Re: Share

[Rob Lister]

On 2023-05-26 22:59, lie...@bfh.ch wrote:
May 26 21:57:06 imap(mutt)<16>: Error: Mailbox 
Public/archive: open() failed with mbox: Read-only file system.



/etc/dovecot/dovecot.conf:



mail_uid=1000
mail_gid=1000



namespace {
  type = public
  prefix = Public/
  location = mbox:/var/mail/:INDEX=/var/indexes/public
  subscriptions = no
}


Might be worth also setting the location of control files:

location = 
mbox:/var/mail/:INDEX=/var/indexes/public:CONTROL=/var/control/%u


Where /var/control is writable by uid 1000.

https://doc.dovecot.org/configuration_manual/mail_location/mbox/

Has this to say about mbox control files:

"Under mbox format, Dovecot maintains the subscribed mailboxes list in a
file .subscriptions which by default is stored in the mail location 
root.

So in the example configuration this would be at ~/mail/.subscriptions.

If you want to put this somewhere else, you can change the directory in 
which

the .subscriptions file is kept by using the CONTROL parameter."

Also this:

https://doc.dovecot.org/admin_manual/mailbox_formats/mbox

Describes various file locking requirements for mbox format.

https://doc.dovecot.org/configuration_manual/mail_location/mbox/mboxlocking

Seems dovecot is going to check if it can create a .lock file (or 
otherwise

lock the file using flock())

A couple of workarounds are described there.

As the docs note, mbox isn't a great format to do this with.

You might also like to investigate Dovecot access lists to make 'read 
only'

folders etc:

https://doc.dovecot.org/configuration_manual/acl


Rob
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Trivial Pigeonhole patch: allow X-Original-From header for address tests

[Rob Foehl]

Motivated by more DMARC silliness, naturally.

-RobFrom 8554e5f6882a49f946ca6c6de5a483bdb02757cb Mon Sep 17 00:00:00 2001
From: Rob Foehl 
Date: Wed, 22 Jun 2022 23:27:46 -0400
Subject: [PATCH] lib-sieve: Allow X-Original-From header for the address test

Some systems (e.g. Google Groups) replace the From header when
resending mail from domains with DMARC records, copying the original to
X-Original-From and otherwise obfuscating the author's address.
---
 src/lib-sieve/tst-address.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib-sieve/tst-address.c b/src/lib-sieve/tst-address.c
index 086679df..c8dcb657 100644
--- a/src/lib-sieve/tst-address.c
+++ b/src/lib-sieve/tst-address.c
@@ -115,7 +115,7 @@ static const char * const _allowed_headers[] = {
"abuse-reports-to", "x-complaints-to", "x-report-abuse-to",
 
/* Undocumented */
-   "x-beenthere", "x-original-to",
+   "x-beenthere", "x-original-from", "x-original-to",
 
NULL
 };
-- 
2.36.1

Moving old emails to Gmail

[Rob Campbell]

I have a backup of mail messages I have from back when i was in school
using pine and I want to have them imported to my Gmail.  So I set up
dovecot and my Gmail can access it just fine but it can't find anything
except my inbox (which I can't even find).  I've moved my mail directory
and I can view the emails using alpine but I cannot view my inbox using
alpine.  Also, although Gmail can get my new test messages, it can't find
the messages in ~/mail where I am viewing them with alpine.  How do I make
it so Gmail can pull from ~/mail or ~/Maildir because I also converted the
messages in ~/mail to ~/Maildir format but although I've tried
mail_location = mbox:~/mail
mail_location = mbox:~/Maildir
mail_location = maildir:~/mail
and
mail_location = maildir:~/Maildir

None of this worked but mail_location = maildir:~/Maildir is the only one
that will at least allow me to get test messages in my inbox which Gmail
can then pull.

How do I resolve these issues?

~
In all things, Be Intentional.

Unable to find mail

[Rob Campbell]

I just installed dovecot and it seems to be working well except I can't
find where my new mail is being stored.

~
In all things, Be Intentional.

Re: Ms Exchange vs dovecot

[Rob Sterenborg (Lists)]

On 12-05-2020 15:45, Michael Hirmke wrote:

Hi Robert,


Hi, sorry for top post
but short answer is ,there is no exchange without outlook, that is what
makes exchange a good "groupware solution", on windows only.
So compare it to dovecot makes only small sense.


you can use Exchange with pure IMAP clients, too, but then you lose all
groupware functionality, because it doesn't offer any DAV interface.

But: You can use  a few Linux clients, that support EWS (Exchange Web
Services) and don't lose groupware functions. I tested Kontact and
Evolution - and both worked fine.


You can also run e.g. Nextcloud to get carddav, caldav, webdav, etc, etc.


--
Rob

Re: [Dovecot-news] Headsup on feature removal

[Rob Sterenborg (Lists)]

On 18-03-2020 22:55, Noel Butler wrote:

On 19/03/2020 03:56, JAVIER MIGUEL RODRIGUEZ wrote:


I fully agree with this:


Please consider holding off on removing features for the next major
release, 2.4.0 instead.  It makes sense to retain, in as much as is
possible, feature backwards compatibility across a major release.




I'm astonished that features are being removed in a dot release as well, 
no other major project does this, hell, most don't like adding new 
features in dot releases let alone stripping them out.


None of the listed changes affect me that I can see, but I've been 
around a long time and I'm flabbergasted that someone actually approved 
this on dot release.


Now although there is no real need for them to further upgrade to ensure 
business continuity, if a serious exploit is released in the wild they 
highly likely will get bitten. Stripping everything else at once in a 
new major is perfectly acceptable, and, is the norm.


I have to say that I also cannot understand why you're going to remove 
features from a dot release. You can give the heads-up here, but it is 
not common-practice and will very likely break a lot of setups.


It's understandable that you want to remove features that are hardly 
used or maintained, but not in a dot release.


Please reconsider this removal, and remove those features as of the next 
major release.



--
Kind regards,
Rob

lda: Unknown mail storage driver maildir

[Rob De Langhe via dovecot]

hi all,

I have a successful (self-compiled from source code) Dovecot v2.2.16 setup
active on my Solaris-10 server, with mails stored in user's $HOME/Maildir

The mails are fetched from the ISP with "fetchmail", using a "cron" job

fetchmail -f $HOME/etc/pop3.myisp

where the file "$HOME/etc/pop3.myisp" contains

set logfile fetchmail.log
poll pop.myisp.be with proto POP3
user myIspmailLogin there with password myIspPwd is rob here nokeep
mda "/programs-3.2/amd64/64/libexec/dovecot/deliver"

Now I want to get it also running on a Debian server, with the same Dovecot
version, and exactly the same config files, but here I get the following
messages in "/var/log/mail.log" when launching a "fetchmail" attempt :

Mar 17 14:36:20 apps_b dovecot: lda(rob): Debug: Effective uid=1000,
gid=1000, home=/home/rob
Mar 17 14:36:20 apps_b dovecot: lda(rob): Debug: Namespace inbox:
type=private, prefix=, sep=, inbox=no, hidden=no, list=yes,
subscriptions=yes location=maildir:~/Maildir
Mar 17 14:36:20 apps_b dovecot: lda(rob): Error: User initialization
failed: Namespace '': Unknown mail storage driver maildir
Mar 17 14:36:20 apps_b dovecot: lda(rob): Fatal: Invalid user settings.
Refer to server log for more information.

So it seems to be complaining about "maildir" storage driver ?!

My config is:

# /programs/3.4/x86_64/64/sbin/dovecot -n -c
/usr/local/dovecot/dovecot.conf
# 2.2.16: /usr/local/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.4
disable_plaintext_auth = no
first_valid_gid = 1000
first_valid_uid = 1000
last_valid_gid = 1500
last_valid_uid = 2000
mail_debug = yes
mail_location = maildir:~/Maildir
namespace inbox {
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = *
  driver = pam
}
postmaster_address = r...@mydomain.be
ssl_cert = 

Re: Virtual mailbox shows mails that are too old

[Rob Hoelz via dovecot]

Another workaround that worked for me with this is using INDEX=MEMORY in your 
virtual folder setup.

On Tue, 19 Feb 2019 10:19:56 +0200 (EET)
Aki Tuomi via dovecot  wrote:

> Hi, this is a known issue unfortunately. You can try do doveadm index
> -u victim 'Virtual/*'
> 
> Aki
> On 19 February 2019 09:46 Stefan Hagen via dovecot <
> dovecot@dovecot.org> wrote:
> > 
> > 
> > Hello,
> > 
> > I'm using dovecot on my personal / private email server.
> > I have set up virtual mailboxes in my inbox namespace like this:
> > 
> > namespace inbox {
> > inbox = yes
> > prefix = "Virtual/"
> > separator = /
> > location =
> > "virtual:~/.emails_virtual:LAYOUT=fs:INDEX=dovecot.virtual.index:LISTINDEX=dovecot.virtual.list.index"
> > list = yes subscriptions = yes
> > mailbox {
> > auto = subscribe
> > }
> > }
> > 
> > I had quite some trouble with it at first with UIDs changing all the
> > time, but after adding INDEX and LISTINDEX it started to work just
> > fine.
> > 
> > I've created dovecot_virtual files like this one:
> > $ cat ~/.emails_virtual/2-LastDay/dovecot-virtual
> > *
> > -Trash
> > -Sent
> > -Drafts
> > -Spam
> > -Virtual
> > -Virtual/*
> > all younger 86400
> > 
> > After stopping dovecot and deleting the index files and restarting
> > dovecot, the virtual mailbox shows all mail from the last day - as
> > expected. But after one day, it shows mail from two days. After
> > three, it shows mails from three days.
> > 
> > It looks like dovecot selects emails from the last day, but never
> > cleans out emails that are older, once they have been selected.
> > 
> > My full dovecot -n can be found here:
> > https://codevoid.de/?q=/0/p/dovecot-n.txt
> > 
> > Any ideas about what could be wrong?
> > 
> > Best Regards,
> > Stefan
> > 
> > --
> > Stefan Hagen | (gopher|https)://codevoid.de(/gpg)
> > CBD3 C468 64B4 6517 E8FB B90F B6BC 2EC5 52BE 43BA
> > 
> ---
> Aki Tuomi
> 

Re: Virtual Mailboxes redux

[Rob Hoelz]

Hi there!

I've had success using "doveadm mailbox list" to verify that my virtual 
mailboxes are showing up,
and using "doveadm search mailbox $VIRTUAL_MAILBOX" to print out which mails 
are in a folder.

-Rob

On Tue, 6 Mar 2018 11:40:13 -0700
"@lbutlr" <krem...@kreme.com> wrote:

> I’ve created virtual mailboxes in dovecot, and they show up in
> various clients, but the folders contain no messages. (I will get an
> ‘empty” folder icon named “@virtual” and an empty folder icon named
> “month” inside it. Is there a way I can verify what dovecot THINKS
> should be in the virtual folder via doveadm? 
> 
> <https://www.dropbox.com/s/hd4wnjrs3y5iswi/Screenshot%202018-03-06%2011.38.25.png?dl=0>
> 
>  # cat /usr/local/etc/dovecot/virtual/month/dovecot-vitual 
> # ~/Maildir/virtual/month/dovecot-virtual
> *
>   all younger 2678400
> 
>  # doveconf -n
> # 2.2.33.2 (d6601f4ec): /usr/local/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.21 (92477967)
> # OS: FreeBSD 11.1-RELEASE-p4 i386  
> auth_failure_delay = 5 secs
> auth_mechanisms = PLAIN LOGIN
> default_client_limit = 4096
> default_process_limit = 1024
> default_vsz_limit = 768 M
> disable_plaintext_auth = no
> first_valid_uid = 89
> imap_id_log = *
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> login_log_format_elements = user=<%u> %r %m %c
> mail_location = maildir:~/Maildir
> mail_max_userip_connections = 90
> mail_plugins = " virtual"
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart
> extracttext imapsieve vnd.dovecot.imapsieve namespace { location =
> virtual:/usr/local/etc/dovecot/virtual:INDEX=~/Maildir/virtual:CONTROL=~/Maildir/virtual
> prefix = @virtual. separator = . } namespace inbox {
>   inbox = yes
>   location = 
>   mailbox Archive {
> auto = subscribe
> special_use = \Archive
>   }
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> auto = subscribe
> special_use = \Junk
>   }
>   mailbox Sent {
> special_use = \Sent
>   }
>   mailbox Trash {
> special_use = \Trash
>   }
>   prefix = 
> }
> passdb {
>   driver = pam
>   username_filter = !*@*
> }
> passdb {
>   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>   driver = sql
> }
> plugin {
>   imapsieve_mailbox1_before =
> file:/usr/lib/dovecot/sieve/report-spam.sieve
> imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Junk
>   imapsieve_mailbox2_before =
> file:/usr/lib/dovecot/sieve/report-ham.sieve
> imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Junk
>   imapsieve_mailbox2_name = *
>   sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
>   sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
>   sieve_plugins = sieve_imapsieve sieve_extprograms
> }
> protocols = imap pop3
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
> mode = 0666
>   }
> }
> service imap-login {
>   inet_listener imaps {
> port = 993
> ssl = yes
>   }
> }
> service pop3-login {
>   inet_listener pop3 {
> port = 0
>   }
>   inet_listener pop3s {
> port = 995
> ssl = yes
>   }
> }
> ssl_cert =  ssl_key =  # hidden, use -P to show it
> ssl_protocols = !SSLv2 !SSLv3
> userdb {
>   driver = passwd
> }
> userdb {
>   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>   default_fields = uid=vpopmail gid=vchkpw
> mail_location=/usr/local/virtual/%u
> mail=maildir:/usr/local/virtual/%u driver = sql }
> protocol imap {
>   mail_plugins = " virtual imap_sieve"
> }
> 
> 

Re: Using virtual folders with younger and index files

[Rob Hoelz]

Hi David,

Sorry, I do not - I just have two virtual folders that hold the last two weeks 
of mail, plus one that
holds flagged mails.

-Rob

On Tue, 27 Feb 2018 23:50:11 -0500
David Mehler <dave.meh...@gmail.com> wrote:

> Hello Rob,
> 
> Do you by chance have a virtual/All folder which holds all your
> messages? If so, could I see that configuration?
> 
> Thanks.
> Dave.
> 
> 
> On 2/27/18, Rob Hoelz <rob+dove...@hoelz.ro> wrote:
> > Hi list,
> >
> > I just encountered a problem while using dovecot's Virtual plugin
> > with 2.3.0.  I managed to solve the issue,
> > but I wanted to bring it to the attention of others on the list to
> > see if there exists a better solution, if
> > I found a bug, or if it's just a matter of updating documentation.
> >
> > I have a virtual folder to get the most recent two weeks of mails;
> > it looks something like this:
> >  
> >> INBOX
> >>   all younger 1209600  
> >
> > I made this folder back in October.  Lately, I started to notice
> > that the virtual folder had a surprising amount
> > of mail in it - I don't get 1,000 e-mails per week!  After some
> > doveadm commands, I realized that e-mails from
> > October were still present in my virtual folder!  Updating the
> > dovecot-virtual would clear away e-mails older than
> > two weeks (I needed to actually introduce a change, even if it was
> > just whitespace - just touching the file didn't
> > update things), and removing the dovecot index file also cleared
> > things away.  In then end, I ended up just telling
> > dovecot to disable on-disk indexes for that folder.
> >
> > I created this folder based on the examples on
> > https://wiki.dovecot.org/Plugins/Virtual - I'm wondering if I found
> > a bug or if that page should be changed to recommend disabling
> > on-disk indexes when using certain search query filters such as
> > "younger".  If the latter, I can always make the change - just let
> > me know!
> >
> > -Rob
> >  

Using virtual folders with younger and index files

[Rob Hoelz]

Hi list,

I just encountered a problem while using dovecot's Virtual plugin with 2.3.0.  
I managed to solve the issue,
but I wanted to bring it to the attention of others on the list to see if there 
exists a better solution, if
I found a bug, or if it's just a matter of updating documentation.

I have a virtual folder to get the most recent two weeks of mails; it looks 
something like this:

> INBOX
>   all younger 1209600

I made this folder back in October.  Lately, I started to notice that the 
virtual folder had a surprising amount
of mail in it - I don't get 1,000 e-mails per week!  After some doveadm 
commands, I realized that e-mails from
October were still present in my virtual folder!  Updating the dovecot-virtual 
would clear away e-mails older than
two weeks (I needed to actually introduce a change, even if it was just 
whitespace - just touching the file didn't
update things), and removing the dovecot index file also cleared things away.  
In then end, I ended up just telling
dovecot to disable on-disk indexes for that folder.

I created this folder based on the examples on 
https://wiki.dovecot.org/Plugins/Virtual - I'm wondering if I found a bug
or if that page should be changed to recommend disabling on-disk indexes when 
using certain search query filters such as
"younger".  If the latter, I can always make the change - just let me know!

-Rob

Re: Dovecot 2.3 - using doveadm as non-root?

[Rob Hoelz]

On Wed, 3 Jan 2018 13:37:07 -0500
Timo Sirainen <t...@iki.fi> wrote:

> On 3 Jan 2018, at 11.38, Rob Hoelz <rob+dove...@hoelz.ro> wrote:
> > 
> > Hi dovecot developers and users,
> > 
> > I recently upgraded my server running Arch Linux to dovecot 2.3.0,
> > and I noticed some of my cron jobs started issuing me error
> > messages.  These cron jobs run as a non-root user associated with
> > my mail account, and they use doveadm to tidy things up (ex.
> > purging the trash, moving old mail in certain folders into the
> > trash).  The error message is:
> > 
> >> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
> >> Permission denied
> > 
> > I assume this is doveadm trying to participate in the new 2.3 stats
> > process, and after reading the code a bit, I can't see way to tell
> > doveadm to not connect to the stats writer.  The socket is owned by
> > root with 600 permissions.
> > 
> > What would be the right way to remedy this?  AFAICT, I could
> > potentially run doveadm as root (which I would prefer to avoid), or
> > I could change the permissions on the stats writer socket, but I
> > would hate to introduce any sort of security vulnerability by doing
> > so.  I currently have a scrappy Perl script that just runs doveadm
> > and filters out the error message (it doesn't seem to affect the
> > behavior of doveadm other than the message), but that feels dirty
> > and I would prefer a cleaner solution.  Any advice?
> 
> I was wondering what to do about this while developing it. I think
> you can disable this by clearing out the socket path:
> 
> doveadm -o stats_writer_socket_path=
> 
> But .. I think the changing the socket permissions is the better
> solution. The new stats process should know about everything that is
> going on in the system, and these doveadm calls are part of that. So
> if they're excluded then the stats aren't exactly correct. The
> stats-writer can't do all that much harm other than messing up the
> statistics or probably crashing stats process by using up all of its
> memory.
> 

Thanks for the advice, Timo - I went ahead and applied the permission change to 
my dovecot config.  On a side note, thanks for dovecot in general - it's a 
great piece of software!

-Rob

Dovecot 2.3 - using doveadm as non-root?

[Rob Hoelz]

Hi dovecot developers and users,

I recently upgraded my server running Arch Linux to dovecot 2.3.0, and I
noticed some of my cron jobs started issuing me error messages.  These
cron jobs run as a non-root user associated with my mail account, and
they use doveadm to tidy things up (ex. purging the trash, moving
old mail in certain folders into the trash).  The error message is:

> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
> Permission denied

I assume this is doveadm trying to participate in the new 2.3 stats
process, and after reading the code a bit, I can't see way to tell
doveadm to not connect to the stats writer.  The socket is owned by
root with 600 permissions.

What would be the right way to remedy this?  AFAICT, I could potentially
run doveadm as root (which I would prefer to avoid), or I could change
the permissions on the stats writer socket, but I would hate to
introduce any sort of security vulnerability by doing so.  I currently
have a scrappy Perl script that just runs doveadm and filters out the
error message (it doesn't seem to affect the behavior of doveadm other
than the message), but that feels dirty and I would prefer a cleaner
solution.  Any advice?

Thanks,
Rob

Re: One way dsync replication with dsync -R

[Rob Archibald]

So, even with a particular user only connecting to one node in the pair, you 
still see the issue? I'm not seeing that in my setup. I only see it when 
concurrently connecting the same user to two different nodes in the pair.

Blessings,
Rob Archibald
CTO, EndFirst LLC
r...@robarchibald.com

> On Mar 24, 2017, at 12:50 AM, Wolfgang Hennerbichler <wo...@wogri.com> wrote:
> 
> Rob, 
> 
> Unfortunately I don’t think the director will solve this problem. I have a 
> director in front of my setup and it is configured to point every client to 
> one server. It didn’t change anything in its behavior. 
> I also have a setup without a director where the clients are only allowed to 
> talk to one host (DNS entries control this) - same thing. 
> 
> Wolfgang
> 
>> On Mar 22, 2017, at 23:58, Rob Archibald <r...@robarchibald.com> wrote:
>> 
>> Ugh, sorry for the formatting. Not sure what happened when it sent through 
>> the list.  Trying again
>> 
>> Blessings,
>> Rob Archibald
>> CTO, EndFirst LLC
>> r...@robarchibald.com
>> 
>> 
>> -Original Message-
>> From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Rob Archibald
>> Sent: Wednesday, March 22, 2017 3:55 PM
>> To: 'Wolfgang Hennerbichler'; dovecot@dovecot.org
>> Subject: RE: One way dsync replication with dsync -R
>> 
>> I'm using dsync successfully to keep two nodes synchronized, but I have the 
>> same problems as you. When I first set it up, I purposely had my phone 
>> connected to one node and my desktop connected to the other node. This 
>> allowed me to watch for the very issues you're referring to. I ran into them 
>> enough that I quit using it that way. But, what I also found was that it was 
>> just a timing issue. If they weren't synchronized, I could wait a bit and 
>> they would get synched up. Obviously that doesn't work too great if you're 
>> sending clients to both nodes through a load balancer though. But, since it 
>> was just a timing issue, it also made me feel plenty comfortable using 2-way 
>> sync. I've been able to verify that whichever node is the "master" that the 
>> other node will be in sync soon thereafter. It just doesn't work great if 
>> you're logged into both at the same time. 
>> 
>> How does that help you may ask? Well, my plan is to setup Dovecot Director 
>> on each of my node pairs to enable load balancing that way instead of 
>> through some other load balancer. Director should ensure that all clients of 
>> a single user will be directed to the same node. Since I haven't set that up 
>> yet, I can't guarantee it'll work, but based on my testing and reading, I 
>> think it should be fine. 
>> 
>> The benefits I'm expecting are:
>> 1. Redundant and reliable storage with data always in 2 places at once 
>> 
>> 2. All devices of a single user always go to the same server so that there 
>> is no risk of synchronization delays between devices 
>> 
>> 3. Local storage connections for Dovecot so hopefully a lot fewer index 
>> corruption issues compared to NFS 
>> 
>> 4. Redundant compute nodes so if one server goes down, clients can still 
>> connect
>> 
>> 
>> At a high level, my complete setup that I'm building is to 1. Shard users 
>> into separate server pairs using Dovecot Proxy, 2. Load-balance them within 
>> the server pair using Dovecot Director. Hopefully my attempt to explain will 
>> come out well in ASCII:
>> 
>> Server sharding (however many pairs needed to support users. 4 users each 
>> obviously only for illustration purposes) = 
>> 
>> Server pair 1 (servers A & B) Users 1-4
>> 
>> Server pair 2 (servers C & D) Users 5-8
>> 
>> User connections
>> =
>> User 1 device 1 ---> Load balancer ---> Dovecot proxy A --->  Send to Server 
>> A running Director ---> Connect on Server A 
>> 
>> User 2 device 1 ---> Load balancer ---> Dovecot proxy B --->  Send to Server 
>> A running Director ---> Connect on Server B 
>> 
>> User 5 device 1 ---> Load balancer ---> Dovecot proxy C --->  Send to Server 
>> C running Director ---> Connect on Server C 
>> 
>> User 1 device 2 ---> Load balancer ---> Dovecot proxy D --->  Send to Server 
>> A running Director ---> Connect on Server A 
>> 
>> User 7 device 1 ---> Load balancer ---> Dovecot proxy A --->  Send to Server 
>> C running Director ---> Connect on Server D 
>> 
>> User 6 device 1 ---> Load balancer ---> Dove

Re: The challenge of customizing Dovecot

[Rob McAninch]

-- 
Rob McAninch
robmcaninch.com
(Sent from my iPhone)
> On Mar 22, 2017, at 23:53, Robert Moskowitz <r...@htt-consult.com> wrote:
> 
> 
> 
> On 03/22/2017 09:16 PM, Rob McAninch wrote:
>>> On Mar 22, 2017, at 18:25, Robert Moskowitz <r...@htt-consult.com> wrote:
>>> 
>>> 
>>> 
>>>> On 03/22/2017 11:36 AM, chaouche yacine wrote:
>>>> Robert,
>>>> 
>>>> What would be the benefit of using sed against making customized files and 
>>>> just copying them ? I'd probably just want to copy a working version of 
>>>> /etc/dovecot/ conf files instead of modifying my existing files with sed 
>>>> scripts (or create new ones with cat).
>>> new options are left unaltered.  I learned this with postfix, to use 
>>> postconf instead of trying to replace main.cf.
>>> 
>>> I thought about mv old confs then cat new confs, but again, there are other 
>>> things set up, and I worked at changing what needed customization, rather 
>>> than wholesale replacement.
>> Did you consider putting your customization in a local.conf which should be 
>> tried at the end? Could put whatever explanation in there you want. On a 
>> system like Debian this would more easily allow the default files to be 
>> upgraded without intervention.
>> 
> I have not seen any reference to a local.conf.  Can you point this out to me? 
>  I will have to see that it is maintained in Centos.  But some of the mods 
> are additions (like plugins) to existing lines.  I would have to find out how 
> those are processed.

It is mentioned here
http://wiki.dovecot.org/ConfigFile

Debian Jessie has the last line of dovecot.conf as:

!include_try local.conf

-- 
Rob

Re: The challenge of customizing Dovecot

[Rob McAninch]

> On Mar 22, 2017, at 18:25, Robert Moskowitz <r...@htt-consult.com> wrote:
> 
> 
> 
>> On 03/22/2017 11:36 AM, chaouche yacine wrote:
>> Robert,
>> 
>> What would be the benefit of using sed against making customized files and 
>> just copying them ? I'd probably just want to copy a working version of 
>> /etc/dovecot/ conf files instead of modifying my existing files with sed 
>> scripts (or create new ones with cat).
> 
> new options are left unaltered.  I learned this with postfix, to use postconf 
> instead of trying to replace main.cf.
> 
> I thought about mv old confs then cat new confs, but again, there are other 
> things set up, and I worked at changing what needed customization, rather 
> than wholesale replacement.

Did you consider putting your customization in a local.conf which should be 
tried at the end? Could put whatever explanation in there you want. On a system 
like Debian this would more easily allow the default files to be upgraded 
without intervention.

-- 
Rob

RE: One way dsync replication with dsync -R

[Rob Archibald]

Ugh, sorry for the formatting. Not sure what happened when it sent through the 
list.  Trying again

Blessings,
Rob Archibald
CTO, EndFirst LLC
r...@robarchibald.com


-Original Message-
From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Rob Archibald
Sent: Wednesday, March 22, 2017 3:55 PM
To: 'Wolfgang Hennerbichler'; dovecot@dovecot.org
Subject: RE: One way dsync replication with dsync -R

I'm using dsync successfully to keep two nodes synchronized, but I have the 
same problems as you. When I first set it up, I purposely had my phone 
connected to one node and my desktop connected to the other node. This allowed 
me to watch for the very issues you're referring to. I ran into them enough 
that I quit using it that way. But, what I also found was that it was just a 
timing issue. If they weren't synchronized, I could wait a bit and they would 
get synched up. Obviously that doesn't work too great if you're sending clients 
to both nodes through a load balancer though. But, since it was just a timing 
issue, it also made me feel plenty comfortable using 2-way sync. I've been able 
to verify that whichever node is the "master" that the other node will be in 
sync soon thereafter. It just doesn't work great if you're logged into both at 
the same time. 

How does that help you may ask? Well, my plan is to setup Dovecot Director on 
each of my node pairs to enable load balancing that way instead of through some 
other load balancer. Director should ensure that all clients of a single user 
will be directed to the same node. Since I haven't set that up yet, I can't 
guarantee it'll work, but based on my testing and reading, I think it should be 
fine. 

The benefits I'm expecting are:
1. Redundant and reliable storage with data always in 2 places at once 

2. All devices of a single user always go to the same server so that there is 
no risk of synchronization delays between devices 

3. Local storage connections for Dovecot so hopefully a lot fewer index 
corruption issues compared to NFS 

4. Redundant compute nodes so if one server goes down, clients can still connect


At a high level, my complete setup that I'm building is to 1. Shard users into 
separate server pairs using Dovecot Proxy, 2. Load-balance them within the 
server pair using Dovecot Director. Hopefully my attempt to explain will come 
out well in ASCII:

Server sharding (however many pairs needed to support users. 4 users each 
obviously only for illustration purposes) = 

Server pair 1 (servers A & B) Users 1-4

Server pair 2 (servers C & D) Users 5-8

User connections
=
User 1 device 1 ---> Load balancer ---> Dovecot proxy A --->  Send to Server A 
running Director ---> Connect on Server A 

User 2 device 1 ---> Load balancer ---> Dovecot proxy B --->  Send to Server A 
running Director ---> Connect on Server B 

User 5 device 1 ---> Load balancer ---> Dovecot proxy C --->  Send to Server C 
running Director ---> Connect on Server C 

User 1 device 2 ---> Load balancer ---> Dovecot proxy D --->  Send to Server A 
running Director ---> Connect on Server A 

User 7 device 1 ---> Load balancer ---> Dovecot proxy A --->  Send to Server C 
running Director ---> Connect on Server D 

User 6 device 1 ---> Load balancer ---> Dovecot proxy B --->  Send to Server C 
running Director ---> Connect on Server C 

User 3 device 1 ---> Load balancer ---> Dovecot proxy C --->  Send to Server A 
running Director ---> Connect on Server B 

User 8 device 1 ---> Load balancer ---> Dovecot proxy D --->  Send to Server C 
running Director ---> Connect on Server D 

User 3 device 2 ---> Load balancer ---> Dovecot proxy A --->  Send to Server A 
running Director ---> Connect on Server B 

User 5 device 3 ---> Load balancer ---> Dovecot proxy B --->  Send to Server C 
running Director ---> Connect on Server C 

User 5 device 2 ---> Load balancer ---> Dovecot proxy C --->  Send to Server C 
running Director ---> Connect on Server C 

User 4 device 1 ---> Load balancer ---> Dovecot proxy D --->  Send to Server A 
running Director ---> Connect on Server A 

User 5 device 4 ---> Load balancer ---> Dovecot proxy A --->  Send to Server C 
running Director ---> Connect on Server C 

User 1 device 3 ---> Load balancer ---> Dovecot proxy B --->  Send to Server A 
running Director ---> Connect on Server A 

User 1 device 4 ---> Load balancer ---> Dovecot proxy C --->  Send to Server A 
running Director ---> Connect on Server A 

User 6 device 2 ---> Load balancer ---> Dovecot proxy D --->  Send to Server C 
running Director ---> Connect on Server C 

User 2 device 2 ---> Load balancer ---> Dovecot proxy A --->  Send to Server A 
running Director ---> Connect on Server B

Results
===

RE: One way dsync replication with dsync -R

[Rob Archibald]

I'm using dsync successfully to keep two nodes synchronized, but I have the 
same problems as you. When I first set it up, I purposely had my phone 
connected to one node and my desktop connected to the other node. This allowed 
me to watch for the very issues you're referring to. I ran into them enough 
that I quit using it that way. But, what I also found was that it was just a 
timing issue. If they weren't synchronized, I could wait a bit and they would 
get synched up. Obviously that doesn't work too great if you're sending clients 
to both nodes through a load balancer though. But, since it was just a timing 
issue, it also made me feel plenty comfortable using 2-way sync. I've been able 
to verify that whichever node is the "master" that the other node will be in 
sync soon thereafter. It just doesn't work great if you're logged into both at 
the same time. 

How does that help you may ask? Well, my plan is to setup Dovecot Director on 
each of my node pairs to enable load balancing that way instead of through some 
other load balancer. Director should ensure that all clients of a single user 
will be directed to the same node. Since I haven't set that up yet, I can't 
guarantee it'll work, but based on my testing and reading, I think it should be 
fine. 

The benefits I'm expecting are:
1. Redundant and reliable storage with data always in 2 places at once
2. All devices of a single user always go to the same server so that there is 
no risk of synchronization delays between devices
3. Local storage connections for Dovecot so hopefully a lot fewer index 
corruption issues compared to NFS
4. Redundant compute nodes so if one server goes down, clients can still connect


At a high level, my complete setup that I'm building is to 1. Shard users into 
separate server pairs using Dovecot Proxy, 2. Load-balance them within the 
server pair using Dovecot Director. Hopefully my attempt to explain will come 
out well in ASCII:

Server sharding (however many pairs needed to support users. 4 users each 
obviously only for illustration purposes)
=
Server pair 1 (servers A & B)
Users 1-4

Server pair 2 (servers C & D)
Users 5-8

User connections
=
User 1 device 1 ---> Load balancer ---> Dovecot proxy A --->  Send to Server A 
running Director ---> Connect on Server A
User 2 device 1 ---> Load balancer ---> Dovecot proxy B --->  Send to Server A 
running Director ---> Connect on Server B
User 5 device 1 ---> Load balancer ---> Dovecot proxy C --->  Send to Server C 
running Director ---> Connect on Server C
User 1 device 2 ---> Load balancer ---> Dovecot proxy D --->  Send to Server A 
running Director ---> Connect on Server A
User 7 device 1 ---> Load balancer ---> Dovecot proxy A --->  Send to Server C 
running Director ---> Connect on Server D
User 6 device 1 ---> Load balancer ---> Dovecot proxy B --->  Send to Server C 
running Director ---> Connect on Server C
User 3 device 1 ---> Load balancer ---> Dovecot proxy C --->  Send to Server A 
running Director ---> Connect on Server B
User 8 device 1 ---> Load balancer ---> Dovecot proxy D --->  Send to Server C 
running Director ---> Connect on Server D
User 3 device 2 ---> Load balancer ---> Dovecot proxy A --->  Send to Server A 
running Director ---> Connect on Server B
User 5 device 3 ---> Load balancer ---> Dovecot proxy B --->  Send to Server C 
running Director ---> Connect on Server C
User 5 device 2 ---> Load balancer ---> Dovecot proxy C --->  Send to Server C 
running Director ---> Connect on Server C
User 4 device 1 ---> Load balancer ---> Dovecot proxy D --->  Send to Server A 
running Director ---> Connect on Server A
User 5 device 4 ---> Load balancer ---> Dovecot proxy A --->  Send to Server C 
running Director ---> Connect on Server C
User 1 device 3 ---> Load balancer ---> Dovecot proxy B --->  Send to Server A 
running Director ---> Connect on Server A
User 1 device 4 ---> Load balancer ---> Dovecot proxy C --->  Send to Server A 
running Director ---> Connect on Server A
User 6 device 2 ---> Load balancer ---> Dovecot proxy D --->  Send to Server C 
running Director ---> Connect on Server C
User 2 device 2 ---> Load balancer ---> Dovecot proxy A --->  Send to Server A 
running Director ---> Connect on Server B

Results 
===
User 1, 4 - Server A
User 2, 3 - Server B
User 5, 6 - Server C
User 7, 8 - Server D

I would love to hear if others have gotten something like this working.

Blessings,
Rob Archibald
CTO, EndFirst LLC
r...@robarchibald.com

-Original Message-
From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Wolfgang 
Hennerbichler
Sent: Wednesday, March 22, 2017 2:11 PM
To: dovecot@dovecot.org
Subject: One way dsync replication with ds

Re: Checking sieve

[Rob McAninch]

> On Dec 19, 2016, at 15:33, Gerben Wierda  wrote:
> 
> A simple question: I’ve installed roundcube on macOS Sierra with Server 5.2 
> and created a set of sieve rules in my dovecot setup. How can I check their 
> functioning (other than send test mails) e.g. is there some logging I can set 
> / look at?
> 

I think you will see some sieve activity in the system logs. If that's not 
enough:
https://wiki2.dovecot.org/Logging
mail_debug=yes

Re: [Dovecot] Dovecot MTA

[Rob Sterenborg (lists)]

On 11/10/2013 08:04 PM, Timo Sirainen wrote:

On 10.11.2013, at 20.00, Daniele Nicolodi dani...@grinta.net wrote:


Additionally I feel that Dovecot documentation can see some love as
well.  Having the wiki as main source of documentation does not look
very polished, compared, for example to the extremely good written and
maintained Postfix documentation.


I don’t know how to improve the current documentation. (Other than
implementing the few missing man pages.) There is going to be a Dovecot
book soon though, maybe that’ll help.


How Dovecot documentation can be improved? Well, what I find extremely 
helpful from the Postfix documentation but cannot find the equivalent 
for Dovecot is: http://www.postfix.org/postconf.5.html


Wiki's are helpful, but a full list of all configuration parameters, how 
they work and, when applicable,  how they are related to other 
parameters will likely help a lot of users.



--
Rob

[Dovecot] sieve gone mad ---help

[Rob]

managesieve has gone mad.
One person went on holiday when he came back his out of office would not switch 
off, then it replicated it's self into two other users (the vacation noticE) 
and started to be sent out for them and those users had never set up an out of 
office or looted into round cube.
even deleting the vacation notice did not stop it, but if we put another 
vacation notice in then the new one is sent out, if we disable the new one then 
the old one is sent out…. 
mad….
how can I refresh the whole thing and start again… ?
I am running this on 10.8.4 mountain lion server and I can't stop sieve…
I have looked in the /Library/Server/Mail/Data/rules/USERFOLDER
and removed all sieve files
I have looked in each users mailbox but no seve files there…
I have restarted and still sieve will not stop sending out emails…. yesterday 
it went crazy sending a mail a second from one mailbox back to it's self….
help…..

osx 10.8 server using latest roundcube with managesieve plugin
bash-3.2# ps -aef|grep dovecot
   0 27481 1   0 12:07am ?? 0:00.36 
/Applications/Server.app/Contents/ServerRoot/usr/sbin/dovecotd -F
 214 27490 27481   0 12:07am ?? 0:00.58 dovecot/anvil [4 connections]
   0 28237 27481   0 12:07am ?? 0:01.69 dovecot/log
   0 28239 27481   0 12:07am ?? 0:00.20 dovecot/config
 227 28309 27481   0 12:08am ?? 0:42.33 dovecot/imap-login [28 
connections (28 TLS)]
 214 28311 27481   0 12:08am ?? 0:08.65 dovecot/auth [0 wait, 0 passdb, 
0 userdb]
 214 40746 27481   0  6:54am ?? 0:06.33 dovecot/imap [3 connections]
 214 40747 27481   0  6:54am ?? 0:01.89 dovecot/imap [reply 
192.168.5.134 IDLE]
 214 45378 27481   0  8:36am ?? 0:01.73 dovecot/imap [3 connections]
 214 46125 27481   0  9:03am ?? 0:00.75 dovecot/imap [2 connections]
 214 46127 27481   0  9:03am ?? 0:01.84 dovecot/imap [3 connections]
 214 47385 27481   0  9:35am ?? 0:01.29 dovecot/imap [3 connections]
 214 56274 27481   0  1:15pm ?? 0:00.25 dovecot/imap [3 connections]
 214 56275 27481   0  1:15pm ?? 0:00.36 dovecot/imap [5 connections]
 214 56276 27481   0  1:15pm ?? 0:00.45 dovecot/imap [4 connections]
 214 56367 27481   0  1:18pm ?? 0:00.10 dovecot/imap [liam 
192.168.5.130 IDLE]
   0 62854  9637   0  4:37pm ttys0000:00.00 grep dovecot
bash-3.2# /Applications/Server.app/Contents/ServerRoot/usr/sbin/dovecotd -n
# 2.0.19apple1: /Library/Server/Mail/Config/dovecot/dovecot.conf
# OS: Darwin 12.4.0 x86_64  hfs
aps_topic = com.apple.mail.XServer.68f48c72-274a-48f9-beed-71096afe3fa6
auth_mechanisms = cram-md5 x-plain-submit plain login apop gssapi digest-md5
auth_socket_path = /var/run/dovecot/auth-userdb
auth_username_format = %n
default_internal_user = _dovecot
default_login_user = _dovenull
disable_plaintext_auth = no
first_valid_gid = 6
first_valid_uid = 6
mail_access_groups = mail
mail_location = maildir:/Library/Server/Mail/Data/mail/%u
mail_log_prefix = %s(pid %p user %u): 
mail_plugins = quota zlib fts fts_sk
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
mdbox_rotate_size = 200 M
passdb {
 args = /Library/Server/Mail/Config/dovecot/submit.passdb
 driver = passwd-file
 pass = yes
 submit = yes
}
passdb {
 driver = od
}
plugin {
 fts = sk
 quota = maildir:User quota
 quota_warning = storage=100%% quota-exceeded %u
 sieve = /Library/Server/Mail/Data/rules/%u/roundcube.sieve
 sieve_dir = /Library/Server/Mail/Data/rules/%u
}
postmaster_address = postmas...@server.risk.gg
protocols = imap pop3 lmtp sieve
quota_full_tempfail = yes
service auth {
 extra_groups = _keytabusers
 idle_kill = 15 mins
 unix_listener auth-userdb {
   user = _dovecot
 }
}
service dns_client {
 unix_listener dns-client {
   mode = 0600
 }
}
service imap-login {
 inet_listener imap {
   port = 143
 }
 inet_listener imaps {
   port = 993
   ssl = yes
 }
 service_count = 0
}
service imap {
 client_limit = 5
 process_limit = 200
 service_count = 0
}
service lmtp {
 unix_listener lmtp {
   mode = 0600
 }
}
service managesieve-login {
 inet_listener sieve {
   port = 4190
 }
}
service pop3-login {
 inet_listener pop3 {
   port = 110
 }
 inet_listener pop3s {
   port = 995
   ssl = yes
 }
}
service pop3 {
 client_limit = 5
 process_limit = 200
 service_count = 0
}
service quota-exceeded {
 executable = script 
/Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded.sh
 unix_listener quota-exceeded {
   group = mail
   mode = 0660
   user = _dovecot
 }
 user = _dovecot
}
service quota-warning {
 executable = script 
/Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning.sh
 unix_listener quota-warning {
   group = mail
   mode = 0660
   user = _dovecot
 }
 user = _dovecot
}
ssl = 

Re: [Dovecot] Maildirmake equiv?

[Rob Sterenborg (lists)]

On 08/16/2013 06:53 AM, LuKreme wrote:

Since I am using dovecot I do not have courier installed, but Courier had a 
very handy
tool for making maildir folders called `maildirmake` which I used in some 
automated
backup scripts. How do I duplicate maildirmake in dovecot?


Dovecot can autocreate mailboxes. Is that something you can use?

http://wiki2.dovecot.org/MailboxSettings

http://dovecot.2317879.n4.nabble.com/dovecot-2-2-Warning-autocreate-plugin-is-deprecated-use-mailbox-auto-setting-instead-td41673.html


--
Rob

Re: [Dovecot] dovecot is working, sort of

[Rob Sterenborg (lists)]

On 08/15/2013 10:50 AM, LuKreme wrote:


Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see 
mail_uid setting)

These are all virtual users with a hid of 89. How do I tell dovecot that?


$ cat /etc/dovecot/dovecot-sql.conf.ext
driver =  mysql
connect = host=localhost dbname=postfix user=dovecot password=dovecot
default_pass_scheme = MD5-CRYPT
password_query = select password from mailbox where username ='%u'
user_query = select concat('/usr/local/virtual/', maildir) from mailbox where 
username = '%u'


In my SQL configuration I have something like this:

user_query = \
SELECT _home AS home, _uid AS uid, _gid AS gid \
FROM virtual_mailboxes \
WHERE _recipient='%u' AND _active=1

Using this I can give certain users a different UID/GID, should I want 
to. But if I'm not mistaken you can also statically configure the uid 
and gid.

On page http://wiki2.dovecot.org/VirtualUsers, the last example says:

userdb {
  driver = static
  args = uid=vmail gid=vmail home=/var/mail/virtual/%d/%n
}

I guess you should be able to adapt this to your SQL config.


--
Rob

Re: [Dovecot] Dovecot 2.2.4 does not create home directory?

[Rob Sterenborg (lists)]

On 17-07-13 16:11, Dmitry . wrote:

Isn't the log actually saying what's wrong here?
(I didn't see a file listing that shows what owner/permissions are set.)


Initialization failed: Namespace '': mkdir(Maildir) in directory
/var/run/dovecot failed: Permission denied (euid=1202(dovecot)
egid=202(dovecot) missing +w perm: /var/run/dovecot, dir owned by 0:0
mode=0755)
Jul 17 12:49:41 imap(t...@example.com): Error: Invalid user settings. Refer
to server log for more information.


The log says:

- mkdir(Maildir) in directory /var/run/dovecot failed: Permission denied
  Dovecot couldn't create a directory in /var/run/dovecot. Personally,
  I would not want to create mail directories there, but if you're okay
  with it then I'm okay too.

- (euid=1202(dovecot) egid=202(dovecot)
  Dovecot is running as dovecot:dovecot (1202:202).

- missing +w perm: /var/run/dovecot, dir owned by 0:0 mode=0755)
  The base directory is owned by root:root with 755 permissions, so
  dovecot has no permission to write anything.

I'd choose another place where your mail directories are created and 
have the correct owner/permissions set.



--
Rob

Re: [Dovecot] Broken physical size caching in Dovecot 2.1.10

[Rob Redpath]

On 16/02/13 14:50, Timo Sirainen wrote:

On Wed, 2013-02-13 at 11:49 +, Rob Redpath wrote:

Dovecot's zlib plugin requires that the maildir filenames
have ,S=uncompressed size. Otherwise you get those errors.
http://dovecot.org/tools/maildir-size-check.sh can be used to fix the
filenames.


Thanks for this. The problem I'm encountering is that Dovecot renames
files, and does so to their size on disk rather than their uncompressed
size, undoing any corrective action that's been taken.

Yeah. It's a bit difficult to change the automated fixing code to work
properly with compressed files without some very ugly kludges.

BTW. http://dovecot.org/tools/maildir-size-fix.pl has been updated to
work with compressed files also, making maildir-size-check.sh obsolete.


I had a quick look myself - it looks like it would be! Obviously I can't 
leave my production system in a state where mail can't be accessed by 
some of its users - so what would your advice be to work around this?


I think my options are:-
- Modify and recompile dovecot so that the affected sub is a no-op and 
guarantee that filenames will always reflect the uncompressed size of 
the message through other means

OR
- Ensure that the sub never gets called. What condition is it that 
Dovecot encounters that triggers it to rename a file?


Thanks for you help with this!

Re: [Dovecot] Broken physical size caching in Dovecot 2.1.10

[Rob Redpath]

On 19/02/13 09:42, Timo Sirainen wrote:

On 19.2.2013, at 11.39, Rob Redpath rob.redp...@heartinternet.co.uk wrote:


BTW. http://dovecot.org/tools/maildir-size-fix.pl has been updated to
work with compressed files also, making maildir-size-check.sh obsolete.



I had a quick look myself - it looks like it would be! Obviously I can't leave 
my production system in a state where mail can't be accessed by some of its 
users - so what would your advice be to work around this?

I think my options are:-
- Modify and recompile dovecot so that the affected sub is a no-op and 
guarantee that filenames will always reflect the uncompressed size of the 
message through other means
OR
- Ensure that the sub never gets called. What condition is it that Dovecot 
encounters that triggers it to rename a file?

Just run the maildir-size-fix.pl to your existing maildirs and you should have 
no problems in future?

Sadly, that doesn't seem to work. In a normal case where I see this 
issue, running maildir-size-fix.pl (with -a -c -f -r -v options) 
identifies and renames lots of files, but then accessing the mailbox 
causes dovecot to rename them back to the incorrect values.


One thing I've noticed during testing this is that, in my doveadm fetch 
output for an affected mailbox, the same UID appears to be processed 
over and over before Dovecot moves on. In the example I happen to have 
on screen, this line appears 13 times in the output, each with with a 
larger value to the right of the 


doveadm(u...@example.com): Error: Maildir filename has wrong S value, 
renamed the file from 
/var/spool/virtual_mail/user_example.com_d/.INBOX.folder/cur/1308038406.M274176P16579.mail.example.net,S=11919:2,S 
to 
/var/spool/virtual_mail/user_example.com_d/.INBOX.folder/cur/1308038406.M274176P16579.mail.example.net,S=11919:2,S
doveadm(u...@example.com): Error: Corrupted index cache file 
/var/spool/virtual_mail/user_example.com_d/.INBOX.eBay/dovecot.index.cache: 
Broken physical size for mail UID 99

Re: [Dovecot] Broken physical size caching in Dovecot 2.1.10

[Rob Redpath]

On 19/02/13 15:41, Timo Sirainen wrote:

On 19.2.2013, at 16.48, Rob Redpath rob.redp...@heartinternet.co.uk wrote:


Just run the maildir-size-fix.pl to your existing maildirs and you should have 
no problems in future?


Sadly, that doesn't seem to work. In a normal case where I see this issue, 
running maildir-size-fix.pl (with -a -c -f -r -v options) identifies and 
renames lots of files, but then accessing the mailbox causes dovecot to rename 
them back to the incorrect values.

Then something is wrong.


One thing I've noticed during testing this is that, in my doveadm fetch output for 
an affected mailbox, the same UID appears to be processed over and over before 
Dovecot moves on. In the example I happen to have on screen, this line appears 13 
times in the output, each with with a larger value to the right of the 

doveadm(u...@example.com): Error: Maildir filename has wrong S value, renamed 
the file from 
/var/spool/virtual_mail/user_example.com_d/.INBOX.folder/cur/1308038406.M274176P16579.mail.example.net,S=11919:2,S
 to 
/var/spool/virtual_mail/user_example.com_d/.INBOX.folder/cur/1308038406.M274176P16579.mail.example.net,S=11919:2,S
doveadm(u...@example.com): Error: Corrupted index cache file 
/var/spool/virtual_mail/user_example.com_d/.INBOX.eBay/dovecot.index.cache: 
Broken physical size for mail UID 99

Have you enabled zlib plugin globally, not just for e.g. IMAP protocol? Show 
your doveconf -n output.



I believe that the plugin is enabled globally -

# 2.1.10: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.el6.x86_64 x86_64 Red Hat Enterprise Linux Server 
release 6.3 (Santiago)

auth_mechanisms = plain login cram-md5 digest-md5 apop
auth_socket_path = /var/run/dovecot/auth-userdb
auth_username_chars =
auth_worker_max_count = 8192
default_client_limit = 32771
default_internal_user = mail
default_process_limit = 32771
disable_plaintext_auth = no
first_valid_uid = 8
last_valid_uid = 8
lda_mailbox_autocreate = yes
mail_location = maildir:%h
mail_plugins = quota zlib
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Sent Messages {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /var/mail-auth/passwd.dovecot
  driver = passwd-file
}
passdb {
  args = /var/mail-auth/legacy.%l
  driver = passwd-file
}
plugin {
  quota = maildir
  quota_rule = ?:storage=400M
  quota_rule2 = Trash:storage=+10%
  quota_warning = storage=90%% quota-warning 90 %u
}
service anvil {
  client_limit = 65545
}
service auth {
  client_limit = 118793
  unix_listener auth-userdb {
group = mail
mode = 0600
user = mail
  }
}
service imap-login {
  process_min_avail = 16
  vsz_limit = 64 M
}
service imap-postlogin {
  executable = script-login /usr/local/bin/count_imap_login
  group = mail
  user = mail
}
service imap {
  executable = imap imap-postlogin
  process_limit = 16384
}
service pop3-postlogin {
  executable = script-login /usr/local/bin/count_pop_login
  group = mail
  user = mail
}
service pop3 {
  executable = pop3 pop3-postlogin
  process_limit = 4096
}
service quota-warning {
  executable = script /usr/local/bin/send-mailbox-near-quota-warning
  unix_listener quota-warning {
user = mail
  }
  user = mail
}
ssl_cert = /etc/ssl/certs/redacted.pem
ssl_key = /etc/ssl/certs/redacted.pem
userdb {
  args = /var/mail-auth/passwd.dovecot
  driver = passwd-file
}
userdb {
  args = /var/mail-auth/legacy.%l
  driver = passwd-file
}
verbose_proctitle = yes
protocol imap {
  imap_capability = +QUOTA SORT SORT=DISPLAY
  mail_max_userip_connections = 50
  mail_plugins = quota zlib imap_quota
}
protocol pop3 {
  mail_max_userip_connections = 40
  pop3_reuse_xuidl = yes
}

Re: [Dovecot] Broken physical size caching in Dovecot 2.1.10

[Rob Redpath]

On 05/02/13 02:06, Timo Sirainen wrote:

On Tue, 2013-01-29 at 19:58 +, Rob Redpath wrote:


I'm encountering two, probably related, errors in my Dovecot 2.1.10
install. The issue relates to compressed email stored in Maildir format
directories.

In some cases, a mailbox will become inaccessible, and the following
will be logged from a doveadm fetch:-

doveadm(i...@example.com): Error: Corrupted index cache file
/var/spool/virtual_mail/info_example.com_d/dovecot.index.cache: Broken
physical size for mail UID 2777
doveadm(i...@example.com): Error: Cached message size smaller than
expected (18996  64624)
doveadm(i...@example.com): Error: Maildir filename has wrong S value,
renamed the file from
/var/spool/virtual_mail/info_example.com_d/cur/1277451630.H877760P14612.mailserver.example.com,S=18996:2,Z
to
/var/spool/virtual_mail/info_example.com_d/cur/1277451630.H877760P14612.mailserver.example.com,S=18996:2,Z

Interestingly, the file mentioned in the error (
/var/spool/virtual_mail/info_example.com_d/dovecot.index.cache ) doesn't
exist.

The uncompressed size of the file is 64624 bytes, the compressed size is
18996.

Dovecot's zlib plugin requires that the maildir filenames
have ,S=uncompressed size. Otherwise you get those errors.
http://dovecot.org/tools/maildir-size-check.sh can be used to fix the
filenames.




Thanks for this. The problem I'm encountering is that Dovecot renames 
files, and does so to their size on disk rather than their uncompressed 
size, undoing any corrective action that's been taken. For example:-


[root@mailserver ~]# ls 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ 

[root@mailserver ~]# zcat 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ 
| wc

3451530   24587
[root@mailserver ~]# mv 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=24587:2,SZ 



[root@mailserver ~]# doveadm fetch -u i...@example.com text all  
/dev/null

snip
doveadm(i...@example.com): Error: Maildir filename has wrong S value, 
renamed the file from 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=24587:2,SZ 
to 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ

/snip

Re: [Dovecot] Broken physical size caching in Dovecot 2.1.10

[Rob Redpath]

On 05/02/13 02:06, Timo Sirainen wrote:

On Tue, 2013-01-29 at 19:58 +, Rob Redpath wrote:


I'm encountering two, probably related, errors in my Dovecot 2.1.10
install. The issue relates to compressed email stored in Maildir format
directories.

In some cases, a mailbox will become inaccessible, and the following
will be logged from a doveadm fetch:-

doveadm(i...@example.com): Error: Corrupted index cache file
/var/spool/virtual_mail/info_example.com_d/dovecot.index.cache: Broken
physical size for mail UID 2777
doveadm(i...@example.com): Error: Cached message size smaller than
expected (18996  64624)
doveadm(i...@example.com): Error: Maildir filename has wrong S value,
renamed the file from
/var/spool/virtual_mail/info_example.com_d/cur/1277451630.H877760P14612.mailserver.example.com,S=18996:2,Z
to
/var/spool/virtual_mail/info_example.com_d/cur/1277451630.H877760P14612.mailserver.example.com,S=18996:2,Z

Interestingly, the file mentioned in the error (
/var/spool/virtual_mail/info_example.com_d/dovecot.index.cache ) doesn't
exist.

The uncompressed size of the file is 64624 bytes, the compressed size is
18996.

Dovecot's zlib plugin requires that the maildir filenames
have ,S=uncompressed size. Otherwise you get those errors.
http://dovecot.org/tools/maildir-size-check.sh can be used to fix the
filenames.

Thanks for this. The problem I'm encountering is that Dovecot renames 
files, and does so to their size on disk rather than their uncompressed 
size, undoing any corrective action that's been taken. For example:-


[root@mailserver ~]# ls 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ

/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ
[root@mailserver ~]# zcat 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ 
| wc

3451530   24587
[root@mailserver ~]# mv 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=24587:2,SZ


[root@mailserver ~]# doveadm fetch -u i...@example.com text all  
/dev/null

snip
doveadm(i...@example.com): Error: Maildir filename has wrong S value, 
renamed the file from 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=24587:2,SZ 
to 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ

/snip

Re: [Dovecot] Broken physical size caching in Dovecot 2.1.10

[Rob Redpath]

On 05/02/13 02:06, Timo Sirainen wrote:

On Tue, 2013-01-29 at 19:58 +, Rob Redpath wrote:


I'm encountering two, probably related, errors in my Dovecot 2.1.10
install. The issue relates to compressed email stored in Maildir format
directories.

In some cases, a mailbox will become inaccessible, and the following
will be logged from a doveadm fetch:-

doveadm(i...@example.com): Error: Corrupted index cache file
/var/spool/virtual_mail/info_example.com_d/dovecot.index.cache: Broken
physical size for mail UID 2777
doveadm(i...@example.com): Error: Cached message size smaller than
expected (18996  64624)
doveadm(i...@example.com): Error: Maildir filename has wrong S value,
renamed the file from
/var/spool/virtual_mail/info_example.com_d/cur/1277451630.H877760P14612.mailserver.example.com,S=18996:2,Z
to
/var/spool/virtual_mail/info_example.com_d/cur/1277451630.H877760P14612.mailserver.example.com,S=18996:2,Z

Interestingly, the file mentioned in the error (
/var/spool/virtual_mail/info_example.com_d/dovecot.index.cache ) doesn't
exist.

The uncompressed size of the file is 64624 bytes, the compressed size is
18996.

Dovecot's zlib plugin requires that the maildir filenames
have ,S=uncompressed size. Otherwise you get those errors.
http://dovecot.org/tools/maildir-size-check.sh can be used to fix the
filenames.


Thanks for this. The problem I'm encountering is that Dovecot renames 
files, and does so to their size on disk rather than their uncompressed 
size, undoing any corrective action that's been taken. For example:-


[root@mailserver ~]# ls 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ 

[root@mailserver ~]# zcat 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ 
| wc

3451530   24587
[root@mailserver ~]# mv 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=24587:2,SZ 



[root@mailserver ~]# doveadm fetch -u i...@example.com text all  
/dev/null

snip
doveadm(i...@example.com): Error: Maildir filename has wrong S value, 
renamed the file from 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=24587:2,SZ 
to 
/var/spool/virtual_mail/info_example.com_d/cur/1287153356.H12P6490.mailserver.example.net,S=4580:2,SZ

/snip

[Dovecot] Broken physical size caching in Dovecot 2.1.10

[Rob Redpath]

Hi,

I'm encountering two, probably related, errors in my Dovecot 2.1.10
install. The issue relates to compressed email stored in Maildir format
directories.

In some cases, a mailbox will become inaccessible, and the following
will be logged from a doveadm fetch:-

doveadm(i...@example.com): Error: Corrupted index cache file
/var/spool/virtual_mail/info_example.com_d/dovecot.index.cache: Broken
physical size for mail UID 2777
doveadm(i...@example.com): Error: Cached message size smaller than
expected (18996  64624)
doveadm(i...@example.com): Error: Maildir filename has wrong S value,
renamed the file from
/var/spool/virtual_mail/info_example.com_d/cur/1277451630.H877760P14612.mailserver.example.com,S=18996:2,Z
to
/var/spool/virtual_mail/info_example.com_d/cur/1277451630.H877760P14612.mailserver.example.com,S=18996:2,Z

Interestingly, the file mentioned in the error (
/var/spool/virtual_mail/info_example.com_d/dovecot.index.cache ) doesn't
exist.

The uncompressed size of the file is 64624 bytes, the compressed size is
18996.

My attempts to debug the issue myself didn't get very far - the function
that appears to return the wrong value is in
/src/lib-storage/index/maildir/maildir-mail.c in the 2.1.13 source; it's
do_fix_size() and appears to not consider whether a file is compressed
or not when reporting it's size for S= value purposes.

Can anyone help? I'm happy to provide parts of dovecot -n output if
required, but I'd rather not post configuration in a public forum if
it's not required.

--
Rob Redpath
Systems Administrator
Heart Internet Ltd
E: rob.redp...@heartinternet.co.uk
DDI: 0115 845 6643
www.heartinternet.co.ukhttp://www.heartinternet.co.uk

**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you are not the intended recipient you are not authorised
to and must not disclose, copy, distribute, or retain this message or
any part of it.

Heart Internet Ltd accepts no responsibility for information, errors or
omissions in this email.
**

Re: [Dovecot] [OT] MS Exchange Alternative?

[Rob Sterenborg (lists)]

On 12/04/2012 05:22 PM, Timo Sirainen wrote:

On 4.12.2012, at 16.20, Jakob Curdes wrote:


Am 04.12.2012 15:15, schrieb Marc Perkel:

Just wondering if there's an open source Linux alternative to MS Exchange so 
that all the features of outlook work?

Did you have a look at zarafa? Most part of it is open source; the outlook 
connector ist closed source however and requires a license fee for more than 
three clients.
It uses MAPI to connect to Outlook, unlike many other solutions that do 
calendar syncs etc. via the ActiveSync protocol. Zarafa is a completely 
different thing than dovecot, however; it stores all mails in a MySQL database.


Future versions of Zarafa will hopefully serve IMAP protocol via Dovecot. :)


If they'd do that, it would be great because that's *the* reason I'm not 
running Zarafa.


Last time I tried the Zarafa IMAP server, which is some years ago, I was 
converting email locally via IMAP, just to see how Zarafa worked and 
behaved. The conversion would hang at random times, and it's IMAP server 
was so slow compared to Dovecot that I didn't want to use it.

Re: [Dovecot] HA Mailbox Design

[rob]

On 08/11/2012 01:18 PM, Stan Hoeppner wrote:

On 8/11/2012 11:52 AM, Daniel Parthey wrote:

Nikolaos Milas wrote:

On 10/8/2012 4:47 πμ, Stan Hoeppner wrote:


That begs the question,
what is your definition of a Highly Available Mail Server?  What is it
that you actually want to accomplish?  In some detail please.

1. Under normal conditions, mail2.example.com is a full mirror of
mail1.example.com; when any mail message is
added/viewed/moved/removed etc. to any user's folder or any folder
is added/viewed/moved/removed etc. at mail1.example.com, we want it
to be automatically and directly (in real time)
added/viewed/moved/removed etc. to mail2.example.com too. In other
words, we need continuous, real-time sync.

Can I do this and how?

You might have a look at DRBD (distributed replicated block device)
which provides a high available block device with fully synchronous
mirroring:

http://www.drbd.org/home/mirroring

Dovecot can then simply work with the filesystem residing on
the highly avilable DRBD volume.

But to be clear, for a true HA setup with full active/active nodes, this
must be a cluster filesystem (GFS2/OCFS2).



A good solution for kvm + drbd is this:  
http://pve.proxmox.com/wiki/Two-Node_High_Availability_Cluster

Re: [Dovecot] looking for information on Vacation auto-reply

[rob]

On 08/10/2012 02:26 AM, Robert Schetterer wrote:

Am 09.08.2012 21:32, schrieb rob:


On Thursday, August 9, 2012 15:19 EDT, Stephan Boschstep...@rename-it.nl  
wrote:


On 8/9/2012 7:08 PM, rob wrote:

Hello
  We are looking for information on how to use Vacation auto-reply .

  I've read http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage  and a few
other pages, but have not found how to set it up.

  We use sogo and thunderbird .

  Is there a how to or document for this somewhere?

What exactly do you want to know?

Regards,

Stephan.





I'd like to know :
- If we have Dovecot configured OK for vacation sieve.

- It looks like we should try to manage the vacation sieve filters  using sogo 
or thunderbird .  Is that the normal way to do so?


sieve in dovecot acts like a server where you can feed sieve rules i.e
vacation, some software mostly webmailsers have guis for this, like
sogo, roundcube, horde ,squirrelmail also thunderbird has a sieve plugin

if you setup dovecot sieve server rightly , you might see in the dovecot
logs , and/or send dovecot config to the list, look for manuals on the
dovecot site and in www for setup instructions


What I need to know is if we have enabled siege and managesieve  
correctly in dovecot. The following is out config.   :


root@mail ~ # dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-2-amd64 x86_64 Debian wheezy/sid
auth_mechanisms = plain login
auth_username_format = %Ln
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_location = maildir:%h/Maildir
mail_plugins =  quota
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave

namespace {
  inbox = yes
  location =
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  mail_plugins = quota sieve
  quota = fs:user
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_warning3 = storage=60%% quota-warning 60 %u
  quota_warning4 = storage=40%% quota-warning 40 %u
  sieve = ~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve/spam.sieve
  sieve_dir = ~/sieve
  sieve_global_dir = /etc/dovecot/sieve/
}
postmaster_address = fbcad...@fantinibakery.com
protocols =  imap lmtp sieve
quota_full_tempfail = yes
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
mode = 0666
  }
  unix_listener auth-userdb {
group = postfix
mode = 0600
user = postfix
  }
}
service imap-login {
  service_count = 0
  vsz_limit = 128 M
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  process_min_avail = 1
  service_count = 0
  vsz_limit = 256 M
}
service quota-warning {
  executable = script /fbc/bin/mail/quota-warning.sh
  user = dovecot
}
ssl = required
ssl_ca = /etc/postfix/ssl/gd_bundle.crt
ssl_cert = /etc/postfix/ssl/mail.fantinibakery.com.crt
ssl_key = /etc/postfix/ssl/mail.fantinibakery.com.key
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = quota sieve
}
protocol imap {
  mail_max_userip_connections = 30
  mail_plugins =  quota imap_quota
  plugin {
antispam_backend = spool2dir
antispam_signature = X-DSPAM-Signature
antispam_spam = Junk
antispam_spool2dir_notspam = /var/spamtrain/not-spam/%%020lu-%u-%%05
antispam_spool2dir_spam = /var/spamtrain/spam/%%020lu-%u-%%05
antispam_trash = Trash
antispam_verbose_debug = 1
  }
}
protocol sieve {
  mail_debug = yes
  managesieve_implementation_string = Dovecot Pigeonhole
}

Best regards and thank you for the help!
Rob

Re: [Dovecot] looking for information on Vacation auto-reply

[rob]

On 08/10/2012 01:32 PM, rob wrote:

On 08/10/2012 02:26 AM, Robert Schetterer wrote:

Am 09.08.2012 21:32, schrieb rob:


On Thursday, August 9, 2012 15:19 EDT, Stephan 
Boschstep...@rename-it.nl  wrote:



On 8/9/2012 7:08 PM, rob wrote:

Hello
  We are looking for information on how to use Vacation auto-reply .

  I've read http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage  and a 
few

other pages, but have not found how to set it up.

  We use sogo and thunderbird .

  Is there a how to or document for this somewhere?

What exactly do you want to know?

Regards,

Stephan.





I'd like to know :
- If we have Dovecot configured OK for vacation sieve.

- It looks like we should try to manage the vacation sieve filters  
using sogo or thunderbird .  Is that the normal way to do so?



sieve in dovecot acts like a server where you can feed sieve rules i.e
vacation, some software mostly webmailsers have guis for this, like
sogo, roundcube, horde ,squirrelmail also thunderbird has a sieve plugin

if you setup dovecot sieve server rightly , you might see in the dovecot
logs , and/or send dovecot config to the list, look for manuals on the
dovecot site and in www for setup instructions


What I need to know is if we have enabled siege and managesieve  
correctly in dovecot. The following is out config.   :


root@mail ~ # dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-2-amd64 x86_64 Debian wheezy/sid
auth_mechanisms = plain login
auth_username_format = %Ln
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_location = maildir:%h/Maildir
mail_plugins =  quota
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave

namespace {
  inbox = yes
  location =
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  mail_plugins = quota sieve
  quota = fs:user
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_warning3 = storage=60%% quota-warning 60 %u
  quota_warning4 = storage=40%% quota-warning 40 %u
  sieve = ~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve/spam.sieve
  sieve_dir = ~/sieve
  sieve_global_dir = /etc/dovecot/sieve/
}
postmaster_address = fbcad...@fantinibakery.com
protocols =  imap lmtp sieve
quota_full_tempfail = yes
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
mode = 0666
  }
  unix_listener auth-userdb {
group = postfix
mode = 0600
user = postfix
  }
}
service imap-login {
  service_count = 0
  vsz_limit = 128 M
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  process_min_avail = 1
  service_count = 0
  vsz_limit = 256 M
}
service quota-warning {
  executable = script /fbc/bin/mail/quota-warning.sh
  user = dovecot
}
ssl = required
ssl_ca = /etc/postfix/ssl/gd_bundle.crt
ssl_cert = /etc/postfix/ssl/mail.fantinibakery.com.crt
ssl_key = /etc/postfix/ssl/mail.fantinibakery.com.key
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = quota sieve
}
protocol imap {
  mail_max_userip_connections = 30
  mail_plugins =  quota imap_quota
  plugin {
antispam_backend = spool2dir
antispam_signature = X-DSPAM-Signature
antispam_spam = Junk
antispam_spool2dir_notspam = /var/spamtrain/not-spam/%%020lu-%u-%%05
antispam_spool2dir_spam = /var/spamtrain/spam/%%020lu-%u-%%05
antispam_trash = Trash
antispam_verbose_debug = 1
  }
}
protocol sieve {
  mail_debug = yes
  managesieve_implementation_string = Dovecot Pigeonhole
}

Best regards and thank you for the help!
Rob



OK It looks like our  dovecot setup is ok:

gnutls-cli --starttls -p 4190  127.0.0.1
Processed 152 CA certificate(s).
Resolving '127.0.0.1'...
Connecting to '127.0.0.1:4190'...
|1| Note that the security level of the Diffie-Hellman key exchange 
has been lowered to 512 bits and this may allow decryption of the 
session data


- Simple Client Mode:

IMPLEMENTATION Dovecot Pigeonhole
SIEVE fileinto reject envelope encoded-character vacation subaddress 
comparator-i;ascii-numeric relational regex imap4flags copy include 
variables body enotify environment mailbox date ihave

NOTIFY mailto
SASL PLAIN LOGIN
STARTTLS
VERSION 1.0
OK Dovecot ready.

[Dovecot] looking for information on Vacation auto-reply

[rob]

Hello
 We are looking for information on how to use Vacation auto-reply .

 I've read http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage  and a few 
other pages, but have not found how to set it up.


 We use sogo and thunderbird .

 Is there a how to or document for this somewhere?

 This is our configuration information:
dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-2-amd64 x86_64 Debian wheezy/sid
auth_mechanisms = plain login
auth_username_format = %Ln
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_location = maildir:%h/Maildir
mail_plugins =  quota
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave

namespace {
  inbox = yes
  location =
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  mail_plugins = quota sieve
  quota = fs:user
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_warning3 = storage=60%% quota-warning 60 %u
  quota_warning4 = storage=40%% quota-warning 40 %u
  sieve = ~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve/spam.sieve
  sieve_dir = ~/sieve
  sieve_global_dir = /etc/dovecot/sieve/
}
postmaster_address = fbcad...@fantinibakery.com
protocols =  imap lmtp sieve
quota_full_tempfail = yes
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
mode = 0666
  }
  unix_listener auth-userdb {
group = postfix
mode = 0600
user = postfix
  }
}
service imap-login {
  service_count = 0
  vsz_limit = 128 M
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  process_min_avail = 1
  service_count = 0
  vsz_limit = 256 M
}
service quota-warning {
  executable = script /fbc/bin/mail/quota-warning.sh
  user = dovecot
}
ssl = required
ssl_ca = /etc/postfix/ssl/gd_bundle.crt
ssl_cert = /etc/postfix/ssl/mail.fantinibakery.com.crt
ssl_key = /etc/postfix/ssl/mail.fantinibakery.com.key
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = quota sieve
}
protocol imap {
  mail_max_userip_connections = 30
  mail_plugins =  quota imap_quota
  plugin {
antispam_backend = spool2dir
antispam_signature = X-DSPAM-Signature
antispam_spam = Junk
antispam_spool2dir_notspam = /var/spamtrain/not-spam/%%020lu-%u-%%05
antispam_spool2dir_spam = /var/spamtrain/spam/%%020lu-%u-%%05
antispam_trash = Trash
antispam_verbose_debug = 1
  }
}
protocol sieve {
  mail_debug = yes
  managesieve_implementation_string = Dovecot Pigeonhole
}

Re: [Dovecot] looking for information on Vacation auto-reply

[rob]

 
On Thursday, August 9, 2012 15:19 EDT, Stephan Bosch step...@rename-it.nl 
wrote: 
 
 On 8/9/2012 7:08 PM, rob wrote:
  Hello
   We are looking for information on how to use Vacation auto-reply .
 
   I've read http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage  and a few 
  other pages, but have not found how to set it up.
 
   We use sogo and thunderbird .
 
   Is there a how to or document for this somewhere?
 
 What exactly do you want to know?
 
 Regards,
 
 Stephan.
 
 
 
 
I'd like to know :
- If we have Dovecot configured OK for vacation sieve.

- It looks like we should try to manage the vacation sieve filters  using sogo 
or thunderbird .  Is that the normal way to do so? 

[Dovecot] unsubscribe

[Rob Coward]

 


Please consider the environment before printing this email. 

Game Stores Group Limited, registered number 1937170, registered in England

Re: [Dovecot] Cooperating with dovecot in its Maildir

[Rob Browning]

Timo Sirainen t...@iki.fi writes:

 On Sat, 2011-01-29 at 12:04 -0600, Rob Browning wrote:

 OK, so it sounds like if we wanted to be completely safe, we probably
 need to know that we're in a dovecot Maildir, and then we need to know
 where to create the appropriate dovecot-uidlist.lock file whenever
 renaming files.

 There's no good way to find out where the uidlist files are, if they're
 not in the maildir itself. They typically are.

Right, I was assuming we might just have to require the user to tell us
whenever they're not in the normal place.

 Do you happen to know if the liblockfile (lockfile_create(3), etc.)
 .lock strategy is compatible with dovecot's approach?

 Should be. It's possible though that in a future version there is
 no .lock file but rather the uidlist is locked directly with fcntl.

OK, though as you're probably aware, there may be some issues
cross-platform, and/or with shared FSs.  Avery wrote an interesting
summary recently:

  http://apenwarr.ca/log/?m=201012#13

Thanks again
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

[Dovecot] Cooperating with dovecot in its Maildir

[Rob Browning]

Is it possible to cooperate with dovecot within its Maildir, and if so,
what's required?

In this particular case, we're thinking of trying to allow notmuch to
operate directly on the dovecot Maildir, and at the moment, the only
modifications notmuch makes are to change maildir flags.  Would locking
dovecot-uidlist.lock be sufficient, perhaps via liblockfile?

Also, is there some reliable way to detect a dovecot Maildir?  For
example, are any of the dovecot-* files guaranteed to exist all the
time?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Re: [Dovecot] Cooperating with dovecot in its Maildir

[Rob Browning]

Timo Sirainen t...@iki.fi writes:

 On 29.1.2011, at 19.05, Rob Browning wrote:

 I saw that, but I wasn't sure if the fact that a message might receive
 a new UID could be a problem.  

 It's a theoretical problem mostly, especially in your case. It's
 mainly visible when doing stress testing with large maildirs. I doubt
 in regular use it matters. Courier doesn't try to prevent it in any
 way and it seems to have worked mostly ok.

 Or is the UID supposed to change when the flags change?

 No.

OK, so it sounds like if we wanted to be completely safe, we probably
need to know that we're in a dovecot Maildir, and then we need to know
where to create the appropriate dovecot-uidlist.lock file whenever
renaming files.

Do you happen to know if the liblockfile (lockfile_create(3), etc.)
.lock strategy is compatible with dovecot's approach?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Re: [Dovecot] Ubuntu upgrade to 10.04 -- dovecot no longer working

[Rob Frohne]

The old dovecot.conf file isn't compatible with the new dovecot.  I 
found it easier to just read through the dovecot.conf and edit it 
appropriately.  I had the same problem, but it appears to be working for 
me now.


Rob

On 06/14/2010 07:48 AM, Pascal Volk wrote:

On 06/14/2010 03:41 PM HenkR wrote:
   

Hi,

Last year I installed dovecot on my Ubuntu V9 system 64 bit system. I use it
to store emails from several clients in the LAN using IMAP.

Last week I upgraded to Ubuntu 10.04. Now Dovecot is no longer working. It
started with messages about sieve, so I disabled sieve in the configuration
file (did not use it in the past, don't know what it is).

Dovecot can now be started without errors or warnings, but I cannot connect
in the client. I get a message saying could not connect to server:
connection refused.

Can anybody help?
 

Yes, the fine documentation.
file:///usr/share/doc/dovecot-common/README.Debian
http://wiki.dovecot.org/Upgrading/1.2

If you are unable to solve your problems, please include `dovecot -n`
output in your reply.


Regards,
Pascal
   


--
Rob Frohne, Ph.D., P.E.
E.F. Cross School of Engineering
Walla Walla University
100 SW 4th Street
College Place, WA 99324
(509) 527-2075   http://people.wallawalla.edu/~rob.frohne

attachment: frohro.vcf

Re: [Dovecot] How do I make dovecot not use sslv2 for pop?

[Rob Middleton]

On 29/01/2010 6:56 PM, Timo Sirainen wrote:

On 29.1.2010, at 9.23, Andreas Schulze wrote:
   

From: Timo Sirainent...@iki.fi
Subject: Re: [Dovecot] How do I make dovecot not use sslv2 for pop?
Message-ID:1264724551.22202.139.ca...@hurina

Anyway.. I guess I should do something about this. Not really sure what,
though.
   

Timo,

you can simply stop supporting SSLv2.
Nobody really needs security known to be insecure.
 

Yeah. I'm actually more wondering about SSLv3+TLSv1 vs. TLSv1. Apparently 
disabling SSLv3 isn't a good idea yet? But still, maybe there should be a 
configuration option for that.. Or maybe not.
   
The only SSLv3 connections my server is receiving are from a Blackberry 
server (hosted, not enterprise). I would be quite happy to disable that 
and insist folk get iPhones instead ... but the bosses may be unhappy.


I don't have anything ancient like Outlook Express connecting to me - 
older versions of that probably have a similar problem to Internet 
Explorer 6. However should at least cope with SSLv3.


Blackberry server is connecting as: SSLv3 with cipher AES128-SHA 
(128/128 bits)

(%k in dovecot login_log_format_elements)

Rob.

Re: [Dovecot] How do I make dovecot not use sslv2 for pop?

[Rob Middleton]

On 29/01/2010 11:22 AM, Timo Sirainen wrote:

On Thu, 2010-01-28 at 15:23 -0800, Patrick Horgan wrote:

   

Just a bump, still have the problem, why would dovecot support sslv2 for
pop, but not for imap, when it's configured to not support  sslv2 at all?
 

I don't know why your nmap run would have shown only one of them
supporting SSLv2, it should have shown both. And that's because I
initialize OpenSSL with:

ctx-ctx = ssl_ctx = SSL_CTX_new(SSLv23_server_method());

So I guess what happens is that OpenSSL advertises that it supports
SSLv2. But then the ssl_cipher_list's !SSLv2 doesn't let the SSLv2
handshake actually go through. So it's not really possible to use SSLv2.
You can verify this with:

openssl s_client -ssl2 -connect localhost:995

Anyway.. I guess I should do something about this. Not really sure what,
though.
   

Apache mod_ssl has both a SSLCipherSuite and SSLProtocol option.

SSLCipherSuite takes the same syntax as Dovecot's ssl_cipher_list. 
Dovecot doesn't have an equivalent of SSLProtocol.


in Apache:
SSLCipherSuite 
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:-MD5:+HIGH:+MEDIUM:@STRENGTH

|SSLProtocol all -SSLv2|

I'm not that fussed, but it would be good to be able to disable for 
completeness. (I'm more fussed by MSIE6 preventing me from defaulting to 
stronger ciphers for web servers - and defaulting to SSLv2 enabled, but 
TLS disabled).


Rob Middleton.

Re: [Dovecot] Time just moved backwards in Dovecot in a Xen DomU

[Rob Middleton]

On 6/10/2009 12:54 PM, PGNet Dev wrote:

snip - from dom0
looking at my ntp logs around the same time(s).

  ...
  5 Oct 16:41:17 ntpd[5696]: synchronized to 64.125.78.85, stratum 1
  5 Oct 16:51:38 ntpd[5696]: time reset -2.140133 s
  5 Oct 16:56:40 ntpd[5696]: synchronized to 66.220.9.122, stratum 1
  5 Oct 17:01:28 ntpd[5696]: synchronized to 64.125.78.85, stratum 1
  5 Oct 17:07:20 ntpd[5696]: time reset -2.137760 s
  5 Oct 17:11:49 ntpd[5696]: synchronized to 204.152.184.72, stratum 1
   
This indicates that ntpd is actually stepping the time 2 seconds into 
the past approx every 900 seconds. So dovecot is correct that time has 
moved backwards. You need to stop time moving backwards :-).

[so not dovecot's fault, and likely not xen's fault either]

I'm no ntp expert, but I wonder if searching for 900s in the ntpd man 
page might help (caught my eye due to the step every 15 minutes - 
network congestion and excessive jitter causing stepping)? Otherwise 
perhaps a problem with a bad hardware driver stalling in the middle of 
an interrupt occasionally. Sorry - can't provide any further pointers. 
It is highly dependent on your hardware, kernel  drivers. If you have 
any other physical servers and they are also having 'time reset' error 
messages, then the problem is some odd network configuration - partial 
drop-outs and/or high jitter.


Unfortunately -x will not be a solution here as slew cannot possibly 
correct for a drift as big as 2 in every 900 seconds.


You may want to try just a single upstream ntp server as a debugging 
step (identify it by IP, not by a pool DNS record) and/or use the prefer 
keyword against your favourite.


Cheers,
Rob Middleton.

Re: [Dovecot] OT: IMAP folder aliases

[Rob Middleton]

On 25/09/2009 11:14 PM, Patrick Ben Koetter wrote:

It seems that there is no standard for folder names that deal with typical
message classes such as drafts, outbox, sent, spam etc. At least there's no
common sense on a naming convention that tells how client should handle this.
   

XLIST may deal with this in the future.

It has been initially implemented as an IMAP extension by GMail and 
Apple iPhone's email client. It allows localized naming of drafts, sent, 
etc while allowing the server to tell the client the mapping between 
well-known folder types and their actual name.


http://groups.google.com/group/Gmail-Help-POP-and-IMAP-en/browse_thread/thread/a154105c54f020fb?pli=1
https://bugzilla.mozilla.org/show_bug.cgi?id=476260

It oddly seems to have been barely documented or pushed ... though it is 
sufficiently simple and useful that I hope it gets wide support.


Cheers,
Rob Middleton.

Re: [Dovecot] OT: IMAP folder aliases

[Rob Middleton]

On 26/09/2009 6:40 PM, Axel Thimm wrote:

On Fri, Sep 25, 2009 at 07:55:41PM +0300, Timo Sirainen wrote:
   

On Sep 25, 2009, at 7:49 PM, Eric Shubert wrote:
 

Timo Sirainen wrote:
   

On Sep 25, 2009, at 4:14 PM, Patrick Ben Koetter wrote:
 

Has anyone seen an approach or a solution that solves the problem
from a users
point of view? A server side alias list that maps to a server
standard?
   

Symlinks maybe? Or something similar done internally. The main
problem would anyway be LIST command, should it show all of them or
somehow try to figure out which one to show?
 

Do the clients identify which program they are?
   

No. And one of the first commands they typically do is LIST. So there
are no good ways to solve this.

Although I haven't really seen much problems myself. Linux clients allow
changing what mailboxes they use, so I just configure them to use the
same as Apple Mail..
 

Given than you seem to bless Apple Mail folder structures it makes it
a good candidate to try to push as a standard for others to
copy. Maybe there could be example setups/configs shipped with dovecot
that maps other naming conventions to Apple's? In that way dovecot
would start to inforce the use of a standard which in the long term
could become a real standard.

If Apple's structure are not the best to go with, then we could use
some other naming convention, I just trust that Timo's choice is not a
bad one. ;)
   
I personally dislike Apple Mail's special folder naming from a 
'supporting users' viewpoint. By default it uses an underlying IMAP 
mailbox of Sent Items while displaying the name Sent in the GUI. It 
confuses folk that use both Apple Mail (Sent=Sent Items) and Thunderbird 
(Sent=Sent) to access their email account; because it makes little sense 
to the user it needs intervention by IT support to explain/fix (or they 
just suffer with two sent folders).


That said, if Apple Mail in 10.6 already supports XLIST this oddity 
could potentially be fixed from the IMAP server side (ref my email 80 
minutes ago).

 Thunderbird will have XLIST from v3 when released soon.

(Doesn't Apple use dovecot on Mac OS X 10.6 server now? I'm surprised we 
haven't seen an XLIST plugin or patch to make the Mac-mail-client to 
Mac-mail-server universe all work together well. However it is early 
days for that extension.)


Cheers,
Rob Middleton.

Re: [Dovecot] critical X-UID reordering problem after upgrade from 1.1 to 1.2

[Rob Henderson]

Timo Sirainen wrote:
 One easy solution would be to change UIDVALIDITY (the large number in
 X-IMAP: or X-IMAPbase: header) of each mailbox. Then the client will
 redownload all mails.

This is what I ended up doing (just inc'ing the current UIDVALIDITY by
1) and that seems to have worked for our IMAP users.  However, this is
more problematic for the pop users since it looks like that causes every
message in the inbox to appear to be new (the new %v yields all new
UIDLs so all the messages look like ones the client hasn't seen).  I
suppose it serves them right for using pop...  ;-)

 I can't really think of why UIDs would have changed though. I think
 v1.1's and v1.2's mbox handling code is pretty much the same.

I think I may have identified the problem.  I have a test inbox that is
very repeatably munged by dovecot 1.2.4 the first time it is accessed. 
The thing I noticed about it is that it has:

   X-IMAPbase: 1076423160 059291 Junk $Label1 $Label3 $Label5
NonJunk $Forwarded $MDNSent $Label2 $Label4

However, the last message (with the largest X-UID) is:

X-UID: 59665

So, this UID 59665 is larger than last used UID on the X-IMAPbase line! 
I have to assume this is a bad thing, right?  As a test, I changed the
X-IMAPbase: line and set the last used UID properly and that was all it
took to prevent dovecot from doing the reordering.

But, how did this happen?  I know it was like this on several inboxes
(maybe even most of them) and we had been running dovecot 1.1.3
previously for quite a while.  So, was this a bug in 1.1.3?   And,
perhaps more importantly for others who may hit this same problem, is
there some way that 1.2.x can recognize this condition and compensate
for it without doing the really nasty reordering?

Thanks!

  --Rob

Re: [Dovecot] critical X-UID reordering problem after upgrade from 1.1 to 1.2

[Rob Henderson]

Timo Sirainen wrote:


One easy solution would be to change UIDVALIDITY (the large number in 
X-IMAP: or X-IMAPbase: header) of each mailbox. Then the client will 
redownload all mails.


I just tried that on one of the inboxes and it seemed to do the trick!  
I just inc'ed the number that was there by 1 but does it really matter 
how I change it as long as it changes?  I'm just thinking about how to 
script this for all the inboxes so can I just change them all to the 
same number for the sake of expediency or do they need to be unique, or 
higher than the number there now, or ???




I can't really think of why UIDs would have changed though. I think 
v1.1's and v1.2's mbox handling code is pretty much the same.


I haven't had much time to study exactly how all the inboxes were 
changed but I did diff a couple from right before and right after the 
upgrade and there were *lots* of diffs in just the X-UID values.  At a 
quick look, it sure seemed like a reordering had been done to remove the 
holes in the numbering in some kind of compaction-like operation.


Thanks!!!

 --Rob

[Dovecot] 1.2.3 - fchown failed messages

[Rob Mangiafico]

Hello,

I installed 1.2.3 and we are seeing a few messages in the log files such 
as:

---
Aug  4 16:40:24 xyz dovecot: IMAP(john): fchown() failed with file 
/home/john/.imap/INBOX/dovecot.index.log.newlock: Operation not permitted
Aug  4 16:40:24 xyz dovecot: IMAP(john): fchown() failed with file 
/home/john/.imap/INBOX/dovecot.index.tmp: Operation not permitted

---

dovecot -n:
# 1.2.3: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.20.1 i686 CentOS release 4.7 (Final)
protocols: imap imaps pop3 pop3s
ssl_ca_file: /usr/local/apache/conf/ssl.crt/gd_intermediate_bundle.crt
ssl_cert_file: /usr/local/apache/conf/ssl.crt/xyz.com.cert
ssl_key_file: /usr/local/apache/conf/ssl.key/xyz.com.key
ssl_cipher_list: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3:!ADH:!LOW
disable_plaintext_auth: no
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_max_userip_connections(default): 25
mail_max_userip_connections(imap): 25
mail_max_userip_connections(pop3): 10
mail_privileged_group: mail
mail_location: mbox:~/:INBOX=/var/spool/mail/%u
mail_full_filesystem_access: yes
mmap_disable: yes
fsync_disable: yes
mbox_read_locks: fcntl flock
mbox_write_locks: fcntl flock
mbox_very_dirty_syncs: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_process_size: 512
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %08Xv%08Xu
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
lda:
  postmaster_address: postmas...@example.com
auth default:
  mechanisms: plain login
  username_format: %Lu
  verbose: yes
  passdb:
driver: shadow
  userdb:
driver: passwd
---

Permissions look fine in the home directory john, including all 
sub-directories. Thanks for letting me know of anything to check/change.


Rob

Re: [Dovecot] 1.2.3 - fchown failed messages

[Rob Mangiafico]

On Tue, 4 Aug 2009, Timo Sirainen wrote:

On Tue, 2009-08-04 at 16:46 -0400, Rob Mangiafico wrote:

Hello,

I installed 1.2.3 and we are seeing a few messages in the log files such
as:
---
Aug  4 16:40:24 xyz dovecot: IMAP(john): fchown() failed with file
/home/john/.imap/INBOX/dovecot.index.log.newlock: Operation not permitted
Aug  4 16:40:24 xyz dovecot: IMAP(john): fchown() failed with file
/home/john/.imap/INBOX/dovecot.index.tmp: Operation not permitted


This patch should give you a bit better error message that would explain
the reason: http://hg.dovecot.org/dovecot-1.2/rev/8ea90a23ed74


Thanks. We've applied the patch and will email back if it continues to 
happen or we have any questions.


Rob

Re: [Dovecot] 1.2.3 - fchown failed messages

[Rob Mangiafico]

On Tue, 4 Aug 2009, Timo Sirainen wrote:

On Tue, 2009-08-04 at 16:46 -0400, Rob Mangiafico wrote:

Hello,

I installed 1.2.3 and we are seeing a few messages in the log files such
as:
---
Aug  4 16:40:24 xyz dovecot: IMAP(john): fchown() failed with file
/home/john/.imap/INBOX/dovecot.index.log.newlock: Operation not permitted
Aug  4 16:40:24 xyz dovecot: IMAP(john): fchown() failed with file
/home/john/.imap/INBOX/dovecot.index.tmp: Operation not permitted


This patch should give you a bit better error message that would explain
the reason: http://hg.dovecot.org/dovecot-1.2/rev/8ea90a23ed74


The log file now shows:
---
Aug  4 19:10:10 rezclick dovecot: IMAP(john): 
fchown(/home/john/.imap/INBOX/dovecot.index.tmp, -1, 12(mail)) failed: 
Operation not permitted (egid=509(johngrp), group based on 
/var/spool/mail/john)

---

/var/spool/mail/john has a group of mail, whereas the home directory has 
their own group. In 1.1.x we did not get these errors. Is this a fix in 
1.2? I assume we have to make the group match from their home dir and 
/var/spool/mail to get rid of the error? Any downside to allowing this 
error to continue? Thanks.


Rob

Re: [Dovecot] 1.2.3 - fchown failed messages

[Rob Mangiafico]

On Tue, 4 Aug 2009, Timo Sirainen wrote:

On Tue, 2009-08-04 at 19:31 -0400, Rob Mangiafico wrote:

Aug  4 19:10:10 rezclick dovecot: IMAP(john):
fchown(/home/john/.imap/INBOX/dovecot.index.tmp, -1, 12(mail)) failed:
Operation not permitted (egid=509(johngrp), group based on
/var/spool/mail/john)
---

/var/spool/mail/john has a group of mail, whereas the home directory has
their own group. In 1.1.x we did not get these errors. Is this a fix in
1.2? I assume we have to make the group match from their home dir and
/var/spool/mail to get rid of the error? Any downside to allowing this
error to continue? Thanks.


What permissions does /var/spool/mail/john have? I guess mail group has
read permissions? Just removing that should fix the error.


-rw-rw  1 john mail 5676767 Aug  4 19:50 /var/spool/mail/john

Those are the default permissions that sendmail uses I believe. Not sure 
if removing mail group r/w would have any other impact for 
sendmail/procmail? Thanks for taking the time to help.


Rob

Re: [Dovecot] 1.2.3 - fchown failed messages

[Rob Mangiafico]

On Tue, 4 Aug 2009, Timo Sirainen wrote:

On Tue, 2009-08-04 at 19:53 -0400, Rob Mangiafico wrote:

What permissions does /var/spool/mail/john have? I guess mail group has
read permissions? Just removing that should fix the error.


-rw-rw  1 john mail 5676767 Aug  4 19:50 /var/spool/mail/john

Those are the default permissions that sendmail uses I believe. Not sure
if removing mail group r/w would have any other impact for
sendmail/procmail? Thanks for taking the time to help.


It depends on your setup, but usually mail group shouldn't need read or
write access to users' mails. Seems like a security risk to me in any
case.


I agree. I removed the rw for the mail group for individual mbox 
mailboxes and no adverse effects from what I can tell. Thanks.


Rob

Re: [Dovecot] NTLM configuration

[Rob Coward]

Have you confirmed winbind is configured and working correctly ?

user not authenticated: NT_STATUS_NO_LOGON_SERVERS suggests to me that
you havent got a working winbind setup.

Rob

On Mon, 2009-05-11 at 10:01 +0200, Cédric Laruelle wrote:
 Hi again everybody !
 
  
 
 I’m still stuck with the dovecot ntlm authentication… I configured dovecot
 to use winbind, and I would like winbind to authenticate against samba
 (samba, winbind and dovecot are running on the same box).
 
 Here is the log I have (192.168.0.1 is the server box, 192.168.0.254 the
 client box)
 
  
 
 dovecot: May 06 14:52:37 Info: auth(default): new auth connection: pid=25828
 
 dovecot: May 06 14:52:38 Info: auth(default): client in: AUTH   1   NTLM
 
 service=imapsecured lip=192.168.0.1 rip=192.168.0.254   lport=143
 
 rport=1084
 
 dovecot: May 06 14:52:38 Info: auth(default): client out: CONT  1
 
 dovecot: May 06 14:52:38 Info: auth(default): client in: CONT   1
 
 TlRMTVNTUAABB4IIogAFASgKDw==
 
 dovecot: May 06 14:52:38 Info: auth(default): client out: CONT  1
 
 TlRMTVNTUAACDgAOADAFgomizPYc4ALWKQgAAIAAgAA+QQBMAFYA
 
 TlRMTVNTUAACDgAOADAFgomizPYc4ALWKQgAAIAAgAA+QQBS
 
 AFUATQACAA4AQQBMAFYAQQBSAFUATQABABAASQBOAFQARQBSAE4AQQBMAAQAHgBhAGkAZABlAHIA
 
 ZABvAG4AbgBlAHIALgBjAG8AbQADADAAaQBuAHQAZQByAG4AYQBsAC4AYQBpAGQAZQByAGQAbwBu
 
 AG4AZQByAC4AYwBvAG0AAA==
 
 dovecot: May 06 14:52:38 Info: auth(default): client in: CONT   1
 
 TlRMTVNTUAADGAAYAF4YABgAdgBIBgAGAEgQABAATgCO
 
 BYKIogUBKAoPZgBmAHMAQQBMAFYAQQBSAFUATQAzABXRN5WNNwAg
 
 ALm1ePVxjdOF1UPe8A/e1D6H0+jlJYQPUA==
 
 dovecot: May 06 14:52:38 Info: auth(default): winbind(?,192.168.0.254): user
 not authenticated: NT_STATUS_NO_LOGON_SERVERS
 
 dovecot: May 06 14:52:40 Info: auth(default): client out: FAIL  1
 
  
 
 Please help, I really need to set this up and it begins to drive me really
 crazy …
 
  
 
 Cédric Laruelle
 
Please consider the environment before printing this email. 


GAME Group plc, winners of:

2009 Retail Week Awards - Speciality Retailer of the Year
2009 National Sales Awards - Sales Training Programme/Initiative of the Year
2008 Econsultancy Innovation Awards - Innovation in Online Acquisition
2008 MCV Awards - Specialist Retailer of the Year
2007 Golden Joystick Awards - Retailer of the Year
2007 MCV Awards - Specialist Retailer of the Year
2006 Golden Joystick Awards - Retailer of the Year

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the 
individual or entity to whom they are addressed. If you have received this 
e-mail in error please 
notify the system manager at:  
 
mailto:postmas...@game.co.uk
 
The recipient acknowledges that the transmissions made via the Internet can be 
corrupted and therefore 
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to 
the quality or accuracy of 
any information contained in the message or assume any liability for it or for 
its transmission, reception or storage.  

This footnote also confirms that this e-mail message has been swept by 
anti-virus software for the presence of computer viruses.
 
http://www.game.co.uk
http://www.gamegroup.plc.uk 

Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ 
Registered in England and Wales.

Re: [Dovecot] pop3_lock_session question

[Rob Mangiafico]

On Wed, 4 Feb 2009, Timo Sirainen wrote:

Implemented for v1.2, probably apply to v1.1 also:

http://hg.dovecot.org/dovecot-1.2/rev/6f29380ba3a0
http://hg.dovecot.org/dovecot-1.2/rev/ea9a186d64f9

I mean it will probably work. I'm trying to get v1.1 to a deep feature
freeze.


Do you think this pop3 lock issue could be applied to 1.1? This is the 
only remaining problem that we have with 1.1 and the mbox format. 
Everything else is working flawlessly. Thanks for considering it.


Rob

Re: [Dovecot] pop3_lock_session question

[Rob Mangiafico]

On Thu, 12 Feb 2009, Charles Marcus wrote:

On 2/12/2009, Rob Mangiafico (rm...@lexiconn.com) wrote:

I mean it will probably work. I'm trying to get v1.1 to a deep feature
freeze.



Do you think this pop3 lock issue could be applied to 1.1?


I think above he said 'not officially, but that you could apply the
patch yourself'.

Best bet would be to upgrade to 1.2 if you want official support for it...


ok, thanks. Has anyone tried patching against 1.1.11? Any patch file for 
it? We just spent a few months transitioning from uw imap to dovecot 1.1, 
so we would rather not jump into 1.2 at the moment. Thanks.


Rob

Re: [Dovecot] pop3_lock_session question

[Rob Mangiafico]

On Wed, 4 Feb 2009, Timo Sirainen wrote:

On Wed, 2009-02-04 at 11:17 -0700, Mark Costlow wrote:

Hello, I'm preparing to convert from qpopper + UW-IMAP to dovecot.
So far testing has gone very well.  One problem we haven't figured
out is that long-running POP sessions keep the mailbox locked, so that
the MDA times out while trying to deliver.  We're using maildrop as
our MDA if that matters.

..

We though this setting would address the issue:

  # Keep the mailbox locked for the entire POP3 session.
  pop3_lock_session = no

But it doesn't seem to.

Any ideas?


Switch to Maildir and the problem goes away. The issue is that the mbox
file is read-locked when the first message is read. And since the POP3
client most likely just keeps reading messages for the entire session,
the mbox file kept read-locked all the time. Can't really be fixed
without some larger redesign (which is really not worth it).


We see this as well with mbox and pop3 accesses where some pop3 clients do 
not logout (iphone's are the worst offenders) for 30-90 minutes it seems. 
Timeout settings in dovecot.conf do not seem to help. procmail backs up 
waiting to get access to the inbox to deliver mail.


Is there a global timeout we can set that will close any pop3 connection 
after say 15 minutes? Maildir is not an option currently for many of our 
servers that use openwebmail, which does not support maildir currently.


Not sure if these pop3 sessions are in a loop, just keeping the conenction 
open for a reason, etc... but they do not seem to do anything after the 
initial check besides not logging out...


Rob

Re: [Dovecot] v1.1.6 released

[Rob Mangiafico]

We're running 1.1.4 in production on one machine, and have tried 1.1.5. 
and 1.1.6 in our test environment... all three still sometimes have the 
next message unexpectedly lost error logged. This happens only for 
Outlook users, and corresponds to the user seeing a message with no 
subject or body in Outlook's list.


I've finally managed to reproduce this with my own mails a few days ago. 
Now I'd just need to figure out what exactly is causing it and fix it.


Glad you were able to identify the issue. We see it every few days as well 
using mbox and POP3 checking where sometimes an in the middle deletion of a 
message (via a POP3 checker POPTray) will cause the empty message to appear 
to any POP3 check with a pop checker, pegasus mail, outlook, etc... It does 
not appear to be isolated to Outlook. Deleting the index files resets things.


As a followup, we just had this happen again on an mbox POP3 check. Using 
pine, the message appears normally. I used telnet to access the POP box 
through dovecot, issued a RETR command on the new message, and it was 
blank. then I issued a RETR command on the email before it, and again a 
RETR command on the blank email and it appeared normally from that point 
forward using dovecot.


Hope this helps in figuring out this issue.

Rob

Re: [Dovecot] Panic in version 1.1.6

[Rob Mangiafico]

We have seen a few of these panics in 1.1.6. It seems to happen when pine is 
being used and a POP3 check occurs at the same time (but not always), but I'm 
not positive this is always the case:


---
Nov 22 11:10:32 lexiconn2 dovecot: Panic: POP3(techjm): file istream.c: line 
76 (i_stream_read): assertion failed: (_stream-

skip != _stream-pos)
Nov 22 11:10:32 lexiconn2 dovecot: POP3(techjm): Raw backtrace: pop3 
[0x80c38f0] - pop3 [0x80c394a] - pop3 [0x80c324c] - p
op3(i_stream_read+0xda) [0x80c7dda] - pop3 [0x80c9c6b] - 
pop3(i_stream_read+0x2d) [0x80c7d2d] - pop3 [0x80b9abe] - pop3(i
_stream_read+0x2d) [0x80c7d2d] - pop3(i_stream_read_data+0x1d) [0x80c7e3d] 
- pop3(message_get_body_size+0x5c) [0x80be85c] -
pop3(index_mail_init_stream+0x151) [0x8089571] - pop3 [0x80717a2] - 

pop3(index_mail_get_virtual_size+0x76) [0x80882b6] -
pop3(client_create+0x282) [0x8059c72] - pop3(main+0x403) [0x805ba83] - 
/lib/libc.so.6(__libc_start_main+0xdc) [0x492dec] -

pop3 [0x8059351]


We're seeing something similar in 1.1.7:

Dec  1 12:49:33 xxx dovecot: pop3-login: Login: user=jstuart, 
method=LOGIN, rip=1.2.3.4, lip=5.6.7.8, TLS

Dec  1 12:49:33 xxx dovecot: POP3(jstuart): Effective uid=778, gid=510
Dec  1 12:49:33 xxx dovecot: POP3(jstuart): mbox: 
data=~/:INBOX=/var/spool/mail/jstuart
Dec  1 12:49:33 xxx dovecot: POP3(jstuart): fs: root=/home/jstuart, 
index=, control=, inbox=/var/spool/mail/jstuart
Dec  1 12:49:33 xxx dovecot: POP3(jstuart): Next message unexpectedly lost 
from 17090
Dec  1 12:49:33 xxx dovecot: POP3(jstuart): Next message unexpectedly lost 
from 17090
Dec  1 12:49:33 xxx dovecot: Panic: POP3(jstuart): file istream.c: line 81 
(i_stream_read): assertion failed: (_stream-skip != _stream-pos)
Dec  1 12:49:33 xxx dovecot: POP3(jstuart): Raw backtrace: pop3 
[0x80c3a30] - pop3 [0x80c3a8a] - pop3 [0x80c338c] - 
pop3(i_stream_read+0xda) [0x80c7f4a] - pop3 [0x80c9e3b] - 
pop3(i_stream_read+0x2d) [0x80c7e9d] - pop3 [0x80b9bfe] - 
pop3(i_stream_read+0x2d) [0x80c7e9d] - pop3(i_stream_read_data+0x1d) 
[0x80c7fad] - pop3(message_get_body_size+0x5c) [0x80be99c] - 
pop3(index_mail_init_stream+0x151) [0x80896b1] - pop3 [0x80718a2] - 
pop3(index_mail_get_virtual_size+0x76) [0x80883f6] - 
pop3(client_create+0x282) [0x8059ca2] - pop3(main+0x403) [0x805bab3] - 
/lib/libc.so.6(__libc_start_main+0xdc) [0x125dec] - pop3 [0x8059381]

Dec  1 12:49:33 xxx dovecot: child 17331 (pop3) killed with signal 6

dovecot -n
# 1.1.7: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.18-53.1.14.el5PAE i686 CentOS release 5.2 (Final)
protocols: imap imaps pop3 pop3s
ssl_cert_file: /usr/local/apache/conf/ssl.crt/ssl.cert
ssl_key_file: /usr/local/apache/conf/ssl.key/ssl.key
ssl_cipher_list: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
disable_plaintext_auth: no
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_privileged_group: mail
mail_location: mbox:~/:INBOX=/var/spool/mail/%u
mail_debug: yes
mail_full_filesystem_access: yes
mmap_disable: yes
fsync_disable: yes
mbox_read_locks: fcntl flock
mbox_write_locks: fcntl flock
mbox_very_dirty_syncs: yes
mail_drop_priv_before_exec: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_process_size: 512
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %08Xv%08Xu
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  mechanisms: plain login
  username_format: %Lu
  verbose: yes
  passdb:
driver: shadow
  userdb:
driver: passwd


We're seeing a handful of these errors each day, and many times there is 
no other process (i.e. pine, webmail, etc...) accessing the mbox file at 
the same time. Core files are not cooperating but if we can get one, we'll 
provide those details as well.


Thanks.

Rob

[Dovecot] Panic in version 1.1.6

[Rob Mangiafico]

Hello,

We have seen a few of these panics in 1.1.6. It seems to happen when pine 
is being used and a POP3 check occurs at the same time (but not always), 
but I'm not positive this is always the case:


---
Nov 22 11:10:32 lexiconn2 dovecot: Panic: POP3(techjm): file istream.c: 
line 76 (i_stream_read): assertion failed: (_stream-

skip != _stream-pos)
Nov 22 11:10:32 lexiconn2 dovecot: POP3(techjm): Raw backtrace: pop3 
[0x80c38f0] - pop3 [0x80c394a] - pop3 [0x80c324c] - p
op3(i_stream_read+0xda) [0x80c7dda] - pop3 [0x80c9c6b] - 
pop3(i_stream_read+0x2d) [0x80c7d2d] - pop3 [0x80b9abe] - pop3(i
_stream_read+0x2d) [0x80c7d2d] - pop3(i_stream_read_data+0x1d) 
[0x80c7e3d] - pop3(message_get_body_size+0x5c) [0x80be85c] -
pop3(index_mail_init_stream+0x151) [0x8089571] - pop3 [0x80717a2] - 

pop3(index_mail_get_virtual_size+0x76) [0x80882b6] -
 pop3(client_create+0x282) [0x8059c72] - pop3(main+0x403) [0x805ba83] - 
/lib/libc.so.6(__libc_start_main+0xdc) [0x492dec] -

pop3 [0x8059351]


dovecot -n
# 1.1.6: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.18-53.1.14.el5 i686 CentOS release 5.2 (Final)
protocols: imap imaps pop3 pop3s
ssl_cert_file: /usr/local/apache/conf/ssl.crt/lexiconn.com.cert
ssl_key_file: /usr/local/apache/conf/ssl.key/lexiconn.com.key
ssl_cipher_list: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
disable_plaintext_auth: no
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_privileged_group: mail
mail_location: mbox:~/:INBOX=/var/spool/mail/%u
mail_full_filesystem_access: yes
mmap_disable: yes
fsync_disable: yes
mbox_write_locks: fcntl
mbox_very_dirty_syncs: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_process_size: 512
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %08Xv%08Xu
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  mechanisms: plain login
  username_format: %Lu
  verbose: yes
  passdb:
driver: shadow
  userdb:
driver: passwd
---

We've enabled core dumps to try and get a gdb backtrace the next time this 
happens.


Rob

Re: [Dovecot] mail_privileged_group not working for dotlock files (1.1.6)

[Rob Mangiafico]

Running dovecot 1.1.6 on centOS 5 and RHEL 5.

With the settings:
pop3_lock_session = yes
mail_privileged_group = mail
mail_location = mbox:~/:INBOX=/var/spool/mail/%u
mbox_read_locks = fcntl
mbox_write_locks = dotlock fcntl

and /var/spool/mail permissions:
drwxrwx--x   2 root   mail4096 Nov 19 10:16 mail/

Trying to connect via POP3 results in this error:
---
Nov 19 09:31:01 lexiconn2 dovecot: child 32127 (pop3) killed with signal 11

Nov 19 09:31:01 lexiconn2 dovecot: POP3(cerberus): file_lock_dotlock() failed 
with mbox file /var/spool/mail/xxx: Permission denied


Nov 19 09:31:01 lexiconn2 dovecot: pop3-login: Login: user=xxx, 
method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, secured

---

The docs seem to indicate the above config / settings should work. Is this a 
bug?


The reason we have dotlock as the primary format is due to procmail LDA from 
sendmail:

---
procmail -v 21|grep Locking
Locking strategies: dotlocking, fcntl()
---

I assume we have to make the mbox_write_locks match the procmail locking...


We can use the workaround:
mail_access_groups = mail

But we'd prefer to use the safer method of mail_privileged_group to get 
dotlocking and POP3 mbox working with our current permissions. Just want 
to make sure we have things setup correctly. Thanks.


Rob

Re: [Dovecot] mail_privileged_group not working for dotlock files (1.1.6)

[Rob Mangiafico]

On Fri, 2008-11-21 at 15:45 -0500, Rob Mangiafico wrote:

Running dovecot 1.1.6 on centOS 5 and RHEL 5.

With the settings:
pop3_lock_session = yes
mail_privileged_group = mail
mail_location = mbox:~/:INBOX=/var/spool/mail/%u


What does ~/ expand to? What does mail_debug=yes show? The privileged
locking isn't used if INBOX appears under the mail root directory. So if
~/ expands to /, /var, /var/spool or /var/spool/mail, the privileged
locking isn't done.



From the log file:

---
Nov 21 20:29:43 ssy dovecot: auth(default): new auth connection: pid=23472
Nov 21 20:29:46 ssy dovecot: auth(default): client in: AUTH 1 
PLAIN   service=pop3secured lip=127.0.0.1   rip=127.0.0.1 
lport=110   rport=44480 resp=hidden

Nov 21 20:29:46 ssy dovecot: auth(default): shadow(rlm,127.0.0.1): lookup
Nov 21 20:29:46 ssy dovecot: auth(default): client out: OK  1 
user=rlm
Nov 21 20:29:46 ssy dovecot: auth(default): master in: REQUEST  2 
23349   1

Nov 21 20:29:46 ssy dovecot: auth(default): passwd(rlm,127.0.0.1): lookup
Nov 21 20:29:46 ssy dovecot: auth(default): master out: USER2 
rlm system_user=rlm uid=500 gid=500 home=/home/rlm

Nov 21 20:29:46 ssy dovecot: child 23475 (pop3) killed with signal 11
Nov 21 20:29:46 ssy dovecot: POP3(rlm): Effective uid=500, gid=500
Nov 21 20:29:46 ssy dovecot: POP3(rlm): mbox: 
data=~/mail:INBOX=/var/spool/mail/rlm
Nov 21 20:29:46 ssy dovecot: POP3(rlm): fs: root=/home/rlm/mail, index=, 
control=, inbox=/var/spool/mail/rlm
Nov 21 20:29:46 ssy dovecot: POP3(rlm): file_lock_dotlock() failed with 
mbox file /var/spool/mail/rlm: Permission denied
Nov 21 20:29:46 ssy dovecot: pop3-login: Login: user=rlm, method=PLAIN, 
rip=127.0.0.1, lip=127.0.0.1, secured



ls -al /var/spool/mail/
drwxrwx--x   2 root  mail 4096 Nov 21 19:58 ./

dovecot -n
# 1.1.6: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.20.1 i686 CentOS release 4.7 (Final)
protocols: imap imaps pop3 pop3s
ssl_cert_file: /usr/share/ssl/certs/sendmail.pem
ssl_key_file: /usr/share/ssl/certs/sendmail.pem
ssl_cipher_list: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
disable_plaintext_auth: no
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_privileged_group: mail
mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u
mail_debug: yes
mail_full_filesystem_access: yes
mmap_disable: yes
fsync_disable: yes
mail_drop_priv_before_exec: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_lock_session(default): no
pop3_lock_session(imap): no
pop3_lock_session(pop3): yes
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %08Xv%08Xu
auth default:
  mechanisms: plain login
  verbose: yes
  debug: yes
  passdb:
driver: shadow
  userdb:
driver: passwd



Could you get gdb backtrace of this crash? See
http://dovecot.org/bugreport.html


I do not think it is crashing, as no matter what I do, I cannot get core 
dumps (in /tmp, home dir, etc...):

ulimit -c
unlimited

cat /proc/sys/kernel/core_pattern
/tmp/%p


The reason we have dotlock as the primary format is due to procmail LDA from
sendmail:
---
procmail -v 21|grep Locking
Locking strategies: dotlocking, fcntl()
---

I assume we have to make the mbox_write_locks match the procmail locking...


Actually it's not necessary. You'll need to have at least one common
locking mechanism. Using only fcntl Dovecot would be enough if procmail
also uses fcntl.


Ah, ok. I thought the docs implied they had to match exactly. Since we use 
procmail as an LDA, and occasionally pine (from uw-imap) which I believe 
supports fcntl, and openwebmail (not sure if fcntl is supported), I think 
we'll be safe with fcntl locking. Correct?


If you need me to test anything else, please let me know. Thanks!

Rob

[Dovecot] mail_privileged_group not working for dotlock files (1.1.6)

[Rob Mangiafico]

Hello,

Running dovecot 1.1.6 on centOS 5 and RHEL 5.

With the settings:
pop3_lock_session = yes
mail_privileged_group = mail
mail_location = mbox:~/:INBOX=/var/spool/mail/%u
mbox_read_locks = fcntl
mbox_write_locks = dotlock fcntl

and /var/spool/mail permissions:
drwxrwx--x   2 root   mail4096 Nov 19 10:16 mail/

Trying to connect via POP3 results in this error:
---
Nov 19 09:31:01 lexiconn2 dovecot: child 32127 (pop3) killed with signal 
11


Nov 19 09:31:01 lexiconn2 dovecot: POP3(cerberus): file_lock_dotlock() 
failed with mbox file /var/spool/mail/xxx: Permission denied


Nov 19 09:31:01 lexiconn2 dovecot: pop3-login: Login: user=xxx, 
method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, secured

---

The docs seem to indicate the above config / settings should work. Is this 
a bug?


The reason we have dotlock as the primary format is due to procmail LDA 
from sendmail:

---
procmail -v 21|grep Locking
Locking strategies: dotlocking, fcntl()
---

I assume we have to make the mbox_write_locks match the procmail 
locking...


Thanks.

Rob

Re: [Dovecot] Another dovecot-antispam plugin can't call dspam

[Rob Klingsten]

Johannes Berg wrote:

On Wed, 2008-11-05 at 10:03 -0500, Rob Klingsten wrote:

Hi folks -

I am configuring a new system and the antispam plugin is the last piece 
I need, everything else is working. Thanks to Johannes for this plugin, 
it's exactly what I want and an elegant solution for filter training. 
But I've been trying everything I can think of for the last 3 days to 
get this to work, no success.


I've got: Postfix 2.5.3, dspam 3.8.0, Dovecot 1.1.6, Maildrop 2.0.4 and 
dovecot-antispam 1.0 tarball.  I've built dspam from source with 
--disable-trusted-user-security to try and isolate the source of the 
plugin problem, which is the message at the IMAP client Failed to call 
dspam.


Here's what I've got configured for the plugin:


hmm. I wonder if there's a bug in debugv(), can you comment that call
out in dspam-exec.c?

johannes


Aha, that's getting closer ... I still got the 'Failed to call dspam' 
message, but dspam now seems to be called:


.
.
Nov  5 10:11:01 venus imap: antispam: Spam is spam folder
Nov  5 10:11:01 venus imap: antispam: no unsure folders
Nov  5 10:11:01 venus imap: antispam: dspam binary set to 
/usr/local/bin/dspam

Nov  5 10:11:01 venus imap: antispam: dspam extra arg --user [EMAIL PROTECTED]
Nov  5 10:11:01 venus dovecot: IMAP([EMAIL PROTECTED]): maildir: 
data=/var/mail/janeandrob.org/rob
Nov  5 10:11:01 venus dovecot: IMAP([EMAIL PROTECTED]): maildir++: 
root=/var/mail/.org/rob, index=, control=, inbox=/var/mail/.org/rob
Nov  5 10:11:01 venus imap: antispam: signature header line is 
X-DSPAM-Signature

Nov  5 10:11:05 venus imap: antispam: mailbox_is_unsure(Spam): 0
Nov  5 10:11:05 venus imap: antispam: mailbox_is_trash(INBOX): 0
Nov  5 10:11:05 venus imap: antispam: mailbox_is_trash(Spam): 0
Nov  5 10:11:05 venus imap: antispam: mail copy: from trash: 0, to trash: 0
Nov  5 10:11:05 venus imap: antispam: mailbox_is_spam(INBOX): 0
Nov  5 10:11:05 venus imap: antispam: mailbox_is_spam(Spam): 1
Nov  5 10:11:05 venus imap: antispam: mailbox_is_unsure(INBOX): 0
Nov  5 10:11:05 venus imap: antispam: mail copy: src spam: 0, dst spam: 
1, src unsure: 0

Nov  5 10:11:05 venus dspam[834]: Unable to determine the destination user
Nov  5 10:11:05 venus dspam[834]: DSPAM agent misconfigured: aborting

So now what happened to the arguments to dspam? Thanks very much for the 
help!


Rob Klingsten


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Dovecot] Another dovecot-antispam plugin can't call dspam

[Rob Klingsten]

Johannes Berg wrote:

On Wed, 2008-11-05 at 10:03 -0500, Rob Klingsten wrote:

Hi folks -

I am configuring a new system and the antispam plugin is the last 
piece I need, everything else is working. Thanks to Johannes for this 
plugin, it's exactly what I want and an elegant solution for filter 
training. But I've been trying everything I can think of for the last 
3 days to get this to work, no success.


I've got: Postfix 2.5.3, dspam 3.8.0, Dovecot 1.1.6, Maildrop 2.0.4 
and dovecot-antispam 1.0 tarball.  I've built dspam from source with 
--disable-trusted-user-security to try and isolate the source of the 
plugin problem, which is the message at the IMAP client Failed to 
call dspam.


Here's what I've got configured for the plugin:


hmm. I wonder if there's a bug in debugv(), can you comment that call
out in dspam-exec.c?

johannes


Aha, that's getting closer ... I still got the 'Failed to call dspam' 
message, but dspam now seems to be called:


.
.
Nov  5 10:11:01 venus imap: antispam: Spam is spam folder
Nov  5 10:11:01 venus imap: antispam: no unsure folders
Nov  5 10:11:01 venus imap: antispam: dspam binary set to 
/usr/local/bin/dspam

Nov  5 10:11:01 venus imap: antispam: dspam extra arg --user [EMAIL PROTECTED]
Nov  5 10:11:01 venus dovecot: IMAP([EMAIL PROTECTED]): maildir: 
data=/var/mail/janeandrob.org/rob
Nov  5 10:11:01 venus dovecot: IMAP([EMAIL PROTECTED]): maildir++: 
root=/var/mail/.org/rob, index=, control=, inbox=/var/mail/.org/rob
Nov  5 10:11:01 venus imap: antispam: signature header line is 
X-DSPAM-Signature

Nov  5 10:11:05 venus imap: antispam: mailbox_is_unsure(Spam): 0
Nov  5 10:11:05 venus imap: antispam: mailbox_is_trash(INBOX): 0
Nov  5 10:11:05 venus imap: antispam: mailbox_is_trash(Spam): 0
Nov  5 10:11:05 venus imap: antispam: mail copy: from trash: 0, to trash: 0
Nov  5 10:11:05 venus imap: antispam: mailbox_is_spam(INBOX): 0
Nov  5 10:11:05 venus imap: antispam: mailbox_is_spam(Spam): 1
Nov  5 10:11:05 venus imap: antispam: mailbox_is_unsure(INBOX): 0
Nov  5 10:11:05 venus imap: antispam: mail copy: src spam: 0, dst spam: 
1, src unsure: 0

Nov  5 10:11:05 venus dspam[834]: Unable to determine the destination user
Nov  5 10:11:05 venus dspam[834]: DSPAM agent misconfigured: aborting

So now what happened to the arguments to dspam? Thanks very much for the 
help!


Ok, I got it, it works!  The primary solution was to comment out 
debugv() in dspam-exec.c ...


Then, as suggested I put back in the semicolon in my extra arguments to 
dspam and bingo!


Thanks very much to Johannes and Thorsten V. for the suggestions and 
speedy solution!


Rob Klingsten


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Dovecot] Another dovecot-antispam plugin can't call dspam

[Rob Klingsten]

On Wed, 2008-11-05 at 10:25 -0500, Rob Klingsten wrote:


hmm. I wonder if there's a bug in debugv(), can you comment that call
out in dspam-exec.c?

johannes
Aha, that's getting closer ... I still got the 'Failed to call dspam' 
message, but dspam now seems to be called:



Nov  5 10:11:05 venus dspam[834]: DSPAM agent misconfigured: aborting

So now what happened to the arguments to dspam? Thanks very much for the 
help!
Ok, I got it, it works!  The primary solution was to comment out 
debugv() in dspam-exec.c ...


Then, as suggested I put back in the semicolon in my extra arguments to 
dspam and bingo!


:)

I just committed a fix to debugv(), can you try that? If you downloaded
the tarball, get this one:
http://git.sipsolutions.net/?p=dovecot-antispam.git;a=snapshot;h=HEAD;sf=tgz

If you can confirm that works I'll make a new release.

johannes


The fixed version works perfectly, thank you very much!

Rob K


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Dovecot] Another dovecot-antispam plugin can't call dspam

[Rob Klingsten]

I just committed a fix to debugv(), can you try that? If you downloaded
the tarball, get this one:
http://git.sipsolutions.net/?p=dovecot-antispam.git;a=snapshot;h=HEAD;sf=tgz

If you can confirm that works I'll make a new release.

johannes

The fixed version works perfectly, thank you very much!


And it prints the full command line to the syslog, I assume? Thanks for
testing!

johannes


Yes, it's great!

Nov  5 10:50:10 venus imap: antispam: dspam binary set to 
/usr/local/bin/dspam

Nov  5 10:50:10 venus imap: antispam: dspam extra arg --user
Nov  5 10:50:10 venus imap: antispam: dspam extra arg [EMAIL PROTECTED]
Nov  5 10:50:10 venus imap: antispam: signature header line is 
X-DSPAM-Signature

Nov  5 10:50:13 venus imap: antispam: mailbox_is_unsure(INBOX): 0
Nov  5 10:50:13 venus imap: antispam: mailbox_is_trash(Spam): 0
Nov  5 10:50:13 venus imap: antispam: mailbox_is_trash(INBOX): 0
Nov  5 10:50:13 venus imap: antispam: mail copy: from trash: 0, to trash: 0
Nov  5 10:50:13 venus imap: antispam: mailbox_is_spam(Spam): 1
Nov  5 10:50:13 venus imap: antispam: mailbox_is_spam(INBOX): 0
Nov  5 10:50:13 venus imap: antispam: mailbox_is_unsure(Spam): 0
Nov  5 10:50:13 venus imap: antispam: mail copy: src spam: 1, dst spam: 
0, src unsure: 0
Nov  5 10:50:13 venus imap: antispam: /usr/local/bin/dspam 
--source=error --class=innocent --signature=4911bedc107624643064458 
--user [EMAIL PROTECTED]


Thanks!

Rob K


smime.p7s
Description: S/MIME Cryptographic Signature

[Dovecot] make archive emails undeletable?

[Rob Nichols]

I've been using dovecot for a year or two now, and really like it.  I have a
fairly simple setup, but I think it's time to get a little more advanced.  I
keep an archive of all my email, both sent and received.  Every once in a
while I get confused, and accidentally delete something from my archive.  I
also worry that I'll misconfigure a mail client some day and accidentally
wipe out my trash folder.  I would like some way to prevent deletion in
several mailboxes.  Is that possible?  It looks like ACL could do this, but
I can't quite figure out where to start.  Any pointers would be greatly
appreciated.

Thanks,
Rob

Re: [Dovecot] Why my Evolution cannot delete emails in dovecot IMAP folder?

[Rob Frohne]

Have you set Edit-Preferences-Mail Preferences Delete Mail empty trash on exit 
everytime?

Rob

From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of Igor Chudov [EMAIL 
PROTECTED]
Sent: Wednesday, October 01, 2008 8:39 PM
To: dovecot@dovecot.org
Subject: [Dovecot] Why my Evolution cannot delete emails in dovecot IMAP
folder?

I use Ubuntu Hardy, get mails locally and run dovecot listening on
localhost. I run Evolution and have it connect to dovecot, so that I
can access my mail in IMAP and be able to use mutt from remote.

So far so good. It works. However, my problem is that Evolution cannot
delete any messages. That is, when I click DELETE in Evolution,
Evolution no longer sees the message , but the message is still
there. That's not what I want, when deleting messages I want them to
go away from Inbox.

How can I do it?

thanks

i

Re: [Dovecot] Auto creating client folders on the IMAP server after installing client.

[Rob Coward]

On Mon, 2008-06-09 at 20:29 -0700, Radio Tron wrote:
 It's a buggy, moth infested, Linux client - you guys
 are using the windows TBird client.

I use the Linux version of thunderbird (v2.0.0.14 20080515) on a RHEL5.1
desktop against a 1.0-1.2.0.el5 build of Dovecot and have never
experienced any of the problems you described. :)

Rob


Please consider the environment before printing this email. 


GAME Stores Group Ltd has been awarded ‘Retailer of the Year’ at the 2006 and 
2007 Golden Joystick Awards and 
'Thames Valley Business Award' for Outstanding Employer of Choice 2006.

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the 
individual or entity to whom they are addressed. If you have received this 
e-mail in error please 
notify the system manager at:  
 
mailto:[EMAIL PROTECTED]
 
The recipient acknowledges that the transmissions made via the Internet can be 
corrupted and therefore 
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to 
the quality or accuracy of 
any information contained in the message or assume any liability for it or for 
its transmission, reception or storage.  

This footnote also confirms that this e-mail message has been swept by 
anti-virus software for the presence of computer viruses.
 
http://www.game.co.uk
http://www.gamegroup.plc.uk 

Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ 
Registered in England and Wales.

[Dovecot] How do I increase the fd limit on OS X?

[Rob Frohne]

Hi All,

I just upgraded to the new 1.1rc5 from 1.0 that I had been using and it
advised me to increase the file descriptor limit.  I'm not sure how to
do this.  There is a command built into tcsh that allows me to do this
called limit, but sudo limit 4224 doesn't work, and usually dovecot is
started from the rc.local file if I recall right, and I'm not sure how
to set this up from there.  Any advice.

Thanks,

Rob
-- 
Rob Frohne [EMAIL PROTECTED]
Walla Walla University

Re: [Dovecot] more than one ldap database.

[Rob Coward]

You can define multiple userdb/passworddb sections, each using ldap but
using a different conf file. If you search the archives for one if my
earlier posts this week, you will see my configuration where we actually
have 3 different ldap configs defined to handle searching specific
sub-trees within our ActiveDirectory.

Rob

On Thu, 2008-04-17 at 13:10 +0200, Mauro Sanna wrote:
 If I have two databases in my ldap, ex: dc=dominio1,dc=it is the first
 database and dc=dominio2,dc=it is the second one.
 Can I put these two search bases in dovecot-ldap.conf?
 


Please consider the environment before printing this email. 


GAME Stores Group Ltd has been awarded ‘Retailer of the Year’ at the 2006 and 
2007 Golden Joystick Awards and 
'Thames Valley Business Award' for Outstanding Employer of Choice 2006.

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the 
individual or entity to whom they are addressed. If you have received this 
e-mail in error please 
notify the system manager at:  
 
mailto:[EMAIL PROTECTED]
 
The recipient acknowledges that the transmissions made via the Internet can be 
corrupted and therefore 
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to 
the quality or accuracy of 
any information contained in the message or assume any liability for it or for 
its transmission, reception or storage.  

This footnote also confirms that this e-mail message has been swept by 
anti-virus software for the presence of computer viruses.
 
http://www.game.co.uk
http://www.gamegroup.plc.uk 

Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ 
Registered in England and Wales.

Re: [Dovecot] Please help: LDAP configuration _almost_ works.

[Rob Coward]

I cant help you with what is going wrong for you, but we use dovecot
very successfully with ldap lookups against Active Directory, using
auth_bind=yes, and it does not require anonymous connections. The
initial connection is by an un-privileged user that searches for the
user, then a 2nd connection is used, authenticating against AD as the
looked up user using the password supplied to dovecot.

Our setup looks like this:

# rpm -q dovecot
dovecot-1.0-1.2.0.el5

# dovecot -n
# /etc/dovecot.conf
protocols: imap pop3
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_user: dovecotlogin
login_process_size: 64
login_processes_count: 10
login_max_processes_count: 64
first_valid_uid: 97
default_mail_env: maildir:/data/shared/mailstore/%d/%n
mail_location: maildir:/data/shared/mailstore/%d/%n
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib64/dovecot/imap
mail_plugin_dir(imap): /usr/lib64/dovecot/imap
mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3
auth default:
  passdb:
driver: ldap
args: /etc/dovecot-ldap.conf
  passdb:
driver: ldap
args: /etc/dovecot-ldap-fr.conf
  passdb:
driver: ldap
args: /etc/dovecot-ldap-se.conf
  userdb:
driver: ldap
args: /etc/dovecot-ldap.conf
  userdb:
driver: ldap
args: /etc/dovecot-ldap-fr.conf
  userdb:
driver: ldap
args: /etc/dovecot-ldap-se.conf

# cat /etc/dovecot-ldap.conf
hosts = ad.our.net
dn=CN=Lookup,CN=Users,DC=our,DC=net
dnpass=
auth_bind = yes
ldap_version = 3
base = OU=Stores,OU=UK,DC=our,DC=net
deref = never
scope = subtree
user_attrs = mail=user
user_filter = ((objectClass=user)(mail=%u))
pass_attrs = mail=user,userPassword=password,mail=userdb_user
pass_filter = ((objectClass=user)(mail=%u))
user_global_uid = dovecot
user_global_gid = dovecot

We use multiple userdb / passdb definitions and ldap configs in order to
limit the searches of our AD schema to specific sub-trees, both for
performance and as there are other users elsewhere in our schema that we
dont want dovecot to allow to connect.

Hope this helps you.
Rob

On Wed, 2008-04-16 at 00:19 +0100, Wojtek Bogusz wrote:
  /etc/ldap/sldap.conf:
  access to attr=uid,homeDirectory,uidNumber
  by anonymous read
  
  I do not have this in my configuration, and dovecot does indeed use the
  credential I provide to successfully query LDAP for the user based on
  the (mail=%u) criteria.  However, it does not see the reply.
  The fact that it does perform the query successfully implies to me that
  it does not use an anonymous connection.  Very puzzling.
 
 
 i have no idea what dovecot is doing :-) from the log file it looks like 
 there are 2 queries to ldap: 1. to check provided password for provided 
 user name, 2. to find a user related information (and from what Steffen 
 wrote this one is done with anonymous user - correct?).
 
 [on the margin: why isn't it done in one query: get me the user related 
 information, i am binding with provided user and with provided password. 
 this way it would be one query for two things.]
 
 in my case, i cannot list user related information from ldap in 
 anonymous connection even from command line, using: ldapsearch -x -b 
 'ou=Users,dc=frontline' '((objectClass=posixAccount)(uid=wojtek))' 
 homeDirectory
 
 so i guess that i have to workout ldap settings for anonymous query. my 
 /etc/ldap/slapd.conf related to access permissions is:
 
 access to dn.children=ou=Users,dc=frontline 
 attrs=uid,homeDirectory,uidNumber
 by anonymous read
 access to attrs=userPassword,sambaNTPassword,sambaLMPassword
  by dn=cn=admin,dc=frontline write
  by anonymous auth
  by self write
  by * none
 access to dn.children=ou=Users,dc=frontline
  by dn=cn=root,ou=Users,dc=frontline read
  by anonymous auth
  by self write
 access to dn.base= by * read
 access to *
  by dn=cn=admin,dc=frontline write
  by * read
 
 maybe the problem is here... any hints please?
 
 regards, Wojtek


Please consider the environment before printing this email. 


GAME Stores Group Ltd has been awarded ‘Retailer of the Year’ at the 2006 and 
2007 Golden Joystick Awards and 
'Thames Valley Business Award' for Outstanding Employer of Choice 2006.

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the 
individual or entity to whom they are addressed. If you have received this 
e-mail in error please 
notify the system manager at:  
 
mailto:[EMAIL PROTECTED]
 
The recipient acknowledges that the transmissions made via the Internet can be 
corrupted and therefore 
THE GAME GROUP PLC and any of its subsidiaries do not give any

Re: [Dovecot] Please help: LDAP configuration _almost_ works.

[Rob Coward]

On Wed, 2008-04-16 at 10:39 +0100, Wojtek Bogusz wrote:
 dear Rob, thank you for support!
 there are small differences in mine and yours config, like:
 
 - you do not have auth_bind_userdn defined. if i comment my out i cannot 
 authenticate at all - log file:
 auth(default): ldap(wojtek,192.168.0.200): unknown user
 dovecot: auth(default): client out: FAIL^I1^Iuser=wojtek

Our initial connection is made using the dn and dnpass settings.
This looks up the user's dn based on the ((objectClass=user)(mail=%
u)) search criteria.

My understanding of the auth_bind_userdn setting is that it is only
useful if all your users are in a specific tree in the ldap, so that you
can specify (from
http://wiki.dovecot.org/HowTo/DovecotOpenLdap?highlight=%
28auth_bind_userdn%29 ) auth_bind_userdn = uid=%
u,ou=People,dc=_WIZZY_HOSTNAME_,ou=wizzy

This I believe saves the first lookup to find the dn of the user trying
to login. Our users are spread throughout our tree, hence using the
initial lookup as the 'dn'/'dnpass' user to find our user's dn.

If you remove auth_bind_userdn, do you have 'dn'  'dnpass' setup with a
suitable unprivileged user to allow the initial lookup of the logging-in
user's dn ?

 
 - you have user_attrs = mail=user, me: user_attrs = 
 homeDirectory=home,uidNumber=uid. but i do not think it make any difference.
 

Our users login with their email address as the userid - hence
mail=user telling dovecot that the userid is stored in the 'mail'
attribute in the ldap results. We dont bother with 'home' or 'uid' as
they are all virtual users, using a fixed uid set by user_global_uid =
dovecot and mail_location: maildir:/data/shared/mailstore/%d/%n

 - i did not have deref = never. do you know what does it do? i do not 
 understand man ldapsearch explanation :(

something to do with following links to other ldap servers I think. Dont
think its strictly necessary in a single server setup.

 
 Rob, could you send me your ldap config (/etc/ldap/slapd.conf) please? 
 maybe i am making some simple mistake with my ldap config...

As I said, we use Active Directory (running on Win2k3 servers I
believe), not slapd.

Regards,
Rob


 Rob Coward wrote:
  I cant help you with what is going wrong for you, but we use dovecot
  very successfully with ldap lookups against Active Directory, using
  auth_bind=yes, and it does not require anonymous connections. The
  initial connection is by an un-privileged user that searches for the
  user, then a 2nd connection is used, authenticating against AD as the
  looked up user using the password supplied to dovecot.
  
  Our setup looks like this:
  
  # rpm -q dovecot
  dovecot-1.0-1.2.0.el5
  
  # dovecot -n
  # /etc/dovecot.conf
  protocols: imap pop3
  login_dir: /var/run/dovecot/login
  login_executable(default): /usr/libexec/dovecot/imap-login
  login_executable(imap): /usr/libexec/dovecot/imap-login
  login_executable(pop3): /usr/libexec/dovecot/pop3-login
  login_user: dovecotlogin
  login_process_size: 64
  login_processes_count: 10
  login_max_processes_count: 64
  first_valid_uid: 97
  default_mail_env: maildir:/data/shared/mailstore/%d/%n
  mail_location: maildir:/data/shared/mailstore/%d/%n
  mail_executable(default): /usr/libexec/dovecot/imap
  mail_executable(imap): /usr/libexec/dovecot/imap
  mail_executable(pop3): /usr/libexec/dovecot/pop3
  mail_plugin_dir(default): /usr/lib64/dovecot/imap
  mail_plugin_dir(imap): /usr/lib64/dovecot/imap
  mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3
  auth default:
passdb:
  driver: ldap
  args: /etc/dovecot-ldap.conf
passdb:
  driver: ldap
  args: /etc/dovecot-ldap-fr.conf
passdb:
  driver: ldap
  args: /etc/dovecot-ldap-se.conf
userdb:
  driver: ldap
  args: /etc/dovecot-ldap.conf
userdb:
  driver: ldap
  args: /etc/dovecot-ldap-fr.conf
userdb:
  driver: ldap
  args: /etc/dovecot-ldap-se.conf
  
  # cat /etc/dovecot-ldap.conf
  hosts = ad.our.net
  dn=CN=Lookup,CN=Users,DC=our,DC=net
  dnpass=
  auth_bind = yes
  ldap_version = 3
  base = OU=Stores,OU=UK,DC=our,DC=net
  deref = never
  scope = subtree
  user_attrs = mail=user
  user_filter = ((objectClass=user)(mail=%u))
  pass_attrs = mail=user,userPassword=password,mail=userdb_user
  pass_filter = ((objectClass=user)(mail=%u))
  user_global_uid = dovecot
  user_global_gid = dovecot
  
  We use multiple userdb / passdb definitions and ldap configs in order to
  limit the searches of our AD schema to specific sub-trees, both for
  performance and as there are other users elsewhere in our schema that we
  dont want dovecot to allow to connect.
  
  Hope this helps you.
  Rob
  
  On Wed, 2008-04-16 at 00:19 +0100, Wojtek Bogusz wrote:
  /etc/ldap/sldap.conf:
  access to attr=uid,homeDirectory,uidNumber
  by anonymous read
I do not have this in my configuration, and dovecot does indeed use the
  credential I provide to successfully query LDAP for the user based on
  the (mail=%u

Re: [Dovecot] Please help: LDAP configuration _almost_ works.

[Rob Coward]

On Wed, 2008-04-16 at 08:28 -0500, Jack McKinney wrote:
   Looking at your config, it seems that your passdb for LDAP depends on
 your userdb, as you have mail= twice in your pass_attrs, once for
 userdb_user.
   For that matter, why do you have userPassword=password? dovecot should
 never need to see the contents of this field.  Indeed, this is the whole
 point of using auth_bind: instead of dovecot retrieving the password
 from LDAP and checking it against the user-supplied one, dovecot should
 _send_ the password to LDAP in the form of a bind and have LDAP accept
 or reject it.
 

I never said that it was right, only that it works for us ;)

It may be that some of our config settings are unnecessary, redundant or
sub-optimal, but it works, its running happily in an active-passive
RHEL5 cluster configuration using ext3 on DRBD for storing the
mailboxes, and until we look at upgrading to the latest dovecot stable
release, we aren't likely to play with any config settings


Please consider the environment before printing this email. 


GAME Stores Group Ltd has been awarded ‘Retailer of the Year’ at the 2006 and 
2007 Golden Joystick Awards and 
'Thames Valley Business Award' for Outstanding Employer of Choice 2006.

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the 
individual or entity to whom they are addressed. If you have received this 
e-mail in error please 
notify the system manager at:  
 
mailto:[EMAIL PROTECTED]
 
The recipient acknowledges that the transmissions made via the Internet can be 
corrupted and therefore 
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to 
the quality or accuracy of 
any information contained in the message or assume any liability for it or for 
its transmission, reception or storage.  

This footnote also confirms that this e-mail message has been swept by 
anti-virus software for the presence of computer viruses.
 
http://www.game.co.uk
http://www.gamegroup.plc.uk 

Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ 
Registered in England and Wales.

Re: [Dovecot] maildir directory structure

[Rob Coward]

Have a read of http://wiki.dovecot.org/Variables

On Wed, 2008-02-27 at 09:46 +0100, Chantal Rosmuller wrote:
 Hi list,
 
 I would like my mail directory structure to be like this:
 
 /var/vmail/firstletterdomain/domain/username
 
 what would be the syntax in dovecot.conf?
 
 
 Thanks, chantal


Please consider the environment before printing this email. 


GAME Stores Group Ltd has been awarded ‘Retailer of the Year’ at the 2006 
Golden Joystick Awards and 
'Thames Valley Business Award' for Outstanding Employer of Choice 2006.

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the 
individual or entity to whom they are addressed. If you have received this 
e-mail in error please 
notify the system manager at:  
 
mailto:[EMAIL PROTECTED]
 
The recipient acknowledges that the transmissions made via the Internet can be 
corrupted and therefore 
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to 
the quality or accuracy of 
any information contained in the message or assume any liability for it or for 
its transmission, reception or storage.  

This footnote also confirms that this e-mail message has been swept by 
anti-virus software for the presence of computer viruses.
 
http://www.game.co.uk
http://www.gamegroup.plc.uk 

Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ 
Registered in England and Wales.

Re: [Dovecot] Static list of users with passdb pam

[Rob Coward]

If you are using pam already, why not add to /etc/pam.d/dovecot
something like:

authrequiredpam_listfile.so onerr=fail item=user sense=allow
file=/etc/dovecot/allowed_users

The syntax may not be quite correct as this is off the top of my head
and I havent tested it, but we do something very similar with other pam
authentications, such as from vsftpd, to restrict user access.

Regards,
Rob

On Fri, 2008-01-18 at 10:04 +0100, Koen Vermeer wrote:
 Hi,
 
 On my system, I want to provide imap access for some of the users listed
 in /etc/passwd. The list of users should be provided by me, and should
 just be a list in a text file. All the userdb options are static (uid,
 gid, home directory). Unfortunately, I cannot think of a way to
 configure Dovecot to do this. The closest I get is with:
 
 passdb pam {}
 userdb passwd-file {
   args = /path/to/passwd-file
 }
 
 However, the passwd-file is now more complex than it really needs to be,
 as it includes fields for password, uid, gid and home directory as well.
 
 Is there some way to handle this? Or am I trying to do something stupid?
 
 Thanks!
 
 Koen
 


Please consider the environment before printing this email. 


GAME Stores Group Ltd has been awarded ‘Retailer of the Year’ at the 2006 
Golden Joystick Awards and 
'Thames Valley Business Award' for Outstanding Employer of Choice 2006.

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the 
individual or entity to whom they are addressed. If you have received this 
e-mail in error please 
notify the system manager at:  
 
mailto:[EMAIL PROTECTED]
 
The recipient acknowledges that the transmissions made via the Internet can be 
corrupted and therefore 
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to 
the quality or accuracy of 
any information contained in the message or assume any liability for it or for 
its transmission, reception or storage.  

This footnote also confirms that this e-mail message has been swept by 
anti-virus software for the presence of computer viruses.
 
http://www.game.co.uk
http://www.gamegroup.plc.uk 

Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ 
Registered in England and Wales.

Re: [Dovecot] Audit log?

[Rob Coward]

I use pam authentication in dovecot and the following fail2ban filter
seems to work fine for me:

failregex = auth\(default\): pam\(.*,HOST\): pam_authenticate\(\)
failed:

Rob

On Fri, 2007-12-21 at 12:04 +0100, Bjørn T Johansen wrote:

 On Thu, 20 Dec 2007 18:42:01 +0200
 Timo Sirainen [EMAIL PROTECTED] wrote:
 
  On Thu, 2007-12-20 at 13:18 +0100, Bjørn T Johansen wrote:
   Yes, I know about those but I was kind of hoping to see failed 
   authentications in some logs without enabling debug logging,
   like if I use PAM authentication
  
  auth_verbose=yes enables logging failed logins.
  
 
 That did the trick... thx... :)
 
 If I only had learned regexp like I have been meaning too for many years now, 
 this would have been a piece of cake but...
 
 Does anyone use Dovecot together with fail2ban? If so, could any one share 
 the failregex they are using? (A)
 (or perhaps someone could create a regexp that recognize a line like this:
 
 dovecot: Dec 21 11:58:07 Info: auth(default): sql([EMAIL 
 PROTECTED],85.19.143.23): Password mismatch
 
 )
 
 
 BTJ


Please consider the environment before printing this email. 


GAME Stores Group Ltd has been awarded �Retailer of the Year� at the 2006 
Golden Joystick Awards and 
'Thames Valley Business Award' for Outstanding Employer of Choice 2006.

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the 
individual or entity to whom they are addressed. If you have received this 
e-mail in error please 
notify the system manager at:  
 
mailto:[EMAIL PROTECTED]
 
The recipient acknowledges that the transmissions made via the Internet can be 
corrupted and therefore 
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to 
the quality or accuracy of 
any information contained in the message or assume any liability for it or for 
its transmission, reception or storage.  

This footnote also confirms that this e-mail message has been swept by 
anti-virus software for the presence of computer viruses.
 
http://www.game.co.uk
http://www.gamegroup.plc.uk 

Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ 
Registered in England and Wales.

Re: [Dovecot] Audit log?

[Rob Coward]

Yes, but surely its not a big leap for you to rewrite my regex to:

auth\(default\): sql\(.*,HOST\): Password mismatch

Rob

On Fri, 2007-12-21 at 16:30 +0100, Bjørn T Johansen wrote:
 Yes, but that doesn't work for sql auth; as you see, the line logged is 
 different...
 
 BTJ
 
 On Fri, 21 Dec 2007 14:32:01 +
 Rob Coward [EMAIL PROTECTED] wrote:
 
  I use pam authentication in dovecot and the following fail2ban filter
  seems to work fine for me:
  
  failregex = auth\(default\): pam\(.*,HOST\): pam_authenticate\(\)
  failed:
  
  Rob
  
  On Fri, 2007-12-21 at 12:04 +0100, Bj__rn T Johansen wrote:
  
   On Thu, 20 Dec 2007 18:42:01 +0200
   Timo Sirainen [EMAIL PROTECTED] wrote:
   
On Thu, 2007-12-20 at 13:18 +0100, Bj__rn T Johansen wrote:
 Yes, I know about those but I was kind of hoping to see failed 
 authentications in some logs without
 enabling debug logging, like if I use PAM authentication

auth_verbose=yes enables logging failed logins.

   
   That did the trick... thx... :)
   
   If I only had learned regexp like I have been meaning too for many years 
   now, this would have been a piece of
   cake but...
   
   Does anyone use Dovecot together with fail2ban? If so, could any one 
   share the failregex they are using? (A)
   (or perhaps someone could create a regexp that recognize a line like this:
   
   dovecot: Dec 21 11:58:07 Info: auth(default): sql([EMAIL 
   PROTECTED],85.19.143.23): Password mismatch
   
   )
   
   
   BTJ
  
  
  Please consider the environment before printing this email. 
  
  
  GAME Stores Group Ltd has been awarded _Retailer of the Year_ at the 2006 
  Golden Joystick Awards and 
  'Thames Valley Business Award' for Outstanding Employer of Choice 2006.
  
  This e-mail and any files transmitted with it are confidential and intended 
  solely for the use of the 
  individual or entity to whom they are addressed. If you have received this 
  e-mail in error please 
  notify the system manager at:  
   
  mailto:[EMAIL PROTECTED]
   
  The recipient acknowledges that the transmissions made via the Internet can 
  be corrupted and therefore 
  THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as 
  to the quality or accuracy of 
  any information contained in the message or assume any liability for it or 
  for its transmission, reception or
  storage.  
  
  This footnote also confirms that this e-mail message has been swept by 
  anti-virus software for the presence of
  computer viruses. 
  http://www.game.co.uk
  http://www.gamegroup.plc.uk 
  
  Registered Number: 1937170
  Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 
  6YJ Registered in England and Wales.

Please consider the environment before printing this email. 


GAME Stores Group Ltd has been awarded �Retailer of the Year� at the 2006 
Golden Joystick Awards and 
'Thames Valley Business Award' for Outstanding Employer of Choice 2006.

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the 
individual or entity to whom they are addressed. If you have received this 
e-mail in error please 
notify the system manager at:  
 
mailto:[EMAIL PROTECTED]
 
The recipient acknowledges that the transmissions made via the Internet can be 
corrupted and therefore 
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to 
the quality or accuracy of 
any information contained in the message or assume any liability for it or for 
its transmission, reception or storage.  

This footnote also confirms that this e-mail message has been swept by 
anti-virus software for the presence of computer viruses.
 
http://www.game.co.uk
http://www.gamegroup.plc.uk 

Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ 
Registered in England and Wales.