AW: [EXT] Re: Dovecot community repositories
Thanks Michael for the information. What is the reason that Debian 12/Ubuntu 22.04/RHEL 9 are not supported by CE 2.3? I think for the user it would be best to get dovecot lates version from the community repo. In the past this works realy fine for me with RHEL 7/8 based Distros. Oliver -Ursprüngliche Nachricht- Von: Michael Slusarz Gesendet: Mittwoch, 12. Juni 2024 14:57 An: MK ; MK via dovecot Betreff: [EXT] Re: Dovecot community repositories > On 06/12/2024 5:37 AM MDT MK via dovecot wrote: > > just a short question to the dovecot people, maybe Aki or someone else can > answer this. > Will there be an update to the Dovecot community repositories in the near > future? > The repositories are lagging behind the current distributions. Just as an > example: Debian 12 has been released in 06/2023, this is one year ago and > there are still no packages for it. > Same for Ubutun 22.04, RHEL 9... Is there still any interest from dovecot > side to continue to maintain the community repostitorys? The community repositories continue to be maintained. Debian 12/Ubuntu 22.04/RHEL 9 are not supported by CE 2.3 so we don't build packages for them. They will be supported in CE 2.4. Distros may have done their own work to modify Dovecot source to get 2.3 to build/package on these systems. michael ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
AW: [ext] Re: Dovecot community repositories
In the case of ubuntu 22.04 you are lucky, but with Debian there is e.g. only 2.3.19 and if you want 2.3.21 then only the community repo would remain. And e.g. for RHEL 9 the version I can get via RHEL Repo is 2.3.16. Get dovecot via the community repo would be the best in my optinion. Provided it is maintained. Oliver -Ursprüngliche Nachricht- Von: Ralf Hildebrandt via dovecot Gesendet: Mittwoch, 12. Juni 2024 14:27 An: dovecot@dovecot.org Betreff: Re: [ext] Re: Dovecot community repositories * Jeff Peng via dovecot : > > > I am using ubuntu 22.04, it can have dovecot installed by just run: > sudo apt install -y dovecot-core dovecot-imapd dovecot-lmtpd Yes, 2.3.16 is in the default ubuntu repositories while the community repos are at 2.3.21 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Dovecot community repositories
Hello, just a short question to the dovecot people, maybe Aki or someone else can answer this. Will there be an update to the Dovecot community repositories in the near future? The repositories are lagging behind the current distributions. Just as an example: Debian 12 has been released in 06/2023, this is one year ago and there are still no packages for it. Same for Ubutun 22.04, RHEL 9... Is there still any interest from dovecot side to continue to maintain the community repostitorys? Greetings to Everyone Oliver ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Quota Clone Plugin
Hello Everybody, just a short question, maybe someone used this plugin and can give me a short answer. I have configured dovecot Quota Clone Plugin to copy quota information into a MySQL Database. Works finde, but dovecot writes the quota information only to the database if the quota is triggert by new email or something else like this. So I don't have all my user in the MySQL Database. Is there any command I can use that can trigger dovecot to write the quota information of all the users to the database one time, so that I have all my user quota information copied in the database? I have tried "doveadm quota recalc -A" but it took quite a long time and there is a very high I/O Load on the server, so I stopped it. I don't think this is what I want to do. Maybe there is another way. For all of you who don't know this plugin. https://doc.dovecot.org/configuration_manual/quota_clone_plugin/ Greetings, Oliver
AW: The end of Dovecot Director?
>To be clear, we are not removing proxying features from Dovecot either. Just >the director ring feature. To be realy clear, you are not removing the proxy feature in dovecot that can be used to proxy users to different backend server on which the users mailboxes are stored? Thanks Oliver >Aki > On 21/10/2022 14:14 EEST Amol Kulkarni wrote: > > > Nginx has an mail proxy for pop, imap, smtp. > Can it be used instead of director ? > > > On Fri, 21 Oct 2022 at 16:21, wrote: > > On 2022-10-21 10:51, Zhang Huangbin wrote: > > >> On Oct 21, 2022, at 5:23 PM, hi@zakaria.website wrote: > > >> > > >> I was wondering if one can achieve the same implementation with > > >> haproxy without dovecot director? > > > > > > The most important part of Director is it makes sure same mail > > user > always proxied to same backend IMAP server. > > > > > > If mailbox is in Maildir format (and stored on shared storage > > like > NFS), accessing it from different server may corrupt Dovecot > > index > files and mailbox becomes unaccessible. Director perfectly > > avoids this > issue. > > > > > > HAProxy can proxy mail user from same client IP to same backend > > IMAP > server, but not same mail user from different IPs. > > > > > > Quote (https://doc.dovecot.org/admin_manual/director/dovecotdirector/): > > > > > > "Director can be used by Dovecot’s IMAP/POP3/LMTP proxy to keep a > > > temporary user -> mail server mapping. As long as user has > > simultaneous > connections, the user is always redirected to the > > same server. Each > proxy server is running its own director > > process, and the directors are > communicating the state to each > > others. Directors are mainly useful for > setups where all of the > > mail storage is seen by all servers, such as > with NFS or a cluster > > filesystem." > > > > > > > > > Zhang Huangbin, founder of: > > > - iRedMail: Open source email server solution: > > > https://www.iredmail.org/ > > > - Spider: Lightweight, on-premises Email Archiving Software: > > > https://spiderd.io > > > > Aha makes sense, although I was not able to see how can index files > > be corrupted when its if will going to be updated, its in same > > manner as from different connection, e.g. opening email account > > from different app clients, with different connections, does not corrupt > > the index files? > > > > Also, Is it the issue Director resolving as well its with > > maintaining the logged in dovecot connection to same backend? > > Anyhow, thanks for your valuable efforts in clearing this :) > > > > I wondered if there is any other solution to avoid corrupting index > > files? Perhaps if dovecot offer database indexing as well as login > > sessions, it seems that this would eliminate Director requirement, > > and offer better high availability, as for now userdb/authdb is > > only available per my knowledge, and using database cluster > > resolves the issue with user and auth queries during simultaneous > > connections to a different backends. > > > > Otherwise, it seems in large enterprise deployment with high > > availability a Director implementation will be needed, hopefully we > > will find an alternative solution by the time Dovecot 3 is released. > > > > I might need to get my head around building dovecot with customised > > modules and review the code which was removed and return it back, if > > anyone is planning to this, and well off ahead of me, please let me > > know, we might be able to help one another. > > > > With thanks. > > > > Zakaria. > >
AW: Monitoring Dovecot Replication
Hello David, that's the thing I want to know. To build a script to check this is not the problem. In the first check I have started with " doveadm replicator status" search for " Waiting 'failed' requests" and if this is > 0 then give me a failure. But if I have this in my monitoring then I have a lot of alarms that where cleared during the next poll. For example: OpenNMS polls this nrpe check that looks at the value described, there are one or more "Waiting 'failed' requests" it gives an alarm. 5 min later (the next poll from OpenNMS) the "Waiting 'failed' requests" are 0 because dovecot has fixed the the failed users by itself. And so I have a lot of alarms that where cleared 5-10 min after they came into the monitoring without doing anything. I'm searching for a way to get the user out of the system where dovecot could not solve a failure by itself. Because this is what I want to altert so that I can take a look and fix it. Regards, Oliver -Ursprüngliche Nachricht- Von: dovecot [mailto:dovecot-boun...@dovecot.org] Im Auftrag von David Morsberger Gesendet: Donnerstag, 18. Februar 2021 23:17 An: MK Cc: dovecot@dovecot.org Betreff: Re: Monitoring Dovecot Replication Oliver, What’s your observable event that indicates replication has failed or is behind? Log message? Different file checksums? David > On Feb 18, 2021, at 10:54 AM, MK wrote: > > Hello Andrea, > > thanks for sharing your script to the community. > > But think your script does not solve my problem. Monitoring failed > replication with the output of "doveadm replicator status" > I have allready tried. In my opinion there is nothing in this output and also > in other status output I found that shows me the > user that failed longer time and where the replication process does not solve > this failure by itself. > I'm searching for something that shows me an alarm if dovecot could not fix a > replication by itself > after > 10 min. With my experience the most replication failures where fixed > by dovecot automatically > in under 10 min. Because dovecot starts every 5min another try. > Or did you have a logic outside this script, maybe in Check_MK that knows > when a user is greater than 10 min > out of replication or something like hat? Until now I don't unterstand how > this works for you as monitoring the > replication. > > To understand my side better. We are using OpenNMS to monior our servers and > in this case I would use a > nrpe check on the cluster to monitor this. OpenNMS polls this check every 5 > min and if it gives a fail result > I have an alarm. Maybe this helps a little bit to understand my problem. > > Regards, > Oliver > > -Ursprüngliche Nachricht- > Von: dovecot [mailto:dovecot-boun...@dovecot.org] Im Auftrag von Andrea > Gabellini > Gesendet: Montag, 15. Februar 2021 11:04 > An: Steven Varco; dovecot@dovecot.org > Betreff: Re: Monitoring Dovecot Replication > > Hello, > > here my script. I'm not a professional programmer... ;-) > > Andrea > > Il 12/02/21 17:53, Steven Varco ha scritto: >> Hi Andrea >> >> It would be great if oyu could post that here, as I (and possibly others) >> would also be interested. :) >> >> thanks, >> Steven >> > > -- > __ > hAS ANYONE SEEN MY cAPSLOCK KEY? > __ > > TIM San Marino S.p.A. > Andrea Gabellini > Engineering R > TIM San Marino S.p.A. - https://www.telecomitalia.sm > Via Ventotto Luglio, 212 - Piano -2 > 47893 - Borgo Maggiore - Republic of San Marino > Tel: (+378) 0549 886237 > Fax: (+378) 0549 886188 > > > > -- > Informativa Privacy > > Questa email ha per destinatari dei contatti presenti negli archivi di TIM > San Marino S.p.A.. Tutte le informazioni vengono trattate e tutelate nel > rispetto della normativa vigente sulla protezione dei dati personali (Reg. EU > 2016/679). Per richiedere informazioni e/o variazioni e/o la cancellazione > dei vostri dati presenti nei nostri archivi potete inviare una email a > priv...@telecomitalia.sm. > > Avviso di Riservatezza > > Il contenuto di questa e-mail e degli eventuali allegati e' strettamente > confidenziale e destinato alla/e persona/e a cui e' indirizzato. Se avete > ricevuto per errore questa e-mail, vi preghiamo di segnalarcelo > immediatamente e di cancellarla dal vostro computer. E' fatto divieto di > copiare e divulgare il contenuto di questa e-mail. Ogni utilizzo abusivo > delle informazioni qui contenute da parte di persone terze o comunque non > indicate nella presente e-mail potra' essere perseguito ai sensi di legge.
AW: Monitoring Dovecot Replication
Hello Andrea, thanks for sharing your script to the community. But think your script does not solve my problem. Monitoring failed replication with the output of "doveadm replicator status" I have allready tried. In my opinion there is nothing in this output and also in other status output I found that shows me the user that failed longer time and where the replication process does not solve this failure by itself. I'm searching for something that shows me an alarm if dovecot could not fix a replication by itself after > 10 min. With my experience the most replication failures where fixed by dovecot automatically in under 10 min. Because dovecot starts every 5min another try. Or did you have a logic outside this script, maybe in Check_MK that knows when a user is greater than 10 min out of replication or something like hat? Until now I don't unterstand how this works for you as monitoring the replication. To understand my side better. We are using OpenNMS to monior our servers and in this case I would use a nrpe check on the cluster to monitor this. OpenNMS polls this check every 5 min and if it gives a fail result I have an alarm. Maybe this helps a little bit to understand my problem. Regards, Oliver -Ursprüngliche Nachricht- Von: dovecot [mailto:dovecot-boun...@dovecot.org] Im Auftrag von Andrea Gabellini Gesendet: Montag, 15. Februar 2021 11:04 An: Steven Varco; dovecot@dovecot.org Betreff: Re: Monitoring Dovecot Replication Hello, here my script. I'm not a professional programmer... ;-) Andrea Il 12/02/21 17:53, Steven Varco ha scritto: > Hi Andrea > > It would be great if oyu could post that here, as I (and possibly others) > would also be interested. :) > > thanks, > Steven > -- __ hAS ANYONE SEEN MY cAPSLOCK KEY? __ TIM San Marino S.p.A. Andrea Gabellini Engineering R TIM San Marino S.p.A. - https://www.telecomitalia.sm Via Ventotto Luglio, 212 - Piano -2 47893 - Borgo Maggiore - Republic of San Marino Tel: (+378) 0549 886237 Fax: (+378) 0549 886188 -- Informativa Privacy Questa email ha per destinatari dei contatti presenti negli archivi di TIM San Marino S.p.A.. Tutte le informazioni vengono trattate e tutelate nel rispetto della normativa vigente sulla protezione dei dati personali (Reg. EU 2016/679). Per richiedere informazioni e/o variazioni e/o la cancellazione dei vostri dati presenti nei nostri archivi potete inviare una email a priv...@telecomitalia.sm. Avviso di Riservatezza Il contenuto di questa e-mail e degli eventuali allegati e' strettamente confidenziale e destinato alla/e persona/e a cui e' indirizzato. Se avete ricevuto per errore questa e-mail, vi preghiamo di segnalarcelo immediatamente e di cancellarla dal vostro computer. E' fatto divieto di copiare e divulgare il contenuto di questa e-mail. Ogni utilizzo abusivo delle informazioni qui contenute da parte di persone terze o comunque non indicate nella presente e-mail potra' essere perseguito ai sensi di legge.
Monitoring Dovecot Replication
Hello, I have a cluster with two dovecot nodes with dovecot replication between them. The setup works fine and now I'm searching for a way to monitor the users so that I can get an information if the replication fails for one user for a longer time and I have to trigger the replication manually. Most of the time if I see a replication failure the self healing of dovecot replication repairs this in max. 10 min. I have tried different combinations of querying " doveadm replicator status '*' " and search for failed users and then send an alarm if one of fast sync, full sync or success sync reaches a threshold. But there is no combination that seems to be working if I only want to trigger this if I have to fix the replication manualy. Can someone tell me what I have to query to get only the user who's replication failed for a longer time (10 min +) and that I have to fix manually? Thank you. Oliver
login failure after upgrade to dovecot 2.3.7.2
Hi List, after upgrading dovecot from version 2.2.33.2 to 2.3.7.2 I got a lot of error messages like the following if the process count of imap processes reaches nearly 1000 (~950 (there are a few pop-connections)). Sep 5 11:27:32 mailbox1 dovecot: imap-login: Internal login failure (pid=27728 id=116): user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, session= Sep 5 11:27:33 mailbox1 dovecot: imap-login: Error: master(imap): net_connect_unix(imap) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable (client-pid=27704, client-id=79, rip=x.x.x.x, created 511 msecs ago, received 0/4 bytes) Our setup consists of some servers with dovecot as proxy/redirector as frontend servers, redirecting the logged in users to the backend servers storing the mailboxes. OS is CentOS 6 on both server types. The backend server in question has usually ~ 2500 simultaneous imap connections. Before the update there where no problems. During the update I merged the old 2.2 config into the new 2.3 from the fresh installed binary (Repo from dovecot.org). As I found the failure above in the logfile I testet a lot, to figure out how to fix this, because for me it seemed to be some limit around 1000 connections/processes anywhere in the config. In the end I changed the default value of "default_client_limit" from ist default 1000 to 8192 and the problem was fixed for the moment. Now I'm trying to understand why this fixes the problem and what the difference is between 2.2 and 2.3. For me it seems like something changed in the architecture during the release change, but I didn't find anything. I looked into the release notes and also checked the differences beween the 2.2 and 2.3 default config values (using doveconf -d). Can anyone help? Here is the output of doveconf -n # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 (7372921a) # OS: Linux 2.6.32-696.23.1.el6.x86_64 x86_64 CentOS release 6.10 (Final) auth_mechanisms = plain login default_client_limit = 8192 disable_plaintext_auth = no mail_location = mdbox:%h mail_plugins = quota zlib managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = dict:User quota::file:%h/dovecot-quota quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve zlib_save = gz zlib_save_level = 6 } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh protocols = imap pop3 lmtp sieve service imap-login { process_min_avail = 12 service_count = 0 } service imap { process_limit = 8192 } service lmtp { inet_listener lmtp { address = * port = 24 } } service pop3-login { process_min_avail = 12 service_count = 0 } service pop3 { process_limit = 1024 } service quota-warning { executable = script /scripts/quota.sh unix_listener quota-warning { user = vmail } user = vmail } ssl = no userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } verbose_proctitle = yes protocol lmtp { mail_plugins = quota zlib sieve } protocol imap { mail_max_userip_connections = 30 mail_plugins = quota zlib imap_quota } protocol pop3 { mail_plugins = quota zlib } greetings, Oliver
AW: CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
>> On 2 Sep 2019, at 11.01, MK via dovecot wrote: >> >> Good Morning List, >> >> just a short question to this vulnerability. We are using a setup with >> dovecot redirector/proxy frontend servers >> and some backend server, which store the mailboxes. >> Is it anough to update the frontend servers if I like to fix the the >> vulnerability? >No. > >Sami Thanks. Do I understand this correct that updating the frontends fixes only the vulnerability for anonymous requests and for users logged in the vulnerability still exists if I don't update the backend servers? Oliver
AW: CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
Good Morning List, just a short question to this vulnerability. We are using a setup with dovecot redirector/proxy frontend servers and some backend server, which store the mailboxes. Is it anough to update the frontend servers if I like to fix the the vulnerability? greetings, Oliver