Password storage

[Rupert Gallagher via dovecot]

What is dovecot's state of the art on password storage? Can we use bcrypt 
instead of plain text?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Which DKIM application for postfix 3.9.0

[Rupert Gallagher via dovecot]

The developers of DKIM moved on to ARC, then they stopped working on ARC also.

Try this:

https://github.com/fastmail/authentication_milter

 Original Message 
On Mar 11, 2024, 23:21, wrote:

> I am upgrading to postfix 3.9.0. I have not used DKIM in previous postfix 
> installs, but I would like to start now with the new google rules. I have 
> done some research and opendkim is the most recommended, however, other 
> research states the opendkim has been abandoned by it's maintainers. So I am 
> looking for a good alternative dkim software that will work with postfix that 
> I can compile myself. I do not run on any linux version, so therefore I can 
> not just apt-get a new dkim application. I run Solaris and therefore need to 
> compile my applications, postfix and dkim. Any good suggestions will be 
> appreciated. ___ dovecot mailing 
> list -- dovecot@dovecot.org To unsubscribe send an email to 
> dovecot-le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Users with enough rope to hang themselves

[Rupert Gallagher via dovecot]

This is ... bug like.

The user moves a folder inside another, the resulting path exceeds the maximum
length, the folder's content is no longer accessible, the user complains.

Double trouble. The user proceeded to move the parent folder. Most subfolders
moved as requested. Those whose path exceeded maxlength are stuck in the
origin, and the full tree is no longer accessible: it is still there, you can
see it, but the mail client says it was deleted.

I lost count of the number of times I had to rescue users out of this mess, by
going in manually into dovecot's storage.

So...

+4. dovecot refuses to move folders if the resulting path exceeds the maximum
length.


 Original Message 
On Apr 3, 2024, 22:37, Rupert Gallagher < r...@protonmail.com> wrote:

 I forgot...

 3. dovecot writes folders like any other program, that is, instead of
 writing

 /.../folder.subfolder.subsubfolder/

 it just writes

 /.../folder/subfolder/subsubfolder/


  Original Message 
 On Apr 3, 2024, 22:15, Rupert Gallagher < r...@protonmail.com> wrote:

 Hello,

 I keep finding myself in a corner with a user. He uses mail
 extensively, which is fine, he has a huge archive of own professional
 correspondence, which is fine, but he uses mail folders as if they
 were regular system folders, with very long paths, and keeps renaming
 them and moving them around, daily, breaking the mail index and
 ultimately wasting his own time looking around for lost mail. His
 Inbox holds a gargantuan of subfolders, causing both the client and
 the server to overwork each time he opens the mail. His Archive is a
 maze of subfolders with repeating names. I advised him almost daily
 across 20 year on how to stay organised, but he keeps abusing the
 service.

 I want to help him by limiting what he can do with folders. This is
 the agenda:

 1. the Archive is the only place where he can create folders;

 2. folder names have a maximum length of 20 characters.

 Can I do that with Dovecot?

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Users with enough rope to hang themselves

[Rupert Gallagher via dovecot]

 Original Message 
On Apr 4, 2024, 14:02, Marc < m...@f1-outsourcing.eu> wrote:
> > Also autodiscovery for external (as in, not Microsoft/Apple) mail is being
frustrated.

Apple Mail on iPhones is currently ignoring autodiscovery and forcing their own
smtp server, breaking DMARC.

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Users with enough rope to hang themselves

[Rupert Gallagher via dovecot]

I forgot...

3. dovecot writes folders like any other program, that is, instead of writing

/.../folder.subfolder.subsubfolder/

it just writes

/.../folder/subfolder/subsubfolder/


 Original Message 
On Apr 3, 2024, 22:15, Rupert Gallagher < r...@protonmail.com> wrote:

Hello,

I keep finding myself in a corner with a user. He uses mail extensively, which
is fine, he has a huge archive of own professional correspondence, which is
fine, but he uses mail folders as if they were regular system folders, with
very long paths, and keeps renaming them and moving them around, daily,
breaking the mail index and ultimately wasting his own time looking around for
lost mail. His Inbox holds a gargantuan of subfolders, causing both the client
and the server to overwork each time he opens the mail. His Archive is a maze
of subfolders with repeating names. I advised him almost daily across 20 year
on how to stay organised, but he keeps abusing the service.

I want to help him by limiting what he can do with folders. This is the agenda:

1. the Archive is the only place where he can create folders;

2. folder names have a maximum length of 20 characters.

Can I do that with Dovecot?

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Users with enough rope to hang themselves

[Rupert Gallagher via dovecot]

Hello,

I keep finding myself in a corner with a user. He uses mail extensively, which
is fine, he has a huge archive of own professional correspondence, which is
fine, but he uses mail folders as if they were regular system folders, with
very long paths, and keeps renaming them and moving them around, daily,
breaking the mail index and ultimately wasting his own time looking around for
lost mail. His Inbox holds a gargantuan of subfolders, causing both the client
and the server to overwork each time he opens the mail. His Archive is a maze
of subfolders with repeating names. I advised him almost daily across 20 year
on how to stay organised, but he keeps abusing the service.

I want to help him by limiting what he can do with folders. This is the agenda:

1. the Archive is the only place where he can create folders;

2. folder names have a maximum length of 20 characters.

Can I do that with Dovecot?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: User-configurable time-based mail deletion in specific folders

[Rupert Gallagher via dovecot]

This is not a legal forum. My advice is to read the original GDPR law. The UK-
GDPR is not GDPR.

The original question was how to delete mails after a specified amount of time.
Let us stay on the tecnical side, and leave the legal masturbation to lawyers.

 Original Message 
On Feb 28, 2024, 12:50, Tim Dickson via dovecot < dovecot@dovecot.org> wrote:

 Agreed, although it doesn't apply to sending emails from non European
 citizens, only mailboxes containing European citizens' emails. It's
 only enforceable if the citizenship of the holder of the mailbox is
 known. However, the assertion that if you are a company you are
 required to delete old emails automatically according to GDPR is not
 correct. In the UK which was aligned with the European GDPR there is
 no such requirement; in fact, for accounting and some legal reasons
 you are required to keep records for 6-7years, so if those records eg
 orders, are emails or attachments in emails they should be kept.
 https://www.ionos.co.uk/startupguide/grow-your-business/retention-
 periods-for-business-records/ (the email retention section) It is
 probably more an individual company policy using GDPR as an "excuse".
 That is very commonly used as a reason why a company can or cannot do
 something, regardless of the actual GDPR law. In this case, probably
 to keep user's mail boxes down to a sensible size, although based on
 the above info, they may be breaking other laws by deleting emails.
 You can look up the actual gdpr requirements if you are interested.
 the uk version is here https://ico.org.uk/for-organisations/uk-gdpr-
 guidance-and-resources/data-protection-principles/a-guide-to-the-
 data-protection-principles/the-principles/storage-limitation/ which
 show you can keep data as emails as long as you want, providing you
 have a reason. regards, Tim On 28/02/2024 09:38, Rupert Gallagher via
 dovecot wrote: >> First, dovecot is a global product, where not every
 company has to take care > about european nonense laws > > Not true.
 > > If you are a non-European company with European customers, then
 you are subject > to GDPR law. > > > >  Original Message 
  > On Feb 25, 2024, 16:35, Steven Varco <
 dovecot@bbs.varco.ch> wrote: > > > Am 25.02.2024 um 09:38 schrieb
 Rupert Gallagher via dovecot > dovecot.org>: > > >> Things like this
 should be done locally on the > Mailclient (MUA), IMHO. > > If you
 are a company, then you must > delete old e-mails automatically, by
 GDPR > law. In this case it > comes back to that this is better done
 by an external script. First, > dovecot is a global product, where
 not every company has to take care > about european nonense laws. :
 P Second, I would not want dovecot to > become a „fullsize all in one
 solution for everything“ (like MS > Exchange). I like the concept of
 doing one thing only, but doing this > good. Steven > > > ---
 - Original Message  > On Feb 21, > 2024, 23:25, Steven Varco
 < dovecot@bbs.varco.ch> wrote: > >> Am > 21.02.2024 um 21:25
 schrieb Peter Reinhold : > > Hi > I have been > > wondering about if
 Dovecot has a feature that would allow users to > > setup a > rule
 for a given folder, that mails older than X days > should be >
 deleted? > Or > is > this something that would need to be > done by
 an external script? Yes. It > goes beyond of what I expect > from an
 IMAP server. > I have looked a bit at > autoexpunge, and > while the
 basic feature looks to be > what I need, it doesn't > seem > to be
 configurable down to a specific folder on a > single user. > Things >
 like this should be done locally on the Mailclient (MUA), > IMHO.
 Steven - > - https://steven.varco.ch/ https://www.tech- > island.com/
 > ___ dovecot > mailing
 list - > - dovecot@dovecot.org To unsubscribe send an email > to
 dovecot-le...@dovecot.org > > >
 ___ > dovecot mailing >
 list -- dovecot@dovecot.org > To unsubscribe send an email to >
 dovecot-le...@dovecot.org >
 ___ dovecot mailing list
 > -- dovecot@dovecot.org To unsubscribe send an email to dovecot- >
 le...@dovecot.org > > ___
 > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send
 an email to dovecot-le...@dovecot.org
 ___ dovecot mailing list
 -- dovecot@dovecot.org To unsubscribe send an email to dovecot-
 le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: User-configurable time-based mail deletion in specific folders

[Rupert Gallagher via dovecot]

> First, dovecot is a global product, where not every company has to take care
about european nonense laws

Not true.

If you are a non-European company with European customers, then you are subject
to GDPR law.



 Original Message 
On Feb 25, 2024, 16:35, Steven Varco < dovecot@bbs.varco.ch> wrote:

 > Am 25.02.2024 um 09:38 schrieb Rupert Gallagher via dovecot
 dovecot.org>: > > >> Things like this should be done locally on the
 Mailclient (MUA), IMHO. > > If you are a company, then you must
 delete old e-mails automatically, by GDPR > law. In this case it
 comes back to that this is better done by an external script. First,
 dovecot is a global product, where not every company has to take care
 about european nonense laws. :P Second, I would not want dovecot to
 become a „fullsize all in one solution for everything“ (like MS
 Exchange). I like the concept of doing one thing only, but doing this
 good. Steven > > >  Original Message  > On Feb 21,
 2024, 23:25, Steven Varco < dovecot@bbs.varco.ch> wrote: > >> Am
 21.02.2024 um 21:25 schrieb Peter Reinhold : > > Hi > I have been >
 wondering about if Dovecot has a feature that would allow users to >
 setup a > rule for a given folder, that mails older than X days
 should be > deleted? > Or > is > this something that would need to be
 done by an external script? Yes. It > goes beyond of what I expect
 from an IMAP server. > I have looked a bit at > autoexpunge, and
 while the basic feature looks to be > what I need, it doesn't > seem
 to be configurable down to a specific folder on a > single user.
 Things > like this should be done locally on the Mailclient (MUA),
 IMHO. Steven - > - https://steven.varco.ch/ https://www.tech-
 island.com/ > ___ dovecot
 mailing list - > - dovecot@dovecot.org To unsubscribe send an email
 to dovecot-le...@dovecot.org > >
 ___ > dovecot mailing
 list -- dovecot@dovecot.org > To unsubscribe send an email to
 dovecot-le...@dovecot.org
 ___ dovecot mailing list
 -- dovecot@dovecot.org To unsubscribe send an email to dovecot-
 le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Fw: User-configurable time-based mail deletion in specific folders

[Rupert Gallagher via dovecot]

> Things like this should be done locally on the Mailclient (MUA), IMHO.

If you are a company, then you must delete old e-mails automatically, by GDPR
law.



 Original Message 
On Feb 21, 2024, 23:25, Steven Varco < dovecot@bbs.varco.ch> wrote:

> Am 21.02.2024 um 21:25 schrieb Peter Reinhold : > > Hi > I have been
wondering about if Dovecot has a feature that would allow users to > setup a
rule for a given folder, that mails older than X days should be > deleted? > Or
is > this something that would need to be done by an external script? Yes. It
goes beyond of what I expect from an IMAP server. > I have looked a bit at
autoexpunge, and while the basic feature looks to be > what I need, it doesn't
seem to be configurable down to a specific folder on a > single user. Things
like this should be done locally on the Mailclient (MUA), IMHO. Steven -
- https://steven.varco.ch/ https://www.tech-island.com/
___ dovecot mailing list -
- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Application to automate mail-crypt plugin with user keys

[Rupert Gallagher via dovecot]

I would not want to re-encrypt huge mail folders. There should be two 
passwords: one for the user login, that you can change often, and one for the 
encryption, that you can leave alone. This is how protonmail does it.
 Original Message 
On Aug 7, 2023, 21:34, Benedikt Zumtobel via dovecot wrote:

> Hi everyone, I run a very small (about 10 users) mailserver setup with the 
> mail-crypt plugin activated and wanted to transition from a global key setup 
> to user keys. Since I couldn't find a satisfying solution to reencrypt 
> mailboxes when users change their password I started writing a script that 
> ended up being a small webservice giving users a simple selfservice portal to 
> change their password. I consider it pretty much done by now and it's public 
> on github. Maybe it's useful for somebody else. However its use case is very 
> narrow since I initially wrote this just for myself. It does only support a 
> Postgres user store for instance. The main reason, however, for this post is 
> me wondering if anybody would bother to give me some feedback. Especially for 
> the following aspects: I execute doveadm from within my application. The 
> advantage is that I can keep the code very light (~650 lines of code) while 
> at the same time don't have to care about the crypto stuff which I wouldn't 
> dare tryin
 g anyways. The disadvantage of this approach is that I had to write a doveadm 
wrapper that needs the setuid bit to execute doveadm mailbox commands. I 
consider this a bit hacky but a better solution didn't come to my mind. Another 
aspect is the password that is being used to encrypt the private key. When 
creating a new user in the database I generate a unique salt. This salt is 
prefixed to the user's clear text password and the resulting string is run 
trough the sha3-512 hash function. The output is the 
mail_crypt_private_password. You find the project here: 
https://github.com/nonce9/pwch Criticism is welcome. Benedikt 
___ dovecot mailing list -- 
dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Dovecot v2.3.17 released

[Rupert Gallagher]

Please convert all source code to ASCII. If it fails to compile, then it may 
have a trojan hiding in Unicode clothing.

 Original Message 
On Oct 28, 2021, 11:12, Aki Tuomi wrote:

> We are pleased to release v2.3.17 of Dovecot. Please note that 2.3.17 release 
> will be the last one to support Debian/Stretch since Bullseye is now 
> supported. https://dovecot.org/releases/2.3/dovecot-2.3.17.tar.gz 
> https://dovecot.org/releases/2.3/dovecot-2.3.17.tar.gz.sig Binary packages in 
> https://repo.dovecot.org/ Docker images in 
> https://hub.docker.com/r/dovecot/dovecot Regards Aki Tuomi Open-Xchange oy 
> --- * Dovecot now logs a warning if time seems to jump forward at least 100 
> milliseconds. * dict: Lines logged by the dict process now contain the dict 
> name as the prefix. * lib-index: mail_cache_fields, mail_always_cache_fields 
> and mail_never_cache_fields now verifies that the listed header names are 
> valid. Especially the UTF8 "–" character has sometimes been wrongly used 
> instead of the ASCII "-". + *-login: Added login_proxy_rawlog_dir setting to 
> capture rawlogs between proxy and backend. + dict: The server process now 
> keeps the last 10 idle dict backends cached for maximum of 30 seconds. 
> Practically this acts as a connection pool for dict-redis and dict-ldap. Note 
> that this doesn't affect dict-sql, because it already had its own internal 
> cache. + doveadm: New stats add/remove commands added to support changing the 
> metrics configuration on runtime. + lazy_expunge: Added lazy_expunge_exclude 
> settings to disable lazy_expunge for specific folders. \Special-use flags can 
> be used as folder names. + lib-lua: Added a new helper function 
> dovecot.restrict_global_variables() to disable or enable defining new global 
> variables. - LAYOUT=index List index rebuild was missing. - LAYOUT=index: 
> Duplicate GUIDs were not detected. - acl: When using acl_ignore_namespace 
> Dovecot attempted to access or create dovecot-acl-list even when the 
> namespace should have been ignored. For virtual namespaces this could have 
> yielded errors about "Read-only file system" or "Permission denied". - auth: 
> Setting the "master" passdb field to empty value would cause proxying to fail 
> with an authentication error. Now an empty "master" field is ignored. - 
> doveadm-server: Duplicate error lines were sent for failed commands. This 
> didn't normally cause visible problems, except when using wildcards in 
> usernames or -A parameter to go through multiple users. - doveadm-server: 
> Logs written by doveadm-server were often missing log prefixes, especially 
> mail_log_prefix for mail commands. Logs sent to doveadm TCP client were also 
> missing log prefixes. - doveadm: v2.3 regression: batch command always 
> crashes. - doveadm: v2.3.11 regression: Commands failed if ssl_cert or 
> ssl_key files weren't readable by the user running doveadm, even though 
> doveadm didn't actually use these settings - imap-hibernate: Process may 
> crash at deinit: Panic: file ioloop.c: line 928 (io_loop_destroy): assertion 
> failed: (ioloop->cur_ctx == NULL). - imap: Using imap_fetch_failure=no-after 
> can cause assert-crash with some IMAP commands if reading the mail fails 
> (e.g. wrong cached mail size). Fixes: Panic: file index-mail-headers.c: line 
> 198 (index_mail_parse_header_init): assertion failed: 
> (!mail->data.header_parser_initialized) - imap: v2.3.10 regression: When 
> using INDEXPVT to enable private \Seen flags (for shared or public 
> namespaces) the STORE command did not send untagged replies for the \Seen 
> flag changes. - imap: v2.3.15 regression: If PREVIEW/SNIPPET is not the final 
> FETCH option in the command, the IMAP FETCH response is broken. - imap: 
> v2.3.15 regression: MOVE command leaks mailbox if it can't be opened and 
> crashes at deinit: Panic: file mail-user.c: line 229 (mail_user_deinit): 
> assertion failed: ((*user)->refcount == 1). - imapc: Copying nonexistent mail 
> via imapc could have crashed. Fixes: Panic: file mail-storage.c: line 2385 
> (mailbox_transaction_commit_get_changes): assertion failed: (ret saved_uids) 
> == save_count || array_count(_r->saved_uids) == 0). - indexer: 
> v2.3.15 regression: Process crashes if indexer-client disconnects while it's 
> waiting for command reply. This happened for example if IMAP SEARCH triggered 
> long fts indexing and the IMAP client disconnected while waiting for the 
> reply. - indexer: v2.3.15 regression: Process may have crashed in some 
> situations. - indexer: v2.3.15 regression: indexer-worker processes may not 
> have reached the process_limit in some situations, possibly even using just 
> one indexer-worker process even though there were many indexing requests 
> queued. - lib-compression: Reading lz4 compressed mdbox mails may crash. 
> Fixes: Panic: file istream.c: line 345 (i_stream_read_memarea): assertion 
> failed: (!stream->blocking). - lib-compression: bench-compress 

Re: Policy on folder's name and path's length

[Rupert Gallagher]

Ping

 Original Message 
On Feb 18, 2021, 08:49, Rupert Gallagher < r...@protonmail.com> wrote:
Hello,

Users can be really good at hanging everybody when you give them enough roope. 
I spotted a number of problems that I think are of interest to everybody and 
need mitigation.

# length of path

A busy Windows user wrote enough mail subfolders, and folder names with soo 
many characters, that exceed Windows maximum path length. To avoid taxing the 
mail server, their mail client (Thunderbird) is configured to keep a local copy 
of emails.

I need to enforce a policy on the maximum path length they can create, and the 
maximum number of characters on any given folder name.

# forbidden characters

Another problem folder names was the presence of white spaces, note the plural, 
on both the beginning and end of folder names. For example, to emphasize the 
importance of folders, the user added white spaces in front of names:

> Must be at the top
> Very important
> A bit less important
>Normal stuff

And to add insult to injury they wrote spaces at the end of folder names:

> This is a folder name with two hidden spaces

I need to enfoce a policy that forbids the use white spaces at the beginning 
and end of folder names, as well as the use of repeated characters:

>  I spotted your policy and found this new trick

# subfolders, everywhere...

A user confused their IMAP account for a file system and mind map tool, so they 
created folders everywhere, including root folders at the same level of inbox, 
draft, junk, trash, and huge directories under inbox.

I need to enforce a policy that allows the creation of folders only under 
/Archive.

I think such policies make good sense on any dovecot server and should be 
enforced by default.

Policy on folder's name and path's length

[Rupert Gallagher]

Hello,

Users can be really good at hanging everybody when you give them enough roope. 
I spotted a number of problems that I think are of interest to everybody and 
need mitigation.

# length of path

A busy Windows user wrote enough mail subfolders, and folder names with soo 
many characters, that exceed Windows maximum path length. To avoid taxing the 
mail server, their mail client (Thunderbird) is configured to keep a local copy 
of emails.

I need to enforce a policy on the maximum path length they can create, and the 
maximum number of characters on any given folder name.

# forbidden characters

Another problem folder names was the presence of white spaces, note the plural, 
on both the beginning and end of folder names. For example, to emphasize the 
importance of folders, the user added white spaces in front of names:

> Must be at the top
> Very important
> A bit less important
>Normal stuff

And to add insult to injury they wrote spaces at the end of folder names:

> This is a folder name with two hidden spaces

I need to enfoce a policy that forbids the use white spaces at the beginning 
and end of folder names, as well as the use of repeated characters:

>  I spotted your policy and found this new trick

# subfolders, everywhere...

A user confused their IMAP account for a file system and mind map tool, so they 
created folders everywhere, including root folders at the same level of inbox, 
draft, junk, trash, and huge directories under inbox.

I need to enforce a policy that allows the creation of folders only under 
/Archive.

I think such policies make good sense on any dovecot server and should be 
enforced by default.

Long Term Archival

[Rupert Gallagher]

Hello, I would like to know what is your strategy for legally compliant long 
term archival of e-mails (up to 10 years). Thank you

Re: Dovecot and mutt

[Rupert Gallagher]

If someone needs to send a formatted text, then they can use a text editor on 
headed paper, export to PDF and send it as attachment. E-mail proper is the 
plain text body of the message. When people send fancy HTML and expect me to 
read it on my phone, then they have wasted their effort, because the message is 
too heavy to download, heavy to display, and because I ultimately read e-mails 
in plain text. And most of the times it is spam.

 Original Message 
On Jan 25, 2021, 10:55, Darac Marjal < mailingl...@darac.org.uk> wrote:

On 25/01/2021 09:08, Rupert Gallagher wrote:
It would be useful to automatically de-HTML e-mails, but this is not a task for 
dovecot. Even more useful would be to deprecate HTML in e-mails.
Why would it be useful to deprecate HTML in emails? Presumably you're arguing 
for an alternative, more restricted markup language such as Enriched Text[1], 
Markdown[2]? Mutt already supports Enriched Text, but is probably the most 
popular MUA which does. I'm not aware of an MUA that natively renders Markdown 
bodies - most of the tutorials I see about that involve composing the message 
in Markdown and then converting it to HTML for sending - but to be honest, at 
this point the effort is a bit late. Realistically, how are you going to render 
that Markdown text in a Graphical MUA? Either you're going to write a custom 
control which renders the markup as styled text (that is, converts **bold** to 
a bold-face font etc) or you're just going to run the Markdown through a 
Markdown->HTML converter and pass it to a Web Browser component (both the 
converter and the renderer are "solved problems" so guess which solution 
developers would choose), in which case, what's the point of going "around the 
houses"?

[1] https://en.wikipedia.org/wiki/Enriched_text
[2] https://en.wikipedia.org/wiki/Markdown

 Original Message 
On Jan 20, 2021, 13:58, @lbutlr < krem...@kreme.com> wrote:

On 20 Jan 2021, at 04:33, Piotr Auksztulewicz  wrote:
> On Wed, Jan 20, 2021 at 04:27:11AM -0700, @lbutlr wrote:
>> set imap_pass = "lasH-hds[er$asd" # Not a real password
>
> Use single quotes around the password. Double quotes make $asd to be
> interpreted as shell variable and replaced with (most likely) empty
> string, so you get a shortened passwort in effect.
This worked, thank you.
Also… gr. Who though expansion inside a password string was a clever idea 
and can I introduce them to a clue bat? :p
> PS. Also a mutt lover :-)
With the amount of HTML mail out there I really don't understand how people are 
able to use it anymore. Now, if I could get a 'stip html down to plain text' 
side function to work…
script execution error (#127): sh: line 3: fortune: command not found

Re: Dovecot and mutt

[Rupert Gallagher]

It would be useful to automatically de-HTML e-mails, but this is not a task for 
dovecot. Even more useful would be to deprecate HTML in e-mails.

 Original Message 
On Jan 20, 2021, 13:58, @lbutlr wrote:

> On 20 Jan 2021, at 04:33, Piotr Auksztulewicz  wrote:
>> On Wed, Jan 20, 2021 at 04:27:11AM -0700, @lbutlr wrote:
>>> set imap_pass = "lasH-hds[er$asd" # Not a real password
>>
>> Use single quotes around the password. Double quotes make $asd to be
>> interpreted as shell variable and replaced with (most likely) empty
>> string, so you get a shortened passwort in effect.
>
> This worked, thank you.
>
> Also… gr. Who though expansion inside a password string was a clever idea 
> and can I introduce them to a clue bat? :p
>
>> PS. Also a mutt lover :-)
>
> With the amount of HTML mail out there I really don't understand how people 
> are able to use it anymore. Now, if I could get a 'stip html down to plain 
> text' side function to work…
>
> script execution error (#127): sh: line 3: fortune: command not found

Re: test-file-cache.c needs #ifdef HAVE_RLIMIT_AS

[Rupert Gallagher]

It compiles.

--- ./src/lib/test-file-cache.c.origWed Jan  6 19:11:47 2021
+++ ./src/lib/test-file-cache.c Thu Jan  7 11:38:03 2021
@@ -254,6 +254,11 @@
test_assert(size == 0);
test_assert(map == NULL);

+   /* OpenBSD does not support RLIMIT_AS */
+   #ifndef HAVE_RLIMIT_AS
+   #define RLIMIT_AS RLIMIT_DATA
+   #endif
+
/* temporarily set a small memory limit to make mmap attempt fail */
struct rlimit rl_cur;
test_assert(getrlimit(RLIMIT_AS, _cur) == 0);



‐‐‐ Original Message ‐‐‐
On Thursday, January 7, 2021 6:45 AM, Aki Tuomi  
wrote:

> Can you try adding this to the file?
>
> #define RLIMIT_AS RLIMIT_DATA
>
> Aki
>
> > On 06/01/2021 22:47 Rupert Gallagher r...@protonmail.com wrote:
> > OpenBSD
> >  Original Message 
> > On Jan 6, 2021, 21:37, Aki Tuomi < aki.tu...@open-xchange.com> wrote:
> > Which distro/OS is this?
> > Aki

Re: test-file-cache.c needs #ifdef HAVE_RLIMIT_AS

[Rupert Gallagher]

OpenBSD

 Original Message 
On Jan 6, 2021, 21:37, Aki Tuomi < aki.tu...@open-xchange.com> wrote:

Which distro/OS is this?
Aki

test-file-cache.c needs #ifdef HAVE_RLIMIT_AS

[Rupert Gallagher]

test-file-cache.c:259:24: error: use of undeclared identifier 'RLIMIT_AS'
test_assert(getrlimit(RLIMIT_AS, _cur) == 0);
  ^
test-file-cache.c:267:24: error: use of undeclared identifier 'RLIMIT_AS'
test_assert(setrlimit(RLIMIT_AS, _new) == 0);
  ^
test-file-cache.c:270:24: error: use of undeclared identifier 'RLIMIT_AS'
test_assert(setrlimit(RLIMIT_AS, _cur) == 0);
  ^
test-file-cache.c:276:24: error: use of undeclared identifier 'RLIMIT_AS'
test_assert(setrlimit(RLIMIT_AS, _new) == 0);
  ^
test-file-cache.c:279:24: error: use of undeclared identifier 'RLIMIT_AS'
test_assert(setrlimit(RLIMIT_AS, _cur) == 0);
  ^

Re: Dovecot Maildirs multi language

[Rupert Gallagher]

+1

 Original Message 
On 7 Jul 2020, 08:38, Luca Müller < lucamueller...@gmail.com> wrote:
Hello,

I'm hosting a few customers on a dovecot Server. Most users speak german and 
have german as their main language. I configured the IMAP Foldernames in a 
Dovecot configuration file like this:

#
root@srv04:~# cat /etc/dovecot/conf.d/105-mailboxes.conf
imap_capability = +XLIST

namespace inbox {
inbox = yes
location =
separator = /

mailbox "Entwürfe" {
auto = subscribe
special_use = \Drafts
auto=subscribe
}

mailbox Junk-E-Mail {
special_use = \Junk
auto=subscribe
}
mailbox "Gelöschte Elemente" {
special_use = \Trash
auto=subscribe
}
mailbox "Gesendete Elemente" {
special_use = \Sent
auto=subscribe
}
mailbox Archive {
special_use = \Archive
auto=subscribe
}

}
#
Dovecot Version: 2.3.10 (0da0eff44)
#
Is it possible to change this configuration for specific users or to provide 
multi language support somehow?

Thanks in advance.
Best regards,
Luca

Re: 2.3.10.1 on OpenBSD

[Rupert Gallagher]

The dovecot error is on my compiled version, and on test only. I do not have it 
live, yet.

The opendkim error below is from the obsd package, running live.

Sent from ProtonMail mobile

 Original Message 
On 6 Jul 2020, 20:08, Rupert Gallagher wrote:

> Both Dovecot and OpenDKIM packages on OpenBSD are rejecting connections 
> because of CRYPTO, and they use libressl by default. I use openssl because 
> libressl does not implement dane, so I am recompiling both to serve my use 
> case, and sharing results along the way.
>
> This is the opendkim error:
>
>> opendkim: ... SSL error:04FFF068:rsa routines:CRYPTO_internal:bad signature
>
> You already have the dovecot error.
>
> ‐‐‐ Original Message ‐‐‐
> On Monday 6 July 2020 08:38, Brad Smith  wrote:
>
>> What are you trying to accomplish?

Re: 2.3.10.1 on OpenBSD

[Rupert Gallagher]

Both Dovecot and OpenDKIM packages on OpenBSD are rejecting connections because 
of CRYPTO, and they use libressl by default. I use openssl because libressl 
does not implement dane, so I am recompiling both to serve my use case, and 
sharing results along the way.

This is the opendkim error:

> opendkim: ... SSL error:04FFF068:rsa routines:CRYPTO_internal:bad signature

You already have the dovecot error.

‐‐‐ Original Message ‐‐‐
On Monday 6 July 2020 08:38, Brad Smith  wrote:

> What are you trying to accomplish?

Re: Headsup on feature removal - password

[Rupert Gallagher]

> Password schemes: HMAC-MD5, RPA, SKEY, PLAIN-MD4, LANMAN, NTLM, SMD5

The web is flooded with plain text passwords and hashed passwords harvested 
from hacked servers.

Dovecot stores passwords with the same scheme used for client authentication.

Therefore, we use crammd5/hmac-md5. It does not look like much, but is better 
than plaintext.

As md5 is about to go, and I have no intention to store passwords in plaintext, 
I need to split the scheme used to store passwords from the scheme used for 
authentication, and migrate storage from md5 to bcrypt.

Since this is not possible, I think I will drop passwords entirely and use 
certificates.

Re: IMAP compatible Notes app for Android

[Rupert Gallagher]

None?

 Original Message 
On Jan 1, 2020, 11:51, Rupert Gallagher wrote:

> Hello!
>
> Please share your favourite open-source Notes app for Android, as I am 
> struggling to find one compatible with IMAP.
>
> Thank you, and happy 2020!

IMAP compatible Notes app for Android

[Rupert Gallagher]

Hello!

Please share your favourite open-source Notes app for Android, as I am 
struggling to find one compatible with IMAP.

Thank you, and happy 2020!

dovecot-openssl-common.c and [-Wincompatible-pointer-types]

[Rupert Gallagher via dovecot]

Warnings from clang 7.0 when compiling dovecot-openssl-common.c from dovecot 
2.3.5 with openssl 1.1.1a.

This is dovecot's configuration:

> config_options="--prefix=$prefix \
> --sysconfdir=$prefix/etc \
>--datarootdir=$prefix/share \
>--mandir=$man \
>--docdir=$doc \
>--with-docs \
> --with-ssl=openssl --with-ssldir=$prefix/etc \
>--with-sodium \
>--with-libiconv-prefix=/opt/libiconv \
>\
>--with-bzlib=no \
>--with-gssapi=no \
>--with-ldap=no \
>--with-lucene=no \
>--with-lz4=no \
>--with-lzma=no \
>--with-pam=no \
>--with-solr=no \
>--with-sql=no \
>--with-vpopmail=no \
>--with-zlib=no \
>\
>--enable-dependency-tracking";

Note on passing: --with-ssldir=$prefix/etc is ignored by the configurator, as 
it forces $prefix/etc/dovecot.dovecot-openssl-common.c:61:31: warning: incompatible pointer types passing 
'void *(size_t)' (aka 'void *(unsigned long)') to parameter of type 'void 
*(*)(size_t, const char *, int)' (aka 'void *(*)(unsigned long, const char *, 
int)') [-Wincompatible-pointer-types]
if (CRYPTO_set_mem_functions(dovecot_openssl_malloc,
 ^~
/opt/openssl/include/openssl/crypto.h:262:17: note: passing argument to 
parameter 'm' here
void *(*m) (size_t, const char *, int),
^

dovecot-openssl-common.c:62:10: warning: incompatible pointer types passing 
'void *(void *, size_t)' (aka 'void *(void *, unsigned long)') to parameter of 
type 'void *(*)(void *, size_t, const char *, int)' (aka 'void *(*)(void *, 
unsigned long, const char *, int)') [-Wincompatible-pointer-types]
 dovecot_openssl_realloc, 
dovecot_openssl_free) == 0) {
 ^~~
/opt/openssl/include/openssl/crypto.h:263:17: note: passing argument to 
parameter 'r' here
void *(*r) (void *, size_t, const char *, int),
^

dovecot-openssl-common.c:62:35: warning: incompatible pointer types passing 
'void (void *)' to parameter of type 'void (*)(void *, const char *, int)' 
[-Wincompatible-pointer-types]
 dovecot_openssl_realloc, 
dovecot_openssl_free) == 0) {
  
^~~~
/opt/openssl/include/openssl/crypto.h:264:16: note: passing argument to 
parameter 'f' here
void (*f) (void *, const char *, int));
   ^

3 warnings generated.

Command line (with current working directory = .):

/opt/perl/bin/perl ./Configure no-ssl3 no-ssl3-method no-aria no-camellia 
no-cast no-gost no-idea no-rc2 no-rc4 no-rc5 no-seed no-sm2 no-sm3 no-sm4 
no-psk no-srp enable-cms -DTERMIOS -DANSI_SOURCE shared no-zlib 
--prefix=/opt/openssl --openssldir=/etc/ssl darwin64-x86_64-cc

Perl information:

/opt/perl/bin/perl
5.28.1 for darwin-2level

Enabled features:

asm
async
autoalginit
autoerrinit
autoload-config
bf
blake2
capieng
chacha
cmac
cms
comp
ct
deprecated
des
dgram
dh
dsa
dso
dtls
dynamic-engine
ec
ec2m
ecdh
ecdsa
engine
err
filenames
hw(-.+)?
makedepend
md4
mdc2
multiblock
nextprotoneg
ocb
ocsp
pic
poly1305
posix-io
rdrand
rfc3779
rmd160
scrypt
shared
siphash
sock
srtp
sse2
ssl
static-engine
stdio
tests
threads
tls
ts
ui-console
whirlpool
tls1
tls1-method
tls1_1
tls1_1-method
tls1_2
tls1_2-method
tls1_3
dtls1
dtls1-method
dtls1_2
dtls1_2-method

Disabled features:

afalgeng[not-linux]   
aria[option]  OPENSSL_NO_ARIA (skip 
crypto/aria)
asan[default] OPENSSL_NO_ASAN
camellia[option]  OPENSSL_NO_CAMELLIA (skip 
crypto/camellia)
cast[option]  OPENSSL_NO_CAST (skip 
crypto/cast)
crypto-mdebug   [default] OPENSSL_NO_CRYPTO_MDEBUG
crypto-mdebug-backtrace [default] 
OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
devcryptoeng[default] OPENSSL_NO_DEVCRYPTOENG
ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128
egd [default] OPENSSL_NO_EGD
external-tests  [default] OPENSSL_NO_EXTERNAL_TESTS
fuzz-libfuzzer  [default] OPENSSL_NO_FUZZ_LIBFUZZER
fuzz-afl[default] OPENSSL_NO_FUZZ_AFL
gost[option]  OPENSSL_NO_GOST
heartbeats  [default] OPENSSL_NO_HEARTBEATS
idea[option]  OPENSSL_NO_IDEA (skip 
crypto/idea)
md2 

Re: child-wait.c and [-Wnull-pointer-arithmetic]

[Rupert Gallagher via dovecot]

Thanks! It solved problems also with str-table.c, test-hash.c, test-mempool.c, 
auth-server-connection.c, master-auth.c, master-login-auth.c, 
mail-cache-fields.c, mail-index.c, mailbox-list-index.c, 
mailbox-list-index-sync.c, maildir-keywords.c, mdbox-purge.c, connect-limit.c, 
auth-request-handler.c, db-checkpassword.c, service-monitor.c, 
service-process.c, pop3-commands.c, log-connection.c, doveconf.c, 
user-directory.c, replicator-connection.c, dsync-mailbox-import.c, 
dsync-mailbox-export.c, dsync-transaction-log-scan.c, doveadm-director.c, 
doveadm-kick.c, acl-cache.c, doveadm-expire.c and push-notification-txn-msg.c.

‐‐‐ Original Message ‐‐‐
On Monday, March 18, 2019 10:50 AM, Aki Tuomi  
wrote:

> On 18.3.2019 12.48, Rupert Gallagher via dovecot wrote:
>
>> Attached warnings from clang 7.0 when compiling child-wait.c from dovecot 
>> 2.3.5:
>>
>> "arithmetic on a null pointer treated as a cast from integer to pointer is a 
>> GNU extension
>> [-Wnull-pointer-arithmetic]".
>
> This is fixed in master with
>
> https://github.com/dovecot/core/commit/ac7aa955db4c77bbb169baa5d104a4c128674646.patch
>
> Aki

child-wait.c and [-Wnull-pointer-arithmetic]

[Rupert Gallagher via dovecot]

Attached warnings from clang 7.0 when compiling child-wait.c from dovecot 2.3.5:

"arithmetic on a null pointer treated as a cast from integer to pointer is a 
GNU extension
[-Wnull-pointer-arithmetic]".child-wait.c:66:32: warning: arithmetic on a null pointer treated as a cast 
from integer to pointer is a GNU extension [-Wnull-pointer-arithmetic]
hash_table_insert(child_pids, POINTER_CAST(pid), wait);
~~^~~~
./macros.h:42:27: note: expanded from macro 'POINTER_CAST'
((void *) ((char *) NULL + (i)))
 ^
./hash.h:111:20: note: expanded from macro 'hash_table_insert'
(void *)((char*)(key) + 
COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE((table)._key, key)), \
 ^~~
child-wait.c:66:32: warning: arithmetic on a null pointer treated as a cast 
from integer to pointer is a GNU extension [-Wnull-pointer-arithmetic]
hash_table_insert(child_pids, POINTER_CAST(pid), wait);
~~^~~~
./macros.h:42:27: note: expanded from macro 'POINTER_CAST'
((void *) ((char *) NULL + (i)))
 ^
./hash.h:111:79: note: expanded from macro 'hash_table_insert'
(void *)((char*)(key) + 
COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE((table)._key, key)), \

^~~~
./macros.h:178:52: note: expanded from macro 
'COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE'
!__builtin_types_compatible_p(typeof(_a), typeof(_b)))
~^
./macros.h:170:25: note: expanded from macro 'COMPILE_ERROR_IF_TRUE'
(sizeof(char[1 - 2 * ((condition) ? 1 : 0)]) - 1)
   ^
child-wait.c:72:32: warning: arithmetic on a null pointer treated as a cast 
from integer to pointer is a GNU extension [-Wnull-pointer-arithmetic]
hash_table_remove(child_pids, POINTER_CAST(pid));
~~^~
./macros.h:42:27: note: expanded from macro 'POINTER_CAST'
((void *) ((char *) NULL + (i)))
 ^
./hash.h:124:46: note: expanded from macro 'hash_table_remove'
if (unlikely(!hash_table_try_remove(table, key))) \
~~~^
./hash.h:121:33: note: expanded from macro 'hash_table_try_remove'
(const void *)((const char *)(key) + 
COMPILE_ERROR_IF_TYPES2_NOT_COMPATIBLE((table)._const_key, (table)._key, key)))
  ^
./macros.h:189:45: note: expanded from macro 'unlikely'
#  define unlikely(expr) (__builtin_expect((expr) ? 1 : 0, 0) != 0)
^~~~
child-wait.c:72:32: warning: arithmetic on a null pointer treated as a cast 
from integer to pointer is a GNU extension [-Wnull-pointer-arithmetic]
hash_table_remove(child_pids, POINTER_CAST(pid));
~~^~
./macros.h:42:27: note: expanded from macro 'POINTER_CAST'
((void *) ((char *) NULL + (i)))
 ^
./hash.h:124:46: note: expanded from macro 'hash_table_remove'
if (unlikely(!hash_table_try_remove(table, key))) \
~~~^
./hash.h:121:113: note: expanded from macro 'hash_table_try_remove'
(const void *)((const char *)(key) + 
COMPILE_ERROR_IF_TYPES2_NOT_COMPATIBLE((table)._const_key, (table)._key, key)))

  ^
./macros.h:181:53: note: expanded from macro 
'COMPILE_ERROR_IF_TYPES2_NOT_COMPATIBLE'
!__builtin_types_compatible_p(typeof(_a1), typeof(_b)) && \
  ^
./macros.h:170:25: note: expanded from macro 'COMPILE_ERROR_IF_TRUE'
(sizeof(char[1 - 2 * ((condition) ? 1 : 0)]) - 1)
   ^
./macros.h:189:45: note: expanded from macro 'unlikely'
#  define unlikely(expr) (__builtin_expect((expr) ? 1 : 0, 0) != 0)
^~~~
child-wait.c:72:32: warning: arithmetic on a null pointer treated as a cast 
from integer to pointer is a GNU extension [-Wnull-pointer-arithmetic]
hash_table_remove(child_pids, POINTER_CAST(pid));
~~^~
./macros.h:42:27: note: expanded from macro 'POINTER_CAST'
((void *) ((char *) NULL + (i)))
 ^
./hash.h:124:46: note: expanded from macro 'hash_table_remove'
if (unlikely(!hash_table_try_remove(table, key))) \
~~~^

Re: File permissions

[Rupert Gallagher via dovecot]

Thank you.

On Tue, Jan 8, 2019 at 19:02, Aki Tuomi  wrote:

>> On 08 January 2019 at 19:39 Rupert Gallagher via dovecot 
>>  wrote:
>>
>>
>> Hello,
>>
>> I am mosty done with the upgrade, but there is a problem that keeps me awake 
>> at night: file ownership and permissions.
>>
>> It would be most helpful to have the following from Aki's live system:
>>
>> ls -halFR /var/run/dovecot
>
> My live config uses dovecot defaults as much as possible, since these are 
> usually correct. I only have three unix listeners configured, one for postfix 
> authentication and
>
> service old-stats {
> fifo_listener old-stats-mail {
> mode = 0666
> }
> }
>
> service stats {
> unix_listener stats-writer {
> mode = 0666
> }
> }
>
> thus:
>
> /var/run/dovecot:
> total 8.0K
> drwxr-xr-x 5 root root 860 Dec 2 11:31 ./
> drwxr-xr-x 25 root root 920 Jan 8 19:59 ../
> srw--- 1 root root 0 Dec 2 11:31 anvil=
> srw--- 1 root root 0 Dec 2 11:31 anvil-auth-penalty=
> srw--- 1 dovecot root 0 Dec 2 11:31 auth-client=
> srw--- 1 dovecot root 0 Dec 2 11:31 auth-login=
> srw--- 1 root root 0 Dec 2 11:31 auth-master=
> -rw--- 1 root root 32 Jun 27 2018 auth-token-secret.dat
> srw-rw-rw- 1 dovecot root 0 Dec 2 11:31 auth-userdb=
> srw--- 1 dovecot root 0 Dec 2 11:31 auth-worker=
> srw--- 1 root root 0 Dec 2 11:31 config=
> srw-rw 1 root dovecot 0 Dec 2 11:31 dict=
> srw-rw 1 root dovecot 0 Dec 2 11:31 dict-async=
> srw--- 1 root root 0 Dec 2 11:31 director-admin=
> srw-rw-rw- 1 root root 0 Dec 2 11:31 dns-client=
> srw--- 1 root root 0 Dec 2 11:31 doveadm-server=
> lrwxrwxrwx 1 root root 25 Dec 2 11:31 dovecot.conf -> 
> /etc/dovecot/dovecot.conf
> drwxr-xr-x 2 root root 40 Jun 27 2018 empty/
> srw-rw 1 root dovecot 0 Dec 2 11:31 imap-hibernate=
> srw--- 1 root root 0 Dec 2 11:31 imap-master=
> srw-rw-rw- 1 root root 0 Dec 2 11:31 imap-urlauth=
> srw--- 1 dovecot root 0 Dec 2 11:31 imap-urlauth-worker=
> srw-rw-rw- 1 root root 0 Dec 2 11:31 indexer=
> srw--- 1 dovecot root 0 Dec 2 11:31 indexer-worker=
> srw--- 1 dovecot root 0 Dec 2 11:31 ipc=
> srw-rw-rw- 1 root root 0 Dec 2 11:31 lmtp=
> srw--- 1 root root 0 Dec 2 11:31 log-errors=
> drwxr-x--- 2 root dovenull 100 Dec 2 11:31 login/
> srw--- 1 root root 0 Dec 2 11:31 master=
> -rw--- 1 root root 6 Dec 2 11:31 master.pid
> srw--- 1 root root 0 Dec 2 11:31 old-stats=
> prw-rw-rw- 1 root root 0 Jan 8 20:02 old-stats-mail|
> prw--- 1 root root 0 Jan 8 19:57 old-stats-user|
> srw--- 1 root root 0 Dec 2 11:31 replication-notify=
> prw--- 1 root root 0 Dec 2 11:31 replication-notify-fifo|
> srw--- 1 dovecot root 0 Dec 2 11:31 replicator=
> srw-rw-rw- 1 root root 0 Jul 25 09:07 ssl-params=
> srw--- 1 root root 0 Jul 25 09:07 stats=
> prw-rw-rw- 1 root root 0 Sep 23 15:50 stats-mail|
> srw--- 1 root root 0 Dec 2 11:31 stats-reader=
> prw--- 1 root root 0 Sep 23 15:18 stats-user|
> srw-rw-rw- 1 root dovecot 0 Dec 2 11:31 stats-writer=
> drwxr-x--- 2 root dovenull 80 Dec 2 11:31 token-login/
>
> Aki

File permissions

[Rupert Gallagher via dovecot]

Hello,

I am mosty done with the upgrade, but there is a problem that keeps me awake at 
night: file ownership and permissions.

It would be most helpful to have the following from Aki's live system:

ls -halFR /var/run/dovecot

Re: Fwd: Re: gcc -> clang

[Rupert Gallagher via dovecot]

Same problem with 2.3.4.

configure lacks debug flags.

No joy with gdb breakpoint in mallock_error_break on make test.

On Thu, Jan 3, 2019 at 13:58, Aki Tuomi  wrote:

> The arithmetic stuff has already been fixed in master with
>
> https://github.com/dovecot/core/commit
> /5cccb4af850bb3ba81e73a8fb4f6881c3e1d4046.patch
> https://github.com/dovecot/core/commit
> /ac7aa955db4c77bbb169baa5d104a4c128674646.patch
>
> I have not seen the second error ever, it would need more information, can 
> you gdb to it and see what the actual value is?
>
> Aki
>
>> On 03 January 2019 at 13:38 Rupert Gallagher via dovecot 
>>  wrote:
>>
>>
>> The compiler returns many warnings, and the test returns two IPv6-related 
>> errors. I am attaching both logs as reference.
>>
>> > ‐‐‐ Original Message ‐‐‐
>> > On Thursday, January 3, 2019 9:53 AM, Aki Tuomi 
>> >  wrote:
>> >
>> >> We compile all core code with both gcc and clang. What sort of 
>> >> interesting things did you find?
>> >>
>> >> Aki
>> >>
>> >>> On 03 January 2019 at 11:50 Rupert Gallagher via dovecot < 
>> >>> dovecot@dovecot.org> wrote:
>> >>>
>> >>> Please, use clang instead of gcc. Code quality can only profit from it. 
>> >>> I just compiled 2.3.4 and compiler stderr is full of interesting 
>> >>> problems.
>> >>
>> >> ---
>> >> Aki Tuomi

gcc -> clang

[Rupert Gallagher via dovecot]

Please, use clang instead of gcc. Code quality can only profit from it. I just 
compiled 2.3.4 and compiler stderr is full of interesting problems.

Re: Panic…

[Rupert Gallagher via dovecot]

Shouldn't an event of this type trigger a useful warning instead of a cryptic 
programming error?

On Thu, Dec 13, 2018 at 07:42, Timo Sirainen  wrote:

> On 13 Dec 2018, at 7.31, SH Development  wrote:
>>
>> I have started getting these in my log. What does this mean and what do I 
>> need to do?
>>
>> Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset): 
>> assertion failed: (offset < 0x4000)
>
> Your dovecot.index.cache file has grown too huge. The only solution now is to 
> delete it, and perhaps try to shrink the number of mails in the folder as 
> well. The downside to deleting cache is that it may temporarily slow down 
> performance for accessing the folder, depending on the IMAP client.

Re: Ass(et) protection for mobile users

[Rupert Gallagher]

Interesting trick here. I'll study it.

Thank you!

On Thu, Oct 18, 2018 at 10:48, Aki Tuomi  wrote:

> Ensure your config looks like
>
> namespace SOME_NAME_HERE {
>
> ...
>
> }
>
> Make a postlogin script which exports
>
> export NAMESPACE/SOME_NAME_HERE/HIDDEN=true USERDB_KEYS="$USERDB_KEYS 
> NAMESPACE/SOME_NAME_HERE/HIDDEN"
>
> Or somehow export this from passdb/userdb as 
> (userdb_)namespace/some_name_here/hidden=true
>
> Aki
>
> On 18.10.2018 10.18, Rupert Gallagher wrote:
>
>> Connections from anything other than LAN.
>>
>> On Thu, Oct 18, 2018 at 08:49, Aki Tuomi  wrote:
>>
>>> On 18.10.2018 9.48, Rupert Gallagher wrote:
>>>> Hello!
>>>>
>>>> Is it possible to hide the public folder when the user is on its
>>>> mobile phone?
>>> How would you know this?
>>>
>>> Aki

Re: Ass(et) protection for mobile users

[Rupert Gallagher]

On motivation, our public folder is a shared folder with sensitive business 
content, is has too many subfolders for a mobile client, and an accidental 
operation like deleting or moving would break everybody's business for hours.

On Thu, Oct 18, 2018 at 08:49, Aki Tuomi  wrote:

> On 18.10.2018 9.48, Rupert Gallagher wrote:
>> Hello!
>>
>> Is it possible to hide the public folder when the user is on its
>> mobile phone?
> How would you know this?
>
> Aki

Re: Ass(et) protection for mobile users

[Rupert Gallagher]

Connections from anything other than LAN.

On Thu, Oct 18, 2018 at 08:49, Aki Tuomi  wrote:

> On 18.10.2018 9.48, Rupert Gallagher wrote:
>> Hello!
>>
>> Is it possible to hide the public folder when the user is on its
>> mobile phone?
> How would you know this?
>
> Aki

Re: Ass(et) protection for mobile users

[Rupert Gallagher]

Foreign IP.

On Thu, Oct 18, 2018 at 08:49, Aki Tuomi  wrote:

> On 18.10.2018 9.48, Rupert Gallagher wrote:
>> Hello!
>>
>> Is it possible to hide the public folder when the user is on its
>> mobile phone?
> How would you know this?
>
> Aki

Ass(et) protection for mobile users

[Rupert Gallagher]

Hello!

Is it possible to hide the public folder when the user is on its mobile phone?

Re: outlook idiocy - IMAP folders with /

[Rupert Gallagher]

I think we need a public compliance test, similar to html and ssl, then people 
would start questioning the quality of their own client, and migrate to better 
ones. When Micro$oft will eventually feel the pinch, then they will start 
fixing their $hit. People have the power! (I like that song.)

On Tue, Oct 2, 2018 at 09:59, Wojciech Puchar  wrote:

>>
>> As I have no control over their minds, hands, and client software, I wish I 
>> could enforce the policy from the server, returning an
>> error message to the client.
>>
>> On its turn, this requires the client to listen to such server messages, 
>> operated by a smarter user.
>
> the problem with pseudomail pseudoprogram outlook is that it simply
> ignores error and shows folder created, then even allow to store messages
> in it (store it locally in temporary file).
>
> When file is deleted messages are lost.
>
>>
>> At the end of the day, it feels like we are re-discovering the wheel, as 
>> such problems should have been addressed and solved long
>> ago by an RFC.
>>
>> Listescape is a welcome patch. Let see if it works. I just have to select a 
>> character that no user could type and still practical
>> for the filesystem to use...
>>
>>
>> On Mon, Oct 1, 2018 at 10:07, Timo Sirainen  wrote:
>> On 28 Sep 2018, at 16.44, Wojciech Puchar  wrote:
>>
>> user attempts to create folders with / dovecot naturally cannot create it so 
>> it returns error but outlook of
>> course "create" it and keep data in local store only. data is lost when you 
>> remove local store .pst file.
>>
>> The question is - can dovecot be configured so it will automatically replace 
>> slash in name with something
>> else?
>>
>>
>> https://wiki2.dovecot.org/Plugins/Listescape maybe?
>>
>>
>>

Re: outlook idiocy - IMAP folders with /

[Rupert Gallagher]

I tell users to limit the folder characters to /0-9a-zA-Z_/, because anything 
else may upset a mail client or server.

As I have no control over their minds, hands, and client software, I wish I 
could enforce the policy from the server, returning an error message to the 
client.

On its turn, this requires the client to listen to such server messages, 
operated by a smarter user.

At the end of the day, it feels like we are re-discovering the wheel, as such 
problems should have been addressed and solved long ago by an RFC.

Listescape is a welcome patch. Let see if it works. I just have to select a 
character that no user could type and still practical for the filesystem to 
use...

On Mon, Oct 1, 2018 at 10:07, Timo Sirainen  wrote:

> On 28 Sep 2018, at 16.44, Wojciech Puchar  wrote:
>
>> user attempts to create folders with / dovecot naturally cannot create it so 
>> it returns error but outlook of course "create" it and keep data in local 
>> store only. data is lost when you remove local store .pst file.
>>
>> The question is - can dovecot be configured so it will automatically replace 
>> slash in name with something else?
>
> https://wiki2.dovecot.org/Plugins/Listescape maybe?

Re: outlook idiocy - IMAP folders with /

[Rupert Gallagher]

Sorry Aki, you are right.

On Sat, Sep 29, 2018 at 09:59, Aki Tuomi  wrote:

>> On 29 September 2018 at 10:05 Rupert Gallagher  wrote:
>>
>>
>> +1
>>
>> A similar problem occurs with "."
>>
>> Sent from ProtonMail Mobile
>>
>> On Fri, Sep 28, 2018 at 15:44, Wojciech Puchar  wrote:
>>
>> > user attempts to create folders with /
>> > dovecot naturally cannot create it so it returns error but outlook of
>> > course "create" it and keep data in local store only. data is lost when
>> > you remove local store .pst file.
>> >
>> > The question is - can dovecot be configured so it will automatically
>> > replace slash in name with something else?
>
> And how would this help? Outlook would still go ahead and create the folder 
> with / in it, and dovecot would create a folder with, say - in it and now 
> you'd have two folders.
>
> Aki

Re: outlook idiocy - IMAP folders with /

[Rupert Gallagher]

+1

A similar problem occurs with "."

Sent from ProtonMail Mobile

On Fri, Sep 28, 2018 at 15:44, Wojciech Puchar  wrote:

> user attempts to create folders with /
> dovecot naturally cannot create it so it returns error but outlook of
> course "create" it and keep data in local store only. data is lost when
> you remove local store .pst file.
>
> The question is - can dovecot be configured so it will automatically
> replace slash in name with something else?

Re: Looking into a solution for Caldav (and possibly carddav) support

[Rupert Gallagher]

Cyrus may offer the best implementation of cards and calendars ( 
https://en.m.wikipedia.org/wiki/Comparison_of_CalDAV_and_CardDAV_implementations
 ) but would you trade its imap for dovecots own?

I am starving for an open-source card and calendar solution that is sound and 
secure, so cyrus is a good candidate, but I need it to go along with the 
existing structure, i do not want to start fresh with a new imap server.

Sent from ProtonMail Mobile

On Sat, Jun 30, 2018 at 11:19, Alexander Dalloz  wrote:

> Am 30.06.2018 um 07:13 schrieb Mihai Badici: > I can confirm you can use 
> dovecot ( instead of cyrus) but is not trivial > and I didn't know much about 
> the compatibility for shared calendars. Cyrus IMAPd provides exactly that, 
> easily ;-) 
> https://www.cyrusimap.org/imap/download/installation/manage-dav.html Alexander

Re: Bug: subscriptions file

[Rupert Gallagher]

I shall volunteer,
not to be chewed,
alive,
by the lions,
on this fine day.

Sent from ProtonMail Mobile

On Thu, May 24, 2018 at 15:37, Timo Sirainen <t...@iki.fi> wrote:

> I'd rather not add RFC-breaking settings. But there's IMAP4rev2 discussion 
> going on in https://www.ietf.org/mailman/listinfo/extra. Someone motivated 
> enough could perhaps try to suggest changing this behavior in there.
>
>> On 23 May 2018, at 23.13, Rupert Gallagher <r...@protonmail.com> wrote:
>>
>> Sorry for top posting, my client is still broken.
>>
>> I have never seen the ghost of a "system-alerts" or similar "well-known" 
>> mail folder in the past 30 years.
>>
>> Compliance with an RFC obscure feature is compellong us all to clear 
>> subscriptions fol ders by hand.
>>
>> As we meet the problem over and over again, a non-RFC configuration option 
>> could solve the problem, and it would be very much appreciated...
>>
>> On Wed, May 23, 2018 at 11:57, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>>
>>> On 23.05.2018 12:31, Rupert Gallagher wrote:
>>
>>>> Dovecot does not clear the subscription file from non-existent folders.
>>>
>>> Hi!
>>>
>>> Thank you for your bug report. Unfortunately this is not a BUG, but 
>>> mandated behavior by RFC3501, see last two paragraphs in the excerpt.
>>>
>>> Aki Tuomi
>>>
>>> 6.3.6.  SUBSCRIBE Command
>>>
>>>Arguments:  mailbox
>>>
>>>Responses:  no specific responses for this command
>>>
>>>Result: OK - subscribe completed
>>>NO - subscribe failure: can't subscribe to that name
>>>BAD - command unknown or arguments invalid
>>>
>>>   The SUBSCRIBE command adds the specified mailbox name to the
>>>   server's set of "active" or "subscribed" mailboxes as returned by
>>>   the LSUB command.  This command returns a tagged OK response only
>>>   if the subscription is successful.
>>>
>>>   A server MAY validate the mailbox argument to SUBSCRIBE to verify
>>>   that it exists.  However, it MUST NOT unilaterally remove an
>>>   existing mailbox name from the subscription list even if a mailbox
>>>   by that name no longer exists.
>>>
>>>Note: This requirement is because a server site can
>>>choose to routinely remove a mailbox with a well-known
>>>name (e.g., "system-alerts") after its contents expire,
>>>with the intention of recreating it when new contents
>>>are appropriate.

Re: Bug: subscriptions file

[Rupert Gallagher]

Well, ok, it is a feature, not a bug.

I hope it will qualify as a bug for Thunderbird, because manual edit of the 
subscription file is just batshit crazy.

Sent from ProtonMail Mobile

On Thu, May 24, 2018 at 07:33, Aki Tuomi <aki.tu...@dovecot.fi> wrote:

> I understand that reading that paragraph makes it sounds obscure and 
> outdated. But the problem is that if somethings deletes & recreates your 
> folder, while you were gone, you would lose the subscription. This includes 
> other MUAs that are in no way obligated to resubscribe to the folder if they 
> do this.
>
> Aki
>
> On 23.05.2018 23:13, Rupert Gallagher wrote:
>
>> Sorry for top posting, my client is still broken.
>>
>> I have never seen the ghost of a "system-alerts" or similar "well-known" 
>> mail folder in the past 30 years.
>>
>> Compliance with an RFC obscure feature is compellong us all to clear 
>> subscriptions fol ders by hand.
>>
>> As we meet the problem over and over again, a non-RFC configuration option 
>> could solve the problem, and it would be very much appreciated...
>>
>> On Wed, May 23, 2018 at 11:57, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>>
>>> On 23.05.2018 12:31, Rupert Gallagher wrote:
>>
>>>> Dovecot does not clear the subscription file from non-existent folders.
>>>
>>> Hi!
>>>
>>> Thank you for your bug report. Unfortunately this is not a BUG, but 
>>> mandated behavior by RFC3501, see last two paragraphs in the excerpt.
>>>
>>> Aki Tuomi
>>>
>>> 6.3.6.  SUBSCRIBE Command
>>>
>>>Arguments:  mailbox
>>>
>>>Responses:  no specific responses for this command
>>>
>>>Result: OK - subscribe completed
>>>NO - subscribe failure: can't subscribe to that name
>>>BAD - command unknown or arguments invalid
>>>
>>>   The SUBSCRIBE command adds the specified mailbox name to the
>>>   server's set of "active" or "subscribed" mailboxes as returned by
>>>   the LSUB command.  This command returns a tagged OK response only
>>>   if the subscription is successful.
>>>
>>>   A server MAY validate the mailbox argument to SUBSCRIBE to verify
>>>   that it exists.  However, it MUST NOT unilaterally remove an
>>>   existing mailbox name from the subscription list even if a mailbox
>>>   by that name no longer exists.
>>>
>>>Note: This requirement is because a server site can
>>>choose to routinely remove a mailbox with a well-known
>>>name (e.g., "system-alerts") after its contents expire,
>>>with the intention of recreating it when new contents
>>>are appropriate.

Re: Bug: subscriptions file

[Rupert Gallagher]

Sorry for top posting, my client is still broken.

I have never seen the ghost of a "system-alerts" or similar "well-known" mail 
folder in the past 30 years.

Compliance with an RFC obscure feature is compellong us all to clear 
subscriptions fol ders by hand.

As we meet the problem over and over again, a non-RFC configuration option 
could solve the problem, and it would be very much appreciated...

On Wed, May 23, 2018 at 11:57, Aki Tuomi <aki.tu...@dovecot.fi> wrote:

> On 23.05.2018 12:31, Rupert Gallagher wrote:

>> Dovecot does not clear the subscription file from non-existent folders.
>
> Hi!
>
> Thank you for your bug report. Unfortunately this is not a BUG, but mandated 
> behavior by RFC3501, see last two paragraphs in the excerpt.
>
> Aki Tuomi
>
> 6.3.6.  SUBSCRIBE Command
>
>Arguments:  mailbox
>
>Responses:  no specific responses for this command
>
>Result: OK - subscribe completed
>NO - subscribe failure: can't subscribe to that name
>BAD - command unknown or arguments invalid
>
>   The SUBSCRIBE command adds the specified mailbox name to the
>   server's set of "active" or "subscribed" mailboxes as returned by
>   the LSUB command.  This command returns a tagged OK response only
>   if the subscription is successful.
>
>   A server MAY validate the mailbox argument to SUBSCRIBE to verify
>   that it exists.  However, it MUST NOT unilaterally remove an
>   existing mailbox name from the subscription list even if a mailbox
>   by that name no longer exists.
>
>Note: This requirement is because a server site can
>choose to routinely remove a mailbox with a well-known
>name (e.g., "system-alerts") after its contents expire,
>with the intention of recreating it when new contents
>are appropriate.

Bug: subscriptions file

[Rupert Gallagher]

Dovecot does not clear the subscription file from non-existent folders.

Re: Cannot delete folder

[Rupert Gallagher]

On Tue, May 22, 2018 at 13:58, Rupert Gallagher <r...@protonmail.com> wrote:

>> On Tue, May 22, 2018 at 10:40, Steffen Kaiser <skdove...@inf.h-brs.de> wrote:

>> Thunderbird (or some versions anyway) will display any subscribed folder, 
>> regardless if it exists or not.

>>Dovecot fails to both delete or rename non-existant folders.

>> Checkout the local file "subscriptions" in your mailbox storage. (Close any 
>> mail client before).

>More explicitly, there are three possible actions here:

> - the postmaster edits a user's subscription file in the server :-((

> - the user edits the same file using their own client software (Thunderbird 
> fails on this) :-(

> - Thunderbird is patched to automatically clear the subscription file from 
> non-existent folders :-)

There is a fourth possibility: dovecot is patched to clear the subscription 
file from non-existent folders. :-))

Re: Cannot delete folder

[Rupert Gallagher]

On Tue, May 22, 2018 at 10:40, Steffen Kaiser  wrote:

> Thunderbird (or some versions anyway) will display any subscribed folder, 
> regardless if it exists or not.

> Dovecot fails to both delete or rename non-existant folders.

> Checkout the local file "subscriptions" in your mailbox storage. (Close any 
> mail client before).

More explicitly, there are three possible actions here:

- the postmaster edits a user's subscription file in the server :-((

- the user edits the same file using their own client software (Thunderbird 
fails on this) :-(

- Thunderbird is patched to automatically clear the subscription file from 
non-existent folders :-)

Re: stripping dovecot...

[Rupert Gallagher]

Bump

stripping dovecot...

[Rupert Gallagher]

Hello,

I do not need the following, and have configured both source and runtime 
accordingly:
  pam, gssapi, zlib, bzlib, lzma, pop3, quota, fts, welcome, lda.

Therefore, is it *safe* to manually remove the following from /usr/lib/dovecot/?

lib05_pop3_migration_plugin.a
lib05_pop3_migration_plugin.la
lib05_pop3_migration_plugin.so
lib20_fts_plugin.a
lib20_fts_plugin.la
lib20_fts_plugin.so
lib21_fts_squat_plugin.a
lib21_fts_squat_plugin.la
lib21_fts_squat_plugin.so
libdovecot-fts.0.dylib
libdovecot-fts.a
libdovecot-fts.dylib
libdovecot-fts.la
lib20_doveadm_fts_plugin.a
lib20_doveadm_fts_plugin.la
lib20_doveadm_fts_plugin.so
lib10_quota_plugin.a
lib10_quota_plugin.la
lib10_quota_plugin.so
lib11_imap_quota_plugin.a
lib11_imap_quota_plugin.la
lib11_imap_quota_plugin.so
lib20_quota_clone_plugin.a
lib20_quota_clone_plugin.la
lib20_quota_clone_plugin.so
lib10_doveadm_quota_plugin.a
lib10_doveadm_quota_plugin.la
lib10_doveadm_quota_plugin.so
lib99_welcome_plugin.a
lib99_welcome_plugin.la
lib99_welcome_plugin.so
libdovecot-lda.0.dylib
libdovecot-lda.a
libdovecot-lda.dylib
libdovecot-lda.la

dovecot.index.pvt reset, view is now inconsistent

[Rupert Gallagher]

Problem solved by going in manually. The log message appears for empty "public" 
folders. Say, you have a folder X with subfolder Y, where X does not contain 
any e-mail. The log message disappears if you drop an email into X, then remove 
it. Puf, gone! So, there seems to be a baby bug in how dovecot manages the 
index in this case.

Re: Cannot delete IMAP Mail-Folder in Trash

[Rupert Gallagher]

We have the same problem, with a twist. When Thunderbird deletes a folder, it 
is still shown by the GUI. Dovecot deleted the folder correctly, and the 
sunscriptions file is also correct. Some other times, on shared folders, 
Thunderbird refuses to delete; in this case, apple mail on iphone can delete 
successfully. This suggests that the problem is in Thunderbird's code.

R

On Mon, Feb 5, 2018 at 21:55, Remko Lodder  wrote:

>> On 5 Feb 2018, at 17:32, Aki Tuomi  wrote:
>>
>>> On February 5, 2018 at 6:16 PM Gabriel Kaufmann  
>>> wrote:
>>>
>>> Doesn't anyone have an idea?
>>>
>>> It looks like Dovecot and/or Thunderbird simply "ignore" sub-folders of
>>> IMAP-Folder in Trash/ as they are also not shown in Trash-Folder.
>>> Sub-Folder for INBOX and other IMAP-Folders work perfect (using
>>> layout=fs Mailbox).
>>>
>>> Why doesn't this work for Trash?
>>>
>>> Best regards
>>>
>>> Gabriel Kaufmann
>>
>> Can you try running this as root and provide output?
>>
>> doveadm -Dv -o mail_debug=yes mailbox delete -u username Trash/Somefolder
>>
>> Aki
>
> I had the same with Mac Mail.app. I decided to rm -rf the sdbox file on the 
> master and replica and I won.
> It was persistant though and I think it had to do with the following:
>
> I let my mail deliver in yearboxes, which have many many subfolders, some are 
> just "placeholders". They appear different in the view.
> Regular mailboxes are "dark" in colors, placeholder boxes are "white" in 
> colors (see attachment), where winkels is the "placeholder" folder and 
> "action" is the regular mailbox in which mail gets delivered.
>
> I could not get rid of those "winkels" kind of folders". Only by force 
> removing them from the filesystem hierarchie.
>
> Hope this helps a bit :)
>
> Cheers
> Remko

2.3.0 on 10.13.3 (macos): all testing errors

[Rupert Gallagher]

Enclosed.Making check in .
/bin/sh ./update-version.sh . .
Making check in src
Making check in lib-test
make[2]: Nothing to be done for `check'.
Making check in lib
/Applications/Xcode.app/Contents/Developer/usr/bin/make  check-am
/Applications/Xcode.app/Contents/Developer/usr/bin/make  check-local
for bin in test-lib; do \
  if !  ./$bin; then exit 1; fi; \
done
aqueue ... : ok
array count/empty  : ok
array foreach  : ok
array foreach_elem struct  : ok
array foreach_elem ro/rw strings . : ok
array reverse  : ok
array_lsearch  : ok
array compare (ushort) ... : ok
array compare (char*)  : ok
array swap ... : ok
base32_encode() with padding . : ok
base32_encode() no padding ... : ok
base32hex_encode() with padding .. : ok
base32hex_encode() no padding  : ok
base32_decode() .. : ok
padded base32 encode/decode with random input  : ok
padded base32hex encode/decode with random input . : ok
base64_encode() .. : ok
base64_decode() .. : ok
base64 encode/decode with random input ... : ok
nearest_power() .. : ok
bits_is_power_of_two() ... : ok
bits_requiredXX()  : ok
fraclog 0-bit  : ok
fraclog 1-bit  : ok
fraclog 2-bit  : ok
fraclog 3-bit  : ok
fraclog 4-bit  : ok
fraclog 5-bit  : ok
fraclog constant 2 bit ... : ok
bits_rotl32 .. : ok
bits_rotr32 .. : ok
bits_rotl64 .. : ok
bits_rotr64 .. : ok
UINT64_SUM_OVERFLOWS . : ok
bloomfilter .. : ok
bsearch_insert_pos(0,18) . : ok
bsearch_insert_pos(1,18) . : ok
buffer ... : ok
buffer_write . : ok
buffer_set_used_size . : ok
buffer_test_truncate_bits  : ok
byteorder - bswap (size:8  iter:0) ... : ok
byteorder - bswap (size:16 iter:0) ... : ok
byteorder - bswap (size:32 iter:0) ... : ok
byteorder - bswap (size:64 iter:0) ... : ok
byteorder - bswap (size:8  iter:1) ... : ok
byteorder - bswap (size:16 iter:1) ... : ok
byteorder - bswap (size:32 iter:1) ... : ok
byteorder - bswap (size:64 iter:1) ... : ok
byteorder - bswap (size:8  iter:2) ... : ok
byteorder - bswap (size:16 iter:2) ... : ok
byteorder - bswap (size:32 iter:2) ... : ok
byteorder - bswap (size:64 iter:2) ... : ok
byteorder - bswap (size:8  iter:3) ... : ok
byteorder - bswap (size:16 iter:3) ... : ok
byteorder - bswap (size:32 iter:3) ... : ok
byteorder - bswap (size:64 iter:3) ... : ok
byteorder - unaligned read (BE  size:8  iter:0) .. : ok
byteorder - unaligned read (LE  size:8  iter:0) .. : ok
byteorder - unaligned read (CPU size:8  iter:0) 

Re: test-net.c failure

[Rupert Gallagher]

I meant to disable it when configuring the source, and thus when running make 
check. The test fails on 2.3.0 only, the 2.2 branch did not have this problem.

Sent from ProtonMail Mobile

On Wed, Jan 31, 2018 at 05:56, Prasad K <pra...@cloudcomputer.in> wrote:

> The dovecot.conf file from CentOS-7 contains this :
>
> --- snip ---
> # A comma separated list of IPs or hosts where to listen in for connections.
> # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
> # If you want to specify non-default ports or anything more complex,
> # edit conf.d/master.conf.
> #listen = *, ::
> --- snip ---
>
> HTH
>
> --
> Prasad
>
> On 30/01/18 11:35 PM, Rupert Gallagher wrote:
>
>> test-net.c:79: Assert failed: strcmp(net_ip2addr(), "::5") == 0
>> test-net.c:83: Assert failed: strcmp(net_ip2addr(), "::5") == 0
>> net_ip2addr()  : 
>> FAILED
>>
>> Hello,
>> Is it possible to disable DOVECOT_IPV6?
>> We do not use IPv6 (and hope we shall never do on e-mails).

test-net.c failure

[Rupert Gallagher]

test-net.c:79: Assert failed: strcmp(net_ip2addr(), "::5") == 0
test-net.c:83: Assert failed: strcmp(net_ip2addr(), "::5") == 0
net_ip2addr()  : FAILED

Hello,
Is it possible to disable DOVECOT_IPV6?
We do not use IPv6 (and hope we shall never do on e-mails).

Re: Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset): assertion failed: (offset < 0x40000000)

[Rupert Gallagher]

You are storing 1.7 million e-mails in a single mbox file. I would rather store 
the archive using one file per e-mail.

Re: How to limit Apple Mail (desktop)?

[Rupert Gallagher]

I think I am not mistaken in saying that the original purpose of IMAP was to 
access a remote database, vs POP's approach to download it. When the IMAP 
client opens a folder, the server uploads the *index* of its content. When the 
client requests a specific item, the server uploads the item while keeping the 
original. If the client renames a folder, the server just renames the folder.

Apple Mail behaves like a POP client that wants to download everything while 
keeping the db on the server. Further down Apple's madness, if the client 
renames a folder, Apple mail asks the server to upload the full content of the 
"new" folder. Batshit crazy!

The very best therapy here is, in my opinion, to serve Apple Mail's request for 
mass download as if it were a regular IMAP index request, if technically 
feasible. If it is not feasible, then the alternative is not to rate limit the 
connection, but to ban Apple Mail entirely.

Sent from ProtonMail Mobile

On Tue, Oct 31, 2017 at 2:46 PM, Rupert Gallagher <r...@protonmail.com> wrote:

> Aki, the IMAP client can receive the e-mails with an empty body without any 
> damage. This is how IMAP works normally. The full body is queried again by 
> the client when reading the e-mail for real.
>
> On Tue, Oct 31, 2017 at 1:52 PM, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>
>>>> What's in your mind as solution?
>
>>> When dovecot receives many full body downloads from a client, it could 
>>> respond by sending the header only.
>
>> This sounds rather dangerous. Client is expecting full body download, not 
>> headers. Aki

Re: How to limit Apple Mail (desktop)?

[Rupert Gallagher]

Aki, the IMAP client can receive the e-mails with an empty body without any 
damage. This is how IMAP works normally. The full body is queried again by the 
client when reading the e-mail for real.

On Tue, Oct 31, 2017 at 1:52 PM, Aki Tuomi  wrote:

>>> What's in your mind as solution?

>> When dovecot receives many full body downloads from a client, it could 
>> respond by sending the header only.

> This sounds rather dangerous. Client is expecting full body download, not 
> headers. Aki

Re: How to limit Apple Mail (desktop)?

[Rupert Gallagher]

> What's in your mind as solution?

When dovecot receives many full body downloads from a client, it could respond 
by sending the header only.

Sent from ProtonMail Mobile

On Tue, Oct 31, 2017 at 11:29 AM, <ml+dove...@moritz.augsburger.name> wrote:

> Hi, On 30.10.2017 10:38, Rupert Gallagher wrote: > We need a server-side 
> solution to the problem. more powerfull hardware? What's in your mind as 
> solution? Don't tell the client about the mails -> user will miss old mails. 
> Stop him from fetching body with a temporary "UNAVAILABLE" failure? -> Don't 
> know how apple mail will react, but probably present some error to the user 
> for every mail. The only possibility that would make sense to me is some form 
> of rate limiting to reduce the server load. Give them some tens of Megabytes 
> w/o any restriction, then reduce. Regards Moritz

Re: How to limit Apple Mail (desktop)?

[Rupert Gallagher]

When Apple Mail connects to an IMAP account for the very first time, it 
downloads all e-mails to build a local mirror.

When the user changes the name of a folder, Apple Mail downloads the whole 
subtree and erases the old one.

We have Apple Mail users with >20GB worth of e-mails, downloaded multiple times 
(horrified emoticon here).

Sent from ProtonMail Mobile

On Mon, Oct 30, 2017 at 10:38 AM, Rupert Gallagher <r...@protonmail.com> wrote:

> By default, Apple Mail downloads all e-mails from  server's account. Previous 
> versions of this client allowed to opt-out. The latest two versions? however, 
> only allow to opt-out from downloading the attachments.
>
> The stress on the server is unbearable. We cannot ask users to be 
> considerate: this is the default behaviour of Apple Mail.
>
> We need a server-side solution to the problem.
>
> Please share your ideas.

How to limit Apple Mail (desktop)?

[Rupert Gallagher]

By default, Apple Mail downloads all e-mails from  server's account. Previous 
versions of this client allowed to opt-out. The latest two versions? however, 
only allow to opt-out from downloading the attachments.

The stress on the server is unbearable. We cannot ask users to be considerate: 
this is the default behaviour of Apple Mail.

We need a server-side solution to the problem.

Please share your ideas.

Re: hidden shared/public Trash and Junk folders

[Rupert Gallagher]

done!

On Thu, Sep 14, 2017 at 1:44 PM, Rupert Gallagher <r...@protonmail.com> wrote:

> We need ideas on how to do this reliably and efficiently for a specific 
> client with unfaithful employees. --- We could do this using client-side 
> configuration tied to windows GPO, but prefer a server-side solution.
>
> Sent from ProtonMail Mobile

hidden shared/public Trash and Junk folders

[Rupert Gallagher]

We need ideas on how to do this reliably and efficiently for a specific client 
with unfaithful employees. --- We could do this using client-side configuration 
tied to windows GPO, but prefer a server-side solution.

Sent from ProtonMail Mobile

Re: Dovecot - Postfix Calender Synchronisation

[Rupert Gallagher]

> handle big number of users and big amount of data.

You must be working for the NSA.

Sent from ProtonMail Mobile

On Fri, Aug 25, 2017 at 2:15 PM, Robert Wolf <r.wolf.c...@gmail.com> wrote:

> On Thu, 24 Aug 2017, Rupert Gallagher wrote: > Re: dependencies > > - db: 
> why? just use the ical and vcard files! They are files, they are in a > 
> directory, they can be used like dovecot uses eml files! No need for > 
> postgresql or mysql. *** Usually, the DB server is one host, Webclient is 
> other host, IMAP server (or cluster) are other hosts, SMTP Server(-s) is 
> other host. All these Servers need access same data on one place. Yes, you 
> can use IMAP to store contacts and events, as e.g. Kerio, Groupwise, and 
> probably some other do and then write some interface server to convert data 
> from IMAP to HTTP. But many vcard and vcal servers store the data in DB 
> (AFAIK SOGo.nu stores these in DB). Btw, dovecot can use SOLR/Lucene for 
> indexing too. Dovecot does use local index files too, but probably if you 
> have really many emails, then you want really indexing server (which can run 
> on different hardware). Why? Because of searching. DB creates indexes and can 
> search fast. Maybe for 100 items is searching on FS and in DB same fast, but 
> with more and more items, FS will be slower. You know probably, how the vcard 
> and vcal looks like (if not, please see one). This is a text. Everything is 
> text. Even dates are text. You cannot search in these files e.g. "if event 
> starts after 2017/8/25". You have to read every file, parse the dates and 
> then can you compare. If you convert these vcal into DB, into correct fields, 
> you can search faster the in FS. And the searching does not mean only if use 
> want find something. The server must search for alarms, to do free/busy 
> search, etc. > - webmail: why? We use dovecot!!! *** Webmail is client, 
> dovecot is server. Do you have only dovecot? No client? Then why do you need 
> dovecot at all, if none reads the emails? No, really, you need some client. 
> Webmail is easy to use, Webbrowser is everywhere. I use alpine, but for BFU 
> is webmail the best. OK, let's say the client for contacts and events could 
> be thunderbird. Calender is intergrated in TB and it does use HTTP. E.g. even 
> if the calender items are stored in Kerio in a maildir-like folder invisible 
> over IMAP, the communication between TB client and Kerio servers runs over 
> HTTP for vcal. SOGO AddOn for contacts for Thunderbird use HTTP too (it works 
> even with Kerio). All these clients and server for ical and contacts use 
> caldav and carddav (DAV over HTTP). Nobody writes server (or client), that 
> use IMAP, because these is no client (or server) which synchronize vcal or 
> vcard over IMAP. > - apache web: why? we use nginx. *** This should not 
> matter, if you know, how to configure nginx to provide same functionality as 
> apache. You can use your favourite webserver, as long as it supports the 
> requirements of the app. E.g. if the vcard/vcal application is written in 
> PHP, then the webserver must be able to run PHP. > - linux: why? we use other 
> unix systems. *** because the programmers develop it on linux and have tested 
> it on linux. For most things, you can use other unix too. Sometimes, it is 
> possible to run it even on Windows, e.g. apache, nginx, php, perl, mysql, ... 
> these run on Windows too. > - python: why? it takes 140MB all by itself, *** 
> It must be written in some prg lang. Someone can C, then he writes it in C - 
> but then, the same libraries must be installed or the developer must compile 
> for every different system with different libraries. Python, Perl, PHP and 
> other interpreted languages are compiled on the fly on the currently running 
> system. Developer can simply pack original source code and this will run on 
> every platform. Therefore, many people use interpreted langs to let their 
> apps run on many platform without many special "IFs" and without compiling 
> for X different platforms. > it is an interpreter (slow) *** I would not 
> expect really big speed difference between good written python code and C 
> code for some vcard/vcal server. > it is a security hazard *** I would say, 
> there could be more security errors (buffer overflow etc) in C code, than in 
> python code. > we would have to install it on purpose and sanbox it in a 
> virtual machine! So > we have to install a vm manager. *** As I say, the most 
> secure server is switched off server and disconnected from LAN and power. You 
> have to choose between security, functionality and complexity. Either you 
> provide only smtp+imap server or you want provide more features (webclient, 
> vcal/vcard, .

Re: Dovecot - Postfix Calender Synchronisation

[Rupert Gallagher]

On Thu, Aug 24, 2017 at 10:55 PM, Roger Klorese  wrote:

> "Webmail? We use dovecot." And how exactly do you read and write mail using 
> dovecot?

With a MUA.

Re: Dovecot - Postfix Calender Synchronisation

[Rupert Gallagher]

Re: portable formats and their mime type

https://en.m.wikipedia.org/wiki/ICalendar
https://en.m.wikipedia.org/wiki/VCard

Re: dependencies

- db: why? just use the ical and vcard files! They are files, they are in a 
directory, they can be used like dovecot uses eml files! No need for postgresql 
or mysql.

- webmail: why? We use dovecot!!!

- apache web: why? we use nginx.

- linux: why? we use other unix systems.

- python: why? it takes 140MB all by itself, it is an interpreter (slow), it is 
a security hazard, we would have to install it on purpose and sanbox it in a 
virtual machine! So we have to install a vm manager.

Bloody hell...

Sent from ProtonMail Mobile

On Thu, Aug 24, 2017 at 4:25 PM, Tanstaafl <tansta...@libertytrek.org> wrote:

> On Wed Aug 23 2017 14:26:15 GMT-0400 (Eastern Standard Time), Rupert 
> Gallagher wrote: > On Wed, Aug 23, 2017 at 7:22 PM, Tanstaafl wrote: > >> I 
> would have to put in a plug for SOGo - very lightweight, ... > >> Care to 
> elaborate? > > 
> https://github.com/inverse-inc/sogo/blob/master/Documentation/SOGoInstallationGuide.asciidoc#system-requirements
>  > > Too many requirements. I obviously meant would you care to elaborate on 
> this comment of yours: "There are two portable file formats for calendar and 
> contacts that work across applications and systems, but no server that can 
> use them, and use them safely." Any client<>server system will have some 
> basic requirements. SOGo is very easy to install (as long as you are using a 
> repo+package manager, and aren't trying to install each dependency manually 
> by hand). @libertytrek.org> @protonmail.com>

Re: Dovecot - Postfix Calender Synchronisation

[Rupert Gallagher]

We tried installing Radicale months ago, and decided to postpone testing. Its 
footprint exceeds 140MB, because of python. It requires python, which is a 
security hazard on production servers. Security mitigations are absent: must 
use a virtual machine.

Sent from ProtonMail Mobile

On Thu, Aug 24, 2017 at 12:11 AM, Marcus Rueckert  wrote:

> Lookup radicale. -- openSUSE - SUSE Linux is my linux openSUSE is good for 
> you www.opensuse.org

Re: Aw: Dovecot - Postfix Calender Synchronisation

[Rupert Gallagher]

We murdered web applications with a chainsaw. Web 2.0 has too many security 
holes.

On Wed, Aug 23, 2017 at 8:35 PM, Mihai Badici  wrote:

> the vaste majority of web applications around use the same stack.

Re: Dovecot - Postfix Calender Synchronisation

[Rupert Gallagher]

... it requires linux with ldap and a db, it provides an apache-based webmail, 
and requires 10GB.

No, I do not use linux and apache, and no I am not going to serve webmail.

A state-of-the-art production server uses 500 MB on a read-only 4GB SD. So, 
SOGO will never fit in.

Sent from ProtonMail Mobile

On Wed, Aug 23, 2017 at 8:26 PM, Rupert Gallagher <r...@protonmail.com> wrote:

> On Wed, Aug 23, 2017 at 7:22 PM, Tanstaafl <tansta...@libertytrek.org> wrote:
>
>> I would have to put in a plug for SOGo - very lightweight, ...
>
>> Care to elaborate?
>
> https://github.com/inverse-inc/sogo/blob/master/Documentation/SOGoInstallationGuide.asciidoc#system-requirements
>
> Too many requirements.
>
> Sent from ProtonMail Mobile

Re: Dovecot - Postfix Calender Synchronisation

[Rupert Gallagher]

On Wed, Aug 23, 2017 at 7:22 PM, Tanstaafl  wrote:

> I would have to put in a plug for SOGo - very lightweight, ...

> Care to elaborate?

https://github.com/inverse-inc/sogo/blob/master/Documentation/SOGoInstallationGuide.asciidoc#system-requirements

Too many requirements.

Sent from ProtonMail Mobile

Re: Aw: Dovecot - Postfix Calender Synchronisation

[Rupert Gallagher]

I still find impediments to the adoption of any of those "solutions". Too many 
software dependencies, like PHP, DB, python, and a virtual machine. --- There 
are two portable file formats for calendar and contacts that work across 
applications and systems, but no server that can use them, and use them safely.

Sent from ProtonMail Mobile

On Wed, Aug 23, 2017 at 10:41 AM, Infoomatic  wrote:

> Hello, > Please witch add-on possibilities exist to synchronize the Calednar 
> with > Dovecot and Postfix. > > Can give me here any a possible direction ? 
> Postfix and Dovecot are responsible for mailing. If you want a calendar, you 
> probably want a CalDav server or a Microsoft ActiveSync compatible server. 
> There are various solutions out there, I know of caldav servers and libraries 
> from sabredav.io, calendarserver.org, agendav.org, davical.org, radicale.org 
> and bedework at apereo.org If you want a more integrated solution there is 
> open-xchange (dovecot company is part of), sogo.nu, kolab.org, obm.org, 
> horde, citadel, zimbra, zarafa While I have not tried all of those, I can 
> recommend sogo.nu. I have not tried all of the above, and when I evaluated 
> some of them (back then in 2012/13), some did not meet our expectations 
> concerning speed, ease of setup/administration and stability. But things 
> might have changed of course. Hope this helps, infoomatic

Re: dovecot 2.2.31: linking error

[Rupert Gallagher]

I would rather choose what to install.
Sent from ProtonMail Mobile

On Sat, Jul 1, 2017 at 1:02 PM, Sami Ketola <sami.ket...@dovecot.fi> wrote:

>> On 1 Jul 2017, at 13.08, Rupert Gallagher wrote: > > I tried compiling 
>> without "--with-storage=maildir" and it terminated without error. I need to 
>> enforce maildir, however. You can enforce maildir in configuration. Sami 
>> @protonmail.com>

Re: dovecot 2.2.31: linking error

[Rupert Gallagher]

I tried compiling without "--with-storage=maildir" and it terminated without 
error. I need to enforce maildir, however.
Sent from ProtonMail Mobile

On Fri, Jun 30, 2017 at 4:26 PM, Timo Sirainen <t...@iki.fi> wrote:

> On 29 Jun 2017, at 13.32, Rupert Gallagher wrote: > > -std=gnu99 > 
> -mmacosx-version-min=10.12 > [...] > Undefined symbols for architecture 
> x86_64: > "_imapc_client_cmd", referenced from: > _imapc_quota_refresh in 
> quota-imapc.o > "_imapc_client_get_capabilities", referenced from: > 
> _imapc_quota_refresh in quota-imapc.o > "_imapc_command_sendf", referenced 
> from: > _imapc_quota_refresh in quota-imapc.o > "_imapc_simple_callback", 
> referenced from: > _imapc_quota_refresh in quota-imapc.o > 
> "_imapc_simple_context_init", referenced from: > _imapc_quota_refresh in 
> quota-imapc.o > "_imapc_simple_run", referenced from: > _imapc_quota_refresh 
> in quota-imapc.o > "_imapc_storage_client_register_untagged", referenced 
> from: > _imapc_quota_refresh in quota-imapc.o > ld: symbol(s) not found for 
> architecture x86_64 > clang-4.0: error: linker command failed with exit code 
> 1 (use -v to see invocation) If you're using configure --with-storage=... 
> remove that. @protonmail.com>

Re: dovecot 2.2.31: linking error

[Rupert Gallagher]

Yes, the m4 files do exist. And yet...
...
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal -I . -I m4
aclocal: error: couldn't open directory 'm4': No such file or directory
autoreconf: aclocal failed with exit status: 1

>  Original Message 
> Subject: Re: dovecot 2.2.31: linking error
> Local Time: June 29, 2017 5:51 PM
> UTC Time: June 29, 2017 3:51 PM
> From: r...@protonmail.com
> To: dovecot@dovecot.org
> No, I did not. I used the mainstream tar release, not the git bundle.
> autoreconf -vi returns error, for lack of m4 file.
> Sent from ProtonMail Mobile
>
> On Thu, Jun 29, 2017 at 12:51 PM, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>
>> On 29.06.2017 13:32, Rupert Gallagher wrote: > -std=gnu99 > 
>> -mmacosx-version-min=10.12 > [...] > Undefined symbols for architecture 
>> x86_64: > "_imapc_client_cmd", referenced from: > _imapc_quota_refresh in 
>> quota-imapc.o > "_imapc_client_get_capabilities", referenced from: > 
>> _imapc_quota_refresh in quota-imapc.o > "_imapc_command_sendf", referenced 
>> from: > _imapc_quota_refresh in quota-imapc.o > "_imapc_simple_callback", 
>> referenced from: > _imapc_quota_refresh in quota-imapc.o > 
>> "_imapc_simple_context_init", referenced from: > _imapc_quota_refresh in 
>> quota-imapc.o > "_imapc_simple_run", referenced from: > _imapc_quota_refresh 
>> in quota-imapc.o > "_imapc_storage_client_register_untagged", referenced 
>> from: > _imapc_quota_refresh in quota-imapc.o > ld: symbol(s) not found for 
>> architecture x86_64 > clang-4.0: error: linker command failed with exit code 
>> 1 (use -v to see invocation) Did you run autoreconf -vi before configure and 
>> make? Aki

Re: dovecot 2.2.31: linking error

[Rupert Gallagher]

No, I did not. I used the mainstream tar release, not the git bundle.
autoreconf -vi returns error, for lack of m4 file.
Sent from ProtonMail Mobile

On Thu, Jun 29, 2017 at 12:51 PM, Aki Tuomi <aki.tu...@dovecot.fi> wrote:

> On 29.06.2017 13:32, Rupert Gallagher wrote: > -std=gnu99 > 
> -mmacosx-version-min=10.12 > [...] > Undefined symbols for architecture 
> x86_64: > "_imapc_client_cmd", referenced from: > _imapc_quota_refresh in 
> quota-imapc.o > "_imapc_client_get_capabilities", referenced from: > 
> _imapc_quota_refresh in quota-imapc.o > "_imapc_command_sendf", referenced 
> from: > _imapc_quota_refresh in quota-imapc.o > "_imapc_simple_callback", 
> referenced from: > _imapc_quota_refresh in quota-imapc.o > 
> "_imapc_simple_context_init", referenced from: > _imapc_quota_refresh in 
> quota-imapc.o > "_imapc_simple_run", referenced from: > _imapc_quota_refresh 
> in quota-imapc.o > "_imapc_storage_client_register_untagged", referenced 
> from: > _imapc_quota_refresh in quota-imapc.o > ld: symbol(s) not found for 
> architecture x86_64 > clang-4.0: error: linker command failed with exit code 
> 1 (use -v to see invocation) Did you run autoreconf -vi before configure and 
> make? Aki

dovecot 2.2.31: linking error

[Rupert Gallagher]

-std=gnu99
-mmacosx-version-min=10.12
[...]
Undefined symbols for architecture x86_64:
"_imapc_client_cmd", referenced from:
_imapc_quota_refresh in quota-imapc.o
"_imapc_client_get_capabilities", referenced from:
_imapc_quota_refresh in quota-imapc.o
"_imapc_command_sendf", referenced from:
_imapc_quota_refresh in quota-imapc.o
"_imapc_simple_callback", referenced from:
_imapc_quota_refresh in quota-imapc.o
"_imapc_simple_context_init", referenced from:
_imapc_quota_refresh in quota-imapc.o
"_imapc_simple_run", referenced from:
_imapc_quota_refresh in quota-imapc.o
"_imapc_storage_client_register_untagged", referenced from:
_imapc_quota_refresh in quota-imapc.o
ld: symbol(s) not found for architecture x86_64
clang-4.0: error: linker command failed with exit code 1 (use -v to see 
invocation)

Re: DoS (was IMAP-auth on LAN and otherwise)

[Rupert Gallagher]

We use PF instead of IPTABLES, where overloading leads to banning of specific 
IP (hence the useful absence of NAT). One such "workaround" would have to be 
managed, for example with an e-mail to alert sysadmin followed up by some 
manual labour. It is doable, but it does not solve the problem with dovecot, as 
shown with wireshark. A solution would consist in dovecot limiting the number 
of connections from the same IP, so that no IP is blacklisted by PF and the 
server keeps going without any denial of service. Only the specific TB client 
would be temporarily affected.

Sent from ProtonMail Mobile

On Tue, May 9, 2017 at 8:36 AM, Mihai Badici  wrote: I think 
is better to fix that using iptables, depending on your network
topology (if you NAT the local lan traffic with destination the external IP of
dovecot, it will answer with the external IP) . In yours case, looks like the
trafic to the external IP isn't NAT-ed, which could cause troubles also for
other kind of traffic.

Re: folders in public namespace only visable to 2nd folder level in 2.2.29.1

[Rupert Gallagher]

> view is now inconsistent

Same problem here. I posted it months ago in this list, and still waiting for 
comments or solution. The many upgrades did not help either. Given the lack of 
response from the list, this is either an ages-old problem that everybody has 
and has learned to ignore, or a configuration problem that one ought to solve 
by simply following the manual. No, the manual did not help.

Sent from ProtonMail Mobile

On Thu, May 4, 2017 at 9:27 AM, Andreas Oster  wrote:

Mit freundlichen Grüßen

Andreas Oster
NOVA Elektroanlagen GmbH
Carl-Zeiss-Str. 3

D-76275 Ettlingen

Tel.: +49 (7243) 5490 22
FAX: +49 (7243) 5490 54
aos...@novanetwork.de
http://www.novanetwork.de

Geschäftsführer: Jörg Amann, Claudia Blasi
Registergericht: Mannheim, HRB 361711 Adresse Andreas Oster

Am 03.05.2017 um 17:51 schrieb Andreas Oster:
> Hi all,
>
> I am currently facing an issue with Dovevot version 2.2.29.1 where
> subfolders in a public namespace are only
> visible to the 2nd folder level:
>
> namespace Public -> folder "1st" -> folder -> "2nd" -> folder "3rd" 
>
> When one user creates a subfolder below the 2nd level other users do not
> see that folder and are unable to
> subscribe to this folder. Folders created under the 1st level however
> are visible and subscribable by other
> users.
>
> namespace {
> disabled = no
> hidden = no
> ignore_on_failure = no
> inbox = no
> list = children
> type = public
> separator = /
> prefix = Public/
> location = maildir:/var/vmail/public:INDEXPVT=~/Maildir/public
> subscriptions = no
> }
>
>
> I do not know at which point ( dovecot update ) this issue appeared.
>
> Does anyone face the same problem ?
>
> Thank you for your kind help
>
> best regards
> Andreas
>

Hi all,

I have just recognized that there seems to be something wrong with the
per user seen flag indexes. In the dovecot log file I get a lot of those
errors:

Error: /var/vmail/domain/someuser/Maildir/public/.test.2nd
/dovecot.index.pvt reset, view is now inconsistent
Error:
/var/vmail/domain/someuser/Maildir/public/.test.2nd/dovecot.index.pvt
view is inconsistent

Error: /var/vmail/domain/someuser/Maildir/public/.test.2nd.3rd
/dovecot.index.pvt reset, view is now inconsistent
Error:
/var/vmail/domain/someuser/Maildir/public/.test.2nd.3rd/dovecot.index.pvt
view is inconsistent



Could this be the cause of the issue ? How can this be fixed ?

Thank you for your kind help

best regards
Andreas

Re: IMAP-auth on LAN and otherwise

[Rupert Gallagher]

By pointing the clients' DNS to the server's local address, instead of the 
public one.

We feared it would break IMAP locally, because of DNSSEC and DANE and what not, 
all tied to the public IP. It just passed the test, and IMAP is much faster now.

Sent from ProtonMail Mobile

On Wed, May 3, 2017 at 5:27 PM, B. Reino <rei...@bbmk.org> wrote: How? :)

On May 3, 2017 5:25:51 PM GMT+02:00, Rupert Gallagher <r...@protonmail.com> 
wrote:
>Problem solved.
>
>Sent from ProtonMail Mobile
>
>On Tue, May 2, 2017 at 3:46 PM, Rupert Gallagher <r...@protonmail.com>
>wrote:
>Hello,
>
>Thunderbird has been bugging us with connection errors. Dovecot is
>installed on a local server that carries a local IP and a public IP.
>When Thunderbird on a local client connects successfully, Wireshark
>shows a SYN request from the client's IP on LAN to the public IP of the
>server, followed by the ACK from the same public IP. When Thunderbird
>on the same local client fails to connect, Wireshark shows a SYN
>request from the client's IP on LAN to the public IP of the server,
>followed by the ACK from the server's LAN address, the client does not
>accept the ACK as valid and sends a new SYN request. The loop
>eventually leads to time-out. At the client's console, the DNS query of
>the IMAP server always responds with the server's public IP address.
>
>It is evident from Wireshark that the dovecot server sends ACKs from
>two IPs. Is it possible to instruct Dovecot to use the public IP only?

Re: IMAP-auth on LAN and otherwise

[Rupert Gallagher]

Problem solved.

Sent from ProtonMail Mobile

On Tue, May 2, 2017 at 3:46 PM, Rupert Gallagher <r...@protonmail.com> wrote:
Hello,

Thunderbird has been bugging us with connection errors. Dovecot is installed on 
a local server that carries a local IP and a public IP. When Thunderbird on a 
local client connects successfully, Wireshark shows a SYN request from the 
client's IP on LAN to the public IP of the server, followed by the ACK from the 
same public IP. When Thunderbird on the same local client fails to connect, 
Wireshark shows a SYN request from the client's IP on LAN to the public IP of 
the server, followed by the ACK from the server's LAN address, the client does 
not accept the ACK as valid and sends a new SYN request. The loop eventually 
leads to time-out. At the client's console, the DNS query of the IMAP server 
always responds with the server's public IP address.

It is evident from Wireshark that the dovecot server sends ACKs from two IPs. 
Is it possible to instruct Dovecot to use the public IP only?

Re: IMAP-auth on LAN and otherwise

[Rupert Gallagher]

It may be the new router and the new switch doing something "smart",
because problems started to show up since their installation.
We are purchasing a Cisco Catalyst just to diagnose the hardware.

There may be a software problem, although things used to work before
the installation of the new hardware. We use nsd to serve the public IP, and
we use unbound to serve recursive DNS queries to LAN clients.
This is unbound's stub-zone / split-horizon for the public DNS:

stub-zone:

name: "example.com."

stub-addr: 127.0.0.1@5350

stub-addr: 192.168.1.6@5350

stub-prime: no

stub-first: no

where "example.com" is the dovecot server.

The settings return consistent behaviour: the clients always receive
the correct public address by querying nsd at 192.168.1.6 on port 5350.

The puzzling bit is shown by Wireshark: sometimes dovecot returns ACK
from the LAN address, which is not correct for the given setup.

It will take weeks before we can diagnose with the Catalyst. Gosh...

 Original Message 
Subject: Re: IMAP-auth on LAN and otherwise
Local Time: 2 May 2017 4:53 PM
UTC Time: 2 May 2017 14:53
From: tobs...@brain-force.ch
To: dovecot@dovecot.org

I'm not sure that this is a dovecot issue. For me it sounds more that
the router somehow learned dovecots LAN ip and then takes a shortcut by
sending the packets directly to dovecot on routers LAN interface instead
of going all the way to the WAN interface and then back to LAN.
You could verify if that is the case by tcpdump on dovecot and see on
what interface the request comes is.

If that would be my setup I would configure a local nameserver with
split-horizon config and resolve my dovecots hostname with the LAN IP.
Then connecting TB to dovecots hostname as servername. So if your
outside your LAN it would resolve with your public IP and inside your
LAN it resolves with dovecots LAN IP.

Cheers

tobi

Am 02.05.2017 um 15:46 schrieb Rupert Gallagher:
> Hello,
>
> Thunderbird has been bugging us with connection errors. Dovecot is installed 
> on a local server that carries a local IP and a public IP. When Thunderbird 
> on a local client connects successfully, Wireshark shows a SYN request from 
> the client's IP on LAN to the public IP of the server, followed by the ACK 
> from the same public IP. When Thunderbird on the same local client fails to 
> connect, Wireshark shows a SYN request from the client's IP on LAN to the 
> public IP of the server, followed by the ACK from the server's LAN address, 
> the client does not accept the ACK as valid and sends a new SYN request. The 
> loop eventually leads to time-out. At the client's console, the DNS query of 
> the IMAP server always responds with the server's public IP address.
>
> It is evident from Wireshark that the dovecot server sends ACKs from two IPs. 
> Is it possible to instruct Dovecot to use the public IP only?

Re: IMAP-auth on LAN and otherwise

[Rupert Gallagher]

Test on 10-master.conf:

inet_listener imaps {
address = 
port = 993
ssl = yes
}

Returns the following error:

Error: bind(, 993) failed: Can't assign requested address

2017-05-02T18:12:41 master: Error: bind(, 993) failed: Can't assign 
requested address

Error: service(imap-login): listen(, 993) failed: Can't assign 
requested address

2017-05-02T18:12:41 master: Error: service(imap-login): listen(, 
993) failed: Can't assign requested address

Fatal: Failed to start listeners

 Original Message 
Subject: Re: IMAP-auth on LAN and otherwise
Local Time: 2 May 2017 4:26 PM
UTC Time: 2 May 2017 14:26
From: rei...@bbmk.org
To: Rupert Gallagher <r...@protonmail.com>
dovecot@dovecot.org <dovecot@dovecot.org>

On Tue, 2 May 2017, Rupert Gallagher wrote:

> [...]
> Is it possible to instruct Dovecot to use the public IP only?

for inet_listeners (imap, pop, etc.) you can use "address = "
the default is AFAIK to listen on all addresses ("*" for ip4 and "::" for
ip6)

IMAP-auth on LAN and otherwise

[Rupert Gallagher]

Hello,

Thunderbird has been bugging us with connection errors. Dovecot is installed on 
a local server that carries a local IP and a public IP. When Thunderbird on a 
local client connects successfully, Wireshark shows a SYN request from the 
client's IP on LAN to the public IP of the server, followed by the ACK from the 
same public IP. When Thunderbird on the same local client fails to connect, 
Wireshark shows a SYN request from the client's IP on LAN to the public IP of 
the server, followed by the ACK from the server's LAN address, the client does 
not accept the ACK as valid and sends a new SYN request. The loop eventually 
leads to time-out. At the client's console, the DNS query of the IMAP server 
always responds with the server's public IP address.

It is evident from Wireshark that the dovecot server sends ACKs from two IPs. 
Is it possible to instruct Dovecot to use the public IP only?