Re: Sieve matching "size" with user variable?
* Ed W. via dovecot: > My goal is that users can set a user configurable setting (in an > external front end) and if the email size is greater than this size > then we will do some processing on it. This particular filter is > actually in a global sieve filter. A global script using per-user parameters? Not what I would choose. I like to generate sieve scripts for individual users (taking their wishes into account of course), because it gives me the ability to perform some sanity checks. -Ralph
Dovecot quota and Postfix smtpd_recipient_restrictions?
Hi Friends,
a doubt:
I would like to enable (the same) quota (count) for all (virtual)users,
on Debian Stretch, Postfix 3.1.8, Dovecot 2.2.27,
and is not clear for me if I need to tell Postfix to communicate with
the service in /etc/postfix/main.cf as here:
smtpd_recipient_restrictions =
...
check_policy_service inet:mailstore.example.com:12340
My current Postfix "smtpd_recipient_restrictions":
-o
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
Currently I've edited:
conf.d/10-mail.conf:
# Space separated list of plugins to load for all services. Plugins
specific to
# IMAP, LDA, etc. are added to this list in their own .conf files.
mail_plugins = $mail_plugins quota
conf.d/20-imap.conf:
protocol imap {
# Space separated list of plugins to load (default is global
mail_plugins).
mail_plugins = $mail_plugins imap_quota
}
conf.d/90-quota.conf: (for use with the quota-status service)
plugin {
quota_grace = 10%%
# 10% is the default
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
/etc/dovecot/conf.d/90-quota.conf:
plugin {
quota = maildir
quota_rule = *:storage=3G
quota_rule2 = Trash:storage=+100M
# LDA/LMTP allows saving the last mail to bring user from under quota
to
# over quota, if the quota doesn't grow too high. Default is to allow
as
# long as quota will stay under 10% above the limit. Also allowed e.g.
10M.
#quota_grace = 10%%
# 10% is the default
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
plugin {
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
}
plugin {
#quota = dirsize:User quota
#quota = maildir:User quota
#quota = dict:User quota::proxy::quota
#quota = fs:User quota
quota = count:User quota
# This is required - it uses "virtual sizes" rather than "physical
sizes" for quota counting:
quota_vsizes = yes
}
plugin {
#quota = dict:user::proxy::quota
#quota2 = dict:domain:%d:proxy::quota_domain
#quota_rule = *:storage=102400
#quota2_rule = *:storage=1048576
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
user = dovecot
unix_listener quota-warning {
user = vmail
}
}
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}
Many many thanks!!
Davide
Re: 4sec latency when using director
ok, i've found out that the directors are in the doveadm penalty list.
i believe adding the following solves the issue (still testing but looking
promising.
login_trusted_networks = 10.0.10.0/24
On Tue, Mar 19, 2019 at 2:19 PM Erik de Waard wrote:
> Hi,
>
> I've been running dovecot for many years, but now i've hit a strange
> problem.
> when retrieving imap there is sometimes in 1 of 4 imap requests a 4sec
> latency.
>
> * notes:
> - connected directly to the backends this latency disappears
> - removing a director from the loadbalancer(lvs) so i'm the only connected
> to the director
> this latency disappears too
>
> I would appreciate some feedback of where to look because i tried various
> options. (client_limit,process_limit) perhaps its just as simple as to add
> more directors
> but any feedback would be welcome.
>
> Thank you.
>
> This is the setup:
>
> -- Internet -> LVS -> 3 Directors -> 9 Backends.
>
> doveadm director status
> mail server ip tag vhosts state state changed users
>
> 10.0.10.110100up- 3309
>
> 10.0.10.111100up- 3412
>
> 10.0.10.112100up- 3458
>
> 10.0.10.113100up- 3437
>
> 10.0.10.115100up- 3368
>
> 10.0.10.116100up- 3320
>
> 10.0.10.117100up- 3305
>
> 10.0.10.118100up- 3291
>
> 10.0.10.223100up- 3280
>
> #Director doveconf -n
> # Pigeonhole version 0.4.22 (22940fb7)
> # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
> # Hostname: server312.company.com
> auth_cache_negative_ttl = 0
> auth_cache_size = 10 M
> auth_cache_ttl = 1 days
> auth_username_chars =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
> default_client_limit = 3000
> director_mail_servers = 10.0.10.223 10.0.10.110 10.0.10.111 10.0.10.112
> 10.0.10.113 10.0.10.115 10.0.10.116 10.0.10.117 10.0.10.118
> director_servers = 10.0.10.114 10.0.10.181 10.0.10.182
> director_user_expire = 1 days
> disable_plaintext_auth = no
> info_log_path = /dev/null
> lmtp_proxy = yes
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
> encryption=%k secured=%c
> mail_max_userip_connections = 100
> passdb {
> args = proxy=y nopassword=y
> driver = static
> }
> protocols = imap lmtp
> service director {
> fifo_listener login/proxy-notify {
> mode = 0600
> user = $default_login_user
> }
> inet_listener {
> port = 9090
> }
> unix_listener director-userdb {
> mode = 0600
> }
> unix_listener login/director {
> mode = 0666
> }
> }
> service imap-login {
> client_limit = 6000
> executable = imap-login director
> process_limit = 4
> process_min_avail = 4
> service_count = 0
> vsz_limit = 600 M
> }
> service ipc {
> unix_listener ipc {
> user = dovecot
> }
> }
> service lmtp {
> inet_listener lmtp {
> port = 24
> }
> }
> ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!RC4:!SEED@STRENGTH
> ssl_key = # hidden, use -P to show it
> ssl_prefer_server_ciphers = yes
> protocol lmtp {
> auth_socket_path = director-userdb
> }
>
>
> #backend doveconf -n
> # 2.2.34 (874deae): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.22 (22940fb7)
> # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
> # Hostname: server250.company.com
> auth_cache_negative_ttl = 0
> auth_cache_size = 10 M
> auth_cache_ttl = 1 days
> auth_username_chars =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
> default_client_limit = 1500
> default_vsz_limit = 600 M
> disable_plaintext_auth = no
> info_log_path = /dev/null
> listen = *
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> mail_max_userip_connections = 100
> mail_privileged_group = mail
> mmap_disable = yes
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix = INBOX.
> separator = .
> type = private
> }
> passdb {
> args = /etc/dovecot/dovecot-sql.conf
> driver = sql
> }
> plugin {
> sieve_execute_bin_dir = /etc/dovecot/sieve-executables
> sieve_global_extensions = +vnd.dovecot.execute
> sieve_plugins = sieve_extprograms
> }
> protocols = imap lmtp
> service anvil {
> unix_listener anvil-auth-penalty {
> mode = 0600
> }
> }
> service auth {
> user = root
> }
> service imap-login {
> client_limit = 6000
> process_limit = 4
> process_min_avail = 4
> service_count = 0
> vsz_limit = 600 M
> }
> service imap {
> client_limit = 1
> process_limit = 1024
> service_count = 50
> }
> service lmtp {
> inet_listener lmtp {
> port = 24
> }
> }
> ssl = no
> ssl_cert = ssl_key = # hidden, use -P to show it
> userdb {
> driver =
Checkpassword.
Hello, I've run into the issue detailed at https://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security Understandably I don't have the skills to modify checkpassword so if I do the suggested will it work? If you can't change the script, you can make Dovecot's checkpassword-reply binary setuid or setgid (e.g. chgrp dovecot /usr/libexec/dovecot/checkpassword-reply; chmod g+s /usr/libexec/dovecot/checkpassword-reply) -- Best regards, Niamh mailto:ni...@fullbore.co.uk
4sec latency when using director
Hi,
I've been running dovecot for many years, but now i've hit a strange
problem.
when retrieving imap there is sometimes in 1 of 4 imap requests a 4sec
latency.
* notes:
- connected directly to the backends this latency disappears
- removing a director from the loadbalancer(lvs) so i'm the only connected
to the director
this latency disappears too
I would appreciate some feedback of where to look because i tried various
options. (client_limit,process_limit) perhaps its just as simple as to add
more directors
but any feedback would be welcome.
Thank you.
This is the setup:
-- Internet -> LVS -> 3 Directors -> 9 Backends.
doveadm director status
mail server ip tag vhosts state state changed users
10.0.10.110100up- 3309
10.0.10.111100up- 3412
10.0.10.112100up- 3458
10.0.10.113100up- 3437
10.0.10.115100up- 3368
10.0.10.116100up- 3320
10.0.10.117100up- 3305
10.0.10.118100up- 3291
10.0.10.223100up- 3280
#Director doveconf -n
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
# Hostname: server312.company.com
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_cache_ttl = 1 days
auth_username_chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
default_client_limit = 3000
director_mail_servers = 10.0.10.223 10.0.10.110 10.0.10.111 10.0.10.112
10.0.10.113 10.0.10.115 10.0.10.116 10.0.10.117 10.0.10.118
director_servers = 10.0.10.114 10.0.10.181 10.0.10.182
director_user_expire = 1 days
disable_plaintext_auth = no
info_log_path = /dev/null
lmtp_proxy = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
encryption=%k secured=%c
mail_max_userip_connections = 100
passdb {
args = proxy=y nopassword=y
driver = static
}
protocols = imap lmtp
service director {
fifo_listener login/proxy-notify {
mode = 0600
user = $default_login_user
}
inet_listener {
port = 9090
}
unix_listener director-userdb {
mode = 0600
}
unix_listener login/director {
mode = 0666
}
}
service imap-login {
client_limit = 6000
executable = imap-login director
process_limit = 4
process_min_avail = 4
service_count = 0
vsz_limit = 600 M
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service lmtp {
inet_listener lmtp {
port = 24
}
}
ssl_cert =
Re: Way to remove FTS indexes
On 19.3.2019 12.44, Peter Mogensen via dovecot wrote: > Hi, > > I was wondering if there was anyway to remove FTS indexes in other to > have them rebuild on the next BODY search? > > All the doveadm commands I can find seem to result in fully build > indexes. (which is nice if that's what you want). > > /Peter `doveadm fts rescan -u victim` usually does the trick Aki
Way to remove FTS indexes
Hi, I was wondering if there was anyway to remove FTS indexes in other to have them rebuild on the next BODY search? All the doveadm commands I can find seem to result in fully build indexes. (which is nice if that's what you want). /Peter
Sieve matching "size" with user variable?
Hi, I am trying to create a sieve filter which does something similar to
the following:
if size :over ${extdata.max_size} {
# do something
}
This doesn't seem supported in recent dovecot and size only appears to
accept a literal number?
I'm not sure I could extra size into a variable either (to use variable
matching). My understanding of sieve filters is that one needs to use
something like a match, then use something like SET to put the match
into a variable? This syntax doesn't seem to be compatible with the
size test here either, so I don't see that I can do this?
My goal is that users can set a user configurable setting (in an
external front end) and if the email size is greater than this size then
we will do some processing on it. This particular filter is actually in
a global sieve filter.
I guess I could use an external executable program, but is there another
way to do this?
Thanks for ideas
Ed W
Re: Upgrade from 2.1.17 2.2.36
> On 19 Mar 2019, at 10.26, lty via dovecot wrote: > > Thank you for your reply > > > But I tested it in dovecot v2.1.17, imap can receive mail normally. > I want to ask if the returned data can be removed after the [ LIST "" * ] > command? > Or can you remove some parameters? > > I also observed that v2.1.17 and v2.2.36 are different. > After the [ LIST "" * ] command, > The v2.1.17 directory has quotes. > The v2.2.36 directory has no quotes. > > [* LIST (\HasNoChildren) "/" "INBOX" ] where ["INBOX" ] Can I add quotes or > remove quotes from the configuration file? > > That is a negative for both. And also both are RFC compliant. Software application that can't parse those is broken. Sami
Re: Upgrade from 2.1.17 2.2.36
Thank you for your reply But I tested it in dovecot v2.1.17, imap can receive mail normally. I want to ask if the returned data can be removed after the [ LIST "" * ] command? Or can you remove some parameters? I also observed that v2.1.17 and v2.2.36 are different. After the [ LIST "" * ] command, The v2.1.17 directory has quotes. The v2.2.36 directory has no quotes. [* LIST (HasNoChildren) "/" "INBOX" ] where ["INBOX" ] Can I add quotes or remove quotes from the configuration file? > On 19 Mar 2019, at 3.31, lty via dovecot wrote: > > I use the MAC Foxmail client, v2.2.36 can't receive mail, but v2.1.17 can > receive mail. > I grabbed the network package and found that Foxmail was not processing the > next step after sending the D LIST "" * command. > I suspect that because of the time of return, Foxmail is not recognized, so I > want to remove this time. Replicated the issue. This seems to be a bug in Foxmail. I tested version 1.2.0.93608. Please contact the authors of Foxmail to get this bug fixed. Sami
Re: AD ldap, filter to exclude various kinds of expired, disabled etc etc users
Hi, For the archives, the below user_filter works nicely: user_filter = (&(objectclass=person)(sAMAccountName=%n)(userAccountControl=512)) But another option, taken from the samba mailinglist is: user_filter = (&(objectclass=person)(sAMAccountName=%n)(userAccountControl=512))(!(userAccountControl:1.2.840.113556.1.4.803:=2) This one excludes various kinds of disabled accounts, including 514. The second one might actually be better. MJ On 8-3-2019 13:39, mj via dovecot wrote: Hi, I was revising our AD ldap user_filter and pass_filter to exclude more types of expired / disabled accounts. I started adding things like: (&(objectclass=person)(sAMAccountName=%n)(!useraccountcontrol=514)(!(useraccountcontrol=546))(!(useraccountcontrol=66050))(!(useraccountcontrol=8388608))) but then I thought, why not simply do: (&(objectclass=person)(sAMAccountName=%n)(userAccountControl=512)) as 512 would your regular active user accounts only, excluding all other account types. Looking here (https://support.microsoft.com/en-gb/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) there are some many different userAccountControl to check, that it might be smarter to only allow userAccountControl=512, or? Any ideas on this..? (or examples of how you do it?) MJ
Re: Upgrade from 2.1.17 2.2.36
> On 19 Mar 2019, at 3.31, lty via dovecot wrote: > > I use the MAC Foxmail client, v2.2.36 can't receive mail, but v2.1.17 can > receive mail. > I grabbed the network package and found that Foxmail was not processing the > next step after sending the D LIST "" * command. > I suspect that because of the time of return, Foxmail is not recognized, so I > want to remove this time. > > Replicated the issue. This seems to be a bug in Foxmail. I tested version 1.2.0.93608. Please contact the authors of Foxmail to get this bug fixed. Sami
Re: Dovecot logrotation - old journal files are still in use
Hi
Aki was right, full path to doveadm binary solve the issue. Now logs are
renewed.
Thank you very much
Thanks to all for your time
Denis
14.03.2019, 09:44, "Denis V Razumovskiy" :
> Hi all
>
> Cannot understand, does it a bug or just a misconfiguration. In my Dovecot
> there are 3 files of logging (debug, info and .log)
> While executing logrotation, the new files are created, but old ones, namely
> dovecot.*.1 are still in use by the process
>
> I use next logrotate config for dovecot:
> /var/log/dovecot.log /var/log/dovecot.info /var/log/dovecot.debug {
> daily
> rotate 14
> missingok
> notifempty
> compress
> delaycompress
> sharedscripts
> postrotate
> doveadm log reopen
> chmod 666 /var/log/dovecot.log
> chmod 666 /var/log/dovecot.info
> chmod 666 /var/log/dovecot.debug
> endscript
> }
>
> Here is the logger process in memory:
> root 19140 0.0 0.0 4140 1576 ? S Mar12 0:06 dovecot/log
>
> Here the files it uses after the daily logrotation:
> # lsof -p19140 |grep log
> ...
> log 19140 root 33w REG 9,3 811 417675
> /var/log/dovecot.log.1
> log 19140 root 34w REG 9,3 2842123 417681
> /var/log/dovecot.info.1
> log 19140 root 35w REG 9,3 14853918 417683
> /var/log/dovecot.debug.1
> ...
>
> On manually issuing 'doveadm log reopen` used files are changed to
> # lsof -p19140 |grep dovecot\\\.
> ...
> log 19140 root 33w REG 9,3 0 417651 /var/log/dovecot.log
> log 19140 root 34w REG 9,3 121374 417690
> /var/log/dovecot.info
> log 19140 root 35w REG 9,3 916153 417691
> /var/log/dovecot.debug
>
> as it is expected to be
> What can be the root of the issue?
>
> I use Dovecot as LDA for Postfix with system users, mbox mail format. System
> Slackware 12.0 x86, Postfix 2.4.5, Dovecot 2.2.36. Interconnect
> Postfix-Dovecot was made via mailbox_command
> Dovecot compiled from sources
>
> Logging configuration (file conf.d/10-logging.conf) contains the following:
>
> log_path = /var/log/dovecot.log
> info_log_path = /var/log/dovecot.info
> debug_log_path = /var/log/dovecot.debug
>
> auth_verbose = yes
> auth_verbose_passwords = yes
> auth_debug = yes
> mail_debug = yes
> verbose_ssl = yes
>
> plugin {
> }
>
> Could the fact, that Postfix require Dovecot logs to be accessible someway,
> result in such a weird behavior? To allow other processes to access Dovecot
> logs I had to chmod 0666 all the current logs while integrating Dovecot into
> Postfix delivery (please see `chmod' commands in the logrotate config above)
>
> Thank you
> Denis Razoumovskiy
С уважением,
Денис Разумовский
