Re: sieve duplicate with 2.3.16
Le 09/05/2024 à 12:07, Jean-Max Reymond a écrit : Hi, I was running dovecot 2.3.7.2 with ubuntu 20.04 Lastweek, I upgrade to Ubuntu 22.04 and dovecot 2.3.16 My configuration was migrated and all is fine expected the sieve duplicate. It does notwork and i don't understand why. sorry for the duplicate post trace dovecot for debug It seems that Pigeonhole has detected multiple messages with msgid=<00fb2844-f7b0-47af-8684-bcb090ec9...@ik.me> Is it possible that it is two separate processes running in parallel mode without interactions ? Thanks for your tips. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
sieve duplicate with 2.3.16
Hi,
I was running dovecot 2.3.7.2 with ubuntu 20.04
Lastweek, I upgrade to Ubuntu 22.04 and dovecot 2.3.16
My configuration was migrated and all is fine expected the sieve
duplicate. It does notwork and i don't understand why.
% doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
managesieve(ubuntu): Debug: sieve: Pigeonhole version 0.5.16 (09c29328)
initializing
managesieve(ubuntu): Debug: sieve: include: sieve_global is not set; it
is currently not possible to include `:global' scripts.
# OS: Linux 5.15.0-105-generic x86_64 Ubuntu 22.04.4 LTS ext4
# Hostname: 2D17911.online-server.cloud
auth_mechanisms = plain login
first_valid_uid = 8
log_debug = category=sieve
mail_fsync = never
mail_location = maildir:/home/Mails/%u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
sieve = ~/.dovecot.sieve
sieve_before = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
}
postmaster_address = postmas...@ckr-solutions.com
protocols = imap sieve
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
service stats {
unix_listener stats-writer {
mode = 0666
}
}
ssl_cert = ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_max_userip_connections = 10
}
protocol lmtp {
mail_fsync = optimized
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_fsync = optimized
mail_plugins = sieve
postmaster_address = postmas...@ckr-solutions.com
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
trace dovecot for debug
...
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292077><8XgtAcKfPGZt+SIA4rRGvA>:
sieve: msgid=<00fb2844-f7b0-47af-8684-bcb090ec9...@ik.me>: stored mail
into mailbox 'INBOX'
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292077><8XgtAcKfPGZt+SIA4rRGvA>:
Debug: sieve: msgid=<00fb2844-f7b0-47af-8684-bcb090ec9...@ik.me>: Finish
implicit keep action
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292077><8XgtAcKfPGZt+SIA4rRGvA>:
Debug: sieve: msgid=<00fb2844-f7b0-47af-8684-bcb090ec9...@ik.me>:
Finishing actions
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292077><8XgtAcKfPGZt+SIA4rRGvA>:
Debug: sieve: msgid=<00fb2844-f7b0-47af-8684-bcb090ec9...@ik.me>: Finish
duplicate_mark action
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292077><8XgtAcKfPGZt+SIA4rRGvA>:
Debug: sieve: msgid=<00fb2844-f7b0-47af-8684-bcb090ec9...@ik.me>:
Finished executing result (final, status=ok, keep=yes)
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292077><8XgtAcKfPGZt+SIA4rRGvA>:
Debug: sieve: multi-script: Sequence finished (status=ok, keep=yes)
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292077><8XgtAcKfPGZt+SIA4rRGvA>:
Debug: sieve: multi-script: Destroy
May 9 12:04:50 2D17911 postfix/pipe[2292075]: DE15D396023E:
to=, orig_to=,
relay=dovecot, delay=0.35, delays=0.09/0.01/0/0.25, dsn=2.0.0,
status=sent (delivered via dovecot service)
May 9 12:04:50 2D17911 postfix/qmgr[1855785]: DE15D396023E: removed
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
sieve duplicate with 2.3.16
Hi,
I was running dovecot 2.3.7.2 with ubuntu 20.04
Lastweek, I upgrade to Ubuntu 22.04 and dovecot 2.3.16
My configuration was migrated and all is fine expected the sieve
duplicate. It does notwork and i don't understand why.
% doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
managesieve(ubuntu): Debug: sieve: Pigeonhole version 0.5.16 (09c29328)
initializing
managesieve(ubuntu): Debug: sieve: include: sieve_global is not set; it
is currently not possible to include `:global' scripts.
# OS: Linux 5.15.0-105-generic x86_64 Ubuntu 22.04.4 LTS ext4
# Hostname: 2D17911.online-server.cloud
auth_mechanisms = plain login
first_valid_uid = 8
log_debug = category=sieve
mail_fsync = never
mail_location = maildir:/home/Mails/%u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
sieve = ~/.dovecot.sieve
sieve_before = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
}
postmaster_address = postmas...@ckr-solutions.com
protocols = imap sieve
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
service stats {
unix_listener stats-writer {
mode = 0666
}
}
ssl_cert = ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_max_userip_connections = 10
}
protocol lmtp {
mail_fsync = optimized
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_fsync = optimized
mail_plugins = sieve
postmaster_address = postmas...@ckr-solutions.com
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
trace dovecot for debug
May 9 12:04:49 2D17911 postfix/qmgr[1855785]: DE15D396023E:
from=, size=2313, nrcpt=3 (queue active)
May 9 12:04:50 2D17911 amavis[2290921]: (2290921-01) Passed CLEAN
{RelayedOpenRelay}, [185.125.25.11]:58641 [185.125.25.11]
->
,, Queue-ID:
91D2E3960097, Message-ID: <00fb2844-f7b0-47af-8684-bcb090ec9...@ik.me>,
mail_id: lukXw6VSEsMW, Hits: -2.821, size: 1854, queued_as:
DE15D396023E, dkim_sd=20200325:ik.me, 5242 ms
May 9 12:04:50 2D17911 postfix/smtp[2292055]: 91D2E3960097:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10024, delay=5.4, delays=0.16/0.01/0.09/5.2,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250
2.0.0 Ok: queued as DE15D396023E)
May 9 12:04:50 2D17911 postfix/smtp[2292055]: 91D2E3960097:
to=, relay=127.0.0.1[127.0.0.1]:10024,
delay=5.4, delays=0.16/0.01/0.09/5.2, dsn=2.0.0, status=sent (250 2.0.0
from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as DE15D396023E)
May 9 12:04:50 2D17911 postfix/qmgr[1855785]: 91D2E3960097: removed
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292074>:
Debug: sieve: Pigeonhole version 0.5.16 (09c29328) initializing
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292074>:
Debug: sieve: include: sieve_global is not set; it is currently not
possible to include `:global' scripts.
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292074>:
Debug: sieve: file storage: Using active Sieve script path:
/home/Mails/jmreym...@ckr-solutions.com/.dovecot.sieve
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292074>:
Debug: sieve: file storage: Using script storage path:
/home/Mails/jmreym...@ckr-solutions.com//sieve
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292074>:
Debug: sieve: file storage: Relative path to sieve storage in active
link: sieve/
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292074>:
Debug: sieve: file storage: Using Sieve script path:
/home/Mails/jmreym...@ckr-solutions.com/.dovecot.sieve
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292074>:
Debug: sieve: file storage: Storage path
`/home/Mails/jmreym...@ckr-solutions.com/.dovecot.sieve' not found
May 9 12:04:50 2D17911 dovecot:
lda(jmreym...@ckr-solutions.com)<2292074>:
Debug: sieve: User has no active script in storage
Re: "Connection reset by peer" errors with Outlook
On 23/01/2024 09:23, Joseph Tam wrote: My guess is Outlook is doing some autodiscovery/autoconfiguration thing, and occasionally hits the right combo and successfully authenticates. I think, the intention is to make life of users easier: no need to remember authentication type, starttls or SSL on another port, etc. Doesn't it try service discovery before fallback to authentication attempts? However I am unsure if it expects DNS records or well-known path on the HTTP server. Serving configuration this way might help to avoid issues with fail2ban. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Authentication failure due to address space limit
On 15/12/2023 18:56, Max Nikulin wrote: On 14/12/2023 18:01, Aki Tuomi via dovecot wrote: You can set service auth and service auth-worker vsz_limit to 2G, that is usually enough for PAM and Argon2. Thank you. In my first message I wrote that 1G was enough in my case. Actually 1G sometimes is not enough. Thunderbird with its multiple parallel connections created simultaneously may be quite successful in making authentication failures rather annoying. I have not seen failure with "vsz_limit = 2G" yet. It appears just like incorrect passwords in logs mixed with successful authentications. 12:33:23 dovecot[4299]: auth-worker(4449): Debug: conn unix:auth-worker (pid=4307,uid=114): auth-worker<1>: pam(test,127.0.0.1,): #1/1 style=1 msg=Password: 12:33:23 auth[4449]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=test rhost=127.0.0.1 user=test 12:33:24 dovecot[4299]: auth-worker(4449): conn unix:auth-worker (pid=4307,uid=114): auth-worker<1>: pam(test,127.0.0.1,): pam_authenticate() failed: Authentication failure (Password mismatch?) Earlier I believed that I know another (inconvenient) workaround: edit /etc/pam.d/dovecot to put content of common-auth and common-session literally and disabling pam_fscrypt.so specifically for dovecot. Unfortunately it does not work. Auth worker still loads pam_fscrypt.so from common-password through some other config file. Even if debug is enabled for pam_fscrypt.so, this library generates no output for both successful and failed authentication attempts. On the other hand I can get debug output from "auth optional pam_fscrypt.so debug". I have no idea what piece of code (Go runtime, Dovecot, https://github.com/google/fscrypt) causes silent errors leading to authentication failures. It is disappointing since Go+fscrypt should be no-op in this case. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Authentication failure due to address space limit
On 14/12/2023 18:01, Aki Tuomi via dovecot wrote: You can set service auth and service auth-worker vsz_limit to 2G, that is usually enough for PAM and Argon2. Thank you. In my first message I wrote that 1G was enough in my case. It is rather disappointing that pam_fscrypt does nothing for a mail user. Amount of rally used memory is negligible. Configuration adjustment is necessary to avoid Go runtime initialization only. I am realizing that implementation of cgroup based resource limits require significant efforts. I asked if this pitfall should be documented in the manual. Nobody is interested however. It may be reasonable since the case is quite specific. At least those who might face a similar issue in future have more chances to notice this thread in search results. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Authentication failure due to address space limit
On 06/12/2023 18:06, Max Nikulin wrote:
dovecot[72165]: auth-worker: Error: fatal error: failed to reserve page
summary memory
dovecot[72165]: auth-worker: Error:
dovecot[72165]: auth-worker: Error: runtime stack:
dovecot[72165]: auth-worker: Error: runtime.throw({0x7f552c418194?,
0x7f552c1feb10?})
dovecot[72165]: auth-worker: Error: runtime/panic.go:1047 +0x5f
fp=0x7f552c1feac0 sp=0x7f552c1fea90 pc=0x7f552c28a53f
dovecot[72165]: auth-worker: Error:
runtime.(*pageAlloc).sysInit(0x7f552c5f6fd0)
For the case that somebody will get this thread in search engine results:
I have found another thread describing similar errors due to a custom
PAM module for 2 factor authentication:
dovecot: lmtp: Error: fatal error: failed to reserve page summary memory
https://dovecot.org/pipermail/dovecot/2020-September/119952.html
Thu Sep 17 12:20:12 EEST 2020
https://dovecot.org/pipermail/dovecot/2020-October/120108.html
Thu Oct 8 18:04:26 EEST 2020
Perhaps Go is not the best language to implement PAM modules if memory
footprint is not expected to be large. On the other hand e.g. argon2
hashes may be really memory hungry, so vsz_limit must be set to
appropriate value.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Authentication failure due to address space limit
Hi,
I faced an error that appeared rather obscure at first, so I am trying
to figure out if something can be improved. I have managed to solve the
issue.
I am running a Dovecot IMAP server to keep my personal mail archive.
This server does not receive or send mail, just IMAP access. There was
no reason to tune its performance, so its configuration is close to what
Debian package has out of the box (actually doc/example-config).
At certain moment I started to get authentication failures:
dovecot[72165]: auth-worker: Error: fatal error: failed to reserve page
summary memory
dovecot[72165]: auth-worker: Error:
dovecot[72165]: auth-worker: Error: runtime stack:
dovecot[72165]: auth-worker: Error: runtime.throw({0x7f552c418194?,
0x7f552c1feb10?})
dovecot[72165]: auth-worker: Error: runtime/panic.go:1047 +0x5f
fp=0x7f552c1feac0 sp=0x7f552c1fea90 pc=0x7f552c28a53f
dovecot[72165]: auth-worker: Error:
runtime.(*pageAlloc).sysInit(0x7f552c5f6fd0)
dovecot[72165]: auth-worker: Error: runtime/mpagealloc_64bit.go:82
+0x195 fp=0x7f552c1feb48 sp=0x7f552c1feac0 pc=0x7f552c280ef5
dovecot[72165]: auth-worker: Error:
runtime.(*pageAlloc).init(0x7f552c5f6fd0, 0x7f552c5f6fc0, 0x0?)
dovecot[72165]: auth-worker: Error: runtime/mpagealloc.go:324
+0x70 fp=0x7f552c1feb70 sp=0x7f552c1feb48 pc=0x7f552c27eb50
dovecot[72165]: auth-worker: Error: runtime.(*mheap).init(0x7f552c5f6fc0)
dovecot[72165]: auth-worker: Error: runtime/mheap.go:729 +0x13f
fp=0x7f552c1feba8 sp=0x7f552c1feb70 pc=0x7f552c27bf5f
dovecot[72165]: auth-worker: Error: runtime.mallocinit()
dovecot[72165]: auth-worker: Error: runtime/malloc.go:407 +0xb2
fp=0x7f552c1febd0 sp=0x7f552c1feba8 pc=0x7f552c260e72
dovecot[72165]: auth-worker: Error: runtime.schedinit()
dovecot[72165]: auth-worker: Error: runtime/proc.go:693 +0xab
fp=0x7f552c1fec30 sp=0x7f552c1febd0 pc=0x7f552c28df0b
dovecot[72165]: auth-worker: Error: runtime.rt0_go()
dovecot[72165]: auth-worker: Error: runtime/asm_amd64.s:345
+0x120 fp=0x7f552c1fec38 sp=0x7f552c1fec30 pc=0x7f552c2b7c20
dovecot[72165]: auth: Error: auth-worker: Aborted PASSV request for
mailuser: Worker process died unexpectedly
dovecot[72165]: auth-worker: Fatal: master: service(auth-worker): child
72211 returned error 2
Such errors happen even for invalid users
curl -v 'imap://bad:bad@localhost/'
I have realized that it may be related to the pam_fscrypt plugin I had
installed before. It is intended for another system user, so I did not
expect any negative consequence on Dovecot. Disabling the module
confirmed my guess.
This PAM module is written in Go and language runtime requires almost 1G
of address space (RLIMIT_AS) even when actual memory allocation is
several times lower (the user has no configured login protector).
https://github.com/golang/go/issues/38010
"runtime: high startup address space usage (RLIMIT_AS) on Linux AMD64"
The code of the fscrypt PAM module has Go panic handlers, but this case
error happens early during runtime initialization, so error handlers
have not set yet and can not provide a more instructive error.
I do not like that Go has no knobs like compile or link flags to prevent
early allocation of rather large address space. At the same time I admit
that doing garbage collection efficiently is tricky and unreasonable
efforts may be required to allow modest address space at startup.
Default Dovecot configuration has vsz_limit = $default_vsz_limit = 256M
The following configuration snippet solves the issue:
service auth-worker {
# still crash, but later
# vsz_limit = 800M
vsz_limit = 1024M
}
I am realizing that my use case is rather specific. Mail and encrypted
home directories are hardly compatible. However some other PAM modules
may cause similar issues.
Cgroup Linux kernel feature should allow to limit real memory usage and
it should be better than per-process limits imposed on address space
size. However assigning proper control groups for Dovecot processes may
be not so trivial.
I am unsure if auth-worker vsz_limit or default_vsz_limit should be
raised in the example configuration.
Do you think it is reasonable to add warnings concerning PAM plugins and
vsz_limit to docs? I mean
- https://doc.dovecot.org/configuration_manual/authentication/pam/
-
https://doc.dovecot.org/configuration_manual/service_configuration/#auth-worker
in a similar way as it is done for Argon2 in
https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
P.S. Debian 12 bookworm, Dovecot 1:2.3.19.1+dfsg1-2.1
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: remove duplicate emails
Le 05/04/2022 à 09:16, Aki Tuomi a écrit :
On 04/04/2022 13:44 Jean-Max Reymond wrote:
Hi,
I have postfix running and sometimes and I have some duplicate emails
with the same Message-ID.
With dovecot sieve, I understand that duplicate option remove these
emails but I don't understand the configuration to apply.
Thanks for your tips,
Hi!
you can remove existing duplicates with `doveadm deduplicate` command.
Aki
Thanks for your answer but I want to delete from the incoming mail stream.
I have improved my configuration and now, I have
plugin {
sieve = ~/.dovecot.sieve
sieve_default = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
sieve_trace_debug = yes
sieve_trace_dir = /var/log/sieve.log
}
and
# cat /var/lib/dovecot/sieve/default.sieve
require ["duplicate", "fileinto", "mailbox"];
if duplicate {
fileinto :create "Trash/Duplicate";
}
but I have always duplicate emails.
OpenPGP_0xDC699743CAE6E6EB.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
remove duplicate emails
Hi,
I have postfix running and sometimes and I have some duplicate emails
with the same Message-ID.
With dovecot sieve, I understand that duplicate option remove these
emails but I don't understand the configuration to apply.
Thanks for your tips,
# doveconf -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.4.0-104-generic x86_64 Ubuntu 20.04.4 LTS
# Hostname: B7B3274.online-server.cloud
auth_mechanisms = plain login
first_valid_uid = 8
log_path = /var/log/dovecot.log
mail_location = maildir:~
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_client_ca_dir = /etc/ssl/certs
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_max_userip_connections = 50
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = postmaster
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
OpenPGP_0xDC699743CAE6E6EB.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
Re: cannot see my mails
Le 26/04/2021 à 13:45, Aki Tuomi a écrit : On 26/04/2021 14:38 Jean-Max Reymond wrote: Le 26/04/2021 à 13:31, Aki Tuomi a écrit : On 26/04/2021 14:28 Jean-Max Reymond wrote: Le 26/04/2021 à 13:24, Yassine Chaouche a écrit : Le 4/26/21 à 10:22 AM, Jean-Max Reymond a écrit : > After a change of server When you changed servers, did you copy the contents of (probably) /var/vmail/ from the old server to the new server ? this is usually where e-mails are stored. You can also use imap-sync from old to new server. This should automatically transfer your old mail there (if old server is still operationnal) yep, the 144 GB of mails are copied. The correct owner is mail:mail. Database posfixadmin is copied and authentification by sql works fine.dovecot does not report any issues, postfix works like a charm. I have deleted for only one mailbox, the dovecot files but no changes. -- Jean-Max Reymond CKR Solutions Open Source https://www.ckr-solutions.com Does output of `doveadm user your-user-name` match with where you copied all your mails to? Aki # doveadm user jmreym...@normaal.fr field value uid 8 gid 8 home/home/Mails/jmreym...@normaal.fr/ mailmaildir:~/Maildir maildir jmreym...@normaal.fr/ # ls -ld /home/Mails/jmreym...@normaal.fr/* drwx-- 2 mail mail 4096 Mar 26 07:12 /home/Mails/jmreym...@normaal.fr/cur drwx-- 3 mail mail 4096 Nov 8 2014 /home/Mails/jmreym...@normaal.fr/mail drwx-- 8 mail mail 4096 Apr 26 13:24 /home/Mails/jmreym...@normaal.fr/Maildir drwx-- 2 mail mail 4096 Apr 26 11:12 /home/Mails/jmreym...@normaal.fr/new -rw--- 1 mail mail 18 Jun 10 2019 /home/Mails/jmreym...@normaal.fr/subscriptions drwx-- 2 mail mail 4096 Apr 26 11:12 /home/Mails/jmreym...@normaal.fr/tmp -- Jean-Max Reymond CKR Solutions Open Source https://www.ckr-solutions.com home/home/Mails/jmreym...@normaal.fr/ mailmaildir:~/Maildir this is what matters, so dovecot expects to see your maildir structure under /home/Mails/jmreym...@normaal.fr/Maildir/ Aki YES, it works :-) thanks a lot, Aki and Yassine. -- Jean-Max Reymond CKR Solutions Open Source https://www.ckr-solutions.com
Re: cannot see my mails
Le 26/04/2021 à 13:31, Aki Tuomi a écrit : On 26/04/2021 14:28 Jean-Max Reymond wrote: Le 26/04/2021 à 13:24, Yassine Chaouche a écrit : Le 4/26/21 à 10:22 AM, Jean-Max Reymond a écrit : > After a change of server When you changed servers, did you copy the contents of (probably) /var/vmail/ from the old server to the new server ? this is usually where e-mails are stored. You can also use imap-sync from old to new server. This should automatically transfer your old mail there (if old server is still operationnal) yep, the 144 GB of mails are copied. The correct owner is mail:mail. Database posfixadmin is copied and authentification by sql works fine.dovecot does not report any issues, postfix works like a charm. I have deleted for only one mailbox, the dovecot files but no changes. -- Jean-Max Reymond CKR Solutions Open Source https://www.ckr-solutions.com Does output of `doveadm user your-user-name` match with where you copied all your mails to? Aki # doveadm user jmreym...@normaal.fr field value uid 8 gid 8 home/home/Mails/jmreym...@normaal.fr/ mailmaildir:~/Maildir maildir jmreym...@normaal.fr/ # ls -ld /home/Mails/jmreym...@normaal.fr/* drwx-- 2 mail mail 4096 Mar 26 07:12 /home/Mails/jmreym...@normaal.fr/cur drwx-- 3 mail mail 4096 Nov 8 2014 /home/Mails/jmreym...@normaal.fr/mail drwx-- 8 mail mail 4096 Apr 26 13:24 /home/Mails/jmreym...@normaal.fr/Maildir drwx-- 2 mail mail 4096 Apr 26 11:12 /home/Mails/jmreym...@normaal.fr/new -rw--- 1 mail mail 18 Jun 10 2019 /home/Mails/jmreym...@normaal.fr/subscriptions drwx-- 2 mail mail 4096 Apr 26 11:12 /home/Mails/jmreym...@normaal.fr/tmp -- Jean-Max Reymond CKR Solutions Open Source https://www.ckr-solutions.com
Re: cannot see my mails
Le 26/04/2021 à 13:24, Yassine Chaouche a écrit : Le 4/26/21 à 10:22 AM, Jean-Max Reymond a écrit : > After a change of server When you changed servers, did you copy the contents of (probably) /var/vmail/ from the old server to the new server ? this is usually where e-mails are stored. You can also use imap-sync from old to new server. This should automatically transfer your old mail there (if old server is still operationnal) yep, the 144 GB of mails are copied. The correct owner is mail:mail. Database posfixadmin is copied and authentification by sql works fine.dovecot does not report any issues, postfix works like a charm. I have deleted for only one mailbox, the dovecot files but no changes. -- Jean-Max Reymond CKR Solutions Open Source https://www.ckr-solutions.com
Re: cannot see my mails
Le 26/04/2021 à 13:13, Yassine Chaouche a écrit : Le 4/26/21 à 10:22 AM, Jean-Max Reymond a écrit : > Hi, > After a change of server, I cannot see my mails. postfix is OK and I > receive emails. If I send emails, with roundcube or thunderbird, I > can seethese new sent emails. Access rights seems OK. Dovecot with > debug trace does not complain. Any tips ? Hello Jean-Max You see sent mails but not received mails ? You see new mails but not old mails ? as if your inbox has just been created ? -- Yassine not exactly. I cannot see any received mails, old or new and I am sure I received new emails. I can see new mails I sent. If I move an email from Sent to Inbox with roundcube or thunderbird, I can see these emails in Inbox. -- Jean-Max Reymond CKR Solutions Open Source https://www.ckr-solutions.com
Re: cannot see my mails
Le 26/04/2021 à 11:22, Jean-Max Reymond a écrit :
Hi,
After a change of server, I cannot see my mails.
postfix is OK and I receive emails.
If I send emails, with roundcube or thunderbird, I can see these new
sent emails. Access rights seems OK. Dovecot with debug trace does not
complain.
Any tips ?
# dovecot -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.15.0-142-generic x86_64 Ubuntu 18.04.5 LTS
auth_mechanisms = plain login
first_valid_uid = 8
log_path = /var/log/dovecot.log
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_client_ca_dir = /etc/ssl/certs
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_max_userip_connections = 10
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = postmaster
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
--
Jean-Max Reymond
CKR Solutions Open Source https://www.ckr-solutions.com
cannot see my mails
Hi,
After a change of server, I cannot see my mails.
postfix is OK and I receive emails.
If I send emails, with roundcube or thunderbird, I can see these new
sent emails. Access rights seems OK. Dovecot with debug trace does not
complain.
Any tips ?
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
home_mailbox = Maildir/
local_recipient_maps = $virtual_mailbox_maps
local_transport = virtual
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf
-m "${EXTENSION}"
message_size_limit = 3072
milter_default_action = accept
milter_protocol = 2
mydestination = localhost
non_smtpd_milters = inet:localhost:12345
readme_directory = no
slow_destination_concurrency_limit = 2
slow_destination_recipient_limit = 20
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_milters = inet:localhost:12345
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/dovecot/private/dovecot.pem
smtpd_tls_key_file = /etc/dovecot/private/dovecot.key
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = yes
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
vacation_destination_recipient_limit = 1
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
virtual_gid_maps = static:8
virtual_mailbox_base = /home/Mails
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql/virtual_domains_maps.cf
virtual_mailbox_limit = 20480
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 8
virtual_transport = virtual
virtual_uid_maps = static:8
yahoo_destination_concurrency_limit = 4
yahoo_destination_rate_delay = 1s
yahoo_destination_recipient_limit = 2
yahoo_initial_destination_concurrency = 1
--
Jean-Max Reymond
CKR Solutions Open Source https://www.ckr-solutions.com
Re: Dovecot/doveadm quota
I think these changes will confuse users because calculated quota wouldn't be equals with total messages sizes. Marsistynas Bendorius писал 2020-02-07 11:07: Is there any reason why dovecot relies on S= instead of real disk size email takes? 1) compressed mails take less than than the S= specified 2) we could avoid using "S=" for the lookups and count every file there, including indexes and mails without S=... if we'd read filesizes -- With best regards, Max Kostikov W: https://kostikov.co | DeltaChat: m...@eprove.net signature.asc Description: OpenPGP digital signature
Plugins/Mailcrypt: mail_crypt_private_password not assigned by password_query
I try to use Mailcrypt encrypted user keys with conjustion with dbsync
replication(Dovecot 2.3.6 in FreeBSD 12.0 enviroment) but was
unsuccessful.
If I provide a password in mail_crypt_private_password variable directly
in Dovecot config all things works as expected
plugin {
mail_crypt_curve = prime256v1
mail_crypt_save_version = 2
mail_crypt_require_encrypted_user_key = yes
mail_crypt_private_password = 12345
}
but when I remove this and trying to get the same user password in
password_query it seems password doesn't assigned
password_query = SELECT username AS user, password, \
'%w' AS userdb_mail_crypt_private_password \
FROM mailbox WHERE username = LCASE('%u') \
AND active = '1'
with errors like this in log at server where message was accepted from
remote system
May 20 00:40:31 server1 dovecot[35417]:
dsync-local(f...@example.com): Error:
dsync(server1.example.com): read() failed:
read(/var/mail/example.com/foo/new/1558305609.M674400P35456.server1.example.com,S=4493,W=4601:2,a)
failed: Private key not available: Cannot decrypt key
a4ceb2df0287c0c0ccb0d76e31d91824e1f13e9ffe63d1e04a9a233a073d8a64: Cannot
decrypt key
5d19a9246ddce2759a21462974add562dd90f2cb2aa3ff6a5af1af1e3e9b58e6:
Password not available (last sent=mail, last recv=mail_request (EOL))
and errors at replica server
May 20 00:40:31 server2 dovecot[63985]:
dsync-local(f...@example.com): Error:
dsync(server2.example.com): read() failed: read() failed: dot-input
stream ends without '.' line (last sent=mail_request (EOL), last
recv=mail)
The question is it possible to have password encrypted user keys with
Dovecot dbsync replication or we found a new bug?
--
With best regards,
Max Kostikov
W: https://kostikov.co | DeltaChat: m...@eprove.net
doveadm with 2-level user/domain quotas scheme
Hi!
I believe now it a right time to return to previous discussion about
Dovecot's in 2-level user/domain quotas scheme wich was finished here
https://dovecot.org/pipermail/dovecot/2015-October/102346.html
Here is configuration.
1. Dictionary storage placed in MySQL table "quota2"
root@localhost [(none)]> SHOW COLUMNS FROM quota2 FROM exim;
+--+--+--+-+-+---+
| Field| Type | Null | Key | Default | Extra |
+--+--+--+-+-+---+
| username | varchar(100) | NO | PRI | NULL| |
| bytes| bigint(20) | NO | | 0 | |
| messages | int(11) | NO | | 0 | |
+--+--+--+-+-+---+
3 rows in set (0,00 sec)
2. Two types of quota - for domains with index "2" and for users without
index.
...
plugin {
quota = dict:user_quota::proxy::sqluserquota
quota_rule2 = Trash:storage=+10%%
quota_rule3 = Junk:storage=+10%%
quota_warning = storage=100%% quota-exceeded 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=75%% quota-warning 75 %u
quota2 = dict:domain_quota:%d:proxy::sqldomainquota
}
dict {
sqluserquota = mysql:/usr/local/etc/dovecot/dovecot-dict-sql-user.conf
sqldomainquota =
mysql:/usr/local/etc/dovecot/dovecot-dict-sql-domain.conf
}
service dict {
unix_listener dict {
user = mailnull
mode = 0660
}
}
...
3. Both stored in the same table and files "dovecot-dict-sql-user.conf"
and "dovecot-dict-sql-domain.conf" are identical.
connect = host=localhost dbname=exim user=user password=password
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}
All quotas for users and domains are calculates correctly until "doveadm
quota recalc" use.
root@beta:~ # doveadm quota recalc -u foo@my.domain
root@beta:~ # doveadm quota get -u foo@my.domain
Quota name Type Value Limit
%
user_quota STORAGE 7850978 -
0
user_quota MESSAGE 32474 -
0
domain_quota STORAGE 7850978 -
0
domain_quota MESSAGE 32474 -,
0
If we look at MySQL table directly foo@my.domain quota was counted right
but last users data was copied into domains values.
...
root@localhost [exim]> SELECT * FROM quota2 WHERE username LIKE
'%my.domain';
+---+-+--+
| username | bytes | messages |
+---+-+--+
| foo@my.domain | 8039401321 |32474 |
| my.domain | 8039401321 |32474 |
| john@my.domain| 3455382803 |11142 |
| mary@my.domain| 544637146 | 1965 |
+---+-+--+
4 rows in set (0.00 sec)
...
Also you may see that "doveadm quota get" above gave wrong values. For
domain its produces empty output
root@beta:~ # doveadm quota get -u my.domain
doveadm(my.domain): Error: User doesn't exist
Quota name Type Value Limit
%
Than if we are trying to calculate quota for domain or for all users
(-A) it produces an error.
root@beta:~ # doveadm quota recalc -u my.domain
doveadm(my.domain): Error: User doesn't exist
root@beta:~ # doveadm quota recalc -A
Error: User listing returned failure
doveadm: Error: Failed to iterate through some users
So "doveadm quota" almost useless for such quotas scheme except single
user.
I wrote small shell-script "dovequota.sh" to resolve this issue but I
believe that doveadm need to be fixed too.
(script may be found here
https://kostikov.co/problemy-uchyota-domennoj-kvoty-v-dovecot-2).
--
With best regards,
Max Kostikov
BBM: 24CA5DF8 | W: https://kostikov.co
signature.asc
Description: OpenPGP digital signature
Re: dovecot-lda crash after upgrade to 2.2.28
Thank you. This patch is fully solves the problem. Aki Tuomi писал 2017-03-01 14:02: On 28.02.2017 20:40, Max Kostikov wrote: Thank you. Will be waiting for Dovecot update. Aki Tuomi писал 2017-02-28 20:34: On February 28, 2017 at 7:43 PM Max Kostikov <m...@kostikov.co> wrote: Got it. Here is full backtrace output. Would appear the bug is in 'Trash' plugin. We'll open an issue about this, thank you for reporting this. Aki Hi! We believe this issue is now fixed with https://github.com/dovecot/core/commit/326fb016a23480e4ff8dcc03dc80e76812859bd6.patch Aki Tuomi Dovecot oy -- With best regards, Max Kostikov BBM: 24CA5DF8 | W: https://kostikov.co
Re: dovecot-lda crash after upgrade to 2.2.28
Thank you. Will be waiting for Dovecot update. Aki Tuomi писал 2017-02-28 20:34: On February 28, 2017 at 7:43 PM Max Kostikov <m...@kostikov.co> wrote: Got it. Here is full backtrace output. Would appear the bug is in 'Trash' plugin. We'll open an issue about this, thank you for reporting this. Aki -- With best regards, Max Kostikov BBM: 24CA5DF8 | W: https://kostikov.co
Re: dovecot-lda crash after upgrade to 2.2.28
ge.so.0 #7 0x1402e7e2 in trash_plugin_deinit () from /usr/local/lib/dovecot/lib11_trash_plugin.so #8 0x10aaf20b in hook_mail_user_created () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #9 0x10ab374f in mail_user_init () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #10 0x10ab1c52 in mail_storage_service_next () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #11 0x10ab2435 in mail_storage_service_lookup_next () from /usr/local/lib/dovecot/libdovecot-storage.so.0 #12 0x00425896 in client_create_from_input () #13 0x00425fb2 in main () (gdb) bt full #0 0x1117655a in thr_kill () from /lib/libc.so.7 No symbol table info available. #1 0x1117652b in raise () from /lib/libc.so.7 No symbol table info available. #2 0x11176499 in abort () from /lib/libc.so.7 No symbol table info available. #3 0x10e2af54 in default_error_handler () from /usr/local/lib/dovecot/libdovecot.so.0 No symbol table info available. #4 0x10e2bc5b in i_set_failure_ignore_errors () from /usr/local/lib/dovecot/libdovecot.so.0 No symbol table info available. #5 0x10e2b1f9 in i_fatal () from /usr/local/lib/dovecot/libdovecot.so.0 No symbol table info available. #6 0x10aa190a in mail_namespace_find () from /usr/local/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #7 0x1402e7e2 in trash_plugin_deinit () from /usr/local/lib/dovecot/lib11_trash_plugin.so No symbol table info available. #8 0x10aaf20b in hook_mail_user_created () from /usr/local/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #9 0x10ab374f in mail_user_init () from /usr/local/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #10 0x10ab1c52 in mail_storage_service_next () from /usr/local/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #11 0x10ab2435 in mail_storage_service_lookup_next () from /usr/local/lib/dovecot/libdovecot-storage.so.0 No symbol table info available. #12 0x00425896 in client_create_from_input () No symbol table info available. #13 0x00425fb2 in main () No symbol table info available. (gdb) quit Aki Tuomi писал 2017-02-28 18:34: Your backtrace would've been informative already if you had issued bt full. Just opening it with gdb is not sufficient. -- With best regards, Max Kostikov BBM: 24CA5DF8 | W: https://kostikov.co
Re: dovecot-lda crash after upgrade to 2.2.28
Probably I need to compile 2.2.28 from sources with debug flags. Can you tell me wich flags I need to set for more informative backtrace in gdb? Aki Tuomi писал 2017-02-28 17:42: Can you please issue bt full in gdb and post the output here? -- With best regards, Max Kostikov BBM: 24CA5DF8 | W: https://kostikov.co -- With best regards, Max Kostikov BBM: 24CA5DF8 | W: https://kostikov.co
Re: dovecot-lda crash after upgrade to 2.2.28
I just recreated configuration of Dovecot 2.2.28 and got the same error but in imap service (it was there in logs too as for dovecot-lda but I don't saw it at time). Feb 27 20:09:41 beta dovecot: imap(postmas...@peek.ru): Panic: file mail-namespace.c: line 709 (mail_namespace_find): assertion failed: (ns != NULL) Feb 27 20:09:47 beta dovecot: lda(m...@domain.ru): Panic: file mail-namespace.c: line 709 (mail_namespace_find): assertion failed: (ns != NULL) So I show you only imap backtrace below. # gdb /usr/local/libexec/dovecot/imap 1 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)... Attaching to program: /usr/local/libexec/dovecot/imap, process 1 ptrace: Invalid argument. Core was generated by `imap'. Program terminated with signal 6, Aborted. Reading symbols from /usr/local/lib/dovecot/libdovecot-lda.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/libdovecot-lda.so.0 Reading symbols from /usr/local/lib/dovecot/libdovecot-storage.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/libdovecot-storage.so.0 Reading symbols from /usr/local/lib/dovecot/libdovecot.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/libdovecot.so.0 Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.7 Reading symbols from /usr/lib/libkrb5.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libkrb5.so.11 Reading symbols from /usr/lib/libgssapi.so.10...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgssapi.so.10 Reading symbols from /usr/lib/libgssapi_krb5.so.10...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgssapi_krb5.so.10 Reading symbols from /usr/lib/libasn1.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libasn1.so.11 Reading symbols from /usr/lib/libcom_err.so.5...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libcom_err.so.5 Reading symbols from /lib/libcrypt.so.5...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypt.so.5 Reading symbols from /lib/libcrypto.so.8...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypto.so.8 Reading symbols from /usr/lib/libhx509.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libhx509.so.11 Reading symbols from /usr/lib/libroken.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libroken.so.11 Reading symbols from /usr/lib/libwind.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libwind.so.11 Reading symbols from /usr/lib/libheimbase.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libheimbase.so.11 Reading symbols from /usr/lib/libprivateheimipcc.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libprivateheimipcc.so.11 Reading symbols from /lib/libthr.so.3...(no debugging symbols found)...done. Loaded symbols for /lib/libthr.so.3 Reading symbols from /usr/local/lib/dovecot/lib01_acl_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/lib01_acl_plugin.so Reading symbols from /usr/local/lib/dovecot/lib02_imap_acl_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/lib02_imap_acl_plugin.so Reading symbols from /usr/local/lib/dovecot/lib10_quota_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/lib10_quota_plugin.so Reading symbols from /usr/local/lib/dovecot/lib11_imap_quota_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/lib11_imap_quota_plugin.so Reading symbols from /usr/local/lib/dovecot/lib11_trash_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/lib11_trash_plugin.so Reading symbols from /usr/local/lib/dovecot/lib90_antispam_plugin.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/dovecot/lib90_antispam_plugin.so Reading symbols from /usr/local/lib/compat/pkg/nss_winbind.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/compat/pkg/nss_winbind.so.1 Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x1117655a in thr_kill () from /lib/libc.so.7 [New Thread 13616000 (LWP 100455/)] (gdb) quit Aki Tuomi писал 2017-02-28 13:20: On 28.02.2017 13:16, Max Kostikov wrote: Hi!
dovecot-lda crash after upgrade to 2.2.28
Hi!
I posted this problem few days ago in FreeBSD bugtracker
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217364
So, the problem is in crash of dovecot-lda client while
local mailbox delivery with this message in log
dovecot: lda(my@email): Panic: file mail-namespace.c: line 709
(mail_namespace_find): assertion failed: (ns != NULL)
My Dovecot config stills the same from previous 2.2.27 installation
to I believe that problem in new Dovecot code related namespace.
System:
# uname -v
FreeBSD 11.0-RELEASE-p8 #0: Wed Feb 22 06:12:04 UTC 2017
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
Options:
root@beta:/usr/ports/mail/dovecot2 # make showconfig | grep =on
DOCS=on: Build and/or install documentation
EXAMPLES=on: Build and/or install examples
KQUEUE=on: kqueue(2) support
LIBWRAP=on: TCP wrapper support
LZ4=on: LZ4 compression support
MYSQL=on: MySQL database support
GSSAPI_BASE=on: Use GSSAPI from base
Config:
# doveconf -n
# 2.2.27 (c0f36b0): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: FreeBSD 11.0-RELEASE-p8 amd64 ufs
auth_mechanisms = plain login
default_login_user = dovecot
dict {
sqluserquota = mysql:/usr/local/etc/dovecot/dovecot-dict-sql-user.conf
}
disable_plaintext_auth = no
first_valid_gid = 0
first_valid_uid = 25
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_access_sockets = tcpwrap
login_greeting = Dovecot ready!
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
mail_access_groups = mail
mail_gid = 6
mail_location = maildir:/var/mail/%d/%n
mail_plugins = acl quota trash
mail_privileged_group = mail
mail_uid = 26
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext
namespace {
location =
maildir:/var/mail/%d/.public:INDEXPVT=/var/mail/%d/%n/public
prefix = public.
separator = .
subscriptions = no
type = public
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = .
type = private
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
acl = vfile::cache_secs=300
antispam_backend = mailtrain
antispam_mail_notspam = %u-revoke
antispam_mail_sendmail = /usr/local/etc/dovecot/move-cmd.sh
antispam_mail_sendmail_args =
antispam_mail_spam = %u-report
antispam_spam = Junk
antispam_trash = Trash
quota = dict:user_quota::proxy::sqluserquota
quota_grace = 10%%
quota_rule2 = Trash:storage=+10%%
quota_rule3 = Junk:storage=+10%%
quota_warning = storage=100%% quota-exceeded 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=75%% quota-warning 75 %u
sieve = ~/dovecot.sieve
sieve_before = /usr/local/etc/dovecot/default.sieve
sieve_dir = ~/sieve
sieve_global_path = /usr/local/etc/dovecot/default.sieve
trash = /usr/local/etc/dovecot/dovecot-trash.conf
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener auth-client {
mode = 0660
user = mailnull
}
unix_listener auth-master {
mode = 0660
user = mailnull
}
user = root
}
service dict {
unix_listener dict {
mode = 0660
user = mailnull
}
}
service imap-login {
chroot = login
client_limit = 64
executable = /usr/local/libexec/dovecot/imap-login
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
}
process_limit = 32
process_min_avail = 8
service_count = 1
user = $default_login_user
vsz_limit = 64 M
}
service imap {
executable = /usr/local/libexec/dovecot/imap
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
process_min_avail = 1
service_count = 1
user = $default_login_user
vsz_limit = 64 M
}
service managesieve {
process_limit = 10
}
service pop3-login {
chroot = login
client_limit = 64
executable = /usr/local/libexec/dovecot/pop3-login
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
}
process_limit = 32
process_min_avail = 8
service_count = 1
user = $default_login_user
vsz_limit = 64 M
}
service pop3 {
executable = /usr/local/libexec/dovecot/pop3
}
service quota-warning {
executable = script /usr/local/etc/dovecot/quota_warning.sh
unix_listener quota-warning {
mode = 0660
user = mailnull
}
}
service tcpwrap {
unix_listener login/tcpwrap {
mode = 0600
user = $default_login_user
}
}
ssl_ca = ssl_cipher_list =
Best way to only replicate specific users
Hi, I was wondering about the best way to achieve this. Currently, the users I don't want replicated do not exist on the target system. The source tries to sync them but runs into an error. Technically, that works for me, but it doesn't seem like the right way to do it and clutters the log. Kind Regards, Max
doveadm sync ignores -u option
Hi, Since I upgraded from 2.2.21 to 2.2.23, the user option -u seems to be ignored by doveadm sync, or at least it doesn't handle it correctly. If I run the following in the shell as user 'max': % doveadm sync -u f...@example.com -d doveadm(max): Error: User doesn't exist I get it to work if I set the USER environment variable to f...@example.com: % USER=f...@example.com doveadm sync -u f...@example.com -d # sync runs as expected. Kind Regards, Max
Missing metadata on Dovecot 2.2.14, on Kolab 3.3, Centos 6.6
Hello everyone,
We were trying to provision a system with Dovecot instead of another
working cyrus kolab system.
I am stuck with a problem with the metadata, especially when it comes to
the Special Folders in Kolab 3.3, like Calenders, Tasks, etc, as well as
any user created Folders.
Emails work perfectly, and all the types are correct. But for example, If I
try to change the type of Calenders, or create a new folder from inside
roundcube and set it to type Calenders, it stays at the default which is
mail. Therefore it causes problems, when sharing events, since they are
displayed as mail type and not event type. We've tracked the problem
down to the metadata not existing for special folders. A simple search only
shows the default mail metadata, but nothing for shared folders, or
special folders, etc.
Here is the doveconf -n
-
[root@m3 ~]# doveconf -n
# 2.2.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final)
imap_metadata = yes
mail_attribute_dict = file:Maildir/dovecot-metadata
mail_gid = 5000
mail_location = maildir:~/Maildir
mail_plugins = acl
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
mbox_write_locks = fcntl
namespace {
list = children
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
prefix = shared/%%u/
separator = /
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
driver = shadow
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
unix_listener auth-userdb {
group = vmail
user = vmail
}
}
service dict {
unix_listener dict {
group = vmail
mode = 0666
user = vmail
}
}
service lmtp {
executable = lmtp
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
address = 127.0.0.1 ::1
port = 4190
}
}
service managesieve {
process_limit = 1024
}
ssl = required
ssl_cert = /etc/ssl/m3.company.includingchain.crt
ssl_key = /etc/ssl/m3.company.de.key
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lmtp {
mail_plugins = acl sieve
}
protocol lda {
mail_plugins = acl sieve
}
protocol imap {
mail_plugins = acl imap_acl
}
Would appreciate any help or ideas as to what I can do to fix this.
Thanks
Max
Mailing list removal.
Guys, Can you please remove my email address from the mailing list. Thanks, M
Re: Mailing list test
On Fri, 21 Nov 2014, Timo Sirainen wrote: Apparently this list has somehow broken.. Not really sure what the problem is, lets see what happens to this mail. Any chance of putting [dovecot] back in the subject line? Thanks. Max Pyziur p...@brama.com
Dovecot fails to start - Unknown setting: socket
I’m receiving the following error(s) messages when trying reloading dovecot
(Debian wheezy).
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line
73: Unknown setting: socket
doveconf: Error: managesieve-login: dump-capability process returned 89
Configuration file /etc/dovecot/dovecot.conf :
# If you only want to use dovecot-auth, you can set this to none.
protocols = imap sieve
log_timestamp = %Y-%m-%d %H:%M:%S
mail_location = maildir:/var/mail/%d/%n:INDEX=/var/mail/indexes/%d/%n
mail_privileged_group = vmail
mail_debug = no
first_valid_uid = 5000
last_valid_uid = 5000
maildir_copy_with_hardlinks = yes
mail_chroot = yes
default_login_user = dovecot
ssl_cert = /etc/ssl/certs/star_palibrary_org_combined.crt
ssl_key = /etc/ssl/private/star_palibrary_org.key
protocol imap {
# imap_client_workarounds = outlook-idle delay-newmail
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
##
## MANAGESIEVE specific settings
##
protocol sieve {
}
plugin {
sieve_storage = ~/sieve
sieve_global_path = /var/vmail/globalsieverc
sieve = ~/dovecot.sieve
}
protocol lda {
#log_path = /var/vmail/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = shor...@mvs.org
mail_plugins = sieve
}
###
##
## LDA specific settings
##
auth_default_realm = mvs.org
auth_debug = no
auth_debug_passwords = no
auth_mechanisms = auth_plain auth_login auth_digest-md5 auth_cram-md5
# dovecot-auth only needs to be able to connect to SQL
# default_login_user = mail
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver= sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
group = vmail
}
client {
# The client socket is generally safe to export to everyone. Typical
use
# is to export it to your SMTP server so it can do SMTP AUTH lookups
# using it.
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
Packages:
ii dovecot-common 1:2.1.7-7+deb7u1
ii dovecot-core1:2.1.7-7+deb7u1
ii dovecot-gssapi 1:2.1.7-7+deb7u1
ii dovecot-imapd 1:2.1.7-7+deb7u1
ii dovecot-ldap 1:2.1.7-7+deb7u1
ii dovecot-lmtpd 1:2.1.7-7+deb7u1
ii dovecot-managesieved 1:2.1.7-7+deb7u1
ii dovecot-mysql 1:2.1.7-7+deb7u1
ii dovecot-pgsql1:2.1.7-7+deb7u1
ii dovecot-pop3d 1:2.1.7-7+deb7u1
Any ideas?
Re: Dovecot fails to start - Unknown setting: socket
Here are the lines in question:
socket listen { ### line 73 ###
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
group = vmail
}
client {
# The client socket is generally safe to export to everyone. Typical
use
# is to export it to your SMTP server so it can do SMTP AUTH lookups
# using it.
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
On Wed, Oct 1, 2014 at 2:54 PM, Reindl Harald h.rei...@thelounge.net
wrote:
Am 01.10.2014 um 20:47 schrieb Max Shortte:
I’m receiving the following error(s) messages when trying reloading
dovecot
(Debian wheezy).
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf
line
73: Unknown setting: socket
doveconf: Error: managesieve-login: dump-capability process returned 89
Configuration file /etc/dovecot/dovecot.conf
honestly it would make more sense if you post line 73
as mentioned in the message followed by the surrounding
context
Re: Dovecot fails to start - Unknown setting: socket
Thanks for responding Alan. I have taken a look at the configuration file and all seems well. Max On Wed, Oct 1, 2014 at 4:50 PM, Alan McGinlay al...@sics.se wrote: you almost certainly have a missing closing bracket or double quote somewhere.
Re: [Dovecot] Configuring dovecot to use tcp wrappers
On 5.4.2013, at 18.19, Max Pyziur p...@brama.com wrote:
So my question relates to the second part of the configuration examples
in the links above:
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
Where does this code get placed (in dovecot.conf or in one of the files
in /etc/dovecot/conf.d)?
Doesn't really matter. I'd put it into conf.d/10-master.conf which has
other services.
And regarding $default_login_user, it appears in a comment line in
/etc/dovecot/conf.d/10-master.conf
Should that line be uncommented?
Just leave it uncommented and it'll use the default value (which it has
been using so far already).
After some delay, I'm returning to this project.
I've made the changes per above.
I've put in a test ip address in /etc/hosts.deny like so:
dovecot: 166.84.1.2
And then I execute the following from 166.84.1.2 to port 110:
bash-3.2$ telnet SiteWhereImConfiguringDovecot 110
Trying SiteWhereImConfiguringDovecot...
Connected to SiteWhereImConfiguringDovecot.
Escape character is '^]'.
+OK Dovecot ready.
quit
+OK Logging out
Connection closed by foreign host.
If dovecot is configured with tcp wrappers (which it is; built on a CentOS
6 system, installed and configured per instructions),
and the firewall has ports 110 and 143 open,
but I'm blocking a particular host through /etc/hosts.deny
then I should not be able to telnet to either port 110 or 143; both
requests should be blocked from the originating IP, no?
Much thanks for your help,
Max Pyziur
p...@brama.com
Re: [Dovecot] Configuring dovecot to use tcp wrappers
On Thu, 11 Apr 2013, lists-dovecot wrote: [... snip ...] I've put in a test ip address in /etc/hosts.deny like so: dovecot: 166.84.1.2 And then I execute the following from 166.84.1.2 to port 110: bash-3.2$ telnet SiteWhereImConfiguringDovecot 110 Trying SiteWhereImConfiguringDovecot... Connected to SiteWhereImConfiguringDovecot. Escape character is '^]'. +OK Dovecot ready. quit +OK Logging out Connection closed by foreign host. If dovecot is configured with tcp wrappers (which it is; built on a CentOS 6 system, installed and configured per instructions), and the firewall has ports 110 and 143 open, but I'm blocking a particular host through /etc/hosts.deny then I should not be able to telnet to either port 110 or 143; both requests should be blocked from the originating IP, no? Much thanks for your help, Max Pyziur p...@brama.com What are you using as the service name in hosts.deny? I think it should be imap-login:, (that's what I have as an historical/left-over entry) but don't have dovecot configured with wrappers on my current centos system so can't test this to be certain. Also make certain that you don't have anything in your hosts.allow file that would override the hosts.deny entry. I was using dovecot, until you convinced me to do otherwise. Putting pop3 in /etc/hosts.deny with the associated ip seems to work, like so: pop3: 166.84.1.2 or imap imap: 166.84.1.2 (are there any challenges to this?) Given that services such sendmail and sshd respond to sshd: xxx.xxx.xxx.xxx sendmail: xxx.xxx.xxx.xxx I thought that it should be dovecot: xxx.xxx.xxx.xxx As a suggestion, can dovecot binaries for distributions such as CentOS and Fedora be compiled with tcp wrappers by default? - Richard Much thanks. MP p...@brama.com
Re: [Dovecot] Configuring dovecot to use tcp wrappers
On 5.4.2013, at 18.19, Max Pyziur p...@brama.com wrote:
So my question relates to the second part of the configuration examples
in the links above:
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
Where does this code get placed (in dovecot.conf or in one of the files
in /etc/dovecot/conf.d)?
Doesn't really matter. I'd put it into conf.d/10-master.conf which has
other services.
And regarding $default_login_user, it appears in a comment line in
/etc/dovecot/conf.d/10-master.conf
Should that line be uncommented?
Just leave it uncommented and it'll use the default value (which it has
been using so far already).
Much thanks for your reply.
However, once I make the changes to the configuration files, I get the
following error when restarting dovecot:
root@brama /etc/dovecot/conf.d service dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: doveconf: Fatal: Error in configuration file
/etc/dovecot/dovecot.conf: service(tcpwrap): executable is empty
[FAILED]
Any advice on how to proceed?
Thank you again,
Max Pyziur
p...@brama.com
Re: [Dovecot] Configuring dovecot to use tcp wrappers
On Mon, 8 Apr 2013, Timo Sirainen wrote: On 8.4.2013, at 1.31, Max Pyziur p...@brama.com wrote: However, once I make the changes to the configuration files, I get the following error when restarting dovecot: root@brama /etc/dovecot/conf.d service dovecot restart Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: service(tcpwrap): executable is empty [FAILED] You most likely didn't compile Dovecot with tcpwrap support. See if you have /usr/lib*/dovecot/tcpwrap binary? Any idea, then, as to where those CentOS dovecot src.rpms are kept? Max Pyziur p...@brama.com
Re: [Dovecot] Configuring dovecot to use tcp wrappers
On Sun, 7 Apr 2013, Max Pyziur wrote: On Mon, 8 Apr 2013, Timo Sirainen wrote: On 8.4.2013, at 1.31, Max Pyziur p...@brama.com wrote: However, once I make the changes to the configuration files, I get the following error when restarting dovecot: root@brama /etc/dovecot/conf.d service dovecot restart Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: service(tcpwrap): executable is empty [FAILED] You most likely didn't compile Dovecot with tcpwrap support. See if you have /usr/lib*/dovecot/tcpwrap binary? Any idea, then, as to where those CentOS dovecot src.rpms are kept? Yanking my own chain: http://vault.centos.org/6.4/updates/Source/SPackages/ Max Pyziur p...@brama.com [...recycle ...]
Re: [Dovecot] script to detect dictionary attacks
On Sat, 6 Apr 2013, Reindl Harald wrote: Hi has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs? i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls * add the IP to a distributed iptables-block.sh and distribute it to any server with a comment and timestamp * write a abuse-mail to the ISP Thinking tangentially to this proposal, are there blacklists (BLs) maintained regarding known IPs perpetrating attempts at pop/imap intrusions, much in the same way CBL does for spam, and OpenBL (http://www.openbl.org/lists.html) does for ssh (primarily)? That way, you leave your iptables configuration status quo, and create a mechanism to use the resource (the BLs) to populate your /etc/hosts.deny file, using tcp_wrappers to prevent intrusion/brute force attacks on service that have open ports in the firewall. Thanks, Max Pyziur p...@brama.com
Re: [Dovecot] script to detect dictionary attacks
On Sat, 6 Apr 2013, Reindl Harald wrote: Am 06.04.2013 22:55, schrieb Max Pyziur: On Sat, 6 Apr 2013, Reindl Harald wrote: has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs? i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls * add the IP to a distributed iptables-block.sh and distribute it to any server with a comment and timestamp * write a abuse-mail to the ISP Thinking tangentially to this proposal, are there blacklists (BLs) maintained regarding known IPs perpetrating attempts at pop/imap intrusions, much in the same way CBL does for spam, and OpenBL (http://www.openbl.org/lists.html) does for ssh (primarily)? That way, you leave your iptables configuration status quo, and create a mechanism to use the resource (the BLs) to populate your /etc/hosts.deny file, using tcp_wrappers to prevent intrusion/brute force attacks on service that have open ports in the firewall i don't know but in fact i want not rely on automatisms and blacklists CBL is fairly reliable; you can screen it based on originating countries (I use ip2cc available from perl-IP-Country-2.27-1.el6.noarch to find the originating country for particular ips). I'm tentatively using OpenBL to block dictionary attacks by way of ssh. By way of logwatch, I see enough dictionary attacks on dovecot; I take those ips and hope to use them soon to block dovecot attacks. The problem is the aging: there needs to be a mechanism that determines whether or not an ip continues to be a threat. The BLs are good for that - once an ip or, say, the first three octets, diminish in frequency of attacks, then based on some threshold that you set, you can remove that ip (or set of ips) as a hostile threat to a particular service that you are running on your server/servers. sometimes i recognize a dictionary attack because tail -f on the mailserver is running in background and after come back from a cigarette break i look a minute in the output and if i see attacks i add the IP after a whois to iptables-block.sh so i do not want to rely on automagic and if some IP is added to whatever blacklist hours or days later, i want simply a one-time mail notify to look NOW in maillog and take action or ignore it depending on the count and source if it is some ISP from a country far away - block it if it is the fivth attempt from this ISP - block the whole subnet if it is a major ISP of the country i live (asutria) - only absue mail to the ISP I understand the logic; I set a low threshold to label something being a threat for anything originating in China; the threshold is higher for things closer to home, since most of the traffic to the one server I control is from there. MP p...@brama.com
[Dovecot] Configuring dovecot to use tcp wrappers
Greetings,
I am looking to implement tcp wrappers with dovecot; I am using the
following two links as guides to configuration:
http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers
http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom)
I'm concerned in making the configuration correctly.
If you set
login_access_sockets = tcpwrap
in /etc/dovecot/dovecot.conf
Then everything accessing ports controlled by dovecot (and open by
iptables) is blocked.
So my question relates to the second part of the configuration examples in
the links above:
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
Where does this code get placed (in dovecot.conf or in one of the files in
/etc/dovecot/conf.d)?
And regarding $default_login_user, it appears in a comment line in
/etc/dovecot/conf.d/10-master.conf
Should that line be uncommented?
Much thanks.
Max Pyziur
p...@brama.com
Report of dovecot -n:
pyz@pangea ~ dovecot -n
# 2.1.1: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-358.2.1.el6.x86_64 x86_64 CentOS release 6.4 (Final)
disable_plaintext_auth = no
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
ssl = no
ssl_cert = /etc/pki/dovecot/certs/dovecot.pem
ssl_key = /etc/pki/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
[Dovecot] openbsd and dovecot
I'm setting up dovecot in OpenBSD OS. The problem is that I can't set up
dovecot to use kerberos authentication via bsdauth which is similar to pam
I try to test dovecot via telnet:
telnet localhost pop3
user test
+OK
pass password
-ERR [IN-USE] Temporary authentication failure
and some strings from logs
Feb 3 15:02:37 srv-mx-00 dovecot: auth: Error: bsdauth(rodin.m,127.0.0.1):
getpwnam() failed: Operation not permitted
Feb 3 15:02:46 srv-mx-00 dovecot: pop3-login: Disconnected (auth failed, 1
attempts): user=rodin.m, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Feb 3 15:29:13 srv-mx-00 dovecot: auth: Error: bsdauth(test,127.0.0.1):
getpwnam() failed: Operation not permitted
What am I doing wrong?
Here is the output of dovecot -n
auth_krb5_keytab = /etc/kerberosV/krb5.keytab
auth_mechanisms = plain login
default_internal_user = _dovecot
default_login_user = _dovenull
disable_plaintext_auth = no
first_valid_gid = 2000
first_valid_uid = 2000
last_valid_gid = 2000
last_valid_uid = 2000
mail_gid = vmail
mail_location = maildir:/var/vmail/%u%Ud/Maildir
mail_uid = vmail
mbox_write_locks = fcntl
mmap_disable = yes
passdb {
driver = bsdauth
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = _postfix
mode = 0666
user = _postfix
}
}
ssl_cert = /etc/ssl/dovecotcert.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
userdb {
args = uid=2000 gid=2000 home=/var/mail/%Lu
driver = static
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
}
protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
[Dovecot] maildirsize not always present
hi, I have a dovecot 1.2.9 and all is runnig fine except for quotas. Some accounts have a maildirsize file in the mail directory. If I delete the file, it is automatically rebuild: OK But other accounts does not have the maildirsize file even after access from dovecot server. All is OK for theses accounts except quota service. what's wrong ? -- Jean-Max Reymond Éruption de l'Etna: http://jmreymond.free.fr/Etna2002
Re: [Dovecot] maildirsize not always present
Le 16/08/2011 11:29, Jean-Max Reymond a écrit : hi, I have a dovecot 1.2.9 and all is runnig fine except for quotas. Some accounts have a maildirsize file in the mail directory. If I delete the file, it is automatically rebuild: OK But other accounts does not have the maildirsize file even after access from dovecot server. All is OK for theses accounts except quota service. what's wrong ? as complement, there is 75 users OK and 330 users KO for these 330 users, thunderbird does not recognize mail quota. I have created by a touch command a maildirsize file but it does not help -- Jean-Max Reymond Éruption de l'Etna: http://jmreymond.free.fr/Etna2002
Re: [Dovecot] maildirsize not always present
thanks for your answer but my mta is postfix. If I delete the maidirsize file, it is automatically created for my 75 users OK but for the 330 users, no way to create this file. I am using a postfix database and I have checked the SQL request, the contents of the tables but nothing :-( Le 16/08/2011 16:05, Juan Bernhard a écrit : Hi, are you using exim as mta? I been told in exim list that maildirsize might be removed under certain conditions (exim-*/src/transports/tf_maildir.c) El 16/08/2011 07:01 a.m., Jean-Max Reymond escribió: Le 16/08/2011 11:29, Jean-Max Reymond a écrit : hi, I have a dovecot 1.2.9 and all is runnig fine except for quotas. Some accounts have a maildirsize file in the mail directory. If I delete the file, it is automatically rebuild: OK But other accounts does not have the maildirsize file even after access from dovecot server. All is OK for theses accounts except quota service. what's wrong ? as complement, there is 75 users OK and 330 users KO for these 330 users, thunderbird does not recognize mail quota. I have created by a touch command a maildirsize file but it does not help -- Jean-Max Reymond Éruption de l'Etna: http://jmreymond.free.fr/Etna2002
Re: [Dovecot] maildirsize not always present
all seems OK for me and all the users have quota set.
$ cat /etc/dovecot/dovecot-sql.conf
password_query = SELECT username AS user,password FROM mailbox WHERE
username = '%u' AND active='1'
# Query to retrieve user information.
user_query = SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8
AS gid, concat('maildir:storage=', quota/1024) AS quota FROM mailbox
WHERE username = '%u' AND active='1'
Whhen I request the database, quota is working for the first user and
not for the second user but it is very similar
mysql SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8 AS gid,
concat('maildir:storage=', quota/1024) AS quota FROM mailbox WHERE
username like 'francois.char%' OR username like 'cyril%';
+---+-+-+---+
| home | uid | gid | quota
|
+---+-+-+---+
| /home/mail/dracenie.com/cyril.lafont/Maildir/ | 8 | 8 |
maildir:storage=1000. |
| /home/mail/dracenie.com/francois.charnier/| 8 | 8 |
maildir:storage=1464000. |
+---+-+-+---+
2 rows in set (0.00 sec)
So, tomorrow, I will set auth_debug=yes to trace users activity
# dovecot -n
# 1.2.9: /etc/dovecot/dovecot.conf
Warning: fd limit 1024 is lower than what Dovecot can use under full
load (more than 2560). Either grow the limit or change
login_max_processes_count and max_mail_processes settings
# OS: Linux 2.6.32-33-server x86_64 Ubuntu 10.04.3 LTS
log_path: /var/log/dovecot.log
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap imaps managesieve
ssl_key_file: /etc/ssl/private/dovecot.key
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
login_max_processes_count: 1024
mail_max_userip_connections(default): 500
mail_max_userip_connections(imap): 500
mail_max_userip_connections(managesieve): 10
first_valid_uid: 8
mail_privileged_group: mail
mail_location: maildir:%h
mmap_disable: yes
mail_nfs_storage: yes
mail_nfs_index: yes
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
lda:
postmaster_address: postmas...@dracenie.com
mail_plugins: sieve
quota_full_tempfail: yes
deliver_log_format: msgid=%m: %$
rejection_reason: Your message to %t was automatically rejected:%n%r
auth default:
mechanisms: plain login
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
plugin:
quota: maildir
Le 16/08/2011 23:40, Timo Sirainen a écrit :
I guess these users have unlimited quota? If not, show dovecot -n output and
the dovecot-sql.conf file and what gets logged to these users with
auth_debug=yes.
On 16.8.2011, at 18.05, Jean-Max Reymond wrote:
thanks for your answer but my mta is postfix.
If I delete the maidirsize file, it is automatically created for my 75 users OK
but for the 330 users, no way to create this file.
I am using a postfix database and I have checked the SQL request, the contents
of the tables but nothing :-(
Le 16/08/2011 16:05, Juan Bernhard a écrit :
Hi, are you using exim as mta? I been told in exim list that maildirsize
might be removed under certain conditions
(exim-*/src/transports/tf_maildir.c)
El 16/08/2011 07:01 a.m., Jean-Max Reymond escribió:
Le 16/08/2011 11:29, Jean-Max Reymond a écrit :
hi,
I have a dovecot 1.2.9 and all is runnig fine except for quotas.
Some accounts have a maildirsize file in the mail directory. If I delete
the file, it is automatically rebuild: OK
But other accounts does not have the maildirsize file even after access
from dovecot server. All is OK for theses accounts except quota service.
what's wrong ?
as complement, there is 75 users OK and 330 users KO
for these 330 users, thunderbird does not recognize mail quota. I have
created by a touch command a maildirsize file but it does not help
--
Jean-Max Reymond
Éruption de l'Etna: http://jmreymond.free.fr/Etna2002
--
Jean-Max Reymond
Éruption de l'Etna: http://jmreymond.free.fr/Etna2002
Re: [Dovecot] maildirsize not always present
Le 16/08/2011 23:51, Timo Sirainen a écrit :
On 17.8.2011, at 0.48, Jean-Max Reymond wrote:
user_query = SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8 AS gid,
concat('maildir:storage=', quota/1024) AS quota FROM mailbox WHERE username =
'%u' AND active='1'
..
# 1.2.9: /etc/dovecot/dovecot.conf
You're using v1.0's quota configuration with v1.2. All of your users have
unlimited quota currently. You'll need quota_rules, see wiki.
thanks a lot.
I check my 1.2 configuration
--
Jean-Max Reymond
Éruption de l'Etna: http://jmreymond.free.fr/Etna2002
Re: [Dovecot] missing +r perm:
The error message was caused by the missing hardlinks when migrating mail over scp. I made a tar of the mail and then scped it. Worked fine. On Thu, 2011-07-07 at 14:21 -0500, Max Dunlap wrote: Oh, well. I'll take what I can get at this point. On Thu, 2011-07-07 at 15:17 -0400, Charles Marcus wrote: On 2011-07-07 3:03 PM, Max Dunlap wrote: sudo dovecot -n: http://pastie.org/2179100 The error message in mail.log: http://pastie.org/2179032 You're much better off just pasting the output of these into the email body - lost of people won't go to the trouble of clicking links like these...
Re: [Dovecot] missing +r perm:L
Alright, I think I understand. By fixing the other side do you mean I could add mail_uid=0 and mail_gid=0 in dovecot.conf? to match the current mails permissions. We are migrating a server over and we ran into this snag when transferring Maildirs over On Fri, 2011-07-08 at 10:12 +0200, Thomas Leuxner wrote: On Thu, Jul 07, 2011 at 02:52:55PM -0500, Max Dunlap wrote: The permissions are: -rw--- 1 root root 7609 2011-07-05 16:06 /home/dlambert/Maildir/cur/msg.COmK:2,ST What's so difficult about this? [ Log excerpt ] Jul 7 13:44:18 mail-breakaway dovecot: IMAP(dlambert): open(/home/dlambert/Maildir/cur/msg.COmK:2,ST) failed: Permission denied (euid=1002(dlambert) egid=1002(dlambert) missing +r perm: /home/dlambert/Maildir/cur/msg.COmK:2,ST) [ Conf excerpt ] auth default: passdb: driver: pam userdb: driver: passwd You are accessing the maildir structure using UID 1002 but the directory is owned by UID 1. Needs to be fixed on either side... Please visit these links and have a look at the quote below: http://wiki.dovecot.org/PasswordDatabase/PAM http://wiki.dovecot.org/AuthDatabase/Passwd [...] This uses the UID and GID fields from passwd, but home directory is overridden. Also the default mail_location setting is overridden. Thomas
Re: [Dovecot] missing +r perm:L
ls -lan: -rw--- 1 1002 1002 1148 2011-07-05 16:11 msg.zSMF:2,S This file is owned by 1002 not 1 or 0 On Fri, 2011-07-08 at 10:12 +0200, Thomas Leuxner wrote: On Thu, Jul 07, 2011 at 02:52:55PM -0500, Max Dunlap wrote: The permissions are: -rw--- 1 root root 7609 2011-07-05 16:06 /home/dlambert/Maildir/cur/msg.COmK:2,ST What's so difficult about this? [ Log excerpt ] Jul 7 13:44:18 mail-breakaway dovecot: IMAP(dlambert): open(/home/dlambert/Maildir/cur/msg.COmK:2,ST) failed: Permission denied (euid=1002(dlambert) egid=1002(dlambert) missing +r perm: /home/dlambert/Maildir/cur/msg.COmK:2,ST) [ Conf excerpt ] auth default: passdb: driver: pam userdb: driver: passwd You are accessing the maildir structure using UID 1002 but the directory is owned by UID 1. Needs to be fixed on either side... Please visit these links and have a look at the quote below: http://wiki.dovecot.org/PasswordDatabase/PAM http://wiki.dovecot.org/AuthDatabase/Passwd [...] This uses the UID and GID fields from passwd, but home directory is overridden. Also the default mail_location setting is overridden. Thomas
Re: [Dovecot] missing +r perm:L
Ubuntu 10.04 On Fri, 2011-07-08 at 23:37 +0300, Timo Sirainen wrote: SELinux? On 8.7.2011, at 23.32, Max Dunlap wrote: ls -lan: -rw--- 1 1002 1002 1148 2011-07-05 16:11 msg.zSMF:2,S This file is owned by 1002 not 1 or 0 On Fri, 2011-07-08 at 10:12 +0200, Thomas Leuxner wrote: On Thu, Jul 07, 2011 at 02:52:55PM -0500, Max Dunlap wrote: The permissions are: -rw--- 1 root root 7609 2011-07-05 16:06 /home/dlambert/Maildir/cur/msg.COmK:2,ST What's so difficult about this? [ Log excerpt ] Jul 7 13:44:18 mail-breakaway dovecot: IMAP(dlambert): open(/home/dlambert/Maildir/cur/msg.COmK:2,ST) failed: Permission denied (euid=1002(dlambert) egid=1002(dlambert) missing +r perm: /home/dlambert/Maildir/cur/msg.COmK:2,ST) [ Conf excerpt ] auth default: passdb: driver: pam userdb: driver: passwd You are accessing the maildir structure using UID 1002 but the directory is owned by UID 1. Needs to be fixed on either side... Please visit these links and have a look at the quote below: http://wiki.dovecot.org/PasswordDatabase/PAM http://wiki.dovecot.org/AuthDatabase/Passwd [...] This uses the UID and GID fields from passwd, but home directory is overridden. Also the default mail_location setting is overridden. Thomas
Re: [Dovecot] missing +r perm:L
I turned on more debugging: Jul 8 15:45:18 mail-breakaway dovecot: imap-login: Login: user=ilambert, method=PLAIN, rip=173.11.172.145, lip=173.11.172.148, TLS Jul 8 15:45:18 mail-breakaway dovecot: IMAP(ilambert): Effective uid=1001, gid=1001, home=/home/ilambert Jul 8 15:45:18 mail-breakaway dovecot: IMAP(ilambert): cydir: mailbox location not given Jul 8 15:45:18 mail-breakaway dovecot: IMAP(ilambert): cydir: Couldn't create mail storage : Root mail directory not given Jul 8 15:45:18 mail-breakaway dovecot: IMAP(ilambert): dbox: mailbox location not given Jul 8 15:45:18 mail-breakaway dovecot: IMAP(ilambert): dbox: Couldn't create mail storage : Root mail directory not given Jul 8 15:45:18 mail-breakaway dovecot: IMAP(ilambert): maildir: root exists (/home/ilambert/Maildir) Jul 8 15:45:18 mail-breakaway dovecot: IMAP(ilambert): maildir++: root=/home/ilambert/Maildir, index=, control=, inbox=/home/ilambert/Maildir Jul 8 15:46:07 mail-breakaway dovecot: IMAP(ilambert): Namespace : Using permissions from /home/ilambert/Maildir: mode=0700 gid=-1 Jul 8 15:46:08 mail-breakaway dovecot: IMAP(ilambert): open(/home/ilambert/Maildir/cur/msg.0umK:2,S) failed: Permission denied (euid=1001(ilambert) egid=1001(ilambert) missing +r perm: /home/ilambert/Maildir/cur/msg.0umK:2,S) Jul 8 15:46:08 mail-breakaway dovecot: IMAP(ilambert): open(/home/ilambert/Maildir/cur/msg.0umK:2,S) failed: Permission denied (euid=1001(ilambert) egid=1001(ilambert) missing +r perm: /home/ilambert/Maildir/cur/msg.0umK:2,S) Jul 8 15:46:08 mail-breakaway dovecot: IMAP(ilambert): Disconnected: Internal error occurred. Refer to server log for more information. [2011-07-08 15:46:08] bytes=236/181183 On Fri, 2011-07-08 at 15:40 -0500, Max Dunlap wrote: Ubuntu 10.04 On Fri, 2011-07-08 at 23:37 +0300, Timo Sirainen wrote: SELinux? On 8.7.2011, at 23.32, Max Dunlap wrote: ls -lan: -rw--- 1 1002 1002 1148 2011-07-05 16:11 msg.zSMF:2,S This file is owned by 1002 not 1 or 0 On Fri, 2011-07-08 at 10:12 +0200, Thomas Leuxner wrote: On Thu, Jul 07, 2011 at 02:52:55PM -0500, Max Dunlap wrote: The permissions are: -rw--- 1 root root 7609 2011-07-05 16:06 /home/dlambert/Maildir/cur/msg.COmK:2,ST What's so difficult about this? [ Log excerpt ] Jul 7 13:44:18 mail-breakaway dovecot: IMAP(dlambert): open(/home/dlambert/Maildir/cur/msg.COmK:2,ST) failed: Permission denied (euid=1002(dlambert) egid=1002(dlambert) missing +r perm: /home/dlambert/Maildir/cur/msg.COmK:2,ST) [ Conf excerpt ] auth default: passdb: driver: pam userdb: driver: passwd You are accessing the maildir structure using UID 1002 but the directory is owned by UID 1. Needs to be fixed on either side... Please visit these links and have a look at the quote below: http://wiki.dovecot.org/PasswordDatabase/PAM http://wiki.dovecot.org/AuthDatabase/Passwd [...] This uses the UID and GID fields from passwd, but home directory is overridden. Also the default mail_location setting is overridden. Thomas
Re: [Dovecot] missing +r perm:L
Unknown user. I don't believe ubuntu operates like that and requires a word username. On Fri, 2011-07-08 at 16:27 -0500, Matt Rude wrote: On 7/8/2011 3:47 PM, Max Dunlap wrote: Jul 8 15:46:08 mail-breakaway dovecot: IMAP(ilambert): open(/home/ilambert/Maildir/cur/msg.0umK:2,S) failed: Permission denied (euid=1001(ilambert) egid=1001(ilambert) missing +r perm: /home/ilambert/Maildir/cur/msg.0umK:2,S) when ran as root, what dose the below command show? sudo -u 1001 ls -l /home/ilambert/Maildir/cur/msg.0umK:2,S -Matt
[Dovecot] missing +r perm:
This is probably a really simple issue but I am not sure how to tackle it. sudo dovecot -n: http://pastie.org/2179100 The error message in mail.log: http://pastie.org/2179032 Dovecot.conf says: mail_privileged_group: mail I thought of added the user dovecot to the group mail in hopes of solving the permissions problem, but it didn't seem to make a difference. Any ideas?
Re: [Dovecot] missing +r perm:
Oh, well. I'll take what I can get at this point. On Thu, 2011-07-07 at 15:17 -0400, Charles Marcus wrote: On 2011-07-07 3:03 PM, Max Dunlap wrote: sudo dovecot -n: http://pastie.org/2179100 The error message in mail.log: http://pastie.org/2179032 You're much better off just pasting the output of these into the email body - lost of people won't go to the trouble of clicking links like these...
Re: [Dovecot] missing +r perm:
The permissions are: -rw--- 1 root root 7609 2011-07-05 16:06 /home/dlambert/Maildir/cur/msg.COmK:2,ST The same as another mail machine we have up (making a transition) I'm not sure who to find out who dovecot is running as: -rwxr-xr-x 1 root root 217240 2011-06-07 00:03 /usr/sbin/dovecot root maybe? Thanks so far On Thu, 2011-07-07 at 14:43 -0500, Matt Rude wrote: On 7/7/2011 2:03 PM, Max Dunlap wrote: Jul 7 13:44:18 mail-breakaway dovecot: IMAP(dlambert): open(/home/dlambert/Maildir/cur/msg.COmK:2,ST) failed: Permission denied (euid=1002(dlambert) egid=1002(dlambert) missing +r perm: /home/dlambert/Maildir/cur/msg.COmK:2,ST) The error message is telling you that the dovecot program can't open /home/dlambert/Maildir/cur/msg.COmK:2,ST. What are the permissions of that file? Who is dovecot running as? Can the user dovecot is running as read that file? -Matt
[Dovecot] Sieve segfault on sieve-before scripts
I use dovecot 1.2.4 release with sieve 0.1.12
If I setup sieve-before script and latest script contains keep at
the very end and no personal scripts found then segfault take place.
here is part of exim log:
2009-09-01 18:43:06 1MiUZA-0005V9-IB ** ivanov_ma...@domain.my
ad...@domain.my R=localuser T=local_delivery: Child process of
local_delivery transport (running command
/usr/libexec/dovecot/deliver -d $local_part) was terminated by
signal 11 (Segmentation fault)
Once I remove keep from end of latest sieve-before script,
everything goes fine.
Here is latest global sieve script:
# cat /etc/dovecot1.2/sieve-before.d/020-SENT-STORE.sieve
require [imap4flags];
if header :contains X-Set-Seen [Yes, YES, 1] {
setflag \\Seen;
}
#keep;
[Dovecot] dovecot 1.2.3: TB fails to unsubscribe folder after deletion
Hi, I'm running dovecot 1.2.3 with imap_client_workarounds = tb-extra-mailbox-sep and noticed that after deleting a folder (moving to Trash and emptying it on exit) that folder in Trash still keeps subscribed. I think the reason for that behavior is that the call for mailbox_list_set_subscribed() in imap/cmd-subscribe.c (line 84) is fed with the original mailbox name and not the stripped version in verify_name. Assigning verify_name to mailbox in the workaround-conditional fixes this issue for me. I'm not very familiar with C programming but while tracing cmd_subscribe_full() I stumbled upon another thing. In mail_namespace_find_mask() (lib-storage/mail-namespace.c at line 413) mailbox is reassigned with a local string (not t_strduped). I think this might be a problem when mailbox is dereferenced after returning from that function?! .max
Re: [Dovecot] dovecot 1.2.3: TB fails to unsubscribe folder after deletion
Max Dittrich wrote: I'm not very familiar with C programming but while tracing qed cmd_subscribe_full() I stumbled upon another thing. In mail_namespace_find_mask() (lib-storage/mail-namespace.c at line 413) mailbox is reassigned with a local string (not t_strduped). I think this might be a problem when mailbox is dereferenced after returning from that function?! Looks like the string INBOX isn't allocated from the stack. ;) .max
[Dovecot] How to rebuild index?
I've deleted some mails using my handmade tool, it deletes some files in cur subdir, but deleted messages are still appear in thunderbird. I believe that's because of stale index file. Is it safe to delete dovect.index? Or what else should I delete/modify to make TB view in sync with real state of filesystem?
Re: [Dovecot] Corrupted index cache file issues (Corrupted physical size)
Dovecot never modifies the S= field, even when it notices that it's wrong. So it's your LDA that writes them wrong. Is it ok to rename all files deleting S= and W= fields if no keywords was used?
Re: [Dovecot] Capability problems dovecot 2.0
The alternative that I'm thinking right now is that in the pre-login process Dovecot would only advertise those capabilities that are actually useful before login. Then after login it would send an updated capability reply to the client. The important question here is: Are there any clients that don't update their capabilities? RFC says: A server MAY send capabilities automatically, by using the CAPABILITY response code in the initial PREAUTH or OK responses, and by sending an updated CAPABILITY response code in the tagged OK response as part of a successful authentication. It is unnecessary for a client to send a separate CAPABILITY command if it recognizes these automatic capabilities. So that's valid approach and any client should support it.
Re: [Dovecot] v3.0 architecture
The big problem is what the protocol should be. Use some existing RPC protocol? It should be something extensible so that a plugin in imap process can talk to a plugin in storage process, without the base processes knowing anything about the details (e.g. imap-quota plugin asking quota usage from storage's quota plugin). Googles Protocol Buffers offer both flexibility and speed.
Re: [Dovecot] v3.0 architecture
Protocol buffers are Google's ... blah-blah-blah ... using a variety of languages - Java, C++, or Python. I can't find good old plain C in this variety of languages :( Protocol buffers is flexible message format specification, there are plenty implementations of it , including C based: http://code.google.com/p/protobuf-c/
[Dovecot] What does a flag in Maildir format mean?
Here is sample filename from Maildir: 1243423383.M745917P32169.termserv1,W=1295:2,Sa 1) why there is no S=size field? It definetely differs from 1295.I've not quota plugin, could it be the reason of this? 2) what does a flag mean? I not found any description of this neither in Maildir spec nor on the Dovecot wiki.
Re: [Dovecot] pop3 gives a permission denied error on chdir
If strace says chdir() failed with EACCES, the only way it could be something else is if kernel is buggy or there is some kernel security module preventing the access. Or dovecot doesn't change uid to user one and still acts as dovecot user, but its unlikely to be true
Re: [Dovecot] [bug] dovecot 1.1.15: segfault after message move
Once more, I changed the behavior so that I actually understand how it works now :) http://hg.dovecot.org/dovecot-1.1/rev/c3612800cb90 Does it affects 1.2 version?
Re: [Dovecot] status=bounced (Command died with signal 11: /usr/lib/dovecot/deliver
I suppose there's no core file in the user's home directory? Why? Doesnt them should be autocreated if ulimit -c is defined and kernel.core_pattern != /dev/null ?
[Dovecot] National symbols imap search
How does imap server should handle search requests with non latin symbols? Rightnow thunderbird 2.0.0.21 and dovecot1.2rc3 are unable to find any message if I try to search for cyrillic symbols. fts, and squat plugins are enabled
[Dovecot] How to manage Seen flags via sieve?
I use public namespace for group mailboxes. If someone sends email from this mailbox , MTA detects it and delivers copy of that message to mailbox/Sent folder, to keep history of all messages available for every group member. I'd like to set Seen flag on all messages that dovecots deliver puts into Sent folder. Is it posible somehow?
[Dovecot] Multiple dovecot versions side-by-side
I'm current maintainer of dovecot packages in ALTLinux distro and I plan to make possible to install multiple dovecot versions side-by-side (1.0, 1.1, 1.2) to make upgrade process easier and more robust. Is there any consequences of doing that? I worry about locking maildirs and mboxes, does dovecot handle it correctly if another dovecot process tries to work on same mail location?
[Dovecot] Unable to delete folder in public namespace
I use public namespace for group mailboxes. Users are able to create subfolders , but its impossible to delete them. thunderbird 2.0.0.21 complains: Cant' rename mailbox to another storage type, both namespaces (private and public) use same storage type, so I believe that it's a namespace problem. Is there any way to move folders between namespaces? Or maybe sieve script or plugin which intercept move command and do the move to some unsibscribible folder in public namespace.
[Dovecot] Unable to subscribe to newly created subfolders under public mailboxes with acl plugin enabled
I've group namespace and b2b mailbox under it. I'm unable to subscribe to it and deliver emails there. Here is my problem: if I create subfolder (lets name it subf) under b2b mailbox I'm unable to subscribe to it until acl plugin is enabled. Even if I put dovecot-acl file in .b2b.subf folder with anyone full rights dovecot-acl-list doesn't get populated with new subfoler. If I put it there manually I'm able to see subf folder in subscribe dialog in TB, but dovecot-acl-list is regulary updated, isn't it? Updated file is missing subf entry again. If I disable acl plugin everything works fine, but I'd like to keep it enabled. Is it a bug or misconfiguration? My dovecot version is 1.2 rc3 here is dovecot -n authput protocols: imap managesieve ssl: yes ssl_ca_file: /usr/share/ca-certificates/floristCA-cacert.pem ssl_cert_file: /var/lib/ssl/certs/imap.florist.my-cert.pem ssl_key_file: /var/lib/ssl/private/imap.florist.my-key.pem ssl_cipher_list: ALL:!LOW:!SSLv2 disable_plaintext_auth: yes verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(managesieve): /usr/libexec/dovecot/managesieve-login login_processes_count: 5 verbose_proctitle: yes first_valid_uid: 1000 mail_privileged_group: mail mail_location: maildir:/var/spool/mail/dovecot/%n:INBOX=/var/spool/mail/dovecot/%n/INBOX mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(managesieve): /usr/libexec/dovecot/managesieve mail_plugins(default): acl fts fts_squat mail_plugins(imap): acl fts fts_squat mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: public separator: / prefix: group/ location: maildir:/var/spool/mail/groupmail list: yes subscriptions: yes auth default: verbose: yes passdb: driver: pam args: session=yes userdb: driver: passwd args: blocking=yes socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 master: path: /var/run/dovecot/auth-master mode: 438 plugin: acl: vfile lazy_expunge: .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/ sieve: ~/.dovecot.sieve sieve_storage: ~/sieve fts: squat fts_squat: partial=4 full=4
Re: [Dovecot] assertion failure when appending
On Tue, 2007-10-15 at 15:01 +0200, Johannes Berg wrote: I get this assertion failure: file maildir-save.c: line 456 (maildir_save_finish): assertion failed: (ctx-seq != 0) My mistake. The quota plugin doesn't have this bug because it overrides box-v.save_init and sets 'want_mail' to TRUE in all cases. This is what I've just implemented in my plugin as well. With this, the last remaining bug that I know of is fixed. Have fun :) johannes You are right. I just rebuilt the latest snapshot and the error disappeared. Thank you for fixing this so quickly. Best regards, Max
Re: [Dovecot] assertion failure when appending
On Tue, 2007-10-02 at 10:45 +0200, Johannes Berg wrote: I get this assertion failure: file maildir-save.c: line 456 (maildir_save_finish): assertion failed: (ctx-seq != 0) once a while when I APPEND messages to a folder. My plugin doesn't touch the ctx, especially not the internal maildir one, but I have no idea where to start looking. Any hints? First, thank you Johannes for your terrific work. I just love the antispam plugin and it's really worth the effort to get it installed. But now to the point, unfortunately I ran into the same issue you mentioned in your mail: Oct 9 11:54:35 server dovecot: IMAP([EMAIL PROTECTED]): file maildir- save.c: line 456 (maildir_save_finish): assertion failed: (ctx-seq != 0) Oct 9 11:54:35 server dovecot: IMAP([EMAIL PROTECTED]): Raw backtrace: imap [0x80a8a4b] - imap(i_info+0) [0x80a899a] - imap(maildir_save_cancel+0) [0x806ca6d] - /usr/lib/dovecot/imap/lib90_antispam_plugin.so [0xb7ef04c6] - imap [0x8056097] - imap [0x805688b] - imap(io_loop_handler_run+0x105) [0x80ae3bf] - imap(io_loop_run+0x1c) [0x80ad6e4] - imap(main+0x4d0) [0x8062b0d] - /lib/libc.so.6(__libc_start_main+0xdc) [0xb7dda824] - imap [0x8055e51] Oct 9 11:54:35 server dovecot: child 27849 (imap) killed with signal 6 This is how I reproduce the problem: 1) Start Outlook 2003 2) Connect to Dovecot 3) Create a new IMAP folder named Sent Items 4) Open my old Outlook.pst data file 5) Copy one message from the old Sent Items folder to the new IMAP folder (Outlook: OK) 6) Copy another message from the old folder to the new folder (Outlook: Failure) 7) Assertion fails and imap child gets killed The problem disappears when I disable the antispam plugin. This is my environment: - Gentoo (stable) - Dovecot 1.0.3 - Antispam plugin from git repository as of October 5 14:33 GMT - Backend is crm114-exec (20060704a-BlameRobert) - Client is Outlook 2003 on Windows XP (SP2) Currently my best guess is that the problem might be related to the fact that the mails Outlook stores in the Sent Items folder are lacking headers. Thanks again for sharing your wonderful work. Best regards, Max
Re: [Dovecot] APOP and CRAM-MD5 in checkpassword module
Ben Schumacher wrote: I would like to see this, too. After digging through the code some, it seems that the major sticking point is that dovecot would prefer to do the CRAM-MD5 internally and therefore expects to have access to the password in plaintext and doesn't pass the timestamp on to checkpassword... There is no way to use CRAM-MD5 without having the password stored in plaintext locally; it is a design feature since the hash is calculated using a different server key every time. vpopmail can store the password in plain-text.
Re: [Dovecot] v1.0.0 released
Congratulations, thanks for great job! :) http://dovecot.org/releases/dovecot-1.0.0.tar.gz http://dovecot.org/releases/dovecot-1.0.0.tar.gz.sig It took almost 5 years, but it's finally ready. I'm not expecting to release v1.0.1 anytime soon, unless someone's been sitting on a major bug just waiting for v1.0 to be released. :) People wanting new features should start testing the upcoming v1.1. http://dovecot.org/nightly/ contains now snapshots from CVS HEAD. It already has tons of new features. I've been using it myself for half a year, so it should be mostly stable too. I'll write a separate mail about this later.
[Dovecot] APOP and CRAM-MD5 in checkpassword module
Still a bit more fixes. My coding TODO list is again empty. Whether it is possible to add APOP and CRAM-MD5 in the checkpassword-module? Original qmail-popup is able APOP, and smtp-auth patch (http://www.fehcom.de/qmail/smtpauth.html) can use CRAM-MD5, accordingly, vckpw from vpopmail understands both these of a method. Very much would be desirable, that these two methods were in dovecot (in chackpassword-module). --- М. Alhimenko.
[Dovecot] [PATCH 3/5] make bsearch return the new index
On 2007/03/15 12:30, Timo Sirainen [EMAIL PROTECTED] wrote:
That's ok, but I'm not sure about bsearch_insert_pos(). It's the way it
is mostly because I wanted to keep bsearch() API. If it can't return
void * then maybe it could be easier to just change the whole API to
something like:
/* If key is found, returns TRUE and sets pos_r to the position where
the key
was found. If key isn't found, returns FALSE and sets pos_r to the
position
where the key should be inserted. */
bool bsearch_insert_pos(const void *key, const void *base, unsigned int
nmemb,
size_t size, int (*cmp)(const void *, const void *),
unsigned int *pos_r);
Because that's how it's usually used anyway, so it probably makes the
code simpler also. Hmm. And maybe s/pos/idx/ :)
---
src/lib-index/mailbox-list-index-sync.c| 25 ++---
src/lib-storage/index/dbox/dbox-keywords.c | 13 -
src/lib-storage/index/dbox/dbox-uidlist.c | 20 ++--
src/lib-storage/index/index-sort.c | 22 --
src/lib/bsearch-insert-pos.c | 23 +++
src/lib/bsearch-insert-pos.h |5 +++--
src/plugins/fts-squat/squat-trie.c | 25 -
7 files changed, 70 insertions(+), 63 deletions(-)
diff --git a/src/lib-index/mailbox-list-index-sync.c
b/src/lib-index/mailbox-list-index-sync.c
index af089c6..aec85d8 100644
--- a/src/lib-index/mailbox-list-index-sync.c
+++ b/src/lib-index/mailbox-list-index-sync.c
@@ -66,7 +66,6 @@ struct mailbox_list_index_sync_ctx {
struct mailbox_list_sync_lookup_key {
uint32_t name_hash;
const char *name;
- bool *match;
};
static bool mailbox_list_index_need_compress(struct mailbox_list_index *index);
@@ -134,17 +133,13 @@ static int mailbox_list_sync_record_cmp(const void *_key,
const void *_rec)
{
const struct mailbox_list_sync_lookup_key *key = _key;
const struct mailbox_list_sync_record *rec = _rec;
- int ret;
if (key-name_hash rec-name_hash)
return -1;
if (key-name_hash rec-name_hash)
return 1;
- ret = strcmp(key-name, rec-name);
- if (ret == 0)
- *key-match = TRUE;
- return ret;
+ return strcmp(key-name, rec-name);
}
static struct mailbox_list_sync_record *
@@ -152,24 +147,24 @@ mailbox_list_sync_dir_lookup(struct mailbox_list_sync_dir
*dir,
const char *name, unsigned int *idx_r)
{
struct mailbox_list_sync_lookup_key key;
- const struct mailbox_list_sync_record *recs;
- struct mailbox_list_sync_record *rec;
+ struct mailbox_list_sync_record *recs;
unsigned int count;
bool match;
/* binary search the current hierarchy level name. the values are
sorted primarily by their hash value and secondarily by the actual
name */
- match = FALSE;
key.name = name;
key.name_hash = crc32_str(name);
- key.match = match;
- recs = array_get(dir-records, count);
- rec = bsearch_insert_pos(key, recs, count, sizeof(*rec),
-mailbox_list_sync_record_cmp);
- *idx_r = rec - recs;
- return match ? rec : NULL;
+ recs = array_get_modifiable(dir-records, count);
+ match = bsearch_insert_pos(key, recs, count, sizeof(*recs),
+ mailbox_list_sync_record_cmp,
+ idx_r);
+ if (!match)
+ return NULL;
+
+ return recs[*idx_r];
}
static struct mailbox_list_sync_record *
diff --git a/src/lib-storage/index/dbox/dbox-keywords.c
b/src/lib-storage/index/dbox/dbox-keywords.c
index db44890..4e84958 100644
--- a/src/lib-storage/index/dbox/dbox-keywords.c
+++ b/src/lib-storage/index/dbox/dbox-keywords.c
@@ -23,9 +23,9 @@ static int dbox_keyword_map_compare(const void *p1, const
void *p2)
int dbox_file_read_keywords(struct dbox_mailbox *mbox, struct dbox_file *file)
{
- struct keyword_map *map, *pos, kw;
+ struct keyword_map *map, kw;
const char *line;
- unsigned int idx, count;
+ unsigned int idx, count, insert_idx;
uoff_t last_offset;
if (array_is_created(file-idx_file_keywords)) {
@@ -58,10 +58,13 @@ int dbox_file_read_keywords(struct dbox_mailbox *mbox,
struct dbox_file *file)
/* look up the position where to insert it */
map = array_get_modifiable(file-idx_file_keywords, count);
- pos = idx == 0 ? map :
+ if (idx == 0)
+ insert_idx = 0;
+ else
bsearch_insert_pos(kw, map, count, sizeof(*map),
- dbox_keyword_map_compare);
- array_insert(file-idx_file_keywords, pos - map, kw, 1);
+
