Re: The end of Dovecot Director?
Please post your solution. Sent from my iPhone - please excuse brevity and typos > On Oct 20, 2022, at 10:21 PM, Zhang Huangbin wrote: > > > >> On Oct 21, 2022, at 4:19 AM, Antonio Leding wrote: >> >> My understanding is that Director is targeted toward large enterprise mail >> installations that will incorporate several servers for a given function. In >> such an environment, Director would be the fore-person\traffic-cop keeping >> things organized & squared-away. > > Director is used when you setup frontend servers in a load-balance cluster, > proxy imap/pop3/lmtp/managesieve requests to backend Dovecot servers. > > I setup load-balance cluster for clients with HAProxy + KeepAlived + Dovecot > Director running in frontend servers, so sad we have to find an alternative > to replace Director in such case. > > It's not about "small/medium" servers, but the demand of imap/pop3/lmtp proxy > service, especially in load-balance cluster. > > > Zhang Huangbin, founder of: > - iRedMail: Open source email server solution: https://www.iredmail.org/ > - Spider: Lightweight, on-premises Email Archiving Software: > https://spiderd.io > >
Re: Does disabling POP3 just mean removing it from the `protocols` list?
The reason to support POP3 is that if you forward email to another account and that includes any spam, you are gonna get dinged. If folks want to read their email from gmail, they really need to suck that email over via POP to avoid this problem. H On 3/1/2022 3:13 PM, Peter wrote: The only modern reason I can think of to continue to support POP3 is that gmail's email fetch feature only works over POP3, so if you want people to be able to import their email from your server to gmail or google workspace then you should probably continue to support POP3. Peter On 2/03/22 10:54 am, Sean McBride wrote: Hi all, Hopefully a simple question. If I want to disable POP3 support (because everyone is using IMAP anyway), it is just a matter of removing |pop3| from the |protocols| setting in dovecot.conf? Are there side effects or other considerations I should be aware of? Thanks, Sean
Re: dsync replication fails with No space left on device / Out of memory
Inodes? df -i On 7/1/2021 5:07 PM, Steven Varco wrote: > Hi All > > Since I configured dsync replication I get strange errors in the maillog on > my two mail dovecot nodes: > > PRIMARY: > Jul 2 01:21:42 mx01.example.com dovecot: doveadm: Error: > read(mx02.example.com) failed: read(size=3148) failed: Connection reset by > peer (last sent=mail, last recv=mail (EOL)) > > > The secondary is more interesting: > > SECONDARY > Jul 2 01:21:42 mx02 dovecot: doveadm: Error: > close(-1[istream-seekable.c:237]) failed: No space left on device > Jul 2 01:21:43 mx02 dovecot: doveadm: Fatal: pool_system_realloc(268435456): > Out of memory > Jul 2 01:21:43 mx02 dovecot: doveadm: Error: Raw backtrace: > /usr/lib64/dovecot/libdovecot.so.0(+0xa192e) [0x7f2e9be4c92e] -> > /usr/lib64/dovecot/libdovecot.so.0(+0xa1a0e) [0x7f2e9be4ca0e] -> > /usr/lib64/dovecot/libdovecot.so.0(i_error+0) [0x7f2e9bddc3d3] -> > /usr/lib64/dovecot/libdo > Jul 2 01:21:43 mx02 dovecot: doveadm: Fatal: master: service(doveadm): child > 2876 returned error 83 (Out of memory (service doveadm { vsz_limit=256 MB }, > you may need to increase it) - set CORE_OUTOFMEM=1 environment to get core > dump) > Jul 2 01:21:51 mx02 dovecot: dsync-local(u...@example.com): Error: Raw > backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xa192e) [0x7fd56e17e92e] -> > /usr/lib64/dovecot/libdovecot.so.0(+0xa1a0e) [0x7fd56e17ea0e] -> > /usr/lib64/dovecot/libdovecot.so.0(i_error+0) [0x7fd56e10e3d3] -> /us > Jul 2 01:21:51 mx02 dovecot: dsync-local(u...@example.com): Fatal: master: > service(doveadm): child 2882 returned error 83 (Out of memory (service > doveadm { vsz_limit=256 MB }, you may need to increase it) - set > CORE_OUTOFMEM=1 environment to get core dump) > > > The error messages state that disk space and/or memory is a problem, but disk > space and memory is enough available: > > mx02 [~] # df -h /srv/mail/ > Filesystem Size Used Avail Use% Mounted on > /dev/mapper/system-mail 10G 5.7G 4.3G 58% /srv/mail > > mx02 [~] # free -m > totalusedfree shared buff/cache > available > Mem: 378916021088 1991097 > 1759 > Swap: 471 93 378 > > > I also tried to increase vsz_limit from 256 MB to 512 MB, which did not help. > > > And for the sake of completness also the connection to the doveadm port works > well from both nodes: > > mx01-prod [~] # telnet mx02 14310 > Trying 172.20.19.225... > Connected to mx02. > Escape character is '^]'. > ^] > > > mx02 [~] # telnet mx01 14310 > Trying 172.20.19.251... > Connected to mx01. > Escape character is '^]'. > ^] > > > Although mail replication seems to be working properly and mails are in sync > on both nodes (as what I could see), I would like to find the cause of this > messages, as this does definetely don’t look normal… > > I’m grateful for any help, since I’m quite on a struggle now… > > Steven > > > Here’s my config > > # doveconf -n > # 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.24 (124e06aa) > # OS: Linux 3.10.0-1160.31.1.el7.x86_64 x86_64 CentOS Linux release 7.9.2009 > (Core) > # Hostname: mx01.example.com > auth_mechanisms = plain login > auth_verbose = yes > dict { > sqlquota = mysql:/etc/dovecot/dict-sqlquota.conf.ext > } > doveadm_password = # hidden, use -P to show it > doveadm_port = 14310 > first_valid_uid = 1000 > mail_plugins = quota notify replication > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > mbox_write_locks = fcntl > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > separator = / > type = private > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > mail_replica = tcp:mx02.example.com > quota = maildir:User quota > quota_exceeded_message = Quota exceeded, please go to > http://www.example.com/over_quota_help for instructions on how to fix this. > quota_rule2 = INBOX.Trash:storage=+100M > quota_status_nouser = DUNNO > quota_status_overquota = 552 5.2.2 Mailbox is full / Mailbox ist voll > quota_status_success = DUNNO > quota_warning = storage=90%% quota-warning 90 %u > quota_warning2 = -storage=90%% quota-warning below %u > sieve = file:~/sieve;active=~/.dovecot.sieve > } > postmaster_address =
Re: [patch] Improved error checking for the dovecot-antispam-plugin
Robert, First, thanks! Second, I'm not a committer on the dovecot project. But I've written a lot of software where if an end user has a problem and either they want to know why or if they report it and ask for help, I've found it is MUCH better to have enough info in the message given to the user/logged somewhere. Something like: "subroutine: open(%s) failed: %m" It reduces our support load and gives us the information we need to quickly resolve issues. Sent from my iPhone - please excuse brevity and typos > On Aug 18, 2016, at 8:16 AM, Robert Munteanu> wrote: > > (snip) > >> I have no issue in resending a new version of the patch with better >> error reporting, will do so in the following days. >> >> Robert > > I've attached a second version of the patch, feel free to consider any > of them for inclusion. > > Thanks, > > Robert > > > -- > http://robert.muntea.nu/ >
Re: [patch] Improved error checking for the dovecot-antispam-plugin
On 8/16/16 1:24 PM, Robert Munteanu wrote: > Hi, > > Hopefully this is the right channel for such a patch. I have a minor > enhancement to submit for the antispam plugin > > http://hg.dovecot.org/dovecot-antispam-plugin > > It adds minimal error checking for the sendmail_binary, otherwise the > reported error in case of a missing binary or one with missing > permissions is generic and not useful. > > Thanks, > > Robert Robert, I like that you did this. Beyond that and without even looking at the actual code, I'm curious why you: +if (access(cfg->binary, F_OK) == -1) +{ +mail_storage_set_error(storage, MAIL_ERROR_TEMP, "mail_sendmail file does not exist"); instead of finding a way to include the value of cfg->binary in the error message string. This might not be needed if it's really obvious from the config file what the path to the executable is, but if there is any doubt it might be friendlier to show the exact path with the problem. I'd also be inclined to show the decoded value of errno instead of assuming that 'mail_sendmail file does not exist'. Perhaps something along the lines of: "access(%s, F_OK) failed: %m", cfg->binary if that makes sense. H
Re: [Dovecot] Dovecot ontop of glusterfs issue.
On 5/22/14 3:48 AM, Eliezer Croitoru wrote: Well manually using a crontab with ntpdate to a pool of servers should be good enough right? Is there a good reason you're not just running ntpd? Ntpdate has had a number of bugs in it for a long time, they will never be fixed, and ntpdate really isn't designed for what you seem to be doing. -- Harlan Stenn http://nwtime.org - Be a member!
Re: [Dovecot] Dovecot ontop of glusterfs issue.
On 5/22/14 4:30 AM, Darac Marjal wrote: ntpdate is really only any good being run once (at boot), for example if you have a clock that can't keep time while the system is off. I'm not aware of any cases where one needs to run ntpdate at startup before running ntpd, because one can run 'ntpd -g' at startup which will correct a very large offset. If I'm wrong I'd love to hear about it. This should be true for ntp-stable (4.2.6) and behaves even better for ntp-dev (4.2.7). H
Re: [Dovecot] An unconstructive grumble
If you're hosting this on the domain where the users will have email, then do you have a good reason for wanting to use virtual stuff? If not, use system users. If you are hosting for another domain (or plan to) I don't have enough info to tell you more - I routinely set up virtual domains (I use postfixadmin for most of this maintenance. I probably followed the instructions in the dovecot virtual user readme file(s). H
Re: [Dovecot] Server Time 45min ahead
Ralf wrote: stop dovecot postfix ntpdate timeserver start dovecot postfix start ntpd Speaking as st...@ntp.org, I recommend: - run 'ntpd -gN' as early as possible in the startup sequence (no need for ntpdate) then as late as possible in the startup sequence, run: - ntp-wait -v -s 1 ; start dovecot and postfix (and database servers) H
Re: [Dovecot] integrating procmail
I have not tried this: http://www.zimbra.com/forums/users/7239-any-way-add-message-filters-command-line.html H
Re: [Dovecot] ntp revisited (so what to do ?)
On 5/10/2011 8:50 AM, Ed W wrote: So, in practice it's fairly irrelevant to be hooked to a stratum 1 for most purposes ... Actually, an excellent argument can be made for hooking up to some S2 servers instead of S1 servers.. H
Re: [Dovecot] ntp revisited (so what to do ?)
Per wrote: Sure, I meant 'ntpd -q'. What benefit do you see in running something to set the time and exit before starting ntpd instead of just starting ntpd with -g? H
Re: [Dovecot] ntp revisited (so what to do ?)
Per wrote: Luigi Rosa wrote: Harlan Stenn said the following on 08/05/11 21:58: - Start ntd as early as possible - - ntpd -g ... is better than ntpdate ... ; ntpd ... - Wait before starting time-sensitive services - - As last as possible in the boot sequence, run 'ntp-wait -v', and start time-sensitive services after it successfully returns. What happens if the server starts with a date very far in the past due to hardware clock reset or something like that? I mean: if a Linux starts with the hardware clock set to 1/1/2000 how much does it take to get the real date? ntpd -g will set it immediately. Put another way, ntpd needs the system time to be correct to within 68 years. Assuming that is true, with a good drift file and good servers/peers and the use of the 'iburst' flag, ntpd will set the clock and your (real) machine will be accurate and stable in about 11 seconds' time. H
Re: [Dovecot] ntp revisited (so what to do ?)
Spyros wrote OK, So what you people say is : 1. Run ntpdate during startup only once 2. After that, keep time with ntpd Right ? https://support.ntp.org/bin/view/Support/StartingNTP4 says: - Start ntd as early as possible - - ntpd -g ... is better than ntpdate ... ; ntpd ... - Wait before starting time-sensitive services - - As last as possible in the boot sequence, run 'ntp-wait -v', and start time-sensitive services after it successfully returns. I'm fairly certain the above is excellent advice, and BCP. H
Re: [Dovecot] Dotlock dovecot-uidlist errors / NFS / High Load
Michael wrote: We tested the patch you suggested with no success. We are seeing timestamps straying into the 100's of seconds of difference, which does not reflect the perceivable drift that shows on our systems clock (which is negligible, sub 1 second). Currently we run against two stratum 2 servers that get their time from two stratum 1 servers, and per Stan's suggestions earlier we are rebuilding the stratum 2 machines on bare metal hardware (not in a virtual machine) to be sure the clocks will be super stable. I guess what I am asking is if you have ever seen an issue similar to this and if NTP actually played a role. I have spent some time reviewing the mailing list archives and have not found a definitive answer from other Dovecot user's experiences. (posting from my work account...) Barring strange hardware or OS behavior, NTP is generally really good at what it does. There are known problems with some hardware and some OSes (and virtual environments in particular). See http://support.ntp.org/bin/view/Support/TroubleshootingNTP for more information. And just to try the direct approach, if correct time and NTP are important to you, please join the NTP Forum. We need the support. -- Harlan Stenn st...@ntp.org http://ntpforum.isc.org - be a member!
Re: [Dovecot] Dotlock dovecot-uidlist errors / NFS / High Load
I may have missed something - if this is NFS related, you are running NTP on *all* of your machines (clients and servers) that are involved in this NFS share, right? NFS cares that the time is sync'd on the computers it works with. H
Re: [Dovecot] Startup error dovecot-2.0.5
Ralf, Are you using tcsh? H
Re: [Dovecot] Startup error dovecot-2.0.5
* Harlan Stenn harlan.st...@pfcs.com: Ralf, Are you using tcsh? No. I didn't think you were, but I wanted to ask, as I remember some versions of tcsh have a non-huge buffer for something (which, now that I think about it, was either command-line length or an environment buffer). H
Re: [Dovecot] AntiSpam Plugin
Figure out exactly what script is running and see if it says why it would return with a status of 9. If that is because of a SIGKILL, it is because some process is sending that signal. You are gonna get to figure out what debug knobs to crank to figure out why this is going on. Can you invoke any of this stuff manually from the command line to see what messages may come up? h
Re: [Dovecot] 1.2.11, mbox, new mail
Hey Greg, I picked up the right-size screwdrivers (P00, T6, T8) today. Still need to find a spudger, but I think I can use my fingernails until then. How critical is antistatic for disassembly checking out the fan motors? H
Re: [Dovecot] Mailing list's prefix
I would have preferred this be a private reply but I like to honor the sender's request re Reply-To:. I have a slight preference for keeping the [Dovecot] prefix in the Subject: header, as it makes it really obvious to me where a message in my inbox comes from. I have never liked to pre-sort incoming messages into separate folders. The fact that the prefix is relativelyh short also helps. H
Re: [Dovecot] dovecot-antispam plugin and Failed to call dspam message
It is probably a good idea to figure out the underlying problem instead of ignoring it. I use the following patch... H patch-dspam-exec.c Description: Binary data
Re: [Dovecot] dovecot-antispam plugin and Failed to call dspam message
Note that according to dspam-exec.c, and info sent to stderr by dspam is treated by the antispam plugin as a fatal error. All my patch does is to provide enough information to see what the problem is. H
Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards
Backward time steps can cause real problems for Maildir, as its uniqueness algorithms can be ... theoretically correct. H
Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards
NTP comes with a script, ntp-wait, that is specifically designed to be used during the boot-sequence for the purpose of waiting until the clock is sync'd before starting time-sensitive applications. See http://support.ntp.org/bin/view/Support/StartingNTP4 for more information. BCP is: - Start ntpd as early as possible during the boot sequence - As late as possible during the boot sequence run ntp-wait, before starting things like Dovecot and database servers H
Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards
Timo wrote: On Jun 9, 2009, at 1:03 PM, Eugene wrote: But really, all this leads is that admin has to detect the dovecot termination and simply go and restart it manually -- after some bad thoughts. Or the admin actually permanently fixes the time. This is usually a startup issue and the fact that so many OSes get this wrong and that dovecot complains about it so strongly points out this rough edge. H
Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards
Eugene wrote: In most cases we talk about, it can't be fixed permanently because this happens after (cold or warm) system restart, when ntpd can take up to 15 minutes (and in most cases about 3-5 minutes) to actually resync the time. If you have a good drift file and use iburst (as discussed at http://support.ntp.org/bin/view/Support/StartingNTP4 and also at http://support.ntp.org/bin/view/Support/ConfiguringNTP) ntpd will have your clock sync'd in about 11 seconds' time. H
Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards
Have you seen http://support.ntp.org/Support ? You said your clock is running fast, so it's not a clock interrupt issue. If your OS supports it, and you have a *steady* problem with your clock, you might be able to correct this problem with the tickadj program and then ntpd should be able to keep the clock in sync. H
Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards
Pascal Volk wrote: On Debian systems I'm very happy with the OpenBSD NTP daemon. Package: openntpd This ntpd adjusts the local time in little steps. The last I checked openntpd was an SNTP implementation, not NTP. If it works for you, great. H
Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards
Juergen wrote: How will chrony help here if the PC is not online at boot time? From http://chrony.sunsite.dk/guide/chrony.html - chronyd can perform usefully in an environment where access to the time reference is intermittent. chronyd estimates both the current time offset and the rate at which the computer's clock gains or loses time, and can use that rate estimate to trim the clock after the reference disappears. Doesn't apply to the use case. This is *before* the PC goes online. - chronyd provides support to work out the gain or loss rate of the `real-time clock', i.e. the clock that maintains the time when the computer is turned off. It can use this data when the system boots to set the system time from a corrected version of the real-time clock. There is no corrected version of the real-time clock before the PC goes online. H
Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards
Juergen wrote: Harlan wrote: There is no corrected version of the real-time clock before the PC goes online. I'd suggest to read chrony's manual. Chrony stores the reference values collected while running online for further use after reboot, even if we have no online connection at that point. I'm pretty familiar with ntp in particular and computer timekeeping in general. I've also seen a fair number of situations where the hardware clock is just wrong, especially after a reboot. In my world, it's about getting things to work right in as many cases as possible. Of course, this doesn't work if you never have synced with an NTP server. And more often than one might think, if one has just rebooted a machine. H
Re: [Dovecot] Time moved backwards errors
Why not just run ntpd and be done with it, ensure you start ntpd with -g option It's more than this. ntpd should be started ASAP in the boot process, and then as late as possible in the boot process one should run ntp-wait. Only after ntp-wait finishes should time-critical services be started. H
Re: [Dovecot] Time moved backwards ....
Rob wrote: Is this related to the leap second that occured yesterday? There was no leap second in February. H
Re: [Dovecot] Dovecot-antispam does not work
Jehan wrote: ... Apparently the ml is not very well configured because a reply does not reply to the whole ml, but to the single sender. I will take care now. I bet there are a *lot* of people (me included) who think the ml is very well configured precisely because it does not set Reply-to: the list. H
Re: [Dovecot] antispam plugin signature-log backend with v1.1.2
The antispam plugn has, IMO, suboptimal logging. I had problems with it too. I have patches for it that helped me debug the situation, and I'll be submitting them to the FreeBSD ports maintainer as I didn't get any response when I emailed the antispam plugin author. H
Re: [Dovecot] antispam plugin problem with dspam
I got it working. Here are the problems I fixed, and it would have been *lots* easier if the dovecot antispam plugin had better error/debug logging. Johannes, I can work on a patch for the following if you prefer, and I'd much rather spend my time getting ntp-4.2.6 out the door. Getting this working would have been lots easier if the dovecot-antispam package would: - build dspam-exec's argv before the fork so it can be fully and cleanly reported in the debug log - If there is a problem, report WIFEXITED(status) and WEXITSTATUS(status) - if the execv fails, log an error message, noting dspam_binary, strerror(errno) and the uid/gid If you want to be thorough about it I recommend logging an error whenever any system call fails. The current freebsd ports tools offer postfix, dovecot, dovecot-antispam, and dspam in a way that they do not play nicely together. The antispam plugin cannot exec the dspam binary. Choices include figuring out what user/group are needed (dspam is suid root, executable by the root or the mail group only, and dovecot will exec it as virtual/virtual), or opening up the execute privs on the dspam executable. The dspam.conf file will need a Trust virtual line in it. There might have been something else. Having said all this, I really appreciate the dovecot antispam plugin. H
[Dovecot] antispam plugin problem with dspam
I'm trying to use the dovecot antispam plugin with dspam. I'm running dovecot 1.1.2. Using thunderbird and IMAP, when I drag a spam message from the inbox into the SPAM folder, I get a popup saying The current command did not succeed. The mail server responded: antispam signature not found. When I look at the message in the maildir folder, I see the dspam signature both in the header of the message and at the end of the body. What's a good way to debug this situation and figure things out? I'm not seeing anything in any log files, and I'm not seeing much in the way of debug capability in the dovecot antispam plugin. Harlan