Re: Strange "IMAP connection broken (server response)" errors

2017-10-20 Thread Kadlecsik József 
Hello,

On Fri, 6 Oct 2017, Jozsef Kadlecsik wrote:

> We upgraded one of our dovecot servers to debian stretch with dovecot 
> 2.2.27 and since then one of our users has been experiencing random IMAP 
> failures.
> 
> We enabled raw logging at the server side and it shows normal IMAP 
> commands/responses:
> 
> 1507292522.222427 * 6 FETCH (FLAGS () BODYSTRUCTURE ("text" "plain" 
> ("charset" "us-ascii")
>  NIL NIL "7bit" 4645 112 NIL NIL NIL NIL))
> 1507292522.222653 0011 OK Fetch completed (0.006 + 0.000 secs).
> 
> On the client side the user runs alpine and the corresponding debug lines:
> 
> IMAP DEBUG 14:22:02.216167: 0011 FETCH 6 (BODYSTRUCTURE FLAGS)
> 
> 14:22:02.217396
> IMAP 14:22:02 10/6 mm_notify bye: 
> {[127.0.0.1]:1555/imap/user="ha4aa"}INBOX: [CLOSED] IMAP connection broken 
> (server response)
> 
> 14:22:02.217471
> IMAP 14:22:02 10/6 mm_log error: [CLOSED] IMAP connection broken (server 
> response)
> 
> The "[127.0.0.1]:1555/imap/user="ha4aa" part in the log comes from an 
> socat inserted between the client and the server to check independently 
> the imap session. According to socat, the server response didn't reach 
> the client!:
> 
> 0010 OK Fetch completed (0.005 + 0.000 secs).\r
> > 2017/10/06 14:22:02.216299  length=40 from=845 to=884
> 0011 FETCH 6 (BODYSTRUCTURE FLAGS)\r
> 
> and here ends the socat log.

The date of the last rawlog line corresponds to an ssl debug log of 
dovecot (from the last run):

Oct 20 18:50:05 mail2 dovecot: imap-login: Debug: SSL error: SSL_read() 
failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init

I added the patch "openssl: Clear error queue after an incomplete 
SSL_shutdown", recompiled the package but it did not help.

Any help is highly welcomed!

Best regards,
Jozsef
--
E-mail : kadlecsik.joz...@wigner.mta.hu
PGP key: http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address: Wigner Research Centre for Physics, Hungarian Academy of Sciences
 H-1525 Budapest 114, POB. 49, Hungary

Re: IMAP stops responding.

2017-10-20 Thread Joseph Tam 

S?ren Peter Skou  writes:


I've experienced that IMAP/IMAPS stops responding.  To restore service
there is only one way, restart Dovecot completely.  This leads to
services being interrupted for some people, so it seems to only affect
some of the users on the server.  But POP3/POP3s is still running
happily.  Also, it happens more as we approach Rush Hour.


Help us help you: the problem is most likely pointed out in the log files.
Also, a dump of your configurations (doveconf -n) would help.

Offhand, it seems you've hit an IMAP resource limit, such as
mail_max_userip_connections, or perhaps process/memory limits
(e.g. process_limit, vsz_limit, etc.).

Joseph Tam

fts_solr: Indexing failed: 500 Server Error

2017-10-20 Thread Kirill Ponomarev 
Hi,

running dovecot 2.2.33.2 with solr 7.1.0 (with new XML scheme
instead of JSON) on FreeBSD produces this error message:

Oct 20 20:58:29 krion postfix/smtpd[13371]: disconnect from 
mail-yw0-f169.google.com[209.85.161.169] ehlo=2
+starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Oct 20 20:58:29 krion dovecot: indexer-worker(kr...@krion.cc): Error: fts_solr: 
Indexing failed: 500 Server Error
Oct 20 20:58:29 krion dovecot: indexer-worker(kr...@krion.cc): Error: fts_solr: 
Indexing failed: 500 Server Error
Oct 20 20:58:29 krion dovecot: indexer-worker(kr...@krion.cc): Error: Mailbox 
INBOX: Transaction commit failed: FTS
+transaction commit failed: backend deinit (attempted to index 1 messages (UIDs 
166..166))
Oct 20 20:58:30 krion dovecot: imap(kr...@krion.cc): Connection closed (IDLE 
finished 451.007 secs ago) in=43
+out=812

K.


signature.asc
Description: PGP signature

Re: IMAP stops responding.

2017-10-20 Thread Bill Shirley 

See NATing comment below.

Bill

On 10/20/2017 5:24 AM, Søren Peter Skou wrote:

Hiya all,

I've experienced that IMAP/IMAPS stops responding. To restore service there is 
only one way, restart Dovecot completely. This leads to services being 
interrupted for some people, so it seems to only affect some of the users on 
the server. But POP3/POP3s is still running happily. Also, it happens more as 
we approach Rush Hour. All of this leads me to believe that we're facing a 
problem with clients somehow. I've searched the net for the problem, and dating 
back I've found references to Apple units being the culprit. So we've taken an 
old Apple client, and tried to see how many sessions it actually starts, the 
result of that test was that regardless what we tried it only opened one extra 
session.

A bit of information, Debian OS :
dovecot-core   2:2.2.27-1~auto+44amd64
secure POP3/IMAP server - core files
dovecot-imapd  2:2.2.27-1~auto+44amd64
secure POP3/IMAP server - IMAP daemon
dovecot-mysql  2:2.2.27-1~auto+44amd64
secure POP3/IMAP server - MySQL support
dovecot-pop3d  2:2.2.27-1~auto+44amd64
secure POP3/IMAP server - POP3 daemon
dovecot-sieve  2:2.2.27-1~auto+44amd64
secure POP3/IMAP server - Sieve filters support

the Config itself is fairly simple, lookup through MySQL to find 
username/password etc - I don't really see any obvious option. Also, limiting 
users/sessions per IP isn't really a good idea as we have a great deal of 
customers behind NAT.

NATing shouldn't matter.  The way I understand mail_max_userip_connections, it 
is per user and IP.  Therefore
(the default being mail_max_userip_connections=10), bob, sally, and tom will 
each get 10 connections
from the same IP address.

Med venlig hilsen/Best regards

Søren P. Skou
Netværkstekniker

[logo]


Teglholmsgade 1
0900 København C

Tlf: 69 12 12 12
E-mail: s...@danskkabeltv.dk
Web: www.danskkabeltv.dk

Re: Question regarding replication - duplicate emails

2017-10-20 Thread Remko Lodder 
Hi,

Anyone has suggestions? The situation also happends when I “delete” a message 
from my Phone.
It seems to get replicated instantly and the just deleted email is back in the 
mailbox again.

I did remove HA Proxy support in the meantime to rule that out and I have 
enabled the default
replication_max_conns.

thanks
Remko

> On 13 Oct 2017, at 11:56, Remko Lodder  wrote:
> 
> Dear Dovecot and community,
> 
> We run a small email service for our customers, based on two machines that 
> are made “redundant or clustered” by using the replication feature of Dovecot.
> This works well, for most emails.
> 
> Sometimes the following happends:
> 
> Email to our support database arrives at the inbox.
> Every period a cronjob looks into that mailbox and parses the information and 
> makes a support ticket from that message.
> The cronjob deletes the email afterwards and sees whether there are more new 
> mails or not.
> 
> In between the deletion and the (next) check, the email gets “resynced” again 
> from the “other machine”, and is seen as a new
> email by the cronjob and gets handled again. So basically we get two tickets 
> for one email. After that second run the email is
> no longer replicated.
> 
> This behaviour can also be seen via webmail and email clients, this suggests 
> that the replication might not be aware (enough) that
> the replication is occurring or that an item already had been synced from A 
> to B (and does not need to get back from B to A after A
> deleted it).
> 
> Is there a way to fiddle with the acknowledgement timing or give the 
> processes some more space/time to get on par with eachother?
> 
> Below is the configuration of machine B, they are synchronised through 
> puppet, so only the hostname and IP addresses are different.
> (so for replication, A has: tcps:hostname_of_b:12346 and B has 
> tcps:hostname_of_a:12346). Also note that HAproxy is prepared but
> not in use at all.
> 
> # 2.2.33.1 (e9afa7f18): /usr/local/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.20 (7cd71ba)
> # OS: FreeBSD 11.1-RELEASE amd64
> auth_mechanisms = plain login
> disable_plaintext_auth = no
> doveadm_password =  # hidden, use -P to show it
> haproxy_trusted_networks = IPv4_Haproxy IPv6_Haproxy
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> lmtp_save_to_detail_mailbox = yes
> mail_fsync = always
> mail_location = sdbox:~/sdbox
> mail_plugins = " quota notify replication"
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date index ihave 
> duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
> namespace {
>  inbox = yes
>  location =
>  mailbox Drafts {
>auto = subscribe
>special_use = \Drafts
>  }
>  mailbox Junk {
>special_use = \Junk
>  }
>  mailbox Sent {
>auto = subscribe
>special_use = \Sent
>  }
>  mailbox "Sent Messages" {
>special_use = \Sent
>  }
>  mailbox Spam {
>auto = subscribe
>special_use = \Junk
>  }
>  mailbox Trash {
>auto = subscribe
>special_use = \Trash
>  }
>  prefix =
>  separator = .
> }
> passdb {
>  driver = pam
> }
> plugin {
>  imapsieve_mailbox1_before = 
> file:/usr/local/lib/dovecot/sieve/report-spam.sieve
>  imapsieve_mailbox1_causes = COPY
>  imapsieve_mailbox1_name = Spam
>  imapsieve_mailbox2_before = 
> file:/usr/local/lib/dovecot/sieve/report-ham.sieve
>  imapsieve_mailbox2_causes = COPY
>  imapsieve_mailbox2_from = Spam
>  imapsieve_mailbox2_name = *
>  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
>  mail_log_fields = uid box msgid size
>  mail_replica = tcps:hostname_of_machine_a:12346
>  sieve = ~/.dovecot.sieve
>  sieve_after = /usr/local/etc/dovecot/sieve/after/
>  sieve_before = /usr/local/etc/dovecot/sieve/global/
>  sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
>  sieve_plugins = sieve_imapsieve sieve_extprograms
>  sieve_vacation_dont_check_recipient = yes
> }
> postmaster_address = postmas...@ourdomain.tld
> protocols = imap pop3 lmtp sieve
> replication_max_conns = 100
> service aggregator {
>  fifo_listener replication-notify-fifo {
>mode = 0666
>  }
>  unix_listener replication-notify {
>mode = 0666
>  }
> }
> service auth {
>  unix_listener /var/spool/postfix/private/auth {
>mode = 0666
>  }
> }
> service doveadm {
>  inet_listener {
>port = 12346
>ssl = yes
>  }
> }
> service imap-login {
>  inet_listener imap_haproxy {
>haproxy = yes
>port = 10143
>  }
>  inet_listener imaps_haproxy {
>haproxy = yes
>port = 10144
>ssl = yes
>  }
>  service_count = 1
> }
> service imap {
>  process_limit = 1024
> }
> service lmtp {
>  inet_listener lmtp {
>address = IPv4, IPv6, 127.0.0.1 ::1
>port = 24
>  }
>  unix_listener /var/spool/postfix/private/dovecot-lmtp {
>group =

Re: Post-login scripting

2017-10-20 Thread Gedalya 
No, it's entirely my own.
If all you want to do is write client IP addresses to a database then your 
script will probably fit in 20 lines of code or so.


On 10/20/2017 05:04 PM, j.emerlik wrote:
> Which one policy server are you using ?
> Someone from that list : http://www.postfix.org/addon.html
>
> 2017-10-20 16:53 GMT+02:00 Gedalya :
>
>> On 10/20/2017 04:50 PM, j.emerlik wrote:
>>
>> I understand that Dovecot SASL does not support the Post-Login scripts.
>> Yea, perhaps not. The concept it follows for POP3/IMAP is a wrapper for
>> the executable launched to perform the actual service, and there is no such
>> service when dovecot is only a SASL auth server for an external program.
>>
>> On the other hand a postfix policy server can let you record a lot of
>> detail about SMTP activity: messages sent, sender/recipient addresses, and
>> client addresses of course.
>>
>> I might be able to help with putting such a script together, time
>> permitting :-)
>>

Re: Post-login scripting

2017-10-20 Thread j.emerlik 
Which one policy server are you using ?
Someone from that list : http://www.postfix.org/addon.html

2017-10-20 16:53 GMT+02:00 Gedalya :

> On 10/20/2017 04:50 PM, j.emerlik wrote:
>
> I understand that Dovecot SASL does not support the Post-Login scripts.
>>
> Yea, perhaps not. The concept it follows for POP3/IMAP is a wrapper for
> the executable launched to perform the actual service, and there is no such
> service when dovecot is only a SASL auth server for an external program.
>
> On the other hand a postfix policy server can let you record a lot of
> detail about SMTP activity: messages sent, sender/recipient addresses, and
> client addresses of course.
>
> I might be able to help with putting such a script together, time
> permitting :-)
>

Re: Post-login scripting

2017-10-20 Thread Gedalya 

On 10/20/2017 04:50 PM, j.emerlik wrote:


I understand that Dovecot SASL does not support the Post-Login scripts.
Yea, perhaps not. The concept it follows for POP3/IMAP is a wrapper for 
the executable launched to perform the actual service, and there is no 
such service when dovecot is only a SASL auth server for an external 
program.


On the other hand a postfix policy server can let you record a lot of 
detail about SMTP activity: messages sent, sender/recipient addresses, 
and client addresses of course.


I might be able to help with putting such a script together, time 
permitting :-)

Re: Post-login scripting

2017-10-20 Thread j.emerlik 
Thx, seems to be a good idea.
I understand that Dovecot SASL does not support the Post-Login scripts.

2017-10-20 16:36 GMT+02:00 Gedalya :

> I use an access policy server which mostly does rate-limiting and also
> writes to a database.
> It's written in perl.
> If all you want to do is to write some records for every connection then
> the script would be rather simple.
> You just need to put "check_policy_service unix:" in the right place,
> presumably in smtpd_client_restrictions, I guess if you put it before
> permit_sasl_authenticated it would still have the auth details, due to
> delayed evaluation.
>

Re: Post-login scripting

2017-10-20 Thread Egbert 
Op 20-10-2017 om 15:46 schreef j.emerlik:
> Hi ,
> I would like to save every authentication IP addresses to database, for
> IMAP and POP3 everything working correct but I don't know how to configure
> Post-login script for SMTP AUTH.
> 
> Can you help me ?
> 
> Regards,
> Jack
> 
This is how I log te last time someone logged in:

service imap {
.
.
.
  executable = imap imap-postlogin
}

service imap-postlogin {
  executable = script-login /usr/local/bin/imap-wrapper.sh
  user = vmail
  unix_listener imap-postlogin {
  }
}

And for pop3 users:

service pop3 {
.
.
.
  executable = pop3 pop3-postlogin
}

service pop3-postlogin {
  executable = script-login /usr/local/bin/pop3-wrapper.sh
  user = vmail
  unix_listener pop3-postlogin {
  }
}

Where imap_wrapper.sh is:
#! /bin/sh
touch /disk/mail/login/imap/$USER
touch /disk/mail/login/$USER
exec "$@"

And for pop3_wrapper.sh:
#! /bin/sh
touch /disk/mail/login/pop3/$USER
touch /disk/mail/login/$USER
exec "$@"

This gives me empty files in /login, /login/imap and /login/pop3
with the username as filename. The timestamp of the filwe is the lat
login time.

HTH
Egbert Jan, NL

Re: Post-login scripting

2017-10-20 Thread Gedalya 
I use an access policy server which mostly does rate-limiting and also 
writes to a database.

It's written in perl.
If all you want to do is to write some records for every connection then 
the script would be rather simple.
You just need to put "check_policy_service unix:" in the right 
place, presumably in smtpd_client_restrictions, I guess if you put it 
before permit_sasl_authenticated it would still have the auth details, 
due to delayed evaluation.

Re: Post-login scripting

2017-10-20 Thread Gedalya 
On 10/20/2017 03:46 PM, j.emerlik wrote:
> Hi ,
> I would like to save every authentication IP addresses to database, for
> IMAP and POP3 everything working correct but I don't know how to configure
> Post-login script for SMTP AUTH.
>
> Can you help me ?
>
> Regards,
> Jack

It would probably be possible to do this at the MTA.
I do it in postfix + mysql.
What is your setup like?

[Dovecot-news] v2.2.33.2 released

2017-10-20 Thread Timo Sirainen 
https://dovecot.org/releases/2.2/dovecot-2.2.33.2.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.33.2.tar.gz.sig 

One more patch release with some fixes:

- doveadm: Fix crash in proxying (or dsync replication) if remote is
  running older than v2.2.33
- auth: Fix memory leak in %{ldap_dn}
- dict-sql: Fix data types to work correctly with Cassandra


___
Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news

v2.2.33.2 released

2017-10-20 Thread Timo Sirainen 
https://dovecot.org/releases/2.2/dovecot-2.2.33.2.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.33.2.tar.gz.sig 

One more patch release with some fixes:

- doveadm: Fix crash in proxying (or dsync replication) if remote is
  running older than v2.2.33
- auth: Fix memory leak in %{ldap_dn}
- dict-sql: Fix data types to work correctly with Cassandra

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

2017-10-20 Thread Stephan Bosch 



Op 20-10-2017 om 4:23 schreef Reuben Farrelly:

On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly  
wrote:


I haven't been tracking dovecot-2.3 until now, but I've just given 
it a quick run, and there are a few things that may need some 
attention.


/usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE 
requires compiling with optimization (-O) [-Wcpp]

#  warning _FORTIFY_SOURCE requires compiling with optimization (-O)


Don't use -O0 or use configure --disable-hardening or just ignore it.


The build then fails entirely with this:

DMODULEDIR=\""/usr/lib64/dovecot"\"   -O0 -g -pipe -march=native 
-mtune=native -ggdb -c -o realpath.lo realpath.c

edit-mail.c: In function ‘edit_mail_wrap’:
edit-mail.c:235:14: error: too few arguments to function 
‘mailbox_transaction_begin’

  raw_trans = mailbox_transaction_begin(raw_box, 0);


I don't think your pigeonhole is from git master.


Thanks.  That was it...

Now onto 2.3 -git, there is a repeatable crash occurring in lmtp. In 
fact it looks like there could be more than one problem, because even 
invoking lmtp (with gdb) and no arguments results in a gdb error about 
an unaddressable byte.


However when lmtp is used normally within dovecot it crashes out on a 
few but not all mails.


I see what that smtp-submit problem is already. Will push fix later today.

We're not sure that epoll_pwait() issue is an actual problem or valgrind 
being confused.


Regards,

Stephan.



The full gdb output looks like this:

Oct 20 12:59:21 thunderstorm.reub.net dovecot: master: Dovecot 
v2.3.devel (c398eca6b) starting up for imap, lmtp, sieve
Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 9A25122B50: 
from=, size=18515, nrcpt=1 (queue active)
Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 32D0722B4B: 
from=, size=27030, nrcpt=1 (queue active)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
Syscall param epoll_pwait(sigmask) points to unaddressable byte(s)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
at 0x58A7705: epoll_pwait (epoll_pwait.c:42)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5501C4F: io_loop_handler_run (ioloop.c:666)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5501B2E: io_loop_run (ioloop.c:639)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5449F05: master_service_run (master-service.c:733)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x10D8E8: main (main.c:139)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
Address 0x0 is not stack'd, malloc'd or (recently) free'd

Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006==
Oct 20 12:59:32 thunderstorm.reub.net dovecot: lmtp(28006): Connect 
from local
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
Syscall param epoll_pwait(sigmask) points to unaddressable byte(s)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
at 0x58A7705: epoll_pwait (epoll_pwait.c:42)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5501C4F: io_loop_handler_run (ioloop.c:666)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5501B2E: io_loop_run (ioloop.c:639)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5449F05: master_service_run (master-service.c:733)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x10D8E8: main (main.c:139)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
Address 0x0 is not stack'd, malloc'd or (recently) free'd

Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009==
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp(28009): Connect 
from local
Oct 20 12:59:34 thunderstorm.reub.net dovecot: 
lmtp(liam)<28006>: aFFxDIRY6VlmbQAAzkCIew: 
sieve: msgid=<001a114bd6f6d2fc86055be25...@google.com>: stored mail 
into mailbox 'INBOX'
Oct 20 12:59:34 thunderstorm.reub.net dovecot: 
indexer-worker(liam)<28026>: 
Indexed 1 messages in INBOX (UIDs 634..634)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
Invalid read of size 8
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
at 0x543AECB: smtp_submit_session_init (smtp-submit.c:61)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x543B05B: smtp_submit_init_simple (smtp-submit.c:100)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0xAA8BC4B: lda_sieve_smtp_start

Re: HTTPS for http://xi.dovecot.fi/debian/

2017-10-20 Thread Aki Tuomi 

> On October 20, 2017 at 12:37 PM Florent B  wrote:
> 
> 
> Hi,
> 
> We use Dovecot packages from http://xi.dovecot.fi/debian/.
> 
> Could it be possible to serve it with HTTPS ?
> 
> Thank you.
> 
> Florent

Hi!

It has now https enabled with valid certificate.

Aki

IMAP stops responding.

2017-10-20 Thread Søren Peter Skou 
Hiya all,

I've experienced that IMAP/IMAPS stops responding. To restore service there is 
only one way, restart Dovecot completely. This leads to services being 
interrupted for some people, so it seems to only affect some of the users on 
the server. But POP3/POP3s is still running happily. Also, it happens more as 
we approach Rush Hour. All of this leads me to believe that we're facing a 
problem with clients somehow. I've searched the net for the problem, and dating 
back I've found references to Apple units being the culprit. So we've taken an 
old Apple client, and tried to see how many sessions it actually starts, the 
result of that test was that regardless what we tried it only opened one extra 
session.

A bit of information, Debian OS :
dovecot-core   2:2.2.27-1~auto+44amd64
secure POP3/IMAP server - core files
dovecot-imapd  2:2.2.27-1~auto+44amd64
secure POP3/IMAP server - IMAP daemon
dovecot-mysql  2:2.2.27-1~auto+44amd64
secure POP3/IMAP server - MySQL support
dovecot-pop3d  2:2.2.27-1~auto+44amd64
secure POP3/IMAP server - POP3 daemon
dovecot-sieve  2:2.2.27-1~auto+44amd64
secure POP3/IMAP server - Sieve filters support

the Config itself is fairly simple, lookup through MySQL to find 
username/password etc - I don't really see any obvious option. Also, limiting 
users/sessions per IP isn't really a good idea as we have a great deal of 
customers behind NAT.

Med venlig hilsen/Best regards

Søren P. Skou
Netværkstekniker

[logo]


Teglholmsgade 1
0900 København C

Tlf: 69 12 12 12
E-mail: s...@danskkabeltv.dk
Web: www.danskkabeltv.dk

Re: quota only for oungoing

2017-10-20 Thread Aidar Kamalov 
that config solved my problem

protocol lda {

  plugin {
quota = maildir:User quota:noenforcing
  }
}

2017-10-20 11:30 GMT+03:00 Aidar Kamalov :

> oops. no, quota doesn't change :(
> thats my configs:
> plugin {
>
>   quota = maildir:User quota
>   quota_rule = *:storage=300M
>   quota_rule2 = Trash:storage=+10%%
>   quota_rule3 = Sent:ignore
>   quota_rule4 = Archive*:ignore
>   quota_warning = storage=95%% quota-warning 95 %u
>   quota_warning2 = storage=80%% quota-warning 80 %u
>   quota_grace = 10%%
> }
>
> protocol lda {
>   mail_home = /var/spool/mail/%d/%n
>   mail_plugins = $mail_plugins sieve
>   log_path = /var/log/dovecot/dovecot-lda-errors.log
>   info_log_path = /var/log/dovecot/dovecot-lda.log
>   lda_mailbox_autocreate = yes
>   lda_mailbox_autosubscribe = yes
> }
>
>
> 2017-10-20 11:00 GMT+03:00 Steffen Kaiser :
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On Fri, 20 Oct 2017, Aidar Kamalov wrote:
>>
>> Thank you! I disabled quota plugin and now if quota exceed I can't send
>>> any
>>> email, but I can receive new emails.
>>>
>>
>> Well, did you verified that your quota does change if a new message
>> arrives?
>>
>>
>> 2017-10-20 8:22 GMT+03:00 Steffen Kaiser :
>>>
>>> -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On Thu, 19 Oct 2017, Aidar Kamalov wrote:

 Hello! I setup quota and quota warnings for my mail
 system(dovecot+exim).

> By I want to reject only outgoing messages if quota exceeded.
>
>
 Oh, how do you do that?

 Is it possible to congi dovecot to not reject incoming messages? I use

> dovecot-lda for mail delivery.
>
>
 If you remove the "quota" plugin from mail_plugins of the lda section,
 quota is not calculated anymore, I guess. So, I suppose, you need to
 give
 unlimited quota for service LDA. How do you configure the quota?

 - -- Steffen Kaiser
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1

 iQEVAwUBWemIE3z1H7kL/d9rAQLFDAf/VmEMBBYR2lCwrmNs08ReM/XTs0PjXMJo
 LVH9jKSVJi4PmLqHtiiz99OmmZUWxdTqhOeOGlgh0mCU37EVozRHI3IT+jjEp2mq
 lJlIG2PlpKns2xxWhLafmnwMnB2FE+B/a516BV1gKjzEagAIYElVc1So0ZrAy2As
 eYgLMQsatG/Kb3TE10UYVgsC0eN5ev2x89Z3qbKEzpMzMITrv/8x007cFMY8UcoI
 GWQ4mDrzYpxt4GZ9K1pipAK9DrcBwoClbgLHkHuXqoLeiO/TNWneBmRHSKiSrd0z
 wfK+C172XHA+E87+u+b+5LSWEzhKi13rK4E3fN9hsgaa5Cokayz9cw==
 =dPdG
 -END PGP SIGNATURE-


>>>
>>>
>>>
>>>
>> - -- Steffen Kaiser
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1
>>
>> iQEVAwUBWemtHnz1H7kL/d9rAQKAMwgAiUsnMgUD4a6kATNFbwvx5fxM+4Vfj5jW
>> 3X9vjjeJw6v1ixRV0Oqz/5kAi7Z4u/Q3jjjspiIhTIX8Dq0mJ7JkZ9PtZM8wol4i
>> qWmYxmemmy87D8xRZt91u0JiZFHICAZt9L5R+ivjZt0b969coyN9NTofK+/5ydu5
>> 3dm78Ni5DX9ed0FJw1XoZzDp6QC/w4L263KyU0H99i/hUR1z7tieP76q6m5N6jJr
>> 0US2hMxG4TwRj6oBcIdGx8R967pA80OW6u0tdnW+IOfx/lg3gU6EnHWe0s/i8sxt
>> 7zrjI0WusXB0wXPiyBZEMLYfnJJhuGetmQTAnqBSfCLjBh5ViJrf/g==
>> =C5Jw
>> -END PGP SIGNATURE-
>>
>
>
>
> --
> Aydar A. Kamalov
>



-- 
Aydar A. Kamalov

Re: quota only for oungoing

2017-10-20 Thread Aidar Kamalov 
oops. no, quota doesn't change :(
thats my configs:
plugin {

  quota = maildir:User quota
  quota_rule = *:storage=300M
  quota_rule2 = Trash:storage=+10%%
  quota_rule3 = Sent:ignore
  quota_rule4 = Archive*:ignore
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_grace = 10%%
}

protocol lda {
  mail_home = /var/spool/mail/%d/%n
  mail_plugins = $mail_plugins sieve
  log_path = /var/log/dovecot/dovecot-lda-errors.log
  info_log_path = /var/log/dovecot/dovecot-lda.log
  lda_mailbox_autocreate = yes
  lda_mailbox_autosubscribe = yes
}


2017-10-20 11:00 GMT+03:00 Steffen Kaiser :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Fri, 20 Oct 2017, Aidar Kamalov wrote:
>
> Thank you! I disabled quota plugin and now if quota exceed I can't send any
>> email, but I can receive new emails.
>>
>
> Well, did you verified that your quota does change if a new message
> arrives?
>
>
> 2017-10-20 8:22 GMT+03:00 Steffen Kaiser :
>>
>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> On Thu, 19 Oct 2017, Aidar Kamalov wrote:
>>>
>>> Hello! I setup quota and quota warnings for my mail system(dovecot+exim).
>>>
 By I want to reject only outgoing messages if quota exceeded.


>>> Oh, how do you do that?
>>>
>>> Is it possible to congi dovecot to not reject incoming messages? I use
>>>
 dovecot-lda for mail delivery.


>>> If you remove the "quota" plugin from mail_plugins of the lda section,
>>> quota is not calculated anymore, I guess. So, I suppose, you need to give
>>> unlimited quota for service LDA. How do you configure the quota?
>>>
>>> - -- Steffen Kaiser
>>> -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v1
>>>
>>> iQEVAwUBWemIE3z1H7kL/d9rAQLFDAf/VmEMBBYR2lCwrmNs08ReM/XTs0PjXMJo
>>> LVH9jKSVJi4PmLqHtiiz99OmmZUWxdTqhOeOGlgh0mCU37EVozRHI3IT+jjEp2mq
>>> lJlIG2PlpKns2xxWhLafmnwMnB2FE+B/a516BV1gKjzEagAIYElVc1So0ZrAy2As
>>> eYgLMQsatG/Kb3TE10UYVgsC0eN5ev2x89Z3qbKEzpMzMITrv/8x007cFMY8UcoI
>>> GWQ4mDrzYpxt4GZ9K1pipAK9DrcBwoClbgLHkHuXqoLeiO/TNWneBmRHSKiSrd0z
>>> wfK+C172XHA+E87+u+b+5LSWEzhKi13rK4E3fN9hsgaa5Cokayz9cw==
>>> =dPdG
>>> -END PGP SIGNATURE-
>>>
>>>
>>
>>
>>
>>
> - -- Steffen Kaiser
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQEVAwUBWemtHnz1H7kL/d9rAQKAMwgAiUsnMgUD4a6kATNFbwvx5fxM+4Vfj5jW
> 3X9vjjeJw6v1ixRV0Oqz/5kAi7Z4u/Q3jjjspiIhTIX8Dq0mJ7JkZ9PtZM8wol4i
> qWmYxmemmy87D8xRZt91u0JiZFHICAZt9L5R+ivjZt0b969coyN9NTofK+/5ydu5
> 3dm78Ni5DX9ed0FJw1XoZzDp6QC/w4L263KyU0H99i/hUR1z7tieP76q6m5N6jJr
> 0US2hMxG4TwRj6oBcIdGx8R967pA80OW6u0tdnW+IOfx/lg3gU6EnHWe0s/i8sxt
> 7zrjI0WusXB0wXPiyBZEMLYfnJJhuGetmQTAnqBSfCLjBh5ViJrf/g==
> =C5Jw
> -END PGP SIGNATURE-
>



-- 
Aydar A. Kamalov

Re: quota only for oungoing

2017-10-20 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 20 Oct 2017, Aidar Kamalov wrote:


Thank you! I disabled quota plugin and now if quota exceed I can't send any
email, but I can receive new emails.


Well, did you verified that your quota does change if a new message 
arrives?



2017-10-20 8:22 GMT+03:00 Steffen Kaiser :


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 19 Oct 2017, Aidar Kamalov wrote:

Hello! I setup quota and quota warnings for my mail system(dovecot+exim).

By I want to reject only outgoing messages if quota exceeded.



Oh, how do you do that?

Is it possible to congi dovecot to not reject incoming messages? I use

dovecot-lda for mail delivery.



If you remove the "quota" plugin from mail_plugins of the lda section,
quota is not calculated anymore, I guess. So, I suppose, you need to give
unlimited quota for service LDA. How do you configure the quota?

- -- Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWemIE3z1H7kL/d9rAQLFDAf/VmEMBBYR2lCwrmNs08ReM/XTs0PjXMJo
LVH9jKSVJi4PmLqHtiiz99OmmZUWxdTqhOeOGlgh0mCU37EVozRHI3IT+jjEp2mq
lJlIG2PlpKns2xxWhLafmnwMnB2FE+B/a516BV1gKjzEagAIYElVc1So0ZrAy2As
eYgLMQsatG/Kb3TE10UYVgsC0eN5ev2x89Z3qbKEzpMzMITrv/8x007cFMY8UcoI
GWQ4mDrzYpxt4GZ9K1pipAK9DrcBwoClbgLHkHuXqoLeiO/TNWneBmRHSKiSrd0z
wfK+C172XHA+E87+u+b+5LSWEzhKi13rK4E3fN9hsgaa5Cokayz9cw==
=dPdG
-END PGP SIGNATURE-








- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWemtHnz1H7kL/d9rAQKAMwgAiUsnMgUD4a6kATNFbwvx5fxM+4Vfj5jW
3X9vjjeJw6v1ixRV0Oqz/5kAi7Z4u/Q3jjjspiIhTIX8Dq0mJ7JkZ9PtZM8wol4i
qWmYxmemmy87D8xRZt91u0JiZFHICAZt9L5R+ivjZt0b969coyN9NTofK+/5ydu5
3dm78Ni5DX9ed0FJw1XoZzDp6QC/w4L263KyU0H99i/hUR1z7tieP76q6m5N6jJr
0US2hMxG4TwRj6oBcIdGx8R967pA80OW6u0tdnW+IOfx/lg3gU6EnHWe0s/i8sxt
7zrjI0WusXB0wXPiyBZEMLYfnJJhuGetmQTAnqBSfCLjBh5ViJrf/g==
=C5Jw
-END PGP SIGNATURE-

Re: quota only for oungoing

2017-10-20 Thread Aidar Kamalov 
Thank you! I disabled quota plugin and now if quota exceed I can't send any
email, but I can receive new emails.

2017-10-20 8:22 GMT+03:00 Steffen Kaiser :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thu, 19 Oct 2017, Aidar Kamalov wrote:
>
> Hello! I setup quota and quota warnings for my mail system(dovecot+exim).
>> By I want to reject only outgoing messages if quota exceeded.
>>
>
> Oh, how do you do that?
>
> Is it possible to congi dovecot to not reject incoming messages? I use
>> dovecot-lda for mail delivery.
>>
>
> If you remove the "quota" plugin from mail_plugins of the lda section,
> quota is not calculated anymore, I guess. So, I suppose, you need to give
> unlimited quota for service LDA. How do you configure the quota?
>
> - -- Steffen Kaiser
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQEVAwUBWemIE3z1H7kL/d9rAQLFDAf/VmEMBBYR2lCwrmNs08ReM/XTs0PjXMJo
> LVH9jKSVJi4PmLqHtiiz99OmmZUWxdTqhOeOGlgh0mCU37EVozRHI3IT+jjEp2mq
> lJlIG2PlpKns2xxWhLafmnwMnB2FE+B/a516BV1gKjzEagAIYElVc1So0ZrAy2As
> eYgLMQsatG/Kb3TE10UYVgsC0eN5ev2x89Z3qbKEzpMzMITrv/8x007cFMY8UcoI
> GWQ4mDrzYpxt4GZ9K1pipAK9DrcBwoClbgLHkHuXqoLeiO/TNWneBmRHSKiSrd0z
> wfK+C172XHA+E87+u+b+5LSWEzhKi13rK4E3fN9hsgaa5Cokayz9cw==
> =dPdG
> -END PGP SIGNATURE-
>



-- 
Aydar A. Kamalov