Re: Can Dovecot replace fetchmail?
Peter Chiochettiwrote: > Am 2017-07-13 um 09:34 schrieb Kenneth Porter: >> I'm using fetchmail to grab mail for multiple accounts from an >> external IMAP server and drop it into local mailboxes via SMTP. It >> polls the remote server every two minutes. Can Dovecot replace this >> functionality more elegantly, using IDLE to avoid the polling >> necessary with fetchmail? I'd like to designate that mail for >> specific accounts on the external server be moved to specific local >> mailboxes. > > Just in case: fetchmail can /idle/ on an IMAP server as well, though > with multiple accounts that needs some tuning, see > eg. https://bugs.launchpad.net/bugs/1021699 or > http://fnxweb.com/blog/2012/07/14/using-multiple-fetchmail-instances-for-instant-gratification/ fetchmail 6.3.4 supports option for pid-file location. It simplifies the configuration. -- A. Filip
passwd-file, getting invalid uid 0
Per my earlier post about system and virtual users, I have everything working, but I'm seeing the following message, and wondering: 1) does it matter? 2) is there a way to suppress it? I have an Exim /etc/aliases entry that sends root to me. Jul 13 14:38:47 thebighonker dovecot: auth-worker(13055): Error: passwd-file /etc/passwd: User root has invalid UID '0' doveconf -n: # 2.2.31 (65cde28): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.19 (e5c7051) # OS: FreeBSD 11.1-PRERELEASE amd64 auth_mechanisms = plain login auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org thejonesonair.com thejonesonair.net default_vsz_limit = 1 G deliver_log_format = msgid=%m: %$ (subject=%s from=%f size=%w) doveadm_password = # hidden, use -P to show it lda_mailbox_autocreate = yes listen = 192.147.25.65, :: lmtp_save_to_detail_mailbox = yes login_access_sockets = tcpwrap mail_attribute_dict = file:%h/mail/.imap/dovecot-mail-attributes mail_location = mbox:~/mail:INBOX=~/mail/INBOX mail_log_prefix = "%s(%u/%p): " mail_plugins = " fts fts_solr notify stats virtual" mail_privileged_group = mail mail_server_admin = mailto:l...@lerctr.org mail_server_comment = LERCTR Mail Server mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds editheader mboxmetadata servermetadata imapsieve vnd.dovecot.imapsieve namespace archive { hidden = no list = no location = mbox:~/MAIL-ARCHIVE prefix = ARCHIVE/ separator = / } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox INBOX { auto = create } mailbox SENT { special_use = \Sent } mailbox SPAM { special_use = \Junk } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } mailbox virtual/Flagged { special_use = \Flagged } mailbox virtual/all { special_use = \All } prefix = } namespace virtual { hidden = no list = yes location = virtual:~/MAIL-VIRTUAL:INDEX=MEMORY prefix = Virtual/ separator = / } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = user=%Ln noauthenticate driver = static skip = authenticated } passdb { args = failure_show_msg=yes session=yes max_requests=20 driver = pam skip = authenticated } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://thebighonker.lerctr.org:8983/solr/dovecot/ fts_tika = http://localhost:9998/tika/ imapsieve_mailbox1_before = file:/usr/local/share/dovecot-pigeonhole/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = SPAM imapsieve_mailbox2_before = file:/usr/local/share/dovecot-pigeonhole/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = SPAM imapsieve_mailbox2_name = * imapsieve_url = sieve://thebighonker.lerctr.org mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append mail_log_fields = uid box msgid size from subject vsize flags recipient_delimiter = + sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_execute_bin_dir = /usr/local/share/dovecot-pigeonhole/sieve sieve_extensions = +editheader +vacation-seconds +mboxmetadata +servermetadata sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute sieve_pipe_bin_dir = /usr/local/share/dovecot-pigeonhole/sieve sieve_plugins = sieve_imapsieve sieve_extprograms stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 16 M stats_refresh = 5s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-client { mode = 0666 } unix_listener auth-master { mode = 0666 } } service doveadm { inet_listener http { port = 8080 ssl = yes } } service indexer-worker { drop_priv_before_exec = yes } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0666 user = } fifo_listener stats-user { group = mode = 0666 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0666 user = } user = $default_internal_user
Re: System users lookup via PAM: strip the domain name?
Bingo, that works well. Might it be useful to document this on the Wiki? (some of the constructs used aren’t real clear there). -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larry...@gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281 From: Larry RosenmanDate: Thursday, July 13, 2017 at 6:36 AM To: Aki Tuomi , Dovecot List Subject: Re: System users lookup via PAM: strip the domain name? Ok,, I was half awake when I typed that Sent from my Sprint Samsung Galaxy S8+. Original message From: Aki Tuomi Date: 7/13/17 6:19 AM (GMT-06:00) To: Dovecot List , Larry Rosenman Subject: Re: System users lookup via PAM: strip the domain name? No it's intentionally %Ln to convert user1@domain into user1 for PAM. Aki > On July 13, 2017 at 2:03 PM Larry Rosenman wrote: > > > Is the %Ln on the 2nd passdb supposed to be a %Lu? > > > Sent from my Sprint Samsung Galaxy S8+. > Original message From: Aki Tuomi > Date: 7/13/17 4:43 AM (GMT-06:00) To: Dovecot List , > Larry Rosenman Subject: Re: System users lookup via PAM: > strip the domain name? > No. > > It's just a placeholder, like %u or %d. > > Aki > > > On July 13, 2017 at 10:57 AM Larry Rosenman wrote: > > > > > > Will %{original_username} set %d as well? > > > > > > Sent from my Sprint Samsung Galaxy S8+. > > Original message From: Aki Tuomi > > Date: 7/13/17 12:34 AM (GMT-06:00) To: Dovecot List > > , Larry Rosenman Subject: Re: > > System users lookup via PAM: strip the domain name? > > > > > On July 13, 2017 at 4:27 AM Larry Rosenman wrote: > > > > > > > > > I have a need for the following: > > > > > > Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) > > > wirhOUT @domain in /etc/passwd > > > > > > Virtual Users in SQL (with full user@domain in the DB) > > > > > > > > > > > > When I have auth_username_format = %Ln I can’t auth the Virtual Users, > > > and if I have auth_username_format = %Lu I can’t auth System users. > > > > > > > > > > > > Is there a compromise somewhere? > > > > > > > > > > You could try using %{original_username} in SQL. > > > > Or you can try removing the auth_username_format and instead > > > > passdb { > > driver = sql > > args = ... > > } > > passdb { > > driver = static > > args = user=%Ln noauthenticate > > # you can remove next line if you want to always normalize your usernames > > skip = authenticated > > } > > passdb { > > driver = pam > > args = ... > > skip = authenticated > > } > > > > Aki
passwd-file unknown user even if known
I am seeing lots of passwd-file unknown user messages even when they are known and they can login. I have several passwd files that are looked up with a deny file first, could the first check on the deny.%Ls file be generating this message then when it checks the next passdb driver it is found? If so is there a way to suppress the error message until all drivers have been checked?
Re: System users lookup via PAM: strip the domain name?
Ok,, I was half awake when I typed that Sent from my Sprint Samsung Galaxy S8+. Original message From: Aki TuomiDate: 7/13/17 6:19 AM (GMT-06:00) To: Dovecot List , Larry Rosenman Subject: Re: System users lookup via PAM: strip the domain name? No it's intentionally %Ln to convert user1@domain into user1 for PAM. Aki > On July 13, 2017 at 2:03 PM Larry Rosenman wrote: > > > Is the %Ln on the 2nd passdb supposed to be a %Lu? > > > Sent from my Sprint Samsung Galaxy S8+. > Original message From: Aki Tuomi > Date: 7/13/17 4:43 AM (GMT-06:00) To: Dovecot List , > Larry Rosenman Subject: Re: System users lookup via PAM: > strip the domain name? > No. > > It's just a placeholder, like %u or %d. > > Aki > > > On July 13, 2017 at 10:57 AM Larry Rosenman wrote: > > > > > > Will %{original_username} set %d as well? > > > > > > Sent from my Sprint Samsung Galaxy S8+. > > Original message From: Aki Tuomi > > Date: 7/13/17 12:34 AM (GMT-06:00) To: Dovecot List > > , Larry Rosenman Subject: Re: > > System users lookup via PAM: strip the domain name? > > > > > On July 13, 2017 at 4:27 AM Larry Rosenman wrote: > > > > > > > > > I have a need for the following: > > > > > > Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) > > > wirhOUT @domain in /etc/passwd > > > > > > Virtual Users in SQL (with full user@domain in the DB) > > > > > > > > > > > > When I have auth_username_format = %Ln I can’t auth the Virtual Users, > > > and if I have auth_username_format = %Lu I can’t auth System users. > > > > > > > > > > > > Is there a compromise somewhere? > > > > > > > > > > You could try using %{original_username} in SQL. > > > > Or you can try removing the auth_username_format and instead > > > > passdb { > > driver = sql > > args = ... > > } > > passdb { > > driver = static > > args = user=%Ln noauthenticate > > # you can remove next line if you want to always normalize your usernames > > skip = authenticated > > } > > passdb { > > driver = pam > > args = ... > > skip = authenticated > > } > > > > Aki
Re: System users lookup via PAM: strip the domain name?
No it's intentionally %Ln to convert user1@domain into user1 for PAM. Aki > On July 13, 2017 at 2:03 PM Larry Rosenmanwrote: > > > Is the %Ln on the 2nd passdb supposed to be a %Lu? > > > Sent from my Sprint Samsung Galaxy S8+. > Original message From: Aki Tuomi > Date: 7/13/17 4:43 AM (GMT-06:00) To: Dovecot List , > Larry Rosenman Subject: Re: System users lookup via PAM: > strip the domain name? > No. > > It's just a placeholder, like %u or %d. > > Aki > > > On July 13, 2017 at 10:57 AM Larry Rosenman wrote: > > > > > > Will %{original_username} set %d as well? > > > > > > Sent from my Sprint Samsung Galaxy S8+. > > Original message From: Aki Tuomi > > Date: 7/13/17 12:34 AM (GMT-06:00) To: Dovecot List > > , Larry Rosenman Subject: Re: > > System users lookup via PAM: strip the domain name? > > > > > On July 13, 2017 at 4:27 AM Larry Rosenman wrote: > > > > > > > > > I have a need for the following: > > > > > > Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) > > > wirhOUT @domain in /etc/passwd > > > > > > Virtual Users in SQL (with full user@domain in the DB) > > > > > > > > > > > > When I have auth_username_format = %Ln I can’t auth the Virtual Users, > > > and if I have auth_username_format = %Lu I can’t auth System users. > > > > > > > > > > > > Is there a compromise somewhere? > > > > > > > > > > You could try using %{original_username} in SQL. > > > > Or you can try removing the auth_username_format and instead > > > > passdb { > > driver = sql > > args = ... > > } > > passdb { > > driver = static > > args = user=%Ln noauthenticate > > # you can remove next line if you want to always normalize your usernames > > skip = authenticated > > } > > passdb { > > driver = pam > > args = ... > > skip = authenticated > > } > > > > Aki
Re: System users lookup via PAM: strip the domain name?
Is the %Ln on the 2nd passdb supposed to be a %Lu? Sent from my Sprint Samsung Galaxy S8+. Original message From: Aki TuomiDate: 7/13/17 4:43 AM (GMT-06:00) To: Dovecot List , Larry Rosenman Subject: Re: System users lookup via PAM: strip the domain name? No. It's just a placeholder, like %u or %d. Aki > On July 13, 2017 at 10:57 AM Larry Rosenman wrote: > > > Will %{original_username} set %d as well? > > > Sent from my Sprint Samsung Galaxy S8+. > Original message From: Aki Tuomi > Date: 7/13/17 12:34 AM (GMT-06:00) To: Dovecot List , > Larry Rosenman Subject: Re: System users lookup via PAM: > strip the domain name? > > > On July 13, 2017 at 4:27 AM Larry Rosenman wrote: > > > > > > I have a need for the following: > > > > Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) wirhOUT > > @domain in /etc/passwd > > > > Virtual Users in SQL (with full user@domain in the DB) > > > > > > > > When I have auth_username_format = %Ln I can’t auth the Virtual Users, and > > if I have auth_username_format = %Lu I can’t auth System users. > > > > > > > > Is there a compromise somewhere? > > > > > > You could try using %{original_username} in SQL. > > Or you can try removing the auth_username_format and instead > > passdb { > driver = sql > args = ... > } > passdb { > driver = static > args = user=%Ln noauthenticate > # you can remove next line if you want to always normalize your usernames > skip = authenticated > } > passdb { > driver = pam > args = ... > skip = authenticated > } > > Aki
Re: System users lookup via PAM: strip the domain name?
No. It's just a placeholder, like %u or %d. Aki > On July 13, 2017 at 10:57 AM Larry Rosenmanwrote: > > > Will %{original_username} set %d as well? > > > Sent from my Sprint Samsung Galaxy S8+. > Original message From: Aki Tuomi > Date: 7/13/17 12:34 AM (GMT-06:00) To: Dovecot List , > Larry Rosenman Subject: Re: System users lookup via PAM: > strip the domain name? > > > On July 13, 2017 at 4:27 AM Larry Rosenman wrote: > > > > > > I have a need for the following: > > > > Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) wirhOUT > > @domain in /etc/passwd > > > > Virtual Users in SQL (with full user@domain in the DB) > > > > > > > > When I have auth_username_format = %Ln I can’t auth the Virtual Users, and > > if I have auth_username_format = %Lu I can’t auth System users. > > > > > > > > Is there a compromise somewhere? > > > > > > You could try using %{original_username} in SQL. > > Or you can try removing the auth_username_format and instead > > passdb { > driver = sql > args = ... > } > passdb { > driver = static > args = user=%Ln noauthenticate > # you can remove next line if you want to always normalize your usernames > skip = authenticated > } > passdb { > driver = pam > args = ... > skip = authenticated > } > > Aki
Re: System users lookup via PAM: strip the domain name?
Will %{original_username} set %d as well? Sent from my Sprint Samsung Galaxy S8+. Original message From: Aki TuomiDate: 7/13/17 12:34 AM (GMT-06:00) To: Dovecot List , Larry Rosenman Subject: Re: System users lookup via PAM: strip the domain name? > On July 13, 2017 at 4:27 AM Larry Rosenman wrote: > > > I have a need for the following: > > Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) wirhOUT > @domain in /etc/passwd > > Virtual Users in SQL (with full user@domain in the DB) > > > > When I have auth_username_format = %Ln I can’t auth the Virtual Users, and if > I have auth_username_format = %Lu I can’t auth System users. > > > > Is there a compromise somewhere? > > You could try using %{original_username} in SQL. Or you can try removing the auth_username_format and instead passdb { driver = sql args = ... } passdb { driver = static args = user=%Ln noauthenticate # you can remove next line if you want to always normalize your usernames skip = authenticated } passdb { driver = pam args = ... skip = authenticated } Aki
Re: Can Dovecot replace fetchmail?
Am 2017-07-13 um 09:34 schrieb Kenneth Porter: I'm using fetchmail to grab mail for multiple accounts from an external IMAP server and drop it into local mailboxes via SMTP. It polls the remote server every two minutes. Can Dovecot replace this functionality more elegantly, using IDLE to avoid the polling necessary with fetchmail? I'd like to designate that mail for specific accounts on the external server be moved to specific local mailboxes. Just in case: fetchmail can /idle/ on an IMAP server as well, though with multiple accounts that needs some tuning, see eg. https://bugs.launchpad.net/bugs/1021699 or http://fnxweb.com/blog/2012/07/14/using-multiple-fetchmail-instances-for-instant-gratification/ -- peter
Can Dovecot replace fetchmail?
I'm using fetchmail to grab mail for multiple accounts from an external IMAP server and drop it into local mailboxes via SMTP. It polls the remote server every two minutes. Can Dovecot replace this functionality more elegantly, using IDLE to avoid the polling necessary with fetchmail? I'd like to designate that mail for specific accounts on the external server be moved to specific local mailboxes. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Re: Master auth only
Citát Sami Ketola: On 12 Jul 2017, at 15.46, Rick Romero wrote: This is awesome, as I was just contemplating how to maintain persistence with 2FA. Is it possible to use a passdb based on remote ip? There's a username_filter, but I want to use a master password for webmail (which will use 2FA via Radius), and those IPs are known and non-routable. passdb { driver = static args = password=masterpassword allow_nets=192.168.0.0/24 } or can even use single ip like allow_nets=192.168.1.234 Sami Thanks guys, i reworked it like this (i already allowed only proxy IP on firewall but thanks for suggestion, i added also allow_nets, just to be sure) and everything is working fine. azur
Re: Master auth only
> On 12 Jul 2017, at 15.46, Rick Romerowrote: > This is awesome, as I was just contemplating how to maintain persistence with > 2FA. > Is it possible to use a passdb based on remote ip? There's a > username_filter, but I want to use a master password for webmail (which will > use 2FA via Radius), and those IPs are known and non-routable. passdb { driver = static args = password=masterpassword allow_nets=192.168.0.0/24 } or can even use single ip like allow_nets=192.168.1.234 Sami