Splitting up packages
I'm the maintainer of the dovecot and pigeonhole ports on FreeBSD and am looking to make separate installable packages like the project does for Linux. Can you help me know what needs to go where and what options (if any) change the base? Thanks for any help here. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: sieve filter generated email- sent folder
On 1/26/2024 14:31:04, Oscar del Rio wrote: On 2024-01-26 1:05 p.m., joe a wrote: The "mailto:; function does not seem to place a copy of the sent message in the "Sent" folder. In the (snipped) example below the text message is received but no copy is seen in the Sent folder. Is there a setting I have missed or is that expected behavior for the "mailto:; function? AFAIK, the copying of outgoing emails to Sent folders is done by email clients, not by the server. Ah, I guess you are right. Still, I hoped there was some way to make it happen, so a mailbox owner might have a ready means to track messages potentially sent under their name. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: sieve filter generated email- sent folder
On 2024-01-26 1:05 p.m., joe a wrote: The "mailto:; function does not seem to place a copy of the sent message in the "Sent" folder. In the (snipped) example below the text message is received but no copy is seen in the Sent folder. Is there a setting I have missed or is that expected behavior for the "mailto:; function? AFAIK, the copying of outgoing emails to Sent folders is done by email clients, not by the server. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: sieve filter generated email- sent folder
Let me rephrase this question: The "mailto:; function does not seem to place a copy of the sent message in the "Sent" folder. In the (snipped) example below the text message is received but no copy is seen in the Sent folder. Is there a setting I have missed or is that expected behavior for the "mailto:; function? Example: "notify :importance "1" :message "You got pinged - Sent via My Filer" "mailto:123-456-7890@text.some_provider.net";; Thanks. joe a. On 1/25/2024 16:28:38, joe a wrote: dovecot 2.3.21 pigeonhole 0.5.21. Filters created via roundcube. Attempting to have filters detect certain email, send a notification text message to mobile via email, and copy that notification email to "Sent" folder. Filter(s) detect condition, move the email to desired folder and appear, as note in logs outside of dovecot, to sent the notification email. The notification email is not recorded in "Sent" folder and is not received by mobile device. Is this a "do-able" thing in dovecot/pigeonhole? If so, how? Docs available? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dsync with vurtial folder leads to mess of msg ID
On Fri, 26 Jan 2024 01:44:06 +0100, Kirill A. Korinsky wrote: > > So far so good. > And here we go again mx1# doveadm fetch -u kir...@korins.ky 'uid' mailbox virtual.All | grep '^uid:' | tail -n 20 uid: 144044 uid: 144045 uid: 144046 uid: 144047 uid: 144048 uid: 144049 uid: 144050 uid: 144051 uid: 144052 uid: 144053 uid: 144055 uid: 144059 uid: 144062 uid: 144073 uid: 144074 uid: 144075 uid: 144076 uid: 144077 uid: 144078 uid: 144079 mx1# vs mx2# doveadm fetch -u kir...@korins.ky 'uid' mailbox virtual.All | grep '^uid:' | tail -n 20 uid: 144044 uid: 144045 uid: 144046 uid: 144047 uid: 144048 uid: 144049 uid: 144050 uid: 144051 uid: 144052 uid: 144053 uid: 144054 uid: 144057 uid: 144060 uid: 144071 uid: 144072 uid: 144073 uid: 144074 uid: 144075 uid: 144076 uid: 144077 mx2# notable to say that message 144055 / 144054 was BCC of my message to the list where I said that so far so good. BTW when I go to the logs, I haven't found anything that can explain it. Any suggestion how can I debug it future? -- wbr, Kirill ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Azure AD / Entra Id OAuth2 issue, username not recognized
Hi Aki, Thank you for taking the time to answer my question, I greatly appreciate your effort. With a little bit of experimentation and reading the documentation I was able to setup local introspection validation and the OAuth2 authentication is now succeeding. Thank you! For those of you experiencing a similar situation this is the dovecot-oauth2.plain.conf.ext conf file after applying Aki's advice: grant_url = https://login.microsoftonline.com//oauth2/v2.0/token client_id = client_secret = username_attribute = email use_grant_password = yes introspection_mode = local scope = api:///mail-relay local_validation_key_dict = fs:posix:prefix=/etc/dovecot/keys/ I retrieved the local validation keys from Azure AD / Entra ID via this url: https://login.microsoftonline.com//discovery/keys?appid= This yields a json array which needs to be stored in /etc/dovecot/keys which the following folder structure: /etc/dovecot/keys/default/RS256 in the RS256 folder you need to create a file per kid. The Azure AD endpoint provided me with an array containing 2 items. I created a file for item 1 and copied in the individual key item and did the same for the other key item (identified by the kid attribute). Each file is named after its kid attribute. Kind regards Meint ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Azure AD / Entra Id OAuth2 issue, username not recognized
Your problem is that the access_token field actually contains the token. so you need use either local validation or introspection. I would recommend setting up local validation. Aki > On 26/01/2024 10:33 EET me...@meint.net wrote: > > > Dovecot version 2.3.16 > > Trying to use Azure AD / Entra Id with OAuth2 authentication, I have most of > it working but somehow Dovecot fails to map / recognize the username, > hopefully somebody can point out what I'm doing wrong? > > Excerpt from log: > Jan 26 09:13:20 localhost dovecot: auth: Debug: http-client: conn > [2603:1026:3000:108::4]:443 [1]: Got 200 response for request [Req1: POST > https://login.microsoftonline.com/79b065d9-761f-4b79-a5cb-71a452f452af/oauth2/v2.0/token]: > OK (took 220 ms + 82 ms in queue) > Jan 26 09:13:20 localhost dovecot: auth: Debug: > oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): > Password grant succeeded > Jan 26 09:13:20 localhost dovecot: auth: Debug: > oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): > Processing field token_type > Jan 26 09:13:20 localhost dovecot: auth: Debug: > oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): > Processing field scope > Jan 26 09:13:20 localhost dovecot: auth: Debug: > oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): > Processing field expires_in > Jan 26 09:13:20 localhost dovecot: auth: Debug: > oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): > Processing field ext_expires_in > Jan 26 09:13:20 localhost dovecot: auth: Debug: > oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): > Processing field access_token > Jan 26 09:13:20 localhost dovecot: auth: Error: > oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): > oauth2 failed: Password grant failed: No username returned > > I'm using Resource Owner Password Grant flow. I have the following configured > in conf.d/auth-oauth.conf.ext: > > passdb { > driver = oauth2 > mechanisms = plain > args = /etc/dovecot/dovecot-oauth2.plain.conf.ext > } > > I have the following configured in dovecot-oauth2.plain.conf.ext: > > grant_url = https://login.microsoftonline.com//oauth2/v2.0/token > client_id = > client_secret = > username_attribute = email > use_grant_password = yes > scope = api:///mail-relay > debug = yes > rawlog_dir = /tmp/oauth2 > > I have the following response from the oauth raw logs: > > out: > 1706256800.309971 POST //oauth2/v2.0/token HTTP/1.1 > 1706256800.309971 Host: login.microsoftonline.com > 1706256800.309971 Date: Fri, 26 Jan 2024 08:13:20 GMT > 1706256800.309971 User-Agent: dovecot-oauth2-passdb/2.3.16 > 1706256800.309971 Content-Length: 255 > 1706256800.309971 Connection: Keep-Alive > 1706256800.310013 Content-Type: application/x-www-form-urlencoded > 1706256800.310018 > 1706256800.310056 > grant_type=password=test-exter...@example.org=_id=_secret==api:%2f%2f%2fmail-relay > > in: > 1706256800.530754 HTTP/1.1 200 OK > 1706256800.530754 Cache-Control: no-store, no-cache > 1706256800.530754 Pragma: no-cache > 1706256800.530754 Content-Type: application/json; charset=utf-8 > 1706256800.530754 Expires: -1 > 1706256800.530754 Strict-Transport-Security: max-age=31536000; > includeSubDomains > 1706256800.530754 X-Content-Type-Options: nosniff > 1706256800.530754 P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" > 1706256800.530754 x-ms-request-id: 629ce7bf-a5e9-4655-9019-83690c8b4400 > 1706256800.530754 x-ms-ests-server: 2.1.17122.2 - SEC ProdSlices > 1706256800.530754 X-XSS-Protection: 0 > 1706256800.530754 Set-Cookie: > fpc=Am8EyNTmX2ZOkMLj2MB82W4gKLwwAQAAAJ9gRd0O; expires=Sun, 25-Feb-2024 > 08:13:20 GMT; path=/; secure; HttpOnly; SameSite=None > 1706256800.530754 Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; > samesite=none; httponly > 1706256800.530754 Set-Cookie: stsservicecookie=estsfd; path=/; secure; > samesite=none; httponly > 1706256800.530754 Date: Fri, 26 Jan 2024 08:13:20 GMT > 1706256800.530754 Content-Length: 1979 > 1706256800.530754 > 1706256800.530754 > {"token_type":"Bearer","scope":"api:///mail-relay","expires_in":5296,"ext_expires_in":5296,"access_token":"eyJ0eX > ..."} > > If I inspect the access token I'm getting: > { > "aud": "", > "iss": "", > "iat": 1706256500, > "nbf": 1706256500, > "exp": 1706262097, > "acr": "1", > "aio": > "ATQAy/8VNgbkS6NmHL3yGyROhLM28ooLX57pCjHjp0TGtd7EjwgVZy/i2aEqfV6sxiHeGZ0N", > "amr": [ > "pwd" > ], > "appid": "", > "appidacr": "1", > "email": "test-exter...@example.org", > "ipaddr": "", > "login_hint": "", > "name": "test-external", > "oid": "657401f0-c9f0-402c-af6f-9ef063e7a281", > "preferred_username": "test-exter...@example.org", > "rh": "0.ATEA2WWweR92eUuly3GkUvRSr08CZ45J3dRLnCQJZCVUYBcxAKo.", > "scp": "mail-relay", > "sub": "ST9owcQQN2e0tBsHiVjvR8SCdlfUR_114tJk4C2bRxg", > "tid":
Re: Azure AD / Entra Id OAuth2 issue, username not recognized
I have a suspicion its not working because the scp attribute doesnt contain "email", can anybody confirm that this might be the issue? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Azure AD / Entra Id OAuth2 issue, username not recognized
Dovecot version 2.3.16 Trying to use Azure AD / Entra Id with OAuth2 authentication, I have most of it working but somehow Dovecot fails to map / recognize the username, hopefully somebody can point out what I'm doing wrong? Excerpt from log: Jan 26 09:13:20 localhost dovecot: auth: Debug: http-client: conn [2603:1026:3000:108::4]:443 [1]: Got 200 response for request [Req1: POST https://login.microsoftonline.com/79b065d9-761f-4b79-a5cb-71a452f452af/oauth2/v2.0/token]: OK (took 220 ms + 82 ms in queue) Jan 26 09:13:20 localhost dovecot: auth: Debug: oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): Password grant succeeded Jan 26 09:13:20 localhost dovecot: auth: Debug: oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): Processing field token_type Jan 26 09:13:20 localhost dovecot: auth: Debug: oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): Processing field scope Jan 26 09:13:20 localhost dovecot: auth: Debug: oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): Processing field expires_in Jan 26 09:13:20 localhost dovecot: auth: Debug: oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): Processing field ext_expires_in Jan 26 09:13:20 localhost dovecot: auth: Debug: oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): Processing field access_token Jan 26 09:13:20 localhost dovecot: auth: Error: oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec): oauth2 failed: Password grant failed: No username returned I'm using Resource Owner Password Grant flow. I have the following configured in conf.d/auth-oauth.conf.ext: passdb { driver = oauth2 mechanisms = plain args = /etc/dovecot/dovecot-oauth2.plain.conf.ext } I have the following configured in dovecot-oauth2.plain.conf.ext: grant_url = https://login.microsoftonline.com//oauth2/v2.0/token client_id = client_secret = username_attribute = email use_grant_password = yes scope = api:///mail-relay debug = yes rawlog_dir = /tmp/oauth2 I have the following response from the oauth raw logs: out: 1706256800.309971 POST //oauth2/v2.0/token HTTP/1.1 1706256800.309971 Host: login.microsoftonline.com 1706256800.309971 Date: Fri, 26 Jan 2024 08:13:20 GMT 1706256800.309971 User-Agent: dovecot-oauth2-passdb/2.3.16 1706256800.309971 Content-Length: 255 1706256800.309971 Connection: Keep-Alive 1706256800.310013 Content-Type: application/x-www-form-urlencoded 1706256800.310018 1706256800.310056 grant_type=password=test-exter...@example.org=_id=_secret==api:%2f%2f%2fmail-relay in: 1706256800.530754 HTTP/1.1 200 OK 1706256800.530754 Cache-Control: no-store, no-cache 1706256800.530754 Pragma: no-cache 1706256800.530754 Content-Type: application/json; charset=utf-8 1706256800.530754 Expires: -1 1706256800.530754 Strict-Transport-Security: max-age=31536000; includeSubDomains 1706256800.530754 X-Content-Type-Options: nosniff 1706256800.530754 P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" 1706256800.530754 x-ms-request-id: 629ce7bf-a5e9-4655-9019-83690c8b4400 1706256800.530754 x-ms-ests-server: 2.1.17122.2 - SEC ProdSlices 1706256800.530754 X-XSS-Protection: 0 1706256800.530754 Set-Cookie: fpc=Am8EyNTmX2ZOkMLj2MB82W4gKLwwAQAAAJ9gRd0O; expires=Sun, 25-Feb-2024 08:13:20 GMT; path=/; secure; HttpOnly; SameSite=None 1706256800.530754 Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly 1706256800.530754 Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly 1706256800.530754 Date: Fri, 26 Jan 2024 08:13:20 GMT 1706256800.530754 Content-Length: 1979 1706256800.530754 1706256800.530754 {"token_type":"Bearer","scope":"api:///mail-relay","expires_in":5296,"ext_expires_in":5296,"access_token":"eyJ0eX ..."} If I inspect the access token I'm getting: { "aud": "", "iss": "", "iat": 1706256500, "nbf": 1706256500, "exp": 1706262097, "acr": "1", "aio": "ATQAy/8VNgbkS6NmHL3yGyROhLM28ooLX57pCjHjp0TGtd7EjwgVZy/i2aEqfV6sxiHeGZ0N", "amr": [ "pwd" ], "appid": "", "appidacr": "1", "email": "test-exter...@example.org", "ipaddr": "", "login_hint": "", "name": "test-external", "oid": "657401f0-c9f0-402c-af6f-9ef063e7a281", "preferred_username": "test-exter...@example.org", "rh": "0.ATEA2WWweR92eUuly3GkUvRSr08CZ45J3dRLnCQJZCVUYBcxAKo.", "scp": "mail-relay", "sub": "ST9owcQQN2e0tBsHiVjvR8SCdlfUR_114tJk4C2bRxg", "tid": "79b065d9-761f-4b79-a5cb-71a452f452af", "unique_name": "test-exter...@sexample.org", "upn": "test-exter...@example.org", "uti": "v-ecYumlVUaQGYNpDItEAA", "ver": "1.0" } The email attribute is present in the access token yet Dovecot doesnt appear to recognize it. What am I doing wrong? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org