Splitting up packages
I'm the maintainer of the dovecot and pigeonhole ports on FreeBSD and am looking to make separate installable packages like the project does for Linux. Can you help me know what needs to go where and what options (if any) change the base? Thanks for any help here. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: sieve filter generated email- sent folder
On 1/26/2024 14:31:04, Oscar del Rio wrote: On 2024-01-26 1:05 p.m., joe a wrote: The "mailto:; function does not seem to place a copy of the sent message in the "Sent" folder. In the (snipped) example below the text message is received but no copy is seen in the Sent folder. Is there a setting I have missed or is that expected behavior for the "mailto:; function? AFAIK, the copying of outgoing emails to Sent folders is done by email clients, not by the server. Ah, I guess you are right. Still, I hoped there was some way to make it happen, so a mailbox owner might have a ready means to track messages potentially sent under their name. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: sieve filter generated email- sent folder
On 2024-01-26 1:05 p.m., joe a wrote: The "mailto:; function does not seem to place a copy of the sent message in the "Sent" folder. In the (snipped) example below the text message is received but no copy is seen in the Sent folder. Is there a setting I have missed or is that expected behavior for the "mailto:; function? AFAIK, the copying of outgoing emails to Sent folders is done by email clients, not by the server. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: sieve filter generated email- sent folder
Let me rephrase this question: The "mailto:; function does not seem to place a copy of the sent message in the "Sent" folder. In the (snipped) example below the text message is received but no copy is seen in the Sent folder. Is there a setting I have missed or is that expected behavior for the "mailto:; function? Example: "notify :importance "1" :message "You got pinged - Sent via My Filer" "mailto:123-456-7890@text.some_provider.net";; Thanks. joe a. On 1/25/2024 16:28:38, joe a wrote: dovecot 2.3.21 pigeonhole 0.5.21. Filters created via roundcube. Attempting to have filters detect certain email, send a notification text message to mobile via email, and copy that notification email to "Sent" folder. Filter(s) detect condition, move the email to desired folder and appear, as note in logs outside of dovecot, to sent the notification email. The notification email is not recorded in "Sent" folder and is not received by mobile device. Is this a "do-able" thing in dovecot/pigeonhole? If so, how? Docs available? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dsync with vurtial folder leads to mess of msg ID
On Fri, 26 Jan 2024 01:44:06 +0100, Kirill A. Korinsky wrote: > > So far so good. > And here we go again mx1# doveadm fetch -u kir...@korins.ky 'uid' mailbox virtual.All | grep '^uid:' | tail -n 20 uid: 144044 uid: 144045 uid: 144046 uid: 144047 uid: 144048 uid: 144049 uid: 144050 uid: 144051 uid: 144052 uid: 144053 uid: 144055 uid: 144059 uid: 144062 uid: 144073 uid: 144074 uid: 144075 uid: 144076 uid: 144077 uid: 144078 uid: 144079 mx1# vs mx2# doveadm fetch -u kir...@korins.ky 'uid' mailbox virtual.All | grep '^uid:' | tail -n 20 uid: 144044 uid: 144045 uid: 144046 uid: 144047 uid: 144048 uid: 144049 uid: 144050 uid: 144051 uid: 144052 uid: 144053 uid: 144054 uid: 144057 uid: 144060 uid: 144071 uid: 144072 uid: 144073 uid: 144074 uid: 144075 uid: 144076 uid: 144077 mx2# notable to say that message 144055 / 144054 was BCC of my message to the list where I said that so far so good. BTW when I go to the logs, I haven't found anything that can explain it. Any suggestion how can I debug it future? -- wbr, Kirill ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Azure AD / Entra Id OAuth2 issue, username not recognized
Hi Aki, Thank you for taking the time to answer my question, I greatly appreciate your effort. With a little bit of experimentation and reading the documentation I was able to setup local introspection validation and the OAuth2 authentication is now succeeding. Thank you! For those of you experiencing a similar situation this is the dovecot-oauth2.plain.conf.ext conf file after applying Aki's advice: grant_url = https://login.microsoftonline.com//oauth2/v2.0/token client_id = client_secret = username_attribute = email use_grant_password = yes introspection_mode = local scope = api:///mail-relay local_validation_key_dict = fs:posix:prefix=/etc/dovecot/keys/ I retrieved the local validation keys from Azure AD / Entra ID via this url: https://login.microsoftonline.com//discovery/keys?appid= This yields a json array which needs to be stored in /etc/dovecot/keys which the following folder structure: /etc/dovecot/keys/default/RS256 in the RS256 folder you need to create a file per kid. The Azure AD endpoint provided me with an array containing 2 items. I created a file for item 1 and copied in the individual key item and did the same for the other key item (identified by the kid attribute). Each file is named after its kid attribute. Kind regards Meint ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Azure AD / Entra Id OAuth2 issue, username not recognized
Your problem is that the access_token field actually contains the token. so you
need use either local validation or introspection. I would recommend setting up
local validation.
Aki
> On 26/01/2024 10:33 EET me...@meint.net wrote:
>
>
> Dovecot version 2.3.16
>
> Trying to use Azure AD / Entra Id with OAuth2 authentication, I have most of
> it working but somehow Dovecot fails to map / recognize the username,
> hopefully somebody can point out what I'm doing wrong?
>
> Excerpt from log:
> Jan 26 09:13:20 localhost dovecot: auth: Debug: http-client: conn
> [2603:1026:3000:108::4]:443 [1]: Got 200 response for request [Req1: POST
> https://login.microsoftonline.com/79b065d9-761f-4b79-a5cb-71a452f452af/oauth2/v2.0/token]:
> OK (took 220 ms + 82 ms in queue)
> Jan 26 09:13:20 localhost dovecot: auth: Debug:
> oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
> Password grant succeeded
> Jan 26 09:13:20 localhost dovecot: auth: Debug:
> oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
> Processing field token_type
> Jan 26 09:13:20 localhost dovecot: auth: Debug:
> oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
> Processing field scope
> Jan 26 09:13:20 localhost dovecot: auth: Debug:
> oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
> Processing field expires_in
> Jan 26 09:13:20 localhost dovecot: auth: Debug:
> oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
> Processing field ext_expires_in
> Jan 26 09:13:20 localhost dovecot: auth: Debug:
> oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
> Processing field access_token
> Jan 26 09:13:20 localhost dovecot: auth: Error:
> oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
> oauth2 failed: Password grant failed: No username returned
>
> I'm using Resource Owner Password Grant flow. I have the following configured
> in conf.d/auth-oauth.conf.ext:
>
> passdb {
> driver = oauth2
> mechanisms = plain
> args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
> }
>
> I have the following configured in dovecot-oauth2.plain.conf.ext:
>
> grant_url = https://login.microsoftonline.com//oauth2/v2.0/token
> client_id =
> client_secret =
> username_attribute = email
> use_grant_password = yes
> scope = api:///mail-relay
> debug = yes
> rawlog_dir = /tmp/oauth2
>
> I have the following response from the oauth raw logs:
>
> out:
> 1706256800.309971 POST //oauth2/v2.0/token HTTP/1.1
> 1706256800.309971 Host: login.microsoftonline.com
> 1706256800.309971 Date: Fri, 26 Jan 2024 08:13:20 GMT
> 1706256800.309971 User-Agent: dovecot-oauth2-passdb/2.3.16
> 1706256800.309971 Content-Length: 255
> 1706256800.309971 Connection: Keep-Alive
> 1706256800.310013 Content-Type: application/x-www-form-urlencoded
> 1706256800.310018
> 1706256800.310056
> grant_type=password=test-exter...@example.org=_id=_secret==api:%2f%2f%2fmail-relay
>
> in:
> 1706256800.530754 HTTP/1.1 200 OK
> 1706256800.530754 Cache-Control: no-store, no-cache
> 1706256800.530754 Pragma: no-cache
> 1706256800.530754 Content-Type: application/json; charset=utf-8
> 1706256800.530754 Expires: -1
> 1706256800.530754 Strict-Transport-Security: max-age=31536000;
> includeSubDomains
> 1706256800.530754 X-Content-Type-Options: nosniff
> 1706256800.530754 P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
> 1706256800.530754 x-ms-request-id: 629ce7bf-a5e9-4655-9019-83690c8b4400
> 1706256800.530754 x-ms-ests-server: 2.1.17122.2 - SEC ProdSlices
> 1706256800.530754 X-XSS-Protection: 0
> 1706256800.530754 Set-Cookie:
> fpc=Am8EyNTmX2ZOkMLj2MB82W4gKLwwAQAAAJ9gRd0O; expires=Sun, 25-Feb-2024
> 08:13:20 GMT; path=/; secure; HttpOnly; SameSite=None
> 1706256800.530754 Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure;
> samesite=none; httponly
> 1706256800.530754 Set-Cookie: stsservicecookie=estsfd; path=/; secure;
> samesite=none; httponly
> 1706256800.530754 Date: Fri, 26 Jan 2024 08:13:20 GMT
> 1706256800.530754 Content-Length: 1979
> 1706256800.530754
> 1706256800.530754
> {"token_type":"Bearer","scope":"api:///mail-relay","expires_in":5296,"ext_expires_in":5296,"access_token":"eyJ0eX
> ..."}
>
> If I inspect the access token I'm getting:
> {
> "aud": "",
> "iss": "",
> "iat": 1706256500,
> "nbf": 1706256500,
> "exp": 1706262097,
> "acr": "1",
> "aio":
> "ATQAy/8VNgbkS6NmHL3yGyROhLM28ooLX57pCjHjp0TGtd7EjwgVZy/i2aEqfV6sxiHeGZ0N",
> "amr": [
> "pwd"
> ],
> "appid": "",
> "appidacr": "1",
> "email": "test-exter...@example.org",
> "ipaddr": "",
> "login_hint": "",
> "name": "test-external",
> "oid": "657401f0-c9f0-402c-af6f-9ef063e7a281",
> "preferred_username": "test-exter...@example.org",
> "rh": "0.ATEA2WWweR92eUuly3GkUvRSr08CZ45J3dRLnCQJZCVUYBcxAKo.",
> "scp": "mail-relay",
> "sub": "ST9owcQQN2e0tBsHiVjvR8SCdlfUR_114tJk4C2bRxg",
> "tid":
Re: Azure AD / Entra Id OAuth2 issue, username not recognized
I have a suspicion its not working because the scp attribute doesnt contain "email", can anybody confirm that this might be the issue? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Azure AD / Entra Id OAuth2 issue, username not recognized
Dovecot version 2.3.16
Trying to use Azure AD / Entra Id with OAuth2 authentication, I have most of it
working but somehow Dovecot fails to map / recognize the username, hopefully
somebody can point out what I'm doing wrong?
Excerpt from log:
Jan 26 09:13:20 localhost dovecot: auth: Debug: http-client: conn
[2603:1026:3000:108::4]:443 [1]: Got 200 response for request [Req1: POST
https://login.microsoftonline.com/79b065d9-761f-4b79-a5cb-71a452f452af/oauth2/v2.0/token]:
OK (took 220 ms + 82 ms in queue)
Jan 26 09:13:20 localhost dovecot: auth: Debug:
oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
Password grant succeeded
Jan 26 09:13:20 localhost dovecot: auth: Debug:
oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
Processing field token_type
Jan 26 09:13:20 localhost dovecot: auth: Debug:
oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
Processing field scope
Jan 26 09:13:20 localhost dovecot: auth: Debug:
oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
Processing field expires_in
Jan 26 09:13:20 localhost dovecot: auth: Debug:
oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
Processing field ext_expires_in
Jan 26 09:13:20 localhost dovecot: auth: Debug:
oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
Processing field access_token
Jan 26 09:13:20 localhost dovecot: auth: Error:
oauth2(test-exter...@secumailer.com,2a05:d018:ebe:d005:22b6:dc4b:41c6:7fec):
oauth2 failed: Password grant failed: No username returned
I'm using Resource Owner Password Grant flow. I have the following configured
in conf.d/auth-oauth.conf.ext:
passdb {
driver = oauth2
mechanisms = plain
args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
}
I have the following configured in dovecot-oauth2.plain.conf.ext:
grant_url = https://login.microsoftonline.com//oauth2/v2.0/token
client_id =
client_secret =
username_attribute = email
use_grant_password = yes
scope = api:///mail-relay
debug = yes
rawlog_dir = /tmp/oauth2
I have the following response from the oauth raw logs:
out:
1706256800.309971 POST //oauth2/v2.0/token HTTP/1.1
1706256800.309971 Host: login.microsoftonline.com
1706256800.309971 Date: Fri, 26 Jan 2024 08:13:20 GMT
1706256800.309971 User-Agent: dovecot-oauth2-passdb/2.3.16
1706256800.309971 Content-Length: 255
1706256800.309971 Connection: Keep-Alive
1706256800.310013 Content-Type: application/x-www-form-urlencoded
1706256800.310018
1706256800.310056
grant_type=password=test-exter...@example.org=_id=_secret==api:%2f%2f%2fmail-relay
in:
1706256800.530754 HTTP/1.1 200 OK
1706256800.530754 Cache-Control: no-store, no-cache
1706256800.530754 Pragma: no-cache
1706256800.530754 Content-Type: application/json; charset=utf-8
1706256800.530754 Expires: -1
1706256800.530754 Strict-Transport-Security: max-age=31536000; includeSubDomains
1706256800.530754 X-Content-Type-Options: nosniff
1706256800.530754 P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
1706256800.530754 x-ms-request-id: 629ce7bf-a5e9-4655-9019-83690c8b4400
1706256800.530754 x-ms-ests-server: 2.1.17122.2 - SEC ProdSlices
1706256800.530754 X-XSS-Protection: 0
1706256800.530754 Set-Cookie: fpc=Am8EyNTmX2ZOkMLj2MB82W4gKLwwAQAAAJ9gRd0O;
expires=Sun, 25-Feb-2024 08:13:20 GMT; path=/; secure; HttpOnly; SameSite=None
1706256800.530754 Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure;
samesite=none; httponly
1706256800.530754 Set-Cookie: stsservicecookie=estsfd; path=/; secure;
samesite=none; httponly
1706256800.530754 Date: Fri, 26 Jan 2024 08:13:20 GMT
1706256800.530754 Content-Length: 1979
1706256800.530754
1706256800.530754
{"token_type":"Bearer","scope":"api:///mail-relay","expires_in":5296,"ext_expires_in":5296,"access_token":"eyJ0eX
..."}
If I inspect the access token I'm getting:
{
"aud": "",
"iss": "",
"iat": 1706256500,
"nbf": 1706256500,
"exp": 1706262097,
"acr": "1",
"aio":
"ATQAy/8VNgbkS6NmHL3yGyROhLM28ooLX57pCjHjp0TGtd7EjwgVZy/i2aEqfV6sxiHeGZ0N",
"amr": [
"pwd"
],
"appid": "",
"appidacr": "1",
"email": "test-exter...@example.org",
"ipaddr": "",
"login_hint": "",
"name": "test-external",
"oid": "657401f0-c9f0-402c-af6f-9ef063e7a281",
"preferred_username": "test-exter...@example.org",
"rh": "0.ATEA2WWweR92eUuly3GkUvRSr08CZ45J3dRLnCQJZCVUYBcxAKo.",
"scp": "mail-relay",
"sub": "ST9owcQQN2e0tBsHiVjvR8SCdlfUR_114tJk4C2bRxg",
"tid": "79b065d9-761f-4b79-a5cb-71a452f452af",
"unique_name": "test-exter...@sexample.org",
"upn": "test-exter...@example.org",
"uti": "v-ecYumlVUaQGYNpDItEAA",
"ver": "1.0"
}
The email attribute is present in the access token yet Dovecot doesnt appear to
recognize it. What am I doing wrong?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
