AW: [EXT] Re: Dovecot community repositories

[MK via dovecot]

Thanks Michael for the information. 
What is the reason that Debian 12/Ubuntu 22.04/RHEL 9 are not supported by CE 
2.3? 
I think for the user it would be best to get dovecot lates version from the 
community repo.
In the past this works realy fine for me with RHEL 7/8 based Distros. 

Oliver

-Ursprüngliche Nachricht-
Von: Michael Slusarz  
Gesendet: Mittwoch, 12. Juni 2024 14:57
An: MK ; MK via dovecot 
Betreff: [EXT] Re: Dovecot community repositories

> On 06/12/2024 5:37 AM MDT MK via dovecot  wrote:
> 
> just a short question to the dovecot people, maybe Aki or someone else can 
> answer this.
> Will there be an update to the Dovecot community repositories in the near 
> future? 
> The repositories are lagging behind the current distributions. Just as an 
> example: Debian 12 has been released in 06/2023, this is one year ago and 
> there are still no packages for it.
> Same for Ubutun 22.04, RHEL 9...  Is there still any interest from dovecot 
> side to continue to maintain the community repostitorys?

The community repositories continue to be maintained.

Debian 12/Ubuntu 22.04/RHEL 9 are not supported by CE 2.3 so we don't build 
packages for them.  They will be supported in CE 2.4.

Distros may have done their own work to modify Dovecot source to get 2.3 to 
build/package on these systems.

michael
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

AW: [ext] Re: Dovecot community repositories

[MK via dovecot]

In the case of ubuntu 22.04 you are lucky, but with Debian there is e.g. only 
2.3.19 and if you want 2.3.21 then only the community repo would remain.
And e.g. for RHEL 9 the version I can get via RHEL Repo is 2.3.16. Get dovecot 
via the community repo would be the best in my optinion. Provided it is 
maintained.

Oliver

-Ursprüngliche Nachricht-
Von: Ralf Hildebrandt via dovecot  
Gesendet: Mittwoch, 12. Juni 2024 14:27
An: dovecot@dovecot.org
Betreff: Re: [ext] Re: Dovecot community repositories

* Jeff Peng via dovecot :
> 
> 
> I am using ubuntu 22.04, it can have dovecot installed by just run:
>  sudo apt install -y dovecot-core dovecot-imapd dovecot-lmtpd

Yes, 2.3.16 is in the default ubuntu repositories while the community repos are 
at 2.3.21

--
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
  Invalidenstraße 120/121 | D-10115 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | https://www.charite.de

___
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to 
dovecot-le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Dovecot community repositories

[MK via dovecot]

Hello,

just a short question to the dovecot people, maybe Aki or someone else can 
answer this.
Will there be an update to the Dovecot community repositories in the near 
future? 
The repositories are lagging behind the current distributions. Just as an 
example: Debian 12 has been released in 06/2023, this is one year ago and there 
are still no packages for it.
Same for Ubutun 22.04, RHEL 9...  Is there still any interest from dovecot side 
to continue to maintain the community repostitorys?

Greetings to Everyone
Oliver

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Quota Clone Plugin

[MK]

Hello Everybody,

just a short question, maybe someone used this plugin and can give me a short 
answer.

I have configured dovecot Quota Clone Plugin to copy quota information into a 
MySQL Database.
Works finde, but dovecot writes the quota information only to the database if 
the quota is triggert by new email 
or something else like this. So I don't have all my user in the MySQL Database. 

Is there any command I can use that can trigger dovecot to write the quota 
information of all the users to the database 
one time, so that I have all my user quota information copied in the database? 
I have tried "doveadm quota recalc -A" but it took quite a long time and there 
is a very high I/O Load on the server, so I stopped it. 
I don't think this is what I want to do. Maybe there is another way. 

For all of you who don't know this plugin.
https://doc.dovecot.org/configuration_manual/quota_clone_plugin/

Greetings,
Oliver

AW: The end of Dovecot Director?

[MK]

>To be clear, we are not removing proxying features from Dovecot either. Just 
>the director ring feature.
To be realy clear, you are not removing the proxy feature in dovecot that can 
be used to proxy users to different backend server on which 
the users mailboxes are stored?

Thanks Oliver 

>Aki

> On 21/10/2022 14:14 EEST Amol Kulkarni  wrote:
> 
> 
> Nginx has an mail proxy for pop, imap, smtp.
> Can it be used instead of director ?
> 
> 
> On Fri, 21 Oct 2022 at 16:21,  wrote:
> > On 2022-10-21 10:51, Zhang Huangbin wrote:
> >  >> On Oct 21, 2022, at 5:23 PM, hi@zakaria.website wrote:
> >  >>
> >  >> I was wondering if one can achieve the same implementation with  
> > >> haproxy without dovecot director?
> >  >
> >  > The most important part of Director is it makes sure same mail 
> > user  > always proxied to same backend IMAP server.
> >  >
> >  > If mailbox is in Maildir format (and stored on shared storage 
> > like  > NFS), accessing it from different server may corrupt Dovecot 
> > index  > files and mailbox becomes unaccessible. Director perfectly 
> > avoids this  > issue.
> >  >
> >  > HAProxy can proxy mail user from same client IP to same backend 
> > IMAP  > server, but not same mail user from different IPs.
> >  >
> >  > Quote (https://doc.dovecot.org/admin_manual/director/dovecotdirector/):
> >  >
> >  > "Director can be used by Dovecot’s IMAP/POP3/LMTP proxy to keep a  
> > > temporary user -> mail server mapping. As long as user has 
> > simultaneous  > connections, the user is always redirected to the 
> > same server. Each  > proxy server is running its own director 
> > process, and the directors are  > communicating the state to each 
> > others. Directors are mainly useful for  > setups where all of the 
> > mail storage is seen by all servers, such as  > with NFS or a cluster 
> > filesystem."
> >  >
> >  > 
> >  > Zhang Huangbin, founder of:
> >  > - iRedMail: Open source email server solution: 
> >  > https://www.iredmail.org/
> >  > - Spider: Lightweight, on-premises Email Archiving Software: 
> >  > https://spiderd.io
> >  
> >  Aha makes sense, although I was not able to see how can index files 
> > be  corrupted when its if will going to be updated, its in same 
> > manner as  from different connection, e.g. opening email account 
> > from different app  clients, with different connections, does not corrupt 
> > the index files?
> >  
> >  Also, Is it the issue Director resolving as well its with 
> > maintaining  the logged in dovecot connection to same backend? 
> > Anyhow, thanks for  your valuable efforts in clearing this :)
> >  
> >  I wondered if there is any other solution to avoid corrupting index  
> > files? Perhaps if dovecot offer database indexing as well as login  
> > sessions, it seems that this would eliminate Director requirement, 
> > and  offer better high availability, as for now userdb/authdb is 
> > only  available per my knowledge, and using database cluster 
> > resolves the  issue with user and auth queries during simultaneous 
> > connections to a  different backends.
> >  
> >  Otherwise, it seems in large enterprise deployment with high  
> > availability a Director implementation will be needed, hopefully we 
> > will  find an alternative solution by the time Dovecot 3 is released.
> >  
> >  I might need to get my head around building dovecot with customised  
> > modules and review the code which was removed and return it back, if  
> > anyone is planning to this, and well off ahead of me, please let me  
> > know, we might be able to help one another.
> >  
> >  With thanks.
> >  
> >  Zakaria.
> >

AW: Monitoring Dovecot Replication

[MK]

Hello David,

that's the thing I want to know. To build a script to check this is not the 
problem. 
In the first check I have started with " doveadm replicator status" search for 
" Waiting 'failed' requests" and if this is > 0 then
give me a failure. But if I have this in my monitoring then I have a lot of 
alarms that where cleared during the next poll.
For example: OpenNMS polls this nrpe check that looks at the value described, 
there are one or more "Waiting 'failed' requests"
it gives an alarm. 5 min later (the next poll from OpenNMS) the "Waiting 
'failed' requests" are 0 because dovecot has fixed the 
the failed users by itself. And so I have a lot of alarms that where cleared 
5-10 min after they came into the monitoring without
doing anything. 
I'm searching for a way to get the user out of the system where dovecot could 
not solve a failure by itself. 
Because this is what I want to altert so that I can take a look and fix it. 

Regards,
Oliver

-Ursprüngliche Nachricht-
Von: dovecot [mailto:dovecot-boun...@dovecot.org] Im Auftrag von David 
Morsberger
Gesendet: Donnerstag, 18. Februar 2021 23:17
An: MK
Cc: dovecot@dovecot.org
Betreff: Re: Monitoring Dovecot Replication

Oliver,

What’s your observable event that indicates replication has failed or is 
behind? Log message? Different file checksums?

David 

> On Feb 18, 2021, at 10:54 AM, MK  wrote:
> 
> Hello Andrea,
> 
> thanks for sharing your script to the community.
> 
> But think your script does not solve my problem. Monitoring failed 
> replication with the output of "doveadm replicator status"
> I have allready tried. In my opinion there is nothing in this output and also 
> in other status output I found that shows me the
> user that failed longer time and where the replication process does not solve 
> this failure by itself. 
> I'm searching for something that shows me an alarm if dovecot could not fix a 
> replication by itself
> after > 10 min. With my experience the most replication failures where fixed 
> by dovecot automatically
> in under 10 min. Because dovecot starts every 5min another try. 
> Or did you have a logic outside this script, maybe in Check_MK that knows 
> when a user is greater than 10 min 
> out of replication or something like hat? Until now I don't unterstand how 
> this works for you as monitoring the 
> replication. 
> 
> To understand my side better. We are using OpenNMS to monior our servers and 
> in this case I would use a 
> nrpe check on the cluster to monitor this. OpenNMS polls this check every 5 
> min and if it gives a fail result
> I have an alarm. Maybe this helps a little bit to understand my problem.
> 
> Regards,
> Oliver
> 
> -Ursprüngliche Nachricht-
> Von: dovecot [mailto:dovecot-boun...@dovecot.org] Im Auftrag von Andrea 
> Gabellini
> Gesendet: Montag, 15. Februar 2021 11:04
> An: Steven Varco; dovecot@dovecot.org
> Betreff: Re: Monitoring Dovecot Replication
> 
> Hello,
> 
> here my script. I'm not a professional programmer... ;-)
> 
> Andrea
> 
> Il 12/02/21 17:53, Steven Varco ha scritto:
>> Hi Andrea
>> 
>> It would be great if oyu could post that here, as I (and possibly others) 
>> would also be interested. :)
>> 
>> thanks,
>> Steven
>> 
> 
> -- 
> __
> hAS ANYONE SEEN MY cAPSLOCK KEY?
> __
> 
> TIM San Marino S.p.A.
> Andrea Gabellini
> Engineering R
> TIM San Marino S.p.A. - https://www.telecomitalia.sm
> Via Ventotto Luglio, 212 - Piano -2
> 47893 - Borgo Maggiore - Republic of San Marino
> Tel: (+378) 0549 886237
> Fax: (+378) 0549 886188
> 
> 
> 
> --
> Informativa Privacy
> 
> Questa email ha per destinatari dei contatti presenti negli archivi di TIM 
> San Marino S.p.A.. Tutte le informazioni vengono trattate e tutelate nel 
> rispetto della normativa vigente sulla protezione dei dati personali (Reg. EU 
> 2016/679). Per richiedere informazioni e/o variazioni e/o la cancellazione 
> dei vostri dati presenti nei nostri archivi potete inviare una email a 
> priv...@telecomitalia.sm.
> 
> Avviso di Riservatezza
> 
> Il contenuto di questa e-mail e degli eventuali allegati e' strettamente 
> confidenziale e destinato alla/e persona/e a cui e' indirizzato. Se avete 
> ricevuto per errore questa e-mail, vi preghiamo di segnalarcelo 
> immediatamente e di cancellarla dal vostro computer. E' fatto divieto di 
> copiare e divulgare il contenuto di questa e-mail. Ogni utilizzo abusivo 
> delle informazioni qui contenute da parte di persone terze o comunque non 
> indicate nella presente e-mail potra' essere perseguito ai sensi di legge.

AW: Monitoring Dovecot Replication

[MK]

Hello Andrea,

thanks for sharing your script to the community.

But think your script does not solve my problem. Monitoring failed replication 
with the output of "doveadm replicator status"
I have allready tried. In my opinion there is nothing in this output and also 
in other status output I found that shows me the
user that failed longer time and where the replication process does not solve 
this failure by itself. 
I'm searching for something that shows me an alarm if dovecot could not fix a 
replication by itself
after > 10 min. With my experience the most replication failures where fixed by 
dovecot automatically
in under 10 min. Because dovecot starts every 5min another try. 
Or did you have a logic outside this script, maybe in Check_MK that knows when 
a user is greater than 10 min 
out of replication or something like hat? Until now I don't unterstand how this 
works for you as monitoring the 
replication. 

To understand my side better. We are using OpenNMS to monior our servers and in 
this case I would use a 
nrpe check on the cluster to monitor this. OpenNMS polls this check every 5 min 
and if it gives a fail result
I have an alarm. Maybe this helps a little bit to understand my problem.

Regards,
Oliver

-Ursprüngliche Nachricht-
Von: dovecot [mailto:dovecot-boun...@dovecot.org] Im Auftrag von Andrea 
Gabellini
Gesendet: Montag, 15. Februar 2021 11:04
An: Steven Varco; dovecot@dovecot.org
Betreff: Re: Monitoring Dovecot Replication

Hello,

here my script. I'm not a professional programmer... ;-)

Andrea

Il 12/02/21 17:53, Steven Varco ha scritto:
> Hi Andrea
>
> It would be great if oyu could post that here, as I (and possibly others) 
> would also be interested. :)
>
> thanks,
> Steven
>

-- 
__
hAS ANYONE SEEN MY cAPSLOCK KEY?
__

TIM San Marino S.p.A.
Andrea Gabellini
Engineering R
TIM San Marino S.p.A. - https://www.telecomitalia.sm
Via Ventotto Luglio, 212 - Piano -2
47893 - Borgo Maggiore - Republic of San Marino
Tel: (+378) 0549 886237
Fax: (+378) 0549 886188



--
Informativa Privacy

Questa email ha per destinatari dei contatti presenti negli archivi di TIM San 
Marino S.p.A.. Tutte le informazioni vengono trattate e tutelate nel rispetto 
della normativa vigente sulla protezione dei dati personali (Reg. EU 2016/679). 
Per richiedere informazioni e/o variazioni e/o la cancellazione dei vostri dati 
presenti nei nostri archivi potete inviare una email a priv...@telecomitalia.sm.

Avviso di Riservatezza

Il contenuto di questa e-mail e degli eventuali allegati e' strettamente 
confidenziale e destinato alla/e persona/e a cui e' indirizzato. Se avete 
ricevuto per errore questa e-mail, vi preghiamo di segnalarcelo immediatamente 
e di cancellarla dal vostro computer. E' fatto divieto di copiare e divulgare 
il contenuto di questa e-mail. Ogni utilizzo abusivo delle informazioni qui 
contenute da parte di persone terze o comunque non indicate nella presente 
e-mail potra' essere perseguito ai sensi di legge.

Monitoring Dovecot Replication

[MK]

Hello,

I have a cluster with two dovecot nodes with dovecot replication between them. 
The setup works fine and now I'm searching for a way to monitor the users so 
that I can get an information if the replication fails for one user for a 
longer time and I have to trigger the replication manually. Most of the time if 
I see a replication failure the self healing of dovecot replication repairs 
this in max. 10 min. 

I have tried different combinations of querying " doveadm replicator status '*' 
" and search for failed users and then send an alarm if one of fast sync, full 
sync or success sync reaches a threshold. But there is no combination that 
seems to be working if I only want to trigger this if I have to fix the 
replication manualy. 

Can someone tell me what I have to query to get only the user who's replication 
failed for a longer time (10 min +) and that I have to fix manually?

Thank you.

Oliver

login failure after upgrade to dovecot 2.3.7.2

[MK via dovecot]

Hi List,

after upgrading dovecot from version 2.2.33.2 to 2.3.7.2 I got a lot of error 
messages like the following if the process count of imap processes reaches 
nearly 1000 (~950 (there are a few pop-connections)).

Sep  5 11:27:32 mailbox1 dovecot: imap-login: Internal login failure (pid=27728 
id=116): user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, 
session= Sep  5 11:27:33 mailbox1 dovecot: imap-login: Error: 
master(imap): net_connect_unix(imap) failed: Resource temporarily unavailable - 
http://wiki2.dovecot.org/SocketUnavailable (client-pid=27704, client-id=79, 
rip=x.x.x.x, created 511 msecs ago, received 0/4 bytes)

Our setup consists of some servers with dovecot as proxy/redirector as frontend 
servers, redirecting the logged in users to the backend servers storing the 
mailboxes. 
OS is CentOS 6 on both server types. The backend server in question has usually 
~ 2500 simultaneous imap connections. 

Before the update there where no problems.
During the update I merged the old 2.2 config into the new 2.3 from the fresh 
installed binary (Repo from dovecot.org).
As I found the failure above in the logfile I testet a lot, to figure out how 
to fix this, because for me it seemed to be some limit around 1000 
connections/processes anywhere in the config. In the end I changed the default 
value of "default_client_limit" from ist default 1000 to 8192 and the problem 
was fixed for the moment.
Now I'm trying to understand why this fixes the problem and what the difference 
is between 2.2 and 2.3. For me it seems like something changed in the 
architecture during the release change, but I didn't find anything. I looked 
into the release notes and also checked the differences beween the
2.2 and 2.3 default config values (using doveconf -d).

Can anyone help? 

Here is the output of doveconf -n 

# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 
(7372921a) # OS: Linux 2.6.32-696.23.1.el6.x86_64 x86_64 CentOS release 6.10 
(Final) auth_mechanisms = plain login default_client_limit = 8192 
disable_plaintext_auth = no mail_location = mdbox:%h mail_plugins = quota zlib 
managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto 
reject envelope encoded-character vacation subaddress 
comparator-i;ascii-numeric relational regex imap4flags copy include variables 
body enotify environment mailbox date index ihave duplicate mime foreverypart 
extracttext namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  quota = dict:User quota::file:%h/dovecot-quota
  quota_warning = storage=90%% quota-warning 90 %u
  sieve = file:~/sieve;active=~/.dovecot.sieve
  zlib_save = gz
  zlib_save_level = 6
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh protocols = imap pop3 lmtp 
sieve service imap-login {
  process_min_avail = 12
  service_count = 0
}
service imap {
  process_limit = 8192
}
service lmtp {
  inet_listener lmtp {
address = *
port = 24
  }
}
service pop3-login {
  process_min_avail = 12
  service_count = 0
}
service pop3 {
  process_limit = 1024
}
service quota-warning {
  executable = script /scripts/quota.sh
  unix_listener quota-warning {
user = vmail
  }
  user = vmail
}
ssl = no
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
verbose_proctitle = yes
protocol lmtp {
  mail_plugins = quota zlib sieve
}
protocol imap {
  mail_max_userip_connections = 30
  mail_plugins = quota zlib imap_quota
}
protocol pop3 {
  mail_plugins = quota zlib
}

greetings,
Oliver

AW: CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole

[MK via dovecot]

>> On 2 Sep 2019, at 11.01, MK via dovecot  wrote:
>> 
>> Good Morning List,
>> 
>> just a short question to this vulnerability. We are using a setup with 
>> dovecot redirector/proxy frontend servers
>> and some backend server, which store the mailboxes. 
>> Is it anough to update the frontend servers if I like to fix the the 
>> vulnerability?

>No. 
>
>Sami

Thanks. Do I understand this correct that updating the frontends fixes only the 
vulnerability for anonymous requests 
and for users logged in the vulnerability still exists if I don't update the 
backend servers?

Oliver

AW: CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole

[MK via dovecot]

Good Morning List,

just a short question to this vulnerability. We are using a setup with dovecot 
redirector/proxy frontend servers
and some backend server, which store the mailboxes. 
Is it anough to update the frontend servers if I like to fix the the 
vulnerability?

greetings,
Oliver