doveadm backup -f -n inbox doing writes?

2020-12-21 Thread Marc Roos 


If I start a 'doveadm backup -f -n inbox' on the source server, why do 
also disk writes increase on the source server (indexes mostly?)

Re: Using dovecot with RoundCubeMail - where is the information for new mail in (blue coloured) directories?

2020-12-21 Thread Scott Ruckh 

On 2020-12-20 17:37, Philip Rhoades wrote:

@lbutlr,


On 2020-12-21 00:43, @lbutlr wrote:

On 20 Dec 2020, at 04:05, Philip Rhoades  wrote:
I guess that is what it seems to look like to me as well - but what 
does that mean for what I am trying to do? - ie reset the blue folder 
highlight arbitrarily?


Sound like the Roundcube style choices are outside th purview of 
dovecot.



Hmm . . the first response I got here was that it was definitely an
IMAP thing . . I think he was unclear about the actual problem . .

I will try the RCM forum . .

Thanks,

P.


I am not sure I have understood this thread completely, but I am running 
dovecot/RoundCube.  If a folder has new messages, then it has a badge 
that is dark blue (with the theme I am using) with the number of un-read 
messages.  Otherwise it has a badge that is light-blue to indicate 
un-read messages only.  Folders with no badges have zero un-read 
messages.  So there is definitely a distinction for "new" messages.

Re: Repeated Inbox Corruption, how to Troubleshoot?

2020-12-21 Thread Bryan K. Walton 
> Can you turn on mail_debug=yes, and provide output of `doveconf -n` and logs 
> from mail delivery and when you open the mailbox.

Thanks, Aki.  I have enabled mail_debug=yes.  I will report back if it
happens again.

Thanks!
Bryan

-- 
Bryan K. Walton   319-337-3877 
Linux Systems Administrator Leepfrog Technologies, Inc

Re: Repeated Inbox Corruption, how to Troubleshoot?

2020-12-21 Thread Aki Tuomi 


> On 21/12/2020 16:48 Bryan K. Walton  wrote:
> 
>  
> We are running Dovecot Version 2.3.8 (9df20d2db) (from the CentOS 8
> repos).  Twice in the last week, I've encountered an issue where my Mutt
> imap client logs into our imap server and has 0 new messages (when I
> know that there are a lot of new messages waiting on me).  
> 
> Both times, I've had to shut down my mail client, and then run:
> doveadm -Dv force-resync -u  INBOX
> 
> After which, I reopen Mutt and all of my new emails appear in the inbox
> of my mail client.
> 
> Running the force-resync shows no problems.  Furthermore, "doveadm log
> errors" shows no errors on my account and there is nothing in the logs
> showing that anything is corrupted for me.
> 
> Yet, the force-resync is fixing a problem that I can't locate.  Where
> should I be looking (or how should I update my logging) so that I can
> find out the source of the problem that is causing my repeated inbox
> problems?
> 
> Thanks!
> Bryan Walton
> 
> -- 
> Bryan K. Walton   319-337-3877 
> Linux Systems Administrator Leepfrog Technologies, Inc

Can you turn on mail_debug=yes, and provide output of `doveconf -n` and logs 
from mail delivery and when you open the mailbox.

Aki

Repeated Inbox Corruption, how to Troubleshoot?

2020-12-21 Thread Bryan K. Walton 
We are running Dovecot Version 2.3.8 (9df20d2db) (from the CentOS 8
repos).  Twice in the last week, I've encountered an issue where my Mutt
imap client logs into our imap server and has 0 new messages (when I
know that there are a lot of new messages waiting on me).  

Both times, I've had to shut down my mail client, and then run:
doveadm -Dv force-resync -u  INBOX

After which, I reopen Mutt and all of my new emails appear in the inbox
of my mail client.

Running the force-resync shows no problems.  Furthermore, "doveadm log
errors" shows no errors on my account and there is nothing in the logs
showing that anything is corrupted for me.

Yet, the force-resync is fixing a problem that I can't locate.  Where
should I be looking (or how should I update my logging) so that I can
find out the source of the problem that is causing my repeated inbox
problems?

Thanks!
Bryan Walton

-- 
Bryan K. Walton   319-337-3877 
Linux Systems Administrator Leepfrog Technologies, Inc

Re: Fail2ban and login_trusted_networks

2020-12-21 Thread Javi Legido 
Hi there.

Tom, thanks for your reply. Indeed webmail (roundcube) has its own
mechanism for consecutive wrong logins, but I would like to have everything
centralized in one place (fail2ban in the container running dovecot).

Aki, thanks for your reply. Everything is working as expected, webmail
(roundcube) is sending the public IP address (8.8.8.8 in this example) to
dovecot, which is logging it like:

```
Dec 21 13:33:50 mail dovecot: imap-login: Login: user=,
method=PLAIN, rip=8.8.8.8, lip=10.163.18.3, mpid=17151, TLS,
session=
```



On Mon, 21 Dec 2020 at 13:20, Aki Tuomi  wrote:

> Dovecot can log client IP instead of connection IP, when webmail passes
> this information over using IMAP `ID` command, and webmail server has been
> added to login_trusted_networks.
>
> The keywords used for this feature are
>
> x-originating-ip
> x-originating-port
> x-connected-ip
> x-connected-port
> x-proxy-ttl (hop count)
>
> Aki
>
> > On 21/12/2020 14:12 Tom Hendrikx  wrote:
> >
> >
> > Hi,
> >
> > Ideally the webmail has it's own logfile, where it also emits error
> > messages containing the ip-address of the failed login attempt. This
> > could be as simple as a HTTP 401 error in the nginx/apache logfile on
> > the webmail domain. You can then instruct fail2ban to read that logfile
> > and disallow access to the webmail for the ip address.
> >
> > In the end, the attempts try to access the webmail, and not the IMAP
> > server directly. So it's better to block access to the webmail/web
> server.
> >
> > Kind regards,
> >   Tom
> >
> > On 21-12-2020 11:16, Javi Legido wrote:
> > > Hi there.
> > >
> > > First of all many thanks to all the people involved in this project
> for
> > > their time, I really appreciate it.
> > >
> > > Second my use case:
> > >
> > > a) Container running Webmail (roundcube) with dovecot-ident plugin
> > > enabled
> > > <
> https://github.com/roundcube/roundcubemail/issues/5336#issuecomment-228131074
> >.
> > > b) Container running Dovecot  2.3.4.1 (docker-mailserver-mysql
> > > ) with fail2ban
> > > enabled
> > >
> > > Since I need to add the private IP address of the webmail to
> > > "login_trusted_networks" to "...allow to override their IP addresses
> and
> > > ports" I can keep login to webmail even though if the IP is blocked.
> > >
> > > Question: there's any way to:
> > >
> > > a) Allow a certain IP range to override it's IP address and ports (as
> in
> > > "login_trusted_networks") but
> > > b) Be blocked, as any other incoming connections, by fail2ban?
> > >
> > > More context. Once the public IP is banned (8.8.8.8 in this example):
> > >
> > > ```
> > > 2020-12-21 10:10:31,371 fail2ban.filter [309]: INFO
>  [dovecot]
> > > Found 8.8.8.8 - 2020-12-21 10:10:31
> > > 2020-12-21 10:10:39,189 fail2ban.filter [309]: INFO
>  [dovecot]
> > > Found 8.8.8.8 - 2020-12-21 10:10:39
> > > 2020-12-21 10:10:51,222 fail2ban.filter [309]: INFO
>  [dovecot]
> > > Found 8.8.8.8 - 2020-12-21 10:10:51
> > > 2020-12-21 10:10:52,008 fail2ban.actions[309]: NOTICE
>  [dovecot]
> > > Ban 8.8.8.8
> > > ```
> > >
> > > I can't reach dovecot by telnet from this public IP:
> > >
> > > ```
> > > telnet mail.example.com  143
> > > Trying 9.9.9...
> > > telnet: Unable to connect to remote host: Connection refused
> > > ```
> > >
> > > Unless I removed the ban:
> > >
> > > ```
> > > docker exec mail fail2ban-client set dovecot unbanip 8.8.8.8
> > > ```
> > >
> > > Many thanks.
> > >
> > > Javier
>

Re: Fail2ban and login_trusted_networks

2020-12-21 Thread Aki Tuomi 
Dovecot can log client IP instead of connection IP, when webmail passes this 
information over using IMAP `ID` command, and webmail server has been added to 
login_trusted_networks.

The keywords used for this feature are

x-originating-ip
x-originating-port
x-connected-ip
x-connected-port
x-proxy-ttl (hop count)

Aki

> On 21/12/2020 14:12 Tom Hendrikx  wrote:
> 
>  
> Hi,
> 
> Ideally the webmail has it's own logfile, where it also emits error 
> messages containing the ip-address of the failed login attempt. This 
> could be as simple as a HTTP 401 error in the nginx/apache logfile on 
> the webmail domain. You can then instruct fail2ban to read that logfile 
> and disallow access to the webmail for the ip address.
> 
> In the end, the attempts try to access the webmail, and not the IMAP 
> server directly. So it's better to block access to the webmail/web server.
> 
> Kind regards,
>   Tom
> 
> On 21-12-2020 11:16, Javi Legido wrote:
> > Hi there.
> > 
> > First of all many thanks to all the people involved in this project for 
> > their time, I really appreciate it.
> > 
> > Second my use case:
> > 
> > a) Container running Webmail (roundcube) with dovecot-ident plugin 
> > enabled 
> > .
> > b) Container running Dovecot  2.3.4.1 (docker-mailserver-mysql 
> > ) with fail2ban 
> > enabled
> > 
> > Since I need to add the private IP address of the webmail to 
> > "login_trusted_networks" to "...allow to override their IP addresses and 
> > ports" I can keep login to webmail even though if the IP is blocked.
> > 
> > Question: there's any way to:
> > 
> > a) Allow a certain IP range to override it's IP address and ports (as in 
> > "login_trusted_networks") but
> > b) Be blocked, as any other incoming connections, by fail2ban?
> > 
> > More context. Once the public IP is banned (8.8.8.8 in this example):
> > 
> > ```
> > 2020-12-21 10:10:31,371 fail2ban.filter         [309]: INFO    [dovecot] 
> > Found 8.8.8.8 - 2020-12-21 10:10:31
> > 2020-12-21 10:10:39,189 fail2ban.filter         [309]: INFO    [dovecot] 
> > Found 8.8.8.8 - 2020-12-21 10:10:39
> > 2020-12-21 10:10:51,222 fail2ban.filter         [309]: INFO    [dovecot] 
> > Found 8.8.8.8 - 2020-12-21 10:10:51
> > 2020-12-21 10:10:52,008 fail2ban.actions        [309]: NOTICE  [dovecot] 
> > Ban 8.8.8.8
> > ```
> > 
> > I can't reach dovecot by telnet from this public IP:
> > 
> > ```
> > telnet mail.example.com  143
> > Trying 9.9.9...
> > telnet: Unable to connect to remote host: Connection refused
> > ```
> > 
> > Unless I removed the ban:
> > 
> > ```
> > docker exec mail fail2ban-client set dovecot unbanip 8.8.8.8
> > ```
> > 
> > Many thanks.
> > 
> > Javier

Re: Fail2ban and login_trusted_networks

2020-12-21 Thread Tom Hendrikx 

Hi,

Ideally the webmail has it's own logfile, where it also emits error 
messages containing the ip-address of the failed login attempt. This 
could be as simple as a HTTP 401 error in the nginx/apache logfile on 
the webmail domain. You can then instruct fail2ban to read that logfile 
and disallow access to the webmail for the ip address.


In the end, the attempts try to access the webmail, and not the IMAP 
server directly. So it's better to block access to the webmail/web server.


Kind regards,
Tom

On 21-12-2020 11:16, Javi Legido wrote:

Hi there.

First of all many thanks to all the people involved in this project for 
their time, I really appreciate it.


Second my use case:

a) Container running Webmail (roundcube) with dovecot-ident plugin 
enabled 
.
b) Container running Dovecot  2.3.4.1 (docker-mailserver-mysql 
) with fail2ban 
enabled


Since I need to add the private IP address of the webmail to 
"login_trusted_networks" to "...allow to override their IP addresses and 
ports" I can keep login to webmail even though if the IP is blocked.


Question: there's any way to:

a) Allow a certain IP range to override it's IP address and ports (as in 
"login_trusted_networks") but

b) Be blocked, as any other incoming connections, by fail2ban?

More context. Once the public IP is banned (8.8.8.8 in this example):

```
2020-12-21 10:10:31,371 fail2ban.filter         [309]: INFO    [dovecot] 
Found 8.8.8.8 - 2020-12-21 10:10:31
2020-12-21 10:10:39,189 fail2ban.filter         [309]: INFO    [dovecot] 
Found 8.8.8.8 - 2020-12-21 10:10:39
2020-12-21 10:10:51,222 fail2ban.filter         [309]: INFO    [dovecot] 
Found 8.8.8.8 - 2020-12-21 10:10:51
2020-12-21 10:10:52,008 fail2ban.actions        [309]: NOTICE  [dovecot] 
Ban 8.8.8.8

```

I can't reach dovecot by telnet from this public IP:

```
telnet mail.example.com  143
Trying 9.9.9...
telnet: Unable to connect to remote host: Connection refused
```

Unless I removed the ban:

```
docker exec mail fail2ban-client set dovecot unbanip 8.8.8.8
```

Many thanks.

Javier

Fail2ban and login_trusted_networks

2020-12-21 Thread Javi Legido 
Hi there.

First of all many thanks to all the people involved in this project for
their time, I really appreciate it.

Second my use case:

a) Container running Webmail (roundcube) with dovecot-ident plugin enabled

.
b) Container running Dovecot  2.3.4.1 (docker-mailserver-mysql
) with fail2ban
enabled

Since I need to add the private IP address of the webmail to
"login_trusted_networks" to "...allow to override their IP addresses and
ports" I can keep login to webmail even though if the IP is blocked.

Question: there's any way to:

a) Allow a certain IP range to override it's IP address and ports (as in
"login_trusted_networks") but
b) Be blocked, as any other incoming connections, by fail2ban?

More context. Once the public IP is banned (8.8.8.8 in this example):

```
2020-12-21 10:10:31,371 fail2ban.filter [309]: INFO[dovecot]
Found 8.8.8.8 - 2020-12-21 10:10:31
2020-12-21 10:10:39,189 fail2ban.filter [309]: INFO[dovecot]
Found 8.8.8.8 - 2020-12-21 10:10:39
2020-12-21 10:10:51,222 fail2ban.filter [309]: INFO[dovecot]
Found 8.8.8.8 - 2020-12-21 10:10:51
2020-12-21 10:10:52,008 fail2ban.actions[309]: NOTICE  [dovecot]
Ban 8.8.8.8
```

I can't reach dovecot by telnet from this public IP:

```
telnet mail.example.com 143
Trying 9.9.9...
telnet: Unable to connect to remote host: Connection refused
```

Unless I removed the ban:

```
docker exec mail fail2ban-client set dovecot unbanip 8.8.8.8
```

Many thanks.

Javier