Re: Dovecot auth-worker error after cram-md5 auth

2017-01-30 Thread Aki Tuomi 


On 31.01.2017 09:47, Poliman - Serwis wrote:
> Output will be in console or in some king  of log file?
>
> 2017-01-31 8:27 GMT+01:00 Evgeniy Korneechev :
>
>> - Исходное сообщение -
>>> От: "Poliman - Serwis" 
>>> Кому: "Aki Tuomi" 
>>> Копия: "dovecot" 
>>> Отправленные: Вторник, 31 Январь 2017 г 10:16:48
>>> Тема: Re: Dovecot auth-worker error after cram-md5 auth
>>> Thank You for answer. Where could I setup these two lines?
>> dovecot.conf?
>>
>> --
>> WBR,
>> BaseALT/ALTLinux Team
>>
>
>
That depends on your logging settings, but it will emit them into
whatever your debug_log_path is. Default is syslog.

Aki

Re: Dovecot auth-worker error after cram-md5 auth

2017-01-30 Thread Poliman - Serwis 
Output will be in console or in some king  of log file?

2017-01-31 8:27 GMT+01:00 Evgeniy Korneechev :

> - Исходное сообщение -
> > От: "Poliman - Serwis" 
> > Кому: "Aki Tuomi" 
> > Копия: "dovecot" 
> > Отправленные: Вторник, 31 Январь 2017 г 10:16:48
> > Тема: Re: Dovecot auth-worker error after cram-md5 auth
>
> > Thank You for answer. Where could I setup these two lines?
>
> dovecot.conf?
>
> --
> WBR,
> BaseALT/ALTLinux Team
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: Dovecot auth-worker error after cram-md5 auth

2017-01-30 Thread Evgeniy Korneechev 
- Исходное сообщение -
> От: "Poliman - Serwis" 
> Кому: "Aki Tuomi" 
> Копия: "dovecot" 
> Отправленные: Вторник, 31 Январь 2017 г 10:16:48
> Тема: Re: Dovecot auth-worker error after cram-md5 auth

> Thank You for answer. Where could I setup these two lines?

dovecot.conf?

-- 
WBR, 
BaseALT/ALTLinux Team

Re: Dovecot auth-worker error after cram-md5 auth

2017-01-30 Thread Poliman - Serwis 
Thank You for answer. Where could I setup these two lines?

2017-01-31 8:08 GMT+01:00 Aki Tuomi :

>
>
> On 31.01.2017 09:06, Poliman - Serwis wrote:
> > I set up cram-md5 using this tutorial
> > https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in
> > passdb code block:
> > listen = *,[::]
> > protocols = imap pop3
> > #auth_mechanisms = plain login cram-md5
> > auth_mechanisms = cram-md5 plain login
> > #dodana nizej linia
> > ssl = required
> > disable_plaintext_auth = yes
> > log_timestamp = "%Y-%m-%d %H:%M:%S "
> > mail_privileged_group = vmail
> > postmaster_address = postmas...@vps342401.ovh.net
> > ssl_cert =  > ssl_key =  > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> > ssl_cipher_list =
> > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> > :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> > ssl_prefer_server_ciphers = yes
> > ssl_dh_parameters_length = 2048
> >
> >
> > mail_max_userip_connections = 100
> > passdb {
> > # args = /etc/dovecot/dovecot-sql.conf
> > # driver = sql
> > driver = passwd-file
> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> > userdb {
> > driver = prefetch
> > }
> > userdb {
> > args = /etc/dovecot/dovecot-sql.conf
> > driver = sql
> > }
> > Of course I created cram-md5.pwd file. All mails go out and come nicely.
> > But after I want to do default settings by commented out these two lines:
> > driver = passwd-file
> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > and uncomment
> > # args = /etc/dovecot/dovecot-sql.conf
> > # driver = sql
> > I can't send emails - I use Thunderbird - get error "logging on server
> > mail.example.com not work out". Error in logs:
> > dovecot: auth-worker(22698): Error: Auth worker sees different
> > passdbs/userdbs than auth server.
> > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
> >
> > Is it possible that hashed password from cram-md5.pwd file was written to
> > database (if yes then where - I have ISPconfig)? I wasn't change any
> userdb
> > {} block and this second userdb block has this same lines like default
> > settings in passdb block.
> >
> Try
>
> auth_debug=yes
> auth_verbose=yes
>
> and see if it gives any more reasonable messages.
>
> Aki
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: Dovecot auth-worker error after cram-md5 auth

2017-01-30 Thread Aki Tuomi 


On 31.01.2017 09:06, Poliman - Serwis wrote:
> I set up cram-md5 using this tutorial
> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in
> passdb code block:
> listen = *,[::]
> protocols = imap pop3
> #auth_mechanisms = plain login cram-md5
> auth_mechanisms = cram-md5 plain login
> #dodana nizej linia
> ssl = required
> disable_plaintext_auth = yes
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> mail_privileged_group = vmail
> postmaster_address = postmas...@vps342401.ovh.net
> ssl_cert =  ssl_key =  ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> ssl_cipher_list =
> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> ssl_prefer_server_ciphers = yes
> ssl_dh_parameters_length = 2048
>
>
> mail_max_userip_connections = 100
> passdb {
> # args = /etc/dovecot/dovecot-sql.conf
> # driver = sql
> driver = passwd-file
> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
> userdb {
> driver = prefetch
> }
> userdb {
> args = /etc/dovecot/dovecot-sql.conf
> driver = sql
> }
> Of course I created cram-md5.pwd file. All mails go out and come nicely.
> But after I want to do default settings by commented out these two lines:
> driver = passwd-file
> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> and uncomment
> # args = /etc/dovecot/dovecot-sql.conf
> # driver = sql
> I can't send emails - I use Thunderbird - get error "logging on server
> mail.example.com not work out". Error in logs:
> dovecot: auth-worker(22698): Error: Auth worker sees different
> passdbs/userdbs than auth server.
> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
>
> Is it possible that hashed password from cram-md5.pwd file was written to
> database (if yes then where - I have ISPconfig)? I wasn't change any userdb
> {} block and this second userdb block has this same lines like default
> settings in passdb block.
>
Try

auth_debug=yes
auth_verbose=yes

and see if it gives any more reasonable messages.

Aki

Dovecot auth-worker error after cram-md5 auth

2017-01-30 Thread Poliman - Serwis 
I set up cram-md5 using this tutorial
https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in
passdb code block:
listen = *,[::]
protocols = imap pop3
#auth_mechanisms = plain login cram-md5
auth_mechanisms = cram-md5 plain login
#dodana nizej linia
ssl = required
disable_plaintext_auth = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_privileged_group = vmail
postmaster_address = postmas...@vps342401.ovh.net
ssl_cert = *

Re: fts_solr and connection via https://

2017-01-30 Thread Jan Vonde 

Am 31.01.2017 um 00:04 schrieb Stephan Bosch:

Op 1/22/2017 om 12:01 PM schreef Stephan Bosch:

Op 1/22/2017 om 10:01 AM schreef Jan Vonde:

I tried adding the following settings but that didn't help:
  ssl_ca = < /etc/ssl/certs/ca-certificates.crt
  ssl_client_ca_dir = /etc/ssl/certs

Can you give me a hint how I can get the ssl certificate accepted?

That should normally have done the trick. However, the sources tell me
that no ssl_client settings are propagated to the http_client used by
fts-solr, so SSL is not currently supported it seems.

I'll check how easy it is to add that.


Just to keep you informed: I created a patch, but it is still being tested.



Thanks for the update Stephan! Awesome! Looking forward to test it 
myself :-)



\Jan

--
Jan Vonde
Hermann-Rein-Str. 6
37075 Göttingen

Tel: 0551 - 200 47 58 2
Mobil: 0176 - 83 110 775

http://www.vonde.eu

Re: tlsv1 alert unknown ca: SSL alert number 48

2017-01-30 Thread Joseph Tam 



Jan 28 22:42:44 dovecot: imap-login: Disconnected (no auth attempts in 0
secs): user=<>, rip=192.168.1.16, lip=192.168.1.3, TLS: SSL_read()
failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown
ca: SSL alert number 48, session=
...
# SSL/TLS support: yes, no, required. 
ssl = yes
ssl_cert = 

Are you using client verification (i.e. mutual authentication of mail
client and server)?

If not, just comment out ssl_ca.

Joseph Tam

Re: fts_solr and connection via https://

2017-01-30 Thread Stephan Bosch 
Op 1/22/2017 om 12:01 PM schreef Stephan Bosch:
> Op 1/22/2017 om 10:01 AM schreef Jan Vonde:
>> I tried adding the following settings but that didn't help:
>>   ssl_ca = < /etc/ssl/certs/ca-certificates.crt
>>   ssl_client_ca_dir = /etc/ssl/certs
>>
>> Can you give me a hint how I can get the ssl certificate accepted?
> That should normally have done the trick. However, the sources tell me
> that no ssl_client settings are propagated to the http_client used by
> fts-solr, so SSL is not currently supported it seems.
>
> I'll check how easy it is to add that.

Just to keep you informed: I created a patch, but it is still being tested.

Regards,

Stephan.

Re: dovecot mdbox never fix broken indexes

2017-01-30 Thread Andrey Melnikov 
2017-01-30 11:43 GMT+03:00 Aki Tuomi :
> Hi!
>
> Please send these to dovecot@dovecot.org instead of us directly. Thank you.
Ok, added to cc.

> Also, did you try force-resync?

Not help.

# doveadm force-resync -u al...@altek.info \*
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332136)
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: rebuilding indexes
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332196)
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332212)
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: rebuilding indexes
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332272)
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332288)
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: rebuilding indexes
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332348)
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332364)
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: rebuilding indexes
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332424)
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332440)
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: rebuilding indexes
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332500)
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index
doveadm(al...@altek.info): Warning: fscking index file
/srv/vmail/altek.info/altek/storage/dovecot.map.index

in logs after force-resync

Jan 30 11:49:23 mail dovecot: lmtp(21946): Connect from ::1
Jan 30 11:49:23 mail dovecot: lmtp(al...@altek.info): Warning: mdbox
/srv/vmail/altek.info/altek/storage: Inconsistency in map index
(63,31880 != 63,332516)
Jan 30 11:49:23 mail dovecot: lmtp(al...@altek.info): Error: Log
synchronization error at seq=63,offset=58292 for
/srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension
record inc drops number below zero (uid=5845, diff=-1, orig=0)
Jan 30 11:49:23 mail dovecot: lmtp(al...@altek.info): Error: Log
synchronization error at seq=63,offset=78516 for
/srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension
record inc drops number below zero (uid=11497, diff=-1, orig=0)
Jan 30 11:49:23 mail dovecot:

Re: Moving to new password scheme

2017-01-30 Thread KSB 

On 2017.01.25. 10:09, Alessio Cecchi wrote:

Il 24/01/2017 23:29, @lbutlr ha scritto:

dovecot is setup on a system with MD5-CRYPT password scheme for all
users, and I would like to update this to something that is secure,
probably SSHA256-CRYPT, but I want to do this seamlessly without the
users having to jump through any hoops.

The users are in mySQL (managed via postfixadmin) and the mailbox
record simply stores the hash in the password field. Users access
their accounts though IMAP MUAs or Roundcube.

How would I setup my system so that if a user logs in and still has a
$1$ password (MD5-CRYPT) their password will be encoded to the new
SHCEME and then the SQL row updated with the $5$ password instead?
Something where they are redirected after authentication to a page
that forces them to renter their password (or choose a new one) is
acceptable.

And, while I am here, is it worthwhile to set the -r flag to a large
number (like something over 100,000 which sets takes about 0.25
seconds to do on my machine)?


Hi,

you can convert password scheme during the login:

http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes

Ciao



I've done it with nice and short pg's stored procedure.

--
KSB

Re: Moving to new password scheme

2017-01-30 Thread Joseph Tam 

Okn Mon, 30 Jan 2017, dovecot-requ...@dovecot.org wrote:


OK, I have the dovecot.conf stuff working so that it calls the external
script and I have that script spitting out the login and a SHA256-CRYPT
password with hash:

Thu Jan 26 06:45:54 MST 2017
USER: xan...@xanmax.com
{SHA512-CRYPT}$6$CfKc0NdiRkWOisjL$kHAx2oxB?


Did you truncate the results?  This hash looks far too short to be a real SHA512
hash.

Joseph Tam

Re: Users with extra mailbox: namespace/mailbox in userdb lookup?

2017-01-30 Thread MRob 

Thank you so much Steffen

On 2017-01-30 00:35, Steffen Kaiser wrote:

Re: Users with extra mailbox: namespace/mailbox in userdb lookup?

2017-01-30 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 27 Jan 2017, MRob wrote:

We have a need for some users to have an additional folder created and 
subscribed for them.


Is is possible to return an override for the default "namespace inbox" 
containing the needed mailbox definitions in the userdb lookup for such 
users? If so, how would the userdb lookup result be formatted? Presumably as


Yes, see here:

http://wiki2.dovecot.org/UserDatabase/ExtraFields

Each setting ist one "Extra Field"

just one long string, but how would the setting be named given there can't be 
a space in it? Can I replace the space with an underscore, e.g.


userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe special_use = 
\Drafts } mailbox Trash { auto=subscribe special_use = \Trash } }'


sort of:

userdb_namespace/inbox/mailbox/Drafts/auto=subscribe

see also:

http://www.dovecot.org/list/dovecot/2016-February/103140.html

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWI763Xz1H7kL/d9rAQI+Awf/V0vZpyQMQclFUy7OYDLbR3RsyIGAVT3Z
zr7vlbui7wViskBqXriNkucz3vUw9B8S0KdAlJnpFR37Hf7yJg9O/q2YAQF9OcYh
HJBNUfOgo8fiCrSFp4R6iInRYXzgM3CFDObm9Rf5OiYjb9sW8taAuX2hT61ccXaW
0sX6MGHgruWGZoZlo0qxo8/5/sb2iY0dNRVEQGaopEHg3DmpeRsJOmbV7XKNaG3v
lovL9kHxQkZTT3Tu26ZXCzVjkVYoSD7IgPathdAGzlGbe2M04RnN6GIM5aXGoTOo
QxSGpvscIHUheSUa3kTrMb2JPdiwkfZKJckQmrtfAvLkzE1WGKIo9Q==
=ZXVy
-END PGP SIGNATURE-