Re: Message Age Deletion Query
Thanks Lucas! I'll give these a try. On Wednesday, April 10, 2024 at 11:31:42 PM PDT, Lucas Rolff wrote: https://doc.dovecot.org/3.0/man/doveadm-search-query.7/ Probably something like savedbefore 4weeks Or even sentbefore 4weeks Sent from Outlook_for_iOS === From: Steve Hadachek via dovecot Sent: Thursday, April 11, 2024 10:03:22 AM To: dovecot@dovecot.org Subject: Message Age Deletion Query Hello. Using Mochahost and want to delete mailbox items older than 1 month (approx) from receipt . Reading DoveCot documentation, not finding age query. Can you please specify this for me and provide an example? Thank you and Kind Regards, -Steve Hadachek ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Message Age Deletion Query
Hello. Using Mochahost and want to delete mailbox items older than 1 month (approx) from receipt . Reading DoveCot documentation, not finding age query. Can you please specify this for me and provide an example? Thank you and Kind Regards, -Steve Hadachek ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
One Way sync is deleting emails
Hello, I am hoping that you can help me. I am running this command on my main email server, one way backup/sync to the backup server. sudo doveadm sync -1 -A remote:root@x.x.x.x x.x.x.x is my remote server. I will add a new email on the main, run the command and it shows up on the backup. - Great! Now I delete that email from the main, run the command and the email is removed from the backup. That should not delete anything from the backup, correct? I prefer Not to delete anything, only update/add. Do you see what I am doing wrong? Thank You Here my installed versions dovecot-core 1:2.3.16+dfsg1-3ubuntu2.2 dovecot-imapd 1:2.3.16+dfsg1-3ubuntu2.2 dovecot-lmtpd 1:2.3.16+dfsg1-3ubuntu2.2 dovecot-mysql 1:2.3.16+dfsg1-3ubuntu2.2 dovecot-pop3d 1:2.3.16+dfsg1-3ubuntu2.2 postfix 3.6.4-1ubuntu1.2 amd64 High-performance mail transport agent postfix-mysql 3.6.4-1ubuntu1.2 amd64 MySQL map support for Postfix postfix-policyd-spf-python 2.9.3-1 all Postfix policy server for SPF checking ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: "Connection reset by peer" errors with Outlook
Yeah I think I figured it out. It looks like someone set up their phone with bad password and when they got on the WiFi network it got everyone else on the network banned for 10 min. I’ve whitelisted the ip for now. I think the guy was traveling between different offices making it look like it wasn’t isolated to a single network. > On Jan 22, 2024, at 6:15 PM, Michael Grant wrote: > > On Mon, Jan 22, 2024 at 04:28:09PM -0500, Steve Dondley via dovecot wrote: >> OK, I was chasing log ghosts. What was actually going on was fail2ban was >> kicking on for users and banning them for 10 min. >> >> I have no idea what is triggering it for so many different users from legit >> email addresses. Still investigating. But this appears to be a fail2ban >> problem, not a dovecot problem. > > Oh you have my sympathies. fail2ban-client banned ipaddr. Get the ip > addr of your users and see if they're banned like th is. Then use > fail2ban-client unban. I can't tell you how often this happens to me. > > What happens is users have phones and laptops and they then add a > tablet and want their email on it so they end up messing up their > password on their tablet, or worse, resetting their password in order > to get mail on their tablet and then it screws up the other devices > and it's an absolute nightmare to continually debug. It happens to > multiple users who are at the same address, as in, my parents because > they're all behind the same address in the router. It happens to > multiple people who use New Outlook which insists on sucking all the > mail into Microsoft's servers and then one user bans a swatch of addrs > of those servers and random things break everywhere. I ended up > whitelisting all of microsoft's mail servers in my jail.local: > > 40.80.0.0/12 40.74.0.0/15 40.120.0.0/14 40.125.0.0/17 40.76.0.0/14 > 40.96.0.0/12 40.124.0.0/16 40.112.0.0/13 > > Hope this helps. I have been there so many times and it's a regular > occurance in my tech life chasing these ghosts. > > Michael Grant ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: "Connection reset by peer" errors with Outlook
OK, I was chasing log ghosts. What was actually going on was fail2ban was kicking on for users and banning them for 10 min. I have no idea what is triggering it for so many different users from legit email addresses. Still investigating. But this appears to be a fail2ban problem, not a dovecot problem. On Jan 22, 2024, at 10:41 AM, Steve Dondley via dovecot wrote: Based on your email I went back and took a closer took at the logs. The client reported this happened at 11:58 of the 19th. I went back and took a closer look and around 11:56 I found these entries in the log. 81218 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap (t.oli)<3739040>: Connection closed (IDLE running for 0.001 + waiting input for 1175.376 secs, 2 B in + 10 B out, state=wait-input) in=182 out=172366 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81219 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap (s.dam)<3739037>: Connection closed (IDLE running for 0.001 + waiting input for 1174.763 secs, 2 B in + 10 B out, state=wait-input) in=182 out=799331 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81220 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: warning: hostname 179.hosted-by.198xd.com does not resolve to address 45.129.14.179: Name or service not known 81221 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: connect from unknown[45.129.14.179] 81222 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (j.pomex)<3739095>: Connection closed (IDLE running for 0.001 + waiting input for 1078.221 secs, 2 B in + 10 B out, state=wait-input) in=165 out=801497 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count= 0 body_bytes=0 81223 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (a.cerx)<3739042>: Connection closed (IDLE running for 0.001 + waiting input for 1169.527 secs, 2 B in + 10 B out, state=wait-input) in=182 out=303618 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81224 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (h.fox)<3739034>: Connection closed (IDLE running for 0.001 + waiting input for 1180.675 secs, 2 B in + 10 B out, state=wait-input) in=194 out=1927 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bo dy_bytes=0 81225 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (dxx)<3739057>: Connection closed (IDLE running for 0.001 + waiting input for 1135.454 secs, 2 B in + 10 B out, state=wait-input) in=182 out=458253 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bod y_bytes=0 So these have real user names associated (have been obfuscated. I think these are more likely the source of the error some users have been seeing, not the errors I originally posted here to the mailing list. On Jan 21, 2024, at 8:34 PM, Benny Pedersen wrote: Steve Dondley via dovecot skrev den 2024-01-22 02:18: I have a mail server using dovecot that has been running without issue for quite a couple of years now. It serves email for about 30 individuals. But since Jan 14th, users have been reporting spurious errors in MS Outlook: 324 Jan 21 00:38:17 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=596) failed: Connection reset by peer, session= there is no user in the above line Some characteristics of the problem that may offer a clue: * happening with multiple users, not just the same one * happens from different IP addresses. bots detected * happens about 3 to 5 times per day and the errors come in batches like above * MS Outlook error is: why is it a microsoft problem now ? reported error (0x80042109): ‘Outlook cannot conect to your outgoing SMTP email server. If you continue to receive this message….blah blah blah disable pop3 in dovecot, problem is then gone I googled the error code but didn’t find anything particularly helpful. we all use minimal tls1.2, the bots still use ssl, with username fails I’m running Debian bullseye, version 11.8. irelevant info ___ dovecot mailing list -- doveco
Re: "Connection reset by peer" errors with Outlook
Based on your email I went back and took a closer took at the logs. The client reported this happened at 11:58 of the 19th. I went back and took a closer look and around 11:56 I found these entries in the log. 81218 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap(t.oli)<3739040>: Connection closed (IDLE running for 0.001 + waiting input for 1175.376 secs, 2 B in + 10 B out, state=wait-input) in=182 out=172366 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81219 Jan 18 11:56:56 ip-172-30-0-131 dovecot: imap (s.dam)<3739037>: Connection closed (IDLE running for 0.001 + waiting input for 1174.763 secs, 2 B in + 10 B out, state=wait-input) in=182 out=799331 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81220 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: warning: hostname 179.hosted-by.198xd.com does not resolve to address 45.129.14.179: Name or service not known 81221 Jan 18 11:56:59 ip-172-30-0-131 postfix/smtpd[3740240]: connect from unknown[45.129.14.179] 81222 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (j.pomex)<3739095>: Connection closed (IDLE running for 0.001 + waiting input for 1078.221 secs, 2 B in + 10 B out, state=wait-input) in=165 out=801497 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count= 0 body_bytes=0 81223 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (a.cerx)<3739042>: Connection closed (IDLE running for 0.001 + waiting input for 1169.527 secs, 2 B in + 10 B out, state=wait-input) in=182 out=303618 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 81224 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap (h.fox)<3739034>: Connection closed (IDLE running for 0.001 + waiting input for 1180.675 secs, 2 B in + 10 B out, state=wait-input) in=194 out=1927 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bo dy_bytes=0 81225 Jan 18 11:57:00 ip-172-30-0-131 dovecot: imap(dxx)<3739057>: Connection closed (IDLE running for 0.001 + waiting input for 1135.454 secs, 2 B in + 10 B out, state=wait-input) in=182 out=458253 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 bod y_bytes=0 So these have real user names associated (have been obfuscated. I think these are more likely the source of the error some users have been seeing, not the errors I originally posted here to the mailing list. On Jan 21, 2024, at 8:34 PM, Benny Pedersen wrote: Steve Dondley via dovecot skrev den 2024-01-22 02:18: I have a mail server using dovecot that has been running without issue for quite a couple of years now. It serves email for about 30 individuals. But since Jan 14th, users have been reporting spurious errors in MS Outlook: 324 Jan 21 00:38:17 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=596) failed: Connection reset by peer, session= there is no user in the above line Some characteristics of the problem that may offer a clue: * happening with multiple users, not just the same one * happens from different IP addresses. bots detected * happens about 3 to 5 times per day and the errors come in batches like above * MS Outlook error is: why is it a microsoft problem now ? reported error (0x80042109): ‘Outlook cannot conect to your outgoing SMTP email server. If you continue to receive this message….blah blah blah disable pop3 in dovecot, problem is then gone I googled the error code but didn’t find anything particularly helpful. we all use minimal tls1.2, the bots still use ssl, with username fails I’m running Debian bullseye, version 11.8. irelevant info ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: "Connection reset by peer" errors with Outlook
> there is no user in the above line > >> Some characteristics of the problem that may offer a clue: >> * happening with multiple users, not just the same one >> * happens from different IP addresses. > > bots detected The problem is happening to real users on real devices who are reporting very real connection errors, not bots. > >> * happens about 3 to 5 times per day and the errors come in batches like >> above >> * MS Outlook error is: > > why is it a microsoft problem now ? > >> reported error (0x80042109): ‘Outlook cannot conect to your outgoing SMTP >> email server. If you continue to receive this message….blah blah blah > > disable pop3 in dovecot, problem is then gone The same problem happens on IMAP. Example from log: Jan 21 01:51:55 ip-172-30-0-131 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=87.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=598) failed: Connection reset by peer, session= ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
"Connection reset by peer" errors with Outlook
I have a mail server using dovecot that has been running without issue for quite a couple of years now. It serves email for about 30 individuals. But since Jan 14th, users have been reporting spurious errors in MS Outlook: 316 Jan 21 00:38:12 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=783) failed: Connection reset by peer, session= 317 Jan 21 00:38:12 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=598) failed: Connection reset by peer, session= 318 Jan 21 00:38:13 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=598) failed: Connection reset by peer, session=<9rWIHm4PtuF2wSuN> 319 Jan 21 00:38:13 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=677) failed: Connection reset by peer, session= 320 Jan 21 00:38:14 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=691) failed: Connection reset by peer, session= 321 Jan 21 00:38:15 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=610) failed: Connection reset by peer, session= 322 Jan 21 00:38:16 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=609) failed: Connection reset by peer, session= 323 Jan 21 00:38:16 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=596) failed: Connection reset by peer, session= 324 Jan 21 00:38:17 ip-172-30-0-131 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=118.xxx.xxx.xxx, lip=172.30.0.131, TLS handshaking: read(size=596) failed: Connection reset by peer, session= Some characteristics of the problem that may offer a clue: * happening with multiple users, not just the same one * happens from different IP addresses. * happens about 3 to 5 times per day and the errors come in batches like above * MS Outlook error is: reported error (0x80042109): ‘Outlook cannot conect to your outgoing SMTP email server. If you continue to receive this message….blah blah blah I googled the error code but didn’t find anything particularly helpful. I’m running Debian bullseye, version 11.8. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
execute: /user/bin/checkpassword /user/libexec/dovecot/checkpassword-reply
Hi, I have recently moved a dovecot installation from 2.2.36 on RHEL7.9 onto 2.3.20 on Amazon Linux 2023 and I'm now seeing the error message in the title relating to /usr/bin/checkpassword (which doesn't exist on either). This is a project that I've inherited, and I've never used dovecot previously. I've been searching around for a couple of days trying to figure this out. Running out of ideas. Here's a slightly redacted snippet from dovecot.log Jan 04 17:23:22 auth: Debug: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Performing passdb lookup Jan 04 17:23:22 auth: Debug: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): execute: /usr/ bin/checkpassword /usr/libexec/dovecot/checkpassword-reply Jan 04 17:23:22 auth: Fatal: execv(/usr/bin/checkpassword) failed: No such file or directory Jan 04 17:23:22 auth: Debug: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Received input: Jan 04 17:23:22 auth: Debug: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): exit_status=84 Jan 04 17:23:22 auth: Error: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Child 106455 exited with status 84 Jan 04 17:23:22 auth: Debug: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Finished passdb lookup Jan 04 17:23:22 auth: Debug: auth (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Auth request finished Jan 04 17:23:24 auth: Debug: client passdb out: FAIL 1 user=redacted@redacted.redacted.local code=temp_fail Jan 04 17:23:24 imap-login: Info: Disconnected: Connection closed (auth service reported temporary failure): user=redacted@redacted.redacted.local, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<6uwL/SEOzpt/AAAB> Jan 04 17:23:24 auth: Debug: auth client connected (pid=106456) Jan 04 17:23:24 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=R5kq/SEO0Jt/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=39888 As part of the build process we overwrite the config files with ones which are presumably from a previous version. In particular there's an auth.conf file which contains :- !include auth-checkpassword.conf.ext and in turn that file contains the stanza :- passdb { driver = checkpassword args = /usr/bin/checkpassword } which is where I guess the problem lies. The thing is the config files are almost identical on both systems. Here's the dovecot -n output... [root@server dovecot]# dovecot -n # 2.3.20 (xyz675d): /etc/dovecot/dovecot.conf # OS: Linux 6.1.61-85.141.amzn2023.x86_64 x86_64 ext4 # Hostname: server...1a97d auth_debug = yes auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 0 first_valid_uid = 0 listen = * log_path = /var/project/log/dovecot/dovecot.log mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail mbox_write_locks = fcntl passdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } passdb { args = /usr/bin/checkpassword driver = checkpassword } protocols = imap service auth { unix_listener auth-userdb \{ group = postfix mode = 0600 user = postfix } } ssl_cert = ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: How to temporarily make all mailboxes read-only for backup purposes?
Matthias Nagel said on Sat, 25 Nov 2023 11:51:09 + >I would like to avoid making a local deep copy first. This essentially >doubles the required storage on the local disk and it also wears down >the disk much faster as I will write gigabytes of data onto the disk >every 24 hours. > >I would prefer an option which allows the backup program (Borg backup >in my case) to only read the local data and send it to the remote >backup space directly. Is the remote vendor going to take the same care in preserving your data as you would? You could buy two 2TB spinning rust external hard drives for seventy bucks each, so if one gets borked you have the other. If you desire offsite, keep one in a bank safe deposit box high off the ground to prevent water damage. https://www.newegg.com/model-wdbyvg0020bbk-wesn-2tb/p/N82E16822234389?Item=N82E16822234389 So your system disk doesn't get written at all, and doesn't get filled up with backups. If every 24 hours you add "gigabytes of data", it should take many, many days to fill up a 2TB spinning rust drive. Once you have your own copy, there's nothing preventing you from duplicating it on the remote server, as long as your data is encrypted. Now if your vendor does what so many vendors do, and screws up, you're still the master of your own data. SteveT Steve Litt Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Avoiding POODLE vulnerability
Bernardo Reino said on Sun, 19 Nov 2023 09:04:15 +0100 (CET) >On Sun, 19 Nov 2023, Steve Litt wrote: > >> Michael Orlitzky said on Sat, 18 Nov 2023 17:31:49 -0500 >> >>> On Sat, 2023-11-18 at 16:54 -0500, Steve Litt wrote: >>>> >>>> I forgot to say: I'm using Dovecot 2.3.21 on an up to date 64 bit >>>> x86_64 Void Linux computer using runit for its init system. I >>>> populate Dovecot's Maildir via fetchmail and procmail. >>>> >>> >>> You probably don't have to do anything. SSLv2 and SSLv3 have been >>> disabled by default in OpenSSL for a while, and my dovecot default >>> is, >>> >>> # doveconf -d | grep ssl_min_protocol >>> ssl_min_protocol = TLSv1.2 >> >> Nice! I'll make that change tomorrow. Thanks! > >Note that the above is actually the *default*, at least in the debian >12 (bookworm) version, so you should not have do anything. > >(and generally it is not recommended to deviate from defaults unless >you really know what you're doing, otherwise you may end up actually >worsening the security wrt the defaults). > >Good luck. Thanks Bernardo, doveconf -d shows that I have no such config key as ssl_protocols, my ssl_min_protocol is TLSv1.2, and the default ssl_cipher_list is the following huge string: ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH Is the preceding the safest and most bug free, or should I modify it in dovecot.conf? Thanks, SteveT Steve Litt Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Avoiding POODLE vulnerability
Bernardo Reino said on Sun, 19 Nov 2023 09:04:15 +0100 (CET) >On Sun, 19 Nov 2023, Steve Litt wrote: > >> Michael Orlitzky said on Sat, 18 Nov 2023 17:31:49 -0500 >> >>> On Sat, 2023-11-18 at 16:54 -0500, Steve Litt wrote: >>>> >>>> I forgot to say: I'm using Dovecot 2.3.21 on an up to date 64 bit >>>> x86_64 Void Linux computer using runit for its init system. I >>>> populate Dovecot's Maildir via fetchmail and procmail. >>>> >>> >>> You probably don't have to do anything. SSLv2 and SSLv3 have been >>> disabled by default in OpenSSL for a while, and my dovecot default >>> is, >>> >>> # doveconf -d | grep ssl_min_protocol >>> ssl_min_protocol = TLSv1.2 >> >> Nice! I'll make that change tomorrow. Thanks! > >Note that the above is actually the *default*, at least in the debian >12 (bookworm) version, so you should not have do anything. > >(and generally it is not recommended to deviate from defaults unless >you really know what you're doing, otherwise you may end up actually >worsening the security wrt the defaults). Thanks Bernardo, I use Void Linux, not Debian. Is there a command that tells me the defaults? Thanks, SteveT Steve Litt Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Avoiding POODLE vulnerability
Michael Orlitzky said on Sat, 18 Nov 2023 17:31:49 -0500 >On Sat, 2023-11-18 at 16:54 -0500, Steve Litt wrote: >> >> I forgot to say: I'm using Dovecot 2.3.21 on an up to date 64 bit >> x86_64 Void Linux computer using runit for its init system. I >> populate Dovecot's Maildir via fetchmail and procmail. >> > >You probably don't have to do anything. SSLv2 and SSLv3 have been >disabled by default in OpenSSL for a while, and my dovecot default is, > > # doveconf -d | grep ssl_min_protocol > ssl_min_protocol = TLSv1.2 Nice! I'll make that change tomorrow. Thanks! SteveT Steve Litt Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Avoiding POODLE vulnerability
Steve Litt said on Sat, 18 Nov 2023 16:42:42 -0500 >Hi all, > >Ten years after the fact I learned about POODLE (Padding Oracle On >Downgraded Legacy Encryption) vulnerabilities, which enable a poorly >configured server to force my client to downgrade to vulnerable >encryption. > >My current conf.d/10-ssl.conf contains the following line: [snip] I forgot to say: I'm using Dovecot 2.3.21 on an up to date 64 bit x86_64 Void Linux computer using runit for its init system. I populate Dovecot's Maildir via fetchmail and procmail. Thanks, SteveT Steve Litt Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Avoiding POODLE vulnerability
Hi all, Ten years after the fact I learned about POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerabilities, which enable a poorly configured server to force my client to downgrade to vulnerable encryption. My current conf.d/10-ssl.conf contains the following line: ssl_cipher_list = ALL:!LOW:!SSLv3:!EXP:!aNULL I've read that I should change the preceding line to the following: ssl_protocols = !SSLv3 !SSLv2 Is this correct? For some reason I have the same ssl_cipher_list in dovecot.conf. Should I make the change there too? Is there anything else I need to change? The following is my current dovecot.conf: = # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # OS: Linux 5.10.12_1 x86_64 # Hostname: mydesk.domain.cxm mail_location = maildir:~/mail/Maildir:INBOX=~/mail/Maildir/.INBOX namespace inbox { inbox = yes location = prefix = } passdb { driver = pam args = %s } userdb { driver = passwd } protocols = imap service imap-login { inet_listener imap { #port = 143 port = 0 } inet_listener imaps { port = 993 #port = 0 ssl = yes #ssl = no } } ssl = required #ssl = yes ssl_cert = http://www.troubleshooters.com/rl21 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
More information on dict proxy
Hello, I'm working on an implementation of a dict server. I've looked through all your documentation but can't seem to find how I can create the proper URI to direct the quota plugin to use a TCP socket instead of a UNIX socket. I'd appreciate any insight you can provide. Steve ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: The end of Dovecot Director?
Aki Tuomi said on Thu, 20 Oct 2022 22:04:42 +0300 (EEST) >https://doc.dovecot.org/3.0/installation_guide/upgrading/from-2.3-to-3.0/ > >This is subject to change, as we have not actually released this >version yet. > >Aki Thanks Aki, I skimmed this document and it looks to me like nothing there applies to my Dovecot setup. I'll be checking it from time to time. Thanks, SteveT Steve Litt Summer 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm
Re: The end of Dovecot Director?
Aki Tuomi said on Thu, 20 Oct 2022 21:41:53 +0300 (EEST) >Most small/medium servers do not need director. You can use replicator >get a pri/bu pair. I've never needed to use replicator. I don't even know what a pri/bu pair is. I just have fetchmail feed to procmail which delivers messages into my Dovecot maildir, and then access the Dovecot IMAP server with an email client. Hopefully I'll be able to continue doing it this way. > >Only the director part is being removed, rest of Dovecot remains. For >the next major release we are also removing certain deprecated parts >that have a replacement in elsewhere of the code. Is there a document on the deprecations and their replacements? I'd like to read it. > >The mail server functionality is going to remain 100% open source and >free. The preceding sentence is a huge relief for me. Thanks! SteveT Steve Litt Summer 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm
Re: The end of Dovecot Director?
I'm top posting because I can't make heads or tails of this thread. Does this thread mean that Dovecot will no longer be Free Software? It appears that only Dovecot Director will be taken proprietary, but if all of Dovecot is in jeopardy, I need to switch to another local IMAP server program. Any suggestions will be welcome. Thanks, SteveT Aki Tuomi said on Thu, 20 Oct 2022 13:02:38 +0300 (EEST) >> On 20/10/2022 12:24 EEST Steff Majeur >> wrote: >> >> >> I recently stumbled upon the following commit on the Dovecot core >> Github repository: >> https://github.com/dovecot/core/commit/4a187116dc2311804be22724007d357323005358 >> >> Apparently, Dovecot Director is going to be removed in the next >> major version of Dovecot and the commercial Dovecot cluster >> architecture will be its successor: >> https://github.com/dovecot/documentation/blob/a85b742ec4fc2744db30a6943b3c25f004e46720/source/admin_manual/cluster/index.rst >> > >Yes, this is going to happen. > >> This would be a huge blow for many organizations around the world >> that are currently using Dovecot with Director in a shared storage >> environment. >> >> Can anyone of the Dovecot developers maybe enlighten us about the >> future of Dovecot? >> - Will there still be the Director feature in the next community >> release of Dovecot? > >Next 2.3 CE release will have a director. > >> - If not, will there be a community feature that is on par with the >> current Director feature? > >There will be more information about this closer to new major release, >that we are working on. Director is still present in >https://github.com/dovecot/core/tree/release-2.3 > >> - For how long will Dovecot version 2.3 still be supported (security >> fixes, bug fixes)? Is there any EOL plan? > >This will be informed later, but as general rule, once we make a new >major release, 2.3 will go into maintenance mode, and will receive >only select bug fixes and CVE fixes. > >> Thanks for any clarification! >> Steff > >Aki SteveT Steve Litt Summer 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm
Re: mdbox vs. maildir format
On Tue, 2022-10-18 at 16:48 +0200, Bernardo Reino wrote: > On 18/10/2022 12:17, Michael wrote: > > > > [...] > > so, raid is mandatory, which is already the case, but what about backup? > > how can i achieve a backup/snapshot of both, the mdbox (nfs share) and > > the index files (local raid) and assure they are consistent? > > You can use doveadm to backup the mailboxes, which should work correctly > even in a live system. > > My backup "strategy" (hopefully it deserves that name) is to weekly run > something like: > > for MAILBOX in $USERS; do > doveadm expunge -u "$MAILBOX" mailbox Trash savedbefore 7d > doveadm expunge -u "$MAILBOX" mailbox Spam savedbefore 30d > doveadm purge -u "$MAILBOX" > > LOCATION2="mdbox:/srv/snap_mail/$MAILBOX/mdbox" > doveadm -v backup -u "$MAILBOX" -P "$LOCATION2" > done Do you think the preceding shellscript will work if I store my Dovecot messages in the Maildir form? Thanks, SteveT
Re: convert mdbox to maildir
On Sat, 2022-08-13 at 18:36 +0200, lutz.niede...@gmx.net wrote: > > The real problem is that we must not use the running, old dovecot > installation. > So we are not able to connect to the old server, pull all folders and mails > and > create a new maildir structure. Currently, we can't do anything against it. > What > we get are the users' mdbox files. Why not? Is the old server broken beyond repair? If not, is there an actual reason behind, or is it just a arbitrary decision capable of being swayed by facts? Is the customer willing to pay for the large increase in time to rebuild the whole thing? Will they at least let you rsync the old server's entire mdbox structure to a machine where you can do your conversion? I don't know, to me their act of giving you some files and saying "it's your problem now" seems arbitrary, and you should charge them a lot of money. > > Is there any way to convert mdbox files and structures to maildir directly > from > filesystem? > Or do we have to build a copy of the old machine (dovecot only, or -maybe > better- > a vm) and then use doveadm backup? > Or is it ok to just set up the completely new installation, set mail_location > to > where the new Maildirs will be, like maildir:~/Maildir and then run something > like > doveadm backup mdbox:/tmp/$user/mdbox -u $user? Will this transfer all mails > and > folders or do we have to keep an eye on some specific things? All I know about mdbox comes from this document: https://doc.dovecot.org/admin_manual/mailbox_formats/dbox/ Quoting a specific sentence: "One of the main reasons for dbox’s high performance is that it uses Dovecot’s index files as the only storage for message flags and keywords, so the indexes don’t have to be “synchronized”. Dovecot trusts that they’re always up-to-date (unless it sees that something is clearly broken). This also means that you must not lose the dbox index files, as they can’t be regenerated without data loss." The quote says *dbox*, but it's in a section devoted to both dbox and mdbox, so I'm thinking it might be true of both. Have they given you the index files? If not, it sounds to me like any regeneration would be an approximation at best. Do you have a way of accurately putting together the directory structure of the former mdbox system? My experience 10 years ago converting about a quarter million kmail emails to Dovecot Maildir is it takes about an hour to transfer between 25,000 and 50,000 emails, but of course that was on a much more anemic machine than I have today. I'd guess that if you have both databases on the same machine, the way I did ten years ago, the process will go pretty fast. Here's a count of my Dovecot Maildir today: [root@mydesk Maildir]# du -hs 16G . [root@mydesk Maildir]# find . | wc -l 734906 [root@mydesk Maildir]# I don't know much about your particular situation, but it seems to me like the majority of your problem isn't technical. SteveT
Re: Tools to get a report of which folders have new mail?
On Tue, 2022-07-19 at 09:19 +0300, Aki Tuomi wrote: > > > > > doveadm -fjson mailbox status -u user unseen "*" As promised, the following is the Python 3 script to take advantage of your command by printing out the mailbox name and number of unseen for each folder that has some unseen messages: === #!/usr/bin/python3 import json; import subprocess; def main(): cmd='doveadm -fjson mailbox status -u slitt unseen "*"' sp=subprocess.Popen(cmd,shell=True, stdout=subprocess.PIPE) rc=sp.wait() print('\n\n\n\n') jstrng,junk=sp.communicate() jsn=json.loads(jstrng) newboxes={} for rec in jsn: if rec['unseen'] != "0": unseen=rec['unseen'] mailbox=rec['mailbox'] newboxes[mailbox] = unseen for key in sorted(newboxes.keys(), key=str.lower): print("{}: {} unread.".format(key, newboxes[key])) if __name__ == '__main__': main() === My 20 minutes of testing indicate this is not always accurate and must not be relied on without backup methods, but I'm going to be using it until I find something better. Thanks, Steve
Re: Tools to get a report of which folders have new mail?
On Tue, 2022-07-19 at 16:33 +1200, Peter wrote: > On 19/07/22 3:18 pm, Steve Litt wrote: > > Is there any way I could use > > doveadm or other tools to create a report that shows all my folders > > in a > > hierarchy? > > See doveadm(1) and doveadm-mailbox(1), specifically the `doveadm > mailbox > list` command. > > > Also, is there a way to show only those with new mail? > > Look at doveadm-search(1) and doveadm-search-query(7) for this. > > You can loop through the list of mailboxes from doveadm mailbox list > and > pass them one at a time to `doveadm search NEW MAILBOX mailboxname` > to > see if any messages are returned from the search. Thanks Peter. I'll look into everything you mentioned in the next few days. SteveT
Re: Tools to get a report of which folders have new mail?
On Tue, 2022-07-19 at 09:19 +0300, Aki Tuomi wrote: > > > On 19/07/2022 06:18 EEST Steve Litt > > wrote: > > > > > > Hi all, > > > > I use a Dovecot IMAP server on my Linux desktop computer, and I'm > > pretty good at writing shellscripts. Is there any way I could use > > doveadm or other tools to create a report that shows all my folders > > in a > > hierarchy? Also, is there a way to show only those with new mail? > > > > Thanks, > > > > SteveT > > > > Steve Litt > > Summer 2022 featured book: Thriving in Tough Times > > http://www.troubleshooters.com/bookstore/thrive.htm > > doveadm -fjson mailbox status -u user unseen "*" > Very nice Aki! I can pass that JSON to a Python program I make to parse JSON, and then just report the ones not having "unseen":"0" . Thank you! SteveT
Re: Tools to get a report of which folders have new mail?
Remo Mattei said on Mon, 18 Jul 2022 20:51:16 -0700 >Are you using maildrop or flat files In your config? Thanks Remo, If by "maildrop" you mean "maildir", I'm using maildir. Otherwise, I don't know what maildrop is. > If you are using >maildrop where there is a file for each file then you could use free >into the folder new My Dovecot setup uses maildir and there's definitely one file per message. When I type "free" at my Linux command line it just lists statistics about memory. The doveadm man page doesn't list a command called "free". So I'm not sure what "free into the new folder" means. > but I do not know what config you have check tre >command and see if that does some of what you want. Thanks, SteveT > >> Il giorno 18 lug 2022, alle ore 20:20, Steve Litt >> ha scritto: >> >> Hi all, >> >> I use a Dovecot IMAP server on my Linux desktop computer, and I'm >> pretty good at writing shellscripts. Is there any way I could use >> doveadm or other tools to create a report that shows all my folders >> in a hierarchy? Also, is there a way to show only those with new >> mail? >> >> Thanks, >> >> SteveT >> >> Steve Litt >> Summer 2022 featured book: Thriving in Tough Times >> http://www.troubleshooters.com/bookstore/thrive.htm >
Tools to get a report of which folders have new mail?
Hi all, I use a Dovecot IMAP server on my Linux desktop computer, and I'm pretty good at writing shellscripts. Is there any way I could use doveadm or other tools to create a report that shows all my folders in a hierarchy? Also, is there a way to show only those with new mail? Thanks, SteveT Steve Litt Summer 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm
Interfacing mutt with Dovecott
Hi all, All my email for the past 20 years is held on a Dovecot IMAP server (version 2.3.19.1 (9b53102964)) on my desktop. I've been using Claws-Mail but want to switch to Mutt. In the past I've tried this, but Mutt was unreliable in reading folders from my local Dovecot server. It didn't see a lot of the folders. I know some people have been very successful running Mutt to access an IMAP server, so it appears to be possible. How should I run Mutt to access my Dovecot? Also, in the past I've used Claws-Mail to admin my Dovecot folders (make new folders, move folders, etc). I've heard there are one or more Dovecot provided tools to do this kind of admin. What are the names of those tools? Thanks, SteveT Steve Litt Summer 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm
Is multi factor authentication practical/feasible?
I have a small client whose insurance company insists they have MFA for their email to be covered under some kind of data protection policy. Currently I have the client set up on a Debian box for the email server coupled with roundcube for webmail. Most the users just use roundcube but some also use their mobile devices to check email. Maybe one person uses outlook. There’s about 5 to 10 users total. I know roundcube offers a MFA plugin. But I don’t have the foggiest idea how of an iPhone, Android device, or Outlook could all be set up to work with MFA with a standard dovecot/postfix setup. Are there any practical solutions for easily implementing MFA that could work across multiple devices?
Dovecot and OAuth2 and gmail
Hi all, I'm not sure Dovecot has anything to do with this, but I'd rather ask and know for sure. I do the following: Gmail IMAP=>fetchmail=>procmail=>Dovecot IMAP Then, I view my Dovecot hosted email with Claws-Mail. I understand that on May 31, 2022, current methods to access Gmail IMAP will turn into pumpkins because of insistence on OAuth2. Do I need to do anything to Dovecot to get ready for this Mass Extinction Event? Do you think I'll need to dump fetchmail for something else? Thanks, SteveT Steve Litt March 2022 featured book: Making Mental Models: Advanced Edition http://www.troubleshooters.com/mmm
Re: Mail error log polluted with dovecot imap errors
On 2021-09-17 08:13 AM, Steve Dondley wrote: The bug I patched also threw a similar kind of error: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970692 I don't know if this is another debian issue or a misconfiguration on my end. I'm not sure where to begin to look. Can someone please point me in the right direction? I think this is some kind of parsing bug from the response from solr. The number of pairs of errors returned is the same number of hits received during the search. So if I do a search with 7 results turned up, I get 7 pairs of errors. Fixed with the following: 1) simplified config file by removing the "fts_encforce = no" from 90-plugin.conf 2) blew away the manages_schema file on the solr server 3) reloaded solr data store 4) deleted the solr index for the data store 5) rescanned the emails with doveadm No more errors.
Re: Mail error log polluted with dovecot imap errors
The bug I patched also threw a similar kind of error: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970692 I don't know if this is another debian issue or a misconfiguration on my end. I'm not sure where to begin to look. Can someone please point me in the right direction? I think this is some kind of parsing bug from the response from solr. The number of pairs of errors returned is the same number of hits received during the search. So if I do a search with 7 results turned up, I get 7 pairs of errors.
Mail error log polluted with dovecot imap errors
I'm running debian bullseye. I've had issues running solr on debian due to some kind of bug I was able to patch by upgrading the os. After the upgrade, everything seems to work perfectly fine and the search feature in my client using solr now works. However, I get hundreds of these pairs of errors every minute in mail.err Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '102 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '103 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '104 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '105 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '106 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '118 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '132 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '133 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '134 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '135 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '136 Sep 17 04:47:52 email dovecot: imap: Error: ' Sep 17 04:47:52 email dovecot: imap(s)<8699><1eOe/CzMbOl/AAAB>: Error: fts_solr: received invalid uid '137 ...and so on The bug I patched also threw a similar kind of error: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970692 I don't know if this is another debian issue or a misconfiguration on my end. I'm not sure where to begin to look. Can someone please point me in the right direction?
Re: How can I always send a vacation response with sieve?
So share your solution! Just because you found a solution, doesn't mean others won't run into the same problem... *hint* *hint* My solution had nothing to do with dovecot. The solution involved hacking the php code of an ancient cms so that your could reply directly to the person who filled out an email form.
Re: SSL errors after certificate renewal
On 2021-09-07 01:25 PM, Amol Kulkarni wrote: Hello, After I replaced my certificate with a new one yesterday, I'm seeing some ssl related errors. There are successful pop/imap logins using SSL also. So I think the certificate in itself is fine. No user has complained as yet, so I don't know for sure. However the count of errors has surely increased after installing the new certificate. There are 2 errors seen : dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=, lip =, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46, session=<9m0AnVnL 2pHf4hso> dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=, lip =, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, session= Kindly help with some pointers. Thanks and Regards, Amol I assume you tried restarting dovecot, but just in case...
Re: Solr FTS - when does indexing happen?
Since most people will want fts_autoindex, the wiki page should include it in its example configuration that goes into 90-plugin.conf. Possibly better ... maybe it should default to "yes". It's probably a safe bet the developers, who are experts on these systems, probably have good reason not to make autoindexing the default.
Re: Solr FTS - when does indexing happen?
On 2021-09-03 12:43 PM, Shawn Heisey wrote: I have Solr FTS on my dovecot install. I followed the instructions on the dovecot wiki. How long a delay should I expect to see between new mail being delivered with the dovecot LDA and an indexing request sent to Solr? Because I get a LOT of email from various mailing lists, and I do not see any activity in Solr's log. When I did doveadm index -A -q '*' there was a lot of indexing activity in Solr's log, as expected. One time I looked at the Solr index and it had been 23 hours since it's last update ... I can guarantee that I received a lot of new messages in that time. What do I need to look at for further troubleshooting? I can confirm that when I issue a search in the TypeApp app on my phone (an IMAP app for android), I see the query in Solr's logfile. Thanks, Shawn DISCLAIMER: I've only set up solr once with dovecot so take these words with a grain of salt. As I recall, indexing an email is triggered immediately when an email is received if you have you dovecot settings set properly to trigger the indexing. The dovecot documentation for FTS, it spells it out. See https://doc.dovecot.org/configuration_manual/fts/solr/?highlight=fts%20user%20plugin There is an autoindex setting that neeeds to be set to "yes".
Re: How can I always send a vacation response with sieve?
On 2021-09-04 05:50 PM, Marc wrote: You do not want to do that because that can create loops. Yeah, right after I posted this I did some more googling and someone else was saying the same thing. I found another way around the problem I was trying to solve, though. So I'm good. Thanks for your response.
How can I always send a vacation response with sieve?
I don't want dovecot to wait X days before sending out another vacation response. However, setting the :days to "0" doesn't work. RFC https://www.rfc-editor.org/rfc/rfc5230.html#section-4.1 says: 4.1. Days Parameter The ":days" argument is used to specify the period in which addresses are kept and are not responded to, and is always specified in days. The minimum value used for this parameter is normally 1. Sites MAY define a different minimum value as long as the minimum is greater than 0. Sites MAY also define a maximum days value, which MUST be greater than 7, and SHOULD be greater than 30. If ":days" is omitted, the default value is either 7 or the minimum value (as defined above), whichever is greater. If the parameter given to ":days" is less than the minimum value, then the minimum value is used instead. If ":days" exceeds the site-defined maximum, the site-defined maximum is used instead. Sorry if this is more of a sieve question and is slightly off topic.
Re: What kind of search response time are you setting with solr full text search?
On 2021-08-24 08:53 PM, Steve Dondley wrote: MY SETUP: I have apache solr full text search enabled with dovecot. I have an inbox with about 40 subfolders. I'm using the roundcube web-based mail client. The find command is showing 15823 email files and apache solr reports the same number. I'm running a dedicated mail server with a 1 GB of ram. The solr machine is running on a separate machine with 4 GB ram. THE PROBLEM: When I do a full text search through all my inbox and all subfolders on a single word, search results are returned in about 10 to 15 seconds. This is better than the 40 seconds or so I'm getting when I turn off the fts and fts_solr plugins but still a little disappointing. WHAT I'D LIKE: Now, I don't expect instant search results like gmail, but getting the search results to display in less than 5 seconds would be a lot less painful that 10 to 15 seconds. WHAT I'VE TRIED: I have reindexed the emails on solr to try to speed things upit up. ANY ADVICE? Curious to know what response times others are seeing and if there is anything else I might try to speed things up. Maybe the number of subfolders is slowing things down? OK, I figured it out. It was a bug in Debian's version of dovecot: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970692 Upgrading to "Bulleyse" fixed things up nicely and I now have super fast search. Now I have to go tackle the plugin errors that are crashing the roundcube install. :)
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
On 2021-08-25 04:32 PM, Shawn Heisey wrote: On 8/25/2021 2:10 PM, Steve Dondley wrote: And it looks like I'm running into a major bug in the slightly dated version of dovecot debian uses: https://www.mail-archive.com/dovecot@dovecot.org/msg78825.html Recently I did a fairly major upgrade. I had an older Ubuntu release with Dovecot 1.x and an older Postfix version, wanted to upgrade it to v20, which had significantly newer versions of both programs. Before I did the Ubuntu upgrade, I took advice received here and installed the dovecot repo, upgrading it first. I looked at the following link and only found a couple of things in my config I needed to change. I didn't even use the conversion command at the top of the page. Everything still worked after I upgraded, which I found a little surprising. Postfix also worked after the upgrade, with no config changes required. https://doc.dovecot.org/installation_guide/upgrading/from-1.2-to-2.0/ I did the fts_solr integration *after* I upgraded dovecot. You can find the dovecot repos here, there are options for Debian: https://repo.dovecot.org/ Thanks, Shawn Fixed! I just upgraded to Debian bullseye and I'm not enjoying lightning fast search! Woohoo! Figuring out what *isn't* wrong is a good strategy to be sure you aren't chasing ghosts. So I greatly appreciate your time and patience. I will be sure to pay it forward.
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
I think this will be nailed once I figure out this issue. And it looks like I'm running into a major bug in the slightly dated version of dovecot debian uses: https://www.mail-archive.com/dovecot@dovecot.org/msg78825.html And this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970692 Though my error is slightly different. Instead of uid '0' I have no uid at all.
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
On 2021-08-25 04:05 PM, Steve Dondley wrote: The search time was no better with it on than off. So I'm thinking I got something misconfigured somewhere. It seems IMAP may not be using solr to fetch results. But this would be odd since I definitely do see a big improvements in times with fts plugins turned on when using roundcube. OK, I'm finally getting somewhere. Found this lead here: https://dovecot.org/pipermail/dovecot/2012-February/081514.html "doveadm fts optimize" throws an error: doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) Checking /var/log/mail.err, I see a ton of these entries: 83353 Aug 25 14:53:22 email dovecot: imap(s)<26536>: Error: fts_solr: received invalid uid ' 83354 Aug 25 14:53:22 email dovecot: imap: Error: ' 83355 Aug 25 14:58:05 email dovecot: imap(s)<26637>: Error: fts_solr: received invalid uid ' 83356 Aug 25 14:58:05 email dovecot: imap: Error: ' 83357 Aug 25 15:26:58 email dovecot: imap(s)<27217>: Error: fts_solr: received invalid uid ' 83358 Aug 25 15:26:58 email dovecot: imap: Error: ' 83359 Aug 25 15:27:11 email dovecot: imap(s)<27217>: Error: fts_solr: received invalid uid ' 83360 Aug 25 15:27:11 email dovecot: imap: Error: ' 83361 Aug 25 15:27:36 email dovecot: imap(s)<27217>: Error: fts_solr: received invalid uid ' 83362 Aug 25 15:27:36 email dovecot: imap: Error: ' I think this will be nailed once I figure out this issue. And it looks like I'm running into a major bug in the slightly dated version of dovecot debian uses: https://www.mail-archive.com/dovecot@dovecot.org/msg78825.html
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
The search time was no better with it on than off. So I'm thinking I got something misconfigured somewhere. It seems IMAP may not be using solr to fetch results. But this would be odd since I definitely do see a big improvements in times with fts plugins turned on when using roundcube. OK, I'm finally getting somewhere. Found this lead here: https://dovecot.org/pipermail/dovecot/2012-February/081514.html "doveadm fts optimize" throws an error: doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) Checking /var/log/mail.err, I see a ton of these entries: 83353 Aug 25 14:53:22 email dovecot: imap(s)<26536>: Error: fts_solr: received invalid uid ' 83354 Aug 25 14:53:22 email dovecot: imap: Error: ' 83355 Aug 25 14:58:05 email dovecot: imap(s)<26637>: Error: fts_solr: received invalid uid ' 83356 Aug 25 14:58:05 email dovecot: imap: Error: ' 83357 Aug 25 15:26:58 email dovecot: imap(s)<27217>: Error: fts_solr: received invalid uid ' 83358 Aug 25 15:26:58 email dovecot: imap: Error: ' 83359 Aug 25 15:27:11 email dovecot: imap(s)<27217>: Error: fts_solr: received invalid uid ' 83360 Aug 25 15:27:11 email dovecot: imap: Error: ' 83361 Aug 25 15:27:36 email dovecot: imap(s)<27217>: Error: fts_solr: received invalid uid ' 83362 Aug 25 15:27:36 email dovecot: imap: Error: ' I think this will be nailed once I figure out this issue.
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
I'm inclined to believe the problem is not that high up the food chain. Because when I query IMAP on a single folder over telnet following the instructions found here: https://doc.dovecot.org/configuration_manual/fts/solr/, imap reports that it's taking 3 to 4 seconds to return results: a search text "maynez" a OK Search completed (3.386 + 0.001 + 0.250 secs). This particular search returns a few hundred results. The speed of the query changed depending on whether a lot of results are returned. So if I search on a nonsensical word like "zyzzix", imap reports results nearly instantaneously: a search text "zyzzix" a OK Search completed (0.012 + 0.000 + 0.006 secs). I just did a quick test. I did a search over imap over telnet with fts plugins turned off and with them turned on. The search time was no better with it on than off. So I'm thinking I got something misconfigured somewhere. It seems IMAP may not be using solr to fetch results. But this would be odd since I definitely do see a big improvements in times with fts plugins turned on when using roundcube.
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
Random guess... Buffering? Whatever is sending to the browser isn't sending enough bytes to flush the buffer so the data is left in limbo until enough time goes by the buffer gets flushed anyways. Maybe a apache/nginx thing, php thing or browser thing. Remember its solr > dovecot > php > web server > browser. Tried other browsers? I'm inclined to believe the problem is not that high up the food chain. Because when I query IMAP on a single folder over telnet following the instructions found here: https://doc.dovecot.org/configuration_manual/fts/solr/, imap reports that it's taking 3 to 4 seconds to return results: a search text "maynez" a OK Search completed (3.386 + 0.001 + 0.250 secs). This particular search returns a few hundred results. The speed of the query changed depending on whether a lot of results are returned. So if I search on a nonsensical word like "zyzzix", imap reports results nearly instantaneously: a search text "zyzzix" a OK Search completed (0.012 + 0.000 + 0.006 secs).
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
On 2021-08-25 02:05 PM, Steve Dondley wrote: Try this in on the commandline of the Solr server: time curl "http://localhost:YYY/solr/dovecot/select?q=maynez=edismax=body+to+subject+cc+from; OK I had to modify the query path slightly to get it to work with my core to: time curl http://localhost:8983/solr/dondley/select?q=maynez=edismax=body+to+subjec:t+ccfrom OK! found the issue. My command line mangled the URL when I edited the url. There is a stray ":" in the query string. So I am now seeing a ton of results and the following query time: real0m0.118s user0m0.003s sys 0m0.011s So this looks really good and fast. So I think we can say with confidence solr is doing its job. So why is roundcube/dovecot taking so long to show the results?
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
That query should search ALL emails that dovecot has indexed to Solr. There is no restriction for mailbox or folder. OK. Try replacing "maynez" with something else that you know will be in the index. Did a search on "the". Still nothing. Very, very weird. What would explain why my email client is still returning results I get nothing from the command line? Here is the exact command I'm running: time curl http://172.30.0.94:8983/solr/dondley/select?q=the=edismax=body+to+subjec:t+ccfrom Do you see any typos in there? Note that you can ask dovecot to completely reindex everybody's email with this command run as root, and then you can try searching again a few minutes later: doveadm index -A -q '*' Yeah, tried this yesterday. Didn't help. If you think I should try again, let me know.
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
Try this in on the commandline of the Solr server: time curl "http://localhost:YYY/solr/dovecot/select?q=maynez=edismax=body+to+subject+cc+from; OK I had to modify the query path slightly to get it to work with my core to: time curl http://localhost:8983/solr/dondley/select?q=maynez=edismax=body+to+subjec:t+ccfrom But it didn't return any results: Results: "responseHeader":{ "status":0, "QTime":7, "params":{ "q":"maynez"}}, "response":{"numFound":0,"start":0,"numFoundExact":true,"docs":[] }} real0m0.018s user0m0.004s sys 0m0.006s I only have emails for this person in a subfolder of my main Inbox folder so maybe it's only searching the top level folder? You could do the query remotely by changing "localhost" to the hostname or IP address of the Solr server. From remote host, I got similar numbers (no results): real0m0.017s user0m0.009s sys 0m0.002s
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
This is a search for "a" which I had run several times, so Solr was serving it from its cache, and this time it only took 6 milliseconds. It also shows what a facet can do. The longest time I got for the "a" search was 15 milliseconds, before the query was in the cache. I think they queries themselves are returning very quickly, at least they were when I did a query on a single inbox. That's why I'm wondering if doing a search across 40 different inboxes via roundcube might be the issue. I'm thinking that each time a new mailbox is selected, it slows things down. But I have no idea how the IMAP search is performed across multiple inboxes so that's just a wild guess. OK, I take this back. I did an imap search via telnet and solr reports the search takes about 3 to 4 seconds. Here's the output: a search text "maynez" * SEARCH 5 6 7 32 61 64 69 70 117 118 119 120 121 122 123 124 126 127 129 165 197 202 203 204 205 206 207 216 231 259 451 452 453 454 455 456 482 730 731 810 811 812 813 814 815 816 817 818 819 820 829 830 831 832 852 853 854 855 867 868 869 870 871 872 873 874 875 886 887 888 889 891 904 908 909 910 911 912 913 920 924 925 926 927 928 931 936 938 940 941 944 946 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 969 970 971 972 973 974 975 976 977 986 987 988 989 993 1012 1013 1014 1015 1016 1017 1019 1020 1021 1022 1023 1024 1025 1026 1027 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1047 1048 1069 1091 1112 1113 1114 1121 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1144 1145 1146 1147 1148 1150 1159 1160 1161 1162 1175 1176 1177 1178 1179 1180 1181 1186 1187 1188 1189 1190 1192 1193 1197 1198 1202 1204 1205 1208 1214 1215 1216 1217 1218 1228 1229 1231 1232 1234 1236 1237 1243 1244 1245 1246 1247 1248 1249 1250 1252 1256 1257 1297 1298 1299 1300 1301 1302 1303 1304 1307 1308 1316 1317 1319 1320 1327 1328 1331 1332 1335 1336 1348 1349 1352 1355 1356 1358 1359 1361 1417 1418 1419 1420 1421 1423 1424 1443 1444 1445 1446 1447 1453 1460 1461 1462 1463 1464 1500 1501 1502 1503 1504 1505 1507 1508 1509 1510 1513 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1539 1541 1542 1543 1544 1594 1596 1597 1598 1599 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1628 1629 1631 1632 1633 1634 1635 1636 1637 1638 1639 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1660 1661 1663 1664 1665 1666 1674 1675 1676 1677 1679 1680 1688 1691 1693 1694 1695 1696 a OK Search completed (3.029 + 0.001 + 0.228 secs).
Re: [OT] Re: What kind of search response time are you setting with solr full text search?
One other data point from my experimenting that might shed some light on the problem: If I limit a search to a single folder instead of across all folders, it still takes 5 or 6 seconds for the results to appear. So that kind of destroys my theory that the problem might be caused by having too many inbox folders.
Re: What kind of search response time are you setting with solr full text search?
THE PROBLEM: When I do a full text search through all my inbox and all subfolders on a single word, search results are returned in about 10 to 15 seconds. This is better than the 40 seconds or so I'm getting when I turn off the fts and fts_solr plugins but still a little disappointing. I did some experimenting. I noticed that if the word I'm searching on is fairly rare, results will pop up quickly, like in around 3 to 5 seconds. Words that don't exist at all in any email returns nothing almost instantly. But words that appear in several hundred emails are the ones that are take a much longer time. Not sure if this just might be a slow email client or due to Dovecot itself or if maybe 1 GB of ram isn't enough and my machine is underpowered.
What kind of search response time are you setting with solr full text search?
MY SETUP: I have apache solr full text search enabled with dovecot. I have an inbox with about 40 subfolders. I'm using the roundcube web-based mail client. The find command is showing 15823 email files and apache solr reports the same number. I'm running a dedicated mail server with a 1 GB of ram. The solr machine is running on a separate machine with 4 GB ram. THE PROBLEM: When I do a full text search through all my inbox and all subfolders on a single word, search results are returned in about 10 to 15 seconds. This is better than the 40 seconds or so I'm getting when I turn off the fts and fts_solr plugins but still a little disappointing. WHAT I'D LIKE: Now, I don't expect instant search results like gmail, but getting the search results to display in less than 5 seconds would be a lot less painful that 10 to 15 seconds. WHAT I'VE TRIED: I have reindexed the emails on solr to try to speed things upit up. ANY ADVICE? Curious to know what response times others are seeing and if there is anything else I might try to speed things up. Maybe the number of subfolders is slowing things down?
Can the disable_plaintext_auth setting get overridden for a specific port?
In 10-auth.conf, I have "disable_plaintext_auth = yes" For port 143, I'd like to do something like this to override that setting: service imap-login { inet_listener imap { port = 143 disable_plain_text_auth = no } } Based on https://wiki.dovecot.org/LoginProcess and https://doc.dovecot.org/configuration_manual/service_configuration/ it doesn't seem like this is supported. But maybe there is another way to accomplish this?
Re: What imap ssl/auth settings work best with MS Outlook?
On 2021-04-29 09:40 AM, Steve Dondley wrote: I am using Outlook without any problems what so ever. It sounds to me like you are setting up Outlook to use port 465. In the setup screen, set the port to either "25" or "587". I am using "587" with "starttls" Your "incoming mail port" will depend on how you have Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV depending on your configuration. You might want to consider posting the output of "doveconf -a" and how you have Outlook configured. To get things working with the client I had to set "disable_plaintext_auth = no" and have them use port 143. Obviously, this is not ideal. I could not get 993 working at all with the client's version of outlook. However, on MS 365, outlook works just fine. It's insane. OK, I had changed "ssl = yes" to "ssl = required" so having "disable_plaintext_auth" is not such a big deal. But I would still love to know why port 993 wasn't working at all for this client.
Re: What imap ssl/auth settings work best with MS Outlook?
I am using Outlook without any problems what so ever. It sounds to me like you are setting up Outlook to use port 465. In the setup screen, set the port to either "25" or "587". I am using "587" with "starttls" Your "incoming mail port" will depend on how you have Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV depending on your configuration. You might want to consider posting the output of "doveconf -a" and how you have Outlook configured. To get things working with the client I had to set "disable_plaintext_auth = no" and have them use port 143. Obviously, this is not ideal. I could not get 993 working at all with the client's version of outlook. However, on MS 365, outlook works just fine. It's insane. # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-16-cloud-amd64 x86_64 Debian 10.9 # NOTE: Send doveconf -n output instead when asking for help. auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_cache_verify_password_with_worker = no auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain login auth_policy_check_after_auth = yes auth_policy_check_before_auth = yes auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_reject_on_fail = no auth_policy_report_after_auth = yes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url = auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_stats = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Ln auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 1 mins default_internal_group = dovecot default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_flush_socket = director_mail_servers = director_max_parallel_kicks = 100 director_max_parallel_moves = 100 director_output_buffer_size = 10 M director_ping_idle_timeout = 30 secs director_ping_max_timeout = 1 mins director_servers = director_user_expire = 15 mins director_user_kick_delay = 2 secs director_username_hash = %u disable_plaintext_auth = no dotlock_use_excl = yes doveadm_allowed_commands = doveadm_api_key = doveadm_http_rawlog_dir = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_username = doveadm doveadm_worker_count = 0 dsync_alt_char = _ dsync_commit_msgs_interval = 100 dsync_features = dsync_hashed_headers = Date Message-ID dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 1 first_valid_uid = 500 haproxy_timeout = 3 secs haproxy_trusted_networks = hostname = imap_capability = imap_client_workarounds = imap_fetch_failure = disconnect-immediately imap_hibernate_timeout = 0 imap_id_log = imap_id_retain = no imap_id_send = name * imap_idle_notify_interval = 2 mins imap_literal_minus = no imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes} imap_max_line_length = 64 k imap_metadata = no imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imapc_cmd_timeout = 5 mins imapc_connection_retry_count = 1 imapc_connection_retry_interval = 1 secs imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_max_line_length = 0 imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_sasl_mechanisms = imapc_ssl = no imapc_ssl_verify = yes imapc_user = import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS info_log_path = instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/lib/dovecot listen = *, :: lmtp_hdr_delivery_address = final lmtp_proxy = no lmtp_proxy_rawlog_dir = lmtp_rawlog_dir = lmtp_rcpt_check_quota = no lmtp_save_to_detail_mailbox = no lmtp_user_concurrency_limit = 0 lock_method = fcntl log_core_filter = log_debug = log_path = syslog log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot (Debian) ready. login_log_format = %$: %s
Re: What imap ssl/auth settings work best with MS Outlook?
On 2021-04-29 01:45 AM, @lbutlr wrote: On 28 Apr 2021, at 12:49, Steve Dondley wrote: I repeatedly have a hell of a time getting clients' Outlook software working well with Dovecot. It's hard for me to test myself since I don't have Outlook and it would be impossible to keep up with all the different versions anyway. How old is the version of Outlook they are using? Office 2010 is a disaster, and if I recall correctly 2014 has many issues as well. I'm not sure. It's fairly recent though. Some more nuttiness: I bit the bullet and downloaded a trial version of MS 365 and downloaded the Outlook desktop. On my mac, at least, there are two different interfaces/version of Outlook: the "old" Outlook and a "new," more minimalist version. You can switch between the versions easily. On the "old" outlook, I was able to get things set up without issue. But with the "new" outlook, I couldn't send email or set up a new account. It turns out I had to enable the smtp_tls_wrappermode setting to get it working with the "new" Outlook. See http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode I thought the wrapper setting was just for the long dead Outlook Express mail client. But now I'm wondering if I need this setting for some versions of Outlook. Even so, it's terrible software that is designed to 'encourage' users to use Exchange Servers for mail instead of real email servers. I'm not conspiracy theorist, but I can't help but come to the same conclusion. I am totally unfamiliar with Exchange servers. What do they offer, exactly, that dovecot/postfix does not (besides a revenue stream for MS)?
Re: What imap ssl/auth settings work best with MS Outlook?
I think my problem might be here. Instead of %Ln, maybe I should have %L%n? Nope: https://wiki.dovecot.org/DomainLost
Re: What imap ssl/auth settings work best with MS Outlook?
On 2021-04-28 02:49 PM, Steve Dondley wrote: I repeatedly have a hell of a time getting clients' Outlook software working well with Dovecot. It's hard for me to test myself since I don't have Outlook and it would be impossible to keep up with all the different versions anyway. I've got the following settings, currently: disable_plaintext_auth = yes auth_username_format = %Ln auth_mechanisms = plain login ssl = yes I think my problem might be here. Instead of %Ln, maybe I should have %L%n?
Re: What imap ssl/auth settings work best with MS Outlook?
Your best bet to make Outlook behave better as an IMAP client is to configure a mail "profile" via Control Pannel --> User Accounts --> Mail, and set all the particulars there. Recent versions of Outlook have a stripped down configuration interface that offers no flexibility. For example, from Outlook itself it's not possible to set an IMAP login name that's not an email address. Yes, this was a "holy shit" moment that I had today. I couldn't even see how to change the user name. Outlook has got to have the worst, most inconsistent user interface for a mail client I've ever seen. It's insane. Thanks for the tip on the Mail settings. I wasn't aware of those. I bit the bullet and got a free trial of MS Outlook as part of Office 365 so I could do some testing. It was super easy to set up and I had absolutely no issues logging into my client's IMAP account with. I spent an hour with the client today, who had a slightly older version of Outlook, and we could not get it working. It took 5 minutes just for Outlook to fail and finally tell us it couldn't log in. As I think about this, it's probably some kind of encryption protocol issue. Is it possible some older versions of outlook are using outdated encryption methods that my server is not set up to work with?
What imap ssl/auth settings work best with MS Outlook?
I repeatedly have a hell of a time getting clients' Outlook software working well with Dovecot. It's hard for me to test myself since I don't have Outlook and it would be impossible to keep up with all the different versions anyway. I've got the following settings, currently: disable_plaintext_auth = yes auth_username_format = %Ln auth_mechanisms = plain login ssl = yes service imap-login { # inet_listener imap { #port = 143 # } inet_listener imaps { port = 993 ssl = yes } } service imap { client_limit = 1 } It always seems to be hit or miss with outlook as to which encryption setting to use, which port to try, etc. With a recent client, I couldn't get them successfully logged in no matter what manual settings we tried. If someone can give me some tips on how to get most versions of Outlook cooperating well with Dovecot, I'd appreciate it.
What is the proper value in solrconfig.xml for dovecot?
I'm looking at config documentation for solr on dovecot: https://doc.dovecot.org/configuration_manual/fts/solr/ In the suggested solrconfig.xml file (https://raw.githubusercontent.com/dovecot/core/master/doc/solr-config-7.7.0.xml), it has the following line: 7.7.0 I'm running solr version 8.8.1, however. I'm wondering if I should change this line to: 8.8.1 Things seems to work fine with the 7.7.0 value but there is a comment in the config file that says: I'm not familiar with Lucene or Solr so I'm uncertain as to what to set this to. Thanks.
Re: systemd timeout on startup after upgrade
Felix Zielcke said on Sat, 17 Apr 2021 19:37:30 +0200 >Hello *, > >I have upgraded today a Debian buster (stable) system to bullseye >(still testing). After upgrade I did a complete reboot of the VM. > >Dovecot version changed from 1:2.3.4.1-5+deb10u6 to 1:2.3.13+dfsg1-1 > >`systemctl start dovecot` now complains >Job for dovecot.service failed because a timeout was exceeded. > >As a workaround I set "TimeoutStartSec=infinity" in dovecot.service. >But `systemctl status` now says: Systemd's got problems. I use runit to start dovecot. Without dumping systemd, you can start the runit process supervisor from systemd, and then start any other daemons from runit. I used to use this method (with daemontools instead of the very similar runit) to avoid starting from sysvinit. I don't use systemd, but if I did, I'd use it as little as possible, because it's a very complicated, very ever-scope-expanding moving target. I don't even call the above described method as a workaround, because I consider systemd the root cause. SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques
Re: Emails to multiple recipients on same server not getting delivered
So where are you calling Spamassassin for each email? Hmm... maybe you need to have -d ${recipient} in your spamassassin call? Or better yet, call the 'deliver' program from dovecot like I showed isntead. spamass-dovecot_destination_recipient_limit = 1 virtual_alias_maps = hash:/etc/postfix/virtual-alias-maps virtual_mailbox_maps = sqlite:/etc/postfix/virtual_users.cf virtual_transport = spamass-dovecot I've simplified the configuration by turning off spamassassin and removing any mention of it from master.cf. Things are working now. But I'm still baffled why basically the same master.cf config is working on one server but not another. I wonder if different SA configs might be the problem.
Emails to multiple recipients on same server not getting delivered
When I send an email to a single user on a server, it is received by the user without a problem. But when sending to multiple users, the emails disappear into a black hole. The logs contain no errors and indicate the emails were sent: Apr 5 13:10:29 email postfix/pipe[31703]: F3A912027D: to=, relay=spamassassin, delay=1.6, delays=0.12/0/0/1.5, dsn=2.0.0, status=sent (delivered via spamassassin service (X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on email.example.org X-Spam-Level: X-Spam-Stat)) Apr 5 13:10:29 email postfix/pipe[31703]: F3A912027D: to=, relay=spamassassin, delay=1.6, delays=0.12/0/0/1.5, dsn=2.0.0, status=sent (delivered via spamassassin service (X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on email.example.org X-Spam-Level: X-Spam-Stat)) However, when I check the inboxes for the recipients, the email is nowhere to be found. I tried lifting the receiving/concurrent limits but to no effect. I have other servers with very similar configurations to this one but I'm not having issues with them. lmtp is the local delivery agent. My postconf: alias_maps = hash:/etc/aliases biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin compatibility_level = 2 daemon_directory = /usr/lib/postfix/sbin data_directory = /var/lib/postfix debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 default_destination_concurrency_limit = 5 home_mailbox = Maildir/ inet_interfaces = all lmtp_destination_concurrency_limit = 5 lmtp_destination_recipient_limit = 5 local_destination_concurrency_limit = 5 local_destination_recipient_limit = 5 mail_owner = postfix mailbox_size_limit = 3145728000 mailbox_transport = lmtp:unix:private/dovecot-lmtp mailq_path = /usr/bin/mailq message_size_limit = 26214400 milter_default_action = accept milter_protocol = 6 mydestination = $myhostname localhost.$mydomain localhost $mydomain mydomain = example.org myhostname = email.example.org mynetworks_style = subnet myorigin = example.org non_smtpd_milters = $smtpd_milters policyd-spf_time_limit = 3600 recipient_bcc_maps = pcre:/etc/postfix/recipient_bcc recipient_delimiter = + sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP smtpd_milters = unix:/opendkim/opendkim.sock smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policyd-spf smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch smtpd_tls_cert_file = /etc/letsencrypt/live/email.example.org/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/email.example.org/privkey.pem smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_limit = 26214400 virtual_transport = lmtp:unix:private/dovecot-lmtp And doveconf: # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-14-cloud-amd64 x86_64 Debian 10.9 # Hostname: email.example.org auth_mechanisms = plain login auth_username_format = %Ln disable_plaintext_auth = no mail_debug = yes mail_location = maildir:~/Maildir mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/aliases driver = passwd-file } passdb { driver = pam } plugin { recipient_delimiter = + sieve = file:~/sieve;active=~/.dovecot.sieve sieve_default = /var/lib/dovecot/sieve/default.sieve sieve_default_name = Defaults sieve_global = /var/lib/dovecot/sieve } pop3_client_workarounds = outlook-no-nuls protocols = " imap lmtp sieve pop3 sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0666 } } service imap-login { inet_listener imap {
Re: No decode2txt script for search attachments
Ah, yes, it is there. I had a typo in my "find" command. Thanks! On 2021-04-05 11:04 AM, Felix Zielcke wrote: Am Montag, dem 05.04.2021 um 10:57 -0400 schrieb Steve Dondley: I'm looking at the documentation at https://doc.dovecot.org/settings/plugin/fts-plugin/#fts-decoder It says "See the decode2text.sh script included in Dovecot for how to use this." I don't have this script installed and can't find it anywhere on my Debian Buster server. I'm running dovecot version 2.3.4.1 Not sure if the documentation is outdated or what. It's included in the dovecot-core package /usr/share/doc/dovecot-core/examples/decode2text.sh buster version should also have it according to https://packages.debian.org/buster/amd64/dovecot-core/filelist
No decode2txt script for search attachments
I'm looking at the documentation at https://doc.dovecot.org/settings/plugin/fts-plugin/#fts-decoder It says "See the decode2text.sh script included in Dovecot for how to use this." I don't have this script installed and can't find it anywhere on my Debian Buster server. I'm running dovecot version 2.3.4.1 Not sure if the documentation is outdated or what.
Re: Search seems slow with apache solr
On 2021-04-05 07:49 AM, Steve Dondley wrote: OK, I got solr working on a new virtual machine with a healthier 4 GB of ram. Initially, I experienced the same slowness as before as on the 1 GB machine. I went back and reviewed the documentation at https://wiki.dovecot.org/Plugins/FTS/Solr and realized that I missed a critical step configuring solr with the proper xml config files. After doing this, the search time is well below one second now. I just want to document for others that might stumble on this that I switched dovecot to use the local 1 GB machine solr installation and the search was just as quick as using solr on the 4 GB machine. Note that the 1 GB machine is very lightly loaded, however. On 2021-04-05 06:12 AM, Steve Dondley wrote: Does you server have enough ram? I think this may be the issue. I only have 1 GB of ram on the machine and I was just reading a blog post recommending at least 4 GB. I think what I'll do is set up a separate instance for solr and use that instead of running it on the same machine as dovecot. Thanks for your feedback.
Sharing a single solr server between multiple dovecot servers
I am brand new to solr and I'm interested in using sharing it between several dovecot machines I'm running. I'm looking for some big picture guidance on what I need to do to configure solr to work with the different dovecot machines. So far, I managed to set up a single "dovecot" core on the solr server and it is working with one of my dovecot machines. I'm not sure how to proceed from here as I'm very unclear on how solr maintains separate indexes for different users on my different machines. Some basic questions I have are: 1) Do I need a new core for each of the dovecot machines I want to use with solr? 2) If not, how does solr ensure indexes for the different dovecot user do not get comingled? 3) If yes, how do I configure dovecot to tell it which solr core to use? Thanks.
Re: Search seems slow with apache solr
OK, I got solr working on a new virtual machine with a healthier 4 GB of ram. Initially, I experienced the same slowness as before as on the 1 GB machine. I went back and reviewed the documentation at https://wiki.dovecot.org/Plugins/FTS/Solr and realized that I missed a critical step configuring solr with the proper xml config files. After doing this, the search time is well below one second now. On 2021-04-05 06:12 AM, Steve Dondley wrote: Does you server have enough ram? I think this may be the issue. I only have 1 GB of ram on the machine and I was just reading a blog post recommending at least 4 GB. I think what I'll do is set up a separate instance for solr and use that instead of running it on the same machine as dovecot. Thanks for your feedback.
Re: Search seems slow with apache solr
Does you server have enough ram? I think this may be the issue. I only have 1 GB of ram on the machine and I was just reading a blog post recommending at least 4 GB. I think what I'll do is set up a separate instance for solr and use that instead of running it on the same machine as dovecot. Thanks for your feedback.
Search seems slow with apache solr
I'm experimenting with Apache Solr and Dovecot. As far as I can tell, I have dovecot working with Apache Solr as demonstrated by this output: a search text "cash" * SEARCH 4 8 26 35 45 52 54 55 63 a OK Search completed (0.356 + 0.001 + 0.068 secs). However, when using the roundcube search bar and search all messages on a single word, it takes about 18 seconds. This seems slow as I only have about 4300 message in all my folders. But I'm not sure as I have nothing to compare it to. Is there a way I can test whether roundcube is using solr to perform searches?
RE: FW: imapsieve rules not matching at all?
From: Gedalya Subject: Re: FW: imapsieve rules not matching at all? On 3/20/21 7:37 AM, dove...@steve.wattlink.net <mailto:dove...@steve.wattlink.net> wrote: Greetings! I feel like this has been beaten to death, but my searches on the web (and about 10 hours spent over the last two days) haven't revealed what's going on. Basically, it's the usual "I'd like to auto-learn spam/ham based on moves to/from a folder" problem. But in my debugging, I don't see any evidence that the static rules are matching, so the scripts aren't running, which makes me think I'm missing something obvious. plugin { imapsieve_url = sieve://127.0.0.1:4190 } Mar 19 16:21:48 mhv3 dovecot[47532]: imap(steve)<47541>: Debug: imapsieve: mailbox INBOX: Mailbox attribute /shared/imapsieve/script not found Mar 19 16:21:48 mhv3 dovecot[47532]: imap(steve)<47541>: Debug: imapsieve: mailbox INBOX: Server attribute /shared/imapsieve/script not found Try to fix or remove that. https://www.mail-archive.com/dovecot@dovecot.org/msg82002.html I thought I had enabled that - check out the doveconf -n listing. Did I miss something? -- Steve Watt KD6GGD PP-ASEL-IA factories.words.yappy Don't let your schooling get in the way of your education.
Can Dovecot honor Outlook's "leave mail on server for X days" setting?
I googled around for a quite bit but surprisingly came up empty for an answer to this question which I'm sure has been broached before. I've got a linux box running dovecot/postfix using maildir format. I was surprised to learn that a client that had many GBs of email was running POP3, not IMAP. It turns out they had a setting to delete POP3 mail after X days turned on but it just went ignored. I know this is not how POP3 is supposed to work, but is there a way to get dovecot to honor the user's settings in Outlook? Or should I just tell the client to turn this off and use a proper IMAP account?
I'm unable to get Claws-Mail to work with SSL/993 with a passphrased selfsigned cert
Hi all, First, thanks to everyone on Freenode #dovecot who helped me with my extreme problems a couple days ago. I once again have Claws-Mail able to connect to my SSL/993 only Dovecot IMAP, after making my own cert and a few other things. Here's the deal though. When I try to use an rsa:4096 cert with a passphrase for dovecot, Claws-Mail cannot connect, even though I put the cert's passphrase in Claws-Mail's passphrase field right below the field for the cert's location/filename. It tells me it can't import the p12 cert. This happens whether I put in the location of the public cert, or the private one. What do I need to do to get Claws-Mail and Dovecot to work together with a passphrased cert? Naturally, this could be a deficency in Claws-Mail, and I've written a similar email to the Claws-Mail group, but either way I'd like to get this solved so I'm not using a no-password cert. By the way, when I do: openssl s_client -connect 192.168.0.2:993 \ -cert/etc/ssl/dovecot_certs/private/dovecot.pem openssl asks me for the passphrase and upon receiving it gives me the information. This does not happen if I give it the location of the public key. Thanks, SteveT Steve Litt Autumn 2020 featured book: Thriving in Tough Times http://www.troubleshooters.com/thrive
status of test code
Hi, I'm continuing to try to build 2.3.13 with a source RPM. At this point I've taken the source zip file and I'm working with the previously working qmailtoaster SPEC file and RPM build process. The toaster SPEC file runs the built-in dovecot tests after build... 2.3.11 would make it through all the tests with a few minor exceptions. 2.3.13 seems no longer able to run the test is lib-ssl-iostream or lib-lua (and perhaps others, but that's as far as I've gotten). I can selectively disable the tests to make progress, but it raises the question of what the plans are for the built-in tests. Also, I continue to not be able to find where all the testing is turned on/off at once? I'm sure it will be obvious when someone tells me but please tell me, because I'm pulling my hair out. Steve
Re: Dovecot 2.3.13 source rpm build fails on Centos 8
This is the source RPM I'm using https://repo.dovecot.org/ce-2.3.13/centos/8/SRPMS/2.3.13-2_ce/ Steve > >> On 08/01/2021 04:34 st...@keptprivate.com wrote: >> >> >> >> I tried to post this in a more nuanced way, but the fact is the latest >> source RPM does not build on the latest Centos 8. >> >> > + sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh (http://mkcert.sh) >> > doc/example-config/conf.d/10-ssl.co (http://10-ssl.co)nf + >> > '[' -e buildinfo.com (http://buildinfo.com)mit ']' >> > ++ head -1 buildinfo.com (http://buildinfo.com)mit >> > + COMMIT=89f716dc2ec7362864a368d32533184b55fb7831 >> > ++ /bin/sh /home/build/rpmbuild/SOURCES/lsb_release -is >> > >> /bin/sh: /home/build/rpmbuild/SOURCES/lsb_release: No such file or directory >> > + ID> > error: Bad exit status from /var/tmp/rpm-tmp.WF >> > (http://rpm-tmp.WF)aLYQ (%build) >> > >> > >> > RPM build errors: >> > Macro expanded in comment on line 455: >> %{_libdir}/dovecot/settings >> > >> > Bad exit status from /var/tmp/rpm-tmp.WF (http://rpm-tmp.WF)aLYQ >> > (%build) >> > >> > I can get past this with an edit to the dovecot.spec file (removing >> > sourcedir): >> > >> > if [ -e "buildinfo.com (http://buildinfo.com)mit" ]; then >> >COMMIT=`head -1 buildinfo.com (http://buildinfo.com)mit` >> >ID=`/bin/sh %̶{̶_̶s̶o̶u̶r̶c̶e̶d̶i̶r̶}̶/̶lsb_release -is` >> > RELEASE=`/bin/sh >> >%̶{̶_̶s̶o̶u̶r̶c̶e̶d̶i̶r̶}̶/̶lsb_release -rs` >> > CODENAME=`/bin/sh >> >%̶{̶_̶s̶o̶u̶r̶c̶e̶d̶i̶r̶}̶/̶lsb_release -cs` ARCH=`arch` >> > fi >> Can someone who knows the source rpm build config. please respond? The >> committed spec file contains errors. >> >> Thanks >> >> Sent from my T-Mobile 4G LTE device > > There are now source RPMs for centos8 in repo.dovecot.org. Maybe they work > better? > > Aki
Re: Dovecot 2.3.13 source rpm build fails on Centos 8
This is the source RPM I'm using https://repo.dovecot.org/ce-2.3.13/centos/8/SRPMS/2.3.13-2_ce/ Steve > >> On 08/01/2021 04:34 st...@keptprivate.com wrote: >> >> >> >> I tried to post this in a more nuanced way, but the fact is the latest >> source RPM does not build on the latest Centos 8. >> >> > + sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh (http://mkcert.sh) >> > doc/example-config/conf.d/10-ssl.co (http://10-ssl.co)nf + >> > '[' -e buildinfo.com (http://buildinfo.com)mit ']' >> > ++ head -1 buildinfo.com (http://buildinfo.com)mit >> > + COMMIT=89f716dc2ec7362864a368d32533184b55fb7831 >> > ++ /bin/sh /home/build/rpmbuild/SOURCES/lsb_release -is >> > >> /bin/sh: /home/build/rpmbuild/SOURCES/lsb_release: No such file or directory >> > + ID> > error: Bad exit status from /var/tmp/rpm-tmp.WF >> > (http://rpm-tmp.WF)aLYQ (%build) >> > >> > >> > RPM build errors: >> > Macro expanded in comment on line 455: >> %{_libdir}/dovecot/settings >> > >> > Bad exit status from /var/tmp/rpm-tmp.WF (http://rpm-tmp.WF)aLYQ >> > (%build) >> > >> > I can get past this with an edit to the dovecot.spec file (removing >> > sourcedir): >> > >> > if [ -e "buildinfo.com (http://buildinfo.com)mit" ]; then >> >COMMIT=`head -1 buildinfo.com (http://buildinfo.com)mit` >> >ID=`/bin/sh %̶{̶_̶s̶o̶u̶r̶c̶e̶d̶i̶r̶}̶/̶lsb_release -is` >> > RELEASE=`/bin/sh >> >%̶{̶_̶s̶o̶u̶r̶c̶e̶d̶i̶r̶}̶/̶lsb_release -rs` >> > CODENAME=`/bin/sh >> >%̶{̶_̶s̶o̶u̶r̶c̶e̶d̶i̶r̶}̶/̶lsb_release -cs` ARCH=`arch` >> > fi >> Can someone who knows the source rpm build config. please respond? The >> committed spec file contains errors. >> >> Thanks >> >> Sent from my T-Mobile 4G LTE device > > There are now source RPMs for centos8 in repo.dovecot.org. Maybe they work > better? > > Aki
Re: Dovecot 2.3.13 source rpm build fails on Centos 8
Hi Alessio, Thanks. I had made an edit to fix the SPEC file myself as well and was able to build the rpm. At that point though, I ran into a second problem. When it is installed and you try to start it, it fails reporting that it can't find libdovecot.so (which I checked, and it there). It seems like some untested changes have crept into the source rpm build. Steve > Il 08/01/21 03:34, st...@keptprivate.com ha scritto: >> >> I tried to post this in a more nuanced way, but the fact is the latest >> source RPM does not build on the latest Centos 8. >> >> > + sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh <http://mkcert.sh> >> > doc/example-config/conf.d/10-ssl.co <http://10-ssl.co>nf >> > + '[' -e buildinfo.com <http://buildinfo.com>mit ']' >> > ++ head -1 buildinfo.com <http://buildinfo.com>mit >> > + COMMIT=89f716dc2ec7362864a368d32533184 b55fb7831 ++ >> > /bin/sh /home/build/rpmbuild/SOURCES/lsb_release -is >> > >> /bin/sh: /home/build/rpmbuild/SOURCES/lsb_release: No such file or >> directory >> > + ID= > > Hi, > > I solved with a: > > cp /usr/bin/lsb_release /home/build/rpmbuild/SOURCES/lsb_release > > but probably the dovecot.spec file inside the src.rpm need a fix. > > Ciao > > -- > Alessio Cecchi > Postmaster @ http://www.qboxmail.it > https://www.linkedin.com/in/alessice
problem building on centos 8 (8.3 kernel)
Hi, I'm converting from qmailtoaster/vpopmail build. When I try to build dovecot-2.3.13-2.src.rpm for centos 8.3 the first thing I run into is this: + sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf + '[' -e buildinfo.commit ']' ++ head -1 buildinfo.commit + COMMIT=89f716dc2ec7362864a368d32533184b55fb7831 ++ /bin/sh /home/build/rpmbuild/SOURCES/lsb_release -is /bin/sh: /home/build/rpmbuild/SOURCES/lsb_release: No such file or directory + ID= error: Bad exit status from /var/tmp/rpm-tmp.WFaLYQ (%build) RPM build errors: Macro expanded in comment on line 455: %{_libdir}/dovecot/settings Bad exit status from /var/tmp/rpm-tmp.WFaLYQ (%build) I can get past this with an edit to the dovecot.spec file (removing sourcedir): if [ -e "buildinfo.commit" ]; then COMMIT=`head -1 buildinfo.commit` ID=`/bin/sh %{_sourcedir}/lsb_release -is` RELEASE=`/bin/sh %{_sourcedir}/lsb_release -rs` CODENAME=`/bin/sh %{_sourcedir}/lsb_release -cs` ARCH=`arch` fi The RPM builds but it fails to run with this message in the logs: Jan 6 20:52:11 beta1 systemd[1]: Starting Dovecot IMAP/POP3 email server... Jan 6 20:52:11 beta1 systemd[1]: Started Dovecot IMAP/POP3 email server. Jan 6 20:52:11 beta1 dovecot[356909]: /usr/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory Jan 6 20:52:11 beta1 systemd[1]: dovecot.service: Main process exited, code=exited, status=127/n/a Jan 6 20:52:11 beta1 systemd[1]: dovecot.service: Failed with result 'exit-code'. Any ideas what I have going wrong? Also, a side question, when I build the rpm it's not running the extensive tests that the old qmailtoaster source rpm used to run. I've looked through the spec file and I don't really see where to turn that back on. Sorry if any of this is stupid, but I'm new to building directly from the dovecot repo. Steve
Re: Pigeonhole v0.5.13 build fails on OS X 10.11.6
Error seen - sorry for this!! > On 6 Jan 2021, at 14:24, Steve Akerman wrote: > > Hi, > > Dovecot 2.3.13 builds successfully on this old OS X, but pigeonhole > v0.5.13fails as below: > > gcc -DHAVE_CONFIG_H -I. -I../.. -I/usr/local/include/dovecot-I../.. > -I../../src/lib-managesieve -fPIE -DPIE -std=gnu99 -g -O2 -Wall -W > -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts > -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier > -Wstrict-aliasing=2 -fstack-protector-strong -U_FORTIFY_SOURCE > -D_FORTIFY_SOURCE=2 -I../.. -MT managesieve_login-client.o -MD -MP -MF > .deps/managesieve_login-client.Tpo -c -o managesieve_login-client.o `test -f > 'client.c' || echo './'`client.c > In file included from client.c:23: > ./managesieve-proxy.h:8:15: warning: declaration of 'enum > login_proxy_failure_type' will not be visible outside of this function > [-Wvisibility] > enum login_proxy_failure_type type, >^ > client.c:518:3: error: field designator 'proxy_failed' does not refer to any > field in type 'struct client_vfuncs' > .proxy_failed = managesieve_proxy_failed, > ^ > 1 warning and 1 error generated. > make: *** [managesieve_login-client.o] Error 1 > > > This appears to be related to the change from manage sieve_proxy_ error to > manage sieve_proxy_failed. > > Pigeonhole v0.5.11 builds without problem on the same machine. > > The warning appears to be related to the lack of a declaration, but I am no > expert. The error I have no idea!!! > > Is this related to my old compiler, or is there an issue here? > > Can anyone propose a workaround, as I would like to use Dovecot 2.3.13, but > will get version mismatch errors if I do not upgrade pigeonhole. > > Thanks in advance
Pigeonhole v0.5.13 build fails on OS X 10.11.6
Hi, Dovecot 2.3.13 builds successfully on this old OS X, but pigeonhole v0.5.13fails as below: gcc -DHAVE_CONFIG_H -I. -I../.. -I/usr/local/include/dovecot-I../.. -I../../src/lib-managesieve -fPIE -DPIE -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -I../.. -MT managesieve_login-client.o -MD -MP -MF .deps/managesieve_login-client.Tpo -c -o managesieve_login-client.o `test -f 'client.c' || echo './'`client.c In file included from client.c:23: ./managesieve-proxy.h:8:15: warning: declaration of 'enum login_proxy_failure_type' will not be visible outside of this function [-Wvisibility] enum login_proxy_failure_type type, ^ client.c:518:3: error: field designator 'proxy_failed' does not refer to any field in type 'struct client_vfuncs' .proxy_failed = managesieve_proxy_failed, ^ 1 warning and 1 error generated. make: *** [managesieve_login-client.o] Error 1 This appears to be related to the change from manage sieve_proxy_ error to manage sieve_proxy_failed. Pigeonhole v0.5.11 builds without problem on the same machine. The warning appears to be related to the lack of a declaration, but I am no expert. The error I have no idea!!! Is this related to my old compiler, or is there an issue here? Can anyone propose a workaround, as I would like to use Dovecot 2.3.13, but will get version mismatch errors if I do not upgrade pigeonhole. Thanks in advance
Re: Dovecot 2.3.11.3 LMTP dropping connection after first part of multipart message received
Good afternoon Problem Solved! After some very useful input from John Fawcett, I have identified that the problem was not Dovecot, but the mailer used for Dovecot in Sendmail; it was missing the F=X flag that double dots any single dots, which are rather common in messages that were badly truncated to 75 line length by Apple Mail and Outlook amongst others. The correct Mailer spec for Dovecot LMTP is: ##*## ### DOVECOT Mailer specification ### ##*## Mdovecot, P=[IPC], F=zDFMPXhnul59, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP, T=DNS/RFC822/X-Unix, A=FILE /var/run/dovecot/lmtp which should be in a file called Dovecot inside sendmail cf/mailers and included in the site mc file as MAILER(`dovecot’)dnl As this information is missing from the very good WIKI, could someone add it in order to help others in the future? Thanks Steve > On 10 Dec 2020, at 14:58, Steve Akerman wrote: > > Good afternoon > > I have been using Dovecot with great success for several months now with one > problem: > > I have received several messages (3 to date out of a much larger number) > which cause Dovecot LMTP to drop the connection with sendmail after only > receiving the first part of the message. > > Dovecot saves the first part to INBOX, and then drops the link with sendmail > as it sees the rest of the data from sendmail as new (and invalid) commands > > Sendmail sees the delivery as unsuccessful and requeues the message, so the > cycle continues until i kill the queue > > These messages are all Multipart MIME > > I have attached an extract from the log which shows the above sequence > > Finally, I have kept one such message from the sendmail queue (df and qf) > should this be useful, but prefer not to post here as not sanitised > > Any help in correcting my configuration would be appreciated. > > Thanks > > Steve > > > MAIL LOG extract > - > > Dec 9 12:00:10 phone dovecot[179]: lmtp(20774): Connect from local > Dec 9 12:00:10 phone sm-mta-rx[20764]: STARTTLS=client, relay=localhost, > version=TLSv1.3, verify=OK, cipher=TLS_AES_256_GCM_SHA384, bits=256/256 > Dec 9 12:00:10 phone dovecot[179]: lmtp(20775): Connect from local > Dec 9 12:00:10 phone sm-mta-rx[20763]: STARTTLS=client, relay=localhost, > version=TLSv1.3, verify=OK, cipher=TLS_AES_256_GCM_SHA384, bits=256/256 > Dec 9 12:00:10 phone dovecot[179]: > lmtp(*)<20775><8EieKDqu0F8nUQAA0J78UA>: > msgid=<39113a86-fdbb-4cea-b1c3-d225dff93...@info.ameli.fr > <mailto:39113a86-fdbb-4cea-b1c3-d225dff93...@info.ameli.fr>>: saved mail to > INBOX > Dec 9 12:00:10 phone dovecot[179]: lmtp(20775): Disconnect from local: Too > many invalid commands. (state=READY) > Dec 9 12:00:10 phone sm-mta-rx[20763]: STARTTLS: write error=syscall error > (-1), errno=32, get_error=error::lib(0):func(0):reason(0), retry=1, > ssl_err=5 > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: SYSERR(root): timeout > writing message to localhost: Broken pipe > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 0: fl=0x0, > mode=20666: CHR: dev=30/1306024, ino=301, nlink=1, u/gid=0/0, size=0 > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 1: fl=0x1, > mode=20666: CHR: dev=30/1306024, ino=301, nlink=1, u/gid=0/0, size=0 > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 2: fl=0x1, > mode=20666: CHR: dev=30/1306024, ino=301, nlink=1, u/gid=0/0, size=0 > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 3: fl=0x4002, > mode=100600: dev=1/2, ino=26089780, nlink=1, u/gid=0/23, size=2041 > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 4: fl=0x0, > mode=20666: CHR: dev=30/1306024, ino=575, nlink=1, u/gid=0/0, size=0 > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 5: fl=0x2, > mode=140666: SOCK localhost->[[UNIX: /var/run/mDNSResponder]] > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 6: fl=0x0, > mode=100640: dev=1/2, ino=25887976, nlink=1, u/gid=0/23, size=12288 > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 7: fl=0x0, > mode=100640: dev=1/2, ino=25887976, nlink=1, u/gid=0/23, size=12288 > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 8: fl=0x0, > mode=100600: dev=1/2, ino=26088246, nlink=1, u/gid=0/23, size=58024 > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 9: fl=0x6, > mode=140444: SOCK localhost->(Invalid argument) > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 10: fl=0x6, > mode=140444: SOCK localhost->(Invalid argument) > Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 11: fl=0x0, > mode=100640: dev=1/2, ino=
Dovecot 2.3.11.3 LMTP dropping connection after first part of multipart message received
Good afternoon I have been using Dovecot with great success for several months now with one problem: I have received several messages (3 to date out of a much larger number) which cause Dovecot LMTP to drop the connection with sendmail after only receiving the first part of the message. Dovecot saves the first part to INBOX, and then drops the link with sendmail as it sees the rest of the data from sendmail as new (and invalid) commands Sendmail sees the delivery as unsuccessful and requeues the message, so the cycle continues until i kill the queue These messages are all Multipart MIME I have attached an extract from the log which shows the above sequence Finally, I have kept one such message from the sendmail queue (df and qf) should this be useful, but prefer not to post here as not sanitised Any help in correcting my configuration would be appreciated. Thanks Steve MAIL LOG extract - Dec 9 12:00:10 phone dovecot[179]: lmtp(20774): Connect from local Dec 9 12:00:10 phone sm-mta-rx[20764]: STARTTLS=client, relay=localhost, version=TLSv1.3, verify=OK, cipher=TLS_AES_256_GCM_SHA384, bits=256/256 Dec 9 12:00:10 phone dovecot[179]: lmtp(20775): Connect from local Dec 9 12:00:10 phone sm-mta-rx[20763]: STARTTLS=client, relay=localhost, version=TLSv1.3, verify=OK, cipher=TLS_AES_256_GCM_SHA384, bits=256/256 Dec 9 12:00:10 phone dovecot[179]: lmtp(*)<20775><8EieKDqu0F8nUQAA0J78UA>: msgid=<39113a86-fdbb-4cea-b1c3-d225dff93...@info.ameli.fr <mailto:39113a86-fdbb-4cea-b1c3-d225dff93...@info.ameli.fr>>: saved mail to INBOX Dec 9 12:00:10 phone dovecot[179]: lmtp(20775): Disconnect from local: Too many invalid commands. (state=READY) Dec 9 12:00:10 phone sm-mta-rx[20763]: STARTTLS: write error=syscall error (-1), errno=32, get_error=error::lib(0):func(0):reason(0), retry=1, ssl_err=5 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: SYSERR(root): timeout writing message to localhost: Broken pipe Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 0: fl=0x0, mode=20666: CHR: dev=30/1306024, ino=301, nlink=1, u/gid=0/0, size=0 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 1: fl=0x1, mode=20666: CHR: dev=30/1306024, ino=301, nlink=1, u/gid=0/0, size=0 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 2: fl=0x1, mode=20666: CHR: dev=30/1306024, ino=301, nlink=1, u/gid=0/0, size=0 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 3: fl=0x4002, mode=100600: dev=1/2, ino=26089780, nlink=1, u/gid=0/23, size=2041 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 4: fl=0x0, mode=20666: CHR: dev=30/1306024, ino=575, nlink=1, u/gid=0/0, size=0 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 5: fl=0x2, mode=140666: SOCK localhost->[[UNIX: /var/run/mDNSResponder]] Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 6: fl=0x0, mode=100640: dev=1/2, ino=25887976, nlink=1, u/gid=0/23, size=12288 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 7: fl=0x0, mode=100640: dev=1/2, ino=25887976, nlink=1, u/gid=0/23, size=12288 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 8: fl=0x0, mode=100600: dev=1/2, ino=26088246, nlink=1, u/gid=0/23, size=58024 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 9: fl=0x6, mode=140444: SOCK localhost->(Invalid argument) Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 10: fl=0x6, mode=140444: SOCK localhost->(Invalid argument) Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 11: fl=0x0, mode=100640: dev=1/2, ino=25768590, nlink=1, u/gid=0/23, size=12288 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: 12: fl=0x0, mode=100640: dev=1/2, ino=25768590, nlink=1, u/gid=0/23, size=12288 Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: MCI@0x0: NULL Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: MCI@0x7fae2c814818: flags=26404c, errno=32, herrno=0, exitstat=75, state=8, pid=0, maxsize=0, phase=client DATA 354, mailer=dovecot, status=4.4.2, rstatus=(null), host=localhost, lastuse=Wed Dec 9 12:00:10 2020\n Dec 9 12:00:10 phone sm-mta-rx[20763]: 0B89mOON016803: to=, delay=1+01:11:31, xdelay=00:00:00, mailer=dovecot, pri=4787366, relay=localhost, dsn=4.4.2, reply=75, stat=Deferred ##*## ### DOVECOT Mailer specification ### ##*## Mdovecot, P=[IPC], F=zDFMPhnul59, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP, T=DNS/RFC822/X-Unix, A=FILE /var/run/dovecot/lmtp dovecot -n — # 2.3.11.3 (502c39af9): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.11 (d71e0372) doveconf: Warning: service auth { client_limit=100 } is lower than required under max. load (300) doveconf: Warning: service anvil { client_limit=100 } is lower than required under max. load (203) # OS: Darwin 15.6.0 x86_64 # Hostname: *** doveconf: Error: t_readli
Re: Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. There is no need to disable TLSv1.3 and attempts to do so will be flagged as “downgrade attacks”. Let us ignore TLSv1.2 as a downgrade option. And focus on TLSv1.3 for its entirety of this thread. If the ciphersuite (not cipher for that's a TLSv1.2 term), but a ciphersuite for TLSv1.3 needs to have its set of ciphers: * Reordered, or * disabled We cannot do it at the moment given this snapshot of Dovecot.
Re: Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
I cannot even reorder the server-side TLSv1.3 such that CHACHA20 has first-order before AES. https://github.com/openssl/openssl/issues/7562
Re: Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
Also, more testimony to the same problem (by others) is posted over at ServerFault (StackOverflow): https://serverfault.com/questions/975871/forcing-dovecot-2-3-4-1-to-use-tlsv1-2 On 5/8/20 11:50 AM, Steve Egbert wrote: I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher` settings introduced into Dovecot for better granularity. ALong with support for fallback to TLSv1.2 as outlined in https://bugzilla.mozilla.org/show_bug.cgi?id=1250568 I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11: May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session= May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark. On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it works when Dovecot is set to TLSv1.2. (Details of Thunderbird security.tls.version.fallback-limit is given in http://kb.mozillazine.org/Security.tls.version.* ) Steve
Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher` settings introduced into Dovecot for better granularity. ALong with support for fallback to TLSv1.2 as outlined in https://bugzilla.mozilla.org/show_bug.cgi?id=1250568 I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11: May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session= May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark. On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it works when Dovecot is set to TLSv1.2. (Details of Thunderbird security.tls.version.fallback-limit is given in http://kb.mozillazine.org/Security.tls.version.* ) Steve
Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher` settings introduced into Dovecot for better granularity. ALong with support for fallback to TLSv1.2 as outlined in https://bugzilla.mozilla.org/show_bug.cgi?id=1250568 I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11: May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session= May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark. On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it works when Dovecot is set to TLSv1.2. (Details of Thunderbird security.tls.version.fallback-limit is given in http://kb.mozillazine.org/Security.tls.version.* ) Steve
Re: Headsup on feature removal - password
On Wed, 18 Mar 2020 17:37:31 +0200 (EET) Aki Tuomi wrote: > One of the various mail clients I use sends HTML only mails in some > situations. So you're taking your problem and making it our problem? SteveT Steve Litt March 2020 featured book: Troubleshooting: Why Bother? http://www.troubleshooters.com/twb
autoupdate broke
When attempting to perform autoupdate after my 'autogen.sh' broke, it says that there is missing a file called: dovecot/core/doc/wiki/Makefile.am But in the Github repository, there is a misnamed file named "Makefile.am.in". I think this file is misnamed and should be renamed to "Makefile.am". https://github.com/dovecot/core/tree/master/doc/wiki
unable to edit wiki 2, here's the edit:
In https://wiki.dovecot.org/Migration/Courier , mail_location = maildir:~/Maildir namespace { prefix = INBOX. separator = . inbox = yes } ... is wrong. Apparently it should be ... mail_location = maildir:~/INBOX ...which at least seemed to work, although (by that time?) I wound up re-downloading all mail. Steve Newcomb s...@coolheads.com (Unable to edit the wiki page... Mysterious question stood in the way, something like, "How do you prevent spam?" Evidently I don't know the correct answer.
Re: How do I set all my mailboxes to "subscribed"
On Fri, 6 Dec 2019 09:35:57 +0200 (EET) Aki Tuomi via dovecot wrote: > The command is > > doveadm mailbox subscribe > > as I said in my original mail. > > Can you show what you tried to use and what happened? I got it. The syntax was tricky. As root I had to do the following, to subscribe .INBOX.hux doveadm mailbox subscribe -u slitt INBOX.hux Notice no dot before "INBOX". The -u slitt must appear after "subscribe". Likewise, to unsubscribe it: doveadm mailbox unsubscribe -u slitt INBOX.hux To make a list of all the unsubscribed folders, I did the following as user slitt, who owns all the mail in the Dovecot IMAP: doveadm mailbox list -u slitt -s | sort > subscribed.sorted doveadm mailbox list -u slitt| sort > all.sorted diff all.sorted subscribed.sorted > unsubscribed.sorted I just turned unsubscribed.sorted into a shellscript that subscribed them one by one. Thanks, SteveT Steve Litt December 2019 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21
How do I set all my mailboxes to "subscribed"
Hi all, I've had a great deal of trouble accessing my Dovecot IMAP from most supposedly IMAP aware email clients, and have been advised that it might be because some of my email folders are not subscribed. Is there s way I can subscribe all my folders? I see no reason to have a folder not subscribed. Thanks, SteveT Steve Litt December 2019 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21
Re: Still trying to get past authorization problems
That's already in conf.d/10-auth.conf. On 10/24/2019 1:31 AM, Aki Tuomi via dovecot wrote: On 24.10.2019 6.18, Steve Matzura via dovecot wrote: Got all the Postfix errors fixed but maybe one, so I don't think that's involved in this mix any more. I had a domain definition problem, got that sorted. The accounts' logins are correct. I tried several from the shell, and they let me in. Here's the minus-n output, not very different from the first time I posted it: Try adding auth_mechanisms = PLAIN LOGIN and do not use [x] secure password in your MUA. Aki
Still trying to get past authorization problems
Got all the Postfix errors fixed but maybe one, so I don't think that's involved in this mix any more. I had a domain definition problem, got that sorted. The accounts' logins are correct. I tried several from the shell, and they let me in. Here's the minus-n output, not very different from the first time I posted it: # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.15.0-64-generic x86_64 Ubuntu 18.04.3 LTS ext4 base_dir = /var/run/dovecot/ first_valid_gid = 109 first_valid_uid = 105 last_valid_gid = 109 last_valid_uid = 105 log_path = /var/log/dovecot.log mail_gid = postfix mail_location = maildir:/var/mail/vmail/%d/%n mail_uid = postfix namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = " imap lmtp" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 0 service_count = 1 } service lmtp { unix_listener lmtp { mode = 0666 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { process_limit = 1024 } ssl = required ssl_cert = Oct 24 02:23:57 imap-login: Info: Aborted login (auth failed, 1 attempts in 3 secs): user=, method=PLAIN, rip=86.148.44.160, lip=95.142.174.193, TLS, session=<7SCVuZ6VScBWlCyg> Oct 24 02:25:55 imap-login: Info: Disconnected (auth failed, 2 attempts in 132 secs): user=, method=PLAIN, rip=108.41.57.11, lip=95.142.174.193, TLS, session= Oct 24 02:25:55 imap-login: Info: Disconnected (auth failed, 2 attempts in 132 secs): user=, method=PLAIN, rip=108.41.57.11, lip=95.142.174.193, TLS, session=<6bnquJ6VpcpsKTkL> Oct 24 02:57:58 imap-login: Info: Disconnected (auth failed, 4 attempts in 43 secs): user=, method=PLAIN, rip=108.41.57.11, lip=95.142.174.193, TLS, session= Oct 24 03:06:23 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=49.51.34.136, lip=95.142.174.193, session= Oct 24 03:06:24 imap-login: Info: Disconnected: Too many invalid commands (no auth attempts in 0 secs): user=<>, rip=49.51.34.136, lip=95.142.174.193, session= Oct 24 03:07:55 imap-login: Info: Disconnected (auth failed, 2 attempts in 13 secs): user=, method=PLAIN, rip=108.41.57.11, lip=95.142.174.193, TLS, session=
dovecot.conf from problem installation
*** dovecot.conf *** ## Dovecot configuration file # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration # "doveconf -n" command gives a clean output of the changed settings. Use it # instead of copy files when posting to the Dovecot mailing list. # '#' character and everything after it is treated as comments. Extra spaces # and tabs are ignored. If you want to use either of these explicitly, put the # value inside quotes, eg.: key = "# char and trailing whitespace " # Most (but not all) settings can be overridden by different protocols and/or # source/destination IPs by placing the settings inside sections, for example: # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } # Default values are shown for each setting, it's not required to uncomment # those. These are exceptions to this though: No sections (e.g. namespace {}) # or plugin settings are added by default, they're listed only as examples. # Paths are also just examples with the real defaults being based on configure # options. The paths listed here are for configure --prefix=/usr # --sysconfdir=/etc --localstatedir=/var # Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol # A comma separated list of IPs or hosts where to listen in for connections. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. # If you want to specify non-default ports or anything more complex, # edit conf.d/master.conf. #listen = *, :: # Base directory where to store runtime data. #base_dir = /var/run/dovecot/ # Name of this instance. In multi-instance setup doveadm and other commands # can use -i to select which instance is used (an alternative # to -c ). The instance name is also added to Dovecot processes # in ps output. #instance_name = dovecot # Greeting message for clients. #login_greeting = Dovecot ready. # Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. #login_trusted_networks = # Space separated list of login access check sockets (e.g. tcpwrap) #login_access_sockets = # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do # proxying. This isn't necessary normally, but may be useful if the destination # IP is e.g. a load balancer's IP. #auth_proxy_self = # Show more verbose process titles (in ps). Currently shows user name and # IP address. Useful for seeing who are actually using the IMAP processes # (eg. shared mailboxes or if same uid is used for multiple accounts). #verbose_proctitle = no # Should all processes be killed when Dovecot master process shuts down. # Setting this to "no" means that Dovecot can be upgraded without # forcing existing client connections to close (although that could also be # a problem if the upgrade is e.g. because of a security fix). #shutdown_clients = yes # If non-zero, run mail commands via this many connections to doveadm server, # instead of running them directly in the same process. #doveadm_worker_count = 0 # UNIX socket or host:port used for connecting to doveadm server #doveadm_socket_path = doveadm-server # Space separated list of environment variables that are preserved on Dovecot # startup and passed down to all of its child processes. You can also give # key=value pairs to always set specific settings. #import_environment = TZ ## ## Dictionary server settings ## # Dictionary can be used to store key=value lists. This is used by several # plugins. The dictionary can be accessed either directly or though a # dictionary server. The following dict block maps dictionary names to URIs # when the server is used. These can then be referenced using URIs in format # "proxy::". dict { #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext } # Most of the actual configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes # in filenames are intended to make it easier to understand the ordering. !include conf.d/*.conf # A config file can also tried to be included without giving an error if # it's not found: !include_try local.conf log_path = /var/log/dovecot.log passdb { driver = static args = noauthenticate temp_user=%u user=%Ln } passdb { driver = pam } passdb { driver = static args = noautenticate user=%{passdb:temp_user} skip = unauthenticated } *** End *** If I try to start the daemon, or even attempt 'dovecot -n output', I get: # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 107: Expecting '{' Line 107 is where the first passdb block begins. If I remove the three
Re: More on problems with new install
It's really pretty empty; would you rather see some of the 10-*.conf files? ## Dovecot configuration file # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration # "doveconf -n" command gives a clean output of the changed settings. Use it # instead of copy files when posting to the Dovecot mailing list. # '#' character and everything after it is treated as comments. Extra spaces # and tabs are ignored. If you want to use either of these explicitly, put the # value inside quotes, eg.: key = "# char and trailing whitespace " # Most (but not all) settings can be overridden by different protocols and/or # source/destination IPs by placing the settings inside sections, for example: # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } # Default values are shown for each setting, it's not required to uncomment # those. These are exceptions to this though: No sections (e.g. namespace {}) # or plugin settings are added by default, they're listed only as examples. # Paths are also just examples with the real defaults being based on configure # options. The paths listed here are for configure --prefix=/usr # --sysconfdir=/etc --localstatedir=/var # Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol # A comma separated list of IPs or hosts where to listen in for connections. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. # If you want to specify non-default ports or anything more complex, # edit conf.d/master.conf. #listen = *, :: # Base directory where to store runtime data. #base_dir = /var/run/dovecot/ # Name of this instance. In multi-instance setup doveadm and other commands # can use -i to select which instance is used (an alternative # to -c ). The instance name is also added to Dovecot processes # in ps output. #instance_name = dovecot # Greeting message for clients. #login_greeting = Dovecot ready. # Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. #login_trusted_networks = # Space separated list of login access check sockets (e.g. tcpwrap) #login_access_sockets = # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do # proxying. This isn't necessary normally, but may be useful if the destination # IP is e.g. a load balancer's IP. #auth_proxy_self = # Show more verbose process titles (in ps). Currently shows user name and # IP address. Useful for seeing who are actually using the IMAP processes # (eg. shared mailboxes or if same uid is used for multiple accounts). #verbose_proctitle = no # Should all processes be killed when Dovecot master process shuts down. # Setting this to "no" means that Dovecot can be upgraded without # forcing existing client connections to close (although that could also be # a problem if the upgrade is e.g. because of a security fix). #shutdown_clients = yes # If non-zero, run mail commands via this many connections to doveadm server, # instead of running them directly in the same process. #doveadm_worker_count = 0 # UNIX socket or host:port used for connecting to doveadm server #doveadm_socket_path = doveadm-server # Space separated list of environment variables that are preserved on Dovecot # startup and passed down to all of its child processes. You can also give # key=value pairs to always set specific settings. #import_environment = TZ ## ## Dictionary server settings ## # Dictionary can be used to store key=value lists. This is used by several # plugins. The dictionary can be accessed either directly or though a # dictionary server. The following dict block maps dictionary names to URIs # when the server is used. These can then be referenced using URIs in format # "proxy::". dict { #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext } # Most of the actual configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes # in filenames are intended to make it easier to understand the ordering. !include conf.d/*.conf # A config file can also tried to be included without giving an error if # it's not found: !include_try local.conf log_path = /var/log/dovecot.log
Re: More on problems with new install
It was the three passdb blocks you sent me. On 10/22/2019 4:43 AM, Aki Tuomi via dovecot wrote: Can you show what you ended up pasting? Aki On 22.10.2019 11.34, Steve Matzura via dovecot wrote: I pasted that block at the end of dovecot.conf, restarted, and got the following in syslog: Oct 22 08:24:32 tgvprod dovecot[7290]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 106: Expecting '{' Oct 22 08:24:32 tgvprod systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 22 08:24:32 tgvprod systemd[1]: dovecot.service: Failed with result 'exit-code'. On 10/22/2019 4:00 AM, Aki Tuomi via dovecot wrote: block quote On 22.10.2019 10.33, Steve Matzura via dovecot wrote: block quote Sorry for having lost the original chain of this problem. It's been a very long day. block quote end block quote There is no user 'rock', it's just a Postfix mailbox. block quote end You problem stems from dovecot doing user lookup using 'r...@theglobalvoice.info' which is why it breaks. So, to fix this, and retain what you have configured you need to do bit silly config (this is hopefully getting fixed in 2.3 series at some point). passdb { driver = static args = noauthenticate temp_user=%u user=%Ln } passdb { driver = pam } passdb { driver = static args = noautenticate user=%{passdb:temp_user} skip = unauthenticated } Aki block quote end
Re: More on problems with new install
I pasted that block at the end of dovecot.conf, restarted, and got the following in syslog: Oct 22 08:24:32 tgvprod dovecot[7290]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 106: Expecting '{' Oct 22 08:24:32 tgvprod systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 22 08:24:32 tgvprod systemd[1]: dovecot.service: Failed with result 'exit-code'. On 10/22/2019 4:00 AM, Aki Tuomi via dovecot wrote: block quote On 22.10.2019 10.33, Steve Matzura via dovecot wrote: block quote Sorry for having lost the original chain of this problem. It's been a very long day. block quote end block quote There is no user 'rock', it's just a Postfix mailbox. block quote end You problem stems from dovecot doing user lookup using 'r...@theglobalvoice.info' which is why it breaks. So, to fix this, and retain what you have configured you need to do bit silly config (this is hopefully getting fixed in 2.3 series at some point). passdb { driver = static args = noauthenticate temp_user=%u user=%Ln } passdb { driver = pam } passdb { driver = static args = noautenticate user=%{passdb:temp_user} skip = unauthenticated } Aki block quote end
More on problems with new install
Sorry for having lost the original chain of this problem. It's been a very long day. New output from 'dovecot -n output', including the contents of dovecot.conf, conf.d/10-master.conf, conf.d/10-mail.conf and conf.d/10-ssl.conf: # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.15.0-64-generic x86_64 Ubuntu 18.04.3 LTS ext4 auth_debug = yes auth_debug_passwords = yes first_valid_gid = 109 first_valid_uid = 105 last_valid_gid = 109 last_valid_uid = 105 log_path = /var/log/dovecot.log mail_debug = yes mail_gid = postfix mail_location = maildir:/var/mail/vmail/%d/%n mail_uid = postfix namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = " imap lmtp" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 0 service_count = 1 } service lmtp { unix_listener lmtp { mode = 0666 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { process_limit = 1024 } ssl = required ssl_cert = The two key files are where it says they are, although the hidden one isn't shown, it's there and properly owned and permissioned. Here's the only thing from tailing the log: Oct 22 07:24:50 master: Info: Dovecot v2.2.33.2 (d6601f4ec) starting up for imap, lmtp (core dumps disabled) This may help - from a message delivery failure email: *** Begin *** Message Delivery Failure This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed permanently: * r...@theglobalvoice.info Reason: There was an error while attempting to deliver your message with [Subject: "Testing again"] to r...@theglobalvoice.info. MTA p3plsmtpa11-09.prod.phx3.secureserver.net received this response from the destination host IP - 95.142.174.193 - 550 , 550 5.1.1 : Recipient address rejected: User unknown in local recipient table . Reporting-MTA: dns; p3plsmtpa11-09.prod.phx3.secureserver.net [68.178.252.101] Received-From-MTA: dns; [192.168.1.140] [108.41.57.11] Arrival-Date: Mon, 21 Oct 2019 23:39:25 -0700 Final-recipient: rfc822; r...@theglobalvoice.info Diagnostic-Code: smtp; 550 5.1.1 : Recipient address rejected: User unknown in local recipient table Last-attempt-Date: Tue, 22 Oct 2019 00:23:38 -0700 Received: from [192.168.1.140] ([108.41.57.11]) by :SMTPAUTH: with ESMTPSA id MnpFiaSdxUnHgMnpFiYE6m; Mon, 21 Oct 2019 23:39:25 -0700 To: r...@theglobalvoice.info From: Steve Matzura Subject: Testing again Message-ID: <61b4f0c2-89fa-c4de-8288-871a8708f...@noisynotes.com> Date: Tue, 22 Oct 2019 02:39:26 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-CMAE-Envelope: MS4wfC8H5kkZhXB1zicGDqvcQlC1Tl3lMTOcElvh0Efz70YGRgQalgb4N6/9XVLjnqOVd5XtxwgTWuvuCEhwp/JZ2oHrdLkl4d7unSyOefbSkgcd/M5tlQn5 m+FMjUC5HJopO89WJXHQNp0ruK6VmVwHwxMAn0YDVu4FQQqVIUkN6KVyOfdC/TYD6t6vxOqv2OUxKQ== Subject: Testing again From: Steve Matzura Date: 10/22/2019, 2:39 AM To: r...@theglobalvoice.info Let's see what happens now. *** End *** There is no user 'rock', it's just a Postfix mailbox.