Re: 10-ssl ssl = no but dovecot still reads certs

2017-07-21 Thread Peter van Dijk 

On 16 Jun 2017, at 10:29, li...@lazygranch.com wrote:


I'm bringing up a new email server starting without TLS initially. In
10-ssl.conf I set ssl = no, but the default ssl_cert and ssl_key
lines are not commented out. I got the obvious error message:
--
doveconf: Fatal: Error in configuration
file /usr/local/etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: 
Can't

open file /etc/ssl/certs/dovecot.pem: No such file or
directory /usr/local/etc/rc.d/dovecot: WARNING: failed to start 
dovecot

--

No big deal, but I don't remember this being an issue the last time I
set up a server. You would think if ssl=no, the ssl_cert and ssl_key
files would not be opened.


My guess is you have set ssl_cert=fails to read the file. At that stage it has no idea that ssl=no makes 
that file irrelevant - only much later will Dovecot ignore the value of 
ssl_cert because ssl=no, but it never gets there because this initial 
stage of reading the config has already failed. This is, as I recall it, 
the sensible explanation I got from one of the Dovecot developers.


Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

Re: Corrupt index files

2017-07-21 Thread Bruce Guenter 
On Fri, Jul 21, 2017 at 03:25:39PM -0600, Bruce Guenter wrote:
> We had been using a loadbalancer with persistence to reduce the
> problems, and today I switched to everything running on a single box to
> avoid any cross-node contention. Unfortunately, the problem still
> happens, even when they were all running imap on a single box.

I just confirmed this. One of the mailboxes was deleted and recreated
from scratch, and since recreation it has only been accessed on a single
box. It *still* is having corrupt index problems.

This is not just caused by accessing the mailboxes on different servers.

-- 
Bruce Guenter http://untroubled.org/


signature.asc
Description: Digital signature

Re: under some kind of attack

2017-07-21 Thread mj 

Hi Joseph,

On 07/21/2017 10:17 PM, Joseph Tam wrote:

As per my post: checkpassword.  You can then use one password on Mondays,
Wednesdays, and Fridays, alternate passwords on Tuesdays and Thursday
fetched from a rot-13 database, and only from prime numbered IP addresses
on weekends, if that's what you want.


Having read the wiki page on checkpassword, I am unsure how this would 
work with an ldap backend.


Could you elaborate on that?

Best,
MJ

Re: Corrupt index files

2017-07-21 Thread Bruce Guenter 
On Fri, Jul 21, 2017 at 08:50:16PM +0200, Robert Schetterer wrote:
> you should avoid this
> one solution is to use loadbalancers with persistance

We had been using a loadbalancer with persistence to reduce the
problems, and today I switched to everything running on a single box to
avoid any cross-node contention. Unfortunately, the problem still
happens, even when they were all running imap on a single box.

We are moving to a director type setup instead of a persistent load
balancer to eliminate the last source of cross-node access.

> i think you could rare the corrupt
> with optimize settings
> to i.e
> 
> mail_fsync = always
> mmap_disable = yes

I have those, but...

> mail_nfs_storage = yes
> mail_nfs_index = yes

I missed seeing those.

Thanks

-- 
Bruce Guenter http://untroubled.org/


signature.asc
Description: Digital signature

Re: Return extra fields from passwd userdb

2017-07-21 Thread Steffen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Michele Petrella wrote:
> Hi,
> 
> each user exists in one db.
> 
> I changed configuration:
> 
> # 2.2.29.1 (e0b76e3): /var/etc/dovecot/dovecot.conf # Pigeonhole 
> version 0.4.18 (29cc74d) # OS: Linux 3.10.55-gentoo i686 SuSE
> Linux 7.1 (i386) auth_debug = yes debug_log_path = 
> /var/log/dovecot/dovecot_debug.log disable_plaintext_auth = no 
> info_log_path = /var/log/state.mail/dovecot.pipe log_path = 
> /var/log/dovecot/dovecot.log mail_debug = yes mail_gid = users 
> mail_location = maildir:~/.maildir mail_plugins = acl quota 
> mail_shared_explicit_inbox = yes mail_uid = vmail 
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date ihave duplicate namespace { list = yes
> location = maildir:/data/home/vmail/public prefix = Public/
> separator = / subscriptions = no type = public } namespace { list =
> children location = 
> maildir:/data/home/%%n/.maildir:INDEX=~/.maildir/shared/%%u prefix 
> = Shared/%%u/ separator = / subscriptions = no type = shared } 
> namespace inbox { inbox = yes list = yes location = mailbox
> Cestino { special_use = \Trash } mailbox Drafts { special_use =
> \Drafts } mailbox Junk { special_use = \Junk } mailbox "Posta
> inviata" { special_use = \Sent } mailbox Sent { special_use = \Sent
> } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash {
> special_use = \Trash } prefix = separator = / subscriptions = yes
> type = private } passdb { args = /etc/dovecot/passwd.masterusers
> driver = passwd-file master = yes } passdb { args = 
> /var/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { 
> driver = passwd skip = authenticated } plugin { acl = 
> vfile:/etc/dovecot/acl:cache_secs=300 acl_shared_dict = 
> file:/var/lib/dovecot-dict/shared-mailboxes quota = maildir:User 
> quota quota_rule = *:storage=5M quota_rule2 = Trash:storage=+100M 
> quota_rule3 = SPAM:ignore sieve = ~/.dovecot.sieve sieve_before = 
> /var/etc/dovecot/sieve/general/ sieve_dir = ~/sieve 
> sieve_execute_bin_dir = /usr/local/bin/dovecot/sieve-execute 
> sieve_filter_bin_dir = /usr/local/bin/dovecot/sieve-filter 
> sieve_global_dir = /var/etc/dovecot/sieve/global/ 
> sieve_global_extensions = +vnd.dovecot.execute +vnd.dovecot.filter
>  +vnd.dovecot.pipe +editheader sieve_pipe_bin_dir = 
> /usr/local/bin/dovecot/sieve-pipe sieve_plugins = sieve_extprograms
> } protocols = imap pop3 lmtp sieve service auth { unix_listener
> auth-userdb { group = users } } service imap-postlogin { executable
> = script-login /usr/local/bin/imap-postlogin.sh user =
> $default_internal_user } service imap { executable = imap
> imap-postlogin } ssl_cert = 
>   args = /var/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } 
> userdb { driver = passwd } protocol lda { info_log_path = 
> /var/log/dovecot/dovecot-lda.log log_path = 
> /var/log/dovecot/dovecot-lda.log mail_plugins = acl quota sieve } 
> protocol imap { mail_max_userip_connections = 20 mail_plugins =
> acl quota imap_acl imap_quota }
> 
> 
> File /var/etc/dovecot/dovecot-ldap.conf.ext is:
> 
> hosts = localhost base = ou=mnusers,dc=majornet,dc=local
> user_attrs = quota_rule=*:bytes=%{ldap:quotaBytes}
> 
> 
> But when I run: doveadm -D quota get -u afasystems

Well, first try this:

 doveadm user afasystems

All extra fields should be displayed (quotaByte only in your example).
Then verify that this user has quotaBytes at all

ldapsearch -B ou=mnusers,dc=majornet,dc=local user=afasystems quotaBytes

Then look here: https://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb
user_attrs = \
  =home=%{ldap:homeDirectory}, \
  =uid=%{ldap:uidNumber}, \
  =gid=%{ldap:gidNumber}

all mappings using %{ldap:...} have a "=" prefixed before the settings
name

Then re-try doveadm user 

> 
> No extra field is returned: doveadm(root): Debug: Loading modules 
> from directory: /usr/lib/dovecot doveadm(root): Debug: Module 
> loaded: /usr/lib/dovecot/lib01_acl_plugin.so doveadm(root): Debug: 
> Module loaded: /usr/lib/dovecot/lib10_quota_plugin.so 
> doveadm(root): Debug: Loading modules from directory: 
> /usr/lib/dovecot/doveadm doveadm(root): Debug: Module loaded: 
> /usr/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so
> doveadm(root): Debug: Skipping module doveadm_expire_plugin,
> because dlopen() failed:
> /usr/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined
> symbol: expire_set_deinit (this is usually intentional, so just
> ignore this message) doveadm(root): Debug: Module loaded: 
> /usr/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so 
> doveadm(root): Debug: Module loaded: 
> /usr/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so 
> doveadm(root): Debug: Skipping module doveadm_fts_lucene_plugin, 
> because dlopen() failed: 
> /usr/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: 
>

Re: under some kind of attack

2017-07-21 Thread Joseph Tam 

mj  wrote:


- for external users, to ONLY be allowed to use an application specific
password. (or username and password, fine as well)

Step one: making ldap password authentication valid only from our
internal network. I though: using allow_nets=192.168.1.0/24 for that passdb

But I can't get that to work. :-( Unsure where exactly to define the
allow_nets, tried many variations on the theme already.

Perhaps someone can help with the step one, and also tell me if the
approach outlined above is smart, valid and do-able in dovecot.


As per my post: checkpassword.  You can then use one password on Mondays,
Wednesdays, and Fridays, alternate passwords on Tuesdays and Thursday
fetched from a rot-13 database, and only from prime numbered IP addresses
on weekends, if that's what you want.

Gary Sellani  writes:


Not applicable to most installations, but I use geographical filtering
on all ports other than 25.  Fine if you are the only user of the email
system.


If you're the only user, moving the IMAP/POP service to a nonstandard port
will do most of that with much less bother, and you won't lock yourself
out, requiring a ssh/edit firewall/reconnect.  Been there, done that.


I get one hacker a week trying to guess passwords, and always from Digital 
Ocean VPS.


ab...@digitalocean.com is fairly responsive.  They usually nuke
them pretty quickly.


I would like to see statistics on the success of such brute force
attacks.  They can't be very successful these days.


Even if the success rate is 0.1%, you can do the arithmetic to see
that's still a huge number of accounts.  But you're right, if you have
anything resembling a sensible password policy, they're just a log
bloating nuisance.

Joseph Tam

Re: Corrupt index files

2017-07-21 Thread Robert Schetterer 
Am 21.07.2017 um 19:47 schrieb Bruce Guenter:
> 
> I am running Dovecot IMAP on Linux, on a LizardFS storage cluster with
> Maildir storage. This has worked well for most of the accounts for
> several months.
> 
> However in the last couple of weeks we are seeing increasing errors
> regarding corrupted index files.

you should avoid this
one solution is to use loadbalancers with persistance
and/or with i.e

https://wiki2.dovecot.org/Director

i dont know LizardFS
but problems are somekind equal with all storage clusters
and there are different solutions to handle
this so i dont know what may the best at your place

i would read and ask here for settings with storage clusters, a good
start could be

https://wiki2.dovecot.org/NFS
https://wiki2.dovecot.org/SharedMailboxes/ClusterSetup
https://wiki2.dovecot.org/MailLocation/SharedDisk



 Some of the accounts affected are
> unable to retrieve messages due to timeouts.

index settings and mailbox format has impact about this
maildir mostly is self healing but that may fail sometimes on cluster

> 
> It appeared the problems were due to the accounts being accessed from
> multiple servers simultaneously, so I forced them all to access one
> server, but the errors remained. It looks like it has something to do
> with file locking, but LizardFS supports advisory file locking and I do
> have it enabled.
> 
> Deleting the corrupted indexes fixes the problem for a while, but it
> eventually returns, particularly for some accounts.

yeah that is perhaps per design

> 
> Here are some errors I'm seeing (just a random grab). Actual home
> directories are munged for confidentiality.
> 
> imap[25157]: (clientes.standby) Error: Failed to fix view for 
> HOME/clientes:standby/dovecot.index: Missing middle file seq=1 (between 1..1, 
> we have seqs 8): File is already open
> imap[5565]: (stadiumchair) Error: Transaction log file 
> HOME/stadiumchair/.Drafts/dovecot.index.log: marked corrupted
> imap[5005]: (stadiumchair) Error: Corrupted transaction log file 
> HOME/stadiumchair/.Drafts/dovecot.index.log seq 2: indexid changed 1418941056 
> -> 1500658549 (sync_offset=0)
> imap[20243]: (martha) Error: Transaction log HOME/martha/dovecot.index.log: 
> duplicate transaction log sequence (539)
> imap[4665]: (emsspam) Error: Index file HOME/emsspam/dovecot.index: indexid 
> changed: 1500658479 -> 1297175382
> imap[4665]: (emsspam) Error: Corrupted transaction log file 
> HOME/emsspam/dovecot.index.log seq 3: indexid changed: 1500658479 -> 
> 1297175382 (sync_offset=316)
> imap[22985]: (emsspam) Error: Corrupted transaction log file 
> HOME/emsspam/dovecot.index.log seq 10742: Invalid transaction log size (9296 
> vs 9296): HOME/emsspam/dovecot.index.log (sync_offset=9296)
> imap[3267]: (emsspam) Error: Failed to map view for 
> HOME/emsspam/dovecot.index: Failed to map file seq=10742 
> offset=9052..18446744073709551615 (ret=0): corrupted, indexid=0
> imap[3267]: (emsspam) Error: HOME/emsspam/dovecot.index view is inconsistent: 
> uid=3062271 inserted in the middle of mailbox
> 
> The output of dovecot -n is pasted in below. Note that some of the boxes
> are running 4.9, some running 4.4, all have the same problems. Also note
> that I am using a custom authentication front end for our virtual
> mailboxes, but it just sets up the minimal environment variables and
> runs imap.
> 
> Is there anything I can change to eliminate these problems? Are there
> any other diagnostics I can provide to shed light on this?
> 
> # 2.2.31 (65cde28): /etc/dovecot/dovecot.conf
> # OS: Linux 4.4.66 x86_64 Gentoo Base System release 2.3 
> log_path = /dev/stderr
> mail_debug = yes
> mail_fsync = always
> mail_location = maildir:~/.maildir
> mail_log_prefix = "%s[%p]: (%u) "
> mmap_disable = yes
> namespace inbox {
>   inbox = yes
>   location = 
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Trash {
> special_use = \Trash
>   }
>   prefix = INBOX
>   separator = 
>   type = private
> }
> passdb {
>   args = *
>   driver = pam
> }
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf.ext
>   driver = sql
> }
> plugin {
>   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
> }
> ssl_cert =  ssl_key =  # hidden, use -P to show it
> userdb {
>   driver = passwd
> }
> userdb {
>   args = /etc/dovecot/dovecot-sql.conf.ext
>   driver = sql
> }
> 

i think you could rare the corrupt
with optimize settings
to i.e

mail_fsync = always
mail_nfs_storage = yes
mail_nfs_index = yes
mmap_disable = yes

etc
but to fix it at all you may have to rethink your whole setup
dovecot gurus may help and search the list archive about cluster setups


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München,

Corrupt index files

2017-07-21 Thread Bruce Guenter 

I am running Dovecot IMAP on Linux, on a LizardFS storage cluster with
Maildir storage. This has worked well for most of the accounts for
several months.

However in the last couple of weeks we are seeing increasing errors
regarding corrupted index files. Some of the accounts affected are
unable to retrieve messages due to timeouts.

It appeared the problems were due to the accounts being accessed from
multiple servers simultaneously, so I forced them all to access one
server, but the errors remained. It looks like it has something to do
with file locking, but LizardFS supports advisory file locking and I do
have it enabled.

Deleting the corrupted indexes fixes the problem for a while, but it
eventually returns, particularly for some accounts.

Here are some errors I'm seeing (just a random grab). Actual home
directories are munged for confidentiality.

imap[25157]: (clientes.standby) Error: Failed to fix view for 
HOME/clientes:standby/dovecot.index: Missing middle file seq=1 (between 1..1, 
we have seqs 8): File is already open
imap[5565]: (stadiumchair) Error: Transaction log file 
HOME/stadiumchair/.Drafts/dovecot.index.log: marked corrupted
imap[5005]: (stadiumchair) Error: Corrupted transaction log file 
HOME/stadiumchair/.Drafts/dovecot.index.log seq 2: indexid changed 1418941056 
-> 1500658549 (sync_offset=0)
imap[20243]: (martha) Error: Transaction log HOME/martha/dovecot.index.log: 
duplicate transaction log sequence (539)
imap[4665]: (emsspam) Error: Index file HOME/emsspam/dovecot.index: indexid 
changed: 1500658479 -> 1297175382
imap[4665]: (emsspam) Error: Corrupted transaction log file 
HOME/emsspam/dovecot.index.log seq 3: indexid changed: 1500658479 -> 1297175382 
(sync_offset=316)
imap[22985]: (emsspam) Error: Corrupted transaction log file 
HOME/emsspam/dovecot.index.log seq 10742: Invalid transaction log size (9296 vs 
9296): HOME/emsspam/dovecot.index.log (sync_offset=9296)
imap[3267]: (emsspam) Error: Failed to map view for HOME/emsspam/dovecot.index: 
Failed to map file seq=10742 offset=9052..18446744073709551615 (ret=0): 
corrupted, indexid=0
imap[3267]: (emsspam) Error: HOME/emsspam/dovecot.index view is inconsistent: 
uid=3062271 inserted in the middle of mailbox

The output of dovecot -n is pasted in below. Note that some of the boxes
are running 4.9, some running 4.4, all have the same problems. Also note
that I am using a custom authentication front end for our virtual
mailboxes, but it just sets up the minimal environment variables and
runs imap.

Is there anything I can change to eliminate these problems? Are there
any other diagnostics I can provide to shed light on this?

# 2.2.31 (65cde28): /etc/dovecot/dovecot.conf
# OS: Linux 4.4.66 x86_64 Gentoo Base System release 2.3 
log_path = /dev/stderr
mail_debug = yes
mail_fsync = always
mail_location = maildir:~/.maildir
mail_log_prefix = "%s[%p]: (%u) "
mmap_disable = yes
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = INBOX
  separator = 
  type = private
}
passdb {
  args = *
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
}
ssl_cert = http://untroubled.org/


signature.asc
Description: Digital signature

Re: Return extra fields from passwd userdb

2017-07-21 Thread Michele Petrella 

Hi,

each user exists in one db.

I changed configuration:

# 2.2.29.1 (e0b76e3): /var/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: Linux 3.10.55-gentoo i686 SuSE Linux 7.1 (i386)
auth_debug = yes
debug_log_path = /var/log/dovecot/dovecot_debug.log
disable_plaintext_auth = no
info_log_path = /var/log/state.mail/dovecot.pipe
log_path = /var/log/dovecot/dovecot.log
mail_debug = yes
mail_gid = users
mail_location = maildir:~/.maildir
mail_plugins = acl quota
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave duplicate

namespace {
  list = yes
  location = maildir:/data/home/vmail/public
  prefix = Public/
  separator = /
  subscriptions = no
  type = public
}
namespace {
  list = children
  location = maildir:/data/home/%%n/.maildir:INDEX=~/.maildir/shared/%%u
  prefix = Shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  list = yes
  location =
  mailbox Cestino {
special_use = \Trash
  }
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox "Posta inviata" {
special_use = \Sent
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
  separator = /
  subscriptions = yes
  type = private
}
passdb {
  args = /etc/dovecot/passwd.masterusers
  driver = passwd-file
  master = yes
}
passdb {
  args = /var/etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  driver = passwd
  skip = authenticated
}
plugin {
  acl = vfile:/etc/dovecot/acl:cache_secs=300
  acl_shared_dict = file:/var/lib/dovecot-dict/shared-mailboxes
  quota = maildir:User quota
  quota_rule = *:storage=5M
  quota_rule2 = Trash:storage=+100M
  quota_rule3 = SPAM:ignore
  sieve = ~/.dovecot.sieve
  sieve_before = /var/etc/dovecot/sieve/general/
  sieve_dir = ~/sieve
  sieve_execute_bin_dir = /usr/local/bin/dovecot/sieve-execute
  sieve_filter_bin_dir = /usr/local/bin/dovecot/sieve-filter
  sieve_global_dir = /var/etc/dovecot/sieve/global/
  sieve_global_extensions = +vnd.dovecot.execute +vnd.dovecot.filter 
+vnd.dovecot.pipe +editheader

  sieve_pipe_bin_dir = /usr/local/bin/dovecot/sieve-pipe
  sieve_plugins = sieve_extprograms
}
protocols = imap pop3 lmtp sieve
service auth {
  unix_listener auth-userdb {
group = users
  }
}
service imap-postlogin {
  executable = script-login /usr/local/bin/imap-postlogin.sh
  user = $default_internal_user
}
service imap {
  executable = imap imap-postlogin
}
ssl_cert = doveadm(root): Debug: Loading modules from directory: 
/usr/lib/dovecot/doveadm
doveadm(root): Debug: Module loaded: 
/usr/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so
doveadm(root): Debug: Skipping module doveadm_expire_plugin, because 
dlopen() failed: 
/usr/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined 
symbol: expire_set_deinit (this is usually intentional, so just ignore 
this message)
doveadm(root): Debug: Module loaded: 
/usr/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so
doveadm(root): Debug: Module loaded: 
/usr/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
doveadm(root): Debug: Skipping module doveadm_fts_lucene_plugin, because 
dlopen() failed: 
/usr/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined 
symbol: lucene_index_iter_deinit (this is usually intentional, so just 
ignore this message)
doveadm(root): Debug: Skipping module doveadm_fts_plugin, because 
dlopen() failed: /usr/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: 
undefined symbol: fts_backend_rescan (this is usually intentional, so 
just ignore this message)
doveadm(afasystems): Debug: auth input: afasystems 
system_groups_user=afasystems uid=1040 gid=100 home=/data/home/afasystems
doveadm(afasystems): Debug: Effective uid=1040, gid=100, 
home=/data/home/afasystems
doveadm(afasystems): Debug: Quota root: name=User quota backend=maildir 
args=
doveadm(afasystems): Debug: Quota rule: root=User quota mailbox=* 
bytes=5242880 messages=0
doveadm(afasystems): Debug: Quota rule: root=User quota mailbox=Trash 
bytes=+104857600 messages=0

doveadm(afasystems): Debug: Quota rule: root=User quota mailbox=SPAM ignored
doveadm(afasystems): Debug: Quota grace: root=User quota bytes=524288 (10%)
doveadm(afasystems): Debug: Namespace inbox: type=private, prefix=, 
sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes 
location=maildir:~/.maildir
doveadm(afasystems): Debug: maildir++: 
root=/data/home/afasystems/.maildir, index=, indexpvt=, control=, 
inbox=/data/home/afasystems/.maildir, alt=
doveadm(afasystems): Debug: acl: initializing backend with data: 
vfile:/etc/dovecot/acl:cache_secs=300

doveadm(afasystems): Debug: acl: acl username =

Re: FTS error Unknown user

2017-07-21 Thread azurit 


Citát azu...@pobox.sk:


Hi,

sorry for previous message, i accidentaly send it before it was complete.

Recently, i was configuring a setup with one proxy, which is doing  
authentication and multiple backends, which doesn't have access to  
user database (see  
https://www.mail-archive.com/dovecot@dovecot.org/msg70123.html ).  
Now i wanted to use FTS (solr) on backends but i'm getting this  
error everytime a email is received (and FTS is not working, of  
course):


dovecot: indexer-worker: Error: User [censored] lookup failed: Unknown user


I don't fully understand why FTS needs to do any user lookup during  
indexing but, anyway, how can i workaround it? This is relevant  
config:


passdb {
  driver = static
  args = password=[censored] allow_nets=[censored]
}

userdb {
  driver = static
  args = home=/var/mail/vhosts/%d/%n/home master_user=%u
}


plugin {
  fts = solr
  fts_solr = url=http://[censored]:8080/solr/
  fts_autoindex = yes
  fts_autoindex_max_recent_msgs = 1000
}


FTS is fully configured and working on proxy side (which is,  
currently, also a backend for most of the users - i will split it in  
stages, just wanted to say that i have FTS already working).


azur






Just resolved it, here is the solution (at the end of 'args' line):


userdb {
  driver = static
  args = home=/var/mail/vhosts/%d/%n/home master_user=%u allow_all_users=yes
}


azur

FTS error Unknown user

2017-07-21 Thread azurit 

Hi,

sorry for previous message, i accidentaly send it before it was complete.

Recently, i was configuring a setup with one proxy, which is doing  
authentication and multiple backends, which doesn't have access to  
user database (see  
https://www.mail-archive.com/dovecot@dovecot.org/msg70123.html ). Now  
i wanted to use FTS (solr) on backends but i'm getting this error  
everytime a email is received (and FTS is not working, of course):


dovecot: indexer-worker: Error: User [censored] lookup failed: Unknown user


I don't fully understand why FTS needs to do any user lookup during  
indexing but, anyway, how can i workaround it? This is relevant config:


passdb {
  driver = static
  args = password=[censored] allow_nets=[censored]
}

userdb {
  driver = static
  args = home=/var/mail/vhosts/%d/%n/home master_user=%u
}


plugin {
  fts = solr
  fts_solr = url=http://[censored]:8080/solr/
  fts_autoindex = yes
  fts_autoindex_max_recent_msgs = 1000
}


FTS is fully configured and working on proxy side (which is,  
currently, also a backend for most of the users - i will split it in  
stages, just wanted to say that i have FTS already working).


azur

FTS

2017-07-21 Thread azurit 

Hi,

recently, i was configuring a setup with one proxy, which is doing  
authentication and multiple backends, which doesn't have access to  
user database (see  
https://www.mail-archive.com/dovecot@dovecot.org/msg70123.html ). Now  
i wanted to use FTS (solr) on backends but i'm getting this error  
after every email is received:

Re: Problem compiling dovecot 2.2.31 on Solaris

2017-07-21 Thread Luciano Mannucci 
On Fri, 21 Jul 2017 15:04:59 +0100
James  wrote:

> from SUNWhea on S10 and system/header on S11.  Nevertheless it's missing 
> on Solaris 8 and 9. You can make your own, this worked for me on Solaris 
> 9 at least once, untested recently:
Worked!
Thanks!
Now it is complainig about openssl, I think:

../../src/lib-ssl-iostream/iostream-openssl.h:6:25: error: openssl/ssl.h: No 
such file or directory
In file included from test-http-client.c:12:

I'll try to install a modern version, hoping it'll compile... :)

Thanks again,

Luciano.
-- 
 /"\ /Via A. Salaino, 7 - 20144 Milano (Italy)
 \ /  ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
  X   AGAINST HTML MAIL/  E-MAIL: posthams...@sublink.sublink.org
 / \  AND POSTINGS/   WWW: http://www.lesassaie.IT/

Re: Problem compiling dovecot 2.2.31 on Solaris

2017-07-21 Thread James 

On 21/07/2017 13:38, Levente wrote:

You are missing stdint.h. Try to locate that, and include the
directory. However, this is odd, since it should be shipped with GCC
itself.


Headers are generally supplied by the OS not the compiler, stdint.h is

$ find /usr/include -name stdint.h
/usr/include/sys/stdint.h
/usr/include/stdint.h

from SUNWhea on S10 and system/header on S11.  Nevertheless it's missing 
on Solaris 8 and 9. You can make your own, this worked for me on Solaris 
9 at least once, untested recently:


#ifndef _STDINT_H
#define _STDINT_H

#include 
#include 
#include 

#endif  /* _STDINT_H */


Or just #define what you think it needs, it's not complex.

Re: Problem compiling dovecot 2.2.31 on Solaris

2017-07-21 Thread Luciano Mannucci 
On Fri, 21 Jul 2017 09:27:18 -0400
Oscar del Rio  wrote:

> solaris 8 is way too old!
> I think you need Solaris 10 or newer
I know.
Though dovecot 2.2.5 compiles and runs:

nameron# doveconf -n 
# 2.2.5: /etc/dovecot/dovecot.conf
# OS: SunOS 5.8 sun4u  ufs

Luciano.
-- 
 /"\ /Via A. Salaino, 7 - 20144 Milano (Italy)
 \ /  ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
  X   AGAINST HTML MAIL/  E-MAIL: posthams...@sublink.sublink.org
 / \  AND POSTINGS/   WWW: http://www.lesassaie.IT/

Re: Problem compiling dovecot 2.2.31 on Solaris

2017-07-21 Thread Oscar del Rio 


On 07/21/17 08:56 AM, Luciano Mannucci wrote:

Target: sparc-sun-solaris2.8
Configured with: ../sources/gcc-4.0.2/configure --prefix=/opt/csw/gcc4 
--with-local-prefix=/opt/csw --without-gnu-as --with-as=/usr/ccs/bin/as 
--without-gnu-ld --with-ld=/usr/ccs/bin/ld --enable-threads=posix 
--enable-shared --enable-multilib --enable-nls --with-included-gettext 
--with-libiconv-prefix=/opt/csw --with-x --enable-java-awt=xlib 
--with-system-zlib --enable-languages=c,c++,f95,java,objc,ada
Thread model: posix
gcc version 4.0.2

Is it too old?


solaris 8 is way too old!
I think you need Solaris 10 or newer

Core dumped when authenticating to managesieve

2017-07-21 Thread Kristjan Eentsalu 
Hey,

I'm getting "Error in MANAGESIEVE command received by server." and
 service(managesieve-login) killed with signal 11 (core dumped)  when doing
two line autenticate(sogo) to managesieve().

# telnet localhost 4190
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date index ihave duplicate mime
foreverypart extracttext editheader"
"NOTIFY" "mailto"
"SASL" "PLAIN"
"VERSION" "1.0"
OK "Dovecot ready."
AUTHENTICATE "PLAIN" {52+}
XX==
NO "Error in MANAGESIEVE command received by server."
AUTHENTICATE "PLAIN" {52+}  < trying again
Connection closed by foreign host.

and after that in logs there is "dovecot: managesieve-login: Fatal: master:
service(managesieve-login): child 38748 killed with signal 11 (core dumped)"


One line autenticate works.

# telnet localhost 4190
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date index ihave duplicate mime
foreverypart extracttext editheader"
"NOTIFY" "mailto"
"SASL" "PLAIN"
"VERSION" "1.0"
OK "Dovecot ready."
AUTHENTICATE "PLAIN" "XX=="
OK "Logged in."


OS: FreeBSD 11.1-RC3
Dovecot 2.2.31 , pigeonhole 0.4.19

Trace below

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols
found)...

warning: core file may not match specified executable file.
Core was generated by `dovecot/managesieve-login'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/dovecot/libdovecot-login.so.0...done.
Loaded symbols for /usr/local/lib/dovecot/libdovecot-login.so.0
Reading symbols from /usr/lib/libssl.so.8...done.
Loaded symbols for /usr/lib/libssl.so.8
Reading symbols from /lib/libcrypto.so.8...done.
Loaded symbols for /lib/libcrypto.so.8
Reading symbols from /usr/local/lib/dovecot/libdovecot.so.0...done.
Loaded symbols for /usr/local/lib/dovecot/libdovecot.so.0
Reading symbols from /usr/lib/libkrb5.so.11...done.
Loaded symbols for /usr/lib/libkrb5.so.11
Reading symbols from /usr/lib/libgssapi.so.10...done.
Loaded symbols for /usr/lib/libgssapi.so.10
Reading symbols from /usr/lib/libgssapi_krb5.so.10...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.10
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/lib/libasn1.so.11...done.
Loaded symbols for /usr/lib/libasn1.so.11
Reading symbols from /usr/lib/libcom_err.so.5...done.
Loaded symbols for /usr/lib/libcom_err.so.5
Reading symbols from /lib/libcrypt.so.5...done.
Loaded symbols for /lib/libcrypt.so.5
Reading symbols from /usr/lib/libhx509.so.11...done.
Loaded symbols for /usr/lib/libhx509.so.11
Reading symbols from /usr/lib/libroken.so.11...done.
Loaded symbols for /usr/lib/libroken.so.11
Reading symbols from /usr/lib/libwind.so.11...done.
Loaded symbols for /usr/lib/libwind.so.11
Reading symbols from /usr/lib/libheimbase.so.11...done.
Loaded symbols for /usr/lib/libheimbase.so.11
Reading symbols from /usr/lib/libprivateheimipcc.so.11...done.
Loaded symbols for /usr/lib/libprivateheimipcc.so.11
Reading symbols from /lib/libthr.so.3...done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  i_stream_seek (stream=0x0, v_offset=80) at istream.c:296
296 istream.c: No such file or directory.
in istream.c
(gdb) bt full
#0  i_stream_seek (stream=0x0, v_offset=80) at istream.c:296
_stream = (struct istream_private *) 0x5385e16
#1  0x0536937a in i_stream_limit_read (stream=0x767d540) at
istream-limit.c:34
lstream = (struct limit_istream *) 0x767d540
left = 123848760
ret = 1
pos = 119265200
#2  0x0535f340 in i_stream_read (stream=0x767d5b0) at istream.c:174
_stream = (struct istream_private *) 0x767d540
old_size = 0
ret = 124244864
#3  0x053607ae in i_stream_read_data (stream=0x767d5b0,
data_r=0x7fffe868, size_r=0x7fffe878, threshold=0) at istream.c:569
ret = 0
read_more = false
#4  0x004038d1 in ?? ()
No symbol table info available.
#5  0x00403c1a in ?? ()
No symbol table info available.
#6

Re: Problem compiling dovecot 2.2.31 on Solaris

2017-07-21 Thread Luciano Mannucci 
On Fri, 21 Jul 2017 14:38:57 +0200
Levente  wrote:

> You are missing stdint.h. Try to locate that, and include the
> directory. However, this is odd, since it should be shipped with GCC
> itself.
You're right!
It is missing.

This is the output of gcc -v:

Reading specs from /opt/csw/gcc4/lib/gcc/sparc-sun-solaris2.8/4.0.2/specs
Target: sparc-sun-solaris2.8
Configured with: ../sources/gcc-4.0.2/configure --prefix=/opt/csw/gcc4 
--with-local-prefix=/opt/csw --without-gnu-as --with-as=/usr/ccs/bin/as 
--without-gnu-ld --with-ld=/usr/ccs/bin/ld --enable-threads=posix 
--enable-shared --enable-multilib --enable-nls --with-included-gettext 
--with-libiconv-prefix=/opt/csw --with-x --enable-java-awt=xlib 
--with-system-zlib --enable-languages=c,c++,f95,java,objc,ada
Thread model: posix
gcc version 4.0.2

Is it too old?

Thanks again,

Luciano.
-- 
 /"\ /Via A. Salaino, 7 - 20144 Milano (Italy)
 \ /  ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
  X   AGAINST HTML MAIL/  E-MAIL: posthams...@sublink.sublink.org
 / \  AND POSTINGS/   WWW: http://www.lesassaie.IT/

Re: Problem compiling dovecot 2.2.31 on Solaris

2017-07-21 Thread Levente 
You are missing stdint.h. Try to locate that, and include the
directory. However, this is odd, since it should be shipped with GCC
itself.

Lev

On Fri, Jul 21, 2017 at 2:15 PM, Luciano Mannucci
 wrote:
>
> I'm trying to compile under SunOS 5.8 Generic_117350-28 sun4u sparc 
> SUNW,Ultra-5_10
> (I know it's a bit oldish :-) and I get this error:
>
> /bin/bash ../../libtool  --tag=CC   --mode=compile gcc
> -DHAVE_CONFIG_H -I. -I../.. -std=gnu99 -g -O2 -Wall -W 
> -Wmissing-prototypes
> -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
> -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2  -MT pkcs5.lo 
> -MD
> -MP -MF .deps/pkcs5.Tpo -c -o pkcs5.lo pkcs5.c libtool: compile: gcc
> -DHAVE_CONFIG_H -I. -I../.. -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes
> -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
> -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -MT pkcs5.lo -MD
> -MP -MF .deps/pkcs5.Tpo -c pkcs5.c -fPIC -DPIC -o .libs/pkcs5.o pkcs5.c:9:20:
> error: stdint.h: No such file or directory make[4]: *** [pkcs5.lo] Error 1
>
> What have I missed?
>
> I did:
>
> ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var\
>   --mandir=/usr/share/man --docdir=/usr/share/doc/packages/dovecot\
>   --disable-ipv6 --enable-header-install\
>
> make
>
> Is it reasonable?
>
> Thanks in advance,
>
> Luciano.
> --
>  /"\ /Via A. Salaino, 7 - 20144 Milano (Italy)
>  \ /  ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
>   X   AGAINST HTML MAIL/  E-MAIL: posthams...@sublink.sublink.org
>  / \  AND POSTINGS/   WWW: http://www.lesassaie.IT/

Problem compiling dovecot 2.2.31 on Solaris

2017-07-21 Thread Luciano Mannucci 

I'm trying to compile under SunOS 5.8 Generic_117350-28 sun4u sparc 
SUNW,Ultra-5_10
(I know it's a bit oldish :-) and I get this error:

/bin/bash ../../libtool  --tag=CC   --mode=compile gcc
-DHAVE_CONFIG_H -I. -I../.. -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
-Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2  -MT pkcs5.lo -MD
-MP -MF .deps/pkcs5.Tpo -c -o pkcs5.lo pkcs5.c libtool: compile: gcc
-DHAVE_CONFIG_H -I. -I../.. -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
-Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -MT pkcs5.lo -MD
-MP -MF .deps/pkcs5.Tpo -c pkcs5.c -fPIC -DPIC -o .libs/pkcs5.o pkcs5.c:9:20:
error: stdint.h: No such file or directory make[4]: *** [pkcs5.lo] Error 1

What have I missed?

I did:

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var\
  --mandir=/usr/share/man --docdir=/usr/share/doc/packages/dovecot\
  --disable-ipv6 --enable-header-install\

make

Is it reasonable?

Thanks in advance,

Luciano.
-- 
 /"\ /Via A. Salaino, 7 - 20144 Milano (Italy)
 \ /  ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
  X   AGAINST HTML MAIL/  E-MAIL: posthams...@sublink.sublink.org
 / \  AND POSTINGS/   WWW: http://www.lesassaie.IT/

Re: Latest Virtual Plugin changes seem to have broken flag changes: 2.2.devel (bf2fa36)

2017-07-21 Thread Aki Tuomi 


On 21.07.2017 14:43, Thomas Leuxner wrote:
> * Aki Tuomi  2017.07.21 12:53:
>
>> I cannot repeat this.
> Hi Aki,
>
> a bit hard for me to debug speaking protocol, but I can definitely reproduce 
> it with multiple MUAs.
>
> Regards
> Thomas

You can just turn on rawlogs

protocol imap {
  rawlog_dir = /tmp/rawlogs/%Lu
}

and mkdir /tmp/rawlogs/your-username-in-lowercase
chmod 0777 /tmp/rawlogs/your-username-in-lowercase

Aki

Re: Latest Virtual Plugin changes seem to have broken flag changes: 2.2.devel (bf2fa36)

2017-07-21 Thread Thomas Leuxner 
* Aki Tuomi  2017.07.21 12:53:

> I cannot repeat this.

Hi Aki,

a bit hard for me to debug speaking protocol, but I can definitely reproduce it 
with multiple MUAs.

Regards
Thomas


signature.asc
Description: PGP signature

Re: Latest Virtual Plugin changes seem to have broken flag changes: 2.2.devel (bf2fa36)

2017-07-21 Thread Aki Tuomi 


On 21.07.2017 13:39, Thomas Leuxner wrote:
> Hi,
>
> I’m using several views like this:
>
> # cat Dovecot/dovecot-virtual
> :public/Archive/Mailing-Lists/Dovecot/*
> :public/Mailing-Lists/Dovecot
>  all
>
> Before the recent changes read mail stayed in sync with the virtual folder. 
> Now regardless whether mail is read in the original Folder or the virtual 
> Folder, the flags are not synchronized anymore. Read mail is flagged unread 
> in the corresponding folder.
>
> Regards
> Thomas
>

I cannot repeat this.

a SELECT INBOX
* 1 EXISTS
* 1 RECENT
* OK [UNSEEN 1] First unseen.
a SELECT Virtual/all
* 1 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
a SELECT INBOX
* 1 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
a STORE 1:1 +FLAGS (\Seen)
* 1 FETCH (FLAGS (\Seen))
a OK Store completed (0.001 + 0.000 secs).
a SELECT Virtual/all
* 1 EXISTS
* 0 RECENT
a FETCH 1:* (FLAGS)
* 1 FETCH (FLAGS (\Seen))

Aki

Latest Virtual Plugin changes seem to have broken flag changes: 2.2.devel (bf2fa36)

2017-07-21 Thread Thomas Leuxner 
Hi,

I’m using several views like this:

# cat Dovecot/dovecot-virtual
:public/Archive/Mailing-Lists/Dovecot/*
:public/Mailing-Lists/Dovecot
 all

Before the recent changes read mail stayed in sync with the virtual folder. Now 
regardless whether mail is read in the original Folder or the virtual Folder, 
the flags are not synchronized anymore. Read mail is flagged unread in the 
corresponding folder.

Regards
Thomas



signature.asc
Description: Message signed with OpenPGP