Re: Version controlled (git) Maildir generated by Dovecot

2020-10-07 Thread Hendrik Boom 
On Wed, Oct 07, 2020 at 02:58:41PM +, Bernd Petrovitsch wrote:
> Hi all!
> 
> On 07/10/2020 14:45, David Myers wrote:
> [...] 
> > Just for completions sake, and in case someone else comes here in the 
> > future;
> 
> +1!
> 
> > This is a link to the current (2020 LO 7) wiki page describing the XML 
> > format 
> > .
> > 
> > However it doesn't mention about being able to save a document directly as 
> > its constituent XML docs ??? so maybe the function has been removed, I have 
> > miss remembered, or I am going mad (I vote for the 4th option ;) ).
> 
> In e.g. localc, you can "save as" an select at the bottom
> right "Flat XML ODF Spreadsheet (.fods)".
> 
> The same exists in lowriter (and very probably in all
> others - I didn't use them up to now).

In LibreOffice you can save a text document as .fodt , where you 
can see all the xml.  It does not contain line breaks, so merging 
with most revision control systems won't be useful.

-- hendrik

Re: RHEL7/CentOS7 RPM of dovecot 2.3.11.3-3 seems to have dropped tcpwrap support

2020-08-21 Thread Hendrik Boom 
On Fri, Aug 21, 2020 at 06:02:49PM +1200, Peter wrote:
> On 21/08/20 5:55 pm, Aki Tuomi wrote:
> > > At a guess it was removed from the spec for el8 (which does not support
> > > tcpwrap) and somehow got removed from el7 by accident.  The ghettoforge
> > > dovecot23 packages have tcpwrap support for el7:

So is el8 truly incompatible with tcpwrap?  Or is it just too much 
effort to continue suport for every feature that was ever in the system?

If the former, might it be reasonable for a user to change the 8's in 
the code below to 9's?

-- hendrik

> > 
> > We are looking into this, it was indeed removed from el7 by accident. RPM 
> > macros can be quite tricky sometimes.
> 
> I have:
> 
> %if 0%{?rhel} < 8
> BuildRequires: tcp_wrappers-devel
> %endif
> 
> ... then later ...
> 
> %if 0%{?rhel} < 8
> --with-libwrap \
> %endif
> 
> 
> Peter

Re: handling spam from gmail.

2020-06-11 Thread Hendrik Boom 
On Thu, Jun 11, 2020 at 10:19:50AM +0200, Marc Roos wrote:
> 
> 
> I am sick of this gmail spam. Does anyone know a solution where I can do 
> something like this:
> 
> 1. received email from adcpni...@gmail.com
> 2. system recognizes this email address has been 'whitelisted', continue 
> with 7.
> 3. system recognizes as this email never been seen before
> 4. auto reply with something like (maybe with a wait time of x hours):
>Your message did not receive the final recipient. You are sending 
> from a known spam provider
>network that is why we blocked your message. Please confirm that:
>- you are not a spammer and
>- you have permission to use the mail adress you send your message to
>- you and your provider agree to uphold GDPR legislation
>- you and your provider are liable for damages when breaching any of 
> the above.
>
> 
>Click link to confirm and you agree with the above
>https://www.domainwithoutletsencryptcertificate.com/asdfasdfadsfaf
> 
> 5. sender clicks confirm url
> 6. email address is added to some white list.
> 7. email is delivered to recipient.

If you do this rgularly enough, sending these messages to what are 
likely forged return addresses, you might just end up being classified 
as a spam sender yourself.

-- hendrik

> 
> 
> 
> 
>

Re: SV: handling spam from gmail.

2020-06-11 Thread Hendrik Boom 
On Thu, Jun 11, 2020 at 05:02:03PM +0800, Plutocrat wrote:
> On 11/06/2020 16.26, Marc Roos wrote:
> > I know it is not dovecot who should fix this. But anyone using dovecot 
> > is using an MTA, and receiving spam ;) I know how to look at email 
> > headers. Spf and dkim is not solving anything here.
> 
> You can configure this sort of thing in postfix, exim etc. The part of the 
> mail system to do with RECEIVING emails. Not really a dovecot function. 
> 
> Look at greylisting as an option. That's basically delaying email from 
> unknown senders. 

I use greylisting with my postfix.  On Debian and Devuan th package is 
called 'postgrey'.

What it does is, opon receiving mail from a new sender, reply with a 
protocol code that indicates "service temporarily unavailable; try again 
later".  Real email senders will try again later.  Most, but not all, 
spammers don't bother.

It does mean that the email services of some legitimate senders will 
take that protocol code and tell the user that the email was 
undeliverable.  (so the senders tell me) But those services still 
do try later, and I do get the message.

Of course you can still whitelist, and this spamfighting won't happen 
for those sites.

-- hendrik

> Also blocklists
> Also consider setting up rules in spamassassin / rspamd
>

Re: How to use dovecot only as POP3 server / prevent it from creating .imap directories?

2020-06-07 Thread Hendrik Boom 
On Sun, Jun 07, 2020 at 08:44:51AM +0200, Binarus wrote:
> Dear all,
> 
> on our mail server, I let sendmail deliver incoming messages to a file in 
> mbox format called "inbox" in each user's home directory.  Now I would like 
> to use dovecot as POP3 server so that users can let their MUA download their 
> messages via POP3. I do not want to use any IMAP functionality.
> 
> The POP3 part works with the configuration shown below, but nevertheless 
> there is a problem which is a show stopper:
> 
> Although I think I have turned off IMAP (e.g. no IMAP listener), dovecot 
> still creates .imap directories and does so in a very weird way. It creates 
> one .imap subdirectory in every subdirectory of each user's home directory, 
> and for every file in each user's home directory creates an additional 
> subdirectory with the same name in its .imap directories. It does this 
> recursively, and 1000 files in a user's home directory would mean 1000 
> additional subdirectories.
> 
> Of course, I can't live with that. I know that the dovecot documentation 
> discourages using the home directory as mail location, but in my case this 
> should not be a problem at all if IMAP is not used. I have played around with 
> dovecot for several days, but could not solve that problem.
> 
> So how can I turn off IMAP completely and prevent dovecot from creating any 
> .imap directories or IMAP related files?

I suppose you'd be OK with having IMAP but having it look *only* at the 
designated mbox file.

That would be something I could use.

-- hendrik

> 
> This happens with dovecot 2.3.4.1 (f79e8e7e4) on Debian buster (with all 
> updates applied).
> 
> My configuration (doveconf -n) is (the configuration is complete - I don't 
> use SQL or LDAP):
> 
> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.4 ()
> # OS: Linux 4.19.0-9-amd64 x86_64 Debian 10.4
> # Hostname: host.example.com
> listen = aaa.bbb.ccc.ddd
> mail_location = mbox:~:INBOX=~/inbox
> mail_privileged_group = mail
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Trash {
> special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   driver = pam
> }
> pop3_lock_session = yes
> protocols = " pop3"
> service imap-login {
>   inet_listener imap {
> port = 0
>   }
>   inet_listener imaps {
> port = 0
>   }
> }
> service pop3-login {
>   inet_listener pop3 {
> port = 0
>   }
>   inet_listener pop3s {
> port = 995
> ssl = yes
>   }
> }
> ssl = required
> ssl_cert =  ssl_cipher_list = DHE-RSA-AES256-GCM-SHA384
> ssl_client_ca_dir = /etc/ssl/certs
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_min_protocol = TLSv1.2
> ssl_prefer_server_ciphers = yes
> userdb {
>   driver = passwd
> }
> 
> Thank you very much in advance for any idea!
> 
> Regards,
> 
> Binarus

Re: What causes mails to get striked-over only, and not deleted?

2020-05-22 Thread Hendrik Boom 
On Sat, May 23, 2020 at 01:01:13AM +0200, Sebastian Nielsen wrote:
> I have tried with this sieve config:
> 
>   imapsieve_mailbox1_name = Sent
>   imapsieve_mailbox1_causes = COPY APPEND
>   imapsieve_mailbox1_after = file:/etc/dovecot/sieve/sent.sieve
> 
> and this sieve file (sent.sieve):
> 
> discard;
> 
> 
> This should clearly cause the mail to be deleted right?
> But whats happen, is that the mail is not deleted, its just marked for
> deletion (gets a strike-through in Microsoft Outlook).

If it is a deliberate design decision, it's probably so that if you made 
a mistake you can undelete them again.

-- hendrik

> 
> (have tried with _before too, but it wont help).
> 
> What can I do to ensure the mail actually gets deleted (completely, not
> moved to trash) and not just flagged for deletion?
>

Re: Headsup on feature removal - password

2020-03-18 Thread Hendrik Boom 
On Wed, Mar 18, 2020 at 10:38:37AM -0400, Jerry wrote:
> On Wed, 18 Mar 2020 09:51:51 -0400, Hendrik Boom stated:
> >Was there any reason for this message to be HTML-only?
> 
> Was there any reason to 'top post' and include the HTML text?

Yes.

(1) To indicate that my question was about the whole message and not 
its contents.  I normally don't top-post.
(2) To make it clear just what I was commenting about.

-- hendrik
> 
> -- 
> Jerry

Re: Headsup on feature removal - password

2020-03-18 Thread Hendrik Boom 
Was there any reason for this message to be HTML-only?

On Wed, Mar 18, 2020 at 07:13:12AM +0200, Aki Tuomi wrote:
> 
> 
>   
>
>  
>  
>   
>
>   
>   
>
> On 18/03/2020 00:06 Rupert Gallagher r...@protonmail.com wrote:
>
>
> 
>
>
> 
>
> Password schemes: HMAC-MD5, RPA, SKEY, PLAIN-MD4, LANMAN, NTLM, 
> SMD5
>
>The web is flooded with plain text passwords and hashed passwords 
> harvested from hacked servers. 
>
>Dovecot stores passwords with the same scheme used for client 
> authentication.
>
>Therefore, we use crammd5/hmac-md5. It does not look like much, but is 
> better than plaintext. 
>
>As md5 is about to go, and I have no intention to store passwords in 
> plaintext, I need to split the scheme used to store passwords from the scheme 
> used for authentication, and migrate storage from md5 to bcrypt.
>
>Since this is not possible, I think I will drop passwords entirely and 
> use certificates.
>
>
>   
>   
>
>   
>   
>We are not removing CRAM-MD5/DIGEST-MD5/S-CRAM-SHA-1 or S-CRAM-SHA-256. 
> Also just plain MD5 is still staying.
>   
>   
>---
> Aki Tuomi
>
>  
>

Re: [Bug] Sieve vacation :addresses match only,> case-sensitive?

2019-09-11 Thread Hendrik Boom via dovecot 
On Wed, Sep 11, 2019 at 09:25:54PM +0200, Klaus Steinberger via dovecot wrote:
> > I want to have it case-insensitive again, like in Pigeonhole version 0.4.24
> 
> i would also plea for making it case-insensitive again! We were hit by this 
> too,
> and I never saw any mail system in which the local Part ist Case sensitive!

Isn't the user name in the original Unix mail system (and presumably 
most of its descentants) case sensitive?  In which case it has to 
distinguish between mail sent to bob and to Bob?

- hendrik

Re: maildir very dirty sync option

2019-08-20 Thread Hendrik Boom via dovecot 
On Tue, Aug 20, 2019 at 10:05:59AM +0300, Yousif Alkhateeb via dovecot wrote:
> Hello ,
> 
> I have an active passive dovecot setup with glusterfs as a mail storage and
> using maildirs, we used to have a problem when users with large mailboxes
> sync their folders. This caused the load average to increase in the server
> , after a while we have enabled the very_dirty_sync option in dovecot ,
> things got better and the problem disappeared but we need to know if there
> is any thing else that we need to do or know about the very_dirty_sync
> option that may cause future problems .

What's the scale of this problem?  I.e., how large are the troublesome 
"large mailboxes"?  A gigabyte?  A terabyte?  a few megabytes?

-- hendrik

Re: v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

2019-03-28 Thread Hendrik Boom via dovecot 
On Wed, Mar 27, 2019 at 10:25:02AM +1100, Jason Lewis via dovecot wrote:
> Hi Aki,
> 
> debian jessie backports has been moved to archive.debian.org and
> initially I was unable to install dovecot-dbg because of that. But I've
> managed to resolve that issue now.

Just curious -- what deb line did you use in /etc/apt/sources.lst to 
refer to the archived repositories? 

-- hendrik

Re: Solr - complete setup (update)

2019-01-26 Thread Hendrik Boom 
On Sat, Jan 26, 2019 at 01:44:16PM +0100, Stephan Bosch wrote:
> Hi Joan,
> 
> Op 14/01/2019 om 07:44 schreef Joan Moreau via dovecot:
> > 
> > Hi Stephan,
> > 
> > What's up with that ?
> > 
> > Thank you so much
> > 
> > On 2019-01-05 02:04, Stephan Bosch wrote:
> > 
> > > Hi,
> > > 
> > > Op 04/01/2019 om 05:36 schreef Joan Moreau via dovecot:
> > > > 
...
...
> > > > 
> > > > -> The systemd unit shall specify high ulimit for files and proc
> > > > (see below)
> 
> Debian does something weird here. It doesn't use an explicit systemd unit.
> It is generated from the SysV init file. I ended up setting the ulimits in
> /etc/security/limits.conf for user solr.

Please make sure the changes you make don't make your Debian package 
*require* systemd.  There are Debian-derived distros that avoid systemd.

-- hendrik

Re: Mailing list address harvested for spamming

2018-12-01 Thread Hendrik Boom 
On Sun, Dec 02, 2018 at 10:09:02AM +1000, Noel Butler wrote:
> On 02/12/2018 05:31, M. Balridge wrote:
> 
> > Quoting dovecot-...@deemzed.uk:
> > 
> >> Not to stir the pot, but I notice my email address has recently been
> >> harvested from this list for spamming purposes. This email address is
> >> unique and not used for anything else.
> >> 
> >> I'd distinguish this from spam sent to the mailing list itself, which is
> >> obviously different.
> >> 
> >> Is there anything further that could be done to prevent this?
> > 
> > It's practically impossible to "police" all of those who sign up for a 
> > mailing
> > list that they do so for honest or constructive intentions. In addition,
> > copies of this mailing list are archived by various online search engines 
> > and
> > indexors, from content maintained or published by the list operators.
> > 
> > You're already using unique mail addresses, which is a sensible strategy, 
> > and
> > one I use myself. In fact, I use a scheme whereby I don't need to change or
> > update any back-end settings to deal with a multitude of unique and ad-hoc
> > specified addresses for every vendor/supplier and interaction point I deal 
> > with.
> > 
> > In short, if you use a public mailing list, expect that the address you use
> > for it will be discovered and abused by the nefarious marketeers of the High
> > Bit Seas.
> > 
> > Cordially,
> > =Malcky=
> 
> Since he uses a unique address, it is trivial to write a rule to ensure
> msgs come from dovecot.org and discard everything else, I do that on
> LKML, works a treat. This address alone is a mailing list only address,
> direct messages go to junk folder, which I visually scan occasionally,
> and if I dont within 7 days, tuff, they're deleted automatically. 
> 
> Which is why it annoys me that some people on mailing lists feel the
> need to reply directly, rather than through mailing list. 
> 
> (Yeah I know its also shortcomings of certain mailers and mailing
> services (has gmail even fixed that yet) where hitting reply or reply
> all should go to list.  Its also dumb when list admins dont set reply-to
> list, the entire point of relying to a list, is, well, to the list) 

There's an extensive email etiquette post somewhere on the net 
explaining why setting 'reply-to' to the list is a bad idea.

Reply-to is intended for the sender to explain that replies shouldn't 
be sent to the obvious sending address, but to another address.
This is essential if, say, the sender is temporarily away from home and s using 
a friend's email service.

It is unfortunate that there are user-agents that do not provide the 
reply-to-list' option.  And that there are mailing list programs that 
do not provide the proper list-headers to indicate the mailing list 
address.

The proper response to such cases is to complain to the email software 
providers.

-- hendrik
 
> 
> -- 
> Kind Regards, 
> 
> Noel Butler 
> 
>   This Email, including any attachments, may contain legally 
> privileged
> information, therefore remains confidential and subject to copyright
> protected under international law. You may not disseminate, discuss, or
> reveal, any part, to anyone, without the authors express written
> authority to do so. If you are not the intended recipient, please notify
> the sender then delete all copies of this message including attachments,
> immediately. Confidentiality, copyright, and legal privilege are not
> waived or lost by reason of the mistaken delivery of this message. Only
> PDF [1] and ODF [2] documents accepted, please do not send proprietary
> formatted documents 
> 
>  
> 
> Links:
> --
> [1] http://www.adobe.com/
> [2] http://en.wikipedia.org/wiki/OpenDocument

Re: Authenticate users using their firstname

2018-10-01 Thread Hendrik Boom 
On Mon, Oct 01, 2018 at 11:25:48PM +0200, Admin wrote:
> 
> 
> Von unterwegs gesendet
> 
> > Am 01.10.2018 um 18:27 schrieb Aki Tuomi :
> > 
> > 
> >> On 01 October 2018 at 15:19 Steffen Kaiser  wrote:
> >> 
> >> 
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA1
> >> 
> >>> On Sat, 29 Sep 2018, Fady AL HAYALI wrote:
> >>> 
> >>> I'm setting up a Postfic and Dovecot with LDAP email server. My users in 
> >>> LDAP is like this:
> >>> 
> >>>   dn: uid=firstname,ou=People,dc=domain,dc=com
> >>>   uid: firstname
> >>>   uidNumber: 4025
> >>>   gidNumber: 4025
> >>>   givenName: firstname
> >>>   objectClass: top
> >>>   objectClass: person
> >>>   objectClass: posixAccount
> >>>   objectClass: shadowAccount
> >>>   objectClass: organizationalPerson
> >>>   objectClass: inetOrgPerson
> >>>   loginShell: /bin/bash
> >>>   homeDirectory: /home/firstname
> >>>   cn: firstname lastname
> >>>   mail: 
> >>> firstname.lastn...@domain.com
> >>> 
> >>> This is how I connect Dovecot with LDAP
> >>> 
> >>>   hosts = ldapserver
> >>>   ldap_version = 3
> >>>   base = ou=People,dc=domain,dc=com
> >>>   deref = never
> >>>   scope = subtree
> >>>   user_attrs =
> >>>   user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
> >>>   pass_attrs = uid=user,userPassword=password
> >>>   pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
> >>>   default_pass_scheme = SSHA
> >>> 
> >>> When I enter a user's email address and password as the following:
> >>> email: firstname.lastn...@domain.com
> >>> password: password
> >>> 
> >>> and according to my setting which I used "%n" as you see above, the 
> >>> username used to authenticate is "firstname.lastname". I checked the 
> >>> Dovecot variables but I couldn't find something useful in this case to 
> >>> manipulate the "%n" variable.
> >>> 
> >>> I would like to keep using email addresses as 
> >>> "firstname.lastn...@domain.com" but 
> >>> authenticate users using their first name. I really hit a wall here and 
> >>> any help will be much appreciated.
> >> 
> >> Well, for me, this sounds strange, using firstname only. Why not let your 
> >> users enter the firstname only? Or:
> >> 
> >> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))
> >> 
> >> If firstname is unique, mail should be unique as well.
> >> 
> >> - -- 
> >> Steffen Kaiser
> > 
> > 
> > Steffen, I understood their mail addresses are like 
> > steffen.kai...@domain.com, but uid's are like uid=steffen
> > 
> > Aki
> 
> I guess this seems to be the desired behaviour as well. Getting interesting 
> when handling collisions. Not possible to decide by password which account 
> should be used as far as i can tell, as this would be some sort of brute 
> force authentication?!?

Not when a lot of people choose 123456 as their passwords.

-- hendrik

> 
> -M