Re: Slow performance with large folders over the Internet
On 03/31/2017 12:03 AM, Shawn Heisey wrote: > Dovecot package version is 1:1.2.15-7+deb6u1. It is in Debian 6.0.10, > using the Debian package. > > The server is in my basement at home, and is exposed to the Internet so > I can fully access my mail from anywhere. I use IMAP for reading mail. > > I have a number of folders in my mailbox that have thousands of messages > in them, from mailing lists. > > When I'm at home, I have a LAN connection to the server. It goes > through a Cisco firewall that limits the connection speed to 100Mb/s. > In this situation, I can open a folder with 25000 messages in it, click > on the next unread message that Thunderbird did not know about before, > and within a second or two, the message will download, allowing me to > view it and reply. > > When I'm at work, with highly variable network latency between > Thunderbird and the server, doing exactly the same thing takes a LOT > longer. I have seen it take as long as 15 minutes for a single message. > If I open a folder with only a few messages in it, it is fast. > > The server is not overloaded -- I can log into it with ssh and use "mutt > -f" to open a folder directly. Loading thousands of messages into mutt > takes a while, but I have no difficulty using the ssh connection and > running commandline programs. > > This suggests that the IMAP communication between the server and the > client involves a large amount of back and forth communication when the > message count in the folder is high, possibly something for every > message in the folder. It happens quickly on a LAN but crawls on a > connection with high latency. I can understand it taking a few seconds > longer on a high-latency link, but it takes minutes. > > I do plan on building a new server and migrating to Dovecot 2.x, but I > haven't had the time to work on that. > > Is this a known problem? If so, is it fixed in 2.x? > > Thanks, > Shawn This sounds like your companies firewall trying a mitm attack or similar. Just a wild guess. If the SSH-connection is good (probably ignored by the firewall or maybe even prioritized), then forward your IMAP-traffic through it and see if the problem persists. This is not meant as a solution, but to help analyze the problem. # ssh -L 10993:127.0.0.1:993 you@your.server Then connect with Thunderbird to 127.0.0.1:10993. You could also use :143, the SSH-tunnel is already encrypted. Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: edit ACL files
On 02/17/2016 08:09 PM, Chris wrote: > is it possible to edit ACL files regularly with an editor or is there any > reason to use doveadm? It may be possible, but I'd not recommend it from a general point of view (without knowing the internals of Dovecot). It is like using the internal objects in a library - not the API - when programming: While it may work with a certain version of the software, it may stop working in the next version. It could also be, that the software uses (or in a future version starts using) caching mechanisms, that render your changes invalid. The API you can safely use is the command line program doveadm. If you use one of its internal data structures (ACL files), then your software may not be sustainable in the long term. Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: Redundant and Geobalancing setup
On 02/13/2016 04:00 AM, Cedric Malitte wrote: > Hi, > > I use dovecot for a long time now, but only as a single isolated server > each time. > > I joined a company a few years back. We had trouble with compagnies hosting > our mail, supposedly full redundant and so on. > > The company is small, but we have many dealers around the world, and it's > growing. > > Mail became the fist choice for clients to contact the dealers. > No mail, and we loose sales. > > For now we have a single server ( with a backup ) on east coast. > And sometimes peoples from EU complain about speed ah users :) > > What I'd like to implement is a redundant system with 2 servers, one in NA, > one in EU. > And I'd also like to be able to add another server if needed on the west > coast. > > Idea is, that if a server goes down, the users will be able to still > receive and send mails, and never loose mails. > > For geobalacing and failover, I read that I can do it with DNS ( I'm with > easydns ). > > I'm at the first stage where I collect informations that I try to > understand and foresee a solution. > > First idea is to set up servers with a mysql master, slaves and a glusterfs > in replica mode on the servers. > I tried glusterfs on FreeBSD and OMG, it's slow as hell ! ( well maybe it's > a trouble on the VMs nics ) > On centos it's way better. > But I read there might be trouble/index corruption for the mail storage on > "shared" space using maildir. > > I also had a look at dsync, but I wonder if it can be used on more than 2 > servers. > > I found many pages on dovecot clusters using shared storage NFS mounted, > but I feel it's not really what I need as the servers will be in different > datacenters. > > So any guide, clue hint would be really appreciated for me to do my > homework ! > > Regards. > > Cedric Hi Cedric, I think a simpler solution will not just be cheaper but less complex - and with that more reliable: The speed problem of the EU users is probably just feeling. You should quantify it for both SMTP and IMAP. Collect that data for the scenarios that your users complain about (is it to a partner or inter-office?). Only then can you work on a solution that you will be able to prove to them, is better. This is paramount. My suggestions: * Server on the east cost is good for both NA and EU. * Good (better?) internet connection for the EU office, prioritize SMTP vs HTTP in router/firewall (fast internet is WAY cheaper than cluster setups plus administrators) * SMTP relay in EU _office_, so that _sending_ mails is with LAN speed for users Create a redundant setup for SMTP and IMAP together on the east cost. You'll get redundancy without the WAN problem. Setup a secondary MX in a different data center for uber-redundency. It will not enable your users to read their mail in case the 1st data center is on fire, but no client mails will get lost, as they will be queued on the 2nd MX - better read client mails late then never! Setup a clone of the primary server at the 2nd MX and sync mails & backup there on a hourly basis. If the 1st data center is not back in an hour, you can still switch DNS to the 2nd site and your users will have had a very short downtime. The result is not a top-notch 100% solution, but it is simple and everything is implemented on application layer. That gives you freedom to switch products, hardware, platform and administrators(!). Ask your customer/supervisor what uptime is necessary and how much they are willing to pay. The SLAs of MS/Google/etc offer up to 99.9% (~9 hours downtime per year). If that is the goal, then they should pay the price for their equipment and staff. For anything less my argument is less complexity for higher reliability. Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: ACL and LDAP
On 02/01/2016 06:59 PM, Chris wrote: > Dear All, > > is it possible to store ACLs in LDAP? > > Does anyone happen to have a script that syncs ACLs read from LDAP with > Dovecot? > > - Chris Hi Chris, for Dovecot in the mail stack of the Univention Corporate Server (UCS, a Open Source Linux server distribution) a mechanism to do that is implemented. It is used to set ACLs of shared folders stored in LDAP on Dovecots shared folders. Management of shared folders is done through a web/cmdline interface that stores its data in LDAP. The ACLs are stored in attributes like this: DN: cn=fol...@test.dom,cn=folder,cn=mail,dc=test,dc=dom sharedFolderUserACL: te...@test.dom write sharedFolderUserACL: te...@test.dom read In https://forge.univention.org/websvn/filedetails.php?repname=dev=%2Fbranches%2Fucs-4.1%2Fucs-4.1-0%2Fmail%2Funivention-mail-dovecot%2Fmodules%2Funivention%2Fmail%2Fdovecot_shared_folder.py in doveadm_set_mailbox_acls() and imap_set_mailbox_acls() the attributes are read and used to set them on the folders. The solution is very specific to UCS (uses its LDAP notifier-listener mechanism and their LDAP schema), but maybe you can adapt it. Good luck Daniel signature.asc Description: OpenPGP digital signature
Re: ot: data consumption IMAP vs POP
On 01/27/2016 03:35 AM, voy...@sbt.net.au wrote: > I have a domain with about 50 mailboxes, server is located here in AUS but > most of the users are on a LAN is SEAsia location. They were using POP > (with Thunderbird), I suggested then can use IMAP instead, so they did. > > now they are asking; > > "Looks like Imap is adding a lot to our internet bandwidth" > > I guess they have some bandwidth limitation on their link > > I think I can understand that IMAP would increase bandwidth requirement, > didn't expect it to cause 'problems' > > is there any optimization or changes I can make to reduce that ? > the b/w limitation are at the client LAN link > > any other suggestions ? > > thanks, V Your users IMAP-clients can (hopefully) be configured to automatically cache emails once they were downloaded. If that is configured, there should be no difference in bandwidth usage between POP and IMAP. Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: Shortcomings of Maildir++ layout
On 11/18/2015 22:00, Hadmut Danisch wrote: > Having regular files filenames beginning with a . is a no-go and flawed > by design. Extremely error-prone No serious designer would ever do that. Sounds like a troll - should be ignored… … yes - his blog is full of bad propaganda… definitively a troll. signature.asc Description: OpenPGP digital signature
Re: New created users can not log in
On 09/16/2015 23:34, Ferdinand Gruber wrote: > Hi, > > I am using dovecot 2.2 for some time. All users on the system can log in > using Horde Webmail. > > But now, after creating a new user on the server with username> this new user is not able to log in. Of course I have set a > password for the new user. > > In the log file I can see: > Sep 16 23:04:05 servername auth: gkr-pam: error looking up user information > Sep 16 23:04:07 servername HORDE: [imp] [login] Authentication failed. > [pid 1584 on line 730 of "/srv/www/htdocs/horde/imp/lib/Imap.php"] > Sep 16 23:04:07 servername HORDE: [imp] FAILED LOGIN for calendar > (93.82.157.132) to {imap://localhost/} [pid 1584 on line 157 of > "/srv/www/htdocs/horde/imp/lib/Auth.php"] > Sep 16 23:04:07 servername HORDE: [horde] FAILED LOGIN for calendar to > horde (93.82.157.132) [pid 1584 on line 199 of > "/srv/www/htdocs/horde/login.php"] > > Please give me a hint. Please raise the logging level of the auth section in 10-logging.conf (auth_verbose=yes, auth_verbose_passwords=yes, auth_debug=yes, auth_debug_passwords=yes) and reload Dovecot. Then test login using fetchmail: # fetchmail --check --nodetach --protocol IMAP --all --keep --usernameAnd send the relevant log from the IMAP server (probably /var/log/syslog), not the log of the webserver. Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: Merging maildirs
On 08/27/2015 16:26, Petter Gunnerud wrote: Hi List How do I merge files from one maildir into another maildir? Long version: I've been using dovecot/postfix for a 12 user environment for several years, and today was the first time I ran into an issue I could not solve from reading the documentation. The server is gentoo running on esxi. A few times a year I've made a snapshot of the server and copied the files to my home esxi server as a full system backup. 5 days ago the internet connection at the office broke, and I decided to power on the last copy of the server at my home and change public dns so that users could access their new mails via webmail from this spare server. (I didn't allow imap through firewall.) Now the network at the office is back. DNS is updated so that mails are delivered to the office server again. But all the mails sent / received during those 5 days is only at my house. How can I merge those into the office server?I'd like to do this as a server administrator. I do not want to have each user forward the mails to them self from the temporarily webmail. I tried to just copy the mail files on my own account - like I did once when I used courier-imap, but that did not work with dovecot. I hope someone has an idea of how to solve this. Just using rsync should work - I've done it before. You'll have to check the file system permissions. The cleaner way would be to use imapsync or Dovecots dsync. signature.asc Description: OpenPGP digital signature
Re: multiple messages per second to a single mailbox
On 08/12/2015 17:19, Chad M Stewart wrote: What I'm seeing is very high load on the system (40) and queues building on the Postfix side. High load means, that there are a lot of processes waiting to run. The most likely cause for this is not CPU consumption, but I/O wait. Please run vmstat and iostat and post their output. Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: doveadm import - strange warning
Am 27.07.2015 um 10:51 schrieb Ralf Hildebrandt: Anybody seen this before? Seems easy to reproduce... * Ralf Hildebrandt r...@sys4.de: I'm using the doveadm import command to extract mails from my backup: % doveadm import -u restore@backup.invalid mdbox:/home/copymail/mdbox \ mailbox INBOX header Delivered-To backup+$SEARCHPATTERN@backup.invalid This works like a charm, I'm getting all the mails, and I can access the newly generated mailbox. But when executing the command I'm getting an annoying warning: doveadm(restore@backup.invalid): Error: chdir(/root/) failed: Permission denied (euid=1001(copymail) egid=1001(copymail) missing +x perm: /root, dir owned by 0:0 mode=0700) doveadm(restore@backup.invalid): Error: chdir(/root) failed: Permission denied Just guessing… The signature of the command is: doveadm [-Dv] import [-S socket_path] [-s] -u user source_location dest_parent search_query You supply as dest_parent which I guess could mean ., and that may be /root when run as root. Try INBOX or restore_folder and see if the error vanishes. signature.asc Description: OpenPGP digital signature
Re: Client Limit reached in Dovecot
Hello Chandran, The configuration you sent me doesn't match the problem or previous reports. It seems to qmail toaster distribution is doing something strange with dovecot. I found an old mailinglist entry with your exact problem: https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg35587.html It seems to be particular to their configuration. Please write about your problem to the qmailtoaster-list: https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/info.html Greetings Daniel Am 22.07.2015 um 09:53 schrieb Chandran Manikandan: Dear Daniel, Please see the package details with qmailtoaster on our server. dovecot-2.2.7-0.qt.el6.i686 On Wed, Jul 22, 2015 at 3:44 PM, Daniel Tröder troe...@univention.de mailto:troe...@univention.de wrote: Hi Chandran, your copy of the dovecot output was cut short. You can run doveconf -n /tmp/doveconf-n.conf And send me the file /tmp/doveconf-n.conf , then it will be complete. Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: SSL accept error
Am 21.07.2015 um 16:08 schrieb jjhoffart: Hello, I am having some trouble isolating an issue with my mail server. In my mail log I keep receiving the following errors: SSL_accept:failed in SSLv3 read client certificate A SSL_accept: error form cli...@mydomain.com: lost connection SSL_accept:SSLv3 flush data I have look through both my dovecot and postfix configs but have not been able to isolate the issue yet, hoping someone might be able to help. Maybe your client is trying to connect with a SSL version you have disabled (SSLv2?). Or did you enable client certificates? You can make Dovecot log more SSL related stuff in 10-logging.conf. signature.asc Description: OpenPGP digital signature
Re: Client Limit reached in Dovecot
Am 21.07.2015 um 10:35 schrieb Chandran Manikandan: Dear Friends, I have faced below issues since two weeks to till now. Could anyone help me to rectify this issue. Below message retrieve from logs and getting disconnection from Outlook and other email clients. Error Message Jul 20 10:33:35 master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped My local.conf from dovecot folder protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 20 default_process_limit = 300 } This should be just process_limit without default. But it's unnecessary, as you set globally default_process_limit. 10-master.conf default_process_limit = 300 default_client_limit = 1000 service imap-login { inet_listener imap { # process_limit = 15 # client_limit = 300 #port = 143 } It is the imap-login process_limit that is reached. With the set default_process_limit=300 this shouldn't happen. So maybe there is some setting somewhere else, that is not shown. Please supply the output of: doveconf -S | egrep '(default|imap/|imap-login).*(limit|service_count)' Greetings Daniel Tröder signature.asc Description: OpenPGP digital signature
Re: Client Limit reached in Dovecot
Hallo :) On mailinglists please reply below the previous post. It's easier to read this way. Am 21.07.2015 um 11:26 schrieb Chandran Manikandan: Dear Daniel, Thanks for your kind response. As per your above command got below result. but i couldn't see below settings are local.conf,10-master.conf or toaster.conf. Where it's retrieved. default_process_limit=100 default_client_limit=1000 default_vsz_limit=256 M service/imap/process_limit=1024 service/imap/client_limit=1 service/imap/service_count=1 service/imap/vsz_limit=18446744073709551615 B service/imap-login/process_limit=0 service/imap-login/client_limit=0 service/imap-login/service_count=1 service/imap-login/vsz_limit=18446744073709551615 B My guess is, that service/imap-login/process_limit=0 disables the setting and then default_process_limit=100 applies. As to where default_process_limit=100 comes from… try: grep -r default_process_limit /etc/dovecot Greeting Daniel On Tue, Jul 21, 2015 at 4:56 PM, Daniel Tröder troe...@univention.de mailto:troe...@univention.de wrote: Am 21.07.2015 um 10:35 schrieb Chandran Manikandan: Dear Friends, I have faced below issues since two weeks to till now. Could anyone help me to rectify this issue. Below message retrieve from logs and getting disconnection from Outlook and other email clients. Error Message Jul 20 10:33:35 master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped My local.conf from dovecot folder protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 20 default_process_limit = 300 } This should be just process_limit without default. But it's unnecessary, as you set globally default_process_limit. 10-master.conf default_process_limit = 300 default_client_limit = 1000 service imap-login { inet_listener imap { # process_limit = 15 # client_limit = 300 #port = 143 } It is the imap-login process_limit that is reached. With the set default_process_limit=300 this shouldn't happen. So maybe there is some setting somewhere else, that is not shown. Please supply the output of: doveconf -S | egrep '(default|imap/|imap-login).*(limit|service_count)' Greetings Daniel Tröder -- *Thanks,* *Manikandan.C* *System Administrator* signature.asc Description: OpenPGP digital signature
Dovecot in UCS
Hello :) I hope you can forgive me a little advertisement: The English translation of my blog post on the Dovecot integration I did for the Univention Corporate Server (UCS) is online: https://www.univention.com/2015/07/dovecot-is-the-default-imappop3-mail-server-in-ucs/ UCS is a Debian based Linux Distribution, everything - incl. management bits - is OSS. There is a Core Edition that you can download and use (also commercially) for free, that is - despite its name - feature complete: https://www.univention.com/downloads/ucs-download A lot of interesting Dovecot features can be changed without breaking things, so this blog post may be interesting to everyone. The German version can be found here: https://www.univention.de/2015/07/mailserver-dovecot-als-standard-imappop3-server-in-ucs/ Greetings Daniel Tröder signature.asc Description: OpenPGP digital signature
Re: Admin access to sieve filters with managesieve
Am 15.07.2015 um 07:24 schrieb Felix Zielcke: Am Dienstag, den 14.07.2015, 22:44 +0200 schrieb Christian Theune: Hi, I’ve been a long-time user of Cyrus and started using sieve with Dovecot recently. A question that came up is: how do I access a users’s sieve scripts through managesieve without their credentials? Managesieve allows separating authentation and the corresponding mailbox identification, right? That’s what I used with cyrus sieve all the time. :) I didn’t find documentation in the wiki or googling where to configure someone as admin in Dovecot so he can access foreign sieve scripts through managesieve. Pointers? Am I using the right words? Hi, Dovecot has Master Users which can login as other users. http://wiki2.dovecot.org/Authentication/MasterUsers But I don't know if this also applies to managesieve and works for you. It work for managesieve as well - I use it upon account creation to upload a 1st user script. @Christian: to not get confused: a master user is not a user account. It can only login as someone else! Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: duplicate namespace prefix
Am 02.07.2015 um 00:51 schrieb jjhoffart: Hello, I am in the process of setting up a server that is running to invocations of dovecot. One of the invocations is acting as a backend and the other as a Director. I believe I have most of the configuration complete but I keep running into the following error: Jul 01 14:17:04 lda(postmas...@mydomain.com: Error: user postmas...@mydomain.com: Initialization failed: namespace configuration error: Duplicate namespace prefix: Jul 01 14:17:04 lda(postmaster@åmydomain.com: Fatal: Invalid user settings. Refer to server log for more information. Not sure where to go from here and most of my searches on the error have lead me to dead ends hoping someone can help me out. Thanks. Each namespace must have a different prefix. The only namespace with an empty prefix is the private one for the users inboxes. Configure a different prefix one for each namespace. http://wiki2.dovecot.org/Namespaces namespace foo { separator = / prefix = foo/ --- prefix must end in separator symbol list = children location = maildir:/var/spool/... } Daniel signature.asc Description: OpenPGP digital signature
Re: authenticate LDAP to email server
Am 28.06.2015 um 21:16 schrieb Alexander Dalloz: Am 28.06.2015 um 19:50 schrieb robert k Wild: i edited dovecot-ldap.conf.ext and added the lines hosts = 10.10.1.3 auth_bind = yes auth_bind_userdn = cn=%u,cn=home,ou=robina_users,dc=robina,dc=private i then edited dovecot.conf and added this line in auth_username_format = %Lu i edited 10-auth.conf i unhashed the following line !include auth-ldap.conf.ext - which contains my userdb and passwddb file but when i try to create a new email account using thunderbird it cant find the settings for my email account any help please rob What is being logged when you try to login? Alexander Please edit /etc/dovecot/conf.d/10-logging.conf and enable: auth_verbose = yes auth_verbose_passwords = plain auth_debug = yes auth_debug_passwords = yes mail_debug = yes Then you'll get a very detailed account in the logfiles about what's going on. signature.asc Description: OpenPGP digital signature
Re: authenticate LDAP to email server
Am 25.06.2015 um 22:36 schrieb robert k Wild: hi all, first things first my version and config - # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final) auth_mechanisms = plain login mail_location = maildir:~/Maildir mbox_write_locks = fcntl passdb { driver = pam } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = /etc/pki/dovecot/certs/dovecot.pem ssl_key = /etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd } - i have installed dovecot+postfix email server and a LDAP server, if i create users on the LDAP server can dovecot pick up the usernames and create a mailbox for the individual users as atm if i want to create an email address for users i add the user to the email server and make a directory for the users mailbox and have to chmod and chown also just another question, can i set up mail groups on dovecot? cheers rob Hi Rob, all you need to do is figure out what the attribute in your LDAP tree is, that holds the email address. Then configure uris, dn, dnpass, [tls*], base, scope, user_attrs, user_filter, iterate_attrs and iterate_filter in /etc/dovecot/dovecot-ldap.conf.ext and uncomment the include line in /etc/dovecot/conf.d/10-auth.conf http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb Good luck Daniel signature.asc Description: OpenPGP digital signature
Re: authenticate LDAP to email server
Am 26.06.2015 um 09:27 schrieb Robert Wild: That's great thanks, One thing tho I did a ls /etc/dovecot and I don't see a dovecot-ldap.conf Do I need to create that file or install it via yum? Thanks again for your help, very much appreciated Rob Sent from my Windows Phone Hi Rob, please don't top-post. On mailinglists it is custom, to write replies below the previous post. I don't use Fedora/CentOS/RH, so I don't really know, but in Debian* there is the LDAP part in a separate package. Maybe it is so in your case too. I just looked at https://apps.fedoraproject.org/packages/dovecot/contents and it seems its all in 1 package, and you'll just have to copy it from /usr/share/doc/dovecot/example-config/ to /etc/dovecot. Greetings Daniel -Original Message- From: Daniel Tröder troe...@univention.de Sent: 26/06/2015 07:20 To: dovecot@dovecot.org dovecot@dovecot.org Subject: Re: authenticate LDAP to email server Am 25.06.2015 um 22:36 schrieb robert k Wild: hi all, first things first my version and config - # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final) auth_mechanisms = plain login mail_location = maildir:~/Maildir mbox_write_locks = fcntl passdb { driver = pam } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = /etc/pki/dovecot/certs/dovecot.pem ssl_key = /etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd } - i have installed dovecot+postfix email server and a LDAP server, if i create users on the LDAP server can dovecot pick up the usernames and create a mailbox for the individual users as atm if i want to create an email address for users i add the user to the email server and make a directory for the users mailbox and have to chmod and chown also just another question, can i set up mail groups on dovecot? cheers rob Hi Rob, all you need to do is figure out what the attribute in your LDAP tree is, that holds the email address. Then configure uris, dn, dnpass, [tls*], base, scope, user_attrs, user_filter, iterate_attrs and iterate_filter in /etc/dovecot/dovecot-ldap.conf.ext and uncomment the include line in /etc/dovecot/conf.d/10-auth.conf http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb Good luck Daniel -- Daniel Tröder Open Source Software Engineer Univention GmbH be open Mary-Somerville-Str.1 28359 Bremen Tel.: +49 421 22232-91 Fax : +49 421 22232-99 troe...@univention.de http://www.univention.de Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876 signature.asc Description: OpenPGP digital signature
Re: a temporary failure
Am 22.06.2015 um 18:21 schrieb lejeczek: On 22/06/15 09:16, lejeczek wrote: dear all I have a postfix relaying to dovecot's lda but strangely it does not work, I mean I imaging it's me doing something wrong, yet I cannot figure out what. postfix logs: to=me@my.domain,orig_to=root@localhost, relay=dovecot, delay=39296, delays=39294/2.2/0/0.27, dsn=4.3.0, status=deferred (temporary failure) and dovecot logs no error, despite having debug to yes in couple of places, it shows: auth: Debug: master in: USER1me@my.domainservice=lda auth-worker(25343): Debug: passwd(me@my.domain): lookup auth-worker(25343): passwd(me@my.domain): unknown user auth: Debug: ldap(me@my.domain): user search: base=ou=People,dc=my,dc=domain scope=subtree filter=((objectClass=person)(uid=me)) fields= auth: Debug: ldap(me@my.domain): result: objectClass=top,top,top,top, ... here goes the whole lot of ldap atrribs, and at the end: unused. For passdb userdb in the configs I only configure ldap backed, nothing else. Ldap works, I can query it without failling. I believe it's very simple set up but I must be wrong somewhere. pass_filter = ((objectClass=posixAccount)(uid=%n)) pass_attrs = uid=user=%n,userPassword=password user_attrs = =home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n user_filter = ((objectClass=person)(uid=%n)) Any suggestions very appreciated. thanks strange thing is that an IMAP clients authenticates just fine. Only problems are when sending messages with smtp/postfix. I had a similar problem. Turned out, that when the message comes from Postfix, the identifier is an email address (surprise ;) and not a username, so my LDAP query looks similar to this: user_filter = ((objectClass=person)(|(uid=%u)(email=%u))) Anyway, when you set auth_verbose=yes and auth_debug=yes, in 10-logging.conf you'll see the exact LDAP query. signature.asc Description: OpenPGP digital signature
Re: [Dovecot] question about /var/mail/xxx
Am 19.06.2015 um 08:29 schrieb Mickael Choisnard: Hi, I need your help to use dovecot with sendmail I use a fresh debian 8 jessie and i installed sendmail and dovecot 2. Sendmail works fine. All mails go to /var/mail/xxx this is problem for dovecot. dovecot cannot get it. # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.1 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = yes disable_plaintext_auth = no first_valid_uid = 116 last_valid_uid = 116 log_path = /var/log/dovecot.log mail_home = /srv/mail/%u mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=SHA-CRYPT /etc/dovecot/users driver = passwd-file } postmaster_address = root@arpagon protocols = imap pop3 service auth { unix_listener auth-userdb { group = vmail user = vmail } } ssl = no userdb { args = uid=vmail gid=vmail home=/srv/vmail/%d/%n driver = static } cat /var/log/dovecot.log Jun 19 08:14:18 imap-login: Info: Login: user=mc110771, method=PLAIN, rip=10.11.12.30, lip=88.179.182.93, mpid=18799, session=z46U1dgY+gAKCwwe Jun 19 08:14:18 imap(mc110771): Info: Disconnected: Logged out in=8 out=395 Jun 19 08:14:26 imap-login: Info: Login: user=mc110771, method=PLAIN, rip=10.11.12.30, lip=88.179.182.93, mpid=18801, session=bNcE1tgY+wAKCwwe Jun 19 08:14:26 imap-login: Info: Login: user=mc110771, method=PLAIN, rip=10.11.12.30, lip=88.179.182.93, mpid=18803, session=sEIP1tgY/AAKCwwe Jun 19 08:14:26 imap(mc120771): Error: open() failed with mbox file /var/mail/mc120771: Permission denied Jun 19 08:14:57 imap(mc120771): Info: Disconnected: Logged out in=137 out=640 Jun 19 08:14:57 imap(mc120771): Info: Disconnected: Logged out in=74 out=547 Jun 19 08:18:47 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=, rip=10.11.12.45, lip=88.179.182.93, session=H/mV5dgYhwAKCwwt Jun 19 08:18:47 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=, rip=10.11.12.45, lip=88.179.182.93, session=2gOX5dgYigAKCwwt Jun 19 08:18:47 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=, rip=10.11.12.45, lip=88.179.182.93, session=ojeY5dgYjQAKCwwt You have to configure Sendmail to give mails to Dovecot, so it can save them itself: http://wiki2.dovecot.org/LDA/Sendmail signature.asc Description: OpenPGP digital signature
setting quota through IMAP
I'd like to set the quota of a user through the IMAP protocol. I use Pythons imaplib: imap.setquota(tes...@uni.dtr, (storage 8192)) ('NO', ['Quota can be changed only by admin.']) So... which user is the admin user in a virtual user setting (passwd: PAM, userdb: LDAP)? Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: setting quota through IMAP
Am 19.06.2015 um 16:16 schrieb Steffen Kaiser: On Fri, 19 Jun 2015, Daniel Tröder wrote: I'd like to set the quota of a user through the IMAP protocol. I use Pythons imaplib: imap.setquota(tes...@uni.dtr, (storage 8192)) ('NO', ['Quota can be changed only by admin.']) So... which user is the admin user in a virtual user setting (passwd: PAM, userdb: LDAP)? You can't. Use a LDAP-Library to change the values in the UserDB directly, not via IMAP. Sure - I do anyway - this was just for a test-case I was writing. I'm curious though: in which scenario / IMAP-server does this work? Maybe in a setting with a root (uid=0) email user? Or with Cyrus (which has a admin user)? Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: LMTP with Postfix Problem
Am 18.06.2015 um 04:35 schrieb Steve Matzura: Here's a maillog entry that's one of many I receive when I try sending a test message to my system. The recipient is a virtual user in /etc/virtual. The way I'm expecting it to work is that my message from me to this Postfix virtual user will be sent back to me. Every time the message delivery is attempted, Dovecot says the LMTP directory doesn't exist. I thought it was created automatically as messages arrive. Jun 18 01:48:27 machine-name postfix/lmtp[30644]: 4CA5B8CB6: to=postmaster@my-domain, orig_to=postmaster, relay=none, delay=0.02, delays=0.02/0/0/0, dsn=4.4.1, status=deferred (connect to my-FQDN[private/dovecot-lmtp]: No such file or directory) I think private/dovecot-lmtp isn't found. Please compare your Dovecot socket configuration and Postfix-main.cf configuration to http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP (The group may not be postfix for your system.) service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } virtual_transport = lmtp:unix:private/dovecot-lmtp signature.asc Description: OpenPGP digital signature
Re: LDA versus LMTP
Am 12.06.2015 um 05:27 schrieb Edgar Pettijohn III: On Jun 11, 2015, at 8:51 PM, Steve Matzura wrote: On Thu, 11 Jun 2015 15:14:31 -0400, Ajai Khattri symb...@gmail.com wrote: Im using Dovecot for LMTP for all my mail users, since this way they are completely virtual (i.e. dont need to have a local account at all), all mail gets delivered to Maildirs owned by dovecot. Also LMTP makes it easier to insert scripts and do any custom processing which presumably is where Sieve comes in. Its also pretty easy to setup. Sounds like that's what I should be doing. OK, so how is Dovecot told to use LMTP instead of LDA? I must not be understanding something about what's in either 15-lda.conf or 20-lmtp.conf. You have to configure your mta to deliver to lmtp instead of lda. Just follow the instructions in http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP and it should just work(TM). In case you want to use the Dovecots SASL implementation instead of Cyrus' (http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL), I did additionally add this to my Postfix main.cf smtp_sasl_type = dovecot lmtp_sasl_type = dovecot smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: Sorry, another faq
Am 12.06.2015 um 13:37 schrieb Martin S: I've installed a mailserver according to these instructions: http://www.server-world.info/en/note?os=CentOS_7p=httpdf=13 When I try to login to the server through Roundcube webmail I get Connection to storage server failed. So checking on this [12-Jun-2015 11:28:53 +]: 6jap13r2 IMAP Error: Login failed for martin from 83.251.209.249. Could not connect to ssl://myserver:993: Permission denied in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 198 (POST /roundcubemail/? /etc/roundcubemail/config.inc.php Has the following: $config['default_host'] = 'ssl://mail.myserver.tld'; [address obfuscated] $config['default_port'] = 993; as I understand should be correct. I've been looking at various posts on the net that says the problem is a permission on dovecot, but I fail to find anything to how to fix this as it looks right to me. Any suggestions? /Martin S * Test to connect to the IMAP server with telnet first: # telnet mail.myserver.tld 993 If you cannot connect there is a network/firewall problem. If you can connect → * Switch on all logging options in /etc/dovecot/conf.d/10.-logging.conf and follow the logfiles while trying with thunderbird/fetchmail/roundcube. signature.asc Description: OpenPGP digital signature
Re: Dovecot mbox other programs
Pretty sure [s]he's a troll: Every assumption [s]he's written until now has been wrong and there was not even the attempt to show data/information that supports the claims. That communication form is usually intentional to provoke discussion. Further CCing to his/her email should stop, s/he can just subscribe. Am 06.06.2015 um 19:01 schrieb Pali Rohár: What is correct way to read those mboxes? And what is correct way to modify that mbox file Really simple - just 9 pages: http://tools.ietf.org/html/rfc4155 I would like to configure mutt on server to directly access those mbox mailboxes without need to use imap protocol (over localhost). It is possible without any data/message damage? # man mutt # mutt -f /var/mail/... Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: Does Dovecot allow different clients to subscribe different subsets of IMAP folders?
Hi Steve, for some reason I didn't get you message though the mailing list (my ml settings?), but only directly. For the sake of completeness I'm replying here - I hope that's OK. Shared mailboxes are really easy to implement. Just enable the namespace (type = shared) in /etc/dovecot/conf.d/10-mail.conf http://wiki2.dovecot.org/Namespaces http://wiki2.dovecot.org/SharedMailboxes/Shared You may want to share index files, so you'll have the same [un]read flags on all devices. Simply do _not_ configure INDEXPVT, or configure it to a common directory. If you wish to share keywords so you'll have the same important/red/star flags on all accounts, do _not_ configure pre-user CONTROL, or configure it to a common directory. I think this should work: namespace { type = shared separator = / prefix = shared/%%u/ location = maildir:%%h/Maildir subscriptions = no list = children } You'll have to configure ACLs too. http://wiki2.dovecot.org/ACL /etc/dovecot/conf.d/90-acl.conf plugin { acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes } plugin { # Without global ACLs: acl = vfile } 10-mail.conf: mail_plugins = $mail_plugins acl quota 20-imap.conf: mail_plugins = $mail_plugins imap_acl imap_quota Then you can get/set ACLs with: doveadm acl get -u mob...@mail.com shared/m...@mail.com --- INBOX doveadm acl set -A shared/m...@mail.com mob...@mail.com lookup read ... doveadm acl get -u mob...@mail.com shared/m...@mail.com doveadm acl set -A shared/m...@mail.com mob...@mail.com/Spam lookup read ... You'll have to find a way to do this for all your mailboxes in some shell script or with python or whatever. Good luck Daniel Am 04.06.2015 um 16:43 schrieb Steve: Hi Daniel, Hmm - I'm happy to use different 'user names' to log into Dovecot... as long as each of these logins can still subscribe to the same universe of folders I have available at present. I can envision using steve_mobile and steve_desktop as logins, as long as these still provide access to the same mailboxes as I have in steve's Maildir folder. I'm guessing that this would mean I can't/shouldn't use PAM for Dovecot authentication? I don't really want to create 'dummy' (shell-account) users on my server... but, I guess, it would be OK if I were to use some other authentication mechanism, and pointed all these Dovecot-only logins to the same Maildir folder. By any chance, is there a 'howto' detailing a suitable sample configuration for such a setup? BTW - I would definitely want to be able to change subscriptions from any device... I just want independent subscriptions for my tablet/phone/desktop/VM clients - as I use email in different ways from these different environments. On 04/06/2015 15:24, Daniel Tröder wrote: Hi Steve, I don't think the IMAP protocol has the concept of a user agent. So there is no way for an IMAP server to distinguish between client programs. You could use POP and poll different mailboxes - but your clients probably don't support that. So you'll have to use different users. But that give you a cool solution: Use shared mailboxes. You could share all mailboxes of you main user to all the device-users and then use the clients to subscribe only to those mailboxes that are of interest. That way you can change what a client sees using the client program, without logging into the server as root. Especially nice, when you are traveling and decide you need to read a mailbox with your mobile you hadn't though about before. Greetings Daniel -- Daniel Tröder Open Source Software Engineer Univention GmbH be open Mary-Somerville-Str.1 28359 Bremen Tel.: +49 421 22232-91 Fax : +49 421 22232-99 troe...@univention.de http://www.univention.de Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876 signature.asc Description: OpenPGP digital signature
Re: Does Dovecot allow different clients to subscribe different subsets of IMAP folders?
Hi Steve, I don't think the IMAP protocol has the concept of a user agent. So there is no way for an IMAP server to distinguish between client programs. You could use POP and poll different mailboxes - but your clients probably don't support that. So you'll have to use different users. But that give you a cool solution: Use shared mailboxes. You could share all mailboxes of you main user to all the device-users and then use the clients to subscribe only to those mailboxes that are of interest. That way you can change what a client sees using the client program, without logging into the server as root. Especially nice, when you are traveling and decide you need to read a mailbox with your mobile you hadn't though about before. Greetings Daniel Am 04.06.2015 um 14:40 schrieb Steve: I have a working Dovecot IMAP server (v. 2.2.9) where I have a single user but a lot of folders (over 800 in total, hierarchically arranged, about 50 of which are in active use.) I have multiple clients (including k9Mail on Android and Thunderbird on Linux and Windows). These clients all present a consistent subscription to a single subset of the available folders . What I'd like to be able to do is (somehow) allow different devices (different email clients) to subscribe to a different subset of folders. For example, I may want K9mail on my phone to be subscribed only to my main Inbox - but for Thunderbird on Windows to also be subscribed to active mailing-list folders. Does Dovecot support such a mode of operation? If so, how do I configure it? If not, what options are there to achieve the desired end result - i.e. different devices/IMAP clients subscribed to different subsets of the universe of folders available to a single user. Mandatory details: Version : 2.2.9 Configuration: See http://paste.ubuntu.com/11564807/ signature.asc Description: OpenPGP digital signature