Re: Local access to IMAP mailboxes
This time an Android IMAP client complains about the "unexpected end
of the network stream" while opening a mailbox named "dss", and
dovecot logs:
Sep 28 23:01:34 admin dovecot: imap-login: Login: user=, method=PLAIN,
rip=78.140.19.131, lip=95.179.154.55, mpid=85536, TLS,
session=<6ITSkfB2JfNOjBOD>
Sep 28 23:01:35 admin dovecot: Error: imap(vas)<85536><6ITSkfB2JfNOjBOD>:
Corrupted record in index cache file
/home/vas/Mail/.imap/dss/dovecot.index.cache: UID 56: Broken physical size in
mailbox dss: read(/home/vas/Mail/dss) failed: Cached message size smaller than
expected (8271 < 8282, box=dss, UID=56)
Sep 28 23:01:35 admin dovecot: Error: imap(vas)<85536><6ITSkfB2JfNOjBOD>:
Mailbox dss: UID=56: read(/home/vas/Mail/dss) failed: Cached message size
smaller than expected (8271 < 8282, box=dss, UID=56) (FETCH BODY[2])
Sep 28 23:01:35 admin dovecot: imap(vas)<85536><6ITSkfB2JfNOjBOD>: FETCH read()
failed in=896 out=54723 deleted=0 expunged=0 trashed=0 hdr_count=15
hdr_bytes= body_count=14 body_bytes=37063
Sep 28 23:02:54 admin dovecot: imap-login: Login: user=, method=PLAIN,
rip=78.140.19.131, lip=95.179.154.55, mpid=85560, TLS,
session=
Sep 28 23:02:55 admin dovecot: Error: imap(vas)<85560>:
Corrupted record in index cache file
/home/vas/Mail/.imap/dss/dovecot.index.cache: UID 27: Broken physical size in
mailbox dss: read(/home/vas/Mail/dss) failed: Cached message size smaller than
expected (4867 < 4878, box=dss, UID=27)
Sep 28 23:02:55 admin dovecot: imap(vas)<85560>: Panic: file
istream.c: line 315 (i_stream_read_memarea): assertion failed: (old_size <=
_stream->pos - _stream->skip)
Sep 28 23:02:55 admin dovecot: imap(vas)<85560>: Fatal:
master: service(imap): child 85560 killed with signal 6 (core not dumped -
https://dovecot.org/bugreport.html#coredumps - set service imap {
drop_priv_before_exec=yes })
Is this that corrupted index case? It even causes the panic in the
daemon. Can I fix the index or somehow reindex the mailbox?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
outlook idiocy - IMAP folders with /
user attempts to create folders with / dovecot naturally cannot create it so it returns error but outlook of course "create" it and keep data in local store only. data is lost when you remove local store .pst file. The question is - can dovecot be configured so it will automatically replace slash in name with something else?
Fatal: setgid, imap connections dropped.
Hi,
I'm getting errors with my IMAP setup.
Basically, everything seems to work.
Mail is delivered nicely from Postfix to Dovecot via LMTP. Dovecot does
the authentication to LDAP (also for Postfix). Users are able to send mail
via authenticated submission (Postfix) and login into IMAP and POP.
However, IMAP connections are dropped frequently with an "ERROR:
Connection dropped by IMAP server.". After pressing reload on the webmail,
or refreshing in the client might help for a short period. So it fails
intermittently.
The errors in the maillog are below. It seems to be mixing up users kind
of randomly. I think when multiple connections are made at the same time.
Did a lot of searching, put couldn't find an answer to this problem. All I
can find is related to LDA, which I'm not using.
Any help would be appreciated.
Errors from the log:
Sep 28 00:03:24 mailserver dovecot: imap(userD)<14864>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:03:24 mailserver dovecot: imap(userD)<17009>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:03:26 mailserver dovecot: imap(userD)<12807><8T0iguF2NspUUoaT>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:06:59 mailserver dovecot: imap(userD)<15661>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:07:54 mailserver dovecot: imap(userA)<45614>:
Fatal: setgid(1011(userA) from userdb lookup) failed with
euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not
permitted (This binary should probably be called with process group set to
1011(userA) instead of 1012(userD))
Sep 28 00:08:08 mailserver dovecot: imap(userF)<45055>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1012(userD))
Sep 28 00:08:08 mailserver dovecot: imap(userF)<46412><87ntkuF2JvptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1011(userA))
Sep 28 00:08:08 mailserver dovecot: imap(userF)<44858><0nXzkuF2KfptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1012(userD))
Sep 28 00:08:14 mailserver dovecot: imap(userF)<36517>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1017(userC), gid=1017(userC), egid=1017(userC): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1017(userC))
Sep 28 00:08:36 mailserver dovecot: imap(userF)<10531>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1011(userA))
# dovecot --version
2.3.2.1 (0719df592)
# 2.3.2.1 (0719df592): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.2 (7704de5e)
# OS: FreeBSD 11.2-RELEASE amd64
# Hostname: callisto
auth_cache_size = 10 M
auth_debug = yes
imap_idle_notify_interval = 29 mins
mail_debug = yes
mail_fsync = never
mail_location = maildir:~/Maildir
mail_plugins = " fts fts_solr"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
}
passdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
Bug in conditionals to assign values to variables?
Hi,
According to https://wiki2.dovecot.org/Variables you could use
conditionals to assign values to a varible. The syntax is:
%{if;value1;operator;value2;value-if-true;value-if-false}
where any of the fields can refer to another field using %v or %{value}
syntax.
The problem is that when I use a config like:
user_attrs = ...,=relpath=%{if;%u;eq;somevalue;valuetrue;valuefalse}
it works without any problem. But when I use:
user_attrs = ...,=relpath=%{if;%{user};eq;somevalue;valuetrue;valuefalse}
then it reports in logs:
Sep 28 14:23:22 myotis60 dovecot: auth: Error:
var_expand_long(if;%{user}) failed: if: requires four or five
parameters, got 1
anyway, the variable is correctly initialized, but I get the log.
Is this a bug?
PS: I'm running dovecot 2.2.33
--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 86337
Re: v2.3.3 rc1 - Error: sieve: !!BUG!!: Binary compiled from dovecot.sieve is still corrupt
On 28.09.2018 13:44, Aki Tuomi wrote: > > On 28.09.2018 12:38, James wrote: >> On 27/09/2018 16:14, Sami Ketola wrote: >> It was studio cc. gcc doesn't make it through configure and I didn't ask why. >>> Can you share a little bit more info on how did the compile (or >>> configure even) fail with gcc on Solaris 11? >> >> $ ./configure $ARGS >> ... >> checking Linux compatible mremap()... no >> checking whether shared mmaps get updated by write()s... no >> checking whether fd passing works... no >> configure: error: fd passing is required for Dovecot to work >> >> Which in the log corresponds to: >> >> configure:22685: ./conftest >> ./configure[2026]: eval: line 1: 22335: Memory fault(coredump) >> >> >> Appears to the option "-mfunction-return=thunk" that cause the >> problem, remove and no core dump. Older gccs do not have >> -mfunction-return. >> >> >> >> >> >>> as I have no problems in compiling dovecot and pigeonhole on my >>> Solaris 11.3 system with gcc. The version that ships with my Solaris >>> is 4.5.2. >> Strictly speaking Solaris 11 does not ship with gcc, one can install >> it [from the OS vendor] with pkg and there is a choice of versions. >> >> # pkg list -a | grep gcc-c >> >> >> I have gcc versions installed: 4.9.5, 5.5.0, 6.4.0, 7.3.0 and 8.2.0. >> >> >> >>> I also have Sun Studio 12.5 installed but I have not even tried to >>> compile dovecot wit that yet. >> Current Release - Oracle Developer Studio 12.6. >> >> >> >> >> >> James. > Appears we need more thoroughly ensure -mfunction-return=thunk actually > works. > > Aki You can use --disable-harderning to disable these things. Aki
Re: Local access to IMAP mailboxes
Joseph Tam wrote:
[dd]
>
> Whether you use any of them is up to you. As I said, direct mailbox
> file access will work. However, if you deal with Gb size mailboxes,
> re-indexing and general mail operations will be painful.
>
> > My mail goes through procmail, so Dovecot will not be the only one to
> > touch the mboxes anyway.
>
> Not a deterrent: replace all mailbox recipies with a pipe to dovecot's LDA
>
> :0 ... pattern ...
> | /path/to/dovecot-lda -d {user} -m {mailbox}
>
> ...
>
> # End of file: deliver to inbox
> :0 w
> | /path/to/dovecot-lda -d {user}
>
This will clutter up ~/.procmailrc, but may be I'll try someday.
Now I have encountered a different problem. My Android IMAP client
(the Gmail map) shows lots of mails in my Inbox. However, I already
deleted those mails locally from /var/mai/vas. They are being cached
somewhere.
Is it not dovecot caching them?
Nor can I find a way to forcefully rescan an IMAP folder in the Gmail app.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
Re: v2.3.3 rc1 - Error: sieve: !!BUG!!: Binary compiled from dovecot.sieve is still corrupt
On 28.09.2018 12:38, James wrote: > On 27/09/2018 16:14, Sami Ketola wrote: > >>> It was studio cc. gcc doesn't make it through configure and I >>> didn't ask why. >> >> Can you share a little bit more info on how did the compile (or >> configure even) fail with gcc on Solaris 11? > > > $ ./configure $ARGS > ... > checking Linux compatible mremap()... no > checking whether shared mmaps get updated by write()s... no > checking whether fd passing works... no > configure: error: fd passing is required for Dovecot to work > > Which in the log corresponds to: > > configure:22685: ./conftest > ./configure[2026]: eval: line 1: 22335: Memory fault(coredump) > > > Appears to the option "-mfunction-return=thunk" that cause the > problem, remove and no core dump. Older gccs do not have > -mfunction-return. > > > > > >> as I have no problems in compiling dovecot and pigeonhole on my >> Solaris 11.3 system with gcc. The version that ships with my Solaris >> is 4.5.2. > > Strictly speaking Solaris 11 does not ship with gcc, one can install > it [from the OS vendor] with pkg and there is a choice of versions. > > # pkg list -a | grep gcc-c > > > I have gcc versions installed: 4.9.5, 5.5.0, 6.4.0, 7.3.0 and 8.2.0. > > > >> I also have Sun Studio 12.5 installed but I have not even tried to >> compile dovecot wit that yet. > > Current Release - Oracle Developer Studio 12.6. > > > > > > James. Appears we need more thoroughly ensure -mfunction-return=thunk actually works. Aki
Re: v2.3.3 rc1 - Error: sieve: !!BUG!!: Binary compiled from dovecot.sieve is still corrupt
On 27/09/2018 16:14, Sami Ketola wrote: It was studio cc. gcc doesn't make it through configure and I didn't ask why. Can you share a little bit more info on how did the compile (or configure even) fail with gcc on Solaris 11? $ ./configure $ARGS ... checking Linux compatible mremap()... no checking whether shared mmaps get updated by write()s... no checking whether fd passing works... no configure: error: fd passing is required for Dovecot to work Which in the log corresponds to: configure:22685: ./conftest ./configure[2026]: eval: line 1: 22335: Memory fault(coredump) Appears to the option "-mfunction-return=thunk" that cause the problem, remove and no core dump. Older gccs do not have -mfunction-return. as I have no problems in compiling dovecot and pigeonhole on my Solaris 11.3 system with gcc. The version that ships with my Solaris is 4.5.2. Strictly speaking Solaris 11 does not ship with gcc, one can install it [from the OS vendor] with pkg and there is a choice of versions. # pkg list -a | grep gcc-c I have gcc versions installed: 4.9.5, 5.5.0, 6.4.0, 7.3.0 and 8.2.0. I also have Sun Studio 12.5 installed but I have not even tried to compile dovecot wit that yet. Current Release - Oracle Developer Studio 12.6. James.
Re: Local access to IMAP mailboxes
Joseph Tam wrote:
[dd]
>
> Whether you use any of them is up to you. As I said, direct mailbox
> file access will work. However, if you deal with Gb size mailboxes,
> re-indexing and general mail operations will be painful.
>
> > My mail goes through procmail, so Dovecot will not be the only one to
> > touch the mboxes anyway.
>
> Not a deterrent: replace all mailbox recipies with a pipe to dovecot's LDA
>
> :0 ... pattern ...
> | /path/to/dovecot-lda -d {user} -m {mailbox}
>
> ...
>
> # End of file: deliver to inbox
> :0 w
> | /path/to/dovecot-lda -d {user}
>
This will clutter up ~/.procmailrc, but may be I'll try someday.
Now I have encountered a different problem. My Android IMAP client
(the Gmail map) shows lots of mails in my Inbox. However, I already
deleted those mails locally from /var/mai/vas. They are being cached
somewhere.
Is it not dovecot caching them?
Nor can I find a way to forcefully rescan an IMAP folder in the Gmail app.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
Re: v2.3.3 rc1 - Error: sieve: !!BUG!!: Binary compiled from dovecot.sieve is still corrupt
On 27/09/2018 14:55, Josef 'Jeff' Sipek wrote: On Thu, Sep 27, 2018 at 10:42:16 +0100, James wrote: $ dovecot -c dovecot.conf -n # 2.3.3.rc1 (14e4920d8): dovecot.conf # Pigeonhole version 0.5.2 (7704de5e) # OS: SunOS 5.11 i86pc Out of curiosity, is this a Solaris system or an illumos system? Not Illumos. Test builds on 10 and 11.3 - RC exercise, I'll add Sparc when my machine is powered on. Tested run on Solaris 10 and 11.3 - RC exercise. Reports from 11.3, results so far the same either way. Packages built on Solaris 10 as LCD unless there is good reason to have a package per rev.
Re: Dovecot submission announces CHUNKING but backend Postfix does not support it
On 09/20/2018 10:24 PM, Stephan Bosch wrote: Op 20/09/2018 om 13:39 schreef Michael Goth: On 09/20/2018 12:56 PM, Robert Schetterer wrote: Am 20.09.2018 um 11:04 schrieb Michael Goth: Hello, I'm setting up Dovecot 2.3.2.1 as a submission proxy to a Postfix backend server. Dovecot announces CHUNKING, but the Postfix backend does not support (or announce) it. HELO from Postfix: 220 backend.mydomain.com ESMTP Postfix (Ubuntu) ehlo test 250-backend.mydomain.com 250-PIPELINING 250-SIZE 104857600 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN HELO from Dovecot proxy: 220 proxy.mydomain.com Dovecot ready. ehlo test 250-proxy.mydomain.com 250-8BITMIME 250-AUTH PLAIN LOGIN 250-BURL imap 250-CHUNKING 250-ENHANCEDSTATUSCODES 250-SIZE 250-STARTTLS 250 PIPELINING When a client sends BDAT, Postfix closes the connection. Here's a log snippet from Postfix: < MAIL FROM: > 250 2.1.0 Ok < RCPT TO: > 250 2.1.5 Ok < BDAT 114098 LAST > 502 5.5.2 Error: command not recognized < Content-Type: multipart/alternative; boundary=Apple-Mail-55D35F74-2EB7-4B3B-A607-E421DD71C07A > 221 2.7.0 Error: I can break rules, too. Goodbye. Apple Mail seems to ignore the fact that Postfix does not understand BDAT and Postfix does not like that :-) From a quick glance at the code it seems CHUNKING is always added to the capabilities and that's not configurable. Is this a bug or am I doing something wrong? Thanks, Michael that "may" version depend http://www.postfix.org/features.html ... Postfix 3.4 SMTP server support for RFC 3030 CHUNKING (without BINARYMIME). ... As far as I understand, Dovecot always adds certain capabilities. This is the responsible code (I think): https://github.com/dovecot/core/blob/c8d03c3cab68328947a5afb47f48aef5b5a1e4ab/src/submission/submission-client.c#L95 Dovecot adds the capability to the server side (facing the client), but not on the proxy client side (facing Postfix). If Postfix doesn't support CHUNKING, Dovecot will translate between BDAT from client and DATA towards Postfix. That's the way it is supposed to work anyway. I cannot reproduce your problem here with a quick test. Can you enable mail_debug=yes (e.g. for that particular user) and show me the debug log of the proxy activity? The output from `dovecot -n` would also be helpful. Regards, Stephan. I think I found the problem: I am not using the submission_* config directives to configure the relay SMTP server. Instead, I'm using Dovecot's proxy feature for selecting a backend server based on the user's authentication. The submission_* directives are all unset. When using the submission_* directives, Dovecot translates from BDAT to DATA. With my configuration, it seems to just relay all the commands to the backend server. Now that I think about it, I'm not sure what dovecot can do in this case. It doesn't really know the supported capabilities until the user authenticates themself. Regards, Michael
Re: Username aliases
On Fri, Sep 28, 2018 at 08:57:44AM +0300, Aki Tuomi
wrote:
> On 28.09.2018 00:08, Florian Pritz wrote:
> > On Wed, Sep 26, 2018 at 09:34:07AM +0300, Aki Tuomi
> > wrote:
> >> # before current passbd
> >> passdb {
> >> driver = passwd-file
> >> args = username_format=%Lu /etc/dovecot/aliases
> >> }
> >>
> >> # into /etc/dovecot/aliases
> >> alias@user:::user=real_username noauthenticate
>
> Username change should've occured in userdb too, although with
> passwd_file you probably need to return it as userdb_user.
That works. Thanks!
In case anyone else is interested, put this in the alias file if you
want to use it for both:
> t...@xinu.at:::user=flo userdb_user=flo noauthenticate
Florian
signature.asc
Description: PGP signature
Re: having problems with Argon
On 28.09.2018 04:24, Adam Gold wrote:
> Hello everyone. I'm close to completing my first build of a mail
> server - Postfix, Dovecot, Postgres (I know, sounds like overkill),
> Rspamd with Redis and Unbound (please infer a mega lack of experience
> disclaimer). The model is standalone internet with remoted
> sasl-authenticated clients.
>
> Throughout the process I've been having consistent problems with user
> password authentication. Both when I began when I was only using flat
> files and now with pgsql, more often than not my username (full email
> address) and password combo have been rejected. The postfix logs
> started with fairly innocent 'failed login' messages and eventually
> reached the "you don't own this email address, you're a spammer"
> level. Dovecot has been consistent with "auth: Debug: client passdb
> out: FAIL" messages.
>
> Before I looked at this issue specifically, my guess was it came from
> a Postfix restriction but having spent quite a while going through it
> today, I don't think that's where it lies.
>
> Finally I went back to basics and changed an account password to
> {PLAIN}12345 and what do you know - effortless success! Previously
> I'd been using mainly argon, ssha512 sha512-crypt and a few others.
> My passwords are strong (well in excess of 20 characters, 'randomly'
> generated). I spent this afternoon narrowing down the hashes and
> while I haven't finished, the only one I couldn't get to work with
> 12345 was argon.
>
> I also noticed that the wiki says the 2I and 2ID versions of Argon are
> available, doveadm pw always returned a "does not exist" error when I
> tried to use 2ID.
>
> I'm using Dovecot version 2.3.2.1 (0719df592)
>
Hi!
ARGON2ID is present only if dovecot is compiled with ARGON2ID capable
libsodium.
Also, we recently found out that you need to increase auth process vsz
limit if you are using ARGON2 algorithm, otherwise it will sigfault or
return failure due to memory constraints.
service auth {
vsz_limit = 2G # or higher, or 0 for no limit.
}
Aki
