Re: Mailboxes are in Maildir format. Any good backup tips? Had success with version control?
On 6/30/2014 6:28 PM, deoren wrote: I'm still pretty new to running a mail server, but one thing I've come to appreciate over the years is a good backup strategy. Since I have always run my own servers for practice and for personal use I don't have access to Enterprise backup solutions. Because of that I usually just fall back to scripts and tarballs and offload the content on a regular basis. LVM snapshots of the file system combined with rdiff-backup to a second server. The main advantages over tar/rsync: - Deltas instead of entire file. Plus deltas are compressed. - It handles lots and lots of files well. - You can easily age off older deltas. Not hard to keep 26W or 52W of daily or a few-times-per-day backups. - Metadata such as file permissions / owner / group are stored in regular files in the rdiff-backup target directory, so the destination file system where you store the rdiff-backup files does not matter much. - Files are stored along with a SHA1 hash, making it possible to detect bitrot in your backups. Downsides: - Restoring a file more then 10 or 20 deltas old requires a lot of disk activity (putting /tmp on a SSD helps a lot) Suggestions: - Each mailbox folder should be its own rdiff-backup target. That allows you to only backup mailbox folders which have changed in last N hours/days. It also means that if things go pear-shaped with rdiff-backup, only that one backup target is at risk. - Put /tmp on a SSD, especially if you run rdiff-backup verify and validate more then 1-2 revisions into the past. - Once you have your rdiff-backup directories on another server it is trivial to LVM snapshot that and then rsync to either a USB drive or offsite server (or both). The rdiff-backup directory structure is very rsync-friendly. - If you're going to do hourly backups, have (2) rdiff-backup locations. One that deals with the hourly backups and has a short retention cycle of only 3-4 weeks. Another location that deals with daily backups and has a 55W retention cycle. That way you can restore to an hour within the past 3-4 weeks, or any day within the past 55W.
Re: Aw: Re: Mailboxes are in Maildir format. Any good backup tips? Had success with version control?
On 7/1/2014 4:48 AM, Infoomatic wrote: If you actually want to preserve those increments (as opposed to just keeping an rsync mirror up-to-date), I like rdiff-backup. It handles maildirs well because of the one-message-per-file design. Second that. It's great tool that keeps an actual sync (rsync-based) of the data-directory and the metadata (delta) in a seperate directory to restore data from any date. Alternatively, you might want to take a look at bacula, which was faster in most cases (development seems to have stalled, but there is a fork I have not had time to take a look at: bareos). However, I liked the rdiff-backup way because I can restore files via scp or rsync (most of my requests were like please restore from yesterday) or if I want to restore data from a certain date I can use rdiff-backup from command line (bacula is much more complex, and you need the admin tool to restore files - rdiff-backup works from command line locally or via ssh/keyauth) I looked at Bacula/Amanda - which are great systems if your focus is tape or backup to disk. But neither of them had good support for backup to disk, rsync to offsite. rsnapshot / rdiff-backup are just better at creating backups which are rsync-friendly over the WAN. Which also means you can easily push the backups to USB drives without having to wait hours and hours.
[Dovecot] rdiff-backup of Maildir?
What's the best way to do long-term backups of the Maildir format these days? Traditionally we've just done a rdiff-backup or pointed Bacula at the Maildir. Both give us the option to reset a particular mailbox back to a previous day (any day within the last N months). Do we just need to snapshot the LVM volume that holds all the Maildir boxes, or is there some additional commands that we should run before doing the LVM snapshot?
[Dovecot] Pigeonhole vacation auto-response not respecting days parameter
This might be a PEBKAC on my end, but in our old server, vacation
responses would only be sent back to an origin address once per day
because we had :days 1 in the rule.
On the new server, even though we have :days 1, pigeonhole is sending
responses to every message, resulting in multiple vacation responses
each day back to each origin address.
The following was generated by Roundcube's web interface, it looks to be
correct.
---
require [vacation];
# rule:[vacation-reply]
if allof (not header :contains Subject [spam], not exists
List-Unsubscribe)
{
vacation :days 1 :addresses
[ema...@example.com,ema...@example.com] :subject Out of office
reply text:
I am currently out of the office July 11th and 12th, returning on July 15th.
During this time I will have no access to email.
Thank you.
User So-And-So
.
;
}
---
Interestingly, if I look at .dovecot.sieve.log, I see error messages
like (except that the vacation responses are, in reality, being sent):
error: msgid=20130711134816.35b9a40...@mail.example.com: failed to
send vacation response to originem...@example.com (refer to server log
for more information).
And in the maillog:
Jul 11 09:48:17 servername sendmail[28244]: r6BDmHem028244:
SYSERR(UID1132): Who are you?
Jul 11 09:48:17 servername sendmail[28244]: r6BDmHem028244:
Authentication-Warning: servername .example.com: Unknown UID 1132 set
sender to using -f
Jul 11 09:48:17 servername sendmail[28244]: r6BDmHem028244: from=,
size=725, class=-60, nrcpts=1,
msgid=dovecot-sieve-1373550497-20224...@servername.example.com,
relay=Unknown UID 1132@localhost
My guess at this point is that I've failed to configure pigeonhole
and/or postfix's copy of the sendmail command properly so that it can
create the who I have send mail to recently file.
Re: [Dovecot] Dovecot + SELinux permission problems
On 6/24/2013 9:58 AM, Johnny wrote: Yes, /var/log/audit/ with audit.log. There are some archived logs as well, but no recent messages regarding dovecot perms. Typically you could use sealert -a /var/log/audit/audit.log /var/log/audit/audit.log.1 to get a feel for how many SELinux exceptions are happening. Also, when you say that the restorecon -R did not fix the issue, did you check the output of ls -Z after running it? However, looking at your original message, I'm wondering why the forward slashes are doubled up. For instance: /home/user/data1/Maildir//
Re: [Dovecot] Sieve file permission problem
On 6/20/2013 4:16 AM, Zoltan Lippai wrote: Thanks for the answer, I'm not sure what you mean by the additional permission details. If you have SELinux in Enforcing mode, you should also look at using ls -lZ to get the file context. You can also use selart -a /var/log/audit/audit.log to see whether dovecot or anything else is throwing AVC exceptions that need to be addressed.
Re: [Dovecot] MySQL tables and official documenttation
On 6/20/2013 9:04 AM, Mohsen Pahlevanzadeh wrote: Dear all, Unfortunately, i created my tables according to the older tutorial, i search in dovecot.org and postfix.org but i didn't find any official documentation for tables. I want to use PF 2.10 and dovecot 2. Its tutorial was wrote on debian etch. eatch is very old. You'll want to look at the following website for postfixadmin stuff: http://sourceforge.net/projects/postfixadmin/ http://postfixadmin.sourceforge.net/ Roughly, the install process is: 1. Create a database user in mysql and create the database 2. Install the postfixadmin tgz contents somewhere under /var/www 3. Fire up your webbrowser and point it at the postfixadmin setup.php URL If you follow the install directions, the postfixadmin page will create your database for you. After which you can start populating the database with domains, mailboxes and aliases. (Installing RoundCube is a similar process.)
Re: [Dovecot] doveadm move syntax
On 6/19/2013 10:25 PM, vincent truc wrote: Hello I want to forward an email to us...@domain.com box to the box us...@domain.com For this I try to use 'doveadm move', but I'm having problems with the syntax. Could you give me an example please? Assuming that you looked at man doveadm-move (I had to dig for a few minutes to uncover that)... EXAMPLE Move jane's messages - received in September 2011 - from her INBOX into her archive. doveadm move -u jane Archive/2011/09 mailbox INBOX BEFORE \ 2011-10-01 SINCE 01-Sep-2011 At a guess... Archive/2011/09 can be either a path relative to the origin user, or an absolute destination such as: maildir:/backup/20101126/jane.doe/Maildir I don't know if it automatically handles putting the proper permissions on the destination files though. I'm basing that guess on the examples at the bottom of man doveadm-import.
Re: [Dovecot] Allowing clients to test their Sieve scripts
On 6/14/2013 12:40 PM, Frerich Raabe wrote: Hi, One thing which came up repeatedly is that clients using the IMAP server I run (using Dovecot 2.1) wonder whether they broke their Sieve scripts, i.e. it often goes like I don't know whether I just didn't receive any mail, or whether my filters broke. Can you check the logs?. I then usually just run the sieve-test binary (part of the Pigeonhole distribution) and send them the output. However, I was wondering - is there maybe a way for them to try it themselves? Like, maybe a tiny web server which just prints a form asking for a mail file and a sieve script, and then it runs sieve-script and prints the output of that? I wonder how other people do that. If you have Thunderbird, you may want to have them try out the Sieve plug-in available at http://sieve.mozdev.org/ It auto-compiles and displays errors in the edit window. The other thing we do is use RoundCube webmail (which has a sieve plugin) and have our users edit their sieve scripts through that instead. It's a form-based rules editor, so a bit harder for them to goof it up.
Re: [Dovecot] Allowing clients to test their Sieve scripts
On 6/14/2013 2:07 PM, Ben Morrow wrote: Simply providing some way for them to read the .dovecot.sieve.log file created in their home directory would be a good start. If there are any problems with delivery they will be logged there. You could set up some sort of web access, or even have a daily cronjob to mail the file to the user if it isn't empty. What about having sieve add a x-rules-fired header and adding that to the message?
Re: [Dovecot] Can't got mail by OUTLOOK for a half million mails account
On 9/1/2011 10:34 PM, Dong Ding wrote: I used postfix always_bcc to backup mail. And up to now the backup account has half million mails in cur/, when I first time tried to receive the mail by outlook, it failed , no responds. Does any one has some good idea to deal with this problem? If it's IMAP, you may have to try Thunderbird or some other IMAP client. But most are going to horribly die past 100k messages in a single folder (and some will die much sooner). There's also the brute force method of moving 90% of the messages to some other temporary folder on the file system, grabbing the 50k that are left. Then moving messages back into the new/ folder in batches of 50k or so. I'll echo Gregory's comment that you really need to setup some sort of Sieve rules to split out messages to sub-folders on-the-fly going forward.
Re: [Dovecot] OT - small hd recommendation
On 9/1/2011 12:48 PM, Daniel L. Miller wrote: Given my extensive requirements - I haven't yet filled my existing 320GB - size isn't a big deal. Am I actually deriving much benefit from 4-disk RAID10 using 160GB discs - vs a 2-4 disc 1TB RAID1 array? A pair of RAID-1 mirrors: - easy to deal with - you can attempt to manually balance load between the two arrays (storage on one pair, indexes and mail queue on other pair) - disks can be pulled and taken to another machine and read one by one - slightly harder to screw up (but both setups die if the wrong 2 disks fail) RAID-10 over 4 disks: - generally faster seeks - generally faster read/write speeds due to striping - generally the better choice for performance - a bit harder to bury the disks vs a pair of mirrors - lets you have a bigger partition - all the eggs in a single array If you're having performance problems on the existing RAID-10, your only real choices are to throw more spindles at it (move to a 6 or 8 disk RAID-10 w/ a hot-spare disk), throw faster spindles at it (10k/15k SAS), or move to SSD. So, if you think you can manually balance the needs of the system, you could try a pair of independent mirrors. But if you want less hassle, stick with the RAID-10. (And look into a tool like atop which can be run in the terminal and does a decent job of showing you whether the CPU/DISK is overly busy.)
Re: [Dovecot] sieve vacation problem (discarding)
On 9/1/2011 2:34 PM, Lampa wrote: Hello, i'm using 1.2.15 version on debian. I'm getting discarding vacation response for message implicitly delivered tou...@domain.com I have domain domain.com which has alias do-main.com. When sending email to main domain (domain.com) seems to be ok, but for aliased domain getting discard ;( On our older Dovecot v1 installation, we use the :addresses tag and just put the addresses in (with all the variations). Which may not be as clever as you wanted due to manually listing the recipient addresses, but seems to work for us. require [vacation]; vacation :days 1 :subject Out of office reply :addresses [u...@example.com, u...@example.net, u...@example.org] Body text ;
Re: [Dovecot] OT - small hd recommendation
On 8/30/2011 5:43 PM, Daniel L. Miller wrote: A little OT - but I've seen a few opinions voiced here by various admins and I'd like to benefit. RAID-10 is fine (note that the default mdadm RAID10 isn't actually RAID10, but it works well enough). RAID-6 won't be faster (and will probably be worse) although RAID-6 does do a bit better in a double-drive failure over RAID-10. The only way to get more performance out of (4) drives is to switch to 10k or 15k SAS (or SSDs). For more information - see the Linux RAID mailing list: http://vger.kernel.org/majordomo-info.html One problematic issue with consumer-grade SATA drives (which may or may not bite you) is that they will not time out on errors fast enough to keep mdadm happy. The enterprise grade drives are better about this (such as the ES.2 series), but for smaller arrays (6 drives or less) it's not as big of a deal. For bigger arrays, it's a definite issue, especially if you try and do RAID-6 over 8+ drives. If you're getting SMART errors, then it's time to swap the drives out. If mdadm is reporting sync errors or dropping drives from the array, then get your backups squared away ASAP before fiddling. My knee-jerk reaction when I hear 4-drive RAID-10 is that it has no hot-spare. Which means that as soon as 1 drive fails you're in dangerous territory (make sure it pages you automatically) since the array can't automatically repair. Make sure you can properly identify the drive that fails (via the serial numbers) and don't try a hot-swap. (Take a look at /dev/disk/by-id, /dev/disk/by-uuid, etc. Export a copy of that information on a daily/weekly basis off of the machine. In a software RAID environment, it gives you better information about which drive serial # failed rather then relying on lights.) Our mail server is 3-way RAID1 (triple mirror) for the OS and mail queue with a 5-disk RAID-10 (4+spare) for mail storage.
Re: [Dovecot] thunderbird and subscriptions with sieve
On 8/31/2011 7:15 PM, Stephan Bosch wrote: If you set lda_mailbox_autosubscribe to yes, it will subscribe folders created by Sieve automatically. However, afaik Thunderbird will not notice the subscription at first. You need to reconnect for that to be noticed. That's been my experience. Sometimes a refresh will pick it up, but Thunderbird tends to be very slow about picking up new folders until you restart Thunderbird. Note that in Dovecot v1, there's a flag that you set on the dovecot LDA to enable this behavior (lda_mailbox_autosubscribe was added in Dovecot v2): http://wiki.dovecot.org/LDA Note the -n and -s parameters. (Which get configured in master.cf if you're using Postfix. Not sure how that gets configured on other MTAs.)
Re: [Dovecot] Multiple domains to one inbox and temporary redirects...
On 8/31/2011 12:41 PM, Nick Rosier wrote: I'm using Postfixadmin to manage users and have server alias-domains. All mail sent to an alias-domain is delivered to the other domain. Quite easy if you've got postfixadmin already setup. Otherwise I think you could configure virtual_alias_maps in postfix to something like hash:virtual_domains virtual_domains: @example.net @example.com It's been a while since I played with virtual_alias_maps, but does that allow Postfix to say that account doesn't exist during the initial SMTP transaction? We try to reject as much as possible during the SMTP session to avoid any later bounces. I remember that one of the ways of doing it was bad as Postfix would accept, then a later step (maybe the LDA) would say whoops! can't deliver this. So we do it one by one by creating a virtual mailbox under the primary domain (us...@example.com) and then doing a virtual alias under the secondary domain (us...@example.net - us...@example.com).
Re: [Dovecot] Large Mailbox Slow
On 8/22/2011 6:42 PM, Matt wrote: Doubt if there is any answer to this but will ask anyway. Have a few pop3 accounts with thousands of messages. Its slow when checking email naturally. Are there any tweaks to speed it up? I imagine there is an exchange of the message and header list which is the slow down. Too bad the list could not be compressed with gzip or something first. I think http has an option similar to that. Just asking. IMAP is a far better choice if you want to leave messages up on the server. (XFS or ext4 plus using Maildir storage format on the server can also be a big help. But unless you have evidence that the disks are buried or the server's CPU is busy, those changes may not help at all. A good and quick tool on Linux servers to monitor that is atop.)
Re: [Dovecot] Default and per-User sieve script
On 8/22/2011 7:03 PM, Patrick Westenberg wrote: Hi guys, is there any way to configure Dovecot to process the default sieve script and, after that, a user specific script? I have a default script to sort spam into a spam folder but if a user specific script is present, the default script is ignored. sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve sieve_before and sieve_after I keep our global default script in /etc/dovecot/sieve/global, any scripts that run first go in /etc/dovecot/sieve/before and the post-user scripts go in /etc/dovecot/sieve/after. I tend to put most scripts in the after folder with only a tiny handful of ultra-specific scripts that must run for every user in the before folder. Scripts in the after folder can then be easily overridden by the user in their per-user scripts if they don't like how things are working.
Re: [Dovecot] mail spool filesystem
On 8/17/2011 9:23 AM, Julio Cesar Covolato wrote: Hi! I´m about to migrate a system whith 5000 accounts whith (~ 500GB) from postfix/courier-imap/maildrop/mysql to a new hardware whith postfix/dovecot/dovecot/mysql. I´ll make a separate partition (raid 1) for the mail spool (/var/spool/vmail) and want to now what type of filesystem to use on it to increase performance. I read that XFS is a good choice, but is not too reliable... We run ext3 and ext4. Individual mailboxes with a few hundred thousand messages in Maildir on top of ext3 ran fine (800k messages, 4GB mailbox was not unusual). Slowly migrating file systems over to ext4 as we have time (or rollout new hardware). Frankly, for that big of a mail store, I'd go with RAID 1+0 over a minimum of 4 spindles for the storage of the mbox / Maildir files. If you have heavy usage, seek time might be your biggest enemy. Keeping the postfix spools (/var/spool/postfix) on a separate set of disks (like the RAID 1 array that you use to run the operating system off of) helps.
Re: [Dovecot] Blackberries
On 8/5/2011 3:05 PM, The Doctor wrote: Wonder if anyone knows how to tell a blackberry portable phone how not to get pick up a message it already got in IMAP. Not exactly sure what you mean. My Blackberry plays fine with IMAP (configure it to point at IMAP and not POP3). The oddities are: - Deleting a message on the IMAP mailbox will not make it vanish from the BBerry - Read flags are mostly two-way, but not always - Not much support for IMAP folders
Re: [Dovecot] sievec - manual compile of global sieve scripts?
On 8/1/2011 8:43 PM, Stephan Bosch wrote: On 8/1/2011 10:11 PM, Thomas Harold wrote: How do you compile global scripts using the sievec command without making the script directory owned (and group writable) by the vmail user? http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage # cd /etc/dovecot/sieve/before/ # (edit some script like spam.sieve that runs for everyone) # /usr/local/bin/sievec spam.sieve spam.svbin sievec(root): Error: sieve: binary save: failed to create temporary file: open(spam.svbin.hostname.26921.) in directory /etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is not dir owner) Why are you executing sievec as vmail in the first place? You should be able to run it as root or any other user you use to manage global sieve scripts. Sorry, I may not have been clear before, I am trying to run sievec as root. So the error is confusing to me because it looks like sievec is trying to drop privs and do the compile as the vmail user. I haven't done anything special to the sievec file (like making it run as vmail or always run as root, SELinux is in permissive mode until I gather up enough entries in the audit log to make an audit2allow run useful). # ls -la /usr/local/bin -rwxr-xr-x 1 root root 123989 Aug 1 12:25 sievec -rwxr-xr-x 1 root root 119415 Aug 1 12:25 sieve-dump -rwxr-xr-x 1 root root 133592 Aug 1 12:25 sieve-test As a workaround, I may temporarily alter my Makefile to set the directory writable by the vmail group, compile the scripts, then set the directory read-only again. The files end up owned as vmail:vmail when I do that, even though I execute the sievec command as root. # /usr/local/bin/sievec sortspam.sieve sortspam.svbin -rw-rw-r-- 1 root root 477 Aug 1 15:33 sortspam.sieve -rw-rw-r-- 1 vmail vmail 321 Aug 2 08:26 sortspam.svbin ... My current Makefile. # cat Makefile # http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage#scriptcompile SIEVEC=/usr/local/bin/sievec SRCS=$(wildcard *.sieve) OBJS=$(SRCS:.sieve=.svbin) all: $(OBJS) %.svbin : %.sieve $(SIEVEC) $? $@
[Dovecot] dovecot-config file location on CentOS5 / RHEL5?
Using the pre-built RPM from ATRPMs. Where does the dovecot-config file get generated? Is there a flag in a config file that controls whether it gets created? Installed Packages Name : dovecot Arch : x86_64 Epoch : 1 Version: 2.0.13 Release: 1_129.el5 Size : 5.1 M Repo : installed Summary: Dovecot Secure imap server URL: http://www.dovecot.org/ License: MIT Do I have to install Dovecot from source in order to also use the Pigeonhole plug-in?
Re: [Dovecot] dovecot-config file location on CentOS5 / RHEL5?
On 8/1/2011 11:33 AM, David Warden wrote: On Aug 1, 2011, at 10:45 AM, Thomas Harold wrote: Using the pre-built RPM from ATRPMs. Where does the dovecot-config file get generated? Is there a flag in a config file that controls whether it gets created? Do I have to install Dovecot from source in order to also use the Pigeonhole plug-in? I'm pretty sure I'm using that RPM and you only get dovecot-config as part of dovecot-devel, which you will need to compile Pigeonhole. For me it is /usr/lib64/dovecot/dovecot-config. -David Warden Thanks. That was it, I did not have dovecot-devel installed from ATRPMs-Extras. I still had to tell ./configure where to find it though. ./configure --with-dovecot=/usr/lib64/dovecot/ (Which is good, because I was having trouble telling the dovecot source code config where to find the postgreSQL development packages for 9.0. PGSQL support is already compiled into the ATRPM build so I'm glad that I can just use that.)
[Dovecot] Redelivery of messages in Maildir through sieve to be re-sorted
http://wiki2.dovecot.org/HowTo/RefilterMail
That solution looks great for a single user, but is it possible to do a
larger version that runs for everyone on the server? I'm speaking
specifically of a virtual setup where all mailboxes are owned by a
common UID/GID.
It seems like (with brief testing) that I could search for mail inside
of a Refilter folder, like
/var/vmail/domain.ext/username/Maildir/.Refilter/{cur|new}, and shove
that through dovecot-lda.
I would just need to put the username/domain.ext back together in the
format of usern...@domain.ext.
/usr/libexec/dovecot/dovecot-lda -e -d usern...@domain.ext -p (path to
message)
If dovecot-lda doesn't throw an error, then I could delete the message
from the Refilter folder and move onto the next message.
Or does Dovecot get horribly confused when messages vanish out of the
cur folder?
[Dovecot] sievec - manual compile of global sieve scripts?
How do you compile global scripts using the sievec command without
making the script directory owned (and group writable) by the vmail user?
http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage
# cd /etc/dovecot/sieve/before/
# (edit some script like spam.sieve that runs for everyone)
# /usr/local/bin/sievec spam.sieve spam.svbin
sievec(root): Error: sieve: binary save: failed to create temporary
file: open(spam.svbin.hostname.26921.) in directory
/etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail)
egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is not
dir owner)
# ls -la /etc/dovecot/sieve/before/
drwxrwxr-x 2 root root 4096 Aug 1 15:56 .
drwxr-xr-x 5 root root 4096 Aug 1 13:23 ..
-rw-rw-r-- 1 root root 477 Aug 1 15:33 spam.sieve
Or do I just make the /etc/dovecot/sieve/ tree owned and writable by the
vmail:vmail user? (Which worked, but seems like a bad idea.)
Output of dovecot -n
# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-274.el5 x86_64 Red Hat Enterprise Linux Server
release 5.7 (Tikanga)
auth_verbose_passwords = sha1
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = 127.0.0.1, 1.2.3.4
mail_gid = vmail
mail_home = /var/vmail/%d/%n
mail_location = maildir:~/Maildir
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date
mbox_write_locks = fcntl
passdb {
args = /etc/dovecot/conf.d/dovecot-sql.conf.ext
driver = sql
}
plugin {
sieve = ~/.dovecot.sieve
sieve_after = /etc/dovecot/sieve/after/
sieve_before = /etc/dovecot/sieve/before/
sieve_dir = ~/sieve
sieve_global_dir = /etc/dovecot/sieve/globalinclude/
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
unix_listener auth-userdb {
group = vmail
user = vmail
}
}
service imap-login {
process_min_avail = 5
}
service pop3-login {
inet_listener pop3 {
address = 1.2.3.4
}
inet_listener pop3s {
address = 1.2.3.4
}
}
ssl = required
ssl_cert = /etc/pki/tls/private/certs/example_com.crt
ssl_key = /etc/pki/tls/private/example_com.key
protocol lda {
log_path = /var/log/dovecot/dovecot-lda
mail_plugins = sieve
}
Re: [Dovecot] Dovecot Backup
On 7/31/2011 8:02 AM, spamv...@googlemail.com wrote: Hi.. are there any proofen Methods to backup all mail ? shutting down dovecot and tar the hole dir? using rsnapshot? any hints / thoughts im running dovecot2 on freebsd We use rdiff-backup to another machine on the same network (for Maildir accounts). (Also talked about last month in the Performance with 200k messages in Maildir thread.)
[Dovecot] lda_mailbox_autosubscribe - v2 wiki is a bit unclear
In the old wiki: http://wiki1.dovecot.org/LDA -m mailbox: Destination mailbox (default is INBOX). If the mailbox doesn't exist, it's created (unless -n is used). If message couldn't be saved to the mailbox for any reason, it's delivered to INBOX instead. -s: Subscribe to mailboxes that are automatically created (via -m parameter or fileinto Sieve action). (v1.1.3+) Those have been replaced in Dovecot v2 with: # Should saving a mail to a nonexistent mailbox automatically create it? lda_mailbox_autocreate = no # Should automatically created mailboxes be also automatically subscribed? lda_mailbox_autosubscribe = no But neither of those options are mentioned on the LDA wiki page: http://wiki2.dovecot.org/LDA It's only mentioned in passing on the 2.0 page that explains the changes between 1.2 and 2.0.
Re: [Dovecot] Performance with 200k messages in Maildir
On 7/19/2011 5:54 AM, Ricardo Branco wrote: If you have 200k all within one folder progs like TB will have issues loading it all up and may hang when you try to do moves/deletes etc, not sure if mutt stores a local cache of headers, thats the biggest worry. Biggest single folder ive seen at our office had 60k messages, it loads slowly on a cold cache in TB. Biggest mailbox has over 350k, my mailbox is over 250k, ofcourse thats across several folders. Mailserver is on VMware server (local drives), datastore (with maildirs) is separate NFS server on 11x2TB SATA R6 array (has other SAS disks for other things). If you have it spread out in different folders then it wont be so bad. 60k in a single folder is about the upper limit for TBird (TBird v2 was actually better suited for this). But drag-n-drop breaks if you try to do more then 3-5k messages at a time. When a mailbox gets over 30-50k messages, I archive some of them off to a sub-folder in Thunderbird. One of my TBird mailboxes is about 880,000 messages, almost 6GB of email, spread across dozens of directories. Assuming MailDir storage, the bigger issue will be (a) how well the filesystem handles tens of thousands of files in a single folder (b) the physical disks / speed / number of spindles (c) how busy the CPU is on the server and maybe (d) the amount of server RAM that can be used as cache/buffer. Ext3 is probably fine as long as directory indexing is turned on, but ext4 might be better (or something else that deals well with lots of small files). The other side is how fast the disks are on the local client. An SSD drive or 10k RPM drive on the local desktop helps a lot when you get up into the larger mailboxes.
Re: [Dovecot] Performance with 200k messages in Maildir
On 7/19/2011 11:35 AM, Ricardo Branco wrote:
I agree with yr points on TBird, moving large amounts of messages can
cause it to hang with CPU pegged at max for ages.
TBird v2 was nice and nippy, v3 acceptable, v4/v5 are just awfully slow
overall.
TBird uses mbox storage format which probably stuffs it up on large
deletes/moves etc.
It's strictly a UI issue in TBird. They changed the code for
drag-n-drop in v3 betas, I reported a performance regression bug, they
never really fixed it. It's just bad code in the TBird UI because the
time required to drag-n-drop N messages grows much faster then O(N) or
O(log N). So once you get past 2000-3000 messages, the time required is
climbing into the stratosphere.
(Fortunately, there are other, less easy to use ways of moving messages
via the right-click, move-to menu - or the File menu in the search
window. None of them are as convenient as drag-n-drop would be.)
Dovecot itself has no issue with the bigger mailboxes, the problems are
mostly either client-side or in running backups.
Just did a count on our server, 350G of email (largest single mailbox is
40G, that is 350k messages), total messages is 3.6mil+, biggest problem
is on backup, ive read that the latest rsync has fast start now rather
than wait to finish scanning.
Im intrested in the latest mdbox format to reduce how many files we have.
Try backing up small files fast enough to LTO5, tar it all up first
before backup I think.
Ile move all our maildirs to 10k SAS soon hopefully to lower the load on
the SATA disks.
We backup our Maildir users to another machine on the same network using
rdiff-backup. Each user's folder gets processed individually, which
keeps memory usage down and it goes faster on the little mailboxes and
doesn't choke as hard on the big mailboxes. Currently we keep 27 weeks
of snapshots (rdiff-backup only stores deltas each week, so it's not
that much space).
We randomize the order of processing so that in case it breaks halfway
through then at least a different set of accounts will have been backed
up this time.
Takes about 20 minutes to backup that 6GB / 800,000 message mailbox.
Other mailboxes take a few minutes or only a few seconds, total backup
window is under 2 hours for about 50GB of mail.
Just make sure on the destination volume for an rdiff-backup that you
allow lots of extra inodes. Which also holds true for the Maildir store.
(code snippet)
# since RHEL5/CentOS5 don't have sort -R option to
# randomize, use the following example
# echo -e 2\n1\n3\n5\n4 | \
#perl -MList::Util -e 'print List::Util::shuffle '
# yes, there's probably a better way to find MailDirs
DIRS=`$FIND $BASE -maxdepth 3 -name subscriptions | \
$GREP '/var/vmail' | \
$SED 's:^/var/vmail/::' | $SED 's:subscriptions$::' | \
perl -MList::Util -e 'print List::Util::shuffle '`
for DIR in ${DIRS}
do
rdiff-backup -v3 --print-statistics \
--create-full-path /var/vmail/$DIR \
${BKPHOST}::${BKPBASE}${DIR}
rdiff-backup -v3 --force --remove-older-than 27W \
${BKPHOST}::${BKPBASE}${DIR}
done
[Dovecot] SSL Compatibility? SNI vs SAN (Subject Alternative Names) and multiple domains
Getting ready to redo our mail server setup and I'm trying to wrap my head around the ins and outs and pratfalls involved in SSL, multiple domains, and Dovecot. I've taken a look at: http://wiki2.dovecot.org/SSL/DovecotConfiguration My basic understanding at this point is that: - With SSL for IMAP/POP3, it is limited to one certificate per IP address, because the SSL process starts as soon as the client opens the socket to the IP address. In order to support multiple domains / server names, you have to rely on SAN (Subject Alternative Names) in the server's SSL certificate. - If I use STARTTLS for IMAP/POP3 and Dovecot 2.x, then the SNI process will allow the client to specify that they want to talk to mail server XYZ and Dovecot will hand the correct certificate to the client. However, a lot of devices don't support SNI yet so this is fraught with peril and incompatibilities. So it seems like if I have fewer IP addresses then mail server names, I should stick with a single SSL cert and use SANs. (Wildcard certs are not an option due to the top level domain being different.) How big of an issue is a cert with half a dozen or a dozen SANs attached? Do most mail clients handle that sort of certificate properly in order to access their mailboxes? Reference links: http://www.digicert.com/subject-alternative-name-compatibility.htm
Re: [Dovecot] SSL Compatibility? SNI vs SAN (Subject Alternative Names) and multiple domains
On 3/16/2011 7:21 PM, Ed W wrote: How big of an issue is a cert with half a dozen or a dozen SANs attached? Do most mail clients handle that sort of certificate properly in order to access their mailboxes? I think it's been discussed here before, but roughly speaking yes it works fine. I use it on my mailservers and don't obviously see problems with common clients. I had looked through my mail archives back through 2008, found a threads on the topic. For posterity's sake (and if anyone wants to dig those up)... One from Jan 2010 titled Dovecot version 2 and multiple SSL certificates which is covered in the Wiki (using SNI). Prior to that was a topic from Dec 2009 titled virtual domains and SSL certificates (which boiled down to wait for Dovecot 2.x). And one from Nov 2009 titled Dovecot SSL limitations (which talks about SAN certificates). I'm just leery of using SNI because it's from circa 2006, so is rather new. So for the next few years it sounds like a SAN cert is still the way to go even with the downsides. I guess the big issue with SAN certs is that I'll need to make sure to identify every DNS name that could possible be attached to that server's IP and/or services that I'll want to use SSL for (not just Dovecot for POP3/IMAP, but also Postfix, PostgreSQL and Apache). I think in the archives you might find that there are a few less common clients which aren't happy, but I think all modern MS clients, and the other big alternatives are fine? I suspect so, all of my expected users are either using Thunderbird 3.x or fairly modern versions of MS Outlook (2003+). The rest can just use the webmail client. I bought from godaddy because it was quite cheap to get such a cert... Leaning towards DigiCert at the moment, personally not a GoDaddy fan (and that's a whole different topic). Verisign and Thawte were rather pricey compared to DigiCert. Not terribly interested in the free certs because this SSL cert would also be used for non-company users and we don't want browser warnings to pop up. Good luck Ed W Thanks. I thought I understood this a few years ago when I did my first Dovecot + SSL install, but apparently I did not grasp some of the subtleties with regards to SSL vs STARTTLS.
Re: [Dovecot] First time Dovecot user, really impressed so far. What is best IMAP enabled webmail package to go with Dovecot?
On 1/6/2010 11:38 AM, Steve wrote: An advice on another nice Web enabled mail client? Have you looked at SOGo? Have a look at their online demo - http://www.scalableogo.org/tour/online_demo.html It has more to offer then RoundCube (aka: Calendaring, synchronization with Funambol, etc). Ah? (perks up ears at the mention of Funambol) And SOGo plays nicely with postfix + dovecot?
Re: [Dovecot] First time Dovecot user, really impressed so far. What is best IMAP enabled webmail package to go with Dovecot?
On 1/4/2010 4:00 PM, Stan Hoeppner wrote: Greetings everyone, I'd like to install a webmail package on the same host. I used Squirrelmail for this purpose many years ago and I wasn't wholly impressed with the user interface. I'm also not impressed by the fact that I regularly receive spam from compromised Squirrelmail hosts/accounts. I really like the look/feel of the Scalix Web Access AJAX based interface, but I can't/won't use Scalix as it's not supported on Debian, it has more features than I need, and the system requirements are a bit steep. SquirrelMail or RoundCube. We have SM setup currently and I plan on setting up RoundCube sometime in January.
Re: [Dovecot] First time Dovecot user, really impressed so far. What is best IMAP enabled webmail package to go with Dovecot?
On 1/5/2010 1:32 AM, Ken Price wrote: If this is more than a hobby system, then you'll need to account for address books and personal settings for your users - at the least. That means some sort of backend database. I've been looking at Funambol lately to support some Blackberry users (we're not running BES). If I understand it correctly, it will let us sync our TBird address book (and Lightning Calendar/Tasks) to the Blackberry and possibly to additional copies of Thunderbird. http://www.funambol.com/ (I've also been looking at some of the groupware solutions like SoGo.)
Re: [Dovecot] A Dovecot Sieve spam filter question.
On 12/30/2009 2:21 PM, aja-li...@tni.org wrote:
Hi,
I'd like to make a filtering threshold for users to let them
deal with spamassassin spam-level starred 8 themselves,
but spam-level starred higher than 8 should be discarded
In general, it's better to quarantine high-scoring spam (we shove it in
a server-side Junk folder) then to simply discard. (The old adage of
mail delivery is that once you accept delivery of mail into your system
you should never silently drop it on the floor.)
require [comparator-i;ascii-numeric,fileinto,relational];
# Definite spam gets shoved into the Junk folder in IMAP
# Currently defined as a Spam Assassin score of 8.0 or higher
if allof (
header :contains X-Spam-Flag YES,
header :value ge :comparator i;ascii-numeric [X-Spam-Score] [8]
) {
fileinto Junk;
stop;
}
You need to check both that the spam flag is set to YES in addition to
doing a comparison on the value of the spam score header. Otherwise
you'll find that spams with negative scores can confuse the comparison rule.
This script is in a central sieve file that we include from the
individual user's home folders. We always make sure that it's the
*first* include in the user's file (after the require lines) so that
we get a chance to stop processing on spam messages before processing
things like vacation responses.
Basically, we score and tag at 5.0 - putting [SPAM] into the subject
line, and leave the message in the Inbox. But for stuff over 8.0, we
move it server-side to the Junk folder. This gives the users a lot of
flexibility. If they don't trust our filter, then can look at the
maybe spam messages in their Inbox and also look in the Junk folder.
If they're not worried about false-positives in the 5.0-7.9 range, then
they can setup a client side rule to simply move the messages from the
Inbox to the Junk folder, or delete them.
We also have a server-side cron script that runs daily and removes any
files in Junk that are older then 90 days.
Re: [Dovecot] A Dovecot Sieve spam filter question.
On 12/30/2009 5:56 PM, aja-li...@tni.org wrote:
On 12/30/2009 10:08 PM, Andrzej Adam Filip wrote:
As I understand :contains tests presence of the sub-string
= so you can test 'at least n consecutive stars present' ('n stars OR
more')
Okay, thanks, after some searching I see that quite some people
apparently have this working successully, for example here :
http://www.cs.uchicago.edu/info/services/imap/sieve
But this (2nd line is one long line) :
require [fileinto];
if header :contains X-Spam-Level
** {
fileinto Junk;
}
simply delivers the gtube test email in the Inbox instead of the Junk
folder :( No errors in the dovecot-deliver log, what am I missing ?
Probably because after filing it into the Junk folder you also want to
issue a stop; statement to prevent further down rules from firing.
{
fileinto Junk;
stop;
}
(It's a common error that I make all the time.)
Re: [Dovecot] Spam filtering (was: Re: Sieve mails with decoded subject)
On 12/10/2009 2:28 PM, Johannes Bauer wrote: Eduardo M KALINOWSKI schrieb: On Qui, 10 Dez 2009, Johannes Bauer wrote: I'm thinking about filtering all such encoded subjects (as there's no reason to encode them US-ASCII), but suppose it were UTF-8 or something: how can I filter on the actual content, not the encoded subject? Surely someone has solved that problem already? Yes, such as the guys behind SpamAssassin, or dspam, or any of the many spam filtering programs that exist. Actually, they make much more complicated decisions instead of only looking for bad words in the subject field. I'd suggest you try installing one of them. I had SpamAssassin running once and was pretty disappointed. All those complicated rules and scoring and smart bayesian filtering did not work very well, although I taught it in around 50k mails right from wrong. I had both lots of false-positives and lots of false-negatives, which was kind of annoying. However, analyzing 274 spam mails I deleted in the last 5 months I can conclude that by using that extremely simple filter list I'd catch 258 of them (that's 94%). So I'd like to stick to KISS in this case. From what I've seen, SA has been extremely good and accurate for us. We use amavisd-new to interface, but SA is at the end of a long chain of checks. Between the (3) HELO checks, clamav-milter, and a SPF policy daemon, we're killing ~60% of all connections at SMTP time. (I analyzed that in November, instead of 65/day hitting my inbox I would've seen 6x that amount if it wasn't for those checks. So ~80% of all spam was getting blocked at SMTP time.) If we were to pay for the Spamhaus Zen list, we could probably boost that percentage to 90%. All of the domains we do business with get a -2 or -4 score using amavisd-new. Specific addresses get a larger negative score. I ran a few thousand spam ham messages at the SA bayes filter, then turned it on. We tag messages with a [spam] flag at 5.0 and quarantine at 9.0. Tagged messages go to the user's Inbox, quarantined messages get sieve'd into a sub-folder in the user's mailbox. So far (in a month), no false positives. Or at least none that people have complained were quarantined when they should not have been. I'm considering lowering the quarantine threshold next month. It's been nice to have my Inbox back, without 65 spams/day cluttering it up. Now I might see 2-5 per day that slip through without getting tagged as borderline spam (at 5.0 or higher). Those are mostly zero-day spam that haven't made it to the URIBLs or DNSBLs yet. I'm still debating grey-listing, Razor, DCC or paying for the Spamhaus Zen list. Compared to another, commercial, product that we were using a few years ago, SA is very very good. Not perfect, but really does a good job of classifying things with decent accuracy.
Re: [Dovecot] different views of a imap account
On 12/2/2009 6:21 PM, Ajaxster wrote: Hi, I've looked around a few times to see if I could figure the answer to this question but I think I may not know the right question to ask... The scenario I have is that I'm running dovecot, exim and procmail on one server (using maildir storage) and also have apache on another server. I can run squirrel mail, roundcube, etc. all on the web server and access all my email just fine. I can run outlook or thunderbird or other imap clients just fine too. I have some smart phones that support imap mail servers, but when I set them up to connect to my server, the client seems to have to sync up data on all the mailboxes (lots of headers to download). All I really want on my remote (phone based) imap clients is to view my inbox. I believe that the subscriptions are done globally in that every client sees the same subscriptions, so that doesn't seem like the way to narrow down what my phone imap clients see. On my HTC Touch Pro (Windows Mobile), it has its own idea of what the folder subscriptions are and doesn't track the IMAP subscription info. Which is good, because it chokes on my archive folders with a few thousand messages per year. So I'm able to tell it to only look at Sent Inbox without messing up the subscriptions on the other IMAP clients that also access that mailbox. My other suggestion... split your high volume folders out to a 2nd IMAP account.
Re: [Dovecot] Vacation message with Sieve
On 11/24/2009 6:27 AM, Charles Marcus wrote: On 11/23/2009, Patrick Nagel (patrick.na...@star-group.net) wrote: Yes, that was my first proposal, but that was also rejected harshly by the other project managers. They wanted to have some transit time in which the replacement guy would still access the leaving guy's mailbox. They felt that just deactivating the mailbox and rejecting mails would be rude. 1. Add an alias to the x-managers account that forwards all incoming mail to his replacement, or 2. Add the x-managers account to your replacements email client, so they can check it as well as theirs. 3. (slightly different) Have the vacation auto-reply set and also use the sieve redirect method after the vacation message gets processed? redirect :copy newmana...@example.com; New manager gets the email, clients get a hey, I retired but these folks over here will also get a copy of your message and will help you message. 90% sure you can do that (vacation is supposed to be compatible with redirect)... I'll have to try it the next time that someone retires around here. Eventually (30-90 days), we turned off the redirect and changed the vacation message. You'll want a very good server-side spam filter with aggressive quarantine levels for that user if you're going to have a long-running vacation reply in place. That'll avoid the vacation script replying to every joe-jobbed message that makes it into the mailbox. The sooner that you can start returning 5xx codes for the old address the better (IMHO). (Still doesn't address the issue of more then one per day, but you'd have to complain about that to the folks who wrote RFC 5230 who specify that :days has to be greater then zero.)
Re: [Dovecot] Newbee, some questions
On 11/22/2009 12:39 PM, Spyros Tsiolis wrote: Due to reasons beyond me (mainly my clients demanding more for their buck / things like webmail etc.), I was forced to start searching for (always) open source alternatives. We used Postfix only for a long time (SMTP/POP3), back in '07 I started researching, built a test rig in early '08 and we switched full over to Postfix/Dovecot in late spring of '08. You'll have a lot of reading ahead of you and I recommend registering a domain or two to use as a test bed on the new system before you start adding the real domains and repointing MX records at the new box. 1. Do multiple domain handling. This can be done with virtual domains and users. We found it easier to go with virtual users instead of system users for our multi-domain setup. http://wiki.dovecot.org/VirtualUsers http://wiki.dovecot.org/SystemUsers Personally, we use PostfixAdmin (a web-based tool) along with its databases (in PostgreSQL) to store our virtual domains and to manage domains/accounts. Our Postfix (which handles the SMTP side) and Dovecot (which handles the POP3/IMAP side) query this database for domain/user information. We used to use a system users setup, which had the advantage (and disadvantage) that Fred could receive email as f...@anyofourdomains without having to do anything special. With the virtual user setup, we had to put fred@ into one domain, and then setup aliases in the other domains that rewrote f...@otherdomain into f...@homedomain. In the long run, I'm happier, because most of our users really didn't need to be addressable as u...@anyofourdomains. 2. Have a centralized user base 3. Have a centralized mail repository for each user (like exchange, only without the admin/maintenance pain that comes with it) We store user email in Dovecot's Maildir setup, usually under: /var/vmail/domain/user/ There are lots of sub-folders below that point specific to the MailDir implementation. I personally have IMAP mailboxes with hundreds of thousands of messages spread across dozens of folders and a total size of over 2GB. 4. be able to do IMAP/POP3 and not SMTP/POP3 (or do I need all three of them ?) SMTP servers (postfix, sendmail) handle accepting mail from the outside world before handing it off to a LDA (local delivery agent) like Dovecot. The SMTP server also handles taking mail from a mail client (submitted via SMTP) and either handing it to the LDA for local delivery or contacting foreign SMTP servers to deliver to other domains. (Postfix also has an LDA component, and a POP3 component, but you can plug other LDA servers in like Dovecot.) POP3/IMAP access to the mailbox location is usually the job of Dovecot. 5. Interface with things like web-based mail software (LAMP ?) We use SquirrelMail here for our webmail. I'm pretty sure that it talks to the Dovecot IMAP server in order to access the user's mailbox. Once you have IMAP access to your mailboxes configured, you can use lots of different tools to talk to it.
Re: [Dovecot] Vacation message with Sieve
On 11/23/2009 7:19 AM, Rene Bakkum wrote: Hello all, I am trying to get my vacation messages to work correctly. In general it works like how I want, and replies when a message is arived to for example i...@domain.com, but I have some problems to get my vacation message to work on catch-all boxes. Is there an option to for example auto-reply on every mail that is sendto @domain.com? As stated by Pascal, catch-all addresses are evil. Especially when the spammers do a dictionary attack run against your domain (you'll get messages for a...@example.com, a...@example.com, a...@example.com...). In our setup, we specify multiple addresses as: :addresses [na...@example.com, na...@example.com, na...@example.com] (For the few people that we allow inbound mail via multiple aliases.) I understand the desire to have a catch-all address, I used to do it myself a few years ago. But the aggravation eventually caused me to reevaluate whether it was worth all of the dictionary attack spam. So I setup aliases in postfix for all of the addresses that I was truly interested in monitoring and simply 5xx unknown user the rest of them.
Re: [Dovecot] Newbee, some questions
On 11/23/2009 2:12 PM, /dev/rob0 wrote: On Sun, Nov 22, 2009 at 01:55:22PM -0500, Thomas Harold wrote: We used Postfix only for a long time (SMTP/POP3), ... Um, no, Postfix does not serve POP3. Thanks for catching that. I wonder what the Solaris admin was using to serve up POP3 access to the mbox files? Maybe it was qpopper, that sounds familiar... (I'd have to dig back through my SSH session log files to know for sure.)
Re: [Dovecot] [OT] preferred clients
On 11/20/2009 12:59 PM, Jonathan wrote: I'm getting tired of Thunderbird telling me I have unread messages in folders that haven't gotten new messages for months so I'm looking for a new mail client. I know the problem lies with Thunderbird because everything is fine via RoundCube and if it tell Thunderbird to rebuild it's index it shows the folder correctly again. Except of course for a subset of the messages in my inbox that it insists where delivered at the exact time I re-indexed it, every time. I'm currently testing out the Thunderbird 3.0 release candidates... overall, it's better then TB 2 was at IMAP. Overall, I'm pretty happy with version 3 and how it deals with my multi-gigabyte IMAP mailboxes with dozens of folders. Stability seems to be better then it was in TB v2 in terms of indexing and downloading messages. (That comes with a huge caveat, however. Beta 4 introduced some rather severe bugs in IMAP performance which have yet to be fixed as of RC1 build #2. I'm hoping that this coming week there will be another more stable build.)
Re: [Dovecot] [OT] preferred clients
On 11/20/2009 1:51 PM, Thomas Berezansky wrote: Personally, I am using Horde (http://www.horde.org/) at work (this address) and Outlook 2007 at home (largely due to getting freaky attachments I need to open on a regular basis that only Microsoft mail clients seem to be able to open properly). Out of morbid curiosity... how good is Outlook 2007 at IMAP? I've had experience with Outlook 2003 and the 2GB PST limit was a deal breaker for me. I'm curious whether Outlook is getting better or worse at IMAP. (In OL2003, they introduced a better PST format that was no longer limited to 2GB. But you can't use it with IMAP accounts. It also had weird behavior like deleting messages would not make them vanish from the folder until you did some sort of compact operation.)
Re: [Dovecot] [OT] preferred clients
On 11/20/2009 2:16 PM, Charles Sprickman wrote: We're talking about a mailbox with two or more users always in it and around 40K messages across a few hundred folders. The scale of it all seems to be part of the issue I think. I run TB v2 on my laptop and TB v3 betas on my desktop. I've not seen messages suddenly getting marked as unread. My mailing list mailbox subscribes to a few dozen mailing lists, so most folders have between 1k and 25k messages in them (about 2GB of mail). The postmaster mailbox routinely has folders with 40-50k messages in a single folder (error reports, mailbox size is up around 2GB at the moment). We're using a MailDir storage format, Dovecot 1.1.6 with Postfix on the front end. All running on top of CentOS 5. (Biggest problem I've had with TB v2 is that it sometimes loses track of the server after a while, so you'll go to send a new message and it will get stuck trying to talk to the server.)
Re: [Dovecot] [OT] preferred clients
On 11/21/2009 9:42 PM, Jonathan wrote: Do you know anything about the date issue I mentioned where TB shows emails with a date of the last time the folder was indexed instead of when the email was actually delivered? I've seen that bug, I generally either reindex / compact or completely unsubscribe and then resubscribe to the folder after restarting TB v2. I don't think I've seen it on the TB 3 side in the past 6 months since I started with beta 2. There's been a lot of work as well on indexing in Beta 3/4 when they introduced gloda (the global indexer). (I severely abuse TB, having folders with 50k messages in them, subscribing to dozens of mailing lists... good thing that I'm the mail admin and don't have to worry about quotas.)
Re: [Dovecot] [OT] preferred clients
On 11/21/2009 9:54 PM, Jonathan wrote: Okay, that didn't take long. I have another spurious unread message already. Should I do what it says here [1] and grab a nightly build and create an entire new profile, or should I just report with what I have? Any suggestions on what component to file the report against? If you decide to use the nightly, start with a new profile and try either (wait a day and I think we'll see a build #3 for RC1): http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/3.0rc1-candidates/build2/ or http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/2009-11-21-03-comm-1.9.1/ Thunderbird 3.0 is based off of Comm-1.9.1, the previews for Thunderbird 3.1 are Comm-1.9.3. The nightly builds for 1.9.1 seem to happen in the early morning hours. As for which component... I'd say either Mail Window Front End or Mail Reader UI. https://bugzilla.mozilla.org/describecomponents.cgi?product=Thunderbird You'll probably have to catch it in the act while logging is turned on. https://wiki.mozilla.org/MailNews:Logging You may also want to rule out hardware issues such as flaky memory, which could be causing corruption in the indexes.
Re: [Dovecot] Dovecot and SATA Backend
On 11/16/2009 8:00 AM, Nicolas GRENECHE wrote: Hi all, I plan to run a dovecot IMAPS and POPS service on our network. We handle about 3 000 mailboxes. I thought first buying a topnotch server (8 cores and 16 Go RAM) with equalogic iSCSI SAN SAS 15K for storage backend. We run about 300 mailboxes, ~1 to 1.5 million inbound connections per month and about 1-1.5 million messages delivered to Dovecot per month on a low-end server. The O/S drive is 10k RPM SATA and the MailDir folders are stored on a 4-disk RAID-10 7200rpm SATA. It's a dual-core, ~2GHz, 64bit CentOS 5 server with only 4GB RAM. We also do anti-virus and spam filtering (SpamAssassin) scoring on that system along with using it for a few other tasks. The system chugs at times (during the daily backup window) but otherwise I'd say we're at about 25-30% load currently. Fortunately, providing basic mail service isn't that system intensive. I think your sizing issue is going to be more about how many messages per month you're pushing through the system then sheer number of mailboxes. And maybe the overall size of the mail store. (Heck, our old mail server was a Solaris 200MHz x86 box with 256MB RAM and a pair of 80GB IDE drives setup before I took over administration of the mail system.) Our current server was a test case that we put in about 18 months ago. Hopefully next year we can upgrade to better equipment (more cores, more memory, and more and faster spindles). And maybe some HA stuff like DRBD and Heartbeat.
Re: [Dovecot] Sieve question
On 7/7/2009 1:59 PM, CJ Keist wrote: If there is a separate sieve mailing list let me know. But have question if someone else has done this or not. Right now I have web form people use to setup their vacation replies using Sieve (1.1.6). The form alows them to set what they want their reply address to be, whether to send the reply once, weekly or bi-weekly. I would like to setup another option to let them set the date in which to de-active the vacation replies automatically. Right now they have to remember to log back into the form to turn off the vacation reply. Has anyone set something like this up? From what I've seen of the sieve RFCs, there's no provision for setting this. (Or has that been added?) I also run into this request regularly with my users who want their vacation replies to turn on at 2pm Friday and turn off at 9am Monday. Which currently means that someone has to babysit the sieve scripts. Ideally, it would be an option to the vacation element (i.e. start time and end time). The reason that a start/end time would be useful is in the case of where someone wants to setup their vacation replies ahead of time, and have them automatically enable/disable for the specified time period. (apologies for continuing an old thread, but I'm curious)
[Dovecot] Restoring individual messages from a backup into a Maildir setup?
We have a user who deleted IMAP folders from his account, so I simply tried to restore the folder .FolderName from our backup. I checked that file/folder ownership was the same as the original, but the Dovecot IMAP server is throwing errors at the client. I've tried copying the individual message files from the cur folders in the backup directory, but Dovecot immediate goes into panic mode and throws errors at the IMAP client when I do that. Even if the file is owned by the currect UID. I've tried putting those files into tmp and new as well, with no luck. I looked at the following thread, but it didn't help. http://www.dovecot.org/list/dovecot/2007-August/024971.html The thread from Sep 2008 wasn't much help either: http://www.mail-archive.com/dovecot@dovecot.org/msg12846.html ... Eh, I figured this out before I even posted. Restoration is indeed that simple. The problem is that the files were not labeled with the proper SELinux security context after being restored. When the file was restored, it was assigned a context of root:object_r:file_t, which is not a context that the Dovecot service has permissions to interact with. I had to re-label the files after restoring them with # chcon -R user_u:object_r:mail_spool_t foldername So the lesson here is to check /var/log/messages and look for sealert indicators when restoring files. ... Hopefully that helps some other people out when dealing with Red Hat / CentOS with SELinux set to enforcing mode.
Re: [Dovecot] Restoring individual messages from a backup into a Maildir setup?
Timo Sirainen wrote: On Thu, 2009-01-08 at 15:36 -0500, Thomas Harold wrote: We have a user who deleted IMAP folders from his account, so I simply tried to restore the folder .FolderName from our backup. I checked that file/folder ownership was the same as the original, but the Dovecot IMAP server is throwing errors at the client. I've tried copying the individual message files from the cur folders in the backup directory, but Dovecot immediate goes into panic mode and throws errors at the IMAP client when I do that. Even if the file is owned by the currect UID. I've tried putting those files into tmp and new as well, with no luck. .. Eh, I figured this out before I even posted. Restoration is indeed that simple. The problem is that the files were not labeled with the proper SELinux security context after being restored. When the file was restored, it was assigned a context of root:object_r:file_t, which is not a context that the Dovecot service has permissions to interact with. What was it logging? I think it should have clearly said there about permission errors. Oh, all sorts of errors in /var/log/messages: Jan 8 14:48:59 fvs-pri setroubleshoot: SELinux is preventing access to files with the label, file_t. For complete SELinux messages. run sealert -l 8e0628b1-d30a-4390-8364-a899e0d1162b Jan 8 15:25:42 fvs-pri setroubleshoot: SELinux is preventing imap (dovecot_t) getattr to /var/vmail/domain/username/dovecot.index.log (var_t). For complete SELinux messages. run sealert -l 05bc0c54-dedf-4a0b-a1ee-072b2f46ca88 Jan 8 15:27:16 fvs-pri setroubleshoot: SELinux is preventing imap (dovecot_t) write to ./cur (var_t). For complete SELinux messages. run sealert -l d8ecb97c-4f3e-454a-bc40-97f1c6a3dc0a Jan 8 15:27:16 fvs-pri setroubleshoot: SELinux is preventing imap (dovecot_t) read write to ./dovecot.index.log (var_t). For complete SELinux messages. run sealert -l 5e4fd55f-401e-4ec1-ab7a-53fd9d4e09c1 Jan 8 15:27:16 fvs-pri setroubleshoot: SELinux is preventing imap (dovecot_t) read write to ./dovecot-uidlist (var_t). For complete SELinux messages. run sealert -l b58a00ab-7182-4a35-af92-3ebf1eb4fbb3 Jan 8 15:27:22 fvs-pri setroubleshoot: SELinux is preventing imap (dovecot_t) read write to ./dovecot-uidlist (var_t). For complete SELinux messages. run sealert -l b58a00ab-7182-4a35-af92-3ebf1eb4fbb3 ... My first inclination was to look at the dovecot-deliver.log file (per log_path or info_log_path). It wasn't until I went looking for SELinux errors that I discovered that it was a labeling problem. Just a standard PEBKAC error.
Re: [Dovecot] Restoring individual messages from a backup into a Maildir setup?
Timo Sirainen wrote: On Thu, 2009-01-08 at 16:35 -0500, Thomas Harold wrote: What was it logging? I think it should have clearly said there about permission errors. Oh, all sorts of errors in /var/log/messages: Jan 8 14:48:59 fvs-pri setroubleshoot: SELinux is preventing access to files with the label, file_t. For complete SELinux messages. run sealert -l 8e0628b1-d30a-4390-8364-a899e0d1162b .. My first inclination was to look at the dovecot-deliver.log file (per log_path or info_log_path). It wasn't until I went looking for SELinux errors that I discovered that it was a labeling problem. That's what I meant, did Dovecot not log anything? None that I could find. At 14:48, there's nothing in the dovecot-deliver.log file (set in the protocol lda section of our dovecot.conf). But our logging section at the top of the dovecot.conf file is: ## ## Logging ## # Log file to use for error messages, instead of sending them to syslog. # /dev/stderr can be used to log into stderr. #log_path = /var/log/dovecot.log # Log file to use for informational and debug messages. # Default is the same as log_path. #info_log_path = So I'm not sure that is configured correctly to actually log errors. Currently running dovecot.x86_64 1:1.1.6-0_83.el5 from atrpms. We'll probably upgrade to 1.1.7 soon (a manual process for us since we're doing maildir delivery with separate userids and a setuid executable).
Re: [Dovecot] Restoring individual messages from a backup into a Maildir setup?
Timo Sirainen wrote: They get logged to syslog, which probably goes to mail.log or something like that. Got it, buried in among the postfix log information in our maillog. Jan 8 14:48:36 fvs-pri dovecot: IMAP(fr...@nybeta.com): open(/var/vmail/domain/username/.foldername/cur/1221150263.M565639P 20403.fvs-pri.example.com,W=7199:2,S) failed: Permission denied Jan 8 14:48:36 fvs-pri dovecot: IMAP(fr...@nybeta.com): stat(/var/vmail/domain/username/.foldername/cur/1221150263.M565639P 20403.fvs-pri.example.com,W=7199:2,S) failed: Permission denied Jan 8 14:48:36 fvs-pri dovecot: IMAP(usern...@example.com): Disconnected: Internal error occurred. Refer to server log for more information. [2009-01-08 14:48:36] bytes=845/3222
Re: [Dovecot] sieve - Sendmail process terminated abnormally, exit status 70
Christian Schmidt wrote: Steffen Kaiser, 13.08.2008 (d.m.y): On Tue, 12 Aug 2008, Thomas Harold wrote: Check out /usr/include/sysexits.h what exit code 70 means on your system - 70 is internal software error in Linux. Then check when /usr/lib/sendmail will exit with this code. Deliver will run /usr/lib/sendmail with the uid of the target mailbox, you said virtual user - so you've configured the id in dovecot.conf, I guess. I just had a similar problem caused by the fact that /usr/lib/sendmail was missing. As I'm using exim as MTA, I created /usr/lib/sendmail as a symlink pointing to the exim binary. That was an excellent tip. I started looking closely at /usr/lib/sendmail and following the link chain. Which led me back to /usr/sbin/sendmail.sendmail. Which is probably not the correct sendmail binary to be using when we're running postfix. Apparently, back when I setup this server many months ago, I never installed or ran: # yum install system-switch-mail # system-switch-mail Which switches the links around to point at sendmail.postfix. Once I fixed that, I had to adjust SELinux properties to create a custom profile to allow the sendmail binary to do its work. Thank you both for the pointers, everything is now working properly for vacation auto-responses. (Oddly enough, the broken setup worked with Dovecot 1.0 - and only reared its head after we upgraded to Dovecot 1.1.)
[Dovecot] sieve - Sendmail process terminated abnormally, exit status 70
How do we start troubleshooting this?
deliver([EMAIL PROTECTED]): Aug 12 18:27:19 Error: Sendmail process
terminated abnormally, exit status 70
deliver([EMAIL PROTECTED]): Aug 12 18:27:19 Info: sieve runtime error:
Vacation: Error sending mail
deliver([EMAIL PROTECTED]): Aug 12 18:27:19 Info:
msgid=[EMAIL PROTECTED]: saved mail to INBOX
deliver([EMAIL PROTECTED]): Aug 12 18:27:19 Error:
sieve_execute_bytecode(/var/vmail/example.com/user//Home/.dovecot.sievec)
failed
It seems to only choke on the vacation portion. It creates entries in
the .dovecot.lda-dupes file. But then dies while sending the reply
e-mail.
The contents of the user's .dovecot.sieve file is:
-
require [fileinto, include, vacation];
# Move spam to spam folder
if exists X-Spam-Flag {
fileinto spam;
# Stop here so that we do not reply on spams
stop;
}
include :personal sieve-vacation;
-
And the file looks like:
-
require [vacation];
vacation
# Reply at most once a day to a same sender
:days 1
:subject Out of office reply
# List of recipient addresses which are included in the auto replying.
# If a mail's recipient is not on this list, no vacation reply is
sent for it.
:addresses [EMAIL PROTECTED]
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah
blah blah blah,
[EMAIL PROTECTED];
-
If I comment out the include :personal sieve-vacation; line, then it
works, but obviously not the vacation portion. Deliver does at least
not die horribly.
I get the same error if I move the content of the vacation include file
into the main .dovecot.sieve file.
# ls -la /usr/local/libexec/dovecot/lda/
-rwsr-xr-x 1 root root 802824 Aug 12 18:12 deliver
# ls -la /usr/libexec/dovecot/
total 5728
drwxr-xr-x 2 root root 4096 Jul 31 04:04 .
drwxr-xr-x 11 root root 4096 Jul 25 04:39 ..
-rwxr-xr-x 1 root root 58416 Jul 24 06:32 checkpassword-reply
-rwxr-xr-x 1 root root 666128 Jul 24 06:32 convert-tool
-rwxr-xr-x 1 root root 802824 Jul 24 06:32 deliver
-rwxr-xr-x 1 root root 164176 Jul 24 06:32 dict
-rwxr-xr-x 1 root root 350384 Jul 24 06:32 dovecot-auth
-rwxr-xr-x 1 root root 674176 Jul 24 06:32 expire-tool
-rwxr-xr-x 1 root root 59200 Jul 24 06:32 gdbhelper
-rwxr-xr-x 1 root root 245872 Jul 24 06:32 idxview
-rwxr-xr-x 1 root root 854488 Jul 24 06:32 imap
-rwxr-xr-x 1 root root 157216 Jul 24 06:32 imap-login
-rwxr-xr-x 1 root root 61248 Jul 24 06:32 listview
-rwxr-xr-x 1 root root 61800 Jul 24 06:32 logview
-rwxr-xr-x 1 root root 74200 Jul 24 06:32 maildirlock
-rwxr-xr-x 1 root root931 Jul 24 06:27 mkcert.sh
-rwxr-xr-x 1 root root 787464 Jul 24 06:32 pop3
-rwxr-xr-x 1 root root 149152 Jul 24 06:32 pop3-login
-rwxr-xr-x 1 root root 83968 Jul 24 06:32 rawlog
-rwxr-xr-x 1 root root 165152 Jun 11 03:21 sievec
-rwxr-xr-x 1 root root 157216 Jun 11 03:21 sieved
-rwxr-xr-x 1 root root 62584 Jul 24 06:32 ssl-build-param
(output of yum list)
dovecot.x86_64 :1.1.2-2_77.el5 installed
dovecot-sieve.x86_64 1.1.5-8.el5 installed
I'm not finding any AVC errors in the SELinux audit.log file. And I'm
not sure what other switches I can turn on to get better error
information as to what sendmail/deliver are choking on in this virtual
(setuid) environment where we use Dovecot as the LDA.
Re: [Dovecot] lib90_cmusieve_plugin.so: undefined symbol: message_decoder_init
Uldis Pakuls wrote: Thomas Harold wrote: Uldis Pakuls wrote: # yum list | grep dovecot dovecot.x86_64 1:1.1.1-2_76.el5 installed dovecot-sieve.x86_64 1.1.5-8.el5 installed dovecot.x86_64 1:1.1.2-2_77.el5 atrpms dovecot-devel.x86_64 1:1.1.2-2_77.el5 atrpms Looks like you mixed up binaries from different versions of dovecot. I recommend completely remove dovecot, (manually rechecking after rpm remove). and reinstall. Uldis So what versions should we be using? We only had one version of dovecot and one version of dovecot-sieve. lib90_cmusieve_plugin.so: undefined symbol: message_decoder_init - means you have old version of sieve plugin. since 2007-07-20 (see chagelog) plugins use message_decoder_init. previous version used message_decoder_init_ucase. so plugin binaries you have is something form v1.1alpha1... (broken RPMS?) - it is not sieve v1.1.5... We've only been pulling dovecot and dovecot-sieve from atrpms (the first install of dovecot was only 2-3 months ago). I did a regular yum remove dovecot dovecot-sieve last night, followed by a yum install dovecot dovecot-sieve, but without any joy. I'll have to dig into it deeper this afternoon. # rpm -vV dovecot S.5T c /etc/dovecot.conf c /etc/logrotate.d/dovecot c /etc/pam.d/dovecot /etc/pki/dovecot /etc/pki/dovecot/certs c /etc/pki/dovecot/dovecot-openssl.cnf /etc/pki/dovecot/private c /etc/rc.d/init.d/dovecot /usr/lib64/dovecot /usr/lib64/dovecot/imap /usr/lib64/dovecot/imap/lib01_acl_plugin.so /usr/lib64/dovecot/imap/lib02_lazy_expunge_plugin.so /usr/lib64/dovecot/imap/lib10_quota_plugin.so /usr/lib64/dovecot/imap/lib11_imap_quota_plugin.so /usr/lib64/dovecot/imap/lib11_trash_plugin.so /usr/lib64/dovecot/imap/lib20_convert_plugin.so /usr/lib64/dovecot/imap/lib20_expire_plugin.so /usr/lib64/dovecot/imap/lib20_fts_plugin.so /usr/lib64/dovecot/imap/lib20_mail_log_plugin.so /usr/lib64/dovecot/imap/lib20_mbox_snarf_plugin.so /usr/lib64/dovecot/imap/lib20_zlib_plugin.so /usr/lib64/dovecot/imap/lib21_fts_squat_plugin.so /usr/lib64/dovecot/lda /usr/lib64/dovecot/lda/lib01_acl_plugin.so /usr/lib64/dovecot/lda/lib10_quota_plugin.so /usr/lib64/dovecot/lda/lib11_trash_plugin.so /usr/lib64/dovecot/lda/lib20_convert_plugin.so /usr/lib64/dovecot/lda/lib20_expire_plugin.so /usr/lib64/dovecot/lda/lib20_fts_plugin.so /usr/lib64/dovecot/lda/lib20_mail_log_plugin.so /usr/lib64/dovecot/lda/lib21_fts_squat_plugin.so /usr/lib64/dovecot/lib01_acl_plugin.so /usr/lib64/dovecot/lib02_lazy_expunge_plugin.so /usr/lib64/dovecot/lib10_quota_plugin.so /usr/lib64/dovecot/lib11_trash_plugin.so /usr/lib64/dovecot/lib20_convert_plugin.so /usr/lib64/dovecot/lib20_expire_plugin.so /usr/lib64/dovecot/lib20_fts_plugin.so /usr/lib64/dovecot/lib20_mail_log_plugin.so /usr/lib64/dovecot/lib20_mbox_snarf_plugin.so /usr/lib64/dovecot/lib20_zlib_plugin.so /usr/lib64/dovecot/lib21_fts_squat_plugin.so /usr/lib64/dovecot/pop3 /usr/lib64/dovecot/pop3/lib02_lazy_expunge_plugin.so /usr/lib64/dovecot/pop3/lib10_quota_plugin.so /usr/lib64/dovecot/pop3/lib20_convert_plugin.so /usr/lib64/dovecot/pop3/lib20_expire_plugin.so /usr/lib64/dovecot/pop3/lib20_fts_plugin.so /usr/lib64/dovecot/pop3/lib20_mail_log_plugin.so /usr/lib64/dovecot/pop3/lib20_mbox_snarf_plugin.so /usr/lib64/dovecot/pop3/lib20_zlib_plugin.so /usr/lib64/dovecot/pop3/lib21_fts_squat_plugin.so /usr/libexec/dovecot /usr/libexec/dovecot/checkpassword-reply /usr/libexec/dovecot/convert-tool /usr/libexec/dovecot/deliver /usr/libexec/dovecot/dict /usr/libexec/dovecot/dovecot-auth /usr/libexec/dovecot/expire-tool /usr/libexec/dovecot/gdbhelper /usr/libexec/dovecot/idxview /usr/libexec/dovecot/imap /usr/libexec/dovecot/imap-login /usr/libexec/dovecot/listview /usr/libexec/dovecot/logview /usr/libexec/dovecot/maildirlock /usr/libexec/dovecot/mkcert.sh /usr/libexec/dovecot/pop3 /usr/libexec/dovecot/pop3-login /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/ssl-build-param /usr/sbin/dovecot /usr/sbin/dovecotpw /usr/share/doc/dovecot-1.1.2 d /usr/share/doc/dovecot-1.1.2/COPYING d /usr/share/doc/dovecot-1.1.2/COPYING.LGPL
Re: [Dovecot] lib90_cmusieve_plugin.so: undefined symbol: message_decoder_init
Uldis Pakuls wrote: Thomas Harold wrote: # rpm -vV dovecot-sieve /usr/lib64/dovecot/lda/lib90_cmusieve_plugin.la /usr/lib64/dovecot/lda/lib90_cmusieve_plugin.so /usr/libexec/dovecot/sievec /usr/libexec/dovecot/sieved Check directory /usr/lib64/dovecot before yum install dovecot dovecot-sieve, if it exist - remove it. If problem is still here - it is broken rpm problem. Possibly fixed. The issue is that we're using multiple UIDs for virtual users per: http://wiki.dovecot.org/LDA We had made a copy of the deliver executable: /usr/libexec/dovecot/deliver to: /usr/local/libexec/dovecot/lda/deliver and set it as setuid. I had forgotten to upgrade this copy of the deliver executable to the latest version from dovecot. So when I upgrade dovecot in the future, I need to remember to: # cp --no-preserve=all /usr/libexec/dovecot/deliver /usr/local/libexec/dovecot/lda/
Re: [Dovecot] lib90_cmusieve_plugin.so: undefined symbol: message_decoder_init
Uldis Pakuls wrote: # yum list | grep dovecot dovecot.x86_64 1:1.1.1-2_76.el5 installed dovecot-sieve.x86_64 1.1.5-8.el5 installed dovecot.x86_64 1:1.1.2-2_77.el5 atrpms dovecot-devel.x86_64 1:1.1.2-2_77.el5 atrpms Looks like you mixed up binaries from different versions of dovecot. I recommend completely remove dovecot, (manually rechecking after rpm remove). and reinstall. Uldis So what versions should we be using? We only had one version of dovecot and one version of dovecot-sieve.
[Dovecot] lib90_cmusieve_plugin.so: undefined symbol: message_decoder_init
After upgrading our CentOS 5 box to the latest revisions last week (including Dovecot 1.1), we're seeing the following error message in the log files. Sieve was working fine with Dovecot 1.0. I have yet to turn up anything via Google for this particular error. SELinux is not logging any error messages at the moment, so I'm pretty sure that we've properly allowed all the SELinux permissions. # cat /var/vmail/dovecot-deliver.log deliver([EMAIL PROTECTED]): Jul 28 11:11:44 Error: dlopen(/usr/lib64/dovecot/lda/lib90_cmusieve_plugin.so) failed: /usr/lib64/dovecot/lda/lib90_cmusieve_plugin.so: undefined symbol: message_decoder_init deliver([EMAIL PROTECTED]): Jul 28 11:11:44 Fatal: Couldn't load required plugins # ls -l /usr/libexec/dovecot/sievec -rwxr-xr-x 1 root root 165152 Jun 11 03:21 /usr/libexec/dovecot/sievec # ls -l /usr/lib64/dovecot/lda/lib90_cmusieve_plugin.so -rwxr-xr-x 1 root root 141328 Jun 11 03:21 /usr/lib64/dovecot/lda/lib90_cmusieve_plugin.so # yum list | grep dovecot dovecot.x86_64 1:1.1.1-2_76.el5 installed dovecot-sieve.x86_64 1.1.5-8.el5 installed dovecot.x86_64 1:1.1.2-2_77.el5 atrpms dovecot-devel.x86_64 1:1.1.2-2_77.el5 atrpms
Re: [Dovecot] 1.1.1-1 gotcha with Fedora Rawhide package
Kenneth Porter wrote: I just installed the Rawhide package on my CentOS 5 system. The one item that bit me is that the config file defaults to using interface [::] so it only listens on IPv6. (This is from a patch in the package that changes the upstream default of *, so it only affects those using the Fedora package.) For those wanting to track the issue, here's the Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=453054 I rebuilt the package from the source RPM, to make sure it was tuned to the C5 distro. This issue just bit us when we upgraded from 1.0 to 1.1 (using the RPM from ATRPMS testing). Under 1.0, the default setting in dovecot.conf was to listen on both IPv4/IPv6? In 1.1, the default setting (at least with the ATRPMs?) is now to listen only on IPv6. We had never changed that line in the dovecot.conf file (it was still commented out) and were relying on the default behavior not changing. (Foolish of us, I know.) The symptoms were that there were no error messages in the log file, no issues with SELinux, and no port blocking by the linux firewall. Everything seemed to be configured correctly, except that Dovecot was no longer listening on the pop3/imap ports. It was very bizarre at the time. Our change, was naturally to explicitly tell Dovecot to listen to the IPv4 addresses: listen = * (I only discovered the issue by doing a diff of the old, working, 1.0 configuration file and the new 1.1 default configuration file. Fortunately for us, we keep a complete version history for all of our configuration files on the mail server.)
