Share

[liecj3]

Hello dear Dovecot users

I have a somewhat special request: I have a single file in mbox format which I 
want to make accessible via IMAP to anonymous logins. The mbox file is being 
updated outside of Dovecot and should not be changeable by Dovecot.

So far I created a Docker container based on the official image 
(https://hub.docker.com/r/dovecot/dovecot) and configured the Dovecot according 
to 
https://doc.dovecot.org/configuration_manual/shared_mailboxes/public_shared/. 
The volume with the mbox file is mounted in the running container under 
/var/mail. Each time a client tries to access this public mailbox the following 
error is logged and no content is returned:
May 26 21:57:06 imap(mutt)<16>: Error: Mailbox 
Public/archive: open() failed with mbox: Read-only file system.

Note that I don't need the file to be a shared mailbox. Instead I would also be 
happy to have all (anonymous) users mapped to the read-only mbox somewhere in 
the filesystem.

Dockerfile:
FROM dovecot/dovecot

RUN mkdir -p /var/indexes/public
RUN chown 1000:1000 /var/indexes/public
ADD dovecot.conf /etc/dovecot/dovecot.conf

/etc/dovecot/dovecot.conf:
## You should mount /etc/dovecot if you want to
## manage this file

mail_home=/srv/mail/%Lu
mail_location=sdbox:~/Mail
mail_uid=1000
mail_gid=1000

#protocols = imap pop3 submission sieve lmtp
protocols = imap

first_valid_uid = 1000
last_valid_uid = 1000

passdb {
  driver = static
  args = password=pass
}

ssl=yes
ssl_cert=

Re: Inaccurate results while searching for a phrase in subject (fts-flatcurve)

[ss17]

Thanks Michael for that explanation. So with the addition of tokenization has 
Dovecot lost the ability to search phrases, irrespective of FTS engine. That 
would be a real bummer if true.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

dovecot indexer-workers

[Nikolay Zlatkov via dovecot]

Hi,

I have a problem with dovecot indexer-workers starting at the same time 
everyday and using too much disk io and cpu.
I have limited indexer-workers to 2, but  i am not sure this is the 
solution.
Can you help me to configure this automatic reindex to be in the night 
for example.



Best Regards!

--






   Николай Златков / Nikolay Zlatkov

Системен администратор / System Administrator

CALLFLOW




mobilePhone

+359 87 986 85 32 
emailAddress

nzlat...@callflowlab.com 
website

www.callflowlab.com 
address

Magnaurska shkola 11 Str., Office 310, Sofia 1784


All channels. One place. | OMNILINX | Check out our new product. 

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: LDAP olcAccess for auth_bind

[Andrzej Milewski]

Hi,

I would like to ask about one more thing regarding LDAP server
authentication.

Am I understanding correctly that the auth_bind option, regardless of
whether it is set to yes or no, and even if anonymous access to the LDAP
directory is blocked, must be used with dn=cn=manager,dc=example,dc=com and
dnpass=password to enable authentication?

It seems to me that there are no other cases where Dovecot can query the
LDAP server directly using the login and password provided by the client.
To perform authentication, it must execute a BIND by an intermediate user,
regardless of where the password check takes place - in LDAP or in Dovecot.

Are there any other ways for the client to log in directly with their
credentials on the Dovecot server?

On Mon, May 22, 2023 at 1:17 PM Andrzej Milewski 
wrote:

> Hi,
>
> I reviewed your guidelines and focused only on how olcAccess works to
> block anonymous users. I installed a blank native Debian and interestingly,
> the default Debian rules also allow anonymous reading of the LDAP directory.
>
> olcAccess by Debian olcAccess: {0} to attrs=userPassword by self write by
> anonymous auth by * none olcAccess: {1} to attrs=shadowLastChange by self
> write by * read olcAccess: {2} to * by * read
>
> After analyzing everything and testing, I started with two rules that
> block anonymous users and at the same time grant access to logged-in users.
> I realize that this is probably not enough and I should include some
> permissions in this, but this is the initial setting on which I can
> continue to work.
>
> olcAccess by me olcAccess: {0} to attrs=userPassword,shadowLastChange by
> self write by anonymous auth by * none olcAccess: {1} to * by self write by
> users read by anonymous auth by * none
>
> Thank you for your help.
>
> On Wed, May 17, 2023 at 7:57 AM Andrzej Milewski <
> andrzej.milew...@gmail.com> wrote:
>
>> Hi,
>> I'm trying to set up a production mail server. I have installed Dovecot
>> on Debian from the package. For authentication, I have another machine
>> running OpenLDAP, also installed on Debian. I would like the end mail
>> client to authenticate with Dovecot using the login and password set in
>> LDAP.
>>
>> In the LDAP-related configuration, I have:
>> auth_bind=yes
>> base = ou=Users,dc=example,dc=com
>> user_attrs =
>> mail=couriermaildir:~/Maildir,homeDirectory=/home/%d/%uid/,uidNumber=uid,gidNumber=gid
>> user_filter = (&(objectClass=posixAccount)(uid=%u))
>> pass_attrs = uid=user,userPassword=password,\
>> pass_filter = (&(objectClass=posixAccount)(uid=%u))
>>
>> The LDAP user is entered as uid=u...@example.com. With the default
>> olcAccess permissions, it works and logs in correctly.
>>
>> Here are my default olcAccess settings after installation:
>> # {1}mdb, config
>> dn: olcDatabase={1}mdb,cn=config
>> objectClass: olcDatabaseConfig
>> objectClass: olcMdbConfig
>> olcDatabase: {1}mdb
>> olcDbDirectory: /var/lib/ldap
>> olcSuffix: dc=example,dc=com
>> olcAccess: {0}to dn.children="ou=Idmaps,dc=example,dc=com"
>> attrs=userPassword,
>>  shadowLastChange,SambaLMPassword,SambaNTPassword by self write by
>> anonymous a
>>  uth by dn="cn=samba,dc=example,dc=com" write by
>> dn="cn=admin,dc=laktopol,dc=p
>>  l" write by * none
>> olcAccess: {1}to dn.subtree="ou=Idmaps,dc=example,dc=com" by self write
>> by dn=
>>  "cn=samba,dc=example,dc=com" write by dn="cn=admin,dc=example,dc=com"
>> write b
>>  y * read
>> olcAccess: {2}to dn.children="ou=Hosts,dc=example,dc=com"
>> attrs=userPassword,s
>>  hadowLastChange,SambaLMPassword,SambaNTPassword by self write by
>> anonymous au
>>  th by dn="cn=samba,dc=example,dc=com" write by
>> dn="cn=admin,dc=example,dc=com
>>  " write by * none
>> olcAccess: {3}to dn.subtree="ou=Hosts,dc=example,dc=com" by self write by
>> dn="
>>  cn=samba,dc=example,dc=com" write by dn="cn=admin,dc=example,dc=com"
>> write by
>>   * read
>> olcAccess: {4}to dn.children="ou=Users,dc=example,dc=com"
>> attrs=userPassword,s
>>  hadowLastChange,SambaLMPassword,SambaNTPassword by self write by
>> anonymous au
>>  th by dn="cn=samba,dc=example,dc=com" write by
>> dn="cn=nsspam,dc=laktopol,dc=p
>>  l" write by dn="cn=admin,dc=example,dc=com" write by * none
>> olcAccess: {5}to dn.children="ou=Users,dc=example,dc=com" by self write
>> by dn=
>>  "cn=samba,dc=example,dc=com" write by dn="cn=nsspam,dc=example,dc=com"
>> write
>>  by dn="cn=admin,dc=example,dc=com" write by * read
>> olcAccess: {6}to filter=(objectClass=sambaDomain) by
>> dn="cn=samba,dc=laktopol,
>>  dc=pl" write by dn="cn=admin,dc=example,dc=com" write by * read
>> olcAccess: {7}to dn.base="dc=example,dc=com" attrs=children by
>> dn="cn=samba,dc
>>  =laktopol,dc=pl" write by dn="cn=admin,dc=example,dc=com" write by * read
>> olcAccess: {8}to
>> attrs=userPassword,shadowLastChange,SambaLMPassword,SambaNTPa
>>  ssword by self write by anonymous auth by
>> dn="cn=nsspam,dc=example,dc=com" wr
>>  ite by dn="cn=admin,dc=example,dc=com" write by * none
>> olcAccess: {9}to 

Re: The (doveadm search HEADER "Header" "") command does not return email which have the header "Header"

[Léo El Amri via dovecot]

Allow me to bump this thread. I believe there is a bug somewhere. Either in the 
code, or in the documentation.

On 18 May 2023 21:13:50 CEST, "Léo El Amri via dovecot"  
wrote:
>Hello there,
>
>When using the doveadm command (search HEADER "X-Discourse-Post-Id" "") or the 
>IMAP command (SEARCH HEADER X-Discourse-Post-Id ""), emails containing a 
>X-Discourse-Post-Id header are not listed.
>
>I've also tried with non X- headers, such as List-Unsubscribe and 
>Auto-Submitted.
>
>RFC 3501 [1] and Dovecot's documentation [2] both says that this command 
>should return emails containing the header searched.
>
>I couldn't find a mention of this bug in the git history, hence why I'm 
>posting here, maybe there is something wrong with my installation ?
>
>I'm running Dovecot 2.3.20 on Debian on amd64 with an ext4 filesystem. I 
>attached the output of dovecot -n.
>
>[1]: https://www.rfc-editor.org/rfc/rfc3501.html#section-6.4.4
>[2]: https://wiki.dovecot.org/Tools/Doveadm/SearchQuery
>
>-- 
>Cordially,
>Léo___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org