Warning: Failed to do incremental sync

2019-07-03 Thread Laura Smith via dovecot 


Setup dovecot sync along the lines of (https://wiki2.dovecot.org/Replication).  
I am doing one way replication.

The initial full replication happened without issue, but now I'm seeing these 
errors on the slave server:

doveadm: Warning: /data/mail/foo/bar/Maildir/dovecot-uidlist: Duplicate file 
entry at line 26397: 1562173159.M215923P17350.mxp,S=2290,W=2339 (uid 143128 -> 
143142)

Warning: Failed to do incremental sync for mailbox Sent Messages, retry with a 
full sync (Modseq 1766 no longer in transaction log (highest=17617, 
last_common_uid=17559, nextuid=17560))

Warning: Failed to do incremental sync for mailbox INBOX, retry with a full 
sync (Modseq 2540 no longer in transaction log (highest=13870, 
last_common_uid=19912, nextuid=19913))



I guess dovecot automatically tries a full replication because eventually the 
messages get pushed and "sync failed" status changes from 'y' to '-'

Re: mail_replica equivalent to replicator_host/replicator_port

2019-07-03 Thread Sami Ketola via dovecot 



> On 3 Jul 2019, at 18.25, Laura Smith via dovecot  wrote:
> 
> Silly question but regarding https://wiki.dovecot.org/Replication, is the 
> mail_replica parameter shown in the docs equivalent to replicator_host and 
> replicator_port in 2.3.3 ?
> 
> 2.3.3 doesn't seem to like the mail_replica param (and indeed doveconf -a 
> doesn't show it as an option)

mail_replica is setting for replication plugin and it still exists as of master 
head. Do you have that plugin loaded?

Sami

mail_replica equivalent to replicator_host/replicator_port

2019-07-03 Thread Laura Smith via dovecot 
Silly question but regarding https://wiki.dovecot.org/Replication, is the 
mail_replica parameter shown in the docs equivalent to replicator_host and 
replicator_port in 2.3.3 ?

2.3.3 doesn't seem to like the mail_replica param (and indeed doveconf -a 
doesn't show it as an option)

Thanks !

Re: Percent character in mail_crypt_private_password not possible

2019-07-03 Thread Aki Tuomi via dovecot 


> 
>  
> ‐‐‐ Original Message ‐‐‐
> On Tuesday, July 2, 2019 6:21 PM, Aki Tuomi  
> wrote:
> 
> > Hi, you need to escape % with %%. We are aware of a bug affecting when % 
> > comes in from some field via userdb, and we are looking into how to fix 
> > this.
> 
> Aki, I was wondering, does this bug also affect the changing of a cryptokey 
> password using this command:
> 
> $ doveadm mailbox cryptokey password -u em...@domain.tld -n NEW%PASSWORD -o 
> OLD%PASSWORD
> 
> Do I need here also to double the '%' char in the -n (new password) and -o 
> (old password) parameters ?

Not needed here, no.

Aki

Re: Percent character in mail_crypt_private_password not possible

2019-07-03 Thread mabi via dovecot 
‐‐‐ Original Message ‐‐‐
On Tuesday, July 2, 2019 6:21 PM, Aki Tuomi  wrote:

> Hi, you need to escape % with %%. We are aware of a bug affecting when % 
> comes in from some field via userdb, and we are looking into how to fix this.

Aki, I was wondering, does this bug also affect the changing of a cryptokey 
password using this command:

$ doveadm mailbox cryptokey password -u em...@domain.tld -n NEW%PASSWORD -o 
OLD%PASSWORD

Do I need here also to double the '%' char in the -n (new password) and -o (old 
password) parameters ?

Re: Segfault of doveconf

2019-07-03 Thread Claudio Prono via dovecot 
Another interesting thing, noticed now: before the segfault error I have always 
this log:

Jul  3 11:50:26 mail dovecot: config: Error: managesieve-login: dump-capability 
process killed with signal 11
Jul  3 11:50:26 mail kernel: [1514971.045499] doveconf[23971]: segfault at 
55d0fd61c000 ip 7f3f7cc242d0 sp 7ffcb29341b8 error 6 in 
libc-2.23.so[7f3f7cb95000+1c]

But I have no idea of what configuration is faulty on managesieve-login. This 
is the actual configuration:

doveconf -n | grep sieve
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
  sieve = /var/vmail/%d/%u/.dovecot.sieve
  sieve_dir = /var/vmail/%d/%u/sieve
  sieve_global_dir = /var/lib/dovecot/sieve/
  sieve_storage = /var/vmail/%d/%u/sieve
protocols = " imap sieve pop3"
  mail_plugins = " sieve"

Any help?



From: dovecot  on behalf of Claudio Prono via 
dovecot 
Reply-To: Claudio Prono 
Date: Wednesday, 3 July 2019 at 11:34
To: "dovecot@dovecot.org" 
Subject: Segfault of doveconf

Hi,

I have some problems of segfault at doveconf:


Jul  2 08:13:16 mail kernel: [1415540.297823] doveconf[7103]: segfault at 
560cb801e000 ip 7f861da742d0 sp 7ffe2d671548 error 6 in 
libc-2.23.so[7f861d9e5000+1c]

Jul  2 15:45:38 mail kernel: [1442682.919193] doveconf[11915]: segfault at 
563b3242 ip 7fcb127ae2d0 sp 7ffecfc7b598 error 6 in 
libc-2.23.so[7fcb1271f000+1c]

Jul  2 20:27:37 mail kernel: [1459601.781407] doveconf[14680]: segfault at 
55618f01b000 ip 7f44137202d0 sp 7ffcbb8d8628 error 6 in 
libc-2.23.so[7f4413691000+1c]

Jul  2 21:35:36 mail kernel: [1463680.435538] doveconf[15090]: segfault at 
55ea7521d000 ip 7f0bfe79f2d0 sp 7ffd272793b8 error 6 in 
libc-2.23.so[7f0bfe71+1c]

Jul  3 00:44:28 mail kernel: [1475013.132492] doveconf[16253]: segfault at 
561feea2 ip 7f34be2be2d0 sp 7ffe731ef4b8 error 6 in 
libc-2.23.so[7f34be22f000+1c]

System configuration follows:


lsb_release -d

Description:  Ubuntu 16.04.6 LTS


doveconf -n

# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf

# Pigeonhole version 0.4.13 (7b14904)

# OS: Linux 4.4.0-45-generic x86_64 Ubuntu 16.04.6 LTS

disable_plaintext_auth = no

first_valid_gid = 8

first_valid_uid = 150

last_valid_gid = 8

last_valid_uid = 150

mail_location = mbox:~/mail:INBOX=/var/mail/%u

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext

namespace inbox {

  inbox = yes

  location =

  mailbox Drafts {

special_use = \Drafts

  }

  mailbox Junk {

special_use = \Junk

  }

  mailbox Sent {

special_use = \Sent

  }

  mailbox "Sent Messages" {

special_use = \Sent

  }

  mailbox Trash {

special_use = \Trash

  }

  prefix = INBOX.

}

passdb {

  args = /etc/dovecot/dovecot-sql.conf.ext

  driver = sql

}

plugin {

  quota_warning = storage=95%% quota-warning 95 %u

  quota_warning2 = storage=80%% quota-warning 80 %u

  sieve = /var/vmail/%d/%u/.dovecot.sieve

  sieve_dir = /var/vmail/%d/%u/sieve

  sieve_global_dir = /var/lib/dovecot/sieve/

  sieve_storage = /var/vmail/%d/%u/sieve

}

protocols = " imap sieve pop3"

service auth {

  unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0660

user = postfix

  }

  unix_listener auth-userdb {

group = mail

mode = 0600

user = vmail

  }

}

service quota-warning {

  executable = script /usr/bin/quota-warning.sh

  unix_listener quota-warning {

user = vmail

  }

  user = dovecot

}

ssl_ca = http://ubuntu.seeweb.it/ubuntu xenial InRelease

Hit:2 http://ubuntu.seeweb.it/ubuntu xenial-updates InRelease

Hit:3 http://ubuntu.seeweb.it/ubuntu xenial-backports InRelease

Get:4 http://ubuntu.seeweb.it/ubuntu-security xenial-security InRelease [109 kB]

Fetched 109 kB in 1s (99.1 kB/s)

Reading package lists... Done



apt-get upgrade

Reading package lists... Done

Building dependency tree

Reading state information... Done

Calculating upgrade... Done

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.



apt-get dist-upgrade

Reading package lists... Done

Building dependency tree

Reading state information... Done

Calculating upgrade... Done

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.



Any hint about it ? Sometimes, from my webmail I receive an error communicating 
with server, but no other errors.



Cordially,

Claudio Prono.






--

Claudio Prono   OPST
System Developer

mail_crypt: multiple keypairs

2019-07-03 Thread mabi via dovecot 
Hello,

I am testing mail_crypt plugin with per account encryption and wanted to 
generate a new keypair for an account but noticed that I now end up with 2 
keypairs where one is active and the other inactive as you can see below:

$ doveadm mailbox cryptokey list -u em...@domain.tld -U

Folder Active Public ID
   yes7b140b4f3d6d68eed2c59259ac5e6f6a280dc82990292dc415b4100d6c797f67
   no 1c1dd1c955757da7c19f1eeb6d6c4d0d66e6355baa2d844bc2623052e1aa2f91

Does this mean now that all existing emails get encrypted with both keypairs? 
or does this mean only the active keypair is used to encrypt new emails?

Is it possible to delete the inactive keypair? if yes how?

Regards,
Mabi

Segfault of doveconf

2019-07-03 Thread Claudio Prono via dovecot 
Hi,

I have some problems of segfault at doveconf:


Jul  2 08:13:16 mail kernel: [1415540.297823] doveconf[7103]: segfault at 
560cb801e000 ip 7f861da742d0 sp 7ffe2d671548 error 6 in 
libc-2.23.so[7f861d9e5000+1c]

Jul  2 15:45:38 mail kernel: [1442682.919193] doveconf[11915]: segfault at 
563b3242 ip 7fcb127ae2d0 sp 7ffecfc7b598 error 6 in 
libc-2.23.so[7fcb1271f000+1c]

Jul  2 20:27:37 mail kernel: [1459601.781407] doveconf[14680]: segfault at 
55618f01b000 ip 7f44137202d0 sp 7ffcbb8d8628 error 6 in 
libc-2.23.so[7f4413691000+1c]

Jul  2 21:35:36 mail kernel: [1463680.435538] doveconf[15090]: segfault at 
55ea7521d000 ip 7f0bfe79f2d0 sp 7ffd272793b8 error 6 in 
libc-2.23.so[7f0bfe71+1c]

Jul  3 00:44:28 mail kernel: [1475013.132492] doveconf[16253]: segfault at 
561feea2 ip 7f34be2be2d0 sp 7ffe731ef4b8 error 6 in 
libc-2.23.so[7f34be22f000+1c]

System configuration follows:


lsb_release -d

Description:  Ubuntu 16.04.6 LTS


doveconf -n

# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf

# Pigeonhole version 0.4.13 (7b14904)

# OS: Linux 4.4.0-45-generic x86_64 Ubuntu 16.04.6 LTS

disable_plaintext_auth = no

first_valid_gid = 8

first_valid_uid = 150

last_valid_gid = 8

last_valid_uid = 150

mail_location = mbox:~/mail:INBOX=/var/mail/%u

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext

namespace inbox {

  inbox = yes

  location =

  mailbox Drafts {

special_use = \Drafts

  }

  mailbox Junk {

special_use = \Junk

  }

  mailbox Sent {

special_use = \Sent

  }

  mailbox "Sent Messages" {

special_use = \Sent

  }

  mailbox Trash {

special_use = \Trash

  }

  prefix = INBOX.

}

passdb {

  args = /etc/dovecot/dovecot-sql.conf.ext

  driver = sql

}

plugin {

  quota_warning = storage=95%% quota-warning 95 %u

  quota_warning2 = storage=80%% quota-warning 80 %u

  sieve = /var/vmail/%d/%u/.dovecot.sieve

  sieve_dir = /var/vmail/%d/%u/sieve

  sieve_global_dir = /var/lib/dovecot/sieve/

  sieve_storage = /var/vmail/%d/%u/sieve

}

protocols = " imap sieve pop3"

service auth {

  unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0660

user = postfix

  }

  unix_listener auth-userdb {

group = mail

mode = 0600

user = vmail

  }

}

service quota-warning {

  executable = script /usr/bin/quota-warning.sh

  unix_listener quota-warning {

user = vmail

  }

  user = dovecot

}

ssl_ca = http://ubuntu.seeweb.it/ubuntu xenial InRelease

Hit:2 http://ubuntu.seeweb.it/ubuntu xenial-updates InRelease

Hit:3 http://ubuntu.seeweb.it/ubuntu xenial-backports InRelease

Get:4 http://ubuntu.seeweb.it/ubuntu-security xenial-security InRelease [109 kB]

Fetched 109 kB in 1s (99.1 kB/s)

Reading package lists... Done



apt-get upgrade

Reading package lists... Done

Building dependency tree

Reading state information... Done

Calculating upgrade... Done

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.



apt-get dist-upgrade

Reading package lists... Done

Building dependency tree

Reading state information... Done

Calculating upgrade... Done

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.



Any hint about it ? Sometimes, from my webmail I receive an error communicating 
with server, but no other errors.



Cordially,

Claudio Prono.






--

Claudio Prono   OPST
System Developer
   @Mediaservice.net Srl
   Tel: +39-011-07.49.338
Via Santorelli, 15 Fax: +39-011-32.46.497
10095 Grugliasco (TO)  http://mediaservice.net/disclaimer
ITALY

PGP Key - http://keys.mediaservice.net/c_prono.asc

Re: Dovecot LMTP mixing up users on multi-recipient mail

2019-07-03 Thread Timo Sirainen via dovecot 
On 27 Jun 2019, at 14.21, Bernhard Schmidt via dovecot  
wrote:
> 
> Hi,
> 
> I've upgraded a mailstore from Debian Jessie (aka oldstable) with
> Dovecot 2.2.13 to Debian Buster (next stable) with Dovecot 2.3.4.1
> today. It worked pretty well, except that we're seeing error messages
> very similar to this old thread
> 
> https://dovecot.org/pipermail/dovecot/2015-July/101396.html
> 
> It appears to be happening when a mail with multiple recipients on this
> message store is getting delivered through lmtp.
> 
> Jun 27 11:47:36 lxmhs74 dovecot: 
> lmtp(user1)<47683>: Error: 
> open(/var/cache/dovecot/index/n/user2n/.INBOX/dovecot.index.cache) failed: 
> Permission denied (euid=3814520() egid=12(man) missing +x perm: 
> /var/cache/dovecot/index/n/user2, dir owned by 3391995:12 mode=0700)
> 
> user1 uid is 3814520, user2n uid is 3391995. Dovecot appears to be trying
> to deliver the message to user1 while using the index directory of user2n.

When delivering multiple mails with LMTP it first writes the mail to the first 
recipient. It then leaves this mail open and uses it to copy the mail to the 
next recipient. This allows the possibility of e.g. using hard links if the 
filesystem permissions are the same with both recipients, although that won't 
happen in your case. Anyway, apparently this copying attempts to update the 
first recipient's dovecot.index.cache for some reason. I'm not sure why exactly 
this is different in v2.2 and v2.3.

I wasn't able to reproduce this easily though, except with some special plugin 
it happened. This change helped with it:

diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
index e43f156d3..93848ef27 100644
--- a/src/lmtp/lmtp-local.c
+++ b/src/lmtp/lmtp-local.c
@@ -669,6 +669,9 @@ lmtp_local_deliver_to_rcpts(struct lmtp_local *local,
   will be unreferenced later on */
local->rcpt_user = NULL;
src_mail = local->first_saved_mail;
+   struct mail_private *pmail =
+   (struct mail_private *)src_mail;
+   pmail->v.set_uid_cache_updates(src_mail, TRUE);
first_uid = geteuid();
i_assert(first_uid != 0);
}

Re: Dovecot 2.3.0 TLS

2019-07-03 Thread Peter Kahl via dovecot 
Hi Aki,

I failed to disclose that the described problem occurs on iOS 13.0 beta.

After trying again and again, it appears that a bug in iOS 13.0 beta is
the likely culprit. I am reading on Reddit that there is some bug in iOS
with certificate trust...

https://www.reddit.com/r/signal/comments/c2q6c6/anyone_using_signal_in_ios_13_beta_iphone/

Kind regards,
Peter Kahl


0x526F0AC69C48DEE4.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: Sieve question

2019-07-03 Thread Stephan Bosch via dovecot 




On 03/07/2019 04:44, @lbutlr via dovecot wrote:

I have the following in my active sieve file, and there are no errors logged.


if header :contains "to" "+root" {
setflag "\\Seen";
fileinto :create "root";
stop;
}

The message is put in .root, bit is not marked as seen.

Is the default action to put mail in a folder matching the extension taking 
precedence?


That should work. What version is this (output from `dovecot -`n`)? 
There have been some bugs with flags in the recent history.


Regards,

Stephan.

Replicate shared folders to warm standby host

2019-07-03 Thread Axel Gluth via dovecot 
We like to set up our mail system in two datacenters but the 
wiki says "Shared folder replication 
doesn't work correctly..."

I'm thinking about using an external loadbalancer to ensure that only one host 
will get connections.

Normal operations:
client  ==imap=>  loadbalancer  ==imap=>  host1  ==replication=>  host2

Host1 or Datacenter1 is down:
client  ==imap=>  loadbalancer  ==imap=>  host2

I see possible problems if host1 comes back and clients connect to host1 before 
the replication has caught up. But in our case that will be acceptable.

Do you consider my idea as safe for production use?
Has anybody real world experience with such a setup?
Is there a better way to replicate shared folders?


Thank you in advance for spending your time on thinking about my problem.

Axel