Re: sometimes no shared cipher after upgrade from 2.2 to 2.3
On 21/8/2019 18:51, Kristijan Savic - ratiokontakt GmbH via dovecot wrote: SSL3 is no longer included in the cipher sets. Try this: ssl_min_protocol = SSLv3 Thanks. Unfortunately, no dice - same error. Any other tips? I was under the impression "no shared cipher" was rather the problem? Yes this is exactly the problem but the error is specific to SSL3 shared ciphers. routines:ssl3_get_client_hello:no shared cipher You may also want to add this ssl_cipher_list = ALL Basically you should focus as to why SSL3 ciphers are not activated. If the above parameter did not work, it is very possible the openssl distribution you have has not included SSL3 support at all. You may have to do some recompiling if this is the case. If your old clients are only from your internal net and you do not provide any ISP like services you may consider upgrading the clients as you will have quite often issues such as this one in the near future as SSL3 support and below is in the process of being dropped from almost everything.
Re: sometimes no shared cipher after upgrade from 2.2 to 2.3
On 21/8/2019 16:12, Kristijan Savic - ratiokontakt GmbH via dovecot wrote: We recently upgraded from dovecot 2.2 to 2.3.7.1-1 Not many, but some users are experiencing difficulties. The dovecot directors log: Aug 21 14:28:49 director01 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=redacted, lip=10.0.0.120, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session= Any ide what could be causing it? SSL3 is no longer included in the cipher sets. Try this: ssl_min_protocol = SSLv3
Re: Pigeonhole-0.5.7 fails to build from sources
On 13/7/2019 15:02, Jerry via dovecot wrote: > I am using 'poudriere' on a FreeBSD 12.0-RELEASE-p7, and both dovecot > and pigeonhole build and install correctly. It builds ok also with standard FreeBSD's "make" but it seems for some reason you have to remove both old versions of dovecot and pigeonhole ports, if you have them installed, before you start building the new ones. pigeonhole was building against the old version of dovecot installed and this is what caused the issue. Possibly other ways to build may not have this problem. Lefteris
Error: file_ostream.net_set_tcp_nodelay
After upgrading to 2.3.7_1 I get those errors every now and then. Running FreeBSD 12-RELEASE. Any idea what they may be? Jul 13 08:07:11 pop3-login: Error: file_ostream.net_set_tcp_nodelay(, FALSE) failed: Connection reset by peer Jul 13 08:19:10 imap-login: Error: file_ostream.net_set_tcp_nodelay(, TRUE) failed: Connection reset by peer Jul 13 08:24:09 imap-login: Error: file_ostream.net_set_tcp_nodelay(, TRUE) failed: Connection reset by peer Jul 13 08:34:53 imap-login: Error: file_ostream.net_set_tcp_nodelay(, TRUE) failed: Connection reset by peer Lefteris
Re: Pigeonhole-0.5.7 fails to build from sources
Solution is to uninstall the port and then build. If dovecot is already installed it will not build. On 13/7/2019 0:08, Lefteris Tsintjelis via dovecot wrote: Latest update fails to build from sources in FreeBSD 12-STABLE --- lda-sieve-plugin.lo --- lda-sieve-plugin.c:82:27: error: variable has incomplete type 'struct smtp_submit_input' struct smtp_submit_input submit_input;
Pigeonhole-0.5.7 fails to build from sources
Latest update fails to build from sources in FreeBSD 12-STABLE --- lda-sieve-plugin.lo --- lda-sieve-plugin.c:82:27: error: variable has incomplete type 'struct smtp_submit_input' struct smtp_submit_input submit_input; ^ lda-sieve-plugin.c:82:9: note: forward declaration of 'struct smtp_submit_input' struct smtp_submit_input submit_input; ^ 1 error generated. *** [lda-sieve-plugin.lo] Error code 1 make[6]: stopped in /usr/ports/mail/dovecot-pigeonhole/work/dovecot-2.3-pigeonhole-0.5.7/src/plugins/lda-sieve --- lda-sieve-log.lo --- mv -f .deps/lda-sieve-log.Tpo .deps/lda-sieve-log.Plo 1 error make[6]: stopped in /usr/ports/mail/dovecot-pigeonhole/work/dovecot-2.3-pigeonhole-0.5.7/src/plugins/lda-sieve *** [all-recursive] Error code 1 make[5]: stopped in /usr/ports/mail/dovecot-pigeonhole/work/dovecot-2.3-pigeonhole-0.5.7/src/plugins 1 error make[5]: stopped in /usr/ports/mail/dovecot-pigeonhole/work/dovecot-2.3-pigeonhole-0.5.7/src/plugins *** [all-recursive] Error code 1 make[4]: stopped in /usr/ports/mail/dovecot-pigeonhole/work/dovecot-2.3-pigeonhole-0.5.7/src 1 error make[4]: stopped in /usr/ports/mail/dovecot-pigeonhole/work/dovecot-2.3-pigeonhole-0.5.7/src *** [all-recursive] Error code 1 make[3]: stopped in /usr/ports/mail/dovecot-pigeonhole/work/dovecot-2.3-pigeonhole-0.5.7 1 error make[3]: stopped in /usr/ports/mail/dovecot-pigeonhole/work/dovecot-2.3-pigeonhole-0.5.7 *** [all] Error code 2 make[2]: stopped in /usr/ports/mail/dovecot-pigeonhole/work/dovecot-2.3-pigeonhole-0.5.7 1 error make[2]: stopped in /usr/ports/mail/dovecot-pigeonhole/work/dovecot-2.3-pigeonhole-0.5.7 ===> Compilation failed unexpectedly. Ensure that dovecot-pigeonhole's GSSAPI backend is the same as dovecot2 (make config). Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. *** Error code 1 Stop. make[1]: stopped in /usr/ports/mail/dovecot-pigeonhole *** Error code 1 Stop. make: stopped in /usr/ports/mail/dovecot-pigeonhole
Connection statistics per user and IP
Is it possible to enable statistics and keep track of the maximum number of connections per user and also per IP? Lefteris
Error: last_login_dict: Failed to write value: dict-server returned failure: sql dict: commit failed: Field 'password' doesn't have a default value
Hi, after upgrading my database I kept on getting those errors. It seems like later versions of databases have strict mode enabled by default and it must either be disabled or change the dovecot database schema. Besides the password, would anyone know what other fields must be changed to the dovecot schema and have a default value? Is there any other dovecot schema for strict mode? Lefteris
Re: Error: quota-status: Client sent invalid recipient address: Invalid character in path
On 29/6/2019 13:35, John Fawcett via dovecot wrote:
> On 28/06/2019 02:01, Lefteris Tsintjelis via dovecot wrote:
>> Any idea what this is?
>>
>> Jun 26 23:16:34
>> quota-status(u...@example.com)<4975>: Error:
>> quota-status: Client sent invalid recipient address: Invalid character
>> in path
>>
>> I have this enabled in my config
>>
>> service quota-status {
>> client_limit = 1
>> executable = quota-status -p postfix
>> unix_listener /var/spool/postfix/private/dovquota {
>> mode = 0666
>> user = postfix
>> }
>> }
>>
>> Lefteris
>
> this is given by the address validation routines (for example see
> lib-smtp/smtp-address.c as a starting point).
>
> Maybe it would be easier to approach it by looking at the email address
> that gave the error.
>
> Is the email address compliant to smtp standards? Does it contain utf8
> characters? Does the email address correspond to a mailbox of the same
> name with a quota to be checked?
It is not just one email, the logs were full of them but I think I found
the source of the problem. When I build from sources, libicu for FTS
unicode normalization was checked. I have rebuild yesterday without ICU
and no errors like those so far.
Lefteris
Error: quota-status: Client sent invalid recipient address: Invalid character in path
Any idea what this is?
Jun 26 23:16:34
quota-status(u...@example.com)<4975>: Error:
quota-status: Client sent invalid recipient address: Invalid character
in path
I have this enabled in my config
service quota-status {
client_limit = 1
executable = quota-status -p postfix
unix_listener /var/spool/postfix/private/dovquota {
mode = 0666
user = postfix
}
}
Lefteris
Re: last login user tracking
On 22/6/2019 16:07, John Fawcett via dovecot wrote:
>
> You can easily view the value in a readable format with the
> FROM_UNIXTIME mysql funciton
>
> https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_from-unixtime
>
> To get remote ip
>
> define the rip field in your table and add it to the primary key
>
> add %r to the last_login_key
>
> last_login_key = last-login/%u/%d/%r
>
> add $rip to the pattern and fields section in your
> /etc/dovecot/dovecot-last-login.conf
>
> map {
> pattern = shared/last-login/$user/$domain/$rip
> table = last_login
> value_field = last_login
> value_type = uint
>
> fields {
> username = $user
> domain = $domain
> rip = $rip
> }
> }
>
> By adding the rip field to the primary key of the table, you can end up
> with multiple rows per username each with different ips, but if you
> don't do that, the rip field is never updated after the first insert.
Does it work with IPv4 as well as IPv6? What is the optimal way to
declare the rip field as?
Re: Merging existing mailboxes to aliases
On 19/5/2019 16:04, Sami Ketola via dovecot wrote: Why do you want to do this? Thunderbird does obey special_use flags. https://wiki.dovecot.org/MailboxSettings Do you have other clients then that do not honor those? Sami Thunderbird was just a test client nothing more than that and it works well as you say. Hardly had any problems with it. However, I have a few other clients that do not obey rules very well and I was thinking to force them do that mainly to enforce proper learning of spam/nonspam through global sieve filtering for each and any type of client. It does not look like it is very possible so far.
Re: Merging existing mailboxes to aliases
I have just tested an account with Thunderbird as client and had a couple of problems. I also wonder if you have to apply sieve rules in each alias separately. That would complicate things even more but the concept is good though. On 19/5/2019 11:43, Marc Roos via dovecot wrote: The alias plugin does not work properly afaik, I have been trying to use it on a default centos6/7 release. If I remember correctly it messes up with sub folders. Check mailing list archive
Merging existing mailboxes to aliases
I am trying to merge all, existing or not, different mailboxes in one with the mailbox alias plugin. If I add the following lines, will the existing mailboxes automatically merge in one mailbox and corresponding links auto create? If not, do I have to do this manually? mailbox_alias_new = Spam mailbox_alias_new2 = Junk E-mail mailbox_alias_new3 = Sent Items mailbox_alias_new4 = Sent Messages mailbox_alias_new5 = Deleted Items mailbox_alias_old = Junk mailbox_alias_old2 = Junk mailbox_alias_old3 = Sent mailbox_alias_old4 = Sent mailbox_alias_old5 = Trash Lefteris
Re: Find last day of login
On 18/05/2019 19:47, Aki Tuomi via dovecot wrote: Or you can use last_login plugin, bundled with dovecot. https://wiki.dovecot.org/Plugins/LastLogin Aki That is a very nice one Aki, thank you. This is what I needed. I only wish I had that before. Lefteris
Re: Find last day of login
Hi, not everyone is using roundcube so this is a problem and postfix does not have this field from what I have checked. The timestamp of the email files though do not change from what I see (unless I am missing something) so I guess this is the only safe way here but only in the files left in the "new" folder. On 18/05/2019 19:43, Durga Prasad Malyala via dovecot wrote: Hi You may find some Plugins if you use a front-end like round cube. I recall seeing a field in the postfix MySQL database. I'm not sure on Maildirs since mails would be delivered and timestamps changed even if user is not logging in. Cheers/DP On Fri, May 17, 2019, 18:21 Lefteris Tsintjelis via dovecot wrote: I am using dovecot virtual maildir accounts. Is it possible to find last day of login for an account by checking the last modification time of the maildir files? Lefteris
Find last day of login
I am using dovecot virtual maildir accounts. Is it possible to find last day of login for an account by checking the last modification time of the maildir files? Lefteris
Re: Permissions fix
On 15/5/2019 21:19, Tanstaafl via dovecot wrote: On Wed May 15 2019 12:58:39 GMT-0400 (Eastern Standard Time), Lefteris Tsintjelis via dovecot wrote: Is there a fast way for dovecot to set and/or fix its directory permissions? I don't think so. I suggested dovecot implement something like postfix does, but I believe the response was that there are too many variables for there to be a reliable way for dovecot to do this automatically - at least without a lot of work. And that is exactly the problem, too many things could go wrong also.
Permissions fix
Is there a fast way for dovecot to set and/or fix its directory permissions?
Re: Sieve scripting
On 13/5/2019 11:45, Aki Tuomi via dovecot wrote: On 13.5.2019 11.14, Lefteris Tsintjelis via dovecot wrote: I want to monitor a special folder and execute a shell script each time I put an email to it. I would like to automate that way the process of SPAM reporting (SPAMCop). Is that possible with sieve? Yes, see https://wiki2.dovecot.org/HowTo/AntispamWithSieve It seems to work great but only within the same server. It I copy anything from a different server it simply does not work. Is there a way around this?
Re: Sieve scripting
On 13/5/2019 11:45, Aki Tuomi via dovecot wrote: On 13.5.2019 11.14, Lefteris Tsintjelis via dovecot wrote: I want to monitor a special folder and execute a shell script each time I put an email to it. I would like to automate that way the process of SPAM reporting (SPAMCop). Is that possible with sieve? Lefteris Yes, see https://wiki2.dovecot.org/HowTo/AntispamWithSieve Aki Great! Seems exactly what I need. Thank you
Sieve scripting
I want to monitor a special folder and execute a shell script each time I put an email to it. I would like to automate that way the process of SPAM reporting (SPAMCop). Is that possible with sieve? Lefteris
Re: Feature request - blacklistd interaction
On 4/5/2019 21:02, Aki Tuomi via dovecot wrote: On 4 May 2019 20:55 Lefteris Tsintjelis via dovecot wrote: Would be really really REALLY nice to have dovecot interact directly with blacklistd! Makes a huge difference on busy systems and beats log parsing by far. Thank you Dovecot supports JSON based weakforce protocol. If you can make adaptor for that, then you can make it interact directly. See https://wiki.dovecot.org/Authentication/Policy Aki Make an adapter in order to work with another adapter (blacklistd) in order to trigger firewall rules would only make things more complex. Keeping things simple is best.
Feature request - blacklistd interaction
Would be really really REALLY nice to have dovecot interact directly with blacklistd! Makes a huge difference on busy systems and beats log parsing by far. Thank you
