
>>
>> Thanks for any help,
>> Andreas
>>
>>> Hi Jake,
>>>
>>> thanks for fixing this. I have installed now the newly built package on
>>> my production system and will report, if any more core dumps occur.
>>>
>>> Regards,
>>> Andreas
>>>
> 
> Hi!
> 
> Is it possible for you test out a small patch (attached) to see if it
> fixes this issue?
> 
> Aki
> 

Hello and thanks for this patch,

I will try to have it implemented by the OpenCSW-maintainers for a test
version as I do not have a compilation environment ready at hand.

I'll report the results asap.

Thanks again,
Andreas





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Dovecot 2.2.25 fails on SSL

[Andreas M. Kirchwitz]

Aki Tuomi  wrote:

>> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so
>> linux-gate.so.1 =>  (0x00e8c000)
>> libcrypto.so.1.0.0 => not found
>> libssl.so.1.0.0 => not found
>> librt.so.1 => /lib/librt.so.1 (0x00be4000)
>> libc.so.6 => /lib/libc.so.6 (0x001a6000)
>> libpthread.so.0 => /lib/libpthread.so.0 (0x003e4000)
>> /lib/ld-linux.so.2 (0x007e7000)
>>
>> ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so
>> linux-gate.so.1 =>  (0x00dca000)
>> libcrypto.so.1.0.0 => not found
>> libssl.so.1.0.0 => not found
>> librt.so.1 => /lib/librt.so.1 (0x00a7a000)
>> libc.so.6 => /lib/libc.so.6 (0x0016)
>> libpthread.so.0 => /lib/libpthread.so.0 (0x0072f000)
>> /lib/ld-linux.so.2 (0x0056)
>>
>> There's no libdcrypt_openssl.so in Dovecot 2.2.24, so I guess
>> with the newly introduced dcrypt stuff something with SSL went wrong.
>>
>> Would be great if that could be fixed so that SSL works again.
>
> Can you try the attached patch out?

Sorry for the late answer. (Away from computers. :-)

Tried the attached patch, applies fine, compiles fine,
but the ssl/crypto libraries are still not found.

The additional "$(SSL_LIBS)" in both "Makefile.am" files
doesn't properly make it into the resulting "Makefile" files.
After "configure" is done, the resulting "Makefile" files are
exactly the same in the original 2.2.25 version and patched
2.2.25 version (I guess they *should* contain the additional
SSL libraries somewhere).

Just let me know if there's more I can try (no longer away
from computers, so response time is faster :-)

Sorry for the bad news ... Andreas

Re: Dsync config help

[Aki Tuomi]

Hi! You can either send me the new text or I can send you the "password". 

Aki Tuomi 
Dovecot oy 


> On September 1, 2016 at 8:58 PM Jean-Luc Wasmer  wrote:
> 
> 
> Looks like I'm having a conversation with myself! lol
> 
> To avoid the timeouts, I removed the "replication_sync_timeout" setting. 
> It did work and also I don't get the "out of memory errors". I guess 
> they were related.
> I also figured the "permission denied" errors: there was a typo in one 
> of the "mode" in my config file.
> 
> 
> So to recap, here are the issues I couldn't fix:
> 
> - replication_sync_timeout generates a lot of time out error resulting 
> in out of memory errors.
> 
> - users outside the valid uid range [first_valid_uid;last_valid_uid] 
> won't be synced but will still generate a lot of errors
> 
> 
> The wiki page is of poor quality... it would need to be rewritten. I'm 
> willing to do it if someone can tell me how to go about doing that. I'n 
> not expecting any reply though...
> 
> Cheers,
> Jean-Luc
> 
> On 2016-08-31 21:01, Jean-Luc Wasmer wrote:
> > I was able to workaround the “Error: sync:
> > /var/run/dovecot/auth-userdb: Configured passdbs don’t support
> > credentials lookups (to see if user is proxied, because doveadm_port
> > is set)” problem: 
> > 
> > => I simply disabled “doveadm_port” and added the port number at the
> > end of the remote URL in “mail_replica”
> > 
> > 
> > Replication seems to work although I have regular errors (idk if they
> > are related to each other or not).
> > I’ve attached excerpts from the log files but here are the different 
> > errors:
> > 
> > 
> > - out of memory errors:
> > Aug 31 21:37:10 serverA dovecot: replicator: Panic: data stack: Out of
> > memory when allocating 268435496 bytes
> > 
> > 
> > 
> > - timeout errors:
> > 
> > Aug 31 21:36:41 serverA dovecot: dsync-server(user1): Warning:
> > replication(user1): Sync failure: Timeout in 2 secs
> > 
> > Aug 31 21:37:09 serverA dovecot: dsync-local(user1): Error: Couldn't
> > lock /home/user1/.dovecot-sync.lock: Timed out after 30 seconds
> > 
> > Aug 31 21:38:34 serverA dovecot: imap(user2): Warning:
> > replication(user2): Sync failure: Timeout in 2 secs
> > 
> > 
> > 
> > - permission denied errors:
> > 
> > Aug 31 21:37:14 serverA dovecot: dsync-server(user2): Error:
> > net_connect_unix(/var/run/dovecot/replicator-doveadm) failed:
> > Permission denied
> > 
> > 
> > 
> > 
> > 
> > I also get errors for user “nobody” with uid 65534. To avoid them I 
> > added 
> > 10-mail.conf:first_valid_uid = 2000
> > 10-mail.conf:last_valid_uid = 3000
> > 
> > 
> > 
> > but I still get some errors, different ones now:
> > 
> > 
> > Sep  1 00:13:42 shaun dovecot: doveadm(a.b.c.d,nobody): Error: Mail
> > access for users with UID 65534 not permitted (see first_valid_uid in
> > config file, uid from userdb lookup).
> > Sep  1 00:13:42 shaun dovecot: doveadm(a.b.c.d,nobody): Error:
> > dsync-server: User init failed
> > Sep  1 00:14:00 shaun dovecot: doveadm(nobody): Error: sync: Failed to
> > start remote dsync-server command: Remote exit_code=75
> > 
> > 
> > 
> > 
> > 
> > Jean-Luc
> > 
> > 
> > 
> >> On Aug 31, 2016, at 12:02 AM, Jean-Luc Wasmer  
> >> wrote:
> >> 
> >> 
> >> Hi,
> >> 
> >> 
> >> I'm trying to sync emails between server A and B.
> >> A has replicator, aggregator and doveadm.
> >> B only has doveadm for now.
> >> 
> >> 
> >> I'm getting the following error:
> >> 
> >> 
> >> Error: sync: /var/run/dovecot/auth-userdb: Configured passdbs don't 
> >> support credentials lookups (to see if user is proxied, because 
> >> doveadm_port is set)
> >> 
> >> 
> >> I'm not sure why I'm getting this error because I authenticate using 
> >> PAM 
> >> and when I run
> >> I do have a "service auth" enabled though... it's used for Postfix 
> >> SASL 
> >> to authenticate SMTP.
> >> 
> >> 
> >> I'm running
> >> 
> >> 
> >> # dovecot --version
> >> 2.2.24 (a82c823)
> >> 
> >> 
> >> 
> >> 
> >> 
> >> Cheers,
> >> Jean-Luc
> >> 
> >> 
> >> 
> >> 
> >> 
> >> PS: "replication_sync_timeout = 2s" doesn't work, I had to drop the 
> >> 's'
> >> 
> >> 
> >> 
> >> 
> >> 
> >> On 2016-08-28 17:43, Jean-Luc Wasmer wrote:
> >>> 
> >>> 
> >>> Hi,
> >>> 
> >>> 
> >>> 
> >>> 
> >>> 
> >>> I’m having a hard time with the http://wiki2.dovecot.org/Replication
> >>>  page.
> >>> 
> >>> 
> >>> 
> >>> 
> >>> 
> >>> - for a master-master setup, does the configuration need to be
> >>> mirrored on both masters?
> >>> 
> >>> 
> >>> 
> >>> 
> >>> 
> >>> 
> >>> 
> >>> 
> >>> - after aggregating unrelated sections of the wiki page, there seems
> >>> to be 3 different values for “mail_replica":
> >>> - "remote”: for SSH
> >>> - “remoteprefix": for SSH wrapper
> >>> - “tcp”: for TCP connection using the Doveadm protocol
> >>> Is this correct?
> >>> 
> >>> 
> >>> 
> >>> 
> >>> 
> >>> - what’s the purpose of the replicator VS aggregator VS doveadm 
> >>> services?
> >>> Who talks to who? Where can I find 

Re: Dsync config help

[Jean-Luc Wasmer]

Looks like I'm having a conversation with myself! lol

To avoid the timeouts, I removed the "replication_sync_timeout" setting. 
It did work and also I don't get the "out of memory errors". I guess 
they were related.
I also figured the "permission denied" errors: there was a typo in one 
of the "mode" in my config file.



So to recap, here are the issues I couldn't fix:

- replication_sync_timeout generates a lot of time out error resulting 
in out of memory errors.


- users outside the valid uid range [first_valid_uid;last_valid_uid] 
won't be synced but will still generate a lot of errors



The wiki page is of poor quality... it would need to be rewritten. I'm 
willing to do it if someone can tell me how to go about doing that. I'n 
not expecting any reply though...


Cheers,
Jean-Luc

On 2016-08-31 21:01, Jean-Luc Wasmer wrote:

I was able to workaround the “Error: sync:
/var/run/dovecot/auth-userdb: Configured passdbs don’t support
credentials lookups (to see if user is proxied, because doveadm_port
is set)” problem: 

=> I simply disabled “doveadm_port” and added the port number at the
end of the remote URL in “mail_replica”


Replication seems to work although I have regular errors (idk if they
are related to each other or not).
I’ve attached excerpts from the log files but here are the different 
errors:



- out of memory errors:
Aug 31 21:37:10 serverA dovecot: replicator: Panic: data stack: Out of
memory when allocating 268435496 bytes



- timeout errors:

Aug 31 21:36:41 serverA dovecot: dsync-server(user1): Warning:
replication(user1): Sync failure: Timeout in 2 secs

Aug 31 21:37:09 serverA dovecot: dsync-local(user1): Error: Couldn't
lock /home/user1/.dovecot-sync.lock: Timed out after 30 seconds

Aug 31 21:38:34 serverA dovecot: imap(user2): Warning:
replication(user2): Sync failure: Timeout in 2 secs



- permission denied errors:

Aug 31 21:37:14 serverA dovecot: dsync-server(user2): Error:
net_connect_unix(/var/run/dovecot/replicator-doveadm) failed:
Permission denied





I also get errors for user “nobody” with uid 65534. To avoid them I 
added 

10-mail.conf:first_valid_uid = 2000
10-mail.conf:last_valid_uid = 3000



but I still get some errors, different ones now:


Sep  1 00:13:42 shaun dovecot: doveadm(a.b.c.d,nobody): Error: Mail
access for users with UID 65534 not permitted (see first_valid_uid in
config file, uid from userdb lookup).
Sep  1 00:13:42 shaun dovecot: doveadm(a.b.c.d,nobody): Error:
dsync-server: User init failed
Sep  1 00:14:00 shaun dovecot: doveadm(nobody): Error: sync: Failed to
start remote dsync-server command: Remote exit_code=75





Jean-Luc



On Aug 31, 2016, at 12:02 AM, Jean-Luc Wasmer  
wrote:



Hi,


I'm trying to sync emails between server A and B.
A has replicator, aggregator and doveadm.
B only has doveadm for now.


I'm getting the following error:


Error: sync: /var/run/dovecot/auth-userdb: Configured passdbs don't 
support credentials lookups (to see if user is proxied, because 
doveadm_port is set)


I'm not sure why I'm getting this error because I authenticate using 
PAM 

and when I run
I do have a "service auth" enabled though... it's used for Postfix 
SASL 

to authenticate SMTP.


I'm running


# dovecot --version
2.2.24 (a82c823)





Cheers,
Jean-Luc





PS: "replication_sync_timeout = 2s" doesn't work, I had to drop the 
's'






On 2016-08-28 17:43, Jean-Luc Wasmer wrote:



Hi,





I’m having a hard time with the http://wiki2.dovecot.org/Replication
 page.





- for a master-master setup, does the configuration need to be
mirrored on both masters?








- after aggregating unrelated sections of the wiki page, there seems
to be 3 different values for “mail_replica":
- "remote”: for SSH
- “remoteprefix": for SSH wrapper
- “tcp”: for TCP connection using the Doveadm protocol
Is this correct?





- what’s the purpose of the replicator VS aggregator VS doveadm 
services?
Who talks to who? Where can I find documentation about their
configuration (i.e. not examples)





- most examples are for a single vmail user setup… what should be 
done

when using system accounts?





Thanks,
Jean-Luc

RE: autoexpunge clarification

[Michael Fox]

Thanks Philon.

In one of my situations, the potential for such old mail in accounts where the 
user is not receiving new mail or logging in is large.  For example, one 
application is for an emergency auxiliary mail service.  It can be heavily used 
during training, drills and, of course, emergencies.  But otherwise, any 
leftover mail will likely sit there until the next training, drill, or 
emergency.  The account is still valid and should not be removed.  But we'd 
like the mails to be removed so this old mail isn't dumped on the user the next 
time they connect, especially since some may connect via lower-speed radio 
links.

It looks like I'll definitely need to use the expunge plugin with a cron job.

Thanks again for the clarifications.  

Michael

Re: 2.2.25 dumps core with "Panic: file imap-client.c: line 837 (client_check_command_hangs): assertion failed: (client->io != NULL)"

[Aki Tuomi]

On 01.09.2016 14:20, Piper Andreas wrote:
> Hello Timo,
>
> with the newly build CSW-package the crashes still occur, today already
> twice within two hours. The log shows always the same:
>
> Sep  1 11:50:13 surz113 dovecot: [ID 583609 mail.crit] imap(user):
> Panic: file imap-client.c: line 837 (client_check_command_hangs):
> assertion failed: (client->io != NULL)
> Sep  1 11:50:13 surz113 dovecot: [ID 583609 mail.error] imap(user):
> Error: Raw backtrace: 0x80ffb633d88d -> 0x80ffb636ae82 ->
> 0x41eba0 -> 0x41ecf3 -> 0x80ffb635d248 -> 0x80ffb6350d2f ->
> 0x80ffb63519e0 -> 0x80ffb6350dce -> 0x80ffb6350f90 ->
> 0x80ffb62e3ebb -> 0x42f169 -> 0x41292c
> Sep  1 11:50:13 surz113 dovecot: [ID 583609 mail.crit] imap(user):
> Fatal: master: service(imap): child 11227 killed with signal 6 (core not
> dumped - set service imap { drop_priv_before_exec=yes })
>
> This happens with different users, the last one with a relatively small
> mailbox of 600MB.
>
> doveconf -n is attached.
>
> Dovecot 2.2.25
> OS: Solaris 11 (SunOS 5.11 11.3 i86pc i386 i86pc)
> Virtualization: VMware
> Filesystem: ZFS
> active users: ~4000
>
> The system was transferred at beginning of last week from an old
> SPARC-station with Solaris 10 running dovecot-2.2.15 to this virtualized
> platform under VMware. The mailboxes (maildir-format) were transferred
> without change by switching the storage-hardware to the new server. I
> had to remove all dovecot.index*-files for errors of "CPU Architecture
> changed", but after doing this all seemed to work ok except for these
> occasional crashes.
>
> If you need more information, please let me know.
>
> Thanks for any help,
> Andreas
>
>> Hi Jake,
>>
>> thanks for fixing this. I have installed now the newly built package on
>> my production system and will report, if any more core dumps occur.
>>
>> Regards,
>> Andreas
>>

Hi!

Is it possible for you test out a small patch (attached) to see if it
fixes this issue?

Aki
diff --git a/src/imap/imap-client.c b/src/imap/imap-client.c
index 3327788..3a4a510 100644
--- a/src/imap/imap-client.c
+++ b/src/imap/imap-client.c
@@ -1055,9 +1055,7 @@ static bool client_handle_next_command(struct client *client, bool *remove_io_r)
 
 	if (client->input_lock != NULL) {
 		if (client->input_lock->state ==
-		CLIENT_COMMAND_STATE_WAIT_UNAMBIGUITY ||
-		(client->output_cmd_lock != NULL &&
-		 client->output_cmd_lock != client->input_lock)) {
+		CLIENT_COMMAND_STATE_WAIT_UNAMBIGUITY)
 			*remove_io_r = TRUE;
 			return FALSE;
 		}

Re: autoexpunge clarification

[Philon]

Hi Michael

you are correct I guess based on your assumptions.

autoexpunge kicks in on user interaction either by email delivery or a user 
checking in. If both does not occour then no cleanup will happen.

Question would be if there is that much to cleanup in this case. A user not 
logging in for long time and not receiving any emails… seems inactive to me. 
Ok, he might have put all his mails to the trash and this was not emptied 
before he went for his sabatical. But the use case seems to be in the n<10 
range!? A monthly cronjob could be sufficent in this case?

I’m quite happy with the expire plugin and SQL timestamping. Using this the 
cronjob only checks through the listed folders and not all users. Slim 
approach! And for me a cleanup once per day is at least currently more than 
enough.


Philon

> Am 31.08.2016 um 17:44 schrieb Michael Fox :
> 
> Thanks Philon,
> 
> I did read the extra bullets, as indicated in my email below.  But your "When 
> the user quits and thus closes his mailbox/connection" is more clear than 
> "after the client is already disconnected", since the latter is really 
> anytime, rather than at the time they quit.
> 
> I can guess that the bulletin about LMTP similarly means at the end of each 
> time LMTP delivers mail to the mailbox.
> 
> Assuming that is true, then the problem I see with autoexpunge is that it 
> doesn't address the case of a user that has not logged in nor received mail 
> in that mailbox for the specified time.  Those messages would apparently stay 
> forever.  Correct?
> 
> And, if that's true, then the cron job seems like the only way to expunge all 
> old messages.  Correct?
> 
> Thanks,
> Michael

Re: 2.2.25 dumps core with "Panic: file imap-client.c: line 837 (client_check_command_hangs): assertion failed: (client->io != NULL)"

[Piper Andreas]

Hello Timo,

with the newly build CSW-package the crashes still occur, today already
twice within two hours. The log shows always the same:

Sep  1 11:50:13 surz113 dovecot: [ID 583609 mail.crit] imap(user):
Panic: file imap-client.c: line 837 (client_check_command_hangs):
assertion failed: (client->io != NULL)
Sep  1 11:50:13 surz113 dovecot: [ID 583609 mail.error] imap(user):
Error: Raw backtrace: 0x80ffb633d88d -> 0x80ffb636ae82 ->
0x41eba0 -> 0x41ecf3 -> 0x80ffb635d248 -> 0x80ffb6350d2f ->
0x80ffb63519e0 -> 0x80ffb6350dce -> 0x80ffb6350f90 ->
0x80ffb62e3ebb -> 0x42f169 -> 0x41292c
Sep  1 11:50:13 surz113 dovecot: [ID 583609 mail.crit] imap(user):
Fatal: master: service(imap): child 11227 killed with signal 6 (core not
dumped - set service imap { drop_priv_before_exec=yes })

This happens with different users, the last one with a relatively small
mailbox of 600MB.

doveconf -n is attached.

Dovecot 2.2.25
OS: Solaris 11 (SunOS 5.11 11.3 i86pc i386 i86pc)
Virtualization: VMware
Filesystem: ZFS
active users: ~4000

The system was transferred at beginning of last week from an old
SPARC-station with Solaris 10 running dovecot-2.2.15 to this virtualized
platform under VMware. The mailboxes (maildir-format) were transferred
without change by switching the storage-hardware to the new server. I
had to remove all dovecot.index*-files for errors of "CPU Architecture
changed", but after doing this all seemed to work ok except for these
occasional crashes.

If you need more information, please let me know.

Thanks for any help,
Andreas

> Hi Jake,
> 
> thanks for fixing this. I have installed now the newly built package on
> my production system and will report, if any more core dumps occur.
> 
> Regards,
> Andreas
> 
# 2.2.25 (7be1766): /etc/opt/csw/dovecot/dovecot.conf
# OS: SunOS 5.11 i86pc  
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_master_user_separator = *
auth_username_chars = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_
auth_username_format = %u
auth_worker_max_count = 1024
base_dir = /var/run/dovecot/
default_vsz_limit = 2 G
first_valid_gid = 3
first_valid_uid = 3
mail_location = maildir:%h/.maildir
mail_plugins = " mail_log notify"
mail_privileged_group = mail
namespace {
  hidden = no
  inbox = yes
  list = yes
  location = maildir:%h/.maildir
  prefix = 
  separator = /
  subscriptions = yes
  type = private
}
namespace inbox {
  hidden = yes
  inbox = no
  list = no
  location = maildir:%h/.maildir
  prefix = mail/
  separator = /
  subscriptions = no
  type = private
}
passdb {
  args = /etc/dovecot.deny
  deny = yes
  driver = passwd-file
}
passdb {
  args = /etc/opt/csw/dovecot/private/passwd.masterusers
  driver = passwd-file
  master = yes
}
passdb {
  args = blocking=yes cache_key=%u%s *
  driver = pam
}
pop3_uidl_format = %08Xv%08Xu
postmaster_address = postmas...@staff.uni-marburg.de
protocols = imap pop3
service auth-worker {
  user = $default_internal_user
}
service auth {
  client_limit = 6000
}
service imap-login {
  process_min_avail = 64
  service_count = 0
}
service imap {
  process_limit = 6000
}
ssl_cert = 

smime.p7s
Description: S/MIME Cryptographic Signature

AW: dovecot and ldap with problem on userdb

[in Gründung]

Hi,
thanks for the valuable hint. I have already tried to search for this.

This is my postfix config.

+++
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1h
command_directory = /usr/sbin
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
maximal_backoff_time = 15m
maximal_queue_lifetime = 1h
message_size_limit = 1024
minimal_backoff_time = 5m
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = av.loc
myhostname = mail.av.loc
mynetworks = 127.0.0.0/8, 192.168.110.0/24, 192.168.111.0/24,
192.168.114.150, 192.168.114.151
myorigin = /etc/mailname
queue_run_delay = 5m
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/av_smtp_auth.cf
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks
check_relay_domains reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_unknown_sender_domain permit_mynetworks
permit_sasl_authenticated warn_if_reject
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_high_cipherlist =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128
:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDE
A:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
tls_random_source = dev:/dev/urandom
tls_ssl_options = NO_COMPRESSION
unknown_local_recipient_reject_code = 550
unverified_sender_reject_reason = "av - Address verification failed"
virtual_alias_maps = hash:/etc/postfix/av_aliases.cf
virtual_mailbox_base = /var/av_vmail
virtual_mailbox_domains = /etc/postfix/av_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = ldap:/etc/postfix/av_accounts.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
postconf: warning: /etc/postfix/main.cf: unused parameter: i#setgid_group=
+++

Could you probably identify the area based on your knowledge where it could
be?

ldap:/etc/postfix/av_accounts.cf =
+++
#
# check recipient mailbox destination
#
server_host = localhost
search_base = ou=people,dc=av,dc=loc
bind = yes
bind_dn = cn=xxx
bind_pw = xxx
query_filter = (&(objectClass=posixAccount)(mail=%s))

result_attribute = mail
result_format = %s/Maildir/
debuglevel = 1
+++

Mit freundlichenGrüßen / Kind Regards
Kallewirsch

-Ursprüngliche Nachricht-
Von: dovecot [mailto:dovecot-boun...@dovecot.org] Im Auftrag von Aki Tuomi
Gesendet: Donnerstag, 1. September 2016 08:02
An: dovecot@dovecot.org
Betreff: Re: dovecot and ldap with problem on userdb



On 31.08.2016 19:24, Averlon GmbH (in Gründung) wrote:
> Hi,
> I have setup a new ubuntu on 16.04..
> I have already a running system on 14.04 but wanted to migrate.
>
> I get an error when checking user in ldap.
>
> I get another error with some file permissions on auth-userdb which I 
> was not able to overcome sofar.
>
> Help appreciated.
>
>
> Mit freundlichenGrüßen / Kind Regards
> Kallewirsch

Your problem is in postfix config, possibly some virtual user mapping or
aliasing.

Aki

Re: Use of obox2 and AWS S3

[Aki Tuomi]

On 01.09.2016 04:59, Raymond Sellars wrote:
> Hi
>
> Has anyone used or is using dovecot obox and S3 storage? I see very little 
> chatter or documentation on it.
>
> Interested in how mature it is and technical items such as high availability 
> and region replication.
>
> I'm guessing that multiple updates to a S3 mailbox is mitigated via the 
> standard dovecot pattern of Director pointing multiple user sessions to a 
> single/common dovecot node.
>
> And for disaster recovery - that's out of scope of dovecot and more reliant 
> on S3 replication?
>
>
> Any one running a dovecot solution within AWS in general? Interested in best 
> practice for the storage layer. Although NFS is possible its not really 
> optimised for elastic cloud type hosting.
>
> Thanks
> Raymond

Hi!

Obox2 is a commercial product not available as open source, which is
probably why there is very little chatter about it. Obox2 itself is used
in many large installations at the moment and is considered mature. S3
is not that widely used.

If you are interested to find out more about obox2 I invite you to
contact our sales for more discussion.

Aki Tuomi
Dovecot oy

Re: dovecot and ldap with problem on userdb

[Aki Tuomi]

On 31.08.2016 19:24, Averlon GmbH (in Gründung) wrote:
> Hi,
> I have setup a new ubuntu on 16.04..
> I have already a running system on 14.04 but wanted to migrate.
>
> I get an error when checking user in ldap.
>
> I get another error with some file permissions on auth-userdb which I was
> not able to overcome sofar.
>
> Help appreciated.
>
>
> Mit freundlichenGrüßen / Kind Regards
> Kallewirsch

Your problem is in postfix config, possibly some virtual user mapping or
aliasing.

Aki