Re: upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
On Fri, 22 Jun 2018, Joseph Tam wrote: However, recent advances make this condition obsolete [*] and not really safer, so a much faster way to generate a DH key is openssl dhparam -dsaparam -out dh.pem 4096 DH generation is a one time operation, so if you're paranoid and you've got time to burn, go ahead and generate the "safe" DH key. [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam) Oh, I might have to backtrack on this claim https://www.openssl.org/news/secadv/20160128.txt although it's beyond my understanding whether it's applicable to Dovecot. Joseph Tam
Re: upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
On Fri, 22 Jun 2018, Aki Tuomi wrote: Do I need to make a fresh dh.pem? The upgrade doc tells how to convert ssl-parameters.dat but how to make a new one? ... or you can make a fresh one using openssl gendh 4096 > dh.pem This also works openssl dhparam -out dh.pem 4096 Note that this will require quite a lot of entropy, so you should probably ensure that you run it on a laptop or with virtual machine that has some entropy source/helper. It can take an extraordinary amount of time for long keys. Most of the time/entropy is taken up to produce a "safe" prime (p) such that (p-1)/2 is also prime to resist some factoring algorithms. However, recent advances make this condition obsolete [*] and not really safer, so a much faster way to generate a DH key is openssl dhparam -dsaparam -out dh.pem 4096 DH generation is a one time operation, so if you're paranoid and you've got time to burn, go ahead and generate the "safe" DH key. [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam) Joseph Tam
Pigeonhole extdata repo?
Pigeonhole download page has links for extdata plugin up to v0.4 but nothing more and no link to the master repository https://pigeonhole.dovecot.org/download.html I want to use with dovecot 2.3.2rc1 but v0.4 won't compile with it. Thanks for helping - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
Re: Can't build pigeonhole against dovecot 2.3.2rc1
Quoting Aki Tuomi : Try using branch master-0.5 Confirmed working, thank you. Now extdata is not compiling, I can't find its master repository...? - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
Re: Can't build pigeonhole against dovecot 2.3.2rc1
Try using branch master-0.5 Aki > On 22 June 2018 at 21:24 ta...@vfemail.net wrote: > > > Help? > > ntfy-mailto.c: In function ‘ntfy_mailto_send’: > ntfy-mailto.c:505:5: error: too few arguments to function > ‘smtp_address_create_from_msg_temp’ > sieve_get_postmaster(senv)); > ^ > In file included from ./../../../sieve-types.h:5:0, > from ./../../../sieve-common.h:7, > from ntfy-mailto.c:30: > /usr/local/include/dovecot/smtp-address.h:101:5: note: declared here > int smtp_address_create_from_msg_temp(const struct message_address > *msg_addr, > ^ > ntfy-mailto.c: In function ‘ntfy_mailto_action_execute’: > ntfy-mailto.c:682:4: error: too few arguments to function > ‘smtp_address_create_from_msg_temp’ > sieve_get_postmaster(senv)); > ^ > In file included from ./../../../sieve-types.h:5:0, > from ./../../../sieve-common.h:7, > from ntfy-mailto.c:30: > /usr/local/include/dovecot/smtp-address.h:101:5: note: declared here > int smtp_address_create_from_msg_temp(const struct message_address > *msg_addr, > ^ > make[6]: *** [ntfy-mailto.lo] Error 1 > > > > - > > ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the > NSA's hands! > $24.95 ONETIME Lifetime accounts with Privacy Features! > 15GB disk! No bandwidth quotas! > Commercial and Bulk Mail Options!
Can't build pigeonhole against dovecot 2.3.2rc1
Help? ntfy-mailto.c: In function ‘ntfy_mailto_send’: ntfy-mailto.c:505:5: error: too few arguments to function ‘smtp_address_create_from_msg_temp’ sieve_get_postmaster(senv)); ^ In file included from ./../../../sieve-types.h:5:0, from ./../../../sieve-common.h:7, from ntfy-mailto.c:30: /usr/local/include/dovecot/smtp-address.h:101:5: note: declared here int smtp_address_create_from_msg_temp(const struct message_address *msg_addr, ^ ntfy-mailto.c: In function ‘ntfy_mailto_action_execute’: ntfy-mailto.c:682:4: error: too few arguments to function ‘smtp_address_create_from_msg_temp’ sieve_get_postmaster(senv)); ^ In file included from ./../../../sieve-types.h:5:0, from ./../../../sieve-common.h:7, from ntfy-mailto.c:30: /usr/local/include/dovecot/smtp-address.h:101:5: note: declared here int smtp_address_create_from_msg_temp(const struct message_address *msg_addr, ^ make[6]: *** [ntfy-mailto.lo] Error 1 - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
variable forwarding buglet
I wanted to forward information from the director to the backend dovecot
(original login name), so I had the userdb on the director return a
forward_ologin variable.
However, when I tried to use that variable in the "password_key" query on the
backend dovecot, ${forward_ologin} was expanded to UNSUPPORTED_VARIABLE_forward_ologin.
After testing a bit and looking around in the source a bit, and turning on debugging
logging, it appeared that the forwarded variables actually appear as "passdb/userdb
extra fields". So in my case, the forwarded information is available as
%{passdb:forward_ologin}.
So, problem solved, but this is either an implementation bug, or a
documentation bug, or oversight.
--
Jan-Pieter Cornet
Systeembeheer XS4ALL Internet bv
www.xs4all.nl
signature.asc
Description: OpenPGP digital signature
lazy expunge folder delete bug
There's a bug in "folder delete" for lazy expunge, type "1 namespace", as
descibed on https://wiki2.dovecot.org/Plugins/Lazyexpunge
When trying to delete a mailbox that still has messages in it, but that has no
EXPUNGED/ counterpart, the process hangs after the imap "DELETE" command,
and the following appears in the log file after a 60s timeout:
Jun 22 15:48:15 userimap6 dovecot: imap(xtra30): Error: Couldn't create mailbox
list lock /var/mail/.8d1/index/4/03/xtra30/index/mailboxes.lock:
file_create_locked(/var/mail/.8d1/index/4/03/xtra30/index/mailboxes.lock)
failed: flock(/var/mail/.8d1/index/4/03/xtra30/index/mailboxes.lock,
write-lock) failed: Timed out after 60 seconds (BUG: lock is held by our own
process)
Jun 22 15:48:15 userimap6 dovecot: imap(xtra30): Error: lazy_expunge: Couldn't
open expunge mailbox: Failed to create mailbox EXPUNGED/Test: Internal error
occurred. Refer to server log for more information. [2018-06-22 15:47:15]
Jun 22 15:48:15 userimap6 dovecot: imap(xtra30): Error: Lazy-expunge
transaction failed: Internal error occurred. Refer to server log for more
information. [2018-06-22 15:47:15]
very quick summage of settings:
8<-
mail_plugins = $mail_plugins lazy_expunge
mail_location =
mdbox:/var/mail/.8d1/mail/4/03/xtra30:INDEX=/var/mail/.8d1/index/4/03/xtra30/index
### from userdb
namespace {
inbox = yes
list = yes
prefix =
separator = /
}
namespace expunged {
hidden = yes
inbox = no
list = no
prefix = EXPUNGED/
separator = /
location =
mdbox:/var/mail/.8d1/mail/4/03/xtra30:INDEX=/var/mail/.8d1/index/4/03/xtra30/index:MAILBOXDIR=expunged:LISTINDEX=expunged.list.index:SUBSCRIPTIONS=expunged.subscriptions
### also from userdb
}
plugin {
lazy_expunge = EXPUNGED/
}
8<-
(full doveconf available on request)
State of the account before delete: mailbox "Test" exists, 20 messages in it:
x LIST * *
* LIST (\HasNoChildren \UnMarked \Trash) "/" Trash
* LIST (\HasNoChildren \Marked) "/" Test
* LIST (\HasNoChildren \UnMarked \Junk) "/" Spam
* LIST (\HasNoChildren \UnMarked) "/" Sent
* LIST (\HasNoChildren \UnMarked) "/" Drafts
* LIST (\HasNoChildren) "/" INBOX
x OK List completed (0.009 + 0.000 + 0.008 secs).
x LIST EXPUNGED/* *
x OK List completed (0.001 + 0.000 secs).
x DELETE Test
x NO [SERVERBUG] Internal error occurred. Refer to server log for more
information. [2018-06-22 15:47:15] (60.064 + 0.000 + 60.063 secs).
... resulting in the above log lines.
However, if you first delete one message (causing EXPUNGED/Test to be created),
and then remove the folder, it works fine:
x SELECT Test
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags
permitted.
* 20 EXISTS
* 2 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1352910749] UIDs valid
* OK [UIDNEXT 21] Predicted next UID
* OK [HIGHESTMODSEQ 21] Highest
x OK [READ-WRITE] Select completed (0.010 + 0.000 + 0.009 secs).
x FETCH 1:* (FLAGS)
* 1 FETCH (FLAGS ())
[...boring...]
* 20 FETCH (FLAGS (\Recent))
x OK Fetch completed (0.002 + 0.000 + 0.001 secs).
x STORE 1 +FLAGS (\Deleted)
* 1 FETCH (FLAGS (\Deleted))
x OK Store completed (0.011 + 0.000 + 0.010 secs).
x EXPUNGE
* 1 EXPUNGE
x OK Expunge completed (0.131 + 0.000 + 0.130 secs).
X LIST * *
* LIST (\HasNoChildren \UnMarked \Trash) "/" Trash
* LIST (\HasNoChildren \UnMarked) "/" Test
* LIST (\HasNoChildren \UnMarked \Junk) "/" Spam
* LIST (\HasNoChildren \UnMarked) "/" Sent
* LIST (\HasNoChildren \UnMarked) "/" Drafts
* LIST (\HasNoChildren) "/" INBOX
X OK List completed (0.005 + 0.000 + 0.004 secs).
x LIST EXPUNGED/* *
* LIST (\HasNoChildren \Marked) "/" EXPUNGED/Test
x OK List completed (0.002 + 0.000 + 0.001 secs).
x SELECT INBOX
* OK [CLOSED] Previous mailbox closed.
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
[...INBOX opening msgs...]
x OK [READ-WRITE] Select completed (0.005 + 0.000 + 0.004 secs).
x DELETE Test
x OK Delete completed (0.129 + 0.000 + 0.128 secs).
x LIST * *
* LIST (\HasNoChildren \UnMarked \Trash) "/" Trash
* LIST (\HasNoChildren \UnMarked \Junk) "/" Spam
* LIST (\HasNoChildren \UnMarked) "/" Sent
* LIST (\HasNoChildren \UnMarked) "/" Drafts
* LIST (\HasNoChildren) "/" INBOX
x OK List completed (0.005 + 0.000 + 0.004 secs).
x LIST EXPUNGED/* *
* LIST (\HasNoChildren \Marked) "/" EXPUNGED/Test
x OK List completed (0.003 + 0.000 + 0.002 secs).
Seems the delete opeation locks the mailbox list, and then the expunge create
hits the same lock. Is this something we can fix by changing settings? Eg use
another location for the expunge lock?
--
Jan-Pieter Cornet
Systeembeheer XS4ALL Internet bv
www.xs4all.nl
signature.asc
Description: OpenPGP digital signature
Location of dovecot.sieve
Hello! If I set sieve = file:~/sieve;active=~/.dovecot.sieve in dovecot.conf like I read in the documentation I get Jun 22 16:36:01 lda(a.meyer): Error: sieve: sieve file backend: invalid option `active=~/.dovecot.sieve' Jun 22 16:36:01 lda(a.meyer): Error: sieve: failed to access user's Sieve script file:~/sieve;active=~/.dovecot.sieve (temporary failure) What is wrong with this one? Kind regards Andreas
Re: enable dovecot.sieve.log
ratatouille schrieb am 22.06.18 um 13:19:20 Uhr: > How do I enable dovecot.sieve.log? I see nothing about that in 90-sieve.conf Found it. Did it in the plugin-section. Andreas
enable dovecot.sieve.log
Hello! How do I enable dovecot.sieve.log? I see nothing about that in 90-sieve.conf Kind regards Andreas
Re: sievescript is not working
Benny Pedersen schrieb am 22.06.18 um 03:32:26 Uhr: > ratatouille skrev den 2018-06-21 20:25: > > > # sieve-test ./managesieve.sieve ./testfile -D > > sieve-test(andreas): Debug: sieve: Pigeonhole version 0.4.2 > > initializing > > sieve-test(andreas): Debug: sieve: include: sieve_global_dir is not > > set; it is currently not possible to include `:global' scripts. > > debug: script binary ./managesieve.svbin is not up-to-date. > > debug: script `managesieve' from ./managesieve.sieve successfully > > compiled. > > what happends if runned again now ? > > it seem it was not compiled before > > remember only content in svbin is used Since I defined mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" in main.cf of postfix I have some more problems. Jun 22 12:36:45 bitmachine1 postfix/smtpd[31220]: connect from smtp.amimanera.de[2a02:248:2:3377:5054:ff:fe80:307] Jun 22 12:36:45 bitmachine1 postfix/smtpd[31220]: Trusted TLS connection established from smtp.amimanera.de[2a02:248:2:3377:5054:ff:fe80:307]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jun 22 12:36:47 bitmachine1 postgrey[2377]: action=pass, reason=triplet found, client_name=smtp.amimanera.de, client_address=2a02:248:2:3377:5054:ff:fe80:307, sender=andr...@amimanera.de, recipient=a.me...@bitcorner.de Jun 22 12:36:47 bitmachine1 postfix/smtpd[31220]: NOQUEUE: client=smtp.amimanera.de[2a02:248:2:3377:5054:ff:fe80:307] Jun 22 12:36:51 bitmachine1 postfix/smtpd[31224]: connect from localhost[127.0.0.1] Jun 22 12:36:51 bitmachine1 postfix/smtpd[31224]: 0DAC7219AE: client=localhost[127.0.0.1] Jun 22 12:36:51 bitmachine1 postfix/cleanup[31225]: 0DAC7219AE: message-id=<20180622123414.08aac41d@workstation> Jun 22 12:36:51 bitmachine1 postfix/qmgr[23073]: 0DAC7219AE: from=, size=1826, nrcpt=1 (queue active) Jun 22 12:36:51 bitmachine1 postfix/smtpd[31224]: disconnect from localhost[127.0.0.1] Jun 22 12:36:51 bitmachine1 postfix/smtpd[31220]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0DAC7219AE; from= to= proto=ESMTP helo= Jun 22 12:36:51 bitmachine1 postfix/smtpd[31220]: disconnect from smtp.amimanera.de[2a02:248:2:3377:5054:ff:fe80:307] Jun 22 12:36:51 bitmachine1 postfix/local[31226]: 0DAC7219AE: to=, relay=local, delay=0.31, delays=0.04/0.03/0/0.23, dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT") Jun 22 12:36:51 bitmachine1 postfix/qmgr[23073]: 0DAC7219AE: removed But the mail is not stored in the mailbox of the user. This is from dovecot-debug.log: Jun 22 12:36:51 lda(a.meyer): Debug: acl: initializing backend with data: vfile Jun 22 12:36:51 lda(a.meyer): Debug: acl: acl username = a.meyer Jun 22 12:36:51 lda(a.meyer): Debug: acl: owner = 0 Jun 22 12:36:51 lda(a.meyer): Debug: acl vfile: Global ACLs disabled Jun 22 12:36:51 lda(a.meyer): Debug: userdb lookup skipped, username taken from USER environment Jun 22 12:36:51 lda(a.meyer): Debug: Quota root: name=User quota backend=maildir args= Jun 22 12:36:51 lda(a.meyer): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0 Jun 22 12:36:51 lda(a.meyer): Debug: Quota rule: root=User quota mailbox=Trash bytes=+21474836 (2%) messages=0 Jun 22 12:36:51 lda(a.meyer): Debug: Quota grace: root=User quota bytes=10737418 (1%) Jun 22 12:36:51 lda(a.meyer): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Jun 22 12:36:51 lda(a.meyer): Debug: Destination address: a.me...@bitcorner.de (source: -a parameter) Jun 22 12:36:51 lda(a.meyer): Debug: sieve: Pigeonhole version 0.4.2 initializing Jun 22 12:36:51 lda(a.meyer): Debug: sieve: include: sieve_global_dir is not set; it is currently not possible to include `:global' scripts. Jun 22 12:36:51 lda(a.meyer): Debug: sieve: script file /home/a.meyer/.dovecot.sieve not found Jun 22 12:36:51 lda(a.meyer): Debug: sieve: user's script ~/.dovecot.sieve doesn't exist (trying default script location instead) Jun 22 12:36:51 lda(a.meyer): Debug: sieve: no default script configured for user Jun 22 12:36:51 lda(a.meyer): Debug: sieve: user has no valid location for a personal script Jun 22 12:36:51 lda(a.meyer): Debug: sieve: no scripts to execute: reverting to default delivery. From dovecot-lda.log: Jun 22 12:36:51 lda(a.meyer): Info: msgid=<20180622123414.08aac41d@workstation>: saved mail to INBOX But the mail is not there. I'll disable mailbox_command now until I understand how to enable sieve for systemusers. For virtual users sieve works without problem. The question is how do I enable sieve for systemusers. I guess it must be with the help of lda. Kind regards Andreas
Re: upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
> On 22 June 2018 at 10:18 ta...@vfemail.net wrote: > > > > hi sorry if question was asked already. Was reading > https://wiki2.dovecot.org/Upgrading/2.3 > > first I'm confused on diffie hellman parameters file. I never set up > ssl-parameters.dat before (should i have? do I have one that was > automatically made for me by dovecot?) > > Do I need to make a fresh dh.pem? The upgrade doc tells how to convert > ssl-parameters.dat but how to make a new one? > 2.2 makes the ssl-parameters.dat automatically. You can choose to either use that with the instructions given, or you can make a fresh one using openssl gendh 4096 > dh.pem Note that this will require quite a lot of entropy, so you should probably ensure that you run it on a laptop or with virtual machine that has some entropy source/helper. > other question is if I copy ssl_min_protocol from example config into > my existing config is that enough? do experts on this list recommend > any tweaks that increase client requirements more than dovecot > developers are comfortable with but will ensure more secure protocol > usage? > ssl_min_protocols defines the minimum TLS protocol the server supports. We recommend TLSv1, but if you want, you can experiment with TLSv1.2, which will decrease client compability a bit. Aki > > - > > ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the > NSA's hands! > $24.95 ONETIME Lifetime accounts with Privacy Features! > 15GB disk! No bandwidth quotas! > Commercial and Bulk Mail Options!
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
hi sorry if question was asked already. Was reading https://wiki2.dovecot.org/Upgrading/2.3 first I'm confused on diffie hellman parameters file. I never set up ssl-parameters.dat before (should i have? do I have one that was automatically made for me by dovecot?) Do I need to make a fresh dh.pem? The upgrade doc tells how to convert ssl-parameters.dat but how to make a new one? other question is if I copy ssl_min_protocol from example config into my existing config is that enough? do experts on this list recommend any tweaks that increase client requirements more than dovecot developers are comfortable with but will ensure more secure protocol usage? - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
