Re: Sieve to process list mail based on list-ID

[Aki Tuomi]

On 16.02.2018 04:36, @lbutlr wrote:
> Before I spend a lot of time trying to replicate a procmail script that 
> automatically sorts list mail into mailboxes based on the List-ID header (and 
> possibly some other data) I thought I'd check if someone had already done 
> this for sieve.
>
> Basically, what I do now in procmail is
>
> 1. Get the listname from the List-ID header (or List-post/List-owner if no ID)
>
> 2. check against a list of list-ids and if the ID is not on the list, send it 
> to spamc and put the message (if not spam) in the INBOX but mark it as seen, 
> otherwise put it in Junk.
>
> 3. have some list specific rules (like rewriting reply-to, stripping 
> subjected tags, etc.
>
> 4. Drop message in mailbox based no the ID.
>
> (so, dovecot mail goes into .dovecot/new but RandomFakelist gets scanned for 
> spam and if it passes, marked read and put in the inbox).
>
> I've seen things like:
>
> if exists "List-Id" {
>   if header :contains "List-Id" "dovecot.dovecot.org" {
> fileinto "dovecot";
>   } elsif header :contains "List-Id" "others-list.example.com" {
> fileinto "other-list";
> }
>
> But I am looking for something more generic, along the lines of
>
> $myLists = {"dovecot", "postfix", "other-list")
> if header :contains "List-ID" "<([^\.])+." { $myID $1; }
> if $myList :contains $myID { 
>   if { $myID is other-list {
>  set $myID to Olist;
>  set header "reply-to" to "moderator@users+ot...@foo.example.net";
>   }
> fileinto $myID;
>
> } else {
>   send message to spamc and await results;
>   if spam {fileinto "Junk";} else {fileinto "INBOX";}
>
> (obviously that's not the code, but it should give an idea of the sorts of 
> things I want to do and would rather not entirely duplicate.
>
> Obviously, I don't know if sieve does variables at all (none of the few 
> example scripts I've looked at have them, but then again most procamil 
> scripts don't have them either).
>
>
> Does sieve support that sort of matching?

Hi!

you can use regular expressions with sieve, see
https://wiki2.dovecot.org/Pigeonhole/Sieve/Examples

Aki

Re: Out of memory on lmtp vsz_limit

[Aki Tuomi]

How about you try moving the mail into another folder on daily basis,
this way the INBOX would stay nice and empty.

doveadm move -u arch...@company.com Archive MAILBOX INBOX SENTBEFORE
todays-date

Aki

On 16.02.2018 06:19, Terence Lau wrote:
>
> Bump.
>
>  
>
> Any advice would be most appreciated.
>
>  
>
> Thanks.
>
>  
>
> *From:*Terence Lau
> *Sent:* Wednesday, 24 January 2018 9:59 AM
> *To:* 'dovecot@dovecot.org' 
> *Subject:* Out of memory on lmtp vsz_limit
>
>  
>
> Hi,
>
>  
>
> We’ve been getting these types or errors for quite a while now …
>
>  
>
> Fatal: master: service(lmtp): child 63477 returned error 83 (Out of
> memory (service lmtp { vsz_limit=4096 MB }, you may need to increase it)
>
>  
>
> … and these errors have been decreasing in occurrence as we increased
> the default_vsz_limit.  Which is good but I would like to get some
> advice on how I could possibly eliminate the errors.
>
>  
>
> We have an internal smtp server (postfix 3.1.0) that has the config
> “always_bcc=arch...@company.com
> ” over lmtp.  This mailbox is
> on a separate dovecot server with the following config (please let me
> know if the full config is required):
>
>  
>
> # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
>
> # Pigeonhole version 0.4.13 (7b14904)
>
> # OS: Linux 4.4.0-109-generic x86_64 Ubuntu 16.04.1 LTS ext4
>
> default_vsz_limit = 4 G
>
> mail_location = maildir:/home/vmail/%d/%n
>
> protocols = " imap lmtp pop3"
>
> service lmtp {
>
>   inet_listener lmtp {
>
>     port = 24
>
>   }
>
> }
>
> userdb {
>
>   args = username_format=%u /etc/dovecot/users
>
>   default_fields = uid=vmail gid=vmail home=/home/vmail/%d/%n
>
>   driver = passwd-file
>
> }
>
> protocol lmtp {
>
>   mail_plugins =
>
> }
>
>  
>
> Since we discovered the errors, we’ve been increasing the
> default_vsz_limit to 1G, then 2G and now 4G (Server has 6GB of
> memory).  These errors occur whenever a large number of emails get
> sent around the same time to our smtp server.  This causes the dovecot
> server to start crunching CPU and Memory.  Load average goes through
> the roof and takes some time to come back down as the smtp queue
> clears itself.
>
>  
>
> This mailbox is obviously very large but we have a script that runs
> daily to delete any emails older than a month:
>
>  
>
> find /home/vmail/company.com/archive/new/ -type f -mtime +30 -exec rm
> {} \;
>
> find /home/vmail/company.com/archive/cur/ -type f -mtime +30 -exec rm
> {} \;
>
>  
>
> Still, the mailbox has on average of just under 300,000 emails.  No
> one accesses this mailbox with an email client, not until we need to
> dig something up.  And this has only happen once.  So the emails
> pretty much never get read/process by a user.
>
>  
>
> Now that we’ve increased the default_vsz_limit to 4G, the occurrence
> of these errors has reduced considerably.  But they still happen
> occasionally.  Short of increasing the memory further, are there any
> other options I have?
>
>  
>
> Thanks.
>

Re: Director & Master Users

[Sami Ketola]

> On 15 Feb 2018, at 22.16, Travis Dolan  wrote:
> 
> It would look as though the changes have now negatively affected a "normal" 
> user from logging in.
> 
> 
> telnet host 143
> 
> a login username password
> 
> 
> a NO [AUTHENTICATIONFAILED] Authentication failed.
> 
> 
> telnet host 143
> 
> 1 login devteam*masteru...@example.com password
> 
> 
> 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
> SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT 
> MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS 
> LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN 
> CONTEXT=SEARCH LIST-STATUS BINARY MOVE QUOTA] Logged in
> 
> 
> What do you think?
> 

So your director is the first entry point where the end users connect?

in that case your director should have passdb setup that verifies the user 
password and then 
switches the session to use master password when forwarding the connection to 
backend.

something like this in director:

passdb {
  driver = passwd-file
  args = /data/mail.passwd
  result_success = continue-ok
}

passdb {
  driver = static
  args = pass=masterpassword 
  skip = unauthenticated
}


and in backend:

passdb {
  driver = static
  args = password=masterpassword
}

Sami

RE: Out of memory on lmtp vsz_limit

[Terence Lau]

Bump.

Any advice would be most appreciated.

Thanks.

From: Terence Lau
Sent: Wednesday, 24 January 2018 9:59 AM
To: 'dovecot@dovecot.org' 
Subject: Out of memory on lmtp vsz_limit

Hi,

We've been getting these types or errors for quite a while now ...

Fatal: master: service(lmtp): child 63477 returned error 83 (Out of memory 
(service lmtp { vsz_limit=4096 MB }, you may need to increase it)

... and these errors have been decreasing in occurrence as we increased the 
default_vsz_limit.  Which is good but I would like to get some advice on how I 
could possibly eliminate the errors.

We have an internal smtp server (postfix 3.1.0) that has the config 
"always_bcc=arch...@company.com" over 
lmtp.  This mailbox is on a separate dovecot server with the following config 
(please let me know if the full config is required):

# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-109-generic x86_64 Ubuntu 16.04.1 LTS ext4
default_vsz_limit = 4 G
mail_location = maildir:/home/vmail/%d/%n
protocols = " imap lmtp pop3"
service lmtp {
  inet_listener lmtp {
port = 24
  }
}
userdb {
  args = username_format=%u /etc/dovecot/users
  default_fields = uid=vmail gid=vmail home=/home/vmail/%d/%n
  driver = passwd-file
}
protocol lmtp {
  mail_plugins =
}

Since we discovered the errors, we've been increasing the default_vsz_limit to 
1G, then 2G and now 4G (Server has 6GB of memory).  These errors occur whenever 
a large number of emails get sent around the same time to our smtp server.  
This causes the dovecot server to start crunching CPU and Memory.  Load average 
goes through the roof and takes some time to come back down as the smtp queue 
clears itself.

This mailbox is obviously very large but we have a script that runs daily to 
delete any emails older than a month:

find /home/vmail/company.com/archive/new/ -type f -mtime +30 -exec rm {} \;
find /home/vmail/company.com/archive/cur/ -type f -mtime +30 -exec rm {} \;

Still, the mailbox has on average of just under 300,000 emails.  No one 
accesses this mailbox with an email client, not until we need to dig something 
up.  And this has only happen once.  So the emails pretty much never get 
read/process by a user.

Now that we've increased the default_vsz_limit to 4G, the occurrence of these 
errors has reduced considerably.  But they still happen occasionally.  Short of 
increasing the memory further, are there any other options I have?

Thanks.

Sieve to process list mail based on list-ID

[@lbutlr]

Before I spend a lot of time trying to replicate a procmail script that 
automatically sorts list mail into mailboxes based on the List-ID header (and 
possibly some other data) I thought I'd check if someone had already done this 
for sieve.

Basically, what I do now in procmail is

1. Get the listname from the List-ID header (or List-post/List-owner if no ID)

2. check against a list of list-ids and if the ID is not on the list, send it 
to spamc and put the message (if not spam) in the INBOX but mark it as seen, 
otherwise put it in Junk.

3. have some list specific rules (like rewriting reply-to, stripping subjected 
tags, etc.

4. Drop message in mailbox based no the ID.

(so, dovecot mail goes into .dovecot/new but RandomFakelist gets scanned for 
spam and if it passes, marked read and put in the inbox).

I've seen things like:

if exists "List-Id" {
  if header :contains "List-Id" "dovecot.dovecot.org" {
fileinto "dovecot";
  } elsif header :contains "List-Id" "others-list.example.com" {
fileinto "other-list";
}

But I am looking for something more generic, along the lines of

$myLists = {"dovecot", "postfix", "other-list")
if header :contains "List-ID" "<([^\.])+." { $myID $1; }
if $myList :contains $myID { 
  if { $myID is other-list {
 set $myID to Olist;
 set header "reply-to" to "moderator@users+ot...@foo.example.net";
  }
fileinto $myID;

} else {
  send message to spamc and await results;
  if spam {fileinto "Junk";} else {fileinto "INBOX";}

(obviously that's not the code, but it should give an idea of the sorts of 
things I want to do and would rather not entirely duplicate.

Obviously, I don't know if sieve does variables at all (none of the few example 
scripts I've looked at have them, but then again most procamil scripts don't 
have them either).


Does sieve support that sort of matching?

Re: Director & Master Users

[Travis Dolan]

It would look as though the changes have now negatively affected a "normal"
user from logging in.

telnet host 143

a login username password

a NO [AUTHENTICATIONFAILED] Authentication failed.

telnet host 143

1 login devteam*masteru...@example.com password

1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT
MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-
EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN
CONTEXT=SEARCH LIST-STATUS BINARY MOVE QUOTA] Logged in

What do you think?

Thanks.

  
On Feb 15 2018, at 3:19 pm, Travis Dolan  wrote:  

> Awesome, thanks for the advice. Using the following now works...

>

> passdb {

>

> driver = static

>

> args = proxy=y password=doesnotmatter

>

> }

>

> Cheers.

>

>  
On Feb 15 2018, at 2:40 pm, Aki Tuomi  wrote:  

>

>> > On 15 February 2018 at 20:22 Travis Dolan  wrote:  
>  
>  
> Hello,  
>  
> I have Director setup to proxy requests to backend servers. This works fine  
> when using "standard" username/passwords.  
>  
> I am not try to enable the use of the Dovecot Master user through Director  
> into the backend servers.  
>  
> a.) username is being sent as masteruser*username  
> b.) request hits the proxy and authenticates, and then is passed to the  
> backend servers and fails auth.  
>  
> \- logs from proxy/Director point of view.  
>  
> auth: Info:  
> passwd-file(masteruser,172.31.33.224,master,): Master  
> user logging in as devteam  
>  
> imap-login: Info: proxy(devteam): Login failed to backend.servers:143  
> (master masteruser): [AUTHENTICATIONFAILED] Authentication failed.:  
> user=, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20,  
> session= l6P+sHyHg>  
>  
> \- logs from backend server point of view.  
>  
> imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs):  
> user=, method=PLAIN, rip=192.168.71.20, lip=192.168.71.99,  
> session=  
>  
>  
> Proxy/Director Configs (hopefully this is enough)  
>  
> auth_master_user_separator = *  
> passdb {  
> driver = passwd-file  
> args = /etc/dovecot/conf.d/master-user-password  
> master = yes  
> pass = yes  
> }  
>  
> passdb {  
> driver = static  
> args = proxy=y nopassword=y  
> }  
>  
> Please let me know if I can provide any further details.  
>  
> Thanks in advance.

>>

>> You could consider using "master password" instead.

>>

>> This works so that you configure proxy to use pass=some_static_password as
the password forward, and you can then use static passdb in director, as in

>>

>> passdb {  
  driver = static  
  args = password=some_static_password   
}

>>

>> This way you don't need to setup master user authentication.

>>

>> Aki

Re: ACLs, shared, public, virtual mailboxes not working

[David Mehler]

Hello,

The user1 is my original user, user2 is the second user that I want to
have access to the public and shared folder.

I am not seeing a subcommand rights for doveadm

Thanks.
DAve.


On 2/15/18, Aki Tuomi  wrote:
> Since you have obfuscated your data it is hard to tell what's going on,
> especially as in your previous log you have 'user=user' and now you have
> user1 and user2.
>
> You can try
>
> doveadm rights -u victim folder
>
> to see what sort of rights dovecot thinks it's seeing.
>
> Aki
>
>> On 15 February 2018 at 18:11 David Mehler  wrote:
>>
>>
>> Hello,
>>
>> Thank you for your reply. Here's my acl files:
>>
>>
>> public/TestFolder dovecot-acl
>> anyone lr
>> user=user1 akxeilprwts
>> -user=user1
>> user=user2 lr
>>
>> public/TestFolder1 dovecot-acl
>> user=user1 lr
>> user=user2 lr
>>
>> public/dovecot-acl
>> user=user1 lr
>> user=user2 lr
>>
>> and I have another dovecot-acl file in shared/office folder:
>>
>> user=us...@domain.com lrwstipekxa
>> user=us...@domain.com lrwstipekxa
>>
>> Thanks.
>> Dave.
>>
>>
>> On 2/15/18, Aki Tuomi  wrote:
>> > Hi!
>> >
>> > It seems you are running 2.2.33.2 =)
>> >
>> > Also,
>> >
>> > Feb 12 08:48:40 imap(u...@example.com): Debug: Mailbox
>> > 'public/TestFolder' matches global ACL pattern 'public/TestFolder'
>> > Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: reading file
>> > /home/vmail/public/TestFolder/dovecot-acl
>> > Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: reading file
>> > /home/vmail/public/dovecot-acl
>> >
>> > it seems there are some folder specific ACLs, can you check these?
>> >
>> > Aki
>> >
>> > On 15.02.2018 10:40, David Mehler wrote:
>> >> Hello,
>> >>
>> >> I'm running Dovecot 2.2.3, and am having issues with my public
>> >> folders, shared folders, and virtual/ALl folders apparently ACLs are
>> >> on that list as well.
>> >>
>> >> I was debugging an unrelated problem with my smtp server and got the
>> >> following dovecot debug log output. Below is also a doveconf -n output
>> >> as well as my shared-folder definition file and my global-acls file.
>> >>
>> >> What I'm trying to accomplish is:
>> >>
>> >> 1. Have a public folder that any user on the system can put messages
>> >> into and respond to.
>> >> 2. Have a shared folder in which us...@example.com and
>> >> us...@example2.com can exchange messages.
>> >> 3. For each user on the system give them a Virtual/All folder for *all
>> >> of their messages.
>> >>
>> >> I'd appreciate any help. As an aside if anyone sees an issue with my
>> >> SSL ciphers list i'd appreciate knowing that as well, in brief I'm
>> >> trying to get the most secure list, pfs, and not worrying about
>> >> backware compatibility. If it's not TLS 1.2 I don't touch it.
>> >>
>> >> Thanks.
>> >> Dave.
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Module loaded:
>> >> /usr/local/lib/dovecot/lib01_acl_plugin.so
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Module loaded:
>> >> /usr/local/lib/dovecot/lib02_imap_acl_plugin.so
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Effective uid=999,
>> >> gid=999, home=/home/vmail/example.com/user
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace inbox:
>> >> type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
>> >> subscriptions=yes location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
>> >> root=/home/vmail/example.com/user/mail, index=, indexpvt=, control=,
>> >> inbox=/home/vmail/example.com/user/mail, alt=
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
>> >> backend with data:
>> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
>> >> u...@example.com
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 1
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
>> >> file: /usr/local/etc/dovecot/global-acls
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
>> >> type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes,
>> >> subscriptions=yes
>> >> location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
>> >> root=/home/vmail/public,
>> >> index=/home/vmail/example.com/user/mail/public,
>> >> indexpvt=/home/vmail/example.com/user/mail/public,
>> >> control=/home/vmail/example.com/user/mail/public, inbox=, alt=
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
>> >> backend with data:
>> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
>> >> u...@example.com
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 0
>> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
>> >> file: 

Re: Director & Master Users

[Travis Dolan]

Awesome, thanks for the advice. Using the following now works...

passdb {

driver = static

args = proxy=y password=doesnotmatter

}

Cheers.

  
On Feb 15 2018, at 2:40 pm, Aki Tuomi  wrote:  

> > On 15 February 2018 at 20:22 Travis Dolan  wrote:  
>  
>  
> Hello,  
>  
> I have Director setup to proxy requests to backend servers. This works fine  
> when using "standard" username/passwords.  
>  
> I am not try to enable the use of the Dovecot Master user through Director  
> into the backend servers.  
>  
> a.) username is being sent as masteruser*username  
> b.) request hits the proxy and authenticates, and then is passed to the  
> backend servers and fails auth.  
>  
> \- logs from proxy/Director point of view.  
>  
> auth: Info:  
> passwd-file(masteruser,172.31.33.224,master,): Master  
> user logging in as devteam  
>  
> imap-login: Info: proxy(devteam): Login failed to backend.servers:143  
> (master masteruser): [AUTHENTICATIONFAILED] Authentication failed.:  
> user=, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20,  
> session= l6P+sHyHg>  
>  
> \- logs from backend server point of view.  
>  
> imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs):  
> user=, method=PLAIN, rip=192.168.71.20, lip=192.168.71.99,  
> session=  
>  
>  
> Proxy/Director Configs (hopefully this is enough)  
>  
> auth_master_user_separator = *  
> passdb {  
> driver = passwd-file  
> args = /etc/dovecot/conf.d/master-user-password  
> master = yes  
> pass = yes  
> }  
>  
> passdb {  
> driver = static  
> args = proxy=y nopassword=y  
> }  
>  
> Please let me know if I can provide any further details.  
>  
> Thanks in advance.

>

> You could consider using "master password" instead.

>

> This works so that you configure proxy to use pass=some_static_password as
the password forward, and you can then use static passdb in director, as in

>

> passdb {  
  driver = static  
  args = password=some_static_password   
}

>

> This way you don't need to setup master user authentication.

>

> Aki

Re: Director & Master Users

[Aki Tuomi]

> On 15 February 2018 at 20:22 Travis Dolan  wrote:
> 
> 
> Hello,
> 
> I have Director setup to proxy requests to backend servers. This works fine
> when using "standard" username/passwords.
> 
> I am not try to enable the use of the Dovecot Master user through Director
> into the backend servers.
> 
> a.) username is being sent as masteruser*username
> b.) request hits the proxy and authenticates, and then is passed to the
> backend servers and fails auth.
> 
> - logs from proxy/Director point of view.
> 
> auth: Info:
> passwd-file(masteruser,172.31.33.224,master,): Master
> user logging in as devteam
> 
> imap-login: Info: proxy(devteam): Login failed to backend.servers:143
> (master masteruser): [AUTHENTICATIONFAILED] Authentication failed.:
> user=, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20,
> session= l6P+sHyHg>
> 
> - logs from backend server point of view.
> 
> imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs):
> user=, method=PLAIN, rip=192.168.71.20, lip=192.168.71.99,
> session=
> 
> 
> Proxy/Director Configs (hopefully this is enough)
> 
> auth_master_user_separator = *
> passdb {
> driver = passwd-file
> args = /etc/dovecot/conf.d/master-user-password
> master = yes
> pass = yes
> }
> 
> passdb {
> driver = static
> args = proxy=y nopassword=y
> }
> 
> Please let me know if I can provide any further details.
> 
> Thanks in advance.

You could consider using "master password" instead.

This works so that you configure proxy to use pass=some_static_password as the 
password forward, and you can then use static passdb in director, as in

passdb {
  driver = static
  args = password=some_static_password 
}

This way you don't need to setup master user authentication.

Aki

Director & Master Users

[Travis Dolan]

Hello,

I have Director setup to proxy requests to backend servers. This works fine
when using "standard" username/passwords.

I am not try to enable the use of the Dovecot Master user through Director
into the backend servers.

a.) username is being sent as masteruser*username
b.) request hits the proxy and authenticates, and then is passed to the
backend servers and fails auth.

- logs from proxy/Director point of view.

auth: Info:
passwd-file(masteruser,172.31.33.224,master,): Master
user logging in as devteam

imap-login: Info: proxy(devteam): Login failed to backend.servers:143
(master masteruser): [AUTHENTICATIONFAILED] Authentication failed.:
user=, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20,
session=

- logs from backend server point of view.

imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs):
user=, method=PLAIN, rip=192.168.71.20, lip=192.168.71.99,
session=


Proxy/Director Configs (hopefully this is enough)

auth_master_user_separator = *
passdb {
driver = passwd-file
args = /etc/dovecot/conf.d/master-user-password
master = yes
pass = yes
}

passdb {
driver = static
args = proxy=y nopassword=y
}

Please let me know if I can provide any further details.

Thanks in advance.

Re: ACLs, shared, public, virtual mailboxes not working

[Aki Tuomi]

Since you have obfuscated your data it is hard to tell what's going on, 
especially as in your previous log you have 'user=user' and now you have user1 
and user2.

You can try

doveadm rights -u victim folder

to see what sort of rights dovecot thinks it's seeing.

Aki

> On 15 February 2018 at 18:11 David Mehler  wrote:
> 
> 
> Hello,
> 
> Thank you for your reply. Here's my acl files:
> 
> 
> public/TestFolder dovecot-acl
> anyone lr
> user=user1 akxeilprwts
> -user=user1
> user=user2 lr
> 
> public/TestFolder1 dovecot-acl
> user=user1 lr
> user=user2 lr
> 
> public/dovecot-acl
> user=user1 lr
> user=user2 lr
> 
> and I have another dovecot-acl file in shared/office folder:
> 
> user=us...@domain.com lrwstipekxa
> user=us...@domain.com lrwstipekxa
> 
> Thanks.
> Dave.
> 
> 
> On 2/15/18, Aki Tuomi  wrote:
> > Hi!
> >
> > It seems you are running 2.2.33.2 =)
> >
> > Also,
> >
> > Feb 12 08:48:40 imap(u...@example.com): Debug: Mailbox
> > 'public/TestFolder' matches global ACL pattern 'public/TestFolder'
> > Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: reading file
> > /home/vmail/public/TestFolder/dovecot-acl
> > Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: reading file
> > /home/vmail/public/dovecot-acl
> >
> > it seems there are some folder specific ACLs, can you check these?
> >
> > Aki
> >
> > On 15.02.2018 10:40, David Mehler wrote:
> >> Hello,
> >>
> >> I'm running Dovecot 2.2.3, and am having issues with my public
> >> folders, shared folders, and virtual/ALl folders apparently ACLs are
> >> on that list as well.
> >>
> >> I was debugging an unrelated problem with my smtp server and got the
> >> following dovecot debug log output. Below is also a doveconf -n output
> >> as well as my shared-folder definition file and my global-acls file.
> >>
> >> What I'm trying to accomplish is:
> >>
> >> 1. Have a public folder that any user on the system can put messages
> >> into and respond to.
> >> 2. Have a shared folder in which us...@example.com and
> >> us...@example2.com can exchange messages.
> >> 3. For each user on the system give them a Virtual/All folder for *all
> >> of their messages.
> >>
> >> I'd appreciate any help. As an aside if anyone sees an issue with my
> >> SSL ciphers list i'd appreciate knowing that as well, in brief I'm
> >> trying to get the most secure list, pfs, and not worrying about
> >> backware compatibility. If it's not TLS 1.2 I don't touch it.
> >>
> >> Thanks.
> >> Dave.
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Module loaded:
> >> /usr/local/lib/dovecot/lib01_acl_plugin.so
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Module loaded:
> >> /usr/local/lib/dovecot/lib02_imap_acl_plugin.so
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Effective uid=999,
> >> gid=999, home=/home/vmail/example.com/user
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace inbox:
> >> type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
> >> subscriptions=yes location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
> >> root=/home/vmail/example.com/user/mail, index=, indexpvt=, control=,
> >> inbox=/home/vmail/example.com/user/mail, alt=
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
> >> backend with data:
> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
> >> u...@example.com
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 1
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
> >> file: /usr/local/etc/dovecot/global-acls
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
> >> type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes,
> >> subscriptions=yes
> >> location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
> >> root=/home/vmail/public,
> >> index=/home/vmail/example.com/user/mail/public,
> >> indexpvt=/home/vmail/example.com/user/mail/public,
> >> control=/home/vmail/example.com/user/mail/public, inbox=, alt=
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
> >> backend with data:
> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
> >> u...@example.com
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 0
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
> >> file: /usr/local/etc/dovecot/global-acls
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
> >> type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=yes,
> >> subscriptions=yes location=maildir:~/mail/:INDEX=~/mail/shared/%Ld/%Ln
> >> Feb 12 08:48:40 imap(u...@example.com): Debug: shared:
> >> root=/var/run/dovecot, index=, indexpvt=, 

Re: ACLs, shared, public, virtual mailboxes not working

[David Mehler]

Hello,

Thank you for your reply. Here's my acl files:


public/TestFolder dovecot-acl
anyone lr
user=user1 akxeilprwts
-user=user1
user=user2 lr

public/TestFolder1 dovecot-acl
user=user1 lr
user=user2 lr

public/dovecot-acl
user=user1 lr
user=user2 lr

and I have another dovecot-acl file in shared/office folder:

user=us...@domain.com lrwstipekxa
user=us...@domain.com lrwstipekxa

Thanks.
Dave.


On 2/15/18, Aki Tuomi  wrote:
> Hi!
>
> It seems you are running 2.2.33.2 =)
>
> Also,
>
> Feb 12 08:48:40 imap(u...@example.com): Debug: Mailbox
> 'public/TestFolder' matches global ACL pattern 'public/TestFolder'
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: reading file
> /home/vmail/public/TestFolder/dovecot-acl
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: reading file
> /home/vmail/public/dovecot-acl
>
> it seems there are some folder specific ACLs, can you check these?
>
> Aki
>
> On 15.02.2018 10:40, David Mehler wrote:
>> Hello,
>>
>> I'm running Dovecot 2.2.3, and am having issues with my public
>> folders, shared folders, and virtual/ALl folders apparently ACLs are
>> on that list as well.
>>
>> I was debugging an unrelated problem with my smtp server and got the
>> following dovecot debug log output. Below is also a doveconf -n output
>> as well as my shared-folder definition file and my global-acls file.
>>
>> What I'm trying to accomplish is:
>>
>> 1. Have a public folder that any user on the system can put messages
>> into and respond to.
>> 2. Have a shared folder in which us...@example.com and
>> us...@example2.com can exchange messages.
>> 3. For each user on the system give them a Virtual/All folder for *all
>> of their messages.
>>
>> I'd appreciate any help. As an aside if anyone sees an issue with my
>> SSL ciphers list i'd appreciate knowing that as well, in brief I'm
>> trying to get the most secure list, pfs, and not worrying about
>> backware compatibility. If it's not TLS 1.2 I don't touch it.
>>
>> Thanks.
>> Dave.
>> Feb 12 08:48:40 imap(u...@example.com): Debug: Module loaded:
>> /usr/local/lib/dovecot/lib01_acl_plugin.so
>> Feb 12 08:48:40 imap(u...@example.com): Debug: Module loaded:
>> /usr/local/lib/dovecot/lib02_imap_acl_plugin.so
>> Feb 12 08:48:40 imap(u...@example.com): Debug: Effective uid=999,
>> gid=999, home=/home/vmail/example.com/user
>> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace inbox:
>> type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
>> subscriptions=yes location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
>> Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
>> root=/home/vmail/example.com/user/mail, index=, indexpvt=, control=,
>> inbox=/home/vmail/example.com/user/mail, alt=
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
>> u...@example.com
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 1
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
>> type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes,
>> subscriptions=yes
>> location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
>> Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
>> root=/home/vmail/public,
>> index=/home/vmail/example.com/user/mail/public,
>> indexpvt=/home/vmail/example.com/user/mail/public,
>> control=/home/vmail/example.com/user/mail/public, inbox=, alt=
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
>> u...@example.com
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 0
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
>> type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=yes,
>> subscriptions=yes location=maildir:~/mail/:INDEX=~/mail/shared/%Ld/%Ln
>> Feb 12 08:48:40 imap(u...@example.com): Debug: shared:
>> root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
>> u...@example.com
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 0
>> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
>> type=private, prefix=virtual/, sep=/, inbox=no, hidden=no, list=yes,
>> 

Re: Segfault on selecting mailbox twice in a row

[Aki Tuomi]

Hi! Thank you reporting this, we'll look into it


---Aki TuomiDovecot oy
 Original message From: John van der Kamp  
Date: 15/02/2018  16:55  (GMT+02:00) To: Dovecot Mailing List 
 Subject: Segfault on selecting mailbox twice in a row 
Hi,

I was doing some testing with new 2.2 changes. I’m using commit 15d5b8a from 
origin/master-2.2. The setup is using imapc to connect to a different imap 
server.
If I use the following commands, dovecot will crash every time:

A login username password
B select inbox
C select inbox

The logfile snippit is at the end of the mail. Let me know if you need more 
information.

John



Feb 15 15:43:06 imap(us...@domain.com): Debug: imapc: 
root=/tmp/tmpVuVTYr/dovecot1/users/us...@domain.com/imapc, index=, indexpvt=, 
control=, inbox=, alt=
Feb 15 15:43:06 imap(us...@domain.com): Debug: maildir++: 
root=/tmp/tmpVuVTYr/dovecot1/users/us...@domain.com/imapc, index=, indexpvt=, 
control=, inbox=, alt=
Feb 15 15:43:09 imap(us...@domain.com): Debug: INBOX: Mailbox opened because: 
SELECT
Feb 15 15:43:12 imap(us...@domain.com): Debug: INBOX: Mailbox opened because: 
SELECT
Feb 15 15:43:14 imap(us...@domain.com): Error: Log synchronization error at 
seq=2,offset=80372 for 
/tmp/tmpVuVTYr/dovecot1/users/us...@domain.com/imapc/.INBOX/dovecot.index: 
Append with UID 10, but next_uid = 10421
Feb 15 15:43:14 imap(us...@domain.com): Warning: fscking index file 
/tmp/tmpVuVTYr/dovecot1/users/us...@domain.com/imapc/.INBOX/dovecot.index
Feb 15 15:43:14 imap(us...@domain.com): Warning: imapc(127.0.0.1:31513): 
Mailbox 'INBOX' state corrupted: Expunged message uid=10 reappeared - 
reconnecting (delay 0 ms)
Feb 15 15:43:14 imap(us...@domain.com): Debug: imapc(127.0.0.1:31513): 
Disconnected
Feb 15 15:43:14 imap(us...@domain.com): Debug: imapc(127.0.0.1:31513): Looking 
up IP address (reconnect_ok=false, last_connect=1518705794)
Feb 15 15:43:14 imap(us...@domain.com): Debug: imapc(127.0.0.1:31513): 
Connecting to 127.0.0.1:31513
Feb 15 15:43:14 imap(us...@domain.com): Panic: file imapc-client.c: line 410 
(imapc_client_mailbox_reconnect): assertion failed: (!box->reconnecting)
Feb 15 15:43:14 imap(us...@domain.com): Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0x9fe12) [0x7f2a05301e12] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0x9fefd) [0x7f2a05301efd] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f2a052924d1] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0x99704) [0x7f2a0562f704] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(imapc_mailbox_set_corrupted+0xe3)
 [0x7f2a05628e63] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x97cf5) 
[0x7f2a0562dcf5] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x97d70) 
[0x7f2a0562dd70] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(imapc_mailbox_sync_init+0x8bd) 
[0x7f2a0562e89d] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x44) 
[0x7f2a055e1c14] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) 
[0x7f2a055e1cb7] -> dovecot/imap(cmd_select_full+0x171) [0x413e51] -> 
dovecot/imap(command_exec+0x5c) [0x41b06c] -> dovecot/imap() [0x419662] -> 
dovecot/imap() [0x4196ec] -> dovecot/imap(client_handle_input+0x155) [0x419a85] 
-> dovecot/imap(client_input+0x82) [0x419ff2] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x52) [0x7f2a053180d2] 
-> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) 
[0x7f2a053197c9] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x3c) 
[0x7f2a0531816c] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f2a05318318] -> 
/usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f2a0529cd93] -> dovecot/imap(main+0x302) [0x40cb92] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7f2a04eb8830] -> 
dovecot/imap(_start+0x29) [0x40cd19]
Feb 15 15:43:14 imap(us...@domain.com): Fatal: master: service(imap): child 
9496 killed with signal 6 (core dumped)

Segfault on selecting mailbox twice in a row

[John van der Kamp]

Hi,

I was doing some testing with new 2.2 changes. I’m using commit 15d5b8a from 
origin/master-2.2. The setup is using imapc to connect to a different imap 
server.
If I use the following commands, dovecot will crash every time:

A login username password
B select inbox
C select inbox

The logfile snippit is at the end of the mail. Let me know if you need more 
information.

John



Feb 15 15:43:06 imap(us...@domain.com): Debug: imapc: 
root=/tmp/tmpVuVTYr/dovecot1/users/us...@domain.com/imapc, index=, indexpvt=, 
control=, inbox=, alt=
Feb 15 15:43:06 imap(us...@domain.com): Debug: maildir++: 
root=/tmp/tmpVuVTYr/dovecot1/users/us...@domain.com/imapc, index=, indexpvt=, 
control=, inbox=, alt=
Feb 15 15:43:09 imap(us...@domain.com): Debug: INBOX: Mailbox opened because: 
SELECT
Feb 15 15:43:12 imap(us...@domain.com): Debug: INBOX: Mailbox opened because: 
SELECT
Feb 15 15:43:14 imap(us...@domain.com): Error: Log synchronization error at 
seq=2,offset=80372 for 
/tmp/tmpVuVTYr/dovecot1/users/us...@domain.com/imapc/.INBOX/dovecot.index: 
Append with UID 10, but next_uid = 10421
Feb 15 15:43:14 imap(us...@domain.com): Warning: fscking index file 
/tmp/tmpVuVTYr/dovecot1/users/us...@domain.com/imapc/.INBOX/dovecot.index
Feb 15 15:43:14 imap(us...@domain.com): Warning: imapc(127.0.0.1:31513): 
Mailbox 'INBOX' state corrupted: Expunged message uid=10 reappeared - 
reconnecting (delay 0 ms)
Feb 15 15:43:14 imap(us...@domain.com): Debug: imapc(127.0.0.1:31513): 
Disconnected
Feb 15 15:43:14 imap(us...@domain.com): Debug: imapc(127.0.0.1:31513): Looking 
up IP address (reconnect_ok=false, last_connect=1518705794)
Feb 15 15:43:14 imap(us...@domain.com): Debug: imapc(127.0.0.1:31513): 
Connecting to 127.0.0.1:31513
Feb 15 15:43:14 imap(us...@domain.com): Panic: file imapc-client.c: line 410 
(imapc_client_mailbox_reconnect): assertion failed: (!box->reconnecting)
Feb 15 15:43:14 imap(us...@domain.com): Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0x9fe12) [0x7f2a05301e12] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0x9fefd) [0x7f2a05301efd] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f2a052924d1] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0x99704) [0x7f2a0562f704] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(imapc_mailbox_set_corrupted+0xe3)
 [0x7f2a05628e63] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x97cf5) 
[0x7f2a0562dcf5] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0x97d70) 
[0x7f2a0562dd70] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(imapc_mailbox_sync_init+0x8bd) 
[0x7f2a0562e89d] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x44) 
[0x7f2a055e1c14] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) 
[0x7f2a055e1cb7] -> dovecot/imap(cmd_select_full+0x171) [0x413e51] -> 
dovecot/imap(command_exec+0x5c) [0x41b06c] -> dovecot/imap() [0x419662] -> 
dovecot/imap() [0x4196ec] -> dovecot/imap(client_handle_input+0x155) [0x419a85] 
-> dovecot/imap(client_input+0x82) [0x419ff2] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x52) [0x7f2a053180d2] 
-> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) 
[0x7f2a053197c9] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x3c) 
[0x7f2a0531816c] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f2a05318318] -> 
/usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f2a0529cd93] -> dovecot/imap(main+0x302) [0x40cb92] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7f2a04eb8830] -> 
dovecot/imap(_start+0x29) [0x40cd19]
Feb 15 15:43:14 imap(us...@domain.com): Fatal: master: service(imap): child 
9496 killed with signal 6 (core dumped)

Re: Problem with CentOS package for 2.3.0 and old dependency in systemd with clean install

[Aki Tuomi]

Just remove it

Aki


On 15.02.2018 11:49, TG Servers wrote:
> Ok thanks, for the moment :  can I just delete the lines in the
> dovecot-init.service file or what is proposed here? It's no problem for
> me to make the necessary changes I just need to know which of them
> because I don't know if you just need this fiel internally or not.
>
> Thanks
>
> Am 14.02.2018 um 21:28 schrieb Aki Tuomi:
>> We are planning to fix this for 2.3.1 release.
>>
>>
>>
>> ---
>> Aki Tuomi
>> Dovecot oy
>>
>>  Original message 
>> From: TG Servers 
>> Date: 14/02/2018 22:10 (GMT+02:00)
>> To: dovecot@dovecot.org
>> Subject: Re: Problem with CentOS package for 2.3.0 and old dependency in
>>   systemd with clean install
>>
>> Hi,
>>
>> are there any news on this?
>> Or do we have to go the way install old dovecot/remove it or upgrade
>> instead of clean install?
>> Because as the ssl-params executaböe is missing in 2.3.0 I don't know
>> how else I should create it. If this file isn't even needed for 2.3.0
>> can it be a file with any content eg 'touch
>> /var/lib/dovecot/ssl-parameters.dat' so that the file is just there and
>> dovecot-init.servive doesn't want to call the
>> /usr/libexec/dovecot/ssl-params executable?
>>
>> Thanks,
>> Thomas
>>
>> Am 02.02.2018 um 09:26 schrieb Aki Tuomi:
 On February 2, 2018 at 5:09 AM TG Servers wrote:


 Hi,

 you definitely have a problem with the packages out of your own repo for
 version 2.3.0 and CentOS.
 And this is only if you do a clean install, meaning there was no lower
 dovecot version ever running on the system.

 If you want to 'systemctl start dovecot' it breaks with a dependency
 error which comes from dovecot-init.service.

 dovecot-init.service :
 [Unit]
 Description=One-time Dovecot init service
 ConditionPathExists=|!/var/lib/dovecot/ssl-parameters.dat
 ConditionPathExists=|!/etc/pki/dovecot/certs/dovecot.pem

 [Service]
 Type=oneshot
 RemainAfterExit=no
 ExecStart=/bin/sh -c '\
 if [ ! -f /etc/pki/dovecot/certs/dovecot.pem ]; \
 then\
 SSLDIR=/etc/pki/dovecot/
 OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf
 /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
 fi;\
 if [ ! -f /var/lib/dovecot/ssl-parameters.dat ]; \
 then\
 /usr/libexec/dovecot/ssl-params >/dev/null 2>&1; \
 fi'

 It wants to call /usr/libexec/dovecot/ssl-params if
 /var/lib/dovecot/ssl-parameters.dat (which is deprecated now as I
 understood) is not existing.
 The problem is in 2.3.0 /usr/libexec/dovecot/ssl-params is not existent
 anymore.

 This error does not occur if you for instance install 2.2.x from the
 base repo, start it once, and then update the version from your repo.
 This is because the ssl-parameters.dat was created with the old version
 then.

 But this should not be the expected behaviour I think. It should be
 possible to do a fresh install of 2.3.0 on a fresh system.

 Can you please get back to me on that?

 Thanks,
 Thomas
>>>
>>> Thank you for reporting this, we'll look into it.
>>>
>>> ---
>>> Aki Tuomi
>>>
>>> Dovecot oy
>>>

Re: Problem with CentOS package for 2.3.0 and old dependency in systemd with clean install

[TG Servers]

Ok thanks, for the moment :  can I just delete the lines in the
dovecot-init.service file or what is proposed here? It's no problem for
me to make the necessary changes I just need to know which of them
because I don't know if you just need this fiel internally or not.

Thanks

Am 14.02.2018 um 21:28 schrieb Aki Tuomi:
> We are planning to fix this for 2.3.1 release.
> 
> 
> 
> ---
> Aki Tuomi
> Dovecot oy
> 
>  Original message 
> From: TG Servers 
> Date: 14/02/2018 22:10 (GMT+02:00)
> To: dovecot@dovecot.org
> Subject: Re: Problem with CentOS package for 2.3.0 and old dependency in
>   systemd with clean install
> 
> Hi,
> 
> are there any news on this?
> Or do we have to go the way install old dovecot/remove it or upgrade
> instead of clean install?
> Because as the ssl-params executaböe is missing in 2.3.0 I don't know
> how else I should create it. If this file isn't even needed for 2.3.0
> can it be a file with any content eg 'touch
> /var/lib/dovecot/ssl-parameters.dat' so that the file is just there and
> dovecot-init.servive doesn't want to call the
> /usr/libexec/dovecot/ssl-params executable?
> 
> Thanks,
> Thomas
> 
> Am 02.02.2018 um 09:26 schrieb Aki Tuomi:
>>
>>> On February 2, 2018 at 5:09 AM TG Servers wrote:
>>>
>>>
>>> Hi,
>>>
>>> you definitely have a problem with the packages out of your own repo for
>>> version 2.3.0 and CentOS.
>>> And this is only if you do a clean install, meaning there was no lower
>>> dovecot version ever running on the system.
>>>
>>> If you want to 'systemctl start dovecot' it breaks with a dependency
>>> error which comes from dovecot-init.service.
>>>
>>> dovecot-init.service :
>>> [Unit]
>>> Description=One-time Dovecot init service
>>> ConditionPathExists=|!/var/lib/dovecot/ssl-parameters.dat
>>> ConditionPathExists=|!/etc/pki/dovecot/certs/dovecot.pem
>>>
>>> [Service]
>>> Type=oneshot
>>> RemainAfterExit=no
>>> ExecStart=/bin/sh -c '\
>>> if [ ! -f /etc/pki/dovecot/certs/dovecot.pem ]; \
>>> then\
>>> SSLDIR=/etc/pki/dovecot/
>>> OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf
>>> /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
>>> fi;\
>>> if [ ! -f /var/lib/dovecot/ssl-parameters.dat ]; \
>>> then\
>>> /usr/libexec/dovecot/ssl-params >/dev/null 2>&1; \
>>> fi'
>>>
>>> It wants to call /usr/libexec/dovecot/ssl-params if
>>> /var/lib/dovecot/ssl-parameters.dat (which is deprecated now as I
>>> understood) is not existing.
>>> The problem is in 2.3.0 /usr/libexec/dovecot/ssl-params is not existent
>>> anymore.
>>>
>>> This error does not occur if you for instance install 2.2.x from the
>>> base repo, start it once, and then update the version from your repo.
>>> This is because the ssl-parameters.dat was created with the old version
>>> then.
>>>
>>> But this should not be the expected behaviour I think. It should be
>>> possible to do a fresh install of 2.3.0 on a fresh system.
>>>
>>> Can you please get back to me on that?
>>>
>>> Thanks,
>>> Thomas
>>
>>
>> Thank you for reporting this, we'll look into it.
>>
>> ---
>> Aki Tuomi
>>
>> Dovecot oy
>>

Re: ACLs, shared, public, virtual mailboxes not working

[Aki Tuomi]

Hi!

It seems you are running 2.2.33.2 =)

Also,

Feb 12 08:48:40 imap(u...@example.com): Debug: Mailbox
'public/TestFolder' matches global ACL pattern 'public/TestFolder'
Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: reading file
/home/vmail/public/TestFolder/dovecot-acl
Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: reading file
/home/vmail/public/dovecot-acl

it seems there are some folder specific ACLs, can you check these?

Aki

On 15.02.2018 10:40, David Mehler wrote:
> Hello,
>
> I'm running Dovecot 2.2.3, and am having issues with my public
> folders, shared folders, and virtual/ALl folders apparently ACLs are
> on that list as well.
>
> I was debugging an unrelated problem with my smtp server and got the
> following dovecot debug log output. Below is also a doveconf -n output
> as well as my shared-folder definition file and my global-acls file.
>
> What I'm trying to accomplish is:
>
> 1. Have a public folder that any user on the system can put messages
> into and respond to.
> 2. Have a shared folder in which us...@example.com and
> us...@example2.com can exchange messages.
> 3. For each user on the system give them a Virtual/All folder for *all
> of their messages.
>
> I'd appreciate any help. As an aside if anyone sees an issue with my
> SSL ciphers list i'd appreciate knowing that as well, in brief I'm
> trying to get the most secure list, pfs, and not worrying about
> backware compatibility. If it's not TLS 1.2 I don't touch it.
>
> Thanks.
> Dave.
> Feb 12 08:48:40 imap(u...@example.com): Debug: Module loaded:
> /usr/local/lib/dovecot/lib01_acl_plugin.so
> Feb 12 08:48:40 imap(u...@example.com): Debug: Module loaded:
> /usr/local/lib/dovecot/lib02_imap_acl_plugin.so
> Feb 12 08:48:40 imap(u...@example.com): Debug: Effective uid=999,
> gid=999, home=/home/vmail/example.com/user
> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace inbox:
> type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
> subscriptions=yes location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
> Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
> root=/home/vmail/example.com/user/mail, index=, indexpvt=, control=,
> inbox=/home/vmail/example.com/user/mail, alt=
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
> backend with data:
> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
> u...@example.com
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 1
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
> file: /usr/local/etc/dovecot/global-acls
> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
> type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes,
> subscriptions=yes
> location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
> Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
> root=/home/vmail/public,
> index=/home/vmail/example.com/user/mail/public,
> indexpvt=/home/vmail/example.com/user/mail/public,
> control=/home/vmail/example.com/user/mail/public, inbox=, alt=
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
> backend with data:
> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
> u...@example.com
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 0
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
> file: /usr/local/etc/dovecot/global-acls
> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
> type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=yes,
> subscriptions=yes location=maildir:~/mail/:INDEX=~/mail/shared/%Ld/%Ln
> Feb 12 08:48:40 imap(u...@example.com): Debug: shared:
> root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
> backend with data:
> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
> u...@example.com
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 0
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
> file: /usr/local/etc/dovecot/global-acls
> Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
> type=private, prefix=virtual/, sep=/, inbox=no, hidden=no, list=yes,
> subscriptions=yes location=virtual:/usr/local/etc/dovecot/virtual
> Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
> root=/usr/local/etc/dovecot/virtual, index=, indexpvt=, control=,
> inbox=, alt=
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
> backend with data:
> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
> u...@example.com
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 1
> Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global 

ACLs, shared, public, virtual mailboxes not working

[David Mehler]

Hello,

I'm running Dovecot 2.2.3, and am having issues with my public
folders, shared folders, and virtual/ALl folders apparently ACLs are
on that list as well.

I was debugging an unrelated problem with my smtp server and got the
following dovecot debug log output. Below is also a doveconf -n output
as well as my shared-folder definition file and my global-acls file.

What I'm trying to accomplish is:

1. Have a public folder that any user on the system can put messages
into and respond to.
2. Have a shared folder in which us...@example.com and
us...@example2.com can exchange messages.
3. For each user on the system give them a Virtual/All folder for *all
of their messages.

I'd appreciate any help. As an aside if anyone sees an issue with my
SSL ciphers list i'd appreciate knowing that as well, in brief I'm
trying to get the most secure list, pfs, and not worrying about
backware compatibility. If it's not TLS 1.2 I don't touch it.

Thanks.
Dave.
Feb 12 08:48:40 imap(u...@example.com): Debug: Module loaded:
/usr/local/lib/dovecot/lib01_acl_plugin.so
Feb 12 08:48:40 imap(u...@example.com): Debug: Module loaded:
/usr/local/lib/dovecot/lib02_imap_acl_plugin.so
Feb 12 08:48:40 imap(u...@example.com): Debug: Effective uid=999,
gid=999, home=/home/vmail/example.com/user
Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace inbox:
type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
subscriptions=yes location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
root=/home/vmail/example.com/user/mail, index=, indexpvt=, control=,
inbox=/home/vmail/example.com/user/mail, alt=
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
backend with data:
vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
u...@example.com
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 1
Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
file: /usr/local/etc/dovecot/global-acls
Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes,
subscriptions=yes
location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
root=/home/vmail/public,
index=/home/vmail/example.com/user/mail/public,
indexpvt=/home/vmail/example.com/user/mail/public,
control=/home/vmail/example.com/user/mail/public, inbox=, alt=
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
backend with data:
vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
u...@example.com
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 0
Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
file: /usr/local/etc/dovecot/global-acls
Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=yes,
subscriptions=yes location=maildir:~/mail/:INDEX=~/mail/shared/%Ld/%Ln
Feb 12 08:48:40 imap(u...@example.com): Debug: shared:
root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
backend with data:
vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
u...@example.com
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 0
Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
file: /usr/local/etc/dovecot/global-acls
Feb 12 08:48:40 imap(u...@example.com): Debug: Namespace :
type=private, prefix=virtual/, sep=/, inbox=no, hidden=no, list=yes,
subscriptions=yes location=virtual:/usr/local/etc/dovecot/virtual
Feb 12 08:48:40 imap(u...@example.com): Debug: fs:
root=/usr/local/etc/dovecot/virtual, index=, indexpvt=, control=,
inbox=, alt=
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: initializing
backend with data:
vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: acl username =
u...@example.com
Feb 12 08:48:40 imap(u...@example.com): Debug: acl: owner = 1
Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: Global ACL
file: /usr/local/etc/dovecot/global-acls
Feb 12 08:48:40 imap(u...@example.com): Debug: quota: quota_over_flag
check: quota_over_script unset - skipping
Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/dovecot-acl not found
Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Drafts/dovecot-acl not found
Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Spam/dovecot-acl not found
Feb 12 08:48:40 imap(u...@example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Trash/dovecot-acl not found
Feb 12 08:48:40